Donate to us via Paypal!
Imagination is more valuable than knowledge - Albert Einstein
Thursday, August 13, 2020
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 108
Guests Online: 108
Members Online: 0

Registered Members: 127552
Newest Member: henriettabk60
Latest Articles

View Thread

HellBound Hackers | Computer General | Hacking in general

Author

Shell upload aspx site.

haklite
Member



Posts: 50
Location: A node too far
Joined: 11.09.06
Rank:
Apprentice
Posted on 11-06-12 21:10
Hi All,
Just wondering if anyone can help with getting a shell uploaded into an apsx website. Strictly legit of course, problem is, can uploaded text files, and htm etc, but cant seem to get the aspx shell file in there, tried to alter the file type and name with burp proxy, and tried altering th file type/name before shell upload, but its stripped out by some antivirus on the server side.

Just wondering any other tricks people know of? There is also no option to alter the filename once up, tried that one too Grin

Thanks


i949.photobucket.com/albums/ad331/H4KL1T3/Untitled.gif

In the words of DR-K
"When people asked me why I hacked, I had a standard response: Because its there.Because I can.Because its fun."

Author

RE: Shell upload aspx site.

goluhaque
Member



Posts: 197
Location: India
Joined: 17.02.10
Rank:
Apprentice
Warn Level: 30
Posted on 12-06-12 06:22
haklite wrote:
Hi All,
Just wondering if anyone can help with getting a shell uploaded into an apsx website. Strictly legit of course, problem is, can uploaded text files, and htm etc, but cant seem to get the aspx shell file in there, tried to alter the file type and name with burp proxy, and tried altering th file type/name before shell upload, but its stripped out by some antivirus on the server side.

Just wondering any other tricks people know of? There is also no option to alter the filename once up, tried that one too Grin

Thanks


I have never done this, and I don't know anything about it in detail, but a friend uploaded a shell hidden in a img file once, and gained access to the temp folder on that site, where the images were stored. You could try that.


That applause I receive from y'all on posting this post would have gotten me drunk on power if I hadn't already been high on life.
Author

RE: Shell upload aspx site.

haklite
Member



Posts: 50
Location: A node too far
Joined: 11.09.06
Rank:
Apprentice
Posted on 12-06-12 22:44
Hi, thanks for coming back to me Grin
Well, I had to encode certain parts of the script
to get it up there, but I got it up there all the same in the end, and access outside web root also, Jackpot! XD



i949.photobucket.com/albums/ad331/H4KL1T3/Untitled.gif

In the words of DR-K
"When people asked me why I hacked, I had a standard response: Because its there.Because I can.Because its fun."

Author

RE: Shell upload aspx site.

Mb0742
Member



Posts: 198
Location:
Joined: 26.11.07
Rank:
Moderate
Posted on 28-06-12 05:19
Never heard of a burp proxy. Learn something new everyday I guess.

My fav inclusion exploit of all time is including the error log. I hope the guy that published it got mad vagoo. Pfft


Mb
javascript:alert("hi")