处理图片木马的函数

 

'检测处理图片木马的函数
'一般木马程序中都包含有 < IFRAME < SCTIPT代码.检测这两个是这个函数的本质
'很多的网页木马代码我跟本就没有见过,不要以为是万能的哦
'呵呵

<%
'On Error Resume Next
Server.ScriptTimeOut=9999999

if request("action")="GetFile" then

FileUrl=trim(request("FileUrl"))
FileContent=getHTTPPage(FileUrl)
SaveFilePath=Server.MapPath("HttpFileContent.txt")
Set fso = CreateObject("Scripting.FileSystemObject")
Set f1 = fso.CreateTextFile(SaveFilePath,true)
f1.Write FileContent
f1.Close
set fso=nothing
ShowFileInfo SaveFilePath
response.write "<br>抓取文件成功,保存路径:"&SaveFilePath

if CheckSafeFile(SaveFilePath) then
response.Write("<br>检测的文件安全!")
else
fso.DeleteFile SaveFilePath,true
response.Write("<br>检测的文件可能不安全!文件"&SaveFilePath&"已经成功删除!")
end if
response.write "<br><a href='CheckGIF.asp'>点这里继续测试</a>"
response.End()
end if

'检测操作用到的函数

Function getHTTPPage(Path)
        t = GetBody(Path)
        getHTTPPage=BytesToBstr(t,"GB2312")
End function

Function GetBody(url)
        on error resume next
        Set Retrieval = CreateObject("Microsoft.XmlHTTP")
        With Retrieval
        .Open "Get", url, False, "", ""
        .Send
        GetBody = .ResponseBody
        End With
        Set Retrieval = Nothing
End Function

Function BytesToBstr(body,Cset)
        dim objstream
        set objstream = Server.CreateObject("adodb.stream")
        objstream.Type = 1
        objstream.Mode =3
        objstream.Open
        objstream.Write body
        objstream.Position = 0
        objstream.Type = 2
        objstream.Charset = Cset
        BytesToBstr = objstream.ReadText
        objstream.Close
        set objstream = nothing
End Function

Function ShowFileInfo(SaveFilePath)
Set fso = CreateObject("Scripting.FileSystemObject")
Set f2 = fso.GetFile(SaveFilePath)
s = "<br>文件名称：" & f2.name & "<br>"
s = s & "文件短路径名：" & f2.shortPath & "<br>"
s = s & "文件物理地址：" & f2.Path & "<br>"
s = s & "文件属性：" & f2.Attributes & "<br>"
s = s & "文件大小： " & f2.size & "<br>"
s = s & "文件类型： " & f2.type & "<br>"
s = s & "文件创建时间： " & f2.DateCreated & "<br>"
s = s & "最近访问时间: " & f2.DateLastAccessed & "<br>"
s = s & "最近修改时间: " & f2.DateLastModified
response.write(s)
set fso=nothing
end Function

Function BytesToBstr(body,Cset)
        dim objstream
        set objstream = Server.CreateObject("adodb.stream")
        objstream.Type = 1
        objstream.Mode =3
        objstream.Open
        objstream.Write body
        objstream.Position = 0
        objstream.Type = 2
        objstream.Charset = Cset
        BytesToBstr = objstream.ReadText
        objstream.Close
        set objstream = nothing
End Function

Function CheckSafeFile(SaveFilePath)
'打开文件并将其值读取，最后关闭连接释放资源
set fso=createobject("Scripting.FileSystemObject")
set openfile=fso.opentextfile(SaveFilePath,1)
ImageContent=openfile.ReadAll
if instr(ImageContent,"script")>0 or instr(ImageContent,"iframe")>0 then
CheckSafeFile=False
exit Function
end if
openfile.close
set fso=nothing

CheckSafeFile=true
end Function
%>

<form name="form1" method="post" action="?action=GetFile">
  <table width="559" border="1">
    <tr>
      <th scope="col">&nbsp;</th>
      <th scope="col">抓取网页内容</th>
      <th scope="col">&nbsp;</th>
    </tr>
    <tr>
      <td>URL</td>
      <td><label>
        <input name="FileUrl" type="text" size="50" maxlength="255">
      </label></td>
      <td>&nbsp;</td>
    </tr>
    <tr>
      <td>&nbsp;</td>
      <td><input type="submit" name="Submit" value="抓取并检测"></td>
      <td>&nbsp;</td>
    </tr>
  </table>
</form>

该文章转载自网络大本营：http://www.xrss.cn/Dev/Asp/200741712531.Html