FileSystemObject & ADO & wscript. Shell

ADO component
From: http://hi.baidu.com/meijun1234/blog/item/9b642ec24efd1130e5dd3bbd.html
For example, the system disables ADODB. Stream.

Used in ASP

Server. Createobject ("ADODB. Stream"), an error is reported.

Microsoft VBScript runtime error '800a01ad'

ActiveX parts cannot create objects

/Webedit/upfile_based_class.asp, row 53

 

FileSystemObject component

To re-enable the ADODB. Stream component:

Run:

Regsvr32 "C: \ Program Files \ common files \ System \ ADO \ msado15.dll"
 

From: http://www.williamlong.info/archives/89.html

As we all know, the powerful functions and destructiveness of the FileSystemObject component are the reasons why it is often disabled by free home page providers (those that support ASP). I have sorted out that I have only found two methods, later, when I was excited by someone, I thought of the third unknown method. I don't know if this is the case.

First, use regsrv32/U c: \ windows \ system32 \ scrrun. dll (win2003 path) to log out the component. This method is too cool and belongs to the same method, which is useless to everyone.

Type 2: Modify the value of progid. The method for calling components in ASP is usually set object name = server. createobject ("progid"). In this case, you can disable this component by modifying the progid value in the registry. In start-run, enter regedit and find hkey_classes_roo t \ Scripting. FileSystemObject. Then we can change the value of the progid, for example, scripting. filesystemobject8. The following code is called on the ASP page:

<% @ Language = VBScript %>
<%
Set FS = server. Createobject ("scripting. filesystemobject8 ")
%>

(If you have not called this component before, you do not need to restart it to see the effect. Otherwise, restart the component to see the effect .)

At this time, let's look at the results of the original call method:

<% @ Language = VBScript %>
<%
Set FS = server. Createobject ("scripting. FileSystemObject ")
%>

The running result is:
Server Object error 'asp 0177: 800401f3'

Server. Createobject failed

/Aspimage/testfile2.asp, Row 3

800401f3

(OK to meet our requirements)

This method is delayed by two steps, and the result is a result that someone else is eager to answer, which greatly stimulates me and produces the third method.

Third: the careful experts will think that since the component can be disabled by modifying the progid value, can the CLSID be modified as well? (OK, like me) We know that apart from the Createobject method, you can also use the general <Object> annotation to create a component, we can use the <Object> annotation of htm l in ASP to add a component to the webpage. The method is:

<Object runat = server id = fs1 scope = page progid = "scripting. FileSystemObject"> </Object>

Runat indicates that the task is executed on the server, and scope indicates the life cycle of the component. You can select session, appl ication, or page (indicating the current page, or by default)

This method is useless to us. Another method is:

<Object runat = server id = fs1 scope = page classid = "CLSID: CLSID value"> </Object>

You can also disable this component by modifying the CLSID value, for example, hkey_classes_ro ot \ Scripting in the registry. change the value of FileSystemObject \ CLSID to 0d43fe01-f093-11cf-8940-00a0c90 54228 to 0d43fe01-f093-11cf-8940-00a0c9054229 (change the last bit:

<Object runat = server id = fs1 scope = page classid = "CLSID: 0d43fe01-f093-11cf-8940-00a0c9054229"> </Object>

Check the running result. No problem. OK. At this time, we use

<Object runat = server id = fs1 scope = page classid = "CLSID: 0d43fe01-f093-11cf-8940-00a0c9054228"> </Object>

At this time, an error occurs.

 

Wscript. Shell component

On my 2003 Server, wscript is disabled when the system is installed by default. shell component, I follow some methods provided on the network regsvr32 c: \ windows \ system32 \ wshom. when OCX registers this component, it prompts that the dllregisterserver is successful, but you still cannot call this component!

From: http://hi.baidu.com/bj1686/blog/item/5848dd13fb0037daf7039eb3.html

Wscript. Shell can call the system kernel to run basic dos Commands
You can change the registry and rename the component to prevent such Trojans.
Hkey_classes_root \ wscript. Shell \ and hkey_classes_root \ wscript. shell.1 \
Change the name to another name, for example, wscript. shell_changename or wscript. shell.1 _ changename.
You can call this component normally when you call it later.
Also change the CLSID value.
Hkey_classes_root \ wscript. Shell \ CLSID \ project value
Hkey_classes_root \ wscript. shell.1 \ CLSID \ item target value
It can also be deleted to prevent such trojans from being persecuted.
3. Stop using the Shell. Application Component
Shell. Application can call the system kernel to run basic dos Commands
You can change the registry and rename this component to prevent the dangers of such Trojans.
Hkey_classes_root \ Shell. Application \
And
Hkey_classes_root \ shell. application.1 \
Change the name to another name, for example, Shell. application_changename or shell. application.1 _ changename.
You can call this component normally when you call it later.
Also change the CLSID value.
Hkey_classes_root \ Shell. Application \ CLSID \ item target value
Hkey_classes_root \ Shell. Application \ CLSID \ item target value
It can also be deleted to prevent such trojans from being persecuted.
Stop Guest users from using shell32.dll to prevent calls to this component.
2000 run the following command: cacls c: \ winnt \ system32 \ shell32.dll/e/d guests.
2003 run the following command: cacls c: \ windows \ system32 \ shell32.dll/e/d guests.
Note: The operation takes effect only after the Web Service is restarted.
Use cmd.exe
Disable the use of cmd.exe for guests
2000 run the command cacls c: \ winnt \ system32 \ cmd.exe/e/d guests.
2003 run the command cacls c: \ windows \ system32 \ cmd.exe/e/d guests.
Based on the above four steps, you can guard against several popular Trojans. However, the most effective measure is to integrate security settings,ProgramOnly when the security level reaches a certain level can the security level be set to a higher level to prevent more illegal intrusions.