Invoke-SQLEscalatePriv
UnicornPwned opened this issue · 4 comments
When I execute 'Invoke-SQLEscalatePriv' I get the below errors.
VERBOSE: Instance_xyz : START VULNERABILITY CHECK: Excessive Privilege - xp_dirtree
VERBOSE: Instance_xyz : CONNECTION SUCCESS.
VERBOSE: Instance_xyz : - At least one principal has EXECUTE privileges on xp_dirtree.
VERBOSE: Instance_xyz : - You have Administrator rights. Inveigh will be loaded.
VERBOSE: Instance_xyz : - Inveigh loaded.
VERBOSE: Instance_xyz : - Start sniffing...
VERBOSE: Instance_xyz : - Inject UNC path to \\x.x.x.x\path...
VERBOSE: Instance_xyz : - Stopped sniffing.
Get-InveighCleartext : The term 'Get-InveighCleartext' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the
spelling of the name, or if a path was included, verify that the path is correct and try again.
At C:\path1\path2\PowerUpSQL-master\PowerUpSQL.ps1:12454 char:58
+ ... [string]$PassCleartext = Get-InveighCleartext
+ ~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Get-InveighCleartext:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
Get-InveighNTLMv1 : The term 'Get-InveighNTLMv1' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of
the name, or if a path was included, verify that the path is correct and try again.
At C:\path1\path2\PowerUpSQL-master\PowerUpSQL.ps1:12461 char:58
+ ... [string]$PassNetNTLMv1 = Get-InveighNTLMv1
+ ~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Get-InveighNTLMv1:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
Get-InveighNTLMv2 : The term 'Get-InveighNTLMv2' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of
the name, or if a path was included, verify that the path is correct and try again.
At C:\path1\path2\PowerUpSQL-master\PowerUpSQL.ps1:12468 char:58
+ ... [string]$PassNetNTLMv2 = Get-InveighNTLMv2
+ ~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Get-InveighNTLMv2:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
VERBOSE: Instance_xyz : - Inveigh loaded.
VERBOSE: Instance_xyz : - Start sniffing...
VERBOSE: Instance_xyz : - Inject UNC path to \\x.x.x.x\path...
VERBOSE: Instance_xyz : - Stopped sniffing.
Get-InveighCleartext : The term 'Get-InveighCleartext' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the
spelling of the name, or if a path was included, verify that the path is correct and try again.
At C:\path1\path2\PowerUpSQL-master\PowerUpSQL.ps1:12454 char:58
+ ... [string]$PassCleartext = Get-InveighCleartext
+ ~~~~~~~~~~~~~~~~~~~~
@UnicornPwned Well that's not good. Based on the error it looks like Inveigh didn't load correctly. I'll try to fix the bug this week and push it out.
Thanks for letting me know! :)
I had been running into this issue as well. This is due to some code changes with Inveigh:
- Get-InveighClearText is now Get-Inveigh -ClearText
- Get-InveighNTLMv1 is now Get-Inveigh -NTLMv1
- Get-InveighNTLMv2 is now Get-Inveigh -NTLMv2
It looks like currently the Inveigh script is being loaded by downloading from the Github repo. Would it be beneficial to include Inveigh in its entirety within PowerUpSQL? This way it does not require access to Github to download and import Inveigh's functions. Just a suggestion!
That's a good idea. The last few weeks have been a little slammed, but I'll try to make the update after I have time to test everything in the lab. As always, thanks for the feedback! :)
Hi @UnicornPwnedWell,
@kfosaaen was nice enough to fix the issue you mentioned. So everything should be stablish again. :) It sounds like it was the result of some function name changes in Inveigh. Per @leoloobeek 's advice, I'll eventually hard code Inveigh into PowerUpSQL to help avoid similar issues in the future. Thanks again for the bug report!