Y have been usuing Scansql v1.80 - Command Line MSSQL Accounts Scanner, but it requires too much Ram memory about 30 MB, i dont know if this is normal, in my computer it also does it.
Any alternative to scan remotely????
northernsky
Feb 5 2004, 01:11 AM
There are other options (xscan, sfind and sqllhf) but they're all trash. Stick with scansql.
nuttieator
Feb 5 2004, 05:59 AM
a guide on using sqlscan would be nice =p
The Storm
Feb 5 2004, 10:24 AM
I use scansql and it's not so hard at my PC. Evt. it depends on your PC.
Tigerclaw
Feb 5 2004, 10:45 AM
sqlscan brings me good results
The Storm
Feb 5 2004, 02:03 PM
sqlscan = scansql or not? is sqlscan sth. other than scansql. scansql brings good rersults on my pc too!
that are command line scanners, the 100,500, 1000 are the threads. If you want scanning on sql is very simpel, scan whit one of these on port 1433 the port of sql. scan100.exe -p 1433 startip endip example scan100.exe -p 1433 127.0.0.1 127.0.0.255 you use the other scanners the same. If you run it on a scanstro, use hidden32.exe then start the scanner with this command site exec hidden32.exe scan100.exe -p 1433 127.0.0.1 127.0.0.255 check your results with sqlc.exe, you can find it in the download section of government. if you have any questions pm me mate
Good luck
neocortex111
Feb 5 2004, 06:59 PM
there r alot of scanning programs .. most of them can be done remotly as long as u have dos version of that scanner...its just none of those scanner r really complete and give u EXACTLY what u want...u can use xscan or hscan (google it) and find a good results..but those does suck alot of ram...or u can use scansql which is good btw...but somehow it takes alot of time (as i noticed)...or u can use a combination between sfind scanner to get u a list of the machines which have the port 1433 opened...then use SQLLHF to re-scan that list and check for u which machine has MSSQL services and check the username/pass for u...and u can also use pass.txt with sqllhf which is created by u...i find that the best way honestly
Sfind command is : site exec sfind 1433 x.x.x.0 x.x.x.255 SQLLHF command is : site exec sqllhf -i sfind.txt -o checked.txt or site exec sqllhf -p pass.txt -i sfind.txt -o checked.txt
if u need further help..shoot me a pm
easternerd
Feb 5 2004, 09:46 PM
The best one i can suggest is : screamingCobra v1.04
QUOTE
WHAT IS SCREAMING COBRA ============================= Any CGI that doesn't check arguements that are passed to it over the web are possibly vulnerable to attacks which allow a malicious user get read access to almost any file on that system, if not access to execute programs. screamingCobra is almost always able to find those bugs REMOTELY due to the common errors programmers make.
screamingCobra is an application for remote vulnerability discovery in ANY UNKNOWN web applications such as CGIs and PHP pages. Simply put, it attemps to find vulernabilities in all web applications on a host without knowing anything about the applications. Modern CGI scanners scan a host for CGIs with known vulnerabilities. screamingCobra is able to 'find' the actual vulnerabilities in ANY CGI, whether it has been discovered before or not.
WHAT SCREAMING COBRA DOES ============================== I've even been told by administrators of very well known sites that they've been able to use screamingCobra (originally called crawl5b, before this release) and find at least one bug which allows anyone to get read access to almost any file on the system, if not access to execute applications. When you launch screamingCobra, it crawls the specified host over the web and attempts to find all the CGIs or any other applications where parameters can be passed. It then attempts to use a few techniques to read files on that machine. By default, it attempts to read /etc/passwd, and if successful it will display the URL in which it used to access the file.
Just google for it... i forgot the page.. i dont find an option to upload it otherwise i would have uploaded it..
i dont think that you can use screamingCobra for sql scanning. Anyway it sounds interesting
MysteryMan
Feb 8 2004, 10:44 PM
i think to remote scans are the best scan100,scan500,scan1000
ande there is easy on ...
site exec scan500.exe (here hole) x.0.0.0 x.255.255.255
i scan only scan500 try ...
Killa
Feb 9 2004, 11:45 AM
I normaly use xscan, its a nice tool, works fine.
Btw what do you all normaly do, rechecking remote or from local pc?
Greetz Killa
[Sunny]
Feb 9 2004, 03:45 PM
remote cause i use a 10 mbyte wordlist and from my 1 mbit line it is tooooo slow . From 100mbit it ownes .)
dotcom
Feb 10 2004, 02:43 AM
QUOTE (northernsky @ Feb 5 2004, 01:11 AM)
There are other options (xscan, sfind and sqllhf) but they're all trash. Stick with scansql.
I couldnt agree with this more....
BTW: it's helpful if you mention exactly how you are starting the sqlscan...I have seen some who's method activated either waaaay to many threads (the most common) or in certain situations in a batch file it can be caused to run each scansql line at the same time, like with hiderun/hidden32 whatver you name it f.e.
Major Chrome
Feb 10 2004, 02:55 AM
I prefer sfind.exe, a modified undetectable version of course.
Scanning for port 1433 then checking them with SQLExec, thats the way I prefer to do mine though, Never bothered to try ScanSQL but it sound's like a good program. Many people seem to be referring it so I would suggest using it.
tyler.durden
Feb 10 2004, 10:11 AM
i use sfind.exe [ver. 1.85, the 1.8 doesnt tell COMMAND OVER], and I hope it is not detected from AV then I check the result with sqlhf.exe ( cause it was the only one I know, but now I'll try something new ).
I would like to know what the difference by using or not the hiderun or hidden32...
thanks
nuttieator
Mar 3 2004, 03:51 PM
Ok the best way i think is get ureself Scan500.exe thats undetectable to av.
Also get urself hidden32.exe.
if ure scanning from ure local comp run scan100.exe through dos, and type
scan500.exe -p 1433 81.84.0.0 81.84.255.255
If u want to scan from a stro use this command
site exec hidden32.exe scan500.exe -p 1433 81.84.0.0 81.84.255.255
Then check ure results using the new X-Scan 3
To do this wait for ure port scan to finish which creates a .txt called scan.
Open up x-scan, scan parameters, then check load host list from file, finf ure scan.txt, click ok and press play..
They watch the vunrable comps roll in.
Also if ure using norton internet security 2004, when doing the password checking with X-Scan ure firewall needs to be disabled for a short time until the scan is finished or u wont get any results.
If anyone knows how to make norton not block ure results please let me know...
Hope this helps
rockerx
Mar 5 2004, 11:37 AM
remote i did it this way
hiderun scan100/200/500/1000 -p 1433 [ip] [ip] when this is done i used sqllhf for scanning the scan.txt created by scan500/sfind hiderun SqlLHF -i sfind/scan.txt -o output.txt
it is possible to do all this by using a bat greetz rockerx
HMS
Mar 15 2004, 01:51 PM
i tried useing a .bat file once, but it kept doing EVERYTHING at once
Maybe it was my fault
wanted to scan different ranges for exploits, but it didn't really work
Krogoth
Mar 15 2004, 02:21 PM
there are a few remote scanners which you can choose. xscan, scan500 and scansql. i'm using scan500 and check the result with xscan and sqllhf on my local box.
here's an example for using scan500: upload scan500.exe to a remote box and start scanning sql servers with this command in flashfxp.
site exec scan500 -p 1433 [startip] [endip]
checking: using SQLLHF on a remote stro (with the .txt with the IP's in it from sfind) Site exec SQLLHF.exe -i input.txt (txt from sfind) -o output.txt (choose your own name)
Checking xxx.xx.xx.xxx ::: Not running SQL services Checking xxx.xx.xx.xxx ::: Password not guessed are worthless, so you can remove them immedieatly.
Checking xxx.xx.xx.xxx ::: Password is sa!! <---- WARNING! Checking xxx.xx.xx.xxx ::: Password is blank!! <---- WARNING! means found vulnureable servers.
marcoz
Mar 15 2004, 05:48 PM
Xray the best
DumpZ
Mar 15 2004, 07:25 PM
QUOTE (northernsky @ Feb 5 2004, 01:11 AM)
There are other options (xscan, sfind and sqllhf) but they're all trash. Stick with scansql.
what's the problem with X-Scan ? it really sucks for scanning true. But for checking it's really good IMHO, because it checks for a different users and passwords.
I don't know if the rest of those appz have those capabilities, i never tried them
The Storm
Mar 19 2004, 08:22 AM
scansql is good if ur prescanning a range for blank oder some easy pw`s. After that i use sqlhf with a 50 MB Wordlist ^^ thats the best combination
Killaloop
Mar 19 2004, 09:49 AM
just a little question for you guys. how fast does sqllhf scan? meaning how many passes per second are the max you got out of it. since a 50mb wordlist would consist of a few million passes. scaning with about 10kb/s would make no sense then.
hellraiza
Mar 19 2004, 04:39 PM
I canīt open a new topic , so I try to post here... DOES anyone know an nt accounts brute force witch has switches to different dics an different ports??
theres a sql bruter but it didnīt work with NT...
can anyone help me???
thx
mike
Mar 19 2004, 05:17 PM
if by scan remotley you mean on other computers sure . just get an ip that is vulnerable hack it and put ur scanning app on that
Shadowed
Mar 20 2004, 09:04 AM
i prefere hscan for checking..it really rox
The Doom Master
Mar 20 2004, 02:18 PM
Use Scansql as every1 say . use it with hidden32 , great program..
not trackable by the Antivirus...
fre4k
Mar 20 2004, 03:17 PM
QUOTE (marcoz @ Mar 15 2004, 05:48 PM)
Xray the best
But you can`t scan remote with xray, but for lokal its very nice !
fre4k
haien_har
Mar 22 2004, 10:31 PM
Nice...Even I understands it
HMS
Jun 5 2004, 02:48 PM
ok, i am using SQLLHF and it says like:
pinging hosts:
....o.oooo.ooo
what does the "." and the "o" mean?
thanks in advance
//edit:
OK, i got it
. = dead o = alive
Masterace
Jun 5 2004, 05:23 PM
I use sqlck, think its the best scannor for remote scanning sql.But i heard something is wrong with it?Does anybody know more about it?
slb33
Jun 6 2004, 07:16 AM
I have heard that it has a backdoor it it!
t_0_m_a
Jun 8 2004, 09:10 PM
use sl.exe to find ip with port 1433 open and sqlck.exe to find password
t00sTr0nG
Jun 10 2004, 12:10 PM
I scan remote with Sfind or scan500 or scan1000. And than i use a self modded Version of SqlCl.exe and brute with a 12 MB wordlist. But use a Server with a minimum speed of 2 Mbit! This w0rk fine for me with many results THX t00sTr0nG
unknown00
Jun 10 2004, 12:59 PM
what i do is use scan500/scan1000 then check with xscan...really good too
t00sTr0nG
Jun 10 2004, 11:35 PM
With Xscan, i didnīt get many results. Sometimes i use it lokal, but i donīt w0rK fine for me! t00sTr0nG
C_B
Jun 11 2004, 10:47 AM
QUOTE (t00sTr0nG @ Jun 10 2004, 12:10 PM)
And than i use a self modded Version of SqlCl.exe and brute with a 12 MB wordlist.
How about sharing that nice wordlist ?
kebab1701
Aug 6 2004, 05:00 PM
lol nice try gettin the wordlist yeah i use scansql but it does crash quite a bit which is annoying cause on a remote pc its hard to tell if its crashed
rasraven
Aug 11 2004, 03:35 PM
Cooool !
ZoraX
Aug 11 2004, 09:46 PM
I scan with DFind for port 1433. And than i use SqlCl.exe whit a passlist i wrote myself about 2.5kb big, getting alot of hits whit it:)
101
Aug 11 2004, 09:56 PM
for soon DFind will be able to load your own .dic
bye
touk
Aug 12 2004, 09:31 AM
QUOTE (101 @ Aug 11 2004, 09:56 PM)
for soon DFind will be able to load your own .dic
bye
This would be gr8 because I think that's the only important feature actually missing in your scanner 101
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
