2. Tech
  3. ASP implementation of TCP port scanning

ASP implementation of TCP port scanning

xiaoxiao2021-04-01  209

Author: lake2 (http://lake2.0x54.org)

With ASP for a long time, you will feel a very depressed place: ASP can access Socket like other scripting languages. So maybe you have used the port scanner implemented by PHP, Perl, but I have never seen ASP. Hey, this paper today is the use of "curve rescue" strategy to implement the ASP port scanner. Only for enjoy!

The so-called curve, huh, of course, use other components that access the network, what components can be accessed by the ASP?

The first is easy, right, is XMLHTTP. This component is accessible in an HTTP protocol, of course, can be used as a port scan. But there is a difficult problem: if a port is opened and not an HTTP port, XMLHTTP will always hang, and the persistent waiting returns to HTTP data. Scan can not be done. I have to exclude this "curve".

The second component is also what we have to use, hey, very common, the server is there, that is, Adodb.Connection. This component is for database connections. When the database is MSSQL, the web server will access the 1433 port of SQL Server ... Yes, it is here, as long as we change the port number, it can determine the status of the port according to the returned error description.

Below is a normal connection MSSQL string example:

Provider = SQLOLEDB.1; DATA SOURCE = 127.0.0.1; user ID = sa; password =;

By default port is 1433, the following is an example of the port 1444:

Provider = sqloledb.1; data source = 127.0.0.1,1444; user ID = sa; password =;

Several results will be obtained from the status of the port:

Port open and non-SQL port

· [ConnectionOpen (PreloginHandShake ()).] A general network error. Please check the network documentation.

Port is open and the SQL port

· Do not return errors (username password is correct)

· User 'SA' landing failed (username password is incorrect)

Port is closed

· [ConnectionOpen (Connect ()).] SQL Server does not exist or refuse to access

Oh, now it is good, just judge the error.description. In order to improve the scanning speed, you need to set the Connection's CONNECTIONTIMEOUT attribute to 1, nonsense, huh, it is.

After testing, the Lake2 version of the ASP port scanner is general, which is equivalent to a single-threaded scanner. However, due to its script characteristics, it may have a higher value than other types of scanners, ^ _ ^

Download: http://www.0x54.org/lake2/Program/portscanner.rar

转载请注明原文地址:https://www.9cbs.com/read-131084.html

9cbs

New Post(0)