利用Asp来打包网站

最新推荐文章于 2019-03-18 15:27:20 发布

airweilai

最新推荐文章于 2019-03-18 15:27:20 发布

阅读量1k

点赞数

文章标签： asp stream 数据库 cmd dos 网络

本文链接：https://blog.csdn.net/airweilai/article/details/2227669

版权

如何利用asp来打包网站

一、遇到的权限问题。
我们在打包网站的时候经常会遇到权限问题。因为现在的虚拟主机的安全性不断的在提高，很多虚拟主机都禁用了WScript.shell。因为这个对象可以执行一些cmd命令，对虚拟主机的安全具有很大的威胁。记得前几年我在学习网络安全的时候，通过一些漏洞获得了网站的weshell后很多的虚拟主机都可以执行cmd命令，例如webshell中执行netstat -na 来查看服务器端口。可是现在由于虚拟空间销售商安全意识的提高，大多数的虚拟主机都禁用了wscript.shell。为什么要提到wscript.shell呢？因为我记得那时候程序打包利用的是rar，dos下的rar来压缩整个网站，而rar需要执行dos命令也就是利用wscript.shell来执行cmd命令。
二、禁用了wscript.shell怎么办呢？
我最近就遇到了这样一个问题，其他网络公司的一个客户想把自己的网站(某净化工程公司)转移到我们公司来维护，但是由于网络公司拒绝提供网站的ftp，如何拿到这个网站的源代码呢，只有获得这个网站的webshell的情况下才可以拿到源代码。这个过程很简单，我给客户要了后台地址、账号和密码，进入后台后利用了一个简单的上传漏洞轻松的拿下了网站的webshell。在拿下网站权限后最后的工作是打包整个网站。问题却出现了，在没有ftp的情况下要想下载整个网站，手工一个一个文件的去下载是相当麻烦的。我发现webshell里面有个打包网站的功能，索性试了一下，但结果令我比较失望，通过检查是代码有些问题，经过修正顺利的完成了任务。分析了一下网站打包部分的功能代码，并加以修改做成了一个具有打包，解包功能的asp程序代码如下：

< %

' =====================

' FSO在线压缩解压缩

' =====================

Sub AddToMdb(thePath)

On Error Resume Next

Dim Rs, Conn, Stream, ConnStr, adoCatalog, FsoX

Set FsoX = CreateObject ( " Scripting.FileSystemObject " )

If FsoX.FileExists(Server.MapPath( " HYTop.mdb " )) Then

FsoX.DeleteFile(Server.MapPath( " HYTop.mdb " ))

End If

Set Rs = Server.CreateObject( " Adodb.RecordSet " )

Set Stream = Server.CreateObject( " Adodb.Stream " )

Set Conn = Server.CreateObject( " Adodb.Connection " )

Set adoCatalog = Server.CreateObject( " ADOX.Catalog " )

ConnStr = " Provider=Microsoft.Jet.OLEDB.4.0;Data Source= " & Server.MapPath( " HYTop.mdb " )

adoCatalog.Create ConnStr

Conn.Open ConnStr

Conn.Execute( " Create Table FileData(Id int IDENTITY(0,1) Primary Key Clustered, thePath VarChar, fileContent Image) " )

Stream.Open

Stream.Type = 1

Rs.Open " FileData " , Conn, 3 , 3

fsoTreeForMdb thePath, Rs, Stream

Rs.Close

Conn.Close

Stream.Close

Set Rs = Nothing

Set Conn = Nothing

Set Stream = Nothing

Set adoCatalog = Nothing

End Sub

Sub fsoTreeForMdb(ThePath, Rs, Stream)

Dim Item, TheFolder, Folders , Files, SysFileList, FsoX

Set FsoX = Server.CreateObject( " Scripting.FileSystemObject " )

SysFileList = " $HYTop.mdb$HYTop.ldb$ "

If FsoX.FolderExists(ThePath) = False Then

Response.write(ThePath + " 目录不存在或不允许访问! " )

End If

Set TheFolder = FsoX.GetFolder(ThePath)

Set Files = TheFolder.Files

Set Folders = TheFolder.SubFolders

For Each Item In Folders

fsoTreeForMdb Item.Path, Rs, Stream

For Each Item In Files

If InStr (SysFileList, " $ " & Item.Name & " $ " ) <= 0 Then

Rs.AddNew

Rs( " thePath " ) = Mid (Item.Path, Len (Request( " thePath " )) + 1 )

Stream.LoadFromFile(Item.Path)

Rs( " fileContent " ) = Stream.Read()

Rs.Update

End If

Set Files = Nothing

Set Folders = Nothing

Set TheFolder = Nothing

Set FsoX = Nothing

End Sub

Sub unPack(thePath)

On Error Resume Next

Server.ScriptTimeOut = 5000

Dim Rs, Ws, Str, Conn, Stream, ConnStr, theFolder, FsoX

Str = Server.MapPath( " . " ) & " "

Set FsoX = CreateObject ( " Scripting.FileSystemObject " )

Set Rs = CreateObject ( " Adodb.RecordSet " )

Set Stream = CreateObject ( " Adodb.Stream " )

Set Conn = CreateObject ( " Adodb.Connection " )

ConnStr = " Provider=Microsoft.Jet.OLEDB.4.0;Data Source= " & thePath & " ; "

Conn.Open ConnStr

Rs.Open " Select * from FileData " , Conn, 1 , 1

Stream.Open

Stream.Type = 1

Do Until Rs.Eof

TheFolder = Left (Rs( " thePath " ), InStrRev (Rs( " thePath " ), " " ))

If FsoX.FolderExists(Str & theFolder) = False Then

CreateFolder(Str & theFolder)

End If

Stream.SetEos()

Stream.Write Rs( " fileContent " )

Stream.SaveToFile Str & Rs( " thePath " ) , 2

Rs.MoveNext

Loop

Rs.Close

Conn.Close

Stream.Close

Set Ws = Nothing

Set Rs = Nothing

Set Stream = Nothing

Set Conn = Nothing

Set FsoX = Nothing

End Sub

Sub CreateFolder(thePath)

Dim i, FsoX

Set FsoX = CreateObject ( " Scripting.FileSystemObject " )

i = Instr (thePath, " " )

Do While i > 0

If FsoX.FolderExists( Left (thePath, i)) = False Then

FsoX.CreateFolder( Left (thePath, i - 1 ))

End If

If InStr ( Mid (thePath, i + 1 ), " " ) Then

i = i + Instr ( Mid (thePath, i + 1 ), " " )

Else

i = 0

End If

Loop

End Sub

If Trim (Request( " Zip " )) <> "" Then

AddToMdb(Request( " thePath " ))

Response.Write( " 压缩文件完毕! " )

Response.Write( " <a href=HYTop.mdb>下载压缩文件</a> " )

End If

If Trim (Request( " UnZip " )) <> "" Then

unPack(Request( " theFile " ))

Response.Write( " 解压完毕! " )

End If

% >

< style type = " text/css " >

< ! --

.STYLE1 {color: #FF0000}

.STYLE2 {

color: #FFFFFF;

font - weight: bold;

font - size: 14px;

}

* {font - size:12px;}

-->

</ style >

< p >& nbsp; </ p >

< form id = " form1 " name = " form1 " method = " post " action = "" >

< table width = " 100% " height = " 25 " border = " 0 " cellpadding = " 0 " cellspacing = " 1 " bgcolor = " #66CCCC " >

< tr >

< td height = " 30 " colspan = " 3 " align = " center " >< span class = " STYLE2 " > ASP 在线压缩 - 解压缩 </ span ></ td >

</ tr >

< tr >

< td width = " 35% " height = " 25 " bgcolor = " #FFFFFF " > 压缩目录(压缩完成后默认为本程序目录下 < span class = " STYLE1 " > HYTop.mdb </ span > 文件) </ td >

< td width = " 41% " height = " 25 " bgcolor = " #FFFFFF " >

& nbsp; < input name = " thePath " type = " text " id = " thePath " value = " <% If Right(Server.MapPath( " . " ), 1) <> " " Then Response.Write(Server.MapPath( " . " )) & " " Else Response.Write(Server.MapPath( " . " )) End If %> " size = " 60 " /></ td >

< td width = " 24% " height = " 25 " bgcolor = " #FFFFFF " >< input name = " Zip " type = " submit " id = " Zip " value = " 在线压缩 " /></ td >

</ tr >

< tr >

< td height = " 25 " bgcolor = " #FFFFFF " > 解压缩文件(默认为本程序目录下 < span class = " STYLE1 " > HYTop.mdb </ span > 文件) </ td >

< td height = " 25 " bgcolor = " #FFFFFF " >& nbsp; < input name = " theFile " type = " text " id = " theFile " value = " <%=Server.MapPath( " HYTop.mdb " )%> " size = " 60 " /></ td >

< td height = " 25 " bgcolor = " #FFFFFF " >

< input name = " UnZip " type = " submit " id = " UnZip " value = " 在线解压缩 " /></ td >

</ tr >

</ table >

</ form >

三、利用数据库可以存储二进制的办法打包网站
   原理：通过建立一个access数据库，并在数据库中加入一个表。这个表有三个字段，一个是递增字段，一个字段来存放文件的路径，另一个字段来存放文件的二进制数据。我们知道有的时候需要在数据库中存放图片。同样我们可以在数据库中存放其他的数据。在压缩的时候吧文件的路径和文件都添加到数据库中，那么最后得到的就只是一个数据库文件。同样我们可以在数据库中利用查询语句获取二进制数据，在利用adodb.stream对象的SaveToFile方法存储为文件。
代码重点：
1.创建数据库
Set adoCatalog = Server.CreateObject("ADOX.Catalog")
ConnStr = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath("HYTop.mdb")
adoCatalog.Create ConnStr
2.创建表
Conn.Execute("Create Table FileData(Id int IDENTITY(0,1) Primary Key Clustered, thePath VarChar, fileContent Image)")
3.CreateFolder 函数用来创建文件夹
4.文件如何插入到数据库中
Stream.LoadFromFile(Item.Path)
Rs("fileContent") = Stream.Read()
5.数据库中二进制保存为文件
Stream.Open
Stream.Type = 1
  Stream.SetEos()
  Stream.Write Rs("fileContent")
  Stream.SaveToFile Str & Rs("thePath") , 2
四、需要的权限与组件
1.组件
ADOX.Catalog
Scripting.FileSystemObject (FSO)
Adodb.Stream
2.权限
能够创建文件夹

airweilai

关注

0
点赞
踩
1

收藏

觉得还不错? 一键收藏
0
评论
利用Asp来打包网站

如何利用asp来打包网站一、遇到的权限问题。我们在打包网站的时候经常会遇到权限问题。因为现在的虚拟主机的安全性不断的在提高，很多虚拟主机都禁用了WScript.shell。因为这个对象可以执行一些cmd命令，对虚拟主机的安全具有很大的威胁。记得前几年我在学习网络安全的时候，通过一些漏洞获得了网站的weshell后很多的虚拟主机都可以执行cmd命令，例如webshell中执行nets
复制链接

扫一扫