Trace注： NMAP最新版支持判断Oracle TNS Listener版本。

NP写的一个vbs，渗透内网用的。

很久以前的东西了.这份是用C++写的...因为JC已经逝去了,升天了~z3又XX了10个月..没办法完成了.

phpMyAdmin Code Injection RCE Scanner & Exploit
 

Scanning Windows Deeper With the Nmap Scanning Engine

All the documentation you need is in the script comments. I recommend you to go through it, before you actually run the script.

After reading the public advisory and patched code, and playing around for a while, I managed to have a working PoC bash script. The script will allow you to remotely run shell commands and PHP code against vulnerable targets. Although in principle the vulnerability sounds quite simple, it actually took me a while to go from advisory to working attack code.

I’m providing the script with the hope that it will help pentesters and security researchers. Please only test the script against your own systems, or systems you have been given permission to pentest! Don’t be evil, it’s not worth it.

使用低权限Oracle数据库账户得到OS访问权限

download Sheriff SDK from google i dont have its but i will post that soon
actuly i have version 2.2 but i cant find sysgen.ini file in this 2.2 version if i will got this then i will post its no more question if you have any problam for activation do or try its by yr self because i am not inventer of this cracking its allready cracked by some another intelegent person thanks