General, Info Sec 28-September-2016 .NetRussell No comments

Penetration Testing Series P7 – Metasploitless – Brute Forcing MSSQL

Another day gone and another python script completed. This time our target is going to be Microsoft SQL.

Download mssql_brute.py

This python script allows you to brute force the Microsoft SQL login. It was a great exercise in python and fun to write. So let’s get started.

The first thing we are going to do is gather the default variables. If you download the script you will see that there is also logic that allows the user to define all of this but for simplicity let’s stick to the defaults.

We first create the default user of ‘sa’ and point our password file at the rockyou list that comes stock with kali. If the user hasn’t unziped this yet then this is going to bomb out.

Next we prompt for our target machine. This is the machine that has the MSSQL service running on port 1433.

Assuming the user has agreed to use our default information then we can start the brute process. This process is actually very simple. As you probably remember from my previous brute force tool (Brute Force Tomcat) we first open our file, and then iterate over each line of it.

In the below example you can see that I open up my default password file and then inside that context, I am able to create a for loop witch iterates over each password. Once we have the individual password we can then combine that with our default username and make the connection.

If our connection fails then we throw an exception by default. Otherwise a connection was made and we have valid credentials.

 

Now that we have valid credentials we can start trying to run exploits against MSSQL. We’ll save that for tomorrow 🙂

-Anthony

Leave a Reply

Your email address will not be published. Required fields are marked *