I would speculate you would look at the MSSql documentation.
MSSQL Authentication Type
How can I when on a test, via backtrack confirm if a MSSQL database is configured for SQL or Windows Authentication. I know it can be done via the windows management studio, but when in server room only have BT4 on a laptop.
Thanks
Re: MSSQL Authentication Type
I would speculate you would look at the MSSql documentation.
To be successful here you should read all of the following.
ForumRules
ForumFAQ
If you are new to Back|Track
Back|Track Wiki
Failure to do so will probably get your threads deleted or worse.
Re: MSSQL Authentication Type
Hi,
Perhaps i'm not explaining myself properly... When asked to carry out a test against a servers or group of servers we are given the ip's (along with authorisation, change control, etc etc) and thats about it. I am aware that its possible to confirm the authentication type if you already have legitimate access to the box, but how can you if you do not?
i.e. rather than waste time trying to brute force sa, if its set to use a Windows account for example.
Any ideas?
Thanks
Re: MSSQL Authentication Type
Setup a test system and compare the authentication responses for each authentication mode - try a successful request and an unsuccessful request for each, check to see if there is any information leakage in the responses. Its quite possible that there may be no obvious difference from that perspective, but if Windows Integrated Authentication is being used and the system is in a Domain you may see some authentication traffic being sent over the network to the Domain controllers from the SQL server. To see this you would of course need to be able to monitor traffic between the SQL server and the Domain controller somehow.
Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".
The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.
Posting Permissions