EXPLOiTED
Feb 23 2004, 08:52 PM
SQL>Command: xp_cmdshell "dir c:\program files"
Volume in drive C is System
Volume Serial Number is 2872-C4F4
Volume Serial Number is 2872-C4F4
Directory of c:\
Directory of c:\
File Not Found
File Not Found
Directory of C:\WINNT\system32
Directory of C:\WINNT\system32
File Not Found
File Not Found
File Not Found
It appears when i DIR program files on a sql box the space messes it up. any fix?
FiNaLBeTa
Feb 23 2004, 09:06 PM
what he said is that he didn't find c:\program
Remember , it's dos, you can use space
3th time i have to repeat same line in 1 week.
EXPLOiTED
Feb 23 2004, 09:10 PM
i have no idea what you said. Either invent a grammar checker or go to english class again. And you can use spaces in DOS. Which im trying to interpret that when you said CAN you meant CANT.
C:\>osql.exe -S hebs -U sa -P "" -i restore.txt
1> 2> 3> Msg 2714, Level 16, State 7, Server HEBS, Procedure sp_addextendedproc,
Line 26
[Microsoft][ODBC SQL Server Driver][SQL Server]There is already an object named
'xp_cmdshell' in the database.
This is my next frustrating command. I secured my server by dropping cmd shell.
Then i used that above cmd to unsecure it. It worked Great.
Then a couple days later i tried again and it gives me that error above
FiNaLBeTa
Feb 23 2004, 09:17 PM
eh, smartass.
Go to a cmd screen.
Start....
type : dir c:\program files
and see what you get.
EXPLOiTED
Feb 24 2004, 12:13 AM
sure thing here it comes
EXPLOiTED
Feb 24 2004, 12:14 AM
heh, u never specified DIR C:\program files ...... in ur original post. It was just you cant list a directory in DOS is what u said, HENCE cd c:\program files.
so heh
realloader
Feb 24 2004, 05:58 PM
dir c:\program files
Not work.
But
dir "c:\program files"
This one work.
---------------------------------------------
md c:\program files
not work
But
md "c:\program files"
This work.
splX
Feb 24 2004, 07:11 PM
hi
or simply using oldskool dos directories:
dir /x c:\
and you will see, that is must be: PROGRA~1
ciao
cenobite
Feb 24 2004, 08:53 PM
or try 'cd' first to see where your shell is..
most likely this would be c:\windows\system32 or c:\mssql\bin
if you do dir immediately it takes a shitload of time to load
neocortex111
Feb 24 2004, 09:44 PM
sorry to ask this question in this article..but its just i cant start new thread...but i wanna know whats the different between mssql and mysql...like u use sqlexec with few other tools to hack mssql...but what about mysql...what do u use for it
bdark
Feb 24 2004, 10:04 PM
that's right.. by typing "cd" on sqlexec it will retrieve you the root folder where you are.
sylver
Feb 25 2004, 11:35 PM
mssql and mysql are different databases, i know there is an root exploit for mysql...but not succeeds very often ...
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.
