[TOOL] SQLAT - SQL Auditing Tools

From: support@securiteam.com
Date: 12/12/01 

From: support@securiteam.com
To: list@securiteam.com
Date: Wed, 12 Dec 2001 19:59:40 +0100 (CET)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  SQLAT - SQL Auditing Tools
------------------------------------------------------------------------

DETAILS

SQLAT is a suite of tools that could be useful for penetration testing a
MS SQL Server. The tools are still in development but tend to be quite
stable.

The tools do dictionary attacks, upload files, read registry and dump the
SAM (using pwdump2, <http://razor.bindview.com/tools/files/pwdump2.zip>
http://razor.bindview.com/tools/files/pwdump2.zip). They do this by
wrapping extended stored procedures. There is also a tool for doing a
minimal analysis of a SQL Server with output as HTML. You need to be 'sa'
to run some of the tools, but this usually is not a problem.

The tool temporarily restores the xp_cmdshell if it is removed and the DLL
is still left on the system.

SQLAT works over port 1433, it does not do named pipes. It does not do
integrated security either. This because it is based on the FreeTDS driver
from <http://www.freetds.org/> http://www.freetds.org/.

ADDITIONAL INFORMATION

The tool can be downloaded from:
 <http://www.cqure.net/tools06.html> http://www.cqure.net/tools06.html

The information has been provided by <mailto:jonas.landin@ixsecurity.com>
Jonas Landin.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Relevant Pages

  • Re: SQL or Access DB
    ... As far as encryption goes though... ... with Sql Server you can use SQL DMO and encrypt your stored procedures ... installation - Security was absolutely critical and in most instances, ... > then we create a nice gui around this database and sell it to automotive ...
    (microsoft.public.dotnet.languages.vb)
  • Re: Is there any way to prevent hacker trying to guess sa password?
    ... and port 1433 will not be open. ... If someone can crash SQL Server by connecting to port 1433, ... You don't need multiple security experts. ...
    (microsoft.public.sqlserver.security)
  • Re: Getting to the bottom of MSDE network connection problems ...
    ... Brilliant, Nick, especially the explanation for local network user being ... authenticated as GUEST in WinXP SP2. ... > on a desktop OS like XP (meaning that, you can not compare SQL Server ... > again and selected the security tab. ...
    (microsoft.public.sqlserver.msde)
  • RE: Login failed for user (null).
    ... used at signon to authenticate in SQL Server. ... connect the remote SQL Server database), is there any other data accessing ... What's the security identity used to access the remote SQL Server, ... the worker process identity. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • [NT] SQL Extended Procedure Functions Contain Unchecked Buffers
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... SQL Server 7.0 and 2000 provide extended stored procedures, ... Several of the Microsoft-provided extended stored procedures have been ... Exploiting the flaw could enable an attacker to either cause the SQL ...
    (Securiteam)