Hi, I am trying to write a script for a password testing tool over sql server 2000. I am using master..sysxlogins.passowrd column in which SQL server stroes all the passwords, then we comapre this column to a file sotred on the client machine. I am facing problem to compare two files one on the client & another one on the server so for that I want some way to transfer file from the clinet site to the server site. First Step: Creating a Table Password-List create table Password-List (word char(40)) ; Second Step: Inserting Data from Dictionary file to Password Table bulk insert Password-List from 'e:\vipul\Dictionary.txt' Third Step: Comparing Password-List with SQL Server password table select (Password-List.word) as "Password",master..sysxlogins.name as "UserName" from master..sysxlogins,Password-List where pwdcompare(rtrim(Password-List.word),master..sysxlogins.password) = 1; Is there any way to transfer a file from client to server using SQL injections or something else? The file (dictionary.txt) which I am compairing is collection of thousants of words, which I have generated by some logic. One way could be to generate one password and then send it to server using sql injection like this ' UNION SELECT * FROM OPENROWSET('SQLOLEDB','localhost';'sa';'genpwd','SELECT @@version')-- But I would be a tedious job to send all the password one by one, I want to send whole file to server so I can compare all the passwords in a single query. Please suggest something on this. Any help, suggestion on this would be highly appriciated. Thanking You. Sincerely, Indian Tiger, CISSP ---------------------------------------------------------------------------- <Pre>Do you know the base address of the Global Offset Table (GOT) on a Solaris 8 box? CORE IMPACT does.</Pre> <A href="http://www.securityfocus.com/core"> http://www.securityfocus.com/core>
This archive was generated by hypermail 2b30 : Fri Feb 28 2003 - 12:38:09 PST