Metasploit mailing list archives
Re: usefulness of this tool
From: neil-on-metasploit at restricted.dyndns.org (Neil)
Date: Fri, 17 Sep 2004 11:50:51 -0500
H D Moore writes:
Both of the MSSQL exploits apply to SQL Server 2000 or MSDE prior to SP3. The resolution overflow uses the UDP protocol, whereas the "hello" bug uses TCP. I prefer to use the resolution bug, because of the broadcast and spoofability features of UDP.
Ok, I was reading the archive about exploit sql2000 specifically using the win32 adduser payload. So if my exploit was successful, will it add a user on the target sql2000 server? If I am correct, what database will it have access to(master, ...etc)? Thanks. Neil
Current thread:
- usefulness of this tool Neil (Sep 16)
- <Possible follow-ups>
- usefulness of this tool jerome.athias at caramail.com (Sep 16)
- Re: usefulness of this tool Neil (Sep 16)
- Re: usefulness of this tool H D Moore (Sep 17)
- Re: usefulness of this tool Neil (Sep 17)
- Re: usefulness of this tool netmask (Sep 17)
- Re: usefulness of this tool Neil (Sep 17)
- Re: usefulness of this tool lists at syn-recon.net (Sep 17)
- Re: usefulness of this tool Neil (Sep 16)
- Re: usefulness of this tool Neil (Sep 17)
- Re: usefulness of this tool Neil (Sep 17)