mirror of
https://github.com/LOLBAS-Project/LOLBAS
synced 2024-12-25 22:39:27 +01:00
Converted pull request from keepwatch into yml format. Original request here: https://github.com/LOLBAS-Project/LOLBAS/pull/19 - Thanks for contributing
This commit is contained in:
parent
aba9538581
commit
3371628d0b
@ -1,11 +1,11 @@
|
|||||||
---
|
---
|
||||||
Name: Sqlps.exe
|
Name: Sqlps.exe
|
||||||
Description: Tool included with Microsoft SQL Server that loads SQL Server cmdlets.
|
Description: Tool included with Microsoft SQL Server that loads SQL Server cmdlets. Microsoft SQL Server\100 and 110 are Powershell v2. Microsoft SQL Server\120 and 130 are Powershell version 4. Replaced by SQLToolsPS.exe in SQL Server 2016, but will be included with installation for compatability reasons.
|
||||||
Author: 'Oddvar Moe'
|
Author: 'Oddvar Moe'
|
||||||
Created: '2018-05-25'
|
Created: '2018-05-25'
|
||||||
Commands:
|
Commands:
|
||||||
- Command: Sqlps.exe -noprofile
|
- Command: Sqlps.exe -noprofile
|
||||||
Description: Drop into a SQL Server PowerShell console without Module and ScriptBlock Logging.
|
Description: Run a SQL Server PowerShell mini-console without Module and ScriptBlock Logging.
|
||||||
Usecase: Execute PowerShell commands without ScriptBlock logging.
|
Usecase: Execute PowerShell commands without ScriptBlock logging.
|
||||||
Category: Execute
|
Category: Execute
|
||||||
Privileges: User
|
Privileges: User
|
||||||
@ -14,12 +14,16 @@ Commands:
|
|||||||
OperatingSystem: Windows
|
OperatingSystem: Windows
|
||||||
Full_Path:
|
Full_Path:
|
||||||
- Path: C:\Program files (x86)\Microsoft SQL Server\100\Tools\Binn\sqlps.exe
|
- Path: C:\Program files (x86)\Microsoft SQL Server\100\Tools\Binn\sqlps.exe
|
||||||
|
- Path: C:\Program files (x86)\Microsoft SQL Server\110\Tools\Binn\sqlps.exe
|
||||||
|
- Path: C:\Program files (x86)\Microsoft SQL Server\120\Tools\Binn\sqlps.exe
|
||||||
|
- Path: C:\Program files (x86)\Microsoft SQL Server\130\Tools\Binn\sqlps.exe
|
||||||
Code_Sample:
|
Code_Sample:
|
||||||
- Code:
|
- Code:
|
||||||
Detection:
|
Detection:
|
||||||
- IOC:
|
- IOC:
|
||||||
Resources:
|
Resources:
|
||||||
- Link: https://twitter.com/bryon_/status/975835709587075072
|
- Link: https://twitter.com/bryon_/status/975835709587075072
|
||||||
|
- Link: https://docs.microsoft.com/en-us/sql/powershell/sql-server-powershell?view=sql-server-2017
|
||||||
Acknowledgement:
|
Acknowledgement:
|
||||||
- Person: Bryon
|
- Person: Bryon
|
||||||
Handle: '@bryon_'
|
Handle: '@bryon_'
|
||||||
|
@ -1,11 +1,11 @@
|
|||||||
---
|
---
|
||||||
Name: SQLToolsPS.exe
|
Name: SQLToolsPS.exe
|
||||||
Description: Tool included with Microsoft SQL that loads SQL Server cmdlts. A replacement for sqlps.exe.
|
Description: Tool included with Microsoft SQL that loads SQL Server cmdlts. A replacement for sqlps.exe. Successor to sqlps.exe in SQL Server 2016+.
|
||||||
Author: 'Oddvar Moe'
|
Author: 'Oddvar Moe'
|
||||||
Created: '2018-05-25'
|
Created: '2018-05-25'
|
||||||
Commands:
|
Commands:
|
||||||
- Command: SQLToolsPS.exe -noprofile -command Start-Process calc.exe
|
- Command: SQLToolsPS.exe -noprofile -command Start-Process calc.exe
|
||||||
Description: Run PowerShell scripts and commands.
|
Description: Run a SQL Server PowerShell mini-console without Module and ScriptBlock Logging.
|
||||||
Usecase: Execute PowerShell command.
|
Usecase: Execute PowerShell command.
|
||||||
Category: Execute
|
Category: Execute
|
||||||
Privileges: User
|
Privileges: User
|
||||||
@ -20,6 +20,7 @@ Detection:
|
|||||||
- IOC:
|
- IOC:
|
||||||
Resources:
|
Resources:
|
||||||
- Link: https://twitter.com/pabraeken/status/993298228840992768
|
- Link: https://twitter.com/pabraeken/status/993298228840992768
|
||||||
|
- Link: https://docs.microsoft.com/en-us/sql/powershell/sql-server-powershell?view=sql-server-2017
|
||||||
Acknowledgement:
|
Acknowledgement:
|
||||||
- Person: Pierre-Alexandre Braeken
|
- Person: Pierre-Alexandre Braeken
|
||||||
Handle: '@pabraeken'
|
Handle: '@pabraeken'
|
||||||
|
Loading…
Reference in New Issue
Block a user