Hello guys,

I'm in a network security class right now... I want to use the exploit that hit SQL so hard on port 1434. The UDP exploit, I'm sure you guys know what I'm talking about. Anyway, I had always thought that this was in all SQL 2000 Installations by default, but in all my test installations for this class, I have not been able to get port 1434 open and listening period. I know that the service that runs there is called SQL Server Manager, but I cannot figure out anyway to start it. Does anyone else know more about this?

Thanks!

Isn't SQL normally running on port 1433?

yes port 1433

ill 3rd that


defo sql is on default port of 1433

no no both are right
the sqlslammer for example triggered port 1434
mssql is listening on both ports 1433 and 1434

greetz

There are two types of ports, tcp & udp. SQL runs on TCP 1433 UDP 1434...btw SYN, I think I found slammer, gonna let u check it out later.

I've got the code, that's not the problem. The problem is that I can't figure out why port 1434 UDP isn't listening by default. This was supposed to attack a default SQL Installation, but a default SQL installation for me leaves only port 1433 open. SQL manager is what runs on 1434 if that helps anyone figure this out.

if ur thinkin about hackin and scanning for expliots its usually on p1433 which is ms-sql-s aka Microsoft-SQL-Server. p1434 is ms-sql-m aka Microsoft-SQL-Monitor

if it's a default install then the sa password will be blank

Sigh... am I not phrasing my question right? I realize that it has a blank SA password, I don't care about that. I want to know why port 1434 isn't running by default when I believe it should be, and what I need to do to enable it. This is for a hacking class that I am a TA for. I know SQL has other vulnerabilities, I need to know this one.

Ok this could help you out. MSQL utilizes TCP/UDP BUT it can also use other communication methods such named pipes. In that case SQL would not be listning

Greetings,
Port 1434 (UDP) is used by MS-SQL server, provides a way for clients to query for the appropriate network endpoints to use for a particular SQL Server instance (SQL Server Resolution Service). Check at your "SQL Server Client Network Utility" At the Enabled protocols property page.

Regards,
Dinos

Two quick guesses:

1) It is really listening on port 1434 UDP, but your ISP or local IPS is preventing any UDP packets to and from that port. Microsoft's ISA server (for example) may be doing this if you are using a Windows Server as a router.

2) It is not listening on port 1434 UDP and you need to run "netstat -an" on the machine to determine for certain that it is or isn't.

It would seem I resoved this issue for myself. Even though I thought I was installing a clean default SQL 2000 installation, I was actually installing it with SP3, which fixed the little bugger on port 1434.

Curious though that now that I have it I can't get any of the exploit code working on my text box. I think the issue for me is that I have a test box that has a lot of services on it and this is changing the addressess where the services reside.

Anyone know of a way I can find out these new addresses? Someone must, that's what they have to do to write the exploit code.