what the decrypt function in Ms Sql Server ?

  • van8hien62

    SSC Veteran

    Points: 258

    I see a script:

    exec(decrypt(0x6C89....))

    it run OK. run in Ms Sql server 2000 / 2005

    i want you: the decrypt is ? , what is in that DLL?

  • Steve Jones - SSC Editor

    SSC Guru

    Points: 715053

    There is no decrypt function in SQL Server 2005.

    If you have this function, someone has added to your server. We have no way of determining what is in the DLL.

    http://msdn.microsoft.com/en-us/library/ms189826(SQL.90).aspx

    http://msdn.microsoft.com/en-us/library/bb510741.aspx

  • van8hien62

    SSC Veteran

    Points: 258

    No! it in standard Ms Sql Server, I test it in some PC, it run OK!

    That is a example:

    --HIDE PROCEDURE PC_GET_NEXT_KEY

    exec(decrypt(0x6C89D9ED5855DC612DE79ACF1375757E59F829474465741AE290B37283AE8A3B4079CF902499C8C01E87AA18EA1BD875F37F51E8A8769E5921320BEC7993E8376E87DE01CF

    8B10B0CC46648A5ED011C474BC6C69A498B68F4FB2500D3D12BE7CB60CC7C20A0B31069EBF931B5B422CBE8D9B961011917CAF9F697503E29FDE8B15004A24CD37D6F897378A4718397410B3

    E0DE5663A8ADB53506C788C1A61E29BDF7B1BF6ED04561017B936D14E84B08AF60E06570D5E7451FA24A41AE824049C14CC14C2517922F55629E08D9012EAA26FBEA95ACE7D0C19D3696FCA5B

    8E2D3A9DEC5B8138A4AB24343004AF740369A5401C0B83B442BE20FCA47571B19145146803BAAB1B970469D7F78B43F3E31BB101C25C4BDEFB45661B2C7DC88799E19E1EEA37DC9123F05DF69EFD

    93A8226868EB725DB120A7205E8C4B8A49D569CAC2D417DD3FD4161DD6C5BFC97FC89E73A9C421D4FEBB42696F91021F90ACE184083C89763016802016DC63D5BCF7F4F445EB2CB66615D2E72D78E2A465072731E23C73A152AE22E16D470C43C38726FBC1F81B64C443B6

    85E1F3801CBDEE2289143F30291F3F630095CB8008A6C07A0FAE1D03282E5462C829F32A293E287BCBD090524303C4FC8815B2683918E4B8EA77DC0DD70A3C4BFA68A40E83436ADD07A9D9077D12DA33359E6E9618C6613667798818B04578FEFE7199337D084CBFACF99CA7

    643DEE5B95D0B98F44E8BA3DC94E480FEFA5E5DE7B7DE40F43C947B76802D436C58BF02274F4E886BAE3E71532294739443C2FC8A0DA18D0049F7420E9548B794757AFB33D75A8A5C38757F2ECE5C86AD213857C7C13D90B034C340954A3D7C48637794B1CF70D3D7F40EA36A

    6D292DCA76C27817166CC523130308E49AD5080A41610C7BE9D5A53BCC6CFF4F1252A50CA497B1E917DAA16662C6F2

    ))

    go

    --GRANT EXECUTE ON PC_GET_NEXT_KEY to PRIVUSER;

    It run OK, anywhere PC has Ms Sql Server.

  • Lowell

    SSC Guru

    Points: 323356

    was this post just a way to infect a computer by executing code you don't know what it does?

    Lowell


    --help us help you! If you post a question, make sure you include a CREATE TABLE... statement and INSERT INTO... statement into that table to give the volunteers here representative data. with your description of the problem, we can provide a tested, verifiable solution to your question! asking the question the right way gets you a tested answer the fastest way possible!

  • Lowell

    SSC Guru

    Points: 323356

    interesting;

    i used the default trace and my own DML trace to see what it was doing.

    the code you posted executes and created a stored procedure.,

    the procedure gets encrypted, so you have to unencrypt it to see the text.

    this is all the procedure says:

    create procedure pc_get_next_key

    @pkey_name varchar(30),

    @pseq_num integer OUTPUT

    as

    begin transaction

    update nextkey set key_seq_num = key_seq_num + 1 where key_name=@pkey_name

    if @@error > 0 or @@rowcount 1

    return

    select @pseq_num=key_seq_num-1 from nextkey where key_name=@pkey_name

    commit transaction

    I've seen some code that was similar, where a "key table" is maintained to keep track of a field's next value instead of using an identity .

    Lowell


    --help us help you! If you post a question, make sure you include a CREATE TABLE... statement and INSERT INTO... statement into that table to give the volunteers here representative data. with your description of the problem, we can provide a tested, verifiable solution to your question! asking the question the right way gets you a tested answer the fastest way possible!

  • van8hien62

    SSC Veteran

    Points: 258

    Thank you.

    It executes and created a stored procedure, proc "pc_get_next_key". but I want ask you, the DECRYPT in exec( DECRYPT (0x6C89....)) is ? It in what DLL of Ms Sql Server, it is UnDocument funtion ?

    I don't see it in "SQL Server Books Online".

    Van Hien

  • Lowell

    SSC Guru

    Points: 323356

    definitely a built in function, especially considering both encrypt() and decrypt() show up with syntax highlighting.

    I googled a bit and I guess you are right that they are undocumented/unsupported.

    Lowell


    --help us help you! If you post a question, make sure you include a CREATE TABLE... statement and INSERT INTO... statement into that table to give the volunteers here representative data. with your description of the problem, we can provide a tested, verifiable solution to your question! asking the question the right way gets you a tested answer the fastest way possible!

  • Steve Jones - SSC Editor

    SSC Guru

    Points: 715053

    It's possible that it's undocumented, in which case, I can't point you to a reference.

    I would not recommend you use this.

  • van8hien62

    SSC Veteran

    Points: 258

    Thanks

    Because I want to cypher script according to this way. Regret due to who do not find out it.

    Thank you!

    Van Hien

Viewing 9 posts - 1 through 9 (of 9 total)

You must be logged in to reply to this topic. Login to reply