Author Topic: Locate and Attack Domain SQL Servers without Scanning (Read 425 times)

Axon · « **on:** June 11, 2014, 10:23:33 pm »

In short, the author uses a PowerShell script that uses Service Principal Name (SPN) records from Active Directory to identify and attack SQL Servers on Windows domains without having to perform discovery scanning.
https://www.netspi.com/blog/entryid/228/locate-and-attack-domain-sql-servers-without-scanning

Nero · « **Reply #1 on:** June 12, 2014, 03:18:49 am »

Lol if I'm understand what you are saying correctly, you could use a Google dork to list some vulnerable SQL files.

But I get what you mean. I'll try it later.

luverose · « **Reply #2 on:** June 12, 2014, 03:48:51 am »

I'm not get it

kenjoe41 · « **Reply #3 on:** June 25, 2014, 11:43:43 am »

Fools, he didn't mean a crooked vulnerable sql database-files. The very intent of this is to dodge this and go straight for the domain server, can't be a better choice sometimes since some admins sluck at updating anything except the web server.

It isn't meant to be understood by the faint of heart, learn some assembly, parser some domain charset binaries then hook in an sql server command. tadar;;;

^don't understand that either.

EvilZone

News:

Author Topic: Locate and Attack Domain SQL Servers without Scanning (Read 425 times)

Axon

Locate and Attack Domain SQL Servers without Scanning

Nero

Re: Locate and Attack Domain SQL Servers without Scanning

luverose

Re: Locate and Attack Domain SQL Servers without Scanning

kenjoe41

Re: Locate and Attack Domain SQL Servers without Scanning