More Hacking SQL Servers Without a Password

More Hacking SQL Servers Without a Password

Hacking SQL servers is fun. Early this year, I blogged about hacking SQL servers without a password. I used Ettercap to perform a man-in-the-middle attack between a Microsoft SQL server and client. Using Ettercap filters I showed how you can replace a SQL query with...
Hacking Nagios: The Importance of System Hardening

Hacking Nagios: The Importance of System Hardening

System hardening is important. Keeping systems in a hardened state is equally important.  Good hardening should not only including keeping all the patches up-to-date, but also disabling all unnecessary services. The services that are necessary, must to be configured...
Hacking Microsoft SQL Server Without a Password

Hacking Microsoft SQL Server Without a Password

During a recent penetration test, I was hacking away at some packet captures and noticed unencrypted Microsoft SQL Server (MSSQL) traffic. The syntax was unmistakable. At first, I thought this might be a way to capture some authentication credentials. However, MSSQL...

Windows GUI for nMap – WinMap

In my travels as a consulting network engineer, I frequently encounter system and network administrators who have never heard of Nmap. This surprises me since Nmap has been around a very long time and used everywhere.  Nmap is one of the tools I use most frequently....