A library of beacon object files to interact with remote SQL servers and data. This collection is templated off the TrustedSec CS-Situational-Awareness-BOF collection and models the functionality of the SQLRecon project.
Load the aggressor script located at SQL/SQL.cna
.
⚠️ Use x64 BOFs only, issue with x86 BOFs tracked here ⚠️
Commands | Usage | Notes |
---|---|---|
sql-adsi | [server] [ADSI_linkedserver] [opt: port] [opt: database] [opt: linkedserver] [opt: impersonate] | Obtain ADSI creds from ADSI linked server |
sql-agentcmd | [server] [command] [opt: database] [opt: linkedserver] [opt: impersonate] | Execute a system command using agent jobs |
sql-agentstatus | [server] [opt: database] [opt: linkedserver] [opt: impersonate] | Enumerate SQL agent status and jobs |
sql-checkrpc | [server] [opt: database] [opt: linkedserver] [opt: impersonate] | Enumerate RPC status of linked servers |
sql-clr | [server] [dll_path] [function] [opt: database] [opt: linkedserver] [opt: impersonate] | Load and execute .NET assembly in a stored procedure |
sql-columns | [server] [table] [opt: database] [opt: linkedserver] [opt: impersonate] | Enumerate columns within a table |
sql-databases | [server] [opt: database] [opt: linkedserver] [opt: impersonate] | Enumerate databases on a server |
sql-disableclr | [server] [opt: database] [opt: linkedserver] [opt: impersonate] | Disable CLR integration |
sql-disableole | [server] [opt: database] [opt: linkedserver] [opt: impersonate] | Disable OLE Automation Procedures |
sql-disablerpc | [server] [linkedserver] [opt: database] [opt: impersonate] | Disable RPC and RPC out on a linked server |
sql-disablexp | [server] [opt: database] [opt: linkedserver] [opt: impersonate] | Disable xp_cmdshell |
sql-enableclr | [server] [opt: database] [opt: linkedserver] [opt: impersonate] | Enable CLR integration |
sql-enableole | [server] [opt: database] [opt: linkedserver] [opt: impersonate] | Enable OLE Automation Procedures |
sql-enablerpc | [server] [linkedserver] [opt: database] [opt: impersonate] | Enable RPC and RPC out on a linked server |
sql-enablexp | [server] [opt: database] [opt: linkedserver] [opt: impersonate] | Enable xp_cmdshell |
sql-impersonate | [server] [opt: database] | Enumerate users that can be impersonated |
sql-info | [server] [opt: database] | Gather information about the SQL server |
sql-links | [server] [opt: database] [opt: linkedserver] [opt: impersonate] | Enumerate linked servers |
sql-olecmd | [server] [command] [opt: database] [opt: linkedserver] [opt: impersonate] | Execute a system command using OLE automation procedures |
sql-query | [server] [query] [opt: database] [opt: linkedserver] [opt: impersonate] | Execute a custom SQL query |
sql-rows | [server] [table] [opt: database] [opt: linkedserver] [opt: impersonate] | Get the count of rows in a table |
sql-search | [server] [search] [opt: database] [opt: linkedserver] [opt: impersonate] | Search a table for a column name |
sql-smb | [server] [\\listener] [opt: database] [opt: linkedserver] [opt: impersonate] | Coerce NetNTLM auth via xp_dirtree |
sql-tables | [server] [opt: database] [opt: linkedserver] [opt: impersonate] | Enumerate tables within a database |
sql-users | [server] [opt: database] [opt: linkedserver] [opt: impersonate] | Enumerate users with database access |
sql-whoami | [server] [opt: database] [opt: linkedserver] [opt: impersonate] | Gather logged in user, mapped user and roles |
sql-xpcmd | [server] [command] [opt: database] [opt: linkedserver] [opt: impersonate] | Execute a system command via xp_cmdshell |