PowerUpSQL v1.106 releases: A PowerShell Toolkit for Attacking SQL Server

by do son · Published March 28, 2019 · Updated April 20, 2020

PowerUpSQL: A PowerShell Toolkit for Attacking SQL Server

The PowerUpSQL module includes functions that support SQL Server discovery, auditing for common weak configurations, and privilege escalation on the scale. It is intended to be used during internal penetration tests and red team engagements. However, PowerUpSQL also includes many functions that could be used by administrators to quickly inventory the SQL Servers in their ADS domain.

Function Categories

Below is a list of PowerUpSQL function categories. The categories are loosely mapped to common SQL Server attack workflows. Each page contains a list of the associated functions that can be used during testing.

Changelog v1.106

Added the functions Invoke-SQLUploadFileOle and Invoke-SQLDownloadFile provided by Mariusz B. / mgeeky.

Download

git clone https://github.com/NetSPI/PowerUpSQL.git

Usage

Setting Up PowerUpSQL

Option 1: Install it from the PowerShell Gallery. This requires local administrative privileges and will permanently install the module.
```
Install-Module -Name PowerUpSQL
```
Option 2: Download the project and import it. This does not require administrative privileges and will only be imported into the current session. However, it may be blocked by restrictive execution policies.
```
Import-Module PowerUpSQL.psd1
```
Option 3: Load it into a session via a downloading cradle. This does not require administrative privileges and will only be imported into the current session. It should not be blocked by executions policies.IEX(New-Object System.Net.WebClient).DownloadString(“https://raw.githubusercontent.com/NetSPI/PowerUpSQL/master/PowerUpSQL.ps1”) Note: To run as an alternative domain user, use the run as command to launch PowerShell first.runas /noprofile /netonly /user:domain\user PowerShell.exe