Sql Databases Mini Lecture
d4JinX / AZTEK / Spiderman / Mikkkeee

*Note: This lecture was held  impromptu so we didn't have a chance to cover many more important areas of sql databases.

*** Mikkkeee sets mode: +m
<Mikkkeee> okay we got something set
<Mikkkeee> its going to be an sql lecture
-xenitanus- thanks :)
<Mikkkeee> pl/sql then php/sql then cracking sql
<Mikkkeee> then we can kill reptile after we are done
*** Mikkkeee sets mode: -m
<_ciR_> lol
<MASTURB4TION> sounds ok
<N0_Nick> hm
<N0_Nick> okay
<UnHaFox> lol nick, now its 4.30?   and before 10.00?=)))))))))))) you are are from california, aren t you?
<N0_Nick> we will survive
<UnHaFox> =)
<UnHaFox> ok mikkee
<MASTURB4TION> espescially the end
<_ciR_> im 4 killing reptile
<N0_Nick> n0 man
<AZTEK> d4JinX: is starting
*** AZTEK sets mode: +m
<d4JinX> lol
<AZTEK> take it away d4JinX
<d4JinX> Am I?
*** Mikkkeee sets mode: +o d4JinX
*** ChanServ sets mode: -o d4JinX
<AZTEK> well you want to start with history
<d4JinX> I think sql should run first..
*** SySt3mShk has joined #bsrf
<AZTEK> ok
<Mikkkeee> ----------------sql lecture------------------------
<d4JinX> Okay, SQL stands for Structured query language
<AZTEK> SQL originated from IBM's research labs in the early 1070's
<d4JinX> k..
<AZTEK> SQL is the post cursor to SEQUEL
<AZTEK> Structured English QUEry Language
*** d4JinX is now known as d4J1nX
*** Lone[Star] has quit IRC (Quit: see ya pplz l8r)
<AZTEK> sql is strictly a language to access relational databases
*** _ciR_ has quit IRC (Quit: )
<AZTEK> such as oracle or paradox
<AZTEK> the latest ansi is recomendation sql-92
<AZTEK> and thats my history now for d4J1nX
<AZTEK> brb
<d4J1nX> As Aztek said SQL is a language used to access databases
<d4J1nX> It has very simple syntax
<d4J1nX> And is very easy to pick up
*** SySt3mShk has quit IRC (Ping timeout: 181 seconds)
<d4J1nX> Languages such as ASP and PHP use SQL statements
<d4J1nX> Say we had a database called people
<d4J1nX> I hope everyone knows what a database is ;-)
<d4J1nX> Within that database would be a number of tables
<d4J1nX> These tables hold the data in the form of fields with their corresponding types
<AZTEK> ok back
<d4J1nX> eg people table
<d4J1nX> This could be made up of
<d4J1nX> wb Az
<AZTEK> thx
<d4J1nX> VARCHAR and number are the types
*** StartX has joined #bsrf
<d4J1nX> There would also be an ID field
<d4J1nX> Used for indexing and joining tables
<d4J1nX> It has to be unique
<d4J1nX> And it cant be null when a new record is added to the table
*** SySt3mShk has joined #bsrf
<d4J1nX> So we have a table called people with the fields already stated
<d4J1nX> Say we have a web front end
<d4J1nX> And we want to display all the people within the table
<d4J1nX> We would use a statement like
<d4J1nX> SELECT * from people
<d4J1nX> * being all the fields
<d4J1nX> We could pull back one field or two
<d4J1nX> SELECT surname,forename FROM table
<d4J1nX> If its a big table
<d4J1nX> SELECT *
<d4J1nX> Can take a long time
*** WishGenie has joined #bsrf
<d4J1nX> So sometimes its better to pull back only the fields required
<d4J1nX> If your lazy as well, SELECT * lol
*** Drager has quit IRC (Ping timeout: 180 seconds)
<d4J1nX> Once we issue this statement a temporary table is setup
<AZTEK> a view
<d4J1nX> Which has the relevant fields and the relevant values
<d4J1nX> Yes, you can have views too
*** CodE4 has joined #bsrf
<AZTEK> i was just wondering when you were goign to start them
*** idiocy|idle has quit IRC (Read error: 104 (Connection reset by peer))
<d4J1nX> If we want to add to the people tablAka's: Brian-17-, Mr_Innocent
<d4J1nX> Name: Brian
<d4J1nX> Age: 17
<d4J1nX> Department: Warez
<d4J1nX> Rank: Head
<d4J1nX> Skillz: nuking, kloning, email bombing, spoofing, flooding, viral attacks, networking, troubleshooting, finding illegal software
<d4J1nX> WeFuck
<d4J1nX> My buffer
<AZTEK> its what i would have done first
<d4J1nX> kay
<d4J1nX> You go for it
<AZTEK> lol from that site form the message board
<d4J1nX> phone
<d4J1nX> Yep
<AZTEK> no no your doing fine
<d4J1nX> 2 secs phone
*** [PhaLanX] has quit IRC (Ping timeout: 180 seconds)
*** ken has joined #bsrf
*** CodE4 has left #bsrf
*** d4J1nX has quit IRC (Ping timeout: 180 seconds)
<Mikkkeee> okay the lecture will presume in a few min
<AZTEK> i am sorta not here and here
<AZTEK> so i will be in and out
<Mikkkeee> same here iam going to wrap some stuff for the cracking part
*** freespeachlamer has joined #bsrf
*** AirriK has joined #bsrf
*** d4J1nX has joined #bsrf
*** [PhaLanX] has joined #bsrf
*** Mikkkeee sets mode: +v d4J1nX
<Mikkkeee> wb
<d4J1nX> Thx
<d4J1nX> Side lecture - See when ya have a cable modem, dont let your cellphone anywhere near it, especially when it rings
*** AirriK is now known as _AirriK-
<AZTEK> lol
<d4J1nX> Keep getting caught with that
<d4J1nX> Had to reboot
<d4J1nX> So, where were we?
<bluehaze> was there any lecture?
*** _AirriK- has quit IRC (Quit: Leaving)
<Mikkkeee> yah were doing an sql lecture instead
<bluehaze> oh
<Mikkkeee> <d4J1nX> If we want to add to the people tablAka's: Brian-17-, Mr_Innocent
<Mikkkeee> <d4J1nX> Name: Brian
<Mikkkeee> <d4J1nX> Age: 17
<Mikkkeee> <d4J1nX> Department: Warez
<Mikkkeee> <d4J1nX> Rank: Head
<Mikkkeee> <d4J1nX> Skillz: nuking, kloning, email bombing, spoofing, flooding, viral attacks, networking, troubleshooting, finding illegal software
<Mikkkeee> we were up to there
<bluehaze> who's giving it?
<bluehaze> oh ok
<Mikkkeee> aztek/d4j1nx/and I
*** lostmode has joined #bsrf
<d4J1nX> Kay
*** xenitanus has quit IRC (Quit:)
<d4J1nX> So basically we pull back a temporary table from that statement
<d4J1nX> We can also have conditional syntax
<d4J1nX> Such as
*** freespeachlamer has left #bsrf
<d4J1nX> SELECT surname FROM people WHERE surname LIKE '%on'
<d4J1nX> Will pull back all the records where the surname has on at the end
<d4J1nX> Or
<d4J1nX> SELECT phone_number FROM people WHERE phone_number>809090
<d4J1nX> Self explanatry I hope
<d4J1nX> If we want to add to a table
<d4J1nX> Then we use an INSERT statement
*** Litte has joined #bsrf
*** cupelmen has joined #bsrf
<d4J1nX> INSERT into people(surname,forname,phone_number) VALUES ('woods','jim',0202020)
<d4J1nX> The ID will be created automatically by means of a trigger - will get to it later
<d4J1nX> If we wanted to update the table then we would use the UPDATE statement..
<d4J1nX> UPDATE people SET surname='newsurname';
<d4J1nX> deleting would require knowing the id, more practical, although not necessary
<d4J1nX> DELETE from people where people_id=349
*** StartX has quit IRC (Quit: )
<d4J1nX> The three basic db maintenance statements
<d4J1nX> All pretty simple syntax, as I mentioned before
*** Devil_Panther has joined #BSRF
*** zwanderer has joined #bsrf
*** Shadow_Stalker has joined #bsrf
<d4J1nX> So we know how to add to a table in a database, delete from a table and update a record in a table
*** reptile has joined #bsrf
*** Litte has quit IRC (Quit: Clone for reptile w00t w00t)
*** _ciR_ has joined #bsrf
<AZTEK> yep it is simple
<d4J1nX> As I mentioned earlier..
<d4J1nX> A trigger is used to created the id automatically
*** _ciR_ is now known as __ciR_-
<d4J1nX> A trigger is a small script, if you like that will add the id to the id field on an insert into the table
*** D12_BoyZ has joined #bsrf
<d4J1nX> This ID number is taken from a number sequence in the database
<d4J1nX> The sequences are created manually
*** ewren has joined #bsrf
*** D12_BoyZ has left #bsrf
<d4J1nX> Each table that is normalized and has an ID field will have a different sequence
<d4J1nX> Now..
<d4J1nX> Say we have another field in our people table
*** paranoid has joined #bsrf
<d4J1nX> Called contact_name
<d4J1nX> And contact_address
*** MrBS480 has joined #bsrf
*** cupelmen has joined #bsrF
<d4J1nX> Now in order to normalise a db we would remove these two "repeating" fields and replace them with one
<d4J1nX> Contact_ID
<d4J1nX> And a separate table would be created called contacts
<d4J1nX> This table would have the fields.
<d4J1nX> Contact_id
<d4J1nX> Contact_name
*** Mikkkeee sets mode: +v Devil_Panther
<d4J1nX> Contact_address
<d4J1nX> brb door
*** paranoid has left #bsrf
<Mikkkeee> okay seems like reptile showed up, so were going to finish this lecture and then do the vb coding
*** MrBS480 has quit IRC (Quit: )
*** ewren has quit IRC (Quit: )
*** flipu has joined #bsrf
<d4J1nX> back
<d4J1nX> Kay, I hope this is making some sense here, didnt really have time to prepare
<d4J1nX> Right so we now have two tables
*** lostmode has quit IRC (Quit: )
<d4J1nX> Contact table
<d4J1nX> And people table
<d4J1nX> Say we wanted all contact names for all the people whose first name was john
<d4J1nX> We would have to join our tables in the query statement
*** flipu has quit IRC (Not enough time connected)
*** torpor has joined #bsrf
*** __ciR_- has left #bsrf
<d4J1nX> SELECT contact_name FROM people p,contact c WHERE p.contact_id=c.contact_id AND forename = 'John'
<d4J1nX> Notice the c and p used for an alias and to remove ambiguity
*** WishGenie has quit IRC (Quit: i gotta reboot)
*** cupelmen has quit IRC (Quit: time to sleep...)
<d4J1nX> That statement will pull back the contact names for all the people called John
<d4J1nX> On an off note..
<d4J1nX> Say we had a drop down/combo box on our webpage
<d4J1nX> And we wanted the full details of a particular person
*** makzee has quit IRC (Ping timeout: 180 seconds)
*** SpiderMan has joined #bsrf
*** ChanServ sets mode: +o SpiderMan
<d4J1nX> In the drop box we would have the details "John Woods" or "Chris Simms"
*** bluehaze has quit IRC (Ping timeout: 180 seconds)
<d4J1nX> But the actual value would be the corresponding id in the table
<Mikkkeee> hail spider
<SpiderMan> hey
<AZTEK> Spidey
*** ken has quit IRC (Quit: )
<AZTEK> all hail SpiderMan
<SpiderMan> hey AZTEK
*** Capt_InsaneO has joined #bsrf
<d4J1nX> Depending on the langauge being used we loop through each record brought back from the query and have a formselectOption for each
*** Mezzano has quit IRC (Read error: 113 (No route to host))
<d4J1nX> SELECT people_id, forename FROM people;
<d4J1nX> The forename would be in the dropdown
*** torpor has left #bsrf
<d4J1nX> But behind the scenes the actual value for that selection is the id
*** Capt_InsaneO has left #bsrf
*** mezzano has joined #bsrf
*** acid519 has joined #bsrf
<Devil_Panther> oh... hi spidy
<d4J1nX> This is moving on to front end languages though and since php seems to be very popular at the moment, Aztek will take it form here
<d4J1nX> Hey Spider :-)
<SpiderMan> hi
<SpiderMan> sorry to disturb
<d4J1nX> np
<AZTEK> ok i guess its php time
<AZTEK> and we are going to php and not perl
<SpiderMan> so soon?
<AZTEK> lets hit it spidy\
<AZTEK> yea
<AZTEK> ok
<SpiderMan> nothing more of SQL?
<SpiderMan> WHERE clause
<Mikkkeee> php now
<SpiderMan> db normilization
<SpiderMan> ok
<Devil_Panther> AZTEK,,, i guess you preffer php on perl... huh?!
<AZTEK> we did the WHERE
<AZTEK> yea
<d4J1nX> Thats already been done Spider
<SpiderMan> ok
<d4J1nX> Plus normalisation - although not alot
<SpiderMan> ok then I guess it is php time :)
<AZTEK> mysql is the prefered datbase engine of choice by us phpers
<SpiderMan> because it's small, fast, and cheap
<AZTEK> what make us choose mysql over any other
<d4J1nX> You want me to go into normalisation more first Aztek?
<AZTEK> exactly
<AZTEK> cant beat free
<SpiderMan> also it's avaliable on many platforms
<Devil_Panther> ok ok...
<Devil_Panther> LECTURE PLS
<AZTEK> yea any platform apache and php run mysql does
<Devil_Panther> lol
*** BaGeL has joined #bsrf
<AZTEK> ok
<AZTEK> mysql_connect();
<AZTEK> you have to connect to the mysql host
<d4J1nX> Can php use access databases Az?
<AZTEK> usually localhost
<AZTEK> d4J1nX: yes
<AZTEK> actually i am waiting for spidy to give me the syntax since i don't have my manual open
<SpiderMan> for mysql_connect()?
<SpiderMan> it's localhost, username, password
<AZTEK> yea
<SpiderMan> in strings
<AZTEK> yea but port
<AZTEK> and stuff
<SpiderMan> if no port is given it uses the default
<AZTEK> int mysql_connect ([string hostname [:port] [:/path/to/socket] [, string username [, string password]]])
<SpiderMan> you don't have to provide the port unless it's different then the standard
<AZTEK> yea
<AZTEK> i was wanting the full atribs :)
<SpiderMan> ah, I'll open my docs
<AZTEK> ok mysql_connect() returns a database handle
<AZTEK> that we will use later for other things
<SpiderMan> you should always check for a valid handle
<AZTEK> we use mysql_query();
<AZTEK> te send a query which d4J1nX when over the standard querys earlier
<SpiderMan> $con= mysql_connect("localhost", "jared", "pass"); if(!$con) {die("can't connect!");}
*** Shiva_Shanti has joined #bsrf
<AZTEK> mysql_query("SELECT * FROM people");
<SpiderMan> int mysql_query (string query [, int link_identifier])
*** d4J1nX has quit IRC (Ping timeout: 180 seconds)
<AZTEK> $result = mysql_query("SELECT * FROM people");
<AZTEK> thats will return what mysql said for the query
<SpiderMan> then you can use functions such as mysql_fetch_array() to get the results
<AZTEK> yea
<AZTEK> umm thats the reson php is popular for database use its really easy :)
*** acid519 has quit IRC (Ping timeout: 180 seconds)
<AZTEK> use mysql_drop_db("database name"); to delete a database
<AZTEK> use mysql_create_db("database name"); to create a databse
<AZTEK> anything else spidy
<AZTEK> like i said its easy
<SpiderMan> int mysql_create_db (string database name [, int link_identifier])
<SpiderMan> let's give an example
<AZTEK> ok
<AZTEK> from the start
<SpiderMan> how about something to pull news out of a db
*** d4J1nX has joined #bsrf
<AZTEK> ok
<SpiderMan> let's say a database is set up with an id field and a news field
<SpiderMan> to get the news out we could do this
<SpiderMan> if (!mysql_connect("host", "user", "pass")) {die("error!");}
*** TCL has joined #bsrf
*** ChanServ sets mode: +v TCL
<SpiderMan> mysql_select_db("db");
<AZTEK> |ID|NEWS                 |
<AZTEK> --------------------------
<AZTEK> |1 |.....................|
<AZTEK> |2 |.....................|
<AZTEK> |3 |.....................|
<AZTEK> |4 |.....................|
<AZTEK> |5 |.....................|
<SpiderMan> that's what the db table would look like
<SpiderMan> $result= mysql_query("SELECT * FROM news ORDER BY id DESC);
<SpiderMan> we use that to select the news and id out
<SpiderMan> then using a while loop fetch all the data
*** Shiva_Shanti has quit IRC (Quit: eat, bbl)
<SpiderMan> while($row= mysql_fetch_array($result)) {
<SpiderMan> $news= $row["NEWS"];
<SpiderMan> $id= $row["ID"];
*** divinator has quit IRC (Ping timeout: 180 seconds)
<SpiderMan> echo "id= $id<br>";
*** N0_Nick has quit IRC (Ping timeout: 180 seconds)
<SpiderMan> echo "news= $news<br>";
<SpiderMan> }
<SpiderMan> and after that we close the connection to the database
<AZTEK> ok i tought spidy was just pulling this out of one of his scripts
<AZTEK> never mind
<SpiderMan> heh nope
<SpiderMan> just wrote it up right now
<AZTEK> ok
<AZTEK> using my little impromtu database
<SpiderMan> heh yup
<SpiderMan> question time?
<AZTEK> .mode #bsrf -m
*** AZTEK sets mode: -m
<freakOVER[away]> whew
*** N0_Nick has joined #bsrf
<UnHaFox> =)
<freakOVER[away]> i felt so
<freakOVER[away]> muzzled
<SpiderMan> heh
*** acid519 has joined #bsrf
<UnHaFox> ah got it one the log file;)
<AZTEK> damn laptop
<mezzano> we can talk again ;)
<AZTEK> well its not over
<d4J1nX> Explain each line of code Spider
<AZTEK> d4J1nX
<AZTEK> is about to do perl
<UnHaFox> not over?
<N0_Nick> hey i got disconnected
<SpiderMan> ok
<N0_Nick> man
<freakOVER[away]> oo
<SpiderMan> wait I want to give some tips before we go to perl
<freakOVER[away]> perl
*** AZTEK sets mode: +m
<SpiderMan> ok so first we connect to the database using mysql_connect()
*** acid519 is now known as _acid519-
*** pixel_chomp has joined #bsrf
<SpiderMan> we test to make sure we could connect in the if clause
<AZTEK> if (!mysql_connect("host", "user", "pass")) {die("error!");}
<SpiderMan> if we can't connect we exit the script with the error message
*** _ciR_ has joined #bsrf
<SpiderMan> in a real script you would give a better error
<AZTEK> yea like
<AZTEK> "You fucked it up"
<AZTEK> lol
<AZTEK> $result= mysql_query("SELECT * FROM news ORDER BY id DESC);
<SpiderMan> in fact if you want to get the error mysql gives you, you can use the function mysql_error()
<AZTEK> now we query the database asking for all info in the databse news and we want it ordered by the id feild decending
<AZTEK> you forgot your "
*** SySt3mShk has left #bsrf
<AZTEK> $result= mysql_query("SELECT * FROM news ORDER BY id DESC");
*** SySt3mShk has joined #bsrf
<SpiderMan> heh whoops
<AZTEK> <SpiderMan> while($row= mysql_fetch_array($result)) {
<AZTEK> <SpiderMan> $news= $row["NEWS"];
<AZTEK> <SpiderMan> $id= $row["ID"];
<AZTEK> *** divinator (Oper@box.sk) Quit (Ping timeout: 180 seconds)
<AZTEK> <SpiderMan> echo "id= $id<br>";
<AZTEK> *** N0_Nick (hgfhf@202.179.171.BOX-24341) Quit (Ping timeout: 180 seconds)
<AZTEK> <SpiderMan> echo "news= $news<br>";
<AZTEK> <SpiderMan> }
<SpiderMan> that says while there are rows to fetch, get them
<AZTEK> here we are looping
<AZTEK> yea
-d4J1nX- I have to go here, going out, I will speak soon
*** UnHaFox has left #bsrf
<AZTEK> $row becomes a hask array with the column names as identifiers
-d4J1nX- say bye for meeee
<SpiderMan> hash array*
<AZTEK> yea hash
*** d4J1nX has quit IRC (Quit: )
<AZTEK> and echo is self explainatory
<SpiderMan> yeah
<SpiderMan> just print it out
*** UnHaFox has joined #bsrf
<AZTEK> thats about it
<SpiderMan> when the script finishes the connection to the db will close
<SpiderMan> also just a tip
<AZTEK> now
<SpiderMan> if you are using larger scripts
<SpiderMan> use mysql_pconnect()
*** AZTEK sets mode: -m
<SpiderMan> it will save memory
<AZTEK> for persestant connection
<UnHaFox> ah=)
<AZTEK> so they wont keep connecting with each user
*** divinator has joined #bsrf
<reptile> ;)
<UnHaFox> ?
<SpiderMan> so questions?
<freakOVER[away]> lol rep
<_ciR_> oh
<_ciR_> lets kill reptile
<_ciR_> lol
<divinator> yo
<AZTEK> now i guess Mikkkeee will cover hacking sql
<BaGeL> sup div
<_ciR_> he didnt show up
<UnHaFox> yes i have one, but this one doent concern this subject, so can i ask it?
<Mikkkeee> you guys are done?
<AZTEK> yea
<reptile> ;()
<SpiderMan> UnHaFox: uh...depends on what it is
<UnHaFox> can i ask?
<AZTEK> well d4jinx isn't here for perl :(
<Mikkkeee> well reptile said he was late but shit lets do my section and then do one or two of his lectures
<UnHaFox> its not a stupid one
<reptile> juz ask UnHaFox
<pixel_chomp> did anyone log this ?
<Mikkkeee> i got the log
<freakOVER[away]> i did
<freakOVER[away]> i got the logs
<freakOVER[away]> i'll send'em to u
<freakOVER[away]> :P
<_ciR_> k
<AZTEK> this will be one huge ass log
<Mikkkeee> okay i'll cut up the log
<AZTEK> and i will probably end up converting it
<Mikkkeee> shit 3 lectures
<Mikkkeee> lol
<SpiderMan> hahah
<freakOVER[away]> yea
<SpiderMan> there is so much more to cover
<freakOVER[away]> we'll have to divide it
<Mikkkeee> i'll spend the weekend doing that
<freakOVER[away]> :P
*** AZTEK sets mode: +m
<Mikkkeee> lol
<AZTEK> yea spidys right
<SpiderMan> UnHaFox never got to ask his question
*** SpiderMan sets mode: -m
<AZTEK> we barely scratched the surface
<SpiderMan> ask quickly
<UnHaFox> ok, how can i change the version reply of mirc? successfully changed one of the version replies, but not the first one..... (where it say micr 5.81) or soemthing like that?
<UnHaFox> thx
<SpiderMan> heh with my I just hex it
<reptile> UnHaFox:wait for the mirc scriptin lecture
<reptile> :)
<mezzano> off topic! ;)
<Mikkkeee> what version reply? read the irc war tutorial
<UnHaFox> ok
<UnHaFox> sorry
<Mikkkeee> i covered that section
<Mikkkeee> okay let me do my section then reptile can do his lecture
<reptile> *maybe* ill cover hexing the mirc client
<Mikkkeee> which are you doing reptile?
<SpiderMan> heh
<Mikkkeee> heh
<SpiderMan> guys for more info on php+sql go to www.php.net
<SpiderMan> and look at their docs
<UnHaFox> ok only use a hex editor, and find this entry, ok thx guys
<Mikkkeee> lol
<reptile> Mikkkeee:vb,vb advanced,vb super advanced,api and shit,mirc scriptin,*maybe* haxoring the mirc ckuebt
<SpiderMan> UnHaFox: for an example version me
<Mikkkeee> okay lets do the cracking sql section
<freakOVER[away]> lol
<reptile> *client
*** Mikkkeee sets mode: +m
*** Mikkkeee sets mode: +v reptile
<Mikkkeee> okay iam going to talk a bit about breaking into ms sql servers for versions 6.5 and 7.0
<reptile> tankies
<Mikkkeee> via tcp/ip on port 1433.
<Mikkkeee> many ms sql servers run on port 1433,
<Mikkkeee>  if they are not configured to run on another tcp port. Many scanners can
<Mikkkeee> tell you the running sevice on the open port
<Mikkkeee> and what service is running
<Mikkkeee> ie- Retina from eEye and whatever you use.
<Mikkkeee> so now
<Mikkkeee> lets begin with the brute force attack
<Mikkkeee> - many or most databases have some default and well known passwords.
<Mikkkeee>  usually the system admin accounts can not be changed in many of the commercial databases,
<Mikkkeee> so thats a good thing for us. "sys" for ORACLE and "sa" for SQL server cannot be changed.
*** Azido has quit IRC (Ping timeout: 180 seconds)
<Mikkkeee> There is no password lockout that is avaiable for sql server.
<Mikkkeee> one fault that is quite amusing is that sql sever doesn't not require a strong password.
<Mikkkeee> While we know this for a fact its is very trivial and at the same time eazy to use  brute force attacks against the database
<Mikkkeee> server with nothing standing in our way that can prevent us from trying to break it to the highest lvl.
<Mikkkeee> -okay let me name one good brute forcer.
<Mikkkeee> goto packetstorm and search for sqlbf
<Mikkkeee> if there are any better ones then try those.
<Mikkkeee> Lets say you have cracked into the database, well once your in the game begins.
<Mikkkeee> lets start with system compromise by using extended procedure, for v6.5
<Mikkkeee> Many systems have very powerful feature
<Mikkkeee> s
<Mikkkeee> convieniet to DATABASES
<Mikkkeee> but are going to be our backdoors into the database server host.
<Mikkkeee> =usually many databases because of lazy admins have no password,
<Mikkkeee> this case the "sa" account, usually the admin is a lazy bum and has not put a password.
*** pixel_chomp has quit IRC (Quit: type /quit newbie status to become an op)
<Mikkkeee> -so now anyway once we get the password our aim moves to takeing over the os, which usually is an nt box.
<AZTEK> hi-ho hi-ho its off to code i go
*** AZTEK is now known as AZTEK[coding]
<Mikkkeee> hehe
<Mikkkeee> -by logging in as "sa" the attacker has the use of the extended stored procedure which is "xp_cmdshell",
<Mikkkeee> this will allows an sql server user or attacker to run an dos cammand as if he is that person running the cammand at the console.
<Mikkkeee> one thing the attacker can do
<Mikkkeee> is add a  user into windows nt account
<Mikkkeee> and then can do it to the admin group.
*** Artist has joined #bsrf
<Mikkkeee> to do this
<Mikkkeee> they would type
<Mikkkeee> :
<Mikkkeee> Xp_cmdshell'net user hacker 678re0 /ADD'
<Mikkkeee> now the attacker
*** Shadow_Stalker has quit IRC (Quit: May the force be with you :-))
<Mikkkeee> just added a user hacker with the password 678re0
<Mikkkeee> hehe nice password.
<reptile> how cool
<reptile> wouldnt this be cracking?
<Mikkkeee> now lets add it to the administrators group.
<Mikkkeee> there in
<Mikkkeee> already they are backdooring the box
<Mikkkeee> they would type:
<Mikkkeee> Xp_cmdshell 'net localgroup /ADD Administrators hacker;
<Mikkkeee> haha now hacker has become an NT administrator,
<Mikkkeee> the reason this has worked is because the commnads are being sumbitted to the os using the nt account under which the sql server is being run,
<Mikkkeee> this is local system account
<Mikkkeee> which is the most powerful local account on the nt box.
<Mikkkeee> -Another very good attack is to compromise the nt box by reading the sam._ file
<Mikkkeee> under the winnt/repair/sam._  and
<Mikkkeee> cracking the hashed password using the cracking tool
<Mikkkeee> l0phtCrack
<Mikkkeee> that tool is a work of art
<Mikkkeee> Lets do this then,
<Mikkkeee> we will need to use the exteded stored procedurer,
<Mikkkeee> xp_regread which is from the registry.
<Mikkkeee> so what are we waiting for lets get that little sam file.
<Mikkkeee> we were going to read the passord out of the registry
<Mikkkeee> so now if your a lazy attacker
<Mikkkeee> you might want to use a canned tool, ahh let me name a good one, goto
<Mikkkeee> packetstrom and d/l SQLPOKE.
<Mikkkeee> now lets talk about other procedures
<Mikkkeee> -attacking the database/ gaining the password local compromise.
<Mikkkeee> well the sa password is stored in clear text
<Mikkkeee> so if you got local access goto
<Mikkkeee> lol
<reptile> mikkkeee is there a way to determine if a server is runnin SQL?
*** elite has quit IRC (Quit: )
<Mikkkeee> above i talked about the scanner from  eEye
<reptile> retina?
<Mikkkeee> yup
<reptile> that costs $30k dude
*** Lone[Star] has joined #bsrf
<reptile> ;(
<Mikkkeee> haha pay
<Mikkkeee> lol
<Mikkkeee> the VER might be different well thats the path and the password is stored as clear txt so you shouldn't have a hard time to obtain it.
<Mikkkeee> - another attack if the system is not secured usually its not.
<Mikkkeee> one method is to scan the host for smb ports (tcp 139, udp, 137 and 138)
<Mikkkeee> nt uses them for smb ports to communicate.
<reptile> tankies
<Mikkkeee> these should be closed by a firewall but you can belucky.
<reptile> im off to writing a simple scanner for this
<Mikkkeee> to attack the nt box using this attack you can chk out rhino9
<reptile> ;)
*** d3molisher has joined #bsrf
<Mikkkeee> i belive we got an nt tutorial at the tuts page in blacksun
<Mikkkeee> -well now you know that both usernames/passwords and
<reptile> Another good hole in very bad nt machines is the front page vti thing
<Mikkkeee> data is usually sent unencrypted so that means you guessed it can be sniffeed.
*** Devil_Panther has quit IRC (Quit: LOL = Lamers On-Line (®©, and all the other lame legal shit))
<Mikkkeee> nice /quit msg
<Mikkkeee> yah the chances are slim
<Mikkkeee> like finding phf vul pages
<Mikkkeee> but you never know
<Mikkkeee> Another method is keyloggers,
<Mikkkeee> god blessssss the loggers
<angel> hi Mikkkeee:)))
<Mikkkeee> get a good one from www.keyloggers.com
<Mikkkeee> hey angel
<angel> whats up?
<Mikkkeee> the best one against nt is called i think stealth keyloger its the best  well the sharewares ones kick ass. get those.
<Mikkkeee> usually the shareware ones are called legit loggers so i don't think AV scanners pick up those
<Mikkkeee> but they might
<Mikkkeee> .
*** BaGeL has quit IRC (Quit: Twenty-two points, plus triple word score, plus 50 points for using all my letters. Game's over, I'm outta here. -Kwyjibo)
<Mikkkeee> now let me talk a little about securing and we can goto the other lecture
<Mikkkeee> well one thing you can do to protect your self if your running a dbs is to \:
<Mikkkeee> 1-click the encyption option,
<Mikkkeee> that isn't done by default so you got to do that in order to encytp it so that could make snifferes useless,
<Mikkkeee> 2- make sure your got a good firewall setup this is good for the smb ports and against the portscanners.
<Mikkkeee> 3-multi protocol
<Mikkkeee> will let you use random tcp ports by default or you can use fixed ports to ease firewall rulz.
*** _acid519- has quit IRC (Ping timeout: 180 seconds)
<Mikkkeee> 4-if you can try to use muti protocol and enable encryption
<Mikkkeee> if not then try to use ip sockest,
<Mikkkeee> change the default ports and install some good firewall.
*** Artist has quit IRC (Quit: Leaving)
<SpiderMan> Checkpoint Firewall-1 is a good choice
<Mikkkeee> 5-Use a  COM component or a webserver,
<Mikkkeee> as the business obj layer.
<Mikkkeee> okay done
<Mikkkeee> any questions
*** Mikkkeee sets mode: -m
<suspect> *clap *clap *clap *clap *clap *clap *clap *clap
<S7> nope
<Mikkkeee> if none reptile which are you going to do next?
<freakOVER[away]> VB!
<freakOVER[away]> :)
*** freakOVER[away] is now known as freakOVER
<SySt3mShk> bv
<SySt3mShk> vb
<reptile> w00t
<SpiderMan> aw, AZTEK and I didn't get a nice thing like that
<TCL> nooooo! not VB!
<reptile> now
<freakOVER> :)
<reptile> what do u ppl wanna start with vb/mirc scripting?
<Mikkkeee> so if no questions this is the end of the sql lecture
<reptile> *clap *clap *clap *clap *clap *clap *clap *clap
<Mikkkeee> --------------------END OF LECTURE----------------