Home page logo

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] MS00-048 and 'guest' SQL access?
From: iNature - David Martin <david () INATURE COM AU>
Date: Sun, 21 Sep 1997 09:39:45 +0800

have you considered this a false positive ?

I wont tell you how many times I've used a pwd cracker
against one of my servers and come up with false positives
and the funny thing is everytime i ran it , it said the
password was somthing diffrent and the reason i know is
becuase it was my account on my server !

-----Original Message-----
From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf
Of Loschiavo, Dave
Sent: Wednesday, September 20, 2000 5:08 AM
Subject: [PEN-TEST] MS00-048 and 'guest' SQL access?

A kind person on this list pointed (shoved) me in the direction to exploit a
system via SQL even though I did not have the 'sa' password. I used the
vulnerability covered in MS00-048. This attack required a valid connection
to one of the databases, but the creator of the software that was relying on
the MSDE was kind enough to publish the id and password of their dbo, so I
was able to use this attack.

I've been digging deeper and running ISS's database scanner against the host
(nice product by the way). It's telling me that 'guest' access is enabled on
the msdb database.

That got me to thinking that perhaps I could take advantage of this
vulnerablility even without the dbo id and password for their product's
database. However, I can find no way to connect directly to the msdb. Every
attempt to autheticate to the SQL service with a username of guest and a
null password fails.

Is it possible to connect directly to that database as guest with a null
password? If it is possible, how can I do this? If it isn't possible, why
does the ISS scanner bother reporting it as a problem?

Thanks to all!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]