Category Archives: databases

Pen test and hack microsoft sql server (mssql)

All the information I’m about to go over is nothing new, I’m just trying to organize all my notes on pen testing mssql. Hopefully my notes will help others. All the commands and instructions are Linux based so keep that in mind.
The first thing you’ll need to do is discover IP addresses that have mssql […]

Fingerprinting MySQL

Determine version locally / with access
select version();
or
mysql -V
Determine version remotely
nmap -sV -p 3306 addressOfMachine
or
nc -w 1 addressOfMachine 3306
With netcat you may see weird output, example is below
nc -w 1 192.168.1.1 3306
4
4.1.20�{
jWU$PHXc,fV[J=3’hW]NL
In this case the version is 4.1.20, so you’ll have to read through the mess that is netcat output.