Penetration Testing mailing list archives
RE: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services
From: "Leandro Reox" <lmet5on () fibertel com ar>
Date: Thu, 9 Jun 2005 07:19:29 -0200
Sql inject it's a good practice with web based applications interconnected with databases, especially M$ ;), maybe you can play with some forms at his website. Always suggest a frontend (webserver) backend (db server) structure, db services must not be published ( like your case ) to internet, this is a HUGE risk for the customer. Here is a good paper of Hernan M. Racciatti about SqlInjetct http://www.hernanracciatti.com.ar/papers_and_download.html Hope it helps Cheers -----Original Message----- From: Andres Riancho [mailto:andres.riancho () gmail com] Sent: Wednesday, June 08, 2005 12:42 AM To: Hugo Vinicius Garcia Razera Cc: pen-test () securityfocus com Subject: Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services If they have a web site online , and also a mssql i guess that the web uses some of the database content. I would try some SQL Injection on their site. Cheers, Andres Riancho Hugo Vinicius Garcia Razera wrote:
Hi every one, I'm doing a pen test on a client, and have found that he have a windows 2003 server box on one segment of his public addresses this is his dns/web/mail server: - mssql :1433 - terminal services :3389 - iis 6 :80 - smtp :25 - pop3 :110 - dns : 53 - ftp : filtered ports opened, i logged on the terminal services port whit the winxp remote desktop utility and it connects perfectly. i tried a dictionari atack on mssql server whit the "sa" account and others user names i collected. Hydra from THC was the tool, but no succes on this atack. also tried the tsgrinder for terminal services , but no success. well here come some questions: - What others Usernames should i try for sql and terminal services? i tried whit "sa" for sql and "Administrator" for TS - Any one knows how could i identify what version of sql server is running. - What other services of this host can be exploited? any comments, ideas, suggestions would be greatly appreciated. Hugo Vinicius Garcia Razera
Current thread:
- pen-test on a windows 2003 server box whit MS-SQL and Terminal Services Hugo Vinicius Garcia Razera (Jun 07)
- Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services Kevin Reiter (Jun 07)
- Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services Aaron Oh (Jun 07)
- Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services Chip Andrews (Jun 07)
- Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services Andres Riancho (Jun 07)
- Injecting commands into a mainframe through a servlet Frederic Charpentier (Jun 08)
- RE: Injecting commands into a mainframe through a servlet Jason Muskat (Jun 08)
- RE: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services Leandro Reox (Jun 09)
- Injecting commands into a mainframe through a servlet Frederic Charpentier (Jun 08)
- Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services Tomasz Piotr Palarz (Jun 09)
- Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services Hugo Vinicius Garcia Razera (Jun 10)
- <Possible follow-ups>
- RE: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services Geoff Varosky (Jun 07)
- Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services mike king (Jun 07)
- RE: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services Erik Pace Birkholz (Jun 09)
- RE: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services DUBRAWSKY, IDO (CALLISMA) (Jun 09)
- Message not available
- SQL injection Faisal Khan (Jun 09)
- Re: SQL injection Joel Esler (Jun 09)
- Re: SQL injection ilaiy (Jun 09)
- Re: SQL injection Christian Martorella (Jun 09)
- Message not available