在远程服务器中执行xp_cmdshell

时间:2013-02-17 08:42:35

标签: sql-server tsql

RECONFIGURE
EXEC sp_configure 'xp_cmdshell',1  

declare @cmdstring varchar(1000)

set @cmdstring = 'copy D:\\Mine\\Mine\\Icons\\1355312509_gadu.ico D:\\Mine\\Mine\\1355312509_gadu.ico'
exec master..xp_cmdshell @cmdstring 

RECONFIGURE
EXEC sp_configure 'xp_cmdshell',0

我正在尝试在远程服务器上执行此操作,我以sysadmin身份登录,虽然我无法执行,这是我得到的错误,我已经通过较早的帖子但是找不到合适的解决方案

output
The device is not ready.
NULL

任何帮助都是apreciated

这段代码不会

RECONFIGURE
    EXEC sp_configure 'xp_cmdshell',0 

代码末尾消除了那些安全威胁?

这就是我所做的,没关系

CREATE TABLE #temp
(
    id               INT IDENTITY(1, 1),
    name_file        VARCHAR(500),
    depth_tree       VARCHAR(10),
    is_folder_files  VARCHAR(10)
)

/* xp_dirtree selects file from specific location
*  depth_tree       :   depth of the search i.e. subfolders
*  is_folder_files  :   selects folders only or files too
*/

INSERT INTO #temp(name_file, depth_tree, is_folder_files) EXEC xp_dirtree @source_path, 0, 1

-- Must concatenate to have permission for xp_cmdshell
SET @concatenate_string = 'RECONFIGURE EXEC sp_configure ''xp_cmdshell'',1 EXEC MASTER..xp_cmdshell '


-- Generating copy string in bulk
SELECT @cmd_string =    
    ISNULL(@cmd_string, '') + 
    CASE WHEN (LEN(REPLACE(t.name_file, @seperate_value, 1)) <> LEN(t.name_file)) -- if @seperate_value is not in image
        THEN
        (
            SELECT CASE 
                WHEN REPLACE(t.name_file, 'Approach', 1) <> t.name_file OR REPLACE(t.name_file, 'CloseUp', 1) <> t.name_file -- if word Approach or CloseUp is not there in image 
                THEN
                    (
                    SELECT CASE
                    WHEN ((SELECT f.FaceID FROM Face f WHERE CAST(f.Notes AS VARCHAR) = SUBSTRING(t.name_file, 0, CHARINDEX(@seperate_value, t.name_file)-1)) IS NOT NULL) -- when extracted ID from image <> NotesID
                    THEN
                    (
                    @concatenate_string + '''copy ' + @source_path + t.name_file + ' ' 
                    + @destination_path 
                    + (SELECT f.FaceID FROM Face f WHERE CAST(f.Notes AS VARCHAR) = SUBSTRING(t.name_file, 0, CHARINDEX(@seperate_value, t.name_file)-1)) -- Compares and gives the faceID
                    + (SELECT   CASE 
                                    WHEN REPLACE(t.name_file, 'Approach', 1) <> t.name_file THEN '-AS.jpg'' '
                                    WHEN REPLACE(t.name_file, 'CloseUp', 1) <> t.name_file THEN '-BS.jpg'' '
                                    ELSE
                                        'Undefined'
                                END
                       )
                    )
                    ELSE
                        ' '
                    END
                )
                ELSE
                    ' '
                END
        )    
        ELSE
            ' '
    END

FROM #temp t

SELECT @cmd_string + 'RECONFIGURE EXEC sp_configure ''xp_cmdshell'',0'

EXEC (@cmd_string)

3 个答案:

答案 0 :(得分:2)

我也有一段时间。我从服务器a运行脚本,其中的东西在服务器b上。我检查过,唯一的事情(除了凭证,看起来不是问题)是文件结构在远程服务器上不存在..

答案 1 :(得分:1)

这很可能是运行SQL Server服务的凭据的问题。该帐户可能无法充分访问您尝试从中复制的文件夹。

一种解决方案可能是尝试从SQL Server代理运行任务,另请参阅this discussion on the MSDN forums

答案 2 :(得分:0)

除了使用T-SQL在SQL Server之外执行其他操作(这有其固有的风险)之外,您还需要首先为正确的帐户提供正确的权限,甚至可以运行xp_cmdshell

您将需要一个本地AD帐户,因为本地“ nt service \ mssqlserver”帐户可能在其他远程服务器中不存在,因此为什么永远无法访问它。

但是,在获得Shell步骤本身之前,请执行以下操作:

USE MASTER;

-- this turns on advanced options and is needed to configure xp_cmdshell
EXEC sp_configure 'show advanced options', '1'
    RECONFIGURE
-- this enables xp_cmdshell
EXEC sp_configure 'xp_cmdshell', '1'
    RECONFIGURE

IF NOT EXISTS
     (SELECT loginname
      FROM   master.dbo.syslogins
      WHERE  name = 'yourdomain\anADaccount')
  BEGIN
    CREATE LOGIN [yourdomain\anADaccount] FROM WINDOWS;
    EXEC sp_xp_cmdshell_proxy_account 'yourdomain\anADaccount', 'accountpassword'
  END

--Create the database role and assign rights to the role
--select DATABASE_PRINCIPAL_ID('CmdShell_Executor')
IF DATABASE_PRINCIPAL_ID('CmdShell_Executor') IS NULL
  BEGIN
    CREATE ROLE [CmdShell_Executor] AUTHORIZATION [dbo]
    GRANT EXEC ON xp_cmdshell TO [CmdShell_Executor]
  END

IF NOT EXISTS
     (SELECT [name]
      FROM   [sys].[database_principals]
      WHERE  [name] = 'yourdomain\anADaccount')
  BEGIN
--Then once done create users and assign to CmdShell_Executor
    CREATE USER [yourdomain\anADaccount] FROM LOGIN [yourdomain\anADaccount];
    EXEC sp_addrolemember[CmdShell_Executor], [yourdomain\anADaccount];
  END

现在,请确保您的AD帐户也具有远程服务器的权限。我强烈建议您在每台<<local>>计算机上而不是在常规域的AD下创建这些AD帐户。然后,您可以控制该帐户,使其仅具有对远程服务器上特定文件夹或位置的读取权限。

现在您已经准备好从SQL Server运行CMD Shell,而没有任何安全漏洞的风险,外国人可能会访问您的数据库并运行Shell命令!

EXEC    master..xp_cmdshell 'whoami.exe'  --find out what account you're actually using

在过程结束时,请确保删除所有这些权限!

EXEC sp_xp_cmdshell_proxy_account NULL
drop user [yourdomain\anADaccount] 
drop role [CmdShell_Executor]
drop login [yourdomain\anADaccount]