Indeed.
Running strings against sqldict.exe produces:
<snip>
BitBlt
CreateCompatibleDC
CreateDIBitmap
Login failed
squelda 1.0
Sorry, couldn't find the password for user "%s".
Trying user "%s" with password "%s"...
Error: The file read failed!
Terminated on request.
Error: That dictionary file doesn't exist!
The user "%s" has the password "%s".
The user "%s" has blank password!
The server could not be reached.
No password file selected.
Missing target account.
<snip>
Thanks..
On Mon, Dec 02, 2002 at 08:53:24AM -0500, Joe Stewart wrote:
> On Friday 29 November 2002 12:35 am, John Sage wrote:
> > Seen this exact tool once before, back in August, reference:
> >
> > http://cert.uni-stuttgart.de/archive/intrusions/2002/08/msg00200.html
>
> The brute-force MSSQL attacks in this probe with the "squelda" reference
> were generated by sqldict: http://ntsecurity.nu/toolbox/sqldict/
>
> -Joe
>
> --
> Joe Stewart <jstewart_at_lurhq.com>
> Senior Information Security Analyst
> -----------------------------------------
> "24x7 Enterprise Security Monitoring"
> LURHQ Corporation http://www.lurhq.com/
- John
--
NEWS FLASH: Lowest common denominator continues to plummet
PGP key: http://www.finchhaven.com/pages/gpg_pubkey.html
Fingerprint: C493 9F26 05A9 6497 9800 4EF6 5FC8 F23D 35A4 F705
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
Received on Dec 04 2002
Intro
