PowerUpSQL is a specialized tool created for SQL Server penetration testing and security auditing. It encompasses various functions for tasks like SQL Server discovery, auditing weak configurations, conducting privilege escalation on a larger scale, and executing post-exploitation actions, including running operating system commands. While its main purpose is for internal penetration tests and red team engagements, system administrators can also utilize PowerUpSQL for activities like SQL Server inventory management and addressing common security threats related to SQL Server environments.
Features
Easy Server Discovery:
- Identify local, domain, and non-domain SQL Server instances on scale using discovery functions.
Easy Server Auditing:
- Audit common high-impact vulnerabilities and weak configurations using current login privileges.
Easy Server Exploitation:
- Attempt to obtain sysadmin privileges using identified vulnerabilities.
Flexibility:
- Functions support the PowerShell pipeline, allowing easy use together or with other scripts.
Scalability:
- Pipeline support combined with multi-threading via invoke-parallel (runspaces) enables quick execution against many SQL Servers.
Portability:
- PowerUpSQL uses the .NET Framework sqlclient library, eliminating dependencies on SQLPS or SMO libraries.
Installation
Install from PowerShell Gallery:
Download and Import:
Load via Download Cradle:
Note: To run as an alternative domain user, use the runascommand to launch PowerShell prior to loading PowerUpSQL.
Examples of use
Below are examples showcasing the usage of PowerUpSQL functions:
Easy Server Discovery:
Easy Server Auditing:
Easy Server Exploitation:
Scalability:
