Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.104025 |
Category: | Nmap NSE net |
Title: | Nmap NSE net: ms-sql-xp-cmdshell |
Summary: | Attempts to run a command using the command shell of Microsoft SQL Server (ms-sql).;;The script needs an account with the sysadmin server role to work. It needs to be fed credentials;through the script arguments or from the scripts 'ms-sql-brute' or 'ms-sql-empty-;password'.;;When run, the script iterates over the credentials and attempts to run the command until either all;credentials are exhausted or until the command is executed.;;SYNTAX:;;mssql-xp-cmdshell.cmd: specifies the OS command to run.;(default is ipconfig /all);;mssql.timeout: How long to wait for SQL responses. This is a number;followed by 'ms' for milliseconds, 's' for seconds,;'m' for minutes, or 'h' for hours. Default:;'30s'.;;mssql.password: specifies the password to use to connect to;the server. This option overrides any accounts found by;the 'ms-sql-brute' and 'ms-sql-empty-password' scripts.;;mssql.username: specifies the username to use to connect to;the server. This option overrides any accounts found by;the 'ms-sql-brute' and 'ms-sql-empty-password' scripts. |
Description: | Summary: Attempts to run a command using the command shell of Microsoft SQL Server (ms-sql). The script needs an account with the sysadmin server role to work. It needs to be fed credentials through the script arguments or from the scripts 'ms-sql-brute' or 'ms-sql-empty- password'. When run, the script iterates over the credentials and attempts to run the command until either all credentials are exhausted or until the command is executed. SYNTAX: mssql-xp-cmdshell.cmd: specifies the OS command to run. (default is ipconfig /all) mssql.timeout: How long to wait for SQL responses. This is a number followed by 'ms' for milliseconds, 's' for seconds, 'm' for minutes, or 'h' for hours. Default: '30s'. mssql.password: specifies the password to use to connect to the server. This option overrides any accounts found by the 'ms-sql-brute' and 'ms-sql-empty-password' scripts. mssql.username: specifies the username to use to connect to the server. This option overrides any accounts found by the 'ms-sql-brute' and 'ms-sql-empty-password' scripts. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N |
Copyright | Copyright (C) 2011 NSE-Script: The Nmap Security Scanner; NASL-Wrapper: Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |