Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > hacker course > Content
Hot Articles
SmoothWall Introduces Lo
Travel of the JSP+Oracle
Hacker skill: Gains Webs
Breaks through the Inter
MYSQL database injection
The Tomcat backstage tak
Breaks through the Inter
The hacker teaches you a
WinHex pursues the code
How does the hacker dest
How teaches you to take
The SQL injection revise
mssql SA jurisdiction ne
Microsoft SQL Server SA
The bored Css cross stat
Recommend Articles
The SQL injection revise
How does the hacker dest
The new military recruit
Union inquires the small
MYSQL database injection
Invades under new skill
How does the website scr
Smells searches works as
How in does the net seep
Microsoft SQL Server SA
A simple invasion, does
The mainstream raises th
The bored Css cross stat
The random combined comm
The hacker teaches you a
New Articles
Check Point offers compa
The malware spreads Cali
Full Disk Encryption pro
Cardholders should take
U.S. still more spam tha
Strong encryption L?solu
ConvexSoft DJ Audio Mixe
Few companies k?can be i
IT professionals can kee
k the media?can not by s
k the media?can not by s
Google Custom Search Eng
Users of the iPhone and
Gateshead College offers
Manchester obtained pass
Invades under new skill - CMD to add the sql account number
  Add date: 07/10/2008   Publishing date: 07/10/2008   Hits: 18
Total 2 pages, Current page:1, Jump to page:
 
This server may use sql to overflow, what a pity was cannot find the further invasion method, thus had not taken down. Today in the school pledge saw to an article, said is may also hit under cmd enters the sql account number and the password, the method is as follows:

echo exec master.dbo.sp_addlogin 'rooto', '******' >test.qry
echo exec sp_addsrvrolemember 'rooto', 'sysadmin' >>test.qry
cmd.exe /c isql - E /U alma /P /i c:\test.qry

Looked, has tried immediately, unexpectedly real success, but because overflows, server's sql service already stopped, has to wait for when its next time start moved again. However for me, this kind adds the sql account number the method first time, therefore takes records, will prepare later also has can serve a need, ha-ha.

About following also did not say, was on the whole the before old method, although I have not gone a step further now, but estimates already in my hand.

     Where previous time wrote about not to write, this time wanted to write a thing.

     Previous time said that invades this to be very also simple, but I in afterward invasion process, discovered that is not that simple, added the sql account number, later might have the system jurisdiction, as soon as has not thought looked, discovered has deleted xplog70.dll and cmdshell, paternal grandmother, if below invaded difficultly again to be many, to the evil eight round of placards, has not passed unexpectedly, could not send out, sent the placard to the red fox, several days have not returned, look like to do decide.

This has crossed for several days, afterward I looked in mine hard disk look, had discovered nocmdshell held the order tool, as soon as looked that was the illusory image person writes, mother, punctured the troop also really to be also good, tool also cow B which wrote. Turned on the tool to try, discovered that the real success, has been possible to add the account number and the executive command, but I have tried tftp and echo am not good, looked like or has some questions. Although might the executive command, but has not been able to pass on mine wooden horse, this with I beforehand SQL overflow's jurisdiction was the same, but also has lost the ehco order, before could also echo, how be good, asked several friends, have not obtained the answer which I wanted.

     Afterward the custom input " net share " looked, scares to death, the elder sister, saw IPC$, this I before very little has played, had not thought that today has met, arrived immediately on-line has looked for the related IPC$ invasion material. Illuminates the material to make, but is not good, originally on main engine on only then a ipc$ sharing and a cdbook_tem sharing, therefore added added a sharing under cmd " net share the rooto= c:\ ", then input copy update.exe \ \ ***** \ rooto in IPC$, the sound has pressed down the carriage return, brought to smile…

     Below lets me see lets me be sad really: “refuses to visit…Duplicate has fallen 0 documents”, the corona dies, paternal grandmother, not added shared, has not let me upload, real BT. Therefore changes to the D plate, saw that to a temp document is spatial, therefore supposes it for sharing, and supposes into everyone sharing, who knows makes a mistake, does not have the jurisdiction, had not thought that the manager is such strong, this also really lets me feel that had the challenging. Does not believe does not decide you, therefore I arrive at the E plate, saw that as soon as to a Bak folder, goes in looked, the discovery is spatial, this should have writes the jurisdiction, supposes it for sharing, copy, may again

 
Other pages: : 1 * 2 * Next>>
Prev:MYSQL database injection essence Next:How does the website script pour into examines bypasses the limit

Comment:

Category: Home > hacker course
Home