Follow us on Twitter!
Understanding is the answer, hatred is the problem, and hackers are the slaves abused and destroyed in the process of peace online - Deshouleres
Saturday, April 19, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 34
Guests Online: 34
Members Online: 0

Registered Members: 82831
Newest Member: FL4SHC0D3R
Latest Articles
View Thread

HellBound Hackers | Computer General | Hacking in general

Author

Shell upload aspx site.

haklite
Member



Posts: 50
Location: A node too far
Joined: 11.09.06
Rank:
Apprentice
Posted on 11-06-12 21:10
Hi All,
Just wondering if anyone can help with getting a shell uploaded into an apsx website. Strictly legit of course, problem is, can uploaded text files, and htm etc, but cant seem to get the aspx shell file in there, tried to alter the file type and name with burp proxy, and tried altering th file type/name before shell upload, but its stripped out by some antivirus on the server side.

Just wondering any other tricks people know of? There is also no option to alter the filename once up, tried that one too Grin

Thanks


i949.photobucket.com/albums/ad331/H4KL1T3/Untitled.gif

In the words of DR-K
"When people asked me why I hacked, I had a standard response: Because its there.Because I can.Because its fun."

Author

RE: Shell upload aspx site.

goluhaque
Member



Posts: 197
Location: India
Joined: 17.02.10
Rank:
Apprentice
Warn Level: 30
Posted on 12-06-12 06:22
haklite wrote:
Hi All,
Just wondering if anyone can help with getting a shell uploaded into an apsx website. Strictly legit of course, problem is, can uploaded text files, and htm etc, but cant seem to get the aspx shell file in there, tried to alter the file type and name with burp proxy, and tried altering th file type/name before shell upload, but its stripped out by some antivirus on the server side.

Just wondering any other tricks people know of? There is also no option to alter the filename once up, tried that one too Grin

Thanks


I have never done this, and I don't know anything about it in detail, but a friend uploaded a shell hidden in a img file once, and gained access to the temp folder on that site, where the images were stored. You could try that.


That applause I receive from y'all on posting this post would have gotten me drunk on power if I hadn't already been high on life.
Author

RE: Shell upload aspx site.

haklite
Member



Posts: 50
Location: A node too far
Joined: 11.09.06
Rank:
Apprentice
Posted on 12-06-12 22:44
Hi, thanks for coming back to me Grin
Well, I had to encode certain parts of the script
to get it up there, but I got it up there all the same in the end, and access outside web root also, Jackpot! XD



i949.photobucket.com/albums/ad331/H4KL1T3/Untitled.gif

In the words of DR-K
"When people asked me why I hacked, I had a standard response: Because its there.Because I can.Because its fun."

Author

RE: Shell upload aspx site.

Mb0742
Member



Posts: 198
Location:
Joined: 26.11.07
Rank:
Apprentice
Posted on 28-06-12 05:19
Never heard of a burp proxy. Learn something new everyday I guess.

My fav inclusion exploit of all time is including the error log. I hope the guy that published it got mad vagoo. Pfft


Mb
javascript:alert("hi")