Brute forcing Microsoft SQL Server

Metasploit offers auxiliary module mssql_login. This module will query the MSSQL instance for a specific username and password pair.
 
The default administrator’s username for SQL server is sa. In the options of this module, you can specify a specific password, or a password list, a username list or a username-password list where usernames and passwords are separated by space and each pair is in a new line.
 
Having set your options simply run the module and wait for your results!
 
You can create your own password list file, like we did in an older post brute forcing mysql.
 

Published in Hakin9 magazine on October 25, 2012

%d bloggers like this: