Most of the data that SQL Server transmits on port 1433 is plaintext, including IP addresses, connection user names, successes, and failure messages
This makes it easy to sniff through the information about SQL Server in this network segment, after getting the username and IP,
Bad password, in fact, SQL password encryption is very fragile, yesterday I spent half an hour, sorting out a password character comparison table, in
When parsing SQL Server encryption password, it also discovers a minor bug in SQL Server----if you use ";" Make a password
will cause the password to expire because SQL Server does not have this character in the password comparison table, when SQL Server encounters this password word
character, the length of the password will not match the actual length, and the next time you connect 1433
This character cannot be identified by the system, thus reporting a password error.
Use of password comparison:
1. Use the 16-in editor to open what you sniff to, and then find the SQL Server connected user name, starting with the first user name
A 0x5a-1 position is the first bit of the password, each password is separated by 0x5a, the conversion of the password Word, please check the password character
Table:
A 0xb3
b 0x83
C 0x93
D 0xe3
E 0xf3
F 0xc3
G 0xd3
H 0x23
I 0x33
J 0x03
K 0x13
L 0x63
M 0x73
N 0x43
o 0x53
P 0XA2
Q 0xb2
R 0x82
S 0x92
T 0xe2
U 0xf2
V 0xc2
W 0xd2
X 0x22
Y 0x32
Z 0x02
1 0xb6
2 0x86
3 0x96
4 0xe6
5 0xf6
6 0xc6
7 0xd6
8 0x26
9 0x36
0 0xa6
-0x77
= 0x76
0x60
[0x10
] 0x70
' 0xd7
, 0x67
. 0x47
/0x57
' 0xa3
! 0xb7
@ 0xa1
# 0x97
$0xe7
% 0xf7
^ 0x40
& 0xc7
* 0x07
(0x27
) 0x37
A 0XB1
B 0x81
C 0x91
D 0xe1
E 0xf1
F 0xc1
G 0xd1
H 0x21
I 0x31
J 0x01
K 0x11
L 0x61
M 0x71
N 0x41
O 0x51
P 0xa0
Q 0xb0
R 0x80
S 0x90
T 0xe0
U 0xf0
V 0xc0
W 0xd0
X 0x20
Y 0x30
Z 0x00
_ 0x50
+ 0x17
| 0x62
{0x12
} 0x72
: 0x06
"0x87
< 0x66
> 0x46
? 0x56
~ 0x42
; does not exist
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.