Skip to content

Commit

Permalink
修复部分bug
Browse files Browse the repository at this point in the history 
1.修复上传文件bug
2.修复clr回显bug
  • Loading branch information
@uknowsec
uknowsec committed Jul 9, 2021
1 parent 6d6ec58 commit 1fc85cc
Show file tree
Hide file tree
Showing 2 changed files with 65 additions and 69 deletions.
107 changes: 40 additions & 67 deletions SharpSQLTools/Program.cs
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
using System;
using System;
using System.Collections;
using System.Collections.Generic;
using System.Data;
Expand Down Expand Up @@ -64,6 +64,10 @@ by Rcoil & Uknow
/// <param name="Command">命令</param>
static void xp_shell(String Command)
{
if (setting.Check_configuration("xp_cmdshell", 0) && !setting.Enable_xp_cmdshell())
{
return;
}
sqlstr = String.Format("exec master..xp_cmdshell '{0}'", Command);
Console.WriteLine(Batch.RemoteExec(Conn, sqlstr, true));
}
Expand All @@ -83,9 +87,9 @@ public static string GetTimeStamp()
/// <param name="Command">命令</param>
static void sp_shell(String Command)
{
if (setting.Check_configuration("Ole Automation Procedures", 0))
if (setting.Check_configuration("Ole Automation Procedures", 0) && !setting.Enable_ola())
{
if (setting.Enable_ola()) return;
return;
}
string sqlstr = String.Format(@"
declare @shell int,@exec int,@text int,@str varchar(8000);
Expand All @@ -107,29 +111,6 @@ static void clr_exec(String Command)
Batch.CLRExec(Conn, sqlstr);
}

/// <summary>
/// 把字符串按照指定长度分割
/// </summary>
/// <param name="txtString">字符串</param>
/// <param name="charNumber">长度</param>
/// <returns></returns>
private static ArrayList GetSeparateSubString(string txtString, int charNumber)
{
ArrayList arrlist = new ArrayList();
string tempStr = txtString;
for (int i = 0; i < tempStr.Length; i += charNumber)
{
if ((tempStr.Length - i) > charNumber)//如果是,就截取
{
arrlist.Add(tempStr.Substring(i, charNumber));
}
else
{
arrlist.Add(tempStr.Substring(i));//如果不是,就截取最后剩下的那部分
}
}
return arrlist;
}

static byte[] ReadFileToByte(string filePath)
{
Expand Down Expand Up @@ -304,54 +285,40 @@ static void DownloadFiles(String localFile, String remoteFile)
Console.WriteLine("[*] '{0}' Download completed", remoteFile);
}

public static string result = string.Empty;
private static void OnInfoMessage(object mySender, SqlInfoMessageEventArgs args)
public static void OnInfoMessage(object mySender, SqlInfoMessageEventArgs args)
{
var value = string.Empty;
String value = String.Empty;
foreach (SqlError err in args.Errors)
{
value += err.Message;
value = err.Message;
Console.WriteLine(value);
}
result = value;
Console.WriteLine(result);
}

/// <summary>
/// 数据库连接
/// </summary>
public static SqlConnection SqlConnet(string target, string dbName, string uName, string passwd, ref string result)
static void interactive(string[] args)
{
SqlConnection Conn = null;
var connectionString = $"Server = \"{target}\";Database = \"{dbName}\";User ID = \"{uName}\";Password = \"{passwd}\";";
string target = args[0];
if (target.Contains(":"))
{
target = target.Replace(":", ",");
}
string username = args[1];
string password = args[2];
string database = args[3];
try
{
//sql建立连接
string connectionString = String.Format("Server = \"{0}\";Database = \"{1}\";User ID = \"{2}\";Password = \"{3}\";", target, database, username, password);
Conn = new SqlConnection(connectionString);
Conn.InfoMessage += new SqlInfoMessageEventHandler(OnInfoMessage);
Conn.Open();
result = $"[*] Database connection is successful! {DateTime.Now.ToString()}";
Console.WriteLine(result);
Console.WriteLine("[*] Database connection is successful!");
}
catch (Exception ex)
{
result = $"[!] Error log: {ex.Message}";
Console.WriteLine(result);
Console.WriteLine("[!] Error log: \r\n" + ex.Message);
Environment.Exit(0);
}
return Conn;
}

static void interactive(string[] args)
{
string target = args[0];
if (target.Contains(":"))
{
target = target.Replace(":", ",");
}
string username = args[1];
string password = args[2];
string database = args[3];
string result = "";
Conn = SqlConnet(target,database,username,password, ref result);

setting = new Setting(Conn);

Expand Down Expand Up @@ -472,10 +439,7 @@ static void interactive(string[] args)
break;
case "install_clr":
{
setting.Set_permission_set();
setting.CREATE_ASSEMBLY();
setting.CREATE_PROCEDURE();
Console.WriteLine("[+] Install clr done.");
setting.install_clr();
break;
}
case "uninstall_clr":
Expand Down Expand Up @@ -517,8 +481,20 @@ static void Noninteractive(string[] args)
string password = args[2];
string database = args[3];
string module = args[4];
string result = "";
Conn = SqlConnet(target, database, username, password, ref result);
try
{
//sql建立连接
string connectionString = String.Format("Server = \"{0}\";Database = \"{1}\";User ID = \"{2}\";Password = \"{3}\";", target, database, username, password);
Conn = new SqlConnection(connectionString);
Conn.InfoMessage += new SqlInfoMessageEventHandler(OnInfoMessage);
Conn.Open();
Console.WriteLine("[*] Database connection is successful!");
}
catch (Exception ex)
{
Console.WriteLine("[!] Error log: \r\n" + ex.Message);
Environment.Exit(0);
}

setting = new Setting(Conn);
try
Expand Down Expand Up @@ -647,10 +623,7 @@ static void Noninteractive(string[] args)
break;
case "install_clr":
{
setting.Set_permission_set();
setting.CREATE_ASSEMBLY();
setting.CREATE_PROCEDURE();
Console.WriteLine("[+] Install crl successful!");
setting.install_clr();
break;
}
case "uninstall_clr":
Expand Down
27 changes: 25 additions & 2 deletions SharpSQLTools/Setting.cs
View file

Large diffs are not rendered by default.

0 comments on commit 1fc85cc

Please sign in to comment.