Welcome!

Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!

Join Today!

Hacking SQL with Server IP Only?

Initiate Mage
Joined
Apr 16, 2021
Messages
11
Reaction score
2
Yes, even without knowing the password or login, the guy managed to send and edit items.

I don't have a website and the SQL port is filtered for local access only.

How is this possible?

DbN8W5f - Hacking SQL with Server IP Only? - RaGEZONE Forums
 

Attachments

You must be registered for see attachments list
Joined
Jul 24, 2011
Messages
805
Reaction score
606
Yes, even without knowing the password or login, the guy managed to send and edit items.

I don't have a website and the SQL port is filtered for local access only.

How is this possible?

DbN8W5f - Hacking SQL with Server IP Only? - RaGEZONE Forums

That what you saying is impossible. Did you checked the sent mail table and cash item history?
 

Attachments

You must be registered for see attachments list
Upvote 0
Initiate Mage
Joined
Apr 16, 2021
Messages
11
Reaction score
2
That what you saying is impossible. Did you checked the sent mail table and cash item history?

Yes I checked the history, and that's not it. He showed me that he can create characters too (within accounts I created), so I assume he can execute SQL commands.

I spoke to him on discord and he told me he can do this if port 38180 or 38181 (I can't remember for sure which one) is open. I closed those ports on the firewall and asked him to try again, and apparently he couldn't. But I don't know if I can trust him.

There's no way to be brute force because my login and password are about 10 characters long, including special symbols, and my SQL port is not the default. Also, I changed the password and he got it quickly.

It also showed me that it can crash channels, but I used that thread and blocked some packets like ''e2b70e0000000000..'' and apparently fixed it.
 
Last edited:
Upvote 0
Initiate Mage
Joined
Apr 16, 2021
Messages
11
Reaction score
2
Why would you keep GlobalDBAgent port open?????

There is a reason why only these ports suppose to be open:
- 80 - HTTP
- 443 - HTTPS
- 1433 - Database
- 38101 - LoginSvr
- 38121 - Chatnode
- 38151 - AgentShop
- 38111 - 38116 - Channels*
- 38126 - War [170-190]*

Yeah, I didn't think something like that was possible... not on this level. :p
 
Upvote 0
Joined
Jul 24, 2011
Messages
805
Reaction score
606
Why would you keep GlobalDBAgent port open?????

There is a reason why only these ports suppose to be open:
- 80 - HTTP
- 443 - HTTPS
- 1433 - Database
- 38101 - LoginSvr
- 38121 - Chatnode
- 38151 - AgentShop
- 38111 - 38116 - Channels*
- 38126 - War [170-190]*

Also if you have to open Port 22 and 1433 than IP filter and if you want better protection than certification authentication is recommended.
 
Upvote 0
Initiate Mage
Joined
Jun 10, 2021
Messages
2
Reaction score
0
It's crazy that we can do stuff like this. I always wanted to learn how to hack, but it takes too much time to learn everything, and I got bored after a while. That might be just me being lazy, but it wasn't for me. Still, I needed a hacker's services a few times, and you can find people who offer online.
This makes everything much easier because I don't have to do it myself. You might worry about security when hiring a hacker. Still, if you hire them from the right place, like Nobelium hackers, you won't have problems like that.
 
Last edited:
Upvote 0
Back
Top