Thanks both.
Miroslav - that's what I thought, I just wanted to make sure there was no
obvious technique I was missing out on.
Johnny - Part of the output from the tool you suggested is:
[INFO] Checking OpenRowSet availibility - please wait...
So I assume it still requires this technique.
Obviously if someone does have any techniques that can be used via SQL
injection (not interested in direct database server exposure) then give me
a shout :)
Thanks all.
Chris
On 26 April 2012 23:46, Johnny Venter <johnny.ven...@zoho.com> wrote:
> Another tool which I've used on tests is SQLiX. Although its not
> supported/updated anymore, it works fine for your purpose:
>
> https://www.owasp.org/index.php/Category:OWASP_SQLiX_Project
>
> On Apr 26, 2012, at 4:09 PM, Miroslav Stampar <miroslav.stam...@gmail.com>
> wrote:
>
> Hi Chris.
>
> To my knowledge no, but if that DBMS server is exposed you can always try
> brute forcing it directly (e.g.
> http://www.offensive-security.com/metasploit-unleashed/MSSQL_Bruter)
>
> Kind regards,
> Miroslav Stampar
>
> On Mon, Apr 23, 2012 at 10:52 PM, Chris Oakley <
> christopher.oak...@gmail.com> wrote:
>
>> Hi All
>>
>> Not directly sqlmap related, but I thought someone might have an insight
>> to help me out.
>>
>> In MS SQL Server 2005+, are there any techniques that can be used to
>> brute force the sa password assuming openrowset is not available (as is the
>> case by default) via SQL injection, or is it not possible?
>>
>> Regards
>>
>> Chris
>>
>>
>> ------------------------------------------------------------------------------
>> For Developers, A Lot Can Happen In A Second.
>> Boundary is the first to Know...and Tell You.
>> Monitor Your Applications in Ultra-Fine Resolution. Try it FREE!
>> http://p.sf.net/sfu/Boundary-d2dvs2
>>
>> _______________________________________________
>> sqlmap-users mailing list
>> sqlmap-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>
>
>
> --
> Miroslav Stampar
> http://about.me/stamparm
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
