Metasploit has an inbuilt module – mssql_ping – designed specifically to scan for Microsoft SQL servers on a network.
So, let’s see how it performs against my Virtual Hacking Lab.
msf > use scanner/mssql/mssql_ping
msf auxiliary(mssql_ping) > set RHOSTS ipaddress
RHOSTS => ipaddress
msf auxiliary(mssql_ping) > run
Output:
[*] SQL Server information for ipaddress:
[+] ServerName = LAB
[+] InstanceName = SQLEXPRESS
[+] IsClustered = No
[+] Version = 9.00.1399.06
[+] tcp = 1433
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
Pretty comprehensive I’m sure you’ll agree. The SQL Server name, version and the TCP port on which it is listening.
