Penetration Testing mailing list archives
Re: SQL Server Scan
From: Robin Wood <dninja () gmail com>
Date: Fri, 24 Jul 2009 09:14:34 +0100
2009/7/23 pma111 <pmaneedham () hotmail com>:
Does anybody know of any SQL Server Vulnerability Scanner / tools that can be used (SQL Serv 2000)(enumate weak passwords, enumerate the various DB names, enumerate SIDS -- if thats what they are called outside Oracle, identify blank SA passwords, identify the key vulnerabilities etc)... I have the IP of the SQL Server, and can run the testing interally within the Network... Any pointers welcome... I am trying to demonstrate how easy it is to get on a DB on the Server by sitting on the Network, to demonstrate a threat from within...
Carlos Perez released a set of tools on the PaulDotCom mail list on the 14th July to do exactly this. Look that up. If you can't find it let me know and I can forward the mail. Robin ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- SQL Server Scan pma111 (Jul 23)
- Re: SQL Server Scan daniel svartman (Jul 23)
- Message not available
- Re: SQL Server Scan YEHG Group (Jul 23)
- Message not available
- Re: SQL Server Scan daniel svartman (Jul 23)
- Re: SQL Server Scan Kvetch (Jul 23)
- Re: SQL Server Scan Adriel T. Desautels (Jul 24)
- RE: SQL Server Scan Syed Khaden (Jul 24)
- Re: SQL Server Scan τ∂υƒιφ * (Jul 24)
- Re: SQL Server Scan Robin Wood (Jul 24)