May 29, 2023
The version of an MSSQL database is a valuable piece of information for cyber attackers. With the version details in hand, they can attempt to find and exploit any of the version’s known vulnerabilities. As part of our research at Pentera Labs, we attempted to obtain the version of the widely-used MSSQL (Microsoft SQL Server) database.
In this blog post, we show how we detected the version with the TDS protocol, without having to authenticate. To read a more in-depth explanation of the steps we took, you can read the entire research paper here.
What is the TDS Protocol?
The Tabular Data Stream (TDS) protocol is an application layer protocol for communicating with databases – from authentication all the way to querying. By using TDS, researchers can obtain a database’s version. To do so, they can use the “Pre-Login” sequence, which includes sending data to the server and getting a reply with the version information.
The Pre-Login Packet
The Pre-Login packet consists of tokens. These tokens provide information about the database. The Version token contains the information we need. Its type is 0x00.
The Version Token’s data is made of 6 bytes:
- Major version (first byte, unsigned long)
- Minor version (second byte, unsigned long)
- Build (third and fourth bytes, unsigned short)
- Minor build (fifth and sixth bytes, always zero therefore redundant, unsigned short).
The first four bytes of the Version Token provide the database version.
Here’s an example of the data sent back from the server. The six bytes with the version information are highlighted:
A simple code is enough to extract the version from these four bytes:
The result we received is the database’s version. In this case: 15.0.2000.0
How to Mitigate
The ability to detect the database’s version with the TDS protocol relies on the database’s port being open and accessible. Therefore, mitigation involves restricting access to the port. This can be done with firewalls, iptables and host-based firewalls. To learn more about mitigation strategies and for a detailed explanation of how we leveraged the TDS protocol, read the complete paper.
Written by: Amit German
Show all articles by Amit German
Learn more about automated security validation
Resource center
Get blog updates via email
Trending
Pentera’s 2024 report reveals hundreds of security events per week, highlighting the criticality of continuous validation
Over the past two years, a shocking 51% of organizations surveyed in a leading industry report have been compromised by a cyberattack. Yes, over half. And this, in a world where enterprises deploy an average of 53 different security solutions to safeguard their digital domain. Alarming? Absolutely. A recent survey of CISOs and CIOs, commissioned […]
Four steps the financial industry can take to cope with their growing attack surface
The financial services industry has always been at the forefront of technology adoption, but the 2020 pandemic accelerated the widespread use of mobile banking apps, chat-based customer service, and other digital tools. Adobe’s 2022 FIS Trends Report, for instance, found that more than half of financial services and insurance firms surveyed experienced a notable increase […]
The elephant 🐘 in the cloud
As much as we love the cloud, we fear it as well. We love it because cloud computing services of Amazon, Azure, and Google have transformed operational efficiency and costs, saving us money, time, and alleviating much of the IT burden. We also fear it because as companies moved to the cloud, they found that […]
Learn more about our platform
Platform
<Previous
The State of Pentesting 2023: Global trends in cybersecurity
In the past 24 months, more than 88% of organizations have been breached. That’s right: almost nine out of ten companies were hacked. Considering that organizations utilize an average of 44 security solutions to protect their IT environments this number is alarming. The way enterprises handle such security threats is impacted by global trends, from […]
Next>
How to reduce exposure on the manufacturing attack surface
Digitalization initiatives are connecting once-isolated Operational Technology (OT) environments with their Information Technology (IT) counterparts. This digital transformation of the factory floor has accelerated the connection of machinery to digital systems and data. Computer systems for managing and monitoring digital systems and data have been added to the hardware and software used for managing and […]