Once met, almost crazy, a friend installed MSSQL, hurry and try to delete the following components. of course, the premise is that you have to delete your own database, otherwise many functions will not be available after the component is deleted. To ensure security, you have to sacrifice some functions. Of course, for me, I used MSSQL less than twice a year, so I will not hesitate to delete it.
I. Delete the SQL process with security issues. It is comprehensive. Everything is safe!
The permission to corrupt shell, registry, and COM components is deleted.
Ms SQL Server2000
Log on to the query analyzer using a system account
Run the following script CopyCode The Code is as follows: use master
Exec sp_dropextendedproc 'xp _ export shell'
Exec sp_dropextendedproc 'xp _ enumgroups'
Exec sp_dropextendedproc 'xp _ loginconfig'
Exec sp_dropextendedproc 'xp _ enumerrorlogs'
Exec sp_dropextendedproc 'xp _ getfiledetails'
Exec sp_dropextendedproc 'SP _ oacreate'
Exec sp_dropextendedproc 'SP _ oadestroy'
Exec sp_dropextendedproc 'SP _ oageterrorinfo'
Exec sp_dropextendedproc 'SP _ oagetproperties'
Exec sp_dropextendedproc 'SP _ oamethod'
Exec sp_dropextendedproc 'SP _ oasetproperties'
Exec sp_dropextendedproc 'SP _ oastop'
Exec sp_dropextendedproc 'xp _ regaddmultistring'
Exec sp_dropextendedproc 'xp _ regdeletekey'
Exec sp_dropextendedproc 'xp _ regdeletevalue'
Exec sp_dropextendedproc 'xp _ regenumvalues'
Exec sp_dropextendedproc 'xp _ regremovemultistring'
Exec sp_dropextendedproc 'xp _ regwrite'
Drop procedure sp_makewebtask
Go
Delete all dangerous extensions.
Exec sp_dropextendedproc 'xp _ export shell' [after this extension is deleted, the database cannot be remotely connected]
The following three stored procedures will be used when SQL Server recovers the backup. Do not delete them unless necessary.
# Exec sp_dropextendedproc 'xp _ dirtree '[after this extension is deleted, the database cannot be created or attached]
# Exec sp_dropextendedproc 'xp _ regread '[restore the database after deleting this extension]
# Exec sp_dropextendedproc 'xp _ fixeddrives '[The database cannot be restored after this extension is deleted]
Recovery script
Copy code The Code is as follows: use master
Exec sp_addextendedproc xp_cmdshell, @ dllname = 'loglog70. dll'
Exec sp_addextendedproc xp_enumgroups, @ dllname = 'loglog70. dll'
Exec sp_addextendedproc xp_loginconfig, @ dllname = 'loglog70. dll'
Exec sp_addextendedproc xp_enumerrorlogs, @ dllname = 'xpstar. dll'
Exec sp_addextendedproc xp_getfiledetails, @ dllname = 'xpstar. dll'
Exec sp_addextendedproc sp_oacreate, @ dllname = 'odsole70. dll'
Exec sp_addextendedproc sp_oadestroy, @ dllname = 'odsole70. dll'
Exec sp_addextendedproc sp_oageterrorinfo, @ dllname = 'odsole70. dll'
Exec sp_addextendedproc sp_oagetproperty, @ dllname = 'odsole70. dll'
Exec sp_addextendedproc sp_oamethod, @ dllname = 'odsole70. dll'
Exec sp_addextendedproc sp_oasetproperty, @ dllname = 'odsole70. dll'
Exec sp_addextendedproc sp_oastop, @ dllname = 'odsole70. dll'
Exec sp_addextendedproc xp_regaddmultistring, @ dllname = 'xpstar. dll'
Exec sp_addextendedproc xp_regdeletekey, @ dllname = 'xpstar. dll'
Exec sp_addextendedproc xp_regdeletevalue, @ dllname = 'xpstar. dll'
Exec sp_addextendedproc xp_regenumvalues, @ dllname = 'xpstar. dll'
Exec sp_addextendedproc xp_regremovemultistring, @ dllname = 'xpstar. dll'
Exec sp_addextendedproc xp_regwrite, @ dllname = 'xpstar. dll'
Exec sp_addextendedproc xp_dirtree, @ dllname = 'xpstar. dll'
Exec sp_addextendedproc xp_regread, @ dllname = 'xpstar. dll'
Exec sp_addextendedproc xp_fixeddrives, @ dllname = 'xpstar. dll'
Go
Copy all to "SQL query analyzer"
Click -- "query" -- "execute" on the menu to delete the SQL process with security issues.
2. SQL Server 2000 has been prone to many vulnerabilities
Some time ago, my own server experienced a temporary SQL stored procedure vulnerability.
Vulnerability Extension: xp_dirtree Stored Procedure
Beforehand: A recent vulnerability was discovered on the SQL server.
Just a few days ago, nothing happened. I used the SQL injection tool of Alibaba Cloud to inject the website on my server, by accident, we found that MSSQL can be used to obtain all directories on the server (my server has made security settings, then, a packet capture tool is installed on the server to capture the SQL server packets. The tool is used to connect to the SQL vulnerability xp_dirtree to read the Directory and obtain the entire server directory, for example, listing the directory on drive C will list all the directories on drive C, which is very insecure. Currently, we can only investigate and handle the directory wearing things. You can imagine that, if you want to modify a boot. INI overwrites the boot of drive C. what is the concept of ini? First, it can lead to service paralysis and cannot read the system.
Solution: delete xp_dirtree. The command is sp_dropextendedproc 'xp _ dirtree'
After deleting the preceding component, you are using a D or any SQL injection tool.
Here we also provide you with some other dangerous SQL stored procedures.
Recommended to delete
[Note: All operations to delete the SQL stored procedure must be performed in the MSSQL query analyzer. Which of the following statements follow the stored procedure name followed by the command to delete the stored procedure?]
First, list dangerous internal storage processes:
xp_mongoshell |
sp_dropextendedproc 'xp _ shortshell' |
xp_regaddmultistring |
sp_dropextendedproc 'xp _ regaddmultistring' |
xp_regdeletekey |
sp_dropextendedproc 'xp _ regdeletekey' |
xp_regdeletevalue |
sp_dropextendedproc 'xp _ regdeletevalue ' |
xp_regenumkeys |
sp_dropextendedproc 'xp _ regenumkeys ' |
xp_regenumvalues |
sp_dropextendedproc 'xp _ regenumvalues' |
xp_regread |
sp_dropextendedproc 'xp _ regread ' |
xp_regremovemultistring |
sp_dropextendedproc 'xp _ regremovemultistring ' |
xp_regwrite |
sp_dropextendedproc 'xp _ regwrite' |
ActiveX script:
Sp_oacreate |
Sp_dropextendedproc 'SP _ oacreate' |
Sp_oadestroy |
Sp_dropextendedproc 'SP _ oadestroy' |
Sp_oamethod |
Sp_dropextendedproc 'SP _ oamethod' |
Sp_oagetproperty |
Sp_dropextendedproc 'SP _ oagetproperties' |
Sp_oageterrorinfo |
Sp_dropextendedproc 'SP _ oageterrorinfo' |
Sp_oastop |
Sp_dropextendedproc 'SP _ oastop' |