v3.8

• Added logic to support the execution of CLR assemblies on SQL Server 2016 and below. This is for the clr module. Execution supported in all contexts.
• Added logic to load a LDAP server CLR assembly on SQL Server 2016 and below. This is for the adsi module. Execution supported in all contexts.
• Updated README.
• Updated Wiki.

v3.7

v3.7

• Complete refactor of code base.
• Updated documentation (code comments, README, and wiki)
• Execution against a linked SQL server chain. For example, if SQL01 has a link to SQL02, and SQL02, has a link to SQL03, and SQL03, has a link to PAYMENTS01. It is now possible to execute commands from SQL01 on PAYMENTS01 using the linked server chain (/link:SQL02,SQL03,PAYMENTS01 /chain). Credit to Azael Martin (n3rada).
• Removed 'l' and 'i' modules, and introduced context logic so module names can be the same across standard, impersonation, linked and chained execution.
• Added chain support to all linked modules.
• Added support for debug (/debug), which will display various debugging information and all SQL queries that will be executed by a module, without executing them.
• Added verbose (/verbose, /v), which will display all SQL queries that will be executed during module execution.
• Added timeout (/timeout, /t), which takes an integer value for SQL server database connection timeout.
• Improved links module to include detailed information. Credit to Azael Martin (n3rada).
• Improved whoami module to include Windows principals and database users. Credit to Azael Martin (n3rada).
• Improved impersonation module to include Windows principals and database users. Credit to Azael Martin (n3rada).
• Added IP address retrieval into the sqlspns enumeration module. Credit to Azael Martin (n3rada).
• Standardized console output to markdown where applicable. Credit to Azael Martin (n3rada).
• Added DNS support to /enum:info module.
• Added optional /subsystem argument to the olecmdexec module, which accepts execution using the CmdExec or PowerShell OLE automation subsystems.
• Updated test harnesses to reflect CLI changes and new modules.
• Changed AzureAD authentication to EntraID.

v3.6

• Execution against multiple SQL servers supplied in the /host or /h flag is now supported using comma separated values.
• Execution against multiple linked SQL servers supplied in the /link or /l flag is now supported using comma separated values.
• Changed /lhost to /link.
• Removed 's' modules and created the /s, /sccm switch for SCCM modules.
• Added impersonation support to all SCCM modules, with the exception of DecryptCredentials.
• Added a new enumeration (/enum) module called info which is able to used an unauthenticated context to obtain SQL server information, including instance name and TCP port using the UDP protocol.
• Moved argument logic into individual methods within ModuleHandler.cs to promote simplification and extensibility.
• Moved all SQL queries to Queries.cs.
• Created EnumerationModules.cs.
• Created FormatQuery.cs.
• Created SccmModules.cs.
• Renamed ModuleHandler.cs to SqlModules.cs.

v3.5

• Bug fix where linked adsi execution was not removing the LDAP server.
• Removed agent job execution from linked adsi, in favor of openquery/rpc.
• Changed /lhost to /adsi in in adsi module.
• Changed /rhost to /unc in smb module.
• Removed CaptureHash.cs and simplified logic.
• Removed SetEnumerationType.cs and simplified logic.
• Renamed Impersonation.cs to Impersonate.cs.
• Renamed OleCmdExec.cs to OleAutomation.cs.
• Renamed PrintUtils.cs to Print.cs.
• Renamed SQLServerInfo.cs to Info.cs.

v3.4

• Added impersonation support for smb module.
• Added impersonation support for info module.
• Added linked support for info module.

v3.3

Black Hat 2023 Release

v2.2.2

Fixed checking RPC status on linked SQL servers.

v2.2.1

Added the capability to download .NET assemblies via HTTP/S (thank you @passthehashbrowns)

v2.2

• Expanded roles which are queried in the roles, iroles and lroles modules
• Created users, iusers and lusers modules
• Fixed hash not being dropped from sp_drop_trusted_assembly in clr and iclr modules (thank you @passthehashbrowns)
• Created lagentcmd module (thank you @passthehashbrowns)
• Created lclr module (thank you @passthehashbrowns)

v2.1.6

@rasta-mouse's inclusion of an info module. Thanks!

2.1.5

@rasta-mouse's inclusion of enumerating Active Directory for MSSQL SPNs

v.2.1.4

• Fixed minor string formatting issue.

v2.1.3

• Added '-r' flag into Windows and Local authentication modes so that non-standard TCP ports can be supplied.