System administrators and penetration testers often need to check for weak passwords as part of the organization's security policy. Nmap can help us to perform dictionary attacks against MS SQL servers.
This recipe shows how to perform brute force password auditing of MS SQL servers with Nmap.
To perform brute force password auditing against an MS SQL server, run the following Nmap command:
$ nmap -p1433 --script ms-sql-brute <target>
If any valid accounts are found, they will be included in the script output section:
PORT STATE SERVICE 1433/tcp open ms-sql-s | ms-sql-brute: | [192.168.1.102:1433] | Credentials found: |_ sa:karate