Get the highest server permissions with SQL injection

The organization has a database server (Windows 2000 operating system, SQL Server 2000)

A while ago, it was an inexplicable attack.

Ran to the computer room, through the PE into a look, found an extra account (SQLDebug). And the Administrator account is disabled.

Look at the data and don't care too much. Using PE to crack the account, back to the unit

I'm just going to be back tonight. The database server, the next database backup file. The results found that the password is not landing.

The ominous premonition came out. Do I have to take the 3-hour bus to the engine room again?

The most important thing is that I just went to the computer room a while ago. Monday went on again. Can't afford to lose this man!

The first reaction thought,. It should be the last time.

Google down found under SQL 2000 is enabled by default is "xp_cmdshell"

By naming this file, you know how powerful it is.

An incredulous try (this time although the server password has been changed, but the database sa password is still normal)

Exec Master. xp_cmdshell ' NET user ABC 3388/add '

It's too familiar to see the above command. It's the same principle that I used to hack the login code under Win7.

Run in the database, and then log in to the system!!

650) this.width=650; "Src=" http://m1.img.srcdd.com/farm5/d/2014/1007/21/E048578AC976AE701159CE4F4EEC6C84_B500_ 900_500_148.jpeg "width=" "height=" 148 "style=" Margin:0px;padding:0px;border:0px;font-weight:inherit; Font-style:inherit;font-family:inherit;vertical-align:baseline;height:auto; "Alt=" E048578ac976ae701159ce4f4eec6c84_b500_90 "/>

Sure enough, there is a sqldebug account on the server above.

In the back, just by ordering the user who was created manually.

(do not say too thin, afraid of harm.) There is a need to be micro blog selfish i. ）

Everything OK

Heart a cold sweat, fortunately the server is 2000 system, no Remote Desktop.

Otherwise, they get the account directly from the remote, can delete the data completely. and just do whatever you do

Well, how to prevent

First disable this xp_cmdshell stored procedure. The command is as follows:

Use master

GO

EXEC sp_dropextendedproc ' xp_cmdshell '

GO

But you only disable it at all, because someone can restore it back. The command is as follows:

Use master

GO

EXEC sp_addextendedproc ' xp_cmdshell ', ' Xplog70.dll '

GO

The most important thing is to xplog70.dll this DLL. Path:

C:\Program Files\Microsoft SQL Server\mssql\binn\xplog70.dll

Remove or change the name of the DLL.

(Remember to stop the SQL Server service, otherwise you won't be used to change the name.) The surface was changed, actually the name)

For the duration of the insurance, try to create the password for the account above. Sure enough not to create! Ok

650) this.width=650; "Src=" http://m1.img.srcdd.com/farm5/d/2014/1007/21/7EB1803D6DCA7DEAA08B69ED29A6192D_B500_ 900_500_193.jpeg "width=" "height=" 193 "style=" Margin:0px;padding:0px;border:0px;font-weight:inherit; Font-style:inherit;font-family:inherit;vertical-align:baseline;height:auto; "Alt=" 7eb1803d6dca7deaa08b69ed29a6192d_b500_90 "/>

In fact, Win7 password cracking is the same principle.

Finally hope to everyone useful ~ do not do bad things!

Get the highest server permissions with SQL injection