SQL SERVER的安全测试
在一次给客户做安全方案的设计的时候,对方提出一个请求希望我们可以实践攻击下他们的网络以验证是不是实在存有安全漏洞,在得到客户许可今后我远程对他的网络进行了一次匿名的扫描嗅探,报告很快就出来了很简单SQLSERVER的管理员口令为空任何人都可以远程登陆过去连接,我仍是依照常规想利用CMDSHELL这个扩展的存储进程去履行一些工具才发现本来有点不一样了......SQLSERVER的安全测试.pdf
(When designing a security solution for a client, the other party made a request that we could actually attack their network to verify whether there is a security loophole. Scanning and sniffing, the report came out soon. It is very simple. The administrator password of SQLSERVER is empty. Anyone can log in remotely and connect in the past. I still want to use the extended stored process of CMDSHELL to execute some tools according to the routine. Not the same...
SQLSERVER security test.pdf)
页:
[1]