SQL Server password Password comparison

Source: Internet
Author: User
Tags comparison comparison table
Most of the data that server SQL Server transmits on port 1433 is plaintext, including IP addresses, connection user names, successes, and failure messages

This makes it easy to sniff through the information about SQL Server in this network segment, after getting the username and IP,

Bad password, in fact, SQL password encryption is very fragile, yesterday I spent half an hour, sorting out a password character comparison table, in

When parsing SQL Server encryption password, it also discovers a minor bug in SQL Server----if you use ";" Make a password

will cause the password to expire because SQL Server does not have this character in the password comparison table, when SQL Server encounters this password word

character, the length of the password will not match the actual length, and the next time you connect 1433

This character cannot be identified by the system, thus reporting a password error.

Use of password comparison:

1. Use the 16-in editor to open what you sniff to, and then find the SQL Server connected user name, starting with the first user name

A 0x5a-1 position is the first bit of the password, each password is separated by 0x5a, the conversion of the password Word, please check the password character

Table:

A 0xb3
b 0x83
C 0x93
D 0xe3
E 0xf3
F 0xc3
G 0xd3
H 0x23
I 0x33
J 0x03
K 0x13
L 0x63
M 0x73
N 0x43
o 0x53
P 0XA2
Q 0xb2
R 0x82
S 0x92
T 0xe2
U 0xf2
V 0xc2
W 0xd2
X 0x22
Y 0x32
Z 0x02
1 0xb6
2 0x86
3 0x96
4 0xe6
5 0xf6
6 0xc6
7 0xd6
8 0x26
9 0x36
0 0xa6
-0x77
= 0x76
\ 0x60
[0x10
] 0x70
' 0xd7
, 0x67
. 0x47
/0x57
' 0xa3
! 0xb7
@ 0xa1
# 0x97
$0xe7
% 0xf7
^ 0x40
& 0xc7
* 0x07
(0x27
) 0x37
A 0XB1
B 0x81
C 0x91
D 0xe1
E 0xf1
F 0xc1
G 0xd1
H 0x21
I 0x31
J 0x01
K 0x11
L 0x61
M 0x71
N 0x41
O 0x51
P 0xa0
Q 0xb0
R 0x80
S 0x90
T 0xe0
U 0xf0
V 0xc0
W 0xd0
X 0x20
Y 0x30
Z 0x00
_ 0x50
+ 0x17
| 0x62
{0x12
} 0x72
: 0x06
"0x87
< 0x66
> 0x46
? 0x56
~ 0x42
; does not exist



Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.