Re: [PEN-TEST] Web Server to SQL Server

From: Egemen Tas (egementat_private)
Date: Sat Apr 14 2001 - 08:42:14 PDT

  • Next message: Steve: "Re: [PEN-TEST] Cybercop"

    Use SQLExec.exe to enter commands remotely...It uses tcp port 1433 with
    blank sa account.It is alittle proggie for these purposes.
    www.karyde.com.tr/sqlexec.zip or www.nmrc.org/files/nt/sqlexec.zip
    
    Regards
    Egemen Tas
    ----- Original Message -----
    From: "c0ncept" <c0nceptat_private>
    To: <PEN-TESTat_private>
    Sent: Friday, April 13, 2001 2:49 AM
    Subject: Re: [PEN-TEST] Web Server to SQL Server
    
    
    > SQL Server client tools come with a command-line program that will allow
    > you to enter queries. Use netcat or some such simialer program on the
    > webserver, and enter queries.
    >
    > --c0ncept
    >
    > -----Original Message-----
    > From: Penetration Testers [mailto:PEN-TESTat_private]On Behalf
    > Of myrddin_eat_private
    > Sent: Wednesday, April 11, 2001 8:52 PM
    > To: PEN-TESTat_private
    > Subject: [PEN-TEST] Web Server to SQL Server
    >
    >
    > I'm setting up a lab, and am planning to simulate the following
    situation...
    > An IIS web server in a DMZ that connects to a SQL server over port 1433
    > on an internal network. The IIS server will be vulnerable to Unicode, the
    > host will not be hardened and the firewall will not prevent outbound TFTP
    > traffic. I'm going to use hk.exe to elevate privileges. The SQL server
    will
    > not be vulnerable to SQL injection.
    >
    > Once I have done this, the only traffic into the internal network allowed
    > from the IIS server will be on port 1433. The SQL server will have a blank
    > 'sa' password. How would I then proceed to bust the SQL server? I know I
    > can do this if I install Perl on the IIS server and place the needed tools
    > on the box, but that requires GUI access to the IIS server (right?). Other
    > than setting up a port redirector like FPipe, how would you go about this?
    >
    > Free, encrypted, secure Web-based email at www.hushmail.com
    



    This archive was generated by hypermail 2b30 : Sat Apr 14 2001 - 13:41:10 PDT