[Release] MSSQL Exploit for leaking & editing databases

Page 1 of 4 1 23 Last »
05/18/2012 23:26 torstmn#1
Hey guys,
needed about 1 hour to write it, after a while having fun with it I thought about releasing it (source code included).

Features:
+ Send query
+ Get table / data
+ Download table (full)
+ Download whole database
+ Use a script (script explanation below!)

How to:
1.) Run the cert chernobyl released to get the database access information.
2.) Open up connection_settings.dat and enter the database info.
3.) Run MSSQL Exploit.exe and wait a moment so it can connect to database.
4.) Have fun.

Included example scripts:
Quote:
[AddItem]
[ClearPkStatus]
[GiveSilk]
[SetGold]
[SetGuildLevel]
[SetHwanLevel](Zerk level)
[SetInventorySize]
[SetLevel]
[SetNewName]
[SetSTR&INT]
Information
- Leaked tables & databases can be found under:
'%myProgram%\output\%serverip%\%databaseName%\tabl eName.txt'

Scripts:
The package contains 10 example scripts.
use @myvar to declare a new parameter.
use // in front of a line to create a comment.
IMPORTANT: For each query 1 line!

Script example:
Quote:
//Gives silk to a user.
@silk
@user
update SK_Silk set silk_own = silk_own + '@silk' where JID = '@user'


Actually I was just bored... Every child could code such a tool.
Quick image:
[Only registered and activated users can see links. Click Here To Register...]

Download
(compiled)
Quote:
[Only registered and activated users can see links. Click Here To Register...]
(source c#)
Quote:
[Only registered and activated users can see links. Click Here To Register...]
*So guys, hope you like my coding style
Common problems:
Quote:
+ Target doesn't accept incoming SQLConnections.
+ Target doesn't accept incoming SQLConnections.
+ Target doesn't accept incoming SQLConnections.
05/19/2012 00:33 Disco Teka#2
#approved
05/19/2012 06:35 PortalDark#3
cool
still, this is a pretty simple tool
unless you get server mssql login, it will be nothing but useless
again, cool for the share
05/19/2012 15:15 wind111#4
ty.

Quote:
1.) Run the cert chernobyl released to get the database access information.
where can i find it ? :)
05/19/2012 16:04 mertcoskun#5
Now All the kids will try to fck the servers.Congratulations!
05/19/2012 16:15 rushcrush#6
Quote:
Originally Posted by mertcoskun View Post
Now All the kids will try to fck the servers.Congratulations!
it wont work on servers who have good protection
05/19/2012 17:38 wind111#7
Quote:
Originally Posted by mertcoskun View Post
Now All the kids will try to fck the servers.Congratulations!
private server is illegal any way ,
05/19/2012 17:51 insertcoi#8
1.) Run the cert chernobyl released to get the database access information.
what is this ? how to get it ?
05/20/2012 03:52 PortalDark#9
Quote:
Originally Posted by insertcoi View Post
1.) Run the cert chernobyl released to get the database access information.
what is this ? how to get it ?
use search
05/20/2012 06:12 ღ ∂ Ropp#10
Quote:
Originally Posted by PortalDark View Post
use search

And your suppose to be forum Guardian?

Jesus, just give him the link? o.O

On-Topic ; here ya go, [Only registered and activated users can see links. Click Here To Register...]
05/20/2012 07:34 _sweety_cat_#11
how to use it ? can any1 make a video xD?
05/20/2012 20:14 grasvys112#12
hi what port use in chernobyl cert ?
05/20/2012 22:09 Aerox1337#13
port :32000 ,epic
05/20/2012 22:13 PortalDark#14
Quote:
Originally Posted by grasvys112 View Post
hi what port use in chernobyl cert ?
32000
but if you are smart, 90% of servers now have it closed

as i said before, this is useless unless you get to know servers login credentials
05/21/2012 02:04 wind111#15
Quote:
use search
i just don't know what is that .


Quote:
And your suppose to be forum Guardian?

Jesus, just give him the link? o.O

On-Topic ; here ya go, pack.rar


You are the best . Good luck :):)


how can i get server ip address and (spoof)

ty
Page 1 of 4 1 23 Last »