Devil
Feb 20 2004, 07:12 PM
is there a way that it could check users??not just 'sa'...but like admin or root and that stuff....cause i only got the password file but never seen a user file.....any way to scan like that??
thx
Devil
basepart
Feb 20 2004, 09:32 PM
xscan can check other accounts too, not only "sa",
but you need to specify the account names that should be checked,
inside the file "sql_user.dic".
The following sql accounts are included by default in X-Scan-v2.3 "sql_user.dic" file.
sa
sql
database
server
admin
root
user
THoRaX
Feb 20 2004, 09:51 PM
yes, Hscan or Xscan.
You can get them from here:
http://home.hccnet.nl/m3ssi4h.rul3z/
Sedolf
Feb 20 2004, 10:21 PM
could it be that every account not beginning with "sa" has xp cmdshell error?
could never hack an admin one so far
sylver
Feb 20 2004, 10:59 PM
the user "sa" is the standard account in mssql
i have never seen another account like admin/null
u could use a bruteforcer like sqlck with a big password file......
Devil
Feb 21 2004, 11:55 AM
wtf?
my question was "Can Sqlck scan with other users as 'sa' and if yes then how?
donŽt care what xscan and hscan can do.....i know them....
and ofcourse you can hack an account with admin/null why not?but thats again something else!!
so can somebody help me out please?
pdf
Feb 21 2004, 12:06 PM
Devil
Feb 21 2004, 01:02 PM
iŽll try this one...new to me
thx
but maybe someone knows a answer to my question
sylver
Feb 21 2004, 01:43 PM
yes sqlck can check other users than "sa"
sqlck.exe -u user.txt -p pass.txt -i scan.txt -o result.txt -t 200
but it takes a long time ......when the passlist is very large.
Devil
Feb 21 2004, 05:46 PM
| QUOTE (sylver @ Feb 21 2004, 01:43 PM) |
yes sqlck can check other users than "sa"
sqlck.exe -u user.txt -p pass.txt -i scan.txt -o result.txt -t 200
but it takes a long time ......when the passlist is very large. |
thx....ganna try it out....hope it works!!!
metrox
Mar 4 2004, 09:05 PM
sqlck is the best one. remotly perfect
DaClueless
Mar 5 2004, 04:50 AM
| QUOTE (metrox @ Mar 4 2004, 09:05 PM) |
| sqlck is the best one. remotly perfect |
I really wish people would stop using my SQLck, without my perm. It goes to show you, NEVER trust anyone saying they will keep something private.
OMRiCON
Apr 17 2004, 09:35 PM
You should all listen to DaClueless, and NOT use SQLck. Obviously, it was never meant for public use.
vnet576
Apr 17 2004, 09:42 PM
| QUOTE (DaClueless @ Mar 4 2004, 11:50 PM) |
| QUOTE (metrox @ Mar 4 2004, 09:05 PM) | | sqlck is the best one. remotly perfect |
I really wish people would stop using my SQLck, without my perm. It goes to show you, NEVER trust anyone saying they will keep something private.
|
Thats why when you release you're software to a select few for private use you build in a time-trial failsafe. The software will stop working after a certain time and they'll have to get another version from you. True it can be cracked but those people will not have the skills for it.
fre4k
Apr 17 2004, 09:57 PM
| QUOTE (Devil @ Feb 20 2004, 07:12 PM) |
is there a way that it could check users??not just 'sa'...but like admin or root and that stuff....cause i only got the password file but never seen a user file.....any way to scan like that??
thx
Devil |
yes of cause
first make a USER.txt and type in it:
| QUOTE |
sa
root
test
admin
administarator |
then save...
Now upp your USER.txt your PASS.txt, sqlck an IP.txt [your scan] at a stro
now type in RAW Commands:
| QUOTE |
| site exec hidden32.exe sqlck.exe -u USER.txt -p pass.txt -i ip.txt -o result.txt |
or without the hidden32.exe
| CODE |
| site exec sqlck.exe -u USER.txt -p pass.txt -i ip.txt -o result.txt |
that was all
have fun
-fre4k
arn0ld
Apr 17 2004, 10:48 PM
where can i find sqlck ?
it seems very GOOD
fre4k
Apr 17 2004, 10:53 PM
| QUOTE (arn0ld @ Apr 17 2004, 10:48 PM) |
where can i find sqlck ?
it seems very GOOD |
Here it is
KLICKhave fun ! Its only the .exe ! no User/Pass list`s
-fre4k
DaClueless
Apr 18 2004, 01:34 AM
| QUOTE (fre4k @ Apr 17 2004, 10:53 PM) |
| QUOTE (arn0ld @ Apr 17 2004, 10:48 PM) | where can i find sqlck ?
it seems very GOOD |
Here it is KLICK have fun ! Its only the .exe ! no User/Pass list`s -fre4k |
Becare for with SQLck.exe, It has a hidden backdoor.
You been warn
[eXPhase
Apr 21 2004, 11:07 AM
| QUOTE (Sedolf @ Feb 20 2004, 10:21 PM) |
could it be that every account not beginning with "sa" has xp cmdshell error?
could never hack an admin one so far |
Also some admin accounts can be hacked...
And some dba users are hackable.
But yes, most of the SA are hackable.
sfzhi
Apr 23 2004, 09:57 AM
| QUOTE (DaClueless @ Apr 18 2004, 01:34 AM) |
| QUOTE (fre4k @ Apr 17 2004, 10:53 PM) | | QUOTE (arn0ld @ Apr 17 2004, 10:48 PM) | where can i find sqlck ?
it seems very GOOD |
Here it is KLICK have fun ! Its only the .exe ! no User/Pass list`s -fre4k |
Becare for with SQLck.exe, It has a hidden backdoor. You been warn |
can you say the detailed situation?
Killaloop
Apr 23 2004, 10:08 AM
| QUOTE (sfzhi @ Apr 23 2004, 09:57 AM) |
| can you say the detailed situation? |
you may have missed that he claims to be the autor of that tool. So if he tells you it has a hidden backdoor and he doesn't want you to use it....simple don't use it
brainjay
Sep 15 2004, 10:20 AM
thx for that thing!
FLX
Sep 15 2004, 11:12 AM
sqlck (sorry i didnt even know it was private) has ALOT of fast connection errors.
even if you lower the thread it keeps having those.
can anybody help me with it?
thanks,
FLX
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.
