Skip to content

Instantly share code, notes, and snippets.

@Scherlac
Scherlac / get_tds_cert.py
Last active Nov 8, 2021 — forked from lnattrass/get_tds_cert.py
A terrible way to connect to MS SQL Server and dump the certificate as a PEM
View get_tds_cert.py
import sys
import pprint
import struct
import socket
import ssl
from time import sleep
# Standard "HELLO" message for TDS
prelogin_msg = bytearray([ 0x12, 0x01, 0x00, 0x2f, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x1a, 0x00, 0x06, 0x01, 0x00, 0x20,
0x00, 0x01, 0x02, 0x00, 0x21, 0x00, 0x01, 0x03, 0x00, 0x22, 0x00, 0x04, 0x04, 0x00, 0x26, 0x00,