Metasploit mailing list archives

Re: usefulness of this tool

From: neil-on-metasploit at restricted.dyndns.org (Neil)
Date: Fri, 17 Sep 2004 11:50:51 -0500

H D Moore writes:


Both of the MSSQL exploits apply to SQL Server 2000 or MSDE prior to SP3. 
The resolution overflow uses the UDP protocol, whereas the "hello" bug 
uses TCP. I prefer to use the resolution bug, because of the broadcast 
and spoofability features of UDP.


Ok, I was reading the archive about exploit sql2000 specifically using the 
win32 adduser payload. So if my exploit was successful, will it add a user 
on the target sql2000 server? If I am correct, what database will it have 
access to(master, ...etc)? 

Thanks. 

Neil

Current thread:

usefulness of this tool Neil (Sep 16)
- <Possible follow-ups>
- usefulness of this tool jerome.athias at caramail.com (Sep 16)
  - Re: usefulness of this tool Neil (Sep 16)
    - Re: usefulness of this tool H D Moore (Sep 17)
    - Re: usefulness of this tool Neil (Sep 17)
    - Re: usefulness of this tool netmask (Sep 17)
    - Re: usefulness of this tool Neil (Sep 17)
    - Re: usefulness of this tool lists at syn-recon.net (Sep 17)
    - Re: usefulness of this tool Neil (Sep 17)
- Re: usefulness of this tool jerome.athias at caramail.com (Sep 17)
- usefulness of this tool Jose Alejandro Sanchez Ortega (Sep 17)
  - Re: usefulness of this tool Neil (Sep 17)