CMD plus SQL account new ways of hacking

some servers can overflow with SQL. Unfortunately, they can’t find any further intrusion methods, so they haven’t been taken down yet. Today, I saw an article in the school league, saying that under CMD, you can also enter the SQL account number and password, the method is as follows:

echo exec master.dbo.sp_addlogin’rooto’, > test.qry


, echo, exec, sp_addsrvrolemember,’rooto’,’sysadmin’, >, > test.qry

, cmd.exe, /c, ISQL, -E, /U, Alma, /P, c:test.qry

, /i

immediately after reading to try, and actually really successful, but because of overflow, the server’s sql service has stopped, and had to wait until it starts next time to run. But for me, this plus SQL account method is the first time, so have to take out a note, for later, but also can use, ha ha.

on the back will not say, in general, are the old method, and although I have not further, but it has been in my hands.

did not write where he wrote last time, but this time he wanted to write something.

said the last invasion of the quite simple, but I later in the invasion process, that is not so simple, with the SQL account, we can have a system authority, did not expect to get a look, delete xplog70.dll and cmdshell, the following if the intrusion is more difficult, to the evil eight post, actually not through, has not come, to Firefox to post, not a few days back, it will still have to fix.


has been a few days later I in my hard drive searched for and found a nocmdshell executive command, a phantom who write, thorn also team is really good, write the tools of bovine B. Open the tool, try it, and find it really successful, you can add accounts and execute the command, but I tried TFTP and echo are not good, it seems there are still some problems. Although you can execute a command, but also can not be my horse go up, this with my previous SQL overflow privilege is still the same, also lost the ehco command before the echo, in the end what to do, ask a few friends, did not get the answer I want.

later accustomed to input " net share" look, scared to death, saw the IPC$, this I rarely played before, I did not expect to encounter today, immediately to the Internet to find the relevant IPC$intrusion data. According to data, but still can not, the original host on >