Invoke-SQLAuditWeakLoginPw: StartID/EndId VS FuzzNum parameters

NetSPI / PowerUpSQL

PowerUpSQL: A PowerShell Toolkit for Attacking SQL Server

Other

2.47k stars 462 forks source link

Invoke-SQLAuditWeakLoginPw: StartID/EndId VS FuzzNum parameters #28

Closed cnotin closed 6 years ago

cnotin commented 6 years ago

In the Invoke-SQLAuditWeakLoginPw function, the documentation describes the StartId and EndId parameters. They are used later in a message Write-Verbose -Message "$Instance - Fuzzing principal IDs $StartId to $EndId...". However they are not used anymore. They seem to have been replaced by FuzzNum that is accepted as argument but not documented.

nullbind commented 6 years ago

@ClementNotin

Nice catch! I must have missed that when I switched to using number tables. :) I'll assign it to myself and put that in my list of help content / wiki updates. I'll let you know when I have it cleaned up.

Thanks again!

nullbind commented 6 years ago

@ClementNotin

I updated the help documentation and the verbose output for the Invoke-SQLAuditWeakLoginPw and Get-SQLFuzzServerLogin functions. If i missed anything let me know. For now I'll close it out.

Thanks again,

Scott

cnotin commented 6 years ago

There's still a reference left in the example command of Get-SQLFuzzServerLogin:

Get-SQLFuzzServerLogin -Instance SQLServer1\STANDARDDEV2014 -StartId 1 -EndId 500 | Select-Object -First 40

Otherwise LGTM! Thanks @nullbind

nullbind commented 6 years ago

Oops, I’ll get that one a little later. Thanks :)