Three popular SQL database services that are often found in small, medium, and large network environments are Microsoft SQL Server, Oracle, and MySQL, accessible through the following network ports: ms-sql 1433/tcp ms-sql-ssrs 1434/udp ms-sql-hidden 2433/tcp oracle-tns 1521/tcp oracle-tns-alt 1526/tcp oracle-tns-alt 1541/tcp mysql 3306/tcp In this half of the chapter, I discuss the remote enumeration, brute-force password-grinding, and process-manipulation attacks you can launch to gain access to these database services. |