Forums: Sql Question - Forums

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Sql Question SQL Question

#1 User is offline   EXPLOiTED 

  • Sergeant
  • Icon
  • Group: Members
  • Posts: 236
  • Joined: 23-October 03

Posted 27 January 2004 - 07:33 PM

hi, im looking into Making a script or Code to Connect to all your sql servers, but you cant seem to Find any Documentation On the Raw syntax For Sql
0

#2 User is offline   Jeremy 

  • Commander in Chief
  • Icon
  • Group: Admin
  • Posts: 2,345
  • Joined: 14-May 03

Posted 27 January 2004 - 10:09 PM

All our SQL servers? I hope that is just poor english and not a threat :P

Well the code and syntax are differnt for each programming language. So research it for your particular prog lang.
Your time is limited, so don't waste it living someone else's life. Don't be trapped by dogma � which is living with the results of other people's thinking. Don't let the noise of others' opinions drown out your own inner voice. And most important, have the courage to follow your heart and intuition. They somehow already know what you truly want to become. Everything else is secondary.
~Steve Jobs
Jeremy aka w00dy aka foadah
0

#3 Guest_SyN/AcK_*

  • Group: Guests

Posted 28 January 2004 - 01:10 AM

Whats with all the broken english on these sites? And this isn't a knock to foreign kids. I've been noticing a lot of U.S. residents who can't even compose a complete thought let alone a complete sentence. People should be very careful of what they say... it could be misinterpreted.
0

#4 User is offline   EXPLOiTED 

  • Sergeant
  • Icon
  • Group: Members
  • Posts: 236
  • Joined: 23-October 03

Posted 28 January 2004 - 04:32 AM

poor english? Ok i meant But I cant find any documentation on raw sql commands. a threat? no! What are you talking about. i just want the raw syntax how sqlexec.exe connects and opens the remote shell. and how xscan tries the passes on the sql server. this way i can make my own with mirc scripting. as im good at sockets and made tons of things.
0

#5 Guest_Dinos_*

  • Group: Guests

Posted 28 January 2004 - 07:20 AM

No flame into that but i guess google is always your friend. Personally i wouldn't ask something before i was going to search into google about it.

Regards,
Dinos
0

#6 User is offline   EXPLOiTED 

  • Sergeant
  • Icon
  • Group: Members
  • Posts: 236
  • Joined: 23-October 03

Posted 28 January 2004 - 10:08 AM

Same....i did search Google
0

#7 User is offline   Reaper527 

  • Private First Class
  • Icon
  • Group: Members
  • Posts: 131
  • Joined: 14-January 04

Posted 28 January 2004 - 10:29 AM

EXPLOiTED, on Jan 28 2004, 12:32 PM, said:

a threat? no! What are you talking about.

well, i don't know how sqlexec opens the shell, however i can explain the threat part, i'm assuming w00dy meant it as a joke, but when you say "so it can connect to all your sql servers" it could jokingly be interpreted literaly as a tool to specifically connect to sql servers maintained by people on the board as opposed to reading a scan log which is what i'm assuming you meant.
0

#8 User is offline   EXPLOiTED 

  • Sergeant
  • Icon
  • Group: Members
  • Posts: 236
  • Joined: 23-October 03

Posted 28 January 2004 - 12:09 PM

duh... i didnt even see that typo. Yes i meant a scan log. sorry
0

#9 User is offline   Steffan 

  • Private First Class
  • Icon
  • Group: Members
  • Posts: 66
  • Joined: 08-September 03

Posted 01 February 2004 - 05:29 AM

EXPLOiTED, on Jan 28 2004, 12:32 PM, said:

i just want the raw syntax how sqlexec.exe connects and opens the remote shell. and how xscan tries the passes on the sql server. this way i can make my own with mirc scripting. as im good at sockets and made tons of things.

Hi.

1. U get only a Shell if U use the "Slammer" Exploit (SQL-UDP-Exploit) ;)

2. What U mean is (in case of sqlexec) --> xp_cmdshell
This is used to execute DOS-Commands when conn. to ms-SQL Server

3. Forget MS-SQL it's dead (exp. for SK's) *LOL*

4. Here a part of my own SQLexec I wrote (ist pure C) :

Have fun and now U should be able to code U own Scanner/Hacker B)

C'ya
Steven 

// allocate environment handle
	if (SQLAllocHandle(SQL_HANDLE_ENV,SQL_NULL_HANDLE,&hEnvironment) != SQL_SUCCESS)
  {
  printf("[-] SQLAllocHandle returned an error!\n");
  free(Prev);
  return 0;
	}

    if (SQLSetEnvAttr(hEnvironment, SQL_ATTR_ODBC_VERSION,(SQLPOINTER)SQL_OV_ODBC3, SQL_IS_INTEGER) != SQL_SUCCESS)
  {
  printf("[-] SQLSetEnvAttr returned an error!\n");
  free(Prev);
  return 0;

	}

	if ((nResult = SQLAllocHandle(SQL_HANDLE_DBC,hEnvironment,(SQLHDBC FAR*)&hDbc)) != SQL_SUCCESS)
  {
  printf("[-] SQLAllocHandle returned an error!\n");
  free(Prev);
  return 0;
	}

// connect to SQL server

	nResult = SQLDriverConnect(hDbc,NULL, InConnectionString, strlen(InConnectionString), inBuff,  1024, &sLen, SQL_DRIVER_COMPLETE_REQUIRED);
	if(nResult == SQL_SUCCESS || nResult == SQL_SUCCESS_WITH_INFO)

0
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users

  • Share



Our Sponsors:


SwiftLayer Affiliate Web Hosting