SQL Server password password control table

zhaozj2021-02-08  213

SQL Server password password control table

This post copyright belongs to the original author, other media or websites, please contact E Dragon Western Turkey [http://www.xici.net] or the original author, and indicate the source. Author: Big ball

SQL Server transmits most of the data transmitted by 1433 ports, including IP addresses, connects to username, success, and failure messages

In this way, it is easy to use the sniffer to sniff the relevant information of SQL Server in this network segment. After getting the username and IP,

Difference, in fact, the password encryption of SQL is very fragile. Yesterday I used it for half an hour, and I organized a password character comparison table.

When analyzing the SQL Server encryption password, the SQL Server is discovered a unclear bug ---- if you use ";"

The password will result in failure, because SQL Server's password control table, does not have this character, when SQL Server encounters this password word

When the accordion, you will take the initiative to give up this character, so that the password length will not do with the actual length, when you connect 1433 next time

Waiting, this character cannot be identified by the system, thus reporting the password error.

The usage of password comparison:

1. Open your sniff to something with a 16-binding editor, then find the username of the SQL Server connection, starting from the username

The location of a 0x5a - 1 is the first place of the password, each password is separated by 0x5A, and the password transformation of the password is checked.

Chart:

A 0xB3 B 0x83 C 0x93 D 0xE3 E 0xF3 f 0xc3 g 0xd3 h 0x23 i 0x33 J 0x03 K 0x13 L 0x63 M 0x73 N 0x43 o 0x53 P 0xA2 Q 0xB2 R 0x82 s 0x92 T 0xE2 U 0xf2 V 0xc2 W 0xD2 x 0x22 y 0x32 z 0x02 1 0xB6 2 0x86 3 0x96 4 0xE6 5 0xF6 6 0xc6 7 0xD6 8 0x26 9 0x36 0 0xa6 - 0x77 = 0x76 / 0x60 [0x10] 0x70 '0xD7, 0x67. 0x47 / 0x57 `0xA3! 0xB7 @ 0xa1 # 0x97 $ 0xe7 % 0xF7 ^ 0x40 & 0xc7 * 0x07 (0x27) 0x37 a 0xB1 B 0x81 C 0x91 d 0xe1 E 0xf1 f 0xc1 g 0xd1 h 0x21 i 0x31 J 0x01 K 0x11 L 0x61 M 0x71 n 0x41 o 0x51 P 0xA0 Q 0xB0 R 0x80 s 0x90 T 0xE0 U 0xF0 V 0xc0 W 0xD0 x 0x20 y 0x30 z 0x00 _ 0x50 0x17 | 0x62 {0x12} 0x72: 0x06 "0x87 <0x66> 0x46? 0x56 ~ 0x42; no

转载请注明原文地址:https://www.9cbs.com/read-2738.html

New Post(0)