Skip to main content

How To Gain Access MsSQL using Metasploit

Nowadays companies runs more SQL Server databases inhouse than any other database platform, according to Embarcadero Technologies’ Database Survey Report, 83 percent of respondents are running SQL Server in their database environment. Database administrators use simple passwords to facilitate their access to databases. In these two cases, many companies are endangered.
 
DB Usage of World

You can gain access the server systems of many enterprise companies using only the Metasploit Framework and a simple password list. Today I will show you how to get MSSQL passwords and what you can do with this valuable information.

We use the “MsSQL Login Module” to detect MsSQL passwords. You can use the following command to select the module.
Syntax example:
use auxiliary/scanner/mssql/mssql_login

We can list the parameters with “options” command.

MsSQL Login Module Options
All required parameters must be set before the “Mssql Login Module” is run. To start the module, there are 3 parameters that you need to specify.

 Important Parameters : 

 The PASSWORD parameter (Optional) : Specifies which password to authenticate with
The PASS_FILE parameter (Optional) : Specifies which file containing passwords to authenticate with
The RHOSTS parameter : Specifies the target address range 
The RPORT parameter : Specifies the target port
The USERNAME parameter (Optional) : Specifies which username to authenticate as
The USER_FILE parameter (Optional) : Specifies which file containing usernames to authenticate as

Setting up Parameters of MsSQL Login
After setting parameters, we are ready to exploit our module by sending “exploit” command.

Exploiting of MsSQL Login Module
As you see, there are 2 different response;
[-]  means the password we tried is incorrect
[+] means the password we tried is correct
Now we knows the password of MsSQL SA account and we can use another module of Metasploit which named “Mssql Exec” to gain access to the command line of target. To select “Mssql Exec”, we can use following command.
Syntax example:
use auxiliary/admin/mssql/mssql_exec
MsSQL Exec Module Options
All required parameters must be set before the “Mssql Exec Module” is run as it was in the previous module. To start the module, there are 4 parameters that you need to specify

Important Parameters : 
The CMD parameter (Optional) : Specifies which command to execute
The PASSWORD parameter (Optional) : Specifies which password to authenticate with
The RHOST parameter : Specifies the target address 
The RPORT parameter : Specifies the target port
The USERNAME parameter (Optional) : Specifies which username to authenticate as

Setting up Parameters of MsSQL Exec
After setting parameters, we are ready to exploit our module by sending “exploit” command.

"whoami" Command Output
As you see, we have system privileges. For example, running the "ipconfig" command is below.

"ipconfig" Command Output
BONUS : If you are interested in gaining access, I suggest you look at the content below.

Labels:

Comments

Post a Comment

Popular posts from this blog

TCP Flood & IP Spoofing Tutorial - Hping3 (With Effective Tricks)

hping is a command-line oriented TCP/IP packet assembler/analyzer. Using hping3 you are able to perform at least the following stuff: Test firewall rules Testing Network performance using different protocols, packet size, TOS (type of service) and fragmentation Remote OS fingerprinting. TCP/IP stack auditing Today, we will use hping3 for testing network performance. In other words we will use it to do DDOS Attack Tests. We can start “Help Document” by typing “hping3 --help” on the command line. Hping3 Important Parameters :  The flood parameter : Activates the fastest packet sending mode The destport(p) parameter : Specifies the destination port The spoof(a) parameter : Specifies which IP Adress is to be spoofed The rand-source parameter : Activates the random source address mode Although the above parameters are important, it should be selected which flag is set to determine the main attack type.  Main Attack Types :  The syn(S) param...
Post a Comment
Read more

Increase computer performance by hidden REGISTRY HACK

Having a computer whatever it’s desktop or laptop we play games of do something crazy. We wants to make our computer faster and improve its performance. There’s a lot of video on youtube but this video is quite different. If you are looking for a cool way to improve computer performance this is the perfect video for you. In this video you are going to learn a cool registry hack. Don’t worry it’s legal. Let’s do it. First go to “RUN” and then type “regedit” Then follow my steps. Before doing this I’m recommending   you to clean up your registry errors. I personally use Ccleaner to do this. After all just restart your computer and watch the different. It will optimize your computer speed and you will get a cool gaming experience. I promise you this video will change your experience. You don’t need any extra software like Advanced System Care to Tune Up utilities. This is a hidden Microsoft secret that most of hackers use. Go crazy and enjoy it. Thanks for watching a...
Post a Comment
Read more

Add Perfect Meta tag in Blogger

Hey bloggers, you may know that how important is <meta> tag in SEO. Here is the way you can ad the perfect meta tag in you Blogger or Blogspot blogs.  Read here Step by Step to add Different Meta tags description For Each Post in your blogspot blog. Step 1 Install title tags optimized <b:include data='blog' name='all-head-content'/> <b:if cond='data:blog.pageType == &quot;index&quot;'> <title><data:blog.pageName/> | <data:blog.title/></title> <b:else/> <title><data:blog.pageTitle/></title> </b:if> <b:skin> Step 2 Add Meta tag Description and Meta Keywords <b:if cond='data:blog.url == data:blog.homepageUrl'> <meta content=' Your home page description ' name='description'/> <meta content=' your keywords, keywords1, keyword2 ' name='keywords'/> </b:if> <b:if cond='data:blog.pageType ==...
Post a Comment
Read more