AD-MSSQL-IMPERSONATEPrivilege Escalation

MSSQL EXECUTE AS

Abuse IMPERSONATE permissions to assume sysadmin or another login.

§ Where this technique fits

AD-MSSQL-IMPERSONATE is catalogued under the Privilege Escalation tactic of the offensive-security kill-chain. It appears in 1 approved dossier in the registry, typically at step 3 on average.

§ Dossiers chaining this technique

MSSQL linked-server crawl → cross-host RCE
Linked-server trust chains in MSSQL let a low-priv login execute as a higher-priv login on a remote SQL host — and pivot recursively across the estate.
step 3 / 6

§ What commonly comes next

01
MSSQL xp_cmdshell
AD-MSSQL-XPCMD · Execution
seen 1×

§ Where this technique fits

§ Dossiers chaining this technique

MSSQL linked-server crawl → cross-host RCE

§ What commonly comes next