關于查找ASP木馬的程序你了解多少呢����?對于ASP木馬感興趣的朋友們現在就跟錯新小編去看看具體內容吧,希望對你有所幫助����。
源碼,另存為asp文件即可使用:
<%@LANGUAGE="VBSCRIPT" CODEPAGE="936"%>
<%
'設置密碼
PASSWORD = "security"
dim Report
if request.QueryString("act")="login" then
if request.Form("pwd") = PASSWORD then session("pig")=1
end if
%>
<%If Session("pig") <> 1 then%>
Password:
<%
else
if request.QueryString("act")<>"scan" then
%>
填入你要檢查的路徑:
* 網站根目錄的相對路徑����,填“/”即檢查整個網站;“.”為程序所在目錄
你要干什么:
查ASP木馬
搜索符合條件之文件
-------------- 如果搜索文件需將以下內容填寫完整 ------------------
查找內容:
* 要查找的字符串,不填就只進行日期檢查
修改日期:
" size="20">
* 多個日期用;隔開����,任意日期填寫ALL
文件類型:
* 類型之間用,隔開,*表示所有類型
<%
else
server.ScriptTimeout = 600
if request.Form("path")="" then
response.Write("No Hack")
response.End()
end if
if request.Form("path")="/" then
TmpPath = Server.MapPath("/")
elseif request.Form("path")="." then
TmpPath = Server.MapPath(".")
else
TmpPath = Server.MapPath("/")&"/"&request.Form("path")
end if
timer1 = timer
Sun = 0
SumFiles = 0
SumFolders = 1
If request.Form("radiobutton") = "sws" Then
DimFileExt = "asp,cer,asa,cdx"
Call ShowAllFile(TmpPath)
Else
If request.Form("path") = "" or request.Form("Search_Date") = "" or request.Form("Search_FileExt") = "" Then
response.Write("緝捕條件不完全,恕難從命
請返回重新輸入")
response.End()
End If
DimFileExt = request.Form("Search_fileExt")
Call ShowAllFile2(TmpPath)
End If
%>
Scan WebShell -- ASPSecurity For Hacking
掃描完畢����!一共檢查文件夾<%=SumFolders%>個,文件<%=SumFiles%>個����,發現可疑點<%=Sun%>個
<%If request.Form("radiobutton") = "sws" Then%>
文件相對路徑
特征碼
描述
創建/修改時間
<%else%>
文件相對路徑
文件創建時間
修改時間
<%end if%>
<%=Report%>
<%
timer2 = timer
thetime=cstr(int(((timer2-timer1)*10000 )+0.5)/10)
response.write "
本頁執行共用了"&thetime&"毫秒"
end if
end if
%>
本程序取自雷客圖ASP站長安全助手的ASP木馬查找和可疑文件搜索功能
powered by lake2 ( Build 20060615 )
<%
'遍歷處理path及其子目錄所有文件
Sub ShowAllFile(Path)
Set FSO = CreateObject("Scripting.FileSystemObject")
if not fso.FolderExists(path) then exit sub
Set f = FSO.GetFolder(Path)
Set fc2 = f.files
For Each myfile in fc2
If CheckExt(FSO.GetExtensionName(path&"/"&myfile.name)) Then
Call ScanFile(Path&Temp&"/"&myfile.name, "")
SumFiles = SumFiles + 1
End If
Next
Set fc = f.SubFolders
For Each f1 in fc
ShowAllFile path&"/"&f1.name
SumFolders = SumFolders + 1
Next
Set FSO = Nothing
End Sub
'檢測文件
Sub ScanFile(FilePath, InFile)
If InFile <> "" Then
Infiles = "該文件被"& InFile & "文件包含執行"
End If
Set FSOs = CreateObject("Scripting.FileSystemObject")
on error resume next
set ofile = fsos.OpenTextFile(FilePath)
filetxt = Lcase(ofile.readall())
If err Then Exit Sub end if
if len(filetxt)>0 then
'特征碼檢查
filetxt = vbcrlf & filetxt
temp = ""&replace(FilePath,server.MapPath("/")&"/","",1,1,1)&""
'Check "WScr"&DoMyBest&"ipt.Shell"
If instr( filetxt, Lcase("WScr"&DoMyBest&"ipt.Shell") ) or Instr( filetxt, Lcase("clsid:72C24DD5-D70A"&DoMyBest&"-438B-8A42-98424B88AFB8") ) then
Report = Report&""&temp&"WScr"&DoMyBest&"ipt.Shell 或者 clsid:72C24DD5-D70A"&DoMyBest&"-438B-8A42-98424B88AFB8危險組件����,一般被ASP木馬利用"&infiles&""&GetDateCreate(filepath)&"
"&GetDateModify(filepath)&""
Sun = Sun + 1
End if
'Check "She"&DoMyBest&"ll.Application"
If instr( filetxt, Lcase("She"&DoMyBest&"ll.Application") ) or Instr( filetxt, Lcase("clsid:13709620-C27"&DoMyBest&"9-11CE-A49E-444553540000") ) then
Report = Report&""&temp&"She"&DoMyBest&"ll.Application 或者 clsid:13709620-C27"&DoMyBest&"9-11CE-A49E-444553540000危險組件����,一般被ASP木馬利用"&infiles&""&GetDateCreate(filepath)&"
"&GetDateModify(filepath)&""
Sun = Sun + 1
End If
'Check .Encode
Set regEx = New RegExp
regEx.IgnoreCase = True
regEx.Global = True
regEx.Pattern = "/bLANGUAGE/s*=/s*[""]?/s*(vbscript|jscript|javascript).encode/b"
If regEx.Test(filetxt) Then
Report = Report&""&temp&"(vbscript|jscript|javascript).Encode似乎腳本被加密了"&infiles&""&GetDateCreate(filepath)&"
"&GetDateModify(filepath)&""
Sun = Sun + 1
End If
'Check my ASP backdoor :(
regEx.Pattern = "/bEv"&"al/b"
If regEx.Test(filetxt) Then
Report = Report&""&temp&"Ev"&"ale"&"val()函數可以執行任意ASP代碼,被一些后門利用����。其形式一般是:ev"&"al(X)
但是javascript代碼中也可以使用����,有可能是誤報����。"&infiles&""&GetDateCreate(filepath)&"
"&GetDateModify(filepath)&""
Sun = Sun + 1
End If
'Check exe&cute backdoor
regEx.Pattern = "[^.]/bExe"&"cute/b"
If regEx.Test(filetxt) Then
Report = Report&""&temp&"Exec"&"utee"&"xecute()函數可以執行任意ASP代碼,被一些后門利用����。其形式一般是:ex"&"ecute(X)
"&infiles&""&GetDateCreate(filepath)&"
"&GetDateModify(filepath)&""
Sun = Sun + 1
End If
'----------------------Start Update 200605031-----------------------------
'Check .Create&TextFile and .OpenText&File
regEx.Pattern = "/.(Open|Create)TextFile/b"
If regEx.Test(filetxt) Then
Report = Report&""&temp&".CreateTextFile|.OpenTextFile使用了FSO的CreateTextFile|OpenTextFile函數讀寫文件"&infiles&""&GetDateCreate(filepath)&"
"&GetDateModify(filepath)&""
Sun = Sun + 1
End If
'Check .SaveT&oFile
regEx.Pattern = "/.SaveToFile/b"
If regEx.Test(filetxt) Then
Report = Report&""&temp&".SaveToFile使用了Stream的SaveToFile函數寫文件"&infiles&""&GetDateCreate(filepath)&"
"&GetDateModify(filepath)&""
Sun = Sun + 1
End If
'Check .&Save
regEx.Pattern = "/.Save/b"
If regEx.Test(filetxt) Then
Report = Report&""&temp&".Save使用了XMLHTTP的Save函數寫文件"&infiles&""&GetDateCreate(filepath)&"
"&GetDateModify(filepath)&""
Sun = Sun + 1
End If
'------------------ End ----------------------------
Set regEx = Nothing
'Check include file
Set regEx = New RegExp
regEx.IgnoreCase = True
regEx.Global = True
regEx.Pattern = "
以上就是查找ASP木馬的程序����,你學會了嗎?
