Brute forcing MS SQL passwords
System administrators and penetration testers often need to check for weak passwords as part of the organization's security policy. Nmap can help us to perform dictionary attacks against MS SQL servers.
This recipe shows how to perform brute-force password auditing of MS SQL servers with Nmap.
How to do it...
To perform brute-force password auditing against an MS SQL server, run the following Nmap command:
$ nmap -p1433 --script ms-sql-brute <target>
If any valid accounts are found, they will be included in the script output section:
PORT STATE SERVICE 1433/tcp open ms-sql-s | ms-sql-brute: | [192.168.1.102:1433] | Credentials found: |_ sa:karate
How it works...
MS SQL servers usually run on TCP port 1433
. The -p1433 --script ms-sql-brute
options initiate the ms-sql-brute
NSE script if an MS SQL server is found running...