Results 1 to 4 of 4

Thread: MSSQL Authentication Type

  1. #1
    Just burned his ISO
    Join Date
    Apr 2008
    Posts
    5

    Question MSSQL Authentication Type

    How can I when on a test, via backtrack confirm if a MSSQL database is configured for SQL or Windows Authentication. I know it can be done via the windows management studio, but when in server room only have BT4 on a laptop.

    Thanks

  2. #2
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default Re: MSSQL Authentication Type

    I would speculate you would look at the MSSql documentation.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  3. #3
    Just burned his ISO
    Join Date
    Apr 2008
    Posts
    5

    Default Re: MSSQL Authentication Type

    Hi,

    Perhaps i'm not explaining myself properly... When asked to carry out a test against a servers or group of servers we are given the ip's (along with authorisation, change control, etc etc) and thats about it. I am aware that its possible to confirm the authentication type if you already have legitimate access to the box, but how can you if you do not?

    i.e. rather than waste time trying to brute force sa, if its set to use a Windows account for example.

    Any ideas?

    Thanks

  4. #4
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default Re: MSSQL Authentication Type

    Setup a test system and compare the authentication responses for each authentication mode - try a successful request and an unsuccessful request for each, check to see if there is any information leakage in the responses. Its quite possible that there may be no obvious difference from that perspective, but if Windows Integrated Authentication is being used and the system is in a Domain you may see some authentication traffic being sent over the network to the Domain controllers from the SQL server. To see this you would of course need to be able to monitor traffic between the SQL server and the Domain controller somehow.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

Similar Threads

  1. How to type the AP name?
    By nirvana0001 in forum OLD Newbie Area
    Replies: 3
    Last Post: 07-10-2009, 09:35 PM
  2. MSSQL 2008 pw hash?
    By cantormath in forum OLD Newbie Area
    Replies: 2
    Last Post: 03-07-2009, 03:10 AM
  3. Router NAT Type?
    By radioraiders in forum OLD General IT Discussion
    Replies: 3
    Last Post: 01-12-2009, 09:03 AM
  4. MSSQL Query Analyzer type functionality?
    By dubZ3r0 in forum OLD Newbie Area
    Replies: 2
    Last Post: 08-07-2008, 12:41 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •