SQL Server SA permissions Summary

Source: Internet
Author: User
Tags query
Server

Recently need to use these things, I found myself a bit unclear, it is very old to do nothing. No way, but in their own blog summed up on it. The process of using the SqlExec Plus admin here the ice blood is not involved.

Prerequisites Need Tools: SQL Query Analyzer and SqlExec sunx Version

The first part:
Analysis and summary of the protection system for removing xp_cmdshell:
First know the statement:
1. The way to remove the xp_cmdshell extension process is to use the following statement:
Code:
if exists (SELECT * from dbo.sysobjects where id=object_id (N ' [dbo].[ Xpcmdshell] and OBJECTPROPERTY (id,n ' Isextendedproc ') =1)
exec sp_dropextendedproc N ' [dbo]. [xp_cmdshell] '


2. The way to add the xp_cmdshell extension process is to use the following statement:
Code:
Sp_addextendedproc xp_cmdshell, @dllname = ' Xplog70.dll '


Now look at the phenomenon:
We get the SA permission remote with sqlexec execution cmd command, appear prompt sql_error, then very likely is to remove the xp_cmdshell.

Now look at two ways to recover after being removed from the xp_cmdshell:
Method one, use SQL Query Analyzer to connect to each other directly after writing, very convenient
Code:
Sp_addextendedproc xp_cmdshell, @dllname = ' Xplog70.dll '


Method II, using SqlExec sunx Version
First, in the format option of SqlExec Sunx version, fill in%s and type in the CMD option.
Code:
Sp_addextendedproc ' xp_cmdshell ', ' Xpsql70.dll '

or use it in the case of Sql2000.
Code:
Sp_addextendedproc ' xp_cmdshell ', ' Xplog70.dll '


Another way to remove xp_cmdshell using SqlExec sunx version
and add the time to select the same condition, and then enter
Code:
Sp_dropextendedproc ' xp_cmdshell '

It's okay.

Part II:
If the other party has deleted or renamed Xplog70.dll, we will continue our hack task in the following ways:
When the appearance of the following phenomenon implies that the representative is likely to be xplog70.dll deleted or changed its name.
Writing in Query Analyzer
Code:
Sp_addextendedproc xp_cmdshell, @dllname = ' Xplog70.dll '

Tips
An object named ' xp_cmdshell ' already exists in the database

So how do we recover?
In fact, according to the method provided by the master LCX, we can use the Query Analyzer to write a script to achieve.
The specific script source code please click the connection to obtain.



Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.