Penetration Testing mailing list archives
Re: Brute forcing a M$ SQL Server password through SQL Injection
From: Roman Medina <roman () rs-labs com>
Date: Sat, 22 Feb 2003 20:52:47 +0100
Hi, I was refering to the idea exposed in the Advanced SQL Injection paper by Chris Anley: declare @pwd nvarchar(4000), @char_set nvarchar(4000) declare @pwd_len int, @i int, @c char select @char_set = N'abcdefghijklmnopqrstuvwxyz0123456789!_' select @pwd_len = 8 select @username = 'sa' while @i < @pwd_len begin -- make pwd (code deleted) -- try a login select @query = N'select * from OPENROWSET... I have no idea on SQL server scripting, could somebody send here the complete fixed script? (with no "code deleted" tags). I also don't have clear at all how to insert such a big script through a SQL injection line (is it really possible?). I'd greatly thank you if you could help me with this too. Please, provide an example, if possible. Thanks2@ll. Regards, --Roman -- PGP Fingerprint: 09BB EFCD 21ED 4E79 25FB 29E1 E47F 8A7D EAD5 6742 [Key ID: 0xEAD56742. Available at KeyServ] ---------------------------------------------------------------------------- Do you know the base address of the Global Offset Table (GOT) on a Solaris 8 box? CORE IMPACT does. http://www.securityfocus.com/core
Current thread:
- Brute forcing a M$ SQL Server password through SQL Injection Roman Medina (Feb 19)
- Re: Brute forcing a M$ SQL Server password through SQL Injection David Litchfield (Feb 19)
- Re: Brute forcing a M$ SQL Server password through SQL Injection Roman Medina (Feb 19)
- Re: Brute forcing a M$ SQL Server password through SQL Injection Roman Medina (Feb 22)
- Re: Brute forcing a M$ SQL Server password through SQL Injection David Litchfield (Feb 19)