Home page logo

pen-test logo Penetration Testing mailing list archives

Re: MS SQL Server
From: "Jeroen" <jeroen () isvet nl>
Date: Fri, 16 Sep 2005 19:40:30 +0200

xyberpix wrote:

I have been able to
successfully add myself to the local Administrators group, and can
now TS into the box in question. I have absolutely no rights on the
SQL server though, so any pointers here would be greatly appreciated!

Hi xyberpix,

Most of the time, MSSQL-boxes use a "hybrid" authentication model; a
combination of SQL authentication and NT authentication is used. So probably
you can already connect to the database. The easiest ways to check:

- start isql.exe while logged on as an Administrator;
- install and start the MSSQL enterprise manager on _a_ box and connect to
the MSSQL-box you've found using NT credentials. Enterprise manager makes it
possible to view databases, data and to maintain them (backups etc.).

If they use MSSQL authentication only:

- try user SA with a blank password (*lol*);
- run a pwdump on the NT-box and crack the password of the users found
(LC5/rainbowtables). Most of the time found logon names and passwords are
also used on SQL.

Have fun and please let us know how the story ended ;)



Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]