From: Jeroen (jeroen@isvet.nl)
Date: Fri Sep 16 2005 - 13:40:30 EDT
xyberpix wrote:
<SNAP>
> I have been able to
> successfully add myself to the local Administrators group, and can
> now TS into the box in question. I have absolutely no rights on the
> SQL server though, so any pointers here would be greatly appreciated!
Hi xyberpix,
Most of the time, MSSQL-boxes use a "hybrid" authentication model; a
combination of SQL authentication and NT authentication is used. So probably
you can already connect to the database. The easiest ways to check:
- start isql.exe while logged on as an Administrator;
- install and start the MSSQL enterprise manager on _a_ box and connect to
the MSSQL-box you've found using NT credentials. Enterprise manager makes it
possible to view databases, data and to maintain them (backups etc.).
If they use MSSQL authentication only:
- try user SA with a blank password (*lol*);
- run a pwdump on the NT-box and crack the password of the users found
(LC5/rainbowtables). Most of the time found logon names and passwords are
also used on SQL.
Have fun and please let us know how the story ended ;)
Greets,
Jeroen
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:55 EDT