internal void Run(string[] args)
{
Console.WriteLine(BANNER2);
Console.WriteLine(DELIMITER);
try
{
options.Parse(args);
}
catch (OptionException ex)
{
Console.WriteLine(ex.Message);
return;
}
if (help)
{
Console.WriteLine(DELIMITER);
options.WriteOptionDescriptions(Console.Out);
Console.WriteLine(DELIMITER);
Console.WriteLine("Options per Method: ");
Console.WriteLine(DELIMITER);
Console.WriteLine("AgentJob:");
Console.WriteLine("\t-i InstanceName\n\t--SubsystemFilter=SUBSYSTEM\n\t--KeywordFilter=KEYWORD\n\t--UsingProxyCredentials <Filter for Proxy Credentials>\n\t--ProxyCredentials=CREDENTIALS\n");
Console.WriteLine("AssemblyFile:");
Console.WriteLine("\t-i InstanceName\n\t--AssemblyNameFilter=ASSEMBLY\n\t--ExportAssembly <Export Assemblies>\n");
Console.WriteLine("AuditDatabaseSpec:");
Console.WriteLine("\t-i InstanceName\n");
Console.WriteLine("AuditPrivCreateProcedure:");
Console.WriteLine("\t-i InstanceName\n");
Console.WriteLine("AuditPrivDbChaining:");
Console.WriteLine("\t-i InstanceName\n");
Console.WriteLine("AuditPrivServerLink:");
Console.WriteLine("\t-i InstanceName\n");
Console.WriteLine("AuditPrivTrustworthy:");
Console.WriteLine("\t-i InstanceName\n");
Console.WriteLine("AuditPrivXpDirTree:");
Console.WriteLine("\t-i InstanceName\n");
Console.WriteLine("AuditPrivXpFileExists:");
Console.WriteLine("\t-i InstanceName\n");
Console.WriteLine("AuditRoleDbOwner:");
Console.WriteLine("\t-i InstanceName\n");
Console.WriteLine("AuditServerSpec:");
Console.WriteLine("\t-i InstanceName\n\t--AuditNameFilter=NAME\n\t--AuditSpecificationFilter=SPECIFICATION\n\t--AuditActionNameFilter=ACTION\n");
Console.WriteLine("AuditSQLiSpExecuteAs:");
Console.WriteLine("\t-i InstanceName\n");
Console.WriteLine("AuditSQLiSpSigned:");
Console.WriteLine("\t-i InstanceName\n");
Console.WriteLine("Column:");
Console.WriteLine("\t-i InstanceName\t-d DatabaseName\n\t-n <No Defaults> \n\t-h <Has Access>\n\t-s <Is SysAdmin>\n\t--ColumnFilter=FILTER\n\t--ColumnSearchFilter=WILDCARD_FILTER\n");
Console.WriteLine("ColumnSampleData:");
Console.WriteLine("\t-i InstanceName\t-d DatabaseName\n\t-n <No Defaults> \n\t-h <Has Access>\n\t-s <Is SysAdmin>\n\t--SearchKeywords=KEYWORDS\n\t--SampleSize=SIZE\n\t--ValidateCC <Run Luhn Algorithm on Results>\n");
Console.WriteLine("Connection:");
Console.WriteLine("\t-i InstanceName\n");
Console.WriteLine("Database:");
Console.WriteLine("\t-i InstanceName\t-d DatabaseName\n\t-n <No Defaults> \n\t-h <Has Access>\n\t-s <Is SysAdmin>\n");
Console.WriteLine("DatabasePriv:");
Console.WriteLine("\t-i InstanceName\t-d DatabaseName\n\t-n <No Defaults> \n\t--PermissionNameFilter=PERMISSION\n\t--PrincipalNameFilter=PRINCIPAL\n\t--PermissionTypeFilter=PERMISSION\n");
Console.WriteLine("DatabaseRole:");
Console.WriteLine("\t-i InstanceName\t-d DatabaseName\n\t-n <No Defaults> \n\t--RoleOwnerFilter=OWNER\n\t--RolePrincipalNameFilter=PRINCIPAL\n");
Console.WriteLine("DatabaseSchema:");
Console.WriteLine("\t-i InstanceName\t-d DatabaseName\n\t-n <No Defaults> \n\t--SchemaFilter=SCHEMA\n");
Console.WriteLine("DatabaseUser:"******"\t-i InstanceName\t-d DatabaseName\n\t-n <No Defaults> \n\t--DatabaseUserFilter=USER\n\t--PrincipalNameFilter=NAME\n");
Console.WriteLine("FuzzDatabaseName:");
Console.WriteLine("\t-i InstanceName\n\t-StartId=0 \n\t--EndId=5\n");
Console.WriteLine("FuzzDomainAccount:");
Console.WriteLine("\t-i InstanceName\n\t-StartId=0 \n\t--EndId=5\n");
Console.WriteLine("FuzzObjectName:");
Console.WriteLine("\t-i InstanceName\n\t-StartId=0 \n\t--EndId=5\n");
Console.WriteLine("FuzzServerLogin:"******"\t-i InstanceName\n\t--EndId=5\n");
Console.WriteLine("OleDbProvider:");
Console.WriteLine("\t-i InstanceName\n");
Console.WriteLine("OSCmd:");
Console.WriteLine("\t-i InstanceName -q COMMAND --RestoreState <Undo any changes made to run command>\n");
Console.WriteLine("OSCmdAgentJob:");
Console.WriteLine("\t-i InstanceName -q COMMAND\n");
Console.WriteLine("OSCmdOle:");
Console.WriteLine("\t-i InstanceName -q COMMAND --RestoreState <Undo any changes made to run command>\n");
Console.WriteLine("OSCmdPython:");
Console.WriteLine("\t-i InstanceName -q COMMAND --RestoreState <Undo any changes made to run command>\n");
Console.WriteLine("OSCmdR:");
Console.WriteLine("\t-i InstanceName -q COMMAND --RestoreState <Undo any changes made to run command>\n");
Console.WriteLine("Query:");
Console.WriteLine("\t-i InstanceName -q QUERY\n");
Console.WriteLine("ServerConfiguration:");
Console.WriteLine("\t-i InstanceName\n");
Console.WriteLine("ServerCredential:");
Console.WriteLine("\t-i InstanceName \n\t--CredentialNameFilter=CREDENTIAL\n");
Console.WriteLine("ServerInfo:");
Console.WriteLine("\t-i InstanceName\n");
Console.WriteLine("ServerLink:");
Console.WriteLine("\t-i InstanceName \n\t--DatabaseLinkName=LINK\n");
Console.WriteLine("ServerLinkCrawl:");
Console.WriteLine("\t-i InstanceName -q QUERY\n");
Console.WriteLine("ServerLogin:"******"\t-i InstanceName \n\t--PrincipalNameFilter=NAME\n");
Console.WriteLine("ServerLoginDefaultPw:");
Console.WriteLine("\t-i InstanceName\n");
Console.WriteLine("ServerPasswordHash:");
Console.WriteLine("\t-i InstanceName\n");
Console.WriteLine("ServerPriv:");
Console.WriteLine("\t-i InstanceName \n\t--PermissionNameFilter=PERMISSION\n");
Console.WriteLine("ServerRole:");
Console.WriteLine("\t-i InstanceName \n\t--RoleOwnerFilter=ROLE \n\t--RolePrincipalNameFilter=NAME\n");
Console.WriteLine("ServerRoleMember:");
Console.WriteLine("\t-i InstanceName \n\t--PrincipalNameFilter=NAME\n");
Console.WriteLine("ServiceAccount:");
Console.WriteLine("\t-i InstanceName\n");
Console.WriteLine("Session:");
Console.WriteLine("\t-i InstanceName \n\t--PrincipalNameFilter=NAME\n");
Console.WriteLine("StoredProcedure:");
Console.WriteLine("\t-i InstanceName \n\t--ProcedureNameFilter=NAME \n\t--KeywordFilter=KEYWORD \n\t--AutoExecFilter <Filter fore Auto Exec Stored Procedures>\n");
Console.WriteLine("StoredProcedureAutoExec:");
Console.WriteLine("\t-i InstanceName \n\t--ProcedureNameFilter=NAME \n\t--KeywordFilter=KEYWORD\n");
Console.WriteLine("StoredProcedureCLR:");
Console.WriteLine("\t-i InstanceName \t-d DatabaseName \n\t-n <No Defaults> \n\t-h <Has Access>\n\t-s <Is SysAdmin> \n\t--ShowAllAssemblyFiles <Display all Assemblies>\n");
Console.WriteLine("StoredProcedureXP:");
Console.WriteLine("\t-i InstanceName \t-d DatabaseName \n\t-n <No Defaults> \n\t-h <Has Access>\n\t-s <Is SysAdmin> \n\t--ProcedureNameFilter=NAME\n");
Console.WriteLine("SysAdminCheck:");
Console.WriteLine("\t-i InstanceName\n");
Console.WriteLine("Tables:");
Console.WriteLine("\t-i InstanceName \t-d DatabaseName \n\t-n <No Defaults> \n\t-h <Has Access>\n\t-s <Is SysAdmin>\n");
Console.WriteLine("TriggerDdl:");
Console.WriteLine("\t-i InstanceName \t-d DatabaseName \n\t-n <No Defaults> \n\t-h <Has Access>\n\t-s <Is SysAdmin> \n\t--TriggerNameFilter=TRIGGER\n");
Console.WriteLine("TriggerDml:");
Console.WriteLine("\t-i InstanceName \t-d DatabaseName \n\t-n <No Defaults> \n\t-h <Has Access>\n\t-s <Is SysAdmin> \n\t--TriggerNameFilter=TRIGGER\n");
Console.WriteLine("UncPathInjection:");
Console.WriteLine("\t-i InstanceName \t--UNCPath=\\\\IP\\PATH\n");
Console.WriteLine("View:");
Console.WriteLine("\t-i InstanceName \t-d DatabaseName \n\t-n <No Defaults> \n\t-h <Has Access> \n\t--TableNameFilter=TABLE\n");
return;
}
if (string.IsNullOrWhiteSpace(domainController) && string.IsNullOrEmpty(instance))
{
domainController = Environment.GetEnvironmentVariable("LogonServer").Replace("\\\\", "");
}
if (string.IsNullOrEmpty(module))
{
Console.WriteLine("[-] No module selected (-m || --module)");
return;
}
Console.WriteLine("{0,-40}{1}", "Module", module);
if (!string.IsNullOrEmpty(domainController))
{
Console.WriteLine("{0,-40}{1}", "Domain Controller" + new string('.', 40 - 17), domainController);
}
if (csv)
{
Console.WriteLine("{0,-40}{1}", "CSV Output" + new string('.', 40 - 10), csv);
}
if (!string.IsNullOrEmpty(database))
{
Console.WriteLine("{0,-40}{1}", "Database" + new string('.', 40 - 8), database);
}
if (!string.IsNullOrEmpty(excreds))
{
Console.WriteLine("{0,-40}{1}", "Explicit DB Credentials" + new string('.', 40 - 33), excreds);
}
if (json)
{
Console.WriteLine("{0,-40}{1}", "JSON Output" + new string('.', 40 - 11), json);
}
if (!string.IsNullOrEmpty(excreds))
{
Console.WriteLine("{0,-40}{1}", "Search Filters" + new string('.', 40 - 14), filters);
}
if (!string.IsNullOrEmpty(instance))
{
Console.WriteLine("{0,-40}{1}", "Server Instance" + new string('.', 40 - 15), instance);
}
if (!string.IsNullOrEmpty(list))
{
Console.WriteLine("{0,-40}{1}", "DB Instance Input List" + new string('.', 40 - 30), list);
}
if (nodefaults)
{
Console.WriteLine("{0,-40}{1}", "Skipping Default Databases" + new string('.', 40 - 34), nodefaults);
}
if (!string.IsNullOrEmpty(outputFileName))
{
Console.WriteLine("{0,-40}{1}", "Output file" + new string('.', 40 - 11), outputFileName);
}
if (!string.IsNullOrEmpty(query))
{
Console.WriteLine("{0,-40}{1}", "Query/Command to Execute" + new string('.', 40 - 25), query);
}
if (!string.IsNullOrEmpty(creds))
{
Console.WriteLine("{0,-40}{1}", "LDAP/DB Credentials" + new string('.', 40 - 19), creds);
}
Console.WriteLine(DELIMITER);
if (!string.IsNullOrEmpty(creds))
{
string[] c = creds.Split(':');
string username = c.First();
string password = string.Join("", c.Skip(1).Take(c.Length - 1).ToArray());
Console.WriteLine("Username: {0}", username);
Console.WriteLine("Password: {0}", password);
credentials = new Credentials(username, password);
creds = string.Empty;
username = string.Empty;
password = string.Empty;
}
if (!string.IsNullOrEmpty(database))
{
databases.Add(
new SQLDatabase.Database
{
DatabaseName = database,
Instance = instance,
}
);
}
if (!string.IsNullOrEmpty(instance))
{
SqlInstances i = new SqlInstances
{
ServerInstance = instance,
Server = Misc.ComputerNameFromInstance(instance)
};
instances.Add(i);
}
else if (!string.IsNullOrEmpty(domainController))
{
SQLServers servers = new SQLServers();
servers.SetDomainController(domainController);
if (null == credentials || credentials.IsSqlAccount())
{
servers.Connect(null);
}
else
{
servers.Connect(credentials);
}
if (!servers.Search())
{
return;
}
servers.ParseCollection(true, ref instances);
}
else if (!string.IsNullOrEmpty(list))
{
string path = string.Empty;
try
{
path = Path.GetFullPath(list);
}
catch (Exception ex)
{
Console.WriteLine("Unable to open file");
Console.WriteLine(ex);
return;
}
using (StreamReader sr = new StreamReader(path))
{
string line = string.Empty;
while (null != (line = sr.ReadLine()))
{
if (string.IsNullOrEmpty(line))
{
continue;
}
instances.Add(
new SqlInstances
{
ServerInstance = line,
Server = Misc.ComputerNameFromInstance(line),
User = string.Empty
}
);
}
}
}
else
{
Console.WriteLine("[-] No instances to target");
return;
}
if (!string.IsNullOrEmpty(excreds))
{
string[] c = excreds.Split(':');
string username = c.First();
string password = string.Join("", c.Skip(1).Take(c.Length - 1).ToArray());
Console.WriteLine("Username: {0}", username);
Console.WriteLine("Password: {0}", password);
credentials = new Credentials(username, password);
creds = string.Empty;
username = string.Empty;
password = string.Empty;
}
if (!string.IsNullOrEmpty(outputFileName))
{
output = true;
string path = string.Empty;
try
{
path = Path.GetFullPath(outputFileName);
#if DEBUG
Console.WriteLine(path);
#endif
outputFileStream = new FileStream(path, FileMode.OpenOrCreate);
}
catch (Exception ex)
{
Console.WriteLine("Unable to create file");
Console.WriteLine(ex);
output = false;
}
}
switch (module.ToLower())
{
case "instancedomain":
Console.WriteLine("{0,-30} {1,-40} {2,-10}", "Server", "Instance", "User");
Console.WriteLine("{0,-30} {1,-40} {2,-10}", "======", "========", "====");
break;
default:
break;
}
foreach (var i in instances)
{
switch (module.ToLower())
{
case "agentjob":
_SQLAgentJob(i);
break;
case "assemblyfile":
_SQLAssemblyFile(i);
break;
case "auditdatabasespec":
_SQLAuditDatabaseSpec(i);
break;
case "auditprivautoexecsp":
_SQLAuditPrivAutoExecSp(i);
break;
case "auditprivcreateprocedure":
_SQLAuditPrivCreateProcedure(i);
break;
case "auditprivdbchaining":
_SQLAuditPrivDbChaining(i);
break;
case "auditprivimpersonatelogin":
_SQLAuditPrivImpersonateLogin(i);
break;
case "auditprivserverlink":
_SQLAuditPrivServerLink(i);
break;
case "auditprivtrustworthy":
_SQLAuditPrivTrustworthy(i);
break;
case "auditprivxpdirtree":
_SQLAuditPrivXpDirTree(i);
break;
case "auditprivxpfileexists":
_SQLAuditPrivXpFileExists(i);
break;
case "auditroledbowner":
_SQLAuditRoleDbOwner(i);
break;
case "auditroledbddladmin":
_SQLAuditRoleDBDDLADMIN(i);
break;
case "auditserverspec":
_SQLAuditServerSpec(i);
break;
case "auditispexecuteas":
_SQLAuditSQLiSpExecuteAs(i);
break;
case "auditispsigned":
_SQLAuditSQLiSpSigned(i);
break;
case "column":
_SQLColumn(i);
break;
case "columnsampledata":
_SQLColumnSampleData(i);
break;
case "connection":
_SQLConnection(i);
break;
case "database":
_SQLDatabase(i);
break;
case "databasepriv":
_SQLDatabasePriv(i);
break;
case "databaserole":
_SQLDatabaseRole(i);
break;
case "databaserolemember":
_SQLDatabaseRoleMember(i);
break;
case "databaseschema":
_SQLDatabaseSchema(i);
break;
case "databaseuser":
_SQLDatabaseUser(i);
break;
case "fuzzdatabasename":
_SQLFuzzDatabaseName(i);
break;
case "fuzzdomainaccount":
_SQLFuzzDomainAccount(i);
break;
case "fuzzobjectname":
_SQLFuzzObjectName(i);
break;
case "fuzzserverlogin":
_SQLFuzzServerLogin(i);
break;
case "oledbprovider":
_SQLOleDbProvider(i);
break;
case "oscmd":
_SQLOSCmd(i);
break;
case "oscmdagentjob":
_SQLOSCmdAgentJob(i);
break;
case "oscmdole":
_SQLOSCmdOle(i);
break;
case "oscmdpython":
_SQLOSCmdPython(i);
break;
case "oscmdr":
_SQLOSCmdR(i);
break;
case "query":
_SQLQuery(i);
break;
case "serverconfiguration":
_SQLServerConfiguration(i);
break;
case "servercredential":
_SQLServerCredential(i);
break;
case "serverinfo":
_SQLServerInfo(i);
break;
case "serverlink":
_SQLServerLink(i);
break;
case "serverlinkcrawl":
_SQLServerLinkCrawl(i);
break;
case "serverlogin":
_SQLServerLogin(i);
break;
case "serverdefaultloginpw":
_SQLServerLoginDefaultPw(i);
break;
case "serverpasswordhash":
_SQLServerPasswordHash(i);
break;
case "serverpriv":
_SQLServerPriv(i);
break;
case "serverrole":
_SQLServerRole(i);
break;
case "serverrolemember":
_SQLServerRoleMember(i);
break;
case "serviceaccount":
_SQLServiceAccount(i);
break;
case "session":
_SQLSession(i);
break;
case "storedprocedure":
_SQLStoredProcedure(i);
break;
case "storedprocedureautoexec":
_SQLStoredProcedureAutoExec(i);
break;
case "storedprocedureclr":
_SQLStoredProcedureCLR(i);
break;
case "storedproceduresqli":
_SQLStoredProcedureSQLi(i);
break;
case "storedprocedurexp":
_SQLStoredProcedureXP(i);
break;
case "sysadmincheck":
_SQLSysAdminCheck(i);
break;
case "tables":
_SQLTables(i);
break;
case "triggerddl":
_SQLTriggerDdl(i);
break;
case "triggerdml":
_SQLTriggerDml(i);
break;
case "uncpathinjection":
_SQLUncPathInjection(i);
break;
case "view":
_SQLView(i);
break;
case "instancedomain":
Console.WriteLine("{0,-30} {1,-40} {2,-10}", i.Server, i.ServerInstance, i.User);
break;
default:
Console.WriteLine("[-] Invalid Module");
break;
}
}
switch (module.ToLower())
{
case "connection":
_WriteJSONOutput(connections.ToArray());
break;
default:
break;
}
}
