Thursday, November 18, 2010 0 comments
This utility is intended to run against Microsoft SQL Server. It attempts to connect directly to port 1433.
- Ability to scan one host or a range of hosts.
- Ability to scan for one SQL account password or multiple passwords from a dictionary file.
- Ability to create an administrative backdoor account on vulnerable
If the backdoor account is created successfully an X will show up in the last column ($) of the output box. A simple net use command can be used to connect over to the machine with administrative rights if NetBIOS is enabled.
Creation of the backdoor account will fail if xp_cmdshell is disabled on the SQL server.