Results 1 to 5 of 5

Thread: SQL Server brute forcing?

  1. #1
    Just burned his ISO sl33p's Avatar
    Join Date
    Jan 2010
    Posts
    19

    Exclamation SQL Server brute forcing?

    Hi guys,

    I have a simple but important question.

    I'm performing a pentest to one specific server and discovered with nessus that SQL server is running on the 1433 port. The remote SQL Server version is 9.0.4035.0

    I've tried to connect to it using the default accounts: (sa/'sa' & sa/'blank password'), from a windows box with SQL Client installed but had no success.

    What would you guys recommend as an alternative. I'm thinking about bruteforcing it, but what would be the most appropriate/effective way to do that, considering I've never done it before?

    Also, what application would you recommend? Hydra?

    Thanks for the patience and for the newbie question.
    sl33p

  2. #2
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Write a batch script and use a commandline client to connect.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  3. #3
    Junior Member IAMZOMBIE's Avatar
    Join Date
    Jan 2010
    Posts
    81

    Default

    Quote Originally Posted by thorin View Post
    Write a batch script and use a commandline client to connect.
    Agree. I think that would be the best way to do it.
    Obviously if account lockout in setup for said account, it's not going to work.

  4. #4
    Just burned his ISO sl33p's Avatar
    Join Date
    Jan 2010
    Posts
    19

    Default

    thanks guys, I'll try to do the .bat and run it using SQLCMD.

    As a note, the following example illustrates how to connect to a named instance of the SQL Server using Hostname and PORT number.

    C:\Program Files\Microsoft SQL Server\90\Tools\Binn>
    SQLCMD -Stcp:HOME,7005 -Usa -P********

    *where Home is the hostname, 7005 is the PORT number of the named instance SQLEXPRESS.
    Font: Google

    Guess it's gonna work.
    sl33p

  5. #5
    Good friend of the forums williamc's Avatar
    Join Date
    Feb 2010
    Location
    Chico CA
    Posts
    285

    Default

    You should download sqlping and give it a small username and password dictionary:

    Free Tools

    William

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •