Hi ! I'm actually collecting the differents strings send by MS-SQL servers during the authentification phase. I want to collect as much banners as possible, for differents versions (6.5, 7.0, 2K, ...) and languages (french, spanish, english, japanese, ...). If you want to help me, you just have to download a Perl script [1] from my website and then run it against your MS-SQL server. Usage : mssql-banner.pl adresse_IP user password (code ripped from Roelof Temmingh's senseql.pl) The (edited) output from one of my test machine is : 8<----------------------[snip]---------------------------------------------- D:\>perl mssql-banner.pl 192.168.1.38 sa "wrong_passwd" Testing : .... Login failed for user 'sa' ..... D:\>perl mssql-banner.pl 192.168.1.38 sa "good_passwd" Testing : ... Changed database context to 'master'..... 8<---------------------[/snip]---------------------------------------------- The best way to send me easily exploitable results is : - test with an invalid user/passwd combo, redirecting the output to a file - test with an valid user/passwd combo, redirecting the output to the same file - rename the file to $version-$language.txt and send me the file, *without* editing it Exotic languages/versions velcome ! Note : a Win32 Perl2EXE'd version is available at [2] [1] : http://nicob.net/mssql-banner.pl [2] : http://nicob.net/mssql-banner.exe Thanks in advance, Nicob
This archive was generated by hypermail 2b30 : Wed Apr 03 2002 - 17:09:07 PST