SRO Blitzkrieq -> Beginning

Page 3 of 8 12 3 45 Last »
09/08/2011 05:51 ass35#31
Quote:
Originally Posted by minimalis View Post
Only 4 of 'em has 1433(tcp) opened:
Code:
Discovered open port 1433/tcp on 123.30.200.12
Discovered open port 1433/tcp on 123.30.200.11
Discovered open port 1433/tcp on 123.30.200.9
Discovered open port 1433/tcp on 123.30.200.13
With Auto MSSQL detection:
Code:
[-] Exploit exception: [B][I][U]Invalid SQL Server credentials[/U][/I][/B]
[*] Exploit completed, but no session was created.
MSSQL set to 2000 SP4 manually:
Code:
[*] Exploit completed, but no session was created.
Maybe this will help u ;)
[*] SQL Server information for 123.30.200.13:
[*] ServerName = SHARDDB_S6
[*] InstanceName = MSSQLSERVER
[*] IsClustered = No
[*] Version = 8.00.194
[*] tcp = 1433
[*] np = \\SHARDDB_S6\pipe\sql\query
09/08/2011 15:06 BoneyM#32
Anything new is coming today? :)
09/08/2011 17:06 Tunilicious#33
I think he changed his mind ; p and wont provide hints anymore. : P
09/08/2011 19:02 Shane¸#34
Quote:
Originally Posted by ass35 View Post
Maybe this will help u ;)
[*] SQL Server information for 123.30.200.13:
[*] ServerName = SHARDDB_S6
[*] InstanceName = MSSQLSERVER
[*] IsClustered = No
[*] Version = 8.00.194
[*] tcp = 1433
[*] np = \\SHARDDB_S6\pipe\sql\query
pm me if you could run a new query.
09/08/2011 19:38 BoneyM#35
Quote:
[*] Version = 8.00.194
THIS.

You should try this exploit ms 09_004_sp_replwritetovarbin
09/08/2011 19:53 Tunilicious#36
Mhm ; P Its just database : P
09/08/2011 19:57 BoneyM#37
It's not JUST a database :)
09/08/2011 20:01 MAFIA001#38
do you tried it urself?it's not work unable to login,because need password for "sa" user even if it have this default user,i tried bruteforce sa all failed.
Exploit ms netapi 067 on port 445 also failed, access denied,maybe because it can't detect language pack,
If someone could access to their servers,write here.
09/08/2011 20:07 InZiDeR#39
Quote:
Originally Posted by BoneyM View Post
It's not JUST a database :)
It is, shard db. ^^
09/08/2011 20:21 Z|Co#40
Quote:
Originally Posted by Chernobyl* View Post
So, since there was tons of spam in the previous thread at psro section, i'm opening it here again. Please, keep this topic clean.

So, as thread subject says, operation "SRO Blitzkrieq" starts soon. More info comes in next few hours.

For mods, please, stick this thread - this is going to be interesting.

=========================================
SRO Blitzkrieq -> Beginning

So, here the stuff begins. As far as many of you already know, there is a vSRO test server running on the net out there.

The IP address is pretty well known to everyone out here.

Code:
123.30.200.70
(u can use wireshark to get the ip addr of xtrap default vsro test update server)

You may try pinging it, to ensure it's up.

Code:
 cmd -> ping 123.30.200.70
Well, let's see what we got there ?

Let's trace route.

Code:
Code:
cmd -> tracert 123.30.200.70
(first few hops removed)

Code:
  7   277 ms   276 ms   276 ms  80.156.161.62
  8   303 ms   304 ms   303 ms  203.162.217.25
  9   304 ms   304 ms   303 ms  static.vdc.vn [222.255.165.33]
 10   313 ms   313 ms   313 ms  203.162.231.9
 11   318 ms   318 ms   319 ms  static.vdc.vn [123.30.63.26]
 12   313 ms   313 ms   313 ms  static.vdc.vn [123.30.63.66]
 13   314 ms   314 ms   313 ms  dynamic.vdc.vn [123.30.200.254]
 14   313 ms   313 ms   313 ms  dynamic.vdc.vn [123.30.200.70]
Trace complete.
We see few gateways there, huh ? Seems like a pretty huge network, lulz.

Let's scan the "closest" machines to our target. (i'd preffer NMAP)


Code:
nmap -T4 -A -v 123.30.200.0-255
And what do we see there ? Lots of shit.

Tons of machines with MSSQL 2000 SP4 machines, available SMB services, ftp servers, etc...

=========================================

More hints comes shortly.

=========================================
Blitzkrieq -> Part 2

HINT :

Code:
ms netapi 067
ms 09_004_sp_replwritetovarbin
==========================================

More hints comes shortly.
all i see is just some numbers
09/08/2011 20:37 3lyka#41
Just tried what i can do..nothing special)
[*] Redirecting flow to 0x6900a7 via call to our faked vtable ptr @ 0xa87f26
[-] Exploit exception: Unable to log in![*] Exploit completed, but no session was created.


btw [Only registered and activated users can see links. Click Here To Register...]
09/08/2011 20:49 Getzabelz#42
Yea guys, keep leaving your IP on their servers, so when they look for those who hacked the files they will have even your phy x)
09/08/2011 21:00 BoneyM#43
I personaly didn't tried this, dunno maybe it's most succesfull way to get files, but messing with company is not for me :D
09/08/2011 21:08 Chernobyl*#44
Quote:
Originally Posted by Getzabelz View Post
Yea guys, keep leaving your IP on their servers, so when they look for those who hacked the files they will have even your phy x)
Well, their security depends on their own.
09/08/2011 21:57 s2k#45
Chernobyl are you DDoSing?

Blitzkrieq => DDoS?

and what about the 80% Status in your irc channel?
trying to get all server down? your inclusive?

20% left for dwo and esro?

no offence just suspicious : P
Page 3 of 8 12 3 45 Last »