The Web Local





This utility has been designed to scan an single ip address or network range for MS SQL services (SQLServers, MSDE, SQL Server Express Edition etc).  Once found it will check if the sa password one of three things:


  • blank,

  • sa,

  • password.




sqllhf [options] [ip_address/ network range]

-q    doesn't ping hosts to discover.
-o    [outputfile.txt] :: dumps results to a file.
-i    [inputfile.txt] :: inputs host list from file.
-v    verbose output.
-vv   very verbose output.
-p    [passlist.txt] (dictionary audit)
-db   [SQL Instance Name] target one specific database instance.


Note: - -db only allows a scan against a single host only.

Examples syntax:

sqllhf -i hosts.txt -o results.txt
sqllhf -q
sqllhf -v
sqllhf -p passlist.txt -i hosts.txt -v
sqllhf -db kev -p passlist.txt


Expected Output:


C:\sqllhf> sqllhf.exe -p c:\common-passwords.txt


SQLLHF v3.1 - written by MattW 01-28-02
Checking for blank or easily guessable sa passwords. responded to ICMP.. Checking for SQL Service...

Checking ::: Password is password!! <---- WARNING!


Obviously an sa account with a password set to "password".


IT Security News:


Pen Testing Framework:


Latest Tool Reviews: