Testing webshells and the like with MVC and Dot NET Core
Using the webshell
The webshell itself is
MVCShell/Views/Home/Shell.cshtml (for Linux and Mac) and
MVCShell/Views/Home/WinShell.cshtml (for Windows). You can play with it as well by selecting
WinSh3ll on the top menu of the home page. You only need those files for scenarios where you may need a .NET Core or MVC webshell. This will only work with web solutions that run views that are rendered on the server using Razor syntax (files with a
The home page allows you to test LFI with the webshell. I will be adding demos for RFI as well soon.
To get the LFI working the url should look something like this
The above simulates a web page that pulls a partial view from
~/Views/Home/Shell.cshtml. You can simply enter
http://localhost:5000/Home?tpl=~/Views/Home/Shell.cshtml and ommit the
cmd argument, as it will be added for you when entering commands in the shell.
- There needs to be an controller route to the shell you are injecting, so this would be useful in an scenario where you can replace a local file that gets rendered as a partial razor view. I am currently testing for RFI to find ways to elimite this caveat.