Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services

From: Andres Riancho (andres.riancho@gmail.com)
Date: Tue Jun 07 2005 - 22:41:40 EDT


If they have a web site online , and also a mssql i guess that the web
uses some of the database content. I would try some SQL Injection on
their site.

Cheers,

Andres Riancho

Hugo Vinicius Garcia Razera wrote:

>Hi every one, I'm doing a pen test on a client, and have found that he
>have a windows 2003 server box on one segment of his public addresses
>this is his dns/web/mail server:
>
>- mssql :1433
>- terminal services :3389
>- iis 6 :80
>- smtp :25
>- pop3 :110
>- dns : 53
>- ftp : filtered
>
>ports opened, i logged on the terminal services port whit the winxp
>remote desktop utility and it connects perfectly.
>
>i tried a dictionari atack on mssql server whit the "sa" account and
>others user names i collected.
> Hydra from THC was the tool, but no succes on this atack.
>also tried the tsgrinder for terminal services , but no success.
>
>
>well here come some questions:
>
>- What others Usernames should i try for sql and terminal services?
> i tried whit "sa" for sql and "Administrator" for TS
>
>- Any one knows how could i identify what version of sql server is running.
>- What other services of this host can be exploited?
>
>any comments, ideas, suggestions would be greatly appreciated.
>
>Hugo Vinicius Garcia Razera
>
>



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:23 EDT