|
Penetration Testing
mailing list archives
[PEN-TEST] Hacking a server through SQL SERVER 7
From: FiC <fic () TOPFUTBOL COM>
Date: Tue, 23 Jan 2001 11:43:58 +0100
Hi all. I've noticed that a lot of people out there don't worry about the
default sa login in SQL SERVER. So i've connected through my SQL Enterprise
Manager to such unprotected servers using the sa login and a blank password.
Once connected, in the Security ->Login folder, I can see the NT
administrator login and the NT administrator group. The question is.... ¿What
else information can I get from that server? ¿Is there anyway to get the NT
administrator's password?
In the Management->Backup folder I can see every folder and file in the
remote drives. Can I get/upload a file in the server?
How can I finally penetrate the server once I've connected as 'sa' to their
SQL SERVER?
Thanx a lot.
--
~/ FiC /~
 By Date 
By Thread
Current thread:
- [PEN-TEST] Hacking a server through SQL SERVER 7 FiC (Jan 23)
|
Intro
