{"id":5744,"date":"2018-10-30T19:05:40","date_gmt":"2018-10-30T18:05:40","guid":{"rendered":"http:\/\/andreas-wolter.com\/?p=5744"},"modified":"2018-10-31T14:36:10","modified_gmt":"2018-10-31T13:36:10","slug":"1810_privilege-escalation-to-sysadmin-via-trustworthy-database","status":"publish","type":"post","link":"https:\/\/andreas-wolter.com\/en\/1810_privilege-escalation-to-sysadmin-via-trustworthy-database\/","title":{"rendered":"Privilege Escalation to sysadmin via Trustworthy Database setting"},"content":{"rendered":"\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-av_heading-b32fde0d7e93bd3d14dbd745c06d13f6\">\n#top .av-special-heading.av-av_heading-b32fde0d7e93bd3d14dbd745c06d13f6{\npadding-bottom:10px;\n}\nbody .av-special-heading.av-av_heading-b32fde0d7e93bd3d14dbd745c06d13f6 .av-special-heading-tag .heading-char{\nfont-size:25px;\n}\n.av-special-heading.av-av_heading-b32fde0d7e93bd3d14dbd745c06d13f6 .av-subheading{\nfont-size:15px;\n}\n<\/style>\n<div  class='av-special-heading av-av_heading-b32fde0d7e93bd3d14dbd745c06d13f6 av-special-heading-h3 blockquote modern-quote  avia-builder-el-0  el_before_av_textblock  avia-builder-el-first '><h3 class='av-special-heading-tag'  itemprop=\"headline\"  >Privilege Escalation to sysadmin via Trustworthy Database setting<\/h3><div class=\"special-heading-border\"><div class=\"special-heading-inner-border\"><\/div><\/div><\/div>\r\n\r\n<section  class='av_textblock_section av-av_textblock-2de302bf1aa3cf4c9157dbe6f50ac7eb '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><p>In this final Blog-Post before <a href=\"https:\/\/andreas-wolter.com\/en\/time-for-a-new-challenge-senior-program-manager-microsoft-sql-server-security-team\/\">joining the Microsoft SQL Server Security Team<\/a>\u00a0, I will tackle an old but important subject: <strong>the danger of the trustworthy database setting<\/strong>.<\/p>\n<p style=\"padding-left: 30px;\">&#8211; I have first presented this publicly <a href=\"https:\/\/andreas-wolter.com\/en\/security-session-sql-server-under-attack-this-november-sql-rally-amsterdam\/\">2013 at SQL PASS Rally Amsterdam<\/a>\u00a0 and since then at several other conferences, so it is nothing new in itself.<br \/>\nSince then I never really got to write about it. Seeing ever more databases with CLR or Service Broker enabled, I do believe this is an attack vector that one should really be aware of \u2013 both Administrators as well as Developers.<\/p>\n<p>In short: the trustworthy-database option is part of the enabler of a privilege-elevation path from an application user to sysadmin.<\/p>\n<p><strong>The setting<\/strong><\/p>\n<p>Basically, this form of privilege escalation (aka elevation) attack needs <strong>3 prerequisites<\/strong>:<\/p>\n<p style=\"padding-left: 30px;\">1) A <strong>database-owner<\/strong> with high level server-scope-permissions, like <strong>sysadmin \u2013 aka: target<\/strong><\/p>\n<p style=\"padding-left: 30px;\">2) Sufficient <strong>permissions<\/strong> for the attacker<\/p>\n<p style=\"padding-left: 30px;\">3) The <a href=\"https:\/\/docs.microsoft.com\/en-us\/sql\/relational-databases\/security\/trustworthy-database-property\" target=\"_blank\" rel=\"noopener\"><strong>Trustworthy<\/strong> Database Property<\/a> bit set to on<\/p>\n<p><strong>Prerequisite No 1 \u2013 highly privileged database owner:<\/strong><\/p>\n<p>Ask yourself: what account do you use as database owner?<\/p>\n<p>&#8211;\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 To get a complete list of all your databases with owners and other security-wise critical settings, you can use my script from Technet: <a href=\"https:\/\/gallery.technet.microsoft.com\/scriptcenter\/Database-Owners-role-3af181f5\/\" target=\"_blank\" rel=\"noopener\">https:\/\/gallery.technet.microsoft.com\/scriptcenter\/Database-Owners-role-3af181f5\/<\/a><\/p>\n<p>My guess: More than half of you are using \u201csa\u201d. (see: <a href=\"https:\/\/andreas-wolter.com\/en\/sql-server-database-ownership-survey-results-recommendations\/\">SQL Server Database Ownership: survey results &#038; recommendations<\/a>\u00a0). Most others will be using a Windows Account with sysadmin-membership.<\/p>\n<p>Here you can find the database-owner in SSMS:<\/p>\n<\/div><\/section>\r\n\r\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-av_image-0d3984c2e1ddd77f6f15ec6a9d719928\">\n.avia-image-container.av-av_image-0d3984c2e1ddd77f6f15ec6a9d719928 img.avia_image{\nbox-shadow:none;\n}\n.avia-image-container.av-av_image-0d3984c2e1ddd77f6f15ec6a9d719928 .av-image-caption-overlay-center{\ncolor:#ffffff;\n}\n<\/style>\n<div  class='avia-image-container av-av_image-0d3984c2e1ddd77f6f15ec6a9d719928 av-styling- avia-align-center  avia-builder-el-2  el_after_av_textblock  el_before_av_textblock '   itemprop=\"image\" itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/ImageObject\" ><div class=\"avia-image-container-inner\"><div class=\"avia-image-overlay-wrap\"><img decoding=\"async\" class='wp-image-5745 avia-img-lazy-loading-not-5745 avia_image ' src=\"https:\/\/andreas-wolter.com\/wp-content\/uploads\/2018\/10\/1810_Database_Owner_sa.jpg\" alt='' title='1810_Database_Owner_sa'  height=\"154\" width=\"691\"  itemprop=\"thumbnailUrl\" srcset=\"https:\/\/andreas-wolter.com\/wp-content\/uploads\/2018\/10\/1810_Database_Owner_sa.jpg 691w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2018\/10\/1810_Database_Owner_sa-600x134.jpg 600w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2018\/10\/1810_Database_Owner_sa-300x67.jpg 300w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2018\/10\/1810_Database_Owner_sa-450x100.jpg 450w\" sizes=\"(max-width: 691px) 100vw, 691px\" \/><\/div><\/div><\/div>\r\n\r\n<section  class='av_textblock_section av-av_textblock-2de302bf1aa3cf4c9157dbe6f50ac7eb '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><p>I have always advocated against using sa as a database owner, and here is now another piece, why.<\/p>\n<p><strong>Prerequisite No 2 \u2013 permissions to impersonate:<\/strong><\/p>\n<p>This one may seem a bit more complex at first. But in the end this one is very simple as well:<\/p>\n<p>We need to run this under an account that has just sufficient permissions to impersonate the database owner.<\/p>\n<p><strong>Question 1: Who can impersonate dbo?<\/strong><\/p>\n<p style=\"padding-left: 30px;\">Answer: Anyone with IMPERSONATE-permission on dbo. You will probably not see this explicit permission being used often.<br \/>\nBUT: The built-in role \u201c<strong>db_owner<\/strong>\u201d has this permission (!).<\/p>\n<p><strong>Question 2: What Database roles are your Database applications member of?<\/strong><\/p>\n<p style=\"padding-left: 30px;\">Based on what I have seen in practice, most often Applications use either of the following:<\/p>\n<p style=\"padding-left: 30px;\">1) Membership in db_datareader and db_datawriter-Roles + a form of a \u201cdb_executor\u201d role.<\/p>\n<p style=\"padding-left: 30px;\">2) some custom roles<\/p>\n<p style=\"padding-left: 30px;\">3) <strong>db_owner <\/strong>\u2013 sadly and mostly because it is considered too time-taking to think about custom permission sets and schema-constraints.<\/p>\n<p><strong>Prerequisite No 3 \u2013 database trustworthy:<\/strong><\/p>\n<p>Now the final piece: The last mechanism that prevents us to get access outside of the database is that database code needs to explicitly be trusted to run outside the database level. The \u201cclean\u201d way to do this is to use certificate-signed modules.<\/p>\n<p>But there is another method, and that is the <strong>Trustworthy<\/strong>-bit. Essentially it means that any code originating from within this database is trusted and can be executed. Then it is just a matter of permissions (which is why sa is so handy for an attacker).<br \/>\nLet\u2019s demo this:<\/p>\n<\/div><\/section>\r\n\r\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-av_image-546706483ca6188c7e988b4845037e23\">\n.avia-image-container.av-av_image-546706483ca6188c7e988b4845037e23 img.avia_image{\nbox-shadow:none;\n}\n.avia-image-container.av-av_image-546706483ca6188c7e988b4845037e23 .av-image-caption-overlay-center{\ncolor:#ffffff;\n}\n<\/style>\n<div  class='avia-image-container av-av_image-546706483ca6188c7e988b4845037e23 av-styling- avia-align-center  avia-builder-el-4  el_after_av_textblock  el_before_av_textblock '   itemprop=\"image\" itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/ImageObject\" ><div class=\"avia-image-container-inner\"><div class=\"avia-image-overlay-wrap\"><img decoding=\"async\" class='wp-image-5747 avia-img-lazy-loading-not-5747 avia_image ' src=\"https:\/\/andreas-wolter.com\/wp-content\/uploads\/2018\/10\/1810_Trustworthy_ALTER_DATABASE.jpg\" alt='Trustworthy_ALTER_DATABASE' title='1810_Trustworthy_ALTER_DATABASE'  height=\"270\" width=\"450\"  itemprop=\"thumbnailUrl\" srcset=\"https:\/\/andreas-wolter.com\/wp-content\/uploads\/2018\/10\/1810_Trustworthy_ALTER_DATABASE.jpg 450w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2018\/10\/1810_Trustworthy_ALTER_DATABASE-300x180.jpg 300w\" sizes=\"(max-width: 450px) 100vw, 450px\" \/><\/div><\/div><\/div>\r\n\r\n<section  class='av_textblock_section av-av_textblock-2de302bf1aa3cf4c9157dbe6f50ac7eb '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><p><span lang=\"EN-US\">This property is also visible within SSMS:<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-5749 size-full\" src=\"http:\/\/andreas-wolter.com\/wp-content\/uploads\/2018\/10\/1810_Trustworthy_DB_Option.jpg\" alt=\"Trustworthy_DB_Option\" width=\"500\" height=\"480\" srcset=\"https:\/\/andreas-wolter.com\/wp-content\/uploads\/2018\/10\/1810_Trustworthy_DB_Option.jpg 500w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2018\/10\/1810_Trustworthy_DB_Option-300x288.jpg 300w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2018\/10\/1810_Trustworthy_DB_Option-36x36.jpg 36w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2018\/10\/1810_Trustworthy_DB_Option-450x432.jpg 450w\" sizes=\"auto, (max-width: 500px) 100vw, 500px\" \/><\/p>\n<\/div><\/section>\r\n\r\n<section  class='av_textblock_section av-av_textblock-2de302bf1aa3cf4c9157dbe6f50ac7eb '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><p><span lang=\"EN-US\">Using my script from above you will see the problematic setting all at once:<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-5751\" src=\"http:\/\/andreas-wolter.com\/wp-content\/uploads\/2018\/10\/1810_Database_Properties_Owner.jpg\" alt=\"Database_Properties_Owner\" width=\"900\" height=\"35\" srcset=\"https:\/\/andreas-wolter.com\/wp-content\/uploads\/2018\/10\/1810_Database_Properties_Owner.jpg 900w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2018\/10\/1810_Database_Properties_Owner-600x23.jpg 600w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2018\/10\/1810_Database_Properties_Owner-300x12.jpg 300w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2018\/10\/1810_Database_Properties_Owner-768x30.jpg 768w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2018\/10\/1810_Database_Properties_Owner-705x27.jpg 705w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2018\/10\/1810_Database_Properties_Owner-450x18.jpg 450w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/p>\n<p>And if we are running code as sysadmin, we have ALL the permissions, don\u2019t we?<\/p>\n<p>All it takes, is to be able to execute code as the database owner, who in turn is sysadmin. For that we have the \u201cEXECUTE AS\u201d command.<\/p>\n<p>So, putting all the pieces together, this is ho we are going to\u2026<\/p>\n<p><strong>Attack<\/strong><\/p>\n<p>Let\u2019s take <strong><em>SQL-Injection<\/em><\/strong>, an age-old attack method, that until now has not gone away (If I am grated a wish: \u201cPlease educate your new Developers\u201d.) Imagine the attacker is able to inject SQL Code with his own commands. Like the following:<\/p>\n<p><span style=\"color: #ff0000;\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ?&#8217; UNION SELECT IS_SRVROLEMEMBER (&#8216;sysadmin&#8217;) , IS_MEMBER (&#8216;db_owner&#8217;) , USER_NAME() &#8212; checking the account this command is running under<\/span><\/p>\n<p>If the current Application user, in my case a SQL Account \u201cWebAppOwner\u201d is granted the \u201cdb_owner\u201d role, can then run the following command via SQL-Injection:<\/p>\n<\/div><\/section>\r\n\r\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-av_image-73f5a61409ed2cc114e390668680927e\">\n.avia-image-container.av-av_image-73f5a61409ed2cc114e390668680927e img.avia_image{\nbox-shadow:none;\n}\n.avia-image-container.av-av_image-73f5a61409ed2cc114e390668680927e .av-image-caption-overlay-center{\ncolor:#ffffff;\n}\n<\/style>\n<div  class='avia-image-container av-av_image-73f5a61409ed2cc114e390668680927e av-styling- avia-align-center  avia-builder-el-7  el_after_av_textblock  el_before_av_textblock '   itemprop=\"image\" itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/ImageObject\" ><div class=\"avia-image-container-inner\"><div class=\"avia-image-overlay-wrap\"><img decoding=\"async\" class='wp-image-5753 avia-img-lazy-loading-not-5753 avia_image ' src=\"https:\/\/andreas-wolter.com\/wp-content\/uploads\/2018\/10\/1810_privilege_elevation_SQL.jpg\" alt='privilege_elevation_SQL' title='1810_privilege_elevation_SQL'  height=\"96\" width=\"615\"  itemprop=\"thumbnailUrl\" srcset=\"https:\/\/andreas-wolter.com\/wp-content\/uploads\/2018\/10\/1810_privilege_elevation_SQL.jpg 615w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2018\/10\/1810_privilege_elevation_SQL-600x94.jpg 600w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2018\/10\/1810_privilege_elevation_SQL-300x47.jpg 300w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2018\/10\/1810_privilege_elevation_SQL-450x70.jpg 450w\" sizes=\"(max-width: 615px) 100vw, 615px\" \/><\/div><\/div><\/div>\r\n\r\n<section  class='av_textblock_section av-av_textblock-2de302bf1aa3cf4c9157dbe6f50ac7eb '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><p>And DONE!<\/p>\n<p>He has just made himself sysadmin.<\/p>\n<p>Alternatively, he could create a different Login for his own needs and try to hide it by manipulating system code (that\u2019s another story, but I will most likely never get to blog this ;-)).<\/p>\n<p>From here on he can do whatever he feels like. A skilled individual can then even install Windows Services on the machine (In my demo-sessions I added an FTP-server-role to the system, just to give you some idea.). Your imagination is the limit. <span style=\"color: #ff0000;\"><strong>Even elevation up to Windows Domain Administrator is very well possible once you own SQL Server. <\/strong><\/span>\u00a0This I will not describe further though.<\/p>\n<p>I hope I have convinced you:<\/p>\n<p>PLEASE DO NOT USE \u201cTRUSTWORTHY\u201d as a shortcut to enable certain code. Use properly signed code. Use Certificates.<\/p>\n<p>By the way:<\/p>\n<p>now you know the reason why this setting is NOT passed on during a database Restore or Attach: <strong>It is simply too dangerous<\/strong> and has to be explicitly set by a sysadmin <u>after bringing the database online<\/u> (you need to take this into account when you are using Availability Groups also!).<\/p>\n<p>Hopefully I have reached some of you who were unsure yet if trustworthy matters and convinced you to avoid it. Even if you may not have the combination of all those 3 prerequisites active right now: <strong>Systems are prone to change and you may lose track and miss the moment when it all comes together. Don\u2019t be sorry, be pre-emptive.<\/strong><\/p>\n<p><strong>\u00a0<\/strong><\/p>\n<p>happy database-securing<\/p>\n<p>Andreas<\/p>\n<\/div><\/section>\r\n\r\n<div  class='hr av-av_hr-0ff602b3e980a3377077ff3c1c834df6 hr-default  avia-builder-el-9  el_after_av_textblock  el_before_av_one_full '><span class='hr-inner '><span class=\"hr-inner-style\"><\/span><\/span><\/div>\r\n\r\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-av_one_full-97c650ae075063b375f558a776c570f8\">\n#top .flex_column.av-av_one_full-97c650ae075063b375f558a776c570f8{\nmargin-top:40px;\nmargin-bottom:40px;\n}\n.flex_column.av-av_one_full-97c650ae075063b375f558a776c570f8{\nborder-radius:0px 0px 0px 0px;\npadding:0px 0px 0px 0px;\n}\n.responsive #top #wrap_all .flex_column.av-av_one_full-97c650ae075063b375f558a776c570f8{\nmargin-top:40px;\nmargin-bottom:40px;\n}\n<\/style>\n<div  class='flex_column av-av_one_full-97c650ae075063b375f558a776c570f8 av_one_full  avia-builder-el-10  el_after_av_hr  el_before_av_social_share  first flex_column_div av-zero-column-padding  '     ><section  class='av_textblock_section av-av_textblock-2de302bf1aa3cf4c9157dbe6f50ac7eb '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><div><\/div>\n<div><\/div>\n<\/div><\/section><\/div>\r\n\r\n<div  class='av-social-sharing-box av-av_social_share-00566587b7355f5f3aec989679437938 av-social-sharing-box-default  avia-builder-el-12  el_after_av_one_full  el_before_av_hr  av-social-sharing-box-fullwidth'><div class=\"av-share-box\"><h5 class='av-share-link-description av-no-toc '>Eintrag teilen<\/h5><ul class=\"av-share-box-list noLightbox\"><li class='av-share-link av-social-link-facebook' ><a target=\"_blank\" aria-label=\"Share on Facebook\" href=\"https:\/\/www.facebook.com\/sharer.php?u=https:\/\/andreas-wolter.com\/en\/1810_privilege-escalation-to-sysadmin-via-trustworthy-database\/&#038;t=Privilege%20Escalation%20to%20sysadmin%20via%20Trustworthy%20Database%20setting\" aria-hidden=\"false\" data-av_icon=\"\ue8f3\" data-av_iconfont=\"entypo-fontello\" title=\"\" data-avia-related-tooltip=\"Share on Facebook\" rel=\"noopener\"><span class='avia_hidden_link_text'>Share on Facebook<\/span><\/a><\/li><li class='av-share-link av-social-link-twitter' ><a target=\"_blank\" aria-label=\"Share on Twitter\" href=\"https:\/\/twitter.com\/share?text=Privilege%20Escalation%20to%20sysadmin%20via%20Trustworthy%20Database%20setting&#038;url=https:\/\/andreas-wolter.com\/en\/?p=5744\" aria-hidden=\"false\" data-av_icon=\"\ue8f1\" data-av_iconfont=\"entypo-fontello\" title=\"\" data-avia-related-tooltip=\"Share on Twitter\" rel=\"noopener\"><span class='avia_hidden_link_text'>Share on Twitter<\/span><\/a><\/li><li class='av-share-link av-social-link-linkedin' ><a target=\"_blank\" aria-label=\"Share on LinkedIn\" href=\"https:\/\/linkedin.com\/shareArticle?mini=true&#038;title=Privilege%20Escalation%20to%20sysadmin%20via%20Trustworthy%20Database%20setting&#038;url=https:\/\/andreas-wolter.com\/en\/1810_privilege-escalation-to-sysadmin-via-trustworthy-database\/\" aria-hidden=\"false\" data-av_icon=\"\ue8fc\" data-av_iconfont=\"entypo-fontello\" title=\"\" data-avia-related-tooltip=\"Share on LinkedIn\" rel=\"noopener\"><span class='avia_hidden_link_text'>Share on LinkedIn<\/span><\/a><\/li><\/ul><\/div><\/div>\r\n\r\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-av_hr-4474f20d2389e2e5ecf918a02da5132e\">\n#top .hr.hr-invisible.av-av_hr-4474f20d2389e2e5ecf918a02da5132e{\nheight:50px;\n}\n<\/style>\n<div  class='hr av-av_hr-4474f20d2389e2e5ecf918a02da5132e hr-invisible  avia-builder-el-13  el_after_av_social_share  el_before_av_comments_list '><span class='hr-inner '><span class=\"hr-inner-style\"><\/span><\/span><\/div>\r\n\r\n<div  class='av-buildercomment av-av_comments_list-88ce68e426f11248fa394058a3de040f  av-blog-meta-author-disabled av-blog-meta-html-info-disabled'><\/div>","protected":false},"excerpt":{"rendered":"","protected":false},"author":4,"featured_media":5753,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[57],"tags":[220,260,205,228,256,233,258,328],"class_list":["post-5744","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security-en","tag-database-owner-en","tag-hacking-en","tag-least-privilege","tag-privilege-escalation-en","tag-sa-en","tag-sql-injection-en","tag-sysadmin-en","tag-trustworthy"],"_links":{"self":[{"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/posts\/5744","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/comments?post=5744"}],"version-history":[{"count":4,"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/posts\/5744\/revisions"}],"predecessor-version":[{"id":6269,"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/posts\/5744\/revisions\/6269"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/media\/5753"}],"wp:attachment":[{"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/media?parent=5744"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/categories?post=5744"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/tags?post=5744"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}