Pentesting Tools

Version 3.7 – Comprehensive Enhancements And New Features In SQL Server Chain Execution Tool

  • Complete refactor of code base.
  • Updated documentation (code comments, README, and wiki)
  • Execution against a linked SQL server chain. For example, if SQL01 has a link to SQL02, and SQL02, has a link to SQL03, and SQL03, has a link to PAYMENTS01. It is now possible to execute commands from SQL01 on PAYMENTS01 using the linked server chain (/link:SQL02,SQL03,PAYMENTS01 /chain). Credit to Azael Martin (n3rada).
  • Removed ‘l‘ and ‘i‘ modules, and introduced context logic so module names can be the same across standard, impersonation, linked and chained execution.
  • Added chain support to all linked modules.
  • Added support for debug (/debug), which will display various debugging information and all SQL queries that will be executed by a module, without executing them.
  • Added verbose (/verbose, /v), which will display all SQL queries that will be executed during module execution.
  • Added timeout (/timeout, /t), which takes an integer value for SQL server database connection timeout.
  • Improved links module to include detailed information. Credit to Azael Martin (n3rada).
  • Improved whoami module to include Windows principals and database users. Credit to Azael Martin (n3rada).
  • Improved impersonation module to include Windows principals and database users. Credit to Azael Martin (n3rada).
  • Added IP address retrieval into the sqlspns enumeration module. Credit to Azael Martin (n3rada).
  • Standardized console output to markdown where applicable. Credit to Azael Martin (n3rada).
  • Added DNS support to /enum:info module.
  • Added optional /subsystem argument to the olecmdexec module, which accepts execution using the CmdExec or PowerShell OLE automation subsystems.
  • Updated test harnesses to reflect CLI changes and new modules.
  • Changed AzureAD authentication to EntraID.

v3.6

  • Execution against multiple SQL servers supplied in the /host or /h flag is now supported using comma separated values.
  • Execution against multiple linked SQL servers supplied in the /link or /l flag is now supported using comma separated values.
  • Changed /lhost to /link.
  • Removed ‘s‘ modules and created the /s, /sccm switch for SCCM modules.
  • Added impersonation support to all SCCM modules, with the exception of DecryptCredentials.
  • Added a new enumeration (/enum) module called info which is able to used an unauthenticated context to obtain SQL server information, including instance name and TCP port using the UDP protocol.
  • Moved argument logic into individual methods within ModuleHandler.cs to promote simplification and extensibility.
  • Moved all SQL queries to Queries.cs.
  • Created EnumerationModules.cs.
  • Created FormatQuery.cs.
  • Created SccmModules.cs.
  • Renamed ModuleHandler.cs to SqlModules.cs.

v3.5

  • Bug fix where linked adsi execution was not removing the LDAP server.
  • Removed agent job execution from linked adsi, in favor of openquery/rpc.
  • Changed /lhost to /adsi in in adsi module.
  • Changed /rhost to /unc in smb module.
  • Removed CaptureHash.cs and simplified logic.
  • Removed SetEnumerationType.cs and simplified logic.
  • Renamed Impersonation.cs to Impersonate.cs.
  • Renamed OleCmdExec.cs to OleAutomation.cs.
  • Renamed PrintUtils.cs to Print.cs.
  • Renamed SQLServerInfo.cs to Info.cs.

v3.4

  • Added impersonation support for smb module.
  • Added impersonation support for info module.
  • Added linked support for info module.
Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Recent Posts

Understanding the Model Context Protocol (MCP) and How It Works

Introduction to the Model Context Protocol (MCP) The Model Context Protocol (MCP) is an open…

5 days ago

The file Command – Quickly Identify File Contents in Linux

While file extensions in Linux are optional and often misleading, the file command helps decode what a…

5 days ago

How to Use the touch Command in Linux

The touch command is one of the quickest ways to create new empty files or update timestamps…

5 days ago

How to Search Files and Folders in Linux Using the find Command

Handling large numbers of files is routine for Linux users, and that’s where the find command shines.…

5 days ago

How to Move and Rename Files in Linux with the mv Command

Managing files and directories is foundational for Linux workflows, and the mv (“move”) command makes it easy…

5 days ago

How to Create Directories in Linux with the mkdir Command

Creating directories is one of the earliest skills you'll use on a Linux system. The mkdir (make…

5 days ago