# SQL Server Attacks (todo)

- [Initial Access](/building-a-windows-ad-lab/vulnerabilities-and-misconfigurations-and-attacks/active-directory-attacks/sql-server-attacks/initial-access.md)
- [SQL Server default login](/building-a-windows-ad-lab/vulnerabilities-and-misconfigurations-and-attacks/active-directory-attacks/sql-server-attacks/initial-access/sql-server-default-login.md)
- [Normal domain user access](/building-a-windows-ad-lab/vulnerabilities-and-misconfigurations-and-attacks/active-directory-attacks/sql-server-attacks/initial-access/normal-domain-user-access.md)
- [Privilege Escalation](/building-a-windows-ad-lab/vulnerabilities-and-misconfigurations-and-attacks/active-directory-attacks/sql-server-attacks/privilege-escalation.md)
- [Impersonation](/building-a-windows-ad-lab/vulnerabilities-and-misconfigurations-and-attacks/active-directory-attacks/sql-server-attacks/privilege-escalation/impersonation.md): SQL Server has a special permission, named impersonate, this enables one user to operate with the permissions of another user as well as their own permissions.
- [DB-Owner](/building-a-windows-ad-lab/vulnerabilities-and-misconfigurations-and-attacks/active-directory-attacks/sql-server-attacks/privilege-escalation/db-owner.md)
- [Enumerate Logins](/building-a-windows-ad-lab/vulnerabilities-and-misconfigurations-and-attacks/active-directory-attacks/sql-server-attacks/privilege-escalation/enumerate-logins.md)
- [Weak passwords](/building-a-windows-ad-lab/vulnerabilities-and-misconfigurations-and-attacks/active-directory-attacks/sql-server-attacks/privilege-escalation/enumerate-logins/weak-passwords.md)
- [Executing Commands](/building-a-windows-ad-lab/vulnerabilities-and-misconfigurations-and-attacks/active-directory-attacks/sql-server-attacks/executing-commands.md): xp\_cmdshell could be used to execute commands on the SQL Server.
- [Database-Links](/building-a-windows-ad-lab/vulnerabilities-and-misconfigurations-and-attacks/active-directory-attacks/sql-server-attacks/database-links.md): SQL Servers can be configured to link to other SQL Servers.
- [Capturing hashes & Relaying](/building-a-windows-ad-lab/vulnerabilities-and-misconfigurations-and-attacks/active-directory-attacks/sql-server-attacks/capturing-hashes-and-relaying.md): SQL servers by default run as a service with a local account, but might run under a domain user account. These are normally local admin on a server and might be on multiple SQL Servers.