Since it's IIS, you can use either an existing ODBC connection (look through the ASP files and global.asa's) or create your own.. Once you have an ODBC connection, you can use ASP to send stuff to the SQL server. You can execute it by requesting it from your machine externally. A working knowledge of VBScript or VB can help you a lot.. if you still need help, take a peek at the examples.. Sorry, I won't tell you exactly how.. gotta leave some challenge. // Chris tobkinat_private -----Original Message----- From: myrddin_eat_private [mailto:myrddin_eat_private] Sent: Wednesday, April 11, 2001 10:52 PM To: PEN-TESTat_private Subject: [PEN-TEST] Web Server to SQL Server I'm setting up a lab, and am planning to simulate the following situation... An IIS web server in a DMZ that connects to a SQL server over port 1433 on an internal network. The IIS server will be vulnerable to Unicode, the host will not be hardened and the firewall will not prevent outbound TFTP traffic. I'm going to use hk.exe to elevate privileges. The SQL server will not be vulnerable to SQL injection. Once I have done this, the only traffic into the internal network allowed from the IIS server will be on port 1433. The SQL server will have a blank 'sa' password. How would I then proceed to bust the SQL server? I know I can do this if I install Perl on the IIS server and place the needed tools on the box, but that requires GUI access to the IIS server (right?). Other than setting up a port redirector like FPipe, how would you go about this? Free, encrypted, secure Web-based email at www.hushmail.com
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 09:12:24 PDT