September 06, 2010     |
Home
FAQs
       SQL Server FAQ
       SQL Injection FAQ
       SQL Security Checklist
       SQL Server-Related Products
       SQL Server/MSDE-Based Applications
       SQL Server Version Database
Tools
       Lockdown Script
       Free Tools
       Free Analysis
       Group Policy Templates
       Commercial Tools
Community
       Discussions
       Links
About
Search
Network Toaster
SQL Security Forums
Note: SQLSecurity.com does not allow nor require registration due to privacy concerns for users. SQLSecurity.com is open and anonymous for all. Please report any abuse or profanity.
Reply To Message:
Posted By n/a on 2/20/2006 7:46:00 PM
Subject:
Message: The user list and password lists are simply text files with lists of user names and password that you'd like to attempt to use to access the SQL Server instance. The size of those files depends on how comprehensive you want the scans to be.

SQLRecon will find more instances that SQLPing because it uses multiple discovery techniques -not just a UDP 1434 discovery packet like SQLPing. If you're trying to find SQL Servers - use SQLRecon. If you're trying to test a SQL Server for weak passwords - use SQLPing2 or any of the other tools (SQLbf, etc) that test for weak SQL passwords.
UserName: 
Subject:  sql server2000(Chip Andrews)
Body:
  
Show Replies:


ActiveForums 3.6
Copyright 1999 by Chip Andrews   |  Privacy Statement  |  Terms Of Use