EXPLOiTED
Jan 28 2004, 03:33 AM
hi, im looking into Making a script or Code to Connect to all your sql servers, but you cant seem to Find any Documentation On the Raw syntax For Sql
w00dy
Jan 28 2004, 06:09 AM
All our SQL servers? I hope that is just poor english and not a threat
Well the code and syntax are differnt for each programming language. So research it for your particular prog lang.
SyN/AcK
Jan 28 2004, 09:10 AM
Whats with all the broken english on these sites? And this isn't a knock to foreign kids. I've been noticing a lot of U.S. residents who can't even compose a complete thought let alone a complete sentence. People should be very careful of what they say... it could be misinterpreted.
EXPLOiTED
Jan 28 2004, 12:32 PM
poor english? Ok i meant But I cant find any documentation on raw sql commands. a threat? no! What are you talking about. i just want the raw syntax how sqlexec.exe connects and opens the remote shell. and how xscan tries the passes on the sql server. this way i can make my own with mirc scripting. as im good at sockets and made tons of things.
Dinos
Jan 28 2004, 03:20 PM
No flame into that but i guess google is always your friend. Personally i wouldn't ask something before i was going to search into google about it.
Regards,
Dinos
EXPLOiTED
Jan 28 2004, 06:08 PM
Same....i did search Google
Reaper527
Jan 28 2004, 06:29 PM
| QUOTE (EXPLOiTED @ Jan 28 2004, 12:32 PM) |
| a threat? no! What are you talking about. |
well, i don't know how sqlexec opens the shell, however i can explain the threat part, i'm assuming w00dy meant it as a joke, but when you say "so it can connect to all your sql servers" it could jokingly be interpreted literaly as a tool to specifically connect to sql servers maintained by people on the board as opposed to reading a scan log which is what i'm assuming you meant.
EXPLOiTED
Jan 28 2004, 08:09 PM
duh... i didnt even see that typo. Yes i meant a scan log. sorry
Steffan
Feb 1 2004, 01:29 PM
| QUOTE (EXPLOiTED @ Jan 28 2004, 12:32 PM) |
| i just want the raw syntax how sqlexec.exe connects and opens the remote shell. and how xscan tries the passes on the sql server. this way i can make my own with mirc scripting. as im good at sockets and made tons of things. |
Hi.
1. U get only a Shell if U use the "Slammer" Exploit (SQL-UDP-Exploit)
2. What U mean is (in case of sqlexec) --> xp_cmdshell
This is used to execute DOS-Commands when conn. to ms-SQL Server
3. Forget MS-SQL it's dead (exp. for SK's) *LOL*
4. Here a part of my own SQLexec I wrote (ist pure C) :
Have fun and now U should be able to code U own Scanner/Hacker
C'ya
Steven
| CODE |
// allocate environment handle
if (SQLAllocHandle(SQL_HANDLE_ENV,SQL_NULL_HANDLE,&hEnvironment) != SQL_SUCCESS)
{
printf("[-] SQLAllocHandle returned an error!\n");
free(Prev);
return 0;
}
if (SQLSetEnvAttr(hEnvironment, SQL_ATTR_ODBC_VERSION,(SQLPOINTER)SQL_OV_ODBC3, SQL_IS_INTEGER) != SQL_SUCCESS)
{
printf("[-] SQLSetEnvAttr returned an error!\n");
free(Prev);
return 0;
}
if ((nResult = SQLAllocHandle(SQL_HANDLE_DBC,hEnvironment,(SQLHDBC FAR*)&hDbc)) != SQL_SUCCESS)
{
printf("[-] SQLAllocHandle returned an error!\n");
free(Prev);
return 0;
}
// connect to SQL server
nResult = SQLDriverConnect(hDbc,NULL, InConnectionString, strlen(InConnectionString), inBuff, 1024, &sLen, SQL_DRIVER_COMPLETE_REQUIRED);
if(nResult == SQL_SUCCESS || nResult == SQL_SUCCESS_WITH_INFO)
|
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.
