Ok, by now you probably now how much I enjoy hacking, ehm, ehm…sorry!, pentesting. Well for this tutorial I will be pentesting MS SQL Server with SQLat, Freetds, and Cain. Database store and provide access to information and information is power. Sensitive data such as bank account numbers, credit reports, and lots of other important information can be obtained from an insecure database, in this tutorial I will try to explain basic technology about MSSQL, like default install as well as demonstrate tools and techniques that can be use to exploit MSSQL server.

Read the rest of this entry »