Server
Recently need to use these things, I found myself a bit unclear, it is very old to do nothing. No way, but in their own blog summed up on it. The process of using the SqlExec Plus admin here the ice blood is not involved.
Prerequisites Need Tools: SQL Query Analyzer and SqlExec sunx Version
The first part:
Analysis and summary of the protection system for removing xp_cmdshell:
First know the statement:
1. The way to remove the xp_cmdshell extension process is to use the following statement:
Code:
if exists (SELECT * from dbo.sysobjects where id=object_id (N ' [dbo].[ Xpcmdshell] and OBJECTPROPERTY (id,n ' Isextendedproc ') =1)
exec sp_dropextendedproc N ' [dbo]. [xp_cmdshell] '
2. The way to add the xp_cmdshell extension process is to use the following statement:
Code:
Sp_addextendedproc xp_cmdshell, @dllname = ' Xplog70.dll '
Now look at the phenomenon:
We get the SA permission remote with sqlexec execution cmd command, appear prompt sql_error, then very likely is to remove the xp_cmdshell.
Now look at two ways to recover after being removed from the xp_cmdshell:
Method one, use SQL Query Analyzer to connect to each other directly after writing, very convenient
Code:
Sp_addextendedproc xp_cmdshell, @dllname = ' Xplog70.dll '
Method II, using SqlExec sunx Version
First, in the format option of SqlExec Sunx version, fill in%s and type in the CMD option.
Code:
Sp_addextendedproc ' xp_cmdshell ', ' Xpsql70.dll '
or use it in the case of Sql2000.
Code:
Sp_addextendedproc ' xp_cmdshell ', ' Xplog70.dll '
Another way to remove xp_cmdshell using SqlExec sunx version
and add the time to select the same condition, and then enter
Code:
Sp_dropextendedproc ' xp_cmdshell '
It's okay.
Part II:
If the other party has deleted or renamed Xplog70.dll, we will continue our hack task in the following ways:
When the appearance of the following phenomenon implies that the representative is likely to be xplog70.dll deleted or changed its name.
Writing in Query Analyzer
Code:
Sp_addextendedproc xp_cmdshell, @dllname = ' Xplog70.dll '
Tips
An object named ' xp_cmdshell ' already exists in the database
So how do we recover?
In fact, according to the method provided by the master LCX, we can use the Query Analyzer to write a script to achieve.
The specific script source code please click the connection to obtain.