黑熊网页版计算机远程控制
批量搜索引擎登陆,搜录好5月1
03:06 
用Aspsecurity的时候,觉得它的AntiIframe插件做的不错,但还有些不足的地方,我把它改进了下,添加了替换功能,用起来就相当方便了,怎么用自己去体会吧。 代码如下:
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=gb2312">
<link rel="stylesheet" rev="stylesheet" href="../inc/control.css" type="text/css" media="all" />
</head>
<body class="contentbody">
<div class="maindiv">
<table width="100%" border="0" cellpadding="0" cellspacing="0" class="ccontent">
<tr>
<th class="ctitle">站长安全助手(黑熊修改版)- 批量挂马 </tr>
<tr>
<td class="cpanel">
<div id="updateinfo" style="background:ffffe1;border:1px solid #89441f;padding:4px;display:none"></div>
<form name="form1" method="post" action="">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td valign="top"> <div align="left" style="padding:5px;line-height:170%;clear:both;font-size:12px">
<p></p>
<%
tocon =request.form("tocon")
requestpath = request.form("path")
if request.form("path") = "" or request.form("ext") = "" or request.form("delcon") = "" then
%>
<strong>功能描述:</strong> 黑客入侵网站之后可能利用脚本在特定页面添加恶意代码(一般是用iframe标签指向其他网址)。由于其使用脚本一次可以修改n个文件,清理起来十分不便,本功能就是批量脚本的逆向。为了安全起见,<FONT color=red>请使用前先备份原文件</FONT>
<p><strong>要检查的路径: </strong><br>
<input name="path" type="text" id="path" value="\" style="border:1px solid #999" size="50">
<br>
* 从站点根目录算起,支持虚拟目录</p>
<p><strong>要清除的文件:</strong> <br>
<input name="ext" type="text" id="ext" value="^.+\.(htm|html|asp|aspx|php|jsp)$" size="50" style="border:1px solid #999">
<br>
* 支持vbs正则表达式,亦可以用“(index.htm|index.asp|文件名……)”的方式</p>
<p>
</p>
<p><strong>要清除的内容:</strong> <br>
<textarea name="delcon" cols="50" rows="6" id="delcon"></textarea>
<br/>
<p><strong>替换成(为空则清除代码):</strong> <br/>
<textarea name="tocon" cols="50" rows="6" id="tocon"></textarea>
<br/>
* 在指定的文件中发现该代码即清除之或替换 </p>
<p>
<input type="submit" name="submit" value="提 交" style="border:1px solid #999">
</p>
<p><br/>
</p>
<a href="#" onClick="javascript:history.go(-1);">返回</a></div>
</tr>
</table></form>
<%
else
if requestpath = "\" then
tmppath = server.mappath("\")
elseif requestpath = "." then
tmppath = server.mappath(".")
else
tmppath = server.mappath("\" & requestpath)
end if
showallfile(tmppath)
response.write("清理完毕!<br><br><a href=""#"" onclick=""javascript:history.go(-1);"">返回</a><br>")
end if
%>
</td></tr>
</table>
</div>
</body>
</html>
<%
'遍历处理path及其子目录所有文件
sub showallfile(path)
on error resume next
set fso = createobject("scripting.filesystemobject")
if not fso.folderexists(path) then exit sub
set f = fso.getfolder(path)
set fc2 = f.files
for each myfile in fc2
if err then response.write("权限不足,不能检查目录 <b>"&path&"</b><br>"):exit sub
set regex = new regexp
regex.ignorecase = true
regex.global = true
regex.pattern = request.form("ext")
if regex.test(myfile.name) then
checkfile(path&"\"&myfile.name)
end if
set regex = nothing
next
set fc = f.subfolders
for each f1 in fc
showallfile path&"\"&f1.name
next
set fso = nothing
end sub
function checkfile(filepath)
xset = getcharset(filepath)
If xSet = "xxx" Then Exit function
set tstream = server.createobject("adodb.stream")
tstream.type = 1
tstream.mode = 3
tstream.open
tstream.position=0
tstream.loadfromfile filepath
if err then exit function end if
tstream.type = 2
tstream.charset = xset
do until tstream.eos
filecon = filecon & lcase(tstream.readtext(102400))
loop
tstream.close()
set tstream = nothing
filecon2 = request.form("delcon")
if instr(filecon, filecon2) > 0 then
filecon = replace(filecon, filecon2, tocon)
set tstream = server.createobject("adodb.stream")
tstream.type = 2
tstream.mode = 3
tstream.charset = xset
tstream.open
tstream.position=0
tstream.writetext filecon
tstream.savetofile filepath, 2
tstream.close()
set tstream = nothing
response.write "已经修复文件: "&filepath&" ...<br>"
end if
end function
function getcharset(xpath)
On Error Resume Next
set tstream = server.createobject("adodb.stream")
tstream.type = 1
tstream.mode = 3
tstream.open
tstream.position = 0
tstream.loadfromfile xpath
byte1 = ascb(tstream.read(1))
byte2 = ascb(tstream.read(1))
byte3 = ascb(tstream.read(1))
tstream.close()
set tstream = nothing
If Err Then Err.Clear:GetCharSet = "xxx":Exit Function
if byte1=239 and byte2=187 and byte3=191 then
getcharset = "utf-8"
else
getcharset = "gb2312"
end if
end function
%>
还是不错的,在最前面加上你的认证代码就可以了,安全第一啊!
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=gb2312">
<link rel="stylesheet" rev="stylesheet" href="../inc/control.css" type="text/css" media="all" />
</head>
<body class="contentbody">
<div class="maindiv">
<table width="100%" border="0" cellpadding="0" cellspacing="0" class="ccontent">
<tr>
<th class="ctitle">站长安全助手(黑熊修改版)- 批量挂马 </tr>
<tr>
<td class="cpanel">
<div id="updateinfo" style="background:ffffe1;border:1px solid #89441f;padding:4px;display:none"></div>
<form name="form1" method="post" action="">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td valign="top"> <div align="left" style="padding:5px;line-height:170%;clear:both;font-size:12px">
<p></p>
<%
tocon =request.form("tocon")
requestpath = request.form("path")
if request.form("path") = "" or request.form("ext") = "" or request.form("delcon") = "" then
%>
<strong>功能描述:</strong> 黑客入侵网站之后可能利用脚本在特定页面添加恶意代码(一般是用iframe标签指向其他网址)。由于其使用脚本一次可以修改n个文件,清理起来十分不便,本功能就是批量脚本的逆向。为了安全起见,<FONT color=red>请使用前先备份原文件</FONT>
<p><strong>要检查的路径: </strong><br>
<input name="path" type="text" id="path" value="\" style="border:1px solid #999" size="50">
<br>
* 从站点根目录算起,支持虚拟目录</p>
<p><strong>要清除的文件:</strong> <br>
<input name="ext" type="text" id="ext" value="^.+\.(htm|html|asp|aspx|php|jsp)$" size="50" style="border:1px solid #999">
<br>
* 支持vbs正则表达式,亦可以用“(index.htm|index.asp|文件名……)”的方式</p>
<p>
</p>
<p><strong>要清除的内容:</strong> <br>
<textarea name="delcon" cols="50" rows="6" id="delcon"></textarea>
<br/>
<p><strong>替换成(为空则清除代码):</strong> <br/>
<textarea name="tocon" cols="50" rows="6" id="tocon"></textarea>
<br/>
* 在指定的文件中发现该代码即清除之或替换 </p>
<p>
<input type="submit" name="submit" value="提 交" style="border:1px solid #999">
</p>
<p><br/>
</p>
<a href="#" onClick="javascript:history.go(-1);">返回</a></div>
</tr>
</table></form>
<%
else
if requestpath = "\" then
tmppath = server.mappath("\")
elseif requestpath = "." then
tmppath = server.mappath(".")
else
tmppath = server.mappath("\" & requestpath)
end if
showallfile(tmppath)
response.write("清理完毕!<br><br><a href=""#"" onclick=""javascript:history.go(-1);"">返回</a><br>")
end if
%>
</td></tr>
</table>
</div>
</body>
</html>
<%
'遍历处理path及其子目录所有文件
sub showallfile(path)
on error resume next
set fso = createobject("scripting.filesystemobject")
if not fso.folderexists(path) then exit sub
set f = fso.getfolder(path)
set fc2 = f.files
for each myfile in fc2
if err then response.write("权限不足,不能检查目录 <b>"&path&"</b><br>"):exit sub
set regex = new regexp
regex.ignorecase = true
regex.global = true
regex.pattern = request.form("ext")
if regex.test(myfile.name) then
checkfile(path&"\"&myfile.name)
end if
set regex = nothing
next
set fc = f.subfolders
for each f1 in fc
showallfile path&"\"&f1.name
next
set fso = nothing
end sub
function checkfile(filepath)
xset = getcharset(filepath)
If xSet = "xxx" Then Exit function
set tstream = server.createobject("adodb.stream")
tstream.type = 1
tstream.mode = 3
tstream.open
tstream.position=0
tstream.loadfromfile filepath
if err then exit function end if
tstream.type = 2
tstream.charset = xset
do until tstream.eos
filecon = filecon & lcase(tstream.readtext(102400))
loop
tstream.close()
set tstream = nothing
filecon2 = request.form("delcon")
if instr(filecon, filecon2) > 0 then
filecon = replace(filecon, filecon2, tocon)
set tstream = server.createobject("adodb.stream")
tstream.type = 2
tstream.mode = 3
tstream.charset = xset
tstream.open
tstream.position=0
tstream.writetext filecon
tstream.savetofile filepath, 2
tstream.close()
set tstream = nothing
response.write "已经修复文件: "&filepath&" ...<br>"
end if
end function
function getcharset(xpath)
On Error Resume Next
set tstream = server.createobject("adodb.stream")
tstream.type = 1
tstream.mode = 3
tstream.open
tstream.position = 0
tstream.loadfromfile xpath
byte1 = ascb(tstream.read(1))
byte2 = ascb(tstream.read(1))
byte3 = ascb(tstream.read(1))
tstream.close()
set tstream = nothing
If Err Then Err.Clear:GetCharSet = "xxx":Exit Function
if byte1=239 and byte2=187 and byte3=191 then
getcharset = "utf-8"
else
getcharset = "gb2312"
end if
end function
%>
还是不错的,在最前面加上你的认证代码就可以了,安全第一啊!
