Skip to content

[MSSQL] Add ChannelBinding computing for MSSQL #939

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

[MSSQL] Add ChannelBinding computing for MSSQL #939

wants to merge 7 commits into from

Conversation

@Dfte
Copy link
Contributor

@Dfte Dfte commented Sep 28, 2025

This PR reworks the MSSQL protocol to support Channel Binding token implementation based on fortra/impacket#1986.

The PR is simple, first I had to remove the base sock computation since TDS.py handles it itself. Next I add to switch the TLS context in the enum_host_infos function:

image

Basically the set_tls_context, creates a TLS tunnel that allows passing data to encrypt and receiving unencrypted data. The Channel Binding Token is computed inside that function and added to the NTLMSSP messages when necessary. As such we can now connect to CBT protected databases:

image

That said, the Kerberos authentication doesn't seem to work with or without the patch (without below):

Image

I'll fix that before merging.

@Dfte
Copy link
Contributor Author

Dfte commented Sep 28, 2025

Ah shit, just realised it breaks the enum_host when TLS is not required:

image

@NeffIsBack NeffIsBack added the enhancement New feature or request label Sep 28, 2025
@Dfte
Copy link
Contributor Author

Dfte commented Sep 28, 2025

At this point:

  • Enforced ChannelBinding works:
image
  • TLS enforced without ChannelBinding works:
image
  • TLS not enforced works as well:
image

Need to patch the Kerberos error tho

@Dfte
Copy link
Contributor Author

Dfte commented Sep 28, 2025

My bad it was just a DNS error:

image

All good then.

@Dfte Dfte changed the title Add ChannelBinding computing for MSSQL [MSSQL] Add ChannelBinding computing for MSSQL Sep 28, 2025
@Dfte
Copy link
Contributor Author

Dfte commented Sep 28, 2025

The MSSQL protocol now prints whether encryption is used or not:

  • Used:
image
  • Not used:
image

@Dfte
sed Encryption/EncryptionReq
f77c6ae 
sed Encryption/EncryptionReq

Signed-off-by: Deft_ <[email protected]>
@Dfte
Copy link
Contributor Author

Dfte commented Sep 30, 2025

#713 Will close this one

@NeffIsBack NeffIsBack linked an issue Sep 30, 2025 that may be closed by this pull request
Implement channel binding check on mssql protocol #713
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zblurx zblurx Awaiting requested review from zblurx zblurx is a code owner

@Marshall-Hallenbeck Marshall-Hallenbeck Awaiting requested review from Marshall-Hallenbeck Marshall-Hallenbeck is a code owner

@NeffIsBack NeffIsBack Awaiting requested review from NeffIsBack NeffIsBack is a code owner

@mpgn mpgn Awaiting requested review from mpgn mpgn is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Implement channel binding check on mssql protocol

2 participants

@Dfte @NeffIsBack