Skip to content

MSSQL

Jump to bottom
justinbastress edited this page Feb 7, 2018 · 1 revision

The MSSQL module scans a Microsoft SQL server over TCP.

Flags

  • BaseFlags
  • TLSFlags
  • --encrypt-mode: The encryption type for the pre-login step. One of ENCRYPT_ON, ENCRYPT_OFF, or ENCRYPT_NOT_SUP.

Scan

  1. Do the PRELOGIN step: https://msdn.microsoft.com/en-us/library/dd357559.aspx
  • If ENCRYPT_MODE == ENCRYPT_NOT_SUP, finish.
  1. Do a TLS handshake
  • The first packets of the handshake are wrapped in TDS packets, and further, it seems that MSSQL will shut down the connection if the second round of client->server packets are not sent in a single packet. So, the MSSQL scanner will not work with zcrypto versions prior to https://github.com/zmap/zcrypto/pull/104.

Output

  • version: The version number, as "major.minor.build", using the version info returned from PRELOGIN.
  • instance_name: The instance name, as returned from PRELOGIN.
  • prelogin_options: Debug only. The whole PRELOGIN response.
  • tls: The TLSFlags log.
Clone this wiki locally