
======================================================================
             	          forceSQL v2.0
	        SQL Server Password Auditing Tool
	                       by
        	Network Intelligence India Pvt. Ltd.
	               http://www.nii.co.in
        	     Author - Nilesh Burghate
======================================================================

			SQL Server Password auditing tool
                         ***   forceSQL v2.0  ***

Download:
forceSQL is available for a free download at:
http://www.nii.co.in/tools.html

The features of v2.0 are:
1. Easy Command-Line Control
2. Dictionary Attack
3. Brute Force Attack
4. Much faster than v1.0

This tool just needs the IP address or machine name of the SQL Server and
the user ID that you wish to check. If you choose to brute force, enter the
characters to search for in the 'charset.txt' file and the maximum password
length at the command line (see Usage below). Also make sure to include the
dictionary file ' words.txt ' in the same place as forceSQL.exe for the
dictionary attack.

Usage :
1. For the Dictionary Attack:
        forceSQL   [IP]   [UserID]   -d
2. For the Brute Force Attack:
        forceSQL   [IP]   [UserID]   -b   [length]

New Features:
The tremendous increase in speed of v2.0 over v1.0 is because we are no
longer using any SQL/ODBC API. We spent some time figuring out the packet
structure of the authentication packet as it flows over the wire. We then
replicated the packet and used that to carry out the authentication, thus
bypassing everything else and going directly to the Network Layer. This
greatly reduced the overhead of allocating and using the SQL Handles, and
the SQL API. It now checks for 40 passwords per second depending on network
connectivity.
The second significant feature we have added is that of Brute Forcing.


Sincerely,

Nilesh Burghate
Systems Security Analyst
Network Intelligence India Pvt. Ltd.
Email: nileshb@nii.co.in
Web: www.nii.co.in
Tel: 91-22-2001530 / 2006019


======================================================================
Network Intelligence India Pvt. Ltd. is a company that believes in
independent security research.
We will continue to contribute to the security community with useful tools,
and vulnerabilities that
we find in critical software. Email us at info@nii.co.in
======================================================================