PowerUpSQL

1.103.8

PowerUpSQL is an offensive toolkit designed for attacking SQL Server.  The PowerUpSQL module includes functions that support SQL Server discovery, auditing for common weak configurations, and privilege escalation on scale.  It is intended to be used during penetration tests and red team engagements. However, PowerUpSQL also includes many functions that could be used b
PowerUpSQL is an offensive toolkit designed for attacking SQL Server.  The PowerUpSQL module includes functions that support SQL Server discovery, auditing for common weak configurations, and privilege escalation on scale.  It is intended to be used during penetration tests and red team engagements. However, PowerUpSQL also includes many functions that could be used by administrators to inventory the SQL Servers on their ADS domain very quickly.  More information can be found at https://github.com/NetSPI/PowerUpSQL.

Minimum PowerShell version

2.0

Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Module -Name PowerUpSQL

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deloy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Author(s)

Scott Sutherland

Copyright

BSD 3-Clause

Owners

Functions

Create-SQLFileXpDll Create-SQLFileCLRDll Get-SQLAgentJob Get-SQLAssemblyFile Get-SQLAuditDatabaseSpec Get-SQLAuditServerSpec Get-SQLColumn Get-SQLColumnSampleData Get-SQLColumnSampleDataThreaded Get-SQLConnectionTest Get-SQLConnectionTestThreaded Get-SQLDatabase Get-SQLDatabasePriv Get-SQLDatabaseRole Get-SQLDatabaseRoleMember Get-SQLDatabaseSchema Get-SQLDatabaseThreaded Get-SQLDatabaseUser Get-SQLDomainObject Get-SQLDomainComputer Get-SQLDomainUser Get-SQLDomainSubnet Get-SQLDomainSite Get-SQLDomainGroup Get-SQLDomainOu Get-SQLDomainAccountPolicy Get-SQLDomainTrust Get-SQLDomainPasswordsLAPS Get-SQLDomainController Get-SQLDomainExploitableSystem Get-SQLDomainGroupMember Get-SQLFuzzDatabaseName Get-SQLFuzzDomainAccount Get-SQLFuzzObjectName Get-SQLFuzzServerLogin Get-SQLInstanceBroadcast Get-SQLInstanceDomain Get-SQLInstanceFile Get-SQLInstanceLocal Get-SQLInstanceScanUDP Get-SQLInstanceScanUDPThreaded Get-SQLLocalAdminCheck Get-SQLOleDbProvder Get-SQLQuery Get-SQLQueryThreaded Get-SQLRecoverPwAutoLogon Get-SQLServerConfiguration Get-SQLServerCredential Get-SQLServerInfo Get-SQLServerInfoThreaded Get-SQLServerLink Get-SQLServerLinkCrawl Get-SQLServerLinkData Get-SQLServerLinkQuery Get-SQLServerLogin Get-SQLServerLoginDefaultPw Get-SQLServerPasswordHash Get-SQLServerPolicy Get-SQLServerPriv Get-SQLServerRole Get-SQLServerRoleMember Get-SQLServiceAccount Get-SQLServiceLocal Get-SQLSession Get-SQLStoredProcedure Get-SQLStoredProcedureCLR Get-SQLStoredProcedureSQLi Get-SQLStoredProcedureAutoExec Get-SQLStoredProcedureXp Get-SQLSysadminCheck Get-SQLTable Get-SQLTriggerDdl Get-SQLTriggerDml Get-SQLView Invoke-SQLAudit Invoke-SQLAuditPrivCreateProcedure Invoke-SQLAuditPrivDbChaining Invoke-SQLAuditPrivImpersonateLogin Invoke-SQLAuditPrivServerLink Invoke-SQLAuditPrivTrustworthy Invoke-SQLAuditPrivXpDirtree Invoke-SQLAuditPrivXpFileexit Invoke-SQLAuditRoleDbDdlAdmin Invoke-SQLAuditRoleDbOwner Invoke-SQLAuditSampleDataByColumn Invoke-SQLAuditWeakLoginPw Invoke-SQLAuditSQLiSpExecuteAs Invoke-SQLAuditSQLiSpSigned Invoke-SQLAuditDefaultLoginPw Invoke-SQLAuditPrivAutoExecSp Invoke-SQLDumpInfo Invoke-SQLEscalatePriv Invoke-SQLImpersonateService Invoke-SQLImpersonateServiceCmd Invoke-SQLUncPathInjection Invoke-SQLOSCmd Invoke-SQLOSCmdCLR Invoke-SQLOSCmdCOle Invoke-SQLOSCmdPython Invoke-SQLOSCmdR Invoke-SQLOSCmdAgentJob Invoke-TokenManipulation

Dependencies

This module has no dependencies.

  • PowerUpSQL.nuspec
  • LICENSE
  • PowerUpSQL.ps1
  • PowerUpSQL.psd1
  • PowerUpSQL.psm1
  • README.md
  • images\ADS_Query_AdHoc.png
  • images\ADS_Query_LinkServer.png
  • images\powerupsql-large.png
  • images\powerupsql-small.png
  • images\readme.rd
  • images\Unofficial.png
  • scripts\README.md
  • scripts\pending\Get-SQLCompactQuery.ps1
  • scripts\pending\Get-SQLServiceAccountPwHashes.ps1
  • scripts\pending\Invoke-SQLOSCmdCLRWMIProvider.ps1
  • scripts\pending\Invoke-SqlServer-Persist-StartupSp.psm1
  • scripts\pending\Invoke-SqlServer-Persist-TriggerDDL.psm1
  • scripts\pending\Invoke-SqlServer-Persist-TriggerLogon.psm1
  • scripts\pending\README.md
  • scripts\pending\SQLC2.ps1
  • templates\CheatSheet_ConnectionStrings.txt
  • templates\CheatSheet_SMO_Commands.ps1
  • templates\CheatSheet_UncPathInjection.txt
  • templates\cmd_exec.cpp
  • templates\cmd_exec.cs
  • templates\evil.cpp
  • templates\VB and JS Scripts Examples
  • templates\tsql\AllowPublicXpRegWrite
  • templates\tsql\Audit Command Execution Template.sql
  • templates\tsql\download_cradle_tsql_bulkinserver.sql
  • templates\tsql\download_cradle_tsql_oap.sql
  • templates\tsql\download_cradle_tsql_oap2.sql
  • templates\tsql\Get- RolePrivs
  • templates\tsql\Get-10MostExpressiveQueries.tsql
  • templates\tsql\Get-AgentJob.sql
  • templates\tsql\Get-AuditAction.sql
  • templates\tsql\Get-AuditDatabase.sql
  • templates\tsql\Get-AuditServer.sql
  • templates\tsql\Get-CachedPlans.sql
  • templates\tsql\Get-Column.sql
  • templates\tsql\Get-Credential.sql
  • templates\tsql\Get-CurrentLogin.sql
  • templates\tsql\Get-Database.sql
  • templates\tsql\Get-DatabaseAudit.sql
  • templates\tsql\Get-DatabasePriv.sql
  • templates\tsql\Get-DatabaseRole.sql
  • templates\tsql\Get-DatabaseUser.sql
  • templates\tsql\Get-Domain.sql
  • templates\tsql\Get-Endpoint.sql
  • templates\tsql\Get-PrincipalID2SqlLogin.sql
  • templates\tsql\Get-Proc.sql
  • templates\tsql\Get-ProcParameter.sql
  • templates\tsql\Get-ProcPriv.sql
  • templates\tsql\Get-ProcSigned.sql
  • templates\tsql\Get-ProcSignedByCertLogin.sql
  • templates\tsql\Get-QueryHistory.sql
  • templates\tsql\Get-Schema
  • templates\tsql\Get-Schema.sql
  • templates\tsql\Get-ServerAudit.sql
  • templates\tsql\Get-ServerCertLogin.sql
  • templates\tsql\Get-ServerConfiguration.sql
  • templates\tsql\Get-ServerLink.sql
  • templates\tsql\Get-ServerLogin.sql
  • templates\tsql\Get-ServerPriv.sql
  • templates\tsql\Get-ServerRole.sql
  • templates\tsql\Get-ServiceAccount.sql
  • templates\tsql\Get-Session.sql
  • templates\tsql\Get-SID2WinAccount.sql
  • templates\tsql\Get-SQLAgentJobProxy.tsql
  • templates\tsql\Get-SQLDomainUser-Example.sql
  • templates\tsql\Get-SQLForcedEncryptionSetting.sql
  • templates\tsql\Get-SqlLogin2PrincipalID.sql
  • templates\tsql\Get-SQLOleDbProvider.sql
  • templates\tsql\Get-SQLPolicies.sql
  • templates\tsql\Get-SQLStoredProcedureCLR.sql
  • templates\tsql\Get-SQLStoredProcedureXp.sql
  • templates\tsql\Get-Table.sql
  • templates\tsql\Get-TablePriv.sql
  • templates\tsql\Get-TempObject.sql
  • templates\tsql\Get-TriggerDDL.sql
  • templates\tsql\Get-TriggerDML.sql
  • templates\tsql\Get-TriggerEventType.sql
  • templates\tsql\Get-TriggerEventTypes.sql
  • templates\tsql\Get-Version.sql
  • templates\tsql\Get-View.sql
  • templates\tsql\Get-WinAccount2SID.sql
  • templates\tsql\Get-WinAutoRunPw.tsql
  • templates\tsql\oscmdexec_agentjob_activex_jscript.sql
  • templates\tsql\oscmdexec_agentjob_activex_vbscript.sql
  • templates\tsql\oscmdexec_agentjob_cmdexec.sql
  • templates\tsql\oscmdexec_agentjob_powershell.sql
  • templates\tsql\oscmdexec_customxp.cpp
  • templates\tsql\oscmdexec_oleautomationobject.sql
  • templates\tsql\oscmdexec_openrowset.sql
  • templates\tsql\oscmdexec_pythonscript.tsql
  • templates\tsql\oscmdexec_rscript.sql
  • templates\tsql\oscmdexec_xpcmdshell.sql
  • templates\tsql\oscmdexec_xpcmdshell_proxy.sql
  • templates\tsql\persist_reg_run.tsql
  • templates\tsql\readfile_BulkInsert.sql
  • templates\tsql\readfile_OpenDataSourceTxt.sql
  • templates\tsql\readfile_OpenDataSourceXlsx
  • templates\tsql\readfile_OpenRowSetBulk.sql
  • templates\tsql\readfile_OpenRowSetTxt.sql
  • templates\tsql\readfile_OpenRowSetXlsx.sql
  • templates\tsql\writefile_bulkinsert.sql
  • templates\tsql\writefile_OpenRowSetTxt.sql
  • tests\pesterdb.sql
  • tests\PowerUpSQLTests.ps1
  • tests\readme.md

Version History

Version Downloads Last updated
1.103.8 (current version) 630 6/4/2018
1.103.3 56 5/14/2018
1.84.107 601 9/15/2017
1.0.0.76 307 5/3/2017
1.0.0.55 224 12/20/2016
1.0.0.17 195 7/21/2016
1.0.0.10 35 7/15/2016
1.0.0.9 7 7/15/2016
1.0.0.8 5 7/14/2016
1.0.0.7 9 7/13/2016