Exploitation Tools

MSDAT – Microsoft SQL Database Attacking Tool

MSDAT (Microsoft SQL Database Attacking Tool) is an open source penetration testing tool that tests the security of Microsoft SQL Databases remotely.

Usage examples of MSDAT:

  • You have a Microsoft database listening remotely and you want to find valid credentials in order to connect to the database
  • You have a valid Microsoft SQL account on a database and you want to escalate your privileges
  • You have a valid Microsoft SQL account and you want to execute commands on the operating system hosting this DB (xp_cmdshell)

Tested on Microsof SQL database 2005, 2008 and 2012.

 

Features

Thanks to MSDAT (Microsoft SQL Database Attacking Tool), you can:

  • get technical information (ex: database version) of a MSSQL database without to be authenticated
  • search MSSQL accounts with a dictionnary attack
  • test each login as password (authentication required)
  • get a windows shell on the database server with
    • xp_cmdshell
  • download files remotely with:
    • OLE Automation
    • bulkinsert
    • openrowset
  • upload files on the server with:
    • OLE Automation
    • openrowset
  • capture a SMB authentication thanks to:
    • bulkinsert
    • openrowset
    • xp_dirtree
    • xp_fileexist
    • xp-getfiledetails
  • steal MSSQL hashed password, on an any MSSQL version
  • scan ports through the database:
    • openrowset
  • execute SQL requests on a remote MSSQL server trough the database (target) with:
    • bulkinsert
    • openrowset
  • list files/directories with:
    • xp_subdirs
    • xp_dirtree
  • list drives/medias with:
    • xp_fixeddrives
    • xp_availablemedia
  • create folder with:
    • xp_create_subdir

 

Installation

Some dependancies must be installed in order to run MSDAT.

In ubuntu:

sudo apt-get install freetds-dev

or download freetds on http://www.freetds.org/

sudo pip install cython colorlog termcolor pymssql argparse
sudo pip install argcomplete && sudo activate-global-python-argcomplete

Add “use ntlmv2 = yes” in your freetds configuration file (ex: /etc/freetds/freetds.conf or /usr/local/etc/freetds.conf). Example:

[global]
        # TDS protocol version
        tds version = 8.0
        use ntlmv2 = yes

Download MSDAT

About the author

Icarus

Add Comment

Click here to post a comment

Leave a Reply

Advertisement

%d bloggers like this:
000webhost logo