[HELP] Brute force

[Szakalaka]

Server http://l2spartacus.com/

 

I am using d4t4b4s3 cr4ck3r 1.2

After few minutes it said password, but when i try to connect i get 1045 access denied for user root@MyWanIp (using password YES)

 

Any1 know what next? Or its impossible since gameserver and website has the same ip, so there isnt remote access to SQL databse?

 

 

 

hmm i cant get a password to my own local database using this program... wtf it simply passes "root" whioch is the pass Oo

 

And other question: Is there any way to see if the database allows to conenct from other computers? If not, whats the result of brute force? it will give password but i wont be able to connect?

[nanc123]

mmm...im new in maxcheaters's family..so im gonna start with a HI :) ... we'll these brute force tools are kinda "expired" imo...the tip i can give to ya is to check that website's vulnerability....and if its vulnerable to sql injection u're gonna be GG! ... most private l2 servers got crappy protection on websites...download backtrack 5 ... check some tutorials on youtube about sql injection ... and their hole database will be yours (including acc/pass / email and all stuffs that are required when u register an account...to be honest..u're kinda loosing time with that brute force...bcz for a complex passowrd which includes numbers and !@#$% ... its gonna take years to decript ^_^... so the best sollution to get all the accounts from that server is sql injection -> hack the website and their database is yours :D...hope this is gonna help ya :P

[~Grey Hat~]

I have a good tutorial for downloa backtrack in hacking section! i have also guides for sql injection in greek language!

[Szakalaka]

k guys, but 99.999% of l2sites are sql inejction protected.... could u say smth about "backtrack' program?

[~Grey Hat~]

k guys, but 99.999% of l2sites are sql inejction protected.... could u say smth about "backtrack' program?

What kind of ?

[Szakalaka]

sql injection, for example when i see any pvp stats i add ' char to link, nothing happens,no error. Cant generate any error on ony of l2server site, in any section, trying many ways

[~Grey Hat~]

sql injection, for example when i see any pvp stats i add ' char to link, nothing happens,no error. Cant generate any error on ony of l2server site, in any section, trying many ways

Hmm accorded to researches , 50-60% of websites are vulverable to sql injection my friend :) The only thing you have to do is , to find the path ..There are a lot of programs which can do that instead of you :) Such as, webcruiser or NetsParker ..I also have a netsparker guide in hacking section in greek language, i could translate it to you if you want :)

[Szakalaka]

GreyHat, it would be great if u:1. translate and add some own experience, 2. Show how u use it on one server. Thanx in advance

 

Could u send me any link to l2server site which is vulnerable to try if i can do something? If u say its 50-60% it wouldnt be hard

[~Grey Hat~]

GreyHat, it would be great if u:1. translate and add some own experience, 2. Show how u use it on one server. Thanx in advance

 

Could u send me any link to l2server site which is vulnerable to try if i can do something? If u say its 50-60% it wouldnt be hard

http://l2.trancegaming.com/ check this site..100% vulverable

[Szakalaka]

Got the vulenrable point, thx. To be honest i checked like 100 sites and didnt find evern one vulnerable point... i know methods only when on website are endings like id=?31 so i add symbol ' to make id=?31' and it generates error on website, then its vulnerable. But are there other methods? Any ideas? PM please

 

 

It seems like i got only website side DB and tables, the website didnt lead me to serverDB

[~Grey Hat~]

Got the vulenrable point, thx. i know methods only when on website are endings like id=?31 so i add symbol ' to make id=?31' and it generates error on website, then its vulnerable. But are there other methods? Any ideas? PM please

 

 

It seems like i got only website side DB and tables, the website didnt lead me to serverDB

Well ,there are some programms which detect the vulverable places themselves..Such as WebCruiser or Netsparker..I have a guide on how to find vulverable places in a website by using Netsparker,but it is in greek language...You can download Netsparker via google !It's very easy to use..you just copy and paste the url link from the page in the scan place ,and then the programm is scanning for vulverable places..if it finds any vulverable place it shows you the url place.. !

[Szakalaka]

im using webcruiser, it very very often gives me "post sql injection" but nothing happens then. Also using havij to finish the job

[~Grey Hat~]

im using webcruiser, it very very often gives me "post sql injection" but nothing happens then. Also using havij to finish the job

Well ,you can not always inject a website ..It's better to use BackTrack Software to make sql injection..Havij is a good program but if you have the demo version your abilities are low

[Szakalaka]

thx it was rly helpfull. lets see what am i able to do

 

 

By the way, what are ur steps to make a successful injection? I mean when u get a site, what u start with what then ans next?

Is it something like a typical pattern, u enter site check subsites,link and u know that it is vulenrable?

[~Grey Hat~]

thx it was rly helpfull. lets see what am i able to do

Νp.. :) Pm me or reply here for anything you need..ciao