Penetration Tester's Open Source Toolkit
By et al.

Case Study: Microsoft's SQL Server Bruteforce

1    ##2    #3    # MSSQL Brute Forcer4    #5    # This script checks a SQL Server instance for common6    # username and password combinations. If you know of a7    # common/default account that is not listed, please8    # submit it to:9    #10   # plugins@digitaloffense.net11   # or12   # deraison@cvs.nessus.org13   #14   # System accounts with blank passwords are checked for in15   # a seperate plugin (mssql_blank_password.nasl). This plugin16   # is geared towards accounts created by rushed admins or17   # certain software installations.18   #19   ##<a name="1285"></a><a name="beginpage.FD0AF758-2DDE-45BF-B449-C5B2F9C8486C"></a>

The script is named on line 3 and described for anyone reading the source on lines 5 through 17. It behaves differently from the mssql_blank_password.nasl script in that it doesn't check for blank passwords.

20   21   22   if(description)23   { 24   script_id(10862);25   script_version ("$Revision: 1.14 $");26   name["english"] = "Microsoft's SQL Server Brute Force";27   script_name(english:name["english"]);

The description block begins on line 22. Lines 24 through 27 set the Nessus script ID, script revision, and English script name. 

28   29   desc["english"] = "30   31   The SQL Server has a common password for one...
Copyright Syngress Publishing, Inc. 2006 under license agreement with Books24x7
< Previous Excerpt Next Excerpt >

UNLIMITED FREE
ACCESS TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Category: Database Tools Software

Select Your Free Newsletters

Industry Newsletters

Select Your Free Product Alerts

Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.