Brute forcing MS SQL passwords

System administrators and penetration testers often need to check for weak passwords as part of the organization's security policy. Nmap can help us to perform dictionary attacks against MS SQL servers.

This recipe shows how to perform brute force password auditing of MS SQL servers by using Nmap.

How to do it...

To perform brute force password auditing against an MS SQL server, run the following Nmap command:

$ nmap -p1433 --script ms-sql-brute <target>

If any valid accounts are found, they will be included in the script output section:

PORT     STATE SERVICE 
1433/tcp open  ms-sql-s 
| ms-sql-brute: 
|   [192.168.1.102:1433] 
|     Credentials found: 
|_      sa:<empty>

How it works...

MS SQL servers usually run on TCP port 1433. ...

Get Nmap 6: Network Exploration and Security Auditing Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.