The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides detailed shell and SQL command templates for executing arbitrary operations on target database systems. Evidence includes the use of xp_cmdshell in MSSQL, COPY FROM PROGRAM in PostgreSQL, and UDF exploitation in MySQL to run system-level commands.
[REMOTE_CODE_EXECUTION]: Multiple methodologies for achieving remote code execution are documented. This includes Redis master-slave replication attacks to load malicious modules (exp.so), Lua sandbox escapes (CVE-2022-0543), and the use of CLR assemblies in MSSQL to execute code directly in memory.
[DATA_EXFILTRATION]: The skill contains explicit instructions for reading sensitive system files such as /etc/passwd and C:\flag.txt. It also details techniques for stealing NTLM hashes by forcing database services to initiate SMB connections to attacker-controlled infrastructure using xp_dirtree or COPY FROM targets.
[EXTERNAL_DOWNLOADS]: Instructions are provided for downloading and executing remote payloads. Specifically, it suggests using certutil on Windows and PowerShell's IEX to fetch scripts and executables from remote attacker-controlled URLs.
[CREDENTIALS_UNSAFE]: The methodology includes steps for bypassing authentication through unauthenticated 'trust' configurations and performing credential brute-forcing using tools like netexec and hydra against default database accounts (e.g., sa, postgres, root).

database-exploit