Breaking MSSQL's RAND() function
In this article I’m going to take a look at Microsoft SQL Servers RAND()
implementation. We’ll reverse the relevant parts of SQL Server using windbg and Ghidra, replicate the random number generator in C and then look at some attacks and brute forcing methods. This project stemmed from a job I worked on recently where a stored procedure which called RAND()
was used to generate session tokens within an API[1].