Alexander01
Jan 26 2004, 02:45 AM
What program do u use to execute files on yer MSSQL database?
remote.
boshcash
Jan 26 2004, 03:30 AM
try that program ..
Alexander01
Jan 26 2004, 03:55 AM
- - - sqlexec 1.0 - - -
coded by jockel 4 governmentsecurity.org
(uze @ own risk)
Performing retry(1)...
Performing retry(2)...
Performing retry(3)...
Could not connect to the SQL Server on the target!
i got an other program but it gives also "SQL Errors" when i try to connect.. user and pass are correct but when i give enter it will say SQL Error, in this program it says "Performing retry" anyone knows whats wrong with my target or what this means.. some updates or something?
pe0n
Jan 26 2004, 06:02 AM
well couldn't you just use the "site exec" command in eg. Serv-U?
but if u don't have Serv-U there yet, that wont work
w00dy
Jan 26 2004, 06:35 AM
| QUOTE |
| anyone knows whats wrong with my target or what this means.. some updates or something? |
The db admin could have your account setup to disallow execute privies
Alexander01
Jan 26 2004, 07:03 AM
ok but not dir listing? it's a sa account
Gotisch
Jan 26 2004, 11:29 AM
You have no clue what w00dy ment by execute priv. haven't you.
If you get SQL ERROR the server is probably secured.
Alexander01
Jan 26 2004, 12:18 PM
yes i do
hmm strange way of securing by getting errors :s
jockel
Jan 26 2004, 12:28 PM
| QUOTE (Alexander01 @ Jan 26 2004, 03:55 AM) |
| i got an other program but it gives also "SQL Errors" when i try to connect.. user and pass are correct but when i give enter it will say SQL Error, in this program it says "Performing retry" anyone knows whats wrong with my target or what this means.. some updates or something? |
in order to execute DOS commands on a MSSQL you need to use a "stored procedure" called master..xp_cmdshell.
This stored procedure returns results of given dos cmd's
so if you want to execute commands you need this proc and also the rights to use it.
(i know there r other way's ... but this is the most simple)
If the admin (or hax0r or whatever) is smart enough he would just delete or disable this stored proc or deny all users to use this proc on his server...
an this would result in -> SQL_ERROR
i don't want to be rude, but plz be4 asking peolpe, google a bit 4 mssql server and you'll find out all of this yourself by reading ...
flashb4ck
Jan 26 2004, 01:52 PM
hm i have a better sql exec version but i don't know how i can upload it !
when u descibe me the upload u can get it
gr€€tZ FlasHb4Ck
jockel
Jan 26 2004, 02:42 PM
| QUOTE (flashb4ck @ Jan 26 2004, 01:52 PM) |
hm i have a better sql exec version but i don't know how i can upload it !
when u descibe me the upload u can get it |
ähm .. sorry =) !?
i should describe the upload ???
mhm ... ähäh... what r u talking bout ?
upload sqlexec.exe ??
this is a client side t00l ( and by the way i have my own written & improved version wich is not public =)
so why would u upload it ??
what way doya wanna know ?
vbs,ftp,tftp,net,wget,cmdget,nc, ...
there are so many i just can't count ...
or do you mean upload it here in the forum ??
(then i missunderstood u sorry =)
Jeeve5
Jan 26 2004, 03:03 PM
| QUOTE (jockel @ Jan 26 2004, 02:42 PM) |
| QUOTE (flashb4ck @ Jan 26 2004, 01:52 PM) | hm i have a better sql exec version but i don't know how i can upload it !
when u descibe me the upload u can get it |
ähm .. sorry =) !?
i should describe the upload ???
mhm ... ähäh... what r u talking bout ?
upload sqlexec.exe ??
this is a client side t00l ( and by the way i have my own written & improved version wich is not public =)
so why would u upload it ??
what way doya wanna know ?
vbs,ftp,tftp,net,wget,cmdget,nc, ...
there are so many i just can't count ...
or do you mean upload it here in the forum ??
(then i missunderstood u sorry =)
|
Hey there german buddy. he means uploading a file to this forum I guess. the prob is that he is a trial so he can't. simple as that
jockel
Jan 26 2004, 03:10 PM
ok i'm sorry my fault
TheOther
Jan 26 2004, 05:07 PM
If the admin has secured his sql, than you can't do a thing. Maybe thats why the admin secures it. no?
There are many other default databases like master. If I'm correct all without the xp_cmdshell.
I was wondering what other databases can reveal some important information that can lead to system compromise?
jockel
Jan 26 2004, 05:32 PM
as far as i know "master" is the only real usable one ..
what can u dou with "demonstration" db's like Northwind =) ?
maybe there are holes too but i don't know any ..
once a day i saw a sql t00l wich creates a stored procedure himself after connecting with the name you specify ... (if the default xp_cmdshell is disabled..)
but i dont'rember exactly =/
as soon as i rember i'll let u know .. =)
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.
