Go Back   Computer Forums > General Computing > Cyber Safety and Computer Security
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 05-24-2003, 06:22 PM   #1
 
Join Date: May 2003
Posts: 56
Default Breaking a SQL database Part 1

I mentioned to David that I was going to post how some hack into SQL database servers ...
I decided not to use mySQL for obvious reasons ... I will explain some tecniques executed on MS SQL ... They are basically the same and will give you a general idea of what to look for ...

I will be using use port 1434 for hacking ... Before that we will see what actually a database servers is.. how do they work and then how to exploit them !

The designers of MS sql gave some default stored procedures along with the product to make things flexible for the webdesigners ... The procedure is nothing but functions which can used to perform some actions on the arguments passed to them ... These procedures are very important to hackers ... Some of the important ones are :

sp_passsword -> Changes password for a specific login name.
e.g. EXEC sp_password ‘oldpass’, ‘newpass’, ‘username’

sp_tables -> Shows all the tables in the current database.
e.g. EXEC sp_tables

xp_cmdshell -> Runs arbitary command on the machine with administrator privileges. (most important)

xp_msver -> Shows the MS SQL server version including the all info about the OS.
e.g. master..xp_msver

xp_regdeletekey -> Deletes a registry key.

xp_regdeletevalue ->Delets a registry value

xp_regread -> Reads a registry value

xp_regwrite -> Writes a registry key.

xp_terminate_process -> Stops a process

The "Master" is the most important database of the SQL server which contains all system information like login names and system stored procedures ... So if "Someone" deletes this master database then the SQL server will be down forever ... Syslogins is the default system table which contains the usernames and passwords of logins in the database ...

The Most dangerous threat = that the Microsoft SQL server has default username "sa" with password blank " " ... And this has ruined lots of MS sql servers in the past ... Even a virus regarding this vulnerability had been released ...

Ready to hack now ?

First you need to find a vulnerable server ... Download a good port scanner and scan for ip addresses having port 1433/1434 (tcp or udp) open ...
Lets suppose we got a vulnerable server with ip 123.321.123.3 ... You can telnet or netcat to ports 1433/1434 ... You can also use a tool known as osql.exe which ships with any SQL server 2000 ...

Go to DOS prompt and type :

Code:
C:>osql.exe -?
osql: unknown option ?
usage: osql              [-U login id]          [-P password]
  [-S server]            [-H hostname]          [-E trusted connection]
  [-d use database name] [-l login timeout]     [-t query timeout]
  [-h headers]           [-s colseparator]      [-w columnwidth]
  [-a packetsize]        [-e echo input]        [-I Enable Quoted Identifiers]
  [-L list servers]      [-c cmdend]
  [-q "cmdline query"]   [-Q "cmdline query" and exit]
  [-n remove numbering]  [-m errorlevel]
  [-r msgs to stderr]    [-V severitylevel]
  [-i inputfile]         [-o outputfile]
  [-p print statistics]  [-b On error batch abort]
  [-O use Old ISQL behavior disables the following]
      <EOF> batch processing
      Auto console width scaling
      Wide messages
      default errorlevel is -1 vs 1
  [-? show syntax summary]
Sincerely
Courtney_DS
__________________

CourtneyDS is offline   Reply With Quote
Old 06-02-2003, 07:53 PM   #2
Baseband Member
 
Join Date: May 2003
Posts: 35
Default

cool arse code courts
__________________

webcamguy is offline   Reply With Quote
Old 06-02-2003, 08:22 PM   #3
In Runtime
 
eyelfixit's Avatar
 
Join Date: Mar 2003
Posts: 120
Default

Right, old redundant information.
__________________
BC Save website: http://www.bcsave.com

BC Save Forum: http://www.bcsave.com/forum

Co-author of:
http://powerbook.bcsave.com
eyelfixit is offline   Reply With Quote
Old 06-02-2003, 08:26 PM   #4
Baseband Member
 
Join Date: May 2003
Posts: 35
Default

what you do bro, get a spell checker cuz you cant spell eyelfixit. see what i mean dude, you dont know sheoot n thats why they busted ur arse. jus shut up dude cuz you are dumb!
webcamguy is offline   Reply With Quote
Old 06-02-2003, 08:46 PM   #5
In Runtime
 
eyelfixit's Avatar
 
Join Date: Mar 2003
Posts: 120
Default

Um, sorry your meager insult's do me no harm.
__________________
BC Save website: http://www.bcsave.com

BC Save Forum: http://www.bcsave.com/forum

Co-author of:
http://powerbook.bcsave.com
eyelfixit is offline   Reply With Quote
Old 06-02-2003, 08:57 PM   #6
Baseband Member
 
Join Date: May 2003
Posts: 35
Default

Quote:
Originally posted by eyelfixit
Um, sorry your meager insult's do me no harm.
ahh ha ha ha ha that spell checker helps dont it dude, ah ha ha. the beiotch has code, no copy n paste like you do eyelfixit n you dont know what to do wit it, ah ha ha ha ha. go back to the search engine fool!
webcamguy is offline   Reply With Quote
Old 06-02-2003, 09:02 PM   #7
In Runtime
 
eyelfixit's Avatar
 
Join Date: Mar 2003
Posts: 120
Default

Yeah actualy, the spell check does help eh?

Works wounders.

http://www.spellcheck.net

Got'a love it, great tool.
__________________
BC Save website: http://www.bcsave.com

BC Save Forum: http://www.bcsave.com/forum

Co-author of:
http://powerbook.bcsave.com
eyelfixit is offline   Reply With Quote
Old 06-02-2003, 09:07 PM   #8
Baseband Member
 
Join Date: May 2003
Posts: 35
Default

Quote:
Originally posted by eyelfixit
Yeah actualy, the spell check does help eh?

Works wounders.

http://www.spellcheck.net

Got'a love it, great tool.
yeah you need it dude no doubt! put that wit all ur cut and paste code links to ah ha ha ha. you must think peeps are as dumb as you n it aint workin bro! give it a rest baby
webcamguy is offline   Reply With Quote
Old 06-02-2003, 09:11 PM   #9
In Runtime
 
eyelfixit's Avatar
 
Join Date: Mar 2003
Posts: 120
Default

Give what up exactly? I don't have anything to give up.

I don't think I'm better than no one and furthermore I don't really care what people think of me.

The right people know my true colors. They trust me and all is well.
__________________
BC Save website: http://www.bcsave.com

BC Save Forum: http://www.bcsave.com/forum

Co-author of:
http://powerbook.bcsave.com
eyelfixit is offline   Reply With Quote
Old 06-02-2003, 09:23 PM   #10
Baseband Member
 
Join Date: May 2003
Posts: 35
Default

Quote:
Originally posted by eyelfixit
Give what up exactly? I don't have anything to give up.

I don't think I'm better than no one and furthermore I don't really care what people think of me.

The right people know my true colors. They trust me and all is well.
foolz come boards all the time n ur one of em bro!
__________________

webcamguy is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 05:00 AM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0