Use SQLExec.exe to enter commands remotely...It uses tcp port 1433 with blank sa account.It is alittle proggie for these purposes. www.karyde.com.tr/sqlexec.zip or www.nmrc.org/files/nt/sqlexec.zip Regards Egemen Tas ----- Original Message ----- From: "c0ncept" <c0nceptat_private> To: <PEN-TESTat_private> Sent: Friday, April 13, 2001 2:49 AM Subject: Re: [PEN-TEST] Web Server to SQL Server > SQL Server client tools come with a command-line program that will allow > you to enter queries. Use netcat or some such simialer program on the > webserver, and enter queries. > > --c0ncept > > -----Original Message----- > From: Penetration Testers [mailto:PEN-TESTat_private]On Behalf > Of myrddin_eat_private > Sent: Wednesday, April 11, 2001 8:52 PM > To: PEN-TESTat_private > Subject: [PEN-TEST] Web Server to SQL Server > > > I'm setting up a lab, and am planning to simulate the following situation... > An IIS web server in a DMZ that connects to a SQL server over port 1433 > on an internal network. The IIS server will be vulnerable to Unicode, the > host will not be hardened and the firewall will not prevent outbound TFTP > traffic. I'm going to use hk.exe to elevate privileges. The SQL server will > not be vulnerable to SQL injection. > > Once I have done this, the only traffic into the internal network allowed > from the IIS server will be on port 1433. The SQL server will have a blank > 'sa' password. How would I then proceed to bust the SQL server? I know I > can do this if I install Perl on the IIS server and place the needed tools > on the box, but that requires GUI access to the IIS server (right?). Other > than setting up a port redirector like FPipe, how would you go about this? > > Free, encrypted, secure Web-based email at www.hushmail.com
This archive was generated by hypermail 2b30 : Sat Apr 14 2001 - 13:41:10 PDT