Re: SQL Server Scan

[daniel svartman <danielsvartman () gmail com>]

You can try the Microsoft Security Analyzer for MSSQL 2000. Plus that,
there are other tools, like sqlping. Also, the MBSA 2.1 test for sa
blank passwords and other stuff.
Hope that helps.


On Thu, Jul 23, 2009 at 7:54 AM, pma111<pmaneedham () hotmail com> wrote:
> Does anybody know of any SQL Server Vulnerability Scanner / tools that can be
> used (SQL Serv 2000)(enumate weak passwords, enumerate the various DB names,
> enumerate SIDS -- if thats what they are called outside Oracle, identify
> blank SA passwords, identify the key vulnerabilities etc)...
>
> I have the IP of the SQL Server, and can run the testing interally within
> the Network...
>
> Any pointers welcome... I am trying to demonstrate how easy it is to get on
> a DB on the Server by sitting on the Network, to demonstrate a threat from
> within...
> --
> View this message in context: http://www.nabble.com/SQL-Server-Scan-tp24623425p24623425.html
> Sent from the Penetration Testing mailing list archive at Nabble.com.
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
> and CEPT certs require a full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------