| Author |
Topic |
|
Aristy
Starting Member
4 Posts |
 Posted - 2011-07-03 : 21:25:17
|
| Hello,I have a problem with a hacker abusing XP_CMDSHELL power to gain access to my server.I disabled XP_CMDSHELL, but hacker can enable it back. So, which .DLL files I should be deleting after disabling it, so the hacker cannot enable it again?I deleted "xplog70.dll". Is it enough or there are more of it?Thanks alot. |
|
|
robvolk
Most Valuable Yak
15732 Posts |
Posted - 2011-07-03 : 22:14:05
|
| http://msdn.microsoft.com/en-us/library/ms189506.aspx |
 |
|
|
Lumbago
Norsk Yak Master
3271 Posts |
Posted - 2011-07-04 : 03:57:15
|
| More importantly than deleting xp_cmdshell; how is this hacker able to execute this procedure in the first place? Are you sure that it's actually being executed or are you just seeing references to it weblogs or something? If it is in fact executed you are probably open to sql injection and you should *really* look in to fixing it... -> http://en.wikipedia.org/wiki/SQL_injection- LumbagoMy blog-> http://thefirstsql.com/2011/02/07/regular-expressions-advanced-string-matching-and-new-split-function-sql-server-2008-r2/ |
|
|
|
Aristy
Starting Member
4 Posts |
Posted - 2011-07-04 : 12:21:10
|
| The hacker do it with a remote sql access, not granted by sql injection but a buffer overflow. |
|
|
|
Aristy
Starting Member
4 Posts |
Posted - 2011-07-04 : 23:09:43
|
| @robvolk; Robvolk, whenever I want to revoke permissions, it asks for master database, and I cannot edit the permissions of my mssql login user under master database.If it is possible, can you give me an example of revoking all permissions on "sp_configure" procedure from X user?Thank you. |
|
|
|
Lumbago
Norsk Yak Master
3271 Posts |
Posted - 2011-07-05 : 02:12:42
|
| You can try this:REVOKE EXECUTE ON master.dbo.sp_configure FROM usernameHowever; if the user has server privileges that override the user privileges in the master database (like sysadmin) it will not work. - LumbagoMy blog-> http://thefirstsql.com/2011/02/07/regular-expressions-advanced-string-matching-and-new-split-function-sql-server-2008-r2/ |
|
|
|
Aristy
Starting Member
4 Posts |
Posted - 2011-07-06 : 12:34:13
|
| USE masterGOREVOKE EXECUTE ON master.dbo.sp_configure FROM AUJI do it via SA and; "Cannot find the user 'XXX', because it does not exist or you do not have permission."How can I solve this? When I write my database name instead, it says it can only be done when the current database is master. |
|
|
|
russell
Pyro-ma-ni-yak
5072 Posts |
Posted - 2011-07-06 : 12:37:31
|
| You're focusing on the stored procedure, when you need to focus on tightening your security.If the user can enable xp_cmdshell, then they can do a lot more.Figure out how to keep them out of your network. |
|
|
|
Jeff Moden
Aged Yak Warrior
652 Posts |
Posted - 2013-06-23 : 00:20:08
|
quote:
Originally posted by russell
You're focusing on the stored procedure, when you need to focus on tightening your security.If the user can enable xp_cmdshell, then they can do a lot more.Figure out how to keep them out of your network.
+1000. I know this post is two years old but it's good to see that someone else gets this.--Jeff Moden
RBAR is pronounced "ree-bar" and is a "Modenism" for "Row By Agonizing Row".First step towards the paradigm shift of writing Set Based code:"Stop thinking about what you want to do to a row... think, instead, of what you want to do to a column." When writing schedules, keep the following in mind:"If you want it real bad, that's the way you'll likely get it." |
|
|
|
|
[XP_CMDSHELL] Which DLL's to delete?