What program do u use to execute files on yer MSSQL database?
remote.
Full Version: What Program Do U Use To Exec Files On Yer Mssql..
try that program ..
- - - sqlexec 1.0 - - -
coded by jockel 4 governmentsecurity.org
(uze @ own risk)
Performing retry(1)...
Performing retry(2)...
Performing retry(3)...
Could not connect to the SQL Server on the target!
i got an other program but it gives also "SQL Errors" when i try to connect.. user and pass are correct but when i give enter it will say SQL Error, in this program it says "Performing retry" anyone knows whats wrong with my target or what this means.. some updates or something?
coded by jockel 4 governmentsecurity.org
(uze @ own risk)
Performing retry(1)...
Performing retry(2)...
Performing retry(3)...
Could not connect to the SQL Server on the target!
i got an other program but it gives also "SQL Errors" when i try to connect.. user and pass are correct but when i give enter it will say SQL Error, in this program it says "Performing retry" anyone knows whats wrong with my target or what this means.. some updates or something?
well couldn't you just use the "site exec" command in eg. Serv-U?
but if u don't have Serv-U there yet, that wont work
but if u don't have Serv-U there yet, that wont work
| QUOTE |
| anyone knows whats wrong with my target or what this means.. some updates or something? |
The db admin could have your account setup to disallow execute privies
ok but not dir listing? it's a sa account
You have no clue what w00dy ment by execute priv. haven't you.
If you get SQL ERROR the server is probably secured.
If you get SQL ERROR the server is probably secured.
yes i do
hmm strange way of securing by getting errors :s
hmm strange way of securing by getting errors :s
| QUOTE (Alexander01 @ Jan 26 2004, 03:55 AM) |
| i got an other program but it gives also "SQL Errors" when i try to connect.. user and pass are correct but when i give enter it will say SQL Error, in this program it says "Performing retry" anyone knows whats wrong with my target or what this means.. some updates or something? |
in order to execute DOS commands on a MSSQL you need to use a "stored procedure" called master..xp_cmdshell.
This stored procedure returns results of given dos cmd's
so if you want to execute commands you need this proc and also the rights to use it.
(i know there r other way's ... but this is the most simple)
If the admin (or hax0r or whatever) is smart enough he would just delete or disable this stored proc or deny all users to use this proc on his server...
an this would result in -> SQL_ERROR
i don't want to be rude, but plz be4 asking peolpe, google a bit 4 mssql server and you'll find out all of this yourself by reading ...
hm i have a better sql exec version but i don't know how i can upload it !
when u descibe me the upload u can get it
gr€€tZ FlasHb4Ck
when u descibe me the upload u can get it
gr€€tZ FlasHb4Ck
| QUOTE (flashb4ck @ Jan 26 2004, 01:52 PM) |
| hm i have a better sql exec version but i don't know how i can upload it ! when u descibe me the upload u can get it |
ähm .. sorry =) !?
i should describe the upload ???
mhm ... ähäh... what r u talking bout ?
upload sqlexec.exe ??
this is a client side t00l ( and by the way i have my own written & improved version wich is not public =)
so why would u upload it ??
what way doya wanna know ?
vbs,ftp,tftp,net,wget,cmdget,nc, ...
there are so many i just can't count ...
or do you mean upload it here in the forum ??
(then i missunderstood u sorry =)
| QUOTE (jockel @ Jan 26 2004, 02:42 PM) | ||
ähm .. sorry =) !? i should describe the upload ??? mhm ... ähäh... what r u talking bout ? upload sqlexec.exe ?? this is a client side t00l ( and by the way i have my own written & improved version wich is not public =) so why would u upload it ?? what way doya wanna know ? vbs,ftp,tftp,net,wget,cmdget,nc, ... there are so many i just can't count ... or do you mean upload it here in the forum ?? (then i missunderstood u sorry =) |
Hey there german buddy. he means uploading a file to this forum I guess. the prob is that he is a trial so he can't. simple as that
ok i'm sorry my fault
If the admin has secured his sql, than you can't do a thing. Maybe thats why the admin secures it. no? 
There are many other default databases like master. If I'm correct all without the xp_cmdshell.
I was wondering what other databases can reveal some important information that can lead to system compromise?
There are many other default databases like master. If I'm correct all without the xp_cmdshell.
I was wondering what other databases can reveal some important information that can lead to system compromise?
as far as i know "master" is the only real usable one ..
what can u dou with "demonstration" db's like Northwind =) ?
maybe there are holes too but i don't know any ..
once a day i saw a sql t00l wich creates a stored procedure himself after connecting with the name you specify ... (if the default xp_cmdshell is disabled..)
but i dont'rember exactly =/
as soon as i rember i'll let u know .. =)
what can u dou with "demonstration" db's like Northwind =) ?
maybe there are holes too but i don't know any ..
once a day i saw a sql t00l wich creates a stored procedure himself after connecting with the name you specify ... (if the default xp_cmdshell is disabled..)
but i dont'rember exactly =/
as soon as i rember i'll let u know .. =)
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
