Threading and input lists
cmprmsd opened this issue Β· 4 comments
Took a while but now I had time to test the tool πͺ, really noice!
The thing it lacks for other engagements e.g. pentests or customers where you can be a bit more noisy, would be the option to enumerate multiple servers at once and pick the easiest one.
Therefore options to
- output the servers identified by SPNs to a file
- have input files for a list of identified valid mssql servers (e.g. those with creds)
- threading for the above
would be highly beneficial π
Thanks for taking a look at SQLRecon!
All good points. SQLRecon was really designed to operate within a C2 framework, although, it works the exact same through the windows command line and powershell.
In terms of output, I donβt think Iβm going to implement this unless there is a compelling reason to do so. Mainly for two reasons, first, there are easy ways to redirect console output to file, for example the > operator in command line and Out-File in powershell. Second, when operating in C2, leaving behind artifacts is not ideal.
For your next point regarding input files, I think a good compromise would be allowing for multiple hosts to be supplied using something like comma separated values. This removes introducing a file onto the target system. A thread pool can easily be implemented for this sort of thing.
Let me know your thoughts.
Thanks again.
The fileless approach definitely makes sense for these engagements, I agree and no worries. Just wanted to give some feedback and ideas π
Yup, a comma separated list of IPs makes sense. Maybe flexible enough to have optional ports so that e.g. the following would be accepted without errors:
10.10.10.1,10.10.10.2:5566,...
For the output it is really only a matter of comfort. You're right, if I think about it. π¬
Appreciate the feedback! Good call on the ports ππ½
Closing this for now as this is going into the next SQLRecon release.