Re: [PEN-TEST] Web Server to SQL Server

From: Chris Tobkin (tobkinat_private)
Date: Thu Apr 12 2001 - 20:06:46 PDT

  • Next message: H D Moore: "Re: [PEN-TEST] Web Server to SQL Server"

    Since it's IIS, you can use either an existing ODBC connection (look
    through 
    the ASP files and global.asa's) or create your own..  Once you have an
    ODBC
    connection, you can use ASP to send stuff to the SQL server.  You can
    execute 
    it by requesting it from your machine externally.  A working knowledge
    of 
    VBScript or VB can help you a lot.. if you still need help, take a peek
    at 
    the examples..  Sorry, I won't tell you exactly how.. gotta leave some 
    challenge.
    
    // Chris
    tobkinat_private
    
    -----Original Message-----
    From: myrddin_eat_private [mailto:myrddin_eat_private]
    Sent: Wednesday, April 11, 2001 10:52 PM
    To: PEN-TESTat_private
    Subject: [PEN-TEST] Web Server to SQL Server
    
    
    I'm setting up a lab, and am planning to simulate the following
    situation...
    An IIS web server in a DMZ that connects to a SQL server over port 1433
    on an internal network. The IIS server will be vulnerable to Unicode,
    the
    host will not be hardened and the firewall will not prevent outbound
    TFTP
    traffic. I'm going to use hk.exe to elevate privileges. The SQL server
    will
    not be vulnerable to SQL injection.
    
    Once I have done this, the only traffic into the internal network
    allowed
    from the IIS server will be on port 1433. The SQL server will have a
    blank
    'sa' password. How would I then proceed to bust the SQL server? I know I
    can do this if I install Perl on the IIS server and place the needed
    tools
    on the box, but that requires GUI access to the IIS server (right?).
    Other
    than setting up a port redirector like FPipe, how would you go about
    this?
    
    Free, encrypted, secure Web-based email at www.hushmail.com
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 09:12:24 PDT