Penetration Testing SQL server

Penetration Testing SQL server

SQL Server is a relational database management system from Microsoft, which is used as a central location to save and obtain data needed for applications. It uses Structured Query Language (SQL) for queries that store or retrieve data. SQL Server began in 1989 with the cooperation of Sysbase, Ashton-Tate, and Microsoft, and at the time was very close to Sysbase SQL Server 3.0 for Unix. Sysbase and Microsoft later went in separate directions creating their own SQL servers, with Sysbase renaming its product to Adaptive Server Enterprise.
SQL Server is available in numerous editions for specific purposes. Some of these editions include Standard, Data Center, Enterprise, Express, Web, Workgroup, Azure (cloud-based), Compact, Developer, Fast Track, and more.

On this post, I am going to guide you how to Penetration Testing SQL server.

Lab

  • Attacker machine:  Kali Linux
  • Victim machine: Microsoft SQL Server – IP 192.168.1.3

Demo