Use the Edit Sim Std Server - SQL Server dialog box to add or edit a SQL Server definition.
You will find a description of what are Sim Std Servers here.
This Sim Std Server emulates Microsoft's SQL Server database system.
The emulation is limited to enabling a visitor to attempt to log onto a database.
The visitor sends their user name and password, which will never be accepted.
MS SQL Server also has an additional USP service for providing information on SQL Severs on a network.
See the Edit Sim Std Server - SQL UDP Server section for more details.
The decoded login packet provides a number of interesting fields that can reveal a lot of information about an attacker.
|TDS version||x71000001||The version of the TDS protocol being used. TDS is the protocol used by SQL Server|
|Client version||x07000000||The version of the SQL protocol being used by the visitor|
|Time zone||-60||The time zone of the visitor. This is relative to GMT and gives a good indication of the location of the visitor|
|MAC||00 E0 7D DC E4 22||The physical network address of the visitor|
|Host||CALI||The NetBIOS name of the visitor's machine|
|User||sa||The SQL Server account the visitor is attempting to log on as.
'sa' is the standard admin account.
|Password||secret||The decrypted password the visitor is using to log on with.
Multiple attacks to this server may be due to a password dictionary attack
|App||osql||The name of the application being used to attack the server|
|Library||ODBC||The name of the underlying library being used by the visitor|
|Language||This will usually be blank to indicate the default language|
|Database||The name of the database the visitor is attempting to log on to.
This will be blank unless the visitor has used the SQL UDP Server to obtain the database name.
There are a number of different tools that can be used to automate different attacks on SQL Servers.
Examples are: sqlpoke, sqlbf and sqldict.
You can find these and more on these web sites:
|Basic||Provides a brief summary of the main points of interest in the packet.|
|Normal||Provides more details of the packet.|
|Debug||Provides all the details of the packet|