sql server (microsoft): TDS7/8 Login Packets -- sql server (microsoft)

TDS7/8 Login Packets

Jeigh
9/15/2004 2:25:22 PM

sql server (microsoft): Is there anything available that will decode the password found in TDS7/8
login packets? (these are the packets that are sent to SQL Server to
authenticate a user in mixed mode)

I'm dealing with this situation... Often times my clients will hammer my
sql server with login attempts, but they are using a bad password. Either
a third party is trying to brute-force their way into my server, or my
clients really did loose their password and out of dumbfounded stupidity,
they send a bunch of login attempts.

It would be easier for me to determine what their intent is if I could see
the actual password that they used. Fortunatly for us as database
administrators, that password is not sent in cleartext....

If you know anything about this encryption algorithm, please reply to this
post.

This information could be used for malicious intent, so if you know the
answer to my question, but feel uneasy about posting it on a public
newsgroup, plz send it to my email address (folkens.jason@acd.net).

Thanks in advance,

-- Jason

Re: TDS7/8 Login Packets

Jeigh
9/15/2004 5:26:50 PM

hahaha I'm going to answer my own question on this...

the password is sent using a crappy encryption algorithm. basically, send
the password abcdefghijklmnopqrstuvwxyz to the server. It will map letter
for letter, and from that, you can figure out any password. for example
a=0xb3, b=0x83, c=0x93 etc... no real pattern involved, but the characters
map directly to a numerical equivalaent and once you write down that
numerical equavalant, you can get the password without any problems. Each
letter is delimited by a 0xa5 byte

not quite plaintext, but it might as well be.

[quoted text, click to view]