Penetration Testing mailing list archives
[PEN-TEST] Have SQL admin account and password... now what?
From: "Loschiavo, Dave" <DLoschiavo () FRCC CC CA US>
Date: Tue, 12 Sep 2000 14:26:38 -0700
I am banging on a product (MambaNT by www.luminate.com) that uses the MSDE database engine. I have the database admin account and password (which they kindly supply on their website and leave in plain text in an install log file). Is there anything I can do with this now that I have it? Sorry for such a general question, but I _really_ don't know SQL. I have looked at RFP's account of breaking wwwthreads and his ODBC and MS SQL server 6.5 write up, but haven't found a tatic to take. I really don't care about the info in the database. I want to be able to issue system commands and use this software to gain unauthorized access to the domain. This is all internal testing. I'm am neither to young to go jail, nor to good to get caught, so I don't pen-test others' networks. Thanks!
Current thread:
- [PEN-TEST] Have SQL admin account and password... now what? Loschiavo, Dave (Sep 12)
- Re: [PEN-TEST] Have SQL admin account and password... now what? Andrew Cogger (Sep 12)
- Re: [PEN-TEST] Have SQL admin account and password... now what? Vitaly McLain (Sep 12)
- [PEN-TEST] Debug command on Sendmail DonSata (ZekSata) (Sep 13)
- Re: [PEN-TEST] Debug command on Sendmail Max Vision (Sep 13)