by r0t,der4444,cembo,VietMafia

Sunday, August 28, 2005

SQL Toolz

Shodienas vakars veltits SQL :)

Paka ar sql tooliem , par tas saturs:

SQLPingv1.1

Description:
SQLPing can be used to discover detailed information about the connectivity of SQL Server 2000 installations without authentication of any kind. Great tool to track down rogue SQL Server 2000 boxes on your networks or on the Internet - by Chip Andrews (source included)

Vulnerability Scan Script

Description:
This is a vulnerability scanning script submitted by Carlos Perez. It scans your SQL Server instance looking for misconfigurations or insecure settings that you should investigate.

SQLRecon 1.0

Description:
SQLRecon performs both active and passive scans of your network in order to identify all of the SQL Server/MSDE installations in your enterprise. Due to the proliferation of personal firewalls, inconsistent network library configurations, and multiple-instance support, SQL Server installations are becoming increasingly difficult to discover, assess, and maintain. SQLRecon is designed to remedy this problem by combining all known means of SQL Server/MSDE discovery into a single tool which can be used to ferret-out servers you never knew existed on your network so you can properly secure them. .NET Framework v1.1 Required. (Note: Due to .NET policy restrictions on most computers, you'll need to execute the sqlrecon.exe program from a local drive in order to get the full functionality) Documentation available at: http://www.specialopssecurity.com/labs/sqlrecon

DTS Password Decryptor

Description:
DTSConnPass - utility to decrypt DTS package Connection passwords.

SQLPing.NET 1.3 Beta

Description:
This is a pre-release of the 1.3 version of SQLPing for .NET. The new feature added to this version is the capability to determine the actual ssnetlib.dll SQL Server version rather than simply the base version as previous SQLPing editions reported. While not SQLPing's fault (the SQL Resolution Service reports only the base version), this version attempts to rectify that limitation by initiating a connection to the SQL Server. Note that no authentication is needed. Feedback welcome.

SQLVer

Description:
Determines ssnetlib.dll version of SQL Server without the need to log into the server. Uses techniques from SQLPing.NET 1.3 beta but does not actually use the UDP 1434 packet for enumeration. This tool simply connects to the specified TCP port and gets to work! C# Source included. Requires .NET framework.

SQLPing 2

Description:
GUI Version of SQLPing that also includes IP range scanning and brute forcing password checking. Want good fun? On a large development network, put in the network broadcast address in the discovery form. How many SQL Servers can you find? by Chip Andrews. Thanks to Beth Breidenbach and Joseph Kowtko for contributing the IP list functionality. Warning: SQL Server returns only the base version in its SQL Resolution packet. SQLPing shows this info as received. It is not the TRUE version. Updated 3/2/04 for more speed, better output, and adjustable scan wait times.

SQLPing.NET

My .NET port for the 1.2 version of SQLPing. Source included. Written in C#. by Chip Andrews

sp_password.sql

Modified sp_password stored procedure (tested for SQL 7 - not 6.5) that checks for password strength when changing passwords. Make sure to create a user-defined alert #50001 to display your error. This is proof-of-concept code - not a recommended implementation. by Chip Andrews


sqlbf.zip

SQL Server password brute forcing tool by xaphan. Usage: Usage: sqlbf [ODBC NetLib] [IP List] [User list] [Password List] ODBC NetLib : T - TCP/IP, P - Named Pipes (netBIOS) IP list - text file containing list of IPs to audit User list - text file containing list of Usernames Password List - text file containing list of passwords


audit.sql

Quick little script to check all of your user accounts for weak passwords if you have created a dictionary file somewhere on your server. (see dict.zip)


sp_decrypt_7.sql

Description:
Stored Procedure for SQL Server 2000 that will decrypt encrypted stored procs from a SQL 7 installation. by Jimmers

version.sql

Description:
SQL Script by Ken Klaft to get the exact patch level of a SQL Server by querying the version number. Easily scriptable to allow you to check your entire network for compliance.

DTSRunDec

Description:
Tool by Jimmers to decrypt DTSrun parameters.

SQL Shield

Description:
SQL Shield is a built-in tool for MSSQL 7, 2000 and MSDE servers that claims hacker-proof encryption for triggers, views and procedures. None of the currently available SQL decryptors are capable of cracking SQL Shield encryption.


XP_CRYPT

Description:
Easy-to-use, affordable, and effective security solution for encrypting column and row data in MSSQL Server and Oracle

Websleuth

Description:
Pluggable Web Application Scanner with a plug-in for SQL Injection testing. Useful for spider-ing sites, testing forms, and general application-layer mayhem.


Extended Stored Proc Removal and Restore Scripts

Description:
Scripts to remove and later restore dangerous extended stored procedures (usually to install service packs). by Mark Hatfield and Mohammed Alam of Shavlik Technologies (www.shavlik.com)

forceSQL

Description:
SQL Server password brute force tool that can be used with or without a dictionary. by Nilesh Burghate http://www.nii.co.in/tools.html

sql2kpwdtools.zip

Description:
This is a SQL Server 2K Stored Proc Decrypter + some additional tools. Submitted by Joseph Gama with some additional code from Mark Litchfield and Chris Anley of NGSSoftware.

decrypt_odbc_sql.txt

Description:
Stored proc to decrypt ODBC obfuscated data. When using {Encrypt N'text'} ODBC function to "encrypt" data (what a joke), this routine will allow you to reverse the process. by jimmers

sqllhf.zip

Description:
SQL Server Brute Forcing tool featuring a scriptable command-line interface, scans networks larger than class C, and IP list support. by Matthew Wagenknecht

sqlpoke.zip

Description:
Used to scan a range of IP addresses for SQL Servers and then execute a predefined script. Could be used to track down SQL Servers in your own organization and ensure they stay locked down. - by xaphan

sqldict.zip

Description:
Brute-force SQL Server password utility. Good for auditing SQL Server passwords in your organization. Don't use this power for evil - by Arne Vidstrom.

dict.zip

Description:
Sample dictionary file to be used for password strength testing. . Create a table called 'dict' with one field (varchar(128) should do since that's the maximum size of a standard security password in SQL 7) called 'word' and then do a 'BULK INSERT dict from 'c:\myfile.txt'. You may need to use special switches on the BULK INSERT depending on your text file - check BOL if you need help.

mcpscripts.zip

Description:
Script files from my June 2000 MCP Magazine article on constructing your own log-based Intrusion Detection System. by Chip Andrews

sql7-lib.txt

Description:
Snort ruleset for SQL Server monitoring by Todd Garrison

HFNetChk

Description:
Excellent tool for determining hotfix and service pack levels. From Microsoft and Shavlik.

spdecrypt.zip

Description:
Decrypt SQL Server 7.0 stored procedures by David Daniels

sql2k_spcrypto.txt

Description:
Decrypt SQL Server 2000 stored procedures from Bugtraq post by shoeboy



Shos visus toolus varat novilkt sheit:
  • sqlsecurity


  • Vai nu sheit, praktiski visu komplektu
  • 1 Comments:

    Anonymous spot forex rules and regulations told...

    Blogger, here is some interesting forex and forex software related information. If you are interested in forex trading and forex software you will find the site useful.

    Best of luck.

    2:14 PM

     

    Post a Comment

    << Home

     
    Copyright (c) 2006 Pridels Sec Crew