In this blog I’ll show how to use PowerUpSQL to establish persistence (backdoor) via the Windows registry through SQL Server. I’ll also provide a brief overview of the xp_regwrite stored procedure. This should be interesting to pentesters and red teamers interested in some alternative ways to access the OS through SQL Server. An overview of […]
In this blog I’ll show how to use PowerUpSQL to dump Windows auto login passwords through SQL Server via xp_regread.
We’ll cover how to use PowerUpSQL to quickly identify SQL logins configured with weak passwords on domain SQL Servers using a standard domain account.
In this blog I’ll show how PowerUpSQL can be used to rapidly target and sample sensitive data stored in SQL Server databases associated with Active Directory domains.
In this blog I’ll show how PowerUpSQL can be used to blindly discover SQL Server instances on a system, network, or domain.
The PowerUpSQL module supports SQL Server instance discovery, auditing for common weak configurations, and privilege escalation on scale.
In this blog, I’ll show how three types of SQL Server triggers can be abused to maintain access to Windows environments.
In this blog I show how to use SQL Server startup stored procedures to maintain access to Windows environments and share a PowerShell script to automate the attack…
I have become a big fan of PowerShell Remoting. I find my self using it for both penetration testing and standard management tasks. In this blog I’ll share a basic PowerShell Remoting cheatsheet so you can too.