PowerUpSQL
PowerUpSQL copied to clipboard
NetSPI
PowerUpSQL: A PowerShell Toolkit for Attacking SQL Server
Similar to the 3rd Party function Inveigh; request adding Internal Monologue https://github.com/eladshamir/Internal-Monologue in order to provide the ability to perform forced downgrade actions to collect the easier to crack NetNTLMv1...
Add the listening TCP port to the Get-SQLServerInfo function output. Option #1: https://docs.microsoft.com/en-us/sql/relational-databases/system-dynamic-management-views/sys-dm-exec-connections-transact-sql?view=sql-server-2017 select local_tcp_port from sys.dm_exec_connections where local_net_address is not null Option #2 xp_regread from the mssql service settings.
Function Name: "Invoke-SQLEscalatePriv" Function Description: Update the "Invoke-SQLEscalatePriv" function so that user's can quickly remove their sysadmin role membership after they complete post exploitation tasks. Requested by: @aconite33 Reference: https://github.com/NetSPI/PowerUpSQL/issues/16
Bug introduced with original iteration PR to handle multiple credentials: https://github.com/NetSPI/PowerUpSQL/pull/44 Same effect as https://github.com/NetSPI/PowerUpSQL/pull/82,this version just uses a subexpression to ensure an array of objects is created. When generating...
Hello! On a recent pentest I did an invoke-sqlaudit with a cred I found on a file share and that server had ~50 accounts on it, 30 of which had...
Hello, The function Invoke-SQLUploadFileOle does not have an option to use it on linked servers. I've modified the code slightly so that it can be used on linked servers. I'd...
Removes the `Select-Object` commands from the `Get-SQLInstanceDomain -CheckMgmt` results. These cause all other properties to be removed, losing valuable info such as `SPN` and `DomainAccount`. NOTE: I have not tested...
