Re: Mssql module

[Jay <lists.infosec () gmail com>]

Thanks for the info Kurt.

I have pcaps of NTLM authentication to a 2000 server running sql 2000 and a
2003 server running sql 2005 if anyone is interested. They are definitely
handled differently, in that 2000 appears to use both 445 and 1433 while
2003 only uses 1433.

Jay

On Tue, Oct 13, 2009 at 2:56 PM, Kurt Grutzmacher <grutz () jingojango net>wrote:

> Hey Jay,
> In theory it shouldn't be that difficult since the framework already has
> LMv1/NTLMv1 libraries built in. It would be a matter of creating a
> mssql_ntlm_login() function to do valid LM/NTLM requests. As it is right now
> the mssql_login() function uses a hard coded SQL authorization network
> packet.
>
> JTDS may help with this endeavor since they've already reversed the
> authentication protocol:
>
>
> http://jtds.cvs.sourceforge.net/viewvc/jtds/jtds/src/java/net/sourceforge/jtds/jdbc/
>
> You'd need to be cognizant of the protocol requirements for all phases of
> NTLM auth. An existing authentication pcap would also help development
> further. I don't have such an environment easily accessible at the moment
> but it would be a nice feature to add to MSF.
>
> --
> Kurt Grutzmacher -=- grutz () jingojango net
>
>
> On Tue, Oct 13, 2009 at 12:09 PM, Jay <lists.infosec () gmail com> wrote:
>
> > Hello all,
> >
> >   I have been messing around with the mssql auxiliary modules and I was
> > wondering if its possible to enable windows authentication for mssql. From
> > looking at mssql_login in mssql.rb it appears that it is going to take more
> > than a simple hack.
> >
> > Thoughts?
> >
> > Thanks
> >    Jay
> > _______________________________________________
> > https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework