Re: custom xp_cmdshell on SQL Server



I would recommend against it...

Why don't you reload it (That is if someone hasn't revoked O/S user
privileges on the DLL)?

From the help file:

sp_addextendedproc [@functname =] 'procedure',
[@dllname =] 'dll'

Arguments
[@functname =] 'procedure'
Is the name of the function to call within the dynamic-link library
(DLL). procedure is nvarchar(517), with no default. procedure
optionally can include the owner name in the form owner.function.
[@dllname =] 'dll'
Is the name of the DLL containing the function. dll is varchar(255),
with no default.

So....

exec master.sp_addextendedproc @functname='xp_cmdshell', @dllname
='xpstar70.dll'

Check the DLL name I am not sure if this (xpstar70.dll) is the correct
one, its been a while since I got my hands dirty :)

Z

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------



Relevant Pages

  • Statement Regarding Reported Local Escalation of Privileges Vulnerability for ZoneAlarm
    ... Statement Regarding Reported Local Escalation of Privileges Vulnerability for ZoneAlarm ... An attacker who succeeds placing a malicious DLL in a folder, which appears in the PATH before the ZoneAlarm folder, ...
    (Bugtraq)
  • Elevated Privileges
    ... Is there a way to allow a program / dll to always run ... I have a software vendor that has provided ... you can not create in the system32 folder. ... elevated privileges, or is there another way to make this ...
    (microsoft.public.windowsxp.security_admin)
  • Elevated Priv
    ... Is there a way to allow a program / dll to always run ... I have a software vendor that has provided ... you can not create in the system32 folder. ... elevated privileges, or is there another way to make this ...
    (microsoft.public.windowsxp.security_admin)
  • Elevated Privileges
    ... I have a software vendor that has provided us with programs, ... one in particular that is a dll that generates htm code for a web session. ... you can not create in the system32 folder. ... elevated privileges, or is there another way to make this work, that perhaps ...
    (microsoft.public.windowsxp.security_admin)