Re: MS-SQL banners

From: -l0rt- (simon@snosoft.com)
Date: 04/04/02 

Date: Thu, 4 Apr 2002 10:35:54 -0500 (EST)
From: -l0rt- <simon@snosoft.com>
To: <nicob@nicob.net>

What is this for?

-l0rt-

http://www.snosoft.com
---------------------------------------------------------------------
That file you've been guarding, isn't.
---------------------------------------------------------------------

On Wed, 3 Apr 2002 nicob@nicob.net wrote:

> Hi !
>
> I'm actually collecting the differents strings send by MS-SQL servers during the authentification phase.
> I want to collect as much banners as possible, for differents versions (6.5, 7.0, 2K, ...) and languages (french, spanish,
> english, japanese, ...).
>
> If you want to help me, you just have to download a Perl script [1] from my website and then run it against your MS-SQL
> server.
>
> Usage : mssql-banner.pl adresse_IP user password
> (code ripped from Roelof Temmingh's senseql.pl)
>
> The (edited) output from one of my test machine is :
>
> 8<----------------------[snip]----------------------------------------------
>
> D:\>perl mssql-banner.pl 192.168.1.38 sa "wrong_passwd"
>
> Testing : .... Login failed for user 'sa' .....
>
> D:\>perl mssql-banner.pl 192.168.1.38 sa "good_passwd"
>
> Testing : ... Changed database context to 'master'.....
>
> 8<---------------------[/snip]----------------------------------------------
>
> The best way to send me easily exploitable results is :
> - test with an invalid user/passwd combo, redirecting the output to a file
> - test with an valid user/passwd combo, redirecting the output to the same file
> - rename the file to $version-$language.txt and send me the file, *without* editing it
>
> Exotic languages/versions velcome !
>
> Note : a Win32 Perl2EXE'd version is available at [2]
>
> [1] : http://nicob.net/mssql-banner.pl
> [2] : http://nicob.net/mssql-banner.exe
>
> Thanks in advance,
>
> Nicob
>
>

Quantcast