Home page logo
/

pen-test logo Penetration Testing mailing list archives

[PEN-TEST] Have SQL admin account and password... now what?
From: "Loschiavo, Dave" <DLoschiavo () FRCC CC CA US>
Date: Tue, 12 Sep 2000 14:26:38 -0700

I am banging on a product (MambaNT by www.luminate.com) that uses the MSDE
database engine. I have the database admin account and password (which they
kindly supply on their website and leave in plain text in an install log
file).

Is there anything I can do with this now that I have it?

Sorry for such a general question, but I _really_ don't know SQL. I have
looked at RFP's account of breaking wwwthreads and his ODBC and MS SQL
server 6.5 write up, but haven't found a tatic to take. I really don't care
about the info in the database. I want to be able to issue system commands
and use this software to gain unauthorized access to the domain.

This is all internal testing. I'm am neither to young to go jail, nor to
good to get caught, so I don't pen-test others' networks.

Thanks!


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]