Explore SQL Server hacking techniques at scale using PowerShell in this 29-minute conference talk from Derbycon 2016. Dive into the PowerUpSQL project, covering SQL Server basics, account types, and server discovery methods. Learn to test login access, escalate privileges to sysadmin, and exploit service accounts. Examine advanced techniques like crawling database links and UNC path injection, complete with a live demonstration. Gain insights into post-exploitation strategies and receive general recommendations for securing SQL Server environments.
Overview
Syllabus
Intro
Presentation Overview
PowerUpSQL Overview: Project Goals
SQL Server Basics: Account Types
Find SQL Servers: Techniques
Testing Login Access: Overview
Testing Login Access: Command Examples
Escalating Privileges: Getting Sysadmin Privs
Escalating Privileges: SysAdmin to Service Account
Escalating Privileges: Shared Service Accounts
Escalating Privileges: Crawling Database Links
Escalating Privileges: UNC Path Injection
Escalating Privileges: DEMO
Post Exploitation: Overview
General Recommendations
