Tag: server

Metasploit, MSSQL

Brute forcing Microsoft SQL Server

Metasploit offers auxiliary module mssql_login. This module will query the MSSQL instance for a specific username and password pair.   The default administrator’s username for SQL server is sa. In the options of this module, you can specify a specific password, or a password list, a username list or a username-password list where usernames and …

Metasploit, MSSQL

Detecting a Microsoft SQL Server

Microsoft SQL Server (MSSQL) is a relational database management system (RDMS) used to store, retrieve and manage information. As with many Microsoft’s products, SQL Server has many security weaknesses. Let’s start by identifying running SQL servers on the network.   Discover open MSSQL ports MSSQL is running by default on port 1433. To discover SQL …

Microsoft Servers, Microsoft Windows, Microsoft Windows Server 2008

Remote Server Administration Tools for Windows 7

Remote Server Administration Tools for Windows 7 enables IT administrators to manage roles and features that are installed on computers that are running Windows Server 2008 R2, Windows Server 2008, or Windows Server 2003, from a remote computer that is running Windows 7. It includes support for remote management of computers that are running either …

C#

Loading SQL Server data into DataTable

DataTable represents one table of in-memory data. SqlConnection Connection = null; String sql_server_ip_or_hostname ".."; String database_name = ".."; String username = ".."; String password = "..";   try { Connection = new SqlConnection( "Data Source=" + sql_server_ip_or_hostname + ";" + "Initial Catalog=" + database_name + ";" + "User Id=" + username + ";" + "Password=" …

Backtrack, Linux, Penetration Testing, Tools

Web server audit tool – Webshag

Webshag page 1. Open your BackTrack VM. 2. Goto Applications->BackTrack->Information Gathering->Web Application Analysis->Web Crawlers->webshag-cli 3. Execute the following command to uscan a host on port 80: python webshag_cli.py targethostname.compython webshag_cli.py targethostname.com 4. Options: –version show program’s version number and exit -h, –help show this help message and exit -U Update the URL scanner databases and …

Microsoft Windows, Microsoft Windows Server 2003, Microsoft Windows Server 2008, Windows 7

Get a list of currently logged in users in Windows Server

To get a list of currently logged in users in your Windows Server, open a cmd console and issue the following command: query sessionquery session You will get a response like this: X:pathtosomewhere>query session SESSIONNAME USERNAME ID STATE TYPE DEVICE services 0 Disc >console my_user_name 3 Active rdp-tcp 65536 Listen   X:pathtosomewhere>X:pathtosomewhere>query session SESSIONNAME USERNAME …

MSSQL, PHP

How to prevent sql injection using PHP and SQL Server

Let’s see how we can prevent sql injection attacks in our applications when we are using PHP and Microsoft SQL Server: 1. Use prepared statements – sqlsrv_prepare. 2. Use parameterized queries – PDO. 3. Use stored procedures – mssql_execute. 4. Validate User Input – preg_match. 5. Escape user input – addslashes,  str_replace or preg_replace quotes. …

Linux

Backup your server files easily with rsync

If you would like to back up a directory on your server and copy only changed files to your local machine, you can use the rsync tool. Just issue the following command: rsync -vare ssh username@myserver.com:/home/username/myfiles/* /home/username/myserverbackups/rsync -vare ssh username@myserver.com:/home/username/myfiles/* /home/username/myserverbackups/ That’s it!