MS SQL method fuck

~~dalepharo~~ · 04/01/2006, 22:58

maybe, but one thing i know, is that the usernames are the same. i think the passes are encrypted. try using the sql query browser. it works wonders...

toreddo · 04/01/2006, 23:01

im not using it on this computer, and if im gonna do something like that i will use the school computer.

i think it is 50% chance that the encryption is MD5

~~dalepharo~~ · 04/01/2006, 23:03

i think u'r right. it looks like md5, but it gets spread over 4 packets when you login

toreddo · 04/01/2006, 23:05

Quote:

Originally posted by dalepharo@Apr 1 2006, 23:03
i think u'r right. it looks like md5, but it gets spread over 4 packets when you login

omg, that is anoying! well good luck! :P
Im not gonna try this 4 x 4 = 16 16 different ways are possible to sort this

~~dalepharo~~ · 04/01/2006, 23:08

oh well... sigh. there's like 2 constants in the login packets, so that should make it a bit easier, still, if you know anyone interested in doing a dist. brute attack, plz let me know. thx.

toreddo · 04/01/2006, 23:09

Quote:

Originally posted by dalepharo@Apr 1 2006, 23:08
oh well... sigh. there's like 2 constants in the login packets, so that should make it a bit easier, still, if you know anyone interested in doing a dist. brute attack, plz let me know. thx.

i shall ask a friend, but im going to bed now bye bye

~~dalepharo~~ · 04/01/2006, 23:11

cheers

~~mothmanknows~~ · 04/01/2006, 23:26

dude, it would still take ages to do...

~~mothmanknows~~ · 04/01/2006, 23:27

if i had more time on the net, i would help, but sadly... i dont...

Robsta · 04/02/2006, 00:39

i wouldn't, dickweed here's trying to login to my n00b tao now lol. Its gota backdoor in it/keylogger sooo, no.

Robsta · 04/02/2006, 00:48

and also, heres hte virus scan logs, i wish i would have scanned first
File: Angry_IP_Scanner.exe
Status:
INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 a1d5993c5e1e2bf75ec2b19740eb6e49
Packers detected:
-
Scanner results
AntiVir
Found nothing
ArcaVir
Found Trojan.Dropper.Vb.Lv
Avast
Found nothing
AVG Antivirus
Found Dropper.Generic.EAJ
BitDefender
Found Generic.Malware.PPk.14B56DE6
ClamAV
Found Trojan.Dropper.VB-4
Dr.Web
Found nothing
F-Prot Antivirus
Found W32/Trojan.BDE
Fortinet
Found W32/VB.LV-dr
Kaspersky Anti-Virus
Found Trojan-Dropper.Win32.VB.lv
NOD32
Found nothing
Norman Virus Control
Found W32/VBTroj.G
UNA
Found nothing
VirusBuster
Found nothing
VBA32
Found Trojan-Dropper.Win32.VB.lv

Waverunner · 04/02/2006, 06:48

Of course it is MD5. Everything uses MD5 today. AOL, MSN Messenger, etc. About bruteforcing: rainbow tables would be best, yes, but who has big enough tables? Even if you create a big enough one, which takes a while, you still have to do the hacking which can take years depending on length of password. What if CO SQL pass is 200 characters long? That would take LITERALLY decades to bruteforce or break with a rainbow table unless you used an extremely fast processor with overclocking.

Tw3ak · 04/02/2006, 09:40

only wannabe hacker script kiddies would be tryin to hack the sql anyway using bots and exploits in the game is 1 thing when you go out of your way to fk other people over is just moronic.

k4g4m1 · 04/04/2006, 10:24

ya better go find some exploit than brute force , few attempts and u will get blockd

tester · 04/05/2006, 21:44

Quote:

Originally posted by Robsta@Apr 1 2006, 20:10
but as far as i know, its mandated for sql servers to be passworded.

be4 recent updates the default sa password was blank unless you explictly set it