Nmap Development mailing list archives
Re: [NSE] Library: mssql.lua - Adding data types
From: Tom Sellers <nmap () fadedcode net>
Date: Fri, 24 Aug 2012 06:28:20 -0500
Committed, thanks Tom On Aug 21, 2012, at 10:34 AM, David Fifield <david () bamsoftware com> wrote:
On Sun, Aug 19, 2012 at 08:13:52PM -0500, Tom Sellers wrote:While at Defcon this year I had an interesting talk with one of the speakers, Skip Duckwall. He and a partner have done quite a bit of work with pass-the-hash attacks (http://passing-the-hash.blogspot.com/). One of the things he brought up was that while nmap could perform MS SQL queries, its ability to extract that data is pretty limited. I am working on a few changes that I think should address this. The first is discussed below. I have made the following additions to the mssql.lua library: Added or enhanced support for the following data types: SQLTEXT = 0x23 - text GUIDTYPE = 0x24 - uniqueidentifier NTEXTTYPE = 0x63 - unicode text (ntext) BITNTYPE = 0x68 - boolean DECIMALNTYPE = 0x6A - decimal NUMERICNTYPE = 0x6C - numeric FLTNTYPE = 0x6D - float/real/double MONEYNTYPE = 0x6E - money / smallmoeny BIGBINARYTYPE = 0xAD - binary BIGCHARTYPE = 0xAF - char SQLNCHAR = 0xEF - unicode char (nchar) Added detection and handling of null values when processing query responses from the server. Added DoneProc response token support Reordered ColumnData and ColumnInfo parsers by data type code to make updates easier. I have tested the changes against a MS SQL 2008 RTM server on a Windows 2008 R2 host. I have not committed the changes yet. I have instead attached a diff and a full copy of the library for anyone that is interested in testing it. I would appreciate any testing and feedback that anyone can provide.I haven't tested this but the changes look to be good to me. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Library: mssql.lua - Adding data types Tom Sellers (Aug 19)
- Re: [NSE] Library: mssql.lua - Adding data types David Fifield (Aug 21)
- Re: [NSE] Library: mssql.lua - Adding data types Tom Sellers (Aug 24)
- Re: [NSE] Library: mssql.lua - Adding data types David Fifield (Aug 21)