Home page logo
/
Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News

Library mssql

MSSQL Library supporting a very limited subset of operations.

The library was designed and tested against Microsoft SQL Server 2005. However, it should work with versions 7.0, 2000, 2005, 2008 and 2012. Only a minimal amount of parsers have been added for tokens, column types and column data in order to support the first scripts.

The code has been implemented based on traffic analysis and the following documentation:

  • SSRP: Class that handles communication over the SQL Server Resolution Protocol, used for identifying instances on a host.
  • ColumnInfo: Class containing parsers for column types which are present before the row data in all query response packets. The column information contains information relevant to the data type used to hold the data eg. precision, character sets, size etc.
  • ColumnData: Class containing parsers for the actual column information.
  • Token: Class containing parsers for tokens returned in all TDS responses. A server response may hold one or more tokens with information from the server. Each token has a type which has a number of type specific fields.
  • QueryPacket: Class used to hold a query and convert it to a string suitable for transmission over a socket.
  • LoginPacket: Class used to hold login specific data which can easily be converted to a string suitable for transmission over a socket.
  • PreLoginPacket: Class used to (partially) implement the TDS PreLogin packet
  • TDSStream: Class that handles communication over the Tabular Data Stream protocol used by SQL serve. It is used to transmit the the Query- and Login-packets to the server.
  • Helper: Class which facilitates the use of the library by through action oriented functions with descriptive names.
  • Util: A "static" class containing mostly character and type conversion functions.

The following sample code illustrates how scripts can use the Helper class to interface the library:

local helper = mssql.Helper:new()
status, result = helper:Connect( host, port )
status, result = helper:Login( username, password, "temdpb", host.ip )
status, result = helper:Query( "SELECT name FROM master..syslogins" )
helper:Disconnect()

The following sample code illustrates how scripts can use the Helper class with pre-discovered instances (e.g. by ms-sql-discover or broadcast-ms-sql-discover):

local instance = mssql.Helper.GetDiscoveredInstances( host, port )
if ( instance ) then
  local helper = mssql.Helper:new()
  status, result = helper:ConnectEx( instance )
  status, result = helper:LoginEx( instance )
  status, result = helper:Query( "SELECT name FROM master..syslogins" )
  helper:Disconnect()
end

Known limitations:

  • The library does not support SSL. The foremost reason being the awkward choice of implementation where the SSL handshake is performed within the TDS data block. By default, servers support connections over non SSL connections though.
  • Version 7 and ONLY version 7 of the protocol is supported. This should cover Microsoft SQL Server 7.0 and later.
  • TDS Responses contain one or more response tokens which are parsed based on their type. The supported tokens are listed in the TokenType table and their respective parsers can be found in the Token class. Note that some token parsers are not fully implemented and simply move the offset the right number of bytes to continue processing of the response.
  • The library only supports a limited subsets of datatypes and will abort execution and return an error if it detects an unsupported type. The supported data types are listed in the DataTypes table. In order to add additional data types a parser function has to be added to both the ColumnInfo and ColumnData class.
  • No functionality for languages, localization or character codepages has been considered or implemented.
  • The library does database authentication only. No OS authentication or use of the integrated security model is supported.
  • Queries using SELECT, INSERT, DELETE and EXEC of procedures have been tested while developing scripts.

Author:
"Patrik Karlsson <patrik@cqure.net>, Chris Woodbury"

Copyright© Same as Nmap--See http://nmap.org/book/man-legal.html

Source: http://nmap.org/svn/nselib/mssql.lua

Script Arguments

mssql.username

The username to use to connect to SQL Server instances. This username is used by scripts taking actions that require authentication (e.g. ms-sql-query) This username (and its associated password) takes precedence over any credentials discovered by the ms-sql-brute and ms-sql-empty-password scripts.

mssql.domain

The domain against which to perform integrated authentication. When set, the scripts assume integrated authentication should be performed, rather than the default sql login.

mssql.password

The password for mssql.username. If this argument is not given but mssql.username, a blank password is used.

mssql.scanned-ports-only

If set, the script will only connect to ports that were included in the Nmap scan. This may result in instances not being discovered, particularly if UDP port 1434 is not included. Additionally, instances that are found to be running on ports that were not scanned (e.g. if 1434/udp is in the scan and the SQL Server Browser service on that port reports an instance listening on 43210/tcp, which was not scanned) will be reported but will not be stored for use by other ms-sql-* scripts.

mssql.timeout

How long to wait for SQL responses. This is a number followed by ms for milliseconds, s for seconds, m for minutes, or h for hours. Default: 30s.

mssql.instance-port

The port of the instance to connect to.

mssql.instance-all

Targets all SQL server instances discovered through the browser service.

mssql.protocol

The protocol to use to connect to the instance. The protocol may be either NP,Named Pipes or TCP.

mssql.instance-name

The name of the instance to connect to.

Functions

[TokenType.Done] (data, pos)

Parse done tokens

[TokenType.DoneInProc] (data, pos)

Parses a DoneInProc token received after executing a SP

[TokenType.DoneProc] (data, pos)

Parses a DoneProc token received after executing a SP

[TokenType.EnvironmentChange] (data, pos)

Parse environment change tokens (This function is not implemented and simply moves the pos offset)

[TokenType.ErrorMessage] (data, pos)

Parse error message tokens

[TokenType.InformationMessage] (data, pos)

Parse information message tokens

[TokenType.LoginAcknowledgement] (data, pos)

Parse login acknowledgment tokens

[TokenType.OrderBy] (data, pos)

Parses a OrderBy token

[TokenType.ReturnStatus] (data, pos)

Parses a ReturnStatus token

[TokenType.TDS7Results] (data, pos)

Parse TDS result tokens

_GetSpLookupTable (self)

Returns a lookup table that maps revision numbers to service pack levels for the applicable SQL Server version (e.g. { {1600, "RTM"}, {2531, "SP1"} }).

_InferProductVersion (self)

Using the version number, determines the product version

_ParseSsrpString (host, ssrpString)

Parses an SSRP string and returns a table containing one or more SqlServerInstanceInfo objects created from the parsed string.

_ParseVersionInfo (self)

Processes version data to determine (if possible) the product version, service pack level and patch status.

_ProcessResponse (host, responseData)

AddOrMergeInstance (newInstance)

Adds an instance to the list of instances kept in the Nmap registry for shared use by SQL Server scripts.

Connect (self, host, port)

Establishes a connection to the SQL server

Connect (self, host, port)

Establishes a connection to the SQL server

ConnectEx (self, instanceInfo, host, port)

Establishes a connection to the SQL server

ConnectEx (self, instanceInfo, host, port)

Establishes a connection to the SQL server

ConnectToNamedPipe (self, host, pipePath, overrides, smbOverrides)

Establishes a connection to the SQL server

Disconnect (self)

Disconnects from the SQL Server

Disconnect (self)

Disconnects from the SQL Server

Discover (host)

Attempts to discover SQL Server instances by a variety of means.

DiscoverBySmb (host, port)

Attempts to discover SQL Server instances listening on default named pipes.

DiscoverBySsrp (host, port, broadcast)

Attempts to discover SQL Server instances using SSRP to query one or more (if broadcast is used) SQL Server Browser services.

DiscoverByTcp (host, port)

Attempts to discover a SQL Server instance listening on the specified port.

DiscoverDACPort (host, instanceName)

Queries the SQL Browser service for the DAC port of the specified instance

DiscoverInstances (host, port)

Attempts to retrieve information about SQL Server instances by querying the SQL Server Browser service on a host.

DiscoverInstances_Broadcast (host, port)

Attempts to retrieve information about SQL Server instances by querying the SQL Server Browser service on a broadcast domain.

FormatOutputTable (tbl, with_headers)

Takes a table as returned by Query and does some fancy formatting better suitable for stdnse.output_result

FromBytes (bytes)

Reads a byte-string and creates a PreLoginPacket object from it. This is intended to handle the server's response to a pre-login request.

FromWideChar (wstr)

Concerts a wide string to string

GetDiscoveredInstances (host, port)

Gets a table containing SqlServerInstanceInfo objects discovered on the specified host (and port, if specified).

GetHostrule_Standard ()

Returns a hostrule for standard SQL Server scripts, which will return true if one or more instances have been targeted with the mssql.instance script argument.

GetInstanceVersion (instanceInfo)

Attempts to connect to a SQL Server instance listening on a TCP port in order to determine the version of the SSNetLib DLL, which is an authoritative version number for the SQL Server instance itself.

GetLoginCredentials (instanceInfo)

Returns a username-password set according to the following rules of precedence:

GetLoginCredentials_All (instanceInfo)

Returns all of the credentials available for the target instance, including any set by the mssql.username and mssql.password script arguments.

GetName (self)

Returns a name for the instance, based on the available information.

GetNamedPipeName (self)

Gets the name of the name pipe, or nil

GetPortrule_Standard ()

Returns a portrule for standard SQL Server scripts

GetTargetInstances (host, port)

Gets a table containing SqlServerInstanceInfo objects for the instances that should be run against, based on the script-args (e.g. mssql.instance)

HasNetworkProtocols (self)

Indicates whether this instance has networking protocols enabled, such that scripts could attempt to connect to it.

Login (self, username, password, database, servername)

Authenticates to SQL Server.

LoginEx (self, instanceInfo, database, servername)

Authenticates to SQL Server, using the credentials returned by Helper.GetLoginCredentials().

Merge (self, other, overwrite)

Merges the data from one SqlServerInstanceInfo object into another.

ParseToken (data, pos)

Parses the first token at positions pos

PopulateNmapPortVersion (self, port)

Uses the information in this SqlServerVersionInformation object to populate the version information in an Nmap port table for a SQL Server TCP listener.

Query (self, query)

Performs a SQL query and parses the response

Receive (self)

Receives responses from SQL Server

Send (self, packetType, packetData)

Send a TDS request to the server

SetDatabase (self, database)

Sets the database used in authentication

SetInstanceName (self, instanceName)

Sets the instance name of the target

SetIsClustered (self, isClustered)

Sets whether the instance is in a cluster

SetPassword (self, password)

Sets the password used for authentication

SetRequestEncryption (self, requestEncryption)

Sets whether to request encryption (default = false)

SetRequestMars (self, requestMars)

Sets whether to request MARS support (default = undefined)

SetServer (self, server)

Sets the server's name used in authentication

SetTimeout (self, timeout)

Sets the timeout for communication over the socket

SetUsername (self, username)

Sets the username used for authentication

SetVersion (self, versionInfo)

Sets the client version (default = 9.00.1399.00)

SetVersion (self, versionInfo)

Sets the client version (default = 9.00.1399.00)

SetVersionNumber (self, versionNumber, source)

Sets the version using a version number string.

TDS7CryptPass (password)

Encrypts a password using the TDS7 *ultra secure* XOR encryption

ToBytes (self)

Returns the pre-login packet as a byte string

ToString (self)

Returns the authentication packet as string

ToString (self)

Returns the authentication packet as string

ToString (self)

Returns the authentication packet as string

ToWideChar (str)

Converts a string to a wide string

WasDiscoveryPerformed (host)

Returns true if discovery has been performed to detect SQL Server instances on the given host



Functions

[TokenType.Done] (data, pos)

Parse done tokens

Parameters

  • data: string containing "raw" data
  • pos: number containing offset into data

Return values:

  1. pos number containing new offset after parse
  2. token table containing token specific fields
[TokenType.DoneInProc] (data, pos)

Parses a DoneInProc token received after executing a SP

Parameters

  • data: string containing "raw" data
  • pos: number containing offset into data

Return values:

  1. pos number containing new offset after parse
  2. token table containing token specific fields
[TokenType.DoneProc] (data, pos)

Parses a DoneProc token received after executing a SP

Parameters

  • data: string containing "raw" data
  • pos: number containing offset into data

Return values:

  1. pos number containing new offset after parse
  2. token table containing token specific fields
[TokenType.EnvironmentChange] (data, pos)

Parse environment change tokens (This function is not implemented and simply moves the pos offset)

Parameters

  • data: string containing "raw" data
  • pos: number containing offset into data

Return values:

  1. pos number containing new offset after parse
  2. token table containing token specific fields
[TokenType.ErrorMessage] (data, pos)

Parse error message tokens

Parameters

  • data: string containing "raw" data
  • pos: number containing offset into data

Return values:

  1. pos number containing new offset after parse
  2. token table containing token specific fields
[TokenType.InformationMessage] (data, pos)

Parse information message tokens

Parameters

  • data: string containing "raw" data
  • pos: number containing offset into data

Return values:

  1. pos number containing new offset after parse
  2. token table containing token specific fields
[TokenType.LoginAcknowledgement] (data, pos)

Parse login acknowledgment tokens

Parameters

  • data: string containing "raw" data
  • pos: number containing offset into data

Return values:

  1. pos number containing new offset after parse
  2. token table containing token specific fields
[TokenType.OrderBy] (data, pos)

Parses a OrderBy token

Parameters

  • data: string containing "raw" data
  • pos: number containing offset into data

Return values:

  1. pos number containing new offset after parse
  2. token table containing token specific fields
[TokenType.ReturnStatus] (data, pos)

Parses a ReturnStatus token

Parameters

  • data: string containing "raw" data
  • pos: number containing offset into data

Return values:

  1. pos number containing new offset after parse
  2. token table containing token specific fields
[TokenType.TDS7Results] (data, pos)

Parse TDS result tokens

Parameters

  • data: string containing "raw" data
  • pos: number containing offset into data

Return values:

  1. pos number containing new offset after parse
  2. token table containing token specific fields
_GetSpLookupTable (self)

Returns a lookup table that maps revision numbers to service pack levels for the applicable SQL Server version (e.g. { {1600, "RTM"}, {2531, "SP1"} }).

Parameters

  • self:
_InferProductVersion (self)

Using the version number, determines the product version

Parameters

  • self:
_ParseSsrpString (host, ssrpString)

Parses an SSRP string and returns a table containing one or more SqlServerInstanceInfo objects created from the parsed string.

Parameters

  • host:
  • ssrpString:
_ParseVersionInfo (self)

Processes version data to determine (if possible) the product version, service pack level and patch status.

Parameters

  • self:
_ProcessResponse (host, responseData)

Parameters

  • host:
  • responseData:
AddOrMergeInstance (newInstance)

Adds an instance to the list of instances kept in the Nmap registry for shared use by SQL Server scripts.

If the registry already contains the instance, any new information is merged into the existing instance info. This may happen, for example, when an instance is discovered via named pipes, but the same instance has already been discovered via SSRP; this will prevent duplicates, where possible.

Parameters

  • newInstance:
Connect (self, host, port)

Establishes a connection to the SQL server

Parameters

  • self:
  • host: table containing host information
  • port: table containing port information

Return values:

  1. status true on success, false on failure
  2. result containing error message on failure
Connect (self, host, port)

Establishes a connection to the SQL server

Parameters

  • self:
  • host: table containing host information
  • port: table containing port information

Return values:

  1. status true on success, false on failure
  2. result containing error message on failure
ConnectEx (self, instanceInfo, host, port)

Establishes a connection to the SQL server

Parameters

  • self:
  • instanceInfo:
  • host: table containing host information
  • port: table containing port information

Return values:

  1. status true on success, false on failure
  2. result containing error message on failure
ConnectEx (self, instanceInfo, host, port)

Establishes a connection to the SQL server

Parameters

  • self:
  • instanceInfo:
  • host: table containing host information
  • port: table containing port information

Return values:

  1. status true on success, false on failure
  2. result containing error message on failure
ConnectToNamedPipe (self, host, pipePath, overrides, smbOverrides)

Establishes a connection to the SQL server

Parameters

  • self:
  • host: A host table for the target host
  • pipePath: The path to the named pipe of the target SQL Server (e.g. "\MSSQL$SQLEXPRESS\sql\query"). If nil, "\sql\query\" is used.
  • overrides:
  • smbOverrides: (Optional) An overrides table for calls to the smb library (for use with named pipes).

Return values:

  1. status: true on success, false on failure
  2. error_message: an error message, or nil
Disconnect (self)

Disconnects from the SQL Server

Parameters

  • self:

Return values:

  1. status true on success, false on failure
  2. result containing error message on failure
Disconnect (self)

Disconnects from the SQL Server

Parameters

  • self:

Return values:

  1. status true on success, false on failure
  2. result containing error message on failure
Discover (host)

Attempts to discover SQL Server instances by a variety of means.

This function calls the three DiscoverBy functions, which perform the actual discovery. Any discovered instances can be retrieved using mssql.Helper.GetDiscoveredInstances().

Parameters

  • host: Host table as received by the script action function
DiscoverBySmb (host, port)

Attempts to discover SQL Server instances listening on default named pipes.

Any discovered instances are returned, as well as being stored for use by other scripts (see mssql.Helper.GetDiscoveredInstances()).

Parameters

  • host: A host table for the target.
  • port: A port table for the port to connect on for SMB

Return value:

(status, result) If status is true, result is a table of SqlServerInstanceInfo objects. If status is false, result is an error message or nil.
DiscoverBySsrp (host, port, broadcast)

Attempts to discover SQL Server instances using SSRP to query one or more (if broadcast is used) SQL Server Browser services.

Any discovered instances are returned, as well as being stored for use by other scripts (see mssql.Helper.GetDiscoveredInstances()).

Parameters

  • host: A host table for the target.
  • port: (Optional) A port table for the target port. If this is nil, the default SSRP port (UDP 1434) is used.
  • broadcast: If true, this will be done with an SSRP broadcast, and host should contain the broadcast specification (e.g. ip = "255.255.255.255").

Return value:

(status, result) If status is true, result is a table of tables containing SqlServerInstanceInfo objects. The top-level table is indexed by IP address. If status is false, result is an error message.
DiscoverByTcp (host, port)

Attempts to discover a SQL Server instance listening on the specified port.

If an instance is discovered, it is returned, as well as being stored for use by other scripts (see mssql.Helper.GetDiscoveredInstances()).

Parameters

  • host: A host table for the target.
  • port: A port table for the target port.

Return value:

(status, result) If status is true, result is a table of SqlServerInstanceInfo objects. If status is false, result is an error message or nil.
DiscoverDACPort (host, instanceName)

Queries the SQL Browser service for the DAC port of the specified instance

The DAC (Dedicated Admin Connection) port allows DBA's to connect to the database when normal connection attempts fail, for example, when the server is hanging, out of memory or other bad states.

Parameters

  • host: Host table as received by the script action function
  • instanceName: the instance name to probe for a DAC port

Return value:

number containing the DAC port on success or nil on failure
DiscoverInstances (host, port)

Attempts to retrieve information about SQL Server instances by querying the SQL Server Browser service on a host.

Parameters

  • host: A host table for the target host
  • port: (Optional) A port table for the target SQL Server Browser service

Return value:

(status, result) If status is true, result is a table of SqlServerInstanceInfo objects. If status is false, result is an error message.
DiscoverInstances_Broadcast (host, port)

Attempts to retrieve information about SQL Server instances by querying the SQL Server Browser service on a broadcast domain.

Parameters

  • host: A host table for the broadcast specification
  • port: (Optional) A port table for the target SQL Server Browser service

Return value:

(status, result) If status is true, result is a table of tables containing SqlServerInstanceInfo objects. The top-level table is indexed by IP address. If status is false, result is an error message.
FormatOutputTable (tbl, with_headers)

Takes a table as returned by Query and does some fancy formatting better suitable for stdnse.output_result

Parameters

  • tbl: as received by Helper.Query
  • with_headers: boolean true if output should contain column headers

Return value:

table suitable for stdnse.output_result
FromBytes (bytes)

Reads a byte-string and creates a PreLoginPacket object from it. This is intended to handle the server's response to a pre-login request.

Parameters

  • bytes:
FromWideChar (wstr)

Concerts a wide string to string

Parameters

  • wstr: containing the wide string to convert

Return value:

string with every other character removed
GetDiscoveredInstances (host, port)

Gets a table containing SqlServerInstanceInfo objects discovered on the specified host (and port, if specified).

Parameters

  • host: A host table for the target host
  • port: (Optional) If omitted, all of the instances for the host will be returned.

Return value:

A table containing SqlServerInstanceInfo objects, or nil
GetHostrule_Standard ()

Returns a hostrule for standard SQL Server scripts, which will return true if one or more instances have been targeted with the mssql.instance script argument.

However, if a previous script has failed to find any SQL Server instances on the host, the hostrule function will return false to keep further scripts from running unnecessarily on that host.

Return value:

A hostrule function (use as hostrule = mssql.GetHostrule_Standard())
GetInstanceVersion (instanceInfo)

Attempts to connect to a SQL Server instance listening on a TCP port in order to determine the version of the SSNetLib DLL, which is an authoritative version number for the SQL Server instance itself.

Parameters

  • instanceInfo: An instance of SqlServerInstanceInfo

Return values:

  1. status true on success, false on failure
  2. versionInfo an instance of mssql.SqlServerVersionInfo, or nil
GetLoginCredentials (instanceInfo)

Returns a username-password set according to the following rules of precedence:

* If the mssql.username and mssql.password script arguments were set, their values are used. (If the username argument was specified without the password argument, a blank password is used.) * If the password for the "sa" account has been discovered (e.g. by the ms-sql-empty-password or ms-sql-brute scripts), these credentials are used. * If other credentials have been discovered, the first of these in the table are used. * Otherwise, nil is returned.

Parameters

  • instanceInfo: A SqlServerInstanceInfo object for the target instance

Return value:

(username, password)
GetLoginCredentials_All (instanceInfo)

Returns all of the credentials available for the target instance, including any set by the mssql.username and mssql.password script arguments.

Parameters

  • instanceInfo: A SqlServerInstanceInfo object for the target instance

Return value:

A table of usernames mapped to passwords (i.e. creds[ username ] = password)
GetName (self)

Returns a name for the instance, based on the available information.

This may take one of the following forms: * HOST\INSTANCENAME * PIPENAME * HOST:PORT

Parameters

  • self:
GetNamedPipeName (self)

Gets the name of the name pipe, or nil

Parameters

  • self:
GetPortrule_Standard ()

Returns a portrule for standard SQL Server scripts

The portrule return true if BOTH of the following conditions are met: * The port has been identified as "ms-sql-s" * The mssql.instance script argument has NOT been used

Return value:

A portrule function (use as portrule = mssql.GetPortrule_Standard())
GetTargetInstances (host, port)

Gets a table containing SqlServerInstanceInfo objects for the instances that should be run against, based on the script-args (e.g. mssql.instance)

Parameters

  • host: Host table as received by the script action function
  • port: (Optional) Port table as received by the script action function

Return values:

  1. status True on success, false on failure
  2. instances If status is true, this will be a table with one or more SqlServerInstanceInfo objects. If status is false, this will be an error message.
HasNetworkProtocols (self)

Indicates whether this instance has networking protocols enabled, such that scripts could attempt to connect to it.

Parameters

  • self:
Login (self, username, password, database, servername)

Authenticates to SQL Server.

If login fails, one of the following error messages will be returned: * "Password is expired" * "Must change password at next logon" * "Account is locked out" * "Login Failed"

Parameters

  • self:
  • username: string containing the username for authentication
  • password: string containing the password for authentication
  • database: string containing the database to access
  • servername: string containing the name or ip of the remote server

Return values:

  1. status true on success, false on failure
  2. result containing error message on failure
  3. errorDetail nil or a LoginErrorType value, if available
LoginEx (self, instanceInfo, database, servername)

Authenticates to SQL Server, using the credentials returned by Helper.GetLoginCredentials().

If the login is rejected by the server, the error code will be returned, as a number in the form of a mssql.LoginErrorType (for which error messages can be looked up in mssql.LoginErrorMessage).

Parameters

  • self:
  • instanceInfo: a SqlServerInstanceInfo object for the instance to log into
  • database: string containing the database to access
  • servername: string containing the name or ip of the remote server

Return values:

  1. status true on success, false on failure
  2. result containing error code or error message
Merge (self, other, overwrite)

Merges the data from one SqlServerInstanceInfo object into another.

Each field in the first object is populated with the data from that field in second object if the first object's field is nil OR if overwrite is set to true. A special case is made for the version field, which is only overwritten in the second object has more reliable version information. The second object is not modified.

Parameters

  • self:
  • other:
  • overwrite:
ParseToken (data, pos)

Parses the first token at positions pos

Parameters

  • data: string containing "raw" data
  • pos: number containing offset into data

Return values:

  1. pos number containing new offset after parse or -1 on error
  2. token table containing token specific fields or error message on error
PopulateNmapPortVersion (self, port)

Uses the information in this SqlServerVersionInformation object to populate the version information in an Nmap port table for a SQL Server TCP listener.

Parameters

  • self: A SqlServerVersionInformation object
  • port: An Nmap port table corresponding to the instance
Query (self, query)

Performs a SQL query and parses the response

Parameters

  • self:
  • query: string containing the SQL query

Return values:

  1. status true on success, false on failure
  2. table containing a table of columns for each row or error message on failure
Receive (self)

Receives responses from SQL Server

The function continues to read and assemble a response until the server responds with the last response flag set

Parameters

  • self:

Return values:

  1. status true on success, false on failure
  2. result containing raw data contents or error message on failure
  3. errorDetail nil, or additional information about an error. In the case of named pipes, this will be an SMB error name (e.g. NT_STATUS_PIPE_DISCONNECTED)
Send (self, packetType, packetData)

Send a TDS request to the server

Parameters

  • self:
  • packetType: A PacketType, indicating the type of TDS packet being sent.
  • packetData: A string containing the raw data to send to the server

Return values:

  1. status true on success, false on failure
  2. result containing error message on failure
SetDatabase (self, database)

Sets the database used in authentication

Parameters

  • self:
  • database: string containing the database name
SetInstanceName (self, instanceName)

Sets the instance name of the target

Parameters

  • self:
  • instanceName: A string containing the name of the instance
SetIsClustered (self, isClustered)

Sets whether the instance is in a cluster

Parameters

  • self:
  • isClustered: Boolean true or the string "Yes" are interpreted as true; all other values are interpreted as false.
SetPassword (self, password)

Sets the password used for authentication

Parameters

  • self:
  • password: string containing the password to user for authentication
SetRequestEncryption (self, requestEncryption)

Sets whether to request encryption (default = false)

Parameters

  • self:
  • requestEncryption: A boolean indicating whether encryption will be requested
SetRequestMars (self, requestMars)

Sets whether to request MARS support (default = undefined)

Parameters

  • self:
  • requestMars: A boolean indicating whether MARS support will be requested
SetServer (self, server)

Sets the server's name used in authentication

Parameters

  • self:
  • server: string containing the name or ip of the server
SetTimeout (self, timeout)

Sets the timeout for communication over the socket

Parameters

  • self:
  • timeout: number containing the new socket timeout in ms
SetUsername (self, username)

Sets the username used for authentication

Parameters

  • self:
  • username: string containing the username to user for authentication
SetVersion (self, versionInfo)

Sets the client version (default = 9.00.1399.00)

Parameters

  • self:
  • versionInfo: A SqlServerVersionInfo object with the client version information
SetVersion (self, versionInfo)

Sets the client version (default = 9.00.1399.00)

Parameters

  • self:
  • versionInfo: A SqlServerVersionInfo object with the client version information
SetVersionNumber (self, versionNumber, source)

Sets the version using a version number string.

Parameters

  • self:
  • versionNumber: a version number string (e.g. "9.00.1399.00")
  • source: a string indicating the source of the version info (e.g. "SSRP", "SSNetLib")
TDS7CryptPass (password)

Encrypts a password using the TDS7 *ultra secure* XOR encryption

Parameters

  • password: string containing the password to encrypt

Return value:

string containing the encrypted password
ToBytes (self)

Returns the pre-login packet as a byte string

Parameters

  • self:

Return value:

byte string containing the pre-login packet
ToString (self)

Returns the authentication packet as string

Parameters

  • self:

Return value:

string containing the authentication packet
ToString (self)

Returns the authentication packet as string

Parameters

  • self:

Return value:

string containing the authentication packet
ToString (self)

Returns the authentication packet as string

Parameters

  • self:

Return value:

string containing the authentication packet
ToWideChar (str)

Converts a string to a wide string

Parameters

  • str: string to be converted

Return value:

string containing a two byte representation of str where a zero byte character has been tagged on to each character.
WasDiscoveryPerformed (host)

Returns true if discovery has been performed to detect SQL Server instances on the given host

Parameters

  • host:

Nmap Site Navigation

Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]