Jump to content

Recommended Posts

  • 3 weeks later...
Posted

Only an idiot would make an account called admin. And only an idiot would not password their SQL, and their Navicat. And only an idiot will leave an account with admin user, and blank password. If you are in any of those categories, God Speed!

Posted

how we know that  it is not a virus.how i am sure?

 

Because the share was posted from a global moderator

which i highly doubt he would post anything "infected".

Besides if you are not even bothered checking what this

does don't reply at all because from your replies it is prety

obvious that you are trying to spam.

 

PS:I believe that the 45% of the servers are from "lame" teenagers

that use preconfigured packs.They use a database with user and pass "root".

Isn't there a way to hack their database from just adding their ip in the configs and

enter their database? :)? (I'm not sure what i am saying makes sense but i have seen

friends of mine setting up a database i don't really bother with l2 developing... and as

i tried i saw at the config files that there was options and ips where you connect to your

database... learn their user and database info and get their ip and i believe that you

are going to find a way to hack them :) Be creative :D)

 

Reply if this makes any sense at all... i'm curius to find out :)

Posted

Jesus wtf?! This is NOT an exploit. It's just a program that tries as many possible variables of a username/password.

 

Three things that sql servers check for

Username

Password

Host that's logging in (whitelist)

 

If your username/password are incorrect AND if you are not comming from the ip specified in the host it will reject your connection.

 

Even if somehow magically the admin is a fucking idiot and has username root and password fuckmeImdumb there is a high chance he will have allowed ip with 127.0.0.1 which means NOONE but him from localhost can connect to mysql. If you do have all of those opened to public then you deserve to be shot on sight.

 

But lets say he does have % on host origin and username root. In case his password is consisted of something like this 34%V#4t3gc3$G34t the bruteforce will NEVER figure it out. Well, maybe in a couple of years...

Posted

But lets say he does have % on host origin and username root. In case his password is consisted of something like this 34%V#4t3gc3$G34t the bruteforce will NEVER figure it out. Well, maybe in a couple of years...

Hahah! Sad but true!

 

The majority of l2j servers are set to "%" and not to localhost(naabs adminz).

  • 3 weeks later...
Posted

Ech.... dont work for me...

 

I think u need -1 karma, this is the second post that u make like that.

 

:s !

 

BtW XxRxX Great Sharing !! :)

  • 2 weeks later...
  • 3 weeks later...
  • 2 weeks later...
Posted

Oh yes I forgot that you can change localhost to an IP and connect to it Smiley

Thanks hax0r ;]

 

I'am going to find a guide for it, if I do I will post it somewhere =]

 

Google Ftw Wink

 

SQLPing right? Or should I search for teh bruter hax0r gave? Cheesy

 

I downloaded both but I've done more things with Bruter I think but no passwordlist and userlist -.-

 

Have fun Cheesy Let the hack be with us Cheesy

Guest
This topic is now closed to further replies.

×
×
  • Create New...