Feature Requests
aconite33 opened this issue · 3 comments
Would it be possible to add additional functionality to put the system back in a state before exploitation?
E.g., in order to run a command via XP_CmdShell it needs to be enabled. Running Invoke-SQLOSCmd enables the XP_CmdShell, but doesn't disable it afterwards.
Also, doing the privesc (Invoke-SQLEscalatePriv) giving an account sysadm, have a descalation, to return the user to a normal, non-elevated state.
Bummer I thought I had it setup to restore state. I'll take a look at that along with the other issue you mentioned. Thanks for the heads up, I appreciate it! I'll ping once I make some progress.
Hi @aconite33,
I tested the most recent version of Invoke-SQLOSCmd. It enabled, and disabled the configurations successfully. In my test environment I used PowerUpsSQL version 1.91.117 to validate Invoke-SQLOSCmd worked correctly against the following standard editions of SQL Server:
- SQL Server 2005
- SQL Server 2008
- SQL Server 2012
- SQL Server 2014
- SQL Server 2016
- SQL Server 2017
What version of SQL Server were you attacking? Also, what version of PowerUpSQL were you running? Maybe it bombed out due to a version issue?
Also, below are a few reasons the the 'xp_cmdshell' and 'Show Advanced Options' configurations would not be disabled at the end of the command execution:
- The configurations were already enabled when you got on the box.
- The command or query execution was interrupted.
- Policy Based Management was configured to prevent certain actions (even as a sysadmin)...I've never actually seen that one in production, but played with it in the lab.
Let me know your thoughts.
Thanks,
Scott
PS: I created a separate ticket for the "Invoke-SQLEscalatePriv" feature request.
#18
I'm going to close this one out, but let me know if you have any follow up comments.