2023年6月22日发(作者：)

(‘深入探索MS SQL Server 2000网络连接的安全问题’文章代码)

////////////////////////////////////////////////////////////

//

// SQLPing by refdom

//

// Author: refdom. From Chip Andrews

// Email: refdom@

//

////////////////////////////////////////////////////////////

#include "stdafx.h"

#include

#include

#include

void decode_recv (char *buf, int size)

{

int index;

int counter = 0;

for (index = 3; index < size; index++)

{

if ((buf[index] == ';') && (buf[index+1] != ';'))

{

//Look for a semi-colon and check for end of record (;;)

if ((counter % 2) == 0)

{

printf(":");

counter++;

}

else

{

printf("n");

counter++;

}

}

else

{

if (buf[index] != ';')

{

// If an end of record (;;), then double-space for next instance

printf("%c",buf[index]);

} else

{

printf("n");

}

}

}

printf("n");

}

void listen (void* v)

{

static const unsigned int buffersize = 64000;

static char buffer [buffersize];

SOCKET s = (SOCKET)v;

for (;;)

{

struct sockaddr_in udpfrom;

int udpfromlen = sizeof(udpfrom);

int n = recvfrom(s, buffer, sizeof(buffer), 0, (struct sockaddr *)&udpfrom,

&udpfromlen);

int e = WSAGetLastError();

if (n > 0 && e == 0)

decode_recv(buffer, n);

}

}

void useage()

{

printf("******************************************n");

printf("SQLPingn");

printf("t Written by Refdomn");

printf("t Email: refdom@");

printf("Useage: target_ip n");

printf("*******************************************n");

}

int main(int argc, char* argv[])

{

WSADATA WSAData; SOCKET sock;

SOCKADDR_IN addr_in;

char buf[5]={'x02'};

HANDLE listener;

useage();

if (argc<2)

{

return false;

}

if (WSAStartup(MAKEWORD(2,0),&WSAData)!=0)

{

printf("WSAStartup :%dn",WSAGetLastError());

return false;

}

if ((sock=socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP))==INVALID_SOCKET)

{

printf("Socket :%dn",WSAGetLastError());

return false;

}

addr__family=AF_INET;

addr__port=htons(1434);

addr__addr.S_un.S_addr=inet_addr(argv[1]);

const int SNDBUF = 0;

const int TCPNODELAY = true;

const int BROADCAST = true;

if (setsockopt(sock, SOL_SOCKET, SO_SNDBUF, (const char*)&SNDBUF,

sizeof(SNDBUF))==SOCKET_ERROR)

{

printf("Set SO_SNDBUF :%d",WSAGetLastError());

return false;

}

if (setsockopt(sock, SOL_SOCKET, TCP_NODELAY, (const char*)&TCPNODELAY,

sizeof(TCPNODELAY))==SOCKET_ERROR)

{

printf("Set TCP_NODELAY :%d",WSAGetLastError());

return false;

} if (setsockopt(sock, SOL_SOCKET, SO_BROADCAST, (const char*)&BROADCAST,

sizeof(BROADCAST))==SOCKET_ERROR)

{

printf("Set SO_BROADCAST :%d",WSAGetLastError());

return false;

}

listener = (HANDLE) _beginthread(listen, 0, (void*)sock);

// e = sendto(s, "08", 1, 0,(sockaddr*) &hostaddr, sizeof(hostaddr));

if (sendto(sock, buf, sizeof(buf), 0,(sockaddr*)

sizeof(addr_in))==SOCKET_ERROR)

{

printf("Send :%dn",WSAGetLastError());

return false;

}

printf("");

// wait a little while for listener thread

WaitForSingleObject(listener, 5000);

WSACleanup();

printf("SQLPing Complete.n");

return 0;

}

&addr_in,