problems to execute sql-commands with osql.exe
From: otaner@gmx.chDate: 12/12/01
- Previous message: rudi carell: "Re: Pen-Testing help (Compaq Insight & htsearch)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 12 Dec 2001 10:54:09 +0100 (MET) From: otaner@gmx.ch To: pen-test@securityfocus.com
Hi,
I'm playing around with our test ms-sql server. The sa account has no
password. So I tried to execute a command with osql.exe...
c:\osql.exe -S target -U sa -P "" -d master -Q "xp_cmdshell 'dir c:\'"
Client unable to establish connection
[Named Pipes]ConnectionOpen (CreateFile()).
That's the result. But when I fire up CIS (Cerberus Internet Scanner by
D.Litchfield) with ms-sql checks activated, I can see nice results and when I try
to execute my command with osql.exe again, then it works!
How can I establish a connection only with osql.exe? Hand-shake problem? CIS
is a nice tool, but it's GUI based. If I do a pen test and I can compromise
a system in the DMZ, I need a command line tool like osql.exe.
any help would be appreciated
Renato
-- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
- Previous message: rudi carell: "Re: Pen-Testing help (Compaq Insight & htsearch)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
