以在ASP环境下调用的运行CMD命令的VB组件

有时我们在管理服务器时为了安全起见会禁用Windows Scripting Host这样能防止某些不法用户利用WSH生成一个WebShell对服务器造成很大的安全隐患但如果我们又想禁用WSH又想使用自己的WebShell用于服务器的管理怎么办呢？这里介绍了一种实现ASP中运行CMD并显示结果的组件编程希望对大家能有所帮助

首先我们新建一个ActiveDLL工程命名为ASPCMD新建的类命名为CMDShell在Project的Referenct中添加一个引用Microsoft Active Server Pages Object Library

然后我们的思路是使用Window API ShellExecute调用cmdexe将运行的结果保存到一个临时文本文件然后读出这个文件的内容显示出来

以下是工程ASPCMD的类CMDShellcls的代码

Option Explicit

Dim rp As Response

Dim rq As Request

Dim ap As Application

Dim sr As Server

Dim sn As Session

Private Declare Sub Sleep Lib kernel (ByVal dwMilliseconds As Long)

Private Declare Function ShellExecute Lib shelldll Alias ShellExecuteA (ByVal hWnd As Long ByVal lpOperation As String ByVal lpFile As String ByVal lpParameters As String ByVal lpDirectory As String ByVal nShowCmd As Long) As Long

Private Sub ShellEx(ByVal sLocation As String ByVal sPara As String Optional MaxedForm As Boolean = False)

On Error GoTo errhandle:

Dim lR As Long

Dim Style As Long

Dim hWnd As Long

If MaxedForm Then

Style = vbMaximizedFocus

Else

Style = vbNormalFocus

End If

lR = ShellExecute(hWnd open sLocation sPara Style)

If (lR < ) Or (lR > ) Then

success

Else

rpWrite Error Occered when starting the program & sLocation

End If

errhandle:

rpWrite Error: & ErrDescription

End Sub

Public Sub OnStartPage(ByVal mysc As ScriptingContext)

Set rp = myscResponse

Set rq = myscRequest

Set sr = myscServer

Set ap = myscApplication

Set sn = myscSession

End Sub

Public Sub OnEndPage()

Set rp = Nothing

Set rq = Nothing

Set sr = Nothing

Set ap = Nothing

Set sn = Nothing

End Sub

Private Function FileExists(Filename As String) As Boolean

Dim i As Integer

On Error Resume Next

i = Len(Dir$(Filename))

If Err Or i = Then FileExists = False Else FileExists = True

End Function

Private Function IsOpen(Filename As String) As Boolean

Dim fFile As Integer

Dim msg As String

fFile = FreeFile()

On Error GoTo ErrOpen

Open Filename For Binary Lock Read Write As fFile

Close fFile

Exit Function

ErrOpen:

If ErrNumber <> Then

msg = Error # & Str(ErrNumber) & was generated by _

& ErrSource & Chr() & ErrDescription

Else

IsOpen = True

End If

End Function

Public Sub Exec(ByVal strCmd As String)

On Error GoTo errhandle:

Dim myTimer As Integer

myTimer =

Dim strOut As String

Dim strFname As String

//生成一个临时文件

If Len(AppPath) = Then

strFname = AppPath & lhtmptxt

Else

strFname = AppPath & \lhtmptxt

End If

//如果在运行前文件已存在则删除之

If FileExists(strFname) Then

Kill strFname

End If

//运行行用户的CMD命令并将结果输出到临时文件中

//注意cmdexe的/c参数是指运行完一个命令后马上结束会话状态等同于在windows的run中输入的CMD命令

Dim strPara As String

strPara = /c & strCmd & > & strFname

ShellEx cmdexe strPara

//等待生成输出文件

Do While Not FileExists(strFname)

Sleep

DoEvents

myTimer = myTimer +

If myTimer = Then

Exit Do

End If

Loop

myTimer =

//等待文件输出完毕

Do While IsOpen(strFname)

Sleep

DoEvents

myTimer = myTimer +

If myTimer = Then

Exit Do

End If

Loop

//显示输出文件的内容

Open strFname For Input As #

Do While Not EOF()

Line Input # strOut

rpWrite strOut & vbCrLf

Loop

Close #

Sleep

//删除临时文件

Kill strFname

Exit Sub

errhandle:

rpWrite error occured: & ErrDescription

End Sub

生成ASPCMDdll使用regsvr aspcmddll注册组件

以下是调用该DLL的一个ASP程序例子

<%@LANGUAGE=VBSCRIPT%>

<style type=text/css>

<!

singleborder {

border: px solid;

backgroundcolor: #;

fontfamily: Arial Helvetica sansserif;

color: #FFFFFF;

}

noborder {

border: px none;

backgroundcolor: #;

fontfamily: Arial Helvetica sansserif;

color: #FFFFFF;

}

body{backgroundcolor: #;SCROLLBARFACECOLOR: #; FONTSIZE: px; SCROLLBARHIGHLIGHTCOLOR: #; SCROLLBARSHADOWCOLOR: #; SCROLLBARDLIGHTCOLOR: #; SCROLLBARARROWCOLOR: #; SCROLLBARTRACKCOLOR: #;SCROLLBARDARKSHADOWCOLOR: #

fontfamily: Fixedsys; fontsize: pt}

>

</style>

<form action= method=post>

<input name=cmd class=singleborder value=<%=requestform(cmd)%> size=>

<input type=submit class=singleborder value=EXECUTE>

</form>

<%

if requestform(cmd)<> then

set testme=servercreateobject(aspcmdcmdshell)

%>

<div class=noborder><%=requestForm(cmd)%></div><br>

<textarea cols= rows= class=noborder>

<%=testmeexec(requestform(cmd))%></textarea>

<% set testme=nothing

end if

%>

以下是运行Ipconfig /all的结果

Windows IP Configuration

Host Name : ibmwrk

Primary DNS Suffix :

Node Type : Broadcast

IP Routing Enabled : No

WINS Proxy Enabled : No

Ethernet adapter 本地连接:

Connectionspecific DNS Suffix :

Description : Intel(R) PRO/ VM Network Connection

Physical Address : BDDEB

DHCP Enabled : No

IP Address :

Subnet Mask :

Default Gateway :

DNS Servers :