Use PowerShell to Security Test SQL Server and SharePoint

By | December 27, 2012

Source: MS Hey, Scripting Guy

by Ed Wilson

sec34In this article “Penetration testing is an important part of improving security in any network environment. A hacker only needs to find a few weaknesses (even one) to compromise important IT systems. An important task for an IT administrator is to identify potential weaknesses and mitigate them.

Penetrating systems is usually achieved by a brute force attack or by exploiting a weakness or misconfiguration in a service. The goal is to acquire permissions to a system. An attacker that does not succeed in a brute force attack could also perform a DOS attack to damage the system.

In this scenario, we will focus on how to brute force SQL Server and web servers by using Windows PowerShell.

Scenario

This scenario is based on a Windows domain environment consisting of three machines:

DC01: domain controller
SRV01: SQL Server and IIS
SP01: SharePoint 2010, SQL Server, and IIS
In addition, we have a client on the same network as the domain; however, the client is not a member of the domain. Each command in this scenario is executed from the client.”

Leave a Reply