Converted pull request from keepwatch into yml format. Original request here: https://github.com/LOLBAS-Project/LOLBAS/pull/19 - Thanks for contributing

This commit is contained in:
Oddvar Moe 2018-12-12 12:56:53 +01:00
parent aba9538581
commit 3371628d0b
2 changed files with 9 additions and 4 deletions

View File

@ -1,11 +1,11 @@
--- ---
Name: Sqlps.exe Name: Sqlps.exe
Description: Tool included with Microsoft SQL Server that loads SQL Server cmdlets. Description: Tool included with Microsoft SQL Server that loads SQL Server cmdlets. Microsoft SQL Server\100 and 110 are Powershell v2. Microsoft SQL Server\120 and 130 are Powershell version 4. Replaced by SQLToolsPS.exe in SQL Server 2016, but will be included with installation for compatability reasons.
Author: 'Oddvar Moe' Author: 'Oddvar Moe'
Created: '2018-05-25' Created: '2018-05-25'
Commands: Commands:
- Command: Sqlps.exe -noprofile - Command: Sqlps.exe -noprofile
Description: Drop into a SQL Server PowerShell console without Module and ScriptBlock Logging. Description: Run a SQL Server PowerShell mini-console without Module and ScriptBlock Logging.
Usecase: Execute PowerShell commands without ScriptBlock logging. Usecase: Execute PowerShell commands without ScriptBlock logging.
Category: Execute Category: Execute
Privileges: User Privileges: User
@ -14,12 +14,16 @@ Commands:
OperatingSystem: Windows OperatingSystem: Windows
Full_Path: Full_Path:
- Path: C:\Program files (x86)\Microsoft SQL Server\100\Tools\Binn\sqlps.exe - Path: C:\Program files (x86)\Microsoft SQL Server\100\Tools\Binn\sqlps.exe
- Path: C:\Program files (x86)\Microsoft SQL Server\110\Tools\Binn\sqlps.exe
- Path: C:\Program files (x86)\Microsoft SQL Server\120\Tools\Binn\sqlps.exe
- Path: C:\Program files (x86)\Microsoft SQL Server\130\Tools\Binn\sqlps.exe
Code_Sample: Code_Sample:
- Code: - Code:
Detection: Detection:
- IOC: - IOC:
Resources: Resources:
- Link: https://twitter.com/bryon_/status/975835709587075072 - Link: https://twitter.com/bryon_/status/975835709587075072
- Link: https://docs.microsoft.com/en-us/sql/powershell/sql-server-powershell?view=sql-server-2017
Acknowledgement: Acknowledgement:
- Person: Bryon - Person: Bryon
Handle: '@bryon_' Handle: '@bryon_'

View File

@ -1,11 +1,11 @@
--- ---
Name: SQLToolsPS.exe Name: SQLToolsPS.exe
Description: Tool included with Microsoft SQL that loads SQL Server cmdlts. A replacement for sqlps.exe. Description: Tool included with Microsoft SQL that loads SQL Server cmdlts. A replacement for sqlps.exe. Successor to sqlps.exe in SQL Server 2016+.
Author: 'Oddvar Moe' Author: 'Oddvar Moe'
Created: '2018-05-25' Created: '2018-05-25'
Commands: Commands:
- Command: SQLToolsPS.exe -noprofile -command Start-Process calc.exe - Command: SQLToolsPS.exe -noprofile -command Start-Process calc.exe
Description: Run PowerShell scripts and commands. Description: Run a SQL Server PowerShell mini-console without Module and ScriptBlock Logging.
Usecase: Execute PowerShell command. Usecase: Execute PowerShell command.
Category: Execute Category: Execute
Privileges: User Privileges: User
@ -20,6 +20,7 @@ Detection:
- IOC: - IOC:
Resources: Resources:
- Link: https://twitter.com/pabraeken/status/993298228840992768 - Link: https://twitter.com/pabraeken/status/993298228840992768
- Link: https://docs.microsoft.com/en-us/sql/powershell/sql-server-powershell?view=sql-server-2017
Acknowledgement: Acknowledgement:
- Person: Pierre-Alexandre Braeken - Person: Pierre-Alexandre Braeken
Handle: '@pabraeken' Handle: '@pabraeken'