exploit the possibilities

sqlping.c

sqlping.c
Posted Mar 15, 2001
Authored by Fyodor | Site relaygroup.com

Sqlping v1.1 (unix port) is a tool which sends a specially crafted UDP packet to port 1434 to SQL Server 2000 which will return gobs of useful info including SQL version and service pack. Based on SQLping from http://www.sqlsecurity.com.

tags | tool, web, udp, scanner
systems | unix
MD5 | c0fba301a73e0e045120f0ba1dc4620c

sqlping.c

Change Mirror Download
/* $Id: sqlping.c,v 1.1 2001/03/06 02:40:48 fygrave Exp $ */
/*
** fygrave@tigerteam.net
** http://www.relaygroup.com
**
** Unix port of m$ sql ping tool from http://www.sqlsecurity.com (reversed)
**
**
**
*/


#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/time.h>
#include <sys/select.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <errno.h>
#include <signal.h>
#include <netdb.h>


#define DEF_TIMEOUT 10
#define SQL_PORT 1434


int ssock;

int usage(char *myname) {
printf("Usage: %s ip_address [timeout] [num of packets]\n",myname);
exit(1);
}

void sig_alarm(int sig) {
close(ssock);
printf("\nNo responce received.\n");
exit(1);
}

int main(int argc,char **argv) {

int pcount;
int npack;
struct servent *sp;
struct sockaddr_in host;
struct hostent *hostaddr;
struct linger ling;
int rsize,hsize,i,timeout;
fd_set rfd,wfd;
struct timeval waitsock;
unsigned char received=0;
char rpack[]="\x02";
unsigned char buf[1000];
int junkct=0;

/* we need hostname. at least.. */
if (argc<2) {
usage(argv[0]);
exit(1);
}

/* and maybe timeout */

timeout = DEF_TIMEOUT;
npack = 1;

switch (argc) {
case 4:
npack = atoi(argv[3]);
case 3:
timeout = atoi(argv[2]);
break;
case 2:
break;
default:
printf("too much garbage\n");
usage(argv[0]);
}

if (timeout <=0) {
fprintf(stderr, "Bogus timeout period [%s]\n",argv[3]);
usage(argv[0]);
}

if (signal(SIGALRM,sig_alarm)==SIG_ERR) {
perror("signal");
exit(1);
}
alarm(timeout);

memset(&host, 0, sizeof(host));
host.sin_family = AF_INET;
host.sin_port = 0;
if (( hostaddr = gethostbyname(argv[1])) == NULL) {
herror("can't resolve remote hostname");
exit(1);
}

/* here we open socket, which we will use to send packets */

if ((ssock=socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
perror("socket");
exit(1);
}

if ((bind(ssock, (struct sockaddr *)&host, sizeof(host))) < 0 ) {
perror("bind");
close(ssock);
exit(1);
}
ling.l_onoff = 0; /* dont linger */
if(setsockopt(ssock, SOL_SOCKET,
SO_LINGER, (void *)&ling, sizeof(ling))==-1) {
perror("setsockopt error:");
close(ssock);
exit(1);
}

host.sin_port = htons(SQL_PORT);
bcopy(hostaddr->h_addr,&host.sin_addr,hostaddr->h_length);

printf("Sending %i packet(s) to %s [%s]\n(%i sec. timeout).", npack, argv[1],
inet_ntoa(host.sin_addr),timeout);


waitsock.tv_sec=0;
waitsock.tv_usec=0;


/* send packets while not receive any or interrupted */
for(;;) {

FD_ZERO(&rfd);
FD_ZERO(&wfd);
FD_SET(ssock,&rfd);
FD_SET(ssock,&wfd);


if (select(ssock+1,&rfd,&wfd,(fd_set *)0,&waitsock) == -1) {
if (errno==EINTR)
continue;
else {
perror("select");
close(ssock);
exit(1);
}
}

/* if we can write */
if (FD_ISSET(ssock,&wfd) && npack) {
if ((sendto(ssock,rpack,sizeof(rpack),
0,(struct sockaddr *)&host,
sizeof(host)))
!= sizeof(rpack)) {
perror("sendto");
if (errno == ENOBUFS ) {
sleep(1);
continue;
}
else
exit(1);
}
printf(".");
npack--;
fflush(stdout);
}
/* if something to read ... */
if (FD_ISSET(ssock,&rfd))
{
if( ( rsize = recvfrom(ssock,buf,sizeof(buf),0,
(struct sockaddr *)&host,&hsize)) <=0) continue;
printf("\nResponse:\n");
for(i=3; i<rsize; i++) {
if (buf[i] == ';')
if (junkct) {
printf("\n");
junkct=0;
} else {
if (buf[i-1] != ';')
printf("\t\t=\t");
junkct=1;
}
else
printf("%c", buf[i]);


}
received++;/* ok.. we got at least single packet */

}
if (received) break;
}
close(ssock);
printf("\n");
return 0;
}

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

May 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    16 Files
  • 2
    May 2nd
    8 Files
  • 3
    May 3rd
    8 Files
  • 4
    May 4th
    2 Files
  • 5
    May 5th
    1 Files
  • 6
    May 6th
    15 Files
  • 7
    May 7th
    22 Files
  • 8
    May 8th
    16 Files
  • 9
    May 9th
    17 Files
  • 10
    May 10th
    16 Files
  • 11
    May 11th
    3 Files
  • 12
    May 12th
    4 Files
  • 13
    May 13th
    25 Files
  • 14
    May 14th
    24 Files
  • 15
    May 15th
    78 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    16 Files
  • 18
    May 18th
    2 Files
  • 19
    May 19th
    1 Files
  • 20
    May 20th
    11 Files
  • 21
    May 21st
    21 Files
  • 22
    May 22nd
    20 Files
  • 23
    May 23rd
    36 Files
  • 24
    May 24th
    2 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close