Exploit Next Generation SQL Fingerprint (ESF) – MS-SQL Server Fingerprinting Tool

Use Netsparker


SQL Server fingerprinting can be a time consuming process. It involves a lot many trial and error methods to fingerprint the exact SQL Server version. Intentionally inserting an invalid input to obtain a typical error message or using certain alphabets that are unique for a certain server are two of the ways to possibly fingerprint a server.

We have featured some other database-fingerprinting tools before such as SQLmap the automated SQL injection tool, which also carries out fingerprinting and the Microsoft SQL Server Fingerprint Tool aimed specifically at MS-SQL installs similar to ESF.

The Exploit Next Generation SQL Fingerprint (ESF) is a powerful tool which performs version fingerprinting for:

  • Microsoft SQL Server 2000;
  • Microsoft SQL Server 2005; and
  • Microsoft SQL Server 2008.

The Exploit Next Generation SQL Fingerprint uses well-known techniques based on several public tools that are capable to identify the Microsoft SQL Server version (such as: SQLping and SQLver), but, instead of showing only the “raw version” (i.e., Microsoft SQL Version 10.00.2746), the Exploit Next Generation SQL Fingerprint shows the mapped Microsoft SQL Server version (i.e., Microsoft SQL 2008 SP1 (CU5)).


The strengths of Exploit Next Generation SQL Fingerprint are:

  • It uses both TCP and UDP protocols to determine the Microsoft SQL Server version, making it much more reliable than any other public or commercial tool.
  • It is capable to identify multiple Microsoft SQL Server instances and their TCP communication ports.
  • It does not require any authentication method to identify the Microsoft SQL Server version.
  • It uses probabilistic algorithm to identify the Microsoft SQL Server version, combining both TCP and UDP fingerprint.

The Exploit Next Generation SQL Fingerprint can also be used to identify vulnerable/unpatched Microsoft SQL Server version, and it is based on some techniques used by Exploit Next Generation Compliance Methodology to perform automated penetration testing.

SQL Server fingerprinting is necessary before performing any kind of penetration testing on database server and if you find its Microsoft SQL Server then this tool will surely help identifying granular level findings to further exploit database.

You can download ESF v1.10 here:

ESF.exe

Or read more here.

Posted in: Database Hacking, Hacking Tools, Windows Hacking

, , ,


Latest Posts:


Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.
testssl.sh - Test SSL Security Including Ciphers, Protocols & Detect Flaws testssl.sh – Test SSL Security Including Ciphers, Protocols & Detect Flaws
testssl.sh is a free command line tool to test SSL security, it checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more.
Four Year Old libSSH Bug Leaves Servers Wide Open Four Year Old libssh Bug Leaves Servers Wide Open
A fairly serious 4-year old libssh bug has left servers vulnerable to remote compromise, fortunately, the attack surface isn't that big as neither OpenSSH or the GitHub implementation are affected.
CHIPSEC - Platform Security Assessment Framework CHIPSEC – Platform Security Assessment Framework For Firmware Hacking
CHIPSEC is a platform security assessment framework for PCs including hardware, system firmware (BIOS/UEFI), and platform components for firmware hacking.


Comments are closed.