Password Tesing using SQL Injection

From: Indian Tiger <indiantiger(at)mailandnews.com>
Date: Tue Jan 28 2003 - 04:40:42 EST

Hi,

I am trying to write a script for a password testing tool over sql server 2000.
I am using master..sysxlogins.passowrd column in which SQL server stroes all the passwords, then we comapre this column to a file sotred on the client machine. I am facing problem to compare two files one on the client & another one on the server so for that I want some way to transfer file from the clinet site to the server site.

First Step: Creating a Table Password-List create table Password-List (word char(40)) ;

Second Step: Inserting Data from Dictionary file to Password Table bulk insert Password-List from 'e:\vipul\Dictionary.txt'

Third Step: Comparing Password-List with SQL Server password table select (Password-List.word) as "Password",master..sysxlogins.name as "UserName" from master..sysxlogins,Password-List where pwdcompare(rtrim(Password-List.word),master..sysxlogins.password) = 1;

Is there any way to transfer a file from client to server using SQL injections or something else?

The file (dictionary.txt) which I am compairing is collection of thousants of words, which I have generated by some logic. One way could be to generate one password and then send it to server using sql injection like this
' UNION SELECT * FROM
OPENROWSET('SQLOLEDB','localhost';'sa';'genpwd','SELECT @@version')--

But I would be a tedious job to send all the password one by one, I want to send whole file to server so I can compare all the passwords in a single query. Please suggest something on this.

Any help, suggestion on this would be highly appriciated.

Thanking You.
Sincerely,

Indian Tiger, CISSP

---

<Pre>Do you know the base address of the Global Offset Table (GOT) on a Solaris 8 box? CORE IMPACT does.</Pre>
<A href="http://www.securityfocus.com/core"> http://www.securityfocus.com/core</A> Received on Fri Feb 28 15:38:22 2003