I’m looking to pen test and audit our SQL server estate at work. Have been reading this interesting article: https://searchsqlserver.techtarget.com/tip/Password-cracking-tools-for-SQL-Server
They mention the BlackKnight list, have found a few links to it but always end up being a rapidshare link that’s now dead.
Does anyone have that list to share?
@Pencer My favorite password list is from the breached compilation. 1.4 billion entries from leaked databases. Sorted and extracted passwords out of it went from 40gigs to about 1 gig of unique sorted passwords. Scroll down to bottom oxagast post to download.
2 Likes
May i know how to exploit Database without “id” parameter in url for sql injection? @MoNsTeR
Thanks. That’s a good list 
Thank you for the wordlist !