Vulnerability Development mailing list archives
Re: MS-SQL banners
From: -l0rt- <simon () snosoft com>
Date: Thu, 4 Apr 2002 10:35:54 -0500 (EST)
What is this for? -l0rt- http://www.snosoft.com --------------------------------------------------------------------- That file you've been guarding, isn't. --------------------------------------------------------------------- On Wed, 3 Apr 2002 nicob () nicob net wrote:
Hi ! I'm actually collecting the differents strings send by MS-SQL servers during the authentification phase. I want to collect as much banners as possible, for differents versions (6.5, 7.0, 2K, ...) and languages (french, spanish, english, japanese, ...). If you want to help me, you just have to download a Perl script [1] from my website and then run it against your MS-SQL server. Usage : mssql-banner.pl adresse_IP user password (code ripped from Roelof Temmingh's senseql.pl) The (edited) output from one of my test machine is : 8<----------------------[snip]---------------------------------------------- D:\>perl mssql-banner.pl 192.168.1.38 sa "wrong_passwd" Testing : .... Login failed for user 'sa' ..... D:\>perl mssql-banner.pl 192.168.1.38 sa "good_passwd" Testing : ... Changed database context to 'master'..... 8<---------------------[/snip]---------------------------------------------- The best way to send me easily exploitable results is : - test with an invalid user/passwd combo, redirecting the output to a file - test with an valid user/passwd combo, redirecting the output to the same file - rename the file to $version-$language.txt and send me the file, *without* editing it Exotic languages/versions velcome ! Note : a Win32 Perl2EXE'd version is available at [2] [1] : http://nicob.net/mssql-banner.pl [2] : http://nicob.net/mssql-banner.exe Thanks in advance, Nicob
Current thread:
- MS-SQL banners nicob (Apr 03)
- Re: MS-SQL banners -l0rt- (Apr 04)
- Re: MS-SQL banners Nicolas Gregoire (Apr 05)
- Re: MS-SQL banners -l0rt- (Apr 04)