SQL Pen Testing

I’m looking to pen test and audit our SQL server estate at work. Have been reading this interesting article: https://searchsqlserver.techtarget.com/tip/Password-cracking-tools-for-SQL-Server

They mention the BlackKnight list, have found a few links to it but always end up being a rapidshare link that’s now dead.

Does anyone have that list to share?

@Pencer My favorite password list is from the breached compilation. 1.4 billion entries from leaked databases. Sorted and extracted passwords out of it went from 40gigs to about 1 gig of unique sorted passwords. Scroll down to bottom oxagast post to download.


May i know how to exploit Database without “id” parameter in url for sql injection? @MoNsTeR

Thanks. That’s a good list :slight_smile:

Thank you for the wordlist !

Ummm… seems interesting.