Tag: sql


How to execute thousand of sql commands using mysql cli

1> Open windows cmd 2> Type: .mysql.exe –user=root –password -e "source C:pathtomysqlfile.sql".mysql.exe –user=root –password -e "source C:pathtomysqlfile.sql" 3> Hit Enter SQL file example: USE `databasename`;   INSERT INTO blah blah; INSERT INTO blah blah; INSERT INTO blah blah;use `databasename`; insert into blah blah; insert into blah blah; insert into blah blah;

Databases, MSSQL

Hardening a SQL Server

Below are some quick tips that you should follow to secure your SQL Server. Secure sa account with a strong password. Do not use LocalSystem or Administrator accounts for SQL Service. Apply all service packs, updates and hot fixes to Windows system and SQL Server. Delete setup files after installation. Review all passwords for all …

Microsoft SQL Server

Check for null passwords in Sql Server

One of the many ways to secure SQL Server is to review all passwords. You must also check for null passwords and if you locate any, change them. To list all users with null passwords, execute the following sql command: USE master GO   SELECT name, password FROM syslogins WHERE password IS NULL;use master go …

Metasploit, Phishing

MSSQL Phishing with metasploit

Metasploit has a mssql capture module, called mssql. This module provides a fake MSSQL service that is designed to capture MSSQL server authentication credentials. The module supports both the weak encoded database logins as well as Windows logins (NTLM).   To select the capture module type: use auxiliary/server/capture/mssqluse auxiliary/server/capture/mssql   Options You can set CAINPWFILE …

Metasploit, MSSQL

Brute forcing Microsoft SQL Server

Metasploit offers auxiliary module mssql_login. This module will query the MSSQL instance for a specific username and password pair.   The default administrator’s username for SQL server is sa. In the options of this module, you can specify a specific password, or a password list, a username list or a username-password list where usernames and …

Metasploit, MSSQL

Detecting a Microsoft SQL Server

Microsoft SQL Server (MSSQL) is a relational database management system (RDMS) used to store, retrieve and manage information. As with many Microsoft’s products, SQL Server has many security weaknesses. Let’s start by identifying running SQL servers on the network.   Discover open MSSQL ports MSSQL is running by default on port 1433. To discover SQL …


Loading SQL Server data into DataTable

DataTable represents one table of in-memory data. SqlConnection Connection = null; String sql_server_ip_or_hostname ".."; String database_name = ".."; String username = ".."; String password = "..";   try { Connection = new SqlConnection( "Data Source=" + sql_server_ip_or_hostname + ";" + "Initial Catalog=" + database_name + ";" + "User Id=" + username + ";" + "Password=" …

Microsoft SQL Server, Microsoft Windows

How do I fix “Cannot connect to WMI Provider” error?

Error Message: Cannot connect to WMI provider. You do not have permission or the server is unreachable. Note that you can only manage SQL Server 2005 servers with SQL Server Configuration Manager. Invalid Namespace. This error is caused when the .mof files are damaged during the MS SQL Server 2005 installation. This error typically occurs …

Databases, Microsoft SQL Server

Retrieve useful information from SQL Server

Today we will see how can we retrieve various information from Microsoft SQL Server using SQL queries. Get all users: SELECT * FROM sys.server_principals;SELECT * fROM sys.server_principals; Get database size: USE master GO   EXEC sp_spaceuseduse master go exec sp_spaceused Get user privilleges for current database: USE master GO   SELECT SYSOBJECTS.name AS ‘objectname’, SYSUSERS.name …

Microsoft SQL Server, MySQL, Oracle

SQL column name with blank space

Let’s see how we can write queries when a column name contains spaces:   Microsoft Sql Server SELECT [COLUMN Name] FROM TABLE_NAME;SELECT [Column Name] FROM table_name; MySQL SELECT ‘Column Name’ FROM TABLE_NAME;SELECT ‘Column Name’ FROM table_name; Oracle SELECT "Column Name" FROM TABLE_NAME;SELECT "Column Name" FROM table_name;