SQLDict servers one purpose which is to brute force Microsoft SQL Server passwords. The easiest way to launch SQLDict is using the Backtrack navigation menu which launches the SQLDict.exe application using wine. The interface is easy to use as shown in the below example images.
SQLDict: MSSQL Password Bruteforce
The SQLDict application can be launched at the following three locations within the Backtrack 5 menu:
- BT5 > Information Gathering > Database Analysis > MSSQL Analysis > SQLDict
- BT5 > Vulnerability Assessment > Database Assessment > MSSQL Assessment > SQLDict
- BT5 > Privilege Escalation > Password Attacks > Online Attacks > SQLDict
Once launched you can see the three pieces of information needed to proceed with brute forcing a Microsoft SQL Server password. The information needed includes the IP address of the MSSQL Server, the username you want to bruteforce, and a wordlist to use as the password attempts. Once you have entered the necessary information click the Start button and check back until the the password is recovered or until the password list is exhausted. If you are not sure of any usernames then “sa” is a great username to start with!
SQLDict: Password List Exhausted
SQLDict: MSSQL Password Recovered
That is all there is to it. On newer versions of MSSQL you will be much more likely to be locked out of the SQL server when attempting to brute force a user account.