Nmap Development mailing list archives
RE: Microsoft SQL Server fingerprints for SQL 2000 and 2005
From: "Thomas Buchanan" <TBuchanan () thecompassgrp net>
Date: Tue, 8 Jan 2008 22:08:39 -0600
-----Original Message----- From: nmap-dev-bounces () insecure org [mailto:nmap-dev-bounces () insecure org] On Behalf Of Tom Sellers Sent: Tuesday, January 08, 2008 6:54 PM To: nmap-dev () insecure org Subject: Microsoft SQL Server fingerprints for SQL 2000 and 2005 Based on the feedback from Doug and Fyodor I have generated a probe/match set for Microsoft SQL Server 2000 and 2005. MS SQL Server's response to the probe includes the major and minor software revision in hex. Toward the end of the probe response the software version is encoded like this: (I hope this diagram actually formats correctly) \x09\x00\x0b\xe2 ^ ^ ^^ ^^ | | Build number in hex - 0be2 = 3042 | | | Spacer? (Its in every version) Major Revision = 9. Software revision is 9.00.3042
Tom, Thanks for the excellent information. I've done a little testing on SQL Server in the past, and never knew about this.
If it would be more efficient, the major version match lines can be added and I will look into creating a lua script that will query the port, extract the version and generate detailed information.
I've actually written a NSE script that targets Microsoft SQL server, and that's included in nmap-4.50 and newer (MSSQLm.nse). I'd be happy to take the information you provided and try and work it into that script. I think it would be an excellent addition, as the current script relies on UDP probes to extract information, which as you indicated are not accurate for newer releases of SQL 2000. It'll probably be a few days before I have much time to work on it, but I wanted to go ahead and make the offer. Thanks again, Thomas _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Microsoft SQL Server fingerprints for SQL 2000 and 2005 Tom Sellers (Jan 08)
- RE: Microsoft SQL Server fingerprints for SQL 2000 and 2005 Thomas Buchanan (Jan 08)
- Re: Microsoft SQL Server fingerprints for SQL 2000 and 2005 Tom Sellers (Jan 09)
- Re: Microsoft SQL Server fingerprints for SQL 2000 and 2005 Fyodor (Jan 10)
- Re: Microsoft SQL Server fingerprints for SQL 2000 and 2005 doug (Jan 13)
- Re: Microsoft SQL Server fingerprints for SQL 2000 and 2005 Fyodor (Jan 13)
- RE: Microsoft SQL Server fingerprints for SQL 2000 and 2005 Thomas Buchanan (Feb 07)
- Re: Microsoft SQL Server fingerprints for SQL 2000 and 2005 Fyodor (Feb 07)
- RE: Microsoft SQL Server fingerprints for SQL 2000 and 2005 Thomas Buchanan (Feb 08)
- Re: Microsoft SQL Server fingerprints for SQL 2000 and 2005 Fyodor (Feb 08)
- RE: Microsoft SQL Server fingerprints for SQL 2000 and 2005 Thomas Buchanan (Jan 08)