Lets see how we can use the Metasploit framework to pawn an MS SQL Server
A MacBook with Vmware Fusion on it
Target: A Vrtual Guest with Windows 2003 Server with the Ip address 172.16.226.131
Attacker: A Virtual Guest with Backtrack 5R1 with the Ip address 172.16.226.128
So Lets go….
The SQL Database TCP port 1433.
Setting the RHOSTS option we can get information about the database including version information, server name etc
Setting the options RHOSTS, PASS_FILE, VERBOSE we can brute-force attack the target for valid credentials. If the server is misconfigured or the passwords are weak we can find accounts that we can use in the next command. Here I am attacking to the “sa” account. The “sa” account is the DBO (db_owner) for all databases created on the server. The account has administrative privileges on the database.
[+] 172.16.226.131:1433 – MSSQL – successful login ‘sa’ : ‘password’
Setting the options RHOSTS,PASSWORD which are set from the previous command we can try to exploit the Server. The exploit uses the “xp_cmdshell” stored procedure to execute commands on the Server.
[*] Meterpreter session 1 opened
I am working on a new post about metepreter so stay tuned….