||SQL Server Tips by Burleson
Many tools are available that can be used for auditing, monitoring
or vulnerability testing (AKA benign hacking). Reputable security
experts as well as anonymous hackers have developed tools for
testing the defenses, by analyzing or trying to break SQL Server.
Knowledge of both types of tools is important because a good defense
must consider all possible scenarios.
Here is a list of some utilities you may find helpful:
- NGSSquirrel for SQL Server. This is a vulnerability
assessment scanner. It scans SQL Servers for hundreds of
possible security threats. (NGSS Software
- NGSSQLCrack. This is a Password auditing tool. It identifies
user accounts with weak passwords that could be vulnerable to
brute force attacks. (NGSS Software)
- NGSSniff. A Sniffer for SQL Server that sorts, parses and
analyzes captured packets. (NGSS Software)
- SQLPing. Lists all SQL Servers running on a server or on an
entire network. It provides additional info: instance name,
version, clustering info, net-libs, and net-lib details. (www.sqlsecurity.com)
- SQLScan. Scans IP addresses looking for SQL Servers, with IP
list to scan, optional dictionary file and optional installation
of backdoor on vulnerable hosts. (www.securityfocus.com)
- SQLCracker and Sqldict, Dictionary password attack tools.
SQLCracker is included in SQLTools, a famous set of SQL Server
hacking tools. (http://packetstormsecurity.org)
- Sqlpoke. Scans IP addresses looking for SQL Servers with the
default sa password. (http://packetstormsecurity.org)
- Sqlbf. A brute force password attack tool.
The above book excerpt is from:
Turbocharge Database Performance with C++ External Procedures
Joseph Gama, P. J. Naughter