Explore anti-delete and Breakthrough anti-delete of webshell

Author: Mosquitoes

A few days ago, I saw a legendary anti-deletion Trojan, encrypted, and decrypted. It was time to break it and I don't remember it.

If you are idle, consider how to implement it. First, consider the attribute issue.

Deleting a file seems to be written in a file operation. How many read-only attributes can the file be written?

Here I used asp, which was written N years ago to modify the attribute. I remember that a trojan had this function, and then I had a headache.

Use "sb. Asp" as the test file and modify the attribute to read-only.

This station is all-powerful and adds attributes at once.
 

Let's use asp webshell to delete it.

 

By the way, this site also supports php, so try again with php Malay.

And cannot be deleted.

In this way, the so-called anti-delete function is implemented.

The code that automatically adds attributes upon opening should be like this.

<%
Set FSO = Server. CreateObject ("Scripting. FileSystemObject") create an object
Set file = FSO. getFile (server. MAppATH ("/") & "& request. ServerVariables (" PATH_INFO ")

The current path is connected to the object name variable.
File. attributes = 1 the attribute value of File is 1, which is read-only.
%>

Add this code to your webshell, and then open it to automatically set the current file as a read-only attribute,

Of course, some asp environments may report errors if you cannot set properties.

Where can I add a trojan? ?

No! In this way, permissions are set for each access, just as it is not efficient to escape from the trousers...

Are other attributes affected?

Files have many attributes, except read-only, including hiding, archiving, and system.

Hidden, can be deleted, can be renamed, cannot be modified

System, can be deleted, can be renamed, cannot be modified

What is the backup attribute of the Archive? It is irrelevant to the deletion.

There are also some combination attributes:

Hide and archive

Read-only and archive

Read-only, hide, and archive

Read-only, hide, archive, and System

Likewise, these users want to restrict the permissions that can be deleted but cannot be deleted, and they do not know whether this is true or not.

Delete

Well, directly modifying attributes should be able to remove all attributes (people can add attributes, and you can certainly subtract them ).

Another method is not deleted. Can we change the name of the Trojan directly, and the master of the Trojan cannot access it,

 

It is also an alternative "delete"

Don't tell me you won't change your name. You use your Trojan to move the anti-Trojan, and then XXXX, you know

It is understood that some administrators are especially fond of playing attributes. Obviously, the NTFS file system does not set permissions.

This is a small dish article. I laughed at it. Please add it to me.