Skip to content

Navigation Menu

Explore
By company size
By use case
By industry
View all solutions
Topics
- AI
- DevOps
- Security
- Software Development
- View all
Explore
- GitHub Sponsors
  Fund open source developers
- The ReadME Project
  GitHub community articles
Repositories
- Enterprise platform
  AI-powered developer platform
Available add-ons
Pricing

Search code, repositories, users, issues, pull requests...

Search

Clear

Search syntax tips

Provide feedback

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Saved searches

Use saved searches to filter your results more quickly

Name

Query

To see all available qualifiers, see our documentation.

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.

Dismiss alert

NetSPI / PowerUpSQL Public

Notifications You must be signed in to change notification settings
Fork 463
Star 2.5k

Code
Issues 19
Pull requests 2
Actions
Projects
Wiki
Security
Insights

Additional navigation options

Code
Issues
Pull requests
Actions
Projects
Wiki
Security
Insights

Third Party Functions

Jump to bottom

Scott Sutherland edited this page Aug 7, 2016 · 5 revisions

Third Party Functions

Toggle table of contents Pages 20

Home
Active Directory Recon Functions
Audit Functions
Common Functions
Core Functions
Data Exfiltration Functions
Discovery Functions
Overview of PowerUpSQL
Password Recovery Functions
Persistence Functions
PowerUpSQL Cheat Sheet
Primary Attack Functions
Setting Up PowerUpSQL
SQL Server UNC Path Injection Cheat Sheet
SQL Server Connection String Cheat Sheet
SQL Server Detective Control Cheat Sheet
SQL Server Notes
SQL Server Service Principal Name Formats
Third Party Functions
Utility Functions

Introduction

Overview
Download
Setup

Cheat Sheets

PowerUpSQL Commands
UNC Path Injection
Connection Strings
SQL Server SPN Formats
SQL Server Detective Controls
Code Templates

PowerUpSQL Blogs

Introduction to PowerUpSQL
Blindly Discover SQL Server Instances
Finding Sensitive Data on Domain SQL Servers
Finding Weak Passwords for Domain SQL Servers on Scale
Finding Default Passwords Associated with Application Specific Instances
Get Sysadmin as Local Admin
Get Windows Auto Login Passwords via SQL Server
Establishing Registry Persistence via SQL Server
Establishing Persistence via SQL Server Triggers
Establishing Persistence via SQL Server Startup Procedures
Crawling SQL Server Links
Attacking SQL Server CLR
Bypassing SQL Server Logon Trigger Restrictions
SQL Server as a C2
Dumping Active Directory Information with SQL Server
Attacking Stored Procedures via SQLi
Attacking Insecure Impersonation Configurations
Attacking Trustworthy Databases
Enumerating Logins and Domain Accounts via SQL Server
Using SQL Server to Attack Forest Trusts
Exploiting Global Temporary Tables
Hijacking SQL Server Credentials using Agent Jobs for Domain Privilege Escalation

PowerUpSQL Talks

2020 May Troopers20 Video
2020 May Troopers20 Slides
2018 Aug BH Arsenal Video
2018 Aug BH Arsenal Slides
2017 SEPT DerbyCon7 Video
2017 SEPT DerbyCon7 Slides
2017 May Secure360 Slides
2017 May THOTCON Slides
2016 OCT Arcticcon Slides
2016 OCT PASS Webinar Video
2016 SEPT DerbyCon6 Slides
2016 SEPT DerbyCon6 Video
2015 APR OWASP Slides
2015 APR OWASP Video

PowerUpSQL Videos

Discover SQL Server Instances
Unauthenticated to SQL Login - Default Passwords
Domain User to SQL Sysadmin - UNC Injection
SQL Login to Sysadmin-Auto
SQL Login to Sysadmin-LoginEnum+PwGuess
SQL Login to Sysadmin-Link Crawling 1
SQL Login to Sysadmin-Link Crawling 2
SQL Login to OS Admin-UNC Path Injection
OS Admin to Sysadmin-Impersonation
Audit Configurations
Find Sensitive Data
Attacking SQL Server CLR Assemblies Webinar

Function Categories

Discovery
Active Directory Recon
Audit
Attack
Password Recovery
Persistence
Data Exfiltration
Core
Common
Utility
Third Party

Related Projects

DAFT
Evil SQL Client (ESC)
SQLC2
SQL Injection Wiki

Recommended Content

Recover ADSI PWDs
MSSQL CLR Proxy
MSSQL Link Visualization
SQLRecon
DBATools

Clone this wiki locally

Footer

© 2024 GitHub, Inc.

Footer navigation

Terms
Privacy
Security
Status
Docs
Contact

You can’t perform that action at this time.