Sunday 23 June 2013

MSSQL Enumeration - Using Open Source/Freeware Tools

In this article, we will demonstrate on how to find available M$ SQL servers within a network range and enumerate or get information about them.


Using Metasploit

msf > use auxiliary/scanner/mssql/mssql_ping
msf auxiliary(mssql_ping) > set RHOSTS <IP Address/range>
msf auxiliary(mssql_ping) > set THREADS 10
msf auxiliary(mssql_ping) > run


Website: http://www.metasploit.com/modules/auxiliary/scanner/mssql/mssql_ping

Using Nessus Cmd
#nessuscmd -i 10674 <IP range> --max-hosts 25


Website: http://pauldotcom.com/2009/11/attacking-mssql-with-metasploi.html


Using Nmap
#nmap -p 1434 --script ms-sql-info --script-args mssql.instance-port=1434 <IP range>


Using SQLRecon



Result of the Scan

SQLRecon: http://www.4shared.com/get/VmkLFFCW/SQLRecon_Setup.html
Website: http://www.specialopssecurity.com/labs/sqlrecon/

Using SQL Ping v3
SQL Ping v3 and SQL Recon has the same interface. The difference is that SQL Ping v3 has additional option for Brute Forcing Passwords with the ability to input the User and Password list.


Result of the Scan

Website: http://www.sqlsecurity.com/downloads

I will find more tools that can be used to gather information for SQL servers and will list them down here in future. If there's anything out there you readers are aware of, do share!
Posted by at
Labels: , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)