Brute forcing MS SQL passwords
System administrators and penetration testers often need to check for weak passwords as part of the organization's security policy. Nmap can help us to perform dictionary attacks against MS SQL servers.
This recipe shows how to perform brute force password auditing of MS SQL servers by using Nmap.
How to do it...
To perform brute force password auditing against an MS SQL server, run the following Nmap command:
$ nmap -p1433 --script ms-sql-brute <target>
If any valid accounts are found, they will be included in the script output section:
PORT STATE SERVICE 1433/tcp open ms-sql-s | ms-sql-brute: | [192.168.1.102:1433] | Credentials found: |_ sa:<empty>
How it works...
MS SQL servers usually run on TCP port 1433. The arguments -p1433 --script ms-sql-brute
initiate the NSE script ms-sql-brute
if an MS SQL server is found running on port 1433.
The script ms-sql-brute
was written by Patrik Karlsson. It performs brute force password auditing...