> For the complete documentation index, see [llms.txt](https://capcap-1.gitbook.io/capcap/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://capcap-1.gitbook.io/capcap/readme/ctf-modules/vulnerability-assessment/shells-and-payloads/web-shells/asp-.net-web-shells.md).

# ASP / .NET Web Shells

```bash
ls /usr/share/nishang/Antak-WebShell
```

```bash
cp /usr/share/nishang/Antak-WebShell/antak.aspx /home/administrator/Upload.aspx
```

<figure><img src="/files/JdtATGSzcMId0dGewDh1" alt=""><figcaption></figcaption></figure>

customize this

####

#### 1. Core Concepts & Resources

* Ippsec.rocks: A highly recommended search engine for HTB video walkthroughs. You can search for specific techniques (like "aspx") and it provides exact timestamps in Ippsec's videos where that technique is used.
* ASPX (Active Server Page Extended): A file type used by Microsoft's ASP.NET framework. The server processes these files to generate dynamic HTML. Uploading a malicious `.aspx` file gives you direct execution on the underlying Windows OS.

#### 2. What is Antak?

* Origin: Part of the Nishang project (a framework of offensive PowerShell scripts and payloads).
* Location (Kali/Parrot): `/usr/share/nishang/Antak-WebShell/antak.aspx`
* Capabilities: Functions like a PowerShell console directly in your browser. It can execute scripts in memory, encode commands, and handle file uploads/downloads.
* ⚠️ Critical OPSEC Detail: Antak executes each command as a new process. It does not maintain a continuous state like a normal interactive shell. If you set a variable in one command, it may not exist in the next.

#### 3. Setup & Weaponization Strategy

Just like Laudanum, you must modify Antak before deploying it to avoid detection and secure your access.

| **Step**           | **Command / Action**                                                                         | **Why it Matters**                                                              |
| ------------------ | -------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------- |
| 1. Copy            | `cp /usr/share/nishang/Antak-WebShell/antak.aspx /home/tester/Upload.aspx`                   | Always leave the original template untouched.                                   |
| 2. Set Credentials | Edit Line 14: Add a custom User and Password.                                                | Prevents other attackers (or defenders) from finding and using your web shell.  |
| 3. Evade AV        | Strip out ASCII art and extensive comments.                                                  | Static strings and art are easily flagged by basic Antivirus or EDR signatures. |
| 4. Upload          | Use the web app's vulnerable upload feature to drop `Upload.aspx`.                           |                                                                                 |
| 5. Execute         | Navigate to the file path (e.g., `\files\Upload.aspx`), authenticate, and issue PS commands. | Perfect staging ground to download and execute a fully interactive rev          |


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://capcap-1.gitbook.io/capcap/readme/ctf-modules/vulnerability-assessment/shells-and-payloads/web-shells/asp-.net-web-shells.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
