Password Tesing using SQL Injection

• Previous message: Fernando Martins: "Re: Online Scanning Services Vrs. Stand Alone Applications"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Indian Tiger" <indiantiger@mailandnews.com>
To: <pen-test@securityfocus.com>
Date: Tue, 28 Jan 2003 15:10:42 +0530

Hi,

I am trying to write a script for a password testing tool over sql server
2000.
I am using master..sysxlogins.passowrd column in which SQL server stroes
all the passwords, then we comapre this column to a file sotred on the
client machine. I am facing problem to compare two files one on the client &
another one on the server so for that I want some way to transfer file from
the clinet site to the server site.

First Step: Creating a Table Password-List
create table Password-List (word char(40)) ;

Second Step: Inserting Data from Dictionary file to Password Table
bulk insert Password-List from 'e:\vipul\Dictionary.txt'

Third Step: Comparing Password-List with SQL Server password table
select (Password-List.word) as "Password",master..sysxlogins.name as
"UserName" from master..sysxlogins,Password-List
where pwdcompare(rtrim(Password-List.word),master..sysxlogins.password) = 1;

Is there any way to transfer a file from client to server using SQL
injections or something else?

The file (dictionary.txt) which I am compairing is collection of thousants
of words, which I have generated by some logic.
One way could be to generate one password and then send it to server using
sql injection like this
' UNION SELECT * FROM
OPENROWSET('SQLOLEDB','localhost';'sa';'genpwd','SELECT @@version')--

But I would be a tedious job to send all the password one by one, I want to
send whole file to server so I can compare all the passwords in a single
query. Please suggest something on this.

Any help, suggestion on this would be highly appriciated.

Thanking You.
Sincerely,

Indian Tiger, CISSP

----------------------------------------------------------------------------
<Pre>Do you know the base address of the Global Offset Table (GOT) on a Solaris 8 box?
CORE IMPACT does.</Pre>
<A href="http://www.securityfocus.com/core"> http://www.securityfocus.com/core>

• Next message: Gene Yoo: "Re: Online Scanning Services Vrs. Stand Alone Applications"
• Previous message: Fernando Martins: "Re: Online Scanning Services Vrs. Stand Alone Applications"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Security strategy: Access client/SQL Server ... I will be creating an application using MS Access as a client to SQL ... SQL Server resides. ... permissions for group X to open form A, users would need to get a new ... (comp.databases.ms-access) RE: Failed upgrade to SCCM ... When you only see 2 actions, that generally means that the client cannot ... I recently started the upgrade our SMS 2003 SP3 Server to SCCM. ... SQL Server security mode and as we require the SQL server to be in SQL & ... however fails at "Install SMS provider components". ... (microsoft.public.sms.setup) SQL and Bandwidth use ... Dell PowerEdge server, Dual Xeon 2.4GHz processors, 4 GB ... Run Query against database, in Great Plains Client ... bandwidth usage by ... Client PC is on same segment as SQL server (not passing ... (microsoft.public.sqlserver.connect) RE: Monolith -> layered client/server? ... That way you can put as many logical layers (data access, business rules, ... whatever) on a server talking to your SQL Server... ... Client would require db connection info. Using a windows app on the ... > to a layered .NET SQL server version. ... (microsoft.public.dotnet.general) Re: error setting up ODBC for remote sqlexpress database ... We were able to get it to work with the ODBC native client driver. ... Server could be stopped in the client. ... is to install Management Studio for SQL Server 2005 Express ... (microsoft.public.sqlserver.odbc)