Enterprise Server security Test SQL Server weak password test

For the enterprise, the importance of the server is self-evident. So administrators tend to maintain the stability and efficiency of the server as their work goals, but the security of the server is often considered less, at least for some administrators.

Recently, the author of a server security test, the following test process to write down, I hope to have some inspiration.

Test tools:

1.S Scanner (a scanning tool under a very fast multithreaded command line)

2.SQL Landing Device

3.DNS Overflow Tool

4.cmd (Microsoft Command line tool)

4.scansql.exe (SQL weak password scan tool)

SQL Server weak password test

1. Why:

SQL Server is the preferred database system for many small and medium-sized enterprises, institutions, due to the negligence of some administrators or weak security awareness, always with the database default User sa login database, and the use of the default blank password or set the password.

2. Test:

Taking the author's native IP as the center, a random IP segment was selected for testing.

Step one: Run the S scanner at the command prompt and enter an IP segment:

S SYN 61.178.*.1 61.178.*.254 1433 scans to 13 ports that have a 1433 port open. (Figure 1)