Penetration Testing mailing list archives
Re: custom xp_cmdshell on SQL Server
From: "Zed Qyves" <zqyves.spamtrap () gmail com>
Date: Thu, 14 Sep 2006 10:28:14 +0300
I would recommend against it... Why don't you reload it (That is if someone hasn't revoked O/S user privileges on the DLL)?
From the help file:
sp_addextendedproc [@functname =] 'procedure', [@dllname =] 'dll' Arguments [@functname =] 'procedure' Is the name of the function to call within the dynamic-link library (DLL). procedure is nvarchar(517), with no default. procedure optionally can include the owner name in the form owner.function. [@dllname =] 'dll' Is the name of the DLL containing the function. dll is varchar(255), with no default. So.... exec master.sp_addextendedproc @functname='xp_cmdshell', @dllname ='xpstar70.dll' Check the DLL name I am not sure if this (xpstar70.dll) is the correct one, its been a while since I got my hands dirty :) Z ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php ------------------------------------------------------------------------
Current thread:
- custom xp_cmdshell on SQL Server Andy Lester (Sep 13)
- RE: custom xp_cmdshell on SQL Server Clemens, Dan (Sep 14)
- Re: custom xp_cmdshell on SQL Server Steven M Gill (Sep 15)
- Re: custom xp_cmdshell on SQL Server Stefano Zanero (Sep 15)
- RE: custom xp_cmdshell on SQL Server Victor Chapela (Sep 17)
- RE: custom xp_cmdshell on SQL Server Andy Lester (Sep 18)
- RE: custom xp_cmdshell on SQL Server Victor Chapela (Sep 20)
- RE: custom xp_cmdshell on SQL Server Andy Lester (Sep 18)
- <Possible follow-ups>
- Re: custom xp_cmdshell on SQL Server Zed Qyves (Sep 14)
- User group tool Bud Gordon (Sep 14)
- Re: User group tool Tim (Sep 14)
- Re: User group tool John Skinner (Sep 15)
- RE: User group tool ballares (Sep 15)
- RE: User group tool Weir, Jason (Sep 15)
- User group tool Bud Gordon (Sep 14)
- RE: custom xp_cmdshell on SQL Server Andy Lester (Sep 18)