How To Detect the Presence of an SQL Server

Before rushing to implement an attack at an SQL server, it would be desirable to determine whether it is present and, ideally , to determine its type. If the server is located within the DMZ (although it should not be located there under any circumstances), then it is enough to scan its ports (Fig. 28.3). Ports tracked by various SQL server implementations are listed in Table 28.2.

image from book
Figure 28.3: MySQL server tracks port 3306
Table 28.2: Ports tracked by different database servers

Port

Server

1433

Microsoft SQL Server

1434

Microsoft SQL Monitor

1498

Watcom SQL

1525

Oracle

1527

Oracle

1571

Oracle Remote Data Base

3306

MySQL



Shellcoder's Programming Uncovered
Shellcoders Programming Uncovered (Uncovered series)
ISBN: 193176946X
EAN: 2147483647
Year: 2003
Pages: 164

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net