ASP code for msfpayload

[pl4f0rd]

Ive uploaded a metasploit payload to a iis webserver in the Scripts directory currently I am executing the script directly from the browser, which in turn is causing me problems.  Any one got any ideas how I can create a dummy asp page which in turn executes my payload which will run server side

[ande]

If you managed to send a payload with metasploit, you should have had shell access already. So obviously you didn't, or the exploit was not a remote execution exploit. And there is no such thing as running the script directly from the browser, all ASP code is server side and server side only.

[pl4f0rd]

Well yeah I got a shell however it's unprivileged and running as IUSR,  I uploaded the exe and to the web server and I navigate to it and manually click on the exe which in turn loads me up a shell via the multi/handler. 


The meterpreter shell times out, cant getsystem, or sysinfo or drop into a shell.


The exe is not asp it's clicked on directly in the Scripts directory and loaded as an exe.


I need an asp page that loads the exe by it's self without me clicking on it., So for example the user navigates to site and the exe is executed. 

[FuyuKitsune]

I would imagine that it would be launched with same privileges either way.

I just pulled this crap off Google. It requires Windows Scripting Host but seeing as there's a script directory you should be able to do this.

Code: [Select]

<%
     set objName = CreateObject("WScript.Shell")
     objName.run("c:\file.bat",0,false)
%>
http://msdn.microsoft.com/en-us/library/d5fk67ky

Make an ASP page, toss that in, run page.

[pl4f0rd]

Cheers, I will give it a whirl