SQLAT is a suite of tools which could be usefull for pentesting a MS SQL Server. The tools are still in development but tend to be quite stable. The tools do dictionary attacks, upload files, read registry and dump the SAM. They do this by wrapping extended stored procedures. There is also a tool for doing a minimal analysis of a SQL Server with output as HTML. You need to be ‘sa’ to run some of the tools, but this usually isn’t a problem.


The tool temporarily restores the xp_cmdshell if it is removed and the dll is still left on the system.


SQLAT is based on the freetds library and as of version 1.0.6 supports NTLM integrated login. It does not do named pipes yet.

Requires
FreeTDS FreeTDS.org
Pwdump2 http://razor.bindview.com/tools/files/pwdump2.zip

Changes
1.0.6 -> Applied patches from Eric Augustus + altered code in order to work with freetds 0.62.x
1.1.0 -> Applied even more patches from Eric Augustus + made some minor changes


Download sqlat-src-1.1.0.tar.gz