🐚 GTFOBins πŸͺŸ LOLBAS πŸ’Ύ Compiled Binaries 🩸 BloodHound 🩸 bloodyAD πŸ“œ Certipy ☁️ Cloud ⚑ goexec πŸ€– HackTricks πŸ”Œ HardwareATT πŸ“¦ Impacket 🏰 InternalATT πŸ”€ Ligolo-ng 🐱 Mimikatz πŸ’£ msfvenom πŸ”§ NetExec πŸ€– OSAI πŸ’₯ PATT 🍳 Recipes 🎟️ Rubeus 🐍 Sliver
☁️ HackTricks Cloud / Az - Management Groups, Subscriptions & Resource Groups

Az - Management Groups, Subscriptions & Resource Groups

{{#include ../../../banners/hacktricks-training.md}}

Power Apps

Power Apps can connect to on-premises SQL servers, and even if initially unexpected, there is a way to make this conection execute arbitrary SQL queries that could allow attackers to compromise on-prem SQL servers.

This is the recap from the post https://www.ibm.com/think/x-force/abusing-power-apps-compromise-on-prem-servers where you can find a detailed explanation of how to abuse Power Apps to compromise on-prem SQL servers:

  • A user creates an application that uses an on-prem SQL connection and shares it with everyone, either on purpose or inadvertently.
  • An attacker creates a new flow and adds a β€œTransform data with Power Query” action using the existing SQL connection.
  • If the connected user is a SQL admin or has impersonation privileges, or there are any privileged SQL links or cleartext credentials in databases, or you’ve obtained other privileged cleartext credentials, you can now pivot to an on-premises SQL server.

{{#include ../../../banners/hacktricks-training.md}}