Undo SQL 2000 hardening by restoring potentially dangerous xp_* proecdures

Wednesday, July 1, 2009

Undo SQL 2000 hardening by restoring potentially dangerous xp_* proecdures


ArcServe backup uses some of these xp_* extended stored procedures to execute SQL agent backups.  I can never find this quickly (took me over an hour searching the web today) so I’m re-posting this script here.

Disclaimer: Before you run either of these scripts, please know exactly what you’re doing.  I’m not responsible if you use these and break your SQL server installation.  Remember that with great power comes great responsibility.  Use yours wisely.

Scripts after the break.

SQL Script to restore potentially dangerous stored procedures:

use master
exec sp_addextendedproc xp_cmdshell,@dllname = 'xplog70.dll'
exec sp_addextendedproc xp_enumgroups,@dllname = 'xplog70.dll'
exec sp_addextendedproc xp_loginconfig,@dllname = 'xplog70.dll'
exec sp_addextendedproc xp_enumerrorlogs,@dllname = 'xpstar.dll'
exec sp_addextendedproc xp_getfiledetails,@dllname = 'xpstar.dll'
exec sp_addextendedproc Sp_OACreate,@dllname = 'odsole70.dll'
exec sp_addextendedproc Sp_OADestroy,@dllname = 'odsole70.dll'
exec sp_addextendedproc Sp_OAGetErrorInfo,@dllname = 'odsole70.dll'
exec sp_addextendedproc Sp_OAGetProperty,@dllname = 'odsole70.dll'
exec sp_addextendedproc Sp_OAMethod,@dllname = 'odsole70.dll'
exec sp_addextendedproc Sp_OASetProperty,@dllname = 'odsole70.dll'
exec sp_addextendedproc Sp_OAStop,@dllname = 'odsole70.dll'
exec sp_addextendedproc xp_regaddmultistring,@dllname = 'xpstar.dll'
exec sp_addextendedproc xp_regdeletekey,@dllname = 'xpstar.dll'
exec sp_addextendedproc xp_regdeletevalue,@dllname = 'xpstar.dll'
exec sp_addextendedproc xp_regenumvalues,@dllname = 'xpstar.dll'
exec sp_addextendedproc xp_regremovemultistring,@dllname = 'xpstar.dll'
exec sp_addextendedproc xp_regwrite,@dllname = 'xpstar.dll'
exec sp_addextendedproc xp_dirtree,@dllname = 'xpstar.dll'
exec sp_addextendedproc xp_regread,@dllname = 'xpstar.dll'
exec sp_addextendedproc xp_fixeddrives,@dllname = 'xpstar.dll’
go

Test

And to remove them, you can execute this script.

SQL Script to remove potentially dangerous stored procedures:

use master
exec sp_dropextendedproc 'xp_cmdshell'
exec sp_dropextendedproc 'xp_enumgroups'
exec sp_dropextendedproc 'xp_loginconfig'
exec sp_dropextendedproc 'xp_enumerrorlogs'
exec sp_dropextendedproc 'xp_getfiledetails'
exec sp_dropextendedproc 'Sp_OACreate'
exec sp_dropextendedproc 'Sp_OADestroy'
exec sp_dropextendedproc 'Sp_OAGetErrorInfo'
exec sp_dropextendedproc 'Sp_OAGetProperty'
exec sp_dropextendedproc 'Sp_OAMethod'
exec sp_dropextendedproc 'Sp_OASetProperty'
exec sp_dropextendedproc 'Sp_OAStop'
exec sp_dropextendedproc 'xp_regaddmultistring'
exec sp_dropextendedproc 'xp_regdeletekey'
exec sp_dropextendedproc 'xp_regdeletevalue'
exec sp_dropextendedproc 'xp_regenumvalues'
exec sp_dropextendedproc 'xp_regremovemultistring'
exec sp_dropextendedproc 'xp_regwrite'
drop procedure sp_makewebtask
go

0 comments :