Penetration Testing mailing list archives
[PEN-TEST] Hacking a server through SQL SERVER 7
From: FiC <fic () TOPFUTBOL COM>
Date: Tue, 23 Jan 2001 11:43:58 +0100
Hi all. I've noticed that a lot of people out there don't worry about the default sa login in SQL SERVER. So i've connected through my SQL Enterprise Manager to such unprotected servers using the sa login and a blank password. Once connected, in the Security ->Login folder, I can see the NT administrator login and the NT administrator group. The question is.... ¿What else information can I get from that server? ¿Is there anyway to get the NT administrator's password? In the Management->Backup folder I can see every folder and file in the remote drives. Can I get/upload a file in the server? How can I finally penetrate the server once I've connected as 'sa' to their SQL SERVER? Thanx a lot. -- ~/ FiC /~
Current thread:
- [PEN-TEST] Hacking a server through SQL SERVER 7 FiC (Jan 23)
- Re: [PEN-TEST] Hacking a server through SQL SERVER 7 Aaron C. Newman (Jan 23)
- <Possible follow-ups>
- Re: [PEN-TEST] Hacking a server through SQL SERVER 7 Derrick K. Bennett (Jan 23)
- Re: [PEN-TEST] Hacking a server through SQL SERVER 7 H D Moore (Jan 23)
- Re: [PEN-TEST] Hacking a server through SQL SERVER 7 FiC (Jan 25)
- Re: [PEN-TEST] Hacking a server through SQL SERVER 7 Attonbitus Deus (Jan 25)
- Re: [PEN-TEST] Hacking a server through SQL SERVER 7 Aaron C. Newman (Jan 25)
- Re: [PEN-TEST] Hacking a server through SQL SERVER 7 MadHat (Jan 25)
- Re: [PEN-TEST] Hacking a server through SQL SERVER 7 FiC (Jan 25)
- Re: [PEN-TEST] Hacking a server through SQL SERVER 7 Brentlinger, Mike (ISS eServices) (Jan 25)
- Re: [PEN-TEST] Hacking a server through SQL SERVER 7 Frank Knobbe (Jan 25)