Dangerous extension deletion and recovery code of sqlserver Database

Source: Internet
Author: User

Once met, almost crazy, a friend installed MSSQL, hurry and try to delete the following components. of course, the premise is that you have to delete your own database, otherwise many functions will not be available after the component is deleted. To ensure security, you have to sacrifice some functions. Of course, for me, I used MSSQL less than twice a year, so I will not hesitate to delete it.

I. Delete the SQL process with security issues. It is comprehensive. Everything is safe!

The permission to corrupt shell, registry, and COM components is deleted.

Ms SQL Server2000
Log on to the query analyzer using a system account
Run the following script CopyCode The Code is as follows: use master
Exec sp_dropextendedproc 'xp _ export shell'
Exec sp_dropextendedproc 'xp _ enumgroups'
Exec sp_dropextendedproc 'xp _ loginconfig'
Exec sp_dropextendedproc 'xp _ enumerrorlogs'
Exec sp_dropextendedproc 'xp _ getfiledetails'
Exec sp_dropextendedproc 'SP _ oacreate'
Exec sp_dropextendedproc 'SP _ oadestroy'
Exec sp_dropextendedproc 'SP _ oageterrorinfo'
Exec sp_dropextendedproc 'SP _ oagetproperties'
Exec sp_dropextendedproc 'SP _ oamethod'
Exec sp_dropextendedproc 'SP _ oasetproperties'
Exec sp_dropextendedproc 'SP _ oastop'
Exec sp_dropextendedproc 'xp _ regaddmultistring'
Exec sp_dropextendedproc 'xp _ regdeletekey'
Exec sp_dropextendedproc 'xp _ regdeletevalue'
Exec sp_dropextendedproc 'xp _ regenumvalues'
Exec sp_dropextendedproc 'xp _ regremovemultistring'
Exec sp_dropextendedproc 'xp _ regwrite'
Drop procedure sp_makewebtask

Delete all dangerous extensions.
Exec sp_dropextendedproc 'xp _ export shell' [after this extension is deleted, the database cannot be remotely connected]
The following three stored procedures will be used when SQL Server recovers the backup. Do not delete them unless necessary.
# Exec sp_dropextendedproc 'xp _ dirtree '[after this extension is deleted, the database cannot be created or attached]
# Exec sp_dropextendedproc 'xp _ regread '[restore the database after deleting this extension]
# Exec sp_dropextendedproc 'xp _ fixeddrives '[The database cannot be restored after this extension is deleted]

Recovery script
Copy code The Code is as follows: use master
Exec sp_addextendedproc xp_cmdshell, @ dllname = 'loglog70. dll'
Exec sp_addextendedproc xp_enumgroups, @ dllname = 'loglog70. dll'
Exec sp_addextendedproc xp_loginconfig, @ dllname = 'loglog70. dll'
Exec sp_addextendedproc xp_enumerrorlogs, @ dllname = 'xpstar. dll'
Exec sp_addextendedproc xp_getfiledetails, @ dllname = 'xpstar. dll'
Exec sp_addextendedproc sp_oacreate, @ dllname = 'odsole70. dll'
Exec sp_addextendedproc sp_oadestroy, @ dllname = 'odsole70. dll'
Exec sp_addextendedproc sp_oageterrorinfo, @ dllname = 'odsole70. dll'
Exec sp_addextendedproc sp_oagetproperty, @ dllname = 'odsole70. dll'
Exec sp_addextendedproc sp_oamethod, @ dllname = 'odsole70. dll'
Exec sp_addextendedproc sp_oasetproperty, @ dllname = 'odsole70. dll'
Exec sp_addextendedproc sp_oastop, @ dllname = 'odsole70. dll'
Exec sp_addextendedproc xp_regaddmultistring, @ dllname = 'xpstar. dll'
Exec sp_addextendedproc xp_regdeletekey, @ dllname = 'xpstar. dll'
Exec sp_addextendedproc xp_regdeletevalue, @ dllname = 'xpstar. dll'
Exec sp_addextendedproc xp_regenumvalues, @ dllname = 'xpstar. dll'
Exec sp_addextendedproc xp_regremovemultistring, @ dllname = 'xpstar. dll'
Exec sp_addextendedproc xp_regwrite, @ dllname = 'xpstar. dll'
Exec sp_addextendedproc xp_dirtree, @ dllname = 'xpstar. dll'
Exec sp_addextendedproc xp_regread, @ dllname = 'xpstar. dll'
Exec sp_addextendedproc xp_fixeddrives, @ dllname = 'xpstar. dll'

Copy all to "SQL query analyzer"

Click -- "query" -- "execute" on the menu to delete the SQL process with security issues.

2. SQL Server 2000 has been prone to many vulnerabilities
Some time ago, my own server experienced a temporary SQL stored procedure vulnerability.
Vulnerability Extension: xp_dirtree Stored Procedure

Beforehand: A recent vulnerability was discovered on the SQL server.
Just a few days ago, nothing happened. I used the SQL injection tool of Alibaba Cloud to inject the website on my server, by accident, we found that MSSQL can be used to obtain all directories on the server (my server has made security settings, then, a packet capture tool is installed on the server to capture the SQL server packets. The tool is used to connect to the SQL vulnerability xp_dirtree to read the Directory and obtain the entire server directory, for example, listing the directory on drive C will list all the directories on drive C, which is very insecure. Currently, we can only investigate and handle the directory wearing things. You can imagine that, if you want to modify a boot. INI overwrites the boot of drive C. what is the concept of ini? First, it can lead to service paralysis and cannot read the system.
Solution: delete xp_dirtree. The command is sp_dropextendedproc 'xp _ dirtree'
After deleting the preceding component, you are using a D or any SQL injection tool.

Here we also provide you with some other dangerous SQL stored procedures.
Recommended to delete

[Note: All operations to delete the SQL stored procedure must be performed in the MSSQL query analyzer. Which of the following statements follow the stored procedure name followed by the command to delete the stored procedure?]

First, list dangerous internal storage processes:

xp_mongoshell sp_dropextendedproc 'xp _ shortshell'
xp_regaddmultistring sp_dropextendedproc 'xp _ regaddmultistring'
xp_regdeletekey sp_dropextendedproc 'xp _ regdeletekey'
xp_regdeletevalue sp_dropextendedproc 'xp _ regdeletevalue '
xp_regenumkeys sp_dropextendedproc 'xp _ regenumkeys '
xp_regenumvalues sp_dropextendedproc 'xp _ regenumvalues'
xp_regread sp_dropextendedproc 'xp _ regread '
xp_regremovemultistring sp_dropextendedproc 'xp _ regremovemultistring '
xp_regwrite sp_dropextendedproc 'xp _ regwrite'

ActiveX script:

Sp_oacreate Sp_dropextendedproc 'SP _ oacreate'
Sp_oadestroy Sp_dropextendedproc 'SP _ oadestroy'
Sp_oamethod Sp_dropextendedproc 'SP _ oamethod'
Sp_oagetproperty Sp_dropextendedproc 'SP _ oagetproperties'
Sp_oageterrorinfo Sp_dropextendedproc 'SP _ oageterrorinfo'
Sp_oastop Sp_dropextendedproc 'SP _ oastop'

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.