SQL injection simply question.

Page 1 of 2 1 2
04/26/2011 03:45 hoseta#1
Hello guys i have a simply question for ya....
I know injection well but i never injected kalonline...
I have dbuser dbpass etc by injected 1 server from topofgames..
tip: this server is in top 10 xD i wont give name becouse this 1 take me alot of time ..( BLIND injected ;o ).
Ah, anyway I want to ask you guys if I have all infos what i need to do?
download mysql and login wtf? never had my own server so thats why i ask you...

Greetings FANEq.
04/26/2011 12:03 therangerman#2
so what ur question :D?
04/26/2011 12:08 hoseta#3
What I need to do after get dbname , db user , dbpass.

I know its run as 'sa' db user is: dbo ... password is: ********
So my next move should be download SQL 2005 and login or what ;o?
I never tryed b4 hacking on Game, just powned site's

Greetings FANEq.
04/26/2011 12:09 pamz12#4
try it and you'll see it :p
04/26/2011 12:11 hoseta#5
ya i would but i need download this shit and wanna be sure xD
04/26/2011 12:33 Fremo.#6
and you said my posts are crappy :X

btw: Using SQLi tools isnt hard.
04/26/2011 12:45 hoseta#7
Quote:
Originally Posted by Fr . .ome View Post
and you said my posts are crappy :X

btw: Using SQLi tools isnt hard.


i dont use SQLi tool -.- wtf... ur so dumb and sql injection tool wont find this vuln.
SQLi tool = based sql -.- crappy and tool using blind one
04/26/2011 12:56 Fremo.#8
SQLi tools also can do blind SQLi ^_^
04/26/2011 13:15 hoseta#9
Quote:
Originally Posted by Fr . .ome View Post
SQLi tools also can do blind SQLi ^_^
:LOL: this is what I said (@ ABOVE @)

thats why the sql tool is shity ... and tool wont find alot of vuln its just do basic step adding

dork:'
or
dork; or 1=2 --
or
dork'; waitfor delay '0:0:10' --

its shit ;o
04/26/2011 14:43 ZeroTol#10
You can't get a database password by injecting.

Also run as 'sa' user and db user is 'dbo'? Yawn.

I should thank your posts for the entertainment :|
04/26/2011 17:07 Zogga#11
Quote:
Originally Posted by hoseta View Post
Ah, anyway I want to ask you guys if I have all infos what i need to do?
.
Backup databases & download ?
04/26/2011 20:19 hoseta#12
Quote:
You can't get a database password by injecting.

Also run as 'sa' user and db user is 'dbo'? Yawn.

I should thank your posts for the entertainment :|
Ah, i already told ya im suck in injecting db game i just injected a websites i didint focus on sql server
thats why i post and ask so i just find vuln and i am not able to do anything with this xD
04/26/2011 23:05 Doofy#13
maybe read basics for sqli.
server-version? 5 = easy doing, 4 = brutforce...
and btw connect with an sql client = most time fail, server only accepts connection from localhost for security reason.
04/27/2011 00:20 IRknight1337#14
i think its last time for u guys to start using BackTrack 4 linux distro ;>
04/27/2011 13:06 Doofy#15
Quote:
Originally Posted by IRknight1337 View Post
i think its last time for u guys to start using BackTrack 4 linux distro ;>
pro haxo00r -.-
Page 1 of 2 1 2