![]() ![]() ![]() When pen testing mssql we want to know what those ports are so we can bang against them. For multiple reasons, like load balancing, mssql can listen on multiple ports. Next let’s talk about looking for other ports that mssql may be listening on. There are other ways of determining the version of sql server without authenticating but to me nmap is the best solution. ![]() Knowing the version is very important because different versions of SQL Server provide different security features and also have different vulnerabilities. So you’ll notice in the output nmap is reporting the version of mssql to be SQL Server 2005 which is correct in this case. OS details: Microsoft Windows Server 2003 SP1 or SP2 Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Starting Nmap 5.59BETA1 ( ) at 09:19 ESTġ433/tcp open ms-sql-s Microsoft SQL Server 2005. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |