Retrieving information from MS SQL servers
System administrators and penetration testers often need to gather as much host information as possible from the network environment. MS SQL databases are common in infrastructures based on Microsoft technologies, and Nmap can help us gather information from them such as the version number, product, and instance name.
This recipe shows how to retrieve information from MS SQL servers with Nmap.
How to do it...
To retrieve information from an MS SQL server with Nmap, run the following command:
$ nmap -p1433 --script ms-sql-info <target>
MS SQL server information such as instance name, version number, and port will be included in the script output:
PORT STATE SERVICE 1433/tcp open   ms-sql-s Host script results: | ms-sql-info: |     Windows server name: CLDRN-PC |     [192.168.1.102\MSSQLSERVER] |     Instance name: MSSQLSERVER ...