Home » Sql injection » SQL Fingerprint Xmas Released
SQL Fingerprint Xmas Released
Microsoft SQL Server fingerprinting can be a time
consuming process, because it involves trial and error methods to
determine the exact version. Intentionally inserting an invalid input to
obtain a typical error message or using certain alphabets that are
unique for certain server are two of the many ways to possibly determine
the version, but most of them require authentication, permissions
and/or privileges on Microsoft SQL Server to succeed.
Instead, ESF.pl uses a combination of crafted packets for SQL Server Resolution Protocol (SSRP) and Tabular Data Stream Protocol (TDS) (protocols natively used by Microsoft SQL Server) to accurately perform version fingerprinting and determine the exact Microsoft SQL Server version. ESF.pl also applies a sophisticated Scoring Algorithm Mechanism (Powered by Exploit Next Generation++ Technology), which is a much more reliable technique to determine the Microsoft SQL Server version. It is a tool intended to be used by:
This version is a completely rewritten version in Perl, making ESF.pl much more
portable than the previous binary version (Win32), and its original purpose is
to be used as a tool to perform automated penetration test. This version also includes the followingMicrosoft SQL Server versions to its fingerprint
database: • Microsoft SQL Server 2012 SP1 (CU1) • Microsoft SQL Server 2012 SP1 • Microsoft SQL Server 2012 SP1 CTP4 • Microsoft SQL Server 2012 SP1 CTP3 • Microsoft SQL Server 2012 SP0 (CU4) • Microsoft SQL Server 2012 SP0 (MS12-070) • Microsoft SQL Server 2012 SP0 (CU3) • Microsoft SQL Server 2012 SP0 (CU2) • Microsoft SQL Server 2012 SP0 (CU1) • Microsoft SQL Server 2012 SP0 (MS12-070) • Microsoft SQL Server 2012 SP0 (KB2685308) • Microsoft SQL Server 2012 RTM
Download: http://code.google.com
Source: http://code.google.com/p/sql-fingerprint-next-generation
Tags: Hacking Tools, Sql injection

This post was written by:
Adnan Anjum - who has written 1000+ posts on hackguide4u.
Adnan Anjum is a professional Geek. Follow him on Twitter or email him
Share your views...
0 Respones to "SQL Fingerprint Xmas Released"
Post a Comment