MSDAT: Microsoft SQL Database Attacking Tool
From the webpage:
MSDAT (Microsoft SQL Database Attacking Tool) is an open source penetration testing tool that tests the security of Microsoft SQL Databases remotely.
Usage examples of MSDAT:
- You have a Microsoft database listening remotely and you want to find valid credentials in order to connect to the database
- You have a valid Microsoft SQL account on a database and you want to escalate your privileges
- You have a valid Microsoft SQL account and you want to execute commands on the operating system hosting this DB (xp_cmdshell)
Tested on Microsoft SQL database 2005, 2008 and 2012.
…
As I mentioned yesterday, you may have to wait a few years until the Office of Personnel Management (OMP) upgrades to a supported version of Microsoft SQL database, but think of the experience you will have gained with MSDAT by that time.
And by the time the OPM upgrades, new critical security flaws will emerge in Microsoft SQL database 2005, 2008 and 2012. Under current management, the OPM is becoming less and less secure over time.
Would it help if I posed a street/aerial view of OPM headquarters in DC? Would that help focus your efforts at dropping infected USB sticks, malware loaded DVDs and insecure sex toys for OPM management to find?
OPM headquarters is not marked on the standard tourist map for DC. The map does suggest a number of other fertile places for your wares.