Get the SQL Server version (source code) via 1433

xiaoxiao2021-03-06  68

http://www.sqlsecurity.com/ The SQL Ver released by the Chip andrews is originally written with C #, and even makes the modification, by the way, learn the socket programming under Unix. :-)

Compilation environment: FreeBSD 5.2 (i386)

(Win32 program can be downloaded here

http://www.xfocus.net/tools/200408/795.html)

#include

#include

Int main (int Argc, char * argv [])

{

Struct SockAddr_in SRT_ADDR;

Int socket; // the socket

Int nret; // the return value

INT nport = 1433;

Char szbuf1 [] = {

0x12, 0x01, 0x00, 0x34, 0x00, 0x00, 0x00, 0x00,

0x00, 0x00, 0x15, 0x00, 0x06, 0x01, 0x00, 0x1b,

0x00, 0x01, 0x02, 0x00, 0x1c, 0x00, 0x0c, 0x03,

0x00, 0x28, 0x00, 0x04, 0xff, 0x08, 0x00, 0x01,

0x55, 0x00, 0x00, 0x00, 0x4d, 0x53, 0x53, 0x51,

0x4c, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x00,

0x04, 0x08, 0x00, 0x00};

Char szbuf2 [1024] = {0};

INT NRECVLEN = 1024;

IF (argc <2 || argc> 3) {printf ("/ n / n [ ] usage:% s targetip sqlport / n / n", argv [0]); printf ("code by yztgx@hotmail.com / N "); exit (1);} Printf (" / n / n [ ] code by yztgx@hotmail.com/n "); Printf (" [ ] author: chip andrews / n "); Printf "[ ] Reference: http://www.sqlsecurity.com/n"); Printf ("[ ] my blog: http://blog.9cbs.net/yztgx/n/n");

IF (argc == 3) {nPort = ATOI (Argv [2]); if (! nPort) nport = 1433;} else nport = 1433; SRT_ADDR.SIN_FAMILY = AF_ITD; SRT_ADDR.SIN_PORT = HTONS (NPORT); SRT_ADDR. SIN_ADDR.S_ADDR = INET_ADDR (Argv [1]); SSOCKET = Socket (AF_INET, SOCK_STREAM, 0); IF (SSocket <0) {PERROR ("Create Socket Error / N"); EXIT (1);} nret = Connect (SSOCKET, STRUCKADDR *) & SRT_ADDR, SIZEOF (SRT_ADDR)); if (NRET) {Perror ("can't connect the port / n"); exit (1);} nret = send (SSOCKET, SZBUF1, SIZEOF (SZBUF1), 0); if (NRET == -1) {Perror ("Send Date Error / N"); exit (1);} nret = Recv (SSocket, SZBUF2, NRECVLEN, 0); IF (NRet = = -1) {Perror ("Recv Date Error / N"); exit (1);} Printf ("[*] SQL VER IS:% D.% D.% D / n / nfinish! / N", Unsigned char) SZBUF2 [29], (Unsigned char) (SZBUF2 [30]), (SZBUF2 [31]) * 256 (unsigned chain) r) SZBUF2 [32]); Close (SSOCKET); Return 0;}

转载请注明原文地址:https://www.9cbs.com/read-119781.html

New Post(0)