SQL Server Transact http:\/\/wiki.huorong.cn\/docs\/sotd\/sotd-1cge7hff93agv
SQL \u5de5\u5177\u6982\u8ff0https:\/\/learn.microsoft.com\/zh-cn\/sql\/tools\/overview-sql-tools?view=sql-server-ver16<\/p>\n\n\n\n
SQL Server\u6267\u884c\u7cfb\u7edf\u547d\u4ee4\u9700\u8981xp_cmdshell\u3001Ole Automation Procedures\uff08sp_oacreate\u548csp_oamethod \uff09\u548cclr enabled\u5176\u4e2d\u4e00\u4e2a\u529f\u80fd\u3002
\u5f00\u542f\u8fd9\u4e9b\u529f\u80fd\u9700\u8981\u9ad8\u7ea7\u914d\u7f6e\uff08show advanced options\uff09\uff0c\u800c\u5f00\u542f\u9700\u8981serveradmin\u6216sysadmin\u5176\u4e2d\u4e00\u4e2a\u8d26\u6237\u7684\u6743\u9650\u3002\u6267\u884c\u547d\u4ee4\u9700\u8981sysadmin\u6743\u9650\u3002
\u6267\u884c\u547d\u4ee4\u548c\u91ca\u653e\u6587\u4ef6\u4f1a\u901a\u8fc7\u67e5\u770b\u7a0b\u5e8f\u96c6 \u3001\u5b58\u50a8\u8fc7\u7a0b\u3001\u4f5c\u4e1a\u7b49\u6dfb\u52a0\u76f8\u5173\u652f\u6301\u6216\u81ea\u52a8\u6267\u884c\u4f5c\u4e1a\u3002<\/p>\n\n\n\n
execute('sp_configure \"show advanced options\",1') -- \u5f00\u542f\u9ad8\u7ea7\u914d\u7f6e\nexecute('reconfigure') -- \u4fdd\u5b58\u8bbe\u7f6e\n\nExec sp_configure 'clr enabled', 1; -- \u5f00\u542fCLR \u6267\u884c\u7cfb\u7edf\u547d\u4ee4\nexecute('sp_configure \"xp_cmdshell\", 1') -- \u5f00\u542fxp_cmdshell\u6267\u884c\u7cfb\u7edf\u547d\u4ee4\nEXEC sp_configure 'Ole Automation Procedures', 1; -- \u5f00\u542fsp_oacreate\u6267\u884c\u7cfb\u7edf\u547d\u4ee4\n\nexecute('sp_configure \"show advanced options\",0') -- \u5f00\u542f\u9ad8\u7ea7\u914d\u7f6e\nexecute('reconfigure') -- \u4fdd\u5b58\u8bbe\u7f6e\nexecute('sp_configure') -- \u67e5\u770b\u914d\u7f6e<\/code><\/pre>\n\n\n\n\u67e5\u770b\u6743\u9650<\/h1>\n\n\n\n--\u67e5\u770b\u5f53\u524d\u8d26\u6237\u6743\u9650\nselect is_srvrolemember('sysadmin') --\u67e5\u770b\u5f53\u524d\u8d26\u6237\u662f\u5426\u6709sysadmin\u6743\u9650\nEXEC sp_helpsrvrolemember 'sysadmin'; -- \u67e5\u770b\u89d2\u8272\u4e0b\u7684\u7528\u6237\n--\u67e5\u770b\u670d\u52a1\u5668\u89d2\u8272\u6709\u54ea\u4e9b\u8d26\u6237\nselect is_srvrolemember('serveradmin') --\u67e5\u770b\u5f53\u524d\u8d26\u6237\u662f\u5426\u6709serveradmin\u6743\u9650\nEXEC sp_helpsrvrolemember 'serveradmin';-- \u67e5\u770b\u89d2\u8272\u4e0b\u7684\u7528\u6237<\/code><\/pre>\n\n\n\n\u5173\u95ed\u529f\u80fd<\/h1>\n\n\n\nexecute('sp_configure \"show advanced options\",1') -- \u5f00\u542f\u9ad8\u7ea7\u914d\u7f6e\nexecute('reconfigure') -- \u4fdd\u5b58\u8bbe\u7f6e\n\nExec sp_configure 'clr enabled', 0; -- \u5173\u95edCLR \u6267\u884c\u7cfb\u7edf\u547d\u4ee4\nexecute('sp_configure \"xp_cmdshell\", 0') -- \u5173\u95edxp_cmdshell\u6267\u884c\u7cfb\u7edf\u547d\u4ee4\nEXEC sp_configure 'Ole Automation Procedures', 0; -- \u5173\u95edsp_oacreate\u6267\u884c\u7cfb\u7edf\u547d\u4ee4\n\nexecute('sp_configure \"show advanced options\",0') -- \u5173\u95ed\u9ad8\u7ea7\u914d\u7f6e\nexecute('reconfigure') -- \u4fdd\u5b58\u8bbe\u7f6e\nexecute('sp_configure') -- \u67e5\u770b\u914d\u7f6e<\/code><\/pre>\n\n\n\n\u67e5\u770b\u662f\u5426\u5f00\u542f<\/h1>\n\n\n\n-- \u67e5\u770b xp_cmdshell\u3001clr enabled\u3001Ole Automation Procedures\u72b6\u6001\nSELECT name,value,value_in_use,description FROM sys.configurations Where (name = 'xp_cmdshell'or name = 'clr enabled'or name = 'Ole Automation Procedures')<\/code><\/pre>\n\n\n\n\u67e5\u770b\u7a0b\u5e8f\u96c6 \u3001\u5b58\u50a8\u8fc7\u7a0b\u3001\u4f5c\u4e1a<\/h1>\n\n\n\nSELECT name,is_trustworthy_on FROM sys.databases -- \u67e5\u770b\u5b89\u88c5\u7a0b\u5e8f\u96c6\u6587\u4ef6\u9700\u8981\u6743\u9650\n-- ALTER DATABASE master SET TRUSTWORTHY ON; -- \u5f00\u542f\u5b89\u88c5\u7a0b\u5e8f\u96c6\u6587\u4ef6\u9700\u8981\u6743\u9650\nSELECT * FROM sys.assemblies WHERE is_user_defined = 1 -- \u7a0b\u5e8f\u96c6\u540d\u5b57(\u7528\u6237\u521b\u5efa\u7684)\nSELECT * FROM sys.assembly_files -- \u7a0b\u5e8f\u96c6\u6587\u4ef6\n--DROP ASSEMBLY Helloworld ; -- \u5220\u9664\u6307\u5b9a\u7a0b\u5e8f\u96c6\nSELECT * FROM sys.all_objects WHERE type_desc = 'CLR_STORED_PROCEDURE' AND is_ms_shipped = 0 -- \u975eSQL Server\u5185\u90e8\u5b58\u50a8\u8fc7\u7a0b\n-- DROP PROCEDURE Helloworld ; -- \u5220\u9664\u6307\u5b9a\u5b58\u50a8\u8fc7\u7a0b\nEXEC dbo.sp_help_job -- \u67e5\u770b\u5168\u90e8\u4f5c\u4e1a\n-- EXEC sp_delete_job @job_name = N'NightlyBackups' ; -- \u67e5\u770b\u6307\u5b9a\u4f5c\u4e1a\n-- sys.all_objects\n-- https:\/\/learn.microsoft.com\/zh-cn\/sql\/relational-databases\/system-catalog-views\/object-catalog-views-transact-sql?view=sql-server-ver16<\/code><\/pre>\n\n\n\nsqlps<\/h2>\n\n\n\n
sql server\u7684\u4e00\u4e2apowershell\u5de5\u5177\uff0c\u5f88\u591a\u65f6\u5019\u662f\u81ea\u5e26\u7684\u3002
https:\/\/learn.microsoft.com\/zh-cn\/sql\/powershell\/download-sql-server-ps-module?view=sql-server-ver16<\/p>\n\n\n\n
cd SQL\\\u8ba1\u7b97\u673a\u540d\u5b57\nls DEFAULT\\Databases\\master\\Assemblies\nls DEFAULT\\Databases\\master\\StoredProcedures\nls DEFAULT\\JobServer\\Jobs\n#rm DEFAULT\\Databases\\master\\Assemblies\\* # \u5220\u9664\u5168\u90e8\u7a0b\u5e8f\u96c6\n#rm DEFAULT\\Databases\\master\\StoredProcedures\\* # \u5220\u9664\u5168\u90e8\u5b58\u50a8\u8fc7\u7a0b\n#rm DEFAULT\\JobServer\\Jobs\\my_job_name<\/code><\/pre>\n\n\n\n\u53c2\u8003<\/h1>\n\n\n\n
\u4ee5\u4e0a\u5f88\u591a\u8bed\u53e5\u53ef\u4ee5\u5728\u5fae\u8f6f\u641c\u7d22\u770b\u5b98\u65b9\u5e2e\u52a9\u3002
https:\/\/learn.microsoft.com\/zh-cn\/sql\/tools\/overview-sql-tools?view=sql-server-ver16
\u5176\u4ed6\u53c2\u8003<\/strong>
https:\/\/blog.csdn.net\/Ruishine\/article\/details\/113883888
https:\/\/blog.csdn.net\/weixin_46684578\/article\/details\/118436385#CLR_313
https:\/\/github.com\/mindspoof\/MSSQL-Fileless-Rootkit-WarSQLKit\/tree\/master\/WarSQLKit<\/p>\n","protected":false},"excerpt":{"rendered":"SQL Server Transact http:\/\/wiki.huorong.cn\/docs\/sotd\/so […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[11],"class_list":["post-153","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-sql-server"],"_links":{"self":[{"href":"http:\/\/www.yudi001.cn\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/153","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.yudi001.cn\/wordpress\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.yudi001.cn\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.yudi001.cn\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.yudi001.cn\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=153"}],"version-history":[{"count":0,"href":"http:\/\/www.yudi001.cn\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/153\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.yudi001.cn\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=153"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.yudi001.cn\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=153"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.yudi001.cn\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=153"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}