本文共 13715 字,大约阅读时间需要 45 分钟。
最近在整理老的代码,漏洞一大堆;发现了有良心的黑客,上传了不干净的东西,但并没有操作什么。-
警告提示如下:
在您的系统磁盘上发现了一个可疑文件,它可能代表了是黑客成功入侵网站后种植的,建议您先确认文件合法性并处理。总体上,Webshell检测是根据文件行为威胁程度进行打分的,这个文件具备了一定的危险功能,本身具有一定的危险特征,但并不完全保证一定是一个网站后门,也可能是一些包含可以代码的正常网站文件,如果管理员自己部署放置的,可以在前台选择忽略或者标记为误报按钮。同时,如果被告警的文件是一个.log网站日志文件,常常是因为网站将http日志直接明文保存在文件中,这样存在一定的安全风险。建议将http日志的保存路径放置到非web路径下。
代码如下:
<%@ Language="VBScript" CODEPAGE="936"%><% Option Explicit %><% Response.Buffer = True'####################################'# #'# ITlearner ASP探针 V1.2 #'# #'# http://www.itlearner.com #'# #'# 转载本程序时请保留这些信息 #'# #'####################################Dim startime startime=timer()Dim hxSet hx = New Cls_AspCheckclass Cls_AspCheckPublic FileName,WebName,WebUrl,SysName,SysNameE,SysVersion'检查组件是否被支持Public Function IsObjInstalled(strClassString) On Error Resume Next Dim xTestObj Set xTestObj = Server.CreateObject(strClassString) If Err Then IsObjInstalled = False else IsObjInstalled = True end if Set xTestObj = NothingEnd Function'检查组件版本Public Function getver(Classstr) On Error Resume Next Dim xTestObj Set xTestObj = Server.CreateObject(Classstr) If Err Then getver="" else getver=xTestObj.version end if Set xTestObj = NothingEnd FunctionPublic Function GetObjInfo(startnum,endnum) dim i,Outstr for i=startnum to endnum Outstr = Outstr & " " & theTestObj(i,0) & "" Outstr = Outstr & " "&theTestObj(i,1)&"" Outstr = Outstr & "" If Not IsObjInstalled(theTestObj(i,0)) Then Outstr = Outstr & " ×" Else Outstr = Outstr & " √ " & getver(theTestObj(i,0)) & "" End If Outstr = Outstr & "" & vbCrLf next Response.Write(Outstr)End FunctionPublic Function cdrivetype(tnum) Select Case tnum Case 0: cdrivetype = "未知" Case 1: cdrivetype = "可移动磁盘" Case 2: cdrivetype = "本地硬盘" Case 3: cdrivetype = "网络磁盘" Case 4: cdrivetype = "CD-ROM" Case 5: cdrivetype = "RAM 磁盘" End Selectend functionPrivate Sub Class_Initialize() WebName="IT学习者" WebUrl="http://www.itlearner.com" SysName="ASP探针" SysNameE="AspCheck" SysVersion="V1.2" FileName=Request.ServerVariables("SCRIPT_NAME")End SubPublic Function dtype(num) Select Case num Case 0: dtype = "未知" Case 1: dtype = "可移动磁盘" Case 2: dtype = "本地硬盘" Case 3: dtype = "网络磁盘" Case 4: dtype = "CD-ROM" Case 5: dtype = "RAM 磁盘" End SelectEnd FunctionPublic Function formatdsize(dsize) if dsize>=1073741824 then formatdsize=Formatnumber(dsize/1073741824,2) & " GB" elseif dsize>=1048576 then formatdsize=Formatnumber(dsize/1048576,2) & " MB" elseif dsize>=1024 then formatdsize=Formatnumber(dsize/1024,2) & " KB" else formatdsize=dsize & "B" end ifEnd FunctionPublic Function formatvariables(str)on error resume nextstr = cstr(server.htmlencode(str))formatvariables=replace(str,chr(10),"")End FunctionPublic Sub ShowFooter() dim Endtime,Runtime,OutStr Endtime=timer() OutStr = "
" OutStr = OutStr & " 此程序是ITlearner以Ajiang和COCOON的ASP探针的代码为原型,结合部分自已原创的代码精心编写而成。 " OutStr = OutStr & "欢迎访问★IT学习者★,下载最新版程序 " & vbcrlf Runtime=FormatNumber((endtime-startime)*1000,2) if Runtime>0 then if Runtime>1000 then OutStr = OutStr & "页面执行时间:约"& FormatNumber(runtime/1000,2) & "秒" else OutStr = OutStr & "页面执行时间:约"& Runtime & "毫秒" end if end if OutStr = OutStr & " " OutStr = OutStr & "ITlearner AspCheck " & SysVersion & "" OutStr = OutStr & " |
" Response.Write(OutStr)End SubEnd classDim theTestObj(25,1) theTestObj(0,0) = "MSWC.AdRotator" theTestObj(1,0) = "MSWC.BrowserType" theTestObj(2,0) = "MSWC.NextLink" theTestObj(3,0) = "MSWC.Tools" theTestObj(4,0) = "MSWC.Status" theTestObj(5,0) = "MSWC.Counters" theTestObj(6,0) = "MSWC.PermissionChecker" theTestObj(7,0) = "WScript.Shell" theTestObj(8,0) = "Microsoft.XMLHTTP" theTestObj(9,0) = "Scripting.FileSystemObject" theTestObj(9,1) = "(FSO 文本文件读写)" theTestObj(10,0) = "ADODB.Connection" theTestObj(10,1) = "(ADO 数据对象)" theTestObj(11,0) = "SoftArtisans.FileUp" theTestObj(11,1) = "(SA-FileUp 文件上传)" theTestObj(12,0) = "SoftArtisans.FileManager" theTestObj(12,1) = "(SoftArtisans 文件管理)" theTestObj(13,0) = "LyfUpload.UploadFile" theTestObj(13,1) = "(刘云峰的文件上传组件)" theTestObj(14,0) = "Persits.Upload" theTestObj(14,1) = "(ASPUpload 文件上传)" theTestObj(15,0) = "w3.upload" theTestObj(15,1) = "(Dimac 文件上传)" theTestObj(16,0) = "JMail.SmtpMail" theTestObj(16,1) = "(Dimac JMail 邮件收发)" theTestObj(17,0) = "CDONTS.NewMail" theTestObj(17,1) = "(虚拟 SMTP 发信)" theTestObj(18,0) = "Persits.MailSender" theTestObj(18,1) = "(ASPemail 发信)" theTestObj(19,0) = "SMTPsvg.Mailer" theTestObj(19,1) = "(ASPmail 发信)" theTestObj(20,0) = "DkQmail.Qmail" theTestObj(20,1) = "(dkQmail 发信)" theTestObj(21,0) = "Geocel.Mailer" theTestObj(21,1) = "(Geocel 发信)" theTestObj(22,0) = "IISmail.Iismail.1" theTestObj(22,1) = "(IISmail 发信)" theTestObj(23,0) = "SmtpMail.SmtpMail.1" theTestObj(23,1) = "(SmtpMail 发信)" theTestObj(24,0) = "SoftArtisans.ImageGen" theTestObj(24,1) = "(SA 的图像读写组件)" theTestObj(25,0) = "W3Image.Image" theTestObj(25,1) = "(Dimac 的图像读写组件)"%>
IT学习者ASP探针(ITlearner AspCheck) <%=hx.SysVersion%>-www.ITlearner.com <%dim actionaction=request("action")if action="testzujian" thencall ObjTest2end ifCall menuCall SystemTestCall ObjTestCall CalculateTestCall DriveTestCall SpeedTesthx.ShowFooterSet hx= nothing%><%Sub menu%>选项:
服务器有关参数 |
服务器组件情况 |
服务器运算能力 |
服务器磁盘信息 |
服务器连接速度 <%End Sub%><%Sub smenu(i)%>
5 name=txt<%=i%>>x <%End Sub%><%Sub SystemTeston error resume next%>
服务器有关参数 <%Call smenu(0)%> |
<%End SubSub showvariable(action)%>
<% on error resume next dim Item,xTestObj,outstr if action="showapp" then Response.Write("4 遍历Application变量") set xTestObj=Application.Contents elseif action="showsession" then Response.Write("4 遍历Session变量") set xTestObj=Session.Contents elseif action="showvariables" then Response.Write("4 遍历服务器参数") set xTestObj=Request.ServerVariables elseif action="showwsh" then Response.Write("4 遍历环境变量") dim WshShell Set WshShell = server.CreateObject("WScript.Shell") set xTestObj=WshShell.Environment end if Response.Write "(关闭)" %> |
变量名 | 值 |
<% if err then outstr = " 没有符合条件的变量 |
" err.clear else dim w if action="showwsh" then for each Item in xTestObj w=split(Item,"=") outstr = outstr & " " outstr = outstr & " " & w(0) & " | " outstr = outstr & " " & w(1) & " | " outstr = outstr & "
" next else dim i for each Item in xTestObj outstr = outstr & " " outstr = outstr & " " & Item & " | " outstr = outstr & " " if IsArray(xTestObj(Item)) then for i=0 to ubound(xTestObj(Item))-1 outstr = outstr & hx.formatvariables(xTestObj(Item)(i)) & "" next else outstr = outstr & hx.formatvariables(xTestObj(Item)) end if outstr = outstr & " | " outstr = outstr & "
" next end if end if Response.Write(outstr) set xTestObj=nothing %>
<%End Sub%><%Sub ObjTest%>
服务器组件情况 <%Call smenu(1)%> |
<%End SubSub ObjTest2 Dim strClass strClass = Trim(Request.Form("classname")) If strClass <> "" then Response.Write "
您指定的组件的检查结果:" If Not hx.IsObjInstalled(strClass) then Response.Write "
很遗憾,该服务器不支持" & strclass & "组件!" Else Response.Write "
" Response.Write " 恭喜!该服务器支持" & strclass & "组件。" If hx.getver(strclass)<>"" then Response.Write " 该组件版本是:" & hx.getver(strclass) End if Response.Write "" End If Response.Write "
" end if Response.Write "
返回
" Response.EndEnd SubSub CalculateTest%>
服务器运算能力 <%Call smenu(2)%> |
<%End SubSub DriveTest On Error Resume Next Dim fo,d,xTestObj set fo=Server.Createobject("Scripting.FileSystemObject") set xTestObj=fo.Drives%>
服务器磁盘信息 <%Call smenu(4)%> |
<%End SubSub SpeedTestResponse.Flush()%>
<% if action="SpeedTest" then%>
<% end if%>
<%End Sub%>