MSSQL Credentials
Description#
General#
- Documentation: https://docs.microsoft.com/en-us/sql/
- Summary: Microsoft SQL Server is a relational database management system developed by Microsoft. This detector aims at detecting MSSQL credentials in a URI connection string or assignments. The port number can be attached to the hostname or defined separately.
- IPs allowlist: This can be set on the server side. This documentation might help on the topic.
- Scopes: Users permissions can be set by database administrators.
Revoke the secret#
A database administrator can delete a user.
Check for suspicious activity#
The server can be configured to log any activity on the database.
Details for Mssql assignment#
Family: Database
Category: Data storage
High recall: False
Validity check available: True
On-premise instances exist: True
Only valid secrets raise an alert: False
Minimum number of matches: 4
Occurrences found for one million commits: 0.08
Prefixed: False
PreValidators:
- type: FilenameBanlistPreValidator banlist_extensions: [] banlist_filenames: [] check_binaries: false include_default_banlist_extensions: true ban_markup: true- type: ContentWhitelistPreValidator patterns: - mssql
Examples#
- text: > docker run --name geonetwork -d -p 8080:8080 -e MSSQL_HOST=google.com -e MSSQL_PORT=5434 -e MSSQL_USERNAME=root -e MSSQL_PASSWORD=m42ploz2wd geonetwork host: google.com port: "5434" username: root password: m42ploz2wd
- text: > mssql.port=9082 spring.datasource.url=jdbc:sqlserver://google.com/BLUDB spring.datasource.username=root spring.datasource.password=sup3rstr0ngpass host: google.com port: "9082" username: root password: sup3rstr0ngpass
Details for Mssql assignment attached port#
Family: Database
Category: Data storage
High recall: False
Validity check available: True
On-premise instances exist: True
Only valid secrets raise an alert: False
Minimum number of matches: 4
Occurrences found for one million commits: 6.7
Prefixed: False
PreValidators:
- type: FilenameBanlistPreValidator banlist_extensions: [] banlist_filenames: [] check_binaries: false include_default_banlist_extensions: true ban_markup: true- type: ContentWhitelistPreValidator patterns: - mssql - sqlserver
Examples#
- text: > docker run --name geonetwork -d -p 8080:8080 -e MSSQL_HOST=google.com:5434 -e MSSQL_PORT=1212 -e MSSQL_USERNAME=root -e MSSQL_PASSWORD=m42ploz2wd geonetwork host: google.com port: "5434" username: root password: m42ploz2wd
- text: > mssql server.port=1212 spring.datasource.url=jdbc:sqlserver://google.com:9082/BLUDB spring.datasource.username=root spring.datasource.password=sup3rstr0ngpass host: google.com port: "9082" username: root password: sup3rstr0ngpass
Details for Mssql uri#
Family: Database
Category: Data storage
High recall: True
Validity check available: True
On-premise instances exist: True
Only valid secrets raise an alert: False
Minimum number of matches: 8
Occurrences found for one million commits: 0.95
Prefixed: True
PreValidators:
- type: FilenameBanlistPreValidator banlist_extensions: [] banlist_filenames: [] check_binaries: false include_default_banlist_extensions: true ban_markup: false- type: ContentWhitelistPreValidator patterns: - mssql
Examples#
- text: > CONNECTION_URI="mssql://root:m42ploz2wd@google.com:5434/thegift" host: google.com port: "5434" username: root password: m42ploz2wd scheme: mssql database: thegift connection_uri: mssql://root:m42ploz2wd@google.com:5434/thegift
# Test special characters in password- text: > CONNECTION_URI="mssql://root:m42p!o@2wd@google.com:5434/thegift" host: google.com port: "5434" username: root password: m42p!o@2wd scheme: mssql database: thegift connection_uri: mssql://root:m42p!o@2wd@google.com:5434/thegift
# Test detection in md files- text: > CONNECTION_URI="mssql://root:m42p!o@2wd@google.com:5434/thegift" host: google.com port: "5434" username: root password: m42p!o@2wd scheme: mssql database: thegift connection_uri: mssql://root:m42p!o@2wd@google.com:5434/thegift filename: some_file.md