SQL Server password table
The majority of data transmitted by SQL server on port 1433 is in plain text, which includes IP addresses, connection usernames
Success and Failure messages
In this way, it is easy to use the sniffer to sniff the SQL Server Information in this CIDR Block and obtain the user
The password is worse than the IP address. In fact, the SQL password encryption is very fragile. I used it for half an hour yesterday and compiled a Password character comparison table, when analyzing the SQL server encryption password, we also found a small bug in SQL Server-if you use ";" for password, the password will become invalid, the reason is that the SQL server password table does not contain this character. When SQL Server encounters this password, it will take the initiative to discard this character, the password length does not match the actual length. When you connect to the system for the next time, this character cannot be identified by the system and thus a Password error is reported.
Usage of the password table:
1. Open your sniff in a hexadecimal editor, and find the user name for connecting to SQL Server.
At the beginning of the name, the first 0x5a-1 is the first password. Each password is separated by 0x5a.
Table:
A 0xb3
B 0x83
C 0x93
D 0xe3
E 0xf3
F 0xc3
G 0xd3
H 0x23
I 0x33
J 0x03
K 0x13
L 0x63
M 0x73
N 0x43
O 0x53
P 0xa2
Q 0xb2
R 0x82
S 0x92
T 0xe2
U 0xf2
V 0xc2
W 0xd2
X 0x22
Y 0x32
Z 0x02
1 0xb6
2 0x86
3 0x96
4 0xe6
5 0xf6
6 0xc6
7 0xd6
8 0x26
9 0x36
0 0xa6
-0x77
= 0x76
/0x60
[0x10
] 0x70
'0xd7
, 0x67
. 0x47
/0x57
'0xa3
! 0xb7
@ 0xa1
#0x97
$0xe7
% 0xf7
^ 0x40
& 0xc7
* 0x07
(0x27
) 0x37
A 0xb1
B 0x81
C 0x91
D 0xe1
E 0xf1
F 0xc1
G 0xd1
H 0x21
I 0x31
J 0x01
K 0x11
L 0x61
M 0x71
N 0x41
O 0x51
P 0xa0
Q 0xb0
R 0x80
S 0x90
T 0xe0
U 0xf0
V 0xc0
W 0xd0
X 0x20
Y 0x30
Z 0x00
_ 0x50
+ 0x17
| 0x62
{0x12
} 0x72
: 0x06
"0x87
<0x66
> 0x46
? 0x56
~ 0x42
; Does not exist