Results 1 to 6 of 6

Thread: Sql server 2000

  1. #1
    Banned
    Join Date
    Sep 2010
    Posts
    14

    Default Sql server 2000

    Hy ,i'm italian, my english is not very well so you should be patient to understand my messages!
    I've founded an exploit for "sql server 2000" this :Microsoft SQL Server sp_replwritetovarbin() Heap Overflow Exploit
    This exploit can be used by metasploit,following this simple tutorial Metasploit Penetration Testing Framework - Module Browser
    Exploit is very good but ,// You need a valid SQL account, but you can also use this through an SQL-Injection simply by injecting the T-SQL stuff.//.
    the text commented (c++ style) say that i need a valid SQL accout,but i have not this!
    Sometone can help me to use this Exploit ,explaing to me "injecting the T-SQL stuff".
    I know sql-injection but in this case can i use this to a server?
    I use it always for web interface not Server!
    Thank you for read me!

  2. #2
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default Re: Sql server 2000

    From my own ten second scan of the exploit it appears that it sends an SQL query to a particular vulnerable version of the MS SQL server that causes a buffer overflow. To exploit it you need to.... send the SQL query to the server. One possible way to do this (as mentioned in the exploit) would be via SQL injection - like through a web application. Another way would be via a command line SQL client, which would require you to logon using a valid database userid that has the appropriate permissions to make the SQL query. If you understand the way that databases work this is pretty straightforward, so I suggest you do some research on this topic - maybe search the Internet on how to get command line SQL access to a MS SQL server.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  3. #3
    Banned
    Join Date
    Sep 2010
    Posts
    14

    Default

    I'm searching, but in your opinion is possible get a command line for Sql server 2000 that is producted by microsoft by an unix machine?

    i've founded a program called "freeTDS".
    In your opinion may be it useful to my target,that now is get command line with sql server 2000?

    PS: (Sorry my english)
    Last edited by lupin; 09-28-2010 at 08:00 AM. Reason: Merging...

  4. #4
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default Re: Sql server 2000

    Yes, that could be part of a solution. That provides some low level communication, you will still need something else to use as an interface to it. You might want to read this.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  5. #5
    Banned
    Join Date
    Sep 2010
    Posts
    14

    Default Riferimento: Sql server 2000

    I've downloaded sqlcmd for windows xp to make easier my life.
    I use sometimes windows xp in an another Pc.
    Now ,how can i take action?

  6. #6
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default Re: Sql server 2000

    You're not expecting me to guide you through this step by step are you? Reread the code of the exploit and my post (number 2) above, I have already explained what you need to do - the SQL queries from the exploit need to be sent to the vulnerable MS SQL server.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

Similar Threads

  1. [Help] Hacking into Windows 2000 SP4
    By Optovisc in forum Beginners Forum
    Replies: 7
    Last Post: 01-29-2010, 10:24 PM
  2. Replies: 5
    Last Post: 01-27-2009, 11:54 AM
  3. When did ms sql server 2000 desktop engine get patched?
    By drakoth777 in forum OLD Newbie Area
    Replies: 0
    Last Post: 09-24-2008, 09:13 PM
  4. VMware Server and Windows Server 2003
    By Zo7779 in forum OLD General IT Discussion
    Replies: 3
    Last Post: 05-08-2008, 05:53 AM
  5. Anyone can help (word 2000 recovery)
    By hummerxploit in forum OLD General IT Discussion
    Replies: 11
    Last Post: 04-15-2008, 04:48 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •