ASPX Gh0st Executor is a powerful web shell to execute system commands, read and delete files. This tool is secured with password authentication.
Tested on Microsoft Windows Server 2016 Standard (Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.8.4700.0)
- Command Execution: Run system commands directly from the browser.
- File Deletion: Delete specific files or folders within the current working directory.
- File Reading: View the content of any file in the active directory.
- Password Protection: Requires an authentication parameter (
exec=ghost) to access.
- Download the
gh0st.aspxfile. - Upload it to your web server (e.g.,
/inetpub/wwwroot/or any accessible directory).
Go to: http://yourwebsite.com/gh0st.aspx?exec=ghost
Replace ghost with the correct password set in the script. If you do not enter or the password is incorrect in the parameters, it will look like below
- Enter a system command in the command input field.
- Click "Execute" to run the command.
- The output will be displayed in a textarea.
- Unauthorized users attempting to access without the correct password will see a 404 Not Found error.
- The tool runs under the IIS worker process, which may have restricted privileges. If a command fails, check permissions.
- Use this tool for legal and authorized purposes only.
- Running commands can be dangerous if misused. Only use it if you know what you're doing.
- The author is not responsible for any misuse or damage caused by this tool.
- Ensure that your server is secured to prevent unauthorized access.