PySQLRecon is a Python port of the superior SQLRecon venture by @sanjivkawa. See the instructions part for a listing of capabilities.
Set up
PySQLRecon may be put in with pip3 set up pysqlrecon or by cloning this repository and working pip3 set up .
Instructions
All the most important modules from SQLRecon have equal instructions. Instructions famous with [PRIV] require elevated privileges or sysadmin rights to run. Alternatively, instructions marked with [NORM] can possible be run by regular customers and don’t require elevated privileges.
Assist for impersonation ([I]) or execution on linked servers ([L]) are denoted on the finish of the command description.
adsi [PRIV] Acquire ADSI creds from ADSI linked server [I,L]
agentcmd [PRIV] Execute a system command utilizing agent jobs [I,L]
agentstatus [PRIV] Enumerate SQL agent standing and jobs [I,L]
checkrpc [NORM] Enumerate RPC standing of linked servers [I,L]
clr [PRIV] Load and execute .NET meeting in a saved process [I,L]
columns [NORM] Enumerate columns inside a desk [I,L]
databases [NORM] Enumerate databases on a server [I,L]
disableclr [PRIV] Disable CLR integration [I,L]
disableole [PRIV] Disable OLE automation procedures [I,L]
disablerpc [PRIV] Disable RPC and RPC Out on linked server [I]
disablexp [PRIV] Disable xp_cmdshell [I,L]
enableclr [PRIV] Allow CLR integration [I,L]
enableole [PRIV] Allow OLE automation procedures [I,L]
enablerpc [PRIV] Allow RPC and RPC Out on linked server [I]
enablexp [PRIV] Allow xp_cmdshell [I,L]
impersonate [NORM] Enumerate customers that may be impersonated
data [NORM] Collect details about the SQL server
hyperlinks [NORM] Enumerate linked servers [I,L]
olecmd [PRIV] Execute a system command utilizing OLE automation procedures [I,L]
question [NORM] Execute a customized SQL question [I,L]
rows [NORM] Get the depend of rows in a desk [I,L]
search [NORM] Search a desk for a column identify [I,L]
smb [NORM] Coerce NetNTLM auth by way of xp_dirtree [I,L]
tables [NORM] Enu merate tables inside a database [I,L]
customers [NORM] Enumerate customers with database entry [I,L]
whoami [NORM] Collect logged in person, mapped person and roles [I,L]
xpcmd [PRIV] Execute a system command utilizing xp_cmdshell [I,L]
Utilization
PySQLRecon has world choices (accessible to any command), with some instructions introducing further flags. All world choices should be specified earlier than the command identify:
pysqlrecon [GLOBAL_OPTS] COMMAND [COMMAND_OPTS]
View world choices:
View command particular choices:
pysqlrecon [GLOBAL_OPTS] COMMAND --help
Change the database authenticated to, or utilized in sure PySQLRecon instructions (question, tables, columns rows), with the --database flag.
Goal execution of a PySQLRecon command on a linked server (as a substitute of the SQL server being authenticated to) utilizing the --link flag.
Impersonate a person account whereas working a PySQLRecon command with the --impersonate flag.
--link and --impersonate and incompatible.
Growth
pysqlrecon makes use of Poetry to handle dependencies. Set up from supply and setup for growth with:
git clone https://github.com/tw1sm/pysqlrecon
cd pysqlrecon
poetry set up
poetry run pysqlrecon --help
Including a Command
PySQLRecon is well extensible – see the template and directions in assets
TODO
- Add SQLRecon SCCM instructions
- Add Azure SQL DB assist?
References and Credit