The Web Local



SQL Ping


SQL Ping is a nice little command line enumerator that specifically looks for SQL servers and requires no authentication whatsoever. It works on all versions of SQL server up to and including 2005 and also Express editions.


It is available from here.


Installation is just download and extract the files, it works out of the box.




Usage: sqlping target_ip or host_name


C:\Documents and Settings\hacker\Desktop\dg>SqlPing.exe

SQLPing v1.1
Chip Andrews, Michael Choi, and Rajiv Delwadia 1/29/2001

SQLPing is a utility for querying SQL Servers (2000+) listening on UDP 1434 to return detailed information about the instances installed. Note that broadcast addresses may return multiple results.




As you can see from the results it pulls back that the remote MS SQL Server is running MS SQL 2005 Express Edition (cut down free SQL server) and also leaks its hostname SQL-2K3.


IT Security News:


Pen Testing Framework:


Latest Tool Reviews: