System

These procedures access the Windows operating system directly to return information or to manage files and processes.

• xp_availablemedia: Shows the physical drives on the server.
• xp_cmdshell: Allows execution of operating system commands in the security context of the SQL Server service. The most powerful and widely abused stored procedure.
• xp_displayparamstmt: Older versions are vulnerable to buffer overflow attacks. Undocumented, it can be used to execute SQL queries but its original purpose is unclear.
• xp_dropwebtask: Deletes a defined web job (instruction to render the result of a query into an HTML file).
• xp_enumerrorlogs: Displays the error logs used by SQL Server.
• xp_enumgroups: Lists the Windows user groups defined on the server.
• xp_eventlog: Used to read the Windows event logs.
• xp_execresultset: An undocumented procedure used to execute a number of commands passed as a resultset. Can be abused to quickly perform brute-force attacks against passwords if the password dictionary is available as a resultset.
• xp_fileexist: Tests if a specified file exists on the server's filesystem.
• xp_fixeddrives: Returns information about the server's drives and free space.
• xp_getfiledetails: Returns information about a particular file on the server, such as its size/creation date/last modified.
• xp_getnetname: Shows the server's network name. This could allow an attacker to guess the names of other machines on the network.
• xp_grantlogin: Used to grant a Windows user or group access to the SQL Server.
• xp_logevent: Writes a custom event to the SQL Server and Windows error log. Could be abused to corrupt the server's audit trail.
• xp_loginconfig: Divulges information about the authentication method used by the server and the current auditing settings.
• xp_logininfo: Shows the SQL Server's users and groups.
• xp_makewebtask: Creates a webtask, which is used to output table data to an HTML file. Could be used to retrieve data using the Web.
• xp_msver: Provides more information about the SQL Server than @@version. This includes the Windows patch and service pack level.
• xp_ntsec_enumdomains: Lists the Windows domains accessed by the server.
• xp_perfsample: Used with the SQL Server performance monitor.
• xp_perfstart: Used with the SQL Server performance monitor.
• xp_printstatements: An undocumented procedure that returns the result of a query.
• xp_readerrorlog: Used to view the SQL Server error log. Can also be used to view any file on the local filesystem accessible to the SQL Server process.
• xp_revokelogin: Revokes access to the SQL Server from a Windows user or group.
• xp_runwebtask: Executes a defined webtask, which outputs SQL Server table data to an HTML file.
• xp_servicecontrol: Used to start, stop, pause, and un-pause Windows services.
• sp_MSSetServerProperties: Sets whether the SQL Server starts automatically or manually on reboot. Could be used to DoS the server, or stop the server starting so that an attacker can access a shell on the SQL Server port.
• xp_snmp_getstate: Returns the current state of the SQL Server using SNMP (Simple Network Management Protocol). Removed after SQL Server 6.5.
• xp_snmp_raisetrap: Sends an SNMP trap (alert) to an SNMP client. Removed after SQL Server 6.5.
• xp_sprintf: Similar to the C sprintf function, used to create an output string from multiple inputs. Could be used to create executable commands.
• xp_sqlinventory: Prior to SQL Server 2000, returns information about the server's installation and configuration settings.
• xp_sqlregister: Prior to SQL Server 2000, broadcasts server configuration details used by xp_sqlinventory.
• xp_sqltrace: Prior to SQL Server 2000, returns information on the audit traces set, and their activity.
• xp_sscanf: Similar to the C function sscanf, used to extract variables from a text string in a certain format. Could help an attacker create executable commands.
• xp_subdirs: Displays all of a directory's subdirectories.
• xp_terminate_process: Used to kill a Windows process with a specific ID. An attacker could use this to disable anti-virus or firewall software on the host.
• xp_unc_to_drive: Converts a UNC (Universal Naming Convention) address to a corresponding local drive.