Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] Library: mssql.lua - Adding data types

From: Tom Sellers <nmap () fadedcode net>
Date: Fri, 24 Aug 2012 06:28:20 -0500
Committed, thanks

Tom

On Aug 21, 2012, at 10:34 AM, David Fifield <david () bamsoftware com> wrote:


On Sun, Aug 19, 2012 at 08:13:52PM -0500, Tom Sellers wrote:

While at Defcon this year I had an interesting talk with one of the speakers, Skip Duckwall. He
and a partner have done quite a bit of work with pass-the-hash attacks (http://passing-the-hash.blogspot.com/).

One of the things he brought up was that while nmap could perform MS SQL queries, its ability to
extract that data is pretty limited.  I am working on a few changes that I think should address this.
The first is discussed below.


I have made the following additions to the mssql.lua library:

   Added or enhanced support for the following data types:
       SQLTEXT       = 0x23 - text
       GUIDTYPE      = 0x24 - uniqueidentifier
       NTEXTTYPE     = 0x63 - unicode text (ntext)
       BITNTYPE      = 0x68 - boolean
       DECIMALNTYPE  = 0x6A - decimal
       NUMERICNTYPE  = 0x6C - numeric
       FLTNTYPE      = 0x6D - float/real/double
       MONEYNTYPE    = 0x6E - money / smallmoeny
       BIGBINARYTYPE = 0xAD - binary
       BIGCHARTYPE   = 0xAF - char
       SQLNCHAR      = 0xEF - unicode char (nchar)

   Added detection and handling of null values when processing query responses from the server.

   Added DoneProc response token support

   Reordered ColumnData and ColumnInfo parsers by data type code to make updates easier.

I have tested the changes against a MS SQL 2008 RTM server on a Windows 2008 R2 host.

I have not committed the changes yet.  I have instead attached a diff and a full copy of the
library for anyone that is interested in testing it.  I would appreciate any testing and
feedback that anyone can provide.


I haven't tested this but the changes look to be good to me.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: