SQL injection simply question.

hoseta · 04/26/2011, 03:45

Hello guys i have a simply question for ya....
I know injection well but i never injected kalonline...
I have dbuser dbpass etc by injected 1 server from topofgames..
tip: this server is in top 10 xD i wont give name becouse this 1 take me alot of time ..( BLIND injected ;o ).
Ah, anyway I want to ask you guys if I have all infos what i need to do?
download mysql and login wtf? never had my own server so thats why i ask you...

Greetings FANEq.

~~therangerman~~ · 04/26/2011, 12:03

so what ur question

?

hoseta · 04/26/2011, 12:08

What I need to do after get dbname , db user , dbpass.

I know its run as 'sa' db user is: dbo ... password is: ********
So my next move should be download SQL 2005 and login or what ;o?
I never tryed b4 hacking on Game, just powned site's

Greetings FANEq.

pamz12 · 04/26/2011, 12:09

try it and you'll see it

hoseta · 04/26/2011, 12:11

ya i would but i need download this **** and wanna be sure xD

~~Fremo.~~ · 04/26/2011, 12:33

and you said my posts are crappy :X

btw: Using SQLi tools isnt hard.

hoseta · 04/26/2011, 12:45

Quote:

Originally Posted by Fr . .ome

and you said my posts are crappy :X

btw: Using SQLi tools isnt hard.

i dont use SQLi tool -.- wtf... ur so dumb and sql injection tool wont find this vuln.
SQLi tool = based sql -.- crappy and tool using blind one

~~Fremo.~~ · 04/26/2011, 12:56

SQLi tools also can do blind SQLi ^_^

hoseta · 04/26/2011, 13:15

Quote:

Originally Posted by Fr . .ome

SQLi tools also can do blind SQLi ^_^

:LOL: this is what I said (@ ABOVE @)

thats why the sql tool is shity ... and tool wont find alot of vuln its just do basic step adding

dork:'
or
dork; or 1=2 --
or
dork'; waitfor delay '0:0:10' --

its **** ;o

ZeroTol · 04/26/2011, 14:43

You can't get a database password by injecting.

Also run as 'sa' user and db user is 'dbo'? Yawn.

I should thank your posts for the entertainment :|

Zogga · 04/26/2011, 17:07

Quote:

Originally Posted by hoseta

Ah, anyway I want to ask you guys if I have all infos what i need to do?
.

Backup databases & download ?

hoseta · 04/26/2011, 20:19

Quote:

You can't get a database password by injecting.

Also run as 'sa' user and db user is 'dbo'? Yawn.

I should thank your posts for the entertainment :|

Ah, i already told ya im suck in injecting db game i just injected a websites i didint focus on sql server
thats why i post and ask so i just find vuln and i am not able to do anything with this xD

Doofy · 04/26/2011, 23:05

maybe read basics for sqli.
server-version? 5 = easy doing, 4 = brutforce...
and btw connect with an sql client = most time fail, server only accepts connection from localhost for security reason.

IRknight1337 · 04/27/2011, 00:20

i think its last time for u guys to start using BackTrack 4 linux distro ;>

Doofy · 04/27/2011, 13:06

Quote:

Originally Posted by IRknight1337

i think its last time for u guys to start using BackTrack 4 linux distro ;>

pro haxo00r -.-