Chapter 9. Assessing Database Services

This chapter focuses on the remote assessment of SQL database services used in most corporate networks to facilitate rapid and effective storage and retrieval of data. If these services aren’t configured or protected correctly at both the application and network levels, they can be used to great effect to compromise networks and sensitive data.

Popular SQL database services that are often found are Microsoft SQL Server, Oracle, and MySQL, accessible through the following network ports:

ms-sql          1433/tcp
ms-sql-ssrs     1434/udp
ms-sql-hidden   2433/tcp
oracle-tns      1521/tcp
oracle-tns-alt  1526/tcp
oracle-tns-alt  1541/tcp
mysql           3306/tcp

Here I discuss the remote enumeration, brute-force password grinding, and process manipulation attacks you can launch to gain access to these popular database services. A useful online resource for database testing and current information is, which also includes useful details relating to less popular database services, including DB2, PostgreSQL, Informix, and Sybase.

Microsoft SQL Server

The Microsoft SQL Server service can be found running by default on TCP port 1433. Sometimes I find that the SQL Server service is run in hidden mode, accessible via TCP port 2433 (yes, this is what Microsoft means by hidden!), or listening on high ports, and used by client software such as Symantec Backup Exec.

The SQL Server Resolution Service (SSRS) was introduced in Microsoft SQL Server 2000 to provide referral ...

Get Network Security Assessment, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.