Nmap Development mailing list archives
Re: Microsoft SQL Server fingerprints for SQL 2000 and 2005
From: Fyodor <fyodor () insecure org>
Date: Thu, 10 Jan 2008 16:47:23 -0800
On Tue, Jan 08, 2008 at 06:54:02PM -0600, Tom Sellers wrote:
Based on the feedback from Doug and Fyodor I have generated a probe/match set for Microsoft SQL Server 2000 and 2005. MS SQL Server's response to the probe includes the major and minor software revision in hex.
Thanks Tom. These are looking pretty good! One nit is that the version information should be in v// and not the program name (p//) field. Maybe including the year in the product name is OK (e.g. Microsoft SQL Server 2005), but the build number and SP should probably be in v// or i// fields as appropriate. See http://insecure.org/nmap/vscan/vscan-fileformat.html#vscan-db-match .
\x09\x00\x0b\xe2 ^ ^ ^^ ^^ | | Build number in hex - 0be2 = 3042 | | | Spacer? (Its in every version) Major Revision = 9. Software revision is 9.00.3042 This is where the hex to decimal conversion would be handy as nmap could identify the base version, 2000 or 2005, and then toss the specific build into an info string.
I'm not opposed to having such a conversion. Doug can decide what is best, because he does most of the nmap-service-probes work. My mail on the topic was just intended to note some potential issues. If we add a new converter, we should make it reasonably general. For example, to do the above you need to be able to handle 1-byte and 2-byte long numbers. And we should be able to do 4-byte numbers too.
If it would be more efficient, the major version match lines can be added and I will look into creating a lua script that will query the port, extract the version and generate detailed information.
In general, anything that can be done in version detection is more efficient than doing it in NSE. But NSE is more powerful and so you need to use it for more complex cases. Cheers, -F _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Microsoft SQL Server fingerprints for SQL 2000 and 2005 Tom Sellers (Jan 08)
- RE: Microsoft SQL Server fingerprints for SQL 2000 and 2005 Thomas Buchanan (Jan 08)
- Re: Microsoft SQL Server fingerprints for SQL 2000 and 2005 Tom Sellers (Jan 09)
- Re: Microsoft SQL Server fingerprints for SQL 2000 and 2005 Fyodor (Jan 10)
- Re: Microsoft SQL Server fingerprints for SQL 2000 and 2005 doug (Jan 13)
- Re: Microsoft SQL Server fingerprints for SQL 2000 and 2005 Fyodor (Jan 13)
- RE: Microsoft SQL Server fingerprints for SQL 2000 and 2005 Thomas Buchanan (Feb 07)
- Re: Microsoft SQL Server fingerprints for SQL 2000 and 2005 Fyodor (Feb 07)
- RE: Microsoft SQL Server fingerprints for SQL 2000 and 2005 Thomas Buchanan (Feb 08)
- Re: Microsoft SQL Server fingerprints for SQL 2000 and 2005 Fyodor (Feb 08)
- RE: Microsoft SQL Server fingerprints for SQL 2000 and 2005 Thomas Buchanan (Jan 08)
- Re: Microsoft SQL Server fingerprints for SQL 2000 and 2005 Tom Sellers (Feb 28)
- Re: Microsoft SQL Server fingerprints for SQL 2000 and 2005 Tom Sellers (Feb 28)