The Web Local





Piggy is another nice little dictionary-based attack tool for MS SQL Server.  It is command-line based and is dead easy to use and supports attacks against multiple hosts/ accounts and passwords.  Another great tool from patrik.


It is available from here.




usage: piggy [options]

the options being:
-u <username> - Single username
-p <password> - Single password
-s <server> - Single server
-S <srvfile> - File containing ip/hostnames
-D <dicfile> - File containing passwords
-A <accounts> - File containing username;password combinations
-N - Do not check availability before scan
-v verbose - Verbose logging

Expected output:

C:\piggy -u sa -p password -s

Piggy v1.0.1 by
[i] Loaded 1 dictionary items
[i] Checking server availability
Started scan against DB on ''
FOUND [SERVER=;UID=sa;PWD=password]


As you can see from the above I only used a single password attempt against the sa account, obviously if you were to conduct a dictionary based attack you would use the -D option and supply an appropriate wordlist.


IT Security News:


Pen Testing Framework:


Latest Tool Reviews: