From: Geoff Varosky (GVarosky@grace-hunt.com)
Date: Tue Jun 07 2005 - 20:25:24 EDT
Depending on the setup of the MSSQL server, try the DYNSA account
UN: DYNSA
PW: access
Regards,
Geoff Varosky
Grace-Hunt Information Technology
1250 Hancock St., Suite 501S
Quincy, MA 02169
Cell: 781.439.4519
Office: 617.328.7100
Fax: 888.498.8548
IT Group: 206.600.GHIT
Web: http://www.grace-hunt.com
-----Original Message-----
From: Hugo Vinicius Garcia Razera [mailto:hviniciusg@gmail.com]
Sent: Tuesday, June 07, 2005 7:01 PM
To: pen-test@securityfocus.com
Subject: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services
Hi every one, I'm doing a pen test on a client, and have found that he have a windows 2003 server box on one segment of his public addresses this is his dns/web/mail server:
- mssql :1433
- terminal services :3389
- iis 6 :80
- smtp :25
- pop3 :110
- dns : 53
- ftp : filtered
ports opened, i logged on the terminal services port whit the winxp remote desktop utility and it connects perfectly.
i tried a dictionari atack on mssql server whit the "sa" account and others user names i collected.
Hydra from THC was the tool, but no succes on this atack.
also tried the tsgrinder for terminal services , but no success.
well here come some questions:
- What others Usernames should i try for sql and terminal services?
i tried whit "sa" for sql and "Administrator" for TS
- Any one knows how could i identify what version of sql server is running.
- What other services of this host can be exploited?
any comments, ideas, suggestions would be greatly appreciated.
Hugo Vinicius Garcia Razera
-- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.6.5 - Release Date: 6/7/2005 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.6.5 - Release Date: 6/7/2005
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:23 EDT