From 606153b890f831e94890ef85793451b28ead0433 Mon Sep 17 00:00:00 2001 From: Jorge Henrique Nunes de Vasconcelos Date: Mon, 4 Feb 2019 14:13:49 -0300 Subject: [PATCH 1/4] Changed function to get the length of Smk and password hash. Fixes #3 --- Get-MSSQLLinkPasswords.psm1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Get-MSSQLLinkPasswords.psm1 b/Get-MSSQLLinkPasswords.psm1 index 2644dd7..513d802 100644 --- a/Get-MSSQLLinkPasswords.psm1 +++ b/Get-MSSQLLinkPasswords.psm1 @@ -71,7 +71,7 @@ function Get-MSSQLLinkPasswords{ if ($Conn.State -eq "Open"){ # Query Service Master Key from the database - remove padding from the key # key_id 102 eq service master key, thumbprint 3 means encrypted with machinekey - $SqlCmd="SELECT substring(crypt_property,9,len(crypt_property)-8) FROM sys.key_encryptions WHERE key_id=102 and (thumbprint=0x03 or thumbprint=0x0300000001)" + $SqlCmd="SELECT substring(crypt_property,9,datalength(crypt_property)-8) FROM sys.key_encryptions WHERE key_id=102 and (thumbprint=0x03 or thumbprint=0x0300000001)" $Cmd = New-Object System.Data.SqlClient.SqlCommand($SqlCmd,$Conn); $SmkBytes=$Cmd.ExecuteScalar() @@ -97,7 +97,7 @@ function Get-MSSQLLinkPasswords{ # Remove header from pwdhash, extract IV (as iv) and ciphertext (as pass) # Ignore links with blank credentials (integrated auth ?) $SqlCmd = "SELECT sysservers.srvname,syslnklgns.name,substring(syslnklgns.pwdhash,5,$ivlen) iv,substring(syslnklgns.pwdhash,$($ivlen+5), - len(syslnklgns.pwdhash)-$($ivlen+4)) pass FROM master.sys.syslnklgns inner join master.sys.sysservers on syslnklgns.srvid=sysservers.srvid WHERE len(pwdhash)>0" + datalength(syslnklgns.pwdhash)-$($ivlen+4)) pass FROM master.sys.syslnklgns inner join master.sys.sysservers on syslnklgns.srvid=sysservers.srvid WHERE datalength(pwdhash)>0" $Cmd = New-Object System.Data.SqlClient.SqlCommand($SqlCmd,$Conn); $Data=$Cmd.ExecuteReader() $Dt = New-Object "System.Data.DataTable" From 0dc0ba60309a63fe36e640ba060b272ab01f3f0e Mon Sep 17 00:00:00 2001 From: Jorge Henrique Nunes de Vasconcelos Date: Mon, 4 Feb 2019 14:14:54 -0300 Subject: [PATCH 2/4] Included reference to master database on sys.key_encryptions. Fixes #7 --- Get-MSSQLLinkPasswords.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Get-MSSQLLinkPasswords.psm1 b/Get-MSSQLLinkPasswords.psm1 index 513d802..0fb4be6 100644 --- a/Get-MSSQLLinkPasswords.psm1 +++ b/Get-MSSQLLinkPasswords.psm1 @@ -71,7 +71,7 @@ function Get-MSSQLLinkPasswords{ if ($Conn.State -eq "Open"){ # Query Service Master Key from the database - remove padding from the key # key_id 102 eq service master key, thumbprint 3 means encrypted with machinekey - $SqlCmd="SELECT substring(crypt_property,9,datalength(crypt_property)-8) FROM sys.key_encryptions WHERE key_id=102 and (thumbprint=0x03 or thumbprint=0x0300000001)" + $SqlCmd="SELECT substring(crypt_property,9,datalength(crypt_property)-8) FROM master.sys.key_encryptions WHERE key_id=102 and (thumbprint=0x03 or thumbprint=0x0300000001)" $Cmd = New-Object System.Data.SqlClient.SqlCommand($SqlCmd,$Conn); $SmkBytes=$Cmd.ExecuteScalar() From 73ef5017c27f203fc2c494062bc430c0970614f6 Mon Sep 17 00:00:00 2001 From: Jorge Henrique Nunes de Vasconcelos Date: Mon, 4 Feb 2019 14:23:33 -0300 Subject: [PATCH 3/4] Changed how instances are identified to work also on clusters. Fixes #4 --- Get-MSSQLLinkPasswords.psm1 | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/Get-MSSQLLinkPasswords.psm1 b/Get-MSSQLLinkPasswords.psm1 index 0fb4be6..1177f63 100644 --- a/Get-MSSQLLinkPasswords.psm1 +++ b/Get-MSSQLLinkPasswords.psm1 @@ -52,7 +52,15 @@ function Get-MSSQLLinkPasswords{ $Results.Columns.Add("Password") | Out-Null foreach ($InstanceName in $SqlInstances) { - + $ClusterName = '' + # When this instance is running on a Cluster + $InstanceRegistry = (Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Microsoft SQL Server\Instance Names\SQL" -Name $InstanceName -ErrorAction SilentlyContinue).$InstanceName + if($InstanceRegistry -ne '') { + $ClusterName = (Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Microsoft SQL Server\$InstanceRegistry\Cluster" -Name ClusterName -ErrorAction SilentlyContinue).ClusterName + if($null -ne $ClusterName) { + $ComputerName = $ClusterName + } + } # Start DAC connection to SQL Server # Default instance MSSQLSERVER -> instance name cannot be used in connection string if ($InstanceName -eq "MSSQLSERVER") { @@ -68,7 +76,18 @@ function Get-MSSQLLinkPasswords{ Write-Error "Error creating DAC connection: $_.Exception.Message" Continue } - if ($Conn.State -eq "Open"){ + if ($Conn.State -eq "Open") { + # When on a cluster, checks if the code is running on the same node as the instance + if($ClusterName -ne '') { + $SqlCmd = "SELECT ISNULL(SERVERPROPERTY('ComputerNamePhysicalNetBIOS'),'$Env:computername')" + $Cmd = New-Object System.Data.SqlClient.SqlCommand($SqlCmd, $Conn); + $ComputerNamePhysicalNetBIOS = $Cmd.ExecuteScalar() + $ThisNode = $Env:computername + if($ComputerNamePhysicalNetBIOS -ne $ThisNode) { + $Conn.Close(); + Continue + } + } # Query Service Master Key from the database - remove padding from the key # key_id 102 eq service master key, thumbprint 3 means encrypted with machinekey $SqlCmd="SELECT substring(crypt_property,9,datalength(crypt_property)-8) FROM master.sys.key_encryptions WHERE key_id=102 and (thumbprint=0x03 or thumbprint=0x0300000001)" From 0bcb76523dc87b557e3b8c8f03aed79c0a865971 Mon Sep 17 00:00:00 2001 From: Jorge Henrique Nunes de Vasconcelos Date: Mon, 4 Feb 2019 15:02:16 -0300 Subject: [PATCH 4/4] Changed output for connection errors and no instances found --- Get-MSSQLLinkPasswords.psm1 | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/Get-MSSQLLinkPasswords.psm1 b/Get-MSSQLLinkPasswords.psm1 index 1177f63..f5b46d1 100644 --- a/Get-MSSQLLinkPasswords.psm1 +++ b/Get-MSSQLLinkPasswords.psm1 @@ -43,8 +43,10 @@ function Get-MSSQLLinkPasswords{ # Set local computername and get all SQL Server instances $ComputerName = $Env:computername - $SqlInstances = (Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Microsoft SQL Server' -Name InstalledInstances).InstalledInstances - + $SqlInstances = (Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Microsoft SQL Server' -Name InstalledInstances -ErrorAction SilentlyContinue).InstalledInstances + if($null -eq $SqlInstances) { + Write-Output "`nNo instances were found on [$ComputerName]`n" + } $Results = New-Object "System.Data.DataTable" $Results.Columns.Add("Instance") | Out-Null $Results.Columns.Add("Linkserver") | Out-Null @@ -73,7 +75,9 @@ function Get-MSSQLLinkPasswords{ Try{$Conn.Open();} Catch{ - Write-Error "Error creating DAC connection: $_.Exception.Message" + $errorMessage = "Error creating DAC connection:`n "+$_.Exception.Message + $errorMessage = $errorMessage + "`nAttemped to connect using`n$ConnString`n" + Write-Error -Category ConnectionError $errorMessage Continue } if ($Conn.State -eq "Open") {