Search results for: PowerUpSQL

Thomas Elling
May 31st, 2018

Dumping Active Directory Domain Info – with PowerUpSQL!

This blog walks through some new Active Directory recon functions in PowerUpSQL. The PowerUpSQL functions use the OLE DB ADSI provider to query Active Directory for domain users, computers, and other configuration information through SQL Server queries.

Scott Sutherland
May 23rd, 2017

How to get SQL Server Sysadmin Privileges as a Local Admin with PowerUpSQL

In this blog I outline common techniques that can be used to leverage the SQL Server service account to escalate privileges from a local administrator to a SQL Server sysadmin (DBA).

Antti Rantasaari
March 14th, 2017

SQL Server Link Crawling with PowerUpSQL

Quite a while ago I wrote a blog regarding SQL Server linked servers and a few Metasploit modules to exploit misconfigured links. Using the same techniques, I wrote a few functions for Scott Sutherland’s excellent PowerUpSQL toolkit to allow linked server enumeration after initial access to a SQL Server has been obtained.

Scott Sutherland
August 5th, 2016

Establishing Registry Persistence via SQL Server with PowerUpSQL

In this blog I’ll show how to use PowerUpSQL to establish persistence (backdoor) via the Windows registry through SQL Server. I’ll also provide a brief overview of the xp_regwrite stored procedure. This should be interesting to pentesters and red teamers interested in some alternative ways to access the OS through SQL Server. An overview of […]

Scott Sutherland
August 4th, 2016

Get Windows Auto Login Passwords via SQL Server with PowerUpSQL

In this blog I’ll show how to use PowerUpSQL to dump Windows auto login passwords through SQL Server via xp_regread.

Scott Sutherland
August 2nd, 2016

Finding Weak Passwords for Domain SQL Servers on Scale using PowerUpSQL

We’ll cover how to use PowerUpSQL to quickly identify SQL logins configured with weak passwords on domain SQL Servers using a standard domain account.

Scott Sutherland
August 2nd, 2016

Finding Sensitive Data on Domain SQL Servers using PowerUpSQL

In this blog I’ll show how PowerUpSQL can be used to rapidly target and sample sensitive data stored in SQL Server databases associated with Active Directory domains.

Scott Sutherland
August 1st, 2016

Blindly Discover SQL Server Instances with PowerUpSQL

In this blog I’ll show how PowerUpSQL can be used to blindly discover SQL Server instances on a system, network, or domain.

Scott Sutherland
July 15th, 2016

PowerUpSQL: A PowerShell Toolkit for Attacking SQL Server

The PowerUpSQL module supports SQL Server instance discovery, auditing for common weak configurations, and privilege escalation on scale.