Re: [PEN-TEST] Web Server to SQL Server

From: c0ncept (c0nceptat_private)
Date: Thu Apr 12 2001 - 16:49:27 PDT

  • Next message: Jason Brvenik: "Re: [PEN-TEST] Web site password guessing over SSL"

    	SQL Server client tools come with a command-line program that will allow
    you to enter queries. Use netcat or some such simialer program on the
    webserver, and enter queries.
    
    	--c0ncept
    
    -----Original Message-----
    From: Penetration Testers [mailto:PEN-TESTat_private]On Behalf
    Of myrddin_eat_private
    Sent: Wednesday, April 11, 2001 8:52 PM
    To: PEN-TESTat_private
    Subject: [PEN-TEST] Web Server to SQL Server
    
    
    I'm setting up a lab, and am planning to simulate the following situation...
    An IIS web server in a DMZ that connects to a SQL server over port 1433
    on an internal network. The IIS server will be vulnerable to Unicode, the
    host will not be hardened and the firewall will not prevent outbound TFTP
    traffic. I'm going to use hk.exe to elevate privileges. The SQL server will
    not be vulnerable to SQL injection.
    
    Once I have done this, the only traffic into the internal network allowed
    from the IIS server will be on port 1433. The SQL server will have a blank
    'sa' password. How would I then proceed to bust the SQL server? I know I
    can do this if I install Perl on the IIS server and place the needed tools
    on the box, but that requires GUI access to the IIS server (right?). Other
    than setting up a port redirector like FPipe, how would you go about this?
    
    Free, encrypted, secure Web-based email at www.hushmail.com
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:01:24 PDT