An authenticated ASPX webshell that receives base64-encoded C# code, compiles it server-side, executes it, and returns the output.

This project consists of two components:

• Server (ASPX/C#): A webshell that listens for incoming requests, authenticates clients, decodes base64-encoded C# source code, dynamically compiles it using the .NET runtime, and returns the execution result.
• Client (Python): A simple CLI tool that encodes C# source code in base64, sends it to the server over HTTP, and prints the result.

This setup can be useful for controlled remote code execution scenarios, C2 development, red team tooling, or testing dynamic compilation in ASP.NET environments.

aspx-webshell-executor/ │ ├── server/ │ └── webshell.aspx # The main ASPX page handling authentication and execution │ ├── client/ │ └── executor.py # Python client to encode and send C# code

The server implements a basic authentication mechanism. Each request must include a custom header with a pre-shared token:

Authorization: SHA1(YOUR_SECRET_TOKEN)

You should modify the hardcoded token in both server and client before deploying or testing.

Host webshell.aspx on an IIS server with .NET Framework 4.x support.

Example default location:

http:///webshell.aspx

Ensure that the ASP.NET runtime has permission to compile and run dynamic code.

Install dependencies:

pip install requests

Then run:

python executor.py --url http://<target>/webshell.aspx --token YOUR_SECRET_TOKEN --file payload.cs

    --file: Path to the local C# source code file to send.

    The output from the remote execution will be printed to stdout.

🧪 Example Payload (payload.cs)

using System;
public class Executor {
    public string Run() {
        return "Hello from the server!";
    }
}