Skip to content

Commit 469cb40

Browse files
author
Alexander
authored
Merge pull request NetSPI#23 from 0xbadjuju/master
Adding the Ability to Include IP Address Restrictions
2 parents 4e1a1eb + 6f978ff commit 469cb40

1 file changed

Lines changed: 135 additions & 9 deletions

File tree

PowerUpSQL.ps1

Lines changed: 135 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -263,6 +263,16 @@ Function Get-SQLConnectionTest
263263
HelpMessage = 'SQL Server instance to connection to.')]
264264
[string]$Instance,
265265

266+
[Parameter(Mandatory = $false,
267+
ValueFromPipeline = $true,
268+
ValueFromPipelineByPropertyName = $true,
269+
HelpMessage = 'IP Address of SQL Server.')]
270+
[string]$IPAddress,
271+
272+
[Parameter(Mandatory = $false,
273+
HelpMessage = 'IP Address Range In CIDR Format to Audit.')]
274+
[string]$IPRange,
275+
266276
[Parameter(Mandatory = $false,
267277
HelpMessage = 'Connect using Dedicated Admin Connection.')]
268278
[Switch]$DAC,
@@ -291,14 +301,43 @@ Function Get-SQLConnectionTest
291301

292302
Process
293303
{
294-
# Parse computer name from the instance
295-
$ComputerName = Get-ComputerNameFromInstance -Instance $Instance
296-
297304
# Default connection to local default instance
298305
if(-not $Instance)
299306
{
300307
$Instance = $env:COMPUTERNAME
301308
}
309+
# Split Demarkation Start ^
310+
# Parse computer name from the instance
311+
$ComputerName = Get-ComputerNameFromInstance -Instance $Instance
312+
313+
if($IPRange -and $IPAddress)
314+
{
315+
if ($IPAddress.Contains(","))
316+
{
317+
$ContainsValid = $false
318+
foreach ($IP in $IPAddress.Split(","))
319+
{
320+
if($(Test-Subnet -cidr $IPRange -ip $IP))
321+
{
322+
$ContainsValid = $true
323+
}
324+
}
325+
if (-not $ContainsValid)
326+
{
327+
Write-Warning "Skipping $ComputerName ($IPAddress)"
328+
$null = $TblResults.Rows.Add("$ComputerName","$Instance",'Out of Scope')
329+
return
330+
}
331+
}
332+
333+
if(-not $(Test-Subnet -cidr $IPRange -ip $IPAddress))
334+
{
335+
Write-Warning "Skipping $ComputerName ($IPAddress)"
336+
$null = $TblResults.Rows.Add("$ComputerName","$Instance",'Out of Scope')
337+
return
338+
}
339+
Write-Verbose "$ComputerName ($IPAddress)"
340+
}
302341

303342
# Setup DAC string
304343
if($DAC)
@@ -410,6 +449,16 @@ Function Get-SQLConnectionTestThreaded
410449
HelpMessage = 'SQL Server instance to connection to.')]
411450
[string]$Instance,
412451

452+
[Parameter(Mandatory = $false,
453+
ValueFromPipeline = $true,
454+
ValueFromPipelineByPropertyName = $true,
455+
HelpMessage = 'IP Address of SQL Server.')]
456+
[string]$IPAddress,
457+
458+
[Parameter(Mandatory = $false,
459+
HelpMessage = 'IP Address Range In CIDR Format to Audit.')]
460+
[string]$IPRange,
461+
413462
[Parameter(Mandatory = $false,
414463
HelpMessage = 'Connect using Dedicated Admin Connection.')]
415464
[Switch]$DAC,
@@ -452,10 +501,15 @@ Function Get-SQLConnectionTestThreaded
452501
if($Instance)
453502
{
454503
$ProvideInstance = New-Object -TypeName PSObject -Property @{
455-
Instance = $Instance
504+
Instance = $Instance;
456505
}
457506
}
458507

508+
if($Instance -and $IPAddress)
509+
{
510+
$ProvideInstance | Add-Member -Name "IPAddress" -Value $IPAddress
511+
}
512+
459513
# Add instance to instance list
460514
$PipelineItems = $PipelineItems + $ProvideInstance
461515
}
@@ -472,10 +526,40 @@ Function Get-SQLConnectionTestThreaded
472526
$MyScriptBlock = {
473527
# Setup instance
474528
$Instance = $_.Instance
529+
$IPAddress = $_.IPAddress
475530

476531
# Parse computer name from the instance
477532
$ComputerName = Get-ComputerNameFromInstance -Instance $Instance
478533

534+
if($IPRange -and $IPAddress)
535+
{
536+
if ($IPAddress.Contains(","))
537+
{
538+
$ContainsValid = $false
539+
foreach ($IP in $IPAddress.Split(","))
540+
{
541+
if($(Test-Subnet -cidr $IPRange -ip $IP))
542+
{
543+
$ContainsValid = $true
544+
}
545+
}
546+
if (-not $ContainsValid)
547+
{
548+
Write-Warning "Skipping $ComputerName ($IPAddress)"
549+
$null = $TblResults.Rows.Add("$ComputerName","$Instance",'Out of Scope')
550+
return
551+
}
552+
}
553+
554+
if(-not $(Test-Subnet -cidr $IPRange -ip $IPAddress))
555+
{
556+
Write-Warning "Skipping $ComputerName ($IPAddress)"
557+
$null = $TblResults.Rows.Add("$ComputerName","$Instance",'Out of Scope')
558+
return
559+
}
560+
Write-Verbose "$ComputerName ($IPAddress)"
561+
}
562+
479563
# Setup DAC string
480564
if($DAC)
481565
{
@@ -15660,6 +15744,11 @@ Function Get-SQLInstanceDomain
1566015744
HelpMessage = 'Performs UDP scan of servers managing SQL Server clusters.')]
1566115745
[switch]$CheckMgmt,
1566215746

15747+
[Parameter(Mandatory = $false,
15748+
ValueFromPipelineByPropertyName = $true,
15749+
HelpMessage = 'Preforms a DNS lookup on the instance.')]
15750+
[switch]$IncludeIP,
15751+
1566315752
[Parameter(Mandatory = $false,
1566415753
ValueFromPipelineByPropertyName = $true,
1566515754
HelpMessage = 'Timeout in seconds for UDP scans of management servers. Longer timeout = more accurate.')]
@@ -15680,6 +15769,10 @@ Function Get-SQLInstanceDomain
1568015769
$null = $TblSQLServerSpns.Columns.Add('LastLogon')
1568115770
$null = $TblSQLServerSpns.Columns.Add('Description')
1568215771

15772+
if($IncludeIP)
15773+
{
15774+
$null = $TblSQLServerSpns.Columns.Add('IPAddress')
15775+
}
1568315776
# Table for UDP scan results of management servers
1568415777
}
1568515778

@@ -15713,17 +15806,35 @@ Function Get-SQLInstanceDomain
1571315806

1571415807
$SpnServerInstance = $SpnServerInstance -replace 'MSSQLSvc/', ''
1571515808

15716-
# Add SQL Server spn to table
15717-
$null = $TblSQLServerSpns.Rows.Add(
15718-
[string]$_.ComputerName,
15809+
$TableRow = @([string]$_.ComputerName,
1571915810
[string]$SpnServerInstance,
1572015811
$_.UserSid,
1572115812
[string]$_.User,
1572215813
[string]$_.Usercn,
1572315814
[string]$_.Service,
1572415815
[string]$_.Spn,
1572515816
$_.LastLogon,
15726-
[string]$_.Description)
15817+
[string]$_.Description)
15818+
15819+
if($IncludeIP)
15820+
{
15821+
try
15822+
{
15823+
$IPAddress = [Net.DNS]::GetHostAddresses([String]$_.ComputerName).IPAddressToString
15824+
if($IPAddress -is [Object[]])
15825+
{
15826+
$IPAddress = $IPAddress -join ", "
15827+
}
15828+
}
15829+
catch
15830+
{
15831+
$IPAddress = "0.0.0.0"
15832+
}
15833+
$TableRow += $IPAddress
15834+
}
15835+
15836+
# Add SQL Server spn to table
15837+
$null = $TblSQLServerSpns.Rows.Add($TableRow)
1572715838
}
1572815839

1572915840
# Enumerate SQL Server instances from management servers
@@ -25109,6 +25220,22 @@ function Invoke-Parallel
2510925220
}
2511025221

2511125222

25223+
# Source: http://www.padisetty.com/2014/05/powershell-bit-manipulation-and-network.html
25224+
# Notes: Changed name from checkSubnet to Test-Subnet (Approved Verbs)
25225+
function Test-Subnet ([string]$cidr, [string]$ip)
25226+
{
25227+
$network, [int]$subnetlen = $cidr.Split('/')
25228+
$a = [uint32[]]$network.split('.')
25229+
[uint32] $unetwork = ($a[0] -shl 24) + ($a[1] -shl 16) + ($a[2] -shl 8) + $a[3]
25230+
25231+
$mask = (-bnot [uint32]0) -shl (32 - $subnetlen)
25232+
25233+
$a = [uint32[]]$ip.split('.')
25234+
[uint32] $uip = ($a[0] -shl 24) + ($a[1] -shl 16) + ($a[2] -shl 8) + $a[3]
25235+
25236+
$unetwork -eq ($mask -band $uip)
25237+
}
25238+
2511225239

2511325240
#endregion
2511425241

@@ -25964,7 +26091,6 @@ Function Invoke-SQLDumpInfo
2596426091

2596526092
Write-Verbose -Message "$Instance - END"
2596626093
}
25967-
2596826094
End
2596926095
{
2597026096
}

0 commit comments

Comments
 (0)