July 30, 2010     |
Home
FAQs
       SQL Server FAQ
       SQL Injection FAQ
       SQL Security Checklist
       SQL Server-Related Products
       SQL Server/MSDE-Based Applications
       SQL Server Version Database
Tools
       Lockdown Script
       Free Tools
       Free Analysis
       Group Policy Templates
       Commercial Tools
Community
       Discussions
       Links
About
Search
Network Toaster
SQL Security Forums
Note: SQLSecurity.com does not allow nor require registration due to privacy concerns for users. SQLSecurity.com is open and anonymous for all. Please report any abuse or profanity.
Forums > Discussions > SQL Server Security
Subject: security assessment sql server
Prev Next
Add Reply

Author Messages
juanb (guest)
05/06/2009 11:24 AM Quote Reply Alert 
Hi All,

for a client of mine im doing a security auditing. I ran Sql recon in his lan. the tool reported that many servers has Blank Sa password version of sql 8.00.194 so I fired up tsql from linux and issued the command:

tsql -S 10.100.1.84 -p 1433 -U SA

Local carser is Ansi_x3.4.-1968

Password: ( I just pressed enter here)

so I get in return:

server is unavailabe or does not exist.
There was a problem connecting to the server.

whats the problem? shouldnt I be able to login without a password?

thanks

Juan
Chip Andrews
Posts:113
05/15/2009 6:51 AM Quote Reply Alert 
Yes - but the error you are getting suggests another problem. Go into the the Client Network settings and make sure TCP/IP is enabled. It sounds like tsql is not able to properly identify the port and netlib settings to connect to the SQL Server.
Add Reply
Forums > Discussions > SQL Server Security > security assessment sql server
Quick Reply
Username:  
Subject:  
Body:
 



ActiveForums 3.6
Copyright 1999 by Chip Andrews   |  Privacy Statement  |  Terms Of Use