Breaking a SQL database Part 1

CourtneyDS

Baseband Member
Messages
56
I mentioned to David that I was going to post how some hack into SQL database servers ...
I decided not to use mySQL for obvious reasons ... I will explain some tecniques executed on MS SQL ... They are basically the same and will give you a general idea of what to look for ...

I will be using use port 1434 for hacking ... Before that we will see what actually a database servers is.. how do they work and then how to exploit them !

The designers of MS sql gave some default stored procedures along with the product to make things flexible for the webdesigners ... The procedure is nothing but functions which can used to perform some actions on the arguments passed to them ... These procedures are very important to hackers ... Some of the important ones are :

sp_passsword -> Changes password for a specific login name.
e.g. EXEC sp_password ‘oldpass', ‘newpass', ‘username'

sp_tables -> Shows all the tables in the current database.
e.g. EXEC sp_tables

xp_cmdshell -> Runs arbitary command on the machine with administrator privileges. (most important)

xp_msver -> Shows the MS SQL server version including the all info about the OS.
e.g. master..xp_msver

xp_regdeletekey -> Deletes a registry key.

xp_regdeletevalue ->Delets a registry value

xp_regread -> Reads a registry value

xp_regwrite -> Writes a registry key.

xp_terminate_process -> Stops a process

The "Master" is the most important database of the SQL server which contains all system information like login names and system stored procedures ... So if "Someone" deletes this master database then the SQL server will be down forever ... Syslogins is the default system table which contains the usernames and passwords of logins in the database ...

The Most dangerous threat = that the Microsoft SQL server has default username "sa" with password blank " " ... And this has ruined lots of MS sql servers in the past ... Even a virus regarding this vulnerability had been released ...

Ready to hack now ?

First you need to find a vulnerable server ... Download a good port scanner and scan for ip addresses having port 1433/1434 (tcp or udp) open ...
Lets suppose we got a vulnerable server with ip 123.321.123.3 ... You can telnet or netcat to ports 1433/1434 ... You can also use a tool known as osql.exe which ships with any SQL server 2000 ...

Go to DOS prompt and type :

Code:
C:>osql.exe -?
osql: unknown option ?
usage: osql              [-U login id]          [-P password]
  [-S server]            [-H hostname]          [-E trusted connection]
  [-d use database name] [-l login timeout]     [-t query timeout]
  [-h headers]           [-s colseparator]      [-w columnwidth]
  [-a packetsize]        [-e echo input]        [-I Enable Quoted Identifiers]
  [-L list servers]      [-c cmdend]
  [-q "cmdline query"]   [-Q "cmdline query" and exit]
  [-n remove numbering]  [-m errorlevel]
  [-r msgs to stderr]    [-V severitylevel]
  [-i inputfile]         [-o outputfile]
  [-p print statistics]  [-b On error batch abort]
  [-O use Old ISQL behavior disables the following]
      <EOF> batch processing
      Auto console width scaling
      Wide messages
      default errorlevel is -1 vs 1
  [-? show syntax summary]

Sincerely
Courtney_DS
 
what you do bro, get a spell checker cuz you cant spell eyelfixit. see what i mean dude, you dont know sheoot n thats why they busted ur arse. jus shut up dude cuz you are dumb!
 
eyelfixit said:
Um, sorry your meager insult's do me no harm.

ahh ha ha ha ha that spell checker helps dont it dude, ah ha ha. the beiotch has code, no copy n paste like you do eyelfixit n you dont know what to do wit it, ah ha ha ha ha. go back to the search engine fool!
 
eyelfixit said:
Yeah actualy, the spell check does help eh?

Works wounders.

http://www.spellcheck.net

Got'a love it, great tool.

yeah you need it dude no doubt! put that wit all ur cut and paste code links to ah ha ha ha. you must think peeps are as dumb as you n it aint workin bro! give it a rest baby
 
Give what up exactly? I don't have anything to give up.

I don't think I'm better than no one and furthermore I don't really care what people think of me.

The right people know my true colors. They trust me and all is well. :)
 
eyelfixit said:
Give what up exactly? I don't have anything to give up.

I don't think I'm better than no one and furthermore I don't really care what people think of me.

The right people know my true colors. They trust me and all is well. :)

foolz come boards all the time n ur one of em bro!
 
Back
Top Bottom