there is a new expliot for sql but it sucks i have it and you get 1 result in 10000 ips tested
The Storm
Aug 14 2004, 12:56 PM
can you share it with us pls ? would be nice
kenshin_efx
Aug 19 2004, 01:00 AM
yeah, you can share this whit us
flashb4ck
Aug 19 2004, 02:32 AM
why do ya want this shit when he say that it S works on 1 from 10000 ips ^^
gR€€tTz fL4$hB4Ck
Stevy
Aug 19 2004, 10:27 AM
it's included in the metasploit project
[ 08/13/2004 ] New exploit module added: mssql2000_preauthentication
but it sucks
yuliang11
Aug 19 2004, 10:53 AM
QUOTE
I've heard of a new exploit that exploits SQL servers without a need for password, but i can't lay my hands upon the source code.
Has to be the mysql...
Reaper527
Aug 19 2004, 03:49 PM
QUOTE (yuliang11 @ Aug 19 2004, 10:53 AM)
QUOTE
I've heard of a new exploit that exploits SQL servers without a need for password, but i can't lay my hands upon the source code.
Has to be the mysql...
stevy specifially said the new MSsql exploit is in the metasploit framework
twistedps
Aug 20 2004, 05:12 AM
hehe, yeah the metasploit framework has it along with the unreal engine stuff which i was dissapointed to see released since i had private code for it over 4,000 vulnerable ut2k3 servers alone.
yuliang11
Aug 20 2004, 05:44 AM
New exploit module added: mssql2000_preauthentication ? or is it a new exploit? get what i mean?
QUOTE
it's included in the metasploit project
[ 08/13/2004 ] New exploit module added: mssql2000_preauthentication
but it sucks
QUOTE (yuliang11 @ Aug 19 2004, 10:53 AM) QUOTE
I've heard of a new exploit that exploits SQL servers without a need for password, but i can't lay my hands upon the source code.
Has to be the mysql...
stevy specifially said the new MSsql exploit is in the metasploit framework
cougar
Aug 20 2004, 12:21 PM
its the sqlhello exploit.
not mysql
prog
Aug 20 2004, 02:00 PM
QUOTE (flashb4ck @ Aug 19 2004, 02:32 AM)
why do ya want this shit when he say that it S works on 1 from 10000 ips ^^
gR€€tTz fL4$hB4Ck
maybe some ppl wanna test for security, and NOT go and hack a bunch of boxes
The Storm
Aug 20 2004, 02:22 PM
QUOTE (prog @ Aug 20 2004, 02:00 PM)
QUOTE (flashb4ck @ Aug 19 2004, 02:32 AM)
why do ya want this shit when he say that it S works on 1 from 10000 ips ^^
gR€€tTz fL4$hB4Ck
maybe some ppl wanna test for security, and NOT go and hack a bunch of boxes
yes there you are rigth!
nowhere
Aug 22 2004, 11:20 AM
this is the name i think: SQL Hello Exploit - Remote Shell Callback by JoePub
Hellraiseruk
Aug 22 2004, 12:18 PM
CODE
## # # this script tests for the "You had me at hello" overflow # in MSSQL (tcp/1433) # Copyright Dave Aitel (2002) # Bug found by: Dave Aitel (2002) # ## #TODO: #techically we should also go to the UDP 1434 resolver service #and get any additional ports!!!
#techically we should also go to the UDP 1434 resolver service #and get any additional ports!!! port = 1433; found = 0; report = "The SQL Server is vulnerable to the Hello overflow.
An attacker may use this flaw to execute commands against the remote host as LOCAL/SYSTEM, as well as read your database content.
Solution : disable this service (Microsoft SQL Server).
if(soc) { #uncomment this to see what normally happens #attack_string="MSSQLServer"; #uncomment next line to actually test for overflow attack_string=crap(560); # this creates a variable called sql_packet sql_packet = pkt_hdr+attack_string+pkt_tail; send(socket:soc, data:sql_packet);
r = recv(socket:soc, length:4096); close(soc); #display ("Result:",r,"\n"); if(!r) { # display("Security Hole in MSSQL\n"); security_hole(port:port, data:report); } } }
What you have there is the NASL detection script for it im affraid. The source code for it is not available as I decided not to release it
ivan288
Sep 7 2004, 07:57 PM
and what about the new version of your sploit joepub? heard it can bypass the patch. good job
TheOther
Sep 7 2004, 09:30 PM
Why not JoePub? This is discovered months ago. Everybody should be patched by now, don't you think? Why should big cooperations pay thousands of dollars for IT's when they can't patch there system. It's there own fault. But on the other hand I respect your desision.
sry for my bad english.
JoePub
Sep 8 2004, 09:12 AM
You heard wrong, my latest one doesn't get around the patch at all. And admins wont really be up to date considering this vulnerability has been known since 2002
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
