SQL Server client tools come with a command-line program that will allow you to enter queries. Use netcat or some such simialer program on the webserver, and enter queries. --c0ncept -----Original Message----- From: Penetration Testers [mailto:PEN-TESTat_private]On Behalf Of myrddin_eat_private Sent: Wednesday, April 11, 2001 8:52 PM To: PEN-TESTat_private Subject: [PEN-TEST] Web Server to SQL Server I'm setting up a lab, and am planning to simulate the following situation... An IIS web server in a DMZ that connects to a SQL server over port 1433 on an internal network. The IIS server will be vulnerable to Unicode, the host will not be hardened and the firewall will not prevent outbound TFTP traffic. I'm going to use hk.exe to elevate privileges. The SQL server will not be vulnerable to SQL injection. Once I have done this, the only traffic into the internal network allowed from the IIS server will be on port 1433. The SQL server will have a blank 'sa' password. How would I then proceed to bust the SQL server? I know I can do this if I install Perl on the IIS server and place the needed tools on the box, but that requires GUI access to the IIS server (right?). Other than setting up a port redirector like FPipe, how would you go about this? Free, encrypted, secure Web-based email at www.hushmail.com
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:01:24 PDT