.. / PowerUpSQL-Get-SQLInstanceDomian-credentialAccess
Star

The Get-SQLInstanceDomain identifies all the SQL servers in the domain. This in combination with the Get-SQLConnectionTestThreaded tests whether the credentials supplied allow access to these servers. With this command an attacker can enumerate to which server it has access with found or guessed credentials. This command can be executed from a non-domain joined device, however you need to have reachability to the DomainController

Command Reference:

IP address Domaincontroller: 10.0.0.1

Domain: domain.local

User: mmaas

Password: Password123

Command:

Get-SQLInstanceDomain -Verbose -DomainController 10.0.0.1 -Username domain.local\mmaas -password Password123| Get-SQLConnectionTestThreaded -Verbose -Threads 3 | Where-Object {$_.Status -like "Accessible"}

References:

https://github.com/NetSPI/PowerUpSQL/wiki/PowerUpSQL-Cheat-Sheet

https://github.com/NetSPI/PowerUpSQL/blob/master/PowerUpSQL.ps1

.. / PowerUpSQL-Get-SQLInstanceDomian-credentialAccess Star if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

.. / PowerUpSQL-Get-SQLInstanceDomian-credentialAccess
Star