CMD add SQL account: Hacker intrusion New technique

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

Some servers can overflow with SQL, unfortunately is not found further intrusion methods, so has not been taken down. Today in the school union saw an article, said that under the CMD can also be included in the SQL account and password, methods are as follows:

echo exec master.dbo.sp_addlogin ' Rooto ', ' Hu Jintao ' >test.qry

echo exec sp_addsrvrolemember ' rooto ', ' sysadmin ' >>test.qry

CMD.EXE/C isql-e/u alma/p/I c:\test.qry

After reading immediately to try, incredibly successful, but because of overflow, the server's SQL service has stopped, had to wait for it to start the next time it runs. But for me, this method of adding SQL account is the first time, so have to take out to remember, in case there can be useful when, hehe.

About the back is not said, is generally the old way, although I have no further, but it is estimated in my hands.

The last time I wrote it, I didn't write it, I still want to write something.

Last said the invasion this is quite simple, but I later in the invasion process, found not so simple, add a SQL account, you can have system permissions, did not think of a look, found that deleted Xplog70.dll and Cmdshell, the following if the invasion will be more difficult, to evil eight post, incredibly did not pass, has been issued, to Firefox to post, a few days have not returned, it seems to have to do their own.

This has been a few days, and then I find in my hard drive, find, found a nocmdshell to hold the command of the tool, a look is the Phantom of the People wrote, stabbed the team is really good, write the tool also cow B. Open the tool to try, found that really successful, can add account and execute command, but I tried TFTP and Echo are not, there seems to be some problems. Although you can execute the command, but can not send my Trojan, this is the same as my previous SQL overflow permission is the same, but also lost the EHCO command, before the Echo, in the end how is good, asked a few friends, did not get the answer I want.

Later habits of the input "net share" looked at, scared to death, saw IPC, this I have rarely played before, did not expect to encounter today, immediately to the Internet to find the relevant IPC intrusion data. According to the information, but still not, the original host on the only one IPC share and a cdbook_tem share, so added a share under cmd "net share Rooto=c:\", and then in the IPC input copy Update.exe \\*** **\rooto, the ring rang the carriage return, with a smile ...

Let me see the next scene really let me sad: "Access denied ... has been removed 0 files ", Dizzy dead Oh, is not added to share it, not let me upload, really bt." So go to D disk, see a temp file is empty, so it is set to share, and set into everyone to share, who knows and error, no authority, did not expect the administrator so strong ah, it really makes me feel challenging. Don't believe you, so I came to E disk, see a Bak folder, go into a look, found is empty, this should have write permission, it is set to share, and then copy, but still

No, it will be shared, commands are as follows:

cacls d:\website/g everyone:f/e/t Grant Full Control of this directory to all users

cacls d:\website/r everyone/e/T cancels other users ' access to this directory

I did not think to be successful, but who succeeded, and then a burst of ecstasy. Oh。

Now or not, lost no longer, immediately uploaded the Trojan file, run a bit, see radmin can connect, I thought, this is a success AH. Oh。

Later, using Radmin to connect its disk, found D disk is a CD-ROM, Khan died, CD-ROM has long been hanging on the computer, really take the school of this stuff. I thought it was really bt, so it is.

This server is the end of the invasion, and recently in the school with a teacher Q chat, about the school SQL overflow serious loopholes can not be belittled, I have sent them the patch address, I hope they can be patched in time.

Reprint please indicate from: http://bbs.qq318.com