SQL Server SA permissions Summary Classic technology _mssql

Prerequisites Need Tools: SQL Query Analyzer and SqlExec sunx Version
　　 The first part: 　
Analysis and summary of the protection system for removing xp_cmdshell:
First know the statement:
1. The way to remove the xp_cmdshell extension process is to use the following statement:
if exists (SELECT * from dbo.sysobjects where id=object_id (N ' [dbo].[ Xpcmdshell] and OBJECTPROPERTY (id,n ' Isextendedproc ') =1) exec sp_dropextendedproc N ' [dbo]. [xp_cmdshell] '
2. The way to add the xp_cmdshell extension process is to use the following statement:
Sp_addextendedproc xp_cmdshell, @dllname = ' Xplog70.dll '
Now look at the phenomenon:
We get the SA permission remote with sqlexec execution cmd command, appear prompt sql_error, then very likely is to remove the xp_cmdshell.
　　
Now look at two ways to recover after being removed from the xp_cmdshell:
　　
Method one, using SQL Query Analyzer to connect to each other directly after writing, very convenient sp_addextendedproc xp_cmdshell, @dllname = ' Xplog70.dll ' Method II, the use of SqlExec Sunx Version first fills in%s in the format option of SqlExec Sunx version and enters Sp_addextendedproc ' xp_cmdshell ' in the cmd option, ' Xpsql70.dll ' Or use the Sp_addextendedproc ' xp_cmdshell ', ' xplog70.dll ' in the case of Sql2000 and SqlExec Sunx version to remove the xp_cmdshell method and the choice of conditions And then type sp_dropextendedproc ' xp_cmdshell ' on it.
　　
Part II: 　　
If the other party has deleted or renamed Xplog70.dll, we will continue our hack task in the following ways:
When the appearance of the following phenomenon implies that the representative is likely to be xplog70.dll deleted or changed its name.
Writing sp_addextendedproc xp_cmdshell in Query Analyzer, @dllname = ' Xplog70.dll ' indicates an object named ' xp_cmdshell ' already exists in the database.