Archies
 |
| 09/19/2001 3:03 PM |
 Quote
 Reply
 Alert
|
| During the authentication in clear between the Client and the server, you'll see the password go across as (hex) B6 A5 86 A5 96 A5 B6 A5 86 A5 96 A5 B6 A5 86 A5 96 A5 for pass 123123123
What is this conversion ? |
|
|
|
|
Chip Andrews
|
| 09/19/2001 7:52 PM |
Quote
Reply
Alert
|
| I have published the conversion process in the new Hacking Exposed 2000 by Osborne Press (see Chapter 11 - Hacking SQL Server). It's a bit long to explain here.
Chip |
|
|
|
|
Chip Andrews
|
| 09/23/2001 6:18 PM |
Quote
Reply
Alert
|
| PS - the book is authored by Stuart McClure and Joel Scambray. I contributed chapter 11 only.
Chip |
|
|
|
|
archies
|
| 09/25/2001 1:42 PM |
Quote
Reply
Alert
|
| thank u chip,
i will get this book and if have another question i will ask you ! |
|
|
|
|
archies
|
| 09/25/2001 4:54 PM |
Quote
Reply
Alert
|
| Chip,
Wherever i check, your book is not yet available before two at three week, can you explain me the authentication mechanism or send me a dump of the authentication.
scouby@worldonline.fr |
|
|
|
|
Chip
|
| 09/27/2001 9:33 AM |
Quote
Reply
Alert
|
| Well - if you simply CANT wait:
1. Take out the A5's
2. Take the resulting bytes and swap digits (B6 -> 6B)
3. XOR that with 5A
4. The result (31) in this case is ASCII for '1'
etc etc |
|
|
|
|
archies
|
| 09/27/2001 11:46 AM |
Quote
Reply
Alert
|
| Thk u for the conversion,
TDS (Tabular Data Stream) is the format used for communications between a SQL server and client, During the authentication in clear between the Client and the server, what does i will see before the login and the pass ?
Does it :
user_name, user_name_length, password, password_length
Is here the pass is obscated, is the login too ?
I don't have a dump of the exchange and i want to know exactly the order of authentication and get what allow me to find the login and the pass. Is there character (hex) just before the login which allow me find it easily. Is the login situated on the 38 bytes. |
|
|
|
|