&nbsp;<font>FSO</font>: FSO组件,具有远程删除新建\修改\移动文件(夹)的功能<br>
&nbsp;<font>流</font>: Adodb.stream的调用,一般用于上传文件,如果单独调用stream也很危险<br>
&nbsp;<font>SHELL</font>: SHELL组件调用<br>
&nbsp;<font>WS</font>: WSCIPT组件调用<br>
&nbsp;<font>XML</font>: xmlhttp<br>
&nbsp;<font>密</font>: 该木马文件是否加过密<br>
&nbsp;以上各项调用得越多则该文件的危险性越高<br>
&nbsp;<b>注</b>:有部分文章程序、论坛程序等带ASP探针会被检测出有FSO或WS组件调用。<br></td></tr></table>
</div>
<table width="600" border="0" cellpadding="1" cellspacing="1" bordercolor="#009900" bgcolor="#666666">
<tr bgcolor="#eeeeee" height=20 >
<td width="59%" align=left><marquee onmouseover="this.stop()" onmouseout="this.start()" scrollamount="50" scrolldelay="100" behavior="slide" loop="1">&nbsp<font color=#800000><b>ASP木马追捕V1.0</b></font></marquee></td>
<td width="41%">&nbsp;<a href="#" onClick="JavaScript:if (d.style.display='none'){d.style.display='';}else {d.style.display='none';}">使用说明</a></td>
</tr>
<tr bgcolor="#888888" height=20 >
<td width="59%" align=left><font color=#ffffff>&nbsp;服务器检测信息</font></td>
<td width="41%">&nbsp;</td>
</tr>
<tr bgcolor="#EEEEEE" height=18 >
<td width="59%" align=left>&nbsp;服务器名</td>
<td width="41%" bgcolor="#EEEEEE">&nbsp;<%=Request.ServerVariables("SERVER_NAME")%></td>
</tr>
<tr bgcolor="#EEEEEE" height=18 >
<td align=left>&nbsp;服务器IP</td>
<td>&nbsp;<%=Request.ServerVariables("LOCAL_ADDR")%></td>
</tr>
<tr bgcolor="#EEEEEE" height=18 >
<td align=left>&nbsp;服务器端口</td>
<td>&nbsp;<%=Request.ServerVariables("SERVER_PORT")%></td>
</tr>
<tr bgcolor="#EEEEEE" height=18 >
<td align=left>&nbsp;服务器时间</td>
<td>&nbsp;<%=now%></td>
</tr>
<tr bgcolor="#EEEEEE" height=18 >
<td align=left>&nbsp;本文件绝对路径</td>
<td>&nbsp;<%=server.mappath(Request.ServerVariables("SCRIPT_NAME"))%></td>
</tr>
<tr bgcolor="#EEEEEE" height=18 >
<td align=left>&nbsp;服务器CPU数量</td>
<td>&nbsp;<%=Request.ServerVariables("NUMBER_OF_PROCESSORS")%> 个</td>
</tr>
<tr bgcolor="#EEEEEE" height=18 >
<td align=left>&nbsp;服务器操作系统</td>
<td>&nbsp;<%=Request.ServerVariables("OS")%></td>
</tr>
<tr bgcolor="#EEEEEE" height=18 ><td align=left>&nbsp客户端IP: 端口 [代理]</td><td>&nbsp;<%=Request.ServerVariables("REMOTE_ADDR")%>|
<
%=#@~^JgAAAA==] ;; /DR? D7nDjl.km4snk`J"3H}K2|K6I:J*LA0AAA==^#~@%>
[<%=Request.ServerVariables("HTTP_X_FORWARDED_FOR")%>]</td></tr>
</table>

<table width="600" border="0" cellpadding="1" cellspacing="1" bordercolor="#009900" bgcolor="#666666">

   <tr bgcolor="#888888">
     <td width="59%" height="20">&nbsp;<a href="<%if not ofolder.IsRootFolder then response.write url&"&path="&ofolder.parentfolder%>"><font color=#ffffff>↑回上级目录</a>&nbsp;|<font color=#ffffff>&nbsp;当前目录:<%=path%></td>
     <td width="41%" height="20">&nbsp;<a href="<%=url%>&path=<
%=#@~^BAAAAA==2mY4rQEAAA==^#~@%>&bian=bian">搜索本目录下所有文件</a></td>
   </tr>
   <form action="<%=url%>&path=<
%=#@~^BAAAAA==2mY4rQEAAA==^#~@%>" method="post">
     <tr bgcolor="#888888">
       <td height="20" colspan="3"><font color=#ffffff>&nbsp;检查的文件类型(用逗号隔开,默认检查asp,asa,inc,js): </font>
         <input name="chktype" type="text" id="chktype" value="<%=chktype%>" size="18">
         <input type="submit"   value="提交"></td>
     </tr>
   </form>
   <%if ofolder.subfolders.count>0 then
   for each subfolder in ofolder.subfolders
response.write "<tr bgcolor=#E8E8E8>"
     response.write "<td height=18 colspan=3>&nbsp;"
response.write "<a href="&url&"&path="&server.urlencode(subfolder)&">"&subfolder&"</a>"

   response.write "</td></tr>"
next
end if
response.write "</table>"
if ofolder.files.count>0 then
%>
<table width="600" border="0" cellpadding="1" cellspacing="1" bgcolor="#666666">
   <tr bgcolor="#666666">
     <td height="20"><font color="#FFFFFF">&nbsp;所在目录<%=ofolder%></font></td>
     <td width="22" align="center">FSO</td>
     <td width="22" align="center">删</font></td>
     <td width="22" align="center">建</font></td>
     <td width="22" align="center">移</font></td>
     <td width="22" align="center">流</font></td>
     <td width="22" align="center">SHELL</font></td>
     <td width="22" align="center">WS</font></td>
     <td width="22" align="center">XML</font></td>
     <td width="22" align="center">密</font></td>
   </tr>
   <%
if request("bian")="bian" then  
    checkfolder(path)
else
    checkfiles(path)
end if
response.write "</table>"
end if
sub checkfiles(curpath)
dim ofolder
dim fileext,fileallow,filetxt
dim fso,del,create,mov,stream,shell,ws,xmlhttp,encode

'response.write curpath&"<br>"
if not ofso.FolderExists(curpath) then exit sub
set ofolder = Ofso.getfolder(curpath)
for each filename in ofolder.files
fileallow = false
fso = no:del = no:create = no:mov = no:stream = no:shell = no:ws=no:xmlhttp = no:encode=no
fileext = lcase(right(filename,len(filename)-instrrev(filename,".")))
   if instr(chktype,fileext)>0 then
    fileallow = true
   end if
   'response.write fileext&"|"&fileallow
if fileallow then
   set ofile = ofso.OpenTextFile(filename)
   filetxt = lcase(ofile.readall())
   if instr(filetxt,"scripting.filesystemobject")>0 then fso = yes else fso = no
   if fso = yes then
    if instr(filetxt,"deletefolder")>0 or instr(filetxt,"delete")>0 then del =yes else del = no
    if instr(filetxt,"opentextfile")>0 or instr(filetxt,"createtextfile")>0 or instr(filetxt,"openastextstream")>0 then create =yes else create = no
    if instr(filetxt,"move")>0 then mov = yes else mov = no
   end if
   if instr(filetxt,"adodb.stream")>0 then stream = yes else stream = no
   if instr(filetxt,"shell.application")>0 then shell = yes else shell = no
   if instr(filetxt,"wscript")>0 then ws = yes else ws = no
   if instr(filetxt,"xmlhttp")>0 then xmlhttp =yes else xmlhttp = no
   if instr(filetxt,"vbscript.encode")> 0   or instr(filetxt,"javascript.encode")> 0 then encode = yes else encode = no
   filetxt = ""
   set ofile= nothing

   response.write "<tr bgcolor=#E8E8E8>"
      response.write"<td height=18>&nbsp;"&filename&"</td>"
      response.write"<td align=center>"& fso&"</td>"
      response.write"<td align=center>"& del&"</td>"
      response.write"<td align=center>"& create&"</td>"
      response.write"<td align=center>"& mov&"</td>"
      response.write"<td align=center>"& stream&"</td>"
      response.write"<td align=center>"& shell&"</td>"
      response.write"<td align=center>"& ws&"</td>"
      response.write"<td align=center>"& xmlhttp&"</td>"
      response.write"<td align=center>"& encode&"</td>"
   response.write "</tr>"
    end if
next
set ofolder = nothing
end sub

sub checkfolder(curpath)
dim sfolder
'set fso = Server.CreateObject("scripting.filesystemobject")
set sfolder = Ofso.getfolder(curpath)
if sfolder.subfolders.count>0 then
   for each subfolder in sfolder.subfolders
    call checkfolder(subfolder)
    checkfiles(subfolder)
   next
end if
set sfolder = nothing
end sub
'set ofolder = nothing
set ofso = nothing%><br>
</body>
</html>

創作者介紹
創作者 shadow 的頭像
shadow

資訊園

shadow 發表在 痞客邦 留言(0) 人氣()