The Wayback Machine - https://web.archive.org/web/20220417210209/https://github.com/samratashok/nishang/issues/17
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Antak Stealth Request #17

Closed
noncetonic opened this issue May 18, 2015 · 5 comments
Closed

Antak Stealth Request #17

noncetonic opened this issue May 18, 2015 · 5 comments
Assignees
@samratashok
Labels
enhancement

Comments

@noncetonic
Copy link

@noncetonic noncetonic commented May 18, 2015

Would it be a possible to incorporate a check for a POST variable matching a certain string and otherwise serve up a 404 error? Something similar to the following

<%--Antak - A Webshell which utilizes powershell.--%>

<script Language="c#" runat="server">
if (Request.Form["language"] != "whatever")
{
    context.Response.StatusCode = 404;
    context.Response.End();
    return;
}
else

{
 ...rest of code...
}
@samratashok samratashok self-assigned this May 19, 2015
@samratashok
Copy link
Owner

@samratashok samratashok commented May 19, 2015

Interesting suggestion! What if I implement authentication in place of this? Wouldn't that be better/easier to use?
@noncetonic
Copy link
Author

@noncetonic noncetonic commented May 19, 2015

Authentication would be nice as well, I was just thinking that it'd be nice to first check for the existence of the POST variable to keep snooping admins from thinking there is anything at the requested location unless they actually view the file on the server itself.
@samratashok
Copy link
Owner

@samratashok samratashok commented May 19, 2015

Noted! I would try and see what could be done. Authentication would be implemented as well.
@samratashok
Copy link
Owner

@samratashok samratashok commented Jul 23, 2015

Some changes to Antak have been made. Will commit the changes after an upcoming preso at Blackhat.
samratashok added a commit that referenced this issue Aug 19, 2015
@samratashok
Antak can now execute SQL queries. Closes Issue #17
b0055e9 
This updated adds ability to execute SQL queries to Antak and adds
simple authentication to restrict access to it. It also closes Issue
#17.
@samratashok
Copy link
Owner

@samratashok samratashok commented Aug 19, 2015

Authentication is required to access Antak. That is all to be added for now.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement
2 participants
@noncetonic @samratashok