Hi, I'm playing around with our test ms-sql server. The sa account has no password. So I tried to execute a command with osql.exe... c:\osql.exe -S target -U sa -P "" -d master -Q "xp_cmdshell 'dir c:\'" Client unable to establish connection [Named Pipes]ConnectionOpen (CreateFile()). That's the result. But when I fire up CIS (Cerberus Internet Scanner by D.Litchfield) with ms-sql checks activated, I can see nice results and when I try to execute my command with osql.exe again, then it works! How can I establish a connection only with osql.exe? Hand-shake problem? CIS is a nice tool, but it's GUI based. If I do a pen test and I can compromise a system in the DMZ, I need a command line tool like osql.exe. any help would be appreciated Renato -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Wed Dec 12 2001 - 11:34:00 PST