BackTrack 5R1 Cracking MS SQLServer

Using Backtrack 5R1 and metasploit we exploit a MSSQL instance on a Server 2003 box. We brute force the SA account, and with that, gain administrative access on the machine. While the demonstration is done on Server 2003 with SQLServer 2000, it can also be done with SQLServer 2005 and SQLServer Express on XP/Vista/7/Server 2008.

With the induction of SQL Server 2008, the SA account is deprecated and replaced with SYSADMIN. While this account is disabled by default, some of your IT guys are lazy and re-enable it to reminence on the glory days.

To sum it up, that bajillion character super admin password you have on your server is worthless unless you have an equally impressive database account password.

This video also demonstrates hash-passing (because sometimes we're just too lazy to crack the hash to find out the real password) which we'll use to regain access to the system as root at a later date.

Category:

Education

Tags:

• BackTrack5
• metasploit
• MSSQL
• exploits

License:

Standard YouTube License