SQLDict

Now that I know something about the SQL environment, may be I can gain access to that SQL system. For every SQL installation, SQL server created the default system administrator account, sa with the default blank password. Many times due to sloppy control or ignorance, the default blank password was not converted to a strong password. You can simply fire up the Query Analyzer (isqlw.exe). Put in the SQL server’s IP address with an user name of sa and a blank password, bang you are in the SQL server with full system administrator authority! What happen if there is a password associated with sa. Well, there is a program called SQLDict which will employ a dictionary attack against a single user account. In this case, it the sa account! SQLDict written by Arne Vidstrom is a GUI program. Nothing fancy but simply a brute force password breaking utility using a dictionary of popular passwords. As illustrated in the image below by SQLDict, SQL hacking is now a point and click operation. If one server is exposed, it is just matter of time before your whole organization is compromised.
This makes SQLPing2 a full pledge hacking tool now. This test run was done using 11 user ids, and 29,157 passwords. Because I have a strong password, Thank God, the password was not revealed. Another interesting utility is called SQLPOKE written by xaphan. SQLPoke does not use brute force password breaking technique but merely look for SQL server with account sa and a blank password. It has an added twist here. It can execute up to 32 commands. The consequence is unbelievable if you allow that to execute! C:\SQLTOOLS>SQLPOKE 192.168.2.220 192.168.2.225 1433 (Script to Alert Hacker or plant Trojan)So this is clearly a wakeup call to the administrator! This is only the beginning and there are many different ways to attack an SQL server. After I experimented with SQLPing, SQLDict, SQLPoke and other software, I realized how important it is to have your SQL server secured, firewall properly configured, your system patched with up to date hotfixes. Don’t let your guard down, or else you have an unwanted visitor in your backyard!