Penetration Testing mailing list archives
Re: SQL Server Scan
From: Kvetch <kvetch () gmail com>
Date: Thu, 23 Jul 2009 15:46:28 -0400
This may not be the easiest or best method but I usually use a script that runs nmap, sqlping and hydra. First I nmap for the standard sql ports (udp 1434) output those results to a file then I use the unix variant of sqlping to sqlping each IP found in the nmap output. I then take that sqlping output and use awk to output the results into files contain IP's that all have an instance running on the same port, so one file containing all IP's running an instance on 1433 and another file contain all IP's running an instance on 1047... I then kick off hydra against those IP's/Ports using a dictionary catered to MSSQL accounts and perhaps user's I pulled in via an AD query. Nick On Thu, Jul 23, 2009 at 6:54 AM, pma111<pmaneedham () hotmail com> wrote:
Does anybody know of any SQL Server Vulnerability Scanner / tools that can be used (SQL Serv 2000)(enumate weak passwords, enumerate the various DB names, enumerate SIDS -- if thats what they are called outside Oracle, identify blank SA passwords, identify the key vulnerabilities etc)... I have the IP of the SQL Server, and can run the testing interally within the Network... Any pointers welcome... I am trying to demonstrate how easy it is to get on a DB on the Server by sitting on the Network, to demonstrate a threat from within... -- View this message in context: http://www.nabble.com/SQL-Server-Scan-tp24623425p24623425.html Sent from the Penetration Testing mailing list archive at Nabble.com. ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- SQL Server Scan pma111 (Jul 23)
- Re: SQL Server Scan daniel svartman (Jul 23)
- Message not available
- Re: SQL Server Scan YEHG Group (Jul 23)
- Message not available
- Re: SQL Server Scan daniel svartman (Jul 23)
- Re: SQL Server Scan Kvetch (Jul 23)
- Re: SQL Server Scan Adriel T. Desautels (Jul 24)
- RE: SQL Server Scan Syed Khaden (Jul 24)
- Re: SQL Server Scan τ∂υƒιφ * (Jul 24)
- Re: SQL Server Scan Robin Wood (Jul 24)