First let’s import the PowerUpSQL Script

powershell-import C:\\Tools\\PowerUpSQL\\PowerUpSQL.ps1

Now let’s Enumerate the Instance.

powershell Get-SQLInstanceDomain

Now let’s test the connectivity.

powershell Get-SQLConnectionTest -Instance "sql-2.dev.cyberbotic.io,1433" | fl

We have access to SQL-2

Now let’s get some information about the system.

powershell Get-SQLServerInfo -Instance "sql-2.dev.cyberbotic.io,1433"

Now let’s see the accessable servers

powershell Get-SQLInstanceDomain | Get-SQLConnectionTest | ? { $_.Status -eq "Accessible" } | Get-SQLServerInfo

we didn’t get much so let’s continue.

Now let’s search for group members that have access to MSSQL.

powershell Get-DomainGroup -Identity *SQL* | % { Get-DomainGroupMember -Identity $_.distinguishedname | select groupname, membername }