Transmission in the broiler on the asp back door, even if you modified the code, escaped the virus, but a careful administrator will also be found on his website, the web directory will be more than one asp file. For this question, I think the two approaches, and nothing technical at all, just an idea. One is aspInjection(as if this word is really popular!)。 First look at the first diagram.
This is a dynamic network article management of the landing page, and the usual no different, the original features are present. Then look at the second diagram, the
See, with a http://xxx/admin. asp? id=1 A nee to, the second figure below this box, you can use it to generate web pageTrojan, it can generate asp/php/cgi, etc. web pages back door. How to do it? As long as you will this code into an asp Web Page Code most of the lower end of the can.
It is worth noting that this code requires server support fso, and not at all in the asp file are in force. Like is inserted into the asp file contains the code, that there is such a code, This code is not in force, but does not affect the original file. If you will write asp, you can combine some asp back door to write directly on the broiler the original asp file. Moderator allen wrote one asp file, a run will be infected with all the asp files in the same directory under each of the asp file will be inserted similar code. Don't know when did he offer to download it.:_)
Second, in iis Manager asp. dll to parse any extension. Like Figure 3, I put the suffix for the lcx file name with the asp. dll to parse. Thus, we take the commonly used cmd. the asp was renamed the cmd. lcx, and then run, you see what happens?
Is the same as a web page the back door. Of course, what suffix is more subtle, see your clever only known to the wise.