Comments (3)
Hey Justin,
Chris and I are certainly open to some MSSQL capabilities. Chris would be more of an authority on MSSQL though. Before considering this capability as an inclusion into PowerSploit, how would you envision such a script being used in a post exploitation environment or would this be more of a forensics capability? With the exception of some of the RE tools, we need to make sure that there's a compelling use case for everything that's added. Again, I'm fairly ignorant to MSSQL so please educate me.
Also, here's some feedback I had after checking out your script:
- No need to use .NET classes/methods for registry access. Using Get-Item and Get-ItemProperty with the reigstry PSProvider will get you everything you need.
- I would avoid relying on [IntPtr]::Size to validate the existence of the Wow64 subsystem. For example, you can install server 2012 R2 (which is 64-bit only) without the Wow64 subsystem.
- I'm not clear on the role of the Orca libraries. Bear in mind, I'm ignorant to MSSQL. Can the functionality you're trying to achieve be implemented without relying upon 3rd party libraries? In a post-exploitation scenario, I like to avoid relying on third party libs at all costs unless absolutely necessary.
Cheers,
Matt
from powersploit.
Matt,
The post exploit scenario would be to get a list off all the SQL instances on the system, then attempt to gain access to the data on them, or use xp_cmdshell as a method of privileged elevation if the proxy account is a SQL admin. I can't fully speak for the latter. I do everything in my power to not use xp_cmdshell.It's certainly a vector. However, let's concentrate on a post exploit scenario where the target is the data on the databases.
I would consider adding localdb instance scanning to the script, MSDE, and possibly sqlcompact edition support. Sometimes these are used in production, and sometimes they contain data worth exploiting.
As to your bullet points
- I can definitely use the registry PS Providers exclusively. As a C# dev I find them clunky, but I'm sure ops people prefer "pure" powershell syntax. I also realize that in certain cases (i.e. surface) you might not have access to the .NET library.
- I didn't know you could have an OS that only supports 64 bit binaries. I could certainly use test-path or more robust mechanisms.
- The idea behind the Orca Libraries is you could parse the MDF files without using the sql server engine. Perhaps you have a very locked down SQL instance, or perhaps you simply want to avoid tripping an intrusion detection system. You could use VSS to access the SQL MDFs and read the data without logging a connection to the SQL server.
from powersploit.
If you get this working without relying upon a 3rd party library, feel free to submit a pull request.
Thanks,
Matt
from powersploit.
Related Issues (20)
- Powerup missing security check
- Invoke-ReflectivePEInjection Cascade of errors HOT 5
- Full QualifiedErrorId when using the command 'get-Netuser' : BadEnumeration HOT 1
- Invoke-Mimikatz + Windows 10 (1909) HOT 2
- It is possible to use Invoke-ReflectivePEInjection with Pyinstaller .exe?
- Get-ObjectAcl resolve SID in SecurityIdentifier
- Simple authentication instead of SASL
- PowerUp gives a lot of errors HOT 2
- Get-NetLocalGroup access
- delete
- Searching files by content
- Constrained Delegation
- Invoke-mimikatz in one ligne
- Cryptodome error?
- Get-NetLoggedon and Get-NetSession data displayed incorrectly
- Invoke-ReflectivePEInjection with meterpreter exe payload quits powershell
- Get-DomainPolicyData is not recognized when importing PowerSploit.psm1 module HOT 1
- The Commands (for example Get-NetDomain, Get-DomainPolicy) don't show any output, and continue to the next command line HOT 1
- please can we get an update on invoke-mimikatz?
- Remove-Comment doesnt seem to work
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from powersploit.