From 4e51b443ef41f3bc9d8d70dac5d2ee9f69cd05d7 Mon Sep 17 00:00:00 2001 From: PyroTek3 Date: Mon, 1 Sep 2014 22:21:00 -0400 Subject: [PATCH] Update and rename Discover-MSSQLServers.ps1 to Discover-PSMSSQLServers Functionized and updated based on feedback from @mattifestation. --- ...SSQLServers.ps1 => Discover-PSMSSQLServers | 63 ++++--------------- 1 file changed, 13 insertions(+), 50 deletions(-) rename Discover-MSSQLServers.ps1 => Discover-PSMSSQLServers (76%) diff --git a/Discover-MSSQLServers.ps1 b/Discover-PSMSSQLServers similarity index 76% rename from Discover-MSSQLServers.ps1 rename to Discover-PSMSSQLServers index 607070e..80d2e3f 100644 --- a/Discover-MSSQLServers.ps1 +++ b/Discover-PSMSSQLServers @@ -1,4 +1,4 @@ -function Discover-MSSQLServers.ps1 +function Discover-MSSQLServers { <# @@ -7,13 +7,13 @@ This script is used to discover Microsoft SQL servers without port scanning. SQL discovery in the Active Directory Forest is performed by querying an Active Directory Gloabl Catalog via LDAP. The script can also provide additional computer information such as OS and last bootup time. -PowerSploit Function: Discover-MSSQLServers.ps1 +PowerSploit Function: Discover-MSSQLServers Author: Sean Metcalf, Twitter: @PyroTek3 License: BSD 3-Clause Required Dependencies: None Optional Dependencies: None -Version: 1.1 +Version: 1.5 .DESCRIPTION This script is used to discover Microsoft SQL servers in the Active Directory Forest. @@ -30,16 +30,6 @@ REQUIRES: Active Directory user authentication. Standard user access is fine - a Switch: Displays additional information including Operating System, Last Bootup Time (derived from LastLogonTimeStamp), OS Version, and Description. Operating system properties are populated at first bot-up after joining the domain. -.PARAMETER GroupResults -String: Groups results by provided parameter data. Default is no grouping. -Options available by default: "Domain","ServerName","Port","Instance" -The ExtendedInfo parameter adds the following: "OperatingSystem","OSServicePack","LastBootup","OSVersion","Description" - -.PARAMETER SortResults -String: Sorts results by provided parameter data. Default is "ServerName". -Options available by default: "Domain","ServerName","Port","Instance" -The ExtendedInfo parameter adds the following: "OperatingSystem","OSServicePack","LastBootup","OSVersion","Description" - .EXAMPLE Discover-MSSQLServers Perform Microsoft SQL Server discovery via AD and displays the results in a table. @@ -47,12 +37,6 @@ Perform Microsoft SQL Server discovery via AD and displays the results in a tabl Discover-MSSQLServers -ExtendedInfo Perform Microsoft SQL Server discovery via AD (includes additional computer information) and displays the results in a table. -Discover-MSSQLServers -GroupResults "Domain" -Perform Microsoft SQL Server discovery via AD and displays the results in a table grouped by Domain. - -Discover-MSSQLServers -SortResults "Port" -Perform Microsoft SQL Server discovery via AD and displays the results in a table sorted by Port. - .NOTES This script is used to discover Microsoft SQL servers in the Active Directory Forest and can also provide additional computer information such as OS and last bootup time. @@ -62,15 +46,7 @@ This script is used to discover Microsoft SQL servers in the Active Directory Fo Param ( [Parameter(Position=0)] - [switch] $ExtendedInfo = $True, - - [Parameter(Position=1)] - [ValidateSet("Domain","ServerName","Port","Instance","OperatingSystem","OSServicePack","LastBootup","OSVersion","Description")] - [string] $GroupResults, - - [Parameter(Position=2)] - [ValidateSet("Domain","ServerName","Port","Instance","OperatingSystem","OSServicePack","LastBootup","OSVersion","Description")] - [string] $SortResults = "ServerName" + [switch] $ExtendedInfo = $True ) Write-Verbose "Get current Active Directory domain... " @@ -139,15 +115,15 @@ ForEach ($AllADSQLServerSPNsItem in $AllADSQLServerSPNs) ### Write-Verbose "Loop through the discovered MS SQL SPNs and build the report " ### -$ALLSQLServerReport = $NULL -$AllMSSQLServerFQDNs = $NULL +$ALLSQLServerReport = @() +#$AllMSSQLServerFQDNs = $NULL ForEach ($AllMSSQLSPNsItem in $AllMSSQLSPNHashTable.GetEnumerator()) { $AllMSSQLSPNsItemServerDomainName = $NULL $AllMSSQLSPNsItemServerDomainDN = $NULL $AllMSSQLSPNsItemServerFQDN = $AllMSSQLSPNsItem.Name - [array]$AllMSSQLServerFQDNs += $AllMSSQLSPNsItemServerFQDN + #[array]$AllMSSQLServerFQDNs += $AllMSSQLSPNsItemServerFQDN $AllMSSQLSPNsItemInstancePortArray = ($AllMSSQLSPNsItem.Value) -Split(';') $AllMSSQLSPNsItemServerFQDNArray = $AllMSSQLSPNsItemServerFQDN -Split('\.') @@ -173,7 +149,7 @@ ForEach ($AllMSSQLSPNsItem in $AllMSSQLSPNHashTable.GetEnumerator()) $AllMSSQLSPNsItemServerPort = $NULL $AllMSSQLSPNsItemServerInstance = $NULL - $SQLServerReport = New-Object -TypeName PSObject + $SQLServerReport = New-Object -TypeName System.Object $SQLServerReport | Add-Member -MemberType NoteProperty -Name Domain -Value $AllMSSQLSPNsItemServerDomainName $SQLServerReport | Add-Member -MemberType NoteProperty -Name ServerName -Value $AllMSSQLSPNsItemServerFQDN @@ -194,21 +170,16 @@ ForEach ($AllMSSQLSPNsItem in $AllMSSQLSPNHashTable.GetEnumerator()) $ADComputerSearch.PageSize = 500 $ADComputerSearch.Filter = "(&(objectCategory=Computer)(name=$AllMSSQLSPNsItemServerName))" $ComputerADInfo = $ADComputerSearch.FindAll() - - [string]$ComputerADDescription = ($ComputerADInfo.properties.description) - [string]$ComputerADInfoOperatingSystem = ($ComputerADInfo.properties.operatingsystem) - [string]$ComputerADInfoOperatingSystemServicePack = ($ComputerADInfo.properties.operatingsystemservicepack) - [string]$ComputerADInfoOperatingSystemVersion = ($ComputerADInfo.properties.operatingsystemversion) [string]$ComputerADInfoLastLogonTimestamp = ($ComputerADInfo.properties.lastlogontimestamp) TRY { [datetime]$ComputerADInfoLLT = [datetime]::FromFileTime($ComputerADInfoLastLogonTimestamp) } CATCH { } - $SQLServerReport | Add-Member -MemberType NoteProperty -Name OperatingSystem -Value $ComputerADInfoOperatingSystem - $SQLServerReport | Add-Member -MemberType NoteProperty -Name OSServicePack -Value $ComputerADInfoOperatingSystemServicePack + $SQLServerReport | Add-Member -MemberType NoteProperty -Name OperatingSystem -Value ($ComputerADInfo.properties.operatingsystem) + $SQLServerReport | Add-Member -MemberType NoteProperty -Name OSServicePack -Value ($ComputerADInfo.properties.operatingsystemservicepack) $SQLServerReport | Add-Member -MemberType NoteProperty -Name LastBootup -Value $ComputerADInfoLLT - $SQLServerReport | Add-Member -MemberType NoteProperty -Name OSVersion -Value $ComputerADInfoOperatingSystemVersion - $SQLServerReport | Add-Member -MemberType NoteProperty -Name Description -Value $ComputerADDescription + $SQLServerReport | Add-Member -MemberType NoteProperty -Name OSVersion -Value ($ComputerADInfo.properties.operatingsystemversion) + $SQLServerReport | Add-Member -MemberType NoteProperty -Name Description -Value ($ComputerADInfo.properties.description) } CATCH { Write-Warning "Unable to gather properties for computer $AllMSSQLSPNsItemServerName" } } @@ -217,14 +188,6 @@ ForEach ($AllMSSQLSPNsItem in $AllMSSQLSPNHashTable.GetEnumerator()) } } -IF ($GroupResults) - { $ALLSQLServerReport | Sort-Object $SortResults | Format-Table -GroupBy $GroupResults -AutoSize } - ELSE - { $ALLSQLServerReport | Sort-Object $SortResults | Format-Table -AutoSize } - -$AllMSSQLServerFQDNs = $AllMSSQLServerFQDNs | sort-object -Unique -$AllMSSQLServerFQDNsCount = $AllMSSQLServerFQDNs.Count -Write-Output " " -Write-Output "Discovered $AllMSSQLServerFQDNsCount servers running MS SQL `r " +return $ALLSQLServerReport }