Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] Library: mssql.lua - Adding data types

From: David Fifield <david () bamsoftware com>
Date: Tue, 21 Aug 2012 08:34:00 -0700
On Sun, Aug 19, 2012 at 08:13:52PM -0500, Tom Sellers wrote:

While at Defcon this year I had an interesting talk with one of the speakers, Skip Duckwall. He
and a partner have done quite a bit of work with pass-the-hash attacks (http://passing-the-hash.blogspot.com/).

One of the things he brought up was that while nmap could perform MS SQL queries, its ability to
extract that data is pretty limited.  I am working on a few changes that I think should address this.
The first is discussed below.


I have made the following additions to the mssql.lua library:

      Added or enhanced support for the following data types:
              SQLTEXT       = 0x23 - text
              GUIDTYPE      = 0x24 - uniqueidentifier
              NTEXTTYPE     = 0x63 - unicode text (ntext)
              BITNTYPE      = 0x68 - boolean
              DECIMALNTYPE  = 0x6A - decimal
              NUMERICNTYPE  = 0x6C - numeric
              FLTNTYPE      = 0x6D - float/real/double
              MONEYNTYPE    = 0x6E - money / smallmoeny
              BIGBINARYTYPE = 0xAD - binary
              BIGCHARTYPE   = 0xAF - char
              SQLNCHAR      = 0xEF - unicode char (nchar)

      Added detection and handling of null values when processing query responses from the server.

      Added DoneProc response token support

      Reordered ColumnData and ColumnInfo parsers by data type code to make updates easier.

I have tested the changes against a MS SQL 2008 RTM server on a Windows 2008 R2 host.

I have not committed the changes yet.  I have instead attached a diff and a full copy of the
library for anyone that is interested in testing it.  I would appreciate any testing and
feedback that anyone can provide.


I haven't tested this but the changes look to be good to me.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: