|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Kvetch (kvetch
gmail.com)
Date: Thu Jul 23 2009 - 14:46:28 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This may not be the easiest or best method but I usually use a script
that runs nmap, sqlping and hydra. First I nmap for the standard sql
ports (udp 1434) output those results to a file then I use the unix
variant of sqlping to sqlping each IP found in the nmap output. I
then take that sqlping output and use awk to output the results into
files contain IP's that all have an instance running on the same port,
so one file containing all IP's running an instance on 1433 and
another file contain all IP's running an instance on 1047... I then
kick off hydra against those IP's/Ports using a dictionary catered to
MSSQL accounts and perhaps user's I pulled in via an AD query.
Nick
On Thu, Jul 23, 2009 at 6:54 AM, pma111<pmaneedhamhotmail.com> wrote:
>
> Does anybody know of any SQL Server Vulnerability Scanner / tools that can be
> used (SQL Serv 2000)(enumate weak passwords, enumerate the various DB names,
> enumerate SIDS -- if thats what they are called outside Oracle, identify
> blank SA passwords, identify the key vulnerabilities etc)...
>
> I have the IP of the SQL Server, and can run the testing interally within
> the Network...
>
> Any pointers welcome... I am trying to demonstrate how easy it is to get on
> a DB on the Server by sitting on the Network, to demonstrate a threat from
> within...
> --
> View this message in context: http://www.nabble.com/SQL-Server-Scan-tp24623425p24623425.html
> Sent from the Penetration Testing mailing list archive at Nabble.com.
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------
>
>
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]