ForceSQL

ForceSQL is a MS SQL Server password brute force tool that can be used with or without a dictionary.

It is available from here.

Execution:

Dictionary Attack:

forceSQL.exe [IP] [UserName] -d
 

Brute-force attack:

forceSQL.exe [IP] [UserName] -b [Length]
 

Note: - Length - max length of password
 

Expected output:

C:\forcesql>forceSQL.exe 200.100.100.175 sa -d

Connecting to Server...Connected
Checking passwords...
Error connecting SQL Server Error connecting SQL Server Error connecting SQL Server Error connecting SQL Server Error connecting SQL Server
Finished searching dictionary
5 passwords tried, in 5.00 seconds
Average passwords tried per second: 1.00

I was a little concerned with the output from this tool, not only did it take a long time but it didn't get the password already included in my wordlist that I supplied it.  Together with this I used the tool against a MS SQL 7 no Service pack!

I would be a little wary using this tool.