2 
RECONFIGURE
EXEC sp_configure 'xp_cmdshell',1  

declare @cmdstring varchar(1000)

set @cmdstring = 'copy D:\\Mine\\Mine\\Icons\\1355312509_gadu.ico D:\\Mine\\Mine\\1355312509_gadu.ico'
exec master..xp_cmdshell @cmdstring 

RECONFIGURE
EXEC sp_configure 'xp_cmdshell',0

我正在尝试在远程服务器上执行此操作,虽然我无法执行,但我以系统管理员身份登录,这是我得到的错误,我已经完成了之前的帖子,但找不到合适的解决方案

output
The device is not ready.
NULL

任何帮助将不胜感激

这段代码不会

RECONFIGURE
    EXEC sp_configure 'xp_cmdshell',0

在代码末尾消除那些安全威胁?

这就是我所做的,没关系

CREATE TABLE #temp
(
    id               INT IDENTITY(1, 1),
    name_file        VARCHAR(500),
    depth_tree       VARCHAR(10),
    is_folder_files  VARCHAR(10)
)

/* xp_dirtree selects file from specific location
*  depth_tree       :   depth of the search i.e. subfolders
*  is_folder_files  :   selects folders only or files too
*/

INSERT INTO #temp(name_file, depth_tree, is_folder_files) EXEC xp_dirtree @source_path, 0, 1

-- Must concatenate to have permission for xp_cmdshell
SET @concatenate_string = 'RECONFIGURE EXEC sp_configure ''xp_cmdshell'',1 EXEC MASTER..xp_cmdshell '


-- Generating copy string in bulk
SELECT @cmd_string =    
    ISNULL(@cmd_string, '') + 
    CASE WHEN (LEN(REPLACE(t.name_file, @seperate_value, 1)) <> LEN(t.name_file)) -- if @seperate_value is not in image
        THEN
        (
            SELECT CASE 
                WHEN REPLACE(t.name_file, 'Approach', 1) <> t.name_file OR REPLACE(t.name_file, 'CloseUp', 1) <> t.name_file -- if word Approach or CloseUp is not there in image 
                THEN
                    (
                    SELECT CASE
                    WHEN ((SELECT f.FaceID FROM Face f WHERE CAST(f.Notes AS VARCHAR) = SUBSTRING(t.name_file, 0, CHARINDEX(@seperate_value, t.name_file)-1)) IS NOT NULL) -- when extracted ID from image <> NotesID
                    THEN
                    (
                    @concatenate_string + '''copy ' + @source_path + t.name_file + ' ' 
                    + @destination_path 
                    + (SELECT f.FaceID FROM Face f WHERE CAST(f.Notes AS VARCHAR) = SUBSTRING(t.name_file, 0, CHARINDEX(@seperate_value, t.name_file)-1)) -- Compares and gives the faceID
                    + (SELECT   CASE 
                                    WHEN REPLACE(t.name_file, 'Approach', 1) <> t.name_file THEN '-AS.jpg'' '
                                    WHEN REPLACE(t.name_file, 'CloseUp', 1) <> t.name_file THEN '-BS.jpg'' '
                                    ELSE
                                        'Undefined'
                                END
                       )
                    )
                    ELSE
                        ' '
                    END
                )
                ELSE
                    ' '
                END
        )    
        ELSE
            ' '
    END

FROM #temp t

SELECT @cmd_string + 'RECONFIGURE EXEC sp_configure ''xp_cmdshell'',0'

EXEC (@cmd_string)
4

3 回答 3

2

I have had this one some time too. I ran the script from server a, where things were on server b. I checked and the only thing (besides credentials, which looks it isn't an issue) was that the filestructure didn't exists on the remote server..

于 2013-02-17T08:57:59.637 回答
1

这很可能是运行 SQL Server 服务的凭据存在问题。该帐户可能没有足够的权限访问您尝试从中复制或复制到的文件夹。

一种解决方案可能是尝试从 SQL Server 代理运行任务,另请参阅MSDN 论坛上的讨论

于 2013-02-17T08:47:40.807 回答
0

除了使用 T-SQL 在 SQL Server 之外做任何事情,这有其自身的继承风险,您首先需要为正确的帐户授予正确的权限才能运行xp_cmdshell.

您将需要一个本地 AD 帐户,因为本地“nt service\mssqlserver”帐户可能不存在于您的其他远程服务器中,所以为什么永远无法访问它。

但是,在获得 Shell 步骤之前,请执行以下操作:

USE MASTER;

-- this turns on advanced options and is needed to configure xp_cmdshell
EXEC sp_configure 'show advanced options', '1'
    RECONFIGURE
-- this enables xp_cmdshell
EXEC sp_configure 'xp_cmdshell', '1'
    RECONFIGURE

IF NOT EXISTS
     (SELECT loginname
      FROM   master.dbo.syslogins
      WHERE  name = 'yourdomain\anADaccount')
  BEGIN
    CREATE LOGIN [yourdomain\anADaccount] FROM WINDOWS;
    EXEC sp_xp_cmdshell_proxy_account 'yourdomain\anADaccount', 'accountpassword'
  END

--Create the database role and assign rights to the role
--select DATABASE_PRINCIPAL_ID('CmdShell_Executor')
IF DATABASE_PRINCIPAL_ID('CmdShell_Executor') IS NULL
  BEGIN
    CREATE ROLE [CmdShell_Executor] AUTHORIZATION [dbo]
    GRANT EXEC ON xp_cmdshell TO [CmdShell_Executor]
  END

IF NOT EXISTS
     (SELECT [name]
      FROM   [sys].[database_principals]
      WHERE  [name] = 'yourdomain\anADaccount')
  BEGIN
--Then once done create users and assign to CmdShell_Executor
    CREATE USER [yourdomain\anADaccount] FROM LOGIN [yourdomain\anADaccount];
    EXEC sp_addrolemember[CmdShell_Executor], [yourdomain\anADaccount];
  END

现在确保您的 AD 帐户也有权访问远程服务器。我强烈建议您在每台机器上创建这些 AD 帐户,<<local>>而不是在通用域的 AD 下。然后,您可以控制该帐户仅对远程服务器上的特定文件夹或位置具有读取权限。

现在您已准备好从 SQL Server 运行 CMD shell,而没有任何安全漏洞的风险,即外国人可能会访问您的数据库并运行 Shell 命令!

EXEC    master..xp_cmdshell 'whoami.exe'  --find out what account you're actually using

在您的程序结束时,请确保您删除所有这些权限!

EXEC sp_xp_cmdshell_proxy_account NULL
drop user [yourdomain\anADaccount] 
drop role [CmdShell_Executor]
drop login [yourdomain\anADaccount]
于 2020-12-08T06:48:35.930 回答