RE: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services

From: Leandro Reox (lmet5on_at_fibertel.com.ar)
Date: 06/09/05

  • Next message: DUBRAWSKY, IDO (CALLISMA): "RE: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services"
    To: "'Hugo Vinicius Garcia Razera'" <hviniciusg@gmail.com>
    Date:	Thu, 9 Jun 2005 07:19:29 -0200
    
    

    Sql inject it's a good practice with web based applications interconnected
    with databases, especially M$ ;), maybe you can play with some forms at his
    website.
    Always suggest a frontend (webserver) backend (db server) structure, db
    services must not be published ( like your case ) to internet, this is a
    HUGE risk for the customer.

    Here is a good paper of Hernan M. Racciatti about SqlInjetct
    http://www.hernanracciatti.com.ar/papers_and_download.html

    Hope it helps

    Cheers

    -----Original Message-----
    From: Andres Riancho [mailto:andres.riancho@gmail.com]
    Sent: Wednesday, June 08, 2005 12:42 AM
    To: Hugo Vinicius Garcia Razera
    Cc: pen-test@securityfocus.com
    Subject: Re: pen-test on a windows 2003 server box whit MS-SQL and Terminal
    Services

    If they have a web site online , and also a mssql i guess that the web
    uses some of the database content. I would try some SQL Injection on
    their site.

    Cheers,

    Andres Riancho

    Hugo Vinicius Garcia Razera wrote:

    >Hi every one, I'm doing a pen test on a client, and have found that he
    >have a windows 2003 server box on one segment of his public addresses
    >this is his dns/web/mail server:
    >
    >- mssql :1433
    >- terminal services :3389
    >- iis 6 :80
    >- smtp :25
    >- pop3 :110
    >- dns : 53
    >- ftp : filtered
    >
    >ports opened, i logged on the terminal services port whit the winxp
    >remote desktop utility and it connects perfectly.
    >
    >i tried a dictionari atack on mssql server whit the "sa" account and
    >others user names i collected.
    > Hydra from THC was the tool, but no succes on this atack.
    >also tried the tsgrinder for terminal services , but no success.
    >
    >
    >well here come some questions:
    >
    >- What others Usernames should i try for sql and terminal services?
    > i tried whit "sa" for sql and "Administrator" for TS
    >
    >- Any one knows how could i identify what version of sql server is running.
    >- What other services of this host can be exploited?
    >
    >any comments, ideas, suggestions would be greatly appreciated.
    >
    >Hugo Vinicius Garcia Razera
    >
    >


  • Next message: DUBRAWSKY, IDO (CALLISMA): "RE: pen-test on a windows 2003 server box whit MS-SQL and Terminal Services"