My site used to be on an IIS server, which not only supports asp,php
This is actually using the system to preserve the file name to create Webshell that cannot be deleted.
You cannot name files/folders under Windows by following these words:
The code is as follows |
Copy Code |
Aux|prn|con|nul|com1|com2|com3|com4|com5|com6|com7|com8|com9|lpt1|lpt2|lpt3|lpt4|lpt5|lpt6|lpt7|lpt8|lpt9 |
But through the copy command cmd can be implemented:
The code is as follows |
Copy Code |
D:wwwroot>copy rootkit.asp \. D:wwwrootlpt6.80sec.asp must be preceded by \. 1 files have been copied. D:wwwroot>dir 2010-04-25 14:41 <DIR>. 2010-04-25 14:41 <DIR>. 2010-03-08 22:50 42,756 aux.asp 2005-05-02 03:02 9,083 index.asp 2010-03-08 22:50 42,756 rootkit.asp |
This type of file cannot be deleted from the graphical interface and can only be deleted at the command line:
The code is as follows |
Copy Code |
D:wwwroot>del \. D:wwwrootlpt6.80sec.asp |
In IIS, however, this file can be resolved successfully. The "Undead Zombie" principle in Webshell is here.
You can delete this type of file in the following ways:
The simplest and most convenient is to remove by command:
The code is as follows |
Copy Code |
del/f/a/q//?/%1 RD/S/q//?/%1 |
Save the above command as a file with the. bat suffix name, and then drag the file or folder that cannot be deleted onto the bat file.