PowerUpSQL - CraigDonkin/Infrastructure GitHub Wiki
https://github.com/NetSPI/PowerUpSQL
- To discover AD Domain SQL server instances:
Get-SQLInstanceDomain
- Gather information about the instance (requires the current user to be able to connect to the instance)
Get-SQLServerInfo -Instance '<instance>'
- Discover Active Directory Domain SQL Server Instances using alternative domain credentials
runas /noprofile /netonly /user:<domain\user> PowerShell.exe import-module PowerUpSQL.psd1 Get-SQLInstanceDomain -Verbose -DomainController <DC IP> -Username <domain\user> -password <password>
- Get a list of domain SQL servers that can be logged into with a provided SQL Server login
$Targets = Get-SQLInstanceDomain -Verbose | Get-SQLConnectionTestThreaded -Verbose -Threads 10 -username <username> -password <password> | Where-Object {$_.Status -like "Accessible"}
$Targets
- Get a list of domain SQL servers that can be logged into with the current domain account
$Targets = Get-SQLInstanceDomain -Verbose | Get-SQLConnectionTestThreaded -Verbose -Threads 10 | Where-Object {$_.Status -like "Accessible"}
$Targets
- Test the current user has access to the DB:
Get-SQLConnectionTest -Instance '<instance>' | fl
- Authenticating to a known SQL Server instance as the current domain user and executing a query:
Get-SQLQuery -Verbose -Instance '<Instance>' -Query 'select @@version'
- Authenticating to a known SQL Server instance using a SQL Server login.
Get-SQLQuery -Verbose -Instance "<servername\instancename>" -username <username> -password <password>
Get-SQLQuery -Verbose -Instance "<IP\instancename>" -username <username> -password <password>
Get-SQLQuery -Verbose -Instance "<ip:port>" -username <username> -password <password>
Invoke-SQLAudit -Verbose -Instance <instance>