Now a days, all applications are web facing with most of them supporting a database. This inturn makes them vulnerable to attacks like SQL injections etc. After you have found a ‘suitable host’ what remains is that you know what database is the application (web) running. In such cases, you might want to try blind SQL techniques. This might get you into trouble as there are secure applications out there that will ban you after a certain number of attempts. SQLRecon will help you, to overcome this short coming.
It can perform both both active and passive scans of your network in order to identify all of the SQL Server/MSDE installations in your enterprise. It includes all known means of SQL Server/MSDE discovery into a single tool which can be used to discover servers on your network so you can properly secure them or let the administrator know about the same.
These are the features of SQLRecon:
Multi-threaded scanning engine6 Active scanning techniques2 Stealth scanning techniquesIP Range scanningIP List scanningExport results as XML or text fileExport IP list for use in future scans (i.e. Passive to Active)ICMP check to increase scan speedDebug mode to allow for greater scan visibilityAllows alternate credentialsCustom source port for UDP packets for firewall evasionSQLRecon needs .NET Framework v1.1 to be installed on Microsoft Windows 2000, Windows XP or Windows 2003. It can also work withouth the .NET Framework. But, it is advisable that you use the .NET Framework version.
A sample screenshot of SQLRecon:
It can scan the network using the following techniques:
- UDP (by probing UDP 1434)
- REG (checking remote registry)
- WMI: (initiating a WMI query)
- TCP: (port scaning TCP 1433[default TCP port for SQL Server and MSDE]/2433 ['Hide server port']
- SCM: (querying the service control manager)
- SA: (access the SQL Server instance with a blank password)
- BRO: (checking the browser service for SQL Server registration)
- AD: (querying Active Directory for registered SQL Servers)
Download the version that needs the .NET Framework & which does not need the .NET Framework.
Related External Links
Searches leading to this post:
sqlrecon,
scan network sql servers
If you enjoyed this article, you might also like:
- July 1, 2010 -- UPDATE: Bsqlbf v2.6!
This update is huge for all Bsqlbf lovers like us! Bsqlbf is updated about which, we have talked in ... - May 9, 2010 -- UPDATE: SQLNinja 0.2.5!
Seems like eternity now since our last post about SQLNinja here! Almost after two years since the pr... - April 16, 2010 -- UPDATE: bsqlbfv2.5!
bsqlbf is updated about which, we have talked in detail here"bsqlbf is a perl script that allows... - February 20, 2009 -- SQLNinja: A SQL Injector!
Only some tools are as great as SQLNinja, when it comes to web application penetration testing. Sqln... - September 2, 2010 -- UPDATE: Laudanum 0.2!
You can find our first post regarding Laudanum here. Now, the author has updated the tool to Laudanu... - August 30, 2010 -- NodeZero Linux: Penetration Testing Live DVD!
NodeZero is Ubuntu based linux designed as a complete system which can also be used for penetration ... - August 16, 2010 -- PenTestIT Post Of The Day: Obfuscated SQL Injection attacks!
Today, we have a post from the Tales from the SANS Diary by Mr. Manuel Humberto Santander Pelaez! ... - August 16, 2010 -- UPDATE: RIPS v0.32!
New and updated version of RIPS v0.32 is out and ready for action. You can find our first post regar... - August 5, 2010 -- BinPack: A Portable Security Environment for Windows!
BinPack is a portable security environment for Windows. The disc contains a portable security enviro...
Tagged as: BSQL Hacker, BSQLBF, SQL Injection, SQLNinja, SQLRecon
Comments on this entry are closed.