Table Of Content

Hacking SQL Server on Scale with PowerShell ____________________________________________________ 2017 Speaker Information Name: Scott Sutherland Job: Network & Application Pentester @ NetSPI Twitter: @_nullbind Slides: http://slideshare.net/nullbind http://slideshare.net/netspi Blogs: https://blog.netspi.com/author/scott-sutherland/ Code: https://github.com/netspi/PowerUpSQL https://github.com/nullbind Presentation Overview ● PowerUpSQL Overview ● SQL Server Discovery ● Privilege Escalation Scenarios o Domain user to SQL Server login o SQL Server Login to Sysadmin o Sysadmin to Windows Admin o Windows Admin to Sysadmin o Domain Escalation ● Post Exploitation Activities ● General Recommendations Why SQL Server? ● Used in most enterprise environments ● Used by a lot of development teams ● Used by a lot of vendor solutions ● Supports Windows authentication both locally and on the domain ● Lots of integration with other Windows services and tools Why PowerShell? ● Native to Windows ● Run commands in memory ● Run managed .net code ● Run unmanaged code ● Avoid detection by Anti-virus ● Already flagged as "trusted" by most application whitelist solutions ● A medium used to write many open source Pentest toolkits PowerUpSQL https://github.com/netspi/PowerUpSQL PowerUpSQL Overview: Primary Goals ● Instance Discovery ● Auditing ● Exploitation ● Scalable ● Flexible ● Portable https://github.com/netspi/PowerUpSQL PowerUpSQL Overview: Functions Currently over 70 Functions https://github.com/NetSPI/PowerUpSQL/wiki Primary Attack Functions ● Invoke-SQLDumpInfo ● Invoke-SQLAudit ● Invoke-SQLEscalatePriv Popular Auxiliary Functions ● Get-SQLInstanceDomain ● Invoke-SQLOsCmd ● Invoke-SQLOsCLR ● Invoke-SQLImperstonateService ● Invoke-SQLAuditDefaultLoginPw ● Invoke-SQLAuditWeakLoginPw PowerUpSQL Overview: Where can I get it? Github https://github.com/netspi/PowerUpSQL PowerShell Gallery https://www.powershellgallery.com/packages/PowerUpSQL/ PowerUpSQL Overview: How do I install it? Github Import-Module PowerUpSQL.psd1 IEX(New-Object System.Net.WebClient).DownloadString("https://raw.githubusercontent.com/NetSPI/PowerUpSQL/master/P owerUpSQL.ps1") Execution policy work arounds https://blog.netspi.com/15-ways-to-bypass-the-powershell-execution-policy/ PowerShell Gallery Install-Module -Name PowerUpSQL

Description:

Lots of integration with other Windows Pentest toolkits .. https://blog.netspi.com/hacking-sql-server-stored-procedures-part-3-sqli-and-user- CmdExec. • PowerShell. • SSIS. • ActiveX: Jscript. • ActiveX: VBScript. No Invoke-SQLOSCMD can be used for basic command execution via xp_cmdshell

Hacking SQL Server on Scale with PowerShell PDF

110 Pages·2017·4.59 MB·English

by Antti Rantasaari

Checking for file health...

Download

Upgrade Premium

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Download Hacking SQL Server on Scale with PowerShell PDF Free - Full Version

by Antti Rantasaari| 2017| 110 pages| 4.59| English

Download Hacking SQL Server on Scale with PowerShell by Antti Rantasaari in PDF format completely FREE. No registration required, no payment needed. Get instant access to this valuable resource on PDFdrive.to!

Free Download PDF

About Hacking SQL Server on Scale with PowerShell

Lots of integration with other Windows Pentest toolkits .. https://blog.netspi.com/hacking-sql-server-stored-procedures-part-3-sqli-and-user- CmdExec. • PowerShell. • SSIS. • ActiveX: Jscript. • ActiveX: VBScript. No Invoke-SQLOSCMD can be used for basic command execution via xp_cmdshell

Detailed Information

Author:	Antti Rantasaari
Publication Year:	2017
Pages:	110
Language:	English
File Size:	4.59
Format:	PDF
Price:	FREE

Download Free PDF

Safe & Secure Download - No registration required

Why Choose PDFdrive for Your Free Hacking SQL Server on Scale with PowerShell Download?

100% Free: No hidden fees or subscriptions required for one book every day.
No Registration: Immediate access is available without creating accounts for one book every day.
Safe and Secure: Clean downloads without malware or viruses
Multiple Formats: PDF, MOBI, Mpub,... optimized for all devices
Educational Resource: Supporting knowledge sharing and learning

Frequently Asked Questions

Is it really free to download Hacking SQL Server on Scale with PowerShell PDF?

Yes, on https://PDFdrive.to you can download Hacking SQL Server on Scale with PowerShell by Antti Rantasaari completely free. We don't require any payment, subscription, or registration to access this PDF file. For 3 books every day.

How can I read Hacking SQL Server on Scale with PowerShell on my mobile device?

After downloading Hacking SQL Server on Scale with PowerShell PDF, you can open it with any PDF reader app on your phone or tablet. We recommend using Adobe Acrobat Reader, Apple Books, or Google Play Books for the best reading experience.

Is this the full version of Hacking SQL Server on Scale with PowerShell?

Yes, this is the complete PDF version of Hacking SQL Server on Scale with PowerShell by Antti Rantasaari. You will be able to read the entire content as in the printed version without missing any pages.

Is it legal to download Hacking SQL Server on Scale with PowerShell PDF for free?

https://PDFdrive.to provides links to free educational resources available online. We do not store any files on our servers. Please be aware of copyright laws in your country before downloading.

The materials shared are intended for research, educational, and personal use in accordance with fair use principles.