SQLRecon: Discover SQL/MSDE installations in the network

Now a days, all applications are web facing with most of them supporting a database. This inturn makes them vulnerable to attacks like SQL injections etc. After you have found a ’suitable host’ what remains is that you know what database is the application (web) running. In such cases, you might want to try blind SQL techniques. This might get you into trouble as there are secure applications out there that will ban you after a certain number of attempts. SQLRecon will help you, to overcome this short coming.

It can perform both both active and passive scans of your network in order to identify all of the SQL Server/MSDE installations in your enterprise. It includes all known means of SQL Server/MSDE discovery into a single tool which can be used to discover servers on your network so you can properly secure them or let the administrator know about the same.

These are the features of SQLRecon:

Multi-threaded scanning engine

6 Active scanning techniques

2 Stealth scanning techniques

IP Range scanning

IP List scanning

Export results as XML or text file

Export IP list for use in future scans (i.e. Passive to Active)

ICMP check to increase scan speed

Debug mode to allow for greater scan visibility

Allows alternate credentials

Custom source port for UDP packets for firewall evasion

SQLRecon needs .NET Framework v1.1 to be installed on Microsoft Windows 2000, Windows XP or Windows 2003. It can also work withouth the .NET Framework. But, it is advisable that you use the .NET Framework version.

A sample screenshot of SQLRecon:

It can scan the network using the following techniques:

• UDP (by probing UDP 1434)
• REG (checking remote registry)
• WMI: (initiating a WMI query)
• TCP: (port scaning TCP 1433[default TCP port for SQL Server and MSDE]/2433 ['Hide server port']
• SCM: (querying the service control manager)
• SA: (access the SQL Server instance with a blank password)
• BRO: (checking the browser service for SQL Server registration)
• AD: (querying Active Directory for registered SQL Servers)

Download the version that needs the .NET Framework & which does not need the .NET Framework.

Related External Links

• BSQL Hacker – Automated SQL Injection Framework

• sqlninja – Blind SQL Injection Exploit Framework « RootSecurity

Searches leading to this post:
sqlrecon, identify msde nmap, detect msde remotely, sqlninja 1433, sql browser port msde, script remotely identify msde or sql, scan for sql server installations, perl list SQL Server Instance in network, msde tcp/ip network hide server, MSDE tcp, MSDE instance discovery, how to detect sql server in a network, discover sql, SQLRecon download

Related Posts

• February 20, 2009 -- SQLNinja: A SQL Injector!
• March 10, 2010 -- UPDATE: WebRaider v0.2.3.8!
• February 27, 2010 -- WebRaider: The One Click Ownage!
• February 25, 2010 -- PenTestIT Post Of The Day: Hacking Oracle From Web!
• February 24, 2010 -- PenTestIT Post Of The Day: Self-Inflicted SQL Injection!
• February 20, 2010 -- Heyoka: A Stealth DNS Tunneling Tool!
• February 15, 2010 -- No more and 1=1 – Sql injection testing tool
• February 4, 2010 -- UPDATE: CAT.NET 2.0 – Beta!
• January 29, 2010 -- SecuBat – A Modular Web Vulnerability Scanner!

Tagged as: BSQL Hacker, BSQLBF, SQL Injection, SQLNinja, SQLRecon