Pazar , 28 Şubat 2021

Offensive Security Tool: PowerUpSQL

PowerUPSQL written by Scott Sutherland, includes functions that support SQL Server discovery, weak configuration auditing, privilege escalation on scale, and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However, PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.

SQL Database attacks are frequently hunted by hackers, whether it is a WebApp using an sql database, or an internal framework/application. Misconfiguration is very common from a security perspective and are on the rise, due to the way you interact with the DB. Once you get credentials or credit card details and/or privacy is invaded, it gives the attackers full access especially when users tend to use the same passwords across their personal/business login pages, so post exploitation after SQL takes place such as uploading a php worm or getting persistency on the machines for further recon/attack scenarios and of course dumping password hashes, CAN allow you to login without the need to crack it (PSEXEC ..)

Github Link

Support :

Bir cevap yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir