Hi Juan
If openrowset is enabled then it's possible to attack with a wordlist.
This was disabled by default after sql server 2000 though, so it'd have to
be enabled.
Chris
On 20 July 2012 12:14, juan molina <j.molina04...@gmail.com> wrote:
> there is a way for bruteforce the SA password using SQL INJECTION?
>
> this is the Scenario. it is a DataBase Server (Sql Server 2008) without
> access to the internet (it has the 1433 port blocked),
> the current user is a normal user (low privileges User). cannot get SA
> hash password.
>
> the question is, is there any tool or code or way to bruteforce the SA
> password? without direct access to the Sql Server?
>
> It is a request for add this functionality to SQLMAP, I don't know if is
> possible.
>
> Thanks.
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
