Anitian does these a lot, as we have a lot of expertise on hacking infrastructure devices. This type of attack is known as a man-in-the-middle (MITM) attack. This was nearly identical to the setup I had at the client site. All of these systems are on the same subnet, simulating an attacker on the internal network. My attack machine was a relatively new installation of Kali 2.0 Linux. The client machine was a Windows 10 system running MSSQL Management Studio 2014. For my investigation, I was running MSSQL Server 2014 Express on Windows Server 2012 R2. What I found was that with a little packet hacking, I could take control of a Microsoft SQL Server box without having any stolen credentials using a Man in the Middle style attack.īack in my lab, I began to research this more. Was there a way to attack an SQL Server box without any credentials? I decided to take my hypothesis to the lab and try some experiments. However, I could not help thinking I was on to something. So, I had to set my curiosity aside for the time being and complete the penetration test for the client. Unfortunately, for this particular client engagement, cracking SQL Server encryption was beyond the scope of the project.
If the installation uses a self-signed certificate, that is fairly easy to crack.
However, MSSQL encrypts login traffic which meant I would have to crack the encryption to get credentials. At first, I thought this might be a way to capture some authentication credentials. During a recent penetration test, I was hacking away at some packet captures and noticed unencrypted Microsoft SQL Server (MSSQL) traffic.
0 kommentar(er)
