Penetration Testing mailing list archives
Re: [PEN-TEST] MS00-048 and 'guest' SQL access?
From: Meredith Shaebanyan <MeredithS () pwaor com>
Date: Wed, 20 Sep 2000 11:14:58 +0100
To use guest you already have to have a login. The SQL server allows a user to assume the identity of guest when they have a login to the server, but doesn't have access to the database through their own account, and the database contains a user 'guest'....there's an article about it in SQL Server Books Online that installs with SQL Server (on a default installation). -----Original Message----- From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf Of Loschiavo, Dave Sent: Tuesday, September 19, 2000 10:08 PM To: PEN-TEST () SECURITYFOCUS COM Subject: [PEN-TEST] MS00-048 and 'guest' SQL access? A kind person on this list pointed (shoved) me in the direction to exploit a system via SQL even though I did not have the 'sa' password. I used the vulnerability covered in MS00-048. This attack required a valid connection to one of the databases, but the creator of the software that was relying on the MSDE was kind enough to publish the id and password of their dbo, so I was able to use this attack. I've been digging deeper and running ISS's database scanner against the host (nice product by the way). It's telling me that 'guest' access is enabled on the msdb database. That got me to thinking that perhaps I could take advantage of this vulnerablility even without the dbo id and password for their product's database. However, I can find no way to connect directly to the msdb. Every attempt to autheticate to the SQL service with a username of guest and a null password fails. Is it possible to connect directly to that database as guest with a null password? If it is possible, how can I do this? If it isn't possible, why does the ISS scanner bother reporting it as a problem? Thanks to all!
Current thread:
- [PEN-TEST] MS00-048 and 'guest' SQL access? Loschiavo, Dave (Sep 20)
- Re: [PEN-TEST] MS00-048 and 'guest' SQL access? Meredith Shaebanyan (Sep 20)
- Re: [PEN-TEST] MS00-048 and 'guest' SQL access? iNature - David Martin (Sep 20)
- <Possible follow-ups>
- Re: [PEN-TEST] MS00-048 and 'guest' SQL access? Curphey, Mark (ISS Atlanta) (Sep 20)