Home page logo
/

pauldotcom logo PaulDotCom mailing list archives

Re: extracting MSSQL from a pcap
From: Erik Hjelmvik <erik.hjelmvik () gmail com>
Date: Thu, 28 Nov 2013 21:00:58 +0100

Hi Robin,

NetworkMiner parses MS-SQL from PCAP files and extracts all SQL
queries etc to the "Parameters" tab.
Login credentials are also extracted and displayed on the Credentials tab.

Btw. you do know that NetworkMiner runs fine in Linux as well, right?
http://www.netresec.com/?page=Blog&month=2011-12&post=No-more-Wine---NetworkMiner-in-Linux-with-Mono

/erik

2013/11/26 Robin Wood <robin () digininja org>:

On 26 Nov 2013 18:58, "c1b3rh4ck" <c1b3rh4ck () gmail com> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

El 25/11/2013 06:09 p.m., Robin Wood escribió:
I've got a pcap which contains unencrypted MSSQL traffic, can
anyone recommend an app which will extract all the SQL?

I can see it in Wireshark but it isn't decoding it for some reason,
if I save the packets as text I can manipulate it into mostly
readable form by some simple replaces but would rather a nice clean
extraction, especially as I know this has usernames and passwords
in.

Robin _______________________________________________ Pauldotcom
mailing list Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main
Web Site: http://pauldotcom.com


Hi,
You can use  python libraries to parse the content,take a look at scapy :)
Best regards .

Does Scapy have a dissector for MSSQL/TDS?

Robin


- ------------------------------
Debian User
Penetration Testing
Colombian Security Enthusiast
Paranoid Security Addict
LinuxUser #506301
- ------------------------------------
Quien se infiltra en la oscuridad,es Quien encuentra la verdad .Lao Tse
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJSlOVJAAoJEH744K9jmDitVSEH+weDHbDNoNoJ3hgLrFPYvVuV
ZLymjMxLVaJH5OJRlQi+wIBhnJ1s5pmWXPAva57nGspO36rROIEylUCmYL/GAFvO
rj8QL/EvsWJaAMyo+kLeTwvVQ6l6q0GjStluaicOMT7SwOc8lRyjJ+LByUaCSM5I
nOXlKffvwOj3Y1WzA8Qviy3RAHCmWGDN7vI8mrTvb1tdXjt4ui+aDpcRwuysbLR2
BAoCMPtQMzr0Dq+Scw/suIfTVnP1JkHjL9XZlwuZLQHL5pRZ7bNu9jT1v2M9/zBH
vxgddslFYYsaXvht1C9AhaJNZMk4TcCOQY/57HfC+0VPi5UbFqwYRLzObZ3IbUU=
=OW3f
-----END PGP SIGNATURE-----
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com



-- 
blog: http://www.netresec.com/?page=Blog
twitter: http://twitter.com/netresec
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault