Tuesday , August 21 2018
Home / IT Security / Black Hat / Locating Database on the Network

Locating Database on the Network

A tool that is effective at locating rogue or unknown database installation in SQL Ping 3.0, as described on the vendor’s website; see http://www.vulnerabilityassessment.co.uk/:

SQL Ping 3.0 performs both active and passive scans of your network in order to identify all of the SQL Server/MSDE installation in your enterprise. Due to the proliferation of personal firewalls, inconsistent network library configuration, and the multiple-instance support, SQL Server installation are becoming increasingly difficult to discover, assess, and maintain. SQL Ping 3.0 is designed to remedy this problem by combining all known means of SQL server/MSDE discovery into a single tool, which can be used to ferret out servers you never knew existed on your network so you can properly secure them.

SQLRecon is very similar to SQLPing, but it provides additional techniques to discover SQL Server installation that may be hidden (http://www.vulnerabilityassessment.co.uk/):

SQLRecon performs both active and passive scans of your network in order to identify all of the SQL Server/MSDE installation in your enterprise. Due to the proliferation of personal firewalls, inconsistent network library configuration, and multiple-instance support, SQL Server installation are becoming increasingly difficult to discover, assess, and maintain. SQLRecon is designed to remedy this problem by combining all known means of SQL Server/MSDE discovery into a single tool, which can be used to ferret-out servers you never knew existed on your network so you can properly secure them.

Running a scan with either of these tools will give you information about where you may have SQL Server installation that you are unaware of.

Database Server Password Cracking

After a database has been located, the next step an attacker can take is to see whether the password can be broken. A feature that is included in SQLPing3.0 is a password-cracking capability that can be used to target a database server and break its passwords. The password-cracking capabilities accompanying the product include the ability to use dictionary-based cracking methods to bust the passwords.

Click To Download Microsoft SQL Server Development

 

 

Click To Download Everything About MySQL Database

About Jahanzaib Khan

Jahanzaib Khan is Web Designer & Ethical Hacker. He Who has been working since 2014, and is managing several successful websites on the internet for about 3 years. Jahanzaib-khan.com

Check Also

Types of Attackers

Types of Attackers

Controlling access is not limited to the control of authorized users; it also includes preventing …

Leave a Reply

Your email address will not be published. Required fields are marked *