Script attacks are always a "heavy action" in network security, resulting in various aggressive scripts, such as VBS / JS scripts, various WebShells, especially WebShell, is an indispensable tool. The current WebShell version has a wide range of functions, which has become the goal of administrators' prevention and major anti-virus software. Below I am using the ASP's WebShell as an example, the script is deformable: 1. ClassID uses the commonly used object name in the ASPSHELL is often the signature used by anti-virus software. The administrator can also change the ASP object by modifying the registry. Name, but there is no ASP object has a specified classID in the system (PS: ClassID is different in each system) then we can build objects through classid, such as we usually build an FSO object is the following statement: set HH = Server.createObject ("scripting.filesystemObject") then finds "scripting.filesystemObject" to kill your script, then we can create ClassID corresponding to FSO:
