博客
关于我
强烈建议你试试无所不能的chatGPT,快点击我
安全篇 ━━ ITlearner ASP探针 V1.2
阅读量:4120 次
发布时间:2019-05-25

本文共 13715 字,大约阅读时间需要 45 分钟。

最近在整理老的代码,漏洞一大堆;发现了有良心的黑客,上传了不干净的东西,但并没有操作什么。-

警告提示如下:

在您的系统磁盘上发现了一个可疑文件,它可能代表了是黑客成功入侵网站后种植的,建议您先确认文件合法性并处理。总体上,Webshell检测是根据文件行为威胁程度进行打分的,这个文件具备了一定的危险功能,本身具有一定的危险特征,但并不完全保证一定是一个网站后门,也可能是一些包含可以代码的正常网站文件,如果管理员自己部署放置的,可以在前台选择忽略或者标记为误报按钮。同时,如果被告警的文件是一个.log网站日志文件,常常是因为网站将http日志直接明文保存在文件中,这样存在一定的安全风险。建议将http日志的保存路径放置到非web路径下。

代码如下:

<%@ Language="VBScript" CODEPAGE="936"%><% Option Explicit %><% Response.Buffer = True'####################################'#                                  #'#      ITlearner ASP探针 V1.2      #'#                                  #'#     http://www.itlearner.com     #'#                                  #'#    转载本程序时请保留这些信息    #'#                                  #'####################################Dim startime	 startime=timer()Dim hxSet hx = New Cls_AspCheckclass Cls_AspCheckPublic FileName,WebName,WebUrl,SysName,SysNameE,SysVersion'检查组件是否被支持Public Function IsObjInstalled(strClassString)	On Error Resume Next	Dim xTestObj	Set xTestObj = Server.CreateObject(strClassString)	If Err Then		IsObjInstalled = False	else			IsObjInstalled = True	end if	Set xTestObj = NothingEnd Function'检查组件版本Public Function getver(Classstr)	On Error Resume Next	Dim xTestObj	Set xTestObj = Server.CreateObject(Classstr)	If Err Then		getver=""	else		 	getver=xTestObj.version	end if	Set xTestObj = NothingEnd FunctionPublic Function GetObjInfo(startnum,endnum)	dim i,Outstr	for i=startnum to endnum      	Outstr = Outstr & " " & theTestObj(i,0) & ""      	Outstr = Outstr & " "&theTestObj(i,1)&""      	Outstr = Outstr & ""    	If Not IsObjInstalled(theTestObj(i,0)) Then       	Outstr = Outstr & " ×"    	Else      	Outstr = Outstr & "  " & getver(theTestObj(i,0)) & ""		End If      	Outstr = Outstr & "" & vbCrLf	next	Response.Write(Outstr)End FunctionPublic Function cdrivetype(tnum)    Select Case tnum        Case 0: cdrivetype = "未知"        Case 1: cdrivetype = "可移动磁盘"        Case 2: cdrivetype = "本地硬盘"        Case 3: cdrivetype = "网络磁盘"        Case 4: cdrivetype = "CD-ROM"        Case 5: cdrivetype = "RAM 磁盘"    End Selectend functionPrivate Sub Class_Initialize()	WebName="IT学习者"	WebUrl="http://www.itlearner.com"	SysName="ASP探针"			SysNameE="AspCheck"	SysVersion="V1.2"	FileName=Request.ServerVariables("SCRIPT_NAME")End SubPublic Function dtype(num)    Select Case num        Case 0: dtype = "未知"        Case 1: dtype = "可移动磁盘"        Case 2: dtype = "本地硬盘"        Case 3: dtype = "网络磁盘"        Case 4: dtype = "CD-ROM"        Case 5: dtype = "RAM 磁盘"    End SelectEnd FunctionPublic Function formatdsize(dsize)    if dsize>=1073741824 then		formatdsize=Formatnumber(dsize/1073741824,2) & " GB"    elseif dsize>=1048576 then    	formatdsize=Formatnumber(dsize/1048576,2) & " MB"    elseif dsize>=1024 then		formatdsize=Formatnumber(dsize/1024,2) & " KB"	else		formatdsize=dsize & "B"	end ifEnd FunctionPublic Function formatvariables(str)on error resume nextstr = cstr(server.htmlencode(str))formatvariables=replace(str,chr(10),"
")End FunctionPublic Sub ShowFooter()	dim Endtime,Runtime,OutStr	Endtime=timer()	OutStr = "
   
         
      "	OutStr = OutStr & "
此程序是ITlearnerAjiangCOCOON的ASP探针的代码为原型,结合部分自已原创的代码精心编写而成。
"	OutStr = OutStr & "
欢迎访问★IT学习者★下载最新版程序
" & vbcrlf 	Runtime=FormatNumber((endtime-startime)*1000,2) 	if Runtime>0 then		if Runtime>1000 then		  	OutStr = OutStr & "页面执行时间:约"& FormatNumber(runtime/1000,2) & "秒"		else			OutStr = OutStr & "页面执行时间:约"& Runtime & "毫秒"		end if		end if	OutStr = OutStr & "  "	OutStr = OutStr & "ITlearner AspCheck " & SysVersion & ""									OutStr = OutStr & "
     
       
"	Response.Write(OutStr)End SubEnd classDim theTestObj(25,1)	theTestObj(0,0) = "MSWC.AdRotator"	theTestObj(1,0) = "MSWC.BrowserType"	theTestObj(2,0) = "MSWC.NextLink"	theTestObj(3,0) = "MSWC.Tools"	theTestObj(4,0) = "MSWC.Status"	theTestObj(5,0) = "MSWC.Counters"	theTestObj(6,0) = "MSWC.PermissionChecker"	theTestObj(7,0) = "WScript.Shell"	theTestObj(8,0) = "Microsoft.XMLHTTP"	theTestObj(9,0) = "Scripting.FileSystemObject"	theTestObj(9,1) = "(FSO 文本文件读写)"	theTestObj(10,0) = "ADODB.Connection"	theTestObj(10,1) = "(ADO 数据对象)"    	theTestObj(11,0) = "SoftArtisans.FileUp"	theTestObj(11,1) = "(SA-FileUp 文件上传)"	theTestObj(12,0) = "SoftArtisans.FileManager"	theTestObj(12,1) = "(SoftArtisans 文件管理)"	theTestObj(13,0) = "LyfUpload.UploadFile"	theTestObj(13,1) = "(刘云峰的文件上传组件)"	theTestObj(14,0) = "Persits.Upload"	theTestObj(14,1) = "(ASPUpload 文件上传)"	theTestObj(15,0) = "w3.upload"	theTestObj(15,1) = "(Dimac 文件上传)"	theTestObj(16,0) = "JMail.SmtpMail"	theTestObj(16,1) = "(Dimac JMail 邮件收发)"	theTestObj(17,0) = "CDONTS.NewMail"	theTestObj(17,1) = "(虚拟 SMTP 发信)"	theTestObj(18,0) = "Persits.MailSender"	theTestObj(18,1) = "(ASPemail 发信)"	theTestObj(19,0) = "SMTPsvg.Mailer"	theTestObj(19,1) = "(ASPmail 发信)"	theTestObj(20,0) = "DkQmail.Qmail"	theTestObj(20,1) = "(dkQmail 发信)"	theTestObj(21,0) = "Geocel.Mailer"	theTestObj(21,1) = "(Geocel 发信)"	theTestObj(22,0) = "IISmail.Iismail.1"	theTestObj(22,1) = "(IISmail 发信)"	theTestObj(23,0) = "SmtpMail.SmtpMail.1"	theTestObj(23,1) = "(SmtpMail 发信)"	theTestObj(24,0) = "SoftArtisans.ImageGen"	theTestObj(24,1) = "(SA 的图像读写组件)"	theTestObj(25,0) = "W3Image.Image"	theTestObj(25,1) = "(Dimac 的图像读写组件)"%>
   IT学习者ASP探针(ITlearner AspCheck) <%=hx.SysVersion%>-www.ITlearner.com
   
           
           
ASP 探针 - <%=hx.SysVersion%>(ITlearner)
      		       
       
<%dim actionaction=request("action")if action="testzujian" thencall ObjTest2end ifCall menuCall SystemTestCall ObjTestCall CalculateTestCall DriveTestCall SpeedTesthx.ShowFooterSet hx= nothing%><%Sub menu%>选项:服务器有关参数 | 服务器组件情况 | 服务器运算能力 | 服务器磁盘信息 | 服务器连接速度 <%End Sub%><%Sub smenu(i)%>5  name=txt<%=i%>>x <%End Sub%><%Sub SystemTeston error resume next%> 
   
           
           服务器有关参数       <%Call smenu(0)%>       
       
                  
       
<%End SubSub showvariable(action)%>
   
  <%	if err then		outstr = "
"		err.clear	else		dim w		if action="showwsh" then			for each Item in xTestObj				w=split(Item,"=")				outstr = outstr & "
      "				outstr = outstr & "
" 				outstr = outstr & "
" 				outstr = outstr & "
" 					next		else			dim i			for each Item in xTestObj				outstr = outstr & "
      "				outstr = outstr & "
" 								outstr = outstr & "
"				outstr = outstr & "
" 			next		end if	end if		Response.Write(outstr)			set xTestObj=nothing		%>
           
                    <%	on error resume next	dim Item,xTestObj,outstr	if action="showapp" then		Response.Write("4 遍历Application变量")		set xTestObj=Application.Contents	elseif action="showsession" then		Response.Write("4 遍历Session变量")		set xTestObj=Session.Contents	elseif action="showvariables" then		Response.Write("4 遍历服务器参数")		set xTestObj=Request.ServerVariables	elseif action="showwsh" then		Response.Write("4 遍历环境变量")		dim WshShell		Set WshShell = server.CreateObject("WScript.Shell")		set xTestObj=WshShell.Environment	end if		Response.Write "(关闭)"	%>           
       
           变量名                 
     
      没有符合条件的变量     
     
      " & w(0) & "      " & w(1) & "     
     
      " & Item & "      "				if IsArray(xTestObj(Item)) then							for i=0 to ubound(xTestObj(Item))-1					outstr = outstr & hx.formatvariables(xTestObj(Item)(i)) & "
"					next				else					outstr = outstr & hx.formatvariables(xTestObj(Item))				end if							outstr = outstr & "		     
       
<%End Sub%><%Sub ObjTest%>
   
           
           服务器组件情况       <%Call smenu(1)%>       
       
                  
       
<%End SubSub ObjTest2	Dim strClass    strClass = Trim(Request.Form("classname"))    If strClass <> "" then	    Response.Write "
您指定的组件的检查结果:"      If Not hx.IsObjInstalled(strClass) then         Response.Write "
很遗憾,该服务器不支持" & strclass & "组件!"      Else        Response.Write "
"		Response.Write " 恭喜!该服务器支持" & strclass & "组件。"		If hx.getver(strclass)<>"" then		Response.Write " 该组件版本是:" & hx.getver(strclass)		End if		Response.Write ""      End If      Response.Write "
"    end if		Response.Write "
返回
"	Response.EndEnd SubSub CalculateTest%>
   
           
           服务器运算能力       <%Call smenu(2)%>       
       
                  
       
<%End SubSub DriveTest	On Error Resume Next	Dim fo,d,xTestObj	set fo=Server.Createobject("Scripting.FileSystemObject")	set xTestObj=fo.Drives%>
   
           
          服务器磁盘信息        <%Call smenu(4)%>       
       
                 
       
<%End SubSub SpeedTestResponse.Flush()%><%	if action="SpeedTest" then%>
   
   
    
               
              
网速测试中,请稍候...
          
           
   
<%	end if%>
   
           
           服务器连接速度       <%smenu(3)%>           
       
                  
       
<%End Sub%>
你可能感兴趣的文章
Xshell 4 入门
查看>>
SoapUI-入门
查看>>
Oracle -常用命令
查看>>
JAVA技术简称
查看>>
ORACLE模糊查询优化浅谈
查看>>
2016——个人年度总结
查看>>
2017——新的开始,加油!
查看>>
【Python】学习笔记——-6.2、使用第三方模块
查看>>
【Python】学习笔记——-7.0、面向对象编程
查看>>
【Python】学习笔记——-7.2、访问限制
查看>>
【Python】学习笔记——-7.3、继承和多态
查看>>
【Python】学习笔记——-7.5、实例属性和类属性
查看>>
Linux设备模型(总线、设备、驱动程序和类)之四:class_register
查看>>
git中文安装教程
查看>>
虚拟机 CentOS7/RedHat7/OracleLinux7 配置静态IP地址 Ping 物理机和互联网
查看>>
弱类型、强类型、动态类型、静态类型语言的区别是什么?
查看>>
Struts2技术内幕图书 转载
查看>>
Java异常分类
查看>>
项目中的jackson与json-lib使用比较
查看>>
Jackson Tree Model Example
查看>>
喝酒易醉,品茶养心,人生如梦,品茶悟道,何以解忧?唯有杜康!-- 愿君每日到此一游!
当前时间: 2024-09-21 20:26:15   当前IP: 3.145.179.35   联系邮箱:javaeecc@qq.com     Copyright © 2020 - 2022 baihongyu.com 京ICP备2021015314号-2
强烈建议你试试无所不能的CHAT-GPT,快点击我
强烈建议你试试无所不能的CHAT-GPT,快点击我