Friday, August 3, 2012

PTH with MSSQL and FreeTDS/SQSH

FreeTDS (TDS == Tabular Data Stream and is the protocol used by MSSQL and Sybase) and SQSH provide a method for connecting to Microsoft SQL servers under Linux.  Since FreeTDS is a protocol implememntation library, sqsh (SQL Shell) is used to actually interact with the MS SQL servers.  Assuming that the MS SQL servers are configured to allow Windows Integrated Authentication, we can pass the hash to login and interact with them.

The first step is to configure the .conf file to use with FreeTDS.

A sample snippet follows:
# A typical Microsoft server
[mssql]
        host = 10.2.2.19
        port = 1433
        tds version = 7.0

In this example, "mssql" is the name of the server we will pass to sqsh.
The hostname / IP is 10.2.2.19 and the port is 1433.
The TDS version is 7.0 and will work on SQL servers from SQL 2000 until the latest.

Typically the file will be stored in /etc, or in our case /opt/pth/etc/freetds.conf.  A good habit to get into is to specify the location of the file using the FREETDSCONF environmental variable, to prevent having to chase down which file is being referenced as FreeTDS could be installed in a couple of different places.

For our example, we'll add the text above into /root/freetds.conf and set the FREETDSCONF variable to point to it:

# export FREETDSCONF=/root/freetds.conf
 Now, we use sqsh to interact with the database.

The command line for sqsh looks like:

sqsh -S<config file name> -D <database name> -U <domain>\\<user> -P <password / hash>
so, as an example:

sqsh -S mssql -D master -U demo\\mssql -P 00000000000000000000000000000000:DDF5EB5351C272CB8CC4EAE015F14E3A

Where the profile name is "mssql", the domain is "demo", the username is "mssql" and we want to connect to the "master" database, with the hash "00000000000000000000000000000000:DDF5EB5351C272CB8CC4EAE015F14E3A". 

As with all the modified tools, the hash can also be specified as "00000000000000000000000000000000:DDF5EB5351C272CB8CC4EAE015F14E3A:::".


Assuming everything worked properly, you will end up with a prompt.  To issue queries, type in the query and put "go" on a separate line. 

From here, the database is your oyster....




If you see the following screen when you log in, verify the IP addresses in the configuration and validate that the credentials you are using are correct.  You might also want to verify that the account is enabled / isn't locked out, etc...




More information on SQSH can be found here: 
http://www.sqsh.org/

No comments:

Post a Comment