Link Logger Home ZyXel Banner Binary Visions
Netgear
LinkSYS
Router

SQL Server
Link Logger for Windows
Home Home Product Info Product Info Download Download/Purchase Support Support  
Link Logger for Windows

NewsLatest News

Screen ShotsScreenshots

Customer CommentsFeedback

Common ScansScans

Additional ResourcesResources

PortPeekerPortPeeker

PortPeeker Capture of SQL Server Connection Attempt

This was an attack where the user was looking to connect to an SQL Server by attempting a couple of userid / password combinations.  Traffic is over TCP port 1433 and usually involves a tool like SQLBF which uses a list of common ids and passwords.

 

Attempt 1 Userid = sa / Password = sa

195.96.81.133 : 3438 TCP Data In : MD5 = 41B43F22223FBCCD9B23CD05E842C00F
--- 07/05/2003 15:50:11.491
0000   02 00 02 00 00 00 01 00 41 44 56 53 45 52 56 45      ........ADVSERVE
0010   52 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      R...............
0020   00 00 00 00 00 00 09 73 61 00 00 00 00 00 00 00      .......sa.......
0030   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0040   00 00 00 00 00 02 73 61 00 00 00 00 00 00 00 00      ......sa........
0050   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0060   00 00 00 00 02 30 30 30 30 30 64 30 34 00 00 00      .....00000d04...
0070   00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 67      ..............`g
0080   07 C3 83 08 03 01 06 0A 09 01 01 00 00 00 00 00      ................
0090   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
00A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
00B0   00 00 00 36 38 2E 31 34 34 2E 31 39 32 2E 32 32      ...68.144.192.22
00C0   37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      7...............
00D0   00 0E 00 02 73 61 00 00 00 00 00 00 00 00 00 00      ....sa..........
00E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
00F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0100   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0110   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0120   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0130   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0140   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0150   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0160   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0170   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0180   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
01A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
01B0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
01C0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
01D0   00 04 04 02 00 00 4F 44 42 43 00 00 00 00 00 00      ......ODBC......
01E0   04 06 00 00 00 00 0D 11 00 00 00 00 00 00 00 00      ................
01F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0200   02 01 00 47 00 00 02 00 00 00 00 00 00 00 00 01      ...G............
0210   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0220   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0230   00 00 00 00 00 00 00 00 00 00 00 00 00 30 30 30      .............000
0240   00 00 00 03 00 00 00                                 .......
 

Attempt 2 Userid = sa / Password = blank

195.96.81.133 : 3444 TCP Data In : MD5 = B5A989EE4EE3F8FD087D0C16B1EC88CD
--- 07/05/2003 15:50:31.180
0000   02 00 02 00 00 00 01 00 41 44 56 53 45 52 56 45      ........ADVSERVE
0010   52 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      R...............
0020   00 00 00 00 00 00 09 73 61 00 00 00 00 00 00 00      .......sa.......
0030   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0040   00 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00      ................
0050   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0060   00 00 00 00 00 30 30 30 30 30 64 30 34 00 00 00      .....00000d04...
0070   00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 67      ..............`g
0080   07 C3 83 08 03 01 06 0A 09 01 01 00 00 00 00 00      ................
0090   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
00A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
00B0   00 00 00 36 38 2E 31 34 34 2E 31 39 32 2E 32 32      ...68.144.192.22
00C0   37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      7...............
00D0   00 0E 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
00E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
00F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0100   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0110   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0120   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0130   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0140   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0150   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0160   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0170   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0180   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
01A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
01B0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
01C0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
01D0   00 02 04 02 00 00 4F 44 42 43 00 00 00 00 00 00      ......ODBC......
01E0   04 06 00 00 00 00 0D 11 00 00 00 00 00 00 00 00      ................
01F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0200   02 01 00 47 00 00 02 00 00 00 00 00 00 00 00 01      ...G............
0210   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0220   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0230   00 00 00 00 00 00 00 00 00 00 00 00 00 30 30 30      .............000
0240   00 00 00 03 00 00 00                                 .......
 

Attempt 3 Userid = sa / Password = admin

195.96.81.133 : 3445 TCP Data In : MD5 = 8090FEDA0E6A398BE0DA7FBBDAAEBEF7
--- 07/05/2003 15:50:50.057
0000   02 00 02 00 00 00 01 00 41 44 56 53 45 52 56 45      ........ADVSERVE
0010   52 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      R...............
0020   00 00 00 00 00 00 09 73 61 00 00 00 00 00 00 00      .......sa.......
0030   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0040   00 00 00 00 00 02 61 64 6D 69 6E 00 00 00 00 00      ......admin.....
0050   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0060   00 00 00 00 05 30 30 30 30 30 64 30 34 00 00 00      .....00000d04...
0070   00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 67      ..............`g
0080   07 C3 83 08 03 01 06 0A 09 01 01 00 00 00 00 00      ................
0090   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
00A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
00B0   00 00 00 36 38 2E 31 34 34 2E 31 39 32 2E 32 32      ...68.144.192.22
00C0   37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      7...............
00D0   00 0E 00 05 61 64 6D 69 6E 00 00 00 00 00 00 00      ....admin.......
00E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
00F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0100   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0110   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0120   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0130   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0140   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0150   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0160   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0170   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0180   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
01A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
01B0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
01C0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
01D0   00 07 04 02 00 00 4F 44 42 43 00 00 00 00 00 00      ......ODBC......
01E0   04 06 00 00 00 00 0D 11 00 00 00 00 00 00 00 00      ................
01F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0200   02 01 00 47 00 00 02 00 00 00 00 00 00 00 00 01      ...G............
0210   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0220   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0230   00 00 00 00 00 00 00 00 00 00 00 00 00 30 30 30      .............000
0240   00 00 00 03 00 00 00                                 .......
 

Attempt 4 Userid = sa / Password = root

195.96.81.133 : 3446 TCP Data In : MD5 = 0FEE48CF7476B793833197E5178F2EF0
--- 07/05/2003 15:51:09.014
0000   02 00 02 00 00 00 01 00 41 44 56 53 45 52 56 45      ........ADVSERVE
0010   52 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      R...............
0020   00 00 00 00 00 00 09 73 61 00 00 00 00 00 00 00      .......sa.......
0030   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0040   00 00 00 00 00 02 72 6F 6F 74 00 00 00 00 00 00      ......root......
0050   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0060   00 00 00 00 04 30 30 30 30 30 64 30 34 00 00 00      .....00000d04...
0070   00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 67      ..............`g
0080   07 C3 83 08 03 01 06 0A 09 01 01 00 00 00 00 00      ................
0090   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
00A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
00B0   00 00 00 36 38 2E 31 34 34 2E 31 39 32 2E 32 32      ...68.144.192.22
00C0   37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      7...............
00D0   00 0E 00 04 72 6F 6F 74 00 00 00 00 00 00 00 00      ....root........
00E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
00F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0100   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0110   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0120   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0130   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0140   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0150   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0160   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0170   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0180   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
01A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
01B0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
01C0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
01D0   00 06 04 02 00 00 4F 44 42 43 00 00 00 00 00 00      ......ODBC......
01E0   04 06 00 00 00 00 0D 11 00 00 00 00 00 00 00 00      ................
01F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0200   02 01 00 47 00 00 02 00 00 00 00 00 00 00 00 01      ...G............
0210   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0220   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0230   00 00 00 00 00 00 00 00 00 00 00 00 00 30 30 30      .............000
0240   00 00 00 03 00 00 00                                 .......
 

Attempt 5 Userid = sa / Password = 1

195.96.81.133 : 3447 TCP Data In : MD5 = 42FC8C3E9155FB7FFC4015CB0A048956
--- 07/05/2003 15:51:27.901
0000   02 00 02 00 00 00 01 00 41 44 56 53 45 52 56 45      ........ADVSERVE
0010   52 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      R...............
0020   00 00 00 00 00 00 09 73 61 00 00 00 00 00 00 00      .......sa.......
0030   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0040   00 00 00 00 00 02 31 00 00 00 00 00 00 00 00 00      ......1.........
0050   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0060   00 00 00 00 01 30 30 30 30 30 64 30 34 00 00 00      .....00000d04...
0070   00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 67      ..............`g
0080   07 C3 83 08 03 01 06 0A 09 01 01 00 00 00 00 00      ................
0090   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
00A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
00B0   00 00 00 36 38 2E 31 34 34 2E 31 39 32 2E 32 32      ...68.144.192.22
00C0   37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      7...............
00D0   00 0E 00 01 31 00 00 00 00 00 00 00 00 00 00 00      ....1...........
00E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
00F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0100   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0110   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0120   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0130   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0140   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0150   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0160   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0170   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0180   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
01A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
01B0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
01C0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
01D0   00 03 04 02 00 00 4F 44 42 43 00 00 00 00 00 00      ......ODBC......
01E0   04 06 00 00 00 00 0D 11 00 00 00 00 00 00 00 00      ................
01F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0200   02 01 00 47 00 00 02 00 00 00 00 00 00 00 00 01      ...G............
0210   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0220   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0230   00 00 00 00 00 00 00 00 00 00 00 00 00 30 30 30      .............000
0240   00 00 00 03 00 00 00                                 .......
 

 

Attempt 6 Userid = sql / Password = sql123

195.96.81.133 : 4439 TCP Data In : MD5 = CAD2EC8E7C671B6A68E820F009280EA7
--- 07/05/2003 15:51:46.668
0000   02 00 02 00 00 00 01 00 41 44 56 53 45 52 56 45      ........ADVSERVE
0010   52 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      R...............
0020   00 00 00 00 00 00 09 73 71 6C 00 00 00 00 00 00      .......sql......
0030   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0040   00 00 00 00 00 03 73 71 6C 31 32 33 00 00 00 00      ......sql123....
0050   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0060   00 00 00 00 06 30 30 30 30 30 64 30 34 00 00 00      .....00000d04...
0070   00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 67      ..............`g
0080   07 C3 83 08 03 01 06 0A 09 01 01 00 00 00 00 00      ................
0090   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
00A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
00B0   00 00 00 36 38 2E 31 34 34 2E 31 39 32 2E 32 32      ...68.144.192.22
00C0   37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      7...............
00D0   00 0E 00 06 73 71 6C 31 32 33 00 00 00 00 00 00      ....sql123......
00E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
00F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0100   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0110   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0120   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0130   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0140   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0150   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0160   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0170   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0180   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
01A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
01B0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
01C0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
01D0   00 08 04 02 00 00 4F 44 42 43 00 00 00 00 00 00      ......ODBC......
01E0   04 06 00 00 00 00 0D 11 00 00 00 00 00 00 00 00      ................
01F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0200   02 01 00 47 00 00 02 00 00 00 00 00 00 00 00 01      ...G............
0210   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0220   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00      ................
0230   00 00 00 00 00 00 00 00 00 00 00 00 00 30 30 30      .............000
0240   00 00 00 03 00 00 00                                 .......

 

While PortPeeker is not an officially supported product if you have any suggestions or find any bugs please send them to PortPeeker@LinkLogger.com