Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [PEN-TEST] SQL Server blank account

From: Marc Maiffret <marc () EEYE COM>
Date: Tue, 29 Aug 2000 10:05:20 +0100
http://www.ntsecurity.nu/toolbox/sqldict/ <-- neato tool for some sql brute
forcing.

and if you luck out then use linsql.c:
http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-08-15&m
sg=200008150352.UAA09523 () user3 hushmail com

Quote from linsql.c:
"Note that these commands
are executed with the privileges of the MSSQL service - usually `NT
Authority\System'.
"
"
 * A simple command-line client for MS SQL server.
 * Designed for executing commands on the underlying operating system rather
than SQL engine.
 * That said, it has the ability to perform SQL queries on the server.
 * Also added file upload system - usually works ;-) if it fails, try again.
 * Setup to login as the user 'sa' with no password by default, although
this can be changed.
"

Signed,
Marc Maiffret
Chief Hacking Officer
eCompany / eEye
T.949.349.9062
F.949.349.9538
http://eEye.com


| -----Original Message-----
| From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf
| Of Seth Georgion
| Sent: Tuesday, August 29, 2000 5:20 PM
| To: PEN-TEST () SECURITYFOCUS COM
| Subject: SQL Server blank account
|
|
| Okay, so here is a question that we've encountered, internally, that seems
| to have been made more relevant by the recent Napster related defacements.
| Specifically, how is it that a hacker can subvert a system, i.e.
| deface web
| pages, change user accounts, on a system with a SQL installation
| and a known
| username and password. For example let's say you have a Windows
| machine with
| an IIS install and a SQL install, given an attacker with a valid,
| administrator SQL username and password how would they be able to take
| control of the server?
|
Previous By Date Next
Previous By Thread Next

Current thread: