Karim Habeeb

Karim Habeeb

penetration testing & Red teaming

sql server setup for penetration testing

1 minute read

how to install and configure MS SQL server in windows server

Requirement

Download setup file SQLEXPR_x64_ENU.exe

https://download.microsoft.com/download/4/1/A/41AD6EDE-9794-44E3-B3D5-A1AF62CD7A6F/sql16_sp2_dlc/en-us/SQLEXPR_x64_ENU.exe

Download setup file SQLManagementStudio_x86_ENU.exe

https://download.microsoft.com/download/f/e/b/feb0e6be-21ce-4f98-abee-d74065e32d0a/SSMS-Setup-ENU.exe

Configure SQL express setup

Click on installation » New SQL Server standalone installation

Getting-gz

accept the license terms

Getting-gz

Getting-gz

it will start installing SQL server Rules file on your system which takes some time

Getting-gz

Feature Selection

enabled check for

  • Database Engine service
  • SQL Server Replication
  • SQL Client Connective SDK

Getting-gz

Instance Configuration

the name and instance ID for instance of SQL server

Getting-gz

SQL Server Browser Startup type Automatic.

Getting-gz

Database Engine Configuration

  • lick on mixed mode which is a combination of both type authentication SQL Server and Windows.
  • Type your password and confirm the password for the administrator account.

Getting-gz

SQL server 2016 installation completed successfully

Getting-gz

Getting-gz

SQL server configuration manager

open the SQL server configuration manager

  • SQL server network configuration
  • protocol for SQL Express
  • tcp/ip

Getting-gz

Under IP Addresses specify TCP port 1433 tab, Click on Apply and Enable the TCP/IP.

Getting-gz

Configure SQL Management Studio setup

open 2nd downloaded application for SQL server management setup »install it

Getting-gz

Now login in to SQL Server using admin credential

Getting-gz

Right Click on SQLEXPRESS( SQL Server) and go to Facets

Getting-gz

go to General tab left side, then on the right side explore the Facet and select Surface Area Configuration

Getting-gz

select True on XPCmdShellEnabled

Getting-gz

new login account for other users.

Getting-gz

choosing SQL server authentication for this user

Getting-gz

Connect to server from windows 10

ip :192.168.128.145
user :nored0x
password:p@ssw0rd
port:1433

HeidiSQL

  • is a useful and reliable tool designed for web developers using the popular MySQL server, Microsoft SQL databases, and PostgreSQL
  • It enables you to browse and edit data, create and edit tables, views, procedures, triggers, and scheduled events.

download HeidiSQL

https://www.heidisql.com/download.php

Getting-gz

We have successfully accessed the database system of the MSSQL server

Getting-gz

I finished part 1 in sql server today waite me in the next part.