by r0t,der4444,cembo,VietMafia

Sunday, August 28, 2005

SQL Toolz

Shodienas vakars veltits SQL :)

Paka ar sql tooliem , par tas saturs:


SQLPing can be used to discover detailed information about the connectivity of SQL Server 2000 installations without authentication of any kind. Great tool to track down rogue SQL Server 2000 boxes on your networks or on the Internet - by Chip Andrews (source included)

Vulnerability Scan Script

This is a vulnerability scanning script submitted by Carlos Perez. It scans your SQL Server instance looking for misconfigurations or insecure settings that you should investigate.

SQLRecon 1.0

SQLRecon performs both active and passive scans of your network in order to identify all of the SQL Server/MSDE installations in your enterprise. Due to the proliferation of personal firewalls, inconsistent network library configurations, and multiple-instance support, SQL Server installations are becoming increasingly difficult to discover, assess, and maintain. SQLRecon is designed to remedy this problem by combining all known means of SQL Server/MSDE discovery into a single tool which can be used to ferret-out servers you never knew existed on your network so you can properly secure them. .NET Framework v1.1 Required. (Note: Due to .NET policy restrictions on most computers, you'll need to execute the sqlrecon.exe program from a local drive in order to get the full functionality) Documentation available at:

DTS Password Decryptor

DTSConnPass - utility to decrypt DTS package Connection passwords.

SQLPing.NET 1.3 Beta

This is a pre-release of the 1.3 version of SQLPing for .NET. The new feature added to this version is the capability to determine the actual ssnetlib.dll SQL Server version rather than simply the base version as previous SQLPing editions reported. While not SQLPing's fault (the SQL Resolution Service reports only the base version), this version attempts to rectify that limitation by initiating a connection to the SQL Server. Note that no authentication is needed. Feedback welcome.


Determines ssnetlib.dll version of SQL Server without the need to log into the server. Uses techniques from SQLPing.NET 1.3 beta but does not actually use the UDP 1434 packet for enumeration. This tool simply connects to the specified TCP port and gets to work! C# Source included. Requires .NET framework.

SQLPing 2

GUI Version of SQLPing that also includes IP range scanning and brute forcing password checking. Want good fun? On a large development network, put in the network broadcast address in the discovery form. How many SQL Servers can you find? by Chip Andrews. Thanks to Beth Breidenbach and Joseph Kowtko for contributing the IP list functionality. Warning: SQL Server returns only the base version in its SQL Resolution packet. SQLPing shows this info as received. It is not the TRUE version. Updated 3/2/04 for more speed, better output, and adjustable scan wait times.


My .NET port for the 1.2 version of SQLPing. Source included. Written in C#. by Chip Andrews


Modified sp_password stored procedure (tested for SQL 7 - not 6.5) that checks for password strength when changing passwords. Make sure to create a user-defined alert #50001 to display your error. This is proof-of-concept code - not a recommended implementation. by Chip Andrews

SQL Server password brute forcing tool by xaphan. Usage: Usage: sqlbf [ODBC NetLib] [IP List] [User list] [Password List] ODBC NetLib : T - TCP/IP, P - Named Pipes (netBIOS) IP list - text file containing list of IPs to audit User list - text file containing list of Usernames Password List - text file containing list of passwords


Quick little script to check all of your user accounts for weak passwords if you have created a dictionary file somewhere on your server. (see


Stored Procedure for SQL Server 2000 that will decrypt encrypted stored procs from a SQL 7 installation. by Jimmers


SQL Script by Ken Klaft to get the exact patch level of a SQL Server by querying the version number. Easily scriptable to allow you to check your entire network for compliance.


Tool by Jimmers to decrypt DTSrun parameters.

SQL Shield

SQL Shield is a built-in tool for MSSQL 7, 2000 and MSDE servers that claims hacker-proof encryption for triggers, views and procedures. None of the currently available SQL decryptors are capable of cracking SQL Shield encryption.


Easy-to-use, affordable, and effective security solution for encrypting column and row data in MSSQL Server and Oracle


Pluggable Web Application Scanner with a plug-in for SQL Injection testing. Useful for spider-ing sites, testing forms, and general application-layer mayhem.

Extended Stored Proc Removal and Restore Scripts

Scripts to remove and later restore dangerous extended stored procedures (usually to install service packs). by Mark Hatfield and Mohammed Alam of Shavlik Technologies (


SQL Server password brute force tool that can be used with or without a dictionary. by Nilesh Burghate

This is a SQL Server 2K Stored Proc Decrypter + some additional tools. Submitted by Joseph Gama with some additional code from Mark Litchfield and Chris Anley of NGSSoftware.


Stored proc to decrypt ODBC obfuscated data. When using {Encrypt N'text'} ODBC function to "encrypt" data (what a joke), this routine will allow you to reverse the process. by jimmers

SQL Server Brute Forcing tool featuring a scriptable command-line interface, scans networks larger than class C, and IP list support. by Matthew Wagenknecht

Used to scan a range of IP addresses for SQL Servers and then execute a predefined script. Could be used to track down SQL Servers in your own organization and ensure they stay locked down. - by xaphan

Brute-force SQL Server password utility. Good for auditing SQL Server passwords in your organization. Don't use this power for evil - by Arne Vidstrom.

Sample dictionary file to be used for password strength testing. . Create a table called 'dict' with one field (varchar(128) should do since that's the maximum size of a standard security password in SQL 7) called 'word' and then do a 'BULK INSERT dict from 'c:\myfile.txt'. You may need to use special switches on the BULK INSERT depending on your text file - check BOL if you need help.

Script files from my June 2000 MCP Magazine article on constructing your own log-based Intrusion Detection System. by Chip Andrews


Snort ruleset for SQL Server monitoring by Todd Garrison


Excellent tool for determining hotfix and service pack levels. From Microsoft and Shavlik.

Decrypt SQL Server 7.0 stored procedures by David Daniels


Decrypt SQL Server 2000 stored procedures from Bugtraq post by shoeboy

Shos visus toolus varat novilkt sheit:
  • sqlsecurity

  • Vai nu sheit, praktiski visu komplektu

    Anonymous spot forex rules and regulations told...

    Blogger, here is some interesting forex and forex software related information. If you are interested in forex trading and forex software you will find the site useful.

    Best of luck.

    2:14 PM


    Post a Comment

    << Home

    Copyright (c) 2006 Pridels Sec Crew