Penetration Testing mailing list archives
Re: Brute forcing a M$ SQL Server password through SQL Injection
From: Roman Medina <roman () rs-labs com>
Date: Sat, 22 Feb 2003 20:52:47 +0100
Hi,
I was refering to the idea exposed in the Advanced SQL Injection
paper by Chris Anley:
declare @pwd nvarchar(4000), @char_set nvarchar(4000)
declare @pwd_len int, @i int, @c char
select @char_set = N'abcdefghijklmnopqrstuvwxyz0123456789!_'
select @pwd_len = 8
select @username = 'sa'
while @i < @pwd_len begin
-- make pwd
(code deleted)
-- try a login
select @query = N'select * from OPENROWSET...
I have no idea on SQL server scripting, could somebody send here the
complete fixed script? (with no "code deleted" tags). I also don't
have clear at all how to insert such a big script through a SQL
injection line (is it really possible?). I'd greatly thank you if you
could help me with this too. Please, provide an example, if possible.
Thanks2@ll.
Regards,
--Roman
--
PGP Fingerprint:
09BB EFCD 21ED 4E79 25FB 29E1 E47F 8A7D EAD5 6742
[Key ID: 0xEAD56742. Available at KeyServ]
----------------------------------------------------------------------------
Do you know the base address of the Global Offset Table (GOT) on a Solaris 8
box?
CORE IMPACT does.
http://www.securityfocus.com/core
Current thread:
- Brute forcing a M$ SQL Server password through SQL Injection Roman Medina (Feb 19)
- Re: Brute forcing a M$ SQL Server password through SQL Injection David Litchfield (Feb 19)
- Re: Brute forcing a M$ SQL Server password through SQL Injection Roman Medina (Feb 19)
- Re: Brute forcing a M$ SQL Server password through SQL Injection Roman Medina (Feb 22)
- Re: Brute forcing a M$ SQL Server password through SQL Injection David Litchfield (Feb 19)