Penetration Testing mailing list archives
RE: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services
From: "Sash" <swissc () blueyonder co uk>
Date: Wed, 8 Jun 2005 22:08:32 +0100
If it's a 2k3 box running SQL - then you can bet your bottom dollar its SQL 2000 > Sp2 and then some. Check the web app coz unless you have something up your sleeve, not much happening at infrastructure level on that 2k3 box unless as stated before - unless there are some dodgy SA's,POP,tsgrind et al to have fun with. -----Original Message----- From: Chip Andrews [mailto:chip () sqlsecurity com] Sent: 08 June 2005 01:22 To: Hugo Vinicius Garcia Razera Cc: pen-test () securityfocus com Subject: Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services You could also run SQLVer (www.sqlsecurity.com) against the box to see what version of SQL Server is likely running. It detects the current ssnetlib version which is 80% likely the same as the true SQL Server version. If it's old enough, then you can probably find plenty of exploit code (which I will not publish - see Google). (I am assuming from your post that you are authorized for this activity - keep in mind that you can cause a denial of service if you smash the stack) The common passwords I see for sa are: (blank) sa password admin as sysadmin root system manager Chip Andrews, CISSP, MCDBA chip () sqlsecurity com http://www.sqlsecurity.com Hugo Vinicius Garcia Razera wrote:
Hi every one, I'm doing a pen test on a client, and have found that he have a windows 2003 server box on one segment of his public addresses this is his dns/web/mail server: - mssql :1433 - terminal services :3389 - iis 6 :80 - smtp :25 - pop3 :110 - dns : 53 - ftp : filtered ports opened, i logged on the terminal services port whit the winxp remote desktop utility and it connects perfectly. i tried a dictionari atack on mssql server whit the "sa" account and others user names i collected. Hydra from THC was the tool, but no succes on this atack. also tried the tsgrinder for terminal services , but no success. well here come some questions: - What others Usernames should i try for sql and terminal services? i tried whit "sa" for sql and "Administrator" for TS - Any one knows how could i identify what version of sql server is
running.
- What other services of this host can be exploited? any comments, ideas, suggestions would be greatly appreciated. Hugo Vinicius Garcia Razera
Current thread:
- pen-test on a windows 2003 server box whit MS-SQL and Terminal Services Hugo Vinicius Garcia Razera (Jun 07)
- Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services Kevin Reiter (Jun 07)
- Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services Aaron Oh (Jun 07)
- Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services Chip Andrews (Jun 07)
- RE: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services Sash (Jun 08)
- Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services Andres Riancho (Jun 07)
- Injecting commands into a mainframe through a servlet Frederic Charpentier (Jun 08)
- RE: Injecting commands into a mainframe through a servlet Jason Muskat (Jun 08)
- RE: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services Leandro Reox (Jun 09)
- Injecting commands into a mainframe through a servlet Frederic Charpentier (Jun 08)
- Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services Tomasz Piotr Palarz (Jun 09)
- Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services Hugo Vinicius Garcia Razera (Jun 10)
- <Possible follow-ups>
- RE: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services Geoff Varosky (Jun 07)
- Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services mike king (Jun 07)
- RE: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services Erik Pace Birkholz (Jun 09)
- RE: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services DUBRAWSKY, IDO (CALLISMA) (Jun 09)
(Thread continues...)