Locked SQL Fingerprint Xmas Released

[mauzzz]

This is the hidden content, please

• Sign In
• or
• Sign Up

 

Microsoft SQL Server fingerprinting can be a time consuming process, because it involves trial and error methods to determine the exact version. Intentionally inserting an invalid input to obtain a typical error message or using certain alphabets that are unique for certain server are two of the many ways to possibly determine the version, but most of them require authentication, permissions and/or privileges on Microsoft SQL Server to succeed.

 

Instead, ESF.pl uses a combination of crafted packets for SQL Server Resolution Protocol (SSRP) and Tabular Data Stream Protocol (TDS) (protocols natively used by Microsoft SQL Server) to accurately perform version fingerprinting and determine the exact Microsoft SQL Server version. ESF.pl also applies a sophisticated Scoring Algorithm Mechanism (Powered by Exploit Next Generation++ Technology), which is a much more reliable technique to determine the Microsoft SQL Server version. It is a tool intended to be used by:

 

This version is a completely rewritten version in Perl, making ESF.pl much more

 

portable than the previous binary version (Win32), and its original purpose is

 

to be used as a tool to perform automated penetration test. This version

also includes the followingMicrosoft SQL Server versions to its fingerprint

 

database:

• Microsoft SQL Server 2012 SP1 (CU1)

• Microsoft SQL Server 2012 SP1

• Microsoft SQL Server 2012 SP1 CTP4

• Microsoft SQL Server 2012 SP1 CTP3

• Microsoft SQL Server 2012 SP0 (CU4)

• Microsoft SQL Server 2012 SP0 (MS12-070)

• Microsoft SQL Server 2012 SP0 (CU3)

• Microsoft SQL Server 2012 SP0 (CU2)

• Microsoft SQL Server 2012 SP0 (CU1)

• Microsoft SQL Server 2012 SP0 (MS12-070)

• Microsoft SQL Server 2012 SP0 (KB2685308)

• Microsoft SQL Server 2012 RTM

 

This is the hidden content, please

• Sign In
• or
• Sign Up

This is the hidden content, please

• Sign In
• or
• Sign Up