|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: nicob
nicob.netDate: Wed Apr 03 2002 - 12:21:35 CST
Hi !
I'm actually collecting the differents strings send by MS-SQL servers during the authentification phase.
I want to collect as much banners as possible, for differents versions (6.5, 7.0, 2K, ...) and languages (french, spanish,
english, japanese, ...).
If you want to help me, you just have to download a Perl script [1] from my website and then run it against your MS-SQL
server.
Usage : mssql-banner.pl adresse_IP user password
(code ripped from Roelof Temmingh's senseql.pl)
The (edited) output from one of my test machine is :
8<----------------------[snip]----------------------------------------------
D:\>perl mssql-banner.pl 192.168.1.38 sa "wrong_passwd"
Testing : .... Login failed for user 'sa' .....
D:\>perl mssql-banner.pl 192.168.1.38 sa "good_passwd"
Testing : ... Changed database context to 'master'.....
8<---------------------[/snip]----------------------------------------------
The best way to send me easily exploitable results is :
- test with an invalid user/passwd combo, redirecting the output to a file
- test with an valid user/passwd combo, redirecting the output to the same file
- rename the file to $version-$language.txt and send me the file, *without* editing it
Exotic languages/versions velcome !
Note : a Win32 Perl2EXE'd version is available at [2]
[1] : http://nicob.net/mssql-banner.pl
[2] : http://nicob.net/mssql-banner.exe
Thanks in advance,
Nicob
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]