Overview
This course teaches learners how to hack SQL Server on a large scale using PowerShell. The course covers topics such as SQL Server basics, finding SQL servers, testing login access, escalating privileges, and post-exploitation techniques. The teaching method involves a series of videos from Derbycon 2016. The intended audience for this course includes individuals interested in cybersecurity, ethical hacking, and SQL Server security.
Syllabus
Intro
Presentation Overview
PowerUpSQL Overview: Project Goals
SQL Server Basics: Account Types
Find SQL Servers: Techniques
Testing Login Access: Overview
Testing Login Access: Command Examples
Escalating Privileges: Getting Sysadmin Privs
Escalating Privileges: SysAdmin to Service Account
Escalating Privileges: Shared Service Accounts
Escalating Privileges: Crawling Database Links
Escalating Privileges: UNC Path Injection
Escalating Privileges: DEMO
Post Exploitation: Overview
General Recommendations