Metasploit mailing list archives
Re: Mssql module
From: Jay <lists.infosec () gmail com>
Date: Wed, 14 Oct 2009 14:30:31 -0500
Thanks for the info Kurt. I have pcaps of NTLM authentication to a 2000 server running sql 2000 and a 2003 server running sql 2005 if anyone is interested. They are definitely handled differently, in that 2000 appears to use both 445 and 1433 while 2003 only uses 1433. Jay On Tue, Oct 13, 2009 at 2:56 PM, Kurt Grutzmacher <grutz () jingojango net>wrote:
Hey Jay, In theory it shouldn't be that difficult since the framework already has LMv1/NTLMv1 libraries built in. It would be a matter of creating a mssql_ntlm_login() function to do valid LM/NTLM requests. As it is right now the mssql_login() function uses a hard coded SQL authorization network packet. JTDS may help with this endeavor since they've already reversed the authentication protocol: http://jtds.cvs.sourceforge.net/viewvc/jtds/jtds/src/java/net/sourceforge/jtds/jdbc/ You'd need to be cognizant of the protocol requirements for all phases of NTLM auth. An existing authentication pcap would also help development further. I don't have such an environment easily accessible at the moment but it would be a nice feature to add to MSF. -- Kurt Grutzmacher -=- grutz () jingojango net On Tue, Oct 13, 2009 at 12:09 PM, Jay <lists.infosec () gmail com> wrote:Hello all, I have been messing around with the mssql auxiliary modules and I was wondering if its possible to enable windows authentication for mssql. From looking at mssql_login in mssql.rb it appears that it is going to take more than a simple hack. Thoughts? Thanks Jay _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Re: Mssql module Jay (Oct 14)
- <Possible follow-ups>
- Re: Mssql module HD Moore (Oct 14)