WSO ASPX is the legendary priv8 web shell designed for .NET-based Windows servers. Trusted by red teams, exploit researchers, and pentest professionals for over a decade, this tool delivers full-stack post-exploitation power in one slick interface.
🔥 Features at a Glance
- Command Execution: Multiple command execution engines (
cmd.exe, Win32 API, WSH), choose the best bypass for any locked-down environment. - File Manager: Advanced file & directory browser with full create, upload, edit, download, cut, copy, paste, delete, rename, and permissions control.
- Persistence & Registry: View, edit, and manipulate Windows Registry. Clone file timestamps for anti-forensics, drop persistence easily.
- SQL Management: Execute SQL queries and xp_cmdshell directly over MSSQL, even escalate from db-level access to OS shell.
- Process & User Management: Live process list (WMI, System.Diagnostics), enumerate users, view active sessions, enumerate Windows event logs.
- Network Tools: Integrated port scanner, server variable/environment dump, IIS info spy, and more.
- Clean UI, Multi-language, Obfuscated Code: All-in-one panel, hidden and lightweight, designed to bypass most WAFs and AV solutions.
👽 Typical Workflow
- Upload WSO ASPX to any writable directory on the target IIS/Windows server.
- Login with your secret pass (add HTTP authentication for OPSEC).
- Explore directories, search for sensitive files, download configs, plant persistence, or upload your malware.
- Escalate: Try all command execution engines—if
cmd.exefails, switch to Win32 API or WSH! - Dump users, scan ports, clone or edit files, clear event logs, wipe traces.
- When finished, delete the shell or overwrite its content from the UI.
