š” What is TDS (Tabular Data Stream)?
TDSĀ is theĀ application-layer protocolĀ used by Microsoft SQL Server to communicate with clients. It defines how data isĀ packaged and transmittedĀ over the network.
š Key Features
- Used by: Microsoft SQL Server, Sybase
- Default Port:Ā
1433Ā (TCP) - Encapsulates:
- SQL queries
- Authentication data
- Result sets
- Error messages
- Supports: Encryption, compression, and session management
š§° Relevance in Ethical Hacking
TDS is important inĀ enumeration,Ā exploitation, andĀ lateral movementĀ phases when targeting MSSQL servers.
š Common Attacks Involving TDS:
- Brute Force or Password SprayingĀ via TDS login
- SQL injectionĀ over TDS
- ImpacketāsĀ
mssqlclient.pyĀ uses TDS to interact with MSSQL - KerberoastingĀ targets MSSQL service accounts (which use TDS)
- Command executionĀ viaĀ
xp_cmdshellĀ over TDS
š§Ŗ Tools That Use TDS
impacket.mssqlclient.pysqshĀ (SQL shell for Sybase/MSSQL)MetasploitĀ modules for MSSQLnmapĀ withĀms-sql-*Ā NSE scripts
š Where It Fits in the Unified Kill Chain
- Discovery: Enumerating MSSQL services
- Credential Access: Brute-forcing or dumping credentials
- Execution: Running commands viaĀ
xp_cmdshell - Lateral Movement: Using linked servers or SQL Agent jobs