I think that your article requires more clarification on xp_cmd_shell. It’s true that to use it you must have execute permissions on it . But realistically speaking , the way you validate that is checking who’s sysadmin or if you have sysadmin role . Sysadmin is the highest role on MSSQL. So if you’re part of that role , you can use and abuse xp_cmdshell.