Most of the data transmitted by SQL Server at 1433 ports is clear, including IP addresses, connecting usernames, success, and failure messages, it is easy to use sniffer sniffing information in this network segment SQL Server After obtaining the username and IP, it is a bad password. In fact, the password encryption of SQL is very fragile.
Yesterday I used for half an hour, I organized a password character comparison table, when analyzing the SQL Server encryption password, and found a unclear bug in SQL Server ---- if you use ";" Causes the password failure, the reason is in the password control table of SQL Server. When SQL Server encounters this password character, it will take the initiative to give up this character, so that the password length will not match the actual length, when you When the next connection 1433, this character cannot be identified by the system, thus reporting the password error.
The usage of password comparison:
1. Open your sniff to the thing with the 16-binding editor, then find the username of the SQL Server connection, from the first 0x5a - 1 of the first 0x5a - 1 after the username, is the first bit of the password, each password Separate with 0x5A, the transformation of the password is checked for password characters.
Chart:
A 0xB3
B 0x83
C 0x93
D 0xE3
e 0xf3
f 0xc3
G 0xD3
H 0x23
i 0x33
J 0x03
K 0x13
l 0x63
M 0x73
N 0x43
O 0x53
P 0xA2
Q 0xB2
R 0x82
S 0x92
T 0xE2
u 0xf2
V 0xc2
W 0xD2
x 0x22
Y 0x32
Z 0x02
1 0xB6
2 0x86
3 0x96
4 0xe6
5 0xF6
6 0xc6
7 0xD6
8 0x26
9 0x36
0 0xA6
- 0x77
= 0x76
/ 0x60
[0x10
] 0x70
'0xD7
0x67
0x47
/ 0x57
`0xa3
0xB7
@ 0xa1
# 0x97
$ 0xe7
% 0xF7
^ 0x40
& 0xc7
* 0x07
(0x27
0x37
A 0xB1
B 0x81
C 0x91
D 0xe1
E 0xf1
F 0xc1
G 0xD1
H 0x21
I 0x31
J 0x01
K 0x11
L 0x61
M 0x71
N 0x41
O 0x51
P 0xA0
Q 0xB0
R 0x80
S 0x90
T 0xE0
U 0xF0
V 0xc0
W 0xD0
X 0x20
Y 0x30
Z 0x00
_ 0x50
0x17
0x62
{0x12
} 0x72
0x06
"0x87
<0x66
> 0x46
? 0x56
~ 0x42
; does not exist
The above article is a collection of things. I hope to help you in Hacking.
