MS SQL Server Enumeration

• Nmap Information Gathering

  nmap -p 1433 --script ms-sql-info,ms-sql-empty-password,ms-sql-xp-cmdshell,ms-sql-config,ms-sql-ntlm-info,ms-sql-tables,ms-sql-hasdbaccess,ms-sql-dac,ms-sql-dump-hashes --script-args mssql.instance-port=1433,mssql.username=sa,mssql.password=,mssql.instance-name=MSSQLSERVER $ip

Banner grabbing and finding publicly known exploits

Bruteforce and perform other operation using following tools:

Piggy

SQLping

SQLpoke

SQLrecon

SQLver

Run following nmap scripts:

ms-sql-brute.nse

ms-sql-config.nse

ms-sql-dac.nse

ms-sql-dump-hashes.nse

ms-sql-empty-password.nse

ms-sql-hasdbaccess.nse

ms-sql-info.nse

ms-sql-ntlm-info.nse

ms-sql-query.nse

ms-sql-tables.nse

ms-sql-xp-cmdshell.nse

pgsql-brute.nse

For MYSQL default username is root and password is