Categories: Kali Linux

PowerUpSQL Tool kit to Audit SQL Server for Weak Configuration Auditing, Privilege Escalation on Scale, and Post Exploitation Attacks

PowerUpSQL includes functions that support SQL Server discovery, weak configuration auditing, privilege escalation on the scale, and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements.

However, PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.

Also Read Burpsuite – A Beginner’s Guide For Web Application Security or Penetration Testing

Setting Up PowerUpSQL

  • Install it from the PowerShell Gallery. This requires local administrative privileges and will permanently install the module.

Install-Module -Name PowerUpSQL

  • Download the project and import it. This does not require administrative privileges and will only be imported into the current session. However, it may be blocked by restrictive execution policies.

Import-Module PowerUpSQL.psd1

  • Load it into a session via a downloading cradle. This does not require administrative privileges and will only be imported into the current session. It should not be blocked by executions policies.

IEX(New-Object System.Net.WebClient).DownloadString("https://raw.githubusercontent.com/NetSPI/PowerUpSQL/master/PowerUpSQL.ps1")

Note: To run as an alternative domain user, use the runas command to launch PowerShell first.

runas /noprofile /netonly /user:domain\user PowerShell.exe

Getting Command Help

  • To list functions from the module, type: Get-Command -Module PowerUpSQL
  • To list help for a function, type: Get-Help FunctionName

R K

Recent Posts

Pystinger : Bypass Firewall For Traffic Forwarding Using Webshell

Pystinger is a Python-based tool that enables SOCKS4 proxying and port mapping through webshells. It…

1 week ago

CVE-Search : A Tool To Perform Local Searches For Known Vulnerabilities

Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…

1 week ago

CVE-Search : A Tool To Perform Local Searches For Known Vulnerabilities

Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…

1 week ago

How to Bash Append to File: A Simple Guide for Beginners

If you are working with Linux or writing bash scripts, one of the most common…

1 week ago

Mastering the Bash Case Statement with Simple Examples

What is a bash case statement? A bash case statement is a way to control…

1 week ago

How to Check if a File Exists in Bash – Simply Explained

Why Do We Check Files in Bash? When writing a Bash script, you often work…

1 week ago