Penetration Testing mailing list archives
Re: SQL Server Scan
From: "Adriel T. Desautels" <ad_lists () netragard com>
Date: Thu, 23 Jul 2009 21:42:12 -0400
If you are looking for an automated way to do it then take a look at: http://www.appsecinc.com/ IMHO they offer the best bang for the buck so to speak.Else, do it manually. If you know what you are doing manual > automated.
On Jul 23, 2009, at 6:54 AM, pma111 wrote:
Does anybody know of any SQL Server Vulnerability Scanner / tools that can be used (SQL Serv 2000)(enumate weak passwords, enumerate the various DB names, enumerate SIDS -- if thats what they are called outside Oracle, identifyblank SA passwords, identify the key vulnerabilities etc)...I have the IP of the SQL Server, and can run the testing interally withinthe Network...Any pointers welcome... I am trying to demonstrate how easy it is to get on a DB on the Server by sitting on the Network, to demonstrate a threat fromwithin... -- View this message in context: http://www.nabble.com/SQL-Server-Scan-tp24623425p24623425.html Sent from the Penetration Testing mailing list archive at Nabble.com. ------------------------------------------------------------------------This list is sponsored by: Information Assurance Certification Review BoardProve to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.http://www.iacertification.org ------------------------------------------------------------------------
Adriel T. Desautels ad_lists () netragard com -------------------------------------- Subscribe to our blog http://snosoft.blogspot.com ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review BoardProve to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- SQL Server Scan pma111 (Jul 23)
- Re: SQL Server Scan daniel svartman (Jul 23)
- Message not available
- Re: SQL Server Scan YEHG Group (Jul 23)
- Message not available
- Re: SQL Server Scan daniel svartman (Jul 23)
- Re: SQL Server Scan Kvetch (Jul 23)
- Re: SQL Server Scan Adriel T. Desautels (Jul 24)
- RE: SQL Server Scan Syed Khaden (Jul 24)
- Re: SQL Server Scan τ∂υƒιφ * (Jul 24)
- Re: SQL Server Scan Robin Wood (Jul 24)