Skip to content

SQL获取系统相关信息

前几天看了亲戚所在公司的企业网站(一省级大型国企),是.net、sql server做的,有email,OA和PM系统。

一不小心通过几个设置漏洞拿到了一个可遍历系统文件夹的shell,遍历了众多文件夹,竟发现一个1.2G的压缩包,估摸这就是全站拷贝。下载看了果然。。。找到了配置文件,配置文件中有数据库的sa账号。。。 挺大的一家企业,安全大意太不应该!

数据库大多都是工程业务上的信息,包括工程项目规划,进度,业务审批,采购商,各种设备器材以及中标的一些信息。虽然我都不关系这些,可要是工程竞标对手看到了可大有用处。

 

完全可以xp_cmdshell net user 什么的,但我也不打算在上面干什么,只是感觉机器性能还不错,查看下系统信息。

 

查询CPU型号:

20161204225339

SQL:

EXEC xp_instance_regread 
'HKEY_LOCAL_MACHINE',
'HARDWARE\DESCRIPTION\System\CentralProcessor\0',
'ProcessorNameString';

 

查询CPU详细   (物理CPU数量/单cpu核数/总cpu核数/虚拟cpu核数/CPU位数)

20161204225211

 

以下是查询CPU详细sql

DECLARE @xp_msver TABLE (
[idx] [int] NULL
,[c_name] [varchar](100) NULL
,[int_val] [float] NULL
,[c_val] [varchar](128) NULL
)
 
INSERT INTO @xp_msver
EXEC ('[master]..[xp_msver]');;
 
WITH [ProcessorInfo]
AS (
SELECT ([cpu_count] / [hyperthread_ratio]) AS [number_of_physical_cpus]
,[hyperthread_ratio] AS [number_of_cores_per_cpu]
,[cpu_count] AS [total_number_of_cores]
,[cpu_count] AS [number_of_virtual_cpus]
,(
SELECT [c_val]
FROM @xp_msver
WHERE [c_name] = 'Platform'
) AS [cpu_category]
FROM [sys].[dm_os_sys_info]
)
SELECT [number_of_physical_cpus]
,[number_of_cores_per_cpu]
,[total_number_of_cores]
,[number_of_virtual_cpus]
,LTRIM(RIGHT([cpu_category], CHARINDEX('x', [cpu_category]) - 1)) AS [cpu_category]
FROM [ProcessorInfo]

 

查询系统内存(物理内存大小,未使用内存大小,已使用内存大小,系统缓存大小):

20161204224531

32G内存

查询SQL如下

SELECT CEILING(total_physical_memory_kb * 1.0 / 1024 / 1024) AS [Physical Memory Size(GB)] 
 ,CAST(available_physical_memory_kb * 1.0 / 1024 / 1024
AS DECIMAL(8, 4)) AS [Unused Physical Memory(GB)]
 ,CAST(( total_physical_memory_kb - available_physical_memory_kb ) * 1.0
/ 1024 / 1024 AS DECIMAL(8, 4))AS [Used Physical Memory(GB)]
 ,CAST(system_cache_kb*1.0 / 1024/1024 AS DECIMAL(8, 4))AS [System Cache Size(GB)]
FROM sys.dm_os_sys_memory

 

磁盘详细信息:

SET NOCOUNT ON

DECLARE @Result INT;
DECLARE @objectInfo INT;
DECLARE @DriveInfo CHAR(1);
DECLARE @TotalSize VARCHAR(20);
DECLARE @OutDrive INT;
DECLARE @UnitMB BIGINT;
DECLARE @FreeRat FLOAT;
 
SET @UnitMB = 1048576;

CREATE TABLE #DiskCapacity
(
[DiskCD] CHAR(1) ,
FreeSize INT ,
TotalSize INT
);
 
INSERT #DiskCapacity([DiskCD], FreeSize ) 
EXEC master.dbo.xp_fixeddrives;
 
EXEC sp_configure 'show advanced options', 1
RECONFIGURE WITH OVERRIDE;
 
EXEC sp_configure 'Ole Automation Procedures', 1;
RECONFIGURE WITH OVERRIDE;
 
 
EXEC @Result = master.sys.sp_OACreate 'Scripting.FileSystemObject',@objectInfo OUT;
 
DECLARE CR_DiskInfo CURSOR LOCAL FAST_FORWARD
FOR 
SELECT DiskCD FROM #DiskCapacity
ORDER by DiskCD
 
 
OPEN CR_DiskInfo;
 
FETCH NEXT FROM CR_DiskInfo INTO @DriveInfo
 
WHILE @@FETCH_STATUS=0
BEGIN
 
EXEC @Result = sp_OAMethod @objectInfo,'GetDrive', @OutDrive OUT, @DriveInfo
 
 
EXEC @Result = sp_OAGetProperty @OutDrive,'TotalSize', @TotalSize OUT
 
 
UPDATE #DiskCapacity
SET TotalSize=@TotalSize/@UnitMB
WHERE DiskCD=@DriveInfo
 
FETCH NEXT FROM CR_DiskInfo INTO @DriveInfo
 
END
 
CLOSE CR_DiskInfo
DEALLOCATE CR_DiskInfo;
 
EXEC @Result=sp_OADestroy @objectInfo
 
EXEC sp_configure 'show advanced options', 1
RECONFIGURE WITH OVERRIDE;
 
EXEC sp_configure 'Ole Automation Procedures', 0;
RECONFIGURE WITH OVERRIDE;
 
EXEC sp_configure 'show advanced options', 0
RECONFIGURE WITH OVERRIDE;
 
 
 
SELECT DiskCD AS [Drive CD] , 
 STR(TotalSize*1.0/1024,6,2) AS [Total Size(GB)] ,
 STR((TotalSize - FreeSize)*1.0/1024,6,2) AS [Used Space(GB)] ,
 STR(FreeSize*1.0/1024,6,2) AS [Free Space(GB)] ,
 STR(( TotalSize - FreeSize)*1.0/(TotalSize)* 100.0,6,2)AS [Used Rate(%)],
 STR(( FreeSize * 1.0/ ( TotalSize) ) * 100.0,6,2)AS [Free Rate(%)]
FROM #DiskCapacity;
 
DROP TABLE #DiskCapacity;

 

最简单的系统参数信息 ,其实可以直这样查:

SELECT * 
FROM sys.dm_os_sys_info

 

 

最后帮他们关了关闭 xp_cmdshell

--
USE master 
EXEC sp_configure 'show advanced options', 1 
RECONFIGURE WITH OVERRIDE 
EXEC sp_configure 'xp_cmdshell', 0 
RECONFIGURE WITH OVERRIDE 
EXEC sp_configure   'show advanced options', 0
RECONFIGURE WITH OVERRIDE
配置选项 ‘show advanced options’ 已从 0 更改为 1。请运行 RECONFIGURE 语句进行安装。
配置选项 ‘xp_cmdshell’ 已从 1 更改为 0。请运行 RECONFIGURE 语句进行安装。
配置选项 ‘show advanced options’ 已从 1 更改为 0。请运行 RECONFIGURE 语句进行安装。

 

这机器我就上去看看,别的什么也没有动,然后

就没有然后了!  还是说配置信息以及数据的安全是完分重要的啊!

发表评论

电子邮件地址不会被公开。 必填项已用*标注

一点简单的验证. 谢谢 * 验证时间已超时。请刷新验证码。