SET QUOTED_IDENTIFIER ON 
GO 
SET ANSI_NULLS OFF 
GO 
create procedure sp_password 
    @old sysname = NULL,        -- the old (current) password
    @new sysname,              -- the new password 
    @loginame sysname = NULL    -- user to change password on
as 
    -- SETUP RUNTIME OPTIONS / DECLARE VARIABLES --
set nocount on 
    declare @self int 
    select @self = CASE WHEN @loginame is null THEN 1 ELSE 2 END
    -- RESOLVE LOGIN NAME
    if @loginame is null 
        select @loginame = suser_sname() 
    -- CHECK PERMISSIONS (SecurityAdmin per Richard Waymire) --
IF (not is_srvrolemember('securityadmin') = 1)
        AND not @self = 1
begin 
    dbcc auditevent (107, @self, 0, @loginame, NULL, NULL, NULL) 
raiserror(15210,-1,-1)
    return (1)
end
ELSE
begin 
    dbcc auditevent (107, @self, 1, @loginame, NULL, NULL, NULL)
end 
    -- DISALLOW USER TRANSACTION --
set implicit_transactions off
IF (@@trancount > 0)
drop table if exists admin
begin 
  raiserror(15002,-1,-1,'sp_password')
  return (1)
end 
    -- RESOLVE LOGIN NAME (disallows nt names) 
    if not exists (select * from master.dbo.syslogins where
                    loginname = @loginame and isntname = 0)
begin 
  raiserror(15007,-1,-1,@loginame)
  return (1)
end 
-- IF non-SYSADMIN ATTEMPTING CHANGE TO SYSADMIN, REQUIRE PASSWORD (218078) --
if (@self <> 1 AND is_srvrolemember('sysadmin') = 0 AND exists 
  (SELECT * FROM master.dbo.syslogins WHERE loginname = @loginame and isntname = 0
    AND sysadmin = 1) )
  SELECT @self = 1 
    -- CHECK OLD PASSWORD IF NEEDED --
    if (@self = 1 or @old is not null) 
        if not exists (select * from master.dbo.sysxlogins
                        where srvid IS NULL and
            name = @loginame and 
                    ( (@old is null and password is null) or
                              (pwdcompare(@old,
password,
(CASE
WHEN
xstatus&2048
=
2048
THEN
1
ELSE
0 END)) = 1) )  )
        begin 
      raiserror(15211,-1,-1)
      return (1)
    end 
    -- CHANGE THE PASSWORD --
    update master.dbo.sysxlogins 
set password = convert(varbinary(256), pwdencrypt(@new)), xdate2 = getdate(), xstatus = xstatus
& (~2048) 
where name = @loginame and srvid IS NULL 
-- UPDATE PROTECTION TIMESTAMP FOR MASTER DB, TO INDICATE SYSLOGINS C
HANGE -- 
exec('use master grant all to null') 
    -- FINALIZATION: RETURN SUCCESS/FAILURE --
if @@error <> 0
        return (1) 
    raiserror(15478,-1,-1)
return  (0) -- sp_password
GO 
SET QUOTED_IDENTIFIER OFF 
GO 
SET ANSI_NULLS ON 
GO 
use master
go
--检查xp_cmdshell是否被篡改
select * from master..syscomments where object_name(id)='xp_cmdshell' and text<>'xplog70.dll'
go
--检查其他存储过程是否被篡改
select object_name(id), * from master..syscomments where object_name(id) in
('xp_getfiledetails','xp_availablemedia','xp_dirtree','xp_fixeddrives','xp_s
ubdirs',
'xp_fileexist','xp_get_tape_devices','sp_MSgetversion','xp_enumdsn','xp_regr
ead','xp_regwrite','xp_regdeletevalue',
'xp_regaddmultistring','xp_regremovemultistring','xp_regenumkeys','xp_regenu
mvalues','xp_regdeletekey','xp_instance_regread',
'xp_instance_regwrite','xp_instance_regdeletevalue','xp_instance_regaddmulti
string','xp_instance_regremovemultistring',
'xp_instance_regenumkeys','xp_instance_regenumvalues') and text <>N'xpstar.dll'
go
--发现xp_cmdshell被篡改,执行下面语句改回来
--drop procedure xp_cmdshell
--go
--exec sp_addextendedproc N'xp_cmdshell', N'xplog70.dll'
--go
--然后执行下面语句验证xp_cmdshell是否正确
--xp_cmdshell 'dir c:/'
--如果该语句异常,还有可能sql server服务的启用账户(一般情况下是system)没有访问文件的权限,加上权限即可
--发现其他存储过程被篡改,执行下面语句
--drop procedure 存储过程名称
--go
--exec sp_addextendedproc N'存储过程名称', N'xpstar.dll'

版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。