This chapter focuses on the remote assessment of SQL database services used in most corporate networks to facilitate rapid and effective storage and retrieval of data. If these services aren’t configured or protected correctly at both the application and network levels, they can be used to great effect to compromise networks and sensitive data.
Popular SQL database services that are often found are Microsoft SQL Server, Oracle, and MySQL, accessible through the following network ports:
ms-sql 1433/tcp ms-sql-ssrs 1434/udp ms-sql-hidden 2433/tcp oracle-tns 1521/tcp oracle-tns-alt 1526/tcp oracle-tns-alt 1541/tcp mysql 3306/tcp
Here I discuss the remote enumeration, brute-force password grinding, and process manipulation attacks you can launch to gain access to these popular database services. A useful online resource for database testing and current information is http://www.databasesecurity.com, which also includes useful details relating to less popular database services, including DB2, PostgreSQL, Informix, and Sybase.
The Microsoft SQL Server service can be found running by default on TCP port 1433. Sometimes I find that the SQL Server service is run in hidden mode, accessible via TCP port 2433 (yes, this is what Microsoft means by hidden!), or listening on high ports, and used by client software such as Symantec Backup Exec.
The SQL Server Resolution Service (SSRS) was introduced in Microsoft SQL Server 2000 to provide referral ...