Skip to content

Brakertech

tech problems: solved

 
  • Home
  • Bash Cheat Sheet
  • One Liners
    • active directory cheatsheet
    • bashrc tweaks for RHEL or CENTOS
    • Linux Command Line Shortcuts
  • Pentesting
    • Latest Exploits / Tools
    • Pentest-Service-Enumeration
    • Red Team Tools
  • RHCSA Quick-Notes
  • RHCSA Training Labs

Howto: Fix Login failed for user ‘td’

Steve Stonebraker
July 20, 2010

[Mercury][SQLServer JDBC Driver][SQLServer]Login failed for user ‘td’

Basically this error means that the password that quality center is trying to use for user ‘td’ in your MSSQL database doesn’t match whatever is in the database.

How did I fix this?

I installed Wireshark and captured the traffic on the server that Quality Center was installed on.

  • Use filter tcp.port eq 1433
  • Find the packet with description TDS7/8 Login Packet
  • Scroll down in packet details until you see login and password

How does it all work?
From: http://www.securiteam.com/tools/6Q00I0UEUM.html

Microsoft SQL Server supports two kinds of authentication:
1) Windows Authentication
2) SQL Server Authentication

SQL Server Authentication is still supported for backward compatibility. SQL Server Authentication is the weaker among the two. In SQL Server Authentication, usernames are sent in the clear, whereas passwords are encrypted using a very simple algorithm. The username and password used for this example is sa/password.

The algorithm to encrypt the password is simply to expand every byte of the password to 2 bytes, swap the higher and lower 4 bits within each byte, xor each byte with A5. For example to encrypt the character "p":

(ASCII is 70 hex):
70 is expanded to 70 00
After the swap the result is: 07 00
XOR with A5: A2 A5

Hence to decrypt it, we will take the odd bytes, XOR with A5, and swap the higher and lower 4 bits.
Take A2
XOR with A5: A2 XOR A5 = 07
Swap: 7 becomes 70.

Hex to ascii converter: http://www.dolcevie.com/js/converter.html

Share this:

Tags: 9.0, failed, failed for user 'td', failed for user 'td' qc, failed for user 'td' quality center, hack sql password, Howto, login, quality center, SQL Server Authentication, SQL Server Authentication hacking, SQL Server Authentication sniffing, td, TDS7/8 Login Packet

Post navigation

IPSEC Packets vs Regular packets, the hard facts
Howto: Sync time with Active Directory Domain Controller

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Categories

Active Directory (15) Admin (2) Apache (8) Applications (16) AWS (10) bash (18) c# (2) Defense (23) Discovery (2) Forensics (3) FreeBSD (35) games (2) Hacking (10) Hardware (11) Howto (20) IIS (23) Jenkins-Hudson (2) Kali (7) Linux (134) Mac (43) MSSQL (13) MYSQL (12) nginx (10) O/S (33) Oracle (1) Other (8) Papers (1) perl (4) php (2) Plugins (4) powershell (3) powershell (1) python (1) Redhat Centos (78) Scripts (28) Security (28) Server Setup (32) Software (30) Teamsite (1) Tomcat (2) Tools (4) Ubuntu (49) Uncategorized (28) Windows (136) Wordpress (4)

Tags

active directory (4) admin (6) apache (10) aws (5) backup (4) bash (8) Bitnami (5) centos (4) cmd (3) database (3) dropbox (3) firewall (3) fix (7) freebsd (10) graylog (4) hacking (3) help (5) Howto (35) iis (7) IIS 6.0 (4) linux (13) Mac (6) mssql (4) MySQL (9) networking (3) ports (3) quality center (4) redhat (5) scripts (4) security (5) server 2003 (7) service (3) shell (5) sql (3) subversion (4) td (3) tutorial (3) ubuntu (11) unix (4) vmware (4) windows (25) windows server 2003 (3) windows vista (3) windows xp (4) wordpress (4)
Categories
Brakertech | Proudly Powered by WordPress
Theme by Grace Themes

Contact Us