SQL Ping is a nice little command line enumerator that specifically
looks for SQL servers and requires no authentication whatsoever. It
works on all versions of SQL server up to and including 2005 and also
It is available from
Installation is just download and extract the files, it works out of the
Usage: sqlping target_ip or host_name
C:\Documents and Settings\hacker\Desktop\dg>SqlPing.exe
Chip Andrews, Michael Choi, and Rajiv Delwadia http://www.sqlsecurity.com
SQLPing is a utility for querying SQL Servers (2000+) listening on UDP
1434 to return detailed information about the instances installed. Note
that broadcast addresses may return multiple results.
As you can see from the results it pulls
back that the remote MS SQL Server is running MS SQL 2005 Express
Edition (cut down free SQL server) and also leaks its hostname SQL-2K3.